Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
314 views
in Technique[技术] by (71.8m points)

objective c - is there anywhere where I could start MobileSubstrate tweaks programming?

After a search here on the forum I found a question like that, and it redirected me to a tutorial which gave em some basic instructions on manipulating SpringBoard with CapitainHook.

To start I'd like to do it with normal %hooks only. Any hint where I could start?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

So, since I (hope I) am far away from a noob with MobileSubstrate programming now, and saw this question as quite popular, I decided to create an answer covering everything you need to know about the subject hopefully briefly.

This little introduction is meant for whoever has a minimal knowledge on Objective-C and knows what he is doing.

NOTE: I will refer to the theos install path as $THEOS. This could be ~/theos, /var/theos, /usr/theos... Yeah.

The most popular way of creating MobileSubstrate extensions, also known as tweaks, is using Dustin Howett's theos build suite. Details follow:

What is theos?

So, we should start with what theos is not:

  • The Operating System
  • A Greek God
  • A compiler

And of course, what theos doesn't do:

  • Teaches you how to code.
  • Creates tweaks without having you to think
  • Sets up a whole building environment and/or installs the iOS SDK.

Theos is a cross-platform suite of development tools for managing, developing, and deploying iOS software without the use of Xcode, featuring:

  • A robust build system driven by GNU Make, which makes its Makefiles easily deployable through everywhere with theos installed too.

  • NIC, a project templating system which creates ready-to-build empty projects for varying purposes.

  • Logos, a built-in preprocessor-based library of directives designed to make MobileSubstrate extension development easy and with optimal code generation.

  • Automated packaging: Theos is capable of directly creating DEB packages for distribution in Cydia, the most popular mean of package distribution in the jailbreak scene.

How to install theos?

  • On OSX: Have the iOS SDK installed and follow these instructions.
  • On iOS: Install the BigBoss Recommended Tools package from Cydia and run installtheos3.
  • On Linux: Find a mean to have the toolchain installed, and follow these instructions.
  • On Windows: Nothing is impossible, but if you actually manage to do so, please let me know. :P

How to use theos?

This is a very asked question and too vague. Since theos is a whole suite of development tools, it doesn't make sense to ask How to use it, but more specifically, to ask How to create software using theos.

First of all, always have the Theos Makefile Reference in hand. It covers the basics of creating a theos Makefile, and that includes solving your linking issues adding a framework or private framework to the project.

Now, you can either create your own Makefile from scratch, create your little theos clone/symlink and start coding, but theos makes this step easier. You can just use nic.pl.

A very simple example of running NIC to create something can be found here. It's very straight-forward and sets you up right-away for programming.

Now, here's where we start getting back to topic.

Creating a tweak with theos

First of all, do not run NIC when inside $THEOS/bin. NIC will create the project directory exactly where you're running it from, and it avoids any project being created in $THEOS/bin. Therefore, you'll end up with a simple error which can be avoided by creating the project directory somewhere decent.

Run $THEOS/bin/nic.pl and choose the iphone/tweak template. You will be prompted by simple information which you may well know well how to answer, except for the last field: MobileSubstrate bundle filter.

Since a big part of MobileSubstrate is not just the hooker (the library which switches original methods/functions with yours), but also the loader (the part which gets your hooking to be inserted into certain processes), you have to supply this basic information for the Loader to know where to load your tweak. This field is but the bundle identifier for the application where this project will be inserted.

com.apple.springboard, the default option is the bundle identifier for SpringBoard, the application which is:

  • The iOS Homescreen
  • The launcher/displayer of common applications
  • The iOS Status Bar
  • Handler of some high-level essential background processes

Therefore, there's where many tweaks take place, altering behavior from something as trivial as app launching to something like how the whole homescreen UI looks like.

Programming a tweak with Logos

Now, the directory generated by NIC will contain:

  • The Theos Makefile, where you'll change information related to compiling
  • The control file, where you'll change packaging-related information
  • A symbolic link (or shortcut) to $THEOS named theos/
  • The main code file, defaulted as Tweak.xm. It is already added to the Makefile for compiling, so you can start coding right-away with it!

On knowing what to do

Now, you don't have SpringBoard's source code laying around, and you can't guess what methods to hook from nowhere. Therefore, you need a SpringBoard header set. For that, you need to use a tool named class-dump-z and run it into the SpringBoard binary (which is inside the iOS filesystem) to obtain header files including all class declarations and its methods inside the application.

From that (a deal of guessing and logging a method call is involved) you can start messing around with what you want in a tweak.

Of course, if you are not hooking SpringBoard you can use class-dump-z as you would in other binaries, such as UIKit, MobileSafari, etc.

Note that for when reversing App Store apps, they'll be encrypted. You'll need to decrypt those (I am unfortunately not allowed to tell you how-to), and then just run class-dump-z on them.

On obtaining private headers

Stuff like preference bundles require the headers for private frameworks, in that case the Preferences framework's headers. Else you'll get endless missing declaration errors (as I guess you could assume).

Getting them has the same logic applied the previous step. Run class-dump-z on, at this case, the Preferences binary and throw the headers at your INCLUDEPATH. The INCLUDEPATH is where the compiler will go looking for headers you include like #include <stdio.h>. Yes, stdio.h is inside one of the directories which build a compiler's INCLUDEPATH!

When compiling with a theos Makefile, $THEOS/include counts as part of your INCLUDEPATH, which means, you can just throw your dumped headers over there and include them later.

(Note that class-dumped headers aren't always perfect, so you're likely to have a couple of header-related compilation errors which can be easily fixed with something like removing a #import directive or changing it, or adding a couple of declarations.)

Code tips

  • You can't link against SpringBoard, so whenever you require a class from SpringBoard you have to use either the Logos %c directive or the objc_getClass function, as defined at <objc/runtime.h> to get it. Example: [%c(SBUIController) sharedInstance], [objc_getClass("SBUIController") sharedInstance].
  • When not knowing what a method does or how something works in SpringBoard, try disassembling it with IDA or others. I use IDA Demo (<- noob!) for my disassembling.
  • Looking at example code is amazingly helpful for both learning and figuring out how something works inside SpringBoard or others (again..). Great people at GitHub to have a projects looked at are rpetrich, chpwn, DHowett, EvilPenguin, and of course way more.
  • To also find about how SpringBoard and other works (...), have a look at a class's article at the iPhone Dev Wiki!

Epilogue

Wait, where's the good part? Where do I learn about coding in Tweak.xm?

Well, the original question was actually How to start MobileSubstrate tweaks programming?. You're all setup, hopefully with all headers placed, ready to type in make and see your project magically compiled with theos.

All you need to do is now to actually dig into your headers or your disassembly and go hooking, calling, etc.!

Logos Reference contains exactly how to hook and use other features of Logos, and the MobileSubstrate article on the devwiki is also a great read.

Good luck. And in case there is any doubt, don't hesitate joining the irc.saurik.com #theos IRC channel. It's a great way to discuss theos-related topics and ask questions. I'm mostly there, along with other greatly smart people ;)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...