In US it would be coded to break down after one million miles instead of kilometers. That’s why US trains are more reliable.

The funny thing is, Newag has released a statement where they claim that their trains must have been hacked and tampered with, denying all the responsibility for the software locks. My theory is, they just do not want to admit that they lack the skills in constructing IF statements.

18:26 > call the repair team because of a train malfunction > the repairman arrives > he enters the pilot's cabin and input the Konami code > refuses to elaborate > leaves > the train start running again

As a Pole, listening to Prime attempting to pronounce Polish names is absolutely hilarious

Just to add info - it is propably not the skill issue, nor the "bad if statement" but it was popably an illegal backdoor making the company to have monopoly for servicing the trains - now polish prosecutors are saying - quote: (translation) "Our findings indicate intentional interference with the software and the introduction of blockades that immobilized vehicles for many days" And if it weren`t for the Dragon Sector hackers propably all repair contracts with other companies would be broken (as it was supposed to be) and Newag (manufacturer) would get the repair deal $$$

The best part, the train broke again on Dec 21, only to fix itself magically on Jan 1, because of the if statements skill issue. It breaks precisely from Nov 21 to Dec 1, and Dec 21 to Jan 1, every year.

The guys also gave a presentation at 37C3, what I gather is the German rival to DEF CON 31, with more salient details and answers to audience questions: kzbin.info/www/bejne/jqPPo5WcfL-iaM0

29:35 this one is CLEARLY malicious as well. He completely missed the fact that software was programmed to artificially report a fault on a specific date, even when hardware was perfectly fine. Like, idk, if iPhone would artificially lower your battery life after exactly 3 years? The problem was not that the if statement was badly written, but that such condition was created in the first place.

I think the EU's right to repair laws are applicable here. This should be very illegal by the train manufacturer.

I think you missed the point of the date-skill issue. That was absolutely sabotage. The train was clearly intended to break down on the day it was scheduled for its next maintenance and it only materialize exactly one year late due to a skill issue of the programmer (not accounting for all cases when comparing dates).

The train running for a whole extra year because of an IF statement skill-issue and lucky timing is just so funny

29:02 whatever excuse you could come up for needing to lock the train doesn't matter -> the manufacturer never told anyone about the conditions, even while this was going on and in the national news, thus it was obvious intentional sabotage

just to add one more tidbit: this should be a serious security concern for governments. imagine if this were reverse engineered by hostile governments in wartime and a remote signal set the time in the internal system to the killswitch time? this is why we can't have remote killswitches in anything as critical as a car or train

"What's the millimeter, is that like an inch?" - that statement shook me to my core

Trains are critical infrastructure so under Polish law incapacitating trains is legally considered treason. One of the highest crimes.

"What's a millimetre, is that like an inch?" American education system at its finest...

In europe we have specific laws that prohibit monopolistic behaviour, I'm sure they can find grounds for a lawsuit.

Finding the root cause of this is truly a miracle... I'd just quit programming if I'm to investigate this monstrosity

Follow up: in PL parliament there is a commission responsible for investigation of this case of Newags' breaking trains. DS created ~50 minutes presentation about this case for commission, Newag created counter presentation. Their representatives were talking for ~1,5h about third-party servicing companies not cleaning toilets properly and did not provide the answer on how GPS checking statements appeared in trains' software. Commission members were clearly pissed off by Newag representatives.

Now the train manufacturer is sueing the hackers. Absurd.

Two options: Either this lock was put in as a weak safeguard of the software IP, so it stops working if a competitor gets its hands on it for "too long", but I kind of doubt this. Or more likely to maliciously get rid of competition for the service and maintenance contracts, which often has way better margins compared to manufacturing and delivering the actual hardware. Source: work with similar stuff, but on water instead of rails.

wtf is wrong with chat trying to defend this behavior "if you dont get maintenance, people might get hurt" - the trains broke when they tried to maintain them. the train was basically sabotaged to break when it was being maintained... like how does that make sense?

out of all the places they could put them, they put the intern on the secret sabotage code

At least their try/catch skills are better than their IFs. They tried, and got caught.

Lock after 10 days means lock if maintenance is happening. It will always take more than 10 days due to nature of work performed and multiple 3rd parties involved.

"Imagine you are so bad at constructing IF statements that the police got called" made me laugh so hard hahahaha

Funny seeing americans seeing other's country measurement standards. Showing the good ol' "WTF IS A KILOMETERR" vibes right now.

And to add % that they did it, here few things u missed: - they changed codes (this one in control room where u pushed buttons in right sequence like in gta) after ppl discovered it - code isn't possible to download from board - if somebody would change assembly it would leave SO MANY trails and none was found - a lot of "bad things" didn't found place on 20K book (it was too short!) - if somebody would change this things (externally but while having source code) he wouldn't made such easy mistakes like writing GPS coordinates without encryption (it's littelary 3 lines of code) - all of changes were in favour of producent of code And idea that is was just a mistake/old parts of firmware is so dumb i don't even will give any argument against it.

There was a a parliamentary hearing about this matter, and NEWAG's layers didn't respond to this evidence at all. Instead, they've shown a presentation with pictures of badly done train maintainance saying "these are our trains serviced in third party repair shops". There were a few pictures of messy clean interiors, and a few of dirty and open toilets. The only thing they've said about these if conditions that break the trains was "train software was illegally interfered with, and it wasn't done by us, we've informed the law enforcement". What's funny is that there was one train that one train operator actually brought to NEWAG for maintenance, but its software was earlier dumped by the researchers, and after NEWAG given back the train they dumped the software again and found NEWAG did a software update which included additional train lock conditions. They're not getting out of this one.

The directors of Newag need to be arrested and made to face trial. This is criminal on so many levels

Update from janurary 2024 : polish parliament itself started an investigation, Newag stock is took a 10% hit (and it just started)

Prime pronouncing "Polska" is everything

That's a beauty of government contracting. You can't scam polish government without having uncle there because they'll contract whomever gives lower price and you already know we have those nerdy basement guys that will fix anything for a dime and a half

"There is extra thing hanging out of e" 🤣

train maintenance is like aeroplane maintenance. you have schedules for parts checking / replacements. you dont wait for them to fail.

Polska ogląda Primeagena

They had a panel/talk on C3 2024. Its called hacking polish train drm i think

You're still missing the context that the first trains to break down had Over The Air firmware updates days after the Lower Silesian Railway - SPS maintenance contract was signed...

Gotta love how my country is one of those that get mentioned only when something insane has happened, or WW2 is brought up

As a person from Poland i love watching people from other countries try to read polish names of citis or names or surnames.

the way he read "Wroclaw" made my day 🤣

We polish find it really funny to listen to foreigners trying to pronounce polish names :D

Just imagine another skill issue kicking in during full speed ride on one of the Newag trains. It just f-ing dangerous. Authorities should make this case an examplary one for other companies, just to warn them. But we all know nothing like that happens in the foreseeable future.

I imagine Louis Rossman would have a conniption fit if he read this article. Boy is that dystopian

As someone who loves trains and computer science, this is the perfect article that tickles my brain.

There's also some really scummy stuff with HP locking out printers for a variety of ridiculous reasons.

These are clearly back door kill switches lol Based on the statement that all the trains had slightly different software, I expect the date check is a "custom" build where they just slapped in a date they felt like it should come in for "repairs" $$$$$

"American mind can not even comprehend this" - haha! The Wild West was not where you think it was Mr @ThePrimeAgen The Wild West was, is and will be to the East from NY

The name is the PooSeeTheStroy-agen

I've heard of other companies like Apple and John Deere that do things like this, too. Although not to this extent. They will disable your product if you attempt to repair it with 3rd party parts. Or if 3rd party tools are used.

Honesly, the only reason we learn of this, is because the train manufacturer, went all out. If they didn't block the trains, when serviced at ALL possible alternative repair shops, no one would had learned thar there is code for planned failure.

Those ifs probably looked better in code, that's how they look like after removing all the abstraction.

Imagine that train stops for 10+ days to get graffiti cleaned. Rag and soap used on windows break computer.

the worst part ? The issue was present when train came out of factory . Till train is shut down and battery reach a low enough treshold or when train is improperly started sequence of starting is not followed . Nothing is easy to fing aside from engine noise

What's crazy is soon cars and parts of smart houses are going to have these vendor locks if they don't already 😮

There were laws for this. The tender that was won by SPS obligated Newag to pass on everything they had, including full documentation of software to SPS so they can maintain the trains. They clearly didn't, so they broke the original contract they made with Silesian Railways they signed when they sold the trains in the first place. This also touches a bigger problem, as trains in Poland (and many European countries) are considered a strategically important resource (think - natural disasters and war). This not only goes under industrial sabotage but also potentially under those more treason-y laws. Also - Newag doesn't sell exclusively in Poland. They sell trains and trams to other countries too. :')

Remember Toyota’s random acceleration? Was accel by wire and caused by Malloc errors of C code. Proven in court.

What a rollercoaster these train shenanigans

22:57 narrator: He did in fact not take out the accidental re-read (I'm assuming because the cut would be really obvious and to give us more chances to laugh at your expense ;))

This sounds like a case of the all too common, right to repair issue, the train operator went with another company for maintenance because they were cheaper than the manufacturer, the manufacturer has placed locks in the code to tie replaced devices to serial numbers, maintenance time bombs to force a maintenance event and associated fees, etc.

Love from Lower Silesia, Poland ❤

It's so frustrating watching a manlet being deliberately obtuse "bUT hOW cAN iT bE fInE iF iT dOeSn'T wOrK?"

That usage based shutdown clause for the train software reminds me of ink jet printers. Many manufacturers sell ink with authenication chips so that you cannot use 3rd party replacements. The cartridges have EEPROM or flash to keep track of usage, and will refuse to print once this count is exceeded, even if ink still exists in the cartridge. Also common in the medical industry with consumables.

I bet the dev who messed up with IF statements did that on purpose. From the manager's POV, everything looks good but the code never gets executed. Everyone is happy

For a moment I thought I'm imagining things when I saw a video thumbnail with Primeagen and Koleje Dolnośląskie train in the background xd

The chat had the worst copium on rather clear illegal action. Safety and maintenance, part expiration date my ass, you can look up ISO standards about safety and common practices in automation and machine engineering safety and you can't find "we lock the system by software if the product hits anyone else's maintenance location after we have lost the service deal". In fact the party ordering the trains needs to specify in the deal for safety features and they are well documented (especially if the documentation is 20 000 pages large to begin with) if it's legal practices. The locks hit to prevent the trains from running IF they went through maintenance (or stopped them from running in general), it did not lock them up until maintenance. Furthermore straight up locking the train is not safety practice, at worst if you lock the train while running, it can be a huge safety issue. The safety related parts surely have a schedule and it's on the company using the trains to take care of that (or they order the safety feature, not discover it when their products don't work). Part expiration date would not be critical neglection from the manufacturer especially when they are scheduled for maintenance. Or you do business in Poland and don't care to begin with as a manufacturer - definitely not the manufacturer's problem in either case. Also it makes zero sense to lock nearby maintenance facility like someone claimed. The very opposite, you are trying to make them running there if they aren't and it does not bring any safety or practicality if unknown software feature locks them up (anywhere except the product provider's facility). Kinda upsetting to read those comments.

The 22:00 Slack notification made me stand up to my computer to see what's up 😂😂

20:08 You don't know what a pantograph is? For goodness sake! There's even context here. 1. Part of the train's startup procedure. 2. The train is suppose to "raise" it! It's the boom arms that reach for sweet sweet electronics from the sky! lol

One or two of the things, MAYBE could be argued as test code that escaped. But I don't think the maintenance shop geofencing would remotely be argued as such a thing (what's the context you create where you'd need to test it specifically in that way???). And on top of that the sheer number of things that just make it break for nothing.

22:25 and then lil bro says he doesn't loose much focus by distracting for random questions 💀

My god, poo see the stroyer got me good hahhaahahahha

This honestly deserves a movie. What these hackers made such mind-blowing discoveries under insane time pressure, it sounds almost invented for cinema. Also there is absolutely no way vendor locking a product through means like this is legal. It is a conspiracy. In some jurisdictions, using proprietary parts and protocols might be legal and effectively mean the manufacturer has monopoly over maintenance. Planned obsolescence might be possible through intentionally faulty design. But in no economy would targeting specific market competition in your software, or setting up specific, undisclosed dates for malfunctions be allowed. Companies didn’t wait for the invention of software and computers to use tactics like this; they just paid someone to actually sabotage the train. This is not a right to repair -issue; This is fully fledged conspiracy. Just like you can’t hire goons to break your customer’s windows if they don’t renew a service contract, you can’t write software that secretly bricks a train to protect your market position either. There is a very clear difference between planned obsolescence and a conspiracy to directly cause obsolescence. What jurisdiction this falls under hardly matters.

on one hand when you're tight on time boarding a Polish train is a death wish... on the other sometimes there's no faster option and you just won't make it otherwise so you have to bet on it

The guy that did the reversed engineering is my teacher of RE at uni 😊

The real sabotage was the names Prime had to pronounce in this one

13:40 The train they took probably was late, because they started to dump the running train's firmware mid journey :)

If malicious, due to how much operating a railway system costs, the possible sentence in case of a criminal lawsuit could be stupidly nasty. I'll put fraudulently tampering with large scale public transport systems on my don't list 😎

This is 100% malicious

One of the best articles you've read, maybe on par with the a$$word article. Largely due to the great writing. It also reminded me a lot of Atlas Shrugged with all the trains breaking down.

Just by seing how you need to pay BMW a subscription to have your seat heatens, it's not hard to imagine that your car have similar code of those trains. after all we don't have spare polish hackers to find this out. That is just the old capitalism at it's best.

these people did a really good talk that was fun to listening to

Serial number lock is probably fine because it tamper proof, but must state clearly in documentation and also way to modify the checks in case thing need to be replace. Even 1m km for fail to start is OK because it should require proper servicing before going out again for safety reasons, but as long as it's in documentation with proper way to fix this. The date check and Geofencing is clearly not for the security purposes of tamper proof. This is anti-competition issue and will only bring Newag to lawsuit and penalty. Some said train software need to be re-certified for it's specific version but somehow Newag update the controller version every now and then. This is also weird and must investigate by certification institution. Or at least announce forfeit of certification and need to re-certified. Along with some code-audit by 3rd party (with NDA) before certification.

As a Pole, I find that hilarious when I hear something "Polish" and not working hahahaha. It makes me laugh a lot.

There will be lawsuit agains Newag because practices like this are illegal in Poland, according to EU law, the producer cannot force customer to maintain the vehicle in their own workshop (the same is with cars in entire EU). Also aging the product is illegal so if the the office of Competition and Consumer Protection (yes, there is something like that in Poland, very common used by citizens) confirms all these practices, Newag will be hit hard.

Honestly, 20k pages seems low considering my car service manual is 13k. I would expect the train service manual to be 3-4x the car.

I can't believe some devs sat there for week s as the country's train infrastructure crumbled, knowing that there were vendor locks put in place to keep these trains from being repaired by anyone but their current / former employer. Someone should have been blowing some whistles.

I made some projects on trains and other heavy machinery. But i would always hand the source code and schematics to the client. No strings attached!

It's morally bad, obviously malicious but legally...? It's a gray area. HP did the same few years back - their printers blocked after N thousands of pages or N years of service or when you loaded a 3rd party replacement ink cartridge - they claimed they couldn't guarantee that the quality of such "obsolete" hardware or 3rd party products would meet the expectations of an HP customer and it'd hurt their reputation. It included all-in-one devices - imagine you not only can't print but also can't scan anymore because you've changed the ink. None of that would happen if you used their ink and send your device for (paid) maintenance every few years (I think the manual said every 2 years but I don't remember exactly).

The only couple minutes I’m sat here thinking is it going to be a sling blade moment? … It ain’t got no gas in it

That's not a skill issue if it's intentional

Wait until Prime discovers the loudspeaker button in Google Translate. 😆 This sarcastic and humorous style of documentary is not uncommon in Polish media. I haven't read the original (or maybe I have but forgot, this got a lot of coverage) but the translation has all the signs of being accurate. Besides, who knew that a big company in a conservative industry sector would resort to "Januszex"-style business practices, right?

An inch is exactly the same as a mm, that's why people call me 9-millimeter-peter!

Every firmware, I mean *EVERY* firmware should be open source by law. Imagine this: you bought a car, next year the producer bankrupt and there are mysterious accidents connected with your car model - you have to have ability to fix your own car. Period.

The article missed the whole point, dumbing it down to lack of proper if-statement skills. This is likely not a bug, nor a skill issue of the manufacturer, but seemingly an intentional backdoor in place in order to keep getting money for servicing and repairs by the said manufacturer, even though they did not win the bid.

2:50 That's how contracts in the public sector work in France, I don't know how it is in Poland, but maybe trains are public-owned.

You hit that 15 minutes mark on the point. Nice

When you need to hire hackers who have never worked on trains before to unfuck your technical debt...

I guess he took train to the maintance company because it is supposed to have railway and could be located outside the city.

Newag recently closed new huge deal with sps, no mentions for concerns about this mess reocurring btw... 480~ million euro deal

All of this was sabotage. Effectively, the trains would break early to get more maintenance fees. If the trains were taken to any other repair shop, they would break, making the other repair shop look bad and ensuring only the saboteurs eventually got paid because they were the only people that knew about and could fix the malicious code that was the real problem (rather than any real issues that the other maintenance teams were perfectly competent to fix). Same with how replacing parts of your FruitPhone causes unrelated stuff to not work right with no explanation (as one example, swapping the screen FOR A WORKING SCREEN OFF AN IDENTICAL PHONE breaks the ability to take pictures and use some camera modes...?!) so you think the repair person broke it and you send to back to the fruit company because somehow _they_ are able to fix it... AND THEN the train dev team tried to make it fail for a dedicated maintenance window too (on some trains, because using a consistent version of software is too hard for them - but they can physically sneak people into someone else's trainyard to illegally update the software (without updating the audit log) IIRC!), but couldn't figure out how to specify the correct dates properly. The announcement by the group mentioned that they used this to predict when the train would "fail" to run - and sure enough, it didn't work in that time range. They also noted that other trains showed similar behavior, from other rail lines...