@Neil,
Googling a bit here noticed a few OpenHAB folks tinkering with it using python scripts.
IE: from the OpenHAB forum see
I just replicated your tests by intercepting the UDP traffic from the phone to the Mini and then sending back the packets from a PC to the Mini. It appears that it is possible to send commands to the Mini, provided that two consecutive commands are not the same packet.
At this point, I'm a little bit concerned about security, though. What happens if I give a command with the App when I'm ouside my LAN and someone sniffs that packet?
After the learning process, that requires some connection with broadlink servers, I will close all inbound and outbound traffic to the MAC/IP address of the Mini.
By the way, I've read in a russian forum that the developer of the android tasker plugin is trying to support the Mini even though he does not know if it will be possible.
Since I don't have wireless card in my PC, I've used tPacketCapture application from playstore (it doesn't require phone to have root access - I'm using it with stock Samsung ROM). It creates VPN connection and captures all traffic from and to cellphone. You just have to be on the same wireless network as RM 3, otherwise, it will communicate with RM 3 over Internet, instead of communicating directly (it's easier to detect packages to local IP than random IP address). Besides that, you should start broadlink application first and start tPacketCapture afterwards. After you finish capturing packets, you should transfer them to PC and open it with wireshark. Then just filter traffic by protocol (UDP) and destination address (IP of the RM 3), and copy whole payload section (right click on payload in the upper half of the Wireshark) as hex stream. Than use that steam in BlackBeanControl.ini.
Other google searches show MFG disclaimers about not reverse engineering the product.
As it is an embedded firmware device there are probably serial pins on it inside where you could JTAG and device and watch the firmware work.
Last time I played around with IR was during the Tivo days before and during the DirecTivo days.
Personally have found the most resources at remote central dot com.