From Hacking Printers
Jump to: navigation, search

The Printer Command Language (PCL) as specified in [1] is a minimalist page description language supported by a wide variety of vendors and devices. Along with PostScript, PCL represents a de facto standard printer language. Similar to PostScript, it's origins date back to the early 80s with PCL 1 introduced by HP in 1984 for inkjet printers. PCL 3 and PCL 4 added support for fonts and macros which both can be permanently downloaded to the device – however only referenced to by a numeric id, not by a file name, as direct access to the file system is not intended. PCL 1 to 5 consist of escape sequences followed by one or more ASCII characters representing a command to be interpreted. PCL 6 Enhanced or ‘PCL XL’ uses a binary encoded, object-oriented protocol [2]. If not stated otherwise, traditional PCL 5e is used in this work. An example PCL document to print ‘Hello world’ is given below:

<Esc>EHello world

Due to its limited capabilities, PCL is hard to exploit from a security perspective unless one discovers interesting proprietary commands in some printer manufacturers's PCL flavour. The PRET tool implements a virtual, PCL-based file system which uses macros to save file content and metadata in the printer's memory. This hack shows that even a device which supports only minimalist page description languages like PCL can be used to store arbitrary files like copyright infringing material. Although turning a printer into a file sharing service is not a security vulnerability per se, it may apply as ‘misuse of service’ depending on the corporate policy.

Related articles: Page Description Languages, File system access, PostScript, PJL

  1. PCL5 Printer Language Technical Reference Manual, HP Inc., 1992
  2. PCL XL Feature Reference Protocol Class 2.0, HP Inc., 2000