#development

sizeof(audience_waiting) == 0

void audience_waiting[]

disk_load.asm
disk_load:
    push dx

    mov ah, 0x02 ; read sector

    mov al, dh
    mov ch, 0x00 ; cylinder 0
    mov dh, 0x00 ; head 0
    mov cl, 0x02 ; sector 2

    int 0x13 ; disk interrupt

    jc disk_error

    pop dx

    cmp dh, al
    jne sector_error

    ret

sector_error:
    mov si, SECTOR_ERROR_MSG
    call print_string
    jmp $

disk_error:
    mov si, CARRY_ERROR_MSG
    call print_string
    jmp $

CARRY_ERROR_MSG:
    db 'carry error',0x00

SECTOR_ERROR_MSG:
    db 'didnt load all the sectors',0x00

boot_sect.asm
[org 0x7c00]

; xor ax, ax
; mov ds, ax
; cld

mov [BOOT_DRIVE], dl

mov bp, 0x8000 ; stack
mov sp, bp

mov bx, 0x9000 ;load some sectors from es to bx
mov dh, 5 ; 2 sectors to be exact
mov dl, [BOOT_DRIVE] ; from the boot disk
call disk_load

mov si, [0x9000] ; print first word stored at 0x9000
call print_string

mov si, [0x9000 + 0x0200] ; print first word from 2nd loaded sector
call print_string

%include "disk_load.asm"
%include "print_string.asm"

jmp $

BOOT_DRIVE:
    db 0x00

; fill rest of boot sector and magic number at end

times 510-($-$$) db 0x00

dw 0xaa55

times 256 dw 0xdada ; for the next 2 sectors
times 256 dw 0xface

@primal perch

wait

im trying to read 5 sectors but theres only 3 sectors

ok no more carry error but still nothing being printed

can you do multiple search filters with frida-trace

like multiple -m

CS_INVALID_ALLOWED has basically no use in xnu

It doesn't let you exc invalid pages

At least from my experience

Why does no one document this shit

probably because it's an obscure component of a kernel no one outside of apple actually thinks about

CS_INVALID_ALLOWED just lets you run cs_allow_invalid

I think that's it

At least from what I can tell in xnu and amfi

No it just means you are allowed to run cs_allow_invalid

I forgot what calls that

Probably ptrace

There's still checks in this iirc

where

well its not in xnu

uh

maybe macf hook

now lets see if amfi has a hook for it

where is my .i64

mac_ops.mpo_proc_check_get_task_with_flavor = macos_task_policy;```

hm

csproc_mark_invalid_allowed(v6);

yea amfi sets it

so task_for_pid sets CS_INVALID_ALLOWED and cs_allow_invalid (through an AMFI MACF hook) checks CS_INVALID_ALLOWED

task_for_pid -> mac_proc_check_get_task -> AMFI hook -> calls csproc_mark_invalid_allowed -> sets CS_INVALID_ALLOWED

cs_allow_invalid -> mac_proc_check_run_cs_invalid -> AMFI hook -> calls csproc_check_invalid_allowed -> checks CS_INVALID_ALLOWED

and cs_allow_invalid is called by uh

fasttrap and ptrace

i think its the victim

no fucking clue

so if you want to ptrace something, you have to call task_for_pid first?

i guess its just an additional check to ensure that its not run without a valid debugging context

CS_INVALID_ALLOWED is practically useless outside of a debugger context

well idk man

all i can tell you is that it removes CS_KILL and CS_HARD and adds CS_DEBUGGED if CS_VALID

it seems CS_RUNTIME is another amfi problem

CS_ENFORCEMENT controls whether the CS_HARD/CS_KILL checking codepath even runs

so first we start with this

in process_signature which sets the csflags from AMFI

/* set the cs_enforced flags in the map */
if (proc_getcsflags(p) & CS_ENFORCEMENT) {
    vm_map_cs_enforcement_set(get_task_map(proc_task(p)), TRUE);
} else {
    vm_map_cs_enforcement_set(get_task_map(proc_task(p)), FALSE);
}```

that runs pmap_set_vm_map_cs_enforced

and then somewhere along the line

we enter vm_fault_validate_cs

this is basically
if vm_fault_cs_check_violation call vm_fault_cs_handle_violation

check_violation calls cs_enforcement_enabled = pmap_get_vm_map_cs_enforced(pmap);

if that's true

vm_fault_cs_handle_violation gets called once vm_fault_cs_check_violation returns true

that calls cs_invalid_page

which deals with CS_HARD and CS_KILL

so if pmap_get_vm_map_cs_enforced is false

and the page is not tained

no vm_fault_cs_handle_violation

unsure

i think its if you fuck with a page ie directly modifying it

but im pulling that out of my ass

then yea

get rid of CS_ENFORCEMENT and ur golden

afaict

ya

google

were these notifications ever documented

like which private framework and whatever

flex?

https://github.com/BastiaanJansen/toast-swift

How am i supposed to find out why the hook in jitless.c from ellekit doesnt work for me

wait i can just log inside jitless.c to see if it gets called at all

this should print to console in xcode right

cuz i dont see anything when calling the function

Hi! I want to add a simple entitlement to SpringBoard

<key>com.apple.private.tcc.manager</key>
<true/>

Can I do it inside of the SpringBoard? I mean I don't want to use ldid -S<...> -M but I would prefer an on-the-fly injection.

not really possible

at least not out of the box

you'd have to either modify kernel memory or attach a detached signature

both of which are not exactly trivial

gm @grave sparrow

why does NSLog break boot

Okay, so I understood correctly when I saw Taurine and Chimera13 repo where coolstar used a function called wk64.

Yeah, you're right. I hoped that I could do it using frida maybe using some undocumented kernel sycall or function.
I think that with frida is still possible but at the moment for me it is a bit to early.

Thank u!

p sure it breaks yea

rip

i guess im doing file logging

I'll add detached sig support to ldid for $200

$20 ok

$200.20

$20.20

$20,000.20

.20

$0.0000002

22.00

deal

$002200.00

20 zimbabwe money

Yes

I have some Zimbabwe cash

what money

there was like

1,000 currencies at that time

10,000 at one point

According to some random website, that's $700

adjusted for inflation?

i almost made a joke that would’ve probably got me a knock on my door

and probably a nice trip on the no fly list

well riddle me this, why was Ted in jail

sure

which part

does it?

like the devices and simulators console

why do i need new lines

what if i dont run it under a debugger

can i somehow log it anyway

what if i need objc

well nslog isnt for c so what do i do

create bridging header

afaik xcode 15 made some changes to c/c++ interop

forgot ab those

boring

rewrite better

https://developer.apple.com/videos/play/wwdc2023/10172/

bridging headers deprecated??

thanks

i just made my own

- (void)toast:(NSString *)message {
    UIViewController *vc = (UIViewController *)self;

    CGFloat screenWidth = CGRectGetWidth(vc.view.bounds);
    CGFloat toastHeight = 50;
    CGFloat toastWidth = screenWidth - 80;
    CGFloat toastYPosition = -toastHeight;

    UIView *toastView = [[UIView alloc] initWithFrame:CGRectMake((screenWidth - toastWidth) / 2, toastYPosition, toastWidth, toastHeight)];
    toastView.backgroundColor = [UIColor colorWithRed: 0.16 green: 0.17 blue: 0.20 alpha: 1.00];
    toastView.layer.cornerRadius = toastHeight / 2;

    UILabel *messageLabel = [[UILabel alloc] initWithFrame:toastView.bounds];
    messageLabel.text = message;
    messageLabel.textColor = [UIColor whiteColor];
    messageLabel.textAlignment = NSTextAlignmentCenter;
    [toastView addSubview:messageLabel];

    [vc.view addSubview:toastView];

    [UIView animateWithDuration:0.5 delay:0.0 options:UIViewAnimationOptionCurveEaseInOut animations:^{
        toastView.frame = CGRectMake((screenWidth - toastWidth) / 2, 50, toastWidth, toastHeight);
    } completion:^(BOOL finished) {
        [UIView animateWithDuration:0.5 delay:1.0 options:UIViewAnimationOptionCurveEaseInOut animations:^{
            toastView.frame = CGRectMake((screenWidth - toastWidth) / 2, toastYPosition, toastWidth, toastHeight);
        } completion:^(BOOL finished) {
            [toastView removeFromSuperview];
        }];
    }];
}

@grave sparrow it seems early boot is very sensitive

even NSDate makes it die

localtime + strtftime makes it die too

 NSString* date =
     [NSISO8601DateFormatter stringFromDate:[NSDate date] timeZone:[NSTimeZone timeZoneWithAbbreviation:@"UTC"]
                              formatOptions:NSISO8601DateFormatWithInternetDateTime | NSISO8601DateFormatWithFractionalSeconds];```

sum total of what i do

time to try ctime

if not i'll just use time directly

nah i tested just time and it doesn't die

fucking hell

ctime died too

actually let me make sure it's not NSString screwing things up

it's ctime

im gonna cry

can i get dev role here

i got it in palerain i think now i deserve it here

@grave sparrow cant even use contentsOfDirectoryAtPath

do i have to rewrite this in C and use CF only??

Or maybe I should just do this from kernelspace

You haven't done meth yet sadly

how u know that

readdir >>>

@restive ether i offer excellent dick sucking services

I got my connects you adderal addict

And who are you again?

joe

yea but I'm injecting early as fuck

idk

file exists works

@grave sparrow help me with assembly i just got home

better patch yo mommas pussy the way i stretched it out

It seems to be taking a long time to finish

It’s getting slower????

zefram + iTunes screen

the cunts fucked

I’m busy sleeping

I'm still waiting for cameren to give me advanced developer now that I finished the rootless strap

time for cfver 2000

Do you think he tries them on in changing rooms

damn

Bro is sad they took his foreskin on the 8th day

what's your injection blacklist

that's not the same as none

what is it

maybe it'll fix my issues

also it seems like i don't have to revert to raw C

std::filesystem ftw

Kill

C++

you got endpointsecurityd to stop breaking?

hm

SystemUIServer isnt run before it hangs

neither is sandboxd the issue

yea but

do i blacklist or do i go with using different apis

i think i should go for the former given that any tweaks i inject will just break boot anyway

uh

idk ARC man

i know

uh

idk man

my dylib passes amfi

i exempted it from apple system policy too

the kext

wtf does ASP do anyway

anyways

blacklisting 50 < pid <= 100 didn't work

time to try 150

the last time i tried this it didnt really work out

i ended up having to go up to 400

but idt i knew about NSLog chicanery then

so

150 also dead

wait

let me rule out some changes

ok trying 200

that worked

nvm icant log in

nice

hm

cryptexd, kcm, and gssd are crashing

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000

Termination Reason:    Namespace SIGNAL, Code 4 Illegal instruction: 4
Terminating Process:   exc handler [591]

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libsystem_trace.dylib                 0x7ff812296233 os_log_set_client_type + 81
1   gssd                                     0x10cfa3f93 0x10cfa0000 + 16275
2   dyld                                  0x7ff8121b141f start + 1903

what

same thing for kcm

for cryptexd

Exception Type:        EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes:       0x0000000000000001, 0x0000000000000000

Termination Reason:    Namespace SIGNAL, Code 4 Illegal instruction: 4
Terminating Process:   exc handler [554]

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   cryptexd                                 0x101eb00c2 0x101e6f000 + 266434
1   cryptexd                                 0x101e79919 0x101e6f000 + 43289
2   cryptexd                                 0x101e78cb8 0x101e6f000 + 40120
3   cryptexd                                 0x101ea0612 0x101e6f000 + 202258
4   dyld                                  0x7ff8121b141f start + 1903```

libinjector doesn't even inject tweaks atm

i have it stop after contentsOfDirectoryAtPath

now GSSCred is crashing

also in os_log_set_client_type

bruh

my libraries are platform

no

no

i could nuke it

i doubt its the issue

get rid of CS_REQUIRE_LV?

intel

no rosetta

it cant even load it only has an arm64e slice

yea

/usr/libexec/rosetta/debugserver:      Mach-O 64-bit executable arm64e
/usr/libexec/rosetta/oahd:             Mach-O 64-bit executable arm64e
/usr/libexec/rosetta/oahd-helper:      Mach-O 64-bit executable arm64
/usr/libexec/rosetta/oahd-root-helper: Mach-O 64-bit executable arm64e
/usr/libexec/rosetta/runtime:          Mach-O 64-bit executable arm64
/usr/libexec/rosetta/translate_tool:   Mach-O 64-bit executable arm64e```

holy fuck

it finally logged in

the fuck?

it was just stuck for a while

oh

weird

maybe it stopped trying to relaunchd GSSCred

or smth

ok CS_REQUIRE_LV | CS_FORCED_LV have been nuked on every process

lets see what happens

ok yea did not help

GSSCred is still dying

i switched my blacklist to 100 <= 200

it died again

i do not think the blacklist approach is the way to go anymore

yes

i agree

impressive

https://twitter.com/jacobmparis/status/1669096007466901505?s=19

Has anyone here had any issues injecting code via a tweak into executables on iOS 16 (palera1n, rootless)?

no

Hey @grave sparrow! I tried to the same with locationd to learn. I opened the Mach-O file with Ghidra and using Defined Strings (I hope this is what you called "looked for XREFS") I searched the substring clients.plist. I'm sure that this file contains all location settings about every app because:

rm -v /private/var/root/Library/Caches/locationd/clients.plist
launchctl reboot userspace

resets every app settings. And fsmon confirmed that this file is written every time the popup window appears to ask the permission.
Anyway using Ghidra I didn't find anything. So I tried to trace all write and retrieve the path from FD using a function in libproc.dylib but nothing.

3 things:

1. how do i check device udid in a tweak
2. how do i make the app crash (if its not the correct udid)
3. how do i make the symbols go away after compiling (preventing easy reverse engineering)

2. if (device_udid != expected_udid) [[NSThread mainThread] exit] or exit(0)
3. strip

thanks

now i just need to find out how to get udid, i tried some stuff already but none worked, all were null

https://github.com/ProcursusTeam/uikittools-ng/blob/main/info/uid.m

so [(__bridge_transfer NSString *)MGCopyAnswer(CFSTR("UniqueDeviceID")) UTF8String] is the udid

pretty sure

k imma try that

wouldnt this work too c NSLog(@"Aloha %s", CFSTR("UniqueDeviceID"));

No

Yes

Try it

i did, it doesnt seem to work, i just wanted to make sure

CFSTR() is just a macro that creates a CFStringRef of the c str you provide

oops

but i dont need mgcopyanswer?

You do

mgcopyanswer is used to get the udid via mobilegestalt

so like this ```c
NSLog(@"Aloha %s", MGCopyAnswer(CFSTR("UniqueDeviceID")));

or is this [(__bridge_transfer NSString *) important

ok looks like it

Depends if you want an NSString or CFStringRef

ig ill use it then

what does this at the end do UTF8String]

identifier at the end?

Converts the nsstring to a c str

if you want an nsstring, remove that

gives me error then

What is it

excepted identifier

Did you remove the opening [

oops i thought i needed it for the bridge transfer part

i still get this error though, is it cuz of the file ending (.xm)?

Link mobilegestalt

_LIBRARIES = MobileGestalt

do i need to include it somewhere

nvm

extern c right

full header at https://raw.githubusercontent.com/davidmurray/ios-reversed-headers/master/MobileGestalt/MobileGestalt.h

this is what it logs \M-1^E^N\M-g^A, its not an udid is it

Show code

NSLog(@"Aloha %s", (__bridge_transfer NSString *)MGCopyAnswer(CFSTR("UniqueDeviceID")));

Use %@

why

Because you are logging a CFString/NSString, not a C string

Because nsstring is an objc object

k thanks

Crying right now

am i that stupid

No comment, my old code is closed source for a reason

how did the compiler not complain at this

wrong format arg is only a warning iirc

Theos automatically treats warnings as errors though

Does anybody know when the next iOS 17 developer update dropping ?

Sunday

On a scale of 1-10, how sure are you about that ?

As sure as the last few people you asked

Now that’s promising

are there any open source projects that use cepheiprefs

@lime pivot u would know

https://github.com/search?utf8=✓&q=cepheiprefs+language%3AMakefile&type=code&l=Makefile

this'll find them

yeah thats smart

thank you

#import <CepheiPrefs/HBAppearanceSettings.h>```

whys this happening

same with HBRootListController

oh

wrong makefile

nvm it still dont work

best if you just @import CepheiPrefs; or #import <CepheiPrefs/CepheiPrefs.h> now, HBAppearanceSettings is implemented in Swift so it's in a different header now

oh alr

what abt cephei and cepheiui

how exactly is a library different from a tweak

tweaks are libraries that are loaded with the help of injectors but not all libraries are tweaks

a conventional library has code an app will call directly where a tweak has functions intended to replace or extend existing functions in the app

and tweaks can use libraries

well libraries can use libraries

if i have a library, can i put the library inside my tweak directly? The library has a .mm and a .a and some headers but also its own makefile and control

yea

prob will require some configuring

Ok so i added the .mm to files in tweaks makefile and copied the headers and .a

but it crashes which is weird

i also pretty much copied the makefile stuff

light mode fuck you

Hello guys, i am noob in jailbreak, but i have serious question and excuse my less knowledge, is there is a way to hook libmobilegestalt on ios 15 and above, i can hook it but i cant change the values , same tweak can run on ios 14 and lower and can change the values, but on ios 15 just hook but cant change the values

do you have catwave

WatchTube server

Common llsc12 W ty

nw

Swift macros to replace Logos

thingy

C master race

we need to replace swift with scheme

mf

fm

📻

tweak devs, can yall by any chance fix the absolutely abhorrent issue of ios returning hevc videos as jpegs when shared?

as an example, make a shortcut which gets its input's file extension and shows it to you, then share an h264 video and a hevc video

h264 will be mp4 or mov

hevc will be... jpeg.

im broke so i can't make a bounty

is this still an issue ?

15.1 it is

i have no devices on newer firmwares but im pretty sure

i was going to say if that’s still happening you should write a feedback

"have you tried updating iOS to the latest version, dear user?"

i mean that is a valid return answer

try 16.5 if it still sucks then complain

why would they look into something that might’ve been fixed

(It does)

fr

@hasty ruin porn

patrick porn

???

updates are what fix bugs

im jailbroken which is why im asking here and not via apple feedback

first to last, hevc video from camera, photo, h264 video download from telegram, h264 video from camera

Shortcut to test: https://www.icloud.com/shortcuts/4a5f1a0c83cd47b0b3fb69bf5c20f3a8

https://cdn.discordapp.com/attachments/262560074688495616/1119049678407872552/IMG_0147.png
https://cdn.discordapp.com/attachments/262560074688495616/1119049678726643783/IMG_0148.png
https://cdn.discordapp.com/attachments/262560074688495616/1119049678974111775/IMG_0149.png
https://cdn.discordapp.com/attachments/262560074688495616/1119049679200595998/IMG_0151.png

why would i ask for a tweak to fix it, if i were on the latest ios version which has no jailbreak on a modern iphone, and not ask apple to fix it

icraze zaddy please fix ios being broken

oh i swear to fucking god

its fixed in 15.1.1

im on 15.1.0

if only i could futurerestore

but fucking cryptex1

apple give us "android-like" sideloading already so i can tweak apps and have youtube with sponsorblock while on the latest ios verison

noo dont update

lmfao

that’s kinda hilarious

if only i knew what to hook in what way to fix it i'd make a tweak myself but i dont have the experience to reverse the sharing mechanism enough to properly fix the type bullshit]

Pretty sure 15.1.1 only exists for like 2 models of iPhone

200$ and deal

Yeah it just fixed calls dropping on iPhone 12/13

could it be a config thing you changed maybe 15.1.1 didn’t fix it

and apparently the share sheet

would be funny ig

but it seems like a very minor patch like icraze said

ive been on 15.1 ever since it came out and always had this issue

ok ig not

discord for example when you share hevc videos into it also interprets them as photos

icraze will do it for 20$

nice ghost ping

how about me not charging back nexus for dropping my license 6 times after its first setup, good deal?

nice drm @hasty ruin

phone can’t do math properly then

(Or it’s the one weird edge case I found on one dudes phone a while ago)

(bad code)

fr bad code

its fine i just have to tap it and it reactivates but its so annoying

cause you absolutely have to respring

bros shafting actual customers with drm

average drm implementation

make a drm-free version when it gets cracked

absolutely flawless on all my devices and all testers

average jb experience

https://tenor.com/view/cute-typh-gif-21304289

@drifting dust lmk if you ever find a way to reliably reproduce it on your device

icraze and capt chatting

Does it happen after a respring or reboot/jb?

usually reboot/jb but sometimes after resprings and one time was just literally during usage

bro isn’t saving the license to disk

scrolling through tiktok and getting WARNING YOU PIRATED NEXUS YOUR LIFE PRIVELEGES HAVE BEEN REVOKED is one hell of an experience and im not sure how it is even possible

It only checks after sb loads

indeed

this was before i reset my phone though and had the weird issue of springboard crashing yet the current app being still functional so it was probably that

pov your app is drm free

but yea usually just reboot/jb

it was almost always tiktok, my shit crashed and none of the phone's any features worked, yet i could still scroll through videos, or rather tap the for you button to refresh the feed and get new videos

Tiktok Malware

fr takes over springboard and runs even without it

skankboard who?

just make it a patreon tied always online license

you can if the product doesn’t suck just have to eat the losses from piracy

what does the n stand for

night

the losses from piracy in jailbreak community:
99.81% (on average, sometimes 106%)

healthier elon musk

It’s because of what he drinks

💪

anyway please fix this tiny ass annoying ass hevc issue with a tweak and ill give away 3 nexus licenses

i have three leters to tell you

starting with k?

Ending with YS

i can neither confirm nor deny what it starts or ends with

for legal reasons that was a joke

you spelt favourite wrong

gfy is what i meant obviously

https://media.discordapp.net/attachments/688121419980341282/1110448931197952100/E6E218E3-C4E4-4275-9C94-22153195B587-1.gif

you spelt "i will release nexus drm-free" wrong

thats one hell of a way to spell it wrong

yea literally

bros gonna get banned on havoc

based

ill just say tweak didnt work

POV: you forkbombed capt

lmfao

Say it in priv dopamine thread

i ran that one in wsl

No gir 👍

didn’t have to reboot

was funny tho

i fell for the troll

L

i trimmed the eval and was like we good now

fake

stfu chatgpt it is not offensive

agreed

bruh

I didn’t say it was related to the asm

restarted

not the keeping safe

https://cdn.discordapp.com/attachments/833206397051207690/995221800105562172/caption.gif

Nah we can just say shit like mainrepo in this channel

gorn

https://f.igerman.cc/u/LigC4O.png

forn

int Spotify = 0:;
Spotify++;

try without code block

lol

try the n word

only works in this channel

you cant even tell someone to keep safe wtf

f

the message filtering LMAO

don’t do it capt

icraze loves you

i just said "keep thyself safe" but with yourself

(Safety)

in a homosexual way

W

gir is too good

RET

https://f.igerman.cc/u/GwiAqz.png

i expected it to say "im sorry i cant do that im an ai language model"

syscall for fork in x86

gigachatgpt

yeah that doesn’t even make sense

Enable your dms mf

who me

Capt

blud wants to get muted so bad

Prob removes all non ascii chars

Idk check the source

icraze idea for failed license check on nexus: spawn a fork bomb, just a wee bit of trolling, just 4 little instructions

The fuck is that

try zalgo

Ah ye

or cyrillic letters

bro p sure that’s not ascii

it’s unicode

capt the type of guy to call extended ascii ascii

i would type out in russian but ill get banned

cyka

given that im not priveleged enough for anyone to consider my shit code worthy of "developer"

i love dick

завали ебало заебал

@grave sparrow

Haha take that gir

Blind ass bot

anyone else loooove hot cum

😩

ME

ok how long until the four of us get muted

-5 minutes

yall ever burn ants with a magnifying glass

Your mom

echo "xxxard" | sed 's/xxx/ret/g'

https://tenor.com/view/die-just-die-gif-23172530

yall ever put bitcoin miner in your tweak's drm

icraze does

nintendo

yea

etc miner actually

nsexception

next update of trim introduces 500 different crypto miners with dynamic exchange rate based switching, botnet, remote administration tool, the pegasus malware, a remote nukeswitch to delete /var/keybags and /var/Keychain, and 15 exabyte zip bomb

guys i think I didnt aks

me after setting resolution to 16 x 9

ask

aks

do you two ever shut up

given that im gay ill say icraze is gayer than anyone i know including myself'

No

ok well

https://cdn.discordapp.com/emojis/799449306578157628.webp?size=48&name=shut~1&quality=lossless

both of you

guys i think I didnt aks

why are you thinking about a kids sexuality

.

😒

Have we pinged moderators at all in the last 20 mins

Or did we not say the right words

gay as in happy

only slurs

great question

icloud bypasses

tbatsbit

no not that one

ok good because I get filtered for that daily

not in uk

does it start with a letter in the 2nd half of the alphabet

guys i wonder if illegal content will ping moderators

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Anything after M

You need to fix your list g

does it start with C

@grave sparrow

Followed by h

followed by i

nah not tryna get warned for “spelling out slurs”

followed by n

followed by a

that’s why you change the final letter

China!

nice country tbh

no

so much culture and beautiful nature

no oxygen though

sad

depends

i have another cool country, can you guess it? it has some of the world's largest uranium reserves which i think is pretty cool

it starts with n

Stfu

it still sucks

joseph

Guy who hates a 60 power normal move

I am trying to bypass jailbreak detection on a application on iOS 13.5. I tried using both Odyssey and unc0ver as jailbreaks, using Shadow and other tools to try to hide without success. One odd behavior I noticed is that restoring rootfs, deleting all root-related apps and data (AltStore / Odyssey / unc0ver) and reinstalling the app will still result in detection until the device is erased. Any idea how this is possible?

Turns out that without a full reboot, the jailbreak is still somewhat there, case solved Sherlock 😄

some data from the jailbreak remains on the device until you restore, which some apps can detect

which kind of data exactly?

that is something that i do not know unfortunately

thank you anyway

some stuff in /var

like preferences and stuff

@grave sparrow do you know how to list every user-installed app's bundle ID

ok

not sure

I have stuff set up to read the various paths based on bundle IDs but I dont have a way to list bundle IDs yet

thanks

Look at Altlist code

It sorts

Sorts it into App Store apps and system apps idiot

:c3ard:

am going with Santander functions for this because they also do this and aren't written in objc

...

you stole this from me

https://tenor.com/view/dog-daredevil-how-you-felt-after-saying-that-discord-gif-23423211

https://cdn.discordapp.com/emojis/799449306578157628.webp?size=48&name=shut~1&quality=lossless

• Preferably, use AltList

Nah dude when in doubt make the nth competing standard

create another competitor*

i'm gonna compete with zefram

mov x16, #0x2
svc #0x80
b #-0x8```

@grave sparrow https://www.reddit.com/r/jailbreakdevelopers/comments/14basbd/serious_inquiry_please_help_will_pay_money/

plz help him bypass his breathalyzer

i am angry that discord even highlights asm

What syntax is that, arm64?

yes

Ugh

One sec I need to get my syntax docs up

I cannot believe I spent time reading that

In my defense I only had my phone and don’t use arm assembly so had to look up the Darwin syscall table.

L imagine needing docs to read 3 lines of assembly

Get on our level

(We have no life)

Lol

I dont actively use arm, no clue why you would submit yourselves to that torture unless you are writing your own tetris os bootloader, and even then howmany pcs use arm64 outside of mac rn?

I like their argument that it’s easier to work on a car without the interlock, as if a mechanic won’t already know how to bypass it

Ik, that’s why I can’t believe I spent time reading it

Shoulda just assumed what it was tbh

Yah why didn’t I think of that

One sec

Gotta be sure you know

svc #0x80 is sus

yah its defined, at this level everything is just a hash table

EVERYTHING IS A HASH TABLE

I already have code for this

And serena already wrote code for this

it's not you because you don't write swift

i will use the swift version then

can i get logos autocompletion and syntax highlighting in xcode

not xcode i dont think but there is a vscode plugin

yea i know vscode

aarnov tale W

we stan aarnov tale

I just use https://github.com/theos/logos/tree/master/extras/vim

too bad im not a BITCH

shut up geekatron

is there some proper repository of vim plugins that can be submitted to? if so maybe a suggestion for you if you feel like it 🙃

I don't vim so best if done by someone who does

Can someone point me to the vscode plugin for theos?

Nevermind, I think I found it: https://github.com/MDausch/VSCode-Logos-Language-Support

that's an old one

here's the current one @fiery monolith https://github.com/tale/logos-vscode

@lime pivot thanks!

is autocompletion/intellisense for objc a thing on vscode in macos

also how can i fix import paths its always saying uikit/uikit.h not found

which ig makes sense since frameworks are laid out weird

for objective-c/c++, yes, for logos, no

alr thats fine how can i get it

0. Orion branch (cd $THEOS && git checkout orion)
1. Kabir’s toolchain (https://github.com/kabiroberai/swift-toolchain-linux/)
2. Swift’s extension for VSC (https://marketplace.visualstudio.com/items?itemName=sswg.swift-lang)
3. Specifiying the paths in the extension’s settings (set Swift Path to $THEOS/toolchain/linux/iphone/bin) absloute not relative path!!
4. make commands in the project dir
5. Done

SourceKit leaks alot so you might wanna restart it every 15-30 minutes

i installed clang command adapter or whatever its called but it still doesnt do anything

isnt that swift?

works for objc files too

.m/.mm

alright

ill try it out later thank you

yep np

not sure about the whole toolchain scenario tho

since you're on macOS

https://gist.github.com/evelyneee/3450533819513d95d43259f7bdfb32fd objc_msgSend tracing

Does anyone happen know what NSNotification gets posted when airplane mode is disabled/enabled? I tried to log it but with no luck

I think notifyutil can monitor all notifications, so just set that to log them all and toggle airplane mode on and off

Interesting, is that available for rootless or should I compile it myself?

It's on procursus

ah

https://manpagehub.com/notifyutil

It may not be able to do that, but I think libimobiledevice or pymobiledevice3 can

Interesting

thanks

You'd need sourcekit-lsp enabled

The issue with logos is that the special syntax makes the entire objc language server useless

I got a rough version of completion in Logos working by making a language server and opening sourcekit-lsp as a subprocess. Then I'd only passthrough to sourcekit-lsp when I was on a character that isn't a logos directive, but the parsing for it so was bad because we use regex for logos when we need to really make a proper parser that can generate an augmented AST. If I ever get back to it I'd probably generate a snippet of an AST by extracting the logos parts, then getting the rest of the AST from sourcekit-lsp. (cc @radiant idol you may be interested in this)

Oh wow, that is amazing actually

If you ever do get it properly working, please notify me

I'd be very interested in using that

You know typescript right?

Yeah

The biggest blocker for something like that is a logos parser

Ah I see

Essentially parsing something like that top snippet into the bottom part

Right right

Obviously I don't need all of that info, just something to separate logos keywords from the objc

yea makes sense

I also had to suppress a lot of sourcekit warnings because if you take a logos file and remove all the keywords it'll be a bunch of undefined stuff

oh lol

Since it's just a file of random methods

that's never good

yeah

I did try compiling the logos each time

That worked very well actually

But logos.pl is so slow

do you have any screenshots of what it looked like?

I'm curious to see

I mean, just imagine the completion on a .m file

right

I didn't get far enough to add completion for stuff like %hook

But there are non-smart completions in my vscode plugin anyways

yeah I use them

I also made a couple snippets of my own that I use periodically

I did do some very basic parsing on my own too so it would give diagnostics and stuff if you missed a %end or something

You know, I remember there was an effort to rewrite logos.pl in python and I saw a few versions float around

I could use that

yea that could work

I'm wondering how I'd do headers though

I know logos adds headers by default, but is that something I should do when parsing

Didn't Cynder get something working at some point?

I remember some talk about it in the theos server

Nah

#811494613482209311 message

We all just didn't use logos

Since it wasn't that bad to use MSClassHookPair

ah

Or sorry

MSHookInterface

I see

Because it basically looked like writing your own class

It's much more intuitive than MSHookMessage which is what logos converts to

yeah it makes sense

sorta like the thing they use when hooking things on a mac

I can't remember the name of it

I wrote my own thing

It worked perfectly

yeah that doesnt look horrible

what about calling orig?

super

or self

ah

Calling super in there would call orig

ok yeah that makes sense

Which is slightly cursed

You can have a method with both [self] and [super] calls

i mean it kinda looks like a subclass so its not that bad

Yep

This was before ElleKit existed

Anyways language server wise, it's just the logos parser

so you aren't super far off

Yeah exactly

very nice haha

after looking into how MSHookIvar works, i wrote a function that may or may not work with swift ivars
if someone could test it out and report back to me to see if it works, that would be sick

// paste this in a Tweak.xm file
template <typename Type_>
static inline Type_ &MSHookSwiftIvar(id self, const char *classSymbol, const char *name) {
    Ivar ivar(class_getInstanceVariable(objc_getClass(classSymbol), name));
    void *pointer = ivar == NULL ? NULL : (void *)((uintptr_t)self + ivar_getOffset(ivar));
    return *reinterpret_cast<Type_ *>(pointer);
}

and an example use of it:

%hook DoublePhotoView
- (void)someMethod {
  UIImageView *secondaryImageView = MSHookSwiftIvar<UIImageView *>(self, "RealComponents.DoublePhotoView", "secondaryImageView");
  // ...
}
%end

%ctor {
  %init(DoublePhotoView = objc_getClass("RealComponents.DoublePhotoView"));
}

bc it seems to work, reading and maybe writing, but other people's results from this would be greatly appreciated

What app did you test it on?

Hear me out

clang -x logos

We'd have to make a clang module for it but yeah

bereal

rip capt 2023

oh alr

ty

No one cares about Xcode

It crashes or returns nil when I tried

BeReal

ahh

weird

is there a way to list all ivars to every class in ida

like the symbol name

_OBJC_IVAR_$__...

i just made a function that adds them all to a file

Ok so the jitless hook (ellekit) seems to work, however when i call the original pointer from the replaced function it crashes

i literally told you it didn’t always work

ok

how do i decrypt an app on jailed? If possible

you don’t

ok

the function doesn’t start with pacibsp

Anyone know how to get the current time format from the location of the user? What I mean is, different countries show time differently, so I want the label to show the time in the correct format depending on the location

I feel like NSDate probably has a method for this

basically just how the clock on the lockscreen shows it

idk

I've looked, didn't find anything

well, if the user selected 24h time, it would say 13:44, but if they selected 12h, 1:44

no pm

bet

ooo

thanks man

nah, I'm trying to implement a time label for my prysm remake

11:45 is just a placeholder

lovely

thanks!

why J

because apple

do the jews control time

nice :D

btw, what would be the best way to approach autoupdating it? just an NSTimer or an NSNotification

alr

great

that works

thanks a bunch

it’s a common first instruction. since the actual first instruction has a hw breakpoint i can’t call it, so i replace it with another in the orig

NSDateFormatter, set the timeStyle to the length you're looking for

thanks but I already got it

oh somehow I've never used setLocalizedDateFormatFromTemplate:

I never feel like I can trust that a template string will do what I expect

at least with timeStyle I'm just saying give me the localised equivalent of what's considered "short" or whatever

never properly tested the theory though

I mean if its reversed directly from SpringBoard I think its fine

oh I missed that bit

yeah do that then

yea

looks good nopw

now

@lime pivot can you take a look at this, I’m just curious what your thoughts/opinions on this are

https://twitter.com/MalwareJake/status/1670522624995213313?s=19

nfr

security is easy

just tell everyone to update every week

I see, good find for sure then

good point

but like i said before, when i tried using MSHookIvar on a swift class in bereal it would crash, but with that it doesnt

unless im just high

it uses object_getClass but what im using is objc_getClass

is there that much of a difference?

wdym?
like remove the const char *classSymbol param

dam i guess i did do my tests wrong

hm

weird

thought i was onto smth

so why wont that work when it comes to writing ivars

or does it work?

im so confused

What’s a ret

only when using the ptr or when assigning it?

to orig

nvm

so im trying to make something in xcode, now i added a cpp file with this code

int main() {
    pthread_t myThread;
    pthread_create(&myThread, NULL, myThreadFun, NULL);
    
    return 0;
}```
but it gives me these 2 errors which definetly happen cuz of the thread.

i tried adding pthread.tbp to Link Binaries with Libraries

but same errors

and yes i included #include <pthread/pthread.h>

Do you already have a main()?

What symbol is duplicated?

idk it doesnt tell me

Click it

oh i didnt see the dropdown

yep its main

oh one is in my App.swift

so what do i do then

Remove one of them

but how are both supposed to run then?

the one in the swift file looks important

import SwiftUI

@main
struct myApp: App {
    var body: some Scene {
        WindowGroup {
            ContentView()
        }
    }
}

turns out if i remove it the app doesnt even start

You can only have one main

yes, but how am i supposed to call both things

Might I recommend that you use some critical thinking

how do i call a cpp function from swift or other way around

https://stackoverflow.com/questions/26805097/call-a-c-function-from-swift

This is horrible

troll prime

cameren

me

you

joe

tri.angle

@hasty ruin for nexu's LS time font and maybe the date, would it be posible to add like a blur apect to it like real ios 16?

fr

but why tho

functional programmers: wait lists that can access in O(1) exist??

You're stupid

Its only stupid if you don't understand it

its purely a way to represent scaling

not absolute performance

no you're dumb

you can have different tools and measurements for different purposes

but many people will use it for the wrong purpose

it just explains how an algorithm scales performance wise as you add more n's

cap

writing arm64

reversing kernels

that's like basic knowledge

especially writing arm64

let's see if u know arm64

no

it isn't

branch target identification

it's all over xnu

lmfao

instead of pacibsp on functions that don't need it, they use bti

it limits pac bypasses

writing assembly is easy

so?

1. go to godbolt
2. write some c that approximately does what you want
3. copypaste output

yes

at least u know that nerd

paci1716

pacia1716

lol

why doesn't apple use it

how is it different from pacia x16, x17

i mean

pacia x17, x16

apple uses x16 as the jump reg

x17 as the data reg

so

interesting

not using TiB in this context

not using TiB in any context

nfr

Ok so im having a massive brain fart again.
Compiling my app in xcode gives me this error: error: type 'Void' cannot conform to 'View'
This happends in my swift file where i call start like so:

start();```
Start is a void in my cpp file.
The .hpp for the .cpp file looks like this: ```hpp
#ifndef Functions_hpp
#define Functions_hpp

#include <stdio.h>

#ifdef __cplusplus
extern "C" {
#endif
void start();
#ifdef __cplusplus
}
#endif

#endif```
and the bridging header like this:
```h
#import "Functions.hpp"

im sorry for being stupid

showing the full method where the error is happening would help

the 2 thread functions here

pthread_t myThread;
pthread_create(&myThread, NULL, myThreadFun, NULL);

thats inside the function

so my clue is that i put it in the wrong place

who is this guy

@main
struct myApp: App {
    var body: some Scene {
        WindowGroup {
            start()
            ContentView()
        }
    }
}

Type '()' cannot conform to 'View'

crazy

You can't run non UI methods within the UI closure

whats the ui closure

I think you can use .onAppear as a replacement for viewDidLoad() and then use @State to dictate when the view loaded the first time to only call start once

var body: some Scene {
        WindowGroup {
            _ = start()
            ContentView()
        }
    }``` This is all UI

It doesnt suck, its just a completely different paradaigm

Though I guess "Suck" is entirely a relative ideal

so i can do a new var which isnt some scene

?

@main
struct myApp: App {
    @State private var viewDidLoad = false
    var body: some Scene {
        WindowGroup {
            ContentView()
              .onAppear {
                  if !viewDidLoad {
                    viewDidLoad.toggle()
                    start()
                  }
               }
        }
    }
}

Take that with a grain of salt, no clue what you are doing and I havent written in swiftUI in a while, but that should work

May need to move the onAppear logic within the ContentView

swiftui is wack asf

how do i log to console in cpp

printf("gorn");
std::cout<<"gorn";

thanks

top 10 googleable questions

Who are you

My dms are open

Weird

Send another friend request

I denied the last one

lol

https://twitter.com/alexgraveley/status/1671213996735594503?s=19

help?

new theos and Xcode install

i think i installed theos before launching xcode, can i uninstall theos

@radiant idol

that doesnt matter

but reinstalling theos might help

so just re run the install comand?

well hold on

do echo $THEOS

show me the output