Theos of the reverse engineering of iOS

If you know something about the reverse engineering of IOS , you're no stranger to Tweak . Then by tweak we will lead to Theos, then what is Theos it, a simple word, Theos is a jailbreak development kit, Theos is the first jailbreak development tools, because its biggest feature is simple. Boulevard to Jane, theos download installation, compile and release are relatively simple, jailbreak development in another common tool is iosopendev, because this topic is Theos, so iosopendev do not do too much to repeat. The topic of this blog is the installation and use of thoes.

First, the configuration and installation of Theos

Theos Configuration and installation is relatively simple, according to the official steps to operate, the problem is not big. Theos Official document Address " official wiki", which gives you how to install and configure Theos, this section is provided in accordance with the official wiki , of course, when doing this part of the operation, to ensure that you have installed the local Homebrew, you can use the Brew command to install some dependent packages. Brew is similar to the yum or Apt-getin Linux, which is a package management tool. If you do not have brew installed locally, then request your own Google to complete the installation of the brew.

1. Installing dpkg

sudo brew install dpkg

Dpkg is one of the tools that Theos relies on, DPKG is the abbreviation for Debian Packager . We can use dpkg to make Deb,theos developed plugins will be published in the format of Deb. So I'm going to install dpkg before installing Theos, of course here we use powerful brew to complete the dpkg installation. The specific procedures for installation are as follows:

　　

2. Installing Ldid

sudo brew install Ldid

In the Theos development plugin, the iOS file signature is done using the Ldid tool, which means that Ldid replaces the Codesignthat comes with Xcode. Below is the LDID installation process.

　　

3.Theos Installation

git clone--recursive https://github.com/theos/theos.git

Because our Theos is generally installed in the/opt/directory, so CD to/opt directory, and then from GitHub on the relevant address clone down, the steps are as follows (the installation process is very long, please wait patiently):

　　

After downloading the Theos, to modify the permissions of the file, such as the following command

sudo chown $ (id-u): $ (id-g) Theos

At this point, Theos installation is complete, you can open your Theos journey.

Second, use Theos to create, compile, install the use of tools

After we set up the THEOS environment, we began to use our theos to do something. Next we will use Theos to create a usage tool, compile it, compile it, and install it on our jailbreak phone. Let's take a look at this series of steps.

1. Configure $theos

Path to export Theos=theos file

Go to the directory where we want to create the utility, and use export to define the following environment variables, as shown below. The command below is relatively simple, as you can understand, is to use export to define a variable whose name is THEOS, and the value stored in the variable is /opt/theos. The path behind this is the path we installed THEOS , if you want to use this path, use $THEOS instead. Of course, the variable is only available in the current terminal. as shown below.

　　

2. New Project

$THEOS/bin/nic.pl

The next step is to use Theos to create our project, and it's simpler to create a project that calls the nic.pl command under bin in our Theos directory. The specific implementation is shown below. After executing the nic.pl command, you will be asked to choose a template for the new project, and there are currently 12 sets of templates in the Theos, but you can download other templates from the Web. Of course we created here is the application_modern type of project, so we choose 2, of course, if you want to create tweak, then choose 11, below we choose the second template.

After you select a template, you'll be followed by a series of actions, which are similar to the steps for Xcode to create a new iOS project.

(1) Enter the name of your project (project name, required option), here the name of our project is firsttheosapplication.

(2) Enter the package name(package name), the name of the name of the naming convention is usually the reverse of your company domain name, and then add your project name, here I casually wrote one, is below the Com.ludashi.firsttheosapplication.

(3) Enter the name of the author (Author/maintainer name), here we enter Mr.ludashi

(4) Then the prefix of the class name (class name prefix), here we enter the CE.

After the above configuration, our project is created.

　　

Below is the catalog of the project files we created, of course, the Packages folder is the file we build after we compiled the package, and Deb is our installation file. The installation package can be installed on our jailbreak phone.

　　

3. Preparation before the package is compiled

Export sdkversion=9.3

Export THEOS_DEVICE_IP=IOS_DEVICE_IP

Then we have to do some preparation before compiling the package,sdkversion is the SDK used to compile the project, because the native Xcode is the 9.3 SDK, so we know the sdkversion is 9.3. After specifying the SDK required for the compilation, we need to specify the IP address of the device to which the packaged file will be installed, using theos_device_ip . The IP address below is the IP address of a jailbroken phone.

Before you specify this device IP, make sure that your jailbreak device has OpenSSHinstalled and that you can ssh in on the Mac terminal.

　　

4. Compiling

Make

After compiling the pre-compilation, the project we just created was compiled. First go into our firsttheosapplication directory and execute the Make command to compile. as shown below.

　　

5. Packaging

Make Package

Once the compilation is complete, we will tell the project to be packaged so that our jailbreak device can be installed. Below is the call to make Package command for Project packaging. Packages that have a suffix named deb are generated after packaging.

　　

6. Installation

Make install

Install the installation package to the appropriate jailbreak device. Because we have configured the jailbreak device's IP address above, and ensure that the jailbreak device can be connected via SSH, we can directly call the Make install command to install the project. During the installation process, you will be asked to enter the password for the SSH login device, which will show the successful installation, as shown below.

　　

7. Post-Installation effects

Below is the effect of our project after installation. Open the Cydia, select the Installed tab, you will see the firsttheosapplicationwe have just installed (utility), we can click to see, some of the information is mostly the information we have just configured. By this we have finished a complete process.

Iii. tweak creation, compilation, packaging and installation

The next step is to create a Tweak type of project, which is much the same as the above process. You also need to use nic.pl to create, use make to compile, package with make packages, and install with a make install. Let's take a look at this process next.

1. Final effect

Straight to the point, below is the effect we want to achieve. Next we will use Theos to create the Tweak project, below is what we Tweak the project to do. is when your iPhone lock screen is turned on, to give you a box, this box is our Tweak project Hook Code, below is our final implementation of the effect.

　　

2.Tweak Project Creation

Below is the creation of our Tweak project, similar to the creation of the above project, but here we choose the Tweak template. As shown below, we name the Tweak project Lockscreenalter, and the other configuration items use the default values. Then go to our Lockscreenalter Project catalogue, which has four files below.

　　

3.Makefile file

This file is similar to a configuration file that specifies the files, frameworks, libraries, used SDKs , and so on for the project, automating the entire compilation, packaging, and installation process. Below is the content of our Makefile , the red box below is the default configuration after the project is created, the above red box is the configuration we added later. These entries specify the parameters that are required for compilation, installation, and so on to automate them. Because my local Xcode is the iOS9.3 SDK, the sdkvesion specified below is 9.3.

　　

Preparation of 4.TWEAK.XM files

(1) Analysis before writing the hook code

It is important to analyze this step, as this step allows you to understand where your code works. Because we're going to play the box on the Lock screen page, we're going to add hooks to the lock screen page. Below is our analysis process. After browsing the system's header file, we found the sblockscreenmanager. h file from the path below, and it is easy to infer from the filename that the file is the file that is responsible for the lock screen of the iphone system, and we hook it up.

　　

Below is the contents of the above header file, from the content we are more convinced that the Sblockscreenmanager class is used to manage the system lock screen, because there is a field is used to indicate whether the screen has been locked isuilocked. There is also a class method and an object method in the header file. Of course, this kind of method is used to obtain the singleton of the class. And the object method Lockuifromsource ... It should be used to lock the screen and unlock it. In the lock screen, you want to have the bullet box in the Sblockscreenmanager class, the only object method in action .

　　

(2) Implementation of Hook code

Below is all the code in the tweak.xm . It is Logos syntax, which is relatively simple to use. %hook and%end appear in pairs ,%hook behind is the class name we want to modify, here we want to modify the Sblockscreenmanager , similar to OC in the inheritance operation. %orig, which is used to execute the original function that modifies the function, can be seen here as Superin the OC syntax, similar to calling a method of the parent class. The code below uses these Logos syntax enough to play the frame on the lock screen.

　　

Introduction to Common logos syntax:

• %HOOK specifies the class name that needs to be hook, ending with%end
• %log used to print the log, input information into the syslog, such as%log ((NSString *) @ "Zeluli")
• %orig executes the original code of the hook function, similar to the Super.method function
• %group This instruction is used for%hook grouping,%group is followed by the group name,%group also must end with%end, which can contain multiple%hook
• %init the directive is used to initialize a%group, and a group is initialized only to take effect, and Init must be executed in the hook.
• %ctor Tweak constructor, used to initialize, if not explicitly defined, Theos will automatically generate a%ctor, and in which%init (_ungrouped) is called. such as:%ctor {%init (_ungrouped)}
• %new the directive is used to add a new function to the existing class. Same as the Class_addmethod in runtime.
• %c the directive is used to get the name of a class, similar to Objc_getclass.

The above first involved so much, in more detail please attend:http://iphonedevwiki.net/index.php/Logos

5. Control file

The content stored in the control file records the basic information required by the Deb package management system and is packaged in a Deb package. Below is the control content, which is stored in the package name, project name, version, author, and so on, and packaged after installation in the Cydia to see the same information.

　　

6, the compilation, packaging, installation

The process of compiling the packaged installation and the previous part type, here only to show the process, do not repeat too much.

(1) Compiling with make command

　　

(2) Packaging: make Packages

　　

(3) Install to Mobile: make install

　　

7. View from Cydia

Below is our successful installation after the Cydia in the view, after the successful installation, when you lock the screen will pop up an alter.

　　

Theos of the reverse engineering of iOS