Reverse Engineering EyeTV (DONE)

No need to go further. I just find out that you can use EyeTV with your browser. Just surf to: http://<your eyetv server ip>:2170/eyetv/#home
Goal: Figure out how EyeTV for iPad works
Ultimate goal: Own player to my laptop
This is page where I am going to dump my notes
If you have some questions feel free to contact me via e-mail: mikko.kenttala(ä)iki.fi

Basic info

I have EyeTV3: http://www.elgato.com/elgato/int/mainmenu/products/software/EyeTV-3/product1.en.html
EyeTV software has remote support for iPhone and iPad: http://www.elgato.com/elgato/int/mainmenu/products/software/EyeTV-app.en.html
No remote client to OS X, Windows or Linux
EyeTV uses for video streaming protocol called http-based streaming ( http://tools.ietf.org/html/draft-pantos-http-live-streaming-06 )

Network Traffic Analysis

EyeTV server is 10.0.1.6. eyetv-serverside.pcap
- I started EyeTV on my iPad, selected server, browsed channels and selected one.

Some kind of hand shaking ?

There is lots of these kinds of handshakes before streaming

GET /live/seed/0 HTTP/1.1
Host: 10.0.1.6:2170
User-Agent: EyeTV/1.2.3 CFNetwork/485.13.9 Darwin/11.0.0
X-Eyeconnect-Client: iPhoneApp1
X-Device-Name: Turska%20iPad
X-App-Uuid: 4afe2d893de24c22ffbbcaccc69d6a57
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: application/json
Pragma: no-cache
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 111

...........VP
.L.tLNN-.,..S.R()*M.QPP*JM./J..K/.NMM.J..((..$V.d.. ....3...Rs`..@bi.e.E.%.(....0}....
...../~...

Tuning command ?

GET /live/tuneto/6/1000/0/1/6/AAAAAOgAAALwBQkQGAAAAQAAAAA=/_IPAD_PLAYER HTTP/1.1
Host: 10.0.1.6:2170
User-Agent: EyeTV/1.2.3 CFNetwork/485.13.9 Darwin/11.0.0
X-Eyeconnect-Token: c1e0d9b6768abfcb9ce98b3a0b54d752
X-Eyeconnect-Client: iPhoneApp1
X-Device-Name: Turska%20iPad
X-App-Uuid: 4afe2d893de24c22ffbbcaccc69d6a57
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: application/json
Pragma: no-cache
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 86

...........VP*.MNN-.V.R()*M.QP.5...
.Q.Rr...t .S.........Em.M..].M.s.3..@Z..j.>u.hN...

Stream start

EGET /live/stream/AAAAAOgAAALwBQkQGAAAAQAAAAA=/4/AE74_main.m3u8 HTTP/1.1
Host: 10.0.1.6:2170
Range: bytes=0-72
Accept: */*
Accept-Encoding: identity
Connection: keep-alive
User-Agent: AppleCoreMedia/1.0.0.8L1 (iPad; U; CPU OS 4_3_5 like Mac OS X; en_us)

HTTP/1.1 206 Partial Content
Content-Type: application/vnd.apple.mpegurl
Pragma: no-cache
Cache-Control: no-cache
Content-Range: bytes 0-72/73
Content-Length: 73

#EXTM3U
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=1264000
AE74_sub_1.m3u8

Actual playing

GET /live/stream/AAAAAOgAAALwBQkQGAAAAQAAAAA=/4/AE74_sub_1.m3u8 HTTP/1.1
Host: 10.0.1.6:2170
Accept: */*
Accept-Encoding: gzip
Connection: keep-alive
User-Agent: AppleCoreMedia/1.0.0.8L1 (iPad; U; CPU OS 4_3_5 like Mac OS X; en_us)
X-Playback-Session-Id: 778F19D4-E737-47DC-BF09-5A077C3B504B

HTTP/1.1 200 OK
Content-Type: application/vnd.apple.mpegurl
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 137

#EXTM3U
#EXT-X-TARGETDURATION:1
#EXT-X-MEDIA-SEQUENCE:1
#EXTINF:1,
AE74_sub_1_1.ts
#EXTINF:1,
AE74_sub_1_2.ts
#EXTINF:1,
AE74_sub_1_3.ts
GET /live/stream/AAAAAOgAAALwBQkQGAAAAQAAAAA=/4/AE74_sub_1_1.ts HTTP/1.1
Host: 10.0.1.6:2170
Accept: */*
Accept-Encoding: identity
Connection: keep-alive
User-Agent: AppleCoreMedia/1.0.0.8L1 (iPad; U; CPU OS 4_3_5 like Mac OS X; en_us)
X-Playback-Session-Id: 778F19D4-E737-47DC-BF09-5A077C3B504B

HTTP/1.1 200 OK
Content-Type: video/mp2t
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 9776

You can open link (seen before) http://10.0.1.6/live/stream/AAAAAOgAAALwBQkQGAAAAQAAAAA=/4/AE74_sub_1.m3u8 with ?QuickTimePlayer (in OS X at least). Start ?QuickTime Player -> press cmd + L (Open Location...) -> Give that url to quick time. Url to stream changes everytime (of course).

description: Notes about reversing EyeTV
started: 2011-09-26

hacker: turmio

CategoryProjekti