Note for other readers: the two sentences in the parent post have nothing to do with each other. The Robert Heathon post does not describe how to break cert pinning without needing hardware/firmware modifications unfortunately.

The only relevant thing to repeat here might be this

> if you can’t get access to your IOT device’s hardware in order to add a new root CA to it, your journey mostly ends here. Don’t lose hope though. Leave your setup running for a while and see if anything strange happens. When I attempted the above process on my baby’s crib, the device refused to trust Burp’s certificate and so refused to complete a TLS handshake with my laptop. But after a minute or two of repeated failures, the crib started sending out some of its system status data over plain, unencrypted HTTP!