Difference between revisions of "PCL"
Line 1: | Line 1: | ||
The Printer Command Language (PCL) as specified in <ref>''[http://www.hp.com/ctg/Manual/bpl13210.pdf PCL5 Printer Language Technical Reference Manual]'', HP Inc., 1992</ref> is a minimalist page description language supported by a wide variety of vendors and devices. Along with [[PostScript]], PCL represents a de facto standard printer language. Similar to PostScript, it's origins date back to the early 80s with PCL 1 introduced by HP in 1984 for inkjet printers. PCL 3 and PCL 4 added support for fonts and macros which both can be permanently downloaded to the device – however only referenced to by a numeric id, not by a file name, as direct access to the file system is not intended. PCL 1 to 5 consist of escape sequences followed by one or more ASCII characters representing a command to be interpreted. PCL 6 Enhanced or ‘PCL XL’ uses a binary encoded, object-oriented protocol <ref>''[http://www.undocprint.org/_media/formats/page_description_languages/pcl_xl_2_0_technical_reference_rev2_2.pdf PCL XL Feature Reference Protocol Class 2.0]'', HP Inc., 2000</ref>. If not stated otherwise, traditional PCL 5e is used in this work. An example PCL document to print ‘Hello world’ is given below: | The Printer Command Language (PCL) as specified in <ref>''[http://www.hp.com/ctg/Manual/bpl13210.pdf PCL5 Printer Language Technical Reference Manual]'', HP Inc., 1992</ref> is a minimalist page description language supported by a wide variety of vendors and devices. Along with [[PostScript]], PCL represents a de facto standard printer language. Similar to PostScript, it's origins date back to the early 80s with PCL 1 introduced by HP in 1984 for inkjet printers. PCL 3 and PCL 4 added support for fonts and macros which both can be permanently downloaded to the device – however only referenced to by a numeric id, not by a file name, as direct access to the file system is not intended. PCL 1 to 5 consist of escape sequences followed by one or more ASCII characters representing a command to be interpreted. PCL 6 Enhanced or ‘PCL XL’ uses a binary encoded, object-oriented protocol <ref>''[http://www.undocprint.org/_media/formats/page_description_languages/pcl_xl_2_0_technical_reference_rev2_2.pdf PCL XL Feature Reference Protocol Class 2.0]'', HP Inc., 2000</ref>. If not stated otherwise, traditional PCL 5e is used in this work. An example PCL document to print ‘Hello world’ is given below: | ||
− | + | <Esc>EHello world | |
Due to its limited capabilities, PCL is hard to exploit from a security perspective unless one discovers interesting proprietary commands in some printer manufacturers's PCL flavour. The [[PRET]] tool implements a '''virtual, PCL-based file system''' which uses macros to save file content and metadata in the printer's memory. This hack shows that even a device which supports only minimalist page description languages like PCL can be used to store arbitrary files like copyright infringing material. Although turning a printer into a file sharing service is not a security vulnerability per se, it may apply as ‘misuse of service’ depending on the corporate policy. | Due to its limited capabilities, PCL is hard to exploit from a security perspective unless one discovers interesting proprietary commands in some printer manufacturers's PCL flavour. The [[PRET]] tool implements a '''virtual, PCL-based file system''' which uses macros to save file content and metadata in the printer's memory. This hack shows that even a device which supports only minimalist page description languages like PCL can be used to store arbitrary files like copyright infringing material. Although turning a printer into a file sharing service is not a security vulnerability per se, it may apply as ‘misuse of service’ depending on the corporate policy. |
Revision as of 21:00, 14 January 2017
The Printer Command Language (PCL) as specified in [1] is a minimalist page description language supported by a wide variety of vendors and devices. Along with PostScript, PCL represents a de facto standard printer language. Similar to PostScript, it's origins date back to the early 80s with PCL 1 introduced by HP in 1984 for inkjet printers. PCL 3 and PCL 4 added support for fonts and macros which both can be permanently downloaded to the device – however only referenced to by a numeric id, not by a file name, as direct access to the file system is not intended. PCL 1 to 5 consist of escape sequences followed by one or more ASCII characters representing a command to be interpreted. PCL 6 Enhanced or ‘PCL XL’ uses a binary encoded, object-oriented protocol [2]. If not stated otherwise, traditional PCL 5e is used in this work. An example PCL document to print ‘Hello world’ is given below:
<Esc>EHello world
Due to its limited capabilities, PCL is hard to exploit from a security perspective unless one discovers interesting proprietary commands in some printer manufacturers's PCL flavour. The PRET tool implements a virtual, PCL-based file system which uses macros to save file content and metadata in the printer's memory. This hack shows that even a device which supports only minimalist page description languages like PCL can be used to store arbitrary files like copyright infringing material. Although turning a printer into a file sharing service is not a security vulnerability per se, it may apply as ‘misuse of service’ depending on the corporate policy.
→ Related aricles: Page Description Languages, File system access, PostScript, PJL
- ↑ PCL5 Printer Language Technical Reference Manual, HP Inc., 1992
- ↑ PCL XL Feature Reference Protocol Class 2.0, HP Inc., 2000