Record of a hacker who hacked and restored the system of a railway vehicle that was unable to run



Sergiusz Bazanski, a member of the hacker group ``Dragon Sector,'' who investigated the cause of the problem in which

Newag trains broke down one after another in Poland in the spring of 2022, looks back on this problem.

q3k :blobcatcoffee:: 'I can finally reveal some rese…' - Warsaw Hackerspace Social Club
https://social.hackerspace.pl/@q3k/111528162462505087

Zaufana Trzecia Strona
https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/

Hakerzy podają przyczyny - Money.pl
https://www.money.pl/gospodarka/tajemnicze-awarie-polskich-pociagow-hakerzy-podaja-przyczyny-6970600372091424a.html

Poland's high-speed urban railway 'Koleje Dolnośląskie' has introduced 11 5-car electric/diesel hybrid vehicles called 45WE from the Impuls series manufactured by Newag. In the spring of 2022, the first train set to be introduced will have traveled more than 1 million km, and it has been decided that regular maintenance, including overhaul, will be carried out. At that time, after a bidding competition in which Newag also participated, it was decided that Polish Railway Vehicle Services (SPS) would undertake the maintenance.

SPS conducted the inspection in accordance with approximately 20,000 pages of relevant instructions provided by Newag. However, for some reason, the overhauled train was unable to depart, and despite verification and investigation by service engineers, the situation did not improve.

After that, 6 of the 11 45WE trains were unable to run, and SPS charged thousands of zlotys (tens of thousands to hundreds of thousands of yen) per train, saying ``train maintenance was not completed within the deadline.'' The deadline to pay the penalty was approaching. On the other hand, Newag explains that ``the train was rendered inoperable due to a safety system,'' but there is no mention of a ``safety system'' in the instructions given to SPS, and Newag says, ``The train was unable to run due to a safety system.'' As a result, the vehicle was unable to run. In response to this incident, Newag, the manufacturer, has no plans to perform any maintenance. SPS should maintain the vehicle.'

As the tension that trains cannot run increases within SPS, SPS asked the Poland-based hacker group ``Dragon Sector'' to investigate. Mr. Bazanski, Mr. Michał Kowalczyk, and Mr. Kuba Stopniewicz from Dragon Sector, who arrived at the scene, first reverse engineered the software installed on the train.



As a result of about a month and a half of research, Dragon Sector discovered that the software contained logic that ``if a train is stopped at a specific location for more than 10 days, the train will not start.'' Additionally, codes such as ``After November 21, 2022, a false error code will be sent and the train will not start'' and ``If a certain part of the train is replaced, the train will not start'' were found.

Additionally, an option was discovered to ``press the appropriate combination of keys on the controls in the cabin'' to disable these ``do not start the train'' functions. Furthermore, these codes and options were not mentioned in the instructions provided by Newag.



This option was discovered with less than a day left until the deadline to complete the work. Koleje Dolnośląskie then signed a new contract with Newag to carry out maintenance. Despite problems such as the PC used for work breaking down just before, Dragon Sector managed to start the train. Below is a picture of the train investigated by Dragon Sector departing.

To był Impuls - YouTube


Information that SPS had successfully maintained Newag trains reached various rolling stock service companies, who investigated the software. As a result, a code that caused a total of 13 trains to become inoperable was fixed.

On the other hand, Newag strongly denies the discovery made by Dragon Sector and that it intentionally added code that made it impossible to run. 'Policies like this could one day lead to serious train accidents.'

Poland's Central European Anti-Corruption Agency reports on the matter: ``This case is very complex, but an investigation is already underway.''

According to Dragon Sector, the newly introduced software version has removed the ability to unlock the train by pressing a key on the control device in the passenger compartment, but the code that makes the train unable to run remains. It is said that it will remain as it was. In addition, a warning message is now displayed on the display for trains that continue to operate under conditions that would normally result in the train being locked, and in some cases, the telemetry unit installed on the train can lock the train by remote control. Dragon Sector points out that this is possible.

in Software,   Ride, Posted by log1r_ut