#development

i would buy it

i already own bigsurcc and jade even though I only use jade

@indigo peak with troll dycryptor why don’t u have it open the path of the downloaded ipa in filza? Doesn’t filza have path sceme or sm ?

Also why isn’t the format .tipa

I wanna airdrop it

hmm

prolly yeah

i await for the next #development message

from dgh🙄st

huh?

who's dghost

I'm confused

basically they made a super long chain of message links

took me like 5 mins to click all the way back

ohhh lol

either way my jade is looking so good right now

so probably would also be a bad first tweak then

imo yeah

hmmm

tryna think

try something simple first, maybe make it so you can hide the search text in the app library at the top

something basic

well idk if you have experience with %hook/logos

if you do then you can try some more complicated things, maybe try to lower the y position of the notification centre

mayhaps

and make it customizable in preferences

WAIT

notifications in control center

like android

that would be really cool but youd need to add integration for the cc tweaks lol

The CC is the most cursed thing on the planet

or like

maybe you can add it as a custom module that, when tapped, opens a page with some of your notis?

swipe down control center

I can do that

because all of the custom cc options let you add stock modules

when I first used ios

I was like

WHERE THE FUCK DO I SEE MY NOTIFICATIONS

if you just add it as a mock-stock module then it would work

wasnt it stolen from jailbreaks anyway

I figured it out and I was like, why do I have to go back to the lock screen to see them

also i havent bought rune, but to me it looks like what the app switcher looked like on my ios 5.1.1 first gen ipad

is that the intention?

to look like the old app switcher?

like the old app switcher even had music controls and stuff like that if you swiped left instead of right

One of the best modular implementation you’ll see in iOS.

oh yeah

I remember that

or well

I know it

from ios 5

lol yea

i still have my ipad somewhere in my room

maybe ill jailbreak it again

I have an iphone 4 on ios 5

downgraded though

its a 64gb ipad

I disagree but you’d know better than me so

part of the screen doesnt work anymore (it doesnt even look broken it renders things fine it just doesnt respond to touches anymore)

i have to rotate to tap in that region

What else is designed better to easily add more modules?

imo, the whole PSSpecifier api

with a cellClass to define your own custom class on top of the base things if you need more functionality

where did theos create the tweak folder?

Sure thats decent but its only works well when the data is mostly static. Anytime you have a dynamic list as the data you are reimplementing most of what PSSpecifier api provides.

not necesarily you just end up defining the specifier via code rather than a plist

- (PSSpecifier *)generateSpecifierWithName:(NSString *)name parsedName:(NSString *)parsedName hexColor:(NSString *)hexColor {
    PSSpecifier *specifier = [PSSpecifier preferenceSpecifierNamed:parsedName
                                                            target:self
                                                                set:@selector(setPreferenceValue:specifier:)
                                                                get:@selector(readPreferenceValue:)
                                                             detail:nil
                                                               cell:PSLinkCell
                                                               edit:nil];

    UIImage *originalImage = [UIImage systemImageNamed:@"paintpalette.fill"];
    UIImageSymbolConfiguration *symbolConfiguration = [UIImageSymbolConfiguration configurationWithScale:UIImageSymbolScaleSmall];
    UIImage *paletteImage = [originalImage imageByApplyingSymbolConfiguration:symbolConfiguration];

    [specifier setProperty:[GcColorPickerCell class] forKey:@"cellClass"];
    [specifier setProperty:hexColor forKey:@"fallback"];
    [specifier setProperty:@1 forKey:@"style"];
    [specifier setProperty:parsedName forKey:@"label"];
    [specifier setProperty:BUNDLE_ID forKey:@"defaults"];
    [specifier setProperty:paletteImage forKey:@"iconImage"];
    [specifier setProperty:name forKey:@"key"];

    return specifier;
}

but i do get what you mean

Very basic noob here trying to install theos on linux - I have theos installed and some patched sdks, but I think I am missing a toolchain. There's nothing on the theos wiki about a toolchain, but there is also no mention about sdks. Am I missing something? Thanks!
(Also forgot to mention that the iphone dev wiki had a toolchain from coolstar, but it seemed to be for ios 14)

Thats still static. The color picker is just modifying what is displayed which is a good example of customization provided by the API.

I meant more so when you’ve got X number of cells, and that X changes at runtime. AppList is a good example of that, if something like that, but for any dynamic list, was in PSSpecifier API then it would be best modular design.

@radiant idol

what was the command for building for rootless again

Who

Idiot

Smh

i keep forgetting

😭

“make … THEOS_PACKAGE_SCHEME=rootless”

thx da 🐐 no 🧢

now go fix akara

hello 🙂 👋

nothing to fix .. besides enabling custom feature for my themers 😍

what are we developing today

nerd fr

#development message

Imagine only developing one tweak

No sir.

you can with [self reload]; and [self reloadSpecifiers] which calls the specifier getter method again, but yeah thats definitely not ideal in some cases

Right but you are reimplementing the API at that point.

fair

Is anyone able to help correct an error with a package I tred to convert to rootless? Getting the attached errors

Devs update your tweaks to support iOS 17.3 A11

AAAAAAAARRRRROOOOON

@naive kraken when I overwrite an app, and it stops launching, but then it doesn't open (tapping on it literally does nothing) even after reboot, what does that mean??

still having the EPERM issue so I don't have my first pick of apps to use, so I used the Numbers app, is that not 'System' enough to pass signature validation or something? Not sure how that part works

it has to be a removable system app

I don't think numbers is one

can you list them

or tell me how I can figure out which ones are

and does it have to be removed + reinstalled for it to work, or will installed from factory work?

/System/Library/AppSignatures

I'm the wrong person to ask

yeah no this stuff is too complicated for me

errr

so

News is one of them

I tried it

and it said it overwrote it

but it didn't stick

so uh hrm

who knows more about this stuff?

I feel like I'm soooo cloose

yet it doesn't work

very frusturating

anyone that's actually made an installer, I presume

don't know how to contact whoever that is

@verbal cedar

i think they made one

@timid furnace , they probly know

any help? this seems to go on for a long time when compiling to rootless?

idk

#import <Foundation/Foundation.h> try replacing it with this

@gilded ivy ik its the same thing bbut idk

maybe try using an older SDK

Also I found out how to make kfd more reliable

Open many apps first

If you open too many Springboard will have a resource shortage and respring, just close one app and keep doing that til you get the perfect number

For me it’s about 6 apps

Sometimes it works better if I open those 6 apps then purposely respring, then try it

You have to balance it such that RAM usage isn’t increasing during the exploit (by making it close to full) so that PPL isn’t grabbing more pages and panicking

it could not build it?

same error?

that's some random person

oops it is

oh hes not in this server

@naive sedge kfd is a fickle beast and it's hard to help you without knowing exactly what you're doing. The functions in kfund have been working fine for this and didn't need any special modification in order to replace apps

i think he trying to get KFD troll installer working in swift playgrounds on ipad

ios version

this is why i regret adding random repos

wtf does this even do

"my ball"

I'm rewriting libkfd in pure Swift and running it inside a Swift playground

for whatever reason, when I implemented the overwrite file function, it cannot overwrite system applications, it just doesn't take effect

good tweak get it

I assume that it is taking effect when I try and overwrite normal apps, because I am no longer able to launch them, even after reboot

also I get the EPERM issue with seemingly no rhyme or reason

best tweak
!!!

What is this

it adds on your screen

and it moves

good tweak get thank you

hi

hi

im tryna make my first tweak

do you think i should use swift

or another

im on windows

@hasty ruin what are you teaching your child

grrr

help me

I’m scared, he doesn’t know what is root

shhhh

hi guys

how do i go to code it now

put code in the Tweak.x file

profit

is it the tweak name.x

or just tweak.x

i just cant find the file

it is just Tweak.x by default

that is not how you open a file

lol

jk

https://github.com/NightwindDev/Tweak-Tutorial you should go through nightwinds guide first

ty

now what

‘make package’ for making a deb

nah i wanna open the code

you’re on windows? just use visual studio code

https://code.visualstudio.com/

i have vs code

how do i open the file tho

im special

on the top bar or something there’s file, click that, open folder and go to wherever you made that folder

i dont see the file

even in ultrasearch

well how am i supposed to know where you put it

i didnt put it anywhere

i ran this

then cded

into

aneuirsm

imma prob rename it to ruletete

roolete

then ran make

wtf

minicraze

im stupiood

im not like my father 😦

ok so it looks like part of the problem is that I get EPERM for many files, not just apps

and I think that has to do with those file's permissions, not something special

I guess normal app store apps are marked as readable by all users? just outside the sandbox?

very strange behavior but I made an explorer that lets me poke around, I can read all directories but files I get EPERM if I just bring in their parent directory

also

occasionally I get the panic invalid state for namestream inode

does anyone know how i link a user installed library in a preference bundle (rootless)

since it looks like it's searching in /usr/lib only

rpath

true

@indigo peak old fiore moment

real

must be curse of binding bc I can’t get rid of it

you should get that checked out

just saying

ong I tried that and it didn't work but tried it again bc you said and it works now

thanks ig

bruh

why are you trying to get rid of your penis

bottom surgery

Guess what

Mfs installing flex thinking they’re the hottest mf on the block

atp jus start prayin on peoples downfalls

why is bro using svc

frfr

@indigo peak its time

@placid kraken WWW flora

🙏🙏🙏

now i have to add per app theming for like message bubbles in messages and things like twitter

could anyone with a healthy device that does not look like this send the output of df -h on their device? I am trying to debug where tf my storage is going

Bruh

any smarty pants know what's going on here? i understand the rest of the script but as soon as it gets to the pic sent im like huh https://github.com/haxi0/Derootifier/blob/master/Derootifier/repack-rootless.sh because i know the rest of the script deals with changing around the directories to be that of rootless+ellekit but is this modifying the binaries or something (i think that's what otool is for?) to be rootless or am i dumb

@placid kraken flora respring hangs my phone 😢

as in it spinlocks???

https://github.com/acquitelol/flora/blob/main/Tweak/Utilities.m#L79-L84 this is all im doing

this is how i "should" respring

https://adamdemasi.com/2019/08/25/respring-the-right-way-followup.html

according to this

No like I installed, respring and it spun then like froze spinning then keeper spinning, and kept doing that till I held volume up button

To go to safemode

And no crash logs we’re generated

Let’s remember that you also have like 928484932847949327240 tweaks

nightwind is that the right way to respring

is there a better way

should i just do sbreload

ughhh sbreload takes me to the home screen not the app prefs

yeah once i get a test device ill test it

İ do sbrelpad and killall springböard as a faılbacl

oh that word is blocked

Contains a filtered word

Probably

+ (void)respring {
    extern char **environ;
    pid_t pid;

    const char *args[] = {"sbreload", NULL};
    posix_spawn(&pid, ROOT_PATH("/usr/bin/sbreload"), NULL, NULL, (char *const *)args, environ);
}

Doesn’t work on Xina v1 unfortunately

sbreload is on most modern jbs

u can also just killall -9 SpringBoard

or backboardd

Don’t do -9

That immediately kills it

Bad

Oh no

Anyway

like this?

const char *args[] = {"killall", "backboardd", NULL};
posix_spawn(&pid, "/usr/bin/killall", NULL, NULL, (char *const *)args, environ);

kill sb instead

hmm alright

Nah

Fuck backboardd

but would that take me back to tweak prefs are respringing

ruined my month

@placid kraken what’s in your like %ctor

quite a lot

Rüınəd yöür rüne

https://github.com/acquitelol/flora/blob/main/Tweak/Flora.x

mostly just nsuserdefaults init and the main UIColor hooks

Omg it’s def that

wha?

When I put a if file exists in 16player %ctor it didn’t like it

i dont have a fileExists anywhere

i dont init NSFileManager

access >>

if it breaks when respringing i have a feeling the respring method is bad

nightwind is the process name springboard or springboardd

for passing as an arg to killall

No flora never even got loaded into SB

Ib tried killall SB

SB reload

SpringBoard

oh right

you do have all the dependencies right?

Iööı ay my tüeak code

husk

which tweak

Böldərs Rebörm

that kills backboardd

Öööööööööö

Bəd

wtf

https://github.com/NightwindDev/SileoRespringFix

am i doing it wrong??

extern char **environ;
pid_t pid;

const char *args[] = {"killall", "SpringBoard", NULL};
posix_spawn(&pid, "/usr/bin/killall", NULL, NULL, (char *const *)args, environ);
``` nothing happens

Looks at nights search dots code

Or eggnotch

(Not by night wind)

ROOT_PATH

/var/jb/use/bin

İdıot

that one also kills backboardd

U killed backboard in bolders reborn

rootless?

oh right

It does?

/usr/bin/killall röötfül
/var/jb/usr/bin/killall rööyləss

Root path shit doesn’t work

Ön Xina v1 yəs

U Gota do sm if rootless/rootfull trickery

Rəst ıt ıs sbrrload

yeah killall SpringBoard works but it takes ages to get back into ios

maybe i need some other arguments

+ (void)respring {
    extern char **environ;
    pid_t pid;

    const char *args[] = {"killall", "SpringBoard", NULL};
    posix_spawn(&pid, ROOT_PATH("/usr/bin/killall"), NULL, NULL, (char *const *)args, environ);
}

like it takes longer to respring than backboardd

ROOT PATH WORKS FOR YOU 😡

..yes???

Üpdəyt yöür theös

🙄

why tf are you typing like that 😭

Bc he’s night

He’s feeling goofy today

Bekaiz i canf ssm to cjanhd it yp tje english ksubpard

Oh L

Funny how I understood that

yeah ironic actually

Very

Ğm Iso qiote exhsustsd

Go back to bed

Nö

PİRACİ

I can’t use flora.

It doesn’t ever load SB

it hangs…

thats.. very strange

I can try disable all tweaks one sec

But is one killall SB and one sbreload ?

first one is killall SpringBoard second one is killall backboardd

Do not kill backboard

Use killall SB

yes it may be faster but don’t

lol all of nightwind's OS tweaks do it, i wont tho

(Idk I havnt treid)

Bəcəuz im simb

Indeed

use sbreload

YES SAME

Use sbrelpad excepy on xina v1

WELL

i get safemoded

its ios 14+, are there any rootless jbs that dont have sbreload???

Its got to do with foxfortutils

Nope

Xina v1’s sbreload ıs brölen

xina

does anyone actually use xina v1, like are there alternative bootstraps?

xina v1 loves to make everything hard

i think most people switched to v2

there are söme peöpel on it

Because its the same iirc but just no hackiness

how do i check if the jb is xina v1

is there some file created during bootstrap

@warped sparrow baba

I have the çhek in Böldərs Rebörn

oh ok

why is bro yapping with the ü and the ö

Azerbaijan

Alphabet

Or something like that

İ cənt seem tö çnage tö thə əngliş keybpad

W

your check uses backboardd and no root path macro

is xina v1 rootful?

LMAO

İ think Xina v1 üöiıd patch tjay

just say people on xina v1 cant use the tweak ✅
@warped sparrow

LMAO

i dont have the dev role so its not me

nightwind secretly uses xina v1

LOL

did you say something

icraze is here

icraze is better than nightwind

guys its capt inc

obviously

icraze is a curry muncher

WHAT

im pakistani

naw icraze loves his fish and chips

I can say that

And his jacket potatoes

British

remember when the word roothide was blocked here

its funny because i just finished munching curry ✅

well well well

the paki is eating curry

how am i not surprised

Is flora on havoc?

It was?

yeah

W

Apply for dev role

but its still OSS

where

W

Modmail

just ask

mod

???

W because i got no money

kixrd got deleted

Lol

i give up

racisim??

fr

thats the idea !!!

W rosie

@torn cloud ```swift
static func map(phys: UInt64, size: UInt64) throws -> UnsafeMutableRawPointer? {
let port = try getSurfacePort()
let surface = try KRW.rPtr(virt: try KRW.ourProc!.task!.getKObject(ofPort: port) + 0x18 /* IOSurfaceSendRight -> IOSurface /)
let desc = try KRW.rPtr(virt: surface + 0x38 / IOSurface -> IOMemoryDescriptor */)
let ranges = try KRW.rPtr(virt: desc + 0x60)

    // Write the desired address and length to the ranges entry
    try KRW.w64(virt: ranges, value: phys)
    try KRW.w64(virt: ranges + 0x8, value: size)
    
    // Change the whole object to the correct size
    try KRW.w64(virt: desc + 0x50, value: size)
    
    // Clear task and some other stuff
    try KRW.w64(virt: desc + 0x70, value: 0)
    try KRW.w64(virt: desc + 0x18, value: 0)
    try KRW.w64(virt: desc + 0x90, value: 0)
    
    // Set wired (physical addresses are by definition wired)
    try KRW.w8(virt: desc + 0x88, value: 1)
    
    // Set this to be a physical memory descriptor
    let flags = (try KRW.r32(virt: desc + 0x20) & ~0x410) | 0x20
    try KRW.w32(virt: desc + 0x20, value: flags)
    
    // Finally, clear _memRef so it's reconstructed
    try KRW.w64(virt: desc + 0x28, value: 0)
    
    // Map!
    guard let surf = IOSurfaceLookupFromMachPort(port) else {
        return nil
    }
    
    // Leak surface to keep mapping
    _ = Unmanaged.passRetained(surf)
    
    return IOSurfaceGetBaseAddress(surf)
}

here

Ooh

this explains how it works

Sw*ft

censorship

real

This would be better if it was in objc

I’ll rewrite it when I get home

it's from Fugu15, not my fault linus was obsessed with Swift XD

No offence to Linus but what was going though his head when he thought “let’s write two jbs in swift”

Like wtf

because technically speaking, if you know what you're doing, Swift is a much better language

I’ve only ever used swift for some basic UI

So I can’t comment

whatever goes through Linus head also nets him thousands in cve bounties

True

I should find a kernel bug

Wait thousands??

yummy yummy money

That’s crazy

apple pays alot

I mean... a full blown exploit chain for iOS 15 would pay a pretty penny

apple is very serious about security lol

landa alone was 70k

It’s like 50k minimum for a kernel bug right?

somewhere around that I think

Kind of a good thing for researchers

If I got that much money, I'd build the ultimate threadripper machine

complete with a 4090

I'd like to say i want to find one but in reality i'm still a skid

You sure that’s a good way to spend the money 😭 buy a M3 max mac or something

yes

lol

I'm an AMD guy

can I send here a link of a CVE a guy sent

on reddit

Tbf my goal in life is to find a CVE before I’m 18

So I got 4 more years left

I'm 15

😭

Except I have experience in reverse engineering

17.3

how would i use ROOT_PATH_NS in swift?

It's over for me im 18 in 6 months wtf

Better get to work then

real

Dunno where to even start

shits crazy

You need to learn assembly ig?

you can probably import rootless.h with a bridging header

yeah right

yeah, I conveniently used to do nintendo switch security research

thanks

same architecture lmao

Nintendo uses ARM?

What

yes

the switch is ARMv8

how did you not know this

the switch uses a maxwell nvidia GPU

with an ARM processor

because nVidia made an SOC

where does that take place

reswitched?

I did security research for a game

Splatoon 2

I found an anti cheat bypass

Meanwhile my parents want me to focus on school

never reported it though because I was I think 11

is it still there?

mf was doing security research at 11

the game is discontinued

its over for me

Crazy

it wasn't then though

Is that the Jade issue lmao

replaced with splatoon 3

why do you think splatoon 3 would have a different anticheat from splatoon 2

because

there was this one person

who found it after me

bruh

who abused the shit out of it

Lmao

lmao

they went by "haxxie"

I can't if I have school

Can relate

I mean it sounds like a bad excuse but i always have to do my groupmates' work to not fail

Why would you need to do that

clearly lots of other students also have better experience than me in security

My parents think that making haxx is making me more distracted from school 😭

here's an example of their abusing https://www.youtube.com/watch?v=szKgfMaPZxc

my parents don't know im doing anything about this

Just have a academic comeback whilst also reverse engineering XNU

Not hard if you find balance

Frcoal

that sound was... loud

Killall backboard

what do you guys think about this https://www.reddit.com/r/jailbreak/comments/1azrcmg/tcc_exploit_17173/

you make the latter sound very easy when I don't know anything or where to start

lol

at most i've only just skimmed through random files in the github

learn some assembly ig, I have a ebook on my computer I’ll send it to you one min

sure

i don't even know myself lol. some library is purely swift and i thought it'd be easier writing the tweak in swift instead of creating a wrapper class around it to use it from obj-c. but its a pain tbh lol

lottie 😭

yeah

managed to compile it now

Same fr

But time running out

This airaw tweak on chariz says 404 when i try and download 1.6.2, and it says its free for some reason lol

At least you’ve found something lol

I need a 0day though

Jus pirate it

@granite frigate my grades are suffering lately

alfie

how much did you get for trollstore

Nah I'm not a sad person

Blud at least you found something

Your a genius how

@sonic totem what did you find?

Its free

whattt

Or was it what you told me abt before

$0 cause he didn’t find the bug originally

, I just don’t have PayPal 🥲

ohh right

??

I'm talking about the CoreTrust bug

alfie

Ohhh

Ok

I just went into this chat lol

did you see the reddit post

?

Go get that zero day 🙏🆙🆙

Wel u didn’t find it, u like reverse engineered it

Right ?

I am aware

like do you think it might be something?
https://www.reddit.com/r/jailbreak/comments/1azrcmg/tcc_exploit_17173/

Yeah we'll see

No

actually he patchdiffed

No PoC, no details

understandable thanks

The fact you found something just from diffing means that you're like a genius fr

We have no clue what parts of TCC it gets around

NO

should I find a 0day

It wasn't that difficult

I'm not genius

The changes were also minuscule too lol idk

I looked and had no idea what actually changed

I would like to build my dream threadripper machine

... there was loads of changes

Actually 🤓☝️

curious

Most of the changes were in the struct

And CMSBuildPath iirc

It's been a while

Proper write-up pending but it was more than just "use two signer infos"

oh right

I'd have to write a write up

was the choma explanation correct

@placid kraken I disabled all my 1 million tweak and flora is fine now, so it’s a me issue 😭

😓

Which one

Github readme

too bad I can't just make a PoC

right, apple does require a write-up

This?

Ye

That's vague

But correct

How are you even supposed to make a PoC when there’s no details of the bug in the first place lmao, when you look on apples website the CVE explanation is so vague 😭

There's more to it than that

nyaboom~7

no I mean

of a bug I find

Ohh

That’s easier ig

I just have a bad feeling I’m gona enable all tweaks and it will be fine

and usually wrong

like kernel code execution being used to describe landa

@granite frigate proper writeup in the next ~3 months

Because of that thing that I'm also doing

I mean at that point you just kind of have to start reverse engineering

Since Apple is useless

?

in the CVE

for landa

it says kernel code execution

lmao

But it's a kernel bug

yeah but kernel code execution != kernel bug

well, in apple's mind it is

"`Kernel code execution" means having access to kernel memory

in Apple terms

yeah, in apple terms

not normal terms

A real kernel code execution bug would be a PAC bypass

kernel code execution to me would mean executing kernel code

yeah

Or KTRR bypass

goldfish memory strikes again...

Also is this intended ?

That thing that I might submit

another thing I could do

Ah

yeah

is make dmaFail work as a KTRR bypass

I have a few ideas

How is that supposed to happen

i dont think so, but i also think that might not be flora causing that

There was a bit of lore the other day

With my thing?

except the problem is, why

spinlock isn't an issue anymore

at least not afaik

No, the possible KTRR bypass

Oh right

Okay I've procrastinated studying for about 8 hours

You’re talking about the one where you can only r/w to cache right?

Time to start

yeahhh

Yes

but there's some ways I can think of to work around it

like just not letting cache be written back

but that would have performance tolls

Worth it tbf

I mean the bypass entry point was patched in 16.6 I believe

or maybe doing this, and then inserting code into the kernel, but inside the kernel I maybe do something else to have KTRR bypass after writing cache back

Or was it 17.0

16.6

Yeah

likely not possible tho

I do know a theoretical way to stop cache writeback

@placid kraken I don’t think this is suposed to be like this

but I just don't think a KTRR bypass is worth it

what benefits would it bring atp

Bring back hypervisor

Kernel trolling

mov r0, #10 mcr p15, 0, r0, c6, c2, 0 ldr r0, =(0xxxx) //REGION_BASE mcr p15, 0, r0, c6, c1, 0 // DRBAR mcr p15, 0, r0, c6, c1, 1 // IRBAR ldr r0, =(0x18 | 0x1) // REGION_SIZE mcr p15, 0, r0, c6, c1, 2 // DRSR mcr p15, 0, r0, c6, c1, 3 // IRSR ldr r0, =(0x1301) // Shareable Device mcr p15, 0, r0, c6, c1, 4 // DRACR mcr p15, 0, r0, c6, c1, 5 // IRACR

well that's M chips only though

no, apple has a register

to disable cache writeback

for sleep

Where is this?

stack overflow post

lmfao

would you need krw to disable it ? Or is it embedded in the kernel

this

in full words talk

that's saying

hm

ARM64 Register Apple Core Cluster Override Disable L2 Cache Flush for Apple Core Cluster Sleep

(Flush == Writeback)

can someone give me a snippet for code that works in objective c 16.5? i wanna make sure my theos code is working right

This is a bitmask to disable L2 cache flush right? For accelerated sleep

^^

Looks neat

How did you figure it out

uh

Look at some oss tweaks

asahi

linux

I really want to ask the asahi team if they know what the register actually does

Oh

but idfk how to contact them lmfao

IRC?

bru

what's IRC

I genuinely don't know lmao

https://tenor.com/view/getting-old-man-saving-private-gif-13333225

sorry

:(

uh oh

sourceforge

is dying

what's a good starting point for utilizing data in the Shortcuts app. like where are the shortcuts stored or smth

0 reddit posts

@radiant idol well done

are you sure you wanna shut down? because that shuts down your device

yes

it does indeed shut down your device

to any nerds that know the answer: is it possible to set nonce using a kfd-type exploit (puaf?)

and if we get this, we'll have a new trollstore available? (or not)

Some people would do it then be like wtf

maybe

what do you need for dimentio to work

@placid kraken also I narrowed it down to 10 tweaks now

1 in there is bad

tfp0

it seems like dimentio supports libkrw and stuff though

uh wouldn’t that trigger KTTR

dimentio

:3

so i think you might be able to just directly plug it in to kfd?

oh yeah

W 0x7ff

Yes

app idea

TrollNonce did a similar thing but also used entitlements

Depends on target version

@radiant idol @radiant idol @radiant idol

IT WAS SEARCH DOTS LMFAO

wait does dimentio work unjailbroken

@placid kraken

krw

You need krw

alr

L

@warped sparrow i figured it out, do u have search dots installed ?

can't I just skid TrollNonce and throw kfd in it

Nope

damit

would that work

https://tryitands.ee/

looks like the nonce settings and krw is in the roothelper

LMAO

real

It would be incredible really

nightwind slander

fr

time to fix it

Yeah I guess

But it’s unlikely may I say

Probably

how has no one else done that

No demand

Nonce is useless for 16.x-supported devices

I suppose it's not useful for now

and Dopamine has libkrw so you can just run dimentio jailbroken

Should work yes

any nonces in chat

???

You don’t wanna say that

oh

realisation

https://en.m.wikipedia.org/wiki/Nonce#:~:text=Nonce%2C a slang term chiefly,offenders%2C especially ones involving children

Ngl i don’t know what a nonce was until recently

I thought it just meant like a fool

can i run python on iphone

0x1111111111111111

Yes

Same

You think there's a 99% chance we'll never get TrollStore? 😢

there will NEVER be another coretrust exploit AGAIN.

Probably yes

I know i most likely won’t find a bug

https://tenor.com/view/lie-lie-detector-cap-you-are-lying-stop-lying-gif-12198388917433403789

Correction: I most likely won’t release a bug

Okay RIP, I'm sad, fuck Apple

@granite frigate I’ll tell you though

Real

Please apply for TrollStore 3.0 beta ASAP

hey

does anyone know how to hook into volume ui?

using obj c

i cant figure it out really

Find the header for the ui component and %hook

does no one know 😭 damn

Nobody using shortcuts

shortcuts + ssh

=

awesomeness

because of the eta kids?

Partly but also I’d like a 0day to keep to myself for a while

But mostly because I doubt I’d even find a bug in the first place

You’re a smart guy you’ll find one lmao

^

i cant find the header

should just be kernel r/w

*KTRR also idk

Still, REing CoreTrust is not something that makes me happy at all

try using Flex

can vouch

what is that 😭

sorry

allows you to get properties of certain UI things

link?

also is there a way to run a dummy device on windows

or is that just xcode

bro is using windows

yes

i am

if you can’t afford a Mac at least use Linux

smh

bro my pc is 2k

then dualboot

Xcode simulator is trash for anything apart from tweak dev

GYATTT

LOL

all this and cant even find my hooks

clean ngl

so how do i get flex

https://github.com/FLEXTool/FLEX

this would be perfect if you had a MacBook on the side

macbook bad

also I’m not a fan of the black white keyboard combo

my pc solos

yeah i changed it

you’ll need it for iOS dev, otherwise you’re gonna be in pain

trust me

nice

anyway back on topic

get flex installed

and grab header properties

ok

lemem try

im not very smart

this is gonna be hard

wait

where tf do i find ios simulator @torn cloud

you need a Mac

aw man

do u have one?

yeah

can u find the header for me

🙏

when I get home yh

how long (i am very pateincese)

s0n

ok

like half hour maybe

👍

i gotta go somewhere at 3:30

so

we good

Uh what’s your timezone

est

you’re in the states?

yes

yes

so it’s like 1pm for you?

yes

in 1 minute

what about u

gonna be 6pm in 1 min

in the uk