#development

I don't think you can with XHR

https://github.com/WilsontheWolf/halloween-candy-db/blob/master/src/public/main.js#L289-L303

yeah so rewrite to use a different JSON parser

I don't wanna use node

so I'm just using builtins

Different JSON parser? This is the built in one https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse

Oh

Guess I'll use that then

Right now I'm just using xmlhttprequest

Well thats how you fetch the data

https://github.com/BBaoVanC/bobashare/blob/85164bb448e785fa5c098142e4531af9cf9b3c0c/bobashare-web/static/js/upload.js#L38

I use fetch which is also a built in https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API

I can't show progress with fetch api

otherwise I would be using it

see here right now I'm just using XHR to parse the json

ok

just like in the error hanlder do what I did, but make msg the req.responseText

Yeah

I wasn’t talking to you.

Hey @ocean raptor . Just tried netctl's code, but browser doesn't call the callback I've passed. Do you know what could be the reason?

Bundle(path: "/System/Library/PrivateFrameworks/Sharing.framework")?.load()
browser = SFBrowserCreate(kCFAllocatorDefault, kSFBrowserKindAirDrop.takeRetainedValue())
SFBrowserSetDispatchQueue(browser, .main)
var clientContext: SFBrowserContext = .init()
SFBrowserSetClient(browser, browserCallbackFunction, &clientContext)
SFBrowserOpenNode(browser, nil, nil, 0)

I've also attached a screenshot from Console.app with system logs. Connection to sharingd became invalid is the error I think, no idea what it means though. I'm running it on a jailed device in a sandboxed app, but they should be able to access private apis, right?

airdrop needs entitlements, make sure you have those

Also, make sure your callback is using C abi/calling convention, a swift function won't work

got it, will test in a second

@tepid olive happy birthday big man

@tepid olive happy birthday average sized man

@vivid dew happy birthday small man

how can I make it use "C abi"?

just adding entitlements didn't do the trick

Idk

Google "how to make C function in swift"

development

@tepid olive happy birthday big man

Don't quite understand you. Do I need to write a function in C and call Swift code from there? My current swift global function:

func browserCallbackFunction(_ browser: SFBrowserRef?, _ node: SFNodeRef?, _ protocol: CFString? , _ flags: SFBrowserFlags, _ error: SFBrowserError, _ info: UnsafeMutableRawPointer?) {
    remLog(info) // doesn't get called, because "Connection to sharingd becomes invalid"
}

never worked with private c frameworks before, sorry if I'm asking simple questions haha

Basically, the callback is supposed to be a C function, and swift functions are not C functions

hmm, but how did TrollDrop work then? It uses a swift function as a callback

https://github.com/XMB5/trolldrop/blob/a5f97fc2c88261ce9193e1e5b8ca9e3a83498682/TrollController.swift#L91

but alright, will try with a C function

Ok maybe swift handles that for you automatically

I don't know swift so I'm just talking out my ass

Anyways

I have no idea why it doesn't work

Watch syslog there's probably something mentioned in there

Not really

There is

The 5th line smh

sandbox

You're missing entitlements

I forgot to copy over entitlements from trollstore

I copied from netctl lol

Who could've guessed

Merge the ents

there we go, now it's working

thanks cameron, saved me from a 10 hour entitlements pain lol

you can pass a global Swift function (with some restrictions) as a C function pointer — if you need to do it explicitly you can cast the function with browserCallbackFunction as @convention(c) (SFBrowserRef?, SFNodeRef?, <other args here>) -> Void

got it, thanks

I found Xcode 14.0 beta 2 and beta 6, still missing 3,4,5

idk

its from SIL docs i dont think its quite 1:1 with the language side but the only thing i could find

capt proving again that he literally cannot read

capt proving again that he cannot code

ive got a linux question if anyone knows:

so i need to be able to SSH as root into my server (in google cloud) but have to add my public ssh key to the metadata.

however, i can only ssh into the user on the server with the same username as my login on my local machine.

how can i ssh into the other user accounts?

ssh name@blahblah

where blahblah is IP

yep. if you don't specify blah@ it uses your local login username

https://media.discordapp.net/attachments/877053237033828396/1005326376460619816/ezgif-4-48af0667e2.gif

@ocean raptor pls fix

(that is not the expected output)

it is

marge

@lime pivot seen this error before?

nvm I put 15.7 for 15.7.1 entry lol

whoop that'll do it

wrong reply

Oh your not dead

That’s nice

is it possible to tweak an app’s widgets

What is g lg

What is actually crashing in the?

less?

I know how to fix it, just wondering

I'll fix when I take lunch

@marble perch unbelievably based https://cgit.freebsd.org/src/commit/?id=f9349d427431eaa5b3bd7e9e7e87725a138facd1

Hi again, I now have another issue, this time with SFOperationResume. I looked into sys logs for 30 minutes trying to figure out what the issue is, but didn't find the reason of invalidation. Using this snippet to start an operation:

let operation = SFOperationCreate(kCFAllocatorDefault, kSFOperationKindSender.takeUnretainedValue());

SFOperationSetProperty(operation, kSFOperationItemsKey.takeUnretainedValue(), [NSURL(fileURLWithPath: "/var/mobile/test5")] as CFArray);
SFOperationSetProperty(operation, kSFOperationNodeKey.takeUnretainedValue(), pointer); // tried with both pointer and CFNodeRef, doesn't work

var context: SFOperationContext = .init();

SFOperationSetDispatchQueue(operation, DispatchQueue.main);
SFOperationSetClient(operation, operationCallbackFunction, &context);

SFOperationResume(operation); // crashes app, 

Attached syslogs and stack trace. Thanks in advance!

What’s interesting to note is browsing works fine: I get SFNodeRefs and successfully get their deviceNames. But SFOperationResume doesn’t work…

FreeBSD already has the zstd binary in base, this is just for convenience

FDA food regulations:

RelocateMe15 eta????

I have an issue with YouTube on iOS 3.1.3
https://www.reddit.com/r/LegacyJailbreak/comments/ym1mmm/discussion_classic_youtube_app_playback_issues/

Some required codecs to play YouTube videos are missing. If someone knows any way how to install these codecs, or if anyone thinks he might be able to port them from a newer iOS to iOS 3.1.3, then please reply here or on Reddit.

iOS 5 seems to have no issues, so if anyone is going to port anything I recommend starting with iOS 5.

Make sure you are on the latest pcre2 and less update

Cause I fixed that a while ago iirc

😢 This weekend??? I really want to get it done, just keep having stupid things come up like midterms and calulus

😭

Man I hate being an adult, I have no free time

I also need to fix harpy again, someone in #jailbreak brought up a good point that the UI is borked on iPad OS.

not yet

True

Is there anything I can help with in terms of entitlements for iOS 15?

upgrade my m1 ram to 32gb

L

*you're

How do I get this number from a tweak?

I didn't start researching it myself, just wondering if someone already knows 😅

...although I'm on A11 so I'm not sure if the tweak I want to make is worth losing passcode

https://github.com/shepgoba/SettingsWidgets/blob/master/SWWidgetContainerView.m#L326

idk if its the best way but this works

and only from preferences

if you dive lower level you can probably find the process independent way

CoreTelephonyClient

Ah hm I wanted to show it in the status bar or something

Which I guess means SpringBoard

actually since its a client you can probably just make one

theoretically this will work

link CoreTelephony and create a client (although springboard might already have it linked)

CoreTelephonyClient *c = [[%c(CoreTelephonyClient) alloc] init];

[c dataUsageForLastPeriods:2 ^(CTDeviceDataUsage *dataUsage, NSError *arg2) {
    CTDataUsage *usage = [dataUsage totalDataUsageForPeriod:0];
    NSUInteger dataUsageBytes = usage.cellularHome + usage.cellularRoaming;
    // do stuff with dataUsageBytes, update UI on main thread etc.
}];

that seems to be apple's design paradigm since ive done the same thing to control white shift point

"last periods"

i got 2 and 0 respectively by messing with numbers until it worked

on naming alone i figured 1 would work but idk

fiddle with it

could probably just do 0 and 0 come to think of it

i dont have a jailbroken device rn so i cant/dont care enough to test

oh interesting, so it's not "number of periods" but some kind of constant

yea like per month or something

and in the block im only really using the first one

i wrote this like 2 years ago so it might just be shit code

Yeah I'll have to dig in settings code

I'd like to get per day, specifically defined as "since midnight", I could get the "current period" number and reset it at midnight (as if pressing the Reset Statistics button in settings)

yeah

https://tenor.com/view/piran-f-bladee-white-women-gif-18873461

you mean w*men?

i have a reversing challenge for you

there are no updates when I apt upgrade

this file, originally named global-metadata.dat, was encrypted using an unspecified method. use any method available to you to recover the key. post the full key (hex preferred) and we can be discord friends permanently

What libpcre2-8-0 and less version do you have installed?

and apt update first

speaking of, add

pros: not capt

cons: shep

pros: would also piss off capt

true

anyone who can do this before capt gets a $10 nitro gift from me, and also the self-satisfaction of cucking him away from being friends with me again

how are you even supposed to-
ykw, i'll just go

obv

Any method available to me? Ok. What’s the password?

libpcre 10.40, less 590

i've decided not to tell you, you'll have to find another way

ok quiprr's mirror broke again

never mind me then

plenty of outdated packages

L

Figured I'd mention it just in case

my dumbass tried to kernel RE after drinking two beers didn't work at all lol

lol

drinking

I don’t suppose there’s a simple way to download the IPAs for apps you own?

Niceee

requires apple silicon mac or a jailbroken ios device

Ahh yep okay

Why Apple silicon Mac though?

so you can decrypt the ipa

Ohhh okay
I forget the name of it but is that with like the chip that Hackintoshs have to fake having to work?

wrong

its apple’s arm architecture macs

Oh yeah but I mean like
What’s stopping me from doing it on a Hackintosh or something?

the fact that it isn’t apple silicon

you wouldn’t be able to decrypt it

But like
Why haha
(I know I can’t I’m just curious why)

i forgor

Ohh fair haha

https://github.com/meme/apple-tools/tree/master/foulplay

Ohhh nice thank you!

running iOS apps is an official feature on Apple Silicon Macs, not supported on Intel Macs because the architecture is different

those decryptor tools take advantage of the fact that Apple Silicon Macs have the functionality needed to decrypt apps you own

didnt apple pull the plug on it mostly though

so only opt in apps works

I think there's a way to bypass the system-level check

https://www.idownloadblog.com/2022/03/28/sideload-apps-iphone-ipad-apple-silicon-macs-sideloady/

supposedly sideloadly works on m1 i guess

then it's up to the app to check UIDevice.current.isiOSAppOnMac or whatever it's called

I know Netflix does and exit(0)'s if so

but if you're decrypting anyway, you're injecting code that can run before main() and therefore can read the decrypted binary out of memory to disk

where you can patch it out and re-sideload it

love to use my apple id, *******@**************.***

still dumb its not OOTB even after apple advertised it with m1

"yeah uh nvm guys lmao"

they definitely got scared by companies like Netflix that didn't like that people could bypass checks and sideload their apps anyway

Ohh that makes sense

I’m kind of interested in patching and stuff like that not that I have any experience at all with it

Actually I have some experience
I once patched a really simple binary for a CTF
And that’s all haha

search selrefs in ida for the method on uidevice mentioned by kirb, check cross references , find the relevant instance of its usage, patch a mov instruction 98% of the time, resign, done

epic fail

ye it just doesn't work lol

basically you can only use a jailbroken ios device for reasons unbeknownst to me

Just pushed a bunch of updates, good thing his mirror is broken so I can recover working debs in case I broke anything lol

Cause I don't take very regular backups of the repo

fr

gif-finder.com but minecraft

yooo christmas shep

shepmas

https://menheraemotes.llsc12.me/menhera/MenheraBall1.gif

i like how we noticed at the same time

true

true

shut up

ok lol

didn't mean to offend anyone

lmao, tru

I’d be preserving every deb ever released to a backup drive in your position

seems like a waste of space

yolo

makes me nervous to not have those things just in case

yeah, just setup a crontab on my NAS to backup apt.procurs.us every week

procur.sus

as long as I don't break things on saturday at 11:59, I'll be fine

I download local copies of the Chariz downloads bucket every so often. why not I guess

I have a 10Tb NAS, and a few spare 8Tb drives sitting in my room

I thought my NAS was bigger tbh...

only 10 terabit rip

i have like 3 8Tb ssds

I have like 3 6Tb in raid or something like that

I don't really remember

it's enough space for me

I've got a few spare 3.5 spinning disks, do y'all have any recommendations for adapters for those so that I can use them with my laptop?

i bought the cheapest one i could find and it works
just no S.M.A.R.T data trol

@primal perch fuck you x

Link?

https://github.com/BBaoVanC/bobashare/commit/e6e7266bef412f71ad7550c4755e8262dcf7def1

amazing commit title isnt it

should i use an alpine base to my bobashare docker image to make it be about 30 MB instead of 150 MB

stfu

FU

@tepid olive happy birthday big man

@tepid olive happy birthday big man

@tepid olive happy birthday big man

a dremel and a bunch of duct tape, probably

whatever USB-C things you can find on Amazon are probably fine, just need to use external power because USB non-PD can't power a 3.5" drive

@tepid olive happy birthday big man

I bought one that uses external power and USB c but it didn't work

how many amps does the brick do?

who PINGED me

Hey, thanks guys!

I really appreciate it :)

happy birthday

Thank you

has anyone messed with firebase apps and their sideload/jailbreak detection before?

since when did firebase itself have detection?

well i think it might be firebase

im unsure if it is or not lmfao

it isn't lol

what app are we talking about here

https://apps.apple.com/us/app/gas/id1641791746

i heard about it being a human trafficking app and i decided to look into it, and now im trying to see if i can give myself the paid subscription through a tweak

i have the i64 binary if you want

and it seems to at least have a log of methods that pertain to 3rd party detection, but idk how many are actually implemented

bc from the looks of it, 90% of the app is just 3rd party frameworks/libs

where is firebase in this app

i do not see it

is that not firebase?

https://github.com/firebase/firebase-ios-sdk/blob/master/Crashlytics/Crashlytics/Components/FIRCLSApplication.m

oh it is
i just don't see the framework for some reason

like i cant even get flex loaded

i mean i'm jailbroken and it works

im not, and im sideloading

let me decrypt it, one sec

do you want the i64?

i have it

no need

okay i made my own tweak that loads flex

no i wasnt

gas def is not a human trafficking app

thats just dumb rumors that kids started

yeah ik

its a dumb app but its not illegal

i was looking into it to see if i could find anything

i get bored easily

also u should give urself the paid subscription free

10 dollars a week

its a fucking scam

fr

problem is

the app is in swift

and swift hooking is

im sure the app is all bots too

rip

like theres swift methods

and theres also objc functions for the swift functions

so like, if i hook the objc will it edit the swift???

idk

@zenith hatch I don't suppose you or anyone you know has catalina?

why whats up?

i have enough storage to make a catalina partition

Well, I have a bin dpkg-scanpackages that's valid on HS but upon running it on Cat, it gives me Illegal instruction 4

surprisingly though, all the other dpkg* bins work

I thought about compiling it from scratch but there's no sources that I've found for that and homebrew yields the same issue

real

yeah..

@grave sparrow Hello, did you ever get MSHookFunction working on stock?

can it work with trollstore?

there's no entitlements that'll allow it to work?

Oh.

Wait

What about get task allow

Ohhh ok

It can’t debug itself?

Do you think this is my problem or substitute side?
Also, I deleted preinst because it caught in the version check when installing substitute.

iPhone X, 16.1 RC
@upbeat wyvern

(now that the xnu sources have been released, the system crashes are gone after applying the necessary patch.)

I'm considering opening this up for developers, so any support would be appreciated...

It probably means remote injection failed

Probably missing some kernel patch

Not sure how you jailbreak works though

*your

Thanks!
so they need vm_* patches to work? maybe i forgot it

You can try making launchd load substitute loader some other way too

Hmm, after enabling the vm_fault_enter patch, I got an error like this...
still missing something :/

Looks sort of like your substitute is not newest maybe?

This is 2.3.1

That means it couldn’t find the dyld methods to iterate shared cache

I turned on friend requests for a moment if you want to add me

thanks!

i do not like legacy firmwares

wholesome

  "___gxx_personality_sj0", referenced from:```

what the fuck is ___gxx_personality_sj0

ok i got copilot to add 5 random linker flags and it works :trollage:

obligatory hbd!

@naive kraken would it technically be possible to make an app for trollstore that spawns a binary that runs in the background that waits for a certain process to start and runs _dyld_get_image_header on the binary in order to run run MSHookMemory on that binary?

or is that like

not even close to possible

uhh your question doesn't make any sense but if you just want JIT check out the PojavLauncher solution

although you will need way more entitlements so your app still works properly once you give it platform-application

so like

binary has code that will execute when an app is loaded

the binary just runs MSHookMemory on that app's binary

that's.... not how it works

thats why i was asking

if JIT is enabled for the process, MSHookMemory should just work

(maybe)

im basically trying to make 1 part of gameseagull work

so a trollstore app would have a binary in the background that waits for the gamepigeon app to load, and when it does, it runs code on that

or some shit

idfk

ah I see

no

or maybe??? idk opainject may work on app store apps

but certainly not on system binaries

well I think the dylib still needs the same team id as the app store app

then it may work

system binary = binary either in dynamic or in static trustcache

interesting

but there is no point in using opainject on a ts installed app anyways

honestly someone (not me) should make "TrollDecrypt"

uuuhhh like... everything?

find out the team id of an app store app, resign dumpdecrypted.dylib with it using the ldid embedded into TrollStore (probably too hard thinking about it lol, you'd to generate a CT cert on the device itself I think), then inject that into the app using opainject

flexdecrypt needs kernel r/w I think

maybe you could dump an app just by getting the task port to it and reading the memory

that could work tbh, you should be able to get a task port of non platformized (app store) apps

i was gonna

@naive kraken do you need a root binary for an app to run as root using trollstore

or can it just be done inside the app using entitlements somehow

bfr

bfr x30

nerd

Happy birthday! I hope I’m not too late haha

You are not

I'm looking to add SEO to man.cameronkatri.com and want to know how you would handle it. I'm thinking I'll statically generate the html for each page and have program in the back handle any redirects and searches

Or what would you do?

do a url rewrite in your nginx/apache/whatever for something that seems like something someone could type without having to think much about it

like man.cameronkatri.com/1/apt-get maybe?

looks like the urls are already pretty good actually

I'd also say consider copying through the name section of the manpage (if that's any easy to do), put it in the title and meta description like ```html
<title>ls — list directory contents</title>
<meta name="description" content="ls — list directory contents">

The meta description is why I'm changing my software

Currently I just use the cgi program included in mandoc

But it's in C and I don't feel like figuring out how to use libmandoc

web services written in C scares me

So what I'm going to do is use like Perl or something and shell out to mandoc(1) to gen html without a header, then use an html parser to extract the text for my description

It's openBSD people, and they have very high standards so I'm not too worried

also is this on cloudflare?

I'd recommend add a page rule to set caching to cache everything

I do have cf, not sure if it's actually caching anything

cache all the rendered html so you don't need to do all that stuff as often

just go into cloudflare and clear cache when you update the manpages, of course

currently it'd only be caching the css

speaking of css, strong recommendation to comment out the hover overlay thingy, since it's a bit pointless to anyone except someone trying to write a manpage

Good idea

https://github.com/hbang/libopener/blob/master/client/RestartOpenerd.x

https://cdn.discordapp.com/attachments/688121419980341282/1038993611162927134/Screenshot_2022-11-06_at_19-48-55_askama_README.md_3.42_KiB.png

these days you prob need an entitlement for that

markdown parsing is not working

looks fine to me

Would be nice to make a TrollCLI (install via command-line almost like appinst)

I’m pretty sure TrollStore does that

Plus how are you going to access the cli without first installing trollstore?

that already exists. trollstorehelper inside the trollstore app bundle

apps can't run as root, only helper binaries can

true

This isn't a jailbreak specific question per se, but does anyone know if it would actually be possible to upload something to a user's ICloud Music Library programmatically?

Anyone know how the USB 3.1 DCSD cables work (I have one but I don't get a TTY on it)

https://www.theiphonewiki.com/w/images/7/7d/DCSD_USBC_3_1_annotated.png this cable

what would be the syntax? trollstorehelper /path/to/ipa?

trollstorehelper install <path/to/ipa>

https://demoshare.boba.best/qnnqupNu

bobashare markdown display with syntax highlighting

That’s some nice syntax highlighting

you're using something that doesn't work in safari

Safari moment

that explains it
works as soon as i turn off dark mode

in dark mode, it just uses var(--text-0)

the not logic doesn't seem to work with prefers-color-scheme in safari

so it's better to just specify dark and light lol

you can just use the color-scheme css property to choose a default for your page
then just override with the media query based on the preferred one

am I blind what's wrong with the website

it's just a test for syntax highlighting

dark mode should look like this

gm “developers”

literally just

:root,
    :root.light {
    ...
    }
 
    :root.dark {
    ...
    }

then you can set the same property for each element

well then if the browser doesn't support prefers color scheme, then there's no highlighting

safari dumb then

or your code is non standards compliant

it literally is though

how can it not be

W3C documentation is like 100000 pages

so that might be why

but the browser does... not just doesn't work with the query in safari lol

safari moment

and from what it looks like you default to the dark theme, so that wouldn't make sense lol

why not? The dark theme is the one that's better so I default to it

see the :root and its media query

that's not what i'm saying
you should have syntax highlighting even if there's no support for the color scheme

wdym

well, it doesn't make sense to use not just yet as the no-preference value isn't even supported on most browsers

what do I do then

I can't leave one of them out of the media query like I did for :root because they aren't perfect overrides

So the rules will be mixed up togethrr

@hasty ruin @faint stag @primal perch try it now, I changed the rule a bit

I don't know a browser that doesn't support prefers-color-scheme to test on

@media not all and (prefers-color-scheme: light) {

the amount of dumb stuff safari does

Like why do dropdown menus look like they're from iOS 6

go to the upload page and you'll see

Works good

wholesome

doesn't work

now I need a browser that doesn't support prefers ecology scheme to test that part

Ugh

i want to tinker a bit with the stage manager on osx but haven't found anything in the xcode sdk, can somebody give me some suggestions on where to look for? no frameworks/headers found..

can you PR por favor

you won’t find any there since it’ll be implemented somewhere like Dock.app

Dock does most of the high-level window management stuff

i guess this calls for ida?

sure does

👀 any symbols already flying around somewhere?

it’d definitely need to be a separate flag, and default to gzip for the time being till I figure out how we can support it

honestly would really appreciate a dm.pl PR for it anyway and we’ll figure out the how can we make use of it part from there

ty

Wtf, @lime pivot dripped out in chariz merch?!

we stan zst

openbsd added zst support to gzip

Elu

or was it freebsd I forget

FreeBSD

common free BSD W

FreeBSD has had zstd and libzstd for a while

uwu Elu

cotton isn’t liquid bro

lmao

thanks

🤓

yea we do

its there if you use a functional OS

lmao

DISK PARTITIONING

https://github.com/BBaoVanC/bobashare/blob/538de65b5a75ec481cd1774f83755cbb37217f51/bobashare-web/src/views/display.rs#L179-L220

some of the ugliest code I've written

No

You're right

dpkg wont work with a compression format it doesn't understand

he did? I didn't get an email

What language do you recommend for writing CGI programs in?

(Common gateway interface, not computer generated imagery)

41 min ago

https://github.com/theos/dm.pl/pull/21#issuecomment-1306434880

no idea why I didn’t get an email

@grave sparrow could you match the compression algorithm unless is not one deb expects and you fallback to one that it does?

Tbh, I’ll have to sit for a couple hours to understand Perl again

I feared as much

And I fear Perl

I was going to write my manpage thing in Perl

Cause I've been looking for a project to learn Perl for

Just read this
https://www.perlmonks.org/?node_id=663393

Got it working, the solution: install it via macports

stallman arc

I heard Perl is horrible

Stallman is a lisp guy

Iirc

Yeah, cause emacs

perl is cancer

are all app store apps encrypted with fairplay?

pedophile arc

yes

well

the uninstallable system apps aren’t

Music, Tips, Magnifier, iTunes Store, Books, Podcasts, etc

This is dev nvm

@grave sparrow help

trying to run task_for_pid on an app from a trollstore root binary

but it still wont work

i got (os/kern) failure when i tried to run it as mobile/501 and when i ran root/0

?

its a user app

like google drive

im a rerd

get-task-allow

that one?

i think its task-for-pid_allow

it was task_for_pid-allow

Nov  8 12:40:35 not-iPhone TrollDecryptHelper[14617] <Notice>: [trolldecrypt] root helper go, uid: 0, gid: 0
Nov  8 12:40:35 not-iPhone TrollDecryptHelper[14617] <Notice>: [trolldecrypt] pid: 14588
Nov  8 12:40:35 not-iPhone TrollDecryptHelper[14617] <Notice>: [trolldecrypt] Got task port: 5635 for pid 14588
Nov  8 12:40:35 not-iPhone TrollDecrypt[14616] <Notice>: [trolldecrypt] spawnRoot returned: 0

macOSversion=$(sw_vers | head -n2 | tail -n1 | cut -c 17-)
verscheck=$(bc <<<"${macOSversion} < 10.14")

if [ "$verscheck" -eq 1 ]; then
  echo "[!] macOS version too low"
  exit 2
fi

there's gotta be a better way to do this, right?

You can grep the specific line and awk the second column

Another way to check versions would be to sort (with version flag) and check if 10.14 is last

For starters sw_vers -productVersion

i was able to do this, but idk what to do after this unfortunately

use vm apis to find the macho in memory then dump it to a file

you should be able to get the aslr slide somehow and proceed from there

check out opainject source

thats what im doing rn lol

this seems like it should be easy

either its not or im just stupid

yeah i think its a mix of both

dumping the main binary should be easy, dumping frameworks of the app will be more complicated

should

do you know who youre dealing with here

I do

do you have the allImageInfoAddress? @indigo peak

i think so

isnt it just

dyld_info.all_image_info_addr

https://developer.apple.com/documentation/kernel/task_dyld_info_data_t/1553256-all_image_info_addr

https://github.com/opa334/opainject/blob/main/dyld.m

just use the functions in this file then

ive been trying

im not that smart

well first get iterateImages working and print all the paths

yeah i got that working before

and then you find the path that's your main binary and well imageLoadAddress is the address in the process where it starts

I'm not sure how to find the size though

thats what ive been struggling with

getting the size

oh it's a macho

so the size should probably be in the header? maybe?

hm no

I mean worst case

1. scan app bundle directory for all macho/fat files, get the sizes from there

2. copy everything that's not a macho/fat (e.g. the resources) into some dir

3. iterate through the images in the process, find all of them by the path you determined in 1. and write them into the dir of 2

4. profit

hmm i think i can follow that?

maybe?

I wrote that in one day btw

yeah yeah flex on me

ive only written 20 lines today

and 15 were copied

@naive kraken how do you get the bundle path from a pid

i dont have a mac so i cant use mac specific headers

bruh just define the function yourself

i tried that last time

and the amount of shit i had to import

proc_pidpath

but that's also only the executable path

you would need to make the assumption that one path below is the bundle

but that's correct anyways

idk why it woudlnt work last time i tried it

but it works this time

i have developed an edit

iirc no

the one piece

Any know any decent class dumpers for swift for linux?

Seems to be, from the readme, as you need to compile swift and he mentions apple support

Ive been using jtool.ELF64 for obj-c, but no swift

this shit is so dumb

i want to give up but the thought of all 13 reddit upvotes id get is my motivation

happy birthday @lethal kayak

ty

Happy birthday

ask blacktop

@naive kraken progress!

there is probably some CoreServices api to launch an app in the background if that's useful to you

yep that's how it's meant to work

you can embed any extra libswift dylibs you need in Frameworks/ inside your bundle

I mean if you are just trying to get access to the decrypted binaries, I think suspended should work

just finished the app to realize the decryption doesnt work

im going to fucking kill myself

wym

"doesn't work"

like i finished everything

and its still encrypted

uhhhh

hm

I was under the impression that the app is running decrypted at runtime

but... maybe it's not?

wait maybe

just maybe

this doesnt launch the app

i just looked in cocoatop

and its not there

you need entitlements

which entitlement

<key>com.apple.springboard.launchapplications</key>
<true/>
<key>com.apple.backboardd.launchapplications</key>
<true/>
<key>com.apple.frontboard.launchapplications</key>
<true/>

just found that

pretty sure just springboard will work

FuguInstall has all of them

so when i go to install w sideloadly it doesnt say its encrypted like before

but the app crashes on launch

then you might have done something else wrong idk

maybe there is a crash log?

nope

oh wait, installing stuff through sideloadly often doesn't work because the app needs fixes

try installing it through TrollStore maybe

nope

i def did something wrong

I mean, there is a ton of stuff you could be doing wrong

oh 1000%

im surprised i was even able to make a functioning gui 😭

for instance, do you decrypt all machos/fat's in the app?

i believe so

ur sideloading imessage?

nvm that was capt’s message

it's about app decryption with just trollstore

by getting the task port to an app and reading the memory of the process

what happens if you put the binary in ida @indigo peak

probably nothing unusual

@indigo peak dump some common app like idk twitter and send me what you dumped, also comparing it to a known good dump could be benefitial

bet

lemme isntall twitter first 😭

send it here

why are you a real developer using hopper

oh right

you don’t have native ida

we get it you have native ida

you know who else has native ida now?

https://tenor.com/view/regular-show-my-mom-shirt-swing-trash-talk-bye-gif-5037821

cellebrite paid?

(certainly not me )

me too

yea

you can just buy ida home it’s just as good now

I mean, need it for work and such

same

only 365 usd

fr

thanks cryptic

this

@faint timber real one

IDA 8.2 >>

thanks cryptic

thanks capt for ruining it

we do a little trolling tho

cryptic made another crack?

@grave sparrow I'm bringing galaxy into the disassembler clique

ida 7.7 is publicly leaked

ida77.tar.zst 🥺

@naive kraken https://drive.google.com/file/d/1BJfyCMZY_VLx8Nr8vsrTQ9zVdQh4qAnf/view?usp=share_link

what did you make it in

that's encrypted

don't know what you did, but it's not working lol

objc

damn

who need

arm only?

both

facts

awooga

send ples

I think you mean capt’s cdn is our gdrive

not pro? cringe

why would i need pro

idk

i can do pro with that

who need

is that crossover 22

what happens if i send this in here

I knew this at one point

nothing

I feel like it doesn't matter

do yall tell aaron ⁉️

no

we’d never tell @shut stag

true

hello nebula

gm nebu

i’m not here

oh

okay

https://intjemotes.llsc12.me/intj/intjfall.gif

https://twitter.com/r0_crew/status/1487091022576431108?s=61&t=ittBDi9cjcLsAQYBA0VDrg this is public anyway

ugh i have to join the telegram

ah I remember now, you need XPC_CONNECTION_MACH_SERVICE_PRIVILEGED for stuff inside /Library/LaunchDaemons on macOS

mac or nah

no

ida77.exe.pdf

bc i already have 7.7

nobody has mac

u have to pay

don't think it matters that much on iOS but best to use it

hello @itsnebulalol you have 60 seconds to verify you are not a robot

congratulation you now know my phone number

i think

idk

idk if telegram shows that publically

add me on telegram

it does

tr

idk I don't think this flag has any effect at all on iOS, at least I was able to both use and not use it at one point

@naive kraken could this work on iOS 15?
https://github.com/paradiseduo/appdecrypt/blob/main/Sources/appdecrypt/dump.swift

no

why

i hate telegram emojis

pretty sure it needs kernel rw on iOS

this doesnt even work on macos

only thing i could imagine needing that is either mmap or mremap_encrypted

didn’t ask

mmap doesnt need kernel rw

@indigo peak for what it's worth, I don't think your code does anything because the Twitter binary has the same changed date as the other files

i'm sorry, i will look respectfully

how to you even check if a file is a binary

did you figure that out

wait no that makes sense

because im copying all the files

yeah

you need to copy everything not a binary

and keep some sort of table of all binaries with their size

and get the data of them from the process memory instead

and then write that data to the files instead

it has the entitlement com.apple.private.skip-library-validation

which as you know

doesnt exist on ios 15

it does exist

isn't that bc it has to map a unknown library

well yeah

but apart from that, that's not your issue

u dont have to

it just like

doesnt

(I think)

u just get the task port and memcpy?

whats ur code

from time import time, sleep

def add(num1, num2):
    start = time()
    sleep(num1)
    sleep(num2)
    return int(time() - start)```

Yeah and?

Time to write an injector

@grave sparrow What does Substrate injector even do

oh well

i give up for now

fuck this

Show code

why can't they just put all the tweaks in DYLD_INSERT_LIBRARIES

it loads dylibs in /Library/MobileSubstrate/DynamicLibraries based on the filter plists and that's it

o

cause of the filter plists and stuff

i just closed literally everything

show code

btw if you want to make an actually good injector I have some ideas to improve it

nfr

sure

but I don't remember them rn

lmao

lmk when you do

So basically I dlopen all the libraries?

@naive kraken so mremap_encrypted & mmap should work on ios 15 right

ye

no the former doesn't work without kernel rw

Very strange

But okay

idk but "Iridium" needs kernel rw to decrypt apps

https://github.com/Lakr233/Iridium

i saw this i hate this

i already have the best function hooker

it hooks everything

this app doesn’t even work

better than libhooker too

it does

libhooker fails to hook NSPopAutoreleasePool

it's what I'm using to dump my apps

works on like half my devices

even with the same setup

yeah it only works on my X 13.7

lol it never worked for me

that’s funny

Lakrware

coom

swift is the best language for low level development ngl

would this work https://github.com/p0358/bfdecrypt

i dont see anything that would hypothetically require krw

im right

my code is so clean + you cannot hook NSPopAutoreleasePool + ratio

I think the biggest idea I had was the following: in whatever injects the loader dylib you do a basic sanity check whether anything at all filters the process and if not, you don't inject the loader dylib in the first place. (this is possible by parsing the machos, sample code is in choicy, it's probably beneficial to cache this for all dylibs / plists). One thing that cannot work this way is filtering for classes (old substrate feature) so you should simply not support it. Then one additional thing: Make a filter key that tells the system to only inject the dylib if any other tweak gets loaded. Also making a filter key for all applications because atm most tweaks solve system wide implementation injection by filtering for UIKit, BUT that will make the dylib load into several daemons that link UIKit AND there is some weird obscure App Store unity apps that don't link UIKit so the only way to guarantee your dylib gets loaded into all apps in todays environment is to specifiy com.apple.Foundation and just accept the fate that you get injected into tons of daemons too.

this uses dylib injection, which is possible but you'd need to CT sign the dylib with the same team ID (requires generating a custom cert for every app) as the app store app every time and then use opainject to do the injection

so a new filtering spec

when theres no new jailbreak

just make an additional key

i agree but nobody will adopt

this will be the libhooker API 2.0

Is this another “easier said that done” moment

I mean, yeah

Oh hey btw did yall notice how the only reason LHHookFunctions exists is so coolstar can allocate a single page for the orig functions

your option with the task port is as easy as it gets (if it works)

This is such a stupid reason

You could just reuse the same page every time

But nooo, you have to switch to a new API

as long as it's possible to fall back to old behaviour when not using your injection thing, people will adopt

this isnt about people adopting tbf

i needed a good injection library for macos because @grave sparrow isn't releasing zefram

yeah I mean it's about making things right lol

true

zefram doesn't really exist

I would suggest you just make a seperate key in the plist and then it would be compatible with both Substrate using old behaviour and your thing using the better one

WHAT

so whats the reaso

like idk { Filter = { Bundles = ( "com.apple.Security" ); }; Extra = "PlsOnlyInjectIfAnotherTweakIsAlreadyLoadedThx" }

why is she not using the same page

lolllllllll

can u send the list of 500 functions

i want to compare

you called LHHookFunctions once right??

wait

in a foor loop?

ok but thats gonna go out of the page

I see

what if you hook 3 functions

Yeah that should batch the hooks

does it use the same page

whats 12 - 7

capt why does libhooker itself not support hooking 1 instruction beyond 128mb

everyone is soooooooooooo lazy

why

it does the same thing ?

i benchmarked too

its hardly slower

very close

i just crash the thread and restart it

i wouldn’t know

not a big overhead

leviathan does thankfully

@grave sparrow send 500 function list

no its just crusty

https://jazzyemotes.llsc12.me/emotes/jazzyPeek.png

why?

it even works on sandboxed ios!

thanks

crashing a thread and restarting it is just inherently crusty

dunno it worked for me

ill test again

https://tenor.com/view/jebem-ti-mater-gif-19889327

it worked when debugged

wait so I can just crash my app in all svc calls and set an exception handler that gets executed instead of the syscalls

i might have checked wrong when not debugged

yes

yes

i've done that before

I wish I knew that in 2018

https://github.com/opa334/syscallintercept

ive done your mom before

you are turning into c*pt

not yet

i know where to draw the line

https://tenor.com/view/gif-gif-19491841

[redacted]s at the taco place spared no expense when making mine

bless them

@grave sparrow they do work on sandboxed ios

what if i did a thing where you run an exception handler that restarts your app when it crashes instead of leaving the process

passes both tests

the first checks if it starts and the second checks if i can set a variable after crashing a thread

why does your testing ui look this good

swiftui

nvm then

i am a pro swiftui dev!

this ui is really satisfying

I'm a shit UI dev, the only thing I'm good at is making preference bundles

u should learn swiftui

swiftui is seggs

it's worth it bro

tell that to amy

idk I will learn it when there is a reason for it lol

trollstore is a pretty good reason

I'm certainly not rewriting that in swift ui lol

(or am I?)

amoung

based ui

good

same

the results are good the performance just sucks

oh boy

why can't i hook posix_spawn

didnt you say you want to make good ui tho

is it because it's in launchd

as long as you don’t somehow end up fighting it, swiftui is pretty powerful

maybehaps