IOS reverse development – Installation and use of the decrypted and Frida-ios-dump tools

Lead language: the last article said is shucking tool, today said is theos, because the installation of this also waste a lot of brain cells, clone N plus 1 times, are unsuccessful. Record how to solve, I hope that friends who are interested in learning reverse can read this article less pit.

The installation

  • Probably due to the network problems in China, the clone theOS on gitHub failed.

  • Searched the Internet for a long time relevant information, finally solved

  • Ios Reverse TheOS Installation and Getting Started (1)

Here are the steps:

  1. brew install ldid
  2. Setting environment Variables

The command open ~/.zprofile puts these two sentences after the.profile file

export THEOS=~/theos
export PATH=$THEOS/bin:$PATH
Copy the code

Close the. Profile file using the source ~/.zprofile command

  • Description of environment variable configuration:
  1. What I read on the Internet is that the environmental variables are put in.bash_profileThe file, I have also tried, found a problem if the terminal uses ZSH to load, put in.bash_profileEvery time you open a terminalsource ~/.bash_profileEnvironment variables take effect. I looked it up, andsource ~/.bash_profileCommand, place~/.zshrcThis problem can be solved later in the file. (or set up bash loading)
  1. Environment variables are not set using commands directly because commands are usedecho "export PATH=$THEOS/bin:$PATH" >> ~/.zprofileIn the.zprofile file the path is directly expanded, it doesn’t feel very good, so write it manually.
  1. If clone fails using the official method, download the zip package of theos, decompress it, and save it to ~/theos.

  2. To manually clone dependencies, run the CD $THEOS/vendor command

Git clone git://github.com/theos/dm.pl.git git clone git://github.com/theos/headers.git/ / / clone will need to complete headers to include, Other dependent with the default name can directly git clone git://github.com/theos/lib.git git clone git://github.com/theos/logos.git git clone git://github.com/theos/nic.git git clone git://github.com/theos/templates.gitCopy the code
  1. Download the SDKS portal directly, unzip it and place it in the SDKS folder of TheOS.

  2. Nic.pl terminal command, if the installation is successful can directly create the project.

Create a project

  1. CD to the directory where you need to create the project
  2. The commandnic.pl
2.0 New NIC Instance Creator -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- [1] iphone/activator_event iphone/activator_listener [2]  [3.] iphone/application_modern [4.] iphone/application_swift [5.] iphone/cydget [6.] iphone/flipswitch_switch [7.] iphone/framework [8.] iphone/library [9.] iphone/notification_center_widget [10.] iphone/notification_center_widget-7up [11.] iphone/preference_bundle_modern [12.] iphone/theme [13.] iphone/tool [14.] iphone/tool_swift [15.] iphone/tweak [16.] iphone/tweak_with_simple_preferences [17.] iphone/xpc_service Choose a Template (required): 15 --> Hook, fill in 15 Project Name (required): XXX --> Project Name fill in Package Name [com.yourcompany.xxx]: Yourcompany. XXX --> Optional Author/Maintainer Name [FRZeng]: [iPhone /tweak] MobileSubstrate Bundle filter [com.apple.springboard]: Bundle ID --> Need to hook what App, List of Applications to terminate upon installation (space-separated, '-' for None) [SpringBoard]: --> Skip Instantiating iPhone /tweak in XXX /... Done. --> The project is createdCopy the code

use

  1. Drag the entire project into Sublime Text

  2. Configuration Makefile

Add THEOS_DEVICE_IP and THEOS_DEVICE_PORT

Export THEOS_DEVICE_IP = localhost // Configure the IP address export THEOS_DEVICE_PORT = 10010 // Port TARGET := iPhone :clang:latest:7.0 INSTALL_TARGET_PROCESSES = SpringBoard include $(THEOS)/makefiles/common.mk TWEAK_NAME = xxx xxx_FILES = Tweak.x xxx_CFLAGS = -fobjc-arc include $(THEOS_MAKE_PATH)/tweak.mkCopy the code
  1. When configuration is complete, write code to Tweak. X file.
% hook XMLiveOrListenTogetherView / / cited the need to hook the header files in the App / / intercept method (id) init {return nil; } %endCopy the code
  1. After the code is complete, the terminal CD goes to theOS project folder (keep the phone connected to the computer)
  1. The commandmake
  2. The commandmake package
  3. The commandmake install
frzeng@192 tingTweak % make <======== ==> Notice: Build may be slow as Theos isn't using all available CPU cores on this computer. Consider upgrading GNU Make: https://github.com/theos/theos/wiki/Parallel-Building > Making all the for tweak tingTweak... = = > Preprocessing Tweak. X... = = > the Compiling Tweak. X (armv7)... ==> Linking tweaking (armv7)... ld: warning: building for iOS, but linking in .tbd file (/Users/frzeng/theos/vendor/lib/CydiaSubstrate.framework/CydiaSubstrate.tbd) built for iOS Simulator ==> Generating debug symbols for tingTweak... Rm/Users/frzeng/Desktop/nixiangCode tingTweak /. Theos/obj/debug/armv7 / Tweak x.m = = > Preprocessing Tweak. X... = = > the Compiling Tweak. X (arm64)... ==> Linking tweaking (arm64)... ld: warning: building for iOS, but linking in .tbd file (/Users/frzeng/theos/vendor/lib/CydiaSubstrate.framework/CydiaSubstrate.tbd) built for iOS Simulator ==> Generating debug symbols for tingTweak... Rm/Users/frzeng/Desktop/nixiangCode tingTweak /. Theos/obj/debug/arm64 / Tweak x.m = = > Merging Tweak tingTweak... = = > Signing tingTweak... <<<<<<<============== frzeng@192 tingTweak % make package <======== ==> Notice: Build may be slow as Theos isn't using all available CPU cores on this computer. Consider upgrading GNU Make: https://github.com/theos/theos/wiki/Parallel-Building > Making all the for tweak tingTweak... Make [2]: Nothing to be done for 'internal-library-compile'. > Making stage for tweak tingTweak... dm.pl: Building package ` com. Gemd. Iting: iphoneos - arm 'in `. / packages/com. Gemd. Iting_0. 0.1 1 + debug_iphoneos - arm. Deb' < < < < < < < = = = = = = = = = = = = = = 192 tingTweak frzeng @ % make install < = = = = = = = = = = > Installing... (Reading database ... 5368 files and directories currently installed.) Preparing to unpack /tmp/_theos_install.deb ... Unpacking com.gemd. Iting (0.0.1-1+debug) over (0.0.1-1+debug) Setting up com.gemd.iting (0.0.1-1+debug) = = > Unloading SpringBoard... <<<<<<<============== frzeng@192 tingTweak %Copy the code

<<<<<<<============== points to the last step of each command, no problem, hook succeeded.

Remove the plug-in

If need to delete hook in the phone plug-in

In the mobile phone/Library/MobileSubstrate/DynamicLibraries lookup

There are two files: a plist file and a dylib file to delete directly

As for the development of TheOS, I am also a little white, if you have friends to learn the reverse, welcome to communicate with you.