#development

lol

Oops

macOS RC then

any guesses for when 17.4 release will... release

Okay time for me to do my maths homework

Next Tuesday

quoting you on that next tuesday

bet

"Alfie internal apple leaker"

No like, it released last week
17.4 final could be today

Stay quiet and I'll get you your TSS private key

I’m joking!!! Do what u want I’m just being a silly guy!!!

Trying to frame me

No haxx for you

Just hrtowii

lol

Selling a CoreTrust bypass

$50

Real

throw in some extra 0s in there

No it's the #development discount

best i can do is ten nexus licenses

No one be haxxing more than me

Prime Linus 🔥

You are monetizing our CT bypass now

"our"?

yeah it's mine

💀

fr

i'll believe it when i see it

Bypassed fr

imagine decryption without having to read memory

ez

need kok3shi9 v5.0

isn't that what clutch do but for ipa ?.

The oct in Nocturne stands for BINARY

YES!

I’m nb tho 🧐

eta wen TSS key leak

i need

tss cool and all

but imagine iboot

exploit

unpatchable

Quite literally the opposite

TSS key leak is unpatchable

iBoot exploit is very patchable

also a disaster

the key is used to sign firmware ye?

Fr

Correct

ok but what if they just

change the key

they do it, then what

your phone still takes the old one

why

how does your phone know which key to accept

it asks apples server

is what i'd assume

nope

you ask the apple server to give you an apticket, signed with the key

oh

if you're able to sign it locally, why'd you need the apple server?

but what about activating the device

nvm

nothing stops you from doing it

@lyric heron key is defined in the ROM

So you can’t change it

If that was the case you could very easily proxy it and send back a controlled key

but the key is quantum resistant

or smt like that

right

Idk for sure

no

not that one

so that means

wait why is it not resistant

but blobs for A10+ are

Apple ask you not to disclose anything while it’s being reviewed afaik @torn cloud

So I wouldn’t send stuff here

my bad

also i fixed krw.c and compiled it, should i send them the executable?

or is there no need

Does it work?

can't test it

i mean they can probably compile it themselves so there's no need

ok guys

I have a question

https://github.com/xamarin/xamarin-macios

will this

work for tweaks

bro went from haxx to tweak dev

meanwhile I’m getting my first CVE

(maybe)

cool

what kind of exploit? 🤔

I’m gatekeeping it

shell execution bug in macOS

oh cool

currently getting reviewed

congrats

idk if it’ll get me anything

cheers

$20 and a kinder bueno

(Spoiler: it takes months)

💀

please tell me you’re joking

I’m really not

my ass cannot wait that long in anticipation

https://media.discordapp.net/attachments/897744969769549875/1186559098557321216/Toki_Speed.gif

fingers crossed

It either gets closed after a week or so, or stays in review for months

wait if it’s in review for months is that good

like is that a sign they want to give you the bounty

or will they pull a uno reverse at the last second and close it

No

what does the shell execution bug actually achieve

nothing

it’s a bug

They fix the issue, post security notes and then put it into bounty review

can you get krw or something

I wouldn’t get your hopes up

not a actual part of the kernel, I’ve made a PoC but I doubt it works

If it can’t do any substantial damage to a system, they won’t shell out

apple should implement a gatekeeper and sip protection system like macos but for ios

They do

at least I’ll have a CVE in my name right?

It’s called “you can’t install IPAs from the internet”

why cant you disable it like you can on mac

That’s assuming you even get a CVE

alfie grab my free code

yh

before it's too late

https://tenor.com/view/xqc-linux-aplay-urandom-random-gif-26003711

shouldn’t get my hopes up ig

mashalllah

what does this do

They tend to be pretty steep unless you can provide an actual exploit for iOS/macOS

@native orbit ```
rror: undefined symbol: _sel_registerName
note: referenced by /Users/sora/Tweaks/meniscus/zig-cache/o/ec050c1003f5e17e559dc37b2094e3e1/libmeniscus.dylib.o:_sel.Sel.registerName
error: undefined symbol: _objc_getClass
note: referenced by /Users/sora/Tweaks/meniscus/zig-cache/o/ec050c1003f5e17e559dc37b2094e3e1/libmeniscus.dylib.o:_class.getClass
error: undefined symbol: _objc_msgSend

Or show that it could be used harmfully

#import <objc/runtime.h>

it's zig

L

well if this doesn’t get me shit then I guess it’s time to read Siguza’s guide on ARM assembly and reverse engineer the whole kernel

Man why are u using zig

I like zig

just be self taught prodigy

Trying to learn a new language

iPHONE ULTIMATE EXPLOIT 2024 FOR TODAY ROOT FLEXING ARM 💪 💪 💪 BIG VULNRERABILITY CAN HACK NEW JAILBREAK 2025 OPA334 ALIFECG R/JAILBREAK 😍 😍 😍 😍 😍 😍 😍 KERNEL READ WRITE NOT FAKE

iPHONE ULTIMATE EXPLOIT 2024 FOR TODAY ROOT FLEXING ARM 💪 💪 💪 BIG VULNRERABILITY CAN HACK NEW JAILBREAK 2025 OPA334 ALIFECG R/JAILBREAK 😍 😍 😍 😍 😍 😍 😍 KERNEL READ WRITE NOT FAKE

easier said than done

Is this a good idea

iPHONE ULTIMATE EXPLOIT 2024 FOR TODAY ROOT FLEXING ARM 💪 💪 💪 BIG VULNRERABILITY CAN HACK NEW JAILBREAK 2025 OPA334 ALIFECG R/JAILBREAK 😍 😍 😍 😍 😍 😍 😍 KERNEL READ WRITE NOT FAKE

erm copy pasta

mods ban

what is that word at the end

cy

pwn

piracy

just takes 6+ years

mods

Filter bypass

mods ban

at least I’m starting early ig

people are saying mods ban

mods should ban for that

Focus on the main point 💀

fr

mods should ban you

what did i do

nyapink~5

be you

oh

https://tenor.com/view/gus-gus-sus-giancarlo-esposito-gif-23328188

Worth it if you start earning the big bucks

true

ive earned at least $0.99 from flora !!!!!

can you buy me a 300 lira gift card

false

you’ve earned more than that

elon musk is giving a generous $7 to help children in need

98 cents

elon musk is giving a generous $7 to help children in need

No why lol

technically not false i said at least

flora is on the front page of havoc lol people are gonna be buying that shit

more money in breaking shit apart than creation

so true

Break this IMG4 parser apart Cryptic

true

to spend on turkish products

i'll give you 5 usd so you can buy a house with it

Oof

didn’t Linus henze get like something in the 6 figures for finding the fugu15 bugs

Alfie do you have an insight

no idea

REAL

Don’t do it

Easily

that man is talented

An entire exploit chain + a code-signing bypass + two installd bugs

I wonder how he did it

At least 300k

wizardry

Probably more

do a Cimport for objc/runtime.h, and link with CoreFoundation

not spending 20hr/week on discord probably helps to boot

Fair. Probably takes a lot more than a tweak to fix icon cache monstrosity

Isn’t BootROM exploits like 1mill

true

truest thing ive heard all day

Apple don’t do bounties for bootrom exploits anymore

other companies do

It will bootloop you

Thought I saw one cyber company buying them for 2mill

More

i have biology revision to get to have fun doing nerd stuff guys

Well

Depends on the BootROM exploit

3mill *

Untethered

Really ? Cant tell if its a joke or not 😄

IMG4 bug people would pay 10+ million probably

10 mil

DANG

now it's saying tis

Yes a corrupted icon cache will bootloop you

pub usingnamespace @cImport({
                   ^~~~~~~~
/Users/sora/Tweaks/meniscus/zig-cache/o/f65250e61f5993ba877ba09a113faf26/cimport.h:1:10: error: 'objc/runtime.h' file not found
#include <objc/runtime.h>
         ^

it’s a guess

I wonder why theres no cve's for rom/iboot

It’s fixable with a Find My restore

Apple trynna keep it shush 🤫

lib.linkLibC();
    lib.addFrameworkPath(.{ .path = "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/" });
    lib.addLibraryPath(.{ .path = "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/lib" });
    lib.addSystemIncludePath(.{ .path = "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/usr/include" });
    lib.linkSystemLibrary("objc");
    lib.linkFramework("Foundation");
    lib.root_module.addImport("objc", objc.module("objc"));```

not sure why tho

Apart from that one bzero bug from 14.0(?)

gooning

Apple want to discourage people from finding them and exploiting them ig

That wasn’t even a CVE even

Yeah i have already went trough that i was just wondering if that tweak i sent could be a precaution against it happening once more.

How much is a untether like Fugu14

Which isn’t a BootROM

Afaik like 1mil

500k?

Ahh

No not 1mil

800k

If Fugu14 was 0click it would be 1mil

I’d say 400-500k

checkm8 got a cve

there's a way to make it 0 click

;P

Couldn’t it have been? If others worked on it more

NSO hello

Persistence + 100% success rate kernel exploit + PAC/PPL bypass

Yeah, we were talking about it a few weeks ago

i actually mean it

iCrazeWare™️

iCrazeWare™️

You should tell me in dms ngl

the chain exists and is weaponized already

No I’ve seen it I think

iCrazeWare™️

I saw some demo video

Yep

Don’t install

Do NOT tell this guy

https://twitter.com/jeffssh/status/1690845469495132160/video/1

Alright thanks 👍

Yeah that’s NSO

That’s the one

Did the blog post ever release

I thought I remembered seeing one on device before

Uh oh…..

@slim bramble paid? https://x.com/bibifiredev/status/1764779018660811101?s=46

Uh oh…..

Uh oh……

Yes

In the precipitation I forgot to tag @acoustic imp

Gonna have to refund the last 16player tweak I got then….

W

Tesla sent images

Is there an option to not have the blur?

Yes

It does not work for me tho

I have a drm test version

Ask @acoustic imp

Could I test?

I don’t have the build rn

And we have bunch of testers

Fair fair

6 testers and 2 devs

Can’t wait then, congrats though on the future release!

Thanks

Also

Uh oh……

Uh oh…

forcedentry

I can't

A

stop doing weird shit and just use objc or swift

no

no swift

Sir, you can now leave this server

no

🤓

@native orbit can't get it work

wtf

it works if I use the macOS SDK

going to force feminize you specifically

hbd big man

hbd big man

hbd big man

pussy in bio

feet in bio

hbd big man

cock in bio

@hasty ruin wants it

Fr

No

Wait

wha

wtf he's really gone

. @acoustic imp

i repsonded in dms

ok here is 9000 dollars

he just asked if he could turn off the blur

@frosty gale

Banger

This is what it can look like minimized

looks good

Thanks 👍

awaiting the 50,000,000 safemodes that will happen on release (its inevitable)

jade

It’s iOS 14/15

flora nexus

(It won’t trust)

where airply/device selector button?

im pretty sure flora has safemoded a lot less than you think

(we'll see)

My drm is too fire to safemode

Can't wait for all the bootloops

0 times 💪

the drm:

if (!base64decode(key).isValid()) {
    bootloop();
}

@hasty ruin is rune suposed to be dismissible on the LS ?

Hidden 👍

It’s way more complex than you think

this should be equivalent to __attribute__((constructor)) according to mach-o format

const __init linksection("__DATA,__mod_init_func") = init;
export fn init() void {
    const NSString = objc.getClass("NSString").?;
    var StringInst = NSString.msgSend(objc.Object, "alloc", .{});
    StringInst = StringInst.msgSend(objc.Object, "initWithUTF8String:", .{"TEST"});
}

And a lot more safer than you think

that's what i thought too

flora literally hooks UIColor what issues could that possibly cause

yet here we are

if(goingToSafeMode()) { 
  dont();
}```

reeal

@radiant idol does this work for the version of jade I use

who knew there could be so many issues with a simple UIColor hook

of all things, fucking chinese handwriting keyboard crashing apps

At least I’d be cool if my drm doesn’t safemode

It shouldn’t

dissapearing now *

(iCrazeware stolen code)

No

i got do HW 😭

"shouldn't" !!!!

can never be sure

It’s icraze stolen code

*Only available in certain regions, must be 18+, must have a valid credit card, contact your doctor before using this product

i believe you but consider getting people to test it on a variety of devices, ios versions, and bootstraps

not that i can use it anyway im on ios 16

We have 6 testers

all on dif devices, prettymuch

And I have a few devices on different versions

are they on different bootstraps

it should delete icrazedrm files so the nexus always bootloops

dopa, u0, tarine, palera1n

Everyone uses procursus ngl

ok that's good i guess

do you have any on iPadOS 14.8.1 with an iPad air 4 with Taurine or an iPad 5 on iPadOS 14.8 with unc0ver or an iPhone 6s on iOS 15.7.4 running dopamine

No typo speedrun any%

if your not using procursus and your on like iOS 13+ what are you doing?

no ios13 support

there

the player is completly dif anyway

Didn't odyssey use procursus?

and ododysseyra1n

im not the person to ask

Most likely

z

z

Binger is dead

z

z

yeah

is there even a non procursus strap above 14?

does xina not use procursus

maybe checkra1n's stap

roothide

Non procursus users are weird ngl

does it go above 14?

ios13 bootstrap

EWWWWWWW

roothide uses procursus

EWWWWW

they used to not use procursus

I think

Roothide goofy anyway

fork of procursus but its still procursus

tbf I use not procursus on my iPhone 7

real

#use a real JB

my iPhone Xr runs unc0ver

Ewww

what iOS?

my iphone runs ios

(it’s the only jailbreak for iOS 12.4.1)

L

unc0ver on iOS 12 is acceptable

it’s honestly good

Undecimus

I have Sileo installed and the exploit doesn’t fail a lot

Is there a way to get internal settings like that one misaka tweak. (Which didnt work for me at the time btw)

checkra1n

A12

Physpuppet never panicked me

jade i think @radiant idol

you just said 12.4.1

on an iPhone Xr

which is A12

What 💀

are you stupid

ohhhh

onesettings mb

lol

checkra1n is still a jailbreak for iOS 12.4.1 though

true

yes I figured out a way, it's in beta though @orchid fulcrum

not released yet

How 2 get one settings beta ?

n0

Oh okay i can test if you need

I have not told you, but like follow retweet

@BibiFireDev on Twitter fr

hes not

(That’s why I’m asking lol)

I have already convinced 1 Brit

Or i would also love to know the way if u are willing to share

yeah before procursus became procursus it was a coolstar thing iirc

he actully ameraninian 🤓

I’m talking about the other Brit

Who makes bootloop common

ah

ah

tbhey should make procusus for 32 bit devices

procursus for ios 7

this

and the old apple tv

@acoustic imp can’t believe you typo’d

Go check Twitter

oops

💀 you gotta double check

yea i havnt checked yet

as i said, im doing HW atm

ok so

I have the base of my tweak

now what

TELL ME

GRR

what

what

wahatg

why not rune's

drop me the

rune drm files

‘sir

please

I just thought of a website to make

“Drop me the ____” generator

and it just uses Nathan’s image and just replaces the text

with whatever you enter

I need simple tweak idea

now

I'll do simple tweak

then complicated tweak

respring button in lockscreen when you hold the power button

disable instagram reels

theres a tweak for that already

where

i need it

idk

lmao

https://github.com/BandarHL/BHInstagram/compare/main...asdfzxcvbn:BHInstagram:main

squidgesture

fire tweak

remake it without looking at thr source ig

¯_(ツ)_/¯

it's closed source so no need

apparently respring isnt an action tho

kinda cringe

u can set it to open an app though and then set it to a respring app, almost works

🔥 🔥 im going to pr removal of the option from the menu bar

cephei has a function

oh you can set it to shortcuts in squidgesture

then just make a respring shortcut

ez pz

any other suggestions?

make a tweak that moves notification banners to the bottom of the screen 🔥

that sounds

weird

lmao

use lower

lower

whats that

it does exactly what u said

moves notif down

is it for ios 16?

no 15>

pog

link?

cant find

its like not what ur thinking of tho lol

lol

16Player has peices of it in it

where it at

LS config page

but only when media is playing

i mean like notif banners

ohhhh

nvm then

so they show up at the home bar location instead of the top

im blind ....

oh I see what you mean

sure why the fuck not

shouldn't be too hard

it exists for ios 14 but not 15 or 16

ill send u 49 cents USD if u make it

nah

I'll just make it completely free

lolol

no hidden costs™️

Starts playing media, thinks 16Player will show up

Nope

L drm

is there a term command to go into safemode

-SEGV?

killall -SVGE SpringBoard

yea

thx

-SEGV

i always forget

@lean ermine just send me a notification rq

ping me

or someone

actually

I canping myself

@tepid olive

that didn't work

use shortcuts

just make notification pop up after 3 sec delay

how

one sec

i have one alr

figured it out

damn.. i was about to send my icloud shortcut exploit link...

lol

i believe there is an open source tweak for ios 14 that does the notif at bottom thing

Lower… wtf is this

seems not open source

idk im about to leave work so im gone for like half an hour

how do I make it

not go away

when I press it

uhh

what

nvm

make sure ur doing the normal show notification one not the popup option or whatever the other one is

wait wdym

like this one

yeah

alr

@native orbit how do I find the selector for a method that isn't in apple's documentation

can you dump headers of an app ?

yes

but I need the selector

the objc runtime selector

uhh so it need tweak injection ?

???

like the app cant have JB detection

I'm confused

I don't think you understood my question

i wana dump headers for clash royal wich has a JB bypass

probly not

wym

The selector string

Like

“initWithUTF8String:”

does anyone know how to build an update for trollstore that i made? i installed brew and the libarchive thing and its failing with

nroot@localhost:~/TrollStore/TrollStore$ make
> Making all for application TrollStore…
==> Copying resource directories into the application wrapper…
==> Compiling TSAppInfo.m (arm64)…
In file included from TSAppInfo.m:1:
/home/nroot/TrollStore/TrollStore/TSAppInfo.h:9:9: fatal error: 'archive.h' file not found
#import <archive.h>
        ^~~~~~~~~~~
1 error generated.
make[3]: *** [/home/nroot/theos/makefiles/instance/rules.mk:278: /home/nroot/TrollStore/TrollStore/.theos/obj/debug/arm64/TSAppInfo.m.596e176a.o] Error 1
make[2]: *** [/home/nroot/theos/makefiles/instance/application.mk:50: /home/nroot/TrollStore/TrollStore/.theos/obj/debug/arm64/TrollStore.app/TrollStore] Error 2
make[1]: *** [/home/nroot/theos/makefiles/instance/application.mk:41: internal-application-all_] Error 2
make: *** [/home/nroot/theos/makefiles/master/rules.mk:146: TrollStore.all.application.variables] Error 2

@naive kraken the tutorial on your github is extremely vague could you help me out here to try and compile or maybe say how you do it?

i cant seem to build libarchive to get the .h file

it should build automatically if you have libarchive installed through brew

this is not needed

brew shell --prefix or something is in the makefile

yes

-I$(shell brew --prefix)/opt/libarchive/include

Hey @grave sparrow. Do you know how to MSHookMemory / patch instructions?

isn't it self explanatory

Cool, a buddy of mine is a little frustrated with getting a bypass working. He isn't in the server right now and wanted me to ask for him but I will have him join and hit you up.

Oops that’s me I’m here now

yes

gameseagull mshookmemory go CRAZY

oh you could have talked to fiore @icy escarp

captgpt

jit trippin

People be hooking memory and i still cant hook classes 😦

https://github.com/donato-fiore/GameSeagull/blob/main/Tweak.x#L604-L612
🥱

me

the god

no you didnt

💀

it was scoob

i miss scoob too :c

who scoob?

ultra mega cool guy?

luz

genuinely a good guy

How do I hook functions by address on rootless? Is that possible

I just want to patch out some memory address

A wee tad bit of control flow tampering

uhhhh just uh

find the cmp

and just

nop

Yeah it ain’t working for me

One sec

I got an example

^

nop conditionals master race

https://github.com/WyattGahm/UKGBypass/blob/main/Tweak.xm

This worked on unc0ver

unc0ver mentioned

bro why am i getting filtered in #development

1984

skill issue

That control flow didn’t know what hit it

uh try D65F03C0 instead

Oh no the comment is wrong it’s a different instruction whoops

Like I said this used to work but it doesnt

frfr

In the snippet I sent I feel like I got it? Still confused

It hasn’t worked on dopamine 2, tried patching several apps

@grave sparrow whats the difference in

offset + _dyld_get_image_vmaddr_slide(0);

and

(void *)((unsigned char *)_dyld_get_image_header(0) + offset);

Yes I’ve pulled addresses from ida and binja, using dopamine 2, patch was assembled using armconverter.

armconverter my beloved (not a fan of the UI change)

Hehe

mhm

makes sense

ty

makes sense

When I’m in binary ninja the subroutine names and addresses are static right?

just make a patch finder

Shit you’re right

https://github.com/donato-fiore/GameSeagull/blob/main/Utils.m#L5-L26
https://github.com/donato-fiore/GameSeagull/blob/main/Utils.m#L50-L59
https://github.com/donato-fiore/GameSeagull/blob/main/Tweak.x#L604-L611

fioreware

this is an amalgamation of a bunch of projects (not my own) put into 1 lmao

https://media.discordapp.net/attachments/688121419980341282/1139608104447791256/capt.gif

Gameseagull fire

GameSeagull got open sourced?

its been open sourced

for years

I still suck at 8 ball with game seagull . would not buy 0/10

???

fym

cant tell if youre trolling rn

its been opened source since v1.0.0

@sonic totem https://github.com/donato-fiore/GameSeagull/tree/a9d6a6f4b73effe7fbce77458aff5a0fe4d5b6fe

may 8th 2021

I thought you said you didn’t want to release the binary patches

thats the trollstore version

I see

Interesting

Omw to fork GameSeagull and release GameSeagull2 @indigo peak

gameseagull 2 technically released

https://github.com/donato-fiore/GameSeagull/releases/tag/2.0

Okay then GameSeagull3

https://x.com/thekitze/status/1764733415155523814?s=20

ive never heard of this, what is it?

^

fr

yeah that worked but now its saying this

nroot@localhost:~/TrollStore$ make -C ./TrollStore FINALPACKAGE=1
make: Entering directory '/home/nroot/TrollStore/TrollStore'
> Making all for application TrollStore…
==> Copying resource directories into the application wrapper…
==> Compiling main.m (arm64)…
==> Compiling TSAppDelegate.m (arm64)…
==> Compiling TSAppInfo.m (arm64)…
In file included from TSAppInfo.m:2:
/home/nroot/TrollStore/TrollStore/TSCommonTCCServiceNames.h:10:48: error: initializer element is not a compile-time constant
static NSDictionary* const commonTCCServices = @{
                                               ^~
1 error generated.
make[3]: *** [/home/nroot/theos/makefiles/instance/rules.mk:278: /home/nroot/TrollStore/TrollStore/.theos/obj/arm64/TSAppInfo.m.0b72d69c.o] Error 1
make[2]: *** [/home/nroot/theos/makefiles/instance/application.mk:50: /home/nroot/TrollStore/TrollStore/.theos/obj/arm64/TrollStore.app/TrollStore] Error 2
make[1]: *** [/home/nroot/theos/makefiles/instance/application.mk:41: internal-application-all_] Error 2
make: *** [/home/nroot/theos/makefiles/master/rules.mk:146: TrollStore.all.application.variables] Error 2
make: Leaving directory '/home/nroot/TrollStore/TrollStore'

your toolchain is probably too outdated

i literaly just installed theos on my linux server

I mean clang or whatever

apt update?

no clue

why is theos packaging my framework to /var/jb/var/jb...

just for fun

Show makefile

uhmm

it was this initially: ```TARGET := iphone:clang:latest:15.0
ARCHS = arm64 arm64e
PACKAGE_VERSION=1.0

include $(THEOS)/makefiles/common.mk

XCODEPROJ_NAME = Lottie

ifeq ($(THEOS_PACKAGE_SCHEME), rootless)
Lottie_XCODEFLAGS += SWIFT_ACTIVE_COMPILATION_CONDITIONS="ROOTLESS"
Lottie_XCODEFLAGS += LD_DYLIB_INSTALL_NAME=/var/jb/Library/Frameworks/Lottie.framework/Lottie
Lottie_XCODEFLAGS += DYLIB_INSTALL_NAME_BASE=/var/jb/Library/Frameworks/Lottie.framework/Lottie
else
Lottie_XCODEFLAGS += LD_DYLIB_INSTALL_NAME=/Library/Frameworks/Lottie.framework/Lottie
Lottie_XCODEFLAGS += DYLIB_INSTALL_NAME_BASE=/Library/Frameworks/Lottie.framework/Lottie
endif

Lottie_XCODEFLAGS += DWARF_DSYM_FOLDER_PATH=$(THEOS_OBJ_DIR)/dSYMs
Lottie_XCODEFLAGS += CONFIGURATION_BUILD_DIR=$(THEOS_OBJ_DIR)/

include $(THEOS)/makefiles/xcodeproj.mk

after-stage::
ifeq ($(THEOS_PACKAGE_SCHEME), rootless)
mkdir -p ./.theos//var/jb/Library/Frameworks
cp -r $(THEOS_OBJ_DIR)/Lottie.framework ./.theos//var/jb/Library/Frameworks/Lottie.framework
else
mkdir -p ./.theos//Library/Frameworks
cp -r $(THEOS_OBJ_DIR)/Lottie.framework ./.theos//Library/Frameworks/Lottie.framework
endif

before-all::
rm -rf $(THEOS_STAGING_DIR)/Library/Frameworks/
rm -rf $(THEOS_OBJ_DIR)
rm -rf $(THEOS_STAGING_DIR)/var/jb/Library/Frameworks/```

wheere it go

Oh

It back

yeah sorry i messed some things up

it's prob because of the after-stage, however when i remove after-stage and before-all and then run make, the deb is just empty. the theos staging dir also only contains the control file and not any other contents

It took me 1h to realise I sent requests async and that’s why I couldn’t pass the data on to the main thread 😭

A shame I can’t redact that ngl

now im getting

nroot@localhost:~/TrollStore$ make -C ./TrollStore FINALPACKAGE=1
make: Entering directory '/home/nroot/TrollStore/TrollStore'
> Making all for application TrollStore…
==> Copying resource directories into the application wrapper…
==> Compiling TSAppInfo.m (arm64)…
TSAppInfo.m:971:31: error: use of undeclared identifier 'commonTCCServices'; did you mean 'CommonTCCServices'?
                                                NSString* displayName = commonTCCServices[serviceID];
                                                                        ^~~~~~~~~~~~~~~~~
                                                                        CommonTCCServices
/home/nroot/TrollStore/TrollStore/TSCommonTCCServiceNames.h:3:15: note: 'CommonTCCServices' declared here
NSDictionary* CommonTCCServices() {
              ^
TSAppInfo.m:971:48: error: array subscript is not an integer
                                                NSString* displayName = commonTCCServices[serviceID];
                                                                                         ^~~~~~~~~~
2 errors generated.
make[3]: *** [/home/nroot/theos/makefiles/instance/rules.mk:278: /home/nroot/TrollStore/TrollStore/.theos/obj/arm64/TSAppInfo.m.0b72d69c.o] Error 1
make[2]: *** [/home/nroot/theos/makefiles/instance/application.mk:50: /home/nroot/TrollStore/TrollStore/.theos/obj/arm64/TrollStore.app/TrollStore] Error 2
make[1]: *** [/home/nroot/theos/makefiles/instance/application.mk:41: internal-application-all_] Error 2
make: *** [/home/nroot/theos/makefiles/master/rules.mk:146: TrollStore.all.application.variables] Error 2
make: Leaving directory '/home/nroot/TrollStore/TrollStore'

@naive kraken

you modified the code in an attempt to fix the issue but did it wrong?...

yes

//
//  TSCommonTCCServiceNames.h
//  IPAInfo
//
//  Created by Luke Noble on 30.10.22.
//

#import <Foundation/Foundation.h>

NSDictionary* CommonTCCServices() {
    return @{
        @"kTCCServicePhotos": @"Photo Library",
        @"kTCCServicePhotosAdd": @"Photo Library (Add)",
        @"kTCCServiceCamera": @"Camera",
        @"kTCCServiceMicrophone": @"Microphone",
        @"kTCCServiceAddressBook": @"Contacts",
        @"kTCCServiceCalendar": @"Calendars",
        @"kTCCServiceReminders": @"Reminders",
        @"kTCCServiceWillow": @"HomeKit",
        @"kTCCServiceGameCenterFriends": @"Game Center Friends",
        @"kTCCServiceExposureNotification": @"Exposure Notifications",
        @"kTCCServiceFocusStatus": @"Focus Status",
        @"kTCCServiceUserTracking": @"User Tracking",
        @"kTCCServiceFaceID": @"Face ID",
        @"kTCCServiceMediaLibrary": @"Apple Media Library",
        @"kTCCServiceMotion": @"Motion Sensors",
        @"kTCCServiceNearbyInteraction": @"Nearby Device Interaction",
        @"kTCCServiceBluetoothAlways": @"Bluetooth (Always)",
        @"kTCCServiceBluetoothWhileInUse": @"Bluetooth (While In Use)",
        @"kTCCServiceBluetoothPeripheral": @"Bluetooth (Peripherals)",
        @"kTCCServiceLocation": @"Location"
    };
}

new code

oh i think i fixed it

its building so far

damn

==> Linking application TrollStore (arm64)…
Undefined symbols for architecture arm64:
  "___isOSVersionAtLeast", referenced from:
      -[TSSettingsListController viewDidLoad] in TSSettingsListController.m.0b72d69c.o
ld: symbol(s) not found for architecture arm64
clang-11: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [/home/nroot/theos/makefiles/instance/application.mk:50: /home/nroot/TrollStore/TrollStore/.theos/obj/arm64/TrollStore.app/TrollStore] Error 1
make[2]: *** [/home/nroot/theos/makefiles/instance/application.mk:50: /home/nroot/TrollStore/TrollStore/.theos/obj/arm64/TrollStore.app/TrollStore] Error 2
make[1]: *** [/home/nroot/theos/makefiles/instance/application.mk:41: internal-application-all_] Error 2
make: *** [/home/nroot/theos/makefiles/master/rules.mk:146: TrollStore.all.application.variables] Error 2
make: Leaving directory '/home/nroot/TrollStore/TrollStore'

you need some additional stuff to compile availabilities on linux

I don't remember what it was called though

I tried asking this question in Genius Bar but no response and I think it might be more suited for development

I want to flash a rom on a SOIC8 chip with a soic8 chip clip and wanted to know if the iPhone can interact with a ch341a programmer over lightning to usb

ill ask in theos

#ifndef __APPLE__
int __isOSVersionAtLeast(int major, int minor, int patch) {
    NSOperatingSystemVersion version;
    version.majorVersion = major;
    version.minorVersion = minor;
    version.patchVersion = patch;
    return [[NSProcessInfo processInfo] isOperatingSystemAtLeastVersion:version];
}
#endif

add this

where?

the file

lo

lol

didnt change anything, i think i still need the compatabilities thing or whatever

https://x.com/tsoding/status/1764958211705045052?s=46

fr

most sane OOP head

Zig.

8i love zig

Zig is better than swift

It’s better than objc

your sentence is complex no way

(love zig) + 8i

Lmao

Definitely not a typo

the api design is very human.

@hasty ruin

No.

@grim sparrow minecraft launcher is electron

im actually gonna kms

Fuck off

Surely not

That’s mental

IT IS

im saying

electronites are actually leeches

Writes a game in Java
Makes the launcher in electron

Maniacal

funniest part of it all

could've written a nice cross platform in java

no they went for js

just insane lol

I bet some PM went java and js must be similar

LMFAO

this made me chuckle

It’s quite humerous

also quite saddening the js takeover of mobile apps

you couldnt tell LOL

i open the app

i press play minecraft

the app closes

no ofc i didn't notice

open the app

load web browser launcher

press play minecraft on secret web browser launcher

i got real responsibilities and ur telling me abt minecraft secret web browser launcher

man shut up

LOL

Prism launcher >

Yes

quite vague isn't it

a write-up would be helpful

The CVEs have no credits

Although you can guess what the bugs are from the descriptions

guessing work is fun

lol

kernel memory protections

KASLR?

Nah

Bigger than that

hmmm

Think about it literally

What protects kernel memory from being written to

KTTR?

It’s not KTRR no

KTRR is to write to __TEXT_EXEC

i forgor

I know :D

uhh final guess, KIP?

ik it's wrong

but i don't have a clue lol

Are you gonna try all of them

What’s KIP?

that worked and i got a little further

==> Signing TrollStore…
bash: line 1: ../Exploits/fastPathSign/fastPathSign: No such file or directory
make[2]: *** [/home/nroot/theos/makefiles/instance/application.mk:49: /home/nroot/TrollStore/TrollStore/.theos/obj/debug/TrollStore.app/TrollStore] Error 127
rm /home/nroot/TrollStore/TrollStore/.theos/obj/debug/TrollStore.app/TrollStore.60e94b38.unsigned
make[1]: *** [/home/nroot/theos/makefiles/instance/application.mk:41: internal-application-all_] Error 2
make: *** [/home/nroot/theos/makefiles/master/rules.mk:146: TrollStore.all.application.variables] Error 2

kernel Integrity Protection Ig

don't know if it's a thing

I’ve never heard of that

Same

probably SIP

There’s SIP on macOS?

but a ripoff

yh that

Anyways @torn cloud it’s PPL

Damn you gave it away

:c

@sonic totem

it's a thing

    substrate.MSHookMessageEx(objc.getClass("NCNotificationShortLookView").?.value, objc.sel("viewDidLoad").value, viewDidLoadHook, &ogviewdidload);

KIP actually exists

why is it erroring

it found the type it expected

Oh that’s just KTRR

But Apple’s name for it

Yeah I think it's KTRR

imagine if it wouldve been a sptm bypass

guess im updating anyway lol

Nah I think it’s KTRR

¯_(ツ)_/¯

Why

Oh

This is your best chance

you redacted me

And you are prob right

ngl

I am right

Because the screenshot you sent says it was introduced in A10

Which KTRR was

And KPP was A9

And KTRR uses the MMU/AMCC

The description of the thing made me think it's KTRR

Yea

But you said KPP

because im looking forward to ios 18 💯

I see

Where

Editing

Funny

@sonic totem ngl you should follow that awesome guy on twitter https://twitter.com/BibiFireDev

He seems very cool