Reverse engineering Bambu Connect: Difference between revisions
examples for what key cannot be used for |
New obfuscation in bambu-connect-v1.2.1-beta.5 |
||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
The purpose of this guide is to demonstrate the trivial process of extracting the "private keys" used for communicating with [[Bambu Lab|Bambu]] devices to examine, and challenge, the technical basis for Bambu Lab's security justification of Bambu Connect. | The purpose of this guide is to demonstrate the trivial process of extracting the "private keys" used for communicating with [[Bambu Lab|Bambu]] devices to examine, and challenge, the technical basis for Bambu Lab's security justification of Bambu Connect. | ||
'''Update (January 26, 2025)''': Bambu Connect v1.1.3<ref>https://public-cdn.bblmw.com/upgrade/bambu-connect/v1.1.3/bambu-connect-beta-darwin-arm64-v1.1.3_2c73d82.dmg - public-cdn.bblmw.com - accessed 2025-01-29</ref> is no longer obfuscated | '''Update (March 11, 2025)''': Bambu Connect v1.2.1-beta.5<ref>https://public-cdn.bblmw.com/upgrade/bambu-connect/updates/versions/1.2.1-beta.5/bambu-connect-v1.2.1-beta.5-win32-x64.exe - public-cdn.bblmw.com - accessed 2025-03-18</ref> obfuscated main.js with electron-vite's v8 bytecode plugin<ref>{{Cite web |title=electron-vite Source Code Protection |url=https://electron-vite.org/guide/source-code-protection#what-is-v8-bytecode |access-date=2025-03-18}}</ref>. The key can likely be obtained by dumping the process memory. | ||
'''Update (January 26, 2025)''': Bambu Connect v1.1.3<ref>https://public-cdn.bblmw.com/upgrade/bambu-connect/v1.1.3/bambu-connect-beta-darwin-arm64-v1.1.3_2c73d82.dmg - public-cdn.bblmw.com - accessed 2025-01-29</ref> is no longer obfuscated and can be directly extracted: <code>npx asar extract app.asar src</code>. | |||
To read <code>main.js</code> for further analysis or extracting the private key stored by Bambu in the app: | To read <code>main.js</code> for further analysis or extracting the private key stored by Bambu in the app: | ||
| Line 89: | Line 91: | ||
What the key '''cannot''' be used for, contrary to many false claims on the internet: | What the key '''cannot''' be used for, contrary to many false claims on the internet: | ||
* Decrypting HTTPS traffic to the cloud | *Decrypting HTTPS traffic to the cloud | ||
* Decrypting any MQTTS or FTPS or video feed traffic | *Decrypting any MQTTS or FTPS or video feed traffic | ||
* Bypassing cloud user authentication | *Bypassing cloud user authentication | ||
* Bypassing local authentication (LAN access code) | *Bypassing local authentication (LAN access code) | ||
* Getting access to other printers | *Getting access to other printers | ||
* Signing custom firmware | *Signing custom firmware | ||
* Signing custom filament NFC tags | *Signing custom filament NFC tags | ||
* Jailbreaking | *Jailbreaking | ||
===Purpose of the certificates=== | ===Purpose of the certificates=== | ||
The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, allowing it to verify the authenticity of the digital signature using the public key. | The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, allowing it to verify the authenticity of the digital signature using the public key. | ||
Bambu Connect continues to work after these certificates expire. Because of how these certificates are used, it is also unlikely that | Bambu Connect continues to work after these certificates expire. Because of how these certificates are used, it is also unlikely that expiry causes the printer to get "bricked", but this needs to be proven through experiments or firmware analysis. | ||
===Additional security measures=== | ===Additional security measures=== | ||