Nah

Objc is weird

Life or death question

One will make others bully you

Too bad :P

how do you hook a specific uiimageview?

how

god no

bro has fallen to the dark side

@acoustic imp how did u do it?

If possible, it’s best to hook either a view controller or at least a parent view with a unique class name

no i dont think i can do that

theres pbuiposterlockviewcontroller

and there are two subviews

PBUISnapshotReplicaView and UIImageView

and the UIImageView is what i need

I have a good reason

objc IDE support on non-macos is really bad

swift's IDE support is much better

you don’t need an ide

🥱

I'm sure you use one

in fact I know you use one

do i?

yes

you sent a screenshot with you using an IDE once

icraze only uses the github web editor on his phone

I don’t like ides

that's something rustaceans say

secret rustacean???

what is everyone's problem with swift anyways 😭

@hasty ruin what if theres an UIView with the name "PBUIPosterWallpaperViewController" and it has the image can i hook that

this is why you get a mac

Depends what you wanna do

What are you tryna do

has no pointers

it does

huh

https://developer.apple.com/documentation/swift/unsaferawpointer

still doesn't make it any better

that's like saying

Rust has no pointers

i want to yoink the image (uiimage i guess) from that uiview and set it to a uiimage var

too expensive for one that's suitable for development lol

intel macs existing:

and I can't hackintosh well because amd

Then you can probably just go from vc -> image view -> image

would you rather me use Zig?

tf is that

C but it's more like rust

https://ziglang.org/

yes

I'm using zig

zig is goated

because at least I won't be bullied for using it, and it's an opportunity to learn a langauge I've been wanting to learn for a while

https://github.com/mitchellh/zig-objc

I can defo use it for tweaks

this works quite well

looks alright

great! it's decided then

working with objc stuff in zig is not bad at all

I'm also gonna add functionality to the tweak to recognize your facial expression when you unlock your phone

to give specific

welcomes

probably needs a truedepth sensor to work

nope

huh

https://github.com/TadasBaltrusaitis/OpenFace

@elder scaffold can I steal borrow your stage1 ROP generator from palera1n's openra1n fork for Achilles?

Repo is unlicensed

written in MATLAB

intresting

I can use this for face recognition as well

@native orbit what IDE do you use for Zig?

none

i just use vscode or nano

staturnz wrote a neofetch alternative in assembly 🔥

fair enough

nano

hm

I mean

I prefer using an IDE because it's faster

but like

@sonic totem

Wanted to see if it would paste the colours lol

now I probably can't use theos with zig

so I'll have to pack everything myself

makefiles 🔥

no

makefile language bad

its annoying to use but effective

https://taskfile.dev/

this better

https://github.com/opa334/ChOma/blob/main/Makefile

When opa wrote this I was lost

lol

u should see the one i wrote for a project that was for mac, windows, linux, bsd, ios, and android 💀

oh no

Please don't burn my eyes

asm was easier to read lmao

I imagine

lol

What are you trying to do

what should I call my tweak y'all

balls 2

no

L

it's a face id for ipad and older iphone tweak

that name makes no sense

I'll call it

meniscus

@tepid olive this is a good name

fr

just make it based on [[ball]]

self.subviews[1]

or you can PBUISnapshotReplicaView self.superview.subviews[1]

im assuming you would do that in layoutSubviews or something

idk how it works if youre in swift but yea

why do you need it ???

oh and ofc you need to check [subview isKindOfClass:[UIImageView class]]

get an uiimageview

like get the image from it ?

for uhh

yes i want to get the wallpaper

on ios 16

oh

you can just ceate a like UIImageView var and the UIImage for the UIImageView is just (the UIImageView).image = (UIImage)

well how do i hook a specific uiimage?

you dont need to

hook the VC above it

and it will probly have a property to get a referance to the UIImageView

whast the name of the VC ?

arent there multiple PBUISnapshotReplaceViews

that fine, you can do some trolling then

PBUISnapshotReplaceView

how many though?

PBUISnapshotReplicaView*

@sacred orbit

jus search PBUISnapshotReplaceView in flex

how many of them are there

3, two on same level, one is hidden an in a lower subview

ok

you can just hook it

now

does the one you want have a super View with a different class that the other PBUISnapshotReplaceView superview's classes ?

(do you understand that? ^)

uhh not sure how to check that

ok so in flex got to the PBUISnapshotReplicaView you want

and click the "superView" button

oh you can probably just hook the viewcontroller

this

which one

oh

k

and if i hook it what do i do

are there anymore of, on SB ?

like this?

nope

just this

single

ok

so go to it

and send a SS of its property's

there are 234 properties

actully nvm i can do it

it has UIView superview and NSArray subviews

hm

then ig just hook the PBUISnapshotReplicaView

and do a check to see if that instance of PBUISnapshotReplicaView's superView's class is PBUIPosterLockViewController

one sec i can wrtite it

%hook PBUISnapshotReplicaView
- (void)didMoveToWindow {
    if ([[[self _viewControllerForAncestor] parentViewController] isKindOfClass: %c(PBUIPosterLockViewController)]) {
        //your code goes here 
    }
}
%end```

now to get the image view

PBUISnapshotReplicaView has a UIImageView property so that makes it easy

for PBUISnapshotReplicaView, can you scroll to the bottom in flex so i can see like what its super class is

@sacred orbit

ty, lemme try it

blud thinks hes a developer

but ik how to do what he wants to do

so

50%

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:mi60K77Tk1eE/OAoZkdfiXfAKiVfm0pNtky2X7lGuKQ. Please contact your system administrator. Add correct host key in /Users/rayyankhnz/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/rayyankhnz/.ssh/known_hosts:1 Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. UpdateHostkeys is disabled because the host key is not trusted. root@localhost: Permission denied (publickey,password). [-] An error occurred

am i gettting hacked

i can't exit this fucking ramdisk smh

nah ur device chnaged that was on that ip

its like .ssh/known hosts

how do i exit the ramdisk though

delete the entry for the device/IP ur trying to ssh into

ok

uhh idk, iv never used ramdisk

no, just delete known hosts

i guess it compiled

let me check now

@torn cloud /Users/rayyankhnz/.ssh/known_hosts <- here

no

k

ssh and reboot or just force reboot

yeah this worked

cheers

it's not like it matters that much for a localhost device

i rigged it up to store localhost keys at /dev/null

too annoying

just trying to dump blobs istg

time to use derverser

@faint stag your time to shine

@acoustic imp and uhh how do i get the uiimageview

:3

i'm on rootful so it's fine

right, send me a SS of the PBUISnapshotReplicaView's like super class thing (its the thing at the bottom of flex)

use sshrd_scripts in built feature to do so

./sshrd.sh dumpblobs

they made an bash script to do it

ik

@sacred orbit ?

oh wait i got it

there is a uiimageview *_ImageView ivar

yep

derverser is easier to use imo

i'm on a11 and it's a pain to enter DFU

@sacred orbit do this instead of MSHookIvar -> #development message

use ideviceenterrecovery + any dfu helper

yeah i'll do that in future

now, how do i verbose boot without checkra1n

hmm

?

checkra1n -e VERBOSE=1

checkra1n isn't supported on my device though

iphone X 14.4

it is

well it's telling me otherwise

checkra1n is iOS 11.0-14.8.1

12.0

mb

but it still supports iOS 14.4

what does this say then

you have to use checkra1n 1337

the cli?

https://checkra.in/1337

ah ok

you can also go to options and enable verbose boot

as well as allow untested iOS version

still doesn't work

L

idk it's a skill based issue I have never had such issues

wait actually i need to make the launchd haxx before i verbose boot with checkra1n

false

it literally is deverser

?

it's deverser it just runs over ssh exposed via sshrd

derverser doesn't need to boot into dfu mode though

deverser is mode agnostic

and i don't want to press buttons because i cba

all it needs is access to /dev/rdisk1 or /dev/rdisk2 over ssh

uhhh

i've ran make

????????

how do i haxx

hmm

you don't

jkjk

wait this might be a dumb cxdxn1 moment

what are you Doing

like a really dumb one

https://github.com/cxdxn1/haxx/blob/master/launchd.c

i'm doing this

why???

because i'm testing something?

why else?

ok it was just an abrupt shift from blob dump

yes

i was dumping blobs just in case this fucks up my device and i have to restore

but on second thoughts, sep wouldn't be compatible

anyway it's checkm8 so i can just reverse changes with ramdisk

i mean deverser 2 just works

lol

v2 does implement a check for rootful/rootless
but in the event someone's using a ramdisk they should use rootful mode

wait @slim bramble i got checkra1n to work

i had to check skip A11 BPR check

yeah you're on a11

.....

on ios 14

BPR is gonna prevent you from booting with a passcode lmao

well

i checked allow untested ios versions and thought that would be enough 💀

well that option prevents checkra1n from warning

about versions

@sonic totem would i have to compile launchd.c into a binary, compile it into an executable, then transfer it on my device?

yes

it's going to replace the existing launchd

ah ok

now how do i create a ARM binary

i mean step 1 is using a mac or linux with a toolchain

i'm on mac yeah

you run make and it builds it for arm64

also yeah i'd assume there's a makefile

that's it?

https://github.com/cxdxn1/haxx/blob/c03169e8a376442d853bb76331cea51fdd643c74/Makefile#L7

yeah i did that

but it didn't give a output

define output

it gives you a file

in the same folder

wait i ran it again and now it gave me a binary

Yes

but won't this just replace fileproviderctl?

not launchd itself?

the instructions are in the readme

i'm not trying to replace fileproviderctl

these instructions replace fileproviderctl that's it

replacing launchd is different

yeah i have to compile a ARM binary i think

rename /sbin/launchd to /sbin/launchd.real
and then copy the launchd binary you built as /sbin/launchd

export CFLAGS="-isysroot $(xcrun --sdk iphoneos --show-sdk-path) -mios-version-min=14.0 -arch arm64"

repeat for ldflags

k

thanks

i'll try this if the other method doesn't work

also don't forget to make sure you chmod +x the new one

lol

yh

i used this to compile shells

combined with CPPFLAGS/CXXFLAGS/CCFLAGS where necessary

Go was different

the existing makefile has this in it

lol nice

just make launchd
though you might need to set your sysroot to an older one

since xcode (15) is gonna be latest sdk

true

get like

xcode 12 or 13

cc -Os -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS16.2.sdk -miphoneos-version-min=14.0 -arch arm64 -framework CoreFoundation -framework IOKit launchd.c -o launchd launchd.c:76:27: error: use of undeclared identifier 'FILE_TO_WRITE' int fd = open(FILE_TO_WRITE, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); ^ 1 error generated. make: *** [launchd] Error 1

i think 12 has the 14 sdk

see

i mean if you have theos sdks

yea get older sdk i think

just use theos ones

that has 14.5

not 14.7

damn

prob want the 14.7 one

technically shouldn't be an issue?

15.x would probably work fine though

yea but when you're compiling launchd...

it's not the real launchd tho

this will exec the real one

oh will probably be fine then

so i rename this launchd to launchd.real yh?

yes

iOS has NFS support?

why

third step is to copy the haxx binary to /sbin/haxx

yeah i'm doing that rn

wait do i have to make a folder called haxx

in sbin

no it's a binary

oh

i glitched

https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads

this toolchain looks good

you're on macos?

yh

you already have one with xcode

i don't think i have it installed

wait nvm i do

so i just do gcc -o launchd launchd.c

no

use clang

ok

also you need all the cflags

finally converted this function to swift myself :3
no cancel pls

    func didMoveToWindow() {
        if let ancestorViewController = target._viewControllerForAncestor() as? PBUIPosterLockViewController {
            //LunarClass().respring()
        }
    }
}```

there's more?

what

https://cdn.discordapp.com/attachments/688124600269144162/1189761389858930878/banned2.png?ex=65f26524&is=65dff024&hm=9ca58de9f8934f1c6cb275d7d3cc8cc16f47046b397e244513eccc5be8a8f413&

W

why yall have swift so much

i dont get it

ok
get the ios 14 sdk from apple

k

then you need to edit the makefile to have the target sysroot be that path

alright

shouldn't be too hard

then just make all

but this also assumes you have procursus ldid so that's another thing

i have ldid

from procursus

that matters

yeah i do

@faint stag it only shows xcode downloads when i search for the sdk on apple's developer downloads page

that reminds me i wanted to try procursus earlier on my mac

i have some time now

launchd.c:76:27: error: use of undeclared identifier 'FILE_TO_WRITE' int fd = open(FILE_TO_WRITE, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); where do i even define FILE_TO_WRITE

#define FILE_TO_WRITE "/path/to/file"

yeah i did something wrong didn't i

const char* FILE_TO_WRITE = "/tmp/apple/car/full/free/hd/no/scam/no/survey";

the path would just be /sbin/haxx right?

Idk

What is that open() call meant to do

No you’re opening the log file

attempts to open or create a file specified by FILE_TO_WRITE, if the file does not exist, it will be created

I would recommend learning the basics of C before you start doing this

If you have bad code it could screw up your device

uh

i learnt the basics of C almost 6 months ago now

is my code really that bad lol

No it’s just if you don’t understand this error then you may need more practice

ok

@acoustic imp I DID IT

LETS GO FINALLY

cool

untethered ????

shit my device is bootlooping

need pro edition

renaming launchd did something

damn how much

....yes now it can't find launchd lol

1 exploit

uh it's a checkm8 device

can i fix it

I got a BFU bypass once

but i can't reproduce it

like can i boot into a ramdisk and rename it back

ssh ramdisk and rename it back

k

pray to tim apple and he will give you iboot exploit

eta wen

buy apple vision pro and enter code TIMAPPLE to have the Tim Cook app preloaded

from there you can offer prayers to Tim which he may or many not grant

wait how do i go into dfu mode from here

nvm i did it

just... normally

yeah

do i mount filesystem

yes

k

cd /mnt1/sbin

mv launchd.real launchd

thanks

it's doing that thing again smh

where even is .ssh

thanks it's fixed now

@torn cloud /sbin/launchd must exist

@faint stag told me to rename it 💀

Yes but you can’t have launchd.real without having normal launchd

Otherwise how will the kernel know what to execute

on second thoughts that makes sense

man

lol

hmmmm it would have to be to one of these I think https://github.com/gardenfence/blocklist?tab=readme-ov-file#reference-servers

I guess I’m installing macOS anyways

It seems zig-objc needs macOS frameworks lol

It’s working!

@placid kraken u cheated

smh

wait nvm ur making a completly new slider

Ok now that I’m going to macOS

The options for swift and objc are there but I really wanna learn zig so

@placid kraken

@radiant idol would you be able to tell if a tweak hookfs C functions from the dylib ?

yeah look for MSHookFunction in ida

i dont have ida, but maybe with ur experience with like dylibs(str_patcher) you could make sm to look in a tweak to check

maybe

I guess you could also look in the symbol list to see if MSHookFunction is referenced anywhere

but then some tweaks might not have symbols

idk

basically MSHookFunction is the equivalent of %hookf

and

👍

MSHookMessageEx is the equivalent of %hook

and you woul see these int he dylib ?

like you could cntrl + f and see ?

well

no

you need to disassemble it

anyones, how would i like fix this, i tried going off flora prefs but that didnt work, so i just tried adding the property manually or what ever and now i get this

        [slider setValue:sliderNum animated:YES];
         ^~~~~~
         _slider
./CustomCells.h:30:40: note: '_slider' declared here
@property(nonatomic, strong) UISlider *slider;
                                       ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
```(theres more...)

.h @interface SixteenSliderCell : PSTableCell @property(nonatomic, assign) NSUserDefaults *preferences; @property(nonatomic, assign) PSSpecifier *specifier; @property(nonatomic, strong) UISlider *slider; @property(nonatomic, strong) UITextField *numLabel; @end

just wrote an arm64 C function hooking library in arm64 asm 🗿

why

speed

peak staturnz vibes

rewriting code just because

@native orbit I spent like 3 hours trying to figure out zig’s package manager lmao

Tbf, it’s really new so

#development message

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

LMAO

Oh no not again

yea it still aint the best yet

when arm64e hooking library with arm64e assembly

it does that to

oh nice

method hooking next

when function hooking without spinlocks

you ruined it

not funny anymore

mb

Hello world

what am I loooking at

springboard

what are you saying

idk, springboard says hi

you sound like mudsplasher

#jailbreak message

(i was inspired)

@placid kraken did u ever get this error ? or one like it ?

ohhhhhhhhhhh im stupid

sry fo ping

Stop copying me

You stole it

you have sent a total of 16,856 messages in #development
755 contain meaning 4.5% of dgh0st's messages were a fr

@indigo peak i need prefs help, what the like propery to no show the sliders value

in plist its showValue

no like if i make a UISlider

like slider.what = NO;

i couldnt fild anything in headers

by default it does not

iirc

it is tho

wait

i did it by having a separate UILabel with the value though that's probably a horrible way to do it

its a text cell and its the text

stupid me

.

thats how im doing it although its a UITextField, so its there for two purposes

can i do PSTableCell instead of like a text or button one ?

what

one sec im https://tryitands.ee ing

yes

but its little broken

and the text is still there 😡

for PSStaticTextCells is there a property to eddit the actuall text ?

also wheres the header for it

so none of these cells are actual classes

oh

theyre all types of PSTableCell

or smth like that

nothing in headers it seems

so theres

@interface PSTableCell : UITableViewCell
@property (nonatomic) NSInteger type;
@end

which holds the type

ah

typedef NS_ENUM(NSInteger, PSCellType) {
    PSGroupCell,
    PSLinkCell,
    PSLinkListCell,
    PSListItemCell,
    PSTitleValueCell,
    PSSliderCell,
    PSSwitchCell,
    PSStaticTextCell,
    PSEditTextCell,
    PSSegmentCell,
    PSGiantIconCell,
    PSGiantCell,
    PSSecureEditTextCell,
    PSButtonCell,
    PSEditTextViewCell
};

and thats the enum defining which cell is which

surprisingly i actully knew that

(bibi taught me)

which is why you manually create a switch like this:

PSSpecifier *someSwitchCell = [PSSpecifier preferenceSpecifierNamed:@"Enabled" target:self set:@selector(setPreferenceValue:specifier:) get:@selector(readPreferenceValue:) detail:nil cell:PSSwitchCell edit:nil];

you dont do like

PSSwitchCell *switchCell = [[PSSwitchCell alloc] initWithTitle:@"Enabled"];

i did ``` slider = [[UISlider alloc] initWithFrame:CGRectZero];

but ik what the num is behind it

where are you adding the switch cell

no switchcell

one sec

@hasty ruin save this man

also how would i set the sliders X to be like not in never never land

send him BBRSliderCell.m inshallah

Fuck now I gotta edit the stats 😪

#development message

@indigo peak why are you still awake

@indigo peak why are you still awake

british

good morning

🇬🇧🫶

Does anyone know what might be causing substrate to not work?

==> Compiling fishhook.c (arm64)…
==> Compiling mach_excServer.c (arm64)…
==> Compiling hook.c (arm64)…
==> Preprocessing Tweak.xm…
==> Compiling Tweak.xm (arm64)…
In file included from Tweak.xm:8:
/Users/bruh/theos/vendor/include/substrate.h:45:1: error: import of C++ module 'MachO.nlist' appears within extern "C" language linkage specification [-Wmodule-import-in-extern-c]
#include <mach-o/nlist.h>
^
/Users/bruh/theos/vendor/include/substrate.h:43:1: note: extern "C" language linkage specification begins here
extern "C" {
^
1 error generated.

yes this is a thing

try another sdk idk

Where do i get the sdk? Also do you think it might be an issue of the tweak? Because i didnt have it before, so another sdk makes no sense to me.

its obvious

another sdk makes perfect sense

because this is an sdk issue

How can i enable mute cc toggle ? I copied the default bundle from /system/..../ControlCenter and pasted it to /var/jb/library/ControlCenter but it did not work

I managed to enable it with CCModules tweak but it conflicted with ding tweak. I want it to not activate ding

Which was how it behaved before i needed to factory reset

@elder scaffold ?

🤨

?

caught skidding

I am never going to figure it out myself lol

meow

I think it's licensed

https://github.com/palera1n/openra1n

Not here

Still trying to get the payload generator to work

Somehow missing all the SRAM/VROM addresses

Wait these aren't even those addresses

W

lmao i actually discovered this yesterday

no it is openra1n

So it follows normal palera1n license?

Basically all I need to know is if I can use the stage1 generator in Achilles

i mean, original code is not there

https://github.com/mineek/openra1n isn't licensed either

and it is MITed

I will assume it is p1

Okay good

Thank you

it is also openra1n

Yes

.

Since the original is not openra1n, that license does not apply.

Oh

I just ported it there

Where's original code from?

Ohh is it ra1npoc or something

iirc yes

Oh yay it’s MIT

If I ever get it to work in Achilles I’ll be using it but will give credit of course

Yes I see it in ra1npoc now

I’m gonna reset my changes and start again but actually try and figure out how it works

I didn't even remember if I had it public yet because I was still updating it privately lol

😅😅

Well the openra1n commit I’m on (an older one) works fine

openra1n is based on gaster

ra1npoc is based on checkra1n

Yeah

But I’m talking about the JOP chain generator specifically

If you disassemble checkra1n, you will understand why
checkra1n hardcode only the payload body

I needed to understand the new checkm8 exploit chain

It was handling it a little differently than 0.12.4

Yea I was gonna give RE a go

Want to check out the exploit strategy in 1337

No USB resets

I rewrote the A6 checkm8 exploit in the 0.1337 method using ipwndfu checkm8 exploit

Yeah I saw actually

a6meowing 🔥🔥

I can use that to learn too

using demote & reset

But maybe porting it to Achilles would increase reliability

Demote?

after demoting, if you set pc=0 (reset vector) and start over, it will start again from the beginning of the ROM.

Oh I thought you meant you demote to exploit

But yeah lol that’s a good plan

I need a ‘special cable’

and enabling force DFU using breakpoint, can track the checkm8 exploit in a demoted state

Going back to 0 re-initialises the heap?

I think there is now a clean and legitimate one

I have a Tamarin but couldn’t get it to work with LLDB

iirc yes?

And no GDB for M1

oh

Maybe I should give it another try

Anyone knows how we can setup a repo to serve both rootful and rootless clients at the same time?

Oi is there an IPC library for rootless I didn’t see any updated

Checkout the palera1n repo they do just that https://github.com/palera1n/repo

does preferences registerDefaults setup the fallback values or does it override the current values?

like if i do

[preferences registerDefaults:@{
    @"floraPrimaryColor": @"#e8a7bfff",
    @"floraSecondaryColor": @"#d795f8ff",
}];
``` will it override the current colors when this code runs

Many thanks

even if they already exist

@crisp frost for Serotonin to support 17.à do we only need a KRW ?

Technically yes

But isn't there a 8% rate exploit

No

That one wasn't usable

oh smh

usable or not depends on skill

ok, where do i get one?

Skill your way around zones

bro I need help with my code

can anyone help

#import "ViewController.h"

@interface ViewController ()

@property (nonatomic, strong) UIImageView *airplane;
@property (nonatomic, strong) UIImageView *tower;
@property (nonatomic, strong) NSTimer *timer;
@property (nonatomic) CGPoint direction;
@property (nonatomic) NSInteger speed;
@property (nonatomic) BOOL gameover;

@end

@implementation ViewController

• (void)viewDidLoad {
  [super viewDidLoad];

  self.direction = CGPointMake(1, 0);
  self.speed = 0.5;

  self.airplane = [[UIImageView alloc] initWithFrame:CGRectMake(50, 50, 20, 20)];
  self.airplane.backgroundColor = [UIColor redColor];
  [self.view addSubview:self.airplane];

  self.tower = [[UIImageView alloc] initWithFrame:CGRectMake(200, 200, 20, 20)];
  self.tower.backgroundColor = [UIColor greenColor];
  [self.view addSubview:self.tower];

  self.timer = [NSTimer scheduledTimerWithTimeInterval:0.01
  target:self
  selector:@selector(moveAirplane)
  userInfo:nil
  repeats:YES];
  }

• (void)moveAirplane {
  if (!self.gameover) {
  self.airplane.center = CGPointMake(self.airplane.center.x + self.speed * self.direction.x,
  self.airplane.center.y + self.speed * self.direction.y);

    if (CGRectIntersectsRect(self.airplane.frame, self.tower.frame)) {
        NSLog(@"Game Over");
        self.gameover = YES;
        [self.timer invalidate];
    }
  

  }
  }

• (void)touchesBegan:(NSSet<UITouch *> *)touches withEvent:(UIEvent *)event {
  UITouch *touch = [touches anyObject];
  CGPoint touchLocation = [touch locationInView:self.view];

  if (touchLocation.x > self.airplane.center.x) {
  self.direction = CGPointMake(1, 0);
  } else {
  self.direction = CGPointMake(-1, 0);
  }
  }

@end

no ones going to help until you send it as a code block

i have tried everything

k

give me a second

Bro i need to download code blocks

wha

bro

send your code like that

oh

with ```objc

on the top

i actually never knew how to do that

that's cool

and ```

just a screen capture then?

on the bottom

bro

no

bruh

springboard keeps crashing anyone know how to fix this

bo what is a code block

i told you

you type:

code here...

but all in one message

code here...

Okay Fiore

Is it true that running binary as TL8/in loaded trust cache is not possible with just a PAC bypass

''' Code here... #import <Foundation/Foundation.h>

int main(int argc, const char * argv[]) {
@autoreleasepool {
// Generate a random number between 1 and 100
int randomNumber = arc4random_uniform(100) + 1;

    int guess = 0;
    int numberOfAttempts = 0;
    
    NSLog(@"Welcome to the Guessing Game! Try to guess the number between 1 and 100.");
    
    while (guess != randomNumber) {
        printf("Enter your guess: ");
        scanf("%d", &guess);
        
        numberOfAttempts++;
        
        if (guess > randomNumber) {
            NSLog(@"Too high! Try again.");
        } else if (guess < randomNumber) {
            NSLog(@"Too low! Try again.");
        } else {
            NSLog(@"Congratulations! You've guessed the correct number in %d attempts.", numberOfAttempts);
        }
    }
}
return 0;

} '''

wrong quote

wrong symbol

not ' its `

@ornate kernel are you on mobile or computer

balls

i never thought id have to send this before

https://www.wikihow.com/Format-Text-as-Code-in-Discord

if you somehow mess up after a wikihow guide you need to go back to 3rd grade

Yes

PPL bypass needed

computer

Is manually crafting a csblob still possible with just PAC or something in PPL hardened it?

I remembered it was possible to craft your own cs_blob and invoke the PPL tramp to register the blob with PPL pre-iOS 15

sample

But PPL gained a lot of functions/checks in iOS 15

oh

i get it now

alr

give me sec

Wdym “manually craft a csblob”?

Is there sm file or tweak I can use to make me iOS 16 iPad think it’s an iPhone ?

POV hex edit

It involved kalloc and filling out a csblobs manually

Oh no I believe csblob is PPL-protected

I think

:tryitandsee:

@timid furnace ?, I saw sm on someone’s twitter about about this

Get me a PAC bypass then

ah

true.

uh I don't understand the purpose of adding a csblob to your own thing or why a PAC bypass is needed

Chimera used to kcall to register it with PPL but idk if PPL did anything to sanitize/revalidate the blobs you give

I doubt that's still possible

But I don't really understand what you mean...

i just got banned from legacyjailbreak for scamming people

wtf

@radiant idol do you program in English ?

legacyjb is weird

it's a blessing really

Do you know if it’s possible to run unsigned code exec with PAC but not PPL bypass

no, he codes in Hebrew

I always assumed trust cache works but seems that PPL got more robust

basically the buyer paid me but the money is on hold

so i said i would send the item as soon as i got the money

Unsigned? No

then i got banned

All code has to be ad-hoc signed at least

lol

Trustcache is protected by PPL

well it's related to the dock so my best guess is atria

alr

I mean just invalidly signed

@indigo peak 🎉

W

(send code. i need)

It’s basically just floras

Oh no it must have a valid code signature

Unless you have a KTRR bypass

it'll just get killed if the signature is invalid
you'd need to bypass coretrust then

Do you mean the code signature is literally invalid, or its not signed with a valid cert?

https://github.com/acquitelol/flora/blob/main/Preferences/Cells/FloraSliderCell.m

sick

uh

trollpad?

Where’s that

GH ?

used like

<dict>
    <key>cell</key>
    <string>PSStaticTextCell</string>
    <key>cellClass</key>
    <string>FloraSliderCell</string>
    <key>default</key>
    <real>0.40</real>
    <key>key</key>
    <string>floraSaturationInfluence</string>
    <key>label</key>
    <string>Saturation</string>
</dict>

Like adhoc or expired dev certs

expired is well, expired
would still get killed for codesigning

I did, but I need it like the other way around iPad -> iPhone but I can robot mess with it it’s OS

other than the text input you can make that with stock specifiers

https://github.com/NightwindDev/Preference-Bundle-Example?tab=readme-ov-file#psslidercell

PSSliderCell

How dumb do you think I am 😭

L

does anyone know of a working vnc server for iphone lol

https://github.com/EthanArbuckle/vncforios

Screendump

this one is just black screen

broken

on 16

oh

Like wdym

crash

ad-hoc needs trustcahce injection

expired dev cert I don't think you can get away with in 16+

Actually Taurine/unc0ver used it

wait
so you're telling me that ct didn't actually care until later versions

but they have frontboard check expirations lmao

No

If CoreTrust verification fails, the binary isn't rejected

It just goes back into kernel code and has its certificate checked iirc

Example: developer certificate

XORG ON IPHONE

when are we getting wayland

smh

????

why we got all the brainrot whitenames in development

no spanish

No, Nightwind uses 1C enterprise script

ИгорСтр

what the hell

ИтогСтр

ой

да

Igor

я прочитал это как имя Игорь

SMH

crapple

inshillah we shall find this bug 🙏

rosie moment

go write cursed code again

1984

OOP

show me one instance where my code is cursed

trolley~3

react

??????

smh

True

seems like icraze isnt the only 1984 simulation in development

I mean that's icraze's code

true

bismillah

I no longer need to do that

mods do it for me

Dms are still free

can’t Dm if blocked

You can actually mix Russian and English

if i dm nightwind something he would delete in development would i get blocked

bro bribed the mods with nexus codes

skill issue

shall we test it

Yes

ETA 30s

Rune source code leak

about to make rune 2 with that source code leak

(This was the fix to your bug)

oh

skull

GH mobile app

Just disassemble rune

can’t, the drm is filler of 90% of the tweak

Can't make the same joke about 16Player as it is already OSS

Ask icreze for drmless rune

It’s real

@hasty ruin ? (i don’t even own rune i lied about decompiling it)

He blocked you ?

dw i will send everyone rune and nexus debs

nope

i own nexus

i was gifted it

If u not on the github app wyd

Cursed c++

the notes app is better

Fuck c++