An Australian security researcher is making waves around the world, after showing how to get root on a John Deere tractor control system, opening it up for field repairs by farmers without having to go to a dealer.
Speaking to iTnews, Asia-based researcher Sick Codes said he demonstrated the hack at the thirtieth annual DEF CON conference in Las Vegas over the weekend.
Sick Codes tried several tractor displays over a period of several months, but focused on the John Deere 4240 which runs Linux as distributed by Intel-owned Wind River.
The John Deere systems run old and deprecated versions of Microsoft's embedded WinCE operating system as well.
He discovered an easy way to get dealer-level access to the display, simply by creating an empty file named dealerAuth.txt which was read by the system from a USB memory stick.
Sick Codes was also able to solder on controllers to the screen printed circuit boards to bypass system protections, a lengthy process that was difficult to get right.
The displays that control tractors through the controller area network bus (CANBUS) for vehicles are expensive; Sick Codes spent thousands of dollars of his own money to buy them.
Once he had jailbroken the displays, Sick Codes was able to do pretty much anything he wanted on them, using secure shell for remote root access.
"My device is edited to boot with a root terminal," Sick Codes said.
With root access, Sick Codes could type in arbitrary commands with the privileges of the root super user, which has full access to the entire system.
The commands include "resetting boot count, editing databases, wipe machine hours, send and receive CANBUS messages, read and write to the disk," Sick Codes told iTnews.
Farm vehicle giant John Deere has taken much flak for blocking tractors repairs though software.
Right to repair activists have criticised John Deere for this, with digital liberties activist Cory Doctorow calling it "war on repair".
"[John Deere] has made wild and outlandish claims about the reason that farmers must pay the company hundreds of dollars every time they fix their own tractors, and then wait for days for an authorised technician to come to their farm and type an unlock code," Doctorow wrote after seeing Sick Codes' demo at DEF CON with right to repair advocate and iFixit CEO Kyle Wiens.
Wiens observed that outdated software is too common in embedded systems like the tractors.
Sick Codes has jailbroken a John Deere, and this is just the beginning. Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems. pic.twitter.com/OLDBckluxr
— Kyle Wiens (@kwiens) August 14, 2022
Canterbury, New Zealand based dairy farmer Craig Hickman told iTnews that longevity, reliability and repairability are vitally important.
His John Deere tractor is currently 15 years old, and "unless you're turning them over every few years you need to be able to get them serviced wherever you like," Hickman said.
Hickman uses the local dealer for servicing, and said hacking the tractor is not an issue he has had to face.
As part of the demo in Vegas, Sick Codes ran a mod of the classic Doom video game, made by Kiwi designer Skelegant, in which the player mowed down monsters driving a tractor in a corn field.
With epic just-in-time help by NZ based doom modder @Skelegant. She helped get this run using DeHacked Doom, since gzdoom was a mission. Together, we teamed up to make this happen. She is amazingly talented. pic.twitter.com/OfVDMvRhzR
— Sick.Codes (@sickcodes) August 14, 2022
Skelegant told ITnews that she prefers to use a nome-de-plûme rather than her real name, to keep her online and real lives somewhat separate.
.jpg&h=140&w=231&c=1&s=0)
