#development

I have never used seprmvr64 but I assume you need the rootfs

uhhh

let me just show you what i asked mineek but he's asleep rn

would make sense its 6:30 for em

i just used the right cmd key for the first time in my life

crazy

i refuse to use the right shift key though

i use it a lot actually

psycho behavior

its cause my left hand will be busy holding something in place

and im trying to look something up

i can so take that out of context

but i will not

nightwind if you knew the full extent of how i interact with technology you would probably want to kill me

to find someone's account on twitter, i will go to the notifications tab and scroll down until i see the most recent notification with their name

okay so essentially i got a 14.1 ipsw file downloaded. Converted ipsw part into .zip ran it through archive utility. Extracted it. Then when i run this command “asr -source "ipsw/$(/usr/bin/plutil -extract "BuildIdentities".0."Manifest"."OS"."Info"."Path" xml1 -o - ipsw/BuildManifest.plist | grep '<string>' |cut -d> -f2 |cut -d< -f1 | head -1)" -target out.dmg --embed -erase -noprompt --chunkchecksum --puppetstrings” to create an ASR image i get the error

you try and install an avaya partner system with only two hands

oh are we downgrading

nice

now i don’t know what this means “XSTA start 567.120.2 client
XSTA setup
Validating target...done
XSTA metadata
Validating source...
Could not recognize "/Users/username/ipsw" as an image file
Could not validate source - Invalid argument
XSTA fail”

that is not what i meant.

yeah haha he said his guide not up to date currently but i’m trying to play around with it

cd into ipsw, remove the ipsw/ part of your argument

see what it says

okay

what DID you mean

gl, tether downgrading was such a pain for me since i was going from iOS 12 -> iOS 11 and the guides that werre out there were not really fully compatible with iOS 12 -> older

well the new extracted ipsw ends with restore

don't worry about it

tell

it's pretty much common sense

see

i dont have that

thats the issue

yeah but apparently main OS doesn’t matter when you dual boot even though it’s really finicky

well

nightwind you will find that i have a baffling lack of so called common knowledge

some iOS versions dont have certain stuff

look at the messages again

you will understand

i hope

you developed something really big but i can’t put my finger on it

i’ve seen “night wind” before

wannacry

Jade/OneSettings/Bolders Reborn/SearchDots

UICollectionViewCompositionalLayout makes me want to cry

what are you cooking

cause currently im dealing with the worst kind of bug: apple potentially removing the private api i was using

hehehehehehehhe

im messing around with the sharesheet

i see

idk why the spacing is wonky

Was it literally just

I completely missed something

?

The function to set this had some options to set some parameters

But based on my code

They weren't used

So I removed them

🔥

Well i looked back at the code and locationDeliveryBehavior was set to 2

but I think I got that bit lost

if it works now....

you should reverse enginner the enum names too

idc enough

do it for the sake of your own sanity

#import <Foundation/Foundation.h>
#import <CoreLocation/CoreLocation.h>
@interface CLSimulationManager : NSObject {

    double _locationDistance;
    double _locationInterval;
    double _locationSpeed;
    unsigned char _locationRepeatBehavior;
    unsigned char _locationDeliveryBehavior;
    NSXPCConnection* _connection;

}

@property (nonatomic,retain) NSXPCConnection * connection;                        //@synthesize connection=_connection - In the implementation block
//@property (readonly) id<CLSimulationXPCServerInterface> daemonProxy;  //im unsure what CLSimulationXPCServerInterface is, but I can't find any type declaration of it anywhere :/
@property (assign,nonatomic) unsigned char locationDeliveryBehavior;              //@synthesize locationDeliveryBehavior=_locationDeliveryBehavior - In the implementation block
@property (assign,nonatomic) double locationDistance;                             //@synthesize locationDistance=_locationDistance - In the implementation block
@property (assign,nonatomic) double locationInterval;                             //@synthesize locationInterval=_locationInterval - In the implementation block
@property (assign,nonatomic) double locationSpeed;                                //@synthesize locationSpeed=_locationSpeed - In the implementation block
@property (assign,nonatomic) unsigned char locationRepeatBehavior;                //@synthesize locationRepeatBehavior=_locationRepeatBehavior - In the implementation block
-(void)flush;
-(void)setConnection:(NSXPCConnection *)arg1 ;
-(id)scenariosPath;
-(void)loadScenarioFromURL:(NSURL *)arg1 ;
-(void)setLocationInterval:(double)arg1 ;
-(void)setLocationDeliveryBehavior:(unsigned char)arg1 ;
-(void)setLocationRepeatBehavior:(unsigned char)arg1 ;
-(void)clearSimulatedLocations;
-(void)stopLocationSimulation;
-(void)startLocationSimulation;
-(void)simulateVisit:(id)arg1 ;
-(void)simulateSignificantLocationChange:(id)arg1 ;
-(NSMutableArray *)availableScenarios;
-(void)simulateFenceWithBundleID:(id)arg1 andFenceID:(id)arg2 eventType:(unsigned char)arg3 atLocation:(id)arg4 ;
-(void)simulateBeaconWithProximityUUID:(id)arg1 major:(long long)arg2 minor:(long long)arg3 eventType:(unsigned char)arg4 ;
-(id)localizedNameForScenario:(id)arg1 ;
-(void)selectScenario:(id)arg1 ;
-(void)setLocationDistance:(double)arg1 ;
-(void)setLocationSpeed:(double)arg1 ;
-(void)appendSimulatedLocation:(CLLocation *)arg1 ;
-(void)getFencesForBundleID:(id)arg1 withHandler:(/*^block*/id)arg2 ;
-(void)clearSimulatedCells; //no clue what these cell-related methods did, but they don't do anything now
-(void)setSimulatedCell:(id)arg1 ; // which sucks
-(void)startCellSimulation; // i was hoping they allowed simulating cell towers
-(void)stopCellSimulation; // oh well
-(void)setWifiScanResults:(id)arg1 ;
-(void)setSimulatedCellRegistrationStatus:(BOOL)arg1 ;
-(void)startWifiSimulation;
-(void)stopWifiSimulation;
-(void)setSimulatedWifiPower:(BOOL)arg1 ;
-(unsigned char)locationDeliveryBehavior;
-(double)locationDistance;
-(double)locationInterval;
-(double)locationSpeed;
-(unsigned char)locationRepeatBehavior;
//-(id<CLSimulationXPCServerInterface>)daemonProxy;
-(id)init;
-(NSXPCConnection *)connection;
@end

this is the header

that is nightmarish

half of the things in here don't do anything

i tried

they just say something like "this SPI is obsolete and will be removed in the future"

remove the stuff you already tried

there are many things in here i'd like to investigate

mmm

however i first want to actually release something cause this was supposed to be done

and out

three months ago today

skill issue?

both of my great grandmas got sick/injured within the span of 1 week

and then we started preparing to move

kinda ate all my time

im so sorry

why does this happen every time 😭

jade is goated i would pay 50 for that if i could lol

i say skill issue and there's a literal reason for it

ty lol

they are both currently alive

great grandma on dad's side i can see living for another year, great grandma on mom's side.....

thats not what i meant

moving has been fun though i have a tree house now

i meant like its a serious thing and i just said skill issue

it just. took 2 months

i feel bad now

dont be i do that all the time

often it is just a skill issue

.

thats how i ended up with a fractured consciousness

part of it anyway

idek what to say

dont worry abt it im figuring out a lot abt myself recently

I see

well good luck with that I suppose

lol same error even after creating a whole new path and change the ipsw part of the arguing and cd into it

XSTA start 567.120.2 client
XSTA setup
Validating target...done
XSTA metadata
Validating source...
Could not recognize "/Users/dc/myusernamelol/extracted_14.1/extracted_14.1" as an image file
Could not validate source - Invalid argument
XSTA fail

extracted_14.1 % asr -source "extracted_14.1/$(/usr/bin/plutil -extract "BuildIdentities".0."Manifest"."OS"."Info"."Path" xml1 -o - extracted_14.1/BuildManifest.plist | grep '<string>' | cut -d> -f2 | cut -d< -f1 | head -1)" -target out.dmg --embed -erase -noprompt --chunkchecksum --puppetstrings

same error

@frail cedar what ASR necessary files were you talking about

i think i might need a dependency?

nothing i was not thinking at all

is that filepath the ipsw rootfs

i think it's just broken on ios 15.8 which is actually so sad

cause i know this code works on 15.8.2

fr?

just 15.8?

i think so

man

i havent tested anything else i only have

• 15.8
• 15.8.2
• 16.7.8

and my 16.7.8 device is

yes it is

Gone somewhere

i give up ngl

i know it work on 15.8.2 i tested it

Seprmvr64 reference

you!

ITS YOU

i’ve been looking for you for the past 4 hours 😭

I woke up wayyy too early today

my savior is here!

i was just about to give in 😞

cant dualboot my x on 16.5 to 14.1 with the goated seprmvr64

So to fix the error you need to extract the ipsw to a folder named “ipsw”, then when being one folder up from that ipsw folder, run the asr command. No need to change it

so what was the root cause of me getting the XSTA fail error?

was it that it just couldn’t find a file path?

Yeah

thanks!! ill try it real quick

holy

your the goat bro

success !!!

what iOS is this from and to btw

I'm curious

its a dualboot but its from 16.5 to 14.1

neat

hope it works lol the X is super laggy on 16.5 for me

id be happy even though secure net doesnt work

i could just use cellular still

this is my downgraded device

iOS 12.5.7 -> 11.3

nice really clean

yeah now it is

before it was probably laggy lol

getting it to work though

agony

nah

downgrading from iOS 12 to iOS 11 was agony

and I bricked it like twice

somehow i got out of the bricks

would be easier if every ios version was just signed and we had the freedom to switch around lol

i hope i dont bootloop my main OS

fr

since 16.5 isnt signed and its the only one which works with dopamine

real

no like it wasnt bootlooping

it was bricked

it wouldnt even go to dfu mode properly

@crisp frost btw do you think mainOS matters even tho you havent updated it in like a year

real

There is a very big chance that will happen on a iPhone X

💀

you should also reference semaphorin whilst doing this

My guide is not complete

semaphorin

uh oh

is he using the same guide i was attempting to use

im running gpt4 on the side to help

probably

I just went to his github project lol

Idk but my guide in the official repo is incomplete and whilst it can be used you should cross reference it with semaphorin until I update it once

im currently booting ramdisk

have you ever done it on an A11?

man im having flashbacks to my abhorrent experience with downgrading

i dont ever want to boot a ramdisk again

ive been trying to figure out the first step for the past 4 hours

lol

me fr

nice thing is that iOS 12 SEP is compatible with iOS 11.3 and onwards SEP so I have SEP on my iPod instead of relying on seprmvr64

honestly whats the end goal of me spending 8 hours to downgrade to something so unstable 💀

¯_(ツ)_/¯

this passion is kiling me lol

i still dont have a gf 💀

midnight thoughts

but i will have 14.1 without blobs 😏

if it doesnt BL

and just brick mainOS

Yes

Mf actually used seprmvr64 before checking compatiblility

how was i supposed to know

smh

will this help me get friends

quite the opposite actually

i still cant put the damn thing into dfu from recovery

L

usb-c to lightning cable tomfoolery

halp! its refusing lol

It will help improve your sigma rizz levels

( idk what that means )

its been about give or take 14 minutes since thi message and i still cannot get it into dfu mode from recovery

now thats sigma rizz level

erm guys 🤓 whenever I try to mount fs I get zsh: no such file or directory: /usr/bin/mount_filesystems

i did connect to ssh tho

because the binary you are trying to call does not exist

im a noob at this what should i do 💀

i did this tho 💀

im lost

i just booted into ramdisk and confused lol

Run ls /dev

i ddi

did

it did something

what

that’s weird

Idk then sorry

i confused lol

yeah

@crisp frost its cooked 💀

its bootlooping lol

i should've listened 💀

its cooked

ITS not cooked it booted back to the ramdisk

last resort

semaphorin!!

what sort of panic logs would warrant a possibility for jailbreak?

i found a reliable way to trigger panic-full on 17.3.1 but i’m not sure what i should be looking for

bug type 210, flag 0x802

oh it seems like a minor one, just a watchdog timeout

welp i guess my phone just crashes when i click on certain files

are there any guides for development? especially updated for these later versions?

you mean like making one?

nah and there never has been one but there’s some stuff talking about mitigations and techniques

https://github.com/hack-different/apple-knowledge/blob/main/README.md

https://www.reddit.com/r/jailbreak/comments/5zzgmo/question_i_want_to_be_a_jailbreak_developer/ I guess

but a lot of info after 14 is kinda nonexistent

Hey @worldly pasture, have a look at this!

Hey there,
I'm trying to build Geranium from source (mainly because I want to try and make a couple adjustments)
although I'm running into an issue.

I'm following the instructions listed on https://github.com/c22dev/Geranium under "Build Instructions"
although I'm not sure it's actually building right.

I'm getting the build folder, although rather than a .tipa file, I'm getting a .app and a DerivedData directory. Any help is appreciated

Create a folder called Payload, put the .app in there and then ZIP Payload to get an IPA (IPA/TIPA is just a renamed ZIP)

Heya thanks,
I did try that although trollstore threw an error.
Give me a moment and I'll get it again

Ah nevermind?
I completely ignored an error message in the build logs 😅
It's looking for iPhoneOS14.5.sdk - not sure how I missed that

Is this something I'll need to find for Theos or Xcode?

Theos

Thanks!
Can't believe I missed that error 😅

Alright - stupid question..
I've done quite a bit of previous work in C#, never really touched C++, C, or Swift.
My goal is to add a location search into Geranium's map view, is this something fairly basic or should I be trying something even more simple?

Probably look at this file, learn SwiftUI first https://github.com/c22dev/Geranium/blob/main/Geranium/LocSim/CustomMapView.swift

Or just give it to GPT

Can i debug tweaks with xcode or should i use something else

use lldb from the procursus repo

it's a command line tool

but you can do stuff like breakpoints, stepping over instructions, monitoring crashes, etc

Can i do it from my mac? Isnt there also some sort of debug server?

Debugserver uses lldb

You could ssh into the device and use lldb from that

There is a way to have lldb on your mac and connect to iOS but idk

Remote target

yes that

https://media.discordapp.net/attachments/688122301975363591/1077671431875346494/caption.gif

Skill issue

Release zefram

do I run these commands seperate or in just one line?

Why would you want capt's shitty ass code on your device

So I can submit it to malware hash databases

My shitty code is like ten times better

anyone know?

Is the bug that it deletes /var

probably

bro didn't see it for 7 months so certified blind

newfs_apfs: /dev/disk0s1 is not an APFS container

@grave sparrow this is why you do microbenchmarking you spaz

Oh a honest L then on your part and not due to your sheer laziness

Separate, they’re on separate points

ok uh whenever I run them it says apfs not found

tying to boot back into ramdisk

what does this mean "make sure you create the ssh ramdisk with the version you're currently on."

do I just have to run "./sshrd.sh <iOS version for ramdisk>"

or do I need to save the ramdisk somehow?

Yes

that's easy

have you ever used seprmvr64?

var stands for vary unnecessary

can i delete root on jailbroken ios

sudo rm -rf /

on rootful yes

@sonic totem hi i have a question about trollstore/fugu15
so i'm assuming you've looked at the original source code for those two projects, where does the bug chain begin?

shoot

sent that too early

lol

fail

(not the same thing as what i was talking about in #nathanlr btw)

bruh cmon

I mean Alfie did RE the second CoreTrust bug

so they do have a good idea about TrollStore in general

installd -> CoreTrust -> Kernel Exploit -> PAC -> PPL -> Procursus bootstrap?

or is CoreTrust switched in place with installd

are you asking about the Fugu15 chain in general?

yes

Correct

should my device display go black after mounting FS?

what do I replace disk0s1s9 or 8 with?

i dont have a baseband partition I think

whenever I try to run diskutil list I dont get anything back and says command not found

why are you in #development

where else would i be?

also there isn't a solution so i've closed down

does anyone know of an inexpensive intel nuc or amd equivalent for just writing code on win 11?
(preferably sold on ebay for less than $80)

tbh i would pay for parallels if i had more storage on my mac just for this

#969343289641828382

Sure it’s technical but it’s not development

Ок

erm rule 3

including appleinternal?!

yes!!

Does CFNotificationCenterAddObserver work like a hook stopping the process when sleeping?

Like if i sleep inside the observer function will it pause the entire app

thanks

Hello

Does anyone know about the XCode Helper Discord channel? Apple’s XCode support is lacking, and I dislike asking for assistance with the new XCode 16 beta and macOS Sequoia.

i mean if you want inexpensive + small form factor you're just going to have to look for older NUCs, settle for worse specs or buy some machine from china

Hello, i am fairly new to tweak development and have been working on a tweak for an app however they have some sort of sideload detection, I’ve bypassed it (i think) it was GULAppEnvironmentUtil.

However now whenever I try login it gets stuck loading, only happening on the side loaded versions and it seems to send the login http request fine but after the request retrieving info such as my full name, it doesn’t do anything else and gets stuck loading , does anyone have tips for me to trace this back or figure out how to prevent it

sideloading an app under the bundle ID of an offloaded app overwrites it unsuccessfully the first time, but the second time it goes through preserving all app data linked to that bundle ID (accessible through the app). i'm going to try it on a system app like tips, is this a possible exploit surface?

no

Apple doesn’t let you sign apps with bundle IDs that are used for system apps

aw

Enterprise certificate

not really cause even if you could overwrite a system app it gives you nothing because you're only overwriting it with your own signed binary and not with a coretrust signed binary

Can you patch on jailed?

does anyone know how to decompile a buttonPressed function i will pay!!

Using a decompiler?

yes but see

ill show u

wtf is this

Thats the pseudocode

that's the decompilation

and are you trying to bypass 2fa? it's not gonna work by looking at client side code

you can patch an ipa and sideload that

no.. there is some detection they are doing, when i try login on a sideloaded version of the app, the button stays loading forever

ive tried hooking bundleId, jailbreak functions

ive been stuck for hours

it sends the login http request just fine but upon recieving the data for the user such as the full name, it doesnt do anything else

surely cuzz

ill pay u

if u can help me

ill send u $10 now

$10 not nearly worth the effort

post on r/tweakbounty

u dont have to do anything i just need a guide

ive made the tweak already

this isn't always a detection thing...

what could it be then?

and what could i do to debug it?

sometimes it could be failure to access keychain, hooking bundleid wouldn't exactly solve that

how would i see errors such as that / debug it?

i mean if you're jailbroken you can attempt to attach a debugger
or use frida to trace specific functions etc

that does sound more likely

dunno if the app has debugger detection but it's worth trying

i am jailbroken, i noticed in some public code for youtube sideloading bypass they used something like this "static NSString *accessGroupID() " however i am completely unsure how they figured it out.

it doesn't. do you have any functions i could trace?

as i am unfamilliar with keychain patching

have a look at existing keychain fixes for other applications
(twitter, instagram etc)

would keychain still be an issue even if the bundleid is the same ?(sideloaded with my own cert)

just asking before i spend time researching

ty for helping btw

that i'm unsure about

https://github.com/level3tjg/RedditSideloadFix/
https://github.com/opa334/IGSideloadFix/blob/main/SideloadedFixes.x

two examples

Any idea why when I sign it with troll store (jailbroken device) it works, but when i sideload with esign on my jailed phone it loads forever? both have the same bundleId and are identical IPA's

had the same issue with a project i did. easy explanation is that trollstore actually installs the app with the app's original bundle id, while other sideload services like altstore, sideloadly etc alter the bundleid of the sideloaded app, thus probably creating issues with some login services

i managed to get arround that by applying opa334's IGSideloadFix and level3tjg's fix for twitch: https://github.com/yandevelop/Bea/blob/main/SideloadFix/SideloadFix.xm

okay okay ill give that a shot

you can just copy paste that file and edit the values in SideloadFix.h to your app's bundleid etc

doing it now

ill lyk how it goes

wtf opa codes everything

cuz

i fucking love u

ur actually a g

thats not my work, but great that its working for you!

Is this also applicable when sideloaded app simply crashes on launch

Depends on the cause of the crash I think

if its caused bc of different bundle id then prob yes

Anyone here know how to make this work, I'm trying to turn the flashlight on when it picks up facetime but it immediately turns off the flashlight when the camera turns on

#import <Foundation/Foundation.h>
#import "AVFlashlight.h"

@interface TUCallCenter
+(id)sharedInstance;
- (id)incomingCall;
- (void)answerCall:(id)arg1;
@end

static AVFlashlight *_sharedFlashlight;

%hook AVFlashlight
- (id)init{
    if (!_sharedFlashlight){
        _sharedFlashlight = %orig;
    }
    return _sharedFlashlight;
}
%end

%hook TUProxyCall
-(void)updateWithCall:(id)arg1 {
    %orig;
    //facetime
    [[%c(TUCallCenter) sharedInstance] answerCall:arg1];
    [_sharedFlashlight setFlashlightLevel: 1.0 withError:nil];

}
%end```

you'd probably have to hook whatever turns the flashlight off when facetime picks up

That's the thing im not sure what turns it off

mediaserverd maybe?

hop in IDA brother

setenv() takes an int as a boolean

int setenv(const char *name, const char *value, int overwrite);

Why

idk

p sure bool is newer than this

probably

This is a start

@frail cedar

Correct way of logging

Ok I got it

Mediaserverd hook?!

Eta.

!t begging

This is on an iphone 7 plus

I just wanted to be able to turn flash light on in facetime

Oh

I'm guessing it's some sandbox issue but I'm not sure

libSandy

https://github.com/opa334/libSandy

I'm getting error number 2 (libsandyerrorrestricted) when I try to apply the profile

I'm calling it in the ctor of the tweak may be that's too early? I can see the profile inside libsandy folder as it should, maybe I did something wrong?

If you want it system wide:

        <key>AllowedProcesses</key>
        <array>
            <string>*</string>
        </array>

although that begs the question why you even want to write there systemwide to begin with

I don't really care where, I need a single path to write to from all apps

you have a better suggestion?

Well on rootless you should always write to /var/jb

ye I will do that for sure, but that will still require libsandy

I'll try the asterisks you suggested one moment

/var/jb/var/mobile/Library/<YourTweakName>

Fuck I really need to make this easier in libSandy

Because rn you'd need to add both the /var/jb and / path separately and on roothide it's just broken…

That worked

thank you so much!

ye it is probably lol

Guys, does anyone have an idea why theres no crashlog getting saved to analytics when my tweak crashes?

<@&355174844205367317>

pog

https://x.com/githubprojects/status/1814789907467895002?s=46

free as in freedom not price 🔥🔥

how to make iphone unsecure

1. add the entitlement com.apple.private.security.storage-exempt.heritable onto launchd
2. congratulations

is this better than amfi_get_out_of_my_way=1

i mean all processes spawned by launchd can read/write starting from / recursively

including app store apps

oh

ssv

you know what i mean

writing as in in the locations you can write in

Do I do this on my 14 pro max is the thing

I did it on my iphone 7

yeah

https://github.com/blacktop/yardens-sb-profs/blob/main/sandbox_profile
if you look here and search for that entitlement it gives you basically read write anywhere

so idk

hm

I mean i havent had any issues with my iphone 7 yet but i dont want to risk an app store app doing a malicious thing lol

cause some jb detection is ass

is there a thing like enable-dylibs-to-override-cache that exists on macos

or is there a way to get this working cause this doesnt get a chance to work cause libsystem.b loads before it

#include <stdio.h>
#include <substrate.h>
#import <Foundation/Foundation.h>

void _libsecinit_initializer(void);

void overriden__libsecinit_initializer(void) {
    NSLog(@"_libsecinit_initializer called\n");
}

static void (*orig__libsecinit_initializer)(void);

__attribute__((constructor))
static void initialize(void) {
    NSLog(@"hello");
    MSHookFunction((void *)_libsecinit_initializer, (void *)overriden__libsecinit_initializer, (void **)&orig__libsecinit_initializer);
}

you need to interpose that one for what ur trying to do to work correctly

thattt makes sense

💀

When trying to compile deb file, i get such errors:

could not build module “std”

Could not build module “MachO”

Also some of errors you see in screenshots

Tried to reinstall theos🤷‍♂️ didnt work

To note i had issue with downloading sdks, so i manually pasted 16.5 sdk in theos/sdks

Damn i reinstalled it again and this time sdks did download

Should i do anything about this issue

Im 13 starter pack
No computer, builds Theos on device
Want to hack mobile games
Can’t fix a simple compile error

real

has nothing to do with age 👍

Want to hack mobile games kinda true though

yeah ig

I thought it did since its something I grew out of

there’s some man childs out there who are obsessed, and 13 yos who know how to code

Im one of the og mobile game hackers bruh

they aint have shit on me

13 yo who know how to code is exceptionally common here

modded doodle jump iOS 6 circa 2012

catch me with that high score yo

literally me 2 years ago

Mineek ‼️

13 yo who want game hacks is also exceptionally common here

every jailbreaker in highschool be like installs game segull

yah I beat you at pool im better

How do I hack 8 Ball Pool game pigeon? My friend said i suck at 8 ball.

H

get 9 balls

I wrote a majority of moderndepictions on my phone in a bus at 3am with git and theos in mterminal

it was fun

i would never do it again

why were u on a bus at 3am anyways

.

travel

oh

this is why we need to murder all web developers

web devs are too busy trying to render a dark mode switch with 200 special effects

they don't have time for actual functionality

i wish we could go back to web 1.0

bro prolly used 7 different frameworks for it to

this is what perfection looks like

so true

as compared to backend engineers who add and unit test all functionality then have a HTML page that's only 300 bytes long that contains the bare minimum needed

🔥🔥

based

this is actually the call of duty website

i have a call of duty to the developers of CoD.

cod is legit just glorified quake III cgame

you know what

whar

[[gameseagull]]

their site barley ever functions so it makes sense

😱

https://simplecss.org/

Highly recommend this

I can write plain html and it'll look nice

are there any rust people here

i just wanna confirm im not insane

rust's usize is analogous to size_t in c right?

which means that it is 4 bytes on 32 bit architectures and 8 bytes on 64 bit architectures?

(im trying to do this)

/// Returns number of bytes
pub fn size(&self) -> u64 {
    match self {
        Self::Byte | Self::Char => 1,
        Self::Word | Self::Single => 4,
        Self::Double => 8,
        // Returns 4 on 32-bit and 8 on 64-bit
        Self::Long | Self::Pointer(..) => mem::size_of::<usize>() as u64,
        _ => 0,
    }
}

i wanna make it runtime not with cfg target pointer width

it returns 8 bytes for me

but i dont have a 32 bit environment to test if it returns 4

It should be

are you just asking or did you test it and it didn't work

nono im just asking

Oh

because i dont think i have a way of testing

That's how it's supposed to be I think

cross compiling for 32 bit shouldn't be too hard

it returns 8 perfectly fine but im on a 64 bit machine so nothing changed

i wonder if you even need to install anything

its not a compile time thing

mem::size_of is runtime

but the program would be running 32 bit so it would be using 32 bit constructs..?

hmmm lets see

i think that's how it should work

The pointer-sized unsigned integer type.

The size of this primitive is how many bytes it takes to reference any location in memory. For example, on a 32 bit target, this is 4 bytes and on a 64 bit target, this is 8 bytes.

good

before this long and pointers always returned 8 lol

not because i didnt know it was an issue but because i just didnt bother to make it work properly

Nah because sometimes they disabek a button but you can remove the disabled prop and it works perfectly fine and I can do things I'm not supposed to

But also my mum had her debit card expird in January and you won't believe the number of sites where selecting 01 will result in a pleade choose an option, and you have to select a different month and then select 01 again

anyone have any tips to protect a tweak? to make it harder to reverse

fuck

even if its an IPA?

im only planning on releasing for non jailbreak

whys that?

nothing you do will ever stop your tweak from being able to just flip a toggle

even if you wait for a unique key from a server to validate that you own the product

just set "hasValidKey" to true and youre in

the only way to make true drm for client side is to make it so that the key returned by the server is integral to the functionality of the tweak

as in, whatever information you get must be there for the tweak to work

anything else is spoofable with enough persistence

Rune moment

idea:

the tweak itself is just a loader

the server returns an encrypted binary blob, when it handshakes with the server to assert that the response was not spoofed (ie the server says you purchased the tweak), it returns a key to decrypt it.

inside this binary blob is 40% of the binary data of the tweak (but not just a basic 40%, it is 40% of the tweak split into sections where in ABCDEFGHIJ you are returned AEBJ) however this data is also encrypted and a second encrypted blob that will be decrypted by the second key returned by the server

this second blob decrypts to an extension and another 40% of encrypted data. this extension is then used along with the first key to decrypt the 40% of the binary data which holds actual pure tweak data, by which point if it is successful it asks the server for a third key.

the third key is used for decrypting the final 40% of the encrypted blob, giving you CIHG, and the start of this blob holds a seed to rearrange the parts back into ABCDEFGHIJ (note that theyre shuffled every time).

now send all 3 keys and extension back to the server to confirm theyre correct and await a response of DF (the last 20%) from the server

finally, rearrange the parts back and execute the tweak

now, ensure the binary created by ABCDEFGHIJ also checks the keys and extension are valid (unique, 1 time use), then finally begin tweak execution

this is a security nightmare

true

the only way to spoof this

or

exit

freedom

whateve

r

1. purchase the tweak
2. go through all of the steps to get a decrypted binary
3. change the checks of all the keys to return true in said decrypted binary

theres a project where someone kept consistently forking it, changing its name, and claiming they own it so i made it just crash if the name doesnt match however i made it so extremely convoluted that they just didnt bother doing it anymore

so with this, an IPA that acts as a IPA installer, having the app binary downloaded (with substrate injected), then injects the dylib that is decrypted from the server response?

or is there a way to dynamically load a tweak from within an app

im not recommending you actually do this lmao

that method of drm is so extremely convoluted

also ipa installers do not exist outside of a jailbroken or trollstore environment, at least not without apple's third party thingie

i suppose you can nowadays actually

with third party app store rules

I’m confused - what’s stopping you from using your own server

if u have p12 and provison??

you wouldnt get the binary blobs

u can sign esign online

thats why you send both the encrypted blobs and keys

But if you got decrypted copies

lol yeah i pointed that out

.

There really is no good way

yep

If the tweak has the public key you can just patch in a different one

unless

the key IS the binary data

(real)

You need to use unique device identifiers and then the server uses them to derive some key

you can always bypass that once you have a decrypted copy though

thats the issue

And that key is used throughout the tweak itself (e.g. saving/retrieving preferences)

oh maybe

Scramble the key in memory somehow

Or like constantly move it around

but nothing is stopping you from patching the tweak to return true for the "isValidAction" method

Hi Alfie

No but like

Let’s say a preference value is a string

The string itself is AES encrypted with the unique key

The key is never cached anywhere and is derived every time by the server

you see that would be great on paper but what if the tweak has no prefs 🥲

Uhhhhh

It’s also obfuscated the hell out of

pp

And there’s no regular strings in the compiled binary

the only solution is to make it so horribly annoying to reverse engineer to the point it becomes as bad as brute forcing and people just dont bother anymore

They’re all scrambled so you can’t see the ObjC stuff it does

ah but you can with a debugger unfortunately

You’ll regret it

lmfao

I tried

It was unreadable

Binary Ninja just gave up on pseudocode

even if the binary is obfuscated the objc runtime still needs to run the methods and perform actions

thats why you can still do stuff at runtime

thats how that one guy did cattok

this thing https://www.youtube.com/watch?v=YW3jL2gI9IE

the code is extremely obfuscated from static analysis but he still figured out how to patch it through a debugger

on that note tiktok is super obfuscated on the browser lmfao

from what i last seen they create a factory to their own pseudolanguage which is super obfuscated afterwards making it pretty much impossible to follow any control flow whatsoever

They got something to hide

lol

hmmmmm i wonder what that could be

hmmmmmmmmmmmmmmmm

can someone help me with building [[Dawn]]

i keep getting errors for UIView and UIViewController

@tacit spade dust off your copy of Theos and build it

trolley

i tried compiling it and it doesn't wanna cooperate

would send it as a message but its too long lol

do #import <UIKit/UIKit.h> at the very top of the file

the makefile?

no

Tweak.xm

ok

less errors

got rid of all the uikit errors

find the makefile

and

do you see a CFLAGS field anywhere?

DawnSettings_CFLAGS = -fobjc-arc

ok

add this after arc

-Wc++11-extensions -std=c++11

same error

hm

DawnSettings_CFLAGS = -fobjc-arc -Wc++11-extensions -std=c++11

like this right?

yes

wait

wrong makefile

add it to the main one

ok

uhh

it gave me like way more errors

welp have fun with that

it fixed the cephei issues tho]

also just to let you know i added these lines to the beginning of the makefile:
TARGET := iphone:clang:16.5:latest
ARCHS := arm64e
THEOS_PACKAGE_SCHEME=rootless

i need it for arm64e and i need it rootless

and i need to use the 16.5 sdk

i see

isnt that for the clang version

ok i'll make that change

ty

@narrow sequoia
whenever there's a line like setOverrideUserInterfaceStyle:variable, change it to setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)variable, you can easily do this with search and replace

• setOverrideUserInterfaceStyle:widgets -> setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)widgets
• setOverrideUserInterfaceStyle:player -> setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)player
• setOverrideUserInterfaceStyle:hsquickactions -> setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)hsquickactions

and to fix the CFNotification... error at the bottom, change kNilOptions to CFNotificationSuspensionBehaviorDeliverImmediately in the CFNotificationCenterAddObserver() call

ok let me do this real quick

what if it says setOverrideUserInterfaceStyle:(NSInteger)variable; do i keep the (NSInteger)?

yeah, that's what i did

ok

sed -i '' 's/setOverrideUserInterfaceStyle:widgets/setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)widgets/g' Tweak.xm
sed -i '' 's/setOverrideUserInterfaceStyle:player/setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)player/g' Tweak.xm
sed -i '' 's/setOverrideUserInterfaceStyle:hsquickactions/setOverrideUserInterfaceStyle:(UIUserInterfaceStyle)hsquickactions/g' Tweak.xm

could also do it with sed

so would
setOverrideUserInterfaceStyle:(NSInteger)style
look like
setOverrideUserInterfaceStyle:(UIUserInterfaceStyle):(NSInteger)style

sorry im not really a developer

no, leave the code in #pragma mark - Extensions alone

so

@interface UIView (Dawn)
-(void)setOverrideUserInterfaceStyle:(NSInteger)style;
@end

would still be

@interface UIView (Dawn)
-(void)setOverrideUserInterfaceStyle:(NSInteger)style;
@end

@narrow sequoia run these commands 1 by 1 in the Dawn directory

ok

i just edited the commands, run the new ones 1 by 1

macOS sed is different than linux sed, so the command went from sed -i 'search thingy' file to sed -i '' 'search thingy' file

weird, but easy fix

uhh ok i got more errors lol

is the #import <UIKit/UIKit.h> still at the top of the Tweak.xm file?

let me check

no

i'll add it back

and to fix the CFNotification... error at the bottom, change kNilOptions to CFNotificationSuspensionBehaviorDeliverImmediately in the CFNotificationCenterAddObserver() call
@narrow sequoia

ok

is this a rootless issue error

idk if i can solve this one

Yeah

That’s a certified cephei moment

fuck

uhh, technically yes.
go to dawnsettings/DawnTranslationListController.h and replace #import <CepheiPrefs/HBAppearanceSettings.h> with @import CepheiPrefs.Swift;

Oh god they made a swift version?

do the same thing for dawnsettings/DawnRootListController.h

replace #import <CepheiPrefs/HBAppearanceSettings.h> with @import CepheiPrefs.Swift;

hmm
in dawnsettings/DawnRootListController.h change @interface DawnRootListController : HBRootListController to @interface DawnRootListController : HBListController
if that gives you an error for HBListController not existing, you might have to add @import CepheiPrefs.HBRootListController; to the top of that file

ok i made that change

to fix the hb_appearanceSettings error, add #import <CepheiPrefs/PSListController+HBTintAdditions.h> to the top of dawnsettings/DawnRootListController.h

ok that fixed that error

to fix the PSSpecifier error, go into dawnsettings/DawnTranslationListController.h and then remove this block:

@interface PSSpecifier : NSObject
-(id)properties;
@end

done

so now dawnsettings/DawnTranslationListController.h should look like this

#import <CepheiPrefs/HBRootListController.h>
#import "DawnRootListController.h"

@interface DawnTranslationListController : DawnRootListController
@end

avoid cephei compile error challenge: impossible!

i have @import CepheiPrefs.Swift; in there as well

just keep it for now and we can deal with it later if theres any errors

try building now

uhhh just comment those 2 lines out imo. they're just visual changes, not anything preventing you from compiling

so just add // in front of both of those lines

compiled

time to test this

just keep in mind, you can only compile for rootless with the changes we made, you try and compile for rootful and you'll get a bunch of error again

i never use rootful

Preference pane is black

it didnt create a preference file either

well if you had wanted to compile for both rootless && rootful
dawnsettings/Makefile:

DawnSettings_CFLAGS = -fobjc-arc

### add this
ifeq ($(THEOS_PACKAGE_SCHEME),rootless)
DawnSettings_CFLAGS += -DROOTLESS
endif
###

include $(THEOS_MAKE_PATH)/bundle.mk

dawnsettings/DawnRootListController.h:
replace: @import CepheiPrefs.Swift; with

#ifdef ROOTLESS
@import CepheiPrefs.Swift;
#else
@import Preferences.PSSpecifier;
@import CepheiPrefs.HBAppearanceSettings;
#endif

unfortunate ngl

does anyone know how to get vs code autocomplete for .x files?

what extentions are good for logos and tweak development

i hate compiling other people's projects

https://marketplace.visualstudio.com/items?itemName=tale.logos-vscode
best extension imo

why didnt it generate a preference file though

if it did i could have changed prefs through there

theres nothing like that unfortunately

ah all good

u got any good themes??

man if only there was autocomplete for headers with logos

uh i use https://marketplace.visualstudio.com/items?itemName=Equinusocio.vsc-material-theme

n then change the color theme to "Material Theme Darker High Contrast"

basic as hell, but i like it

Even then I can’t imagine you working on a tweak lol

if you're really that down bad for a vscode theme you can go here: https://vscodethemes.com/

is all good material is sexc

looks really nice

i think i found the issue

or at least, part of the issue

what was wrong

since you compiled for rootless, you need to make all the static filepaths also follow the rootless scheme

so in dawnsettings/DawnRootListController.m

https://github.com/NightwindDev/Tweak-Tutorial/blob/main/rootless.md

oh i see

add #import <rootless.h> at the top

There is logos auto complete

why 😭

But requires a lot of effort

how do u do it

is there a tutorial?

and then replace objc UIImageView *dawnBackgroundImageView = [[UIImageView alloc] initWithImage:[UIImage imageWithContentsOfFile:@"/Library/PreferenceBundles/DawnSettings.bundle/dawnBackground.jpeg"]];
with

UIImageView *dawnBackgroundImageView = [[UIImageView alloc] initWithImage:[UIImage imageWithContentsOfFile:ROOT_PATH_NS(@"/Library/PreferenceBundles/DawnSettings.bundle/dawnBackground.jpeg")]];

should be line 20 after you add the import at the top

Ugh I can't find it but cynder worked on it

well it shows the picture

lmao

preference file still not created

uhh i don't trust the internal-stage:: in dawnsettings/Makefile

remove that whole block

internal-stage::
    $(ECHO_NOTHING)mkdir -p $(THEOS_STAGING_DIR)/Library/PreferenceLoader/Preferences$(ECHO_END)
    $(ECHO_NOTHING)cp entry.plist $(THEOS_STAGING_DIR)/Library/PreferenceLoader/Preferences/DawnSettings.plist$(ECHO_END)

ok

uhh

the preferences are gone now lol

hi

@timid furnace this what you were referring to?

@ashen canyon Wtf

was Dawn that good

i mean i liked it

wow

neat

I was most proud of the localization

uhh what’s goin wrong with it

what with your 19 languages supported

oh wait im stupid

@narrow sequoia

came with the theos template lmao

old ahh theos template

you branch off the repo yet?

i managed to get it compiling for rootless but now the prefs aren't loading

they’re kind of an in-house thing, my first iteration of em anyway

does it do the fade effect?

was there a fade effect

god that was forever ago

me realizing now that block is the same as the modern layout/Library/PreferenceLoader/Preferences

yea there was for the image

ethan was still Christian and in heavy denial about being gay

that’s how old Dawn is

dawn is a w tweak

@narrow sequoia
replace

+ (NSString *)hb_specifierPlist {
    return @"Root";
}

with

- (NSArray *)specifiers {
    if (!_specifiers) {
        _specifiers = [self loadSpecifiersFromPlistName:@"Root" target:self];
    }

    return _specifiers;
}

in dawnsettings/DawnRootListController.m

Arise was my masterpiece there’s absolutely no way it still works though

it was when I was starting to hit a stride with reverse engineering so it uses all sorts of private stuff

the slide to respring thing is actually built from the same vc factory that does slide to power down

doesn’t the first make it load cephei though

it works the prefs are back

or has it changed

maybe a trillion years ago when this was coded

don’t do that to me

I made it during the pandemic yo

Think so

oh nice localization credits leads to the tweak page

??

oh does it just recurse

yea

and it doesnt work when i set widgets to light in dark mode it does nothing

go to localization credits impl and make the same change

it depends on libcephei to make live changes

do the same thing.
in dawnsettings/DawnTranslationListController.m
replace:

+ (NSString *)hb_specifierPlist {
    return @"Translations";
}

with:

- (NSArray *)specifiers {
    if (!_specifiers) {
        _specifiers = [self loadSpecifiersFromPlistName:@"Translations" target:self];
    }

    return _specifiers;
}

make sure you’ve got it installed?

what repo is libcephei on

[[libcephei]]

chariz probably lol

it isnt

it’s kirb’s lib

it only has cephei

that’s

that’s the one

cephei tweak support

oh

it would've errored saying it cant find the library if you didn't have it installed

black background where the text would be

yea

saying something along the lines of couldnt dlopen blah blah blah

wait the dock option works

my dock is light

Oh

We’ve got the entire team working on this lmfao

wrong kinda widget

@narrow sequoia do this and it'll be fixed

these are iOS 13 widgets

14 wasn’t out yet

it's only been me 😭

i did

oh wait

nightwind wdym by this

I literally. made the fucking. tweak

No I mean like the orig dev is here too

did you help rn

I just can’t imagine you working on a tweak

meow

true

iiiiiim

im too lazy

right here

dunno how helpful I’m being

lmfao

because someone pinged him 12 hours ago and he decided to pop out in the last 20 minutes LOL

if anyone wants to take a crack at updating arise feel free I’ll drop the src in here

keyboard option works

I work night shifts at a Dave and busters

Wait wasn’t Dawn for iOS 12?

I guarantee you I was asleep

wait what changed between 13 and 14 widgets

this was pandemic so iOS 13

Ah

wouldn’t make sense for 12

dawn uses the 13 dark/light switches

Oh wait I’m thinking of Dune

how do I delete nightwind messages

buy rune

[[Dune]]

Yeah that

the popcorn bucket?

.

@tacit spade what changed between 13 and 14 widgets

this is iOS 13 widget

oh those

arent those in the widget pane

14 added the Home Screen shit

yea

welp

yeah the old today view

thats all folks

I mean

if you wanna implement it real quick

feel free

New widgets are SwiftUI

im not a tweak dev idk what im doing

do you have flipboard explorer installed

Annoying to hook

well you're pretty good at following instructions.
at least better than 90% of people in this server

i like to think i can follow instructions pretty well

no whats that

do you mean flex 😭

find the hosting view class name; styling is applied by nearest (tree-order) view to set it

go to sleep grandpa

times are changing

yeah was trying to differentiate between that and flex3

Flex3 is dead now

Sadly

flipboard explorer looks fucking dead

I was? Using it? On iOS 14??

idc it was fantastic for live viewing view hierarchies

oh yeah its still a thing

you could literally prototype tweaks with it