External Understanding: Dissecting APIs inside of IoT devices (Part2)

May 23, 2023

Introduction

If you have not read Part 1, it is highly suggested that you do so. This article is the second part and continuation of the article `External Understanding: Dissecting APIs inside of IoT devices (Part1)`. For those who have already read that and are here for part 2, let me give you a brief breakdown of where we left off and where we are going. Part 1 of the article gave you a base introduction to our target, objective, and security research and even got into talking about various protocols, control systems, formats, and even data that Apple TV devices send. We finally ended the article talking about DAAP and how DAAP looks over the network and even doing some cool little Google tricks here and there to give us some base documentation! In this part of the article, we will talk about DAAP as a whole, then talk about different protocols used by Apple such as AirPlay and AirTunes. Finally, we’ll go onto how we can better understand the file formats that are given as responses from specific paths visited on these servers running these specific protocols. We will end up dissecting those files manually using specific tools on Linux to better output the format of the files and then write a program in golang to help us download these files and detect specific codes within the servers, basically converting them to English instead of `mstterrr@#$&@#^` as some files will output.

 

....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023