Developing Cydia substrate plug-ins with Xcode (ii)

Last introduced a how to use Xcode to build substrate plug-ins, but the development of the specific process has not been involved, and this is often the most difficult for beginners to start the place, so with the follow-up of this article.

But before you start, you have to be prepared, compared to the development of general apps, the process of developing plug-ins requires a lot of exploration, try, because unknown but must know a lot of things, so sometimes luck is even more important than technology.

Hook? Substrate? Plug - ins? Concise explanation!

A Hook is an implementation of a method that replaces a class or object by some means, thus achieving the purpose of injecting code at runtime.

MobileSubstrate provides developers with a convenient, fast and secure Code injection development framework.

Plug-ins (which are, of course, substrate plug-ins) refer to dynamic libraries developed on this platform.

Get header File

Class Dump is a tool used to study the runtime of the OBJECTIVE-C program, which extracts the declaration files of classes, categories, and protocols in the Mach-o file. With these headers, we will know which class the code is injected into and which method it is.

Class Dump can be obtained from the Cydia.

For a typical usage example, export the springboard header file to the Headers folder:

Class-dump-h-O Headers Springboard

Running Class-dump without parameters can query the available parameters and their descriptions.

Another example: SpringBoard.h

Springboard.h#import "_abaddressbookcopylocalizedlabel.h" #import "Uiapplicationdelegate-protocol.h" @class NSDate, Nsdictionary, Nsmutablearray, Nsmutableset, Nsnumberformatter, Nsset, NSString, Nstimer, NSURL, Sbappcontexthostmanager, Sbapplication, Sbdimmingwindow, Sbuicontroller, UIWindow; @interface Springboard: _    Abaddressbookcopylocalizedlabel {Sbuicontroller *_uicontroller;    Nstimer *_menubuttontimer;    Nstimer *_lockbuttontimer;    Nstimer *_idletimer;    Nstimer *_autolocktimer;    Double _lastundimeventtime;    Double _lasttimeidlecauseddim;    Double _headsetbuttondowntime;    struct __gsevent *_headsetdownevent;    int _headsetclickcount;    Sbdimmingwindow *_simulatedblankingwindow;    unsigned int _headsetbuttonclickcount:8;    unsigned int _menubuttonclickcount:8;    unsigned int _screenwasdimonmenudown:1;    unsigned int _waitingformenudoubletapafteractingonsingletap:1;    unsigned int _screenshotwastaken:1;    unsigned int _disableautodimming:1; unsigned int_dontlockonnextlockup:1;    unsigned int _poweringdown:1;    unsigned int _headsetdowndelayedactionperformed:1;    unsigned int _isseekinginmedia:1;    unsigned int _forceportraitstatusbarorientation:1;    unsigned int _lockscreencamerawantsidletimerdisabled:1;    int _mediaseekdirection;    float _currentbacklightlevel;    unsigned int _springboardrequestsaccelerometerevents;    int _activeinterfaceorientation;    Nsurl *_menudoubletapurl;    int _notifydontanimatereotoken;    int _notifydontallowmediahudtoken;    BOOL _expectsfacecontact;    BOOL _expectsfacecontactinlandscape;    BOOL _proximityeventsenabled;    Nsset *_restrictiondisabledapplications;    Double _samplesystemstarttime;    Nsdictionary *_startappscputimes;    struct __cfdictionary *_registeredsimpleremoteapptopriority;    Sbapplication *_registeredsimpleremoteapp;    Sbapplication *_nowplayingapp;    Sbapplication *_menubuttoninterceptapp;    BOOL _menubuttoninterceptappenabledforever; NSString *_originatingopenurLdisplayid;    Nsmutablearray *_disablenowplayinghudassertionbundleids;    Nsmutablearray *_appsregisteredforvolumeevents;    Nsnumberformatter *_decimalformatter;    Nsnumberformatter *_percentformatter;    Nstimer *_midnighttimer;    NSDate *_midnightfiredate;    struct _opaque_pthread_t *_backgroundmigserverthread;    struct _opaque_pthread_t *_icongenerationmigserverthread;    Sbappcontexthostmanager *_springboardcontexthostmanager;    UIWindow *_springboardcontexthostwindow; Nsmutableset *_displaysrequestingaggressivejetsammode;} + (BOOL) registerforsystemevents;+ (BOOL) renderslocally;-(ID) init;-(void) _createlogfile;-(void) writelogfile;-( void) Handlekeyevent: (struct __gsevent *) fp8;-(void) Sethardwarekeyboardlayoutname: (ID) fp8;-(void) updatestackshotsettings;-(void) updatepowerlog;-(void) _performdeferredlaunchwork;-(void) Applicationdidfinishlaunching: (ID) fp8;-(void) appleiconviewremoved;-(BOOL) launchedafterlanguagerestart;-(void) clearlaunchedafterlanguagerestart;-(ID) _settinglanguagestringfornewlanguage;-(void) languagechanged;-(void) _rotateview: (ID) FP8 toorientation: (int) fp12;-( void) wipedevicenow;-(void) checkpasscodecompliance;-(void) Showedgeactivationfailurealert: (ID) FP8 reason: (ID) FP12 Formms: (BOOL) fp16;-(void) _effectivesettingsdidchange;-(void) _assistantpreferencedidchange: (ID) fp8;-(void) _ profilelistdidchange;-(void) Userdefaultsdidchange: (ID) fp8;-(void) _lockdownactivationchanged: (ID) fp8;-(void) _ testphonealerts;-(void) runfieldtestscript;-(void) _significanttimechange;-(void) significanttimechange;-(void) Batterystatusdidchange: (ID) fp8;-(BOOL) shouldrunfieldtestscript;-(BOOL) iapisinextendedmode;-(BOOL) canshowlockscreenhudcontrols;-(BOOL) lockscreencamerasupported;-(BOOL) canshowlockscreencameraknob;-(BOOL) canshownowplayingcontrols;-(void) Setappdisablednowplayinghud: (bool) FP8 Bundleidentifier: (ID) fp12;-(BOOL) RESPONDIMMEDIATELYTOMENUSINGLETAPALLOWINGDOUBLETAP: (char *) fp8;-(void) Gotospotlight: (BOOL) fp8;-(BOOL) handledoubletapaction;-(vOID) handlemenudoubletap;-(void) _primemenubuttonassistant;-(void) _setmenubuttontimer: (ID) fp8;-(void) _ Setlockbuttontimer: (ID) fp8;-(void) cancelmenubuttonrequests;-(void) clearmenubuttontimer;-(void) _ menubuttonwasheld;-(double) _menuholdtime;-(void) Menubuttondown: (struct __gsevent *) fp8;-(void) Menubuttonup: ( struct __gsevent *) fp8;-(void) _giveuponmenudoubletap;-(void) _keyboardavailabilitychanged;-(void) _ runactivateassistanttest;-(void) _activateassistantwithevent: (int) FP8 withcompletion: (ID) FP (null);-(void) Activateassistantwithoptions: (ID) FP8 withcompletion: (ID) FP (null);-(void) _startseekwithdirection: (ID) fp8;-(void) Mediakeydown: (struct __gsevent *) fp8;-(void) Mediakeyup: (struct __gsevent *) fp8;-(void) _handlemenubuttonevent;-( void) Lockbuttondown: (struct __gsevent *) fp8;-(void) lockbuttonwasheld;-(void) extendbuttontimersforwake;-(void) _ powerdownnow;-(void) _rebootnow;-(void) reboot;-(void) powerdown;-(BOOL) ispoweringdown;-(void) powerdownrequested :(ID) fp8;-(void) PowerdowncaNceled: (ID) fp8;-(BOOL) relaunchingforsetuplanguagechange;-(void) relaunchspringboard;-(void) _ relaunchspringboardnow;-(void) Lockbuttonup: (struct __gsevent *) fp8;-(void) _ performdelayedheadsetactionforassistant;-(void) _performdelayedheadsetactionforvoicecontrol;-(void) _ performdelayedheadsetclicktimeout;-(ID) simpleremotedestinationapp;-(void) Sendsimpleremoteactiontoregisteredapp :(int) fp8;-(void) _iapserverconnectiondiednotification: (ID) fp8;-(void) _iapextendedmodereset;-(void) _ imagesmounted;-(void) _setdeferredheadsetbuttondownevent: (struct __gsevent *) fp8;-(void) Headsetbuttondown: (struct __gsevent *) fp8;-(void) Headsetbuttonup: (struct __gsevent *) fp8;-(void) headsetavailabilitychanged: (struct __gsevent *) fp8;-(void) smsprefschanged;-(void) alsprefschanged: (ID) fp8;-(void) Profileconnectiondidreceiveeffectivesettingschangednotification: (ID) FP8 userInfo: (ID) fp12;-(void) updatecapabilitiesandiconvisibility;-(BOOL) isdisplayidentifierrestrictiondisabled: (ID) fp8;-(void) Loaddebugginganddemoprefs;-(void) debugginganddemoprefswerechanged;-(void) _localechanged;-(void) localechanged;-(void) autolockprefschanged;-(void) pinpolicychanged;-(void) profileconnectiondidreceiverestrictionchangednotification :(ID) FP8 userInfo: (ID) fp12;-(void) Profileconnectiondidreceivepasscodepolicychangednotification: (ID) FP8 UserInfo :(ID) fp12;-(void) ringerchanged: (int) fp8;-(void) _updateringerstatewithvisuals: (BOOL) FP8 Updatepreferenceregister :(BOOL) fp12;-(void) accessorykeystatechanged: (struct __gsevent *) fp8;-(unsigned int) _frontmostapplicationport;-( void) Quittopapplication: (struct __gsevent *) fp8;-(void) applicationexited: (struct __gsevent *) fp8;-(void) Anotherapplicationfinishedlaunching: (struct __gsevent *) fp8;-(void) Applicationsuspend: (struct __gsevent *) fp8;-( void) applicationsuspended: (struct __gsevent *) fp8;-(void) applicationsuspendedsettingsupdated: (struct __gsevent *) fp8;-(void) Statusbarreturnactiontap: (struct __gsevent *) fp8;-(int) StatusBar: (ID) FP8 Styleforrequestedstyle: (iNT) FP12 overrides: (int) fp16;-(void) hidespringboardstatusbar;-(void) showspringboardstatusbar;-(void) Setmetahostingenabled: (BOOL) fp8;-(BOOL) ismetahostingenabled;-(ID) metahostview;-(ID) metahostwindow;-(void) Showalertforunhandledurl: (ID) FP8 error: (int) fp12;-(void) _applicationopenurl: (ID) FP8 event: (struct __gsevent *) fp12 ;-(BOOL) Applicationcanopenurl: (ID) FP8 publicurlsonly: (BOOL) fp12;-(void) Applicationopenurl: (ID) fp8;-(void) Applicationopenurl: (ID) FP8 publicurlsonly: (bool) fp12;-(void) Applicationopenurl: (ID) FP8 publicurlsonly: (BOOL) FP12 Animating: (bool) fp16;-(void) Applicationopenurl: (ID) FP8 publicurlsonly: (BOOL) FP12 animating: (bool) FP16 sender: (ID) fp20;-(void) Applicationopenurl: (ID) FP8 publicurlsonly: (BOOL) FP12 animating: (bool) FP16 Additionalactivationflag: ( unsigned int) fp20;-(void) Applicationopenurl: (ID) FP8 publicurlsonly: (BOOL) FP12 animating: (bool) FP16 sender: (ID) fp20 Additionalactivationflag: (unsigned int) fp24;-(void) _openurlcore: (ID) FP8 display: (ID) fp12 publicurlsonly: (BOOL) FP16 animating: (bool) FP20 Additionalactivationflag: (unsigned int) fp24;-(bool) Canopenurl: (ID) fp8;-(BOOL) OpenURL :(ID) fp8;-(void) Setmenubuttoninterceptapp: (ID) FP8 Forever: (BOOL) fp12;-(ID) menubuttoninterceptapp;-(BOOL) menubuttoninterceptappenabledforever;-(void) setwantsvolumebuttonevents: (BOOL) fp8;-(void) Setappregisteredforvolumeevents: (ID) FP8 isActive: (BOOL) fp12;-(ID) appsregisteredforvolumeevents;-(void) volumechanged: (struct __gsevent *) fp8;-(void) setbacklightfactorpending: (float) fp8;-(void) Setbacklightfactor: ( float) fp8 Keeptouchon: (BOOL) fp12;-(void) Setbacklightfactor: (float) fp8;-(void) Animatebacklighttofactor: (float) FP8 Duration: (double) fp12 Keeptouchon: (BOOL) FP20 didfinishtarget: (ID) FP24 selector: (SEL) fp28;-(void) Animatebacklighttofactor: (float) FP8 Duration: (double) FP12 didfinishtarget: (ID) fp20 selector: (SEL) fp24;-(void) Setbacklightlevel: (float) fp8;-(void) Setbacklightlevel: (float) FP8 permanently: (BOOL) fp12;-(float) currentbacklightlevel;-(float) systembacklightlevel;-(void) systemwillsleep;-(void) setupmidnighttimer;-(void) _midnightpassed;-(void) _adjustmidnighttimeraftersleep;- (void) setbacklightfactortozero;-(void) cancelsetbacklightfactortozeroafterdelay;-(void) setbacklightfactortozeroafterdelay;-(void) showsimulatedscreenblank;-(void) hidesimulatedscreenblank;-(void) dimtoblackkeepingtouchon;-(void) undim;-(void) lockaftercall;-(BOOL) shoulddimtoblackinsteadoflock;-(void) autolock;-(void) dididle;-(double) nextidletimeduration;-(double) nextlocktimeduration;-(void) clearidletimer;-( void) resetidletimerandundim;-(void) Resetidletimerandundim: (bool) fp8;-(void) _proximitychanged: (ID) fp8;-(BOOL) caseisenabledandlatched;-(BOOL) allowcaselatchlockandunlock;-(void) Keyboardorcaselatchwantstoattemptunlock: (ID) fp8;-(void) notecasehardwarepresent;-(void) caselatchwantstoattemptlock;-(void) usereventoccurred;-(void) _ Updaterejectedinputsettingsforincallstate: (BOOL) FP8 isoutgoing: (BOOL) FP12 Triggeredbyroutewillchangetoreceivernotification: (BOOL) fp16;-(VOID) updaterejectedinputsettingsforincallstate: (bool) FP8 isoutgoing: (bool) fp12;-(void) updaterejectedinputsettings ;-(void) Updaterejectedinputsettingstriggeredbyroutechangetoreceivernotification: (BOOL) fp8;-(void) LockDevice: ( struct __gsevent *) fp8;-(void) showthermalalertifnecessary;-(void) respondtocurrentthermalcondition;-(void) _ beginthermaljetsamcpusampling;-(void) _killthermallyactiveapplication;-(id) _newappscputimesdictionary;-(void) didreceivememorywarning;-(void) notesubstantialtransitionoccured;-(void) updatemirroreddisplayorientation;-(void ) noteinterfaceorientationchanged: (int) fp8;-(void) noteinterfaceorientationchanged: (int) FP8 Updatemirroreddisplays: (BOOL) fp12;-(int) activeinterfaceorientation;-(int) activeinterfaceorientationwithoutconsideringalerts;-(int) _frontmostapporientation;-(int) interfaceorientationforcurrentdeviceorientation;-(void) reportstatusbarorientationasportrait: (BOOL) fp8;-(int) statusbarorientation;-(void) _overridedefaultinterfaceorientationwithorientatiOn: (int) fp8;-(void) _removedefaultinterfaceorientatationoverride;-(ID) Displayidforurlscheme: (ID) FP8 isPublic: ( BOOL) fp12;-(BOOL) _alertwindowshouldrotate;-(double) windowrotationduration;-(void) setsystemvolumehudenabled: ( BOOL) FP8 foraudiocategory: (ID) fp12;-(void) _migratemenudoubletapsetting;-(void) updatemenudoubletapsettings;-( void) setzoomtouchenabled: (BOOL) fp8;-(BOOL) proximityeventsenabled;-(void) setproximityeventsenabled: (bool) fp8;-( BOOL) expectsfacecontact;-(BOOL) expectsfacecontactinlandscape;-(void) Setexpectsfacecontact: (bool) FP8 Inlandscape :(BOOL) fp12;-(void) Setexpectsfacecontact: (BOOL) fp8;-(void) updateproximitysettings;-(void) Frontdisplaydidchange ;-(void) Applicationwillorderincontext: (ID) FP8 windowlevel: (float) fp12 windowoutput: (int) fp16;-(void) Applicationdidorderoutcontext: (ID) fp8;-(void) diddismissminialert;-(void) Willdisplayminialert: (int *) fp8;-(void) Willdismissminialert: (int *) FP8 andshowanother: (bool) fp12;-(void) Sethasminialerts: (BOOL) fp8;-(BOOL) Canshowalerts;-(BOOL) islocked;-(int) alertinterfaceorientation;-(void) launchmusicplayersuspended;-(void) _ launchmusicplayersuspendedandstartmusic;-(void) _teardownnow;-(void) teardown;-(void) _ Nowplayingappdidchangenotification: (ID) fp8;-(BOOL) ismusicplayerinnowplayingview;-(ID) nowplayingapp;-(BOOL) isnowplayingappplaying;-(BOOL) ismusicplayerplaying;-(void) Setnowplayinginfo: (ID) FP8 forapplication: (ID) fp12;-( void) _updateregisteredsimpleremoteapp;-(void) setsimpleremoteroutingpriority: (unsigned int) FP8 forapplication: (ID ) fp12;-(unsigned int) simpleremoteroutingpriorityforapplication: (ID) fp8;-(unsigned int) simpleremoteroutingpriority;-(void) setidletimerdisabled: (BOOL) fp8;-(void) Setsuspensionanimationdelay: (Double) fp8;-(BOOL) iscameraapp;-(ID) Formatteddecimalstringfornumber: (ID) fp8;-(ID) Formattedpercentstringfornumber: (ID) fp8;-(ID) _accessibilityfrontmostapplication;-(ID) _accessibilitytopdisplay;-(ID) _ accessibilityrunningapplications;-(BOOL) _accessibilityissystemgestureactive;-(BOOL) _accessibilityobjectwithinproximity;-(void) _accessibilityseteventtapcallback: (void *) fp8;-(void *) _ accessibilityeventtapcallback;-(void) _accessibilityprocesshidevent: (struct __iohidevent *) fp8;-(BOOL) _ accessibilityissbstealingevents;-(double) _accessibilityactivationanimationstartdelay;-(void) _ accessibilityactivationanimationwillbegin;-(double) _accessibilitydeactivationanimationstartdelay;-(void) _ accessibilitydeactivationanimationwillbegin;-(bool) _isswitchershowing;-(void) _setstatusbarshowsprogress: (BOOL) fp8;-(void) _spokenlanguagechanged;-(void) beginlisteningforassistantactivationgesture;-(void) stoplisteningforassistantactivationgesture;-(void) setsystemaggressivejetsamenabled: (BOOL) FP8 ForDisplay: (ID) FP12; @end

So we'll know. There is a springboard class in Springboard, and the name, return type, parameter type, and number of all methods declared in this class. You can then modify the implementation of the method you want to modify as described previously.

But in order to achieve the goal in the end should be modified which method of implementation, and how to modify, this is the need to constantly try and explore the place.

The adventure is only just beginning.

The method name provides a lot of information to let us know what this method is about, but the meaning of the parameter and the return value is less clear. Here's a tip that you can get more information by injecting NSLog output parameters and return values.

In short, it is a good idea to try to get the information you need and to experiment directly with the probabilities of the original implementation.

Finally, the last, and then a word, in case some classmates do not know. The compiled dynamic library should be placed in this directory of the IOS device:

/library/mobilesubstrate/dynamiclibraries

Developing Cydia substrate plug-ins with Xcode (ii)