Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Talk:Reverse engineering Bambu Connect
Add topic
Page
Discussion
English
Read
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit source
Add topic
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
As seen on Louis Rossmann! https://www.youtube.com/watch?v=UYhYkpYpt58 [[User:JamesTDG|JamesTDG]] ([[User talk:JamesTDG|talk]]) 10:28, 20 January 2025 (UTC) = Confusion from tech-illiterate regarding this article = I am relatively tech-illiterate, so I have a couple of questions that this article does not cover. First, this is probably a basic question, but why is there a private-key hard-coded into the device? I know almost nothing about encryption, but I assumed that the private keys were supposed to stay on the server in order to magically sign updates. I thought that authentication of the signature was supposed to be done through public keys or something. Am I mistaken about this? Or do private keys need to be hard-coded into the firmware of the device? Second, now that this has happened, what does Bambu need to do in order to change the private keys? Third, how exactly does the consumer take advantage of this? Are they able to connect their own server to push their own updates to the device? If so, how would they go about doing that? The guide does not tell tech-illiterates like me how to do it. Fourth, with this ability to get the private keys, are there ways that bad-actors can use this to push malicious updates to any of these printers that are connected to the internet? If so, does everyone need to disconnect their 3D printer from the internet immediately in order to not get infected? Or is this not the case? And if malicious actors can now hack into these printers thanks to the instructions presented in this article, is this a net-negative for the consumer, rather than a net-positive, even for a consumer who wants to truly own what they bought and paid for? These are probably all basic questions, so please forgive my confusion and ignorance. - [[User:I_Will_Not_Use_Discord|I_Will_Not_Use_Discord]]
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
