#development

can i just say that YYZ is a shit airport

Install my toolchain (definitely not malware)

 sudo apt install zstd
 curl -LO https://github.com/CRKatri/llvm-project/releases/download/swift-5.3.2-RELEASE/swift-5.3.2-RELEASE-ubuntu20.04.tar.zst
 TMP=$(mktemp -d)
 tar -xvf swift-5.3.2-RELEASE-ubuntu20.04.tar.zst -C $TMP
 mkdir -p $THEOS/toolchain/linux/iphone $THEOS/toolchain/swift
 mv $TMP/swift-5.3.2-RELEASE-ubuntu20.04/* $THEOS/toolchain/linux/iphone/
 ln -s $THEOS/toolchain/linux/iphone $THEOS/toolchain/swift
 rm -r swift-5.3.2-RELEASE-ubuntu20.04.tar.zst $TMP

run those commands

linux malware? actually its pretty easy to do

5.3.2

that’s what’s on the Theos website 💀

so who's do i install?

what I just sent

don't you think i tried it alraedy?

I should probably update it sometime...

but you tried it when $THEOS wasn’t set

so try it again now

Oh wait, I decided not to since kabir was updating his

alright then, here it goes

do you use orion?

I’m also on my phone rn, so idk how useful I can be

cuz when i'll get it up and runnin i wouldn't mind knowing who i can harass for technical support

Orion should work with Cameron’s toolchain last I checked

No

where do i get dat

ask the man himself

THE ONE FIORE JUST SENT!

Smh

That better?

oh ok

well i did this, i got dat

also @tepid olive the Theos discord is pretty good for more specific questions, link in my about

ln: failed to create symbolic link '~/theos/toolchain/swift/iphone': File exists
[justdie@aorus]~/theos% 

rm -rf toolchain/swift

thanks

for the discord

ran and running the cmd again

🫡

the salute emoji looks so bad on windows holy shit

mv: inter-device move failed: '/tmp/tmp.0JAesHpyxT/swift-5.3.2-RELEASE-ubuntu20.04/usr' to '~/theos/toolchain/linux/iphone/usr'; unable to remove target: Directory not empty
ln: failed to create symbolic link '~/theos/toolchain/swift/iphone': File exists

``` ![hellyes](https://cdn.discordapp.com/emojis/488981324120457216.webp?size=128 "hellyes")

'~'                   extras    LICENSE.md   package.json   sdks        vendor
 bin                  include   makefiles    Prefix.pch     templates
 CODE_OF_CONDUCT.md   lib       mod          README.md      theos
[justdie@aorus]~/theos% 
``` i don't even have a fucking toolchain folder

i feel like its just me being retarted right now

even tho its not even the case

hear me out

restart the whole process

rm -rf ~/theos

got it

and then just start the commands over again

done

wait

i ran the commands, no errors

even the toolchain

of course im still going to get the same errors as i used to when compilling

<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found
<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found
<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found
<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found
<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found
Building for production...
<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found
<unknown>:0: remark: unable to perform implicit import of "_StringProcessing" module: no such module found```
at 5/8

won't crash, but it shows this, already a bad fuckin sign

Did you do this

Inside your Theos installation directory ($THEOS), switch to the orion branch by running git fetch && git checkout orion && git submodule update --init.

wdym do this inside the theos folder?

yeah

which command

cd $THEIS

the toolchain?

THEOS

yeah that i did

is it normal that the path shows like this?

/home/justdie/~/theos

when i run pwd

oh nvm fixed it

@indigo peak where is theos supposed to be located in my filesystem?

/home/your_user/theos

ok

~ is a shorthand expression for your user dir

this is your host toolchain

ight no im good

the path is good i meant

ls ~

ls /home/justdie

should do the same thing

but i'll be right back got smt to do

yeah it should indeed

thanks for the help be back in 40 minutes 😭

@tepid olive what os are you on again

fedora

i need launchd code execution to give it cs debugged?

no, you need KRW and PPL bypass

which fugu has

yes but let's say you want to integrate it in your injector binary

you can't

because there is no libkrw

i dont i would just load it through fugu

alright i actually can do my thing in 20 miuntnes @indigo peak

so im still hewe

im installing fedora on a vm rn 😭

dang

fugu code is so insanely good

you can also install fedora with wsl if you prefer

tho you'll have to download some stuff online as its not officialy supported by wsl and fedora

Error: The loaded '_InternalSwiftSyntaxParser' library is from a toolchain that is not compatible with this version of SwiftSyntax
make[3]: *** [/home/justdie/theos/makefiles/instance/rules.mk:320: /home/justdie/Documents/Tweaks/nice/.theos/obj/debug/arm64e/generated/nice.xc.swift] Error 1
make[2]: *** [/home/justdie/theos/makefiles/instance/library.mk:52: /home/justdie/Documents/Tweaks/nice/.theos/obj/debug/arm64/nice.dylib] Error 2
make[2]: *** Waiting for unfinished jobs....
make[2]: *** [/home/justdie/theos/makefiles/instance/library.mk:52: /home/justdie/Documents/Tweaks/nice/.theos/obj/debug/arm64e/nice.dylib] Error 2
make[1]: *** [/home/justdie/theos/makefiles/instance/library.mk:37: internal-library-all_] Error 2
make: *** [/home/justdie/theos/makefiles/master/rules.mk:162: nice.all.tweak.variables] Error 2``` @indigo peak this explains a lot

library is from a toolchain that is not compatible with swift syntax

L

Fugu is zaddy

load what? you need to use krw, tcload is not enough

just use objc 😭

fuck no

i don't want to have a stroke reading code

bro ive had 37 strokes just reading your errors

yeah because after when it'll work i won't have strokes again

if you get it working *

i found the good swift file

swift-lang was

@ocean raptor https://github.com/ProcursusTeam/ldid/pull/28

approve actions

L bozo

Fugu itself has krw, so can’t I set CS_DEBUGGED through there and after run my code

I mean yeah, but that's not easy

tbh the #1 thing someone needs to work on is a proper libkrw

doesn’t sound fun

@indigo peak seems like i'll be using logos for now...

god fucking damnit tho

W

so, any good ressources i could look into for logos tutorials and shit?

theos.dev for the syntax

everything else is just objc

i don't know shit about syntax, i don't even know obj-c

The syntax is pretty simple ngl

i'll learn it by using logos

but aren't there any tutorial about things like that??

its just regular objective c

yeah but... i'd like to learn both at the time...?

trust me, just learn objc first

https://github.com/uroboro/Learn-Objective-C-in-24-Days-Clone

at least the basics

sure

How does one compile obj-c on linux?

i mean

i just can't seem to be able to use swift 5.7.1 at all on fedora

sadly

but uh how do i compile it?

i can't really test without compilling

zsh: exec format error: ./HelloWorld HELL

im reading the docs and tbh it does make much more sense now

dang ngl i kinda like it so far...

i mean its the first time that i actually take time to learn shit, lua i didn't ever read docs to learn the base language

because lua.org is ass first off, and because i was lazy

(and bc its english)

for C i didn't even learn C, i only learned to use gtk4 and i googled everything that was true C

but dang

i should've been reading docs sooner

its not really bad when you get used to it

i dont like swift at all

so im kinda based

😦

swift enjoyer

swift has its moments

but its bad

and i do not like it

but any lang has their moments

i fucking hate python

:(

fuck you

python is for looser

fuck python's indent

loser*

Im fuckin french

bro, you couldnt copy and paste commands right

Im cursed and retarted

and you call me a loser

my condolences

thanks...

I've been living wit this since i was born... also... there is even worst that i haven't said yes...

Im... canadian

Actually it ain't so bad

nice debugger

free healthcare

you too?

fellers do y’all reckon that I can modify the photos picker in messages to spam photos individually?

i mean im french canadian and i know some canadians are racist towards their french neighbors

Fiouf

i just get have healthcare

I have a little brother and we like to joke spam pictures of gus fring to each other lol

where ya from?

you must be europeen, free healthcare and not canadian, its impossible

exactly

I mean no matter what being bri'ish ain't so bad, i'd rather be british than being an american at least 10x

Life in the us sound kind of depressing

school shootout, people running away from ambulances because they'll be broke, and shit law overlal

new path: /var/jb/System/Library/PrivateFrameworks/PhotoLibraryServices.framework/PLEmptyAlbum@2x~iphone.png
prefixing /Library/PreferenceBundles/motuumLS.bundle/%@.png
new path: /var/jb/Library/PreferenceBundles/motuumLS.bundle/%@.png
prefixing /Library/PreferenceBundles/
new path: /var/jb/Library/PreferenceBundles/
prefixing /Library/Preferences/%@.plist
new path: /var/jb/Library/Preferences/%@.plist
prefixing /Library/Caches/cspreferences.log
new path: /var/jb/Library/Caches/cspreferences.log
prefixing /Library/Preferences/%@.plist
new path: /var/jb/Library/Preferences/%@.plist
prefixing /Library/Preferences/CSPreferences/Backups/%@
new path: /var/jb/Library/Preferences/CSPreferences/Backups/%@
prefixing /Library/Preferences/.csp_policy_agreements
new path: /var/jb/Library/Preferences/.csp_policy_agreements
prefixing /System/Library/CoreServices/SystemVersion.plist
new path: /var/jb/System/Library/CoreServices/SystemVersion.plist
prefixing /System/Library/PrivateFrameworks/PhotoLibraryServices.framework/PLEmptyAlbum@2x~iphone.png
new path: /var/jb/System/Library/PrivateFrameworks/PhotoLibraryServices.framework/PLEmptyAlbum@2x~iphone.png
prefixing /Library/PreferenceBundles/motuumLS.bundle/%@.png
new path: /var/jb/Library/PreferenceBundles/motuumLS.bundle/%@.png
prefixing /Library/Preferences/.csp_policy_agreementsenceBundles/
new path: /var/jb/Library/Preferences/.csp_policy_agreementsenceBundles/
prefixing /Library/Preferences/%@.plist
new path: /var/jb/Library/Preferences/%@.plist
prefixing /System/Library/CoreServices/SystemVersion.plist
new path: /var/jb/System/Library/CoreServices/SystemVersion.plist
prefixing /Library/Caches/cspreferences.log
new path: /var/jb/Library/Caches/cspreferences.log
prefixing /Library/Preferences/%@.plist
new path: /var/jb/Library/Preferences/%@.plist```
funny!

hello xina

nah

yes

easy

same dev process tho

yep i know

this actually uses that

This replaces references to files aswell in the deb to prefix /var/jb

It's broken rn tho because it's too aggresive

No, It's a hacked together C file

Also, does anyone else suffer from uicache issues on rootless since today

Like, yesterday it was working fine but today it doesn't work saying "Failed to register ..."

And it's my exact same configuration

why not check if the file exists before prefixing

because this is just run on a deb

bro what

Yes i know

it's wayyy too aggresive

@indigo peak i can't even get the logos working now

help

real Chad grindset

dpkg no longer is signed

gettin that Killed: 9 treatment

Actually no

exec: Failed to execute process './dpkg', unknown error number 85```

ofc

lmfao

nvm it is Killed: 9

Yea I know :(((

I used ldid but still getting error

ldid -Sent.xml -Kdev.p12 ./dpkg

This is the ents I am using

<key>com.apple.security.exception.files.absolute-path.read-write</key>
    <array>
        <string>/</string>
        <string>/private//var/containers/Bundle/xina/exe/</string>
        <string>/private/var/containers/Bundle/dylib/</string>
    </array>
``` Maybe this has something to do with it

aw well shiz

does that mean I messed up the cert on the executable or I just don't need that in general

ah

well

cr4shed apparently doesn't support rootless

Capt is now lead maintainer of ldid

L

because you love it

make captsign

literally just give up on ldid

irs not worth it

https://github.com/rileytestut/ldid Riley is now lead maintainer

we stan altstore

please donate

uses open source emulator cores

charges for it

becomes wealthy

sigma grindset

that's like the capitalist dream

dude was making like 15k/month

off patreon

use someone else's work and make money off it

big brain move

fr

it has a uuid tho, should I remove it before sending?

doesn't really matter

no one here is gonna have a use for it

jesus, respect the grind tho

lol

Exception Type: EXC_BAD_ACCESS (SIGKILL - CODESIGNING)

god bless my phone that shit is a trooper with all the spyware on it

lmfao

jk

:((

yo capt, if I get u in contact with Xina with a translator, do you think you can work with him on these issues?

aw shucks

:/ that sucks

They attempted to replace APT, don't know if they did

I wish they would make it open-source at least

nah they were just advocating for saily which doesn't use apt at ALL

or dpkg I think

idk

ah

god I would totally settle for half-baked rn

what folder fits these requirements tho

dn

dude, fr tho

can't you not execute binaries then tho

ah

oh

you mean

as the symlink

i get it now

I get it too

now

-w

Only the main binary of the specified bundle will be signed, as specified by CFBundleIdentifier in Info.plist. Any nested bundles and/or stray binaries will be completely left alone and interpreted at face-value. Applicable only when the signing target is a bundle directory, and not a specific Mach-O file. -w can be used on any bundle, not just the root .app, including frameworks, appexes, and more.

"dev"

Quick (I’m lying as always) question:
Is there a way to get current audio sample rate on every track change?
Or a way to lock sample rate so it doesn’t follow the source and converts?

(Apple Music, iOS 14, checkra1n)

Looks fine

No mergy yet though

yum

There's a PR open from march 25th

2021

https://github.com/ProcursusTeam/Procursus/pull/560

Funniest part is that it's literally my PR

No he can't lol

Sbingner still has a toolchain on elucubratus

How? Is he gonna force Procursus ldid?

W idea tbh

ldid is part of the toolchain

The patreon has $100 tier where the only benefit is that it gets one PR merged

No questions?

if your lucky* then you don’t need to be held accountable

Ez scam

Also, I did a whoopsee and I didn't set the repo version for 1800 and 1900 to 1800 and 1900

They are still 1.0a1 or whatever

capt not spam development challenge

wheres the sideloading ipas on m1 guide

you mean SIP enabled

Hey guys

Hope you can help me with this

I’m trying to delete a file /var/smth with try fileManager.removeItem(at: url) and when I throw the error it return me that I don’t have permission (but copy for example is working on var)

dalek saying the n word

for some reason they ended up with the message twice lol

message logger fail

@azure sail

what

msg logger fail

I’m from Switzerland but yeah I Speak French

It was unclear so I edited it

Any clues of what is doing this ?

we just gonna get, a jailbreak without jailbreak? All these trolltools are fucking wacky

yes

I agree with this

You all have it

Same file

phones are computers

You can’t mess with these

They’re a symlink to somewhere in /System

You would have to copy it and then make a new one that isn’t a symlink

They are both the same

yes you can

I’ve done it

lol

WHAT EVEN IS ZEFRAM

IS IT A TWEAK

I am convinced they are a symlink to system

capt would never tell me

zef 🐏

YOU SAID IT WAS EVERYTHING

AND WERE SUPER VAGUE

Gm scarlet

https://haxi0sm.tk/FilzaTutorials/

gm amy

gorn

filza tutorials 💀

lmao

Did you give yourself entitlements to touch that path

Something something sandbox

My entitlements are correct
Mobile have access
What’s wrong then ?

ok i am assuming that zefram is a tweak

basically a jailbreak (but not really)
works on macOS too! (injection)

Yep sandbox is given

What entitlement

Unsandbox i mean

that doesnt amke any sense

Zefram is love, zefram is life

Live laugh Zefram

it can inject code into things i'm pretty sure, so it makes sense

https://www.zefram.com/

how do you install zefram

https://github.com/c22dev/TrollBox/blob/main/entitlements.plist

Capt pls make the description “Live laugh Zefram”

fr

so ir

do it

I swear you’ve repeated the same ones multiple times

in the github which you will make public.

BRUH

Yep

WHY DOES FIREFOX CRASH SO MUCH ON WAYALND

Idk

i have to carefully touch every ui button

and if it lags dont touch anything

It just needs to be somewheee

othewrise it crash

L

Like how aemulo is NFC Frickery

oh this is #development

…

Permissions are just ok

Because copy works

Create dir works

Delete and move don’t

On TrollBox folder too

There is no symlinks

uh oh capt is confused

we have no chance

So then wtf

Am I fucked ?

Linked to my phone ?

It edit something in the plist that it copied and re put it

I’ve tried sourceloc roothelper but seems broken

I’m looking into it

Thanks for helping out

I’m working on a direct plist editing

Without temp files

@grave sparrow

i mean, plutil seems like a good idea if you can get it to run

plistutil can only change the encoding of a plist

no no, not that one please

Wen eta procursus plutil

@grave sparrow anything I do, even direct plist editing, don’t work.

We currently use sbingner ware 🤮

Balls

Do you have any time to help me with this ?

plutil

Ok bozo

Root balls

HAHA FUNNY

@marble perch L bozo https://apt.procurs.us/pool/main/iphoneos-arm64-rootless/1800/plutil/

I'm gonna pull a launchctl

REAL!

i mean, it works

yeah it sucks you have to clone everything but it's not too hard to build after that

sam's has a bunch of flags that Apple's doesn't iirc

so there's probably a ton of things that wouldn't work

I don't have motivation to test this tbh, but if it works I can probably switch to this and remove some hacks in TrollStore

@marble perch extremely good news:

new libiosexec function is needed

😭

setlocale()

need to patch it so that it searches /var/jb/usr/share/locale

breaks tmux

for tmux to work you have to do LC_ALL=UTF-8 tmux because UTF-8 is the only locale in /usr/share/locale

nerds

yes

tmux does not use libintl

why would they

tmux is openbsd software

did you not know that?

https://github.com/openbsd/src/tree/master/usr.bin/tmux

openbsd literally writes so much amazing software

except their OS

lol

tmux, openssh, openrsync, opensmtp

not even UX just like overall

theo de raadt when he adds another extremely useless security layer

I'll make tmux link intl and see if that fixes it

true true....

pretty sure libintl.h has defines to replace it though

I'll check

yep

REAL

ok

just add #include <libintl.h> to the bottom of locale.h like we do with libiosexec.h in unistd.h?

header guards FTW

we can add it to the bottom too

does this mean we have to ship libintl.h too 😟

wen eta gettext-tiny

nvm

subproject?

hm?

yes

GPL moment

just copy it from build_work/gettext

yes

--- !tapi-tbd
tbd-version:     4
targets:         [ arm64-macos, x86_64-macos, arm64-ios, arm64e-ios, arm64-tvos, arm64e-tvos, arm64_32-watchos, arm64-bridgeos ]
uuids:
  - target:          arm64-macos
    value:           4BC7BB8F-A0BC-3FD9-B501-AB805EEFC9F8
  - target:          x86_64-macos
    value:           A79AA705-C1C4-3D09-958F-E960C2AAB61C
  - target:          arm64-ios
    value:           7A1C6C19-AE18-3E3E-A149-A9B76BB01511
  - target:          arm64e-ios
    value:           951F8D5A-D4B0-11EB-9A25-CF9B44946910
  - target:          arm64-tvos
    value:           159623A0-A465-4E2E-A3E7-DF02522C87FD
  - target:          arm64e-tvos
    value:           C7E8A870-D4B0-11EB-A42F-D3AE38031A24
  - target:          arm64_32-watchos
    value:           C56699DC-54CF-4191-9C7B-9C13927883B3
  - target:          arm64-bridgeos
    value:           AC079058-D4B0-11EB-A862-63D08897B634
flags:           [ not_app_extension_safe ]
install-name:    '@rpath/libintl.8.dylib'
current-version: 11
compatibility-version: 11
exports:
  - targets:         [ arm64-macos, x86_64-macos, arm64-ios, arm64e-ios, arm64-tvos, arm64e-tvos, arm64_32-watchos, arm64-bridgeos ]
    symbols:         [ __nl_expand_alias, __nl_msg_cat_cntr, _bind_textdomain_codeset, 
                       _bindtextdomain, _dcgettext, _dcngettext, _dgettext, _dngettext, 
                       _gettext, _gl_get_setlocale_null_lock, _libintl_bind_textdomain_codeset, 
                       _libintl_bindtextdomain, _libintl_dcgettext, _libintl_dcngettext, 
                       _libintl_dgettext, _libintl_dngettext, _libintl_gettext, _libintl_newlocale, 
                       _libintl_ngettext, _libintl_set_relocation_prefix, _libintl_setlocale, 
                       _libintl_textdomain, _libintl_version, _ngettext, _textdomain ]
...

@marble perch you making the repos or am I...

nah, I got it

#include_next <locale.h>
#include <libintl.h>

real

should I be doing this on rootless embedded only?

apple's is literally just FreeBSD's with no changes

I'm gonna do rootless embedded only

separate repos or one?

seems easy to keep in sync if it's just one imho

i_hate_gpl

who up playin with they worm

@marble perch libintl_setlocale() is just a wrapper around setlocale() to enable LC_MESSAGES

ok, I'm going to bed

I'll figure this out tmrw afternoon

can we just get rid of non-english speakers 🧌

real

we just need to do a little bit of colonialism

(can't even get LANG=en_US.UTF-8 to work, so I have no choice but to fix this)

the brits used to be masters

I may be american

but at least I'm not british

i may be dumb overweight and shot in schools

but at least my teeth are straight

😁

I am not overweight and nobody goes to my school so it's a terrible target for a shooting

my school is like only ever half full lol

like I only have class two days a week next semester

nfr

and there are only like ~300 people total

~100 people per year

my brothers graduating class had 94

can’t be shot at school if you don’t go to school

https://en.wikipedia.org/wiki/India_pale_ale

Ah, I understand the error now:

Set LANG to en_US.UTF-8 and LC_ALL to UTF-8

That's a temp fix until I figure out how to get everything working nicely

Nice

LANG doesn't have to be en_US, it can be whatever, just make sure LC_ALL="UTF-8"

RUST 2.0

@ocean raptor where's the theos installer script/app for XinaA15

@onyx ember has Linus told you about the trustcache PAGE_SIZE thing or is it something you guessed?

because I genuinely don't see why it'd be a limitation

I found this after bricking the environment by upgrading the trust cache from 14 KB to 19 KB (in one go). And I was like how could this happen, and tested one with 17 KB as well, same thing, so I searched and found that's related to the kernel memory and was limited to the PAGE_SIZE, so after reducing the trust cache to around 15 KB and testing this, it surprisingly worked, that's how I figured this out.

from looking at the code, this doesn't really make sense though

because it just does an ordinary kalloc for the memory in what the trust cache is stored in

I know, didn't find anything there either

Hey after updating trust cache and fugu15 from your reddit post earlier I can’t get the 16 updates to install

It says they install but when I open Sileo again they are still showing they need updated

dash?

sudo apt-get upgrade (I don't like Sileo)

Sudo isn’t working

Nothing is working

Can’t even instal sudoworking

Terminal is not working 😮

?

I can’t install it anymore I had it earlier but it was giving an error so I remived the jb an re did it all now I can’t install anything

Do you have ssh?

No

Should I try to jb with fugu 0.3 from your server and try installing everything then updating it to .04 and re jb?

Does the Sileo nightly build work better then the version installed automatically?

v0.0.3 is gone, you have to go back to v0.0.2, the latest trust cache upgrade won't work there because everything kind of moved to tc creating entries on runtime, so you would have to install tc manually and openssh in order to get access to ssh on v0.0.4, where you need to force install dash, then reboot and re-jb, so dash can be upgraded, you can not use Sileo to upgrade dpkg or apt (you'll brick), use terminal, reboot, run the command again, reboot again and that's how you fix this.

Okay will try later I have to get ready for work soon

me when I drink iPhone apps

It works, but you need to start using terminal

Okay first I have to get the terminal installed

Okay sudo is working in Filza but won’t install dash kill 9 error

It won't work in Filza, do you have tc installed?

No bc Sileo won’t l let me bc dash won’t install

@marble perch is a legend

@onyx ember from kernel reversing it looks like a single trustcache file can only have up to 20 entries in it, does this sound similar to your observations with the page_size?

(I'm not quite sure if I'm reading it right though)

That's the thing, I haven't tested this fully, I read somewhere about the limitation of 8, but I'm not sure if this is true, cause as of right now, that's the total on v0.0.4, but try and see if we can add more.

Can someone send the dash deb file

https://apt.procurs.us/pool/main/iphoneos-arm64-rootless/1800/dash/

actually don't mind what I said, what I found were probably the 20 bytes of a hash being compared

Ah, let me know if you find something

I have a suspicion there may be an issue in the fugu kwrite when it writes more than one page

But I haven't looked at that yet

Could be (we need to bypass this shit all together lol)

you can't without first figuring out how to pass primitives to other processes

I know, you mentioned this in the tweet

had a quick look, I think my suspicion is correct 😉

(nvm, idk seems like it's not)

https://github.com/pinauten/Fugu15/blob/master/Exploits/oobPCI/Sources/kernrw_alloc.c#L48-L74 but still might be worth checking out whether this code handles data bigger than one page correctly

uint64_t phys = translateAddr(page);
guard (phys != 0) else {
return false;
}

...(page) referring to the PAGE_SIZE (I think)

@naive kraken

yeah I already noticed that

I don't see what else could be making bigger trust caches not work though

other than there being some sort of subtile fugu bug

@naive kraken, just found out the maximum of trust caches we can use with this thing, it seems we can use up to 256KB, meaning 16 trust caches can be used at once, whereas I'm already using 24 KB, so 256-24=232 KB left (see that in kern.memorystatus_freeze_budget_pages_remaining: 234571).

I found this code as a tweak example and i was curious, how do we know that didMoveToWindow is the good thing to use and not something else? and where do we see the options? I am currently using flexing and i don't think i can see any of that.

%hook SBDockView

- (void)didMoveToWindow{
    %orig;
    UIView *bgView = MSHookIvar<UIView *>(self, "_backgroundView");
    bgView.hidden = YES;
}

%end

Because SBDockView is most likely UIView and it’s just good practice/common knowledge to use didMoveToWidow

Who’s developing xenhtml rn?

is it?

there are other methods that correspond to loading the view, and you just have to play around with each to see what works

just don’t hook layoutSubviews unless it’s absolutely necessary

probably, idk

Where can i see a list of those methods?

Because im currently trying to hide label under apps using _UILegibilityImageView

https://developer.apple.com/documentation/uikit/uiview

probably on there somewhere

Also when i used didMoveToWindow it hides the lockscreen?

%hook _UILegibilityImageView
 - (void)didMoveToWindow{
    %orig;
    self.hidden = YES;
 }
%end

No clue

welp who cares

Lol

Thats because _UILegibilityImageView is used for a lot of things not just “label under apps”

yeah

that

Bruh

I mean when i select if using flexing it shows as this

I use the layout thing not the select

you’d probably have to find a more specific class, or do a check for parent view class or something

specific class it goes as i have no clue how if statements even works in objc!

Same as in any other language

Good practice would be to find the specific method that creates the view and make it no-op.

What does that mean? no-op?

Also i don't really see anything else related to label under apps sadly

It stands for no operation, so in this case making it do nothing instead of creating the label.

aka dont run %orig

oh

i thought it was needed

I don't even know what this does

Orig is the original implementation of that method

%orig calls the original code that method contains

if you dont call it, you can completely overwrite that method

if you do call it, you can simply add to the method

yeah but what does it do

oh ok

but is there smt like flexing but on a website or whatever? making this all from my computer would make it quite nice because my iphone 7's screen is kinda small

Nope, you have to suffer

You can look at generated headers online

Im not even sure what headers are supposed to be tbh but i'll try to find something else for the label under icons

Obviously its not going to show you the live usage of each class like FLEX would

[[FLEXing]]

i have it already

Oh i found something better

SBIconView is the class for icons with labels that are displayed throughout SpringBoard

SBIconLegibilityLabelView

and it worked!

Does Flex Ɛ work on ios 15?

I doubt it does tbh but whats the worst that happens

lol yeah

hey fiore so this works but when i change from one page to another it slowly shows back up, more and more icons label shows up each time i move around

So i guess its a problem related to my method or whatever, but even with the link you sent, i still don't see what you meant?

reveal / lookin

but you have a better chance winning the lottery than getting those to work

what does both of those mean?

theyre apps

huh

wat does dat mean

https://lookin.work/

it is an application

OHHHH

okkkk

fucking hell

its macos

Anything like that for Linux?

idk

prob not

can guarantee their isn't because ios development on linux is far from ideal

can guarantee there isn't because linux is far from ideal

I don't really like linux, its just a bit better for programming, nothing else

there isn't, you could create your own though with frida probably

but thats an entirely different problem to solve

Yeah it sounds kind of complicated...

stop misgendering

how do i obtain a prov.mobileprovision file on windows 10?

btw i do not have a developer account

@grave sparrow

not too bad

bro

chatgpt is too advanced

slight issues on step 3 and 7 but thats pretty good

ok, ill look into it

can guarantee there isn't because linux is far from ideal

until [redacted]

tru

coming 2024

@grave sparrow

when is it releasing bro

tomorrow

the search is borked tho

true

ipod

does anyone know python and imageai

No

But I know Python

And google

google doesnt help

for some reason

Anyone can guide me, how to download Theos on iOS 15? I need to compile a one tweak. I find the tutorial but i cant do it SDK thingy

Someone said i need to compile this to work: https://github.com/iCrazeiOS/ComplicationsFix

compiled it for you, #jailbreak

Real

factual

tbh i kinda forgot what the exact issue was, but whenever i tried to connect to my MySQL database using the MySQL npm package, it wouldnt let me. I was using the same creds i would have been using if i was using phpmyadmin

Yes, 3306 is forwarded, yes, bind_adress is set to 0.0.0.0, so it does listen to connections outside of itself

oh it was this

Error: ER_NOT_SUPPORTED_AUTH_MODE: Client does not support authentication protocol requested by server; consider upgrading MySQL client

What ive found out so far is that my mysql server version doesnt support mysql_native_password auth method, but i honestly have no f idea how to change that

@tardy narwhal sorry for the ping, but you were the one who helped me previously, so, ill give you some news. originally, the plan was for the ESP8266 to send all the data to the DB by itself directly, but now ive realised that probably making some endpoint using express and just making the ESP8266 post some data to it that way is better

And because of that idea, ill probably make some captive portal on the ESP8266 itself where you can put in your wifi creds aswell as a secret that will get generated once you add an ESP8266 as a device to the system

idk if i explained that good enough

The good thing is that this kind of got accepted as my internship project at the same school im going to, so ill atleast have something i somewhat understand to do

hardware dev >>> software dev

that is the opposite of what 0.0.0.0 will do but

isnt that a deprecated method

honestly have no idea

wouldnt be using mysql if i had a choice

but i dont

wtf why no choice

Uhh, long story

but long story short

This is my last year and each of us has to do their own project. Because of me not being in the country when we had to choose what we want/need to do, school itself gave me a project they need. We have/had exams in 3 subjects and one of these subjects was databases, where all we learn about is MySQL. As i needed marks in all of these subjects and didnt want to do 3 seperate projects, i basically chose to do all 3 at the same time with this thing

Good thing is that i passed all these exams

shit part is that now im stuck with MySQL

but i also have a Qualification exam at the end of the year, where i need to make something with MySQL again anyways, so

Im stuck with it not only for this, but for good

well good thing is that mysql (mariadb even) is perfectly fine

should be

it is

Should be

i dont understand the issue though

which part id you sove alreayd

everything except conneting to it via express and the mysql package

I mean...

I could use sequelize

but i honestly have no f idea whats better

Found a cool library i want but i hate it

Changed the AP creds and flashed different bins multiple times but it still shows the old AP name for whatever f reason

Even the password i set doesnt work

what the fuck

@native dune happy birthday big man

thanks!

who knows math

be specific

nah i just wondered

i know arithmetic

(learned it in primary school)

I know 1 + 1 = 3

whats 9+10

fr

ah yes, division by zero

the third equation is when they made the mistake right

also writes multiplications like that

it looks like x

it should’ve looked like •

const std::string &

no one does that

normal people use parentheses

shocking

Up to the 4th one it is correct, until they cross the (5-5) out

(5-5)=0 so anything multiplied by that is equal to 0 so the 2 sides are indeed equal

But you can't cross out like that

And you can't divide by zero.

sounds like an upgrade, you'd have to create some type of endpoint anyway to accept & process the data. express is a good choice in case you're still bound to javascript

I’m not really bound, that’s just a language i know the most

ah, makes sense

fellas how we feelin

on

Disabling the home screen in its entirety

like android launcher style

make our own homescreen

How can i make my tweak cause a respring? (using logos)

are you trying to respring from prefs

or just from an actual tweak

preferences

i am making a tweak that allows you to hide certain things, i managed to make one working button so before i try to add everything else, i'd like to make respring work

https://adamdemasi.com/2019/08/25/respring-the-right-way-followup.html

yeah i was recommended this but im not sure about the way to go

Its my first project and i still don't know much about objective-c

what versions are you targeting

like is the tweak for ios 13 and up

14+

yeah

13+?

if possible 14-15-16 but i don't really know what even makes a tweak un-supported on certain versions

apple removes code, adds codes which makes it not supportive on all versions

liek some methods exist on 13-14, but not on 12

i see

i also found this which seems quite easier

https://hbang.github.io/libcephei/Classes/HBRespringController.html#/c:objc(cs)HBRespringController(cm)respring

it tells us to use this with it
[HBRespringController respring];
but i don't know where/how to define respring

basically there's 2 things to decide on when it comes to version support:
your deployment target, which is the lowest version you want your tweak to work on
and your SDK, which is the highest version you want your tweak to work on (it may or may not work on anything higher, because in those higher versions stuff could be renamed/removed)

your deployment target ensures that you only use functions that were at minimum present by that iOS version
and your SDK controls what new methods/changes you can use

i use the sdk version 14.5 from theos on my iphone 14.8.1

generally lower SDK works on newer versions they don't really do breaking changes like that

- (void)respring {
  SBSRelaunchAction *respringAction = [NSClassFromString(@"SBSRelaunchAction") actionWithReason:@"RestartRenderServer" options:SBSRelaunchActionOptionsFadeToBlackTransition targetURL:nil];
  [[FBSSystemService sharedService] sendActions:[NSSet setWithObject:restartAction] withResult:nil];
}

this would probably work

but you want your deployment target to be accurate

thanks, i'll just have to figure out how to make that stuff happen when a button is pressed

UIButton
addTarget:action:forControlEvents:

https://developer.apple.com/documentation/uikit/uibutton?language=objc
https://developer.apple.com/documentation/uikit/uicontrol/1618259-addtarget?language=objc

- (void)addTarget:(id)target 
           action:(SEL)action 
 forControlEvents:(UIControlEvents)controlEvents;
```  the id allows me to specify which button it would react to?

no, thats an instance method

so it would be like

[button addTarget:args-n-shit]

so the id is the object on which to look for the button

so it would be self

bc youd do smth like

wait

im slow

lol

i forgot how prefs work

you might have forgotten, yet i myself have no clue how prefs works!!

convert C pseudo-code into objective-c

void alert(id a1, id a2, id a3) {
    id v6 = a1;
    id v7 = a2;
    id v8 = a3;
    id v9 = [a1 window];
    id v10 = v9;
    id v11 = [v10 rootViewController];
    id v12 = v11;
    UIAlertController *v13 = [UIAlertController alertControllerWithTitle:v7 message:v8 preferredStyle:UIAlertControllerStyleAlert];
    UIAlertController *v14 = v13;
    UIAlertAction *v15 = [UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil];
    UIAlertAction *v16 = v15;
    [v14 addAction:v16];
    [v12 presentViewController:v14 animated:YES completion:nil];
}

thats pretty good

// original function
void alert(UIView* object, NSString *title, NSString *message) {
    UIViewController *vc = object.window.rootViewController;

    UIAlertController *alert = [UIAlertController alertControllerWithTitle:title message:message preferredStyle:UIAlertControllerStyleAlert];
    UIAlertAction *ok = [UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil];
    [alert addAction:ok];
    [vc presentViewController:alert animated:YES completion:nil];
}

psuedo-code

@grim sparrow could you possibly use CVE-2022-46689 for Aemulo

i have no idea

im going to try and look into it for a location spoofer

how did it work before?

hooking CLLocationManager, or using entitlements to use CLSimulationManager

i dont know any other ways

but i can try

:/

CLSimulationManager isnt a private class, but in order to actually get it to work, use com.apple.locationd.simulation

ah

@tepid olive @grim sparrow hear me out, CVE-2022-42855

Impact: An app may be able to use arbitrary entitlements

Description: A logic issue was addressed with improved state management.

ok but do you really feel like diffing

bro im just trying to make something useful

i mean

if you want to diff

be my guest

it just may be more than slightly annoying

this is impossible to exploit apparently

wdym

Zhuowei tried

rip

It's hard to do

i wonder how idevicesetlocation works

like how does that work on stock ios

https://github.com/libimobiledevice/libimobiledevice/blob/master/tools/idevicesetlocation.c

@hasty ruin @turbid fjord @tepid olive any ideas why this is happening?

    var body: some View {```
```swift
struct ListItem: View {
    var file: File
    var body: some View {
        HStack {
            Image(systemName: "doc")
                .resizable()
                .frame(width: 20, height: 20)
            VStack(alignment: .leading) {
                Text(file.name)
                    .font(.headline)
                Text(file.type)
                    .font(.subheadline)
            }
            Spacer()
            VStack(alignment: .trailing) {
                Text(file.size)
                    .font(.subheadline)
                Text(file.date)
                    .font(.subheadline)
            }
        }
    }
}

swiftui

that is so true

Usually you just remove/comment stuff out until it compiles then that is usually the suspect

But yes it is a SwiftUI moment

As for fixing it uhhh

@grim sparrow wait i just thought of somethign

idk how stupid it is

its prob really stupid

but

unaligned_copy_switch_race(int file_to_overwrite, off_t file_offset, const void* overwrite_data, size_t overwrite_length)

right

wait

nvm

sorry for ping

just realized that would require both ldid needing to be able to run
and a sandbox escape

this is the coolest function

i have an idea for a cool app i can make w it

hello sorry for sounding dumb but how are you guys learning how to develop themes everything is search is super outdated, but maybe i’m searching the wrong stuff

i*

learn development, ios frameworks and springboard shenanigans

???

no

ask in #themes

thanks !

ok

@carmine dagger Also, a good reference is unpacking themes and trying to base yourself off that

How would I package a normal app for Cydia and others?

fr

papa johns is so mid now

Can someone make a tweak for videoringtone with custom video for each contact plus a video for general call

Lol

Vwallpaper use to do it

I made sure to @ at the beginning figured people wouldn’t see it

Hello there

Where is located all the log files of apps crashs in iOS ? Thanks

motherfucker

/var/mobile/Library/Logs/CrashReporter/

Hiiiiiii that’s me

trole

????

you do what

Sex

realized that i can just copy symbols out of the sf symbols app

free chicken and sauce, no pasta though

Eh I don’t care about free stuff but I want them to stop doing that crap… and people who follow me don’t generally follow me to see me whine about pizza

jailbreak ios 16

Hi, I'm new to tweak development. I'm trying to create a tweak for XinaA15 but I noticed that my tweak is not being injected into any other bundles that I specify within my plist besides springboard. I've already tried "com.apple.Security" and "com.apple.CoreFoundation" but I noticed that it's still only being injected into springboard.

{ Filter = { Bundles = ( "com.apple.sharingd", "com.apple.springboard", "com.apple.BatteryCenter" ); }; }

In my tweak I'm logging to check where my tweak is injected:

%ctor {
    NSLog(@"loaded %s", [[[NSBundle mainBundle] bundleIdentifier] UTF8String]);
}

This only shows:

SpringBoard(MyTweak.dylib)[7116] <Notice>: loaded com.apple.springboard

I'm also killing the relevant processes after I install my tweak and I've tried using ldrestart as well. Only the springboard log shows up.

One thing I did notice is that I get some AMFI error but I'm unsure if it's related:

kernel(AppleMobileFileIntegrity)[0] <Error>: Library Validation failed: Rejecting '/private/preboot/.../MyTweak.dylib' (Team ID: HACKERXINA, platform: no) for process 'SpringBoard(7116)' (Team ID: HACKERXINA, platform: yes), reason: mapping process is a platform binary, but mapped file is not

Does anyone know what the problem is/how to fix this?

That error wouldn’t be related since you got into springboard - it must error then handle the error. Other than that I don’t know what injection it is using in xina

smallest binpack yet

Shouldn't have lost much functionality

Included binaries:

binpack cat chmod cp date dd echo ed hostname kill ksh launchctl ln ls mkdir mv pwd rm rmdir sh sleep stty sync dmesg ifconfig md5 mknod ping reboot rmd160 sha1 sha256 shutdown arch bsdtar bunzip2 captoinfo chflags clear cut dbclient dropbearconvert dropbearkey dropbearmulti du ee egrep env ex false fgrep find fs_usage grep gunzip gzip head hexdump hostinfo id infocmp infotocap killall ksh ldid ldid2 less login lsmp mksh more nohup passwd plconvert plutil printf realpath renice reset rview rvim sc_usage scp script sed seq snaputil split stat tail tar tc tee tic time toe tput true tset uicache uname vi view vim w wc what which xargs xattr xxd xzdec zstd chown dropbear kextstat ltop pwd_mkdb sysctl taskpolicy

I see. There are additional logs prior to that last AMFI error but I'm not sure if they're useful:

kernel(AppleMobileFileIntegrity)[0] <Notice>: AMFI: '/private/preboot/.../MyTweak.dylib' has no CMS blob?
kernel(AppleMobileFileIntegrity)[0] <Notice>: AMFI: '/private/preboot/.../MyTweak.dylib': Unrecoverable CT signature issue, bailing out.

lol

Which binaries exactly do you want to hook?

sharingd ? Battery widget ?

first I'd like to hook into sharingd, specifically SFBLEDevice

Use “Executables” filter with the value “sharingd” instead

And kill sharingd process to hook it once it relaunched

I'll try that, thanks!

I think the problem might be that sharingd isn't relaunching after I kill it even after ldrestart. I tried to start it manually with launchctl start com.apple.sharingd but it's still showing that it's killed

ldrestart 💀

@marble perch can we remove ldrestart on rootless

trying to make sense of this ios thing and i find comments like this:

Also good to see Xcode 4.5 being used… so much outdated stuff around.

I don't know what's going on anymore, the logs show me logs from sharingd but launchctl list | grep sharingd gives me 7472 -9 com.apple.sharingd

After changing my plist it's still not injecting.

Ok, who is starting the doc for all the changes in rootless?

Add no more ldrestart to the list

On a scale of normal to psychopath, how bad would it be to try replacing WebKit with something else?

🗿

understood

yeah, basically this

it’s about as possible as Microsoft ever being able to truly discontinue Internet Explorer

they can delete iexplore.exe but that does nothing for the countless apps depending on mshtml.dll and friends

and mapping those APIs out to Edge WebView2 equivalents would be a compatibility disaster

Daemons are only launched when they're used, so sharingd will relaunch when anything else in the system sends a message to it

ldid ldid2

what

ldid2 is a symlink of ldid. I think I should also pirate the binpack just in case it get's deleted @ocean raptor

why would I delete it?

(it's a joke lol)

tried to change my github password, but the password entry checker has a ratelimit?????

That way you don't just brute force the password

@naive kraken Any idea if I can get a task port of a process I just spawned without task for pid entitlements

Uh I'm pretty sure you can't unless the process has get-task-allow

I don’t wanna use a jailbreakd…. launchd doesn’t seem to have the adequate entitlements

yeah figured

launchd does attach exception handlers without issue

hm

strange

ill have to reverse it more

Can't you attach exception handlers to posix spawn somehow

(maybe)

Perhaps

I saw it in IDA the other day

ohhhh i can use private mach apis

and cursed bootstrap port stuff

okay

I see. If I'm reading my logs correctly, there are in fact logs coming from sharingd though which would imply it's running.

Correct me if I'm wrong, but if I set my bundle filter to com.apple.Security and have the following code:

%ctor {
    NSLog(@"loaded %s", [[[NSBundle mainBundle] bundleIdentifier] UTF8String]);
}

I expect to be getting a ton of messages but I'm only getting springboard and Spotlight? I'm expecting it to be injected everywhere unless I'm understanding this wrong.

idk, it might just be xina not supporting injection into this daemon

I mean, for what it's worth, Choicy also does not inject into that daemon

you can see loaded libraries in the process list in xina app

hmm actually it seems like no tweaks at all inject into a process unless a tweak filters it via executable

the xina injection logic is really weird

but I wouldn't rely on com.apple.Security working on it

REAL

Can't get SecureTransport in curl to work either

I mean, that's a different issue entirely lol

I know

bruteforce? it's not a login

it's just the password strength + not found in a breach thing

anyone know what the black UIAlertController thing is called

ex: using Cydia

looks like this

https://github.com/CRKatri/cydia-1

go ahead

look at cydia source

it also appears when changing language in stock ios afaik

wth is UIProgressHUD

apparently what you want

custom thing?

I know unc0ver uses it as well

no

private thing

https://headers.cynder.me/index.php?sdk=ios/16.0&fw=PrivateFrameworks/UIKitCore.framework&file=Headers/UIProgressHUD.h

makes sense

https://cs.github.com/CRKatri/cydia-1/blob/9cb98a7c29c703839b50f852a1c736add0797731/iPhonePrivate.h

so it's in UIKit itself

how do you even take a CVE and use it to make something

like

im lost

lmao

real https://github.com/pwn20wndstuff/Undecimus/blob/master/Undecimus/include/UIProgressHUD.h

is there a writeup or something

on what you're looking at?

well im just wondering, bc i was looking into CVE-2022-46689, and i found nothing for writeups

but ik there are 2 projects that use it on ios

but then i saw 2 other CVEs that might be interesting to look into, but i couldnt find anything

https://worthdoingbadly.com/macdirtycow/

by zhowei zhang

CVE-2022-46689 is easy because xnu literally has a test case where they wrote code to exploit it for you

usually if there's no writeup u gotta bindiff it and look into what specific part of XNU the bug is located at

that is what people like lailo do

well i wanted to try to at least see how this shit is done

like at least see a writeup or something

ex: back when Fugu15 came out they looked at CoreTrust because it mentioned it in writeup

or an idea

if UIProgressHUD is the same in 14 & 16

i wonder how long it's been in iOS for

maybe like iOS 2 or 3 or sum

https://github.com/kennytm/iphone-private-frameworks/blob/master/UIKit/UIProgressHUD.h

iPhoneOS 3.x or before

last edited 11 December 2009 💀

https://iphonedev.wiki/index.php/UIProgressHUD#cite_note-1

gm

i mean, if you have details on the vuln, basically all you need to do is exploit it

but i can tell that you want a writeup

I want literally anything

I can try to figure something out after that

https://apt.procurs.us/binpacks/

How would I go about adding a new Temperature unit to the Language & Region section of the Settings and apply it system wide?

%hook WFTemperatureUnitObserver

    -(int) userTemperatureUnit {
        return 3;
    }

%end

My current tweak does this and it is suppose to only work with the Weather app?

https://apt.procurs.us/strapons

404