#development

this doesn't work without bypassing userland pac

so your fugu needs to be at least advanced enough to do that

This is still kind of an alpha stage. I never aimed for tweaks at all, I needed only a terminal emulator running (as I need that for work etc )

the main issue with fugu I have is there is no way to give other processes krw

otherwise I could literally take what I have already and get tweak injection ez

the latest one still respring loops on 14.3 :/

https://pastebin.com/Nxvepfjx smh

does anyone know if theres a way to open any app using a url scheme, without actually having to add a url scheme to that app

like does ios have anything kinda like open-app://bundleid

closest i could find is making a shortcut that opens an app and shorctuts://run-shortcut?name=ShortcutName, but i'd prefer not to have to open shortcuts in the middle

@lapis vessel I think the issue is what happens when both files don't exist

it will still return the /var/jb one then

the crash happens because instead of checking whether the path I get actually exist I just call dlopen on it and check what happens

and apparently when cfprefsd tries to do readlink on /var it crashes just like on iOS 15

this is really dumb but a simple additional check will fix this lol

Yeah I mean my reasoning was that if neither exist, then it really doesn't matter what you return

And dlopening a non-existent file is fine too, it just returns NULL

yep but as you can see in the crash log, it calls readlink

and cfprefsd is a very picky process

it has some weird sandbox profile that makes it crash on certain sandbox violations

Oh that makes sense then

Not really anything to do with rootless support if neither file exists anyway

yea

Why are we still using rootfull on 14.x?

We could use /var/jb there too

Good question: taurine is open source after all

Does ellekit support iOS 14?

CaptDecrypt

No gawk and zip obviously

Of course

Btw, if you are adding an awk dependency to a package please do depends: awk, that way people can use gawk or mawk

Or (eventually) one-true-awk

capt gorn

https://www.youtube.com/watch?v=0uzynaLi4Tg

where

wtf

capt decrypt

where did you get plist buddy from

I think the only package that has that is darling?

ok this better work ill try it on my SE

i should get latest youtube ipa anyway

@restive ether listen to tool rn

that won't work cross platform

cross jailbreak I should say

aaand its dead

it was at 80% like 3 days ago

this standby battery is terrible

eh

no i dont think i will

hacked fr

wtf

thank you microsoft

on my 450mbps wifi

nvm even better

gotta love consistent download speeds

fr

Dude it’s a pain downloading msfs

First of all the installer is so shit

yea

I had to run my installer overnight it’s the only way

i just got game pass ultimate to try and so far im not having a good time

use my fucking WIFI OMG

The thing with the installer is

If you limit ur wifi speed it goes faster

But it’s still bs

oh jesus

using mullvad took me to 55mbps

ok

makes sense

lol

ill take it at least

hours instead of days

whose is throttling the connection is my question

ive never had anything else throttled before so maybe its microsoft filtering IPs idk

apple.com gdrive and microsoft downloads are always like full 450mbps

interesting they would they do that, but I can believe it

intjfr

Hi everyone what programming language does tweak development use?

Generally speaking, we use a superset of objective-C called theos, although its possible to use swift, with the orion runtime

close enough

arm64e assembly

Are any tweaks working with ellekit yet?

i was mostly referring to theos being a superset of objc

gorn

@grave sparrow /usr/local exists for a reason btw

doesn’t it

if it doesn’t then ignore but that’s the “bsd/unix” way

local programs go there

like non package manager ones

self compiled etc

How do I force a tweak to run after SnowBoard ughh

SnowBoard deletes badges if label is empty and lowercases the label so I gotta find a way to run after it

but everything i tried isn't working

i dlopen /Library/MobileSubstrate/DynamicLibraries/Snowboard.dylib and /usr/lib/SnowBoardBase.dylib and that didn't seem to work

changed name of dylib to ZZZZTweak.dylib, didn't work either

im noob at dlopen but i dont think anythings wrong here

after this I do some ctor stuff and %init some groups

threw /Library/MobileSubstrate/DynamicLibraries/Snowboard.dylib into hopper and seems to dlopen SnowBoardBase.dylib with RTLD_LAZY but I don't think I should worry about that since it probably dlopens it when the dylib is loaded which i think should be before badger now(?)

yeah caps is correct

well im not

which is why im confused af

hmm

put a NSLog after the dlopen

It appears "[SnowBoard Launcher] Loader check passed. Loading SnowBoard..." is logged slightly before the NSLog, so it is loading SnowBoard beforehand

Strangely though, snowboard does inject afterwards though into... a 1.1.1.1/WARP plugin of all things? That's not SpringBoard though, just some random plugin snow for some reason injected itself into, so I should be fine right?

SnowBoardBase seems to hook _createImageForText:font:highlighted: (the main focus for me rn) but seems that that method is called in _checkoutImageForText:highlighted: which snow also hooks. Maybe snow is doing another check for isEqualToString:@"" in _checkoutImageForText but I don't know why it would be hooking _createImageForText:font:highlighted: then because to my knowledge that's the only place where _createImageForText:font:highlighted: is called

nevermind, just threw snowboardbase into hopper again and this is probably the issue

NOPE nevermind still doesn't fucking work 😇

ah wait

%orig() is calling the snowboard version

which removes @""

that makes sense

is there a way to call the orig function even after snow has been loaded

well i guess i could load a dylib before snow, have that get the orig method and add it as a new method, then on the dylib ran after snow, call the added method so I never use %orig

that just seems like a bad idea though

may have some negative side affects since none of the stuff snow did in that method would happen anymore

wtf captware that actually works

took like 4 mins but it worked

because you put smart quotes silly

use normal quotes

is that a joke or real

idk but in his message he put smart quotes

hopefully not in the actual command in terminal

no theyre plain

these are plain quotes?

in teh command

blah "normal quotes"

grep “Mach-O”

see the difference

https://tenor.com/view/we-are-gunna-kill-you-sponge-bob-squidward-squidward-meme-im-a-winner-se-my-prize-gif-25631410

you have to go outside for that first

yes

@lime pivot any way I can tell theos to just repackage the files already cached in .obj instead of recompiling them?

my script relies on modifying them and this used to work but now when I run make again they just get recompiled

hm, there might be a flag for make itself that will skip all file rules

can you run that script in after-stage:: by any chance?

no

the script is

that would likely be a bit less annoying than trying to force make to do what you want

1. compile arm64e slice with xcode12
2. copy it elsewhere
3. run make clean and make all other slices with xcode11
4. use patched lipo to append xcode12 arm64e slice to all libraries in .theos/obj
5. run make package again to make the final package

but the last make package just discards the changes

this used to work 2 years ago

i feel bad for tweak devs

maybe I can just invoke dm.pl myself

yeah hm. it has to be because flags will be different, and Theos does add a md5 tag to objs as a trick to ensure they get recompiled with the changed flags

hmmmm wait I have an idea

which is technically correct because make is supposed to rebuild objects only when an input has changed, and flags are an input

yep, worked

the last make has to run with the same flags as the previous one

that was my issue

ahaaa

(it doesn't really matter because it doesn't compile anything)

well, although I'd want to encourage a cleaner approach, if it works it works

well my script still doesn't work idk

but at least this doesn't seem to be the issue anymore

this is how I do it for Alderis https://github.com/hbang/Alderis/blob/main/build-fat.sh although I had to include two entirely separate binaries and symlink the right one in postinst

that's just Swift problems though

/Users/opa334/Desktop/Entwicklung/Theos/Crane/Source/packages/com.opa334.crane_1.3.3_iphoneos-arm/data/Library/MobileSubstrate/DynamicLibraries/CraneSupport.dylib: Mach-O universal binary with 3 architectures: [arm64e:Mach-O 64-bit dynamically linked shared library arm64e] [arm64:Mach-O 64-bit dynamically linked shared library arm64] [arm64e:Mach-O 64-bit dynamically linked shared library arm64e]
/Users/opa334/Desktop/Entwicklung/Theos/Crane/Source/packages/com.opa334.crane_1.3.3_iphoneos-arm/data/Library/MobileSubstrate/DynamicLibraries/CraneSupport.dylib (for architecture arm64e):    Mach-O 64-bit dynamically linked shared library arm64e
/Users/opa334/Desktop/Entwicklung/Theos/Crane/Source/packages/com.opa334.crane_1.3.3_iphoneos-arm/data/Library/MobileSubstrate/DynamicLibraries/CraneSupport.dylib (for architecture arm64):    Mach-O 64-bit dynamically linked shared library arm64
/Users/opa334/Desktop/Entwicklung/Theos/Crane/Source/packages/com.opa334.crane_1.3.3_iphoneos-arm/data/Library/MobileSubstrate/DynamicLibraries/CraneSupport.dylib (for architecture arm64e):    Mach-O 64-bit dynamically linked shared library arm64e

finally

note to future readers: ios 15 arm64e slice has to be the last one or else it doesn't load on xina

Is this something mitigable from Xina JB side?

it doesn't work at all

I wrote this too early

in contact with Xina now

How can I install it?

I tried running the .sh file but it gave an error

It's only for developers atm

The release will be around Christmas

Ohh okay

Sweet

LMAO

this is just so pathetic

now waiting for xina update so I can finally push the Crane update

Concord was supposed to be released around last Christmas

and look where we are

and I can’t even work on tweaks anymore, my phone got repaired and they gave me a new one

Fucking iOS 16.1

concord

wtf that

nfr

concord geape

geape

grape

Just do the tweak dev in macOS

Buy a M2 Mac

😲

trolley

was supposed to be a discord theming tweak

but then I gave my code to zoey

for enmity

@digital helm

I never ended up finishing the prefs (if you couldn’t tell)

at least it has prefs

react native fun fun fun

does this binpack work on 1700

Yes

ok then

minos 14

Hi, what private api class has the grid dimensions for home screen? (or app count on a page)

Hi is tweak development compatible on windows?

under wsl yes

see this https://theos.dev/docs/installation-linux

Thanks trying to help revive this community 🤗

@grave sparrow is it cool if I relicense launchctl as GPLv3 (maybe 2 idk)

It's a different license

That's not BSD-2-Clause

Relicsnse under the Do What the Fuck You Want to Public License

The everyone but WilsontheWolf license

Is it possible to get Screen Time data usage in an app using private apis?

yea

How?

idk

its possible tho

trol

there's a way to get it on mac

but that file doesn't exist on ios

weirdly enough, there's a similar database in system / library / application support / usagetrackingagent / .db .
Looks pretty empty though. The database seems to only be maximums but no actual data stored for how long the apps have been used

Tweak for videocall !? Like Vwallpaper back in days
On : repo : idanstaface

Is it possible for someone to make a tweak for video where we can put a video as a ringtone like back in days and put custom video for each contact

I changed my mind, I feel like being nice and copyleft is not that

@opa334#7695 Do you know what tweaks are built with the /var/jb prefix?

@opa334#7695

doesn't no one build rootless tweaks yet

i mean i have a rootless build of my tweak somewhere but that involved fucking with theos slightly

@naive kraken

bad ping somehow

mine

CCSupport, libSandy

that's it probably

lol

rootless malware, lovely.

I'll port quickactions and prefsloader when I get home @tepid olive

tf is SchoolTime.framework

That's in the apple watch

ah

school time

slay

Awesome

Where are they hosted?

bigboss

captware

BigBoss has a rootless dist??

bruh no

So where is the iphoneos-arm64 package hosted

my tweaks just respect /var/jb if it exists

that's all about them that's rootless

Wait but where are files installed

xina jb auto installs everything in /var/jb instead of /

Ugh

I would want the real rootless package

Guess I’ll build stuff myself

Hey

I’m trying to change spotlight app container background color

No matter what I do it doesn’t work

It’s suppose to be a really simple code but I guess I’m doing something’s wrong

%hook SearchUIMultiResultCollectionView -(UIColor *)backgroundColor { return [UIColor redColor]; } %end

What am I doing wrong?

how would one go about dumping macOS headers

dumping headers is a PG-13 act
do you have parental supervision?

ktool works wonders yea

is the filter right. it runs in a separate app from springboard

is there a way i can embed my package version from my control file into my code, through a define or something

i tried -DPACKAGE_VERSION=\"$(THEOS_PACKAGE_BASE_VERSION)\", but THEOS_PACKAGE_BASE_VERSION isn't set until packaging time

or maybe i can do the opposite? set the version in the control file from a variable in my makefile?

i just want to have one place to control the version tbh

maybe just make a build script that parses your control file and you pass that as -DPACKAGE_VERSION

probably some better way but idk

in that case i should just copy and paste the code that sets THEOS_PACKAGE_BASE_VERSION

probably the least crappy way tbh

export PACKAGE_VERSION := $(shell grep -i "^Version:" "layout/DEBIAN/control" | cut -d' ' -f2-)

good enough

Objectshit-C™️

can ldid sign w a mobileprovision file

you're supposed to drop the mobileprovision into the ipa

it's not used for anything else

you need the certificate and the mobileprovision

a p12 cert?

Yeah

You might need to do some conversion/ combining with openssl

How, you literally just export a p12 directly from keychain access

cross platform

cp embedded.mobileprovison Payload/Whatever.app/
ldid -Kkey.p12 -Sents.xml Payload/Whatever.app
zip -r 
ideviceinstaller -i Test.ipa

captware

what is the symbol that represents stdinput in bash?

im dumb and forgot

ik its %0 or %1 in batch

andrew tate

cancer constellation is a crab

rust uses a crab mascot

coincidence?

https://tenor.com/view/i-think-not-coincidence-coincidence-i-think-not-i-dont-think-so-gif-22491031

no it's not? https://github.com/zbrateam/Zebra/blob/ab95c5ddac259e62587ab771fd8e1a7a116f8644/Makefile#L27

are there any open source tweaks written in swift?

thank you captapp @grave sparrow

Is there manual way to put subject on top of lockscreen clock like iOS 16

search github for swift ios tweak

quick question, why is it when you want to make a function in obj-c, it essentially has the syntax of making two functions?

Like I'm doing the fraction example of the learn obj-c in 24 days

[myFraction setNumerator:2 overDenominator:5];

this is wacky

Obj c is wacky

because all arguments are named

Ik but the second argument has essentially two names

- (void)setNumerator:(NSInteger)num overDenominator:(NSInteger)denom;

Are you saying that the second argument has the name overDenominator and denom?

Is it just for visual literacy or is there an actual purpose

num and denom are the names used by the function itself

right

when you are calling it, you replace them with values

That makes naming conventions very wacky

lol

I tried using Swift but my tweak doesn't hook

I used the Vlc example from the orion wiki right? but when I install the tweak, it doesn't hook vlc

orion is broken

@fathom snow make your tweak using the ellekit swift package

ezpz

ok muchas gracias

where’s docs

https://github.com/evelyneee/ellekit

ok

overDenominator is the name of the variable, so you can like “label” your code or some shit
And denom is the actual value that you’re passing in

it’s wacky, but once you get used to it, you get used to it

thanks, figured it out, i have to add it after including common.mk

I appreciate it

huh what’s broken

Just press compile and your problems will be resolved. Not hard 🙄

mpv is giving me grief

what framework would SBPasscodeNumberPadButton be in?

i didnt find it in telephonyui

or in springboard

did you try googling it and maybe clicking the first result

because it's right there

i forgot google existed again

average jailbreak dev

no this was just driving me insane trying to find the object name

h

source told me to hecking decompile it myself

how would i figure out how its size is calculated?

@zenith hatch
https://github.com/arandomdev/DyldExtractor/tree/dyld4Beta

maybe works for split dyld

shall i try it with ios 15

why not

tell me if you find libSwift_Concurrency

cockurrency

mf you trapped me

3 hours remaining

fuck you

L

anyways now i have (i think) mach-o files

Lmao can't you filter it

filter what

What to extract

its fine

sweet

now send it to me i wanna do something stupid

gimme £50

Umm, why not just grab it from Xcode?

wait you can do that

how

i feel stupid

rf

The one extracted from dsc won't load btw

But the one in Xcode will

Are you talking about the sim binaries

Cause it gets bundled in apps that use swift concurrency on older targets

No

O

ah yep

Well time for find /Applications/Xcode.app -name libswift_Concurrency.dylib

Just like how libswift.dylib is bundled in apps for targets before 12.2

Concurrency was added in 15

Yes

01:18:09:926 [ WARNING ] stub_fixer.py:174 : Unable to find dependency: b'/usr/appleinternal/lib/liblinkguard.dylib\x00'

The concurrency library is available for if you use it on targets before iOS 15

interesting

w

well, i have a 7 on 14.2

so

whats coreparsec

@frail cedar how can i go through all the shit in the extracted dyld contents and make headers

its apparently where Siri Suggestions records are stored

oh

i have no idea

oh

good

yes

dang

so I got libswift_Concurrency in the right place

but now the error is Library not loaded: @rpath/libswiftCore.dylib: image not found

and I'm guessing @rpath is in dsc?

if this finishes ill send you the entire dyld extract

half an hour remaining

im trying to get artemis working on 14 by just manually placing required libraries

because my apple watch supports it

just the iphone doesnt

nvm

10 mins

what ios

💀

You need to add the correct rpath to the binary that is linking concurrency

ah

idk how you know what that means but ok

i dont

im trying to figure it out

ok I think I figured it out

so @rpath is what dyld is told where to find frameworks

because i'm on ios 14, libswift_Core has no clue what concurrency is or why artemis expects it to be at /usr/lib so it gives dyld nothing

I need to give libswift_Core the location for concurrency so it can be loaded properly

that right?

probably

but i can just

alright lets try

build the ios app for ios 14

(maybe)

true but this is more fun

im learning stuff

fair

and i dont have to do anything

👍

win win!

C:\Users\Donato Fiore\Downloads>"C:\Users\Donato Fiore\Desktop\libimobiledevice-windows-master\ideviceinstaller.exe" -i GameSeagull.ipa
WARNING: could not locate iTunesMetadata.plist in archive!
WARNING: could not locate Payload/iTunesMetadata.plistInfo.plist in archive!

anyone know why this is happening

the ipa has the 2 files

Those can be ignored

They are warnings not errors

it doesnt install anything though

done

@zenith hatch im officially developer

im develpoer

Umm, you can compile apps that use concurrency for iOS 12-14 using Xcode

yeah

Thats what this app does

It makes Xcode bundle concurrency bc I deployed to 14.2

so I can yoink it

Wow, you used a very basic Xcode feature

Yep

So now I'm figuring out how to load an image in the app

mama

@thanos.lol

whar

lol

fuck

mans designing a discord message

some true dedication right here

so the recommended decryptor for most situation is bfdecrypt?

aight

holy shit i've read through pins before but this has now become much more useful with what i've been recently REing, i no longer have to guess and check

these pins useful on god

Nice

You have iOS deb too

capt spamming

how about https://github.com/Lakr233/Iridium

I got it backwards

Its not that libswiftCore doesnt know where Concurrency is

its that Concurrency has a wrong @rpath for libswiftCore because the Concurrency dylib I have thinks it should be in concurrency.app/Frameworks

so all I should need to do is add /usr/lib and /usr/lib/swift to @rpath

wish there was an iphoneos-arm build of install_name_tool out there somewhere so i didnt have to use my mac

how do i figure out how the size of a ui view is calculated?

i see some auto scale object but i cant figure out what its doing

ty

adding /usr/lib/swift to concurrency rpath fixed the error

now I need to get an updated libswift Foundation and make it so only artemis uses it

sounds about right

debug server no work

you have to use the xcode one

for now

cam might've fixed itb

can't remember

I know he wanted too recently

Sbingner wanted me to do it in exchange for his launchctl source

So I decided to just write my own launchctl

one of our longest open troll requests

Is it included in the bootstrap?

not yet

it's not feature complete

a lot left

(so feel free to add commands)

Soon™️

The one we are using now looks like it (that's why I was wondering):

By the way I need tc on Procursus rootless, but can't find anything.

Who is we

Fugu15 users

Is it the one from apt.procurs.us?

It was included in the bootstrap

That's an iOS 13 one from some internal leak

ah

https://github.com/ProcursusTeam/launchctl

This is the new one

The goal is to be indistinguishable from apple's

makes sense

It won't be on the repo until I finish adding the rest of the commands

Rare tc user

Might take some months then lol

Nah, I'm pretty motivated

I got 17 commands done in 3 days

Yo, I actually found out to append things, but this can only be tested on Fugu

Sorry for asking, but are you an AI?

When I asked chatgpt to write a launchctl it said TODO: code to load a daemon

lol

Is ldrestart broken on fugu15?

I haven't tested this, hang on...

It works

cursed ldrestart

Need to still re-enter SIM pin

why do you have a sim pin lol

I have a traditional SIM card, not an eSIM

you should get an esim dog

don't gotta worry about ordering a new sim for updates

I've tried eSIM and found it amazing, but I'm using both platforms and can't solder it on one device. By the way does Sileo have any problems with postinst? Everything crashes when I install a package with a postinst script

no that's definitely a jailbreak issue

Only from sileo? Or from apt cli too?

Btw, make sure you are using apt.procurs.us iphoneos-arm64-rootless/1800 main repo

(The name will change in the future btw)

Sileo, for the most part, haven't had any issues with apt except some untrusting repo errors.

Try it from cli

If it happens from apt cli too then it's either a bootstrap or fugu15 issue

Otherwise it's a sileo issue probably

I'm fine with that, but for the normal user this might be an issue, as I had in mind to create some checks for fugu and tc just append the hashes on the fly with postinst in Sileo (in order to semi deal with amfi)

Wdym?

Are you adding triggers for /{usr/,}{s,}bin, /usr/lib and /usr/libexec to append to trustcache?

No lol path to binary

What

/var/jb/usr/bin/binary

Dpkg triggers

yup

Yeah, adding a dpkg trigger to catch changes to those directories

Was that not already included (as we are on rootless now)

tc can scan a directory

No, it's missing PATH

I think there's some miscommunication happening

Rootless dpkg supports triggers but we don't bundle one to add new binaries to the trustcache

I better method than a dpkg trigger is to write pspawn_payload that tells jbd to insert the cdhash of each binary that gets posix_spawn'd

tc path to folder will add dublicated entries in the trustcache and we don't want the cache to exceed the PAGE_SIZE otherwise it can't be used

Ok, pr the change so that duplicated entries will be skipped

Then you've dealt with amfi issue on fugu (semi)

L to people who don't sign repos

I didn't either 😂

What

If you make tc append to the trustcache while installing a package, you've semi dealt with amfi issue (that's what I meant), but in order to get things working, re-jailbreaking is needed (it works for me 🤷‍♂️)

This can actually be done for tweaks on fugu as well (when that time comes)

how to sign repos

what do firstcontact and batteryassembly do

ah makes sense

I see

gpg

liar I told you to name it that

@onyx ember instead of doing trigger stuff, you can also just listen for file events in /var/jb, I can send you a POC I made some time ago if you want

the biggest issue imo is however how to inject a trustcache from code, the Fugu15 foundation is a bit rough :/

what are you using this for

thanks tho it’s like the only rootless tweak that exists

there’s no tweak injector except mine

i just got it running and realized there’s no tweaks

i’m so exhausted of the community

rootless tweak injection is useless, nobody will ever switch

they will never

yeah just keep using compat hacks that don't work 💪🏼

@restive ether it’s so over bro

because of xina rootless will not work out

oh yeah I agree he fucked it up

It’s literally over

Everyone updated for xina

They won’t do it again

and it's not just the compat stuff

Only like 3 tweak devs would do it

it's just the fact the entire jailbreak sucks

between the lack of PPl, hacked up injection lib

@lime pivot Can chariz repack packages

Please

And host a arm64 repo

wym

Get rid of xina

Woeis

it injects shit into tools that use fork

in hopes they work

(they don't)

uses dpkg --installdir to force packages into the rootless prefix

which like never works

how exactly does it work

That’s the thing… it doesn’t work

incredibly accurate

Xina is just about as stable as putins mental health on deciding whether or not to launch nukes

Putin: oi nerd we have put nukes on standby
Also Putin: does nothing

Xina: yeah the JB works
Also xina: breaks completely when you do 1 thing

Spoiler alert: Updating for xina is basically the same as updating for real rootless, the only difference is the deb architecture and format

so going to a proper rootless environment is only a recompile away

I think the point is he added multiple layers of complications

dog doesn't believe in theos

not really tbh

just for bootstrap maintainers

@marble perch kill extrainst on rootless go ahead

not for normal devs 😄

until your tool relies on tools from pro

ah average mac dev

I can't imagine adding rootless / new arch support to theos is all that difficult

maybe I'm mistaken on the structure of theos

Since the 16th

where's the python rewrite

It’s complicated

just drop support for literally everything older than like iOS 12 ez

I’m trying (yet again) to get back to logos.py

cleanup cleanup

Capt are you a big fan of perl

i know

people will not do it

if there is no proper Fugu15 jailbreak by April I will start working on one

April is quite the timeline

giving others a lot of chances huh

all I need is weightBufs physrw

I will literally do everything else

lol

school is not a problem

don't trust this guy

an internship is

I probably will make my bachelor thesis about this jb then

but idk yet

two birds, one stone

zefram theisis

internship-
payment-

hahaha

How tf do you find enough to talk about to write a thesis that’s jailbreak related

see my twitter bio

not sure yet

you just fluff it up

Unless you have literally made a JB in the past or similar I’d think you would struggle

But I’m just some member one so what do I know

or what do you mean

ah

well I have an account

and I just test tweaks with it sometimes

ah

yeah

https://twitter.com/opa334dev/status/1576187153549496321

jbd running with krw

the only thing I couldn't get working was dylib injection because of detached signatures crap

but with PPL bypass it should be easier

F

GGs
Take long to figure out or nah?

it's an app using jbd to do krw

Is jbd open source?

another app before used mcbc to spawn jbd and pass krw to it

this is my own jbd

Ahh

idk

L

Bad dev

Opa better

then you pass krw to it

but getting there is not easy without PPL bypass

You make the other process create some kernel userclient, then make it return the mach port to the process that already has krw, then you get the proc of the target process, find the mach port there and apply the changes to make it do krw via krw

https://github.com/tihmstar/desc_race-fun_public/blob/main/Desc Race Test/Desc Race Test/common/KernelRW.cpp

no

no task for pid

rest yes

see the code

it's c++ so I rewrote basically all of that in plain C

basically what I did was pass krw to jbd once via XPC, then give jbd the ability to pass krw to anything that contacts it

so if I had code exec in launchd I could just tell jbd to give it KRW and that'd be it

when jbd dies

also to support userspace reboots unlike xina

there is some stuff you can certainly do

like spawn a detached process that stays through userspace reboots for instance and give krw to that temporarily

then hook exec to reinject your dylib into the new launchd

and then have the process give it back to you

i don't even know what mach_ports_register is

btw does exec spawn a new process or is it like execve?

ah

now everything makes sense lol

hmm idk enough about mach ports to know if this would work

yeah I mean that's what I mean

you have some IOKit object in kernel and a mach port to it

what happens to the object on exec

not really

its opensource what's confusing

I don't code in rust

https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3947/diffs

memory leak

Is there

yea

where

you didnt free reply

oh

https://tenor.com/view/rip-bozo-gif-22294771

better use rust

I will fix that when I'm done

There's only one thing to free

bruh I know how to use goto

don't make fun of me

im not

im saying that goto is easy to abuse

yeah

I saw it used a few times in render functions since there's like 5 variables to free though

@gentle grove how was the video

What video

gotem

pedophile

go to jail

oh

i fiixed it

https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3947/diffs?diff_id=1989178&start_sha=f344f4417985cd13c8fd4f5c2761760fffa76732

i should probably proofread it

how can i figure out the equation apple uses to calculate the size of the passcode keys?
i know class names and what the size is on 2 different ipad types (both were the same)

ive been decompiling the functions in the object but it doesnt point to anything useful

I'd rather devs be submitting their own rootless packages than us forcing their packages to be rootless

because then we'll be guessing that it works, which I don't want to do

most of the time it will but it takes just one hardcoded path for it to all be screwed up

Seems very out of scope and modifying uploaded packages reminds me of another repo

😬 yeahhh

Start whenever you can, I'll be glad to test things if you need that. So far fugu is a command-line based jailbreak with ssh and other cli based utilities. Alongside your TrollStore, this is a useable environment, but the missing puzzle here is tweak injection.

Thinking about doing this, makes me wanna skip (or use any effort to work on this), due to tweaks being somewhat themes and some hooking into processes to do stuff (related to that), I find that pretty unnecessary unless tweaks do something functionality wise, like patching commcenter or installd, otherwise I don't use tweaks that much either.

What’s actually wrong with fugu15’s kernel exploit rn

stability?

why weightbufs

Better support (I think)

Breaks WiFi

mhm

understandable

hypothetically

could you convert fugu15 to use mcbc

wifi bug

well, 14.2.1 and below was also fucked for Taurine

not because of an exploit related issue though

just because cs was lazy

codesign troll

This happens on every iteration, the latest supported firmware is the best and rest goes to 🚽

yeah, I just meant something for 15.4.1 could be developed and the exploit fixed later

as always

Any way we could disable the driver during jailbreak?

that wouldn't fix it though

Ah

RIP 15.0 to 15.3 users on fugu

it's fixable though

Fugus15

you have PAC PPL bypass and KRW you can literally do wtf you want

someone help Xina with PPL

it gives me great pain

PPL would not help him

it would fix fork

would it not

the entire jb probably needs to be rewritten to work with PPL

it would

only thing I care about is that becuase I'm tired of people showing me that their install scripts arent working or whatever

gm

wtf

hes alive

wtf

no

oh

are you dead

ye

Hai 🙂

you'd know if you were active in #api-abuse

if i was in that server*

if api-abuse was a gc i'd participate

not joining that server tho

real

cope

🚎

might do it tbf

so we dont have one channel for all sites fr

true

im down

i just dont wanna join that server

if it was a gc i'd do it

so true

yeah, everything’s fixable there, the effort for that though is unknown…

We know the reason for the wi-fi bug, I wonder if we could diff driverkit’s newer versions and find how it was fixed since it’s open source…

So when ellekit is released is it going to be added to fugu15 or just something we would have to install ourselves after using fugu to jb

btw what is PPL again?

ellekit is completely independent from fugu15

Page Protection Layer

more specifically?

penis

It basically protects you from doing stuff to certain parts of the Kernel, even if you have krw

most helpful dev award goes to: (/s)

So it’s it’s own jb?

yea

unironically

it’s not a conversation for #development

this channel is like the least helpful thing ever

please leave this channel for penis talk

yeah bro have you seen the video

Okay lol was just curious is all

💀

im on fire, got this working

now I just need to move other libs

never mind

hurrah for _$s10Foundation4DateV13ISO8601FormatySSAC0cD5StyleVF symbol not found

_$s10Foundation4DateV13ISO8601FormatySSAC0cD5StyleVF

_$s10Foundation4DateV13ISO8601FormatySSAC0cD5StyleVF

_$s10Foundation4DateV13ISO8601FormatySSAC0cD5StyleVF

it doesnt appear in libswiftFoundation.tbd from Xcode 14.1

funky

(c3)ard @grave sparrow

@grave sparrow you're a bob

@grave sparrow you're a bob

youre all bobs

that's barely scraping the surface, chatgpt knows a lot about jailbreaking 🤯

Can chatgpt make a jb?

tried it

chatgpt said its too complex

But it should be able to learn how to right

Or no?

imagine it just spurted out a ios 16 untethered jb xd

Does ellekit work rootless?

@tepid olive I hate to say it, but try one of capts tweaks

They will probably bootloop you though

real

lmao

i did

panics immediately

it’s my fault tho i think

Hi, is there an entitlement to keep an app running forever and not getting killed by watchdog?

Do you think it's going to keep it running actually "forever" until phone reboots?

I'm concerned it could still be killed in case of RAM shortage

Thanks, I sure will

Just don't use a lot of memory

I'm using 30MB

wouldn’t that cause a lot of battery drain

Good luck finding logos in a package manager, or, once installed, finding the main menu in the UI

"open Logos and select Create New Project" I wish

still nuts

honestly it got everything except that right though

ChatGPT probably writes a better tweak tutorial than most of us can

just need to clean up mistakes like that

ChatGPT wrote the NewTerm 3 description you'll see soon 🙃

never writing a description myself again

It's great for stuff like that

Especially when you don't want to spend time writing

https://cdn.discordapp.com/attachments/688121419980341282/1054704170495655947/image.png

cleaned up the wording a bit since then but that's almost verbatim from asking it a series of questions on what I should say

Goddamn

Awesome and scary technology

the mad man did it

already covered

thonk

might be the only dev aside from @ocean raptor who's actually bothered to attempt building their package as rootless

Captain Incorporated

Zebra seems to be the first and still only package to be released as iphoneos-arm64

pro packages aside

sileo was months ago

the build in pogo is rootless and arm64

ok tru

Zebra and Sileo

ye

tbf

Cydia needs to rest

no mfer should dare try and patch that

installer seems dead

saily is well, saily

rootless Cydia exists💪🏼💪🏼💪🏼

i saw someone made a patched to fuck build up

however its using setuid and co

unless someone changed that in the past week or so

too busy ballin to fix cydia

hayden no

dont say that

someone will

noooooooo

!!!!

ok

trade offer

cat pic in exchange for the death of cydia

random q but does anyone know a program i can use to diff 2 large text files?

each file is ~190MB

git

dosnt that have a file size limit

not locally

i shall look into that. thanks

git can in theory diff a file of any size

you'll only come into issue when you try to push somewhere like github, which has a file size limit of 100mb

yeah..

every ios beta and update i look at a few files and diff them looking for product leaks

if you're just diffing 2 text files you could just commit one, replace it with the 2nd

commit it

and then diff it

one of the files i look at is 190mb

but i usually upload to github

except for this file

you could always upload the diff itself

true

ill have to see if the git diff thing outputs it in a user readable way

you can open them in vscode

which can be quite user readable

any time i try opening these files in an app, they freeze up lol

textedit gets really laggy

I've opened a 1gb file in vscode before

didnt seem too bothered

interesting

ill try again

besides

git diff is pretty user readable anyway

I did it already

I deleted the gh repo though

There may be a build floating around

Or I may have a local copy on my hard drive

@shut stag xcode has an app in it called file merge

use that, it shows file differences

but that requires downloading xcode

do you not have it??

was taking up too much space

for something i rarely used

i have it on my mac mini

just not on my mbp

just download xcode tools

nerd

tech tip: to free up hella space you can delete the simulator run times

sim troll

i have xcode command line tools

each runtime is something like 4gb

I don't understand why apple felt the need to include them all

they only include ios by default now

which is ok

but I would still like the choice

like yes I do use the sim because most of the time my phone is occupied

but having the option there would be nice

be like me, delete critical files and brick the previews thingy

Is that your stuff won’t build?

no

Oh ok good
I was worried that you managed to break Xcode for dumb reason like that

no i did

once

https://twitter.com/jbvq19/status/1605569931147632641

.

ur the 3rd person to ping me with this

I hate it

so much

🧌

just let it die

True

I remember when Capt commited code to Taurine and it caused many people to bootloop

Oh we just Capt washing jailbreak history then Aite

i remember when the bootloop happened on capts tweak

@pearl sail wasn’t it like super common

Very common for every jailbroken device there was 75% that you were going to bootloop thank to @grave sparrow

now there would be 4 competing standards

i’m right

ur tweaks arent working

Capt moment

its actually my fault

lol

@grave sparrow https://media.discordapp.net/attachments/887086498338439178/1053088787552542720/image.png

not really

surely theres a better way to do this?

im sure the compiler is going to have a wonderful time with this

yall

first rootless tweak

all I want from apple is the ability to add iokit entitlements

lets fucking go

@ocean raptor here you go

yes

there are no other ones

LMAO

fucking hell

if it didn't work i would have fucking debugged it for hours

i hate u for this

evil

its assembly

also

 <key>com.apple.security.iokit-user-client-class</key>
 <array>
      <string>AppleStockholmControlUserClient</string>
 </array>

I will exchange one blowjob for the ability to grant this entitlement on iOS

why the FUCK are you using /Library/MobileSubstrate

/usr/lib/TweakInject needs to be the standard

you use the prefix but whatever

@grave sparrow

average coolstar jailbreak user

it's a cleaner path

Nerd

I agree

good to know that my MSHookFunction works

:3

??????

Dumbass

/s