My parents own a set-top box to watch specific television channels. The box is terribly slow. I've contacted the set-top box company and asked if they offer another ways to access their content, they said it isn't possible.
I didn't really believe them, so I connected the box to my laptop and began inspecting traffic packages with Wireshark. Here is what I found:
- The device runs on Android 4.x
- The device traffic is not encrypted
- The device authenticates with its user agent
- An URL with all the channels (streams) listed in JSON format
- I was able to download and decompile an update that the device tried to install
I tried one of the channels in my browser, with the spoofed user agent, and the stream just works.
With the information I've gathered, I created a simple PHP library which generates a M3U file that can be loaded in Kodi.
I've informed the company about my findings and they promised to fix the issue.