X1 Firmware Jailbroken - A crossroads for Bambu Lab

If you’re an X1 owner. Here’s an argument for not upgrading your firmware.

Bambu Lab!!! Here is a crossroads for you. Do you get behind the community or withdraw and block attempts to allow your customers to tinker with their property?

4 Likes

I wish Spaghetti Monster took these efforts openly and welcome such community instead of trying to kill it.

Ditto…wish they’d realize that you’re not losing any business my welcoming these efforts!!

Majority of people won’t bother with it, the ones that will are relatively few…and the gains made by all the new customers you’d get just because they see more “openness” to the platform would greatly offset any “perceived” theoretical losses. Seriously if anyone from BL reads this, consider this point!!

Dead serious when I say that I was this close just this morning when I first heard about this on pulling the trigger on an X1C solely because of this ‘feature’…until I heard BL was going so far as to ACTIVELY block downgrades to the appropriate firmware. I don’t yet have a BL printer, and at this point if/when I order one I’m definitely going to start with a ‘basic’ A1/mini if anything. Somewhat disappointing signs for sure, imho.

1 Like

Sad. I already have the latest Firmware installed…

One great outcome of this is that FUD spreaders now can’t claim BL are stealing firmware or lifting customer data from the printer.
The only thing I truly wish official firmware had is mesh bed data.

I am pretty confident we’ll see some sort of official dual boot or plugin system in time…

3 Likes

And “POOF” your wish has been granted. Apparently he took this seriously and responded in an honest and refreshingly candid post in his blog.

It looks like he is giving a nod to the industry and taking a page out of the Prusa Playbook. Prusa locked down their firmware some time ago for security reasons but they had already baked into their PC board a breakaway tab which allowed the user to then do whatever they wanted with their device. Of course this voids the warranty but that is totally reasonable. One can’t expect a company to support a product that they modify but the choice to modify should be ours, not the manufacturer.

Spaghetti Monster specifically stated in his blog that they have chosen, for good or for bad, to follow the Apple philosophy of a closed hardware platform. This was refreshingly honest. However, where I must give kudos was that they are also acknowledging user choice and appear to be promising the users the option of modifying their property at the expense of voiding their warranty. He even states that they will try to support a reversal back to factory firmware but they make no promises. The warranty would be permanently voided of course once one signs the waiver. That is a totally fair exchange. :clap:

1 Like

Voiding the warranty of machines used with third party firmware is perfectly reasonable. Bambu already requires the printer serial number and log file for any support ticket, which I am sure includes the serial and firmware version. Requests for support of non-Bambu firmware could be automatically rejected.

Spaghetti Monster’s response is a good step forward, but I would need a way to return to current factory firmware before I would try the X1+ option, so I’ll be awaiting further developments.

2 Likes

Depends on law, region etc.

In EU:

They can only void their own warranty as manufacturer.

But there is also 2 year statutory warranty that applies to sellers (this means Bambu if bought from their store) and it cannot be made void.

Wow. VERY impressed with BL’s reaction and solution here. Not many companies out there would address this with such grace and poise, and ultimately deliver a compromise that satisfies (most) parties. I’m not gonna lie I’m seriously impressed!!

I don’t think you can rely on that warranty if you have modified the product. Every discussion of Directive 1999/44/EC that I have found mentions that the seller is not bound by the warranty if the failure to “conform” to the intended purpose has its origin in materials supplied by the consumer.

2 Likes

Here if something in product failed and modification didn’t cause that fault then failure is still covered under statutory warranty.

What I read out of the blog post:
Users with firmware 1.7.1 will be given the option to sign the waiver and install the R-firmware and then they can go to 3rd party firmware.
Firmware from 1.7.2 onward it will be back to the walled garden.
For the customers, who buy a printer in the near future, be prepared to get a 1.7.2 or higher printer with no choice to go 3rd party with your firmware.
There will be no permanent choice for 3rd party firmware.

That’s not how I read it. The difference between your understanding and mine is that I understand it as everyone will have the one time option to run 3rd party firmware. They have to wave their support/warranty rights and then there machine will be sent Firmware R to allow 3rd party firmware. I also read it as Bambu firmware beyond 1.7.2 (updates/features) will not be shared/accessible to 3rd party firmware developers.

4 Likes

This is point 5 from the blog post:

5. Future official Bambu Lab firmware releases after firmware R 
will have new security measures applied to prevent rooting, 
and we will no longer provide solutions for rooting the 
new versions of the firmware.

Thats the reson for my conclusion. But the future will tell.

Citizens of the European Union cannot waive their warranty rights; therefore, the form and declaration that Bambu Labs wants users to fill out are void in this regard (cf. “Unfair Commercial Practices Directive” (2005/29/EC), the “Consumer Rights Directive” (2011/83/EU), and the “Sales and Guarantees Directive” (1999/44/EC)).
There has been a precedent for similar cases with mobile phones, where it was concluded that in the case of custom firmware or software installation, or rooting, the warranty is not voided.

Within the EU, consumers have the right to repair after the warranty period expires. This means the company must allow independent services to repair the product. If the warranty suddenly ends now, this should be facilitated (bye-bye encrypted logs).

Well, this is Europe, whoever enters this market, and especially a DIY segment, should give up all hope. :smiley:

It’s understandable if there’s no support for non-factory firmware on the device.

All I can say, Thank God for the EU. If it weren’t for the halo affect that we can thank the EU legislature for, the US consumer wouldn’t have any consumer right’s whatsoever.

While overall, a positive response, I think it is lacking in multiple areas. I cannot say whether what I consider to be invalid arguments are intentional spin, or just a lack in understanding of the real desires of its tinkerer-users on Bambu’s part.

The entire ecosystem, including hardware and software, was designed under the assumption it would be closed, with Bambu Lab having full control over its evolution, except for the slicer, as it used open-source code.

Having a more open environment doesn’t at all preclude Bambu having full control over it’s evolution. Since everyone likes to compare them to Prusa – Prusa has full control over the evolution of it’s machines. They didn’t somehow lose control over the Mk3->Mk3S decisions just because some random tinkerer could run their own firmware if so desired.

Having control over the printer hardware and software allows us to ensure a quality standard which is set to serve as a baseline.

Nothing about giving users more direct access to the printer invalidates the above.

Opening the system with Root access would provide everyone the possibility of adjusting settings they might not understand completely, potentially causing problems that are hard to replicate and solve.

Once rooted, it becomes signifficantly more difficult for Bambu Lab to provide troubleshooting and customer support, or take responsibility for printers not running our firmware.

While fundamentally a true statement, the same can be said for slicer settings. You can do pretty nasty things to any 3d printer by screwing up the slicer settings. Obviously staying with Bambu Slicer reduces that some as they remove the ability to tweak some settings but, at the same time, allowing third party slicers and gcode undermines this whole argument to some degree.

Installing non-official firmware means customers waive official support expectations and take full responsibility for their own printer’s security and safety.

I don’t actually have much issue with the above statement. I would argue that 99% of people who would install custom firmware on a printer would agree that if they break the printer by tinkering at that level, it’s their fault and they have no expectations that Bambu should bail them out. The other 1%, well… some are very misguided in their beliefs and some are just dishonest (sorry, that’s the way I see it).

They may also have inadvertently opened themselves up to significant liability here. By saying that they are absolved of all responsibility once custom firmware is installed, it could be argued that they are implicitly accepting responsibility for everything that goes wrong when running their firmware. If you are telling be that running custom firmware, I can break the printer then that mean that Bambu Lab firmware keeps me from breaking it right? So if it breaks when I’m running Bambu Lab firmware, it can’t be my fault since the firmware would have prevented me from doing anything bad, right? Before you argue that last line of thinking, especially if you are technical, think about the silly questions your family has asked about technology, or all the articles you have read about “dumb users doing dumb things”. I’ve spent 35 years in mostly support facing roles and, believe it or not, the average person is going to think like that.

Remember:

When we decided to address the challenges of 3D printing, our goal was to bring it into the average household.

We cannot guarantee nor intentionally block the use of the cloud service for printers with third-party firmware, as the firmware and cloud are closely coupled systems.

While not an explicit pledge not block printers without Bambu Lab firmware, its at least a good start. They very much could block use of their cloud services if they wanted to and I’m kinda surprised they aren’t trying from the beginning.

During the conversation with Joshua, he mentioned that the log file contains a lot of information, although he understands it from a developer’s perspective that engineers often log extensive data to facilitate easy debugging. Following Joshua’s concerns, we thoroughly reviewed our log system and realized the need for improvements. While extensive logging may be necessary during the development phase to debug the system, it’s not necessary on customer printers. In the next firmware update, firmware R, we will refine the log system and remove all debug logs which are not necessary for end-users.
I’ll withhold my judgement until I see what changes they make, but I think the whole log thing is a real miss. It should never have been encrypted in the first place or the end user should have, at least, had full access to the un-encrypted content. Logging is a very complex subject and having professionally be involved in the exact same time of discussions, for much much more expensive hardware and much bigger and sometimes very paranoid customers, I get it.

This does not imply that previously submitted logs infringed upon your privacy. The log file is encrypted, and access to the decrypted logs is strictly controlled – not even our first line support agents have direct access to its contents, getting diagnosis data instead of the raw log content from the system. Furthermore, 14 days after a support ticket is closed, all related log files are deleted from our server.

While I applaud them for stating they remove data, if your first line support folks can’t even see the log contents that certainly implies there is very sensitive information in those logs, which kind of flies in the face of submitted logs not infringing on your privacy.

  • We will release a new firmware (let’s call it firmware R) to allow the installation of the X1 Plus firmware, similar to firmware prior to V1.7.0.0.
  • A dedicated webpage will be set up for customers to sign a waiver of warranty and safety responsibility. Once signed, firmware R will become available to be installed on the printer, enabling third-party firmware installation even if you are already on V1.7.1.0.
    This basically gives everyone their freedom to choose between Bambu Lab firmware and third-party firmware.
  • Future official Bambu Lab firmware releases after firmware R will have new security measures applied to prevent rooting, and we will no longer provide solutions for rooting the new versions of the firmware.

This is a bit of a miss, in my opinion. I’m ok with waving future support. My printer is almost out of warranty anyway so no big deal. Where they missed, in my opinion, is that they should actual put it in the Bambu firmware to initiate the switch. Don’t rely on a security hole to allow installation of 3rd part firmware. Plug the hole and put a deeply buried option to initial the switch.

The other thing I will note is that many of the initial features in the X1PLUS firmware as features that should have been in the printer from the beginning. Bed leveling information, resonance compensation information – there is no reason those should have been available to the user from the start. Same goes for the future diagnostic related features that talk about. The “average” user doesn’t need them, no. But, the average user that is going to be a repeat and long term user of 3d printers will get to the point where that information is useful. I’ll be the first to admit that ever 3d printer power users don’t need ssh access to their printer. That is fully in the realm of tinkerers and experimenters.

1 Like

One other place their arguments miss the mark, in my opinion:

They talk a lot about carefully controlling the environment and that running custom firmware can result in the user doing things that would break their printer or would make it drastically harder for them to debug and support user problems. And yet… they expect this “average user”, who can’t be trusted with complex printer settings, to replace sensitive electronics and mechanical assemblies that require fairly skilled assembly and calibration as part of the support process.

Either the average user is considered skilled enough to work on their printer, which would include adjusting advanced features in addition to replacing parts, or they aren’t in which case Bambu should be doing all the warranty service themselves.

Nice thoughts and well expressed.

As I went through the blog post for the fifth time and then read your comments. There are a couple of items that do give me pause from Bambu’s blog.

The first item was his protestations over being accused of keeping private data in the log files. His arguments ring hollow. If Bambu were concerned about what people truly thought about the log contents, well… the best antidote for that is transparency. If we are this - in his words - “DIY-minded community”, then there should be every reason to make log information visible to the user. In short, by definition, if you’re encrypting data, you are by your very actions trying to hide something. What might you be hiding? in the absence of answers, folks will make up their own theories. Are they wrong???

The other thing that stuck in my brain was the things that were not addressed. OK, so your hand was forced by the community because of the company’s recalcitrance in making firmware accessible. So this memo looks like Bambu is trying to get out in front of the parade and make it look like their leading. It’s a smart move, I’ll give you that. But C’mon now, we aren’t stupid… well… most of us anyway judging by some of the posts. :smile:

However, sincerity is measured not by what you do when people are watching, it’s what you do when people are not watching. A similar definition is used to define character too. If Bambu were in fact sincere about “allowing” rooting, then why not go all in and do it for all printers not just the X1 just because your hand was forced. If that was mentioned in his blog post, I missed it.

N I C E !!!

Brilliantly stated!!! It doesn’t seem like Bambu understands just how hollow and contradictory some of these statements come across. DIYers understand the risks so Bambu should stop patronizing us.