IOS reverse engineering-Theos, iostheos

IOS reverse engineering-Theos, iostheos

If you know something about iOS reverse engineering, you are no stranger to Tweak. Then we will introduce Theos from Tweak, so what is Theos? In a simple sentence, Theos is a jailbreak development kit, and Theos is the first of the jailbreak development tools, because its biggest feature is simplicity. It is easy to download, install, compile, and release Theos. Another common tool in jailbreak development is iOSOpenDev. Because the topic in this article is Theos, I will not repeat iOSOpenDev too much. The topic of this blog is the installation and use of Thoes.

 

I. configuration and installation of Theos

The configuration and installation of Theos are relatively simple. It is not a problem to follow the official steps. Theos official documentation address "official Wiki", which provides how to install and configure Theos, this part of content is also provided according to the official Wiki, of course, this part of the operation, make sure that you have installed Homebrew locally. You can use the brew command to install some dependent packages. Brew is a package management tool similar to yum or apt-get in Linux. If you have not installed brew locally, You need to Google it to install brew.

1. Install dpkg

sudo brew install dpkg

Dpkg is one of Theos dependent tools, and dpkg is short for Debian Packager. We can use dpkg to create deb. All plug-ins developed by Theos will be released in deb format. Therefore, I need to install dpkg before installing Theos. Of course, here we use a powerful brew to install dpkg. The installation process is as follows:

　　

 

2. Install ldid

sudo brew install ldid

In Theos development plug-in, the iOS file signature is completed using the ldid tool, that is, the ldid replaces the Codesign that comes with Xcode. The Installation Process of ldid is shown below.

　　

 

3. Install Theos

git clone --recursive https://github.com/theos/theos.git

Because our Theos is usually installed in the/opt/directory, we need to first cd it to the/opt directory and then clone it from the relevant address on github, the steps are as follows (the installation process is quite long below, please be patient ):

　　

After you download Theos, You need to modify the file permissions by running the following command:

sudo chown $(id -u):$(id -g) theos

Now, after Theos is installed, you can start your journey to Theos.

 

Ii. Use Theos to create, compile, and install tools

After we set up the Theos environment above, we will start to use our Theos to do something. Next we will use Theos to create a tool for use, compile it, and install it on our jailbreak mobile phone. Next, let's take a look at this series of steps.

1. configure $ THEOS

Export THEOS = path of theos File

Go to the directory where you want to create a utility and use export to define the following environment variables, as shown below. The command below is relatively simple. You can understand that the name of a variable named THEOS is defined using export, and the value stored in the variable is/opt/theos. The following path is the above path for us to install theos. If you want to use this path, use $ THEOS instead. Of course, this variable is only available on the current terminal. As shown below.

　　

 

2. Create a project

$THEOS/bin/nic.pl

Next, we will use theos to create our project. It is relatively simple to create a project, that is, to call the nic. pl Command under the bin in our theos directory. The specific execution is as follows. After executing the nic. pl Command, you will be asked to select the template for creating a new project. Currently, there are 12 built-in templates in theos. Of course, you can download other templates from the Internet. Of course, we created an application_modern project here, so we can select 2. Of course, if you want to create a tweak, select 11, the second template is selected below.

After you select a template, you will be asked to perform a series of operations. The operations for these columns are similar to the steps for creating an iOS project in Xcode.

(1) enter your Project Name (required). Here, the Project Name is FirstTheosApplication.

(2) enter the Package Name. The naming rule for the Package Name is generally your company domain Name, and then add your project Name to the back, is the com. ludashi. firsttheosapplication.

(3) enter the Author's Name (Author/Maintainer Name). Here we enter Mr. LuDashi

(4) then, for example, the prefix of several Class names (Class name prefix). Here we enter CE.

After the above configuration, our project has been created.

　　

Below is the directory of the created project file. Of course, the packages folder is the file generated after compilation and packaging. The deb is our Installation File. You can install the installation package on our jailbreak mobile phone.

　　

 

3. Preparations before compilation and packaging

export SDKVERSION=9.3
export THEOS_DEVICE_IP=ios_device_ip

Next, we need to prepare for compilation and packaging. SDKVERSION is the SDK used for compiling the project. Because the SDK in Xcode is 9.3, we know that SDKVERSION is 9.3. After specifying the required SDK for compilation, We need to specify the IP address of the device installed in the packaged file, and use THEOS_DEVICE_IP to specify. The IP address below is the IP address of an jailbreak mobile phone.

Before specifying the IP address of the device, you must ensure that your jailbreak device is installed with OpenSSH and can log on to the Mac terminal through ssh.

　　

 

4. Compile

make

After preparing for compilation, compile the project we just created. First, go to our firsttheosapplication directory and execute the make command to compile. As shown below.

　　

 

5. Package

make package

After compilation, We need to package the project so that our jailbreak device can be installed. The following shows how to package a project by calling the make package command. After packaging, an installation package with the suffix deb is generated.

　　

 

6. Install

make install

Install the installation package to the corresponding jailbreak device. Because we have configured the IP address of the jailbreak device and ensured that the device can be connected through ssh, we can directly call the make install command to install the project. During the installation process, you will be asked to enter the password for logging on to the device through ssh. after entering the password, the installation is successful, as shown below.

　　

 

7. effect after installation

The following figure shows the effect after the project is installed. Open Cydia and select the installed Tab. We will see the installed FirstTheosApplication (utility). We can click it to view it. Most of the information is the information we Just configured. Now we have finished a complete process.

 

3. Create, compile, package and install Tweak

Next we will create a Tweak project, which is similar to the above process. It also needs to be created using nic. pl, compiled using make, packaged using make package, and installed using make install. Next, let's take a look at this process.

1. Final Results

The following figure shows what we want to achieve. Next we will use Theos to create the Tweak project. below is what we will do in the Tweak project. When the screen lock of your iPhone is turned on, a box is displayed for you. This box is the code of our Tweak project Hook. below is the final implementation result.

　　

 

2. Create a Tweak Project

Below is the creation of our Tweak project, which is similar to the creation of the above project, but here we select the Tweak template. As shown below, we name the Tweak project LockScreenAlter, and use the default values for other configuration items. Then go to our LockScreenAlter project directory, which contains the following four files.

　　

 

3. Makefile

Similar to a configuration file, this file is used to specify the files, frameworks, libraries, and sdks used by the project, and automate the compilation, packaging, and installation processes. Below is the content in our Makefile. The red box below is the default configuration after the project is created, and the red box above is the configuration we added later. These items specify the parameters required for compilation and installation to automate them. Because my local Xcode is the IOS 9.3 SDK, the specified SDKVESION below is.

　　

4. Compile the Tweak. xm File

(1) analysis before writing hook code

This step of analysis is crucial because it helps you understand where your code works. Because we need to play a box on the screen lock page, we need to add a hook on the corresponding screen lock page. Below is our analysis process. After browsing the system's header file, we found the SBLockScreenManager from the path below. h. From the file name, it is not difficult to guess that this file is the file responsible for the iPhone lock screen, so we hook it for implementation.

　　

 

Below is the content of the above header file. From the content, we are more confident that the SBLockScreenManager class is used to manage the system lock screen, because there is a field that indicates whether the isUILocked has been locked. This header file also contains a class method and an object method. Of course, this class method is clearly used to obtain the class Singleton. The object method lockUIFromSource ...... It should be used for screen lock and unlock. Therefore, the only object method in the SBLockScreenManager class must be used to create a dialog box in the lock screen.

　　

 

(2) Implementation of hook code

Below is all the code in Tweak. xm. It is the Logos syntax and is relatively simple to use. % Hook and % end appear in pairs. % hook is followed by the class name we want to modify. Here we want to modify SBLockScreenManager, similar to the inheritance operation in OC. % Orig is used to execute the original function for modifying the function. It can be considered as super in the OC syntax, similar to calling the method of the parent class. The following code uses these Logos syntaxes to pop up on the screen.

　　

Introduction to common Logos Syntax:

• % Hook specifies the name of the class to be hooked, ending with % end
• % Log is used to print logs and input information to syslog, for example, % log (NSString *) @ "ZeluLi ")
• % Orig executes the original code of the hook function, similar to the super. method Function
• % Group this command is used for % hook grouping. % group is followed by the group name. % group must also end with % end, which can contain multiple % hook
• % Init this command is used to initialize a % group. A group takes effect only after initialization. init must be executed in the hook.
• % Ctor tweak constructor, used for initialization. If it is not explicitly defined, Theos will automatically generate a % ctor and call % init (_ ungrouped) in it ). for example: % ctor {% init (_ ungrouped )}
• % New this command is used to add a new function to an existing class. It is the same as class_addMethod in Runtime.
• % C this command is used to obtain the name of a class, similar to objc_getClass.

The above involves so much, more detailed please participate: http://iphonedevwiki.net/index.php/Logos

 

5. control File

The content stored in the control file records the basic information required by the deb package management system and is packaged into the deb package. Below is the content in control, which stores some package names, project names, versions, authors, and so on, which is the same as the information displayed in Cydia After packaging and installation.

　　

 

6. Compile, package, and install

The compilation, packaging, and installation process and the previous part of the type are described here.

(1) Use the make command to compile

　　

(2) Packaging: make package

　　

(3) install it on your mobile phone: make install

　　

 

7. View From Cydia

Below is what we checked in Cydia after successful installation. After successful installation, an Alter will pop up when you lock the screen.