Reverse engineering Bambu Connect: Difference between revisions

Line 78:

</pre>

=== Purpose of the private key ===

===Purpose of the private key===

~~This~~ private key is used ~~for attaching a digital signature~~ to critical operations, such as print jobs and G-code commands. The printer can validate if received MQTT commands are signed by Bambu Connect, ~~and decide to reject them otherwise~~.

The private key is used to digitally sign critical operations, such as print jobs and G-code commands. The printer can validate whether received MQTT commands are signed by Bambu Connect using the app's public key, rejecting any unsigned or improperly signed commands.

Bambu Lab~~'s thought is~~ that third party software ~~can not~~ generate a valid signature because it does not ~~possess this key. These practices are comparable to DRM and can almost always be bypassed due~~ to ~~Bambu Connect running on~~ the ~~user's PC~~.

Bambu Lab assumes that third-party software cannot generate a valid signature because it does not have access to the private key.

~~The impact of this~~ key ~~being~~ leaked ~~is that~~ third party software can now ~~access~~ critical operations ~~again~~.

However, since the private key has already been leaked, third-party software can now send critical operations, bypassing the imposed authorization measures.

=== Purpose of the certificates ===

===Purpose of the certificates===

The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, ~~enabling~~ it to ~~validate~~ the signature.

The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, allowing it to verify the authenticity of the digital signature using the public key.

Bambu Connect ~~additionally~~ encrypts G-code commands and ~~the~~ file ~~path~~ of print operations using the printer's certificate. This ~~appears to be an attempt of actually increasing security by ensuring~~ that ~~no other devices~~ can decrypt it. However, the potential benefits are ~~negated as~~ the ~~command~~ still ~~includes~~ the ~~plain text~~ G-code command or file path, ~~most~~ likely due to negligence or backwards compatibility.

Bambu Connect also encrypts G-code commands and file paths of print operations using the printer's certificate. This ensures that only the intended printer can decrypt the data, adding another layer of security.

However, the potential security benefits are diminished because the encrypted commands still include the plaintext G-code command or file path, likely due to negligence or the need for backwards compatibility.

==References==

@@ Line 78: / Line 78: @@
 </pre>
-=== Purpose of the private key ===
+===Purpose of the private key===
-This private key is used for attaching a digital signature to critical operations, such as print jobs and G-code commands. The printer can validate if received MQTT commands are signed by Bambu Connect, and decide to reject them otherwise.
+The private key is used to digitally sign critical operations, such as print jobs and G-code commands. The printer can validate whether received MQTT commands are signed by Bambu Connect using the app's public key, rejecting any unsigned or improperly signed commands.
-Bambu Lab's thought is that third party software can not generate a valid signature because it does not possess this key. These practices are comparable to DRM and can almost always be bypassed due to Bambu Connect running on the user's PC.
+Bambu Lab assumes that third-party software cannot generate a valid signature because it does not have access to the private key.
-The impact of this key being leaked is that third party software can now access critical operations again.
+However, since the private key has already been leaked, third-party software can now send critical operations, bypassing the imposed authorization measures.
-=== Purpose of the certificates ===
+===Purpose of the certificates===
-The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, enabling it to validate the signature.
+The private key corresponds to the public key contained in the app's certificate. This certificate is sent to the printer, allowing it to verify the authenticity of the digital signature using the public key.
-Bambu Connect additionally encrypts G-code commands and the file path of print operations using the printer's certificate. This appears to be an attempt of actually increasing security by ensuring that no other devices can decrypt it. However, the potential benefits are negated as the command still includes the plain text G-code command or file path, most likely due to negligence or backwards compatibility.
+Bambu Connect also encrypts G-code commands and file paths of print operations using the printer's certificate. This ensures that only the intended printer can decrypt the data, adding another layer of security.
+However, the potential security benefits are diminished because the encrypted commands still include the plaintext G-code command or file path, likely due to negligence or the need for backwards compatibility.
 ==References==