#development

@lime pivot .

what is the E.

every time I make an assumption in my code I always think of how such assumptions destroyed people’s lives 😬

not that I can affect your life much

well imagine cephei causing a kernel panic during an important call or right before it, so you miss it

eee

see that’s why I don’t like this crazy code injection shit sometimes lmao

yeah i always worry i might get a kernel panic during something important lol

letting code be injected into random background shit like CommCenter is so scary but that’s another rant

I mean I just reinstalled macOS cause I finally got so sick of performance issues

and ended up just noticing that Catalyst is broken as fuck, when I’m literally on an almost bone stock install

no hacky shit installed, SIP is fully on

why does the text messaging app which is the one that’s on my phone that never crashes, have so many issues on macOS

MobileSMS on the desktop was a mistake

what does E stand for

It stands for 14

ok

@gaunt mesa did you sleep

yes

2 hours

good I’m proud of you

thank you

Who can help me pirate macOS
@tepid olive

@tepid olive
@manic forum

@manic forum
@tepid olive

did you somehow get discord quoting back or are you manually typing it

@manic forum downgrade discord to v44

and youll have quotes back

v45 introduced replies

but then i can't see replies

yes u can

it has support for replies but not sending them

wait really

that's dumb

no

this is good

fuck replies

i mean, it's good but wtf

Old discord build, but now I am on pc

So this is new discord now

If I switch to iOS I can use quote again

Ok

u are literally

https://cdn.discordapp.com/emojis/712506651520925698.png?v=1

https://cdn.discordapp.com/attachments/688124600269144162/785874911234359377/unknown.png

:frmask:

Check my status

true

balls/nuts

are those your pronouns

Yes bro

How did you know

careful someone'll call u transphobic

got called transphobic for saying my prounouns were bean/beans

absolute disrespect

be cool to know what they are appcode

i'd check in xcode except it has different errors

"yea theres an error good luck bro"

is it the @available shit

it's likely a symbol collision between two exploits

gonna just disable one for now till i can properly fix/rewrite one of them

now they are "idc/idc"

according to twitter

that is indeed on my twitter you are correct

c++

this is the code causing that

in xcode anyways

in the other IDE it gives an entirely different error

despite being the exact same project

mm finally

kernel panic time

Self new

New

These look like c++ errors?

c++

jfc

the zecops exploit is nuts

Anyone have an idea why I can see some symbols in nm, but I can’t get them with dlsym?

which one

I’d respect that

FTS i assume

@marble tiger nm lists exported and non-exported symbols, dlsym only finds exported symbols

god its so

wonderful

MSFindSymbol can find unexported symbols tho

15 successful tfp0's in a row w/o a reboot

how far back does this vuln span?

Sweet, thanks

what's the exploit called again

FreeTheSandbox_LPE_POC_13.7

post exp is broken in the POC app

12.0 iirc

might be 13.0

i have a question 👉👈 😳
how to install gcc/clang?

@tepid olive what platform

iphone7

https://cdn.discordapp.com/attachments/664531448665210880/785935145786015785/unknown.png

'-'

Please tell me you didn’t copy gcc from your pc to your phone

no

what jailbreka are you usoing'

i tried iphone-gcc

what jailbreak

are you using

checkra1n

bruh

ok

Install from the repo of the bootstrap you are using

go to cydia

and search for clang

[[clang]

i tried

fuck

[[clang]]

that one

but it say "i don't found stdio.h"

get that

then you dont have stdio.h

ok but why

you need to get an entire toolchain and sdk

oof

;-;

i copied my includes form my pc

x)

it say gngngn i can't link "System"

Follow the official theos setup tutorial

what's the link?

Its on the wiki page of the github repo that you should have cloned

google dot com slash search question mark equal sign github theos setup

thanks

True

who pinged

me

woe

@lean ridge mov x16, #0x25 ; me

woe

halp i'm noob ;-;

i ;'c

i have the sdks

i'll see the interminable help ;'c

@tepid olive use the sdk in the arguments

-isysroot/path/to/sdk/root

ok

Then link frameworks / libraries as necessary

'-'

what are you trying to accomplish

to fuckin compile a hello world ;-;

do you have a mac

no

L

well i installed

get the linux toolchain

https://archive.quiprr.dev/developer/toolchains/linux-ios-arm64e-toolchain.tar.lzma

fuck

My man he’s just compiling it standalone

bad link

@primal perch ok

and

Just use sdkroot like that and you can compile

Clearly a tool chain isn’t required here because he already using arm64 clang

how

Scroll up

no

i added the arm clang to the PATH

Frcoal

from the toolchain

Well you can either do that all manually or use theos tool preset

it's frustrating feeling as dumbass '-'

i installed from the wiki

there is no

._.

gimf

wait

i'm dumbas

i put 11.3 instead 11.2

it work :3 \o/

Thats included in SDK

Its a c++ file so you have to specify which std lib to use

'-'

i'm cursed with my stupidity

?

nah

i doubt

@tepid olive show code

#include <stdio.h>
int main() {
  printf("Hello World!");
}```

is all the code needed

sir that code wouldn't work

int main(), but return

worked for me

It does cause main is special

not as good as it could be but poc

it is bad practice and main is not special

remove the void

master is not special but main is special

@surreal mountain thats irrelevant

o

remove void '-'

the voids means it doesn't take any args

why

and

@tepid olive keep it

or just ()

ok

fr2

this guys emoticon faces are pain

idk why yours doesnt work

nice

'-'

@misty cradle true

#include <stdio.h>

int main() {
  puts("Hello World!");
  return 0;
}```

this works fine for me

put that in main.c

clang main.c

ok

./a.out

it's the same code

just you replied "lol" by "hello world!" '-'

what's "9"

maybe the signal

SIGKILL

'-'

You need to give a couple entitlements to run outside of the sandbox

are you signing your a.out executable with ldid?

oh

wait

no

are you running this on ios

yes

stop

dont do that

oh

'-'

oops

i compile on my pc and i run on my iphone '-'

ldid -s a.out i believe

I think that's the most inefficient way to learn programmi g lol

idk the ldid shit

oh ok

@tepid olive true

why not just run it on your computer?

@tepid olive ldid -sa.out

ok

@grave sparrow thanks 🙂

ur right

mine just worked

i didnt do entitilements

ill scp and test

he needs ldid -S<entitlement file> -P ./a.out

bad cpu type

where the entitlement file is an xml of entitlements

same

it's killed

Just run it on your computer

Not worth the trouble of fighting with ios

yeah tbh run on pc

but ;'c

and that way you can easily debug your code and stuff

but i wanted to make a

u can do it on ios

but testing isnt worth

i wanted to try to make backdoor '-'

for fun ;'c

bruh

backdoor

bro

hum

i'm bored idk what to do

Thats not how backdoors work

if i get the right tool i can compile my code for ios without change it ?

backdoor

;'c

stop mocking me

Wtf are these emotes

IM SAYING

nice pfp

@tepid olive the tutorial to backdoor is in here

if you want to make a "backdoor" you should learn programming first

@tepid olive u look like a 8 year old in pfp bro

And fighting with ios will be the most painful journey lol

ahah

waiting for christmas

ios is aids

Ok

just use some like js or something for reverse shell

@tepid olive u look cute bro

no

not in bad way

procursus has node

i wanted to make a programe that run in background and sans sms '-'

ok

by reading sms sqlite database

oh

learn c/objc

then make daemon

uroboro's github has examples for both

🙂

yea first you need to have a solid foundation of programming you cant go from hello world to that in one day

Or in a few weeks

i made a tweak with no prior knowledge

dont recommend it

well if you change the definition of one day for yourself, you can do everything in 1 day

fr

Never sleep

i mean

true

oke

@ krit

with macos its more easy or not to compile for ios 12 ?

I mean

What are you trying to compile?

It depends lol

it depend of what '-'

what you're compiling

etc

c++ '-'

But for what? to make app, game, tool, or OS?

to test

i already made a normal app with xcode

So tool, in that case its going to be the same on any platform with Theos.

Once you've setup it's just as "easy"

all that differs is the setup

With the exception of working directly on device, you have to be a little crazy to do that.

:(

i have already made a hackintosh it cant be more difficult no ?

lol

Shouldn't be harder

true

i know mdr

But I dont understand why you insist trying to run on device

It would be so much easier to develop/run on a computer

there is no fun to run on windows

oh

fair lol

wait is this the same person o.o

no '-'

why do you always end with '-'

mdr

yes

je suis mort

Yeah you switched accts lol

wtf is happening

no

Lol

...

or not?

no

i am confused

he's my friend

oh

yeah

quoi

oops

Its the same person on different computers, why is that so confusing?

understandable

no ._.

not allowed to don't speak in french

lol

ta mère

Mdr

not allowed to don't speak in french

damare

jte jure si ils vont dire oui oui baguette je les tue

j'ai pas compris la ref

lmao

copy and paste this into a file called ent.xml in /var/mobile

NO

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>platform-application</key><true/><key>com.apple.private.skip-library-validation</key><true/><key>com.apple.private.security.no-container</key><true/></dict></plist>

@tepid olive

wtf is this layout

And then do ldid -Sent.xml -P ./a.out

because it came from my notes app lol

why its so slow :(

oh understandable

Lol F

nah that's still scuffed

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.skip-library-validation</key>
    <true/>
    <key>com.apple.private.security.no-container</key>
    <true/>
</dict>
</plist>

ubuntu servers are not slow normalement

hi confused, i am tr1

not funny

hi not funny, i am confused

lmao

pls stop

hi pls stop, i am not funny

....

i hate ubuntu

hey, are there an easy way to delete all files related to an app?
as even after deleting from Settings->Storage something still remains, only rebooting helps to clean everything

😦

bool kernel_ipc_port_lookup(uint64_t task, mach_port_name_t port_name,
        uint64_t *ipc_port, uint64_t *ipc_entry) {
    // Get the task's ipc_space.
    uint64_t itk_space = kernel_read64(task + OFFSET(task, itk_space));
    // Get the size of the table.
    uint32_t is_table_size = kernel_read32(itk_space + OFFSET(ipc_space, is_table_size));
    // Get the index of the port and check that it is in-bounds.
    uint32_t port_index = MACH_PORT_INDEX(port_name);
    if (port_index >= is_table_size) {
        return false;
    }
    // Get the space's is_table and compute the address of this port's entry.
    uint64_t is_table = kernel_read64(itk_space + OFFSET(ipc_space, is_table));
    uint64_t entry = is_table + port_index * SIZE(ipc_entry);
    if (ipc_entry != NULL) {
        *ipc_entry = entry;
    }
    // Get the address of the port if requested.
    if (ipc_port != NULL) {
        *ipc_port = kernel_read64(entry + OFFSET(ipc_entry, ie_object));
    }
    return true;
}```

Use app manager

"Apps Manager" I think it's called

I don't think it will help, but I will check it. thanks.
there is something except of Data folders which hold memory

RAM?

wdym by that

swapped to disk?

ok

wtf

?

im glad they made the reply thing not copy the whole message

it is part of: https://github.com/Tr1Fecta-7/some-stuff/blob/master/Injector/kernel_call/kernel_memory.c

so much wasted space

I don't think iOS has swapping

oh idk for me apps manager gets rid of all traces of the app so it's like a clean install

@lethal ice i hax kernel memory in my freetime

But if reboot is what fixes it than it might still be in RAM.

fr2

@misty cradle u are literally schmu

@tepid olive i request cat picture.

wtf

You have to be in [redacted] for that

Also ban all the leakers

;-;

request advanced dev from nullpixel first

he will send... do not worry

fr

WTF

u leaked

👀

leaked what bro

i leak pwn20wnd source code only

who

are u

We have a ✨special arrangement ✨

http://security.ubuntu.com

tr1 has a ✨special arrangement ✨ with his uncle

@grave sparrow what does it do

shmoo my uncle

i thought this was supposed to be secret???

wtf

do only americans joke about getting raped by their uncle?

you are literally american lol

um

yea?

gcc main.c -S

emit asm is for losers

``asm

gcc bad

fuck

clang good

oh

thats easy

gcc

    .file    "main.c"
    .text
    .section    .rodata
.LC0:
    .string    "lol"
    .text
    .globl    main
    .type    main, @function
main:
.LFB0:
    .cfi_startproc
    endbr64
    pushq    %rbp
    .cfi_def_cfa_offset 16
    .cfi_offset 6, -16
    movq    %rsp, %rbp
    .cfi_def_cfa_register 6
    subq    $16, %rsp
    movl    %edi, -4(%rbp)
    movq    %rsi, -16(%rbp)
    leaq    .LC0(%rip), %rdi
    call    puts@PLT
    movl    $0, %eax
    leave
    .cfi_def_cfa 7, 8
    ret
    .cfi_endproc
.LFE0:
    .size    main, .-main
    .ident    "GCC: (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0"
    .section    .note.GNU-stack,"",@progbits
    .section    .note.gnu.property,"a"
    .align 8
    .long     1f - 0f
    .long     4f - 1f
    .long     5
0:
    .string     "GNU"
1:
    .align 8
    .long     0xc0000002
    .long     3f - 2f
2:
    .long     0x3
3:
    .align 8
4:

just a syscall

tf

yes i think so

lol

ok capt

if i wanna have something emit asm i just bonk mass1ve

@lethal ice is that why ur birth certificate says Alabama

i will guide u thru this

@misty cradle

so kill is a syscall

'-'

do u know how to perform syscalls in assembly

wait is this x64 or arm

how you say "la flemme" in english '-'

idk x64

arm64e

true

https://opensource.apple.com/source/xnu/xnu-2782.20.48/bsd/kern/syscalls.master

heres a list of all the ios syscalls

so searching for kill, you see it's defined like so: int kill(int pid, int signum, int posix);

yes

and see the 37 before?

thats the syscall number

idk u dont have to worry about that

x16

arch specific but ^

you put the syscall number in there, then the args are like a regular asm function

@half walrus this is ios

rax in x64

yup 37

decimal not hex

As in

3 * 10

• 7 * 1

true

True

as in 37 * 1

True

i mean you can but why

If you want

as in 74/2

A number is a number

you can if you want, the assembler will do it anywqays lol

just type ‘#37’

with the pound sign

yes

Or 0b00100011

yes

Same cause

but use # for immediates

Value

@half walrus does that mean csharp is cpound

without it so ugly

use the first one

readable

C# C-Pound

Balls

Nut 7

C-- literal when

otherwise you’ll open the syscall sheet and get confused about your code

set up your arguments then svc #any number really it doesnt do anything

syscalls are super straight forward i love

Svc #69

The only way

yea tru

yep

supervisor call

aka kernel takes over

no

No

The immediate is ignored by the hardware

that goes in x0 right?

Black fr

svc #X X is ignored by hardware

It does not matter

to whoever made this

https://github.com/char/akamai-deobfuscator/

i love u

char

Mellon

Meleon

yup

True

but now you need the arguments

int kill(int pid, int signum, int posix)

pid in x0, ...

80

Keep in mind there’s nothing special about x16 in hardware it’s just what the kernel interprets as “yea we using this”

she said i drove her away with my emotions

but also C doesn't use syscalls

just use svc #80

wtf capt depressed too

he knows this song

and don’t worry about it ever beyond that

this is a sad hours song bro

not normal

yes

Libc uses syscalls

args go on x0, then x1, then x2

and so on

x0-x7 then the stack

x0-x7 yea

Balls

stack

Push them onto the stack

use C

no

Subtract stack pointer, str

stack

why do you want more than 8 args tho

Objc

also you can use other registers however you want

wtf there are ads in npm

C standard is just that, a standard

if ur writing assembly using anything with 8+ args u shouldn’t be writing ur program in assembly

this is why js and nodejs bad

you dont have to follow it

Use x0 however you want, abi is for nerds

LOL

There’s 8 of them because electron

alias cat=bat

cuz bat is better

lol u gotta recompile every time to change the pid

Christmascoop

Christmascoop

someone should write an assembly interpreter

You might need to ldr if that doesn’t fit

But it should

@half walrus its called emulation

True

like on device

probably

why do people do this

https://i.imgur.com/2355pbm.png

That's called execution lol

obfuscated js

waot

how many bits per immediate arm64 @tepid olive

im actually retarded wow

immediates change size

For what

Wait I think it’s 19

no you're amazing

Mov

which mov

ye

The orr alias mov

theres like 500 movs and only half of them are actually mov instructions

I dunno lol

the rest are aliases lol

aliai?

you're talking about movz then i'd jave to look it up

Thought you’d know because of big brain

10/10 memorization

I only know the branches because they stick out so much

i know b/bl uses a 26 bit immediate

• 4 tho

True

No jank

it’s neat how many people here know asm now

"now"

X86 just jump to the middle of an immediate

Still not enough

yes

yes

used to be just mass1ve

wtf i learned assembly last year

Same

We wrote zoomboi bro

x86 is insane you can literally encode the entire destination in the opcode because of variable length instrs

Intjcum

X64 can have 15 byte long instructions

Well it’s for return

trust in x86

You don’t syscall everything

kernel will ERET back to EL0

you do not need a ret

ret

br x30

ret

True

br x30

this is gibberish to me and i kinda like to think i know what i’m doing

True

Arm and x64 are both cum

lol arm64 manual speak

ok time to hit up old dead friend

Lol it's just the result of going down rabbit holes

he had an akamai bypass

tor browser here i come

True

true

Beans

Not false

a nightmare is trying to solve recaptcha while in tor

krit exploit dev now??

Leviathan 13.7 eta now

no not yet

which is why i can’t flex this on twitter despite it taking like 6 hours

6 hours for what?

implementing it in this jb

When tr1 assembly

oh well it took me 4 months to pop 13.1.2 so you're not alone

main thing was i hadn’t touched the code for this jb or this exploit before tonight so

all of the post exploit code in the zecops POC is borked

and it’s also all interwoven in like 2-3k line files

and the post exploit for the jb is also borked since it was written for 12.x

So hyped to get the Witcher 2 tomorrow

fr2 after exam

Finally new cdpr game

i promise ok

feels like ive done everything else so at this point im ready

Join the club

And I still dont get anywhere

kinda feels like the process of writing a jb doesn’t take much skill tho

but there’s not really any opportunity for me to write my own exploit rn

u forgot mach port stuff

There's a lot of public bugs

and you can make your own bugs with pongo modules, patch the kernel inside pongoOS

Like nop out an instruction that zeroes a pointer field that is freed

big oof fuc

k

It means you need libtinfo

Damn I'm gonna change all my fatalErrors to "big oof fuck"

Are you on arch @tepid olive

Obtain ncurses5-compat-libs from the AUR

aye

you think its a coincidence that the person who spends significantly less time on (this) discord has more success

therefore discord = shit

shush

deleting account rn

bye

cringe

true

fr

optionals are kinda cringe ngl

FACTS

D 🌲

🎄

about damn time

still gonna use light mode

ive had that for months

github nfr mode

*frcoal mode

@lethal ice same I just deleted the extension

POV you use github light mode:

i didnt even know that existed noice

dark mode time

pepe 10 leave

[[balls]]

And you didn't tell us...

why do we put prefs in Settings.app

why not

fr

because when you change a preference option that causes the device to enter safe mode, you have to entirely uninstall the tweak to fix it

jfc

<@&355174844205367317>

fix

L

retard

hold

penis

gm

bro i dont wanna watch juventus vs barca

fr2

bump

gm le @eternal crater and le @restive ether

gm

Gm

https://tenor.com/view/stormworks-borann-boys-le-fishe-elite-dangerous-nanhat-gif-18989741

and le @ Administrators

true

why no Tweaks.app

true but then it's all in one place and we don't have to use some shittily made tweaksettings.app

Why do prefs need to be in separate process?

true

why do prefs exist

^

ios should read my mind and change to my will

balls

ok but this unironically

why do ppl make tweaks for apps then put the settings in a different app

u don’t go to settings to change the regular app settings

bottom text

copy pasta not available

read x0 after a syscall to get result code or output

odds are it just returns some predefined value that means error

@vivid dew did something of very little actual value

implemented the FTS zecops 13.x exploit

Leviathan.ipa

25.65mb

post exp is borked as fuck though

com.tr1fecta.sentro.0.7beta.deb

1 GB

true

too much furry porn in it

true]

it needs balls

maybe nuts even

u can use hikari to make a 50MB bin from a 1 line .c

https://cdn.discordapp.com/emojis/775867984123527178.png?v=1

for 64 bit things yes, i think 128 bit its shared between x0 and x1

it’s wherever the assembly wants

and anything larger like a struct idk

i see an emoji

i see that cringe anime screech

u used to send here

yes that one

yes

that

why do i keep getting ghost pinged here

fuck u whoever it is

ok

shep

no one wants to ping u @lethal ice

wym

true but it wasnt me last time

or i forgot

/s

@lethal ice @misty cradle pinging

compiled C is gonna shove it on x0, doesn’t matter where you put it in your own asm

lmao

ping

Who pinged

arguments and return values dont exist its just a standard of reading certain things in certain places

when u realise this while learning asm

true

i mean im retarded but it was a mindfuck

its mind blowing

you cant look at any programming language the same way

there are no variables

only number

only logic gate

true

ping

pong

pong

@misty cradle One of these days the ghost ping will actually work

die

Blocked

@restive ether ok

@inner quail nooo

:(((

GG

Demoted

Banned

there are 32 int variables and a fuckload of fancy words that do things to then

ok rev

Shunned

https://youtu.be/DtL_giO-EB8

Never

enjoy

No it doesn't, literally get a notification on phone and Discord Inbox shows it as well if I am not on the screen already. If I am on the screen then I can already see it. Literally never works.

not even words just program that takes words to more number nfr

Vibes

@twilit jungle true

well dnd mode on desktop

fr2

true

k

yea good job whoever is being a retard notifications are off now

gg

true

@here

@everyone

one day

@ Geniuses

true

we need to exploit the bot into pinging /s

it worked wtf

ultra here

who ping

same

balls

true

lmao

True

Fr lego

frleg

:body:

o

⭕

:body:

:body:

so half the channel knows asm now what’s next

🦵⭕

who’s gonna write a tweak in logic gates first

True

using f5 in ida doesnt count though @half walrus

so more like 1/20

Ok

Invite

pls join leviathan dev channel

true

https://i.imgur.com/nKam0uq.png

waiting.

trollkillher wtf

forgot how old leviathan is lol

voucher_swap moment

Who ping

pung

this is cringe

and any self respecting person will buy it anyway

you dont want to look like a brokeass do you ?

tbf

first airpods that don’t look dorky as shit

ive spent like 500 on headphones in the past few months and still got more value than whatever airpods max will give

they're not awful

Who ping

only reason people don’t say current airpods look dorky is because they were immediately associated with being “rich”

Tr1

llol tru

@misty cradle

it’s such a wack design for earbuds

who pinged

No bro it’s very cool statement

there was a spambot

Stayin alive

Indeed

oh sorry that was me

Oh

The pros definitely dont look dorky and the ogs still look dorky

Lmao

what was it spamming

facebook video link