So, since I (hope I) am far away from a noob with MobileSubstrate programming now, and saw this question as quite popular, I decided to create an answer covering everything you need to know about the subject hopefully briefly.

This little introduction is meant for whoever has a minimal knowledge on Objective-C and knows what he is doing.

NOTE: I will refer to the theos install path as $THEOS . This could be ~/theos , /var/theos , /usr/theos ... Yeah.

The most popular way of creating MobileSubstrate extensions, also known as tweaks, is using Dustin Howett's theos build suite. Details follow:

What is theos?

So, we should start with what theos is not:

The Operating System

A Greek God

A compiler

And of course, what theos doesn't do:

Teaches you how to code.

Creates tweaks without having you to think

Sets up a whole building environment and/or installs the iOS SDK.

Theos is a cross-platform suite of development tools for managing, developing, and deploying iOS software without the use of Xcode, featuring:

A robust build system driven by GNU Make , which makes its Makefiles easily deployable through everywhere with theos installed too.

NIC , a project templating system which creates ready-to-build empty projects for varying purposes.

Logos , a built-in preprocessor-based library of directives designed to make MobileSubstrate extension development easy and with optimal code generation.

Automated packaging: Theos is capable of directly creating DEB packages for distribution in Cydia, the most popular mean of package distribution in the jailbreak scene.

How to install theos?

On OSX : Have the iOS SDK installed and follow these instructions.

: Have the iOS SDK installed and follow these instructions. On iOS : Install the BigBoss Recommended Tools package from Cydia and run installtheos3 .

: Install the BigBoss Recommended Tools package from Cydia and run . On Linux : Find a mean to have the toolchain installed, and follow these instructions.

: Find a mean to have the toolchain installed, and follow these instructions. On Windows: Nothing is impossible, but if you actually manage to do so, please let me know. :P

How to use theos?

This is a very asked question and too vague. Since theos is a whole suite of development tools, it doesn't make sense to ask How to use it, but more specifically, to ask How to create software using theos.

First of all, always have the Theos Makefile Reference in hand. It covers the basics of creating a theos Makefile, and that includes solving your linking issues adding a framework or private framework to the project.

Now, you can either create your own Makefile from scratch, create your little theos clone/symlink and start coding, but theos makes this step easier. You can just use nic.pl .

A very simple example of running NIC to create something can be found here. It's very straight-forward and sets you up right-away for programming.

Now, here's where we start getting back to topic.

Creating a tweak with theos

First of all, do not run NIC when inside $THEOS/bin . NIC will create the project directory exactly where you're running it from, and it avoids any project being created in $THEOS/bin . Therefore, you'll end up with a simple error which can be avoided by creating the project directory somewhere decent.

Run $THEOS/bin/nic.pl and choose the iphone/tweak template. You will be prompted by simple information which you may well know well how to answer, except for the last field: MobileSubstrate bundle filter .

Since a big part of MobileSubstrate is not just the hooker (the library which switches original methods/functions with yours), but also the loader (the part which gets your hooking to be inserted into certain processes), you have to supply this basic information for the Loader to know where to load your tweak. This field is but the bundle identifier for the application where this project will be inserted.

com.apple.springboard , the default option is the bundle identifier for SpringBoard, the application which is:

The iOS Homescreen

The launcher/displayer of common applications

The iOS Status Bar

Handler of some high-level essential background processes

Therefore, there's where many tweaks take place, altering behavior from something as trivial as app launching to something like how the whole homescreen UI looks like.

Programming a tweak with Logos

Now, the directory generated by NIC will contain:

The Theos Makefile , where you'll change information related to compiling

, where you'll change information related to compiling The control file, where you'll change packaging-related information

file, where you'll change packaging-related information A symbolic link (or shortcut) to $THEOS named theos/

named The main code file, defaulted as Tweak.xm . It is already added to the Makefile for compiling, so you can start coding right-away with it!

On knowing what to do

Now, you don't have SpringBoard's source code laying around, and you can't guess what methods to hook from nowhere. Therefore, you need a SpringBoard header set. For that, you need to use a tool named class-dump-z and run it into the SpringBoard binary (which is inside the iOS filesystem) to obtain header files including all class declarations and its methods inside the application.

From that (a deal of guessing and logging a method call is involved) you can start messing around with what you want in a tweak.

Of course, if you are not hooking SpringBoard you can use class-dump-z as you would in other binaries, such as UIKit , MobileSafari , etc.

Note that for when reversing App Store apps, they'll be encrypted. You'll need to decrypt those (I am unfortunately not allowed to tell you how-to), and then just run class-dump-z on them.

On obtaining private headers

Stuff like preference bundles require the headers for private frameworks, in that case the Preferences framework's headers. Else you'll get endless missing declaration errors (as I guess you could assume).

Getting them has the same logic applied the previous step. Run class-dump-z on, at this case, the Preferences binary and throw the headers at your INCLUDEPATH . The INCLUDEPATH is where the compiler will go looking for headers you include like #include <stdio.h> . Yes, stdio.h is inside one of the directories which build a compiler's INCLUDEPATH !

When compiling with a theos Makefile, $THEOS/include counts as part of your INCLUDEPATH , which means, you can just throw your dumped headers over there and include them later.

(Note that class-dumped headers aren't always perfect, so you're likely to have a couple of header-related compilation errors which can be easily fixed with something like removing a #import directive or changing it, or adding a couple of declarations.)

Code tips

You can't link against SpringBoard, so whenever you require a class from SpringBoard you have to use either the Logos %c directive or the objc_getClass function, as defined at <objc/runtime.h> to get it. Example: [%c(SBUIController) sharedInstance] , [objc_getClass("SBUIController") sharedInstance] .

directive or the function, as defined at to get it. Example: , . When not knowing what a method does or how something works in SpringBoard, try disassembling it with IDA or others. I use IDA Demo (<- noob!) for my disassembling.

Looking at example code is amazingly helpful for both learning and figuring out how something works inside SpringBoard or others (again..). Great people at GitHub to have a projects looked at are rpetrich, chpwn, DHowett, EvilPenguin, and of course way more.

To also find about how SpringBoard and other works (...), have a look at a class's article at the iPhone Dev Wiki!

Epilogue

Wait, where's the good part? Where do I learn about coding in Tweak.xm ?

Well, the original question was actually How to start MobileSubstrate tweaks programming?. You're all setup, hopefully with all headers placed, ready to type in make and see your project magically compiled with theos.

All you need to do is now to actually dig into your headers or your disassembly and go hooking, calling, etc.!

Logos Reference contains exactly how to hook and use other features of Logos, and the MobileSubstrate article on the devwiki is also a great read.