return to is this even a language?

Remote control Bravia TVs that require authentication

14 Nov 2014

While older Sony Bravia TVs don’t require authentication to receive commands via HTTP, mine does. If you try, it will complain with an “Action not authorized” error. Others [1] [2] have the same problem, but there were no solutions available as of writing.

Luckily the authentication scheme is very simple and can be implemented in a couple of cURL calls. Unfortunately the cURL commands get rather long, so I’ve put them into simple shell scripts. The code is available on GitHub.

Usage: Authentication

  1. Clone the repository: git clone https://github.com/breunigs/bravia-auth-and-remote
  2. Edit auth.sh and enter your TV’s IP address. Also specify your device name (most likely $HOST) and a “nick” for this authentication. It’s only used for identification purposes in the TV’s menu.
  3. Run ./auth.sh. It will make two requests to the TV that are almost identical. The first will fail due to missing authentication, but the TV will display a PIN. Enter that 4-digit code into the still running script and hit enter. The script will repeat the request, but this time with HTTP Basic Authentication without user name, using the password/PIN you just entered.
  4. The script will print an auth= line. This is the cookie that has to be passed to each further request to the TV. When you use cURL, just add --cookie 'auth=…' and your requests should work.

Commands found on other websites will usually work once you add the cookie parameter.

Usage: Basic Remote Control

The repository contains some helpers I found useful. They will automatically read the auth_cookie file that has been created when you ran auth.sh, so you don’t have to specify it each time.

Other Commands / More Details

You can find some unused commands I extracted from the TCP dump as cURL calls in the commands file.

If you want to reverse engineer some more, it’s obvious you need to intercept the connection between the “TV SideView Sony” app and the TV. A very convenient way is to install tPacketCapture on your Android. It works as a proxy that outputs a .pcap file you can easily inspect with Wireshark. tPacketCapture doesn’t require root.

Enjoy!