theos文档地址

安装

参考手把手安装最新版Theos

1). 安装dpkg和ldid

brew install dpkg ldid

2). 安装Thoes

sudo git clone --recursive https://github.com/theos/theos.git /opt/theos

把theos的执行路径加入到环境变量之中,在~./bash_profile中加上这么两句:

export THEOS=/opt/theos
export PATH=/opt/theos/bin/:$PATH

3). Ox.03 测试是否安装成功

cd到任意可执行目录

nic.pl

New Instance Creator开始执行则已经安装成功。

04). 从旧款Theos升级到最新版 直接上代码:

git submodule update –recursive

使用

目录

2018021351227c.png

control: 存放deb包管理系统所需的基本信息

**.plist: 规定作用范围, 可以是class、bundle 、可执行文件。 如果是多个类型,需要添加Model:Any

2018021395931plist.png

Makfile: 指定编译和链接所涉及的文件、框架、库等,将整个过程自动化。

include $(THEOS)/makefiles/common.mk 

TWEAK_NAME = tweakDemo
tweakDemo_FILES = Tweak.xm

#导入framework
tweakDemo_FRAMEWORKS = UIKit CoreAudio
#导入私有的framewokk,需要确定私有库存在
#tweakDemo_PRIVATE_FRAMEWORKS = AppSupport ChatKit
#低版本没有的framework可以通过若链接(weak linking) 或dlopen()/dlsym()/dlclose()等函数调用private framework来解决

#tweak包含的源文件(不包括头,多个文件以空格隔开,如 xx.m  aaa.mm)
include $(THEOS_MAKE_PATH)/tweak.mk



after-install::
	install.exec "killall -9 tweakTarget"

Tweak.xm:

x表示支持Logos语法, m表示支持c++语法

//基本的logos语法,包含 %hook  %log %orig 三个预处理命令
%hook ViewController  //指定hook的class ,需要以end结尾
- (void)buttonClicked:(id)arg1
{	
	%orig; //调用原始函数,在hook内部使用
	NSLog(@"按钮被点击");
	//%log 再hook内部使用,将函数的类名、参数等信息写入syslog
	%log((NSString *)@"iOSRE", (NSString *)@"Debug" );
	
	UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"hello world" message:nil  delegate:nil cancelButtonTitle:nil otherButtonTitles:@"确定", nil];
    [alert show];
}
%end

基本语法

1). %hook 指定需要hook的class,必须以%end结尾 2). %log%hook内部使用,将函数的类名、参数等信息写入syslog,可以按%log([(<type>)<expr>,...])的格式追加其他打印信息,如%log((NSString *)@"iOSRE",(NSString *)@"Degbug") 3). %orig%hook内部使用,执行hook住的原始函数,还可使用它更改原始函数的参数:

- (BOOL)lauchApplicationWithIdentifier:(id)arg1 suspended:(id)arg2{
  return %orig(@"com.apple.mobilephone", arg2);
}

4). %group,用于将%hook分组,便于管理代码和条件初始化分组,必须以%end结尾;一个%group可以包含多个%hook,不属于某个组的hook被隐式分配到%group_ungrouped中。 需要注意的是%group需要配合%init才能生效

%group iOS5Hook
%hook XXClass
- (void)method:(id)arg1 arg2:(id)arg2{
}
%end
%end

5). %init用于初始化%group,必须在%hook内或者%ctor内使用。如果带参数,则初始化的是组,如果不带参数,则初始化_ungrouped

- (void)method{
    %orig;
    %init;//等同于 %init(_ungrouped)
    if (kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_5_0) {
        %init(iOS5Hook);
    }
}

6). %ctor相当于隐式调用%init(_ungrouped)

//相当于执行了
%ctor{
    %init(_ungrouped);
}

7). %new 为class动态添加方法,类似obj_addMethod

%hook SpringBoard
%new 
- (void)newMethod{
    NSLog(@"add new method");
}
%end

8). %c等同于objc_getClass(),动态获取类的定义,在%hook内或者%ctor内使用

编译打包

make

➜  tweakdemo make
> Making all for tweak tweakDemo…
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (armv7)…
==> Linking tweak tweakDemo (armv7)…
clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated]
==> Generating debug symbols for tweakDemo (armv7)…
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (arm64)…
==> Linking tweak tweakDemo (arm64)…
clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated]
==> Generating debug symbols for tweakDemo (arm64)…
==> Merging tweak tweakDemo…
==> Signing tweakDemo…
➜  tweakdemo

打包

➜  tweakdemo make package
> Making all for tweak tweakDemo…
make[2]: Nothing to be done for `internal-library-compile'.
> Making stage for tweak tweakDemo…
Can't locate IO/Compress/Lzma.pm in @INC (you may need to install the IO::Compress::Lzma module) (@INC contains: /usr/local/Cellar/perl/5.26.1/lib/perl5/site_perl/5.26.1/darwin-thread-multi-2level /usr/local/Cellar/perl/5.26.1/lib/perl5/site_perl/5.26.1 /usr/local/Cellar/perl/5.26.1/lib/perl5/5.26.1/darwin-thread-multi-2level /usr/local/Cellar/perl/5.26.1/lib/perl5/5.26.1 /usr/local/lib/perl5/site_perl/5.26.1/darwin-thread-multi-2level /usr/local/lib/perl5/site_perl/5.26.1) at /opt/theos/bin/dm.pl line 12.
BEGIN failed--compilation aborted at /opt/theos/bin/dm.pl line 12.
make: *** [internal-package] Error 2

提示you may need to install the IO::Compress::Lzma module . 解决方法参考http://bbs.iosre.com/t/tweak-make-package/10382/7:

1)、/opt/theos/vendor/dm.pl/dm.pl 注释掉第12、13行

#use IO::Compress::Lzma;
#use IO::Compress::Xz;

2)、/opt/theos/makefiles/package/deb.mk 第6行lzma改为gzip

_THEOS_PLATFORM_DPKG_DEB_COMPRESSION ?= gzip

随后执行make cleanmake package出现

ERROR: package name has characters that aren't lowercase alphanums or '-+.'.
make: *** [internal-package] Error 255

解决: 将control文件的Package:对应的包名改为小写就可以了。

命令行安装

MakeFile顶部加上一行THEOS_DEVICE_IP指定测试机的IP,如:

THEOS_DEVICE_IP = 192.168.1.106

执行make package install就可以完成编译打包并装到手机上。

➜  tweakdemo make package install
> Making all for tweak tweakDemo…
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (armv7)…
==> Linking tweak tweakDemo (armv7)…
clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated]
==> Generating debug symbols for tweakDemo (armv7)…
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (arm64)…
==> Linking tweak tweakDemo (arm64)…
clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated]
==> Generating debug symbols for tweakDemo (arm64)…
==> Merging tweak tweakDemo…
==> Signing tweakDemo…
> Making stage for tweak tweakDemo…
dm.pl: building package `cc.tyrad.tweakdemo:iphoneos-arm' in `./packages/cc.tyrad.tweakdemo_0.0.1-17+debug_iphoneos-arm.deb'
==> Installing…
root@192.168.1.106's password:
(Reading database ... 1120 files and directories currently installed.)
Preparing to unpack /tmp/_theos_install.deb ...
Unpacking cc.tyrad.tweakdemo (0.0.1-17+debug) over (0.0.1-16+debug) ...
Setting up cc.tyrad.tweakdemo (0.0.1-17+debug) ...
install.exec "killall -9 tweakTarget"
root@192.168.1.106's password:

测试点击按钮会弹出alert:

2018021517604cc.png

ps: 解决10.3.3 open ssh 插件装上后,还是连不上手机的问题。

1). 卸载手机上的OpenSSL和Openssh 2). 添加源:http://cydia.ichitaso.com/test 3). 进入上面这个源里重新下载:dropbear 4). 安装完毕,执行ssh root@deviceIP,默认密码为alpine(也可以在iPhone里下载ssh软件进行连接测试)