Bambu Lab Tries To Clarify Its New “Beta” Authentication Scheme

January 20, 2025 by Maya Posch 7 Comments

Perhaps one of the most fascinating aspects of any developing tech scandal is the way that the target company handles criticism and feedback from the community. After announcing a new authentication scheme for cloud & LAN-based operations a few days ago, Bambu Lab today posted an update that’s supposed to address said criticism and feedback. This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that’s supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key.

In the new blog post, the Bambu Lab spokesperson takes a few paragraphs to get to the points which the community are most concerned about, which is interoperability between tools like OrcaSlicer and Bambu Lab printers. The above graphic is what they envision it will look like, with purportedly OrcaSlicer getting a network plugin that should provide direct access, but so far the Bambu Connect app remains required. It’s also noted that this new firmware is ‘just Beta firmware’.

As the flaming wreck that’s Bambu Lab’s PR efforts keeps hurtling down the highway of public opinion, we’d be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing.

Bambu Connect’s Authentication X.509 Certificate And Private Key Extracted

January 19, 2025 by Maya Posch 107 Comments

Hot on the heels of Bambu Lab’s announcement that it would be locking down all network access to its X1-series 3D printers with new firmware, the X.509 certificate and private key from the Bambu Connect application have now been extracted by [hWuxH]. This application was intended to be the sole way for third-party software to send print jobs to Bambu Lab hardware as we previously reported.

The Bambu Connect app is a fairly low-effort Electron-based affair, with some attempt at obfuscation and encryption, but not enough to keep prying eyes out. The de-obfuscated main.js file can be found here (archived), with the certificate and private key clearly visible. These are used to encrypt HTTP traffic with the printer, and is the sole thing standing in the way of tools like OrcaSlicer talking with authentication-enabled Bambu Lab printers.

As for what will be the next steps by Bambu Lab, it’s now clear that security through obfuscation is not going to be very effective here. While playing whack-a-mole with (paying) users who are only interested in using their hardware in the way that they want is certainly an option, this might be a wake-up call for the company that being more forthcoming with their userbase would be in anyone’s best interest.

We await Bambu Lab’s response with bated breath.

New Bambu Lab Firmware Update Adds Mandatory Authorization Control System

January 17, 2025 by Maya Posch 101 Comments

As per a recent Bambu Lab blog post, its FDM printers in the X1 series will soon receive a firmware update that adds mandatory authentication for certain operations, starting with the firmware update on January 23rd for the aforementioned FDM printers. These operations include performing firmware upgrades, initiating a print job (LAN or cloud), remote video access and adjusting parameters on the printer. Using the printer directly and starting prints from an SD card are not affected.

As reasoning for this new feature Bambu Lab points to recent exploits that gave strangers access to people’s printers, though cheekily linking to an article on an Anycubic printer exploit. While admittedly a concern, this mostly affects internet-exposed printers, such as those that are tied into a ‘cloud’ account. Even so, LAN-based printing also falls under this new mandatory authentication system, with Bambu Lab offering a new tool called Bambu Connect for those who insist on using non-Bambu Lab branded software like OrcaSlicer. This allows for exported G-code files to be sent to a (property authenticated) Bambu Lab printer.

For those who do not wish to use this feature, not upgrading the firmware is currently the only recourse. Although this firmware update is only for X1-series printers, Bambu Lab promised that it’ll arrive for their other printers too in due time. While Bambu Lab printer owners consider installing the alternative X1 Plus firmware, the peanut gallery can discuss the potential security issues (or lack thereof) of an open Fluidd or similar UI on their LAN-connected, Klipper-based FDM printers.

Thanks to [mip] for the tip.

Putting The New CryoGrip Build Plate To The Test

October 25, 2024 by Dave Rowntree 14 Comments

BIQU has released a new line of low-temperature build plates that look to be the next step in 3D printing’s iteration—or so YouTuber Printing Perspective thinks after reviewing one. The Cryogrip Pro is designed for the Bambu X1, P1, and A1 series of printers but could easily be adapted for other magnetic-bed machines.

The bed adhesion strength when cold is immense!

The idea of the new material is to reduce the need for high bed temperatures, keeping enclosure temperatures low. As some enclosed printer owners may know, trying to print PLA and even PETG with the door closed can be troublesome due to how slowly these materials cool. Too high an ambient temperature can wreak havoc with this cooling process, even leading to nozzle-clogging.

The new build plate purports to enable low, even ambient bed temperatures, still with maximum adhesion. Two versions are available, with the ‘frostbite’ version intended for only PLA and PETG but having the best adhesion properties. A more general-purpose version, the ‘glacier’ sacrifices a little bed adhesion but gains the ability to handle a much wider range of materials.

An initial test with a decent-sized print showed that the bed adhesion was excellent, but after removing the print, it still looked warped. The theory was that it was due to how consistently the magnetic build plate was attached to the printer bed plate, which was now the limiting factor. Switching to a different printer seemed to ‘fix’ that issue, but that was really only needed to continue the build plate review.

They demonstrated a common issue with high-grip build plates: what happens when you try to remove the print. Obviously, magnetic build plates are designed to be removed and flexed to pop off the print, and this one is no different. The extreme adhesion, even at ambient temperature, does mean it’s even more essential to flex that plate, and thin prints will be troublesome. We guess that if these plates allow the door to be kept closed, then there are quite a few advantages, namely lower operating noise and improved filtration to keep those nasty nanoparticles in check. And low bed temperatures mean lower energy consumption, which is got to be a good thing. Don’t underestimate how much power that beefy bed heater needs!

Ever wondered what mini QR-code-like tags are on the high-end build plates? We’ve got the answer. And now that you’ve got a pile of different build plates, how do you store them and keep them clean? With this neat gadget!

Continue reading “Putting The New CryoGrip Build Plate To The Test” →