In the face of mounting pressure, John Deere announced in March that it would provide more repair software to equipment owners. The company also said at the time that it would release an “enhanced customer solution” next year so that customers and mechanics can download and apply official software updates for Deere equipment themselves, rather than having John Deere unilaterally apply patches remotely or force farmers to bring Come product to an authorized dealer.
“Farmers prefer old equipment just because they want reliability. They don’t want problems during the most important time of the year when they have to dig things out of the ground, “Sick Codes said. “So that’s what we should all want as well. We want farmers to be able to fix their stuff when something goes wrong, and now that means being able to fix or decide on the software in the tractor.”
Development With his jailbreak, Sick Codes gained access to countless generations of John Deere tractor-controlled touchscreen consoles. But in the end he focused on several models, including the widely deployed 2630 and 4240 models, for the vulnerabilities he showed. It took months of experimenting on multiple touchscreen boards to find a way to bypass the John Deere dealership authentication requirement, but eventually Sick Codes was able to restore the device with a reboot check as if it was being used by a certified dealership Same as business access.
He found that when the system thought it was in such an environment, it provided more than 1.5 GB of logs designed to help authorized service providers diagnose problems. The logs also revealed another path to a potential timing attack that could grant deeper access. Sick Codes soldered the controller directly to the circuit board, ultimately allowing his attack to bypass the system’s protections.
“I launched the attack and two minutes later a terminal popped up,” Sick Codes said of the program used to access the computer’s command-line interface. “I have root access, which is rare in the Deere world.”
This method requires physical access to the board, but Sick Codes says it is possible to develop a vulnerability-based, Easier to perform jailbreak. For the most part, he said he was curious to see how John Deere would react. He’s not sure how comprehensively the company could patch the vulnerability without implementing full-disk encryption, an addition that would mean a major system overhaul in new tractor designs and likely won’t be deployed in existing equipment.
But once the Sick Codes exploit works, what’s the first priority? Of course, running a custom farm theme Doom on the tractor.