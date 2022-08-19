At the DefCon conference, the hacker “Sick.Codes” presented a hack of John s. Thanks to root he was able to install and play Doom.

Hacker Sick.Codes presented a hack of John Deere tractor terminals at the DefCon security conference in Las Vegas. As proof, he demonstrated the game Doom on it. However, the background is more serious.

- Advertisement -

Locked up tractors

Unlike in the past, agricultural machinery is now crammed full of high-tech: GPS-assisted driving in the fields is standard in the USA and to a large extent also in Europe. However, other desires of the marketing departments also found their way. Functions can be activated in the firmware for an additional charge, similar to Tesla or BMW. Such functions are well protected with an encrypted firmware.

However, this often also hinders your own repairs to the vehicles, which can only be carried out by specialist workshops. On the other hand, because of their uplink, John Deere tractors can also be completely blocked remotely – which gave Russian thieves of tractors stolen from Ukraine a run for their money.

A scene has formed that supports tractor hacking for self-repairs and collects information on Github, for example. At last year’s DefCon, Sick.Codes had already presented vulnerabilities in the firmware, which John Deere then closed. Self-repairs were no longer so easily possible. This was the reason for the hack presented now. Details are still open, but Sick.Codes apparently had to solder its own technology to the innards of the touchscreen terminals.

Hack details not yet available

- Advertisement -

He presents his hack as firmware extraction, duplication, emulation and cloning. Sick.Codes explained to Wired that he had concentrated on two consoles. He demonstrated the exploits on the widely used 2630 and 4240 models. He spent months examining the touchscreen boards for gaps in John Deere dealer authentication. Eventually, he managed to run a reboot check to restore the device as if it were being accessed by a certified retailer.

In this environment, the terminals provided more than 1.5 GB of log files, which are intended to help authorized service personnel diagnose problems. However, there were also clues in there about potential timing attacks that could allow deeper access. With controllers soldered directly onto the circuit board, the hacker was finally able to bypass the system protection with his attack.

With the access he gained, he installed the game Doom to demonstrate.

- Advertisement -

The hacker with the Twitter handle @Skelegant contributed a mod for Doom that takes the game a little more rural.

Sick.Codes says that while physical access is required to access the circuit board, it is possible to develop a tool based on the vulnerabilities that would make rooting the device easier. He is curious to see how John Deere reacts. The gaps are unlikely to be extensively sealed without implementing full disk encryption, which means a significant overhaul in new tractor designs and is unlikely to be applied to existing equipment.