#development

not on asahi

No

Use kabirs

He has scripts to make it

If he doesn't have arm already

https://github.com/kabiroberai/darwin-tools-linux/releases/tag/v2.2.1

Arm is there

uh technically its not arm but armv8 or arm64

Use that+toolchain from swift.org

arm refers to a family of 32 bit processors

🤓

capt explaining why armv8 is nectar of the gods yet armv7 sucks

it’d be better to use my full toolchain fwiw since otherwise you’d need the res dir from xcode https://github.com/kabiroberai/swift-toolchain-linux/releases/tag/v2.2.2

just keep in mind that this toolchain requires the orion branch of Theos

thank you iterm

i resized my terminal

bro im dumb as shit today oh my god

Didn't know you had a full one lol

Anyways, when will I be able to resign supercharge with supercharge

eta son

🫃

would i perhaps maybe have your permission to use this as the toolchain for linux devices for Luz?

it would download it and untar it with the install script

the more the merrier

ty

just keep in mind that there’s some extra configuration required

use iphone/bin/swiftc and pass -resource-dir iphone/lib/swift

also avoid using swiftc -frontend, you should always use the driver instead and pass all Swift files at once (use an output-file-map for inputs and outputs). Feel free to use instance/rules.mk and swift-support as inspiration.

anyone know how to grow a apfs dmg in the terminal on macos

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

@grave sparrow

32 bit arm is fr dog though

🧢

boobs

uhh... stop sexualizing women?

its 2023?

ncam

ncam

i’m laughing so hard i cant anymore

the kernel panic one gets me

What you are referring to as "arm" is actually arm + v8, or as I have taken to calling it, arm64

aarch64

SILVERVALE

vtuber

ok but if that doesn't work just use like qemu or parallels or whatever you use on macos to just make a AMD64 Linux vm. It doesn't need many resources, a GUI is not even needed

@cloud yacht @marble perch

what do yall think of this

this is a way more linux friendly approach imo

Yeah but also maybe an env barivlr for additional places to look

So we can tell it to look in theos's sdk's, etc

\e[D is the left arrow key

that'll come with global config

Don’t they check the return value of a script (postinst?) to do nothing, respring or reboot?
(It wasn’t clear in the chat at that moment if that was explained)

that’s more a cydia thing

Oof

Hi guys, how do i fake a http response to a request made by an iOS app. So the scenario is that i have an app that http GETs a json file from game server, but i want to redirect that request to my own custom server(and hence replace the json file). So far i've tried using a proxy server(squid)+squidwall redirect, it does redirect http requests made in ios browsers, but still not from within the app for some reason. Any ideas?

is there a jailbreak app that does this?

Does ellekit work on x86_64? @tepid olive?

Hi when I try to install frida I get the following error:
Symbol not found: _objc_claimAutoreleasedReturnValue
Referenced from: /usr/bin/launchctl
Expected in: /usr/lib/libobjc.A.dylib

Anyone had the similar issue ?

Ah yes

Fixed:
-Install Frida via #Sileo

• SSH into the device
• Run frida-server

it's just trying to run launchctl load, question is why is it broken lol

What iOS version?

not c hooks

the rest yes

https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/issues/123

epic, thank you for your work 🫡

that's what i thought, too, but apparently not

Sooooo

Everyone replying now but not two days ago?

1. They install a dpkg trigger for /usr/lib/TweakInject (or whatever substrate uses) and if a file in there is modified, then it will respring
2. They pass another file descriptor to all maint scripts under the variable $CYDIA that you can send custom strings to for different actions

I didn't see it till now

finish:return - nothing
finish:reopen - reopen cydia/zebra/sileo
finish:restart - respring
finish:reload - sbreload
finish:reboot - ldrestart(?)

So in your postinst/preinst/postrm/prerm run echo "finish:restart > &$CYDIA

@lime pivot you should document this on apple wiki

total cydia moment

need finish:userspacereboot

Nah, sileo and zebra need to decide to do a userspace reboot in finish:reboot if the jailbreak supports it

but how do you check that consistently

Idk, that's why it's sileo's job not uikittools'

real

https://theapplewiki.com/wiki/Dev:Packaging#Telling_Cydia_to_respring/reboot_etc._after_install 😉

does that work in dash

Remove the function and the array and it should

Nice

On another note: I will never forgive saurik for making extrainst_

i dare you to remove the patch

I want to

I don't understand the point of this line @lime pivot

# Cydia control fd version != 1: bail out
[[ ${cydia[1]} -eq 1 ]] || return

cydia2 confirmed

https://github.com/CRKatri/cydia-1/blob/proper/MobileCydia.mm#L3566

#!/bin/sh
## Acceptable parameters for finish
# return - normal behaviour (return to cydia)
# reopen - exit cydia
# restart - reload springboard
# reload - reload springboard
# reboot - reboot device
##
# Historically, 'restart' restarted springboard but did not reload the launchdaemon.
# (reload was used for this purpose.) Now, restart and reload are equivalent.
finish() {
    f="${1}"

    # No control fd: bail out
    [ "${f}" = "" ] ||  [ "${CYDIA}" = "" ] && return
    
    fd="$(echo "${CYDIA}" | cut -d' ' -f1)"
    ver="$(echo "${CYDIA}" | cut -d' ' -f2)"

    # Cydia control fd version != 1: bail out
    [ "${ver}" -ge 1 ] || return

    echo "finish:${f}" >&"${fd}"
}

@restive ether @lime pivot POSIX shell version

how to trim newlines in only 350 lines of posix sh [easy]

@tepid olive hey know what this is? (im trying to do a C Hook)

oh my this discord update is awful

how do i make a grid with user-resizable/reorganizable elements?

google and chatgpt dont even know how to do it

sudo log config --mode "private_data:on"

i think that’s it

there’s a profile as well

you need to unredact logs

#include <sys/uio.h> /* writev */

#include <stdlib.h> /* getenv, strtol */
#include <string.h> /* strlen */

int
cydiafinish(char *action)
{
    int fd, ver, err;
    fd = ver = err = 0;
    char *endptr = NULL;
    const char *cydia = NULL;

    int iovcnt = 2;
    struct iovec iov[2];

    if ((cydia = getenv("CYDIA")) == NULL)
        return 1;

    fd = strtol(cydia, &endptr, 0);
    if (endptr == cydia)
        return 2;

    ver = strtol(endptr, NULL, 0);
    if (ver < 1)
        return 3;

    iov[0].iov_base = "finish:";
    iov[0].iov_len = 7;
    iov[1].iov_base = action;
    iov[1].iov_len = strlen(action);
    err = writev(fd, iov, iovcnt);
    if (err == -1)
        return 4;

    return 0;
}

C version

@lime pivot add these to your wiki

invalid mode

where do i locate that?

https://superuser.com/questions/1532031/how-to-show-private-data-in-macos-unified-log

it’s in the replies

thanks

it’s everyone’s wiki bro

add it yourself

ok saurik

iPhone wiki all over again smh

our wiki

weird lookin dog

live Oreo reaction:

live oreo reaction

live Oreo reaction:

I don't have an account

Also, add a note on the rootless page that locales don't work

you can have one!

No thanks

I'm fine just asking you to make changes for me

@marble perch @timid furnace @cloud yacht can i have some opinions please

if you wanna do it that way copy pyinstaller

this is a valid point, but at the same time for most purposes LuzGen will handle the build files

besides, its meant to be totally portable without having to change the build file at all

use a csv file for configs

basically just have people make an instance of your Meta class in your config file and just import it

thats what the c stands for

oh ok true

i'll try this

idk if pyinstaller hardcodes the variable names or if it does some shenanigans with importing those specific classes but that's up to you

i think it stands for cunt

cock

you stand for cunt

oh

fr

@primal perch

search zelda

in tenor gifs

lmfao

least horny tenor user

fr

james cabello

i dont think i wanna do any more research than this

whats that

from luz.parser import Control, Meta, Module

meta = Meta()

control = Control(
    id="com.jaidan.trolleytool",
    name="TrolleyTool",
    version="1.0.0",
    maintainer="Jaidan",
    architecture="iphoneos-arm64",
)

modules = [
    Module(files="Sources/Tool.m"),
]```

rate

@timid furnace @marble perch

W

true!

@marble perch stupid question maybe but a Control doesnt need to have Name does it? i feel like i remember that it can do fine with just Package

like obviously Name is recommended

but is it needed

it does already

ok gotcha

u too

I don't really like writing Python, but this seems manageable

definitely easier than Makefile i think

shit wrong chat

True. If it's autogenerated for the most part, that's good too

Just make sure if meta/control/modules are hardcoded names that you note that down somewhere

Otherwise great

@next wadi how about md5sums

that can be arranged

Are thoes applicable for the deb file or just the Packages file?

Version: 1.0.0
Maintainer: Jaidan
Author: Jaidan
Architecture: iphoneos-arm64
Essential: no```

LFG baby i got that DAWG in me

wdym

Like the sums

OHH i thought you meant theos

troll

i have No Idea!

in my system, just the Packages has the sums

btw if you couldnt tell this is gonna speed up build time

like a lot

So theos doesn't add them

Thats cool I still can't build whatsoever

you need installed-size

i know

thats added after compilation

Essential: yes

Why does theos use a package's name instead of bundle id for the dylib file name? Everything else seems to use bundle id's, and this method seems like a great way to create conflicts.

can someone link 15.6 rc

that convention predates Theos, you're of course free to change the binary names to whatever you want

wtf

ipsw beta is blocked?

like ik you’re trolling me a bit but like also in the time it took to text me the code you could have added it to the page

I’ll update it when I’m back home if you haven’t beat me to it

I'll add it tomorrow

ok ty

I wasn't at my computer when I sent those messages

im having a stroke trying to figure out fonts

The super.init call usually goes first

Hi, there is a ios game that makes http requests to a server, i could catch it using wireshark(wired connected to the ipad), but i've tried several proxies such as mitmproxy, proxyman but couldn't catch this http request? any ideas

in additional, i'm not even sure if that was actually a 'http request' in the general sense

Maybe use charles?

@glacial matrix @marble perch @cloud yacht LFG

config used to build:

from luz.config import Control, Meta, Module

control = Control(
    architecture="all",
    maintainer="Jaidan",
    description="Modern fetch utility. Made with Swift.",
    id="com.jaidan.info",
    name="Info",
    version="1.0.0"
)

meta = Meta(
    rootless=False,
    platform="macosx",
    archs=["arm64"]
)

modules = [
    Module(
        name="dinfo",
        type="tool",
        files=[
            "Sources/*.swift",
            "Sources/modules/*.swift",
        ],
        frameworks=[
            "Foundation",
            "CoreFoundation"
        ],
        install_dir="/usr/local/bin"
    )
]

W

make sure you open source these test projects

trol

true

i will

how build rust

wtf

now get m2

rn

nice!

why is importingFontURL still nil when i show the sheet even though i change it to the url?

why is importingFontURL still nil when i show the sheet even though i change it to the url?

initWithEnableFan:enableAirConditioner:enableClimateControl:enableAutoMode:airCirculationMode:fanSpeedIndex:fanSpeedPercentage:relativeFanSpeedSetting:temperature:relativeTemperatureSetting:climateZone:

you're supposed to use snake case

fun fact: up until about a week ago

luz used a mismatch of camel case and snake case in its code

hello furries

how

cuz im dumb

🚎

tell me you’re using the driver and not the frontend pls

Hey I've got this for my switch toggle code and when you click the switch it print on successfully, but I would like it to use a conditional statement so it has different outputs depending on the switches state, how would I do this?

@zenith hatch

gm

why is his code indents bad

ctrl i that shit

use an if statement in the viewbuilder if you want to change your ui entirely or change your sf symbol with ternary conditionals or whatever the fuck its called

ill give 2 examples hold up

does that auto format?

auto indents

@fathom snow

struct cock: View {
    @State var toggle: Bool = false
    
    var body: some View {
        Form {
            Toggle(isOn: $toggle) {
                Text("Gay Porn")
            }
            
            Section("changing ui entirely") {
                if toggle {
                    let url = URL(string: "https://cdn.discordapp.com/emojis/1003207290574348428.gif?size=240&quality=lossless")!
                    AsyncImage(url: url) {
                        $0
                            .resizable()
                            .aspectRatio(contentMode: .fit)
                            
                    } placeholder: {
                        ProgressView()
                    }
                } else {
                    Text("Feel that? That's true...")
                }
            }
            
            Section("ternary operator or something") {
                Text(toggle ? "gn" : "gm")
            }
        }
    }
}```

that’s by far the best example you could’ve given

yw

fr

GORN

GAY PORN

true

You can go on with “pop corn” and “pop country born”

gorn

pop gorn

new register naming convention

ayo

torn, horn, worn

i just tried to make a repo for themes and whenever i try to add it to sileo no packages appear inside of it

are there any common mistakes people make?

copy this one https://github.com/Sileo/repo

Copy the overly complex and very weirdly configured apt.procurs.us

so true…

Why do we have 3 config files per dist? I have no idea

ask the man himself

I could

But on the other hand I used to know I just forgot, if I looked at it again I would be able to figure it out

once I copy this do I just change some config files and swap the old .debs for my own?

where do you guys learn how to do all of this?

is it just something that makes sense once you learn certain skills?

we just read

https://wiki.debian.org/DebianRepository/Format

Thank you

yw

Shut your dyslexic nerd ass up

agreed

Why

That's rude af

@restive ether https://www.youtube.com/watch?v=Q3gy8A0jY10

bro you’re supposed to be the expert at packaging and hosting repos here

I'm gonna let Julian keep that honor

He deserves it

true

FR

@gentle grove

Tbh I attempted to figure out how procursus's layout works and even I don't know how package managers find the Packages file

https://wiki.debian.org/DebianRepository/Format

Yeah but how would sileo of whatever find out what those values are just from the url?

From the sources file

It's literally talked about at the top of that page

Yeah but In package manager I just give the url, not any of the other stuff. How does the package manager infer the stuff to add to the sources file?

Because those are flat sources

So it just assumes ./ as the dist

what are you saying? i don’t speak canadian

if you mean sileo, i'm quite sure it has a feature to just autocomplete the dist for procursus

other repos tend to be a single dist where Packages is just at root

Oh that makes sense. Thanks

me with swift probably

this feels like it's supposed to be about twitter

fr

you with #include

I'm gonna PR a change to llvm to fix it

so only c and c++?

https://tenor.com/view/hello-gif-25351382

Is asm really a derivative of c

is

this dude

did you figure this out

i’m jealous of developers who try things thinking they might work on ios

nothing ever works at least i know that

ffs i don't even have perms to recreate the folder

rip

do you mean that the other way round

capt was saying it was

Why are you the way you are

capt moment

WHO HAS A BACKUP OF APT.PROCURS.US!

@native dune stop you procursus update cronjob

I NEED TO PULL FILES

@native dune PLEASE

I'll try hold on

@ocean raptor ok I stopped it

was it too late

THANK YOU

nope

THANK YOU SO MUCH

np

accidentally deleted 355 debs

how does that happen 😭😭

I pressed enter instead of tab

oh

when trying to tab complete to rm -r pool/main/big_sur/ to rm -r pool/main/big_sur/gzip

one time I hit ; instead of /

(it did not go well)

thank you so much

I'll let you know when I finish downloading the debs

I gotta figure out why my backup isn't working

I have a backup set to run and take a zfs snapshot everytime there is an update on my NAS

but it hasn't updated since december

lmao

maybe a system update broke it

it's freenas

an old version of freenas

I haven't bothered to update it

@native dune ok, you can resume your mirror, I was able to restore all the files

thank you so much

no problem

little do you know nebula embedded nebuvirus in all of the debs

nope

how far did you get

i can share my knowledge of researching it

you have to look into processes that have both executable stored on system and don't have a container

because I did find one process, I could remove specified folders owned by root, but only in its own container

arbitrary folders?

yea

hm

don't have a container
isn't this basically just most daemons

pretty much

i'm confused then

doesn't that give you tons of options to choose from

unless if i'm misunderstanding the first criteria

not a whole lot

the daemon i found was locationd, inside /usr/libexec/

but as I described above it has limitations

how did you go about deleting arbitrary dirs

was there just a function that deleted a hardcoded directory and you replaced the path?

yes

exactly that

oh

i thought it would be something more complex, rip

there are better ways to do this

?

would also like to know how

ok

os_variant_has_internal_diagnostics("com.apple.siri.actions")

is there a way to fake that you have an internal build of voice shortcuts

with macdirtycow

idk anything about os_* functions

yes

there is a lot of code that helps you do that online

certified hood classic

ok how

where

WDBRemoveThreeAppLimit

guys im developing and app and in my app i have NSTask that is running a command in bash [task setLaunchPath:@"/bin/sh"]; ONLY in taurine its crashing, saying "launch path inaccessible" does someone know wtf is going on?

You should check and make sure that path exists and is accessible within the application, it appears it’s not. You should also ask yourself if what you are doing by running a bash script can be accomplished by calling the relevant apis programmatically

no, cannot be accomplished. why the hell its accessible in palera1n and unc0ver, but taurine is giving me shit?

running the command manually via ssh of course works, so nothing wrong with the command itself

maybe theres a sandbox fix for taurine? never touched this jailbreak in my life

probably sandbox stuff

which stuff, i cant think of anything, the app is installed and runnig, once its trying to run the command its crashing with the error above

idk what you’re running this for but /bin/sh isn’t bash on taurine either

tried what ever you cant imagine
/usr/bin/dash
/usr/bin/bash
/usr/bash
nothing

all of these bins exists in the bin directory, and run just fine via ssh

just not from my app

every single fucking time need to deal with stuff from taurine

what a shit tool

i don’t think ensuring you can’t arbitrarily launch things from an app makes it bad..

that’s just respecting sandboxing

that’s a you issue bro

add entitlements

taurine actually tightens the sandbox properly

u0 running on easy mode

well easy mode sounds the right mode for jailbreak

as always

no it doesn’t

easy mode is how you like to develop

insane mentality

learn to do it right ig

anyways i got the right entitlements and now its working

see it’s not that hard

i hate those differences between tools

no standards, its a mad whore house

what will be the best way to run uicache in all jailbreak tools after installation in my postinst @tepid olive ?

this is different between them all as well

no there isn’t

then what is it?

either -a or -p

-p will be faster on both

-a will be faster in just taurine

"uicache -p requires an argument" -- unc0ver

you need to specify path

not in taurine

dog -p literally means path

wait it also says that on taurine my bad

what about xina? it will be the same there?

i don’t think you should need to even specify uicache in a postinst but i don’t know how cydia works

sileo and zebra shouldn’t need it

that broken ass jailbreak? i’m not even sure uicache works

it probably doesn’t

unless he replaced the binary with his own, because it’s all broken

Just fyi there is in fact an api to call this without bash.

ideally your package manager would auto trigger uicache

^

yeah cydia does not afaik

no idea if cydia has interest triggers though

it might

It does

they probably don’t work in rootless

the trigger sure
dunno about actually calling the right binary for said trigger

i don’t know if those were ever prefixed in sileo or zebra

wouldn't the right thing to do is resolve and search $PATH when dealing with binaries

cause there's zero reason for that to not be set

i mean yea certain things are expected in /bin /usr/bin with a prefix if there
but i'd expect someone to mess that up somewhere

/fin

checkm8 weirdos could just run from a binpack or something

lol

i actually did encounter someone who was avoiding bootstrapping at all costs due to jb detection

shouldn’t be an issue at the moment on rootless

hooks are a bigger issue overall

yes, but there will still be someone dumb enough to nuke sandbox

u0 jailbreak type beat

checkra1n moment

sandbox nuke before boot

amazing

thankfully u0 rootless will never exist

that’s what they want you to think

a jailbreak worse than xina

i bet u0 would actually have a working fork()

well yeah, i'd see them needing to use it

you would think it’s necessary

but history has proven some think otherwise

let's not talk about setuid

rest in piss

and wait, where's my kern r/w

oh it died on 14.6

it’s ok we have posix spawn dog

everyone loves posix spawn

gotta be my favorite syscall

i mean, the only major use is nonce and static app decrypt but nonce is pretty important

@unkempt raft @wind ravine um

why can't you just rebuild icon cache normally???

because mdc cant access it

its owned by root

mf you don't even need MDC

It’s a private api

no

wdym

not like we can trust (certain) jb devs with kernel memory anyway. they exploit it successfully but at the cost of panics

ignore the naming this was originally xpc sample code from google
also it's objective c because i have no clue how to work around the unavailability attribute in swift

    NSXPCInterface *myCookieInterface =
        [NSXPCInterface interfaceWithProtocol:
            @protocol(ISIconCacheServiceProtocol)];
    
    NSXPCConnection* myConnection = [NSXPCConnection alloc];
    id result = [(id) myConnection initWithMachServiceName:@"com.apple.iconservices" options:0];
    NSLog(@"Connection: %@", myConnection);
    NSLog(@"Result: %@", result);

    myConnection.remoteObjectInterface = myCookieInterface;
    [myConnection resume];
    [[myConnection remoteObjectProxy] clearCachedItemsForBundeID:nil reply:^(bool a, NSError* b){
        NSLog(@"Successfully responded (%d, %@)", a, b ? b : @"(null)");
        
    }];

Can you access xpc services from sandbox though?

And connect to them

And send messages

this works without MDC

Real

this is an accessible XPC service

https://gist.github.com/zhuowei/371d43b3e33f025f8db25390addf41a8

Thanks

nice the stocks app died

@unkempt raft let me know if you need help implementing this, but please do this instead of messing with SystemVersion.plist

Yeah I’m pretty sure I’ll get it working, easy stuff

I just had no idea you could connect to xpc services and do such stuff on stock iOS lol

Thanks again

ellekits nice

uh

i found that myself lol

btw u know the function that triggers the display of expose

or anyone..

✅

@grave sparrow how could i find all the swift classes in a process?

searching through these dumped headers is.. a pain

alright just asking because i saw https://github.com/jslegendre/JSRollCall but it doesnt work on arm

(would be cool if something like this was in ellekit, not sure how possible it is)

thats interesting, flex has a mac version?

ah

This is a question for tweak devs, how did you learn how to make tweaks and what docs did you use?

phew uh

looking at others code helped alot, as far as docs apple

Like swift docs?

apple's usually suffice for what your trying to do

Do you have a link?

https://developer.apple.com/search/

you can search for lots of classes and functions etc here

for tweak dev, i read theos docs

yup cant forget this!

welp looks like im in for a long night disassembling the dock binary..

yup i found that out a longgg time ago

dear god

wait

you said hopper or IDA?

no

i wanna use IDA but uh

😄

does IDA even run on the M1

what version do you have

this is why you use binja

ooh. that looks nice.

i mean

if you're reversing macOS binaries, you could just use IDA Free

Stfu

Ghidra is great

binary ninja feels pretty good

and its not junk this time!

wait.. maybe it is

fr

binja is pretty solid and growing fast

i didn’t

cool!!

hmm, seems like im saved from dealing with swift garbage for now

chad

real and true

welp back to dealing with apples swift garbage + finding functions

can you refer me to some trustworthy places?

adobe zii

ida for windows?

I got you

Would %hookf work on an x86_64 simulator or would I need to manually hook the c function for xcode simulator

fr

https://hex-rays.com/

uh i may need to dm shepgoba too

/j

how to make unzip not ignore umask?

what are you trying to do

I gave all the information

clearly you aren't intelligent enough

guess you don't need my help then

figure it out yourself

just trolling

--respect-umask

-k

-K

[AtheOS, BeOS, Unix only] retain SUID/SGID/Tacky file attributes. Without this flag, these attribute bits are cleared for security reasons. 

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314832

doesn't work

Apple made a typo - clearCachedItemsForBundeID

yup

hm, I tried using your code but in Swift, it shows this message, but no syslogs from iconservicesd appear.

func rebuildIconCache() {
    let myCookieInterface = NSXPCInterface(with: ISIconCacheServiceProtocol.self)

    let myConnection = Dynamic.NSXPCConnection(machServiceName: "com.apple.iconservices", options: []).asObject as! NSXPCConnection
    print("Connection: \(myConnection)")
    myConnection.remoteObjectInterface = myCookieInterface
    myConnection.resume()

    (myConnection.remoteObjectProxy as AnyObject).clearCachedItems(forBundeID: "com.apple.MobileSMS") { (a, b) in
        print("Successfully responded (\(a), \(b ?? "(null)"))")
    }
}

i suppose null here isn't supposed to appear, right?

but no syslogs from iconservicesd appear

enable debug logs in console

that's the NSError* object

no error

ah that's why

how did you get the NSXPCConnection(machServiceName:) unavailable message to fuck off

out of curiosity

Dynamic.

it's a swift library for accessing private apis

works wonderfully and has rich api

interesting

it basically creates a Dynamic instance, and then you can use .asObject, .asDouble, asAnyObject etc to convert it back to your type

together with type casting of course

.asObject as! NSXPCConnection

Mid.

better than objc

Just use performSelector

it's clunky

and takes a lot of space

in source code

Just like u

.

i just casted to id

wish i knew about this

stack overflow told me to cast to id or use objc_msgSend

dynamic is just cursed imo

nope still don't show

nvm

it does

congratulations

you are no longer going to brick devices

i hope so

@timid furnace if I want to call this method a couple hundreds of times, can I reuse the connection?

or do I have to create it every single time

you can reuse it

thanks!

for any further XPC questions you should ping capt

lmao

ok

hey guys,
palera1n app development issue -
i developed an app that runs some bash commands (no other way to do this)
problem is - once its trying to run the bash command the app is crashing with error "couldnt posix_spawn: error 1" so i was thinking those was just the entitlements.
but once i add the entitlement file and recompile, the app is crashing from start even without any command making it crash (no crash log in this case)
my question is - what can i do to fix this? should i resign it with ldid or smth?

NOTE - it crashes only on palera1n. taurine / unc0ver runs just fine

appreciate the help

(no crash log in this case)

there's nothing in analytics?

• what are you using to sign your app?

on what ios?

and what version

15.1

is it rootless or rootful

Semi tethered is rootless?

no semi untether is rootless

then rootless

Sorry rootful

how did you sign it?

I did not sign it, I used the theos template to compile into deb and install

did you sign it with com.apple.private.persona-mgmt

i think that’s the one you’re looking for

By sign it with that you mean add that to my entitlements file?

yeah

Trying

you mean like that, yeah?

    <true/>```

still crashing

thats my entitlement file:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>com.0xkuj.ipr</string>
    <key>com.apple.private.persona-mgmt</key>
    <true/>
</dict>
</plist>```

add ```plist
<key>platform-application</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>

oh i didn’t realize you didn’t sign with basically anything as is

still crashing

i did, i took entitlements from trollstore github hoping that will fix it..
it fixed taurin, but palera1n is still a fail

that’s a lot of entitlements to give an app

its a testing stage, i wont release it that way, just trying to make it work at first

hm

on all jailbreaks

theos

run ldid --version

if it’s not procursus ldid it definitely won’t work

where?

its probably not..

oh it doesn't have a version flag

just run ldid in a terminal

and see what version it is

you mean on my compiling tweaks terminal?

sure? i mean unless if you have PATH overrides it shouldn't matter

no just ldid

there’s no version flag?

not sure i follow you guys.. i run this on my terminal

Command 'ldid' not found, did you mean:

  command 'lid' from deb id-utils (4.6+git20120811-4ubuntu2)
  command 'ldd' from deb libc-bin (2.31-0ubuntu9.2)

Try: sudo apt install <deb name>```

where i am running "make package install"

thats basically WSL if that matters

and this does not exists in my theos folder $THEOS/bin/ldid

so im guessing.. i need to download ldid?

if there’s no ldid then i don’t see how they’d be getting signed at all

no idea, thats the first app ever i developed via theos

i just hit make package install and it installs the app on my device

@timid furnace your method doesn't seem to work on my other 2 test devices, which are both on ios 16
only worked on 15.4 to this moment

(not through TS, regular sideloading)

that's not an xpc question, right?

should I ping capt?

i don't have iOS 16

and "doesn't seem to work" isn't exactly helpful debugging info

be more specific

true

icons don't change after editing .car files

logs appear

Successfully responded (true, (null))

but icons stay the same, despite having the same changes and logs as on 15.4

any ideas?

do you see this in logs?

in xcode's debugger

and in Console.app I see . . . Done

are those log entries present on iOS 16

make sure debug/info is enabled

yep

yeah, they do appear

just no visible effect like on ios 15

wait a sec

smh

why did you send bundle ID to "com.apple.MobileSMS"

that was a test

it should be null otherwise it runs different code

it now is ran for every id

lemme send you my updated code

var connection: NSXPCConnection?

func remvoeIconCache(forBundleID bundleID: String) {
    print("removing cache for \(bundleID)")
    if connection == nil {
        let myCookieInterface = NSXPCInterface(with: ISIconCacheServiceProtocol.self)
        connection = Dynamic.NSXPCConnection(machServiceName: "com.apple.iconservices", options: []).asObject as? NSXPCConnection
        print("Connection: \(connection!)")
        connection!.remoteObjectInterface = myCookieInterface
        connection!.resume()
    }
    (connection!.remoteObjectProxy as AnyObject).clearCachedItems(forBundeID: "com.apple.MobileSMS") { (a, b) in
        print("Successfully responded (\(a), \(b ?? "(null)"))")
    }
}

first logs removing cache for ... and then Successfully responded (...)

but after a respring icons don't change, like they do on ios 15

yea no, you're clearing stale icon cache entries instead of all icon cache entries

set forBundeID to null/nil/whatever it is in swift

nil ok

also what happened to the approach where you replaced the SystemVersion.plist string with something else

i saw it in the code but commented out

looks promising

respringing

pog

thank you :)

it works

it worked? that's the strangest part

maybe ios has some hardcoded ios versions that it does something upon

then why did you switch to messing with SystemVersion.plist directly

i did not replace it with anything

there were just two different approaches to changing the value

but result is the same in both ways

i'm talking about this

why switch from that to

no, iconservicesd explicitly clears cache if the build/version from SystemVersion.plist don't match what's stored in __cache_info__
i presume to ensure new System apps show up after an update ig

yeah i also saw that when was decompiling with ghydra

what I mean is ios might be checking for specific versions somewhere in the code, triggers some rare changes and caused a bootloop?

since we used a Int.random(range:) method before that might be the case

it is likely you were breaking things related to update handling

anyway, I will give the beta to some eta wen kids and test if it bootloops anymore

have fun

thanks a ton Dhinak :)

can I add you to credits?

to Cowabunga

sure

idk how you're building without ldid but you should download procursus ldid and put it somewhere in your path

it should find it and use it

hopefully

just did, and it worked. tysm for your help

and how many people use it? 1

anyone who makes a watch app has to use it i think

or any extension for that matter

isn’t that what it’s for

@grave sparrow faptain kink

@grave sparrow can you explain this???

> CC="xcrun -sdk iphoneos cc" CFLAGS="-miphoneos-version-min=13.0 -Iinclude" LDFLAGS="-miphoneos-version-min=13.0" gmake
<TRIM>

> ipsw macho info launchctl --symbols | grep "xpc_user_sessions_enabled"
              <external|undefined>          _xpc_user_sessions_enabled               (libSystem.B.dylib)
0x100014300: __DATA  __la_symbol_ptr   0x100014300  LAZY                  0 libSystem.B.dylib              _xpc_user_sessions_enabled

> gmake clean

> CC="xcrun -sdk iphoneos cc" CFLAGS="-miphoneos-version-min=14.0 -Iinclude" LDFLAGS="-miphoneos-version-min=14.0" gmake
<TRIM>

> ipsw macho info launchctl --symbols | grep "xpc_user_sessions_enabled"
              <external|undefined>          _xpc_user_sessions_enabled               (libSystem.B.dylib)

@captinc can you explain this???

@grave sparrow

shirp — Today at 02:24
@captinc can you explain this???
@grave sparrow

I don't want ifdefs, I want weak linking

ifdefs it is

hi, what the methods of getting something device specific information (like UDID) in sandbox?

https://twitter.com/PR0GRAMMERHUM0R/status/1630462832767557632?s=19

@grim sparrow u probably know

In sandbox, you don’t

You give mr tim apple the sloppy toppy so he gives you the ents to get it

WHAT.

appstore apps can’t have UDID 💪💪💪

@grim sparrow is there a user client class you can use to get the udid

i might actually do the user client hacks

You need 4

thats chile

If you get user client pls let me know

Noo not DRM

ig I'll just ask for password then

Very dumb question

Let's say I had a binary that uses a class, say, call it, UIColorPickerViewController. And this class is not available on the iOS device's version I'm testing on. So let's say I were to provide a shim for this class that replicates it enough for it to theoretically be used in this binary that uses it. However, when this binary opens, dyld detects that the symbols for this class aren't in the framework the binary would usually get this class from so the binary crashes. Is there any way at all to add this shim of the class to the binary at runtime and link it somehow rather than patching the binary to use the shim

If I used %subclass would it be adding the symbols in memory and before dyld checks for the symbol

The runtime subclass cannot be linked at compile time so you have to use %c().
fuck should've seen that coming

o wait maybe i misunderstood that

tldr; anyway to somehow add symbols for a objc class that would link properly without needing to patch the binary that uses it

Forgot about c++ constructors

Go with c constructors?

All of those are called when dlopening a dylib that has objc classes

https://developer.apple.com/documentation/objectivec/nsobject/1418815-load

4. All initializers in frameworks that link to you.

Oh I see

https://developer.apple.com/documentation/objectivec/nsobject/1418639-initialize

I can’t answer that, but a simple log might do it

@grave sparrow Are you a debugger?

I don't think you can get this to work without modifying the macho

does anyone have an iOS 14 springboard binary they can send me

The macho would have to do runtime lookup of the classes I think

Like use NSClassFromString

it's an app, got it

i ended up using passwords instead

gorn

hi

disabling Facebook/Instagram's pinning is easy if you have the address of the function verifies the x509 cert, but they strip too many symbols to locate it without making some type of patchfinder. Given a known address of that function, the following disables pinning:

#import <mach-o/dyld.h>

static int _x509_verify_func(int arg1) {
    return 1;
}

%ctor {

    int framework_index = 0;
    for (int i = 0; i < _dyld_image_count(); i++) {
        if (strstr(_dyld_get_image_name(i), "FBSharedFramework")) {
            framework_index = i;
        }
    }

    // TODO: use xrefs to (exported function) X509_free to dynamically find this address 
    uint64_t _x509_verify_func_addr =  _dyld_get_image_vmaddr_slide(framework_index) + 0x00003385d0;
    MSHookFunction((void *)_x509_verify_func_addr, (void *)_x509_verify_func);
}

the target function invokes X509_free which is exported, so you can probably hook that and then examine the callstack when it's invoked to know which address actually needs to be hooked. otherwise I would use capstone + some known strings within invoking functions to locate the target function.

You can also avoid the hardcoded image name search by using dladdr to find the image containing the impl for X509_free

Does anyone know how I could create a custom window for a MacOS cocoa app?

like, custom window decorations

I think you should be fine to do something like, say, ```objc
%group ColorPickerShim
%subclass UIColorPickerViewController : UIViewController
// do stuff here
%end
%end

%ctor {
if (!%c(UIColorPickerViewController)) {
%init(ColorPickerShim);
}
}```

anyone here know how to set the background of a MacOS app to an image

im using cocoa

I just did this

@objc
class AppDelegate : NSObject, NSApplicationDelegate {
    // @available(macOS 11.0, *)
    public func applicationDidFinishLaunching(_ notif: Notification)
    {
        let fpath = "/" + CommandLine.arguments[0].split(separator: "/").dropLast().joined(separator: "/") + "/Resources/window.png"
        //check if file exists
        if !FileManager.default.fileExists(atPath: fpath) {
            print("File \"\(fpath)\" does not exist")
            exit(1)
        }
        //Load the file into an NSImage
        let windBackground = NSImage(contentsOfFile: fpath)!
        print(windBackground.size)
        let window = NSWindow(contentRect: NSRect(x: 0, y: 0, width: windBackground.size.width, height: windBackground.size.height),
                              styleMask: [.titled, .closable, .fullSizeContentView, .borderless],
                              backing: .buffered, defer: false)

        window.center()
        window.makeKeyAndOrderFront(nil)

        window.backgroundColor = NSColor(patternImage: windBackground)

        //Remove all buttons except the close button
        window.standardWindowButton(.miniaturizeButton)?.isHidden = true
        window.standardWindowButton(.zoomButton)?.isHidden = true

        //hide the title bar
        window.titlebarAppearsTransparent = true
        window.titleVisibility = .hidden
    }

    public func applicationShouldTerminateAfterLastWindowClosed(_ sender: NSApplication) -> Bool {
        return true
    }
}

is this bad or no

the comments are there for copilot dw im not a bad programmer, just lazy

its hilarious

cant be bothered to make an xcode project

why?

but it literally does

.

this is a screenshot

yeah, it was cringe

so If I just use subview

same result without the cringe?

nope

lmao

u sure I shouldnt just set the contentView to be the NSImageView?

wow that seems like a lot of work I dont want to do

backgroundColor it is

if I do this will the image resize with the window

Yes apparently

yeah

I just got it to work

well

well I say "well"

its beautiful tho!

this is a real window

    public func applicationDidFinishLaunching(_ notif: Notification)
    {
        let fpath = "/" + CommandLine.arguments[0].split(separator: "/").dropLast().joined(separator: "/") + "/Resources/window.png"
        if !FileManager.default.fileExists(atPath: fpath) {
            print("File \"\(fpath)\" does not exist")
            exit(1)
        }

        let windBackground = NSImage(contentsOfFile: fpath)!
        print(windBackground.size)
        let window = NSWindow(contentRect: NSRect(x: 0, y: 0, width: windBackground.size.width / 2, height: windBackground.size.height / 2),
                              styleMask: [.closable, .fullSizeContentView, .borderless, .resizable],
                              backing: .buffered, defer: false)

        window.contentView!.wantsLayer = true
        window.contentView!.layer?.contents = windBackground
        window.contentView!.layer?.contentsGravity = .resizeAspectFill

        //Make the titlebar transparent
        window.titlebarAppearsTransparent = true
        window.titleVisibility = .hidden

        window.center()
        window.makeKeyAndOrderFront(nil)
    }

the fixed code

also

I get a segfault when I try to close it

you got a clue why?

what are you trying to do

woa how did you do that

oh nvm

isReleasedWhenClosed = false or something

yeah i got the ivar name right first try

window.isReleasedWhenClosed = false will stop the window from getting released and causing a segfault

Caused by auto release

Thanks!

https://cdn.discordapp.com/attachments/1004176656212172870/1080336025181761629/Screen_Recording_2023-02-28_at_19.49.25.mov

MINECRAFT CLICKER

lmfao

my end goal is to make a minecraft launcher

that looks like a minecraft menu

im gonna rewrite it in at

true

qt

wtf

no

we already have prism and multimc

qt

yeah

I dont want this to be MacOS only

ill use electron then

use rust ™️ and wgpu

UI in rust 💀

d3d, metal, and vulkan all native

unironically

fr

d3d, metal, vulkan -> literally just vulkan lmao

ok

will do

what

no you can do whatevet

too bad

dxvk, moltenvk

vulkan is the future

yeah

but idk how you sry those up

set

and webgpu/wgpu makes all 3 abstracted away and native

@grave sparrow gm

Git submodule vs making my semi tiny shared ObjC code a framework

Why not

It's easier

Wdym it's not, I move the shared code into a repo, make it a submodule, and add it as a group into xcode

oh wait

xcode references the files, if I add/remove files xcode will say fuck you

damn

Alright guess it's time to figure out how to make a framework

It'd be a separate project

And how would I link with it if it's a separate project

• how to do headers

I see

Will xcode automatically pick up the headers when I add in the compiled framework

Ok

I will try it sometime in the next 6 months

Thank you for your assistance

That's why I code in vscode and use xcode for everything else

When you make an ide and people use it for everything besides coding in it (ignore the fact that they're forced to)

Developers in 5 years: how to jailbreak xcode????

i have nothing better to do

3

no

idk if this is a dumb question but why does that macdirtycow patcher for installd not invalidate the signature? I tried something and it always invalidates the signature

what did you try

a generic patch to change strings in the __cstring section

__TEXT is codesigned

oh fr

WDBRemoveThreeAppLimit doesn't touch __TEXT

thanks... maybe i can work around this some other way

¯_(ツ)_/¯

depends on what you're trying to do

i thought everything was codesigned

(excuse my dumb)

Me omw to spam Xcode in dms

Go to bed

gottem

I think i have a mastodon social still, from when twitter was gonna blow up last time

twitter already blew up today

guess that’s what happens when you fire literally every person who understood your networking infrastructure