i.e. oldabi vs newabi

I've detailed some documentation on that in my tweak tutorial if you're interested

mmm

I'd love to take a read

https://github.com/NightwindDev/Tweak-Tutorial/blob/main/oldabi.md

Thanks!

So whats the reason the oldABI needs to be supported?

for old devices?

Maybe I dont get it

old arm64e ABI is relevant for iOS 12/13

for arm64e devices on iOS 13

and iOS 12 yeah

they just won't work with the new ABI

If one is aiming for ios 14 support it's irrelevant?

14.5+ imean

14+ yeah you don't need to worry about it

I mean I'd still compile the rootful build with old abi

no just 14+

but

I suppose but would there be a reason to at that point

(I'm just used to doing so from the iOS 13 days, I understand it's not strictly necessary here)

the strange people who want to use rootful on 15+ would still need a strange oldabi solution

right

plus old ABI does technically use slightly more RAM (though only 2.2 MB total) for Taurine 14.5+

fair but most rootful tweaks are already compiled with oldabi so that realistically doesnt make a difference

https://apps.apple.com/app/id481082197

App Store
Adobe Acrobat Sign App - App Store
Download Adobe Acrobat Sign by Adobe Inc. on the App Store. See screenshots, ratings and reviews, user tips, and more games like Adobe Acrobat Sign.

Anton112

Role icon, iOS 17 Updates — 3:55 PM
https://apps.apple.com/app/id481082197
App Store
Adobe Acrobat Sign App - App Store
Download Adobe Acrobat Sign by Adobe Inc. on the App Store. See screenshots, ratings and reviews, user tips, and more games like Adobe Acrobat Sign.

<@&355174844205367317>

god dammit

"Ah yes i shall go scam the developers today"

We’re the most gullible

🖕

@kind herald

@kind herald

@light forge

@kind herald

Buy rune https://havoc.app/package/rune buy nexus https://havoc.app/package/nexus buy scrobbit https://havoc.app/package/scrobbit

sleepsaver2

Buy sleepsaver 2 https://havoc.app/package/sleepsaver2

🗣️

SleepSaver2 v1.1
Rune v1.5
Scrobbit v1.6
coming soon

rune 2 when

rune 2 rune plugin

freeshep plugin

fr

how do you guys make those alerts with dynamic text e.g. showing finished step-by-step processes?

not sure what you mean

Conversation with PDF Expert
Started on January 28, 2026 at 05:34 PM Budapest time CET (GMT 0100)

05:34 PM | Visitor: iPad

05:34 PM | Readdle Bot: Kan du vänligen ange din e-postadress så att vi kan kontakta dig?

Om du har gjort ett skrivfel i din e-postadress, rensa webbläsarens cookies för vår webbplats och starta om konversationen.

Exported from PDF Expert on January 28, 2026 at 05:34 PM Budapest time CET (GMT 0100)

https://cdn.discordapp.com/attachments/1189739986707288154/1447263565668024492/brbnbsbss2.gif

https://cdn.discordapp.com/attachments/688121419980341282/1456051683879555185/IMB_0ZyGtq.gif

mods

@kind herald

im listening to linkin park

What do you want

Last track on my meteora cd...

Oh im a little dumb i see now

server rules to be enforced.

Based

based

based

Based

based

Palantir gets way more negative attention in the mainstream than cellebrite, and both companies make tools used for mostly evil purposes under the guise of stopping crime. Tangential to how the american military industrial complex makes tools for mostly evil purposes under the guise of national security

https://apps.apple.com/se/app/code-app/id1512938504

?

https://www.reddit.com/r/AltStore/s/vuaYVs3x1l

its the appen code app.

What are you trying to say

You can talk here

You don’t need to limit yourself to Reddit links

look at their past messages

Appen

from:anton112112

random shit

ai generated user

@sonic totem https://vxtwitter.com/i/status/2017059243359433211

I'm pretty sure this is only happening to young people so far.

interesting

Because older people use certificates that don't require ppq checking.

wtf is apple doing

If anyone has gotten this with an account before 2021, please let me know lol

I haven't gotten it yet lol

My acc is from 2011 or something

But only in dev program since 2020

But pretty sure ppq is enabled

hmm

On what basis do they judge that...

How do you check this

I have no clue

Pretty sure it's on apples end

nono i meant what app

https://github.com/khcrysalis/Feather

https://infosec.exchange/@david_chisnall/115983907574295698

Would anyone recommend this as a starting point for C++?

https://archive.org/details/introductiontopr0000lian_r9m7

I got recommended this by a friend

I know people in the geode server tell people https://learncpp.com

I’ve tried a dozen of online courses atp

All were useless

Personally, I don't really like learncpp, especially if it's the first language you're learning. I don't think the order in which the topics are introduced is the best, and I also think it lacks realistic examples that show you the purpose of each feature.

step 1: learn c
step 2: https://learnxinyminutes.com/c++/

step 1: don't learn c++ and become an electrical engineer instead
step 2: never look back

Yesss

if when you go and create a certificate and there's an Offline Support option then your dev acct has ppq

doing ee as well, my gpa is literally lower than my height

i can't think of a worse major i could have chosen

Bro

rip

What would you want to have done instead

what is offline support?

disabling ppqcheck and provisioning a 7 day cert

Profile not cert

does 7d offline work exactly the same as the previous 365d offline?

365d isnt offline

it needs online for the app to run

The previous one is 365d offline

Anything after mid-2021 is 365d online or 7d offline

I'm wondering if this is the exact same specification

probably CS/software eng. i also had unrelated ideas such as pilot & veterinarian

I think so

oh yea

I see
This would be good

Procursus

We are gonna make an claun AI do it and pray

Does somebody know how I can see which Deeplink is triggered / called inside an app when performing a specific action?

For example when I am sharing the shown track to Instagram stories the App is opened. I need to know what is calling this action and what is passed with it

Thanks for you help!

Probably do a better job than me

You are still needed for PR approvals

@kind herald

⁨@kind herald⁩

her ass is slacking this is definitive proof

https://tenor.com/view/ahoklollmao-no-way-shocked-surprised-omg-gif-16935646637611070933

*building gentoo world on a c2duo

works on ldid instead

<@&355174844205367317>

Maxine

<@&355174844205367317> oh moderators

thank you moderators

https://x.com/vxunderground/status/2017673353335542039?s=46

average jb community member /j

Sent from my Iphone
?

That capitulation is wrong

Fake emails /j

Average jb dev
#- /s

Fuck you discord

it's -#

@kind herald

Maxine

Nightwind

Jailbreak didn’t kill itself

<@&355174844205367317>

uhhhh

i didnt mean to add that to the end oops

lol

scammin and jammin

Maxine

there will be no scamin in these parts

Me changing the default signature so doing something illegal makes that proof fake

is hibernation (at least on linux) basically the complement of userspace reboot

because by my understanding it boots the kernel completely normally, then afterwards starts thawing userspace processes from swap

Probably only you could know that, here

😭

<@&355174844205367317>

Omg thank you Elon musk

<@&355174844205367317> gm

Omg thank you elon musk

Happy birthday @torn oriole

It's not as funny when it isn't Maxine

@kind herald Happy Birthday!

@kind herald Happy Birthday!!!!

This is more like it

@torn oriole @kind herald twins omg

Oh god no

if we were twins hydrate would've killed me in the womb

@torn oriole moderators this user is Threatening violence

Banned

oh I think it just stores the old kernel and resumes from that btw

so you can't even update kernel across hibernate resume

That might not be right

I can't find any info on it

as he should

<@&355174844205367317>

Oh my god Elon musk thank you

Elon musk 💀

question can you upgrade mac mini ssd without needing another pc?

through there recovery bios thingy

idk why most tutorials do it through dfu mode

Required as it handles reprogramming the NAND to match the computer

We haven't had Internet Recovery on any Apple Silicon Mac

apparently you need another mac huh? even windows pc wont help..?

correct

if you are brave enough go use the mac at an apple store

or ask the sales rep to be nice and do it for you

doubt they would like me plugging in my own hardware with their but asking the sales rep is always an option

im considering buying 2 mac minis and returning the one after upgrading

couldnt you do it with idevicerestore

ah yeah i did forget about thaty

you can

@proud geyser just use idevicerestore to do it on the windows computer

Why fr

Why fr

Why fr

Why fr

@rocky oriole

??

hello, who can help with the implementation, tell me what you can eat, There is a task to output two boards to one screen via a switching multiplexer and power them with one battery.a. We are assembling a Frankenstein phone. We take two iPhones, physically remove all communication modules from one, and collect information from the other (micro, gps, camera, etc.). From the protected one, we insert it into the network wire through the encryption module, it can only send encrypted traffic from the protected one. they need to be powered by a single battery and controlled from a single screen (so that the screen can be switched to board 1/board 2. Now, when switching to 2, 1 crashes and vice versa. So far, we are developing a variant of the multiplexer, where at the moment of switching, the inactive person sees some kind of plug and thinks that he has a screen, but while we are investigating this, we are not sure

Two iPhones were unsoldered and one was assembled. Two boards are plugged into 1 screen. I control the first one from the screen, pressed the button, and switched to the second one.

personally i’d love some chicken right about now

i'd love some chicken n beer

No

launchd’s userspace reboot is more like the new systemd soft-reboot

complement meaning opposite

Oh I guess kind of yes then

Linux also has kexec which lets you switch kernels without going to boot loader again

And pivot_root which lets you change the / mnt without restarting processes

It seems like I was wrong though, even if I boot a different kernel from uefi it uses the old version that I entered hibernation with. It must be stored in the hibernation image or something

I should get into kexec

all of this is so I don't have to reboot my laptop ever and lose all my programs

kpatch kind of what you want then?

https://cdn.discordapp.com/attachments/688124711145701393/1456823211533537400/togif.gif

<@&355174844205367317>

Omg thank you Elon musk

Real as hell

Elon a giver as always

I'll be sure to thank the man who could give 1% of his wealth to end world hunger and won't

https://github.com/doraorak/IGCustomDMBG

Lol

@magic hazel I'm getting a "Symbol not found: _objc_readClassPair" on iOS 7.1.2 with libswift installed 🤔

Interesting. What version of Swift?

I’ve had that error before

Are you on arm64

I’ll check tomorrow

No, armv7

ssv and such are easy to undo

type mount and see if / is (read-only)

<@&355174844205367317>

Well to disable them is one command. Did you manage to get read/write on root?

What macOS?

Ah so the latest does work.. Was it the dopamine patch?

I thought the dopamine patch patches the dyld

Which palera1n patch did you do?

You'd think patching out AMFI alone would suffice to the second one

Isn't that what dopamine does?

What tweaks are we running on jailbroken macOS

I use imessage colors and clear dock lol

And some ios tweaks for ios apps

I'll have to show later I'm not home

It's too bad no-ones able to do some true customization with macOS like Lynx 3 or something

Well yes, the inability to not OSS lynx 2 😛

a lot of things are different on macOS, it's not just a matter of recompiling

right but most classes are different

Well that's my point; if we knew what frameworks to hook and how the code is implemented, mabe others could do such

even if you hooked into something it might not exist on macOS

macOS also has a dyld_shared_cache, and you can definitely decompile and dump headers just like macOS

in fact I think there's even a macOS SDK in Theos

same can be said for Apple TV but the base code is still there for darwin alike

you can patch an Apple TV via dopamine

just hasn't been done

I'm not sure of the specifics but possibly?

AFAIK, Apple TV doesn't have KPP

I'm fairly sure there's tweak injectors on macOS as well, meaning you don't need to patch anything, you just have a tweak injector

tvOS is the slimmed down version of iOS

https://github.com/CoreBedtime/ammonia

There is, Ellekit

that too yes

Which was supposed to be mobilesubstrate on swift

but the rewrite called for a rename

but yeah the world of macOS tweaks is way smaller compared to iOS

There's just no SpringBoard

MacBoard?

I have no idea honestly

WindowServer is what I know

Sounds like it was taken from microsoft

I'm pretty sure they should be intercompatible but I have no idea

https://github.com/CoreBedtime/BrokenGlass I mean there's some things here

https://github.com/CoreBedtime/JelloAmmonia another

because other security kills the patch

Ellekit:

Pretty sure there’s something working for macOS

I'd rather do the work to patch everything despite not needing to just for the ability to have ultimate power

that's a deep question

As many as it takes to run windows 3 on it dualbooted

Apple Swift version 5.2.4 (swiftlang-1103.0.32.9 clang-1103.0.32.53)

I find it's no longer macOS the moment you solder another SSD to it to run linux on it permanently.

Speaking of which; I'm still trying to save blobs for macOS

but it seems redundant when Apple signs them all

macOS blobs are a thing?

ah, fascinating

how it feels to use my daily mac with sip and amfi off

Yes

and is possible to save

fascinating

you can

ok I've managed to confirm the home unlock tweak works on iOS 5, 6, 7, 8, and 9, pretty cool stuff. now as for the hard ones, iOS 2-4...

the tool made my cryptic decrypts cryptex seeds for macOS and saves the blob with the seed

making downgrading possible if unsigned

just a matter of if cryptex is compatible

Not that Apple wouldn't unsign (I'm not sure why, it is like iOS with privacy and such, but I'm not complaining)

is there not a way to downgrade via USB on arm?

But downgrading may fail if SEP doesn't checkout

I wonder if one can modify an ipsw for mac if the bootchain is patched

internal software shows this is false but my assumption would be that you would need tickets that production TSS won't give you

you always need signed iboot

a signed modified ipsw

how would you sign it

since they're all signed

yes but irregardless of the mode of booting iboot needs to be signed so

I'm not sure how changing a little bit of code can unsign unless it's a checksum

it's a hash

even a singular bit flip can (and should) change it completely

I guess the true reality is it's possible with a kernel exploit

in fact actually i believe you also always require a signed kernel just that in permissive security that kernel can be signed locally by the SEP

@upper hull you able to test the tweak real quick?

Sure

sent in DMs, thanks!

Interesting

Lemme look into it

thanks, would be nice to get it working

give me some time to recharge

Yeah no worries 👍

Tweak installed but nothing appears to happen

Go on the lockscreen, make sure the device is locked, and press the home button

passcode required?

Oh I see, unlock with home without swiping

what

i uh

what

you don't

you just need SIP and that arm64e bootarg like every other normal thing

probably

it's definitely not for ellekit

I never got around to polishing ellekit on macOS

Or simulators

Rip

Yea I think the only thing I used was clear dock? And that was just to show I had it running

Yes. It works?

Passcode shouldn’t be required

Yes

Nice!!

now make a genie pop out of the sim card tray /s

Lmfao

I’ve confirmed through static analysis (i.e. just decompiling the SpringBoard binary from iPhoneOS 2.0) that nothing changed between those two versions. So, officially, we can say the tweak works on iOS 2.0-9.3.6 😄

I like the rug pull on space when you're trying to install Xcode and macOS complains you have no space when you've got 60gbs left

I bet it took you so long to hook that

what app is that for the dock?

ubar?

actually no

it's three hooks in total

your screens stressing me out

one for iOS 9+, one for iOS 7 and 8, and one for iOS 2, 3, 4, 5, 6

Why can't y'all make it simple?

a theoretical iPhoneOS 1 tweak would require another hook though but I have no idea how to make one

ahem *Windows users

anybody use this here ? do you need to restart the computer after "installing" the .pkg

i also made something like this before it came out but i couldn't find a way to inject launchd before it spawned stuff like dock where tweaks would be fun. i think the .pkg installs a launch daemon that injects launchd early on when the computer boots up. pretty smart ngl

just installed it and seems nice, do you know if there's a way to hide the app's icon at the top?

wait

nvm

i figured it out

i meant like the one in the dock but i realized that i had to... close the app... i feel stupid now

activity monitor graph icon not supported tho, shame

thanks

I seemed to have bootlooped whilst patching the dyld

What mac are you running?

Are you able to show me what code you modified? I'd like to compare so I'm not making any mistakes

amfi_get_out_of_my_way=1 🤮

that is what breaks tcc (and a lot more stuff) btw, not disabling sip

Also idk why you would do all that to jb macOS tbh

I have theorized you could do it with a single kext probably, don't even have to disable sip beyond allowing unsigned kexts

I want a shirt that just has this boot arg

from what I read, a motivation would be installing decrypted iOS apps without resigning

well decryption breaks their signature

but a way better way to deal with this is to hotpatch amfid at runtime to allow them

someone made an lldb script somwhere for this

ofc requires manually runnimg it

any idea where this was posted?

what I'm saying is you don't need to disable anything except for what's needed to get your kext to load

and you don't need to patch the kernel unless you want root r/w

that won't make encrypted ios apps works though obviously

@kind herald

<@&355174844205367317> good morning

useless :/

let her sleep 😭

why doesn't she close her 'puter and go offline then !!!

Maxine

she seems online when she's not :/

Wdym if it says idle then im not here

What about that “seems online”

idle is not offline

But it doesn’t mean im online

you are chronically online so it is fine to ping you at any time of the day on any day

that is why you got admin

ty for the confirmation ❤️

I'm still trying to figure out why editing dyld causes a bootloop.. maybe it's just me

where are you stuck at

I edited bl dyld4::SyscallDelegate::internalInstall with Assemble with b .+996 but after saving the contents only, signing with ldid and moving it to place I manually reboot but then I get the chime and the light turns off, then turns back on, then loops

did you also do the dopamine patch

you have to do both

I did that first

I'll try just doing the dopamine patch

see if it bootloops

yea try just that one first

because it should work

one day i'll need to update to tahoe again and redo all of it

maybe when 26.3 final releases i'll do it

What's interesting is that when I search for (dyld4::ProcessConfig::Process const&, dyld4::SyscallDelegate&) it doesn't show until I remove the end )

that should be fine

It's just maybe the guide might need to be fixed for that step, because folks searching will find nothing

i'll fix that when i do it myself for macos 26.3

what mac are you using?

m4 mbp

I was going to ask if you can send over a modified dyld

it might be different for machine types though

yea that wouldnt work

also im not on macos 26.3rc

im on 15.7.4rc rn

would it be possible to send the binary ninja database? unless the patch it's self is different for all even if you're on the same macOS version

Dm me the dyld file and I can patch it

I wanted to create the app clone feature that exists on Android on iOS. I tried re-signing the apps with live container and similarity, but the problem is always the same: I lose the backup and I lose the notifications. This is because when I re-sign the app, I lose the original entitlements that allow access to APNS and iCloud. Any advice on how to do this?

It's not possible without a jailbreak

Ok thanks 👍

Dopamine’s dyld patch makes it so that any and every process can have libraries injected into it

That’s the “AMFI” patch but you’re not at all patching AMFI

Well actually it hooks dyld now doesn’t it

But old Dopamine patched it anyway

yes but amfi flags are still statically patched

and the hook itself is a static patch too...

Well yeah I more meant patched prior to the hook (and I didn’t know the AMFI flags patch is still applied)

Apple are enforcing Xcode 26 and the relevant 26 SDK’s for the App Store from the 28th of April

https://klipy.com/gifs/boo-61

liquid ass for everyone🔥

https://x.com/i/status/2020772209938309407

I mean, not if you dont update your phone

updating my iPhone 6 to iOS 26 rn

i honestly think enforcing latest sdks is a good thing

is it though

this also implies no one in older ios versions can use the app anymore

and thats bad

not really

how does it imply that

is it not determined by sdk version?

you cant down compile to an extent

iirc Xcode 26 still supports iOS 12

i forget how exactly minimum version was determined on the app store

it might even be iOS 11

then i guess the sdk itself still supports ios 12?

yeah

surprising

I think so anyway

I just built for iOS 11.0 from Xcode 26.2

the only thing that modern Xcode deosn't have is 32 bit support

but Apple stopped accepting 32 bit slices a long time ago

a stable codebase?

its never had that silly

it was better.

im numb to it

imma be honest

i have less xcode crashes these days

I will say

ipod

there is one case I can reliably cause an Xcode crash

16player

switching branch when there is changes to the .xcodeproj

something about the in place of switching of xcodeproj while xcode is open it doesnt play well with

it either crashes or makes you restart

has anyone needed to make a helper setuid cli binary work on NathanLR? I mean like a chmod 6755 program. Because a simple setuid(0) doesn't do the job on nathanlr, there needs to be some other trick involved somehow (some entitlement maybe?). I can make my binary (SSHswitch) work, but I'm using a hack for now that feels quite stupid to me... haven't released it to public repos yet, thought maybe someone has some good suggestions?

@visual meadow

@dreamy tundra hah gullible

<@&355174844205367317>

Oh boy thank you Mr beast

Watch hydrate take this for himself

Wow

Fym "for himself"

Money

Still beat him

All the money

The free money

Sharing is caring

yeah of course there's the exceptions

For itself

Somewhere in hack different someone made a tweak that injected into tccd to fix tcc with amfi off

It builds but Swift packages require iOS 12+ now

Oh I was building an objc project

Can you submit apps to the AppStore that have minimum versions of like iOS 6

Or does Apple just not accept any apps with a 32bit slice, even if it has an arm64 one

I don’t think they accept 32 bit anymore

does utm sidestore support jit?

Anyone here experienced with Frida, RASP bypasses (jailbreak detection, Frida detection, etc.) and/or reversing tools like Ghidra, Radare, LLDB ?

https://docs.getutm.app/installation/ios/

did you read it at all...

yesnt i tried found it complicated gave up

the answer is there though

oh yes i see

but the process to set it up is complicated

you only have apple to be angry at

i indeed am

only thing that will calm me down is gemini siri

if it ends up being good

Wait you just want to enable JIT for UTM? Or am I misunderstanding

yes i wanna try running the andriod on utm

and see if it’s any good

You already have sidestore?

yuh

I got StikDebug form the AppStore before it was removed, but you can get “LocalDevVPN” from the App Store, and sideload StikDebug in SideStore, turn on the vpn, and launch UTM through StikDebug, super easy honestly. There’s many methods to enable JIT but I’d consider that the most user friendly

i got local vpn

https://apps.apple.com/app/id6744003051

this one

well this one

Uhh link doesn’t work for me for some reason, it was either removed from the AppStore or isn’t available in my region, I believe that is the same concept as LocalDevVPN tho so yes, sideload StikDebug, turn on the vpn, open StikDebug, launch UTM through there

its not installing

oh nvm it did

You have access to a pc? I think you need your pairing file from Idevicepair, but all you have to do is plug your phone into your pc and go through the gui and it will automatically inject the pairing file into StikDebug

ahh nrn

why doesnt utm work through the

live container

My bad I forgot about the pairing file when I first suggested it, UTM works in live container for me, what phone what ios?

definitely no chance, none of their static/dynamic analysis infra would still support it

how possible is it to make compatibility tweaks for apps that run on ios 16 but have issues?

For example i was able to download mullvad vpn but adding the vpn profile fails

<@&355174844205367317>

Maxine

Oop

Alpha

cool

@magic hazel Any thoughts on this? 😅

Try using my custom 5.2.4 toolchain

Tell me if it fixes anything.

how difficult is that to set up?

Very simple

Well

What are you using to build?

it's a tweak with Theos

You could just take all my dylibs and shove them into libswift

currently I'm just using Xcode 11.7's toolchain

Ykw

When I’m home

I’ll make a libswift

Prolly should have done one for iOS 6 anyways

nice

what are the dylibs btw? for me to try

Libswiftcore foundation UIKit and one other I’m forgetting

Basically just steal all the ones in my toolchain

Did Apple delist all the legacy 32bit apps?

@crisp frost

Carbon 15 progress

Not all

Only if there's a 64 bit slice as well

If it's pure 32 bit it's gone pretty sure

no, they just haven't been touched since like 2019ish

Still works for me

Yo room what’s good

Yo room what’s good

Yo room what’s good

Yo good what's room?

Yo what’s good room

Yo what’s room good

Yo room good what's

What's good room yo

Shut up

Shut up

Up shut

ut puSh

<@&355174844205367317>

No way thank you Mr beast

@faint lion useless

could be worse

Maxine

they're using catbox now

i banned them and gir didn't delete all the messages

i'm tempted to just create a bot that scans any message with 4 images

We have Automod set to fire on two or more links in the same message

i should maybe do that

Bros are late to the party on your server lmfao

Catbox has been and gone for us

I'll give you the regex if you want

catbox was last on the 9th

<@&355174844205367317>

Maxine

Maxine

If you could send it to me that would be great

<@&355174844205367317>

No way thank you Kai cenat

should I use gir report [in the future]

i forgot that existed

Works better tbh

Bet

Both ping us anyway

So up to you

I need to flex on the ones who dont have it

Takes one button press out of our lives

Saves me from typing 🙏

True

Omg guys I can retire Mr beast just gave me 2000 bitcoins

Anyone tried OpenAi’s “codex” integration yet? Pretty insane what it can do

Yes it’s very capable I’ve found

@native dune @shrewd smelt @light owl

Thanks

@native dune @shrewd smelt @light owl

Useless long

ping

It was 67 days ago.Role icon, Honorary Members — 7:28 PM
Useless long
ping

Ok

opus 4.6 better 🐸☕

fr

fr

Haven’t tried opus 4.6 I’ll have to check it out, but gpt5.3 codex just dropped like 10 days ago and it’s been pretty insane. Had it make a python script to connect any llm running locally to custom tools that let it do things like control a Minecraft server with natural speech. Pretty cool to be able to say “save this location as my base” and it just knows. Made that in like 6hrs with the help of codex, and I’m completely new to running local models

currently if you're using 5.3 codex, part of OpenAI's shady business practices, there's a high chance it's silently rerouting you to 5.2

which is why some people hate it and some love it

minimax m2.5 free on kilo code

talking about shady business practices

didWeStoleUserMoney()

Hmm I have gptplus and I definitely have the 2x rates they’ve been advertising because it pretty much made the 4,000 line python script with only compressing context 1 time which is pretty dang impressive.

Is everyone getting affected by the possible silent model downgrade or just free plans?

RUST_LOG='codex_api::sse::responses=trace' codex exec --skip-git-repo-check -s read-only -m 'gpt-5.3-codex' 'Say exactly this sentence and nothing else: "Hello, this is the answer."' 2>&1 >/dev/null | rg -o --replace '$1' '"model":"([^"]+)"' | head -n1 and it'll tell you what model it's actually using

rust :/

kill all tracing users

or env_logger is even worse

<@&355174844205367317> gooood morning brbn

Maxine

night1337

more like

tooslow1337

🤣😂 😂

🤣😂 😂

🤣😂 😂

🤣😂 😂

🤣😂 😂

🤣😂 😂

🤣😂 😂

😂 😂🤣

🤣 😅

yes, sep nonce

or ART

or the whatevers

well, if you dont try to boot after

then probably fine

after everything gets erased

then sep might realize and do sumn

<@&355174844205367317> good evening

@thorn hound can you confirm this

try it

Compressing them before sending over the wire may help

How possible are macOS system mods?

very

oh so it's just restore mode to worry about

cool

I feel like A10 won’t work

Is A10 when they started keeping a hash of on-disk sepi?

Ah but wait, the hash won’t change

No I’m not talking about the nonce

Well that can be set anyway

It might work on A10 idk

Depends how the data protection keys are stored idr

a10 has gigalocker

that’s in a different partition iirc

if you breathe, it changes

hi

nonces in general are only checked during restore time

when booting from NAND the device shouldnt care

yeah

well baseband firmware is barely understood

no one's really looked into wtf its doin

(im trying to for plxtss and failing to RE mobiledevice)

sep firmware version mismatch or something probably

i think it needs to restore using that sep fw atleast once to store things properly for that fw or something

probably has the hash of the fw in secure memory

feel free to confirm yourself though

that'd be most concrete

huhh i mean you can just plop it down into filesystem

see what it does

then if it gets cooked i assume you can either just restore normally or use sshrd to plop the original back down

yeah!

ART is entangled with some sep key

anti-replay token

that's where you get the sep restore nonce from

also the expected hash for the booting sepfw

it doesn't

in turdus merula, we set the boot manifest hash in sep boot args and that way your old sepi can be booted during the restore
cc @wooden yarrow

true

Yes

@fringe cove still try baseband

baseband has always been the neglected child

(still is)

ipsw it's a .bbfw file and on fs it should be somewhere around /usr/standalone/firmware/

You won’t have a valid ticket

Ah but if it’s signed

Doesn’t it store a hash in EEPROM or something

Isn’t that the entire point of the ART?

A10+ ART is in EEPROM, a9 restore counter is stored in EEPROM. Not sure if a7/a8 have EEPROM?

Ah got it

No idea about the latter question

Maybe I'm wrong but in my experience A11 disk dumps never worked for me

It always resulted in a instant panic

Not sure why

probably just need to do a little ans2 hijacking

What was the panic

Not panic sorry i meant it just hangs until i force a reset then it panics with a blue screen

It's ROM gng

It's immutable

You can't write to it

The dump doesn't work

I run dd and it just hangs forever until i force a reset

A7-A10 dumps work though

Yes

From a ramdisk

Live fs would prob work fine

Nope

But it was a while since i tried it

Might have to reproduce to see if it still doesn't work

Alr

I'll lyk

Yeah so apparantly i'm wrong and EEPROM isn't immutable

The name is just misleading

Aight

we only have full access to seprom on a8 and a9

think of eeprom as sep's "disk"

we can set ART in a better way using our blackbird exploits

no need for anything complicated

never

Do you know what EEPROM stands for? 😛

rom that is sleepy

sorry

@kind herald get your lazy ass in here

Yeah i know but bro

I automatically assumed that bcs it's ROM it's immutable

My bad

Do you have a job yet

@kind herald !!!!

This is not the actual firmware that is loaded.
it located in a different path
and It's personalized

IIRC /usr/local/standalone/firmware/Baseband/XXXX
(in the case of Qualcomm, idk about anything else)
XXXX varies depending on the baseband modem

unemployed person asking for another unemployed person to get a job

whatever buddy

Hes a minor

Ok and ?

Hes still unemployed

Shut uppppp

no

Unemployed people whenever they get offended by an unemployed person asking another unemployed person if they have a job

@naive kraken hiya opa!

no idea if this is the right channel for this but i thought it was worth bringing up my concern over libSandy one way or another cause this small problem might affect others.

Today i saw that libSandy was updated (and so i updated it, why not, right?)

turns out that i probably shouldn't have done that because when i ended up eventually respringing it turns out that apps will take literal minutes to load/open after any respring/reboot.
-# (even though this is a 14 Pro Max)

anyway, i went to downgrade the package but saw no option to. luckily i hadn't upgraded it on my iPad yet and i was able to downgrade the tweak/library and boom everything was back to normal, no more logs of securityd/preferences/music clogging my logs path.

i had just wanted to let you know, just in case people end up upgrading it and possibly facing this same issue not knowing exactly what is going on.

Thank you for all of the things you do for the jailbreak community as a whole.. and have a great rest of your day. Cheers!

-# also.. if needed, i can upgrade to libSandy 1.1.6 again and provide any logs that may be needed resolve this.

@sonic totem do you know how i can get from kernelBase to header of a specific kext ?

If it’s an MH_FILESET kernel this is very easy in theory

Check the file type in the kernel Mach header

its MH_EXECUTE

MH_FILESET
are these ones newer kernels ? mine is m3 pro running on 26.2 (25C56)

huh

I swear I tested this update

do you have any securityd crash logs?

Uhhh

I would’ve thought that that used fileset…

My on-disk kernelcache is

Confusing right?

well this is printing 0x2 printf("0x%llx\n", kread32(kernelBase + 0xC));, i couldn't find my on disk kc yet

Yeah that’s fine

I guess it gets split in kernel memory

My memory is fuzzy

yep, but it spit out like 5 or 6 of them

do you just need one or all of them?

one is enough

alright let me update it and grab one

what the hell

idk

i got even more confused when i saw music was affected by this alongside preferences

and the logs are insanely huge too

if it's easier to continue this by dms then i could send more over there if you'd like

what jailbreak is this?

it's Dopamine

it's the latest version of it

With normal ellekit?

but it's on a 14 pro max on 16.0.3 so it's probably all types of weird

yeah

nah this crash makes somewhat sense

what doesn't make sense is why it doesn't happen for me

and i dont have anything that relies on oldabi either so that's probably not it

what tweaks you got that depend on libSandy?

ah hm

it's probably one of those

the reason why I can't reproduce it I mean

can't live without hammerit id be sad

Nah the issue is on my end

hmm

I guess this specific code path was never hit on arm64e during my testing

ohhh

But tbh I don't see why it would ever be hit on iOS 16

Hm

Maybe one of those tweaks is injecting system wide into some process that is very sandboxed

and before this update that would just fail

but now it goes through the new path

So it's probably fine

that sounds like hammer it probably

or flora i could be wrong

I think it's flora because I just installed hammer it with libsandy 1.1.16 and it works fine

Don't have flora to test it

yeah it does sound like flora because flora i've had to force it to stop injecting into random daemons that it doesn't need to be in (causes the system to spit out logs CONSTANTLY)

hammerit is extremely solid though i wouldn't have expected that to be the cause, but it does need to be everywhere

meaning it could've been either/or

but it's fine opa handed me a fix and it's pretty neat

The flora dev is here idk if she’s still active

It’s also OS

a lot of it is a non-issue as it doesn't affect day to day use of the device.

peak

xianyu my beloved

请勿更新

<@&355174844205367317>

<@&355174844205367317>

Maxine

Maxine

Maxine

Anyone here know how to create a swift shim like you would a c shim?

New symbol name is different, need to forward old to new

Not sure how

Everything I've tried yields crashing

50 points for useless ping

Oh Moderators (I have made a GIR report)

thank you mr beast.

Thanks but sometimes a mod ping is easier lol

#development message Hydrate spreading misinfo

<@&355174844205367317> gm

Maxine

Do your job

wasn't it obvious by now that Maxine is useless ?

i was ASLEEP

wtf admins like you shouldn't be slacking off in the name of "sleep" and "if I don't sleep it would be detrimental to my body"

smh not 24/7 active to eliminate spammers

yeah, just dont sleep

it's hard being an eepy girl in this world

is this a good reason to report the tweak

shouldn't it be hooking into apps rather than sb

so, more lazy programming ig

since when was there telnet 😭

well, all daemons are forked from launchd i mean

Uh damn

For taurine i thought telnet was only supposed to be on for recovery

Maybe check if you can actually connect

Gg

Can you get a listing of stuff in /System/Library/LaunchDaemons and /Library/LaunchDaemons if it exists

There's a good chance launchd is a misnomer

I don't know for sure but i'm pretty sure it has to do with how the launchdaemon port listening thing works

I think launchd only spawns it if it gets traffic on the port

Find the daemon responsible and disable it

no identify the daemon first

run sudo ps -Ax | grep telnet and send the output please

also you can run sudo launchctl unload -w /path/to/telnetd.plist

that should disable it

yeah, you can make sure by checking /var/db/com.apple.xpc.launchd/disabled.plist and com.apple.teldnetd should be set to YES

no problem, but do me a favor really quick and cd /var/jb/var/lib/dpkg/info and run grep -lir com.apple.telnetd, I just want to make sure that you aren’t disabling something critical

or actually, if you run into any unexpected problems from disabling it, just run launchctl load -w /path/to/plist (or go to that plist I mentioned and change it from true to false)

I just don’t know what it’s specifically used for, but I doubt it’s actually needed

i'd say this fits

sorry, that’s what I meant :p I’m on a rootless device

yeah, that’’s what I was expecting. You’re fine then, you could even remove remote-cmds altogether if you’d like, odds are that it’s not being utilized by anything

holy moly

ding reference

the ding backdoor only runs if you're logged in as discord user icraze

good thing i mainly use the discord account isitnebula

(is your name that because you dont know your identity?)

2022 reference

im mysterious

mysteriously stupid

ok sorry

maybe someone can help me out.. I'm trying to restore vphone aka iPhone 99,11 via idevicerestore (and yes, I've compile the proper irecovery file) but upon using idevicerestore whilst following the directions, it spits out: Found device in DFU mode Unable to discover device type and yes, the vphone is in DFU mode. it's been confirmed

yeah so the guide skips this step but you have to recompile idevicerestore with the new libirecovery you compiled

(or otherwise change the dylib it's pointing to using something like install_name_tool)

@kind herald lazy

<@&355174844205367317> good afternoon

ty

I thought maybe that could be a reason but I also thought that compiling it and installing it to /usr/local/lib would automatically detect it and use it

paths that come first and caches and whatnot

install_name_tool is the most reliable though

i didnt have to recompile

i used the limd script to build all the limd stuff, then reinstalled the forked irecovery

worked fine

so basically you did the install_name_tool method except it just replaced the existing dylib on the same path

same thing

This script wanted me to uninstall everything from home brew

i let it uninstall everything except for libplist

<@&355174844205367317>

How come most tweaks that hook into iOS keyboard (rose, laetus, underdock) no longer work when you switch apps?

This is iOS 16 rootless

Device specific issue I’d assume

It works fine for me

Which tweaks?

Laetus

Weird

Useless ping

Binged Silicon Valley in a week

@kind herald

Useless ping

True you are useless

sorry

I'm watching it too, on season 2 rn

Any idea how to use home button on a vphone?

right click

doesn't seem to progress on VNC-viewer... constantly resprings.

Are you at a Hello setup screen, or do you see a Security Research Device label

security research device

I see it rolls up to "English" but then resprings

You need metal acceleration

Has anyone tried modifying the VM device tree to change device info and enable home bar etc?

for some reason changing ArtworkDeviceSubType in MobileGestalt doesn't affect it in any way

How does one enable that?

get the paravirt dylib

I have to spoof one more thing to enable home bar.

I ended up changing it via device tree:

-         {"name": "home-button-type", "length": 12, "flags": 32768, "disp": 3, "value": "syscfg/home" },
+         {"name": "home-button-type", "length": 4, "flags": 0, "disp": 1, "value": 2 },

-         {"name": "artwork-device-subtype", "length": 12, "flags": 32768, "disp": 3, "value": "syscfg/ards" },
+         {"name": "artwork-device-subtype", "length": 4, "flags": 0, "disp": 1, "value": 2556 },

FYI I think the guide should be somewhat edited: CFW requires a password to read/write anything so a lot of python commands didn't work without sudo

same with bash

you need metal

Not sure how to get it

check your dms

<@&355174844205367317>

<@&355145545242902548> hi

is there anyone who can built command block, get rid of "player offline" setdisplay

are you talking about minecraft

yeah

https://tenor.com/view/test-gif-12993999557818669691