|
1
2
|
TOOLS<br> 1.已越狱的设备,并且已安装了OpenSSH,MobileSubstrate等实用工具 Cydia源/Telesphoreo里有 里面有个包 可以基本集合所有开发工具提供库 |
|
1
|
2.mac os已安装了Reveal revealapp.com , theos,itools ,dyld_decache,Mesasqlite等工具<br><br><br> |
这里主要讲解两种分析他人app界面方式:
第一: 系统app (如app store等)
第二:普通app(如易信,微信,instagram等)
下面讲解第一种:
1. 拷贝Reveal的framework和dylib到越狱设备 scp -r /Applications/Reveal.app/Contents/SharedSupport/iOS-Libraries/Reveal.framework root@192.173.1.60:/System/Library/Frameworks scp /Applications/Reveal.app/Contents/SharedSupport/iOS-Libraries/libReveal.dylib root@192.173.1.60:/Library/MobileSubstrate/DynamicLibraries
<这里提及到:ssh到远程设备root 密码默认是:alpine>
2. 登陆到远程设备 然后编辑libReveal.plist
/Library/MobileSubstrate/DynamicLibraries/下创建文件libReveal.plist,指定app的Bundle
3. 重启
1)killall SpringBoard
2) reboot
第二种: (分析普通app)(激动人心的时候来了)
以下将拿网易 "易信"app做案例分析.
设备信息:iphone4s
版本: ios7.0.4
(以下是简单的所需工具)
下载好一切工具之后 执行安装命令. Tweak
具体可以看老外几个大神的安装教程,这里我稍后给出,以上一系列操作完成之后在目录下会生成如下:
图中 RevealUtils.h RevealUtils.m文件是在Reveal官网拉取简单修改了下已做处理.
至于.xm后缀名文件一些语法你们可以看看相关教程 很简单.
com.yixin.yixin_0.0.1-1_iphoneos-arm.deb 是make package之后生成的文件:如下是命令日志
applematoMacBook-Pro-2:yixin applepc$ make clean mack pa/Users/applepc/Documents/mygithubDir/jarlbreak/yixin/theos/makefiles/targets/Darwin/iphone.mk:41: Deploying to iOS 3.0 while building for 6.0 will generate armv7-only binaries. rm -rf ./obj 2014-03-29 15:35:27.593 xcodebuild[1012:d07] Could not fetch ‘View‘ main menu item ckagrm -rf "/Users/applepc/Documents/mygithubDir/jarlbreak/yixin/_" applematoMacBook-Pro-2:yixin applepc$ mack package -bash: mack: command not found applematoMacBook-Pro-2:yixin applepc$ make clean /Users/applepc/Documents/mygithubDir/jarlbreak/yixin/theos/makefiles/targets/Darwin/iphone.mk:41: Deploying to iOS 3.0 while building for 6.0 will generate armv7-only binaries. rm -rf ./obj rm -rf "/Users/applepc/Documents/mygithubDir/jarlbreak/yixin/_" applematoMacBook-Pro-2:yixin applepc$ make /Users/applepc/Documents/mygithubDir/jarlbreak/yixin/theos/makefiles/targets/Darwin/iphone.mk:41: Deploying to iOS 3.0 while building for 6.0 will generate armv7-only binaries. Making all for tweak yixin... Preprocessing Tweak.xm... Compiling Tweak.xm... make Preprocessing Tweak_Instagram.xm... Compiling Tweak_Instagram.xm... Compiling RevealUtils.m... pc Linking tweak yixin... a Stripping yixin... Signing yixin... ^R make pcapplematoMacBook-Pro-2:yixin applepc$ make package /Users/applepc/Documents/mygithubDir/jarlbreak/yixin/theos/makefiles/targets/Darwin/iphone.mk:41: Deploying to iOS 3.0 while building for 6.0 will generate armv7-only binaries. Making all for tweak yixin... make[2]: Nothing to be done for `internal-library-compile‘. Making stage for tweak yixin... dpkg-deb: building package `com.yixin.yixin‘ in `./com.yixin.yixin_0.0.1-2_iphoneos-arm.deb‘. applematoMacBook-Pro-2:yixin applepc$
然后只需把com.yixin.yixin_0.0.1-2_iphoneos-arm.deb 传到越狱设备里用iFile安装下就可以了
重启易信,
之后激动人心的时刻来了.
易信里面实现方式 和布局看的一清二楚...........就是裸女一样站在面前.
下一篇讲解如何获取易信所有.h 头文件 以及解壳易信