#development

:t:

_ _

since when do middle schoolers get 9

What is sleep?

Something for the weak

https://cdn.discordapp.com/attachments/712918757852577832/846505534081597501/image0.gif

little progress guys....just a little more spoon feeding and my shitty code will be coming to a github near you lmao

https://media.discordapp.net/attachments/688124600269144162/846512078600798278/image0.gif

got it done guys! went over with a fine tooth comb and was able to find a property to manipulate. No more uilabel!...and yes it does feel good to do it on your own

Good job dude

lol thx...thank you all for the help...shade...etc

ngl this is a pog workflow

/cc @gaunt pewter

left is the term

awk "BEGIN { printf \"%.2f\n\", $(cat /sys/devices/system/cpu/$(ls /sys/devices/system/cpu/ -1a | grep -E 'cpu[0-9]' | xargs | grep -oE '[^ ]+$')/cpufreq/cpuinfo_max_freq)/1000000 }"

u use neovim?

i am proud

@gaunt mesa yes

Im trying to set up rust errors but doesn't seem to work

which intellisense plugin are u using

coc?

that gray line is colorcolumn used for errors

I just installed the rust.vim plugin

and set mode to use mac pbcopy

i've never used rust

so

people use rust but not vim

rust and vim go together like the c & b in cbt

I wonder if nano has more plugin like Vim

@shut stag my apologies for the ping, but I could not find another way to contact you. I am messaging about the WWTC presenter recruitment you posted on Reddit. Could you please send me a friend request so we could talk about it? Many thanks.

my dms are open

cognitive and behavioral

I don’t know what this is but it is cursed

so

I'm recreating neofetch in kwgt

that prints the clock rate of the last core as GHz

so 2.84

doubt that file path exists

on your machine

uh

what server

i need it

bc it's a different machine wdym

ur machine is not my machine

Sileo server

cause I steal shit

thx

@gaunt pewter you said to use enum but what if there is the enum type inside itself eg recursion

bout to get worse

I can't use double quotes

no one:

cargo not responding to | head

@tepid olive it’s in ios rtards

clone deez nuts

what if I don't know the contents @gaunt pewter

I just want to take a random plist and deserialize it with serde

true

deez nuts

boom

cat /sys/devices/system/cpu/$(ls /sys/devices/system/cpu/ -1a | grep -E 'cpu[0-9]' | xargs | grep -oE '[^ ]+$')/cpufreq/cpuinfo_max_freq | xargs printf 'scale=2; %s/1000000' | bc

clock speed in ghz without using double quotes

got the chug jug song stuck in my head

python will be there if you install python

iPad:~ root# python
Python 2.7.15 (default, xx/xx/xx, xx:xx:xx) 
[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.37)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>

based on that post it seems to be that it's trying to use Python and not python

@tepid olive do you have a problem?

rude emojis above

:stfuchristian:

not a thing

you’re not going to college

you’re going to war

man i wanna get drafted

they told u not to bro

ur not allowed

2-in-1 are allowed

so iPads work, but not M1?

go ahead write a gpu driver for a completely undocumented gpu

all development was done on a server at my uni and the best part is, when we did javafx shit with X11, xquartz would behave differently than x11 on linux. so we never knew whos code was actually correct

until apple rips rosetta off your computer in an update

this

it will

before 2023

didn’t they already take it off computers in some regions

https://www.google.com/amp/s/9to5mac.com/2021/03/02/apple-may-disable-rosetta-2-on-m1-macs-in-some-regions-macos-11-3-code-suggests/amp/

so i’m guessing this didn’t happen then

this is true

i am curious what countries are not so happy about this

go ahead go to 11.4

have more panics

@restive ether lossless or shit semi untether jb(14.5.1)

the choice pretty clear

14.5.1 has AM lossless? lol

no

thought it was just .6

oh

it’s 14.6 only

i misread

yeah fuck that lmao

so like it’s pretty obvious what choice

.6

xerub’s code is coming out this summer or later based on what he said so

for what

if you're A10 or lower then might as well update

the maybe untether exploit

idk

i did hear that is a possibility

do we know what versions

@gaunt pewter trying with hashmap now

probably patched by now anyway

it was patched in .6

it’s on the notes

well 14.5.x might have webkit yes

interesting gamble

but i’m finna take the lossless

rpwnage has a kernel 0day for it but he won't burn it atm

then again

i’m sure a tweak can be made for lossless on 14.5

not really an untether but no signing requied ig

thread 'main' panicked at 'fail to read plist: Error { inner: ErrorImpl { kind: Serde("invalid type: byte array, expected any valid JSON value"), file_position: None } }', src/main.rs:86:10

rust

why

give one reason why they aren't another fakebreak skid

well I mean there's no proof I guess but if I had a kernel 0day I wouldn't burn it either

that sounds fun

but I meant the webkit exploit

true

semi untethers suck now

my passcode tweak is coming along well btw

mfers either are bad at patching or it actually can’t be done

it even has lockout after 10 failed attempts now

probably gonna keep it private but it's fun

that’s great and all

I know it's not real encryption but it's still useful against illiterate people

I mean, noobs might think their device is secure, sure

I'm well aware it's insecure and might reconsider using this if I was going out somewhere but

atm I'd just rather have notification privacy

:stfubingner:

I mean it's not like my mom or anyone in the house is gonna reboot my phone

yeah

release it if you want

who cares what idiots do with it

i’m should make thanosfuck 2

I still have bugs to fix anyway, we'll see later, idk

I mean both sides have valid points really

like for me personally I'm fully aware of the risks of jailbreaking anyway being stuck on 14.4+ rn so I'd rather add some minimal security

it's really just handy to not have all the notifications show in plain sight on my screen if my mom accidentally turns on the screen or I do with her around lol

make it actually do what it’s supposed to this time

release it and make it not work on a11 devices

checkra1n SEP bypass meme

there will always be idiots who will end up disregarding the warnings and then complaining too but I mean it's kinda their loss then

"Only works if SEP enabled"

I'm also trying to make Face ID work but it's a pain in the ass

holy shit thats genius

i dont even need to make a tweak

lmaoooo

"Works if passcode enabled and SEP working"

$0.99

I can't even make simple [LAContext evaluatePolicy] work, let alone things that want to use keychain

I'm gonna release it with only an arm64e slice

too true

reject the past

accept modernity

I mean it will probably be relevant like 10 years later if we get checkm8 for A12

because BPR will also fuck A12+ over

@tepid olive out of the 8.8k+ stars on the apple/darwin-xnu github, ur on the first page

uhhh so this is interesting

very

not that

lolol

kicking my phone into safe mode from the "iPhone is disabled" screen (fake screen triggered by my tweak) fucked with my phone pretty badly

a reboot will probably fix it but

are you implementing the built-in "iphone is disabled" thing. Or are you making ur own?

I'm hooking the real thing

but it's at runtime only

no system files modified

or tricking it into actually disabling it in stock state or anything

wait... so rebooting the phone would get rid of the password :frba

yes

where did frball go

this is a weird half safe mode because both my tweak (I think) and maXscale are still injecting

ok a killall -9 SpringBoard was enough to fix it

over SSH

@tepid olive

I mean forcing the device to actually set a passcode but not enable encryption would probably be a pain if at all possible

this is not meant to be a full "your device is 100% secure now"

that's what I'm doing, the tweak enforces a fake passcode, but safe mode or reboot breaks it

I should add a "delete /var on 10 failed attempts" option

enjoy 0 gpu acceleration though

linux 4 lts or bust

what

what happening

does not matter

any of them

preferably without a heavy DE

i onlly know arch lol

shut up sheep

i didnt ask you for your opinion

no

sure

ok then

pick one

best distro is windows

random number generator

why out of the box

can i get some context

but still why out of the box

can't you make like a custom debian iso or something

if you want to use a distro other than arch

lol

Tweak.xm:143:29: error: use of undeclared identifier 'SBSSpringBoardServerPort'
                SBDataReset(SBSSpringBoardServerPort(), 5);

i gtg

TWEAK_NAME_PRIVATE_FRAMEWORKS = SpringBoardServices

ill be back soon

extern mach_port_t SBSSpringBoardServerPort();

gg

you can probably do arch too

:)

or any distro

well that doesn't change this at all

pick a distro

it doesnt really matter too much

ping me if you need help

wait do tb3 gpus work in passthrough on M1

now it says SBDataReset is undeclared

trying to set the y origin on one of my labels in a uitableviewcell...it works, however it doesnt update until i click the cell....any ideas?

using CGRect newFrame = self.nameLabel.frame;
newFrame.origin.y = 1;
self.nameLabel.frame = newFrame;

i've gone the extent of even trying layoutSubviews....still doesnt update till cell is clicked.....weird

has anyone ever had this error

*** First throw call stack:
(0x18af9b9d4 0x19e94cb54 0x1023b5a6c 0x1023b6628 0x18abd3298 0x18abd4280 0x18ab7cdcc 0x18ab7d8a8 0x18ab87338 0x1d099a5a4 0x1d099d874)
libc++abi.dylib: terminating with uncaught exception of type NSException
zsh: abort      remotecontrol pauseaudio```

this looks bad

lmao its always been looking bad for installer

no i just mean the app looks bad

true

but yeah everything they’ve done basically since the initial 5.0 beta release has been bad too

who the heck uses installer anyway

idk

i don’t know anyone who uses it seriously

now i just get

can’t you just link mediaremote and pause from there

no

All my homies use mediacli on procursus

[[mediacli]]

so true

mediacli with the JSON OUTPUT???

I know i will get downvoted to hell for this but will there ever be a time when you will be able to develop tweaks in swift?

You already can

can you point me to documentation for this?

Look up Orion

thanks

Its my understanding that many people feel pretty strongly about obj-c around these parts 😂

I mean some mfers act like using swift for thing is equating to killing their child

but that is about it

its worse because of the lack of usable pointers

and before you say swift has them

usable

your mom was usable until last night

did you break her

yes

wtf

did she cum too hard

yessir

glad she could have some happiness finally @restive ether thanks

ever since the divorce

downvoted to hell
don't let bs tribalism stop you from doing what you want honestly

the only people who will openly diss you for swift here are nerds who havent touched grass in a minute so just make them feel bad about themselves and ull be on ur way

quick warning don’t get the covid vaccine it’s poison

yep

does frida-ios-decrypt work

or should i use bfdecrypt

it should

does your cock work @restive ether

i’m pretty sure the only jailbreak it doesn’t work on is chimera

i have no clue how to do any kind of app dumping what so ever

hopefully someone pinned a tutorial here

no, ED

"cracker""xi+";

true

I still use bfdecrypt.

how tf do i reverse engineer apps

i have no clue wtf i'm doing

take binary into ida

press f5

cracker da app

I have contact with one the devs of it.

enjoy code

it still doesn’t work on coolstar’s jailbreaks lol

it’s been like 3 years

idk if that’s his fault but yeah

I think the dev abandoned it unfortunately

L

is there a good tutorial on how to use bfdecrypt

ill see you bitches on ios 14.6 @restive ether

install it

ok

toggle the switch for the app

great

open it

oh

that’s it

Its a preference bundle in your ios settings app, lol

oh

i thought it was more complicated than that

and then you just wait and hope it decrypts

because it doesn’t fucking tell you for some reason

is bfdecrypt on a repo by any chance

[[bfdecrypt]]

that one

I think its the way he called apps, it was weird I was told.

ok

or nito’s if you want airdrop for some reason

yeah it’s funky, nito’s actually has like a popup

@restive ether Do you want to ask if its possible to get the source code?

not much i can do with it

if it’s abandoned then it’s whatever there are other options

I still didn't get the Milkyway 2 source code yet

is there not a mirror of it anywhere

has to be

I couldn't find one

if you really want you can RE his debs lol

some big wigs in this forum, i didnt even realise

Aren't you the same guy I was helping in the Lynx 2 discord before I left it?

Yeah

What?

since faith has brought us together again, let me run something by you. My frame changes aren't being updated until i scroll or switch to another view and back, i've tried [layoutIfNeeded];
and [updateConstraintsIfNeeded] to no avail

if you’re changing the frame manually and the view uses constraints (very likely), you’ll run into issues like that

thank you!

Yeah that’s exactly the case...however if i hook UILabel directly it immediately obeys the changes

I'd recommend looping over the label.constraints array for the constraint you want to change, rather than trying to hack around setting the frame directly

the code won't look too nice unfortunately… but it's just better to work with the system rather than against it

Weird probably stupid idea but I gotta ask - on iOS 14.5 they added the ability to use 5G on both of the dual sim, and it is probably related to a baseband upgrade. What if we futurerestore to 14.3 with 14.5 baseband (which I know is supported)? How stupid to completely unrelated to reality this idea is?

that could be one part of it, but I doubt it's enough to make it work

maybe with a tweak if someone manages to reverse what exactly changed

Glad to hear that it is not completely stupid

well I don't have much knowledge of the baseband chip but it doesn't sound completely stupid to me

I figured that there should be iOS support tweak but I figured that this will be the easy part

may also need to upgrade CommCenter and the related telephony frameworks from 14.5

I hardly know anything about this area, maybe @upbeat wyvern could shed some light

what's the proper way to present an alert from a preference bundle?

specifically the presentViewController part, what do I call that on

ur controller class

oh wait

I should do it in RootListController.m instead of Tweak.xm

can't use %c in RootListController?

oh well, I'll link the framework instead

Not sure if this is the right place to ask this... I’m trying to locate where my existing respring animations are stored... any tips? Thanks I’m advance! (:

or use objc_getClass

but yea

linking generally better

naming variables be like:

I ended up using CFNotificationCenterPostNotification and calling it with %c from Tweak.xm because linking FrontBoard was causing random crashes

oh my dear god

https://github.com/coreutils/coreutils/blob/d1b0257077c0b0f0ee25087efd46270345d1dd1f/src/cat.c#L548

found it here lol

well, should have been is_number

maybe?

oh no

it's for an option

number_opt or something then

yeah this isn't really a self-explainable variable name

what's the proper URL scheme for RestartRenderServer to go back to the tweak's preferences page? prefs:root=BUNDLEID didn't seem to work

it just opens the settings app, that's it

ah, tweak name works, but Shuffle breaks it

https://github.com/schneelittchen/Dress/blob/234b5f80140826d6c49de1c1177724f68fdd9cbe/Prefs/DRSRootListController.m#L223

ye

@tepid olive that's how to do it with shuffle

ah, good idea

I was trying canOpenURL but that didn't work

only small problem is that will break if shuffle is disabled

oh well that's an unlikely edge case and it's not like it will crash or anything

gnu moment

uutils plz

the french

I hate it here

French Canadian moment

CommCenter is pretty complicated now and I’d expect a lot of the code to be in the shared cache. It might be possible of course but probably not very easy

L

i don’t know about you but i like obfuscating my CommCenter patches

Personally I obfuscate all my code

obfuscate source code then upload to github

I don't even have to obfuscate my code, it's unreadable anyway

ezpz

on god

also remove all tabs

and if it's an xcodeproj, remove the appdelegate and .xcodeproj and storyboards

how the FUCk

i have 100gb free

out of 512

just copy saurik's coding style and it'll be more unreadable

put all the headers and classes into MobileCydia.mm

hmmmmmmm

GiB != GB

macOS uses SI units (multiples of 1000)

true

i hate that thats a thing

put all the code in the .h and the imports + headers in the .m

GiB is IEC (1024)

powers of 2 only

NO

https://tenor.com/view/doug-walker-doug-walker-crying-meme-gif-15263759

make sure it only builds with your custom patched iOS 2.0 SDK and nothing newer

I know someone that did that, can't share it though. (and i don't know if it's a joke or not, but its on github)

bonus points if it only builds with iphone-gcc and not Clang

elu

Bonus points if it runs

POV: Elu is being compiled in your state

https://cdn.discordapp.com/emojis/649482583041638415.gif?v=1

gn

MFW I go to sleep at 6 am to get up at 8 am

I mean

Idk

Why 14+ only

Bruh

If it builds for 13 it’s compatible

Corellium

there's a 1 hour free trial

@tepid olive might not be a gib thing

what's that

it's ncdu

oh

I didn't know wtf you mean by "gib" because you didn't capitalize it

mega brain

simulator?

OSX VM?

so true

huh pretty sure I ran it on ivy bridge processor lots

double checks

ok sandy bridge

sandy bridge??

damn

desktop and laptop are probably a big difference though

do you need your gpu though

simulator runs without accel

https://ark.intel.com/content/www/us/en/ark/products/64596/intel-xeon-processor-e5-2690-20m-cache-2-90-ghz-8-00-gt-s-intel-qpi.html

oh yeah that's a lot better than a i5 though

yeah

really tho I'd think the issue would be RAM not processor

make sure you give it enough RAM and it should be fine

@tepid olive y'know what i'll test it for you lol

I usually did 16GB but 8 worked

send the code i'll try it

I'm thinking maybe the issue was graphics tho

8gb of RAM with Xcode is a real pain ngl

might be fine for his stuff though

yeah xcode with less than 16gb could suck

doing swiftui with 8gb is really painful

too bad they only sell 16GB macbooks still bastards.

lol

hopefully the new ones have more

M1 might limit it

can't see why it would?

M1 has tons of those kind of limitations

wouldn't be surprised

that's why the iMac has 2 tb3 ports

That sucks

can't be worse than me, i bought a base model mbp in september

intel 8th gen i5

got an external monitor to keep the heat off my fingers

mine always overheats

idle 50C

i'll probably just swap it out for a M1 air

i don't like touch bar much anymore lol

what is it

damn bro you could probably sell it for the price of a 3060 msrp right now

450$ ??????

holy shit

isn't that 3080 msrp??

710 lmfao

i don't think people are buying 710 rn

that's why you got one

can't you run high sierra @tepid olive

on 1050

I use a 690 and it works well, not sure if 710 still works for macos tho

you can patch it

@tepid olive try Retroactive

says high sierra here

why don't you give it a try

btw it worked for me on M1 with retroactive too but I think I had to edit a file too

i don't see why it wouldn't work on macOS High Sierra

idk

oh probably that rosetta issue

just don't run latest xcode, you don't want that for making tweaks anyway

true

but you can also run newer osx vesions

gpu won't work on newer versions?

mine is on Mojave with gpu

TIL macOS hardcodes something to stop Aperture from running

oh mine's kepler

funny

yeah you have to edit the file and it runs fine

fuckers

well it won't run directly

but it does work with swizzling and other mods

using objc runtime to hook code

poor man's logos

logos is just a preprocessor

logos converts to substrate hooks iirc

but logos are just instructions for the compiler to simplify hooking

so you don't have to use substrate functions directly

I modified a file and it runs fine

ok, but now I am gonna need to present an alert just from SpringBoard and not just in my preference bundle - how would I do that?

I found some code but it doesn't work because it says keyWindow is deprecated since iOS 13

(also how the fuck do I tell theos to not make even an "unused variable" warning an error)

it’s reflection basically

reflection, runtime modification, there’s a lot of names it goes by

runtime reflection

that’s what it’s called in like java and C#

it’s basically just changing which implementation a method calls

well there’s more to ur

it*

yeah

but that’s the basic gist of it

it’s basically like hooking tbh

this cock

french people

Is midnightchips still around?

Sry I thought fellow devs would know yk

brotha chips is on sabbatical

Is he coming back to jailbreaking scene any time soon?

Oh i didnt see that

Can I ask a dev question here? I'm looking to possibly get some help trying to find the right method. I've looked on both limeos and tried my hand at flex, but I think I'm either doing something wrong or not approaching it properly.

ask with confidence, go over what you're trying to do, what attempts you've made so far, and where you're stuck

don't ask to ask, bc the channel was (probably) made for that exact purpose

I'm tired words are hard

Ok, thank you.
I'm trying to access which ever bool is responsible for activating the MagSafe animations.
I've done some basic stuff here but I think it's wrong still.
Basically I just want to end all animations anytime I connect something magsafe.

I guess I'm in the right channel then

forgive me

what is magsafe

NSLOG shows on console.app but I'm not sure why it's still not disabling.

Magsafe is on the newer iPhone 12's
It's for the charging puck and the wallet and case.

https://www.apple.com/shop/accessories/all/magsafe

lord

any ios 14 version should have the software, right?

or did support get added in a certain one

I think it would? It's just not being enabled?

will see if I can get my old X to jb

Alright thanks for reaching out.

i’m sure there’s open source examples for this to look at?

There actually mostly is, https://github.com/tomaszpoliszuk/MagSafeController

I don't know of any but I've also been gone for a bit

yall develop in obj-C?

yeah i just saw that one

I've also worked with the developer a bit on this one too. He's a really nice guy. Still I haven't been able to figure it out, or he.

doesn't look like that one does what you're looking for

this allows you to fake a normal charge to become a magsafe charge.

wack

why cant u just build a custom nimation

Still he plugs into similar libraries that was the idea @silver rampart

hold on isnt there a tweak already for that

chargeanimations or smthn

https://www.idownloadblog.com/2019/03/29/chargeanimation/

I don't know how to do this.
Wouldn't just finding the proper bool and disabling the animation be the easier route?

yes

can you post a vid of what the animation looks like coming up and dismissing?

on mobile rn

just a moment.

"Thats what happens when I touch the magsafe wallet. [To the phone.]"

The code that I presented above, I know is very messy. And they're all pretty much useless hooks because none of them actually work.

@viral ermine can you use FLEX quickly when the animation is shown?

i would assume you are doing it correctly since you are hooking the getter methods of the properties that were used in the tweak

I tried that, and maybe I'm doing something wrong with FLEX but all it does is select the first layer on the lockscreen, the lock

no thats normal

I've tried moving them, but theres about a million layers. And then if i want to test if i got to the right layer, it resets all the movements all over again

But I may be approaching it wrong, I've only used flex a few times.

well your best bet, is too frida trace the springboarduicontroller class

and see what gets called . maybe find the method that handles the animation ?

to get rid of the animation all together

eh

it would be easier to find

if you do that? not so much

wrong framework

Magsafe stuff is in CoverSheet

https://developer.limneos.net/?ios=14.4&framework=CoverSheet.framework&header=CSBatteryChargingRingView.h this is the View

i just assumed it was in here since the magsafe controller dev was using it. that makes it alot easier

Hopefully gone for good

that looks like exactly what hes looking for

But thats the charing ring, in this case, I want the wallet ring.

ah

back to digging

i would assume it would handle that maybe?

csaccessorywalletview.h

is what you are looking for

good morning smart people

They're two very different animations, watch my video and watch this.
https://gfycat.com/athleticformalboilweevil.gif

yooo

found it

yo good lord your joking.

just looked up wallet lmao

good luck

And then what, maybe just don't write anything in the void statement? aka return nil?

that’s the less optimal solution

%hook CSAccessoryWalletViewController
-(double)animationDurationBeforeDismissal
{
return 0.0;
}
%end

-(void)_presentAnimation;

at the least just set it to hidden in the view controller

or something like that

this might work the most cleanly

ehh how to make it hidden then?

and even krits code can be improved but it’s better

give it a shot

I kinda like this, might make it not even show at all. But would it still get called?

yes it would

yep, with tweaks ur often gonna settle with "good enough"

haha, that's fair.

Thank you guys.

bc the alternative is getting frida/lldb and a disassembler and spending months trying to work ur way up the chain to do it "right"

ooh, and I wouldn't do a call on %orig; correct?

correct

@primal perch I'm curious what you are thinking of could be improved?

lmk if that works bc it was a blind guess

yup just about to compile it, just a sec

finding what creates it

at every point it’s basically just a bool

the only problem is finding that

well the view would still be presented right, thats what i think he means

so like krit said it’s fine to settle for good enough

unless you are in layoutSubviews

Still doesn't work :/

I'm going to try to return nil on that void statement

now its just a guess and check. Try to siff through the methods in the header and check what works

the whole development community.

and so yep this is the "could be improved" part

you wouldn’t need to return nil. just leave the void method blank without calling %orig

probably not great advice to give but trying what works at the surface and going deeper when it doesn't works well

such as these bools in the struct?

nil is zero

thank you, I guess i meant that.

don't leave the method blank

you cant do a return on a void statement anyways?

it is a double

he means the void method

what void method

no idea, he mentioned it earlier

-(void)_presentAnimation;

can you show your code you built real quick

whole file

I know it's messy! It was the guess and check method I was doing for a few hours.

heading straight into 64bit arm assembly without any assembly background. wish me luck

I've never asked before, is there a way to dive deeper into a function to see more what it does -(void)_presentAnimation;?

decompiler

all of the options for decompiling arm64e objc are the opposite of beginner friendly

http://headers.krit.me/dsc/14.0.1/CoverSheet.dylib here's this if anyone else here has a decomp

is this a possible problem? I'm targeting springboard and not coversheet?

on phone rn so we doin this the hard way

no, that just controls what process theos kills

which in theory, would be good(ish) that we restart sb anyways?

Coversheet is a framework used by the Process Springboard

ok

https://developer.limneos.net/?ios=14.4&framework=CoverSheet.framework&header=CSAccessory.h reversing the type enum manually here one sec

thank you for sticking with me. I thought this was going to be pretty easy (at one point)

Unidentified, "Clear Case", "Leather Case", "Silicon Case", Sleeve, Wallet, Charging Mat, Charging Cable

OK delete the code you pasted in earlier

I would really love to learn what you just did. I don't understand what you did there. But it checks out

%hook CSAccessory
-(BOOL)shouldShowAnimation
{
if (self.type == 5)
    return NO;
return %orig;
}
%end

It's having an issue with self.type

@interface CSAccessory : NSObject
@property (assign,nonatomic) long long type;
@end

above the code you pasted in

Like this? Still returning an error in theos

what happened to the ==

Derp

Ah man

was gonna add the funny

TIL IDA can output html

honestly it looks kinda cool

saw the Wallet View Controllers parent class and decided to go check it

Noticed it was Initializing with a CSAccessory object, meaning that object likely influenced the visual behavior of it (MVC)

Still not working. I feel like this approach should at least, or at least it’s making more sense then the original approach I was doing.

And then how did you find the values?

Gotta go drive home, be back in thirty.

Thought this was ads in an IDE and was gonna scream

Saw there was a type object [Red Highlighter], in springboard stuff (I guess?) if you see a long long field named type it's 99% of the time gonna be an emum.

Saw there was a static initializer that took a type int [Blue Highlight].

I bet if google were to make one it would, lol.

From there I grabbed my phone, opened flex, navigated to the object like this, and used the static initializer to make one at runtime i could test on

Then I called accessoryTypeString, [Purple] wrote it down, then called setType [Green] to move onto the next number until I got through the list

when you input 1 did it return the information you needed? I couldn't tell if you ended the video early or if i missed somethign

ahh i see it at the top, clear case

that was just how I got the object to test on but doing that each time would work I guess

oooh dude that's legit, so thats a way that you can almost reverse engineer these classes?

:meth:

that is probably the second hardest way to reverse engineer this stuff yes

if I had a decompiler rn I would've just clicked two buttons and hit F5

It didn't seem too bad. To make it work through theos though. But I see what you mean

@silver rampart you want me to decomp?

yes, but bc I wanna put my money on:
accessoryTypeString calls a C method that takes an int as input and returns the string name

and I wanna know if I'm right

alright give me a sec

Is a decompiler something you just need to set up?
@silver rampart i feel like this is the closest and most logical approach

i wouldn’t worry too much about decompilers if you are just starting out

honestly

what's the second sentence referring to

gonna need em soon! :)

true

will raise the skill floor for tweak dev

Referring to the essential approach of this bool and id type return function
overall, hooking to this header than the last ones i was trying.

i want to get into kernel debugging so thats the reason i am taking on arm assembly

imo this is likely one of the better ways of handling this yes

however my opinion kinda invalid now I main android

hows that like

amazing

i miss my s8 plus ngl

Though, I will say, I was at least on some good approach, considering the fact that nslog with console.app was able to pull up the hook everytime i attatched the wallet, i think this is why i spent so much time on it.

that dylib is not a macho format is it?

don't worry about this much at all rn, and especially for this case, I think, but having your hook called more times isn't always a good thing

using IDA?

yes

it's macho, is that one busted?

yes i think so

shit

one sec

https://github.com/arandomdev/dyldextractor

try this on a dsc, the 14.0.1 batch extraction was on a very early version of the tool

may be slightly influenced by getting an S21 ultra

this thing puts the iPhone 12 to shame

@silver rampart @hardy glen There is one small thing to possibly consider, I am looking into it now. It seems that the tweak works until i remove it for a second time. Maybe theres some other weird class that re-enforces

oh boy

seems dumb if thats the case

https://tenor.com/view/face-palm-no-nope-cant-frustrated-gif-8484257

yeah at this point I need a decomp lol

downloading ipsw atm

I can't wait till I understand how to use one

But I think you're right, @hardy glen Im still figuring this all out.

its not rocket science honestly. try out ghidra

you will get used to it

the issue is ppl using tweak dev to learn objc

you should have prior knowledge of oop and objc

ehh yea.

which is fine but, it'd also is going to be much much harder to learn when you're doing tweak dev

I'm half guilty of that. I have a good knowledge of C++. I was learning some objc before starting this, thinking it would be pretty simple.

man

lemme tell you

bc efficient tweak dev requires getting familiar with debugging/RE tools which require knowing objc very well

i started devving in may of last year

and i was a literal dumbass

lmao

lolo

i c

well i thought i got smarter until krit put me to shame

u did

however ur still in this channel

im just still a dumbass

yea

yeah

try out app dev before you get into tweak dev. that is the best route if you are interested

i had the wackiest order of learning langs

i did HTML

then objc

then C

then JS

I mean I learned tweak dev before app dev

then swift

then TS

java c++ objc swift, now assembly

did the quality of my tweaks suffer greatly?

yes

assembly

should i learn assembly

but I would've never been motivated to learn had I started with app dev

@lethal ice scoo

p

so

should i learn

assembly

it helps for some people. but some people pick up on things faster than others. the thing is, you can be greatly discouraged jumping head first

so most just end up quiting

assembly true

depends what you want

tweak dev ain't for quitters

yes if you want to experience true c and b t learn assembly

you don't really need to learn assembly nowadays unless you have a reason. although i believe everyone should at least learn the fundamentals

my reason is boredom

learning assembly is like installing arch linux

well i want to get into kernel debugging and just being more efficient with RE, so that is why i am learning assembly atm

man

i just wanna be a good dev

if you want to write your own compiler

go ahead

lmao

I learned assembly by working on a bootrom exploit for armv7k watchOS without a decompiler for armv7 iboot

unfortunately what I learned was armv7

but

idk I don't have any buts I regret my decisions

siguza was right fuck armv7

fuck armv7

arm64 for life

i spent the night learning the rain song by led zeppelin on my guitar

true

true

mono toca guitarra wtf

si senor scoop

i am diving straight into armv8 but i feel like that isn't the right choice

thank you @silver rampart @hardy glen for spending your time to help me out

yw

y not

if you could get advanced dev for js knowledge i’d have it by now

but in terms of tweak dev stuff im terrible

lool

lack of resources, and also everyone telling me to learn x86 first for some reason

whoever said that was a dumbass

and can fight me

x86 is dying

arm forever

armv8 is god

true, i am confident that i could get a good grasp of arm. i already have a good amount of knowledge about memory registers. This shouldn't be too hard.

I have no valid advice to give on the topic lol

there were multiple points where I tried to learn and it just wasn't working

and then one point where all the details just clicked

I think a lot of dealing with the iBoot exploit stuff and patching instructions very manually helped stuff make far more sense

along with for a while basically having the iBoot Source leak as the only resource and having to re-symbolicate the rom using only the disassembled memory

I still don't understand the differences between like

when I disassemble a binary it's all segmented out and on disk, when I disassemble secrom it's one big blob of assembly in memory and then the variables and stuff are also in memory but off a little further?

    extractImage(dyldFile, dyldFile.images[targetImageData[0]], "binaries\\"+targetImageData[1])
  File "/Users/hearse/Desktop/DyldExtractor-master/./extractor.py", line 74, in extractImage
    Converter.ObjCConverter(machoFile, dyld).convert()
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/Converter/ObjCConvertor.py", line 70, in convert
    self.processSegments()
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/Converter/ObjCConvertor.py", line 149, in processSegments
    self.processClassData(classObj.data)
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/Converter/ObjCConvertor.py", line 225, in processClassData
    self.processMethodList(classData.baseMethods)
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/Converter/ObjCConvertor.py", line 244, in processMethodList
    methList = ObjC.method_list_t.parse(self.dyldFile.file, methListOff, methListPtr)
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/ObjC.py", line 177, in parse
    inst = super().parse(buffer, fileOffset, method_t, 0xffff0003, loadData=loadData)
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/ObjC.py", line 95, in parse
    inst = super().parse(buffer, fileOffset, loadData=loadData)
  File "/Users/hearse/Desktop/DyldExtractor-master/DyldExtractor/Structure.py", line 85, in parse
    buffer.seek(offset)
OSError: [Errno 22] Invalid argument
``` tried to extract CoverSheet

what command

./extractor.py dyld_shared_cache_arm64e -f CoverSheet

how fast is your internet

really fast

1000 down 500 up

use an arm64 cache

got it

my god tho it's so nice like

the model I got is a pain to root and idk if it's even rootable rn

but I don't need to root it

locked bootloader huh

like there's genuinely nothing I need superuser for on this device so far

ye

yea, i loved my android experience although i hated touchwiz. I hear OneUI is much better

@silver rampart I may have figured it out.

i used to develop roms for the note 4 and s6 edge

good times

my first experience is with Android 11 and OneUI 3.0

so I am getting the final product of 10s of years of suffering with no idea of what it was like before I'm sure lol

touchwiz was a nightmare

but yo like I can do this on a regular secure unrooted android

why tf would I even root I have everything

after a certain period of time, even the phone would feel so bloated and slow because of samsungs bloatware and poor memory management

it even let me remove Facebook

depends on the phone though

well if ur not getting a latest Gen Samsung just get an iPhone

you only had the option to "disable" on past firmwares

software is on par with ios rn, the hardware experience is what knocks it out of the park

look at this puppy

custom kernels with overclocking and a kernel manager was the best benefit of rooting for me

iPhone 12 over here like yo we added LIDAR bc we're out of fuckin ideas please buy this please bro

yeah, my brother has one and i am thinking of getting his old s10 and experimenting with it

i remember i was such a noob i would use this app to "allocate my sd card as ram"

who needs overclocking 😎

Snapdragon 888 is cracked

i am not sure if you know what Xposed framework is, but that was one of the best things if you were rooting

12GB ram and 120mhz 3200x1400 display

5000mAh battery

crying in iphone 11

apple over here like "we made it square and small again, innovation baby"

if it weren't for facetime/imessage, i would've switched a long time ago

i just really like the united usability across all the apple devices.

I use smserver

I plugged my SE into the USB port on my router

left it running

can't show more than this bc it's my imessage shit but I currently have the site set up like a native app

@lethal ice scream

probably just gonna throw some shit together in Flutter and rip out the backend of smserver to make something better

wait it's GPL

nvm gonna write my own

👀

id __cdecl -[k9 accessoryTypeString](k9 *self, SEL a2)
{
  signed __int64 v2; // x8
  id result; // x0

  v2 = self->_type;
  result = CFSTR("Clear Case");
  switch ( v2 )
  {
    case 0LL:
      result = CFSTR("Unidentified");
      break;
    case 2LL:
      result = CFSTR("Leather Case");
      break;
    case 3LL:
      result = CFSTR("Silicon Case");
      break;
    case 4LL:
      result = CFSTR("Sleeve");
      break;
    case 5LL:
      result = CFSTR("Wallet");
      break;
    case 6LL:
      result = CFSTR("Charging Mat");
      break;
    case 7LL:
      result = CFSTR("Charging Cable");
      break;
    default:
      return result;
  }
  return result;
}```

so its just returning a string

yeah it returns Clear Case past 7

oops wrong channel

Nah this the right channel

Nope haha. Still nothing. I thought there was an error in my writing. But nope!

[CSAccessory shouldShowAnimation]

if you don't mind

need to know where that's pulling from

its no issue, i am bored anyways

oh also I can charge my phone with my laptop charger now

usb c

must be nice

.

bool __cdecl -[k9 shouldShowAnimation](k9 *self, SEL a2)
{
  return (unsigned __int64)(self->_type - 1) < 5;
}```

make sure to buy your apple brand $50 box with your Apple iPhone $39 USB C to Lightning Adapter to get 10W charging

oh its an ivar

need to look at header again

that's the problem, maybe

i recently just figured out how to access swift data types and read/set values to them. Spent like 5 days straight banging my head

%hook CSAccessory
-(id)initWithDictionary:(id)arg1 endpointUUID:(id)arg2
{
NSLog(@"%@", arg1);
%orig;
}
%end

@viral ermine show what that spits out in console.app when you activate the wallet thing or whenever

k9 *__cdecl -[k9 initWithDictionary:endpointUUID:](k9 *self, SEL a2, id a3, id a4)
{
  id v6; // x19
  id v7; // x20
  k9 *v8; // x0
  k9 *v9; // x21
  id v10; // x0
  id v11; // x23
  id v12; // x0
  UIColor *v13; // x0
  UIColor *v14; // x8
  id v15; // x0
  id v16; // x22
  id v17; // x0
  UIColor *v18; // x0
  UIColor *v19; // x8
  objc_super v21; // [xsp+0h] [xbp-40h] BYREF

  v6 = objc_retain(a3);
  v7 = objc_retain(a4);
  v21.receiver = self;
  v21.super_class = (Class)&OBJC_CLASS___k9;
  v8 = objc_msgSendSuper2(&v21, "init");
  v9 = v8;
  if ( v8 )
  {
    objc_storeStrong((id *)&v8->_endpointUUID, a4);
    v9->_type = -[k9 accessoryTypeFromDictionary:](v9, "accessoryTypeFromDictionary:", v6);
    v10 = objc_msgSend(v6, "objectForKeyedSubscript:", kACCProperties_Endpoint_NFC_DisplayP3Rgb);
    v11 = objc_retainAutoreleasedReturnValue(v10);
    v12 = -[k9 colorForP3ColorData:](v9, "colorForP3ColorData:", v11);
    v13 = objc_retainAutoreleasedReturnValue(v12);
    v14 = v9->_primaryColor;
    v9->_primaryColor = v13;
    objc_release(v14);
    objc_release(v11);
    v15 = objc_msgSend(v6, "objectForKeyedSubscript:", kACCProperties_Endpoint_NFC_DisplayP3RgbSecondary);
    v16 = objc_retainAutoreleasedReturnValue(v15);
    v17 = -[k9 colorForP3ColorData:](v9, "colorForP3ColorData:", v16);
    v18 = objc_retainAutoreleasedReturnValue(v17);
    v19 = v9->_secondaryColor;
    v9->_secondaryColor = v18;
    objc_release(v19);
    objc_release(v16);
  }
  objc_release(v7);
  objc_release(v6);
  return v9;
}``` if you want the decomp code

god help you guys lol

the more I think abt it the more i like the idea of just

moving on

ended up using a swift helper class and using the instance variable offset to compute the address

kotlin is so nice

like swift but less instances of "why the fuck is this thing like this"

i would do whatever makes me happy. I feel like it could get repetitive and its nice to feel some change

at the point i am at right now, i am just getting started with this i feel like. I wanted to get deeper into it, but for you, i know you've doing it for a while

great idea, I'm on it.

so thats understandable

I've only been doing this since like mid 2019

still, thats like a decade

oh

i thought it said 2009

lmao

feels like a decade

math was off

calculator messed up

i just got started a year ago almost

I still have a lot of exploring left to do