I'm trying to reverse engineer an apk with apktool d and the smali it produces contains packed-switch statements which I don't fully understand. A method contains:
packed-switch v0, :pswitch_data_0
Followed later in the code with labels like :pswitch_X
where X is a number and at the end of the method with:
:pswitch_data_0
.packed-switch 0x7f060395
:pswitch_4
:pswitch_5
:pswitch_1
.end packed-switch
What exactly does this do? It looks like a list of places to jump to, but on what condition? What does it do with 0x7f060395?
Switches are in two parts, as you noticed. The second part you listed is the payload pseudo-instruction, that contains all the switch cases. The first part is a packed-switch instruction, which defines the register containing the value to check, and refers to a payload instruction using a label.
For a packed-switch, the case values in the payload pseudo-instruction are sequential, and only the first value is actually given (in this case, 0x7f060395)
For your example specifically, when the packed-switch instruction is executed, it will check the value of the v0 register against the 3 cases in the payload. If the value is 0x7f060395, it will jump to :pswitch_4, if 0x7f060396, it will jump to :pswitch_5, etc.
If the value of the register didn't match any of the cases, then execution will continue with the next instruction after the packed-switch instruction (the one with the register and label, not the payload pseudo-instruction).
The sparse-switch instruction is similar, except that its payload instruction has an explicit value associated with each case, instead of using sequential key values.
You can find all the nitty-gritty details in the dalvik-bytecode document.