#development

what exactly

CS_DEBUGGED is easy to get

without krw

ptrace

idk what exactly is needed to use ptrace though

you can always use the PPL bypass of Fugu15

maybe you can get it with just PAC bypass too

idk

15.5 betas

until fugu16 drops in 9 or so months

enough time for you to call me stepfather too

yeah but that's nothing new, PACless jailbreaks are dead and PPLless jailbreaks will be unstable in 15.2+

he tried saving us but nobody bothered to do anything useful with it

btw why would we need to write to the physical address space

no clue the PAC bypass of Fugu15 needs it

there is an "attachme" binary in xina you can reverse

I suspect that's what xina uses to get CS_DEBUGGED

but it's really not rocket science

hum

oobPCI is the kernel exploit?

badRecovery is the PAC bypass for that matter

and I know of this requirement because I read the code

yep it's the kernel exploit

it uses driverkit to get phys rw

yep

I had a rough idea it was because of the kernel exploit so I went into the presentation again

You can do it from a normal process too but you somehow need to get an IOBufferMemoryDescriptor mach port to your process

then you can find that object in kernel memory and patch it to get physrw

there is a twitter thread here https://twitter.com/cutesmilee__/status/1596190896915042305

john xina

hopper decomp

get ida home like evelyn its cheap

dude cant afford 1$/day

it's capt what did you expect

fr

man can't use ida

capt when he lives in the 7th richest county in virginia

or ghidra

but is poor

https://cdn.discordapp.com/attachments/934606253873827931/1060722414708858890/IMG_0071.png

7

but yea country

still broke

yep lol

me when that theme

https://tenor.com/view/facts-brother-gif-25434537

@ocean raptor https://github.com/theos/theos/pull/687 happy now bozo

@twilit jungle merge flex all

stupidly this works

evelyn eeeeeeee

I will immediately put my hands up and say that this is not perfect and there is most definitely a more elegant solution, however it is something that will do for now

it isnt perfect so its automatically garbage, come back when its perfect

• way too many people

!!!!!!

Shouldn't it be @rpath/CydiaSubstrate.framework/CydiaSubstrate

Shittia

I don't think so?

I mean

it could be

both would work

just changed it

libsubstrate.tbd points to cydiasubstrate.framework which points to libsubstrate.dylib

its dumb

but

im just gonna keep things as they are in that regard

The rpath should be /usr/lib, /var/jb/usr/lib and maybe /var/jb/Library/Frameworks and /Library/Frameworks

Or

Hear me out

DONT USE FRAMEWORKS

I just changed it to only do the frameworks if you're using the mobilesubstrate generator

FRAMEWORKS ARE DUMB AF

Go ahead, version your framework

Because you want to change the ABI

@ocean raptor https://github.com/elihwyma/lib/invitations if you have some suggestions to make you can do that here and https://github.com/elihwyma/theos/invitations

I just invited you to edit both

and by suggestions I more mean changes

it looks amazing

@crisp frost by the way, if you ship your dpkg patch in rootless palera1n I will revoke your keyboard rights

skull emoji

What is their dpkg patch?

recreating what xina did

Oh god

but for ios 15+ palera1n

https://tenor.com/view/patrick-star-gif-23571967

it isn't shipped

and will never be

dont

you're gonna make cam delete the whole procursus dist

we have rootless theos support

well

it exists

wait what

I can't even get people to use the procursus dist 💀

_ _

I did a thing

skull emoji 2

we need theos 3.0

hopefully mr upside down likes my quick changes and we can start to bully devs soon

As I said before

I will ship all of my stuff as iphoneos-arm64 soon

Theos is deprecated

Handwritten makefiles are better

QuickActions 2 will be iphoneos-arm64 only

If only I had a repo to host it on

chariz supports iphoneos-arm64

now all we need is devs to start using it

where is the nvidia drv on procursus

so true

windows real

Would anybody like to donate a dcsd cable to me?

windows real

i will donate 0.00 USD

the macdirtycow exploit only allows for overwriting in /System right?

it gets reset every reboot

It also works for /var

yeah

but you need to manually do the file path

I was just wondering if it was possible in /usr

hmm

( i think )

i mean if it can write to system probably usr

see thats my thinking

cant really imagine how that would not be true

Wen eta Cameron CVE to get arbitrary entitlements so I can finally use aemulo

so true

Psychic Paper 2

Good idea

I can't seem to hook into replayd. filtering plist has "com.apple.ReplayKit", "ReplayKit", "com.apple.replayd", "replayd" but none of them get a simple ctor with logging to work 🤔 any ideas?

other daemons load fine though, like backupd, runningboardd etc

Remove dead code then

no i am a windows user i always keep backwards compatibility

Win32 api when its been the same thing for 2 decades

the dead code is for newer versions

i mean, still limited to sandbox but yes

https://twitter.com/0xasync/status/1607541407937339392?s=46&t=Hu8j13vOK4pcm53hdOYCrw @twilit jungle @primal perch

fr

lmao

seems legit

The number of clothes in your closet is (presumably) on average constant so you can still say searching your closet is average O(1) 🤓

THE AMOUNT OF TIMES I KEEP SEIENG HTIS

Its not a constant because the clothes on the chair aren't in the closet...

i've had this dmed to me by multiple people

yeah

@misty cradle late

But I have a constant number of clothes in my closet

Its still faster to get it from L1 cache then permanent memory

i think i have a new name for my dirtycow app

The cycle of moving the clothes from the chair to the bed to sit down and then from the bed to the chair to sleep is effective, yet painful

i got a beautiful icon for it

pov a your mom joke

no

hold on

beautiful

i wonder if people will still download it lmao

I will

do it fr

ong

fr fr ong

:frcow:

oh my god

someone needs to make this

@grim sparrow just replace nfcd using dirtycow 😮‍💨😮‍💨

whats nfcd?

funky beep boop code that does all the shit with nfc on phone

aw dirtycow can't read files :<
there goes my idea for a dictionary manager

i mean, yeah but half the things you could replace are readable files if i'm not mistaken

the nfc daemon

this is me but with iPads

i have like 6 iPads

hey all, i was wondering if i can get some developer feedback for this framework i've been making mostly as an experiment https://github.com/jjolano/HookKit
currently only Shadow is using it with success so far

Looking for devs to make me esp hacks tweaks for critical ops will pay good

Have pp and crypto

Have a source code alr

Just need a update it

Your mom!!

/home/cloudly/theos/toolchain/linux/iphone/bin/strip: changes being made to the file will invalidate the code signature in: /home/cloudly/projects/testmodmenu/.theos/obj/arm64e/testmodmenu.dylib
[cctools-port]: generating fake signature for '/home/cloudly/projects/testmodmenu/.theos/obj/arm64e/testmodmenu.dylib.strip'

help pls

theos error

It is $15

That probably comes from AsyncDisplayKit/Texture, so learn how that works first: https://github.com/texturegroup/texture/

that looks scarily similar to what I'm doing in my projects to use libhooker API when available. Anyways if you want some advice, I think getting the function symbols at runtime using dlsym isn't the best idea. If I made a library like this I would have made 3 different packages, one for each hooking framework that links the hooker lib and translates calls to it directly. Coolstar once told me that dlsyming libhooker symbols and calling them would not work on Cheyote, but no idea if that was actually correct or whether they just wanted me to hard link libhooker. I mean this isn't a hard requirement because after all I'm also using dlsym.

how can dlsym not work

So yes?

dont ask me

coolstar moment

Yeah i originally was thinking of weak linking everything but was afraid of unnecessary dylib loads so i settled for dlopen with noload :/

I guess the best is what opa suggested - separate hard link version for each hooking lib. I wonder how this would look like in control depends though?

Actually maybe dependencies wouldnt be so bad if it defaulted to a substrate compatible version and the user can choose to “upgrade” it to the more specific lib version.

Virtual package maybe

where’s the n+1 xkcd when you need it

https://xkcd.com/927/

@hasty ruin

gm

gm

true

this all wouldn't be an issue if substrate had MSHookFunctions

maybe someone could ask saurik to just implement that

fr

most relevant one

^ like it or not, Substrate IS the standard rn

he’s right you know

roasted

https://tenor.com/view/roasted-patrick-patrick-star-squidward-spongebob-gif-22297416

fr

never been a more appropriate time to post this

fr

i stuck it on the wall of my electronics classroom

upon learning that every maker of transistors uses a different pin layout

Rip interchangeability

@grave sparrow aint no way man

(capt came out in dms)

by the Coda devs

done

makes sense

oh wait this isp iracy im gonna get banned

true

@primal perch now do it without breaking the signature

why would anyone even wanna use that

ui looks so ass

MSHookMemory

this is an ad bypass

__attribute__((naked))
void gorn()
{
  asm("mov w0, #9999");
  asm("ret");
}
// ...
MSHookFunction(_dyld_get_image_header(0) + 0xce2880, gorn, NULL);```

nude code

nsfw

not safe for nova devs

won’t work if you insert it

because the image index will be 1 then

now entering troll valley

trollistan

ok then get the base address properly

or use a tweak loader that doesnt nuke the image indexes

substrate my beloved

use ellekit.hook(0xce2880, &gorn, slide: _dyld_get_image_vmaddr_slide(1))

easy

every single one does this

0 always worked for me

they insert pspawn

so that makes no sense

i use substrate and LH (Reluctantly) only

at least i don’t inject in every process

and break every single chained fixup

oh right and for the x64 mfs 31 c0 ff c0 c3 @ 0x2dd9e9

@primal perch

why substrate is bad ^

Should I care about libhooker’s api

no cuz its not the standard

sorry but anyone who compiles their tweaks with LH apis only is a nerd

nobody does that

ive seen someone in sileo server do that or something

no surprise

The time for adoption was when it was released now it is a bit too late tbh. I don’t think you can get a lot of people to use it regardless of how it is handled from now on.

my app icon looks so unprofessional but its so funny

Isn't this why some cs tweaks need libhooker shim

What is the app supposed to be

black camera sim

fr

dirtycow stuff

Well what's the name

https://media.discordapp.net/attachments/1042510516536496138/1061129290059632650/Screenshot_2023-01-06_at_22.48.54.png

Cowabunga

based

okay it's goofy, but not bad

i dont think people would want to use it over something like fileswitcherx

i would

Is that the Moo Moo Meadows cow

no it's your mother

Is this following because of objc_direct?
I see the string "-[RPClient initWithConnection:clientProxy:bundleIdentifier:]" in the disassembly of replayd, but the class is not defined there. NSBundle bundleForClass: returns that this is part of the Rapport private framework, but it doesn't have that class defined when browsing it in runtime. I have been able to hook symbols not exported before using MSFindSymbol but this is not found

most helpful message in #dev

what would we do without the memes

Probably

fr

yes

my code looks a lot cleaner than most of the other similar apps but i think the functionality is still the same
fileswitcherx uses the evyrest method to persist changes but i heard it still doesnt work well

unfortunately the exploit is not great

No, the only stuff that can be objc_direct'ed are methods that don't need to be called from outside the binary itself, because they have no symbol and the rest of the system doesn't know about their existance

So if anything calls it, it needs to be defined somewhere

Oh wait

I guess that makes sense, but I can’t wrap my head around why the symbols can’t be found when they seem to be used in the binary

you mean seeing the string "-[RPClient initWithConnection:clientProxy:bundleIdentifier:]" in the binary literally or do you see something calling objc_msgSend with initWithConnection:clientProxy:bundleIdentifier:

if the former, it could be objc_direct

if the latter, then no

I see the string literally

hm idk

might be the symbol itself?

either way, the class should exists somewhere

check under Imports maybe?

The class is defined in the Rapport framework

ooooooooo

one thing you might need to do

is dlopen it in a constructor

the framework

Even tho it still says loaded for the bundle?

yeah

this is something I've come across before

https://github.com/elihwyma/MacSpoof/blob/fcf065a9d03fba9c99a6cdeb59dc1222b58aa2a6/src/Tweak/Tweak.x#L75 I had to do it here

@crisp frost i've started putting rootless packages on my repo

of my tweaks

next aemulo update will be both

(im doing ios 16 support as well as a few other things)

you're gay

shut up

!

sileo developer.

I made ROOTLESS=1 a reality in Theos

doesn't that deserve some credit

yeah wanna know smth funny

i literally checked out your fork for working on my rootless tweak

make sure to also checkout my fork of vendor/lib

and go to the rootless branch

that's worse

perl dev.

i didn't touch any perl!

https://github.com/theos/theos/pull/687/files

its so simple

I wish hyperlinks worked in discord

that would be nice

devs are either lazy or it hasn't been suggested enough

since it would take a few lines of js fr

no it's just bad

they've implemented like all other markdown and bots get to use them smh

e.g: https://google.com

real link is googie

users would see google

and even in the confirmation dialogue it'll look like google

combine that with the intelligence of your average discord user

and you have a bad situation

mane

yeah i can see that

just add a dialog for every link

and a tooltip on hover

if they added whitelisted domains for no confirmation, that'd be even better for my twitter.com ip logger

@hasty ruin

https://tenor.com/view/facts-brother-gif-25434537

@primal perch

https://tenor.com/view/facts-brother-true-smoke-gif-23157983

real

u

re

g

go up a key*

o

i thought we were gonna spell "ure gay"

not a SLUR

im gay!

return

??

how is that a slur

hi amy

right right riiiiight...

hi jaidan!

@hasty ruin help with Luz before i KILL YOU

Luz?

https://tenor.com/view/we-are-gunna-kill-you-sponge-bob-squidward-squidward-meme-im-a-winner-se-my-prize-gif-25631410

thing i was telling u about

thats what im calling it

ah

means light in spanish

👍

WTF

i told you to send it smh

oh true

hold on

i invited you @hasty ruin

W

its an org so idk what the link is to join

just https://github.com/settings/organizations

oh true

can you see the two repos @hasty ruin

ye

my next step is converting the deb extracter and packer and shit into a library

cuz all of the components of the project are gonna need it

real

so this legit just changes it from % to @

can access ivars with _varname

and %property & %new work differently

• no preprocessor

when you write a specification and no reference implementation

https://tenor.com/view/ralph-wiggum-simpsons-waving-gif-7797897

im helpding

https://github.com/eswick/clang-objcs

@hasty ruin i have a question i need advice

dm

ok

there we go

nvm then

it's linked at the bottom of the first repo

ya who tryna read that all tho

HI STKC

true

hey there, how can i fetch image from url and then show them in a LinkCell and running the image fetch asynchronously ?

@grim sparrow is there like something in between a reboot and a respring

that was prob the worst way to explain it

userspace reboot

what ab on stock os

userspace reboot

h o w

are you on a version with ct bug

trol

no

16

oh then good luck

changing font is one way to do it

lmao

not font

language

i changed it to upside down english

yeah i think the only way to change icon mask is by clearing icon cache

which isnt possible

:(

hmmm

i have a stupid idea

is it possible to open a folder as a file

like read its hex or some shit

and remove all the contents of a folder that way

erm

What in the world does this mean

idfk

i dont know if anyones tried this but

like read a folder

but not as its files

as text

couldn't you in theory use dirtycow to redirect a folder

as opposed to a single file?

thats what im talking about

like just change the folder

i mean, fopen is fopen regardless of it being a directory or not, right?

have a empty folder in an apps sandbox called tmp/ or some shit
use dirty cow to redirect folder at /a/b/c/d/folder to be tmp instead

so contents of folder/ become contents of tmp

so you're trying to replace a folder with a link

No?

did i get that right

no?

dont thnk so

fopen sets errno to EISDIR if it tries to open a dir

If you want to open a dir you use opendir(3)

I guess EISIDR is only if it tries to open for writing

looks that way

Thank you manpages for having incredibly useful information

Too bad apple doesn't like to write them for their API that don't come from BSD

you use std::

c++

use std:: because your lack of female interaction will leave you with 0% chance for a std

yes

tbf it’s higher chance with men anyway

don’t look at gay hiv statistics

damn we stanky

🐱

"men want one thing and it's disgusting"
"ok then wash it"

can get HIV if you already have it

omg

.

lol

personally

all i want are lego sets

but thats me

personally all i want is 12hrs of sleep a night

or to not need more than like 4

i did that yesterday!!!

felt so weird

like look at this sexy thing

i normally sleep for like 5

bro i did all of hs and it fucked me

now i’m this guy on 8 hours

cuz i used to be on 4

at least you got fucked somehow in hs

nah cuz i be getting 0-4 hours of sleep for school and waking up feeling perfect

yea for now

and then i get 8-10 hours

and i feel like i havent slept in a week

fr

same

me in uni trying to get up for a 10am class

me in hs getting up for 7:30 school

what time would you get up

6:30

i get up at 7 on friday

dam

11 on monday

and 10 on thursday

i get up at 5:45-6

for 7:28 school

tbf it wasn’t easy either but far easier

didn’t require all my willpower

yea i dont do my hair or anything dude i mlazy as fuck

i shower the night before

i shower morning of

the bare minimum for the morning

i lirerallt have enough time to change and get to my car

i get out of the shower and goto school

nothing more

i dont do my hair

based

i let the air do my hair

air dry >>>

i have 8:00 work and usually wake at 7:25

95% of the time i’m there at 7:55

hauling ass

my week is so weird

wagie cagie

yea

is that COLLEGE

yes

aint no way

3daya week

do you have work

ah no wonder ur here constantly

me when i had 15 credits and 16 hours of work a week and still spend forever here

15cr and 24 hours of work this semester

sigma grind set

Did I ever show you my Lego set I bought recently?

no

ive only seen your cat

everyone be complaining about loans

literally just work ezpz

based

based

Thinking about buy either an X-wing or dalorean Time Machine set next

Maybe a tie fighter

i want to get my dad the NES set for his birthday, but its 270 dollars

I really want the Death Star

This set was $900

ok yeah

but i dont have a job

theres a difference

But it's discontinued and used sets are like $1500

Get one than

fr

i have school + sports

get on the grind

I go to school 2 days a week

i also dont have a car

I got to work 3 days a week

i also dont have a car until later this year

I steal my mom's car

Or my dads

my mom uses her car

Depending on the day

your mom lol

and my dad drives a pick up

he wont trust me driving that thing

My dad has a beemer

I get to drive it on Tuesdays

Suck my german engineer dick

well

i have school 5 days a week

i have sports right after school

me this semester fr

and games on weekends

so i usually only have 1 day off

cope

I want to buy a car

But I'm cheap

democrat life

but you bought a 1.5k lego set instead

The millennium falcon was only $900

"only"

ok i have an idea

ill get my dads gift by doing tweak bounties

900 is like a set of tires and an oil change so

surely i dont get scammed

yea

cars ain’t cheap

A $14k car is quite a bit more than a $900 Lego set

at the same time just get a cheap car

skill issue i think

mine was 2300$

running good

Ok, serious question

not much more than 15 of them though!

Where am I supposed to look for cars

$2300 car

💀

used market, classifieds

apple car icloud bypass?

yea man at 236k, intermittent check engine for emissions stuff and runs great otherwise, 23mpg

it ain’t amazing but it works

Nice

How long have you had it

about a year now

A friend of mine has a benz that they bought

it’s at 241k

But they literally don't drive

(he stole it)

only 1 of my friends paid for their own car

everyones was either a hand me down or their parents bought them a new car

i just supposedly fixed the check engine today, might’ve been the pcv valve and hose

Apple car jailbreak eta wen?

40$ replacement in parts so we’ll see

2 17 year olds in my school have teslas

If I want my parents to buy my car they would have to actually trust me

daddys money really going to work

The joys of being the problem child

also i’m biased cuz my dad knows a lot about cars so if it wasn’t for his advice i’d be in the same place as y’all

I know a lot about cars

Better rotate the blinker fluid

fr

based tire

if suicidal that’s the best

shep

me ong

gotta make it a smoother drive

Whats the best way to respring the device in practice? I hear some people say "sbreload" and others say to "killall -9 SpringBoard"

sbreload is the more native implementation

in some cases you may need to kill springboard but not usually

https://github.com/shepgoba/SettingsWidgets/blob/master/SWUtils.m this according to kirb

the front board way

No cases

i guess

I read that it can cause autofill to break though unless it was fixed in newer iOS versions

i haven't heard of that happening

since sbreload is supposed to mimic the behavior that ios uses already

(ios never kills springboard (unless jetsam), it just reloads it, hence the name)

It was an issue with U0 on iOS 13 apparently so I thought I'd ask for opinions here

u0

there's your problem

u0 don't cause the userspace to malfunction challenge

How would I run "sbreload" then instead of the alternative? For some reason Theos wont compile my tweak if I call it from system as "it's not included in iOS"

lazy solution: edit your sdk to allow system()
good solution: use NSTask

Um why

Just posix_spawn

yeah i forgot the name

nstask W

So just posix_spawn /usr/bin/sbreload yeah?

well that won't work rootless lol

ya

This is such a simple task but my brain is battered today so simple tings aren't working with me lmao

Which is the rootless path? its just in /var/ isn't it?

it's /var/jb/usr/bin

Yeah that's the one thanks

   Label Ten [input]
Label Eleven [input]

How do I align the text like this with SwiftUI?

Nobody cares about rootless

Why does it matter

their name

lmao

?

they're running rootless from that

so why would they make something that doesn't work

XinaA15 is the worst

It's definitely not rootless

Who knows wtf it is

Broken

That's what it is

Agreed

didnt you speak to that jack dude about getting xina to use the proper strap

But it is the only thing iOS 15 has atm

Then Jack started asking for donations and didn't give them to xina

So xina fired him

fr

And a bunch of other bs happened

And then I quit the group chat cause it was dumb af

And nobody was willing to do anything

Yeah I heard about that lmao

was having a proper giggle about it

it's dumb but:
if read/exec:
check if file exists in rootfs
if true, continue
if not , redirect to /var/jb
if write, redirect to /var/jb

you basically need to know perfect chinese for xina to understand you

jb discourse

We had nick Chan translating for us

It was going well

But in order for rootless to work, everyone needs to make their small changes

I did my part

Amy did their part

Evelyn did their part

strap (on)

Yay victory we have the base

fr

Good luck getting anybody else to do their parts

You want to compile your tweaks for rootless? Tough luck

amy made a pr for rootless theos but itll probably never get merged

i say we spam ping aussie man

nah i did mine

You want to sell your rootless tweaks on a trusted repo? Tough luck

all of my new tweaks will be rootless compatible

(none)

You want to use a rootless jailbreak? Tough luck

palera1n is going to be all rootless eventually

Everybody is so obsessed with making sure developers don't have to do anything to update their tweaks for rootless that no progress gets made

Eventually? It should've been like that from the start

will the checkra1n X palera1n thingy include blackbird?

yes

W

we have permission to use checkra1n 0.1337.0

at this point jailbreaking deserves this

I'm going to try to get tweak developers to update their shit

just buy an android if u want root bro like damn

Use my cock and balls

Like your mom does

which was the whole team's fault, including me

please help

stackoverflow.com

i think i got my repo sorted today

stack overflow is not helping

need a jb to test it on tho

I should've not gone into the rootful stuff and instead tried to get people to update tweaks for rootless

atleast we have tweak injection now

Well I'm going over tweak dev solely in rootless as I think that's prob how most jailbreaks are going to work in the future

https://stackoverflow.com/search?q=align+text+swiftui

fakefs fucking sucks

idk man skill issue perhaps

it's how every jailbreak will work

ur mistaken this is a channel for researching land development nobody here programs

Human verification

fr

Yeah

only sussy wussy imposters use swift ui

i'm currently on palera1n rootless

yea and the 2 people that do will bully you into uikit submission

anything you want me to do?

based

is it public?

me using appkit:

uhhh partially

Qt best ios ui framewrk

ios 15?

you'd need to do some hacky stuff to get it to work, for now

we need to make some other changes

i have a device idm restoring every day

SDL2.24.0 for iOS 💪

you will need to restore if you trigger the iOS uicache bug

das fine

which I havent done yet but galaxy and nick have done many times

sdl making the shittiest versioning scheme known to man

Soon

yeah we're actually going to move the bug fix version to the middle

I still need to fix stupid locales

why cant i just have invisible tables for alignment like with html

yea i love sdl

but the versioning is dog ass

wheres rootless batteryboobs

I broke my AirPods and now I'm sad

also i need to restore that device anyway @native dune

(i broke the jb within 2 mins)

.

i updated all dependencies

now every process crashes

crazy

I was trying to write my own jbinit thingy

https://media.discordapp.net/attachments/788843316661714997/1058587442522894468/im_rarded.gif

That didn't suck

also were the inetcat issues sorted yet

bc palera1n master branch was broken a few days ago

nick was working on jbinit_rootless

what was broken

ramdisk never booted

Which sucks imho

Bind mounts suck

yea that was fixed

ight

i cannot boot jbinit_rootless

wtf gay checkra1n

based

homosexual checkrain

mounting rootfs
container_rootmount:2054: boot from ramdisk /dev/md0
dev_init:314: md0 device accelerated crypto: 3 (compiled @ Nov 6 2022 23:06:24)
dev_init:317: md0 device_handle block size 4096 block count 15624989 features 22 internal solidstate
disk0s1s1: device is not readable.
nx_buf_bread:625: buf_biowait() failed, error = 13, b_error = 13, buf_flags_after_io = 0x101, crypto = [unencrypted ]
_vnode_dev_read:852: *** got err 13 reading blknum 0 (num read errs: 1)
nx_dev_init:743: md0 couldn't read superblock of size 4096
nx_mount:1027: device initialization failed: 13
apfs_vfsop_mount:2069: unable to root from devvp <ptr> (/dev/disk0s1s1): 13
mount rootfs FAILED with err=13!
stat /fs/orig/private FAILED with err=13!

crazy

the closest thing i found to useful information there

How'd you get these logs?

serial

i have a dcsd cable

works for me

Would you like to buy me one 🥺

And me

🥺

you can get a shitty one for like $10 on amazon

its the one i have

apparently they break quickly

Think about it like a fine for doing fakefs

but ive had mine for a few months

fake root edition

tbf fakefs wasnt my idea

Why though

I wonder how hard it would be to make one with the shit in the electronics lab at college

For what benefit

up to 16.1.2, substitute works well, so we can use past assets as they are

Oh goodie

Thank you for delaying the inevitable even more

Bring elu back

iOS 16 edition

I stick to the old. Remember I was in legacyjailbreak until August 2022.

Well I want the jailbreak scene to have a future

Well we have rootless Theos now

was it merged

?!

I would prefer if we didn't die with checkm8

Kirb gave me a lgtm

But did he merge

Not yet

There is a future if checkm9 is discovered

Lgtm is basically merged

And did you switch it to @rpath/MobileSubstrate.framework/MobileSubstrate and fix the -rpath flags?

Yes

And are you looking for this "checkm9"?

I also changed most libs in vendor/lib to use rpath

install captware to trigger the mem leak in A12/A13

Or just praying that we don't have to wait 10 years for another bootrom exploit like last time

A bootrom exploit seems a little unlikely to find

iboot exploit may drop in the meantime.

Ok, find it than

i want it 🥺

On my way!

On my way!

On my way!

@grim sparrow are there Dave and Busters in the UK

No

hm

@native dune send dcsd cable link

gorn.dev

What are they

Do you think it be possible to write the amount of chips and or tickets to a card Dave and Busters card using Aemulo

it’s an arcade thing

Oh arcades!

Erm

yeah

I remember now

Ok so

It depends

If it goes to a central database or if it’s stored directly on the card

hmmmm

@primal perch do it

When aemulojailed is out

https://www.amazon.com/dp/B0BC1HNVHJ

chad

Can I do some debugging with you

I’ll test it for you

I got you

Im adding a thing in aemulojailed to sniff communications so it might be possible to grab their key

How do I use it...

If they even use a key

plug it in

will aemulo jailed work on iOS 16

using the male ports

lol

male port goes in female port

Do iPhone 7s have nfc

As soon as I get entitlements!

Yes

After I find the exploit for arbitrarily ents for Amy

I’m gonna buy a replacement screen for a 7

plug it in, then use a program for serial on /dev/cu.usbserial-* (115200 baud), set serial=3 boot arg

i use swd. no dcsd

What is that

serial write debugger

I looked at the circuit for the cables

They’re actually pretty simple

yes

full NFC

Oh btw

not the limited one of the 6s and 6