Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE.txt Add files via upload May 18, 2019

Build Status Contributors MIT License DOI



A Python program to unlock any Tzumi Klic smart padlock!

· Report Bug · Request Feature

About The Project

[Product Name Screen Shot]

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2

This program was developed during scientific research in Bluetooth lock security. Attempts were made to contact the manufacturer 45 days before release. This vulnerability was assigned to CVE-2019-11334.

Built With

Major frameworks used in the project.

Getting Started

You will need a valid account name and password for the Klic Lock application downloadable from Google Play or the App Store.


The program requires a Linux operating system with bluepy and pycrypto installed. See respective links for installation procedures.


Unlock lock associated with valid account and password:

python -a -p mypassword

Scan and unlock all locks within range using valid account and password:

python -a -p mypassword -u

Unlock lock using lock key and MAC:

python -k 99999999999999999999999999999999 -m 01:02:03:04:05:06


Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature)
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request


Distributed under the MIT License. See LICENSE for more information.


Kerry Enfinger -

Project Link:


You can’t perform that action at this time.