a-bissell/unleash-lite

UnLeash Lite is a security research tool for the Unitree Go2, a four-legged consumer robot. The README describes it as a WebRTC jailbreak: it gets root-level shell access on the robot by sending a small Python payload over the same WebRTC data channel that the official Unitree mobile app already uses. To run it you need to be on the same local network as the robot and have a physical game controller paired to it. The payload is tied to a controller button combination, and the robot executes it as root when you press that combination. The tool is published as a Python package. After installing it with pip, you run commands like ssh, ssh-persist, custom, or reverse-shell against the robot's IP address. The ssh mode turns on SSH and sets a root password so you can log in directly. The persist mode adds a guard service that keeps SSH alive across reboots and Unitree's own firmware updates. Custom mode runs any shell command as root, and reverse-shell connects back to an attacker-controlled IP. The README is clear about two firmware regimes. On firmware 1.1.14 and earlier, the WebRTC layer used a single shared AES key, so no extra setup is needed. On 1.1.15 and later, Unitree moved to a per-device key, and the tool ships a fetch-key command that pulls the device key from the Unitree cloud account that owns the robot. If you already have SSH access, you can also read the key off the robot directly. There are extra bypass modes named bypass-hosts, bypass-file, bypass-cron, and bypass-escalate. These work around a keyword blocklist that Unitree added to the programming_actuator API in newer firmware. They encode the Python payload as byte arrays and use a numpy file writer to slip past the filter. The README credits the public security research it builds on, including disclosed CVEs and prior work by named researchers, and states that the project is for security research, education, and right-to-repair use only. The code is MIT licensed.