#development

@grave sparrow JBHookFunction could be a funky define in theos tbf

Yall lets add another insanely ugly fucking prefix

Again

I vote for CPHookFunction

Capt Hook Function

PRHookFunction (Procursus Hook Function)

capt give me iokit entitlement

AMHookFunction (Amy hook function / Apple Music Hook Function)

i dont know

ur the wizard

How to load your jailbreak tweak library functions:

• Generate a list of all combinations of 2 characters from AA to ZZ
• Try to load every symbol with that prefix
• Find the first valid one
• Profit

TRUE

i'm implementing all the apis

capt

why niot

HookFunction

nah

life would be so much fucking easier if prefix wasn't a thing

and everyone just adopted it

My bad

Typo

I offered him the sexual favour first!

idc

i’m a minor for the next 2 years sadly

yes?

Why did I read flavor instead of favor

I'll do you first

where do i get iphoneos-arm64 tweaks

if you ask nicely I'll build aemulo in iphoneos-arm64 for you

https://tenor.com/view/hindi-ikaw-ikaw-hindi-you-dont-stop-quit-gif-14296606

Please do it

gimme a bit

🙈

send discord link for it

pls

i got it

@grave sparrow

Wym

It uses that on rootless

On rootfull it does that

Anyways rootless tweaks work now

Any chance there could be a utility to repack debs for arm64 rootless

Idrc

When zero tweaks are packed for rootless but many support xina rootless, it should be fine

idk how to use ellekit with swift

the github doesn't explain very well

Add the Swift package and use the hookMessage or hook methods

Oh ok thank you

This is the wrong discord and/or channel, but does anyone have any experience with running MacOS in a VM? if so is VBox or VMWare best for it? I tried VBox but XCode previews cause kernel panic's lol

what's your config

if you have M1 use VMApple

i5

this seems to be a bug in Xcode 14

I used to have it

well

I say bug

its more

it probably needs acceleration now

that's not abnormal

why not virtual box?

So I should prob use XCode 13 then for the time being lol

that worked for me

virtualbox 7 uses the apple vm frameworks now

VBox is a pain in the fucking ass

So I'm trying VMWare on Linux

is there a specific xcode template that I should use for tweaks?

And is there a general purpose document on how tweaks work?

To see if there' a performance increase and less Kernel panics on XCode 14 lol

VMApple is the technology

Not an app

I can show you some example code

class Rebinds {
    
    static var shared = Rebinds()
    
    typealias SpawnBody = @convention(c) (
        UnsafeMutablePointer<pid_t>,
        UnsafePointer<CChar>,
        UnsafePointer<posix_spawn_file_actions_t>,
        UnsafePointer<posix_spawnattr_t>,
        UnsafePointer<UnsafeMutablePointer<CChar>?>?,
        UnsafePointer<UnsafeMutablePointer<CChar>?>?
    ) -> Int32
    
    var posix_spawn = dlsym(dlopen(nil, RTLD_NOW), "posix_spawn")!
    var posix_spawnp = dlsym(dlopen(nil, RTLD_NOW), "posix_spawnp")!
    
    var posix_spawn_replacement = dlsym(dlopen(nil, RTLD_NOW), "posix_spawn_replacement")!
    var posix_spawnp_replacement = dlsym(dlopen(nil, RTLD_NOW), "posix_spawnp_replacement")!

    var posix_spawn_orig_ptr: UnsafeMutableRawPointer? = nil
    var posix_spawn_orig: SpawnBody {
        unsafeBitCast(posix_spawn_orig_ptr!, to: SpawnBody.self)
    }
    var posix_spawnp_orig_ptr: UnsafeMutableRawPointer? = nil
    var posix_spawnp_orig: SpawnBody {
        unsafeBitCast(posix_spawnp_orig_ptr!, to: SpawnBody.self)
    }
    
    func performHooks() {
        self.posix_spawn_orig_ptr = hook(self.posix_spawn, self.posix_spawn_replacement)
        self.posix_spawnp_orig_ptr = hook(self.posix_spawnp, self.posix_spawnp_replacement)
        if let orig = self.posix_spawn_orig_ptr, let porig = self.posix_spawnp_orig_ptr {
            TextLog.shared.write("orig is not nil now \(orig) \(porig)")
        }
    }
}

wait what the fuck

hold the fucking phone

phone is held

this is a posix_spawn and posix_spawnp hook

Lmao

Is that used for forking a process?

it's used in the ellekit core

for loading tweaks through launchd

It shows how to hook C functions

sorry I meant like this

There isn't, at least not yet

Should I just click empty in the Other tab and just start from scratch?

You can use a Orion package with ElleKit

Just don't use Orion methods

To get your tweak to load from Orion, add an assembly file with this code:

.mod_init_func
.quad _tweak_entry

and put a function somewhere:

@_cdecl("tweak_entry") 
func tweak_entry() {} // the start of your tweak loading, where you do the hooks

You should try making tweaks in Objective-C, because ElleKit isn't that user friendly at the moment

is it possible to programatically disable and enable clamshell mode / force the builtin display to turn on, while the lid is closed?

(m1 mba)

fine, it seems I need to rip off the bandaid for that 😔

learning objc isnt that hard

pmset should work

the syntax is kinda funky coming from rust

basically

i never learned C so this is a new experience

think of the objc runtime as an ask kindly type of deal

when you ask it to execute a selector

it asks the runtime very nicely to find said selector

define selector please

an objc method

the runtime is very open and prone to trolling

I see

from the apple docs, this allows for dynamic binding right?

Which you have abused more times than anyone can count

i know that sudo pmset -a disablesleep 1 will disable sleep entirely, not sure if that's the greatest idea however
-a sets it for all modes (battery, wall power) (there's also a ups one but that's for servers ofc)

this will still turn the display off due to the sensor but it will not sleep

you can use -b instead of -a to set it for battery power only which is probably what you want

yea the issue is not with it sleeping unfortunately but with the display being off

@shy reef i still cant get USB pass through working

no matter what i do, i hear the disconnect sound twice and then the connect sound

and nothing on the vm

why do you call dlopen with nil? does that... actually work???

I mean, if this works then only because dlopen returns NULL and dlsym interprets that as "search everything"

Stupid question but you're using USB 3.0 yes? and you have your VBox configured to use USB 3.0

yeah

i tried 2.0 & 3.0

btw, if you want to do some real world testing, I can provide you with rootless builds of Crane and all of it's dependencies (at least once theos supports compiling for rootless) @tepid olive

Have you installed VMWare Tools?

no

Install them then try, It better allows passthrough between the Host and Guest OS's

how tho

im using vbox

VMWare Tools works with VMWare and VBox

you install them to the guest os

Its a compilation of drivers and kexts

If you want to install them officially, you need to download VMWare Workstation Player (Free Version) then take the 'darwin.iso' out of the install directory, and load it into the VBox OS

Or I can send you it if you like but it is up to you

However, Because you are definitely not using a MacOS VM on Non-Mac Hardware, I'd recommend switching to VMWare. It runs a lot better.

hm

okay

that would be awesome

Yes

That’s how you get the current handle in Swift

RTLD_DEFAULT is not a thing

Can any one pls help me with swiftui? Why does @app#9627Storage(“LIST_KEY”) var list: [String] = [“test”] give a error no exact matches in call to initialize

well uh that's slow af though

you should just put the path of the lib that has the symbol into the first dlopen arg

Okay so what should I use

That’s gonna be finicky

tbh idk how swift works but for non private symbols that are already loaded into your process you don't even need to do any dlopen stuff

in swift you kinda do

like in C you can just pass &posix_spawn as the first arg of the hooking function

Yes but that’s not a Swift feature

You can do something funny but it makes the code ugly

I hate swift

let fn: @convention (c) () -> Int32 = fork
let ptr = unsafeBitCast(ptr, to: UnsafeMutableRawPointer.self)

@naive kraken

this works but it’s so ugly

looks like any other swift code to me so it's probably fine

can someone help pls?

fr

what the fuck is app#9627Storage

its @dire archStorage, they accidentally pinged @dire arch

(sorry app)

o

lmao

yea they posted in #jailbreak earlier without code formatting

@nocturne perch you cant store string array with appstorage iirc

Couldn't do quickactions? Smh

Pro hooker? That's so sweet, naming it after your mom

lmao

Send the deb

Oh wait, it needs preference loader

So you would have to configure it using defaults write lol

I doubt defaults is on the rootless repo

10 minutes 🧌

well, crane does too so

but preferenceloader is open source

I can send a rootless build of PreferenceLoader in a bit

would be awesome

purchasing ida pro on my credit card

now i will get a bug bounty and pay it off same month

Yea I built it a while ago I should push sources

What

Real?

Gl on your investment

not real

Lol

I need to write my exploit

not the worst idea ever tbf

but not great

apple takes half a year to pay

sometimes more

tysm

i would just sell to china or putin

Thank you for writing ellekit lmao

Half reviving our existence

did you test on rootless

The PreferenceLoader build? Yea I tested on 13 rootless

no like ellekit

cumeos

@lime pivot respond

Important chariz merch question

I mean, I can test it on iOS 13 rootless with ellekit if you want, but I haven't tested it with ellekit (not home yet)
And I don't want to jinx my palera1n iOS 15 rootful setup

Sorry, more than 10 minutes. I had to take a shower cause I just played 18 holes

@ocean raptor ok help me

do I do this design

or make the flame right side up

and keep the text sideways

or make the entire thing right side up across the boobs

Why are you designing chariz merch?

because

Is kirb paying you?

long time in the making

Do you even have a tweak on chariz?

answer my question

You all secretly work for chariz. That’s why dev role is orange

@grim sparrow I need your input

help

What is it

Nah, if I actually worked for chariz then rootless would be supported 🙄

Hoodie design

help

.

You have asked the queen of hoodies

Yes

I know

That’s why I asked

Is that just a really bad photoshop?

Yes

Can you put something on the back too?

probably

what do you want

I’m just thinking rn

holy

holy shit they invented male birth control

chariz merch

@tepid olive what’s your opinion on the hoodie

what do I pick

it’s not my kind of thing

i wouldn’t give good advice

sorry

it’s nice

frick

I need some input

I thinking the right side up logo

w the sideways ext

that text too big to read sideways imo

warning: i am certified not a designer

I might just say fuck it and do right side up

like regular text

honsetly

right way up

so its readable

across the boob text

with a logo

across the boob

@grim sparrow

so the first one

but black on orange

not orange on black

pretty much

and then if possible stick a flame on the back

I mean I could, but that’s effort

I’ll just do regular across the boobs

what

@tepid olive defaults is now on repo, please also switch to dist 1800 instead of iphoneos-arm64/1800

suddenly joins development at the discussion of boobs

least horny discord user

bruh I'm not horny

I'm always wholesome

simps a fake virtual shark yet still says not horny

wtf is the difference between /usr/lib/TweakInject and /Library/MobileSubstrate/DynamicLibraries

it has been made

wait omg

Real?!

you actually just straight up went and printed it

Bro has knock off chariz merch

it’s not knockoff if there’s no real merch

now send me one

yeah i have a press at my house

i can press whatever i want lmfao

can you press aemulo??

yeah?

pls

international shipping be like aite $30 for S&H on the $5 shirt

i hate dealing with international shipping

sending a brand new sealed phone from uk to us was so much effort at the post office

Buy me procursus merch

The real one

im not made of money

shut up mr moneybags

https://procursus.creator-spring.com/

chariz enthusiast

there actually is

though

sus

i’m fr

omg i have one of these!

chariz merch so good

Really?! I still don't 💀

yeah im wearing a hoodie rn

yeah I have a procursus shirt

im getting my repos confused!

@indigo peak

wait

how are you

who*

i feel like i know you

buy one you loser

but my brain is so FUCKED

who am i?

i can’t remember anything g

for real?

no for real

😲

im just really dumb

uh

gamepigeon hacks fella

i made gameseagull & calculatorhistory

yeah

Waiting for a patreon sponsor so I can finally buy one

only 2 tweaks people would know me for

that makes two of us so it’s ok

Once hayden finishes setting up the procursus patreon hopefully people will actually subscribe

1 for me and also for being an alcoholic

thats also me

if you give me an address I'll send you one

Dox myself?

yeah rn

pretty much yeah

(reply to my message 💀)

ill send my address

stop being an alcoholic!

i’m not anymore

https://tenor.com/view/mercy-drinking-gif-15459241

me when something doesnt go my way

@tepid olive
https://www.reddit.com/r/jailbreak/comments/p9co8y/free_release_gameseagull_gamepigeon_hacks_have/
https://www.reddit.com/r/jailbreak/comments/rdpu0d/free_release_calculatorhistory_adds_history_to/
only 2 tweaks people would know from me

i mean, we've talked before

what is a calculator history!!

but idk how else youd know me

math has HISTORY now??? i hate history!!

gm

gm capt

made the calculator app less dumb

but w dumb code

that is a fat w

i gotta update that shit

JESUS CAME INSIDE ME

fr

nil

my condolences

divide by 0 error

did you use nsattributedstring

at some point?

no idea

maybe

me too

i think i should just update it

like

idk how to use attributes strings

completely remake the UI

never bothered to like

google it

@indigo peak is it foss i didn’t look

^

idk what that means

open source

free open source

yes

https://tenor.com/view/oh-jesus-oh-lord-jesus-regina-hall-imdb-gif-13402726

(software)

send source

https://github.com/donato-fiore/calculatorhistory

is that a thing

+1 point good job

i made it in a day

oh

2 technically

ooooooo hold on let me find my favourite apple sdk

but i had covid when i made it

true

stop being political outside of #politics

i will dm you racial slurs neither of us can say

@indigo peak 😭

https://developer.apple.com/documentation/contacts/cnlabelcontactrelationauntparentseldersister?language=objc

i wouldn’t have written anything better but still

shhh

dont scroll down that far

i literally don’t get it though wtf is goin on here bruh

☠️

cock

my only piece of actually good advice i will give is add comments both for yourself and others

lmao

and also

do the opposite of whatever i do

imma make some swiftui views in objective c

brb

that’ll help make you better

sometimes I wonder why I do things

learn swiftui

neither do i

dw

too busy implementing low level stuff!

i wonder if apple would be able to detect dynamic

im migrating aemulo to directly interface with the hardware instead of interfacing with nfcd

not really

so many apps do it

you'd be surprised

fair

@turbid fjord

telegram is full of it

thats the highest user of it off the top of my head

what does telegram do

idek

I just know they use a lot of it

yep

understandable

IOKit and unix sockets

my favourite

ioCock

ha!

so IOKit bug will be cool

you put cock after io

amusing

i chuckled

yeah

thanks

basically I need 2 things

that I know of

my funny bone has been tickled!!

ill tickle another bone for you

thank you llsc

1: being able to call sysctl with the namespace { CTL_KERN, KERN_PROC, KERN_PROC_ALL};
2: being able to access the iokit user client AppleStockholmControlUserClient

so much developing going on

and why cant you do that in stock ios 😠

the kernel just shouts at me 😔

ask daddy apple

yep

thats why it doesnt exist yet

i dont wanna finish this sentence

basically

funny story

only one process can be connected to the chip at once

so I have to kill nfcd and then in the time before it reloads, make my connection

and then while aemulo is open nfcd just sorta sits there

trying to reconnect every 10 seconds

amy

how do i get framework headers from apple watch dsc

https://github.com/blacktop/ipsw

i havent tested it but odds are you can use that

might be able to throw the simulator runtime at it

😭

i tried and failed

my beaun

brain

it doesn’t seem to like

uhh

ok

i forgot the error but it cant get the right dmg from the watch ipsw

time to remake calculator history

lemme try it

😄

gl

i did manage to get the dsc from it but it was like

split into 23 ish files

no clue how tf to reassemble it or what tools i need or how to get headers out of it

found what I was looking for

sheesh

cum runtime

ok so

I forgo

the

watch runtime

doesnt have a dyld shared cache

it just contains all the raw binaries

so you can just stick a classdump of your choice at it

oh

someone tell me how to set up an apt repo with github/github pages

ples

@tepid olive i think i managed to get more function support for calculatorhistory

more switch statement

why is no one helping

evil

i’m gonna kms

this is the real hak5 right? https://shop.hak5.org

you promise?

ill add more

how about you message some bitches instead of some objects

yep

what i said

OMG

seen

I’m joking

We’re even then

How do i jailbreak my phone?😮‍💨

alcohol poisoning != suicide

??

@lime pivot wake up babe new chariz release

that’ll ping him twice (the selfbot pings him)

you asked this already and i told you about the repo script lol

yes

Is O.MG the best badusb for consumers

Does anyone know of a proper way to dump the root filesystem from a jailbroken iOS device (i.e. via the terminal)? I'd like to use something like that to dump RootFS's of preinstalled-only builds for archival purposes.

@tepid olive this is so bad 😭

not really something i would know

i guess you could just rsync it to a directory

but like, you would basically ignore /var/mobile and /private/var/mobile

(/var is a symlink to /private/var to just align with *NIX convention)

wtf is that, i don't even know the lang and i know that's bad

its objc

calculatorhistory tweak

as in, i don't know how to make anything in objc

lel

couldn't you just make a function for the [one] thing

nah

too lazy

@tepid olive i am unable to test this atm

installs to /var/jb/Library/MobileSubstrate/DynamicLibraries

response: 204
channel: empty

thanks discord

tested hook elsewhere and it works

(channel doesn't matter)

logging is bad for the environment

🏡 Please consider the environment before logging this server.

čum

Hey

I’m trying to find out if app was launched

Through springboard

Disclaimer: I’m very new to tweak development

I found out the method launchfromlocation under SBLeafIcon

Can someone help me how can I do it from here?

turns out a jb drop leads to clicks

ssh root@127.0.0.1 "tar --exclude /dev --exclude .DS_Store -cf - /" | xz -z -9e > iDevice#,#_major.minor_build.tar.xz

really makes me wonder if there’s a better way to do it

😴

there 100% is

but this is the “if it works it works”

kinda solutions

@lime pivot

hi

@lime pivot 1 year later

OH SHIII

looking hot mr emoji face

you actually did it? how did the print go

it was pretty smooth actually lmao

wow yeah I'm amazed from the pic, it looks kinda perfect

didn’t take too long after I actually decided to sit down and do it

what kinda dimensions did you use for the logo @indigo peak

I think it ended up being 11x4.000001 or something

I had the dimensions locked

ah easy

so whatever the Y becomes after changing the X to 11

cm?

Inches

My b

oh ya that unit

the wrong one

Forgot ab conversions

27.94 CM

And then I just eyeballed the location on the hoodie

There was no set location lmao

ty

yeah makes sense

I'm sure the merch manufacturers have a whole jig for aligning it exactly

yeah

after all, it’s my house, not a Nike sweatshop

why can't it become a Nike sweatshop

I mean I already have the kids in the basement, all I need is the equipment

.

I mean I used to have the shed for that but it's gone now

I have a shed

You seem to have a bit of duplicate code

it’s full of crap tho

just a tad bit

when I was making it I was just registering a new button without looking at what repeated code

so I wasn’t making it non-repeating

I’ll probably fix it when I get home

brainfarted trying to remember the name of the merch provider with the orange hoodie and apparently just googled "shirt printer"

some of those look like actual laser printers ngl

WTF mom why did you print out your email now I just wasted a perfectly good shirt

matching it up to the old merch logo I managed to download from my original merch order

new logo who dis

I remember now @indigo peak the hard part is finding someone who has hoodies in any color other than black, white, grey, and different grey

I did find one that looked like I could actually trust the print to not look like ass, but I'd have no clue where I wrote down that name if at all

Is it possible that dumping the entire /dev/disk0 partition would allow you to create a more complete dump? Also, is it possible to dump just the system partition (dev/disk0s1s1)? I haven’t been able to do it on my own device because it says “resource busy”. Does dumping just the system partition give you the whole root filesystem or is there other stuff that needs to be dumped as well?

Anyone could do me a huge favour and make a script to repackage debs as iphoneos-arm64 with the prefix

You asked for a rootfs dump, that's the way to make a rootfs dump. If you want to also dump the boot partition, or not dump var, you can change the command accordingly.

Wym

i’d just add the prefix

lovely

That’s fine

wtf

https://github.com/evelyneee/ellekit/blob/2b65d670217dd238bcb030fef4606a3c14c281b8/loader/patch.s this used to be my method

gonna have to bring it back for arm64e

Hey

I’m using palera1n on iOS 15.7.1

I want to show logs, but when I try to use oslog it says it killed it as soon as I hit enter

I tried ondevvicecosole but it’s says no command was found

TIL

fr

Making my fatass want some pizza now smh

if it’s killed 9 then it’s codesigning

if you're going to use oslog at least use the procursus one

that's based

how would i hook this? CalculatorModel.isUsingRadians.getter()

%hook CalculatorModel
-(bool)isUsingRadians {
  return %orig;
}
%end

%ctor {
  %init(CalculatorModel = objc_getClass("Calculator.CalculatorModel"));
}
``` i think should work but its not

and im all out of ideas

“gm” “developers”

mshookivar?

i dont even need to hook it

u should hook it manually

use the runtime

i just need to be able to get the value

do perform selector then

objc msgSend

no

tweak development is lowkey goated when modifying code at runtime is the vibe

banger

thats under strings

in ida

shut the fuck up

LIDA

LDA

old ui moment

yes

i can prob get one

i have no idea

prob instance

__int64 CalculatorModel.isUsingRadians.getter()
{
  return CalculatorModel.isAllClearActive.getter(&OBJC_IVAR____TtC10Calculator15CalculatorModel_isUsingRadians);
}

soits using OBJC_IVAR

so id assume since is an ivar its an instance

bet

thanks

and yeah im able to get an instance

@grave sparrow
trust

CalculatorModel *model;
%hook CalculatorModel
-(CalculatorModel *)init {
    model = %orig;
    return model;
}
%end

bool isUsingRadians(CalculatorModel *model) {
    Ivar ivar = class_getInstanceVariable(objc_getClass("Calculator.CalculatorModel"), "isUsingRadians");
    ptrdiff_t offset = ivar_getOffset(ivar);
    uintptr_t address = (uintptr_t)model + offset;
    return *(bool *)address;
}

just get the symbol

def not

is there not an easier way of doing it 😭

my bad

i accidentally typed that

only for zefram code

shhhhh

do not comment on this

at all

LMAO

what?

no

im just making my own version

lmaoooo

i said no comments

i know how to make it better

im just lazy

yeah

its 2 different buttons

when its deg its id is different from rad

wait

i have an idea

no

i have an idea

10000000 iq

so

theres a NSUserDefaults key for rads or not

but it only gets updated when its closed

like when the app quits

so

what i do

is when the app loads

i get the state from defaults

and then

when i press the button

i change it

ez

it doesnt get set when the button is pressed

yes

%hook CalculatorKeypadButton
-(void)touchesEnded:(id)arg1 withEvent:(id)arg2 {
  NSInteger buttonID = [self accessibilityCalculatorButtonID];
  switch(buttonID) {
    case whatever_the_fuck_the_id_is:
      // code
      %orig;
      break;
    default:
      %orig;
}
%end

only thing is

like i said before

the ID is different per button

it is 53 when the button label is DEG
and 45 when the button is RAD

its constant

Is it actually multi-threaded?

Why would you need to store the state across app restarts?

Why would you try to figure out the state from button press instead of the underlying data?

@serene ridge battery assembly here works

we need to revert to single threaded cpus

Why did you write a tweak in asm?

because it takes like 2 seconds to write

My battery percent tweak took 2 seconds to write, not that

looking at said battery tweak, is that all you need to do to interact with the battery?

true story

so is this like final

or like

@grave sparrow what ab this
kTrigonometricModeKey.unsafeMutableAddressor __text 000000010003E524 0000000C R . . . . . . .

void *kTrigonometricModeKey.unsafeMutableAddressor()
{
  return &kTrigonometricModeKey;
}

idk how id call it

or get &kTrigonometricModeKey

Calculator.kTrigonometricModeKey

https://git.ckatri.com/tweaks/tree/BatteryPercent

Dw i found the git instance and saw that. Does this tweak work on 15+?

🤷‍♂️

Can I just jb with fugu15 and use Filza to install ellekit

@grave sparrow genius idea, i just check if the button ID is hidden or not

or something like that

@grave sparrow i dont need to get rad/deg anymore, i realized i forgot to call %orig;

which wasnt making it store the result of the equation

top without, bottom with

and using %orig i dont have to do bs math

yeah it works 😭

dont

please

it’s stupid

MSHookFunction is the standard

LHHookFunctions is the batch hook standard

From what I've seen, disk1 is the partition containing iBoot; is there anything else on the disk1 partition besides iBoot?

you know you can just run mount

to see what is mounted where

Not like anybody uses your tweaks anyways lol

who’s the rootless nerd that still hasn’t compiled quickactions for rootless

💔

Did I forget to send it to you? 💀

No clue if it works

slay

@ocean raptor does it work on iPhone 6s

On 14, yes

It adds the buttons

What about 15

Idk

Never tested it

My only 15 jailbroken device is rootless lol

That build may be completely broken too

I have no idea

dude

i have an injector for u

it works

It wasn't ready until recently

And I've been away from my jailbroken phone for a week

I literally just sent it to you for your to test

it does nothing

it isn't configured though

no pref loader

iOS 15 may have changed the Lock Screen stuff

I can take a look soon

Soon™️

okay

ill get a working prefs loader

You can config it with defaults probably

accepting donations for flexall 2

development is slow

I'm accepting donations for all of my work

sending 20 dollars

(zimbabwean)

it was all lost in fees

Procursus, quickactions, launchctl, netctl, paying capts mom (she's a hooker)

you pay for her?

she pays me to service her

to keep her off the streets

Cause she has a deadbeat son who does nothing to help her

Am I wrong?

so does capt and launch have beef or is it all jokes?

launch

It's "Mr. launchctl" to you

Put some respect on my name

yeah all beef no pork

i love pork

please something that doesn't suck

what

@naive kraken if i were to run a executable on stock iOS signed with my cert, would it run?

wait what

all bins are signed like that?

is there any binary executed as root that i could hijack

use the dirty cow bug to override a system binary with mine and get root code exec

or just escape the sandbox

wym

how could i do that

i don’t have code execution

there’s a bug that allows you to replace any file on the fs

until reboot

yeah no because of platform-application

any binary that uses or gets spawned by posix_spawn needs that afaik

only stuff launched directly from launchd may not need it I think

Idk about launch daemons though

they probably need it

So not xpcproxy

<key>com.apple.private.xpc.is.xpcproxy</key>
<true/>

these are cool ents wtf

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.private.coreservices.canmanagebackgroundtasks</key>
<true/>
<key>com.apple.private.security.storage.driverkitd</key>
<true/>
<key>com.apple.private.spawn-driver</key>
<true/>
<key>com.apple.private.spawn-panic-crash-behavior</key>
<true/>
<key>com.apple.private.spawn-subsystem-root</key>
<true/>
<key>com.apple.private.xpc.is.xpcproxy</key>
<true/>
</dict>
</plist>

spawn-panic-crash-behaviour

even tho it doesn't have platform-application, I'd assume the is.xpcproxy one is checked for lol

yep

what is a launchangel?!

in an ideal world it would be the opposite of a launchdaemon

send me iOS 16 launchd

I want to figure out what it is

i'm on 15 lol

references found in xcode simulator real

i guess it wouldn't hurt to look at launchctl or launchd in ventura

send me ventura launchd then

I'm already looking at 16.1 sim's launchctl

they just add angel = 1 to the msg that is sent to launchd

i'm still on monterey but if it really wanted to i could use yaa on the update payloads

@tepid olive you got jailbroken iOS 16?

yes

using iOS 16 simulator launchctl I assume?

i used to be one of the only ones with it but then when palera1n ios 16 got released everyone had it

idc

can you compile this https://github.com/ProcursusTeam/launchctl/blob/main/tools/xpchook.c

cameron get a mac challenge

on-device?

i use ios cross compiler

then run DYLD_INSERT_LIBRARIES=/usr/local/lib/xpchook.dylib launchctl bootstrap

➜ sw_vers
ProductName:    macOS
ProductVersion: 12.6
BuildVersion:   21G115

no way he did it

I don't want to install ventura

just compile it on your mac fr

based

➜ hostname            
build.procurs.us

he didnt do it

? I need to see how iOS 16's launchctl works

k

can't you just send the dylib

fr

ok lol

i don't wanna install clang on my ipad

frcoal

figured you would want to validate the code that runs on your device

i honestly don't care

mullvad VPN

i'm just gonna disconnect wifi

ong

me when I steal adam's mullvad and hes still paying for it yet he never uses

mac stadium literally gave us this computer for free

oh lol

launchctl bootstrap system

bro said sudo wget into ~

i meant to do it in /usr/local/lib but i accidentally hit enter

frcoal

cba to cancel it

????

I'm confused

can you try launchctl load with that DYLD_INSERT_LIBRARIES too?

wtf do i load

frcoal

idk

/Library/LaunchDaemons/us.diatr.shshd.plist?

com.epicgames.fortnite??

istg the palera1n people are the worst

me being a palera1n team member:

this is iOS 16 simulator launchctl, right???

yes

I am well aware

should i stop shshd then load it

sure

how is launchctl broken then??

the messages are literally identical to what I send

idfk

wait

maybe it was broken for the same reason it was broken on iOS 15

whar

try procursus' launchctl

send deb

i don't wanna uninstall palepa1n strap

https://github.com/ProcursusTeam/launchctl/releases/tag/v0.1beta2

it's not on the repo yet

it's probably the 15 thing

what do i test on

sshd?

com.openssh.sshd

https://cdn.discordapp.com/emojis/827054006186278916.gif?size=96&quality=lossless

whose got iOS 13 and 14?

make sure launchctl unload and launchctl load work

funny (works)

when it was unloaded ssh didn't work from my phone

when i reloaded it worked

palecursus moment

rn

does launchctl bootstrap system /Library/LaunchDaemons work?

I'm getting conflicting reports

vkCreateInstance

vkCube

now do simulator launchctl

moment moment

who has iOS 13 and 14?

I only need 13 now

cause I need to test launchctl on it before I push it

not that deep bro

I got a 12 somewhere

I already tested 12

I need 13

Yeah don't got 13

then whyd you respond

Why not

yeah you could get your own device instead of relying on others

want me to pay for the corel?

i guess yeah

https://tenor.com/view/goofy-goofys-trial-mickey-mouse-gif-24945790

i have 13

probably worth it

thank god

what u need

can you download the artifact from https://github.com/ProcursusTeam/launchctl/releases/tag/v0.1beta2 then run launchctl unload /Library/LaunchDaemons/us.diatr.shshd.plist then launchctl load /Library/LaunchDaemons/us.diatr.shshd.plist

and just make sure that they work

ok

thank god removing rootless is just rm -r /var/jb/

why do you need to remove rootless

this is just a binary, not a deb

love it when cpu bottleneck gone

i'm 90% i don't have shshd or it's half broken

ok

pick another daemon then

works

W

Mucho gracias

np

gm

@ocean raptor that's 16.2 launchd

16.2 launchd has launched?!?!

lol

This has to be run on macOS?

I'll give it a go

Would try this in dash (that's the default with this bootstrap, I could've changed MTerminal over to bash for Fugu15, but I was like let's keep Hayden's legacy alive, forcing everyone over to dash )

I thought you had left for some time 😂

True

Seems like it needs otool and asking me to install fakeroot...

I'm on rootless (Fugu15), Procursus don't have that yet on rootless (1800)

Yea, I fixed it

Nice

I'll try on macOS once I get home

I like the i_n_t stuff

I knew it wouldn't be a walk in the park of course but I'm so glad most of the problem is just making sure dependency paths are right

exec/fork/etc problems aside

hey if it works it works

how is everything in general with it? like, how much is broken / how much of a dealbreaker is it?

of course rootless seems to run great on my A11 but, that's because it's A11

and I haven't exactly explored using it that much yet

I feel like that's missing /var/jb/usr/local/lib in rpath?

yeah, that aside I guess lmao

well, I do have a library there

or wait maybe not

I feel like /usr/local/lib was broken on most jailbreaks anyways

so I had to move it to /usr/lib

Me to just wish it worked on arm64e

I did that and I'm not seeing the iBoot partition.

does anybody know the path to this lock image or whatever it is?

nothing anyone can do about that besides said jailbreak dev

tweak devs should definitely be using posix_spawn though

I don't think a tweak has ever used fork

I'm sure I could find one or two

I found some 😭

who are the guilty parties