#development

i dont get a 404 but sileo gets stuck at -1

and i noticed there's no Installed-Size in your Packages file

are you using dpkg-scanpackages?

whats that

how are you generating the packages file?

I made it manually

I compared it with rugmj's and maxine's package file though it was basically identical

i have this in an update.sh script so whenever i put a new .deb in my debs folder i can run update and it will automatically generate Packages and Packages.bz2

rm Packages Packages.bz2
dpkg-scanpackages -m ./debs > Packages
bzip2 -fks Packages

i'll try this, thanks

and now trying it I also don't get a 404 but get expected size 5834, got 5880 instead so I probably just put the wrong size?

bzip2 -c9 Packages > Packages.bz2
gzip -c9 Packages > Packages.gz
xz -c9 Packages > Packages.xz
zstd -c9 Packages > Packages.zst
lzma -k Packages
lz4 -q Packages```

🧌

I did this but I still get the error above

expected size 5834, got 5880 instead

should I just change the size to 5834? the arm build of it is 5834, while arm64 is 5880

please take all nonsense off topic to #general

shit

bad channel

sorry

doubt it will do anything, but
https://github.com/bradleytechman/jbrepo/blob/main/Release#L6
remove iphoneos-arm64e

@rocky oriole works on my phone

let me try again

could just be sileo caching and old deployment of the github page

yeah

still not working on my phone

i'll charge my SE to see if it works on there

go into sileo > profile (top right) > Cache Size > reset cache

Cleared but now it says 6 KB of -1 byte

it said this earlier but I dismissed it because it would change into the expected size 5834, got 5880 instead when I retried

uh

it just worked on my SE 😭

ok it worked on my main device with zebra

Use dm.pl

INSTALL_TARGET_PROCESSES = SpringBoard


include $(THEOS)/makefiles/common.mk

ARCHS = arm64 arm64e
THEOS_PACKAGE_SCHEME = rootless

TWEAK_NAME = widecameraauto

widecameraauto_FILES = Tweak.x
widecameraauto_CFLAGS = -fobjc-arc

include $(THEOS_MAKE_PATH)/tweak.mk

%hook AVCaptureDevice

+ (AVCaptureDevice *)defaultDeviceWithDeviceType:(AVCaptureDeviceType)deviceType
                                       mediaType:(AVMediaType)mediaType
                                        position:(AVCaptureDevicePosition)position {
    // Only modify behavior for the back camera and video media type
    if ([mediaType isEqualToString:AVMediaTypeVideo] && position == AVCaptureDevicePositionBack) {
        // Always return the wide angle camera for the back
        return %orig(AVCaptureDeviceTypeBuiltInWideAngleCamera, mediaType, position);
    }
    // For front camera or other cases, use original method
    return %orig;
}

%end

This in Tweak.x

Name: widecameraauto
Version: 0.0.1
Architecture: iphoneos-arm64
Description: Automatically use wide camera!
Maintainer: berget
Author: berget
Section: Tweaks
Depends: ellekit

This is what I have, I had problems getting it to compile as rootless but not it finally did when I used "make do THEOS_PACKAGE_SCHEME=rootless"

In makefile it is set too but its still compiling as rootful without the make do command.

Although the tweak itself doesn't work, I want all apps to use the wide lens back camera instead of the original one since I dropped my phone and it stopped working, the front camera still works so that one I jsut want to passthrough normally.

still havent gotten dev access

wtf

how would i initialize this object?

the data providing class doesnt have an init function

ios 17 just has a regular init without a data providing param

It would still have a regular init because it inherits from NSObject

it says i cant

'*** +[CRSUIWallpaperPreferences<0x27c437d08> init]: cannot init a class object.'

I just paid apple again and it still did jackshit

im charging back

this is bs

well yeah because CRSUIWallpaperDataProviding is a protocol not a class

you need to find a class that impls that

(or I guess you could try and implement it yourself idk)

bs

provider class

in any case I don't think that's supposed to be init directly

i found the provider class

and that has no init?

'*** +[CRSUISystemWallpaperProvider<0x27c437c18> init]: cannot init a class object.'

nopw

ios 17 was so easy why did they add a data provider for ios 18

hopefully it doesnt require entitlements

huh wait did you even alloc before init

Just contact support

I already have

And what did they say

nothing

lmao

Threaten legal action if you have the proof of purchase

I’m sure that’ll speed them up

i do have proof of purchase but how the fuck am i supposed to threaten legal action

i can't afford a lawyer

Keyword: threaten

Just say you’ll escalate the situation further and take legal action as you have proof of purchase and haven’t received your developer license

You don’t have to do any of that

I'd also like to avoid pissing them off if possible as my chosen field of work is software engineering but idk I'll wait another day and if nothing happens then yeah I'll have to do something

do we need to when doing perform(Selection)?

bc i didnt allocate for any of the other stuff

I mean unless you can directly pass the class object as a data provider (in which case you don't need to init)

yes

that wouldnt happen right?

wait im stupid

i didnt alloc before because i was calling a shared object that was already allocated

skul

how do i allocate

gen alpha doesn't know how to allocate objc objects D:

in swift?

why did that send

i do in objc idk how to in swift

i guess it's CRSUISystemWallpaperProvider.alloc().init() or something

im using selectors

perform alloc on the class object

then perform init on the return value

yeah so just convert this to the equivalent in selectors

oh im really stupid

obj().init basically

yes

i am overthinking all of this

nope still doesnt work

exact same error?

it wont compile

what

Cannot call value of non-function type 'NSObject' for obj() and Static member 'alloc' cannot be used on instance of type 'NSObject' for obj.alloc()

what why do you already have an instantiated NSObject

wtf is obj

i dont

obj is the objc_getClass

this is what im trying to do

i guess objc doesn't work the same way as java then and needs to be casted to the correct class instead of remaining as an NSObject?

Maybe use objc_alloc()

do i need to import something for that?

just declare it in the bridging header

for what?

i dont have any objc code

I mean objc_alloc() is not available in public headers

Just add id objc_alloc(Class cls);

try casting to AnyClass

class objects aren't NSObject

how do i initialize AnyClass?

why would you initialize it

just cast to it

i am confused

ok it no longer crashes but still doesnt set the carplay wallpaper on ios 18

would it be worth it to decompile the carplay settings application?

lmao swiftui has z fighting

thats crazy

actually its liquid glass

lmao

can i use my karva sign cert files in xcode if yes how??

I mean possibly but idk why you would

so i dont have to accept the certificate every 4-6 day cuz ion have paid account

and then app stop works

i spent an hour trying to figure out why my networking code wasn't working

turns out waydroid wasn't connected to the internet

Literally me
Add more checks

the debugger in android studio is completely broken and logcat isn't showing my logs

• the operation isn't too important so it just fails silently if something's wrong

i spent 30 minutes putting throw Error("1") at random places

Wassup my favorite French 🐝

favorite
french

Anyone know how to install an IPA file in Trollstore with terminal?

Dw you are lower than the French

uhh appinst + ct_bypass?

Someone should make that 🔥

from what i know, swift ui is made using metal and metal is a 3d graphics library

fr

from what i know, swift ui is made to cause mental illness

nilness?

swift is a c wrapper

fr

wait

guys

can you not change your developer name

am i gonna have to dox myself to publish an app

😭

yeah

yikes

@kind herald

you have to use your legal name regardless

ig

technically im under my dads name with a stub acc since im underage and apple told me to do that

@magic hazel alternatively some people open a shell company to hide their identity

yeah ik

its fine

i want my employers to find the apps i make anyways

go by a pseudoname until you sell out to a major coorporation then rebrand everything

or right before for resume purposes

i think the "go by a pseudoname" part is illegal in the eu?

or at least both apple and google require your full legal name

Clearly they don’t know the audacity of internet beings

https://x.com/WinRAR_RARLAB/status/1937780489341006025

after this update winrar will finally get its 10th customer

It’s a crime to be using winrar

fr

im trying to make an ellekit tweak to inject into tccd and allow tccd to fully function on macos without sip. for some reason it just isn't injecting into tccd no matter what i do, i've checked with lldb with no luck. i know it works because liji got it to work with his own injector im just not sure why it isnt working with ellekit. any help would be greatly appreciated

it’s probably on the injector’s blacklist

is there anything i can do about this and where is this blacklist

just checked the ellekit source and it seems as though tccd is not in any blacklist

Why

It does its job lmao

use ZIP or zstd+something like a sane person

ill eat apple and google

issue fixed

Your amfi is disabled right ? Afaik tcc not working is a result of that rather then disabled SIP but not sure. Anyway somebody did exactly what you want in hack different and what they patched was changing the platform binary bit for non-platform applications. Because when amfi is disabled everything is set to "platform binary" and that breaks the tcc prompts

edit: turns out thats what you were doing as well lmao

steve jobs

<@&355174844205367317>

^ alfie

i agree alfie is a cat

i'm starting to like kotlin

kotlin is just java but with cringe syntax

was it even neccessary? or some dude was bored one day

did you ever find any good solution for this

should i switch my c project’s build system to use a shell script

my makefile sucks

embrace cmake

Nope, something something window levels

But i don't remember it working fine at all

Please help me to fix these issues

https://www.apple.com/certificateauthority/ ?

idk what ur issue is

why are you concerned about having old certificates installed

I would like to updates and get rid of this

i would not trust any certificate authority from baltimore

Thanks. I will delete it from my Mac

yea, cmake

theres literally no reason to care

in fact, you should leave them

I have tried to remove or delete those two root certificates, but there is no option to delete them. When I downloaded the Apple root certificate, I received the following error message (see attached screenshot). Please advise. Thank you in advance — I truly appreciate your help.

thats because its part of the system partition

it is actively blocking you from it because its a terrible idea

and I truly think you're either clueless or a troll, you've given no good reason for even wanting to do this

why do you want to delete them in the first place

Schizophrenia

its saying certificate is expired so just wanted to do the update.

just wanted to do the update. its saying expired.

if its does not interfere with Xcode then I don't mind to leave as is

That’s not how it works

The trust store is maintained by Apple for you

you shouldn’t ever interfere with that

Thank you for your advise and I have seen it in the past my own certificate was expired and that gives me Revoke Certificate button so i quickly check and verify my keys and delete it and import it again and get its works fine.

What is the preferred environment for Orion

xcode or vs

If you have Xcode it probably works nice due to better integration but you can make do with any text editor

i spent an hour taking app screenshots only to realize the aspect ratio was wrong

<@&355174844205367317>

?

there was a steam scam

Well there isn't anymore

i can't believe vim took away my $50 steam gift card

i hate vim

Why does Xcode taking 72 hours for the approval? How do I expedite this?

?

think they're referring to app store or testflight approval times?

Looking for someone who knows about Apple App attest and can help me bypassing attest bans. Going to compensate for his help. Let me know

if there are more then 10 devices on it it's a default waiting time of 72 hours minimum. It's just the way apple works, nothing you can do about it unless you remove the other devices until the counter gets to 10 or less

is This Kevin Bradley?

what?

Sorry, no worries bro

I have a question: How can I change the location to save my provisioning profiles to the Library/MobileDevice/Provisioning Profiles directory? Currently, I have to manually copy all my provisioning profile files from Users/Library/Developer/Xcode/UserData/Provisioning Profiles.

IOS App Signer app default directory is Libraray/MobileDevice/Provisioning Profile

I mean you can resize the image in photoshop of illustrator

maybe just make an alias to the folder (ln -s originalpath targetpath)

I am sorry, where do i go to make this changes?

terminal

<@&355174844205367317> posted across multiple channels and looks kinda sus

it even was his own one 😭

What was it

the token

I assumed some crypto wallet address or something

nah

his discord login token

???

yeah no idea why he sent it 😭

definitely don't send xmr to this address!!! 88X12557uftPayCcqWztAY7t8uGtuBMUVN6qeXjk2QJthYA81rc21rehCzwG8wKeQ1NhtWBVaWcL4GtKM4F2HjY8TaGVvWK

yeah send it to mine instead

I do not own any crypto

what happens if i do ?

Can i'm get it back ??

yeah you'll get it back 10x'ed trust

@kind herald scam

please ban

or arrest

or k

oh yeah

let me in to that

the scammed to scammer pipeline

no someone sent a porn discord link

damn gorn over money i see

hey id join

whatever you send to that address you get double back

(this is a joke for ppl who are stupid)

Thx i just sent 200 dollars to test first

What do you have to do to get developer role out of curiosity

make a tweak

or a jb ig

idrk lol

I’m not a tweak dev but I’ve got a moderately sized game that I’m publishing to the App Store

i'm guessing it's for jailbreak related stuff

Interesting

I had assumed it was just iOS development in general

🤷‍♂️

the role doesn't do much

Nah i just like the orange

I don’t like purple

we only have special perms in this channel and #showcase

🫠

fair enough lol

well if anyone knows what the requirements are lmk

in the meantime

anyone decent at swift and avaliable to have a brief lookover of like 300-400 lines of code

i wanna know if ive done anything glaringly poor in my model

contact modmail, there's not really any specific requirements

if you're devving enough you get dev role

atleast that's how I understand

whats modmail?

ic

@hollow scaffold

do i have to provide my codebase or smthing

yeah usually will be asked for proof

k

its private rn but i can share for review purposes

jailbreak tweaks or jailbreaks

ic

develop something for the jailbreak community

submit it to modmail

we got it for making a tvOS file manager

Icic well that’s useful info

what does xpc stand for im pretty curious

i got it unwillingly

:3

cross process communication i'd assume

interprocess communication

and the reason it's not called IPC is because it used to be called "X-IPC" or interprocess comms for OS X

the -I got dropped

since XPC is simpler

drop the I, it’s cleaner

xpc is a type of ipc, but not the only type. that’s why it’s not called ipc

it’s all mach ports

😭 😭 😭

always has been

Hi does anyone know how to hook the camera? I dropped my phone and my back camera & flashlight isn't working, although the wide lens is. Some apps are automatically fallbacking to the wide lens, but most apps like even the ios camera app it isn't possible to select the wide lens.

I was hoping I could somehow force the wide lens to be used at all times whenever something is trying to access the back camera.

The message I am responding to was a small attempt but I have no idea what I am doing, I successfully compiled and installed it but it didn't do anything at all.

Its IOS 16.2 iPhone 12.

I can do coding relatively well I have just never worked with modifying IOS device, so if anyone could point me to relevant hooks that are worth attempting to alter that would be helpful itself.

At the moment apps seem to acknowledge that the back camera isn't working so if it defaults to back camera and I switch to front, them attempt to go back to the back camera it doesn't even attempt to use the back camera, so my small theory may be that even though my tweak might change to the wide lens camera it doesn't even attempt because it knows the back camera is broken. (So possibly the tweak would work if the camera wasn't broken)

xqc

hi everyone, do you know the method to retrieve kernel ASLR in code on devices jailbroken using palera1n? I can find kASLR value in the jb log file, but from the code dont know how to retrieve it directly. For unc0ver jailbreak, kASLR can be queried from task_dyld_info->all_image_info_size but for palera1n it's always 0

https://github.com/Cryptiiiic/x8A4/blob/main/Kernel/slide.c#L53-167 yeah it’s appended to ramdisk so /dev/rmd0

thanks @faint timber, will have a look

I now understand why it is so easy to make inefficient electron apps

so when are you releasing your first ffmpeg wrapper

is there any working classdump tool for iphone? hopefully directly on the device or from linux

Bad video and bad implementations is all I do

for regular binaries I would use classdump-c to dump classes, but when dumping classes from system frameworks from the dyld_shared_cache I use ipsw

oh wait ig classdump-c wouldn't work on linux tho cuz you have to compile it with xcode

you could try classdump-dyld but idk if it still works

https://github.com/arandomdev/DyldExtractor this one is better for dyld extraction because you actually see the symbol names from imported frameworks instead of just having MEMORY[0x....]

which behaviour does ipsw have

cause thats just been my default for a long time

doesn't ipsw literally just use xcode's

I think so for some stuff

split Extracts all the dylibs using Xcode's dsc_extractor

yeah

it literally just rips that chunk from the dsc and doesnt look at any of the external symbols it links with

therefore for example objc_msgSend($_OBJC_CLASS_UIView, "new") would just say MEMORY[0x] iirc

ah fair

tbf i rely on ida for that stuff

I see, fair enough

how do I symbolicate / reverse a swiftui framework

cus this shit is all like mangled

what exactly

/System/Applications/iPhone\ Mirroring.app/Contents/Frameworks/ScreenContinuityUI.framework/Versions/A/ScreenContinuityUI

i think in general i have no idea wtf im doing

just wanted to figure out how to make my own pairer / mirror app on other OSes

well first try using ipsw swift-dump

oh what the hell

lmfao

yeah idk good luck lmao

if you mean the symbols there are swift symbol demanglers but otherwise REing swift is just generally pain

it really does not enjoy being transliterated into C

apple actually isnt too bad at reviewing apps

surprisingly

anyone try to use this for a test harness or something like that? https://sep.lol unfortunately the tethered downgrades are not compatible with checkra1n/palera1n

You can use checkra1n/palera1n with turdus merula by doing early exit in turdusra1n and from there manually uploading the kpf/ramdisk

However you would also need to manually upload sep_racer if you do that

sounds above my paygrade, but glad to know its possible

Alternatively use an app-based jailbreak

It's possible

I've done it

The checkra1n one

You'd have to remove auto boot from its kpf tho

"developer" ?

they're giving developer to anyone these days

how are you not qualified for dev

because he stinks

i dont do jailbreak related dev at all

Sorry

I do not stink

this is slander

stinking is basically credit for this server thats why you have mod

wtf

I take showers every night.

And i use deodorant.

Do you want my deodorant serial number

My deodorant serial number looks like a fuckin phone number what the hell

Idk if i'm looking at the right thing

Call it

It was your moms number

Ez

you need that if you want to submit an RMA

Yeah a fuckin rma for my deodorant

Yeah thats probably the upc

Batch number is probably way smaller

Wouldnt that be on the barcode

Yeah but youre also stupid sometimes so maybe you were reading the barcode

I wasnt

Rule 1 buddy

I am not stupid

you mgiht need one

not you specifically

it just could be defective

its a thing that can happen with mass manufacturing

Is this a threat

What did you do to my deodorant

i didnt do anything

the factory might have not done something

Wtf boba back in rjb

Who’s next? Krum? lul

Fr

<@&355174844205367317>

Handled thx

my fucking discord closed while trying to ban them

https://tenor.com/view/scaryegg-egg-bigfootjinx-pure-gif-24608427

I was waiting for someone else to do it

Loser

keep your safety in check

What you devving these days

my website

gonna make a keyboard related section probably

idk what im gonna do

Nice

https://medium.com/sadarwa/my-unconventional-use-of-github-the-making-of-a-totally-offline-but-collaboratory-app-f6e941f1c162

this dude thinks github magically pushes and pulls their files without the internet

am i reading this right

Yes you read it right, it is totally offline and collaboratory as well!

looks like they're just using git to store data

and syncing when they have internet access

@reef trail @gentle grove hear me out: git over bluetooth
Slow? Yes
Offline? Technically, yes
Ass? Absolutely

what's the point of this article exactly

mediumslop

Does anyone know the best place to hook SpringBoard if I want to show an alert on the Home Screen after the user unlocks their device?

Hook the beta alert thing I guess

could also look at what the safemode alert does

Oh yeah thanks guys!

ElleKit seems to just hook UIApplicationDelegate.applicationDidFinishLaunching

As do Substitute and Substrate

alfiealert

alfies version of beta alert

:/

No I need to hook SpringBoard in Apex to tell the user not to use Substrate

Well with the untether only

Lmao

can't you just ship a package that conflicts with substrate

I mean I can but this is for people using checkra1n strap who then install Apex

and it only applies to the untether anyway, so they can always boot and then enable tweaks if they really want to, otherwise they can just install a different injection library

gitub

where do you see that text

its one of the images

The compiler is unable to type-check this expression in reasonable time; try breaking up the expression into distinct sub-expressions

guy needs to visit syncthing.net

🤨

<@&355174844205367317>

: /

Mf

Thx

I was typing

I was about to ban.

You always steal

ok … and ….

I thought i was supposed to do all the work like a Good Moderator.

Man I cant Belive the mods are stealing all the free money from us

<@&355174844205367317> waddup

Wrong channel my bad

I think simject has an example of exactly that https://github.com/akemin-dayo/simject/blob/master/simjectExampleTweak/simjectExampleTweak.x

Awesome thank you!

Is it possible to use Frida to intercept a network request and reverse engineer the request headers or identify the hashing algorithm used inside of an app?

yes

how how can i do that? using FLEX i can only see the request but not how for example headers are formed

use breakpoints or sumn idk

how would that help?

you can see it being formed by stepping through

ofc you'd also need to know how to RE

what do you mean by RE?

reverse engineer

so basically being able to atleast read the C pseudocode that comes out of your favorite decompiler

why not use mitmproxy instead? Easier and faster to setup imo

I’m already intercepting the network traffic. What I need is to know the algorithm/method that is used to decode a responses body. for example:

b989b279eb2de1d156b0e7fb01cc45fb83651a3368ade4ef98b2fe950411085ab9bcc6d79fb1bba81c561f6d7a4dbe113fb0761c23f1a387dbefd43f59ea16c09ac261d79061ebfd68c828ec92c7f7efb90f6d0446f371cfee4d1873da5188e0d5c4e1d66c41b198fae831d82dd64d41d6433b9e0f087651531bc14b90afc545c626ddceb8775d4184c0446fe31de392594efd7a9ee98c2f8cc03a9f2b7679eab1a04a234b86f73b33b7da1eb5641ebfaa6b3090abb09b40ee7e025edad38fed

->
http://download.gaana.com.edgesuite.net/….

and I though I may be able to do that using Frida or similar tools, that’s why I’m asking in here

What’s the app?

a Indian service for streaming music

one app i reverse engineered was base64 encoding and reversing its data before saving it to disk to obfuscate it

i wish everything else was that simple

makes more sense to use something like lldb or maybe even flex to see where it's being decoded by the app

that way you can just use that rather than the raw data

or if you have to use it detached from the app it gives you a place to look at static analysis to recreate it

base64 encryption™

as unknown as any

👍

I’m very sure that this method is not b64. The first part of the decoded string always is the same and than is followed by a different part each time requested.

i wasn't referring to your app

ok, but what would you recommend me to do now? any tutorials or similar stuff online?

i don't have anything to recommend, sorry

https://x.com/imagesaicouldnt/status/1942539166069448928?t=fjlBuP4HgQxoC-G0tamRSg&s=19

Wild

This is why C++ sucks

literally futurerestore @hollow oar

i was wondering about this, have you considered Fil-C

This is false; Stallman can’t draw that good

Won’t fix bad code structure

that is true but atleast itll fix the random double frees

Meh maybe just need to run valgrind

But honestly turdus can replace it at this point

isnt turdus just for blackbird devices

That’s not what I’m talking about

It’s more or less modded idr

It almost does everything Fr did

huh, did not look at it very close but nice to know

mineekware W

<@&355174844205367317>

kill them

with signal 9

sigkill

Lol I feel like no one other than the devs and me looked at it

<@&355174844205367317>

gir ocr eta wen?

Bruh

Deleted yours

Rude

I’d like to see you try

Does anyone know how to create an app that launches a URL scheme without appearing in the App Switcher?

I've already built one that opens a Filza URL scheme, but it shows up in the switcher. I also don't want to use the Shortcuts method since it's much slower to execute and it doesn't support transparent icons.

Shortcuts but change the icon via snowboard

Snowboard does support transparent icons

Not for Shortcuts

Oh ur right wtf

Shortcuts are webclips

which don't support transparency at all

how on earth am i supposed to fix this

how does this even happen

(line in question)

@wooden yarrow what about [[user valueForKey:@"id"] longValue]?

wait that's not a thing? huh

there's longLongValue and intValue though

isnt long an int in armv7

¯_(ツ)_/¯

i think it is

actually that is indeed interesting, why on earth was the code written this way instead of that

time to remove all usage of NSNumberFormatter

guards

<@&355174844205367317>

oh

oh

i banned them like 10 seconds ago

shit ping ig

<@&355174844205367317>

@modulators

@modifiers

@modrinth

<@&355174844205367317> good morning

?

What’s the issue

gm

Gm gm bro

hyd

Exhausted, probably going to head to sleep. Hru

damn fair lol

not too bad

just got up really

Same here, but now I can’t sleep so oh well

@visual meadow any reason why this isn't feasible for sshrd on newer ramdisks and linux https://github.com/linux-apfs/linux-apfs-rw

might be a silly question

I wonder if it can corrupt dmgs

write support. This may corrupt your container

God knows

I guess that needs to be tested

@torn oriole

@lofty juniper

Who will be first

Hydrate wins

I am RIGHT here

Fr

Anyone know where I can get an image that shows the exact shape of the iPhone 13 Pro Max screen, including the rounded corners and notch, that I can overlay onto another image to see how it would look on the actual device?

figma?

I'll look into that thanks

Is there a way to debug tweaks from ida? Do i simply attach to SpringBoard?

I’d just use lldb

but then have the disassembly open as reference

also if you keep it stopped for too long watchdog will kill it

so once it reaches the breakpoint I’d do whatever I need to do quickly, then do “process continue” so that watchdog doesn’t kill it, and then you can set a breakpoint again somewhere else

it’s kinda hacky tho I wonder if there’s a better way lol

if you sigstop watchdogd that causes a kernel panic eventually so idk how to get around that

...kill the watchdog
https://github.com/zhuowei/iOS-run-macOS-executables-tools/blob/main/who_let_the_dogs_out/who_let_the_dogs_out.c

• launchctl unload

oh interesting lol

I should’ve used that the whole time lmao

Lollll it's still filtered

hmm

I'm still a LEAD DEV for THOR jailbreak

Hello i looked up your jailbreak and a porn site showed up

YES

?

We should put thor in jail instead and kill his game

And the jailbreak with the same name too

Learn to make better UI before you steal please

The UI is the BEST

And THOR JAILBREAK is ORIGINAL

https://media.discordapp.net/attachments/1159265300915687534/1167908285375062158/what_kind_of_trauma.gif

Any proofs?)

nice method meta initWithIsCanonical:isGroup:isMessageRequest:isSpamRequest:isSelfThread:users:leftUsers:pendingUserIds:socialContext:isMuted:isMentionsMuted:isVideoCallMuted:readReceiptsControlStatus:typingIndicatorControlStatus:lockStatus:videoCallInfo:isFlagged:isMarkedAsUnread:isArchived:msysBasedCutoverState_DEPRECATED:inviter:lastSeenMessageIdsForUserIds:groupMetadata:inputMode:folderType:shhModeMetadata:disappearingModeMetadata:disappearingModeLocalMetadata:isCloseFriendThread:isVerifiedThread:isCreatorThread:isBusinessThread:hasFilteredMessages:isMessageRequestsLimitReached:filteredDictionaryId:violationReview:messageRequestType:themeMetadata:contextLines:responsivenessCategory:icebreakers:persistentIcebreakerSet:welcomeMessage:persistentMenu:senderReachabilityStatus:recipientReachabilityStatus:bizThreadThrottlingState:hasRestrictedUser:hasGroupsXacIneligibleUser:isXacThread:labels:isFanClubSubscriberThread:isTranslationEnabled:threadLanguages:translationBannerImpressionCount:fanClubSubscriberGroupThreadContext:bizSmartSuggestion:accountWarning:threadSubtype:rawThreadSubtype:snippetDict:broadcastChatContext:isOtherParticipantEligibleForIGAppointmentBooking:isAnyParticipant3pAPI:shouldUpsellNudge:capabilities_0:capabilities_1:adContextData:professionalMetadata:ctdOutcomeUpsellSetting:blendedThreadCapabilities:eventMetadata:threadTitle:latestExternalActivityTimestamp:takedownData:groupMemberAddMode:willXacBeReadOnly:isXacReadOnly:isPinned:pinnedTimestamp:isCreatorAgentEnabledForThread:isCreatorAIRepliesEnabledForParticipants:hasCreatorAIMessage:pbiaPageId:cutoverMetadata:groupThreadJid:incomingFollowRequestFromRecipient:customerDetails:recurringPromptType:isStale:

90 params 😭

(discord upped the pin limit to 250 today)

thought we should have an incredible 51st pin

BASED

Finally

ikr

https://x.com/advaithj1/status/1945210417661534557?s=46

Ngl, I saw a method with 250 param

this has been in the works for a long time
Surely it was just one constant in the codebase

I think icraze or fiore shared it here

yeah

fr

408 arguments

And an extra 1600 bytes

per channel

https://github.com/MTACS/iOS-17-Runtime-Headers/blob/d1d960dfaa4107765dd7fcf891e4967c0930d5fd/PrivateFrameworks/PowerUI.framework/deoc_model.h#L19

poggers

objc devs will do anything but get a therapy

so

this is actually auto generated function name

by coreml

but still

its crazy

no amount of therapy can make me forget translatesAutoresizingMaskIntoConstraints

what would make this list funnier

is it possible to compile c++17 for templeos

Probably
Is there a c compiler

i'm... not sure? i think templeos uses HolyC

3ds

i'm too poor to afford a used 3ds in 2025

Womp womp

or a ps vita

hm

Used psv costs like an ultracheap ximi phone

no cap

i'll consider it

shijima on psv? What’s next? psp/ps[1…5]?

it's on all major platforms now, anything i add from this point onward will only make it funnier

macos 9 shijima

classic macos

Actually fuck it, uefi

fym ms-dos 😭

uefi sounds more doable than ms-dos

Hooking into windows.exe

technically, it runs on top of dos

atleast you have translatesAutoresizingMaskIntoConstraints, iOS 5 requires you to set the constraints yourself

yes

this is how i used uikit for a few weeks on ios 11 before i learned about autolayout 💀

@surreal dirge

@surreal dirge

mfw i have to say false in every single view i make

wtf why

manual constraints

what do u do such that you require manual constraints for each of them

manual constraints are typically more performant and easier to apply accessibility rules too

for example working with different font sizes is a lot more reliable with manual constraints

it allows for easier and more performant previewing

hm

additionally it makes your app perform a LOT more reliable with screen sizes that resize

such as iPad when people add a second app to view

and when views can dynmically be resized base on content

wait till you know autoresizingMask

Does anyone know how to play dylib and api? I have some doubts and I wanted to take it out

Huh?

Elaborate

Does anyone know what apple changed in ios 17 to break some things? I'm trying to boot ios 17 userspace on ios 16.5.1, but launchd fails to spawn some things:
2025-07-18 16:04:46.818216 (user/501/com.apple.telephonyutilities.callservicesd) <Error>: Deferred spawn of service failed: 22: Invalid argument

what apple changed in ios 17 to break some things

I mean

Stuff is starting

I'm able to view console and ssh in with usb

This is on a a12x ipad pro

is it possible to swizzle a C function that AppKit calls from another framework at runtime? I tried using fishhook to rebind_symbol and rebind_image_symbol but that only hooks when I call the C function, but not when AppKit calls it. DYLD_INSERT_LIBRARIES is also not viable for a production app.

I managed to boot to 16.6.1 on 16.5.1

[  364.248149]: AMFI: Launch Constraint Violation (enforcing), error info: c[1]p[1]m[1]e[1], (Constraint not matched) launching proc[vc: 1 pid: 977]: /usr/sbin/fairplayd.A2, launch type 1, failure proc [vc: 1 pid: 977]: /usr/sbin/fairplayd.A2```

[ 361.662052]: AMFI: Launch Constraint Violation (enforcing), error info: c[1]p[1]m[1]e[1], (Constraint not matched) launching proc[vc: 1 pid: 974]: /usr/libexec/adid, launch type 1, failure proc [vc: 1 pid: 974]: /usr/libexec/adid```
anyone know how to fix this, however?

17.7 userland on 16.5 kernel: (IOSurface) IOSurface.framework versus IOSurface.kext version mismatch

Can’t swizzle c functions

Can hook tho

What happens if you take the framework from the the ramdisk for example

It it has it

how do you do that? without SIP disabled.

You don’t

Any frida expert here? How i can tap on Home ui element through frida at this.

Flex says this on element UI

<UILynxView: 0x118c0cc50; frame = (0 0; 299 40); layer = <CALayer: 0x60000b2280a0>>

want to tap on this

TikTok shop drugs 🔥

@vivid dew happy birthday big man

why not? why can't fishhook and dyld_interpose work?

if it's in your own process I think it should work

when i use fishhook to rebind_image_symbol it doesn't seem to work when AppKit calls it (but rebind_symbol works when I call it)

is that expected?

How do you call rebind_symbols_image ?

You must be messing something up

 "date" : "2025-07-19 14:52:57.13 -0400",
  "panicString" : "panic(cpu 5 caller 0xfffffff0266c14a4): vnode_rele_ext: vp 0xffffffe027310000 usecount -ve : -1.  v_tag = 0, v_type = 8, v_flag = 84801. @vfs_subr.c:2679```
Anyone get this panic before?

Basically AppKit makes several C calls that involve a stub, e.g. U _CGSRegisterConnectionNotifyProc, I thought that rebinding the stub in the AppKit image would work but it doesn't.

#import <CoreGraphics/CoreGraphics.h>

typedef void* CGSConnectionID;

extern CGError CGSRegisterConnectionNotifyProc(CGSConnectionID, void* callback, uint32_t, void* arg);

extern CGError CGSRegisterConnectionNotifyProcIntercepted(CGSConnectionID, void* callback, uint32_t, void* arg) {
    printf("hi\n");
    return 0;
}

extern void hook() {
    uint32_t image_count = _dyld_image_count();
    for (uint32_t i = 0; i < image_count; i++) {
        const char *image_name = _dyld_get_image_name(i);
//        if (strcmp(image_name, "/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics") == 0) {
        if (strcmp(image_name, "/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit") == 0) {
            const struct mach_header *header = _dyld_get_image_header(i);
            intptr_t slide = _dyld_get_image_vmaddr_slide(i);

            struct rebinding r = {"CGSRegisterConnectionNotifyProc", CGSRegisterConnectionNotifyProcIntercepted, nil};
            rebind_symbols_image((void *)header, slide, &r, 1);

            printf("✅ Rebound CGSRegisterConnectionNotifyProc() in image: %s\n", image_name);
        }
    }
    
    rebind_symbols((struct rebinding[1]){
        {"CGSRegisterConnectionNotifyProc", CGSRegisterConnectionNotifyProcIntercepted, nil}
    }, 1);
}

I mean it’s pretty self explanatory

i figured it out

it was old / vnode

I think it was because I was accidentally setting VROOT on both new and old vnode

But even then now that I got that figured out, it just hangs on blank screen when i userspace reboot until watchdog kicks in

Some stubs actually do not load the adress from the GOT and instead do a direct jump

I think it's generated when the target is within range for a direct jump

in this case there is nothing you can do really

ah interesting - how do I know if its doing a GOT lookup vs direct jump? This is from the stack trace:

    0x198feb01c <+32>: mov    w2, #0x51c                ; =1308 
    0x198feb020 <+36>: mov    x3, #0x0                  ; =0 
    0x198feb024 <+40>: bl     0x199d60b34               ; symbol stub for: CGSRegisterConnectionNotifyProc

this will either catastrophically fail or succeed

it failed because of data volume encryption so i hooked fcntl i shall restore again !!

userspace reboot !!!! and bar now !!!!

😭

Not sure why these crashes happen

I also tried this on my iphone but instead of dualbooting i just made a fakefs

(posterboard fucking nuked my wallpapers)

-# nathanfuckery 🔥

imma keep at this tmr im going to bed
i hope to make this functional enough to the point where i can main this

The issues rn are these crashes and,

would u be able to install like apps from higher versions(one u like installed) and they work with this?

Yeah

I'm just hoping it's possible to like

Use 17.0 with this

But rn many things are just crashing

🔥

Not on 16 tho it's just those 2 things there

Hey man can you guide me how to do it?

@frank fossil question, have u ever enabled/disabled this like green/red bar unlock/lock iphone debug thing? would u happen to know how to disable it

locked

Hm, I’ve never seen that

, alr

it transfered with a icloud backup

from my 12mini (JB, it had it too idk how i enabled it rly)

[[STNuke]]

?

%hook CSLockScreenPearlSettings
- (BOOL)pearlDebugUIEnabled {
    return YES;
}
%end

oh wait no it’s a different one

%hook CSLockScreenSettings
- (BOOL)showRegionsDebugView {
    return YES;
}
%end

it’s probably in /var/mobile/Library/Preferences/com.apple.springboard.plist which you won’t be able to disable unless you edit a local backup or “reset all preferences” in settings (not worth it)

set a breakpoint on the stub (0x199d60b34) and check if it's an ldr + blr or just a bl

@naive kraken I want to tap this Home button through frida. In Flex Heirarchy the its looks like this.
But I dont know how I can achive this
The Home, products and reviews are in this tab.

<LynxScrollView: 0x1561f5800; baseClass = UIScrollView; frame = (0 0; 1024 40); clipsToBounds = YES; autoresizesSubviews = NO; gestureRecognizers = <NSArray: 0x6000061c6720>; layer = <CALayer: 0x6000061c6fe0>; contentOffset: {0, 0}; contentSize: {1024, 40}; adjustedContentInset: {0, 0, 0, 0}>

I think I have to scroll but how

Yea

It's an LDR + BRAA. It just seems like it should be possible to hook this but rebind_symbols_image (on AppKit) and rebind_symbols don't work.

AppKit`CGSRegisterConnectionNotifyProc:
->  0x199d60b34 <+0>:  adrp   x17, 434666
    0x199d60b38 <+4>:  add    x17, x17, #0x9f0
    0x199d60b3c <+8>:  ldr    x16, [x17]
    0x199d60b40 <+12>: braa   x16, x17

yes this should be possible

it could be that this is part of a shared dyld_shared_cache GOT, I don't think fishhook has support for those

ah, has anyone attempted this? or am i out of luck

Anyone know what daemon shows the Storage full notification?

I think it's deleted

not 100% sure

Hi @everyone. I have a question. I recently compiled an tweak called: Meteora (which brings back Slide To Unlock on iOS 10.3.3). I "sucessfully"(i don't think so) compiled it and installed the .deb file over Filza onto my iPhone 5c, running iOS 10.3.3

So, there is the problem. I clickde on install and then resprang my system. Then, I headed over to the Settings App and searched for Meteora. But I found nothing 😦

I tried to do this so often, but I came to the point of giving up. This thing took me more than 3 hours!!!
So I wanted to ask, If there is someone here at this discord server, to help me, by creating a .deb file of the project (compile the tweak from github) and send me the .deb file over a discord dm. For an theos SDK, I used sdk iPhoneOS10.3

Can someone help me please. I would greatly appreciate that 🙂
Thanks everyone
Here is the link to the github page: Compile from https://github.com/iKilledAppl3/Meteora

please help me. I would love to bring back this feature. And it took me so long...

why would you even attempt to ping everyone lol

oh, I'm new to this. Sorry 😐

Not really an excuse

No one I there right mind would ping 50k people at once

250k actually

@kind herald clanker

@kind herald clanker

@kind herald clanker

@kind herald clanker

Maclunkey

@kind herald clanker

@kind herald clanker

@kind herald clanker

til windows is called windows because everything is a window

maybe it should be named electrons instead

How can I start with tweak dev for a specific app? (Looking to write an injustice infinite energy tweak)

My swift/cpp knowledge isn't great but workable, and ive been programming for a long time so I'm not brand new to everything

^

https://github.com/NightwindDev/Tweak-Tutorial

reminds me of this

Cool, thank ya

So windows 11 search is a glorified website 😭

yup 😭

@kind herald clanker

https://github.com/teamleviathan/frcoal-tweak-development-guide

Step 1

Stop

🔥

i've been trying to make a small program with the win32 api for about a week

i hope i never have to do this again

Try HLA ;)

High Level Assembly

@kind herald clanker

Fuck ios rah

<@&355174844205367317>

gm alfie

gm alfie

update: i'm starting to like it actually (is this bad)

Nah I like the win32 api

Hello

Hello WEN ETA KPP BYPASS

it's actually pretty nice, at least for the stupid thing i'm working on

i was going to use qt initially but i hate that the program grows to 60mb when i do that

omg kpp bypass!!! Hello hi

:3

Hi

may i shill FLTK?

@faint lion clanker

@kind herald fucking clanker

Anyone know what picks up for live voicemail on 17.0+?

Like is it a dedicated daemon?

mediaanalysisd maybe idk one they added in 17 for wtv

idk

I'm trying to compile my tweak using the UnityFramework from the game, but I'm running into an issue where the linker can't find the UnityFramework library for arm64 architecture, even though I've put it in the right place. It's giving me a 'library not found' error.

@visual meadow what did u use to disable watchdog i fg, its being anoying while im trying to lldb mediaserverd

🙏

@kind herald fucking clanker

watchdisable on my repo

oh

its a tweak that injects into watchdogd and just disables it entirely

thats in 16

oh

it uses the code from the who let the dogs out repo or whatever

but as a tweak

The UF contains the camera class of which I need for my script, ive put it in the right place and it is still complaining "it cannot find the library for arm64". (same for arm64r btw) It's like the linker knows the file is there, but it can't correctly interpret it as a usable library to resolve the Camera class, causing compilation to fail.

@acoustic imp lmk if it works

you know it works if watchdogd isnt in process list anymore

alr

@visual meadow

nice

lldb in peace 🙏

Fire

Does that use who_let_the_dogs_out or something

Yes

that's cool

<@&355174844205367317>

I just found a funny thing: open YouTube, play a video and unload backboardd

im gonna try it

curiosity killed the cat

Opencore

i know you needed an answer 2 years later

why fr maxine

Because you replied to a message from two years ago

Whattt

Groundbreaking info right here

but the people

the people need to know the truth

@kind herald clanker

WHAT IS WRONG WITH YOU

https://tenor.com/view/robert-helpmann-true-feel-that-thats-true-morgan-freeman-true-gif-15273165990450333551

@kind herald fucking clanker

@kind herald fucking clanker

https://tenor.com/view/toby-cry-phone-spider-man-cry-phone-spider-man-phone-toby-phone-gif-12875606672124040541

what happens?

it works like tweaks like Don't stop the party etc

audio continues playing

I need a tweak like that, that actually works seemlessly and doesn't have any issues when carplay enters the chat

and if you unload runningboardd, load backboardd and then runningboardd, app still stays alive

the one I have rn has some weird issues with stuff like spotify where it detects another audio is playing and pauses despite having a tweak to prevent this

Also PDFKitDumpToFile still works when backboardd is absent

I’ve not considered that but it makes sense — layer trees exists regardless of a renderserver

I made a tweak a long time ago, PrettyResprings, that could have been a lot fancier had I known that

the underlying mechanism of PDFKitDumpToFile is probably just something like this

yeah it just dumps the layer tree, CAEncodeLayerTreeToFile

Would the tree update without a render server?

I'd expect blur views (CABackdropLayer-based) to be absent from it

Guess what is this

fugu15 moment?

Nah

sure reminds me of it, fugu15 was a nightmare.

@kind herald fucking clanker

@torn oriole

@azure sail

<@&355174844205367317>

How much memory can an app use on iphone 13 before ios kills it?

like 3 maybe 4

<@&355174844205367317> scam thing

Ty

yw

Issues aren’t planned

Great job devs!

i love naming things

So which one is the original

An app to stalk and spread unverified claims about men 💀😭

I’m ripping this apps data and creating an app called (BEER: Bad Ex Encounter Registry) for men to talk about women

poor ethan

#1 in Lifestyle | Reference 💀💀💀

also "Stop asking me this" is insane

the app DESPERATELY wants to tell you about "Jake"

i forgor

Just waiting for Apple to replace my logic board then ima cook up a diabolical app competitor

Not even 3 hours later app suffers a data breach with all their ids and personal information leaking most are fat and ugly