Oh Deere: Farm hardware jailbroken to run Doom

At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to fully take control of some John Deere farming machine electronics to run first-person shooter Doom.

With some rather-involved hardware hacking and the help of a New Zealand-based maker of Doom mods identified as Skelegant on Twitter, Sick Codes managed to get a corn-themed version of the 1993 classic computer game to run on a John Deere tractor display.

Snap of the John Deere hardware running Doom … Click to enlarge

Sick Codes, in a phone interview with The Register, described his work as more of a jailbreak than an exploit.

The project took months to develop, according to Sick Codes. It targeted a John Deere tractor 4240 touchscreen controller with an Arm-compatible NXP I.MX 6 system-on-chip running Wind River Linux 8. There were also devices running Windows CE.

The hack involved getting into the physical guts of the controller and modifying the electronics in such a way to run his code. It turned out once you were able to get your own software onto the equipment, it would just accept it and execute away.

“The main bug is that nothing’s encrypted or checksummed properly or anything like that,” Sick explained, adding that patching the weakness out isn’t practical.

The fix, he suggested, is simply building new devices with proper security. All the firmware’s code runs as root, too, we’re told.

https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfY2hpbl9waWxsc18xNDc0MSI6eyJidWNrZXQiOiJjb2xvcl9pY29ucyIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfZnJvbnRlbmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1558878687642402816&lang=en&origin=https%3A%2F%2Fwww.theregister.com%2F2022%2F08%2F16%2Fjohn_deere_doom%2F&sessionId=e12e25a631d88abe8009051d2fb8dc78eabca47f&siteScreenName=TheRegister&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=550px

Sick Codes presided over a related session at 2021’s DEF CON 29 in which he attributed his interest in exploring agricultural equipment to the fact that no one else was doing so.

But after disclosing a number of vulnerabilities, John Deere patched them, blocking people from using the security weaknesses to customize or fix issues with their machinery. And Sick Codes said he’d been approached by people upset about helping the company close the holes in its systems. “It’s like anti-right-to-repair sometimes, if you consider it from a different angle,” he explained.

So this year, he said, he decided to focus on the underlying hardware and show the fragility of the food supply chain.

Crucially, the resulting jailbreak could prove to be a breakthrough for people who want to freely repair and update their tractors and other farming equipment themselves, as John Deere has in place software-level blocks to allow only authorized dealers to perform this work. The jailbreak could allow farmers to bypass those locks.

A doh, a Deere

Kyle Wiens, CEO of repair website iFixit and a right-to-repair advocate, attended the presentation and recounted the experience in a Twitter thread.

“Sick Codes has jailbroken a John Deere, and this is just the beginning,” he wrote. “Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems.”

Wiens suggested the tractor kit compromise will help make computerized agricultural equipment more accessible to those who use it.

“John Deere has repeatedly told regulators that farmers can’t be trusted to repair their own equipment,” Wiens said. “This foundational work will pave the path for farmers to retake control of the equipment that they own.”

And he also wondered aloud whether John Deere has complied with the terms of the GPL, now that it appears the company incorporates GPL code into its products without meeting its source code disclosure obligations.

Sick Codes confirmed that he believes John Deere failed to comply with its GPL obligations. “I’d love for them to come forward and explain how they are in compliance,” he said.

According to author and activist Cory Doctorow, organizations that undertake legal enforcement for open source licensing issues are now aware of John Deere’s alleged non-compliance.

John Deere has been a source of frustration for years among right-to-repair advocates, who object to the now-commonplace use of digital security controls to prevent product owners from repairing equipment they purchased. Recently, however, the right-to-repair legislation has made headway in various US states and has been endorsed by the Biden administration. The European Union and the UK have also shown more interest in protecting the repair rights of product buyers.

In January, two lawsuits were filed against John Deere, one in Illinois and the other in Alabama, over the company’s repair restrictions. The following month, US lawmakers in the House of Representatives and in the Senate introduced separate bills to guarantee the right to repair.

Then in March, two weeks after a dozen advocacy groups complained to the FTC about John Deere’s refusal to provide the software and technical data necessary to repair its equipment, the company said that it would make previously restricted technical resources available to customers and independent repair shops.

Leave a Reply

Your email address will not be published.