Unified Diagnostic Services (ISO 14229) security research and testing toolkit.
- Full UDS Implementation: All standard diagnostic services
- Security Access Bypass: Multiple bypass techniques
- Seed-Key Algorithms: Reverse engineering support
- Flash Programming: Read/write ECU memory
- Routine Control: Execute diagnostic routines
- Session Management: Automated session handling
uds-cli --session default # 0x01
uds-cli --session programming # 0x02
uds-cli --session extended # 0x03# Request seed
uds-cli --security-seed --level 1
# Brute force key
uds-cli --bruteforce --level 1 --threads 4
# Use known algorithm
uds-cli --calc-key --algo vw_sa2 --seed 0xDEADBEEF# Dump ECU memory
uds-cli --read-memory 0x00080000 --size 0x10000 -o dump.bin
# Write calibration
uds-cli --write-memory 0x00080000 -i calibration.bin# Extract firmware
uds-cli --upload --address 0x00000000 --size 0x200000
# Flash new firmware
uds-cli --download -i firmware.bin --address 0x00000000- Algorithm identification
- Timing attacks
- Replay protection bypass
- Key generation reverse engineering
# Timing attack
uds-cli --timing-attack --service 0x27
# Session confusion
uds-cli --session-attack
# Diagnostic ID spoofing
uds-cli --spoof-tester-id 0xF1| Transport | Standard | Speed |
|---|---|---|
| CAN 2.0A | ISO 15765-2 | 500 kbps |
| CAN 2.0B | ISO 15765-2 | 500 kbps |
| CAN-FD | ISO 15765-2 | 2/5 Mbps |
| DoIP | ISO 13400 | Ethernet |
| K-Line | ISO 14230 | 10.4 kbps |
- SocketCAN (Linux native)
- J2534 passthru devices
- CANtact / CANable
- Vector CANalyzer
- PEAK PCAN-USB
For authorized security research only. Modifying vehicle ECUs may void warranties and violate regulations.
MIT License - Part of NullSec Linux v5.0
Discord: discord.gg/killers