theos

iOS逆向之TheOS

ぐ巨炮叔叔 提交于 2020-01-27 12:41:39
TheOS 被设计为一个在基于 Unix 平台 (Mac OS X、IOS…) 和大多数 的Linux 平台下开发 iOS 程序的集成开发环境。说是集成开发环境,其实就是给我们准备好了一些代码模板、预置一些基本的 Makefile 脚本,我们还是要在 终端命令行 中完成一些关键操作。 1.安装dpkg和LDID 执行如下指令: brew install dpkg ldid 2.安装Theos 执行如下指令: sudo git clone --recursive https://github.com/theos/theos.git /opt/theos 3.配置权限 sudo chown $(id -u):$(id -g) /opt/theos 4.配置环境变量 vim .bash_profile 添加如下两行: export THEOS=/opt/theos export PATH=/opt/theos/bin/:$PATH 【说明】:环境变量配置,可以查看 OS X修改环境变量 5.使用Theos 5.1创建工程 在终端输入如下指令: nic.pl 如果提示如下错误: 执行以下指令即可: source .bash_profile 执行完“nic.pl”指令后,会出现如下选择模板的界面: 在逆向工程的初级阶段,所开发程序的主要类型是tweak,因此输入15,按Enter键继续

iOS逆向系列-theos

本秂侑毒 提交于 2020-01-26 23:28:01
概述 theos 是GitHub开源的一个项目,通过 nic.pl 创建 tweak 项目。通过编写我们注入代码,然后执行编译、打包、安装等操作将代码注入iPhone安装的制定程序。 theos环境配置 安装签名工具ldid 确保安装了 brew /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 利用brew安装ldid $ brew install ldid 下载theos $ git clone --recursive https://github.com/theos/theos.git 由于theos依赖于其它的库所以我们使用 recursive 递归方式去clone自动下载锁依赖的库。我这里下载了~/目录下。 配置环境变量 为了是theos/bin目录下的命令全局有效,配置环境变量。 theos theos创建工程 cd到一个存放项目代码的文件夹(比如桌面) $ cd ~/Desktop $ nic.pl 选择【11.】iphone/tweak 填写项目信息 项目名称 项目ID(随便写) Author/Maintainer Name 作者 直接敲回车按照默认的做法就行(默认是Mac上的用户名) [iphone/tweak

Enable ARC for theos build system

ⅰ亾dé卋堺 提交于 2020-01-22 16:08:26
问题 I'm currently using the theos build system to write applications and tweaks for jailbroken iPhones. Is there a way for me to enable automatic reference counting for specific projects with theos? I've Googled and tried to decipher the theos makefiles, but I haven't been able to find anything. 回答1: See https://github.com/Maxner/BrightnessFix/blob/master/Makefile ARCHS=armv7 armv7s TARGET_IPHONEOS_DEPLOYMENT_VERSION = 6.0 TARGET_CC = xcrun -sdk iphoneos clang TARGET_CXX = xcrun -sdk iphoneos

Which method is called when device is about to be unlocked?

柔情痞子 提交于 2020-01-02 13:28:07
问题 I would like to know where the -(void)unlock (or whatever is called) used when we "slide to unlock" on the LockScreen is. Has anyone an idea ? 回答1: Try these iOS 4 - 5 SBAwayController -(void)_finishedUnlockAttemptWithStatus:(char) Argument will be non zero (I don't quite sure it will always be 1 when device is unlocked) when device is about to be unlocked. iOS 6 SBAwayController -(void)_finishUnlockWithSound:(char) unlockSource:(int) isAutoUnlock:(char) iOS 7 SBLockScreenViewController -

How to use the value in PSLinkListCell in preference bundle?

左心房为你撑大大i 提交于 2019-12-12 15:23:45
问题 I would like to make a preference bundle for my jailbreak tweak. I successfully made a preference bundle with a switch that works. But I would like a setting to choose color. Example: Blue Color > Yellow Green So if I click on Color , it would bring me to another screen which ask me to choose either " Blue ", " Yellow " or " Green " I have looked at tutorials on the net, and I think this is a PSLinkList . But I want my tweak to read the plist and record what color is chosen. I think it would

Strange behavior on 64bit iOS devices when retrieving vm statistics

时光总嘲笑我的痴心妄想 提交于 2019-12-12 15:12:59
问题 I made a tweak that shows free ram inside hooked SpringBoard method. I am using this code: mach_port_t host_port; mach_msg_type_number_t host_size; vm_size_t pagesize; host_port = mach_host_self(); host_size = sizeof(vm_statistics_data_t) / sizeof(integer_t); host_page_size(host_port, &pagesize); vm_statistics_data_t vm_stat; if (host_statistics(host_port, HOST_VM_INFO, (host_info_t)&vm_stat, &host_size) != KERN_SUCCESS){ ram = @"N/A"; }else{ natural_t bytes = (vm_stat.free_count * pagesize);

Can hook +[NSURLSession sessionWithConfiguration:delegate:delegateQueue:] but calling %orig gives “unrecognized selector”

北城以北 提交于 2019-12-12 01:59:45
问题 This is baffling me. I have hooked class methods on NSURLConnection with no problems but I am stuck with +[NSURLSession sessionWithConfiguration:delegate:delegateQueue:] . I even tried logging all the class methods with class_copyMethodList (object_getClass([NSURLSession class]), &count); and the class method is actually there: sessionWithConfiguration:delegate:delegateQueue: initialize And the weird thing is the hook does get called so I think we got it right. Calling %orig() and just

THEOS: compiling error when calling method in other class (logos)

余生颓废 提交于 2019-12-11 20:56:47
问题 i'm trying to implement this tweak using THEOS that calls another view on load but i keep getting this error when i compile: Tweak.xm:13:57: error: class method '+onLeftMenu' not found (return type defaults to 'id') [-Werror,-Wobjc-method-access] [_logos_static_class_lookup$FoxTubeViewController() onLeftMenu]; my code Tweak.xm file: %hook MainViewController - (void)viewDidLoad{ %orig; [%c(LeftMenu) onCachedVideo]; } %end 回答1: if you need to use %c you should #import "LeftMenu.h" and if you

Hook to an instance method in iOS using theos and retrieve the argument that is being passed

吃可爱长大的小学妹 提交于 2019-12-11 16:56:39
问题 -(void)setID:(long long) is the method and I want retrieve the argument (the integer) being passed and show it in an alert view . I am new to this please help me. And also if possible, how to pass this argument to a different method. -(void)setSelectedID:(long long) , if this is the method I want to pass the arguments to, how would I do it in the Tweaks.xm file. Any help would be appreciated, thanks. Can this also be done using Cycript? 回答1: this code is untested but I hope it can help

UIImage may not respond to imageWithContentsofFile

柔情痞子 提交于 2019-12-11 11:58:32
问题 Hi guys I am trying to make a image appear whenever my method is called. Here is my code #import <UIKit/UIKit.h> #import <substrate.h> #import <Foundation/Foundation.h> #import <UIKit/UISaveToCameraRollActivity.h> #import <UIKit/_UIImageViewExtendedStorage.h> #import <UIKit/_UIOnePartImageView.h> #import <UIKit/_UIPrefTableCellPiece.h> #import <UIKit/_UIStretchableImage.h> #import <UIKit/_UISwitchSlider.h> #import <UIKit/_UITableViewCellDeleteConfirmationControl.h> #import <UIKit/UIImage.h>
订阅 theos