autohook-with-simject.md

AutoHook and Simject

Setup

For the entirety of this guide we'll assume your project's name is libfoo.

To follow this tutorial exactly, you will need:

1. Xcode 11.4 beta (sudo xcode-select -s /Applications/Xcode-beta.app);
2. Simject installed according to its readme; and
3. an example AutoHook project set up and ready to go in Xcode.

Building

1. Set your project's scheme to libfoo and target an iPhone simulator.

2. Build once with cmd+B.

3. Open Terminal and enter cd ~/Library/Developer/Xcode/DerivedData. Depending on your shell and its configuration you can either press the TAB key or enter the command ls -la to get a list of directories. Find a directory named something like libfoo-qwertyuiopasdfghjkl and cd into it.

4. Continue down the directory tree by cding into Build/Products/Debug-iphonesimulator. If you don't see Debug-iphonesimulator then you did not complete step 2. If you only see Debug-iphoneos then your scheme was targeted to an actual iOS device or the generic iOS device. Either way, go back to step 2.

5. Run ls to list the directory's files and ensure there is a file named libfoo.a.

6. Run clang:

   xcrun --sdk iphonesimulator13.4 clang -arch x86_64 -shared -all_load libfoo.a -o libfoo.dylib
   

7. Run ls again and verify that a new file named libfoo.dylib has appeared.

8. Copy the dylib to simject with cp libfoo.dylib /opt/simject.

9. Sign the library with

   codesign -f -s - /opt/simject/libfoo.dylib
   

10. Next we have to create a bundle plist. Run /usr/libexec/plistbuddy libfoo.plist. The output should look something like this (where the _ indicates your cursor):

    ❯ /usr/libexec/plistbuddy libtestobjagain.plist
    File Doesn't Exist, Will Create: libtestobjagain.plist
    Command: _
    

11. Type add :Filter dict and hit enter. Check to see if the dictionary was added correctly by typing print and hitting enter. The output should look like:

    Command: print
    Dict {
        Filter = Dict {
        }
    }
    

12. Run add :Filter:Bundles array, followed by add :Filter:Bundles: string com.apple.springboard. Finally, run print again to check your work:

    Command: print
    Dict {
        Filter = Dict {
            Bundles = Array {
                com.apple.springboard
            }
        }
    }
    

13. If you're satisfied, run save and then ctrl+c to exit. DON'T FORGET TO SAVE!

14. Copy your plist to simject by running cp libfoo.plist /opt/simject. You should also take this opportunity to copy it to your project directory.

15. Run resim! For me, that's ~/git/simject/bin/resim. The exact path depends on where you cloned the simject repository.

Automating

Phew, that was a lot, right? Thankfully this process can now be automated. Of course it's possible to automate the steps from the start, but I think it's important to grapple with the nitty-gritty so you better understand what we're doing and why we're doing it.

1. Back in Xcode, click your project in the Project Navigator

2. Click your target.
   

3. Click Build Phases.
   

4. Click the + button to add a new build phase.

5. Choose "New Run Script Phase".

6. Copy and paste the following script into the text field. Don't forget to change the path in the first line and the libfoos to match your project.

   cd ~/Library/Developer/Xcode/DerivedData/libfoo-qwertyuiop/Build/Products/Debug-iphonesimulator
   xcrun --sdk iphonesimulator13.4 clang -arch x86_64 -shared -all_load libfoo.a -o libfoo.dylib
   cp libfoo.dylib /opt/simject
   codesign -f -s - /opt/simject/libfoo.dylib
   ~/git/simject/bin/resim
   

7. Now whenever you build with Xcode, this script will take care of all the heavy lifting and respring any active simulators.

Happy devving!