I bought a known disabled Glowforge Plus from a guy on Craigslist. He was super cool about it, and very open about what happened. Someone else sold it to him without telling him it was stolen. He contacted GF, they told him he was screwed. He had no desire to invest more time into it. I bought the machine for $250 knowing it was blacklisted.
So I’m a Software Engineer with some (minor) reverse engineering / firmware experience and have a mint condition Glowforge Plus and I’m looking to bring it back to life, am I in the right place?
I see that there’s both a firmware effort and a new board effort. Why both? If the bootloader of their mainboard isn’t protected, IE we have code that can run on it, why not focus efforts on getting that running grbl or whatever?
That is a great price for that machine, even if it is disabled.
My only concern for you is that, if your GF is truly stolen then it might legally be someone else’s property. I think I saw your story posted elsewhere, and you mentioned that it isn’t actually reported stolen but just not registered properly in their system. IANAL, but I might start with a good-faith effort to locate the original owner to avoid any possible problems down the road.
Scott would have to tell you his motivations for the various approaches he’s taken, but one complication with the Glowforge is that most of the intelligence for controlling it is in the cloud. What gets sent down to the unit for a “print” job is a low level stream of control commands. So the work he is doing seems to be centered around understanding that control language and the hardware features of the machine.
From what I gather, he is getting close to being able to expose a REST API from the Glowforge that will allow the cutter to be controlled via the local network, without a cloud connection. From there, it should be a short leap to make a GRBL-compatible layer that would allow you to use Lightburn or other control solutions.
Glowforge has done a great job of dumbing down the technology to make it easy for non-technical people to use. Unfortunately, their business model seems to be dependent on locking people into their ecosystem. I wish they would embrace the value of open standards and interoperability, but I suppose there are other solutions on the market for those who value such things.
I authorized Glowforge to find the original owner and offered to sell them back the machine for a discount on a new one, they declined both.
The guy who sold it to me also worked with them, no luck on his end either.
I’ve been rapidly reading up on Scott’s work and story. I’ve also reached out to Dan at Glowforge. Scott’s progress is pretty amazing, in particular I super appreciate the documentation of the reversing efforts he’s put together on the Wiki.
Yes the Glowforge is impressively dumb even in the world of “turning Arduino’s into 3D printers” I have to say this is a particularly dumb endpoint. I hear the rumors about GF’s “business model” which sounds like it’s very marketplace driven once you buy the machine. Very disappointing really.
Guess we’ll just have to liberate this poor thing.
My understanding is that the boot image is in-fact signed and that the current workaround is by using the open root account and another image on an SD card slot they left on the board (the contacts for one at least). I think this is a liability given that GF can always lock that account down and remove those traces in future boards. I assume that’s the point of developing a drop-in replacement board, which in many ways is even more impressive.
If I recall correctly the original idea behind designing a replacement board was because the first board made quite a few questionable hardware decisions, but Scott would have to weigh in on that. I know that the controller board shipped with the GF has changed (notably by removing the main entry point for debugged I believe?) since Scott started this project.
I certainly do not want this project to viewed as an end-run around factory disablement of stolen units.
I have no idea how widespread this problem is, and I am only aware of a couple of cases like this, so hopefully this is a non-issue.
The fact that you bought a known stolen unit is troubling, but I’ll leave the ethical issues surrounding this to be debated by others.
I originally started reverse engineering the unit with the intent to create a custom firmware image. This was before GF released their “open source” package, and little was known about the actual hardware. While probing various IO pins, I accidentally shunted 12V into a 3.3V pin. Poof! I no longer had a functional GF. As replacement parts are not available, I opted to work on a drop-in replacement board.
A drop-in replacement board has numerous advantages over customized firmware, the least of which is that the design of the board is known. Though I had developed a fully functioning hardware design, I failed to generate much interest in the project (couldn’t even give them away!), and eventually halted work on it.
Later, as units began to age and the cost of repair exceeded what people were willing to spend, non-functional used units became available on the secondary market. I was able to purchase a few of these and hobble together another functioning machine with all factory hardware. Using that, I started up again with the intent to develop a firmware image that will work on the factory boards.
At this point, I have a minimally functional image that can be installed on a factory unit without much effort. I am currently working a C based control daemon with a REST API.
I plan to go back to the hardware work after this firmware and daemon are complete, as I can continue to build on them with better hardware.
The boot image itself is not signed. It’s the firmware update packages that are signed. This is really a only problem if you want to the builtin upgrade capabilities of the machine.
The when you put the machine into recovery mode (hold down the button while powering the unit up), it makes a rudimentary API available to the user. This is most commonly used to download the log files, but it can also be used to upload firmware images. However, to use this, the firmware package must be signed by Glowforge.
The SD card slot is not populated (the solder pads are there, but the part is not). The part can be added by anyone skilled with a soldering iron, but it is not strictly needed. The factory board has a 4GB eMMC flash device built in. As the factory image is less than 200MB (stored twice), there is plenty of space on there for other firmware images to peacefully coexist.
As to locking down the board - there is no way for Glowforge to do this that can’t be undone by a savvy end-user. If they add a root password, the unit can be booted in single user mode, and the password removed (this is true of most Linux systems). If they updated the bootloader so that only signed images could boot, the boot loader can be replaced easily (my Yocto package already builds a suitable one).
The only way they could lock us out is through a hardware redesign - which would likely be a completely new model. We can deal with that if/when it happens.
I bought it knowing it was disabled, I did not discover it was stolen until I emailed Glowforge. Ethically speaking, this is the Bay Area. I’m sure the delivery was signature confirmation, so I doubt it was package theft (the box is huge anyway), so it was probably more interesting than that. Whenever happened, everyone rents in the Bay, most have renters insurance, and I have a soft spot for hardware that is well designed but not usable. Unless returned to the original owner, which I outright offered Glowforge to do, they certainly know who bought it, this machine is a brick.
It also came in the box with most of the stuff and has signs of minor use. If I had to guess I would say it left wherever it was in the box. That’s really strange and smells of some kind of something. Like a school where the teacher expensed it and then took it home or whatever.
Nonetheless, unless I get an email from Glowforge or the cops asking for the unit, I’m going to press forward. People in this area kind of deal. There’s a certain New York element to the Bay.
Moving on…
It’s really good that we can burn custom images to it without worry. That gives me a lot of hope.
In general, I’m wondering how to make the best of this situation. Do you @ScottW514 need a real GF mainboard to experiment on? I would be open for swapping boards if you’d help me understand how to get one of your boards working.
Delivery drivers often fake the signature if they’re in a hurry. Particularly if they lug a heavy box to a difficult-to-reach door and then find nobody home. They don’t want to lug it back to the truck and know that they’ll probably be sent back out to try again the next day.
How minor? They do test them all at the factory before shipping out so there’s often some smoke residue and other signs of minor use when they’re first delivered. (There’s also the possibility of a unit being stolen when it was returned to GF or when being returned to a customer after repairs.)
If the machine was, in fact, stolen, I can understand why the company didn’t want to facilitate a resale of the machine back to its original owner, as that may not be legal. Stolen property belongs to the original owner, and you would be expected to give it back. (The owner might give you a reward, but that would be entirely at their discretion.)
Perhaps it was a grey area, like an error that had the company ship it to the wrong address. (This is not the same as the case where the delivery driver drops it off at the wrong address - different from the one printed on the shipping label.) The receiver of unsolicited goods is usually not required to pay for or return such goods.
It is also possible that your machine legitimately changed hands without a clean handoff of ownership in the company database. I bought my machine second-hand, and there was a multi-step process with Glowforge Support to get the seller to transfer ownership to me.
If anyone bought it without getting the previous owner to go through the handoff process with support, it would be like a car without a clean title. It might not ever have been stolen, but the chain of ownership would not be documented.
I am surprised the company didn’t at least try to contact the original owner to determine the legal status of the unit. Or maybe they did, and felt no obligation to tell you.