#development

Yeah but what was it specifically

That’s vague as hell

Yeah a

That’s what I’m saying

average citizen of kirbistan

av1 soon 🙏🙏🙏

Is it bc of the bg here

So I guess zefram is banned

That’s what they say

Well let me tell u something buddy that’s the worst fucking onboarding bg I’ve ever seen in my life.

This is why the tweak got removed

Seems like a made up shit

I don't see how that's a bad reason

Yeah that shit would probably send my grandma into 3 comas

why wouldn’t they just use the native onboarding lol

can't you just change the bg then

Idek

and then it's all good

if it hurts your feelings that’s really no one else’s problem but your own

That’s a bad reason to pull it for good instead of telling me change the background

okay look here on a serious note

when I submitted Antoine

I went through like

Fixed the performance issues @compact swift thanks for your help once again

they're banning it and don't let you resubmit after fixing?

brother you could’ve literally used the native onboarding

Also isn't chariz like the most strict package manager on quality control

yes lol

Yes

No

It's not a package manager

A process of like 10 days back and forth where Adam was telling me like yo change this change that, and that was def for the better

Repository sorry

So imo

Just do what they ask

Dude

They’re correct anyways because why are you applying a blur onto onboarding

I think you're just misinterpreting stuff

That’s like if a pigeon fucked a rat

You wouldn’t be like that’s normal is it

-300 Aaron social credit points

So why they didn’t tell me to fix it re submit?

we got those in nyc

MAN WHO GIVES A FUCK 😭 GO FIX IT

You got everything in nyc

we have the worlds largest rats

Rudy Giuliani

oh yeah he’s up there next to gunna

Lmfao

Yeah well so why did they refund all purchases?

why don’t you ask him buddy

Something’s off. I’m not stupid, that’s not the real reason. Like they told me to fix X Y Z before release they could’ve told me we are pulling it off until you fix things

But they refunded all the purchases

real interactions in the wild

so you think there’s a conspiracy against you despite the fact that person is losing money

Maybe, so just say it

I prefer the truth

it sounds like you’re inventing your own right now

Who u voting for in 2024

Saying ‘this page is eye sore’… bah

It is

Jill Stein, not genocide Joe certainly

No. I’m not stupid to believe them

There’s a difference

So what’s ur theory

there’s a conspiracy against you where the guy who is conspiring against you lost money

makes sense

lmaooo

Maybe

do you want me to do it for you

I’ll take this over a fucking lame shit lie

@shy veldt ok so basically three things happened:

• package was pushed when it was supposed to have been rejected
• people bought it
• Chariz refunded a package that should've been rejected because why wouldn't they

ouch

You don’t think this is an eyesore?

what the hell is with that icon lol

and the spacing

Idk should’ve been rejected just for that

Maybe they didn't see the change log right away

They need a system onboarding class in UIKit man

ArabBarX

That’s fine with me I don’t care, but the thing all seems fishy

Package was rejected after they told me to fix 5 things before the release

So you want to tell me they didn’t checked it?

Sure

more may have been found after that

bro does NOT know about the r/jailbreak caste system 😭

What was the tweak’s name

That was before the release

So to say they didn’t throughly checked it, I doubt it

something getting missed =! it wasn't thoroughly checked

I've thoroughly checked stuff and still missed other stuff before

It’s a UIMenu hook

Buddy just change the onboarding screen

This is not the whole tweak

This is a very tiny part of what it can do

But that’s not the point again

And again, I don’t care they took the tweak off their repo

I care about the communication and lack of response

they care that everybody got refunded let's be real

@lime pivot @restive ether is it moral if I keep Antoine oss and everything but make it 0.99 on chariz

dude, you got told why it got rejected

I don't think that's a "lack of communication" or "lack of response"

You want to see the whole mails?

I think that's more of a "I can't comprehend people making mistakes and accidentally pushing stuff"

But is it moral

I mean it's not immoral

Ok bet

take that as you will

Look

Nvm

I’m not arguing

It’s fine

We just have different opinions about this case

I mean imo it seems open and shut to me, but you do you

And again the main problem is that I can’t re submit and fix it

That’s my main problem

Quality standard means?

Give me an actual reason

No. That’s not an answer

Give me a specific problem

@shy veldt I would encourage you to read this sometime https://docs.chariz.com/policies/seller-guidelines.html

No?

They didn’t

they did, you fixed the ones they shared, then they accidentally pushed the tweak without looking further into it, then they looked further into it, noticed it didn't meet the quality standards, and pulled it

that's the complete timeline of events

end of story

Yeah, so how come I can’t fix it re submit? Not sure why.

they gave the reason when they rejected the package after accidentally approving it

So tweak don’t have bugs? That’s again, complete bullshit.

That’s a fix I can do in 2 min

there's a difference between bugs and tweaks not meeting quality standards

Quality standards = changelog page with grey label on black background?

https://x.com/xvonfers/status/1734978834909266002?s=20

Maybe submit to the App Store. You might have better luck there

That’s good, but it did

here's the entire thing you said

It wasn't just the changelog

They are both the same just different views

again, it was an accident it got pushed

But yeah I get that

I don’t mind it was pulled off again. The whole thing is vague that’s all

I don't see how it's vague, they gave you reasons why it's been rejected every single time

I take the L it doesn’t bother me. I just have a gut feeling that’s not the real reason

the only difference here is that it accidentally got approved before being rejected

it doesn’t bother me
keeps denying the truth and malds in rjb

They didn’t, again. I can show you the mails. No one said it was mistakenly pushed

So how do you assume this?

in the fucking Chariz discord

I’m not there

That’s fine now

Now that I know that is was a mistake it’s all fine

I don't know why a seller of a repository is not in the discord of the repository but whatever

what was the new tweak

3DGlassierTouch

also what are you talking about

Whitenames are not known for their intelligence

Didn’t know I was there actually

Anyway. They didn’t told me it was mistakenly pushed in the mail

Now we can all go to sleep with a smile

Thank you MasterMike for solving this case

what

what

whar

I don't know why either

at the very least imo complain in the right discord

in other news, i have created something awful. instead of using i, j, and k for nested for loops
i am using index, jndex, and kndex

what was the tweak that was pulled

It’s mentioned above

3DGlassierTouch

Something something yeah that

or something like that

i saw it and didnt think it was worth the money but it looked cool

jndex my code

please at least use idx

jdx

kdx

no

ind?

index

jndex

kndex

i say them "j index" and "k index" in my head

not jin dex and Kin decks?

nope

what comes after kndex then

lndex

Index

why the fuck would you nest more than

three

????

nest?

nest thermostat??

if i got for loops next to each other i just use index again

why

why not x y and x

single letters are annoying to keep track of

just do i1, i2, i3..

i do not use numbers in my variables

anyone who does has issues

how's index and jindex whatever better

jeez nut....

i(ndex)
j(ndex)
k(ndex)

I prefer reverse indentation

    for (int i = 0; i < 10; ++i) {
// Perform operations.
call_function();
call_other_function(i);
    }

im declaring you mentally unfit to take care of yourself

aka the man that copy pasted from stackoverflow and doesn't know how to highlight and press the tab key

fuck a for loop, just ctrl c+v

what

Ctrl C+V 🤢

yy p 😇

"+p

the code edits itself at runtime

https://x.com/lavochka04/status/1735020306392051981?s=46 🤔

how is that any different from what we already have

So many clones coming out these days

Like come on at least bring something new to the table

totally fine as a business model

make it 1.99

all my homies happily pay one time fees for well written software

@shy veldt I read through the entire conversation here, I guess my question is why do you feel we had an ulterior motive? I’m incredibly sorry for the error on our part, but you’re trying to read into something where there is nothing else to be said. the team decided it isn’t up to our standards at this point in time, and that’s all it is

ouch

based business model

the nintendo switch emulator yuzu does this

so does redhat

capitalists don’t believe in giving out trade secrets liberal

i would never look at the business model as anything other than a donation of sorts

That’s fine, that was not the impression I was getting from iAdmin

The whole thing seemed shady

I bet you can understand my point of view

not really lol, businesses exist to make money. they lost money by doing this

this was a team decision, you will have communicated with him but we decide on whether to approve or reject packages as a team

who gains out that

Again, the explanation I was given was extremely vague

The ‘quality standard’ is kind of weird when you approve a package then 2 days after pull it with the explanation of ‘the settings page is eye sore’

Without taking to me first because again before the release you tested the tweak and I know it because I had to make fixes

Probably it is one big misunderstanding on both part but eventually your communication was extremely poor

I get you, I’m sorry. I haven’t reviewed the email thread yet but I’ll make sure we can improve as a team on what went wrong

Yes

Compile it if you can’t/don’t want to pay for it, buy it to support the dev and get auto updates

fr what i was gonna say

That’s fine

Again i get it if it’s not there yet (my tweak) and it’s fine

Just make sure to communicate more

I guess the way I would explain it is that we can tell when a package feels “off”, like unfinished. and would take many iterations with us back and forth to get it to a point that it’s ready. the issue is that we aren’t really there to be testing something that’s unfinished, we’re just the final sanity check in case you missed something, if that makes sense

The package shouldn’t have been accepted in the first place then

Because people bought it and used it

right. and that’s the error we’re talking about

that was a miscommunication in the team

also buy it for support in general

honestly

just buy rune

TRUE

imagine not owning rune and nexus

imagine not OWNING rune and nexus

imagine cracking rune and nexus

👎

TRUE

ida dies

imagine not edging to rune and nexus

?

i mean

fair.

but

?

imagine not just using an iOS device on iOS 5

I don’t have rune cuz I’m broke

i have nexus

Told icraze to gift it if he hates furries but he never gifted it

fr

he must love furries

@hasty ruin when eta zsign shenanigans

Oh yeah

What’s you need again?

The flags?

yea

Ight gimme a min

genuinely cannot get it to sign a valid binary

icraze hates blacks and jews

zsign -k "/path/to/p12" -m "/path/to/mobileprovision" -p "cert pass" -z 9 -o "./appname-resigned.ipa" "/path/to/appname.ipa" -b "com.randomised.bundleid" -n "appname - jailbreaks.app"

@timid furnace

oh

btw can one of you ping me in the priv thread please

Processing test/data/Undecimus-v3.8.0.b1.ipa
>>> Unzip:      /Users/dhinak/Downloads/zsign/test/data/Undecimus-v3.8.0.b1.ipa (32.96 MB) -> /tmp/zsign_folder_1702519891069719 ... 
>>> Unzip OK! (0.216s, 215828us)
>>> BundleId:   science.xnu.undecimus -> com.randomised.bundleid
>>> BundleName: unc0ver -> appname - jailbreaks.app
>>> Signing:    /tmp/zsign_folder_1702519891069719/Payload/Undecimus.app ...
>>> AppName:    appname - jailbreaks.app
>>> BundleId:   com.randomised.bundleid
>>> BundleVer:  1
>>> TeamId:     W94WHMS6HF
>>> SubjectCN:  iPhone Distribution: Henan Provincial Communications Planning Survey & Design Institute Co.,Ltd.
>>> ReadCache:  NO
>>> SignFolder: Undecimus.app, (Undecimus)
>>> No Enough CodeSignature Space. Length => Now: 12032, Need: 18655
>>> Realloc CodeSignature Space... 
>>> Success!
>>> Signed OK! (0.046s, 46095us)
>>> Archiving:  /Users/dhinak/Downloads/zsign/test/output/Undecimus-v3.8.0.b1.ipa ... 
>>> Archive OK! (32.98 MB) (0.965s, 964679us)
>>> Done. (1.240s, 1239567us)

    test/output/unzipped/Payload/Undecimus.app/Undecimus: invalid signature (code or signature have been modified)
    In architecture: arm64e

./zsign -k "$P12_PATH" -m "$PROVISIONING_PROFILE_PATH" -p "$PASSWORD" -z 9 -o  "$OUTPUT_PATH/$(basename "$file")" "$file" -b "com.randomised.bundleid" -n "appname - jailbreaks.app"

why wont it work

ah yes I love unmodifed placeholders

i mean

i didn't have to replace it, so why not

this was my original anyway

https://tenor.com/view/learn-learning-javascript-learns-javascript-stupid-generator-programming-gif-26843752

https://tenor.com/view/learn-learning-javascript-learns-javascript-stupid-generator-programming-gif-26843752

https://tenor.com/view/sad-cement-seal-java-programming-gif-24524699

f

@grave sparrow gm can you explain how __TEXT,__stubs and __DATA,__la_symbol_ptr are related

@grave sparrow gm can you explain how __TEXT,__stubs and __DATA,__la_symbol_ptr are related

how do i get dylib from deb file

how do you not know what a deb is

i got

how do i fix crash on launch for ipa

do i have to inject substrate if yes how do i do it through azula mobile

sandbox_init is in __la_symbol_ptr

which i think means that im fucked

mdc

kill sandbox_init

iOS

the tccd bypass

yea i know

this is for a sandbox extension

or smth idk how exactly this works but it works

anyways

the way zhuowei did it on 15+ was to edit __got and change the bind to a rebase pointing to a function returning 0

however this was with chained fixups

no chained fixups on 14

wtf you mean i cant just handwrite _start and bypass the sandbox?

instead we have lc_dyld_info_only

which is in linkedit

truly shocking apple would do such a thing

which afaik i cant modify

yea but does lc_dyld_info_only make dyld touch __la_symbol_ptr

i can overwrite __la_symbol_ptr but not lc_dyld_info_only

the lazy binding info

i cant theres no tweak injection

i can only edit the pages in the page cache

i can

but afaik only data pages

dyld-o

yea :/

The trick is that while using the bug to write to binary text segments or the shared cache won't work (wait for the blogpost to learn why!); writing to the data segments of binaries (not the shared cache) does work 😉

from ian beer

to date no blog post

there are still processes that do this on iOS

gm

For anyone who know what they are doing, will this new method of tweaks fix spinlocks ? And will iOS 15> get the new like tweak injection stuff ?

no downloads for Antoine in North Korea 👎 gamers can we get ONE download for Antoine in North Korea

kim jong cracks

I’d be surprised if chariz.com is even accessible from there

yipeee welcome back again @slender glade

Hello

I think you asked me abt Santander downloads bc they expired

The answer is that there’s a repo called like santanderrootless by someone else

I already got it

f1shy forked it and used GH actions

bet

Santander is cool but I just wish it wouldn't lag when I search for something

and searching inside folders doesn't work if you just search for names

what browser would i use on windows xp

also does discord run on it

i think i could run minecraft

Unfortunately I very hastily made the search feature

does anyone know how to extract a framework from iOS 17.0's dyld_shared_cache?

See blacktop/ipsw on gh

it's what I used to read the dyld cache from the ipsw, I thought it couldn't extract a single framework but I'll take a closer look

thanks

where can i find the code for checkm8

some ancient version of firefox

https://github.com/0x7ff/gaster
c implementation
!!!

new people spawned in

lacking all the information known since 2019

“Checkm8 GitHub”

crazy google search

I forgot about that user

it annoys me that swift doesnt have pointers

don’t use swift then jackass

Hopefully you will now make the switch to a good language.

i am already using objc in my current project

Good

Hows ur friend

huh

The one who violates licenses

Forgot his name

who

source

sourcelocation yeah that was his name

i dont talk to him

i thought yall was bros

how do i remove a tap gesture from something?

-[UIView removeGestureRecognizer:]

whats the name of the tap gesture

wait nvm

like this?

for (UIGestureRecognizer *recognizer in self.view.gestureRecognizers) {
    if ([gestureRecognizer isKindOfClass:[UITapGestureRecognizer class]]) {
        [self.view removeGestureRecognizer:recognizer];
    }
}```

indeed

property view cannot be found in the class

what are you hooking

initWithFrame

self instead of self.view

still doesnt work

whats the error now

"receiver type 'SBIconView' for instance message is a forward declaration"

did you interface it

@interface SBIconView : UIView
@end

"error: %orig does not make sense outside a method"

??

how can i decompile a deb

it does tho

where did you put the interface

do i put it inside or outside the hook?

outside

do i need to declare selectors?

mfw made my own swift library to add * pointer (de)referencing to make it bearable to use

make sure dpkg is installed

dpkg-deb -R path/to/deb path/to/some_directory

then you'll go to /path/to/some_directory, then go to the Library/MobileSubstrate/DynamicLibraries
you'll find the .dylib of the tweak there

then you can use a disassembler such as IDA or Hopper to check what is happening inside of the binary

it says properties arent found in the class

send the full error

take a screenshot or something

theres a lot of them

ok yes you need to declare properties/selectors that you want to use

oh wait it needs an interface for UIView too

@import UIKit;

at the top

thank u

linker error now bruh

send

send what

the error

\

yea idk

ae

do i need to link something for uikit?

dont think so

ill reinstall theos ig

nope still linker error

I fucking hate qemu

idk what its complaining about

how to fix

what about

make THEOS_PACKAGE_SCHEME=rootless MESSAGES=1

Merhaba

Yardım alabilirmiyim acaba

Havoc uygulamasından carbridge satın aldım ama kuramıyorum

Ermeniyim bu yüzden tercüman kullanıyorum. Bu muhtemelen bu kanal yerine #jailbreak'de sorulacak daha iyi bir sorudur. Telefonunuz hangi iOS'ta ve hangi telefonu kullanıyorsunuz?

iOS 15.7.3

ve hangi telefonu kullanıyorsunuz? iPhone7 mi? iPhone8 mi?

iPhone 6s

https://ios.cfw.guide/installing-palera1n

god i hate linker errors

Telefonunuzu jailbreak yapmak ve CarBridge'i kullanmak için bu kılavuzu kullanın

Bilgisayarsız yapabilirmiyim

hayır

Tamam teşekkürler

mfw kwrite crashes

i cant even compile my older tweak

did you update theos

yes

i did

did you update theos today

yes

at like 8:30

cat the substrate tbd that it mentions

what about it

its there and it has the archs

what is the platform

wdym

ios

there were updates to theos to fix platform issues

why does it think it's for sim then

which arches

both arm64 and arm64e

all of them

are those the only two in the tbd?

no

armv7, armv7s, arm64, arm64e, i386, x86_64

you did not update theos

i did

i just now ran update theos and it says already up to date

man

cd $THEOS/vendor/lib

git rev-parse HEAD

113e0cd132df53649a6bbee2572b2d39fd2beaa1

yea not latest

???

git checkout origin/master

it should be on 3d7033b3c54e074f3da409771475f16dfefb046b after that

that was the issue

yea it happened to me too

a deb doesnt get made tho

what's the error now

no error

theres just no deb in the packages directory

are you still doing this

not the message

im doing the make rootless

add package

ie. make package THEOS_PACKAGE_SCHEME=rootless, or you can put package after, doesn't matter

oopsie

it sent me into safe mode

well that definitely didnt work

i think the function im hooking onto gets called too early

try didMoveToWindow instead

i only need to call it once tho

%hook SBIconView

- (void)didMoveToWindow {
    %orig;

    if (self.gestureRecognizers.count == 0) return;

    for (UIGestureRecognizer *recognizer in self.gestureRecognizers) {
        if ([gestureRecognizer isKindOfClass:[UITapGestureRecognizer class]]) {
            [self removeGestureRecognizer:recognizer];
        }
    }
}

%end

but there will be multiple recognizers

wdym

thats not the main thing im trying to get

oh well

idk then

sorry lol

i got it

the gessture recognizer code sends me into safe mode

how do i have a property thats not defined?

like SBFolderIcon *folderIcon

are you making a BlankIcons clone

yes

because blank icons needs oldabi

try hooking _handleTap or performTap

definitely is a better way than removing the recognisers

i need to actually make it hidden first

its hiding regular icons tho

%hook SBIconView

- (void)_handleTap { }
- (void)performTap { }

- (void)setApplicationBundleIdentifierForShortcuts:(NSString *)bundleID {
    if (bundleID == nil) [self setHidden:YES];
    
    %orig;
}

%end

try that(?)

nope

i mean the click works

but hiding doesnt

ok then what if

i need to fix tapping for real icons but i can do that myself

wait

ik how

- (void)didMoveToWindow {
    if (self.applicationBundleIdentifierForShortcuts == nil || self.applicationBundleIdentifierForShortcuts.length == 0) {
        self.hidden = YES;
    }

    %orig;
}

i think that might hide folders

try it

it does

wait

thats exactly what i was doing before

-(BOOL)isFolderIcon exists

is there a way to get the webclip url?

no visible @interface for 'SBIconView' declares the selector 'isFolderIcon'

wait

i just gotta add it to the itnerface

they come back when u go to another page

try this

i was just gonna hook onto the set hidden function

- (void)setHidden:(BOOL)isHidden {
    if (self.applicationBundleIdentifierForShortcuts == nil || self.applicationBundleIdentifierForShortcuts.length == 0) {
        %orig(YES);
    } else {
        %orig;
    }
}

or

yeah

thats literally what i just wrote lol

lmfaoooo

uh

that hides regular icons

uh right since thats getting called early

I guess you could use layoutSubviews

https://cdn.discordapp.com/emojis/1049200696228057118.webp?size=48&name=cringe~2&quality=lossless

what if i just remove the image

hecking egg it gets added back wtf

how do u add custom properties to objects?

this did not work either

L

https://theos.dev/docs/logos-syntax

Does anyone have the com.apple.terminal ipa?

why though

Testing purposes

it sends me into safe mode

yes I do

why

Can I dm you

no

Alright can you dm me

no

Why would you say yes and then say no

i said i have it

which i do

Just looking to test it

having it and sharing it are different

Ah ok

however it's not hard to find

Does anyone have the com.apple.terminal ipa AND willing to share it?

not at all

there is no need to check dms

Sadly I can’t find it on the iPhone wiki or the apple wiki

@interface ClassName
@property (property_attributes) SomeClass *newProperty;
@end

%hook ClassName
%property (property_attributes) SomeClass *newProperty;

- (void)someMethod {
  self.newProperty = someInstance;
  %orig;
}

%end

I’m looking at apple internal apps

yeah they wont have links

they'll have info - a good chunk of which i contributed - but no links

I’m just confused why it’s not even listed

I get the no links

But not even listed?

Hm

Hmmmm

i am getting linker error for SBBookmarkIcon

screenshot code/error

where are you using it in your .x file

top of it

below the import statements

wait

ok

im using it at the bottom

inside a function

send a screenshot of the method you're using it in

ah thats why

instead of doing [SBBookmarkIcon class] do %c(SBBookmarkIcon)

also this is SBBookmarkIcon not SBHBookmarkIcon fyi

yes

ong

its so close

lol

btw please prefix your names when using %new / %property

how

to avoid conflicts or confusing devs

cough cough

man

im so close

isInvisIcon -> prefix_isInvisIcon

but its still hiding user icons

add prefix before it?

ya

That’s how prefixes work yes

https://tenor.com/view/231-gif-25095509

how about you develop some bitches

is this a good way to structure an NSArray <NSDictionary *> * for a rootless patcher to store references to the old strings and the new ones

i cant think of the best way to store it as one structure

hm

"offset" being the offset (distance) between the original string and the patched one in the __PATCH_ROOTLESS,__cstring section?

🤓

you're literally british

shut up

dont listen to capt

💪💪🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿🙏🙏💪💪🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿💪💪🙏🙏🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿💪

store it as an array of zefram memes

so true

I already have two separate funcs to just print the strings

now as to how to combine them

ig

I have been saying his dev role needs to be removed and him banned from this channel

Brother I don’t live in LA

I would’ve killed myself already If I did

why is it hiding apps that arent webclips

i dont get why it doesnt work

am i going crazy why does your weather say tomato soup

doge

@granite frigate hey you work with kfd right

ummm why

ive been messing with it for the past couple hours and i was just wondering if anyone tried adding entitlements with it

what ents

to do what

get-task-allow

like

can you set that on springboard

or do i have the wrong idea

how do i bundle files into a deb

like

without prefs

add a plist for

loadSpecifiersFromPlistName:

with a layout folder, no?

no

its been pretty interesting poking around, thanks

I'm back

Only cause I need to torture capt with fun codesign bs

@grave sparrow can you figure out how codesign decides what CodeDirectory version to use?

for some reason when signing this ppc binary, codesign uses v=20100 but for arm and intel it uses v=20400

20100 = scatter
20400 = execseg

cuz ppc old

but how does it know??

how does codesign know that a ppc binary needs to use 0x20100?

yes

how does codesign decide what CD version to use?

holy shit he’s back

where is the dsc on macOS??

not at /System/Library/dyld/dyld_shared_cache_arm64e anymore?

found it

i hate cryptexes

I graduated so I have nothing better to do

my guess is hardcoded for ppc as it has no use for anything past version 2.1 as it's max os version is still 10.5 (10.6?), but idk just a guess

at least until green fees go down

intel/arm likely just does the newest

not quite

congrats on finishing jr high

🙏🙏🙏

the newest is 20600 which has linkage stuff and encryption stuff

college actually

nice

newest if needed ig, if options arent set to sign with that stuff, no reason to use that version ig

can you send the binaries

it's got like a hundred slices

are they all the same code

bro got the infinity stones of macho slices

they say "Hello from <arch name>" I think

Nick Chan gave this to me

cause ldid was segfaulting when trying to sign it

got all that fixed, now just trying to get ldid to mimic codesign behavior

@ocean raptor if LC_BUILD_VERSION is present and the platform field in it != 0 it will enable execseg

https://tenor.com/view/learn-learning-javascript-learns-javascript-stupid-generator-programming-gif-26843752

else if the area to sign exceeds UINT32_MAX 20300
else if a team ID is required 20200
otherwise 20100

behavior controlling 20500 is more complicated and idk about 20600

20500 is preencrypt stuff

so weird

where'd you get all this info?

security src

mostly cdbuilder.cpp

man

I was just looking there

what do we know about execseg btw? I assume it contains info about the only part of the file that is allowed to be mapped executable?

Is this also enforced to the point where you only get exec flags if you map in the entire area as opposed to just some part of it?

Questions and questions…

I have an answer for you

give me one sec to find it again

execSegBase points to the segment that is marked as executable in the initprot of the segment_command, execSegLimit is the size

so usually it'll point to __TEXT_EXEC

or __TEXT

execSegFlags marks if it's a main binary, and some other flags based off of the entitlements https://github.com/apple-oss-distributions/Security/blob/main/OSX/libsecurity_codesigning/lib/CSCommonPriv.h#L96-L106

I'm not sure it's actually enforced anywhere tbh

I don't see anything in apple-oss-distrib at least

Good morning, but to your knowledge is there any way to run unsigned binaries on ios16 arm64e? Or is there nothing usable yet?

unsigned or fake-signed

Yes exactly. Because I saw kfd. That from r/w kernel but without a ppl by-pass you can't make a binary run with an invalid signature. And looking around I didn't find much

Someone test pls

https://github.com/ProcursusTeam/ldid/commit/6c7f767eb2e127123f38bfd68097a64a03deb66e

Bet bbg

But this is for signing with a fake signature. But even after doing this you won't be able to start this binary because of core trust and amfid

I am not talking to you

A ok sorry 👍

If we had a way to run unsigned binaries it would make code-signing completely useless

Apple won’t just knowingly leave a way to do that in iOS

I know this. In fact I was asking if by any chance publicly there is any ppl by-pass for iOS 16.

No

Not that don’t also require a PAC bypass

@ocean raptor surely update yt-dlp

Proc version is currently kil

club penguin is kil

no

I know that iOS 15 is very picky about mapping stuff as executable (as in if you don't use the exact segment bounds, you do not get executable permission) and I'm wondering whether this is what controls that

So if this is what enforces it, I guess you can not have multiple code segments in one library

☹️

As of today Antoine is 1.50$ 🙂

If anyone needs a code then

HKDJCVGW4MK3WT6MGFW7

a job

no

im doing ap bio

no time for anything

all I need honestly is a 3/5

nah it’s cause you ain’t no citizen admit it

too little time in a day for both ap studies and a job

gm

I have 0 motivation to touch procursus

Anybody know what springboard exactly does to spawn a binary from an app

Doesn't runningboardd tell launchd to spawn it at path

open a pr smh

RBProcessManager (RunningBoard.framework) has this method
- (id)executeLaunchRequest:(RBSLaunchRequest *)launchRequest withError:(NSError **)errorOut
usual communications with runningboard are encoded XPC
all the xpc headers are in RunningBoardServices.framework and so is RBSLaunchRequest.h

will the future updates be OSS

all will be

i'm not abt that "partially oss" bs

it's 100% oss but paid on chariz

get that bag

🔥

🔥

🔥

🔥

Thanks

Does telling runningboardd to do it require an entitlement

Anyways:
Springboard reads info.plist
Tells runningboard to execute binary from there

Right

Like

Is it possible to communicate with runningboardd inside an app sandbox

I was able to access its xpc so

Would there even be a benefit to doing so

I have an idea if it lets you

Like make xpc calls to it like springboard would

Yes but this most likely won’t circumvent the userland checks done on an app

If you’re talking install method

I might know what i could do

Ill check some stuff when I get home

can somebody diff 15.7.9 and 15.8 by chance?

what apple fuck up this time

that's puaf_smith's CVE

ios 12.4 moment?

and in 15.8 that's its only patch

no because we know it doesn't work as-is

you end up with:

[smith_run:err]: assertion failed: (vm_copy(mach_task_self(), smith->vme[2].address, (0ull - smith->vme[2].address - 1), 0) == KERN_PROTECTION_FAILURE)

@sonic totem to answer your question in Hack Different, somebody did try it and got this

so the question is, what changed between 15.7.9 and 15.8

Ah okay

Very odd

Maybe it didn’t patch the original kernel r/w strategy used in kfd or something

Like, they patched the bridge between the vulnerability and the exploitation strategy or something

I figured it out myself

https://github.com/ProcursusTeam/ldid/commit/6c7f767eb2e127123f38bfd68097a64a03deb66e

@grave sparrow @primal perch

gameseagull prefs inside sideloaded gamepigeon

Is this latest game pigeon

yes

Cause some of the cheats broke in latest

Like one shot cup pong

?

mine works

im 99% sure thats latest

I swear cup pong one shot broke in latest game pigeon lol

Maybe im wrong

im 99% sure it the latest

ok

@visual meadow yeah it is, and cuppong still works

how is rest of progress on the app

wdym

The tweak i meant

For game pigeon cheating

lol

oh everything works

except for extend lines

bc that requires mshookmemory

Doesnt that need hit

Jit

yeah

I know how to do jit

i dont

If you send me an ipa I can try it when i get home

In dms

You have extend lines implemented right

n

Put it back in

i took the whole implementation out

Put it back in and send me ipa of it

Yes you can

I know how

show us nathan

I'm not home

Ill be home in

2 hour

Its jit brother

You will see

Is it DDI + debugserver

No

Is it TrollStore

Ye its trollstore

🔥💯

TrollStore #1 epic method frfr

Does trollstore with entitlements count

i’m fine with that bet

Yes it is

Its still jit

how about you publish zefram source instead

no it’s not true jit lol

there’s multiple forms of jit

I mean technically they removed the dynamic-codesigning trustcache check in iOS 17

What if you have an SRD

Technically a “”stock”” SRD

inb4 some apple engineer pulls up and get the token leaked

What if you have jtag

someone make a nonce setter rq

on it

🙏

trollpynonceset170 coming soon

why does xcode have a print feature

I accidentally triggered it

sometimes you just gotta study that code like a book fr

so true

Maybe it’s used for like classes where the teacher wants a printed out version for whatever reason

me tryna figure out tf wrong with my code on some paper

lets be honest for a class they wouldnt be using xcode, they would be using some ide that hasnt been updated since 2002 with java

^

BlueJ best Java ide frfr

Xcode hasn’t had a good update in pretty much the same time to be fair

real

Xcode makes me question my sanity

Everyone always says Xcode, but they never ask “how code”

well said

I have a manpage printed out

of course you do

that’s next level dedication

everyone says Xcode, but no one asks Ycode

SO true

What about safari. It's using jit on the js, isn't it?

Can’t you jit if debugserver is attached to the app?

real

titles dont work

lmao

graphic design is my passion

real

idk how to get the title to show up

or how to change the color of the switches

but

lowkey

that dont matter

someone give me an encrypted ipa pls

or just an encrypted app store binary

with the signature from the app store

Hold on a sec

thanks

this is also gta tracker

Damn you beat me to it 😅

i had the files lying around from the installd shenanigans lol

thanks bro

What's 'dnr'

do not run

lol

VERSION 0x20500! LETS GO

lmao

What's the diff between 0x20400 and 0x20500

iirc didn't 0x20400 introduce team offset

that was 20100

pre-encrypt

0x20400 is execseg

0x20500 is preencrypt

0x20600 is linkage

nobody has reversed 0x20500 or 0x20600 yet

until NOW

W

I've gotta figure out how to make a binary that doesn't support execseg still

I guess I need a binary with no executable segments??

need to figure out how scatter works too

have fun

Oh I remember seeing that in my CoreTrust adventures

i will be stealing your work for the ldid JS edition

Something along the lines of hashes in different places or something?

I'll do ldid-Swift

ldid-Assembly

honestly we could probably just take ldid and port to webasm

https://ldid.procursus

yeah, I guess but gotta figure out how they are decided and generated

terrible idea

ldid APE binary

true i mean ldid codebase is cursed anyway

//
// The main page hash array can be "scattered" across the code file
// by specifying an array of Scatter elements, terminated with an
// element whose count field is zero.
// The scatter vector is optional; if absent, the hash array covers
// a single contiguous range of pages. CodeDirectory versions below
// supportsScatter never have scatter vectors (they lack the scatterOffset field).
//
struct Scatter {
Endian<uint32_t> count; // number of pages; zero for sentinel (only)
Endian<uint32_t> base; // first page number
Endian<uint64_t> targetOffset; // byte offset in target
Endian<uint64_t> spare; // reserved (must be zero)
};
Scatter *scatterVector() // first scatter vector element (NULL if none)
{ return (version >= supportsScatter && scatterOffset) ? at<Scatter>(scatterOffset) : NULL; }
const Scatter *scatterVector() const
{ return (version >= supportsScatter && scatterOffset) ? at<const Scatter>(scatterOffset) : NULL; }

https://opensource.apple.com/source/Security/Security-55471.14/libsecurity_codesigning/lib/codedirectory.h.auto.html

remember when codesign was open source

pepperidge farm remembers

now it's only partially open source

It was?!

That must've been before I was even aware codesign existed

yea the actual CLI itself used to be open source and then they removed it

but it's mostly a wrapper around SecCodeSigner anyway

#1084320818231787552 message

give them man an award

I had no idea woah

iphone 16 pro plus max

why do i get a linker error "framework not found Preferences" when trying to compile my preference bundle

it is

thats where the linker error is occurring

i see it in my sdk path

Have you got the patched SDK matching your iPhoneOS compiling version?

yes

it doesnt work with the 15.0 sdk or the latest sdk

??

ok idk what i did but i fixed it

what am i doing wrong with this?

the button doesnt do anything

did you debug