Controversy erupts over community-built replacement firmware for Bambu Lab 3D printers.
A new firmware option has been quietly developed for Bambu Lab 3D printers, specifically the X1 series. The idea is to overwrite the factory firmware with an alternative that’s under community control. The new firmware is called “X1Plus”.
How is this even possible when the standard interface doesn’t allow for arbitrary firmware updates? It turns out the stock X1 firmware has a security flaw, and through this hole the X1Plus team was able to inject code to reload the firmware. This is known on other platforms as “jailbreaking”.
Apparently the X1Plus team has somehow built entirely new firmware that doesn’t use any of the Bambu Lab firmware, preventing the company from claiming illegal reuse. I am not certain of the details here, but I suspect the team started with an existing open source firmware and configured it for use on the X1. However, others say the firmware was “reverse engineered”.
Why would anyone want to replace the firmware on what many consider to be the top 3D printer on the market today?
It seems that some are anxious for a variety of new features that Bambu Lab hasn’t yet gotten around to doing, while others are mistakenly concerned that Bambu Lab is performing secret surveillance on them through their cloud connection.
The latter can be easily rectified by simply using the device in “LAN mode”. By the way, a deep investigation into this mode clearly showed there is NO traffic going to Bambu Lab while in LAN mode, in spite of concerns and suspicions.
https://nikolak.com/bambulab-x1c-network/
Several people have posted that they’ve been using the X1Plus firmware, without issues. One of them is Michael Laws From Teaching Tech, who posted this overview of the project:
I believe this firmware is largely unnecessary for the vast majority of Bambu Lab customers. The system as designed is highly functional, much more so than most other systems, and the company is quite responsive when trouble arise.
By installing the firmware, I expect that the warranty would be voided, and the operator would be on their own if trouble is encountered. For most using X1Plus that’s probably not an issue. But it would be for the vast majority of Bambu Lab customers.
Bambu Lab is most likely unsupportive of this initiative because it is directly opposite of their strategy to make 3D printing simple for those involved. They want to create a box that just works, which is what most operators want.
On the contrary, there are some who prefer to modify their equipment using their technical abilities to squeeze more out of it. That’s fine, but perhaps they should consider using a different platform than Bambu Lab’s. There are plenty of DIY 3D printer projects out there to do so.
Meanwhile, Bambu Lab has closed the security flaw that permitted the jailbreak in a recent firmware update. This move has been interpreted by many as the company’s way of shutting down or impeding the progress of X1Plus.
On the other hand, from Bambu Lab’s perspective, they have now been made aware of a security flaw in their firmware. This hole not only allows jailbreaking but could also be used for any conceivable negative or malicious purpose. It is their duty to close it as soon as possible.
Imagine if they didn’t: A bad actor could then inject malware into someone’s printer and cause havoc. That customer could then sue Bambu Lab for negligence because they didn’t close the hole even though they were aware of its existence.
I expect the X1Plus project to continue, and perhaps they will find other security holes to allow their firmware to be loaded on X1 machines. I also expect Bambu Lab will continue to fix security holes, so this game will no doubt continue.
The new features that appear on X1Plus might be examined by Bambu Lab, and there’s always the possibility they may view them as useful and include an equivalent on future firmware releases. However, remember that Bambu Lab’s goal is to make these systems easy to use and support so that they can sell enormous numbers of them to people and companies that don’t really care for advanced and obscure technical features.
The majority of current Bambu Lab customers just want the printer to work.
Bambu Lab’s future customers will have an even higher ratio of that type of user.
There seems to be a sudden resolution to all this. Bambu Lab yesterday issued a long blog post explaining their position on this matter, which is as I describe above. This was the result of direct consultations with community members, and even the lead for the X1Plus project. While they correctly say that they have to fix security holes, they have also recognized the need for a small portion of the community to be able to install their own firmware.
They are going to permit use of alternative firmware, as they write:
“We will give customers the choice to install third party firmware and root system at their own risk. This choice comes with certain costs in the form of giving up the support of the official software ecosystem which we hope everyone understands.”
There are a number of reasonable caveats to this, as one would expect: the company cannot properly support systems that have unknown modifications.
They also say this, which is quite interesting:
“In short, we will provide a one-way ticket for customers to choose between Bambu Lab OEM firmware and third-party firmware. This solution isn’t perfect, and not everyone will be satisfied, but it is feasible and makes sense before we launch APIs and SDKs for third-party developers, which were already on our roadmap. We will have official support for third-party apps or plugins down the road, but all the infrastructures take time and careful development work.”
This suggests that it may be possible in the future to build applications that use official Bambu Lab APIs to enhance the operation of the systems. Looking a bit further forward, it may also imply that they could eventually end up with some kind of “app store” for these applications, creating another revenue source and deepening their ecosystem.
I strongly encourage you to read Bambu Lab’s lengthy post explaining their position, which is quite different from the assumptions of many.
Via Bambu Lab
