Hacker jailbreaks control unit that stops farmers repairing their tractors, then runs Doom on it

A Doom farming mod.
(Image credit: Sickcodes)

A recent thread in tech news has been BMW's move towards nickel-and-diming owners of its cars with microtransactions, a move so popular that BMW software hacks are now available. This is a shard of a wider debate about modern technology which, from cars to iPhones, has in many cases been trending towards locking the user out of the internals of something they apparently own. This is most relevant when it comes to the right to repair old equipment without having to involve the original manufacturer (and of course pay an inflated fee for the privilege).

While the mainstream reacted with disgust to the BMW stuff, anyone who's ever been near a farm probably wasn't so surprised: farming equipment has been screwing them like this for decades. The biggest firm in the agricultural manufacturing field is John Deere, which makes all kinds of machinery that runs on the company's proprietary software: which both monitors farmers extremely closely and force them to involve John Deere whenever there's a problem. These tractors are designed so that farmers can't fix problems themselves.

This is on one level a nasty monopoly practice, but the implications of it are much wider. There's the simple fact that a huge amount of the world's food supply depends on John Deere equipment, and so any large-scale software problems could be catastrophic. John Deere itself might not have any plans to do such a thing, but then again it did recently show it could 'brick' Ukrainian farming equipment stolen by the Russians. The scarier prospect is that so much of the farming industry depends on John Deere keeping its systems secure from bad actors.

Most farmers, meanwhile, would probably much prefer a world where they could maintain their own machinery and not have to pay engineers to come out and tap a few commands on a tablet. Tough cheese, cheesemakers!

The company's various rationales for its big closed system contains some ridiculous arguments, including that farmers don't own these tractors but license them, and that locking farmers out is for their own good.

Needless to say the John Deere system has attracted some white hat attention, and Australian hacker Sickcodes recently gave a presentation during the security event Defcon, held at Caesar's Forum in Las Vegas, where to audience cheers they executed a jailbreak on the control unit of a John Deere tractor. Then, they demonstrated their control of the system by playing a special farm-modded version of Doom on the hardware.

The Doom flourish is lovely, and came about thanks to help from Doom modder Skelegant

Blasting through fields aside, the implications of this hack could be seriously big within the agriculture industry. One attendee of the talk was prominent tech thinker Cory Doctorow, who subsequently wrote:

"While it's true that the John Deere tractor monopoly means that defects in the company's products could affect farms all around the world, it's also true that John Deere is very, very bad at information security:"

Essentially John Deere has the entire agricultural industry by the short-and-curlies, justifies this with dubious claims about why the status quo it has constructed is essential, and has power over farmers that it has no right to hold. As the Ukrainian incident showed, and as Doctorow pointed out at the time, "this meant that anyone who could hack John Deere's system could brick any tractor—including, say, the Russian military's hacking squads."

Another attendee at the talk was right-to-repair advocate Kyle Wiens, who pointed out that John Deere's control unit is built on outdated and unpatched systems:

"John Deere has repeatedly told regulators that farmers can't be trusted to repair their own equipment," writes Wiens. "This foundational work will pave the path for farmers to retake control of the equipment that they own."

The jailbreak developed by Sickcodes is not remote, but requires physical access to the equipment. Regardless of hacks, however, John Deere is also facing serious government and regulatory pressure. The European Union announced earlier this year it was establishing a right to repair principle, while some US states have already passed their own right-to-repair laws: the pressure resulted in the company announcing this March that it would widen access to repair tools.

So: this hack runs Doom, and also has potentially enormous consequences for agribusiness: or, at the very least, for farmers who've had enough of John Deere's practices. Among Sickcodes' many findings were that the control system was sending huge amounts of data back to John Deere (once he had admin access, the unit tried to send 1.5GB of data), various security backdoors including one enabled through placing an empty text file on the drive, and John Deere's apparent reliance on open source software that may not be being used appropriately under its licensing terms.

Sickcodes says he's working on an easier method for executing the hack, as his demonstration was pretty involved, in order that more farmers can make practical use of this thing.

Rich Stanton
Senior Editor

Rich is a games journalist with 15 years' experience, beginning his career on Edge magazine before working for a wide range of outlets, including Ars Technica, Eurogamer, GamesRadar+, Gamespot, the Guardian, IGN, the New Statesman, Polygon, and Vice. He was the editor of Kotaku UK, the UK arm of Kotaku, for three years before joining PC Gamer. He is the author of a Brief History of Video Games, a full history of the medium, which the Midwest Book Review described as "[a] must-read for serious minded game historians and curious video game connoisseurs alike."

Read more
Geralt thumbs up
2024 was the year gamers really started pushing back on the erosion of game ownership
Driving through the rain
I paid money to drive a real car that filled up with fumes when I didn't pump the pedal, and it's all because I loved Jalopy
A view over a peaceful looking Minecraft farm, boasting fields of crops.
It's been a big year for factory sims, but instead of getting a degree in engineering, I've decided to go back to where it all started for me: modded Minecraft
Various creations in Minecraft, including computers and calculators.
This Minecraft creation blots out the sun for the villagers below, they surely praise it as God, but we know it really to be a functioning 32-bit computer with 2 kB of RAM
Count Dooku Force-lightnings an enemy in Star Wars: Battlefront Classic Collection.
Too many games released busted, broken, and basically in early access this year—it's time for it to stop
Commodore 64 keyboard and tape player
A small doughnut shop in Indiana is still using Commodore 64s as register systems, 42 years after their initial release
Latest in Gaming Industry
Gabe Newell in a Valve promotional video, on a yacht.
Go ahead and complain the discounts aren't as steep as they used to be, but Steam just had its biggest year ever for seasonal sales
Pirate Bay co-founder Carl Lundstrom
Pirate Bay co-founder and far-right politician found dead after plane crash
Flag of Saudi Arabia
Saudi Arabia buys Pokémon GO maker for $3.5 billion with a 'B'
Vice President, Games at Netflix Mike Verdu speaks onstage during TechCrunch Disrupt 2022 on October 18, 2022 in San Francisco, California
4 short months after saying 'We'll have to adapt and change', Netflix's AI games VP adapts and changes into a person who isn't working there anymore
Astarion, a beautiful vampire spawn in Baldur's Gate 3, looks dubiously at the player character.
'What do you mean real actors?': Astarion's VO, who shared an awards category with Idris Elba after Baldur's Gate 3, remembers the dark ages of mocap
Yoda Luke and R2 in Lego form.
Lego is going to make its videogames in-house from now on, says it would 'almost rather overinvest'
Latest in News
A photo of an Intel Core Ultra 9 285K processor surrounded by DDR5 memory sticks from Corsair, Kingston, and Lexar
Fresh leak suggests Intel's on-again-off-again Arrow Lake CPU refresh is back on the menu (boys)
A Colorful RTX 5080 and its box
Three lucky folks in India can win the dubious honour of buying an RTX 5080 GPU at Nvidia MSRP
The Facebook 'Like' emoji logo is seen in this photo illustration on 22 August, 2023 in Warsaw, Poland. (Photo by Jaap Arriens/NurPhoto via Getty Images)
Get ready to argue with your weird Uncle on Facebook again. Meta is rolling out its new fact checking solution to it's 190 million users in the United States
Gabe Newell in a Valve promotional video, on a yacht.
Go ahead and complain the discounts aren't as steep as they used to be, but Steam just had its biggest year ever for seasonal sales
Valve Steam Deck OLED handheld PC
'The future of hardware at Valve is bright': Valve celebrates the success of Steam Deck and Steam OS
Key art of the videogame Lunacid, showing a pale, long haired knight in purple armor contemplating a purple, flaming sword surrounded by the different phases of the moon.
One of my favorite indie RPGs is getting a follow-up made with FromSoftware's 25-year-old Super Mario Maker for first person dungeon crawlers