#development

i got inheriting working

main luzbuild

# meta
meta:
  # cc
  cc: /usr/bin/gcc
  # swiftc
  swiftc: /usr/bin/swiftc
  # zstd compression
  compression: zstd
  # rootless
  rootless: False
  # platform
  platform: macosx
  # vers
  version: 13
  # archs
  archs:
    - arm64
    - arm64e

# control info
control:
  # package name
  name: TrolleyTools
  # package bundle id
  id: com.jaidan.trolleytools
  # package architecture
  architecture: all
  # package description
  description: TROLLEY BUS DEMO
  # author
  author: Jaidan
  # section
  section: Tweaks
  # version
  version: 1.0.0
  
submodules:
  - C_Tool/
  - Swift_Tool/
  - Logos_Tweak

C_Tool/ luzbuild

# modules
modules:
  TrolleyToolC:
    # install dir
    installDir: /usr/local/bin
    # module type
    type: tool
    # source files
    files: Tool.c
    # compile changed
    onlyCompileChanged: False```

Logos_Tweak/ luzbuild

# meta
meta:
  # sdk
  sdk: $THEOS/sdks/iPhoneOS14.5.sdk
  # platform
  platform: iphoneos

# modules
modules:
  TrolleyTweakLogos:
    # module type
    type: tweak
    # source files
    files: Tweak.xm
    # compile changed
    onlyCompileChanged: False```

and it builds the Logos_Tweak submodule with the specified sdk

and inherits the rest from the main module

same with C_Tool

@grave sparrow

im the GOAT

true

and if you're wondering how this impacted speed

it didn't.

you all should FEAR me

im too good

this is GOAT BEHAVIOR

🐐 🐐 🐐 🐐 🐐 🐐

@timid furnace

don't care + you're pasty

Can you make a schema file

something to describe every possible option

idc whether it's an actual proper schema thing or whether it's just a YAML file with every option listed

would save me from looking through the code to see what options there are that aren't in the sample file

https://github.com/LuzProject/luz/blob/main/luz/compiler/config/defaults.yaml

this has every option aside from installDir inside the modules

as well as what they default to

sakuraaaaaaaaa

PORTUGUESE

anyone found a way to bypass ssl pinning in apps on ios without a jailbreak? I want to proxy my iphone to intercept requests from a private API

jb required (or frida if possible)

:(

there's a way without jb iirc

and without frida

I used it to intercept Xiaomi's traffic

https://github.com/doronz88/harlogger oof they changed it in 15

It is changed by apple because it was used by fmi off

w

Your form has been received. Please allow up to 100 years for us to process your form. Thank you.

hurry the fuck up then

Your personal advisor has passed away. Estimated processing time: ∞ years

asking for a friend: how do you programmatically disable/enable location services and what entitlements do you need

@tepid olive as a tweak

or like trollstore

TrollStore or jben

bc i know how as a tweak

will probably help idk just asking on their behalf

its just hooking CLLocation and just returning nil for a bunch of shit

ty

"You can’t hook if you’re not using a tweak"

%hook CLLocationManager

- (id)delegate {
    return nil;
}

- (CLLocation *)location {
    return [[CLLocation alloc] initWithLatitude:0 longitude:0];
}

- (void)setDelegate:(id)delegate {
    %orig(nil);
}

%end

yeah ik, thats why i asjked

Does anyone know any good tutorials for learning ARM64 for someone with no previous experience with assembly?

does anyone know if is possible to put android whatsapp on ios? i know that its impossible to put a apk in ios, but there is a way to mod like watusi? or something like that

Short answer: while theoretically possible it’s not simple, easy, nor done already

want to be the first then, just need help

someone that knows

Do you know both Android and iOS internals to make a bridge between Java and objc/swift?

i have friends that mod android whatsapp and friends that mod ios

Get them together then 😜

string mod

Not sure that that screenshot is good enough proof to be able to emulate Android libraries on an iOS device

its not.

do u have any aknowledge to help us? we are from brazil but i can always translate

aknowledge

I don’t have time or incentive to do much about it but I’d recommend Jonathan Levin’s books on internals, as well as read on emulation, simulation and virtualization

You need to know how both Android and iOS app lifecycle works, at the very least

god damn

seens difficult

need to chat with then

what exactly is your end goal

just use watsui

Depends on where you’re looking from

put whatsapp from android in ios

without apk

why android

i want hype

we already got some but making a android whatsapp for ios is going to revive ios community in brazil so

we got some vids showing a modded watusi

wait

i can send links?

https://youtu.be/4Ll6n3z9cXE

there

happens

but u can see?

oh i get, its because i reposted this video, i downloaded from wp

this my plan, know someone to help?

you wont be able to emulate android on ios

its too complicated

i’m trying to mod the ios one

does anyone here know cmake enough to help

i'm trying to set up a development framework for ios to be usable on windows

and idk what i have to do to make cmake cross-compile

https://www.atnnn.com/p/operator-larrow/

is this real

Why don't you try it and see?

I can't

enzyme update https://github.com/camila314/enzyme

it is now kinda sorta usable on mac!

so this essentially patches ipas as far as i understand?

pretty much

that + provides a build system where you can easily write code for static hooks

But you still need to get your hand on the ipa to inject it yourself right? Is it a better method than getting a decrypted ipa and then injecting the tweak?

Not sure I really understand how it works

you will always need a decrypted ipa

the app will not launch if you modify code or modify signing if encrypted

think theos-jailed, not something like sideloadly

the point is to make actually injecting code much easier once you have the ipa

the biggest benefit is that enzyme doesn’t operate only through objective-c

it’s raw hooking

meaning you can write tweaks for any app regardless of what language it’s in

i created enzyme specifically for an extensive mod menu for geometry dash

a game written in c++

since objc selectors are just like C functions you can use this for objc too

omw to write tweaks in brainfuck

real

dghost typing

real

DGh🙄st*

DGh st

hey

i was typing that

give me a minute

slow

i couldnt find the emoji

i just copied his name

weak

i won though

so who's the real winner

but at what cost

ok?
not you

2 keystrokes off my keyboard's lifespan

technically 3

ctrl + c/v

how does WDBRemoveThreeAppLimit work
like how can it "hook" a method using dirtycow

it rebinds chained fixups

you lost me at "it"

no ctrl needed

finally i can use lua

well the tweaks are still in c++💀

but you could write a mod for a lua app

by hooking the lua c engine and injecting your stuff

so i guess you can technically use lua

Sadly the last project that allowed lua outside of game engine for iOS is 8 years old

so no more lua

common apple L

Nah open source projects, not apple

Oh i bet they never even heard of it, why would they even use it, its just a super easy, beginner friendly language, which has lots of modules for multiple usages, and its not like if it was made to be an embeded language at some point anyways

true

ya ever used it?

but also i don’t like lua syntax

Bro

How can you not like it

when i was 11 i did roblox stuff

When you look at obj-c's syntax

so yeah i did lua

i like objc 💀

you can't say its not a better option to obj-c

bro reading the syntax gives me strokes

i’m just quirky like that what can i say

i’d rather write a basic app in objc than swift

i'd rather write it in lua

i’d rather write it in rust

https://github.com/alibaba/wax
lua for iOS 💀

bro the syntax is so ass fr

pyobjc is a better wrapper i think

py

so you mean python

bro do you know how badly i fucking hate python

Fuck python's syntax

I'd rather seriously learn cpp than python

half of enzyme is python

Fun fact: you don’t need brackets for functions that take no parameters

the other half is c++ and asm

i respect this half

well it’s “asm”

i made my own tiny preprocessor for arm assembly

(in python)

for ease of use

bro

fuck python

its all i'll say

lol you should see the python code

it screams “nobody was supposed to see this”

THE FUCKING INDENT

bc they weren’t

enzyme is literally held together with sticks and rocks

i mean

its still prtty cool

i agree

originally it was tailored very specifically for geometry dash

i had to do a lot of silly things to make it generic

i mean

still nice

fuck python

it’s cool though

no way youre saying lua has a better syntax than objc

brand new no-ar compression + decompression @timid furnace 😼

it works

i may or may not have typed my password wrong the first time dont sue me

lol nice

working on something rn but will try it in a bit

zst better

so true

zst best

zst will be the face of my next project

1.6kb -> 1.2kb

chad

wanna bet?

username checks out

Dude lua is so much more fucking readable, ofc there are those sweats that are gonna make some weird fucking things but who cares about em

well actually i was named that way

having done roblox development for a spell, i hate lua

I don't do roblox dev dw

but you're entitled to your opinion so i will leave it at that

it looks sad af

having done roblox cheat development to annoy children, i hate lua

i legit cheat in roblox like i own synapse and shit

i mean i have a synapse license

but roblox ain't so cool now, so i stopped playing at all

synapse fell off

i also have sw...

theyre moving to a subscription model

that one pwetty good and still not sub based yet

if i end up wanting a new injector in the future imma get sw yea

done with synapse

i mean it never crashed so who cares

and v3 coming out soon, tho they postponned it cuz byfront and they are scared

i wanna make an injector for mac i feel like it’s possible

https://media.discordapp.net/attachments/933428639620542474/1067152949211574332/caption.gif

tf is zefram

@grave sparrow

yeah, and i got boned because of my cheat software merging with them for v3

zefram 2

if you've heard of protosmasher

it was a one time payment but their cheat client worked fine

although i never cheated on my main, obviously

i do

although if roblox bans my main, i literally will not care that much

they're a company that reeks of pedos, piss-poor mismanagement, and shitty business practices

real

roblox reeking of pedophilia isn't a joke either; an admin got fired after they were exposed to be a pedophile, and also roblox doesn't ban pedophiles on their platform

pedophiles only get banned off of roblox if their game gets DMCAed by SEGA, or if the FBI arrests them

i wish that were a joke

https://youtu.be/wdDfdlLuAgA

major content warning btw

lots of really, really dark shit in that video

https://twitter.com/nixcraft/status/1623058575961759746?s=20

yq is the most obvious one
i know nothing else

idk what yq is

it's jq for yaml

lol

oh

is there a boolean entitlement that all apps have an entitlement for

or like

whats one that i can use

wow that was a bad qeustion

lmao

i presume you mean "is there an unrestricted boolean entitlement i can add"

what boolean entitlement can i give to an app thats signed w a free dev account

yeah

that can set to be "true"

read the discussion section of the entitlements listed here
https://developer.apple.com/documentation/bundleresources/entitlements?language=objc

but some choice picks:
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_fileprovider_testing-mode?language=objc
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_kernel_increased-memory-limit?language=objc

bet

tysm

I think I might be onto something and I needed an entitlement

good luck

thank you

did you ever figure this out

Yes

how

https://media.tenor.com/MFVmqvq6jr4AAAAC/openbsd-puffer-fish.gif

fugu16

ban yourself to the nether realm

sleep in the nether

die in the nether

too skilled 😎

more like creative mode

no orange name? shut up

me

is that penis fish, the long awaited sequel to penis dog?

bock and calls

it’s not happening

how 💀

Yes

can you tell me 😭

smash

use my python shit

!

I have a crazy idea for MacDirtyCow, unless the following file is somehow signed
overwrite /Developer/.TrustCache with yours
overwrite another executable in /Developer and provide it with arbiratry entitlements
profit (haven’t tried this)

i don’t think this is possible

because people would have done it on iOS 14 to untether

u know what might be doable

debugserver hijacking

grant jit to a process that is run as root / unsandboxed and get a code exec primitive

That is a trustcache in a signed img4

yes, that is the way

no we don't

this is iOS 16.1

lmao

@grave sparrow is setgid enough for root code exec

also @grave sparrow if something has CS_DEBUGGED will I be able to execute unsigned memory freely on iOS

debugserver has great entitlements

do i have to protect it

welp

thats harder

WAIT

LMAO

ok this is cool

there's a perfect piece of code here

trying to get full code execution in debugserver

so i can posix_spawn my app as root

Don’t you have arbitrary ents

or just get unsandboxed code exec

no this is MacDirtyCow

it doesn't but it can setgid and setpgid

so maybe this will wofkr

work

only problem is that this won't allocate in the current task

/private/var/root/Library/MobileContainerManager/containers.sqlite3 what's this file

would overwriting this do anything?

have you tried looking in the db lol

yeah i did after i sent that

i feel dumb now lol

yep, it should be where containers are defined

better not touch it

no there is a check in PPL code where it always checks whether the target process has get-task-allow or run-unsigned-code before it sets CS_DEBUGGED

write a single swift method with a "do catch" challenge (impossible)

ok apparently try? exists

it will return an optional of the return type if the func/method fails

and try! kills execution if it throws

please don’t use try! in production

swift thinks I'm dumb

I don't like swift

L

whats wrong ill help you before i sleep

tbh 99% of programmers are dumb

i disagree

my app is fuckin lit

best thing ive ever made in my life

swift is wrong

next to yt on apple watch

your apps brightness is not related to your intelligence

send me your code and stop hating on swift

like my super power brain obviously already thought of the case where some shit throws or it returns nil and knows it's not an issue but it still wants me to unwrap shit and all of that

like that makes anything better

yeah duh you have to unwrap it to get its values

use conditional unwraps

such as

static func locateExistingFakeRoot() -> String? {
        let ppURL = URL(fileURLWithPath: "/private/preboot")
        let candidateURLs = try? FileManager.default.contentsOfDirectory(at: ppURL , includingPropertiesForKeys: nil, options: [])
        for candidateURL in candidateURLs {
            if candidateURL.lastPathComponent.hasPrefix("jb-") {
                return candidateURL.path
            }
        }

        return nil
    }

lemme pull macbook out

@here gm

no I just want this to compile

it complains about candidateURLs being optional

i cant make it compile if im on mobile

like tf just don't execute the damn loop if it's not set

not how optionals work but ok

You don't have to pull your macbook out for this

Yeah but why not

I just hate Swift

L

its literally an easy language

In objc I don't have all of this bs and everything works fine

because everything in objc is optional

so real for that

as it should be, just skip everything when something is nil, what could go wrong

this but unironically

just let it crash

tbh this is part of why I like js

I fixed this with a single ! now

that'd work but its bad for production

I literally don't care though

do you want the entire func to return nil if the contents of dir fails

yea

static func locateExistingFakeRoot() -> String? {
    let ppURL = URL(fileURLWithPath: "/private/preboot")
    guard let candidateURLs = try? FileManager.default.contentsOfDirectory(at: ppURL , includingPropertiesForKeys: nil, options: []) else { return nil }
    for candidateURL in candidateURLs {
        if candidateURL.lastPathComponent.hasPrefix("jb-") {
            return candidateURL.path
        }
    }

    return nil
}```

enjoy

Yeah I had that too

guard 🙏

but it looks fucking ugly

i mean

it already did

so you might as well be safe

true

also its just inverted if statement

rf

swift be like ????!!??!?!?!

!?!?!?!

disagree

like why can I not get anything in swift done with fucking {} brackets

nvm

the chad C

int *gorn = malloc(1024);
*gorn = 30; // might be unsafe, might work, who cares

read the docs bruh, they teach this shit to 6 year olds

@naive kraken what about this

static func locateExistingFakeRoot() -> String? {
        let ppURL = URL(fileURLWithPath: "/private/preboot")
        let candidateURLs = try? FileManager.default.contentsOfDirectory(at: ppURL , includingPropertiesForKeys: nil, options: [])
        if let candidateURLs = candidateURLs {
        for candidateURL in candidateURLs {
            if candidateURL.lastPathComponent.hasPrefix("jb-") {
                return candidateURL.path
            }
        }
        }

        return nil
    }

ignore the formatting i did this in an online swift compiler

wait up

wait pp

static func locateExistingFakeRoot() -> String? {
    let ppURL = URL(fileURLWithPath: "/private/preboot")
    let candidateURLs = try? FileManager.default.contentsOfDirectory(at: ppURL , includingPropertiesForKeys: nil, options: [])
    if let candidateURLs = candidateURLs {
        for candidateURL in candidateURLs {
            if candidateURL.lastPathComponent.hasPrefix("jb-") {
                return candidateURL.path
            }
        }
    }
    
    return nil
}

formatted

formatte

french

ew

gonna kms for that

that's so cursed

if let candidateURLs = candidateURLs wtf

conditional let

i think they shortened it to if let optionalVariable {}

idk

shouldn't exist

porn gorn

whatever that is

you still deal in optionals 24/7

literally no guarantee of a value existing in objc

this works

at least I don't write two lines of code and get like 20 compiler errors in objc

yoo W i should use it more often (ive never used it once)

idk i don't use swift so

bro really cannot be serious

like it's a jailbreak it's not some military software

idfc if it crashes

end users:

dude the jailbreak is already 20x more unstable

so i dont think thats the main concern tbf

nah it will be stable af except for the wifi bug

chinese chars thing?

https://cdn.discordapp.com/attachments/1002131370400809010/1067685619066740807/F96603AB-2F1E-4AE0-9E5F-3E49157EECDC.gif

real

2023-02-09 21:59:58.820371+0000 iPod[4981:1156040] Unbalanced calls to begin/end appearance transitions for <TtGC7SwiftUI41StyleContextSplitViewNavigationControllerVS_14NoStyleContext: 0x1040dcc00>.

ipad moment

ios moment

(shit code)

disagree

i put an unmodified iphon app on ipad and mac

both suck ass

https://cdn.discordapp.com/attachments/1002131370400809010/1067685619066740807/F96603AB-2F1E-4AE0-9E5F-3E49157EECDC.gif

apples problem for claiming that you can have one codebase

then in reality you have to do hacks to fix broken shit

https://cdn.discordapp.com/attachments/1002131370400809010/1067685619066740807/F96603AB-2F1E-4AE0-9E5F-3E49157EECDC.gif

so fucking true

swiftui does not fix this

cap

help me, ipa to make transparent icons

me when I need to get the pp url

ware

sucks

PP

True

capt does suck dick

@naive kraken me and source figured out resetting icon cache without root

it is big brain

bcvbcvbcvbcvbcvbcvcvb

never going to forget this one

it is a pretty hacky solution but it works lol

Shame you’re using the worlds worst font

there's much worse

at least its not comic sans

says me as i code in comic sans

As someone who used comic sans on his phone for a week, it’s not that bad

agreed

the capital N just annoys me tho

(Then bytafont broke and didn’t revert the font correctly, so i was stuck with it in some areas of the OS for like a year)

lmfao

#jailbreak message

i got no response for this one

you should see what i use on my phone

is each letter a different type of animal

nah

android Mfs

is it jailbroken?

no its an android

no jb, but [[onesettings]] is a thing

no status bar

auto crop

too much work

oh no it's that guy who's friends with luci

Choco cooky

there's similar fonts

but that's not it

10$ for hours of RE and labor

💯

bro ain't even offering minimum wage

its pretty good

if youre in india

Min in Florida is $11

Imagine paying less than Florida

My own tweaks crashs in palera1n. What should i do for make it work

Cr4shed also not works on palera1n. I mean that app doesnt makes log

It stuck 10-15 seconds then close

Not a crash at all

They are empety.maybe about my device

Okay lemme try get log

Its not showing real issue i guess. The tweaks make app stuck for 20 seconds. And thats why it crashs (atleast this is what it says)

Maybe this would work

When i sideload the dylib to app it works.i thought its substrate issue. But when i tried without injecting cydiasubstrate it was still working

Yea but thats not the issue im looking for why its causing infinte loop

Since it doesnt launching tweak none of nslogs works. But when i sideload it all nslogs work

Ye

Ok ill try

Im using OsLogger

Since i dont have a mac

but like, idevicesyslog

lol

wym

idevicesyslog is cross platform and will let you view NSLog

oh thanks im fine with OSLogger easy to use

Swift > C > ObjC

The runtime scares me

you aren't calling a function, you're asking the runtime to find it for you and then redirect your call

what about arm64

i’d rather write arm64 assembly than C

I do like it

its just not my first choice

i'd rather write assembly over objc icl

YES

Wrong opinion

Swift 🤢

i found out how to do macdirtycow unsigned code execution

LETS FUCKING GO

@grave sparrow

At least it's not as bad as R*st

this all works in theory

No PAC/PPL?

group id 0 code execution, fully unsandboxed, with cs_debugged entitlement and permissions to debug other processes, with fork being allowed

im slaying

No it doesn’t matter

Because if it's with PAC couldn't you just do the amfid exception handler thing

sweet

Amfid doesn’t handle signing anymore

It’s only CoreTrust on iOS 16

I wrote an amfid bypass for iOS 16 already but it doesn’t rly do anything useful

And I’m not publishing because

irony of Apple putting all their trust (ha) in coretrust after we just learned it's been fundamentally broken from the start

Wtf

Slay

me when I hate things because I haven't used it

dear liberal

Slay

my c++ program is more c than ++

i am mixing vectors and NSArrays

Same 😂

i would not rather not

pass me a fork and knife

"fork and knife"

is that not how you eat meat

smh

never heard anyone say fork and knife

it's always knife and fork

my brain didn't care about the order

british

you guys say it backwards???

i just say utensils

whos saying each one

hello furries

hello

Silverware

:3

POV: i use swiftui

ok so hear me out

var fakeRootPath = locateExistingFakeRoot()
if fakeRootPath == nil {
    fakeRootPath = generateFakeRootPath()
    FileManager.default.createDirectory(atPath: fakeRootPath, withIntermediateDirectories: true)
}

locateExistingFakeRoot returns String?

generateFakeRootPath returns String

why is fucking swift complaining in the createDirectory call that fakeRootPath is optional and must be unwrapped?????

swift is statically typed

assigning a string to a string? is still string?

ik you can write to system binaries' __TEXT segments

can you write to user apps __TEXT segements

wat

like /usr/libexec/installd

is that not system binary

are you talking about MDC?

yeah

forgot to specify LMAO

since when could you modify __TEXT??

__TEXT is codesigned

wait

no

not __TEXT

yk what im talking ab

the strings section in ida

you can't modify __cstring

that's part of __TEXT

🤨

you can modify __cfstring because that's part of __DATA/__DATA_CONST

oh okay

yeah

that one

cf

not cs

so back to the orig question

can i write user apps

like appstore apps

you might end up overwriting them on disk

well do that and you'd have to backup the binary

or just reinstall the app if you have to revert

well my app to overwrite the AppStore app was crashing when I would run it

so idk what I did wrong

since I just copied RemoveThreeAppLimit code and replaced class and methods

https://github.com/facebook/zstd/releases/tag/v1.5.4 @marble perch wake up babe new zstd

1-10% faster on levels 5-12 on x64 and arm64 platforms

@ocean raptor

Package Request Baby

What did you change

oh shit

can’t say for piracy reasons

well all I did was swap the class names and the method names

this isn't guaranteed to work

patchfind_find_class_rw_t_baseMethods may need to be adjusted

hm

weird

it should work

if you look at patchfind_find_class_rw_t_baseMethods you should be able to see why it won't work for all cases

i dont get it

patchfind_find_class_rw_t_baseMethods apparently works

like it doesnt fail

i think

for my python heads here

is there any way to check if a function is being ran from a thread?

nvm

🚎

(he googled the question)

(he has evolved far beyond a whitename)

its not possible i think

but i didnt need it anyway

i was being a smooth Brain

brian

brian

does anyone know how I can block certain domains/websites using objective c or whatever (without writing anything to etc/hosts file)

there's a tweak called netfence

dunno about source code tho

well ofc none cause it's paid

it's app specific though so I'd assume it's not hard to just hook

app firewall is free but not open source afaik

The thing is I wanna do that on nonjb

yea that's not happening without modifying your IPAs

of course

no one is hooking mdnsresponder

brb about to hardcode 1.1.1.1 in my app

mdnsresponder is not a full dns resolver

It's only zeroconf

And a stub resolver

so i should be looking at nsurlsessiond?

well if it's a stub resolver then it should be the proper target for a hook

Doesn't iOS have pf

Just use that

pfd? yeah it does

but ofc, we want something that'll work jailed so urlsession? idk

What is pfd? I'm talking about pf

pfd
packet filter daemon

man

oh, that must be some darwinism

i don't know about the existence of the binaries for controlling it though

bro really said "I know what the darwin specific pfd is but not what pfctl is"

the existence in ios

i know pfctl

just because they have very similar kernels and some daemons doesn't mean apple will just leave the binary there

we had to build launchctl lol

Is there anyone who learned brainfuck ?

@grave sparrow only knows about the literal brain fuck i give him

Lmao 😂

True chad ngl

yes

its simple

it looks worse than it really is

Ive never used it but I looked at it and it looked really obvious and simple

@tepid olive is there a tutorial about properly porting fonts to ios?

mainly ios 15-16

using what

snowboard?

also I'm pretty sure you think evelyne is the themer and she is not

i am not

i make the thing that injects your theme engine

mdc

fontoverwrite

wait is it a different evelyn?

yes

maybe idk

I assume you thought she was the designer

oops

whoever is credited in fontoverwrite

i think every old navy has a card reader thats messed up like that lmfao

that would depend on who you credited

mine isn't

also shout-out old navy

ur just trying to be different....

cause you broke

Wtf

true but wtf

ive been staring at this function for the entire day and i dont see it

bro it says baseMethods

i dont get it

i thought baseMethods just got the offset for the first method

like it gets me an offset

idk whats the issue

is that offset in __objc_classname?

can i check that programatically

or do i have to compare to the macho in ida

both are easy

how do i do it programmatically

Is anyone aware of an explanation/breakdown of MacDirtyCow (blog post/writeup or video or something)? LiveOverflow gives a good explanation of the exploit on a general level, but I'm curious how it's being used in the iOS environment.

look at the segment and section commands and look at the start and size of each section

it's pretty boilerplate

too complex for me

https://bugs.chromium.org/p/project-zero/issues/detail?id=2360
this is nowhere near simplified lol

then use IDA

too expensive for me 🧌

then why tf did you posit that as an option

i genuinlly dont know how to do this

use ghidra, or machoview, or machoexplorer, or whatever

im normal, i have it cracked

so you do have IDA...

yyeah i was joking

better than nothin, thanks

then go check

Would anyone be willing to create a very simple dylib file that just writes to a specified path in/var? I'm trying to debug an issue I am having (need to see if installd can write to a path or not (opainject)).

I don't know ObjC/own a Mac so I wouldn't be able to easily do this
I’ll just set up an ObjC env in WSL and get ChatGPT to write the code lmao

Feb 11 23:31:10 eyePhone Sandbox[627] <Notice>: [test] The offset 498744 is in the __PAGEZERO segment
that cant be right

100% off discount code

hi there i have a question. I have iPhone 7 plus after i made palera1n jailbreak, when i use my phone or playing game on its temperature increase and after that Wi-Fi just close and I can't open it so i have to shut it down and open it again or the phone keep respring until the Wi-Fi back again so, please any notes about that thanks.

https://tenor.com/view/dead-by-daylight-gif-20969766

I'm not there yet

nah they're pretty ok

setgid in jailbreakd

then patch launchd to not do kill(-1)

that thing

sid

idk

since iOS 15 launchd does kill(-1) before execve

kill everything

with SIGKILL

except for launchd itself

do you not have injection into launchd

?

I doubt there is any other way

enumerate all procs and send SIGKILL to them except when the process is jailbreakd

injection into launchd already completed?

bro performance???

like what?? 3ms more?

3ms would be a ton in kernel time

(and yes launchd isn’t the kernel but it’s used almost as much as it)

I don't see how a 3ms longer userspace reboot is going to make a difference lol

@grave sparrow if you managed to make jailbreakd survive a userspace reboot, how would you reconnect to it after the new launchd is up?

like is XPC this smart?

he already did that

with cursed mach port stuff i think

xpc doesn’t work immediately

that doesn't matter too much

if xpc works again and you use it, will it connect to the existing jailbreakd or spawn a new one

that's what I mean

good question

when we have kcall handoff we can handoff from launchd anyway

I guess so

@ocean raptor Taurine 14.3, what happened

Can you run vtool -show /bin/launchctl

its someone in my server, bear with]

Ok

cNpp2S5

if you want to ask him there

i dont think hes here

what package is vtool a part of?

I'm glad I finally got an error for this openssh issue that I've gotten emails about

its probably because it was built for ios 16

cameron, proposal

when i finish aemulo trollstore support

could i put aemulocli on procursus

so you can do things like read, write and emulate from cli

That is not my launchctl

!!!

what!

The launchctl on the iOS 14 repo is built correctly and does not link os_log_simple

Tell him to reinstall launchctl

cameron in test/usr/bin at build 
➜ vtool -show launchctl
launchctl:
Load command 11
      cmd LC_BUILD_VERSION
  cmdsize 32
 platform IOS
    minos 14.0
      sdk 16.2
   ntools 1
     tool LD
  version 820.1
Load command 12
      cmd LC_SOURCE_VERSION
  cmdsize 16
  version 0.0

cameron in test/usr/bin at build 
➜ nm launchctl | grep "os_log"

cameron in test/usr/bin at build 
➜ 

404

???

https://apt.procurs.us/pool/main/iphoneos-arm64/1700/launchctl/launchctl_1%3A1.0.1_iphoneos-arm.deb

It's right there

urlencode

someone solve this for me

my level of math doesnt allow me to solve the summation

pretty sure this is the Riemann hypothesis 😶

Would help if it was a higher res lmao

true

🍎 🍊 🍪 🍺 🍕 🍔 🍇 🌭 🍒 🍉

those are all the emojis

Over 99.999% of people
CAN'T solve this!!
🇵 🟰 🇳 🇵

🇴

🇵🇴🇳🇵 🇭🇺🇧

forn

forn gorn

hmm good idea

how do i hecking get a file picker working on esign

ive tried the swiftui one and like 3 other libraries that are supposed to do it

@grave sparrow would you like to do one of these?

bsexec and asuser too

why not

based

and lazy ass pilled

how do i find the folder of an app in /var/mobile/Containers/Data/Applications?

its a system app so i cant just get its uuid

Why do I care? I'm telling you to do it

runtime? no idea. trying to dump assets? use filza bc it knows how

and shows the name

is there something like that for swift?

ae

don't care plus ratio

its just for 1 folder of 1 app i dont need that much

do i need a certain framework?

says FSBApplicationLibrary deosnt exist

its an xcode app

LSApplicationWorkspace works but that doesnt

based capt actually helping in dev

i wrote a crappy function to check the metadata plist for the bundle id but that is hecking slow

alr

rare

uncommon

no shot this is a thing

ive just done a for loop

😭

😭

https://cdn.discordapp.com/attachments/1007123646558523432/1074501369668583434/Disrespect.mp4

say hello to luz preferences

im BACK baby

its a little messed up

cuz i named the module funny

🚎

there we are

wtf

hello

@next wadi please make luz by default use json preferences

xml is inferior

ok

i will

or make an argument to toggle it or something

just make it encouraged

no i have different template types

for tools and tweaks i have objc, swift, c, asm, and objcpp ones

so for prefs i'll make one for xml and json

is there an iphonedevwiki page or something for a json pref plist @indigo peak

luz rootless is so good

https://github.com/LuzProject/luz/tree/main/luz/luzgen/templates

i have a folder of templates with tar files for the different source types

and luzgen decompresses whichever one you choose

its kinda based actually

i need to fix the tool swift one

its a lil broken

when i add prefs to luzgen i'll make xml and json templates

can I overwrite a main.jsbundle using dirtycow without fucking the code signature

yes

most likely

fekeroot died why

dyld[7190]: terminating because inserted dylib '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' could not be loaded: tried: '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' (no such file), '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot-0.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot-0.dylib' (no such file), '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot-0.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need ''))
dyld[7190]: tried: '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' (no such file), '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot-0.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot-0.dylib' (no such file), '/opt/homebrew/Cellar/fakeroot/1.30.1/lib/libfakeroot-0.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need ''))
/opt/homebrew/bin/fakeroot: line 178:  7190 Abort trap: 6           FAKEROOTKEY=$FAKEROOTKEY DYLD_INSERT_LIBRARIES="$FAKEROOT_LIB" "$@"
/opt/homebrew/bin/fakeroot: line 180:  7191 Abort trap: 6           exit $RESULT

it worked until yesterday, then suddenly died.

What are you trying to inject into?

Cause SIP+arm64e makes it pretty useless

oh i disabled sip

yeah, it was caused by sip

How to jailbreak iOS 16.3.1

@ocean raptor Hey, excuse me for pinging you, I have a question about reboot.c from https://github.com/ProcursusTeam/launchctl/blob/main/reboot.c.

From what library / framework is symbol reboot3 taken from?

libSystem

have it opened in ghidra, can't find it there - maybe I missed

thanks

technically it's in libxpc I guess

but libxpc is reexported by libsystem

ah ok

thanks for the quick answer

does apple strip entitlements that dont exist

like if i put

<true/>```
in entitlements.plist, will that entitlment get stripped?

it just ignores it

so will the binary be signed with that entitlement

no right

@naive kraken would you happen to know off the top of your head what entitlement is required to run sandbox_extension_issue_iokit_user_client_class

none

every process can generate extensions for everything it can access

so would i have to find which processes can access AppleStockholmControlUserClient

yea

how tf would i do that lmao

im assuming nfcd would have access to it

because of this

Nfcd

com.apple.nfcd.hwmanager is the xpc server for it

now just tryna get nfcd to call sandbox_extension_issue_iokit_user_client_class 😄

does anyone know why theos needs fakeroot

ask the kirb

set perms for archive

oh Luz doesnt need that L

like what is luz

like where did the name come from

how would i strip metadata programmatically?

that is an incredibly vague question

and i thought asked vague questions

trying to strip unneeded metadata of an image in order to lower the file size

i think its also related to the white edge issue for super compressed apps like youtube

import UIKit

// Original image data
let imageData = UIImageJPEGRepresentation(UIImage(named: "example.jpg")!, 1.0)

// Create a new data object without metadata
guard let image = CGImageSourceCreateWithData(imageData as CFData, nil) else {
    return
}
let options = [kCGImageSourceShouldCache: false] as CFDictionary
guard let strippedImage = CGImageSourceCreateThumbnailAtIndex(image, 0, options) else {
    return
}
let strippedImageData = UIImageJPEGRepresentation(UIImage(cgImage: strippedImage), 1.0)

according to chatgpt lmaoo

chatgpt has never been right for coding for anything ive tried

its really good at explaing code, minus a few odd examples I found

Light in Spanish

i called it that because it brings "light" to development

im so poetic

thats why it has that desc on gh

https://github.com/LuzProject

"brightening"

i thought bc its meant to be lightweight

well i think thats a different word

idk

im not sure

thats true too though

it is lightweight

in

How do I sign an .ipa with enterprise .p12 certificate and .mobileprovision?

zsign

easy

https://github.com/zhlynn/zsign

iOS App Signer doesn't seem to work with these settings

uh

will try

are there bins?