What is Inside a Bambu Lab Log File???
Vložit
- čas přidán 25. 06. 2024
- Ever wondered exactly what is being collected in the encrypted @BambuLab log files? Today we are giving you an unprecedented look into what is inside the log file so you can better understand what you are sending in those logs, and whether you are okay with it.
This video was only possible because of the X1Plus firmware allowing users to dump the machine memory and decrypt the log files. To learn more about X1Plus, check out their website: //www.x1plus.net/
And our coverage of the firmware: • JAILBREAKING A Bambu L...
BambuStudio Github bug report: github.com/bambulab/BambuStud...
Driver link: androidmtk.com/download-rockc...
0:00 Intro/Comparison
1:43 CAM
6:40 Coredump, Export, Misc
6:56 Monitor
9:54 Print
10:23 Recorder
11:53 Syslog
12:56 Tools and Tracker
15:06 Upload, Camera, and Execution
16:08 FLC_encrypto
16:38 G-Code
19:28 Log_export
20:10 SPG_encrypto
20:22 SSH_config
20:39 Sys_log
22:03 Final Thoughts/Outro
NOTE: we will not tolerate hate in the comments. You act like a jerk, your comment will get removed.
🎁 Support us directly on Patreon! 🧡💯 / 3dmusketeers
🎁 CZcams Channel Memberships! 🧡💯 b.link/YTmembership
🎁 Join our Discord Via Paypal (or the others)🧡💯 b.link/10Paypal
🛒 Shop Amazon with our Affiliate Code: amzn.to/3hrzVcL
🛒 Shop GreenGate3D with our Affiliate Code: b.link/GreenGate3D
🛒 Shop Prusa with our Affiliate Code: shop.prusa3d.com/#a_aid=3DM
🛒 Shop Slice Engineering with our Affiliate Link to save some 💰 💰!! b.link/Slice-Engineering
Save 💰 💰 on Zyltech Filament use code 3DM at checkout for sweet savings off your entire order: Zyltech.com code: 3DM
Want Great Royalty FREE music? Choose Epidemic Sound: b.link/EpidemicSound
____________________________________
Keep up to date by following us here!
Website: 3DMusketeers.com
Twitter: / 3d_musketeers
Facebook: / 3dmusketeers
Instagram: / 3dmusketeers
LinkedIn: / 3dmusketeers
Email: CZcams@3Dmusketeers.com
#bambulab #bambulogfile #logfile #datasecurity #cybersecurity #smallbusinessnda #X1Plus #JailbreakingYourBambu #X1+ #SoftwareDesign #Firmware #Jailbreaking #Bambu #LogFiles #CustomFirmware #3DPrinters #3DMusketeers #SmallBusiness #3DPrinting #AdditiveManufacturing
FTC Disclaimer: A percentage of sales is made through Affiliate links - Věda a technologie
What worries me the most is that Bambulab have claimed that the Gcodes are not uploaded, yet in this log it is. If they are willing to lie about that, what else are they not telling us.
And now there is an easy way to convert that gcode back to an stl. Mind you the fidelity isnt 100% there, but still
@@3DMusketeers fidelity would also depend on the resolution/layer height you sliced at, finer resolution == better fidelity. It's Concerning regardless, GCODE still gives access to be able to print the part(s).
@@3DMusketeers, could you elaborate on why the folder on the right didn't have a gcode.tar.gz?
@Bletotum absolutely! It has a 3mf outside of that specific log folder. What we believe happens when you create the log is that it unzips the 3mf file into its components, which would explain the rendered photos that end up being your thumbnails for the parts.
@timbrookman366 yes, the better the slice, the better the convert.
What worries me is your lack of reading comprehension. Show me a 3MF or STL file in the logs. Yes, the "machine code" that was sent to the printer, and controls the printer, is in the log file. Shocking!!!!
While you can reconstruct the final print from the gcode, you can't reconstruct the original pre-sliced model.
I'm still in shock that you are the only youtuber that talks about this.
me too.. it is a bit depressing.
Awesome work on Grant ! Appreciate this post !!!
Thanks!
Thanks for all that you do for the industry Grant.
Thank you!!
Excellent job
Thank you!
Thanks for providing this info! Interesting what actually gets uploading, wasn't expecting full pictures to be sent
Absolutely!
TBH that didn't surprise me at all.
full pictures is problematic especially if it's the same for the A1
indeed
Doesn't the A1 have a privacy slider for the camera?
@@the_realist_John_Doe You won't always have it on especially if you want to use the camera
So what exactly do you think is being displayed in Bambu Studio in the timelapse section before you download the video?
@@the_realist_John_Doe Yes, but it primarily acts as a diffuser for the light. It is therefore only milky but not opaque. Cameras on laptops, for example, are usually covered with a black piece of plastic or are disconnected from the power supply. On my Think Pad, the camera is moved behind a cover with a slider.
Maybe I missed something, but this is just a dump of the data on the machine right? Why are you inferring that the data on the device contains the exact same thing as the data being sent back to manufacturer? Don't get me wrong this is some reasonably valuable info but it doesn't really expose anything.
As a software dev I don't think it's abnormal to log all these things and things like the date/time remaining after a factory reset is normal behavior if the device has a real time clock inside. The only thing in this video that is a bit sus is that they encrypted everything, but considering like you found it contains some personal data, if the machine was stolen or sold it would make sense to store the logs in an encrypted format: your phone does the same thing.
But the major question is if they are phoning home with this data or not. Is there any unencrypted dump of the network traffic available? Maybe I missed it in the video but I don't think it is known what is being sent?
Because a device can log a ton of things, but it's pretty normal to then sanitize logs and clean out any personal data before sending it as traffic to somewhere. And even sending gcode back to Bambulabs could have a legitimate use if the printer crashed hard while processing a file so they can analyze which instructions caused the crash, but again it depends on what is being sent automatically, want is sent "manually" after a failure and what isn't sent at all.
I've decided not to go for a Bambu printer simply because of the horrible handling of the recall of the borked power cable, but the things I've seen in this video would only concern me if they are actually sent out, not just stored on the device. Even just measuring the amount of encrypted traffic should give you a good idea on what is actually being sent, but sadly you didn't go there in this video.
Nope, it's a decrypted log. We compare to a data dump to show in the beginning
smash like finally proof 170mb are not alone text files lol
Thanks sir!
that's why the pictures don't surprise me. In fact I half expected video. lol
Thank you so much for the information
thank you!
So this is only when the user uploads a log file ? also has anyone captured the wifi with any attempts to dial home without permission and is this on the X1 - X1C with the more advance screen or on the P series too ?
What you see is the machine log file generated to be uploaded to Bambu when a user clicks the log export button.
My machine was attempting to make connections to servers according to the log file and was cleared, somehow, to upload data as well. This is covered in the video.
@@3DMusketeersdid you have lan mode set ? attempting to dial home in lan mode is something I am sure a lot of people would want to know.
I had wifi turned off completely. It was STILL trying to phone home.
Pondered it quite a bit. Still can't think of a reason to have logs for my own prints encrypted on my own machines.
The only viable reason I can think of, is so BL can collect whatever they want, without us knowing what specific things they are collecting.
Please, correct me if I'm wrong.
I dont have any claims for or against that lol. Just the facts ;)
Not to defend them, but it might be easier for them to create the file directly encrypted... Imagine if they just sent a zip and someone got in the way. It would be a major security issue.
oh I have no doubt it is easier, in fact the MCU they chose specifically is marketed to do the encryption, but dont lie to me about what it is in it lol
@@Ale-bj7nd You don't need filesystem encryption for that, you just send it through an encrypted tunnel.
My day job is Cyber Security, so my opinions are tempered a bit here, but in our line of work we encrypt everything like that as these logs contain details that would allow an attacker additional information that could allow them to completely compromise your system. As the files are queued for potential sharing with support, it makes sense to just archive and encrypt as part of the regular process rather than ONLY doing the encryption Just Before you submit.
That said, Bamboo went overboard on what's included in those logs. I can see the g-code being useful if you were debugging a print quality issue, but that should be optional and not by default. Also, no need for historical print images. I'm more inclined to say that this is due to Lazy Programmer Syndrome, "I'm just going to include everything just in case and it takes too much time do determine what's REALLY needed" than actual nefarious evil intent.
Thank you for showing what Bambulabs is collecting!
Absolutely!
that's why I'm saving up for Voron.
I have really enjoyed my build EXCEPT for the belt routing lol
@@3DMusketeers Zombie Get in the stream! Grant needs help with the Front idler belt routing
LOL. It was a disaster!! My way was the right way and I stand by that ha ha ha
@@3DMusketeerswish me luck then... in March!
Yeah, I think I’m gonna go ahead and reach out to cancel my AMS order… probably better to put that money towards a Voron as well. Even that Prusa XL is starting to look pretty good again.
Putting on my day job hat... you have the Linux kernel boot logs, syslogs (which probably run through a log rotate setup which triggers either at a fixed time interval or once a file exceeds a certain size), and the 3mf that Bambu Studio and derivatives export. I was doing a test recently and created a 3mf (which is a compressed file, not too different from a tar gz) from Bambu Studio and it renames the gcode inside it to plate_1. 3mf generally doesn't carry the file name into the contents itself. Now... if you were simply going through the dump file, or SSHed into the machine, I would say this all looks pretty standard. But as I'm understanding from the beginning, the one you're going through is the log file that the machine generates as opposed to just a system dump. Vast majority of that is unnecessary for uploading to support. For a linux syslog to have any useful info, basically your machine would have to be unusable or be doing very weird things, which should only happen if you're manipulating the OS itself (installs, configs, etc. that all have an effect). But a locked down system... there shouldn't be anything. If they're logging application details to the system log, they're lazy at best. Those should be their own files. That's what Ubiquiti, Synology, Mosaic (Palette), and many other similar "locked down but runs on Linux" systems do. Uploading all of that isn't necessary. Given their background from DJI, and that DJI also does an encryption system, my gut feeling is someone just took the encryption system and changed the key used for it. Lots pointing to them doing what DJI does. Now, none of that really says these get uploaded outside of when Bambu requests it. But it still contains more info then necessary. Dates can be weird, because without a network clock, it really depends on the hardware. Like, the RPi 4 and older would have weird timestamps when you booted linux for the first time without a network connection. But the RPi 5 now has support for a clock that you can power by an external battery. Not unlike basically every PC you can buy. So if you find a button battery on the main board, chances are that even if the system stayed in a box for an extended period of time, it still maintained the clock and when you finally did boot it, it knew what time it was. Bigger concern is that factory reset didn't remove most of not all the data. One company's factory reset is the removal of user data, another's is to do a full OS/firmware flash that basically resets the file system. Sounds like Bambu goes for "remove just the couple user config files" rather then the whole file system. Still, the fun part will be seeing what others get from X1Plus.
Yes the one I went through is not the dumped memory, it is a decrypted log. The full 3MF exists on the file dump and we believe that whole gcode folder is just the uncompressed 3mf file split up.
Dude thanks for that whole dive into it more, as my day job is definitely not linux stuff. I think Hanlon's Razor is best appropriate here. And the X1Plus guys seem to agree. That likely this was outsourced to someone/team and they never bothered to turn off the extra logging for the testing purposes.
@@3DMusketeers Agreed
A whole week and BambuLabs still hasn't talked about this.
Maybe because it is actually what is in the files and you really cannot refute a fact lol
Could it be possible, that its only a thing of the X1Plus firmware and the saved information and logfile is different in the original firmware?
Possible, yes, but since I'm running stock firmware with a rooted machine using X1P and it's before they are working with Bambu, it's not likely. Being a small team, they have no agenda.
Have you tried clicking any of the embedded hyperlinks using a chinese (or other east Asian country) endpoint to see if they execute differently?
No, actually.. I'm not sure if it would. Those links are to an AWS server in US West. So unlikely. It's more likely they expired as links but are still present.
Eyes opening and scary at the same time
Thank you mr Grant sir.
Absolutely. Thank you
One more reason I’m glad I have a second printer that’s 100% offline for prototypes and other things, and an online printer for just random stupidity and things I forget to print when I’m out and about.
not a bad way to look at it, but it is safe to assume if you Bambu is online, they have 100% control over it if they want
@@3DMusketeers that does seem like a valid assumption and something to think about more.
for sure,. but given our machine is offline, its not something we can dig into alas
@@3DMusketeers Well, they did cause their printers around the world to start printing a model in a big goof So they can push prints I'd guess they can push firmware updates but can they pull logs and other files on the printers
Great content! Thank you very much. Maybe one could look closer into the slicer and the mobile app to see the whole picture.
Alas we cant dig into those at this time. It is not my skillset. I am the guy that is happy to report it though
Did you run the "file" command on the .bin files to see if they're in any common encoding format that might be able to be decrypted further? I'd say that it's unlikely, but still it'd be worth a shot.
I didnt notice anything in terms of patterns. Likely I was using the wrong program to view, but the right one is unknown to me
email me if you would like and you can help there. I cant code worth a damn lol
Running file most likely will result in data or binary file. You can just disassemble or use strings or the hex editor for further analyze. If it's encoded or encrypted, then you most likely need to reverse engineer the Bambu firmware to decode/decrypt the file.
I will ask the X1Plus guys if they can help
The bin files are scan data used by the “AI” checking for first layer defects.
Zajímavé!
Hope you enjoyed!
Not the hero we deserve, But the hero we need... incoming hate
Thanks lol
I'm looking to finally purchase my first 3D printer, doing tons of research, because of what I am looking for. The X1C with AMS has been at the top of my list for a while. Do I have the ability to tinker? Sure, I'm old school, learned assembly language programming back in the early 80's programming on a hex keypad and never stopped learning. I'm the kind of guy who never hires anyone unless the job is way WAY too big. I'm not pouring a concrete slab, but taking an 1850's farmhouse into the future, remodeling down to the studs in Every room. The only person I hired is a drywall guy cause I hate drywall. Plumbing? Heating? Electrical? Kitchen cabinets? Tile work? Cake walk. And I love working hard and enjoying the results of my labors.
BUT. I no longer want to tinker with Everything, I've been tinkering and doing everything myself for decades. I made the decision back at the turn of the century that I was done building my PC's, it was time to invest in a higher end workstations from HP or Dell. As I look into getting into 3D printing, that's what I'm looking for, the Pro-Consumer / light business type box that just works, that I don't have to mess around.
Oh, and BTW, day job is Cyber Security for Enterprise, Banking, Government, Higher Ed. The rest of this post is tempered by my professional experiences.
Let's put Bamboo into context. Google was created by the CIA. Do I REALLY need to tell you what that means for Everything you do online? Facebook was created for the sole purpose of monetizing /exploiting personal / private data. All these big tech companies have linked and aggregated your data and offer it to the government, and anyone else willing to pay for it. End result is that the big players know and link ALL your online identities together, no matter how clever you think you were creating that new private account. It's trivial. Amazon Echo devices store your non-command conversations on Amazon's servers for "Product Improvement Analysis." Every consumer product that can connect to the internet is phoning home with god knows what encrypted payloads of Stuff. If you participate in this online world, not living in a cave, that means Big Tech knows more about you than your wife (especially with AI analysis added in.) So let's not play Ostrich here, you need to assume that Every Single Company is going to lie to you about the data they collect and will word their Terms of Service in their favor, preferring to let you fight it in court (they know you won't. You know you won't too.)
In my own personal network, perhaps I've gone overboard but I isolate all my SmartHome and other less-trustworthy devices from the Internet and each other. Every device is in its own VLAN with its own set of rules on what it's allowed to communicate with. Issues like Anker's Eufy camera security are COMMON. All these devices are constantly probing servers in China, AWS, Google, Azure, etc. etc.
Looking at Bamboo as a company, there APPEARS to be something almost pathological, the set of morals that allow them to just abscond with the Intellectual Property of others while defending their own. Not cool. Including superfluous historical data like images of past prints in the debug logs - not cool. Lying about what is in the log files - VERY Not cool, as in needing a Come to Jesus Moment. Bamboo needs to do some work here to par down their log collection to the minimum needed to actually provide support. That may or may not include g-code, but that info should be disclosed, not hidden, or have it as a non-default option to include (I can see it being helpful debugging a print.)
Consumers need to make the choice - Do I work with companies that have questionable moral values and business practices? Just how far do you go to stick to your guns on this, are you willing to give up everything Google touches for example? Netflix? Amazon? Microsoft? Apple? None of those companies is "morally superior" to Bamboo as they all do the EXACT SAME THINGS.
Most of what Bamboo is including in the logs does appear to be innocent and reasonable - with some clear exceptions.
Now that I know a lot more about Bamboo as a company (thanks to your videos) I need to decide if they are too far to one side on the Moral / Evil scale to support or not. But are they really evil or just Super Arrogant, thinking they won't get caught? Clearly arrogance is involved though, and Bamboo needs to open up a bit more to cooperate with the community. Be honest. I'll probably end up getting the X1C after all this, because it DOES look like they just want to create good printers, and along the path they stepped in a few piles of dog doo.
We made sure to show everything, not just what we had issues with, that is how this is a fair showing of the logs and not sensationalized BS lol.
Thanks for pulling the curtain back on the log file, personally I'm not too worried about it, I'm only printing dust collectors anyway. But if I were doing this as a business, I would most definitely think about keeping my unit offline.
Alas, this is what I expect from the consumer mindset. But, my dear friend, I would pose this to you: If data has no value why would a company collect it? Dont give it away for free :) Be safe buddy! I know your use case is different than most!
@@3DMusketeers I see your point. But personally, I like using the cloud, being able to pull up the Bambu Handy app to view the status of my print while out and about is useful to me. So that's a tradeoff I'm willing to accept. But I can see how this could be a concern for others. But I also feel that it is important to know what they are logging, and you've been able to show us that. And now people can make a more informed decision as to how they wish to run their machines. P.S. Sorry I missed the live stream. I was a little busy this morning. 😁
I get your use case, because I know it. Some will be willing to, others wont. I believe the education side of it is what is important. Bambu said to just trust us. We have proven that is not what one should do.
intellectual property has never been something the CCCP respects...just saying... ever read the EUA for ticktok? NEVER install that on ANY of your devices! EVER! Any company from china is not to be trusted due to their "unavoidable" full disclosure of every aspect of their business with the cccp. No. It's not a conspiracy theory...it's the truth. I thank 3D Musketeers for exposing this. Good on ya!
@@3DMusketeers I imagine that there are a lot of us with the consumer mindset as you put it.
I dislike a company that lies to me as a consumer, so they only get one chance generally. I will use my A1 Mini and AMS until they either break or are deemed ancient technology with the development of new 3D printers, but due to their lies and obfuscation, I will not buy another one of their machines.
As far as data goes, not all consumers care if someone monetizes it, especially if the data is randomized (not sure how to do that if they are sending the machine serial number) because there is a lot of public data we are comfortable sharing these days. Just because someone makes money with my data doesn’t necessarily mean that I have lost anything monetarily. But it is imperative to know what data is being collected truthfully and in an easy to read manner so we can make informed decisions on how are data is used.
Nice job BTW, on disclosing this info. Bambu Labs should be ashamed.
So, how to avoid my data being sent to the Bambu cloud? Is switching on „LAN“ mode enough?
never connect it online. is it enough? I dont know. Never connecting it and never sending a log is how you avoid data being taken. Oh, and use Orca Slicer on stealth mode
Lan mode just allow you send files to printer directly with out going through the cloud but the printer is still connected to a network that has access to the Internet.
I am not concerned by the information displayed here, but I can certainly understand how some users would be. I just don't fundamentally understand why Bambu can't do two things here: (1) Toggle the creation of log files via user config option and (2) Store the log files in "plain" format so users can see the content.
If this was all in a plain format this video would not need to exist. Because nothing would be secret
They are stored encrypted because it's easier to encrypt one log at a time as it's being written than it is to encrypt everything at the same time to send it off, as 3D Musketeers would also complain if the logs were not encrypted when being sent off.
I dont have an issue with the encryption, I have an issue with the hiding behind the encryption and giving users false information. I just want the truth. That seems to upset people. Which gives me cause for concern for what they care more about..
@@flat_stickproductions209 Encrypting something during transportation is not a big problem. Your comment was encrypted when you sent it and decrypted again when it landed on the CZcams server. In the same way, the content of this page and the video are transmitted in encrypted form and your browser decrypts the whole thing in real time. So it would be no problem to encrypt the logs in real time when you send them to Bambu Lab.
@@andreas.grundler it's different when you have a 3d printer running on a potato vs an i9 machine.
It will be 7pm here in the uk when this starts .... getting the pop corn ready for this one lol 🙂
Here's hoping it lives up to expectations!
Have you sniiffed the uploads or reviewed the upload code to confirm thag ALL of this is uploaded if you submit logs?
This is literally the log file that you send to Bambu. It's exactly what the machine exports.
You just answered his question, it's the log file that YOU send to tech support, and not something that is sent on it's own, lol. I see you're in full damage-control mode and hiding any comments that pushback on your theories, lol.
@@heffe2001 I answered it in the video too...
But yes, we are removing comments that are just rude to be rude, per the description. If someone is just being rude for no reason, their comment will go away. If they are being critical, that is fine, but be nice, and be factual where you can. Attacking people because you disagree with what is shown will not be tolerated.
@@3DMusketeersYou realize that the lion-share of the things you found are just normal linux logs, or things that would be necessary for support to actually help you with an issue, right? I mean, even klipper & an obico local install keeps a ton of info similar to what was shown in the video. People have been collecting wireshark logs on these printers for months, with zero evidence of the printers sending anything on their own..
@@heffe2001 Yes I am. We left all that in there for full transparency spec. Only a few things we found give me any cause for concern, but it is enough for me to have problems and I think that anyone who reads the Bambu blog about what they do and dont do in the logs would also have some cause for concern.
But, than again, people may not, I dont know.. We expected many to say they dont care, in fact I had a whole section on this in the video, however we cut it because it was WAYYY too much opinion lol. Clearly we should have left some of that in it seems. We are learning..
Thats great. Now CCPR doesnt even need to reverse engineer... they just get your gcodes and hit print.... super cool!
:/
Yeah..imagine if you're in Texas or somthing and someone sees what you have going on and reaches out to you to do some sweet r and d parts. You print them and then 8 months later they show up on ali. Oof. Good way to get yourself in trouble.
These are local log files? What is being sent to Bambu that isn't manually uploaded by the customer, say if there is an issue? What is more freaky to me is, when I am having a discussion with my brother about his ice maker. Then the next time I look at my phone, I see ads for ice makers on my Facebook feed! Also have you ever reviewed the privacy agreement on a Creality K1 printer? It is an opening experience.
These are the logs that are exported from the machine when you tell it to do it.
I have given up reading the Privacy agreements for Creality. It is a waste of time just to get mad lol.
The problem is that until the video you didn't know what you were sending to Bambu Lab because the log files are normally stored in encrypted form. If the log files were stored in plain text, then you could take a look at them in advance and see if there is anything in there that contains private information.
Thanks for the excellent topic coverage!
Thanks for the support, glad you enjoyed it!!
Here comes all the hate from the Bambozeled club.
dont worry, we will moderate the comments. No shenanigans here.
Well a lot of them are so loyal they defend the A1 fire hazard
@@elchavode6479lol that's true
yeah :/
@elchavode6479 Name one other company that has ever done a massive recall like they did with the A1. Creality has been known to cut corners and have melted wires, yet they would deem it user error or just fix it on a different version. 🤣. At least Bambu made the right decision to recall and also give and extra credit to users. 🤷♂️
Does the desktop app steal data from the PC? Documents, browser history?
Yep. It's all logged. It's plain text though. Being based off of Prusa slicer it's nothing too bad, but since we found orca slicer and use stealth mode for it, we never looked back to Bambu Studio.
Yikes. Do you think LAN only mode could still be a little worrisome for the Gcode files specifically, or do you think removing the entire printer from LAN would be the best solution for that? I'm not really concerned about IP/networking vulnerability stuff, just my files being potentially uploaded.
I am not aware. Safest bet, right now, is to run offline, using Orca in stealth mode.
That one filename does say finish last layer not finish first layer. But that is a lot of information being stored in the log file.
oh dang, did I miss seeing that?? sorry! OOPS
Thanks!
Hey, thanks for the $5! greatly appreciated!
This really sucks. Entirely expected, but still horrible. I will never buy anything from Bambulab ever - or from any other company that thinks it is okay to take their clients information like this.
Yeah, its what we all kind of knew but didnt know until we got into it, now we do.
Can you do the same thing with the X1Plus firmware as a comparison?
It will be fully open sourced when it is released, there is no need.
AFAIK - correct me if I am wrong - the X1Plus firmware delegates to the underlying functions of the original firmware. It acts as a kind of facade to add functionality and provide an alternative UI. Thus, the log file will also be created and sent to Bambu Lab whenever the user asks for.
@@stal1963That is my understanding as well
Other concerns are bambu studio itself - does it phone home? Also, might the printer look for open Wi-Fi networks to connect to.
It does, yes, but it is based on prusaslicer so you can view all that.
it is why we recommend orca on stealth mode.
What alternatives would you suggest that give the same quality results? I’ve been struggling to find a company that is US based (not a guarantee on data security but potentially better security). I ordered a X1C (my first printer), so I am new to printing but I want something that just works, is fast, and high quality.
From a US company, and cheap, no chance. Us labor is so much more. Some compromises will need to be made.
@@3DMusketeers what’s considered cheap? I’m willing to pay for a great printer.
you are going to spend a lot of money these days for USA made.. I think the Prusa XL is a great choice, but not made in the usa.
Excellent video. I wonder if the log files form the A1 are in a similar format. As of now the relationship between printers and different firmwares is unknown, but i would be surprised if they werent based on eachother/ branches. Also would be interesting to see if any references to Marlin or kippler exist.
No references to klipper or Marlin that we could find.
can the 3rd party firmware allow me to use Bambu Studio and/or Orca slicer and transmit jobs via wifi without being an IT genius to set it up ?
I am not aware of any, but that does not mean they do not exist.
I assume if you are uploading a log for an error that occurred, majority of the info that was listed would be needed for diagnostics. Build plate, slicer settings, gcode, and preview image info would be minimum for remote diagnostics.
When the company says you're not uploading your print files in the log though, and we find clearly you are, there's an issue.
Grant, thank you so much for explaining this video. I recently decided to return my X1C after finding this video, but had downloaded Bambu Studio beforehand to try it out. Will having this software for roughly ~20 minutes, then uninstalling it, still have the ability to log my files if I inserted various .stl files? Does uninstalling Bambu Studio completely rid the risk of it being able to log my files? I am decently worried and concerned that I am not out of the ecosystem, being that I am thinking of moving to a Prusa MK4. I am also worried about possible malware, and the ability for Bambu to have access to my computer. Thanks.
Unfortunately I don't have those answers for you. The printer is logging what you saw on the video. That software logs in plain text which you can view. It's persistent and you cannot opt out. Make sure it is completely erased from the system.
Does deleting the software entirely guarantee the stoppage of logging?
I would assume, but I dont know..
Why does bambu need this information what I print on my machine is no one’s business
Great question.......
Quality control and AI training :p
These are probably detailed diagnostic logs - do we know they're even uploaded to Bambu?
@@coolspot18 This is exactly what is uploaded to Bambu when you send a log file.
my X1C wifi antenna is always disconnected but it seem's i can't disable the timelapse without the bambu app.
i'm getting tired of erasing those files.
hmm, it should be possible. I have it off on mine.
How did you decrypt it?
X1Plus.
Dig into what connections the bambu handy app connects to. Then check out and see what it wants to access with prepossessions. I already dug into this and i think people would be surprised. But most people wont as they expect this type of stuff.
Unfortunately we wont be digging into the handy app. We wont be risking the privacy of our clients for that. Someone else will have to do it. Maybe you? I dont know :)
@@3DMusketeersthere keyword "privacy of clients" everyone defending Bambu keep comparing their personal data from Facebook, Google etc. they don't seem to understand that is more at stake than their person data. I don't think they realize legal ramifications that can happen due to clients data/designs getting leak to a 3rd party
I'm curious if your printer was connected to your network, would it have sent back a list of all visible WiFi SSIDs by the printer.. Wouldn't be surprised!
Mine has never and will never be network connected
Unless you are dealing with intellectual property or proprietary files, as a general hobbiest, my phone collects and sends far more data too far more companies at once. I’m not concerned.
While, yes, your phone collects and sends data, we should be concerned that a 3d printer is doing it too. It is one more step into our privacy that is not needed
@@3DMusketeers I agree. And certainly don’t want to argue the point with anyone. I will say that Google, Facebook, Apple even Bambu, they don’t charge for the services they provide. While yes, I agree that doesn’t give them the right to steal our data, without monetizing our metadata, likes and search histories, what is the alternative? Paying for the said service and the terms are no intrusion at all? I really don’t know what the answer is. I can’t think of a better one available that is “free” because nothing is really free. They could just not do it. That is best case scenario, but that isn’t living in reality either. Thanks for replying though and nice video. Cheers
I mean, Prusa does it without any logging (if you choose to keep it off). So why can't bambu?
But yeah, if it is free, you are the product, I get that 100% in most cases, but it does not NEED to be that way.
I'm curious, they recently reduce the amount of log data after called out by X1Plus. Could it be the developer forgot to turn off verbose logging before pushing to public release?
It's possible. Only way to tell would be to get a new printer and do a series of tests.
I believe they are working on a better logging solution with Bambu. I think one may ALREADY be out, but I dont have that firmware to test yet.
So how do we unencrypt our log files? X1Plus stated they will cooperate with Bambu and Bambu reduced the content of logfiles. I'd like to see for myself what is in my logfiles on my machine. Unadulterated.
If you have not updated past 1.7.0 you can install X1P and get it all. Once they open up, I am sure there will be a way.
>reduced
Just buy an Ender 3.
Naw get a Voron.
Do you have any evidence of your wifi password being stored in a file (likely) but being referenced elsewhere by file name or that password in any other text file (possibly being uploaded to Bambu cloud or AWS)?
Grep could be used to search the string in across all files in a directory if you could prove that
I never connected my machine to wifi, so no, I do not, but I never connected it, so it would not have that anyways.
@@3DMusketeers ah your other video suggested network connection information, was hoping it was elaborated on/found in this video
The confirmation of the ssid info is confirmed from the x1plus team
@@3DMusketeers ssid and password was being uploaded to the Cloud/AWS?!
Or just stored local on the machine and never referenced in Cloud uploads?
I cannot confirm that at this time since I won't be putting my machine online. X1Plus will be available soon and you're welcome to check then. Don't forget, there has been a great deal of time between those 2 videos and Bambu has been changing things
My only complaint is that we didn't use the thumbnail that had a literal log and file.
LOL that one was funny though...
For those that dont understand this comment, it was something that happened in the discord.
There are two audiences for this. As a business I would be very concerned as a hobbyist, not so much. If they want to see my flexi dragons - I don't care, but if I was printing a part under a NDA it would be a real problem. Thanks for bringing to everyone's attention. How will the X1Plus handle this?
X1Plus can run lan only with a shield, so its impossible for the machine to upload anything. But I still wont put my machine online.
No one printing parts that are sensitive are going to use this. Soon as you connect it to the network IT will disabled it and remove it.
@@user-jy8ud6bt5k Agree. I would not even consider this for a business, but as a hobbyist, it is not important. really want to use the new X1Plus which should fix the problem for everyone.
Perhaps the origin of the repeatedly seen "plate_1" term is due to the slicer supporting mulitple build plates in a single project.
That one I do not know.
@@3DMusketeersThen test that.. Rename a plate to something else in your slicer (they're blank by default), add a 2nd plate, call it something else, and drop a benchy on it. Really not too difficult to figure that one out.
it does not. they are all plate 1 from what I see
Yes. If you have multiple plates in a project, and print only plate "3", the gcode filename will be "plate3.gcode". We have seen this as well.
@@AlAmantea Never something we tested, we normally only send one plate at a time. And it is done always via SD
The picture would be alot different on a1 series and open frames peinters since the camera view is not blocked by an enclosure.
correct, the P1P would see a lot more too. However, we are unaware of the level of logging in those machines
@@3DMusketeers valid since your testing was only on X1C.
And the only logs we can decrypt, currently, are the X1 series.
First of all, let me offer a correction. This is not the “log file”, you just dumped the log folder. And 90% of what I see through this video is mundane android/linux logging.
The other stuff would go to the log folder, because applications also use the log folder. So I would expect to see things like the plate shots of finished prints, because that’s likely an automatic daemon to provide a thumbnail for Studio to display in the timelapse pane. I knew about that over a year ago when they added it to studio.
Many of the images you showed are the thumbnails generated by the slicer for use on the printer display, or in the handy app.
BTW the two bin files are binary data of the lidar scans. Since you can ssh into the machine with XPlus you can run top (if it’s in the build) and see all running processes, and their names. Might be able to deduce the application name. I plan to do this when I run X1Plus.
But, you displayed an important thing here and you don’t even realize it - the syslog with the boot sequence. Looking at that we can see the file system is android based, which makes sense since it’s an ARM architecture and using eMMC storage. Based on the kernel version it’s likely Android 10, which encrypts automatically. So there’s the reason for system files being encrypted.
Also, the mainboard being named “Bamboo” is cute.
Finally, just run a damn benchy and show us the json file.
No, it is the log file. That is what they have. I also showed the dumped log folder in the video, in the beginning where we showed they were similar but different.
The thumbnail images in the gcode are likely just pulled from the 3MF, but just those couple. The photos from the camera are not slicer ones
it uses a spintrol MCU which encrypts on chip.
The machine is Busybox Linux actually. And yes, that is the boot sequence for the machine, you can see some of the little easter eggs from X1P as well.
So key question… what is actually uploaded? This is what is stored on the machine… and yes bambu need to clean their stuff up on a full reset… they got lazy on that part… erase or format those log files before reset… but is it what is uploaded the entirety of the log files? I hope not…
Nope, this is actually what's uploaded. This is a whole log
Fantastic work. I think it's good I avoided this printer for my purposes. Had a bad feeling about it from the start.
Thank you
Wow! That's horrible! This needs to be shared trough all 3D Prinitng forums and sozial media.
It has made rounds but you are welcome to post where you would like :)
Thanks Grant great video. Would be interesting to see if other companies are doing similar things. That said, Bambu has been especially bad faith about this so I think it's fair to single them out.
Most other companies that we have seen logging let you view it in plain text and allow you to turn it off.
So there is proprietary information of yours which you even had to censor and this is send to Bambu Lab a trusty Chinese company wooow awesome thumbs up hhshahahah
So unsurprisingly they can see anything you have installed as a mod through the camera, anything you print, they can probably load the g code name thus the geometry and all toher stuff
yep, pretty much
the other thing a lot of people are glossing over is the company is basically DJI (all the top staff are DJI) which has a known history of this kind of stuff. Quite frankly with how heavily this thing is being marketed and pushed I would speculate its a CCP front subsidized to corner the market and steal IP. But I am the tin foil hat typw
I am not trying to downplay the fact that they say they aren't when they actually are but with the dramatic video i really thought you were going to open one of those files and see a picture of your kids plaing in the back yard holding your social cecurity number.
For my use case, i have nothing i wouldn't openly share with others. Mainly because i only print things I've gotten from thingiverse. Unless someone can point me to a sub $600 low hassle multicolor high speed printer other than Bambu i may go with them anyway.
Does the video seem dramatic?
The lighting is so nothing in my background was visible, so no one could sit and say WELL THIS COMPANY OF SO AND SO MUST HAVE PUT YOU UP TO THIS or something. It was done to block out the printers in my background lol.
If you would share you external IP, your MAC address, and exactly what you are printing with everyone, I welcome you to comment with it below. Do note, links wont work in the comments because of how YT works, so do not bother linking the files. Instead, toss all your print settings, where you got the models and their names. That should be sufficient.
You perceive low hassle but miss as to why the price is so low. Remember, data has a value. You should make sure the data you give you are getting paid for. Mind you, the X1CC is what, around $1600 all in shipped? I think mine was like 1583 and change
You may not have issues with what is being sent, and that is clearly a different talk all about privacy, but you can at least understand the overall points: The bulk is normal, but overzealous, logging. A machine that was 100% offline is somehow authorized to cloud upload without granting such access. A machine that is 100% offline attempted to make connection to a cloud server a few times with some 3MF files. User print data is present within the logs. These are all things Bambu says that their machine do not do. Those are all causes for concern.
@3DMusketeers to me, yes, it did seem dramatic. I truly was glued to the monitor, thinking they were recording your voice or had pictures of you in your house...no sarcasm, I thought that's what you were building up to. This seems very similar to the privacy issues that Eufy ran into a few yrs ago and patched in a short period of time. I hope Bambu finds a solution to this issue. Unfortunately, it appears others are following suit with cloud solutions. You never pointed me in a direction of a color high speed printer in a reasonable price range. I've been running my Anet A6 for 9yrs now and was so excited to upgrade. Now I'm going to wait and see how Bambu responds. And no I wouldn't post my IP, I'll concedethat.
Okay, this is an honest question I ask with pure intentions: what could I have done to remove all branding behind me (even though it's unintentional) without doing what I did? Removing the machines is more work than you may think..
As for a cheap multi color printer, there's not much. I don't mind them being expensive, because multicolor this way is incredibly wasteful and most don't seem to care about that.
The new phrozen printer seems to be a dead Bambu clone so we will see how that comes out I guess!
@@3DMusketeersI never felt like you had an agenda. It was the great lengths you went to prove you didn't have an agenda that made it feel so serius....and I get it is. This is your life, those prints they are trying to upload are you hard labor and an NDA violation. But I'm just an electrician trying to milk out a 9yr old Anet A6 until I can get into high speed and color printing machine. I really hoped the A1 was it. I print trinkets for my daughter and parts for my drones or workshop. Spending $1400 for Prusa that does color makes no sense for me. I'm not dismissing you in fact because of your video I'm going to wait and see before I make a decision. Hopefully BBL will allow people to opt out of this stuff for people like you. I would be willing to let them look at my prints to improve the printer. I'm still hopeful that I can get into this machine or something similar this year some time. Maybe you could do a show on "Bambo A1 competitors to consider"...just a thought.
Dude, the previous videos we have had people just rail me on every stupid thing they could.. So I took it all out lol. I guess if you dont have that context, this is an odd video.. hmm How to ride the line I guess by removing as much ammo for the fanboys but still keep the general look and feel. That is one I will have to think about.
The A1 is a fire hazard, so I would frankly recommend an Ender 3 before this. Literally any modern printer would be a better option at this point.
I think the desire for color is what will shoehorn you into only a few brands. Previous to this, if you wanted multi color you were doing it by layer, painting the models, or spending 70k+ on a true full color machine (like we did).
Grant, thanks for continuing to explore and share the facts. Knowledge is power. This would be a perfect tool, for the wrong player, to spy on industrial or military competitors.
It's like they were caught doing it in their old company and subsequently banned from doing business with the US govt....
Very good writeup! Thank’s for that sir.
So basically - either keep the machine completely off grid or buy something else… The big question is what to buy instead, that can produce the same print quality for about the same money. The I3 Mk4 of course, but it’s not quite comparable due to the lack of enclosure.
So far we have really liked the Qidi lineup, but I can now be public about the Magneto X... and just sayin, it is that.. Yes it is more pricey but holy hell its nice.
I have been enjoying my qidi x max 3 but I've only owned it for about a week so take that fwiw. Qidi gives you a heated chamber too which the bambu does not
I have been looking into Qidi too. I like X-Max-3. Cheap too, if one can live without multi color. Haven’t heard of the Magneto X. Will look into it. Thank’s!
@@johnhansson8646some people are working on an open source spool changer so you might not have to give it up after all
The Magneto X looks awesome. Too bad it can’t be ordered currently. The price is a bit steep too… Not too bad though. If I could have ordered one I probably would have 😀
Thanks for the PSA Video Grant. Hopefully this gets out to a wider audience, but it seems to be getting buried by the Bambu Bros on other social sharing platforms. As a hobbyist making fun stuff for my kids no big deal. If I put on my work hat though, as someone in charge of an IT department for an Engineering Company that does tons of NDA work for large companies, this clarification on the logs makes them a 100% no go for us, they already were just because of the log files being large and encrypted and not knowing what was in them. Plus the closed ecosystem doesn't help when the competition can be flashed with an open and verifiable firmware, makes them all a no go for our business case.
I just wish more people in the community thought that way. I respect what Bambu did for the hobby and to grow it. At their price point their hardware is well done, but I absolutely hate how they do business and their locked down ecosystem. It's just sad that people don't seem to care about trading their privacy for convenience.
Yup the hate is rolling in unfortunately, Much by those who clearly are not watching.
Your comment on pro vs hobby is exactly what I expect from the community (and thats fine) I actually talked about it for a bit in this take but we took it out because its more opinion than fact lol.
I too respect what Bambu has done in awakening the race to other things than the bottom for pricing, and that is great, but they have hid behind these logs, claiming, now proven inaccurate, that the machines dont do things we can clearly see them doing. I agree, it is sad people dont care about privacy, or claim they dont, but those same people would tell the police to come back with a warrant, they close their blinds, and they wear clothes lol.. While I get it is not an all or nothing thing, they definitely talk like it is :/
I'm Stil waiting on the privacy team to respond to my request for all the personal data on their servers as required by law. They've been stalling for several weeks now.
In the credit of Bambu, it is Chinese New Year celebration right now and everyone is on vacation, so I would give it a couple more weeks minimum. Bad time of the year.
Just purchased the Bambu X1C thanks for the great info, unfortunately I upgraded the firmware and no way to go back. Also just purchased the Flashforge Adventurer 5m pro couple months ago can you jailbreak that one too LOL.
I have been eyeing those.. they look like great value
Interesting, they are sending whole files over to Bambu. I can see why they want to do that, but it's sus. I want to say that's a lot but what kind of info are other printers sending over the network? Just to have a frame of reference, I have my Mk4's and Mini on Prusaconnect and I know friends who have K1 Max's on creality's service.
At least prusa lets you see exactly what you are sending, so you can decide. They are bound by EU laws which are much more strict. Creality has shown before to not be trusted, so I would not ever risk putting a creality machine online.
@@3DMusketeerstechnically, Bambu are bound by EU laws too if they sell their products in the EU. Maybe the right people will take note of this video.
@@3DMusketeers I assumed as much, I just don't know what a normal amount of info being sent over is. If you could make a video about that that would be awesome! That's all I'm saying with my message lol
by prusa or bambu or who? Because our machines must stay offline, I amy not be the one to do that video alas.
WIll be interessting to see how the community responds to this, the customers Bambu Lab attracts will probably not care which is a shame. I was pretty sure that the machines send data back home, but seeing the scale here in black on white hits different.
You got it. Not only do they not care they are making excuses for it. The facts are in front of them and they can't see it. They say I'm biased some how in this video that I use a bad tone. Like, bro, it's the most monotone I get. I spent over 6 hours just filming this to get good takes with no emotion lol.
It's frustrating, because I was hoping they would at least be open to seeing exactly what's in there. Instead they stick on NEEDING to see what I've obscured because somehow they feel it will make things better and not worse.
It's why I urged people to do their own digging.
Ugh.. sorry. I'm just frustrated already and it's only 8am. I'm going to have a good day but the level of people here apologizing for Bambu saying nothing is amiss is a huge issue
Could the GDPR be relevant for EU users?
Not being knowledgeable for GDPR I do not know.
GDPR relates to any kind of information that can be used to identify an individual. Too much to cover in detail here, but basically no such data is allowed to be stored without the explicit consent of the person at hand. It also states the right to request access to the material that has been stored about you, the right to request that stored information is deleted and a lot more. So if the collected information can be used to identify someone, then BL is in deep water.
100% it can. Mind you though, the machine knows where it is in the world, so they may have different settings in the EU, it will take users to install X1P to find out.
@@3DMusketeers Prove it - that would be a video worth watching. I don't own bambu stuff, but i'd totally volunteer a log :D
I mean, I cant, because I am not in the EU.. it will take someone over there to find out.
Your printer is not connected to the Internet, but what would you do if you had to contact Bambu Lab for support? They normally ask you to send them a copy of the log file, and while you could certainly refuse such a request they could say they're unable to provide support unless you first send them a copy of the log file, never mind that many troubleshooting requests can be handled without looking at any log files.
Yes I would have to send that log in. I have had multiple occasions where the log was required for them to help me and in fact is what led to me returning my second machine
@@3DMusketeers I am guessing you factory reset the machine before sending it back. Does it actually delete the log(s) on factory or do they magically stay after the reset? Not sure if I missed that part or if you tested after a factory reset sorry
@@Unkemp7 We didnt have the ability to see into the logs at that time. So we did not know. It does not appear to be a TRUE factory reset as we would like to see.
Spicy
Extra spicy
Enought time to pick up some popcorn
I'm not sure I want spicy popcorn ...
So what I got from all this is that bambu now has a picture of my weenus. Great….
Add it to list
I don’t see why bambu would need to log the gcode files for troubleshooting, files that can have Itar etc, that is definitely illegal. If they said that they store the gcode that would be different but they definitely say they don’t. Also according to the GDPR a company can only store you’re data for the time it needs, like you give them your log for troubleshooting and when the issue is solved the data should be erased. But we all know how Chinese companies have to keep all the data they track for the CCP.
EU entities should definitely have a look at this
The machine knows where it is, so it may have different commands for the EU, but I would urge a user in the EU to do some digging if they can
I was thinking of getting a p1 but after seeing this I dont think I want to given it requires internet connection unless you want to use a micro sd forever
I dont mind the SD card forever personally
you can block the printers internet access in your router. thats what I did. and: orca slicer in stealth mode :D
@@johannhans678That does not stop the logging.
These files are only sent when you send them to bambu....they are not just given whenever the machine wants to send them. You have to physically at the machine request it to produce this dump and then its only put on the SD card that you manually have to place into your computer and upload after reading all consenting documents on the support page. Multiple air gaps that ensure if you are going to send them they are under your own free will.
I was listening to this while working. I can understand why some of the data being sent could be a bad thing for certain entities. But, unless i missed something, i didn't hear anything that is particularly concerning or unexpected. I wasn't aware they had stated that gcode was not uploaded but i was pretty much under the impression that my gcode was running through there servers every time i wirelessly sent it a print. If you were under an NDA i can understand not wanting them to have your gcode even though i personally think it wouldn't help them. Lets assume that for whatever reason normal means of reverse engineering were not an option. lets also assume that somehow they have the ability to sort through thousands of models and find the ones worth stealing. Even then all they would have is a model and a name. And really what could you do with something like "42mm upper housing track". Having some images is also not a problem for me but i don't have my machines anywhere where the camera could pickup something sensitive. Quite frankly i was expecting entire time lapses to be included in the log so pictures are just whatever. Slicer settings also seam reasonable to me so they can try and find what is going wrong. I also have a feeling that most of the information in these log files cannot be accessed except by a small elite group of the company otherwise we would almost certainly have had an anonymous "whistle blower" by now. I know that you do allot of NDA work and having gcode being sent to another company would be a violation. But assuming you were just a regular person with a 3d printer, which piece of included data do you feel is most alarming?
Whistle blower? that is laughable. I spent almost a decade working in China and Taiwan consulting for technology companies. There is a reason why Apple does not flash the firmware on any of their devices manufactured in China and shipped them out of country to be flashed. there is no respect for data privacy. In addition all data collected by companies has to be stored indefinitely and provided to the CCP, that is the law and there are no protections for the consumer. There have been tons of documented cases of IP theft in China, so if you are printing anything on a Bambu, you have to make the assumption that there is the possibility of your design being stolen. China has invested heavily in data sorting and it is trivial to find a needle in a hey stack. I have always said if you are just printing objects you find on the internet or toothbrush holders, a Bambu is a great printer. If you are prototyping or making parts for your assembly line, Bambu would be the last printer I would choose.
If you are on their cloud, assume they have 100% control over your machine.
My machine is 100% offline, never has been online, never will be. The fact it says it is authorized to upload data to the cloud and was actively trying to access cloud servers is a huge issue.
I have my timelapses turned off, but photos are definitely in there, so it is possible I would think.
The logs are accessible by anyone with X1Plus which should be released shortly.
As a hobbyist as well, maybe my profession makes me more susceptible to seeing data privacy issues, but me personally, my data has value, as yours does. I aint giving it for free. Will the average consumer care? prolly not. but why is a whole different conversation
@@MrKornnugget Sure they can sort through data but to find a needle in a haystack you need to know what a needle is. Even if you had an AI using a combination of keywords and analysis of model geometry you would still have to take the results and figure out what in the world it was supposed to be along with any non 3d printed components that were required to finish the design. And that's assuming that they actually have all the models for the design. It would be like trying to build a jigsaw puzzle without the box for reference and not knowing if you had all the pieces.
@@UbberMapper Let me give you an example of something that recently happened to a company I was consulting with. A Korean firm was bidding on a multi-million dollar project to build a high-rise compound for a goverment project. They sent the models to a 3rd party to build a diorama or mock-up. The models were just the external miniature shells of the buildings. During the bidding process, a competing firm from China under-bid on the project with carbon copies of the Korean firms buildings. Internally the buildings were different, but the unique external design was almost identical. After a year of investigation, they found that the professional 3d printers had a backdoor and moved the models to an unknown IP address outside the firm making the diorama. I am not going to name anyone, because this is all currently wrapped in litigation, but I would never use any printer hooked to a network that has access to the internet and I would not make the job off the CCP easier by giving them access directly to my printer if I was printing anything, anything that was part of confidential IP. Also, any company operating in China has to, by law retain all collected data and provide it to the CCP. There are no protections for any corporate data in China, period.
oooh that one I am not aware of.. email me ;)
I am aware of Creality vs Artec 3D right now, not much else in terms of IP
What's x1 plus?
A custom community firmware for the X1 series. We did a video on it, linked in the description.
Wow... Like all of my other IoT devices, my X1 is now on a wifi network with no route to the internet. This is the ONLY way to resolve the issues demonstrated here.
Unless you are required to send a log for support. Then no, there is no way. You can't stop the logging, not to my knowledge. Mind you, some of it is fine and good and likely quite helpful, but it all being together isn't my cup of tea.
So model g-code is/was sent to bambu. Ehh. I asked them about that when they posted blog about logs and when they published security contacts emails... and they didn't even reply.
shame really...
Thanks, finally someone thoroughly analyzed what a simple print can reveal to a third party without anyone knowing. It's the biggest piece of crap I've seen in 3D printing in a while. Thanks for your huge amount of work you put into this.
Well, to be fair, we didnt analyze the logs in this video, we just showed you, but yes SO MUCH WORK went into this.
In the end, I'm glad I didn't jump on the Bambu Bandwagon. I'll just stick to Prusa, and to some extent AnyCubic & ELEGOO. I'm tempted to get one Creality Printer, specifically the CR-30.
We have a cr30.. I need to get it running. It was bought in a questionable state
Glad i bought x1c so sick of elegoo, for no reason nozzle drags over previous layer.... Fixed Gantry level, perfect esteps, perfect flow super smooth surface but still ...
@@sebastiann9279 How's their Saturns? I've heard great things about them.
I love my Elegoo resin printers. We have some saturns, mars's and Jupiters. All work great. Had some shipping issues with the Jupiter's but they are taking care of it when they get back
So, basically if you are in NYS or well likely the USA don't use a Bambu printer Especially if you print anything questionable As NYS SP are now legislated to monitor Social Media and Internet transferred files and well the US Government has the Cloud Act
Yep. But it seems fanboys don't care..
Funny how this video has the lowest average watch time of a video but the highest number of comments ever. It's like.. people came to leave a hate comment then left without watching lol
How orwellian, they don’t have to manually copy your designes anymore, you just provide that for them free.
Lololol. I only saw a preview of this and expected you to be calling ME orwellian here but this is so much better..
Not only for free, you're paying for the opportunity to have it occur!
Even tho i fully understand the problems with this, but isn't tesla, bmw and others doing the same thing with cars? Collect data and apply ML and AI later. They want to collect data and use later ML on it.
I would not mind this if they would be transparent about it and show what they send.
I would not know, but could generally assume yes. Driving a 22 year old car, it's not communicating crap back to the dealer LOL
take that gcode file into simplify 3d as gcode preview and see if it is really the entire accurate code
it is.
I thought the same thing. Like do a 1 for 1 hash comparison between them... See if there's any hidden aspects that are disguised as GCode...
I'm thinking there's so much more that could be going out over the network if this is the stuff that is EASY to find.
Nothing we could find was different from that gcode file and the one we pulled from the 3mf
Not here to stir the pot, but more out of curiosity…
Is this actually a large deal for most people? Unless you’re printing proprietary things, or printing illegal items, I’m unclear what the difference is for most? For context: 90% of my files are downloaded off the internet then adjusted or modified as needed.
I’d assume that means the websites are also collecting similar information given I’m downloading from their sites, no?
New to printing, not super alarmed by this as you can always run LAN only mode, block the outgoing packets, or go offline with SD Card only, but understand it’s a little odd compared to some others.
Looking forward to y’all’s answers!
Not a big deal for me. I print and sell files from Patreon subscriptions. I don't work on NDA stuff for people. If you require a printer in an isolated environment I get it, but there are printers out there that cost more money and give you those capabilities. Or you could go cheaper and tinker more with your prints to get them to an acceptable level.
These printers are at a great price point for both consumer and business and produce quality parts. I have over 10,000 print hours on my Bambu machines and they work flawlessly.
I'm curious what percentage of Bambu users actually find this to be a problem as well. What percentage of Bambu users use these for business purposes strictly with projects under an NDA. Often ITAR is mentioned in Grants videos, but I would be surprised anyone uses Bambu for ITAR situations with all of the legal ramifications.
The average user likely wont care. That is a whole different conversation as to how people have been trained to not care about something companies clearly do.
Websites can collect data, but not on this level. This is reading lots of sensor data from the machine.
LAN Mode, nor SD only (Which is what I use) does NOT stop the logging, this occurs regardless.
I dont disagree that the price is right, but lets look at the value of the data. Now, we have nothing to suggest, at this time, that Bambu is doing anything nefarious with it, however it is certainly more than what is minimally required. Hanlon's Razor comes to mind here..
I would bet, given how popular these machines are, that many businesses use them, and those who arent read up on ITAR may make the mistake. But lets think about the 2a people, printing pewpews which upload a log to Bambu. That's a paddlin that Cody Wilson learned about first hand.
@@3DMusketeers2a guys are uploading directly to MakerWorld.
Anyone involved with ITAR will have a security manager who is well read, I held that job for a couple years.
Some will, others wont. You would be surprised the small businesses we encounter that do ITAR work and have no idea on the significance.
@@3DMusketeersI don't disagree that if all of this data is sent to them automatically, it could be a bit much. You had said this was when you exported the logs. Is this 100% what gets sent to their servers? I thought I saw somewhere recently that some logs get sent, but if you contact support, they do ask for you to upload the logs. If they already had them, it doesn't seem like they would want to waste that extra bandwidth. I'm not hardcore on either side, but I just like to be an observer of these topics and chime in where I can lol.
I believe with like ITAR situations a lot of companies could potentially drop the ball. For example, Microsoft has no certification for ITAR compliance unless you upgrade to a special Azure license I believe. SO much stuff goes into that compliance.
If I am understanding this correctly, information from a previous owner is not removed during a factory reset including gcode, photos of the print bed that also show area around the printer, MAC, WiFi information, etc? So because this information is still stored and a new owner connects the machine to their “full online services”, this information from the previous owner could be sent out by the new/current owner?
We still see evidence of the previous owner's records on this machine including some in the print log. We do not see their photos though, those are all of prints I did.
And yes, it could be sent out by the new owner, especially if they send a log without knowing what is in it. That is why we wanted to do this video.
That’s still pretty scary for a previous owner. As for the rest I find this EXTREMELY disturbing.
thankfully he is cool, I mean, he sold this printer to us (broken) for a great price.
just the facts, ma'am
absolutely!
Thanks for this good sir.
Thank you for watching! :)
Do you think that there is a way to only block the sending of the logs via a firewall and keep the control via app?
no. I do not think so.
The app part is what will screw you here. If you block the printer from sending data out with firewall rules but still use the app, they'll probably still have more info than you want. I would just offline the machine and the PC and do your slicing and carry it over on sd
If by app you mean Bambu Studio or Orca slicer, there is. Put the printer in LAN mode, and also block it from accessing the internet in your router (provided you have the knowledge and access to it). You can then send prints and view the camera from Bambu/Orca within your own LAN. The mobile app does not work within the LAN, unfortunately. Just cloud.
There is of course also a caveat to the above: Bambu Studio uses a proprietary network plugin, so even if the printer is no longer connected to the outside, your computer is, so to make sure that Bambu Studio doesn't act as a proxy (or sends it's own data/logs), you'd also have to make sure to block that from accessing the internet via the firewall in your computer.
@@mroek by app I meant app. Not PC software.
@@Ale-bj7nd Ok, in that case the answer is no. At least for now. I'm still hoping that Bambu adds this to the Handy app, so it can be used within the LAN, and not depend on the cloud.
Sorry. Lost my visa and my membership lapsed. Still got lots of love for ya
all good boss!
What you are requesting is similar to network support and just telling thr company "it doesnt work."they are going to need to know. This will allow them to find why it also messed up, address it in a future firmware update, or even pinpoint it was what you are doing that is causing issues.
There is no IP in China, they dont need log files to steal your stuff.
I dont think a fair bit of it is unnecessary for supporting, however, this just shows exactly what is being requested. Now it is on the users to ask why. I have shown you more than you would need to see to wonder exactly why a machine that has been denied cloud access is attempting to get to the cloud, why a company that on record says your logs do not contain your model files, yet they do, and more.
@@3DMusketeers we still aren't sure to be honest. I have sent logs to Bambu and it takes a very long time, much longer than my bandwidth should be. The data may be stripped and parts of the logs sent. We have the logs on your local machine, not the logs on the other side.
What can I do to help make you more sure then? or at least have a better, more informed opinion about it? I dont want to stray too far from facts, for various reasons, but happy to try and discuss more if I can!
why not print a benchy and do another dump ? you censured all the juicy stuff :)
Because that would have required me knowing what was in it 100% before getting a decrypted log. This, to me, shows how much proprietary data they are actually collecting
Creepy 🤦🏼♂️
unfortunately
I don't have this brand of printer and no experience with them, but wondering if this is simply them pushing a debug/validation team firmware to consumers on accident... And just people failing to realize it till now!
I am not sure. They have had plenty of updates to this.. Its not like this is their first firmware revision ever.
Obviously you won't do it because of what you are printing, but surely someone has captured the log files as they were attempting to be sent to bambu no? Just because there are local log files doesn't mean we should jump to the conclusion that everything is being sent all the time. I personally lack the expertise to do so, or I would have already. I would be more interested in seeing those captured files.
Why is everyone saying it's being sent all the time? I did not say that. I said, with evidence in the logs, that my machine is attempting to make contact with servers. That is fact. I did not say anything else lol.
@@3DMusketeers Fair enough. The point I more wanted to get across was do you know anyone with the skills to try capturing this data? You clearly have access to people with the ability to decrypt what is there, surely one of them tried this already? If so, could you convince them to share with the class (preferably something *not* under NDA so we can see unredacted files).
Yeah I have people. I've already sent them this log for them to go through. They have had it for a while actually.
WTF bambulab machine owners are really working for Bambu for free. Thanks for the truth...
The amount of people trying to justify this is a bit concerning. I just showed the truth and immediately people get defensive.
I would bet the logging aspects of the Bambu X1C will change after this video, as I am hoping Bambu sees the mistakes and can correct them