文章结构: 按照逆向过程中的可疑类作为单元
VoiceIflytekCallBackBean
包路径: com.tanma.unirun.ui.activity.running.iflytek.VoiceIflytekCallBackBean
来自: SearchOneFeature类中的doSearchOneFeature()方法中创建了该类的实例
作用: 声纹相关抓包中看, 这个类的数据域与body的message字段
SearchOneFeature
包路径: com.tanma.unirun.ui.activity.running.iflytek.SearchOneFeature
来自: VocalVerifyPresenterImpl.resolveStopRecord.4.callback.1.onSuccess.1
作用:
方法
doSearchOneFeature()
根据名字是发送一个请求报文, 来查询什么东西
public static VoiceIflytekCallBackBean doSearchOneFeature(String requestUrl, String APPID, String apiSecret, String apiKey, String AUDIO_PATH) {
int myCode;
SearchOneFeature searchOneFeature0 = new SearchOneFeature(requestUrl, APPID, apiSecret, apiKey, AUDIO_PATH);
VoiceIflytekCallBackBean myBean = new VoiceIflytekCallBackBean();
try {
String s5 = searchOneFeature0.doRequest();
System.out.println("resp=>" + s5);
JsonParse myJsonParse = (JsonParse)SearchOneFeature.json.fromJson(s5, JsonParse.class);
if(myJsonParse != null && myJsonParse.header != null) {
myCode = myJsonParse.header.code;
myBean.setSid(myJsonParse.header.sid);
myBean.setMessage(myJsonParse.header.message);
}
else {
myCode = 0xFFFFFCF7;
myBean.setSid("sid:myJsonParseOrheader is NULL");
myBean.setMessage("message : myJsonParseOrheader is NULL");
}
myBean.setCode(myCode);
if(myCode == 0xFFFFFCF7) {
myBean.setScore(0.0f);
return myBean;
}
if(myCode == 0) {
JSONObject jSONObject0 = JSON.parseObject(new String(Base64.getDecoder().decode(myJsonParse.payload.searchScoreFeaRes.text), "UTF-8"));
if(jSONObject0 != null) {
myBean.setScore(((VoiceIflytekInfoBean)JSON.parseObject(jSONObject0.toJSONString(), VoiceIflytekInfoBean.class)).getScore());
}
System.out.println("text字段Base64解码后=>" + jSONObject0);
return myBean;
}
myBean.setScore(0.0f);
}
catch(Exception e) {
e.printStackTrace();
myBean.setCode(0xFFFFFCF7);
myBean.setScore(0.0f);
myBean.setSid("sid:Exception");
myBean.setMessage("message : Exception=" + e.getMessage());
}
return myBean;
}
- 创建了一个本身类的对象
searchOneFeature0, 创建了一个CallBackBean对象(其中的数据域与发送报文的字段一样) - 调用了
searchOneFeature0的doRequest()方法
doRequest()
使用了java的http连接
public String doRequest() throws Exception {
HttpURLConnection httpURLConnection = (HttpURLConnection)new URL(this.buildRequetUrl()).openConnection();
httpURLConnection.setDoInput(true);
httpURLConnection.setDoOutput(true);
httpURLConnection.setRequestMethod("POST");
httpURLConnection.setRequestProperty("Content-type", "application/json");
OutputStream outputStream0 = httpURLConnection.getOutputStream();
String s = this.buildParam();
System.out.println("params=>" + s);
outputStream0.write(s.getBytes());
outputStream0.flush();
try {
return this.readAllBytes(httpURLConnection.getInputStream());
}
catch(Exception e) {
return this.readAllBytes(httpURLConnection.getErrorStream());
}
}
buildRequetUrl()
加密更改url的参数
buildParam()
简单生成符合格式的字符串
VocalVerifyPresenterImpl
包路径: com.tanma.unirun.ui.activity.vocalverify.VocalVerifyPresenterImpl
来自: VocalVerifyPresenterImpl.resolveStopRecord.4.callback.1.onSuccess.1就是该类的一个回调
作用: 用于管理声纹识别的UI
内部类
里面有一些字符串常量有用
public static final class Companion {
private Companion() {
}
public Companion(DefaultConstructorMarker $constructor_marker) {
}
public final String getAPPID() {
return "3607f345";
}
public final String getApiKey() {
return "68e1b1d4883b468e3e4a718e660bbc48";
}
public final String getApiSecret() {
return "ZTk3Mjg4MWM4ZTVhYzJjZWNhMmFiZTE1";
}
public final String getRequestUrl() {
return "https://api.xf-yun.com/v1/private/s782b4996";
}
}
VocalVerifyPresenterImpl.resolveStopRecord.4.callback.1.onSuccess.1
包路径: com.tanma.unirun.ui.activity.vocalverify.VocalVerifyPresenterImpl.resolveStopRecord.4.callback.1.onSuccess.1
来自: RunVocalStatusLogBean的交叉引用
作用: VocalVerifyPresenterImpl类中的一个回调(根据名字可知), 同时是成功时的回调(根据名字可知)
方法
该类继承了Runnable, 最重要的就是run()方法
run() (关键函数)
具体分析见注释
public final void run() {
String s = this.$convertedFile.getPath();
VocalVerifyPresenterImpl.this.setFilePath(s);
VoiceIflytekCallBackBean voiceIflytekCallBackBean0 = SearchOneFeature.doSearchOneFeature("https://api.xf-yun.com/v1/private/s782b4996", "3607f345", "ZTk3Mjg4MWM4ZTVhYzJjZWNhMmFiZTE1", "68e1b1d4883b468e3e4a718e660bbc48", VocalVerifyPresenterImpl.this.getFilePath());
if(voiceIflytekCallBackBean0 != null) {
if(voiceIflytekCallBackBean0.getCode() == 0) {
float standard = 0.6f; // 应该是相似度标准
Float float0 = (Float)new PreUtil("sp_name_user").getValue("sp_user_recognittion_score", Reflection.getOrCreateKotlinClass(Float.TYPE), Float.valueOf(0.6f));
if(float0 != null) {
standard = (float)float0;
}
Log.i("VocalVerifyPresenterImp", "---> Score=" + standard + ",score=" + voiceIflytekCallBackBean0.getScore());
if(voiceIflytekCallBackBean0.getScore() >= standard) { // 如果声音识别大于standard
VocalVerifyPresenterImpl.this.getContext().runOnUiThread(((Runnable)new Runnable() { // 运行在主线程
@Override
public final void run() {
Toast toast0 = Toast.makeText(((Context)VocalVerifyPresenterImpl.this.getContext()), "验证通过", 0);
toast0.show(); // 显式通过的Toast
Intrinsics.checkExpressionValueIsNotNull(toast0, "Toast\n .makeText(… show()\n }");
Logger.e("验证通过", new Object[0]);
ProgressLoadingDialog progressLoadingDialog0 = VocalVerifyPresenterImpl.this.mWaitDialog;
if(progressLoadingDialog0 != null) {
progressLoadingDialog0.dissmissDialog();
}
new PreUtil("rundata").setValue("sp_run_vocalverify_status", "1"); // 设置了sp_run_vocalverify_status的值为1
View view0 = ((Activity)VocalVerifyPresenterImpl.this.getContext()).findViewById(0x1020002);
View view1 = null;
if(!(view0 instanceof ViewGroup)) {
view0 = null;
}
ViewGroup viewGroup0 = (ViewGroup)view0;
if(viewGroup0 != null) {
view1 = viewGroup0.getChildAt(0);
}
if(view1 != null) {
view1.postDelayed(((Runnable)new Runnable() {
@Override
public final void run() {
((ImageView)((FragmentActivity)VocalVerifyPresenterImpl.this.getContext()).findViewById(id.iv_hold)).setImageResource(0x7F080188);
VocalVerifyPresenterImpl.this.getContext().setResult(-1);
VocalVerifyPresenterImpl.this.getContext().finish();
}
}), 1000L);
return;
}
}
}));
}
else {
VocalVerifyPresenterImpl.this.getContext().runOnUiThread(((Runnable)new Runnable() {
@Override
public final void run() {
ProgressLoadingDialog progressLoadingDialog0 = VocalVerifyPresenterImpl.this.mWaitDialog;
if(progressLoadingDialog0 != null) {
progressLoadingDialog0.dissmissDialog();
}
new PreUtil("rundata").setValue("sp_run_vocalverify_status", "2");
Logger.e("验证失败,分数太低", new Object[0]);
Toast toast0 = Toast.makeText(((Context)VocalVerifyPresenterImpl.this.getContext()), "认证失败,请重新念出数字", 0);
toast0.show();
Intrinsics.checkExpressionValueIsNotNull(toast0, "Toast\n .makeText(… show()\n }");
}
}));
}
}
else {
VocalVerifyPresenterImpl.this.getContext().runOnUiThread(((Runnable)new Runnable() {
@Override
public final void run() {
ProgressLoadingDialog progressLoadingDialog0 = VocalVerifyPresenterImpl.this.mWaitDialog;
if(progressLoadingDialog0 != null) {
progressLoadingDialog0.dissmissDialog();
}
new PreUtil("rundata").setValue("sp_run_vocalverify_status", "2");
Logger.e("验证失败", new Object[0]);
Toast toast0 = Toast.makeText(((Context)VocalVerifyPresenterImpl.this.getContext()), "认证失败,请重新念出数字", 0);
toast0.show();
Intrinsics.checkExpressionValueIsNotNull(toast0, "Toast\n .makeText(… show()\n }");
}
}));
}
RunVocalStatusLogBean mlogBean = new RunVocalStatusLogBean(null, null, 3, null);
if(TextUtils.isEmpty(((CharSequence)voiceIflytekCallBackBean0.getSid()))) {
mlogBean.setCheckCode(Integer.valueOf(0xFFFFFCF7));
mlogBean.setMessge("defult message,isAndroid");
}
else {
mlogBean.setCheckCode(Integer.valueOf(voiceIflytekCallBackBean0.getCode()));
mlogBean.setMessge("Sid=" + voiceIflytekCallBackBean0.getSid() + ",Score=" + voiceIflytekCallBackBean0.getScore() + ",Message=" + voiceIflytekCallBackBean0.getMessage() + ",myGroupId=" + GroupIdUtil.myGroupId + ",isAndroid");
}
VocalVerifyPresenterImpl.this.getModelImpl().studentRunVocalStatusLog(mlogBean);
}
}
RunVocalStatusLogBean
包路径: com.tanma.unirun.entities.RunVocalStatusLogBean
来自: 抓了Unirun的包, 然后声纹识别的包的body里面有一个"checkCode"字段, 通过字符串查找找到了该类
作用: 声纹验证的body
RunVocalStatusLogBean
设置Activity
里面有getVocalReset()方法
public final void getVocalReset() {
User user0 = UnirunApplication.Companion.instance().getUser();
ApiClient.Companion.getInstance().getVocalVerifyApi().getVocalReset((user0 == null ? 0 : user0.getUserId())).compose(((ObservableTransformer)this.bindToLifecycle())).compose(ResponseTransformer.Companion.handleResult()).compose(SchedulerProvider.Companion.getInstance().applySchedulers()).subscribe(((Consumer)new SettingsActivity.getVocalReset.1(this)), ((Consumer)new SettingsActivity.getVocalReset.2(this)));
}
private final void getVocalStatus() {
User user0 = UnirunApplication.Companion.instance().getUser();
ApiClient.Companion.getInstance().getVocalVerifyApi().getVocalStatus((user0 == null ? ((int)0) : ((int)user0.getUserId()))).compose(((ObservableTransformer)this.bindToLifecycle())).compose(ResponseTransformer.Companion.handleResult()).compose(SchedulerProvider.Companion.getInstance().applySchedulers()).subscribe(((Consumer)new SettingsActivity.getVocalStatus.1(this)), ((Consumer)new SettingsActivity.getVocalStatus.2(this)));
}