time to go make dinner

can someone hook me up with an ipa of the latest Twitter?

can I hook/reroute a C function from a standard binary? i need to patch out a check in a private framework that i dlopen, in a function that is not exported

currently i'm doing it from my tweak, but that gets dicey with setuid binaries apparently

• i dlopen PrivateFramework A from my (helper) binary
• i call function DoStuff from PF A
• function DoStuff calls function CheckThisProcessAgainstWhitelistedProcessNames
• my process name is not in that list

i want to hook CheckThisProcessAgainstWhitelistedProcessNames, but ideally independent of my tweak.

yea

well i wouldn't care if it weren't due to that fact that that binary runs with setuid, and in order for my tweak to load i have to dlopen substrate or something, except i have not managed to get that to work cross-hooking platforms

yes, and DoStuff is exported, CheckThisProcessAgainstWhitelistedProcessNames is not (but is a defined symbol)

i just want to ensure my end user can use whatever

yea

my other obvious option here is to split up the binary into the setuid parts and the non-setuid parts, which luckily i can do because all interactions with PF A will just be from a LaunchDaemon, but i'm not sure i want to have two helper binaries

this makes sense

how am i supposed to use MSHookFunction, theos is supposed to take care of linking for me right? i don't have to dlopen substrate or anything?

ic

ok this is great

i will try it tomorrow

along with fixing my makefile shenanigans

ty

ic

oh while i have you

if i need (the same) a function from different dylibs on different iOS versions, is the best option avoiding compile time linkage and dlopening and checking for the existence of the symbol

great thx

i mean

i could spend the extra effort to solve for non exported symbols

and reduce my dependency to a single dylib

did not know that

yikes

maybe i should stop being lazy and stop using dlsym for 26 constants

NSStrings

they're just keys that will never change so not much of a point

i guess i could use whether it solves or not to know whether it's supported on the OS

meh

my program execution already takes 1-5 seconds

SEP slo

on the other hand some of the constants are handled by the server so this would slightly backfire

no it's BCert shit

have you heard of BCert

delay OTA requires attestation from SEP which is sent to Apple Server and you get a certificate (BCert) back, which is given to TSS with your TSS request

that's To Be Investigated, i did a stupid with my device and restored back to 15.6 RC

nah i got a much more mundane and sad reason

this is the best idea on how to check SEP version

as far as i know, no one has discovered anything better

i would know for sure if i had reliable logs

but the last time people actually engaged in wide-scale logging was 14.3

and with my geniusness, i spent 30 minutes trying to checkra1n an iOS 15 device, gave up and restored to 15.6 RC because i thought DFU was broken, and then midway i realized checkra1n doesn't work on iOS 15

it's ok, i just have to futurerestore with 15.6 RC blobs and --latest-sep again

ez

i wouldn't know

this is the first day i used ios 15 on a (my) phone

iOS aesthetic is nice, however i am a committed android user for at least the next 2 years

¯_(ツ)_/¯

christ it's 1:43

time to play some Overwatch instead of doing my assignment

@native dune I should be able to get you an iOS 15 (and maybe iOS 16? though untested) checkm8 build of libhooker this weekend that you can drop into palera1n

dladdr is a pain 🤦‍♂️

yes

either this or you can probably also use stuff in Security.framework to get it, TrollStore already uses that to get the entitlements

/cc @naive kraken

@shut stag happy birthday big man

use "SecTaskCopyValuesForEntitlements" pass in a array with key "com.apple.developer.team-identifier"

the return value of that is just a dictionary pass in the key again

https://share.boba.best/ios1561frameworks.7z 15.6.1 extracted frameworks from dsc

if anyone wants

thanks @gentle grove

Found it, kSecCodeInfoTeamIdentifier from SecCodeCopySigningInformation
@indigo peak take a look at https://github.dev/opa334/TrollStore/blob/118ece9c87e788db8d31baef742e57e816d646b5/RootHelper/main.m#L422 and https://github.dev/opa334/TrollStore/blob/118ece9c87e788db8d31baef742e57e816d646b5/Shared/TSUtil.m#L449 but instead of the entitlements dict you want the team ID

and instead of kSecCSRequirementInformation you want signing info

Does libhooker (15) work with rootless path? I have a 16GB Air 2 and am interested in it.

would be great, if it works i could get @marble perch a palera1n rootless build for procursus testing

and then we’d know that rootless tweak injection works

gm shel

she’s

shep

autocorrect moment

my autocorrect dictionary is all fucked up idk what happened

shel

Shep is now Shelia

Always been a she

fr

what's the ios alternative for mach_vm

tbh rootless already works there’s just no tweak injection

i don’t think you need tweak injection for testing procursus

not really

@native dune u jailbroke on ios 16.1.1?

yea

with which jailbreak?

my own

ah gg

Does palera1n have working setuid on 15 rootless?

will stable diff actually run on a 14 pro

or do you need an m1 chip

i think u should be able to do inference on cpu/gpu/tensor cores aka coreml

i can't believe i can run it on an 8gb m1 macbook air with pretty great results

~30s an image

THANK YOU

I LOVE YOU SO MUCH

[trolldecrypt] teamID: 2R6PE3P379

:)))

SecStaticCodeRef getStaticCodeRef(NSString *binaryPath) {
    if (!binaryPath) return NULL;

    CFURLRef url = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, (__bridge CFStringRef)binaryPath, kCFURLPOSIXPathStyle, false);
    if (!url) {
        NSLog(@"[trolldecrypt] failed to create url for %@", binaryPath);
        return NULL;
    }

    SecStaticCodeRef codeRef = NULL;
    OSStatus res;

    res = SecStaticCodeCreateWithPathAndAttributes(url, kSecCSDefaultFlags, NULL, &codeRef);

    CFRelease(url);

    if (res != errSecSuccess) {
        NSLog(@"[trolldecrypt] failed to create static code for %@: %d", binaryPath, res);
        return NULL;
    }

    return codeRef;
}

NSString *getTeamID(NSString *binaryPath) {
    SecStaticCodeRef staticCodeRef = getStaticCodeRef(binaryPath);
    CFDictionaryRef signingInformation = NULL;
    OSStatus result;

    result = SecCodeCopySigningInformation(staticCodeRef, kSecCSSigningInformation, &signingInformation);
    if (result != errSecSuccess) {
        NSLog(@"[trolldecrypt] ERROR: SecCodeCopySigningInformation failed with error: %d", result);
        return NULL;
    }
    CFStringRef teamID = CFDictionaryGetValue(signingInformation, kSecCodeInfoTeamIdentifier);

    return (__bridge NSString *)teamID;
}

works perfectly

That’s not white, but there’s an api for gray color

Aric overrides whiteColor to be grey

so capt is saying to just call whiteColor instead of colorWithRed:green:blue:alpha: repeatedly

the leading message just above the code feels like a youtube video Intro

https://developer.apple.com/documentation/uikit/uicolor/1621944-initwithwhite?language=objc

i send my sh script here in morning, is this like a place where people can review ur work?

No

oh okay

https://github.com/mineek/PongoOS/commit/a179d4f93bba2b9d9b02f74f032c4a75ab916557

W, thanks

oh thanks

i thought i was doing wrong cuz it instantly gets killed

pastebin exists dog

joebin

anyone know how to fix this?

the binary that uses mach_vm and it gets killed instantly

it kinda looks like this

and i copied the whole header lol

becuase they're piracy....

I'll do the response ahead of time, "it doesn't work"

no crash log, what my code does is just reading some memory values to get the game score

also it is jailbroken ios 14.3

wdym

it doesnt read the memory address from itself

it reads another process' memory

getting the score from game

yeah

kay wait

#include <iostream>

#include "vm_mem.hpp"

using namespace std;

const uint64_t SCORE_OFFSETS[6] = {0xBA5D70, 0xB8, 0x20, 0x140, 0x358, 0x2CC};

const uint64_t MAX_ADDRESS = 0x7fffffffffff;

int main(int argc, char *argv[]) {
    Process *process = new Process();
    kern_return_t kret = process->Open((char *)"A");

    if (kret != KERN_SUCCESS) {
        cout << "Failed to open process" << endl;
        return 0;
    }

    uint64_t base_address = process->get_base_address();
    cout << "Base address: " << hex << base_address << endl;

    uint32_t score = 0;
    uint64_t current_address = base_address;

    for (int i = 0; i < 5; i++) {
        current_address =
            process->Read<uint64_t>(current_address + SCORE_OFFSETS[i]);
    }
    if (current_address > MAX_ADDRESS || current_address < base_address) {
        cout << "session not started" << endl;
        return 0;
    }
    current_address = current_address + SCORE_OFFSETS[5];

    cout << "Calculated address: " << hex << current_address << endl;
    score = process->Read<uint32_t>(current_address);
    cout << "Score: " << dec << score << endl;
    return 0;
}

and for vm_mem it's basically from https://github.com/push0ebp/osx-mem-hack

wdym 'yourself'

like without the vm_mem thing?

ah i used it because i was too lazy to use the mach functions

welp it cant even print the base address

is it signed? 😭😭

yop

with

my dev acc

with what entitlements...

ah

nothing

....

oh wait right

im dumb

@grave sparrow

i need to enable get-task-allow thingy right

no

i dont use theos

i used cmake

😭😭😭

im sorry i made a stupid mistake lol

see 7 drinks Cam is good at this

it is running as root tho

anyway yeah imma try signing with that entitlements

hmmmmm

your process is leaked

yayyyy

oh right lol

use destructors fr

Process process;

problem solved

@grave sparrow gorn!

literally get the base address of that process

yeah right

strange actually

but it works tho...

who is that

1. literally at the start
2. i dont know since it crashes even before it prints the base address
3. yes i tested it

yeah kay

it literally can't even print anything

like this right

and sign like this right

ill --force it --deep in your mom

yeah i already did that lol

atm should i just use theos

wdym

kay

it doesnt work

atm i wonder can it even run the normal hello world program lol

OH

man I'm dead

☠️

https://tenor.com/view/kyrie-manimdead-gif-10266916

i... wanna cry now

yes...

works very well

@grave sparrow do yk how i would convert a openssl command call into libssl C code

useless

fuck you

@grave sparrow ifi do ldid -S -M -kKey.p12 binary , would it be possible check if the key.12 is actually codesigned to the binary

-K

not -k

@indigo peak https://github.com/openssl/openssl/blob/master/apps/req.c#L232

Read idiot

he doesn't read

bro

found that out earlier

i dont know what im doing

okay

the Katri flag

https://tenor.com/view/travis-scott-astroworld-apologize-gif-23759664

heh

So hopefully this is the right place to ask if not I’ll head over to the support section but, I’m trying to run an iOS 15 app on iOS 14.4 I’m jailbroken with Fugu 14 unc0ver. According to my crash log I’m missing the AVFAudio framework.
Is there a way to import this framework and others into iOS to enable newer apps to run?

yeah just replace the dyld shared cache 100%

Lmao I guess in laymen’s terms that’s basically a no

pretty much yea

I see according to Apple this was implemented in 14.5 which is annoying

🥲

if you do a shitload of patching maybe

technically possible but not really worth the effort

Annoying, oh well nothing that can be done I guess.
Thanks for the answer in any case

you could do it with odyssey

idk about taurine

fr

Can I get an account on chariz.com?

lmao. I have ideas

Is there a tool to decrypt iPAs without jailbreak on macOS ?

https://github.com/evelyneee/ellekit

:3

Oh that’s unfortunate 🥲

I saw this https://github.com/paradiseduo/appdecrypt

Or this tool for something else ?

yes it’s on the readme

The injector doesn’t handle OS versions in tweak plist?

i didn’t know that was a thing, how does it work?

apparently yeah https://iphonedev.wiki/index.php/Cydia_Substrate

didn't know that either

@tepid olive how does ur tweak injection thing work on ios 16.1? are u jailbroken with palera1n or??

public func MSFindSymbol(_ image: UnsafeMutableRawPointer, _ name: UnsafeRawPointer) -> UnsafeMutableRawPointer {
    dlsym(image, name)
}

so that's why MSFindSymbol kept dying

oh yeah

forgot to do that

i’m currently doing launchd dlopen code

is it safe to assume this is just a placeholder?

besides MSFindSymbol, my tweak works on iOS 15 with ellekit

now the next frontier is rootless

it is

It's a placeholder because I needed to focus on other things

alr

trying to figure out allocating a c string in launchd

lol

oh fwiw i got 2 errors while building (it could be my skill issue):
Logger is available on 14.0 and up, which i fixed by changing the deployment target from 11.0 to 14.0 in the places where it was 11.0

and on lines 75 and 127, target and replacement in the logger call are ambiguous

i just commented that out

I forgot to push it

the classic

well just wanted to make sure you were aware if you weren't already

nice work

done!

it can

nothing is preventing you from using dpkg-deb -b or theos dm.pl lol

smh i needed to write a wrapper script to convert a bunch of android drawables to svg

in other words i'm trying to get icons from apks

added a loop so i can do multiple apk dirs in one command
works

another app i didn't know i needed

added what?

Check out simject for ex.

i just named the most common ways debs are built

any ios stable diffusion benchmarks?

apple seems to imply it should run on phones

i don't know why you keep asking

there are tons of them on the app store now

i figure an xr can't run it

was curious about results on a 14 pro w a neural engine

https://drive.google.com/file/d/1en4tg8dR4tFaiWrVVtcv4tKPswltTOvP/view?usp=sharing

every ios 15 binary from DSC analyzed & decompiled from ida

bnR3ZXJrODMyMCRBZ2F5UDBybjkzJSU=

anyone know how jb apps work on XinaA15

appears that those dropped in /Applications won't be autocorrected, not sure what the new directory is though

gorn

trolley

He does --instdir=/var/jb

His "compat" is not some complicated, intricate system

Does DSC usually produce fully analyzable binaries? Trying to compare that with DyldExtractor.

the binaries are from dyld extractor

i just wrote a python script to batch analyze it then waited like a day

thanks i7-13700K

Oh cool

wholesome

fr

Captain Craze

@grave sparrow @hasty ruin

jaskldfjalsd;fjkjlkjkl

💩

@primal perch Is it from the latest master commit of DyldExtractor?

yea

mhmm

and idaobjctypes imported for each db

https://github.com/PoomSmart/IDAObjcTypes

Ok consider Preferences.framework
From your pack

From my own analysis

nice hearing someone actually using my stuff!

is this with ida loading the module itself from the DSC

I extracted the binary using DyldExtractor then threw that into IDA

btw mine is from 15.5 iPod 7, still don't think that would make differences

did you use krit's fork or the mainline one

mainline

ok same

15.6.1 12 mini

hm

ok I guess that's a difference?

should be like the same

the arm64e mightve done it

arm64e though

yeah

whats the assembly of yours

regardless its probably pacibsp and autibsp

that confused hexrays

that or it just didnt find the method

idk

might not be a bad idea to redo it with arm64 i didnt really think about that

its definitely a bit easier to analyze

weird brk too

Ah yes people comparing their assembly

I've now seen it all

depending on my motivation after i do my homework ill throw the iphone X one in overnight

Will I need to manually uicache -p /var/jb/Applications/BadgerApp.app in postinst then

tbh, packages should be responsible for doing their own uicache clearing these days

don’t forget to do it in postrm as well

wondering if I should make zebra 2 intentionally not run uicache making it the package’s responsibility

??? uikittools does it

Xina needs to fix his jailbreak

We have a trigger to $(MEMO_PREFIX)/Applications that runs uicache -a

like asking devs to use entitlements responsibly 😭😭

they just don't lol

And a correctly built uicache will have -a scan /Applications and $(MEMO_PREFIX)/Applications

Can people using xina jailbreak put that in their nickname so that I know to ignore their stupid questions

What's the point of "compat" if everything is still broken 💀

"bUt tHeN DEvS dOnt hAvE tO uPDAte TheIR tWEAks" yet they have to update them to work around the complete breakage that the "compat" created

we don't care about the long term here 💪🏼💪🏼

man I’m so out of the loop lately I forgot this is even a thing

compat with the compat lmao

I guess some people don’t quite realise till it’s already been done that they just made the existing thing but with extra steps

and now I need to trust that your code works, and that you’ll fix it quickly if it doesn’t

less is more

fuck stack overflow, we got chatcpt now bitches

With MVC, the goal is to have view controller communicate the model, either through a controller or directly to the backend system. The view controller would be presented somehow. Backend system shouldn't know about views and windows.

They follow that for most part

well than follow whatever design that the system you are hooking uses

If you are just trying to change what the UI does on wrong password then sure

well ofc it does

you didn't need to disassemble to know that it calls shake

FUCK thank you

idk why I just saw this now

that’s why it wasn’t working yesterday 😭😭

(it doesn't work but I'm not sure why)

it just says bad integer value even if I put an integer scale

Can someone help me with some MySQL bullshit ? I cant stand it. This is about that project i was talking about here previously

Basically i have 4 tables: Devices, Reading Timestamps, Air statistics and Soil statistics.

The plan is to Save the timestamps when the readings were made with the device, and then the air and soil statistics attached to that

I have no f idea how to explain it. I hate mysql with all my passion

What i want is to someone just tell me what data types i should put in and all that stuff

might slip a month of nitro to whoever helps whenever i finish this bs

don't need nitro but why 4 separate tables? or did you mean 1 table with 4 columns?

Requirements...

yes, i know, but again, i dont make the rules

I need atleast 4 tables and i just didnt know what data to put in them

and if i decide to change that arrangement now, i basically have to redo half of my documentation about it

spreadsheets also exist

ouch, yeah then you'd want to start creating relationships between the tables. The "Devices" table presumably holds some sort of unique identifier (primary key) and extra information, you'd preferably want to use that as the foreign key in the other tables to create the relationship between the data.

(assuming you get a reading per device)

The devices table has info about the device name the reading was done from and the IP address of it (cause its probably going to be a bunch of ESP8266s and theyre wifi MCUs OR arduinos with eth shields)

Reading Timestamps has, well, reading timestamp and the interval between the current and last one

Air statistics has info about air moisture, air temp and air pressure

Soil statistics has soil temperature and soil moisture

assuming you can use the IP as a "static" / unique field (device retains the same IP every time it connects), create a foreign key to that in the other tables; Otherwise opt for the device name to be the primary key of your devices table and use that as foreign key.

the other tables will essentially get another column, but when you think about it, you enter data row-by-row, so whenever you do/receive a reading, you can simply ingest the data into MySQL by first registering the device if necessary and then simply using the chose primary key as the foreign key while inserting the rest of the data into their respective tables.

that way when you perform a select across the tables to retrieve (f.e.) all data from IP 192.168.0.100 (some ESP), it'll try to fetch all associated data

The plan is to set them to static IPs yes, and if im using arduinos with eth shields, i think static was pretty much the only option for those

ESP are a bit more forgiving

using the ip as primary key was just a suggestion, you can use whatever suits your case best tbf.

in regards to data types, you can go the lazy route and just everything non-numeric to varchar and the numeric values to double. For precision you can condense the IP field for example to be char(15) since an IP won't be beyond 12 chars + 3 dots

(granted its ipv4)

you might want to read up on the difference between char & varchar on your own for further education & knowledge, it's definitely good to know why they're different

       if (!strcmp((char *)path, "/Users/nand/dumper/build/libdumper.dylib")) {
         syslog(LOG_ERR, "Found correct dylib, dumping..");
         dyld_image_info dylib_info = infos->infoArray[i];
         vm_offset_t header_addr;

         vm_read(task, (mach_vm_address_t)dylib_info.imageLoadAddress,
                 sizeof(mach_header_64), &header_addr, &count);
         mach_header_64 *header = (mach_header_64 *)header_addr;

         syslog(LOG_ERR, "magic: %X", header->magic);

         size_t image_size = 0;
         // sizeOfLibrary(header, (uint64_t)dylib_info.imageLoadAddress, task);

         mach_vm_offset_t lc_offset =
             (uint64_t)dylib_info.imageLoadAddress + sizeof(mach_header_64);
         load_command *lc;

         syslog(LOG_ERR, "Load address: %08x\n", dylib_info.imageLoadAddress);

         syslog(LOG_ERR, "log: %i", lc->cmd);

         for (int i = 0; i < header->ncmds; i++) {
           kern_return_t err = vm_read(task, lc_offset, sizeof(load_command),
                                       (vm_offset_t *)lc, &count);

           syslog(LOG_ERR, "Load command: %i size: %i, vm_read: %i", lc->cmd,
                  lc->cmdsize, err);

           lc_offset += lc->cmdsize;
         }
``` im trying to load a dylib that dumps itself to later on dump others, ive taken a look at the mach-o format and the load commands should be right under the header but the cmd values are immensly big, err is always 0 and the cmdsize is always 1, can anybody point me into the right direction?

https://github.com/aidansteele/osx-abi-macho-file-format-reference

The load command structures are located directly after the header of the object file then that should be correct, no?

https://github.com/cxnder/ktool/blob/master/src/ktool/macho.py#L394-L427
yes as you can see, it starts parsing at offset. offset is set to header.SIZE meaning the end of header

but im doing exactly that 😢

a basic question guys. i want to hide the flashlight and camera icon on the lockscreen when playing a song or something else which is a media.
when settings the hideFC to true, it hides the two buttons. but the script doesn't registered when playing a media.

#import <Tweak.h>
#import <MediaRemote/MediaRemote.h>

bool hideFC = NO;

%hook CSQuickActionsView
- (void)didMoveToWindow{
    %orig;
    self.hidden = hideFC;
}
%end

%hook SBMediaController
-(void)setNowPlayingInfo:(NSDictionary *)arg1 {
    %orig;

    MRMediaRemoteGetNowPlayingInfo(dispatch_get_main_queue(), ^(CFDictionaryRef information) {
        if (information) {
            hideFC = YES;
        } else {
            hideFC = NO;
        }
    });
}
%end

@ocean raptor the headers wont compile for openssl

like i copied the files from lib and include

into theos lib and include dirs

and when i include a header, a million and one errors happen

I need more information than that

Idiot

I have never met someone with the developer role that I like

(except maybe kirb)

also

req_main

doesnt exist

in the headers

💀

No way you just said that

i did

and ill say it again

(no i wont)

Obviously?!!! req_main is from the command line tool openssl, it's not part of libssl

so do i also need to put the apps dir into my project

💀

I meant for you to read req_main to see a how the certs are generated using libssl

bro im slow

idk how this works

THATS WHY I SAID TO READ REQ_MAIN

NOBODY EXPECTED YOU TO KNOW HOW TO USE LIBSSL, BUT WE EXPECT YOU TO BE ABLE READ DOCUMENTATION AND EXISTING CODE TO LEARN HOW TO USE IT

i give up

capt face reveal

https://cdn.discordapp.com/attachments/[redacted]/[redacted]/IMG_9613.jpg

@ocean raptor hm

also can we update yt-dlp pls

?????

😭

I'll delete the cache and rerun

Which will take a while

?????
😭
I'll delete the cache and rerun
Which will take a while

Try now

time cook on his way to remove the next port

Power buttons are an unnecessary entry point for water to seep into the device’s internals. For this reason, we have decided to make the courageous decision to remove it from our new generation of iPhones. You can use tap to wake and auto lock as a replacement for all meaningful functionality. For anything else, go fuck yourselves

Power buttons are an unnecessary entry point for water to seep into the device’s internals. For this reason, we have decided to make the courageous decision to remove it from our new generation of iPhones. You can use tap to wake and auto lock as a replacement for all meaningful functionality. For anything else, go fuck yourselves :glad:

Also the volume rocker had the same issue so we removed it. You can instead go into the CC and slide the little bar up or down

people are getting cramps when reaching for the control centre

we've decided to remove it

and you can use assistive touch instead

(or siri, if you have no hands)

Also you have to use hey siri cause no power button

ok but what if

they replaced the volume rocker with a wheel

It's a volume ball that's magneted to the side of the phone and when you drop it it falls off

thanks

will test in a bit

am I the only one using mac procursus?

joe is

I am

who is joe?

joe bama

what is obama's last name

hi

anyone know how to get every notification (on MacOS)?

like through cocoa or smth

Power buttons are an unnecessary entry point for water to seep into the device’s internals. For this reason, we have decided to make the courageous decision to remove it from our new generation of iPhones. You can use tap to wake and auto lock as a replacement for all meaningful functionality. For anything else, go fuck yourselves :glad:

average apple announcement

true

Lol

@lime pivot @marble perch @native dune I pushed libhooker 1.6.9-1 to the odyssey repo which should fix the crash on iOS 15 w/ checkm8 (ported over the launchd fix from cheyote)

took me a bit longer than expected since I had to remember things about stuff I haven't touched in months (ok I got distracted a bit too)

I'll do a rootless deb next, but that should get you libhooker up and running for now

If you would get a rootless deb working, can you give me it aswell? I would like to add it to my local rootless thingy

/etc/rc.d/libhooker is not signed properly for iOS 15 (der entitlements etc)

need to use Procursus ldid

and although it doesn't crash, it doesn't work either, and /etc/rc.d/libhooker exit 0 as soon as it says Starting libhooker

1.6.9-1 right

development

real

i am pro dev because i am on palera1n team so i need developer role fr

what you may also need is a reality check

true

libhooker for ios15👀

Yes

i use it

so it should work on 15 rootful now?

fuck it i’ll install it lol

doesn’t seem to be working, maybe i’m doing something wrong

• uninstalled substitute, safe mode, and prefloader
• installed LH and it’s depends from odyssey repo
• userspace rebooted
• ran /etc/rc.d/libhooker without root, outputs no tfp0 / checkm8
• running with root says starting libhooker
• respring, no tweaks injected

the tfp0 patcher doesn’t work on 15.7.1+, but that doesn’t stop substitute from working

later i can try manually patching tfp0

i could test it on my 15.7.1 device maybe it’s a 16 thing

@native dune might need to run updated ldid on the bins since I forgot to

oh i only ran it on /etc/rc.d/libhooker

i’ll try that

got further this time

ios 16 by the way, i’ll test 15 when i get home

@plain python what’s the launchd fix?

hum

oh ok

still need ldid

ugh

a

Palerain with ryzen cpu?!

i’m pretty sure libhooker assumes you have tfp0 when there’s no jbd

hgsp4 >> anyways

Would some kind person write me a safe mode tweak that i can use

a safe mode or a tweak thatll throw you into safe mode

the former

why not use the libhooker safe mode

BSD-3 Licensed

looks like it needs a few path changes for rootless though

cuz it’s ugly

it's literally an app with a message bro. 😭😭

also i’m not gonna use someone else’s code for it

it also depends on many strange concepts

like adding an app to uicache every time

Yeah that would be new code

I’ll just do it myself fine

talk about reinventing the wheel

god bless fragmentation

I cannot get arm64e to compile on Ubuntu with WSL

redefinition of module std_config and could not build module 'Darwin'

theos?

Yes

you're only looking for attentioooon

https://tenor.com/view/metal-gear-rising-gif-24986826

yall ik i sound stupid but anytime i try run this on my mac it gives me unexpected end of file, with fi it says syntax error near unexpected token fi

anyone know how to fix this

ask chatgpt how to fix it

nvm they're down

try elif instead of else if

https://devhints.io/bash

wll do

github release is crying

i have edited latest v1.1-alpha release 9 times

the old y/n prompts worked fine but 10.13 has BASH3 and they only support BASH4+

also apt on macos is hardly the same as apt on ios

livin in a world where an unjailed system is hard to jailbreak fml

Skill issue

Simply stop making bash scripts

@ocean raptor I know you like shell scripts

?

Put it into shell check or something

i did not know that rxisted

thank you

i promised macos jb i will make macos jb

csrutil exists

fi crashes script on macos

among other things, jus let me have a project

what

no it doesn’t

well

it gives syntax error

on 10,13

ok

maybe because BASH3 and not BASH4

if you had a kernel exploit it would be cooler

so write it in bash3...

all the shit online is bash4

ok

so write it to be posix complaint then

if you aren't then switch the shebang cause it's wrong

what do i switch it to

bash

this is shebang i use on everything

yeah it's wrong

your scripts arent probable

so sh is wrong

lemme check my bootjb shebang

POSIX works on newer macos too?

like 11+?

😐

They are calling disabling sip a "macOS jailbreak", I wouldn't expect them to be intelligent

oh

fair enough

thats ban worthy

its not only tha

Incredibly based

man just wants to occupy some time

no, the issue is that you didn't close your if statements

Why are people so dumb

that seemed obvious

like it said right there

like the most basic part of scripting

i closed the statements

now it has 1 error and its some parsing shit

i put fi on every other elif statement but it has a parsing error with this one

you need to learn to google

and to read

i have googled it

i also googled it

i found the answer in the first result

they have a padoru avatar you need to use smaller words

what did you search

Whats the character length of a sha512 hash

64 ?

i just searched "^-- SC1089 (error): Parsing stopped here. Is this keyword correctly matched up?"

64 bytes, so 128 characters (if hex representation)

ah

alr

this it?

that is too complicated for my smooth brain

How can I start my daemon in a TrollStore app? Since the iOS 15 filesystem is sealed we can no longer add them to /System/Library/LaunchDaemons/.

Maybe it's possible to run them temporarily with fork() and execve()?

Maybe you would've had a easier time with openai

there is no fork

you have no PPL

lemme try the palera1n discord one

unless it does idk I was under the assumption trollstore doesn't bypass PPL

i have nothing to tell you if you're not even willing to put in the basest level of effort.

Why do you need to bypass PPL?

to use fork

ah I see

i am trying to

i just dont understand some of this stuff

is my second time doing stuff in bash

You have to interact with launchd api to tell it to start a daemon

posix spawn trolling

can't use it because I need the code to be run even after closing the app

I was going to say you can posix_spawn your binary on another thread

to my surprise fork does work but doesn't make use a new pid

What device are you on?

A12+?

A15

yes

If it's not making a new pid then it's not actually working

Daily annoucement: I hate SQL databases

yes, fork() returns a new pid, but doesn't actually fork the process

[DaemonTest] Running
[DaemonTest] pid: 659
[DaemonTest startDaemon] spawning, pid: 659 ppid:1
[DaemonTest startDaemon] forked, fork_pid: 660 pid: 659 ppid:1
[testdaemon] pid: 659 ppid: 1

So just say it didn't work

yes

are there any resources where launchd api is being used on ios?

seems like the launchctl binary has been removed

i don't think its been there for a long time now

everyone just used a pirated one from somewhere

where can I get it?

yk what fuck these if statements im just gonna make it run either way

from another jailbreak perhaps

Yeah, leaks

it work fully yay

https://github.com/ProcursusTeam/Procursus/tree/main/build_misc/launchctl

much appreciated

also, what does 1400 1500 etc mean?

cfver

got it

hm it throws an error

I used ldid -s beforehand

there is an absurd amount of entitlements required

so I'm just going to assume you did not use those

and you are correct

do I copy entitlements from MacOS?

or from somewhere else

you copy the entitlements from the procursus repo

https://github.com/ProcursusTeam/Procursus/blob/main/build_misc/entitlements/launchctl.xml

didn't see them

thanks

who make multitasking15

fr

maybe it just in a plist

ipad ultitasking

i thought building procursus stuff does the entitlements already

didn't build it

just took the bin

you can't read build it anyways

just repackaging

oh there's a bin

i didn't read build_misc lel

yeah write an open source launchctl

that would be very cool

@ocean raptor is it just me or does pro macos keep complaining about conffiles being modified when I haven't touched them whatsoever

as in natural upgrades from one version of the original distributed files to another

How I can start developing tweaks for iOS 15 Xina A12+ Jailbreak?

your mom

its telling you not to use the jb, with that same logic, why would support be provided for something not recommended for anyone to use

I know Java I’m learning C++ now but alright I’ll wait till full release and when it’s recommended. Thanks.

anyone know any good tutorials for SceneKit development (macOS)

im trying to move a model when a key is pressed but idk how to move the node in the first place

I can’t get ssh working on xina, I can’t even test making tweaks 😭

I also can’t even get xina to work anymore

rip bozo

nah fr tho

rip bozo

Hmm, weird

Does anyone have a good starting point for porting node.js 16 to ios?

I stumbled upon a node package, but it's only node 12

Can’t you just build it for arm64e?

haven't looked into it yet

Will pick it up later today

That explanation makes way more sense, thanks! 🙂

XinaA15 seems to use iphoneos-arm I guess that has to be changed by Xina?

Hmm okay, Xina is really busy rn working on "something". I will just support rootless for now (iphoneos-arm64)

Thanks for the info

help

Translate this to a language that a human can understand

Why cant i use mongo

Sorry for the ping but this is what im doing right now

DeviceIP in the Devices table is a PK, and i have a Device FK in both SoilStatistics and AirStatistics

And now, for whatever reason, i cant f connect them

captware

Capt when he makes malware

(every program he writes)

Capt be making more malware than 4 me utilities

say the magic number with a letter after it

all good g, we're here to help after all. Can you show the DDL used to create the table?

let me just export the entire DB as a .sql file rq

all of the data there is placeholders

What i did in the start was set an auto_increment deviceid as the PK, but realised that its a pretty shit way of doing it

tried changing the PK to the IP and now its this

going by the error and assuming how the table looks, you might be missing the actual device which the data is trying to reference.
also please start fresh instead of modifying existing table layouts if it's not too late. You'll avoid unnecessary complications/ oversights

do check this:
https://stackoverflow.com/questions/21659691/error-1452-cannot-add-or-update-a-child-row-a-foreign-key-constraint-fails

Got it to work...

Yea i just created the database from scratch

as i said, there were only placeholders, so dont really care about the data that was on it

i ttink imma make another tweak

ong no way it gorn guy

true

With launchctl the ppid of daemon is the main binary's. Any way to make it a child of another process so it doesn't get killed once the app is closed?

Eg. the app has pid 950 and starting a daemon results it having ppid also 950

heyyyy

😭😭😭😭

inject it into my veins

what?

there’s only me doing it

I’m not copying you

I needed a solid hooking lib for macOS

Ok?

libhooker was 2 years ago

who copied it

what are you talking about ryan isn’t making anything

mine works better

u can’t hook some functions

@grave sparrow give me the code

source?

what’s ur better idea then?

I made it the fuck up

So?

It’s the fallback method

No

we need launchctl

It just has no symbol finder

Atm

That’s like 2 hours of work

@grave sparrow i strongly doubt zefram works better

then again, what does it matter, zefram will not release

when i’m done with launchd it can fully replace libhooker

and this is probably happening soon

@naive kraken if I grant launchd CS_DEBUGGED with kernel rw and patch posix spawn so it loads tweaks that are signed with the apple root cert, could tweaks work without amfid bypasses

fugu15 users can use the coretrust vuln sooo

no, tweaks need to be injected in Trust Cache (and maybe also the trust level of dylib vnode has to increased to static trust cache)

if you can do that then you do not need an amfid bypass, correct

but for doing that, you need to handoff everything (krw, PAC bypass, PPL bypass) to another process

or rather, to launchd

besides, idk if you can get CS_DEBUGGED with just krw

But that doesn't matter like this solution can work but you need PAC + PPL bypass as explained

I envision there being a daemon that registers for file events in /var/jb and manages trust caches automatically (it needs to ensure that all processes in it are always in trustcache)

taurine does something like that

yeah on iOS 14 it's definitely possible

but idk about 15

@grave sparrow sucks to suck

Some C nerd around? How do you install clang? I find it nowhere

sudo apt install clang

In Windows?

https://www.wikihow.com/Install-Clang-on-Windows

Another q, might be phpmyadmin related not the actual DB, but, why is it showing the IP 2 times

and yes ik airhumidity and airmoisure is the same fr

Keep in mind that the IP is the PK now

BUT before this, when i had that A_I DeviceID as the PK, it showed the ID AND the IP for whatever reason

Also that daemon should inject to the TrustCache as well.

I mean, that's what I meant

Would be really nice to have something like this. As for tweaks, patching launchd will do the trick?

probably

If I, say, flat out delete the binary of a user installed app, if the app is offloaded (not deleted) and then reinstalled through settings/app store, the binary is added back correct

don't ask why i'm asking

actually now that I think about it

it's probably better to just fake an empty container in fs for stock, and when jb use the actual container

troll

less sus since in stock app shouldn't crash, just appears to never have been open

and still can access all data in jb

i forgot this channel existed

gm

@lime pivot can you add the BEGIN_DECLS stuff to all the theos/headers headers?

I know sandbox.h needs it

can you pls?

your mom

💀

how bad of an idea would it be for a package manager to instead of using apt to install the deb, to instead download it and dpkg -i url on it

seems like a fairly stupid and bad idea, but not sure of how bad it would be to do

dpkg doesn't do depends

@primal perch can i use slight code from birdpoop in gameseagull

wait really? lol

yea

i do not give a fuck

sick

literally use it all

you did not consult scoober.

LMAO

he also does not give a fuck

hes a sad boy now like jynx

he's too busy smoking crack

i updated ChangeMethodOffset to work on iOS 15

¯_(ツ)_/¯

hell just take the code and relist it and sell it

if you update it have the money idc

so real for that

ill give you the twickd acct

if you will actually maintain it

im deadass

twickd don't pay taxes it don't matter

how much does it rake in nowadays

will it be worth it

nothing cuz i delisted it cuz i gave up

im not gonna sell a broken app

well, if youre interested

yeah try it, won't grab depends

void HookMemory(Class class, SEL selector, uint64_t offset, uint32_t data) {
    void *final_offset = (void *)[class instanceMethodForSelector:selector] + offset;
    
    struct LHMemoryPatch patch;
    patch.destination = final_offset;
    patch.data = &data;
    patch.size = sizeof(data);
    patch.options = NULL;

    struct LHMemoryPatch *patches = malloc(sizeof(patch));
    patches[0] = patch;

    LHPatchMemory(patches, 1);

    free(patches); // love you shepgoober <3
}

its not even taht i gave up on its just that the 2.2.4 update broke offsets and idc enough

theres prob like a million and one ways for it to work better

I'm not sure what sileo does

can't remember

but it works, so im not changing anything

i got work and school now i cant be assed to do anything but brainless discord in my free time

productivity requires effort

congrats on being the only tweak in existence using LH api

so real for that

bffr

also you didnt free the malloc

so youre not real for that

TRUE

yet you still can't figure out how to use openssl

use std::unique_ptr

or rust

@primal perch check edit

fixed

use zig

fr

so wohlesome

https://ziglang.org/

also it takes a pointer so you can just like

do &patch

no wait thats not how the api works

but you can make the struct on the stack

i just got it to work

im not changing anyuthing

if it works

it works

okay

okay

no yeah you can do &patch

no wait you cant

ok im done my brain cant handle this

i fell off

void HookMemory(Class class, SEL selector, uint64_t offset, uint32_t data) {
    void *final_offset = (void *)[class instanceMethodForSelector:selector] + offset;
    
    struct LHMemoryPatch patch;
    patch.destination = final_offset;
    patch.data = &data;
    patch.size = sizeof(data);
    patch.options = NULL;

    LHPatchMemory(&patch, 1);
}```

yes you can

holy fucking jesus

that was like 3 nested loops

crack cocaine.

so real

I swear I could drink a whole bottom of cough syrup

that shit is so good

yes

this will work

SO REAL

incredibly based

fr

@azure sail

ban JetV#9045

eat gorn

yum

Is it theoretically possible to fix battery drain issues on early versions of iOS 15?

Using tweaks of course

care? license who?

If you know what cause it and if it’s possible by runtime modification framework that we have

dont think they were talking about you (?)

Are the chances of the second happening high?

Of course there’s no way to tell, but usually these issues are caused by iOS right?

do they happen without tweaks

Not yet. I’m on 15.4, which has battery issues on SE 2022. Was just wondering if it would be theoretically possible to fix once jailbreak comes out

15.4.1 was fine on my device

15.1 sucks for battery

literally got an hour less each day after going from JB 14.3 to stock 15.1

go to 16.1

15.4.1 fixed it

Anything <15.4 is a buggy mess

16.1.2

i’m waiting for 16.2

same thing

9.3.5 👉👈

rip bro

go to 15.7.1

@lime pivot

Version & By are borked on iOS 15

true

anyone know how to properly exit a preinst if something goes wrong

exit 1 doesn’t seem like the best idea since it’ll temporarily break dpkg

exit 0 💀

chatgpt 😂

#!/bin/bash

Perform some tasks

Return a zero exit code to indicate that the preinst script completed successfully

exit 0

😁

moment

they really hand out dev like candy

dev is for plebs but i want it

ah yeah good point

needs to try calling dpkg in /var/jb/usr/bin/dpkg

makes sense

that was a wet shit

fr

i'm not sure i want to open this

would you just need to change all calls to /usr to /var/jb/usr

yep

do u want me to pr it

Make sure to do it smartly so that it checks the non var/jb paths first

yeah

i am checking

i cant find libMobileGestalt.dylib tho

what would be the best way to do it

like

if ([fileexistsatpath: path]) {
  // use /var/jb
} else {
  // use /
}

no thats slow and bloat because it uses objc run time

use system calls only

if (access(file, F_OK)) {} ?

is that like the better way to do it

uhh better

but that uses a syscall wrapper adding an extra call

you gotta use inline asm

Fiore doesn't know how to use libssl, no way he knows how to use asm

i mean it is kinda hard bro you have to like

isntall the library

and type -l

AND include the header

already forgot the steps fr

@primal perch do i have to use asm

or can i jhust use HBOutputForShellCommand

https://github.com/hbang/libcephei/blob/main/HBOutputForShellCommand.m

oh you thought i was serious

bro

i trusted you

i gave you my trust

and you violated me

i cant

blocked

but like no joke tho, would access be better than HBOutputForShellCommand

use the most generic api

so [NSFileexists blah blah ]

.

fuck you

im using access

i

its like an extra 10 nanoseconds but yea ok

can you join vc

i can

i need to call you a slur

i dont think i will though

https://media.discordapp.net/attachments/688121419980341282/1050704880165191690/ezgif-4-356ae84c4b.gif

update cephei

to work on ios 15

bc it makes calls to binaries and dylibs in /usr/lib

and not /var/jb/usr/lib

but

ios 14

isnt rootless

so id need to make a check

please do not assume ios 15 == rootless

i could not care less

theres a reason im checking for the path

and not the version

yeah just check /var/jb

if exists then probably rootless

THATS WHAT IM DOING

your input was not needed at all

make sure to check that /.procursus_strapped or something doesnt exist

ok

@primal perch @grave sparrow should i put a global check

for like an extern

thats IS_ROOTLESS

globals bad

and it just checks for /var/jb exists & /.procursus_strapped doesnt exist