Menu
I'm curious if it's possible for me to write programs that can control an Apple TV, specifically an Apple TV 4th gen running tvOS 9.1.1, like Apple's Remote app for iOS can. I'd like to send it commands for navigating in the four cardinal directions, selecting an item on the screen, going up the navigation stack -- essentially what Apple's Remote app can do.
Has anyone done any work reverse engineering the protocol it uses? Cursory Googling only has so far yielded out of date results about earlier generation Apple TVs and the DAAP protocol which looks like something different than what I want.
705
If you have an Apple TV (4th generation or later), HomePod, or HomePod mini, or if you set up an iPad (with iOS 10.3 or later, or with iPadOS) that you leave at home, you can use remote access. The Apple TV, HomePod, HomePod mini, or iPad acts as a home hub, which allows remote access to your accessories.
With the Apple TV Remote in Control Center, you can control your Apple TV or AirPlay 2-compatible smart TV with your iPhone, iPad, or iPod touch.
The remote uses Bluetooth 5.0 to communicate with Apple TV 4K and IR technology to control other devices. Learn more about your Siri Remote or Apple TV Remote.
So the discontinuation of the app could have been done to encourage users to use the new Remote feature which has been built in the Control Center in iOS 1. With the new Remote feature that has been built in the Control Center in iOS 12, Apple TV users will be able to get access to all the controls on Siri Remote.
I captured the traffic on my iPhone using tcpdump and analyzed it with WireShark. The Remote app asks the Apple TV with normal HTTP requests on port 3689.
The workflow of the app consists in four HTTP requests:
/server-info for getting infos about the Apple TV. It responds with a Apple proprietary DAAP response (Digital Audio Access Protocol) providing some tags about the device, like the display name./login is performed during connection, when the app displays the "Connecting to Apple TV..." message. It responds with a DAAP about the login status./home-share-verify validates the connection between the app and the Apple TV. This call needs a Client-DAAP-Validation header with a long unknown string value. According to Wikipedia, this seems to be like an hash generated by a certificate exchange between verified sources that was introduced in iTunes 7.0+ and never reverse engineered./ctrl-int/1/{controlpromptupdate|controlpromptentry|playstatusupdate} seems to be the calls made for the input buttons.Some other minor calls are fired in between (like a Bonjour service update or a /databases call).
Here and here you can find more infos. Hope this helps for getting an overview of how this simple (but protected) app works.
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
