The funny thing is, Newag has released a statement where they claim that their trains must have been hacked and tampered with, denying all the responsibility for the software locks. My theory is, they just do not want to admit that they lack the skills in constructing IF statements.

18:26 > call the repair team because of a train malfunction > the repairman arrives > he enters the pilot's cabin and input the Konami code > refuses to elaborate > leaves > the train start running again

In US it would be coded to break down after one million miles instead of kilometers. That’s why US trains are more reliable.

As a Pole, listening to Prime attempting to pronounce Polish names is absolutely hilarious

Just to add info - it is propably not the skill issue, nor the "bad if statement" but it was popably an illegal backdoor making the company to have monopoly for servicing the trains - now polish prosecutors are saying - quote: (translation) "Our findings indicate intentional interference with the software and the introduction of blockades that immobilized vehicles for many days" And if it weren`t for the Dragon Sector hackers propably all repair contracts with other companies would be broken (as it was supposed to be) and Newag (manufacturer) would get the repair deal $$$

The best part, the train broke again on Dec 21, only to fix itself magically on Jan 1, because of the if statements skill issue. It breaks precisely from Nov 21 to Dec 1, and Dec 21 to Jan 1, every year.

The guys also gave a presentation at 37C3, what I gather is the German rival to DEF CON 31, with more salient details and answers to audience questions: kzbin.info/www/bejne/jqPPo5WcfL-iaM0

29:35 this one is CLEARLY malicious as well. He completely missed the fact that software was programmed to artificially report a fault on a specific date, even when hardware was perfectly fine. Like, idk, if iPhone would artificially lower your battery life after exactly 3 years? The problem was not that the if statement was badly written, but that such condition was created in the first place.

just to add one more tidbit: this should be a serious security concern for governments. imagine if this were reverse engineered by hostile governments in wartime and a remote signal set the time in the internal system to the killswitch time? this is why we can't have remote killswitches in anything as critical as a car or train

I think you missed the point of the date-skill issue. That was absolutely sabotage. The train was clearly intended to break down on the day it was scheduled for its next maintenance and it only materialize exactly one year late due to a skill issue of the programmer (not accounting for all cases when comparing dates).

"What's the millimeter, is that like an inch?" - that statement shook me to my core

I think the EU's right to repair laws are applicable here. This should be very illegal by the train manufacturer.

29:02 whatever excuse you could come up for needing to lock the train doesn't matter -> the manufacturer never told anyone about the conditions, even while this was going on and in the national news, thus it was obvious intentional sabotage

The train running for a whole extra year because of an IF statement skill-issue and lucky timing is just so funny

Trains are critical infrastructure so under Polish law incapacitating trains is legally considered treason. One of the highest crimes.

"What's a millimetre, is that like an inch?" American education system at its finest...

Follow up: in PL parliament there is a commission responsible for investigation of this case of Newags' breaking trains. DS created ~50 minutes presentation about this case for commission, Newag created counter presentation. Their representatives were talking for ~1,5h about third-party servicing companies not cleaning toilets properly and did not provide the answer on how GPS checking statements appeared in trains' software. Commission members were clearly pissed off by Newag representatives.

At least their try/catch skills are better than their IFs. They tried, and got caught.

Finding the root cause of this is truly a miracle... I'd just quit programming if I'm to investigate this monstrosity

In europe we have specific laws that prohibit monopolistic behaviour, I'm sure they can find grounds for a lawsuit.

Now the train manufacturer is sueing the hackers. Absurd.

"There is extra thing hanging out of e" 🤣

Funny seeing americans seeing other's country measurement standards. Showing the good ol' "WTF IS A KILOMETERR" vibes right now.

out of all the places they could put them, they put the intern on the secret sabotage code

Lock after 10 days means lock if maintenance is happening. It will always take more than 10 days due to nature of work performed and multiple 3rd parties involved.

"Imagine you are so bad at constructing IF statements that the police got called" made me laugh so hard hahahaha

Two options: Either this lock was put in as a weak safeguard of the software IP, so it stops working if a competitor gets its hands on it for "too long", but I kind of doubt this. Or more likely to maliciously get rid of competition for the service and maintenance contracts, which often has way better margins compared to manufacturing and delivering the actual hardware. Source: work with similar stuff, but on water instead of rails.

Polska ogląda Primeagena

The directors of Newag need to be arrested and made to face trial. This is criminal on so many levels

Prime pronouncing "Polska" is everything

the way he read "Wroclaw" made my day 🤣

train maintenance is like aeroplane maintenance. you have schedules for parts checking / replacements. you dont wait for them to fail.

There was a a parliamentary hearing about this matter, and NEWAG's layers didn't respond to this evidence at all. Instead, they've shown a presentation with pictures of badly done train maintainance saying "these are our trains serviced in third party repair shops". There were a few pictures of messy clean interiors, and a few of dirty and open toilets. The only thing they've said about these if conditions that break the trains was "train software was illegally interfered with, and it wasn't done by us, we've informed the law enforcement". What's funny is that there was one train that one train operator actually brought to NEWAG for maintenance, but its software was earlier dumped by the researchers, and after NEWAG given back the train they dumped the software again and found NEWAG did a software update which included additional train lock conditions. They're not getting out of this one.

They had a panel/talk on C3 2024. Its called hacking polish train drm i think

Gotta love how my country is one of those that get mentioned only when something insane has happened, or WW2 is brought up

And to add % that they did it, here few things u missed: - they changed codes (this one in control room where u pushed buttons in right sequence like in gta) after ppl discovered it - code isn't possible to download from board - if somebody would change assembly it would leave SO MANY trails and none was found - a lot of "bad things" didn't found place on 20K book (it was too short!) - if somebody would change this things (externally but while having source code) he wouldn't made such easy mistakes like writing GPS coordinates without encryption (it's littelary 3 lines of code) - all of changes were in favour of producent of code And idea that is was just a mistake/old parts of firmware is so dumb i don't even will give any argument against it.

Just imagine another skill issue kicking in during full speed ride on one of the Newag trains. It just f-ing dangerous. Authorities should make this case an examplary one for other companies, just to warn them. But we all know nothing like that happens in the foreseeable future.

As a person from Poland i love watching people from other countries try to read polish names of citis or names or surnames.

As someone who loves trains and computer science, this is the perfect article that tickles my brain.

I imagine Louis Rossman would have a conniption fit if he read this article. Boy is that dystopian

These are clearly back door kill switches lol Based on the statement that all the trains had slightly different software, I expect the date check is a "custom" build where they just slapped in a date they felt like it should come in for "repairs" $$$$$

You're still missing the context that the first trains to break down had Over The Air firmware updates days after the Lower Silesian Railway - SPS maintenance contract was signed...

There's also some really scummy stuff with HP locking out printers for a variety of ridiculous reasons.

That's a beauty of government contracting. You can't scam polish government without having uncle there because they'll contract whomever gives lower price and you already know we have those nerdy basement guys that will fix anything for a dime and a half

wtf is wrong with chat trying to defend this behavior "if you dont get maintenance, people might get hurt" - the trains broke when they tried to maintain them. the train was basically sabotaged to break when it was being maintained... like how does that make sense?

Honesly, the only reason we learn of this, is because the train manufacturer, went all out. If they didn't block the trains, when serviced at ALL possible alternative repair shops, no one would had learned thar there is code for planned failure.

Remember Toyota’s random acceleration? Was accel by wire and caused by Malloc errors of C code. Proven in court.

Imagine that train stops for 10+ days to get graffiti cleaned. Rag and soap used on windows break computer.

What's crazy is soon cars and parts of smart houses are going to have these vendor locks if they don't already 😮

Those ifs probably looked better in code, that's how they look like after removing all the abstraction.

I've heard of other companies like Apple and John Deere that do things like this, too. Although not to this extent. They will disable your product if you attempt to repair it with 3rd party parts. Or if 3rd party tools are used.

For a moment I thought I'm imagining things when I saw a video thumbnail with Primeagen and Koleje Dolnośląskie train in the background xd

The guy that did the reversed engineering is my teacher of RE at uni 😊

What a rollercoaster these train shenanigans

the worst part ? The issue was present when train came out of factory . Till train is shut down and battery reach a low enough treshold or when train is improperly started sequence of starting is not followed . Nothing is easy to fing aside from engine noise

It's so frustrating watching a manlet being deliberately obtuse "bUT hOW cAN iT bE fInE iF iT dOeSn'T wOrK?"

Update from janurary 2024 : polish parliament itself started an investigation, Newag stock is took a 10% hit (and it just started)

This sounds like a case of the all too common, right to repair issue, the train operator went with another company for maintenance because they were cheaper than the manufacturer, the manufacturer has placed locks in the code to tie replaced devices to serial numbers, maintenance time bombs to force a maintenance event and associated fees, etc.

22:57 narrator: He did in fact not take out the accidental re-read (I'm assuming because the cut would be really obvious and to give us more chances to laugh at your expense ;))

We polish find it really funny to listen to foreigners trying to pronounce polish names :D

20:08 You don't know what a pantograph is? For goodness sake! There's even context here. 1. Part of the train's startup procedure. 2. The train is suppose to "raise" it! It's the boom arms that reach for sweet sweet electronics from the sky! lol

The 22:00 Slack notification made me stand up to my computer to see what's up 😂😂

I bet the dev who messed up with IF statements did that on purpose. From the manager's POV, everything looks good but the code never gets executed. Everyone is happy

My god, poo see the stroyer got me good hahhaahahahha

The name is the PooSeeTheStroy-agen

That usage based shutdown clause for the train software reminds me of ink jet printers. Many manufacturers sell ink with authenication chips so that you cannot use 3rd party replacements. The cartridges have EEPROM or flash to keep track of usage, and will refuse to print once this count is exceeded, even if ink still exists in the cartridge. Also common in the medical industry with consumables.

The chat had the worst copium on rather clear illegal action. Safety and maintenance, part expiration date my ass, you can look up ISO standards about safety and common practices in automation and machine engineering safety and you can't find "we lock the system by software if the product hits anyone else's maintenance location after we have lost the service deal". In fact the party ordering the trains needs to specify in the deal for safety features and they are well documented (especially if the documentation is 20 000 pages large to begin with) if it's legal practices. The locks hit to prevent the trains from running IF they went through maintenance (or stopped them from running in general), it did not lock them up until maintenance. Furthermore straight up locking the train is not safety practice, at worst if you lock the train while running, it can be a huge safety issue. The safety related parts surely have a schedule and it's on the company using the trains to take care of that (or they order the safety feature, not discover it when their products don't work). Part expiration date would not be critical neglection from the manufacturer especially when they are scheduled for maintenance. Or you do business in Poland and don't care to begin with as a manufacturer - definitely not the manufacturer's problem in either case. Also it makes zero sense to lock nearby maintenance facility like someone claimed. The very opposite, you are trying to make them running there if they aren't and it does not bring any safety or practicality if unknown software feature locks them up (anywhere except the product provider's facility). Kinda upsetting to read those comments.

The real sabotage was the names Prime had to pronounce in this one

on one hand when you're tight on time boarding a Polish train is a death wish... on the other sometimes there's no faster option and you just won't make it otherwise so you have to bet on it

22:25 and then lil bro says he doesn't loose much focus by distracting for random questions 💀

If malicious, due to how much operating a railway system costs, the possible sentence in case of a criminal lawsuit could be stupidly nasty. I'll put fraudulently tampering with large scale public transport systems on my don't list 😎

"American mind can not even comprehend this" - haha! The Wild West was not where you think it was Mr @ThePrimeAgen The Wild West was, is and will be to the East from NY

kilometer = 0.75 miles millimeter = 1/25 of an inch There you go. Now you know.

You hit that 15 minutes mark on the point. Nice

One or two of the things, MAYBE could be argued as test code that escaped. But I don't think the maintenance shop geofencing would remotely be argued as such a thing (what's the context you create where you'd need to test it specifically in that way???). And on top of that the sheer number of things that just make it break for nothing.

I can't believe some devs sat there for week s as the country's train infrastructure crumbled, knowing that there were vendor locks put in place to keep these trains from being repaired by anyone but their current / former employer. Someone should have been blowing some whistles.

There were laws for this. The tender that was won by SPS obligated Newag to pass on everything they had, including full documentation of software to SPS so they can maintain the trains. They clearly didn't, so they broke the original contract they made with Silesian Railways they signed when they sold the trains in the first place. This also touches a bigger problem, as trains in Poland (and many European countries) are considered a strategically important resource (think - natural disasters and war). This not only goes under industrial sabotage but also potentially under those more treason-y laws. Also - Newag doesn't sell exclusively in Poland. They sell trains and trams to other countries too. :')

This honestly deserves a movie. What these hackers made such mind-blowing discoveries under insane time pressure, it sounds almost invented for cinema. Also there is absolutely no way vendor locking a product through means like this is legal. It is a conspiracy. In some jurisdictions, using proprietary parts and protocols might be legal and effectively mean the manufacturer has monopoly over maintenance. Planned obsolescence might be possible through intentionally faulty design. But in no economy would targeting specific market competition in your software, or setting up specific, undisclosed dates for malfunctions be allowed. Companies didn’t wait for the invention of software and computers to use tactics like this; they just paid someone to actually sabotage the train. This is not a right to repair -issue; This is fully fledged conspiracy. Just like you can’t hire goons to break your customer’s windows if they don’t renew a service contract, you can’t write software that secretly bricks a train to protect your market position either. There is a very clear difference between planned obsolescence and a conspiracy to directly cause obsolescence. What jurisdiction this falls under hardly matters.

these people did a really good talk that was fun to listening to

13:40 The train they took probably was late, because they started to dump the running train's firmware mid journey :)

One of the best articles you've read, maybe on par with the a$$word article. Largely due to the great writing. It also reminded me a lot of Atlas Shrugged with all the trains breaking down.

As a Pole, I find that hilarious when I hear something "Polish" and not working hahahaha. It makes me laugh a lot.

Every firmware, I mean *EVERY* firmware should be open source by law. Imagine this: you bought a car, next year the producer bankrupt and there are mysterious accidents connected with your car model - you have to have ability to fix your own car. Period.

An inch is exactly the same as a mm, that's why people call me 9-millimeter-peter!

Love from Lower Silesia, Poland ❤

The article missed the whole point, dumbing it down to lack of proper if-statement skills. This is likely not a bug, nor a skill issue of the manufacturer, but seemingly an intentional backdoor in place in order to keep getting money for servicing and repairs by the said manufacturer, even though they did not win the bid.

I guess he took train to the maintance company because it is supposed to have railway and could be located outside the city.

When you need to hire hackers who have never worked on trains before to unfuck your technical debt...

For future reference, Silesian is pronounced "SYE-LESION"

The only couple minutes I’m sat here thinking is it going to be a sling blade moment? … It ain’t got no gas in it

cpp struggles: - I want to start a new project - I use cmake - I get cmake errors. - I spend hours trying to understand wtf I'm doing. - Then I get compiler errors. - I fix them - Then I spend hours fixing the new linking errors and I read some more cmake. - I have now solved every errors. - The program segfaults. Edit: I have ninja errors now. wtf bro ?

It makes me furious that he doesn't recognize all of these "features" were introduced intentionally... It's perfectly clear from the article in polish.

I made some projects on trains and other heavy machinery. But i would always hand the source code and schematics to the client. No strings attached!

Honestly, 20k pages seems low considering my car service manual is 13k. I would expect the train service manual to be 3-4x the car.

Serial number lock is probably fine because it tamper proof, but must state clearly in documentation and also way to modify the checks in case thing need to be replace. Even 1m km for fail to start is OK because it should require proper servicing before going out again for safety reasons, but as long as it's in documentation with proper way to fix this. The date check and Geofencing is clearly not for the security purposes of tamper proof. This is anti-competition issue and will only bring Newag to lawsuit and penalty. Some said train software need to be re-certified for it's specific version but somehow Newag update the controller version every now and then. This is also weird and must investigate by certification institution. Or at least announce forfeit of certification and need to re-certified. Along with some code-audit by 3rd party (with NDA) before certification.

Is Q-day approaching? Probably not, but damn are some software ecosystems just begging to be cracked open

I am getting some serious Newag vibes from theproxysniper

It's totally illegal, Newag signed a contract with railway company and they broke it in many places, illegal as fuck. They also updated the code in trains without recertification adding the locks and didn't documented it

In one case train was just parked near the service station and got bricked just by standing too long in the "no-go" zone ;]

"Stilsian" how did you manage to mispronounce the ENGLISH name for Śląsk lmfao