TrendAI Zero Day InitiativeDec 8, 2022
While
@bl4sty
only scored a COLLISION (non-unique bug) - Peter definitely gets a boatload of STYLE POINTS for this hack on a Canon printer @ #P2OToronto #Pwn2Own
Show threadTrendAI Zero Day InitiativeDec 8, 2022
Show thread~swapgs

@thezdi Congrats!

First time I'm more interested by the code of the demo than the code of the exploit! Any plan to share it @blasty?

Dec 8, 2022 at 9:29pmWeb
Show threadblastyDec 8, 2022
@swapgs @thezdi for sure! I will polish it soon-ish and post it after my attempt at the Lexmark tommorow. (minus all exploit-code, of course)
Show threadAndyDec 8, 2022
@blasty @swapgs @thezdi What took longer? Finding the bugs or writing the demo?
Show threadblastyDec 8, 2022
@G33KatWork @swapgs @thezdi finding bug 1 day, writing stable exploit ~2 days, coding demo 1 day, writing a debugger for dryOS that I intended to use to find less shallow bugs but that I never got round to properly using: 5 days
Show threadblastyDec 8, 2022
@G33KatWork @swapgs @thezdi the debugger is called `sdb`, scuffed debugger. it runs in a separate dryOS RTOS thread and is interfaced over TCP. it can peek/poke memory and supports "scuffed breakpoints", which are just trampoline-hooks instead of actual proper breakpoints, it works well though!
Show threadblastyDec 11, 2022
@swapgs https://github.com/blasty/printer-cracktro here you go :)
GitHub - blasty/printer-cracktro

Contribute to blasty/printer-cracktro development by creating an account on GitHub.

GitHub
Show threadAndyDec 11, 2022

@blasty @swapgs
Everything is distributed as-is, don't expect support/updates.

Wait!? You don't support your cracktros? 😤​

Show threadblastyDec 11, 2022
@G33KatWork @swapgs this is a universal disclaimer actually that I should add to any working directory I push to github
Show thread~swapgsDec 11, 2022
@blasty really cool Sunday reading, thank you :)