Defeating Cert Pinning
Jmaxxz edited this page Jul 30, 2016
·
15 revisions
The follow steps can be used to bypass the certificate pinning used by the August smartphone app without needing to jailbreak the device.
- Open settings
- Press and hold the application version number.
- Enter "DreadfulDow" in the prompt (case sensitive).
- Tap on https://api-production.august.com to change web-service the application will use.
- Tap other to specify a custom URL.
- Enter url of server you control which can relay requests to August's server. (Both HTTP and HTTPS can be used.)
- Monitor to, modify, and otherwise mess with traffic between the app and the August services.
If you break yours or anyone else's lock it is your own fault. While I've tried to make both the tools and directions in this repository easy to use there is an inherent risk associated with any project like this. Please use all information provided on this site in a responsible manner. As with any lock picking only use these tools and information on locks you own or have permission to manipulate.