tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup. It didn’t go as planned. The Lock and API As all BLE-Locks work, they require an App to talk to the Lock itself and an API on the company side.

I like a good challenge. During some reconnaissance, i found the career challenges of contextis and was kind of drawn into the web application ones. The challenge The challenge itself is a basic PHP Code Review with the following task: You have downloaded a fancy CMS. Can you identify a way to extract the administrator hash? The accepted solution is the payload used to receive the hash. IF YOU READ ON, SPOILER AWAITS