Canon PIXMA

From DoomWiki.org

Revision as of 16:58, 30 September 2015 by Quasar (talk | contribs) (Only 2000 were direct; the others would have to be discovered on a LAN by a malicious webpage loaded by a neighboring PC or other device.)


The Doom title screen appears on the printer's console LCD, overriding the normal user interface.

Doom for the Canon PIXMA was revealed on September 12, 2014, as part of an exploit demonstration against the Canon PIXMA printer by white hat security researcher Michael Jordon. It is a basic port of the Linux Doom code base to the proprietary ARM-based smart device platform residing inside the peripheral.

Exploit

It was discovered by various hackers and researchers that the Canon PIXMA printer had a vulnerable web management frontend, unprotected by any password mechanism, which includes the capability to check for, download, and automatically apply unsigned firmware updates. Some 32000-plus such devices are known to be exposed to the Internet, 2000 of them directly. Jordon was able to break the weak XOR cipher encryption applied to the firmware with relative ease.

As a demonstration of concept with regard to the ability to upload and execute arbitrary payloads by triggering the device's self-updating capabilities, Jordon ported the Doom source code to its internal computer architecture. The device, with a 32-bit ARM processor, 10 Megabytes of RAM, and large color LCD display, had more than enough resources to support the program. To keep the size of the payload reasonable, only the shareware IWAD is included.

The source port is not currently open or available for download, presumably because it relies on reverse engineered information about the printer architecture that would be protected under copyright and trade secret laws. The game is not playable, and has palette issues during game play which Jordon does not intend to spend time addressing, having already made his point.

External links