And your filter is also outdated

And how will you do that

lol

Can you explain a usable standard

That people want to use

Can you explain a usable standard

no, I don't have a spec written for an idea that was proposed 20 minutes ago

Then why are you even pinging bingner about it

Anyways

because you seem stuck on needing bingers approval for anything

so he can dm me

Ok?

That’s normal

Since Substitute is widely used

Btw as it stands libhooker is the only tweak injection library that doesn’t work on 16.4

Maybe it should be fixed

Here’s a clue: thread_create in the rop injector always returns a NULL mach port. switch it to thread_create_running and it’ll work

i apologize for not updating it in the 4 days i've been working on it. ill get right on that

thank you

It’s already been 4 days?

No but here’s the thing I really don’t wanna be annoying but you need wide adoption from tweak injection libs if you wanna do something

Also substrate won’t ever get support for this, so nobody that supports iOS 10 or higher will switch over

This is the case for all the tweaks I know of that actually use the hacky method

I only brought up the idea cuz it seems like ElleKit and maybe libhooker oss along with rootless would be the new standard going forward. Idea seemed in line with fixing up some hackiness

But does zefram support it?

it's good to propose new ideas

Zefram doesn’t use substrate bundles afaik

Zefram is the most widely adopted hooking library

Zefram bricked my phone

@robust radish Do you have access to the semi untether basebinaries code

Broke it into pieces

Taurine basebins

Nobody can make any non-breaking changes to hooking libraries without support from zefram

Zefram when it hooks the kernel to abort() in constructor

about

Id propose a feature that we’ve discussed extensively, but I don’t think libhooker basebins are used in Taurine for tweak injection?

lets see what ja rule zefram has to say about this

Basically, we want a key in the plist called IsTweakManager that only dlopens tweak managers if a tweak is loaded

For Choicy and other alternatives

Ew

No

Why?

Priority is better

Or

A list of tweaks that need to be loaded before and after

https://tenor.com/view/ja-morant-dave-chappelle-gif-21625207

Configurable load order?

smh couldn't even edit it to say zefram

Priority will get abused

ty

So it doesn’t work

.

this stuff's outta my league but i be lurking sometimes

does filename hack get abused?

No

Wen eta python 3.12 on procursus

Very rarely

bc people don't know about it?

It’s easier to always set 0 in a plist than do a hack like this

Yes

That’s exactly the point

Now, I could ask Chariz / Havoc to block people from abusing it, but it really isn’t ideal

Better is

Before = {
    com.camerokatri.quickactions
},
After = {
     com.captinc.bootlooptweak
}

We love capt slander ‼️

I couldn't remember a second tweak name...

miakhalifa

@robust radish you should ask CS to maintain her tweaks too

Lol

Just let CS leave

Yeah we will dw

And her bad tweaks with her

I’m kinda fr though

be nice

Would be nice to get a Ventana update

Does she have any tweaks besides ventana and anemone?

classic folders

Ventana is dumb cause windows 10 is ugly

Aneomone hasn't worked since iOS 7

Anemone is so funny like why does it break every update

anemone was cool cause we got recache from that

and uicache -p

It worked on 13.x though!!

Back when she was motivated

It was already irrelevant by that point

True

it's my understanding that the tweaks will not be maintained. If someone wants to take one of them over, i'd suggest asking her if you can become the maintainer

I would but she doesn’t trust anyone so

Snowboard had already become the defacto theming platform

@ocean raptor star still said her implementation of uicache once it was done would’ve been faster

it was only like half done or something according to her

? it definitely worked up until like 12.x (can't remember if it ever did past that)

What does that mean?

idk

Are we not using her implementation of uicache?

well we are

How is it incomplete?

it’s just that she hadn’t finished everything i guess

opa fixed it though

there was more improvements to be done or something

@robust radish Are you up for implementing Swift hooking sometime? Id love to settle on a shared API

in terms of speed or something

Well yeah cause she used LSRebuildApplicationCache for years

Took years to complete

I fixed that

uicache go brrr

uicache -af

not br

when are you dropping libhooker2

👁️

are you the creator of ellekit? swift support is needed yes and settling on a common API would be excellent

I'm the creator of sex with your mom

@ocean raptor can’t believe these go mfs go such fat binaries

Right?! Larger than all of binpack

to be fair blacktop does have a few depends and that command list is massive

ipswd is so funny too

there’s an ipswd?

yes I am

Blacktop loves to add way more work for herself

wtf is ipswd

ipsw with a rest API

ipsw daemon

Also, I believe libhooker was supposed to get page signing soon

https://github.com/qwertyuiop1379/qd

I suppose you don’t have access to that?

scoop go hard

thank you. now...

==> Compiling Tweak.xm (arm64)…
/home/leo/theos/toolchain/linux/iphone/bin/clang++: /lib64/libtinfo.so.6: no version information available (required by /home/leo/theos/toolchain/linux/iphone/bin/clang++)
/home/leo/theos/toolchain/linux/iphone/usr/bin/clang-10: /lib64/libtinfo.so.6: no version information available (required by /home/leo/theos/toolchain/linux/iphone/usr/bin/clang-10)
==> Linking tweak dualsim (arm64)…
/home/leo/theos/toolchain/linux/iphone/bin/clang++: /lib64/libtinfo.so.6: no version information available (required by /home/leo/theos/toolchain/linux/iphone/bin/clang++)
ld: warning: directory not found for option '-F/home/leo/theos/vendor/lib/iphone/rootful'
Undefined symbols for architecture arm64:
  "_OBJC_CLASS_$_SBStatusBarStateAggregator", referenced from:
      objc-class-ref in Tweak.xm.0895a8d9.o
ld: symbol(s) not found for architecture arm64
clang-10: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [/home/leo/theos/makefiles/instance/library.mk:52: /home/leo/projects/dualsim/.theos/obj/debug/arm64/dualsim.dylib] Error 1
make[2]: *** [/home/leo/theos/makefiles/instance/library.mk:52: /home/leo/projects/dualsim/.theos/obj/debug/arm64/dualsim.dylib] Error 2
make[1]: *** [/home/leo/theos/makefiles/instance/library.mk:37: internal-library-all_] Error 2
make: *** [/home/leo/theos/makefiles/master/rules.mk:119: dualsim.all.tweak.variables] Error 2

😭

Read

Been there done that

link SpringBoard in your makefile

pov i’m in a building tweaks on my computer challenge and my opponent is on linux with an ios 15 arm64e device

already have that

$(TWEAK_NAME)_FRAMEWORKS = SpringBoard right?

yes

Tell kabir to update his toolchain to use my forks of cctools and ld64

Wrap the class in %c()

fuck i forgot ab that

ahh ok

%c(SB whatever it was)

you

Wait, I still need to add a NSGetExecutable impl for Linux

ty, it compiles now!

@ocean raptor i spent $77 on dinner with my credit card today so your rate for ldid just went down to 19.99

Still more than I get from patreon every month

i’m an unofficial supporter

i respect the work

$18/m all of which goes to pay for half of procursus.social

how much are your server costs for that

like $10?

welp, that throws me into safe mode unfortunately, i guess the wrong method was hooked?

Idk, hayden does all that

We couldn’t possibly know

I just get half of whatever is left over

cool, is discord the best place to reach you? re page signing, i don't think she finished it so its on my todo list

I pay 5 for server

Yah 5 is like the bottom year low everything

icraze helpful arc

rare

What platforms do you have?

i don't even know why i asked -- im only on discord and twitter

discord it is

Is there any way to hook on jailed? I know fishhook is useful but is there any other way, fishhook is just giving me errors

MsHookFunction is what i need

but i dont think its possible on jailed

What about hooking symbols?

i cant try it it tells me unknown symbol, rebind_symbols

i included it in my tweak.xm

and then tried compiling yes

does anyone know how to compile this on linux? https://github.com/pixelomer/PongoBRIX

i added fishhook.h and .c

thanks

you could probably change the makefile to use clang from theos toolchain instead of xcrun stuff

https://media.discordapp.net/attachments/1034285810175967344/1101174300595212419/IMG_6947.png

I used nm to get symbols from a file, is this also a symbol?
<redacted function 306572>

typedef void (^MRMediaRemoteGetNowPlayingInfoCallback)(NSDictionary *info);
void MRMediaRemoteGetNowPlayingInfo(dispatch_queue_t queue, MRMediaRemoteGetNowPlayingInfoCallback block);

I'm tryna use this in swift

this has no relation to tweak development btw I believe it can be used for ios?

anyway

How do I use this type'd closure in swift

lemme tell ya the order first:
we have MediaRemote and PrivateMediaRemote as packages (PMR exposes MR)
that objc code is part of PMR I believe

would this work

    
if (orig_wUpdate) {
        rebind_symbols((struct rebinding[1]){{"<redacted function 306572>", (void *)my_wUpdate, (void **)&orig_wUpdate}}, 1);
  }```

No

why

The function name is not actually <redacted function ADDR>, that's just what nm prints

The function doesn't have a symbol

https://github.com/apple/llvm-project/blob/next/llvm/tools/llvm-nm/llvm-nm.cpp#L1638

oh

It does

You just need to find it using ElleKit or something else

Symbol my balls

Fishhook won’t find it by itself

You need to mod it

Is it possible to extract the UID key from a jailbroken device?

no

no
with A9 and later, SEP generates one for the device so uhh

you can see why that's not gonna work

So does that mean you could, at least in theory, use the blackbird exploit to extract it on A9 and A10 devices?

not for a10

a8 and a9 maybe depending on how and where it’s saved

why do you want the UID key?

@tepid olive there is no dpkg-deb package, it's part of the dpkg package

true

@tepid olive does blue sky have proper federation with activitypub?

isnt it entirely separate

https://atproto.com

mostly entirely different model from what i understand

unfortunately there is not enough docs for me to implement it yet

So it sounds completely useless

well its supposed to solve a lot of the issues with activitypub

such as your content basically being owned by the server

Yet not an open standard

i believe it will be

its just in heavy develpoment rn

lol

theres a lot of docs and also lots of todos

its the web3 approach to twitter

Earn crypto with every retweet (but not actually a retweet even though this is just jacks attempt at Twitter 2)

its not cryptocurrency related

theres a lot of info on the protocol overview, for an idea of how it works roughly

I don't care

You said web3

web3 as in decentralization

but anyways its a completely different protocol to activitypub

Yet not actually decentralized

how?

How do I host my own bluesky server?

oh you mean that

its in very early develpoment

"Its decentralized but there is only one central server and you cannot run your own server"

Twitter was decentralized because they had multiple servers across the world

its centralized because theyre literally still making it

https://github.com/bluesky-social/indigo

Anyways

I will never use bluesky

Seems completely useless to me

oh apparently theres already some basis for other implementations already

If it can't interop with GNU social, what's the point?

because the average joe doesnt care about interop with gnu social

he wants to not have to worry about picking the right mastodon server to be hosted on

Oh yes

The users worst fear

A choice

that's not the issue

Also

the main issue is that then youre at the mercy of that instance owner

Bluesky is going to be decentralized so you'll have to pick a server

and if the server goes poof then all your data is gone basically

but you aren't hosted on the server

it's kinda like a client i think

you can store all your documents on many different servers simultaneously

How do you validate that the servers didn't modify the content?

cryptography

Don't tell me they store a public key in a DNS record

actually not sure if you pick a bsky.social subdomain as your username

but you can pick your own domain

i assume the signing is done on client side

so your private key is owned by you, not the server

or maybe it's that you use your own key to trust the server's key to act on your behalf

idk where the key is stored or exactly how

i'll be sure to look into it further in the future

I finally found a project idea

IMAP and SMTP to mastodon translator

email as a mastodon client

Exactly

that could be an easy way to avoid needing to build a frontend for bobafeed

least obsessed waifu simp:

https://cdn.discordapp.com/attachments/688122301975363591/1101322658534146078/v12044gd0000cguo7ijc77u00jsgu8mg.mov

Mmm

Adding detached signature support to ldid is NOT easy

problem with all “easy” public key crypto is someone needs to keep track of which keys are good

and that’s gonna be bsky.social or whatever

I think they're doing a block chain for that but I'm not quite sure

only mitigation is eg with iMessage how it mandatorily has to notify all your other devices

mandatorily did I invent a word

Guess who's got two thumbs and is going to write an SMPP server

a who

you have thumbs???

Not anymore

Clementine bit them off with her missing teeth

Did I tell you clementine has to get all of her teeth removed

awe

poor little creature

So the only possible way to hook on jailed is with symbols and fishhook?

is this a symbol LAB_02dc1eac

ok no its a label

breakpoints and exception handler abuse may be options

^ ya you could set hardware breakpoints

but then you’re limited to 4 hooks

or 6

@lime pivot why is this not firmware (>= 12.2) | libswift? https://github.com/theos/theos/blob/master/makefiles/package/deb.mk#L55

there was probably a reason we did it that way, @nimble parcel might remember

I think the templates do firmware (>= 12.2) | ${LIBSWIFT}

the main reason for that var is to insert the version dependency to it

@tepid olive ElleKit will get MSHookFunction support on stock iOS without debugging soon

6 is an annoying limitation

It’s fine

Most tweaks don’t hook more than 6 C functions (I think)

when is ellekit in sideloady dropping

ok

libswift was supposed to automatically resolve to a stub on ios >=12.2 but that would’ve required two packages (for indirection) and optimo didn’t like that 🙃

In response to opa’s tweet about the jailbreak bypassing situation on dopamine. Let me prefise by saying I know basically nothing about iOS (like code wise). As well as the app sandbox. But would some how increasing the sandbox on an app. would that solve the problem or like so how restricting it from like looking in the fs/place where the jb files are?

i'm sure capt is about to explain what dyld is and how blocking access to it would not be a good idea

but just to look at it from another way: if you do that, that's also going to be detectable (if its not blocked by sandbox on stock iOS, but blocked by sandbox on jailbroken iOS)

i don't think applying sandbox rules alone is enough anyway considering you already see logs of sandbox denying even file existence check and yet the errno still gives it away

i thought /usr/lib/dyld was accessible by sandbox though

Ok, but if we had to could we make like a extra safe mode type things. Where it does like all that ig but downs t load tweaks and hides everything. Idk if the new problem ur talking about would be solved

Not ideal but if it worked it would be better than noting

If it even works *

ok, let me address the tweet specifically, and not whatever generic shit capt is talking about

i don't remember why exactly dopamine is bind mounting, but dopamine is bind mounting over /usr/lib
the problem is this is detectable
you can't use sandbox to block this though. why? because by default, this is not sandboxed on stock iOS. so if you sandbox this on your jailbreak, then instead of detecting the bind mount, apps will just check if it's sandboxed or not

ok i remember why now, dopamine is patching dyld

are you nuking and then putting it back

or are you exempting your stuff

W

lmk how it goes

on the other hand i only need to inject into anything that does HTTP or certificate verification so

@grave sparrow @timid furnace I think I get it, but thanks for explaining it to me, wish I could help but I defiantly don’t know enough about iOS in order to actually help. Is there a good pLace to like start learning iOS and like how it works?

it's like an inverse pyramid

as you get deeper down you enter the "hard to find info" zone

Yea thought it would be that, apple is apple

K, did u learn by lake making apps first or like tweaks ?

I should probly learn C first

I mean can u write tweaks in swift ?

stop.

No, I'm order for dyld to load a library to loosen the sandbox, said library hasn't to be accessible from in the sandbox

stop while youre ahead

Did I y think so

dont think ab swift tweaks

Didn’t **

And /usr/lib is accessible from sandbox

no you can

just why

exactly

K lol

Is there like a hood iOS V/device to mess around with that if I mess sm up it’s no big deal

I’m thining 6 or 7

iPhone *

dopamine is using the bind mount both for patching dyld and for sandbox reasons

javascript can stay, java unfortunately can stay, python can stay

uhh anything else

Yea I have a iPad 7 on 14 but no A12+ devices on 14

if i dont know the language its prob useless

Node js but that’s js

bugging me and scoop

fortran

i remember

does pthread work in jailed

yea

ok

the good ol days of Optimo just declining stuff for whatever reasons. he used to piss so many people off when he told them their tweak is too expensive

he was always right though

pointers work on jailed right

#import <fishhook.h>

void (*original_function)(int);

void my_function(int arg) {
    // Your custom implementation of the function goes here
}

int main() {
    void *libHandle = dlopen("path/to/library.dylib", RTLD_NOW);
    uintptr_t baseAddress = (uintptr_t)dlsym(libHandle, "_mh_execute_header");
    uintptr_t offset = 0x1234; // Replace with your desired offset
    void *functionAddress = (void *)(baseAddress + offset);
    original_function = (void (*)(int))functionAddress;
    struct rebinding bindings[] = {
        {"original_function", my_function, (void **)&original_function}
    };
    rebind_symbols(bindings, 1);
    return 0;
}

would this code work to use fishhook to hook a function not by using its symbol but offset?

on jailed

https://github.com/ish-app/ish/blob/master/app/hook.c

@tepid olive You can use this code for hooking any symbol

i dont have symbol

only offset

also theos

Offset works

with same tool?

yes

on jailed? Using theos?

if so tysm

👍

now i need to find out how to usr it

rip your debuggers though

I’ve been playing with ideas to get around it nuking the debugger, primarily trying to forward the exceptions back to the original handler. Not working great so far

My initial plan was the evaluate if a TDM/breakpoint-multiplexing approach could work for achieving more than 6 hooks while only using the 6 breakpoints, but the debugger issue became too big of an annoyance to ignore

@hasty ruin to not spam the other channel

you should rm -rf ~/ObjectiveC NOW!

now what

great

👍

Now make the “swift” folder

hm works for me

british macOS, based

i need this message deleted so bad

just this one

nah

(you can delete messages in here)

oh wut

i didn't know

True!

does this work for jailed?

yes

but it will break your debugger

which debugger

i meant to use is in theos

then you probably won't notice the limitation

What

so can i use it in theos?

yeah

ok thanks

Do you also know how to use it

one thing is you'll have to generate mach_excServer.h/mach_excServer.c, using mig and mach_exc.defs in the macOSX sdk

the file you linked shows everything that you need to know to use it, you can probably copy/paste most of it (though you probably don't need the cache symbol parsing stuff)

i need to use it to hook offset function

doesnt generate anything

I run mig -server mach-exc.defs

inside the mach directory

https://github.com/jsherman212/svc_stalker/blob/6857a2a01bb69660e974a0dec12ef74f28f07dca/example/README.md?plain=1#L9

what

I think it’s pretty self explanatory

i need to download

snu

whazs that

I sent the mig tutorial

mach defs is in the kernel source(xnu)

You seem to be missing a lot of basic building block knowledge

I recommend you take the time to research the Apple infrastructure

the problem was i tried to run it from inside the mach direcotry

A computer can’t guess

You need to provide the path or relative paths

i fixed

now i get error when make package

The mig generated a header which you didn’t include in your c file

the c file has include „mach-excServer.h“

i just downloaded this here and the hook.h

which header

@twilit jungle why no update for flexall NSUInteger customSectionIndex = [sections indexOfObject:self.customSection]; -> NSUInteger customSectionIndex = [sections indexOfObject:self.customSections];

does anyone know fix

Its not my code

hook.c needs to include the mig generated header

#include "mach_excServer.h"

?

which header

Yes

it is already included but gives me the same error

so

https://github.com/DGh0st/FLEXall/pull/11

i didnt fix it yet, i also added user server mach and exc_mach.c to the folder

Clearly you didn’t or did it wrong

i did

i just added the files and included the .h file in the hook.c

@native dune can palera1n-c run on windows

no

why

i mean in theory you can, but yknow, everything about it wont work

these things called usb ports

why

@radiant idol bug report

whats the bug

The field is overlapping

The app count

oh

ok

I'll fix it

neon genesis

Hm?

The pirated version

In NGE they played fly me to the moon while rei was just spinning next to the credits, idk what you're talking about with drugs

Ohhhh

good

anyone have a atv 4 on 15.x they'd be willing to sell?

how am i supposed to do it then

so i fixed one error by including the .c not the .h but i still have this error

it looks like __RequestUnion__catch_mach_exc_subsystem doesnt exist in the mach_excServer.c

did you write this code because its wrong

i didnt

i downloaded it from here

mig -sheader mach_excServer.h -server mach_excServer.c osfmk/mach/mach_exc.defs

i got the headers

i included

you still did something wrong because you aren't supposed to get this error

Do i need to show you

not the include

what then

i changed nothing from the file

i just downloaded hooh.c

and hook.h

¯_(ツ)_/¯

i build iphone os

i build on planet earth

i fix by deleting the .c from files

in makefile

now how do i use the hook to hook adress

hook((void *)0xbadc0de, (void *)new_func1);

i only need to include the hook.h in the tweak xm right?

Do i just include hook.h in tweak.xm? And do i need to do anything in the make file

what have you tried

I included hook.h and it tells me, no matching function to call to hook

when i include hook.c instead of hook.h in the tweak xm it gives me a lot of errors

yeah, you’re supposed to include .h not .c

i tried both

did i miss something?

this is tweak xm

this is error

you're casting to incorrect types

so what do i need to do

compare hook's function signature to your usage of it and see what the discrepancy is

the function i want to hook?

no, the hook function

the arguments it takes specifically

their type

it looks like this in hook.h

its a bool

thats the return type of the function. what are the types of its arguments

void

that's close

but not fully correct

void with funny star

yes

that star means the arguments are pointers

now, in the call you make to hook in Tweak.xm, what is different

no pointer?

yep

you are casting the arguments to void, and the compiler doesn't like it because there is no function named hook that takes 2 void arguments

it takes void * arguments

so i need to add the star to the voids in brackets

in the parenthesis, yes

does it compile?

nope

what error

you've imported the header file but you aren't compiling the c file

do i need to add the hook.c into the makefile

yes

frameworks or files

files

after tweak.xm

(order doesn't actually matter, just have it in the same var that tweak.xm is put into)

now it gives me this error again

this one doesnt make sense

it looks like requestunion__catch_mach doesnt exist

are you compiling the generated mig file too

yes

i put the mach_excServer.c after Tweak.xm and before hook.c in files

and hook.c imports it?

and i included the mach_excServer.h in the hook.c

are you on a mac with xcode

yes

does this work

its a minimal example of using breakpoint hooking

i just need to buid and run?

yes

build failed

it tells me that there are 2 issues.

1. no account registered with xcode
2. no signing certificate

but why do i need xcode?

because I wanted you to have a working example to use as a reference to debug your tweak

here is a theos tweak that uses breakpoint hooking

this gives me errors too

¯_(ツ)_/¯

delete the abort() invocation and add #include <stdbool.h> to tweak.m

i think you saw my msg before i edited it

i had the wrong header

#include <stdbool.h>

ok

making progress

yes

add #import <Foundation/Foundation.h>

and make exception_handler return NULL

    mach_msg_server(mach_exc_server, sizeof(union __RequestUnion__catch_mach_exc_subsystem), server, MACH_MSG_OPTION_NONE);
    return NULL;
}```

thanks that fixed all errors

now i need to compare thanks

thank goodness

why no merge

Can someone with more knowledge than me tell me if I set this up in a good manner and is there a way I should be optimizing it further instead of just the while (true). Everything seems to work at least with it

so it works but you wanna optimize?

can you share the source file so I can compile it

yes it is

What is the alternative to it then?

while (!false)

seems ok to me for the most part. it's true that while(1) is generally considered a bad practice, but in this case the only alternative I see is a timer

something like

int monitored_variable = 0;
void handle_alarm(int sig) {
    if (monitored_variable % 2 == 0) {
        printf("monitored_variable is even\n");
    } else {
        printf("monitored_variable is odd\n");
    }
}

int main(int argc, const char * argv[]) {
    
    struct sigaction sa;
    sa.sa_handler = handle_alarm;
    sigemptyset(&sa.sa_mask);
    sa.sa_flags = 0;
    if (sigaction(SIGALRM, &sa, NULL) == -1) {
        return KERN_FAILURE;
    }
    
    struct itimerval timer;
    timer.it_interval.tv_sec = 1;
    timer.it_interval.tv_usec = 0;
    timer.it_value = timer.it_interval;
    if (setitimer(ITIMER_REAL, &timer, NULL) == -1) {
        return KERN_FAILURE;
    }
    
    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
        while (1) {
            monitored_variable++;
            sleep(1);
        };
    });
    
    CFRunLoopRun();
    
    return 0;
}

The reason is in the link

@twilit jungle I know it hasn’t been updated in a while, but do you plan on updating your Dimness tweak to support iOS 15 and Dopamine?

@DGh🙄st I know it hasn’t been updated in a while, but do you plan on updating your Dimness tweak to support iOS 15 and Dopamine?

True

Pretty sure it shouldn't require any changes for iOS 15, or any future releases. Might need changes to fix screenshots but doubt they are changing how screenshots are taken anytime soon.

^

Haven't uploaded to BigBoss in a few years... sounds like a lot of work to update the debs on my repo for rootless.

hayden will venmo you $50

I'll paypal you $5 to do it.

im sure someone here would take that

@indigo peak

Do you have Zelle?

debian 12 in june

100

🙏

Hosting a server is also too much work... Its hosted on Github lol. Do a pull request.

Also on GitHub

https://github.com/DGh0st

Quickactions 2 coming soon to bigboss

cashapp me $4 ill do it

would someone mind using clutch to decrypt this ipa
https://www.dropbox.com/s/0a5ji9a1uuok6sr/gr.whatsup.app_535247768_4.28.2.ipa?dl=0
as i dont have a jailbroken device? thanks in advance

@twilit jungle paypal me 5 bucks ill do what you wanted before

Do a PR and you'll get your $5...

or buy me a 300 dollar lego set

a pr for what repo that has what

PR for my debian repo with all the debs repackaged for rootless

Which set?

I ordered these last night

the nes

71374

Nice

and i sorta need the set by the end of may

and i dont got bread like that

How do rootless packages differ anyways?

need

yeah

i said need

ipas are tied to your Apple ID, that one won’t work for anyone but you

fancy zip

I can decrypt it if you give me a shell on your device that is signed into the iTunes account used to download it

zstd

who ping

https://tenor.com/view/elmo-shrug-idk-i-dont-know-who-knows-gif-17348455

this never made sense to me

how have we not figured out how to bypass it

cryptography

steven employers

https://cdn.discordapp.com/attachments/688121419980341282/1098584813901983904/Screenshot_2023-04-10_at_18.png

return

Aka capt

true

it warned me for incrementing an integer earlier

(the variable was called spotify)

how much time did you spend on that capt

oh

you were typing for ages

15 seconds is how long it takes chatgpt to respond

https://cdn.discordapp.com/emojis/1078865670885879869.webp?size=48&name=trolley&quality=lossless

I can write a fork bomb in batch in less than one second

okr

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

mine better

mine is better, it literally only has 7 characters

mine is better, capt fell for it

ret-

DON'T RUN %0 | %0 FROM A BATCH FILE
WORST MISTAKE OF MY LIFE

run this

eval $(echo "I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==" | uudecode)

just replace the eval with echo if you want to check it's fine 👍

being frl though, I did run it

didn't crash

I got a bunch of windows-esque errors when I ran out of memory though

"the application tried to write to a nonexistant pipe"

among others

lmao

i got the rights to your moms pipe

no, I thought you had rights to shep's pipe

:(){:|:&}

nvm, that was capt

????

im tempted to send the fork bomb here

mfw I send it here and you actually try to run it

don't want to anger the Apple copyright police ig

this is so me

me

Except i wrote a little css https://tools.shorty.systems/shared/theme.css
https://tools.shorty.systems/shared/content.css
(the site this is on might one day have a pahe that doesn't need both)

https://youtu.be/dDRDova2uro

@lime pivot hheeeeeeelllllllppppppppppp

gm

2023-05-02 13:22:32.634 xcodebuild[33823:704077] Writing error result bundle to /var/folders/t2/k5wdz3wx2_jdkx4c29b06pk80000gn/T/ResultBundle_2023-02-05_13-22-0032.xcresult
xcodebuild: error: “InstallationBuildProductsLocation” couldn’t be moved to “Aemulo 02-05-2023, 13.22.xcarchive” because either the former doesn’t exist, or the folder containing the latter doesn’t exist.: The operation couldn’t be completed. No such file or directory

what the hell

the theos makefile is brokey

I have never seen that before

im just trying to make a new aemulo build for rootless 😔

@lime pivot it seems to have started after using xcode 14.3

So when i generate the mach_excServer header and open it, it says that it defines user insteadmof server at the top

is it supported or not then ?

Fixed.

another issue, why does my app flash black for a moment before completely loading in, even tho dark mode is set to false

launch storyboard?

after building (npm run build) and starting it in prod mode, the flash is like only a few ms long

I guess ill live with it..

Still can see it, but it aint half a second

true

Well, id still have to grab the value from localstorage and set it to that, wont i ?

• now, even after launching it in prod mode, the data tables page still flashes

Internal Server Error

what browser are you using

The best of the best - chrome

idk if chrome can get rid of white flash

I should focus on actual functionality of this thing instead of adding light and dark mode switches.

This things due in a month and i still need to write 120 pages (including code, yay) worth of documentation for it

@vapid cape hows your project going ?

I like nuxt but it do be pain sometimes

Not like im much of a web dev either tho

google has anti flicker optimizations

Also, how do i even host an SSR web app ?

Would like to do it at home so i dont have to buy a vps or something

i have a domain

Suck ma nuts

And hows my project going? Look at my pfp

Cloudflare perhaps

?

using cloud flare

I am protected via cloudflare and i have stuff running on that domain already, but im interested in how do i actually run that nuxt app. Just npm run start in tmux or pm2 or something ?

well ideally you'll want to put it behind a reverse proxy with a web server like caddy or nginx

for prod

What does that do ?

cloudflare would likely be your reverse proxy

Also if you don't optimize dev code, its easier to debug

https://media.discordapp.net/attachments/727284006714081400/1103017697387753492/Screenshot_2023-05-02_at_11.58.14_AM.png?width=1648&height=926

mairo

pc game on macos

how

mairo

whar

Thats Red Luigi

⁠development > 💬

#development message

688124600269144162

hi im creating sockh3lix++ and im getting an error that /usr/libexec/zebra/supersling is not owned by root:wheel though i tried to chown it with 6755

6755 because i looked through the zebra’s makefile and it did 6755 on supersling

uh

chmod is file perms, chown is file ownership

you should be doing like chown root:wheel or something not chown 6755

realistically you shouldn't need to be doing either

it's already correctly set up for you

oh the latest zebra release doesnt even have the supersling in libexec

rootless doesn't use supersling

what about ios 10

it should be there on iOS 9 - 12

is it located in the app’s bundle or is it hardcoded to /usr/libexec/zebra

pretty sure it's still in libexec

@gentle grove exFAT

How do i make a tweak rootless again?

just add rootless to makefile?

if you use any root paths in your tweak code, wrap them in ROOT_PATH_NS or equivalent macros from rootless.h, and then build with make clean package FINALPACKGE=1 THEOS_PACKAGE_SCHEME=rootless

note: you will want to use xcode 12 or newer to build your rootless package, but still use xcode 11 or older to build rootful if you want to support ios 13 and below

if you only have linux, then add a dependency on oldabi in your rootless package

where do i get rootless.h

It’s built in to Theos

New versions of it at least

You might have to update Theos in order to get it to work

$THEOS/vendor/include/rootless.h

how do i generate mach_excServer.h again? Until now i always get the wrong file

nvm

is it possible to use "make do" on rootless ? obviously now it won't let me do it because we should use "mobile" instead of "root"

sudo handling in theos seems to be broken, so for now just do sudo passwd on the device and set a root password

worked with ssh-key , thank you

or that yea, forgot you can do that as well

yes it is too convenient

@robust radish Sorry to bother again. However when i put the same code you provided in your hook example tweak.m that actually compiled, into my own tweak.x, it gives me this error. Both the mach_excServer.h and the mach_excServer.c are the same from the example you provided. I also didnt forget to compile the .c within the makefile. This makes me wonder if you maybe know why the error appears? Thanks.

You don’t need the c file

Or maybe you do

I don’t remember

imdo

You need to declare mach_sxc_server as the C abi

how do i do that

Google

ok

extern „C“ {}?

waaa

where

if you change tweak.x to tweak.m it will probably work

Tweak.xm to Tweak.x you mean

https://twitter.com/SwiftOnSecurity/status/1653807045026430978?s=19

Nope. That gives me other errors

try xm

it was xm from start

Do the extern "C" thing

i was going off what they said into my own tweak.x,

well, you have the tweak I sent you that works. whats different between it and yours?

did you update your makefile and then perform make clean after changing the file extension?

@tepid olive Look bro, open the mig generated header, find where mach_exc_server is declared and add extern "C" right before it

Smh

editing generated files -- you love hate to see it

Or

extern "C" {
#include "whatever"
}

__BEGIN_DECLS

mig generated headers should do this smh

L macros

tbf mig might do fixups depending on the environment? this person is using ones I generated on my machine (it seems kind of unlikely, but who knows)

How would it know if the header is being used by c or c++?

All headers should have
#ifdef __cplusplus__ extern "C" etc

if doing that fixes the file for them, i dont oppose

That's the same thing

its less clear tho

But it's not really portable is it?

Pretty BSD specific

I don't know if GNU defines it

alright so extern C it is

is there anyway to emulate a virtual ios device on linux

Corellium is cheap

bold of you to assume the discord user has income

especially when >linux

Watch NGE or I will do your mom even harder

yea i have like 3 dollars to my name

i can barely afford my vpn subscription

i beg for money on the streets

Beg for bitches

https://github.com/TrungNguyen1909/qemu-t8030

it tells me exepted (

it now worked even tho i changed nothing wt f

but do i need to have the pthread and all for hooking, objc?

And the stuff in the attribute? At the bottom

@grave sparrow

it worked

could someone point me in the right direction for debugging a tweak? I'm trying to rebuild a tweak for rootless and it builds and installs fine but the tweak itself doesnt work. Are there like tweak logs where I could see if its injecting correctly or see if something else I did was wrong?

(Tweak in question in FreePIP https://github.com/sohsatoh/FreePIP. Steps: Clone repo, change makefile to include THEOS_PACKAGE_SCHEME=rootless, then built and installed thu silio.

you can look at app crash logs (krashkop or settings > privacy > analytics & improvements > analytics data) and syslog (antoine, idevicesyslog, console.app)

Thanks! Any tips for filtering/triggering a log? It injects into springboard so I tried filtering text to free (the deb file has free in the name) and then respring but nothing related it coming up (Using Antoine)

Wtf is krashkop

new crash reporter that works on rootless too

Ah

yeah im not seeing any logs im thinking its just not injecting at all. or it is injecting correctly and the tweak just doesn't work :E

ElleKit logs anything that it loads

oh damn ok where is that log

I could also be completely wrong

💀

Can i hook more than one function with the code?bc it doesnt seem to let me, @robust radish

you have 6 hardware breakpoints available

i haven't really worked with the code you're using much, but it is indeed possible

why do you need to use breakpoints? is this going to run on non-jb devices?

yes, non jb

and it works but only one, after i add another hook() with params it only hooks the one later in the code

yeah idk, you'll have to debug

Aughhhh

Developmental question: have PAC and PPL bypass exploits been released in the past?

Just write your own logger

#development message

Bro

that no tutorial to write logger

do you recommend me any way for debugging

My theory is that it overwrites the current hook but idk how to make it add a hook not overwrite

can i get some help please?
i am trying to get zebra working but the issue is that it gives me an error and it says"su/sling doesnt have the permission to set the uid or gid.". i added these lines of code to my code and it still doesnt work

chmod("/usr/libexec/zebra/supersling", 6755);```

did you verify that it has the correct owner and perms after your code executes

not really, without debugging it myself

nvm,

dsystem("chmod 6755 /usr/libexec/zebra/supersling");```

please don't use system

I think chmod needs an octal

shouldn't it be 06755 (octal)

yea

0o6755 on js/py I don't remember c

oh so this is octal?

chmod("/private/var", 0755);
chmod("/private/var/mobile", 0711);
chmod("/private/var/mobile/Library", 0711);
chmod("/private/var/mobile/Library/Preferences", 0755);```

like its 0755 instead of 755

its the original code

yes, 0 prefix in c means octal literal

oohhhhhh

thanks

now its saying that i am
on doubleH3lix and Telesphoreo?

tho im on procursus

lmao

and on sockH3lix

well, how would you debug it yourself. Maybe i can do it too

i don’t think zebra has detection for sock helix

it’s kind of an unknown thing

eh procursus on ios 10 is a bad idea

ill quickly redo the bootstrap tar

not really, the sdk is just dogshit

wen eta native supp0rt for iso 10

it's difficult to answer -- there is not a predefined checklist i follow for debugging issues. This issue is further complicated because you cannot actually attach a debugger to this tweak/app given you are overriding the exception handler used by debuggers

so you'll have to wing it

Things just don’t install, anyone seen this before

rip im on dopamine

idk what else to do, i checked the injection on ios 15.4 and Springboard.framework as well as the function it should be hooking SBPIPContainerViewController

and there is a NSLog(@"freepip - target is a real device"); in %ctor which should run when injected right?

Yeah

@grave sparrow SHUT UP!

@grave sparrow DO IT!

How difficult is it to develop simple tweaks? I know some C, Python, JS, made a few websites, and other hobby projects in Python and C. Really interested in maybe starting tweak dev

you'd need to know some objective-c

Yeah I'm aware, and learning new languages isn't a problem

Just use a racial non-slur

im hosting PreferenceLoader from artikus , edited by MrGcGamer for rootless support .

it use GNU Lesser General Public License v3.0
so should be fine as distribution is allowed , right ?

yes

are you guys developing catgirls yet?

meow

mow

Only the swift devs

ig its this code

oh

does ptrhead count as debugger

maybe

its not my code its from the devs who made the hook

Is there any documentation on how to start making your own tweaks

#development message

this code is what enables it to hook stuff (by letting it catch breakpoints)

In the current project, injects libinjector.dylib into xpcproxy com.apple.cfprefsd.xpc.daemon by setting DYLD_INSERT_LIBRARIES with posix_spawnp hook.
Next, inject cfprefsdhook.dylib into cfprefsd by libinjector.dylib with posix_spawnp hook as well.
Do you think there is a better way? or is this good enough...? @naive kraken

I guess it's fine, but keep in mind rootlesshook will also potentially hook installd in the future

btw if you or any other member of the palera1n team wants to work on the installd hook, be my guest lol

The hook should
A) Redirect icon cache to /var/jb
B) Add /var/jb/Applications to the applications indexed by the system

ok, thanks!
so, installd hook is something like iconcache separation?

yes and to prevent jb apps from getting removed when the system rebuilds icon cache

a POC for B) is in the Dopamine repo, keep in mind it causes a bootloop when actually rebuilding icon cache, no idea why but SpringBoard just enters crash loop (like with the bind mounts)

oh
icon cache related are cursed. 💀

it might just be the fact I did not resolve the /var/jb symlink

but I'm not sure

@grave sparrow help ? Did I do something

Theos issue?

Seems like xcode is frozen

Install procursus to avoid this kind of bs

I’m not looking in right place aren’t I

This what I clicked

https://apt.procurs.us/bootstraps/big_sur/ @acoustic imp