一.初步了解
最近对一款网络电视app进行分析,要求是找到其访问直播源的接口,初次打开apk,先做一个简单的了解,并没有加固等处理,只是对代码做了混淆处理
我们目的是找到其访问直播源的接口,初次打开apk,先做一个简单的了解.手指上下滑动可转换频道,这时根据Android正向开发可以搜索下滑动事件点击,看他到底做了什么处理
二.代码反编译逆向分析.
对apk进行反编译,静态分析定位此处发现在此处已经获取DefaultStreamUrl,打印日志可直接获取当前直播源url,可以说已经是稍有眉目了
.method private X()V
.locals 4
.prologue
.line 1174
sget-object v0, Lcom/dianshijia/newlive/home/logic/h;->a:Lcom/dianshijia/newlive/epg/model/Channel;
if-eqz v0, :cond_0
.line 1175
iget-object v0, p0, Lcom/dianshijia/newlive/home/logic/h;->h:Lcom/dianshijia/newlive/core/utils/t;
const-string v1, "CHANNEL_HASHCODE"
sget-object v2, Lcom/dianshijia/newlive/home/logic/h;->a:Lcom/dianshijia/newlive/epg/model/Channel;
.line 1176
invoke-virtual {v2}, Lcom/dianshijia/newlive/epg/model/Channel;->hashCode()I
move-result v2
.line 1175
invoke-virtual {v0, v1, v2}, Lcom/dianshijia/newlive/core/utils/t;->a(Ljava/lang/String;I)V
.line 1177
iget-object v0, p0, Lcom/dianshijia/newlive/home/logic/h;->h:Lcom/dianshijia/newlive/core/utils/t;
const-string v1, "CHANNEL_ID"
sget-object v2, Lcom/dianshijia/newlive/home/logic/h;->a:Lcom/dianshijia/newlive/epg/model/Channel;
.line 1178
invoke-virtual {v2}, Lcom/dianshijia/newlive/epg/model/Channel;->getId()Ljava/lang/String;
move-result-object v2
.line 1177
invoke-virtual {v0, v1, v2}, Lcom/dianshijia/newlive/core/utils/t;->a(Ljava/lang/String;Ljava/lang/String;)V
.line 1179
iget-object v0, p0, Lcom/dianshijia/newlive/home/logic/h;->h:Lcom/dianshijia/newlive/core/utils/t;
const-string v1, "CHANNEL_NAME"
sget-object v2, Lcom/dianshijia/newlive/home/logic/h;->a:Lcom/dianshijia/newlive/epg/model/Channel;
iget-object v3, p0, Lcom/dianshijia/newlive/home/logic/h;->e:Landroid/content/Context;
.line 1180
invoke-virtual {v2, v3}, Lcom/dianshijia/newlive/epg/model/Channel;->getName(Landroid/content/Context;)Ljava/lang/String;
move-result-object v2
.line 1179
invoke-virtual {v0, v1, v2}, Lcom/dianshijia/newlive/core/utils/t;->a(Ljava/lang/String;Ljava/lang/String;)V
.line 1181
iget-object v0, p0, Lcom/dianshijia/newlive/home/logic/h;->h:Lcom/dianshijia/newlive/core/utils/t;
const-string v1, "last_channel_url"
sget-object v2, Lcom/dianshijia/newlive/home/logic/h;->a:Lcom/dianshijia/newlive/epg/model/Channel;
.line 1182
invoke-virtual {v2}, Lcom/dianshijia/newlive/epg/model/Channel;->getDefaultStreamUrl()Ljava/lang/String;
Lcom/dianshijia/newlive/epg/model/Channel;为封装的直播源信息,那么何时进行封装的呢,我们知道封装实体类,要么通过构造器传递数据,要么set进入数据,以此为突破口继续分析
.method public constructor <init>(Landroid/os/Parcel;)V
.locals 2
.prologue
new-instance v0, Ljava/lang/Exception;
const-string v1, "print trace Channel"
invoke-direct {v0, v1}, Ljava/lang/Exception;-><init>(Ljava/lang/String;)V
invoke-virtual {v0}, Ljava/lang/Exception;->printStackTrace()V
在构造器中打印堆栈,看看有什么收获....
同时对此apk进行抓包分析
GET /api/v1/channels HTTP/1.1
Cache-control: public, max-age=0
Host: api.idianshijia.com
hwBrand: OPPO
cityCode: 610100
routerSsid: %22vqs.com%22
appVerName: 3.0.8
Connection: close
routerMac: 089b4b972fdc
hwModel: R8207
hwDevice: R1C
deviceType: 0
hwHardware: qcom
appVerCode: 309
hwId: null
generation: com.dianshijia.newlive
deviceId: 5456acf1a8154d70cde2bcbfb941da1f
platform: 1
riskId: null
areaCode: 610000
hwImei: 865685028269134
hwMac: A81B5A222B9B
countryCode: CN
ethMac: null
User-Agent: android/client
systemSdkVersion: 19
Accept-Encoding: gzip,deflate
hwSerial: e32824668a84417ba8782425816c59cf
language: zh_CN
uuid: e6766de8186b70e6129c2e7f28d7f7ed
marketChannelName: tvapk
openId: null
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 25 Dec 2017 03:28:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 88
Connection: close
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: Origin,Accept,Content-Type,Authorization
Access-Control-Allow-Origin: *
Location: http://cdn.idianshijia.com/api/channel/groupSimplifiedChinese_217
Expires: Mon, 25 Dec 2017 04:28:20 GMT
Cache-Control: max-age=3600
<a href="http://cdn.idianshijia.com/api/channel/groupSimplifiedChinese_217">Found</a>.
这个非常可疑,将其地址提出http://api.idianshijia.com/api/v1/channels,访问是发现并没有数据,用fillder进行访问
运气不错
三.正向角度分析
public void run(){
HttpURLConnection connection = null;
BufferedInputStream bis = null ;
RandomAccessFile accessFile = null ;
try{
URL url = new URL(url_str);
connection = (HttpURLConnection)url.openConnection();
connection.setConnectTimeout(10000);
connection.setReadTimeout(10000);
fileSize = connection.getContentLength();
对于网络请求无外乎那几种格式,openConnection是一个切入口,进行追踪分析发现http://cdn.idianshijia.com/api/channel/groupSimplifiedChinese_217正是我们所需要的,至此分析完成(本文章仅用作分析思考,切勿非法用途)
