Doom for the Canon PIXMA was revealed on September 12, 2014, as part of an exploit demonstration against the Canon PIXMA printer by white hat security researcher Michael Jordon. It is a basic port of the Linux Doom code base to the proprietary ARM-based smart device platform residing inside the peripheral.
It was discovered by various hackers and researchers that the Canon PIXMA printer had a vulnerable web management frontend, unprotected by any password mechanism, which includes the capability to check for, download, and automatically apply unsigned firmware updates. Some 32000-plus such devices are known to be exposed to the Internet, 2000 of them directly. Jordon was able to break the weak XOR cipher encryption applied to the firmware with relative ease.
As a demonstration of concept with regard to the ability to upload and execute arbitrary payloads by triggering the device's self-updating capabilities, Jordon ported the Doom source code to its internal computer architecture. The device, with a 32-bit ARM processor, 10 Megabytes of RAM, and large color LCD display, had more than enough resources to support the program. To keep the size of the payload reasonable, only the shareware IWAD is included.
The source port is not currently open or available for download, presumably because it relies on reverse engineered information about the printer architecture that would be protected under copyright and trade secret laws. The game is not playable, and has palette issues during game play which Jordon does not intend to spend time addressing, having already made his point.
- Jordon's blog page explaining the exploit in detail.