感谢狗神神作iOS逆向工程,本文主要记录了第一个tweak的开发.对于theos没有安装或者安装有问题的友们可以参照我的另一篇博文Mac10.11&Xcode7.3安装Mactheos和iOSOpenDev.当然在后期的使用中还是发现了诸多问题没有记录下来,如果有兴趣的话可以留言或@我.
打开终端

laoshirendeMacBook-Air:~ laoshiren$ cd ./Desktop/
laoshirendeMacBook-Air:Desktop laoshiren$ mkdir myTweak
laoshirendeMacBook-Air:Desktop laoshiren$ cd ./myTweak/
laoshirendeMacBook-Air:myTweak laoshiren$ /opt/theos/bin/nic.pl 创建theos项目
NIC 2.0 - New Instance Creator
------------------------------
  [1.] iphone/application
  [2.] iphone/library
  [3.] iphone/preference_bundle
  [4.] iphone/tool
  [5.] iphone/tweak
Choose a Template (required): 5  选择第5个tweak模板,相当于外挂
Project Name (required): myTweak 项目名称
Package Name [com.yourcompany.mytweak]: com.yourcompany.mytweak 包名,反域名的形式
Author/Maintainer Name [老实人]: askMe 作者
[iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: com.apple.springboard 这个是你要hook住app的bundleID,在项目plist中可以修改和添加
[iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: SpringBoard 安装后要终结app的进程
Instantiating iphone/tweak in mytweak/...
Done.

打开你创建myTweak文件夹,是不是多出一个mytweak的项目文件.我们主要编辑的文件是

• Makefile:项目的编译文件,使用任意文本编辑器打开如下

include theos/makefiles/common.mk

TWEAK_NAME = myTweak
myTweak_FILES = Tweak.xm

include $(THEOS_MAKE_PATH)/tweak.mk

after-install::
    install.exec "killall -9 SpringBoard"

我们添加一些代码满足更多功能,添加后效果如下

THEOS_DEVICE_IP = 192.168.199.184 手机的ip地址,等会ssh协议打包安装(mac和phone同一个局域网)
ARCHS = armv7 arm64  指定处理器架构(如果不写可能报错:binary does not support this cpu type)
TARGET = iphone:latest:7.0 指定编译器sdk版本和发布最低版本(latest是你选择xcode的最新sdk,也可以填写8.0)
myTweak_FRAMEWORKS = UIKit  导入库 多个库空格隔开
myTweak_PRIVATE_FRAMEWORKS = AppSupport  导入私有库,如果你的xcod7.3需要将私有库导入到/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS9.3.sdk/System/Library/
myTweak_LDFLAGS = -lz 􏺗􏺘􏺳􏰉􏶇􏶒􏰂􏵔􏵠􏾁连接mach-o对象(.dylib文件,.a文件,.o文件等),(-lz会自动搜索libz.dylib或libz.a)

include theos/makefiles/common.mk 固定写法,无需更改

TWEAK_NAME = myTweak 项目名称
myTweak_FILES = Tweak.xm tweak包含的源文件(不包含头文件) 多个空格隔开

include $(THEOS_MAKE_PATH)/tweak.mk 不同工程,指定不同.mk文件.如:application.mk􏱲,tweak.mk和tool.mk

after-install::
    install.exec "killall -9 SpringBoard" 安装完后终结进程

关于make更详细的学习可以参考阮一峰博文Make 命令教程.

• Tweak.xm:源码文件.后缀名xm说明支持logos,c/c++语言,使用xcode打开该文件,删除掉所有代码,写入以下代码.

%hook SBLockScreenDateViewController //需要hook的头文件,以%end结尾,以下方法就是我们要挂钩子的方法

- (void)setCustomSubtitleText:(id)arg1 withColor:(id)arg2{
//%orig;执行该方法原始代码,如果去掉就执行了.还可以修改原始参数;
%orig(@"iOS 8 App Reverse Engineering", arg2);
NSLog(@"askMe:reboot springBoard");
}
%end

%hook SpringBoard

- (void)applicationDidFinishLaunching:(id)application{
%orig;
UIAlertView * alert = [[UIAlertView alloc]initWithTitle:@"Welcome" message:@"HelloWorld!" delegate:nil cancelButtonTitle:@"Thanks" otherButtonTitles:nil];
[alert show];
[alert release];
NSLog(@"askMe:CheckID starting!");
}
%end

当然还有其他的logos语法,%group􏱲,%init,􏱲%ctor,􏱲%new,􏱲%c,%log这里就不一一介绍了,可以参照logos语法
打开终端输入make编译一下

laoshirendeMacBook-Air:mytweak laoshiren$ make
Making all for tweak myTweak...
 Preprocessing Tweak.xm...
 Compiling Tweak.xm...
 Linking tweak myTweak...
 Stripping myTweak...
 Signing myTweak...

这个时候我们可以看到多出了一个obj的文件夹,里面多了一个.dylib.

输入打包命令(将文件打包成deb文件),

laoshirendeMacBook-Air:mytweak laoshiren$ make package
Making all for tweak myTweak...
make[2]: Nothing to be done for `internal-library-compile'.
Making stage for tweak myTweak...
dpkg-deb：正在新建软件包 com.yourcompany.mytweak，包文件为 ./com.yourcompany.mytweak_0.0.1-1_iphoneos-arm.deb

为了方便操作和安装,我们需要对对手机SSH进行签名,这样就不用每次都输入密码了

laoshirendeMacBook-Air:mytweak laoshiren$ iosod sshkey -h 192.168.199.184
Reading existing authorized keys from device ... 
Public key is already authorized. 我这个是已经签名过的,所以会有这个,对于没有签名的会询问你是否继续(yes),还要输入手机openssh密码(默认是alpine),期间最好保持手机解锁,电脑和手机在同一个局域网

上面我们已经给了解过了make和make package的作用,现在将项目恢复到编译前的状态

laoshirendeMacBook-Air:mytweak laoshiren$ make clean
rm -rf ./obj
rm -rf "/Users/laoshiren/Desktop/myTweak/mytweak/_"
laoshirendeMacBook-Air:mytweak laoshiren$ rm com.yourcompany.mytweak_0.0.1-1_iphoneos-arm.deb
laoshirendeMacBook-Air:mytweak laoshiren$ ls -i
8139435 Makefile    8139433 control     8139437 theos
8141763 Tweak.xm    8139434 myTweak.plist

好了见证奇迹的时刻到了,输入命令make package install

laoshirendeMacBook-Air:mytweak laoshiren$ make package install
Making all for tweak myTweak...
 Preprocessing Tweak.xm...
 Compiling Tweak.xm...
 Linking tweak myTweak...
 Stripping myTweak...
 Signing myTweak...
Making stage for tweak myTweak...
dpkg-deb：正在新建软件包 com.yourcompany.mytweak，包文件为 ./com.yourcompany.mytweak_0.0.1-3_iphoneos-arm.deb。
install.exec "cat > /tmp/_theos_install.deb; dpkg -i /tmp/_theos_install.deb && rm /tmp/_theos_install.deb" < "./com.yourcompany.mytweak_0.0.1-3_iphoneos-arm.deb"
Selecting previously deselected package com.yourcompany.mytweak.
(Reading database ... 4474 files and directories currently installed.)
Unpacking com.yourcompany.mytweak (from /tmp/_theos_install.deb) ...
Setting up com.yourcompany.mytweak (0.0.1-3) ...
install.exec "killall -9 SpringBoard"

手机重启之后,是不是多了一个alertView,锁屏界面的日期是不是变成了"iOS 8 App Reverse Engineering"

现在正在了解苹果刷榜的一些业务,如果有从事这方便的大神,艾特我伸下大腿让我抱抱,或者互利共赢,共同学习也是可以的.