Robert Bosch VIMA01 Users Manual

FCC ID: LXP-VIMA01 (IC: 2298A-VIMA01) Report No. M070149_Cert_Immobiliser

APPENDIX H

USER MANUAL

EMC Technologies Pty Ltd – 176 Harrick Road, Keilor Park VIC 3042 Australia

www.emctech.com.au

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 1 of 49

F005VP0801

Drawn

Checked

Approved

RBAU-EB/EBS2-JL 03/10/06

RBAU-EB/EBS2-VA 03/10/06

RBAU-EB/EBS2 03/10/06

By Date Signature

1. ALTERATION LIST

Issue

No.

Alteration Number, Description

Valid From

By Checked

1.0 New Specification for ABIC1 Solution 03/10/06 EBS2/JL

“WARNING: ANY CHANGES OR MODIFICATIONS NOT EXPRESSIVELY APPROVED BY ROBERT BOSCH (AUSTRALIA) PTY LTD COULD VOID THE USER’S AUTHORITY TO OPERATE THIS EQUIPMENT.

THIS DEVICE COMPLIES WITH PART 15 OF THE FCC RULES. OPERATION IS SUBJECT TO THE FOLLOWING TWO CONDITIONS: (1) THIS DEVICE MAY NOT CAUSE HARMFUL INTERFERENCE, AND (2) THIS DEVICE MUST ACCEPT ANY INTERFERENCE RECEIVED, INCLUDING INTERFERENCE THAT MAY CAUSE UNDESIRED OPERATION.

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 2 of 49

F005VP0801

TABLE OF CONTENTS

1. ALTERATION LIST..........................................................................................................................................................1

2. TABLE OF CONTENTS....................................................................................................................................................2

3. APPLICABLE DOCUMENTS ..........................................................................................................................................5

4. INTRODUCTION...............................................................................................................................................................5

4.1.1 Immobiliser Background..........................................................................................................................................5

4.1.1.1 Model : Proposed Smartra3................................................................................................................................................5

4.1.2 Document description...............................................................................................................................................6

4.1.3 Diagram: Smartra communications interfaces........................................................................................................6

4.2 EMS TO SMARTRA COMMUNICATIONS DESCRIPTION (OSI MODEL):............................................................................. 7

4.2.1 Diagram: OSI model................................................................................................................................................7

4.2.1.1 Requirements from customer.............................................................................................................................................8

4.2.2 Proposed Solution....................................................................................................................................................8

4.2.3 Diagram Showing Proposed Design:.......................................................................................................................8

4.2.4 States of the smartra.................................................................................................................................................9

4.2.4.1 State transition Diagram:...................................................................................................................................................9

4.2.4.1.1 States:............................................................................................................................................................................9

4.2.4.1.2 State Transitions:..........................................................................................................................................................9

4.2.5 System security.......................................................................................................................................................10

4.2.6 Secret Encryption Key (SEK) Learning..................................................................................................................10

4.2.6.1 Diagram: Secret Key learning flow .................................................................................................................................10

4.3 ASSUMPTIONS MADE...................................................................................................................................................12

4.4 REFERENCES................................................................................................................................................................12

5. MESSAGE STRUCTURE BETWEEN EMS AND SMARTRA ..................................................................................13

5.1.1 Data Packet Breakdown.........................................................................................................................................13

5.2 06H - ACKNOWLEDGE..................................................................................................................................................14

5.3 53H - SOFTWARE VERSION. .........................................................................................................................................14

5.4 4BH - TRANSPONDER IDE (PRE ID MATCHING) .........................................................................................................15

5.4.1 0x4B – (Existing) Pre Secret Encryption Key – kept for backwards compatibility................................................15

5.4.2 0x4B – New – Secret Encryption Key – with Encryption check.............................................................................15

5.5 41H - TRANSPONDER AUTHENTICATION......................................................................................................................16

5.6 57H - TRANSPONDER WRITE EEPROM PAGE. ............................................................................................................16

5.7 52H - TRANSPONDER READ EEPROM PAGE...............................................................................................................16

5.8 4EH – NEUTRALISE A [LEARNT] SMARTRA..................................................................................................................17

5.9 54H – TEACH SMARTRA...............................................................................................................................................17

5.10 15H - NEGATIVE RESPONSES........................................................................................................................................18

6. MESSAGE FLOW BETWEEN EMS, SMARTRA AND TRANSPONDER...............................................................19

6.1 BACKGROUND .............................................................................................................................................................19

6.1.1 Starting Communications.......................................................................................................................................19

6.1.2 Stopping Communications......................................................................................................................................19

6.1.3 (Re)Teaching Mode................................................................................................................................................19

6.1.3.1 Diagram: Explaining how to read message flow diagrams..............................................................................................19

6.2 MESSAGE FLOW 1 - NORMAL OPERATION ...................................................................................................................20

6.2.1.1 Message Sequence...........................................................................................................................................................20

6.2.1.2 Message Flow Detail .......................................................................................................................................................20

6.2.2 Message Flow Diagram:........................................................................................................................................20

6.3 MESSAGE FLOW 2 – TWICE IG ON OR AUTHENTICATION MODE..................................................................................21

6.3.1.1 Message Sequence...........................................................................................................................................................21

6.3.1.2 Message Flow Detail .......................................................................................................................................................21

6.3.2 Message Flow Diagram:........................................................................................................................................21

6.4 MESSAGE FLOW 3 – TWICE IG ON OR AUTHENTICATION MODE..................................................................................22

6.4.1.1 Message Sequence...........................................................................................................................................................22

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

6.4.1.2 Message Flow Detail .......................................................................................................................................................22

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 3 of 49

F005VP0801

6.4.2 Message Flow Diagram:........................................................................................................................................22

6.5 MESSAGE FLOW 4 - TWICE IG ON OR AUTHENTICATION MODE ..................................................................................23

6.5.1.1 Message Sequence...........................................................................................................................................................23

6.5.1.2 Message Flow Detail .......................................................................................................................................................23

6.5.2 Message Flow Diagram:........................................................................................................................................23

6.6 MESSAGE FLOW 5 - TWICE IG ON OR AUTHENTICATION MODE ..................................................................................24

6.6.1.1 Message Sequence...........................................................................................................................................................24

6.6.1.2 Message Flow Detail .......................................................................................................................................................24

6.6.2 Message Flow Diagram:........................................................................................................................................24

6.7 MESSAGE FLOW 6 - TWICE IG ON OR AUTHENTICATION MODE ..................................................................................25

6.7.1.1 Message Sequence...........................................................................................................................................................25

6.7.1.2 Message Flow Detail .......................................................................................................................................................25

6.7.2 Message Flow Diagram:........................................................................................................................................25

6.8 MESSAGE FLOW 7 - TWICE IG ON OR AUTHENTICATION MODE ..................................................................................26

6.8.1.1 Message Sequence...........................................................................................................................................................26

6.8.1.2 Message Flow Detail .......................................................................................................................................................26

6.8.2 Message Flow Diagram:........................................................................................................................................26

6.9 MESSAGE FLOW 8 – TWICE IG ON OR AUTHENTICATION MODE..................................................................................27

6.9.1.1 Message Sequence...........................................................................................................................................................27

6.9.1.2 Message Flow Detail .......................................................................................................................................................27

6.9.2 Message Flow Diagram:........................................................................................................................................27

6.10 MESSAGE FLOW 9 – TWICE IG ON OR AUTHENTICATION MODE..................................................................................28

6.10.1.1 Message Sequence ...........................................................................................................................................................28

6.10.1.2 Message Flow Detail .......................................................................................................................................................28

6.10.2 Message Flow Diagram:....................................................................................................................................28

6.11 MESSAGE FLOW 10 – MISSING TRANSPONDER ............................................................................................................29

6.11.1.1 Message Sequence ...........................................................................................................................................................29

6.11.1.2 Message Flow Detail .......................................................................................................................................................29

6.11.2 Message Flow Diagram:....................................................................................................................................29

6.12 MESSAGE FLOW 11 - TRANSPONDER TEACHING OR RETEACHING MODE ....................................................................30

6.12.1.1 Message Sequence ...........................................................................................................................................................30

6.12.1.2 Message Flow Detail .......................................................................................................................................................30

6.12.2 Message Flow Diagram:....................................................................................................................................30

6.13 MESSAGE FLOW 12 - TRANSPONDER TEACHING OR RE-TEACHING MODE...................................................................31

6.13.1.1 Message Sequence ...........................................................................................................................................................31

6.13.1.2 Message Flow Detail .......................................................................................................................................................31

6.13.2 Message Flow Diagram:....................................................................................................................................31

6.14 MESSAGE FLOW 13 – TRANSPONDER TEACHING OR RE-TEACHING MODE ..................................................................32

6.14.1.1 Message Sequence ...........................................................................................................................................................32

6.14.1.2 Message Flow Detail .......................................................................................................................................................32

6.14.2 Message Flow Diagram:....................................................................................................................................32

6.15 MESSAGE FLOW 14 – TRANSPONDER TEACHING OR RE-TEACHING MODE ..................................................................33

6.15.1.1 Message Sequence ...........................................................................................................................................................33

6.15.1.2 Message Flow Detail .......................................................................................................................................................33

6.15.2 Message Flow Diagram:....................................................................................................................................33

6.16 MESSAGE FLOW 15 – TRANSPONDER TEACHING OR RE-TEACHING MODE ..................................................................34

6.16.1.1 Message Sequence ...........................................................................................................................................................34

6.16.1.2 Message Flow Detail .......................................................................................................................................................34

6.16.2 Message Flow Diagram:....................................................................................................................................34

6.17 MESSAGE FLOW 16: – TRANSPONDER TEACHING OR RE-TEACHING MODE .................................................................35

6.17.1.1 Message Sequence ...........................................................................................................................................................35

6.17.1.2 Message Flow Detail .......................................................................................................................................................35

6.17.2 Message Flow Diagram:....................................................................................................................................35

6.18 MESSAGE FLOW 17: –MISS-MATCHED SECRET KEY.....................................................................................................36

6.18.1.1 Message Sequence ...........................................................................................................................................................36

6.18.1.2 Message Flow Detail .......................................................................................................................................................36

6.18.2 Message Flow Diagram:....................................................................................................................................36

6.19 MESSAGE FLOW 18: – OLD EMS WITH A NEW LEARNT SMARTRA ...............................................................................37

6.19.1.1 Message Sequence ...........................................................................................................................................................37

6.19.1.2 Message Flow Detail .......................................................................................................................................................37

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 4 of 49

F005VP0801

6.19.2 Message Flow Diagram:....................................................................................................................................37

6.20 MESSAGE FLOW 19: – OLD EMS WITH A VIRGIN SMARTRA.........................................................................................38

6.20.1.1 Message Sequence ...........................................................................................................................................................38

6.20.1.2 Message Flow Detail .......................................................................................................................................................38

6.20.2 Message Flow Diagram:....................................................................................................................................38

6.21 MESSAGE FLOW 20: – OLD SMARTRA WITH A NEW EMS ............................................................................................39

6.21.1.1 Message Sequence ...........................................................................................................................................................39

6.21.1.2 Message Flow Detail .......................................................................................................................................................39

6.21.2 Message Flow Diagram:....................................................................................................................................39

6.22 SUMMARY TABLES : MESSAGE FLOW SUMMARY ........................................................................................................40

6.22.1 Table: Normal Message Flow............................................................................................................................40

6.22.2 Table: Twice IG ON or Authentication..............................................................................................................40

6.22.3 Table: All modes missing transponder...............................................................................................................40

6.22.4 Table: Transponder (Re)teaching mode............................................................................................................41

6.22.5 Table: Special cases...........................................................................................................................................41

7. REPLACING OF SYSTEM COMPONENTS................................................................................................................42

7.1 REPLACING THE ENGINE MANAGEMENT SYSTEM (EMS) ECU....................................................................................42

7.1.1 Equipment required to replace the EMS in immo system.......................................................................................42

7.1.2 Process Flow Chart: Replacing Engine Management System EMS ......................................................................43

7.2 REPLACING THE SMARTRA ECU..................................................................................................................................43

7.2.1 Equipment required to replace a Smartra unit in immo system.............................................................................43

7.2.2 Process Flow Chart : Replacing Smartra..............................................................................................................44

7.3 REPLACING KEYS (TRANSPONDERS)............................................................................................................................44

7.3.1 Process Flow Chart : Replacing/Adding Keys.......................................................................................................44

7.4 REPLACING ANTENNA .................................................................................................................................................44

8. DIAGNOSTIC TESTER REQUIREMENTS.................................................................................................................45

8.1.1 Diagnostic Tester Introduction ..............................................................................................................................45

8.1.2 The Diagnostics tester interface diagram:.............................................................................................................45

8.1.3 Programming Diagnostic PIN Number DPN (on the Smartra).............................................................................45

8.1.3.1 Message Flow Diagram (Programming Diagnostic PIN – both Smartra and EMS)........................................................46

8.1.3.2 Message Flow Diagram (Programming Diagnostic PIN – EMS......................................................................................46

8.1.3.3 Message Flow Diagram (Programming Diagnostic PIN – Smartra)................................................................................47

8.1.4 Aftermarket PIN number sequence: .......................................................................................................................47

8.1.5 Changing Diagnostic PIN Number (DPN) on Smartra..........................................................................................47

8.1.6 Accessing diagnostic functions...............................................................................................................................48

8.1.6.1 Message Flow Diagram (Changing State – correct PIN).................................................................................................48

8.1.6.2 Message Flow Diagram (Changing Smartra State – in-correct PIN)...............................................................................49

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 5 of 49

2. APPLICABLE DOCUMENTS

Applicable Standards Title

F005VP0800 HMC SMARTRA 3 Product Spec F005VP0702 HMC SMARTRA 3 Engineering Test Spec F005VP0703 HMC SMARTRA 3 Production Test Spec F005VS0115 HMC SMARTRA 3 Sales Drawing

F005VP0801

3. INTRODUCTION

3.1.1 Immobiliser Background

The Smartra3 immobiliser unit, known as the SMARt TRansponder Antenna (SMARTRA) will need to be updated as a result of new requirements. The SMARTRA3 will be an update of an existing product.

The existing immobiliser system consisted of a passive challenge-response (mutual authentication) transponder inside the key head and the SMARTRA unit. The SMARTRA communicates to a Control Unit (CU) via a dedicated communications line.

3.1.1.1 Model : Proposed Smartra3

This design will use a different microcontroller with on board non-volatile memory and combined voltage regulator and LIN transceiver system basis chip.

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 6 of 49

F005VP0801

3.1.2 Document description

This document shall focus on the communications protocol between the Smartra and the Engine Management System (EMS). The existing protocol has been used with two new messages added and existing messages modified. The changes are required due to additional customer requirements.

The document shall present:

• Project background, requirements and proposed design.

• Message Structure between the EMS and Smartra.

• Message Flow charts: EMS to Transponder (via Smartra) considering different device states.

• Replacing immobiliser system components

• Diagnostic tester interface.

3.1.3 Diagram: Smartra communications interfaces

Transponder Smartra

Low Frequency

w ireless link

125kHz ASK

single wire

asynch bi-dir

comms

4800baud

This docume nt

focusses on Smartra

to EMS interface

EMS

(comms master)

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 7 of 49

F005VP0801

3.2 EMS to Smartra Communications Description (OSI model):

The communications between the EMS and the Smartra can be better described using the 7 layer OSI model. The below diagram shows different levels of the interface in reference to the OSI model. It describes the Physical layer the Data Link Layer and the Application Layer.

3.2.1 Diagram: OSI model

Application

Layer

Presentation

Layer

Session

Layer

Transport

Layer

Network

Layer

Data Li nk

Layer

Physical

Layer

EM S Action Messages:

06h (ACK) Acknowledge 53h (ASCII 'S') Software version 4Bh (ASCII 'K') Transponder I DE * 41h (ASCII 'A') Transponder Authentication (Additional info for I D Matching) 57h (ASCII 'W') Transponder Write EEPROM page 52H (ASCII 'R') Transponder Read EEPROM page 4Eh (ASCII ‘N’) Neutralise a Taught Smartra ** 54h (ASCII ‘T’) Teach Smartra ** 15h (ASCII nak) Negative response *

For every me ssage sent to the SMARTRA from the CU there w ill be a response from the SMARTRA unit. Only one command can be sent at a time to the SMARTRA unit.

A negative response to any command is possibl e . * - modif ied message ** - new message

The protocol between the Control Unit (CU) and the SMARTRA is defined as :-

Address Length Action Data CS

The protocol between the SMARTRA and the CU is defined as :-

1 start bit-low, 8 data bits, no parity, 2 stop bits-high.

Idle Start

Address Length Data CS

Data

Bit 1

8 bits

S top bit

2 bits

Idle

Dedicated single wire bet ween Immobiliser and Contr ol Unit. Bi-directional

Asynchronous

Communications @ 4800 baud

Logic Low = 0 V, Logic High = 12V, Idle State High

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 8 of 49

F005VP0801

3.2.1.1 Requirements from customer

Requirements for the new Smartra:

• automobile to be Thatcham Compliant to withstand attack on car for >300secs.

• Product required to be backward compatible with existing system.

Current system :

• Engine Management System (EMS) ECU can be replaced easily and car can be started <300secs

with matching transponders.

• Smartra is transparent ie. passes messages to and from the EMS and transponder (no memory).

3.2.2 Proposed Solution

• To meet new customer requirements the EMS and the Smartra shall be matched together using the

same Secret Encryption Key (SEK).

• The Secret Encryption Key (SEK) is generated and taught to the Smartra and EMS at the OEM end

of line tester.

• The EMS and Smartra will generate the Secret Encryption Key (SEK) from a common 9 byte

Diagnostic PIN Number (DPN) unique for each car (ie. use 6 bytes from Diagnostic PIN Number (DPN)). See section 3.2.6.

• The Secret Encryption Key (SEK) will be used during all communications between the EMS and the

Smartra to ensure that the EMS and Smartra are matched.

• To test if the units are matched:

o The EMS generates a Random Number and passes to the Smartra.

o Smartra encrypts the Random Number using the Secret Encryption Key(SEK) and passes

back the encrypted value to the EMS.

o EMS encrypts the random number using its Secret Encryption Key(SEK) and then evaluates

if the Smartra response is the same as the EMS encryption.

• Thieves need to replace the EMS, Smartra and Transponder to steal the car. The Smartra shall be

placed in a difficult to get to position in the car (increase time to replace).

3.2.3 Diagram Showing Proposed Design:

SM ARTRA

transponder

LF interface

Issue Number:

1.0 Dev No. 3881

Automobile Assy

Single Wire

Comms

Valid from:

EMS

Single Wire

14/2/06

Comms

Diagnostic

Tester

Securit y Pin No. to access the

EM S and Smartra

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 9 of 49

F005VP0801

3.2.4 States of the smartra

With the new proposed Design the Smartra shall have 3 states ([Virgin] and [Neutral] states behave the same).

3.2.4.1 State transition Diagram:

Learnt

(follows new

protocol-

Smartra3)

Neutral

(follows old

protocol-

Smartra2)

Virgin

(follows old

protocol-

Smartra2)

3.2.4.1.1 States: [Virgin] – virgin product after EOL testing.

[Neutral] – part has Diagnostic PIN Number(DPN) and Secret Encryption Key(SEK) cleared using

diagnostic tester so it can go into [Learnt] state again.

[Learnt] – part has been taught a Diagnostic PIN Number(DPN) at the OEM end of line tester or

using diagnostic tester in the field. Secret Encryption Key(SEK) is generated from the Diagnostic PIN Number(DPN). (refer to 3.2.6)

3.2.4.1.2 State Transitions:

1) Smartra is taught the Diagnostic PIN Number(DPN) and generates the Secret Encryption Key(SEK).

2) Diagnostic Tester Places Smartra into Neutral Mode when correct DPN has been entered. * Note : For backwards compatibility a [virgin] or [neutral] Smartra3 will function as a Smartra2 until unit

is placed into [learnt] state.

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

SMARTRA III IMMOBILISER Page 10 of 49

F005VP0801

3.2.5 System security

If a thief replaces the Smartra with a virgin Smartra the car will not start as the virgin Smartra does not match the EMS.

If a thief replaces three components with a matching set (Transponder, Smartra and EMS) then by breaking lock barrel the car can start. The car will start however the period of time to replace the Smartra takes time ie. longer than 5 minutes to pass the Thatcham attack test. Refer to section 3.4 – References.

A thief could steal a car in a short time if they have access to a Diagnostic Tester and a ECU with his corresponding Diagnostic PIN Number (DPN) then the thief can steal the car by:

a. replacing the EMS with a matching EMS and transponder set. b. use Diagnostic Tester to neutralise the Smartra3, using the secure HMC Diagnostic PIN Number

(DPN) of EMS.

c. use Diagnostic Tester to program the new Diagnostic PIN Number (DPN) that matches the thiefs

EMS Diagnostic PIN Number (DPN). The security of the system depends on the security of the DPN.

3.2.6 Secret Encryption Key (SEK) Learning

• The EMS and Smartra will generate the Secret Encryption Key (SEK).

• Secret Encryption Key (SEK) is generated from the first 6 bytes of the 9 byte Diagnostic PIN Number

(DPN).

• The DPN is taught to the Smartra and EMS at the OEM end of line tester or in the field.

• The encryption algorithm requires each of the 6 SEK bytes to be an uneven number between 3 and

253. o Therefore both the EMS and Smartra will use the same function that will check value of PIN

and adjust each byte of the Secret Encryption Key (SEK) accordingly:

• If DPN byte is <3 or >253 then SEK byte = 0x55.

• Else If DPN byte is even then SEK byte = DPN byte – 1.

• Else SEK byte = DPN byte.

3.2.6.1 Diagram: Secret Key learning flow

Transponder

Secret Encrytpion

Key (SEK) (6 bytes)

generated from

Diagnostic PIN Number (DPN)

SM ARTR A

0 xXXXXXXXXXXX

0 xXXXXXXXXXXXXXXXX

Diagnostic PIN (9

bytes) number

stored in eeprom

on Smartra

Automobile Assy

0 xXXXXXXXXXXX

0 xXXXXXXXXXXXXXXXX

Secret Encrytp ion

Key (SEK) (6

bytes) - generated

from Diagnostic

PIN Number (DPN)

EMS

Diagnostic PIN 9

byte number

stored in eeprom

on EMS

Diagnos ti c Test e

0 xXXXXXXXXXXXXXXXX

OEM end of line tester

shall generate a

Diagnostic Security Pin

N umber and pass the

number to the EMS.

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

ROBERT BOSCH

(AUSTRALIA) PTY. LTD.

A.B.N. 48 004 315 628

PROTOCOL SPECIFICATION

F005VP0801

SMARTRA III IMMOBILISER Page 11 of 49

Issue Number:

1.0 Dev No. 3881

Valid from:

14/2/06

Print Date:

28 March, 2007

DEV04205.9/I-1

+ 26 hidden pages

Robert Bosch VIMA01 Users Manual

Specifications and Main Features

Frequently Asked Questions

User Manual