一丶首先确定下,我们要做什么

启动Wechat的时候,出来个弹窗;

1.jpeg

二丶思路

2.1.根据Reveal获取TabBarControl的控制器名字;
2.2获取Bundle Identifier
2.3.注入弹窗;

哦也;

三丶实现

3.1

12.png

tabbarControl class:MMTabBarController

3.2Bundle Identifier

ssh连接设备

usbmuxd
http://www.jianshu.com/p/d351b5439465

$ps -e

找到进程

/var/mobile/Containers/Bundle/Application/F5B712D6-B61F-42AD-82C5-D3CDBC5A0DDD/WeChat.app/WeChat

用iFunBox打开:

11.png

12.png

得到应用名字:Wechat
Bundle Identifier:com.tencent.xin

3.2 使用Theos

➜  微信破壳 /opt/theos/bin/nic.pl
NIC 2.0 - New Instance Creator
------------------------------
  [1.] iphone/activator_event
  [2.] iphone/application_modern
  [3.] iphone/cydget
  [4.] iphone/flipswitch_switch
  [5.] iphone/framework
  [6.] iphone/ios7_notification_center_widget
  [7.] iphone/library
  [8.] iphone/notification_center_widget
  [9.] iphone/preference_bundle_modern
  [10.] iphone/tool
  [11.] iphone/tweak
  [12.] iphone/xpc_service
Choose a Template (required): 11
Project Name (required): ZBWxHook
Package Name [com.yourcompany.zbwxhook]: com.ZBWxHook.hook
Author/Maintainer Name [xzb]: xzb
[iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: com.tencent.xin
[iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: WeChat
Instantiating iphone/tweak in zbwxhook/...
Done.

Makefile

THEOS_DEVICE_IP=192.168.2.7
include $(THEOS)/makefiles/common.mk

TWEAK_NAME = wxHook
wxHook_FILES = Tweak.xm

include $(THEOS_MAKE_PATH)/tweak.mk

after-install::
    install.exec "killall -9 WeChat"

Tweak.xm

%hook MMTabBarController
- (void)viewDidLoad {
%orig;
UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"xzb专用" message:@"到此一游" delegate:nil cancelButtonTitle:@"确定" otherButtonTitles:nil];
[alert show];
}
%end

执行下

//因为Makefile使用$(THEOS) 所以需要配置下环境
$export PATH=/opt/local/bin:$PATH
$export PATH=/opt/local/sbin:$PATH
$export THEOS=/opt/theos

安装:
$make package install

四丶总结

坑不少,不过坑坑更健康;