Help/Support Theos tweaks on non-jailbroken device with developer account

Arizona94 · September 12, 2015

Hello,

I am very new to coding and developing tweaks, so bear with me if I make myself out to be a moron. I have a jailbroken iPhone 6 (8.4), a non-jailbroken iPhone 5 (9.1 beta), and a developer account. I successfully converted a few of my Flex tweaks using theos that work on my jailbroken device. Now I want to see if it's possible to get them onto my non-jailbroken device.

I found a fork of theos for non-jailbroken devices (https://github.com/BishopFox/theos-jailed) but I don't have the knowledge/experience to use it.

Is there anyone with the patience to help me out here? I can add your devices' UDIDs to my account so you can test it out and get future betas the easy way.

Thanks!

Rook · September 12, 2015

Hello there,

I will actually look into this myself. And it is possible but I'm not sure up to where it is. You can probably install things that only affect the IPA. Which is good enough.

Arizona94 · September 12, 2015

That's all I need! I just want to manipulate some of the apps that I have installed. Thanks!

Arizona94 · September 15, 2015

Update: I have been able to get this working for me!! The tweak.xm file contains code for cycript and it works fine if I leave it unedited. When I deleted it and inserted my own code, the app crashes on launch. I've posted the tweak.xm code here. Where can I insert my own code?

/*
	Bishop Fox - Theos for jailed iOS devices
*/
#import <dlfcn.h>
#include <pthread.h>
#include <errno.h>
#include <objc/message.h>
#import "Cycript.framework/headers/cycript.h"
#include "fishhook/fishhook.h"
#include "iSpy.class.h"
#include "iSpy.common.h"
#include "iSpy.instance.h"
#include "iSpy.msgSend.common.h"

#define CYCRIPT_PORT 31337

/*
 * Constructor
 */
%ctor {
	NSLog(@"[BF] Constructor entry");
	
	// initialize and cache the iSpy sharedInstance. 
	NSLog(@"[BF] Activating iSpy");
	[iSpy sharedInstance]; // do nothing with the return value, just force iSpy to initialize
	
	// Start Cycript
	ispy_nslog("[BF] Starting Cycript. Connect by running \"cycript -r <yourIOSDeviceIP>:%d\" on your MacBook.", CYCRIPT_PORT);
	CYListenServer(CYCRIPT_PORT);

    /* 
     *	The objc_msgSend tracing feature uses a whitelist to determine which methods/classes
     *	should be monitored and logged. By default the whitelist contains all of the methods in all 
     *	of the the classes defined by the target app. 
     *	You can add/remove individual methods and/or entire classes to/from the whitelist.
     *	This is good for removing animations, CPU hogs, and other uninteresting crap.
     */
    //ispy_nslog("[BF] Removing unwanted classes from msgSend whitelist");
    //[mySpy msgSend_whitelistRemoveClass:@"ClassWeDoNotCareAbout"];

    // Remove an individual method from the whitelist
    //[mySpy msgSend_whitelistRemoveMethod:@"testMethod" fromClass:@"FooClass"];

    // Add a method to the whitelist
    //[mySpy msgSend_whitelistAddMethod:@"setHTTPBody:" forClass:@"NSMutableURLRequest"];

    // Add all the methods in a single class
	//[mySpy msgSend_whitelistAddClass:@"NSURLConnection"];
	    
	/*
	 *	Turn on objc_msgSend tracing.
	 *	You can also turn it on/off in Cycript using: 
	 *		[[iSpy sharedInstance] msgSend_enableLogging]
	 *		[[iSpy sharedInstance] msgSend_disableLogging]
	 */
	//ispy_nslog("[BF] Enabling msgSend logging to %s/Documents/.iSpy/*.log", [[mySpy appPath] UTF8String]);
	//[mySpy msgSend_enableLogging];

	/*
	 *	Bypass SSL pinning. Uses a combination of:
	 *		- TrustMe SecTrustEvaluate() bypass
	 *		- BF's custom AFNetworking bypasses
	 *	This is disabled by default and you must enable it manually here or
	 *	in Cycript, by using: [[iSpy sharedInstance] SSLPinning_enableBypass]
	 */
	//ispy_nslog("[BF] Enabling SSL Pinning bypasses");
	//[mySpy SSLPinning_enableBypass];
	
	/*
	 *	By default the instance tracker is off. Turn it on.
	 */
	ispy_nslog("[BF] Enabling instance tracker");
	[[[iSpy sharedInstance] instanceTracker] start];
	
	/*
	 *	Now we continue with the normal load process, passing control to the app's main() function.
	 */
	ispy_nslog("[BF] All done, continuing dyld load sequence.");
}

Arizona94 · September 15, 2015

Nevermind, I figured it out. I successfully installed app tweaks onto my non-jailbroken iPhone!!!

Dry05 · December 16, 2015

Hi could you guys please help me? I'm trying to inject my dylib into my ipa but everytime it starts signing and fails and says failed to inject dylib. I replaced my certificates I started all over again with the ipa and so but nothing works please help?

Regards Bas

uiop · January 21, 2016

Hi could you guys please help me? I'm trying to inject my dylib into my ipa but everytime it starts signing and fails and says failed to inject dylib. I replaced my certificates I started all over again with the ipa and so but nothing works please help?

Regards Bas

Hi guys. I have the same problem: "Failed to inject *.dylib" using Theos-jailed... Has anyone found a solution?

Dry05 · February 5, 2016

Already found the solution: when you place optool in the bin folder that you had to create to make patchapp.sh work you don't need an extra optool folder just after the Mach-o folder place the optool inside it do not create a folder called optool. That was my problem hope it helps????

uiop · March 1, 2016

Thanks , I'll try this soon. Hope this works

Walking Hell · June 12, 2016

Already found the solution: when you place optool in the bin folder that you had to create to make patchapp.sh work you don't need an extra optool folder just after the Mach-o folder place the optool inside it do not create a folder called optool. That was my problem hope it helps

so you downloaded optool? and place it where? theos-jailed/bin folder? and where is this mach-o folder?