Creality K2 series GPLv3 violation

The Creality K2 series 3D printer firmware (covering the K2 SE, K2, K2 Pro, & K2 Plus) ships proprietary modules compiled with Cython into the GPLv3-licensed Klipper host environment without releasing the corresponding source code.^[1]^[2] Klipper's community developers & the independent reverse-engineering project fake-name/cfs-reverse-engineering have documented these closed binaries as a violation of the GNU General Public License v3 (GPLv3), the license under which Klipper is distributed.^[1]^[2] Creality opened a public GitHub repository for the K2 line in December 2025 & markets it as open source, but the published code lacks the source for several hardware communication modules.^[3] A correspondence log uploaded to the Internet Archive in May 2026 records Creality support telling a requester it was unable to directly provide the corresponding source code, & shows the requester copying the Software Freedom Conservancy (SFC) & the Free Software Foundation (FSF) on the demand.^[4]

Background

The K2 series firmware is built on Klipper, the open-source 3D-printer host software that its creator Kevin O'Connor distributes under the GPLv3.^[5] In December 2025, Creality opened a public GitHub repository for the K2 series & promoted the line as open source.^[3] Community developers found that the published code was outdated, out of sync with shipping printer configurations, & missing the source for several hardware communication modules.^[3]^[1] The dispute predates that repository: a Creality-forum thread asking where the required K2 Klipper sources were had been open since February 2025.^[1]

The missing modules ship as Cython-compiled shared objects. The reverse-engineering project fake-name/cfs-reverse-engineering describes these files as compiled with Cython to make them opaque.^[2] Because the wrappers sit inside Klipper's own process directory, the GPLv3-licensed Klipper host loads & executes the closed binaries at runtime.^[1]^[2]

The missing source affects the firmware images shipped across the K2 line:

K2 SE: V2.3.6.49 (CR4CU220812S11_ota_img_V2.3.6.49.img) ^[4]
K2: V1.1.5.5 (CR0CN200400C10_R_202605061516_ota_img_V1.1.5.5.img) ^[4]
K2 Pro: V1.1.5.5 (CR0CN200400C10_R_202605061516_ota_img_V1.1.5.5.img) ^[4]
K2 Plus: V1.1.5.5 (CR0CN240110C10_R_202605081127_ota_img_V1.1.5.5.img) ^[4]

Incident

Creality distributes Cython-compiled shared objects (.so) inside Klipper's process directory at /usr/share/klipper/klippy/extras/ without the matching source.^[1]^[6] Extracted K2 Plus firmware lists six such wrappers in that directory:

serial_485_wrapper.cpython-39.so, which the cfs project ties to the RS-485 serial link between the mainboard and the CFS feeder bus ^[1]^[2]
box_wrapper.cpython-39.so ^[1]
filament_rack_wrapper.cpython-39.so ^[1]
motor_control_wrapper.cpython-39.so ^[1]
prtouch_v2_wrapper.cpython-39.so ^[1]
prtouch_v3_wrapper.cpython-39.so ^[1]

A Klipper community thread on the K2 Plus documents that these compiled modules implement the printer's automatic filament-changing feature & ship only as shared-object files, & a moderator there describes Creality as in violation of the GPLv3.^[7]

According to a correspondence log uploaded to the Internet Archive in May 2026, a requester pressed Creality for the complete GPLv3 source code, & Creality support acknowledged the request on May 15, 2026.^[4] The log's outgoing letters, signed by a sender identifying himself as Alex Mercer, were copied to the Software Freedom Conservancy ([email protected]) & the Free Software Foundation ([email protected]) on May 27 & May 29, 2026, & state that the violation is logged with the Software Freedom Conservancy and the Free Software Foundation.^[4] The log records a single recurring demand, that Creality either release the source or stop shipping the firmware. The May 29, 2026 letter reads:

I reiterate my demand: immediately provide the complete corresponding source code or halt all distribution of the K2 series firmware until compliance is achieved.

^[4]

Creality continues to distribute the same firmware images while the source remains unreleased.^[1]

Creality's response

Through May 2026, community members documented a repeating set of stalling & denial templates from Creality's front-line support on GPL inquiries.^[1]

In the correspondence log, a May 15, 2026 reply from Creality Customer Service reads:

We have officially forwarded your application for the complete GPLv3 source code for all firmware versions of the K2 series to our R&D team for processing. ... Please stay tuned for further announcements on our official website.

^[4]

A May 24, 2026 reply in the same log, attributed to Creality Service, reads:

Due to the involvement of custom firmware modules, underlying dependencies, and the need to clarify copyrights from multiple parties, the compilation of relevant materials requires a considerable period of time. Currently, we are unable to directly provide the corresponding source code or updated repository links.

^[4]

A May 29, 2026 follow-up in the log states:

cleaning up a fully compliant source code package without affecting commercial proprietary code does require an internal process that, for now, does not have a publicly available timeline.

^[4]

The log records no substantive reply after May 29, 2026; per the log, Creality forwarded the case to its internal legal department & R&D manager without giving a compliance timeline.^[4]

Consumer response & hardware bypass

The K2 firmware drew criticism on the Creality forums, where the cfs project author argued that withholding the source for the parts that matter moved Creality from incompetent to actively malicious: promoting a printer as open source while keeping its core features behind closed binaries.^[1]

The closed binaries created practical problems for owners: blocked hardware repair, no support for third-party toolheads, & restricted access to the printer's underlying Linux system.^[1]

Creality had faced the same complaint over the earlier K1 series. Issue #9 on its K1_Series_Klipper GitHub repository flagged binary-only extensions as a GPLv3 violation & demanded the corresponding source; the issue remained open as of March 2025.^[8] On the later K1C, Creality removed root access; owners on the Creality forum note that the printer's own documentation describes the removal as intentional.^[9]

Independent developers started the fake-name/cfs-reverse-engineering project to map the Creality Filament System (CFS) feeder bus.^[2] The project documents that the CFS uses a GigaDevice GD32F303VET6 microcontroller, which its firmware notes describe as binary-compatible with an STM32F106VET6.^[2] By building a hardware interposer board to reroute the isolated RS-485 lines to an unused MCU header, the developers converted the CFS link into a standard CAN bus running candleLight_fw & upstream Klipper, bypassing Creality's closed serial protocol.^[2]

Kevin O'Connor, the creator of Klipper, restated the license terms on the Klipper Discourse forum:

Klipper is licensed under the GNU GPLv3. Any redistribution of that code is required to follow the license. I have not dual-licensed the code nor provided any exceptions.

^[5]

Prior violations & the Bambu Lab AGPLv3 case

Creality already appears on TH3D Studio LLC's 3D Printer GPL Violation List for withholding source code on its Marlin-based printers & the Klipper-based Sonic Pad.^[10]^[5]

Creality's open-source disputes go back to 2018. After it shipped its CR-10 line with Marlin, a GPLv3-licensed firmware, without releasing complete corresponding source, US distributor Printed Solid stopped selling Creality printers over the non-compliance.^[11] Community pressure followed, & technology figure Naomi Wu was credited, alongside that pressure, with getting Creality to release the Marlin source for the CR-10S, including its filament-sensor & power-loss-recovery code, in April 2018.^[12]

On May 18, 2026, the Software Freedom Conservancy published a response to violations of the GNU Affero General Public License v3 (AGPLv3) by Bambu Lab over its proprietary networking library libbambu_networking.so.^[13]^[14] After Bambu issued a cease-and-desist to Pawel Jarczak, the developer of an OrcaSlicer fork, the SFC announced Project baltobu (Bringing Affero Licensed Things (On)to Bambu Users) to reverse-engineer the closed library & host an independent slicer fork.^[13]

References

↑ ^1.00 ^1.01 ^1.02 ^1.03 ^1.04 ^1.05 ^1.06 ^1.07 ^1.08 ^1.09 ^1.10 ^1.11 ^1.12 ^1.13 ^1.14 ^1.15 "Where are the (required to be released) sources for Creality's modifications to Klipper the K2", Creality Forum.
↑ ^2.0 ^2.1 ^2.2 ^2.3 ^2.4 ^2.5 ^2.6 ^2.7 fake-name/cfs-reverse-engineering, GitHub Repository.
↑ ^3.0 ^3.1 ^3.2 "Creality Open-Source 3D Printer Firmware is Here!", Official Creality Forum.
↑ ^4.00 ^4.01 ^4.02 ^4.03 ^4.04 ^4.05 ^4.06 ^4.07 ^4.08 ^4.09 ^4.10 ^4.11 "Creality K2 GPLv3 Compliance Demand Correspondence Logs (May 2026)", correspondence log uploaded to the Internet Archive.
↑ ^5.0 ^5.1 ^5.2 "Creality Violating Klipper License", Klipper Discourse Group.
↑ Guilouz/Creality-K2Plus-Extracted-Firmwares, /Firmware/usr/share/klipper/klippy/extras directory, GitHub Repository.
↑ "Creality K2 Plus and GPL violations", Klipper Discourse Group.
↑ "This repository contains binary-only extensions, violating the Klipper GPLv3 license", K1 Series GitHub Issue #9.
↑ "K1C 2025 + OrcaSlicer: Workarounds for Missing Web Interface", Creality Community Forum.
↑ "3D Printer GPL Violation List", TH3D Studio LLC (archived November 9, 2023).
↑ "GPL Violations Cost Creality A US Distributor", Hackaday, Tom Nardi, August 27, 2018.
↑ "Creality GPL Update: Naomi Wu Released CR-10S Marlin Source Code", 3D Printing Nerd, April 9, 2018 (archived).
↑ ^13.0 ^13.1 "Comprehensive Response to Bambu's AGPLv3 Violations", Software Freedom Conservancy.
↑ "Open-source non-profit claims Bambu Lab violated license", Tom's Hardware.

[creality_forum_tracker-1] 1.00 ^1.01 ^1.02 ^1.03 ^1.04 ^1.05 ^1.06 ^1.07 ^1.08 ^1.09 ^1.10 ^1.11 ^1.12 ^1.13 ^1.14 ^1.15 "Where are the (required to be released) sources for Creality's modifications to Klipper the K2", Creality Forum.

[cfs_github-2] 2.0 ^2.1 ^2.2 ^2.3 ^2.4 ^2.5 ^2.6 ^2.7 fake-name/cfs-reverse-engineering, GitHub Repository.

[creality_forum_launch-3] 3.0 ^3.1 ^3.2 "Creality Open-Source 3D Printer Firmware is Here!", Official Creality Forum.

[email_demand-4] 4.00 ^4.01 ^4.02 ^4.03 ^4.04 ^4.05 ^4.06 ^4.07 ^4.08 ^4.09 ^4.10 ^4.11 "Creality K2 GPLv3 Compliance Demand Correspondence Logs (May 2026)", correspondence log uploaded to the Internet Archive.

[klipper_discourse_violation-5] 5.0 ^5.1 ^5.2 "Creality Violating Klipper License", Klipper Discourse Group.

[extracted_fw-6] Guilouz/Creality-K2Plus-Extracted-Firmwares, /Firmware/usr/share/klipper/klippy/extras directory, GitHub Repository.

[klipper_discourse_k2-7] "Creality K2 Plus and GPL violations", Klipper Discourse Group.

[k1_github_issue-8] "This repository contains binary-only extensions, violating the Klipper GPLv3 license", K1 Series GitHub Issue #9.

[creality_k1c_forum-9] "K1C 2025 + OrcaSlicer: Workarounds for Missing Web Interface", Creality Community Forum.

[th3d_list-10] "3D Printer GPL Violation List", TH3D Studio LLC (archived November 9, 2023).

[hackaday_marlin-11] "GPL Violations Cost Creality A US Distributor", Hackaday, Tom Nardi, August 27, 2018.

[3dprintingnerd_nw-12] "Creality GPL Update: Naomi Wu Released CR-10S Marlin Source Code", 3D Printing Nerd, April 9, 2018 (archived).

[sfc_bambu-13] 13.0 ^13.1 "Comprehensive Response to Bambu's AGPLv3 Violations", Software Freedom Conservancy.

[toms_hardware_bambu-14] "Open-source non-profit claims Bambu Lab violated license", Tom's Hardware.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]