iOS越狱开发theOS搭建

iOS越狱开发theOS搭建

越狱环境搭建

TheOS

Theos.最初由DHowett进行开发,由于DHwoett去了微软，不再有时间维护了，所以Adam Demasi(kirb)接手了他的工作，并且添加了很多全新的功能。所以，之前书上《iOS App Reverse Engineering》讲的安装方法已经不再适用，现在我们来讲一下最新的安装方法。

安装dpkg和ldid

Dpkg是Debian的软件包。

Ldid是越狱祖师爷Saurik开发的一款二进制授权管理软件，可以对越狱应用进行SHA1运算生成授权，让软件包可以在iPhone上执行。

在这里我们使用Homebrew来安装他们。Homebrew是一款Mac上的基于Ruby的包管理器，可以理解为与Yum、Apt、Pecman类似即可。

用Homebrew安装上述软件仅需一句话：

brew install dpkg ldid
复制代码

如果没有安装Homebrew，那么安装它也仅仅只需要一句话（可能需要VPN环境，github最近越来越不稳定也是众所周知的事情）：

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
复制代码

安装Thoes

之前我们把Theos安装在/opt/theos，现在我们还是安装在这个文件夹。

sudo Git clone --recursive https://github.com/theos/theos.git /opt/theos
复制代码

然后把/opt/theos的权限改成你自己：

sudo chown $(id -u):$(id -g) /opt/theos
复制代码

最后这一步也很重要，要把theos的执行路径加入到环境变量之中，在~/.bash_profile中加上这么两句：

export THEOS=/opt/theos
export PATH=/opt/theos/bin/:$PATH
//后面可以不配置
export SDKVERSION=10.1  //iOSSDK版本
export THEOS_DEVICE_IP=127.0.0.1 THEOS_DEVICE_PORT=22

复制代码

测试是否安装成功

Cd到任意可执行目录， 执行：

nic.pl
复制代码

New Instance Creator开始执行则已经安装成功。

注意事项

1. 报错

guogh:test guogh$ make package
> Making all for tweak test…
make[2]: Nothing to be done for `internal-library-compile'.
> Making stage for tweak test…
dpkg-deb: error: obsolete compression type 'lzma'; use xz instead

Type dpkg-deb --help for help about manipulating *.deb files;
Type dpkg --help for help about installing and deinstalling packages.
make: *** [internal-package] Error 2
复制代码

解决

$ brew remove dpkg  # remove latest dpkg
$ brew install --force-bottle https://raw.githubusercontent.com/Homebrew/homebrew-core/7a4dabfc1a2acd9f01a1670fde4f0094c4fb6ffa/Formula/dpkg.rb  # install dpkg as a bottle from the old commit
$ brew pin dpkg  # block homebrew from updating dpkg till you `brew unpin dpkg`
(Updated 01/03/17 using @Fr0stDev’s workaround because Debian delete old source releases. 1.18.10 is from July 2016.)
复制代码

参考自Stack Overflow

dpkg 1.18.11 finally pulled the plug on our saving grace; using -Zbzip2 or -Zlzma is now an error.

The most straightforward way to “fix” this would be to just replace it with dm.pl and add lzma support to it. (Or urge for Telesphoreo’s dpkg to be updated, but I’ve been doing that for years…)

Error output

dpkg-deb: error: obsolete compression type 'lzma'; use xz instead

Type dpkg-deb --help for help about manipulating *.deb files; Type dpkg --help for help about installing and deinstalling packages. make: *** [internal-package] Error 2 Workaround

For the moment, you’ll need to just use 1.18.10.

For Homebrew, you can downgrade like so:

$ brew remove dpkg # remove latest dpkg $ brew install --force-bottle https://raw.githubusercontent.com/Homebrew/homebrew-core/7a4dabfc1a2acd9f01a1670fde4f0094c4fb6ffa/Formula/dpkg.rb # install dpkg as a bottle from the old commit $ brew pin dpkg # block homebrew from updating dpkg till you brew unpin dpkg (Updated 01/03/17 using @Fr0stDev’s workaround because Debian delete old source releases. 1.18.10 is from July 2016.)

Fortunately, seems Debian/Ubuntu are safe for the moment: https://launchpad.net/dpkg/+packages. But I would expect them to be updating sometime soon.

Partly dupes #197.

参考链接：

• github.com/theos/theos…

• bbs.iosre.com/t/theos/492…

测试theOS

建立一个项目

• 终端输入以下命令

guogh:testiOSDev guogh$ nic.pl
复制代码

• 输出

NIC 2.0 - New Instance Creator
------------------------------
  [1.] iphone/activator_event
  [2.] iphone/application_modern
  [3.] iphone/cydget
  [4.] iphone/flipswitch_switch
  [5.] iphone/framework
  [6.] iphone/ios7_notification_center_widget
  [7.] iphone/library
  [8.] iphone/notification_center_widget
  [9.] iphone/preference_bundle_modern
  [10.] iphone/tool
  [11.] iphone/tweak
  [12.] iphone/xpc_service
Choose a Template (required): 
复制代码

• 输入 11

• 添加代码

修改Tweak.xm文件，删除所有内容，写入以下代码：

#import <SpringBoard/SpringBoard.h>

%hook SpringBoard

-(void)applicationDidFinishLaunching:(id)application {
    %orig;

    UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Welcome"
        message:@"Hello world，你好世界"
        delegate:nil
        cancelButtonTitle:@"确定"
        otherButtonTitles:nil];
    [alert show];
    [alert release];
}

%end
复制代码

• 编译

make
复制代码

• 打包

make package
复制代码

期间会让输入iPhone的root密码 (iPhone事先需要安装ssh等服务)

后面就可以在手机端用iFile等工具安装deb包了.

转载于:https://juejin.im/post/5a432229f265da432f3163ec