BLE Session

August uses BLE for communication between the user's cellphone and their smart lock. The BLE is encrypted however, August uses the just works key exchange mechanism. While this makes things very convenient it is not very secure. However, August does not rely on BLE for securing communication between the lock and the phone. August encrypts all communication between the lock and phone with AES128CBC. While establishing a session both the phone and lock generate 64 random bits (they quality of the lock's random number generator is unknown). This article covers the process used to exchange these bits and establish an encrypted session between the lock and the phone. Once an encrypted session is established commands can be issued to the lock.

Offline session establishment

Offline Session

Online session establishment

Online Session

If you break yours or anyone else's lock it is your own fault. While I've tried to make both the tools and directions in this repository easy to use there is an inherent risk associated with any project like this. Please use all information provided on this site in a responsible manner. As with any lock picking only use these tools and information on locks you own or have permission to manipulate.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BLE Session

Offline session establishment

Online session establishment

API

MTiM proxy

iOS App

Bluetooth

Firmware

Hardware

Clone this wiki locally