Reverse engineering Bambu Connect: Difference between revisions
m rewording |
more private key details |
||
| Line 81: | Line 81: | ||
The private key is used to digitally sign critical operations, such as print jobs and G-code commands. The printer can validate whether received MQTT commands are signed by Bambu Connect using the app's public key, rejecting any unsigned or improperly signed commands. | The private key is used to digitally sign critical operations, such as print jobs and G-code commands. The printer can validate whether received MQTT commands are signed by Bambu Connect using the app's public key, rejecting any unsigned or improperly signed commands. | ||
Bambu Lab | Bambu Lab's authorization control system that is meant to increase security is built on the assumption that third-party software does not have access to the private key and thus cannot create valid signatures. | ||
However, since the private key has already been leaked, third-party software can now send critical operations, | However, since the private key has already been leaked, third-party software can now send critical operations, while risks or dangerous situations<ref>https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/</ref> are still not addressed by Bambu Lab. | ||
===Purpose of the certificates=== | ===Purpose of the certificates=== | ||