Path: utzoo!attcan!uunet!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) Newsgroups: comp.virus Subject: Re: LaserWriter virus? Message-ID: <0009.9008021208.AA05484@ubu.cert.sei.cmu.edu> Date: 2 Aug 90 03:54:42 GMT Sender: Virus Discussion List Lines: 40 Approved: krvw@sei.cmu.edu I'd like to thank Ken for posting the code, and to aplogize to him for the rather abrasive note that I sent him. I have since recieved a series of questions from an individual about the contents of the code. I have examined the hex code. It is encrypted via a standard encryption routine used by Adobe, and documented in the new Black Book (the Type 1 Font Spec) book. The core routine, the 68000 machine language rotine is identical to the routine that I use for reading the eeprom, right down to the checksum. Since machine language routines have to be installed by the cexec operator, and since that operator will not function unless it is invoked from within a procedure that has been called via eexec (known as executing from within an eexec context), Nigel simply did the following: < .....680000 code > userdict begin cexec currentfile closefile and eexeced it. Then when eexec executes, the machine language will be executed by cexec, and the operator installed. I have taken a slightly diffrent tack, to achieve the same result. The dangerous routine, writeeeprom is a separate bit of 68000 code. I have decided to remove that from my code, so at this point my code is essentialy the same as Nigels code, except that I don't chage the password. I just report it. As was pointed out, this is a double edged sword. If you know the password you can reset the password. This routine shows you the password. If you choose, you can then reset it to some other value. This means that this routine could be used as the primary attack to change the password, and mess things up. It also means that if that happens, you can know about it and fix it. The universe is perverse. It is, however, better to be able to undo the damage when it is done than not to be able to undo the damage. Cheers Woody p.s. The code posted is a simple text file that can be sent to any Adobe 68000 postscript printer by any means whatsoever from any host whatsoever. It cannot hurt the host in anyway.