Introduction to the

Features: easy to download and install, simple Logos syntax, easy to compile and publish

Note: The other jailbreak tool iOSOpenDev is integrated into Xcode, Theos is not

The installation

  1. If you have Xcode installed on your Mac, you will ship Command Line Tools with it. If you have multiple Xcodes installed, you will need to specify a default Xcode for Theos. The command is: $sudo xcode – select – s/Applications/XcodeName/Contents/Developer (XcodeName specified as the default xcode)

  2. Download Theos GitHub portal:

    $ export THEOS=/opt/theos
$ sudo clone git://github.com/DHowett/theos.git $THEOSCopy the code
  3. Configuration ldid

    Ldid is a tool for signing iOS executables to replace Xcode’s coDesign in jailbroken iOS.

    from(LDID download address)Download the LDID, save it to the /opt/theos/bin/ directory, and run the following command:

    $ sudo chmod 777 /opt/theos/bin/ldid
  4. Configuration CydiaSubstrate

    Start by running Theos’s automated configuration script:

    $ sudo /opt/theos/bin/bootstrap.sh substrate

    Due to a bug in Theos, it is not possible to automatically generate a valid libsubstrate. Dylib file, which we needManually add:
    • [Fixed] Search for installing CydiaSubstrate in Cydia on jailbroken phone
    • Use PP assistant and other mobile phone file assistant in the computer to find the file CydiaSubstrate and copy;
    • Rename it to libsubstrate. Dylib and place it in /opt/theos/lib/.
  5. Configuration DPKG – deb

    from(Dm.pl download address)Dmp.pl /opt/theos/bin/ / dmpkg-deb /opt/theos/bin/ dmpkg-deb /opt/theos/bin/

    $ sudo chmod 777 /opt/theos/bin/dpkg-deb
  6. Configuration Theos NIC templates Theos NIC templates built in 5 types of Theos project template, you can also download more templates in (template download address), after decompression in/opt/Theos/templates/iphone/directory.

use

  1. Create a project

    • Go to the working directory on the terminal and run the following command:

      $ /opt/theos/bin/nic.pl
    • Select the number of template type tweak
    • Enter the project name for tweak
    • Enter the name of the DEB package (similar to bundle identifier)
    • Enter the name of tweak author
    • MobileSubstrate Bundle fileter, tweak the Bundle identifier of the object, for example:

      $ com.apple.springboard
    • Enter the process name of the application to be restarted after tweak is installed, for example:

      $ SpringBoard

  2. The project directory should contain the following files: Makefile, tweaking. Xm, control, iosreproject. plist, theos -> /opt/theos. Makefiles specify files, frameworks, libraries, etc., to be used by the project, automating the process. Tweak. Xm. x means that the source file supports Logos and C syntax; .xm indicates that the source file supports Logos and C/C++ syntax. Control records the basic information required by the DEB package management system and is packaged into the DEB package. Main Contents:

    Packages field: Used to describedebPackage name, which can be changed. Name field: The Name used to describe the project, which can be changed. The Depends field: Describes thisdebPackage "dependencies" can be filled in with firmware versions or other programs that can be changed. Version field: Describes thisdebPackage version number, which can be changed. Architecture field: Used to describedebThe target device architecture for package installation, do not change. Description field: DescriptiondebA brief introduction to packages that can be changed. Maintainteer field: Provides descriptiondebPackage maintainer, which can be changed. Author field: Describes the Author of tweak and can be changed. Section field: Used to describedebThe program category required by the package, do not change.Copy the code

    Iosreproject.plist records configuration information that describes the scope of tweak. The outer layer of iosreproject. plist is a dictionary containing the key Fileter, and the Fileter is a series of arrays divided into:

    Bundles: Specifies a number of Bundles as objects of tweak. Classes: Specify a numberclassfortweakObject.Executables: Specify several Executables as objects of tweak.Copy the code

    Note: Add a “Mode: Any” key-value pair when there are different types of arrays under Filter. Add a” Mode: Any” key-value pair when there is only one type of array

Compile + package + install

  1. compile

    $CD Theos Project directory

    $make ($obj, $dylib, $dylib, $dylib)
  2. packaging

    $make package (at this point, a deb file will be generated, and an "_" folder will be generated)

    $make package messages=yes

    Note: libsubstrate. Dylib needs to be replaced and granted permissions

    Dpkg-deb needs to be added and granted permission
  1. The installation
    1. Install using ifile.
    2. Cli installation: Use SSH command to install. (You need to change the iOS IP to the local IP in the Makefile and then run $make package install)

Logos Basic Grammar

  • %hook

    Specifies the class that requires a hook, which must end with %end.

    Ex. : 
    %hook SpringBoard
-(void)_menubuttonDown:(id)down {
    NSLog(@"You've pressed home button.");
    %orig; //call the original _menuButtonDown; }%endCopy the code
  • %log

    Used inside %hook to write the function’s class name, parameters, and other information to syslog.

    Ex. : 
    %hook SpringBoard
-(void)_menubuttonDown:(id)down {
    %log((NSString *)@"iOSRE",(NSString *)@"Debug");
    %orig; //call the original _menuButtonDown; }%endCopy the code
  • %orig

    Used inside a hook, executed byhookThe original code of the function.

    Ex. : 
    %hook SpringBoard
-(void)_menubuttonDown:(id)down {
    NSLog(@"You've pressed home button.");
    %orig; //call the original _menuButtonDown; }%endCopy the code

    If %orig is removed, the original function will not be executed.

    %orig can also be used to change the arguments of the original function.

    Ex. :

    %hook SBLockScreenDateViewController
-(void)setCustomSubtitleText:(id)arg1 withColor:(id)arg2 {
    %orig(@"iOS 8 App Reverse Engineering",arg2);
}
%end
// This method changes the date display on the lock screenCopy the code
  • %group

    All the % hooks that belong to the ungrouped %group were automatically grouped into the %group _ungrouped. All the % hooks that belong to the ungrouped %group were automatically grouped into the %group _ungrouped.

    Example: 
    %group iOS7Class
%hook SpringBoard
-(void)_menubuttonDown:(id)down
{
    NSLog(@"You've pressed home button.");
    %orig; //call the original _menuButtonDown; }%end
%endCopy the code
  • %init is used to initialize a %group and must be called within %hook or %ctor; You can specify the %group that you want to initialize, otherwise _ungrouped will be initialized.
  • %ctor

    Tweak constructor to do the initialization. If %ctor is not executed the default will generate a %ctor and call %init(_ungrouped). If %ctor is executed the %init(group/_ungrouped) must be executed.

    Example: 
    %group iOS7Class
%hook SpringBoard
-(void)_menubuttonDown:(id)down
{
    NSLog(@"You've pressed home button.");
    %orig; //call the original _menuButtonDown; }%end
%end
%ctor
{
    %init(iOS7Class);
}
//%ctor does not need to end with %endCopy the code
  • %new is used inside %hook to add a new function to an existing class.
  • %c dynamically retrieves a class definition, used in %hook or %ctor.