#development

wait should it be the same exact size?

maybe add blank characters if the user inputs less

it is

but when its less it gets corrupted

also doesn't the exploit only let you write a certain number of bits until one gets cut off?

not the one im using

it just doesnt write if its too big

Oh lol, I forgot about this, I'll push soon™️

can you send the file before and after?

the file itself?

yea, before you edit it and after you edit it

enmity wont let me use share menu ae

that is weird

i cant grab the file

it just reverts back to the backup right as i export it

well i have another similar corrupted file that had the same thing happen

@timid furnace

since untethered downgrades are possible with blackbird, would we still need blobs?

dumb question

idfk anything about the bootloader

RGH 3?

if so, very based

blackbird is a sep vuln
Doesn't break the (boot) chain of trust

Yes it’s my first time

Untethered downgrade with blackbird literally implies valid blobs, ap still checks blobs

The untethered part is just downgrading sepos which isn’t even possible on all socs

Hasn’t even been done yet publicly

it's not? how do u know that

1. blackbird itself was patched
2. checkm8 was too (the only public bootroom exploit that works on "modern" devices)

even if you have the sep exploit itself, how does one expect to use it without access to SEP
this means running code before boot when SEP initializes

sig told me blackbird was patched in like A14 or A15 or A16

i see though

yes, but the 2nd point still stands

there's no way to use it

the worst soldering known to humankind

is that a pico

it says pico so probably

oh

im blind

nand dump success

owo what's this?

oh nand dump I see

gl with boot times

rgh3 is so inconsistent with that

can be instaboot or could cycle for 10 minutes

How can we improve it

Luck

Can’t really tweak it like you can with rgh2

bc no glitch chip

Can the pico be used as a glitch chip

The whole point of rgh3 is to get the console to glitch itself

So I’m not sure

@lime pivot did you have any success in contacting Xina about changing his patch to rpath trolling?

I got left on delivered

Yes

what's rpath he says

Wouldn’t surprise me in the slightest

I think we should collective do meth when a Xina issue arises. I know we all most likely OD within the hour, but it would be fun

False advertising needs less teeth

true...

very based and true

How do I pass the opened URL into my ContentView?

https://blog.sourceloc.net/icraze-tutorial-how-to-migrate-from-legacy-codebase-to-swift/

@zenith hatch Icraze loves swift so much he made a guide about it

Now he has no excuse to hate on us

true

@unkempt raft

oh

anyways the only good thing about objc is the objc runtime and private headers

Objective-C’s runtime is not good

It’s slow

i agree but nsclassfromstring

and other stuff from objc too

objc dynamic dispatch is awesome makes RE easy

agreed

my future husband

he’s 12

@native dune 1 binary down 💀 10 to go

wtf discord changed which side the favorite button is on

why

Trolled

only the underaged ones*

why is it on the right now

bruh i cant send a ss of this gif

go fuck yourself clyde

@zenith moth moment

it was the easy one too

@tepid olive

joe

https://cdn.discordapp.com/attachments/934606253873827931/1063259048469872790/image.png

rare capt W

true very rare

true

wow only two left?

If anyone there wants a full tutorial about how to convert a mp3 file to an Apple charging sound for MacDirtyCow here is a full tutorial that I wrote in a pull request. I don’t know if it’s helpful for anyone :
https://github.com/leminlimez/Cowabunga/pull/19

@spice egret stop being everywhere

Convert to m4a, easy

Don’t need caf

iOS isn’t stupid and won’t try playing it as a caf

It’ll detect it’s an m4a and happily play it

File magic

but isn't the default literally a caf

whar

The replaced one

It won’t try playing the m4a as a caf

ohh

I specified m4a lol

quiet

very dumb question but

we definitely need a bootROM exploit to utilize a SEP exploit right

yeah

why can I feature messages

Cock. balls even

Cock. balls even

idk, but i can too

Manage messages permission is attached to it or something

Cause dev role

oh because of the weird home thing

that consistently never shows me anything useful

that no one has ever used

or ever will use

I'm forced to use it because it occasionally decides to ignore my last selected channel and open that instead

discord make a good chat platform (impossible)

(xmpp WINS!)

use accord

The data couldn't be read because it is missing.

Did you actually try

no not at all

that's why this is here

@native dune besides checkm8, what's preventing palera1n from running on windows

checkm8 works

use King, the windows checkm8 in C

why do you need to specify that the dev is a furry

i am using accord now though

if youre being serious, send a link

if youre joking ok

i am

google it

acting up a bit, but otherwise nice

King checkm8 github

how do

so

my messages are not appearing when i send them

sometimes

true

hmm

if i can make something that's not a virus with swiftui, maybe i can make this even better?

good luck

ellekit is easier to work on than accord and ellekit literally runs in launchd

is launchd not nice to work with? oh you mean in launchd

yes

palera1n will use pongoOS, so to run it on windows we will need to use the tools prohibited here troll

@tepid olive i cant build on windows using its format

step 1

@tepid olive since the reply didn't work for some reason

@tepid olive do yk if king works w amd on windows

wow ok more things are broken than i thought

can't you use gaster too

although idk if that works on amd either

it doesnt

rip

king also uses libusb

so it probably doesn't work either

idk

i thought the consensus was libusbk using zadig

though yes, swapping drivers is no fun

hmmmm

are libusb and libusbK actually different

bruh

yes

i can use ubuntu

top 10 naming

its just i dont have an intel cpu

but libusbk should be compatible with it

how many controllers do you have on your system

wdym by that

usb controllers

great

try both

im assuming one host is the back and the other is the front

not exactly

libusbK is a Windows only project which provides a new set of API for Windows (supporting WinUSB, libusb0)
libusbK is a superset of libusb

hmm

alright time to shill my own project

https://github.com/USBToolBox/tool/releases/tag/0.1.1

download windows.exe

open it

go to discover ports

you can figure out which ports are on which controller from there

ratted my computer do not use

  #######################################################
 #                  Port Discovery                     #
#######################################################

AMD USB 3.10 eXtensible Host Controller - 1.10 (Microsoft) | USB 3.0 (XHCI) | 14 ports
  Port 1 | USB 3.0 | Type C - with switch (guessed)
  Port 2 | USB 3.0 | Type C - with switch (guessed)
  Port 3 | USB 3.0 | USB 3 Type A (guessed)
  Port 4 | USB 3.0 | USB 3 Type A (guessed)
  Port 5 | USB 2.0 | Type C - with switch (guessed)
  Port 6 | USB 2.0 | Type C - with switch (guessed)
  Port 7 | USB 2.0 | USB 3 Type A (guessed)
  Port 8 | USB 2.0 | USB 3 Type A (guessed)
  Port 9 | USB 2.0 | Type A (guessed)
  Port 10 | USB 2.0 | Type A (guessed)
    - CORSAIR Lighting Node CORE - operating at USB 1.1
  Port 11 | USB 2.0 | Type A (guessed)
  Port 12 | USB 2.0 | Type A (guessed)
  Port 13 | USB 2.0 | Type A (guessed)
    - ITE Device - operating at USB 1.1
  Port 14 | USB 2.0 | Internal (guessed)
    - USB2.0 Hub - operating at USB 2.0
      - Wired Gaming Mouse - operating at USB 1.1
      - SteelSeries Apex 5 - operating at USB 1.1
AMD USB 3.10 eXtensible Host Controller - 1.10 (Microsoft) | USB 3.0 (XHCI) | 8 ports
  Port 1 | USB 2.0 | USB 3 Type A (guessed)
  Port 2 | USB 2.0 | USB 3 Type A (guessed)
    - USB3.0 Hub - operating at USB 2.0
      - USB Audio Device - operating at USB 1.1
      - HD Web Camera - operating at USB 2.0
  Port 3 | USB 2.0 | USB 3 Type A (guessed)
  Port 4 | USB 2.0 | USB 3 Type A (guessed)
    - AT2020USB+ - operating at USB 1.1
  Port 5 | USB 3.0 | USB 3 Type A (guessed)
  Port 6 | USB 3.0 | USB 3 Type A (guessed)
  Port 7 | USB 3.0 | USB 3 Type A (guessed)
    - A7000 - operating at USB 3.0
  Port 8 | USB 3.0 | USB 3 Type A (guessed)

wen eta devmgmt actually be a tree

633 computers ratted ✅

https://i.dhinak.net/2023-01-12_22-55-48.png although this is easier to use tbh

plug your iphone into a port. then keep plugging your phone into different ports until it goes onto the other controller
those two ports are the ones to try

yeah that does sound easier than looking at traces on a motherboard

also what cpu and motherboard do you have

mobo: B550M AORUS PRO-P
cpu: AMD Ryzen 5 5600X 6-Core Processor

hmmmmmmmm

not the exact same cpu as mine so i can't guarantee whether it'll work or not

but the CPU ports work for me, which should be the 8-port controller

imaigne not having a linux release

i have no computers that

• can run windows
• are bearable to use
• not my desktop
• have enough space

to run linux on

so linux support gets worked on one day of the month

so thats the io panel on the back of the pc?

idk i cant tell you for sure, you have to test with the program yourself

but probably

i think i tried that already

I mean, Linux probably has a comparable tool already

well this is intended for hackintosh USB mapping, and no such tool exists

but for just the tree view part? you can use lsusb -t (kinda mid) or that one GUI usb viewer that parses sysfs

it just sits on the creating ramdisk phase

doesnt actually make any progress

palera1n? have you tried just solely running gaster

how do i do that

run find . -name gaster in the palera1n dir

find the path that has linux in it

then run ./path/to/gaster pwn

./binaries/Linux/gaster
./ramdisk/Linux/gaster

yea both are the same

does the device need to be in dfu mode

or recovery

or normal

dfu

Dfu

usb_timeout: 5
[libusb] Waiting for the USB handle with VID: 0x5AC, PID: 0x1227

both controllers do that?

That's the DFU wait
Not detected L

is that the entire output

yes

the motherboard's manual should also have a block diagram of how the USB controllers are routed

is it actually in dfu

yes

what motherboard does this

all of them

well I lied

mommyboard

Doesn't it even appear in lsusb | grep Apple

for some reason my server ITX board doesn't despite that it's only a year older than my main ATX board

and both are Gigabyte AM4

idk i have never heard of motherboard vendors doing that

Bus 001 Device 013: ID 05ac:1227 Apple, Inc. Mobile Device (DFU Mode)

mine don't

it does

bro what

who is your motherboard vendor

asrock

probably why

there's your problem

highly likely to not do anything but maybe run gaster as sudo? wild shot in the dark here though

Not a bad idea considering linux

thats what im doing

tried w and without

i hate computers

mine

interesting

ok I thought it indicated which exact ports they went to but oh well. it mostly gives you an idea of it all

It helps a lot tho

YOOO

I GOT SOMETHIGN

Found the USB handle.
Stage: SPRAY```

I think the controllers are just slow as we established already

@faint stag it needs to be on Bus 3 according to lsusb

Bus 3 probably isn't a hub then

is it safe to ctrl c the gaster

Yeah, doesn't hurt

alr i restarted it

stuck on Stage: SPRAY

Expected

Other times it loops

so should i just keep trying ?

You can

Just note that it's basically RNG cause of latency

That version of gaster should also take reset as an argument

Removed in a later version but idk why. Maybe the reset/cleanup is done automatically then

this is so weird

oh well, I’m throwing in the towel for tonight

I’ll take a crack at it tm

Bro I’m dumb

Next to my pc has been a pc with a intel cpu this whole time

we know

I believe it isn't
There is a variable you can set that will make it reset but that just broke gaster for me

Yes?

Oh

checkmate

When I get home

Procursus for Mac? That's a thing?

Yes

There's a dist

Ofc, there's no official install method but i have a script

i will make my own to improve my understanding of such things

I'd say go ahead but:
You need a zstd binary, a link to the bootstrap and you need to modify $PATH for new files

Mac Procursus Install Instructions

curl -LO https://cameronkatri.com/zstd
Intel: curl -L https://apt.procurs.us/bootstraps/big_sur/bootstrap-darwin-amd64.tar.zst -o bootstrap.tar.zst
M1: curl -L https://apt.procurs.us/bootstraps/big_sur/bootstrap-darwin-arm64.tar.zst -o bootstrap.tar.zst
chmod +x zstd
./zstd -d bootstrap.tar.zst
sudo tar -xpkf bootstrap.tar -C /
printf 'export PATH="/opt/procursus/bin:/opt/procursus/sbin:/opt/procursus/games:$PATH"\nexport CPATH="$CPATH:/opt/procursus/include"\nexport LIBRARY_PATH="$LIBRARY_PATH:/opt/procursus/lib"\n' | sudo tee -a /etc/zshenv /etc/profile
export PATH="/opt/procursus/bin:/opt/procursus/sbin:/opt/procursus/games:$PATH"
export CPATH="$CPATH:/opt/procursus/include"
export LIBRARY_PATH="$LIBRARY_PATH:/opt/procursus/lib"
sudo apt update
sudo apt full-upgrade

Note: This is not a shell script but a set of commands to be run manually

THE BOOTSTRAP URLS ARE WRONG

ok

L

leave them wrong

What, did you make new bootstraps

Yes

https://apt.procurs.us/bootstraps/

Replaced the urls in this one

If I were to make a shortcuts cli tool for iOS similar to the shortcuts cli tool on macOS (literally just a wrapper for a couple methods in WorkflowKit which also exist in iOS) would it be legal to try and copy the same args n stuff so any stuff dealing with the macOS cli tool would be the identical command for iOS

or would i need to have different args

The arguments can be the same, just copying code is where things get legally wrong

what is causing the rdar?

is it only on ios 16?

yeah this

He doesn't want people installing it

Anyone looked at MPAVRoutingController on >iOS15?

From everything I've found online this should work

guard let routingController = MPAVRoutingController() else {
            return
        }
        
        routingController.discoveryMode = 3
        
        self.timer = Timer.scheduledTimer(withTimeInterval: 1, repeats: true, block: { _ in
            routingController.updateAvailableRoutes()
            routingController.fetchAvailableRoutes { routes in
                for route in routes! {
                    NSLog("route: \(route.routeName!)")
                }
            }
        })```

For some reason only the iPhone's speaker shows up as an available route. When I then manually go connect to AirPlay it shows up in the list alongside the normal speaker until I disconnect. Doesn't seem to be the intended behaviour according to:

https://github.com/JustinYangJing/AirPlayTest/blob/ef719b2f5533f863e36aca7284842336c2cec041/AirPlayTest/AirPlayDeviceAutoSelect.m
https://stackoverflow.com/questions/38152763/passing-closures-to-private-apis
https://github.com/ginsudev/RouteConfigurator/blob/main/Tweak.x

Any ideas?

Can we use dirtycow to enable facetime audio on Chinese iphones ?

Someone can see globalize or facetimeenabler tweaks thats open sourced on github to know what they modify and then use santander on ios 16 🌝

@grave sparrow listen fucker

@grim sparrow so i tried reading the dave and busters card on aemulo

what type is it

oooooooooo

thats workable

with a bit of tom foolery I can emualte that

new aemulo should be able to

and dump the data

so there’s nothing I can do for it now

Just gotta wait?

mhm

if you keep the card handy I can make a dump of it later

yeah sure

I’ll leave it on my desk

I don’t remember how many chips/tickets were on it tho

if that would make it easier to read the dump

But whenever you need me to test anything just lmk

Finally got a modern phone jailbroken

I mean that number would probably be helpful icl

it depends if they encrypt the tag or not I guess

with any luck it will just be a raw number in block 3 or something

prob is

well the chips are a float

Tickets are an int

if that helps at all

https://cdn.discordapp.com/attachments/1034285810175967344/1063600443491614801/f89.png

@rain falcon

TRUE

legos

Empty wallet

😂

how do i commit code to my repo from MS VS 2022

git commit

git push

do a little tomfoolery

Anyone know how sandbox.kext checks entitlements

throwback

btw is there any way to make an ios app on windows

in a macos vm

otherwise no

i should have mojave in a vm

is that too old

idk tbh

Yes but its not enjoyable in the slightest

And you have to be jailbroken

to install it on a phone yea

Yes

tell me the software i need to use

https://theos.dev

wrong

Is that one thing finally out

From kabir

@oak wharf
you can use a macos vm which is takes more setting up, but when it comes to the actual app development is probably the easiest one because you'll have access to xcode and the interface builder
you can also use WSL (what i use) to run theos, but it's a pain in the ass when it comes to the actual development because you have to create every piece of the app programmatically, but you get used to it after a while, and then just install using something like sideloadly

im assuming yes considering i make jailed apps all the time on theos

Fire

Still not getting back into ios dev though

understandable

@wind ravine in case you were still wondering, CircleSettings doesn't edit any system files, it uses hooks

then maybe im thinking of a different circle settings tweak

id __fastcall sub_7E08(void *a1)
{
  id v2; // x19
  double v3; // d2
  double v4; // d8
  id v5; // x0
  id v6; // x0
  double v7; // d0
  id v8; // x21
  double v9; // d2

  qword_8068();
  v2 = objc_msgSend(a1, "iconImageView");
  objc_msgSend(v2, "frame");
  v4 = v3;
  v5 = objc_msgSend(v2, "layer");
  if ( v4 <= 100.0 )
  {
    objc_msgSend(v5, "setMasksToBounds:", 1LL);
    v8 = objc_msgSend(v2, "layer");
    objc_msgSend(v2, "frame");
    v7 = v9 * 0.5;
    v6 = v8;
  }
  else
  {
    objc_msgSend(v5, "setMasksToBounds:", 0LL);
    v6 = objc_msgSend(v2, "layer");
    v7 = 0.0;
  }
  return objc_msgSend(v6, "setCornerRadius:", v7);
}

disassembled if you wanted ^

@wind ravine http://cydia.saurik.com/package/com.vedboon.circleicons/ also uses a hook

CircleSettings: [PSTableCell layoutSubviews]
CircleIcons: [PSTableCell _imageView]

so maybe not possible with dirtycow then

i have an idea

nvm

idea didnt work

I used to do MTerminal and iFile on an iPhone 3G to write a couple UIKit apps. Fun (small) times

i used to write tweaks on my iPhone 8

https://github.com/donato-fiore/Cach3D/blob/master/Tweak.xm

i wrote this on my phone in my school's cafeteria

\

10 million iq

if you mean Orion then yes

i wrote mg first tweak on an iphone 6 with a partially cracked device frame

💯

another 10/10 capt development spam guide

dawg didn't even try this becuase plistbuddy does not exist

?

worked for me

plistbuddy - sileo://package/plistbuddy - from https://strap.palera.in/dists/iphoneos-arm64/1800

palera1n repo

skull emoji

damn that crazy, its almost like im on palera1n

Any chance of having this saved online publicly, without being “hidden” inside discord, like on a gist?

This and any guides here, that is

no need, this server never loses all its channels or anything

didn't ask

@grave sparrow https://soundcloud.com/scythe/or-are-you-drunk-i-can-never-tell-1

Less of that and more of having it accessible, not behind a “join server” screen and then figuring out you have to search a whole server

use my github website

fuck you too

git more like you should git some bitches

Maybe you meant “git pull”

--force

Remember to “git reset”

instead of thanking me for giving her a back rub, she said "git out of my house"

dont touch me

zip it

rm -rf yourself

kill(getpid(), 9)

pls if anyone knows anything I am going to commit over this

git commit, right??

ive done this on a mac

For some reason its just not working on a standalone ios app

i’ll send the code soon

thank you

haven’t used MPAVRoutingController tho

interesting do you remember what you used?

I used C apis I think

I don’t remember if they’re private

But obfuscating is easy so private apis don’t matter

damn

5 line tweaks are the best tweaks, change my mind

like shit like this 🤌

But imagine if this was a plist

Literally @grave sparrow's dream

a tweak written in xml

thanks for the nightmare fuel

i did this

<key>hook</key>
<string>FTDeviceSupport</string>
<key>method</key>
<string>callingSupported</string>
<key>returnType</key>
<string>bool</string>

wtf

instance method

and there’s a js string for the actual replacement method

FaceTime audio enabler

yes

😄

L emote

where do they teach coding

Bros pulling JSC into every binary

Balls

is you’re asking in order to make tweaks, https://github.com/uroboro/Learn-Objective-C-in-24-Days-Clone

tweaks/ making hacks and stuff

average 14 year old

Problem

Python too

No way

That's gross

@grave sparrow where is launchctl plist

fr

someone ik actually made a hack

Omg really

thats not what I asked

i can send u video

whole mod menu with broken features

bro that is so cool

he must be the king of the playground

frfr

king of the castle king of the castle

https://tenor.com/view/king-castle-borat-bigman-gif-4656430

which yt tutorial did he copy it from

he didnt copy

he made from scratch

he is so awesome

the best

amazing

can I get his autograph????!!!! 🙏

Cameron has a crush for him already

he will aimbot u

skidded nn cheat

https://tenor.com/view/jalen-rose-sipping-tea-you-were-saying-gif-14375920

why should dogs listen

why not

any ark hack on ios?

many

but u gotta pay

oh

and the prices are around $50-$300

danghb

before everyone used to have one hack

dangg

and they payed $700

dam

pay that shi for me

the owner of the hack made like 500k

theres no free one?

there is

link

but its just a editor

its useless

u need scripts

oh

you need scripts to inject

how do i get the scripts

idk

😭

theres none these days

and also

theres no point

cuz all the payed hacks are better

why

and u are 100% gonna die

ok but

is there any less than 10$

nope

20$

i told u the lowest is $50

oh rightt

they are high quality and have broken features

do u have an ark hack?

i used to

i had fz

$120

my friend gave me

but i stopped playing

actually

there is one free which is good

but u need an app signer to donwload it

can i get the free

yh

ok

but u need app signer

give me the app signer then

gbox/boarsign or other stuff

the ones i mentioned are payed

they need certificate

or just use sideloadly

if i use sideloadly

i will need to go on developer mode right

white names took over #development

i think so

acutally no

it depends

if u on ios 16 then u need

but if not then u dont

i am

then u need to enebale developer mode

the signer which i used costed me $25 and lasted me a whole year without being revoked

oh danggg

L

virgin activity

U know how they say time is money

Why dont u invest some time into getting good

or just learn to make hacks

and sell

i doubt someone who wont take time to play a game will take the time to learn how to code, learn how to reverse engineer, reverse engineer a game, learn to make hacks

true

lol untrue as fuck

what if they already knew all of that

is there a way u can get developer mode on ios 16 when u dont see it and without pc?

sideload the application in some way

u got a way?

@native dune where's the source for

iBoot64Patcher
iBootpatch2
img4
iproxy
jq
sspass

so i can compile them myself

i have nothing better to do so im building all the binaries for aarch64

palera1n/iBoot64Patcher
palera1n/iBootpatch2
google img4lib
from libimobiledevice, i think alexia has a build dockerfile
google jq
google sshpass

you can ask @tepid olive for all the binaries btw

hi

i've been summoned

well I just realized I also have to compile all the ramdisk binaries too

I also want to know where the sshrd binary came from

binary?

*binaries

i mean you could guess

pzb is by tihmstar
iproxy is by libimobiledevice
gtar is well gnutar

ah not

ssh.tar

oh the bins

bootstrap and binpack are from procursus but i don't know where the sshrd bins came from

source

source

forgot git add .

to be fair they only asked how to commit

well i know that nathan also used binbag (morpheus stuff) in there

to be fair, just running git commit errors with no changes added to commit

noooo wtf

why

i did tar and spotted binbag

so it's just a guess, but why else would binbag be there

I think it's modified ramiel ramdisk

early versions still had ramiel text in the motd

or something

@native dune why is the python rewrite being cancelled for C

yeah it's morpheus's binpack, screen is in there lmao

because python is bad

dog thats bash 3 wtf

noooo

its still just going to be a program calling a bunch of other programs though?

in C!

for what benefit other than a higher barrier for entry

RUST 🚀

when all you're doing is just posix_spawning other processes it doesn't matter what you use to run it

true

the other team members started to write it in C

for what gain

none

the gain is that I don't know C and I become useless to the team

im the biggest c fan here and even i think that was dumb

I'm trying to learn c

I am an avid C enjoyer and I think it was dumb

and my hours of work on perfecting the py rewrite are gone

theres just like

no reason

other than incredible pettiness

the only reason to do so is to call less binaries in the end if you just add those as a function or use a lib
yet i don't think that's happening

technically Mineek does

I think

I think so

Honestly its hard to find an owner of a bash script comprised of lots of small excerpts from other scripts that just calls other programs

yes

100% gonna be some leaks

porno

technically we both are, but I own the discord and GitHub

balls

ball

hi hru

the average jailbreaker experience tbh

balls

@steady nest my lawyer would like to inform you that i don't know if im doing this correct

if it didn't work, he's correct

my lawyer says the client of your lawyer doesn't know how to use google

me (the client) tried google, but i (the client) couldn't find anything about what your lawyer was talking about

my lawyer is saying that due to security reasons, he can't help you with such matters

my lawyer says i think i got the hint, but trc was heree isnt logging

but by trc is

my lawyer says to try the other way to use hookf

my lawyer has suggested that me (his client) is dumb

i (the client) did the other %hookf, and it still doesn't log

"_Sec..."

my lawyer said you're all nerds

@grave sparrow this doesn't decrypt for me

it just generates an ipa w a encrypted binary

i think it works now

the app just crashes on launch

its prob sideload detection

captappdecrypt malware

use iOS 16 sdk

Xcode 14 works on monterey no?

remember: 1:1 compatibility

dog doesn't use xcodes

no?

load the mach-o

get a pointer to __TEXT.__info_plist, pass to xpc_create_from_plist

then pass that xpc_object_t to launchctl_print_whatever

umm it doesn't work on macOS you know...

maybe just remove the ldid call from the makefile

my balls are so big

untrue, ask your mother

she calls me the horse

launchctl_xpc_object_print(plist, NULL, 0)

the decl is in launchctl.h, the impl is in xpc_helper.c

what's different?

Mach-O is bogus

you don't have to copy every error message, but any error messages you post should be the same as apple's

Who was on drugs when they gave you the dev role?

Real devs don't have enough storage for multiple versions of xcode

Makes sense

Cause it's unneeded...

launchctl has a very short life time

So I don't bother releasing any xpc objects

That's literally exactly how it works...

Bro

That's perfectly valid

Yes let me just call free/xpc_release a ton of times right before returning instead of just letting XNU handle it all for me after the prog exits

./launchctl plist ./launchctl

I think

Does ./launchctl plist __TEXT.__config /sbin/launchd work?

Also, feel free to turn on arc, you'll probably have to annotate all the launchctl_ functions so that the proper references are tracked

The the private xpc function args

Don't

I'll turn on arc

Ask ida, I'm not at my computer

Binja_KC so nice - the boost dependency is gone

also wtf iOS 16 kcache's are semi-symbolicated now?

Sounds good, thank you 🙏

There's lots of duplicated code, so I'm gonna clean stuff up into some functions but otherwise it looks good, thank you for doing the heavy lifting for me

imagine wanting attention so badly you link your telegram and twitter in #development of all places

Honestly your "snapshot" tweak has already been made at least 20 times

i just wanna know if someone has issues with my tweak so i can dix them asap but ok

i cant find them in any repo idc

there have definitely been tweaks that do the exact same thing before

uses the exact same hook as https://github.com/EamonTracey/SecretShot/blob/main/Logos/SecretShot.x

😭😭😭

nooooo

not the banning tweak “that doesn’t inject into snapchat”

issue is that you're injecting into snapchat without any sort of bypass

__int64 InitFunc_0() {
  Class Class; // x0
  Class = objc_getClass("NSNotificationCenter");
  return MSHookMessageEx(Class, "addObserver:selector:name:object:", sub_7F20, &qword_8038);
}```

one hook

crying

account ban moment

https://github.com/EamonTracey/SecretShot/commit/a5e9cd7f42ce44cad716f422c9de9b8c1a7bc3bc

☠️

this is when they realized what was wrong with the tweak and removed the paypal link to avoid backlash

i remember now

i still cant get over the fact that people yelled at me for trying to cause drama over this

I simply told them to stop selling something that will ban you

why

dont worry

I have 12 hours to finish my essay

and I just spent an hour learning to play the little piano built into the cad software

💀

not really

i havent used storyboard in yonks

what you've just described could be done in like

10 minutes of code

5 maybe

how on earth

what you've just described would work fine in catalyst

Just use SwiftUI

I hear that's the cool new thing

figure.surfing

wait it was paid? 😭

yes

it was $0.99 iirc

for yonks

99 cents for 4 hooks and a banned snapchat account

seems like a win

have you seen this?

sorry, 2 hooks

🗿

omg omg it was published on my birthday!

u r not getting boob pics

for free*

or you could like

not

You know you can look at boobs for free on the internet

giggity

https://tenor.com/view/quagmire-gif-19667350

https://cdn.discordapp.com/attachments/1058221373828366347/1064288925906124931/image.png

@grave sparrow

https://tenor.com/view/looks-photoshopped-fake-edited-photoshopped-bunnymeyer-gif-14321867

https://tenor.com/view/donald-trump-fake-news-gif-11382583

TRUMP

capt loves asking people for boobs

fr

anyone know a working cask for openssl 1.0

why do you need 1.0

Old software

just compile it with support for 1.1 then

smh

smh no because I’m not compiling xpwn

it barely works anyways

forks exist

true, but I only really need dmg

since reimagine exists

i mean the files are there, just use clang

so you don’t know a working cask

thanks ig

use https://github.com/0xallie/xpwn with openssl 3

guess someone already made a fork, thanks @faint timber

Nice rock you live under?

honestly probably

Safari is on crack today

alright, anyone know a working command to compile xpwn

i've tried using install.py and cmake, but eventually nothing works

man

cmake . will generate build files
you will then get a custom makefile depending on what you passed to cmake
so just run make after cmake says generating is done

man

thank you

but that's not all ofc

you need to pass some stuff to cmake for openssl3 to work

as you know it won't be found by default with macOS + brew

brew warns you about this too

yeah i noticed

well, turns out I had openssl 1.0 after all

and all the tools work properly now

thanks

If I make something funny on a Swift Playground, to export the IPA, I need to send the swift package to a Mac and export with Xcode right?

afaik you can't really create an app with Playgrounds

an IPA is really just a zip file

with a certain structure

arm

I am going to develop a new computer architecture

LEG

and then instead of Mach-O, you’ll have LEG-O and get a cease and desist from Lego

Leggo my eggo

Mach-O
FTL-O
KNOT-O

New architecture ORE

Executable ORE-O

New architecture MEXIC

Executable MEXIC-O

New architecture PED

Executable PED-O

yulky

yes

what was wrong with your car?

L

Ah unfortunate lemme know if you need a Little Boy to come in and fix it

Fat man is for nagasaki

fukushima

You

nagasaki is a good place

question abt reverse Engineering online / server sided games
would it be possible to claim rewards on said games without even opening the game?
or can't the login be replicated => which makes the post req claiming the reward invalid

@faint timber

i forgot to reply

.

democrat virus

on god

Whats that?

github

Ik thAt

I just used palera1n and have been out of the scene for a while. I want to use this phone as a dev machine so would like to do everything over ssh

But when running apt update its complaining about:

W: GPG error: https://strap.palera.in iphoneos-arm64/1900 InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3D1B28A5FACCB53B
E: The repository 'https://strap.palera.in iphoneos-arm64/1900 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

i can just use -o Acquire::AllowInsecureRepositories=true but I'd rather fix it properly

Can I get a bump on this thanks

It's not an issue on your end though

What do u mean by that?

I’d prefer not using insecure channels

you can just pull it in from somewhere

no idea why it isn't doing that automatically

gpg --recv-keys 0x3D1B28A5FACCB53B

@plain egret

Will try that tomorrow. Thanks!

np.

if that doesn't work you can also try gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 0x3D1B28A5FACCB53B

gm

sorry! sending rn

thank you!

https://gist.github.com/evelyneee/85080b63062f502cd467ceffe302c5de

@warped thicket

gee em

fyi this is a pretty ugly implementation, but it works

the apple picker hardly works

Yeah I just need to get the routes probably, I'm trying to auto initiate screen mirroring

Hmm @tepid olive still having the same issue

So weird because it does show up

I set MRMediaRemoteSetRouteDiscoveryMode(3) too

gm

In the syslog

Jan 16 12:08:33 SpringBoard(MediaRemote)[59] <Notice>: <MRAVConcreteRoutingDiscoverySession: 0x283aa9d00> (Audio| - Disabled) - Output devices changed
+ <MRAVConcreteOutputDevice:0x105cc17f0  "test" uid="48:5d:60:7c:ee:22" group_id="(null)" bluetooth_id=(null) type=AirPlay subtype=AppleTV AppleTV2,1>
  <MRAVConcreteOutputDevice:0x105cbd290 (local) "Speaker" uid="Speaker" group_id="72E137A4-47FA-4CE9-AF85-7F1C502FB0CD" bluetooth_id=(null) type=BuiltIn subtype=Speaker enc-prog-dl-assets fetch-sender-media-data opt-audio-ui>

It's there but the output from MRMediaRemoteCopyPickableRoutes is

[{
    AVAudioRouteName = Speaker;
    PortNumber = 171;
    RouteCurrentlyPicked = 1;
    RouteName = Speaker;
    RouteSupportsAudio = 1;
    RouteType = Default;
    RouteUID = Speaker;
    SupportsSharePlay = 1;
}]

don’t use that view!

make your own

it doesn’t work

@tepid olive no no

Oh i get it

I was just showing that on the device it does appear

Maybe iOS just requires entitlements

Right now I just have the code in the default view controller

This code worked on mac

Poke around and maybe you’ll get it

zsh: killed flexdecrypt

iPhone:~ mobile% ldid -e flexdecrypt
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.diagnosticd.diagnostic</key>
        <true/>
        <key>com.apple.frontboard.debugapplications</key>
        <true/>
        <key>com.apple.multitasking.termination</key>
        <true/>
        <key>com.apple.private.cs.debugger</key>
        <true/>
        <key>com.apple.private.security.no-sandbox</key>
        <true/>
        <key>com.apple.private.skip-library-validation</key>
        <true/>
        <key>com.apple.springboard.launchapplications</key>
        <true/>
        <key>dynamic-codesigning</key>
        <true/>
        <key>get-task-allow</key>
        <true/>
        <key>platform-application</key>
        <true/>
        <key>task_for_pid-allow</key>
        <true/>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.diagnosticd.diagnostic</key>
        <true/>
        <key>com.apple.frontboard.debugapplications</key>
        <true/>
        <key>com.apple.multitasking.termination</key>
        <true/>
        <key>com.apple.private.cs.debugger</key>
        <true/>
        <key>com.apple.private.security.no-sandbox</key>
        <true/>
        <key>com.apple.private.skip-library-validation</key>
        <true/>
        <key>com.apple.springboard.launchapplications</key>
        <true/>
        <key>dynamic-codesigning</key>
        <true/>
        <key>get-task-allow</key>
        <true/>
        <key>platform-application</key>
        <true/>
        <key>task_for_pid-allow</key>
        <true/>
</dict>
</plist>

i think its bc its using entitlements that you cant use in iOS 15

im so smart

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.diagnosticd.diagnostic</key>
        <true/>
        <key>com.apple.frontboard.debugapplications</key>
        <true/>
        <key>com.apple.multitasking.termination</key>
        <true/>
        <key>com.apple.private.security.no-sandbox</key>
        <true/>
        <key>com.apple.springboard.launchapplications</key>
        <true/>
        <key>get-task-allow</key>
        <true/>
        <key>platform-application</key>
        <true/>
        <key>task_for_pid-allow</key>
        <true/>
</dict>
</plist>

idk if it actually runs or not