Finally, a real hack! [PodeCoet] wrote in to tell us about a little fun he had recently in the workplace… He discovered the label makers everyone uses are all IP-enabled… and well, he took advantage of that.
His long but utterly delightfully written blog post is actually a tutorial on how to hack into Zebra-brand printers. From the realization of this possibility, to the first test print, to spoofing his MAC address, [PodeCoet] had a blast doing this — evident in his lovely descriptions of the events — like after he made first access to a printer over IP.
I’m now tripping absolute balls with excitement, and time seems to dilate as I rush to get to the car to drive home.
Unable to contain my excitement during the 20 minute drive, I pull over into a laneway, browse Zebra’s website on my smartphone, and download a copy of the “Zebra ZPL Programming Guide”.
Talk about excitement! Oh and did we mention he originally planned on getting fired by doing this?
He may have reconsidered though and decided on a more neutral-friendly label to mass print at work (which is an assembly line by the way). This is what he came up with:
In the end his “printer attack” lasted about 15 seconds, in which all the printers managed to spit out the same label at about the same time. He wishes he could have gotten a video clip of his coworkers reactions, but obviously this may have given him away.
Here’s a screen cap of his lovely hacking application.
In conclusion, [PodeCoet] advises you to secure your network:
Always assume someone is trying to break into your s#%t, even if you think your staff are knuckle-dragging neanderthals struggling to make ends-meet.
57 thoughts on “Hacking Your Coworkers Label Makers”
Fine, I’ll bite.
“What is ends-meat?”
Everybody loves sausage, but nobody wants to know how it’s made
According to urbandictionary: “-the more rational way of describing life in a struggle, rather than “make ends meet” “
Pork butt and head cheese.
HAH! They’re even inverted!
Oh, I love calamari.
Oh man I am /DYING/ of laughter! I’ve updated the blog post with a link to that image, and credited you for the discovery
I’m honoured, I’ll send you a case of rectums.
I shall await said rectums with an elevated level of anticipation
Thank God they’re boneless, I hate it when my pork rectums have bones in them.
“rectum? damned near killed him!!”
+1 for the MIB reference
Hahaha boned pork rectums \o/
Hardly knew ’em
Have you tried to invert the pork rectums?
It’s Australia Day and this means we eat meat on the BBQ while we read this Aussie hack.
It is bad enough that the REST of the media only ever uses the word hack to mean “Nefarious computer wizardry and/or illegal doings”. Considering how vocal much of your audience is about using the word hack and hacker properly, you are either a moron, have some serious balls, or both.
Considering how bad your posts have been titled/edited/sensationalized lately, I think you have just earned another 6 months on the Adblock blacklist. I’m still going to use your bandwidth, but you won’t be getting any ad revenue from me.
The hack itself is fun, but the post here about it is not worth the calories you used to write it.
After reading your post I disabled my adblock.
That’s nice of you, but Ian was already using Adblock.
Disabling mine also.
I think I will too, might as well add an exception for my favorite website.
Ditto. Disabled mine.
Ditto disabled mine when I realised it’s not helping my fav site!
Disabled, thanks to [Ian] for bringing this to our attention.
Don’t have adblock. Will not install it because I almost never pay for content and hate paywalls. So choosing between ad’s and payed news i choose the first.
Hey guys, let’s feed this troll over here.
You don’t exactly pay them directly to keep this website up and running, while they do earn from ads of us visiting. No one is forcing anyone here. If you think most of the articles here are crap (sometimes I do, too) that’s going to be your problem. I just think of the bad articles here to be fillers for their daily quota; there are good ones that I really enjoy reading. I’m just reading whatever is in here to waste time, and commenting about your dissatisfaction in this website does waste more time. You can always go directly to the hacker’s page if you don’t like how they do their articles here, or better yet just use Google to find hacks that interest you.
Oops, someone farted, so I’m going to enable my ad blocker on Hackaday for another 40 years!
disabled mine – thanks for the reminder IAN.
So incensed by a free website. Much vitriol. Pro-level trolling right here! I grant +17 internet points from my points treasury. Use them wisely!
Ripping that $0.0002 right out of HaD’s kid’s mouth. Shameful.
Exactly. Mike doesn’t give us an allowance. Those $0.0002’s pay our salaries. Basically it’s the salami slicing plot from Superman 3, Hackers, and Office Space. We need HUNDREDS of you idiots so we can accumulate pennies, PENNIES of profits!
No raindrop believes they’re to blame for the flood, but they all did their part equally. You guys are our raindrops. And the flood is our paycheques.
We have lost the value of a fan like Ian. Luckily, his value was negative, so, now his mom will have to spend those extra few minutes a day with him. Ian’s mom, sorry about that, gimme a call if I can do anything to pass the time better.
That last line was gold. +1
As for AdBlock, for some odd reason, even though I have it enabled, most of your ads do make it through. Not that I’m complaining, I like many of them anyway. I mostly use AdBlock for those pop-ups that gets in the way of me enjoying the site. Beside, unobtrusive ads are more likely to be clicked on than most pop-ups just by virtue of being relevant and connected to the paged being view instead of a pop-up that blocks the content. Just my $00.0000000000002 (cuz you guys looooooovveeeeee zeros ;)).
Unfortunately Ians mom is busy blowing me right now so I don’t think he’ll get the attention he so desperately needs. I think its time to disable adblock and click wildly on ads. Here you go HAD, have another 2e-12 cents.
i look forward to reading some of the numerous ‘real’ hacks that you are about to submit to the tip line!!
doh!!! i don’t know how that happened.. was supposed to be a reply to ‘ian’….
After reading your reply I have broken my many years of silent reading of this site and not commenting, I’ve decided to break my long silence to come in here and say: “Good for you to come to this site with ad-block enabled. Way to stick it to the man.” *high fives*
At first I was like, “man prints to network printer, where’s the hack?”
Then I realized this was done with somewhat limited access. Without assistance of a print driver. And covering tracks well beyond what one would consider sane, all for the sake of a practical joke.
As a man who risked firing to yank the hard drive out of a $50K Calcomp Electrostatic Plotter, and sector edited the drive so that the field repairman coming later that day would see messages on the front panel LCD like “Printing ultraviolet pass”, “Printing gangrene pass” and so on, this bit of utter silliness finds resonance with me. I salute you.
This is what Zebra suggests you when you have to print to their devices.
When you don’t have a windows driver and you need to print on them you normally open the TCP port and send ZPL commands to it, quite normal from a unix machine, a plc, a dumb terminal or whatever device you have in front of you. Just ask to every field engineer (AutoID sector) and you’ll have this reply
Are those the same field engineers that installed the credit card machines at Target? Just asking…
I know the guy was a little upset about the targets, but given the amount of time he seemed to spend on this, I’m starting to wonder.
If he manages to find the spare time to do all of this then they probably aren’t the slave drivers that he makes them out to be.
unsure. he mentions a few times that he was on break, and even that he came in earlier to work to test stuff
I’m that guy — Sorry about the lack of context. It’s not the targets I mind terribly (even though these are the hardest working employees I’ve seen). All work was done during break or after hours.
I applied for a more technical role initially, and I was approved for it – They made me wait a month, during which I lost other job opportunities. The start date arrived, and they told me that the role isn’t ready, and offered me a “temporary” role for a few weeks, for far less pay, which I had no choice but to accept.
…Well, it’s been over two months now, I;m still in this role with no answers, and I’m starting to doubt the position I applied for even existed.
They smuggled a shitty job, inside of what appeared to be a good job. it was pin for pin compatible.
Karma dude. Karma.
did you learn your lesson about waiting on jobs?
Damn straight. I wouldn’t normally wait – I figured it’s a large company, and once they “approve you” you’re bloody approved. Never again.
Where’s the hack in using the manufacturer provided programming language to do what the device was defined to do? I use ZPL all the time in industrial control systems. The PLC spits out ZPL to print part labels. Oh and I feel it neccesary to say you could have done this with an Arduino.
Funny that the author doesn’t mention that this is a hack even once on the page
Where’s the hack? Your shipment goes to someone else. Your blood test gets swapped with someone else’s. Does not “hack” mean “using gear for purposes other than what was intended”? Do you really assert that the manufacturer intended for fraudsters to be able to print their own labels?
Still no hack since you’ve got unrestricted access to the network that all the printers are on. What exactly do you expect to happen if you send a print job to a printer? It doesn’t care if you’re printing an address label or a meme phone. If a fraudster has full access to your network then printing some labels using a fully manufacturer documented protocol is the least of your problems.
2. Didn’t even know the term “honeyd*cked”.
3. All that cover up and his coworkers sussed him out immediately (i.e., “F*cking Ahmad! I know it was you!”).
4. I wonder what various circumstances he had that made him work this job. He’s obviously slumming it over there given his technical background, knowledge, and talent.
” I wonder what various circumstances he had that made him work this job.”
“For those unaware, I work a temp-job on an assembly line, for a fairly well known manufacturer of Digital set-top boxes.”
You may wonder, but if he’s working a temp job, one could surmise that he’s working the job because he needs the money.
You may want to RTFA this (i.e., his “About” page): About Myself and UltraKeet. He had a presumably high(er)-paying engineering career, but chose to quit. He said something about preserving his sanity, but I’m not sure this is any better. (c:
I’m thinking when he did the network port scan, to exclude office printers and target a particular manufacturer, it’s likely that one could have filtered by the MAC address of the devices, as generally like devices will have similar prefixes.
Damn! That’s actually a brilliant idea, didn’t think of it at the time
You had me at the headline, wherein you referred to hacked coworkers! Apostrophes save lives. So do commas…See “Let’s eat Grandma!” vs. “Let’s eat, Grandma!”
Please be kind and respectful to help make the comments section excellent. (Comment Policy)