#development

Ղարաբաղը հայկական է

😭

sig digs go brrrr

sig digs

'murica

i feel like you're gonna dox yourself in one of these

nah

I've already doxxed myself

all my personal info is on my GitHub page lmfao

write all of it

stop

n o

ok fine

i did not need that info in my brain

ok here's one development related

Fire Weather 🔥 😎

idfk what fire weather is

me playing leaked TOTK be like

another development related one

@indigo peak idea for bird poop, with ur like custom mesage thing

not birdpoop but yeah go on

shit I almost sent an image of my license plate

@indigo peak send an image of ur handwriting

i wanna see

uhhhhhh

hang on

so like when you are about to send it(a game, move) make a alert view pop up eith the text that it will auto send with in it, then user could just eddit it or press send

go do your spanish hw

there was water on my screen it started recording my voice and uploaded it then wouldn't let me delete it because of touch feedback

hey guys look

good idea but no

my exact location!

!!!

thats math

show some written stuff

like

a sentence or something

1x+2x= you're mom

I did it wrong on purpose

I don’t have a pencil or paper w me rn

smh

I’m at the gym buddy

opinions

why don't I have a singular image of my handwriting

I hate macos

haha L macos

@acoustic imp so what’s your idea

@indigo peak

wen eta XCode for Linux

fr

I mean

I can just use

https://looking-glass.io

i aint readin allat

oh wait it only supports windows

a

when user go

make alertview

pop up

text = what it would say

user goes

haha i chnage

they chnage

hope not fr

then press ok

OR

they go

ok

send

what is zefram

with default text

darling supports the command line tools of some older xcodes

@grave sparrow

me wishing reactOS was completed

oh ok

sounds boring

can it fix wine

wine is open source

can it fix AppleHV on ryzentoshes

it will give you AppleHIV on any system

actually

I wonder

if

reactOS is fine for development

3/4 done with spanish hw

when i cracked rosetta injection i felt like a god

good times

have an m1 project in the pipeline

I hate macos

wine literally is borked

zefram experience

rosetta

imagine having an ARM mac

😭

apple silicon 💪 🧊

I have both

I want one

except I have no moolahs

#get used M1

pretty good deals for refurb m1 pro

no like

I have $2

I really want that want M1 macbook pro with touch bar

this one https://www.ebay.com/itm/116059657499

well except not with the damage

but ykyky

just get a M1 pro and Frankenstein it

no scren

pro is way better

I like it tho

my dad had an intel mac with one

I really like it

I like that because thats what Im used to

I came from the t1 mac

huge shitbook

lel

butterfly and og touchbar

terrible machine

I'm running an intel hackintosh T480 as laptop, and ryzentoshed custom machine for desktop

(T480 is nice, it's just really slow, cuz its old)

take all the overkill specs of 2020 excluding gpu thats my ryzentosh

my ryzentosh is overkill specs of 2020, GPU-Wise

CPU wise it's normal 2019

its a waste for gpu don't need much to run mac at 4k

My GPU was a hand me down sooo

I bought it on ebay for 80$

Radeon RX 6800 XT

I want a real macbook

not my stupid hackintosh

yeah basically

easily top 3

not an argument for that

don’t sleep on goodbyes

true

nothing after 2020 should be in the top 3

ehhhhh

barely an exception

THOUSAND BAD TIMES MENTIONED

🗣️🗣️

bro I love Hollywood’s bleeding

like the whole album

hmmmmm

for me, no order

hmmmm

Circles, Better now, goodbyes, stay, sugar wraith, congratulations, take what you want, die for me, thousand bad times

something like that

now do the same for Eminem

Eminem was my top artist for like 3 years straight on Spotify

do you listen to any new shit or just old

makes sense

https://open.spotify.com/track/4xs1uoAjiWAEecX9yKGSF6?si=phZ85aepQ8mpUoBVQ1kqJQ

slaps

(newer but one of my favorites)

🗣️🗣️

def not

yes

good rephrase

ok but hear me out capt

I know your favorite

of all time

coldplay

Starboy & heartless at 100% volume >>>

FR

capt you’re supposed to be making some shit we’ll make fun of

get to work

we don’t not pay you for nothing

so many 1s

shut up gir

rxtard

real

you have to enable it

in Watch settings

and then press the crown and side button at the same time

what’s annoying tho

is that screenshot action is the same as pausing and resuming a workout

with the library stuff? i went a different route

oh well yeah that's standard

mach ports arent standard? wym

they are part of macos

tbh I use the screenshot all the time to record time's

like if I'm starting work, screenshot, and then when I have down time I can put the time in

anyone know what would happen if i tried symlinking a ct bug signed binary on a usb mountpoint on a low storage device as a means of running an app off of a usb drive

e.g. i have a 64 gb ipad on 17.0 with trollstore and am curious if this is possible

if the new CVE (2024-23208) runs using sockets and whatnot
whats to stop someone from making a new implementation of PhysPuppet from KFD or SockPuppet for actual krw

or am i just dumb

obv i know its easier said than done

but reading the writeup for kfd, it didnt seem that bad

it's just a UaF, it's not a physical UaF

zone allocation changes make this very hard to exploit in modern versions iirc

https://x.com/binary_fmyy/status/1753405768672661835

and that's from the reporter

so after kfd they implemented changes in zone allocation?

or am i misunderstanding

no, kfd didn't affect it

the class of exploits kfd uses are physical use after frees

zone_require happened in iOS 13

oops

anyways

this new vuln is not a physical use after free, it's just a normal one

zone_require is a protection against normal ones

and assuming both SockPuppet and PhysPuppet were both physical after free

sockpuppet isn't

physpuppet is the kfd one right

yes

physpuppet is a puaf

in fact apple even did a blog post on how sockpuppet's reliability would be affected by zone_require

drops from like near-100% to 8% or sth

i think physpuppet has phys since it is physical (as compared to not physical)

but then again, if zone_require was introduced in iOS 13
and SockPuppet was an iOS 12 thing, obv it would be different

PUAF is an acronym for "physical use-after-free". As opposed to a normal UAF, which stems from a dangling pointer to a virtual address (VA), a PUAF originates from a dangling pointer to the physical address (PA) of a memory region.

you know the difference between physical and virtual address right

yes

yea

at least kind of

zone_require is a mitigation at the virtual address level, basically

physical != slide

virtual is slid

right?

well

it's not slide as in ASLR/KASLR slide or anything like that

it's just a addressing layer on top of the physical memory

alr got it

where's capt when you need him

anyways

busy figuring out how to make zefram better (he's adding more bootloops)

with virtual memory, you can divide it up into different zones

so this zone is used for socket objects, this zone mach ports, etc

ohh

makes a lil more sense now

zone_require stops you from transferring an object in one zone to one in a different zone (because generally you're not guaranteed that your UAF is going to be in the same zone as your next level of exploitation)

https://www.corellium.com/blog/using-corellium-kernel-hooks-to-disable-exploit-mitigations#:~:text=and run it%3A-,zone_require,-In iOS 13.0

explained a bit more here

physical use after frees are at the physical addressing layer though. so you can just do shenanigans until that virtual page ends up at that physical address that you have control of

at least from what i understand

this should be covered more in https://github.com/felix-pb/kfd/blob/main/writeups/exploiting-puafs.md and https://github.com/felix-pb/kfd/blob/main/writeups/physpuppet.md

as always smarter people feel free to correct me bc i sound like i know what i'm talking about but i don't

real

this is a LOT of reading

but is also interesting at the same time

so i might look into this further

at least on a research perspective

Hola ese

the shenanigans are better explained here

https://github.com/felix-pb/kfd/blob/main/writeups/exploiting-puafs.md#what-to-do-after-a-puaf-exploit

ok im def reading more on this tmrw

ty

as long as everything you said so far was correct, you did a good job explainign

it's probably mostly correct with the finer details of the latter parts being maybe questionable

don't have much experience with the lower level stuff

neither do i

i uh

barely know what a pointer is

so

yeah

One Day™️

oh yea learn more about memory and stuff

i feel like theres some holes in my coding knowledge

like i made a framebuffer writting app

managed to get my own offsets in ida

and then i cant figure out how to hook a C function

i mean

with a hooking library or your own code?

with a lib

oh

i mean its an overexaggeration but you get the point

yea

um wasn’t that a different thing

https://security.apple.com/blog/what-if-we-had-sockpuppet-in-ios16/

somewhat

bro 😭

iphone flip 15 👍

@indigo peak physical memory and virtual memory are different things, aslr is another thing on top of virtual memory

when you talk about slide it's ASLR

like i’m not 100% sure about this because I just watched some youtube but the diff is that virtual memory is another layer of abstraction for applications that divvies up physical memory to every application

oh now I get it

thanks 🙏🙏🙏

were there any kr/w exploits written for iOS 14+ that use a uaf vulnerability

there has to be one

multicast_bytecopy?

https://github.com/ModernPwner/cicuta_virosa

also mcbc i think yea

both of them use ipc_kmsg

anyone here who can help me with args for an app

incomplete version

of it

I mean, technically checkm8 gives you kernel r/w

as in incomplete backport

the offsets were wrong and i believe the cleanup function needed some work

oh ic

no I just have a skill issue understanding how stuff works so i wanted to see how other stuff worked

doesn't amtter the ios

it aint rlly hard once you do it for a bit

i realized i dont like sec research

so i stopped

why didn't you like it

the starter tool that everyone recommends you to learn how to rev (ghidra) is trash

lol

i shared a binja license with someone

so i moved to that and it was a much better experience

2. its hard to get into sec research in 2024

it can't be like the tooling sucking or something

like what sucks about sec research for you so you stopped

now everyone mitigates everything

oh yeah

esp in apple's *os

pre-ktrr era of iOS (iOS 9 or so) would have been the perfect timing

3. assembly is hard

i feel like most researchers are experienced people who started off early when it was easier to pwn iOS lol

me chilling on x86 macOS

i would usually use the binja C decompiler and when i absolutely had to i would use the disasm

its mid tho

Does the compiled Poc made by halo https://github.com/fmyyss/XNU_KERNEL_RESEARCH cause kernel panic on A17 too I tried compile it to see if it could cause a kernel panic on mine but I kept getting Thread 1: EXC_BAD_ACCESS (code=1, address=0x0)

4. information of stuff (like new mitigations) is all private knowledge on how it works/etc now, starting in iOS 15+

it works for me on 17.0

On A17 ?

16

shouldn't matter

Idk who this dude is but he said he couldn’t get it to work

I talked to him a few days ago

yeah I noticed public info on exploits are now all private or so outdated

why though'

its annoying

get good

thanks

its worth more then it was ios 9 era

I’ve lost faith in google at this point there never gonna do a write up on the one they found

i read about evasi0n6 & 7 bugs and it's chained with like 20 different bugs

do you think learning from older stuff will make it easier to get good at newer stuff

the closest we have to dat is the codesigning bugs from taurine lmfao

It might be easier to understand newer stuff if you understand older stuff + how said older stuff was mitigated

So you understand what xyz barrier is and how it came to be

kernel only like 3 bugs the rest is the userland stuff because app installing did not exist until 9

free dev cert came out in 2016

Can someone explain Sptm to me , my understanding is it’s a new security measure in A17

@granite frigate what i did was i wrote my own "developer" jb for 14 - which just straps a proc binpack with ssh

it taught me a lot

and made me realize fuck jailbreaking

real

what are you cooking now tho

im tryna learn OpenGLES i want to make my own game

(I feel like I am missing some context on who this person is)

someone who use to hang out in hack different 2021-mid 2023

wait before you started making it did you have like a lot of prior knowledge

Several names come to mind

or did you just wing it

i want to make a jb for ios 11 because I don't want to use electra

Honestly even if you cobble together code from different places

I don't want to do that

like that's what I want to avoid

Often times you'll end up debugging enough to learn what it does

iOS 11 lowk useless to learn to hack future iOS versions

IMO

because I can paste code together i won't learn anything

I guess

It depends on your approach to stuff

@timid furnace will test compile your PR today and maybe just get everyone to test a new TrollStore build

Just in case it brings around any issues

(Which i doubt it would)

Nice

Pro tip diff fastpathsign with latest ct_bypass, inspect and adjust the file as necessary

And then diff fastpathsign with choma pr

Makes it easier to identify what changed

Yeah i forgot it existed twice the other day and spent like half an hour figuring out why my TrollStore changes weren’t working

Lmao

no way that PR looks awesome

i can throw in any app binary and it'll sign according to that app store cert?

Arguably Ts should be redesigned to just use ct bypass from the submodule directly

Well

Rn the app store code directory to use is still hardcoded

But you can take whichever one you want and replace it

And it'll work

@granite frigate if you want to get into that career path/hobby though i would get a binja license with the student discount ($75), use https://github.com/0cyn/ksuite or binja_kc, and mess around with it and figure it out on a symbolicated 16 kernelcache

i personally learn from messing around with a language creating stuff with it then trying to learn the language

how do I symbolicate a kcache

There's not much of a point in using your own code directory except for two things

• app store cert expires
• macOS support

Esp since it was figured out you can use any team id

I suppose

you dont symbolicate it

Partially

^

I can't like "add" symbols to a stripped kcache?

I mean that wouldn't really make sense ig

Only through manual analysis

ok nvm

which beta is that

oh so it's a secret

Why draw attn to it

i thought everyone knew that

my bad

the question is; are you ever gonna release it

after the memes

zefram

you can buy cheap ones off eBay, I bought mine for like £250

@granite frigate do you have experience writing C/C++?

C++

never again

learning C rn

i don't know cpp

are you actually learning it tho like how strings are memory values

don’t even go near cpp

blah blah blah

it’s horrible

strcpy is death

like pointers, some memory management

do you know how to create unsigned pointers on ARM?

no lol

not that hard tbf

noted

the function is just uint64_t

I don't even know how assembly works

lol I don’t know much either

severe skill

I know 0 arm asm

I know extremely little x86 asm

And unfortunately I know mips

can’t wait for Y10 so I can finally choose what I want to do in school

Fuck mips fuck at&t syntax

instead of doing random shit

obviously its entirely programmer dependent

i know the bare minimum linux arm64 asm

if the programmer said its signed, the signed asm instructions are used

Signing in this context means pac right

applies in both cases

pac an literal signed vs unsigned

they are completely different concepts

same applies, programmer decided

still didn't specify what you were asking

facts

intel syntax clears

16.7.4

16.7.4

POV : I test stuff

No %orig

Good job you spotted it

Why layoutSubviews

because I have no other choices ?

layoutSubviews is called a lot, there is usually a more efficient method to use

in my case there is not

Could you not just hook the setter of context

I have tried

no results

but I have found a better way for this

but I still need the layoutSubviews

is it not just ellekit or whatever

trol

https://media.discordapp.net/attachments/688122301975363591/1084316846863421520/zeframdemo.gif

does it not do the same thing

same functionality

what differentiates your product from the competition

so can it do things ellekit can't

so then what are those things

oh cool

yapper

ok but do I need to disable SIP

that swift hooking would be really interesting

you forgot to link the #development chain

كاب

memes got to your head

yes

cringe

how do i update a hook that they changed the name of in a new ios without breaking it for older versions

proof ？

o lol

anyone know if that would work tho? symlinking a binary to external storage mnt point to save space?

Hmm

ill try it later

well ive got a 64 gb ipad and am curious if i could save space with the binding of isaac app. by doing so

idk what the storage makeup is like tho

Hi

Hi

Whoops

I already said that

Are there any Asahi devs here

unlikely...?

Oh

Group hooks

o ok

ae i have to figure out how to get this working first tho

how exactly do u use it?

%group ios15

// Your hooks

%end

%ctor {
  if (isOnIO15()) %init(ios15);
}

got it

yup

more fleshed out example:

%group iOS15Abc
%hook Abc
// do stuff
%end
%end

%group iOS14Abc
%hook Abc
// do stuff
%end
%end

%hook AlwaysTheSameDef
// do stuff
%end

%ctor {
  %init; // initializes stuff not in a group
  if (@available(iOS 15.0, *)) {
    %init(iOS15Abc);
  } else {
    %init(iOS14Abc);
  }
}

hope that helps

I'll also add this : https://theos.dev/docs/logos-syntax

ae they completely reworked it

i cant figure it out rn

What are you trying to mlake ?

trying to fix my lock animations tweak on ios 16+

i tried getting it to work with a few different functions but it didnt work

you will make it work on serotonin

https://cdn.discordapp.com/emojis/803337858818768967.png?size=48&quality=lossless&name=A_HuTaoPat&quality=lossless

if i can figure out how

easiest way would be to straight up symlink the .app folder

i dont have a usb or adapter w me so ima test if it works just to my documents folder

Isaac

real

patiently waiting for icleanerpro to be a thing on serotonin

smh

the terminal version works

i cleared like 20 gbs two days ago

that's uhh

probably not going to work

idk newterm is limited to roothide fs so i cant try it rn

hungry also

ill try later

even without roothide it would be an issue

because there's only a few places execution is allowed

documents isn't one of them lol

that makes sense

also it's not actually limited, it's sorta how roothide works
to access the real rootfs instead of being in jbroot, cd /rootfs

i know it isnt limited but im on my lunch break and didnt care to elaborate lol

but ty

I hate to tell you this

I've tried this on 17

aw

The binary would not execute

that isnt too surprising

glad to know you tried it though

although for the binding of isaac i think the heavy stuff are just the data folders and not the binary

so i may still mess around w this

not surprising since a symlink just points you elsewhere
and you can't execute anything in /var unless it's in a bundle

Sandboxing would forbid it

I couldnt even set the exec bit on it

oh

I was using an hfs usb

@warped sparrow

kixrd come here

teslaman is going to touch you

So basically my tweak seems to have broken a jb

Hey

Hi 👋

Wdym

@indigo peak , pleas help

anyone knows how to actually implement the PPL bypass we have in exploit code? working on bringing PACMAN support to iPadOS M1 SoC's via krw however i have no idea on how to do it :/

L

i think it was ur code tho

oh

sucks

womp womp

😭

this thing

ok and how does hat break your jailbreak

idk its my guse

ask @warped sparrow

all it does is checks if a file exists

🤷‍♂️

https://cdn.discordapp.com/attachments/1196864923200921630/1204507143253000292/TESLAMAN_FIX_YO_TWEAK.txt?ex=65d4fbb1&is=65c286b1&hm=2717f4de01bb9c93949f22d8e743678fe2fab3a03f2ca5d3dcbc19e1a735a5f4&

i opened this chat and this was the first thing i saw

i regret coming here

lol

This problem goes away if i change initWithSuiteName from @"com.apple.springboard" to some other one like @"com.apple.Preferences"

(And change the key too)

@naive kraken @sonic totem so sorry for the tag but do you guys have an idea why that may be ? Does springboard preferences have some sort of protecion or someting ?

@timid furnace can you help me try to fix mine an @warped sparrow JB, my tweak seems to have broken them

mine seems to be fine now but kixrd's isnt

hes stuck in safemode

even after he removed my tweak

how are they exiting safe mode

and what jailbreak is this

meowbreak

and idk how they r respringing

@warped sparrow how were you resprining

hes got an iphone X

Using sbreload

@timid furnace

no

And whatever ellekit uses to respring when you press exit safemode

I trued both

Tapping on the status bar

the only way to exit safe mode is from the status bar

And pressing the button

Yeah it didn't work

uninstall your other sb tweaks

he treid disabling them thru icleaner

Wait

but it didnt work

I disabled

But used sbreload

Lemme try statusbar

My JB is good 👍

It worked but wtf is causing safemode

ok

now do what you do to get back in safemode and

sed the new crashlog

thx @timid furnace

AppData.dylib

what is that

Oh lawd

Alr lemme remove it

i just use it to downgrade apps

Because no rootless appstore++

Please dont judge my tweaks i got all sorts of crap installed

@slim bramble 16player didnt break kixrd's jb

use the app

isn't there TS appstore++

there is 😭

yea that what i meant

yikes

Your tweak still fucked

Only if it had a search bar

It would be good

yea i have a feeling it was that line

I got too many apps

it in alphabetical order

Didn't work

I removed it

Then used ellekit to exit safemode

removed it how

u used status bar?

Through sileo

Yup

bruh

whut

you need to reenable in icleaner before removing tweaks

otherwise it doesn't get cleaned up properly

i didn't disable it in icleaner

anyways, send the new crash log

alright

@timid furnace are userspace reboot suposed to take a long time?

mine are like 2+ mintues

but i do have alot of tweaks

lynx

@timid furnace

oh what

hold on a sec

send tweak list

i think i've seen this before

what was the casue of it before?

Nah

Shit i got a few pircay installed

its what ever

what foxfort tweaks do you have

Translomatic

and uhhh

I think thats it

jus search fox in sileo

Yeah thats it

Translomatic

Krashkop

hm

just uninstall tweaks until it works

😭😭

there's no fix atm

?

need a jb update

oh

do you know what the issue is?

hooking stuff causing page invalidation

ah

try to get rid of anything related to Shortcuts first

like tweaks that run shortcuts?

Like Apple shortcuts?

yes

I dont think i have anything related to shortcuts

¯_(ツ)_/¯

What would be related to shortcuts

ok then just get rid of anything doing C hooks

Uh

What would use a c hook

I know nothing

like what tweaks?

how am i supposed to know

Whats zaire.dylib?

@warped sparrow send tweak list

Alr

https://pastebin.com/raw/YzDUQaF0

@acoustic imp ^

Use /raw

Press it again

@acoustic imp

Its disabled

thru its prefs or choicy

also you need to remove it

Icleaner

remove from sileo

Oh no

The version im using works

like no safmode

So it aint that anyway

just remove it

Alr

@timid furnace could you help me try to get this down. Iv already tried backup, icleaner, phone factory reset

TWEAK PLZZZZZ

I WANT THAT

its misaka

oh 💀

oh its removed to

@radiant idol you should add this to onesettings or make a tweak to show it

@slim bramble you could jus chnage the file

sense ur on ios 14

but it might f other thing tho

It was fucking a-font

ohyea a-font has C hooks

dont use afont

use like misaka if you really need it

is that real lol

i'll take a look

perferably seperate tweak

orrrrr

snowboard

how

tell me

the haxx

for fonts

oh 😭

you use the fonts extension with font debs

how do you think i have my font

I thought you were referring to smth else

any way to tell why a tweak is hanging spring board

or casing a respring loop?

still stuck there ?

no, i added/chnaged sm

its like with urs

my idea is probably remove hooks until it stfu

sigh, why cant my phone jus be normal

oblit_in_progress=5

real

It was this

stupid artfull comptability shi

@slim bramble all good 👍

i was being dumb

@radiant idol does adding things to the %ctor increase time ?

ctor is init

when the tweak is first loaded

it is ran once

until respring is restarted

hey guys just wanted to show yall my first ever ios application hope you like it https://springo.vercel.app/

nice, is the code open source?

inb4 discord token logger

how hard is it to make an a tag for a button?

i knew i forgot something

tbh i'm insecure about my code and stuff

and i also don't have access to my macbook rn

lmao

but trust me i'm surprised i even achieved this

i have literally no reason to put anything malicious inside it

and also the knowledge lmao

we all are

get over it

nah jk

it is confirmed to work on iPhone 15 17.4

i'm very happy rn

lol

so yeah if people trust me i'm really thankful to them

if not then not

i respect it

nah I’m just messing with ya

funfact: i used chatgpt to help me mess around and find a glitch or smth to get it working

oh okay

it's actually storyboard lol

obj-c

icraze lurking

not me

As usual

@sonic totem is it a bad idea to make my jailbreak support rootful or rootless

because it shouldn't be that hard to add rootful support

Rootless

Just go with rootless

Less to clean up if someone screws it up

fair

make a patcher fr

well I meant

make it a user option

ik

i said

like a switch

rootful -> rootless patcher

no

why

anyways time to install different wifi chip so I can use windows 8

@ somone, how can i make a subview have a property on its superview. the 'superview' is also a view i add

like this, the %hook'ed 'UIView' is a view i add

mb for @

so if you already know what's using the space then why not delete stuff like logs

lol

the logs are like 1GB, im saying ios only knows about like a few GB

so other stuff is jb or sm

well ios knows about more because how else would it list it

it can get very large without a jb ever being installed once

your jb is not to blame

JB folder is 3GB so its abit but it could also be random on thing tweak put in /var somwhere

but tweaks or sm TS thing could be

sounds normal to me
i mean a bootstrap+tweaks+themes

ik but the 3GB + what 12GB ioas was reporting doesn't equal the 30 it says

ts apps should appear in the list like user apps tho

they still have containers

ok yes but not all TS apps exist in just theri containter

what’s the difference between iOS 14 and iOS 15 tweak development? is there anything that would prevent an iOS 14 tweak from working on iOS 15 as long as it’s rootless?

any way i can like see what folder are taking up the most?

i mean IOS 14 and 15 are different like any major IOS version chnage

ncdu (if that even is compiled)
df
or filza but that's probably a bit slow

of course there is
ios 15 is an entirely newer cfversion
libs can be deprecated, methods can exist in other places, headers removed etc
rootless is one thing, actually having code that works on 15 is another

how in filza?

apple's methods are funni

iirc you can tell filza to calculate dir sizes and then just sort

thats anoying

can i just get a cli that shows all the folderd and how big they are

i gave you two commands

and i did say it would be slow

easiest is ncdu but there isn't a rootless one that i know of

there is

filza → sort by size → search rootfilesystem

idk

its on procurse jus installed it

yeah that's what i suggested as well lol

hm I'm looking for this in FLEX

cant find it

it's not going to be there unless releasetype is internal for systemversion

lol

just hook settings when it reads the plist ig

well I was assuming there would be some BOOL there

well maybe
but that's going to be in some function somewhere

hm probably

header dumps?

nah

this is not 64GB

it's gonna be part of the settings binary i'd asume

im too lazy to put it into IDA and see

🧢

ncdu lying

can ncdu even read all the dirs tho

would have to run as root in that case because mobile can't read all

ohh

jb is 4.2gb *

1.3 GB for mine

3.4*

me when pinamine

whats this ?

this is sorta self-explanatory

also nice piracy

media from itunes store

ohyea, i should delete that

ok, but why is it 7 GB 😭

look in it lol

i was referring just to purchases

its just like a bunch 50MB ish folders

also photodata is photo metadata and the database for photos

@faint stag everything seems normal but then why is sys data saying there is like 20GB of nothing?

tbh even i myself doesn't know what it's counting as system
but, you can take a good guess if you do some math

even if i do the math that still doesn say what or where it is

yes but you can eliminate things

ik what you mean but like even then it still doesnt add up to 30GB

it's probably safe to assume that it includes other partitions too as system

ah

can i check thoes on rootless?

yeah

ofc

where r they/how?

just run mount

or df -h like i did

note that sizes are in SI units
var is pretty much going to be the same size as the disk minus iOS itself
wait, you only have 402mb left in var wtf

well, to be more accurate, 402mb left for /private
since both preboot and var are mounted there

your issue lies somewhere within user data then, since we already established that jb is like 4gb

ok where should i look tho

and with what

install du

iOS itself (mounted at /) is 7.5gb
/usr stuff is like 4.2
subtract those from the total of 59 and you get 47.3. just about the size of private

yeah that's what we're using, though they also have ncdu

just du -h /private
should list a ton of stuff in order

it did

start from the beginning of it

You can pass that to sort can't you?

du -sh /private/* | sort -h

i cant scroll

i think -h is already recursive

-h is human

no i meant the output

but ik

s is summary

So it's just the ones you say

-s is summary so the resulting output will be each folder in /private

more manageable

alot of this

Someone needs to port kdirstst to iOS

expected

because sandbox

this is really slow

so im missing like 15gb

what is using that 15gb 😭

@faint stag how can i like see?

no

now run ```du -sh /private/var/* | sort -h

du -sh /private/var/* 2>/dev/null | sort -h
not required but extra steps just to exclude the errors

lol

still mising my 15gb

what 15

/var + /preboot = 35GB ish

so its really more like 25GB

35 - 60 = 25

ios itself is 7gb (base rootfs) don't forget that

but still, theres alot of storage left on the tabel

close to 20GB

usually just app caches

except, that should exist in /var

one would hope

the counter from df does show private as like 47gb total and they have like 401mb left

@restive ether ?

@radiant idol if i dont **need **to use media remote api should i not?

like should i try not to use it?

the less api's, the better

usually

ok 👍 , no more media remote API 🎉🎉

question

if the `image' is going to ever be nil and this method get called, it still run the if statmeant thing as 0 right?

?????

like if the "image" is nil, it will do the else?

depends on whats in the actual if

ok

so if i want an action for when its nil i should have a if(image == nil) ?

if (!image)

so then this is fine?

Just like play a video on iMessage I'd doesn't have an image

talking to teslaman is like drinking ten shots and then trying to have a sensical convo with someone

oh yea, i should just test it

.

Works great 👍 just need to smooth out the fade animation

@radiant idol why is it like being choppy/jumpy?

[UIView animateWithDuration:0.5 delay:0 usingSpringWithDamping:0.7 initialSpringVelocity:0.2 options:0  animations:^{
                self.artworkWallpaperImage.alpha = arg0 == 1 ? 1 : 0 ;

        } completion:nil];```

this should work right?

im gon

d

doidfakrho;e

i dont

know

wokfep'a

also i should do = arg0;

im dumb

Apple drinking poison

that one jb

iOS 17 barely tries on the animation btw

this is so deep wow

How do I MobileGestalt?
MD5 MGCopyAnswer{hi} -> then base64 it?

Guys i cant read and change keys from com.apple.springboard. But other suites like com.apple.Preferences work fine

Why ?

Ok, I should Try on the animations

dlopen the MG dylib and then dlsym MGCopyAnswer, it's signature is CFPropertyListRef MGCopyAnswer(CFString str);, so type cast it to a function pointer of that type, and then to base64 it, you'd want to cast the call to it to a CFStringRef, and then google how to base64 a CF/NSString

typedef CFPropertyList (*CopyAnswerFunction)(CFStringRef);
void *gestaltLib = dlopen("/usr/lib/libMobileGestalt.dylib", RTLD_LAZY);
CopyAnswerFunction MGCopyAnswer = (CopyAnswerFunction)dlsym(gestaltLib, "MGCopyAnswer");
CFStringRef answer = (CFStringRef)MGCopyAnswer(CFSTR("YourKey"));
// now you have your value in the answer variable. do whatever you want with it

I'll yoink that rq

https://newosxbook.com/articles/guesstalt.html

I want the books so bad

but im not paying 70 dollars

and im not pirating online either

W

https://github.com/ixty/xarch_shellcode
i have seen this project for linux, which seems to work even if it is very old, do you know if there is something similar for ios/OSX, the idea would be to create a Mach-o and to be able to convert it into shellcode. do you think it is possible ?

i've sideloaded a decrpyted ipa to a jailed iphone but the app crashes there (even with nothing injected into it) its just the vanilla ipa basically. what is the issue? it seems that it crashes because of 5 libswift_Concurrency.dylib 0x1a8bc7ac5 completeTaskWithClosure(swift::AsyncContext*, swift::SwiftError*) + 1 but when i sideload the same ipa on a jailbroken iphone, it works flawlessly. does anyone know why this happens?

sock_port2 and kfd will enable us to jailbreak almost all versions on arm64 devices!

Open sourced yet???!

unfortunately sock_port2 doesn’t work for all of 12

it’s patched in 12.4.1 and as such, we need kfd there too