Theos概述

Theos是什么？
Theos是一个越狱开发工具包，作者是DHwoett，因为作者去了微软，没有时间去维护开发Theos， so目前是由Adam Demasi进行维护并添加了很多全新的功能，如果你还在看旧版的书或者操作跟本文不一样，那么请查看本文时间、Theos最新更新状态作为参考，来确保本文内容是否还能够得到应用。

Theos集成了编译、发布的所有工作，并且简单实用。

Theos安装使用

准备环境配置

• Homebrew包管理工具
  • Homebrew
• ldid签名工具
  • 类似Apple的codesign
  • sha1算法生成密钥的签名管理工具
  • $ brew install ldid

Theos安装和简单使用

一、 设置一个环境变量

在.bash_profile中export一个环境变量，以便于theos安装make的时候找到里面的内容

export THEOS=~/theos
//这里的环境路径大家可以根据自己的喜好去设置

二、安装Theos

clone到你刚创建的环境位置

$ git clone --recursive https://github.com/theos/theos.git $THEOS

注意
当大家 clone的时候千万别忘记，--recursive 递归标示，因为在Theos开源库中有很多依赖的库，so不要去download这样是没法使用的，如果直接下载需要去修复

$ $THEOS/bin/update-theos

三、 配置Theos命令的环境变量

//在.bashpofile的PATH路径中添加
${THEOS}/bin/
这样在任何目录都能够使用Theos的命令

四、 使用Theos创建一个项目

1.新建一个文件夹，Theos文件夹TheosDemo，来到这个目录，创建一个Theos的项目，Tweak

$ cd ~/Desktop/TheosDemo
xxx $ nic.pl
NIC 2.0 - New Instance Creator

---

[1.] iphone/activator_event
[2.] iphone/application_modern
[3.] iphone/cydget
[4.] iphone/flipswitch_switch
[5.] iphone/framework
[6.] iphone/ios7_notification_center_widget
[7.] iphone/library
[8.] iphone/notification_center_widget
[9.] iphone/preference_bundle_modern
[10.] iphone/tool
[11.] iphone/tweak
[12.] iphone/xpc_service
//选择11 tweak
Choose a Template (required): 11
//项目名称
Project Name (required): xxxTWeak
//你的tweak的包名
Package Name [com.yourcompany.xxxtweak]: com.zachary.Tweak
//开发者
Author/Maintainer Name [zachary spark]: zacahry
//你需要注入的App的Bundle Identifier
[iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]:com.tencent.xin
[iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]:
Instantiating iphone/tweak in xxxtweak/...
Done.
//创建完成

2. 文件注释

control
项目配置的信息

Package: com.xxx.tweak
Name: xxxTWeak
Depends: mobilesubstrate
Version: 0.0.1
Architecture: iphoneos-arm
Description: An awesome MobileSubstrate tweak!
Maintainer: xxx
Author: xxx
Section: Tweaks

Makefile

1. 需要配置一些环境，THEOS_DEVICE_IP=xxx.xxx.xxx.xxx THEOS_DEVICE_PORT=xxx（你的手机IP、端口，如果不懂的话可以查看五、六有相关介绍）
2. include 一些theos的文件
3. 并干掉after-install:: install.exec "killall -9 SpringBoard" *

Tweak.xm
在写Tweak的时候的代码，主要语法是logos

xxxTweak.plist
目标App的标示

SpringBoard 类似桌面

五、使用cycript调试App, 定位你需要修改的方法

cy# ZaCurrentVC()
#"<WCAccountMainLoginViewController: 0x107005400>"
cy# #0x107005400.view.subviews()
@[#"<MMTableView: 0x10799e400; baseClass = UITableView; frame = (0 0; 414 736); clipsToBounds = YES; autoresize = W+H; gestureRecognizers = <NSArray: 0x170a53b60>; layer = <CALayer: 0x170830ec0>; contentOffset: {0, -64}; contentSize: {414, 413}>",#"<UIView: 0x106a8b570; frame = (124.5 694; 165 22); layer = <CALayer: 0x17082cb40>>"]
//这样可以验证是否是你要找的控件的位置
cy# #0x10799e400.hidden=YES
true
cy# #0x10799e400.hidden=NO
false
cy# #0x10799e400.subviews()
@[#"<UITableViewWrapperView: 0x107977000; frame = (0 0; 414 736); gestureRecognizers = <NSArray: 0x170a557e0>; layer = <CALayer: 0x170830f00>; contentOffset: {0, 0}; contentSize: {414, 736}>",#"<UIImageView: 0x106a88fc0; frame = (3 666.667; 408 2.33333); alpha = 0; opaque = NO; autoresize = TM; userInteractionEnabled = NO; layer = <CALayer: 0x1708316c0>>",#"<UIView: 0x106a8f5e0; frame = (0 0; 414 234); layer = <CALayer: 0x170831ea0>>",#"<UIView: 0x106a867b0; frame = (0 234; 414 159); layer = <CALayer: 0x17082bee0>>",#"<UIImageView: 0x106a875a0; frame = (408.667 198; 2.33333 471); alpha = 0; opaque = NO; autoresize = LM; userInteractionEnabled = NO; layer = <CALayer: 0x170831780>>"]
//找到了账号密码的输入的内容
cy# #0x106a8f5e0.hidden=YES
true
cy# #0x106a8f5e0.hidden=NO
false
//再次查看里面的subviews
cy# #0x106a8f5e0.subviews()
@[#"<UIView: 0x106a8f440; frame = (0 0; 414 234); autoresize = LM+RM; layer = <CALayer: 0x170831b60>>"]
cy# #0x106a8f440.hidden=YES
true
cy# #0x106a8f440.hidden=NO
false
//再次查看里面的subviews
cy# #0x106a8f440.subviews()
@[#"<UIView: 0x106628380; frame = (414 0; 414 234); hidden = YES; layer = <CALayer: 0x174624620>>",#"<UIView: 0x106601d30; frame = (0 0; 414 234); layer = <CALayer: 0x174624020>>"]
cy# #0x106628380.hidden=YES
true
cy# #0x106628380.hidden=NO  //不是
false
cy# #0x106601d30.hidden=YES  //找到
true
cy# #0x106601d30.hidden=NO
false
cy# #0x106601d30.subviews()
@[#"<CTRichTextView: 0x106643320; baseClass = UILabel; frame = (20 73; 374 33); opaque = NO; layer = <_UILabelLayer: 0x17488afa0>>",#"<UIView: 0x106a80470; frame = (0 146; 414 44); autoresize = W; layer = <CALayer: 0x17082b900>>",#"<UIView: 0x106a81660; frame = (0 190; 414 44); autoresize = W; layer = <CALayer: 0x17082bb80>>",#"<UIView: 0x106657b30; frame = (20 189.667; 374 0.333333); autoresize = LM+W; layer = <CALayer: 0x174628fc0>>",#"<UIView: 0x106657cd0; frame = (20 233.667; 374 0.333333); autoresize = LM+W; layer = <CALayer: 0x174628d00>>"]

cy# #0x106643320.hidden=YES  //这个是小标题Title
true
cy# #0x106643320.hidden=NO
false
cy# #0x106a80470.hidden=YES  //这个是账号框包括前面的title，因为我们需要拿到密码所以账号先不管
true
cy# #0x106a80470.hidden=NO
false
cy# #0x106a81660.hidden=YES  //这个是密码框
true
cy# #0x106a81660.hidden=NO
false
//根据上述方法，得到登录按钮调用的方法名称
cy# #0x107061200.view.subviews()[0].subviews()[3].subviews()[0].subviews()[1]  //得到登录按钮
cy# #0x106670ef0.allControlEvents
64
cy# [#0x106670ef0 actionsForTarget: #0x107061200 forControlEvent: 64]  //获取登录按钮调用的方法
@["onNext"] 

logos 语法

%hook WCAccountMainLoginViewController

- (void)onNext{
    UIView * view = MSHookIvar<UIView *>(self,"_userHeaderView");
    UITextField * password = view.subviews[2].subviews[0];
    NSLog(@"\n\n\n\n\n%@\n\n\n\n\n",password.text);
    %orig;
}
%end

ZaCurrentVC() 为什么请到七查看

六 使用Theos编译、打包

1. 编译

xxx $ make
> Making all for tweak xxxTWeak…
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (armv7)…
==> Linking tweak xxxTWeak (armv7)…
clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated]
==> Generating debug symbols for xxxTWeak…
rm /Users/zacharyspark/Desktop/TheosDemo/xxxtweak/.theos/obj/debug/armv7/Tweak.xm.mm
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (arm64)…
==> Linking tweak xxxTWeak (arm64)…
clang: warning: libstdc++ is deprecated; move to libc++ with a minimum deployment target of iOS 7 [-Wdeprecated]
==> Generating debug symbols for xxxTWeak…
rm /Users/zacharyspark/Desktop/TheosDemo/xxxtweak/.theos/obj/debug/arm64/Tweak.xm.mm
==> Merging tweak xxxTWeak…
==> Signing xxxTWeak…

2. 打包

xxx $ make package
> Making all for tweak xxxTWeak…
make[2]: Nothing to be done for `internal-library-compile'.
> Making stage for tweak xxxTWeak…
dm.pl: building package `com.zachary.tweak:iphoneos-arm' in `./packages/com.zachary.tweak_0.0.1-1+debug_iphoneos-arm.deb'

3. 安装

xxx $ make install
==> Installing…
Selecting previously unselected package com.zachary.tweak.
(Reading database ... 2655 files and directories currently installed.)
Preparing to unpack /tmp/_theos_install.deb ...
Unpacking com.zachary.tweak (0.0.1-1+debug) ...
Setting up com.zachary.tweak (0.0.1-1+debug) ...
install.exec "killall -9 SpringBoard"

至此你已经完成了第一款插件

Theos的坑

1. 使用打包命令的时候报错

 xxx $ make package
> Making all for tweak xxxTWeak…
make[2]: Nothing to be done for `internal-library-compile'.
> Making stage for tweak xxxTWeak…
Can't locate IO/Compress/Lzma.pm in @INC (you may need to install the IO::Compress::Lzma module) (@INC contains: /Library/Perl/5.18/darwin-thread-multi-2level /Library/Perl/5.18 /Network/Library/Perl/5.18/darwin-thread-multi-2level /Network/Library/Perl/5.18 /Library/Perl/Updates/5.18.2 /System/Library/Perl/5.18/darwin-thread-multi-2level /System/Library/Perl/5.18 /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level /System/Library/Perl/Extras/5.18 .) at /opt/theos/bin/dm.pl line 12.
BEGIN failed--compilation aborted at /opt/theos/bin/dm.pl line 12.
make: *** [internal-package] Error 2

解决方案，压缩方式的问题

• 安装Lzma

        $ # for macOS:  
        $ brew install xz
        $ sudo cpan IO::Compress::Lzma
  

• 修改dm.pl , deb.mk文件

  第一步
  $ vim $THEOS/vendor/dm.pl/dm.pl
  注释
  #use IO::Compress::Lzma;
  #use IO::Compress::Xz;
  第二步
  $ vim $THEOS/makefiles/package/deb.mk
  # _THEOS_PLATFORM_DPKG_DEB_COMPRESSION ?= lzma
  _THEOS_PLATFORM_DPKG_DEB_COMPRESSION ?= gzip
  

2. 编译问题
   问题描述

Error : You do not an SDK 

需要制定Xcode。
查看指定的Xcode

$ xcode-select -p   //查看是否指定

3. 缓存问题
   clean 清除缓存

4. Nothing to be done for "interal-library-compile"，ERROR：package name has characters that aren‘t lowercase alphanums or "->."
   Package 中间不能有大写,在你的Control中查看是否是package大写

注意

• package name需要全部小写
• 不要在中文目录下编译、打包