1. Got a question or need help troubleshooting? Post to the troubleshooting forum or Search the forums!

Simplify3D / Octoprint - GCode Direct to Octoprint Setup

Discussion in 'Software' started by LumpyDVC, Apr 5, 2016.

Thread Status:
Not open for further replies.
  1. LumpyDVC

    LumpyDVC New Member

    Joined:
    Dec 25, 2015
    Messages:
    23
    Likes Received:
    15
    Hey All,

    Found this nifty workaround on the Simplify3D forums for automating the sending
    of GCode directly to your Octoprint setup. No more saving the file and drag/dropping
    it around. Simply click "Save Toolpaths to Disk" in S3D as usual, pick your file name,
    and save. Your GCode file will appear in OctoPrint.

    If you're like me and not very savvy with Linux this is a perfect easy workaround rather
    than dealing with programs such as Samba.

    You will need the following:
    Simplify3D installed
    Octoprint installed
    cURL - Visit https://curl.haxx.se/download.html

    Grab the Windows package that best matches your system. (eg. Win64 7.48 SSL SSH)
    Extract and copy the following (2) files (located in Bin directory) to a directory in your Windows
    Path. (eg. C:\windows)

    cURL.exe
    libcurl.dll

    In Simplify3D go to:

    - Edit Process Settings -> Scripts

    At the very bottom there is a box titled "Post Processing"

    Add the following command line to the box titled "Addidional Terminal Commands for Post Processing"

    curl -k -H "X-Api-Key: 1111111222222233333444455555" -F "select=false" -F "print=false" -F "file=@[output_filepath]" "http://octopi.local/api/files/local"

    ** You need to insert your specific API key into the command line. You can find it in OctoPrint ->Settings -> API **

    You can sub the IP address of your Pi in place of octopi.local if you wish.

    Anyhoo, Hope this helps anyone out there running Octoprint with S3D. Sure makes
    it more smooth of a process. I don't take credit for this workaround just think it is very
    helpful..

    Lumpy
     
    #1 LumpyDVC, Apr 5, 2016
    Last edited: Apr 5, 2016
  2. Michael Keyser

    Michael Keyser New Member

    Joined:
    Sep 14, 2016
    Messages:
    14
    Likes Received:
    4
    Nice... Thank you for this!
     
  3. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    Note that if you use this approach, Simplify3D will embed your API key into gcode files underneath the "postProcessing" line. Anyone with public access to OctoPrint can then download the gcode files even without logging in, which will grant them access to the API key. This will then grant them full control of the OctoPrint instance.

    If your OctoPrint instance is not publicly exposed, you should be okay. But if your OctoPrint instance is publicly exposed (i.e. to a network or the Internet), this is something you should be aware of.
     
    mark tomlinson likes this.
  4. daniel871

    daniel871 Well-Known Member

    Joined:
    Apr 18, 2015
    Messages:
    1,174
    Likes Received:
    435
    Anybody that doesn't change the root password/login on their Octopi installation deserves whatever they get, because the worst that will happen is some prankster will tell your printer to print a Dickbutt.
     
    Rigmarol likes this.
  5. danzca6

    danzca6 Well-Known Member

    Joined:
    Jul 27, 2015
    Messages:
    2,112
    Likes Received:
    1,052
    I think it can get worse than that. They can control the temps of your printer and such and could cause a fire in the worst case.
     
  6. daniel871

    daniel871 Well-Known Member

    Joined:
    Apr 18, 2015
    Messages:
    1,174
    Likes Received:
    435
    Only if you did a bad job setting up the firmware/are using a printer that has certain firmware safeguards disabled.
     
    Rigmarol and mark tomlinson like this.
  7. danzca6

    danzca6 Well-Known Member

    Joined:
    Jul 27, 2015
    Messages:
    2,112
    Likes Received:
    1,052
    I'm just saying it is possible. And if you leave your network unsecure you probably someone that could leave other safeguards off as well. Just a worst case scenario but obviously not a high percentage of risk for most users.
     
  8. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    You missed the point of my comment. Anyone who can see the OctoPrint interface can download gcode files, you don't need the root password to download gcode files. And since the gcode files will have the API key embedded in it, anyone who can see the OctoPrint interface can then get your API key. And the API key is the only thing that is needed to then control the OctoPrint interface, you don't need the root password for that either.
     
    Rigmarol likes this.
  9. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    Let me be more clear about the vulnerability. Open your web browser and go to whatever local IP address your OctoPrint server is running at. If you are logged into the OctoPrint page, log out of it. Notice how you can still download the gcode files even after you logout? That means that anyone with access to that page can download your gcode files and gain access to your API key. Then once they have access to your API key, they can do virtually anything within OctoPrint.
     
    Rigmarol likes this.
  10. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    Telling the printer to extrude the entire roll of filament wouldn't be something that the firmware/printer would know to prevent, but it would still be malicious and can damage the printer if enough filament wraps itself around the hotend.
     
    Rigmarol likes this.
  11. daniel871

    daniel871 Well-Known Member

    Joined:
    Apr 18, 2015
    Messages:
    1,174
    Likes Received:
    435
    Run a search under Configuration.h for "#define PREVENT_LENGTHY_EXTRUDE". I'll wait.

    The result of having that enabled is that the printer will not allow any single extrusion move that would produce a longer line than the maximum X/Y travel distance that is defined in the firmware.

    Do you not know how to properly set up a VPN? Literally every problem you've brought up is solved on that side of things.
     
  12. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    Man, so hostile for no particular reason

    So easy to work around, make thousands of 1mm extrusion requests where each one moves the nozzle 1mm. With the API key, it would be trivial to write a script that would do it readily. Or upload and print a gcode file that does an extremely large print that consumes the entire filament roll where the nozzle moves horizontally, but stays at the same vertical distance above the build plate. Same end result.

    And if you think this is the only way to ruin a printer, you're not being very imaginative. Imagine uploading and printing a gcode file that prints a solid cube, and then repeatedly jams the hotend into the top/sides of the solid cube at maximum torque and as many times as possible. Go find a firmware option to prevent that.

    Or on a printer that doesn't have maximum endstops, repeatedly drive all axes towards the maximum physical limit at maximum torque to induce physical damage.

    Go back to my first comment where I said: "If your OctoPrint instance is not publicly exposed, you should be okay. But if your OctoPrint instance is publicly exposed (i.e. to a network or the Internet), this is something you should be aware of."

    The possibility of a VPN is already covered in the first sentence. I'm just trying to inform users who did not think such security was necessary.

    Do you even bother reading my comments or do you just respond emotionally?
     
    #12 centenary, Oct 6, 2016
    Last edited: Oct 6, 2016
  13. daniel871

    daniel871 Well-Known Member

    Joined:
    Apr 18, 2015
    Messages:
    1,174
    Likes Received:
    435
    I'm sorry if you read my posts as hostile when I make no particular effort to be polite in how I word my responses.

    I'm not angry or emotional, I'm just baffled that someone would bother to argue about an unsecured Octopi installation being accessible from the Internet in general when you have to make some very specific decisions during setup to make it vulnerable that way.
     
  14. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    It doesn't have to be the entire Internet, it could just be your own network. Lots of people can be on the same network at the same time, you know. Imagine a school setting where you're sharing the network with lots of people.

    Additionally, some people are dumb enough to expose OctoPrint to the general Internet. Don't underestimate people's stupidity. My comment helps to inform them why it's a bad idea to do so. Why are you opposed to getting that information out?

    Okay, besides exposing the OctoPrint instance to your network, which other decisions during setup do you have to make to make it vulnerable this way? Again, changing passwords does nothing to prevent this issue.
     
    #14 centenary, Oct 6, 2016
    Last edited: Oct 6, 2016
  15. KTMDirtFace

    KTMDirtFace Well-Known Member

    Joined:
    May 18, 2015
    Messages:
    1,204
    Likes Received:
    428
    centenary, is correct. and its an annoying issue of octoprint.

    Daniel I don't think you are understanding the problem.

    I pulled mine from giving it internet access through my router, because you can Upload and Download GCode files and view the webcam without having to log into octoprint. You still have to login to do anything with the printer, but its really stupid that you can upload and download gcode and view the webcam without being logged in. You can test this out on your own network offline. You wont have to actually login to octo print to drag and drop files to it.

    I have no idea why its setup like that. I have not looked into why or if there is an easy way to turn it off.
     
    mark tomlinson likes this.
  16. mark tomlinson

    mark tomlinson Volunteer Admin
    Staff Member

    Joined:
    Feb 21, 2013
    Messages:
    16,751
    Likes Received:
    5,470
    This is one of the reasons (among some other annoyances) we did not use it very long, just experimented with it and then moved on to using an actual computer to front the printers. I can control the access a lot more.
     
    Geof likes this.
  17. WheresWaldo

    WheresWaldo They call me Mr Tibbs!
    Staff Member

    Joined:
    Feb 18, 2015
    Messages:
    3,859
    Likes Received:
    2,449
    Just imagine the havoc you could wreck on all those brand new R2 printers
     
  18. mark tomlinson

    mark tomlinson Volunteer Admin
    Staff Member

    Joined:
    Feb 21, 2013
    Messages:
    16,751
    Likes Received:
    5,470
    IoT brings out a lot of security concerns :) Not so much new concerns, but concerns that are new to the devices that they are now exposed on. We struggle with that all the time. Smart routers and subnets are your friend.
     
  19. daniel871

    daniel871 Well-Known Member

    Joined:
    Apr 18, 2015
    Messages:
    1,174
    Likes Received:
    435
    mark tomlinson and KTMDirtFace like this.
  20. centenary

    centenary New Member

    Joined:
    Oct 5, 2016
    Messages:
    7
    Likes Received:
    5
    Actually if you read the prior question, the developers explicitly tell you how to make OctoPrint generally accessible from the Internet, so the developers must find it acceptable to some degree. The discussion about restricting the displayed information is actually a special case to that prior question rather than the default position taken by the developers.

    And you want to claim that you're not hostile, but then you passive-aggressively imply that I didn't bother to read the documentation and that the issues are just "issues" caused by not reading the documentation. Yeah, okay, not hostile at all.

    Screw me for trying to be helpful. Next time I won't bother.
     
    #20 centenary, Oct 6, 2016
    Last edited: Oct 6, 2016
    supercazzola likes this.
Thread Status:
Not open for further replies.

Share This Page