|
|
|
|
|
|
by z3ugma
221 days ago
|
|
|
After you flash the exploit and SSH into the thermostat you can see it at https://github.com/codykociemba/NoLongerEvil-Thermostat/issu... It's a boot script called /bin/nolongerevil.sh that supplies its own trust material and redirects traffic intended for frontdoor.nest.com to a hard-coded IP 15.204.110.215.
99.9% of this image is the original copyrighted Nest image.
Maybe it's enough for the bounty though? And I suppose you could change that IP to a local server. If you wanted to publish the server side Nest API discovered through WireShark . Just stand up your own http rest server. |
|
|