im overwriting system colors so that needs a respring anyway no? i dont think that can be respringless because all of the elements which have already rendered wont rerender when the color changes

You listen for a notification with a string, and you set string in the postNotification value of the specifier

Oh yeah you’re right lol

This is like ig more general thing for the notif

fair yea

i think ive seen a poc before

Good luck on ur project

tyy !!

no that doesn't need a respring

you're just hooking uikit

ah

if i change like, for example, systemBlueColor, how would i tell uikit to rerender the elements that use systemBlueColor then?

they will use it when they load

is what i mean

yea ofc but that means that you would need to reopen your apps etc for the colors to apply properly no?

10 sales within the first hour! Thank you #CreamerNation

yeah, you'd have to

i think a respring is better because it would reapply all the colors regardless

but im not sure

ux is always better when you dont need to respring

Yeah a respring is the ideal solution here

Just respring

respring is better since it would kill stuff
hooking uikit and trying to set the colors from prefs would be bad

very bad

i mean thats kinda what im doing

no

i mean an apply button that sets the color for existing elements

rather than doing so when elements load

ah i see

You should do pkill -f *

in my code i essentially wanted to make it where prefs are loaded dynamically and then all the "systemXyzColor"s are swizzled and return the color from prefs instead of the original color, where the original color is the default

theres definitely a better way though

i mean

other then manually doing them all

you don't have many options

lol yea i think theres around 40

im not manually writing out every swizzle and every pref and every default

use an array?

you would still need to write them out in the array lmao

no

#creamer

there's a set amount of colors so you'd have an array with the names and then you'd do system+ x + color or whatever

lol

System colors iirc are defined in an asset catalof file

creaming

they are but i dont want to read carfiles

Weak

That’s my HOBBY

either way for now im doing it the way fiore showed me yesterday

unsigned methodCount = 0;
Class uiColorClass = object_getClass(NSClassFromString(@"UIColor"));
Method *methods = class_copyMethodList(uiColorClass, &methodCount);

for (unsigned int i = 0; i < methodCount; i++) {
    Method method = methods[i];
    SEL selector = method_getName(method);
    NSString *name = NSStringFromSelector(selector);

    if ([name hasPrefix:@"system"] && [name hasSuffix:@"Color"]) {
        __block UIColor *(*originalColorWithCGColor)(id self, SEL _cmd);

        MSHookMessageEx(
            uiColorClass,
            selector,
            imp_implementationWithBlock(^(id self) {
                return colorFromHexString([preferences stringForKey:name]);
            }),
            (IMP *)&originalColorWithCGColor
        );
    }
}

free(methods);

thattt is bad

lol yea

thats what i mean by this

hm

You know

Iirc there’s a class for these system colors

oh?

i was planning to expand also hook stuff like UIColor.blueColor though

Oh keep ur current meth then

Ok

I will

https://cdn.discordapp.com/emojis/1007946409586212884.webp?size=48&name=SilvThumbsup&quality=lossless

yep

?? What did I do

https://tenor.com/view/say-meth-what-huh-im-confused-what-are-you-doing-gif-14698624

He always be living

Kitten drama

Who got banned here

I don’t see messages

What it’s about

Kitten

Oh LITTEN

litten joined yelled at serena for making a better hersion of ve

LOOOOOL

then deleted her messages and left

I didn’t start that drama on accident ??

It was on purpose tf

I wanted to call her out

🗣️

i mean the cs part

everyone misunderstood lol

oh right

yeah

they thought it was CS but it was me

Litcord

all she do is copy tweaks and lie

🗣️

i put ssh into it now lol

i might actually just use a hardcoded array

that way i can share it between the prefs and tweak and i dont need to call class_copyMethodList twice

All bisexuals do after 1991 is eat hop chips and lie

true!

if i use xi i can preprocess it into a %hook call right?

Those are women. Not bisexuals.

xi is when c preprocessor runs before the logos one or something

i dont remember

Wtf is xi

hang on lemme get documentation

Same thing

true..

yea i was right

Who’s winner

Oh that’s the first time I hear abt that

that means i can technically make a %hook that uses my custom values

although

i cant iterate with the c preprocessor

hmm

ok how do i make subpages in prefs

PSLinkCell

oh

Senri works very fine ☺️

Where the detail parameter is the class of the vc u wanna push

🫡🫡

ok i see

ty

Yw

its starting to look like java classes atp lol

FloraSystemColorListController

next we get FloraSystemNormalCGColorListControllerFactoryFactorySingletonDelegate

vi is better

whats vi

Text editor

Use emacs

oh vim

https://cdn.discordapp.com/emojis/1019732813941067908.webp?size=48&name=skulley&quality=lossless

i was thinking file extensions

you can technically do smth like this (please dont actually do this)

@interface FloraShitClass : NSObject
@property (nonatomic, strong) NSArray *shitArray;
+ (instancetype)sharedInstance;
@end

@implementation FloraShitClass
+ (instancetype)sharedInstance {
    NSMutableArray *shitMutableArray = [NSMutableArray array];
    static FloraShitClass *instance = nil;
    static dispatch_once_t onceToken;
    dispatch_once(&onceToken, ^{
        instance = [[FloraShitClass alloc] init];

        unsigned methodCount = 0;
        Method *methods = class_copyMethodList([UIColor class], &methodCount);

        for (unsigned int i = 0; i < methodCount; i++) {
            Method method = methods[i];

            SEL selector = method_getName(method);
            NSString *name = NSStringFromSelector(selector);

            if ([name hasPrefix:@"system"] && [name hasSuffix:@"Color"]) {
                [shitMutableArray addObject:name];
            }
        }

        instance.shitArray = [shitMutableArray copy];

        free(methods);
    });

    return instance;
}

@end

dont give me more ideas fiore

https://cdn.discordapp.com/emojis/1019692218564489349.webp?size=48&name=trolley&quality=lossless

anyway i think i see

DUDE.

i said not to do it

im not going to do it

that looks too hellish

i did find and replace like 7 times for this

I think god should kill you

but this looks fine to you?
export type AllValues<T extends Record<string, any>, U extends unknown> = T extends { all: true; } ? U[] : U;

i said not to

its just a

concept

what the fuck is that

average objc code

ive done worse

export type SingleModuleByProperty<T extends any[]> = T extends [...any, infer O extends SearchOptions]
    ? AllValues<O, AnyProps<{ [k in Exclude<T[number], Record<string, any>>]: any }>>
    : AnyProps<{ [k in Exclude<T[number], Record<string, any>>]: any }>;

what the FUCK

magic TS parsing

also i dont think u can do this between projects lmfao

wdym

actually you can just import the header

yeah

thats why i made it a class

with a shared instance

bc thats the whole point

lmao

oh btw atria still randomly crashes springboard with bluetooth enabled

i say randomly because sometimes the apps open fine other times they respring

logs

where logs

do i search for Springboard as the process

yes

ughh now its not doing it

wait

ok this is how you do this right?

<dict>
    <key>cell</key>
    <string>PSLinkCell</string>
    <key>label</key>
    <string>System Colors</string>
    <key>detail</key>
    <string>FloraSystemColorListController</string>
</dict>

actually what am i saying i have docs for this

yea

whats isController

do i need it

i had a tweak i wanted to make a while back but i gave up on prefs cause i didn't know how to load a list of filenames in a linked cell

Yea

i mean idk im loading them like this

_specifiers = [NSMutableArray array];

unsigned methodCount = 0;
Class uiColorClass = object_getClass(NSClassFromString(@"UIColor"));
Method *methods = class_copyMethodList(uiColorClass, &methodCount);

for (unsigned int i = 0; i < methodCount; i++) {
    Method method = methods[i];
    SEL selector = method_getName(method);
    NSString *name = NSStringFromSelector(selector);

    if ([name hasPrefix:@"system"] && [name hasSuffix:@"Color"]) {
        id colorInstance = [UIColor performSelector:selector];
        NSString *hexColor = [self hexStringFromColor:colorInstance];

        PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:name
                                                            target:self
                                                                set:@selector(setPreferenceValue:specifier:)
                                                                get:@selector(readColorPreference:)
                                                            detail:nil
                                                            cell:PSLinkCell
                                                            edit:nil];

        [specifier setProperty:[HBColorPickerTableCell class] forKey:@"cellClass"];
        [specifier setProperty:BUNDLE_ID forKey:@"defaults"];
        [specifier setProperty:hexColor forKey:@"default"];
        [specifier setProperty:name forKey:@"label"];
        [specifier setProperty:@true forKey:@"showAlphaSlider"];
        [specifier setProperty:name forKey:@"key"];
        [_specifiers addObject:specifier];
    }
}

free(methods);
``` but this is very temporary

so many things are errored by Springboard i could never find the one im looking for

So i'm reading through the launchd process discovery post and am curious, how do devs get access to the full filesystem without being jailbroken?

Are you guys ripping memory from the board? getting it out of an IPSW?

we don't get full filesystem access lol

are there public dumps?

can't even write to most directories because of SSV

how did Alfie get access to /sbin/?

you search through the vp_namecache of /sbin to find launchd

then afterwards you kwrite to it to change v_name and vnode_id

right, but how did you guys get to /sbin?

you have TrollStore

ohh i need to learn more abt trollstore

well, not TrollStore

the CoreTrust bug that powers it

ok ok

sorry for taking up y'alls time

meant the crash log not the syslog lol

doing this will redirect execution of launchd to any arbitrary binary, normally this isn't useful because codesigning kills it anyway

wanna learn more just dont know where to go other than here lol

but the coretrust bug allows it to be run

oh

Does coretrust have a whitelist? how does it get around coretrust validation

it whitelists app store apps

so there's a bug in coretrust validation where you can include your own app signature, then the signature of an app store app afterwards

ahhhh i see

doing so will cause coretrust to think it's an appstore app binary and allow it to run

tldr basically

right right

how does that tie into /sbin/ and launchd?

is launchd signed like an app store app?

this log seems so useless

yes

funny how apple had to fix this sort of thing for installd and it comes up yet again

the different slices thing was cool

so now we're back to

how does one get access to /sbin/

now how the fuck would i go about resetting the preferences back to default

we aren't accessing it

it's still read only

yeah yeah how can you read it

thats what im missing

and how do you modify launchd if its read only

if you couldn't read it then how would it load lol

that goes for any file

well but from a user standpoint

like how do you read it

or any dev

KFD?

memory rips?

krw

yea i think thats where kfd comes into play

whats krw?

read/write to kernel memory

ok ok

it's like hexediting shit in games to cheat and get infinite ammo

lol

like the post says, arbitrary kernel r/w (read/write) can allow for the modification of vnodes
so you could redirect calls for one file to another location

in this case we point to a modified version of launchd

how do you do that? do you get kfd?

does anyone have an objc springboard crasher i wanna implement a respring button

yep

the process of reading (and/or writting) is where im confused

i get now that it comes from kernel memory

are you dumping that memory from kfd?

well you would use an exploit such as kfd

ok awesome

thank you

as for how they work

its black magic

hahah

also some parts can't be written to

because ios security

yeah

so when you wrote seratonin i assume you used this

my typical method of doing it doesnt work sksks

- (void)respring {
    NSTask* task = [[NSTask alloc] init];
    [task setLaunchPath:ROOT_PATH_NS(@"/usr/bin/killall")];
    [task setArguments:@[@"backboardd"]];
    [task launch];
}

sidenote: real jailbreaks avoid running the kernel exploit multiple times and provide interfaces for reading and writing to kernel memory

vnodebypass takes a similar approach to this, for example

interesting

why do they avoid the exploit?

oh I have it

instability

Link?

Giveee

i see

to sign up?

idk

link is gone

App Store one

you have to cleanup after exploits or else you risk leaving memory in unsafe states

and since these methods are not 100% successful, you could end up panicking the kernel eventually

ah

and why would you have to rerun the exploit for the launchd patch?

Oh no clue

I never got it

because we aren't modifying the real launchd
once the kernel restarts, it'll just point back to the original one

ah

we only make changes in memory, so it only works after it's been run

but the kernel restarts on userspace restart right?

no

No

so doesnt checkm8 use the same mechanism?

oh

when does kernel restart?

whenever it wants?

That’s the whole point of a user space restart

checkm8 patches the kernel before boot

Full restart

Like

The normal shut down mechanism

full restart ≠ userspace restart?

Correct

ah

shit

I don’t think you can do a user space reboot on stock

yeah

honestly landa can be retried as many times as you want

but this is true

you need some ents yes

ents?

entitlements

ah

and whats landa?

exploit method in kfd

is that the launchd pointer?

no

oh ok

I do want to implement libkrw in the future

but i have 0 clue how to do it

https://cdn.discordapp.com/emojis/1140945594798571540.webp?size=48&name=trolley~2&quality=lossless

need dimentio and shshd fr

ok sorry for so many stupid questions

finally getting it i think

Np it’s normal, we should actually document this lol

haha

so @granite frigate the reddit post says

However, because we have a patched launchd, you can just inject a payload into any system binary (such as a launchd daemon) and effectively have a proper jailbreak.
Is this the libkrw thing?

um

not really?

okay

are they referring to the patched launchd daemon when they talk about an injection target?

no so basically

we have a launchd hook

we can change any function in launchd to do whatever we want

so for the purposes of springboard only, we hook whenever any binary is spawned and check if its path matches SpringBoard's

ok so what is the hook

if it does, change it to our own

what does a hook mean here

the thing is that we can generalise this hook to any binary

Changing what an existing function does

While being able to call the original version

Okok

For launchd this usually means hooking and changing posix_spawn, the function for spawning binaries

honestly I feel like this thing is really hacked up

For example, some patching is done to let the binary run its own child processes

im starting to get that idea

you have to clone every binary and coretrust sign it to inject into it

yeah

instead of directly injecting into the normal one

💀

yeah thats a yikes

and so why is 17 not supported? coretrust patched?

1. no krw exploit
2. launch constraints
3. apparently a "userspace PAC bypass" is needed

I'm not sure about point 3

2 and 3 aren't an issue

wouldn't doing this trigger PPL

idk how to get around them

yes lol

you can't inject into higher TLs

Workaround has been found for 2, 3 isn't that difficult in reality if you know what you're doing

i'm going to assume this is kept private

Yeah of course :p

man

oh great my iphone went into safemode and all my apps crash

It will be released if there's krw for iOS 17

afaik

why does imessage have so many ways to enter a chat 😭

https://cdn.discordapp.com/emojis/834822065231364156.webp?size=48&name=Copium&quality=lossless

hopefully

uh

yea um for some reason flora now puts me in safemode

and i cant access sileo to delete it because it crashes

in safemode**

gotta love being semi jailbroken

now this is probably a really stupid question but is there any way to read all of the filesystem when jailbroken

yes
step 1: escape sandbox

ok i see

damn, im way out of my depth lmfao

step 2: gain root privileges

gn chat

im gonna have to reboot for this

gn

i hate everything

sorry

sometimes safe mode doesn't work

though, if you have kernel privileges already then both of these become easier

y'know, until apple throws more things behind PPL

does this ```
<key>com.apple.private.security.no-sandbox</key>
<true/>

allow apps to access the full FS? run unsandboxed, etc? this seems broken lol

sandbox is a funny extension to the kernel that restricts apps from accessing files outside their containers and also kills binaries executed outside containers without the proper entitlements

right

but then this

because thats in the app entitlements correct?

well yes, it's an entitlement but how it works kinda does break things

Dord

that's why apple won't sign anything with it

not publicly anyway

like what? could that be used to exploit and read (or write) memory/storage?

When jailbroken?

Easy

alfie i just became your biggest fan lol

Just add all the entitlements that Filza has

whats good

it lets you access the filesystem outside of your bundle, data, and group containers

How so?

you're a year older than me

doing cool shit

lol

You will be like me in a year’s time

Probably less even

sounds foolproof

which is not actually the entire fs
just anything owned by mobile really

ye

ok so if you have that whats the problem? cant you sign yourself?

with trollstore?

Yes

with only TS, installd will reject you, but that's why TS doesn't go through installd normally

is the stuff you need to get access to for root access not owned by mobile?

root filesystem?

or root user

i mean like

scam im older and still suck

anything outside of /var/mobile with no-sandbox you won't be able to write to, but you'll be able to read it

a year? that's p fast

the stuff that needs to be edited

i still suck fr

ah

if you want to write outside of /var/mobile you'll need a root helper

thats what i was wondering

roothelper is another pain thing

I started properly developing in late 2022 ¯_(ツ)_/¯

:(

hmm

That's why I ditched trollstore support for Spartan

I don't have a set date where i started properly developing

idk

in and out ig

but this could be in place of krw exploit for ios 17 right?

No

hush bot

all files have permissions
user processes are all ran as mobile
some files or directories may be owned by root (or another user) and can only be read or written to by the root user

or does trollstore need krw

I was doing SwiftUI () development before jailbreak stuff

No

filesystem rw and krw are completely different

It only uses a CoreTrust bug

funny how I start the total opposite

also if launchd will reject you whats the point of being signed anyway? isnt the point of launchd to just check signatures?

launchd doesn't do signature checks at all

for full filesystem rw (on 15+) you'll need

1. patched kernel so iOS doesn't refuse your remount command
2. a root helper

@granite frigate by definition, a CoreTrust bypass is a PPL bypass, as CoreTrust is part of PPL now - so technically, I found a PPL bypass

wait what

so what cant you write to if you have write access to kernel

coretrust is ppled?

cool

CoreTrust bypass is the answer

krw means you can read from and write to the kernel's memory

You’re automatically approved

Yeah it’s part of PPL in iOS 16 afaik

ok

No more amfid

Interesting

how are dev signed apps check

they don't go through amfid?

Not afaik

amfid is basically unused on iOS 16

huh what

AMFI is different

then what do they go through?

And that validates dev-signed apps

I think

oh

oopsie

nono the issue is that i made a lot of changes and i have NO CLUE what is causing it to go into safemode

It goes trustcache -> CoreTrust -> developer-signed

its 5am

oh sorry

good night

:>

if you have cr4shed it can tell you what methods were running

before crash

I’m claiming that I wrote a PPL bypass

how where

the logs in analytics are gibberish

Yeah they are

so CoreTrust bypass lets you get around not being signed
which means you could run outside of sandbox
meaning you can Read the entire fs and write inside of /var/mobile
which means you could dump the contents of your fs
which means you have some level of access to efficiently look for exploitable code (?)

You need cr4shed for nice formatting

whats cr4shed

is that a tweak

[[cr4shed]]

ye

ah ok

shows you this

exploitable code isn't jack in userspace

very very handy

why not? (go to bed)

i mean that's prolly wrong

Looking for exploitable code is not a benefit

but it's not really useful in itself

ah i see

You can download the entire filesystem from an IPSW

oh

XNU is oss too

Also yeah, if you’re looking for exploitable code, look in the kernel

the kernelcache can be analysed too

rootfs is unencrypted since 12 too

Exploitable code that runs in userspace is basically useless

so you don't have to pull encryption keys

From a jailbreaking standpoint

but kernel is patched xnu right

good for install methods I guess

installd trol

kernel is XNU

Unless it lets you reach a kernel vulnerability

XNU is iOS' kernel

Only good use case

Except there will likely not be an installd bypass again

we need psychic paper 3

right but isnt the XNU that IOS uses patched up and closed source

No

oh

Not afaik

It’s highly similar

But yes it’s closed source

https://media.discordapp.net/attachments/688124600269144162/1192854330261377154/caption.gif?ex=65aa972a&is=6598222a&hm=c7df671998963358f8ec4a0bf269f8ff7c8758b2d086193b8d83c866b48068c8&

how highly though and how do we know the difference

isnt uikit web only

you can do funny stuff like decrypt and mess with apps but not much else

..no

aw ok

There’s some extra security additions for iOS

uikit is iOS' original framework for creating a UI

dont most tweaks sit in that space tho?
decrypting stuff and messing with apps

As macOS is inherently different as a security model

it dates back to OS 2.0

oh wow

the libraries might
but you also need a way to load them

Though apple made many significant changes around iOS 4

ah

So most OS2 apps don't work properly on 4+

?

Which changes?

um guys i think im screwed

as soon as i bootstrap none of my apps work

i cant delete the tweak

ok none of my apps except for bootstrap itself

I don't remember exactly, but with the release of iOS 4 apple now had two screen resolutions and so some things that used hardcoded positions died

Also, audio doesn't work sometimes

Not sure why

oh fuck i see why

Apps built pre iOS 4 sdk do not usually have audio on ios 10

which can be done with the ct bypass
which is why things like roothides bootstrap works for tweak injection

everything that has tweaking enabled doesnt work

and that includes sileo

https://cdn.discordapp.com/emojis/1019732813941067908.webp?size=48&name=skulley&quality=lossless

bootstrap doesnt let me disable tweaking in sileo

ummmmm

doesnt cydia work in safe mode?

where do i get cydia from

you don't

sileo and zebra both crash

you can always search for the dylib in filza and manually delete it

idk i havent jailbroken in a few years

oh true

i had to do that when i installed cylinder reborn

cylinder remake works fine though

i think it’s a web framework too but im shit posting about the ios one

where exactly are packages stored

One of the apps I am trying to revitalize uses a custom UIAlert dismiss animation and that freezes the entire app when it's dismissed on iOS 4

/var/containers/Bundle/Application/jbroot-whatever

Now that I know how to theos I should stop trying to hex edit the binary and start just method hooking the IAP stuff

@primal perch do you have IDA with an objc decompiler

i have the 7.7 and 8.3 leaks

which do objc very well

i don't have 8.3

idk what an objc decompoler is tho

oh i need to be jbed for that ok

send send send

it’s just the standard decompiler

well no

lemme boot up my pc

should work

i have 7.0 which is ass

7.0 old as shit

yes it isssss

nvm found it

i have a copy of 8.3 with decompilers from 7.7

use that one

my 8.3 doesn’t have the 7.7 decompiler i got it from the source and im lazy

where in jbroot are tweaks stored?

I'd assume it's just there to avoid apps reading where jbroot is
since sandbox would say no
that's actually kinda clever tho

idk if its just an issue with me or what tho bc sometimes when i try to decomp larger functions ida just freezes & does nothing

on wine in macOS & vm in windows

i'm just trying to RE the IAP class of an app from 2010, doubt it's too complex (gone from app store and most of the game is paywalled)

Library/MobileSubstrate/DynamicLibraries
most likely

can I have

lemme throw on server hold

🔥

ya same

my 8.3 is like x64 and arm64 only i need armv7

same

im not sure if it has armv7 actually let me check

oh not even lmfao

mine just has x64 and x86

poverty

damn

my 7.0 has armv7 and arm64

it's just old

but the 7.7 cryptic put up here a awhile ago

loaded

holy shit ppc

mips

what crack is my ver smoking dude

"MIPS, PPC64, PPC, ARM64, x64, ARM, x86"

lol

why can't it decompile arm then

bro got the full loadout

full package

million dollar ida install

fr

no RISC though

riscv overhyped anyway 💯

or wait

is there a separate decompiler for thumb

if riscv is so good, where's riscvi

fr

i should try and compile nano for airports

https://dmca.sh/WinO6/VIquZiBE36.7z

wtf is dmca.sh

@frail cedar @primal perch

idk this was the site i got it from

word

https://cdn.discordapp.com/attachments/1169461256386785290/1170517092223680552/caption.gif

hes driving

average carbridge user

didn’t yall literally pin the url to cryptic’s copy of ida in this channel

i doubt he gives af atp 💀

no he does

capt did

then cryptic changed that url to respond this is why we cant have nice things thanks capt

or something like that

guys its real

does anyone have a respring objc snippet

look on github

smth smth adamdemasi.com

typedef NS_OPTIONS(NSUInteger, SBSRelaunchActionOptions) {
    SBSRelaunchActionOptionsNone,
    SBSRelaunchActionOptionsRestartRenderServer = 1 << 0,
    SBSRelaunchActionOptionsSnapshotTransition = 1 << 1,
    SBSRelaunchActionOptionsFadeToBlackTransition = 1 << 2
};

@interface FBSSystemService : NSObject
+(instancetype)sharedService;
-(void)sendActions:(id)arg1 withResult:(id)arg2;
@end

@interface SBSRelaunchAction : NSObject
@property (nonatomic,copy,readonly) NSString * reason; 
@property (nonatomic,readonly) unsigned long long options; 
@property (nonatomic,retain,readonly) NSURL * targetURL; 
+(id)actionWithReason:(id)arg1 options:(unsigned long long)arg2 targetURL:(id)arg3 ;
-(id)initWithReason:(id)arg1 options:(unsigned long long)arg2 targetURL:(id)arg3 ;
-(NSURL *)targetURL;
-(NSString *)reason;
-(unsigned long long)options;
@end

void respringDevice()
{
    SBSRelaunchAction *restartAction = [SBSRelaunchAction actionWithReason:@"RestartRenderServer" options:SBSRelaunchActionOptionsFadeToBlackTransition targetURL:nil];
    [[FBSSystemService sharedService] sendActions:[NSSet setWithObject:restartAction] withResult:nil];
}```

right at the top https://github.com/NightwindDev/BoldersReborn/blob/main/BoldersRebornPrefs/BoldersRebornListControllers.mm

the actual leak did not come with an installer

must link FrontBoardServices SpringBoardServices

either someone packaged it into an installer for no reason or this is north Korean spyware

the actual 8.3 leak also only had decompilers for x86 and x86-64, rest are from 7.7 and 7.5

yeah its probably both

the ideal way to ship these would be unadultered installer with valid sha256 cert and then teaches you how to patch that

but then the crackers cant make money off ur botnet'd pc so

this is a little overkill though fyi

nah it's cuz the unalterened installer requires a password, and is encrypted and watermarked

but it works in tweak settings so 👍

yes yes

and hexrays doesn't sign them

bloatware

typical nightwind...

i believe they do

idk i dont own pro but free is signed

pro isnt

seems dumb

Yay or nay

i mean

read the code and you'll see what i mean

Yay for malware

or repackaged leak for no reason lol

you do not need ida

yay if you want malware

fr

ik, but y not

they give u sha in the email

stick with the actual 8.3 leak if you want something slightly more trustworthy

but really run any pirated exe in a vm

from the scene group ^

ik , i didnt run it

but I don't think the actual 8.3 leak is malicious

tiny10 vm ready to launch

same group also releases binja

with unmodified installer and keygen

since they don't watermark

chads

probably just trying to not get their source for the leaks banned from purchasing

the actual leak did have an installer

this doesnt respring me either

it was a custom one though

https://cdn.discordapp.com/emojis/1085292303628910723.webp?size=48&name=nyaboom~4&quality=lossless

what the heck

try the trollstore one

okok

and either way if you're not running cracked IDA in a VM you deserve to get hacked

or insta spring idk if it OS

my original is this idk

- (void)respring {
    NSTask* task = [[NSTask alloc] init];
    [task setLaunchPath:ROOT_PATH_NS(@"/usr/bin/killall")];
    [task setArguments:@[@"backboardd"]];
    [task launch];
}

😭

me no know oop so i no help

why are we still killing backboardd

fr

just run sbreload

@placid kraken TrollStore's ```objc
void killall(NSString* processName, BOOL softly)
{
enumerateProcessesUsingBlock(^(pid_t pid, NSString* executablePath, BOOL* stop)
{
if([executablePath.lastPathComponent isEqualToString:processName])
{
if(softly)
{
kill(pid, SIGTERM);
}
else
{
kill(pid, SIGKILL);
}
}
});
}

void respring(void)
{
killall(@"SpringBoard", YES);
exit(0);
}

NSTask is broken on Dopamine fyi

no

might as well

i run it under wine in macOS anyways

if you count the guys that stole the release lol

I remember looking at the nfos

@hasty ruin how do i get the nexus beta that doesnt have the anoying thing when you hold down on buttons on the LS, nexus pops up

Thoughts ? Ik its not exactly like iOS 16 but I think it’s close enough

@warped sparrow @gaunt stone

You won’t believe it

But I’m actually stealing the design of iOS 16 Lock Screen music player for a minecraft mod

😭

Huh

Whta r u gona do with it in Minecraft ?

@radiant idol what do u think?

Btw do it still halve the battery ?

huh?

Basically a Spotify player directly in mc

oh, no

it shouldn't

looks alr i guess lol

alr 🥲

I want eta for repo !

like my repo?

i dont have one but i wana make one

🙏

or il jus put it on havoc idk

or chariz

Or release it on havoc

but its far from where i want it to be and my objc are far from where i want them to be lol

Good luck getting approved as a marketplace seller

Idrk if it’s that hard but they still ask for a portfolio and various projects so idrk

Maybe others could explain if it’s easy to get in or not

oh so im not uploading to havoc bc i have none

ok il try to make a GH repo ig, not sure how to, but i started one but it deosnt rly work

Idrk maybe wait for someone with a seller account to tell you

Just steal a template

ik but idk how to make it "mine"

Fork that repo

Edit the Release file

As well as the Package file

k il try

https://github.com/uchks/repo.me

ik i have this https://github.com/TeslaMan3092/repo but dont add it yet

🙏

https://teslaman3092.github.io/repo

👍

I know but I’m actually too braindead and too lazy to read debian’s guide

That’s what I said above

.

how do i make it show up for rootless tho ?

what am i missing for this to show up in sileo ?

Name: 16player
Depends: mobilesubstrate, firmware (>= 15)
Conflicts: ch.mdaus.utils, com.johnzaro.perfectmusic13, com.p2kdev.tinywidget
Version: 1.0.0
Size: 18914
Architecture: iphoneos-arm64
Filename: ./debs/com.teslaman3092.16player_1.0.0_iphoneos-arm64.deb
Description: IOS 16 ish Music Widget on LockScreen!
Maintainer: teslaman3092
Author: teslaman3092
Section: Tweaks```

@radiant idol ?

no clue

how do i get a MD5sum, bc the other ones have it and this^ doesn't

hang on

i

du

nno

👍

dpkg-scanpackages

i have this script

k, will this work on windows?

if youre using wsl

am not

@acoustic imp try that
https://github.com/mstg/scanpkg

(idk if it works)

maybe i should read smh

thanks tho

this is still not gona work on widnows tho

read

(Windows user, see dpkg-scanpackages-py or scanpkg)

😭 ^

thx

@acoustic imp or read this 💀

um

hm

how do i get dpkg-scanpackages on my mac?

@indigo peak ?

nvm

@gaunt stone

https://teslaman3092.github.io/repo/

@warped sparrow

Has 2 know “bugs”

But lmk if it works for u

https://github.com/m1stadev/eyepatch someone stop letting me make shit in python

i mean realistically you'd either being doing python or c for something like this

Tru !

fuck brew (the package manager)

that's all i've got to say

pour a glass

it works tho 🤷‍♂️

TIL

what else is there?

sbrew

brew but in swift so it doesnt run slower than a 486 trying to compile gentoo

Procursus

But u gotta be in the know for it

Is there a way to fix this hook from doing this
`%hook SBFullScreenFluidSwitcherRootSwitcherModifier

• (Class)_defaultMultitaskingModifierClass {
  Class c = NSClassFromString(@"SBGridSwitcherModifier");
  return c;
  }
  %end`

wait why does your watch app look like that?

theme

oh

These animations are too fast fr

Not iOS like

!

gm

gm

is there a fat bootstrap libraries? arm64+arm64e?

i think procursus only comes with thinned libraries?

also, will arm64 binary runs on rootless fine? (never use a rootless jailbreak before)

Senri code A4W2XJ6JMWHDW9PYCWMY

thanks gamer

free coupon

as opposed to

paid coupon

btw if ur a dev can u just give out codes for free or do you have to purchase them

Free

🫡

no way unlimited chariz gift code generator (asking the devs)

@slender glade congrats on the release

Thanks!

I’ll be the first to purchase once the new iOS 16 JB comes out

Yup making one rn

🫡

💪💪

Rootful 🙏

I'm on serotonin so im assuming you mean dopamine or anything newer

ill try the ts method

Yup

who

oh idk them

nvm

I’ve shown extensive proof to her that I’ve not copied her tweaks, frankly this is none of your business and your intervention is much as useless as whatever you contribute to this community anymore

You’re upset more than the people who were affected

I hacked into the accounts of 2 discord mods

And I dumped their DMs

Not sure why you think I’m ashamed of this

And I’m sorry for changing my name as my identity changes

Perhaps you could’ve screamed at me for this in DMs? Or I guess just be like last time and delete every single one of your DMs once the conversation was done

It was 2 years ago and I don’t really care anymore (no one actually does)

If you say so lol

if you think they were really that ambitious about leaking things wouldnt you have considered antoine couldve had a message logger installed?

Don’t interact

true true

What

Now this is just slander and lying

https://github.com/NSAntoine/Antoine

yea um ill just leave this to you guys

The entire thing, head to toe is open source

byebye

You don’t care for the sake of those who I hacked or anything to do with morals, you just came here to waffle lol

I’m done too I’m gonna go on the bus in a sec

I do have a sense of regret for what I’ve done, I’m just not ashamed and don’t try to hide it because it’s just something dumb I did at 15 that everyone moved on from

If you’re lying about me installing a message logger what is making you speak about morals 😭

?

Why would Antoine log discord messages

are you dumb

???

They were clearly talking about the software

Antoine is not a discord message logger

Ok! And where would I install the message logger

Are you dumb

unless youre willing to say that discord messages are all NSLogged into the console by discord

I’d assume you would before you speak on any of them dumbass

maybe they’d do this in the future #incompotency

lol

Okay sure

lmfao i wouldnt put them up to that bc logging every message like that would be HORRIBLE for perf

theyre dumb but not that dumb

You know they used to add like 800+ UIGestureRecognizers to every DCAvatarView it was crazy

your argument was that antoine that the same name as a "discord message logger" which is incorrect. please get your facts right before trying to argue like this

Don’t interact

I appreciate it 🫡 but ignore them

yea i have to go for realsies now byeee

I ain’t read half of this but by this logic everyone should be in prison forever because they have a history of doing a crime

Do people not reform? Do people not deserve second chances?

Watch out if u use my PRISON software gremlins will crawl out of your ass

Oh

I want an official control center API soooooo bad

a discord user lived in a low trust society for their entire life. this is what happened to their brain.

So do I

They’re clearly running out of ideas so idk why they haven’t done it

Because they don’t want antoineware

💀

im not even part of rjb i only started being active here recently

your message was ambiguous

either way lets end this here its a pointless argument

@native dune @shrewd smelt hit tweet https://twitter.com/coreserena/status/1746160166607708630?s=21&t=VDAjphbfWMLnkC85ldm9mA

Nice!