5

It is the data send from windows based POS application to the receipt printer that I would like to moniter and analyze. I do not have control of the POS application(brand may vary and no source code) so the best way is to intercept the printed data by hooking up a hardware device inline between the POS and the printer.

I have done some reading and it seems that most of receipt printers accept ESC/POS command set. Does that mean POS actually sends ESC/POS commands such as 'PrintNormal xyz'?

But I also read that "The data which is sent to a ESC/POS printer IS raster data embedded with ESC/POS commands" (see Intercepting data sent to a Windows printer (using RedMon)), Is that even readable? Now I am unsure how to go about it without knowing the data format.

Can someone confirm?

Thanks.

Community
  • 1
  • 1
perlwle
  • 353
  • 2
  • 5
  • 17
  • 1
    "Does that mean POS actually sends ESC/POS commands such as 'PrintNormal xyz'" - "PrintNormal" is an OPOS/UPOS command, which will be translated into ESC/POS commands by an OPOS/UPOS Service Object. If you monitor the data going through the port, you'll see the lower level ESC/POS protocol (escape sequences + text). – Joe Nov 18 '13 at 06:44
  • thank you joe. I am using PrintNormal by example. When you say going through the port - is it the final data being sent to the printer? Please see my updated question for more info. – perlwle Nov 18 '13 at 06:48
  • "... The data ... IS raster data embedded with ESC/POS commands. Is that even readable". It's raster data + ESC/POS commands if you're printing graphics, or text data + ESC/POS commands if you're printing text. Raster data is not readable by most definitions of readable, but it can be processed and understood if you know the protocol. – Joe Nov 18 '13 at 07:11
  • "I am unsure how to go about it without knowing the data format" - you would need the relevant ESC/POS documentation to understand the data format for printing graphics, and would need to be aware that there are variations depending on the printer model. Text data would be easier to read, though again, the ESC/POS escape sequences will vary depending on the printer model. – Joe Nov 18 '13 at 07:14
  • Besides printing graphic, do you know when POS sends raster data and why? – perlwle Nov 20 '13 at 09:13
  • Raster data is only used for graphics (bitmaps) - either to directly print a graphic, or to download a graphic for subsequent printing. – Joe Nov 20 '13 at 12:04
  • Thanks for the continue help. Is it common to send text in bitmap type and in that case what's the recommended way to decode it to text(OCR??)? what is the data format If POS sends the data by using windows printer driver? – perlwle Nov 22 '13 at 04:57
  • 2
    No it's not common to send text as a bitmap with ESC/POS. In general bitmaps are used to send a logo (for performance this is often downloaded once, the printed with an ESC/POS command), a barcode or other graphic. A Windows printer driver may well use graphics, but in my experience is rarely used in a POS application. – Joe Nov 22 '13 at 05:35
  • I am based in china which probably new to you. Most of the POS venders recommend using printer driver for more font choices and styles and claimed the data will be sent in graphic mode. I am gonna test it out then figure a way to convert it to text. – perlwle Nov 22 '13 at 08:15
  • 1
    a windows printer driver that prints in graphic mode will of course give you more flexibility in terms of fonts and styles, at the expense of performance and low-level control (detecting paper low, cover open; opening a cash drawer connected to the printer; cutting the receipt; ...). – Joe Nov 22 '13 at 09:12
  • One thing that comes to mind is to use a network printer and monitor the traffic by switching the NIC into Promiscuous mode. If some piece of software could do the same thing by tapping into the printer driver, wouldn't that be a security issue? – Code4R7 Sep 09 '19 at 19:03
  • @Code4R7. If the POS is actually using a network printer, or can be configured to do so, then that is feasible, but also indicates a very insecure setup. Software tapping the printer driver would almost certainly require root/admin, in which case malicious code would have access to more sensitive data than the receipt, which generally doesn't even have the complete card number. I believe OP is talking about a *hardware* tap, though. Still, seems more useful for legit auditing then malicious intent IMHO. – memtha Sep 10 '19 at 18:21

1 Answers1

2

Disclaimer: the legality of the question proposed, and therefore this and any other answer, are subject to the terms of licensing which have not been disclosed in the question. Use at your own risk and liability. Don't blame me.

I am answering with regard to the bounty text:

The question is widely applicable to a large audience. A detailed canonical answer is required to address all the concerns.

As I am not sure how large the audience is for intercepting a specific printer protocol, I interpret this to mean the bounty seeks an answer for reverse-engineering a master-slave protocol based only on an (as yet unspecified) bus via hardware tap.

Hardware: First, identify the bus. My best guess here is you are dealing with either usb or parallel, but could be 9-pin serial or something proprietary. In any case, get your hands on the docs for the hardware level communication protocol, and build a simple hardware device that reads the data and mirrors it elsewhere. This could be either a tap-and-record setup, which simply records the data silently as an observer (a function available in many oscilloscopes), or a MITM packet-level receive-record-send loop, which emulates the slave on one end and the master on the other. I prefer the latter as you have a greater guarantee regarding the completeness of the intercepted data, plus the ability to transmit test jobs to the slave device in order to test your understanding of the protocol; at the cost of a more complicated/expensive interceptor design.

As the original question seems to be directed at the higher-level protocol, I will glaze over this portion. Comment if you want more suggestions.

Software: Assuming you now have a hardware level tap, you can now perform a print job and inspect the recorded communication. I do not expect much effort to have been put into obfuscating the data format. At this state, you should be able to judge for yourself what format the data/communication is in, and what specific commands therein are being used. If the data you're seeing does not line up with the expected format, you have more research to do.

Layer protocol:

Now I am unsure how to go about it without knowing the data format.

I often use the terms "format" and "protocol" interchangeably. Regardless, the protocol/format the POS software uses to boss around the printer is almost certainly built upon a simpler protocol that knows nothing of the purpose of the data being transferred. In cases such as this, I adopt the "layer" terminology inherint in networking. Layer 1 refers to the most basic meaning of wire voltages. This includes ethernet, usb, serial etc. This is the protocol your interceptor needs to have at first. Layer 2 is the more purpose-specific protocol, such as IP, block storage, printer protocol etc. There can be more layers, but for this question's scope I will stick to 2. Once you examine the contents of the L1 payload, you can start reverse-engineering the L2 format and commands of interest.

In another example, consider USB as L1. Now, you can plug a thumb driver, a printer, or any number of other devices into the same USB port. These devices all use L1=USB protocol, but may all have very different L2 protocols. An interceptor built for L1=USB can record and/or mirror the payload equally well regardless. A more sophisticated interceptor might attempt to analyze the L2 payload with software, or you could do so with software tools (like wireshark in the case of ehternet or usb) after a capture has been completed.

Printer specific: I would expect the receipt printer to support the majority of whatever protocol is designated (ESC/POS or otherwise), but also the POS software designer to pick only a handful of commands.

I have done some reading and it seems that most of receipt printers accept ESC/POS command set. Does that mean POS actually sends ESC/POS commands such as 'PrintNormal xyz'?

No. The fact that most printers accept that protocol would be a good reason for the POS authors to choose it, but that does not mean that they did. The best ways to know for sure are to examine either the source code or the intercepted data. You could of course examine the compiled code, if you prefer.

Rasterization: This is purely speculation. I can see a case for using the raster subset exclusively, as it limits the effort the software author must put into understanding the protocol, while allowing greater control over the end product, in terms of font, indenting, text size etc. Also, consider that the author may be porting printing code to many different such protocols in order to support a wide range of printers. If every proposed printer protocol supports raster, then they can make the transaction-to-raster code once, and find a simple way to send that raster to the printer for each proposed protocol.

Conclusion: No, I cannot confirm what specific protocol your system is using. But, if you are in a position to intercept the hardware communication as your question implies, you should be close to doing so for yourself.

memtha
  • 797
  • 5
  • 24