在jailed break的手機當中, 我們如果想要取代掉/新增一些原本apple提供的功能, 我們就必須要寫tweak(我自己理解就是寫hook, 然後讓系>統會自動呼叫到你寫的callback function).
要達到這件事情, 除了之前教的先安裝theos之外, 我們還必須使用ios private framework (也就是apple沒公開的SDK), 這邊有兩種方式
- generate header from class-dump or class-dump-z tool
$ class-dump -H /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.0.sdk/System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices $ ls BKSAccelerometerDelegate-Protocol.h SBSCardItem.h CDStructures.h SBSCardItemsController.h NSCoding-Protocol.h SBSCardItemsControllerRemoteInterface-Protocol.h NSCopying-Protocol.h SBSCompassAssertion.h NSObject-Protocol.h SBSLocalNotificationClient.h SBAppLaunchUtilities.h SBSPushStore.h SBCardItemsControllerRemoteInterface-Protocol.h SBSRemoteNotificationClient.h SBLaunchAppListener.h XPCProxyTarget-Protocol.h SBSAccelerometer.h
- copy others from internet
(1) https://github.com/nst/iOS-Runtime-Headers/tree/master/PrivateFrameworks
(2) https://github.com/rpetrich/iphoneheaders
這是我用的, 使用這個你必須要做一些額外的工作
$ find /Applications/Xcode.app/ -name IOSurfaceAPI.h $ cp /Applications/Xcode.app//Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.8.sdk/System/Library/Frameworks/IOSurface.framework/Versions/A/Headers/IOSurfaceAPI.h $THEOS/include/IOSurface/Comment out the following line in this file (IOSurfaceAPI.h):
/* This call lets you get an xpc_object_t that holds a reference to the IOSurface. Note: Any live XPC objects created from an IOSurfaceRef implicity increase the IOSurface's global use count by one until the object is destroyed. */ //xpc_object_t IOSurfaceCreateXPCObject(IOSurfaceRef aSurface) // IOSFC_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /* This call lets you take an xpc_object_t created via IOSurfaceCreatePort() and recreate an IOSurfaceRef from it. */ //IOSurfaceRef IOSurfaceLookupFromXPCObject(xpc_object_t xobj) // IOSFC_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
我自己是使用別人產生的header, 把這些header copy到$THEOS/include 下面, 接下來就可以進行tweak project了
$ /opt/theos/bin/nic.pl NIC 2.0 - New Instance Creator ------------------------------ [1.] iphone/application [2.] iphone/library [3.] iphone/preference_bundle [4.] iphone/tool [5.] iphone/tweak Choose a Template (required): 5 Project Name (required): ooooo Package Name [com.yourcompany.ooooo]: Author/Maintainer Name [ytshen]: [iphone/tweak] MobileSubstrate Bundle filter [com.apple.springboard]: Instantiating iphone/tweak in ooooo/... Done. $ ls ooooo/ Makefile Tweak.xm control ooooo.plist theos
接下來你就可以進行tweak的實作, 這邊我在xcode 4.5 + mac os 10.8 lion下面會遇到一些問題, 像是找不到arm6 symbol, 這是因為後來只支援arm7.
要修改Makefile
export ARCHS=armv7 export TARGET=iphone:latest:4.3 SDKVERSION=6.0 include theos/makefiles/common.mk TWEAK_NAME = ooooo ooooo_FILES = Tweak.xm include $(THEOS_MAKE_PATH)/tweak.mk
並且要設定environment $SYSROOT 到你sdk的目錄.
$ echo $SYSROOT /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.0.sdk/這邊使用一個很簡單的例子, 我們要改spring board一開始秀出一個alert (spring board就是iOS的桌面程式), 修改Tweak.xm:
#import接下來就按照之前介紹的theos, make, make package, make package install. 就可以把這個tweak安裝在iPhone上面!%hook SpringBoard -(void)applicationDidFinishLaunching:(id)application { %orig; // call the original method UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Welcome" message:@"Welcome to your iPhone Brandon!" delegate:nil cancelButtonTitle:@"Thanks" otherButtonTitles:nil]; [alert show]; [alert release]; } %end
Reference
http://brandontreb.com/beginning-jailbroken-ios-development-your-first-tweak/http://www.andyibanez.com/2012/07/02/create-a-mobilesubstrate-tweaks/
class-dump:
http://stevenygard.com/projects/class-dump/