Bambu Connect's X.509 Certificate and Private Key Extracted
Following Bambu Lab's announcement of locking down network access to its X1-series 3D printers with new firmware, the X.509 certificate and private key from the Bambu Connect application have been extracted by hWuxH. This application was intended to be the sole method for third-party software to send print jobs to Bambu Lab hardware. The Bambu Connect app, a relatively simple Electron application, employed obfuscation and encryption, but not enough to deter determined users. The de-obfuscated main.js file reveals the certificate and private key used to encrypt HTTP traffic with the printer, the only obstacle preventing tools like OrcaSlicer from communicating with authentication-enabled Bambu Lab printers. Bambu Lab's next steps are unclear, highlighting the ineffectiveness of security through obfuscation alone.