I removed one of the released ones

The singing one

Forget the name

Last night

Insane

icraze regularly goes through the apps

she said?

most of them get rejected

i like that one

i forgot how to spell unbelieveble

how

unbelievable

i think

idk

Yeah

bro definitely typed it into google to spell check

oh i forgot an a

unbelieveable

bro how

how'd u know

guys BHTikTok++ v1.9.3 released

mods

BHReels

(thanks)

Finally can get past this tik tok ban

https://www.reddit.com/r/jailbreak/comments/1hzp5kw/bhtiktok_v193_released/

finally

Does this version of TikTok still work when it will be banned in the US?

wait isn't it

considered piracy

i'm only spreading the news as to what i got a notification for on my apple watch

No

As it’s not a preinjected ipa

gameseagulltrollstore

That’s not the meaning of ріrасу

their first line in the release tab:

License dictates everything

Yeah so don’t download the ipa

you got banned on tiktok?

According to this server’s guidelines around piracy it isn’t

No i was joking about the us tiktok ban

the US is banning tiktok?

Apparently

Still ріrасу since no written permission to modify unauthorized contents to Tiktok

damn

i dont use tiktok

so i rlly dont care

Same

ill be missing my occasional tiktok shopping spree

when i get Ryze gym stuff for 44% off

By that logic jailbreaks them selves are piracy

like once a year

In what way

Jailbreaking is legal

If modifying an app’s memory is considered piracy then so is jailbreaking

ok hold on

what is this argument even about

pircay

He says a TikTok deb is piracy

No license allowing you to modify unauthorized contents to Tiktok

So yeah

that’s not how piracy works lol

Maybe tos violation

But not piracy

143 hz

it might violate TikTok ToS yes

but it’s not piracy itself

now if they gave out an ipa? yeah that’s piracy

GameSeagullTS

The release tab on their repo:

Wrong reply

the latest release that I see doesn’t link an ipa (feel free to point it out to me though, I might’ve missed it)

I mean if you don’t use the preinjected ipa it isn’t piracy

Skull

It says it’s in telegram

let me check again

But the GitHub only provide tweaks

i havent seen anything

@velvet path

hmm

that might be an issue

is it that bad tho

v.1.5.0

but the deb/dylib themselves aren’t

it’s linked in latest too

Let me ask about it

its linked in all of them except "Initial Release" lmao

@fading shell

ok nuked

thank you for the report

np

np

Gone

What was nuked?

the Reddit post

To clarify: the issue isn’t the deb/dylib, it’s the link to the telegram with the ipa

Oh

At least I’m right

I wasn’t talking about the dylib/deb in the first place?

whar

You replied to my post saying it’s not a preinjected IPA

is this just a moment?

(This was towards the iPA)

I'm trying to build my tweak for simulator but I'm getting
/Users/shorty/theos/makefiles/common.mk:167: *** The "iphonesimulator" target is not supported on the "macosx" platform. Stop.

My makefile ```makefile
#export ARCHS = x86_64

TARGET := iphone:clang:latest:12.0

INSTALL_TARGET_PROCESSES = SpringBoard Prefrences
export TARGET = iphonesimulator:clang:16.4:12.0

include $(THEOS)/makefiles/common.mk

TWEAK_NAME = Eliza

Eliza_FILES = Tweak.x
Eliza_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/tweak.mk
SUBPROJECTS += elizaprefrences
include $(THEOS_MAKE_PATH)/aggregate.mk

simulator:clang:16.4:12.0 instead should work

make files

seems to be building now

Warning: unable to build chain to self-signed root for signer "Apple Development: ******** (A682MLFXVY)"
/Users/shorty/Eliza/.theos/obj/iphone_simulator/debug/Eliza.dylib.9f8f30ac.unsigned: errSecInternalComponent
make[2]: *** [/Users/shorty/theos/makefiles/instance/library.mk:51: /Users/shorty/Eliza/.theos/obj/iphone_simulator/debug/Eliza.dylib] Error 1
rm /Users/shorty/Eliza/.theos/obj/iphone_simulator/debug/Eliza.dylib.9f8f30ac.unsigned
make[1]: *** [/Users/shorty/theos/makefiles/instance/library.mk:37: internal-library-all_] Error 2
make: *** [/Users/shorty/theos/makefiles/master/rules.mk:146: Eliza.all.tweak.variables] Error 2

broken/expired cert (?)

Cert should be fine. I just built an app in xcode with it

There are 2 certs could it be trying to use the wrong one?

the second is not in keychain

check your keychain

idk how to do that

go to your keychain and look for that cert

is it in there

the one mentioned here

Skill issue

or just disable codesigning with theos

you don't really need it anyway

Seems to be there

for simject?

yes

Add export TARGET_CODESIGN_FLAGS = --sign '-' because for some reason Theos insists on signing everything for sim using an Apple Development cert

actually would it make a difference if I was logged in via ssh

ok that worked

make a make file then that makes a file

Literally theos

Ooo

@pallid totem what if you

is there a script or smth to make installing tweaks into simject easier?

https://www.gnu.org/software/make/manual/make.html

@pallid totem read this

actually this won't really matter as I'm not building a traditional tweajk

if you use my fork make install should work

okay thanks

develeoper: doesn’t read documentatiinn

EVIL develeoper: READS documentatiinn

https://youtu.be/IXBC85SGC0Q?si=A9wBiWYGi_ibd9Id

Very interesting, Alfie.

Aren't you supposed to be studying

verry nice vido @sonic totem

Failure in this exam is inevitable

(click view message if ur gay)

@shut stag Your developer is abusing permissions

(alfie blocked me)

ok so I am doing cursed stuff anyways I'm trying to load substright apis. I was able to get it to laod using
pub static SUBSTRATE: Lazy<Library> = Lazy::new(|| unsafe { Library::new("/opt/simject/usr/lib/libsubstrate.dylib").unwrap() });
but using just libsubstrate.dylib and /opt/simject/usr/lib/libsubstrate.dylib don't work. What woulkd b the proper way to figure out the path of substraight?

(also dlsym(RTLD_NEXT, CString::new("MSFindSymbol").unwrap().as_ptr() as *const i8)); didn't work

teslaman please get off wilson’s account

unfortuantly it's me

i wanted to try something with swift but theos isn't too interested

error: 'swift-support': Invalid manifest (compiled with: [...compile flags...])

How can I fix this

I haven't tried anything and I'm all out of ideas, I don't know swift

based

Is this zig ??

Wtf is this

X64_86 asm or arm64 asm

you mean x86_64

because x86_64 is a 64 bit extension to the (80)x86 architecture

Wh^W I have either dementia or im [hard r]
You didn’t answer the question

arm64 ofc

x86_64 sucks ass

Why

too complex

i enjoy RISC archs more

I love complex things

Oh yeah this is rust

Using this crate https://docs.rs/libloading/latest/libloading/

go to hell

@hasty ruin we need to remove him from ono :/

rust tweaks is a crime

Fair enough

💀

what is your point here

what are you even trying to say

thats someones comment on reddit

just kidding

i saw it this morning

😂😂😂😂😂😂

yeah but why the reply to my message and "💀"

🤷‍♂️

💀

it was when we discussed that developing tweaks is not hard and take little time when we talked about sergy meteoric learning curve

you said you invested little time in glance

so I thought it will be funny

not little

4 months is not little imo

i agree

Not what you said

thats a fairly long time

why resurrect a pointless argument from ages ago

you said "4 months from first tweak to develop glance and most of the time was other unrelated private project"

yeah

When you tried to justify the fact learning developing tweaks is easy

so not 4 months

what

potato

anyway was just joking

and I remembered our discussion after reading that comment

that's it

Can I statically link uikit?

huh

what are you trying to do

Something ver cursed: run an app in an environment where there is no uikit and a bunch of other frameworks

uhh

why

what env

nonui

mods

uhh

idk

maybe?

but i doubt it'd work

see what happens if you set XXX_LINKAGE_TYPE to static in theos

I mean, if i static link everything…

and then explicitly link uikit

Hm k

This is not hd

Free money tweak idea: Use airpod pro 2 stems to scrub forward/backward in media

Worst tweak idea

https://tenor.com/view/wrong-drumpf-trump-stupid-gif-6220235

imagine muscle memory wants to increase volume for good part of the song and then just scrubs it away

I've had worse

Two airpods

Make left one volume and right one scrub

Or other way around

https://tenor.com/view/fire-writing-gif-24533171

Then what if i only use one airpod

House exploding gif

Alternative to house exploding gif is a control center toggle to toggle functionality

But that's sort of convoluted

There is a third solution that would be really cool but probably hard to implement

Where if you start with a swipe up it then takes the next few inputs as controlling volume

and if you start with a swipe down it takes the next few inputs as controlling media position

Maybe I'll quit my job to make this happen...

you like 0 privileged levels and unproper mitigations?

2 airpods, 2 different audios

is this a tweak

also idevice cartel and mommy asmr 🔥 @thorn hound

Mommy Fox ASMR is crazy 💀

Don't knock it until you try it

?

?

What do you mean by this

NEED

NEED

Yes

They are referring to the fact that you should at least try "Mommy ASMR" before you criticise it. As they assume you're unfamiliar with the subject

on the left i’ll play subway surfers + one of those slime videos and on the right its going to play family guy

i said what i did bro

still don't have that figured out but I'm tryng to hook somethign now but it's not likeing me.

 40 #[no_mangle]
 39 #[allow(non_snake_case)]
 38 unsafe extern "C" fn luaL_loadbufferx(
 37     state: *mut LuaState,
 36     buf_ptr: *const u8,
 35     size: isize,
 34     name_ptr: *const u8,
 33     mode_ptr: *const u8,
 32 ) -> u32 {
 31     log::info!("hi dad");
 30     let rt = RUNTIME.get_unchecked();
 29     rt.apply_buffer_patches(state, buf_ptr, size, name_ptr, mode_ptr)
 28 }
 27  
 26  
 25  
 24 #[ctor::ctor]
 23 unsafe fn construct() {
 22     panic::set_hook(Box::new(|x| unsafe {
 21         let message = format!("lovely-injector has crashed: \n{x}");
 20         log::error!("{message}");
 19     }));
 18  
 17  
 16     //let rt = Lovely::init(&|a, b, c, d, e| RECALL(a, b, c, d, e));
 15     //RUNTIME
 14     //    .set(rt)
 13     //    .unwrap_or_else(|_| panic!("Failed to instantiate runtime."));
 12     log::info!("hi mom");
 11     //log::info!("{:?}", dlsym(RTLD_NEXT, CString::new("MSFindSymbol").unwrap().as_ptr() as *const i8));
 10     unsafe {
  9         let symbol = ms_findsymbol(core::ptr::null_mut(), CString::new("_luaL_loadbufferx").unwrap().as_ptr() as *const char);
  8         //let new = std::mem::transmute(&luaL_loadbufferx);
  7         //let new = luaL_loadbufferx;// as *const std::ffi::c_void;
  6         let new: *const std::ffi::c_void = std::mem::transmute(luaL_loadbufferx as *const ());
  5         log::info!("symbol: {:?} new: {:?}", symbol, new);
  4         ms_hookfunction(symbol,
  3             new,
  2             core::ptr::null_mut());
  1     };
81  }

not entierly sure the cause of this issue

I can confirm that my new function at least looks like a pointer

ok at this point I want to make sure this actually is possible

ok actually I tried building my test tweak ```objc
#include <UIKit/UIKit.h>
// int (luaL_loadbuffer) (lua_State *L, const char *buff, size_t sz,

%hookf(int, luaL_loadbuffer, void *L, const char *buff, size_t sz) {
NSLog(@"shitass luaL_loadbuffer called with buffer: %s", buff);
return %orig;
}

%ctor {
%init(luaL_loadbuffer = MSFindSymbol(NULL, "_luaL_loadbuffer"));
NSLog(@"shitass Loaded symbol");
}

so maybe simject is being weird

man I need to get my hands on a physical device

possible ?

also why can't i show my UIWindow above springboard ? tried window levels of 2001 and -5

no, it's perfectly normal and acceptable

Interesting

you should go to hell

dont add rust brainrot onto ios 😭

+1

Ironic coming from frenchwarez ngl

i can't believe i'm agreeing with the french

No

Don't

same

There's still time

rust bad

To turn it on him

based

OSX-KVM user spotted

bro I DO NOT CARE

fr shit so stupid lmao

tweak idea for someone: https://vxtwitter.com/bank5ia/status/1501399537834889217?t=6hsBiOtlcionKTRBw_PmQg

i cant seem to get my tweak to run on the sim

even just a simple change didnt work

flex works

what am i doing wrong

how did u compile for simulator?

change iphone to simulator in your target

i did

look at my screenshots

well then you've compiled it for the simulator 🤷‍♂️

its not working tho

did you follow all this? https://github.com/akemin-dayo/simject

does the sim need rootless?

yes

should be rootful afaik

make sure to clean when switching between rootful and rootless builds

i cleaned and it still isnt working

i'm not sure then sorry, never used simject

did you do resim? did you check console for logs?

same goes for my side, except the preference bundle isn't showing up anywhere

the example tweak doesnt even work

Trollbox had this and some others have also made methods of doing this

did you check console for logs?

theres nothing there

no errors or warnings relating to it

how did you install simject

tje script

bruh

/opt/simject is basically /var/jb

you put your dylib at /var/jb/example.dylib

where was i supposed to put it?

i did what the readme said

the script installs a fork of simject and some other stuff

yea

it installs flexing and that works

this is not normal simject

wdym

idk what readme you were sent

simject readme

this is a fork

it turns it into rootless

theres no docs

ye

i followed on dinak's repo

i set to rootless and it still didnt work tho

you need to put it in the proper directory

/var/jb/Library/MobileSubstrate/etc

except /var/jb is /opt/simject

o

o wait u are dinak

yes

lmao

also why is flex select so much worse on the sim than real device

@wind ravine
did u use this script?

yes

@wind ravine

export TARGET := simulator:clang:17.2:14.0
export ARCHS = arm64 x86_64

INSTALL_TARGET_PROCESSES = SpringBoard

include $(THEOS)/makefiles/common.mk

TWEAK_NAME = TestTweak

$(TWEAK_NAME)_FILES = Tweak.x
$(TWEAK_NAME)_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/tweak.mk
SUBPROJECTS += $(TWEAK_PREFS)
include $(THEOS_MAKE_PATH)/aggregate.mk

setup:: clean all package
    @echo "Copying files to simulator..."
    sudo cp .theos/_/Library/MobileSubstrate/DynamicLibraries/$(TWEAK_NAME).dylib /opt/simject/Library/MobileSubstrate/DynamicLibraries/$(TWEAK_NAME).dylib
    sudo cp .theos/_/Library/MobileSubstrate/DynamicLibraries/$(TWEAK_NAME).plist /opt/simject/Library/MobileSubstrate/DynamicLibraries/$(TWEAK_NAME).plist
    @echo "Respringing simulator..."
    resim

this is what i use for makefile

make setup

use theos fork and make install

or idk

your theos fork broke my shit when i tried using it

how do i get the child of an object?

like i hook to this top class and on a function i want to change a property of its child

I mean we already have some

If it makes you feel better I didn't write most of this code

subviews?

ye

how would i get that

.subviews

_UIAnimatingLabel *targetLabel = nil;

for (UIView *subview in self.subviews) {
    if ([subview isKindOfClass:%c(_UIAnimatingLabel)]) {
        targetLabel = subview;
        break;
    }
}

if (!targetLabel) {
    NSLog(@"Failed to find target label.");
    return;
}

oh

%c

you can use NSClassFromString or objc_getClass as well

first time seeing use of fast enumeration 🔥

how do u set the frame?

this isnt working

neither does this

Which method did you hook?

_correctedDateFormat

is it even called

yes

i fixed it

XY Problem, what are you trying to do

%c() >>>

that just resolves to objc_getClass

yeah but shorter

flex on the simulator selects a different view than on real device

cos the sim isn't 1:1

?

what is your end goal

trying to show people how to make basic tweaks

uhm, leave that to nightwind tbh

dont show them cursed code, dont need another me

its not cursed

hook didAddSubView and %prop that thang

seek help

Can you call NSLog/print to the console from raw c?

yes

@hasty ruin send the %property Tesla man meme

why do you love %prop so much

i hardly use it

actually i dont think i've ever used it

what is causing this while compiling for simulator?

works with regular sdk

share your makefile

you likely need to change latest to the sdk version you have installed

otherwise theos will use xcode's sdk

which obviously wont have the Preferences framework in

i dont have an sdk for the simulator

There's a Preferences.framework for the simulator (iirc?) in Dopamine

@acoustic imp i think the clock has an update cap

https://cdn.discordapp.com/attachments/809628073896443904/1329130635801006204/Simulator_Screen_Recording_-_jailbreak_-_2025-01-15_at_11.50.19.mp4?ex=678938dd&is=6787e75d&hm=217b8778302a15f42aec48897fb08bade2853a1bb1344e1dcceb602c56dff9d4&

it randomly gets delays, even with the exact time offset

Why would anyone want this

making it for someone

i think its drifting a little bit

i found the issue........

im gonna kms

Would anyone with a jailbroken device, a copy of balatro and some time be able to test something for me?

I belive you get it with apple arcade

hi

Rootless or rootful?

14.6 so rootful

ok install this then launch the game

After that see if you can find the mods folder

• You should be able to find it with filza by going in the apps manager, clicking the i beside balatro, clciking Data then Library > Application Support > Balatro (theres a chance its in a different folder like game or love) > Mods.
• You can also find it in the terminal with the command find /private/var/mobile/Containers/Data/Application/ -name lovely after running the game with lovely once

You can get it from either Apple Arcade or a standalone App Store app

this just causes Balatro+ to crash

Crash to home or crash screen

home

does the mods folder exist?

I forget you can crash balatro to a handler

no

oof

send crash log

I'll give it a go on regular balatro in a sec

(Assuming the bundleid is the same ig)

it uses the executable name

so it should be fine

Nvm need a rootless build thank

not sure if rootless will work

don't have a rootless test device rn

Seems completely inert rn

Game runs and no data has been created

AA issue probably I assume

Mm

I asked French for a deb once and he gave me rootful then went to bed (I needed rootless)

Was faster to fix the Hugo phone and use rootful

French moment

If you go to filza app manager hit i on balatro and click bundle what shows up?

The balatro data

send screenshot

show indside balatro.app

ok thats named as expected

do you have flexall/flexing installed?

actully idk if that would help

@hasty ruin

I can grab it

how did you check for the files?

Wdym

you said no data was created

how did you check?

find and poking through the Balatro bundle

it would be the balatro data but yeah if find didn't find it it's probably not there

wtf is Balatro

game

Status bar

Resets every respring

Lemme see if my iPad has the bug

I’m on 16.3.1

chronic balatro addiction has hit me

Are you starting the video in landscape

Yes

Bug is present on iPadOS 17

Apple moment

swiftui era apple :/

Ironically seems to be fixed on iPadOS 18

doesn't seem to exist on 14

man i have no idea how to get useful info from this

@velvet path can you try with this build and send me the crash?

@torn oriole can you try this build as a sanity check (it should just crash)

It does not

:/

which device are you using

iPad 8

wonder if it's an arm64e thing

I bought it a bit ago but everyone who has told me about it is making me scared to play

dude do not fucking play it

i have destroyed my productivity

like at first ur like

ok this is pretty fun

then you get addicted and spent the next 3 hours on it

legal mind drugs

@velvet path are you by any chance able to install cr4shed and get me a crash log from that?

#development message

this is a analatics log not a cr4shed log

does it matter

cr4ashed just formats it, no?

it puts more useful info in it

lazy

what info do you need

like what function its crashing in

0   liblovely.dylib                   0x000000010571c33c 0x105714000 + 33596
1   dyld                              0x00000001011db880 0x1011c0000 + 112768
2   dyld                              0x00000001011dbc84 0x1011c0000 + 113796
3   dyld                              0x00000001011d5a8c 0x1011c0000 + 88716
4   dyld                              0x00000001011d3960 0x1011c0000 + 80224
5   dyld                              0x00000001011d3a2c 0x1011c0000 + 80428
6   dyld                              0x00000001011c686c 0x1011c0000 + 26732
7   dyld                              0x00000001011cef70 0x1011c0000 + 61296
8   libdyld.dylib                     0x00000001a65f3f60 0x1a65ed000 + 28512
9   TweakInject.dylib                 0x0000000100f3a9ac 0x100f34000 + 27052
10  dyld                              0x00000001011db9fc 0x1011c0000 + 113148
11  dyld                              0x00000001011dbc84 0x1011c0000 + 113796
12  dyld                              0x00000001011d5a8c 0x1011c0000 + 88716
13  dyld                              0x00000001011d3960 0x1011c0000 + 80224
14  dyld                              0x00000001011d3a2c 0x1011c0000 + 80428
15  dyld                              0x00000001011c292c 0x1011c0000 + 10540
16  dyld                              0x00000001011c8550 0x1011c0000 + 34128
17  dyld                              0x00000001011c1258 0x1011c0000 + 4696
18  dyld                              0x00000001011c1038 0x1011c0000 + 4152

my guess is that 0x000000010571c33c 0x105714000 + 33596 is the crashing line

ok wait how does arm64e work?

do I need to build seperatly for it?

the roothide thing or apple's?

apples

no

its an abi

theos handles it all for you

I'm not using theos

what are you using

https://theos.dev/docs/arm64e-deployment

might help you

rust

uhh

https://doc.rust-lang.org/nightly/rustc/platform-support/arm64e-apple-darwin.html

I know I just rebuilt rust from source on a 2011 mac

wait nvim @cloud yacht use this one https://doc.rust-lang.org/nightly/rustc/platform-support/arm64e-apple-ios.html

didnt realise they had it

yeah right that one

cr4shed doesn't really work properly on iOS 15+, just use the OSAnalytics tweak on PoomSmart's repo alongside KrashKop to produce VERY similar results

@torn oriole are you able to give this build a try

and then for arm64 use aarch64-apple-ios

Yeah thats what I was using before

which is why it worked find on my device

Sure gimme a sec

is this your new rust bull shit

Yes

When are you coming out ?

Hey bros

Hello Cameron.

Who are you? Everyone in this server changes there name every 2 weeks so I can never remember who people are

ipod

rootfs

Ok maybe I just don’t know you lol

Of what?

hes the frenchie

maybe that helps u

Bibifire*

Is that a valve second?

yrs

My fault I had to go places and forgor

Will try in like 20m

🙏

it's okay I got busy anyways

@torn oriole When you got a moment you can try this build it should be universal

still seems to do nothing to balatro

do the file exist?

#development message

nope

no find results either

does this build work? #development message

no

at this point I almost wonder if I somehow fucked up the dylib path

same behavior

run find / -name liblovely.dylib

theyre in the appropriate places

arent you supposed to be filtering for bundles

since when could you filter just raw executables

Eliza does

but executabnle nicer cause any rajndom love app shoudl get targeted unless they rename the execuable like balatro

I'm so confused why it isn't hooking

whats the result of running ls -l /var/jb/Library/MobileSubstrate/DynamicLibraries/liblovely*

both files are there

what do the perms look like

wondering if that could somehow be an issue

(even though it doesn't seem to be on rootful)

well i changed their perms to root:wheel like theyre apparently supposed to be and it didnt change anything so

I will havbe to see about making sure those are root wheel but for now ¯_(ツ)_/¯

I wonder if it is something with how rootless works

it sucks I don't have a test device rn

there isn't a rootless iOS 14 jailbreak is there?

no

Balatro mods??!!

I am addicted to Balatro

I wonder if supercharge can inject into Apple Arcade apps…

yes

it works on the steam version already

also I do belive this is a rootless issue

I think it's using a hard coded path for substraight

Yeah I saw that desktop Balatro has mods, cool that you got it to work on iOS

well it doesn't seem to be working too well

Are all Balatro mods written in lua? So only the injector needs to be ported?

crashes uniexpicably on rootfull and does nothing on rootless

Yeah pretty much

also I bet this is the issue

Send your GitHub

I wanna see how this works

Do you have crash logs?

#development message

https://github.com/WilsontheWolf/lovely-injector/tree/ios

Tell bro to delete all his other tweaks lol

true

Does this thing support macOS?

the steam version yeah

app store doesn't work due to build differences

the ios fork might work with ellekit mac

Ok, so I guess the question is, what is different between the lua in steam and App Store versions that would cause injection issues

lua is statically linked on app store dynamically linked on steam

I’ll have to look at how this lovely injector works

But I’ll have to look at the code on my computer screen, cause my phone screen is not cutting it

yeah makes sense

I would look at the upstream code if I was you mines a mess and guts a lot of the injecting stuff

That’s a big difference

What lua version?

luajit

5.1 iirc

iirc luajit only supports 5.1, cause the author didn’t like the newer version lol

I wish I had a Mac lol

Does Balatro+ work on Intel Mac?

¯_(ツ)_/¯

the balatro mods also work on the windows version of balatro

just says requires macOS 11.0 or later

I don’t own Balatro, I have it from Apple Arcade

Is signing into my iCloud account on a hackintosh to install Apple Arcade games a bad idea?

¯_(ツ)_/¯

Actually I’ve got some palera1n compatible devices

I somehow broke the building

its just stopped making the dylib

idk how I managed that

as long as you've set up a proper smbios it should be fine

I forgot to save the file

@torn oriole when you got time

Also rootful build since a lot has changed

substraight 🗣️

As long as your serial number shows up as whatever dortania’s guide recommends you’re fine

I’ve never gotten executed by Apple for signing into a hackintosh when doing it right

me when substract address with aslr

@hasty ruin tell him

Real

I guess I need to actually learn rust

CC @sonic totem

I’m going to learn as little rust as possible

this is what i said when i started using kotlin a week ago

kotlin is nice but i hate everything about android

this was unrelated to anything about rust i'm just generally unhappy about having to write android code

2 coming outs soon in rjb

fire

@wooden yarrow when are you coming out

hey @slim bramble

have you seen miside

it's a very fun and enjoyable game you'd definitely love

Or are you a hidden/secret trans

you said you loved russian anime games right

if i would have came out i would have done so like 4 years ago

Has anyone here used lief to add a custom segment to a MachO Bin? I am trying to do so. However when branching to the new segment (which has rwx perms) the program crashes from a bad access exception with error code 2 and i cant figure out why

You can’t have W|X

Because of W^X

You need to set it up as rw, when you are done writing, changes perms to rx

Why did you ping Alfie with the message “control center”

Fucking Android development is so ass idk why people want to develop for it

for real

the project structure and gradle is crazy

mfw src/main/java/com/whaterver/whatever

Thanks a lot!

also you wanna use c instead of java ? good luck

i wanted to learn rust but i didnt slowly want to turn into that so i didnt

however i made my first rust app so im automatically a coming out now

trying to install this on second macbook, it keeps saying failed to install simject, no such file or directory for cp /usr/local/bin/resim

android studio hides that so it isn't that big of a deal

but it's still annoying

ikr

so i wanted to make an app with a bottom navigation bar right

on ios you just create a uinavigationcontroller, put view controllers in it and boom bottom navigation bar / tab bar

from what i understand you're expected to instantiate the bar and manage the transitions yourself

and it's really annoying

i'm sure there's a good reason behind these design choices but based on my current knowledge it all seems annoying

nvm im stupid

Does ellekit have some debuggijg stuff to see if a tweaj is being loaded?

I know libhooker logs each tweak it injects

yeah by default it prints out Loading tweak {name}...

I'm pretty sure

or maybe that's only LH

Not sure I didn't think I saw it in simject. I can ask my tester to give it a try after

What are you even doing

😭

Trying to get orange name ?

Trying to debuf why it's not doing anything in rootless

why do you want to debuff it?

cause I can't spell

Like CC email thing

Adobe creative cloud?

That cc?

https://cdn.discordapp.com/emojis/1165545028215644261.webp?size=60&quality=lossless

https://github.com/EthanArbuckle/simforge

Oh just delete that part in the script

Then compile resim and make an alias and point it to the exec

pint

@indigo peak what happened with 18cc an 16p ?

shit tweak

that’s what happened

18cc ?

I haven’t speant much time on making it “work”

use your thinking cap

I’m in England atm

Not at home

Mac book proly dead

oh well

its shit anyway why backport

I’m not back porting the shit pages

does anyone have a A11 or lower rootless jailbreak that would be willing to test smth for me

sure

okay do you own balatro?

no... so nvm I guess

No that's fine I have a test IPA as well

🅱️iracy

no it's a love project i built

same engine

https://cdn.discordapp.com/attachments/1288906099180699661/1293362453496991765/lovely-test.ipa?ex=678b97e6&is=678a4666&hm=761affe95644572cbdf612160cadb68b4c25b4462009908bfe36c8933d0e2dcb&

install these and then open the app and send me a screenshot

@faint timber

How do I decrypt an app lol

use trolldecrypt or smth

Send apt repo

Google:

Nvm I figured out what trollstore is

If you want to decrypt all the plugins and frameworks you will need frida + bagbak

I only needed the main binary decrypted

is it possible to save safari private windows cache through extensions?

in a file and then load the same cache through extension at later time

How Tesla felt saying this instead of someone saying it to him

https://tenor.com/view/dog-mask-gif-10635347690073820963

LMAO

this won't work btw lol

Why not?

Because u stink

because MSFindSymbol can't find stripped symbols

They aren't stripped?

Well they could be for baaltro possible and if so that'd rough

But that IPA isn't cause I've been using it on my machine

But even then it should crash instead of just doing nothing?

ellekit MSFindSymbol is bugged I think lol

Oh possibly

I'm using libhooker locally

I think it gets stuck and watchdog kills it

Hmmm well I've been reported nothing happening

Not even in thing making its logs directory which should happen before it's hooking

I'm not sure if it's a rootless or an arm64e thing

(Or something else)

https://tenor.com/view/druski-gif-18348698948575815487

Time to write a symbol finder

@grave sparrow have you written anything that scans live code pages to get a symbol based off of some sentinel instructions?

funny enough gameseagull has a patch finder which might be helpful

https://github.com/donato-fiore/GameSeagull/blob/40543762420adf6a6607c6dc1c804396db21ba34/Utils.m#L5-L26

that's a modified version just to scan until it finds a function

What does bh_ stand for

Boyer–Moore–Horspool algorithm

I use capstone when I have to do this

Seems pretty heavyweight for what I need lol

I’ll probably just end up using memmem()

is the bh algorithm too much too?

or not what ur looking for?

Its probably the most lightweight disassembler library that exists (that’s worth using)

assume you only need 1 arch; you would just build the lib with arm64 support

Yeah I only need arm64 so I’ll just embed the bytes I need directly

I’m usually aiming for precision mnemonic and operand parsing / identification. if memmem gets it done then why not

i've only had to do that once, for TweakInspect-IDA, but i just used ida's api

Ih8sn0w’s iBoot patch finder is a good reference for that type of resolution

Nice. I’m only slightly side eyeing you for coupling a purposely disassembler-agnostic tool to a specific disassembler backend

I added my version of the Ida script to the repo

minimal usage example. try it, it’s cool https://github.com/EthanArbuckle/crashreportdetails/blob/main/Tweak.x#L125-L132

what capt said + you literally need to fakeroot when building the deb why are you not using theos?

not only is your deb packaged as mobile user, its not even codesigned...

tf u doing lol

wtf is mobile:wheel

is this possible anyone????

please

Capt?

discord bug dw

Heres the neat thing, I unfortuantly have to use rust for this, so I can't (don't know how) to get theos to build it. I just kinda read the docs for deb files and looked at one theos made and wrote a shell script to build the deb file. Can I use theos to package it for me without building? Also yeah I should code sign it

Also should I fake sign each slice or just the combined binary?

ldid will handle the slices

okay

how can I tell if ellekit is injecting my tweak?

what I mean by theos is dm.pl

I crashed it using flex and I don't see my dylib in the list of images

Wasn't aware of it. Looks useful https://theos.dev/docs/dm.pl

this is how I would fix it

fyi its just a "dpkg-less" version of dpkg-deb

Okay sweet thanks

This is what I was doing https://github.com/WilsontheWolf/lovely-injector/blob/ios/crates/lovely-ios/build-deb.sh

will tweak it

I manually fixed the perms and fake signed it on my iPad and it just doesn't seem to inject at all

like it should be creating a file for logging in the apps sandbox

but it's just not

oh wait is that the wrong path?

seems it is symlinked so probably not an issue

jailbreaks have used usr/lib/TweakInject/ for a long time(early coolstar jailbreaks) since rootless just uses ellekit, /var/jb/usr/lib/TweakInject/ is fine

might be better to keep the og now that I think of it

Ok I modifed it, it shold be packaged correctly and fake signed. However, it still seems to have no effect on rootless (but works fine with rootful)

It should upon injection of any process make a folder at /Library/Application Support/game/Mods/lovely/log in the processes sandbox and write logs into this file. However running a quick find on my iPad doesn't find said folder (and manually going to where I know it should be I can't find it)

as a sanity check I cleaned any old folders that matched from some testing of stuff a while back, user space rebooted then launched my target app.

nothing

Tried forcing it into a process and i think I did something wrong

I must've done my rpath wrong

yah cuz thats literally not rpath bruh

why not just have rootful and rootless use rpath

idk I had issues with it on rootful (didn't have my rootless test device at the time) and so I just left rootful as it was

I think I have been specifiying rpath wrong this entire time and since I didn't have a rootless test device I just didn't realize

well hmmmm it complains if I change it to not be rpath

so something is accepting it

and it's now injecting

man

thanks for the help

your substrate tbd probably is hardcoded, modify it to rpath @cloud yacht

nah it's fine

I'm using the rootless one

I jsut passed the wrong args to the compuler

yah its clang linker flag not clang

I may be stupid

To be fair I've never done more for compiling a rweak than make package before

start with the basics lol

as the saying goes, "I did this not because it was easy, but because I thought it would be easy"

why are you using rust anyway

um how do i assemble a literal pool style ldr instruction for arm

like a pc relative load

ldr x14, [pc, #8]

also seen it like ldr x14, =0x1234123412341234

https://developer.arm.com/documentation/100069/0606/A32-and-T32-Instructions/LDR--PC-relative-

for arm64 it would be https://developer.arm.com/documentation/100069/0606/Data-Transfer-Instructions/LDR--literal-

does anyone know why GIR just dies if you try to add a new tag?

example of a failed command

Why root

its not really important for me what it runs on as its on a shitty linux vps for that bot specific anyway but may that hint to the actual issue causing it?

What is code 257?

Thread 1: EXC_BAD_ACCESS (code=257, address=0x10367e174)

appears to be (EXC_MASK_BAD_ACCESS | EXC_MASK_MACH_SYSCALL)? edit: nope, see my message below

Yep, seems to be, ty

I don't think the code actually matters but

I was running out of ideas

I only get the bad access if I do the write in assembly, whereas if I do it in C it just hangs lol

nope, apparently it's not

upon further research that's not how those codes work

so i did some further research and got EXC_ARM_DA_ALIGN for 0x101

@sonic totem "EXC_ARM_DA_ALIGN: The crashed thread tried to access memory that isn’t appropriately aligned. This exception code is rare because 64-bit ARM CPUs work with misaligned data. However, you may see this exception subtype if the memory address is both misaligned and located in an unmapped memory region. You may have other crash reports that show a memory access issue with a different exception subtype, which are likely caused by the same underlying memory access issue."

Yikes

Type of stuff that happens when I write an exploit ‼️

It’s a really cursed issue but I think the AMCC rejects the write or something

hm

Because I’m trying to write to kernel __DATA

Which is mapped as writable

And it’s in my page table

#779151007488933889 message also siguza mentioning the planes that i found lol

hm

But then staturnz managed to write to __DATA with the exploit so it’s definitely my issue lol

This is with KPP even so KTRR won’t stop me

"located in an unmapped memory region" makes me think ur pagetables might not be working right but idk

It lets me read them

Just not write

Okay now I get error code 2

...and now back to the hang

Oh well, I'll find a way

KERN_PROTECTION_FAILURE

Yeha forgot VM_PROT_WRITE

Can anyone compile jitterbugpair for arm64 Linux please?

https://github.com/nythepegasus/StaticJitterbugPair

Are you sure it’s compiled for arm?

It’s a static build

Will try building it then

TrollBox and others don't allow animated images

Porting a rust project to ios

Doesn’t work and doesn’t compile

show

Plus, there’s already a build in GH actions

Wdym show

Show output/terminal

Even if I run the precompiled binary it just says illegal instruction

It just says illegal instruction

Do you have libc installed?

I installed libc-dev in apt

So I guess so

Is usbmuxd running

Umm

I don’t think so

Then start usbmuxd

Do you even have usbmuxd installed?

I do but how do I start it?

systemctl

Doesn’t work it wants to be run through systemd

systemctl is part of systemd