Hewlett & Packard, the founders, had great lessons to teach us (managers in high-tech) about culture. To the extend of quoting them in my awesome list on engineering team management .Ā šŸ‘Øā€šŸ’¼

HP Inc., the company, sucks. At least their printer divisionā€™s business model . They recently pushed a firmware update to ban third-party compatible toner cartridges .Ā šŸ’”

The timeline isĀ straightforward:

  • 2020, March: general lockdown. šŸ¦  I need a home office. SO is a scientist and spend her time printing papers for review. Got her an HP Color LaserJet M254dw to keep her productive workflow ( publish or perish! ).

  • 2020, October: HP release a new firmware (versioned 20201021 ).

  • 2020, November: my printer auto-upgrade. Iā€™m welcomed with this Supply Problem Screen of Death :

I canā€™t print anymore.Ā šŸ¤Æ

8 months. My printer worked for only height months.Ā šŸ˜¤

OK . Itā€™s my fault. I should have spent more money buying certifiedā„¢ gear.Ā šŸ˜‘

The solution is to travel back in time when things were working just great, and downgrade to the previousĀ firmware.

Disable auto-upgrade Ā¶

We will stop this madness for good, and prevent the printer from downloading a firmware behind ourĀ back.

In the control panel, go to Setup > Service > LaserJet Update > Manage Updates :

Then set theseĀ options:

  • Allow Downgrade: Yes
  • Check Automatically: Off
  • Prompt Before Install: Always Prompt
  • Allow Updates: Yes

Iā€™m quite surprised downgrades are allowed. šŸ¤” It seems out of character. Therefor, with my Evil Product Manager hat on, I advise HP to monetize this feature under a monthly Enterprise Subscription of sort.Ā šŸ˜ˆ

Download old firmware Ā¶

I got lucky and found the previous 20200612 firmware referenced in https://ftp.hp.com/pub/networking/software/pfirmware/pfirmware.glf .

There youā€™ll get a direct link to the .rfu file (Remote Firmware Update): http://ftp.hp.com/pub/networking/software/pfirmware/HP_Color_LaserJet_Pro_M254_dw_Printer_series_20200612.rfu .

And just in case it disappear from its original location, here is a copy of HP_Color_LaserJet_Pro_M254_dw_Printer_series_20200612.rfu .

The checksum of that fileĀ is:

$ sha256sum ./HP_Color_LaserJet_Pro_M254_dw_Printer_series_20200612.rfu

Downgrade firmware Ā¶

Once you get the .rfu file, list all your printers from a macOSĀ terminal:

$ lpstat -p -d
printer HP_Color_LaserJet_M254dw_0 is idle.  enabled since Fri Nov  6 17:47:06 2020
system default destination: HP_Color_LaserJet_M254dw_0

And run the firmware downgrade CLI :

$ lpr -P HP_Color_LaserJet_M254dw_0 /Users/kde/Downloads/HP_Color_LaserJet_Pro_M254_dw_Printer_series_20200612.rfu

Nothing gets printed to theĀ console.

I donā€™t know what happens here but it seems the .rfu file is pushed to the printerā€™s queue, and then gets consumed as any other printable document. See, the RFU file format is a matryoshka doll embedding printing commands, encoded data and raw NAND code.

After a minute or two, the printers reboots and upgradesĀ itself:

And weā€™re back in business!Ā šŸ„³

A detour via Setup > Service > Firmware Datecode menu confirm weā€™re running the the previousĀ firmware:

Finally, to lock any possibility of a firmware change, go back to Setup > Service > LaserJet Update > Manage Updates to set the optionĀ to:

  • Allow Updates: No

Printer security Ā¶

In my research for this article, I found out about PRET , a printer exploitation toolkit . Itā€™s a brilliant tool, in a malignant way. It allows for pen-testing and hacking, using the same vectors as the firmware update.Ā šŸ¤«

Iā€™ll probably play with it in the future. For fun, but also to try enhance the security of the printer. In the mean time, I guess a password is the bare minimum. And if my printer get kidnapped by a cyber gang, I now have a way to restore my printerā€™s firmware!Ā šŸ˜¬

Related content