File Transfer via WiFi

xh3dx · November 6, 2020, 8:28am

Great work on this. Thank you. Now i can slice 3D prints in Cura and send to my A350. Love it.

zvalentine22 · November 27, 2020, 10:10pm

And yet another. A filthy hack of a Cura plugin to send to gcode to your Snapmaker. You’re going to have to manually set your IP address in the script. Haven’t really tested it because my laser toolhead is on right now but it seems to be uploading. Feel free to dive into the nightmare that is the under documented Cura/Uranium plugin API and get some sort of interface/settings working. Claim it all as your own. Washing my hands of it
CuraSendToSnapmaker2.zip (2.9 KB)

Melanchrom · November 28, 2020, 8:22am

I fear you still need to confirm on the machine?

zvalentine22 · November 28, 2020, 9:00am

Yes, and it will most likely always be that way for security reasons. You have a 250C heater, a high speed bit, or a laser attached to a rather powerful 3-axis robot. A bad actor with access to your network could easily cause catastrophic damage to the printer or worse.

With the current firmwares it is impossible to not have physical confirmation to initiate a network connection to the printer. It’s rather irresponsible to even be running the machine unattended, although I’m sure we’re all guilty of that.

Believe me I know how annoying it can be to go through the process, but I’d find it pretty troubling if the team decided to changed that. I’ve disassembled and poked through quite a bit of the touchscreen controller software and found some… questionable design choices from a security standpoint. Unless they really overhaul the software or someone comes along and develops a replacement, physical interaction is the best choice.

Melanchrom · November 28, 2020, 6:35pm

I think a data transfer should be possible without confirmation. I’m working with 6-axis industrial robots and you can connect without confirming anything an the robot but you can’t start a program from afar.
So I don’t think there are any safety issues if you’ve got a ftp server on the machine for example.

brent113 · November 28, 2020, 8:02pm

If the developers ever release the source that would be possible. Until then, it’s going to require confirmation. Perhaps you could submit an issue on github, or open a support ticket or something? No one else has been able to get a response from the developers regarding that.

zvalentine22 · November 28, 2020, 8:02pm

Absolutely. But as it stands currently, uploading files and full control of the machine are accessed through the same unencrypted REST API. The only thing that grants a single user access is an also unencrypted token exchange, verified by physical access to the touchscreen. If they simply removed that, anyone would have full control of the machine. It’s a terrible system and there are very obvious, very large security issues with the Snapmaker 2.0

zauguin · November 28, 2020, 8:13pm

Specifically for the Touchscreen, I think the bigger issue than releasing the source code is the need for an update system which does not require a signature from Snapmaker.

brent113 · November 28, 2020, 8:17pm

Right. Maybe we could convince them to lengthen the token lifetime to 90 days. Then the script wouldn’t require reauth every time, and could reuse tokens.

Melanchrom · November 28, 2020, 9:03pm

I don’t want unrestricted access to the machine without confirmation. I’d rather like a second channel without identification for filetransfer and perhaps some remote monitoring if it is working in my workshop in its enclosure.

zvalentine22 · November 28, 2020, 10:05pm

@brent113 Or just SSL and you know…a password

So a token gets invalidated when a disconnect request is made, and when a new connection is confirmed on the touchscreen. I guess I always assumed the token was tied to the ip address of the computer that initiated the connection. I just checked and it turns out as long as you have the token, any ip address can issue commands. So the token actually is useless.

zvalentine22 · November 29, 2020, 12:38am

If someone wanted to request changes to the way the api/security is handled, you may also want to include some of the more alarming issues. Maybe you’ll get a quicker response.

With the laser tool attached the following endpoints can be accessed WITHOUT a verified token:

/api/request_capture_photo?index=1&x=0&y=0&z=10&feedRate=0
[GET] will move the (un-homed) tool head to coordinates XYZ and capture a photo to the index number

/api/get_camera_image?index=1
[GET] will return the photo captured at the index number

/api/v1/camera_calibration_photo
[GET] will return the photo captured at index 0

/api/v1/camera_take_photo
[POST] will take and return a photo captured at the current location

The first three you can test out right in your browser, just be especially mindful of the Z coordinate. The head travels to Z first and then to XY. Assuming a printer ip address of 192.168.0.55:
http://192.168.0.55:8080/api/request_capture_photo?index=1&x=30&y=30&z=30&feedRate=0
and then http://192.168.0.55:8080/api/get_camera_image?index=1

Perhaps if they are busy putting these behind the token access they could enable SSL/TLS as well or expose /api/v1/upload

pwvandeursen · January 26, 2021, 10:53am

tested CuraSendToSnapmaker by Zvalentine22,

but unfortunately it gives the below error:

If I save to file, load the gCode to Luban and then send over wifi there, it does work

Razor1990 · January 26, 2021, 5:06pm

pwvandeursen · January 27, 2021, 8:06pm

that works perfectly!!

halr9000 · February 4, 2021, 10:29pm

@brent113 slightly related to above server.js conversation

github.com

Snapmaker/Luban/blob/767fdd048eb1c141ce539dd2f12aeb076ab9582d/src/app/flux/machine/Server.js

import request from 'superagent';
import events from 'events';
import { MACHINE_HEAD_TYPE, MACHINE_SERIES, WORKFLOW_STATUS_IDLE, WORKFLOW_STATUS_UNKNOWN } from '../../constants';
import { valueOf } from '../../lib/contants-utils';

/**
 * Server represents HTTP Server on Snapmaker 2.
 */

const isNotNull = (value) => {
    return value !== null && value !== undefined;
};

export class Server extends events.EventEmitter {
    statusTimer = null;

    errorCount = 0;

    gcodeInfos = [];

This file has been truncated. show original

Where do you believe this runs? On the screen? I don’t think it runs on the FreeRTOS controller where Marlin and CAN bus code runs, right? I suppose you could run NodeJS there, but I don’t think they are. Browsing through all the repos, I don’t see the screen Android code anywhere, hence my guess. Thoughts?

brent113 · February 4, 2021, 10:46pm

That’s luban. It runs on your computer and talks to the touchscreen.

halr9000 · February 4, 2021, 11:34pm

Yup I know, but I’m trying to figure out what’s hosting the server side: controller or screen.

Now that I think about it it doesn’t matter because the guy on Facebook is trying to do something weird that I don’t think makes sense so I don’t really care anymore! But I am curious if you know the answer.

brent113 · February 5, 2021, 12:05am

The server part of the JavaScript is to talk to the touch screen over Wi-Fi. I believe there’s a separate part of the lube and code base that handles the serial connection.

CestLaGalere · July 15, 2021, 10:31am

If I try this, I get
Click YES on printer screen to continue…
however nothing appears on the touch screen…
If I add
C:\windows\System32\curl.exe -s http://%PRINTERIP%:8080/api/v1/status?token=%TOKEN% to see the actual returned results, I get:
Machine is not connected yet.
Is there a touchscreen setting to allow connections?
Thanks

Topic		Replies	Views
Using Cura, How best to send GCode to Snapmaker? Snapmaker 2.0	9	6312	May 23, 2021
CNC File Transfer via WIFI Snapmaker 2.0	7	163	January 1, 2024
Sending g-code then printing changed Snapmaker Luban	3	661	June 24, 2021
Send to device via USB Getting Started	6	2256	March 7, 2021
Laser modele doesn't transfer with Wi-Fi Snapmaker Luban	6	448	December 7, 2020

File Transfer via WiFi

Related Topics