#development

@tepid olive when will you shut the fuck up

gonna need more than that i'd imagine
@half walrus just buy new computer obviously

honestly

I do have this

it was very laggy
@surreal mountain imagine having shit pc

checkra1n a11 patch
@gaunt mesa ok so apparently the panic was manual in pongo?

/s

and i didn't know this?

which is washed out for some reason

carson my pc is better than yours

stfu

@gaunt mesa ok so apparently the panic was manual in pongo?
@half walrus yes

@gaunt mesa ok so apparently the panic was manual in pongo?
@half walrus yeah it would just force reboot

otherwise I would've patched that out a month ago when i was talking about doing it with kirb

well if it lags with checkra1n obv its not

cuz without password isn't really ideal

literally the only thing different between patched and non is the panic function returns 0 every time

yup

lol

that's it?

deadass

thats literally the only thing

bruh moment

I forgot that it was even us doing the reboot until yesterday lmao

i've been stuck with iSH

for a month

static int shouldPanic() {
return 0;
}

https://cdn.discordapp.com/attachments/627601934463008796/771169121923498014/unknown.png
https://cdn.discordapp.com/attachments/627601934463008796/771168876422496296/unknown.png

had to port dragon to ish

static

patched vs unpatched

that theme looks like

binaryninja or w/e it is

i need windows

pretty sure thats just ida dark

so i can get IDA 7.3

i need windows
@gaunt mesa you have windows, no??

@gaunt mesa cryptic has ida 7.3 on his site

@gaunt mesa you have windows, no??
@tepid olive no?

why would i have windows?

@tepid olive no?
@gaunt mesa at one point you def had windows

how good is your pc

well

why would i have windows?
@gaunt mesa for playing games

its a 6th gen i7

and are you on macos

i use my macbook

mostly cuz i can sit in bed

and watch netflix instaed

get VMWare Fusion

of getting shit done

you can find it fairly easy on the usual sites

is there something like parallels but it remotes into my PC?

or is that what fusion does

this is better

ah yes I forgot every second time I compile now, a cocoapod says it can’t find a symbol in another cocoapod and I have to nuke derived data and rebuild

today is really not my day

go ahead krit

let me show you

why so many orange names

but its a VM

im breaking the cjhain

my macbook will 100% crash

bruh

ah

ah

ahhhhhhhhhhhhh

that sounds cool

u have to pay for that

lol

yeah saas

fuck saas

literally use windows server

servers cost money

it has all of that

bro

yeah just run a vnc on windows

my PC is currently linux

ok and

then run a vnc on linux

does your school use microsoft at all @gaunt mesa

please tell me how to transfer scarlett to VM and how bad overhead is

like office 365 or anything

then run a vnc on linux
@half walrus server

yes

cba to use UI

yes

winux obviously

google.com/?q=install+vnc+server+linux

im not switching back to WSL tho so ill probably do what quiprr does

linux VM and windows server

its 2 commands

ok what

does your school use microsoft at all @gaunt mesa
@surreal mountain no

what is your machine

@surreal mountain no
@gaunt mesa F

u need to pay lots for windows server

i can lend you a key

you want a windows server 2019 standard, essentials, windows server 2016 standard, essentials, or datacenter key

i recommend datacenter so you can have infinite vms with hyper-v

@half walrus i still want to be able to use windows tho

do u have any suggestions to be able to use all 3 OSes without using like 5 million computers

what I do is vmware fusion + win vm + WSL

ah WSL

or

is WSL 2.0 actually good tho?

vmware fusion also lets you run a headless vm to ssh into

renai

also how does the whole docker situation work with WSL

what is your end goal

one pc to run linux and mac and windows?

no

macbook is for macOS

and then be able to access windows and linux both

without switching OS on machine

like rebooting

ok so

get windows 10 standard and use your preferred way of not paying

install hyper-v

i already have pro

ok

wtf why hyper-v why not just WSL

thats good

docker even has WSL mode apparently

wsl is just shit

any virtualization software that isnt wsl is better imo

what I do is vmware fusion + win vm + WSL
@half walrus ill probably try this but the thing where isntead of a VM it does the window splitting with an actual windows machine

wsl is not fun and bad

im not making tweaks on WSL

its only for typescript stuff

ok

I have vmware

i do want a way to SSH straight into the linux tho if i need to

what are the cool things about VMware pro

nothing

jesus

how powerful is ur mac

kritana bad dragon cat

powerlevel

spaceship or starship good

p10k good

p10k is fine

eh

wait wtf

p10k

how do u have mac windows and windows windows overlapping

vmware fusion

so it does the thing parallels does

why isn't there a non VM solutino for this

because every other solution sucks

https://www.parallels.com/products/ras/remote-application-server/

wtf how

can u get rid of that start menu tho

looks ugly ngl

on mine?

yeah

yeah i just threw that there to make it clear what was going on

ah

i wish my macbook didn't suck

yeah i kinda upgraded this machine specifically for VMs

dman

that's around the shit of my PC

oh yeah if you have boot camp on your macbook vmware fusion can boot it

parallels RAS is $100/y

the issue with other RDS or VNC clients is that it doesn't do the thing that fusion or parallels do

whatever its called where it splits the windows and adds them to ur mac dock

i mean if i need <x> os that bad i just reboot lol

what is that feature even called

where it does that

called 'unity' in fusion

i'd just call it host window server compatibility

¯_(ツ)_/¯

google moment: vnc for windows with unity feature

alright time to close the window on this 9gb ida db

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753844(v=ws.10)?redirectedfrom=MSDN

oh god

oh yeah

i found sshing into my windows VM was more effective than running linux vms

and just using WSL2 there

i might use hyper-v for linux

so i can ssh directly when using code server and stuff

https://cdn.quiprr.dev/f4IwJ3k9.png

those all only have one vcpu

alright time to close the window on this 9gb ida db
and now my pc is unusable

oop there it went thank god

pihole constantly serving dns, quiprr.dev serving packages and shit, merlin kinda idle, draco never goes above 3 ish even when compiling

apparently tightvnc has something

interesting why its always at 0

what else should i virtualize

but can u use windows server as a normal OS

what is ur goal

i use windows server because its good and i have free keys for it

legitimate copies

how different is windows server from regular windows

im assuming a lot of shit is cut out

uh i mean

yeah

a good amount of shit will just fucking die

but can u use windows server as a normal OS
@gaunt mesa ye but dont

good for server purposes but not good for daily use

does 10 pro have hyper-v

if you've ever installed a window server to a VPS and vnc'ed in

does 10 pro have hyper-v
@gaunt mesa yes

virtual display manager

damn what are these things

https://cdn.discordapp.com/attachments/627601934463008796/771169121923498014/unknown.png
https://cdn.discordapp.com/attachments/627601934463008796/771168876422496296/unknown.png
@surreal mountain can you send me this i64

wtf is i64

is that IDA

yes

did you save the database

the .i64 file

oh

idb

i64 is a 64 bit idb

i didnt save the database

but i can

which one you want

please dont say both

ok

what arch do u want

I was just wanting to see which function got patched

oh

whatever the panic one is lol

did you have to pull out pongo or was this in the main binary

this is in pongo but its in the binary iirc

cryptic is the one that told me that but ik the dude was just distributing a binary

https://neosmart.net/EasyBCD/

@half walrus might use this with my PC

so i can just switch between windows and linux with no effort

i don't technically need them at the same time

mm

i'd suggest clover

can u change the booted OS from within the OS?

ie

alright i will be taking a break while ida does its thing

if im in linux can i switch to windows from ssh

and then from windows switch to lunix

not easily, didn't know that was a requirement

should be a way to edit the nvram and tell clover to boot <x> when it starts up

like for example

lets say im sshed into linux

which is what that thing is doing

i can just type something like 'boot-to-windows' and it'll reboot into windows ig

can any tool do that?

idk

hate it here

You could automate it yourself w/ clover

yeah u said its an NVRAM thing to decide which OS to boot right?

that was out of my ass bc i dont actually know

lol

so its either that or virtualize something

hey have you heard of opencore go get it btw im an arch user arch best lmao your using windows spyware LMAO

swap.sh

mount /efidrive blah
cat efidrive/EFI/CLOVER/config.plist | s/driveuuid1/driveuuid2/g > efidrive/EFI/CLOVER/config.plist
reboot

ezpz

i would use windows and WSL if there was something like unity mode for a physical windows thing

and have the config boot default drive with a timeout of 1s

cuz docker even has WSL support

lol docker is broken as shit on macos

yeah

which is why ive sworn to never run it on here again

that and mongodb

oh yeah fusion supports windows taskbar icons too 😛

BROO

damn

that is sick af

need this for non virtual fucking woe

it's not do-able without a VM running somewhere

windows being able to boot a linux kernel is nuts already

nuts

windows 10 pro, but get this: i run a windows 10 vm

then i can profit

renai

use your build server

put ws on it

virtualize w10

virtualize sashimi

profit

just use vmware to virtualize

vspehere is saas

ok

i literally just need the application virtualization thing

and im good

wait

App-V exists

https://i.imgur.com/lnpi4YS.jpg

i wish i had two monitors

good lord that's so compressed wtf

ok anyways i dont use unity much

woe

make multiple desktops on both screens then

set top left to mission control

drag mouse to top left i need to use 2nd monitor for non windows, otherwise it's fullscreen

macOS window server is unbeatable

is it possible to ssh into WSL

yeh one sec

for vscode-server

VBoxManager createvm

oh god

install openssh-server via package manager (or equivalent ), ifconfig | grep -A1 eth0: | grep inet | sed -e 's/\s\+inet \(.*\) netmask.*/\1/'

wait i just realized one more alternaitve

ssh to that

trying to fix up my arch wsl install my mirrors are borked

i could do a windows VM using kvm

couldn't i?

and then just VNC into the virtual windows for windows only shit

that sounds a bit painful unless you have >100mb/s <10 ping

1.5gbps

the computer in question is next to my legs rn

under my desk

ah

and since i don't really need windows for heavy shit and if im gonna play games then just boot into an actual windows dummy that i install

i was gonna say if you had that download speed

https://shadow.tech/

shadow nfr

I got to try the beta

right when that came out

is it nice?

i didn't like geforce now that much

how fast is your internet

it was

lemme find the bell package

it was worth it on my laptop when I had 30mb/s 50 ping to it

it wasn't worth it here on my 2MB/s

bell website is slow

so instead i just melted my iGPU

LMAO

did u know u can crank an intel HD 630 up to 15x

with The Ritual™️

+30mv to cpus, +150mv to iGPU

underclock cpu to 5% performance

cool laptop to 60F

bro im trynan show u the plan

but bell sucks

incriment from 11x up to 15x in .5x incriments

100FPS in tf2 on integrated graphics

wtf

anyways yeah i have 1.5gbps/900

or sm

oh yeah and once it's at 15x you can then undervolt your cpu and turn on turbo boost

isn't it dangerous to undervolt

poor fucking laptop ran at 90º C for hours

isn't it dangerous to undervolt
on the contrary i'd reccomend it

uses less power

makes less heat

stable as fuck on windows with throttlestop

can do -150mv there

wtf

-75 on macos with volta which runs like a Packix $1 tweak

i've bought it 3 times bc the drm is broken

and i ended up having to pirate it anyways because it's just fucked

but it's the only program that can undervolt and enable turbo on macos

@gaunt mesa

jlues

need a 3rd monitor ffs

wait i have an ipad air

i need monitors

Not Charging

screw u appl

it always says that

bc my keyboard only puts out 1a

have a spliced usb hub somewhere 1 sec

i need a good setup

i hate the fact that i do a lot of docker stuff and my macbook just can't handle it

someday i'll move to canada

are you canadian
@vivid dew

mcat better hire my dumb ass eventually

frnod

@tepid olive https://twitter.com/arm64e/status/1321988771638902787?s=20 assistance is welcome

i'm really not that good but i mean i could try

do you dev i cant remember

has been a while i touched objc

just grab flex

i did make one thing but wasn't really advanced

and dick around

that's the stage i'm at rn

does windows server run windows VMs well

@half walrus burrit0z made some progress on that

interesting

@tepid olive

would need a little more than basic passcode, would be really nice to have some sort of security layer?

that's the goal here

yeah

also what stops you from just.. you know.. rebooting lol

wonder if it would be possible to make it auto enable passcode before rebooting, or implementing a mechanism there

highly doubt it tho

sep is pain.

nah it just kps if you try

so passcode is 100% stored in sep right

ayy welcome back krit

Please don't promote hacked pongo builds :/

i'm frustrated enough with the fact it was a manual panic in pongo and that wasn't disclosed to tweet it out (with a disclaimer ofc)

i've been stuck with iSH and sshing into a VPS from my phone to unzip files for a month

oh yes files app

requiring bsdiff and having no usage instructions on the github is enough of a barrier to entry

if it took me 5 minutes to get it to work, hopefully most of the 'special' users won't be able to

@half walrus so when booted on 14 with no sep vuln anything enabling sep panics it right

dont know

SEP isn't in my area

not very interested in hopping into it

alright

well

on iOS 14's SEPOS, when you send the SEP a request to decrypt the user partition, it checks if (something? a few registers i believe?) have been brought up, and if so, the device was booted from DFU, so it panics the device

yeah that basically

couldn't the key for the registers be bruteforced or it's timed

https://twitter.com/tihmstar/status/1288217096141275136?s=20

here's tihmstar triggering the panic, i think I got this about a week earlier

krit

help with ida

so i want to go to the panic function

how do i find it

go to string view, search for either "killing task" or "due to crash" or "FAR_EL1" etc

xref the steing and you should land in panic

also you can look at pongo source online to aid

no desire to deal with their obfuscation today

obfuscation is so annoying

like

i opened an obfuscated dylib of my own tweak and realized just how bad it was

oh lol I forgot about the obfuscation

currently dealing with a null pointer dereference and I have no idea where its coming from

it's not hard to get an unobf pongo but it's not what i want to spend my time on rn

https://github.com/checkra1n/pongoOS

still waiting

publish the jailbreak as my own

lmfaoo

krit what compelled you to return

me

fuck

krit what compelled you to return
@tepid olive a11 i14 patch

is why i'm in the server rn

also irc is dead

are you going to leave again

what irc

saurik's

probably gonna make my own tonight while I wait on IDA

sp3 👀

are u

oh yeah you paid

what's in sp3

dunno lol but every time I get an email from hex rays it's like christmas when you're 10

ikr

Key highlights:

• improved macOS11 kernel debugging with VMware Fusion 12;
• improved symbolication of MH_FILESET kernelcaches;
• fixed some potential crash situations and enhance IDA performance by fixing minor errors.

IDAPython: ida_bytes.bin_search documentation was lacking

fucking lol

🤣🤣

i specifically remember trying to figure that one out

bruh, most documentation is lacking. It's so ridiculous. Like you can get the next typedef in a typedef chain but that returns a string and not an object so you can't get the typedef after that one

but then there's the times where idapython "just works" and it's amazing

yeah that's why i was laughing

all of the docs are fucked

this is what i ended up using for bin search

nice

sometimes ida just magically fails with get_type

other times it works fine

https://github.com/KritantaDev/iBootLoader contribs welcome

so annoying when you're trying to demangle and parse c++ fxns

lol that embed icon has been cached for over a month gg discord

goal with this ibootloader is to have complete coverage and 50% symbolication of all (64 bit, most likely) securerom dumps

WHY does McDonalds have jb detection

lol right

Literally all I want to see is if I can get a free burger when I make a new account

well

that's why right there lmfaO

That's what I was able to do with burger king last week and got a whopper for free

no like actually legit

I have never used the mcd app

dont think they have deals like that

liberty lite beta works on mcds btw

but the regular deals are really good on there

krit make ur own irc ill join

i'm gonna shove this into ida and it's gonna be a 500 mb OLLVM bin lmfao

lol

more like 500MB of frameworks

loool

the sonic app is

i actually want to check right now

yo sonic

i think it's native

but it looks like a shitty web app

it's impressive

I should check for new acct deals there

nah

they patched those

bk app seems like a shitty web app also

@tepid olive
@half walrus ?

No I'm trying to do this legit

bk app makes my phone unbeliveably hot

scroll up on that msg @tepid olive

Oh

Passcode thing

yoy

Lol yeah I’m working on that

what'd you figure out

i had this idea a month ago i wanna do it

Well I got it to the point where I can fake the passcode screen, I just need to find the right way to present it and block unlocking of the device

I’m not going for a full passcode replace I don’t think, probably just a unlock passcode

Lemme find the video

ok so my goal is

figure out how to trigger it at the lowest level

no encryption stuff ofc

just to see how much can be fixed

Yeah rn I’m still at surface level passcode because that’s all that really matters to me

https://media.discordapp.net/attachments/688124600269144162/771550010612383764/unknown.png

end goal here^

But ultimately hooking whatever determines if passcode is on, and then intercepting the call to check hash via sep is the goal

Ok I read

yep

yeah u nailed it right there

makes me giddy watching ppl independently having the exact same ideas i did with this problem

Iirc I did find a useful class that could have told springboard whether a passcode was set but I forget

I’ll have to look on my test device tomorrow, I always take screenshots of classes in Flex to remind myself

need a new twitch username

hm

cockmeister6969

What about face id devices

@tepid olive

oh wait nvm

what abt em

I forgot you could have an actual passcode lol

Yeah im not tryna fuck with Face ID if that’s what you are getting at

May as well rewrite springboard

you literally made cock id stfu

SHUT

when

when what

cock id when

Oh it already exists

omg the boomer is streaming

Ok

who

is the boomer

i was browsing twitch at 2 am

tf2 section bc there's a ton of 0-3 viewer streams

where you can really just chat with the streamers

So does reapplying a passcode after booting the modified checkra1n panic?

and i found this like 50 year old dude streaming tf2

No

@noble rover yes

Wait

Yes

It does

Figured

I thought you were asking if it panicked after rebooting

I didn’t read sorry

Because that is triggering the SEP

I’m trying to figure all of it out

SEP doesn’t permanently get fucked

How exactly is the patch working

The patch is not really a patch

stops panic

pongo was panicking

Panic --> nop lol

thats all it does

on its own

so stupid

manually

it's stupid that that was put in

It patches out the kernel panic that pongo put in to save SEP

^ why?

yeah my thoughts exactly

why is that a thing

To stop people from using it without SEP

^

Makes sense

because... the checkrain team is probably finding the best way to approach the issue?

^

cock are u gonna release cock id

Disabling SEP - It’s just not a good idea for anyone who cares about what’s on their device

i like how i can participate in this conversation solely using screenshots of a chat from a month ago

and shitty patched pongo floating around isnt ideal

because... the checkrain team is probably finding the best way to approach the issue?
@tepid olive sir this existed before 0.11.0 im 99% sure

I don’t care about the data on this device. Its my test one I use betas on

?

I don’t have anything personal on it

@tepid olive arbitrarily limiting the capabilities of something typically results in those limits being patched out :)

see: ios

Hhahahahah

Good point

Side question: if I reboot can mcd still detect jb

cock are u gonna release cock id
@surreal mountain no

i think so yes

IOS itself is a good example of that

@surreal mountain no
@tepid olive why not

@half walrus yea I guess but it was still shitty of the guy to do that

disagree

don't like the dude actually, but i'm very grateful he did this

There are too many false positives with cock ID, my algorithm has a hard time determining the difference between two cocks (yes I tested) @surreal mountain

bro?????????????????????

now you have a shit pongo floating around, and then checkrain team is gonna get a bunch of nonsense questions about "why doesnt this work??"

And having a stranger be able to pull out their cock and unlock your phone isn’t good

and when they finally drop the update for a10 and a11 it'll still be out there

And having a stranger be able to pull out their cock and unlock your phone isn’t good
@tepid olive yeah but how they gonna know

Well

and inevitably stupid people will be still using patched pongo creating an influx of stupid questions

If they didn't want this to happen they should've made it possible to disable their own arbitrary limitations

Yeah this sucks for the checkra1n team and it will suck for geniuses to help with especially once the actual official version comes out

reminds me of people shitting on coolstar for patching substrate

its a 13 year old kid he doesnt know any better lmao

like ok, saurik wasn't doing it so why the fuck is it an issue

if you fight hard to be the singular service a community uses, dont be surprised when people patch it to work after you abandon it

@surreal mountain would you like to help improve Cock ID by providing us with data we can use to train AI and increase the accuracy?

Maybe the limitation was there so they could figure out the best way to approach the problem of the sep without degrading the quality of release builds?

@tepid olive is there a size requirement

Well it must be large enough to be visible

shit

Maybe the limitation was there so they could figure out the best way to approach the problem of the sep without degrading the quality of release builds?
would've been nice to at least disclose

So that might be a problem for you

Yeah

creator of Pongo Patched is 13? Lolwait

yes

even without instructions on how to fix it

Another issue with cock ID - what if you get a boner

what part of the cock

does it scan

"you want to jb your ipX on 14 you patch it yourself" would be perfect

It’s cock ID not Nut ID

Another issue with cock ID - what if you get a boner
@tepid olive Setup Alternate Appearance

yes but

there are multiple parts of a cock

yea but then that's pretty much inviting unlegit patches to float around

creator of Pongo Patched is 13? Lolwait
@tepid olive

there are multiple parts of a cock
@surreal mountain yes but there is only one cock (I hope)

yes but

what part

THE COCK

THE ENTIRE COCK

reminds me of when I was 14 and started releasing hax and doing stupid things

yea but then that's pretty much inviting unlegit patches to float around
sounds familiar to a certain mobile operating system

NOW CAN YOU PLEASE JUST SUMBIT YOUR DICK PICS @surreal mountain

I’m not gay

give me source code please

Source code is shit code rn ngl

I need to fix it

give me repo access

ill clean it up

Too much maths

ill clean it up
@surreal mountain clean up Cock ID

yes

i will

do it

On

i need to do math homework

yea but checkrain doesn't even compare to the sheer scale of ios. It's managed by a small group and control is the key to sanity when providing such a tool

due at 10 am tomorrow

Allah

Ok I dm

ok

yea but checkrain doesn't even compare to the sheer scale of ios. It's managed by a small group and control is the key to sanity when providing such a tool
normally i'd say it was rude to drop that patch, and i'm annoyed at the fact that it's being promoted as user-ready by jailbreak grifters

but it was kinda brought on themselves

had i not been told by someone on the team that the panic was in SEPOS instead of pongo, i would've done this myself a month ago

:p

🤔 there mustve been a good reason to ship pongo with the panic, but idk. Just doesn't sit right with me fully

I understand why they did it

100%

it would've just been cool to know

By putting it in checkra1n they would imply that it’s user ready so

Even if they stated it

People don’t read or don’t care

had i not been told by someone on the team that the panic was in SEPOS instead of pongo, i would've done this myself a month ago
@half walrus yeah this is stupid af

that someone actually said that

because this is nowhere near user ready and it's against their entire mission of a secure jailbreak and what they've been promoting for years

@surreal mountain it was a mistake on their part

misassumption

Ok well I’m going to bed, krit if you actually are interested in faking passcode I’ll just be doing some digging in the morning during my study hall, so I can let you know if there’s anything of importance

been interested for a month lesgo

we out here

if you want to do a colab tweak i'm down

Except when other devs release products ( fake passcodes ) on top of “nowhere near user ready” product, the users see that as its user ready.

https://cdn.quiprr.dev/XjSWhT0x.png

allah

yep, thought a lot about how it needs to be marketed

a la "insecure" being in the name of the tweak

"Insecure Passcode" or something along those lines

Not-A-Passcode

OpenGate is the name of my drm

derived from

the boring company's Not A Flamethrower

Lmao

which was actually a flamethrower

@half walrus when eta we do collab tweak

that isnt insecure passcode

OpenGate is the name of my drm
@tepid olive mine is dire

Question

Abt Checkm8

And you think people read names of shit they download?

co

gg

Tbh it’s kinda hard to call what I have a DRM

er

The exploit exists in A12 correct?

Abt Checkm8
@noble rover what

@twilit jungle here's the thing

uh

the bug does

smh not using calypso drm

@noble rover yes

the exploit doesnt

the bug does

What abt A13

no

no

if someone grabs my phone and there's no passcode, they get in right now

smh not using calypso drm
@gaunt mesa what is its name

that isnt calypso drm

cuz

I walked around campus today with a phone with no passcode on it

So A12 didn’t fully patch it but A13 did

calypso is name of multipurpose api

nobody gets usb access to my phone

@noble rover yea

If I had annoying friends I would have been fucked over

yeah i wont be upgrading for a while

i have nothing illegal enough to warrant me being worried about encryption

No one ever touches my phone

and anything i do need encrypted is in a removable encrypted drive on my pc

but

@gaunt mesa will i need to switch lx endpoint since calypso go bye bye

enough

Encryption

every time I would hand anyone my phone I would get anxious they would tap discord or photos thank goodness for bioprotect

@gaunt mesa will i need to switch lx endpoint since calypso go bye bye
@surreal mountain for what

dm

@tepid olive what was the reason the bug couldn’t be exploited on A12 again

i want a passcode on my phone to prevent non-XxHackerMan420-types from getting into it

and most users aren't concerned about encryption either

Yes except thats the problem, you shouldn’t have gotten the device to that point in the first place. Like you can live on the edge all you want, just keep in mind users aren’t always going to have the same mindset as you. They aren’t going to be informed about how much risk they are at.

and they're going to install a bunch of pirate tweaks and fuck their phone anyways

@lethal kayak No bootrom memory leak I am 80% sure

@lethal kayak No bootrom memory leak I am 80% sure
@tepid olive ah ok

i'm not going to sit on a product useful for 10 people because 100 people are going to use it wrong, that's a waste

@lethal kayak No bootrom memory leak I am 80% sure
@tepid olive per siguza you are correct

^

we need a memory leak on a12

I have another question. Blackbird. Why is it needed? And why are the checkra1n ppl using it. Didn’t they say they didn’t necessarily need it?

I need

I need

ok

I need my battery to last all day

blackbird is a sep exploit

I have another question. Blackbird. Why is it needed? And why are the checkra1n ppl using it. Didn’t they say they didn’t necessarily need it?
@noble rover they do on 14

https://cdn.discordapp.com/emojis/742417322823909457.png?v=1

it gets code execution in SEP (well, arbitrary SEPROM loading)

the sep is not decrypting the partition(??) when it is told to when it boots from dfu

allah

checkra1n does that

and needs to boot from dfu

I have another question. Blackbird. Why is it needed? And why are the checkra1n ppl using it. Didn’t they say they didn’t necessarily need it?
@noble rover the SEP panics if you boot from DFU mode. You can’t patch this via checkm8 because there’s a separate SEPROM that you can’t modify, and it checks validity of the SEPOS

but sep doesnt allow that

this means they can just patch out the code that panics the device when booted from DFU

Shit I woke up at 5 am today, I need to sleep

and disable sep @half walrus

So if Apple patches blackbird

they cant

They can’t

They can’t

Not by software

They can’t?

^

a9 and a10 are actually done now

it's an SEPROM bug

I mean that’s awesome

not really

but it doesn't work on 64 bit seprom

Blackbird exists in the seprom like checkm8 exists in the securerom/bootrom

from sec standpoint its terrible

lol

@upbeat wyvern do you know why this error on python3.7 when installing PyQt5?

ERROR: Failed building wheel for sip
  Failed to build sip
  ERROR: Could not build wheels for sip which use PEP 517 and cannot be installed directly

Full log: https://pastebin.com/XqpNg7yR

Which devices use 64bit seprom

from sec standpoint its terrible
@surreal mountain yeah of all the jailbreak bugs exploited blackbird is actually horrifying

A11?

A11 and higher

A11

Yes

a69

True

Ahhhh so that’s why it doesn’t work on A11

@primal perch

Except those 10 people that it would have been helpful to should/would know what they are doing to have other security measures in place.

but it doesn't work on 64 bit seprom
@half walrus pretty sure its been exploited

at some point

Wait

Bruh

just difficult

is what clarity said

Except those 10 people that it would have been helpful to should/would know what they are doing to have other security measures in place.
i want a passcode so my girl cant grab my phone and look through it

and im 99% sure hes been doing it on his own time

i also want to jailbreak my phone

Due to AMCC? I believe

right now i cant do both

what is amcc

i develop tweaks, so i can accomplish that

Imagine having a girlfriend

i develop tweaks, so i can accomplish that
@half walrus true

Imagine having a girlfriend
@tepid olive

Like I said you can live on the edge all you want, just don't release something that is going to harm more than it does good.

sucks

literally

wait wtf

Wtf

you planned it

A planned breakup

my brother did that

when he went to college

Bruh

i mean

his girlfriend was a junior

Lmaoo

are you supposed to just randomly decide it and randomly drop it out of nowhere

No

what is amcc
@surreal mountain like KTRR but KTRR doesn’t make sense to say in the context of sep

does she know

no

oh ok

yeah ive done that

But “hey bro how about we break up on Saturday”

i feel awful about that lol

Lol

i thought it was like mutual

lol

But “hey bro how about we break up on Saturday”
lol my last girl basically did this

maybe this isnt a lol moment

u ever have to help someone break up with u bc they're not able to handle it

Hello bro I’ve been thinking and I need new guy. Ok bye, thanks

im basically a child

so

Imagine if ktrr didn’t exist Sadge

negative

im basically a child
@surreal mountain I’m 14

i'm surrounded by child help

Don’t worry I leave

And sleep

Maybe

If KTRR didn't exist I could make my own executable pages

ye sad

Ok now I swear I go sleep

kinda crazy how kaslr didn’t even exist until iOS 6

Bruh imagine no aslr

NOW I SLEEP

its a force panic

pongo panics

not xnu

yeap

I already have custom kpf + pongo

can do everything except blackbird so far

too lazy to write kpf

I didn't

I just patch the checkra1n one

any good patches/additions?

about to start digging into passcode shit woo

mfw krit dont follow me

intjsad

krit would love my twitter bio

@gaunt mesa

https://cdn.discordapp.com/emojis/714126799457746944.png?v=1

allah

im one of those

lol

my top tweet is that one negative one

I don’t care about jailbreaking for the tweaks anymore I just care about it for the sole purpose of achieving it

Lol

i just need a shell

all i need in life

True

iSH is nice but also i586

Also filza is convenient

boy

is there

another screenshot program for macos

preview crashes 40% of the time i open it

$ echo $PWD
~/ios/tweaks/HomePlus/HomePlus/HomePlus

Make one

modding existing things > making new ones

there’s ShareX

True

ShareX good

I'm a low level dev shits way better than userland

Also open source

amen @ cryptic

need to write a xor string script for adrp which is a big pita

when your IDA finishes analyzing in 10 seconds bc iboot is smol

I like low level but it’s much more difficult to find resources to get into it than userland stuff

I like low level but it’s much more difficult to find resources to get into it than userland stuff
have ranted about this somewhere

lol the analyzation time of iBoot vs kernel

once checkra1n becomes full oss

thats all the resources we need

for the next decade

https://twitter.com/arm64e/status/1312566046432342016?s=20

https://twitter.com/arm64e/status/1312566047640375296?s=20

I guess I'm in my little group of low level

#LowLevelClique

yep pretty much lol

It’s like

4 members but only 2 are really active

cough ultra cough

only reason i have a symbolicated watchos SROM is because i have the right friends who know the right stuff and have the right leaks

cough ultra cough
@faint timber true

While yes I know aarch64 assembly there’s a difference between knowing it and knowing how a C function is structured in assembly and being able to disassemble something

I'm really interested in syscfg nand stuff rn

but can't get the dscd stuff to communicate with kanzi

guess its different?

knowing assembly vs knowing how to read disassembly

Ye

latter is easier but once you learn how to write it it's all easy is cake

ftdi can't find my kanzi even given the correct vendor/product

and you become a god at debugging userland stuff

I can debug restoremode kernel

sep in the way of full demoted userland debug

https://github.com/KritantaDev/timestop/blob/master/Symbols/ROM/t8004.py

world out here sleeping on public srom symbols smh

I still need watch psychic paper

need to grab my ecid

You should write a bootrom patchfinder to symbolize all roms

i should do that

i should name it iBootLoader

patchfinders are very easy to understand once you get over the conceptual barrier

and i should upload this patchfinder named iBootLoader to my github

Poll:

Should I make checkra1n RE resources public?

Y|N

gm

https://github.com/KritantaDev/ibootloader

does memset still have that 0x0101010101010101 immediate MOV in bootrom?

@faint timber no

krit i got hyper-v setup btw

@tepid olive all I need is a reason to sway a side

wdym?

would like an argument for no vs yes

You should write a bootrom patchfinder to symbolize all roms
i did 3 months ago and like 3 people noticed it lol

Oh cool

@faint timber no: disrespectful

I wish there was astris for a11

it's an IDA loader, not a patchfinder

no a11 product in astris

only a10 d10

and d11

@faint timber no: disrespectful
@tepid olive someone else blogged about their RE on ch1 and got complimented by the team

so

¯_(ツ)_/¯

I am pretty sure that was pongo

@half walrus that was for 0.9.8 prior to improved hikari so its ancient

march

March

i mean just ask them