Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
KlicUnlock.py
LICENSE.txt Add files via upload May 18, 2019
README.md
logo.png
screenshot.png

README.md

Build Status Contributors MIT License DOI


Logo

KlicUnLock

A Python program to unlock any Tzumi Klic smart padlock!

· Report Bug · Request Feature

About The Project

[Product Name Screen Shot]

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2

This program was developed during scientific research in Bluetooth lock security. Attempts were made to contact the manufacturer 45 days before release. This vulnerability was assigned to CVE-2019-11334.

Built With

Major frameworks used in the project.

Getting Started

You will need a valid account name and password for the Klic Lock application downloadable from Google Play or the App Store.

Prerequisites

The program requires a Linux operating system with bluepy and pycrypto installed. See respective links for installation procedures.

Usage

Unlock lock associated with valid account and password:

python KlicUnlock.py -a myaccount@example.com -p mypassword

Scan and unlock all locks within range using valid account and password:

python KlicUnlock.py -a myaccount@example.com -p mypassword -u

Unlock lock using lock key and MAC:

python KlicUnlock.py -k 99999999999999999999999999999999 -m 01:02:03:04:05:06

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature)
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

Distributed under the MIT License. See LICENSE for more information.

Contact

Kerry Enfinger - k.enfinger@whitehatdefenses.com

Project Link: https://github.com/whitehatdefenses/KlicUnLock

Acknowledgements

You can’t perform that action at this time.