never heard of him

your voices

the ones in your walls

He seems to be offline unfortunately

OH so thats what those were

LLL

Smh

Bolders is a cool tweak though

Props to that guy

Wonder where he went

Wait hm

average react nativer

BR is under GPLv3

Add an exception for him

https://becca.ooo/blog/so-you-want-to-ship-a-command-line-tool-for-macos/

average macos moment

Or relicense

Or

Don’t give a fuck about licenses

could I let him use a part of my prefs (which was not a part taken from another GPLv3 tweak)?

the part that was taken from Atria is in the main Tweak.xm

interesting.

Atria is GPLv3

Man licenses are hard

apple censoring criticism of it self

love

no it’s like adguard

simply a skill issue

idk what filter, not checking

someone kept stealing my code so i had to completely unlicense my code and get them to follow copyright law lmfao

if you are the copyright holder you can generally do whatever you want and dual license or re license to specific people

i love licensing sooooo much 🎀🎀

Hm ok

so yay or nay

the gpl is not above you

yayyyy!!

i alr started messing with it

arrest this man immediately

Well he can have the respiring part, idc. I wrote that part by myself, the only part that was taken from another GPLv3 tweak was the part in Tweak.xm

The rest is all my code

make sure you get a written copy lmfao you dont want nightwind going after you in your sleep 16 years from now because you stole 14 lines from BR

if the panama canal ever closes down

you know he's coming

LOL

😭

doesn’t that still only apply to commits made after the relicence

no

@radiant idol what part did you steal from atria?

that's if you relicense a more restrictive license or something

As long as you’re not a cunt or big company (so also a cunt), no one gives a fuck about licenses

because most software contracts say that it's irrevocable

nothing is stopping you from being more permissible

litten

I didn’t steal anything, I copied some code with some licensing — but it does say it in comments in the Tweak.xm

Can’t be bothered to look atm

i just checked GPLv3 it’s irrevocable @brazen timber

so its fine if i use the respring menu thing?

yeah

so you’d have to use earlier versions or something else

no

that just means if you say license to AGPL or something

Just use it no one cares

people can still use the previous commits as gpl

nothing is stopping you, the copyright holder from dual licensing as mit, or giving specific people exceptions

yea i could probly make chat gpt write it so 🤷‍♂️

oh yeah i see what you’re talking about now

CrapGPT by WokenAI 🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿🏴󠁧󠁢󠁥󠁮󠁧󠁿

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

you can offer a proprietary version alongside a GPL one if you want to

yeah no license can take power away from the copyright holder

because they are the ones who get to enforce it afterall

unless it goes public domain i guess, but that’s just a free for all

and that’s not a worldwide accepted legal concept so

then they are no longer the copyright holder

if it's public domain

@radiant idol thanks (urs is the second one) also @slim bramble sorta used ur respring thing

should i chnage it so the button opens the alertView ?

i think that would be better

Your call

__P__ortrait Mode, not “portrait Mode”

how can i make a tweak which

like i want it to

“sbreload” not “SB reload”

can i do that?

Yes!

i also probably want it to

and

can i do that aswell??

HELL YEAH

OMG

ok starting on doing

soon

LESSSGOOOO

im so confused

did i miss some messages

am i lagging

💀

@radiant idol fix my makefile

No

after-jellyfishd-stage::
    $(ECHO_NOTHING) rm $(THEOS_STAGING_DIR)/Library/LaunchDaemons/com.fiore.jellyfishd.plist$(ECHO_END)
    $(ECHO_NOTHING) mv $(THEOS_STAGING_DIR)/Library/LaunchDaemons/com.fiore.jellyfishd.rootless.plist $(THEOS_STAGING_DIR)/Library/LaunchDaemons/com.fiore.jellyfishd.plist$(ECHO_END)
    $(ECHO_NOTHING)$(FAKEROOT) chown root:wheel $(THEOS_STAGING_DIR)/Library/LaunchDaemons/com.fiore.jellyfishd.plist$(ECHO_END)

i stole it from sandyd

and it wont compile

im so lost

Isn’t it just

> Making stage for tool jellyfishd…
fakeroot: FAKEROOTKEY set to 1807167095
fakeroot: nested operation not yet supported
make[1]: *** [Makefile:22: after-jellyfishd-stage] Error 1
make: *** [/Users/fiore/theos/makefiles/master/rules.mk:146: jellyfishd.stage.tool.variables] Error 2

after-stage::

https://github.com/opa334/libSandy/blob/fc5d31a8f1eafc78f1729747455aa36bc3d51074/sandyd/Makefile#L16-L19

Yeah idk

no don't worry

im just working on

then i need to do

ohhhhhhhhh got it

mb

yeah

didnt understand before

maybe i can finish

pea brain

today

id be impressed

but def possible

wtf dghost

dont you dare

no more #development message

😭

@twilit jungle do yk whats up w my makefile from these messages or nah

Yeah its telling you that you are calling fakeroot while running from fakeroot

wtf

how

fakeroot: nested operation not yet supported

not how did you know

i meant how did that happen

ok well

i killed term and restarted

> Making stage for tool jellyfishd…
chown: /Users/fiore/jellyfishd/.theos/_/Library/LaunchDaemons/com.fiore.jellyfishd.plist: Operation not permitted
make[1]: *** [Makefile:22: after-jellyfishd-stage] Error 1
make: *** [/Users/fiore/theos/makefiles/master/rules.mk:146: jellyfishd.stage.tool.variables] Error 2

Should i just put the gear where it says “respring” on the root plist ? Also thoughts?

(Fg ab portrait thing)

And I fg SBreload 😭

what the fuck is that uialertcontroller

alpine tweak

[[alpine]]

Are you on a mac

yeah

Yes

Fakeroot does not work properly

Cope

but it worked when i compiled libsandy 💀

Did it

Did it even use it

last time i tried yeah

imma just

comment out that line

and see what happens

if you have to disable sip to build a tweak youre doing something wrong i think

No

Fakeroot requires sip disabled because of how it works

ah i see i guess

dyld[2278]: tried: '/opt/homebrew/Cellar/fakeroot/1.33/lib/libfakeroot.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/fakeroot/1.33/lib/libfakeroot.dylib' (no such file), '/opt/homebrew/Cellar/fakeroot/1.33/lib/libfakeroot.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/opt/homebrew/Cellar/fakeroot/1.33/lib/libfakeroot-0.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need '')), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/fakeroot/1.33/lib/libfakeroot-0.dylib' (no such file), '/opt/homebrew/Cellar/fakeroot/1.33/lib/libfakeroot-0.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need ''))
/opt/homebrew/bin/fakeroot: line 178:  2278 Abort trap: 6           FAKEROOTKEY=$FAKEROOTKEY DYLD_INSERT_LIBRARIES="$FAKEROOT_LIB" "$@"
/opt/homebrew/bin/fakeroot: line 180:  2279 Abort trap: 6           exit $RESULT
make[1]: *** [Makefile:22: after-jellyfishd-stage] Error 134```

oh god

Yea use procursus fakeroot

where i get that

procursus

Since when is procursus on Mac

Last time I looked their install on mac guide was coming soon

like 4 years

the install guide is in the pins in some channel

can you use procursus with brew

im assuming not

why not

i mean if there's package collision the one that'll be used is the one that has higher priority in PATH or whatev

but otherwise i dont see how it wouldnt work

they install in different locations

Forever

Yeah never been “public”

But sileo and procursus been on mac

ah okay might try it then

Any idea on how to make apt-cache search show iphoneos-arm packages on Dopamine 2?

I'd like to download packages using apt-get install -d. In Zebra they show up even though they're for iphoneos-arm, but the search command only seem to show packages from Sileo's repositories.

ok but how to i install either

nvm i figured out both

Hello

I figured out that the command apt-config dump shows me where apt gets the packages from but i'm not sur how I could make it show Zebra stuff

This is not possible, while iphoneos-arm are based on /, iphoneos-arm64 are based on /var/jb. I think apt only sees available packages based on the rootless repos.

Ok so its part of the apt binaries themselves

Damn, any idea how I could download iphoneos-arm packages throught command line?

I GOT IT

Bro it’s annoying, yesterday I spent 1h capitalising everything

Still have not finished

😭

Watch that crazy tesla_man code

Bro I'm dying from that

how useless is that

please tell me

gm

LOL

No

there is worse

Is there a way to work around this

hi, uhmm does anyone know how i can import Lottie in my tweak?

Uhhh looks like there is a framework in the releases, perhaps you can put that into the sdk and it'll work

alr haven't noticed that one

but besides that, last time i used xcframework theos had some problems with it iirc

and there was no quick fix for it

You can still try

🤷‍♂️

yeah extracted the arm64 Lottie.framework and placed it inside theos/lib, works now, thanks @slim bramble , haven't noticed the releases inb4 and would have probably compiled from source now lol

yw ;)

yeah

arm64

need to build for arm64e lol

compiled from source now

It’s bc it wasn’t happy with the var or what ever, I’m gona fix and play with it today

it crashed me

hey, does anyone know why I get this error when compiling a tweak using theos? ```console
main.m:27:9: fatal error: could not build module 'Foundation'
#import <Foundation/Foundation.h>

9 errors generated.
```

Can i put an SVG as an image in plist ?

No you didn’t give the full error

https://pastebin.com/BmbXdWxy

puaf_phypuppet puaf_smith and puaf_landa what’s next puaf_fanta?

/* there are no bad ideas, there's just not enough whiskey */

thank you

Is Procursus even officially compilable on recent macOS versions ( Ventura )? Every time I try I get some undefined symbols error..
Latest I can get it to compile on is Big Sur.

Some packages are fine, it's just that making the bootstrap fails now..

I can retrieve the error string when I install macOS Ventura + compile again, if needed.

That would be preferable

It should be, but tbh I haven’t touched procursus in ages

Alright, will install right now then.

( I downgraded my hackintosh to Big Sur yesterday because of this )

works fine for me on ventura

im on sonoma and it works fine

@radiant idol is this a onesettings issue with dopamine 2? jb icon won’t show, tried clearing cache but doesn’t change anything

™️

undef: _BZ2_bzReadClose
undef: _BZ2_bzReadGetUnused
undef: _BZ2_bzReadOpen
undef: _BZ2_bzWrite
undef: _BZ2_bzWriteClose64
undef: _BZ2_bzWriteOpen
undef: _BZ2_bzlibVersion
Undefined symbols for architecture arm64:
  "_BZ2_bzRead", referenced from:
      _uncompress in lto.o
      _testf in lto.o
  "_BZ2_bzReadClose", referenced from:
      _uncompress in lto.o
      _testf in lto.o
  "_BZ2_bzReadGetUnused", referenced from:
      _uncompress in lto.o
      _testf in lto.o
  "_BZ2_bzReadOpen", referenced from:
      _uncompress in lto.o
      _testf in lto.o
  "_BZ2_bzWrite", referenced from:
      _compress in lto.o
  "_BZ2_bzWriteClose64", referenced from:
      _compress in lto.o
  "_BZ2_bzWriteOpen", referenced from:
      _compress in lto.o
  "_BZ2_bzlibVersion", referenced from:
      _main in lto.o
      _usage in lto.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[1]: *** [Makefile:41: bzip2] Error 1
gmake: *** [makefiles/bzip2.mk:20: bzip2] Error 2

For example, this is a package that fails to build..
I don't know if it can have anything to do with x86_64 -> arm64 compiling?

ah.. more errors

not sure, i suggest looking at the header

always

Yeah I’ll take a look

When eta

the reason for this is that the icon is now only in the assets.car file

not the fake lenovo earbuds 😭

@tepid olive explain yourself

ok at least you got it for that much

does anybody know how to get the weather temperature of current location?

well there's libpddokdo for getting weather data from the weather app

but you don't really have to use the lib if you implement it in the tweak directly lol

oh yes thats what i need

is there a way to launch bundle ids from shortcuts

i mean, you can ssh with shortcuts and do it that way

uiopen from shortcuts

what ab nonjb

does it have a url scheme

that’s the only way you’d be able to do that

you can have a shortcut with the app field being an app that's not cached/installed
but editing the shortcut would break that

and shortcuts would probably fail to open it regardless (i remember this happening with posterboard on 16 betas)

oh

trying to see if there is a way to ppen spotlight from shortcuts

spotlight has an .app but it's still through springboard

so i don't think that's gonna happen

like if you actually unhide the spotlight app and open it, it's not going to launch spotlight

i believe it will if you actually unhide it

because i tried to do this on palerain a while ago lol

i followed this to install libpddokdo as well as repacked it for rootless and also inserted Lunar_LIBRARIES = MobileGestalt pddokdo but it says here:

ld: warning: ignoring duplicate libraries: '-lc++'
ld: library 'pddokdo' not found```
same with libpddokdo

and if i dont add it to LIBRARIES at all its just

ld: warning: ignoring duplicate libraries: '-lc++'
ld: Undefined symbols:
  _OBJC_CLASS_$_PDDokdo, referenced from:
       in Tweak.m.ed215d3b.o
clang: error: linker command failed with exit code 1 (use -v to see invocation```

readme is outdated

i think im stupid

no it's not your fault

what should i do then?

oh you used my instructions? then those should've worked wtf

do i need to import it into Lunar_LIBRARIES?

well yes but you have that error because you don't have the dylib

ok let me try something

make sure you ran make not make stage or some other target for libpddokdo

after editing the makefile

because after-all only runs after the all target which make defaults to

cp: /Users/haxi0/tweaks/libpddokdo/.theos/_/usr/lib/libpddokdo.dylib: No such file or directory
make: *** [after-all] Error 1```

make package then make all

and see if that works

nuh uh

hm

should i try changing TARGET and adding THEOS_PACKAGE_SCHEME=rootless?

you can do that by just adding the var after make in the cmdline
and the package scheme already changes the target for you

okay this was an error on my part

it was in /Users/haxi0/tweaks/libpddokdo/.theos/obj/debug/libpddokdo.dylib

the file should exist after-stage
theos cleans up staging before all is done

uhh i still have no change

ld: warning: ignoring duplicate libraries: '-lc++'
ld: library 'pddokdo' not found
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [/Users/haxi0/tweaks/lunarswift/.theos/obj/arm64/Lunar.dylib] Error 1
make[2]: *** [/Users/haxi0/tweaks/lunarswift/.theos/obj/arm64/Lunar.dylib] Error 2
make[1]: *** [internal-library-all_] Error 2
make: *** [Lunar.all.tweak.variables] Error 2```

ARCHS = arm64 arm64e
INSTALL_TARGET_PROCESSES = SpringBoard
THEOS_PACKAGE_SCHEME=rootless

include $(THEOS)/makefiles/common.mk

TWEAK_NAME = Lunar

Lunar_LIBRARIES += MobileGestalt pddokdo
Lunar_PRIVATE_FRAMEWORKS = SpringBoard SpringBoardServices SpringBoardFoundation SpringBoardUI
Lunar_FILES = $(shell find Sources/Lunar -name '*.swift') $(shell find Sources/LunarC -name '*.m' -o -name '*.c' -o -name '*.mm' -o -name '*.cpp')
Lunar_SWIFTFLAGS = -ISources/LunarC/include
Lunar_CFLAGS = -fobjc-arc -ISources/LunarC/include

include $(THEOS_MAKE_PATH)/tweak.mk
SUBPROJECTS += lunarprefs
include $(THEOS_MAKE_PATH)/aggregate.mk```

the steps were for rootful

i'd need to make a condition for rootless

just copy it to $THEOS/vendor/lib/iphone/rootless

yess less goo it worked!

thanks

yeah this should be the proper one lol

after-stage::
ifeq ($(THEOS_PACKAGE_SCHEME),rootless)
    mkdir -p $(THEOS)/vendor/lib/iphone/rootless
    cp $(THEOS_STAGING_DIR)$(THEOS_INSTALL_PREFIX)/usr/lib/libpddokdo.dylib $(THEOS)/vendor/lib/iphone/rootless/libpddokdo.dylib
else
    cp $(THEOS_STAGING_DIR)$(THEOS_INSTALL_PREFIX)/usr/lib/libpddokdo.dylib $(THEOS)/lib/libpddokdo.dylib
endif
    mkdir -p $(THEOS)/include/libpddokdo
    cp public/libpddokdo.h $(THEOS)/include/libpddokdo/libpddokdo.h

wtf my tweak stops working after i import the library

how tf

did you install the lib on the device tho

yes

and this is just after linking alone or did you actually make calls in the tweak

only adding the library

in LIBRARIES

im recompiling for rootless

sure

it's a simple lib and there's no usage of paths or anything so its strange that it broke

TARGET = iphone:clang:latest:16.5
THEOS_PACKAGE_SCHEME=rootless

include $(THEOS)/makefiles/common.mk

LIBRARY_NAME = libpddokdo
libpddokdo_FILES = libpddokdo.m
libpddokdo_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/library.mk

after-install::
    install.exec "killall -9 SpringBoard"

after-stage::
ifeq ($(THEOS_PACKAGE_SCHEME),rootless)
    mkdir -p $(THEOS)/vendor/lib/iphone/rootless
    cp $(THEOS_STAGING_DIR)$(THEOS_INSTALL_PREFIX)/usr/lib/libpddokdo.dylib $(THEOS)/vendor/lib/iphone/rootless/libpddokdo.dylib
else
    cp $(THEOS_STAGING_DIR)$(THEOS_INSTALL_PREFIX)/usr/lib/libpddokdo.dylib $(THEOS)/lib/libpddokdo.dylib
endif
    mkdir -p $(THEOS)/include/libpddokdo
    cp public/libpddokdo.h $(THEOS)/include/libpddokdo/libpddokdo.h

my makefile

ye it just breaks

i had the same happen today for another library i was compiling, uhmm... how do i put this, i fixed it but idk how tbh lol

maybe try instead of compiling the library, compiling libpddokdo.m etc inside your Lunar project

OH WAIT

i fixed it??

super weird

what was the fix?

my device is on 17.0, just realized i could use roothide bootstrap, does ssh and the open package work on roothide?

instead of just doing make i did make do which compiled the project, installed on my device, and copied the dylib to the folder

i just did make

also this was my makefile

is there a way i can make the volume HUD alway show?

of course
dunno how do it programmatically

its just a view so you can definitely make it not hide

🥲

try hooking the right method

volumeControlIsAvailable

you did L L not L I

😭

ofc, thx

lol open package works on 17.0 roothide bootstrap

so now i can make my shortcut

it returns 0 but doesnt show the hud, thanks

i think improving your spelling skills might directly correlate to a significant improvement in your programming skills

you should consider taking a break from programming at one point and try to improve your spellings

im serious, it might actually help

k, idk where to like study tho

@acoustic imp is english your first language

yea

first grade?

maybe second?

😭

@faint stag it works! thanks

the internet is a big place

and im a little person

i found https://spellquiz.com within a few mins

How

😅

to my doubters

ipados 17

cool

didn't say uiopen wouldn't work

lol

lol

whayevr

is there a terminal package that lets you run keyboard shortcuts

because then this could be done elegantly lol

that would probably end up being a tweak and not just a command line tool
don't think it exists tho

simulate keystrokes is a better way of putting it

but i also dont think that exists

@acoustic imp does 16player have detection for when the user opens the artwork into full screen

wdym, theres a bool for if it large or not

like is there a way to just like

Detect when it changes

why? i can post a notifaction

actually, the bool should be good enough I think

how do you access the bool

its not a property

on sm view

(crazy I’m asking teslaman for help)

yippee

for what

How do I check if the music player is large

ofc, you can make an NSUserDefaults key observer

like 16Player my tweak?

if thats what you mean

or are you talking ab ios 16 ?

I meant. In your tweak. Does it have a way to detect when it changes.

wait

I’m dumb I forgot your tweak doesn’t support iOS 16

..it doesnt?

noo...

its 14-15

ok so lemme rephrase

yeah it's the 16 player for ios 14+

does anyone know how to detect when the album artwork is big or not on the lock screen

jus look in flex for sm method

or bool

there's gotta be an open source ls tweak somewhere

lemme look quickly

wtf

how is the flex in the music player

and how are there 2

that goes hard

They’re in separate processes

(So one in SB, one in PosterBoard)

Hello

I could prob just hook the music player and check the pos/size or smth of the album artwork since when it’s big it’s not on the actual player

you could

@hasty ruin do you know the name of the volume hud header ?

Idk how outdated this is:

https://github.com/aydenp/Ultrasound/tree/master

Thanks

if ([fileManager fileExistsAtPath:@"/usr/lib/systemhook.dylib"] && [fileManager fileExistsAtPath:@"/var/jb/basebin/basebin.tc"]) {
    if ([fileManager fileExistsAtPath:@"/var/jb/.installed_fugu15max"]) {
        jailbreakImage = appIconForBundleID(@"de.pinauten.Fugu15");
    } else if ([fileManager fileExistsAtPath:@"/var/jb/.installed_dopamine"]) {
        jailbreakImage = appIconForBundleID(@"com.opa334.Dopamine");
    }
}

This is what I have currently. It works for Dopamine 1.X. The way I get the image via appIconForBundleID is by looping over all the LSApplicationProxy bundles in [[%c(LSApplicationWorkspace) defaultWorkspace] allInstalledApplications], checking if any of them contain the bundle name (this is to account for sideloaded apps which may have a randomized bundle id), and then cache it.

Honestly at this point I could probably get rid of the Fugu15 Max one

I don't know of anyone who uses it at this point

what why would you loop over those, you can just initialize an instance of LSApplicationProxy, much faster

basebin.tc does not exist anymore

ahh

ok

don't check for random files

checking for installed_dopamine is more then enough

I swear that's how Sileo used to check it, that's why

Yeah that's also why Sileo thinks Dopamine 2.0 is palera1n

My thought was that some jailbreaks are installed via AltStore for example, and it randomizes the bundle id

well

it adds a random string at the end

i love being on palera1n rootless on my a14 iphone

hm

yeah ig that's a reason to do it like this

can we just take a moment to appreciate how bad altstore is compared to competitors

Yeah I mean I only do that once and then cache it

So it's not a major impact on performance

ok well thanks

that was quite helpful

I'll keep that in mind

I need sideloadly on Linux

you can always run a macos vm

and ever since trolleystore i haven't even used sideloadly lol

i just airdrop my tipas and open in ts

TS is amazing

@restive ether lol this is named over an island that the korean gov has a site to prove that it's not japanese

population: 34

hahhaha

how is it bad

I use AltStore and it works fine

I NEED 16PLAYER NOWOWWW

@granite frigate rewritten the parser in one afternoon 🔥

update

rewrote*

It was actually “(I’ve) rewritten” because I was speaking in the present perfect

Nice try bud

@hasty ruin nuxus crashed my ipad

L

idk what nuxus is

good you dont wanto bc its malware

nuxus 1.3 with ntwarkdrm

o wtf new image3 tool??

oldimgtool

@granite frigate where this tool at

pog

@radiant idol remember how i was asking you about why your respring blur thing didn't disapear for bolders reborn, why didn't you use a like timeout to make it disapear?

was there a reason or you jus didnt think to

Doesn’t work like that

Ig you could kill the settings app after and that would remove it as well

It does…

Uh huh

See, used a time out and called removeFromSuperView thing

I mean honestly who knows

I haven’t looked at the src in a while

No blur on prefs 👍

Cool

On Dopamine 2, is it expected behavior to not be able to read directories and subdirectories under /var/mobile/Containers/Data? It’s owed by root, which I suppose explains why I can’t as mobile user, but this is something I can do on Dopamine 1 / palera1n so wanted to confirm

Actually I lied: I cannot do this on Dopamine 1.x either. Palera1n must do something different

Hello guys, can I jailbreak my iPhone 7 15.7.1 with Dopamine 2 ??

yes, https://ios.cfw.guide/installing-dopamine/

you need an entitlement

<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>```

OK, so if I got kernel read/write in Swift Playgrounds by porting the Landa exploit from libkfd to pure Swift, what do I do next?

my end goal is to install something like Dopamine

I assume to get there I need TrollStore

(the goal here is to do this entirely without using sideloading)

the TrollStar installer is based on libkfd and works for this version of iOS

but it's complex and seems to include a lot of unnecessary stuff?

so what path exactly needs to be taken? is there any kind of writeup on this? so I don't end up porting unnecessary stuff

as far as I can tell the end goal is the createFolderAndRedirectR in TrollStar, which redirects folders so that it can read arbitrary folders
then it uses kfdOverwrite on one of those redirected folders to write the trollstore app

so to get there from libkfd:
get kern proc
turn kern proc into arbitrary pid proc by reading next to it
get own proc using own pid
change own directory to directory we want
get vnode of directory we want by reading vnode of our current directory near our proc
do same to get other vnode
do some kreds and writes around vnodes to redirect them
use that to redirect folders

so I shouldn't need any of the other stuff in trollstar right?

that's just normal sandbox behavior which is why you need the entitlement

Unsandboxing with physrw is better than that

what do you mean?

With physrw, you can escalate to root. Then, you can read/write every file under /var

how hard is that? and is the place we want to put the TrollStore persistance helper under /var?

Thank you, I did it and it’s working perfect 👍

There’s Any good repo for Sileo , to install tweaks ??

yes

@tawdry storm @granite frigate need a favicon for my site

what do i choose

what are the options

:3

eh just think of anything

is it like a shitposting website or formal

formal

oh crap

but

that's fire

the favicon can be anything it's fine

damn wtf 🔥

:) I was worried it looked ugly

why not your coreserena pfp

cause it looks like aigis edging

exactly!!!!!!!!!

yoooo, that's fire

☠️

thanks 🫡

gojo spotted 🔥

I actually think i'll keep this pfp for a bit

I think

use one of your pfps or find a new pfp for the website

its ur website i think it should have your own pfp as it's favicon

gorn

Trying to device

Decide

use this

https://cdn.discordapp.com/emojis/956484682046918726.webp?size=44&quality=lossless

what’s the best cocoatop alternative or where can I get cocoatop from some official source?

Is there a way to get that via a SSH session?

Is there a way to get that via a SSH session?

does anyone know if there is a formatter for swift in vscode on linux?

@silver rampart 🙏 hey, can you fix that please ?

Unsure as to why I'm getting this error

checked TS, and other projects that uses a RootHelper and haven't seen anything that is different from what I’m doing

Anyone may have a clue?

noticed by sacro

yes pls

LOL

never used a roothelper before

you're asking Theos to link a framework called SpringBoardServices but it can't find it in the SDK you're using

does anybody know how to launch an app in the background?

Ahhhh, I see

Your options are to either not link in SpringBoardServices at compile time and find it at runtime, or find an SDK you can use

https://github.com/theos/sdks good starting place

iirc roothelper doesn't need SpringBoardServices

yeah idk why it would

Well, I was following what TrollStore’s RootHelper has

trollstore's roothelper does a bunch of stuff

Serotonin also has Springboard Services in its roothelper

ah

I forgot why I needed that

uh try removing it

i think? it was needed for uicache

That would make sense

what SDK are you using?

Uhhh, I haven’t even checked tbh, and I’m not near my Mac rn

Has to be an ios 15 one though iirc

yeah True

I’ll check in a bit and get back to you guys

I’ll also try this

Since I won’t need the RootHelper for uicache

i thought that would be protected by PPL cause of ucred

at least to escalate your own process

dumb question but how do I use timebomb? I’ve installed it but it’s neither in settings nor as a app, do I have to trigger it manually or something?

you don't even have to do anything

it's just a tweak

what, so it’ll automatically spin lock whenever it feels like it ?

i mean yeah

it's not predictable

it might be happening rn tbf

my battery shows 0%

but it’s not 0%

if yk

not related to spinlocks tho

that can happen without a jb

lol

the percentage isn't gonna be related to the battery voltage,
ios will shut down when it reaches a threshold

has anyone gotten a spinlock on palera1n using timebomb?

I thought it was a bug or something

Or my battery life is really bad

no it's just a bug

if you reboot it shows 0% for a bit

then it fixes itself

alright

shouldn't it work for any jailbreak?

since all it does is fill up pages

or am i wrong

i mean it should

but i havent seen it on any other jb than dopamine

true

my battery life isn't great with dopamine 2

is anyone else having this problem?

So, I'm trying to get sem info in pure swift, for libkfd.
This is what I have

func sem_info(_ sem: Semaphore) -> psem_fdinfo {
    let syscall_ptr = dlsym(dlopen(nil, RTLD_NOW), "syscall")
    let syscall_sem_info = unsafeBitCast(syscall_ptr, to: (@convention(c)(Int32, Int32, Int32, UInt32, UInt64, UInt64, Int32) -> Int64).self)
    
    let sem_info_size = MemoryLayout<psem_fdinfo>.size + 1024
    print(sem_info_size)
    let sem_info_buf = UnsafeMutableRawPointer.allocate(byteCount: sem_info_size, alignment: 1)
    
    let sret = syscall_sem_info(SYS_proc_info, Int32(PROC_INFO_CALL_PIDFDINFO), getpid(), UInt32(PROC_PIDFDSEMINFO), UInt64(UInt(bitPattern: sem)), UInt64(UInt(bitPattern: sem_info_buf)), Int32(sem_info_size))
    
    assert (sret == Int64(sem_info_size))
    
    let sem_info = sem_info_buf.load(as: psem_fdinfo.self)
    
    return sem_info
}

but for some reason it sets errno 22

any ideas?

swift

it's for swift playgrounds

so yeah swift

it would be funny to be able to elevate privs from an app store app

exactly why I am doing this

anyway

I can't seem to figure out what is wrong

ah the comfort of coding from a iPad

I mean luckily you can write code on macOS and just transfer the final playground

otherwise this would be very painful

yeah cause playgrounds is there for apple silicon

errno 22 is usually invalid argument EINVAL from what i've seen

yep

but what argument is invalid

sem_info is using the wrong system call for retrieving semaphore information

use SYS_semaphore_info instead of SYS_proc_info

spinlock panics only affect arm64e 15.x

16.x+ arm64e isn't affected?

no

cool

have you had any reports of fast battery drainage on arm64 devices with Dopamine 2?

i've had some issues

libkfd does it this way

check if anything is crash looping

alright

there seem to be some arm64 issues still

elaborate please

well looking at the writeup it says:

we use the proc_info() syscall to retrieve the name of the posix semaphore, which should now be shifted by 4 characters when we hit the right file descriptor.
Overwrite the pinfo field, which is a pointer to a pseminfo structure.
Get an 8-byte kernel read primitive from pinfo->psem_uid and pinfo->psem_gid with the proc_info()syscall for the PROC_INFO_CALL_PIDFDINFO callnum, which is not denied by the WebContent sandbox.

that was more for @torn cloud actually ^

hm

to be completely honest, i'm not sure

this might not be a simple fix

i mean sret looks to be correct, comparing it to kread_sem_open.h
my suggestion would be to start printing args before they get used ig

@naive sedge have you defined SYS_proc_info and PROC_INFO_CALL_PIDFDINFO correctly?

well sys_proc_info is a syscall that should be in basic headers already

just an int with value 336
so idk

and PROC_INFO_CALL_PIDFDINFO is also in sys headers (private) but kfd has it defined in static_info.h as well for that reason i'd assume

yeah

this is a tricky one

It’s a PPL-related bug afaik

Maybe I’m wrong

^

arm64 should not have that

er so I tried to do this in normal objective c as a sanity test

I can't even open a semaphore??

sem_open is returning EPERM

apparently some kind of sandbox thing, turned off app sandbox and it's fine now

yeah so I think the issue is the way swift is calling it

yep yep yep

figured it out

swift is passing arguments as registers

just debugged what objective c is doing, it puts it all on the stack since it's varadic

how tf do I tell swift to do that

are u the pypush guy

yeah i think so

oh yea i thought i recognized him

ok, so I feel like this would be very hack, but what if I just told swift that syscall had a ton of arguments

the first bunch would be bogus to fill up all the registers

and then it would put the ones I actually cared about on the stack

let syscall_sem_info = unsafeBitCast(syscall_ptr, to: (@convention(c)(
            Int32, // syscall #
            UInt64, UInt64, UInt64, UInt64, UInt64, UInt64, UInt64, // filler for x1-x7
            UInt64, // call #
            UInt64, // pid
            UInt64, // flavor
            UInt64, // arg (semaphore)
            UInt64, // buffer
            UInt64 // buffer_size
    ) -> Int32).self)

can anybody help with icloud wipe. i am bootlooping

the device is offline how would that even work i am confused

trying to get the 2 factor code rn i will try when i get it

you're using unsafeBitCast to cast a function pointer to a specific function type right?

yes

got the function pointer from dlsym

(it works now, I can get the name of the semaphore in pure Swift)

seems to be an iconcache bootloop. does anybody know if running the battery out and then recharging will fix this

doesn't idevicerestore --wipe work or would that need to be paired with --latest if you can have it recognized by a pc

it can, is the device able to be online?

why is it offline

its bootlooping

did you already press the icloud wipe button

bootloop doesnt mean itsoffline

it asks for 2fa and i cant get it as the device is not opening. i will try to get it from my iphone 4s tomorrow. my mom couldnt manage to open it it has battery issues :/

i have heard that dying can fix it

but icon cache bootloop should be able to connect to internet and restore

if you can get the 2fa from another device

how did it happen/are u sure its icon cache

Hey, so does anyone know why my macOS kernel keeps panicing while developing this exploit?

Part C: From KRKW to Cleanup
This exploit does not corrupt the kernel state such that it needs to be cleaned up post-KRKW in order to prevent a kernel panic.

Landa shouldn't cause a panic I thought?

What’s the panic log?

panic(cpu 4 caller 0xfffffe00241b05d4): pmap_mark_page_as_ppl_page_internal: page still has mappings,
ah, so it looks like PPL just happens to try and use it later?

and catches onto the fact that the mappings were never cleaned up?

Yes

Oh that’s talked about in the writeup. It’s because you don’t grab enough free pages and so there’s a higher chance that PPL will try to use one of the freed pages

opa said its probably iconcache. it happened after trying to update dopamine to 2.0.6 while being jailbroken in 2.0.5

wdym

interesting

But because you’re running through simulator (presumably) your Mac will have more RAM and you’ll need to grab more free pages

device tried to reboot normally and then this happened

let me see if i bootloop rq

nah nobody else is looping as far as i see. this also strenghtens iconcache theory

@naive sedge https://github.com/felix-pb/kfd/blob/main/writeups/exploiting-puafs.md#what-to-do-before-a-puaf-exploit

ahh, right puaf_helper_give_ppl_pages, I forgot about that 💀

Read that section

That’s the one

i did not bootloop, nice boost of adrenaline tho

lol

very unlucky on my part

W

hopefully ur other phone can do the 2fa

i hope so. its an iphone 4 so i am really stressed xd

i can get into recovery mode now btw. you had to do it while itunes is on. still seems offline in find my though

iI have a 16.5 ios sdk & TVOS sdk

adding more

it can only connect while in the bootloop, not in recovery

but i wouldnt be too worried i have seen some long wait times fix those bootloops

yeah weird. it doesnt

im not sure if the idevice thing dlveol said works or not but mayb that does lol

biggest hope is battery strategy rn. really counting on it

idk about that

idevicerestore ?

i dont think it will work anyway

some ppl say putting it in dfu and kicking it out can fix some bootloops

if u get bored try that

lol

not sure how to kick it out. i have been hesitant to try dfu as u stands for update

lol

it will only update if you give it an ipsw

dont worry lol

okay trying it then

didnt work but atleast its now confirmed that i can go into both dfu and recovery modes

idevicerestore doesn't work?

and im STILL blocked..

i dont see why you can't run idevicerestore --wipe when in dfu

trying to retain ios version

wtf is idevicerestore --wipe

@tepid olive

erase sorry

???

?

that will just restore

instead of update

and

needs signed fw or

no shit

"or" implies a question

https://tenor.com/view/spongebob-crying-spunchbop-gary-sad-gif-23822800

i'm going to assume you meant iPhone 14

the 2nd device for 2fa is a iphone 4

ah

what's the device that's bootlooping

14 pro max

hm

does idevicesyslog work

*** Device is passcode protected, enter passcode on the device to continue ***

do you have AC2

what is it

Apple Configurator 2

no i dont (i think)

are you on a Mac

windows/wsl

woe

will just wait for the battery. i hope it gets fixed

you can try pymobiledevice3 backup2 erase-device but idk if that will work BFU

bfu ?

before first unlock

something similiar on imazing didn't. probably this wont too

but i can try if current methods dont work

1 waiting the battery 2 icloud wipe

for 2 my phone seems offline in find my that the issue

idk why

icloud erase won't work without a SIM card in

connecting to wifi doesn't happen until after first unlock

why cant it use my simcard

the one i normally use

huh?

i'm saying it won't work if it's wifi-only

if you have a SIM card in then it may work

its an iphone i have a sim card

then maybe

still offline though

no clue if the system is up enough for that to process

maybe it just looks offline but it still works https://github.com/opa334/Dopamine/issues/279 i cant access github because off 2fa too. can somebody ask the guy if it said offline for him too 😭

What you could do it tether the phone using an Ethernet adapter

That would work I think

just open it in incognito

https://private-user-images.githubusercontent.com/132671660/281496543-87b5a2c0-7f02-41dc-a1cc-fc750b2f549c.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg1NTkzMDEsIm5iZiI6MTcwODU1OTAwMSwicGF0aCI6Ii8xMzI2NzE2NjAvMjgxNDk2NTQzLTg3YjVhMmMwLTdmMDItNDFkYy1hMWNjLWZjNzUwYjJmNTQ5Yy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwMjIxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDIyMVQyMzQzMjFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT04NDU0YzA2ZWJmOGMxOGExOTFkY2ZiYzY2ZDAxYTFhYWE1YjAxZDMxYzBmMzU4ZGVjMWEyOGI4OGUxYzJmNjgwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.K7H89aKvQSntiRznOwGxCIxpBbSF-E1EnJ5loWrS7n8

i cant even erase my iphone from icloud site

https://private-user-images.githubusercontent.com/132671660/281508196-379835ff-deb6-4f63-8003-a7e3302fb8a8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg1NTkzMDEsIm5iZiI6MTcwODU1OTAwMSwicGF0aCI6Ii8xMzI2NzE2NjAvMjgxNTA4MTk2LTM3OTgzNWZmLWRlYjYtNGY2My04MDAzLWE3ZTMzMDJmYjhhOC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwMjIxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDIyMVQyMzQzMjFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1jMjUwMmQ0OTY1OTg4ODFjNDNiMjYzZjFiMjE5OTJhZjQzZDY2ZGIyMTAwY2U5MjM5OTQ1N2YwOGM2Mjg1ZWVmJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.VZTe5Bk8Cu0Ry70niJ9c8hf70La8D5qNIqEQlAD2tJ4

erased successfully after putting Sim card with cellular data internet enabled

yea this is a valid strat although the likelihood that they have this on hand is pretty low

and again, assuming the system is up enough for the icloud reset to come through

which it may not be

Oh wait you should also remove the SIM card pin

I need to buy one for me 🙏

rj45-lightning right ?

Yes

probably the best bet

Have you tried removing your sim’s code

how ? get it out to another phone disable and re enter it to my phone ?

Yes

I'm currently grabbing 100k pages, still not helping...

i think it disables it per device

do you have a SIM pin?

yes

oh

bruh

put it into a different device and disable it

it's per SIM, not per device

No it disable it on the sim

otherwise i could just steal your SIM lmao

oh lol

well you have to steal the phone to get the sim so xd

good thing you arent american lol

my 14 doesnt even have a sim slot

uhhh

so

why is sysctlbyname("kern.maxfilesperproc", &max_files_per_process, nil, nil, 0) returning errno 12 (ENOMEM)
NVM, passing nil is a mistake

oof

i have a plethora of adapters tho its fine

@orchid fulcrum let us know !

^^^

agree

im invested

hope u dont have to update

sure. i will have to do it tomorrow evening though because of many reasons

There is another option which is rj45 adapter

ye

And if he saved his blobs he can FR to 16.6

no blobs unfortunately. i thought they were useless on newer phones

apparently not

I might update my phone lol

do not

16.6 doesn't have dopamine and wont for months

unless ur on ios 15

Upped it to 1million, still eventually panics, am I doing this wrong

I’m on 14 lol

lol

id update then

what phone

12

yea id update

is this a new event ?

I need to get that jb chart

its something to do with the cryptex on the latest ios 16 version matching the 16.6 one

Oh shit no jb

💀

Ain’t updating then

you can use serotonin

which will likely have rootless bootstrap soon

Half broken jb

what are you even trying to do

it's not bad at all

Fix dopamine bootloop

only minor differences

what device and iOS

14 plus on 16 something

Idrk we told him to remove his sim passcode and iCloud erase

@orchid fulcrum

16.5 14pm

that should work if it gets that far, provided that they had FMI enabled in the first place

Is there a proper sb injection ?

yep

They do

i will try battery emptying first and tomorrow evening i will try removing pin from sim card and try icloud wipe

Oh yeah but packages have to be roothide

yeah, thats the only downside really

Spyware

😭

lol

its not spyware but it is a hassle

but should be some rootless stuff coming out for it

Mike while you are there

What do you think that iPhone 12s on iOS 14 should do

I’m tempted to update using the FR method lol

you’re not able to go to 16.x

Even with blobs ?

correct

Why not ?

cryptex

Yeah but isn’t latest cryptex compatible with iOS 16.6

now that i think of it the requirement is that u are on an ios 16 version above 16.6

right

latest for devices that ended on 16 is

no?

also SEP is incompatible anyway

https://tenor.com/view/kitten-love-begging-please-forgive-me-gif-19573156

did 17 make SEP incompatible with 16?

according to the sheet no

but idk if the sheet takes into account cryptex

sheet is based on cryptex

oh

idk then

Oh so I am fucked on my old ass iOS version with no cryptex blobs smh

more than likely 17.3.1 cryptex is compatible to at the absolute lowest 17.2 (and that’s a guess)

battery at 11% but i have to sleep. fingers crossed for the morning

Good luck

how tf u know its 11

have a nice day everyone

good luck

imazing

ah

Ok so I need to save the cryptex blobs now

💀

Maybe one day I’ll get to update lol

So, I'm having no luck getting a semaphore onto one of my PUAF pages

I allocated 2000 PUAF pages, thought that would be enough

like I'm not even seeing anything that looks like a pointer, it's all < PAC_MASK

(that is another question I have... if the pinfo pointer has PAC (it's checked to be > PAC_MASK) then how come we can just shift it by 4? would that not break the signature?)

err

what is going on

Swift runtime failure: arithmetic overflow

when trying to increment and decrement the pinfo pointer

I feel like I’m doing something wrong since this still isn’t working

when I try it on a real device I get panic shared_region_pager_data_return should never get called

on my mac it panics regularly because of the PPL thing despite giving PPL many pages

maturing is realizing #import is better than @import

@hasty ruin

@import is so cursed

Anyone knows how Audiorecorder TS is able to detect incoming call and the moment when call is connected without hooking into system daemons?

So, I actually got it to work on my mac, however, when I try on the real device it is only able to give PPL 83 pages, and thus it panics pretty much instantly

(like it panics before it even attempts krkw, just performing the exploit is enough)

guess i can turn down the requested puaf pages