#development

usually you shouldn't

I want to try it tho

Are you using Xcode or is this manual?

Im using install name tool, its not my app, just to see if the app detects dylibs inside the frameworks folder instead of loaded ones

oh uh

yeah if ur not in the compilation process then idk i've never done it manually

maybe someone smart like capt would know

Where exactly are you putting it

Note that there are certain restrictions on where you can put signed code

In the .app folder

in the .app folder where

bare?

inside resources?

etc

iOS or macOS?

Inside the .app folder ios

In the painload, then in the .app

To what exactly?

without blocking the thread?

The thread of the app?

What do you mean by blocking the thread

Does it stop then?

I did, im trying to call a function from an app without hooking anything from the app.

From my tweak

It gets loaded by the binary, should i make it get loaded from the dylib where the function is inisde?

the pings 💀

I dont really understand what your asking me

He's asking you where your tweak injects, what process

You're saying it doesn't inject into the app

So where does it inject

It injects into the app

So a process you mean the entire app running right

I tried calling the function using a pointer, but it crashes except when i call it from a hook of the app

But it works inside of the hook

One minute

I will try to call it again from where i declared the pointer

Theres no header

Idk how to explain it

How do i do backticks on mobile

https://tenor.com/view/trump-donald-gif-21985721

After didFinishLaunching i call pointers. This_ is a valid instance of the class too, i just didnt include the pointer chain to it as its too long. Yes i am sure that its valid and works because i changed field offsets of the class and it showed.

void(*msg)(void *this_, monoString *msg, bool boolOne, monoString *string);

void pointer() {
    msg = (void(*)(void *, monoString *, bool, monoString *))getASLR(0x40CB570);
    msg(this_, createMonoString("Hi"), false, createMonoString(""));
}

The back ticks didnt even work…

hello, for the devs here, how long was it until you made your first tweak

or project

After didFinishLaunching i call pointers. This is a valid instance of the class too, i just didnt include the pointer chain to it as its too long. Yes i am sure that its valid and works because i changed field offsets of the class and it showed.*

void(*msg)(void *this_, monoString *msg, bool boolOne, monoString *string);

void pointer() {
    msg = (void(*)(void *, monoString *, bool, monoString *))getASLR(0x40CB570);
    msg(this_, createMonoString("Hi"), false, createMonoString(""));
}

WTF

Why doesn’t it work

@olive peak fixed it

Hm

2 months to start making something serious

wdym

I think they meant like

after u learned how to do iOS dev or tweak dev

oh

technically 2 years

but thats cuz i had a 2 year break

bc ios dev is 💩

It’s fire

But u use Linux

yeah

its fire on macs

get a mac bro

inshallah the joe money will get me a mac

you’ll need 2k mfs to buy joe for u get one

I got my mac for 500, it works i guess

m1 512gb 16gb ram

But it doesn’t here

mac mini

M2

256 gb

I dont need that much space

me neither

8gb ram 256gb is really cheap

well

for a new mac

Hi

Header?

Theres no .h file for the function

Yes i am 100% sure

App store

Uhh i dont have one currently, i will need to update the offsets and all and then test again, i will ping you when i did it, okay?

It will take some time as i need to make a bypass for detections first.

The offset was right

But only in the older version

Yes i will ping you when i got it.

https://youtu.be/c33AZBnRHks

open source community moment

That’s a lot of percents

does it get easier 💀

Yeah

It does

It’s not that it gets easier but u get more accustomed to it

depression

ok that will be my timeline when I start, i need projects so my resume can look cool, and so i can secure an

i will make something, so basic

it’s different for everyone, my first 1-2 projects were ass, but then with basically 0 knowledge I decided to make a tweak that was less ass and I just kept working at it for months learning along the way

why is Odyssey refusing to build? it has 2 broken headers

gonna lean on

the symlink is broken

ohh

Bro is trying to build an open source cs project after iOS 11 😭😭😭

literally just makelol

it's just that the symlink is broken there

You can make your first dock transparency tweak in a day

To make your first "serious" project, it largely depends on your existing knowledge of programming and iOS development

I would not recommend to begin learning programming through jailbreak development

Nor iOS development

everyone has different experiences tbf

i just copy pasted kfd in it

https://cdn.discordapp.com/emojis/998222430923390986.webp?size=48&name=kekw~5&quality=lossless

i tried copying the xpc from iOS headers into my sdk and it's still erroring

Is there any way i can know at which line my tweak crashes?

my man

it's the symlink

i got it

thanks i was being stupid 💀

i copy pasted into macOS sdk instead of the iOS one

bruh

😭

you don't need to copy anything bruv

you just need to rename xcode to xcode.app

i checked the iOS sdk it didn't have any xpc folder

so

the symlink points to the os x sdk

oh .... oops

aight i get it

ofc the offsets are broke 💀 damn

might as well stick here too

Hello,

I am trying to get the kfd Taurine fork to work on my arm64e iPad, on iOS 14.4, But when it tries to bypass amfi, it seemingly doesn't work, I know this because when it tries to run prep_bootstrap.sh, it fails with ERR_JAILBREAK, I tried spawning programs using Filza in TrollStore, but got this error (https://cdn.discordapp.com/attachments/1139719650549190667/1139719990942109847/image.png), I originally thought this offset was changed in the kernel, (https://github.com/Odyssey-Team/Taurine/blob/825424a24cb22da81644724067e3c2a2fea3a2d2/Taurine/post-exploit/utils/offsets.swift#L106). After spending 2 hours, and coming to realize it was the exact same as before, It was not changed. It's just weird how arm64 works just fine on 14.4, Would anyone know how this could be fixed? Because i'm lost, I also tried bindiffing 14.4 and 14.3 kernel in ida but it just errored.

^^

@visual meadow look at task_flags

and bsdinfo

bsdinfo is the same

but idk about task_flags

@tepid olive is task_flags flags

let flags = isArm64e() ? UInt64(0x3F4) : UInt64(0x3D8) //0x54 diff on arm64e, 0x48 diff on arm64

if so

thats the same

yes

are you sure

yeah

they're the exact same

cryptic helped me find jop and he did the rest

(those 2)

so

im lost

so annoying

Im thinking of going to 16.5

because I hate u0 with a passion

No

Push through bruh

You gonna figure this out

brooooo 😭 😭 😭

Also being on 16.5 is still worse

14 jb’s are probably gonna be the last true jb

Why would you pass on that opportunity

Also who knows, someone else may figure out arm64e shit

Doesn’t have to be you 🤷‍♀️

Also you could try re messaging CS

You never know

@tepid olive ..

could uh

this be uh it

i think they pac'd it

and that could prob be why it works on 14.4 lol

is this touched by amfi

I think?

I mean it probably could be why it works on arm64 but not arm64e

@frank fossil pointed me to file in xnu and i found that

https://github.com/apple-oss-distributions/xnu/commit/ca32a94769198f2189fa4d06a9e25c0696aa1a29#diff-8d42e5f88e4356c47d9f1561969153b2125a0e4f8baac30236115b5f12a24c0a

well then ur screwed

taurine has no pac bypass

@tepid olive possible to implement fugu pac bypass into it?

but 14.4 has root:xnu-7195.80.35~2/RELEASE_ARM64

I know but it was prob changed there

no pac
https://github.com/apple-oss-distributions/xnu/blob/xnu-7195.81.3/bsd/sys/ubc_internal.h#L112

Ah

What coukd it be?

Could

And no csb_entitlements_blob_signature until 14.5

Ah

wh1te do you have an arm64e test device?

No

Damn

I’m confused then, originally what was the issue Nathan?

Like back to the beginning

Amfi

And you have checked offsets and shit

ughhh

Real

LoadLibrary(C:\Users\Nathan\Downloads\IDA7.7\plugins\idapython3_64.dll) error: The specified module could not be found.
C:\Users\Nathan\Downloads\IDA7.7\plugins\idapython3_64.dll: can't load file```

yea idk

its there

then obviously it has a dep you are missing

windows will be cryptic with stuff like that you need to do some recon

Run IDA as admin

I have had that issue before. I think I ended up finding a new IDA cause the one I had wasn’t the best

worked thanks

Wait what

Did it actually

letting the malware run as admin

🔥

💀

ah this is pretty stinky

its pretty based

more secure

Wait so did you get the shit that wasn’t working before to work

On IDA

no\

https://github.com/joxeankoret/diaphora/issues/173

“$IDA77_DIR/idapyswitch”

In console

way too long

🤷‍♂️ might as well let it run Idk

Keep it in background

maybe don't use a corrupted ida

Dead

cryptic ida

thanks capt

never was mine

pensive

_Cryptic is crazy

Didn’t you just have that shit being hosted on one of your servers for a lil 💀

Don't know what you are talking about

Nice ida

doesn't ring any bells

This guy 🤣

imagine not having legit ida

🤣

honestly never hosted anything on servers other than .a files

Did you Fr pay for it

one small payment of 1400

I don’t care how financially free I am in life, I will never buy IDA

Same with winter

*winrar

No a friend gave it to me

IDA 8.3 macOS :))))

That’s actually crazy

Must be some person to be just called “a friend”

Well I can't name them

Yeh

@visual meadow how is shit going

me neither i use 7zip

if you go to a legit college binja is 74$

Many people forget IDA home has an arm64 decompiler for 365$

And it's way better than Binja

what features does it lack

Tfw I got Binja for free from @grave sparrow, IDA for free from someone, and hopper for free for @grim sparrow

two ida sources

Did I

Idgaf haven't used hopper in YEARS

It's garbage

I bought it and then Andrew bought it 2 years after

lets start off saying ida 7.2, 7.3, 7.6 are terribly broken only the docker 7.7 works

the charisma 🙏

All I got was depression

7.7 is bad

the original 7.7 had broken stuff

No Swift support

Lol

I can reverse taurine jbd so easily with IDA 8.3

I ain't need swift stuff I reverse roms my friend

i see

reversing a15 roms is really fun actually

that sounds bad

how? its really easy

just get help

I've been reversing since ~2015/16 started rom stuff in 2019

what's the point of it

what are u looking for

there are no bootrom bugs lol

you have better odds of finding CPU bugs

I'm looking for hardware flaws not software @tepid olive

yeah ok

I already spent my fuck you money I'm not gonna get ida home

who the fuck needs to reverse swift

ida 7.0 supremacy

I ain't using 7.0 I need long_night

7.7 is king

ida7.7.zst from cryptics hosting service is great

don't know what you mean

text files are pretty boring

@tepid olive so idk what to do

You know

I asked them what I should do

get good thats what

they said to use chatgpt

your ida is trash

they left discord for a long time I'm not sure if they are back yet

They are

how would you know?

thats how

oh

axi0mx [redacted] [redacted] [redacted] [redacted] [redacted]
axi0mx is fucking capt's whore mother

can I put dm'ed xerub on my resume

can i put blocked my revulate on mine

or blocked by sbingner actually

💀

sbingner saurik2™️

i think sbingner blocked me bc i made fun of elu as a joke 2 years ago 💀

i am not making vertical scrolling

wait wait

lemme guess

vertical scrolling

why is the filter here

he is filter

wait was geoballs filtered

W

geolocation - location

this mf

i have ideas

but im lazy

filter bypass

@grave sparrow youre lucky, my jb phone was on 1%

so i can try vertical scroll

capt what's with you and the vertical scroll

embraced the clickbait and the hate from everyone and made it 100x worse

bruh

classic geo

Whers macos 14 b6

clickbaitsnow

He has me blocked for calling him clickbaiter, and I challenged him not to monetize any of his videos if he was really looking to "help" the community

lemme see

show code

Bro just be saying shit 😭

RootHide bypasses Jailbreak Detection In All Apps and Games With Amazing Results! iOS 14.0-17.0 and it's FREE and Open Source

so many details missing there, true bait

it's freeee

very sex and good

this is not development

mfw unity

did joe get delayed

nope cancelled

nah jk

but dock icons really doesnt wanna be set to 1

safe mode if set to 1

i have a fix but its not good

it set itself to one for me

wym

bc the default value used to be 1

and it was conflicting with my atria dock

default value is not 1

its 4

Question have you considered hooking whatever this is and just making it have all the apps in the order you want?

how does Starfish do the vertical scroll then

buggy as hell I heard

A jailbreak tweak being buggy? Nah

Can’t believe that

crazeware

To be fair, they always labelled starfish as beta

Does mshook also work on all rootless jailbreaks? Or is it different for every rootless jailbreak?

Well, At times, I use Dobby which is developed by jmpews when Ellekit hooks don't work and cause crashes.

It works like charm in rootless environment.

https://github.com/jmpews/Dobby

I used to use Dobby hook framework when I made FlyJB.

So it works for every jailbreak above ios 13 for example?

if you use it and 2 tweaks hook the same function everything breaks

don’t do this

I dont have any other tweaks

Only mine

So what should i do instead?

I am never working with other people on a tweak ever again. My friend wants to put all my hooks, pointers, patches in a header

Thanks for feedback!

I’m saying that if you’re not the only one who hooks something it breaks

If it hooks the same function?

yes

That wont happen

Yes, works at least iOS 12
used to use dobby to hook SVC 80 for bypass jb detection.

if you want to hook svc 80 dobby is fine

don’t use it for function hooks

What else should i use then?

Also to include dobby, i created a folder in the lib folder of the theos folder. Then added the header and the dylib, do i also add the .a and what do i need to do to use it in my tweak?

I figured that the header goes into the includes folder of theos.

I have both in the folder, but want to dynamically link it, not statically. Do i need to add anything else than to add dobby to the tweak libraries?

I did

Just want to make sure its dynamic, but incase i need it sometime how would i tell it to link statically?

hi so i can't figure out what this error means, do I just need correct offsets or is something else broken

kr = IOConnectCallMethod(conn, 6, 0,0, args, 0x20, NULL, NULL, output, &output_cnt);

guess this is br okd

fast path probably doesn't exist on iOS 13

oh

bummer

you just have to change it to create the object in a different way

ngl i have no idea how this iosurface thing works but i'll try

i thought changing the surface selector from 6 to 0 like here https://gist.github.com/jakeajames/e4d69abfb884faa97b6510f61b2adf12#file-iosurface_stuff-h-L20 would fix it but still broke

rip

it’s there down to 8

even before

it’s been selector 6 since at least iOS 10

https://github.com/jakeajames/sock_port/blob/278a8808f42e32f59e95cc39a17be19d7063d8c3/sock_port/iosurface.c#L44

hmm then idk

conn seems to be a normal uint though 44581

is it possible to write to /private/var/containers/Bundle/Application/xxx-xxx/file with objc and without root or krw?

i want to write to the app container and overwrite some files from within the app itself

im 99% sure the files are codesigned

ah

i tried overwriting fonts in Discord it's codesigned

so that's L

you guys just dont know how to do fonts for discord properly

i copy pasted some fonts from twitter

it's dm sans.woff or smth idk

ive already gotten fonts to work but its done by modifiying the ipa not dynamically

the fonts need to be patched by modifying the meta name to be gg sans so that its recognized by wherever its imported from

rosiecord moment

i got dynamically 🥱

ok but what does it involve

idk that was last year LOL

because if it needs to take advantage of root or some exploit then i cant

it needs to be pure

i should probably inject flex back into the ipa for a little while so i can examine the bundle and stuff

no it doesnt

lemme test it out

if flex can read the bundle then doesnt that mean that the bundle is also writeable?

surely apple wouldnt make the bundle read only

uh

no idewa

i think you can

probabvly?

ino idea

where is enmity

/private/var/containers/Bundle/Application/ for bundle

/var/mobile/Containers/Data/Application/ for data

@placid kraken does enmity latest build work on latest discord

yeah

okay

brb

rosiecord 192

or enmity 190

okay

ty

@placid kraken depending on if i go out today or not i should have a somewhat working dynamic font build by the end of the day

ok lol

would it be possible to tell me your plan or like your mental mindmap of how it would work so i can try to implement it myself?

@placid kraken btw i was wrong, you can write to your apps bundle

i thought you meant writting to another bundle

the bundle you can write to

but you cant overwrite files i think?

ah i see

wait so still i dont know how you overwrote the font files because i need to do it from the js side

and its possible to write to files because theyre exporting a custom FileManager as a NativeModule in RN

but ofc if i try to write there it fails

@placid kraken hooray

its a little buggy

but

yeah

you get the idea

HOW

rosiecord eating good soon™️

not really

because i need to then make this work for android aswell

ah

Is there any hooking method which works with jit only?

Also theres an app where i want to bypass detection of loaded libs. But it only seems to detect libs that are codesigned

What could it use to detect that?

did someone like copy my tokyonight theme

lol

https://static.itsnebula.net/tokyonight.json

Should’ve DRM’d it

always online drm hyperixa style

And then shut down the server after a few months because some dude called icraze trolled you

sounds like a great idea

is this real

yes

gimme link furry

:3

https://reddit.com/r/jailbreak/comments/wuzfzr/discussion_psa_i_recommend_to_stay_away_from/

@hasty marsh discord reply fail

skulley

bestie thats so old

i doubt it would even launch in enmity anymore

I've switched to vendetta since then

great

@placid kraken fixed the bug

lmao

I’m on my alt acc

what bug lmao

there was a bug where if you restarted the app with the theme + font applied the font wouldn’t be applied when it reopened

imagine using discord enough to need those

true

all I need is pure dark mode and I’m good

literally

Fr, chronically online

I mean... a surprise to absolutely no one. A good thing it’s been stated, but not surprising

amazing

but you still havent said how it works

:3

we know

it’s a test font

it was the first one on the font website, and also easy to tell if active

when I get back home I’ll dm code (I’m homeless)

ok ty

damn my name looks fire in that font 🔥

POV: Painting with chocolate outside u0

captware 🔥

yeah true

you know its bad when its barely readable

actually thats more to do with the choice of white text on white background

using a title font as a body font 👌

can someone tell me why objc syntax is so absolutely disgusting

void SwizzleFromDict(NSString *kind, Class class) {   
    NSDictionary *dict = getThemeMap(kind);

    for (NSString *colorName in dict) {
        NSString *originalMethodName = colorName;
        SEL originalSelector = NSSelectorFromString(originalMethodName);
        IMP originalImplementation = method_getImplementation(class_getClassMethod(class, originalSelector));

        // cast the IMP to return an id
        id (*getOriginalColor)(Class, SEL) = (id (*)(Class, SEL))originalImplementation;

        MSHookMessageEx(class, originalSelector, (IMP)imp_implementationWithBlock(^UIColor *(id self) {
            id color = getColor(colorName, kind);

            if (color) {
                return color;
            }

            return getOriginalColor(class, originalSelector);
        }), NULL);
    }
}

%ctor {
    SwizzleFromDict(@"semantic", object_getClass(NSClassFromString(@"DCDThemeColor")));
    SwizzleFromDict(@"raw", object_getClass(NSClassFromString(@"UIColor")));
}

some parts are fine but id (*getOriginalColor)(Class, SEL) = (id (*)(Class, SEL))originalImplementation; is insane

Yeah I went from python to this

How do you think I feel

I was secluded in the perfect python world

objc syntax makes me think raw js with no static types is feasable to make websites with

Then hit eith reality

Disc0rdver

Disc0ver

better than having 100 %hook statements

that’s C that ain’t even objc

That’s just regular casting

with objc variables

that's the first time i've ever seen someone use imp_implementationWithBlock

i really wish i couldve just nested a %hook in a for loop

wouldve made that 100x easier

technically you can

so good fr

Ever consider that this is just shit code?

so true

alderis is malware

devel ment

based

facts tho

this is actually spyware ironically

What is this from?

@lime pivot are you aware of this?? it seems to be hosted on your repository

enmity

are you aware of deez nuts hosted in your mouth?

yeah I know

thank you

hurry up and become 18 already

kirb got too used to british laws when he was here

I feel like I shouldn't be joking about that any more after recent events

what

what's the requirements for voting in UK

first kirb wants feet now this

slippery slope

bro

first it was arms

What has been going on?

are you a teeth kinda guy?

fingernails

Couldn’t find the arms screenshot but found this

1/10 chance one of us is being serious

Is that a JoJo reference??

https://tenor.com/view/kira-anime-serious-look-up-gif-12447667

That’s crZy 💀

good dental practice is key

I’ll send you for loop later

Trust

lol okie

wait that was basically what i was gonna do LMAO, i didnt read it lol

@placid kraken are you like head dev for enmity now

she’s doing rosiecord innit

init

same shit

The message cant be seen anymore, so i replied to my 2 questions. If you know an answer please tell me it.

.

.

happy birthday big man!

Ok so, i was trying to use dobby for hooks a few days ago, but just couldnt get it to work. In app it tells me „Unable to find load 248“, which i think is because of dobby.
What i did was:
1 add a dobby folder with the dylib to the lib folder of theos
2 add the header to the include folder of theos
3 add the ldflag -L$(THEOS)/lib/dobby
4 add dobby to the tweak libraries in the makefile
I didnt get any errors compiling and it seems to link to the right dylib. Just when launching the app it doesnt seem to work. Giving the said alert but not crashing.

I think its best to use another hooking library in this case? Are there any others that work with rootless and rootful?

im doing v3, i did a lotttt of stuff for it

well im helping eternal but weve both made lots of progress ^^^

@placid kraken im pretty sure fonts are 100% working, ttf, otf and woff fonts work, ill dm you the code now

i got the offset from time_waste it was 0xdd0

now i have another error woe.

that error you’re getting is an iosurface related failure being passed as an argument

i think your ioconnect is wrong

the usecount selector is probably wrong

it's 16 on iOS 15/16

You sure?

i checked time_waste it seems to be 15

idk

https://github.com/jakeajames/time_waste/blob/9d3923aaa7ca5943406f5ec5c4161f3cacf83aa0/time_waste/IOSurface_stuff.h#L24

Try every number between 10 and 20

I’m joking.. half

😭

got damn

Try it ig

i did

it just paniced with no error now

oh it's another kfd panic

so it silently errored woohoo

why are u doing this odyssey is fine as it is

When it panics right after printing the time and the green emoji shit makes me wanna kms

tardy0n is great

i am bored

https://cdn.discordapp.com/emojis/1039305974583930890.webp?size=48&name=trolley~1&quality=lossless

i might just try ios 12

seek help

true

real

happened to me so many times

Same

💔

Oh what I can delete and pin messages here now

developer role things

this is actually a viable idea

Brother stop doing this

This is a new low of boredom

i have no school for 2 months

if i dont get odyssey working by today i'll just copy u0 source and add kfd to it

my 5s no longer has to suffer

Donate an arm64 device to @tepid olive she really needs it

True .........

Donate an arm64e ios 15 device and iphone x to @hexed knot he really needs it

Poor ass

I am not poor

@tepid olive what sb bypass did u find and hows it work

Maybe i shoulda stayed on 16.0.3

ok i checked every selector based off other exploits

it's probably another thing

and idk which

blame capt

project zero writeup

dude if you're doing it for 13 just check oob timestamp please lol

i am

i copied the code 😭

real im a dumbass

https://cdn.discordapp.com/emojis/1039305974583930890.webp?size=48&name=trolley~1&quality=lossless

self promo #showcase ‼️

#1084320818231787552

https://cdn.discordapp.com/emojis/1085060228241969192.webp?size=48&name=sadge&quality=lossless

Wtf

I don’t even check that

Lemme remove it

i leave the default because i dont give a fuck

It’s cool sometimes

Also general is like 20x worse than jailbreak

tbh jb is pretty lax

capt when he realizes rjb is a support server

They’re more bearable than some of the mfs in general

Recent mentality:

Can’t even fit that shit

how this dude got staff channel

Bro got the former pj drama channel

Wym?

#subreddit

Oh I still have my view all channels thing on or whatever

Ahh

every week someone would get banned from the sub for the most minuscule shit and they’d complain in #subreddit and it was always pj who banned them lol

Gonna be me

Speed run getting banned

everybody hated pj lol

She instagram herself like bad bitch alert, he instagram himself like mad rich alert

omg pj

havent heard that name in years

the subreddit's no 1 enemy

i think i figured out why im panicing

Aaron just be hiring anyone bruh idk how pj even got the role

Why

fr

im dumb as hell

What

Is this still the odyssey thing

yes

it is

Okay well have some shame

ok

https://cdn.discordapp.com/emojis/1085060228241969192.webp?size=48&name=sadge&quality=lossless

wait its unrelated what am i even saying

What are you trying lol

Not judging just curious

@granite frigate just put the kernel into IDA and find the offsets

doing that

use kfd for Odyssey jb

there's 0 point im just bored

Just wanted a new exploit? Odyssey’s wasn’t that bad right

Everybody is gangster till IDA don’t even recognize what ur searching for

Couldn’t you bump version too? Odyssey was restricted by exploit I think

Lemme check GitHub hold

nah

odyssey supports 13.x

Nvm I’m stupid

i should try using kfd on iOS 12 instead because chimera is ass

Yeah do that, odyssey has 3 usable exploits 2 of which overlap all versions

Chimera is ass because of the 50 different core animation functions being called every second

I’m joking that’s not why

But it’s still ass

So kinda pointless, not stopping you, do it if you want lol

The animation shit probably contributes

chimera is gorgeous

i want to recreate the ui to practice

@granite frigate I have something to tell u brother

Side question: you have an iOS 14 device rn?

yes

Chimera isn’t open source

no

For some reason

i know

What is your devices looking like

i'm probably gonna yoink unc0ver source and replace the exploit

for kfd

💀

15.6rc, 13.2.3, 10.3.3, 8.4.1

Opa you still lurking here? I got a question

Donate me bruh

Try kfd on iOS 10

ooo

Don’t think anyone has ngl

true

And 8

Just for the fuck of it

It might be more fun that what you are trying

Prolly learn more too

Yeah

good idea

More issues = more fun

It’s not going to work

Get a load of this guy

It is not going to work

Probably not

Be they will have fun trying

And if it does work, it would be very cool

Why would it not work

Idk, lemme check kfd GitHub

https://github.com/felix-pb/kfd/blob/main/writeups/smith.md

I actually have zero clue how far back it will go, it’s a kernel exploit so it’s like it’s easy to find when said but was introduced

Ok(())

lol

O(k)

Ok(k)

Ok(Ok(Ok))

So what should i use for function hooking on rootless and rootful jailbreaks? Dobby doesnt seem to work

Ellekit

https://twitter.com/eveiyneee/status/1692244043290280251?s=46&t=LUSNSGJyUZ15gupblBCd_Q

Give the sauce

Bro

Us, 16.4 and below Citizens want this

https://media.discordapp.net/attachments/688122301975363591/1033962648494149632/3dgifmaker01679.gif

No

Why are you gatekeeping a sandbox bypass that you cant even use

☠️☠️☠️☠️☠️☠️☠️

Just to u Nathan

Crazy

Like

Whats the point

She on that CS shit 💀

Exactly

☕️

nah it’s not the same imo

I’m just making a joke

Why do you want a sandbox bypass that you don't even know how to use

Well I'd like to figure that out

Bro is just curious and bored

figure out what

Let the mf have his fun 😭

What you can do with it, how you can use it, whats extra

What degrades when you tell me how it works

how will you use a bug

lol

It's already patched so what money are you getting

D1 Hater

#1 fs

because it's not patched

it's just different on 16.5

It doesn'g make sense

Why wont they look at it

Coz idgaf

If it works on newer versions ☠️☠️☠️

Nathan

what does the bzero function do

yeah bro

if you want 14.4 arm64e

I don’t owe u anything 🤭😘

what about you look for offsets and debug

Does it give the same result as the tccd patch

instead of asking everyone for shit

God damn 🤣

No

Bro I spent 2 hours looking

Im new

This got heated for no reason

yeah bro

call me a vagina the way I be dripping

Then why not ude

Use

and you think we spent how much

We saw that…

I know he gotta learn his own shit but damn. This community a little diff

no you didn’t

It be hard to just “learn”

Lol why y'all have to be dicks

was it run or rn

Im starting to see why cs left

Both

That’s what I’m saying Nathan

that you wanted to say

Your mf literally just made fun of them

🗿

Bro

Same same bro

did you look yourself in the mirror

Ok Nathan let me tell u something bro

Nvm I’m on 599wp

otherwise I’d have typed out the paragraph

Tell me in dms

no

"bro but i spent 2h breastfeed me plzzz"

Yes

I want to be breastfeed for 2 hours tbh

He is asking for help not full guidance

m2

titsssssss

kills the data at the first location for second param bytes

Hi Fiore how are you

hi iosrouter how are you

stand the fuck up be a lady

I’m solid, how are you?

😭

good

sorry

That’s good. Life been treating you right?

I just would like to be as good as you guys but idk where I should start

suppose

Ok Nathan here’s the issue

All of us here are at diff levels but we got to where we are bc we eventually would research the stuff ourselves

And then we’d figure out and learn

You have a habit of just asking for THE thing

Alrighty, suppose is good enough.

tomorrow i’m deactivating my twitter, monday i’m deactivating discord btw

I’m saying this to be helpful bc I don’t want anyone to be aggressive to u anymore

Why

She tries so hard to be different

school starts

You can’t just do that rn bruh

dont u dare try to gag me

im at the bottom level

what are y’all gonna do

Yeah me too

we're at the bottom level

i did tcload and handoff

We do a mini amount of bafoonary

it almost works just ask mineek to fix it up

Shiiii put me on top 🫦

go into ida, press f5

Hold on let’s go to the thread cause I want clarification on a couple things

try to patch stuff manually

Wheres a good place to research said stuff, google isnt a good place

I have before

then check how that leads to a jailbreak

palera1n is open source

check every patch

I worked on palera1n v1

what's it for

And there are many other open source jbs/tools

real

Put me back on top of you

*of you

yet you learned nothing

capt is siguza level

*of you

nvm he’s not

bruh capt is above me

20x

Adhd is hard

I remember nothing

nah capt should be switched with me

tbh

I can't do half the shit he's able to

nah but heres the thing
everyone is more capable in different aspects of development

Brain deficiency *0 = 0

😍 he has such a way with words

Ok sorry I’m done

yeah true

you already are

@steady nest what was your starting place

youve put yourself on the low ground for some reason

Pointer to 0

like you understand things that capt doesnt vice versa

Nah he just got degraded

He got gang degraded, just scroll up

I've spent ages trying to find this one ipv6 bug too

That was patched in like 16.6 i think

i read every old jailbreak writeup

Is that where you started?

go read the holy trinity by levin

starting in like 6

https://github.com/freebsd/freebsd-src/commit/ff3d1a3f9d71e706f320f51bae258e4e1a51b388

This

Did you have an understanding of the iOS kernel before?

focusing on userland bugs instead of kernel bugs because they were too hard

ahh alright

in the words of shia lebouf

just do it

then i grabbed dora's work on pangu's untether stuff

read on the info online

Last thing I read was tihmstars presentation and the one him and CS did

and improved it

Its hard to diff the kernel when bindiff isnt working either

Ahh, my issue is my device, not a ton of freedom and no dev device only main

Can’t afford to bootloop

a 5 is the best dev device

Like IPhone 5?

yes

I just want a jailbroken main phone again

What’s latest signed

10

8 signed too

has coolbooter

Carry the iPad and figure taurine out

vulnerable to checkm8

lightning

Actually that is true, it’s a solid device but anything I learn would be old methods. By the time I figure my shot out everybody is scratching their heads at 17 and I’m still on 12

*iOS version

Meaning like figuring out new security features and such

i made this without a device btw

Howd you test?

ida

You have a Mac?

very recently