Reverse engineering Bambu Connect: Difference between revisions
m Reword impact Tags: Mobile edit Mobile web edit Visual edit |
m rewording Tags: Mobile edit Mobile web edit Visual edit |
||
| Line 81: | Line 81: | ||
The private key is used to digitally sign critical operations, such as print jobs and G-code commands. The printer can validate whether received MQTT commands are signed by Bambu Connect using the app's public key, rejecting any unsigned or improperly signed commands. | The private key is used to digitally sign critical operations, such as print jobs and G-code commands. The printer can validate whether received MQTT commands are signed by Bambu Connect using the app's public key, rejecting any unsigned or improperly signed commands. | ||
Bambu Lab's authorization control system that is meant to increase security is entirely built on the assumption that | Bambu Lab's authorization control system that is meant to increase security is entirely built on the assumption that attackers do not have access to the private key and thus cannot create valid signatures. | ||
However, since the private key has already been leaked, third-party software can now send print jobs and G-code commands again, while risks or dangerous situations<ref>https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/</ref> are still not addressed by Bambu Lab. | However, since the private key has already been leaked, third-party software can now send print jobs and G-code commands again, while risks or dangerous situations<ref>https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/</ref> are still not addressed by Bambu Lab. | ||