Reverse Engineering Bambu Connect
109 comments
·January 20, 2025NelsonMinar
nialv7
bait-and-switch? We, those who advocate for open source 3D printers, saw it coming from miles away. This has very very clearly been their plan all along, they themselves said as much (e.g. they are doing the "apple model"). They have been very transparent about this, yet people still fell for it.
DrBenCarson
AFAIK, Apple has never retroactively removed functionality from devices people already purchased
Selling a walled garden is one thing, building walls around a garden you already bought is another thing entirely
ulrikrasmussen
This is the Google model then. Base everything on open source, even allow unofficial builds of your operating system (LineageOS, Graphene), but slowly introduce more and more device attestation and DRM so it becomes de facto impossible to actually use anything but the closed builds because everything from banking apps and electronic identification apps to streaming apps will refuse to run on your "unsafe" operating system.
askariwa
Just some of them:
- Battery Management (iPhone 6, 6s, and SE): In 2017, Apple introduced a battery management feature in iOS 10.2.1 to prevent unexpected shutdowns by throttling the performance of iPhones with degraded batteries. This led to slower device performance without informing users, which is a removal of expected performance functionality.
- 32-bit App Support: With the release of iOS 11 in 2017, Apple dropped support for 32-bit apps. This meant users could no longer use older apps that had not been updated to 64-bit, effectively removing access to those apps on updated devices = You want the new OS? -> you have less functionality.
- Pulse oximetry features were recently removed from new Apple Watches due to Masimo's patent infringement claim.
hooverd
Open source didn't compete on quality for price. I could pay 2k plus 40 hours of my time for a Voron or buy something that just works. I think Prusa only put out their CoreXY offering after they realized Bambu was eating their lunch. The Apple model works because people want to print rather than tinker.
harrall
Well Prusa was open and did compete.
But for 3D printers that worked out of the box under $1000, Prusa had no real competition itself.
The Mk3 came out in 2017 and I swear Prusa just sat on their laurels. I was a Mk3s+ owner (well, still am) and was pretty disappointed how little improved with the Mk4.
Bambu’s competition was Prusa and they clearly strived to improve over what Prusa had accomplished.
moooo99
> Open source didn't compete on quality for price.
Well, Open Source did compete on one quality very well: being open, hackable and staying that way. With this being removed from Bambu lab printers it seems as if this is a very much valued aspect for many 3D printing enthusiasts, yet few people were willing to compromise for this aspect.
Apparently it is true, you don’t know how much you value something until you don’t have it anymore
pandemic_region
> The Apple model works because people want to print rather than tinker.
Entirely this. I bought my A1 mini over the Christmas holidays and couldn't be happier with it, it's my first 3D printer. Searching for models on Makerworld, adjusting tiny bits here and there if needed and print. It just works and I don't really care about anything else, much like my Brother printer.
kamranjon
Curious if anyone has tried the Core XY printers from Creality? I think they use open source software and are generally in the same ballpark as the Bambu printers price-wise. Also saw they have a similar AMS style system as well.
nialv7
I paid ~$750 for my 350mm Voron 2.4 kit (and, sure, 40 hours of my time. But look, you want to do 3D printing, 40 hours are just a small initial investment).
seabird
There's a middle ground between the Apple model and assembling everything yourself.
beeflet
it just works until it doesn't
Gigachad
You can print of an SD card without any special software or online services, the same as you can on Prusa printers. It's just the server/internet stuff that's locked down. Which I wish was open too, but it's still has fully unrestricted local printing functionality.
hatsunearu
https://www.reddit.com/r/BambuLab/comments/1i548m9/this_is_p...
Looks like it's not true?
Aaron2222
I _think_ that's browsing the SD card from Bambu Studio when the printer's set to LAN Mode, not printing from SD on the printer itself.
dangus
From that link if you continue reading, commenters in the thread point out that LAN mode didn't even exist when the printer came out, and that it's more flexible now than when they first came out on the market.
My other comment on this thread contains the rest of my thoughts. Overall, I think this outrage is overblown.
i5heu
Is this a defect under the EU law?
If so one could get a refund :)
mattclarkdotnet
That makes as much sense as saying you bought an Apple laptop expecting it to be hackable
gjsman-1000
> standing it was reasonably hackable and open
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
franga2000
I was very against Bambu in the beginning for their lack of proper network (not cloud!) support. Then they added LAN mode and I actually considered getting one. Luckily I was lazy and never got around to it. What the fuck Bambu?? Security, really? Not even HP dares to make that excuse...
moooo99
I mean, I technically see why authentication may be something they want to consider, especially for the less technically inclined users that Bambu is very obviously targeting.
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
spaceguillotine
Bambu should be working on scaling their consumables and customer service, it takes weeks to resolve any tickets, 8 days to a first response has been normal for them.
dawnerd
It’s kind of a joke they think they’re ready to roll out a print farm subscription when they can’t even keep basic filament in stock, or like you said even provide basic support. They’ve grown far too quickly.
freefruit
What can't you fix? All the issues I've had you could find a video on YouTube on what to do.
userbinator
I'm not surprised that 3D printers are turning out to be as hostile as 2D ones. As usual these days, "security" is the excuse.
goda90
There's so much open source software, firmware, and hardware out there for FDM 3D printers, I doubt they'll ever get as bad as regular printers. It's much more a tinkerers world than 2D printing ever would be.
jopsen
Are regular printers that bad, if buy brother?
I bought a B/W laser printer and have been generally impressed with the lack of BS that came a long with it.
It did ask for toner once, so I bought something from a third-party.
cuu508
Some are good, some are bad, buyer beware.
No direct experience, but I recently read[1] Brother HL-L3220CW counts printed pages, and refuses to print after a set number of pages, even if there's still toner in the cartridge. Some models have a way to reset the page count but this one apparently does not.
[1] https://spicausis-lv.translate.goog/2025/01-brother/?_x_tr_s...
(I also use a Brother B/W laser printer, got it second hand for almost nothing, works fine)
wongarsu
I've only made good experiences with laser printers, from very small ones to full-sized copy machines. Some of the more expensive inkjet printers are reportedly also quite good. You are still stuck with the usual horror show that is software from hardware companies, but otherwise it's not so bad. And the occasional paper jam, but 3d printers are no better in terms of reliability
The bad reputation is just from HP's tactic to sell printers cheaper than everyone else, in more stores than anyone else, then make the money back with the scummiest tactics imaginable.
DrBenCarson
Yep laser printers are the equivalent of modern CoreXY printers with solid auto calibration
rustcleaner
With 3D printing out for a while now, there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens. I'm really shocked the overpriced ink monopolies weren't attacked in this manner, as a young child I distinctly remember a kiosk in a grocery store which 'printed' messages and images on blank cards using colored pencils, for customer order. None of this is remotely new.
gjsman-1000
Admittedly, the printing system for 2D Printers is a nightmare. Windows Secured Core PCs, for example, disable all 3rd party printing drivers and only support open driverless standards for printing like Mopria. According to people who have looked at it, let’s just say CUPS in macOS and Linux is not very likely to be a paragon of security, having an RCE scare 3 months ago.
If the printing stacks within operating systems are trash, who knows what horrors your network-connected printer firmware has. (Locking down 3rd party ink cartridges in the name of security - what’s an ink cartridge going to do? Buffer overflow the data it sends to the printer? Oh wait, maybe the printer is that dumb and we’re overthinking this, and it’s more inexcusable than first glance suggests.)
throwaway48476
If 3D printing isn't kept open source there's going to be laws about what you can and can't print that will kill innovation.
franga2000
I can't imagine the printers being open source or not mattering for that, nor can I see any reasonable government banning printing of specific things. If something is illegal to own or manufacture, that already applies to 3D printers just as much as it did to CNC machines or any other method.
K0balt
Yet they have made it so that sophisticated printers must include firmware that refuses to print banknotes.
floating-io
Are you so sure?
https://www.nysenate.gov/legislation/bills/2025/A2228?utm_ca...
Not quite the same, and hopefully likely to fail if it hasn't already, but it shows that interest exists in regulating 3D printers. When enough interest exists, things will happen.
JMHO.
arduinomancer
Doubt it
2D printers are not open source and you can still print pretty much anything
K0balt
No, you can’t. Printer manufacturers are required to prevent printing certain kinds of images on sophisticated printers. And they also print watermarks unique to your printer on every page.
gaoryrt
I don't think you can print cash/paper money.
s0rce
The bambu printers haven't been open source.
ChrisArchitect
> Bambu Lab is a Chinese tech company that designs and manufactures 3D printers
wongarsu
They disrupted the 3d printer market with printers that just work out-of-the-box at at price points where you typically only get enthusiast products that require a lot of tinkering.
A lot of their business model is seemingly based on making long-term sales from consumables. Their solution for multi-color printing is more convenient to use with filament sold by them because they embed information about the filament on proprietary RFID tags.
A couple days ago they announced locking down the API for their most expensive line of printers, locking most API calls to only their own software because of "security". Users are obviously upset.
Rumours for the reasons range from protecting themselves from user mods that replicate the RFID functionality on any filament by configuring the printer via API calls, to Bambu Labs wanting to launch some kind of subscription service for print farms.
imtringued
Bambu Lab filament pricing is very similar to Sunlu pricing if you purchase the same minimum quantities as Sunlu, but Bambu Lab has a wider variety of filament that people actually want. The only thing that really helps them make more money is wasteful multi-color printing.
c0nsumer
I've been following along with a lot of this, because having picked up one of their printers about a month ago, I was immediately very nonplussed with the security. It took some work to get it running isolated on an IoT VLAN, yet still usable from my main machine.
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
lvturner
My understanding is that if I want to print via LAN, I have to auth against Bambu's internet servers, which is most definitely something I don't want.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
c0nsumer
Can you link to some specific detail on that, because I keep seeing that claim, but without any technical info.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
lvturner
From their blog post: https://blog.bambulab.com/firmware-update-introducing-new-au...
"Critical Operations That Require Authorization
The following printer operations will require authorization controls:
Binding and unbinding the printer.
Initiating remote video access.
Performing firmware upgrades.
Initiating a print job (via LAN or cloud mode).
Controlling motion system, temperature, fans, AMS settings, calibrations, etc."
ipv6ipv4
It's vendor lock-in (or DRM), not security. Security would be a protocol based on a user specific secret that doesn't inherently require locking down anything to Bambu Lab only software (think username/password). Vendor lock-in is about locking the user into using Bambu Lab software, which is what we see here.
You would never allow your bank account to be secured with Bambu Lab's "security fix".
whatever1
You thought you would be able to print copies of commercial things in the comfort of your home? RIAA would like a word with you.
onemoresoop
I got an A1 mini about a month ago and so far it’s been decent as a beginners printer. I transfer models to the printer via the microSD card and refused to install their networking software on my machine because I don’t trust it’s safe enough. Im also very reluctant to get updates whenever they’re pushed. Maybe im spooked by past bricked devices so I keep all my devices dumb and offline as much as I can.
hamandcheese
Does anyone know what this key is actually used for, and what it enables?
ClassyJacket
I'm so happy Bambu is getting what's coming to them after screwing us so badly <3
BWStearns
What did they do?
bdcravens
They used a plugin to communicate print jobs (and other integrations), so that third party software could be used pretty seamlessly. Now they're moving to a new authentication model, and will be requiring users to send files to a separate print app. (Bambu Connect) It adds friction to the process, especially for those who were looking to run print jobs at scale, using "print farm" software or building their own solutions.
c0nsumer
I do wonder how much friction it'll really add, since the slicers can send the data to Connect via a protocol handler.
It also means that Connect could act as a farm / queueing system as well, more like a print driver vs. individual printer support within the app.
bradfitz
https://hackaday.com/2025/01/17/new-bambu-lab-firmware-updat... has a summary that caught me up. I feel like it must be missing some of the story though.
adenta
They are locking down their software so you have to use it
adenta
The A1 mini was my first printer and it just works.
Is there another brand that is idiot proof?
sho_hn
If you buy a Prusa in non-kit form, it's not any harder to unbox or operate, and more reliable, while generally achieving somewhat better results. Without phoning home and while maintaining the software Bambu forked theirs from.
A recent review coming to a similar conclusion was Maker Muse' review of bedslingers.
It's a channel I respect a lot, because he has over the years relentlessly disclosed emails of companies trying to bribe or lean on him, or threaten him, and refused to play along.
Most other 3D printing content is essentially paid advertising -- including, I suspect, the carefully constructed brand narrative of Bambu as the first "fire and forget" printers, as if they somehow elevated the art form, when really the user experience is not substantially different.
You do not need to tinker or problem-solve with other modern well-reviewing printers, nor do they fail more prints. My MK4 hasn't failed a single print in a year (i.e. since I bought it), and I haven't had to do any sort of maintenance.
zanderwohl
> it's not any harder to unbox or operate
I agree with this
> and more reliable
I emphatically disagree with this.
> while generally achieving somewhat better results
I agree with this.
I'd also like to add that my Prusa Mk3s+ is significantly slower than my P1S. Also, without the MMU it still cost more than my P1S with AMS. Choosing a Prusa is making a philosophical choice, because it's certainly not about convenience, speed, versatility (considering you need to buy a separate enclosure and pricey MMU), bed size, or price. It's a choice you make because you're okay with spending a lot more to support an open platform where you can flash your own firmware without voiding your warranty, not because you want a better experience.
MindSpunk
And they cost 3x as much. Which is a pretty tough sell IMO.
mitthrowaway2
I am an idiot, and my Prusa MK3S+ (bought assembled, not as a kit) has been me-proof for years, and delivered fantastic print quality all along. My wife is not a techie and she gets good use out of it too. Their newer printers seem to be even better.
0_____0
I've been using a Prusa Mk2 for years no with no real issues. Doesn't have the bells and whistles but it does, like, consistently work.
Eventually I'll get a used FormLabs setup. Once I have a shop space set up.
Polizeiposaune
Based on recommendations here a couple years ago I built a Prusa Mk3 from a kit (right before the mk4 came out). Building it took a while but I think was a worthwhile investment of my time and I think of it as a system I can understand rather than as a black box.
I had a little bit of trouble with it maybe six months ago (repeatedly tripped offline during prints from a thermal issue) but Prusa's online support talked me through recalibrating it and it's been trouble-free since then.
zanderwohl
One thing to be said for Prusa is that their support is actually knowledgeable and experienced. You're not going to get a tier 1 support person who has never touched a printer and is just reading from a script.
rqtwteye
I bought an A1 after years of fiddling with an Ender. It made 3D printing fun again.
The whole situation reminds me of drones. DJI is (maybe) questionable but their products are without competition when you look at price and quality. Bambu products are also fantastic.
On second thought TP-Link fits too. My TP-Link mesh network just works perfectly. So do their smart plugs.
EmmEff
I did the same- replaced an Ender with an A1. Unfortunately, I’ve had it 10 days and have yet to be able to print anything. Won’t calibrate and cannot update firmware. Seems like a commonly reported issue but tech support is still bumbling around with no useful suggestions. I foresee it going back.
bdcravens
Not yet, but other brands are stepping up their quality. I just bought a Creality K2 Plus, and it's almost on par with my X1C (and has some features I prefer, like the CFS, their version of the AMS)
DrBenCarson
If you’re looking for a CoreXY machine that can handle more industrial filaments for reasonable money, check out QIDI
nicman23
flashforge is pretty good and by design easy to root.
it is running klipper internally and there are mods to run a completely open source stack (with blobs)
dangus
I personally think the outrage I've seen on this issue is generally not justified.
In general people are just scared of change and on top of that are playing telephone on the details of the change, assuming the worst intentions from Bambu like they're trying to be the next HP.
I have seen a lot of misinformation on this topic, and I think that in that sense it's a good idea to read the actual announcement details to get a better read on Bambu's intentions: https://blog.bambulab.com/firmware-update-introducing-new-au...
A voice in Bambu's defense on this issue would say:
1. The new firmware isn't out, it's still in beta, and the new connect software is also in beta. This stuff isn't done and nobody has been forced to use it or even had it presented as an OTA update yet. The problems highlighted in this wiki page are very possibly problems that Bambu is aware of and intends to fix before release.
2. Bambu in their blog article stated that they are working on integration code so that third party slicers like Orca Slicer can more directly interface with Bambu Connect (see the FAQ section)
3. There are multiple statements on this blog page where Bambu acknowledges the workflow disruption and emphasizes the things they intend to do and do not intend to do, such as "It’s important to note that this update is not intended to restrict third-party software use. In fact, we’ve actively collaborated with third-party print farm management software providers in the past and continue to support such partnerships. To further improve the user experience, we are introducing a new software solution that will address these limitations and enhance overall print farm management capabilities."
4. People who don't run huge print farms don't seem to be impacted by this. Remember that Bambu claims to be a consumer tech company, right there in the "About Us" section. They are trying to make printers that are easy to use and require minimal tinkering. For a normal person, sending a slice file from Orca Slicer to a separate app (adding literally one step) is not a big deal, you're doing that once per print in a world where typical prints take hours to complete. And with that in mind, Bambu is still saying they intend to provide an integration solution to Orca Slicer in the future to streamline that process.
Whether not the software design is a good architecture is an entirely different issue, and as a beta product I'm not sure we can judge that quite yet. Perhaps they should have hardened their network API more rather than introducing a new app? Perhaps they shouldn't have announced this so publicly before they had a solution for third-party integrations ready?
hatsunearu
I mean a reasonable ask would be why can't they push this off until all of that is taken care of?
dangus
I think to be fair to them that's literally what they're doing? They're just announcing it ahead of time while it's in beta so we all know about it.
"Starting January 17th, users will have access to the beta firmware"
"Launching first for X Series printers, with P and A Series updates planned for future release"
I am angry at the bait-and-switch Bambu is pulling. I bought one of their printers in the Black Friday sale on the understanding it was reasonably hackable and open. Now they're trying to lock it down so I can't print on my own printer without using their approved software and DRM chain. It's outrageous.
More info on the hacking (the first in what may be a long stupid fight): https://hackaday.com/2025/01/19/bambu-connects-authenticatio...