Remote Lockouts Reportedly Stop Russian Troops From Using Stolen Ukrainian Farm Equipment (theverge.com) 152
An anonymous reader quotes a report from The Verge: Russian troops stole almost $5 million worth of farm equipment from a John Deere dealer in the occupied city of Melitopol, Ukraine, only to discover that the machines have been shut down remotely, making them inoperable, according to a report from CNN. Some of the equipment, which comes with a remote locking feature and a built-in GPS, was tracked over 700 miles away in the Zakhan Yurt village of Chechnya.
A source close to the situation told CNN that Russian troops gradually began taking machinery away from the dealer following their occupation of Melitopol in March. It reportedly started with two combine harvesters worth $300,000 each, a tractor, and a seeder, until troops hauled away all 27 pieces of equipment. Some of the equipment went to Chechnya, while others reportedly landed in a nearby village. "When the invaders drove the stolen harvesters to Chechnya, they realized that they could not even turn them on, because the harvesters were locked remotely," CNN's source told the outlet. Although the pieces of equipment were remotely disabled, CNN's source says that Russian troops may be trying to find a way around the block, as they're in contact with "consultants in Russia who are trying to bypass the protection."
A source close to the situation told CNN that Russian troops gradually began taking machinery away from the dealer following their occupation of Melitopol in March. It reportedly started with two combine harvesters worth $300,000 each, a tractor, and a seeder, until troops hauled away all 27 pieces of equipment. Some of the equipment went to Chechnya, while others reportedly landed in a nearby village. "When the invaders drove the stolen harvesters to Chechnya, they realized that they could not even turn them on, because the harvesters were locked remotely," CNN's source told the outlet. Although the pieces of equipment were remotely disabled, CNN's source says that Russian troops may be trying to find a way around the block, as they're in contact with "consultants in Russia who are trying to bypass the protection."
Dup (Score:3, Interesting)
Re: (Score:2)
Hi, my name is BeauHD and don't give a shit about my job nor do I even use the site I'm supposed to add content to for my job!
I guess we can at least be thankful that another "editor" posted this, eh?
Re: (Score:2)
Remember, Right-to-Repair is essentially a war crime! [slashdot.org]
Offtopic.
Flamebait.
not that big an issue really. (Score:2)
Re: (Score:2)
That very much depends. Part of the data in there will be machine-specific parameters. If those are gone, sure, you can get it to move and it may even work, but it will get crappy lifetime.
Re: (Score:2)
Nearly all the JD stuff has guides online to hack bypass or pirate firmware and software in their various machines. Farmers through necessity have been doing this for years now as it is not affordable to have a half million dollar piece of machinary sit idle for a week waiting for a JD certified engineer to turn up.
And yet, no links.
Re: (Score:2)
Nearly all the JD stuff has guides online to hack bypass or pirate firmware and software in their various machines. Farmers through necessity have been doing this for years now as it is not affordable to have a half million dollar piece of machinary sit idle for a week waiting for a JD certified engineer to turn up.
And yet, no links.
Yes, a bit suspicious that. Maybe made up or there are guides bu they do not work? I mean if the JD people have some security experts, they will be reading the same guides...
Re: (Score:2)
Nearly all the JD stuff has guides online to hack bypass or pirate firmware and software in their various machines. Farmers through necessity have been doing this for years now as it is not affordable to have a half million dollar piece of machinary sit idle for a week waiting for a JD certified engineer to turn up.
And yet, no links.
Yes, a bit suspicious that. Maybe made up or there are guides bu they do not work? I mean if the JD people have some security experts, they will be reading the same guides...
If they are as serious about repair lockdown as everyone says, I am sure they would be playing cat and mouse with the "Free JD!" Community.
Re: (Score:2)
The reality is that all the parts that prevent its operational are not that difficult to replace if you don't care about legality and IP which in the situation they surely would not.
Wrong.
The reality is that it simply isn't practical for a few pieces of farm equipment; regardless of how shiny.
Now, if Russia had captured a hypothetical European John Deere Factory, where solving the problem meant being able to crank-out thousands of pieces of that same shiny farm equipment, then it might be worth investing the effort; but for a few measly teactors and combines?
Sorry.
Source: Am Embedded Designer.
Re: (Score:2)
Wrong.
The reality is that it simply isn't practical for a few pieces of farm equipment; regardless of how shiny.
Sorry.
Source: Am Embedded Designer.
I'm sure the small team of people that do it, and then sell the equipment for a tidy profit (or put it directly to use), will disagree with you.
So many, supposedly smart, Slashdotters screaming "Impossible" and "huge engineering effort"!
There are plenty of people, worldwide, that could do this single-handedly...several other posts describe how.
But, honestly, I wouldn't be surprised if this equipment isn't bypassed and running already.
There are small teams of people who do all sorts of shit; like getting Linux running on Microwave Ovens; what I was referring-to was "Government-Backed" efforts not being involved, due to it only being a few units.
Too bad there's no sound effect (Score:2)
Re: (Score:2)
The sound of the Ukraine president playing piano with his single digit would work well
https://www.youtube.com/watch?... [youtube.com]
Unpopular opinion, however... (Score:5, Insightful)
Re: (Score:3)
I do kinda agree. While it's neat to see this particular one use case because it happens to people we don't like, don't forget that the exact same thing can happen to an honest hard-working farmer in your own country just trying to get his harvest done so he can pay off his bills and not lose his farm.
Re: (Score:2)
Well, if "honest" is in the picture, then "lawsuit" should be pretty much enough to prevent JD from doing anything. If, however, the equipment is used but not paid for, then "honest" is not there either...
The thing is, this capability by JD cannot really be removed. But JD can be made to not use it except in very specific circumstances by simply making them liable for any and all damage if they do outside of those circumstances.
Re: (Score:2)
I think we can all agree with that. While we acknowledge that it's wrong and should be abolished, it's hard to feel bad about it being used for a righteous purpose.
Re: (Score:2)
That's not a fair assessment at all.
First, no one on the left believes that anyone should be denied basic human rights. The right, however, openly and explicitly want to deny certain groups basic rights.
Second, no one on the left believes that anyone on the right is sub-human. We want everyone, farmers included, to be treated with dignity and respect. Yes, we tend to emphasize the needs of marginalized groups, but that's only because they're the ones who are most likely to be deigned those things.
So what
Re: (Score:3)
Well, the bounds on that will have to be legal, not technological. You see there is really no technological way to prevent a manufacturer that can push updates (and that is something we will not get around with the current attak and malware situation) from locking specific devices. Hence, technologically, your requirement makes no sense at all.
Re: (Score:2)
Well, the bounds on that will have to be legal, not technological. You see there is really no technological way to prevent a manufacturer that can push updates (and that is something we will not get around with the current attak and malware situation) from locking specific devices. Hence, technologically, your requirement makes no sense at all.
I assume you are unfamiliar with the concept of Code-Signing, right?
Re: (Score:2)
I assume you are familiar with the concept of skipping signature validation, right?
Re: (Score:2)
I assume you are familiar with the concept of skipping signature validation, right?
And how does that apply here?
Re: (Score:2)
Well, the bounds on that will have to be legal, not technological. You see there is really no technological way to prevent a manufacturer that can push updates (and that is something we will not get around with the current attak and malware situation) from locking specific devices. Hence, technologically, your requirement makes no sense at all.
I assume you are unfamiliar with the concept of Code-Signing, right?
I am an expert for the use of cryptography. Code signing does not help against the people that have the secret keys. Like the manufacturer, for example...
Re: (Score:2)
Well, the bounds on that will have to be legal, not technological. You see there is really no technological way to prevent a manufacturer that can push updates (and that is something we will not get around with the current attak and malware situation) from locking specific devices. Hence, technologically, your requirement makes no sense at all.
I assume you are unfamiliar with the concept of Code-Signing, right?
I am an expert for the use of cryptography. Code signing does not help against the people that have the secret keys. Like the manufacturer, for example...
And that relates to the thieves exactly how?
Re: (Score:2)
Under no circumstances should JD or affiliates be able to lock out anyone. No. It isn't okay. Instead of killing a nation, you are killing the planet.
You're killing me here. Now I wonder if nuclear armed nations, have enough of a lock out constraint around REAL threats.
Not sure why you're still worried about fucking tractors.
Re: (Score:3)
Under no circumstances should JD or affiliates be able to lock out anyone.
No. It isn't okay. Instead of killing a nation, you are killing the planet.
I'm not sure what you mean by JD "killing the planet" but it would have to be some kind of hypothetical or metaphorical killing.
Russia on the other hand is literally murdering innocent civilians in an attempt to wipe out a nation.
Perspective matters.
Re: (Score:2)
Before they are sold, John Deere is the owner. Why should the owner be prohibited from locking non-owners out?
Re: (Score:2)
Your statement is nonsense hyperbole. The essence of Deere's mission statement is:
How can we best use technology to help feed a planet with 9 billion people?
They take that mission very seriously, and it is at the core of everything they do.
It's popular in certain circles to condemn Deere for right-to-repair issues, mostly by
armchair Linux monkeys that have never even seen a tractor.
The engineers that I have worked with at Deere are some of the brightest, driven,
and dedicated people that I've ever worked wit
Re: (Score:2)
Instead of killing a nation, you are killing the planet.
Please unpack this statement for us, because on its face it seems utterly ridiculous. If there is some chain of logic that leads from tractor DRM to planet murder, you're going to have to connect those dots for us.
I'm not saying that tractor DRM is good, just that I seen no sequence of inferences connecting it to planet murder.
Re: (Score:2)
This is exactly right.
Good luck with that though. The average doesn't care if Johndickmicrofacetwitooglepple is spying and controlling every aspect of their lives and can simply flip a switch to destroy them on a whim. It's for their own good after all and they love it.
Offtopic.
Re: (Score:2)
The key word there is "bought," which does not apply here. I don't see how this should be controversial at all, especially on a tech-focused site like slashdot. With standards like SOC2 in play these days, every sysadmin out there has the ability to remote-brick lost or stolen company kit through Jasper, JAMF, or similar. Many have, and rightfully so. Thieves should never prosper. Hell, I once had to remote-kill a stolen laptop of my own via iCloud. The only difference here is that the gear that was
Re: (Score:2)
what the fuck is wrong with you? we get it, you "know" some shit. now shut the fuck up and let the conversation happen.
The "Right To Repair" Conversation was very clearly off-topic for the Article at hand.
Therefore, it is you that needs to STFU, and let the Relevant Conversation happen.
Too bad the cracked firmware comes from Ukraine (Score:3, Informative)
Deere still sucks! (Score:3)
Re: (Score:2)
When it comes to right to repair and such!
Offtopic. Troll.
Re: (Score:2)
ok Mr. John Deere, you can stop now.
Wrong. Not a fan of JD or anyone deliberately making products of First Sale unrepairable. Period.
But it was not the Topic of the Article; and the Comment Thread was clearly being hijacked by Posters with no Contribution to the Conversation about how and whether it would be possible to get the stolen machinery running again, but only to turn it into Off-Topic and Irrelevant whining about "Right To Repair".
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"Irrelevant whining about "Right To Repair"" Sure it was as soon as Deere engineers were praised for making a system that while perfectly good can be remotely disabled to deny it to those nasty Russians. This feature was there not to keep the equipment from being stolen in a war zone. It is standard equipment and is there to squeeze more support cash from owners.
I agree with you on that; but it really wasn't what that Article was about, and it pissed me off that it totally ruined an apolitical technical discussion with nothing but an overripe crop that has already been thoroughly harvested and plowed-under in several other Articles; so absolutely no new ground was there to be tilled (puns painstakingly intended!).
5 million worth? (Score:2)
STOP COMMENTING (Score:2)
It's a dupe! BeauHD is being trash yet again. Stop taking this crap seriously. Please!
People will starve anyway (Score:2)
I finally found a use for blockchain (Score:2)
We make a big block of concrete with the editors attached to it with chains [slashdot.org], and then drop it in the fucking ocean.
Seen this before (Score:4, Insightful)
A bit too much of a just so story (Score:2)
Like the guys on the island who ... er, surrendered and were fine, in reality.
Could be true, of course, but wartime is full of exiting propaganda.
Re: (Score:2)
The yin-yang of human endeavors (Score:2)
Every construct of humanity can be used for both good an evil. On the one hand, John Deere can thwart Russian abuse. On the other, they can also thwart an unapproved (and likely less expensive) mechanic from repairing equipment. Point being that you can't universally condemn or approve of anything that man creates.
I don't think that this remote kill story is true (Score:4, Informative)
I worked at Deere in the department that creates and maintains the guidance software,
and have software that I wrote running in the guidance computer in the cab.
The GPS and sat comm signal is obtained by a big yellow bubble that sits on top of the vehicle.
Perhaps you've seen one on vehicles out in the field. They're about 18 inches around
and talk to the vehicle's CAN bus, as does most everything else on the tractor.
You won't see them on new vehicles sitting on the dealer's lot. They are installed on delivery.
As shipped to a dealer, the "bubbles" are, more importantly, not provisioned.
There isn't another secret, hidden sat comm antenna.
The bubble receives satellite signals, as well as signals from local guidance and control.
It's a very expensive option, with a subscription, so many vehicles won't even have it.
Maybe there's some anti-theft lockout code when the tractors are shipped,
but the idea of a remote kill signal sent to new vehicles at a dealer sounds like a lie.
Re: I don't think that this remote kill story is t (Score:2)
Or it can be simple as having to enter a code (which could be move this lever here and push that button there) within a certain amount of time or else all the systems become disabled. A legit use of a logic bomb.
Look at the state of their convoys (Score:2)
In fact, look at the state of the whole shitshow Putin unleashed on the whole world.
The only thing Putin has going for him is his threats of nuclear war, but he is by far not the only one with nukes. Hell, China might be the one to suddenly dart up and grab Russia by the throat because they are trying to emerge quickly into first world status, and they have a lot to lose even if they weren't attacked directly.
In the end, Russia could suffer the fate of Germany after World War II, being broke
Re:Wonder if they can get the hardware working... (Score:5, Interesting)
If e-fuses are blown and the chip is correctly designed, the only way to read firmware would be to access the actual silicon, probe the circutry and issue read commands directly to the on-chip flash ROM. It's not about having a master key - with fuses blown, the chip just won't read out the firmware.
Of course, there is the possibility of the chips they use having flaws that can leak ROM data, or a vulnerability being intentionally designed into the silicon to allow read-back of the ROM. But this is on a chip-by-chip basis, and would not require any 'master key' - just knowledge of the vulnerability.
Re:Wonder if they can get the hardware working... (Score:4, Interesting)
Actually, external flash is not protected against reading it. It would be useless if it were. Internal flash can be protected better, but it is very limited in size. But in actual reality, this is flash (both internal and external) that needs to accept updates, so the e-fuses will not even be blown. Of course, the manufacturer can include a kill-switch that requires a hardware replacement though, like locking up some critical component by erasing its internal flash and then preventing an update or by actually blowing up a component.
Re:Wonder if they can get the hardware working... (Score:5, Interesting)
external flash is not protected against reading it
It can be if it's encrypted. Been there, done that. You can pretty much use the same distribution structure that BluRay uses: The ROM holds a set of many public keys that are used to encrypt the AES key used to encrypt the flash data. The data key can change with every release, to revoke a public key you just don't encode the data key with that particular key.
Re: (Score:2)
Errm Where do private keys come in then here?
Re: (Score:2)
No. You just read the encrypted version then. The claim was that there were e-fuses to protect flash chips against reading. That is just complete nonsense for external flash.
I also think you do not really understand how DVD encryption works. Or how key-revocation works generally or in that BlueRay context. There is absolutely no connection between secret keys used and revocation of public keys. In fact, secret keys get changed on each disk/network connection/document/etc.
Re: (Score:2)
It's very unlikely that the CPUs have internal flash. Flash requires large node sizes (40 nm or so), and modern CPUs use much smaller node sizes, for performance and energy efficiency. If you want NV storage in modern CPUs, you have two choices: SRAM, which isn't really non-volatile obviously, though you can often provide sufficient battery backup to make it effectively NV, or fuses, which have the obvious disadvantage of being write-once.
Re: (Score:2)
Indeed. The standard case will be external flash, probably even SSDs for the amount of automation and computerization in these machines. Probably these are in fact embedded PCs.
That said, "fuses" have long since vanished from modern chips. What is used instead is single EEPROM cells lacking the erasure mechanism. As long as it is just a few cells, the space penalty is not a problem. The problem with actual fuses is that you need to have a cavity on top for the smoke to go to. You are perfectly correct that
Re: (Score:2)
Re: (Score:2)
Yes. I used to have a hobbyist interest in this stuff as a teen and I had found out back then that I could get a lot of datasheets and handbooks for free just by sending some postcards ;-)
Re: (Score:2)
The likelihood of such extreme security measures locking out the legitimate users is hgh. Much as the "UEFI BIOS password, plus disk encryption, plus workplace password, plus MFA, plus password expiration, plus unique passwords for every application, plus password requirements" add up to such a burden that they often make the system quite fragile and break at the most urgent moments.
Re: (Score:2)
... which is why a lot of farmers are pissed at John Deere. It turns out you are exactly right, in that JD's quest for maintaining their revenue stream on parts and service has hamstrung a lot of farmers who just want to harvest their fucking wheat, and fix stuff in the field in order to get that harvest done, rather than calling an authorized service rep to make an appointment a week from now who will show up with a $20 part and a laptop that they can plug in and "authorize" the repair.
Re: (Score:3)
Yes. I have never seen credible reports of a master key, but I have seen that some chips can have the debugger interface re-enabled through glitching.
Re: (Score:2)
Umm... an unreadable firmware may as well not exist at all. The chip has to be able to read the firmware in order to run it.
Though it may well designed so that chip and ROM are on the same silicon, and the firmware never leaves the silicon after a "finalized for deployment" fuse is blown.
Unless of course the e-fuse is designed specifically to be a permanent kill switch, rather than a "prevent any tampering" switch. But I suspect the latter are far more common than the former.
Re: (Score:3)
they are tractors and harvesters etc, the computerised part are very much secondary to their operation. The chips and computers are not actually critical to their operation, they should be easily bypassed or replaced.
Replace "tractors" with "cars" and tell me how outdated your argument really is.
Re: (Score:2)
These things have an internal combustion engine, they have tires and gears - none of which absolutely require electronics to work.
Right. So does your car in the garage. So shut the hell up and get to work ripping out all those "useless" chips and prove me wrong.
Yeah. I've got grey in my beard. I know your half-century old point here. Prove me wrong.
If you think that a nation that can build manned spacecraft, nuclear submarines and advanced fighter aircraft (even if badly) does not know how to do this, you are seriously deluded.
If that were the case, then 5 million of farm equipment would be running by now, and this story would be nothing but clickbait bullshit. Let's see how true that is a month from now when they're desperate. If it were THAT easy, Right to Repair probably wouldn't have made it all the w
Re: (Score:2)
Right. So does your car in the garage. So shut the hell up and get to work ripping out all those "useless" chips and prove me wrong.
Yeah. I've got grey in my beard. I know your half-century old point here. Prove me wrong.
People replace factory ECU's in cars all the time...Haltec, Motec, AEM, MegaSquirt, Speeduino, etc...
People convert EFI gasoline engines to carburetors regularly...
People convert common rail diesels to mechanical injection.
Larger diesels often use standardized output (bellhousing) flanges...which makes them easy to interchange.
Most of the stuff on tractors is driven by hydraulics...which means solenoids.
If you don't want to drive the solenoids with a toggle switch, you could replace them with valves.
I know
Re: (Score:2)
Many of those mods come from having a market where there are literally hundreds of thousands of customers who want to do that. Replacing an ECU that wasn't designed specifically to thwart people fucking around with it, with another part that is already built and available is child's play. No such replacement exists for a John Deere combine harvester because John Deere has spent a lot of time suing people that have tried, and engineering it specifically to prevent such actions.
Besides, do you really think
Re: (Score:2)
I think that grey is turning you senile. Replacing factory ECUs is so common a simple Google search leads you to hundreds of third party modifiers.
Also, the right to repair thing is about making it possible for a *consumer* to repair/replace components without being held hostage to the manufacturer.
Are you too daft to realize that "consumer' means an average farmer who is not about to contract 20 engineers to figure out how to get his tractor to start. It's not that the modifications are technologically imp
Re: (Score:3)
>In all probability, Russia does not even want to use the 5 million $ worth of farm equipment.
That seems VERY unlikely - if that were the goal it would have been FAR easier to just destroy it where it was that steal it. The whole point of the spoils of war is that *you* have them, not that your victim doesn't. As encapsulated in the immortal guideline: "Pillage then burn."
Re: (Score:2)
These things have an internal combustion engine, they have tires and gears - none of which absolutely require electronics to work. The whole idea of electronic locks on equipment and vehicles is about raising the difficulty of the bypass beyond the capability/motivation/incentive of the average John Doe who just wants to drive his car to work.
It is absolutely not beyond the capability of an engineering firm with a million dollar contract to reverse engineer the electronics or even simply replace them with others. You still get 5 million $ of farm equipment for 1 million.
If you think that a nation that can build manned spacecraft, nuclear submarines and advanced fighter aircraft (even if badly) does not know how to do this, you are seriously deluded.
For a few pieces of farm equipment?
Yeahrightsure.
Re: (Score:2)
The factories and engineers to do the analysis and fabrication are back in Russia. The troops in Ukraine have what is in their toolboxes and what they can confiscate. Also, the tractors are not identical, so it's reverse engineering many different models, from many different years. Farmers are not known for replacing tractors frequently with the latest version, which may help reverse engineering effots.
Re: (Score:2)
none of which absolutely require electronics to work
Here's the typical dash of a John Deere Combine Harvester:
https://bmcontent.affino.com/A... [affino.com]
How exactly do you override THAT and use the machine?
Re: (Score:2)
First, like this : Ukrainian hackers help the American farmers to crack the tractors John Deere. In stock Also, there is also an electronic catalog of the original parts of the spare parts for the whole equipment manufactured by John Deere
: https://oborudow.ru/en/salon/p... [oborudow.ru]
Oh the irony.
And then at the level of the hardware....the computer is in the end turning cogs...the cog will turn, levers will move, hydraulics will pressurize....even with another/no computer controlling it.
Re:Wonder if they can get the hardware working... (Score:5, Insightful)
Fifty years ago, even 30 years ago, that may have been more true.
But not today. EVERYTHING is controlled electronically, many systems don't have anything resembling a mechanical linkage. It isn't a matter of a few microcontrollers, because JD is strict about every single component being digitally authenticated in their fight against farmers replacing parts. JD has lead the way in lockouts. If you think Apple parts are bad this way --- you can't even swap iPhone screens between two devices because each screen must match the digital signature --- JD is even more strict. Any parts replaced require both dealership involvement and remote verification with corporate before the individual parts will unlock.
The Russian thieves might be able to replace a few parts on existing tractors, but the vast majority of parts, probably around 80% or maybe more, will be useless. There is no way to get them running in the current tractors, and the digital lockouts will prevent using the new parts in old tractors. The maybe 15-20% of parts they can still will certainly get some money as stolen goods always do, but overall they're useless in their intended purpose. They may be able to salvage air filters, glass windows, seats, and some metal frame parts, but anything more advanced is locked down hard.
Re: (Score:2)
I don't think some of these commenters comprehend how many moving parts there are to equipment like this. It wouldn't be replacing even a few dozen solenoids but hundreds or even thousands. They don't seem to get that even farm equipment can get pretty complicated. That doesn't mean some Russian hackers won't figure out how to throw it into debug mode and disable the lockout but the whole point is making it so that its not worth anyone's time to do so.
Am I the only one looking at this and seeing how desper
Re: (Score:2)
Agreed.
This isn't "swap out a few parts". To make these usable it would require replacing THOUSANDS of microcontrollers, each programmed for their own tasks. Using them for parts in the more traditional sense, every single one of them would need modification as JD has locked down EVERYTHING.
Every electronic component is digitally programmed and ALL of them are locked down. You cannot swap out a conveyer as a system because the conveyer is digitally signed. You cannot replace control systems, or intake se
Re: (Score:2)
Why would you assume they were desperate for food?
The Russians are well documented committing a number of serious war crimes on a regular basis, looting is barely worth a footnote. It's not like American troops stole all sorts of German, etc. art and jewelry during WWI/II because they were desperate for art - they stole it because it could be easily converted to cash.
Re: (Score:2)
Am I the only one looking at this and seeing how desperate Russians and Chechens are for food?
This would be the "fuck around and you will definitely find out" aspect to this "special military operation." Remember, the brain trust in the Kremlin thought this thing would be over in days, and everyone would get back to work and start tilling the fields.
They fucked around, and now they are finding out.
Re: (Score:2)
I suspect it's a bit more than that - you can't just change the source of the signal to the valve solenoid, because the valve, solenoid, and solenoid controller are all in a tightly integrated package that will only accept signals from a properly authenticated source.
So you can't just replace the digital control system with a bunch of switches, you have to also replace all the hydraulic valves, etc. throughout the entire system with "dumb" versions. And then you have to hope than none of the mechanical asp
Re: Wonder if they can get the hardware working... (Score:2)
Someone doesn't know about John deere tractors.
Think apple iphones are lockrd down? At least the battery can be changed. Apple is jealous of how tightly john Deere tractors are. You need factory prenission to remove the battery and put a charger on it.
Re: (Score:2)
Not any more. Modern diesels won't start without the ecu. Modern tractors have canbus and computers throughout. Deere has critical parts rigged to not work together without the use of proprietary and distribution controlled software to 'introduce' the parts.
Re: (Score:2)
It's not proprietary for the most part. The protocols are ISO standard, down to the icons displayed.
It has to be that way so implements from other manufacturers can be attached and work correctly.
Lockout and handshaking is defined in the ISO standards, as would be expected.
Compliance to these standards is mandatory for selling internationally, and also just good business.
Re: (Score:2)
Just because there's a standard, doesn't mean that there isn't very high hurdles to doing what you want to do. TLS is a standard too, but TLS-encrypted payloads are still secure.
They can publish specs for interoperability of implements so that you can hook up someone else's drill to your tractor, but that's a far cry from getting the tractor to start, get in gear, actually drive, and actually engage the implement you have attached - all of that control is John Deere proprietary and locked up like Fort Knox
Re: (Score:2)
The protocols are open, the software that authenticates and tells the parts to work together is not.
You speak english and I speak english. That doesn't mean I can use your ATM card.
Re: (Score:2)
Yeah, because I'm sure you're an engineer at John Deere and know what you're talking about, Mr. Anonymous Coward.
You know that because they build the whole fucking thing, and because they have no problem with screwing their actual customers a little bit in order to protect their money grubbing, they can make sure that the computerized part is absolutely necessary for operation, right? As in, bypassing the proper software and timing of large powerful equipment while doing what it does, it could potentially
Re: (Score:2)
Wonder if they can find a bypass. China has a master key that can read all flashed firmware, even with eFuses blown to prevent reading after a write, so they might just ask their buds over there for an unlock or DRM-free firmware.
Of course, it would be justice to have some type of logic bomb to do something like muck with the engine and transmission's configuration, to cause it to throw rods and throw first and second gear out of the bell housing.
Nah. John Deere has some pretty capable Embedded Engineers. They already have self-driving tractors, and now that that is actually starting production, I'm sure they will soon have autonomous farm equipment of several types.
https://www.cnet.com/tech/mobi... [cnet.com]
https://www.southernliving.com... [southernliving.com]
All they need is the Firmware in External Flash, and the "Remote Disable" simply Torches the Encryption Key.
Have fun getting the engine and transmission controllers to run with noise instead of software!
Re:Wonder if they can get the hardware working... (Score:5, Funny)
John Deere has some pretty capable Embedded Engineers. They already have self-driving tractors, and now that that is actually starting production,
It'd be hilarious if they could remote-drive these back to Ukraine.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Those engineers should be working for Tesla if they could do that.
What's so hard?
Mis-enter the password 10 times to an iPhone, iPad or Mac that has the Anti-brute-force feature turned on, or that has been "Remote Wiped", and see for yourself just how effective and simple that method truly is.
Re: (Score:2)
Would be hilarious, but I'd rather the engineers spend their time on something with a higher probability of success. If they can get them to download an update, I'd like to see the hardware not simply disabled, but literally destroyed to the maximum extent possible by trying to run everything in out-of-spec conditions (excessive RPM, excessive temperatures, excessive currents, etc). Akin to how Iran's centrifuges were destroyed.
Re: (Score:2)
They may want them back after the war. A tractor can easily cost $100,000, and Ukraine farmers with a sense of history are well aware of what can happen when Russian invaders screw up the year's crops. Look up the Holodomor, and the resulting cannibalism, from the Russian invasion of Ukraine in 1932.
Re: (Score:2)
They may want them back after the war.
That's almost certainly never going to happen. If the war ends with Ukraine still in existence, Ukraine would have to specifically include returning them in the peace agreement, and there will be far more important concessions to wring from Russia. If Russia wins (which seems vanishingly unlikely), then the whole question is moot.
Look up the Holodomor, and the resulting cannibalism, from the Russian invasion of Ukraine in 1932.
No way anything like that is going to happen if Russia is ejected. The west will supply food, and/or tractors, as needed.
Re: (Score:2)
Was going to post along these lines myself. The newbs (and/or propaganda-heads) still seem to think that efuses can be magically unblown. If you know anything about circuit design, once a line is blown in this manner, it is very much a permanent problem. There may still be some magic back door via the running software, but that assumes the software still launches at all - if you blow the fuse that allows the software to start, then it's time to break out the electron microscope to read the bits physically f
Re: (Score:2, Insightful)
Almost none of the microcontrollers are made in China. They're made in other places, like Taiwan, and shipped to China where board assembly is done.
Source: am firmware engineer.
Re: (Score:3)
Wonder if they can find a bypass. China has a master key that can read all flashed firmware, even with eFuses blown to prevent reading after a write, so they might just ask their buds over there for an unlock or DRM-free firmware.
Of course, it would be justice to have some type of logic bomb to do something like muck with the engine and transmission's configuration, to cause it to throw rods and throw first and second gear out of the bell housing.
You are a moron.
No such thing as a "Master Key" like you describe.
Besides, Everybody knows that only the Jewish Space LASERs can be used to read Protected Microcontroller Firmware!
There's a bypass. Plot twist - it's Ukrainian (Score:2)
https://www.vice.com/en/articl... [vice.com]
To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums.
Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform "unauthorized" repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time.
...
"If a farmer bought the tractor, he should be able to do whatever he wants with it," Kevin Kenney, a farmer and right-to-repair advocate in Nebraska, told me.
"You want to replace a transmission and you take it to an independent mechanic - he can put in the new transmission but the tractor can't drive out of the shop.
Deere charges $230, plus $130 an hour for a technician to drive out and plug a connector into their USB port to authorize the part."
"What you've got is technicians running around here with cracked Ukrainian John Deere software that they bought off the black market," he added.
Re: (Score:2)
Great. Now you have a running engine. Only a couple hundred more systems on a typical combine harvester to figure out and reverse engineer.
But you know what? The wheat won't wait for you to spend months (or years) reverse-engineering the harvester's DRM locks so that it actually harvests wheat without tearing itself apart.
Re: (Score:2)
It's the ghost of Kiev that locked farm equipment. He came back from death to sabotage Right to Repair.
Offtopic. Flamebait. Troll.
Re: (Score:2)
Offtopic, bitter, emotionally unstable
Even more Offtopic.
Re: (Score:2)
You need to check your logic processor. The Ghost of Kiev was a fake spawned by the Ukranian ministry of propaganda, Just Like This Article. Analogy completely On-Topic.
Thanks for Outing yourself, Comrade!