Full OBD Scan tool and FCA Security Bypass Question

JasonInDLH · Jan 11, 2021

So on a Renegade forum I’m on there’s been great discussion of how to bypass the FCA OBD security module. Im curious what all you Do It Yourselfers are using to read and clear all the codes (SRS, ABS, etc...) and how you bypassed the security module?

The Renegade people are talking about installing a Z Automotive bypass module that connects to the FCA module. OR, they’ve mentioned simply unplugging the two FCA security module connectors and connecting them to a 12+8 cable and then connecting that to your OBD scanner.

Apparently the FCA security device on the Renegade is behind a panel under the dash somewhere. Can anyone confirm where it’s located on the JL and if either of the aforementioned methods work?

Thanks!

CarbonSteel · Jan 11, 2021

JasonInDLH said:
So on a Renegade forum I’m on there’s been great discussion of how to bypass the FCA OBD security module. Im curious what all you Do It Yourselfers are using to read and clear all the codes (SRS, ABS, etc...) and how you bypassed the security module?

The Renegade people are talking about installing a Z Automotive bypass module that connects to the FCA module. OR, they’ve mentioned simply unplugging the two FCA security module connectors and connecting them to a 12+8 cable and then connecting that to your OBD scanner.

Apparently the FCA security device on the Renegade is behind a panel under the dash somewhere. Can anyone confirm where it’s located on the JL and if either of the aforementioned methods work?

Thanks!

JasonInDLH · Jan 11, 2021

Awesome! Thanks! That Tazer sure would be useful and has been included on the list of things to get!

Now... what scan tool is everyone using to read and clear codes for these Jeep’s? I have an awesome one for my Yukon that does everything from ABS bleed to reading and clearing all the codes, but unfortunately it provides only basic info for the Jeep.

jeepoch · Jan 11, 2021

Jason,

There are quite a few 'Programers', 'Scanners', or 'Diagnostic' Tools on the market that are all capable of reading Diagnostic Trouble Codes (DTCs). However, any tool that 'writes' information (like clearing these codes) to any one of the On-Board Control Modules, typically the Engine Control Module or (ECM) will require that the Security Gateway Module (SGW) be bypassed.

Generally the purpose of the SGW is to provide a Controller Area Network (CAN) Bus firewall between the interior control communication links with the outside world. Said in another way, the SGW provides a mechanism that anyone, or anything must first authenticate (can prove that they are who they say they are) in order to be able to have their CAN messages received and acted upon. With the SGW installed, only factory approved messages from authorized tools will be allowed.

With the many third-party (unofficial) tool suppliers, the most simple method to communicate over the internal CAN bus is to simply remove this firewall (and bypass the SGW) altogether. In this way, all messages no longer need to be authenticated. The third-party tool can inject whatever messages they care to transmit. They can then emulate most all of the factory functionality without regard to any extra security measures. This bypass approach is indeed how 'most' after market tools do indeed work.

Sure some tool vendors do 'play-by-the-rules' and pay whatever Security License and Registration fees are required to whichever Auto Manufacturer (in this case FCA) in order to be a legally authorized vendor. This access is not trivial or inexpensive because most manufacturers do not foster any type of access beyond what is federally mandated just in order to troubleshoot OBD2 emission specific issues. Therefore, most CAN Bus product vendors take the way more easy and inexpensive route and pirate their way into the control bus via some type of SGW bypass.

Furthermore, the Security Gateway Module is also intended to zone-off the vehicle's internal control communications from it's infotainment environment. Only the Cellular access 'Guardian' type of systems (like GM's OnStar) is intended to have authorized access. This helps keep the nefarious bad-guy 'hackers' out of your vital 'drive-by-wire' control systems, (throttle, brakes, door locks, etc.) from possible remote intrusion.

Clearly if you 'jail-break' your JL with any type of SGW bypass, you are also creating a potential security hole to unfettered internal digital access from the outside world. Some may argue that this cyber security vector is only detrimental with internet-connected (cellular) radios. Unfortunately the low-level trims, base Sports, are typically the only JL's that come standard with a non-internet connected UConnect 3 radio. Every other trim and many optional package Sports have the World-Wide-Web accessable UConnect 4 cellular variants.

So by using any tool that requires that the SGW be bypassed and remain that way also opens your rig up to potential unwanted tampering. Without the SGW, your rig is unfortunately available to anyone able to determine it's radio's MAC address. Trivial to even the almost skilled hacker.

Certainly the probability of that happening is low, but it's clearly not zero. Murphy's Law states that if it can happen, given enough time it will happen. So only you can roll the roulette wheel of chance for whatever it is you want to accomplish on your rig without the SGW plugged in.

For full disclosure, I do own and use the Z Automotive Tazer JL Mini but only use it's Non-Live functions. My SGW is only bypassed to set the tire size, TPMS thresholds and a few other configurations, including reading and/or clearing DTC codes. Otherwise, my SGW always remains plugged in at all times.

Hope this gives you a better idea for what bypassing the Security Gateway Module may accomplish. Unintended consequences or not.

[Edit] Follow up:
Would it be a good thing to have FCA open up it's choke-hold over it's vehicle's calibration space and thus give us consumers direct access to this type of functionality? Some sort of interface that let's us diagnose and troubleshoot our own vehicles or reconfigure controversial systems like ESS or even allow for custom engine performance and horsepower tuning?

Of course any Joe Blow Motorhead who enjoys tinkering on their vehicle would love it.

Unfortunately that pipe-dream would only work in a non-litiguous society. Any one who used those interfaces and then hurt their vehicle or worse indirectly cause an accident, would blame anyone and everyone but themselves.

So all car companies have to take the tact to protect not only their Service revenue streams but also keep their legal liability to an absolute minimum. So they'll continue to design in firewalls and near tamper proof diagnostic access portals. It is after all in their (not your) best intetest.

This however leaves a market niche now open for third-party vendors to find ways to 'bypass' these monopolistic access restrictions and limitations. If there is a demand, someone will always try and monetize a supply. These 'Programmers', 'Scanners' and 'Diagnostic' Tools are the result.

So who is right or wrong? As consumer's we are of course always going to invest in what it is we truly want. Regardless of the unforseen or subtle consequences.

So pick your tools as best you see fit. Sometimes the risk is worth the reward. Right up to the point that it's not.

Only you can make your own risk assessment analysis.

Jay

Rhinebeck01 · Jan 12, 2021

JasonInDLH said:
So on a Renegade forum I’m on there’s been great discussion of how to bypass the FCA OBD security module. Im curious what all you Do It Yourselfers are using to read and clear all the codes (SRS, ABS, etc...) and how you bypassed the security module?

The Renegade people are talking about installing a Z Automotive bypass module that connects to the FCA module. OR, they’ve mentioned simply unplugging the two FCA security module connectors and connecting them to a 12+8 cable and then connecting that to your OBD scanner.

Apparently the FCA security device on the Renegade is behind a panel under the dash somewhere. Can anyone confirm where it’s located on the JL and if either of the aforementioned methods work?

Thanks!

As the "Renegade people" are doing, I have a ZAutomotive bypass module (I no longer run/have a Tazer JL) for bypass, along with an inexpensive OBDll Scan tool,
https://www.amazon.com/dp/B072JF8VZF/ref=cm_sw_r_cp_apa_i_PDw.Fb35RFSEW?_encoding=UTF8&psc=1

By the way, the ZAutomotive bypass module and JSCAN pairing is a go, let's say with the JL and JT. I've used JSCAN on JL's... ZAutomotive's bypass module, can also be daisy chained with a SmartStopStart unit.

For most guys/gals, I'd recommend Tazer JL, as JSCAN is for sure, not as user-friendly, nor does it offer all that Tazer JL does.. Just one example, Tazer JL can deal with ESS and JSCAN cannot so far.

JasonInDLH · Jan 12, 2021

Thanks for the input guys!

I’m aware of this malicious hacking into these FCA vehicles and would only disconnect the security module when needed in the confines of my garage. And then reconnect it when I’m done working on the Jeep. Great tips!

I’ll have to look into that JScan a bit more as it appears it can do everything I’m looking for (crossing my fingers for ABS bleed as I do plan to completely change the brake system). Thanks for recommending this!

golong27 · Jan 12, 2021

The video above makes it look so easy to unplug the connectors to bypass the security gateway. I spent 30 minutes this weekend trying to unplug mine - is there a secret? I pressed the tab to release and could get the connector to unseat but couldn't get a good enough grip on the other side of the connector to pull it.

JasonInDLH · Jan 12, 2021

I haven’t looked at them to see what they look like, but did you try a needle nose pliers?

BlackGenesis · Jan 12, 2021

Hands down, best combo for the money is bypass Cable and OBDJscan app - if you want to change Wrangler options.
For just clearing codes - planty of free apps.
Bypass $24
https://www.amazon.com/dp/B07S91VZXT/ref=cm_sw_r_cp_apa_fabc_LvG.FbNGFP9R3

OBD2 bluetooth $30
https://www.amazon.com/dp/B06XGB4873/ref=cm_sw_r_cp_apa_fabc_cyG.Fb6ZGZBB9?_encoding=UTF8&psc=1

JasonInDLH · Jan 12, 2021

jeepoch said:
Jason,

There are quite a few 'Programers', 'Scanners', or 'Diagnostic' Tools on the market that are all capable of reading Diagnostic Trouble Codes (DTCs). However, any tool that 'writes' information (like clearing these codes) to any one of the On-Board Control Modules, typically the Engine Control Module or (ECM) will require that the Security Gateway Module (SGW) be bypassed.

Generally the purpose of the SGW is to provide a Controller Area Network (CAN) Bus firewall between the interior control communication links with the outside world. Said in another way, the SGW provides a mechanism that anyone, or anything must first authenticate (can prove that they are who they say they are) in order to be able to have their CAN messages received and acted upon. With the SGW installed, only factory approved messages from authorized tools will be allowed.

With the many third-party (unofficial) tool suppliers, the most simple method to communicate over the internal CAN bus is to simply remove this firewall (and bypass the SGW) altogether. In this way, all messages no longer need to be authenticated. The third-party tool can inject whatever messages they care to transmit. They can then emulate most all of the factory functionality without regard to any extra security measures. This bypass approach is indeed how 'most' after market tools do indeed work.

Sure some tool vendors do 'play-by-the-rules' and pay whatever Security License and Registration fees are required to whichever Auto Manufacturer (in this case FCA) in order to be a legally authorized vendor. This access is not trivial or inexpensive because most manufacturers do not foster any type of access beyond what is federally mandated just in order to troubleshoot OBD2 emission specific issues. Therefore, most CAN Bus product vendors take the way more easy and inexpensive route and pirate their way into the control bus via some type of SGW bypass.

Furthermore, the Security Gateway Module is also intended to zone-off the vehicle's internal control communications from it's infotainment environment. Only the Cellular access 'Guardian' type of systems (like GM's OnStar) is intended to have authorized access. This helps keep the nefarious bad-guy 'hackers' out of your vital 'drive-by-wire' control systems, (throttle, brakes, door locks, etc.) from possible remote intrusion.

Clearly if you 'jail-break' your JL with any type of SGW bypass, you are also creating a potential security hole to unfettered internal digital access from the outside world. Some may argue that this cyber security vector is only detrimental with internet-connected (cellular) radios. Unfortunately the low-level trims, base Sports, are typically the only JL's that come standard with a non-internet connected UConnect 3 radio. Every other trim and many optional package Sports have the World-Wide-Web accessable UConnect 4 cellular variants.

So by using any tool that requires that the SGW be bypassed and remain that way also opens your rig up to potential unwanted tampering. Without the SGW, your rig is unfortunately available to anyone able to determine it's radio's MAC address. Trivial to even the almost skilled hacker.

Certainly the probability of that happening is low, but it's clearly not zero. Murphy's Law states that if it can happen, given enough time it will happen. So only you can roll the roulette wheel of chance for whatever it is you want to accomplish on your rig without the SGW plugged in.

For full disclosure, I do own and use the Z Automotive Tazer JL Mini but only use it's Non-Live functions. My SGW is only bypassed to set the tire size, TPMS thresholds and a few other configurations, including reading and/or clearing DTC codes. Otherwise, my SGW always remains plugged in at all times.

Hope this gives you a better idea for what bypassing the Security Gateway Module may accomplish. Unintended consequences or not.

[Edit] Follow up:
Would it be a good thing to have FCA open up it's choke-hold over it's vehicle's calibration space and thus give us consumers direct access to this type of functionality? Some sort of interface that let's us diagnose and troubleshoot our own vehicles or reconfigure controversial systems like ESS or even allow for custom engine performance and horsepower tuning?

Of course any Joe Blow Motorhead who enjoys tinkering on their vehicle would love it.

Unfortunately that pipe-dream would only work in a non-litiguous society. Any one who used those interfaces and then hurt their vehicle or worse indirectly cause an accident, would blame anyone and everyone but themselves.

So all car companies have to take the tact to protect not only their Service revenue streams but also keep their legal liability to an absolute minimum. So they'll continue to design in firewalls and near tamper proof diagnostic access portals. It is after all in their (not your) best intetest.

This however leaves a market niche now open for third-party vendors to find ways to 'bypass' these monopolistic access restrictions and limitations. If there is a demand, someone will always try and monetize a supply. These 'Programmers', 'Scanners' and 'Diagnostic' Tools are the result.

So who is right or wrong? As consumer's we are of course always going to invest in what it is we truly want. Regardless of the unforseen or subtle consequences.

So pick your tools as best you see fit. Sometimes the risk is worth the reward. Right up to the point that it's not.

Only you can make your own risk assessment analysis.

Jay

I see your point here with your edit. Personally, I don’t change any parameters with programmers (although the TPMS threshold and tire size, etc will be helpful). I’m simply my own mechanic and perform all repairs myself and need to see the valuable information provided by the OBD scanner.

golong27 · Jan 12, 2021

I did try needle nose pliers but they don't open wide enough. All the connectors on my jeep are difficult to unseat so I'll figure something out - I end up struggling with the wiring harness for the hardtop every time it take it off.

I am using Jscan.

Rhinebeck01 · Jan 12, 2021

golong27 said:
The video above makes it look so easy to unplug the connectors to bypass the security gateway. I spent 30 minutes this weekend trying to unplug mine - is there a secret? I pressed the tab to release and could get the connector to unseat but couldn't get a good enough grip on the other side of the connector to pull it.

@golong27

Disconnect one cable at a time.

Firmly push the connector in and while hold the connector in, push the connector release tab on the backside of the connector and at the exact same time, pull down on the cable itself.. A little wiggle of the cable you are pulling down also will help the connector free up so to speak.

Do remove the plastic directly under the steering column before you go to do the deed. DO have a bright light under there with you.

IF, if you have a teen Daughter or Son or a willing Wife, have them do for you.. For some reason they seem to just get it done with little effort.... perhaps smaller, nimbler hands.. 8-)

Strongly suggest that you buy and install the SWG Extension Cable that ZAutomotive sells.... install that and no more struggling with the connectors... Were I you, I would order the SWG Extension Cable first and then go back and try the disconnect, versus trying today.
https://www.zautomotive.com/product/sgw-extension-cable/

Jeep Wrangler JL Full OBD Scan tool and FCA Security Bypass Question llll

Shak14 · Feb 12, 2021

BlackGenesis said:
Hands down, best combo for the money is bypass Cable and OBDJscan app - if you want to change Wrangler options.
For just clearing codes - planty of free apps.
Bypass $24
https://www.amazon.com/dp/B07S91VZXT/ref=cm_sw_r_cp_apa_fabc_LvG.FbNGFP9R3

OBD2 bluetooth $30
https://www.amazon.com/dp/B06XGB4873/ref=cm_sw_r_cp_apa_fabc_cyG.Fb6ZGZBB9?_encoding=UTF8&psc=1

What kind of things are you doing with this combo? I want to be able to change tire settings and DRL settings. Does it shut down ESS?

BlackGenesis · Feb 13, 2021

Shak14 said:
What kind of things are you doing with this combo? I want to be able to change tire settings and DRL settings. Does it shut down ESS?

I reset my airbag module (airbag light), changed tire size/spedo calibration and played with DRLs setting and fog light settings, lowered my tire pressure warning to show up once tire pressure is dropped below 20psi (instead of 32 ).

Rhinebeck01 · Feb 13, 2021

@Shak14

Do not skimp in regard to the OBD2 Bluetooth Scanner if you opt to go JSCAN.

JSCAN recommends this scanner for use with the JL and JT. Yes, more expensive but...

Other scanners will work but are slower and more ... slowness can be an issue when you are doing settings.... to get them to take lets say..

https://www.amazon.com/OBDLink-Blue...coding=UTF8&psc=1&refRID=ZSMAYGVYTZF40HKJ26WP

Full OBD Scan tool and FCA Security Bypass Question

JasonInDLH

Well-Known Member

CarbonSteel

Well-Known Member

JasonInDLH

Well-Known Member

jeepoch

Well-Known Member

Rhinebeck01

Well-Known Member

JasonInDLH

Well-Known Member

golong27

Well-Known Member

JasonInDLH

Well-Known Member

BlackGenesis

Well-Known Member

JasonInDLH

Well-Known Member

golong27

Well-Known Member

Rhinebeck01

Well-Known Member

Shak14

Well-Known Member

BlackGenesis

Well-Known Member

Rhinebeck01

Well-Known Member

Similar threads