Reverse engineering Bambu Connect: Difference between revisions
m Fixed link |
purpose of private key and certificate |
||
| Line 77: | Line 77: | ||
extract_certs_and_key() | extract_certs_and_key() | ||
</pre> | </pre> | ||
=== Purpose of the private key === | |||
This private key is used for attaching a digital signature to critical operations, such as print jobs and G-code commands. The printer can validate if received MQTT commands are signed by Bambu Connect, and decide to reject them otherwise. | |||
Bambu Lab's thought is that third party software can not generate a valid signature because it does not possess this key. These practices are comparable to DRM and can almost always be bypassed due to Bambu Connect running on the user's PC. | |||
The impact of this key being leaked is that third party software can now access critical operations again. | |||
=== Purpose of the certificates === | |||
The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, enabling it to validate the signature. | |||
Bambu Connect additionally encrypts G-code commands and the file path of print operations using the printer's certificate. This appears to be an attempt of actually increasing security by ensuring that no other devices can decrypt it. However, the potential benefits are negated as the command still includes the plain text G-code command or file path, most likely due to negligence or backwards compatibility. | |||
==References== | ==References== | ||