#development

1 << 1 is screenshots and 1 << 4 is screen recordings iirc

hm

interesting

there could potentially be other bitflags then

there's 4 iirc

jevin made me aware of this api and I reversed it later

I saw 4 & calls so i assume there's at least 4

that or IDA was bugging lol

it's kind of crazy that this isn't public considering that a good amount of apps would benefit from this

did u reverse what each of them are for apart from the flags you stated

apple is j weird like that

fr

no fuck CA rendering code it's so hard to read when re'd 😭

way harder than anything else

hm lemme hop on that

fr

QuartzCore if you want to take a stab at it

dyld?

Yea

cool

it's not called CoreAnimation in dyld i think

QuartzCore

or smth like that

alr

huh @slender glade

if ( (unsigned int)x_log_hook_p(v84) )
    {
      v85 = " display";
      v86 = "";
      if ( (v83 & 0x100000) == 0 )
        v85 = "";
      v87 = " snapshot";
      if ( (v83 & 0x200000) == 0 )
        v87 = "";
      v88 = " unprotected";
      if ( (v83 & 0x400000) == 0 )
        v88 = "";
      v89 = " protected";
      if ( (v83 & 0x800000) == 0 )
        v89 = "";
      v90 = " inhibit-cloning";
      if ( (v83 & 0x1000000) == 0 )
        v90 = "";
      v91 = " occlusion-detection";
      if ( (v83 & 0x2000000) == 0 )
        v91 = "";
      v92 = " secure";
      if ( (v83 & 0x4000000) == 0 )
        v92 = "";
      if ( (v83 & 0x8000000) != 0 )
        v86 = " display-stream";
      v15 = x_log_(0LL, "(disableUpdateMask%s%s%s%s%s%s%s%s)", v85, v87, v88, v89, v90, v91, v92, v86);
    }

is this not it (need to shift the bits)

in CA::Render::Layer* CA::Render::Layer::show(CA::Render::Layer *this, const CGAffineTransform *a2, __int64 a3)

YEAH THIS IS IT

YES

way shorter when I re'd it

but yes that's it wtf

idk i took this from iOS 17.5 M4 iPad

oh iOS 17

I re'd it at 15

skull

i still don't think it changed that much

seems to have changed then (?)

maybe I just forgot

perhaps

so then if this is the same and the bits are shifted

it would be snapshot || inhibit-cloning ?

I think so

I should run it

i'll try condense that into a c func rn

also what I'm thinking is this probably needs to be shifted by >> 6×4 = 24 because this is probably passed a combination of all the other flags as well

making display start at (1 << 0)

u think IDA is tweaking?

no it's prob just passed into the function that way

I mean maybe if you specified structs

it would give u the correct shifts

but

cba

oh I see

@wooden yarrow

nothing is printed when(1 << 1) | (1 << 4) is passed in

shift all the masks by 24 bits to the right

oh ur right

im rart

fake...

<:

wait shift all the other flags or v83?

all

yea true

@wooden yarrow got occlusion-detection

wb (1 << 1)

wtf

1 << 1 alone is occulusion detection

oh

what

1 << 4 is nothing

??

ok maybe shifted too much

bc

occulusion detection is supposed to be like

way higher

yea maybe i did smth wrong

wait i'm a dumbass

the correct shift is 20

lmao

me when i can't math

💀

( snapshot inhibit-cloning)

yup

looks correct

hm yeah so what the hell is inhibit-cloning

im assuming screen rec

also what the hell is occlusion-detection doing there

lmao

that's like

3d vision

blocking

maybe added for visionOS?

hmm

maybe

i wonder what's printed if i pass in 0

one sec

oh nothing

not even display?

i mean

then all of the bits are 0

which means

nothing disabled

which is the default

if you pass in 1 you get display

(or atleast, you should)

true...

(1 << 1) | (1 << 4) | (1 << 2) | (1 << 3); produces

( snapshot unprotected protected inhibit-cloning)

why did apple include unprotected and protected

aren't they opposites of each other

no idea

i thought that like

0 by default would be unprotected

yeah

apparently apple is weird tho

idk

I'm interested in occlusion detection now

great read!

I’m a bit frustrated with hackingtosh, looking to get a Macbook to develop iOS tweaks. Is there a minimum age MacBook/MacOS required for developing iOS 16+ rootless tweaks?

not necessarily ig but i‘d recommend you to get a silicon mac instead of an old intel one

You can also use theos with wsl or linux

Unfortunately you can’t compile with WSL and the latest SDKs anymore

Yeah tbh I’d just get an m1 mba

I got my tweaks compiling with VMWare but the whole experience is super buggy

I use a qemu Mac vm on Linux and it works perfectly

Setup takes all in all (with downloads etc) maybe 3 or 4 hours

There only like $600 refurbished on amazon right?

great read, TIL using private APIs is as easy as obfuscating with b64 lol

do anyone have a neat way of showing alerts that wont get hidden/overriden by controllers doing fuckery? im balding

void promptForSettings(void (^completion)(NSString *settings)) {
    UIAlertController *alertController = [UIAlertController alertControllerWithTitle:@"Enter Settings"
                                                                             message:@"Please enter your settings in json format."
                                                                      preferredStyle:UIAlertControllerStyleAlert];

    [alertController addTextFieldWithConfigurationHandler:^(UITextField *textField) {
        textField.placeholder = @"Settings";
    }];

    UIAlertAction *submitAction = [UIAlertAction actionWithTitle:@"Submit" style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) {
        UITextField *settingsTextField = alertController.textFields.firstObject;
        NSString *settings = settingsTextField.text;
        completion(settings);
    }];

    [alertController addAction:submitAction];

    dispatch_async(dispatch_get_main_queue(), ^{
        UIViewController *rootViewController = [UIApplication.sharedApplication.keyWindow rootViewController];
        if (rootViewController.presentedViewController) {
            [rootViewController.presentedViewController presentViewController:alertController animated:YES completion:nil];
        } else {
            [rootViewController presentViewController:alertController animated:YES completion:nil];
        }
    });
}

icraze $9.99 tweak code

also why are you coding on your iPhone

do u not have your laptop with you

nah

damn

is ur iphone jbable

actually

Nexus sales have plummeted so he had to sell it :/

:/

suffering from the recent cracking of nexus drm

my screenshot shows Filza

misinformation

i am simply willing it into existence .

o

????

manifesting the rune crack 🙏

is there a way to spawn debugserver on jailed 17.4 without xcode ? maybe with personalised developer disk images

real?

inb4 people abuse this and they remove it

wait what

is that new

I mean you could upload pictures to the readme and your pfp so I'm sure they have a way to moderate background pictures

it kinda works on mobile

no

its also really hacky

w

ew

doesnt work at all in the app lmao

i was gonna say it allows arbitrary css injection

but it doesnt

you can only style the unicode element

you cant style anything around it

lol on my end i cant even click the github icon in the menubar when on your page

i.. can?

it only stops working when you try to preview the readme while on the repo

linux can't do newabi 😔

and i just fixed that

to even get a personalized dmg you need pymobiledevice3 or... xcode

yeah i am trying pymdevice now. i see that https://github.com/fritzlb/iOS17-JIT-WIN/blob/main/jit_enabler_better.py this file does the thing i want (and some more stuff) so i removed the more stuff and run it but i get pymobiledevice3 module not found. even though i installed that with pip

i mean, i guesss make sure you've installed it for the same python version you're running this with

because it quite literally just executes python -m as a subprocess

after the import

python in llvm directory somehow became the default :/ it shows the same version even after i run the official updater

i guess this is an env variable issue

I reversed this a while ago, Legizmo uses it

WHY CANT GITHUB ALWAYS BE LIKE THIS

wdym

why do you need to take advantage of a stupid bug in their latex parser to get image backgrounds on profiles

i didnt even notice it lol

or anywhere really

this works anywhere with a readme

\ce{$\unicode[goombafont; color:red; z-index: -1; position: fixed; top: 0; left: 0; height: 100%; object-fit: cover; width: 100%; opacity: 0.2; background-size: cover; background-image: url('https://github.com/acquitelol/acquitelol/blob/main/images/furina.png?raw=true%27);]{x0000}$}

how tf does that work

its an empty unicode character with css

i call it a pesb

partial element style bypass

because you cant modify all of the styles on the page

only the styles of that unicode element

the styles of anything like <h1> are sanitized to prevent.. well.. this

but latex isnt?

seemingly no

i wonder if xss is possible..

this was apparently introduced a month ago

does gh have a bug bounty program?

not possible unless you can get arbitrary code execution from css lmao

even if you can embed any image there, you cant run onerror you dont get the entire html element

you just get the css of it

i mean the image url is handled locally so maybe you could run an api endpoint

not really xss?

but still bad

its not handled locally because its not parsed by github in any passes

thats what i mean

its just a plain background-image: url('abc')

its handled client side

oh i see what you mean

auto star gh readme could be funny

holy shit wait whats the endpoint for that

wait would that even work

isnt starring a POST

or PATCH

url() would be GET

star is post yes

but im checking to see if css url can run post endpoints too

you cant exactly post in a css image

thats literally not what its designed for

no ofc not but theres always weird things added in spec

https://github.com/user/repo/star is the post req to star btw

i figured

mightve just given you access to my gh lol

what

i leaked some tokens

i.. dont use a message logger?

@torn oriole snipe please

no but i left it there for too long lol

it was in an image lol

just regenerate the tokens?

idek if the tokens are that bad to leak, they were in a network request from gh

I mean if you can get a token and send it anywhere you could access, that's a big

My guess is probably no

Those tokens can do anything that isnt sudo mode in web

so everything EXCEPT these

oops

how do i refresh them

if you log out it'll revoke that token

Which device opa said randomly panic on iOS 16?

@orchid fulcrum probably entitlements idk

Both app store and enterprise get more

forgot to include substrate in sideloadly thats why it crashed. i managed to change bundleid so nevermind thank you for the help

no clue why this happens though 😦

it is signed with dev cert so it should have the get-task-allow but maybe sideloadly messes with that

i tried to program something that renders to the screen

fn deref(Pointer size, ...) -> Word {
    #__MANUAL_RETURN__#;
    #%deref.val =w loadw %size.1#;
    #ret %deref.val#;
}

fn c_rand() -> Long {
    Long res = rand();
    return res;
}

fn random(Long lower, Long upper) -> Long {
    return (c_rand() % (upper - lower + 1)) + lower;
}

pub fn main() {
    String chars = "abcdefghijklmnopqrstuvwxyz123456789";
    Long scale = 1;
    Long rows = strlen(chars) * scale * 2;
    Long cols = strlen(chars) * scale;

    srand(time(0));

    while (true) {
        for i = 0 to rows {
            for j = 0 to cols {
                Long offset = random(0, strlen(chars) - 1);
                printf!("%c", deref(chars + offset));
            }

            printf!("\n");
        }

        printf!("\033[%ldA\033[%ldD", rows, cols);
    }
}

lmao

oh toggled is actually not even necessary anymore

i mean you can change bundleid without sideloadly but yeah sideloadly does the repacking for you

the matrix in elle

cmatrix in elle wen

yeah it was about this i think: Be aware that simply googling the bundle ID will not work because your sideloding software will modify it. This is because every bundle ID gets registered with Apple and then belongs to that particular Xcode team, therefore it can't be used by anyone else.

any idea about the connection issue ?

it modifies it if you apple id sign only
because it has to be registered with apple before being installed
it's called bundle id mangling

if you have an actual cert you can bypass that

right, i have an ad-hoc cert but i need get-task-allow. my goal is to use lldb to debug the app

yeah then you'd need another tool to sign the ipa with your cert

rather then going through apple id

i mean changing the bundle id seems like it does the trick

fair enough

Hey was hoping someoone could help me again real quick lol, I went to download xcode to try and give entitlements to a ipa that I was showed in here by some cool people but I just saw that you need a mac for xcode and honestly its kinda above my level of understanding right now my head hurts. is it possible that one of you can do the no sandbox entitlement on a ipa for me?

it doesn't work like that, you need to either be jailbroken or have trollstore to use custom entitlements

Yea Im both lol

then even tools like trollsign would help you do that

the ipa for some reason after jailbreak cant leave its sandbox due to im assuming the built in file browser it uses vs going through the files app

ahh okay I figured there was something easier I just wasnt aware

Thank you

why is there assembly

theres no explicit pointer dereferencing in elle yet

fix that

i will once i figure out how to parse it

you don't need xcode to modify entitlements

just ldid

Namely of an already published ipa

Who’s the gayass

Who deleted that

bibi

Show yourself

Well guess I’m learning swift now since new mac and apple killing objective-c :(

I think im missing something lol

I got Apple file conduit 2, I got ldid from sileo, and I got the updated trial version of imazing. The root remains loooping indefinetly

NOOOOO

So this is a common issue, just gotta rinstall afc and ldid at the same time and then respring

Blame apple

WAIT SERIOUSLY???

i didn’t think apple would actually kill objc

wait Lillie is being serious?

Whar

idk

it’s probably satire but i’m playing along

You said it was more elegant

you’re definitely not using the right afc2

not that you should ever use it…because it’s a security hole

go use rsync or sftp or whatever

thank you I thought thats what I should use lol

Does it matter where I put the key or can I put it at the top or bottom?

order is irrelevant

it just needs to be formatted correctly

Thanks!

Ok I just added it to the top

i think that should work

i’d be surprised if it didn’t

Yeah that should work fine

Only thing is that its been installing since then lol gonna retry

okay so I went back and installed the edited ipa via trollstore , it installed pretty quickly but the app just crashes

Check crash logs

Im testing out the original ipa i edited first to see if that installs and runs correctly before I say its something wrong with the edit

I’m not sure if it cares but the indentation is messed up on your true key

Okay yea the original unedited ipa installs and opens fine, how do I do the crash logs

ahh yea I definetly just pressed space a few times let me try and fix that syntax

Settings > Privacy > Analytics & Improvements > Analytics Data

Search for your app name

ok let me pull them up

Shouldn’t matter unless some are tabs

Alright so the app is not showing up, is it in order by date? I see trollsign has a entry in here but nothing for RetroArch

I did use a tab to fix it

So this is what I did lol

I am going to return to this lmao

How does one compile golang code to an iOS binary? Do I need to use theos?

Mfw working with pointers

wtf why is apple killing obj-c

that's like

the first time I hear of this

u still can

there are Unsafe pointers in swift

it's a big pain

yeah because it tries to not make your program crash

troll

Mfw I can’t access random memory without the language warning me

the language should not warn you if you are making it explicit that you want to do this

When the language doesn’t warn you for accessing random memory

C

The fuck

Idk which keys they’re scraping

But uhh

Eh, was just joking cause I plan to learn swift now.

It doesn’t, !

what is the point of using std::popcount since __builtin_popcount faster

__builtin_popcount is a compiler extension

std::popcount i think should be in the standard

given it's in the std namespace

i hope so

i mean if i am being pedantic

std::experimental isn't

so

also std::tr1

Oh

Scam

brother just cropped this from “when the bedtime got severe thunderstorm warning” and thought nobody would notice

is it bad? or it doesn’t matter if I use gcc or clang

https://fixupx.com/vxunderground/status/1799257529802760589

POPulation COUNT

it basically just means

in a given integer

how many bits set to 1

We aren’t even friends on discord, lmao

bro

this is for x86(_64)

you're a m

any good way to check if a bin is in the dsc for ios 13 and below? (dyld_shared_cache_contains_path didn't exist yet)

captinc not be an obnoxious member of #development challenge (hard)

i see no issue

W3n et4 jelbrek ios 18 @grave sparrow

can’t you simply get an ios 13 sdk and open dyld shared cache in ida and see if it’s there

need at runtime

fine..

oh

is this supposed to be permanent or

because if it isn’t you can always use lldb i think

dlopen

Hey guys, I had someone tell me to add [platform-application] as a entitlement as well as [com.apple.private.security.storage.AppDataContainers] in order to fix a issue I was having earlier, how do I add platform application?

I added the <key>com.apple.private.security.no-sandbox</key> <true/> so would I do <platform-application> <true/>

yes

ok cool and then below that I add <key>com.apple.private.security.storage.AppDataContainers</key> <true/>

<platform-application>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>

or

<key>platform-application</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>

2nd one

woke

Ok so I tried the second one and the app did not crash but I did not add the sandbox line so I still could not access that file path now Im going to try it with the sandbox line

So there’s something wrong with giving it no sandbox as it just crashes.

This crashes

But this doesnt

@unkempt magnet do you know why fileglob->fg_data may be 0? I’m trying to implement getVnodeAtPath for iOS 14, I’ve checked all my offsets (they’re correct) but I can’t figure out why it is zero all good, I’ve figured it out

I’ve got a file descriptor for the file, so it should be open and in my proc struct as usual

chdir also does not work as I cannot chdir to the path of my binary

im thinking of starting a completely new language building on what ive learned so far

lmao

i will make the most minimal syntax ever

like for real this time

imagine this

main(int arg1) int {
    int a 5;
    int b 10;
    int res a + b;

    if res > 20 printf("yay")
    else printf("nay")

    return 0
}

no =

no brackets

ok well it wont be completely new, im basically just gonna make a new branch and start from scratch

and i also wanna try compiling for llvm ir instead of qbe ir

This just makes it less readable imo

well i found a way to make it oh so much less readable

introducing

main(a 5, b 10) {
    res a + b > 20 ? fmt.log("yay") : fmt.err("noo")
    return 0
}
``` hell

✨

Assigns res the sum then compares it with 20 right

I am good with c thanks 😂

if im gonna actually make some syntax itll probably be like this maybe?

use std

info {
    i32 first
    i32 second
}

int32 add(ptr<info> arg) {
    return (*info).first + (*info).second
}

int32 main() {
    info data = {
        first: 5
        second: 10
    }

    log("%d\n", add(&data))
    return 0
}

maybe???

ive thought really hard about it this time

Ive compiled a golang binary for iOS using:

CC=$(pwd)/clangwrap.sh env CGO_ENABLED=1 GOOS=ios GOARCH=arm64 go build -ldflags "-s -w" -o ./main_darwin ./

However when I try and run it I get

- zsh: killed  ./"main_darwin"

Also when trying to sign it I get

- ldid: Unknown header magic
- Are you sure that is a Mach-O?

I built the binary on my m series mac, and im trying to run it on my iPad running iOS 16.

This is my first time compiling for iOS, so I dont really know

What ldid cmd are you using

Send the command you used

Keep = please

@radiant idol this is what im moving forwards with

ok but why ptr<info>

Like what does that mean

Why not just info *

ptr<info> makes more sense to me idk

But you use * elsewhere

Besides, * is the universal symbol for a pointer

dereferencing is different to declaring its a pointer but you make a good point

ldid -S ent.xml ./main_darwin

That's why

ldid -Sent.xml ./main_darwin

Do that and it should work

now im getting ldid: operator(): Operation not permitted

could there be a problem with my ent.xml?

The binary is owned by root probably

Just change the owner of the file or run ldid with sudo

Ok the group owner was "wheel" so I set it to "mobile." ldid runs without any errors but I still get get zsh: killed ./main_darwin

Is this a sining issue? Or a compiling issue?

did you actually give it entitlements?

What jailbreak are you using? And where is the file location

Dopamine 2.0. File location is in var/mobile/documents/

Put it somewhere in /var/jb

alright

it runs!

no way

thanks for helping me

yeah i mean it’s not that difficult to build go packages on a jailbreak

the whole go package manager is there

or whatever they do

yeah. Ive just never done it before.

So it is possible to target older versions of iOS?

Like armv7

yeah

alright, do I have to use an older sdk?

you can probably just use whatever one is on the theos github

ill give it a shot

-go: unsupported GOOS/GOARCH pair ios/arm

Not a great start 😓

I thought I read somewhere that go doesnt support armv7 anymore and I have to use go 1.14? not sure if thats true

oh if that’s the case i guess

what do you intend to even support

my great grandfathers A4

why would you want armv7

can you please have some delimitior to if statments?

whitespace significant language's are the worst

yes

inline nothing, if you want multiple lines wrap in {}

tbh I've been liking the way lua does it

with end?

i like that too but i feel like it would be hard to parse

Yeah but also else or elseif can end them

I don't think it would be harder to parse than braces

Have something to signify the end of the if part (lua uses then) and then you just have end as a keyword

Idk I don't write languages but from what I've heard, lua is one of the easier languages to parse

Bash if also similar to this with the fi

what that's easy to read
function takes a and b as input
but you set a default of 5,10
resolve if a + b is greater than 20
log yay if true
print error with noo if false

lol

do we just not know about ternary conditions

Because I have an older Apple TV that I want to run a super simple discord bot on. The discord bot just starts up another PC I’m using as a Minecraft server.

I want to use the Apple TV because

A) I have it lying around and might as well use it

B) My raspberry pi is in use right now for other things

AppleTVware

Knew that would summon whitetail

ios disallows running binaries most places

bru

which one

i was replying to something i know because it fucked me over during spartan development

I’m assuming a 3rd gen

Just a shot in the dark

swift 4.2

the dark years

all 10 of my 2nd gens are on 6.2.1

It’s a 2nd gen 😬

Rule 1 of swift usage, we don’t talk about swifts past

oh

alright

so

step 1: downgrade it to apple tv software 5.3

aka ios 6.1.4

i hope you like objective c

https://secure-appldnld.apple.com/AppleTV/091-5256.20130618.MagBg/AppleTV2,1_5.3_10B809_Restore.ipsw
drop the fucker into DFU mode and restore with itunes

then untether jb with blackb0x
https://ios.cfw.guide/installing-blackb0x/

you now have jailbroken apple tv running ios 6. it's basically an iphone 4 but worse

the iPhone 4 runs iOS 7

yes so does the tv 2

but you cant untether jb latest tv software on the tv 2

so we downgrade to 5.3 (ios 6.1.4 based)

is the tv 2 the one I have?

idk

Time to make one

from this, you can follow This Guide
https://bazad.github.io/2018/04/xcode-command-line-targets-ios/

to make command line binary

do whatever you want with this

it will be objective c unless you want to deal with old swift (don't)

Hmm

if a library supports ios 6, it supports tv 2 on 5.3

because tv software 5.3 is actually ios 6 just with like all the UI ripped out and a webapp shoved in its place

Oh the TV UI is a web app🤢

yes

sort of

but mostly yes

thats a tv 3

revised model

update it to 7.9

Raagh I love frontrow

thanks

So it has to be objective c?

Was hoping go would work

it has to compile to an armv7 mach-o

with an ios 6.1 sdk

however you do this

idk up to you

i personally use objc or swift

Lmfao

do it with itunes

Surely pull logs

Idk how to pull logs with old tv’s

Probably cause it's jailbrookeb

yea

Me when ota binaries renamed

Do I need to download old version of Xcode? To get the sdk

Probably

yes

What's even the benifit of updating it?

79 > 74

What version of Xcode

xcode 4.6.3 will have it

Alright

i mean signal 9 is codesigning
sandbox is another thing

ldid -S binary

How would I even plug this thing into my computer to update it?

the micro usb port

Ugh I have to remember the link to download old xcodes versions

https://xcodereleases.com/

use xcodes or that ^

lol

it lists like all the sdk versions

look on the back for just a moment

i love xcodereleases i have 7 xcode versions downloaded

cable

Which one?

Ethernet?

no.

my guy look under the hdmi port

spot the USB port

Oh it was hiding

i need me that one slim micro usb cable that can let me plug in both hdmi and the micro usb cable

i forgot where to find it

i have a slim hdmi cable

or just get a slimmer hdmi cable smh

or a right angle one?

lol

Just solder wires from the pins to an hdmi cable so it doesn't get in the way

i wanna usb-c mod an apple tv tbh

but sadly the hdmi and microusb are "one port" at a motherboard level

so its a bit iffy

MagSafe mod a Apple TV

403 forbidden why 😭

sign in to developer.apple.com

what errored

I did

Trying to download Xcode

just get it from developer.apple.com then

i think i had to do that

old version of xcode

Ok

Just use force smh my head

jesus christ

You don’t need to see the hdmi output while restoring

yeah but its funnier

Ok but I can anyways

Fair

ok its not decting it

let me see if this cable works

power only cable

probable is

I just have a bag of cables so let me pull that out

this one says logitech so it probably has data

oh it just shows up

old apple tv

Go 1.14

It’s only like 4 years old

I’m sure it’s fine

should I also erase this when I update?

intresting it doesn't use the appletv versions on here

correct, those are "marketing versions" and only in the Info.plist

but the build matches the one listed on the appledb

each TV Software version for the tv 2 and 3 are based off ios versions

Yeah but if I didn't I wouldn't get to see this

Wow. Yeah I never knew they had that

Give me 1 good reason why Apple

Well it’s fine right, I just need the SDK

wow my tv is now stuck in recovery

Excellent

yeah I tried restoring with iTunes as well and its still stuck in recovery

u have a problem

i know this already

like why jus why

what do u even use them for ?

No way they actually had the pop up to setup your device on this Apple TV

Doesn't work on modern iOS anymore sadly

Also I don't think it was a recovery loop I think it just boots to recovery if plugged into a computer

Does anybody here know Orion?

any of yall know what im doing wrong? im trying to link against irecovery but -llibirecovery isnt working

collect2: error: ld returned 1 exit status```

its not just -lirecovery either, i have it installed to /usr/local/lib

fixed it, just needed to add -1.0

I actually got it to build for armv7

Swiftttttttttttttt https://github.com/LillieH1000/YouTube-Reborn/blob/swift-v5/Sources/YouTubeReborn/Tweak.x.swift

Cut off from what

If you injure a cat, everybody gonna be hunting you down, lol

Should every single app crash be recorded in the system analytics log? The app I was working on for entitlements kept crashing upon opening and when I typed in the name it was nowhere in there. Whats a good way to see why crashes happen?

Perfect thank you!

so do i use springboard for a ls clock tweak?

good thing cats cant use discord then

@frail cedar (sorry for ping but you seem to be an expert in this) Is it possible to replace the default Apple TV UI to load a custom executable instead?

no

you can use a launchdaemon though

launchd on ios is basically the same as launchd on macos, same file structure n stuff

make sure file permissions and owners are right, launchctl load and launchctl start

Gm icraze

Gm

who said

Hello iCraze

I wont

yes we do it’s just the res a + b > 20

the fact its stored into a variable and then that variable is checked for the condition

you can use it by running binary itself

But I’m using discord right now :)

Meeooww

https://tenor.com/view/dies-of-cringe-cringe-gif-20747133

see whenever i say this i get 1984ed

smh

I already did it once

#1239563157178023996 message

#unknown smh

sorry to hear

when do i get orange name chat

it’s kirbistan server

oh

Its kirbs server

buy 100 copies of rune for entry

my point still stands

done

https://tenor.com/view/shiggy-explode-shiggy-explode-gif-13187176751879755548

You just have to become upside down then kirb will let you join.

Flora users

hello orange names of kirbistan

i’m gonna ask like 2000 questions per day

@lime pivot well we need another invite to kirbistan

🙃

the land of the kirbs

since when was the small home bar popular

i thought it was only me

Curbistan or something idk I don’t live in Australia

it used to be even smaller actually

clowns

why does your about me look like litten’s tweaks

Close, its this

i thought it was like thi

Australia is upside down

?

leik this?

guys it finally happened.

fn ltod(long n) -> double {
    #__MANUAL_RETURN__#;
    #%cast.internal =d ultof %n.1#;
    #ret %cast.internal#;
}

fn fact(long n) -> long {
    if (n <= 1) {
        return n;
    }

    return n * fact(n - 1);
}

fn get_euler_number() {
    double res = 2.0;

    for long i = 2 to 12 {
        res += 1.0 / ltod(fact(i));
    }

    return res;
}

pub fn main() {
    double n = get_euler_number();
    printf!("e = %.20f\n", n);

    return 0;
}

lowercase types.

i need to make actual casting syntax now lmao

instead of the ltod shit

is ltod just like

raw ir

yes

because theres no type convesion syntax

and i needed to convert the result from factorial into a double

in the IL file it literally just puts

function d $ltod(l %n.1) {
@start
    %cast.internal =d ultof %n.1
    ret %cast.internal
}

lmao

also can u not do something like multiply a long by like 1.0 to implicitly cast it to a float

/double

no because it doesnt do a cast it literally just tries to force it to be a different type

thats what i need to do AFTER

erm

so like

it just interprets it as a different type?

yes lmao

if i write

pub fn main() {
    long a = 1000000;
    printf!("%f", 1.0 * a);
}

like *(type*)&thing casting?

it does this

export function w $main() {
@start
    %a.1 =l copy 1000000
    %tmp.3 =d copy d_10
    %tmp.4 =d copy d_10
    %tmp.5 =d div %tmp.3, %tmp.4
    %tmp.6 =d copy %tmp.5
    %tmp.7 =d copy %a.1
    %tmp.8 =d mul %tmp.6, %tmp.7
    %tmp.9.10 =w call $printf(l $main.2, ..., d %tmp.8)
    ret
}
data $main.2 = { b "%f", b 0 }

see how %a.1 is defined as a long

but in the mul it just kinda says "%a.1 is actually a double tyvm"

so thjs

yes

hm

lazy ass compiler

except it throws a compile time error

oh

it expects the type of copy to be l

hm surely u just impl it in ur lang to do implicit casts

if you ACTUALLY want to cast it you need to use the ultof thing

so you don't have to write ass code

i know thats what i need to do next

after i implement this res += 1.0 / (double)fact(i);

ah

ill implement implicit casting of the operations to the correct type

itll follow the rules i mentioned a while ago

if one of them is a float, make both of them floats

if one of them is a long, make both of them longs

what

you have these operations

so then

what if one is a float

and the other is a long

both rules apply and you get a longfloat

single to signed int, single to unsigned int, double to signed int, etc

..aka a double

skulley~2

trolled

i did it

fn fact(long n) -> long {
    if (n <= 1) {
        return n;
    }

    return n * fact(n - 1);
}

fn get_e() {
    double res = 2.0;

    for long i = 2 to 12 {
        res += 1.0 / (double)fact(i);
    }

    return res;
}

pub fn main() {
    double e = get_e();
    printf!("e = %.20f\n", e);

    return 0;
}

it wasnt that bad to actually compile it

AstNode::Conversion {
    r#type: second_str,
    value,
} => {
    let second = ValueKind::String(second_str).to_type_string().unwrap();
    let (first, val) = self
        .generate_statement(func, module, *value.clone(), ty)
        .unwrap();

    if first == second {
        return Some((first, val));
    } else {
        let conv = self
            .new_var(&second, &format!("tmp.{}", self.tmp_counter), true)
            .unwrap();
        self.tmp_counter += 1;

        func.borrow_mut().assign_instruction(
            conv.clone(),
            second.clone(),
            Instruction::Conversion(first, second.clone(), val),
        );

        return Some((second, conv));
    }
}

Self::Conversion(first, second, value) => {
    write!(
        formatter,
        "{}to{} {}",
        if first.is_float() {
            first.to_string()
        } else {
            format!("s{}", first)
        },
        if second.is_float() { "f" } else { "i" },
        value
    )
}

now i can do implicit conversions because the basis is there

that worked like first try i was so surprised

#jailbreak message 🥺 pls help

Is syslog the steps you take to activate sysdiagnose which is holding the volume and power button? I didnt see anything for syslog on a ipad besides that lol. Also since im on dopamine and its a rootless jailbreak I cant use Cr4shed, should I use derootifier on cr4shed or will that defeat its purpose? Im down to do a rootful jb if it gets me closer

Cool appreciate the help, I dont have a mac so Ill go the other route

ok i did implicit type conversions @wooden yarrow

its not exactly pretty

fn convert_to_type(
    &mut self,
    func: &RefCell<Function>,
    first: Type,
    second: Type,
    val: Value,
) -> (Type, Value) {
    if first == second {
        return (first, val);
    } else if first.is_int() && second.is_int() {
        let conv = self
            .new_var(&second, &format!("tmp.{}", self.tmp_counter), true)
            .unwrap();
        self.tmp_counter += 1;

        let is_first_higher = first.weight() > second.weight();

        func.borrow_mut().assign_instruction(
            conv.clone(),
            if is_first_higher {
                first.clone()
            } else {
                second.clone()
            },
            Instruction::Extension(first, val),
        );

        return (second, conv);
    } else {
        let conv = self
            .new_var(&second, &format!("tmp.{}", self.tmp_counter), true)
            .unwrap();
        self.tmp_counter += 1;

        func.borrow_mut().assign_instruction(
            conv.clone(),
            second.clone(),
            Instruction::Conversion(first, second.clone(), val),
        );

        return (second, conv);
    }
}

but it works

weight is just this

brackets are no longer mandatory !!!!!!!!!!!!!!

fn fact(long n) -> long {
    if n <= 1 {
        return 1;
    }

    return n * fact(n - 1);
}

its a tiny change but it makes the code easier to read imo

you can still include them because itll just parse it like a wrapped statement

i also fixed types for constants that are returned by functions

it now infers that the literal 1 returned by factorial is a long

because the return type is a long

it didnt do that before you either had to say

long res = 1;
return res;

or

return (long)1;
``` lmao

@grave sparrow you can’t inline assembly but you can inline the IR code like this

ltod in that message runs IR code directly

C compiles with a bunch of different IRs though no?

i see

but would the syscalls automatically be parsed for the right arch?

ah

i der

see

that sounds about right lmfao

im not sure what easier way you could have to do this

and you need asm for that???? surely C has primitives to get the current shell environment

oh.

i thought you were just running like oh ls /dist

tweaker

and THIS is why zefram will never release

im not trying to be sarcastic but 8k lines of assembly is basically impossible to maintain

you should write your own higher level language to compile to that assembly specifically designed for zefram

real, cuz u get that fine grain control the compiler sometimes fucks up

homepod mini apps lol

ok that’s true

i agree ther

e

I need a ddi

does a tvos developer disk image work lol

I'm going to fruit ninja on you

y’all will love this mandatory node dependency for compiling elle code

/**
!! THIS FILE IS TEMPORARY !!

* QBE compiles floating point constant data sections with the incorrect name
* This file simply replaces all instances of "Lfp(some number):" with "_Lfp(some number):"
which files this issue.
* The developer of QBE is aware of this and this will probably be fixed in the next release.
*/

const fs = require("fs"); // Necessary because this isn't a module
const inputFile = process.argv[2];
const file = fs.readFileSync(inputFile);

const out = file.toString();
console.log(out.replace(/Lfp(\d+):/g, "_Lfp$1:"));

fuck sip hash as well

writing that in asm was hell

@grave sparrow how do you do a regex replace /Lfp(\d+):/g with _Lfp$1: in the terminal for a whole text file because i cannot figure out how

ive tried a bunch of different tools

needed to do runtime string discrims in shc

why the fuck does llvm ir contain so much fucking metadata

😭😭😭😭

80% of the file is just metadata istg

shit work wonders tho

strcmp

but that aint as fun

the most i ever wrote in asm was a calculator to do the basic add sub mul div operations on 2 numbers from stdin

and that was hell enough

im not sure if stuff like atol is pure

hang on let me get home first to get to the asm

i already have the regex i just need to figure out how to replace it in the file

i tried awk and sed and failed but i’ll try again

i know yea

you need to make joe.txt.tmp, mv, then rm

yeah

oh well

better than needing node and doing it through js

for Mac just use gsed instead to be honest

why does the homepod have port 53 open and why does it work

for libimobile im using a guide that states to type a command, connect my device, replicate the crash, and then type ctrl c to exit. that first command I type do I press enter to execute it? I only ask because I ran it and it says that the function is not recognized lol

sideloading !

so I didnt see a .exe in here to install lol the guide just said to right click the folder and open it with powershell

yea I read the github and it only had instructions for ubuntu/linux and nothing for windows lol

Yea thats fine I just wasnt sure how they want me to open this smh

you're missing a dot mate

I redid it with the dot thats the wrong screenshot but same error

send screenshot

in the same screenshot type dir command too

dir command brings up this

you downloaded the source code

not the binaries 😭

NICE

lmaoo

whats funny is that I was gonna ask earlier because I ran into this like 2 hours ago but windows decided to take a dump with my screenshots folder. so every time I try to do something I run into another issue lmao.

wait because I swear I chose the top one

actually I think it could be this

that's not binaries

that's source code

Ah I usually go to releases when I get stuff from github, im searching through the files and not seeing binaries. where is that usually located

Ok so I found that the main repo does not have a windows build but someone else has the binaries build for windows on a different github, Thank you!

ok so

misagent does not exist

so sideloading on the homepod is not a possibility

how do app devs test deployment for homepods lol

ok so got idevicesyslog to work, but its writing lines of code indefinitely 💀 how do I stop it

Ctrl C

got it, so the idea is to get it to run, immediately recreate the crash and then stop it?

lowkey I feel bad for who has to work with this on the day to day there should have been a easier way than a wall of script coming at you every second lmao

so what are you trying to do

trying to get the crash log for a app that im adding custom entitlements to but wont open after adding the no sandbox entitlement

Basically the app Retroarch has a file browser to look for files inside its own folder and it also has the option to start at "/" but it doesnt have permission to go past /private/var as it shows nothing inside of var. Im trying to get it to run unsandboxed and with no restrictions so that it can navigate to the usb device that I have connected to the ipad. I was able to give it no sandbox permissions etc but for some reason it crashes upon opening. Someone online gave me another entitlement to add to it that also gave it access to all data containers on the system and spaen arbitrary binaries and this entitlement works on its own but Retroarch still wont show anything past /private/var and when I add this entitlement as well as the no sandbox entitlement the app wont open and it just crashes.

so im thinking that the no sandbox entitlement is the one I need but its causing the app to crash so im hoping that I can see why its crashing with this log

Well try accessing the crashlog from Settings > Privacy > Analytics

This much is his issue apparently

As it doesn’t show up there

Hmmm interesting

yes^

its not showing up in there lol

Unless the retroarch binary name is different to the app name

maybe lldb?

idk

Which for context, it uses in the crash logs

I was thinking that as well, so I started typing libretro and just scrolling through the logs with todays date but wasnt seeing it tbh

GUYS

its a bit squished

but its A DONUT

THE DONUT

YEAAAH

holy moly a donut .

oh my god there's two of them

FOUR OF THEM

EIGHT OF THEM

whgar

fixed ,,,,,,,,,,,,

holy moly a donut .

oh and uh

the code

fn deref(pointer size) -> int {
    #__MANUAL_RETURN__#;
    #%deref.val =w loadsb %size.1#;
    #ret %deref.val#;
}

pub fn main() {
    double A = 0;
    double B = 0;
    double i = 0;
    double j = 0;
    double zbuff[4400];
    char b[4400];

    string lighting = ".,-~:;=!*#$@";

    printf("\x1b[2J");

    while (true) {
        memset(b, 32, 4400);
        memset(zbuff, 0, 4400 * 8);

        for j = 0 to 6.28 step 0.07 {
            for i = 0 to 6.28 step 0.02 {
                double c = sin(i);
                double d = cos(j);
                double e = sin(A);
                double f = sin(j);
                double g = cos(A);
                double h = d + 2;
                double D = 1 / (c * h * e + f * g + 5);
                double l = cos(i);
                double m = cos(B);
                double n = sin(B);
                double t = c * h * g - f * e;
                int x = 100 + 120 * D * (l * h * m - t * n);
                int y = 12 + 15 * D * (l * h * n + t * m);
                int o = x + 200 * y;
                int N = 8 * ((f * e - c * d * g) * m - c * d * e - f * g - l * d * n);

                if (22 > y && y > 0 && x > 0 && 200 > x && D > zbuff[o]) {
                    zbuff[o] = D;

                    if N > 0 {
                        b[o] = deref(lighting + N % strlen(lighting));
                    } else {
                        b[o] = deref(lighting);
                    }
                }
            }
        }

        printf("\x1b[H");

        for k = 0 to 1100 {
            if k % 50 {
                printf!("%c", b[k]);
            } else {
                printf!("\n");
            }
        }

        A += 0.004;
        B += 0.002;
    }

    return 0;
}

donut C:

Make tweaks (or develop anything useful) ❌
Donut ✅

thats cool af though

I saw someone change their terminal colours to red and create a dragon like this and it looked really cool because it was really detailed

ive been trying to get the donut to work for so long

this is a huge accomplishment for me

there weren’t proper implicit type conversions nor could you explicitly convert between types before which made this pretty much impossible to do before today

lmfao was it animated tho

not that i particularly animated this myself i just ported over the donut.c code

Naw it wasn't animated

probably still cool tho

i looked into the math behind the donut spinning and it’s so complicated

i could barely understand it

What would a crash error look like? im looking for <error> but Idk if I should try reading through all of the lines since I cant use Ctrl+F in powershell and dont want to get lost lol

so far I see this as the first error since I opened RA

but I dont think thats anything

It might be this!

I think I found the errors guys

Yeah it probably is complicated asf

wait I don't think thats like how the donut is made

it still looks really cool whatever it is

wtf

thats so cool

genuinely

what the fuck

ikr!

@torn oriole I finally got the crash logs you told me to check, would this be the whats causing the crash? its the only major thing im seeing and it repeats multiple times

do you have bold text enabled or something

Ah yea im super blind lol

turn it off or you have to add a special entitlement

<key>com.apple.security.iokit-user-client-class</key>
<array>
<string>RootDomainUserClient</string>
<string>AppleSMCClient</string>
<string>AppleSEPUserClient</string>
<string>AppleNVMeEANUC</string>
<string>IOAVDeviceUserClient</string>
<string>IODPDeviceUserClient</string>
<string>AGXCommandQueue</string>
<string>AGXDevice</string>
<string>AGXDeviceUserClient</string>
<string>AGXSharedUserClient</string>
<string>IOAccelContext</string>
<string>IOAccelContext2</string>
<string>IOAccelDevice</string>
<string>IOAccelDevice2</string>
<string>IOAccelSharedUserClient</string>
<string>IOAccelSharedUserClient2</string>
<string>IOAccelSubmitter2</string>
<string>IOSurfaceRootUserClient</string>
<string>AGXGLContext</string>
<string>AppleCredentialManagerUserClient</string>
<string>AppleHPMUserClient</string>
<string>AppleJPEGDriverUserClient</string>
<string>AppleUSBHostDeviceUserClient</string>
<string>AppleUSBHostInterfaceUserClient</string>
<string>H11ANEInDirectPathClient</string>
<string>IOAVControllerConcreteUserClient</string>
<string>IOHIDEventServiceFastPathUserClient</string>
<string>IOHIDLibUserClient</string>
<string>IOMobileFramebufferUserClient</string>
<string>IOReportUserClient</string>
<string>IOSurfaceAcceleratorClient</string>
<string>IOTimeSyncClockManagerUserClient</string>
<string>IOTimeSyncDomainUserClient</string>
<string>IOTimeSyncgPTPManagerUserClient</string>
<string>IOUserServer</string>
<string>AppleBasebandUserClient</string>
<string>AppleBasebandPCIUserClient</string>
</array>

you need this

that’s like an ios 14 change, need entitlements for bold text

you probably don’t need all these but for simplicity sake i ripped it from sileo

the retroarch people should probably have that entitlement for deb installs

they probably don’t know about it

Ah so the bold text is what broke that, I actually found later down the line that it created a crash log.ips i was about to open it

this is so stupid