cocoaheads stockholm 2014-02: writing your own jailbreak tweak
DESCRIPTION
A basic introduction to what a jailbreak really *is*, and how to remix software by writing your own jailbreak tweaks. See http://overooped.com/post/75523688909/writing-your-own-jailbreak-tweak for presenter notesTRANSCRIPT
Jailbreak development
Jailbreak development
App sandbox
mobile user
App sandbox
root access
mobile user
App sandbox
write access to operating system files
root access
mobile user
App sandbox
!
Your Software
Remixing!Your Software
Jailbreak development
$ the0s$ make$ make install
iod-setup sdk -d /Applications/Xcode.app/Contents/Developer -sdk iphoneos
swizzling is
art
%hook SBApplicationController!-(void)uninstallApplication:(SBApplication *)application {! NSLog(@"Hey, we're hooking uninstallApplication:!");! %orig; // Call the original implementation of this method! return;!}!%end!
Logos tweak MyTweak.x
#import <CaptainHook/CaptainHook.h> !CHDeclareClass(NSString); CHMethod(2, void, NSString, writeToFile, NSString *, path, atomically, BOOL, flag) { NSLog(@"Writing string to %@: %@", path, self); CHSuper(2, NSString, writeToFile, path, atomically, flag); } !CHConstructor { CHLoadClass(NSString); CHHook(2, NSString, writeToFile, atomically); }
CaptainHook tweak MyTweak.mm
Live coding ListClasses
class-dump
@interface Area : Thing!{! NSString *title;! int type;! NSDate *reviewedDate;! NSMutableSet *tags;! NSMutableDictionary *sharedLists;!}!!+ (int)mergeRuleForProperty:(id)fp8;!- (id)reviewedDate;!- (int)type;!- (id)title;!- (void)removeTask:(id)fp8;!- (void)pigeonholeTask:(id)fp8;!- (id)sharedListContainingTask:(id)fp8;!- (id)sharedListWithIdentifier:(id)fp8;!- (BOOL)matchesTag:(id)fp8;!- (id)inheritedTags;!- (id)allTags;!- (BOOL)hasTags;!- (BOOL)hasElements;!- (unsigned int)countOfElements;!- (void)save;!- (id)initFromDatabaseWithUUID:(id)fp8;!- (void)dealloc;!- (id)init;!- (void)setTags:(id)fp8;!- (id)tags;!- (void)setReviewedDate:(id)fp8;!- (void)setTitle:(id)fp8;!- (void)setType:(int)fp8;!- (void)mergeValue:(id)fp8 touched:(id)fp12 forKey:(id)fp16;!!@end!!@interface Contact : _AudioServicesAddSystemSoundCompletion!{!}!!- (id)uuid;!!@end!
!@interface RepeatingTask : Task!{! TH1RecurrenceRule *_recurrenceRule;! BOOL _instanceCreationPaused;! NSDate *_instanceCreationStartDate;! int _instanceCreationCount;! NSDate *_afterCompletionReferenceDate;!}!!+ (id)_createRepeatingInstanceFromTask:(id)fp8 forDate:(id)fp12;!+ (id)_createInstanceFromTask:(id)fp8 forDate:(id)fp12 withIdentifierDate:(id)fp16;!+ (id)allKeysForSync;!+ (id)keysForInitialization;!+ (id)keysForCreation;!+ (id)newKeys;!+ (void)load;!- (int)createInstancesIfNecessary:(int)fp8 all:(int)fp12;!- (id)recurrenceStartDatesFromDate:(id)fp8 count:(int)fp12;!- (void)updateAfterCompletionStatus;!- (void)instanceWasUnstopped:(id)fp8;!- (void)instanceWasStopped:(id)fp8;!- (void)instanceWasDeleted:(id)fp8;!- (void)instanceWillBeDeleted:(id)fp8;!- (BOOL)createsDueDates;!- (int)state;!- (BOOL)instanceCreationEnded;!- (id)lastInstance;!- (id)instances;!- (void)setAfterCompletionReferenceDate:(id)fp8;!- (id)afterCompletionReferenceDate;!- (void)setInstanceCreationCount:(int)fp8;!- (int)instanceCreationCount;!- (void)setInstanceCreationStartDate:(id)fp8;!- (id)instanceCreationStartDate;!- (void)setInstanceCreationPaused:(BOOL)fp8;!- (BOOL)instanceCreationPaused;!- (void)setRecurrenceRule:(id)fp8;!- (id)recurrenceRule;!- (BOOL)isRepeating;!- (BOOL)save;!- (void)setPrimitiveValues:(id)fp8 forKeys:(id)fp12;!- (void)dealloc;!- (id)initWithUUID:(id)fp8;!- (id)init;!- (void)_commonInit;!!@end!
• install “Clutch” package from iphonecake.com • Clutch Appname • Unzip • class-dump Appname
Please don’t pirate apps :(
Live coding class-dump
Install
default password: alpine
⌘⇧-I
Install tweak to device from Xcode/iOSOpenDev
github.com/rpetrich/deviceconsole
http://repo.nevyn.nu
Thanks for listening! @nevyn
@lookback