| ▲ | z3ugma a day ago | |
After you flash the exploit and SSH into the thermostat you can see it at https://github.com/codykociemba/NoLongerEvil-Thermostat/issu... It's a boot script called /bin/nolongerevil.sh that supplies its own trust material and redirects traffic intended for frontdoor.nest.com to a hard-coded IP 15.204.110.215. 99.9% of this image is the original copyrighted Nest image. Maybe it's enough for the bounty though? And I suppose you could change that IP to a local server. If you wanted to publish the server side Nest API discovered through WireShark . Just stand up your own http rest server. | ||
| ▲ | thefroh a day ago | parent [-] | |
presumably it's the reverse engineered server that has most of the work put into it, and one would hope that's what is going to be released if the developer decides to | ||