is it possible to statically link ellekit

for once chatgpt said something helpful

Prolly a bad idea

but

but sould i use setClass or hook layoutsubviews ?

because I need to hook something, before procursus is initialized

what the fuck do you need object_setClass for

mobilesubstrate

hooking library?

what are you trying to do?

not hooking layoutsubviews

apparently he only needs to change stuff only in one instance of a class

but like theres many other ways of doing this

honestly object_setClass is more cursed than hooking layoutSubviews

I guess I can use another hooking library tho

yea, basically i want to override the positioning of two views

that's fine

you can use layoutSubviews for that

that's what it's for

https://github.com/Rprop/And64InlineHook I could probably just use this

but, the other place that would be help full is removing like little gliches in the border radius for the artowrkView

I've used it before

have fun

me?

yes

I mean could I just like

use opainject to inject ellekit before I inject my dylib

or you could just link it normally..

I don't know iOS's link paths!

@grave sparrow like fixing this

because I'm doing this before the dyld patching

what? it would work, and unless i hook layout subview to apply the radius, it does this

its a UIImageView

wait meta made fishhook??

yes

amazing

I can't use it anyways because it only works for hooking functions with symbols

I don't think I can use And64InlineHook cuz CFI/PAC

the problem is I need to hook a function before MobileSubstrate or any dynamically linked hooking library is available

no during process execution

(opainject)

nooo

I want to hook launchd

I inject my tweak using opainject

but there aren't any hooking libraries available at this point in the jailbreak flow

because I'm making a jailbreak, WITHOUT jbd because opa said launchd is the new way

why is that so damn hard to understand

cuz it’s capt

lmao

y'all aren't very helpful, I'll just figure it out myself

I literally just told you oh my god

what does this have to do with userspace reboot

the launchd hook is being used instead of jailbreakd, as opa TOLD ME that's the better way to do it

because it's what I'm doing?!

no the problem is

is this is before fakelib

I don't know iOS's link paths

where dyld searches for dynamic libraries??

oh my god

do you not understand how linking on *os works at all

you

dyld

is the dynamic linker

i think you should learn how linking on *os works

to summarize, where to find dylibs is specified in the binary

wait until you find out about rpath

questionable

ohhh

I see

sudo install_name_tool -add_rpath /var/jb/baseboin/ Jupiter.dylib

so basically just this

and it'll let it search in that path, correct

yes and no

oh does it not allow symlinks

Alot of things don't like symlinks

especially in *os, at least in my experience

here is my tweak

    /var/jb/Library/MobileSubstrate/DynamicLibraries/Dahlia.dylib (compatibility version 0.0.0, current version 0.0.0)
    /usr/lib/libMobileGestalt.dylib (compatibility version 1.0.0, current version 1.0.0)
    @rpath/CydiaSubstrate.framework/CydiaSubstrate (compatibility version 0.0.0, current version 0.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1292.100.5)
    /System/Library/Frameworks/UIKit.framework/UIKit (compatibility version 1.0.0, current version 4218.1.100)
    /System/Library/Frameworks/Foundation.framework/Foundation (compatibility version 300.0.0, current version 1775.118.101)
    /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
    /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 905.6.0)

ok i cut out a bunch of useless stuff

anyways

it will only search that rpath you add for stuff that specifically references rpath

aka @rpath/CydiaSubstrate.framework/CydiaSubstrate

otherwise it will just use the file path explicitly specified

ah

@rpath ftw

yea but that's just /S/L/F etc so pretty irrelevant

the fallback stuff is basically never used in today's world

so can I just directly tell it where the library is, because it should always be in the same place

ye

you can

generally the consensus is rpath

idk why actually

that wouldn't work because the env is already set, because the tweak is being loaded with opainject

once a program is fed the environment, you can't change it, right

so, like this sudo install_name_tool -add_rpath @rpath/var/jb/baseboin/ Jupiter.dylib

well

the rpath is the path that can change

the path after that is fixed

ohh

so. this sudo install_name_tool -change @rpath /var/jb/baseboin/ Jupiter.dylib

so i can add these rpaths

• /usr/local/lib
• /var/jb/usr/local/lib
  etc

and if i specify the dylib name to link to as as @rpath/libabc.dylib

then it will search for /usr/local/lib/libabc.dylib and /var/jb/usr/local/lib/libabc.dylib

ohhhhh!

alright

see

@rpath rocks

arguably if this is going to be for the jailbreak process just hardcode it

idk up to you

yeah lol

because if I do that then I also don't have to rename ellekit's dylib

sudo install_name_tool -change MobileSubstrate.dylib /var/jb/baseboin/ellekit.dylib Jupiter.dylib so something along these lines

/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate (compatibility version 0.0.0, current version 0.0.0) this is the line I want to change, right

you can specify a couple rpaths

and it'll check each one

at least from what i understand

I know it's used in repack-rootless.sh but there are prob a lot of other cool uses for it

never hurts to have cool features ig

which dylib? this one, right libellekit.dylib

there's multiple and idk which one I need 😓

yeah that seems to be the right one

anyone know what the panic CS_KILLED initproc exited means?

ohhh

wait

It does that because it isn't launched as debugged

I'm guessing

alright

jit

I know how to fix it lol

anyone have any clue where the dsc is on iOS 17

/private/preboot/Cryptexes/OS/System/Library/Caches/com.apple.dyld

thanks

i deleted this file and my device is buggin

please help

(i was running out of storage and this file was really big)

Sir you cant delete that

Its mounted from a dmg

apfs exploit

guys, I'm trying to send an XPC message to launchd, but it just gives me an I/O error

anyone know why

#development message

well yes I knew that

I basically just copy pasted code from dopamine

and I'm not launchd

soooo

this is literally the code ```c
struct _os_alloc_once_s {
long once;
void *ptr;
};

struct xpc_global_data {
uint64_t a;
uint64_t xpc_flags;
mach_port_t task_bootstrap_port; /* 0x10 /
#ifndef _64
uint32_t padding;
#endif
xpc_object_t xpc_bootstrap_pipe; / 0x18 */
// and there's more, but you'll have to wait for MOXiI 2 for those...
// ...
};

extern struct _os_alloc_once_s _os_alloc_once_table[];
extern void *_os_alloc_once(struct _os_alloc_once_s *slot, size_t sz,
os_function_t init);

xpc_object_t launchd_xpc_send_message(xpc_object_t xdict) {
void *pipePtr = NULL;

if (_os_alloc_once_table[1].once == -1) {
pipePtr = _os_alloc_once_table[1].ptr;
} else {
pipePtr = _os_alloc_once(&_os_alloc_once_table[1], 472, NULL);
if (!pipePtr)
_os_alloc_once_table[1].once = -1;
}

xpc_object_t xreply = nil;
if (pipePtr) {
struct xpc_global_data *globalData = pipePtr;
xpc_object_t pipe = globalData->xpc_bootstrap_pipe;
if (pipe) {
int err = xpc_pipe_routine(pipe, xdict, &xreply);
if (err != 0) {
AppendLog(@"Error on sending message to launchd! %s",xpc_strerror(err));
usleep(500);
return nil;
}
}
}
return xreply;
}

and then I just get I/O error

do I need special entitlement?

@granite frigate

is 472 correct

¯_(ツ)_/¯

What are some good debuggers that can run directly on iOS to show the unmangled assembly?

lldb

thanks

@grave sparrow

we bout to run this town

bust out the lldb goats

I'VE ONLY GOTTEN MORE FUCKED SINCE OUR LAST MEETING COUNT

TWICE THE FUCKED DOUBLE THE FALL

https://tenor.com/view/good-twice-pride-double-fall-gif-8046560

I now can't feel my arms and hands

mangling? bro is debugging swift

I’ll steal this

new safe mode in sileo

no way

Fake

What

this i guess lol

it didn't look like this before

ellekit 1.1.1 thing

oh

Can anyone tell me how to extract sandbox profiles starting from an ipsw?

i remember Corellium had a sandblaster fork to extract them for iOS 17 betas, but idk

Okay thank you very much. One more question but task_for_pid doesn't work on iOS 16 anymore?

It was Cellebrite

Yes yes I found it later I will try. Now I was trying to figure out why task_for_pid doesn't work. In xnu it says it must be a privileged process, I start my process with root, like trollstorehelper does

Oops thanks

I was trying to find it and couldn't lmao

Damn i wonder how hard it'd be to intern there

Not too difficult if you try hard at projects and make yourself known

show code

I mean coming from TS dev... how hard was it to go from making regular apps to finding a CT bug from diffing lol

It wasn’t really that though

Making apps -> diffing CoreTrust took about a year

I also wrote Achilles and published a blog post on that

this spawn with root, and then kern_return_t kr = task_for_pid(mach_task_self(), pid, &task);

can it be related to the fact that I am starting my process from inside private/var/mobile ?

the tfp code

do you have tfp-allow

yes i have this entitlements:
<key>com.apple.system-task-ports.control</key>
<true/>
<key>com.apple.system-task-ports.token.control</key>
<true/>
<key>com.apple.system-task-ports</key>
<true/>
<key>task_for_pid-allow</key>
<true/>

<key>com.apple.security.get-movable-control-port</key>
                <!-- Allows for task_get_special_port(..TASK_KERNEL_PORT..) -->
            <true/>

get-task-allow

In my process yes, the process from which I want to get the task port no

you're missing the entitlement here though

I have this entitlements

on the child process?

yes in the process run as root, from this process I would like to take the Springboard task port for example

can you try a non-plat binary

that should be the issue

a so if my binary is not platform I can't take task ports of platform processes ?

i believe so

but in ios 15 it wasn't like that. and even in XNU I don't see this control.
IN XNU:
/*

• Routine: task_for_pid_posix_check
• Purpose:

•        Verify that the current process should be allowed to
  

•        get the target process's task port. This is only
  

•        permitted if:
  

•        - The current process is root
  

•        OR all of the following are true:
  

•        - The target process's real, effective, and saved uids
  

•          are the same as the current proc's euid,
  

•        - The target process's group set is a subset of the
  

•          calling process's group set, and
  

•        - The target process hasn't switched credentials.
  

• Returns: TRUE: permitted

•        FALSE: denied
  

*/

/*

• Routine: task_for_pid
• Purpose:

•    Get the task port for another "process", named by its
  

•    process ID on the same host as "target_task".
  

•    Only permitted to privileged processes, or processes
  

•    with the same user ID.
  

•    Note: if pid == 0, an error is return no matter who is calling.
  

• XXX This should be a BSD system call, not a Mach trap!!!

you can check that with a non-platform binary

yes of course, which one do you say to test on ?

any

as long as it's not a platform binary

👁️

its beter to have less %hooks in tweaks right?

the same error

can you geteuid and be sure you're 0

that's very weird

yes

@limpid pumice do you hve any snapchat tweaks?

my uid e my guid is 0

From what other path could I start it to check if this is the problem ?

from the /var/jb symlink since that'd be outside var

do check the console app logs though, there might be a clue there

Inside /var/containers/Bundle

/private/preboot/hash/your-binary

or ^

hrtowii

you

never responded

I'll ask again; Why when sending a message to launchd the same way launchctl does it, why do I get an I/O error?

depends

but generally yes

like instde of hooking somthing just to hide it, do it from the super view wich is a "needed" hook

#import "server.h"
%hookf(void *,xpc_server_thing,void *a1,void *a2,xpc_object_t msg,void *a4) {
    if(!server_hook(msg)) {
        return %orig;
    } else {
        return 0x16;
    }
}
void initme(void *addr) {
    %init(xpc_server_thing = addr);
}
``` my hooks

lmao

i have no idea what that means

spinlock panics yay

what??

C func hooks

cause spinlock panics

they do?

yeah

why

idk if the issue is fixed on iOS 16 though

uhh

hold on

It doesn't happen to me

I haven't gotten a singular spinlock panic

I mean one or two hooks should be fine I guess

https://github.com/opa334/Dopamine/issues/274

the more c func hooks you have, the greater the cahnce

yea that

Didn't opa say it was just an iOS 15 issue tho

¯_(ツ)_/¯

like i instead of %hooking the volume bar to hide it, i could just hide it from its superview hook

i mean it doesnt really matter that much

fair enough

hMMM

still confuzzled as to why I/O errors

but

¯_(ツ)_/¯

I don't think it depends on the path, on preboot I can't write, on /var/containers/Bundle, I get the same error

don't tell me what to do

wat

it's telling me getsegbyname is deprecated

oh

tragic

make your own impl then

trolle

nah it doesn't matter it still works lol

bad

also

either use camelCase or snake_case

writingvarnameslikethisisunreadable

I don't follow naming schemes, I'm too lazy

although there's probably a VSC extension to do it for me lmao

honestly probably yeah

@timid furnace May I asketh a question

iOS 15+

this should be the official forkfix icon

question
if theres entitlements that require a dev account to sign with, and i sign with a free acc will the installed binary on my phone have those dev acc entitlements?

oh

nvm

i misread

lmao

It wouldn’t install

yea

so if its signed with a free account then the dev entitlements would be removed?

alfie can I ask u question

The binary can have any entitlement as long as the provisioning profile has them too

i meant to say if u sideloaded w the free acc then u'd have the free acc entitlements and vice versa

No it wouldn't let you install it

It just wouldn’t let you install the app with those entitlements

Sure

I tried adding some dev account entitlement and it just refused

Imagine not having a developer account

Only good use is sideloading

debatable

Do you know why when I send a message to launchd the same way as launchctl does, why it gives me an I/O error?

mf just called me out

Who said u can talk 😭😭

CGRect *rect = [[CGRect alloc] init];

(this launchctl https://github.com/ProcursusTeam/launchctl)

real

hmm tryna figure out how gameseagull for regular sideload

No idea sorry

and tryna patch the need for the team id

aw man :(

CGRect ***rect = *&[[CGRect alloc] init];

Hmm

Maybe it’s an iOS limitation

I told my beta testers it'd probably be ready this weekend but I didn't realize I'd get stuck here

bro misunderstands pointers 💔

let me be

why do you make it a pointer and then dereference it

why not

what's the point

other than using up resources what is the point

CGRect *rect = [[CGRect alloc] initWithFrame:CGRectMake(20,20,20,20)];

@indigo peak send me an ipa i can test with enterprise cert

thats the point

talk ur shit

https://github.com/donato-fiore/TrollStoreGameSeagull/releases/tag/v2.1

bro this mf

NW

Block

BRO

how can i tell if a view exsists other than like if(self.view)

web discord

Nightwind is such a goofy goober

@slender glade what is personal 3 reloaded

@granite frigate I know u did a bunch with launchd, do u know

its oop

advanced placement

remake of P3

Is persona 3 good

yes

Uh nope!

mAN!

its amazing, magnificent

bros really using discord in a browser

kekw

@radiant idol , and other than if(view with tag 888)

apparently I'm just having some weird issue!

do u have a problem

yes

if (self.view)

Im tryna get into some of those anime story games like persona and danganronpa

#development message

play p5r or p3r first

I been replaying all the yakuza games for lad infinite wealth

if (self.view != nil) or if (self.view != NULL)

p3r is on gamepass so...

bro just do if (self.view) lol

Why not 1-2-3-4-5

if (self.view) { // Code to be executed if self.view exists // Use 'self.view' within this block } else { // Code to be executed if self.view is nil }

the most objc i know

nah persona doesnt work like that

the first game is from 1994 and doesnt play out well now

if (!(!(!(!(self.view == nil))))) this is the other way that I know

mfs DRM'd the soundtrack 💀

big mistake

it's an exe

ok, this also might eb a fior/christian question but, rember how you like add your own view property to a view. Does that property only show up when you add it in the hook?

lmao what

💀

yea its a separate app

Then how tf ima know what happened first

for the collectors ed

each game plays out on its own they're not connected

Word

does persona use nexus drm

@indigo peak / @hexed knot this is a @indigo peak / @hexed knot question

97% of reviews are positive lol

yes

gg my pc abt to get bootlooped

actually over

yes
when you do %property

Ok its a @indigo peak question

only way for it to actually exist

muchas gracias

@slender glade so 5 or 3 first

because if you just define it in the interface it and try to access it, youll crash

no

itll go perfectly fine

fr

no crashes

(try it)

it will crash

ofc nightwind says that

trust me

i trust fiore

God damn bruh

60 dollars

70 dollars

Guess ima get gamepass and play on my pc

Who the fuck pirates pc games

bad idea

fr

Aaron!!!!!!!!!!

trust capt instead

Whichever u can get access to the easiest

But I’d prefer 5 royal first

even worse idea

Yea I just use gamepass lol

If i bought it id play 5 royal😛

But yea ima get gamepass and play 3 reloaded

bet

yup

Dis game is the shit tho

I bought it physical

what is a difference between task_name_for_pid vs task_for_pid?

Jus gotta finish yakuza lad then i can play it

task names and tasks are different

a task name is probably literally the name of the task lmao

iCraze can’t even put that into perception

@indigo peak u listen to ji?

only a couple songs

💀

having the task name is not possible to get the task ?

mainly this one

Type shit

Sega getting a little too excited bro 70$ for new games

the task is an object represented by a number that lets you read and write it's memory and stuff like that

that's the new norm

what task are you trying to get

well that’s too much imo

I agree but even nintendo is doing it lol

me when game quality is significantly worse and games now cost more

literally

and now it's impossible to crack games cuz denuvo

Nah im cool with the 70 its worth it in this case, just fuck them for locking new game+ behind a 15 dollar paywall

first the erode the real value of games and now they increase the nominal cost too

wen eta actually good game

getting double dipped

crazy transphobic russian women:

Oh AND some achievements are locked behind the dlc which is stupid

I would like to get SpringBoard, but task_for_pid does not work on any process even having both entitlements and uid 0

yeah literally only empress

empress the goat

but shes insane

And

u have to be a lil insane to crack denuvo

i get it

whats your ultimate goal with springboard's task?

not a liil

like a. lot

Yup

apparently

Sega definitely took infinite wealth too serious but

RGG released an amazing game

the italians are gone too

literally only empress left

and empress only cracks the games they're interested in

or games that make her popular

yeah

apparently she hates rdr2 but cracked it twice cuz it made her famous

just going to read objects in memory, I don't have a specific goal I'm just studying how ios 16 works, but I can't understand why task_for_pid doesn't work

yeah lmao

How could someone hate rdr2

Such a good game

fr

goty was stolen

my dad just bought rdr2 yesterday and he says it's amazing

Best rockstar game

I'm more of a square enix guy

Do they even make new games

I'm willing to pay for square's games

square enix needs to hire people to come with titles instead of ai

'triangle strategy'

'harvest villa'

One of the only AAA publishers I'll pay for

Last square enix game i can recall that isnt ff or some other shitty game is life is strange true colors

Amazing game

Last square enix game I can recall that isn't FF is KH3

Still waiting on updates on KH4

they announced it like 3 years ago and haven't said anything since

probably cuz they've been focusing on FF7 Rebirth

which I preordered a while ago

Damn i should replay life is strange true colors lowkey

I bought that one physical too

i've never played a ff game but considering there's like 20 it's definitely not their final fantasy

those mfs are living

Neither have I

Frl

lmao

Apparently its really good but idek what it is

Which one do u play

but I had to preorder FF7 Rebirth because it looked really amazing

Start with FF7 afaik, it's the first of the modern ones iirc

although we're on

FF XIV rn

(16)

When you submit an app to TestFlight/App Store do you send the source?

can i %group method hooks ?

good question

I mean I'd assume so

No, they just want the binary

really?

Okay thought so

Yh

custom "Lets play 8ball! message"

It’s been a while since I’ve submitted something

so real

I mean would facebook really submit their src to app store

ur him

Wrong reply but yh

oh shit uhhhh

filter

fuck

is there a list of all the initproc error codes somewhere?

True

@sonic totem is it better to do type manipulation in ida and then start hand editing, or should i do it straight from hand editing

Type manipulation?

better

fixing up types

Also imagine affording IDA

fr

ie. IDA thinks pointer is one type, it is actually another type

better

Oh hm

I just guess

no i mean

If it’s a struct

Try figuring it out by hand maybe

there's only two structs here

I take an educated guess based on symbols given

it's just is it faster to change the type in ida or to edit it in the source

1 last time

:D

i think i'll just do it in the source

Source?

decomp source

Oh

Probably in IDA

Change type and then export source

i already started editing it and shoving all of these macros into an enum for IDA is going to take a while

like if I know what types a function call takes, and it passes one of the arguments into another function, and I have that symbol

protip edit structs in the local types view

then I can easily infer the type

not the structures view

the local types view is much better

imagine having IDA Pro

Fr

I need

yea but that doesn't help me when all these constants are defined as macros

Ghidra sucks

IDA ON TOP.

alright back to crying in decomp i go

what r u re'ing

stuff related to arm64 installd bug

oh

you can create a type library ig

the problem isn't that i don't know which type it is

the problem is ida doesn't know and picked the wrong type

ghidra:

fr

ie

it thinks v82 is fat_arch*

it is actually fat_arch_64*

sizeof(fat_arch_64) == 32

that looks like a struct

that is what i mean by fixing all the types

gimme IDA

or suffer the consequences

but doing this in ida, reexporting, and then fixing up all the constants is going to take too long

so i will just do it by hand

i know what you meant

but i dont think there's a quicker way to do this

there's only 8 instances

it's fine

I've scoured the internet but apparently noone uses IDA on mac

true then

(wait I can just use wine)

Jtool

the latest version of mac ida leaked is 7.0

use 8.3 in wine

oui

I use jtool lmao

in linux everything works including the debugger

idk abt mac

I'm only on mac cuz XCode

this is a hackintosh

(wait oh no does wine work on AMD hackintoshes)

I’m only on Mac because it’s the only correct choice

yeah and I'm also on mac cuz app support of Windows, but still *nix

yuck

i use wsl for that

jtool is cool

I don't like windows

and?

how much money do you have

ida 100% discount:

abt 1.8 million on ida licenses right there

piracy

false

i paid that

you have a lot of money

imagine not using open source

Didn’t work

rip

Like it installed

But other people can’t see it

But are you sure that with fastpathsign all signature entitlements are enabled?

You have to sign with the entitlements

There’s a couple that are restricted

See TrollStore README

hackintosh

yup

someone needs to have a talk with the dev of gamepigeon

Heard he’s a scammer

Idk that’s what iCraze told me

Had to change original message

Too mean

I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing I hate diffing

yeah

Yes. I still use Wine for my Hackintoshes.

Me when CoreTrust

OkOk taskforpid is not blocked. But it doesn't work

Alfie how do I see the actual side by side diff between two matched functions from two bins in Ida

I think I’m dumb

BinDiff

Yes I have that

But how do I actually see them side by side

Do I just open another window with the other bin or what

no arm decompilers

does anyone know what happened to my ida?
i used the exact same version of ida to decomp both these binaries, one was 1-2 years ago and the other was recent
it happens on any binary now, not just this particular one

is the old one ^

is the new one^

Export the .BinExport for the two bins

Create a new diff in BinDiff

And see

oke

let me see how that goes

you could also use google's thing

7.7 arm decompiler + https://github.com/x0rloser/ida_dll_shim

🥱

https://github.com/google/bindiff

BANGER REPO

That is what we are talking about

oh lmao

frfr

Can I not view pseudo code in bindiff? :(

I can’t read asm

old binary or old screenshot?

thats the old binary in the same ida

yea

welcome to objc optimizations

get newer ida

i need crack

like ida crack

not crack drug

well

actually

either will do

someoen sent me 8.3.7 crack but idk if i trust it lmao

it is real

wtf is 8.3.7

yeah it's 8.3 lol

im slow

its .7z

LOL

8.3

😭

but ida doesn't sign binaries and all pro versions are watermarked so hashes are diff

no way to easily verify that doesn't have some juicy malware

so now to figure out what the actual diff is

run it in vm or gamble

so its actually 8.3

im just kinda dyslexic apparently

No

Best you can do is find the function in IDA and copy pseudo

guess im gambling

frfr

i need ida pro

where do i get it

like for free

You get it as part of a job

Or you find it yourself

if u can't google for ida pro u dont deserve ida pro

all the copies are for windows

it's simply the rules

i did

all for windows

i looked on the bay as well

none for mac

yeah because the latest leaked version for other operating systems is 7.0

use 8.3 in wine

k

what os ?

bro read like 3 messages above

😭

😭

`- (BOOL)isSelected {
if([vibrationDefault boolForKey: @"silent-vibrate"]){
return NO;
}
else{
return YES;
}
}

• (void)setSelected:(BOOL)selected {

  if (selected) {
  // Your module turned selected/on, do something
  [vibrationDefault setBool:NO forKey:@"silent-vibrate"];

  } else {
  // Your module turned unselected/off, do something
  [vibrationDefault setBool:YES forKey:@"silent-vibrate"];
  }

  [super setSelected: selected];
  }`

ccsupport tweak. would this on its own handle the selection ?

because it doesn't when i test. the suite is "com.apple.springboard"

or must i use NSNotificationCenter ?

@timid furnace how do i move my 7.7 decompilers to 8.3

the crack doesnt have arm decompilers

#development message

the decompilers are in plugins

hexarm

hexarm64

smth like that

worked

thanks

🎉🎉

@radiant idol

good use of snapper for the vid

gg

i wouldnt have known othwerwise

I don’t get it

What’s the point

blind

mf

captinc is typing

inshallah

🔫

(oops piarcy)

he has the funny s name tweak

Can i pirate Nexus then??

can i pirate typecentry

lmao

i wanna try to crack nexus

but i cant find a deb

and i am not paying for it

iCraze DRM is bulletproof

this sucks

its manually obfuscated to

fuck new ida

Register dump:
 rip:00006ffffd026be0 rsp:000000000041f958 rbp:0000000000000000 eflags:00010246 (  R- --  I  Z- -P- )
 rax:0000000002f38b20 rbx:000000000041fd70 rcx:0000000000000000 rdx:00000000fbffffff
 rsi:0000000000000000 rdi:0000000002f38b20  r8:00000000bfffffff  r9:0000000000ac01e0 r10:000000000000000b
 r11:0000000000000080 r12:0000000000000000 r13:0000000000000000 r14:0000000000000000 r15:0000000000000000
Stack dump:
0x0000000041f958:  00000001401218fe 000000000041fd70
0x0000000041f968:  0000000000000000 0000000000000080
0x0000000041f978:  000000000041faa0 0000000000000000
0x0000000041f988:  0000000000000000 0000000000000000
0x0000000041f998:  000000014011ff38 00000000ffffffff
0x0000000041f9a8:  00000000ffffffff 000000000041faa0
0x0000000041f9b8:  0000000000000000 000000000156a6b0
0x0000000041f9c8:  0000000000000001 0000000002f94b70
0x0000000041f9d8:  0000000000000007 0000000000000007
0x0000000041f9e8:  00006ffffd3a6928 0000000140297da8
0x0000000041f9f8:  0000000000000000 0000000140297d38
0x0000000041fa08:  0000000000000100 0000000000000000
Backtrace:
=>0 0x006ffffd026be0 in qt5core (+0x1c6be0) (0000000000000000)

wine why do u do dis to me

@grave sparrow dyk anything about macos framebuffer

how to write to it

Nice

i made an app for writing to the framebuffer in iOS but its ppl-protected

i think

either that or i suck at coding

You can do it with CoreTrust bug

Serotonin does it

PPL can't exist on MacOS afaik

Verbose boot

It exists

wait really

Yes

yah

ohhh wait I'm thinking of KTRR

i did it in ios 15 lol

Apple Platform Security Guide is wrong

Also exists

oh

oh wait

oh so appl lied to me

thats what im thinking of too

ktrr

not ppl

whoops

They changed framebuffer a lot in 16

wait until you realise you can’t create an IOSurface for the framebuffer on A15+

SPTM

No

DCP

oh

whats that

more security?

Display CoProcessor

oh

is it A15+ ios 15+ ?

I was manually writting the bytes to the vinfo struct

LOL

Idk

Just didn’t work for me on A15/16.3

tf you mean LOL

Just an L

For you

(L)OL

@sonic totem siguza responded to whatever you were talking about

Lol

ayyy I got it to work

i guess the alternative to controlling the screen is stripping down the default environment and make room for my own stuff

i hate iOS 17.0 i hate iOS 17.0 i hate iOS 17.0 i hate iOS 17.0 i hate iOS 17.0 i hate iOS 17.0 i hate iOS 17.0 i hate iOS 17.0

Yea just seen it

Not that important

Me when i had [REDACTED] but it wouldn’t work

I love [REDACTED]

!

shoo

Oh dear

me when apple changed like 2 cells in the settings app so it broke my tweak

go out of development

oh no

only TWO

???????

nexus

IDA is on crack

yes !

are you drunk again

uh huh

a14 also has dcp

and you're able to create iosurfaces on those

also for a15, it's what's used for stable krw isn't it

Wait

It might have been A14 and up that broke

Yeah but an IOSurface for the framebuffer idk

hum, idk

if anything, something broke with newer versions

I couldn't create IOSurfaces on iOS 8 and 9 either, but could just fine on 10 and above (same device and all)

spaces, dock, mission control, all have to go bye bye (though i should be able to disable most of this via hooking the dock itself)

I go bye bye

so real

fr

Can someone help plz. Cant find anything about how to use ccsupport

L

do you hardcode every cell????

what

why else would apple adding more cells break your tweak other than if you hardcoded the cell ids lol

because

those cells have been there

since

like

ios 13

but

apple only changed those two cells t use a different kind of cell

idk

its stupid

i love apple

i love being stuck in an ecosystem i cant leave anymore

😊

Get all your photos

All ic drive shit

no its not that

?

its that i cant drop another £1200 on a windows machine and another £1000 on a samsung phone

maybe when i turn 16 and get a job lol

Could this method although old work on iOS 16?
https://newosxbook.com/articles/PST2.html

capt likes men

correct

@restive ether you buying?

Debugserver with trollstore cannot be used?

i’m interested

Is this still available?

You COMPLETELY miss the point of #development . #development is not “ @slim bramble @acoustic imp hey how do I do this .” #development is not HD’s intellectual discussion. #development is not, StackOverflow or Theos server. #development is a place for people to be monsters – the horrible, senseless, uncaring monsters that they really are.
Capt types a message and we laugh. Nightwind loses his sanity we laugh.
Developer leaves we laugh, and ask for more. Weird code, swift, capt – we laugh. 1984, assembly, OOP, *phobia, and baseless hate – we laugh. We are mindless “me-too”ism; we are irrational preference; we are pointless flamewars; we are the true face of the r/jailbreak.

?

yappin

You COMPLETELY miss the point of #development . #development is not “ @slim bramble @acoustic imp hey how do I do this .” #development is not HD’s intellectual discussion. #development is not, StackOverflow or Theos server. #development is a place for people to be monsters – the horrible, senseless, uncaring monsters that they really are.
Capt types a message and we laugh. Nightwind loses his sanity we laugh.
Developer leaves we laugh, and ask for more. Weird code, swift, capt – we laugh. 1984, assembly, OOP, *phobia, and baseless hate – we laugh. We are mindless “me-too”ism; we are irrational preference; we are pointless flamewars; we are the true face of the r/jailbreak.

anyways

use my tools

i dont feel like listing them out

kthx

https://tenor.com/view/yapping-yapping-level-today-catastrophic-yapanese-gif-13513208407930173397

me asking how to do sm started the OOP thing lol

(a while ago)

You gotta see what I'm adding

"iboot patcher in python isn't real, it can't hurt you"
iboot patcher in python: https://github.com/m1stadev/eyepatch/blob/master/eyepatch/iboot/iboot64.py

eta lua eyepatcher

dn

unironically that'd be way more annoying to do

are there even be lua bindings for capstone

asm patcher

:

yes

ok nvm prob not hard then

i actually have no idea but i’m assuming someone’s wasted their time doing it

actually huge trolling: fuck capstone bindings, just require an internet connection and export disassembly to armconverter's API

that'd be so godawful slow

tf is capstone

😭

disassembler

i use it in eyepatch

(along with keystone, an assembler)

JABA

JAVA

TF IS NODEJS DOING THERE 😭

those lua bindings are old as shit they probably don't even work with 5.x

java :

aren't there java bindings in upstream

please stfu

LOL

????

https://github.com/capstone-engine/capstone/tree/next/bindings/java

their website is outdated af

very

lets update it more

their docs are also mid

need to get the ball rolling on py apple

mf i've already been pulling a sisyphus

cuz at this point I really don't want to use limd anymore

well I don't really know py all too well and I'm taking a py class this simester so that may help

dub

@faint timber you want an invite to equinox repo

sure

https://github.com/m1stadev/equinox/invitations

i wanna talk to doronz sometime about maybe splitting up pymd3 into a few projects bc it's really starting to get bloated

tss can use mine

just over 300 lines of code

super lightweight

ima move servers

does simject

still work

on M1

@next wadi you care if i archive applereleases repo or do u want me to just transfer it to you