[formerly] Baidu bus offline data format Analysis--2. Click the download process from the interface

First find the offline download interface (Activity), using Apktool APK package decode (refer to the official documentation for Apktool use method). This decode generates a source file that is. smali format, where you can also use other tools (such as Dex2jar+java Decompiler or Procyon) to directly output a more readable Java file. However, because of the Java anti-compilation more or less there are some problems, especially for inner class (Delvik in the synthetic method) support is not good, I directly use Smali. As you can see, the code is simply confused.

1. Find the appropriate layout below res/layout, you can see that these files are not confused, can be easily found by name: Offlinedata_manage_layout.xml.

2. Search for "offlinedata_manage_layout" in Res/values/public.xml to find the corresponding value 0x7f030024.

3. Search the code for this integer, 0x7f030024, and the corresponding 10 binary value 2130903076, to find Com.baidu.bus.activity.OfflineDataManageActivity, in the OnCreate method (omit part of the code):

# Virtual Methods.method protected onCreate (landroid/os/bundle;) V    const V0, 0x7f030024    invoke-virtual {p0, v0} , Lcom/baidu/bus/activity/offlinedatamanageactivity;->setcontentview (I) V

4. From 1, only one expandablelistview,id in this layout is expandlistview_all_cities, the corresponding value is 0x7f06009f, Find the place to use this value in Offlinedatamanageactivity:

Const V0, 0x7f06009finvoke-virtual {p0, v0}, Lcom/baidu/bus/activity/offlinedatamanageactivity;->findviewbyid (I) Landroid/view/view;move-result-object v0check-cast V0, Landroid/widget/expandablelistview;iput-object v0, P0, Lcom/ baidu/bus/activity/offlinedatamanageactivity;->z:landroid/widget/expandablelistview;

This code is looking for a View with ID 0x7f06009f, converted to the Expandablelistview type, and assigned to the THIS.Z member, similar to:

This . z = (expandablelistview) Findviewbyid (0x7f06009f);

Then notice the invocation of Z.setadapter ():

Iget-object V0, P0, lcom/baidu/bus/activity/offlinedatamanageactivity;->z:landroid/widget/expandablelistview; Iget-object v1, P0, lcom/baidu/bus/activity/offlinedatamanageactivity;->y:lcom/baidu/bus/activity/ck; invoke-virtual {v0, v1}, Landroid/widget/expandablelistview;->setadapter (Landroid/widget/expandablelistadapter ;) V

This code translates:

this. Z.setadapter (this. y);

Also know that the type of y is com.baidu.bus.activity.ck, so find this file.

5. The first two lines in Com/baidu/bus/activity/ck.smali can be seen:

. class final Lcom/baidu/bus/activity/ck;. Super Landroid/widget/baseexpandablelistadapter;

This class is derived from Baseexpandablelistadapter, so we can conclude that this is the class we are looking for. In Getchildview ():

Iget-object v1, P0, lcom/baidu/bus/activity/ck;->a:lcom/baidu/bus/activity/offlinedatamanageactivity; invoke-static {v1}, Lcom/baidu/bus/activity/offlinedatamanageactivity;->d (lcom/baidu/bus/activity/ Offlinedatamanageactivity, Landroid/view/layoutinflater;move-result-object v1const v2, 0X7F030020CONST/4 v3, 0x0invoke-virtual {v1, v2, v3}, Landroid/view/layoutinflater;->inflate (Ilandroid/view/viewgroup;) Landroid/view/ View;

This code is called Offlinedatamanageactivity a static method D () Gets an instance of Layoutinflater, and then calls inflate to find the layout with ID 0x7f030020, in Res/value Find this ID in S/public.xml and find it is offlinedata_manage_city_item. After doing a series of actions (mainly creating a com.baidu.bus.activity.cf and assigning each control on the Offlinedata_manage_city_item to the member of CF), the following method is called:

invoke-virtual {v1, v2, v3}, Landroid/view/layoutinflater;->inflate (Ilandroid/view/viewgroup;) Landroid/view/ View;move-result-object p4...iget-object v2, P0, lcom/baidu/bus/activity/ck;->a:lcom/baidu/bus/activity/ offlinedatamanageactivity;invoke-static {v2, V0, P4}, Lcom/baidu/bus/activity/offlinedatamanageactivity;->a ( lcom/baidu/bus/activity/offlinedatamanageactivity; lcom/baidu/bus/b/a; Landroid/view/view;) Z

In Offlinedatamanageractivity, the corresponding a method is a synthetic:

. method static synthetic A (lcom/baidu/bus/activity/offlinedatamanageactivity; lcom/baidu/bus/b/a; Landroid/view/view;) Z    . Locals 1    const/4 v0, 0x1    invoke-direct {p0, p1, p2, v0}, lcom/baidu/bus/activity/ Offlinedatamanageactivity;->a (lcom/baidu/bus/b/a; Landroid/view/view; Z) z    move-result v0    return V0.end method

After this code is translated:

Static Boolean Synthetic A (offlinedatamanageactivity activity, COM.BAIDU.BUS.B.A Parama, view view) {    return true );}

As you can see, the A () method called is private:

. Method private A (lcom/baidu/bus/b/a; Landroid/view/view; Z) z

In this method, find this code:

Const V6, 0x7f060094invoke-virtual {p2, v6}, Landroid/view/view;->findviewbyid (I) Landroid/view/view; Move-result-object v6check-cast V6, Landroid/widget/framelayout;......new-instance V0, Lcom/baidu/bus/activity/ca; Invoke-direct {v0, p0}, Lcom/baidu/bus/activity/ca;-><init> (lcom/baidu/bus/activity/ offlinedatamanageactivity;) vinvoke-virtual {V6, V0}, Landroid/widget/framelayout;->setonclicklistener (Landroid /view/view$onclicklistener;) V

This is how this code is translated:

Framelayout frame = (framelayout) View.findviewbyid (0x7f060094); Frame.setonclicklistener (new CA ( this));

As you can see in the Res/values/public.xml, the 0x7f060094 corresponding ID is fl_op, which in Res/layout/offlinedata_manage_city_item.xml, this Framelayout has 3 ImageView, the corresponding graphs are:

Start_download

Stop_download

Continue_download

6. Next analyze the Com.baidu.bus.activity.ca class, which you can see in the first few lines:

. class final Lcom/baidu/bus/activity/ca;. Super Ljava/lang/object;. Implements Landroid/view/view$onclicklistener;

This class implements the View.onclicklistener interface, which is followed by what is done in the OnClick () method. Found it

invoke-virtual {P1}, Landroid/view/view;->gettag () Ljava/lang/object;move-result-object v0...iget v2, V0, Lcom/ Baidu/bus/b/a;->f:ipacked-switch v2,:p switch_data_0

A switch appears here to view the TABLE-PSWITCH_DATA_0:

:p switch_data_0.packed-switch 0x0    :p switch_0    :p switch_1    :p switch_2    :p switch_3    :p switch_0. End Packed-switch

There are only 4 possibilities, 0-3. The code for PSWITCH_0 is this:

:p switch_0return-void

It appears to be an illegal value, so default will be executed here as well. Looking at the branches of 1-3 again, you can see that both 2 and 3 call the Com.baidu.bus.i.f->a (applicationcontext, message, 0) method. 2 of Calls:

Const-string v3, "\u505c\u6b62\u4e0b\u8f7d" CONST/4 v4, 0x0invoke-static {v2, v3, v4}, Lcom/baidu/bus/i/f;->a ( Landroid/content/context; Ljava/lang/charsequence;i) V

3 of Calls:

Const-string v3, "\u7ee7\u7eed\u4e0b\u8f7d" CONST/4 v4, 0x0invoke-static {v2, v3, v4}, Lcom/baidu/bus/i/f;->a ( Landroid/content/context; Ljava/lang/charsequence;i) V

Look at the two strings "Stop download" and "continue downloading", then speculate that 1 should be "Start download". The 1-3 feature is temporarily so guessing. Then look at the function of the branch call of 1:

:p switch_1iget-object v2, P0, lcom/baidu/bus/activity/ca;->a:lcom/baidu/bus/activity/offlinedatamanageactivity ; invoke-static {v2, V0, V6, V7, v1}, Lcom/baidu/bus/activity/offlinedatamanageactivity;->a (lcom/baidu/bus/ activity/offlinedatamanageactivity; lcom/baidu/bus/b/a; LCOM/BAIDU/BUS/ACTIVITY/CL; LCOM/BAIDU/BUS/ACTIVITY/CL; LCOM/BAIDU/BUS/ACTIVITY/CL;) V

The translation is:

OFFLINEDATAMANAGEACTIVITY.A (this. A, View.gettag (), Cl_1, cl_2, cl_3);

Notice that there are 3 CL class objects in the following as parameters, from the CL class definition:

Final class cl {  null;   NULL ;   NULL ;   NULL ;   NULL ;}

See, this class corresponds to the downloaded framelayout. The next step is to go back to Offlinedatamanageactivity to see the call's A () method.

7. Find this A () method in offlinedatamanageactivity:

. method static synthetic A (lcom/baidu/bus/activity/offlinedatamanageactivity; lcom/baidu/bus/b/a; LCOM/BAIDU/BUS/ACTIVITY/CL; LCOM/BAIDU/BUS/ACTIVITY/CL; LCOM/BAIDU/BUS/ACTIVITY/CL;) V

Found it also a synthetic. After doing a series of actions, a Com.baidu.bus.base.a object is constructed, Com.baidu.bus.base.a contains a dialog box, and then calls the A () method of the object to construct and display a dialog box:

New-instance V0, Lcom/baidu/bus/base/a;invoke-direct/range {v0: V6}, Lcom/baidu/bus/base/a;-><init> ( Landroid/content/context; ljava/lang/string; ljava/lang/string;iljava/lang/string; ljava/lang/string;) Vnew-instance v1, lcom/baidu/bus/activity/cb;invoke-direct {v1, p0, v0}, lcom/baidu/bus/activity/ Cb;-><init> (lcom/baidu/bus/activity/offlinedatamanageactivity; lcom/baidu/bus/base/a;) vinvoke-virtual {v0, v1}, Lcom/baidu/bus/base/a;->a (Landroid/view/view$onclicklistener ;) lcom/baidu/bus/base/a;invoke-virtual {v0}, Lcom/baidu/bus/base/a;->a () Landroid/app/dialog;

This code translates yes (the translation of the method name is not necessarily right):

Newnew COM.BAIDU.BUS.ACTIVITY.CB (offlinedatamanageactivity.  this, dialog);d Ialog.setbuttononclicklistener (listener);d ialog.show ();

So to see what you've done after clicking OK, check out the Cb.onclick () method.

8. In the OnClick () method in the Com.baidu.bus.activity.cb class, there is the following code:

Iget-object V0, P0, lcom/baidu/bus/activity/cb;->a:lcom/baidu/bus/activity/offlinedatamanageactivity; Iget-object v1, P0, lcom/baidu/bus/activity/cb;->a:lcom/baidu/bus/activity/offlinedatamanageactivity; invoke-static {v1}, Lcom/baidu/bus/activity/offlinedatamanageactivity;->u (lcom/baidu/bus/activity/ offlinedatamanageactivity;) lcom/baidu/bus/b/a;move-result-object v1invoke-static {v0, v1}, Lcom/baidu/bus/activity /offlinedatamanageactivity;->e (lcom/baidu/bus/activity/offlinedatamanageactivity; lcom/baidu/bus/b/a;) V

Translate to Java code:

OFFLINEDATAMANAGEACTIVITY.E (this. A, offlinedatamanageactivity.u (this. a));

9. See what the OFFLINEDATAMANAGEACTIVITY.E () method did, the E () method is as follows:

. method static synthetic E (lcom/baidu/bus/activity/offlinedatamanageactivity; lcom/baidu/bus/b/a;) v.    locals 3    new-instance v0, LCOM/BAIDU/BUS/ACTIVITY/CN;    Invoke-direct {v0, p0}, Lcom/baidu/bus/activity/cn;-><init> (lcom/baidu/bus/activity/ offlinedatamanageactivity;) V    iput-object v0, P0, Lcom/baidu/bus/activity/offlinedatamanageactivity;->g: LCOM/BAIDU/BUS/ACTIVITY/CN;    Iget-object V0, P0, lcom/baidu/bus/activity/offlinedatamanageactivity;->g:lcom/baidu/bus/activity/cn;    CONST/4 v1, 0x1    new-array v1, v1, [lcom/baidu/bus/b/a;    CONST/4 v2, 0x0    aput-object p1, v1, v2    invoke-virtual {v0, v1}, Lcom/baidu/bus/activity/cn;->execute ([Ljava /lang/object;) Landroid/os/asynctask;    Return-void.end method

Translate to Java code:

Static void synthetic E (offlinedatamanageactivity activity, COM.BAIDU.BUS.B.A city) {    new  com.baidu.bus.activity.cn (activity);    Activity. G.execute (new  com.baidu.bus.b.a[] {city});

Com.baidu.bus.activity.cn is a class that inherits from Asynctask, and its Doinbackground () method calls the internal a () method:

Invoke-direct {p0, p1}, Lcom/baidu/bus/activity/cn;->a ([lcom/baidu/bus/b/a;) Ljava/lang/boolean;

In the A () method, first create a intent and then call StartService () for background download:

New-instance V0, Landroid/content/intent;invoke-direct {v0}, landroid/content/intent;-><init> () Viget-object v1, P0, lcom/baidu/bus/activity/cn;->a:lcom/baidu/bus/activity/offlinedatamanageactivity; invoke-virtual {v1}, Lcom/baidu/bus/activity/offlinedatamanageactivity;->getapplicationcontext () Landroid/ Content/context;move-result-object V1const-class v3, lcom/baidu/bus/service/updateservice;invoke-virtual {v0, v1, v3 }, Landroid/content/intent;->setclass (Landroid/content/context; Ljava/lang/class;) landroid/content/intent;

The code translated into Java code is:

New Intent (); Intent.setclass (this. A.getapplicationcontext (), Updateservice. class);

This intent called two times PutExtra ():

Intent.putextra ("Checktype", "Checksingleupdatedownload"); Intent.putextra ("Downloadrecord", Downloadrecord);

The definition of the Downloadrecord class used here is:

 Public classDownloadrecordImplementsSerializable { PublicString MD5;  PublicString Cityid;  PublicString CityName;  PublicString description;  PublicString Downloadpath;  Public intengineversion;  Public intID;  PublicString LocalPath;  Public Longsize;  Public Longversion;}

The content of the specific instance is obtained through the H object in the COM.BAIDU.BUS.B.A class:

 Public Final classa { Public intA;  PublicString B;  PublicString C;  Public intD =-1;  Public LongE = -1l;  Public intF = 0;  Public intg =-1;  PublicDataupdateinfo h =NULL;}

10. After the StartService () call, enter into Com.baidu.bus.service.UpdateService, which inherits the service class of Android, and the code that observes it can also see that, after receiving the command, constructs a The Futuretask object to perform the download task.

At this point, you have seen the general flow from the interface to the download, but have not yet seen how the downloaded links are generated. The next task is to review the process to find the download link.

[formerly] Baidu bus offline data format Analysis--2. Click the download process from the interface