— Sick.Codes (@sickcodes) August 14, 2022 While running Doom is cool in a “for the memes” sort of way, Sick Codes’ hacking of John Deere systems represents a milestone in the “right to repair” race. Right-to-repair is the concept that owners and independent repair professionals should have access to everything needed to fix a piece of equipment, such as a mobile phone, a tractor, or a car. If you’re a car enthusiast, you should be interested in right-to-repair as it’s a principle that offers you the choice of an independent specialist over a dealer, and allows you to fix your own vehicles. Ongoing efforts are being made to turn right to repair into law, and I really hope they succeed. So that’s right-to-repair in a nutshell, but you may be wondering what tractors have to do with cars. Well, embedded systems are present on just about every new car, and the nature of end-user license agreements means that you don’t actually own the embedded systems in your modern car. Preposterous, right? The same thing that’s happening to John Deere owners could eventually happen to car owners, which seems absolutely insane. If you own a car, you should own 100 percent of it, no matter what BMW thinks. Because John Deere doesn’t believe that its customers own 100 percent of their tractors and that customers license John Deere’s embedded software, the company has previously severely restricted who can repair John Deere products, to the point of costing farmers days of downtime while waiting for authorized repair professionals. So what justification does John Deere have in restricting access to repair tools? Well, John Deere made a statement to the Des Moines Register in March that doesn’t seem to hold up to scrutiny. That’s an incredibly small number of repairs involving emissions and safety equipment, and it’s important to note that these are genuine repairs. Farmers are looking to fix their tractors and restore factory functionality, but they don’t have full access to repair tools like diagnostic equipment. Sick Codes’ jailbreak attempts to correct that. There is one caveat to getting into John Deere tractors: Wired reports that Sick Codes’ method requires modifying the touchscreen console’s circuit board. However, a bench procedure might not be the end of the world depending on where customers are located. Tractors used for agricultural purposes in climates that experience four full seasons may see enough idle time in the winter to justify a few days of downtime. In addition, farmers far from John Deere dealerships could justify the modification’s downtime based on how long it would take to simply get a tractor to and from a servicing center. However, once the exploit is installed, farmers can pull up a terminal and gain access to what Wired reports to be more than 1.5 GB of logs. If you’ve ever had your car tuned remotely or attempted more advanced diagnostics on a modern car, you’ll know how valuable data logs are. Everything from fuel trims to ambient air temperature can be saved and analyzed, perfect for picking up unusual issues and narrowing down culprits from a simple code scan. In addition, this isn’t just some sort of diagnostics mode. Sick Codes’ method allows root access to the console. Speaking with Wired, Sick Codes seems to feel that this exploit is one that could actually last. Here’s to hoping that this method won’t be patched out soon, especially since it was time-consuming to develop. Sick Codes told Wired that the process took months of trial and error using multiple John Deere consoles. Sick Codes focused on the popular 2630 and 4240 display models, found in a wide variety of John Deere tractors. It’s worth noting that these consoles can be seriously pricey, with used 2630 systems clocking in around the $10,000 mark.
— Kyle Wiens (@kwiens) August 14, 2022 Kyle Wiens, CEO of iFixit, was at DefCon and reports that John Deere’s systems run on a hideous mash of unpatched Linux and Windows CE hardware. Shitty Windows CE implementations aren’t exactly uncommon – the first generation of BMW’s iDrive used Windows CE – but they have all the security of the average Master Lock. Windows CE as an operating system reached end-of-life in 2018, meaning that years have passed without official support on the OS. Without regular updates, end-of-life operating systems rely on the same philosophy of security through obscurity as any cheap padlock, and things can only remain obscure for so long. Tech journalist, author, and activist Cory Doctorow was also at DefCon and reports that not only does John Deere misuse open source software contrary to license agreements, he’s also claiming some shocking issues with John Deere’s information security. Pretty absurd, though unsurprising given that John Deere has been staunchly anti-right-to-repair, parading around what seems like monopolistic greed under a thin paper mask of “security.” Politico reports that John Deere has gone so far as to restrict access to emissions system diagnostics, prompting a suit that claimed John Deere was in violation of the Clean Air Act. Restricting repair access only hurts farmers, which in turn hurts the public, as downtime can affect food supply. John Deere is slowly making some tools available, albeit not in a way that anyone can actually own. According to John Deere, access to technical manuals is on a license basis, which brings up concerning questions of down-the-road support. I’m glad to see hackers sticking it to the man by offering solutions to make vehicle owners’ lives easier, even if these solutions aren’t necessarily the most law-abiding things out there. Would Sick Codes’ method of getting into a John Deere console violate the end-user license agreement? Most likely, but legality doesn’t always equal morality. Locking out consumers from diagnosing and repairing issues isn’t modding and in that instance, there is NO reason an owner should be prevented from at least knowing what the problem is if the computer system can tell them. Locking out diagnostic information is 100% revenue protection and has nothing to do with safety or compliance and there is ZERO excuses for it. If they were willing to meet a least a little in the middle and say “yeah, you need authorized parts for certain repairs, but we will allow you to see and read the diagnostic codes” that would be one thing, but hiding the diagnostic and data logs? That protects no one but Deere and they know it. I also find it odd that John Deere, an American company and one that many farmers and workers support would have such an anti-do it your self approach. I wonder who dreamed up this “solution” in the first place? Rules for thee, but not for me…and all that. Making Farmer Bob pay an official JD technician to come out and do basic service instead of doing it himself is just another income stream. That’s what happened to Boeing who used to be operated by the engineers and executives who worked closely with engineers and quality control inspectors until the merger with McDonnell Douglas in 1997. After the MDD takeover of executive board, the Boeing’s “new” mission was exactly what you described. Consequently, the problematic battery and quality control issues in 787 that grounded the plane too often and culture of secrecy with MCAS and 737 MAX that killed 346 people and led to the massive fraud charge. “Downfall: The Case Against Boeing” is an excellent documentary film. when most people think ‘farmer’, they think of ma ‘n papa farmers. independent families working 100 acres with 1 tractor and a pickup truck. the reality is that there are a lot of independent farmers. but none of them are buying new john deere equipment. they’re the ones at auctions, buying the 1980’s equipment that still bolts together. the true new-tractor customer of john deere is the commercial farmers. the corporations that own thousands to millions of acres, running dozens of their own privately owned semi trucks during harvest season. these customers drive luxury cars that are never more than 2 years old. they DON’T want manual transmissions. they don’t care about ease of repairability. they don’t repair their own gear. they sign a service contract, and make it someone else’s problem, preferably with a loss of profit cost adjustment so it’s someone else’s problem, and they still make money when it breaks. it’s a critical distinction no one really seems to be making. no one complains that a $90k lincoln navigator doesn’t come with an option for manual locks, windows, and a 3-speed column shifter. john deere sells to that kind of market, so it’s really time to stop complaining about their market categorization I went looking for more current info and came up being flooded with pictures of green and yellow tractors salvaging tanks. same deal here. john deere to the general public IS farming. At least in the midwest, outside of repairs involving shop equipment too large to be mobile, it’s all done in the field. If memory serves we’ve had exactly 1 repair in the last decade that involved the tractor going in, because the 4WD blew up its rear axle. I’m chalking it up to non-farm reporters covering farming. The rest was just fine, and a fun read.