Is there a tweak to see the api calls or just out going internet requests of an app as i’m trying to work out why a feature on old version of an app i use partially broke today

let allPossibleCitiesWithData = []

setup()

onEvent("forecastButton", "click", () => {
  populateRandomCities()
})

const setup = () => {
  const cities = getColumn("Daily Weather", "City")
  const forcastNumbers = getColumn("Daily Weather", "Forecast Number")
  const highTemps = getColumn("Daily Weather", "High Temperature")
  const lowTemps = getColumn("Daily Weather", "Low Temperature")
  const icons = getColumn("Daily Weather", "Icon")
  const conditions = getColumn("Daily Weather", "Condition Description")
  
  for (let i = 0; i < cities.length; i++){
    if (forcastNumbers[i] == 2) continue
    appendItem(allPossibleCitiesWithData, [cities[i], highTemps[i], lowTemps[i], icons[i], conditions[i]])
  }
  
  setRandomCitiesWeatherData()
}

const populateRandomCities = () => {
  const index = randomNumber(0, allPossibleCitiesWithData.length - 1)

  setText("cityOutput", allPossibleCitiesWithData[index][0])
  setText("highTempOutput", allPossibleCitiesWithData[index][1])
  setText("lowTempOutput", allPossibleCitiesWithData[index][2])
  setProperty("iconOutput", "image", allPossibleCitiesWithData[index][3])
  setText("conditionOutput", allPossibleCitiesWithData[index][4])
}

better

U can save the "Daily Weather" in a variable, since u reuse it

what the hell, sure

I don’t think const works iirc CC @reef trail

:/

Ig but like idk if that rly improves anything

:/

also doesnt support this :/ or this

ik, pretty dumb

my teacher said to me after he looked at it, and said interesting how you load everything or wtv first, real programmers have to think about that kinda stuff

lol

L

variable

yeah but var had goofy scope hoisting properties, let + const don't

but

Wtf can’t ping mods

Ok my discord is tweaking

you can make allPossibleCitiesWithData const because it only makes the reference to the array constant

you can still push to the array and stuff

are you working in es3 😭

wtf is that

Ikr

wtf is this

a what?

can you finish that

Scratch on steroids?

guh why is there a space between some blocks

cursed

Trying to reverse engineer an executable, and I can't seem to set a breakpoint at a subroutine's address:

(lldb) b set --address 0x0000000100918580
Breakpoint 12: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

I obtained this address by running image dump symtab and searching for the subroutine's address in the binary, then finding it's associated loaded address.

i've confirmed it's correct using disassemble --start-address 0x0000000100918580 --count 10:

(lldb) disassemble --start-address 0x0000000100918580 --count 10
WindowManager`___lldb_unnamed_symbol6516:
    0x100918580 <+0>:  pacibsp 
    0x100918584 <+4>:  sub    sp, sp, #0x80
    0x100918588 <+8>:  stp    x28, x27, [sp, #0x20]
    0x10091858c <+12>: stp    x26, x25, [sp, #0x30]

any ideas why i can't set the breakpoint?

Can you set working breakpoints elsewhere in this binary?

i tried a few random addresses from image dump symtab, all except one worked

You

Swift playgrounds is crazy

I can write a full app on my iPad and it only crashes occasionally

And the text editor only mostly sucks

Most functional apple creation

do you guys know if its possible to modify the bundle id of an app that is already installed

like i sideloaded an ipa but i dont have it anymore

and i want to install the app store version of that app

but i dont wanna overwrite the sideloaded version

so i wanna change the bundle id of it

idk if thats possible

ok my solution was to generate a decrypted ipa, change the bundle id, install that new app, and uninstall the old one

probably wont work for all situations but worked here because all my app data is online

my "guess" is you would change the info plist key for the bundleid and resign the app

https://www.youtube.com/watch?v=fks3PBodyiE

💀 ant no way

can someone check if watchOS 8 sdk has c++ headers

because 2.0 doesnt

i'm hiring macOS/iOS reverse engineer-ers for help on my project ProNotes! https://pronotes.app

What exactly do you need reverse engineered? 🤔

The app looks cool btw nice

Looking for someone to help me build a plugin system and some plugins for it. (SIP disabled is fine).

thank you!

i'm really excited to see what's possible with code injection

for one - i want to disable line wrapping

For sure, I would point you to MacForge, the project is a state of limbo as of now but code injection does work and you can make plugins for apps

i'm aware of it! yabai also does code injection. i think the project would be fairly straightforward - just busy with school and exploring other private apis rn

please dm if interested!

While I personally don’t have much experience with macOS, @orchid fulcrum might

He might be interested 👍

does anyone know where i can find the apple ACE3 firmware dump? i wanna take a look when i get bored

the usb-c controller dump that somebody did last december iirc

wait singaporean spotted

crazy

Probably not the good discord to ask

You’re probably better asking stacksmashing on HD

is there a way to set call type here? 'y' option is missing 😦

sometimes selecting different parts of the line will show more options

unrelated, I made a tool to trace objc_msgSend invocations. its like frida-trace but able to capture all calls + their arguments. It's useful for exploring class/api interactions https://github.com/EthanArbuckle/objsee-ios

Working on my own thing rn sorry, also i am not that experienced anyway (If all you want is injecting a dylib in an app consider using DYLD_INSERT_LIBRARIES)

this is really nice

thanks for that

From my experience, set call type only works when the object type is not generic / id

its just a BLR...

try setting struct type such that that field is a function with the call type you want

fyi theos building is completely broken because you moved everything to src

required many many many fixes lol

oh so that wasn't just a me issue then

i tried compiling yesterday but it was throwing a ton of errors

how'd you build it? 🤔

i managed to build it

lots of changes had to be made

send bin in dms 👍

Usually the c++ headers are part of the llvm toolchain, not the SDK

That’s how it is for iOS and macOS at least

Just add all the included and missing source files to the makefile and add missing include to a few sources

I see

cd dependencies/libs
ln -s libcapstone-ios.a libcapstone.a
ln -s libncursesw-ios.a libncursesw.a
ln -s libjson-c-ios.a libjson-c.a

ty

yw

its very unstable with eg: "ClassPrefix*"

seems to not even detect classes I 100% know are being executed

not sure how its missing them...

whoops. fixed https://github.com/EthanArbuckle/objsee-ios/commit/79b2486cb679d89997ecc0ebcb8ea63353dbb4fb

i only use the xcode project. theos is slow

are you doing detailed argument capturing? arg capturing is what can introduce instability. lowering the detail level (so that it doesn't try to call -description on maybe-objects) will help. documented here https://github.com/EthanArbuckle/objsee-ios/blob/79b2486cb679d89997ecc0ebcb8ea63353dbb4fb/src/libobjsee/tracing/tracer_types.h#L17-L35

with TRACER_ARG_FORMAT_BASIC i would expect even no filter / * traces to work -- that's what it defaults to

Were you able to fix the crash issue you mentioned ? Or is the signal ignoring code dealing with that

setting it to NONE worked

@orchid fulcrum It seems the crash is not fixed

still doesn't show classes I know get called

let yolo and do *

comically slow

probably calls not directly performed by the process being targeted. are you familiar with the nuances of symbol rebinding? there’s a flag in code to make it use a hooking library instead of rebinding

lol * makes it have 5 minute ui delay

doesn't work, no logging is done with the hooker lib

user error

you are right it is user error

my app bypass returns 0 for dlsym MSHookFunction lol

wait but what if there's a jailbreak that doesnt use ElleKit

is the dlsym still gonna work?

makes sense

oh I guess it would do dlsym(NULL, "MSHookFunction") in that case

yeah image scopes are unversal via dyld

-E or whatever it is

you may have to update the path to match environment

im cooked if they detect objc_msgSend hooks

yah but no one does. that was a motivator for making it, everything detects Frida’s instruction hooking

well this specific app has drm check bytes of a few _dyld functions

might check objc too have to confirm

doesn't look like they do

Surprised, it seems like one of the better targets to check for hooks

most people writing those checks don’t know what to check for

and they don't care enough to hire one of us to do it?

Anyone know the AppStore debug gesture

Ik it has to be enabled because everything else shows and notes has a debug option I just can’t figure out this fucking gesture

Hmmmm

+1

i've been trying to figure it out but i can't

re AppStore 😭

I heard one person say it used to be swipe right to left on profile icon but it changed since iOS 17 haven’t been able to find any more info

Reverse it

Reverse what

App Store

I’ve done every gesture I can think off

my brother in Christ you are talking to purple names who will probably require at least a month to be able to find the gestures in an RE program

Depends how bad they want the debug menu

I’ve spent hours doing every fucking gesture possible I don’t think anyone knows what it is

If your so smart send a screenshot of the debug menu pulled up

Even lemin doesn’t know what it is

Check the gesture recognisers with flex

Call every action manually

Profit

I’m on 18.3.1 I can’t , my iPad on 17.5 isn’t working for some reason when I use Cowubunga to enable internal options

Rip

Nugget worked on my iPad I’m using palera1n now and will try flex thanks

The search bar crashes 💀 ima just say this doesn’t exist and it’s a myth case closed

I have asked this a couple times, but never got a satisfactory answer:

Is it possible to extract ipas/patches from an iOS update and then use said extracted ipas to update a specific system app?

It’s possible to extract and make them IPAs for example visual intelligence has been extracted and turned into an IPA but it didn’t work it would call camera and location services but would be blank now it doesn’t even open

I’m not to sure about updating system apps however

(And before someone mentions the linker issue: yes I know that the updated app would ask for different linked binaries than the old one. This could also be addressed)

I think that if it could ever be figured out it would be the complete endgame for jailbreaking

You would rarely miss out on features from newer OS versions, and you could theoretically cherry pick to avoid new features that are undesirable

Ofc it wouldn’t be able to do everything, especially if you try to update past the phone’s intended last update

But it would still do a lot

no

system apps are generally just shells, the actual code is in frameworks

wish apple updated apple music separately from iOS

Hmm

Any app not in the trust cache and or system group will operate at a lower trust level. I’m not sure what exactly that does in terms of functionality. It could mean something. Something I do know is another process can acquire that apps task port and freely read an write memory. So lower security for starters.

I expected as such

I wish Apple updated WebKit seperste from ios

Don't they ?

Like its opensource

lol

Edit 2 Don’t trust my advice on anything I’m unknowing

https://webkit.org

holy shit I guess it is

Isn’t that why they added cryptex

not that they do anything with it anymore

what was it even for

Rapid Security Responses

oh

so they can publish mini software updates to patch severe vulnerabilities quicker than normal

that sounds good on paper until apple realised they actually have to direct manpower towards the release of rapid security responses

why didnt they patch kfd in those rsr's

?

I mean, they do use it for mobileassets

and subsequently ended up being similar timely manner to just release a .x.1 update

true

but still

while they were still publishing them yeah

i think

but they didnt patch it

that's the thing

because theyre idiots

they only patched it with 16.6.1

Have they even used that I can recall one time a rapid was pushed … 18.3.1 shoulda been a rapid security

.

💀

@empty spade ^

rapid security response:
receive settings prompt, install response, reboot

system update:
receive settings prompt, install update, reboot

Genius

rsrs dont always need reboot though

interesting

they gave up on RSR’s after the disaster that was 16.5.1 (a)

the idea makes no sense to me if it doesn't allow live kernel patching like the switch kernel

Live kernel patching............. that's exactly what Apple spent so long trying to counter

😭

«If you can’t beat them, join them»

the french quotes

💔💔💔💔😭😭😭😭

Most of the time, the first entry point isn't the kernel

RSRs make perfect sense

^^^

For a full chain they would ‘rapidly’ patch the entry point, which would be something like WebKit or iMessage, then do a proper update to fix the kernel bug(s) afterwards

As long as they cut off the entry point ASAP they can stop the chain being used ITW

If they made perfect sense why have they basically abandoned it

what is faster about pushing an RSR update than a regular update

i have 2 balls and neither is a crystal ball

Some patches can be applied without a reboot

which

Userspace

Should I open source my spaghetti code

web dev for an Italian restaurant call that spaghetti code

Is this anything

After a year long battle with apple it’s clear how many times I submit they’ll still clap back with the bs “unapproved use of apis “

yes thats pretty cool

Felt

Thank you

I expanded on it after seeing a Twitter video demoing changing font and size , then just added a shit ton more

Found out your limited to 7 functions showing so I had to make hard press bring up function menu

Why’s it different what’d u do lmao

I have

private func isUnsupportedDevice() -> Bool {
let deviceModel = deviceModelID()
let deviceSystemVersion = UIDevice.current.systemVersion
let supportedModelIDs: Set<String> = ["iPhone17,3", "iPhone17,4", "iPhone17,1", "iPhone17,2"]

private func presentNoCameraControlSupportAlert() {
let alert = UIAlertController(
title: "Camera Control Not Supported",
message: "Sorry, your device does not support Camera Control features. This application requires Camera Control functionality to operate properly.",
preferredStyle: .alert
)
alert.addAction(UIAlertAction(title: "Close App", style: .default) { _ in
exit(0)
})
DispatchQueue.main.async {
self.present(alert, animated: true)
}
}

Which works when testing privately my iPad displays a pop up and app closes yet these fuckers that test my app somehow get it on iPads and then I get denied app completeness because it doesn’t even work

Oh I'm not doing camera control

I was just implying app review hell

Yoooo that would be sick

Apple Camera Button control for AppleDB

@torn oriole How sick does that sound

I put iPhone 17💀 but it still works so I don’t understand how they be using iPads to test I even left a note in all caps use iPhone 16

Well at the rate he is going

That's a no

You can still publicly test flight it

Then why is it an issue for App Store 😭

That’s what I’m saying 💀

Double standard ahh app review

Idek who these people are that downloaded it 😭

Also my app doesn’t even had iPad SDK so again I’m confused on how that even installs all this shit just frustrates me

Isn’t exit(0) a private API? I don’t think Apple wants apps to force quit (although ik a lot do for jb detection and whatever so maybe I’m wrong)

You could show a non dismissable pop up/message instead maybe

you can do NSThread.exit()

That’s apples fault for not having camera control as a listed capability I couldn’t find any other way to restrict

Sure but you don’t need to kill the app for them, unless this is allowed ^

I think it is allowed

https://developer.apple.com/documentation/foundation/thread/1409404-exit

They beta just hit that approve button I stg

Me when performSelector

Or whatever the fuck it is called in swift

Do they do this shit to you guys my app was in review for almost 3 months so I just had to reject it 💀

Guys, any idea why I'm getting a Killed: 9 when trying to launch debugserver? I tried applying all possible entitlements I found online but none got me past this. I do have jailbreak

Runs fine when I don't apply any custom entitlements but obviously I can't use it to debug any app then

(getting can't get task for process)

They left me on read

Need correct entitlements and make sure you are not doing an entitlement merge
on-computer:
first off get the correct ldid for iOS 15+ https://github.com/ProcursusTeam/ldid
if you are gonna use ldid on-device you ldid is already on procurus repo

You need to copy debugserver from developer directories and resign it
ldid -Sdebugserver.entitlements ./debugserver
if you have -M it will keep the sandbox entitlements(we dont want sandbox) so dont add -M

if you are on iOS 15+ jailbreaks you can execute anywhere in /var/jb/
if you are on 14 or older debugserver can only execute in an executable dir eg /usr/bin, /bin etc

on-device:

function pidproc() {
    sort | gawk '{print $2}' | head --bytes=-1
}
alias procf="ps aux | grep -v grep | grep -i"

function debug_proc() {
  sudo /var/jb/usr/bin/debugserver 0.0.0.0:6666 -a $(procf "$1" | pidproc)
}

debug_proc "MyExecutableName"

on-computer:

iproxy 6666 6666 1>/dev/null 2>/dev/null &

/usr/bin/lldb

inside lldb:

platform select remote-ios

settings set target.require-hardware-breakpoint true

process connect connect://127.0.0.1:6666

https://cdn.discordapp.com/attachments/779151007488933889/1330691425649688716/debugserver.entitlements?ex=67b67376&is=67b521f6&hm=6da96f8158274cf63377bf4b5abe5575414c83ea7f11c3e8056d0cd20357eaee&

can you force the macbook to shutdown upon lib closure

rather than just Sleep yk

Thank you for the response, I have indeed done all the steps, my ldid is from saurik and I tried ldid on linux as well, all with same results

tho I just now realised I'm not at legacyjailbreak, I'm on iOS 6

but ye I tried both with and without -M, and with both -s and -S, neither worked

iOS 6 will be far far different

so don't follow this advice at all lol

but it still boils down to adding entitlements to debugserver, no?

I did find guides for old ios's

Look at this bullshit it’s the pop up I showed I earlier

Why can’t they just an iPhone 16

entitlements weren't really a thing back then...

I mean it's fair I guess

iOS 6 has like run-unsigned-code, etc, just grab entitlements from cynject

oh really? interesting

Well they were but stuff that you would never expect to not have them didn’t back then. Asr for example

huh, I understood almost nothing from here, I did apply run-unsigned-code

what is cynject again?

ah, found it, but how would I use it to run debugserver?

debugserver for ios 6 already had a few entitlements

it was just missing task_for_pid-allow and one more

cynject doesn't even seem to have run-unsigned-code but has the task_for_pid-allow

what do apps that use lidar and such do

Lidars a capability phones have lidar without camera control

They never even talk to me what’s the point of the chat feature

Hello

i don't think your app is getting accepted

https://tenor.com/view/one-piece-is-real-vivi-fr-bro-gif-12861991152389350692

https://tenor.com/view/i-have-no-intention-of-giving-up-michael-love-on-the-spectrum-determined-confident-gif-18050372

I need that developer tag 🫡

so lidar is a capability you can require for installation on the app store, but not camera control?

i've never published, so i don't know all the details

https://developer.apple.com/support/required-device-capabilities/#iphone-devices damn

anyone know this guy

One step closer hopefully after I edit the Ui alert it gets approved 💀

Bruh I just submitted it 💀

camera control tests is crazy

Next their gonna bitch that you have to restart app after enabling camera I already know it …. Gonna have to have the app close after enabling camera 😭

And I have to change my UI again because the stupid fucking 16e doesn’t have camera control 😩

iphone 16 erection

whys it crashing

is it stupid

It has to restart app after enabling camera , camera control won’t take effect

oh

Feel like I’m breaking so many rules

Now updated this because the stupid ass 16e

Apple will be upset that it’s not properly formatted

probably should be “This app requires an iPhone 16, iPhone 16 Plus, iPhone 16 Pro, or iPhone 16 Pro Max to run Camera Control features”.

Would they actually complain about that

I’ve put so much into this even had to make an email for the support URL I will not be answering questions 🙏😭 they better just accept it

yes

My privacy URL is a complete mess 💀

Their denying then immediately reviewing again their so fed up with me 💀

theres no way theyre going to accept that app bruh even when they get past the alerts theyre going to be like this is basic as hell and useless put it on testflight instead

That’s you’re opinion, there’s far more apps on the store that serve a minimal purpose compared to mine

Does anyone know what IC in / ICM / ICTT / ICTK2 mean in the context of notes app ? TK2 is text kit 2 but thats all i can tell. It probably means icloud but thats not that related to notes app so idk

the app just feels very... jailbreaky
and thats fine but apple may be inherently biased to not allow it in that case

having it be a testflight or even just an app that's able to be sideloaded would fit much better for what the app is

anyone know a good way to test if

jop_disabled

is actually disabling

for one when i enabled that a tweak i was using started tweakin out and crashing mediaserverd

the tweak was tweakin

well jop_disabled was definitely doing something

i just realized the tweak that was tweaking was a arm64 dylib being dlopened from a arm64e process

Springboard gets stuck when it tries to load an arm64 dylib

I finally found the issue in this 😮

So, I was editing the entitlements xml file ON WINDOWS which gave it a different encoding which made the entitlements file wrong to the device

Actual cinema

after downloading an external file directly onto the device without windows screwing it up, it finally worked 😮

why does it have to close ?

Are you using private apis ?

More like how many are you using

I would hope so, apps feel jank to me when they can’t get basic spelling/grammar right

i'm confused as to what this is doing tbh, i haven't used a 16 model phone

Camera control is only accessible in camera , or supported social media apps such as Snapchat it’s only purpose is to allow camera functions . Zoom , exposure, filters ETC i implemented a wide array of custom functions that showcase unconventional functions that can be used with camera control

ohh interesting, i assumed the options in there could only be added by apple. I do agree with what others have said then, it doesn't really seem like an app apple would put on the app store

I’m not disagreeing, I’ve just been met with contradictory statements. Sometimes they test my app and say it doesn’t work . That’s because there not using a supported device in an earlier build where I only had text functions , shadow , background color , font , font size . They tested and sent back videos of it working they denied it because app completeness lacking function I’ve sense added over 25+ functions so I still have some hope if tested correctly they might allow it unlikely but there’s a chance

hmm, maybe make the ui more "apple-like", to me it looks a bit hacky rn

My main concern is spending to much time on it for it to not be allowed anyways , that’s why I started off with minimal functionality, I just want to get the green light before I overhaul and make everything perfect

yeah makes sense

Hi I noticed dynamic codesign disabled in entitlements I looked around it says that it might cause conflict and block tweaks from injecting properly..any idea or info about this?

👆🏼

Forgot to mention this is ellekit entitlement

three entitlement cannot be used in ios15, whether it is the developer certificate or app store fast path
if ( trust_level <= 6 ) {
(pmap_cs detection)
"http://com.apple.private.cs.debugger"
"dynamic-codesigning"
"http://com.apple.private.skip-library-validation"
}

they still work tho

apple just doesn't let you sign private entitlements, even with dev certs

i’m on ios 16.6 i was looking for a way to solve thepoomsmart emojis tweak it appears in keyboard to anything related to springboard and vanish in every AppStore app i open..that’s when I noticed the codesign thingy ..injecting every app separately destroys my battery 😐😑

It’s not a great solution

what’s the tweak doing that eats up battery?

The tweaks mainly isn’t causing problems I’m using nathanlr jailbreak having the best experience so far with it ..couple of tweaks like immortalizer is auto injecting itself everywhere doesn’t require inject app via nathanlr first

SafariX tweak is also injecting itself to safari

So I believe that my jailbreak supports tweaks to work on its own
EmojifontManger is auto injecting to anything related to springboard emoji shows in keyboard once I open any app boom 💥 vanishes

Injecting apps via nathanlr applys all tweaks can’t choice even disabling tweak won’t work nathanlr ignore that and choicy is pointless

So i’m wondering if ellekit codesign is causing issues and conflicts block tweaks ability to inject..

And even if just stick with injecting each app separately it’s a risk apps like snapchat will ban my as*s

Even if they gave you the entitlement, it wouldn’t work

The binary has to be in trustcache otherwise it won’t be allowed to execute with that entitlement

Check this

chatgpt is awful at jailbreak related stuff

^^^

tho this is more correct than i'd expect it to be, cool that it knows about sbreload

Consigning is also disabled anyway for all processes

It’s not my main source to help but it did help a lot with other stuff!

And honestly it feels like ellekit was created to suits dopamine all scrips are based on it

my fault ive been feeding it so much ios nerd bullshit questions its actually learning off it as if its relevant info

erm actually that's not how chat gpt works 🤓👆

go figure you know how chatgpt actually works

is there an LLM you would recommend?

none of them are likely to be good for jailbreak stuff

i only use chat gpt in general tho so i'm not the right person to ask

anthropic’s models are the best for tweak stuff

chatgpt 4 is rather good at swift programming nowadays its actually suprising

they are not that bad give some credit, 3/10 of the time they help me in some form

general programming theyre great, it's when you get into niche topics they start to hallucinate and fuck you up

chatgpt 3 would always make a mistake that would have to be corrected but 4 its actually valid syntax

yeah they wont know what an obscure private class does. thats only fair

If you want chat gpt to be useful you need to give all info
Mention your jailbreak
Share the used path
What ios are you on
And then it would give you great info at least it will help where to start first also ask for trick if you want to connect something to the root files it might solve without touching the root files

ive used just to cook up a view or two to see what a general idea looks like in my head its rather neat

you can make GitHub copilot train on a git repo, and you can make a git repo that contains the entirety of a dyld cache disassembled to pseudocode

and then you have a model that can answer all kinds of questions

I posted some screenshots demoing that in the theos channel a few months ago

Copying script plists etc ..will correct his way of helping..don’t complain if you didn’t share anything first it’s Ai not a god to know the unknown 😂 give it a chance again ♥️

It’s not a bad tool trust me

Great, now ask it all possible call stacks to sandbox_extension_issue_file(APP_SANDBOX_READ[_WRITE])

is that really something you want me to do. xnuspy would yield better results

https://streamable.com/6xdkx7

macos runtime dylib injection to arm64e process (ik its not a new thing but couldn't find a working tool myself)

dylib in the demo makes it so when you zoom a note and cycle notes the zoom doesnt go away automatically

Nice

Is that base model lol at least use 4o

i dont think 3.5 is in the app anymore

I didn’t realize it’s the base model probably i was invested in the chat and didn’t notice thanks tho 😂

I’m not sure if it was or not but for mine it displays the model next to ChatGPT yours just says ChatGPT

just being curious cause you might find some fun sandbox escapes

claude sonnet 3.5

anthropic mentioned aaaaaaaaa

it isnt

since like

i think july-september or something

something around that

embarrassing , it’s usually bigger

mines usually bigger aswell

i received $1500

but a friend of mine drained like

$500 in a day

🔥

Mistral Le chat

Seems like you're an expert

of course the frenchie recommends a french model

mistral is SHIT

i am

Why would I not

i taught him all of this (hydrate play with it)

because it sucks

https://livebench.ai

idk if mistrals even on the leaderboard

As far as I tested it, it is very much decent enough

It is

it is but its dookie shit

its lower than a year old model

(claude 3 opus 20240229)

-# its not even good

You are very much dumb

i mean 3 opus

mb

The benchmark was done on 2024-11-25

Yeah and

Mistral le chat released 2 weeks ago

mistral le chat points to mistral large 2411

also i doubt the frenchies can even make a good model

.

Nope as far as I’m aware

Fun fact all the good ai engineers are French

Proof

anthropic’s ceo is italian-american

openai’s ceo is american

and google’s ceo is indian

🔥

Just go to LinkedIn, pick any company, filter employees by French

👍

ok one sex

But sadly it doesn’t include all French cuz the filter is about the profile language

And not the actual language

Does anyone know a way to launch a macos app with task for pid allow entitlement ? Mine gets crashed on launch. When i remove the entitlement without changing any code it launchs fine

Resign it

I tried that, and xcode is signing to run locally in the first place

This is not an issue for cli tools either. Only happens when the target is app

What entitlement are you adding ?

task_for_pid-allow (And there are some debugger related ones as well )

It’s not this one

Add com.apple.security.get-task-allow

Add this to the target process

And you should be able to task_for_pid

I can't modify targets signature

Disable sip

👍

Its disabled aleeady but target is notes app, its guarded by ssv (that means i cant resign it right ?)

i did not gind any

Copy it

Has anyone in here had a successful app approval for the store

I made a lot of changes and it’s been in review now for 27hours idk if that’s a good sign or my shits just stuck in review

it's stuck in review

apfel is busy

especially with 16e release

lmao

What a waste, you could’ve bought a couple lego sets with that money

it was free

Every time I add something I break 50 other things 😭 at least this worked

This reminds me of the modded gamertags back in the day on 360

is there somthing special i need to do to overwrite a UIView's constraints like the top and leading anchors ?

Anyone know why games on iPhone promotion devices seem to stutter when you tap/let go

https://forums.macrumors.com/threads/why-isnt-apple-fixing-the-touch-input-stutter-on-iphone-14-pro-models.2370587/

long time issue, its because apple couldn't care less

Is there really no way to fix this with like hooks?

maybe there is, but it would be very hard to know.

i imagine its a OS level or hardware issue tho

if you disable promotion from accesibility it shoudln't happen

but you get 60hz so..

I would expect Instruments to have some type of profiling template that would help identify the source of latency

objsee seems fitting for this as well, to see whats called on taps, you can get relevant timestams looking for touchesBegan* methods (i think)

u mean chinese?

go to team page of any AI major player, literally half of them are chinese

@tepid olive mfw the build returns to review for some reason

Who tf juggling this build around bruh

kw

me

I asked them for clarification on what assets I had used from apples servers via scraping

Week of radio silence

Build suddenly returns to review

If it approves tomorrow I'm gonna laugh so hard

rip

i mean what did you think would happen

does it need to be a app tho

Whats changed?

like why would i use it over the website

why would i need to use a appledb app when the website works

like is there anything extra

oh

oop

my ass cannot read

its not that the app is not functional, you can add 1000 more if you could and there is a good chance it will still get rejected, because its something like those apple internal testing apps where the purpose is to mess with a component of the phone. no offense tho i like your app myself, its just appstore doesnt really allow stuff like these

this is getting dangerously close to schizoposting

just put the thing on your resume and move on

how the fuck do you make a resume

Is anyone planning on jailbreak development? Just wondering.

that question is way to vague

Agreed. I just can’t wait any longer 😭😭😭

wtf you on

Meth

lets not go into channels asking for a jailbreak

Srry

my question was deflected and or not even answered

No after that

Id rather just move on

Exactly why to move on

I misunderstood you and or you misunderstood me

bing ai ahhh response

I keep reading your name as this

beef paste

https://media.discordapp.net/stickers/1255346421566275595.png?size=160

that sounds awful

Yes cause you add it to like soup and stuff u dont just eat it normally

I think

Bovril

Oh

That makes sense actually

kind of like chicken stock and stuff

wait how did I end up in development

:/

Is thsi was bri*ish people eat

Is this like boulian?

is there a way to run an executable file on non-jailbroken ios?

i so far tried importing nstask header and bundle the zsh into app and run it but it says zsh doesn't exist

You can’t spawn arbitrary binary files without entitlements iirc

what entitlements do i have to add?

it's not like im gonna publish it to app store

You would need a CoreTrust bypass

oh damn

no way to do it without coretrust bypass?

you are not allowed to spawn executables without special entitlements

sandbox will stop you

somehow i can build with this

It won’t apply on iOS

but i think what i need is no-container right

That’s for macOS

right

You can’t use any special entitlements without a CoreTrust bypass

Unless by some miracle Apple grants you the entitlements

In a provisioning profile

yeah thought so

guess my dream of making terminal app is gone in 1 hour

Yeah you can thank Apple for that 😄

i was wondered why a shell was using wasm

guess i learned why

💀

why i dont see my tweak logs in console what am i doing wrong

What are you using to log and what are you using to view (i.e by console, do you mean the console app on mac).

Most probable reason is what you hook isn't getting called

Try a different method maybe

ok

I added the ability for users to upload an image used as overlay , also adding saving photos , and video saving the static Ui warning is hidden from photos and videos saved

apple probly gonna like that save video thing, ppl could like actully use i

I kinda wanna develop my own jailbreak (ik its rlly hard but i really want an iOS 18 jailbreak)

Good luck

#1090168975251492996 message

!t becomejbdev

oh night found it first

smh

Oh shit…

have fun

I gotchu

Would you happen to know if the security measures are active while the phone is being actively factory reset?

¯_(ツ)_/¯

no idea

my guess is probably yes

Alright

!t becometweaker

i Hate js

-# mighta been shit dev moment tho

love how it says they are both nums then add them like they were strings

What do people use to make app icons

Photoshop

google drawings

i use procreate, but ive seen people use adobe phototshop and even paint.net (good luck with that one)

yes

they are

they never go away

https://github.com/OALabs/swicons

Noooooo Françoise d’Aubigné

😔

smh imagine having a common enough name that you need that "d’Aubigné" at the end

It’s her last name

think about it

its literally

"of the Aubigné region"

thats not a real last name

Several things wrong here

Aubigné isn’t a region

Second the "d’" comes from aristocracy, only noble people had that

https://fr.wikipedia.org/wiki/Aubigné_(Ille-et-Vilaine) idk bro

perhaps it's plausable the region's name came from that

It’s a city

Second iirc, Françoise d’Aubigné comes from Niort, which isn’t in Brittany at all

Second of all, the "d’Aubigné" family comes from Anjou and not Ille et Vilaine

makes it sound like a fake last name

d' is "of" in french as far as i remember

why do they not just use "Aubigné"

#development message

"Elle est éteinte depuis la fin du XVIIIe siècle." lmao trolled

Yeah most likely because she was the last person of her family and she was the girlfriend of king Louis XIV

Thus she didn’t had children with him

these last names remind me of like bible times where for example Jesus was referred to as "Jesus son of Joseph"

family EXTINGUISHED !

Fr

night wind

why you hatin on AZERBAIJAN

because they ethnically cleansed Armenians in Artsakh (Nagorno-Karabakh)

what

they pulled a 1945?

Not a genocide, but ethnic cleansing

I’m r leaning ab that in world history rn

Anyone know if chatgpt deepsearch is good for research in niche coding topic’s like jailbreak related topic’s

no chatgpt cant make a jailbreak

Try it and send what it says here

anyone know where you'd check to see if you have a backup pass set without checking with a computer

Like in a File manager or something

Is that not stored in the backup itself?

nvm I just found a way I think

/var/mobile/Library/Preferences/com.apple.mobile.ldbackup.plist

Friends getting a new phone

Didnt know whether he had a pass or not on his backup

I have a password on my backup and that key is set to YES

Entropy

Of the backup file

Its a folder

Oh i totally didnt read ur question

.

With files in it.

the without checking with a computer part is highly important

^

My bad

Is it possible to make a tweak that injects into an app and spoofs GPS for that app specifically? I want it to be able to work on sideloading

I made something and have been testing it on a jailbroken phone, but it has an issue where it jumps to the devices real location when someone refreshes my location in their app, then jumps back to spoofed location after a second or so

Yes, it’s definitely possible to make a tweak that injects into a specific app and spoofs GPS

When the app requests a location update the system’s actual GPS data might be coming through before your tweak overrides it so i believe that which is why there’s that brief flash of your real location, i think...

is it possible to fix that to prevent it from happening? the normal periodic GPS updates dont leak real location only when someone requests it

Yeah it definitely does sounds fixable the fact that and the fact that it only happens when someone manually requests a location update tells me the app is likely making a direct call for a fresh GPS fix, bypassing the usual periodic updates

altough i am not entirely sure for this, but for what can i tell, yes it is fixable

yeah that makes sense, @lapis hazel how is ur gps stuff implemented

i was trying to hook CLLocation

are you aware there's an inbuilt feature into iOS to spoof location

what

spoof gps location?

Yeah

whar

CLSimulationManager

how

teach

oh

what entitlements do u need

i don't remember off the top of my head but just one

mmmm

ill ask chatgpt

it's not gonna know you idiot

stop using that shit

@property (assign,nonatomic) uint8_t locationDeliveryBehavior;
@property (assign,nonatomic) double locationDistance;
@property (assign,nonatomic) double locationInterval;
@property (assign,nonatomic) double locationSpeed;
@property (assign,nonatomic) uint8_t locationRepeatBehavior;
-(void)clearSimulatedLocations;
-(void)startLocationSimulation;
-(void)stopLocationSimulation;
-(void)appendSimulatedLocation:(id)arg1 ;
-(id)availableScenarios;
-(void)flush;
-(void)loadScenarioFromURL:(id)arg1 ;
-(void)setSimulatedWifiPower:(BOOL)arg1 ;
-(void)startWifiSimulation;
-(void)stopWifiSimulation;
-(void)setSimulatedCell:(id)arg1 ;
-(void)startCellSimulation;
-(void)stopCellSimulation;
@end```

a scenario is a simulated path and the format is the most cursed shit ever

you give it a plist file. that plist file has some basic info, and then a giant dictionary of location indexes whose values are base64 strings

those base64 strings

are entire xml plists

oh

i give up already

How do u know.

Because the only place you can find it is by opening up an xcode project from a github repo

yeah chatgpt can do that

Or from some discord channels probably

Ok so what's the entitlement it told you

it’s a private entitlement

i didnt give it much context

and what is it

com.apple.private.location.simulation

may be wrong idk

Wrong!!

Like i told you

Amazing

It just guessed

then what does it start with

com.apple

It's not gonna know still it's just going to predict the words that follow

thenw hat the hell is the entitlement

im running deep research on this 😭

go find it!

it is literally as easy as finding the github repo with the project and opening it in xcode to look at the entitlements

you're just lazy and don't want to use your brain

no im just on the bus omw home chilling on my phone

skill issue?

what

skill issue

man can't browse a git repo on his phone

i dont even know what git repo your talking about

well

it's related to location simulation

for ios

germanium?

i forgot the name

older :)

geranium

wtf

what predates that stupid thing?

that's all i will give you. you have a brain, reason it out

explore! learn! search for something!

k

I think I found it with one google dork research 😭

sob.

would that work in this scenario as a sideloaded app tweak

Does anyone know?

Would that work with a tweak that injects into an app, non jailbroken?

probably not, it would be a safer bet to swizzle corelocation APIs

Thats what I tried doing, not sure if I missed something but real location still got through whenever someone sent a refresh request to my device, then it would jump to real and back to spoofed

Idk which app this is but maybe check refresh related methods and what it calls internally

tried finding stuff like that but everything I found didnt fix it, i am fairly new to this so probably missing something though

If you inject substrate, it could

do you happen to know anything that uses CLSimulationManager? I looked around a bit and found headers etc but could find any actual projects using it, which I find surprising if it can do what I'm looking for, without being connected to any computer

no cause you need a private entitlement

you'd need a jailbreak

what is it

com.apple.dt.simulatelocation

or something similar

wrong!

idk why you guys are struggling with this it's really easy to find it if you think abt where to look

I have jailbreak but I'd also like to use this on my non jailbroken phone, I want a dylib that I can inject into an IPA, which is what I did but like I mentioned previously its buggy

this would not work on a non jail broken phone

because you need the private entitlement for it to work

and there's no way to get it without a jb

yeah so another method would be needed correct

Not like I care

mhm

your previous solution does seem to have worked except for that it's a bit slow

yeah im not sure whats causing it, is that something possible to fix? I made it using theos

also is that entitlement com.apple.locationd.simulation

for CLSimulationManager

Anyone here know what inside backboardd renders the dynamic island over springboard?

This crash happens in backboardd when you drag the island off the screen (the one rendered in springboard) using something like flex:

Thread 3 name:  com.apple.coreanimation.display.primary
Thread 3 Crashed:
0   IOMobileFramebuffer                      0x1b8258050 bw_set + 0
1   IOMobileFramebuffer                      0x1b8257eec IOMFBgainencoder_finish + 68
2   IOMobileFramebuffer                      0x1b8255b54 IOMFBGainEncoderFinishEncoding + 80
3   QuartzCore                               0x18e752e7c CA::WindowServer::IOMFBDisplay::finish_update(CA::Render::Update*, unsigned int) + 9636
4   QuartzCore                               0x18e996f4c CA::WindowServer::Server::render_for_time(double, CVTimeStamp const*, unsigned long long, CATimingReference const*, unsigned int) + 6140
5   QuartzCore                               0x18e738e14 CA::WindowServer::IOMFBServer::vsync_callback(__IOMobileFramebuffer*, unsigned long long, unsigned long long, unsigned long long, void*) + 668
6   QuartzCore                               0x18e73984c display_timer_callback(__CFMachPort*, void*, long, void*) + 372
7   CoreFoundation                           0x18d256e44 __CFMachPortPerform + 176
8   CoreFoundation                           0x18d274238 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 60
9   CoreFoundation                           0x18d275f28 __CFRunLoopDoSource1 + 520
10  CoreFoundation                           0x18d257748 __CFRunLoopRun + 2240
11  CoreFoundation                           0x18d25c4dc CFRunLoopRunSpecific + 612
12  CoreFoundation                           0x18d29ef84 CFRunLoopRun + 64
13  QuartzCore                               0x18e9a38d4 CA::WindowServer::IOMFBServer::thread_body(void*) + 484
14  QuartzCore                               0x18e9aeed4 thread_fun(void*) + 32
15  libsystem_pthread.dylib                  0x1ecb6c6b8 _pthread_start + 148
16  libsystem_pthread.dylib                  0x1ecb6bb88 thread_start + 8```

idk but the crash looks like it’s happening deep in the rendering pipeline where the Dynamic Island is being drawn and updated via CoreAnimation and IOMobileFramebuffer.

When I move the island using flex, the island isnt rendered via backboardd

im wondering what springboard tells backboardd

Is there a way to get flex over backboardd?

Dynamic Island itself isn’t rendered by BackBoardd maybe it’s being rendered by SpringBoard using CoreAnimation and QuartzCore.

If I move the root springboard scene, the island does not move with it

Not directly Flex works by hooking into SpringBoard

I can make some blind guesses

PosterKit
PosterBoard
PosterboardUIServices

PosterBoard?

Doesnt that just render the wallpaper though

i mean yeah that’s because the Dynamic Island isn’t actually part of the root SpringBoard scene it’s more likely its own separate window

you can inject the flex framework into any process, it doesn’t have to be springboard

backboardd doesn't have a UI though

anything can have a UI

the FLEX UI wont be visible

not by default anyway

backboardd draws an Apple logo and progress bar. ProgressUI seen during updates

(you just have to set the window up)

Doesnt flex make its own

Idk. It would need to be a root scene window. If it does that already it should be good

why don't you just check the source code

I'm trying to do that

and what do you mean

"source code"

it would be in a disassembler right

regardless im trying to look

????

lol

oh waitt

i know

literal source code???

i thought you were talking about

my fault

also my phone has begun malfunctioning now lol

that doesn’t look good

I think I broke ellekits tweakloader

yeah

new detection strat

lol thats very easy to do

I just wish I could enter safe mode with a hotkey instead of having to reboot

i wish something like substitute came back

nah

just pull ellekit

it’s open source

yeah ik

speaking of which

I was halfway done with rewriting libinjector with libxpc dict

I found a gist that shows an example of presenting a window from non-ui process, if anyone is curious https://gist.github.com/EthanArbuckle/a2bc0e45b5966d8e9d610b1a66bde9b1

I found a gist <insert most specific hack ever>

not impressive enough

do it in arm64 assembly

I did it in objc

https://gist.github.com/EthanArbuckle/bb275bcc0f2078ead149a0caa9996e50

im only seeing enabled on here btw

bc I enabled them all

real

it really messed up the device, when I rebooted it with all those enabled. The screen was updating at like 5fps

what device

an iPad

did you finish the featureflags app?

😵‍💫

not yet

If you set the artwork getstalt key to 13 pro resolution, this path is never taken

yet the island is rendered

im lost lol

I wonder if this could be something

flashbacks

If I get this working imma make a tweak that does the whole deal without changing mobilegetstalt

Ok so

CADeviceSupportsHWGainMap_block_invoke is changing __ZZ25CADeviceSupportsHWGainMapE17supports_gain_map to 1 (framework is QuartzCore)

On a device that supports it

Pretty sure

ive spent 5 hours on this and still cant get it to work bro

Relatable

i gave uo for now lmk if anyone else tries this

This is what I've found so far

What are you even trying to do

Hey

I have a question

Let’s say I’m developing a tweak using theos in logos

Can I import and use swift libraries?

https://developer.apple.com/documentation/swift/importing-swift-into-objective-c

Poster board is purely for the wallpaper I don’t think that would be causing the crash

Anyone know how I can convert my ssh pub auth key to ppk format on device?

How’d u do this ?

I think getting the IPSW then finding the .app and converting to an ipa idk I didn’t make it found it in Apple internal subreddit I’m pretty sure it’s been a while I can share if u want

Yea I just checked on my iPad just convert the .app to an ipa

$500 if anyone got a v-cam tweak

lil bro is trying to catifsh

What even is the purpose for that tweak

lil bro has a tweak but he needs better one that supports RTMP

to get this money

yall need to stop being buddy buddy and get some money

there is vcam4ios, learn objc and fix it

oh ok, let me just pull up the source code

fr

let bro get his bag

https://github.com/wordgege/iPhone-VCAM

most helpful tweak readme

i make so much money with this
-# /s

the last person was offering 10k

messed with the island so much i panicked 😭

POV: you are compiling chromium

dude theres so much handled by the island in backboardd

(lldb) memory write 0x1c86c2e88 0xd5 0x03 0x20 0x1f
(lldb) cont
Just by doing this the island aint move anymore

i've managed to do this so far

Anyone know how to deal with redacted symbols

in lldb

(lldb) disassemble --start-address 0x1c86c2e7c
QuartzCore`<redacted>:
0x1c86c2e7c <+9636>: mov    x20, x0
0x1c86c2e80 <+9640>: ldr    x0, [x23, #0x318]
0x1c86c2e84 <+9644>: mov    x1, x20
0x1c86c2e88 <+9648>: fnmadd s21, s30, s0, s0
0x1c86c2e8c <+9652>: ldr    w27, [sp, #0x34]
0x1c86c2e90 <+9656>: ldr    x19, [sp, #0x88]
0x1c86c2e94 <+9660>: cbz    x20, 0x1c86c2ea4          ; <+9676>
0x1c86c2e98 <+9664>: ldr    x0, [x23, #0x318]
(lldb)```
example

dyld_image_local_nlist_content_4Symbolication for functions, and imp address comparisons against premapped imp:selector for objc

don't you just need the matching ~/Library/Developer/Xcode/iOS DeviceSupport/ files and have dev mode enabled?

I'm running this on-device

lldb?

Yes

yeah... never done that before and I doubt it has support like macos xcode'd lldb

might be able to force device support files to load on device

what device and iOS btw

any idea why this is happening

(lldb) platform connect connect://localhost:6942
  Platform: remote-ios
    Triple: arm64e-apple-ios
OS Version: 16.4.1
  Hostname: (null)
 Connected: yes
  SDK Path: "/Users/nathan/Library/Developer/Xcode/iOS DeviceSupport/iPhone15,2 16.4.1 (20E252)"
 SDK Roots: [ 0] "/Users/nathan/Library/Developer/Xcode/iOS DeviceSupport/iPhone15,2 16.4.1 (20E252)"
 SDK Roots: [ 1] "/Users/nathan/Library/Developer/Xcode/iOS DeviceSupport/iPod7,1 12.5.7 (16H81)"
 SDK Roots: [ 2] "/Users/nathan/Library/Developer/Xcode/iOS DeviceSupport/iPad8,3 16.5.1 (20F75)"
(lldb) attach backboardd
error: attach failed: invalid host:port specification: '[localhost]'
(lldb)```

14 pro 16.4.1

im trying to figure out how to kill the island in backboardd

they embedded that shit so deep

error: attach failed: invalid host:port specification: '[localhost]'

ill give u a hint

not the issue

my brain auto filled platform to process

but iirc you still to need to use 127.0.0.1