#development

skull tissue

how do i build for ellekit, i want to know if i did something wrong

what are these errors caused by

this is after setting my proxy to localhost 8181 on my iphone. commands are also run on my iphone.

connection

refused

do you mean widevine_cdm_secured_ios ?

choicy works fine

nah it doesn't, even patching the binary's fuctions which detect the jailbreak it doesn't

__AMMetricsLogger_attributesForDRMJailbreakDetected there is drm shit

I have a question. Is there anyway to help a dev update a tweak for rootless iOS 15? I have been in contact with the dev for AlarmVolume and he said he would be willing to look at updating it, but he doesn’t have a device on ios15.

With just basic knowledge into development (like compiling, using Xcode...etc) is there anyway I could possibly help? Or does anyone have any ideas? I have a device on both iOS 15.0 and 16.0

you could try asking on https://www.reddit.com/r/tweakbounty

I just meant in general

lol we're still trying amazon music in 2023

😆 yeah, i still

oh, by the way, they allow rooted android devices

did you get jump it ?

anyone know how to deobfuscate this

https://deobfuscate.relative.im/

I tried that lol

need help please

add the tbd to theos lib folder

Can you please send me link of it

I don't know what that is that's something you find since its your tweak or you are building it, it should list deps

swift obj (methods) are objetive c NSObject ?

i've used swift like one time

naaah

so do you prefer obj c than swift ?

💀 only to do hacking stuff

don't tell llsc

yeah, swift is more beautiful to create apps and that kind of thing well i think

swift is rust but apple

😂 well swift since 2018 is growing more than obj c

that's true

Only trans people use swift

ironically I used swift when it came out back in was it iOS 8? well I forgot it all

taurine, odyssey

soooo

point proven

wtf

fugu 👀

electra

pwn is trans /s

unc0ver ?

/s

bobabreak

god no

I'd really like to same some shit but its my opinion, its not politically correct, and I'd get banned on the spot for it

i am pro

can i ? ik python

hot maik

Mail

@grave sparrow gm

give me zefram windows phone

if you have time bro, i want to ask if you know a method in order to jump drm widevine ios framework ? that shit avoid to use amazon app when i am jailbroke, and sorry for all question about it

i need to find that test tweak you told me to test

Thanks fixed

#development message

found it

oh i remember why i stopped working on this

i need substitute for c function hooking to continue my project

professional hooker?

CarBridge

CarBridge

So when using ellekit, without hooking anything it doesnt crash but when i do hook it crashes, but any hook. Do i need to hook later after the app startet or earlier?

nvm it also crashes when i dont hook

now

For ellekit to work, do i need to not include mobile substrate?

or is cydia substrate and movile substrate the same thing

And does ellekit have any other libraries that i shouldnt include?

Bro just give up

never

is there a version of alderis that isn’t broken for rootless

there was somewhere but it was conveniently removed from both frcoal.cfd and pinned messages before ppl verified if the chariz build really works properly

fr tho

fr what

lol yeah not even trying to be rude. I think 3 or 4 people now have sent you sample code or custom libraries for your use-case. you've been given all the resources needed to have it working

it doesnt work, even when building it my own

you couldn't get it working != it doesn't work tho

exactly, so theres no need to stop now

i must be doing something wrong

which means i just need to figure out wh

y

have you tried turning it off and on again

Can someone give me an example tweak that hooks with ellekit substrate please

yes

it doesn't work

Hello,
I wanted to know if it was possible to make a tweak that can change the color filters in the iPhone shortcut application on IOS 15.4.1 ?

There is no difference between ellekit and substrate

Anyone experience this issue? I'm trying to compile the rootful deb of the tweak for iOS 13 arm64e devices but with the OldABI i get this issue.

I followed the instructions to set it up here:
https://theos.dev/docs/arm64e-deployment

whatever is calling bash is using an invalid flag

since it doesn’t exist

huh

strange

it works fine with Xcode 14 though, that's the thing

there’s -D but i don’t see a -d

hmm

oh i see it now

only for one of the builtin’s though

weird issue never seen that before

very weird

add -n

look for any kind of sh or bash step after "making all"

or wait

theos has a verbose flag

use that that should print commands run

i believe this happens when Theos can’t find Xcode

it’s supposed to be $(SOMETHING_ELSE) -d but that SOMETHING_ELSE ends up blank

Hmm

I know minimal things about linux OS and some cybersecurity. Where would a person like me start in development of jailbreaks and IOS bug hunting?

#1090168975251492996 message

mysterious

#Unknown

wtf

its supposed to link to a genius bar thread

boba skill issue

works for me

How does bypassing Signed System Volume in userland work? The Apple Wiki says one way is to utilize bind mounts.

bind mounts cant be used in userland

or rather created in userland

actually i take that back slightly, you can technically do it but it isn't really "bypassing" SSV (dopamine bind mounts over /usr/lib to patch dyld iirc)

Discord fault

did you read the documentation for libcscolorpicker
you can't link a library you don't have

No thanks issue fixed i have misunderstood nvm

well yeah that's not a bypass at all, you're just pointing one directory to another basically. unlike a symlink which is just namespace, bind mounts utilize a bridge between operations and syscalls (vfs)

In theory, could you not bypass SSV, but rather modify it to validate the filesystem against a different hash? You could modify the filesystem, generate a hash of it, package it in an IMG4 and replace the root_hash.img4 file in the preboot partition with it. You would probably need to know what method the hash is generated with in the first place. Screw it, the root hash should be APTicket signed, which would prevent this anyway.

i mean in theory yeah but that would require knowing apple's private key/breaking their cryptography and what not

Could you find such private key by reverse engineering iBoot? I don't see how iBoot would be able to validate the root hash if it can't generate one itself.

it's not generated by iboot though

if the private key was stored on-device we would have gotten it a loooong time ago

So does that mean the hash is built into iBoot at compile time?

I've heard that the old SHSH signatures used to sign LLB/iBSS on 32-bit devices are just RSA encrypted SHA1 hashes of the firmware files. Since these signatures are validated by the SecureROM, which can't be updated without a hardware revision, how does the SecureROM validate SHSH signatures unless it has the RSA encryption key used to generate them?

the hash is recomputed on the device but it must match one that is also provided by apple

since the System volume will have the exact same hash for every device

If it's recomputed on the device, how come we haven't found the key used to recompute it?

the device has the public key

What iBoot does is verify that its copy of the root hash is intact by hashing that copy of the root hash, and comparing that with a hash of the root hash (its ‘signature’) made previously.

confusing, i know

hash on top of a hash

Is that just the GID key or something? Can it not be used to generate bootleg SHSH signatures?

also gotta remember:

Each SSV SHA256 hash is stored in the main file-system metadata tree, which is itself
hashed. And because each node of the tree recursively verifies the integrity of the hashes
of its children—similar to a binary hash (Merkle) tree—the root node’s hash value, called a
seal, therefore encompasses every byte of data in the SSV, which means the cryptographic
signature covers the entire system volume.

https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

the GID key is used for decrypting firmware, not actually creating SHSH signatures

for that, you would need to break RSA (again)

How does the device validate SHSH signatures if it can't create them itself?

even so, the GID key is difficult to obtain, for example the A4 GID key took hundred thousand dollar equipment and an already existing bootROM exploit to dump

again it uses the public key which is burned into the ROM

public keys again

Now that we have the equipment, can we do it again for every other SoC with a bootrom exploit?

Does this mean that the device uses a public key to decrypt the SHSH signature and get the original hash, rather than encrypting the hash and recreating the SHSH signature?

well it validates that the signature came from apple so yes nothing is actually "created" on device, its all requested from TSS

that's how blobs work, they're just captured "Yes" responses from apple which are then used in a replay attack

So do RSA SHSH blobs have some kind of certificates in them?

maybe but it would be completely useless on A7 and newer due to SEP

what exactly do you mean by "certificates"

i mean, the only thing the GID can really help you do is decrypt firmwares
also SEP also has a GID which is used to encrypt its own firmware

The thing that tells the device that the signature came from Apple.

the private key itself does that

that's RSA once again

the key doesnt say "hey im from apple" but since it is completely unique that means it can only come from apple

for all intents and purposes both keys and the ROM have no idea they belong to apple, they just know that their keys match and therefore it can be trusted

<insert funny blackbird exploit joke here>

https://hardwear.io/netherlands-2022/presentation/using-magic-wand-to-break-iPhone-last-security-barrier.pdf here's tihmstar's presentation that goes over how he got A4's GID key if you really want to know more

https://github.com/SparkDev97/libSparkColourPicker
read the readme smh

did that

so you have both the headers and the library?

yup

tried in theos/lib and theos/lib/iphone/rootless

it's colour not color

am i dumb

same thing tho

oh im dumb^2

thanks

there is nothing in the preferences folder

did i install the wrong version of preference loader?

Preference loader has nothing to do with creating preference files that’s up to the processes and tweaks

It's extremely astonishing just how much knowledge you lack that other people have

I'm playing around with a commcenter patch for iOS 15 since I miss tethering. I got the idea from any elihwyma on their work here: https://github.com/elihwyma/commcenterpatch13
I've used Frida to dump class names from iOS 15 but I'm not sure if I've got all of them. It's sort of a "yeet into commcenter and see what happens" attempt, but just wondering if anyone has any tips or advice.

we should fix that, that's a confusing error of course

But why is it all of a sudden not working though? Compilation with Xcode 11.7 on Monterey worked fine and now it doesn’t?

yeah that I'm not sure about. this is a setup that worked before when you were on Monterey, like you set it up on Monterey and upgraded to Ventura?

substrate doesnt work on jailed

this is false

?

i mean mshook function

I've used jailed substrate since 2016

it's never not worked

mshookfuncgion too

?

bruh that's the only thing that works

every single tweak uses mshookfunction

how did you not know this

Yes and thats why they dont work on jailed???

why wouldn't it work on jailed

dont ask me

It just doesnt, nothing happends at all

you clearly did something wrong

it would crash if anything

since it doesn't work in the first place you didn't actually inject the tweak

or the function you hooked is never called

it works on jailbroken doing the exact same

yah so its not injected

and i know that it gets executed, and that the function is used

my tweak does get executed and the mshookfunction gets executed too just not the hooming then?

Do i need to use another substrate or are we talking sbout cydia substrate

doesn't matter I used cydia substrate for jailed

your trolling

I'm not?

oh have you been talking about cydia substrate this whole time?

why does that matter

its the same thing

no ellekit

i thought cydia doesnt work on jailed

so he told me it does

lmao it does of course

if ellekit doesn't work jailed you should use substrate

if vise versa, vise versa

thats what i tried very first

maybe the second time is actually broken and first time you just did it wrong

or vise versa

its highly unlikely that both are broken

one should work

Ill try again later

when i asked how to hook on jailed no one told me that tho

Were talking anout this one right void MSHookFunction(void *symbol, void *hook, void **old);

Bruh you literally should be using logos don’t need to manually write substrate calls

???

I set it up on Big Sur and upgraded to monterey

@faint timber mshookfunction doesn’t work on jailed because it patches instructions… that can’t work without CS_DEBUGGED

I did that

i just showed it like this cuz i wanted to make sure i did the logo right

can i set it to debug mode and then use mshook?

i have an unused variable

but i use the variable

above the assignment

how do i fix that

Ill ask again as my msg from earlier isnt visible anymore. Can someone please give me an example mobile substrate tweak using Ellekit to do MSHookFunction?

i needed a header file

figured it out

now im getting “bad deb” tho

ok nvm ignore that last

now its just not working and i know thats not helpful so lemi try to figure why

seems like preference loader isn’t working

%ctor {
    __block NSUserDefaults *prefs = [[NSUserDefaults alloc] initWithSuiteName:@"com.chis.dopetext"];

    NSString *(^stringForKey)(NSString *, NSString *) = ^(NSString *key, NSString *def) {
        return ([prefs objectForKey:key]) ? [prefs objectForKey:key] : def;
    };
    tweakEnabled = ([prefs objectForKey:@"ena"]) ? [prefs boolForKey:@"ena"] : false;
    NSString *colourString = stringForKey(@"YourCustomColour", @"#ffffff");
    col = [SparkColourPickerUtils colourWithString: colourString withFallback: @"#ffffff"];
    tweakEnabled = true;
    if (tweakEnabled) {
        %init(man);
    }
}

everything is falling back to false/#fffff

no

i dont think?

imessages

it is themeing it just with the defaults i gave it, not sure if that’s what you meant

dopamine

can i get example tweak tho. I dont need to use ellekit if id have to ask you to make it signable everytime i update my tweak (often) and if i dont understand what you did its useless to me too

there is nothing at that path

wai

wait

what

well

yes but i want an example tweak to compare it to mine and maybe do it like in the example to see if itll work

Link identity editor

ok thanks ill upload it now

Make dev channel great again

no thanks

cameron.

non-orange role

i dont want it

NotCameron

cameren.

to many camerens/camerons to keep track off nowadays

probably theos-jailed

idk

make one then

didn't you just say one exists

Just parse the macho and do it yourself :>

public

man

yeah I wish it were better

you'd think a well-known binary format that occasionally needs manipulation would have a bunch of tools available

true

closest it gets is that Apple added vtool at one point

there is

yeah trying now

1. @tepid olive is this just upstream ellekit? no special building or anything?
2. single dylib which contains ellekit and all stub functions (substrate, lh)

you missed library

it has but its still not working, oh do i have to add /var/jb

well its not working

I read from there in SnowBoard UI in messages

Just fyi

wait

are you on dopamine

@vale oxide

just use normal

Nah I just read the plist directly, because I'm a naughty boy

cfprefsd hook my beloved

fuck NSUserDefaults

how tf is other stuff getting redirected then

what's the tweak running in

oh

is there anything in /var/jb/var/mobile/Library/Preferences/

Inb4 1 character typo

Actually tbf this might be a lie

okay no it's not

a lie

not spark dev

where is he wtf

Gone

to pursue a life of solitude

Wasn't lying after all, continue with normal programming.

sparkn't

sadge

si

yes

and this is from settings?

yes

libsparkcolorpicker #1

ok so you're probably getting pinched by sandbox

but just to double check

go to console, enable info and debug msgs, and search for dopetext while opening messages

????

wtf do you mean ???

dopetext

problem

im using a linux server that im accessing from my ipad to develop

no mac?

so

yeahhhh

ok i guess you are using antoine

[[antoine]]

Just don't use libraries by that horrible SparkDev guy, then you won't have any issues.

@timid furnace

did you enable info and debug

wat

info and debug messages

wher

in antoine?

or do i have to bake it in to the tweak

with theos

check the settings icon

it should be in there i think

been a while since i used antoine

it’s different, i added some check

.

so it is already enabled

is this from after reopening messages, or did you open anything that your tweak injects into in between

thats colors

no

it only goes to messages

dafuq

not springboard

noting

why is there /var/empty then

?

the bottom looks fine, idk about the top

did captinc mess it up?

/var/mobile/Library/Prefrences/.plist

thats what is in the code

soooo

maybe its opa’s fault

there is no private folder or empty folder

probably

no i think its opa’s fault

buttt

MORE TESTS ARE IN ORDER

this is painful

its not going to the path i tell it to

why

why

what

why

@grave sparrow

nice quotes

%ctor {
    __block NSUserDefaults *prefs = [[NSUserDefaults alloc] initWithSuiteName:@"com.chis.dopetext.plist"];
    NSString *(^stringForKey)(NSString *, NSString *) = ^(NSString *key, NSString *def) {
        return ([prefs objectForKey:key]) ? [prefs objectForKey:key] : def;
    };
    tweakEnabled = ([prefs objectForKey:@"ena"]) ? [prefs boolForKey:@"ena"] : false;
    NSString *colourString = stringForKey(@"YourCustomColour", @"#ffffff");
    col = [SparkColourPickerUtils colourWithString: colourString withFallback: @"#ffffff"];
    tweakEnabled = true;
    if (tweakEnabled) {
        %init(man);
    }
}

ask sparkdev if his library is confusing

it apparently works for other people so uh

colour

💀

you live in joe biden ville

democrat central

12$ small coffee

worst traffic known to man

[DopeText] prefs.dictionaryRepresentation: {
    AKLastEmailListRequestDateKey = "2023-05-19 03:28:55 +0000";
    AKLastIDMSEnvironment = 0;
    AddingEmojiKeybordHandled = 1;
    AppleITunesStoreItemKinds =     (
        "itunes-u",
        movie,
        album,
        ringtone,
        "software-update",
        booklet,
        tone,
        "music-video",
        "tv-episode",
        "tv-season",
        song,
        podcast,
        software,
        audiobook,
        "podcast-episode",
        wemix,
        eBook,
        mix,
        artist,
        document
    );
    AppleKeyboards =     (
        "en_US@sw=QWERTY;hw=Automatic",
        "emoji@sw=Emoji",
        "es_ES@sw=QWERTY-Spanish;hw=Automatic",
        "com.grammarly.keyboard.extension"
    );
    AppleKeyboardsExpanded = 1;
    AppleLanguages =     (
        "en-US",
        "es-US"
    );
    AppleLanguagesDidMigrate = 19B74;
    AppleLanguagesSchemaVersion = 2000;
    AppleLocale = "en_US";
    ApplePasscodeKeyboards =     (
        "en_US@sw=QWERTY;hw=Automatic",

[DopeText] col: UIExtendedSRGBColorSpace 1 1 1 1

[DopeText] prefs: <NSUserDefaults: 0x28172dc40> ena: (null) YourCustomColour: (null)

my thoughts exactly

private doesnt exist

https://chis.pasted.lol/📸/njtpytdm.plist

i didnt go to private

just look at the file

……

it renamed it

wat

no????

you need to encode as base64

i have enmity

and then encrypt

and then print out each letter, and mail it via us mail

ok priority mail

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>YourCustomColour</key>
    <string>#00FFE9:1.00</string>
    <key>ena</key>
    <true/>
</dict>
</plist>

I DONT KNWO

THIS IS DUMB

add nslog before NSUserDefaults

then look at log

see what it's redirecting

its /var/jb/var/mobile/Library/Prefrences

NSUserDefaults *prefs = [[NSUserDefaults alloc] initWithSuiteName:@"com.chis.dopetext"];

thats what you said to put

2nd

yea

nothing in /var/prefrences

its what i put

#development message

@naive kraken is altlist supposed to be loading into app store processes? https://github.com/jjolano/shadow/issues/136

Last time i checked i only link it in preferences so this is pretty odd

I do not have any dopamine devices so cannot test/verify

if you or any other tweak links it, yes

otherwise no

Yeah thats my thought as well

Wb my question

/John cena question

idk it should work tbh

oh wait

what process are you trying to read the value from?

Settings?

Like with preference loader

Messages

actually the process is MobileSMS

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

this is very helpful thank you guys

No problem, always happy to help

it probably picks the wrong path then

yeah you need to put in absolute path (without /var/jb) as the suite name and if you want to access it from a sandboxed process you need to use libSandy

ultra please bring back the server ultra
we will play on it
so much

wazat

and its not going from path

look here #development message

how do i use libsandy profiles?

https://twitter.com/mycoliza/status/1659667674740445184?s=19

the Minecraft server is back

it is fr

fr

We’d

Wer

Where

chis@seedbox:~/dopetext/libSandy$ ./install*
==> Cleaning…
> Making clean in sandyd…
==> Cleaning…
> Making all for library libsandy…
==> Compiling libSandy.m (arm64)…
libSandy.m:3:9: fatal error: 'xpc/xpc.h' file not found
#import <xpc/xpc.h>
        ^~~~~~~~~~~
1 error generated.
make[3]: *** [/home/chis/theos/makefiles/instance/rules.mk:211: /home/chis/dopetext/libSandy/.theos/obj/arm64/libSandy.m.63673a61.o] Error 1
make[2]: *** [/home/chis/theos/makefiles/instance/library.mk:52: /home/chis/dopetext/libSandy/.theos/obj/arm64/libsandy.dylib] Error 2
make[2]: *** Waiting for unfinished jobs....
==> Compiling libSandy.m (arm64e)…
libSandy.m:3:9: fatal error: 'xpc/xpc.h' file not found
#import <xpc/xpc.h>
        ^~~~~~~~~~~
1 error generated.
make[3]: *** [/home/chis/theos/makefiles/instance/rules.mk:211: /home/chis/dopetext/libSandy/.theos/obj/arm64e/libSandy.m.f35cfbdd.o] Error 1
make[2]: *** [/home/chis/theos/makefiles/instance/library.mk:52: /home/chis/dopetext/libSandy/.theos/obj/arm64e/libsandy.dylib] Error 2
==> Compiling libSandy.m (armv7)…
libSandy.m:3:9: fatal error: 'xpc/xpc.h' file not found
#import <xpc/xpc.h>
        ^~~~~~~~~~~
1 error generated.
make[3]: *** [/home/chis/theos/makefiles/instance/rules.mk:211: /home/chis/dopetext/libSandy/.theos/obj/armv7/libSandy.m.c0053659.o] Error 1
make[2]: *** [/home/chis/theos/makefiles/instance/library.mk:52: /home/chis/dopetext/libSandy/.theos/obj/armv7/libsandy.dylib] Error 2
make[1]: *** [/home/chis/theos/makefiles/instance/library.mk:37: internal-library-all_] Error 2
make: *** [/home/chis/theos/makefiles/master/rules.mk:119: libsandy.all.library.variables] Error 2

@naive kraken

I love my mac machine

hi, how do i create a file at a specifc location in my tweak in c++

ok i dont need i found better way

you put something like this in layout/Library/libSandy/TweakName.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AllowedProcesses</key>
    <array>
        <string>*</string>
    </array>
    <key>Extensions</key>
    <array>
        <dict>
            <key>type</key>
            <string>file</string>
            <key>extension_class</key>
            <string>com.apple.app-sandbox.read-write</string>
            <key>path</key>
            <string>/var/mobile/Library/Preferences/com.example.tweakname.plist</string>
        </dict>
        <dict>
            <key>type</key>
            <string>file</string>
            <key>extension_class</key>
            <string>com.apple.app-sandbox.read-write</string>
            <key>path</key>
            <string>/var/jb/var/mobile/Library/Preferences/com.example.tweakname.plist</string>
        </dict>
    </array>
</dict>
</plist>

and in your tweak, #import <libSandy.h> and libSandy_applyProfile("TweakName")

read-only may be enough instead of read-write depending on your needs, in my case i needed read-write

It’s just preference loader?

So it will just be read right?

Oh god English sucks

@tepid olive Does the dylib you sent me support hardware breakpoints? iOS

this one

yes

thanks

Aight let’s see, any ideas for a more than just ur regular hello world?

obfuscator

Hm?

make an obfuscator

D:

What will it obfuscate

Strings and function names

Brüh

High Kring factor

help me add the content please

i fucked up

accidentally said -arm64e version

was thinking of
-arm64 = rootful
-arm64e = rootless

but accidentally messed up

meant to say

-arm = rootful
-arm64 = rootless

sorry

and what to do

ты русский?

not sure, i just wanted to correct myself

lol

i'm not russian, sorry

поч файлы русские

imagine russian
this post was made by german gang

can i do ble shit with this theos thing?

need to write an app for using my watch ig

wtf russians on discord

i thought they were embargoed

Does anyone know any tweaks that are updated for rootless that rely on Alderis?

Jellyfish but not updated

i'm not the official dev, but i rebuilt Atria for rootless

thanks, I just tested it, it works

how do install libsandy?

i think im doing something wrong

fatal error: 'xpc/xpc.h' file not found

run: ls $THEOS/include | grep xpc

nothing

ok so make a xpc folder in $THEOS/include

and put these files there
https://github.com/theos/templates/tree/master/ios/xpc_service/headers/xpc

.
└── $THEOS/
    └── include/
        └── xpc/
            ├── XPC.apinotes
            ├── activity.h
            ├── availability.h
            ├── base.h
            ├── connection.h
            ├── debug.h
            ├── endpoint.h
            ├── module.modulemap
            └── xpc.h

it should look like this when youre done

should i have

project
  libSandy git repo

dont think that matters

==> Cleaning…
> Making clean in sandyd…
==> Cleaning…
> Making all for library libsandy…
==> Compiling libSandy.m (armv7)…
==> Compiling libSandy.m (arm64e)…
==> Compiling libSandy.m (arm64)…
==> Linking library libsandy (armv7)…
==> Generating debug symbols for libsandy…
==> Stripping libsandy (armv7)…
==> Linking library libsandy (arm64)…
==> Generating debug symbols for libsandy…
==> Stripping libsandy (arm64)…
==> Linking library libsandy (arm64e)…
ld: warning: object file /home/chis/dopetext/libSandy/.theos/obj/arm64e/libSandy.m.f35cfbdd.o was built with an incompatible arm64e ABI compiler
==> Generating debug symbols for libsandy…
==> Stripping libsandy (arm64e)…
==> Merging library libsandy…
==> Signing libsandy…
> Making all in sandyd…
> Making all for tool sandyd…
==> Compiling sandbox_compat.m (arm64e)…
==> Compiling main.m (arm64)…
==> Compiling main.m (armv7)…
==> Compiling main.m (arm64e)…
==> Compiling sandbox_compat.m (arm64)…
==> Compiling sandbox_compat.m (armv7)…
==> Linking tool sandyd (arm64e)…
ld: warning: object file /home/chis/dopetext/libSandy/.theos/obj/arm64e/main.m.ed200450.o was built with an incompatible arm64e ABI compiler
ld: warning: object file /home/chis/dopetext/libSandy/.theos/obj/arm64e/sandbox_compat.m.ed200450.o was built with an incompatible arm64e ABI compiler
Undefined symbols for architecture arm64e:
  "___isOSVersionAtLeast", referenced from:
      _getProcessExtensions in main.m.ed200450.o
ld: symbol(s) not found for architecture arm64e
clang-11: error: linker command failed with exit code 1 (use -v to see invocation)
make[4]: *** [/home/chis/theos/makefiles/instance/tool.mk:20: /home/chis/dopetext/libSandy/.theos/obj/arm64e/sandyd] Error 1
make[3]: *** [/home/chis/theos/makefiles/instance/tool.mk:20: /home/chis/dopetext/libSandy/.theos/obj/arm64e/sandyd] Error 2
make[3]: *** Waiting for unfinished jobs....
==> Linking tool sandyd (arm64)…
Undefined symbols for architecture arm64:
  "___isOSVersionAtLeast", referenced from:
      _getProcessExtensions in main.m.67826137.o
ld: symbol(s) not found for architecture arm64
clang-11: error: linker command failed with exit code 1 (use -v to see invocation)
make[4]: *** [/home/chis/theos/makefiles/instance/tool.mk:20: /home/chis/dopetext/libSandy/.theos/obj/arm64/sandyd] Error 1
make[3]: *** [/home/chis/theos/makefiles/instance/tool.mk:20: /home/chis/dopetext/libSandy/.theos/obj/arm64/sandyd] Error 2
==> Linking tool sandyd (armv7)…
Undefined symbols for architecture armv7:
  "___isOSVersionAtLeast", referenced from:
      _getProcessExtensions in main.m.6d0706c4.o
ld: symbol(s) not found for architecture armv7
clang-11: error: linker command failed with exit code 1 (use -v to see invocation)
make[4]: *** [/home/chis/theos/makefiles/instance/tool.mk:20: /home/chis/dopetext/libSandy/.theos/obj/armv7/sandyd] Error 1
make[3]: *** [/home/chis/theos/makefiles/instance/tool.mk:20: /home/chis/dopetext/libSandy/.theos/obj/armv7/sandyd] Error 2
make[2]: *** [/home/chis/theos/makefiles/instance/tool.mk:11: internal-tool-all_] Error 2
make[1]: *** [/home/chis/theos/makefiles/master/rules.mk:119: sandyd.all.tool.variables] Error 2
make: *** [/home/chis/theos/makefiles/master/aggregate.mk:12: internal-all] Error 2

@vale oxide

?

thats how to fix

Undefined symbols for architecture arm64e:
  "___isOSVersionAtLeast", referenced from:
      _getProcessExtensions in main.m.ed200450.o```

That doesn’t exist

_getprocess

what

in main.m

https://i.e-z.host/f9ufhs2k.png

first of all, its showing the symbol name, so you remove the _

so you search for getProcessExtensions

and second of all, its in ./libSandy/sandyd/main.m

https://github.com/opa334/libSandy/blob/main/sandyd/main.m#L127

That’s where i was looking but the _ fucked it up

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

Do i just slap@it in there at the top?

Of the function

fr

hello , does anyone know why i get this error ?

ld: warning: invalid -install_name (/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate) in dependent dylib (/Users/sopppra/theos/vendor/lib/libsubstrate.tbd). Dylibs/frameworks which might go in dyld shared cache cannot link with dylibs that won't be in the shared cache

makefile :
xxx_LIBRARIES = substrate

i cheked with otool

@rpath/CydiaSubstrate.framework/CydiaSubstrate (compatibility version 0.0.0, current version 0.0.0)

you really shouldn't add that to makefile

That it's warning not error

Hello all👋

I'm start learning obj-c you can say noob

I'm trying to compile luki20 source code:

https://github.com/Mighel881/NetflixToggle.git

it's compiled without errors, and it's worked perfect on ios 14. and when I compiling it for rootles iOS 15 dopamine. after installing toggle appear in control center setting but not showing in control center

need to know why and how to fix

thanks in advance

https://github.com/Luki120/SmallTweaks/tree/main/SpringBoard/NetflixToggle

FYI this is the new proper code

make[2]: *** Waiting for unfinished jobs....
==> Compiling Tweak.x (arm64)…
Tweak.x:7:27: error: expected parameter declarator
int libSandy_applyProfile("profile");
                          ^
Tweak.x:7:27: error: expected ')'
Tweak.x:7:26: note: to match this '('
int libSandy_applyProfile("profile");

wat

#import <libSandy.h>
int libSandy_applyProfile("profile");

@radiant idol

you have any idea?

not sure

ive never used libsandy

uh

are you declaring the method or calling it

calling

i think?

then why is int in front of it

==> Compiling Tweak.x (arm64)…
Tweak.x:7:23: error: expected parameter declarator
libSandy_applyProfile("profile");
                      ^
Tweak.x:7:23: error: expected ')'
Tweak.x:7:22: note: to match this '('
libSandy_applyProfile("profile");
                     ^
Tweak.x:7:1: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int]
libSandy_applyProfile("profile");

when no int

soooooooooooooooo

you probably just put it outside of a function

?

it needs to be in a function

libSandy_applyProfile("profile");

opposed to

int function() {
  libSandy_applyProfile("profile");

}

thats what im doing

yes like that

libSandy_applyProfile("profile");

is my code

post the code

#import <libSandy.h>
libSandy_applyProfile("profile");

wat

you gotta hit the books man

learn some C

#import <libSandy.h>
%ctor {
  libSandy_applyProfile("profile");
}

why doe

or some common sense after reading a couple messages

this is dumb

actually

no

that makes sence

no common sense here

python is getting to me

clearly not

@vale oxide you need a main function, you can't just write lines of imperative code at top level lmao

yeah i get that now

otherwise you're declaring external functions

And wtf is #import

is this c or something else

objc

oh OK that makes more sense

#import handles for duplicate includes i think

aka too lazy to do a #ifndef guard

what other languages would we be using in here

basically

idk you said c so I thought c

yes

what

do you even know what that is

im lazy

yeah

saying yes pretending like you know what theyre talking ab

stop that

allow him room to learn

i said yes that im lazy

we're trolling here, not bullying (except capt)

well lets see if it works

@indigo peak

gm

jaidan

hi

develo

not working

shit

pment

not even injecting anything

pavement

did you set your bundle filter properly

libSandy_applyProfile("profile");

wrog

{ Filter = { Bundles = ( "com.apple.MobileSMS" ); }; }

theer

not showing up in anemone

wat

shit

i have no idea

just try a simple nslog

@import Foundation;

%ctor {
  NSLog(@"[DEBUG] test");
}

where will it log that?

how do i log an array

i need to make every int to char

bro what

tr

aight so i want to write an app that can connect and work with a bluetooth le device i own, is there some sort of example i can borrow stuff from?(also do i need to be jailbroken to do that?)

https://www.instructables.com/IOS-App-for-Adafruit-Feather-NRF52832/ i found this but i currently have nothing to run xcode on(too lazy to hackintosh again) and idk if that applies to this theos thing

@unkempt raft does this mean like i could just move it manually or did i do somthing wrong (trying to compile cardculator)

the file path seems off

here

can you verify the framework has been compiled and outputted to that path?

uhh, idk but in the folder isnt in the folder that i git cloned

byt but theres this

@unkempt raft

try just moving the .framwork

also, what command are you runnning for compiling Comet?

i just copy pasted form the like article on your website

i did, but idk where to put it exactly

where its trying to move it

like this ?

move it to $THEOS/lib/iphone/rootless/

$THEOS is probably /Users/tesla3092/theos

(in your case)

so move it to /Users/tesla3092/theos/lib/iphone/rootless/

yea ik

i put the .framework filder.file there?

right

k

obviously copy the entire folder

not just executable

fyi

yea

but still getting this, should i move the file/folder to the path its complaining about ? @unkempt raft

run ls $THEOS/lib/iphone/rootless/

what's the output

do i need to restrat term?

im on a VM SSH'ed into it btw

you shouldn't need to

hm

how are you compiling the tweak?

make do THEOS_PACKAGE_SCHEME=rootless

yeah should be right

hm

nothing ever works for me smh, im on mac os monteray is that the prob?

shouldn't be an issue

any other logs or sm i could check?

i'm thinking

cardculator isnt in the "developer" folder u said to clone it into on your site, but that shoouldn't be a problem right?

obviously not

it's something else

idk

do i need somthing elts installed?

try also copying the framework to just $theos/lib

not moving

whats your ls $THEOS/lib/iphone/rootless/
look like?

but copying

so it's in both places

k

and try recompiling

or make spm first?

still same issue/error

should i try rebooting my VM?

or like restrating theos some how

have you just install theos or did you have it previously?

if latter, try reinstalling

i instlled it like a week or two ago

im asuing there a guid on the theos.dev site right?

wait

i think i know what can be the issue

did you switch to orion branch?

cd $THEOS && git fetch && git checkout orion && git submodule update --init

yea

i ran that comand before ding anything

@unkempt raft

hmm

try reinstalling theos i guess

because this is the root problem

you can't for some reason compile Comet correctly

i have procurse bootsrtap installed is that the problem?

i think

@silver rampart Is headers.cynder.me down? just tried to access it and it says its down

@lime pivot @primal perch how do you make native windows gui programs with c in 2023

what do u use

or c++

you'd want to use C++

which lib

well, probably better off starting with C# really

nah im good

the "modern" way is WinUI which supports C++ and C#

alr

that supports Windows 10/11

if you need a "full" desktop app though you can use WinRT which is sort of an improvement of the old school Win32

ok i know some win32 until i stopped learning bc it pissed me off

yeah RT should solve a bunch of those headaches, not all but most at least

damn i really need a new ssd im running out of space

Qml?

no

yeag wait like a week

alright

tweak is not even getting to %ctor anymore

dont know how that could be possible

how would i even debug this

I didn’t have libsandy installed

Might want to put that in your depends

Is the process crashing?

I didn’t install libsandy

So

Yeah fixed that

its always returning light blue

but thats not in any of my deafaults

NSUserDefaults* prefs = [[NSUserDefaults alloc] initWithSuiteName:@"/var/mobile/Library/Preferences/com.chis.dopetext.plist"]; 
    NSLog(@"[DopeText] prefs: %@ ena: %@ YourCustomColour: %@", prefs, [prefs objectForKey:@"ena"], [prefs objectForKey:@"YourCustomColour"]);
    

returning

light blue even though i deletdall the plist files except my main one and re jailbroke

I'm wondering how it could be possible to jailbreak a device like the HomePod that has no visible connection to a computer or ability to install apps (at least I think you can't install apps). I was thinking maybe you could make use of a vulnerability where processing a malformed plist file would lead to arbitrary code execution. You would connect the HomePod to a DNS server that redirects the HomePod to a custom server containing the malformed plist when it tries to check for updates using the software update XML on Apple's servers (https://mesu.apple.com/assets/audio/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml). This would be initiated by going into the Home app and checking for HomePod software updates. However, I'm not entirely sure whether it's the HomePod itself that checks the software update XML or whether it's the device you initiate the check from. If it's the latter, this technique would be useless.

iirc, checkra1n can work on the homepod, but I don't think there is much it can do

Yeah v0.21.1 advertises:

Partial support for the original HomePod (CLI only, tested to work with audioOS 13 and 14)

other than that I'm not sure how one would go about it

Home pods have dfu

there are USB pins inside the device, requires some disassembly of course

on a rootless device preferences will be redirected to /var/jb. and if you make changes on disk, you need to killall -HUP cfprefsd so it knows about it

it’s still cached in memory otherwise

hungarian notation

they're on the underside, under the rubber to be exact

What the best way to determine rootless or rootful env? Does anyone know it?

I’m more concerned about the 2nd generation HomePod, which I’m not sure has those.

people bought that?

I hope so given they finally made it a product people are willing to spend money on

hopefully they don't die after 2 years

Theos has some stuff built in you can use: https://github.com/theos/headers/blob/master/rootless.h

Very appropriate!

so i have to kill it every time it changes?

only if you manually modify the file. if you use the preferences/user defaults APIs it'll all just work

im not cause that wasn’t working

lemi get my code

    libSandy_applyProfile("profile");
    NSUserDefaults* prefs = [[NSUserDefaults alloc] initWithSuiteName:@"/var/mobile/Library/Preferences/com.chis.dopetext.plist"]; 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AllowedProcesses</key>
    <array>
        <string>*</string>
    </array>
    <key>Extensions</key>
    <array>
        <dict>
            <key>type</key>
            <string>file</string>
            <key>extension_class</key>
            <string>com.apple.app-sandbox.read-write</string>
            <key>path</key>
            <string>/var/mobile/Library/Preferences/com.chis.dopetext.plist</string>
        </dict>
        <dict>
            <key>type</key>
            <string>file</string>
            <key>extension_class</key>
            <string>com.apple.app-sandbox.read-write</string>
            <key>path</key>
            <string>/var/jb/var/mobile/Library/Preferences/com.chis.dopetext.plist</string>
        </dict>
    </array>
</dict>
</plist>

would this mess that up?

killall -HUP cfprefsd

i had to completely restart my ipad for changes to take effect

i mean i understand why this is happening, i know what a cache is

but how fix ya know

if i reboot user space it works

but thats not really user friendly

needs to be done with sudo

how do i do this when the device resprings so this works when i change shit in prefrences

erm, don't

if you need to do that then you're doing something very wrong

yeah thats what i thought

if you're in a sandboxed process you may need Cephei (not yet ready for iOS 15/16 tho)

OPAAAAA

this worked on xina

😦

i already have 3 dependencies

because xina is hacky 😟

true

but im lazy and this is way harder

should i try normal preferences again

wdym normal preferences

like the NSUserDefaults

or will that not change anything

what should i do now? just wait for cephi support and use this hacky method? @lime pivot

hey guys

i gotta upload a jar file to gist but how do i do that?

wat

use github

wdym wut

no it must be gist

Look someone has a jar file in their gist

but when i try to upload a jar file

why are you using gist

btw

I need it for something

I tried to google it but can't find someone uploading a jar to gist

https://github.com/orgs/community/discussions/31767

first google result

he creates a file

I need to upload a file

keeps looking and look up how to upload a file to a github gist

create a gist, like make a readme.md or txt file or whatever

grab the repo url and clone it on your machine

add whatever files and push

what process are you in that's having trouble reading prefs?

git clone <url>?

there's a box with a copy button after you create it, just copy paste that

how to add files and push it?

imessage

I did git push but nothing got added after I placed the files I want in the cloned folder

com.apple.MobileSMS

you did commit, of course?

did it make a new entry in the revisions tab?

ok yeah so it definitely is sandboxed from reading prefs then. you'd need to use Cephei or come up with another solution

well im using lib sandy

and that works

but i need to run the command on every change

how can i run a command with sudo from obj-c

I really recommend you don't go down that path, it's very likely going to cause more problems trying to kill cfprefsd for every value change

i mean i dont see any other solution cause i dont really know so like what can i do?

he doesn’t want his firstborn killed so cephei isn’t an option

😳

Issue closed, behaviour is intended

lets say hypothetically i have cephei for rootless

how would i use it

hypothetically of course

there is only an unofficial build so far

you can just use nsuserdefaults with full plist path with libsandy

so it still goes through cfprefsd

or if you're gonna skip cfprefsd then just modify your preference bundle to also read/write the plist directly instead of using cfprefsd

what should i do with @interface HBPreferences : NSObject in my .h file

https://github.com/eswick/harbor/blob/master/HBPreferences.h

what do you mean?

it didn’t when Harbor was made 💀

@grave sparrow

oh i got confused when i saw this

#import <Cephei/HBPreferences.h>

is what i have

oh wait thats right

hmmmm

How do i fix that

help add rutles support

Are these the pins on the 2nd generation model?

ooh, yep so it’s probably unchanged then

What ways can you even interact with the HomePod over USB?

just like plugging in an iphone iirc

unless its some kind of swd port then idk

But there's no way to restore it, is that correct?

I have a feeling the ipsws aren't public

they are for homepod mini only

I’m trying to compile Ve for rootless on 15.4.1, I’m doing something wrong?

I need to do rootless too

Does the 3rd generation Apple TV 4K have something like this? Since there’s a version without an Ethernet port, I’d think it wouldn’t have the debug port in there like the 1st and (I think) 2nd generations have.

yep because they use USB-C for power, if plugged into a PC it boots to DFU mode

Your missing the toolchain

Actually true

its complaining about clang missing

Is there something like hooking on mac

ellekit

or substitute if you need c hooking on x86_64

libhooker also works ig

ig

@robust radish are your changes public

or do i just use coolstar/libhooker

there are a few branches on my fork of the repo with some optimizations and a bunch of additional unit tests, but most of my changes are not public yet. I'm working on preparing it for a tvOS 15/16 jb, afterwards everything will be opened sourced. The OSS basebins that are currently public are outdated and may cause you problems on newer iOS/tvOS versions

nothing is showing up in preference loader after i re jailbroke

with dopamine

i clicked remove jb and it seemed like nothing actually got removed

My use case is just hooking on x86_64 so

i'm injecting through kernelspace

so i just need the core hooking lib

should i try to remove again?

ios 8 strap 🙏

So uhhh who wants to update Zenith (formerly apex) for dopemine use?

Seeing as its a paid tweak, thats not open source, that would require rewriting from scratch, so uhh no thanks

and the original author hasn't update for iOS 14 jailbreaks so good luck getting that done

Surely $3 would change your mind??

Nope

i already have it installed

r u sure

maybe its not where its supposed to be

already done

Well it’s /var/jb/usr/bin/clang

/var/sus

how actually possible is it to get arm64e afc3 coretrust on ios 15

what

the time needed to work on it from scratch would be worth more like $3,000

I am quite fine without the tweak

Id learn what I’d need and do it myself before shelling out $3k for a jailbreak tweak that I’d sell for, what, $1.99?

we'd always be happy to help you learn if that's where you want to go, just wanted to make sure you understand a few dollars isn't enough to justify the work needed

worth posting on https://www.reddit.com/r/TweakBounty anyway, maybe others will offer up some amount along with you to make it worth the time investment

Oh I know haha I was joking with the $3. I couldn’t imagine the work that would be needed.
I’m a bot developer and the amount of work to put into making a verified bot is still incomparable to making a tweak like that from scratch.

I’ve never gotten into tweak dev but I’ve been around since iOS 2 so I know the “industry” and history, so to speak.
Not easy stuff. Kudos.

ah, a jb veteran 🙃

glad you've stuck around!

Indeed. Took a break between iOS 12 and now but I still have a couple of untethered laying around

8.4 and 9.3.4

Broke my OG iPhone and 3GS…

shortcut is to tweak the tweak, to fix whatever issues it has. that should be easier and a lot faster than reimplementing the entire thing

could ask @lapis vessel to hand off the code to someone he trusts

The real question is… and like I said, I’ve been away for a while so this could sound ignorant/out of the loop but… activator? Is petrich out? I recently learned about saurik’s big moves…

I haven't seen much from him lately. seems he's moved on and is busy with his job and life and all

Life… who needs it

Kidding. Gotta do what you gotta do.

TRUE

Is cydia substrate a trampoline hook? If not what is a trampoline hook

these little guys at the start of a function are important

what does stp do

so if we wanna add some code somewhere (evil function) and patch a function (good one) to go to that one instead, we're gonna end up overwriting those two little guys at the start so we can make the jump

so what we do is make a 'trampoline' instead, which runs those first two important things, then jumps to our added (evil!) code

is the basic concept

so it jumps from original to own with setting up params or what that is and then goes to the actual own functions

yeah

and its called trampoline because it does 2 jumps?

presumably

thanks

https://github.com/evelyneee/ellekit/blob/main/ellekit/Languages/C/Trampoline/Trampoline.swift @tepid olive here’s how i do trampolines