Levellass' Softdisk Library page helped hack fax machines

Anything related to Keen Modding.
Post Reply
User avatar
Malvineous
Posts: 103
Joined: Sat Mar 13, 2004 12:54 am
Location: Brisbane, Australia
Contact:

Levellass' Softdisk Library page helped hack fax machines

Post by Malvineous » Thu Sep 20, 2018 11:35 am

Hi all,

Just briefly stopping by to let @levellass know that the ModdingWiki page on the Softdisk Library Format that is predominantly her work just showed up in a DEFCON video on fax machine vulnerabilities.

Turns out it's possible to send a fax to vulnerable fax machines and from that alone, take over the firmware and then if it's an all-in-one device connected to the company network, branch out and start attacking computers on the internal network.

In order for the security researchers to achieve this, they had to first figure out how to decompress the HP printer firmware, and guess what, it was compressed with the same algorithm that Softdisk used. It looks like they slightly misunderstood the origin of the algorithm (since the talk is peppered with Commander Keen references) but hey, who's complaining :)

User avatar
Nisaba
Posts: 295
Joined: Fri Jan 01, 2016 11:15 pm
Location: patch.pat
Contact:

Re: Levellass' Softdisk Library page helped hack fax machines

Post by Nisaba » Sat Sep 22, 2018 8:49 am

Great find!
Who would have thought that Lemm's & Lass' reverse engineering skills will help security researchers to 'fix faxes'.
BTW very interesting DEF CON talk about fax exploitation. watched the whole video and ask myself when I last used a fax machine... '96/'97, maybe? Dunno.
Have you been to this years DEF CON 26! hacking conference?
[...] in some dark corner of the internet we find this strange wiki page [...]

User avatar
Malvineous
Posts: 103
Joined: Sat Mar 13, 2004 12:54 am
Location: Brisbane, Australia
Contact:

Re: Levellass' Softdisk Library page helped hack fax machines

Post by Malvineous » Mon Oct 01, 2018 1:42 am

No I haven't been to the conference as international travel is such a pain. It was quite an interesting talk, and although I haven't used a fax machine for many years either, as they said in the talk, many larger companies (at least here in Australia) still have one available.

Makes me wonder what this compression algorithm "really" is, since it's unlikely someone at Softdisk made it up themselves.

levellass
Posts: 2895
Joined: Wed Oct 11, 2006 12:03 pm
Location: Ngaruawahia New Zealand

Re: Levellass' Softdisk Library page helped hack fax machines

Post by levellass » Wed Oct 17, 2018 12:44 am

This was highly unexpected.

Benvolio
Posts: 214
Joined: Sun Aug 29, 2004 4:44 pm
Location: Ireland
Contact:

Re: Levellass' Softdisk Library page helped hack fax machines

Post by Benvolio » Fri Oct 19, 2018 7:22 am

Very amusing! Finally keen modding has been put on the map.

Disquietingly, fax is still a core means of communication both within and between hospitals in the British Isles, especially Ireland. If we get hacked, I'm blaming Levellass!

Post Reply