iOS reverse development-theos installation and configuration simple instructions

iOS reverse development - installation and use of unpacking tools dumpdecrypted and frida-ios-dump

Introduction: The last article was about the unpacking tool, and today it is about theos, because installing this also wastes a lot of brain cells, and I cloned N and 1 again, and it all failed. Record how to solve it, I hope that friends who are interested in learning reverse engineering can read this article to avoid pitfalls.

Install

• It may be due to domestic network problems, the theos basically failed to clone on gitHub.

• I've been looking for information on the Internet for a long time, and finally solved it

• Thanks: ios reverse theos installation and entry (1)

Briefly summarize the steps:

1. brew install ldid
2. Set environment variables

command open ~/.zprofile, put these two sentences after the .profile file

export THEOS=~/theos
export PATH=$THEOS/bin:$PATH
复制代码

Close the .profile file, commandsource ~/.zprofile

• Environment variable configuration description:

1. The information I saw on the Internet is to put the environment variable in the .bash_profilefile. I also tried it and found a problem. If the terminal is loaded using zsh, the environment variable will take effect .bash_profileevery time the terminal is opened . source ~/.bash_profileCheck the information, put the source ~/.bash_profilecommand in the ~/.zshrcback of the file, you can solve this problem. (or set bash to load)

2. Do not use commands to set environment variables directly, because using commands echo "export PATH=$THEOS/bin:$PATH" >> ~/.zprofile, the path is directly expanded in the .zprofile file, which does not feel very good, so write it manually.

3. If the clone fails according to the official method , directly download the zip archive of theos~/theos and decompress it to the path.

4. Manual clone dependency package, commandcd $THEOS/vendor

git clone git://github.com/theos/dm.pl.git
git clone git://github.com/theos/headers.git/   //clone完成需要将headers改成include，其他的依赖直接用默认名称就可以
git clone git://github.com/theos/lib.git
git clone git://github.com/theos/logos.git
git clone git://github.com/theos/nic.git
git clone git://github.com/theos/templates.git
复制代码

5. Directly download sdks ==> Portal , unzip it and put it in the sdks folder of theos.

6. Terminal command nic.pl, if the installation is successful, you can directly create the project.

Create project

1. cd to the directory where you need to create the project
2. Ordernic.pl

NIC 2.0 - New Instance Creator
------------------------------
  [1.] iphone/activator_event
  [2.] iphone/activator_listener
  [3.] iphone/application_modern
  [4.] iphone/application_swift
  [5.] iphone/cydget
  [6.] iphone/flipswitch_switch
  [7.] iphone/framework
  [8.] iphone/library
  [9.] iphone/notification_center_widget
  [10.] iphone/notification_center_widget-7up
  [11.] iphone/preference_bundle_modern
  [12.] iphone/theme
  [13.] iphone/tool
  [14.] iphone/tool_swift
  [15.] iphone/tweak
  [16.] iphone/tweak_with_simple_preferences
  [17.] iphone/xpc_service
Choose a Template (required): 15 -->如果是hook，直接填写 15
Project Name (required): xxx --->项目名随便填
Package Name [com.yourcompany.xxx]: yourcompany.xxx --->随便填
Author/Maintainer Name [FRZeng]: nnn --->随便填
[iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: bundle ID --->需要hook什么App，就填写该App的bundle ID
[iphone/tweak] List of applications to terminate upon installation (space-separated, '-' for none) [SpringBoard]: --->直接跳过
Instantiating iphone/tweak in xxx/...
Done. --->项目创建完成
复制代码

use

1. Drag the entire project into Sublime Text

2. Placement Makefile

Add THEOS_DEVICE_IP and THEOS_DEVICE_PORT

export THEOS_DEVICE_IP = localhost  //配置IP
export THEOS_DEVICE_PORT = 10010 //端口

TARGET := iphone:clang:latest:7.0
INSTALL_TARGET_PROCESSES = SpringBoard


include $(THEOS)/makefiles/common.mk

TWEAK_NAME = xxx

xxx_FILES = Tweak.x
xxx_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/tweak.mk
复制代码

3. After the configuration is complete, write code in the Tweak.x file.

%hook XMLiveOrListenTogetherView //引用需要hook的App里的头文件

//拦截方法
- (id)init{
	return nil;
}

%end 

复制代码

4. After the code is completed, the terminal cd to the theos project folder (keep the phone connected to the computer)

1. Ordermake
2. Ordermake package
3. Ordermake install

frzeng@192 tingTweak % make  <========
==> Notice: Build may be slow as Theos isn’t using all available CPU cores on this computer. Consider upgrading GNU Make: https://github.com/theos/theos/wiki/Parallel-Building
> Making all for tweak tingTweak…
==> Preprocessing Tweak.x…
==> Compiling Tweak.x (armv7)…
==> Linking tweak tingTweak (armv7)…
ld: warning: building for iOS, but linking in .tbd file (/Users/frzeng/theos/vendor/lib/CydiaSubstrate.framework/CydiaSubstrate.tbd) built for iOS Simulator
==> Generating debug symbols for tingTweak…
rm /Users/frzeng/Desktop/nixiangCode/tingTweak/.theos/obj/debug/armv7/Tweak.x.m
==> Preprocessing Tweak.x…
==> Compiling Tweak.x (arm64)…
==> Linking tweak tingTweak (arm64)…
ld: warning: building for iOS, but linking in .tbd file (/Users/frzeng/theos/vendor/lib/CydiaSubstrate.framework/CydiaSubstrate.tbd) built for iOS Simulator
==> Generating debug symbols for tingTweak…
rm /Users/frzeng/Desktop/nixiangCode/tingTweak/.theos/obj/debug/arm64/Tweak.x.m
==> Merging tweak tingTweak…
==> Signing tingTweak… <<<<<<<==============
frzeng@192 tingTweak % make package  <========
==> Notice: Build may be slow as Theos isn’t using all available CPU cores on this computer. Consider upgrading GNU Make: https://github.com/theos/theos/wiki/Parallel-Building
> Making all for tweak tingTweak…
make[2]: Nothing to be done for `internal-library-compile'.
> Making stage for tweak tingTweak…
dm.pl: building package `com.gemd.iting:iphoneos-arm' in `./packages/com.gemd.iting_0.0.1-1+debug_iphoneos-arm.deb' <<<<<<<==============
frzeng@192 tingTweak % make install  <========
==> Installing…
(Reading database ... 5368 files and directories currently installed.)
Preparing to unpack /tmp/_theos_install.deb ...
Unpacking com.gemd.iting (0.0.1-1+debug) over (0.0.1-1+debug) ...
Setting up com.gemd.iting (0.0.1-1+debug) ...
==> Unloading SpringBoard…  <<<<<<<==============
frzeng@192 tingTweak %
复制代码

<<<<<<<============== Point to the last step of each command, there is no problem, the hook is successful.

remove plugin

If you need to delete the hook plug-in on the phone

Library/MobileSubstrate/DynamicLibraries/Find in phone

There are two files: a plist file, a dylib file to delete directly

》》》As for the development of theos, I am also a novice. If you have friends who are learning reverse engineering together, you are welcome to communicate with them.