Harman Kardon Aura speaker control

Hi all, I’ve got a Harman Kardon Aura speaker that has served me well for a number of years. I’m hoping to find someone who might be keen to help reverse-engineer the protocol it uses to communicate with its companion app.

The situation

The speaker connects over wifi and supports AirPlay. For its initial connection, it can be set up over USB using a built-in iOS function or it can broadcast its own wifi to connect to your own network. These things will continue to work in perpetuity.

Less certain is the fate of the HK Remote app. It also allows control over a couple of things that can’t be controlled by the config page or physically: bass and a special EQ function. The app does the job, but one day an iOS update will probably break it.

Initial attempts

This isn’t my area of expertise! I’ve had a go, but I can only get so far! To start, I had my router route all packets to my main computer (192.168.1.2) and captured the packets from the speaker (192.168.1.184) with WireShark.

Looking at any packets that might be immediately relevant, we get this:

HTTP/1.1 200 OK
CACHE-CONTROL: max-age=1800
EXT:
LOCATION: http://192.168.1.184:8080/description.xml
SERVER: KnOS/3.2 UPnP/1.0 DMP/3.5
ST: upnp:rootdevice
USN: uuid:5f9ec1b3-ed59-1900-4530-e8c74f044a37::upnp:rootdevice

And this:

GET /conf4?sdkver=50054&appver=21&device=e7abdeef0c9bdb94cff76b42361ffa83506fca84&networktype=wifi&appkey=117b3d6c92b&apppkg=com.harmankardon.avr&plat=2 HTTP/1.1
Host: api.share.mob.com:80
Accept: */*
Cookie: __jsluid_h=42c2bb24f6d02b1d164a9a232b5fea0d
User-Agent: HK%20Remote/21 CFNetwork/1125.2 Darwin/19.4.0
Accept-Language: en-au
Accept-Encoding: gzip, deflate
Connection: keep-alive

So it looks like things are sent and received in a zipped format… any ideas on how to proceed from here?

I was about to research how to wireshark my Aura… found this. I am not alone.
Did you make any progress in the years that have psssed?

No, and sadly the speaker has played its last track.

Too bad … I am still thinking it’s time to liberate that good speaker from the stupid app!

I’ve been doing some analysis on my side. It’s still a work in progress, but I’ve made some good initial strides:

hk_aura_protocol_analysis

Hope this can help!

Following up on my earlier analysis, I’ve gone ahead and created a Home Assistant integration for the Harman Kardon Aura speaker. It’s still evolving, but it already supports a few core features. Hopefully this helps anyone else looking to control the speaker through Home Assistant!

HK Aura Plus Speaker Home Assistant Integration

Wow seriously impressive work there!

Quick update on the integration : I finally cracked the power-on problem !

TL;DR: The HK Aura can be woken from standby by streaming audio over Bluetooth A2DP from a Linux host. Scripts (Linux + macOS + automated setup) are here: scripts

The Aura fully goes to standby mode when you send power-off over WiFi. No wake-on-LAN, the WiFi interface just dies. So while the HA integration could control everything, turning it back on remotely was a dead end.

Turns out, the speaker wakes up when it receives actual audio data over Bluetooth A2DP. Not just a BT connection but actual audio has to flow. So I built a wake script that connects via bluetoothctl, streams a few seconds of audio through PipeWire, then disconnects once TCP 10025 comes back up. HA triggers it via SSH to the host.

The fun part was getting this to work on a headless Raspberry Pi. WirePlumber has a seat monitoring feature that silently blocks Bluetooth audio on SSH sessions (it checks systemd-logind for an “active” seat, which doesn’t exist on headless systems). That one cost me a few hours.

I also wired it into a wake guard automation, if Music Assistant tries to play to the speaker while it’s asleep, HA automatically pauses playback, runs the BT wake, waits for the control port, then resumes. Fully transparent.

Wrote up the full journey here: Waking a Harman Kardon Aura from the Dead