gris@surf.sics.bu.oz (Dave Gris) (07/21/90)
I saw an article about a Trojan horse program to change passwords on LaserWriters. In fact anyone can manually as well. So I thought I would try to change mine. Not too difficult, because I have done a little PostScript and I have got PostScript the blue book and PostScript the red book. Changing the passord is 3 lines of postscript and that works fine. The problem is after I turn the printer off and on again I can't print anymore :-(. The error I get is: %%[Error:invalid access; Offending Command:exitserver] %% This is the error you get when you do an exitserver with an incorrect password. Can I assume that the Mac is normally using the default password of 0? If it is I think that's a real nuisance! Or am I missing something? Does it mean I have to leave the PassWord set at 0? With about 30 LaserWriters accessable on the net someone (not saying student) could do a lot of damage changing names and passwords on printers. Another question which I think has been raised before but I did not see an answer is: How to you go back to the defaults? Rip the board out and put it in the microwave on medium for 2 minutes I suppose. :-) Thanks in advance gris
mha@batcomputer.tn.cornell.edu (Mark H. Anbinder) (07/21/90)
In article <1216@surf.sics.bu.oz> gris@surf.sics.bu.oz (Dave Gris) writes: > >I saw an article about a Trojan horse program to change passwords on >LaserWriters. In fact anyone can manually as well. So I thought I would >try to change mine. Not too difficult, because I have done a little >PostScript and I have got PostScript the blue book and PostScript >the red book. > >Changing the passord is 3 lines of postscript and that works fine. >The problem is after I turn the printer off and on again I can't print >anymore :-(. The error I get is: > %%[Error:invalid access; Offending Command:exitserver] %% >... > >Does it mean I have to leave the PassWord set at 0? With about 30 >LaserWriters accessable on the net someone (not saying student) could >do a lot of damage changing names and passwords on printers. > >Another question which I think has been raised before but I did not >see an answer is: How to you go back to the defaults? Rip the board >out and put it in the microwave on medium for 2 minutes I suppose. :-) I believe in order to use a LaserWriter that has had its password changed from 0 to something else, you have to patch your Laser Prep file to tell it to send the new password. I don't know how to do this... I don't think it's a feature of the PostScript controller that Apple intended for people to use, so it is not well documented. I have the same info you do about setting the password through pure PostScript, but don't know how the drivers on the Mac end handle it. Using the password you set it to, you should be able to get access to the controller and change the password back to 0 (I strongly recommend this!). You'll then be able to print without modifying your Laser Prep and those of all the other users on your network. (Visualize for a moment the chaos that would ensue next time you upgrade to a new version of the LaserWriter driver and don't remember the password to patch the new driver files....) That trojan horse you mention is particularly insidious. There is NO way to return the printer to its default password without replacing the entire controller board unless you know the password. If a program has set the password without you knowing it, you're screwed. There are only 65536 possible passwords, so in theory you could write a program to try them all, but to prevent unauthorized people from doing just that, the PostScript controller waits eleven seconds (or was it minutes?) after an unsuccessful password attempt before letting you try again. (Sounds like the command console prefix code in Star Trek II! Sorry, ignore that. Just TrekBabble.) If that trojan spreads, it will be interesting to see whether Apple will let people affected by it replace the controller board in their printers under warranty or AppleCare, or whether they'll say such damage is not covered... I say all this as if I know what I'm talking about. :-) Much of this information I owe to Adam Engst: pv9y@vax5.cit.cornell.edu, local Mac consultant, virus expert, and one of the authors of TidBITS, that ultra-hoopy weekly Macintosh news update in HC stack format. We were discussing that LaserWriter trojan the other night (I hadn't heard about it before then), and he told me all this neat stuff about what happens after the password gets set. Thanks, Adam! -- Mark H. Anbinder ************************* mha@tcgould.tn.cornell.edu BAKA Computers * ******* ...!batcomputer!memory!mha 200 Pleasant Grove Rd. H: (607) 257-3480 ****** Ithaca, NY 14850 W: (607) 257-2070 ***** Memory Alpha BBS 607-257-5822
mkb@rover.ri.cmu.edu (Mike Blackwell) (07/22/90)
A previous poster claimed that if your LaserWrtier password gets changed to some unknown value (via a Trojan horse or otherwise), you need to have the controller board replaced. This is not true. There are several PostScript programs floating around that will allow you to reset the password on most Adobe PS engines (including the one in the Apple LaserWriter). One went by on comp.lang.postscript just a few days ago. Check there for more info. If you are a Mac network administrator, this is a tool you should have... Mike Blackwell mkb@rover.ri.cmu.edu
casper@fwi.uva.nl (Casper H.S. Dik) (07/22/90)
In article <10557@batcomputer.tn.cornell.edu> mha@tcgould.tn.cornell.edu (Mark H. Anbinder) writes: } }I believe in order to use a LaserWriter that has had its password changed }from 0 to something else, you have to patch your Laser Prep file to tell }it to send the new password. I don't know how to do this... I don't }think it's a feature of the PostScript controller that Apple intended }for people to use, so it is not well documented. I have the same info }you do about setting the password through pure PostScript, but don't know }how the drivers on the Mac end handle it. The feature is well documented by Adobe. Apple is to blame for the not working of the LaserPrep when the password is not 0. They should have done something like: statusdict begin 0 checkpassword %now decide to download LaserPrep permanently %or not We use lwsrv from CAP which never causes the LaserPrep to be downloaded permanently. It also allows the use of several different LaserPrep versions at the same time. }Using the password you set it to, you should be able to get access to the }controller and change the password back to 0 (I strongly recommend this!). }You'll then be able to print without modifying your Laser Prep and those }of all the other users on your network. (Visualize for a moment the chaos }that would ensue next time you upgrade to a new version of the LaserWriter }driver and don't remember the password to patch the new driver files....) We don't have that problem, because we don't have to patch anything. But CAP isn't really an option if you don't have a UN*X box. I have given our laserprinter a password and a different AppleTalk type. Now there's no way a user can print directly to the printer, download fonts permanently or do irreversible damage. (Because Apple LaserPrep assumes a 0 password, downloading requires the password and with the password you can wipe the printer's disk or worse) }That trojan horse you mention is particularly insidious. There is NO way }to return the printer to its default password without replacing the entire }controller board unless you know the password. If a program has set the }password without you knowing it, you're screwed. There are only 65536 }possible passwords, so in theory you could write a program to try them all, }but to prevent unauthorized people from doing just that, the PostScript }controller waits eleven seconds (or was it minutes?) after an unsuccessful }password attempt before letting you try again. Our printer (Apple's printers too, I think) allow 2^32 different passwords. They all wait one second (after a checkpassword). It will take a cracker 136 years to check all passwords. }If that trojan spreads, it will be interesting to see whether Apple will }let people affected by it replace the controller board in their printers }under warranty or AppleCare, or whether they'll say such damage is not }covered... It's just an eeprom that needs to be replaced. So if you have access to an eeprom copier and an identical printer you can replace it. But it might be soldered to the controller board. If this trojan gets around, Apple should: a) tell people to set a password on their LaserWriters b) provide a utility to do so. c) provide a utility to download laserprep with a password. or c2) modify laserprep to enable people to print without the password. -- Casper H.S. Dik VCP/HIP: +31205922022 University of Amsterdam | casper@fwi.uva.nl The Netherlands | casper%fwi.uva.nl@hp4nl.nluug.nl
gross@umiami.miami.edu (JD144) (07/23/90)
In article <10557@batcomputer.tn.cornell.edu>, mha@batcomputer.tn.cornell.edu (Mark H. Anbinder) writes: > > I believe in order to use a LaserWriter that has had its password changed > from 0 to something else, you have to patch your Laser Prep file to tell > it to send the new password. I don't know how to do this... I don't > think it's a feature of the PostScript controller that Apple intended > for people to use, so it is not well documented. I have the same info > you do about setting the password through pure PostScript, but don't know > how the drivers on the Mac end handle it. We've done this...we use a modified Laser Prep (source: eagle.wesleyan.edu) to control certain aspects of the printer's functions (copy limits, manual feeds). To do this you download the modified Laser Prep along with the code to reset the password. Now, if you turn the printer off... the password that you set is saved in an EEPROM (I think) so the next time you try and print, you'll get that nasty invalidaccess error. To get rid of this, you'll need to download your modified Laser Prep with the correct password. (Interesting side note: One day, we had a real bad lightening storm. I dunno what happened, but the entire EEPROM got reset...the page count was set back to zero, the name was set back the default, and the password was set back to 0. No physical damage, but I guess that's ONE way to overcome your password problems.) > That trojan horse you mention is particularly insidious. There is NO way > to return the printer to its default password without replacing the entire > controller board unless you know the password. If a program has set the > password without you knowing it, you're screwed. There are only 65536 > possible passwords I thought there were only 254 available passwords. Hafta try this one... > If that trojan spreads, it will be interesting to see whether Apple will > let people affected by it replace the controller board in their printers > under warranty or AppleCare, or whether they'll say such damage is not > covered... I have heard nada about this supposed PostScript trojan...anyone care to enlighten me? Sounds like someone just adding the setpassword code to their printout and downloading it to the printer... > I say all this as if I know what I'm talking about. :-) Much of this > information I owe to Adam Engst: pv9y@vax5.cit.cornell.edu, local Mac > consultant, virus expert, and one of the authors of TidBITS, that ultra-hoopy > weekly Macintosh news update in HC stack format. We were discussing that > LaserWriter trojan the other night (I hadn't heard about it before then), > and he told me all this neat stuff about what happens after the password > gets set. Thanks, Adam! Ultra-hoopy? What kind of word is ultra-hoopy?! You nawtherners are a strange lot..we should've left when we had the chance... :) -- Jason Gross Comp Sci Ugrad University of Miami Class of '91 (?) =========================================================================== Hey, wanna save the world? | Got sumtin' to say? gross@umiami.bitnet Nuke a Godless, Communist, | Pick and choose! gross@umiami.miami.edu gay whale for Christ. | gross@miavax.ir.miami.edu - Anonymous | jgross@umbio.med.miami.edu =========================================================================== The University of Miami has a lovely fountain.
newbery@rata.vuw.ac.nz (Michael Newbery) (07/23/90)
In article <10557@batcomputer.tn.cornell.edu> mha@tcgould.tn.cornell.edu (Mark H. Anbinder) writes: >I believe in order to use a LaserWriter that has had its password changed >from 0 to something else, you have to patch your Laser Prep file to tell >it to send the new password. I don't know how to do this... I don't You patch the Laserwriter cdev, not the LaserPrep file. The strings to do this are in the POST resources -8192 and -8161 (at least on my version), POST resources are like STR# resources (at least in this case), use the STR# template in ResEdit. Of course this means that you have to provide patched versions of the laserwriter driver to everyone, and Pagemaker does not work (unless you explicitly load the AldusPrep file down using a program that knows the new password.) Strangely enough, we do this, even though it causes some hassels. The upside is that we don't have to worry about the LW being restarted ten times a day by people loading different (non-current) versions of the LaserPrep, incidentally trashing the downloaded fonts. (This is on our public LW.) Not to mention some extremly badly behaved MSDOS WPs that know 0 about networking/sharing and attempt to reconfigure the EEPROM (to pretty antisocial settings) every time they are run. Rumor hath it that the problems with LaserPrep go away with Sys7, for which I am very thankful. -- Michael Newbery<newbery@rata.vuw.ac.nz> Distrust aphorisms
lsr@Apple.COM (Larry Rosenstein) (07/24/90)
In article <10557@batcomputer.tn.cornell.edu> mha@tcgould.tn.cornell.edu (Mark H. Anbinder) writes: > >That trojan horse you mention is particularly insidious. There is NO way >to return the printer to its default password without replacing the entire >controller board unless you know the password. If a program has set the In comp.lang.postscript, quando@ibmpcug.co.uk (Nigel Yeoh) posted a program that is supposed to reset the printer password to 0. I haven't tried it personally. The title of the message is resetpassword.ps, and the id is <1990Jul19.232247.3166@ibmpcug.co.uk> -- Larry Rosenstein, Object Specialist Apple Computer, Inc. 20525 Mariani Ave, MS 46-B Cupertino, CA 95014 AppleLink:Rosenstein1 domain:lsr@Apple.COM UUCP:{sun,voder,nsc,decwrl}!apple!lsr
stevel@eleazar.dartmouth.edu (Steve Ligett) (07/25/90)
In article <1216@surf.sics.bu.oz> gris@surf.sics.bu.oz (Dave Gris) writes: > >I saw an article about a Trojan horse program to change passwords on >LaserWriters... >Another question which I think has been raised before but I did not >see an answer is: How to you go back to the defaults? Rip the board >out and put it in the microwave on medium for 2 minutes I suppose. :-) Maybe it's a deep dark secret, but I don't hink anyone has mentioned that you can reset the eeprom on a LaserWriter. If you remove one of the LaserWriter roms, the LaserWriter will reset the eeprom when it boots. 1. I don't remember which rom you have to remove, but I think it's one of the ones at a corner of the rom array. 2. This will reset everything - the name, the password, the page count, ... Disclaimer -- If you don't know how to safely remove and replace roms, don't try. Don't blame me. You could always just copy the eeprom with a prom burner. Assuming you had made a back-up of it... -- steve.ligett@dartmouth.edu or ...!dartvax!steve.ligett