After doing some research on the control4 product, we found that there is a default root password.
Getting the flag
The flag is located on the SD card, so we go look in
$ cd /mnt/sd/ $ ls Flag.txt flash lost+found
We found the flag, and now we can
cat it out and capture it.