Dev:Updating extensions for iOS 8

Let's collect knowledge like we did with Updating extensions for iOS 7 - paste in your notes and share what you've learned, and somebody else will organize it later. :) If you want to ask questions and share tips over chat with other developers, see How to use IRC for how to connect to #theos and #iphonedev.

'''Hey developer, you can add your knowledge here! Yes, you! Make an account and edit this page!'''

It's also helpful to double-check the statements here and add more info! These are notes and drafts from early research - feel free to update them.

If you want to see what's been recently updated on this page, you can use the wiki's history feature to compare the revisions (to look at the diff) since the last time you visited this page.

Preference saving
In iOS 8, the preferences daemon cfprefsd is handling all preferences in memory and writes them to the corresponding .plist file "whenever it wants". Therefore when the notification for a change is posted, the change is usually not yet written to the file. Reading preferences directly from the .plist has become problematic. The notification from the Preferences specifier plist is now posted before the plist is updated on disk — as opposed to after the plist was updated on disk, which was the case on iOS < 8.

Writing directly to a plist in Preferences is also a problem because then the daemon will not know about your "manual" changes, and will overwrite those changes when it writes its in-memory settings. So either you read or write everything yourself (for example by overriding setPreferenceValue:specifier and readPreferenceValue:) or use CFPreferencesUtils.

See Loading Preferences (a better way) for what to do. (As that page says: this was tested back to iOS 6, it seemed to work without problems. This solution does not work if you are in third party apps or other apps that have sandboxed preferences.) Another viable option could be using GCD and using a descriptor source for that file.

Thanks to xTM3x, Yllier, and others for their research on this.

Everything else

 * The term 'Display Identifier' has been removed when referring to SBApplication. Methods that used the term usually have a 'Bundle Identifier' equivalent; e.g.  and   are now    (as opposed to  ) and  . Since applications are now found using their bundle identifier,   is now  . A catch-all way of getting *any* icon is,.


 * "Has anyone looked into granting entitlements in iOS 8? It would appear the popular method of hooking "_XPCConnectionHasEntitlement" no longer works." "I haven't had a whole lot of time to do testing or look for better methods but I found "_BSAuditTokenTaskHasEntitlement" which appears to have a similar function to "_XPCConnectionHasEntitlement", it's part of the "assertiond" process which must be hooked in order to access it, so far it's worked. More specifically, part of the "BaseBoard" private framework within "assertiond"."


 * PLBatteryPropertiesEntry no longer seems to exist for getting current battery info such as: . You can still use:


 * launchctl appears to be slightly broken. launchctl start and stop work perfectly, but launchctl load/unload no longer works with daemons in /System/Library/LaunchDaemons/ (aborts with the cryptic error message ). But you can load/unload daemons based in /Library/LaunchDaemons/ (that's where you are supposed to launch your daemons from anyway).


 * MISValidateSignatureAndCopyInfo appears to perform additional code-signing checks during app installation.


 * installd cannot be reloaded via launchctl.


 * Mobile application containers are at /var/mobile/Containers/Application.


 * Looks like certain apps don't have privileges for IORegistryEntryCreateCFProperty anymore (Safari, Mail).


 * PrivateFrameworks (and possibly others) in the iOS 8 SDK are missing the __TEXT section. Frameworks must be extracted from a device's dyld_shared_cache using a tool like JTool or IDA before they can be (statically) reverse engineered. See dyld_shared_cache for more info.


 * It would be cool for somebody to add an example or tips for how to use JTool to extract these frameworks.


 * Many functions from SBMediaController have been removed, and it is now useless for accessing now playing information.  and   can be utilized for displaying track time.   returns a dictionary full of other useful information, see Cykeys reversed header for a list of keys. You can use MediaRemotes   to set track time. (Although maybe not? "looking at someones class dump -[SBMediaController _nowPlayingInfo]; is still there, which returns a dictionary containing all the info"). -[SBMediaController _nowPlayingInfo]; no longer returns useful information (on 8.1 at least).


 * You can no longer mount FAT-formatted storage devices via the CCK, only HFS.


 * "Has anyone figured out how to add subviews to UIAlertView in iOS 8 yet?" "I found a workaround so I can at least add to the content view (which is not the size of the full alert view though). Within a subclass of UIAlertView do . When not subclassing,   should work, although one has to figure out the right time to do that."


 * system is now deprecated. Apple recommends using posix_spawn instead.


 * If an app is using WKWebViews, processes named com.apple.WebContent and com.apple.WebNetworking are being spawned and they each create only one NSURLCache. If you want to know the bundleIdentifier of the app they were spawned for, just hook -[NSURLCache _initWithMemoryCapacity:diskCapacity:relativePath:] in those processes. relativePath will be that bundleIdentifier. It's not perfect but a quick and neat trick.


 * com.apple.mobileinstallation.plist is gone on iOS 8. You can use AppList to get a list of installed apps. If you need to do this without Substrate for some reason, this post and thread has some discussion of alternatives.


 * When a passcode is set, UIWindows are not rendered when on the lockscreen, although touch events are still received. To resolve this, you can override when subclassing or hook  in UIWindow to return 1. (CAContext has a new property   which controls this behaviour.)

What is new in iOS 8, and how does it work?

 * The view Reachability invokes is in the new framework FrontBoard - you can hook it. It is a FBWindowContextHostView. To toggle it:


 * FrontBoard is a new framework that takes up a few of BackBoardServices' responsibilities. SpringBoard now inherits from FBSystemApp, which in turn is a UIApplication subclass.


 * CameraKit is a new framework that takes everything related to the camera out of PhotoLibrary.framework. PLCameraController is now the humungous CAMCaptureController.


 * Apple seems to call the iOS side Octavia and the OS X side Nero

Which tools and other preexisting things are still working on iOS 8? Which ones don't work?

 * Activator, Flipswitch and AppList updates compatible with iOS 8 are live on BigBoss repository (verified by rpetrich).


 * The package  seems to not be working. An alternative - also as listed on TheiPhoneWiki. In other words: while the syslogd package doesn't work, installing socat and running   still works on iOS 8. You can pipe it to a file if you want.


 * "Does Theos work on iOS 8?" uroboro responds here


 * libstatusbar seems to not be compatible yet, UIImage kitImageNamed returns null. While waiting for an official fix, if you need a version for testing, you could compile from Tateu's patched source, but it's a horrible hack that is just a temporary solution (it doesn't appear to have identical behaviour if run on older iOS versions).


 * libsymbolicate doesn't work on 8. (VMUHeader is gone from Symbolication.framework.)


 * "RocketBootstrap seems to work." - it works perfectly with my tweak [Simon Selg]. Maybe not working as well with Flex though?


 * "What works for dumping classes on iOS 8? classdumpz doesn't seem to work. I'm trying to dump them directly on an iPhone 6." "You could use class-dump for i386 and the iOS 8 simulator" "This class-dump works for me." "If you want to dump on your iPhone then just compile its source to ARM; IIRC its distributed binary is x86/64 only."


 * "Does weak_classdump_bundle fail for anyone else on SpringBoard?" "It fails in general, it needs to be updated. You can dump SpringBoard with classdump-dyld, if not on an 64 bit device...otherwise, an update is coming too for 64 bit. " Update: an updated classdump-dyld (that supports 64bit executables dumping) is available on GitHub and on BigBoss (changelog).

Random assorted other notes

 * iOS 8.0 Headers, another set of SpringBoard headers, another set of SpringBoard headers Part-1 and another set of SpringBoard headers Part-2 (made with different class dumping tools).


 * In things like SBStarkBanner* classes, Stark is the codename for the blur-heavy UI since iOS 7