How to authenticate with Sony Bravia TV IP Control without preshared key

Question

This guide (https://pro-bravia.sony.net/develop/integrate/ip-control/) describes how you can use the IP Control API by setting a preshared key in the TV menu and sending this key with a header (X-Auth-PSK: [Pre-Shared Key]) with the request.

Other applications than mine discover my television on the network, and a (one time) pin pops up on the television which then is entered by the user on the client side (like a remote app). How does this authentication flow work? How can I implement it myself?

Answer 1

You can invoke the auth by executing the following code , first open a tab in your browser and enter the ip address of your TV , so that when you execute this code via the console you will not get a CORS error.

var tvIPAddress = '192.168.0.16'; // the IP of the TV
var id = 1001; // random integer number ( that will be assigned to your control device )

var xhr = new XMLHttpRequest();
xhr.open('POST', 'http://'+tvIPAddress+'/sony/accessControl');
xhr.send(JSON.stringify(
{method: "actRegister",
  version: "1.0",
  id: id,
  params: [{ clientid: "DEVICE NAME: RANDOM-CLIENT-ID-XXXXXXXXXX" , nickname: "YOUR-DEVICE-NAME" },[{function:"WOL",value:"no"}]]
  }
));

Then in the popup enter the PIN code from the TV as the password. Leave the username field empty.

Then you can send IRCC commands like this:

var code = "AAAAAQAAAAEAAAASAw=="; // volume up

xhr.open('POST', 'http://192.168.0.16/sony/IRCC');
xhr.setRequestHeader('SOAPACTION', "urn:schemas-sony-com:service:IRCC:1#X_SendIRCC");
xhr.send('<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:X_SendIRCC xmlns:u="urn:schemas-sony-com:service:IRCC:1"><IRCCCode>'+code+'</IRCCCode></u:X_SendIRCC></s:Body></s:Envelope>');

You can find more info here : https://pro-bravia.sony.net/develop/integrate/ircc-ip/overview/index.html

Answer 2

It's depend on authentication type which was chosen on TV This documentation partially describing it: https://pro-bravia.sony.net/develop/integrate/ip-control/index.html#ip-control-authentication

In total we have four types of Authentication:

- None - means you no need any auth processes or any auth params for remote access to Sony Bravia API

- Normal - the case which describes Antagonist here. You should send a “sony/accessControl” request with the method “actRegister”. The TV should show a four digit code, then you should send the same request using this code as the password of basic authentication (with empty username). TV response will have headers "Authorization" and "Cookie", you should use this headers in all you request for using Sony Bravia API

- Pre-Shared Key - when you choose this auth method in your Sony TV, you must enter a 4 digit number (on TV). All requests to Sony Bravia API should have header "X-Auth-PSK" with this code.

- Normal and Pre-Shared Key - you should use one of these types of authentication.

The different TV models have different auth types. But looks like all models have Pre-Shared Key or Normal and Pre-Shared Key auth type.