I’ve tried looking everywhere for an alternative to the horrible app Harman Kardon made for the AVR Series Receivers, they refused to disclose how it works. Screw them.
So naturally I tried all the good script kiddie stuff like nmap. Right away I found an open web server, on port 80,8080. 8080 Turned out to be useless, and was just part of the DLNA functionality. and port 80 refused all connections. Next I wiresharked the stereo, it turned out to be a very noisy affair, but alas I found some http posts, to port 10025, in XML Format. It looks something like this
<?xml version="1.0" encoding="UTF-8"?> <harman> <avr> <common> <control> <name>volume-up</name> <zone>Main Zone</zone> <para /> </control> </common> </avr> </harman>
This can be sent using wget, although you won’t get a response, so you’ll need to kill wget yourself after sending.
wget --quiet \ --method POST \ --header 'content-type: application/xml' \ --header 'cache-control: no-cache' \ --body-data '<?xml version="1.0" encoding="UTF-8"?>\n<harman>\n <avr>\n <common>\n <control>\n <name>volume-up</name>\n <zone>Main Zone</zone>\n <para />\n </control>\n </common>\n </avr>\n</harman>' \ --output-document \ - http://192.168.1.177:10025/
I cannot yet find a detailed list of commands, but the great thing is that it takes a string, not some complicated or obfuscated code.
Later on I’ll create a wireshark filter for this xml, and mash buttons inside the app to collect some valid names of instructions.