After getting the NEO connected somewhere I would be able to sniff the traffic on I did just that. Much to my dismay, I found this:
Hmm.. QUIC, this is new to me. After a bit of research, I found that this might be a dead end. Turns out the Android app doesn't communicate directly with the device, but instead binds it to their "cloud" at setup. Not to worry, the box assures me that it is very secure (this reminds me to look back into what kind of tunnel is built between this 54.227.237.229 AWS host and the socket).
My only chance of redemption here was to look at the code of the android app (by using some sketchy web-based decompiler) to see if there were any keys, or any indication of how to emulate/circumvent the encryption -- it was a bust.
