External Understanding: Dissecting APIs inside of IoT devices (Part2)

June 9, 2023


If you have not read Part 1, it is highly suggested that you do so. This article is the second part and continuation of the article `External Understanding: Dissecting APIs inside of IoT devices (Part1)`. For those who have already read that and are here for part 2, let me give you a brief breakdown of where we left off and where we are going. Part 1 of the article gave you a base introduction to our target, objective, and security research and even got into talking about various protocols, control systems, formats, and even data that Apple TV devices send. We finally ended the article talking about DAAP and how DAAP looks over the network and even doing some cool little Google tricks here and there to give us some base documentation! In this part of the article, we will talk about DAAP as a whole, then talk about different protocols used by Apple such as AirPlay and AirTunes. Finally, we’ll go onto how we can better understand the file formats that are given as responses from specific paths visited on these servers running these specific protocols. We will end up dissecting those files manually using specific tools on Linux to better output the format of the files and then write a program in golang to help us download these files and detect specific codes within the servers, basically converting them to English instead of `mstterrr@#$&@#^` as some files will output.



Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.