├── .gitignore ├── Makefile ├── README.md ├── RevealLoaderInject.plist ├── control ├── init.xm ├── layout └── Library │ └── Application Support │ └── RevealLoader │ └── RevealServer └── tcsp.png /.gitignore: -------------------------------------------------------------------------------- 1 | .theos/ 2 | packages/ 3 | .DS_Store 4 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | TARGET := iphone:clang:latest 2 | THEOS_PACKAGE_SCHEME = rootless 3 | export ARCHS = arm64 arm64e 4 | 5 | 6 | include $(THEOS)/makefiles/common.mk 7 | 8 | TWEAK_NAME = RevealLoaderInject 9 | 10 | $(TWEAK_NAME)_CFLAGS = -fobjc-arc -fobjc-weak 11 | $(TWEAK_NAME)_FRAMEWORKS = Foundation 12 | $(TWEAK_NAME)_FILES = init.xm 13 | 14 | include $(THEOS_MAKE_PATH)/tweak.mk 15 | include $(THEOS_MAKE_PATH)/tool.mk 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # iOS 越狱的Tweak开发 2 | 3 | > iOS越狱开发中,各种破解补丁的统称为Tweak,通常意义上我们说的越狱开发,都是指开发一个Tweak. 4 | 基本上,tweak都依赖于一个名叫[cydia Substrate](http://www.cydiasubstrate.com) (以前名字也叫mobile Substrate)的动态库,Mobile Substrate是Cydia的作者Jay Freeman (@saurik)的作品,也叫Cydia Substrate,它的主要功能是hook某个App,修改代码比如替换其中方法的实现,Cydia上的tweak都是基于Mobile Substrate实现的. 5 | 6 | > iOS的tweak开发可以有两种发布方式 7 | 1. 只能在越狱设备上安装的打包成deb格式的安装包 8 | 2. 直接使用开发者自己的证书/企业证书直接将补丁打包成ipa,这样不需要越狱也是可以安装的,只是这种非越狱的限制比较大,通常只是用来给某个app打个补丁或者类似的功能啥的 9 | 10 | 11 | # RevealLoaderInject 12 | 动态加载Reveal到应用程序和插件中。此包使用Reveal 最新的的revealserver.framework,您可以将其替换为您想要的内容。兼容iOS 15 +。如果遇到问题,可以按照步骤自己编译 13 | 14 | # 手动安装 15 | 1. 下载安装包 https://github.com/DeftMKJ/MKJRevealLoaderX/releases/tag/v1.0.0 16 | 2. 用iFunBox拖进越狱机,我一般放在var/jb/var/root用户目录下(这个自己根据自己放就好) 17 | 3. 越狱机上安装Filza,方便查看手机上文件目录,然后进入上面的目录,点击找到对应文件 18 | 4. 点击右边叹号,然后点击右上角,用Sileo安装即可。 19 | 5. 我这是默认全部开启的,只要打开你想要调试的App,Mac打开Reveal就行。 20 | > 大概率遇到问题,排查方式 21 | - 先用手机进入/var/jb/Library/Application Support/RevealLoader/RevealServer这,看看这个可执行文件在不在,然后看看是否有-x权限,不行把755安排上 22 | - 如果已存在,但还是不行,使用 ldid 进行伪签名: 23 | 在越狱设备上,你可以使用 ldid 工具对动态库进行伪签名。这不是真正的代码签名,但它可以欺骗 AMFI,让它认为库是正确签名的。 24 | 安装 ldid(如果尚未安装)并运行以下命令:`ldid -S /path/to/RevealServer` 25 | 26 | # 自行编译 27 | 1. 下载工程 28 | 2. Mac电脑的Reveal下载好,然后进入Helper -- Show Reveal Framwork in Finder 29 | 3. 找到xcframework,然后找到ios-arm64,把可执行文件替换 `layout/Library/Application Support/RevealLoader`即可 30 | 4. 没报错的话,package目录下有deb包,根据步骤手动安装即可 31 | 32 | ![这是图片](./tcsp.png "Magic Gardens") 33 | 34 | iOS 15+可行 有问题微信联系我 13826241102 35 | -------------------------------------------------------------------------------- /RevealLoaderInject.plist: -------------------------------------------------------------------------------- 1 | { 2 | Filter = { 3 | Bundles = ( 4 | "com.apple.UIKit", 5 | ); 6 | }; 7 | } -------------------------------------------------------------------------------- /control: -------------------------------------------------------------------------------- 1 | Package: com.mikejing.revealloaderinject 2 | Name: RevealLoaderInject 3 | Version: 0.0.1 4 | Architecture: iphoneos-arm 5 | Description: An awesome MobileSubstrate tweak! 6 | Maintainer: mikejing 7 | Author: mikejing 8 | Section: Tweaks 9 | Depends: mobilesubstrate (>= 0.9.5000) 10 | -------------------------------------------------------------------------------- /init.xm: -------------------------------------------------------------------------------- 1 | #include 2 | #import 3 | 4 | %ctor { 5 | @autoreleasepool { 6 | NSString *libraryPath = @"/var/jb/Library/Application Support/RevealLoader/RevealServer"; 7 | 8 | if ([[NSFileManager defaultManager] fileExistsAtPath:libraryPath]) { 9 | void *handle = dlopen([libraryPath UTF8String], RTLD_NOW); 10 | if (handle) { 11 | NSLog(@"[MIKEJING RevealLoader] open success!"); 12 | [[NSNotificationCenter defaultCenter] postNotificationName:@"IBARevealRequestStart" object:nil]; 13 | } else { 14 | NSLog(@"[MIKEJING RevealLoader] open failed!"); 15 | } 16 | } else { 17 | NSLog(@"[MIKEJING RevealLoader] file not found!"); 18 | } 19 | 20 | 21 | } 22 | } 23 | 24 | 25 | // #include 26 | // #include 27 | // %ctor 28 | // { 29 | // NSString *libraryPath = @"/Library/Frameworks/RevealServer.framework/RevealServer"; 30 | // if ([[NSFileManager defaultManager] fileExistsAtPath:libraryPath]) 31 | // { 32 | // void *addr = dlopen([libraryPath UTF8String], RTLD_NOW); 33 | // if (addr) 34 | // { 35 | // [[NSNotificationCenter defaultCenter] postNotificationName:@"IBARevealRequestStart" object:nil]; 36 | // NSLog(@"[MIKEJING RevealLoader]: loaded %@ successful, address %p", libraryPath, addr); 37 | // } 38 | // else 39 | // { 40 | // NSLog(@"[MIKEJING RevealLoader]: loaded %@ failed, address %p", libraryPath,addr); 41 | // } 42 | // } else { 43 | // NSLog(@"[MIKEJING RevealLoader]: file not found %@", libraryPath); 44 | // } 45 | // } 46 | -------------------------------------------------------------------------------- /layout/Library/Application Support/RevealLoader/RevealServer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeftMKJ/MKJRevealLoaderX/23293afbb28d67e9ee65fe55c0a0ed0567c0de14/layout/Library/Application Support/RevealLoader/RevealServer -------------------------------------------------------------------------------- /tcsp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeftMKJ/MKJRevealLoaderX/23293afbb28d67e9ee65fe55c0a0ed0567c0de14/tcsp.png --------------------------------------------------------------------------------