#development

since we got amfid and ct bypass

so it's just an annoyance

whatever I did didn't work

I added the entitlements to the plist, ran make, did zstd ctbypass and replaced ctbypass.gz with the resulting file

fails when getting entitlements though

also the new file is 12kb, the old one was 6kb

what's your entitlements plist look like

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>com.odysseyteam.ctbypass</string>
    <key>com.apple.developer.team-identifier</key>
    <string>odysseyteam</string>
    <key>keychain-access-groups</key>
    <array>
        <string>com.odysseyteam.*</string>
    </array>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.container-required</key>
    <false/>
    <key>com.apple.private.security.no-sandbox</key>
    <false/>
    <key>com.apple.private.security.disk-device-access</key>
    <true/>
    <key>com.apple.private.vfs.snapshot</key>
    <true/>
    <key>com.apple.private.apfs.revert-to-snapshot</key>
    <true/>
    <key>com.apple.rootless.install</key>
    <false/>
    <key>com.apple.rootless.volume.Update</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
    <key>com.apple.security.exception.iokit-user-client-class</key>
    <array>
        <string>AppleMobileApNonceUserClient</string>
        <string>AppleSEPUserClient</string>
        <string>AppleSEPManager</string>
    </array>
</dict>
</plist>

oh

false

lol

lol

still same

I mean doesn't even get past grabEntitlements

if I remove the two new entitlements it works again

huh I could've sworn I had 14.8.x blobs for my iPod touch

guess I have 14.7.1 instead

should be fine I'm running 14.6

got the log?

it should say which entitlements it failed to get

it doesn't

ok it's weird, if I put in only one of the two in the wantedEntitlements, it works

hum

if I put in both it doesn't

can you try to single step https://github.com/Odyssey-Team/Taurine/blob/825424a24cb22da81644724067e3c2a2fea3a2d2/Taurine/post-exploit/utils/entitleMe.swift#L57

or the debug build doesn't work due to kfd?

What if you call it twice w the diff ents

debug build works fine here

don't do this

why

it should say "Found an entitlement!" with the entitlements it found

so that should tell us which one it's failing on

or set a breakpoint on "wantedEntitlements.count == 0"

and do "po wantedEntitlements"

to see which ones are left

cleanup will get messed up

ic

oh

in xcode add any additional entitlement to the taurine app

doesn't really matter what you add

where do you add entitlements in Xcode

you can add an entitlements file somewhere

signing and capabilities

add a capability

yeah found it

maybe we should just call a bin to call mount on our behalf

ctbypass is the perfect target ig

yeah and couldn't you give the bin whatever seatbelt profile you want

yes

adding a capatability broke the exploit or something

lmao

probably not the best to give that a seatbelt-profile

we can just have another bin for calling mount anyways since amfid is ded

nah exploit is just broken now idk anymore

com.apple.private.persona-mgmt time

also any ent with ct bypass

fugu14 doesn't require com.apple.rootless.install so I suppose that's not the cause for the mounting fail

keep in mind this is 14.6

no idea if this changed in 14.4, 14.5 or 14.6

14.4 arm64 works OOTB

Since it fails on 14.4 I suppose it was there?

but as far as I can see 14.5 is the major update

yeah, the plot thickens

fugu14 also takes the shotgun approach to entitlements

A10X isn't able to go to 14.5.1 is it?

aka literally give it all of them

@visual meadow ?

ok it seems breakpoints are what break the exploit

It is

u just need to dump activation tickets from 16

then it works just fine

untethered and stuff

I restored my pro 10.5 to 14.4.2

and placed in 16 tickets

it works just fine

no battery drain, no weird crap?

nope

I never checked passcode or touchid

But other than those it works fine

those are important

Ok

also fortnight bug

Let me check

please do

I don't think I have 15 blobs for this

wait that exists

with 16 sep

idk

is 15 compatible with latest sep?

I added capatabilities but I'm still running into that issue

you can do the same thing as 14

17 is 16 compat idk about 16 15

check the taurine.entitlements file

but only checkm8 right

we probably should just spawn a bin to call mount I guess

ok

its setting

passcode

Ok

it set

but does it have the same issue?

passcode and touchid work

it doesn't activate yea

you have to place tickets in

huum

Everything works after u do that tho

I can't do much on 14.3

Im testing reboot after setting passcode

Wtf

it wiped its tickets

lol

whatever

it's empty

yeah so I'm good on 14.3

I mean

oh yeah add a different capability that adds an entitlement

you could boot a later kernel with checkra1n or something

homekit/healthkit/keychain stuff should work

nelectra

ok worked

still same mount issue

Aug 21 22:50:45 kernel(Sandbox)[0] <Error>: System Policy: Taurine(297) deny(1) file-mount /private/var/MobileSoftwareUpdate/rootfsmnt

yeah it's going to be the ct bypass approach then

annoying

Why not repurpose the other binary

it steals entitlements from

for entitlements and mounting

inb4 apple took fugu14 too seriously and that's what caused them to mitigate the remount technique

oh damn I have all blobs since 12.4

I have an SE that I can restore to 14.x

well, basically all blobs

but I'm going to bed now

cs has a touch 7 with 14.8.1 blobs

cya

make taurine rootless ez

but restoring those to 14 will encounter the same bug?

ah, those have 15 signed

zzzzzzz

lol

i accidentally command q'd disc

14.7.1

O

Well then that works too

opa going to bed tho

Also it compiles fine on 13.2.1

and the issue with debug doesn't happen

so lol

well yeah because it was validated on that

@visual meadow is your ipad wifi or cel

which

11 inch or 10.5

10.5

wifi

huh why's it deleting tickets then

Idk

deleted tickets when i rebooted after setting passcode

@lime pivot

While building module 'Cephei' imported from Tweak.xm:1:
In file included from <module-includes>:2:
/Users/fiore/theos/vendor/lib/iphone/rootless/Cephei.framework/Headers/Cephei-Swift.h:221:13: error: alias declarations are a C++11 extension [-Werror,-Wc++11-extensions]
using Int = ptrdiff_t;
            ^
/Users/fiore/theos/vendor/lib/iphone/rootless/Cephei.framework/Headers/Cephei-Swift.h:222:14: error: alias declarations are a C++11 extension [-Werror,-Wc++11-extensions]
using UInt = size_t;
             ^
Tweak.xm:1:9: fatal error: could not build module 'Cephei'
#import <Cephei/HBPreferences.h>

only when building for rootless does this happen, should i just add -Wno-c++11-extensions to my makefile?

r u using c++/objc++ swift interop

or at least the flag

huh

no

i'm pretty sure that like

using is not valid in c

so why is the swift generated header using cpp syntax

hit the typedef

anyone know how I could get camera access within a springboard tweak, cause i'm not doing the whole requesting perms thing like I would in an app so I'm not sure what to do

Borrowing kernel ucreds works though (when remount rootfs)

@unkempt magnet @naive kraken turns out there was a much simpler fix

/dev/disk2 on /Developer (hfs, local, nosuid, read-only)
/dev/disk0s1s1 on /private/var/MobileSoftwareUpdate/mnt1 (apfs, sealed, local, nosuid, journaled, noatime)

Nice

is it worth me pulling out my 14.6 6S to look into this or no

cs is testing on 14.7.1

that's on their Touch 7 though iirc

yes

really the ideal thing would be A11 since it weirdly works on 0 versions with the wh1te4ever fork and I have no idea if this branch works or not

https://tenor.com/view/wideawake-cant-sleep-anime-gif-20245361

now I just need to figure out how to compile this

taurine has epic makefile

should be close enough to 14.8 that it should cover that too

prob even 14.8.1

well yeah

all it changes is that one exploit u0 uses

afaik

Idk if u saw my dm but what did you change to get it to mount?

it's called the Nathan be quiet change

That's crazy

My fault

ate u up

lol

add -Wc++11-extensions -std=c++11 to cflags

thats what fixed it for me

@lime pivot or anyone else
where does rootless cephei's HBPreferences create preference file?

/var/jb/Library/PreferenceLoader/Preferences/xxx.plist?? u mean that

yep this

@naive kraken @unkempt magnet pushed again to kfd branch. It remounts successfully now, amfi is debilitated, and it gets right up to where it starts jailbreakd now

@fiery seal

Nathan skill issue

I will check it out now. Wait for me

I try on iphone 12 promax 14.8

I swear this like doesnt work

I delete the prefs file yet it stays

prefs are cached in memory. if you change anything on disk you need to killall cfprefsd (do this only for testing, don't do it from your code)

Word

Wasnt like that when i had it tested on rootful

Created Rootfs snapshot successfully but not working with other features yet

@naive kraken @unkempt magnet it is done

why is the signing tab just not there

xcode 15 beta 3

massive W

ok pushed

should be working up to 14.8.1 on arm64 now

🗿

the signing and capabilities editor

where is that

wtf I leave for a few months and this is what Sileo turns into

@grim sparrow what is this

are u on the right scheme neb?

iPod touch screen size moment

its supposed to be Analytics

11/10

yeah

Why

download anal

need

gm furry

im not a furry but gm

also giant af arrow

blurry one to

i swear xcode hates me

@native orbit can u build ipa pls

mhm

noice

it keeps panicking lol

the A9 experience

alright Ventana works

Nice

Works on A8X (air 2) 14.8.1 (haven't rebootstrapped with it but it works with odysseyra1n in place)

taurine logo!!!

lol, and my device (iphone se 14.4) just reboots

thats the userspace reboot logo i assume

keep trying

took 3 tries on my 6s

taurine splash is so nice

what kind of exploit? smith?

Download Anal

how they do the splash screen, never looked into it

Cry, not working on arm64e ios 14.8

yeah im using smith

it seems more reliable

says odysseyra1n but it is in fact taurine

because odysseyra1n strap but whatever

does bootstrapping work?

that should be as good as it can get

Xcode 13.2.1 w/ release build

lucky) my application closes and does a reboot in a couple of seconds.. but kfd from opa works

xcode 13 >>

turn off the device, let it sit for like 20 seconds, turn it on, make sure wifi icon is not greyed out, and run taurine

if the wifi icon is greyed out it doesnt work for me, not sure why that happens

restoring rootfs works @plain python

yes

yea I tested that 😛

nice

bootstrapping rn

only thing not tested is arm64e on 14.4+

but arm64 should be all set

i doubt that will work because of ppl

should update the procursus strap if ur gonna release

^

like 60 packages to update lmao

gonna try using this on my 8 that’s running 14.8.1

smith exploit has worked first try for me 4 times in a row

and its really fucking fast

who wanna make an untether

60 packages lmao

meh

works on 14.8.1 (says i’m jailbroken cos I was already strapped with odysseyra1n)

does restoring rootfs and bootstrapping work

yes

need to tell Amy that it's saying odysseyra1n on a fresh taurine install

anyways, I got another chromebook in the mail so that's my queue to get off lol

lmk if there's anything else needed for arm64 14.x otherwise I think it can be considered complete

Hardcoded string to the version mumber?

jailbreakd source /s

probably

I'm not sure

I wonder if flower ever made the pr

you have bins that work up to 14.8.1 now

lol

arm64 only right

that's why I said sarcasm

yeah I mean someone should give it a try on arm64e, worst that could happen is it doesn't work

is the ppl bypass in taurine confirmed for only up to 14.3

what would you even do w the jbd source

nothing I was joking

lmao

literally the only thing that was broken there anyways was the bit in tihmstar's code

otherwise it was just updating offsets

damm the exploit is super fast

c++ ware

when it doesn't reboot

Am I allowed to link this on the guide or should I wait?

instantly sued

link to the attachment off the sileo discord

oh it got posted there

let's see if this works on arm64e (and if it doesn't, where)

which iOS

oh I don't have a device to test

it's download anal

I'm just saying we'll see if somebody tries it

download anal

@grim sparrow pls label.numberOfLines = 0 lmao

no its good like that

make it download anal on all devices

dammit the jailbreak keeps failling

has anybody tested on A11, cause I know that was being broken earlier?

that's what's holding me up on updating the guide (and A12+ but that can be validated later)

legend says if you play minecraft before jailbreaking your success rates go up

pocket edition or pojav?

pojav gonna make your phone into a soldering iron

damn guess I won't need the Pinecil then

true, just buy an iPhone 7 with dead baseband

i really hope success rates grow over time 😭

worked 1st try 4 times straight for me

if it panics you can't immediately run it again you have to reboot

SE2 (A13) 14.7.1 part 1 log, will update when i get a part 2 exploit success

gorn

part 2

wtf lol

yeah this just got replicated on 14.4.2

so arm64 is fine (though somebody has to test A11) but arm64e is still broken for 14.4+

I get the same error, lmao

i have A11 but it's running on 16.4.1

why did I find this mildly amusing

then it's not gonna work...?

exactly

once A11 works on 14.0-14.8.1 for somebody everything is fine

me over here in my reboot kingdom 😭

im sure it does, a10 was fine so it also likely fine

not necessarily

Starting electra….

the old fork A11 was just completely broken

didn't work, even on 14.0-14.3

that was broke on everything lol

no

o

that worked fine for all other devices on 14.0-14.3 and A10(X) and earlier 14.4.x

I wonder if the fugu15 ppl bypass can be backported

dammit i got past the first line of text but then it rebooted

@native orbit @crisp frost y'all wanna make an untether

For what purpose?

Use Fugu14...

arm64e

Fugu14 why 15

more than 10 attempts.. of these, only 3 showed an error, the rest - reboot

that would only be up to 14.5.1

untehter jb real

exploit be fast ngl

it's like 3 seconds for me

I am stupid you right

lmfao

guys

i tapped on the screen repeteldy

but hey it worked

(spamming where jb button was

with smith

so uh what is it supposed to do on the second part

bootstrap

because i opened the app and hit jailbreak and it rebooted

do i have to get 2 successes in a row

no

launchd jelbrek

it panicked right?

reboot the device

yeah rebooted

manually

then wait like 20 seconds when wifi comes on and jailbreak

oop

wifi doesn't affect it but it's a good indicator when to run the jb

imma just keep my method of spamming

@frank fossil have you tried running kfd from launchd yet

it might need to run a little later

I mean fork -> run launchd -> run taurine should just work

yeah I did post some progress in Twitter

meh

but it never found launchd and amfid

aaa weird text bug happened again

gorn

taurine starts amfid if it can't find it

I think

you should run taurine after you run launchd anyway

@fiery seal haven't you gotten this error trolley

i've gotten err_jailbreak but not with the weird text

are you sure you're on latest

yes

and not bootstrapped with elu or some weird thing like tht

im on the one cs posted

whar

whar is that

elucubratus i.e. stock checkra1n or unc0ver

oh

ew

i restored rootfs

this is 14.4.2 12 pro

and then my trollstore died

tips persistence helper > gta car tracker

my persistence helper died too

i think i had it in the apple tv app

lol

I'm tired..

arm64e 14.4+

For anyone trying taurine on arm64e 14.4+ it’s not working

This is known

imma try phys

What phone you tryibg

Don’t you have a 7

iphone 7, 14.6

yes

Valid

I’m so excited

This is such good news bro I can’t wait for arm64e

No more kernel panics 🙏

Fugu moment

? this is iphone se 14.4

this iphone 7 is giving me third degree burns

A11 is apparently still broken

pov A14 on iOS 14.6 finally getting a jb

one of my iphone 7s does that too

CoolStar is updating Taurine to support newer vers

very cash money of you coolstar

ok so I'm suspecting A11 not working is an exploit offset thing

because the exploit literally doesn't succeed on any 14.x version for A11

Is this with updated? Cause it’s using Opa’s kfd fork

So it should have a ton of offsets (not saying they are perfect)

yes, this is 1.1.7b1

Ahh Alr

What phone is A11

Is that X

Idek

have somebody on Twitter/X with an 8 on 14.7.1 to check as well

though the original person was in Sileo Discord with an iPhone X on 14.4.2

Ahh

I mean if arm64e gets updated there legit would be a jb for it right

it would be the:

• first A12+ jailbreak for 14.8.1
• first A12+ iPad/A14 iPhone jailbreak for 14.6-14.8

i don’t know

да, я знаю, он ошибку выдает мне постоянно

¯_(ツ)_/¯

Yeah

Sounds logical

blud is overheating 💀

And you mean like 14.4-14.8.1 right not just 14.8.1

no

My phone does this wayyyy too often

bro how can it fail this many times 😭

u0+Fugu14 exists for 14.4-14.5.1 A12+
u0 exists for 14.6-14.8 A12/A13 iPhones

I’ve been trying for an hour 💀

for me kfd worked first try on my 14.6 6S

Ok? Checkra1n existed for the other versions too

;-;

But kfd was still added

checkra1n is A11 and earlier only for 14.0-14.8.1

smith right

physpuppet

that’s what it defaulted to

No what I’m saying is just because a jb already exists for versions doesn’t mean support won’t be added

Like why would 14.8.1 be targeted when 14.4.1-14.8.1 exist

Only some new security features are added in 14.5 and I think a few more in later version

There is no reason not to add 14.4-14.8.1 for arm64e

You know what I’m saying?

phys moment

I’m dead

it just hung at a spot for like 10 seconds then went to the taurine userspace reboot screen

so actually it works for A11 on 14.6

what

ok gonna go to sleep in a little bit here, tried for about an hour and a half without success.

actually only one successful attempt

got to step 2/3

Never back down NEVER WHAT

gonna give you up

never gonna let you down

Bro

yes bro?

has anyone had any issues on rootless where the preference file isnt reloading on disk when it should

like on rootful when i press a toggle, registerPreferenceChangeBlock for cephei picks it up and is able to read the change perfectly fine
but on rootless im running into an issue where the code is still using an old value

happy birthday @indigo peak

Oh happy birthday man!!

i was first L

I don’t have a good comeback to that message

ty

ty

happy birthday @indigo peak

@indigo peak happy birthday big man

ty

ty

what was that, 300 attempts for 2 successes?

ok so back to my issue please

i shall ask again

has anyone had any issues on rootless where the preference file isnt reloading on disk when it should
like on rootful when i press a toggle, registerPreferenceChangeBlock for cephei picks it up and is able to read the change perfectly fine
but on rootless im running into an issue where the code is still using an old value

thank you capt incorporated

WHAT

Yep

Supports most arm64 14.X

Its gonna be worth the wait

Haha I really hope

alhamdulillah

It’s not looking the best rn but

it's looking the best in a very long time

One day, Coolstart did a Nick Eh 30 NEVER BACK DOWN, NEVER GIVE UP

I WILL glaze the fuck out of taurine now

never back down never what

NEVER BACK DOWN NEVER WHAT

Well only reason I say this is because I don’t believe CS has an arm64e device so it’s difficult to do testing unless it’s with other people’s devices

hopefully it would've been worth the weight

wait* sorry

Ayo @ star, Tiktok stealing Taurine UI.

It’s a blatant rip

doesn't work for me

tried 4-5 times

A11 btw ^^^

interestingly, the one time where I wasn't plugged in, it rebooted to the battery dead charging screen

I forgot small devices exist dw about it

What does “ cant turn auto boot back to true “

Mean

Also btw the device has an issue where it turns off randomly, and requires to be plugged in to turn on

lmao

chad

(as a 12m user too)

lol

I wouldn’t get away with a 12m

love the size battery is fine too

well when its not an old one

700 cycles now its starting to fall off

arm64 only?

Taurine not working on arm64e is it because of AMFI?

because of PPL I think

I don't think so, ios 14 can jailbreak without PPL bypass. Unc0ver updated for ios 14.8 which only needs to IOMFB exploit

What

They need a ppl bypass too lol

They had it

offsets are probably wrong on arm64e

(on 14.5+ especially)

How high does it work

/did you guys test on

could arm64 ios 16 jailbreak without ppl bypass

didn't ask

Yes

arm64 doesn’t have PPL in the first place

fake ppl

no

Made an untethered KFD Taurine for fun

Seems kfd doesn't work well on super early boot, it always panics for me

So I added an intentional 10 seconds delay
Idk if it's solvable

Maybe I should try physpuppet instead of smith

I’m not

I’m using HBPrefs

It's worse than smith lmao

HBPrefs isn’t detecting the change in the file properly

so I think it’s an issue with the file not reloading properly

but it works 100% as intended on rootful

@indigo peak jbd

hbd

I’m not touching the prefs file

All I’m using is HBPreferences to read the file
and using regular preference loader to write to the file

what jailbreak are you on

so it worked fine on rootful palera1n

but is having issues on rootless dopamine

check logs and see what output there is from the cfprefsd hook

and using regular preference loader to write to the file
are you specifying the file path or just the domain

(hint: it should be the latter)

domain

ok yea check cfprefsd hook logs

i blame capt

nah

this is quite obviously girs fault

i agree

@native orbit I’m doing this

<key>cell</key>
<string>PSSwitchCell</string>
<key>default</key>
<false/>
<key>defaults</key>
<string>com.yourcompany.tweak</string>
<key>key</key>
<string>somePref</string>
<key>label</key>
<string>Some Pref</string>

like there shouldn’t be any issues on that front, right?

what u trying to do

HBPreferences *preferences;
bool somePref;

%ctor {
    preferences = [[HBPreferences alloc] initWithIdentifier:@"com.yourcompany.tweak"];
    [preferences registerBool:&somePref default:YES forKey:@"somePref"];

    [preferences registerPreferenceChangeBlock:^() {
        // handle changes here
    }];
}

this isn't a direct copy/paste from your file right

because SomePref != somePref

more or less, i simplified it bc otherwise the rest of the tweak code would be there

that was just a mistake i made while sending it here

ok

ok yes you should check cfprefsd logs then

get a tweak to work the same on rootless as rootful

should work without any changes

also from what i understand you need PostNotification?

https://hbang.github.io/libcephei/Classes/HBPreferences.html#/c:objc(cs)HBPreferences(im)registerObject:default:forKey::~:text=You must post,ReloadPrefs<%2Fstring> <%2Fdict>

your issue is probably in how you write them, not in how you read them

I have that, forgot to add it to my message

it works in rootful and not on rootless which is why I’m confused

what could I do differently

bc isn’t the xml the way it gets written?

check with filza if it gets written and where?

it’s getting written to
/var/jb/var/mobile/Library/Preferences/com.yourcompany.tweak.plist

I don't see why that code wouldn't work then

my main question is why it works perfectly fine on rootful but not on rootless

what jailbreaks

Dopamine rootless
Palera1n rootful

and it’s 2 dopamine devices where it’s not working

you can't really compare these

I’m happy to provide help and feedback. iOS 14.8 iPad 8th gen, I think a good jailbreak relies on mass feedback from the community. If there’s anything needing testing, I’m happy to execute on my device

wat

iPad 8 gen iOS 14.7.1

That’s what YMMV means

Your mileage varied negatively

what should I do

wait for fix

amfidebilitate didn't spawn

was the ipa installed through trollstore?

it didn't spawn because error 85

which means codesign failure or something

yep

Tbf I made taurine think the iPad was jailbroken once when I set it to user

there's err 2 even before

That’s the error u get trying to spawn a bin without it being in a loaded tc btw

"Bad executable" my ass

Respring and there was nothing though

2 -> enoent -> no such file or directory

this is 14, this has amfid haxxx

I see

anyways maybe the forbidden entitlements put behind trust level 7 are a thing on iOS 14.5 already?

Do you guys need me to test something I get the same errors

something's failling in takeoverAmfid

then it fails again on remount

and that's where the second posix spawn fail comes from (?)

this is even before amfidebilitate

https://github.com/Odyssey-Team/Taurine/blob/ae6af729fa6d3edf952becf2215f9cf080ed74fa/Taurine/post-exploit/utils/amfidtakeover.swift#L168 need someone to debug here

it fucking up on arm64e or arm64?

arm64e

a64e 14.4+

rip

Indeed

all my 14 devices are e less

?

they are ARM64?

ye

Mine is ARM64e

Ripperoni pepperoni

that's what we need

^

Uh how do I do that

@prime ingot believes to know the issue

g

I’m the sileo discord guy

Tell them about the bootstrapper thing

But on ARM64, he had the issue

on my ipad it just failed to bootstrap, but when I jbed with checkra1n to use the oddyssey bootstrapper the script and the shortcut failed

https://developer.apple.com/documentation/xcode/stepping-through-code-and-inspecting-variables-to-isolate-bugs see this, start in the line I said above, and then press on step over until it prints posix spawn fail or failed to get region, and send a screenshot

meant this message

the url it was trying to use was github.com/coolstar/Odyssey-bootstrap/raw/master/ instead of what seems to be the new url which is raw.githubusercontent.com/master/

Does that require a Mac

I dunno if that helps in any way

actually the logs do start with an error about no internet

requires xcode mate

Apologies mate

I lack a mac

Where is the full log file kept

I can send that if this little twat stops kernel panicking

My iPad, not the app, I love coolstar and taurine

we just need the end of the log

from the app I guess

from console app on Mac would be cool too but

Gotta try 100 bajillion times for it not to kernel panic https://cdn.discordapp.com/emojis/1018282526147629158.png?size=48&quality=lossless

use phys puppet instead of smith

seems more reliable to me

wrong

the root cause of all these issues is that there is an app crash

smith been better for more

in some logging function

so half the time it just panics because the app crashes, but it's really weird

I find it’s more than half

i removed emojis in the logs of kfd and it fixed it

what

Chris doesn’t always do the error popup tbf

What

what

No fucking way

sumn with taurine log system is trying to color the emoji or some shit idk

yep that sounds about right

just the app crashes at time nothing else

what

https://media.discordapp.net/stickers/1135939307144749099.png?size=160

😭

that is the funniest bug ive heard of in a while

mfw a green circle breaks the whole app

Send patched eye pee ayy?

Actually is that illegal

oi I ain't sending you none of my piss

No it’s IPA

technically

sort of

but will you actually get in legal trouble

no

No but I don’t wanna upset coolstar

I mean on the copyright

no one in the right mind is gonna try and sue you over an ipa

Redistribution

No I mean coolstar might get irritated that we violate her copyright liscence

oh my god shut up

if the source is open and recompiled

bruhhh I keep meaning to type more and I kkeep pressing the fucking enter key

im just gonna stop talking

Ok

@steady nest @hollow wraith @naive kraken offsets for task flags are wrong on arm64e 14.5+

Confirmed?

and I suspect bsd_info and jop_pid are wrong too

Oh

I had to update the one for arm64 as it had the same issue

So what result did someone get when disabling emoji in kfd

Ah.

app didnt crash when debugging

thats it

Ooh that’s useful

Didnt crash for me when debugging

Also the chris method when working shows emojis

I guess we'll see what the 14.4+ arm64e issue is when cs remotes in, ikd when tho

Its something with jbexec/libhooker

logging emojis seems to work for me

On Chris and the other method?

I think generally it's not a good idea to have the log thread running during the exploit

idk what was going on with it tbh, just the first thing i thought off and it fixed my issue

physpuppet errors the emojis when it works (most of the time) Chris doesn’t error the emojis when it runs (I’ve had 7 goes in a row and it hasn’t worked again)

Physpuppet literally never failed when coolstar was remoted in

Like

i just changed red to failed, green to success, etc

Ran it like 15 times

Not a single kernel panic on iOS 14.4+ A12?

physpuppet never failed on me on 12/13 either

disabling the logging thread completely seems to increase my success rate by a lot

physpuppet was also first try on my 6S on 14.6

Is my input helping or slowing this down

I know smith has to do some extra cleanup (based on what the write up said iirc)

Just tell me to fuck off and I will https://cdn.discordapp.com/emojis/1018282526147629158.png?size=48&quality=lossless

physpuppet never worked for me on 14.6 A11

nvm just worked

idk what was up with it not working earlier

I find that a little bit ironic

success rate so good

I think logging is the problem

Lemme see if it reaches the end of the break with logs turned off

turning off logs isn't going to "turn off logs"

Like the in app logging

I commented that out

Yeah but it works sometimes

i think just pausing all threads the best during exploit

No panic just fails

worked 3/3 times with logs commented out

trying again now with logs enabled

Hardware software combo?

A11, 14.6

kfd works on iOS 12.5.7

idk wtf I did to fix the weird issue but idc

it works

it doesn't say success though?

Uh

💀

yes kwrite just hung

wtf

Unrelated

that happens normally

mfw unrelated 💀

omg now i have to figure out why kwrite doesn't work

Ok

logs not commented out worked 0/3 times so yeah that seems to be the problem @plain python

So the only errors are the font and then the end result

and with logs commented out I mean outputSource and errorSource

ios 12 exploits aren't even that bad

i genuinely dont know why these prefs wont work

rootless bad

i just don't want to use life_waste on my poor 5s

time_saved better

that's normal

Yes

I know now

does taurine just log all stdout messages

Afaik, i think?

how do I disable the log thread

for what

Odyssey

hm

@hollow wraith @naive kraken I found my old arm64e patchfinder; going to grab the 14.5 offsets in a few min

Okie dokie

huge

I love your work by the way you’re really cool

Coolstar

Wstar

gotta ask, any plans for launchd untether

it's kinda cool how this one finds offsets on arm64e

it uses the PAC to destroy the PAC

It hurt itself in confusion

https://github.com/Odyssey-Team/Odyssey/blob/9253c774c1c67a943a98f288cd0edb55b892d302/Odyssey/app/LogStream.swift#L94

ok

shut up

lol amy already released a fix for that canister issue

@slender glade just comment out https://github.com/Odyssey-Team/Odyssey/blob/master/Odyssey/app/AppDelegate.swift#L16 and make sure log window is disabled

This happens about half the time smith doesn’t panic

This is at the end of the Logs

inshallah

https://www.youtube.com/watch?v=OxLIqdQG5Ig

tfw I'd rather grab the asn1 parser from taurine and shove it into a Swift playground instead of bothering to compile tihmstar's shit to get img4tool

why do you have an asn1 parser

Dependency hell

no i mean thanks

😭

to get rid of img4tool

oh

i am sorry for your loss (parsing asn1)

that shit is pain

nah it's fine

crying in kcache decompression

just don't use tihmstar's shit

img4lib is good

i was using apple private api

so debugging was hard

What’s your guys thought on bram moolenar dying

if tihmstar-ware has 1,000,000 haters i'm one of them.
if tihmstar-ware has 100,000 haters i'm one of them.
if tihmstar-ware has 1,000 haters i'm one of them.
if tihmstar-ware has no haters, i'm no longer alive

siguza the goat for sending a full on sample file

wtf does that have to do with ASN1 and img4

I didn’t use vim but he was so influential

Idk everyone likes vim

no one likes vim

vim exit simulator

I prefer other cli goodies

id rather die

https://cdn.discordapp.com/emojis/1138784979132891156.gif?size=48&quality=lossless

fix for log issue

exploit run on the main thread ?

i mean ig not otherwise the app'd just hang lol

o, i run mine on main

then hop back to bg thread

wen eta socket2...

shortly

that bg animation is so good

so much fucking code

its like 30000 lines now

watchdog doesn't really like this

I thought it suspends ur app after a certain time of hanging

guys I have an ios 1-17 jb you just gotta send me your devices (icloud logged out and fmi off)

(real)

im talking bout ios 10, exploit has much lower success rate if not on main

mainly on 32bit

what

how does that impact success rate

fuck if i know

lmfao wtf

32bit just cursed

👀

gm

what about how that chimera has a higher success rate in a freezer

gm

don't put ur phone in the freezer btw

no way

thats crazy

fr just let it cooldown by itself

turn it off and wait a few mintues

where else am I supposed to put my phone

I don't think kok3shi9's 32bit exploit runs on the main thread iirc

idk what going on with it

it a issue to deal with later

@plain python question

why'd u make 0xbd34a880be0b53f3 the default gen for ur jbs

because there used to be a way to get nonce collisions

and that generator was the one where it happened the most with

iirc

😯

but that was just like A9 I think

damn that's like 7 years ago now

if i'm on a7 i don't actually need the give_ppl_pages function of kfd right

idk just try removing it and see if it panics?

true

try it and see

thread suspend reminded me of breaking a phoenix exploit with kok3shiv4.0b1...

@hollow wraith @naive kraken @steady nest pushed with fixed arm64e 14.5 offsets for task. Pull and try it and see if amfid works now

Hm?

What’s the repo

kfd branch in Taurine

I don't have such a device

bsd_info and flags had wrong offsets, which would cause that error in amfidebilitate