#development

what your favorite way

Anything that's rootless and not bind mounts

Also, injecting into launchd is completely unnecessary

not bind (´･_･`)

What happen

you mean, start a jailbreak by launching an app like the troll store

No

The make a squeak noise when noise cancelling or transparency mode is on

Probably cause they got very wet

Do they qualify for the recall program?

So they in a sandwich bag with some random silica gel packets that I had

do your airpods ever play at 100% for a millisecond when starting music sometimes

so annoying

No??

How do I check

When did you get them

I would love to get them replaced

How do we start a jailbreak without bind

Cause the tips are completely yellow from earwax

If they were made before October 2020 then you can fr just make a Genius Bar appointment and walk out with new buds in 15 minutes

Idk...

Do you have the box still?

yes!

It has the date on the serial number sticker

same but only the left

just get replacement tips

I have the box from my old AirPods

And all my other boxes

Even have a 3G box

Found it!

Wait what the frick

I think they’ve stopped it

fr*ck

I did mine on the 15th of October

Which was after that time

I'll ask hayden

nhayden

I don't see a date on this box

@grim sparrow

It’s on mine!

What's the number I text for apple support

208-394-7494

Is this real?

yea

apple should make a website with all their contact info on it that'd be cool

yeah with the secure rom private key too

a nice little bonus

just hop on the vpn ez

Alright

my uncle that works at apple will be leaking it any day now

larry apple real

Who's going to join apple as a new cryptography security engineer and leak this stuff

your mother

that sounds fun and all but i dont want to spend life in prison

just "accidentally" start a signing party for like 10 minutes

if however i were planning on suicide in the immediate future i would do it then go off myself

but i would never do that

You think you could get that job? Really?

"accidentally" search discord app memory for strings related to this server and brick any phones its found on

yeah man it isnt rocket science go get a degree and dont look braindead in the interview

Last signing party I was in college and missed it

There was a signing party recently?

Not college

no

God

yeah 10 minutes ago

High school

you just missed it

if you think apple has the most competent engineers in the industry you would be sorely mistaken

Forgot how long ago that was

God damn

They’re every 7 years

Hey new guy, I know this is your first day, here is all of our hardware signing keys

Have at it

real

you overestimate apple

lol

dude acts like they run the tightest ship known to man

as if iboot wasnt leaked 5 years ago

lol

do Tim a favor he'd give you the keys

lol

I doubt they keep their signing keys on site

They're probably in a data center somewhere

signing? no. GUIDs?

My dad is good friends with a networks engineer at Apple headquarters, I wonder if he would leak the vpn

real tightest ship is the peeps who actually get the leaked shit (except for that ios 13 guy we dont talk about that)

Who's the iOS 13 guy...

your mother

^

I still have that ipsw on my gdrive

apple when they start doing public betas in 2015 and the quality of GM builds continues to decline year after year

they needed public betas bc of how rough ios 8's launch was

i remember installing an ios 8 beta and it ended up locking the ipad i had it on

just like "beta over now you can't use your ipad since you're away from home and can't run an itunes restore"

is this that one homepod firmware

No the iOS 13 internal UI build

the one that was publicly listed in the iTunes firmware xml and had like every internal feature enabled

Guess I'm wasting 2 hours of my time to fix my AirPods some time this week 💀

oops

When I was literally right by the Apple Store all day today

L

I love apple so much 😐🔫

so true

L

Plus I get to drive on i95 in Florida during December

🙃🔫

For all you non-Americans and non-Floridians

That is a highway

And in Florida during December we get a ton of snowbirds

And the roads are super dangerous

i95 is a highway? I wouldn't have guessed

Interstate highways are a common thing in the US

Two of my coworkers got into car accidents on the same day

One of them got rear ended by a 87yo!

in an F-150?

The other got rear ended by a woman driving without a license

ugh

I can't tell if you're being sarcastic or not

I am lmao

sorry that was mean

No it was needed

L for Cameron

Oh wait, you're from California so I guess I should say "the 95" and "freeway"

Sir you could start naming multiple numbers and I am sure a lot of them are a freeway or highway in California

Yes dude, that's how the highway system works

I should’ve said random numbers

i2446742266

Probably in 60 years

beach ball

Skill issue

@grim sparrow so did we come to a conclusion, is replacing a folder possible using the dirtycow shit

update: successfully saved my 30gb i64 file

I went to bed lmao

https://cdn.discordapp.com/attachments/1021819943437729863/1061391887166078986/gl_hf_dd.gif

Most hated man in America

i dont think it works

- (void)replaceFolder {
    NSString *replace_me = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@"replace_me"];
    NSString *test = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@"test"];
    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC), dispatch_get_main_queue(), ^{
        changeAnim(
            test.UTF8String,
            replace_me.UTF8String
        );
    });
}

Jan 8 13:05:58 iPhone-2 kernel[0] <Notice>: TEST[35387] Corpse allowed 1 of 5

You don’t work

@naive kraken https://github.com/zjw88282740/bluetooth_fix/blob/main/Tweak.x

already saw that

@naive kraken How hard would it be to add 15.5 support to Fugu15 with weightBufs?

impossible

why

you'd need a new PAC and PPL bypass

is it patched?

I mean, what did you expect? lol

i thought it wasn't

all fugu15 vulns were closed in 15.5

or are you talking about 15.5b4?

that sucks

actually 15.5b4 patches both the kernel exploit and the bypasses

so only 15.5b3 and below are supposedly supported

opa have you tried out my theos pr?

no

I've tried it with all of my tweaks but I want other developers to have a play with it just as a sanity check type thing

would you mind giving it a try?

I don't have a rootless jb

what do you want me to check

just if it compiles at all?

Just that it doesn't error and packages correctly

pretty much yeah

I lost my iPad lol

No other test device

Also lost my 7

tl;dr of getting it setup (for now)

• Change theos origin to https://github.com/elihwyma/theos and checkout "rootless"
• Change the origin of vendor/lib to https://github.com/elihwyma/lib and checkout "rootless"
• Build any tweak but append ROOTLESS=1

that sucks

iCraze tried it and it doesn't work

The rpath isn't changed

mr @hasty ruin

gm

can you confirm your findings on the newest commits of both

i'll talk in 10m

busy rn

aight

@naive kraken how far can i get with just a kernel exploit

what device

SE 2

not far

Can I use the PACMAN technique for PAC

I tried it with newer commits and it seems to work for me

😂 if you can get them to work, possibly

lol

actually probably PAC is enough for a full jailbreak

PPL is only really needed for trustcache injection

but makes it way easier

i didn't see this

and more stable

well how am i gonna execute stuff without trustcache

it may be because vendor/lib wasn't checked out to my branch properly?

using the old technique

amfi hax?

detached blobs generator

amfid hax

what's that

and you can use the PAC bypass to promote vnodes to level 8 if I'm not incorrect

the only component of jailbreaks that has never been open sourced ever

csblob

Oh cool

I wonder if coolstar will open source their stuff alongside libhooker now that they're dipping

So I give up

you generate a detached signature using an expired CT cert

Someone else do it

and then you NULL shit in kernel mem and attach it to every process

https://tenor.com/view/no-no-no-no-no-no-rajabets-rajagif-gif-22769322

yeah I figured that lmao

would be good of them too but unlikely

sileo #dev

do what

make a jailbreak

I'm going to start making a Fugu15 based jailbreak as part of my bachelor thesis in April probably

if all goes well

cool

but I still need physrw from weightBufs

And I'm unsure whether I can pull that off lol

rest of it should be possible tbh

although passing around primitives will be a bitch

kernel stuff is the worst

i am keeping my sanity

@tepid olive you can edit icon mask using dirtycow, but you cant clear the icon cache to actually make it show up

like you can overwrite the mask files, but its impossible (maybe?) to make it actually work

which is sad

also making a patchfinder will probably take up a lot of time

but maybe I can reuse stuff from Fugu

but then I'd have to write swift

: - /

fsr my vendor/lib reverted back to master

all good

@grim sparrow

good honestly

maybe you can corrupt it

lovely

or straight up destroy it

epic™️

well, i can view the folder for the cache

but i cant view the cache files

What about on jailbroken phones

@hasty ruin can you start hosting iphoneos-arm64 packages now

so that we can get the ball rolling a bit

true ^^^

on jb phones youd just delete every file in the cache folder

i've done it with some of my tweaks, aemulo coming in the next update

can you check my repo setup? not 100% sure how it needs to be

dud some stuff for it yesterday

havoc doesn't support iphoneos-arm64

afaik

just make the archs in the release file iphoneos-arm iphoneos-arm64

and then it should just work™️

thought i had to sign it now

you should yes

amy and i were thinking that maybe we could use dirtycow to "redirect" the folder

#!/bin/bash
script_full_path=$(dirname "$0")
cd $script_full_path || exit 1

rm Packages Packages.bz2 Packages.xz Packages.zst Release Release.gpg

echo "[Repository] Generating Packages..."
apt-ftparchive packages ./pool > Packages
zstd -q -c19 Packages > Packages.zst
xz -c9 Packages > Packages.xz
bzip2 -c9 Packages > Packages.bz2
lz4 -c9 Packages > Packages.lz4

echo "[Repository] Generating Release..."
apt-ftparchive \
        -o APT::FTPArchive::Release::Origin="Amy's Repo" \
        -o APT::FTPArchive::Release::Label="Amy's Repo" \
        -o APT::FTPArchive::Release::Suite="stable" \
        -o APT::FTPArchive::Release::Version="1.0" \
        -o APT::FTPArchive::Release::Codename="ios" \
        -o APT::FTPArchive::Release::Architectures="iphoneos-arm iphoneos-arm64" \
        -o APT::FTPArchive::Release::Components="main" \
        -o APT::FTPArchive::Release::Description="Amy's Dump of Tweaks" \
        -o APT::FTPArchive::md5=true \
        -o APT::FTPArchive::sha1=true \
        release . > Release

echo "[Repository] Signing Release using Amy's GPG Key..."
gpg -abs -u 816C7A50B575162DC29288CD72339224580758CE -o Release.gpg Release

echo "[Repository] Finished"

this is the script my repo uses

basically just use dirtycow to replace a folder with another folder

so replace the cache folder with an empty folder

Yeah well how about replace it with an empty file

that might work actually

well

in theory it would apply but I don't know how much processes would like it

it'll die after

yeah

maybe not tho

It depends how good the apple code is

and then i also dont know if a respring would be enough for the changes to be made on top of that

it probably would be

like

theres a 99% chance it would

so its like:

1. replace the mask files
2. clear the icon cache
3. reboot
4. profit

it won't work if you reboot

lol

no shit

im saying

launchctl reboot userspace

thats all the guides ive found

go ahead

it's impossible to do on stock iOS

aren't changes on /var persistent

iOS 16

true

so then if you fuck it up you bootloop

thats what im scared of

Wholesome.

bc i dont have any test devices

Bro IOHID sucks so much

does dirtycow have a minimum version

It's impossible to do this

works on 15.x iirc

what ab lower

ive seen claims it works on 14.x

@grim sparrow what's the plan with supporting rootless and rootful at once?

Repos can host both archs

and PM shows applicable?

And package managers just ignore packages for invalid archs

yep

ight

so my repo shows both but you'll only see ones for your arch

bundle id can be the same i assume

chariz supports iphoneos-arm64 rn too

everything can be the same

bet

literally all you need to do is ROOTLESS=1 and Theos will handle the rest

repo.icrazeios.com v2 eta son

@grim sparrow quick question

all that needs to change is the arch but theos does that for you

How can I load a small chunk of a mach-o

so you don't need to go around manually changing it

I have no idea I cannot lie

FileHandle?

that would work yeah

real question, is there any benefit to filehandle over FILE * and friends

not that I'm aware

anyone mind trying to install something from repo.icrazeios.com

make sure i didnt break everything

(nothing on there is built for rootless though)

can't access it

looks good to me™️

W

who wants to ask zhuowei how to replace a folder w dirtycow

:)

wholesome

time to rebuild everything

ugh i need to get an xc11 tc

accidentally nuked my theos toolchain dir

no you don't

hidden benefit of rootless is that you only need to worry about modern versions

not for this

F

but i still need it for "legacy"

using xc11 on arm macs is a bit annoying icl

i've had no issue just using the tc for the past few years

ok im just gonna build with hikari tc but no options whilst i wait for xc11 to download

should be 2 iphoneos-arm64 packages on there now

splendid!

aaaand hash mismatch

@grim sparrow should i try deleting the icon cache folder

doesnt sound like a good idea

using common sense, the folder should just re make itself

cloudflare cache screwing you over?

oh god

maybe

i stg

I had to add a command to my index to clear the cache

yep

ok, NeonBoard, hear me out
its makefile deletes the folder as a potinst

that was it

by default cloudflare only caches the .zst file

after-install::
install.exec "rm -rf /var/containers/Shared/SystemGroup/systemgroup.com.apple.lsd.iconscache/Library/Caches/com.apple.IconsCache"

Amena

so you will always be served latest release but sometimes old packages.zst

[[NSFileManager defaultManager] removeItemAtPath:@"/var/containers/Shared/SystemGroup/systemgroup.com.apple.lsd.iconscache/Library/Caches/com.apple.IconsCache" error:nil]; it also deletes it whenever it resprings

my new fix is just host my repo on github pages and only put that through dns

lmao this doesn’t seem like a terrific idea

not cache

deleting directories in post install

this seems like possibly the worst idea ever lmao

https://github.com/ArtikusHG/NeonBoard/blob/master/neonboardprefs/NBPShared.m#L31

system directories at that

its not just in the makefile

godbless CF

isn’t neonboard literally ass?

Neonboard is known to cause bootloops

yeah ik

I wouldn't use that as a good reference

its really the best chance tho

right?>

rightt????

if anything, use it as a reference of what not to do

fr

actually

based on

thats just my github

the bootloops that mr bingner caused with his uicache build

I wouldn't trust that ios will handle it correctly

True that

:///

im all out of ideas in that case

bear with!

unless someone can figure out how to overwrite a folder w dirtycow, i have -1 ideas

curl -X POST "https://api.cloudflare.com/client/v4/zones/<your_zone>/purge_cache" -H "X-Auth-Email: <your email>" -H "Authorization: <your token>" -H "Content-Type: application/json" --data '{"purge_everything":true}'

@grim sparrow so it's NOT a good idea to [[NSFileManager defaultManager] removeItemAtPath:@"/var/containers/Shared/SystemGroup/systemgroup.com.apple.lsd.iconscache/Library/Caches/com.apple.IconsCache" error:nil];

frick

I wouldnt

that sounds like a recipe for disaster icl

@everyone

im looking for a brave soul to run a line of code for me

😄

for the cheap cheap price of $1 i can run it on corel for you

this is the kind of message you post in dm all the time lmao

epic™️

so you wanna run some code?

:(

thats absurd

its almost monday

wtf

@grim sparrow ok hear me out

instead of just deleting the folder

i delelte and create a new one

😄

and put what inside??

nothing?

the whole point is to make the folder empty

but isnt that a terrible idea?

no? i dont think so

ive done that on past iOS versions

and its been okay

the whole point of "clearing the cache" is to make the folder empty

why dont you try it on ur device

whats the worst that would happen

it's fine

https://twitter.com/opa334dev/status/1599375282540253192

at least it was for me

YES

that worked for me

when i was still on 15

it was SO laggy

But I also triggered an icon cache reload right after it

and then doing that worked

hmm

@grim sparrow LMAO
dont even have perms to delete it

idk what i was expecting

who would have seen that coming

idk for some reason i thought it would work

love word

went to press cmd b and ended up with shitty pasted formatting

alright back to square one

stop tracking to hack my computer and steal my vbucks

i will leak 300 thousand of your ifunny accounts.

{ Filter = { Bundles = ( "com.apple.springboard" ); }; }
``` how do i make this an actual plist so theos stops complaining about `ERROR: Failed to convert plist data (-1)`

get gud

plutil -convert xml1

who doesn't start with an xml to begin with

theos nic.pl

i use linux

trol

just write plist manually

how do i write it

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Filter</key>
    <dict>
        <key>Bundles</key>
        <array>
            <string>com.apple.springboard</string>
        </array>
    </dict>
</dict>
</plist>

thank

@tepid olive

gm

gm

go get dev role

i tried

they didn't respond after i gave them a bit of info

so

yeah

bruh

no dev role

have dev role

who’s joe

cum

jiz pics

Zefram source code

Suck

My

Balls

stan procursus

Oh btw, next person to suggest patching realpath in libiosexec gets punched in the balls

CC: @naive kraken

maybe you should consider patching realpath in libiosexec

:ntwerk:

I have been considering doing your mom

sad!

how did he

No dev role squad

"<@&355177983398641674>"

developers are not real

The only thing I developed is depression

L

DW i blame you

👍

Proud

Don't be a Proud Boy

terraria wholesome

real

@indigo peak Hey bro

hi

JS tweaks

Without any compiler

Next up is Python support

Thoughts?

i was gonna do that!!!

well i did it

not js

python

@indigo peak

Problem, C users?

yea

cry then

Gonna rewrite QuickActions in xml

oh god

Seek fucking help

Jailbreak tweaks written in webasm

• Nobody can write assembly

Are you joking, or should I do it

Because I will

Do it

Okay

It's gonna be so slow

Lmaoo

Great. So who's gonna use it?

But you don't use jailbreaks

And Zefram is private

How will Shep use it?

me toooo

send me one

ok

capt i've been with the development of zefram since the beginning

perfect

amy and me

since the video with rockstar by post malone in the background

I still have the first Zefram

Soooooo

I was the first tester

asahi

Time to leak...

leak

that was funny stuff

this is the most "confidential" file i have

would you like a bit of EXC_BREAKPOINT with your EXC_BAD_ACCESS?

relating to this discord server ofc

Swift better

unsafe

// This file is licensed under the BSD-3 Clause License
// Copyright 2022 © Charlotte Belanger

import Foundation

#warning("TODO: Unhook API")

It's my new file header

Yes?

Yes

Capt I have a challenge for you

?

rewrite one file from zefram with more than 100loc in Swift

Yeah

so it’s unsafe

installs batchomatic

@grave sparrow Build Batchomatic for rootless

U know what I hate? People that use MSFindSymbol for public symbols

Like bro what is wrong with you.

msfindsymbol is chad

i use it for printf

i believe that

[3 letter expression]

how can you loop through a folder group in your app in swift?

gi

MSFindSymbol MSFindSymbol

MSHookFunction MSHookFunction

@grave sparrow Does Zefram support hooking itself

yeah if not its literally garbage

chad

why

I have to do it soon

Oh you just have to page align functions

Anyone currently developing an MSFindSomeoneToLoveMe?

But I can't page align Swift

Lmaooo

Fuck

just go out the door and youll find them

egg_irl leaked

What the fuck.

Ew egg_irl

Disgusting subreddit

on god

"guys i like wearing a skirt does that mean im trans" -> yes

Pedo heaven

Literally

#development

brought to you by the same group of people that think clothes shouldn't have gender associated with them

wear a skirt or dont idgaf

#developer-shitpost

go for it. i will gag but its your life

Capt Inc. Incorporated Inc.

Kendrick Lamar is the best trans representation :pray:

u won't fit

femboys

lol

capt you have no ass

unless

capt wants to prove he has cake

@grave sparrow ?

Has anyone done extensive research in what customization can be done by modifying iOS backups?

I'm working on stuff right now and was wondering if there is somewhere I can start with or if I'm on my own

I think you can do most things in /var

Kendrick Lamar just like me fr fr

but I could be very wrong

Me when people get mad at me for saying the fslur repeatedly

the song is good

who cares

fa

i laughed

9/11

my favorite holiday

9/11 dont hit like it used to

You need a video of the planes actually hitting

🧌

nfr

https://cdn.discordapp.com/attachments/895457834483998791/1062216574762754048/Screenshot_2023-01-09_at_10.49.19_PM.png

real
(the homebrew experience)

how much would you need to be paid to do this and send a picture to #development ?

he would pay $50

nerd channel

unfortunate. we will have to find an alternative source for funding.

an arrangement will be made, rest assured. undoubtedly our investors will also be interested in said image.

Adobe??? Nintendo???

👍👍

s/o Think-Cell Operations GmbH

why is dirtycow saying file too big even tho its only 12 kb?

because it's too big

i thought it could be up to 16 kb

Are you trying to swap a file that's smaller in size

sometimes big is better

no this one’s a dating hub

for men

they all join to fuck

with code

An alternative with decorators would allow registering hooks like this:

@hook(“NSObject”)
def isProxy(self, _cmd):
    return 1

I’m not figuring out how to mention you as discord is not listing you as a mentionable user. Anyway:
Are you the one hosting the iPhone dev wiki? If so, it’s currently 503’ing

that'd be why

Welp

No lol

Shepgoba would

Unfortunately

true

@primal perch

fr

https://tenor.com/view/spongebob-scream-falling-meme-squidward-gif-6169286

close enough

what?

does it have to be the exact same size?

dirtycow won't work if the new file is larger

its smaller

strange

i got it working somehow

https://tenor.com/view/cold-brew-when-that-cold-brew-hits-meme-wondewood-911-gif-19490183

yea

how do i dump firmware keys on windows

iphone 7 (9,3) 15.7.1, so they keys arent on the wiki

does checkm8 work on linux

or only mac

nvm

google works

wtf

dev using google

Fake dev

💀

Checkra1n on Linux is fake

checkm8 isnt checkra1n tho

True, I forgot that checkra1n uses checkm9 not checkm8

no, it uses QuickPwn

dam whys it so hard to icloud bypass

💀

Is it?

no its actually really easy

step 1. get a job
step 2. get paid
step 3. purchase non-locked phone

fr just type in password

ong

step 2. buy a hammer
step 3. kidnap the owner
step 4

bypass, not unlock

im too lazy

i dont wanna type the password

They are the same.

Anyone have the MOXii pdfs and want to share?

broke

single developer documents and writes up about iOS
guys how do i steal this

🗿

its not even unfairly priced dawg a whole set is like what 250$

fr

250$ is like 2 days of work

lets just say only businesses are buying it

It's exactly 2 days for me lol

Would anyone like to donate $250 to me

when did iCraze become r kelly

https://tenor.com/view/always-has-been-among-us-astronaut-space-betrayal-gif-23836476

Needs the gun

right now

fr

it is on the interwebz 👀

bookname filetype:pdf

zlibrary exist as well

true

i did

can dirtycow replace caches with files of larger size?

@grim sparrow your theos fork seems to break non-rootless packages

at least on xina

don't have another device with me to test another jb rn

Oh my god

I know why

@lime pivot might have to bring back the floating rpath:/

Xina manually patches /Library/Frameworks/CydiaSubstrate…

It’s not looking for rpath

trolled!

ahhhh shootttttt

god I don't want to

but if we have to...

I can’t think of a better option rn icl

steal xina src

and make it good

Adam unless you want to convince him to change the rpath in future

Instead of modifying just /Library/…

what?

Yeah

no like what is he patching

It has a dpkg patch to change all dylibs

Oh

The load string

He’s just got a list of things to patch

why does that effect @rpath?

Because

He hasn’t hardcoded support for @rpath

He’s literally hardcoding the string /Library/Frameworks/Cydia….

ok&?

It’s because now Theos will always build with @rpath/CydiaSubstrate.framework/CydiaSubstrate

yeah and xina will leave it alone

And the rpath is set appropriately to /Library or /var/jb/Library

so what is the issue

oh

just add both all the time

💀

Well that’s what we were doing originally

But I changed it so only set the right one

To avoid dangling rpath attacks

"dangling rpath attacks" 🤓

Hence due to shittery by Xina either he has to change his patch to change the rpath or we just revert that commit

Not entirely

you realize it's super easy to gain root access on a jailbroken phone

Exactly!

But I think he blocked me

Or at least muted me

Yup

I need to get better at solving problems in ways other than just being loud

in this community?

Mostly yeah

Every other community seems to have reasonable conversations

Instead of just “I don’t like your way, blocking you”

To be fair

This is not my fault

Like in the slightest

I’ve sent him another message

If he doesn’t get back in a day or two I’ll make a tweet

Can past .ipsw links be retrieved from phobos?

Can past .ipsw links be retrieved from phobos?

http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.appserver.client.MZITunesClientCheck/version

Phobos is not an API

You can't request old versions from it

Use archive.org or something

Or use IPSW.me it gets everything from there anyway

I see

it has all the links though

I mean yea generally you can grab it off apple's cdn

For the ones that were removed, get it from archive.org, Siguza, or someplace else

But I'm assuming they're trying to find the links to begin with

The usual places usually only have OTA bundles for apple watch (and appledb.dev has only a few apple watch .ipsws) but there are a lot of shady "apple watch repair" websites that ask you to pay money or register and download ipsws there

Watch IPSWs aren't on that link

How would they be acquired from Apple's servers then

Friend at apple™️

Appledb grabs them from google

Idk where other sites get links from

wdym google

In the right places you will find direct links, but only for a small subset of versions

There isn't a specific place I checked

the usual process is someone gives the links to Nicolas who shares them

Yea I have no idea behind that, but that's not really helpful for cube anyway

The IPSWs I added were all obtained from googling

Tl;Dr: want watch IPSWs? Use what appledb has, pay for one of those shady sites, or get a friend at apple

zamn

Can you ask them for the contact details of the software update team while you're at it

Need to go off on them

Not just the tss people

Pallas is annoying

And mesu they make funny mistakes

Like hand editing plists

friend at apple 🤨

since when do you have friends?

you wanna know the funny shit

Intel's API portal is used both internally and externally

i can see like 400 internal apis even though I'm just trying to get access to one external one

Thanks Intel

i have some

I have this hook:

%hook ViewController
-(void)onClick:(id)arg0 {
    RLog(@"Button pressed at: %p", arg0);
    if(arg0 == 0x10526d490) {
        RLog(@"Its Working");
    }
    %orig;
}
%end

How can I check which Button was pressed because the Address changes every App start?

Can anyone develop a tweak that resets app permission for ios 15.6?

When you remove an app the permissions get reset?

Wdym

yeah not trying to redownload the app every time

😭😭😭

i am willing to pay

Wipe the app data i guess

where

Use app manager?

bro what the fuck are you spitting

Did you not ask for a tweak

https://www.tigisoftware.com/default/?page_id=259

bro just use appdata

oh apps manager the tweak

works on palera1n

yeah already using

it

someone told me just now

i did

oh ok

I feel like the solution would be to have the rootful package be 1:1 how it was before?

Or am I too controversial?

That would be too much of a pia

hm

idk, what happens if I want to use this rpath thing on like iOS 7

would it work?

I feel like it's too late for xina to fix this

so either you need a workaround or the old behaviour

are there any mcc mnc carrier name spoofers?

Yes

rpath is really how it would have been done in the first place

not asking a whole lot from him

And going forward it’s definitely a better option

yeah but you need to acknowledge that 70% of users are stupid and don't update their jailbreaks because they think the new updates are less stable

What are you trying to do

so even if he fixes this, it's already too late

70? That's a bit low

their sideloaded app will expire eventually they'll have to update it

TrollStore

catering to a dumb minority shouldn't be the reason we lose out on an important change

once their stuff breaks they'll figure it out

no

I will figure this out

when I recompile Crane and a bunch of people now complain that it doesn't work

same goes for other devs

a temporary grievance

they will want the old behaviour just so their users don't complain

the sooner this is done the better

Ngl the new updates can break things, it's been done before

But this doesn't apply to certain jbs

so they will downgrade theos and never update it

and then you get all kinds of funny issues

I’ve sent messages to him so maybe mr can offer a solution

so my phone doesn't have a sim rn. can i spoof it somehow that it says EE or Orange or whatever at the top and also change the mcc mnc numbers. So the app would read 260 02 Verizon instead of no sim

rpath:/ sounds good to me

whatever that is

Don't think you can spoof that

damn

Sure you could probably make it appear that way in settings but no tweak exists for it specifically iirc

🙏

But it's appearance only, no functionality would change

you're a genius code it for me and make some $

Not that kind of genius

damn

I have a tweak that builds on my iOS 7 device if you want me to test.

Actually I have 2 tweaks that work on iOS 7

HOW TO (hopefully) PASS -[WFShortcutSigningContext validateAppleIDValidationRecordWithCompletion:]: (validation for contact signed files) // aka possibly contact sign shortcuts entirely on device on iOS without the need to use private frameworks

(info from iOS 15.2, hopefully hasn't changed since then)

-This method gets SFAppleIDClient from private framework sharing.framework
-I thought it would be impossible to replicate without private frameworks but turns out I may be wrong
-The method first checks [[[[[SFAppleIDClient alloc]init]myAccountWithError:nil]altDSID]isEqualToString:[self appleIDValidationRecord]]
-Aka, if appleIDValidationRecord corresponds to the shortcut, pass
-If not, all hope is not lost!
-Checks if private sharing is enabled
-If so, checks valid phone hashes / email hashes associated with SFAppleIDClient (they're SHA256 hashes btw)
-If hash match, allow import of contact signed shortcut

Method 1:
-If appleIDValidationRecord can be found, just copy it from the user to a fake SFAppleIDClient. Private Sharing won't even be needed to import since shortcuts just thinks it's from the user themselves.

Method 2:
-Don't fake appleIDValidationRecord
-Get phone or email, even if it's not able to be retrieved without private framework access it won't matter since you can just ask a user to input their phone number / email address
-Hash it (SHA256).
-Copy user's hashes to a fake SFAppleIDClient
-Not sure if the apple id client info is signed (assuming it is or else that's a massive oversight) but if it is that shouldn't matter, just resign with the fake SFAppleIDClient. (For resigning without directly calling WorkflowKit, just replicate it instead, https://raw.githubusercontent.com/0xilis/RandomShortcutsRev/main/WFShortcutPackageFile.m this is definitely not correct but should still sort of resemble the source so fix it up and should be good)
-Boom, contact signed shortcut entirely from an iOS app which technically doesn't use private frameworks

This is just contact signing how WorkflowKit does it so less need to worry about it breaking since this obv isn't a vuln

If appleIDValidationRecord isn't possible to retrieve without using a private framework / access to sharingd then I method 1 wouldn't be viable but really don't see any reason why method 2 wouldn't be currently

can't help too much without extra context, but if the button has text, you could try checking that (be careful of localisation, though), or you could check the selector of its target, or just check which index the button is within its superview's subviews

@grave sparrow listen fucker

@grave sparrow listen fucker

@grave sparrow listen fucker

@grave sparrow listen fucker

Very cool

meth

meth

@lime pivot @marble perch finally fixing man-db on macOS

Still need to fix locales on rootless....

@grave sparrow pls add launchctl plist 🥺

my suggest was attach

Definitely not macho parsing...

What do you even need with that

methamphetamine

methamphetamine

Compatibility with apple launchctl

what does it do

Prints the __TEXT.__info_plist segment of a macho

Run launchctl plist /bin/launchctl on your computer

may I introduce you to my friend ida

It gets the pointer and len of the segment and passes it to xpc_create_plist

Then run launchctl_xpc_object_print on it

https://media.discordapp.net/attachments/1010057160509636668/1061095033450803350/25629DAB-51B8-49F7-B262-601B4542464A.gif

fr

capt inc

faptain kink

xpc_object_t xpc_create_from_plist(const void * data, size_t length);

Pass the pointer to the start of the __info_plist section into data

spawn_via_launchd() COOL

why does serializing a plist with format .binary corrupt it?

PropertyListSerialization

it works fine with xml but xml makes it too big for dirtycow

i tried dynamic cow's function

but it doesnt work

wtf

where

its the mobilegestalt plist

im using the same function as dynamic cow

and editing the same file

just a different key

wait

func setPlistValue(plistPath: String, backupName: String, key: String, value: String, completion: @escaping (Bool) -> Void) {
    DispatchQueue.global(qos: .userInteractive).async {
        let stringsData = try! Data(contentsOf: URL(fileURLWithPath: plistPath))
        
        // open plist
        let plist = try! PropertyListSerialization.propertyList(from: stringsData, options: [], format: nil) as! [String: Any]
        func changeDictValue(_ dict: [String: Any], _ key: String, _ value: String) -> [String: Any] {
            var newDict = dict
            for (k, v) in dict {
                if k == key {
                    newDict[k] = value
                } else if let subDict = v as? [String: Any] {
                    newDict[k] = changeDictValue(subDict, key, value)
                }
            }
            return newDict
        }
        
        // modify value
        var newPlist = plist
        newPlist = changeDictValue(newPlist, key, value)
        
        // overwrite the plist
        let newData = try! PropertyListSerialization.data(fromPropertyList: newPlist, format: .binary, options: 0)
        
        let succeeded = overwriteFileWithDataImpl(originPath: plistPath, backupName: backupName, replacementData: newData)
        DispatchQueue.main.async {
            completion(succeeded)
        }
    }
}```