{"id":46744,"date":"2022-08-16T06:39:30","date_gmt":"2022-08-16T06:39:30","guid":{"rendered":"https:\/\/harchi90.com\/a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave\/"},"modified":"2022-08-16T06:39:30","modified_gmt":"2022-08-16T06:39:30","slug":"a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave","status":"publish","type":"post","link":"https:\/\/harchi90.com\/a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave\/","title":{"rendered":"A new jailbreak for John Deere tractors rides the right-to-repair wave"},"content":{"rendered":"<div itemprop=\"articleBody\">\n<figure class=\"intro-image intro-left\">\n  <figcaption class=\"caption\"\/>  <\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\">\n<\/aside>\n<p><!-- cache hit 580:single\/related:650c50ac7af3d217e6aa295e7e492793 --><!-- empty --><\/p>\n<p>Farmers around the world have turned to tractor hacking so they can bypass the digital locks that manufacturers impose on their vehicles.  Like insulin pump \u201clooping\u201d and iPhone jailbreaking, this allows farmers to modify and repair the expensive equipment that&#8217;s vital to their work, the way they could with analog tractors.  At the DefCon security conference in Las Vegas on Saturday, the hacker known as Sick Codes is presenting a new jailbreak for John Deere &#038; Co.  tractors that allows him to take control of multiple models through their touchscreens.<\/p>\n<p>The finding underscores the security implications of the right-to-repair movement.  The tractor exploitation that Sick Codes uncovered isn&#8217;t a remote attack, but the vulnerabilities involved represent fundamental insecurities in the devices that could be exploited by malicious actors or potentially chained with other vulnerabilities.  Securing the agriculture industry and food supply chain is crucial, as incidents like the 2021 JBS Meat ransomware attack have shown.  At the same time, though, vulnerabilities like the ones that Sick Codes found help farmers do what they need to do with their own equipment.<\/p>\n<p>John Deere did not respond to WIRED&#8217;s request for comment about the research.<\/p>\n<p><figure class=\"image shortcode-img right full\" style=\"width:218px\"><img loading=\"lazy\" src=\"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/02\/wired-logo.png?resize=218%2C58&#038;ssl=1\" width=\"218\" height=\"58\" data-recalc-dims=\"1\" \/><\/figure>\n<p>Sick Codes, an Australian who lives in Asia, presented at DefCon in 2021 about tractor application programming interfaces and operating system bugs.  After he made his research public, tractor companies, including John Deere, started fixing some of the flaws.  \u201cThe right-to-repair side was a little bit opposed to what I was trying to do,\u201d he tells WIRED.  \u201cI heard from some farmers;  one guy emailed me and was like &#8216;You&#8217;re fucking up all of our stuff!&#8217;  So I figured I would put my money where my mouth is and actually prove to farmers that they can root the devices.&#8221;<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\">\n    <span class=\"ad_notice\">Advertisement <\/span>    <\/p>\n<\/aside>\n<p>This year, Sick Codes says that while he is primarily concerned about world food security and the exposure that comes from vulnerable farming equipment, he also sees important value in letting farmers fully control their own equipment.  \u201cLiberate the tractors!\u201d  he says.<\/p>\n<p>After years of controversy in the US over the \u201cright to repair\u201d the equipment one purchases, the movement seems to have reached a turning point.  The White House issued an executive order last year directing the Federal Trade Commission to increase enforcement efforts over practices like voiding warranties for outside repair.  That, combined with New York state passing its own right-to-repair law and creative activist pressure, has generated unprecedented momentum for the movement.<\/p>\n<p>Facing mounting pressure, John Deere announced in March that it would make more of its repair software available to equipment owners.  The company also said at the time that it will release an \u201cenhanced customer solution\u201d next year so customers and mechanics can download and apply official software updates for Deere equipment themselves, rather than having John Deere unilaterally apply the patches remotely or force farmers to bring products to authorized dealerships.<\/p>\n<p>\u201cFarmers prefer the older equipment simply because they want reliability.  They don&#8217;t want stuff to go wrong at the most important part of the year when they have to pull stuff out of the ground,\u201d Sick Codes says.  \u201cSo that&#8217;s what we should all want too.  We want farmers to be able to repair their stuff for when things go wrong, and now that means being able to repair or make decisions about the software in their tractors.\u201d<\/p>\n<p>To develop his jailbreak, Sick Codes got his hands on numerous generations of John Deere tractor control touchscreen consoles.  But ultimately he focused on a few models, including the widely deployed 2630 and 4240 models, for the exploit he is presenting.  It took experimentation on a number of touchscreen circuit boards over many months to find bypasses to John Deere&#8217;s dealer authentication requirements, but eventually Sick Codes was able to game a reboot check to restore the device as if it were being accessed by a certified dealer.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\">\n    <span class=\"ad_notice\">Advertisement <\/span>    <\/p>\n<\/aside>\n<p>He found that when the system thought it was in such an environment, it would offer more than 1.5 GB worth of logs that were meant to help authorized service providers diagnose problems.  The logs also revealed the path to another potential timing attack that might grant deeper access.  Sick Codes soldered controllers directly onto the circuit board and eventually got his attack to bypass the system&#8217;s protections.<\/p>\n<p>\u201cI launched the attack, and two minutes later a terminal pops up,\u201d Sick Codes says of the program used to access a computer&#8217;s command-line interface.  \u201cI had root access, which is rare in Deere land.\u201d<\/p>\n<p>The approach requires physical access to the circuit board, but Sick Codes says it would be possible to develop a tool based on the vulnerabilities to more easily execute the jailbreak.  Mostly he says he is curious to see how John Deere will react.  He&#8217;s unsure how comprehensively the company can patch the flaws without implementing full disk encryption, an addition that would mean a significant system overhaul in new tractor designs and likely wouldn&#8217;t be deployed in existing equipment.<\/p>\n<p>The first priority?  Running custom farm-themed <em>doom<\/em> on the tractor, of course.<\/p>\n<p><em>This story originally appeared on wired.com.<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Farmers around the world have turned to tractor hacking so they can bypass the digital locks that manufacturers impose on their vehicles. Like insulin pump \u201clooping\u201d and iPhone jailbreaking, this allows farmers to modify and repair the expensive equipment that&#8217;s vital to their work, the way they could with analog tractors. At the DefCon security &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave\/\"> <span class=\"screen-reader-text\">A new jailbreak for John Deere tractors rides the right-to-repair wave<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":46869,"url":"https:\/\/harchi90.com\/john-deere-jailbroken-to-run-doom-at-def-con-the-register\/","url_meta":{"origin":46744,"position":0},"title":"John Deere jailbroken to run Doom at DEF CON \u2022 The Register","date":"August 16, 2022","format":false,"excerpt":"At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to fully take control of some John Deere farming machine electronics to run first-person shooter Doom. With some rather-involved hardware hacking and the help of a New Zealand-based maker of Doom\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"Cropped shot of Doom running on a John Deere tractor controller","src":"https:\/\/i0.wp.com\/regmedia.co.uk\/2022\/08\/16\/screenshot_sick_codes_doom_deere.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":48361,"url":"https:\/\/harchi90.com\/new-jailbreak-code-for-john-deere-helps-farmers-right-to-repair\/","url_meta":{"origin":46744,"position":1},"title":"New Jailbreak Code for John Deere Helps Farmers Right-to-Repair","date":"August 17, 2022","format":false,"excerpt":"A John Deere tractor on Gibson's Green Acres Dairy on February 16, 2018 in Ogden, Utah.Image: Gene Sweeney Jr. (Getty Images)A new jailbreak code for John Deere tractors revealed Saturday at the DefCon security conference in Las Vegas, is the latest tool in the right-to-repair movement's fight to make everything\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"Uniqlo Summer Sale","src":"https:\/\/i0.wp.com\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,fl_progressive,g_center,h_180,q_80,w_320\/6f80c25e40829a5afb1a511ba15a1386.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":46760,"url":"https:\/\/harchi90.com\/def-con-hacker-shows-john-deeres-tractors-can-run-doom\/","url_meta":{"origin":46744,"position":2},"title":"Def Con hacker shows John Deere&#8217;s tractors can run Doom","date":"August 16, 2022","format":false,"excerpt":"The internet has shown us that doom can run on everything from a cardboard box to a Roomba and even a single keyboard key, but now we can add a John Deere tractor to that list. Security researcher Sick Codes worked with doom modder Skelegant to get the game running\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":48135,"url":"https:\/\/harchi90.com\/did-you-see-a-john-deere-tractor-cracked-at-def-con\/","url_meta":{"origin":46744,"position":3},"title":"Did You See A John Deere Tractor Cracked At DEF CON?","date":"August 17, 2022","format":false,"excerpt":"The Internet, or at least our corner of it, has been abuzz over the last few days with the news of a DEF CON talk by [Sick.Codes] in which he demonstrated the jailbreaking of the console computer from a John Deere tractor. Sadly we are left to wait the lengthy\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":46454,"url":"https:\/\/harchi90.com\/modder-gets-classic-doom-running-on-farm-tractor\/","url_meta":{"origin":46744,"position":4},"title":"Modder Gets Classic Doom Running On Farm Tractor","date":"August 16, 2022","format":false,"excerpt":"photo: Hindrik Johannes de Groot \/ id Software \/ Kotaku (Getty Images)one day, the classic 90s shooter doom will be playable on every single electronic device with a screen. We aren't quite there yet, but thanks to some crafty hackers you can now play id's seminal shooter on a jailbroken\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":53574,"url":"https:\/\/harchi90.com\/microsoft-details-critical-vulnerability-in-chromeos-the-register\/","url_meta":{"origin":46744,"position":5},"title":"Microsoft details critical vulnerability in ChromeOS \u2022 The Register","date":"August 23, 2022","format":false,"excerpt":"Microsoft has described a severe ChromeOS security vulnerability that one of its researchers reported to Google in late April. The bug was promptly fixed and, about a month later, merged in ChromeOS code then released on June 15, 2022 and detailed by Redmond in a report released on Friday. Microsoft's\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/08\/tractor-760x380.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/46744"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=46744"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/46744\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=46744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=46744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=46744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}