简单的分析了下，大致的过程应该和Java2012之类的版本差不多，传输过程中用的是tea加密，代码在\com\tencent\qphone\base\util文件夹里的b.class里，负责通讯的核心代码无法反编译

代码如下：

// \com\tencent\qphone\base\util\b.class

package com.tencent.qphone.base.util;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.Random;

class b
{
private byte[] a;
private byte[] b;
private byte[] c;
private int d;
private int e;
private int f;
private int g;
private byte[] h;
private boolean i = true;
private int j;
private Random k = new Random();

private static long a(byte[] paramArrayOfByte, int paramInt1, int paramInt2)
{
if (paramInt2 > 8);
long l;
for (int m = paramInt1 + 8; ; m = paramInt1 + paramInt2)
{
l = 0L;
for (int n = paramInt1; n < m; n++)
l = l << 8 | 0xFF & paramArrayOfByte[n];
}
return 0xFFFFFFFF & l | l >>> 32;
}

private void a()
{
this.f = 0;
if (this.f < 8)
{
if (this.i)
{
byte[] arrayOfByte3 = this.a;
int i1 = this.f;
arrayOfByte3[i1] = (byte)(arrayOfByte3[i1] ^ this.b[this.f]);
}
while (true)
{
this.f = (1 + this.f);
break;
byte[] arrayOfByte2 = this.a;
int n = this.f;
arrayOfByte2[n] = (byte)(arrayOfByte2[n] ^ this.c[(this.e + this.f)]);
}
}
System.arraycopy(a(this.a), 0, this.c, this.d, 8);
for (this.f = 0; this.f < 8; this.f = (1 + this.f))
{
byte[] arrayOfByte1 = this.c;
int m = this.d + this.f;
arrayOfByte1[m] = (byte)(arrayOfByte1[m] ^ this.b[this.f]);
}
System.arraycopy(this.a, 0, this.b, 0, 8);
this.e = this.d;
this.d = (8 + this.d);
this.f = 0;
this.i = false;
}

private byte[] a(int paramInt)
{
byte[] arrayOfByte = new byte[paramInt];
this.k.nextBytes(arrayOfByte);
return arrayOfByte;
}

private byte[] a(byte[] paramArrayOfByte)
{
long l3;
long l4;
long l5;
long l6;
long l7;
long l8;
long l9;
int m;
long l10;
try
{
long l1 = a(paramArrayOfByte, 0, 4);
long l2 = a(paramArrayOfByte, 4, 4);
l3 = a(this.h, 0, 4);
l4 = a(this.h, 4, 4);
l5 = a(this.h, 8, 4);
l6 = a(this.h, 12, 4);
l7 = 0x9E3779B9 & 0xFFFFFFFF;
l8 = l1;
l9 = l2;
m = 16;
l10 = 0L;
break label150;
ByteArrayOutputStream localByteArrayOutputStream = new ByteArrayOutputStream(8);
DataOutputStream localDataOutputStream = new DataOutputStream(localByteArrayOutputStream);
localDataOutputStream.writeInt((int)l8);
localDataOutputStream.writeInt((int)l9);
localDataOutputStream.close();
byte[] arrayOfByte2 = localByteArrayOutputStream.toByteArray();
arrayOfByte1 = arrayOfByte2;
return arrayOfByte1;
}
catch (IOException localIOException)
{
while (true)
byte[] arrayOfByte1 = null;
}
while (true)
{
label150: int n = m - 1;
if (m <= 0)
break;
l10 = 0xFFFFFFFF & l10 + l7;
l8 = 0xFFFFFFFF & l8 + (l3 + (l9 << 4) ^ l9 + l10 ^ l4 + (l9 >>> 5));
l9 = 0xFFFFFFFF & l9 + (l5 + (l8 << 4) ^ l8 + l10 ^ l6 + (l8 >>> 5));
m = n;
}
}

private byte[] a(byte[] paramArrayOfByte, int paramInt)
{
long l3;
long l4;
long l5;
long l6;
long l8;
long l9;
long l10;
int m;
long l11;
try
{
long l1 = a(paramArrayOfByte, paramInt, 4);
long l2 = a(paramArrayOfByte, paramInt + 4, 4);
l3 = a(this.h, 0, 4);
l4 = a(this.h, 4, 4);
l5 = a(this.h, 8, 4);
l6 = a(this.h, 12, 4);
long l7 = 0xE3779B90 & 0xFFFFFFFF;
l8 = 0x9E3779B9 & 0xFFFFFFFF;
l9 = l1;
l10 = l2;
m = 16;
l11 = l7;
break label165;
ByteArrayOutputStream localByteArrayOutputStream = new ByteArrayOutputStream(8);
DataOutputStream localDataOutputStream = new DataOutputStream(localByteArrayOutputStream);
localDataOutputStream.writeInt((int)l9);
localDataOutputStream.writeInt((int)l10);
localDataOutputStream.close();
byte[] arrayOfByte2 = localByteArrayOutputStream.toByteArray();
arrayOfByte1 = arrayOfByte2;
return arrayOfByte1;
}
catch (IOException localIOException)
{
while (true)
byte[] arrayOfByte1 = null;
}
while (true)
{
label165: int n = m - 1;
if (m <= 0)
break;
l10 = 0xFFFFFFFF & l10 - (l5 + (l9 << 4) ^ l9 + l11 ^ l6 + (l9 >>> 5));
l9 = 0xFFFFFFFF & l9 - (l3 + (l10 << 4) ^ l10 + l11 ^ l4 + (l10 >>> 5));
l11 = 0xFFFFFFFF & l11 - l8;
m = n;
}
}

private byte[] a(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2, int paramInt)
{
byte[] arrayOfByte = a(paramArrayOfByte1, 0, paramArrayOfByte1.length, paramArrayOfByte2);
if (arrayOfByte == null)
arrayOfByte = a(paramInt);
return arrayOfByte;
}

private int b()
{
return this.k.nextInt();
}

private boolean b(byte[] paramArrayOfByte, int paramInt1, int paramInt2)
{
this.f = 0;
int m;
if (this.f < 8)
if (this.j + this.f >= paramInt2)
m = 1;
while (true)
{
return m;
byte[] arrayOfByte = this.b;
int n = this.f;
arrayOfByte[n] = (byte)(arrayOfByte[n] ^ paramArrayOfByte[(paramInt1 + this.d + this.f)]);
this.f = (1 + this.f);
break;
this.b = b(this.b);
if (this.b == null)
{
m = 0;
continue;
}
this.j = (8 + this.j);
this.d = (8 + this.d);
this.f = 0;
m = 1;
}
}

private byte[] b(byte[] paramArrayOfByte)
{
return a(paramArrayOfByte, 0);
}

private byte[] b(byte[] paramArrayOfByte1, int paramInt1, int paramInt2, byte[] paramArrayOfByte2)
{
this.a = new byte[8];
this.b = new byte[8];
this.f = 1;
this.g = 0;
this.e = 0;
this.d = 0;
this.h = paramArrayOfByte2;
this.i = true;
this.f = ((paramInt2 + 10) % 8);
if (this.f != 0)
this.f = (8 - this.f);
this.c = new byte[10 + (paramInt2 + this.f)];
this.a[0] = (byte)(0xF8 & b() | this.f);
for (int m = 1; m <= this.f; m++)
this.a[m] = (byte)(0xFF & b());
this.f = (1 + this.f);
for (int n = 0; n < 8; n++)
this.b[n] = 0;
this.g = 1;
while (this.g <= 2)
{
if (this.f < 8)
{
byte[] arrayOfByte3 = this.a;
int i6 = this.f;
this.f = (i6 + 1);
arrayOfByte3[i6] = (byte)(0xFF & b());
this.g = (1 + this.g);
}
if (this.f != 8)
continue;
a();
}
int i1 = paramInt1;
int i2 = paramInt2;
while (i2 > 0)
{
if (this.f < 8)
{
byte[] arrayOfByte2 = this.a;
int i4 = this.f;
this.f = (i4 + 1);
int i5 = i1 + 1;
arrayOfByte2[i4] = paramArrayOfByte1[i1];
i2--;
i1 = i5;
}
if (this.f != 8)
continue;
a();
}
this.g = 1;
while (this.g <= 7)
{
if (this.f < 8)
{
byte[] arrayOfByte1 = this.a;
int i3 = this.f;
this.f = (i3 + 1);
arrayOfByte1[i3] = 0;
this.g = (1 + this.g);
}
if (this.f != 8)
continue;
a();
}
return this.c;
}

protected byte[] a(byte[] paramArrayOfByte1, int paramInt1, int paramInt2, byte[] paramArrayOfByte2)
{
this.e = 0;
this.d = 0;
this.h = paramArrayOfByte2;
byte[] arrayOfByte1 = new byte[paramInt1 + 8];
if ((paramInt2 % 8 != 0) || (paramInt2 < 16));
int m;
for (byte[] arrayOfByte2 = null; ; arrayOfByte2 = null)
{
return arrayOfByte2;
this.b = a(paramArrayOfByte1, paramInt1);
this.f = (0x7 & this.b[0]);
m = paramInt2 - this.f - 10;
if (m >= 0)
break;
}
for (int n = paramInt1; n < arrayOfByte1.length; n++)
arrayOfByte1[n] = 0;
this.c = new byte[m];
this.e = 0;
this.d = 8;
this.j = 8;
this.f = (1 + this.f);
this.g = 1;
while (true)
{
if (this.g <= 2)
{
if (this.f < 8)
{
this.f = (1 + this.f);
this.g = (1 + this.g);
}
if (this.f != 8)
continue;
if (!b(paramArrayOfByte1, paramInt1, paramInt2))
{
arrayOfByte2 = null;
break;
}
}
else
{
int i1 = m;
byte[] arrayOfByte3 = arrayOfByte1;
int i2 = 0;
while (true)
{
if (i1 != 0)
{
if (this.f < 8)
{
this.c[i2] = (byte)(arrayOfByte3[(paramInt1 + this.e + this.f)] ^ this.b[this.f]);
i2++;
i1--;
this.f = (1 + this.f);
}
if (this.f != 8)
continue;
this.e = (this.d - 8);
if (!b(paramArrayOfByte1, paramInt1, paramInt2))
{
arrayOfByte2 = null;
break;
}
}
else
{
this.g = 1;
byte[] arrayOfByte4 = arrayOfByte3;
while (true)
{
if (this.g >= 8)
break label441;
if (this.f < 8)
{
if ((arrayOfByte4[(paramInt1 + this.e + this.f)] ^ this.b[this.f]) != 0)
{
arrayOfByte2 = null;
break;
}
this.f = (1 + this.f);
}
if (this.f == 8)
{
this.e = this.d;
if (!b(paramArrayOfByte1, paramInt1, paramInt2))
{
arrayOfByte2 = null;
break;
}
arrayOfByte4 = paramArrayOfByte1;
}
this.g = (1 + this.g);
}
label441: arrayOfByte2 = this.c;
break;
}
arrayOfByte3 = paramArrayOfByte1;
}
}
arrayOfByte1 = paramArrayOfByte1;
}
}

protected byte[] a(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2)
{
return a(paramArrayOfByte1, 0, paramArrayOfByte1.length, paramArrayOfByte2);
}

protected byte[] b(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2)
{
return b(paramArrayOfByte1, 0, paramArrayOfByte1.length, paramArrayOfByte2);
}
}

/* <em id="__mceDel">Qualified Name: com.tencent.qphone.base.util.b</em>

<em id="__mceDel"><em id="__mceDel"> * JD-Core Version: 0.6.0
*/</em></em>