Swift.

i understand thanks

fuck lol

i keep segment faulting

Hi guys, does someone know if theres a compiled version of NodeJs for ios ?

The procursus repo show the npm package who requieres nodejs, but node is not in the procursus repo

if anyone knows if this is because of roothide pathing, let me know how to appropriately fix :3

Ive just found it, but its compiled for rootfull only… what do i need to do to compile it for rootless?

No no… i have a problem with my storage rn. I have a 128gb macbook pro… can someone compile rootless nodejs pls ????

if i theoretically replaced springboard with a CoreTrust version of springboard... what would cause it to hang and not launch?

launchd platformization check?

Or is that patched out?

i thought i had platformized everything by giving CS_PLATFORM_BINARY from the csops functions hooks? or is that not the same

No that should be sufficient

Have you checked crash logs and Console.app?

yes

crash logs lead nowhere... and i can't remember what console.app output but i couldn't find anything useful

Looks like we're both having the same skill issue

🔥

Did you have crash logs though?

Yes, i think i need to try a different way

What did they say?

https://www.reddit.com/r/jailbreak/comments/15b9l7n/kfd_works_under_a16_if_you_change_t1sz_boot_offset/

Actually replied this message

this isnt wrong right, i dont get any logs but it has a lot of xrefs in ida

Did you run init

%init in your constructor

thank you! I’m trying now

umm… IOSurface kwrite doesn’t seems to work on ios16.

you should have said that

This is basically why I only target arm64

Well, kread is not correct, even for arm64.
The existing 4-byte read primitive via IOSurface adds the value 4 bytes ahead and outputs it.

💀

I think only kread doesn’t work on iOS16 arm64e, but it not right

Idk is it possible, but I’ll try to use infoleak bug to get krw with few offsets

https://blog.dfsec.com/ios/2023/11/19/thats-far-out-man/

yes i do init

anyone know what the issue with kfd on 16.5.1 is and where it is? trying to make a commit but don't know where to start.

whyyyy

it panicked

well yeah

but why wont the hook work right

Pro tip: look at it on a computer

More readable from console

fuck xcode

doesn't even have a 16.5.1 simulator

i'll need someone else to test

...

what

Were you seriously going to try to run exploit code in the simulator

yes

tf...

it won't work will it

so i need a physical device

alr then

brb

does anyone know why this might be crashing directly at initializaation

have no clue what i'm looking at

i know

but i don't understand the logic

Do you know anything about exploits or darwin or the vulnerability being exploited

not really, trying to start making projects so i get a grasp of things

right now i'm clueless and don't know where to start

What kind of projects

And what do you know already

very very basic C

i was looking at how kfd doesn't work on 16.5.1

but the problem is i don't have a physical device

and i don't know jack shit

what should i start with then

unless you're capt

cuz ur stupid

if ur capt

he knows its true

i'm capt

is that why zefram bootloops

yes

wtf does that mean

Idk making tic tac toe maybe

alr

darwin internals i guess

kernel

wouldnt the *OS internals book be helpful for that

Kernel file descriptor

is there a ebook lying around the web by any chance

no clue

never looked

i'll check

I think that book is giant tho

so

Or job

good luck lol

thanks

Its a popular book so its definitely online

If you only know extremely basic c you should probably learn about pointers and memory

k

First

Yeah make tic tac toe nd shit

ok i have a few books lying around

wait is pointers not considered extremely basic c

No

ok, thanks for the help

Extremely basic c is for loops

variables, constants, for loops, while loops, functions and their signatures, etc

ok but i constantly forget for loops but never forget pointers so is it?

Yes

How do I make a command line tool I only know how to make swiftui apps

If you forget for loops thats a big you problem

pointers are not simple for a significant amount of people

How can i compile nodejs from the procursus repo and make a rootless package ?

How do I click buttons

Im sure the readme tells you how

ios

Swift UI is very button oriented isn't it?

the issue is i have no physical device to test it on

yh i do

The procursus general readme ?

Sure?

Yea but that's on iOS it's different from clicking buttons on macOS y'know

i was talking about testing kfd, i needed a 16.5.1 device but i dont have one

swiftui runs on macos too

anyway i'll just use the jailbroken device i have

I will see, las time didn’t found it

https://docs.procurs.us/

Damn u should’ve let him find it

But they look different so it must be different

https://docs.procurs.us/Installation/macOS.html

How much space procursus use ? Like to build something

I have a 128gb MacBook

Just assume you need like 5gb or something

Ok thanks

Procursus on macos is a blessing

You're basically gonna have to build all the dependencies as well

No way, there arent prebuild binaries ?

anyways in other news i am even closer to getting xcode to work correctly

It's smaller now

2 more days until my bday yall

Only like 10gb if all you need is xcode + iOS

me with my 100gb xcode install

Yes i have it

xcode

no, str_patcher is an example of extermely simple c

what wrong with xcode

Alot

no, str_patcher is an example of a lazy developer who wont fix the code
yes youre right

deleting repo

HEY

NO

but fr fix it tho please asap, im desperate

fine

idk whats wrong 😭

the 10k of 0x0 refs are whats wrong sir

https://tenor.com/view/typescript-script-type-heart-beloved-gif-27005865

https://tenor.com/view/bun-bunjs-bunsh-bun-my-beloved-my-beloved-gif-4024520674953177460

where

uh

ok do i seriously have to run my xcode over a network share

here https://discord.com/channels/@me/1179174930244444291/1191886844669984859

welp guess i literally do

Install Xcode to a ram disk

how do i get the xcode onto that ram disk

Assuming you have like 128gb of ram

Download it

i have an xcode installation already setup how i want it tho

I was talking about the dependencies. I would use the prebuilt one for node if there was one. There isn’t one rootless

But thanks for all, i think i can do it

aaaaaand running it over the network share did a bus error LOL

ok that emoji legitimately made me laugh

good job

not chuckle

laugh

i'll push the changes to RP

nvm just decided to rsync it over and wait 20 years

@radiant idol patcher is fine, it's the finding strings that broken again

ah lovely

well yea i pushed the changes anyway if you wanna use that one to test with the actual deb instead of single dylibs

bet

this is all Rune's fault smh

i am almost done being useless

@radiant idol try push

alright

is there no way to pin github repos on your gh homepage smh

annoying to have to scroll to find it every time

Yes

bookmarks bro

never

I refuse

segfault

nice

how

i dont know

lets see

on ur patcher

or mine

mine

it works now?

what

oh well

macos moment

lets try on device

ok nice

no respring loop

@hasty ruin now give me a rune code

lets see if the actual tweak works

my settings.json is fucked

can't even compile anything

@radiant idol vcam has memory leaks 💀💀

😭

wjat

what

took discords 250 mb of memory down to <90 and then it crashed 💀

lmfao

270mb -> 200mb in like 3 seconds

oh nah 💀

idk how I rewrote the actual vcam portion in swift so I didn’t have to worry about memory management issues

%hook swiftui
-(instancetype)init { return nil; }
%end

how to double your available memory

unpatched ios 15/16

https://tenor.com/view/stunned-wow-omg-lego-batman-lego-batman-movie-gif-7647770

wait is it patched ios 17?

untested

ah ok

@hasty ruin works fine

ofc it does

i made it

lol

https://tenor.com/view/mujikcboro-seriymujik-gif-24361533

troll store compatible?

yes

ok now time to delete

eta rune code

now fix patcher

I gotta figure out licensing for vcam

its fixed

i think

bro needs the code

what other tweaks should I try

🤔

nexus

orion

please no

Orion is still cursed

might work now?

even they havent been able to figure it out

no like

the paths are f'd

yeah its cooked

since it was symlinked then de symlinked then symlinked again idek

bro should just recompile

frfr

its bad

lmfao

////////Xapps/

/var/jb////////Xapps/

that's 8 slashes

😭

I think

it turned

/Applications -> /var/jb/XApps

but then failed to convert back

what is 'it'

so it turned into //////XApps

cant say here

oh its the xina dopamine thing ok i see

yes yes

@grave sparrow Tell your mother to clean up better please

Unlicense

what the fuck

nightwind

Proprietary

beautiful code

not even 144p

wow

https://cdn.discordapp.com/attachments/1190148458649235496/1192174858692468778/Screenshot_2024-01-03_at_1.37.11_PM.png?ex=65a81e5b&is=6595a95b&hm=00b13b6e1f559f0d434895f6f40f52b337c64abb2f6d21f9e058191368844b6c&

thats better

yah

but

guess i need a dylib

so what'd you do to trigger it

nightwindi right

wat

i couldnt tell who he was talking to

did nightwind cause the springboard crash?

no

yes

did I tell you all about the website I built so I could transfer crash logs from my iPhone 4 to my pc?

filza webdav:

but then I have to browse the filesystem

lmao what

send a screenshot or something

I have to see this

no you dont

jk

well its just a gneeric file upload/pastebin

https://github.com/WilsontheWolf/dead-simple-file-upload

eveyrthing exisits purely in memory

so you're saying to upload a 100GB file

it will get OOMed

actually over the www it probably will get timed out

also I think my reverse proxy would block a file that large

you know what go nuts

https://tmp.shorty.systems/

i dont understand the crash log

On my way to upload piracy

say where

Exception Codes: 0x0000000000000001, 0x0000000040000000
VM Region Info: 0x40000000 is not in any region.  Bytes before following region: 3303636992
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      104e98000-104ea0000    [   32K] r-x/r-x SM=COW  ...p/binary
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [37814]

this?

is there any sensible data

the issue is a sex fault

Fix ur stroke game then

where is it in the crashlog

the thread 0: ...?

just send the whole thing

xD

not as bad as porn i hope

oh so that's how you hook variadic functions

oh

you should see how you have to do arb calls to variadic functions

uh oh

do you have an example

why not is it bad

does that call the function twice

i thought its just the original value

not on hand, but i do on my laptop somewhere

oh so like other hooks

alr lol

i cant really do anything against this can i

what you even trying todo

hook that function

method*

well yes

but like what is the goal/purpose

in my head its still the same thing dont even try to change that

it wont work i tried

i know its different

coal sounds

OOP sounds

method needs instance and function not or something like that

see which files it checks for existing

OOPfr when

@olive peak
https://developer.apple.com/documentation/foundation/nsstring/1497275-stringwithformat#discussion
check that method

Logos should support variadic method hooking:
https://github.com/theos/logos/pull/52

OOP

hook something that is for checking files then

thats great since it has 5000 xrefs

my mind wasnt braining sorry

looks like you have to handle %orig by youself though

%hook NSString

- (instancetype)initWithFormat:(NSString *)format locale:(id)locale arguments:(va_list)argList {
  NSLog(@"format: %@", format);
  NSLog(@"arguments: %@", arguments);
  return %orig;
}

%end

idfk

you gotta loop through it

isnt instancetype an nsstring

or what is it

yes

The following Objective-C code fragment illustrates how to create a string from myArgs, which is derived from a string object with the value “Cost:” and an int with the value 32:

va_list myArgs;
 
NSString *myString = [[NSString alloc] initWithFormat:@"%@: %d\n"
                                               locale:[NSLocale currentLocale]
                                            arguments:myArgs];

The resulting string has the value “Cost: 32\n”.

why do you always put [MyTweak]

so that you can filter in console.app

you have to grep something

but you can already

just click dropdown

whatever doubles your boat

tell that to low level devs who like putting [*] before every line for some reason

arent there different streams even in c

something like that

idk

stderr, stdout, etc

i think

ChatGPT?

stdeez

STDIN

Nah this is an elite logging method

Sure sure

[*] [-] [i] [+] the four horsemen of logs

What about

[?]

nah you just do a rage printf

Lmfaooo

[ ]

[ ]

[!]

[]

@radiant idol explain

.

[webshade-core]

hey, i made a modded ios 6 ipsw (decrypted the rootfs), tried to restore via itunes and pwndfu and it said it was incompatibile?

All of a sudden im starting not to trust Nightwind

when trying to use redsn0w it says "unable to parse"?

good

you shouldnt

im at your back door btw

open it so i can come in

im blowing up my house

oh no

dont do that

if i send my ipsw can someone take a look at it and tell me whats wrong

lol

https://we.tl/t-ocENTX25Dk

would anyone now how to fix this error?

i would also love to know

Hook csops or os_variant_has_internal_content, with the latter you will get this funny text

what do i use to hook? ellekit?

ive tried fishhook which seems to do nothing, ellekit seems to just not want to find the symbol for some reason?

Yes, you need to make sure your tweak is loaded before SpringBoard. To do so:

int (*SBSystemAppMain)(int argc, char *argv[], char *envp[], char* apple[]);
int main(int argc, char *argv[], char *envp[], char* apple[]) {
    dlopen("/var/jb/Library/MobileSubstrate/DynamicLibraries/Tweak.dylib", RTLD_GLOBAL | RTLD_NOW);
    void *handle = dlopen("/System/Library/PrivateFrameworks/SpringBoard.framework/SpringBoard", RTLD_GLOBAL);
    SBSystemAppMain = dlsym(handle, "SBSystemAppMain");
    return SBSystemAppMain(argc, argv, envp, apple);
}

Tweak being the hook for these...

You can’t use fishhook as functions are in dyld shared cache

In your tweak constructor, you need to enable JIT (it’s ok to use fork in dylib)

bool os_variant_has_internal_content(const char* subsystem);
%hookf(bool, os_variant_has_internal_content, const char* subsystem) {
     return true;
}

#define CS_DEBUGGED 0x10000000
int csops(pid_t pid, unsigned int ops, void *useraddr, size_t usersize);
int fork();
int ptrace(int, int, int, int);
int isJITEnabled() {
    int flags;
    csops(getpid(), 0, &flags, sizeof(flags));
    return (flags & CS_DEBUGGED) != 0;
}

%ctor {
    if (!isJITEnabled()) {
        // Enable JIT
        int pid = fork();
        if (pid == 0) {
            ptrace(0, 0, 0, 0);
            exit(0);
        } else if (pid > 0) {
            while (wait(NULL) > 0) {
                usleep(1000);
            }
        }
    }
}

wow, thanks a bunch!

didnt think it was jit

Once you get SpringBoard working, I’ll give you code to enable stage manager for real

LFG

Well im stuck on kaddr not in kernel panic...

On 16.6.1

Not sure what to do

dumb question but how do i get theos to use ellekit instead of mobilesubstrate?

its been a bit since i last used theos...

nevermind i see...

i use [!] sometimes i think

is ellekits "MobileSubstrate" linked to libinjector or libellekit?

[ERROR] [WARN] [INFO] go brazy

Y’all nerds need this

https://www.answeroverflow.com/about

Hell nah

Discord integration

Fr

Would go crazy with this channel

How to install procursus on macOS

(Capts message)

Yeah true

Zefram is spread to the world

@frank fossil you ever get anything like this?

everythings loaded up but... this

failure in sharedInstance of <FBServiceFacilityServer:0x21aa952f8> (FBServiceFacilityServer.m:88) : must have a valid domain for com.apple.frontboard.system-service : bootstrapConfiguration = <BSServicesConfiguration: 0x2832720c0> {
    Domains = (empty);
}``` hmmm

i might kno why...

whats sbshim?

springboard shim

this one?

Our main bot barely works my brother in christ

They need to split moderation into a separately hosted bot fr

not exactly, but sort of

just dlopen, no exec*(), right?

yes

/System/Library/CoreServices/SpringBoard.app/SpringBoard is platformized executable binary,
obviously the sb process we run (either sbshim or re-signed SpringBoard) is not platformized,
this breaks many assumptions in iOS code

possible solution is:
1: unsandbox
2: add some entitlements required if the any operation fails
3: hook some check functions, such as os_variant_has_internal_content etc..

i did hook os_variant_has_internal, ill try unsandbox

2 is more critical

my shim and springboard have the same entitlements

but ill see

the same entitlements are obviously not enough

true

btw whats your ios version?

16.4.1

sounds great!

the namecache hack way?

sort of

👍🏼 👍🏼 👍🏼

nice

Fire

You need unsandbox, get-task-allow for JIT and platform-application

import std;

int main() {
  std::println("helloooo");
  return 0;
}

c plus plus version 23

this is starting to resemble swift

they better not be doing weird things with syntax

literally c++'s main thing

well yeah

but it better not make it like swift syntax

inb4 they remove ;

C++ syntax is hell

but swift syntax

is

uh

whats worse than hell

it has some things i fw

some

like?

func decl

the @convention (c) thing is cursed

I dont like it

anything they do with C is fucking awful

fair enough lmao

@granite frigate did you ever figure out how to screw with cr_label through kfd?

trying to do so myself now

can someone tl;dr the differences between a normal rootless jb and the trollstore roothide bootstrap thingy

if i recall correctly, can't inject into platform binaries rn

also i don't think c hooks work

#development message

(dumb question) is springboard not platformized? or what am i seeing abt tweaks working there

it is platformized

but the technique requires krw

and it isn't in bootstrap yet

i c

if c++ syntax is hell rust syntax is hades himself bro

lol

haskell syntax

catch22

you forgot CoreTrust 2 exists

how u gonna platform

Bypass launch constraint by hooking launchd

^

You don’t need CS_PLATFORM_BINARY set in kernel, just bypass launch constraint

@topaz yew was you able to fix respring loop when screen turns on?

What’s it for?

wanna see stage manager on iphone without platformization?

that was a one off

forgot Pojav been using such method for a year?

i cant get it working

You should check console for possible amfi error

or springboard itself

only thing i get

Are you sure it has enough entitlements?

W^X is enough for tweak injection

there’s no need both W and X at the same time

what did you add? i added <key>com.apple.private.security.no-sandbox</key>

iOS 17.2.1?

and everything else it normally has

why not beta2?

Add platform-application and get-task-allow

already added

forgot to mention

wait it seems you didn’t put your shim into SpringBoard.app copy

since it doesn’t have Info.plist it can’t read stuff

well that would explain alot.

lord

okay excuse my dumb

😬

lldb is allowed to do this because it has restricted entitlements
sounds reasonable

still, nobody is targeting stock iOS because the CoreTrust exploit isn’t even there

no

Like I never said this could work on latest iOS

aka “stock”

@frank fossil thanks! it works like a charm

I'm getting a panic which I think is because I'm modifying proc_ro

i am not sure what to do about that

my theories require a kcall primitive

idk where I'm getting that from

dora has been providing some valuable advice though

i will see what they say

bet

are you on arm64 or e

arm64

i can rip it from kfd-on-crack maybe

kfd on crack has kcall yeah

e is probably worse as you need a PPL bypass. i think i might just give up on that and use vnode shenanigans instead

my objective is just installing trollstore so

So SB is no longer crashing?

the thing for swapping launchd can probably be used to swap anything

yes she loaded in a custom SB

wdym

the new one or the old one

i even got the little message

Ooo

Neat

hey shhhh

oh

what new one

https://cdn.discordapp.com/emojis/907843263925477437.webp?size=48&name=Clueless~1&quality=lossless

new = works on 16.2+

idk

(i might be off by a version)

its 16.2 it changed

ok yea

maybe then

i am not sure

kinda feel like if it worked people would have done it way earlier

yeah i think so too

but arm64e is for later ig

this raises the question though

what do existing jailbreaks do

dopamine src bro

yea but dopamine you have a ppl bypass right

so it doesnt matter

right?

Stage manager Tweak.x
The main thing here is to trick SpringBoard into thinking it’s running on iPad, other hooks are from tweaks enabling Medusa for resize to work

• Side effect: causes status bar style changed to iPad
• To allow stage manager: Add a Number key qeaj75wk3HF4DwQ8qbIi7g with value 1 to mobilegestalt
• To toggle: make a shortcut

what about unspellable tool

eta wen Bolders Reborn

s0n

im about to test it

ok sander we get it 😭

uses kcall

sander why

test orion rootless patch edition

.

i wonder how many c func hooks that poor tweak has

all

it is the spinlock

It hooks all C funcs

lmfao

lmfaoooo

And as a final test you could test Jade

i dont have that

I Wil test it

I’ll give you a copy

well lets get bolders working first

Yes yes

Ima go sleep though

night

Already

It’s only 7 am

gm

awww hell nah springboard is tweakin

begging for someone to bring this to end users

when you respring after replacing launchd does it ever end up respringing back to the normal springboard?

no

neat

whatd u use to hook launchd

d33z

oh wow what's that 😄

evelyne is going to innit

but for some reason she is waiting for 17.0

which i mean she has a right to do

but still lol

just want to delete beta popup :-p

Add Eliza to it

idk what that is

A tweak of mine

do you have the dylib

Rootless or roomful?

rootless

wen eta

LOL

Avg jailbreak setup

whats it supposed to do

change battery icon colour based off precentage

[[eliza]]

i think it worked

is 20 normally red?

yeah

oh wait you mean on stock

yah

on iPhones I think it is wihtout LPM on

@topaz yew are you replacing launchd with the chroot method to make a systemhook-type situation, which you then use for tweaks? I haven't really been in the scene of TS2 springboard tweaks lol

I'm not sure if it would work on the new battery with percentage

no, but there is systemwide hook

just doing stuff when springboard is spawned though

honestly its pretty neat we can get springboard hooking working

so your systemwide hook checks for com.apple.springboard and then dlopen's a tweak dylib?

I think it hooks posix_spawn(p)

ohh right

yes

DYLD_INSERT_LIBRARIES

nope

Yes

Oh?

no

i mean that works i guess

that doesnt work here i dont think

but just add in load command

is there any public implementation of the "new" method? Or should I build one myself

want to expirement with it

Nothing public yet

just change path in posix_spawnp

or do you mean the actual launchd stuff

the launchd stuff

eh i wanna finish that before i make it public, but you coud ask ev maybe

its namecache

though

honestly if I could get springboard hooking working, I could probably have most of the tweaks I ususally use working

btw its broken wilson

lol

Oh

Does it work in the cc?

oh no it doesnt

maybe its the environment

It will later on

I'll just try to make one myself then ig

evelyne will never give it 😅

There might've been changes with the battery with the new percentage display

i cant get to load springboard

depression

how far did you reach

sigabrt - sbinitializer

assuming it's the platform check

i already added in load command for dylib

i dont think Duy did load command

right

but you did

tru

I did load command of tweak only (haven’t tried dlopen), springboard is dlopened

Wait since this is using the trollstore bug, does it work "untethered" or do you still need to kickstart it

i'm not sure why the tweak isn't working

Again, to reminder: be sure to load your tweak, not Ellekit

needs krw

the tweak loads in ellekit though

It won’t if safe mode is on (/var/mobile/.eksafemode)

how do i load a tweak without ellekit???

You load the tweak, it chain loads ellekit

i mean Yeah i don't dlopen or include ellekit in load command

i don't even get the hook to print or do anything

for all I know it doesn't even work

and idk why

Or you should add both to be safe

so i hooked an objc function from the app i load my tweak in but i dont get any logs even tho the function gets called 100%

judging by that function signature it's probably a Swift class, meaning that's an ObjC bridge class. it'll only be used if called from ObjC, not directly from Swift

i dumped it using ktool

right, but that doesn't mean it's actually used

i looked at the function in ida

i hooked the fileexistsatpath

and it got called with the strings inside the function

if called from Swift, it's not going to call it through ObjC, meaning your hook never gets called, because you're hooking ObjC not Swift

and there's no straightforward way to hook Swift directly unfortunately

isnt it find obj symbol thing for swift classes

or that not for private

Hey I have a question, what's the difference between FrontBoard, BackBoard, and SpringBoard?

What app is this

is there a way to disable the cover sheet slide thing

like

the ability to slide to go back to the LS

is it true that iOS 17.3b2 added zefram

What is Zefram

I actually have no idea

capt jb i think but it became a joke

it's real though innit

just that he doesn't show it

malware

can someone take a look at this? https://we.tl/t-rqaFHl8nyS
i cant figure out what type of hashes these are

its a xml file with no extension

oh their sha hashes nvm

Zefram is malicious software, commonly referred to as malware, that is specifically designed to hack Apple devices such as iPhones and Macs. This malware has the capability to compromise the security and privacy of Apple users by infiltrating their devices and extracting sensitive information. The purpose of Zefram is to gather sensitive information such as login credentials, financial information, and personal data, which can then be used for malicious purposes such as identity theft and financial fraud. Zefram uses various techniques to spread and infect Apple devices, such as phishing scams and software vulnerabilities. It is highly sophisticated and can evade traditional security measures, making it difficult for Apple users to protect themselves against this threat. To stay protected, Apple users should regularly update their devices and be cautious of suspicious links and emails. Additionally, it is recommended to use robust security software to detect and prevent attacks from Zefram and other similar threats.

i thought it was an ios 14 jb

Base64 encoded, either a SHA1 hash or a truncated SHA256 hash

Most likely the latter though

Interesting

yeah true

i see, thank u 🙏

when you looking at symbols in a macho and see some starting with _$s

its real but its more of a tweak injection platform than a jb

i mean you can have a jailbreakd with krw that ct signs everything

you can also just bypass the platformisation requirement

me and the homies disabling SIP,SSV and doing amfi_get_out_of_my_way=1 on mac, jb solved

@hasty ruin

real

we dont fuck with amfid here fr

https://media.discordapp.net/attachments/688121419980341282/1159279134250373200/ret.gif

i dont disable any of those because i dont need to fr on mac you can already launch whatever you want with JIT too

Arguably its very close to a jailbreak

System-wide injection, custom launch daemons, jailbreakd

if i want to add a hook to the status bar everywhere, do i put com.apple.UIKIt in the tweak plist?

you could argue that yeah

in my opinion a jailbreak is more about getting to the state where you can run all of those where previously you never could (getting root/kernel access, breaking sandbox etc) but to most people in this community theyre the same thing

okay nvm i'm not supposed to

now with only 2* panic bugs

*may change

krw can be done with handoff to jbd, sandbox is dead with entitlements

facts

ios could never

com.apple.springboard was enough

let it do as such

I mean, you can still get root/kernel access as well as unsandboxing

So it's not all that different

Just no PPLRW

root/kernel on what

modern ios jailbreaks?

on the krw/ct thing

so real

how to get offsets for iphone x ?

i mean yeah i wasnt disagreeing. that bypasses previously present restrictions so i would consider it a jb

hm

This new Evelyne thing

i need it for a jailbreak tool

wha

ok nty

lmao

cross ref a kcache you already have offsets for too, makes it easier

hi

hello

ima try

not that zefram isnt cool i just like yanking capts chain when he calls it a jb

anyone know what BulletinBoard is for?

I thought that was UN

so is UN the frontend framework

UN is the backend

oh

you can also try counting your offsets

but

....

lool

(i have no idea i havent done ios shit in a long time)

i did that for a while

based on naming though bulletinboard sounds like itd be the shit that draws it

lets allow the asian to enlighten us

inshallah capt

@grave sparrow so if i wanna hook the function whenever a notif is shown to the user, i'm looking for somewhere in BulletinBoard right? BBServer I presume

hook publishBulletin iirc

my goat my hero my gyatt staturnz

can i use these to modify the files in an app cause its a react app

might not exist anymore idk it been a while lol

will it mess it up?

if i dont change the hashes

Yes but you’ll need to codesign again

whatt apple would never change their priv apis and break code

every ios update says otherwise

this is an already built app so would that change things

You can codesign a built app

dude one day they're gonna remove -[UIImage applicationIconImageForBundleIdentifier: format:scale:] and every single tweak and somehow facebook is gonna break it's gonna be funny as hell

and how would i go about that and would i need a mac

ok so yea i was completely wrong

bet

fr

thats le joke

does he know

it's trying to find Cephei in a non rootless path for my pref bundle

what da hell do i do

preferenceloader

am i not supposed to use PreferenceLoader from pro

no cause cephei is obv not at /System/Library/Frameworks

so it's failing

why would my bundle dictate where cephei is

oh

TARGET := iphone:clang:latest:14.0
SYSROOT=$(THEOS)/sdks/iPhoneOS16.5.sdk

include $(THEOS)/makefiles/common.mk

BUNDLE_NAME = Preferences

Preferences_EXTRA_FRAMEWORKS = Cephei CepheiPrefs
Preferences_FILES = UENRootListController.m
Preferences_FRAMEWORKS = UIKit
Preferences_PRIVATE_FRAMEWORKS = Preferences
Preferences_INSTALL_PATH = /Library/PreferenceBundles
Preferences_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/bundle.mk

oh

I added

THEOS_PACKAGE_SCHEME = rootless

and now it works

:3

swiftui

why would my dylib be in SpringBoard

but not loading

code written by #development member

like cocoatop shows that my dylibs are injecting into springboard but none of the tweaks work

i don’t have any clue what’s going on

i’ve codesigned everything with ctbypass

only springboardhook works, because I inserted a load command for it

any non-native app

(SwiftUI doesn’t count as native)

fr

🤝

There’s various tools (codesign, ldid, zsign) so take a look

and if i didn’t code sign would it just straight up not work

chad

one has money

Anyone know how i would decrypt a dylib from another app?

Kinda want to make like a patcher of some sorts to inject tweak into app store app

For trollstore

fr

@lime pivot deadass how do u have motivation to still do jb stuff after like 13 years

dylib? frameworks are encrypted too?

Afaik im pretty sure

I opened in hopper and it said this file is ciphered so idk

well trolldecrypt is open source

lol

how the helldo u set the amountOfLines for a PSTableCell

Did you see my watchtube memory usage? Lol

Started with this

Forced it to this

man what the FUCK

It was only loading 30 images

Well the images were the cause it was loading other stuff

that UIImage(data:) blowjob GOES CRAZYYY

I did manage to reduce it to this by sticking in a few lazy V stacks

But that isn’t a solution I want

my god

Correct

Why not just inject without decrypting?

Kirb pointed out I probably need to downsample my images but SDWebImage doesn’t seem to have a SwiftUI friendly way of doing it lol

Wont that not work?

It works now

You can use arbitrary Team IDs

found this https://newosxbook.com/tools/jtool.html

Thanks to my latest ChOma commit

o tool ported to linux

Yeah idk what’s up with it. Instruments didn’t find any memory leaks or anything of use so I’m fairly sure it’s just an issue with me loading the images lol

No i mean i decrypt dylib and resign with teamid

I thought tou had to decrypt dylib

Either way it was fun

🧌

You can inject into App Store apps with just opainject now

Cause if you dont and inject rpath into it doesnt encryption break

Well yeah

You can set whichever team ID you like

You don’t have to decrypt anything

I dont want to have to manually use opainject tho

Decryption isn’t your problem here then

You could just integrate opainject directly into your app?

mashallah

I wanna make my own notif logger so bad but it's already been done ARGHHHH

im still doing that shit anyways

@sonic totem damn it does work

i just resigned dylib and added rpath into it

without decrypting

time to make a patcher

nathan widevine crack real

Yep

The whole time I thought it wasn’t possible because I thought that it solved an error I was having