#development

that won't help

yea i guess

Physpuppet often crashes earlier on

Should I try as user app rather than a system app

Just wait i'll be home soon

Also no that wont help

Ok no worries mate

mfw the kernel is spooked

https://tenor.com/view/cum-jar-me-entering-video-game-gif-16032003

@hollow wraith gonna send you a build with a bunch of sleep statements scattered in. It'll run slow AF but it'll tell us where it's crashing

(since it'll purposely wait 3 seconds at random points)

Ok thank you very much

DM?

Oh ignore my friend request

I don't do DMs on jailbreak servers, since I really shouldn't be here in the first place

Huh why

because of the people here

in this community

^^ there's a reason I quit jailbreaking

Oh right

L toxic ppl

Oh and people are horrible people in DMs

I saw people being transphobic on r/jb again literally just yesterday, to no one's surprise

since I'm still subbed to that subreddit for some reason

Ignore the dirty ass screen I cleaned it an hour ago

Smith

It has to be ppl

Right?

huh

Or bad

what

Im making guesses

I'd assume it might be offsets though

I would probably stop making guesses until there’s literally no logical possible explanation left

yeah this is exploit fail

Puppet

exploit fail

send the panic lol

Wait it got further this time

the next to last panic

I don’t have a scooby how lol

yeah, send the 17:14 panic

I’m literally a kid on his iPad

How do I do that lol

Settings -> Privacy -> Analytics

and then look for the panic with 17:14 in the name

Settings -> Privacy -> Analytics -> analytics data

171452?

jop pid seems to be correct so it's not that

that subreddit is actually so vile on large threads

should be

send the panic (look for 17:14 timestamp)

that's a major reason why I quit

Is this safe to send publicly

Yea

yes

+1

i don’t get why you would tell them ur trans though

I'm curious if it panics before or after it starts amfidebilitate

isn't twitter worse

twitter is better bc i can just block anyone I don't like

but if u post smth anywhere some asshat posts it on reddit

and u can't control it there

it’s none of their business anyway

luckily because of Elon's rebrand I don't even open twitter on accident on my phone anymore

I search spotlight for Twitter, nothing pops up and I go about my day

discord should rebrand

my productivity would rise 200%

@plain python ik this is probly a dumb question but like could you JB a chromebook? like change the UI/animations etc?

wydm

why would u come out publicly

when u can just change name and people will follow

here

idk i think that's just a human thing to do

data abort

that’s not pac then

ppl

Do you need any more logs

not ppl

guys i tried to jailbreak an ipad air 2 with taurine 1.1.7b1 but it said running exploit, then rebooted and didn't jailbreak

the exploit failed, try again

you can do far better with a chromebook

if you come out publicly you miss out on the fun of arab transphobic guys lusting over you 🤭

I have lots of panics and I can make more

you forget they still sent me dick pics before I finally quit jailbreaking

That poor, poor, cpu

ik but kinda like having the playstore stuff, and ik windows 11 has it but i like the way chrome OS/fyde OS has it

HSR

nice job on this by the way - just saw the ping for it in the chrultrabook server

Intel N100 benchmarks about the same as the Core i5-7400 actually

I have a panic-full from A13 14.7.1 too if it's needed (this on 1.1.7b2)

same place

you can run apk's on Win11

x0 is 0x60 again

i didn’t know about that wtf

I’m not feeling very well I think Tim apple is rebelling

hm amfidebilitate is spawning and panic'ing

let me clean + rebuild basebins

that might be the issue

@plain python gun to the back of ur head name 5 hanzo mains who are not unbearable

are any of these words in the bible

Yeah

gun

@hollow wraith try this

I did a funny edit of it to actually put HSR in

(yes I blocked out the UID so y'all can't add me)

Did so much then fell short

Full log required?

panic?

looks much better hehe

is it the caltrain

No panic

It looks like it got to the jbexec/libhooker issue

check if you have a jbexec crash

How

Search for jbexec in logs

same place as the panic log

^

just search for jbexec instead

lh isn't used here is it lol

Send it?

Yea

yes

it is

There is one

Do I send it

Yeah

jbexec dlopens pspawn-stg2 (which uses libhooker) and calls posix_spawn

so jbexec is almost never the problem. it's pspawn-stg2 usually

Do I need to try chris or whatever

Opa says some hook is failing

No

Just send jbexec log

EXC_BAD_ACCESS :hahawtf:

I think its the same thing as mine

This ones from 14.4

Yeah it's the same

this looks slightly different

Ok

I wonder if that one bug is fixed

?

When trying smith I get a weird error

Freezes here

That's normal

Oh

Well it freezes

There

Just wait

Err jb will spew

Sure

Spire

How long

It’s been 2 mins

Holy shot single trolling is so bad

Of my god

Swipe typing is ass

Is this just a shut up and be patient moment

yes

huh this is quite different

Do I need to charge it? Actively cool it?

That’s smith

Its because bootstrap is already extracted

Well shit it didn’t reboot

did it extract bootstrap in the run before?

yes

Its the libhooker issue

That needs fixed

How do I reboot it in a taurine not dying friendly way

Just... reboot

Is there an option for that? Wont turning off and back on clear ram?

Just turn off and on

Ok

Turning it on

No need to rerun because libhooker issue will happen again

Just wait for cs

Ok

So it wasn’t actually jailbroken?

I guess you could call it kinda

As in call it in software or as in I could say that but that’s not technically the right term

You are close to jben tho

Just 1 issue, most likely

Oh wait I did it again now it’s err_jailbreak

Because thats like right at the end of jb process

Normal

Its not gonna work

Yeah I know I ran it before you said not to

So does taurine see if jailbreakd is running and decide from that?

Yes

Right

Can you @ me when I’m needed please I don’t feel well at all, I’m sweating but I’m cold, I’m shaking and I feel sick with a headache

restore rootfs

Ok

Why

rest a bit bro

Do I restore rootFS anyway

don't fuck up your health for a jailbreak

Nah bro it’s for everyone bro

Not just for me

also nathan will be home in a bit

i can test too

I’m only gonna be a miserable git trying to sleep anyway

yeah and cube exists so

So should I restore rootfs

I get home at 2:40 EST

I also set up a hackintosh with xcode 12.whatever

The one coolstar used

14 is fine

Actually no its 13.whatever

Yea but debug is fucky

Anyways I got anydesk on it too

We used my macbook air and xcode beta wasn't working well

And it barely had space

My hackintosh has 1tb so

boom

Does restore rootfs delete /taurine

Yes

So I’m meant to restore rootfs

And that will wipe that

Just rootfs for now

Yea

coolstar plays hsr

lfg

A14 14.6 not work

What’s that

Honkai Star Rail

/taurine is NUKED

Just wait it will be fixed soon

Is this gonna bit a shitty experience when I set it up anyway

Ok thx 🙏🙏🙏

Like it’s new

I like testing

Yeah that issue is on 14.4-14.8.1 arm64e

Just wait

Wait so I have achieved root file access?

taurine 2

Yes

Wow there’s a chance I’m the first person in the world on my device software combo

I'll dm or ping cs when I'm home

Whatever is preferred

Perf. I’ll take some paracetamol. I’m down to help

Wow I need to be prepared to jb

Uhh I need to buy some tweaks

Shit I spent my money on mwiii

Oh well maybe free tweaks are good too

cylinder reborn from chariz is a good free tweak to just test and see if tweak injection is working

cause the effects are immediately obvious

That sounds bad

What are said effects?

Oh I won a tweak that isn’t compatible with iOS 15 and I fucking redeemed it

cool effects when you swipe between pages on the home screen

https://cdn.chariz.cloud/screenshot/cylinder-reborn/cylinder-reborn.mp4

That’s headache inducing

iOS 18 leak

anyway yeah if someone wants to give me an iOS 15-15.7 phone to install Joe on

Oh can I force enable app library on iPadOS 14

Yea

you can't deny it's a good test for tweak injection tho

I suppose

So is nexus 👍

Sellout

nexus drm activated ווי און אַבאָנירן

Is it free

nope

yeah true, safe mode is pretty obvious

@hasty ruin damn looks like you’re gonna he’s to gift me the tweak for me to test it

What a shame

I mean the crashes @hollow wraith @visual meadow seem to be caused by the process not having debug flags set

and it's trying to run unsigned code

@plain python?

I guess that makes sense

Damnit do I need fucking Xcode

I already have it

Wait dont jit launchers launch with debug flag

Why wouldn't it be set?

I have no idea how this is done on 14

but xina uses get-task-allow entitlement + ptrace

I really hope we don't actually have to call ptrace on 14

since it just uses CS_DEBUGGED there

did that just work?

yes

like on 15 you have to set wx_allowed on the pmap and that's PPLed

I know that's there on 15

Is this terrible news or bad news

but shouldn't be necessary on 14

I mean

unc0ver works somehow

Mfw closed source

Wait is it

yes..

Shi

Thought so

anyways this crash is either CS_DEBUGGED not being set correctly or the change to wx_allowed having been done earlier

I mean you can always call csops to verify it being set

I doubt 14.4 has it

That really could've changed in just 14.3 to 14.4?

doubt

I mean

actually

https://tenor.com/view/nick-eh-30-never-back-down-never-give-up-gif-15938629783250590873

hmmm

Im currently on 14.4.1, what info do you guys want me to check (u0)

I was going to say Fugu14 is open source

But idk if it does anything like this

Fugu14 uses a PAC Bypass and PPL Bypass iirc

also that has a PPL bypass anyways

this isn't easy to check

gnu+ linux

Why not? Could you just whip together a quick IPA that just used kfd to check the info of something already running

Cause I’m already jb and all

Not saying your wrong, legit have no idea what you are talking about so

I mean that's possible with libkrw aswell

but it's like

what do you check

the only thing you could check is what happens when you unset CS_DEBUGGED and run unsigned code that hasn't been paged in

Going to see my mom at work. They put her on a late shift

Hmmm yeah I see what you mean

Say hi for me

That also sucks with Fugu, it’s open source but it’s implementation isn’t

So much info but none at the same time

i figured out why i can't go on to kwrite

the patchfinder is hanging

yeah not surprising

the instruction it checks for prob doesn't exist on iOS 12

man

i'm too stupid to write my own patchfinder

Wait

https://tenor.com/view/hi-morning-sunshine-good-morning-gif-18461250

checkra1n works on ios 12 though shouldn't its patchfinder work

Fugu14 has open source jbd?

Since when

Yes

since it released

I thought it used u0’s jbd

u0 has no jbd

Damn ok

I never knew that

bro that's not the point of this patchfinder

the point of this patchfinder is to find kernproc in reasonable time

oh tru e...

of course you can always do a proper patchfind but it's going to take ages

cause the read primitive is slow af and you don't have access to the kernelcache file until the exploit is done

rip

you could pull the thing I did in Electra1141 and download kernelcache from Apple's servers 🚎

I'd rather not lol

reminds me of https://github.com/tihmstar/libgrabkernel

i forgot to change the 0x4000 to 0x1000

@granite frigate you can always just find the offset via IDA

would that affect it 💀

right

ok

What 0x4000

hm

worth a try

nope

depends on whether it got stuck there

😭

u on a 4k device?

yea a7

ah

what u trying to do

get kfd to work on ios 12 a7

okkk the 0x1000 doesn't work

sadge

how far u gotten?

finding kernproc

damn iphones have 4k screens thats 🔥

dont kfd find that?

can't you hardcode it

that was the thing that was used

just look it up on the kcache

i am sad to say i have no idea how

or fixup the patchfinder of course

uh

do i have a 12.5 device...?

idk do u

update 5s

i got the kcache but idk how to actually find stuff in it

perfect time to learn how!

Yeah

ok time to google

I have real hopper

I bought it lol

ida 7.7 >

ida 8.3 >

It works well enough right

opa334>opa333

334>333

piracy >

real binja ftw

shits affordable asf

38/year as student

IDA 7.7 is free

in conclusion idk wtf im doing

no one here has jobs

i have job

yea true mb

I’m 14 and have job

Yippee

I still like bargains though

I get termius for free

bad battery & fucked screen connectors on mobo probably

💀

ok clearly im too stupid to find it manually

Had some wwi and paracetamol

I feel better and I’m ready to help

Any new discoveries in the 14.4+ A12?

child labor

Nope

Completely legal

Only a couple hours per week

I hope they’re not paying you

What

Did you accidentally add a not

No

Why would you want unpaid labour

None

IDA 8.3 is "free" too if you work somewhere where you need it

Has Nathan been testing stuff or are testers awaiting

Im not entirely sure what he has tested

But I don’t think he is actively testing anything rn

ok kernel data abort (I tried sem_open and kqwl workloop to find kernelproc as they used static offsets)

Ok

He’s in between

Ok perf

I’ll stay out of it now

Yeah keep flexing

and as a bonus you don't have to deal with wine bullshit

I just have someone else pay for mine

shout out to @queen thicket

dude paying for IDA AND binja we ate his wallet up bruh

I've tried twice

What should I do

Cs sent me something to test so ill test when i get home

Broke boy

Should I turn on airplane mode or smth??

Huh

Bro stuck on iOS 11

Prob not gonna help

on my A8X 14.8.1 device the success rate is terrible, it took me like 20 tries
it's potentially fixable but idk the progress on that

so keep trying

I'm on 14.6

yeah

Nice good to hear

it may help to turn on the device and let it sit like that for a few minutes before jailbreaking

Put in fridge

unnecessary

In front of fan

What

Don’t worry about bro

He in his own world

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

capt can't even spell his own name in his pfp

Nah cause straight up

Wait which exploit did u use

Physpuppet or smith

i've had at least one success with both, but both have terrible success rate

Ye ik

Probably the 10th time I've tried now and still the reboot issue

Did u turn on airplane mode when doing it?

faptain kink

Can we keep this out of here pls

no

we can’t sadly

https://media.discordapp.net/attachments/688121419980341282/1116997332089700462/image0.gif

gorn

Ok now I understand

how about you stp your antipsychotics onto your throat stack

how about you stp your antipsychotics onto your throat stack

how about you stp your antipsychotics onto your throat stack

true tho

faptain kink

armoids

x86 sigmas

amd64 so much cleaner fr

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

Your ass ain’t even an orange name

Take your ass back to #jailbreak

#OnlyOrangeNamesShouldBeAllowedToMessageInHere

actually true

I mean true but then again you get the occasional no name white name like legit level 0 who has 18x my knowledge

Like there is a decent chunk of people I have never seen that are more knowledgeable than me

But that’s rare

Sacrosanct

Beautiful example 😭

Cause it’s accurate

I'm not smart

Can’t make a comment on this but you know more than me 🤷‍♂️

All about relativity

Nobody looks smart when CS or Opa is in chat

Lmao

I legit struggle to hold convos with them because only half the time do I know what I’m talking about

Still tryna learn but like

Same

I'm not smart

All about relativity

😄

How many jaikbreaks did each dev make
Iosrouter: 0

Opa: 1

Boom

i made leviathan

Actually someone explain this to me

Why tf does u0 with Fugu14 need PPL but taurine doesn’t

Fugu14 included a PAC Bypass and PPL Bypass

But taurine doesn’t have PPL bypass does ITV

*it?

Or am I being stupid

Also PAC wasn’t intro’d until 14.5

Im on 14.4.1

no?

Taurine doesn’t utilize Fugu14 whatsoever, and prior to 15 it wasn’t a necessity

PPL isn’t needed in 14 at all?

I'm assuming you can do something like PPL-less like how PACless is a thing

I guess that’s fair

unc0ver also doesn't utilize Fugu14 for anything other than kernel r/w

afaik

You sure?

pretty sure

Not saying your wrong I’ve just never had someone answer that

I’ve asked that question millions of times

Because Fugu14 itself is like 15 exploits

I mean they support iOS 14.8 arm64e too

And I don't think they wanna have extra logic for when they have access to a PPL bypass vs not

Yeah That makes sense

Surprised no one messed with Fugu14 untether more

I know it’s rough cause easy bootloop but still

Especially with how curious people are

I think it’s very valid iOS 14 has been seeing some love tho

No one could have guessed that

well, the Fugu14 untether doesn't matter at all

It did at the time, but it was superseded

Just cause of TrollStore or because it’s such a small compatibility window?

haxx?

because of the CoreTrust bug

Was never even used I don’t think which sucks but

which essentialy gives you code exec as pid 1 with any entitlement

wtf bro

ah minsunderstood

thought you said it sucked lol

Nah you good

I meant like nobody really implemented right?

Unless I’m wrong

https://github.com/asdfugil/haxx

We are talking about this right^

Sorry can’t delete embed, mobile

@visual meadow how’d you get your ass on here

😭 I’m crying

I’m dead as fuck

Bro was doing tricks on it

Is that iOS 13 or 14

my phone also has that github bug on ios 13

Oh ok

Yeah GitHub been weird

Idk why

Is this a Fr known thing?

The zoom out or whatever

I thought I was diffy and unlucky

¯_(ツ)_/¯

Prolly old browser

Yeah I refuse to use chrome or anything

Not cause it’s bad I just fw safarai

Most of the time

I mean all browsers on iOS use the webkit included with the OS version

Man wtf i still cant figure out how to find kernproc

Diff versions

W/e i'll try tomorrow

Have you added prints just to see where the issue is

I think every browser in iOS is just Safari under the hood

Diff WebKit versions tho right?

It's stuck in a while true loop

Idk

Nah

That's the entire point of CyberKit

What ver are you doing

12?

Yes

Wtf is CyberKit

Is this a tweak or just another kit

Webkit browser backported for older iOS

https://github.com/UInt2048/CyberKit

Oh shoot lemme look this up

I’m crying

267k

Bro the UI is like non existent 😭

how did bro get that far behind

Right

yoo

@indigo peak happy birthday!

@indigo peak happy birthday!

thanks!

yooo fr

happy bday

At least I have an ass

W comeback

Are you 12

No

Ok so don’t act like it or move ur ass to #jailbreak

Say it nicely

Suck my dick

@granite frigate u on?

did u test kfd on iOS 12

I'll pass on that offer

I think you're in the wrong server bro, there's no nsfw channel here

Sorry bro I just joined rjb 7 days ago idk anyrhing abt this server

They got stuck on KernProc

“Man wtf i still cant figure out how to find kernproc”

“"“Man wtf i still cant figure out how to find kernproc”"”

🗿

wtf is a kernproc

proc of kernel idk

a global that points to the kernel proc

I just relayed the info 🤷‍♂️

there’s also initproc

@slender glade @steady nest

is initproc that of launchd’s

yep

😲

uint64_t find_kernproc(uint64_t region, uint8_t* kdata, size_t ksize)
{
    // search C8 10 82 52
    //__TEXT:__text:FFFFFF80024BBC58                 LDR             X8, [X22,#_kernproc@PAGEOFF]
    //__TEXT:__text:FFFFFF80024BBC5C                 STR             X8, [SP,#0x60+var_28]
    //__TEXT:__text:FFFFFF80024BBC60                 MOV             W8, #0xFFFF
    //__TEXT:__text:FFFFFF80024BBC64                 STR             W8, [SP,#0x60+var_44]
    //__TEXT:__text:FFFFFF80024BBC68                 MOV             W8, #0x1086
    uint8_t search[] = { 0xC8, 0x10, 0x82, 0x52 };
    uint32_t* insn = memmem(kdata, ksize, search, sizeof(search) / sizeof(*search));
    if (!insn)
        return 0;
    
    // Find LDR
    uint32_t* ldr_addr = find_prev_insn_matching_64(kdata, insn, insn_is_ldr_imm_64);
    if (!ldr_addr)
        return 0;
    
    //PFLog("ldr_addr %p\n", (void *)((uint8_t *)ldr_addr - kdata));
    
    uint64_t pc_ref = find_pc_rel_value_64(region, kdata, ksize, ldr_addr, insn_ldr_imm_rn_64(ldr_addr));
    if (!pc_ref)
        return 0;
    
    return find_pc_rel_value_64(region, kdata, ksize, ldr_addr + 1, insn_ldr_imm_rn_64(ldr_addr));
}

this finds it for iOS 8, YMMV

the symbol shouldn't be there on later iOS versions

Anyone have arm64e 14.3 device

wait FUICK

what

oh

right

yeah

aaaaaa

taurine keeps getting stuck at jailbreakd started

what phone that is

iphone 7

ios 14.6

idk goot bye

💀

i have an xs on 14.2 somewhere

ios 18 leak

everyone's favorite img4 parser got an update https://github.com/m1stadev/PyIMG4/releases/tag/v0.8

please sir depless windows support

this should actually do that

from now on installing pyimg4 by itself doesn't require a buildsystem

but no compression support

you'll have to install pyimg4[compression] for that

yah was referring to compression deps on windows

i c

write the lzss/lzfse libs in pure python then trolley

i got you

at least it actually works on windows if you install a buildsystem

https://github.com/Odyssey-Team/Taurine/blob/main/Taurine/post-exploit/utils/asn1/LZSSDecoder.swift

just port that

i need compression also

& lzfse

is that bvx2?

yeah

The compresison libraries

give me LZSS/LZFSE compression impls that iboot will actually accept

those libs are p much only good for decompression

i ran 3dmark and once it was finished i got a successful attempt on taurine kfd trolley

wild life unlimited mode

can you send

also need python dmg mounter or reader/writer for multiplat

it was very customized for my usecase

aka parsing a cert

ah

pure python dmg mounter would actually be crazy

ngl

wip

https://github.com/jevinskie/FruitSU

looks slightly dead

cool though

dev is active in hack different

cum library

sorry

jevin the goat

jevin the goat

@ashen birch how should test LZSSDecoder.py (from the swift port from CS)

extract a kernel im4p with pyimg4 but don't decompress it

and just run it through that

@hasty ruin

@primal perch

@plain python did you manage to debug the issue? I’m free for a bit to help, but I don’t got Xcode if logs and stuff are needed

can you send me one i dont think i have any kernel caches downloaded :/

pzb one?

ipsw download ipsw -v 16.5.1 -d iPhone15,2 --kernel

We were working on it

well mostly cs but

Got it to jailbreak and userspace reboot

and then

all processes were broken

But I guess its a step

wen eta untether

realistically, what work would be necessary for taurine to be untethered?

nvram read for anti-bootloop

We hijack launchd, then we’d need launchd working but not spawning any tasks or daemons, but spawning amfid…?

userspace reboot on boot wouldn’t be needed, what else

Then why not like

Hook into launchd

If its possible to inject ct signed dylib into it

with DYLD_INSERT_LIBRARIES

No

or does that not work

ok

I mean

we can’t spawn amfid without launchd

this doesn’t work because it isn’t tf_platform

and this doesn’t work because uh… dyld?

not this shit again main

did you already forget

yes

sorry

need to check pwned dyld signed with codesign @faint timber

still safer to bindmount

would be suicidal to outright replace dyld on fs

I can sshrd

mfw 100% rootfs usage

your gf is 3

IOPlatformPanicAction -> AppleEmbeddedNVMeController
IOPlatformPanicAction -> AppleT8011USBXDCI
IOPlatformPanicAction -> AppleS5L8960XWatchDogTimer
IOPlatformPanicAction -> AppleT8010MemCacheController
IOPlatformPanicAction -> RTBuddy
IOPlatformPanicAction -> RTBuddy
IOPlatformPanicAction -> RTBuddy
panic(cpu 0 caller 0xfffffff014bd89c0): unexpected SIGKILL of init  with reason -- namespace 9 code 0x1 description none```
![intjstage](https://cdn.discordapp.com/emojis/1082143327765409842.webp?size=128 "intjstage")

oh so you're not against it

why are you against having 3 girlfriends

Honestly the fact more isn’t broken is solid, support was added in like under a couple days

doesn't seem caused by taurine

and nonce was almost always broken too

never doubt our god cs

Yeah I didn’t post it out of disappointment, actually a lil impressed

is there a proper way to programatically edit tweak prefs plist

What.?

Like just edit a plist? With code?

yeah

thats what programatically means

You just load plist and modify

Find it’s path and load

Then just change and save

the sudo thing is probably some weird upgrade path stuff i’m sure that bootstrap is ancient

https://tenor.com/view/mcdonalds-grimace-dancing-dance-dance-off-gif-16706381

me when capt gives helpful advice

forgot how cursed objc is when it's not decompiled

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

you have a dirty mind

i prefer objc_msgSend

you can use objc like how ida shows it

yeah obviously

it just isn't recommended

@grave sparrow
so

- (void)setPreferenceValue:(id)value specifier:(PSSpecifier *)specifier {
    if (![specifier propertyForKey:@"key"]) return;
    if ([specifier propertyForKey:@"defaults"]) [super setPreferenceValue:value specifier:specifier];
    // ...
}
``` would become:
```OBJC
- (void)setPreferenceValue:(id)value specifier:(PSSpecifier *)specifier {
    if (![specifier propertyForKey:@"key"]) return;
    if ([specifier propertyForKey:@"defaults"]) {
        NSUserDefaults *defaults = [[NSUserDefaults alloc] initWithSuiteName:@"com.yourcompany.tweak"];
        [defaults setObject:value forKey:[specifier propertyForKey:@"key"]];
        [defaults synchronize];
    }
    // ...
}

?

the class the method is in is inheriting from PSListController

and

[self setPreferenceValue:self.dictionary specifier:[self specifier]];

would become

NSUserDefaults *defaults = [[NSUserDefaults alloc] initWithSuiteName:@"com.yourcompany.tweak"];
[defaults setObject:self.dictionary forKey:[[self specifier] propertyForKey:@"key"]];
[defaults synchronize];

? (this class inherits from PSViewController

Fiore in the nicest way possible, I thought you knew how to do plist shit? Not calling you a bad dev, you are miles past me

I legit learned a lot from your GitHub, especially that one disvord tweak that hooked network

its 5 lines 😭

i do (somewhat) , im updating an old tweak for newer a newer version + rootless, so need to figure out how to keep the same functionality, yk

I KNOW

BUT ITS A DAMN GOOD 5 LINES

It has comparative string

And easy on how to hook

Bro my tiny ass head forgot about rootless

I don’t know how to do rootless prefs

its such a small tweak github thinks is more makefile then logos lol

I’m lost that makes a lot more sense

Yep real

barely anyone does plist stuff anymore lets be honest

Fair

@indigo peak btw when doing file paths include rootless.h and use ROOT_PATH_NS() for file paths

@pine holly

%hook NSURL
+(id)URLWithString:(NSString*)arg1 { return [arg1 containsString:@"discord.com"] && [arg1 hasSuffix:@"/typing"] ? NULL : %orig; }
%end

there, 3 lines

That shit has never worked for me

Serious skill issue but still

Bro I know but it’s still good

ty

It helped me ok 😭

i swear this was the fastest tweak i ever made, i think it worked on the first build tbh

Makes it easier to compile between rootless and rootful

mhm

That macro will automatically put /var/jb at the beginning if compiling for rootless

https://github.com/donato-fiore/Suffisso
this was legit just me disassembling i use **ch btw and adding a pref page LOL

hooray

copilot to the rescue!

lol

i dont think i even communicated with you when i made that tweak tbh

wat

Capt can u do me a favor

i def didnt see it
i swear to god

pov i got themeing working for enmity

Lmfao

yeah i remember you made a read all button as well

or at least started to

Capt give me a realistic price on typecentury source code

he's true ^

development

This dude wrote definition and then edited it down to def

Average python dev

async def

never lmao

no i get stuck halfway

but the exploit itself works, physpuppet

I also got this error. Is it caused by jailbreakd?

Jailbreak failed but when I go into apps it detects jailbreak. So I had to Restore RootFS

The issue is cause arm64e isn’t supported yet. Just wait a lil, we can’t do much besides wait

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

fr

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

Ayo if I were to make a tweak to count number of respring what’s safest method of “hooking” a respring. Initially I thought about fuckung with the command itself but that’s not safe

count how many times the app loads or hook launchd or sum

Wait you are right, I could just Ctor mf Springboard

yeah i guess

STOP THE CAR

shorty giving bomb head finna call it sloppenheimer

shorty giving bomb head finna call her fiore’s mother

😭

Nebula's pronouns are she/her and she is also a furry but she loves denying it.

ok

Is nebula Fr a woman. Legit can’t get an answer out of he/she/them

@native dune

any pronouns I don't care

BUT WHAT ARE YOU

isk

idk

THATS THE QUESTION

BROOOOOOOOOO

I’m filtering through the Twitter

I’m figuring this out

Key words, balls, dick,

Uhh uhh dudes

Idk

balls dick

bro going cia mode

Born December 29th

Done

Gone

I win

ok

Dead ass I found your state on accident in your Twitter before your gender

That’s wild

Prolly not accurate

I be waiting to see what opa says

I don’t know the topic but I’m interested asf

What you need to do is statically patch launchd in a way where it instead of spawning amfid, it spawns a statically patched CordTrust signed amfid stub instead I think.

Why not create 2 launchd’s. One would be your modified to spawn statically patched... the other functions as normal. You would at least be able to retain its original functions

what

what's the point of having 2

double the launching

One to spawn patched CT signed amfi stub

🤷‍♂️

I just work here

you can't just switch between them though really

Yeah I guess

By “I guess” I mean I realize what I said didn’t make much sense

Holy shit you tweet a lot

chronically online lifestyle

^^^^^^

I love saying that shit 😭

I give up you win

I have arm64e iOS 14.5, but idk if that helps

How do i only detect loaded libs that are codesigned?

well the codesigned ones probably have a code signature attached

Whats that

you should probably pick an easier project

Ok so its just a signature to see if its been modified by anyone else than creator?

The issue seems to be on 14.4 and above sadly

i just realised Dimentio finds kernproc can't I just copy paste that and hardcode it in

0xFFFFFFF0034A9380

ok gonna try

that's not a valid address

yes i just realised

i changed it

0xFFFFFFF0220D8A20

idk where i got the 1st one from

that's still not valid mate

💀

bye

look it up on ida before pasting it on the code

T rue...

:/

outside of container && !i_can_has_debugger

tried original ents, tried no ents, tried

    <key>com.apple.private.security.no-sandbox</key>
    <true/>
    <key>com.apple.private.security.no-container</key>
    <true/>
    <key>com.apple.private.security.storage.AppDataContainers</key>
    <true/>

ok i guess I can try looking at dimentio's patchfinder and doing what it does manually in the kcache

What did you do

just called posix_spawn in launchd?

signed amfid with ct bypass and just launched a sideloaded app

hm

idk

how do you sign dyld on dopamine?

like, how's it valid

how about

<key>seatbelt-profiles</key>
<array>
    <string>amfid</string>
</array>

it's ad hoc signed via Security.framework and added to trustcache

Either way I don't think amfid will launch regularly because it doesn't have platformization

But I think with patching launchd it might be possible

there is the "unexpected exec of non platform binary" panic but I think that's a userspace panic triggered by launchd

yep it doesn't spawn on boot

only when a sideloaded app launches (maybe some other occasions)

yes, that happens for every platform binary signed by ct

same but... why's it amfid_mod lol

because ldid is stupid

actually that's probably the core reason why it doesn't work

I'm using codesign though

use the original codesign identifier of amfid

when resigning

do I use preserve metadata?

idk

I think so

codesign --force -s - --preserve-metadata=identifier,entitlements,requirements /Users/opa334/Desktop/dyld_patched_resigned

nope :/

Let me try to add the seatbelt-profiles

should this be amfid or com.apple.amfid?

fairly sure just amfid

but don't see why you'd need it if you preserved metadata

codesign --force -s "Worth Doing Badly iPhone OS Application Signing" --preserve-metadata=identifier,requirements --entitlements ents.plist amfid

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.private.security.storage.AppDataContainers</key>
        <true/>
        <key>seatbelt-profiles</key>
        <array>
            <string>amfid</string>
        </array>
    </dict>
</plist>