The copyright of this article belongs to Kudingshuwu , please keep this description when reprinting.
Jailbreak and Development
When the iPhone came out 10 years ago, it didn't have third-party apps, not even a game, but jailbreak developers like Nicholas Allegra pushed Apple's smartphones to the limit by allowing users to install third-party apps without Apple's permission. Third-party apps and plugins. With the passage of time, the ecosystem of iOS has become more and more powerful, and its third-party applications have become more and more diverse, and the functions involved are various. To a certain extent, jailbreaking is dead, but this does not mean that developers do not need to jailbreak mobile phone. Getting a jailbroken mobile phone is like turning on God Mode for developers. You can enter the system to see how each system process cooperates to complete tasks, how the system's signature mechanism works, etc. At the same time, when you think third-party software is cool, you can analyze its implementation principle on the jailbroken phone, understand the security measures of competitors, and so on.
This series introduces how to develop Tweak to increase software functions, how to develop Daemon to protect the security of applications, and how to debug third-party applications, all of which are of course based on jailbroken phones. It is recommended to prepare a jailbroken phone before reading this series of articles. As for the method of jailbreak, you can refer to the Aisi Assistant jailbreak tutorial , PP Assistant jailbreak tutorial , and of course Pangu jailbreak , etc. There are many tools, so I won't list them one by one.
prison Break
In simple terms, jailbreaking is to get the highest authority of the system (usually the root user, for users who use or understand linux or linux-like users, they should know what the root user means) through the loopholes (also called bugs) of the system, and then use This highest authority, install the necessary software to the necessary place, and let the software start with the highest authority when it is turned on. It should be noted that the mechanism to start with the highest authority at boot is inherent in the system itself, because the system also needs this authority to achieve necessary functions, such as installing applications. The reason why the jailbreak program can start automatically after booting up is because it uses the vulnerability of the system to get the highest authority, and then uses this authority to add itself to the startup list.
For the system, preventing being jailbroken is generally a matter of authority control, using the highest authority as little as possible, that is, not abusing the highest authority, reducing the possibility of loopholes, and the system can also make up for it afterwards, for example, it is found to be jailbroken when restarting. Now, protect yourself, do not start or clear those abnormal programs. Generally speaking, we often say that the imperfect jailbreak is because the process of "after the fact" of the system is not solved. The general phenomenon is that once the jailbroken device (iPhone or iPad) is restarted, it will not be able to enter the system and will be directly stuck on the interface of a white apple; or it can enter the system, but the applications installed after the jailbreak cannot be used. Can't open.
After completing the previous operations, the phone is called a successful jailbreak (perfect and imperfect are considered as successful jailbreak). As we know, we can remotely enter Unix-like systems (unix, linux, FreeBSD) through the ssh protocol, and then operate files, processes, etc. The iOS system can also be regarded as a Unix-like system, so that we can ssh into the iOS device (after a jailbreak, it can be accessed as a root user, and everyone knows what this means). At this point, we have turned on God Mode.
develop
Jailbreak development needs to be distinguished from application development that we often say, but jailbreak development is essentially developing applications. The reason for the distinction is that if we only use application development, we don’t need to jailbreak at all. We must know that we have spent a lot of time in order to escape. Generally speaking, jailbreak development refers to Tweak development, Daemon development, and crack development. But the final product of jailbreak development, generally speaking, is still an application or acts on a certain application. After all, end users operate through applications. In Tweak, Daemon, and crack development, Tweak development is the most common. This article uses Tweak development to illustrate jailbreak development.
Tweak development refers to the development of a module (almost like a dll developed by Windows, a dynamic Framework developed by iOS, and a .so or .dex file developed by Android), and this module is loaded into one or several applications. It sounds very complicated. For example, how can we be loaded by the application, and how can we display it (entrance). Fortunately, we can't worry about being loaded into the application. When jailbreaking, there will be a jailbreak module, which we call it. Cydia. When we mention Cydia, it can be considered as a store that can include software that is not approved by Apple (of course, software that is approved by Apple can also be included). It can also be considered as an injection framework. After all Tweaks are registered with Cydia, he will be responsible for injecting our Tweaks into the specified application (process) at the appropriate time. So far, we have solved the first always: Tweak is loaded by the application.
After Tweak is loaded, according to the conventional development idea, it is to find an opportunity to display (or work). For example, if the user has 4 Tabs, we try to add a Tab. When long-pressing, add a menu item of your own, or force Display the existing menu items (for example, there are originally 3 menu items, but the software only displays 2 items or 1 item according to whether the local conditions are satisfied). This is a relatively complex development, which requires the use of Hook-related technologies. Fortunately, we don’t have to organize our own Hook library from scratch. Theos jailbreak development kit solves most of the problems. As for how to install this jailbreak development kit, this blog Theos of iOS Reverse Engineering has detailed instructions. You can try to install it, and then follow the Helloworld tutorial to develop the first Tweak.
So far, both issues have been resolved.
The copyright of this article belongs to Kudingshuwu , please keep this description when reprinting.