Jump to content

Cow Milking Robot Hacks/Mods X11


Recommended Posts

 Hi Everyone, update time. I plugged in a keyboard and it did do interesting things, sort of. Ctrl + Alt + FX (X != 2 ) directs you to a console login. I tried all the obvious-ish default passwords. Lely, Password, 123456, etc. It is quite slow on the password denied response, so perhaps I need to buy a rubber ducky and let it go all night long or something. The good news is it does keep milking cows while messing with it, you just have to remember to CtrlAltF2 before you unplug the keyboard. 

Video: 

I haven't done a hard reboot, I think that's the next step, remove power and see what shows up during boot. 

 

  • Like 1
Link to post
Share on other sites
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

So I'm a dairy farmer, and a couple years ago we bought a pair of Lely A4 Astronaut milking robots. They work great and they milk cows pretty well but there are a few things that they don't let you do

I have no terminal access on robot. There is no built in command line interface on the robot. I have no ssh credentials for it either. I am connecting via a Kali linux laptop on the same LAN. Sin

Salt of the earth you people are.

9 minutes ago, Legomaniac said:

I'm actually not sure I tried that! Mostly I tried to log into root or 'admin' I'll try lely lely

it likely is vulnerable to privilege escalation attacks somewhere 

I'm not home but I tried to ssh in as username lely password lely

no sauce yet

Link to post
Share on other sites

Thats strange just tried it again for me and it logged in:

 

login as: lely
lely@10.4.1.101's password:
Linux elink-tab 3.10.17-R07 #1 SMP PREEMPT Mon Feb 15 15:14:56 CET 2016 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 11 23:34:29 2017 from 10.4.1.1
lely@elink-tab:~$ ls /
bin   dev  home          lib    media  opt   root  sbin  sys  usr
boot  etc  lely_install  lib64  mnt    proc  run   srv   tmp  var
lely@elink-tab:~$

 
 

  • Like 1
Link to post
Share on other sites
5 minutes ago, user_1577 said:

Thats strange just tried it again for me and it logged in:

 


login as: lely
lely@10.4.1.101's password:
Linux elink-tab 3.10.17-R07 #1 SMP PREEMPT Mon Feb 15 15:14:56 CET 2016 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 11 23:34:29 2017 from 10.4.1.1
lely@elink-tab:~$ ls /
bin   dev  home          lib    media  opt   root  sbin  sys  usr
boot  etc  lely_install  lib64  mnt    proc  run   srv   tmp  var
lely@elink-tab:~$

 

Did you copy & paste that or type it out? Also, what version of robot is it, and what software version is i running?

Link to post
Share on other sites

so, What I'm getting looks like this: 

If you trust this host, enter "y" to add the key to                                                             
PuTTY's cache and carry on connecting.                                                                          
If you want to carry on connecting just once, without                                                           
adding the key to the cache, enter "n".                                                                         
If you do not trust this host, press Return to abandon the                                                      
connection.                                                                                                     
Store key in cache? (y/n) yes                                                                                   
login as: lely                                                                                                  
lely@10.4.1.101's password:  (I entered lely)                                                                                   
Access denied                                                                                                   
lely@10.4.1.101's password:                                                                                     

Update: I tried it on robot 2 and got the same results.

PS C:\Program Files\PuTTY> .\plink.exe 10.4.1.102                                                               
The first key-exchange algorithm supported by the server is                                                     
diffie-hellman-group1-sha1, which is below the configured warning threshold.                                    
Continue with connection? (y/n) y                                                                               
The server's host key is not cached in the registry. You                                                        
have no guarantee that the server is the computer you                                                           
think it is.                                                                                                    
The server's rsa2 key fingerprint is:                                                                           
ssh-rsa 1040 be:44:a8:36:71:ec:1e:b9:df:28:23:d3:c9:eb:b6:8a                                                    
If you trust this host, enter "y" to add the key to                                                             
PuTTY's cache and carry on connecting.                                                                          
If you want to carry on connecting just once, without                                                           
adding the key to the cache, enter "n".                                                                         
If you do not trust this host, press Return to abandon the                                                      
connection.                                                                                                     
Store key in cache? (y/n) y                                                                                     
login as: Lely                                                                                                  
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:               

So it appears that your robot has a different default ssh password than mine, or perhaps mine has password login disabled :( 

Question for those in the know, If you disable password login, will it still give you a 'fake' password prompt?

Edited by Legomaniac
More info
Link to post
Share on other sites
  • 3 months later...
  • 4 weeks later...
  • 2 months later...

@legomaniac ive been trying to learn how to access t4c remotely for a month now. i still get lost in the vocabulary. would you be willing to help me set it up privately? also the passwords on some of our brand new a4 stuff is Service: lely or service: lelylely and there was another one that the password had some numbers in it but i cant remember that anymore. 

 

cant wait till someone figures this out. i'm getting tired of having to go over to reset m4use buckets!

Link to post
Share on other sites

Nmap scan port 80 http:// ipaddress into your internet exploder press enter tada 

Link to post
Share on other sites

bigbiz must be doing something wrong.

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-22 17:43 Eastern Daylight Time
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating Ping Scan at 17:43
Scanning 71.120.95.4 [4 ports]
Completed Ping Scan at 17:43, 3.18s elapsed (1 total hosts)
Nmap scan report for 71.120.95.4 [host down]
NSE: Script Post-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 9.66 seconds

Raw packets sent: 8 (304B) | Rcvd: 3 (205B)
 

i'm assuming there are some settings i need to change on my other router/computer but i don't know what. Where do i look now? even some key words to search and read about would help.  its all new to me but i like to learn.

Link to post
Share on other sites
  • 4 weeks later...
On 4/22/2018 at 5:47 PM, hemmy15 said:

bigbiz must be doing something wrong.

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-22 17:43 Eastern Daylight Time
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating Ping Scan at 17:43
Scanning 71.120.95.4 [4 ports]
Completed Ping Scan at 17:43, 3.18s elapsed (1 total hosts)
Nmap scan report for 71.120.95.4 [host down]
NSE: Script Post-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 9.66 seconds

Raw packets sent: 8 (304B) | Rcvd: 3 (205B)
 

i'm assuming there are some settings i need to change on my other router/computer but i don't know what. Where do i look now? even some key words to search and read about would help.  its all new to me but i like to learn.

Sorry Hemmy15, I've been not on here much for a while again... 

Accessing t4c remotely and accessing the robot touchscreen remotely are different systems, but I can help you do both.

You will need to get a machine that runs Linux (or a linux instance in a VM like virtualbox on the T4CPC), and also has access to the LAN that the robots are on. The amount of linux required is pretty minimal, but the more 'remoteness' you need, the more complex it gets. 

I can do it from anywhere in the world I have internet, using my phone, but I don't because it's pretty tedious. If you're trying to just reset the buckets from an office I bet I can get you up and running in an hour. Send me a private message and I'll be in touch. In the meantime,  this video is step 1. Do this on the T4C server in the barn, and  if you don't have TeamViewer, get that too

 

Link to post
Share on other sites
  • 6 months later...
We do not have implemented the robotic machines with the cows, so far, thus helping us to know to much about the port connection of the network with the software. Might me because of the technology gap, we might have not received this techniques still. It helped me a lot to improve the technology here, though I am unable to provide you any solution.
Link to post
Share on other sites
  • 1 month later...

Wou. I find this to be a very interesting topic. 

My parents have A4s. I have made T4C achievable remotely to them.

Just grant asses to other computer to folder lely-pc/T4C/.

Connect it to T4C-PC via LAN or VPN.

Open http://lely-pc/T4C/Content/Login.aspx and use it as you were on T4C-PC.

Link to post
Share on other sites
  • 3 months later...
  • 4 months later...

Really cool stuff guys, I want to do exactly the same thing. I want to be able to access the elink (robot touchscreen) from anywhere. I have vncviewer on the touchscreen, but as others said it seems to be read only.  I also plugged a keyboard in to the touchscreen and the username lely and password lely worked for me just as it did for @user_1577.  However I don't have any experience working with a Linux terminal so I would have no idea how to change the vnc viewer to write (if thats even possible). Could anybody help me out?

 

Link to post
Share on other sites
  • 5 months later...
31 minutes ago, twolelys said:

I can get to the user login in through ctrl + alt + F1,  F2 gets me back to main screen, but lely for login and password dont work for me, almost 8 yr lely a4.

You're not the only one with this problem. Our A4s are 5 years old and the password is not 'lely' on them either. I have not been able to log in yet. 

Link to post
Share on other sites
On 2/19/2020 at 7:41 PM, Legomaniac said:

You're not the only one with this problem. Our A4s are 5 years old and the password is not 'lely' on them either. I have not been able to log in yet. 

Yeah same here (4 years old A4), I can SSH into the robot or access the terminal through the USB port directly, but I can't login.

lely - lely
lely - lelylely
lely - admin
lely - Lely
lely - LELY
lely - service
service - service
service - lely
etc.

 

 

Link to post
Share on other sites

Wait, might have something. While digging in some of their tools that are left on the PC I found root / lely123. 

So now I have root access to the elink, but my Linux terminal knowledge is limited. Since other users seemed to login using Lely I figured I should go there as well. Found a folder called x11vnc there, but I can't open it from terminal.

Anyone else cares to follow up on this?

 

login as: root
root@10.4.1.102's password:
~ # pwd
/home/root
~ # cd ..
/home # cd..
-sh: cd..: not found
/home # cd ..
/ # pwd
/
/ # ls
bin   boot  dev   etc   home  lib   mnt   proc  sbin  sys   tmp   usr   var
/ # cd usr
/usr # cd lely
-sh: cd: can't cd to lely
/usr # cd Lely
/usr/Lely # ls
AGS                  Ax_A_RCS             RCS.start
AGS.start            Ax_A_XLinkUpdater    Software
AURS                 DoUpdate             VNC.start
AURS.start           LDNTranslator        Version.txt
Ax_A_1024x768.qss    LDNTranslator.reset  XLinkUpdater
Ax_A_640x480.qss     LDNTranslator.start  XLinkUpdater.start
Ax_A_AGS             LFWTimeServer        bootNetConf
Ax_A_AURS            LFWTimeServer.start  chrome.sh
Ax_A_LDNTranslator   PC2Target            killme
Ax_A_LFWTimeServer   Proxy                lelyboot
Ax_A_PC2Target       Proxy.start          setNetConf
Ax_A_Proxy           RCS                  vnc
/usr/Lely # cd vnc
/usr/Lely/vnc # ls
classes               libavahi-common.so.3  libssl.so.1.0.0
libavahi-client.so.3  libcrypto.so.1.0.0    x11vnc
/usr/Lely/vnc # cd x11vnc
-sh: cd: can't cd to x11vnc
/usr/Lely/vnc #
 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...