| docker | ||
| scripts | ||
| src | ||
| .dockerignore | ||
| .gitignore | ||
| .python-version | ||
| Dockerfile | ||
| LICENSE | ||
| pyproject.toml | ||
| qemu-kernel.sh | ||
| qemu.sh | ||
| README.md | ||
| TODO.md | ||
| uv.lock | ||
BambuRE
Scripts
All these are intended to be run by uv or inside Docker, which makes package management easier.
All of them except image_unwrap.py and slicer_config.py require your printer's /config/keys in fs/config/keys. It is suggested to keep a backup copy of your ptiner's /config in fs/config and /oem in fs/oem.
refresh_key_material.py
This script is useful to initialize the Bambu private keys from a firmware dump or refresh it looking for new keys.
For this to work you need at least the following files from an X1's filesystem:
- /usr/lib/libbbl_verify.so
- /usr/lib/libbbl_derive.so
- /usr/bin/log_crypto.sh
- /usr/etc/security/keys/rsa_pub.eng.txt
- /usr/etc/security/keys/rsa_pub.pro.txt
mkdir ./tmp-dir
# To grab the keys from X1Plus
scp username@your-printer-ip /usr/lib/libbbl_verify.so /usr/lib/libbbl_derive.so /usr/bin/log_crypto.sh /usr/etc/security/keys/rsa_pub.eng.txt /usr/etc/security/keys/rsa_pub.pro.txt ./tmp-dir
# But feel free to use any alternative approach to obtain the keys
uv run ./scripts/refresh_key_material.py -d ./tmp-dir -o ./scripts/lib/priv_const.py
rm -rf ./tmp-dir
If you have a printer's full rootfs (such as via decrypted firmware image), you can also point the script at that
uv run ./scripts/refresh_key_material.py -d ./printer/rootfs -o ./scripts/lib/priv_const.py
Inside of docker you can run /docker/refresh_key_material.sh which will mount a rootfs from the embedded firmware and refresh from it.
image_unwrap.py
This script will decrypt/unwrap Bambu's .sig files
uv run ./scripts/image_unwrap.py -o output_file input_file.sig
log_decrypt.py
This script will decrypt the encrypted log exports from your printer.
uv run ./scripts/log_decrypt.py -o decrypted.tar PRINTERSERIAL_all_20201107050130_enc.tar
slicer_config.py
This script will decrypt the Bambu slicer's BambuNetworkEngine.conf. It should automatically determine the path for you.
uv run ./scripts/slicer_config.py
RE tools Docker image
Build and run Docker container (this mounts /src)
If you have backups of your printer's /oem and /config, feel free to put those in fs/config and fs/oem (don't bother with fs/userdata unless you are sure you need to).
In the example, /work/src will be mounted to the src directory, so you can use it to grab files out of the printer and put them into your host OS
docker build -t bambure .
docker run -v "$(pwd)/qemu:/qemu" -v "$(pwd)/docker:/docker" -v "$(pwd)/scripts:/scripts" -v "$(pwd)/fs/userdata:/work/fs/userdata:ro" -v "$(pwd)/fs/config:/work/fs/config:ro" -v "$(pwd)/fs/oem:/work/fs/oem:ro" -v "$(pwd)/src:/work/src" --privileged --rm -it bambure
Mount the Bambu FS
# This will mount the rootfs inside the container at /work/fs/root
/docker/mount.sh
Chroot into the Bambu FS
# This will mount the rootfs inside the container at /work/fs/root
# and mount auxiliary filesystems like /proc and /sys
# Then it will chroot /work/fs/root
/docker/chroot.sh
Bambu firmware in QEMU
First, you need to make sure to have a bootable kernel and modules in your local installation. Feel free to use the ./qemu-kernel.sh script for this on Linux.
Further, you need a root MMC image. This can be built with the RE docker image.
You can use the above docker run command to open a shell in the container.
From there, run /docker/qemu/newdisk.sh and it should generate a bootable image.
Now you can just run ./qemu.sh (outside of Docker) to run the FW in QEMU.
If you want to change the way the rootfs is modified or patched, just edit ./docker/qemu/modify_rootfs.sh or ./docker/qemu/rootfs_mods/