Aghaster

Need Help Reverse Engineering Protocol

9 posts in this topic

Hi,

I'm currently trying to reverse engineer the HBN3 protocol, a protocol used by Lexmark network printers. I've isolated three big chunks of data that seem to constitute the documents sent to the printer in order to printer. They correspond the printing of a simple ASCII text like this:

AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA
AAAAAAAAAA

I've attached a zip file with all three chunks of data, you can use a hex editor to read them. chunks2.dat is the largest chunk of data and looks like the document that is to be printed, in a ready to print format. It looks a bit like 3 byte RGB codes. I need help figuring out the format of the data that is being sent by the computer to the printer in order to print. Any suggestions on what you think it might be is welcome!

chunks.zip

0

Share this post


Link to post
Share on other sites

Good to see that you're getting 'low down and dirty'....

I assume that you are using CUPS->Raw file, and printing from a windows machine. If the format contains bit mapped graphics, then use colored patches to work out encoding. IE. print out 1 page completely white, and 1 page completely black:

Q. Do the dumps occupy the same disk space, do they have similar headers or footers?

Q. Can you print at lower resolutions to reduce the amount of data you have to parse/inspect?

If you print out a solid black triangle (top left to bottom right to bottom left) you should be able to see line repeat in the data dump. Look at the data in a hexdump, it'll make more sense that way. I assume that the printer is CMYK (or maybe more), so if it's really dump (and all the processing is done on desktop) you should work in this color space.

Hope this helps,

Mungewell.

Edited by mungewell
0

Share this post


Link to post
Share on other sites

Oh, and if you hexdump the data then you can use DIFF on it...

Munge.

0

Share this post


Link to post
Share on other sites

Sounds like a lot of fun but unfortunately due to finals I don't have time to really play around with it right now. If you haven't figured it out by the end of next week I should be able to help you with it.

0

Share this post


Link to post
Share on other sites

Here, I made you some images...

lexmark.zip

Can you print these to a CUPS raw file dump at the lowest resolution possible (on the Windows Printer) and put the results up somewhere?

Mungewell

0

Share this post


Link to post
Share on other sites

@mungewell: CMYK looks interesting, is there anything I could you to simply display the pixels assuming that they are CMYK codes?

0

Share this post


Link to post
Share on other sites
Here, I made you some images...

lexmark.zip

Can you print these to a CUPS raw file dump at the lowest resolution possible (on the Windows Printer) and put the results up somewhere?

Mungewell

It may look like a dumb question, but how do I do a CUPS raw file dump?

0

Share this post


Link to post
Share on other sites
@mungewell: CMYK looks interesting, is there anything I could you to simply display the pixels assuming that they are CMYK codes?

Once you find where the data block is (if it is of a fixed size) you could extract the particular block of bytes from the capture and either:

1) Convert then programmatically into a format you could view using C, python, perl or the like.

2) Use imagemagick's convert tool, which apparently has a raw CYMK mode (you have to specify image size and depth). see http://imagemagick.sourceforge.net/http/www/formats.html

Which part of the CUPs system are you working on? Data generation (ie printer driver), or sending the data to the printer? Can you just netcat the raw capture (from Windows printer) to the printer's IP/Port?

Mungewell.

0

Share this post


Link to post
Share on other sites
It may look like a dumb question, but how do I do a CUPS raw file dump?

This page tells you how to share a raw print queue (ie. CUPS does not attempt to process the image data) with a Windows machine:

http://etc.nkadesign.com/Printers/QL550LabelPrinterRaw

You then set the CUPS URI destination to 'file:/.... something', I used a file in the tmp directory, relevant part of my printers.conf is below. You may also need to set the 'FileDevice Yes' option in cupsd.conf to allow dumping to file.

<Printer QL570_File>
Info Dump to file
Location local
DeviceURI file:/tmp/ql570.raw
State Idle
StateTime 1238054724
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy retry-job
</Printer>

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now