How does Palm Ares work?
Every once in a while you come accross a website that really does something that you’ve never seen before, one of which is Palm ares (Ares.palm.com). There is a button, where you can download an app onto your Palm phone via a USB cable. I never saw this before, so I descided to take it apart.
First file of interes was app-build.js, which connects to an applet webOsConnect on the page, which appears to do the magic. I ran the applet through JD-GUI decompiler to see how it worked. The Intall class looked interesting:
public void installPackage(INovacomDevice device, File ipkFile) throws InstallerException
{
if ((!ipkFile.isFile()) || (!ipkFile.canRead())) {
throw new InstallerException(“error reading ” + ipkFile);
}String developerDir = getDeveloperDirectory();
try {
NovacomUtil.mkdir(device, developerDir, true);
} catch (NovacomUtil.NovacomUtilException e) {
throw new InstallerException(e);
}String dest = developerDir + “/” + ipkFile.getName();
try
{
try
{
NovacomPutCommand cmd = new NovacomPutCommand(device, ipkFile, dest);
cmd.run();
} catch (NovacomCommand.NovacomCommandException e) {
throw new InstallerException(e);
}
try
{
AppManagerUtil.installApp(device, dest);
} catch (AppManagerUtil.AppManagerException e) {
throw new InstallerException(e);
}
}
finally {
try {
doCleanup(device, dest);
}
catch (InstallerException e)
{
}
}
}
Under the hood, this appears to make a connection to localhost on port 6968, guessing by the constants:
public static final int DEFAULT_PORT = 6968;
public static final String DEFAULT_HOST = “127.0.0.1”;
Looking at the “beautified” version of app-build.js (I used jsbeautifier.org), then the launch method has two interesting lines:
wc.installCloudPackage(deviceId, url, info.id + “.ipk”, dojo.toJson({
“Cookie”: “auth_tkt=” + authtkt
}));
wc.launchApp(deviceId, info.id);
Where “wc” stands for WebOsConnect (the applet). InstallCloudPackage has the following code:
public boolean installCloudPackage(String deviceId, String location, String pkgName, String headers)
{
try
{
AccessController.doPrivileged(new PrivilegedExceptionAction(location, headers, deviceId, pkgName)
{
public Void run() throws Exception {
InputStream input = null;
try {
HttpURLConnection connection = (HttpURLConnection)new URL(this.val$location).openConnection();
JSONObject headerObj = new JSONObject(this.val$headers);
Iterator a = headerObj.keys();
while (a.hasNext()) {
String key = a.next().toString();
connection.addRequestProperty(key, headerObj.getString(key));
}
connection.connect();
if (connection.getResponseCode() != 200) {
throw new Exception(connection.getResponseMessage());
}
input = connection.getInputStream();
new Installer().installPackage(NovacomUtil.connect(DeviceConnection.findNovacomDevice(this.val$deviceId)), input, this.val$pkgName);
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
if (input != null)
try {
input.close();
}
catch (IOException e) {
}
}
return null;
}
});
return true; } catch (PrivilegedActionException ex) {
}
return false;
}
Now, the calling parameters are as follows
DeviceID = either “desktop” for the simulator, or the device UID as returned from gerDefaultNovacomDevice
Location = the URL of the IPK
pkgName = the name of the IPK
header = An authorisation ticket of some form * (I’ve yet to find what this is)
In a somewhat related vein, I’ve also taken a look at the source code for WebOSQuickInstall, which at it’s lowest level runs the following command to implement an installation
private String palmAppInstallCommand(String file, String id) throws Exception {
String pid = null;
String out = “”;
out = runProgram(“/usr/bin/luna-send”, new String[] { “-n”, “1”, “palm://com.palm.appinstaller/installNoVerify”, “{\”target\”:\”” + file + “\”}” });if (out.contains(“\”returnValue\”:false”))
throw new Exception();
do
{
if (fileExists(“/media/cryptofs/apps/usr/lib/ipkg/info/” + id + “.control”)) {
pid = null;
break;
}
try {
pid = runProgram(“/usr/bin/pgrep”, new String[] { “-f”, “ipkg” }).split(“\n”)[0];
}
catch (Exception e) {
pid = null;
}
}
while (pid == null);while (!fileExists(“/media/cryptofs/apps/usr/lib/ipkg/info/” + id + “.control”))
{
runProgram(“/bin/kill”, new String[] { “-0”, pid });
try {
pid = runProgram(“/usr/bin/pgrep”, new String[] { “-f”, “ipkg” }).split(“\n”)[0];
}
catch (Exception e) {
pid = null;
}}
return out;
}
Followup: The Novacom code also appears in the WebOs Emulator