# HME undocumented commands, etc.



## davidblackledge (Sep 9, 2008)

So, I had an idea. Looks like I might have had the idea too late, though.

The idea: mod the Simulator to work when pointed at the TiVo official server apps, run them, and see what the official apps try to command it to do.
This should expose how to make effective use of the StreamResource map, and any new undocumented commands, especially the one that transitions from HME to HTML5/flash.

So... I did it, for the most part. I tried connecting to their secure apps, but after learning more about SSL (more than I wanted) found that they were also requiring the client to have a TiVo certificate. So I copied the code and cert from KMTTG and the connection completed and disconnected immediately. So I changed the client's headers to match a real TiVo better.
Now it sort of works. Depending on the app, it connects and it gets several initial commands (view and resource creation, mainly). Nothing truly works, not even "HME down" which is weird. All of them don't get more than a blank screen except the Xfinity On Demand app which shows the "please wait" image then does nothing else. Nothing is even sending a "transition" command.

So... I probably am missing a few more mods...most likely an expected event that is missing as part of the modern connect sequence. And I know that streams don't report correct status map information from the Simulator. The simulator doesn't even consider there may be a map for StreamResource creation and just skips that data (nothing but "0x80" (I think) that I've seen, which I assume is an empty map)

Just as important, though, is there is almost nothing for me to connect this modified Simulator to. All I've found in TiVoConnect listings so far are:

cardio (cable on demand)
hmedown (just the "maintenance message" app - sometimes only uses http)
Swivel (also Swivel Launch, a separate app)
netflix (this should be a redirect app, so that's useful at least - unless Series 3 have a working netflix HME app. My Series 3 died so I can't test as much any more)
noamazon (I guess just a message like the "rhapsodygone" app they had after that was killed)
survey (just gets a HTTP 503 denial)
various flash apps that just fail if attempted.
So all the interesting stuff to expose interesting commands and arguments might be gone even if I get this fully working.

That said, I did find two interesting things so far.
1: for some reason the Xfinity On Demand app appears to actually actively use the builtin fonts I discovered previously... "font 3" and "font 3 bold." (Simulator just complains about non-existent system resources 13 and 15)
2: Command code 2001: Used repeatedly by the Swivel Search app (perhaps in a loop waiting for a response?).
sent with ID 1, and followed by 32 bytes:

```
0000: 00 00 10 00 00 00 13 8F   00 00 13 8F 00 00 13 90
0010: 00 00 00 0E 00 00 00 03   00 00 00 18 00 00 00 03
```
Anybody have suggestions of how to try and interpret that? I haven't even figured out what that would translate to as a set of integers.

I always said I thought the mysterious Event 10 included information about whether parental controls was enabled because Swivel Search (or was it TiVo Search?) can detect that and won't let you continue if it's engaged. 
Now, instead I suspect this command 2001 is the request for parental control state information. I haven't had the chance to try it out and see the response, and not sure when I'll get to.

Main changes to Simulator code:

I adapted moyekj's KMTTG rpc socket code to create a socket when the URL is https in HTTPClient.connect
I also changed the HTTPClient userAgent to "TmkHttpRequest/1.0"
in SimApp.addHeaders I changed the "tsn" header addition to the real headers of:
 http.addHeader("TiVo_TCD_ID", Simulator.master.getTsn());
 http.addHeader("TiVo_SW_VER","20.3.1");

and in Simulator I had to change the tsn value to something realistic.
Any other modifications were to see the information on the communications.


----------



## davidblackledge (Sep 9, 2008)

davidblackledge said:


> 2: Command code 2001: Used repeatedly by the Swivel Search app (perhaps in a loop waiting for a response?).
> ...
> Now, instead I suspect this command 2001 is the request for parental control state information. I haven't had the chance to try it out and see the response, and not sure when I'll get to.


Umm... yeah, nevermind I forgot that's not how HME works... no command/response architecture. You send a Command, you may or may not later see events that reflect that command in some sense. For the most part, though, you have to remember all the state information you've sent yourself, you don't get to query the device.

So, Event 10 still might be the parental control information, and I have no clue what Swivel Search is desperately trying to tell the TiVo to do with Command 2001. It seems like a pretty basic app in some senses.

I suppose it's just laziness (in a sense) that has prevented me from testing whether Event 10 is a different value if parental controls are active. And that's what may keep me from trying out Command 2001 for a while, too.


----------

