I am working on a reverse engineering project involving a Hyundai vehicle, in which, by using the CAN Bus Multiplex Trainer tool, I was able to observe and analyze the communication frames exchanged between the diagnostic scanner and the vehicle. This analysis allowed me to identify how communication is established at the protocol level, especially regarding the Diagnostic Session Control service, represented by the service identifier 0x10 within the UDS standard. For example, when the scanner sends a frame such as 0x02 0x10 0x90, it is requesting the electronic control module to switch to a specific diagnostic session, and the module must respond positively with 0x50 0x90, accompanied by additional parameters such as communication timing values. From this type of message, it is also possible to interpret other diagnostic services, such as routine control, reading, or clearing fault codes. Thanks to this practice, it was possible to understand that the scanner does not simply “read faults”; instead, it must first negotiate a valid session with the ECU in order to access more advanced functions. This type of testing is very useful in module emulation processes, diagnostic tool development, and understanding the internal behavior of the CAN network in modern vehicles.
