Skip to content

Instantly share code, notes, and snippets.

@ma5ter

ma5ter/Creality K1C 2005 Fluidd Installation Instruction.md

Last active February 13, 2026 13:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ma5ter/0ca8d16a7ceb66bc2690c628fa92b721 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ma5ter/0ca8d16a7ceb66bc2690c628fa92b721 to your computer and use it in GitHub Desktop.
Download ZIP
Creality K1C 2005 Fluidd Installation Instruction
Raw
Creality K1C 2005 Fluidd Installation Instruction.md

Creality K1C 2005 Fluidd Installation Instruction

0. Prerequisites

0.0 Root the printer

Use this gist as a starting point https://gist.github.com/C0DEbrained/c6f508109e34f43a39f4c22e901408dd

In my case after execution of the original script and first reboot printer stopped to accept connection to 22 port, so I rewrote the persistence script inside the exploit and applied exploit again.

/etc/init.d/S50dropbear stop
for pid in $(pgrep 'dropbear') ; do kill "$pid"; done
[[ -d /root/.ssh ]] || mkdir -p /root/.ssh
echo '{PUBLIC_KEY}' > /root/.ssh/authorized_keys
[[ -f /etc/dropbear/dropbear_ed25519_host_key ]] || cp /etc/appetc/dropbear/dropbear_ed25519_host_key /etc/dropbear/dropbear_ed25519_host_key || (mkdir -p /etc/appetc/dropbear/ && dropbearkey -t ed25519 -f /etc/appetc/dropbear/dropbear_ed25519_host_key)
[[ -f /etc/dropbear/dropbear_ed25519_host_key.pub ]] || cp /etc/appetc/dropbear/dropbear_ed25519_host_key.pub /etc/dropbear/dropbear_ed25519_host_key.pub
sed -i 's#sbin/nologin#bin/sh#' /etc/passwd
(mount -o remount,rw /media/creality/sda1 && /sbin/dropbear -p 65522 -s -E >> /media/creality/sda1/dropbear.log 2>&1) || /sbin/dropbear -p 65522 -s -E >> /tmp/dropbear.log 2>&1

Small explanation follows:

  1. Script stops the existing dropbear SSH service legally.
  2. Kills any remaining dropbear processes if any.
  3. Creates the .ssh directory for root if it doesn't exist.
  4. Adds a public key to root's authorized_keys for SSH access.
  5. Copies existing for host identity persistence or generates new dropbear host keys.
  6. Modifies /etc/passwd to enable shell access for root.
  7. Starts Dropbear on port 65522, attempting to log to USB first, falling back to /tmp.

It also prefers using modern ed25519 keys only and reuse my existing key.

0.1 Install a web-server

I'm very skeptical to use an outdated SDK from the official source, they still compile with gcc 7! So we'll build our better one with at least blackjack.

Lucky me I'm on Gentoo for last 20 years and I have a crossdev functionality which works like a charm.

So first of all either switch to Gentoo, or install Gentoo into your LXC you already use, I'm sure ;-) or run Gentoo under some kind of other container or virtualization system.

Install new crossdev environment if you don't have it yet:

crossdev --show-fail-log -t mipsel-unknown-linux-gnu --ex-gdb

Avoid adding --stable as it will fail installation as all glibc versions are in testing state now.

After crossdev is ready deploy all the glibc libraries from buildroot to a persistent storage e.g. /usr/apps/bin/lib. You need all from /usr/mipsel-unknown-linux-gnu/lib and /usr/mipsel-unknown-linux-gnu/usr/lib. Pack all with tar (without gzip, as printer lacks this functionality) to preserve symlinks and unpack directly into /usr/apps/bin/lib so all so's go there.

tar -cvf libs.tar -C /usr/mipsel-unknown-linux-gnu/usr/lib . -C /usr/mipsel-unknown-linux-gnu/lib .

Check if libc.so is a symlink and make one to libc.so.6 if missed.

Choose any lightweight web server. My choice was civetweb.

git clone --depth 1 https://github.com/civetweb/civetweb.git

To use newer glibc in parallel we need to tell kernel to use another loader and also setup rpath, so just add to the Makefile or CMakelists.txt (project supports both) needed linker options:

set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--dynamic-linker=/usr/apps/bin/lib/ld.so.1 -Wl,-rpath,'$ORIGIN/lib'")

Configure with preferable options. I used -D CIVETWEB_DISABLE_CACHING=ON -D CIVETWEB_ENABLE_WEBSOCKETS=ON

After build, you will get a small binary of less than 300k which should be put into /usr/apps/bin/

Write config /usr/apps/etc/civetweb.conf

listening_ports 8080
document_root /usr/data/www

And init script and put it into /usr/apps/etc/init.d/S99www

#!/bin/sh
log_file=/usr/data/printer_data/logs/www.log

trace_log()
{
	printf "`date`: $1\n" >> $log_file
}

trace_log "$0 $1"

case "$1" in
	start)
		trace_log "run civetweb"
		su -s /bin/sh -c "/usr/apps/bin/civetweb /usr/apps/etc/civetweb.conf >> $log_file 2>&1 &" www-data
	;;

	stop)
		trace_log "stop civetweb"
		for pid in $(pgrep 'civetweb') ; do kill "$pid"; done
	;;
*)
	echo "Usage: $0 {start|stop}"
	exit 1

esac

1 Install Fluidd

Follow their short instruction for manual build https://docs.fluidd.xyz/installation/manual

Copy all files from dist into /usr/data/www

Set rights

chown -R root:www-data /usr/data/www
chmod -R o-r-w-x-X,g-w /usr/data/www

Open http://<printer>:8080/index.html

Add the camera as HTTP page http://<printer>:8000/

That's it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment