Post

Bambu Poop & A Clean Wipe

Posted
Preview Image
By The Maker Medic
6 min read

By now, anyone in the 3D printing community should be well aware of the controversy surrounding the upcoming Bambu firmware update. The TLDR: under the guise of “security” Bambu is releasing an update that will limit the ability of 3rd party apps to control or send files the the printer. For OrcaSlicer users like myself, it becomes more difficult to send the prints and control the printed from OrcaSlicer. It also effects those that use Home Assistant to automate some of the printing process. The real concern is this update opening the door for future enshitification.

I’m going to take this opportunity to do something I should have done quite awhile ago which is isolate my A1 Mini from the internet. Unfortunately, I will lose some of the Bambu convince features like the Handy App along with it’s notifications but I can replicate a lot of those features in Home Assistant. On the plus side, I regain sovereignty over my printer’s data and the physical device.

As of posting, the important stuff like isolating my system has been completed. I’m still working in building out the notification and control dashboards. Check back for updates!

Isolation

The first step is device isolation from the internet. Eventually, this device should end up on a VLAN but for now its on my flat network. To start, I put the printer in LAN only mode. The below screenshot shows my firewall logs of the printer communicating normally (08:50:18 and earlier) then only reaching NTP services after LAN only was enabled (08:51:14).

LAN Only Logs

Make sure the printer has a static IP address to aid in isolation and LAN connection.

Next I set up firewall rules on my router to completely deny my printer access to the internet.

Here is a sample of that block rule using the IP address on an OPNSense router:

  • Action: Block
  • Interface: LAN
  • Direction: in
  • Source: Single host or network - printer’s IP address
  • Destination/Invert: Checked
  • Destination: RFC_1918 Alias

In layman’s terms, any traffic that originates from the printer and is not directed to an RFC_1918 address will be dropped. RFC_1918 addresses are the reserved local ranges. So my printer can still communicate with local devices just not the world wide web.

The RFC_1918 addresses must be configured as an alias in OPNSense. I also created a second, redundant block rule using an alias and the MAC address of my printer.

In OPNSesnse, this block rule must be at the top of the list as firewall rules are analyzed in order.

Once the rule went live, I could see those same logs now showing everything, even the NTP requests, blocked.

Firewalled Logs

It looks like the printer is now truly local only.

Linking the Slicers

It looks like logging out and removing the printer from Orca/Bambu Slicers will remove any custom profiles. It may be prudent to backup these profiles prior to unlinking.

Previously I had linked to OrcaSlicer and BambuSlicer via the integrated plugin. I logged myself out in the slicers, unlinked my printer, and reset the LAN key at the printer.

I then reconnected my printer via LAN mode to OrcaSlicer. I was able to view the camera, send prints, and control the printer just as before but now without the middleman.

I did run into issues with the printer disconnecting from the slicer and requiring me to re enter the LAN key each time I started the slicer. I needed to find the orcaslicer.conf file. Located on MacOS at:

1

~/Library/Application Support/OrcaSlicer/OrcaSlicer.conf

From here, I made a backup of this file and deleted all references to user_access_code or access_code. On restarting of OrcaSlicer, I was asked again to pair the printer but never again since.

More information on this workaround be found in this GitHub issue.

While were in the OrcaSlicer app folder, we can also navigate to ~/Library/Application Support/OrcaSlicer/user. This folder contains some of the printer, filament, and print profile settings. In the event they were lost and not backed when unlinking the printer, they may be able to be imported or copied from here.

I’d expect most of the above would also work on BambuSlicer but I have not tested it.

Scrub my Presence

Now that the printer is on LAN and for all intents and purposes, Bambu has no idea if/when/what I’m printing, I decided to work on scrubbing what I could of myself from Bambu’s servers.

The LAN only switch on the printer already removed the connection to Bambu Handy. I logged into my MakerWorld account, removed any models, and deleted most information in my profile. I left some breadcrumbs regarding locating my profiles on other platforms.

I have yet to delete the Handy App or my Bambu account although this may change in the future. For now, I still browse and collect models from MakerWorld. I also need to get the occasional spare part, nor can I pass up their filament sales. Time will tell if this turns into a full boycott. I will update my blog if and when that occurs.

Notifications

I’m already running a Home Assistant instance but had yet to experiment with the Bambu Custom Component. I went ahead and installed it from HACS and linked my printer in LAN mode using the provided instructions.

Immediately my pinter showed up on Home Assistant with access to the camera, status, and controls. I’m now in the process of designing a nice dashboard for viewing and controlling the printer.

I also plan to leverage the Home Assistant Mobile App and notification platform to develop some familiar alerts.

Once I get something up and running, I’ll post a nice walkthrough and some examples.

Remote Control/Monitoring

Not only am I already running a VPN, but also Home Assistant Cloud. This seamlessly gives me access to my printer via Home Assistant even when away from my local network. I have a feeling I can replicate a solid remote setup using these alternatives. I’m also experimenting with a self hosted OrcaSlicer instance.

Again, when I finish figuring this all out, I will post some updates and documentation.

What I Lost

After a few hours of playing around I don’t feel like I lost out on much. All I really miss are some notifications, but I plan to fix that soon. I know I also lost out on sending models from MakerWorld direct to the printer and some of the in app control along with the exclude object features. However, after a few hundred print hours and running a small print on demand shop I never really used the features.

I’m fortunate enough to already have a solid VPN, automation, and self hosting setup along with the associated knowledge. Couple that with my experience from the Ender years and Voron build making this transition was rather simple. I look forward to finishing up this transition. I think I won’t end up missing a whole lot of functionality but rather will gain more.

Blog
Blog 3D Printing Bambu
This post is licensed under CC BY 4.0 by the author.