BLE Session
August uses BLE for communication between the user's cellphone and their smart lock. The BLE is encrypted however, August uses the just works key exchange mechanism. While this makes things very convenient it is not very secure. However, August does not rely on BLE for securing communication between the lock and the phone. August encrypts all communication between the lock and phone with AES128CBC. While establishing a session both the phone and lock generate 64 random bits (they quality of the lock's random number generator is unknown). This article covers the process used to exchange these bits and establish an encrypted session between the lock and the phone. Once an encrypted session is established commands can be issued to the lock.
If you break yours or anyone else's lock it is your own fault. While I've tried to make both the tools and directions in this repository easy to use there is an inherent risk associated with any project like this. Please use all information provided on this site in a responsible manner. As with any lock picking only use these tools and information on locks you own or have permission to manipulate.