Tonight theres going to be a jailbreak: detecting Jailbreaks with Swift on iOS part 2

A while ago I wrote a post about detecting Jailbreaks on iOS with Swift which I incorporated into the app that would eventually become PassVult. I thought there would be little need to continually keep updating Jailbreak’s due in part to the increasing the security of iOS and also due to Apple’s clever strategy of enticing away the Jailbreaker’s by getting them to work for them. But in this brave new / old world we live in there is always room to be surprised. So I’m sharing this code snippet to raise the bar across the board:

// Detect if device is Simulator, Jailbroken or not jailbroken func hasJailbreak() -> Bool { guard let cydiaUrlScheme = NSURL(string: "cydia://package/com.example.package") else { return false } if UIApplication.shared.canOpenURL(cydiaUrlScheme as URL) { return true } #if arch(i386) || arch(x86_64) // Device is a simulator return false #else /*let fileManager = FileManager.default if(fileManager.fileExists(atPath: "/private/var/lib/apt")) { // Device is jailbroken return true } else { // Device is not jailbroken return false } */ let fileManager = FileManager.default if fileManager.fileExists(atPath: "/Applications/Cydia.app") || fileManager.fileExists(atPath: "/Library/MobileSubstrate/MobileSubstrate.dylib") || fileManager.fileExists(atPath: "/bin/bash") || fileManager.fileExists(atPath: "/usr/sbin/sshd") || fileManager.fileExists(atPath: "/etc/apt") || fileManager.fileExists(atPath: "/usr/bin/ssh") || fileManager.fileExists(atPath: "/private/var/lib/apt") { return true } if ViewController.canOpen(path: "/Applications/Cydia.app") || ViewController.canOpen(path: "/Library/MobileSubstrate/MobileSubstrate.dylib") || ViewController.canOpen(path: "/bin/bash") || ViewController.canOpen(path: "/usr/sbin/sshd") || ViewController.canOpen(path: "/etc/apt") || ViewController.canOpen(path: "/usr/bin/ssh") { return true } let path = "/private/" + NSUUID().uuidString do { try "anyString".write(toFile: path, atomically: true, encoding: String.Encoding.utf8) try fileManager.removeItem(atPath: path) return true } catch { return false } #endif } static func canOpen(path: String) -> Bool { let file = fopen(path, "r") guard file != nil else { return false } fclose(file) return true } // Detect if iDevice is jailbroken func detectJailbreak() { if hasJailbreak() == true { UIControl().sendAction(#selector(URLSessionTask.suspend), to: UIApplication.shared, for: nil) } }

I based most of this code from browsing Stack Overflow a Github to update an earlier piece of code which I developed from browsing Stack Overflow and GitHub.

If you have better suggestions let me know.

Until Next Time!

The Security Sleuth

liberTV / nitoTV 10.1 update..

I know everyone has been super patient for updates on this, and I REALLY appreciate that. I think that patience deserves a bit of an update all in one place instead of sporadically spread out through my tweets over the last couple of weeks.

Theres a decent amount of info to cover in this post, so it is entirely possible I miss something

nitoTV status / updates

I have completely overhauled the UI/UX of the featured section of nitoTV to resemble Apples featured section in their store.

https://www.youtube.com/watch?v=3nJiNzf_4Cs

That being said, its still loading from dummy data that i poached directly out of their cached JSON files. What this means is that right  now I’m not loading anything similar to debian control files for  apps/packages yet.  

Therefore, I’m going to either need to 

modify control files or 

layer extra attributes on top of them.

I am not sure how I’m going to approach that conundrum yet.

Backend bedlam

@jaywalker is bringing my backend from nitoTV1-4 into the current century, yes parts of my setuid helper tool have been around since the FIRST AppleTV. The bulk of it was taken from nitoTV for the 2G AppleTV, but either way its not the greatest  code. For the 4G 9.x pangu jailbreak it was an amalgam of the old nitoHelper code and my own (horrid) ‘version’ of dpkg. It was “good enough” for the limited amount of people that use the 9.x jailbreak, now that this one will hit a much larger audience we need to do things right.

Respring madness

I haven’t just been in a holding pattern waiting for @jaywalker, i still needed to find a better way to get applications to load from /Applications in tvOS 9 and 10 alike. 

Previously the hateful methodology employed to get applications to load in there we removing *.csstore from mobile caches and killall -u mobile.

This lead to a variety of random issues (some known, some unknown) and was a terrible way to solve this problem, kludgy mckludgerstein as it were.

On top of that, this “solution” didn’t work on tvOS 10, even when deleting the *.cstore file from its new random location. This meant I needed to find a solution to that problem as well, because how else are we going to run nitoTV from /Applications (a necessity) If we cant get it to display?

This problem has been kind of solved with a cleaner solution that killall -u mobile, but its still a bit too overwraught and requires hooking into things that definitely aren’t requirements to get the process working, they will work, but aren’t ideal. 

From there, this solution didnt work in tvOS 9 (and i can’t leave those users hanging!!!) So I need to take extra time to sort that out. Thankfully i got a cleaner solution working than killall -u mobile, its slightly faster and doesn’t appear to have any terrible side effects yet.

tss checker / futurerestore on tvOS for 9.x->10.x

I apologize for the radio silence on this one, its been on my todo list and I just haven’t gotten there yet, that being said, according to @tihmstar the same process that one would use on the iPad WIFI (neither that nor AppleTV 4 have a baseband). So if anyone wants to be courageous and take one thing off my todo list for me, that’d be great!

Finding an ATV 4G on 10.1

Thanks to an awesome follower @skibowlruler i have procured information on at least one AppleTV that came stock with 10.1 and what kind of information http://www.chipmunk.nl/klantenservice/applemodel.html/ returned so hopefully someone else will be able to use this information to procure that device for themselves as well!

Model Number: MGY52

Group 1: AppleTV

Generation: 4

Production week: -2- (January)

Production year -2017-

Model introduced: -2015-

Factory: DY (China, Shenzhen - Foxconn)

I hope this helps! please comment on twitter to let me know if it does!

NOTE: Another twitter user @Sowers13C has pointed out another thread to get potentially better information on procuring an ATV 4G NIB with 10.1 on it: 

https://www.reddit.com/r/jailbreak/comments/5xjbim/question_apple_tv4_jailbreak/

https://twitter.com/Sowers13C/status/844197561183485952

Known issues with liberTV

This is by no means an exhaustive list, but its stuff i’ve seen reported and I can verify firsthand

Random reboots during video playback

Can take several tries to work successfully

SSH stops working

Ill address them one by one:

Random reboots during video playback

Jon commented on this on his forum 

“KPP (kernel patch protection) kicks in when the processor is doing floating-point related operations. It could be that the KPP implementation still has a bug - which wouldn't surprise me given how many cases I had with the initial installation of it (and why LiberTV succeeds on average 1/4). I am constantly working to improve these odds - and Luca's code isn't the easiest to work with.. Patience would be appreciated.”

source; http://newosxbook.com/forum/viewtopic.php?f=12&t=16823&sid=221a1e76489cd22eb3faa9d24a77aeb9&start=20#p18328

I dont have a solution for this, however, I can say it doesn’t seem to happen with plex or infuse. it does happen with kodi and tuyu and possibly netflix. Thats all i know offhand

Can take several tries to work successfully

Just the nature of the beast, its a hard vuln to get predictably under control afaik. Just keep trying!

SSH stops working

When jon was initially testing liberTV he was extracting his iosbintools pack directly to root, in doing so he definitely overwrote nvram bin and MAYBE the bash binary that are on the stock device, if you reboot with unsigned versions of those, boot loop of bad times! (semi-tethered!)

To mitigate this, every time liberTV runs it extracts the tools (including ssh configs) into /tmp. This gets wiped on a regular basis. Could be every few days, could be every day. This will wipe the config files that tell dropbear where you are supposed to be directed to and whatnot when logging in, if it doesnt know that, u just get booted off immediately. I imagine future versions will address this issue.

Whats working so far

MobileSubstrate

cycript

rocketbootstrap

respring to load /Apps in 9.x/10

AppSync

Thats all she wrote for now, I will probably periodically update / modify this file. Feel free to edit / reprint it for your blogs, just please attribute this link as a source somewhere.

Thanks!

“

2014/4/17 JailbreakしたiPhoneなどのiOSデバイスをターゲットにした「Unflod.dylib」というマルウェアが発見されたとのこと。

Unflod.dylibの動作

「iOS Malware Campaign “Unflod Baby Panda” | SektionEins GmbH」によると、脱獄したデバイスが実行中のすべてのプロセスをフックして外部へのSSL接続を読み取り、デバイスの「Apple ID」と「パスワード」をアメリカのホスティングサーバを経由して中国のサーバーへ送信されるようです。

感染の経由と確認

1

/Library/MobileSubstrate/DynamicLibraries/Unflod.dylib

こちらのPassに「Unflod.dylib」があると感染していることになります。もし発見した場合、直接削除してください。 (iFileやafc2addをインストールして削除) バイナリ自体はiOS 6.1SDKの「armv7」でコンパイルされているとのことです。通常のRepositoryからではなく、有料Tweakをクラックして配布している所謂「割れリポ」からインストールしたものに付随していると言われています。

解析したバイナリからのIP

「23.88.10.4」と「23.228.204.55」のIPアドレスに送信されるようです。

NetRange: 23.228.192.0 – 23.228.255.255 CIDR: 23.228.192.0/18 OriginAS: AS40676 NetName: PSYCHZ-NETWORKS NetHandle: NET-23-228-192-0-1 Parent: NET-23-0-0-0-0 NetType: Direct Allocation RegDate: 2013-09-19 Updated: 2013-09-19 Ref: http://ift.tt/1r1T9Tk OrgName: Psychz Networks OrgId: PS-184 Address: 20687-2 Amar Road #312 City: Walnut StateProv: CA PostalCode: 91789 Country: US RegDate: 2013-04-17 Updated: 2013-09-05 Ref: http://ift.tt/1moHtdF ReferralServer: rwhois://rwhois.psychz.net:4321 OrgTechHandle: NOC3077-ARIN OrgTechName: NOC OrgTechPhone: +1-626-549-2801 OrgTechEmail: [email protected] OrgTechRef: http://ift.tt/wHx56G OrgAbuseHandle: NOC3077-ARIN OrgAbuseName: NOC OrgAbusePhone: +1-626-549-2801 OrgAbuseEmail: [email protected] OrgAbuseRef: http://ift.tt/wHx56G # # ARIN WHOIS data and services are subject to the Terms of Use # available at: http://ift.tt/o3rPut # Found a referral to rwhois.psychz.net:4321. %rwhois V-1.0,V-1.5:00090h:00 portal.psychz.net (Ubersmith RWhois Server V-2.4.0) autharea=23.228.192.0/18 xautharea=23.228.192.0/18 network:Class-Name:network network:Auth-Area:23.228.192.0/18 network:ID:NET-16983.23.228.204.0/25 network:Network-Name:23.228.204.0/25 network:IP-Network:23.228.204.0/25 network:IP-Network-Block:23.228.204.0 – 23.228.204.127 network:Org-Name:znznet network:Street-Address:辽宁沈阳和平区5-1-1 network:City:沈阳 network:State:辽宁 network:Postal-Code: network:Country-Code:CN network:Tech-Contact:MAINT-16983.23.228.204.0/25 network:Created:20131205052358000 network:Updated:20131205052358000 network:Updated-By:[email protected] contact:POC-Name:Network Administrator contact:POC-Email:[email protected] contact:POC-Phone: contact:Tech-Name:Network Administrator contact:Tech-Email:[email protected] contact:Tech-Phone: %ok WHOISデータベースによると「23.228.204.55」がアメリカのLOS ANGELESから中国の瀋陽市(しんようし/シェンヤンし)へと通信が行われているという結果が出ます。

まとめ

「Unflod.dylib」がもし合った場合、早急に削除しAppleIDのPasswordを変更すること。(※ちなみに「Auxo 2」はUmino.dylibという名前) クラック版のTweakがあるリポジトリは登録しない。 当たり前のことですがJailbreakすることでリスクも伴うので、自ら危険なものに手を出さないことが大事ですね。” - 【注意】脱獄したiPhoneやiPadからApple IDとPassを中国に送信するマルウェアが発見される | Will feel Tips (via darylfranz)

Checkra1n Jailbreak iOS 13 new update, fix Apple ID and MobileSubstrate errors

This new update is 0.9.5 beta. Addresses an issue related to an Apple ID account. The issue affects the initialization of MobileSubstrate and detects when a user can download OTA updates, causing a jailbroken device Checkra1n Jailbreak iOS 13 new update, fix Apple ID and MobileSubstrate errors

Download Online Jailbreak iOS 11.2.6 - iOS 10 Jailbreak: First iOS 11 and iPhone X Jailbreak

As expected, developer and hacker XiaBao Cheng has just released Online Jailbreak, the first official jailbreak for iOS 11: iOS 11.2 and iPhone X, iPhone 8 and iPhone 8 Plus. The online jailbreak is based on the vulnerability tfp0 iOS 11.2.6 exploits or signs the awakening that Ian Beer released a few days ago. It's a semi-populated jailbreak like most modern jailbreaks, which means you'll have to put the iOS device in jailbreak to download Cydia iOS 11.2.6 mode after each reboot and give up the jailbreak application every 7 days if you're using the free developer account from Apple.

The jailbreak currently does not include Cydia, as it hasn’t been updated for iOS 11. However, it is not clear if Saurik will be updating download Cydia for Online Jailbreak, as he has been working with “people from past jailbreaks”.

Online Jailbreak supports the following iOS 11 versions:

iOS 11, iOS 11.0.1, iOS 11.0.2, iOS 11.0.3, iOS 11.1, iOS 11.1.1, iOS 11.1.2, iOS 11.2.2, iOS 11.2.3, iOS 11.2.6

It does not support the following iOS 11 versions: iOS 11.2, iOS 11.2.1

It supports all iOS 11 compatible iOS devices:

iPhone X, iPhone 8, iPhone 8 Plus, iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s

12.9-inch iPad Pro, 2nd generation 12.9-inch iPad Pro, 1st generation 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2

iPod touch 6G

You can download the IPA Jailbreak file online at the official website to getting download Cydia iOS 11.2.6 latest releases. Avoid using mirrors as they may include malware. Jailbreak online is free like most jailbreaks, so if someone asks you to pay then it is very likely to be a scam.

Cheng mentioned that the only time the jailbreak fails is in devices that have no compensation. If the untethered jailbreak iOS 11.2.6 fails, you can report it to your forum.

Update: This is the first version of the candidate, so we recommend that readers wait to get your comments before trying it yourself. If you are new to jailbreaking, we recommend that MobileSubstrate and Cydia download be compatible with iOS 11 for launch first and a jailbreak that pre install Cydia. Do not install Cydia from unknown resources. We will keep you informed as soon as we have more updates.

If you still went ahead and tried Online Jailbreak, then inform us about the comments.

@jailbreakbuster ~Coolstarorg is released a "Tool" named/updated "Electra" & i dont recommend public users to insta… https://t.co/21IYNZ4uvo

~Coolstarorg is released a "Tool" named/updated "Electra" & i dont recommend public users to install it. Coolstar made this for developers only, for testing tweaks & themes. Someday you will get into bootloop if you done something wrong!!! Plz wait for Cydia & MobileSubstrate!

— Suleman Zubair (@suleman1zubair1) January 13, 2018

Dynamic malware crusade takes Apple passwords from jailbroken iPhones Inception and wellspring of secretive “unflod” application remain unknown.

Security examiners have uncovered a dynamic malware fight in the wild that takes the Apple ID accreditations from jailbroken iPhones and iPads.

News of the malware named "unflod," in perspective of the name of a library that is presented on corrupted devices, first surfaced before the finish of a week ago on two or three reddit strings here and here. In the posts, perusers uncovered their jailbroken iOS contraptions starting late started experiencing reiterated crashes, frequently in the wake of presenting jailbroken-specific customizations known as changes that were not a bit of the specialist Cydia feature, which goes about as an other alternative to Apple's App Store.

Starting now and into the foreseeable future, security pro Stefan Esser has played out what's known as a static examination on the parallel code that the reddit customers withdrew on exchanged off contraptions. In a blog section uncovering the results, he said unflod guides into the SSLWrite limit of a debased contraption's security framework. It by then channels it for strings running with the Apple ID and mystery key that is transmitted to Apple servers. Exactly when the capabilities are found, they're transmitted to assailant controlled servers.

In an email to Ars, Esser said the noxious code works just on 32-bit interpretations of jailbroken iOS devices. "There is no ARM 64-bit adjustment of the code in the copy of the library we got," he made. "This infers the malware should never be powerful on [the] iPhone 5S/iPad Air or iPad little scale 2G."

reddit perusers said unflod ailments can be perceived by opening the SSH/Terminal and looking through the coordinator/Library/MobileSubstrate/DynamicLibraries for the closeness of the Unflod.dylib record. Exchanged off contraptions may possibly be cleaned by eradicating the dynamic library, yet since no one so far has had the ability to understand how the malignant record is presented regardless, there's no confirmation it won't somehow in this way return.

"That is the reason we recommend to restore the contraption," Esser told Ars. "Nevertheless, that suggests people will lose their escape until the point that another is released, and most of escape customers won't do that."

Clearly, whichever course of purifying customers of polluted devices pick, they should in like manner change their Apple ID mystery word as fast as time licenses.

The unflod campaign, which was moreover dismembered by researchers from antivirus provider Sophos, underscores the threats related with presenting dark applications on jailbroken iPhones.

"I will similarly again take this moment to demonstrate out anyone stressed that the probability of this starting from a default [Cydia] store is truly low," Cydia build Jay Freeman, also called Saurik, wrote in one reddit comment. "I don't endorse people go adding self-assertive URLs to Cydia and downloading unpredictable programming from untrusted people any more than I recommend opening the .exe records you get by email on your desktop PC."

yalu jailbreak for iOS 10.3 by the developer Todesco

The famous Italian iOS hacker Luca Todesco has published his new update of yalu jailbreak to support with iOS 10.3. The previous version of yalu jailbreak was working with iOS 10 - iOS 10.2 and he has updated this jailbreak tool to support the latest iOS 10.3 as well.

Luca Todesco was better known as @qwertyoruiop by the jailbreak community has published a youtube video on his youtube channel to demonstrate the iOS 10.3 jailbreak. Keep in your mind that this is the first jailbreak for iOS 10.3.

iOS 10.3 jailbreak demonstrate

This guy has shared a video to show off the more information and Cydia download is working perfectly with iOS 10.3. Luca is demonstrating MobileSubstrate and code injection with the support of his jailbreak update which is yalu jailbreak on iOS 10.3.

The first version of yalu jailbreak made by Luca Todesco for the iOS 10 beta 8 update and finally he developed his tool to support with all the iOS 10 versions to Cydia download. He also has tweeted this on his twitter to show off to the public iPhone, iPad and iPod Touch users.

How to Cydia installer for iOS 10.3

If you're interested in iOS 10.3 jailbreak and Cydia download, you have to know that still, we're unable to jailbreak iOS 10.3 to get Cydia installer because there is no any official tool for the iOS 10.3 jailbreak. Do not worry about for this reason because the jailbreak community will be able to see the iOS 10.3 Cydia in the near future because most of the developer teams are working hard to release the new jailbreak.

إطلاق #جيلبريك iOS 10.2 رسمياً أطلق الهكر Luca Todesco الجيلبريك الخاص بنظام iOS 10.2 رسمياً ، وقد تم إطلاق الجيلبريك مع أداة mobilesubstrate المسؤولة عن تثبيت الأدوات والمدعومة اهذا الإصدار من النظام. وتعتبر هذه النسخة حالياً في الوضع التجريبي وسيتم تحديثها خلال الفترات القادمة لتصحيح الأخطاء الحالية. وقد ذكر الهكر أن هذا الجيلبريك مدعوم حالياً لأجهزة iPhone 6S - iPhone SE - iPad Pro ، وسوف يتم دعم بقية الأجهزة خلال الفترة القادمة ، وللأسف لن يتم دعم جهاز iPhone 7 لهذا الجيلبريك. رابط جيلبريك Yalu 10.2 اضغط هنا رابط أداة Cydia Impactor اضغط هنا

Jailbroken Development : Starter Pack

For me first blog post on iDevBlogADay, I thought I'd talk about a part of iOS development that rarely gets mentioned on blogs, Tweak development (or mobilesubstrate development).

To start you'll need:

A Jailbroken iOS device

OSX 10.6+ (or iOS 3.x+)

Theos

A good knowledge of Objective-C

Getting Theos

You can get Theos from DHowett's official Github profile, although rpetrich has a fork which includes a set of private headers and is kept quite up to date (however the headers are from 3.x).  Theos also needs ldid THEOS/bin/ldid

You can find a more complete guide here. If you need to install Theos on your device rather then on OSX you can find a guide on the iPhoneDevWiki.

On Your Device

On your device you should install a few tools first:

BigBoss Recommended Tools

syslogd (saves NSLog statements to file)

MobileSubstrate (obviously)

Cycript Javascript/Objc mix, install yourself (useful for testing the output of SpringBoard methods)

gdb (if something goes wrong we can't use xcodes debugger)

Mobileterminal, allows you to run commands from the device itself (same as cycript)

Class-dump-z (gets the method names & classes from an iOS binary file)

Using Theos

Theos comes with a group of tools, the most obvious of which is Logos. Theos itself is a build system (make files and build scripts) which can build you code straight to a .deb file (the format cydia installs).

Logos is a preprocessor-based library to make developing with mobilesubstrate easier by providing an ObjectiveC style syntax.

MobileSubstrate Example (from iFans)

static void __$ExampleHook_AppIcon_Launch(SBApplicationIcon *_SBApplicationIcon) { UIAlertView* __launchView = [[UIAlertView alloc] init]; __launchView.title = @"No way muchacho"; __launchView.message = @"You can't touch dis!"; [__launchView addButtonWithTitle:@"Dismiss"]; [__launchView show]; // If at any point we wanted to have it actually launch we should do: // [_SBApplicationIcon __OriginalMethodPrefix_launch]; } extern "C" void ExampleHookInitialize() { NSAutoreleasePool* pool = [[NSAutoreleasePool alloc] init]; // Get the SBApplicationIcon class Class _$SBAppIcon = objc_getClass("SBApplicationIcon"); // MSHookMessage is what we use to redirect the methods to our own MSHookMessage(_$SBAppIcon, @selector(launch), (IMP) &__$ExampleHook_AppIcon_Launch, "__OriginalMethodPrefix_"); // We just redirected SBApplicationIcon's "launch" to our custom method, and now we are done. [pool release]; }

Theos/Logos Example

%hook SBApplicationIcon -(void)launch{ UIAlertView* __launchView = [[[UIAlertView alloc] init] autorelease]; __launchView.title = @"No way muchacho"; __launchView.message = @"You can't touch dis!"; [__launchView addButtonWithTitle:@"Dismiss"]; [__launchView show]; } %end

Much less code, much simpler and much easier to understand!

Useful Stuff

This is a collection of useful links & info to help you get started:

iPhoneDevWiki

StackOverflow is the most useful site for iOS development and for jailbroken development the iPhoneDevWiki is by far the most useful sites for a developer.

irc.saurik.com

If you have a problem you can't solve while making your AppStore app you ask on StackOverflow for a solution. If while making your tweak you can't fix a certain bug/problem you ask on the #theos or #iphonedev channels on Saurik's (creator of cydia) IRC.

TweakWeek

Lots of simple example tweaks from top Cydia developers. It's now finished but there are still over 60 example tweaks to study.

That's it hopefully that's enough to get you started developing tweaks. Enjoy!

How To Create A MobileSubstrate Tweaks for iOS.

Welcome to my second tutorial on iOS Open Development! In this tutorial, I will give you the first hand to get started with MobileSubstrate tweaks. If you are here, you should already know what MobileSubstrate is and why you would want to write tweaks for it, so I'm not going to get into too many details about MobileSubstrate and how it works.

Before we get started, there's a couple of things I want to say first. First, if you don't know what you are doing (new programmer, first time writing for iOS, whatever), then this is NOT a tutorial for you. MobileSubstrate protects the system from tweak errors and lousy programmers, but one can never be too careful. If you don't know what you are doing, you could mess up your device, perhaps not bad enough to brick it, but bad enough to require a full restore. So if you follow this tutorial, I trust you know programming, have been doing it for a while, and that you take full responsibility of whatever happens to your device for writing "bad" tweaks.

Second, writing MobileSubstrate tweaks... There's a lot you can do. It's all about code hooking thanks to Objective-C's dynamic nature and there's a lot you can do with it. I cannot possibly teach you, not even in a thousand posts, everything you can modify with MobileSubstrate tweaks. This small tutorial is just meant to give you a hand getting started with tweaks. It's not a comprehensive guide. It would really be impossible to write a full book about everything you could hook because there's too much. Once you are finished with this guide, you will know enough about widgets and you will be able to research on your own: That is, once you are done with this tutorial, you will have to explore the private headers to find what you are looking for and hook it. Writing MobileSubstrate tweaks requires patience and familiarization with the private frameworks, so once you build your first project, start studying the private frameworks: I will tell you how to dump your own headers or where you can find headers that have already been dumped and modified for you to use.

Now, putting that aside...

In this tutorial you are going to write your first MobileSubstrate tweak. We will build a simple tweak that will show the user a message whenever he/she tries to open an app. Once the user taps an icon, we will display a message that says "Launching App..." and then we will launch the app once the user taps an "OK" button. Yes, it is a useless tweak, but you will learn a lot in your way.

In this tutorial, I will do the following:

I will explain you how to get the required headers to create tweaks.

I will explain what "hooking" code is in a nutshell

I will teach you how to hook code using Logos instead of the Objective-C runtime, so you will learn the basic Logos syntax along the way and you will be ready to hook your own things any time.

You will learn three very basic things but they should be powerful enough for you to write any tweak you can think of.

Okay, let's get started!

First Things First: You Need The Private Headers To Work With.

You need to get the private iOS headers you want to "hook". Otherwise, well, there's nothing you can play with. So I will show you ways to do that.

The first and hardest method is to dump your own headers yourself using a command line tool called class-dump-z (or class-dump: refer to this post for more details on the tools). How to use this tools is beyond the scope of this tutorial but a word on them is due. Dumping your own headers is a tedious option. There's a bunch of private frameworks and it can take a while to dump them all. Save each header to a respective framework directory when done.

Another (and easier) option is to download the headers from someone else. A lot of people have dumped their own headers and are hosting them free of charge on GitHub, so go on there and grab a copy. Personally, I recommend you use rpetrich's headers, simply because he is a great developer with great reputation in the iOS open development community. But there's lots of options out there shall you want/need them.

Once you have your headers downloaded, each header nicely inside a folder with the name of the framework, move or copy each framework to the directory called "include" inside the Theos directory. By default, you would save all the headers in the following location (Mac):

/opt/theos/include

Every private framework you download has to be saved there (so you can simple #import them when you want to use them, as you would include any other iOS framework in "official", non-jailbreak projects).

That is all there is to downloading your headers: Once you are done, you can move on.

But Wait, What Exactly Is "Hooking"?

Objective-C is just a superset of C. Everyone who knows iOS or Mac programming knows that, and it's the first thing a good book or tutorial on Objective-C tells you. But what exactly does this mean? It simply means that Objective-C has a lot of C code running under the hood. As so, you can freely mix any C code with Objective-C code.

Objective-C is mainly driven by what is called the Objective-C Runtime. The Objective-C Runtime is a C framework that, as you may imagine, controls everything that happens on Ojective-C under the hood. This runtime is responsible of creating classes, creating methods, ivars... Everything Objective-C does, is controlled by this run time. This runtime is in its most superficial level a bunch of C functions, and this framework is the reason Objective-C is such a dynamic language. This runtime can create classes, methods, ivars, and modify any of them along way on runtime rather than on compile time. Here are some functions provided by this framework:

class_addIvar

class_addMethod

objc_msgSend

This are just some functions found in the runtime. Their purpose is really clear: The first one adds an ivar to an existing class. The second one adds a method to an existing class, and the third one sends a message to a class.

Programmers can have full access to the Objective-C Runtime functions by just importing the framework as they would import anything else, granting them access to very powerful tools to modify running code as they wish on runtime and have a lot of control of whatever happens in their machine. In a running application, a developer can "hook" to a current method and make it behave like something completely to what was intended. In other words, to "hook" means to modify or extends the Objective-C code to do what you want. For example, someone could "hook" the NSString's stringByAppendingString to append the passed parameter and to append a personal string at the end. Suppose I wanted that method to append "Leo" at the end of very string that receives that message. I could hook that method to append the wanted string and my own personal string at the end.

The Objective-C Runtime takes care of hooking. Writing tweaks require hooking, but the iOS Open development community has developed methods to abstract the Objective-C Runtime functions from the programmer. "Hooking" mechanisms have been created precisely to abstract the runtime and perhaps make it less intimidating. CaptainHook is one of them, and Logos is another one. Logos is a very nice hooking mechanism and it abstracts the runtime nicely with simple commands like "%hook" and "%orig". No idea what I am talking about? In this tutorial I will show you how to create a tweak with Logos, so you will understand more once you see the actual tweak.

Without further ado, time to build the actual tweak and get your hands dirty. This is actually the shorter part of this tutorial but I hope everything I taught you so far will be useful for you in the future.

Getting Our Hands Dirty: Creating The Tweak

Alright, launch up the terminal and create a MobileSubstrate project (If this is your first time using Theos, or you don't even have Theos installed yet, refer to this post. I mainly give links to instructions for installing Theos but the small content I dedicate to installation and configuring should help you getting started with it). I will call mine LaunchNotifier:

Once you have your project created, you will see a file called "Tweak.xm". This is the file that has all the Logos hooking code and where you write your tweak. So open it up and be surprised for a short while at all that "%" syntax...

You also need to modify the makefile to add the UIKit framework. If you are in this tutorial you should know how to do that, but if you don't, it's very simply, just add this line:

LaunchNotifier_FRAMEWORKS = UIKit

And save it. That's everything we need to do so close it now.

You will see a bunch of commented-out content. Please look at it for a while and try to understand it. It shows you the very basics of code hooking like:

%hook ClassName and %end. This is what I call a "Hook Block". Everything you write in between is the block where you will be hooking things of the className (note that %hook and %end have no finishing semi-colon in their lines).

%orig calls the original version of the code you are hooking. You will find yourself calling %orig in all your methods most of the time, as they have most of the code needed for the code to be finished. Not calling %orig; can have disastrous consequences in your tweak, depending on what you are doing, although sometimes it's desirable to avoid calling the original version of the method. Make sure you know when you want to call orig and when you don't. Usually, it's just common sense.

%orig(...) is %orig; but with arguments. In the parenthesis you pass in all the parameters to hand them over to the original method.

The rest of the commented code are examples for Logos. They can work, but in this tutorial I want to build something that works, because it's easier to learn things with "real-world" examples.

Feel free to delete everything on that file for now. We will build everything from scratch (and it's nothing too big, since it's just a UIAlertView basically).

First things first, a quick review of what we are doing to do: When the user taps an icon in the SpringBoard, he will see a message telling him he's about to launch an app.

Okay, so how do we do that? I need to say again, Tweak development requires lots of header browsing. You can never be certain of where things are. You know you want to a show message when an icon is tapped. You know icons are part of SpringBoard, so that's a good start. You would head over to the SpringBoard framework folder and browse all the headers there. What are you looking for? Common sense is to be used here: You know, it's an icon, so just look for anything that may have "Icon" on it's name. What should you hook? You browse your headers for a while and find a class called SBIcon. Is this the one? Could be. Under normal circumstances, you would try to hook different classes and methods, writing code for them to do something (show an UIAlertView is a good idea), to see if you are hooking the right class and method. Okay, nothing interesting here. This can't be the method. Oh, oh, what do I See? Is that a class called SBApplicationIcon? That sounds less generic and it may be exactly what you are looking for! In our case, yes, we want to hook that class.

You inspect that class and you see it has a method called -launch. Instinctively, we know this method will launch the respective app, so it makes sense to hook it.

The initial hooking will simply look like this:

%hook SBApplicationIcon //Methods to hook here. %end

Here we are just saying "I will hook some methods from the SBApplicationIcon class".

-launch is the method that holds the magic for us, so to hook it, just write it's implementation inside the hook block like you would anywhere else:

%hook SBApplicationIcon -(void)launch { //Hooked launch. What will it do now? } %end

And there you can just write any Objective-C code you want. We want to show a message, so just write a UIAlertView like this:

%hook SBApplicationIcon -(void)launch { NSString *appName = [self displayName]; NSString *message = [NSString stringWithFormat:@"The app %@ has been launched", appName, nil]; UIAlertView *alert = [[UIAlertView alloc] initWithTitle:appName message:message delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil]; [alert show]; [alert release]; %orig; } %end

And that's really it! make package install your project (you should now that by now). Once the user taps an icon, the app will launch while showing a message:

A couple of things you have to note about the code we wrote above:

We are calling %orig;. If you don't call %orig; here, your app won't launch because you will override all the launch logic. Instead, you will just see your message but nothing will be launched. If a normal user installed this app (without the method calling %orig;), he/she would be screwed. Why? Because he/she wouldn't be able to launch Cydia and uninstall it. The developer, on the other hand, can reverse the problem by simply fixing the problem and make package installing it again. This is why tweak programming is not for everyone and you should only do it if you plan on doing it well.

Note that we can call [self displayName]. Like I said, you can write any code like you normally code as you usually would, except you can "call hooks" whenever you want or need them.

Congratulations! You have now written your first MobileSubstrate tweak. As usual, the full code can be found on my pastebin here, and if you have any questions, head over this post and ask all the questions you may have.

nitoTV update

Backend update

We have been coordinating the last couple of weeks to get the back end up to speed. And thus far I have apt and dpkg, and all related dependencies built and mostly validated / working for arm64. Thus far it has been tested on my 9.0 device and nothing passed that yet. Hoping to get to testing it on 10.1 today or tomorrow. Some of the dependencies are built in a bit of a hacky fashion and I need to address that before we can be confident that its fully validated. Right now I'm still using my old insecure nitoHelper and need Jaywalker to get the version he re-wrote up to speed. Hoping we can get that sorted this week.

UI update

The UI is essentially done for the next release, have a curated featured section that looks great (pretty exciting) and it also has a new package display view that looks really nice as well if your package implements Depiction properly (I'll cover that formatting later after things have been released). Installing / removing / searching are all working, I still need to test adding and removing repos, but that /should/ just work.

Updating

So you are stuck on 9.0 and 10.1 with your blobs saved and you want to update to 11.1? My advice at this time is to wait. The upcoming version of nitoTV is not going to support 11.1. The reason for this is we don't have mobilesubstrate updated and code injection in general is still a bit dicey / in progress. This release has already been delayed enough and I don't want to wait for that to fall into place to get a release out. The reason code injection is important for a release is for our app loading process, as of right now it requires code injection, if you can’t even install applications with nitoTV then its pretty useless!

However, if you are on 10.2->10.2.2 then you MIGHT be able to use my fresh port of https://github.com/lechium/v0rtexNonce to set your nonce and then restore using futurerestore. My instructions from before on this blog are not going to be sufficient because that bundled version of futurerestore that I built will likely be incompatible with tvOS 11. I know there are forks out there that supposedly work with iOS 11 but I can't vouch for any of them without personally using it.

App Store

The initial version won't have a paid store yet, I still need to figure out the logistics for that. But its definitely planned for a future update, and I'm going to do my best to get that update out very early next year (January hopefully) I will support other people supplying packages if they so desire, but none of the default cydia repos are going to be added by default, I would NOT recommend adding them either. 99.99% of the packages won't be applicable.

ETA

As a rule most of us hate doing this, because as soon as you put a date on something you'll most likely miss it!

That being said, I'm hoping to get out a version with 9.0 / 10.1 support sometime before the end of the year.

If you made it this far, thanks for reading and thanks for your continued patience!

New Post has been published on ccompliquer(z)

New Post has been published on http://www.ccompliquer.fr/comment-resoudre-des-problemes-de-mobilesubstrate-dans-ios-7-fix-substrat-mobile-tweak/

Comment résoudre des problèmes de MobileSubstrate dans iOS 7 "Fix Substrat Mobile" Tweak

Beaucoup d’entre vous ont des difficulté avec les Tweaks Cydia sur iOS 7. Nous avons reçu beaucoup des commentaires sur ce sujet et nous avons seulement été en mesure de vous dire que c’est une question liée au substrat-Mobile et sera fixé dès que Saurik publie une mise à jour à la bibliothèque.

Cependant, il y a eu quelques développements récents sur Reddit que nous suivions. Il y avait un Fix MS Recharger qui Saurik avec véhémence et fortement demandé aux lecteurs de rester distant. Mais il y a un autre tweak que Saurik d’approbation si nous allons l’utiliser pour résoudre tous les problèmes découlant de Mobile Substrate.

Donc ce tweak « Fix mobile Substrat » ​​ne fonctionne que sur jailbreak des appareils qui utilisaient Evasi0n7 1.0.1. Si non, vous devrez installer le Evasi0n7 untether 0,2 tweak avant de poursuivre. Le untether 2.0 tweak peut être trouvé dans Cydia (cherchez « evasi0n7.x untether ») et une fois que vous l’avez installé, rendez-vous sur la section suivante.

Installation Fix substrat mobile

Ouvrir Cydia → Gérer → Sources Appuyez sur Modifier , puis appuyez sur Ajouter

Entrez l’url: http://parrotgeek.net/repo Appuyez sur Ajouter une source

Laissez Cydia rafraîchir. Avec le nouveau package ajouté, appuyez dessus. (Cydia → Gérer → → Sources Tapez sur le parrotgeek repo) Trouvez mobile Substrat fix et installer. Redémarrez l’iDevice après le tweak installé

Selon Saurik, le Fix mobile Substrat met en œuvre un changement à peu près la façon dont il se voulait mettre en œuvre ce qui est la raison pour laquelle il a obtenu son sceau d’approbation sur Reddit. Un correctif pour le problème provenait en fait beaucoup plus tôt dans la forme de SEP Recharger Fix mais nous avons dû attendre un peu pour voir comment la réponse a été. Incidemment, Saurik a parlé – un peu – de savoir pourquoi un tweak dangereux. Disons épargner les détails techniques ici: il suffit de dire que la mise en œuvre allait faire mal les processus. Quoi qu’il en soit, mobile Substrat Fix semble fonctionner bien pour beaucoup d’utilisateurs.

New Post has been published on iPhone 5s News

New Post has been published on http://iphone5snews.org/mobilesubstrate-ios-7-jailbreak-update-saurik-says-no-eta-on-release-date

MobileSubstrate iOS 7 Jailbreak Update: Saurik Says No ETA On Release Date ...

For 64-bit iOS devices such as the iPhone 5S and the iPad Air, problems were more noticeable since MobileSubstrate — the process that many tweaks and iOS modifications are dependent on — hasn't been updated to support the 64-bit processor on newer …

New Post has been published on iPhone 5s News

New Post has been published on http://iphone5snews.org/mobilesubstrate-ios-7-jailbreak-update-saurik-says-no-eta-on-release-date

MobileSubstrate iOS 7 Jailbreak Update: Saurik Says No ETA On Release Date ...

For 64-bit iOS devices such as the iPhone 5S and the iPad Air, problems were more noticeable since MobileSubstrate — the process that many tweaks and iOS modifications are dependent on — hasn't been updated to support the 64-bit processor on newer …