#development

https://github.com/chenzhijie/autolaunch/blob/084957e739dc98aae42eba80a67339f98e4ec9cb/Tweak.xm#L25
https://github.com/wenliabc2007/IOS13-SimulateTouch/blob/95c413598e0483f1f903b764815977d40dabca8a/pccontrol/Common.xm#L135

that guy doesn't know how to write a shell script either

https://github.com/xuan32546/IOS13-SimulateTouch/blob/master/layout/DEBIAN/preinst

lol

don't look at the postinst.

What are my options to print logs with nslogs on palera1n? oslog seems to be broken. (I know I can write to file, trying to avoid that)

idevicesyslog or Console.app

wtf

do NOT check the postinst

it makes me cry

https://github.com/xuan32546/IOS13-SimulateTouch/commit/f978944613e399cb2cadd80fd990a1e3c06e19a4

at least he fixed it breaking

have a look at latchkey

i found only this

    return %orig;
  }

but i cant find it in santander, for example

is it a bundle or something?

can u test ellekit

also this in trolllock

- (id)initWithPackageName:(NSString *)arg1 inBundle:(id)arg2 {
if(![arg1 containsString:@"lock"]) {
    return %orig;
  }

but still there are no "lock" bundle

could be this: /System/Library/PrivateFrameworks/SpringBoardUIServices.framework/lock@3x-d73.ca

but uhh

there are 5 of them

oh wait

yesss it's that

nvm

thanks @faint stag

where could I find SpringBoard headers n such

uhh, multiple places

basically you're looking for patched SDKs

you can find some in theos/sdks along with a script to make them

theos/headers has some commonly used frameworks along with other commonly used headers like substrate, libprefs, and libhooker

How do I view trustcache on fugu15

https://developer.limneos.net/?ios=14.4&framework=UIKitCore.framework&header=_UIBatteryView.h
I found this, this is pretty Çool

Quick thing, since the framework is UIKitCore and your package is targeting com.apple.UIKit, would the tweak still work on iOS 14+, or does it just work? @ocean raptor

Mr. Launch 😁

What tweak works on rootless ellekit

#developer-tweets message

Assuming ones that follow these guidelines?

Tweaks don't work on Fugu15.

I’m testing ellekit

Does ellekit work without any tweak injection support?

there's an atria build for rootless ellekit

i think ellekit's loader needs a tfp0 patch

actually tfp1

but it needs a patch to task_conversion_eval i think

Idk I’m on arm64e anyways trying to see if it works since Evelyn doesn’t have an arm64e device

So far ellekit seems to be installed

Try to run something...

you need the loader to say done! for tweaks to work

Like loader?

you need the loader to be in a trustcache

i think

if it worked it should look like this

And how do I put it in there

It won't work on arm64e

Using tc

Yes, it has to be. Yo @tepid olive go and grab tc binary from @ocean raptor and create a trustcache named "test" and place it in /var/jb/cache/test (make sure you're on fugu15-v0.0.3 from my server (uar.no/fugu15) and test this...

You need to reboot and re-jb in order for it to work.

it probably still wont work

is task_conversion_eval patched by fugu15?

Also check out headers.cynder.me I find it faster and easier to use than limneos's site

because if not itll error with KERN_INVALID_SECURITY

Ah

Fml

gracias

Don't know

we should make ellekit reload tweak cache on respring

fr

That’s why I’m trying to help somehow idk 🤷🏻‍♂️

Wont help

Ellekit has no support for arm64e

So failing to get it to run will be no help

ty for saving us time lol

it's not a bug or anything, there's straight up no code to support arm64e

Well Evelyne said to run loader and see what it did so that’s what I was trying to do

nvm

I'll test this and see what it does, send me the binary lol

bruh, you realize that's in TEXT right?

whar

e.g. not possible to patch without KTRR bypass

yeah

so the answer is no

i just use checkm8 patched kernel

i dont have a fugu15 device

anyways if the dylib is in trust cache, you promote the vnode manually to trust level 8 and bypass userland PAC by replacing jop_pid and rop_pid fields then it should work as long as ellekit stuff is compiled for arm64e and has the proper handling for PAC'ed thread states

but idk about CS_DEBUGGED / C function hooking

I'm also not sure whether promoting the vnode to trust level 8 is necessary or not, being in trust cache might be enough

the only things Fugu15 does is it gives you KRW, PAC, PPL bypass and a command to load a trustcache and that's it

it doesn't patch or neuter anything by itself

no

dylibs don't have PAC keys

threads do

so when you e.g. launch a binary that does the injection via task_for_pid and thread states, this binary's task and threads need to have the same PAC keys as the target processes task and threads

What is that and how do I get that

target process = launchd I guess

hm actually that could work idk

idevicesyslog is in libimobiledevice, Console.app is Console on macOS

but I just launched my binary suspended, replaced the PAC keys with the ones from the target process, and then made in continue

I think all have the same

yeah

for some reason they just all have their own field

Still don’t understand how I use that to catch nslogs sorry

the purpose is the target thread not crashing with PAC failure when you replace PC and make it continue yes

allegedly there is a kernel mechanism to do this without having to fuck with PAC keys but idk

it'll stream the log output on a computer, is that not what you want? both of them have filtering so you can filter for output from your app/tweak/whatever

like the thing here is, e.g. debugserver also has to be able to replace the PC of another process

so it must be possible somehow

I’m using windows, so I guess it won’t work?

idevicesyslog is crossplatform

I just installed the deb from Filza

Where did you get that .deb?

but can they without breaking arm64e debugging?

they don't publish official Windows builds, but just use the actions builds
https://github.com/libimobiledevice/libimobiledevice/suites/9782313447/artifacts/470326142

oh you might have to download the dependencies if you do that

it's not that bad, you can see the dependency list here
https://libimobiledevice.org/#download-details-libimobiledevice
and just get the artifacts for each of them

Thanks but I think I’ll just write a class that can be used in any tweak to print into a file, this way I can keep my old debugging ssh habits 😅

lol alr

yeah that should be it

Thank you

where would I use this tho

in e.g. opainject

ah interesting

might give this a try

I don't see a reason why it shouldn't work tbh

unless they restricted this to stuff in trust cache

so just every time before I call thread_set_state I have to call thread_convert_thread_state?

that's surprisingly simple lol

well in opainject I first make the target process alloc a proper pthread

then I hijack that

I think this too much of a design flaw for it to be fixed

Only thing they could do is restrict it to trust cache processes

idk where to get that

I think they already do

https://github.com/apple/llvm-project/tree/next/lldb 💀

if only github search wasn't broken

github search is amazing now

what are you talking about?

ok then search for anything in that repo

0 results

that's too complicated for me 😛

well it's not called

I'm pretty sure that's already handled by some macros I use

wtf when did they add regex

ellekit uses it

100% success rate

cc @naive kraken

I'm about to try

@marble perch @restive ether only 15 launchctl commands left

and it only cost me $5.81

you balled too hard

I will reimburse your development costs.

🙏

just lemme know how much it costs when it's all said and done

gonna do submit right now

then gonna call it a day

I lied

gonna do a bunch more commands

found a ton of super simple ones that I can bang out super quickly

you need a task/thread port though

only reason taurine has a pac bypass is because coolstar forgot about that api

I have all of that in opainject

lovely

how many remaining are actually useful

https://github.com/ProcursusTeam/launchctl/blob/main/TODO.md

pretty much just submit imho

@grave sparrow go ahead

add something

i love safari plus broken on 15+

do resolveport

@grave sparrow @tepid olive thread_convert_thread_state doesn't seem to work for me

SpringBoard crashes with pointer auth failure

wait, submit is deprecated and doesn't work at all anymore 🥳

w so basically done with important stuff

opainject crashes too though so idk

Is the iBoot partition (/dev/disk1) able to be mounted with a navigable filesystem, or is it just a bunch of data with no filesystem?

Code I used:

    kr = thread_create(task, &bootstrapThread);
    if(kr != KERN_SUCCESS)
    {
        printf("ERROR: Failed to create bootstrap thread: %s.\n", mach_error_string(kr));
        return kr;
    }

    mach_msg_type_number_t bootstrapThreadStateSize = ARM_THREAD_STATE64_COUNT;
    kr = thread_convert_thread_state(bootstrapThread, THREAD_CONVERT_THREAD_STATE_FROM_SELF, ARM_THREAD_STATE64, (thread_state_t)&bootstrapThreadState.ts_64, bootstrapThreadStateSize, (thread_state_t)&bootstrapThreadState.ts_64, &bootstrapThreadStateSize);
    if(kr != KERN_SUCCESS)
    {
        printf("ERROR: Failed to convert thread state to bootstrap thread: %s.\n", mach_error_string(kr));
        return kr;
    }

    kr = thread_set_state(bootstrapThread, ARM_THREAD_STATE64, (thread_state_t)&bootstrapThreadState.ts_64, bootstrapThreadStateSize);
    if(kr != KERN_SUCCESS)
    {
        printf("ERROR: Failed to set thread of bootstrap thread: %s.\n", mach_error_string(kr));
        return kr;
    }

    kr = thread_resume(bootstrapThread);
    if(kr != KERN_SUCCESS)
    {
        printf("ERROR: Failed to resume thread: %s.\n", mach_error_string(kr));
        return kr;
    }

xenon doesn't work rootless lol

that's not surprising at all

yea lol

garbage tweak not surprised

words i cannot say in this server.

so

it only worked for me if i signed the pc in the state with the function pointer key

fyi

build script written in rust

killing myself

write it in zig

@restive ether final total for today: $7.16

dm me how you would wish to recieve your funding whore

Gonna release v1.0 🥳

When did @ocean raptor became a whore?

like mother like son

Ah

no

submit is deprecated

yes

so I did a 1:1

on iOS 16, submit is deprecated

and has no code path

smd

same on iOS 15

this is iOS sim launchctl, so

I stubbed a bunch of subcommands, do one of them

I'm sure

what am I looking at

I'd agree but he just gave me money so

I put a down payment for later on top of it

real

for when my launchctl completely breaks someone's device and I have to fire up corel again to fix it

so real

try DYLD_INSERT_LIBRARIES with xpchook.dylib

what's the return code?

I would also pay you for any related development of launchctl

just cause I want it done

oh fair

you can have uhh

like $1

I gave you a script like two days ago

and it worked nerd

Quick question, does anyone remember those “carrier hacks” from about a decade ago? I’m trying to figure out what exactly they modified to add volte support to the iPhone 5

oh you didn't

if your carrier doesn't support VoLTE then it's not gonna work dog

oh never mind

I misread

The carrier does support volte, just the phone lacks the software to actually work on it

that should already be done by the macro I use

It falls back to 3g when making calls

forgot about the days of voice over 3g

hi, not sure if this is the right place to ask for this, but could someone give me a bit of insight as to what this error might mean? trying to boot ios 11.0

what a terrible time

Exception Subtype: KERN_INVALID_ADDRESS at 0xdf166081aeb129a0 -> 0x00000001aeb129a0 (possible pointer authentication failure)

I've seen carriers that still do it lol

it also has a PAC signature

in modern phones

just it's invalid

I didn’t even know that channel existed, thanks

it's not really legacy though but ok

@grave sparrow @restive ether https://github.com/ProcursusTeam/launchctl/releases/tag/v1.0

y’all remember where litten’s tweak source is?

I mean it runs and returns KERN_SUCCESS?

@steady nest idk this seems like something you would know

https://github.com/LittenArchive
this?

I respect your release name

seemed appropriate

very much true

alright will wait

?

oh no Capt is gonna do his xpc critiquing now

I mean the device I’m trying to modify is on iOS 6.1.2 so it’s a bit over a decade old lol

well yeah that's why I thought i'd post it here

my xpc is perfect

way better than his

apple is the xpc goat

If I dump the iBoot partition with cat /dev/disk1, then output it to a file using dd, does the block size matter? Because when dumping onboard SHSH blobs, the block size for the dump (both the input and the output) is set to 256.

bro

just use xpchook.dylib

https://github.com/ProcursusTeam/launchctl/blob/main/tools/xpchook.c

thanks

what is this?

should i put parenthasis

around the 36

so its sqrt(36) and not just sqrt36

that's not a normal launchd routine message

L city

Ok, I need someone on iOS 13 and someone on iOS 14 to test this

just install it then reinstall some package like openssh-server or shshd and check logs for errors

@timid furnace

@grave sparrow

hi

13

ok

pls and thank you

bet

ty

∫

thats what my dick looks like

to scale too

nah

accurate

accurate

why did it send twice wtf

we integrating some pussy 💀 💯 👿 🚬

am i tweaking

no

average discord

you should integrate some meaningful activities for self improvement into your daily routine

words i cannot say in this server

kitty

real

fr

status?

no errors, launchdaemon runs

how do you use ios toast notifications again

among

roast

uinotify

isnt there a private framework for it

https://cdn.discordapp.com/attachments/688121419980341282/1055956376309989466/factchecked.gif

@grave sparrow you can go ahead and add submit if you want

Or add any command that is added as todo_cmd

how do I add executables to trustcache and why isn't git working

it gets stuck on Cloning...

am I stupid? Is there something I am missing?

smartest stock buyer

i didn't mean to send this here

fucking evelyn discord app

still funny

true

equals 6*sqrt(3)

real.

WHY

ok sir now inprove the code please 🙏

improve*

how tho

write better code? maybe

/j

all i’m saying is there’s gotta be a better way than doing it based on like the button presses

case case case

😭

It worked @marble perch, just installed fakeroot and ran the script again.

sh repack-rootless.sh /Users/uar/Desktop/tc_1.0_iphoneos-arm.deb
Creating workspace
dpkg-deb: building package 'tc' in '/Users/uar/tc_1.0_iphoneos-arm64.deb'.
Cleaning up

I can send you the deb if you want @ocean raptor

cat

@indigo peak ok here is like actual advice instead of just "saying haha code bad fix pls"
see if the data you’re looking for is stored somewhere where it’s more easily accessible (maybe some class which manages performing the calculator operations)
then just snag what you need from there, and you can avoid tracking what buttons get pressed

Why? tc is one the repo 💀

On 1800?

It should be

I can add it if it's not

It's not

too much didnt read

Btw, make sure to switch your repo

i prefer haha bad code

fr

sed -i s/iphoneos-arm64\/1800/1800/ /var/jb/etc/apt/sources.list.d/procursus.sources

ah

It's not on the repo yet though

Adding it now

Ok, refresh

It's on 1800 and 1900 repos now

Saw it, need to upgrade Procursus trust cache for it to work on fugu

Package: plooshi.tweak
Name: Ploosh Tweak
Version: 0.0.1
Architecture: iphoneos-arm
Description: whar
Maintainer: Ploosh
Author: Ploosh
Section: Tweaks
Depends: mobilesubstrate (>= 0.9.5000)

ERROR: control file '/Users/runner/work/tweak/tweak/.theos/_/DEBIAN/control' is missing a Version field at /Users/runner/work/tweak/tweak/theos/bin/dm.pl line 83.

wtf is wrong

missing blank line at end

@grim sparrow would it be possible to run a location spoofer without a jb/trollstore

like how aemulo could theoretically run with a iokit bug

uuuuhhhhhhhhhhhh

probably

everything is reliant on entitlements really

yeah

that makes sense

I know it would never happen but I really wish Apple would just let us use whatever entitlements we want when signed to run locally

i just want a basic spoofer

thats all i want on iOS 16 😭

the interesting thing is

on ios 16

xcode will not complain at you for adding certain iokit entitlements

it will just strip them

when do they get stripped

when you compile

or when you run

compile

hm

I am now seeing what happens if you try and sign without xcode

im fully expecting an error here

yep

no matter what it just seems to remove it

Ok fellas, the ldid binary on a Xina15 jb'd phone is NOT signed

what is a fella to do

I have tried signing it externally with this: https://github.com/zhuowei/CoreTrustDemo/tree/main/badcert certificate

on a intel mac's procusus ldid and sent back over

But it keeps returning the not cert'd error Killed: 9

so what is a fella to do

noooo

left: original entitlements file
right: entitlements of signed binary

hm

@grim sparrow do you have a list of all the ents

like which are allowed to be signed regularly and which arent

useless 🙄

an easy indicator that its not allowed is that it starts with com.apple.private

using what

vmware?

blanket

ryzen cpu + nvidia gpu

I know now that using cp strips a binary of entitlements and certs n all that. However, is there another form of data transfer (airdrop, webdav, scp) that doesn't strip entitlements? From what I found, scp does strip entitlements

not at all how it works

you aren't signing correctly

make sure you use Procursus ldid

I am

then just run ldid -S<replacewithyouents.xml> binary

https://github.com/ProcursusTeam/ldid/releases/tag/v2.1.5-procursus6 from here

Now, where do I get the entitlements in order to just friggin run the binary

all: TestApp

SRCS := main.m TAAppDelegate.m QASAppSelectorController.m LSApplicationProxy+AltList.m

OBJS := $(SRCS:%=%.o)
DEPS := $(SRCS:%=%.d)

CPPFLAGS += -MMD

LIBS = -framework UIKit -fobjc-arc -framework IOKit -framework MobileCoreServices

TestApp: $(OBJS)
        $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) -o $@ $^

TestApp.ipa: TestApp embedded.mobileprovision Info.plist
        rm -f $@
        install -d Payload/TestApp.app/
        install -m644 $^ Payload/TestApp.app/
        ldid -Kkey.p12 -Sents.xml Payload/TestApp.app
        zip -r -9 $@ Payload
        rm -rf Payload

install: TestApp.ipa
        ideviceinstaller -i $^

%.m.o: %.m
        $(CC) -fobjc-arc $(CPPFLAGS) $(CFLAGS) -c -o $@ $<

%.c.o: %.c
        $(CC) $(CPPFLAGS) $(CFLAGS) -c -o $@ $<

%.cpp.o: %.cpp
        $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c -o $@ $<

clean:
        rm -f $(OBJS) $(DEPS) TestApp TestApp.ipa

.PHONY: clean all install

-include $(DEPS)

see i've been using ldid -s -Kdev_cert.p12 ldid

SO i've been having a cert but 0 entitlements? is that what I am understanding

i have been scratching at my skin bc of this

i fucking hate xina15

I have used this exact makefile plenty of times

you aren't specifying any entitlements

indeed! are you saying that I need ents and a cert to sign a binary? :)

duh

no

Now, how do I construct a ent.xml fil;le

if you are using a jailbreak you dont need a cert

even rootless?

Oh My God

🙂

none of these fucking binary files

have ents

not curl not clang fucking nothing

git does

they should

somehow

https://github.com/ProcursusTeam/Procursus/blob/main/build_misc/entitlements/general.xml

can't even do the most basic operations without facing the Killed: 9

then sign your binary correctly lol

ok, it doesn't work for me right now, but that's only because my mobileprovision is expired

how did you export your p12?

🤷‍♂️ skill issue

send p12

and mobileprovision

Unknown header magic are you sure that is Mach-O

¿Por que?

hablame

looks like your shit is fucked man

i cannot help you sadly

god

fucking

hooooly shit

no clue if it worked

cause I'm not in the mobileprovision

@grave sparrow

gm

this fucking

hHAa

are you sshed into a smart coffin

Xina15

that would explain why it doesnt work

Queen lizzie

God FUcking Damnit

oh

no

Someone said I didn't have to

xina has no PPL bypass

send the signed one

thats unfortunate

ok but the signature was fine

so smd

First I changed the ents to not be gamepigeon's bundle id

I changed it to YOURTEAMID.com.captballs.whatever

then did ldid -K../capt.p12 -S../ents.xml Game\ Pack.app

do you have PPQ check on your dev account

if so then no

the mobileprovision gives a specific list of entitlements that are allowed iirc

this dumb thing that contacts apples server to verify every launch but if its the same bundle id as an appstore app your dev account gets flagged

ldid -e Game\ Pack.app/Game\ Pack

yeah

bundle id is still the same in Info.plist

I just changed the bundle id for the signature

I deleted everything

if you have ppqcheck disabled for an app id (or cert, dont remember) the app will only last 7 days

signing and sideloading an app with ldid and ideviceinstaller is so easy (if you have a paid acct)

for developing, apple cracked down on dev accounts for sideloading not too long ago, completely destroyed udidreg and other services

uhh i think its in the app id

you need to make a wildcard (?) app id so you can use any bundle id

yea BWJ45253TT is your team id

brotha did u just give up on me, xina15 is just fucked?

god bless cheyote needs to come out cuz at least there is a standard of care

must resign every 7 days if ppqcheck is disabled, which it most likely isnt

i hope cheyote isnt going to be hacked up since procursus devs didnt even get a test build

@grave sparrow when did you register your dev account you might not even need to worry about ppqcheck

cheyote will never release

you should be fine then

ppqcheck probably wont even exist on your account

last time i checked it doesnt matter

uhh

go and make an app id and see if theres an option for ppqcheck anywhere

don't..stop...believing

i wouldnt be surprised

how were people making app ids that were just *

because i know people used to do it

you can get a * mobileprovision

here this is a better article explaining it

Since iOS 15 Apple has introduced more surveillance of your actions outside AppStore. Every single app, every time that you are launching it, is calling apple "provisioning profile query" service, that validates profile included in the app (profile consists developer certificate issued by apple, it is techincally required for app to run). And you can't lauch your app without internet connection, you know? They even don't bother at all, so included "PPQCheck" key in every provisioning profile that they are issuing for new developer accounts (for months at the moment). They can check what's exactly you are launching, when, how app is installed, big brother is watching, it's 1984 by Orwell. More importantly, they can check if app identifier belong to AppStore app or not. If it does, but app wasn't installed from AppStore, congratulations you are violator of their policy and Apple Developer Agreement. So they detect such cases and ban accounts immediately, issuing no refunds for their actions and limiting our freedom.

L

then you dont have ppqcheck

iirc people that enrolled late 2021+ have it

I hate theos

yell at kirb

yea but i think its fine since it was first enrolled in 2020

I literally just told you

Idk why but I had to press enter a ton of times to get it to sign though

No

I didn't

Why would I

What is that error from

I need more info

damn

@restive ether give me filter bypass

This from me signing or you

wtf an assert on procursus ldid

among us

auto

ok

does ldid handle appex correctly?

https://cdn.discordapp.com/attachments/688121419980341282/1056051700550615190/6MA3XHVAf74eqYCuIgkFjPtKe4AAAAABJRU5ErkJggg.png

me fr fr fr

lol

ok

come back when you fixed the issue

ldid -S Gay Pack.app

fr

D E E P

Apple codesigning got me@be like

whar

sorry

*xina15

https://cdn.discordapp.com/emojis/811294817350582384.webp?size=96&quality=lossless

it's 1984 by Orwell
I wanted to say it's literally IEEE 1394 but Apple wrote the 1394 spec

@ocean raptor lol

nvm got it to work

ok ui?

Is there a fix yet for XinaA15 1.1.5 to update the 35 dependencies?

trolllock is that funny thing nathan was showing off?

ye

anyone knows how to copy a folder from bundle directory to another path? for example a folder named assets to /var/mobile/Media/assets

in objc

I FIGURED IT OUT all of the correctly signed binaries are in /var/jb/xina!!

smh

i'm SORRY

Does anyone know where can refer to the firmware key for ios 16.1+

the iphone wiki doesn't seem to be updated for some reason

You have to get it yourself

umm, but thanks

there’s no other way

you can also ask nicolas in hack different

i have most checkm8 chips

So if i don't think about time and effort, that's fine

Yeah

Upload them after please

true

Found this guide for creating an auth system in nuxt, aaand i have an sql db that i can store creds in, but i dont really understand where and how i should send the creds to the db

https://www.digitalocean.com/community/tutorials/implementing-authentication-in-nuxtjs-app

Just write them to a txt file

It’s easier

username:password

i don’t work for twitch

but yeah, i still haven’t quite grasped how nuxt works

so that’s also an issue

ok so I have ldid on my phone now, I signed a curl binary with the same ents as the ldid binary and the same certificate as the ldid binary

but it still won't run

@interface CalculatorHistoryViewController : UIViewController
@end

@implementation CalculatorHistoryViewController
- (void)viewDidLoad {
    [super viewDidLoad];
    self.title = @"History";
    self.view.backgroundColor = [UIColor colorWithRed: 0.20 green: 0.20 blue: 0.20 alpha: 1.00];
}
@end

// presenting code
CalculatorHistoryViewController *vc = [[CalculatorHistoryViewController alloc] init];
[[self _rootView].rootViewController presentViewController:vc animated:YES completion:nil];

why does the title not show up

You need to make UINavigationController with your vc as root and present that

:/

that sucks

bc when i was doing that, i set a UITableView constraint to be the bottom of the nav bar, and when the view was rotated to be landscape, the tableview wasnt exactly in line w the top

well actually

i lied

but

it still doesnt work

i think

have you tried presenting as popover?

the view shows up

not the title

yeah you have to subclass uinavigationviewcontroller swiftui oops

follow what opa said

@interface CalculatorHistoryViewController : UINavigationController

that?

https://developer.apple.com/documentation/uikit/uinavigationcontroller?language=objc

I lied, my swiftui knowledge overlaps with UIKit lol

if i understand what you’re trying to do correctly, no
you’d want to present a navigation controller, and have the navigation controller’s viewControllers include the calculatorhistoryviewcontroller

you don’t need to subclass UINavigationController unless the calculatorhistoryviewcontroller is for navigation, which from what i understand, it is not

A navigation controller is a container view controller that manages one or more child view controllers in a navigation interface

from my understanding, your calculatorhistoryviewcontroller is not going to be managing other vcs

but rather, you want to have it be managed

i just want smth like that

^

but without having to manually specufy the dimensioons and shit of it

wym

specify the dimensions of what

The navbar

you don’t have to specify navbar dimensions

the navigation controller takes care of that on its own

https://github.com/donato-fiore/calculatorhistory/blob/main/Tweak.x#L78-L104

i am flabbergasted

you gotta use clang-format or something my man

ok yeah so what you’re doing here

is completely unnecessary if you just use a navigationcontroller

because it’ll create and manage the navigation bar for you

and you don’t have to do whatever that is

and to add the actions (done, clear, etc) just do it via the navigationItem of the calculatorhistoryviewcontroller

yeah thats why i want to use a navigation controller

this is pretty much all that needs to be done

check out the documentation link that source location sent

@primal perch

@tepid olive sick

ty

CalculatorHistoryViewController *vc = [[CalculatorHistoryViewController alloc] init];
UINavigationController *navController = [[UINavigationController alloc] initWithRootViewController:vc];
[[self _rootView].rootViewController presentViewController:navController animated:YES completion:nil];

@tepid olive everything works perfectly

Thanks again

np, glad you got it working

I’m going to try and make the big switch block not so repetitive

Might have to do some &orig calls

true

big if kCFBooleanTrue

big if 1

big if YES

big if !!1

big if 3 % 2

@tepid olive i wrote the most jank function that somehow works

void (*orig_touchesEnd)(id, SEL, id, id);

NSString *function(NSMutableString * __strong *one, NSString *function, NSMutableString * __strong *two, id s, SEL _cmd, id touches, id event) {
    [*one setString:[displayView accessibilityValueLabel].text];
    [*two setString:function];
    orig_touchesEnd(s, _cmd, touches, event);
    NSString *ret = [NSString stringWithFormat:@"%@(%@) = %@", function, *one, flatten([[displayView accessibilityValueLabel].text doubleValue])];
    [*one setString:[displayView accessibilityValueLabel].text];
    return ret;
}

case 37: // natural log
    // [one setString:[displayView accessibilityValueLabel].text];
    // [two setString:@"ln"];
    // %orig;
    // result = [NSString stringWithFormat:@"%@(%@) = %@", two, flatten([one doubleValue]), flatten([[displayView accessibilityValueLabel].text doubleValue])];
    // addToHistory(result);

    // [one setString:[displayView accessibilityValueLabel].text];
    addToHistory(function(&one, @"ln", &two, self, _cmd, arg1, arg2));
    break;

so now that can replace every function, (sin/h, cos/h, tan/h, ln, log)

i ain’t reading allat 😂💯

it is so unbelievably cursed

you have no idea

Why is the whole thing commented out

thats old code

what the function replacess

so much kinda better

@tepid olive i have an idea, instead of using a case for everything, i use a NSDictionary

and i just check the NSDictionary for the button id

seemingly a much better option

proud of you for working to seriously improve this project and learn

many people don’t do that

using a switch statement def only works for the lower data sets

like when it was just the 4 basic operations

and now that im scaling it up to include 20+ operations

def wont go so well

yeah lol

fs

20 switch case statements is a yikes

look it made sense when i wrote it

@tepid olive so much better

much betta

yeah i understand, as the number of supported operations grew it became less feasible that’s all

im gonna try to make 1 function for all the types
so its not 4 different functions with slight differences

for sure

ok im not proud of the result, but i was able to make it better

@crisp frost have I put your repo to shame yet? https://apt.procurs.us/pool/main/iphoneos-arm64-rootless/1800/

(still working on ~60 packages that are a huge PITA, which includes most perl libraries and llvm )

real procursus official rootless

llvm hates me

so does perl

You can't see some, Zebra, tc, launchctl.

Also get ffmpeg lol

wdym?

Try to look for tc in the link you sent

I should probably just bring my repo offline after after that whole thingy is done but idk if that’ll cause any problems

I see it

refresh

you are looking at a cache

Ah

I added a buttload of packages

How many?

no clue

(Shit updating the Procursus trust cache for Fugu will be a pain)

gonna be HUGE

how many projects, or how many debs?

we started with 74 projects, we now have 533

so +459

we now have 1131 debs

Don't know, but everything up to Zebra, new launchctl and tc is included in the trust cache, not after that.

so you have like 960 debs to add to the trustcache

a few of those should only be scripts

and others will have tons of mach-os

Yeah, but it's like 11KB already, we can maximise it to 16 and that's it (not everything can be in a trust cache lol)

How many trust caches can you load?

this is the list of packages I still need to fix and build

cctools
duktape
futurerestore
ghc
ghostbin
gtk-doc
hidapi
imagemagick
isl
jbig2dec
libapt-pkg-perl
libepoxy
libjson-c
liblocale-gettext-perl
libpod-parser-perl
libredwg
libsgmls-perl
libterm-readkey-perl
libtest-harness-perl
libucontext
libvde
libxml-parser-perl
libyaml-tiny-perl
llvm
lsof
mariadb
mesa-demos
mtree-netbsd
myman
neovim
nodejs
nodejs-lts
openexr
openjdk
po4a
pstree
pythnon3-kimg4
python3-psutil
pyyaml
qemu
r2ghidra-dec
radare2
ruby
screen
sensible-utils
shc
starship
tcsh
tmate
top
tor
ttyrec
unrar
upx
weechat
xcb-proto
xf86-video-dummy
xfe
xmlto
xorg-server
youtube-dl
yt-dlp

I haven't tested this fully, but I read somewhere about 8 (don't know if that's true)

@restive ether make me a thread in #development called "capt-hater-backroom"

ok

@grave sparrow it's not tripping at the main binary

on some other binary

the symtab offsets don't make sense for the main binary

I set a breakpoint right before the assert and the one that it asserted on did not have the same symtab values as the main binary

no

it's asserting on a different binary

the appex

it's tripping on that

oh

hmmm

if you remove the assert, does it sign successfully?

sideloadable?

and launchable?

crashes on launch?

and it doesn't crash when signed with codesign, right?

can you diff -u <(otool -l codesign-signed) <(otool -l ldid-signed)

the one that launches and the one that crashes

I thought you fixed that already?

Ok

Do the ipsw macho info --sig -V diff on the appex too

i mean small improvements bit by bit

is what you’re doing

and that works out in the end

<3

look, it works this far

so we chilling

@ocean raptor 🤣💀

what's the link for the MacDirtyCow writeup

means forbidden entitlement most likely

The one in TrollStore repo should be a proper p12

@grave sparrow while ur at it, look into this https://github.com/ProcursusTeam/ldid/issues/24

You can’t be the #1 hater while still working on it

That better?

And I totally can

🤣

Ofc

I mean you can but then it just become hating on yourself at some point

I am not procursus...

You manually build each package

Not what I meant I just meant that you are gonna eventually run into something you did on procursus

That you will hate

I did the majority of things I hate on procursus

I know

tihmstar compiling

That was the reason why youtube reborn died lol

OMG procursus 3 electric boogaloo

Very true

https://tenor.com/view/letter-h-h-letter-hhh-hh-h-meme-gif-22388730

@ocean raptor how do i build ldid for windows

make

Don't

Just download the actions

Compiling for windows is too complicated

https://github.com/captinc/ldid

im building shitter's ldid

Grab it from the pr

I just approved his actions

where windows

you're looking at it

@grave sparrow .07 per assert

The one that says mingw obviously

yeah i realized that

@marble perch should ldid automatically add the full chain to the p12 when signing if it's not in there already?

Windows sucks

preach my brotha

Besides Samsung stuff, you probably won't need it

what

yeah that's what I reported

well then, neither do I

uhhhh

Anyone know where the system fonts are located?

anyone knows how to write a file to a specific directory without access to /var? i have access to /System but i dont for var and my file is there

what

difficult to explain

I don't care

wait nvm im stupid, another question then. how do I copy a file from documents folder to bundle?

AHHHHHHHHHHHHHHHHHHHHHHHHHHH

bruh

this is what I get for not testing stuff

gm

merry Christmas

llvm

llvm this llvm that how about we get spm

😭😭😭

How about your mom stops being a whore?

true and based

@vivid dew

WTF
HOW

can someone help me with these ? already installed fs, have no idea what the fuck node:util is and honestly have absolutely no idea about the 2 warnings

o wait im f blind

poggers

WTF

@tepid olive have you looked into what needs fixed for arm64e?

yea

no actually

it gets further than i thought

which means that it’ll work out

gonna use the one weird trick to get the a key

wait wait wait @naive kraken if all processes with the same team id share the keys, will processes signed with the CT cert have the same keys as launchd

(pac A keys)

https://media.discordapp.net/attachments/1056239067601309706/1056628957816045629/Unknown-6.gif

launchd does not have a team id

oh

it's a system binary meaning it's ad hoc signed and in trustcache

shoot

that’s annoying

your best bet is the thing you said earlier

ok gonna try the posix spawn method yeah

should work tbh

i hope

this is kinda a security barrier too because normally without the CT bug you can't spawn arbitrary binaries

and to spawn arbitrary binaries you'd need to nuke amfid

and to do that you'd need to bypass PAC

so chicken egg problem

So I assume it could just work

awesome

yes

posix_spawnattr_set_ptrauth_task_port_np

the thing that apple put themselves into pac.md

not like they're not aware of it

tbh userspace pac was never anything protecting from the case where someone already has krw

it's mainly to make like exploiting userspace processes harder

opa do you wanna like, make a iOS 16 sandbox escape

actually scratch that

just update troll store for iOS 16 please

that’s like an afternoon activity for you

make it a Christmas miracle

@tepid olive no rush at all but when you have a build that needs testing I’d be more than happy to test it for you

okay great

i’m guessing that it doesn't work

like

what are the odds.

Again thank you for all your hard work you’ve been putting into this

I'm not that smart

should work

i hope

bro

not that smart either

so true.....

were waiting @opa335

you’re one of the smartest people I’ve ever talked to

@opa333

wtf

at least when it comes to iOS

you're one of the smartest people i've ever talked to

at least when it comes to Discord iOS

I have never even found a bug

so idk

who needs to find bugs

no I’m not

ok? the amount of shit you’ve done is unreal

besides. I could literally not do this, even if I had a bug and wanted to

why not

conflict of interest

mhm

I can be very greatful that Cellebrite has no problem with me working on my existing projects as is

But I can't just publish a bug I find

And also I'm fine with that

:(

I wish I was as smart as you

You work there?

yes, 6 months internship

Very nice

With that thingy you can do almost anything can’t you?

Lol jk obviously

you’re one of the smartest people I’ve ever talked to

at least when it comes to fake merch

You need to realize that the only difference between me and you is that I put >5 years into this all

ive been trying to do iOS shit since 2020

and tbh I got into the very advanced stuff by accident while just working on Crane

and I still have 0 idea what I’m doing now

and it’s 3 years into it

then the problem is most likely that you never got the fundamentals down

you need to make minecraft videos to get knowledgable on ios internals

I wish I knew where to start so I could teach myself but I doubt I could

that's true too

I have heard getting banned from The Hive for bullying a staff member also increases your chances

i've been falsebanned like 4 times

like you’ve dealt with me before, you know how dumb I am

mods have been fine to me tho

always unban

this was in 2014

that was when they were HUGE

with deathrun

BEEBA

the owner literally knows me because he personally issued the ban

SKOOP INNA DINK

those where wild times

Whoever reacted with the moyai emoji is Hella Gay.

Tbh learning fundamentals while working on random projects has always been my goto

you’re one of the dumbest people I’ve ever talked to

whats wrong with that

you’re not wrong

being dumb is a mindset though

try talking to @next wadi

coding is 90% mindset

and continuity

ah yes
whenever I sit down to write the most cursed code ever i tell myself “I am smart, I am smart” like lightning McQueen before his race

I am speed

no you need to think "this code is stupid" because at least you're self aware of it then which makes you smarter

It isn’t cursed if it works

The problem is I assume all code I write is bad, and I’m in the mentality that semvis just sent

idk then I don't think I can substancially help you lol

your switch statement

But you will get better with time

What I did, whenever I learned something new I always went back to my old code and improved it

Safari Plus 1.0 was ass

literally all of that code was rewritten at some point

some stuff even multiple times

obtain psychiatric help

can’t expect you to

https://github.com/opa334/SafariPlus/tree/18907332afcfcb79c7d8e485f54bb2d41ae277af

literally no reaction from anybody

cope and seethe some more please

SafariPlusWK damn I don't even remember that lol

bc he doesnt wanna talk to you

who is he

😭

that formatting though

fugly code

ugly

ugly

atom moment

ugly

ugly

ugly

🤮🤮🤮🤢🤢🤢🤢🤢🤢

me rn

fr

oh

wait

did you write that @hasty ruin

no

if not nevermind it is very nice 😇😇

i just dont like it if you made it

https://tenor.com/view/cartoon-ghost-haunted-youre-ghosting-again-haunting-gif-16096426

@naive kraken just take a look at this

https://github.com/donato-fiore/calculatorhistory

i dont trust people that write if(condition)

I have seen worse things, at least you know how to put commonly used code snippets into functions

gotta have the space

I mean, I’m rewriting the tweak now

but it’s just so bad

Ask capt to write it in asm

yea true

also if (condition == true)