Hi all, I’ve got a Harman Kardon Aura speaker that has served me well for a number of years. I’m hoping to find someone who might be keen to help reverse-engineer the protocol it uses to communicate with its companion app.
The situation
The speaker connects over wifi and supports AirPlay. For its initial connection, it can be set up over USB using a built-in iOS function or it can broadcast its own wifi to connect to your own network. These things will continue to work in perpetuity.
Less certain is the fate of the HK Remote app. It also allows control over a couple of things that can’t be controlled by the config page or physically: bass and a special EQ function. The app does the job, but one day an iOS update will probably break it.
Initial attempts
This isn’t my area of expertise! I’ve had a go, but I can only get so far! To start, I had my router route all packets to my main computer (192.168.1.2) and captured the packets from the speaker (192.168.1.184) with WireShark.
Looking at any packets that might be immediately relevant, we get this:
HTTP/1.1 200 OK
CACHE-CONTROL: max-age=1800
EXT:
LOCATION: http://192.168.1.184:8080/description.xml
SERVER: KnOS/3.2 UPnP/1.0 DMP/3.5
ST: upnp:rootdevice
USN: uuid:5f9ec1b3-ed59-1900-4530-e8c74f044a37::upnp:rootdevice
And this:
GET /conf4?sdkver=50054&appver=21&device=e7abdeef0c9bdb94cff76b42361ffa83506fca84&networktype=wifi&appkey=117b3d6c92b&apppkg=com.harmankardon.avr&plat=2 HTTP/1.1
Host: api.share.mob.com:80
Accept: */*
Cookie: __jsluid_h=42c2bb24f6d02b1d164a9a232b5fea0d
User-Agent: HK%20Remote/21 CFNetwork/1125.2 Darwin/19.4.0
Accept-Language: en-au
Accept-Encoding: gzip, deflate
Connection: keep-alive
So it looks like things are sent and received in a zipped format… any ideas on how to proceed from here?
