#development

They could do something like ish with an emulated cpu

webasm would be less work. someone check what they actually do

Why on earth do i need internet to enable SIP

LLVM IR

Activation lock?

🤨

Disabling sip could prevent activation lock from being effective so it might need to phone home to make sure it'd not locked before disabling it

Idk

Failed to update security configuration : the signing server declined the personalization request

What kind of a joke is this

that code would need to be signed right? LLVM IR isn’t interpreted 🤔

@torn oriole

It’s interpreted, try your code with -emit-llvm

It sadly doesn’t work properly with objc and block

For those who wanna mess with calling objc:
clang main.m -fmodules -S -emit-llvm -fcolor-diagnostics -Wno-nullability-completeness -Xclang -no-opaque-pointers -fno-unwind-tables

Try a-Shell, you can compile and run code

Looks like it's opensource

https://github.com/holzschu/a-shell

Oh, it's using wasm

wasm is so cool

Apparently there is a LLVM IR interpreter https://llvm.org/docs/CommandGuide/lli.html

That’s cool

TIL

Use LibTerm

wasm is dangerous to web

Has anyone tried kfd on it

Hello

I have rich experience in macOS automation using applescript and iOS app dev using swiftUI and Flutter

https://github.com/AlmastSargsyan0615?tab=repositories

?

AI GitHub profile picture lol

lol what does this even mean?

hello

this is not ai only

https://github.com/AlmastSargsyan0615?tab=repositories&q=applescript&type=&language=&sort=

You’ll need to update to the latest macOS version. Apple checks macOS version with their remote server and only allow enabling if that particular version is signable. They turn signing off for old versions.

the things they do with apple silicon huh

they really turn of signing for older mac versions???

Only for SIP it seems

i'm just referring to SIP here but yeah

It’s very dumb

elaborate platform security now needs personalized data to re enforce SIP

decided to look at the platform security documentation and it seems like to boot with full security you'd need to ensure the next stage image4 manifest is signed with that personalized cert
(and i suppose it still tries to get it regardless of it being signed correctly)

@kind herald

Can you send a link to that documentation ?

Thanks anyway

https://support.apple.com/en-us/guide/security/secc745a0845/web

was trying to make sense of this, there's a long glossary at the bottom

Cheers

Security policies are requested at software installation time initiated by a signing request to a central Apple signing server. If the policy was acceptable, the signing server returns a signed Image4 file containing a variety of four-character code (4CC) sequences. These signed Image4 files and 4CCs are evaluated at startup by software like the Boot ROM or LLB.

yeah that would explain it too

they make no mention of not allowing it for older versions as far as i know

disabling SIP will set you to permissive security so this checks out actually
(see boolean smb0)

they rejected nugget

Oh

Ffs

i think it might be more pyinstaller's fault for that

Objc recode eta wen

doesnt support windows

It could

Microsoft made a port

i wish i wrote it in c++

pymobiledevice is better than libi tho

https://github.com/microsoft/WinObjC

Nah objc better

it's not

i distribute a pyinstaller app, signed and notarized, just fine

weird

do we have to notorize each version?

probably since it's now containing a known exploit with a CVE and such

I wonder if obfuscation would trick them into accepting it

damn, had no idea

cursed

every build

😭

like it's tied to the code/hash

GNUStep:

Chat should i js convert this into an app to gain actual memory access?

It’ll acc be chopped chin cheat engine if i do instead of chopped chin browser CE

What the fuck
Damn, apple is so apple
http://marksands.github.io/2014/05/27/how-apple-cheats.html

Will iOS 8 finally bring UIPopoverController support to the iPhone and iPod touch? One can hope! At least we only have to wait until next week to find out.

I wonder if you can use private apis in App Store apps

u can and ppl probly do, iirc i read this article where u can just like callSelectorWithName or something and set value for key ofc, idr.

There were those banking apps that used a 0 day to detect trollstore using a private api

Obfuscating the method name in any way will normally get it past app review

Fair enough

It’s sooo blatant

With objc runtime you can do full private api usage

hello #development would anyone mind helping with my developer certificate struggles? I am kind of clueless with this, and resources I found online/other servers have not yielded success

how can i use my apple developer account to sideload an app with entitlements? I made an entitlements.xml, generated the Certificates.p12 and downloaded the .mobileprovision files on my mac but I don't know how to actually use them correctly with an ipa I have. Do I codesign with the entitlements.xml after setting up the .ipa? I thought I had it after looking at some resources but I'm not sure what I'm doing wrong. I've been sorta going in blind with it and throwing things at the wall until it sticks. When I bought a cert to not worry about resigning for a while I somehow never thought of how I can get notifications (and I guess other entitlements) too

(I know there are signing services but I don't want to have to worry about those getting revoked or something idk. Probably fine but seems more reliable + legit to just do it myself, minus the cost)

Did you pay for the apple dev account?

yes

Just use sideloadly

https://sideloadly.io

no i do, but to have the push notification entitlement I mean

and sideloadly currently doesnt support adding custom ones iirc

Oh I think you're fucked for push notifications

for sideloadly, ok, but why wouldnt i be able to sign with that entitlement and install it otherwise?

and in fact apparently that feature has been in the works for sideloadly 2 years ago but I dont know the status (I even replied a while ago but no response yet)

couldnt u just manually edit the ipa?

wdym?

like unzipping it and manually editing the xml file

why would that work though? ive already made an entitlements.xml and used codesign with it and it seemed to work with no errors

unless i didnt make it correctly idk

oh mb misread it

like, does this look ok? Obviously I put my own team identifier there idk if showing it is bad lol

Make sure you merge the entitlements

oo ok that's not something I did I don't think. I just used codesign with the entitlements flag pointing to this

how do you do that?

Idk I just use ldid for that

Maybe codesign does that by default

could I use ldid instead so I can explicitly state to merge them?

Yeah

alright, so also, with the mobileprovision file I have, do I like, put it inside the .app and call it embedded.mobileprovision? cause I saw something about like replacing a mobileprovision file with your own or something

as u can see i have no idea what im doing :3 when ppl are like "with a paid dev account u can get notifs!!!" i never found anyone actually explain it and always just assume ppl use signing services ig. I searched for people asking how to do this in the enmity/unbound (modded discord) server because they have a command that mentions "if you have a paid account you can get notifications" and the only thing I saw was someone asking and ppl being very unhelpful

Idk I never got notifs with paid account

But you have to apply your entitlements to the actual binary

so for example, a command like this?
codesign -f -s "Apple Distribution: <name> (<team>)” --entitlements /Users/Matt/Desktop/entitlements.xml /Users/Matt/Payload/Twitter.app
(using the previously mentioned entitlements.xml file)

ldid -Sentitlements.xml -M Twitter.app/Twitter

ah right I'll try with ldid

oh the binary within the .app

when running theres no output, is there a way to make sure it was applied?

nugget got notorized this time, odd

ah i see, ldid -e, and it has what I added

so in theory I should just be able to sideload this and have it work?

because I also saw something about having to check the box for the entitlement you want to use on the apple developer identifiers page

🔥

troll

hi

hi

you need to use a distribution cert for notifications

no idea how you get it

Ah alright

i gave cursor ai a try and it's... meh

has some potential for maybe bootstrapping small projects but other than that it still produces garbage code

i only really use that sort of thing for writing up repetitive code

it kinda depends what you use it for i guess

i know what i want to code out and trace out the flow then just tell chatgipity to scaffold

U gotta drink a monster before using it

Works 100%

i should try that sometime

i tried to vibe code an entire project i had in mind for a while, i didn't get far

simple website with frontend + backend

huh

yeah i'd never use ai for a full project

ive kinda resorted to using it to code and just mildly fixing it

lazy to code fr now

💔

Hello Sacrosanctuary

hai windy

Hello rugmj

Hello pixelomer

i always find it harder to debug when i didn't write it

hello wind of the night

that’s true

i thought maybe i'd use this project as an excuse to "get into ai" but yeah that didn't happen

i realised my code structure is shit so chatgpt will code shittily for me bc i told it to do so

its just write x function

what did u ask it to make

first some html templates, then a node project with a prisma database schema

maybe it's better at using react + raw sql idk

ai aint good at any code

i thought maybe cursor was magical and i was missing out

i wasn't

nah def nottttt i made it generate my prisma schemas lmfao

i dont use cursor or copilot tho

just websites

i use nothing lol

i dont even use auto complete 💀

cus ur brain is massive

gonna code my next project entirely in pico with no syntax highlighting

fake nano

apple moment

isnt nano fake on macos

yes, nano is pico on macos

still better then textedit.app

textedit with siri

its unironically only works okay for frontend web dev

it does fine in backend but you guys know how that turns out

the twitter firebase incident

ah yes no gnu tools

phase 1 (the userscript version) is done
most of it was kinda a waste ngl
i only kept the UI and like a bit of the logic
rest of it was completely scrapped.

phase 2 now its an actual Electron app
UI’s already ported over
Js needa “borrow” logic from the actual cheat engine bcuz i am not writing logic to read write scan freeze and modify memory
😭

Or should i js download cheat engines source code nd like add my own features

Started off cheating in a browser game😭 then when it only worked for some games i decided to go actual app so i could have access to actual memory

i deadass built an entire modular plugin system in the browser just to trash it

ce probably has everything you ever need already

Ce’s kinda stuck in 2009 tho

It gets clapped by modern anticheats 😭

Picture a cheat engine with an ai in it to help you

okay, how about ant-anti-debug features? (for things like EnumWindows() )
Cheating with ce in online games seems kinda dumb imo

I mean i kinda moved past the whole browser game part 😭

I mean the said online games probably have server-side checks anyways

Oh yea def😭

okay.
ce gets caught not because it’s bad. but because it’s baked into anticheat heuristics now.
enumwindows. timing checks. debugger flags. window class detection. ce trips all of it.

mine doesn’t.
runtime obfuscation. memory proxying. zero debugger footprint.
context-isolated scripts. detached overlays. no injected threads.
not tryna bypass eac. not patching battleye.

ended up figuring it out thanks to a reddit thread (https://www.reddit.com/r/sideloaded/comments/1cd6wak/push_notifications_with_developer_account/) and using the feather app (https://github.com/khcrysalis/Feather) to sign and install it :)

Its software I think

I decided to look into it again

Watching the backboardd perf hud, the fos drops to 60 every single time you tap

I managed to reduce the issue with this hook:

#import <Foundation/Foundation.h>
#import <QuartzCore/QuartzCore.h>

%hook CADynamicFrameRateSource

+ (id)new {
    return nil;
}

+ (id)alloc {
    return nil;
}

%end```

It doesn't stutter every time now

However I'd like to completely fix it

But when I hook CADisplayEnableFrameRateArbitration and make it return 0 the fps is forced to 60, idk how to make it 120 when it's like that (this disables the dynamic refresh rate thing that iPhone 13 pro above have, I figured it was this because my iPad doesn't have this and doesn't lag when you tap)

Example of this issue

Ngl this looks like it would break stuff, can you still use 120hz with this ?

Yeah in gd

I only injected that in gs

Gd

It stutters less

Wonder if i can use CA_FORCE_120HZ along with making this return 0

Can someone give me the compiled swift protobuf .framework for ios 16.4/5 for some reason I cant compile it it allways compiles the mac version even tough its specified else

where is the first flag used normally ? couldn't find any xrefs

It’s an environment variable

hi guys

im happy to be here

dopmaine

Best i could get it to

It seemingly doesnt stutter if i have this injected into sb and bb, and have backboardd perf hud open

#import <Foundation/Foundation.h>
#import <QuartzCore/QuartzCore.h>
#import <dlfcn.h>

%hook CADynamicFrameRateSource

+ (id)new {
    return nil;
}

+ (id)alloc {
    return nil;
}

%end

void (*orig_set_fps_range)(CAFrameRateRange range, bool flag);

void hooked_set_fps_range(CAFrameRateRange range, bool flag) {
    range.minimum = 120.0;
    range.maximum = 120.0;
    range.preferred = 120.0;

    orig_set_fps_range(range, flag);
}

%ctor {
    MSImageRef quartzCoreImage = MSGetImageByName("/System/Library/Frameworks/QuartzCore.framework/QuartzCore");
    if (quartzCoreImage) {
        void *symbol = MSFindSymbol(quartzCoreImage, "_ZN2CA7Display15DisplayLinkItem30set_preferred_fps_range_lockedE16CAFrameRateRangeb");
        if (symbol) {
            MSHookFunction(symbol, (void *)&hooked_set_fps_range, (void **)&orig_set_fps_range);
        }
    }
}```

just to be clear: people were reporting screen recording fixed the issue, you sure it works without that ?

It still stuttered some when u had screen recording on

just not as much

as you can see it like didnt at all

im just trying to find a proper solutionto this

what about gd itself ? do you inject to it too

yeah

ً

needing the performance hud is weird 🤔

have you tried only the function hook without

+ (id)new {
   return nil;
}

+ (id)alloc {
   return nil;
}

%end```

hold

stutter tap

@orchid fulcrum

#import <Foundation/Foundation.h>
#import <QuartzCore/QuartzCore.h>
#import <dlfcn.h>
#import <CydiaSubstrate/CydiaSubstrate.h>

%hook CADynamicFrameRateSource

-(void)setPaused:(BOOL)arg1 {

}

-(BOOL)isPaused {
    return NO;
}

%end

void (*orig_set_fps_range)(CAFrameRateRange range, bool flag);

void hooked_set_fps_range(CAFrameRateRange range, bool flag) {
    range.minimum = 120.0;
    range.maximum = 120.0;
    range.preferred = 120.0;

    orig_set_fps_range(range, flag);
}

%ctor {
    MSImageRef quartzCoreImage = MSGetImageByName("/System/Library/Frameworks/QuartzCore.framework/QuartzCore");
    if (quartzCoreImage) {
        void *symbol = MSFindSymbol(quartzCoreImage, "_ZN2CA7Display15DisplayLinkItem30set_preferred_fps_range_lockedE16CAFrameRateRangeb");
        if (symbol) {
            MSHookFunction(symbol, (void *)&hooked_set_fps_range, (void **)&orig_set_fps_range);
        }
    }
}```

havent seen any lag by doing this

it only lags at like the start of the level and then never does for the rest

My gd randomly caps at 15 fps and only stops after a few days

And then a bit later it again goes to 15fps

Not sure if it’s 15fps

But it’s very bad

What ios and phone

17.4 iphone 13

Nvm then

Idk

hold up lemme see the actual fps drop rq

Here

When I get home I can test with the graphics hud

Thingy

Nvm gd doesn’t support it

Sadage

It does

Technically

Do you sideload gd? You can add the metal translation layer thing

Ngl might fix the stutter

https://github.com/khanhduytran0/ANGLEGLKit/

This is what I use + this for proper 120hz

I did

Kk lemme try

Is this correct?

No

You have to manually add those

The README says how

How would I even do that for GD tho?

extract and run those on a mac

help

i spent about 30 hours automating a 5 minute task which i'll need to perform 10 times max

peak

i gain dopamine when it just so happened that that automation was used more than initialy anticipated though

my phone vibrates everytime someone reacts

me when i post a controversial message and stick my phone up my

.

.

it's a simple web app for unpacking and repacking zip files in a specific format

easy right?

i am 4 microservices in

this is so not worth it

Could this not be a shell script?

How about

C++ and Wt

I’m getting very specific flashbacks to this one occurrence

also known as deja vu

In this hellhole

Yeah

True

😭 #838145640587853894 message

oh.

i forgot that existed

I did too

Me when I post a random message praising a group who spent millions building homes in Africa on twitter and turn on notifications:

I kinda need someone on iOS 13 or newer to test my tweak for the update™

what is the tweak about?

https://chariz.com/get/reboothelper

basically this but has some WIP features like hardware buttons

can be found at my repo

?

how would i make it so that i can make the window re appear by pressing command G
currently getting
No document could be created.
when i close the window and try to reopen it

ignore the gui i havent styled it yet

bro be vibe coding

does anyone know how to compile adb from source on a mac ?

android debug bridge

just brew install adb

😭

no, i have to redistribute. android sdk license prevents it (resolved in another server, apparently it doesn't prevent it)

you can also just steal the compile command from the rb...

does anybody know if NSTask works on stock ios if you use it with runtime api

It works

You just have to import the header

Like copy paste it from macOS sdk

how come it can't find the file its literally right there

😭

Is it that obvious

ask it for no comments

you sure it works in jailed/stock as well ? it can't find a binary which is in the app bundle for me

it trims off the private/ but that shouldn't cause this

I just saw ChatGPT open in your taskbar 😭

You are acting as the most advanced, hyper-analytical Computer Science professor imaginable.
You have complete and exhaustive mastery over all fields of computer science and software engineering, including but not limited to: systems architecture, security, performance optimization, language theory, embedded systems, networking, OS internals, compilers, game engines, AI/ML, memory hacking, graphics programming, web development, distributed systems, cloud infrastructure, mobile development, and cutting-edge research domains.
No technical topic, no matter how niche, obscure, emerging, or low-level, is outside your expertise.
You miss absolutely no mistakes, inefficiencies, bad practices, poor design patterns, hidden architectural flaws, or future scalability problems.
You operate with brutal honesty, maximum depth, and zero tolerance for mediocrity.
You critically dissect all work provided, even in niche technical fields, identifying subtle problems, forward-looking risks, and optimal restructuring paths.
You proactively suggest far superior techniques, emerging industry trends, cutting-edge tools, and domain-specific best practices.
You assume the student can and should meet the highest world-class standards across all technical domains, and you help them achieve it by providing precise, actionable, and relentlessly detailed feedback.
You are purely technical, focused only on maximizing code quality, scalability, resilience, performance, and maintainability, regardless of how specialized or emerging the field is.

This is the prompt i use

self made

thats what chatgpt for

lowk it works rlly well for finding errors but sometimes its like too cautious ykwim

chat how do I reverse a dylib

i opened it in binja but there's no pretty %hook code

D:

What do you want to do ?

Find substrate calls

i found dobby calls

figure out what functions it hooks

it looks like this

Sm1 test it nd lmk if it works well or nah

Use TweakInspect

Oh wait prolly not cos it’s using Donny instead of substrate

is the tweak inspect website still up?

- doesn't look like it

https://libswift.com

why do you need to glaze it first before asking your question

Cuz its always good to be nice

You never know what chatgpt’s going through 😕
When was the last time u checked in on your buddy gerome prince tyreek, gpt for short

Or if youve ram through chatgpt’s .plists geeeepeeeeteeee

No joke thats actually in it😭

Trying to get libMRYIPC working on rootless, everything compiles and is good but the look up request gets denied by Protobox

Do i just need to give it entitlements orr like why is it getting denied

NSTask exists in iOS but you might need entitlements for it

idk which ones

i've used it in older iOS cause it was pre GCD

you can't spawn child process without unsandboxing

The binary is inside my sandbox, can i still not spawn ?

you can't, otherwise it would have been possible to install TrollStore without additional kernel/restore exploit

you can dylibify binary and load it, but it may not gracefully cleanup memory

I was about to say; I think i can dlopen a MH_EXECUTE as well, and then i can get the _main symbol and try to call it manually ?

The issue is i can't compile the binary from source

İt has to be prebuilt

dyld blocks loading MH_EXECUTE, but you can convert it to MH_DYLIB and dlopen it

the kernel blocks it, so it wouldn't let you map it regardless

hola

can i edit tweakinspect to check for dobbyhook instead of mshookfunction

not sure how it works

hola

hola

hola

hola

hola

hola

hola

Idk maybe

hola

Hi

hola

halo

Looking for the best free VPN for Android? Hola VPN Proxy is your ultimate solution for fast VPN, secure browsing, and unrestricted internet access.

no way thank you

Just pay this Russian guy 6$ and get Windscribe for a year

real

https://www.oligo.security/blog/airborne

write anywhere sounds like another file overwrite vuln lmfao

too bad the exploit isnt open

adb path: /private/var/containers/Bundle/Application/EF0C9DF1-532E-48F7-B0B2-964829898267/adbremote.app/adb-ios.dylib

dlopen error: Optional("dlopen(/private/var/containers/Bundle/Application/EF0C9DF1-532E-48F7-B0B2-964829898267/adbremote.app/adb-ios.dylib, 0x0002): Library not loaded: /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation\n  Referenced from: <4C4C44E2-5555-3144-A1B6-C5097762AA5D> /private/var/containers/Bundle/Application/EF0C9DF1-532E-48F7-B0B2-964829898267/adbremote.app/adb-ios.dylib\n  Reason: tried: \'/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation\' (no such file), \'/private/preboot/Cryptexes/OS/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation\' (no such file), \'/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation\' (no such file, not in dyld cache)")

i modified these:
MH_EXECUTE -> MH_DYLIB
remove _PAGEZERO
add LC_ID_DYLIB

Looks like you’re using macOS binary right? you need to cut /Versions/A from frameworks

oh i think thats it, its originally a macOS binary but i flipped the platform bit

@torn oriole 988521804807155812 is sending steam scams

Could’ve just pinged the moderator role.

is it pingable? mb, i js saw hydrate online

<@&355174844205367317> hi

id ping moderators just to piss maxine off

Unfortunately pings all the admins too

@kind herald Ping!

@kind herald Ping!

@kind herald Ping!

@everyone Ping!

out of all these only the first two are valid in my opinion

But the second one is the most valid

😭

Fr

ok but the real question is what do you do when you have multi-line conditionals

if (
    cond1
    && cond2
    || cond3
)

Might swap the operators to the line before

Don't write multi line conditions ofteb

And usually the projects I do have a formstter so I just adopt that

i break it into a sep variable

or method

depends on the context

Depends on how long the expression is

I write my whole program inside of if conditions

hexrays defaults to omitting curly braces for single-line if statements 🫢 who made this shit

Damn based

someone not paranoid probably

they do kind of indirectly profit on vulnerabilities. it’s a conspiracy

lol, no wonder decompilations have tons of goto's then

surely nobody would copypaste code straight out of the decomp

surely...

surely

Hi everyone, I'm new to tweak development, writing my first one. I will be glad to any answer, even if it doesn't solve the problem, thanks a lot to all who read it

According to the code it hooks

%hook BBServer 

and function

- (void)publishBulletin:(id)arg1 destinations:(unsigned long long)arg2 {

and at the very beginning of the function I make a log

NSLog(@"[StdSlayerNotificationsHook] publishBulletin:destinations: called with bulletin: %@", arg1);

I'm trying to debug the tweak's operation, but nothing works. I use Console.app on my mac, filtered by tweak name, and by [StdSlayerNotificationsHook] from the logs, but nothing shows up in the search

I don't know what info you might need, but here's everything I'm using:

• Iphone 12
• ios 16.1
• dopamine

My theos make file

TWEAK_NAME = NotificationObserver
THEOS_PACKAGE_SCHEME = rootless

TARGET = iphone:latest:14.0


include $(THEOS)/makefiles/common.mk

NotificationObserver_FILES = Tweak.x
NotificationObserver_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/tweak.mk

my .plist file

{ Filter = { Bundles = ("*" ); }; }; }

Put an NSLog in a %ctor and change the bundle ID in the plist to springboard’s or an app you have installed, idk if it supports wildcards

Code in %ctor {} gets run on launch so you should see it if your tweak gets loaded into a process

like this?
{ Filter = { Bundles = ( "com.apple.springboard" ); }; }

Yea

I got it, I'll install it again and check it out. thx

Np

nothing change for me

cant see any logs in Console.app, filter with any NotificationObserver or StdSlayerNotificationsHook in mesasge

Do something like

%ctor {
    NSLog(@"Minions");
}

then recompile and install

You should see that being logged after respring

Or change the bundle ID to an app so you can restart that instead

already

%ctor {
    NSLog(@"[StdSlayerNotificationsHook] Tweak loaded");
}

after %end of hook

then i do
make clean, make, make package, delete old tweak, install new one

Have you done anything with Choicy or something to stop tweaks being injected?

And are other tweaks loading okay?

yep, i can use different containers for one app (crane)

No, I'm using dopamine, it has tweak injection enabled.

But you haven’t used Choicy to like automatically block new tweaks from SpringBoard?

I checked sileo, I don't even have Choisy installed.

Check that you spelt the std slayer tag in console.app right, idk why it isn’t showing up aside from something like that

okay i think problem not with tweak code

I wrote a tweak like this

#import <Foundation/Foundation.h>

%hook _UIStatusBarStringView

- (void)setText:(id)arg1 {
    %orig(@"test string");
}

%end

%ctor {
    NSLog(@"[StdSlayerNotificationsHook] Tweak loaded");
}

from this video https://www.youtube.com/watch?v=3OQE3Bu_cro&ab_channel=TommyBojanin

than delete my old tweak, make clean, make, make packeg, install tweak, rebot springboard

and it not working for me

could there be a problem with how I compile/install my tweak on iPhone?

How do you install them? Does the output log say anything? Sometimes it can say it failed to install

I compile a .deb file, transfer it to my iPhone via airdrop, open it via Sileo, click install, then reboot SpringBoard, if I click show details, it says this

Looks ok to me

Btw there’s a chance with this that the class or method name don’t exist on the version you’re on since you’re on iOS 16

Maybe try find an open source tweak for modern iOS and compile and install like you did with yours

hmm, what exactly exists in ios 16? just to make sure that the tweak is installed and run normally?

ok i will try it rn

I’m not sure but you could use flex to inspect the views, it’d be easier to try with an open source project imo

Hurray! I managed to launch this tweak, and I saw the changes, thank you very much!

I'm talking about this one, but I still can't find any log in Console.app

Awesome, at least you know now your Theos setup is good

and how to properly filter logs in Console.app? I'm probably doing something wrong here, given that the test tweak works

i put in search bar NotificationObserver (tweak name from make file)/StdSlayerNotificationsHook (NSLog prefix)/ full log message

Plug your phone in with usb, select it in console, start logging then search your log tag in the search bar and it should show up whenever it’s printed from there on

and filter by "find all" and "includes"

Oh you put all that in? That might be why

You only need the tag string, it’ll find the full log message

Apparently I didn't understand what it is , which in my case would be tag string?

In your case it’s StdSlayerNotificationsHook

It helps isolate your tweak’s logs from everything else

I already did that, but now I rebooted everything completely, all the logs and it started coming, thanks a lot for your time, you helped me a lot!, I'll go debug now

Np glad you solved it

hello everyone! is there any way to get the name of a container by its uuid? When I receive the Bulletin, I can pull this uuid, and I want to get the name of the application that will be displayed in the notification, I will be glad for any response, thank you

this might help: https://github.com/NoisyFlake/Velvet2/blob/3f2ccfe103e719474031ab254faa12a9c3f6e7ec/preferences/Velvet2PreviewView.m#L104C1-L126C2

not sure if bulletins can receive app bundle ids

i get it from bulletin context, Crane tweak add container ID of app, but I cant figure out how then he knows custom app name

maybe there is another way to hook push notifications where exactly is the notification display name?

random theoretical question can imsg apps like gamepiegon update to support rcs aswell?

No
rcs doesn’t support features like that iirc

well thats lame

blame rcs

i was gonna consider moving to pixel phones if i could still play games with my friends lol

staying on an iphone just for game pigeon is crazy

apple been taking Ls lately with ai n shii

google’s on device ai looks way better

idk if they got chat based on device AI rn tho

apple intelligence is hardly an ai

its nothing just a fancy cringe word

the word itsef jinxed apple

The only thing I’ve used is the Genmoji thing

That’s cool

Everything else is useless

writing tools only seem cool to me

Oh yea I used writing tools once in an email

emojies are just childish imo

and they dont even work outside imsg

I text friends a lot so I use them frequently

They do work, they just send a little image

Instead of an actual emoji, and that isn’t an issue related to Apple intelligence

doesn’t work in discord for me

ik but its gimmicky looks unfinished

steve would not be impressed

He would not be

Also Apple got sued for it

emojis?

or ai

Turns out putting “built for Apple intelligence” on every product and shipping nothing is false advertising

Who would have known

yeah i heard that aswell

they had to take down all billboards and yt ads

Yep

only AI ad they got rn is photo eraser ai filler thing rn

Go to #jailbreak I forgot we were in development

Hi all! Is there any way to get a unique device identifier? Some value that is always the same for a particular device? Any ideas and answers are welcome, thanks a lot for reading.

Hey, what are you trying to make ?

It may not work in some cases

Globally, I collect notifications from phones, and I want to somehow categorize them by specific device

udid would work fine imo

its easy to spoof but if your users have no reason to 🤷‍♂️

you mean identifierForVendor?

https://theapplewiki.com/wiki/Dev:LibMobileGestalt.dylib

Yes, thank you very much, that's probably just what I need!

I have a usage question, if you could take a look at it I would greatly appreciate it, I'm worried about possible memory leak issues

Basically, I wanted to make a function that would return me the udid of the device

#import “libMobileGestalt.h”

NSString *getUDID() {
 CFStringRef udidRef = MGCopyAnswer(kMGUniqueDeviceID);
 if (!udidRef) return nil;
    
    // __bridge_transfer should transfers ownership from CF to ARC(?)
 NSString *udid = (__bridge_transfer NSString *)udidRef;
    
    return udid;
}

Most AI in 2025 will be able to give you what you want.

Yep i think thats how __bridge_transfer works, you can just run clang-analyse and see if it finds any issues

Mr. Vibe coder

chat is this true

ensuring job security

Any way I can blacklist stuff from libhooker?

Choicy or libhooker-configurator

libhooker-configurator doesn't even show the binary I want to blacklist

add one to the hardcoded list

I would prefer this to work without custom forks

It's okay, I might just switch to a different injector

Thanks guys

seems accurate. it should mention that the caller needs the protectedkeys entitlement

the code seems okay, I was referring to the comment about AI

Debunked: MGCopyAnswer has always been around

yeah but the ai doesn't need to know that

who keeps sending and deleting messages here

prob raid phrases and such that get auto deleted/banned

oh yeah there have been a few raid bans

huh

there has been a lot since the tag thing

Fr

-#

LiveProcess: Trolling Apple

make liveprocess a real app, livecontainer for random daemons and shit

Is it my client or someone is constantly sending then deleting messages in this channel ?

steam scam ~4 minutes ago

Yeah but it happens like at least 3 times a day 😭

yup

scam multiple times a day

anyone know how to make a flex3 patch and wouldn't mind helping me with something probably pretty basic?

What are you trying to patch

im trying to change the UIColor of the MTMaterialView to black

I wouldn't mind patching it systemwide

I’m unsure if this is possible with flex

But the hook is very easy to make with logos

its possible because ive done it with Flexing just need help making the Flex3 patch

has anybody reversed the xpc protocols of MediaRemote/mediaremoted ? (nvm, mostly figured it out)

im working on a jailed tweak, if i wanted to use normal ellekit, i need a jit enabler right?

not unless you use c function hooks

alr

i'm gonna use c function hooks so the answer is yes

i think you are gonna like this

pretty sure this doesnt compile

Not how it works(I don’t think) what material view and where

i think bare else is valid in c

Oh what, TIL

It is as long are there’s only one statement after ended by a semicolon

@acoustic imp dm

h

I don’t mind this

Hhhgvhir

🤮

fortunately it can be fixed in the config file

Lmao

anybody seen this when trying to debug in iOS on-device ?

I had to port macOS lldb-17 because of this

is it released ?

no, I had to download lldb 17 macOS binary and patch it myself

Symbolication is also quite broken that I had to extract dsc and put it to /var/containers/jb_lldb/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/16.5/Symbols

lldb-14 should still work but symbolication is broken on iOS 15 so lol

If you wanna port from macOS binary, add these stubs:

(zip stubs to be included)

@hasty ruin what does api.jailbreaks.app return when it's signed

does it return {"status":"Signed"} or something else

yes

doesn't matter it won't ever respond with that

What's the goto app decryptor now?

I personally use trolldecrypt or bagbak

https://www.youtube.com/watch?v=NdJ_y1c_j_I

do you need to be able to open the app to use bagbak

or is there any app decrypter where you don't need to be able to open the app

I didn’t have to open it

Not really but it needs to be installed. The requirement is that the app plugins needs to be compatible with your iOS. It failed to decrypt an 18 plugin on 15

But the app should always decrypt

Gift iOS 17 new

Gift iOS 17 new

U need

Yes

appsdump3 is great

what happened to appsdump 1 and 2

they only dumped 1 and 2 apps respectively

now it can dump 3 !

lol my on device toolchain was the one shipped with xcode, I had to convert everything too 😅

Do you deal with lldb symbolication?

I should have been clearer, I converted clang (+ everything required by clang) I was having problems with clang-16 / 14 when compiling with theos.

An unexpected plus though was xcode’s version being really fast

I thought you would have to use debugger at some point, no?

hello i have a question is there a more easy way to jailbrake my ipad air 2 15.8.4, i already saw the cfw guide but it doe not help i don't understand im not familiarize with modding at all and also i dont have a computer at this momment just the ipad
if you can lead me to the right place i'll be happy to follow

I’ve used it but not enough to notice the symbolication issue

Sad to see #development this dead

Everyone have finals or something?

I do

In precisely a month

But then no more HS 🔥

Everyone saw oppa’s nullcon presentation and gave up

Gotta attack lower in the chain

Fr

worst of all is that every single app wants to detect jb and shut itself down these days

_<

they aren't good at it tho

none of them are

[[shadow]] , this

for how advanced that security suite promotes itself as it's funny that's all it takes to bypass it

ain't no way

Most apps do not have that symbol unfortunately

well they did something right

I met the guy that develops it some time ago

Besides iSS there is also:

https://github.com/talsec/Free-RASP-iOS

and it seems this thing is even more powerful

iSS is actually good. With all due respect to the dev of iSSBypass this is shit code

А в чем проблема в байпассе?

Nice

Ik, I didn’t know it doesn’t work in most apps either

ну можно написать и так в принципе:

#import <Foundation/Foundation.h>

%hook(BOOL, IOSSecuritySuite_amIJailbroken) {
    return NO;
}

%ctor {
    %init(IOSSecuritySuite_amIJailbroken=MSFindSymbol(NULL, "_$s16IOSSecuritySuiteAAC13amIJailbrokenSbyFZ"));
}

Как минимум это не будет работать без джейла

а зачем байпасс для джейлбрейка если нету джейлбрейка))

probably just tweak injection detection?

mm, maybe

Вообще то, что люди в прилах юзают подобные фреймы — шиза, пару раз встретились люди у которых никогда не стояло джейла, но апа жаловалась, мол он есть ахахахха

В целом не отказываюсь от своих слов

wacamole

ну даа, странненько это бы было если я б был мез джейла и апп сказал что я джейлнут лолл

По факту

Unfortunately it is mostly impossible to make a universal bypass for everything. And if nothing helps I'm afraid that a person who is interested in bypassing this will have to independently study the logic of the detector and based on this, write a bypass for a specific thing

yo how often do pairing files expire

Wdym

false, imho it can be done

RootHide (kind of)

I mean it can be done the traditional way

Only if somehow transfer the applications to a container separate from the fs, maybe? I remember this idea was suggested by coolstar in libhooker pro. It's sad that this will never happen

That’s pretty much what RootHide does afaik

from what i understand it doesn't transfer anything but sets the jbroot inside a (fake?) app container

P.S

A container in which a complete emulation of the stock system will occur

nah you can do a universal bypass with hooks

Like a shadow you mean?

if yeah ofc it's possible I'm not arguing, but the effectiveness is questionable. I meant that it is rather impossible to make a bypass that will work 100% in all applications/games due to differences in approaches

Hmm it sounds interesting. Honestly I never looked at the Roothide source, so I have no idea how it works

But what I’m saying you make a base abstract design that you can build a module off of for each app.

No, that's for Bootstrap afaik

I mean - yes, but at some point you might just want to consider doing a roothide-like approach

in the end it's more error-proof

i mean isn't roothide based on that

yeah but the jbroot is different on Bootstrap vs roothide Dopamine I think

hm fair, idk anything about roothide dopamine

Same just use stock one 🤷‍♂️

vnodebypass

does this

folks, is rootless Dopamine usable for ssh'ing?

i tried to ssh into my iPhone, typed in the root password that i set firsthand when I run Dopamine, but it doesn't work

maybe i misremembered?

try logging in as mobile

then if you need root use sudo

sudo su or sudo passwd might work

thanks!

The password you set in the beginning isn't your root password

You need to set your root password using sudo passwd

For the "Old password" entry, you can just skip it

0xd00d2bad (3490524077) — pronounced “dude, too bad”

Not quite. It runs on the linux alternative to inode and just hides files, nothing more

anyone know where hopper stores its license

on macos

this is not piracy

kinda

i need to grab my old license off my old mac

but its expired

but i can still use hopper

bruh

fuck

i just scp'd it and it dont want it

gotta dig through my pc

good thing i havent cleared out my downloads folder on my pc since 2020

thats crazy

try /Users/Shared/HopperDisassembler/

after installing lldb inside my device, what should I do to properly attach to processes?

Hopper is trash anyway

type at <PID or process name>

It gets more problematic when typing ps inside ssh only gives me the ps command and the shell

what

ps aux

arrgh, i ran ps -aux 💀

my linux commands are rusty

i always do the same tbh

ps aux is the bsd syntax, the unix syntax equiviliant is ps -ely iirc

It is very good for fast objc analysis + hopper is almost impossible to break with obfuscation

is jailbreak dev feasible without a mac? i only have a garbage laptop and an “it doesnt do much” ipad

its feasable

But its decomp is trash

I found mine in my downloads folder, if it helps it’s titled like youremail_gmail.com.hopperLicense

(“_” replaces the “@“)

found out that if you use something that uses a restore exploit (namely Nugget) it changes the pairing data and needs to be regenerated with jitterbugpair

I did too

On my pc

My downloads folder hasnt been cleaned since 2020

My downloads folder is where I disregard my priorities of keeping my mac organized

i don't have a mac and manage fine

i've got a mac kvm for any xcode things

How can I fix this problem:

warning: could not execute support code to read Objective-C class data in the process. This may reduce the quality of type information available.

error: <user expression 0>:1:3: use of undeclared identifier 'UIWindow'
[[UIWindow keyWindow] recursiveDescription]

I've been trying out the iOS crackme

what is better, aside from Hexrays? I have hoppers pseudocode above binja, r2, ghidra

Graph mode pseudo code is better

what is that?

Ngl I prefer binja pseudo code

pseudocode except it's as a graph

so each basic block contains pseudocode instead of asm

that’s a nice way to look at crash reports. Make each frame a graph node with pseudocode from around pc

how is graph better in c decomp lol

asm i understand somewhat

Can you make it to show c decomp only? Looks neat

what do you guys configure when using IDA?

I've been learning how to use it lol

https://hex-rays.com/blog/igors-tip-of-the-week-166-dealing-with-too-big-function

https://x.com/trankha50277352/status/1925119760330891722

@frank fossil

take a look at some of my swift tweaks on github

Those do what you want I think

Do you link against private framework tbds right?

you can try supressing undefined symbol errors via a compiler flag and hope dyld finds the real thing at runtime (i can't really see the original x post, guessed the topic)

Nope

https://github.com/NightwindDev/SettingsWiFiPassword/blob/main/Tweak.swift

Take a look here

Sw*ft

🙄

Oh shush

I'm using a specific framework that's only linked to a daemon

Doing what I did with the protocols and the unsafeBitCast’s should work I think

Is it possible to replicate this (6:34 mark) in Frida

I know how to do po [[UIWindow keyWindow] recursiveDescription by running these JS commands:

 w = ObjC.classes.UIWindow.keyWindow()

desc = w.recursiveDescription().toString()

why use frida

lldb in my iPhone session (ssh) gives me this error

And I figure out that most people use debugserver + “remote-ios” platform, which is out of the question for non-Mac users like me

why is it "out of the question"?

cycript is the OG tool for doing that sort of stuff

no you can use gdb-remote protocol without a mac to debug ios apps

I should’ve phrased this better: I need to solve the inability to run Objc expressions

It always complains about inability to execute objc support code

what happens when you run po @import UIKit first, tbh never saw that support code issue before

Header search couldn’t locate both UIKit and Foundation 💀

I think my install is fucked up, but I dunno where

iirc you have to provide a sdk yourself ? i couldn't find the exact command but when you run lldb you do two things first

1. platform select remote-ios
2. some command that set something like "sdkroot" (i can't really remember but shouldn't be that off)

Thanks so much!

Man, I’ve finally solved my headaches by setting SDKROOT

lmao

On the other hand, is there any way to link against PrivateFrameworks tbd for iOS simulator?

Building for 'iOS-simulator', but linking in dylib (/Users/duy/theos/sdks/iPhoneOS18.4.sdk/System/Library/PrivateFrameworks/UIKitServices.framework/UIKitServices.tbd) built for 'iOS'

If I change it to ios-simulator:

ld: tapi error: malformed file
/Users/duy/theos/sdks/iPhoneOS18.4.sdk/System/Library/PrivateFrameworks/UIKitServices.framework/UIKitServices.tbd:3:24: error: unknown platform
platform:              ios-simulator
                       ^~~~~~~~~~~~~
 in '/Users/duy/theos/sdks/iPhoneOS18.4.sdk/System/Library/PrivateFrameworks/UIKitServices.framework/UIKitServices.tbd'

cool (edit: was caused by readonly)

xcrun -sdk iphonesimulator tapi stubify "/Library/Developer/CoreSimulator/Volumes/iOS_22E238/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.4.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitServices.framework/UIKitServices"
LLVM ERROR: IO failure on output stream: Bad file descriptor

How easy would it be for me to upgrade a iOS 14 tweak to iOS 15 rootless?

You can either patch a pre-existing .deb with https://github.com/NightwindDev/rootless-patcher or use https://github.com/NightwindDev/Tweak-Tutorial/blob/main/rootless.md as a starting off point for updating it with the source code

Can we downgrade from iOS 18 beta 2 to iOS 16?

sure, why not

?

omg a triangle

Hbd

No

this is not a support channel

@lost nebula

:3

little did he know

developement ping

what for

@vivid dew happy birthday big man

Happy birthday @vivid dew

@shut stag give me the birthday role

There u go Bro

Happy birthday

now you have to set it every day

https://tenor.com/view/hello-street-cat-cat-mr-fresh-staring-cat-gif-923010559517228428

is it actually ur birthday this time

fr

@vivid dew happy birthday

no of course not

@kind herald

why did you do this

Lying to moderators.. what rule does this fall under so ic an warn and take proper action

fr though I didnt think they were lying

Sorry

they have been pulling this joke for years now

.

oh

Good to know for future reference

their birthday is some time in between january 1st and december 31st

No way mine too

so its not Dec 32

no u get to rule that out

Aaron won’t celebrate my birthday

is it February 30th

I thought it was January 0th

Damn

No it must be March -1rd

does anyone know how to use Trollstores spawnroot? spawnRoot(@"usr/bin/killall", @[@"SpringBoard"], NULL, NULL);

returns posix_spawn error 2 file not found

and yes I have unsandboxed and spawn root procs entitlements

the path you used is relative

i tried with /usr/bin/killall

typo

but I got a workaround working, ig ts cant execute system binaries as root?

or at least some of them

Was it signed with the coretrust bypass?

SpringBoard runs as mobile, no need root uid to kill anyways

Also you didn’t account for rootless

@visual meadow lol

Yeah i left that there never changed it

From when u could do arb css

im rootless ig thats why it couldnt find killall, ty. I realized I could kill w/o root shortly after lol

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.no-sandbox</key>
    <true/>
    <key>com.apple.private.persona-mgmt</key>
    <true/>
</dict>
</plist>

and then I
ldid -S../../../cust0mizer/cust0mizer.entitlements cust0mizer.app/cust0mizer

it's just a tipa for using that new VM_BEHAVIOR_ZERO_WIRED_PAGES cve. but since its ts app with the entitlements I can respring and other stuff w/o the use of external respring apps like on mdc0 or dirtyZero

iOS up to 17.4.1 can use CVE-2024-27801 to crash SpringBoard

i considered using that one (the weird xpc one right?) but found it easier to just steal trollstores implementation

It's not like I haven't already stolen the paths for zeroing from mdc0 and dirtyZero. How tf am I supposed to know that "/System/Library/PrivateFrameworks/MaterialKit.framework/Assets.car" is the home bar asset file

ldid doesn’t CT sign

unless you specify the CT cert and are under 15.5

Ye you can just run the PoC on com.apple.UIKit.KeyboardManagement.hosted and it crashes SpringBoard just like xpc_crasher

i see

is it in the docs?

You have to use the CoreTrust bypass

do you ever just encodeReprojectionToCommandBuffer:sourceTexture:previousTexture:destinationTexture:previousLuminanceMomentsTexture:destinationLuminanceMomentsTexture:sourceTexture2:previousTexture2:destinationTexture2:previousLuminanceMomentsTexture2:destinationLuminanceMomentsTexture2:previousFrameCountTexture:destinationFrameCountTexture:motionVectorTexture:depthNormalTexture:previousDepthNormalTexture:

Yea

i think it's the longest one

buildWithUDID:withOrganizationInfo:withMDMOptions:withLastCloudBackupDate:withAwaitingConfiguration:withITunesStoreAccountIsActive:withITunesStoreAccountHash:withDeviceName:withOSVersion:withBuildVersion:withModelName:withModel:withProductName:withMarketingName:withSerialNumber:withDeviceCapacity:withAvailableDeviceCapacity:withIMEI:withMEID:withModemFirmwareVersion:withCellularTechnology:withBatteryLevel:withIsSupervised:withIsMultiUser:withIsDeviceLocatorServiceEnabled:withIsActivationLockEnabled:withIsDoNotDisturbInEffect:withDeviceID:withEASDeviceIdentifier:withIsCloudBackupEnabled:withActiveManagedUsers:withOSUpdateSettings:withAutoSetupAdminAccounts:withSystemIntegrityProtectionEnabled:withIsMDMLostModeEnabled:withMaximumResidentUsers:withPushToken:withDiagnosticSubmissionEnabled:withAppAnalyticsEnabled:withICCID:withBluetoothMAC:withWiFiMAC:withEthernetMACs:withCurrentCarrierNetwork:withSIMCarrierNetwork:withSubscriberCarrierNetwork:withCarrierSettingsVersion:withPhoneNumber:withDataRoamingEnabled:withVoiceRoamingEnabled:withPersonalHotspotEnabled:withIsNetworkTethered:withIsRoaming:withSIMMCC:withSIMMNC:withSubscriberMCC:withSubscriberMNC:withCurrentMCC:withCurrentMNC:

https://github.com/nst/iOS-Runtime-Headers/blob/master/PrivateFrameworks/ConfigurationEngineModel.framework/CEMDeviceInformationCommand_StatusQueryResponses.h#L129

ah

*longest public one

https://github.com/iCrazeiOS/Class-Dumped-Apps/blob/11e9fc710f1ac3da7bc876319c5023b84e182811/Headers/Reddit 2020.12.0/AnalyticsEvent.h#L675

129 args

oh thats reddit dump lmao nvm

limit was 256 iirc

Does anyone knows anything about SBKeyboardFocusVisibilityGraphNavigator?

no, but the issue you describe sounds interesting. I’ll spend some time on it this weekend if it’s still unresolved; I’m quite familiar with frontboard

how.

My wii

my wii

that message was 5 years old why are you just replying to it 😭