Difference between revisions of "Fundamentals"
(Created page with "Typical printers range from classical [https://en.wikipedia.org/wiki/Dot_matrix_printing dot matrix] to [https://en.wikipedia.org/wiki/Inkjet_printing inkjet] or [https://en.w...") |
|||
Line 3: | Line 3: | ||
== High-level overview == | == High-level overview == | ||
− | A schematic relationship of | + | A schematic relationship regarding the encapsulation of printer languages is given below. |
− | [[File:Protocols.png| | + | [[File:Protocols.png|border|500px|Encapsulation of printer languages]] |
+ | |||
+ | The network printing protocol acts as a channel to deploy print jobs which either contain the page description language directly or first invoke a printer/job control language to change settings like paper trays. From a security point of view this encapsulation is interesting, especially because functionality is overlapping. For example an – each time different – username can be set in [[IPP]], [[PJL]] and [[PostScript]]. If something is restricted in one layer, it may be allowed in the next one. While network printing protocols are discussed in this wiki, the focus is mainly on printer languages, particularly PJL and PostScript. | ||
== Network printing protocols == | == Network printing protocols == | ||
Line 18: | Line 20: | ||
A page description language (PDL) specifies the appearance of the actual document. It must however be pointed out that some PDLs offer limited job control, so a clear demarcation between page description and printer/job control language is not always possible. The function of a ‘printer driver’ is to translate the file to be printed into a PDL that is understood by the printer model. Note that some low cost inkjet printers do not support any high level page description language at all. So called host-based or [https://en.wikipedia.org/wiki/Graphics_Device_Interface#GDI_printers GDI] printers only accept simple bitmap datastreams like [http://www.undocprint.org/formats/page_description_languages/zjstream ZJS] while the actual rendering is done by the printer driver. There are various proprietary page description languages like Kyocera's [http://www.undocprint.org/formats/page_description_languages/prescribe PRESCRIBE], [http://www.undocprint.org/formats/page_description_languages/spl SPL], [http://www.undocprint.org/formats/page_description_languages/xes XES], [http://www.undocprint.org/formats/page_description_languages/capsl CaPSL], [http://www.undocprint.org/formats/page_description_languages/rpcs RPCS], [https://en.wikipedia.org/wiki/ESC/P ESC/P] which is mostly used in dot matrix printers or [https://en.wikipedia.org/wiki/HPGL HP-GL] and [https://en.wikipedia.org/wiki/HPGL#HP-GL.2F2 HP-GL/2] which have been designed for plotters. Support for direct [https://en.wikipedia.org/wiki/Portable_Document_Format PDF] and [https://en.wikipedia.org/wiki/Open_XML_Paper_Specification XPS] printing is also common on newer printers. The most common ‘standard’ page description languages however are [[PostScript]] and [[PCL]]. | A page description language (PDL) specifies the appearance of the actual document. It must however be pointed out that some PDLs offer limited job control, so a clear demarcation between page description and printer/job control language is not always possible. The function of a ‘printer driver’ is to translate the file to be printed into a PDL that is understood by the printer model. Note that some low cost inkjet printers do not support any high level page description language at all. So called host-based or [https://en.wikipedia.org/wiki/Graphics_Device_Interface#GDI_printers GDI] printers only accept simple bitmap datastreams like [http://www.undocprint.org/formats/page_description_languages/zjstream ZJS] while the actual rendering is done by the printer driver. There are various proprietary page description languages like Kyocera's [http://www.undocprint.org/formats/page_description_languages/prescribe PRESCRIBE], [http://www.undocprint.org/formats/page_description_languages/spl SPL], [http://www.undocprint.org/formats/page_description_languages/xes XES], [http://www.undocprint.org/formats/page_description_languages/capsl CaPSL], [http://www.undocprint.org/formats/page_description_languages/rpcs RPCS], [https://en.wikipedia.org/wiki/ESC/P ESC/P] which is mostly used in dot matrix printers or [https://en.wikipedia.org/wiki/HPGL HP-GL] and [https://en.wikipedia.org/wiki/HPGL#HP-GL.2F2 HP-GL/2] which have been designed for plotters. Support for direct [https://en.wikipedia.org/wiki/Portable_Document_Format PDF] and [https://en.wikipedia.org/wiki/Open_XML_Paper_Specification XPS] printing is also common on newer printers. The most common ‘standard’ page description languages however are [[PostScript]] and [[PCL]]. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | % specifies the actual document to be rendered | structure | layout | ||
+ | |||
+ | % and then to explicitly communicate to the printer device which language is going to be used. | ||
+ | % explicitly set the PDL first | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | % however it is embedded within a printing protocol. | ||
+ | % Therefore, PJL can also be refered to as a printer control languages. | ||
+ | % PJL is not limited to the current | ||
+ | % In comparison, a printer control and management languages affects not only a single job but the printer device as a whole. | ||
+ | |||
+ | |||
+ | %In this work the terms | ||
+ | %job control language and printer control lanuage can usually be used as synonyms as there is no | ||
+ | %It must be pointed job control languages that there is no clear | ||
+ | |||
+ | %\textit{... many more\\ | ||
+ | %... have interesting features like file system access\\ | ||
+ | %... often proprietary, vendor-specific\\ | ||
+ | %... might be worth a look} |
Revision as of 20:02, 7 January 2017
Typical printers range from classical dot matrix to inkjet or laser printers used at home or in small businesses. The printing hardware is not addressed in detail in this wiki, as from a security perspective it seems less relevant [1]. This page aims to give an introduction to fundamental printing technologies, including network printing protocols, printer control and page description languages.
Contents
High-level overview
A schematic relationship regarding the encapsulation of printer languages is given below.
The network printing protocol acts as a channel to deploy print jobs which either contain the page description language directly or first invoke a printer/job control language to change settings like paper trays. From a security point of view this encapsulation is interesting, especially because functionality is overlapping. For example an – each time different – username can be set in IPP, PJL and PostScript. If something is restricted in one layer, it may be allowed in the next one. While network printing protocols are discussed in this wiki, the focus is mainly on printer languages, particularly PJL and PostScript.
Network printing protocols
Sending data to a printer device can be done by USB/parallel cable or over a network. This wiki focuses on network printing but most of the presented attacks can also be performed against local printers. There are various exotic protocols for network printing like Novell's NCP or AppleTalk. In the Windows world, SMB/CIFS printer shares have become quite popular. Furthermore, some devices support printing over generic protocols such as FTP or HTTP file uploads. The most common printing protocols supported directly by network printers however are LPD, IPP, and raw port 9100 printing. Network printing protocols can be attacked directly, for example by exploiting a buffer overflow in the printer's LPD daemon. In many attack scenarios however, they only act as a carrier/channel to deploy malicious Printer language code. Note that a network printer usually supports multiple protocols to ‘print’ a document which broadens the attack surface through the network.
Printer Control Languages
A job control language manages settings like output trays for the current print job. While it usually sits as an optional layer in-between the printing protocol and the page description language, functions may be overlapping. Examples of vendor-specific job control languages are CPCA, XJCL, EJL and PJL – which is supported by a variety of printers and will be discussed below. In addition, printer control and management languages are designed to affect not only a single print job but the device as a whole. One approach to define a common standard for this task was NPAP. However, it has not established itself and is only supported by Lexmark. Other printer manufacturers instead use SNMP or its metalanguage PML as introduced in the following.
Page Description Languages
A page description language (PDL) specifies the appearance of the actual document. It must however be pointed out that some PDLs offer limited job control, so a clear demarcation between page description and printer/job control language is not always possible. The function of a ‘printer driver’ is to translate the file to be printed into a PDL that is understood by the printer model. Note that some low cost inkjet printers do not support any high level page description language at all. So called host-based or GDI printers only accept simple bitmap datastreams like ZJS while the actual rendering is done by the printer driver. There are various proprietary page description languages like Kyocera's PRESCRIBE, SPL, XES, CaPSL, RPCS, ESC/P which is mostly used in dot matrix printers or HP-GL and HP-GL/2 which have been designed for plotters. Support for direct PDF and XPS printing is also common on newer printers. The most common ‘standard’ page description languages however are PostScript and PCL.
% specifies the actual document to be rendered | structure | layout
% and then to explicitly communicate to the printer device which language is going to be used. % explicitly set the PDL first
% however it is embedded within a printing protocol.
% Therefore, PJL can also be refered to as a printer control languages.
% PJL is not limited to the current
% In comparison, a printer control and management languages affects not only a single job but the printer device as a whole.
%In this work the terms
%job control language and printer control lanuage can usually be used as synonyms as there is no
%It must be pointed job control languages that there is no clear
%\textit{... many more\\ %... have interesting features like file system access\\ %... often proprietary, vendor-specific\\
%... might be worth a look}- ↑ Even though some newspapers claimed hackers could set laser printers on fire by overheating them.