Silk Road forums

Discussion => Security => Topic started by: goblin on March 26, 2012, 08:08 pm

Title: Color laser printer steganography
Post by: goblin on March 26, 2012, 08:08 pm
Anybody out there an expert in firmware hacking of laser printers? I'm talking about a way to defeat the steganography that appears to be part and parcel of almost all color laser printers? This insidious practice poses a danger to the privacy of everyone who owns one of these contraptions.

A software alteration or firmware "update" could defeat it. Any genius hackers out there?
Title: Re: Color laser printer steganography
Post by: High Friend on March 26, 2012, 08:20 pm
Although it can probably be done, I'm not smart enough to do so. I've always wondered though, if you're only printing black and white, is it possible to remove the yellow (or whatever color your printer uses) toner cartridge and still print? What about inserting an empty cartridge?

If I was smart enough to change the firmware, I would make the stenography translate to "FUCK THE FEDS". Betcha they wouldn't be expecting that.
Title: Re: Color laser printer steganography
Post by: goblin on March 27, 2012, 02:26 am
Although it can probably be done, I'm not smart enough to do so. I've always wondered though, if you're only printing black and white, is it possible to remove the yellow (or whatever color your printer uses) toner cartridge and still print? What about inserting an empty cartridge?

If I was smart enough to change the firmware, I would make the stenography translate to "FUCK THE FEDS". Betcha they wouldn't be expecting that.

I also thought of just printing in black, but the yellow dots would probably be spattered anyway. If you empty the yellow cartridge, I think the printer would refuse to print. I also thought of creating a uniform yellow field on which to print in black, so that the yellow dots would be invisible, but that would be horribly wasteful, although if you did it only for shipping labels now and again, I guess the expense would be relatively minor. Yellow shipping labels? Hmmm...
Title: Re: Color laser printer steganography
Post by: LittlePharma on March 27, 2012, 05:50 am
Are these trackers present on Dymo 450 Turbo label printers?
Title: Re: Color laser printer steganography
Post by: clixor on March 27, 2012, 10:39 am
Good point raised here. I think best is to get an occasion printer at a garage sale or flea market. Most def not in a shop.
Title: Re: Color laser printer steganography
Post by: sbaxter on March 27, 2012, 11:28 am
Jut tried: A HP C5225 refuses to print without a yellow cartridge present. Don't know about an empty one though.
Title: Re: Color laser printer steganography
Post by: High Friend on March 27, 2012, 01:09 pm
Are these trackers present on Dymo 450 Turbo label printers?

I've never heard of a thermal printer using stenography; only color laser printers. Just make sure your labels are not serialized. It's unlikely but put two labels side by side and make sure none of the numbers in the margins are changing between labels.

This has been covered before but here's a list of printers that print the "tracking dots":

https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
Title: Re: Color laser printer steganography
Post by: sebhickey on March 28, 2012, 08:07 am
Most modern colour laser printers will print their serial number + other identifiers in the form of yellow dots, barely visible to the naked eye, on every print / copy made.
I am an ex Xerox employee and anti counter fitting measures have been part of my training. On Xerox products the described serial numbers are located on 3 different boards in the machine. Should a board fail and need to be replaced (image processor, engine controller, etc) this can be done without any problem provided that the 2 remaining boards will still contain matching serial numbers. If you replace more than 1 boards before the serial numbers can be synced, because of failure or possible from a donor machine. The machine will not power up and need to be activated by a Xerox NTS (national specialist) that can generate a code to do this. It is not a matter of just "hacking" some firmware and I would not hold my breath on anybody having access to these internal machine systems to have this done. I know other vendors have to adhere to the same standards set out by governments but might use slightly different systems. But they all work on the same basics.
Also, any (laser) printer will have certain printing characteristics due to wear and tear and adjustments of parts. I know of a true story of a forger being linked to a particular laser printer, even though this particular machine did not print the serial number on the forged documents by means described above. He got busted somehow else, but it was still proved that these forgeries were printed on his machine.
Moral of the story, buy a second hand printer in a way that cannot be traced back to you. In cash, no names, etc.
Title: Re: Color laser printer steganography
Post by: goblin on March 28, 2012, 12:30 pm
Most modern colour laser printers will print their serial number + other identifiers in the form of yellow dots, barely visible to the naked eye, on every print / copy made.
I am an ex Xerox employee and anti counter fitting measures have been part of my training. On Xerox products the described serial numbers are located on 3 different boards in the machine. Should a board fail and need to be replaced (image processor, engine controller, etc) this can be done without any problem provided that the 2 remaining boards will still contain matching serial numbers. If you replace more than 1 boards before the serial numbers can be synced, because of failure or possible from a donor machine. The machine will not power up and need to be activated by a Xerox NTS (national specialist) that can generate a code to do this. It is not a matter of just "hacking" some firmware and I would not hold my breath on anybody having access to these internal machine systems to have this done. I know other vendors have to adhere to the same standards set out by governments but might use slightly different systems. But they all work on the same basics.
Also, any (laser) printer will have certain printing characteristics due to wear and tear and adjustments of parts. I know of a true story of a forger being linked to a particular laser printer, even though this particular machine did not print the serial number on the forged documents by means described above. He got busted somehow else, but it was still proved that these forgeries were printed on his machine.
Moral of the story, buy a second hand printer in a way that cannot be traced back to you. In cash, no names, etc.

That's very helpful, thank you.