This repository contains varios scripts and projects referenced in FoxGlove security's HP printer blogpost.
This python script can be used to create modified but still valid HP software solution bundles. Usage instructions are built into the tool.
All you need to do is open "mod.zip", replace or add any files that you would like, and then run the following command:
python hp_solution_patcher.py orig.bdl orig.zip mod.zip
This will generate a new, modified BDL file called patched.bdl
This contains two .NET projects. Sorry if DLL references are broken, they are probably absolute paths on my machine, you'll need to make them relative if I don't get around to fixing that. I've provided the DLL's, you may just need to fix up the project file to point to them.
This project is a re-implementation of HP's DLL signature verification code. You can run it against a DLL to see if it will pass HP's signature check. The algorithm is not EXACTLY the same as HP's. We do no verify the certificate chain and check the issuer, etc... But it was helpful to us in building our malicious DLL files.
HP Printer backup files are encrypted zip files. There is no mechanism to decrypt them off of the printer, they are not supposed to be decrypted. We provide code here that will decrypt a backup file generated by an HP printer given that you know the passcode.
###MaliciousSolution This project is a simple piece of malware in the form of an HP Solution that will call home to an HTTP server and execute the commands found in a text file on that server.
The important thing to note about this project is that it must be built using the .NET Compact Framework (I think version 2.0). This comes with Visual Studio 2008 professional. That is the only place I was able to find a copy.