Bambu Labs X1-Carbon 3D Printer log files
Exporting log files
On the X1-Carbon, you have the ability to export log files to a microSD card:
- Tap the bolt icon (4th from the top)
- Choose the “General” tab (between “Account” and “Network”)
- Choose Export Log to MicroSD Card (between “Device info” and “Restore Factory Settings”)
Then, remove the SD card from the device, and look at it’s “export” folder.
The tar file
The export folder will contain a single encrypted tar file. It’s file size varies depending on the size of the logs included.
It’s filename will look something like: 00M09A383000782_all_20231015011234_enc.tar
The first sequence is the 15-character “Device info” string, from the Settings menu. This seems to be a device-specific value.
The last sequence is the date timestamp, in the format: YYYYMMDDHHmmss
Digging deeper
If the enc suffix didn’t already tell you the file was encrypted, you might’ve assumed it was a regular tar file and tried to extract it.
If you did, you’d get this disappointing error:
$ tar -tvf 00M09A383000782_all_20231015011234_enc.tar
tar: This does not look like a tar archive
tar: Skipping to next header
tar: Exiting with failure status due to previous errors
Encrypted tar files are tricky. Even file on Linux can’t identify the file type:
$ file 00M09A383000782_all_20231015011234_enc.tar
00M09A383000782_all_20231015011234_enc.tar: data
I even tried to using TrID, which uses better sources than the Unix magic file – it wasn’t happy either:
$ ~/Downloads/trid 00M09A383000782_all_20231015011234_enc.tar
trid: loadlocale.c:129: _nl_intern_locale_data: Assertion `cnt < (sizeof (_nl_value_type_LC_TIME) / sizeof (_nl_value_type_LC_TIME[0]))' failed.
[1] 1307001 IOT instruction (core dumped) ~/Downloads/trid 00M09A383000782_all_20231015011234_enc.tar
I started trying to look for clues inside of the file itself, using strings. I didn’t find any clues, there wasn’t any output that matched against an English corpus, and searching for the device info or even just “Bambu” didn’t have any results.
The next step was trying to look at the raw file bytes:
00000000 b2 d7 41 c4 c4 93 d9 e4 ee a5 0e 4b 79 5b 0e bc |..A........Ky[..|
00000010 30 88 3f 88 cf a0 c3 54 d6 8f dc 80 9d 84 ba d7 |0.?....T........|
00000020 c0 9d 64 9b c3 7e fe b8 f5 81 8f 98 a2 b3 44 a0 |..d..~........D.|
00000030 dc b6 f4 1d 98 db 3a 63 30 b0 e3 96 e8 45 d5 74 |......:c0....E.t|
00000040 77 ea 68 e7 b8 cd cd 0d 6a ee c1 52 d4 f2 ba be |w.h.....j..R....|
00000050 86 c6 d0 fd f9 1c 48 49 69 45 86 33 32 a1 ab 99 |......HIiE.32...|
00000060 e0 fd 18 58 65 90 49 33 65 9a dc fd 21 60 18 07 |...Xe.I3e...!`..|
00000070 b8 84 3c e3 3e e9 1a 5c b0 60 4c 84 84 06 87 30 |..<.>..\.`L....0|
00000080 34 92 7c 2e 51 0f e2 86 1d e8 42 2b e9 70 c7 9a |4.|.Q.....B+.p..|
00000090 75 cc 3b e4 dc 10 35 64 3a 9f 66 43 86 98 68 3f |u.;...5d:.fC..h?|
000000a0 ad b0 18 01 7d dd 9a 94 6b 35 90 ec f5 7b 05 cb |....}...k5...{..|
And if you compare the file’s magic bytes against a regular (unencrypted tar), you can see the difference:
(Regular)
00000300 00 75 73 74 61 72 00 30 30 00 00 00 00 00 00 00 |.ustar.00.......|
versus encrypted
00000300 88 4a 85 2e 07 fb e5 ec 27 13 fe dd 98 34 83 a6 |.J......'....4..|
The next thing I tried was creating a second log file, and comparing the difference between the two.
This shows that the first 80 bytes between any two log files are the same, but unfortunately that’s where the differences, and my search, ends.
Contributions
I’ll be regularly updating this post as new discoveries come to light. If you have any suggestions, or would like to view my log files, email me.
Leave a comment