Hacking Your Coworkers Label Makers

Finally, a real hack! [PodeCoet] wrote in to tell us about a little fun he had recently in the workplace… He discovered the label makers everyone uses are all IP-enabled… and well, he took advantage of that.

His long but utterly delightfully written blog post is actually a tutorial on how to hack into Zebra-brand printers. From the realization of this possibility, to the first test print, to spoofing his MAC address, [PodeCoet] had a blast doing this — evident in his lovely descriptions of the events — like after he made first access to a printer over IP.

I’m now tripping absolute balls with excitement, and time seems to dilate as I rush to get to the car to drive home.

Unable to contain my excitement during the 20 minute drive, I pull over into a laneway, browse Zebra’s website on my smartphone, and download a copy of the “Zebra ZPL Programming Guide”.

Talk about excitement! Oh and did we mention he originally planned on getting fired by doing this?

He may have reconsidered though and decided on a more neutral-friendly label to mass print at work (which is an assembly line by the way). This is what he came up with:

FC03_trialRun

In the end his “printer attack” lasted about 15 seconds, in which all the printers managed to spit out the same label at about the same time. He wishes he could have gotten a video clip of his coworkers reactions, but obviously this may have given him away.

Here’s a screen cap of his lovely hacking application.

FC03_labelInterface

In conclusion, [PodeCoet] advises you to secure your network:

Always assume someone is trying to break into your s#%t, even if you think your staff are knuckle-dragging neanderthals struggling to make ends-meet.

57 thoughts on “Hacking Your Coworkers Label Makers

  1. “…Real Hack…”?

    Really?

    It is bad enough that the REST of the media only ever uses the word hack to mean “Nefarious computer wizardry and/or illegal doings”. Considering how vocal much of your audience is about using the word hack and hacker properly, you are either a moron, have some serious balls, or both.

    Considering how bad your posts have been titled/edited/sensationalized lately, I think you have just earned another 6 months on the Adblock blacklist. I’m still going to use your bandwidth, but you won’t be getting any ad revenue from me.

    The hack itself is fun, but the post here about it is not worth the calories you used to write it.

    1. Hey guys, let’s feed this troll over here.

      You don’t exactly pay them directly to keep this website up and running, while they do earn from ads of us visiting. No one is forcing anyone here. If you think most of the articles here are crap (sometimes I do, too) that’s going to be your problem. I just think of the bad articles here to be fillers for their daily quota; there are good ones that I really enjoy reading. I’m just reading whatever is in here to waste time, and commenting about your dissatisfaction in this website does waste more time. You can always go directly to the hacker’s page if you don’t like how they do their articles here, or better yet just use Google to find hacks that interest you.

      1. Exactly. Mike doesn’t give us an allowance. Those $0.0002’s pay our salaries. Basically it’s the salami slicing plot from Superman 3, Hackers, and Office Space. We need HUNDREDS of you idiots so we can accumulate pennies, PENNIES of profits!

        No raindrop believes they’re to blame for the flood, but they all did their part equally. You guys are our raindrops. And the flood is our paycheques.

        We have lost the value of a fan like Ian. Luckily, his value was negative, so, now his mom will have to spend those extra few minutes a day with him. Ian’s mom, sorry about that, gimme a call if I can do anything to pass the time better.

        1. That last line was gold. +1

          As for AdBlock, for some odd reason, even though I have it enabled, most of your ads do make it through. Not that I’m complaining, I like many of them anyway. I mostly use AdBlock for those pop-ups that gets in the way of me enjoying the site. Beside, unobtrusive ads are more likely to be clicked on than most pop-ups just by virtue of being relevant and connected to the paged being view instead of a pop-up that blocks the content. Just my $00.0000000000002 (cuz you guys looooooovveeeeee zeros ;)).

        2. Unfortunately Ians mom is busy blowing me right now so I don’t think he’ll get the attention he so desperately needs. I think its time to disable adblock and click wildly on ads. Here you go HAD, have another 2e-12 cents.

    2. After reading your reply I have broken my many years of silent reading of this site and not commenting, I’ve decided to break my long silence to come in here and say: “Good for you to come to this site with ad-block enabled. Way to stick it to the man.” *high fives*

      *sigh*

  2. At first I was like, “man prints to network printer, where’s the hack?”

    Then I realized this was done with somewhat limited access. Without assistance of a print driver. And covering tracks well beyond what one would consider sane, all for the sake of a practical joke.

    As a man who risked firing to yank the hard drive out of a $50K Calcomp Electrostatic Plotter, and sector edited the drive so that the field repairman coming later that day would see messages on the front panel LCD like “Printing ultraviolet pass”, “Printing gangrene pass” and so on, this bit of utter silliness finds resonance with me. I salute you.

  3. This is what Zebra suggests you when you have to print to their devices.
    When you don’t have a windows driver and you need to print on them you normally open the TCP port and send ZPL commands to it, quite normal from a unix machine, a plc, a dumb terminal or whatever device you have in front of you. Just ask to every field engineer (AutoID sector) and you’ll have this reply

    1. I’m that guy — Sorry about the lack of context. It’s not the targets I mind terribly (even though these are the hardest working employees I’ve seen). All work was done during break or after hours.

      I applied for a more technical role initially, and I was approved for it – They made me wait a month, during which I lost other job opportunities. The start date arrived, and they told me that the role isn’t ready, and offered me a “temporary” role for a few weeks, for far less pay, which I had no choice but to accept.

      …Well, it’s been over two months now, I;m still in this role with no answers, and I’m starting to doubt the position I applied for even existed.

  4. Where’s the hack in using the manufacturer provided programming language to do what the device was defined to do? I use ZPL all the time in industrial control systems. The PLC spits out ZPL to print part labels. Oh and I feel it neccesary to say you could have done this with an Arduino.

    1. Where’s the hack? Your shipment goes to someone else. Your blood test gets swapped with someone else’s. Does not “hack” mean “using gear for purposes other than what was intended”? Do you really assert that the manufacturer intended for fraudsters to be able to print their own labels?

      1. Still no hack since you’ve got unrestricted access to the network that all the printers are on. What exactly do you expect to happen if you send a print job to a printer? It doesn’t care if you’re printing an address label or a meme phone. If a fraudster has full access to your network then printing some labels using a fully manufacturer documented protocol is the least of your problems.

  5. 1. Awesome!
    2. Didn’t even know the term “honeyd*cked”.
    3. All that cover up and his coworkers sussed him out immediately (i.e., “F*cking Ahmad! I know it was you!”).
    4. I wonder what various circumstances he had that made him work this job. He’s obviously slumming it over there given his technical background, knowledge, and talent.
    5. Awesome!

    1. ” I wonder what various circumstances he had that made him work this job.”

      RTFA:

      “For those unaware, I work a temp-job on an assembly line, for a fairly well known manufacturer of Digital set-top boxes.”

      You may wonder, but if he’s working a temp job, one could surmise that he’s working the job because he needs the money.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.