MiTM Make Admin
August supports multiple user types. For example owners are suppose to be able to access alter lock settings while guests are not. While the application makes it appear that this is true it is not. The only component which attempts to enforce this is the application. As with any system any security control which is enforced by the UI isn't a proper security control because it can be easily avoided or bypassed by the user.
With regards to accessing the locks settings one of the easiest ways for guests to achieve this is to manipulate API responses to say the user is the lock's owner. When the following code is run via mitmproxy's -s option guests can gain access to the lock's settings thru the official mobile application.
def response(context, flow):
flow.response.content = flow.response.content.replace('"user"', '"superuser"')If you break yours or anyone else's lock it is your own fault. While I've tried to make both the tools and directions in this repository easy to use there is an inherent risk associated with any project like this. Please use all information provided on this site in a responsible manner. As with any lock picking only use these tools and information on locks you own or have permission to manipulate.