Reverse engineering Bambu Connect: Difference between revisions
New obfuscation in bambu-connect-v1.2.1-beta.5 |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
The purpose of this guide is to demonstrate the trivial process of extracting the "private keys" used for communicating with [[Bambu Lab|Bambu]] devices to examine, and challenge, the technical basis for Bambu Lab's security justification of Bambu Connect. | The purpose of this guide is to demonstrate the trivial process of extracting the "private keys" used for communicating with [[Bambu Lab|Bambu]] devices to examine, and challenge, the technical basis for Bambu Lab's security justification of Bambu Connect. | ||
'''Update (January 26, 2025)''': Bambu Connect v1.1.3<ref>https://public-cdn.bblmw.com/upgrade/bambu-connect/v1.1.3/bambu-connect-beta-darwin-arm64-v1.1.3_2c73d82.dmg - public-cdn.bblmw.com - accessed 2025-01-29</ref> is no longer obfuscated | '''Update (March 11, 2025)''': Bambu Connect v1.2.1-beta.5<ref>https://public-cdn.bblmw.com/upgrade/bambu-connect/updates/versions/1.2.1-beta.5/bambu-connect-v1.2.1-beta.5-win32-x64.exe - public-cdn.bblmw.com - accessed 2025-03-18</ref> obfuscated main.js with electron-vite's v8 bytecode plugin<ref>{{Cite web |title=electron-vite Source Code Protection |url=https://electron-vite.org/guide/source-code-protection#what-is-v8-bytecode |access-date=2025-03-18}}</ref>. The key can likely be obtained by dumping the process memory. | ||
'''Update (January 26, 2025)''': Bambu Connect v1.1.3<ref>https://public-cdn.bblmw.com/upgrade/bambu-connect/v1.1.3/bambu-connect-beta-darwin-arm64-v1.1.3_2c73d82.dmg - public-cdn.bblmw.com - accessed 2025-01-29</ref> is no longer obfuscated and can be directly extracted: <code>npx asar extract app.asar src</code>. | |||
To read <code>main.js</code> for further analysis or extracting the private key stored by Bambu in the app: | To read <code>main.js</code> for further analysis or extracting the private key stored by Bambu in the app: | ||
| Line 86: | Line 88: | ||
Since the private key has already been leaked, however, third-party software can now regain access to the lost functionality, and it is clear that the overall security characteristics have neither improved nor worsened compared to previous updates. | Since the private key has already been leaked, however, third-party software can now regain access to the lost functionality, and it is clear that the overall security characteristics have neither improved nor worsened compared to previous updates. | ||
What the key '''cannot''' be used for, contrary to many false claims on the internet: | |||
*Decrypting HTTPS traffic to the cloud | |||
*Decrypting any MQTTS or FTPS or video feed traffic | |||
*Bypassing cloud user authentication | |||
*Bypassing local authentication (LAN access code) | |||
*Getting access to other printers | |||
*Signing custom firmware | |||
*Signing custom filament NFC tags | |||
*Jailbreaking | |||
===Purpose of the certificates=== | ===Purpose of the certificates=== | ||
The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, allowing it to verify the authenticity of the digital signature using the public key. | The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, allowing it to verify the authenticity of the digital signature using the public key. | ||
Bambu Connect continues to work after these certificates expire. Because of how these certificates are used, it is also unlikely that | Bambu Connect continues to work after these certificates expire. Because of how these certificates are used, it is also unlikely that expiry causes the printer to get "bricked", but this needs to be proven through experiments or firmware analysis. | ||
===Additional security measures=== | ===Additional security measures=== | ||