MiTM stealth
The August smart phone application sends all unlock and lock events back to their web-servers. The primary benefit of this to users is they can see when a guest unlocks or locks their door. However, August records this and other data for all users, including lock owners. This is not only creepy it is dangerous! By doing this August is ensuring their webservers not only have the keys to open your lock, but they also have detailed records which strongly indicate when you are home, and when you are not.
Owners can run the following script via mitmproxy's -s option to prevent August from recording when you open and close your lock. Guests can use this script to prevent lock owners from knowing when you lock or unlock their homes, disproving August's claim that owners will know when guests come and go.
from mitmproxy.models import HTTPResponse
from netlib.http import Headers
def request(context, flow):
if flow.request.path.lower().startswith(("/locks/usage/", "/locks/log/unknown/", "/locks/log/requesttime")):
resp = HTTPResponse(
b"HTTP/1.1", 200, b"OK",
Headers(Content_Type="application/json"),
b"{\"message\":\"success\"}"
)
flow.reply(resp)If you break yours or anyone else's lock it is your own fault. While I've tried to make both the tools and directions in this repository easy to use there is an inherent risk associated with any project like this. Please use all information provided on this site in a responsible manner. As with any lock picking only use these tools and information on locks you own or have permission to manipulate.