The Bambu Connect Electron App is criticized for being insecure due to relying on Security through Obscurity principles. For those curious, instructions are provided to extract the private key stored by Bambu in the app from the MacOs .dmg file. Attempting to extract the key without following the decryption steps correctly will result in encrypted files and decoy content. The process involves using tools like Ghidra, fixing the archive with npm package asarfix, and carefully extracting the cleartext. Further obfuscation is mentioned for extracting certs and the private key, revealing a Python reimplementation method to access Bambu Lab’s secrets.
https://wiki.rossmanngroup.com/wiki/Reverse_Engineering_Bambu_Connect