感謝狗神神作iOS逆向工程,本文主要記錄了第一個tweak的開發(fā).對于theos沒有安裝或者安裝有問題的友們可以參照我的另一篇博文Mac10.11&Xcode7.3安裝Mactheos和iOSOpenDev.當然在后期的使用中還是發(fā)現(xiàn)了諸多問題沒有記錄下來,如果有興趣的話可以留言或@我.
打開終端

laoshirendeMacBook-Air:~ laoshiren$ cd ./Desktop/
laoshirendeMacBook-Air:Desktop laoshiren$ mkdir myTweak
laoshirendeMacBook-Air:Desktop laoshiren$ cd ./myTweak/
laoshirendeMacBook-Air:myTweak laoshiren$ /opt/theos/bin/nic.pl 創(chuàng)建theos項目
NIC 2.0 - New Instance Creator
------------------------------
  [1.] iphone/application
  [2.] iphone/library
  [3.] iphone/preference_bundle
  [4.] iphone/tool
  [5.] iphone/tweak
Choose a Template (required): 5  選擇第5個tweak模板,相當于外掛
Project Name (required): myTweak 項目名稱
Package Name [com.yourcompany.mytweak]: com.yourcompany.mytweak 包名,反域名的形式
Author/Maintainer Name [老實人]: askMe 作者
[iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: com.apple.springboard 這個是你要hook住app的bundleID,在項目plist中可以修改和添加
[iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: SpringBoard 安裝后要終結(jié)app的進程
Instantiating iphone/tweak in mytweak/...
Done.

打開你創(chuàng)建myTweak文件夾,是不是多出一個mytweak的項目文件.我們主要編輯的文件是

• Makefile:項目的編譯文件,使用任意文本編輯器打開如下

include theos/makefiles/common.mk

TWEAK_NAME = myTweak
myTweak_FILES = Tweak.xm

include $(THEOS_MAKE_PATH)/tweak.mk

after-install::
    install.exec "killall -9 SpringBoard"

我們添加一些代碼滿足更多功能,添加后效果如下

THEOS_DEVICE_IP = 192.168.199.184 手機的ip地址,等會ssh協(xié)議打包安裝(mac和phone同一個局域網(wǎng))
ARCHS = armv7 arm64  指定處理器架構(gòu)(如果不寫可能報錯:binary does not support this cpu type)
TARGET = iphone:latest:7.0 指定編譯器sdk版本和發(fā)布最低版本(latest是你選擇xcode的最新sdk,也可以填寫8.0)
myTweak_FRAMEWORKS = UIKit  導(dǎo)入庫 多個庫空格隔開
myTweak_PRIVATE_FRAMEWORKS = AppSupport  導(dǎo)入私有庫,如果你的xcod7.3需要將私有庫導(dǎo)入到/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS9.3.sdk/System/Library/
myTweak_LDFLAGS = -lz ????????????????????連接mach-o對象(.dylib文件,.a文件,.o文件等),(-lz會自動搜索libz.dylib或libz.a)

include theos/makefiles/common.mk 固定寫法,無需更改

TWEAK_NAME = myTweak 項目名稱
myTweak_FILES = Tweak.xm tweak包含的源文件(不包含頭文件) 多個空格隔開

include $(THEOS_MAKE_PATH)/tweak.mk 不同工程,指定不同.mk文件.如:application.mk??,tweak.mk和tool.mk

after-install::
    install.exec "killall -9 SpringBoard" 安裝完后終結(jié)進程

關(guān)于make更詳細的學(xué)習(xí)可以參考阮一峰博文Make 命令教程.

• Tweak.xm:源碼文件.后綴名xm說明支持logos,c/c++語言,使用xcode打開該文件,刪除掉所有代碼,寫入以下代碼.

%hook SBLockScreenDateViewController //需要hook的頭文件,以%end結(jié)尾,以下方法就是我們要掛鉤子的方法

- (void)setCustomSubtitleText:(id)arg1 withColor:(id)arg2{
//%orig;執(zhí)行該方法原始代碼,如果去掉就執(zhí)行了.還可以修改原始參數(shù);
%orig(@"iOS 8 App Reverse Engineering", arg2);
NSLog(@"askMe:reboot springBoard");
}
%end

%hook SpringBoard

- (void)applicationDidFinishLaunching:(id)application{
%orig;
UIAlertView * alert = [[UIAlertView alloc]initWithTitle:@"Welcome" message:@"HelloWorld!" delegate:nil cancelButtonTitle:@"Thanks" otherButtonTitles:nil];
[alert show];
[alert release];
NSLog(@"askMe:CheckID starting!");
}
%end

當然還有其他的logos語法,%group??,%init,??%ctor,??%new,??%c,%log這里就不一一介紹了,可以參照logos語法
打開終端輸入make編譯一下

laoshirendeMacBook-Air:mytweak laoshiren$ make
Making all for tweak myTweak...
 Preprocessing Tweak.xm...
 Compiling Tweak.xm...
 Linking tweak myTweak...
 Stripping myTweak...
 Signing myTweak...

這個時候我們可以看到多出了一個obj的文件夾,里面多了一個.dylib.

輸入打包命令(將文件打包成deb文件),

laoshirendeMacBook-Air:mytweak laoshiren$ make package
Making all for tweak myTweak...
make[2]: Nothing to be done for `internal-library-compile'.
Making stage for tweak myTweak...
dpkg-deb：正在新建軟件包 com.yourcompany.mytweak聪姿，包文件為 ./com.yourcompany.mytweak_0.0.1-1_iphoneos-arm.deb

為了方便操作和安裝,我們需要對對手機SSH進行簽名,這樣就不用每次都輸入密碼了

laoshirendeMacBook-Air:mytweak laoshiren$ iosod sshkey -h 192.168.199.184
Reading existing authorized keys from device ... 
Public key is already authorized. 我這個是已經(jīng)簽名過的,所以會有這個,對于沒有簽名的會詢問你是否繼續(xù)(yes),還要輸入手機openssh密碼(默認是alpine),期間最好保持手機解鎖,電腦和手機在同一個局域網(wǎng)

上面我們已經(jīng)給了解過了make和make package的作用,現(xiàn)在將項目恢復(fù)到編譯前的狀態(tài)

laoshirendeMacBook-Air:mytweak laoshiren$ make clean
rm -rf ./obj
rm -rf "/Users/laoshiren/Desktop/myTweak/mytweak/_"
laoshirendeMacBook-Air:mytweak laoshiren$ rm com.yourcompany.mytweak_0.0.1-1_iphoneos-arm.deb
laoshirendeMacBook-Air:mytweak laoshiren$ ls -i
8139435 Makefile    8139433 control     8139437 theos
8141763 Tweak.xm    8139434 myTweak.plist

好了見證奇跡的時刻到了,輸入命令make package install

laoshirendeMacBook-Air:mytweak laoshiren$ make package install
Making all for tweak myTweak...
 Preprocessing Tweak.xm...
 Compiling Tweak.xm...
 Linking tweak myTweak...
 Stripping myTweak...
 Signing myTweak...
Making stage for tweak myTweak...
dpkg-deb：正在新建軟件包 com.yourcompany.mytweak闻伶，包文件為 ./com.yourcompany.mytweak_0.0.1-3_iphoneos-arm.deb专控。
install.exec "cat > /tmp/_theos_install.deb; dpkg -i /tmp/_theos_install.deb && rm /tmp/_theos_install.deb" < "./com.yourcompany.mytweak_0.0.1-3_iphoneos-arm.deb"
Selecting previously deselected package com.yourcompany.mytweak.
(Reading database ... 4474 files and directories currently installed.)
Unpacking com.yourcompany.mytweak (from /tmp/_theos_install.deb) ...
Setting up com.yourcompany.mytweak (0.0.1-3) ...
install.exec "killall -9 SpringBoard"

手機重啟之后,是不是多了一個alertView,鎖屏界面的日期是不是變成了"iOS 8 App Reverse Engineering"

現(xiàn)在正在了解蘋果刷榜的一些業(yè)務(wù),如果有從事這方便的大神,艾特我伸下大腿讓我抱抱,或者互利共贏,共同學(xué)習(xí)也是可以的.