At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to take full control of some John Deere Farming Machine electronics to run the first-person shooter Doom.
With some rather involved hardware hacking and the help of the New Zealand-based creator of Doom Mod identified as Skelligant on Twitter, Sick Codes managed to get a corn-themed version of the classic 1993 computer game. to run John Deere tractors on display.
Ill codeIn a phone interview with registrarDescribed his work as a jailbreak rather than exploitation.
The project took several months to develop, According to Ill code. It targets a John Deere Tractor 4240 touchscreen controller running an Arm-compatible NXP I.MX 6 system-on-chip. Wind River Linux 8. There were also devices running Windows CE.
The hack involves getting into the controller’s physical guts and altering the electronics in such a way as to execute its code. Once you are able to get your own software into the equipment, it will simply accept and execute it.
“The main bug is that nothing is encrypted or properly checksummed or anything like that,” explained Sick, adding that patching the vulnerability is impractical.
The solution, I suggested, was creating new devices with proper security. All firmware code also runs as root, we’re told.
— Sick.Codes (@sickcodes) August 14, 2022
Presided over by Sikh Codes A related session At DEF CON 29 in 2021 where he is interested in exploring agricultural equipment because no one else is doing it.
But after disclosing several vulnerabilities, John Deere stopped using security vulnerabilities to customize or fix problems with their devices. And Sick Codes says he’s been approached by people upset about helping close holes in the company’s system. “It’s sometimes like anti-right-to-repair, if you look at it from a different angle,” I explained.
So this year, he says, he decided to focus on the underlying hardware and show the fragility of the food supply chain.
Importantly, this jailbreak could prove to be a breakthrough for people who want to repair and update their tractors and other agricultural equipment independently, as John Deere has placed a software-level block to allow only authorized dealers to perform this task. Jailbreaks can allow farmers to bypass those locks.
Kyle Wiens, CEO of repair website iFixit and a right-to-repair advocate was in attendance. presentation and described the experience in a Twitter thread.
“Sick codes jailbroken a John Deere, and that’s just the beginning,” he said wrote. “Our entire food system is built on old, unpatched Linux and Windows CE hardware with LTE modems.”
Wins suggested that the Tractor Kit Agreement would help make computerized agricultural equipment more accessible to those who use it.
“John Deere has repeatedly told regulators that farmers can’t be trusted to repair their own equipment,” Wins said. “This groundbreaking work will pave the way for farmers to regain control of the equipment they own.”
And he too Surprised out loud Whether or not John Deere complies with the terms of the GPL, it now appears that the company has incorporated GPL code into its products without fulfilling its obligation to disclose its source code.
Sick Codes has confirmed that it believes John Deere has failed to comply with its GPL obligations. “I want them to come forward and explain how they’re complying,” he said.
According to author and activist Cory Doctorow, law enforcement agencies account for open source licensing issues Now aware John Deere’s alleged non-compliance.
John Deere has been a source of frustration for years among right-to-repair advocates, who object to the now-common use of digital safety controls to prevent product owners from repairing the equipment they buy. Recently, however, right-to-repair laws have been advanced in several US states approval By the Biden administration. The European Union and the United Kingdom have also shown more interest in protecting product buyers’ right to repair.
In January, Two cases One was filed in Illinois and another in Alabama against John Deere for the company’s repair restrictions. Next month, US lawmakers in the House of Representatives and Senate Introduction of separate bills To guarantee the right to repair.
Then in March, two weeks later a dozen Advocacy groups have complained to the FTC that John Deere has refused to provide software and technical data needed to repair its equipment, the agency said. said That it will make previously restricted technical resources available to customers and independent repair shops
registrar John Deere has been asked to comment. We never heard back. ®