Page 1 of 1

Levellass' Softdisk Library page helped hack fax machines

Posted: Thu Sep 20, 2018 11:35 am
by Malvineous
Hi all,

Just briefly stopping by to let @levellass know that the ModdingWiki page on the Softdisk Library Format that is predominantly her work just showed up in a DEFCON video on fax machine vulnerabilities.

Turns out it's possible to send a fax to vulnerable fax machines and from that alone, take over the firmware and then if it's an all-in-one device connected to the company network, branch out and start attacking computers on the internal network.

In order for the security researchers to achieve this, they had to first figure out how to decompress the HP printer firmware, and guess what, it was compressed with the same algorithm that Softdisk used. It looks like they slightly misunderstood the origin of the algorithm (since the talk is peppered with Commander Keen references) but hey, who's complaining :)

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Sat Sep 22, 2018 8:49 am
by Nisaba
Great find!
Who would have thought that Lemm's & Lass' reverse engineering skills will help security researchers to 'fix faxes'.
BTW very interesting DEF CON talk about fax exploitation. watched the whole video and ask myself when I last used a fax machine... '96/'97, maybe? Dunno.
Have you been to this years DEF CON 26! hacking conference?
[...] in some dark corner of the internet we find this strange wiki page [...]

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Mon Oct 01, 2018 1:42 am
by Malvineous
No I haven't been to the conference as international travel is such a pain. It was quite an interesting talk, and although I haven't used a fax machine for many years either, as they said in the talk, many larger companies (at least here in Australia) still have one available.

Makes me wonder what this compression algorithm "really" is, since it's unlikely someone at Softdisk made it up themselves.

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Wed Oct 17, 2018 12:44 am
by levellass
This was highly unexpected.

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Fri Oct 19, 2018 7:22 am
by Benvolio
Very amusing! Finally keen modding has been put on the map.

Disquietingly, fax is still a core means of communication both within and between hospitals in the British Isles, especially Ireland. If we get hacked, I'm blaming Levellass!

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Mon Dec 24, 2018 11:25 pm
by levellass
Interestingly HP has contacted me about this and seems likely to change the method used to 'encrypt' their code.

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Tue Dec 25, 2018 12:24 am
by Nisaba
that's indeed interesting. can you share any further details?! did HP offer you a job?
and most importantly: will the new encryption code be in SGA?

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Fri Dec 28, 2018 10:38 pm
by Nisaba
Those guys again, similar talk, different location (CCC). This time around someone in the audience already knew the answer to their rhetorical question... https://media.ccc.de/v/35c3-9462-what_the_fax#t=1260

Re: Levellass' Softdisk Library page helped hack fax machines

Posted: Wed Jan 16, 2019 3:29 am
by levellass
Nisaba wrote: Tue Dec 25, 2018 12:24 am that's indeed interesting. can you share any further details?! did HP offer you a job?
and most importantly: will the new encryption code be in SGA?
Essentially nobody working there knew what the compression was and my page didn't cover ALL the details. So we worked back and forth and fixed a few things, including this weird thing the program does with the buffer. Once we got that all worked out the code was decompressed then recompressed using a more secure method. This I think will be rolled out in new products over time to fix this little issue.