Get the latest tech news

Reverse Engineering Bambu Connect

Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here Reverse Engineering Bambu Connect From Consumer Action Taskforce Jump to navigationJump to search This is part of the Bambu Lab Authorization Control System article. Bambu Connect is an Electron App with Security through Obscurity principles, hence it is inherently insecure.

Bambu Connect is an Electron App with Security through Obscurity principles, hence it is inherently insecure. Finding the needed decryption code is easier in the .dmg Extract bambu-connect-beta-darwin-arm64-v1.0.4_4bb9cf0.dmg[1], in there you can find the files of the underlying Electron app in Bambu Connect (Beta).app/Contents/Resources folder The app uses asarmor to prevent easy reading, the key is stored in ./app.asar.unpacked/.vite/build/main.node and can be extracted. Then search for the GetKey function, or press G and go to 0000b67e[2] Write down the hex key, for this build it's B0AE6995063C191D2B404637FBC193AE10DAB86A6BC1B1DE67B5AEE6E03018A2 Install the npm package asarfix and use it to fix the archive: npx asarfix app.asar -k B0AE6995063C191D2B404637FBC193AE10DAB86A6BC1B1DE67B5AEE6E03018A2 -o fixed.asar Now you can extract it in cleartext with npx asar extract fixed.asar src./src/.vite/build/main.js is minified, use any JavaScript beautifier to make it better readable.

Get the Android app