theos-tweak

感謝狗神神作iOS逆向工程,本文主要記錄了第一個(gè)tweak的開(kāi)發(fā).對(duì)于theos沒(méi)有安裝或者安裝有問(wèn)題的友們可以參照我的另一篇博文Mac10.11&Xcode7.3安裝Mactheos和iOSOpenDev.當(dāng)然在后期的使用中還是發(fā)現(xiàn)了諸多問(wèn)題沒(méi)有記錄下來(lái),如果有興趣的話可以留言或@我.
打開(kāi)終端

laoshirendeMacBook-Air:~ laoshiren$ cd ./Desktop/
laoshirendeMacBook-Air:Desktop laoshiren$ mkdir myTweak
laoshirendeMacBook-Air:Desktop laoshiren$ cd ./myTweak/
laoshirendeMacBook-Air:myTweak laoshiren$ /opt/theos/bin/nic.pl 創(chuàng)建theos項(xiàng)目
NIC 2.0 - New Instance Creator
------------------------------
  [1.] iphone/application
  [2.] iphone/library
  [3.] iphone/preference_bundle
  [4.] iphone/tool
  [5.] iphone/tweak
Choose a Template (required): 5  選擇第5個(gè)tweak模板,相當(dāng)于外掛
Project Name (required): myTweak 項(xiàng)目名稱
Package Name [com.yourcompany.mytweak]: com.yourcompany.mytweak 包名,反域名的形式
Author/Maintainer Name [老實(shí)人]: askMe 作者
[iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: com.apple.springboard 這個(gè)是你要hook住app的bundleID,在項(xiàng)目plist中可以修改和添加
[iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: SpringBoard 安裝后要終結(jié)app的進(jìn)程
Instantiating iphone/tweak in mytweak/...
Done.

打開(kāi)你創(chuàng)建myTweak文件夾,是不是多出一個(gè)mytweak的項(xiàng)目文件.我們主要編輯的文件是

  • Makefile:項(xiàng)目的編譯文件,使用任意文本編輯器打開(kāi)如下
include theos/makefiles/common.mk

TWEAK_NAME = myTweak
myTweak_FILES = Tweak.xm

include $(THEOS_MAKE_PATH)/tweak.mk

after-install::
    install.exec "killall -9 SpringBoard"

我們添加一些代碼滿足更多功能,添加后效果如下

THEOS_DEVICE_IP = 192.168.199.184 手機(jī)的ip地址,等會(huì)ssh協(xié)議打包安裝(mac和phone同一個(gè)局域網(wǎng))
ARCHS = armv7 arm64  指定處理器架構(gòu)(如果不寫(xiě)可能報(bào)錯(cuò):binary does not support this cpu type)
TARGET = iphone:latest:7.0 指定編譯器sdk版本和發(fā)布最低版本(latest是你選擇xcode的最新sdk,也可以填寫(xiě)8.0)
myTweak_FRAMEWORKS = UIKit  導(dǎo)入庫(kù) 多個(gè)庫(kù)空格隔開(kāi)
myTweak_PRIVATE_FRAMEWORKS = AppSupport  導(dǎo)入私有庫(kù),如果你的xcod7.3需要將私有庫(kù)導(dǎo)入到/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS9.3.sdk/System/Library/
myTweak_LDFLAGS = -lz ????????????????????連接mach-o對(duì)象(.dylib文件,.a文件,.o文件等),(-lz會(huì)自動(dòng)搜索libz.dylib或libz.a)

include theos/makefiles/common.mk 固定寫(xiě)法,無(wú)需更改

TWEAK_NAME = myTweak 項(xiàng)目名稱
myTweak_FILES = Tweak.xm tweak包含的源文件(不包含頭文件) 多個(gè)空格隔開(kāi)

include $(THEOS_MAKE_PATH)/tweak.mk 不同工程,指定不同.mk文件.如:application.mk??,tweak.mk和tool.mk

after-install::
    install.exec "killall -9 SpringBoard" 安裝完后終結(jié)進(jìn)程

關(guān)于make更詳細(xì)的學(xué)習(xí)可以參考阮一峰博文Make 命令教程.

  • Tweak.xm:源碼文件.后綴名xm說(shuō)明支持logos,c/c++語(yǔ)言,使用xcode打開(kāi)該文件,刪除掉所有代碼,寫(xiě)入以下代碼.
%hook SBLockScreenDateViewController //需要hook的頭文件,以%end結(jié)尾,以下方法就是我們要掛鉤子的方法

- (void)setCustomSubtitleText:(id)arg1 withColor:(id)arg2{
//%orig;執(zhí)行該方法原始代碼,如果去掉就執(zhí)行了.還可以修改原始參數(shù);
%orig(@"iOS 8 App Reverse Engineering", arg2);
NSLog(@"askMe:reboot springBoard");
}
%end

%hook SpringBoard

- (void)applicationDidFinishLaunching:(id)application{
%orig;
UIAlertView * alert = [[UIAlertView alloc]initWithTitle:@"Welcome" message:@"HelloWorld!" delegate:nil cancelButtonTitle:@"Thanks" otherButtonTitles:nil];
[alert show];
[alert release];
NSLog(@"askMe:CheckID starting!");
}
%end

當(dāng)然還有其他的logos語(yǔ)法,%group??,%init,??%ctor,??%new,??%c,%log這里就不一一介紹了,可以參照logos語(yǔ)法
打開(kāi)終端輸入make編譯一下

laoshirendeMacBook-Air:mytweak laoshiren$ make
Making all for tweak myTweak...
 Preprocessing Tweak.xm...
 Compiling Tweak.xm...
 Linking tweak myTweak...
 Stripping myTweak...
 Signing myTweak...

這個(gè)時(shí)候我們可以看到多出了一個(gè)obj的文件夾,里面多了一個(gè).dylib.

輸入打包命令(將文件打包成deb文件),

laoshirendeMacBook-Air:mytweak laoshiren$ make package
Making all for tweak myTweak...
make[2]: Nothing to be done for `internal-library-compile'.
Making stage for tweak myTweak...
dpkg-deb:正在新建軟件包 com.yourcompany.mytweak,包文件為 ./com.yourcompany.mytweak_0.0.1-1_iphoneos-arm.deb

為了方便操作和安裝,我們需要對(duì)對(duì)手機(jī)SSH進(jìn)行簽名,這樣就不用每次都輸入密碼了

laoshirendeMacBook-Air:mytweak laoshiren$ iosod sshkey -h 192.168.199.184
Reading existing authorized keys from device ... 
Public key is already authorized. 我這個(gè)是已經(jīng)簽名過(guò)的,所以會(huì)有這個(gè),對(duì)于沒(méi)有簽名的會(huì)詢問(wèn)你是否繼續(xù)(yes),還要輸入手機(jī)openssh密碼(默認(rèn)是alpine),期間最好保持手機(jī)解鎖,電腦和手機(jī)在同一個(gè)局域網(wǎng)

上面我們已經(jīng)給了解過(guò)了makemake package的作用,現(xiàn)在將項(xiàng)目恢復(fù)到編譯前的狀態(tài)

laoshirendeMacBook-Air:mytweak laoshiren$ make clean
rm -rf ./obj
rm -rf "/Users/laoshiren/Desktop/myTweak/mytweak/_"
laoshirendeMacBook-Air:mytweak laoshiren$ rm com.yourcompany.mytweak_0.0.1-1_iphoneos-arm.deb
laoshirendeMacBook-Air:mytweak laoshiren$ ls -i
8139435 Makefile    8139433 control     8139437 theos
8141763 Tweak.xm    8139434 myTweak.plist

好了見(jiàn)證奇跡的時(shí)刻到了,輸入命令make package install

laoshirendeMacBook-Air:mytweak laoshiren$ make package install
Making all for tweak myTweak...
 Preprocessing Tweak.xm...
 Compiling Tweak.xm...
 Linking tweak myTweak...
 Stripping myTweak...
 Signing myTweak...
Making stage for tweak myTweak...
dpkg-deb:正在新建軟件包 com.yourcompany.mytweak,包文件為 ./com.yourcompany.mytweak_0.0.1-3_iphoneos-arm.deb。
install.exec "cat > /tmp/_theos_install.deb; dpkg -i /tmp/_theos_install.deb && rm /tmp/_theos_install.deb" < "./com.yourcompany.mytweak_0.0.1-3_iphoneos-arm.deb"
Selecting previously deselected package com.yourcompany.mytweak.
(Reading database ... 4474 files and directories currently installed.)
Unpacking com.yourcompany.mytweak (from /tmp/_theos_install.deb) ...
Setting up com.yourcompany.mytweak (0.0.1-3) ...
install.exec "killall -9 SpringBoard"

手機(jī)重啟之后,是不是多了一個(gè)alertView,鎖屏界面的日期是不是變成了"iOS 8 App Reverse Engineering"

現(xiàn)在正在了解蘋(píng)果刷榜的一些業(yè)務(wù),如果有從事這方便的大神,艾特我伸下大腿讓我抱抱,或者互利共贏,共同學(xué)習(xí)也是可以的.

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容