While older Sony Bravia TVs don’t require authentication to receive commands via HTTP, mine does. If you try, it will complain with an “Action not authorized” error. Others   have the same problem, but there were no solutions available as of writing.
Luckily the authentication scheme is very simple and can be implemented in a couple of cURL calls. Unfortunately the cURL commands get rather long, so I’ve put them into simple shell scripts. The code is available on GitHub.
- Clone the repository:
git clone https://github.com/breunigs/bravia-auth-and-remote
auth.shand enter your TV’s IP address. Also specify your device name (most likely
$HOST) and a “nick” for this authentication. It’s only used for identification purposes in the TV’s menu.
./auth.sh. It will make two requests to the TV that are almost identical. The first will fail due to missing authentication, but the TV will display a PIN. Enter that 4-digit code into the still running script and hit enter. The script will repeat the request, but this time with HTTP Basic Authentication without user name, using the password/PIN you just entered.
- The script will print an
auth=line. This is the cookie that has to be passed to each further request to the TV. When you use cURL, just add
--cookie 'auth=…'and your requests should work.
Commands found on other websites will usually work once you add the cookie parameter.
Usage: Basic Remote Control
The repository contains some helpers I found useful. They will automatically read the
auth_cookie file that has been created when you ran
auth.sh, so you don’t have to specify it each time.
./print_ircc_codes.sh <TV-IP>: Prints list of IRCC (remote control commands) that your TV understands.
./send_command.sh <TV-IP> <IRCC-Command>: Sends an actual command to the TV. Note that it will return immediately, i.e. it does not wait for the TV to actually finish the command. The TV will return an error if the given command is invalid. However, it will report success, even if the command does not make sense. Instead, it will display an OSD message.
./example_goto_media_player.sh: An example which will (most likely) open the media player. Note the sleeps have to be adapted to the action executed.
Other Commands / More Details
You can find some unused commands I extracted from the TCP dump as cURL calls in the commands file.
If you want to reverse engineer some more, it’s obvious you need to intercept the connection between the “TV SideView Sony” app and the TV. A very convenient way is to install tPacketCapture on your Android. It works as a proxy that outputs a
.pcap file you can easily inspect with Wireshark. tPacketCapture doesn’t require root.