Rooted: The Good the Bad and Freedom of Choice

As many of our customers may have already noticed, there is a third-party firmware being developed by the X1 Plus team, which has become a hot topic in the community. Our first awareness of this firmware was through some Youtube videos, which led to my last blog post. Initially, we were shocked to discover a loophole in the firmware that allowed the printer to be jailbroken, and we were uncertain about the intentions of those behind this hack.

Last week, the X1 Plus team approached our members to express their good intentions, but we remained cautious as we did not know them. Subsequently, Michael Laws (AKA Teaching Tech) and Joel Telling (AKA 3D Printing Nerd) communicated with us, sharing their observations about the X1 Plus team and encouraging me to talk directly with the leading developer of X1 Plus, Joshua. We had our first Zoom call last Saturday and many emails afterwards.

Before discussing our proposed plan for this situation, I want to briefly explain Bambu Lab's overall vision and strategy.

When we decided to address the challenges of 3D printing, our goal was to bring it into the average household. We debated whether to follow a Raspberry Pi model or adopt an approach like Apple.

In the end, we chose to build a closed and proprietary system, understanding this would bring its own set of challenges, including development difficulties and potentially disappointing customers in this DIY-spirited community.

The entire ecosystem, including hardware and software, was designed under the assumption it would be closed, with Bambu Lab having full control over its evolution, except for the slicer, as it used open-source code.

Is the Apple way the right approach? It's too early to tell, but it's the path we've chosen, and we intend to stay on it.

Having control over the printer hardware and software allows us to ensure a quality standard which is set to serve as a baseline. Future updates can build upon the baseline bringing improvements to the software by adding new features and patches to security issues or bugs. It also makes the troubleshooting process for certain problems easier and faster, which greatly helps on the customer support side.

Opening the system with Root access would provide everyone the possibility of adjusting settings they might not understand completely, potentially causing problems that are hard to replicate and solve. While we fully recognize that a small percentage of users are enthusiasts that know what they are doing, there will always be a significantly higher percentage of users that will not, leading to bad 3D printing experiences and inaccurate feedback shared online.

Regarding the X1 Plus firmware, my discussion with Joshua was very pleasant, leading me to conclude he is talented developer with no ill intentions. I respect his skills and, if in his position at a younger age, would likely have done the same. My very first code, through which I learned C language, was a digitalized Enigma machine to encrypt and decrypt SMS.

It's a dream for hardware vendors to have enthusiastic developers interested in their products. However, we face a dilemma we both admitted. While we appreciate what X1Plus team has done, leaving a security loophole open is not ideal, nor was allowing all the printers being rooted.
Once rooted, it becomes signifficantly more difficult for Bambu Lab to provide troubleshooting and customer support, or take responsibility for printers not running our firmware. After all, the majority of our customer base are those who enjoy the closely integrated system and focus on printing instead of tinkering with printers.

Patching the loophole means some customers will no longer be able to install the X1 Plus firmware as they wish. Joshua proposed that we could set up a system to allow users to make their choice and take the corresponding responsibilities for their decision. After discussing with Joshua, we both returned to our teams to evaluate potential solutions and here is our proposal:

We will give customers the choice to install third party firmware and root system at their own risk.
This choice comes with certain costs in the form of giving up the support of the official software ecosystem which we hope everyone understands:

1. Installing non-official firmware means customers waive official support expectations and take full responsibility for their own printer's security and safety.
2. We cannot guarantee nor intentionally block the use of the cloud service for printers with third-party firmware, as the firmware and cloud are closely coupled systems.
3. We will release a new firmware (let's call it firmware R) to allow the installation of the X1 Plus firmware, similar to firmware prior to V1.7.0.0.
4. A dedicated webpage will be set up for customers to sign a waiver of warranty and safety responsibility. Once signed, firmware R will become available to be installed on the printer, enabling third-party firmware installation even if you are already on V1.7.1.0.
   This basically gives everyone their freedom to choose between Bambu Lab firmware and third-party firmware.
5. Future official Bambu Lab firmware releases after firmware R will have new security measures applied to prevent rooting, and we will no longer provide solutions for rooting the new versions of the firmware.
6. We will try our best to allow users with third-party firmware to revert to the OEM Bambu Lab Official Firmware, but there is no guarantee for this, simply because we do not control the third-party firmware and its functionality. We will cooperate with the X1 Plus team as much as possible to allow this. However, your warranty and support will not be reinstated after switching back to Bambu Lab Official Firmware.

In short, we will provide a one-way ticket for customers to choose between Bambu Lab OEM firmware and third-party firmware. This solution isn't perfect, and not everyone will be satisfied, but it is feasible and makes sense before we launch APIs and SDKs for third-party developers, which were already on our roadmap. We will have official support for third-party apps or plugins down the road, but all the infrastructures take time and careful development work.

We hope this short-term arrangement gives our customers the freedom to decide for themselves and allows Bambu Lab to carry out our strategy to the mass market, like many other hardware vendors. Please allow us some time, probably two to three weeks, to implement all the necessary tools, including the firmware, the confirmation page, and legal consultations. We will share an announcement when this becomes available.

During the conversation with Joshua, he mentioned that the log file contains a lot of information, although he understands it from a developer's perspective that engineers often log extensive data to facilitate easy debugging. Following Joshua's concerns, we thoroughly reviewed our log system and realized the need for improvements. While extensive logging may be necessary during the development phase to debug the system, it's not necessary on customer printers. In the next firmware update, firmware R, we will refine the log system and remove all debug logs which are not necessary for end-users.

This does not imply that previously submitted logs infringed upon your privacy. The log file is encrypted, and access to the decrypted logs is strictly controlled – not even our first line support agents have direct access to its contents, getting diagnosis data instead of the raw log content from the system. Furthermore, 14 days after a support ticket is closed, all related log files are deleted from our server.

I would like to extend my gratitude to Michael Laws and Joel Telling. Your explanations and introductions played a crucial role in facilitating the discussion between the X1Plus team and Bambu Lab. Without your assistance, this conversation might not have occurred, and we would still be navigating through the unknowns.