Finally We Can Watch The Deere Cracking Def Con Talk

A few weeks ago, some tantalizing social media posts emerged from a Def Con talk, in which [Sick Codes] broke into the screen control unit for a John Deere tractor live on stage, and proceeded to play a special Deere-themed DOOM level upon it. At the time there was nothing more to go on, but we’re pleased to find out that the whole talk has been put online.

The talk starts with an introduction to the topic, to the basics of the control units within the machine and to the various different ages of Deere screen unit. We find that the earlier machines, which are still at work on farms worldwide, rely on outdated Windows CE versions, though the very latest screens run a Linux variant.

It’s one of these last screens to which he turns his attention, and we’re treated to an in-depth look at some of its secrets. After a lot of dead ends and learning exercises the final result is distilled into a pogo pin adapter for the hardware part, and a simple enough cron job to bypass one of Deere’s defenses by keeping the filesystem writable so a file can be updated. There’s a bit more detail about the special DOOM level too, as a special bonus.

You can see our original mention of this talk, or read some of our past Deere coverage.

Continue reading “Finally We Can Watch The Deere Cracking Def Con Talk”

Youtube-dl Makes Their Case, Returns To GitHub

Last month, the GitHub repository for the popular program youtube-dl was taken down in response to a DMCA takedown notice filed by the Recording Industry Association of America (RIAA). The crux of the RIAA complaint was that the tool could be used to download local copies of music streamed from various platforms, a claim they said was supported by the fact that several copyrighted music files were listed as unit tests in the repository.

While many believed this to be an egregious misrepresentation of what the powerful Python program was really used for, the RIAA’s argument was not completely without merit. As such, GitHub was forced to comply with the DMCA takedown until the situation could be clarified. Today we’re happy to report that has happened, and the youtube-dl repository has officially been reinstated.

Represented by the Electronic Frontier Foundation, the current maintainers of youtube-dl made their case to GitHub’s DMCA agent in a letter this afternoon which explained how the tool worked and directly addressed the issue of copyrighted videos being used as test cases in the source code. They maintain that their program does not circumvent any DRM, and that the exchange between the client and server is the same as it would be if the user had viewed the resource with a web browser. Further, they believe that downloading a few seconds worth of copyrighted material for the purpose of testing the software’s functionality is covered under fair use. Even still, they’ve decided to remove all references to the songs in question to avoid any hint at impropriety.

Having worked closely with the youtube-dl developers during this period, GitHub released their own statement to coincide with the EFF letter. They explained that the nature of the RIAA’s original complaint forced their hand, but that they never believed taking down the repository was the right decision. Specifically, they point out the myriad of legitimate reasons that users might want to maintain local copies of streamed media. While GitHub says they are glad that this situation was resolved quickly, they’ll be making several changes to their internal review process to help prevent further frivolous takedowns. Specifically the company says they will work with technical and legal experts to review the source code in question before escalating any further, and that if there’s any ambiguity as to the validity of the claim, they’ll side with the developers.

The Internet was quick to defend youtube-dl after the takedown, and we’re happy to see that GitHub made good on their promises to work with the developers to quickly get the repository back online. While the nature of open source code meant that the community was never in any real danger of losing this important tool, it’s in everyone’s best interest that development of the project can continue in the open.

Community Rallies Behind Youtube-dl After DMCA Takedown

At this point, you’ve likely heard that the GitHub repository for youtube-dl was recently removed in response to a DMCA takedown notice filed by the Recording Industry Association of America (RIAA). As the name implies, this popular Python program allowed users to produce local copies of audio and video that had been uploaded to YouTube and other content hosting sites. It’s a critical tool for digital archivists, people with slow or unreliable Internet connections, and more than a few Hackaday writers.

It will probably come as no surprise to hear that the DMCA takedown and subsequent removal of the youtube-dl repository has utterly failed to contain the spread of the program. In fact, you could easily argue that it’s done the opposite. The developers could never have afforded the amount of publicity the project is currently enjoying, and as the code is licensed as public domain, users are free to share it however they see fit. This is one genie that absolutely won’t be going back into its bottle.

In true hacker spirit, we’ve started to see some rather inventive ways of spreading the outlawed tool. A Twitter user by the name of [GalacticFurball] came up with a way to convert the program into a pair of densely packed rainbow images that can be shared online. After downloading the PNG files, a command-line ImageMagick incantation turns the images into a compressed tarball of the source code. A similar trick was one of the ways used to distribute the DeCSS DVD decryption code back in 2000; though unfortunately, we doubt anyone is going to get the ~14,000 lines of Python code that makes up youtube-dl printed up on any t-shirts.

Screenshot of the Tweet sharing YouTube-dl repository as two images

It’s worth noting that GitHub has officially distanced themselves from the RIAA’s position. The company was forced to remove the repo when they received the DMCA takedown notice, but CEO Nat Friedman dropped into the project’s IRC channel with a promise that efforts were being made to rectify the situation as quickly as possible. In a recent interview with TorrentFreak, Friedman said the removal of youtube-dl from GitHub was at odds with the company’s own internal archival efforts and financial support for the Internet Archive.

But as it turns out, some changes will be necessary before the repository can be brought back online. While there’s certainly some debate to be had about the overall validity of the RIAA’s claim, it isn’t completely without merit. As pointed out in the DMCA notice, the project made use of several automated tests that ran the code against copyrighted works from artists such as Taylor Swift and Justin Timberlake. While these were admittedly very poor choices to use as official test cases, the RIAA’s assertion that the entire project exists solely to download copyrighted music has no basis in reality.

[Ed Note: This is only about GitHub. You can still get the code directly from the source.]

DMCA Vs Hacker

This week featured a large kerfuffle over a hack that you probably read about here on Hackaday: [Neutrino] wedged an OLED screen and an ESP32 into a Casio calculator. REACT, an anti-counterfeiting organization, filed DMCA copyright takedowns on Casio’s behalf everywhere, including GitHub and YouTube, and every trace of [Neutrino]’s project was scrubbed from the Internet.

The DMCA is an interesting piece of legislation. It’s been used to prevent people from working on their tractors, from refilling printer ink cartridges, and to silence dissenting opinions, but it’s also what allows us to have the Internet that we know and love, in a sense.

In particular, the “safe harbor” provision absolves online platforms like YouTube and GitHub from liability for content they host, so long as they remove it when someone makes a copyright claim on it. So if a content owner, say Casio, issues a takedown notice for [Neutrino]’s GitHub and YouTube content, they have to comply. If he believes the request to be made in error, [Neutrino] can then file a counter-notice. After ten to fourteen days, presuming no formal legal action has been taken, the content must be reinstated. (See Section 512(g).)

cardboard cnc machineBoth the takedown notice and counter-notice are binding legal documents, sworn under oath of perjury. Notices and counter-notices can be used or abused, and copyright law is famously full of grey zones. The nice thing about GitHub is that they publish all DMCA notices and counter-notices they receive, so here it is for you to judge yourself.

Because of the perjury ramifications, we can’t say that the folks at REACT who filed the takedown knowingly submitted a bogus request in bad faith — that would be accusing them of breaking federal law — but we can certainly say that it looks like they’re far off base here. They’re certainly not coders.

The good news is that the code is back up on GitHub, but oddly enough the video describing the hack is still missing on YouTube.

But here’s how this looks for Casio and REACT: they saw something that was unflattering to a product of theirs — that it could be used for cheating in school — and they sent in the legal attack squad. If that’s the case, that’s rotten.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.

Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast 069: Calculator Controversy, Socketing SOIC, Metal On The Moon, And Basking In Bench Tools

Hackaday editors Mike Szczys and Elliot Williams march to the beat of the hardware hacking drum as they recount the greatest hacks to hit the ‘net this week. First up: Casio stepped in it with a spurious DMCA takedown notice. There’s a finite matrix of resistors that form a glorious clock now on display at CERN. Will a patio paver solve your 3D printer noise problems? And if you ever build with copper clad, you can’t miss this speedrun of priceless prototyping protips.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 069: Calculator Controversy, Socketing SOIC, Metal On The Moon, And Basking In Bench Tools”

DMCA Takedown Issued Over Casio Code That Wasn’t

Earlier this month, we posted coverage of an ingenious calculator hack that took a Casio calculator and put an ESP8266 module and an OLED display in the space occupied by its solar cell. Controlled by a pair of unobtrusive Hall effect devices, the calculator could have been used as an ingenious cheating device but was to us the epitome of a well-executed hack. We may have liked it but it seems the folks at Casio didn’t, because they’ve issued a DMCA takedown notice for the project’s GitHub repository.

Editor’s Update: [Tom Fleet] reports that GitHub has completed the DMCA review and found the code repo does not infringe on Casio’s IP. However, it appears the copyright claim on the YouTube video has not been resolved and that video remains unavailable. However, that video is still available on the Internet Archive.

This is a picture of Barbra Streisand, who might almost be the patron saint of unintended consequences. Unknown author / Public domain
This is a picture of Barbra Streisand, who might almost be the patron saint of unintended consequences. Unknown author / Public domain.

We’re not lawyers, but if you’d care to visit our original coverage and watch the video in full, you’ll see that the ESP does not in any way tap into the calculator’s functions. The epoxy blob over the Casio processor is intact and no wires connect to the calculator mainboard, so it is difficult to imagine how any Casio code could have found its way into a repository full of ESP8266 code for the Arduino IDE. A quick search for “Hack-Casio-Calculator” on GitHub, at the time of publishing, turned up the relevant code despite Casio’s takedown, and we can’t see what they’re on about. Maybe you can?

Over the years there have been many attempts to use the DMCA on projects in our community. Some have been legitimate, others have been attempts to suppress exposure of woeful security, and still more have been laughably absurd. This one seems to us to edge into the final category, because it is difficult to see how the project described could contain any Casio code at all. It would be entirely legitimate to  issue a DMCA takedown had the epoxy blob been removed and Casio’s code been retrieved from the calculator chip (and we’d certainly cover that story!), but as far as we can see taking a scalpel to a calculator’s case and stuffing a module behind the solar panel window does not come close.

It’s evident that Casio do not like the idea of one of their calculators being turned into a cheating device, and we understand why that might be the case. But to take the DMCA route has served only to bring more publicity to the affair, and those of us with long memories know that this can only lead to one conclusion.

Thanks [Tom] and others for the tip.

DMCA Review: Big Win For Right To Repair, Zero For Right To Tinker

This year’s Digital Millennium Copyright Act (DMCA) triennial review (PDF, legalese) contained some great news. Particularly, breaking encryption in a product in order to repair it has been deemed legal, and a previous exemption for reverse engineering 3D printer firmware to use the filament of your choice has been broadened. The infosec community got some clarification on penetration testing, and video game librarians and archivists came away with a big win on server software for online games.

Moreover, the process to renew a previous exemption has been streamlined — one used to be required to reapply from scratch every three years and now an exemption will stand unless circumstances have changed significantly. These changes, along with recent rulings by the Supreme Court are signs that some of the worst excesses of the DMCA’s anti-circumvention clause are being walked back, twenty years after being enacted. We have to applaud these developments.

However, the new right to repair clause seems to be restricted to restoring the device in question to its original specifications; if you’d like to hack a new feature into something that you own, you’re still out of luck. And while this review was generally favorable of opening up technology to enable fair use, they didn’t approve Bunnie Huang’s petition to allow decryption of the encryption method used over HDMI cables, so building your own HDMI devices that display encrypted streams is still out. And the changes to the 3D printer filament exemption is a reminder of the patchwork nature of this whole affair: it still only applies to 3D printer filament and not other devices that attempt to enforce the use of proprietary feedstock. Wait, what?

Finally, the Library of Congress only has authority to decide which acts of reverse engineering constitute defeating anti-circumvention measures. This review does not address the tools and information necessary to do so. “Manufacture and provision of — or trafficking in — products and services designed for the purposes of circumvention…” are covered elsewhere in the code. So while you are now allowed decrypt your John Deere software to fix your tractor, it’s not yet clear that designing and selling an ECU-unlocking tool, or even e-mailing someone the decryption key, is legal.

Could we hope for more? Sure! But making laws in a country as large as the US is a balancing act among many different interests, and the Library of Congress’s ruling is laudably clear about how they reached their decisions. The ruling itself is worth a read if you want to dive in, but be prepared to be overwhelmed in apparent minutiae. Or save yourself a little time and read on — we’ve got the highlights from a hacker’s perspective.

Continue reading “DMCA Review: Big Win For Right To Repair, Zero For Right To Tinker”