前段时间突然和别人讨论到arp检测这块的实现,心血来潮,将腾讯的wifi管家给反编译了一下,看了它如何实现arp检测,下面是分析的结果。
下面是wifi管家检测arp攻击的类,进入的时候会发送一个message,然后执行handleMessage函数
public void handleMessage(Message arg8) {
int v6 = 10001;
boolean v0 = true;
super.handleMessage(arg8);
switch(arg8.what) {
case 10001: {
goto label_7;
}
case 10002: {
goto label_42;
}
}
return;
label_7:
if((bth.a(this.eES)) && (bth.b(this.eES).refresh()) && (bap.a(bth.b(this.eES)))) {
bth.c(this.eES);
if(bth.d(this.eES) == 3) {
bth.e(this.eES);
bth.a(this.eES, 0);
}
bth.b(this.eES).Fu();
try {
v0 = bth.b(this.eES, 10001);
}
catch(Exception v1) {
}
}
if(bth.f(this.eES) == null) {
return;
}
if(!v0) {
return;
}
this.sendEmptyMessageDelayed(v6, bth.g(this.eES));
return;
label_42:
bth.a(this.eES, false);
bth.c(this.eES, 0);
int v2 = 0;
boolean v1_1 = true;
while(v2 != 2) {
try {
if((bth.b(this.eES).refresh()) && (bap.a(bth.b(this.eES)))) {
if(v2 == 0) {
bth.h(this.eES);
}
else {
bth.e(this.eES);
}
bth.b(this.eES).Fu();
v1_1 = bth.b(this.eES, 10002);
if(bth.i(this.eES) != 0) {
break;
}
SystemClock.sleep(700);
}
}
catch(Throwable v2_1) {
break;
}
++v2;
}
if(bth.f(this.eES) != null && (v1_1)) {
this.sendEmptyMessageDelayed(v6, bth.g(this.eES));
}
bth.a(this.eES, true);
}
刚开始执行的时候,runnable的run函数调用handler发送10002,所以label_42是检测的入口函数,bth.h是调用this.Fo函数,首先看一下this.Fo函数:
private void Fo() {
int v1 = this.eGX.Ft();
if(v1 != 0) {
int v0;
for(v0 = 0; v0 != 256; ++v0) {
St