bambu-connect

latest exe: https://public-cdn.bblmw.com/upgrade/bambu-connect/bambu-connect-beta-win32-x64-v1.0.4_4bb9cf0.exe
extracts into %LOCALAPPDATA%\bambu_connect
- electron app 😮‍💨

generates 100 1gb files to be annoying (asarmor?):

npx @electron/asar extract app.asar <dest dir>

asarmor confirmed from windows build:

C:\Users\ci.slave\zadig\bambu-connect\windows\291\windows-windows-default\bambu-connect\node_modules\asarmor\build\Release\main.pdb; len=132

malasarkey

```
npx @electron/asar list ./app.asar
```

many garbage files, but the relevant ones:

/.vite/build/main.js
/.vite/build/main.node
/.vite/build/preload.js

asarmor decrypt process includes GetKey / GetKeyArray as per asarmor main.cpp - decryption key located in main.node file.
obfuscated heavily in the windows version, not so much in the macos version:
- rizin -> string search -> GetKey():
```
b0ae6995063c191d2b404637fbc193ae10dab86a6bc1b1de67b5aee6e03018a2 ; lol. lmao even.
```

can use asarfix to extract the files from the .asar with that key:

npx asarfix -k b0ae6995063c191d2b404637fbc193ae10dab86a6bc1b1de67b5aee6e03018a2 -o app-fixed.asar app.asar
npx asar extract app-fixed.asar unpack

files in unpack/.vite/:
- main.js -> our target
- preload.js - irrelevant

current

values are rc4-encrypted, key(s) obviously in the code. function lt() and co. handles decryption:

function cy() { ... } // snipped for readability.

function ure(t, e)
{
	let r = [],
		n = 0,
		i, s = "",
		o;
	for (o = 0; o < 256; o++) r[o] = o;
	for (o = 0; o < 256; o++) n = (n + r[o] + e.charCodeAt(o % e.length)) % 256, i = r[o], r[o] = r[n], r[n] = i;
	o = 0, n = 0;
	for (let l = 0; l < t.length; l++) o = (o + 1) % 256, n = (n + r[o]) % 256, i = r[o], r[o] = r[n], r[n] = i, s += String.fromCharCode(t[l] ^ r[(r[o] + r[n]) % 256]);
	return s
}

function lt(t, e)
{
	const r = cy(); // see above.

	return lt = function (n, i)
	{
		n = n - 106;
		let s = r[n];
		return s = ure(s, i), decodeURIComponent(s)
	}, lt(t, e)
}

api key (rc4 key: 1o9B): GLOF3813734089-524a37c80000c6a6a274a47b3281

certificate (rc4 key: NPub):

{
    "name": "\/CN=service.bambulab.com",
    "subject": {
        "CN": "service.bambulab.com"
    },
    "hash": "5293345e",
    "issuer": {
        "CN": "application_root.bambulab.com"
    },
    "version": 2,
    "serialNumber": "0x1A95F6E871327189DA682505C09AFC17F50F0992",
    "serialNumberHex": "1A95F6E871327189DA682505C09AFC17F50F0992",
    "validFrom": "240726015227Z",
    "validTo": "340724015227Z",
    "validFrom_time_t": 1721958747,
    "validTo_time_t": 2037318747,
    "signatureTypeSN": "RSA-SHA256",
    "signatureTypeLN": "sha256WithRSAEncryption",
    "signatureTypeNID": 668,
    "purposes": {
        "1": [
            true,
            false,
            "sslclient"
        ],
        "2": [
            true,
            false,
            "sslserver"
        ],
        "3": [
            true,
            false,
            "nssslserver"
        ],
        "4": [
            true,
            false,
            "smimesign"
        ],
        "5": [
            true,
            false,
            "smimeencrypt"
        ],
        "6": [
            false,
            false,
            "crlsign"
        ],
        "7": [
            true,
            true,
            "any"
        ],
        "8": [
            true,
            false,
            "ocsphelper"
        ],
        "9": [
            false,
            false,
            "timestampsign"
        ]
    },
    "extensions": {
        "basicConstraints": "CA:FALSE",
        "keyUsage": "Digital Signature, Key Encipherment, Data Encipherment, Key Agreement",
        "subjectKeyIdentifier": "6F:F1:47:62:7C:93:FB:E6:A2:01:C6:E1:99:0B:03:20:CC:3F:0B:E9",
        "authorityKeyIdentifier": "DirName:\/C=CN\/O=BBL Technologies Co., Ltd\/CN=BBL CA\nserial:1A:95:F6:E8:71:32:71:89:DA:68:25:05:C0:9A:FC:17:F5:0F:09:88\n"
    }
}

private key (rc4 key: Tlj0):

certificate chain (rc4 key: FT2A):

{
    "name": "\/O=GLOF3813734089-524a37c80000\/CN=GLOF3813734089-524a37c80000",
    "subject": {
        "O": "GLOF3813734089-524a37c80000",
        "CN": "GLOF3813734089-524a37c80000"
    },
    "hash": "ca0547fe",
    "issuer": {
        "CN": "GLOF3813734089.bambulab.com"
    },
    "version": 2,
    "serialNumber": "0xEE3CAC0712CEEACDA8B7FBC42E74BA2C",
    "serialNumberHex": "EE3CAC0712CEEACDA8B7FBC42E74BA2C",
    "validFrom": "241211092920Z",
    "validTo": "251212092920Z",
    "validFrom_time_t": 1733909360,
    "validTo_time_t": 1765531760,
    "signatureTypeSN": "RSA-SHA256",
    "signatureTypeLN": "sha256WithRSAEncryption",
    "signatureTypeNID": 668,
    "purposes": {
        "1": [
            true,
            false,
            "sslclient"
        ],
        "2": [
            true,
            false,
            "sslserver"
        ],
        "3": [
            true,
            false,
            "nssslserver"
        ],
        "4": [
            true,
            false,
            "smimesign"
        ],
        "5": [
            true,
            false,
            "smimeencrypt"
        ],
        "6": [
            false,
            false,
            "crlsign"
        ],
        "7": [
            true,
            true,
            "any"
        ],
        "8": [
            true,
            false,
            "ocsphelper"
        ],
        "9": [
            false,
            false,
            "timestampsign"
        ]
    },
    "extensions": {
        "keyUsage": "Digital Signature, Key Encipherment, Data Encipherment, Key Agreement",
        "basicConstraints": "CA:FALSE",
        "subjectKeyIdentifier": "DB:33:A7:5B:7C:6B:BB:A3:AA:35:21:4E:7D:43:20:F3:31:C7:B1:8F",
        "authorityKeyIdentifier": "keyid:C2:C9:D1:2D:2E:E9:92:DA:99:27:03:19:A3:3A:2C:D3:1C:AC:08:9B\n"
    }
}
{
    "name": "\/CN=GLOF3813734089.bambulab.com",
    "subject": {
        "CN": "GLOF3813734089.bambulab.com"
    },
    "hash": "d81594bf",
    "issuer": {
        "CN": "application_root.bambulab.com"
    },
    "version": 2,
    "serialNumber": "0x1A95F6E871327189DA682505C09AFC17F50F0994",
    "serialNumberHex": "1A95F6E871327189DA682505C09AFC17F50F0994",
    "validFrom": "240802090520Z",
    "validTo": "340731090520Z",
    "validFrom_time_t": 1722589520,
    "validTo_time_t": 2037949520,
    "signatureTypeSN": "RSA-SHA256",
    "signatureTypeLN": "sha256WithRSAEncryption",
    "signatureTypeNID": 668,
    "purposes": {
        "1": [
            true,
            true,
            "sslclient"
        ],
        "2": [
            true,
            true,
            "sslserver"
        ],
        "3": [
            true,
            true,
            "nssslserver"
        ],
        "4": [
            true,
            true,
            "smimesign"
        ],
        "5": [
            true,
            true,
            "smimeencrypt"
        ],
        "6": [
            true,
            true,
            "crlsign"
        ],
        "7": [
            true,
            true,
            "any"
        ],
        "8": [
            true,
            true,
            "ocsphelper"
        ],
        "9": [
            false,
            true,
            "timestampsign"
        ]
    },
    "extensions": {
        "basicConstraints": "CA:TRUE, pathlen:1",
        "keyUsage": "Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign",
        "subjectKeyIdentifier": "C2:C9:D1:2D:2E:E9:92:DA:99:27:03:19:A3:3A:2C:D3:1C:AC:08:9B",
        "authorityKeyIdentifier": "DirName:\/C=CN\/O=BBL Technologies Co., Ltd\/CN=BBL CA\nserial:1A:95:F6:E8:71:32:71:89:DA:68:25:05:C0:9A:FC:17:F5:0F:09:88\n"
    }
}

{
    "name": "\/CN=application_root.bambulab.com",
    "subject": {
        "CN": "application_root.bambulab.com"
    },
    "hash": "72042fda",
    "issuer": {
        "C": "CN",
        "O": "BBL Technologies Co., Ltd",
        "CN": "BBL CA"
    },
    "version": 2,
    "serialNumber": "0x1A95F6E871327189DA682505C09AFC17F50F0988",
    "serialNumberHex": "1A95F6E871327189DA682505C09AFC17F50F0988",
    "validFrom": "240529025457Z",
    "validTo": "340527025457Z",
    "validFrom_time_t": 1716951297,
    "validTo_time_t": 2032311297,
    "signatureTypeSN": "RSA-SHA256",
    "signatureTypeLN": "sha256WithRSAEncryption",
    "signatureTypeNID": 668,
    "purposes": {
        "1": [
            true,
            true,
            "sslclient"
        ],
        "2": [
            true,
            true,
            "sslserver"
        ],
        "3": [
            true,
            true,
            "nssslserver"
        ],
        "4": [
            true,
            true,
            "smimesign"
        ],
        "5": [
            true,
            true,
            "smimeencrypt"
        ],
        "6": [
            true,
            true,
            "crlsign"
        ],
        "7": [
            true,
            true,
            "any"
        ],
        "8": [
            true,
            true,
            "ocsphelper"
        ],
        "9": [
            false,
            true,
            "timestampsign"
        ]
    },
    "extensions": {
        "basicConstraints": "CA:TRUE, pathlen:2",
        "keyUsage": "Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign"
    }
}

certificate revocation list (crl) (rc4 key: x077):

SERIAL: 0x00C0A9C6F72EF068439BCA378CBEAE80B1
REVOKED AT: 2024-12-20 07:38:44
REASON: Unspecified

SERIAL: 0x00F0D69EF2F926C53B632A27704A7CCA7B
REVOKED AT: 2024-12-19 08:02:45
REASON: Unspecified