现象

偶然发现，快手APP上滑动到广告后，广告还没有开始播放就自动跳转到广告的页面了，我这里是跳转到快应用了，附件里是当时录的视频。

这玩意是怎么实现的？是快手的bug吗？还是故意留的后门

反解了一下代码看到有处理scheme的代码

例如：kwai://action/bringToFront，调起快手，用下面的命令确实能实现。

1	`adb shell am start` `-a android.intent.action.VIEW` `-d kwai://action/bringToFront`

但是具体怎么调起快应用的，没有分析的到，哪位大神帮忙一起分析分析？

public class KRouterMetaConfig
{
  public static void init()
  {
    if (PatchProxy.applyVoid(null, null, KRouterMetaConfig.class, "1")) {
      return;
    }
    c.d(new d("live/authenticate.*", "com.kuaishou.live.external.authenticate.LiveAuthenticateUriRouterHandler", new ArrayList(), new LiveAuthenticateUriRouterHandler(), ""));
    c.d(new d("chat/group/userProfileGroupList", "com.yxcorp.gifshow.message.host.router.StickGroupUriHandler", new ArrayList(), new StickGroupUriHandler(), ""));
    c.d(new d("article/.*", "com.yxcorp.gifshow.detail.DetailUriRouterHandler", new ArrayList(), new DetailUriRouterHandler(), ""));
    c.d(new d("retain/.*", "com.yxcorp.gifshow.growth.shortcut.UninstallToStayActivity", new ArrayList(), null, ""));
    c.d(new d("recordalbum/.*", "com.yxcorp.gifshow.camera.record.album.RecordAlbumActivity", new ArrayList(), null, ""));
    c.d(new d("newsslide/.*", "com.yxcorp.gifshow.reminder.news.NewsSlidePlayUriHandler", new ArrayList(), new NewsSlidePlayUriHandler(), ""));
    c.d(new d("friends/.*", "com.yxcorp.gifshow.reminder.friend.FriendsHandler", new ArrayList(), new FriendsHandler(), ""));
    c.d(new d("live_tablet/play/.*", "com.kuaishou.live.core.basic.activity.LivePlayActivityTablet", new ArrayList(), null, ""));
    c.d(new d("user/realNameAuthentication", "com.yxcorp.gifshow.message.host.router.RealNameUriHandler", new ArrayList(), new RealNameUriHandler(), ""));
    c.d(new d("neo/.*", "com.yxcorp.gifshow.ad.award.scheme.NeoUriHandler", new ArrayList(), new NeoUriHandler(), ""));
    c.d(new d("action/bringToFront.*", "com.yxcorp.gifshow.BringToFrontHandler", new ArrayList(), new BringToFrontHandler(), ""));
    c.d(new d("sharemedia/.*", "com.kwai.feature.post.api.thirdparty.ThirdPartyKRouterUriHandler", new ArrayList(), new ThirdPartyKRouterUriHandler(), ""));
    c.d(new d("rank/.*", "com.yxcorp.gifshow.billboard.KwaiRankActivity", new ArrayList(), null, ""));
    c.d(new d("home/.*", "com.yxcorp.gifshow.HomeHandler", new ArrayList(), new HomeHandler(), ""));
    c.d(new d("bind/phone.*", "com.yxcorp.login.bind.BindPhoneControllerActivity", new ArrayList(), null, ""));
    c.d(new d("adwebview/.*", "com.yxcorp.gifshow.ad.webview.AdYodaActivity", new ArrayList(), null, ""));
    c.d(new d("moment/detail.*", "com.yxcorp.gifshow.moment.detail.MomentDetailHandler", new ArrayList(), null, "moment"));
    c.d(new d("featured/.*", "com.yxcorp.gifshow.FeaturedHandler", new ArrayList(), new FeaturedHandler(), ""));
    c.d(new d("pushCoin/.*", "com.yxcorp.gifshow.growth.push.coin.PushCoinUriHandler", new ArrayList(), new PushCoinUriHandler(), ""));
    c.d(new d("search/.*", "com.yxcorp.plugin.search.SearchUriRouterHandler", new ArrayList(), new SearchUriRouterHandler(), ""));
    c.d(new d("kwainative://user/realNameAuthentication", "com.yxcorp.gifshow.message.host.router.NativeRealNameUriHandler", new ArrayList(), new NativeRealNameUriHandler(), ""));
    c.d(new d("relation/follow", "com.yxcorp.gifshow.relation.util.KwaiRelationFollowHandler", new ArrayList(), new KwaiRelationFollowHandler(), ""));
    c.d(new d("addetail/.*", "com.yxcorp.gifshow.ad.detail.router.AdDetailUriHandler", new ArrayList(), new AdDetailUriHandler(), ""));
    c.d(new d("profile_table/.*", "com.yxcorp.gifshow.profile.activity.UserProfileActivityTablet", new ArrayList(), null, ""));
    c.d(new d("kwainative://message/*", "com.yxcorp.gifshow.message.host.router.MessageUriHandler", new ArrayList(), new MessageUriHandler(), ""));
    c.d(new d("work_tablet/.*", "com.yxcorp.gifshow.detail.PhotoDetailActivityTablet", new ArrayList(), null, ""));
    c.d(new d("merchantdetail/.*", "com.kuaishou.merchant.router.support.PreloaderUriHandler", new ArrayList(), new PreloaderUriHandler(), ""));
    c.d(new d("tube/.*", "com.yxcorp.gifshow.tube.TubeRouterActivity", new ArrayList(), null, "tube_plugin"));
    c.d(new d("work/.*", "com.yxcorp.gifshow.detail.PhotoDetailActivity", new ArrayList(), null, ""));
    c.d(new d("live/play/.*", "com.kuaishou.live.core.basic.activity.LivePlayActivity", new ArrayList(), null, ""));
    c.d(new d("kwaimerchant://*", "com.kuaishou.merchant.router.support.krouter.KRouterMerchantAnnotation$KwaiMerchantSchemeUriHandler", new ArrayList(), new KRouterMerchantAnnotation.KwaiMerchantSchemeUriHandler(), ""));
    c.d(new d("profile/.*", "com.yxcorp.gifshow.profile.activity.UserProfileActivity", new ArrayList(), null, ""));
    c.d(new d("adcommonweb/.*", "com.yxcorp.gifshow.ad.detail.router.AdCommonWebUriHandler", new ArrayList(), new AdCommonWebUriHandler(), ""));
    c.d(new d("imMessage/rtc/*", "com.yxcorp.gifshow.message.host.router.rtc.IMRTCUriHandler", new ArrayList(), new IMRTCUriHandler(), ""));
    c.d(new d("moment/momentDetail", "com.yxcorp.gifshow.moment.detail.MomentDetailHandlerV2", new ArrayList(), null, "moment"));
    c.d(new d("merchant/.*", "com.kuaishou.merchant.router.support.krouter.KRouterMerchantAnnotation$KwaiSchemeMerchantUriHandler", new ArrayList(), new KRouterMerchantAnnotation.KwaiSchemeMerchantUriHandler(), ""));
    c.c("locallife/half", new b("locallife/half", "com.kuaishou.tuna.plc.dynamic_container.router.LocalLifeHalfContainerRouterHandler", new ArrayList(), new LocalLifeHalfContainerRouterHandler(), ""));
    c.c("adtkpage", new b("adtkpage", "com.yxcorp.gifshow.ad.tachikoma.page.AdtkUriHandler", new ArrayList(), new AdtkUriHandler(), ""));
    c.c("merchant/selfdetail", new b("merchant/selfdetail", "com.kuaishou.merchant.router.support.PreloaderUriHandler", new ArrayList(), new PreloaderUriHandler(), ""));
    c.c("merchant/halfselfdetail", new b("merchant/halfselfdetail", "com.kuaishou.merchant.router.support.PreloaderUriHandler", new ArrayList(), new PreloaderUriHandler(), ""));
    c.c("merchant/detailv2", new b("merchant/detailv2", "com.kuaishou.merchant.router.support.PreloaderUriHandler", new ArrayList(), new PreloaderUriHandler(), ""));
    c.c("merchantinterpretation", new b("merchantinterpretation", "com.kuaishou.merchant.router.support.PreloaderUriHandler", new ArrayList(), new PreloaderUriHandler(), ""));
    c.c("pendant/link", new b("pendant/link", "com.kuaishou.growth.pendant.activity.tools.PendantUriHandler", new ArrayList(), new PendantUriHandler(), ""));
    c.c("setting/live", new b("setting/live", "com.kuaishou.live.external.LiveSettingsActivity", new ArrayList(), null, ""));
    c.c("bind_rubas_ds", new b("bind_rubas_ds", "com.yxcorp.gifshow.social_arch.debug.OpenRubasDebugUriHandler", new ArrayList(), new OpenRubasDebugUriHandler(), ""));
    c.c("notice/noticeBoxDetail", new b("notice/noticeBoxDetail", "com.yxcorp.gifshow.notice.box.detail.NoticeBoxDetailActivity", new ArrayList(), null, ""));
    c.c("profilesetting", new b("profilesetting", "com.yxcorp.gifshow.profile.ProfileEditUriHandler", new ArrayList(), new ProfileEditUriHandler(), ""));
    c.c("userinfodetailedit/editIntroduction", new b("userinfodetailedit/editIntroduction", "com.yxcorp.gifshow.profile.ProfileEditUriHandler", new ArrayList(), new ProfileEditUriHandler(), ""));
    c.c("school/select", new b("school/select", "com.yxcorp.gifshow.profile.ProfileEditUriHandler", new ArrayList(), new ProfileEditUriHandler(), ""));
    c.c("pushCoin", new b("pushCoin", "com.yxcorp.gifshow.growth.push.coin.PushCoinUriHandler", new ArrayList(), new PushCoinUriHandler(), ""));
    c.c("merchantdetailstorecontainer", new b("merchantdetailstorecontainer", "com.kuaishou.merchant.store.router.MerchantStoreContainerRouterHandler", new ArrayList(), new MerchantStoreContainerRouterHandler(), ""));
    c.c("intimateRelation/invitation", new b("intimateRelation/invitation", "com.yxcorp.gifshow.relation.intimate.helper.IntimateRouterHandler", new ArrayList(), new IntimateRouterHandler(), ""));
    c.c("intimate_friend/dialog", new b("intimate_friend/dialog", "com.yxcorp.gifshow.relation.intimate.helper.IntimateRouterHandler", new ArrayList(), new IntimateRouterHandler(), ""));
    c.c("openloggerchannel", new b("openloggerchannel", "com.kwai.feature.platform.misc.logger.OpenLoggerChannelUriHandler", new ArrayList(), new OpenLoggerChannelUriHandler(), ""));
    c.c("liveHalfReservation", new b("liveHalfReservation", "com.kuaishou.live.external.subscribe.LiveHalfSubscribeUriRouterHandler", new ArrayList(), new LiveHalfSubscribeUriRouterHandler(), ""));
    c.c("kds/react/bottom_sheet", new b("kds/react/bottom_sheet", "com.kwai.kds.krn.api.page.KwaiKrnBottomSheetUriHandler", new ArrayList(), new KwaiKrnBottomSheetUriHandler(), ""));
    c.c("kds/vue/bottom_sheet", new b("kds/vue/bottom_sheet", "com.kwai.kds.krn.api.page.KwaiKrnBottomSheetUriHandler", new ArrayList(), new KwaiKrnBottomSheetUriHandler(), ""));
    c.c("kwaiPop/link", new b("kwaiPop/link", "com.yxcorp.gifshow.growth.test.KwaiPopUriHandler", new ArrayList(), new KwaiPopUriHandler(), ""));
    c.c("fansGroupList", new b("fansGroupList", "com.kwai.component.fansgroup.fansgrouplist.FansGroupUriHandler", new ArrayList(), new FansGroupUriHandler(), ""));
    c.c("house/openwechatcustomerservice", new b("house/openwechatcustomerservice", "com.kuaishou.house.router.HouseRouterActionSchemeImpl", new ArrayList(), new HouseRouterActionSchemeImpl(), ""));
    c.c("livehotspotdetail", new b("livehotspotdetail", "com.kuaishou.live.core.show.hotspot.LiveHotSpotRouterHandler", new ArrayList(), new LiveHotSpotRouterHandler(), ""));
    c.c("adtkpage/moli", new b("adtkpage/moli", "com.yxcorp.gifshow.ad.tachikoma.page.AdMkUriHandler", new ArrayList(), new AdMkUriHandler(), ""));
    c.c("codcontainer", new b("codcontainer", "com.kuaishou.tuna.plc.dynamic_container.router.PlcCodContainerRouterHandler", new ArrayList(), new PlcCodContainerRouterHandler(), ""));
    c.c("tuna/button", new b("tuna/button", "com.kuaishou.tuna_core.button.TunaButtonRouterHandler", new ArrayList(), new TunaButtonRouterHandler(), ""));
    c.c("liveminiapppagelist", new b("liveminiapppagelist", "com.mini.entrance.MiniLiveRouteHandler", new ArrayList(), new MiniLiveRouteHandler(), ""));
    c.c("mywallet", new b("mywallet", "com.yxcorp.plugin.payment.MyWalletRouterUriHandler", new ArrayList(), new MyWalletRouterUriHandler(), ""));
    c.c("notice/push", new b("notice/push", "com.yxcorp.gifshow.message.notice.push.NoticePushHandler", new ArrayList(), null, "im_plugin"));
    c.c("liveaggregatesquare", new b("liveaggregatesquare", "com.kuaishou.live.core.basic.liveslide.urihandler.LiveSlideUriHandler", new ArrayList(), new LiveSlideUriHandler(), ""));
    c.c("autologin/login", new b("autologin/login", "com.yxcorp.login.userlogin.activity.AutoLoginActivity", new ArrayList(), null, ""));
    c.c("koiPage", new b("koiPage", "com.kwai.component.fansgroup.detail.KoiKrnDetailUriHandler2", new ArrayList(), new KoiKrnDetailUriHandler2(), ""));
    c.c("koiPanelWrapper", new b("koiPanelWrapper", "com.kwai.component.fansgroup.detail.KoiKrnDetailUriHandler2", new ArrayList(), new KoiKrnDetailUriHandler2(), ""));
    c.c("kds/react/dialog", new b("kds/react/dialog", "com.kwai.kds.krn.api.page.KwaiKrnDialogUriHandler", new ArrayList(), new KwaiKrnDialogUriHandler(), ""));
    c.c("kds/vue/dialog", new b("kds/vue/dialog", "com.kwai.kds.krn.api.page.KwaiKrnDialogUriHandler", new ArrayList(), new KwaiKrnDialogUriHandler(), ""));
    c.c("liveReservation", new b("liveReservation", "com.kuaishou.live.external.subscribe.LiveImmediatelySubscribeUriRouterHandler", new ArrayList(), new LiveImmediatelySubscribeUriRouterHandler(), ""));
    c.c("followFansListSettings", new b("followFansListSettings", "com.yxcorp.gifshow.relation.plugin.RelationRouterHandler", new ArrayList(), new RelationRouterHandler(), ""));
    c.c("settings/clear_cache", new b("settings/clear_cache", "com.yxcorp.plugin.setting.cache.activity.ClearCacheActivity", new ArrayList(), null, ""));
    c.c("aduserlogin", new b("aduserlogin", "com.yxcorp.gifshow.ad.detail.router.AdLoginDetectionHandler", new ArrayList(), new AdLoginDetectionHandler(), ""));
  }

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

最后于 2023-6-2 14:26 被mb_uskaehan编辑，原因：

#逆向分析 #协议分析

上传的附件：

normal video.mp4 （1.83MB，29次下载）

收藏・0

点赞・2

打赏

最新回复 (10)
ok_yuwang 雪币： 763 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 5 粉丝 0 关注私信	ok_yuwang 2023-6-1 21:01 2 楼 0 它跳转的是快应用程序，这么恶心的功能，怎么会是bug
bluefish蓝鱼雪币： 9781 活跃值： (6767) 能力值： ( LV5，RANK：70 ) 在线值：发帖 19 回帖 147 粉丝 49 关注私信	bluefish蓝鱼 2023-6-2 00:38 3 楼 0 快应用贼恶心，会自动更新，并且更新后会把之前关闭的跳转重新打开，fxxk发明快应用的sb
GitRoy 雪币： 5350 活跃值： (5354) 能力值： ( LV9，RANK：170 ) 在线值：发帖 23 回帖 145 粉丝 167 关注私信	GitRoy 3 2023-6-2 11:12 4 楼 0 快手跳转快应用的时候没要求确认吗？
mb_uskaehan 雪币： 232 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 6 粉丝 0 关注私信	mb_uskaehan 2023-6-2 14:16 5 楼 0 不用确认，直接滑动就跳了
mb_uskaehan 雪币： 232 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 6 粉丝 0 关注私信	mb_uskaehan 2023-6-2 14:16 6 楼 0 附件里是当时截的视频
mb_wpitiize 雪币： 1844 活跃值： (2566) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 25 粉丝 1 关注私信	mb_wpitiize 2023-6-2 14:45 7 楼 0 什么时候的事情，发一下系统版本和app版本号，是不是开始学某多多了
mb_uskaehan 雪币： 232 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 6 粉丝 0 关注私信	mb_uskaehan 2023-6-2 16:16 8 楼 0 mb_wpitiize 什么时候的事情，发一下系统版本和app版本号，是不是开始学某多多了[em_2] 和系统版本、APP版本没有关系。只要是刷到某个广告就会出来，可能还做了地域或者频率的控制，所以不是必现的。多多搞了什么方式？
mb_uskaehan 雪币： 232 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 6 粉丝 0 关注私信	mb_uskaehan 2023-6-2 16:18 9 楼 0 猜测是曝光之后回调里可能有302跳转，跳转是某个scheme，触发了快手的内部跳转。或者是快手故意留的一个，让广告主提高点击率的
Aimees 雪币： 796 活跃值： (723) 能力值： ( LV3，RANK：30 ) 在线值：发帖 3 回帖 16 粉丝 59 关注私信	Aimees 2023-6-2 18:34 10 楼 0 在广告视频资源加载完成后，302重定向到http://thefatherofsalmon.com/?i=com.xxx.yyy&p=testPages的链接拉起，快手对快应用开发者提供了这种服务实现快应用的直达，当然，快手是要收费的
mb_uskaehan 雪币： 232 能力值： ( LV1，RANK：0 ) 在线值：发帖 1 回帖 6 粉丝 0 关注私信	mb_uskaehan 2023-6-5 10:08 11 楼 0 mb_lxlezgko 在广告视频资源加载完成后，302重定向到http://thefatherofsalmon.com/?i=com.xxx.yyy&p=testPages的链接拉起，快手对快应用开发者提供了这种服 ... http://thefatherofsalmon.com 这个网址是快手的吗？可以详细说说吗？
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复