#development

console doesn't really give me an better info to go off of

the 🟢 emoji in kfd would just kill it

ok logging after i run orig works

good enough

also i am slightly confused how the value of this pointer is 3

but ok

they gave u RTLD_SELF fr

wait

that's negative

close enough

ok i don't get it

what is the type of the argument

if it is an object passed by reference

by A LOT of sim card changing i managed to get 2fa code and icloud wipe worked !!! so happy right now thanks everyone @lean ermine @slim bramble @timid furnace

damn good to hear

screw the icon cache though :/

yeah. do you know if it actually has to do with icons/themes or was it probably because i enabled tweak injection to system apps like preferences

also cant seem to have/install apple apps like maps/tips etc (all of them except photos settings phone imassage safari and camera)

glad to hear it

That's weird, when the device is wiped, nothing should persist

For 16GB RAM I’ve seen people need up to 400k

Oh man you don’t know how much I laughed while writing the article

It was like edging

Explained some of the macho stuff in basic way

Then just used a private api because I felt funny

Look I was gonna write a parser for it with the dyld and macho APIs but I felt really lazy

🥹

Yes !!!!! I’m so happy that it worked !!!!

I have this problem though. I cant jailbreak and most of the apple apps cant be installed

Spawning jbctl failed error 85

Does the error mean anything for you ?

what happens when you click the apps to install them ?

Unable to install please try later

you might want to try another restore from settings

idrk

Do you perhaps have trollstore

you can probably go to /var/ and check if a dir named jb is there

That didnt work sadly

Cant install as i dont have tips

you are not forced to use tips

Is there a way to install to mesages or safari maybe ?

yes

I really just have the most basic ones. Maybe i can try on safari

And use brave or something

This is very weird tho

Seems to still be an iconcache issue to me. Look at watch apps icon for example

opa is probably your best bet to get that solved

also how did you install dopamine ?

that just means you need to enable dev mode

don't dopamine has to be installed with TS too ?

Ahh true i forgot it got disabled

I thought the ipa was meant to be sideloaded

Well dopamine has special entitlements

so that's why I'm unsure

Like i mean there is a tipa and an ipa on releases. Not that they are too different but still he could have just uploaded one od them. I also remember the reddit release post said something like installing with trollstore is recommended (implies its not a must)

I just tried as i couldnt get trollstore anyway

That's why I'm unsure 🤷‍♂️

sideloading does work

oh there we got the answer

anyone know how to solve sem_open occasionally returning EEXIST despite calling sem_unlink right before?

Not yet

Is there a way to protect against kernel panics when kreading?

When I try and read the semobject is when it panics, do I need to strip PAC or something?

get on with it we are waiting 🙏

i mean, you're using a physical uaf exploit to read kernel memory
you can't eliminate panics but you can only improve reliability if possible

ah, the issue is stupid swift structs and it not lining up properly

ok, I got the task pointer

so wait, is T1SZ_BOOT 17 or 25 on m1?

and to strip the PAC from a pointer, I just need to do ptr & PTR_MASK right?

ptrauth_strip

Run a kernelcache through https://github.com/opa334/XPF (it can be compressed and will still work) and it should hopefully find relevant offsets

If it doesn’t work with the macOS kernel you can use an M1 iPadOS kernelcache and the value should be the same

I think it’s 25 though

just looking for an opinion. do you guys think iphone is usable without all the apple apps

and widgets*

you don't have access to the removable apps which is honestly fine

These are the only ones left 😐

Better then updating i guess

I assumed that didn’t work for kernel pointers, and besides I’m in Swift

send them this

so wait, does sem_close not properly close the file descriptor

I keep running into problems

like sem_open fails because it ran out of file descriptors

well this is a reimplementation of kfd

you can uninstall app store w fs access

and settings if you want

and messages

and phone

and everything

he sent me some code and this was in it
sscanf([correctView cStringUsingEncoding:NSUTF8StringEncoding], "%p", &arg0);

lol

.

I am not trying to uninstall i want to normal install 😭😭

lol

i mean maybe
you can test if the fd is still open

kfd just does this though

void kwrite_sem_open_deallocate(struct kfd* kfd, u64 id)
{
    /*
     * Skip the deallocation for the kread object because we are
     * responsible for deallocating all the shared file descriptors.
     */
    if (id != kfd->kread.krkw_object_id) {
        i32* fds = (i32*)(kfd->kwrite.krkw_method_data);
        assert_bsd(close(fds[id]));
    }
}```

(no, there's no kread_sem_open_deallocate because kfd uses this function for it. that function is defined in kread but it just returns)

wtf where did everything go

uicache -af if jailbroken maybe

.

whats the issue with jailbreaking

Will try. This is for rebuilding iconcache right. I tried that from trollstore

what happens if you delete tips and try to reinstall it from app store

trollstore uicache probably should've fixed it

your best bet is to check syslog

Doesn't work

^

how did you even get to this point what happened

That is outdated i can jb now

o

I will thanks

relevant: #jailbreak message

Well thats me too 😄

o

also humor me

ls -lsa /var/tmp/```

once you can get to a shell

Bro got a respring loop from dopamine

after removign his pin code on sim he got the phone to an icloud reset

after setting it back up he was left with this

Uhh

So

Somehow I seem to have permanently borked my file descriptor limit

On macOS

Bootloop. Wish it was respring 😩

Not really from dopamine tho

it was a respring loop that persisted even when the jailbreak was not active

due to icon cache corruption

Isn't respring loop something that looks like a respring ?

that's also why the remote wipe works

How do you even trigger that

because anything not SpringBoard is still running

Yes but if springboard can’t start it’ll be stuck at the Apple logo

Ahh

idk, there are multiple ways to corrupt the icon cache that the system cannot recover from on it's own

because apple wrote shit code

icon cache is horrendous

it's a miracle it even works at all

same can be said for anything apple makes especially with SwiftUI

lol i forgot macOS has launchconstraints too

only launchd can execute it
w

capt on his way to promote his rootkit

this was eraseassistant
i think i was able to launch it fine from a terminal in ventura but not sonoma

dumb question: if i rewrite Fugu14 do i have to give credit to Linus Henze in every file

or is that not neccesary

alright

yeah i'm planning on doing that

MIT i think

MIT probably

yeah it is MIT

https://github.com/LinusHenze/Fugu14/blob/master/LICENSE

yh

anyway i'm gonna disappear

wish me luck

does anyone know what versions are affected by this? seems some people have luck with 16 and others don't, i know 17 just completely broke. https://github.com/verygenericname/SSHRD_Script/issues/271

maybe the best thing to try is to see if you can verbose boot

eg, run palera1n

there was some issue where if you mismatch ramdisk and installed OS version and try to mount you'll break your install

i forgot the details

is that a cryptex moment

but it is recoverable through restore obviously

no apfs

yeah restore did fix it

it would just trigger some sep panic and refuse to boot properly

ok that makes sense tho

iirc 16.4+

since you have to init sep to mount /var

man

it was some 15 ramdisk on 17.2 following seprmvr64

yea that was probably the cause

i should do it again with a 17.2 ramdisk

nah i wanna try to stay on 17.2 but it's an honest shame i cant use sshrd

what tool do people use to tethered boot 17.2 because blobs are useless to restore to same fw apparently

also i have questions
how would you jailbreak a 17.2 tethered boot, does palera1n work? and also would sshrd still theoretically function properly with something like dualbooting

ig wrong channel but not something everyone would know at the top of their head

palera1n wouldn't work unless you had a build of it that would chain it with the tethered boot

oh so im screwed nice

sshrd would still work
but the mount script would mount the wrong partitions

you'd have to adjust for the one you want

for re-writing a kernel exploit, is it better to rewrite into C or obj-c?

or is it down to personal preference

i mean it could be whatever you want but obj-c may be easier to integrate if you're already using it in the project

yeah i'm planning to use obj-c for the exploits

no offense to LH but what bright idea immeraged in his head to make a untethered iOS 14 jailbreak IN SWIFT

it's the worst language to write anything apart from a UI in

another thing is i don't have a test device, so i'll have to use Xcode (if that even works?)

If you’re (re)writing an exploit without a test device you will run into issues pretty quickly

(personal opinion)
fugu14 was great at the time, but its exploits (maybe apart from the kernel exploit) have been overshadowed by newer releases and would be much easier to implement

• kfd works on 14.x while fugu's driverkit bug only up to 14.5.1
• dmaFail is a pretty easy and effective PPL bypass that doesn't require a PAC bypass
• fastpathsign as a coretrust bypass
  

#update_fugu

Also fun fact, did you know that after a userspace reboot if spring board hangs, and is killed, instead of showing the loading thing it shows the apple logo

PAC bypass:

@frosty gale hey im here too incase you dont wanna talk over twitter

you can add me if u wanna

Bet

I’ll pm you

But Fugu14 DriverKit bug has 100% reliability

but its exploits (maybe apart from the kernel exploit) have been overshadowed

If you can get kfd to 95%+ reliability and you implemented a custom launchd you could have a REAL untether

Even realer than vanilla Fugu14

This would be a 14.x untether too

Fugu14++

will xcode work?

the simulator?

yes

no, it's not a real device

damn

The simulator is just your macOS kernel at the end of the day

that moment when open exploit app in simulator and mac restarts

100x easier to implement fsuntether

and only twice as long boot times!

got to hunt on eBay then i guess

why am i getting this error

no

100x easier launchd haxx

what part of it isn't clear for you

Am trying to install ldid

would kfd even work with fugu14 though

kfd works on 14.x

no, i mean since fugu14 uses its own untethered kernel exploit

https://github.com/TheRealClarity/haxx you can use this for installd haxx

how?

epic

compile it

you can use 15.4.1's coretrust haxx from fugu15 (weaponized and linked above) + dmaFAIL as a PPL bypass + fugu15 installd bug and you won't require fugu's amazing but complicated shenanigans

yes

alright i'll look into it

thanks

14.0

since i don't want to deal with ios-install.py smh

what's your target by the way

writing a jailbreak?

what do i do here? @grave sparrow

i'm looking to finish fugu14 and make it an actual full untethered jailbreak

i believe u :3

i see

make it happen pls!

yeah

fugu15's coretrust and installd bug + launchd haxx + kfd might be more feasible

that would be iOS 14-14.8.1 only correct?

also adapting dopamine v2 to 14, although I have no idea how much work that'd be

?

@naive kraken thoughts? I know 14.6? and above would need an oldabi solution (not sure if you implemented one already on d2.0)

yeah i'm not gonna be able to do that

Wait until you find out that Fugu15 uses the same method

that's... what i'm talking about?

typo

I meant Fugu15

what the hell? fugu15 uses that as well

my god

yea

Yes

They didn't patch it

bro accidentally leaked Fugu17

Well the improperly patched it

yeah i'm gonna try tinkering with clarity's launchd haxx

rm -rf /Users/alfie/Fugu17

what do i do now?

rm -f /Users.alfie/Fugu17/Fugu17.xcodeproject

I mean it doesn't matter anyways because you can just install it through TrollStore

.xcodeproj*

sorry forgot

huh

oh

i see

u can install launchd throught trollstore

wtf

Change it!

There

capital*

yeah, but would completely rewriting fugu14 be more feasible or dmaFail + coretrust + launchd stuff work better/be more reliable

No I mean the ios-install.sh script is useless because you can just install Fugu14 via TrollStore

oh

how to make crypto miner in objc?

@grave sparrow

i feel as though the biggest hurdle would be 100% kfd reliability

where's the .ipa though

Wen eta Sora dev role

when you make a untethered jailbreak iso 17

W thanks. new addition to iota : )

(im kidding)

Most reliable you'd get is

• Install via TrollStore to get unsandboxing perms / use DriverKit bug if necessary
• Use dmaFail (also 100% reliable) for PPL bypass
• Replace launchd with fastPathSign-ed launchd shim
• Make launchd re-exploit on boot, get PPLRW and then profit from there on

i hate CGPoint

is that OOP

Had to add that just in case

and please implement hold volume up to boot normally or boot safe mode

lol

definitely

will 15.6.1 have a ppl and pac bypass btw?

It has a PPL bypass

guys do NOT download iota, @limpid pumice is adding bitcoin miner

If I send my almost finished jailbreak from before dopamine 2 was released do I get dev role

oh 100%. someone would have taken it out of context

I KNEW IT

It also has PAC bypass vulnerability

but how does fugu15 not support 15.6.1?

There's a CVE for it

No... and to think I even beta test it

i was gonna send it in ioter but with the r's in there i didnt wanna risk it

the fugu15 ppl bypass is only up to 15.4.1

There's been a couple but no one has released a full bypass

ppl fugu15 is not the ppl that 15.6 has

if it is implemented

dmafail would have to be adapted to fugu15 for 15.6 to support

Because the Fugu15 chain doesn't support iOS 15.6.1

True

https://tenor.com/view/tense-table-smash-mad-gif-13656077

true

true

average fioreware™️

that's not easier than it sounds...

typo

Yeah I know

But still

That's what you'd want

u got it

yeah

welp

i'll give u five bucks if u do it

huh?

read

What am i supposed to do?

...

i wonder

cstdio is not a valid header file

wdym

Works on my machine

imagine replaceing the fugu15 ppl bypass to the ppl bypass in 15.6.1

it's better tbf

doesn't need a PAC bypass either

because of Kaspersky haxx

Yes, that's what Dopamine 2.0 does

Because of nation state haxx**

What tool does dopamine use in 15x to jailbreak

also fugu14 only supports up to 14.2 - 14.5.1 which is annoying

Wdym 'tool'?

why does it not support 14.0 - 14.1.1 smh

he means exploit

It uses kfd and dmaFail

isnt it all dmafail now

Kernel exploit didn't work iirc

Thats it am downloading fugu15 and replacing the ppl bypasses

But.. why

yes because all you have to do is replace it

it will just be drag and drop

I want to make it support 15.6.1

probably rootful obsession

no its going to be rootless

Dopamine supports 15.6.1

use dopamine...

fugu15 with dmafail is just dopamine without code to bootstrap

lol

It does bootstrap but is missing some key features

dmafail supports 15.6.1?

But it technically installs Sileo

interesting

Yes, Dopamine supports 15.0-16.5.1

lol

Also its going to be rootless

anterograde annesia

am really bored so why not

Are you... making a jailbreak?

Because Fugu15 on its own will not give you a jailbreak

preaching to the choir

what is FuFuGuGu

Wen eta sora dev https://github.com/jonahnm/Telescope

And @topaz yew

You’ll have to figure that out

(Jailbreak that was being worked on before dopamine 2 released)

bros branch name is meow

https://tenor.com/view/skull-gif-23663947

https://tenor.com/view/urmom-gif-23293768

fr

Well it’s because it’s based off of meow16

I see its a package

so real

Okay

But look at the code

any1 know how to login to older xcode versions? (like 6-8)

shit_map

so wait, the entire reason I would need to implement dynamic patchfinding, assuming I just wanted to swap vnodes, is for proc_object_size?? (to go from kernel task to kernel proc)

is there anything else necessary?

and we just need to find the start of any proc, since they're all linked together?

libass

what makes proc_object_size change?

me

💯

wait

so for the kernel proc

does it point to itself?

like the next proc pointer

wait a sec

yes here we go

so the kernel, uniquely

will have a null next pointer

and a signed parent pointer pointing to itself

so if we search for pointers pointing to 16 bytes before themselves

...are pointers guaranteed to be aligned in the proc struct?

I think it works!

what is wrong with my ipod

if anyone is curious

func findKernelProc(kread: KReadPrimitive, ktask: UInt64) -> UInt64 {
    // Search backwards until we find a signed pointer which points to 2 UInt64s before itself
    var addr = ktask
    while addr > ktask - 0x1000 {
        addr -= 8
        let val = kread.kread64(addr: addr)
        // is a signed pointer
        if val < PTR_MASK || val > PAC_MASK {
            continue
        }
        let ptr = unsignPAC(val)
        //print("Found potential kernel_proc: \(hex(addr))")
        if ptr == addr - 16 {
            print("Found likely kernel_proc: \(hex(ptr))")
            let pid = kread.kread32(addr: ptr.advanced(by: 0x60)) // sanity check
            if pid == 0 {
                print("Found kernel_proc: \(hex(ptr))")
                return ptr
            }
        }
    }
    return 0
}

Any script to trigger kernal panic

?

kernel panicking is easy? I literally have to try and prevent it from panicking

what does this do?

I'm rewriting libkfd in pure swift

and trying not to require patchfinding since that would be annoying

what could this do btw?

uh, ideally whatever libkfd can do? install trollstore is probably the easiest

For what verisons?

iOS 16ish

dont they already have one

Who do I ping to ask lol

idk

Eh I'll just wait until I make a tweak

wtf using masks as a actual value for comparison

i mean i guess it works

but really should be a AND + nonnull check

tr

Uh just ask a mod

Waittt no way its out

lfg

🙏

No it isn’t

I just released source as is

I mean isn’t that

out

😭

Sort of?

how far did you get it working

can you bootstrap

Not really lol

I mean sorta but not really

I see

🎁 I bought you a copy of OneSettings! https://chariz.gift/onesettings/4HDTKDRPGG94XTYWYACT

hey what makes usecount on a vnode go up

my problem is that my write primitive doesn't work if usecount is 0

so how can I organically make it go up

Danke

@indigo peak

ive had something a bit personal to deal with lately

but i had a little bit of time before i did what i did, this has been a thing for a while i just forgot to commit it

so i got libsandy to work

W

reposting from #general because i realized it makes more sense here but

Given that the coretrust bugs allow us to resign any system process, could we not just modify a process of your choice with a tweak directly?

like just inject Spectrum into the SpringBoard binary, CT resign it, swap it in the rootfs (can't have SSV) and have spectrum all the time

or are there limitations I'm not seeing

preferenceloader wouldn't work i think (unless you modify the Preferences bin..?) and process that require no sandbox would also not work

but for some stuff it would work i think?

idk

im not sure if there's a way to just merge a dylib and a compiled binary

just ideas i had

reinstall settings app with preferenceloader dylib, problem solved

outside of springboard this is how roothides bootstrap achieves system app injection for everything else

that's what im currently working on except my macbook decided to enter eternal sleep

so i had to unplug and replug the battery

roothides bootstrap backs up system ipas you inject to and signs them then installs them

interesting

what does it use to inject?

so, does anyone have any ideas on how to debug the simulator freezing when I try and redirect folders by tampering with vnodes

no idea

i think technically ellekit

can’t swap it in the rootfs because launchd will kill it if it’s not a platform binary

platform-application?

no

CS_PLATFORMISED csflag

but you can replace launchd in memory to launch a custom springboard

someone should implement that!

would be like a fake jailbreak

yeah true no point

🤔

springboard specifically is off limits but other apps are fine?

failbreak

like if I change vnode_v_data suddently all attempts to access that file just cause the process to get stuck

is this why SB injection wasnt possible with CT2

i mean for user apps roothide does this…

initially

for system apps no

what's wrong with system apps - same problem?

yes

kfd is what allows you to replace launchd, but ct2 lets you sign replaced launchd and everything else to run it

that or boot an ssh ramdisk

and swap it

not sure

if that would work

kfd works in the simulator?

i was bored at work and thinking

yeah, uses the macos kernel

wow

lol

maybe it's getting confused because of that I'll try real device

what macOS version does landa work until

are there any checks on launchd's status as a binary? could you create your own, swap it with an sshrd, and then just use custom launchd?

um

have you heard of serotonin

lmao

i know Nothing about how it works

i know it exists

yeah

so

but i have no reason to use it

it does what you describe

it works by

does it replace the actual binary though

yes

in memory

no silly

SHIT!

yeah not in memory

the file on disk

no

no

thats what i mean

that would break sep

could you do that

that would just be haxx

what

What

SORRY

SAID SOMTHING STUPID!

ssv?

what if you're on ios 14

ye

haxx from nick chan does this

doesnt it swap analyticsd though

gex

you can swap launchd

https://tenor.com/view/gex-money-winking-gex-enter-the-gecko-ps1-gif-24648318

alfie did this

@hasty ruin

no development for me ik

macbook said no

https://alfiecg.uk/2023/02/25/Getting-untethered-code-execution-on-iOS-14.8.html

ssh ramdisk to swap it

exactly like you said

you /could/ have it load taurine on boot, iirc someone tried this but failed somewhere bc taurine didn’t like it when launchd was not real

i need to get a ct2 cert

my sign.p12 is still ct1

is that a thing lol

its just what i named the p12 i pulled from TS

need

oh it seems that the new bug doesn't use a p12

guess ill stick with my ct1 p12 since it works on 15.4.1 anyway

build choma and run ct_bypass

i dont have a working mac rn

my macbook wont boot

my iphone enabled sleep mode

wut happen

via a magnet in the case

and it wont leave

lol

hold power longer

i tried unplugging battery

nothing

i held it for 2 minutes

sounds fucked

is it intel

im hoping it's just dead

battery is old af

must be intel

15" mid 2012

w magnet lid

yea

time to upgrade anyways

hoping i get enough money at graduation to get an m2 mbp

dream config is 16" 16/1tb but i probably wont be able to afford that

if u dont wanna wait u can get m1 air for like 500 if ur crafty

i dont want an m1 air for 500

lol

my m1 air is my lil buddy

i lov him

i wish my m1 air had more ram and storage

same but i dont care too much

i havent had an issue w 256

I hate ldid with a passion

and the ram issue is overblown imo

ppl will get so mad if u say 8gb is fine on m1

but it really is lol

its fine unless you use xcode

i do get mad

trying to run 3 xcode simulators at once is...

i use xcode frequently

if you use xcode it's not ok

especially with sims

i once used 16gb swap

but i dont use sim

with 8gb i always hit pagefile

always

i never use sim lol

this is wild

see I have to

whats ur tbw

i cant just

have u checked

tbw?

pop an apple tv on the table next to me

terabyte written

tera bytes written

dunno

expected ssd life for m1 is around 150 tbw

when the ssd dies i have a reason to buy a m1 pro

it wont die

bummer

swap preferences binary
it crashes
go to check crashlogs
crashlogs are in settings
settings crashes

oh i forgot to give my new binary execute perms i am stupid

do this

im curious what urs is

im at 7 tbw but im not a power user

that website looks interesting

lol

💀

the gist is just install smartmontools

i couldnt remember the name

lmao

new screenshot cos i doxxed myself in that other one

not that bad

i've only had it for a year

well, not even a year

10 months

person before u mightve done more than you

afaict it actually works on iOS!

it's brand new

fr

nvm then

lol

so maybe it was broken on macOS because it's different offsets

thats pretty heavy usage but it still won't fail

150 tbw is a low estimate

offset issue likely

yours most likely wont actually fail until like 250 at least

what are you trying to swap

vnodes

uh like what folders

and you can do ssd upgrade for like 200 if you want from someone like dos dude

oh, a temp folder and the folder to put trollstore in

ah

my iphone is confused

"monday february 21"

TS installer in swift playgrounds?

yea

👀

interesting

lol

I'm trying to make it universal and not require offsets that change

for example my kproc trick

now I want to try making one, but I don't have any devices supporting playgrounds

does playgrounds have a sim?

ive never used it

are you using a kpf for landa?

that's cool

yeah I rewrote all of libkfd in pure swift

and by pure I mean pure

pure.. kfd

yippee

I mean pure as in I don't even have an objc compiler

posix error 85 after trying to swap bin ary

so can't cheat and use a bridging header

bootstrapping failed it says

oh well i will go to bed

damn that sucks

i can't just have a button in swift that runs my objc stuff

welllll

you can just use this

and exploit it

and have it install your objc code

😛

yeah True

it is not
what kind of MacBook pro in 2024 has 8gb of memory shared with graphics

i have a 2020 m1 air

8gb is fine on that

2024 pro should probably not have 8 tho!

what if i told you

i know it does

but on my 2020 m1 air its not an issue

lol

never launched xcode once but I'll quickly have issues once i open enough stuff
i have a 2020 m1 pro and I'm still confused to why it exists

like, the only important difference is the battery compared to an air lmao

lol

if you put thermal paste on the cpu casing on m1 air it gets practically the same performance as the m1 pro

ive got some thermal paste leftover for a rainy day in case i ever wanna do it lol

no amount of performance can give you more ram

tru

and swap can't solve all your issues

and I have no clue why, but I noticed the exploit works a lot better when running in the "App Preview" mini window then when launch in a new Swift Playgrounds window

like it has trouble spraying the pages when in a new window... more kernel ram usage? idk

anyway it can list directories now, just a few more things to actually write the TrollStore app

what do we name this install method
trollgrounds?
seems too easy

are you going to use trollstar's method?

yep

sweet

🔥

all kfd vnode modifications are reset on reboot, right?

yes

well, most

do not fuck with mobilegestalt

i bootlooped with that before

the silly

macbook “pro”

point and laugh at the people that bought that

fr

pro series M SoCs on top

💯

my m1 base with 16gb ram is more pro than that machine can ever be with 8

i swear my m1 pro mbp gets more use as a mac mini than an actual macbook now

lmao

mines a glorified chromebook for school

i just larp about needing 16 on the go but realistically would never notice a difference with chrome and google docs

maybe with xcode once in a while

@granite frigate NEW PFP… WHAT THE FUCK!

What’s up #jailbreaknation

bruh like 3 people told me that

😭

YEAH CAUSE UR NOT SUPPOSED TO CHANGE YOURS

😭

Do you guys have any ideas of things to make

i was gonna ask

im a very idealess person 💀

SAME

I’m just an implementation person

thats cap for you tho

Lmfao what’d you do

you're working on somethign like alwwawys

Nah 😭

deviceSubtype set to ipad

so it tried to load ipad frameworks or something

I haven’t really worked on anything in the past like few weeks

anyway no apps loaded so I tried to reboot

wtf

the end

💔💔

😭

@granite frigate hop on persona

😳

HOP ON

i cant find my switch

💀

fire

💔

try deleting SystemVersion.plist

Aren’t kfd overwrites persistent on /var?

uh

I forgot

but idts

They 100% are because otherwise TrollStore installation wouldn’t work

if you reboot, the kfd overwritten tips app stays as TrollStore?

Yes

it didn't for me

dunno

Maybe it’s inconsistent

Wasn’t there a difference when you force rebooted vs regular shut down

Not sure

The way TrollStore installer works is overwrite Tips with kfd -> reboot to get rid of cached code signature -> open on fresh reboot

But I’ve seen some people say it works without rebooting

So I think it’s dependent on whether the signature has been cached

I've tried like dozens of times and kfd installation via TrollStar never worked

Dunno

Took me like 10 attempts

But the one that worked was:

• Shut down
• Power on
• Leave idle for 5 minutes
• Unlock
• Leave idle for 2 minutes
• kopen

https://fxtwitter.com/sebjvidal/status/1760954194133995685

someone discovered OnBoardingKit lol

Took them long enough

https://www.reddit.com/r/TweakBounty/comments/1axys6j/20161_change_notification_location_on/

@primal perch https://vxtwitter.com/NotNite/status/1760878056766333044

chat i have to learn angular and host a workshop on it within a month

is this doable

if you don't take any showers, yes

i'm assuming I'll just be teaching the basic stuff up till making a todo

because idk otherwise

💀

why angular of all frameworks

because it's a google student club

and the options were node express or angular

skull

So, I wrote the trollstore helper over Weather app using playgrounds, but it doesn’t launch

Is that because I don’t respring?

cached code signature

try that method I guess

doesn't hurt to do so

Ok will try and respring

which part

okay i can finally push the flora update that sat in my local git for the past few days

https://github.com/acquitelol/flora/releases/tag/1.0.1-dev can anyone on ios 14/15 test this, especially on ipad? (and show me what the preference pages look like if possible?)

it works on my own device but i havent had the chance to test on any others

Shouldn't I be able to read the apticket ? (A14, 14.6)

person on r/unixporn made a intel/arm macos tweak injector https://github.com/CoreBedtime/ammonia

is quite funky

use at own risk

@topaz yew nice injector

Schweet

They are a huge nerd

😭

why

@naive sedge I replied in HD but the only way to remove cached signature is to reboot

@grave sparrow it’s over for you buddy

interesting

thanks it could be better

seems to work

does exporting and importing work

try exporting, clearing prefs, and importing

app icons will untheme themselves for a second when closing the app

it does

thats a tint color, im not sure which color actually influences that

it seems this sf symbol does not exist on older ios

what ios are you on?

15.1

chad

ok ty

wait does it work in other apps too

i know ipad doesnt have a calculator

wait nvm

that video shows notes thats fine

huh

theres the crash log

you just got your details logged

but i already installed jade

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

@grave sparrow what's the point of bragging that i made a macOS tweak injector

if you're not gonna make it public

trollery

Cinema

have you consumed your daily intake of 20 digestives with 5 pints of PG tips yet iCraze?

ran out of memory
i think some recursion is occurring
it's literally the same thing over and over lmao

wtf

sadly not

i hate github markdown oh my god

in my local preview, the table of screenshots looks great

why

meanwhile github

skulley~1

that looks

fine

what's wrong with it

the different sizes really annoys me

wouldve been better if it was scrollable like the preview

oh

are all the images the same res

yes

same res, same width

github just decides to do that though

because its github

you could just be funny

and do inline styling

i already do

absolutely disgusting behaviour

more of a reason why you should add me on snap

and send me toe pics

Don’t make that mistake

then ig you just have to adjust width accordingly

Trust me.

why

reason

You don’t wanna know

or just make your own table

i do wanna know

tell me

what did he send you

wtf

joking

i never said that

thats how i made them horizontally scroll in the preview, theyre all the same width already

/snipe

how much

name your price

wtf

why is every div overflowing
if it's one table

tbh idk

how many corvettes would you get

it's not that valuable

L capt

i did not expect this from you

zefram malware

deeply dissapointed

fr

anyway time to work on a ios 14 untethered jailbreak

(when i get a test device)

wen eta rootless ios 14 jb

that'd be funny

what would be the point

@sonic totem WHAT THE FUCK

EXPLAIN THYSELF IMMEDIATLY