If you really need additional GPIO, you should be able to e.g. use an additional RPi Pico for that and add it as a secondary MCU then.
1 Like
My plan is manta m5p (m4p will be fine too, I just had m5p already) with cm4. One accelerometer goes there. I plan to replace print head and use ebb42 (over can) which already has accelerometer inbuilt.
I already designed a very specific carriage for seleced extruder, the only thing that remains is the fan sleeve for part cooling. But I lack time to finish
1 Like
excited to see your updates.
Great work on the most ethical way to raise awareness of these issues. I am interested to see more tools become available. It would be ideal to have root access on firmwares above 3.0.3.
I’m not sure what you’re referring to. We found a critical system vulnerability and reported it to Anycubic email. Root access is available for versions 2.3.9 and above, but it’s not publicly accessible yet. Currently, we’re focused on enhancing printer functionality through the native app. Running Klipper at the moment isn’t feasible.
He’s probably referring to the “hacked_machine_readme.gcode” incident from yesterday and assumes that it was done by you.
Btw: I replied to AC’s mod and linked to your statement above where you wrote they have been informed about two critical security issues and didn’t reply - might be that they’ll try to get in touch now to finally fix the problems. Fingers crossed…
Nice one.
My sympathy is limited. Anyone who intentionally or unintentionally puts their printer on the Internet deserves the “Bot-Net-Member-Of-The-Month” award.
It’s just a shame when it’s forcibly awarded to an unsuspecting user by the manufacturer.
2 Likes
Despite the incorrect assumption, I must admit, that worm is undeniably adorable.
As time goes by, more and more people would come to discover security issues with these printers. It is in the public interest that the problem be resolved as quickly as possible before malicious individuals do irreparable harm to ordinary users.
To assume that this or that person once said something and necessarily did it is completely wrong.
How can you disable mqtt etc. from ssh? I use scp to send files to the printer so I want LAN
Just to make it clear: I did NOT assume that it was @Dump who did that!
I was referring to the answer of @neelands who wrote “ Great work on the most ethical way to raise awareness of these issues.” to @Dump.
And since @Dump didn’t know what @neelands was referring to, I wrote “He’s probably referring to the “hacked_machine_readme.gcode” incident from yesterday and assumes that it was done by you.”.
So, again: I personally never assumed at any time that it was done by @Dump!
2 Likes
Resolving the issues highlighted is crucial, especially for the security of any Anycubic user.
Direct contact was established between the individual who discovered the bug and Anycubic.
This person, generously offered free support to help fix their cloud issues by providing them with the opportunity to engage in a conversation, along with sharing the code he used to exploit their MQTT API, so it’s expected that everything will be fixed in a very short time.
As an Anycubic customer myself, I earnestly hope that these security flaws will be addressed promptly, and the cloud service to be restored with an additional layer of security. This situation should serve as a lesson for all, particularly for manufacturers (not exclusively Anycubic), who should prioritize ensuring the safety of their products before rushing them to market. Weeks ago, I saw a post from a Creality user claiming they could access other people’s webcams. This is alarming and raises serious security concerns.
A text file containing an ASCII worm cannot cause any harm besides freaking out some users. However, imagine if this vulnerability had been discovered by a malicious actor. They could potentially exploit it to dangerous ends, such as activating the extruder at the maximum temperature, halting the cooling fans, or even causing a fire in your home.
If I were at Anycubic, I would have opted for an open-source software instead of a closed firmware riddled with security flaws.
This is a great opportunity for Anycubic to demonstrate their commitment to customer care. It’s a chance to enhance their product’s quality and safety. While their machines are structurally well-built for the cost, the software urgently needs revision. Many of us still believe they have the potential to excel in this hobby.
The ball is in your hands Anycubic.
6 Likes
Hi, I’ve mailed anycubic about the security issue and the need to use the anycubic cloud.
Here’s the answer:
#################################################################
I hope this email finds you well.
The new firmware will addresses the issue you’ve encountered, is currently undergoing final refinements and will be available for download on the Anycubic official website starting from March 5th.
Furthermore, we have also incorporated the development of the local network control feature for managing printers into our ongoing projects. We appreciate your patience and eagerly anticipate its release.
Thank you for your understanding and continued support as we work to enhance our products and provide you with the best possible experience.
Should you have any questions or require further assistance, please feel free to contact us.
Best Regards,
ANYCUBIC Team
##################################################################
So it seems anycubic is working on a solution to print via network without the need of the anycubic cloud.
2 Likes
Hi. Maybe it’s not relevant but I found this:
Maybe we can use that to interface with the dsp?
It is a lot of work. Maybe if someone has the time.
Let see how much AC are willing to be open to their customers. They started from completely closed source software and proprietary cloud service. Curios to see how far they can go and how long it will take to have any significant move in the right (for us) direction.
1 Like
I also requested LAN in my emails,
thank you and everyone who reached out to them!
I feel like the newer kobra 2 series are a step backwards from this, my kobra 2 (standard model) at least allows you to use octoprint with it, albeit in a limited capacity.
There is no such compatibility for the kobra 2 max, or the other offerings in the kobra 2 lineup.
The 3 models Pro, Plus and Max are base on more advanced chip set with ARM and DSP cores. It should be better as hardware compared to the standard 2 model. Unfortunately, they didn’t make any efforts to be compatible to the supported hardware by klipper, etc. 3rd party extensions. And this will stay true until AC decide to make it open source or at least to provide API for external control of the basic functions of the hardware needed to be connected to our external software. Long waiting, if ever happen.
Update urls:
https://cdn.cloud-universe.anycubic.com/ota/prod/20023/AC104_k2MAX_V3.1.0.bin
https://cdn.cloud-universe.anycubic.com/ota/prod/20021/AC104_k2PRO_V3.1.0.bin
https://cdn.cloud-universe.anycubic.com/ota/prod/20022/AC104_k2PLUS_V3.1.0.bin
If you are on 3.0.9 you will need to install 3.0.3 first and then you can receive the 3.1.0 update.
Don’t know why they did this.
would it be possible to keep root when installing this somehow or is someone working on it?
I love sending files over LAN(scp), I have already blocket it from accessing the internet(on my router, but it now messes up file order because it has no time server anymore) so I am not in a rush 