#development

Oh of course.

damn when it drop

does every modification need to be make open source even if you dont distribute it

no

that’s why the agpl was made

oh god no

gpl already sucks already

excuse me?

Have you set $THEOS ?

I did

Should I do it again?

Probably

restart ur terminal

it refreshes env's

I did restart

I closed it in app switcher. Did I have to type exit to close it instead?

no

well it’s more like

well technically i meant restart the shell

but restarting the terminal doest he same

so

when you restarted the shell you lost the environment variable so you have to set it again

Well fuck

Ok

hang on

have you put it in zshrc

No I haven’t

might wanna do that

it'll set the environment variable every time you start the shell

I’ve never touched zshrc. I’ve touched bashrc in Debian. I’m assuming they’re the same

pretty much

I used bashrc to get Linux gui apps in wsl1

i will

shoot my screen

this video goes hard, feel free to screen record

i will record my screenshot of shooting the screen

Yes

https://github.com/pwn0rz/fairplay_research

I was just wondering whether it's possible to access root dir via USB without 3rd party solutions like hacky fuse window drivers or ifunbox?
What's stopping people from showing the root folder rather than /var/mobile/media/DCIM?

apple doesn’t allow accessing those directories over usb

are there any opensource alternatives to ifunbox or any way I can learn how these applications can "interface" with afc2?

i think https://github.com/libimobiledevice/ifuse uses afc2

but it's not on windows

yep, take a look at ifuse for a good example of afc being put through its paces

https://docs.libimobiledevice.org/libimobiledevice/latest/afc_8h.html might also help, I'm assuming it should be close or identical to the equivalent MobileDevice.framework APIs

afc doesn’t paint a complete picture of the iOS file access story btw

you can also access app containers (for those apps that allow it) using house_arrest_client — which vends a child AFC client to you

Development

Okay I’ll leave at that

Thanks for the help/advice on it

My bad im kinda a dumbass so u know lols I do it all the time

Understandably most people don't know what a dev question is

Im trying to reverse engineer a function in hopper called someClass initWithCpp and it takes a shared_ptr<> but the address is way out of bounds of the program memory (0x16eb32280). and the address changes every boot for the same call but it doesnt appear to be related to the vmaddr.. any ideas?

Have you attempted deez?

😐

i figured it out its just nesting structs

int128

its this

struct Handle<std::__1::shared_ptrsnap::shims::DispatchTask, std::__1::shared_ptrsnap::shims::DispatchTask> {
struct shared_ptr<djinni::ProxyCachedjinni::CppProxyCacheTraits::Pimpl> m_cache;
shared_ptr_3431538a m_obj;
};

that looks cringe

omw to use hopper to crack hopper

good luck haha i tried

lmk if it works

Are you using the demo?

nope

I updated to 5.0.0 on the last day of my subscription

still mad they moved from one time purchase to a subscription

Guess that mean the license file I have is pretty useless then

I honestly don't remember who has my license file

its not just you

a lot more have it than just you

I don't have yours

I doubt I'll renew it tbh

Having IDA from your local dealer is better a lot of the time

for new yeah

i have it

although its reduced if you're an existing customer

Yeah I am pretty sure this person moved on to having IDA

damn

turns out I broke the Hopper License

by being a female

A Personal License is said to be «per user», and permits the user to install the software on his office workstation

I used Hopper to crack IDA then used that cracked IDA to crack Hopper

IDA 7.6 kinda hot

It's alright

IDA in Wine is shit so stuck with 7.0

IDA and Hopper are better at different things imo

It's slow af

thats why I use both

I run IDA directly on my host

One benefit of having a vm I guess

would disassembling on 7.0 then loading that db on 7.6 work

You just shared your license code lol

yeah, hers

Damn, how will I ever cope you have that code

Take it

hmm macOS vm? or windows vm on mac

Its a windows host with a macOS vm

now put a vm on your macos vm with windows on it

I've done that before

seek help

ok

I like nested virtualization

ghidra 😋

ok now im having an issue with frida? im using the memory access monitor to see where calls are being made from but the offset is outside of the binary when i open it in hopper

is it a framework thats calling it

i dont get it

Aka, the only thing I can afford

Use long night instead of that bad theme

It is being called by god

seems to be normal i think that was a callback or some kind of block

@grim sparrow what is hopper better at for you?

Some ObjC stuff

aah yeah ida's objc is crap but it's not too hard to read objc_msgSend lol

Generally I go to IDA first

but if something just doesn't look right I'll throw it in Hopper

because you dont have IDA Mac

since when

7.0?

did you update to 5.0.0?

cool

last update of my license

huh isn't hopper perpetual updates?

I haven't even checked for an update in a couple years tho lol

not anymore

it’s absurd how people market lifetime licenses but eventually decide to make those license expire

I kinda get it, I figured he would change it when hopper took off but it never really took off... maybe he needed more revenue to be able to work on it more

had 4.5.7 installed, updated to 5 lol

where does it say I'll stop getting updates?

in the about dialog box apparently

“Updates plan expired 2021-10-30” yeah ok

lol

i mostly use IDA 7.6 in macOS or in Wine

lol

pov: you cope with ghidra

https://tenor.com/view/fade-away-oooooooooooo-aga-emoji-crumble-gif-20008708

short-sighted but honestly it was always insane that he released updates totally for free for so long. pretty sure I purchased v2 in 2013 and got all of v3 and v4 for free

he deserves way more than he was charging

i didn't think it was that old, dang

yeah I sure got my value for money huh

hopper giving 8 years of free updates for 100 bucks when ida gives a year (?) of updates for 4000 bucks looool

4000 bucks
Depends on how many archs you want

I want them all

isn't every arch like 400

oh god

do all the HEX*********** include ida itself

probably not

jiang ying

where's jiang ying for 7.6

i can't post it sadly

@restive ether

and you didnt ping me

wtf

Its cracked for mac os?

no

not cracked

Does she need a war with another country to get their oil field for a company that she may or may not have stake in?

that’s my girlfriend

that was definitely a dev question, no need to patronise

context has been deleted should show when messages are deleted in discord

lmao, what

my bad

my bad for bad grammar

I am American

a stack overflow comment I found

my sincere condolences

all is forgiven

Thank you kirb!

i love war crimes

https://tenor.com/view/usada-pekora-hololive-usada-pekora-usada-pekora-pekora-despair-gif-21763654

this is you

pekora

yes

$2 to ban @gentle grove for 2 months

$5

I will make it $1

my ban, my rules

for 3 months

https://stackoverflow.com/questions/25079380/swift-how-add-offset-to-memcpy/42180033#comment90353887_42180033 found it and omg it’s hilarious

nice embed bestie

it's a webm you dumbass fucking stupid apple user.

go to bed

blame discord not me

sounds like a you issue

since it worked for me

as well

its an Apple moment

they don't support webm or webp

anyone have any idea how to fix xcode installing for 3+ days

💀

@tepid olive are you on a 2012 or later Mac?

I tried installing Xcode on my 2010 MacBook Pro one time and that never completed

Mac Mini M1

💀

That’s not normal.. like at all

yesterday memory was absolutely pinned at 0KB left with installd hogging it all

LMFAO

entire system was basically on swap

thats ugly

did u restart

tried

installd restarted completely or picked up where it left off

now its the appstoreagent

hogging cpu

oh no nevermind its back to being installd

what the hell is it doing

If someone writes a good looking app for the Etherscan API's (https://docs.etherscan.io) entire functionality and core features of the explorer and open sources it under MIT, I'll donate $1,000 to TeamSeas on your behalf

Consider this a bounty

no give it to me smh

has anyone looked into teamseas legitimacy

plenty of nonprofits give themselves insane salaries

i havent but im confident itll be legit

the only nonprofit that i truly believed was a thing was team trees

bring back team trees

team trees still exists

and its same ppl running it

same people as team seas

really

mrbeast moment?

yes

And mark Rover

Rober

hm

you’ve spent too much time with crypto

to have that much to throw around

so the sileo repo has this maintainer that provides clang++ which i greatly appreciate

yet i cannot run binaries compiled from it

anyway to fix that?

(specifically the zsh: killed <process> error)

what is the sileo repo dog

man i really like that Hayden Saey guy....

yes that guy's clang++

are you using taurine or what

yes

is the binary signed

no?

and not in /var

then it won’t work

is there no way to get around it

if not is there some command line tool to quickly sign it

ldid -S/path/to/binary

pretty sure that just signs it with the standard entitlements

as long as you don’t need anything special

ill try it out

which would be?

which would be what

"anything special"

i don’t know

whatever that would require some special entitlement

there is no set standard for that really

alright then

ldid -S /path/to/binary?

command doesn't exist

well you have to install it...lol

just looked it up on sileo as you said that

also no space between the flag and path

yea

yet

still doesn't let me run

is there more usage to it

is that being run in /var i can’t tell

i’m assuming yes

oh

why is home dir in var

smh

just throw it in /usr/bin

aight

or anywhere in usr i don’t know it’s use case

since xcode refuses to install on my mac ill just have to do C++ development literally on my phone

sounds like a blast

what are the chances apple support responds with something that works

0

you dealt with them before?

yeah they suck

always

i contacted them via developer portal or something

meant for developers

most of them don’t even speak english properly so they don’t even understand your questions most of the time

so i hope their dev support is a little better

oh good

you went to the

consumer grade support

lol

yeah

i got bumped to an engineer though

and he wasn’t much better

yikes

their brains just couldn’t wrap their heads around the issue

and i was just like fuck it i don’t care enough

fortunately for apple they have a good team of core engineers to keep them afloat just enough

apparently they lift the entire program in installd

and use

llvm to compile for your specific cpu

probably why my mac mini had 0kb free...

i just realized i did ldid usage wrong

ldid -Sent.xml -M /binary/path

so it requires another document?

can i steal that from xcode or something

i alr set up a self sign

https://termbin.com/q8def

those are the usual entitlements

oh ok

gg

if you wanna check usage just check the manpage, cam spent like two days trying to document it. twas a mess

nah this is great

thanks

I love how user never read the usage or manual before using a tool

They always just blindly go in

not like ldid had one until like last week

besides the mini help command which was kinda bleh

Non space ent is kinda stupid

not a fan of that

tell that to clang

and gcc

and every other gcc compliant compiler

where they do -Ldir

fork it and add the space

-Os

to add a dir to include path

we already have a fork

Okay then add the space to it

your mom

she is nice

lemme talk to her

My mom became the ldid dev

mom became saurik 3

I don't control who she speaks to

Treky violin player lawyer all in one

is there a way to view some /proc on ios

a list of processes

htop is able to do it

Sir that’s not how xnu or bsd works

This isn’t Linux at all

fine bro time to enter different search terms into google

ps -e

ok cool now how 2 do with syscalls

yeah ios don’t have a /proc hombre

ps aux

C++...

better familiarize yourself with xnu kernels real quick

cant shake a good search result out of google

time to pop ps into ida and see what makes the magic go

xnu is open source

o

god dam

now half the battle is finding what i need

https://github.com/apple/darwin-xnu

https://github.com/D0m0/CocoaTop/blob/master/src/ProcArray.m#L15-%23L63

when i someone going to make one that doesn’t suck

the search bar hasn’t worked in like four years lol

and you can’t see columns that are off screen / move them over

very nice.

looks like they never added the entitlements to fix the bold text crash either

real entitlement trolling

this clang even has mach headers in default include

incredibly convenient

i don’t know if the sdk we shipped was patched or not

i forget

why does this code

check for if the first malloc was null

and if it was proceed to try and allocate 2x

yooo doesn't crash

chad

real

documentation has gravely lied

I gotta do that to NewTerm I just realised I totally forgot that

oh yeah lol

i forgot we talked about that

I mean I also need to release the NewTerm 3 beta but hey

at least entitlements is just a quick repackaging thing

does it fix landscape crash

i’ve never gotten that

rip

can't even remember if that's still broken in 2 or if it's just come back in 3

my manpage crash is fun

i have the free 2

actually no I remember

the sign of death

I fixed one bug but revealed another one, that on certain iPhones you can cause a weird overflow where it thinks you have an insane/impossible number of terminal columns

oh that sounds like fun

lmao revealed

bug archaeology

i don’t think i’ve ever gotten that

i just enjoy the random crashing from closing the last tab

It’s too early the in the morning for me to understand this

it’s like playing Russian roulette

it's down to specific config and phone res

the font/font size you have might or might not trigger it

@grim sparrow tell coolstar they don’t gotta review your PRs dog

just trust the process and push to prod

I have

.

speaking of coolstar and PRs I need a favor

14.2.1 12 pro taurine = landscape mode crash

i am a favor

there's a commit I want cherry picked if someone can be so kind as to do so 🧡

hi favor I'm kirb

huh i did a little canister bug and haven’t reproduced it yet

Canister implementation is actually very bad

I realised why the other day

it didn’t show any internal results

only external

https://github.com/kirb/Sileo/commit/5f7e4f9acaf4c1b5caded9f62b6eb9c7413d90d3
https://github.com/kirb/Sileo/commit/95fb7c1e923e661ac411fe27e4f9f9ce7c358819

but if you clicked it, it opened the first internal result

these commits would be a blessing to get merged 🙏

corner radius

real

<real></real>

If no one else does I can do it in a couple hours

make capt do it, get his commit game up

the size to fit specifically is useful because I just have to hardcode a width/height that works for all devices right now

I did some testing

ie it's hardcoded to 288x162

which is baby sized

And I noticed that with my new optimisations Sileo depictions load faster than native depictions. Reason being Sileo depictions sit on the main thread whereas native depictions are async

fine for SE, terrible for 12 pro max, offensively bad for iPad Pro 12"

sileo looks fucked on ipads in general so just another thing to the list

mainly featured but not much to do

Not having to worry about iPad was a blessing for Aemulo UI

hah interesting. yeah that can happen, GCD is known for adding some noticeable perf overhead

unfortunately GCD both made threading/queueing a bit too easy, and doesn't do as good a job at it as you'd assume

It never used to be. I changed a few lines and made Sileo depictions not leak everything and they now load a heck of a lot faster

leaky leaky depictions

definitely a lot that can be done to to clean up the current sileo depictions impl

without redoing the whole thing

Oh yeah

For the repo featured banners Chariz’s had a physical memory footprint of about 120mb

I just don't have the energy to fix everything when I know HTML is working just fine in Cydia and Zebra

sounds perfectly normal to me

Because the banner images being returned were so large it would load them into memory really inefficiently. After calling prepareForDisplay on them all I got it down to about 4mb

yikes. yeah in fact doing a scale operation on the banner would be a good idea all around

I do on every image now

It only didn’t in the first place because of depictions bugs

save RAM (you only need to hold the ginormous original image for a brief period) and save rendering power (doesn't need to continually re-run a scaling algo on the image)

depictions are pretty seamless now, you only notice the weird pop in with the header

especially with the cache

Mhm

oh sweet 👍

oh there's also a bunch of other goodies on this branch https://github.com/kirb/Sileo/commits/kirb/new-html-renderer-take-2

the ones related to the web view stuff which can't be merged should be obv, skip those

Cameren I figured out how to fix blank depictions bug, I just silently replace the view controller entirely

i need the third party mail commit

i completely forgot about that

it continues to be dumb that in-app mail composer completely ignores your mail app preference

and in-app browser

god bless webkit 1

but Apple knows exactly what they're doing, they chose to leave it broken for 1.5 years now

whatever will cydia do

the humanity!

heh, the reason why WebKit1 is still around as far as I can tell is because of Mail

emails are still rendered with old webkit

what’s the point of that, i really don’t get it

thankfully in a remote view process, so at least it's roughly as secure as WebKit2

good for Apple that they get to use their platform-owner advantage to hack around a problem rather than fix it 🤪

there’s no compatibility reasons to keep webkt1 is there

Laziness

meanwhile everyone else was forced to get off WebKit1/UIWebView with a hard ban through the App Store static analysis scanner, despite the API still existing in the OS

it's not like UDID where they banned it for a year and then changed it to return a useless random string

Ugh I forgot to charge my MacBook

laziness it seems

you forgot to charge your VM?

always the right answer

I have a 2015 Air

That I use at college

But I refuse to use it for dev anymore

aemulo money going to da m1

4gb ddr3 and dual core i5 is not ideal for large Xcode projects

it's the typical "Apple doesn't feel like putting resources on something that's not ideal and is a tech debt nightmare but works fine" thing they keep doing lately

Hopefully I can finish my amiibo stuff in college today

oye, can confirm, but there wasn't a 4GB air past 2013?

i know this because I was an idiot who bought a 4GB/128GB base model Air in 2013 a few months prior to them releasing the 2014 with 8GB as base model

2015 was last with 4gb

2017 is when they base modelled 8gb

unless it's school-issued maybe because they were also still selling the 11" to schools long after it was discontinued for retail

At least it’s 256gb though so I can get my 4 Xcode installs happily on it

oh yikes I badly hope that's not true lmao

anyone know why e_ppid returns 1 for some processes but the actual process id for others

It is

Xcode 13.whatever is latest right now
Xcode 12.5.1
Xcode 12.3
Xcode 11.7

maybe you need some entitlements to see all of them

or your code is wrong idk dog

That looks like entitlements to me

because launchd spawns most processes

therefore pid1 is the parent

Oh that would be true

used the wrong one

works now

kproc.kp_proc.p_pid not kproc.kp_eproc.e_ppid

real

CommonCrypto is fucking awful to interface with

that’s why you just don’t use it

ez

I dislike functions with 11 parameters

just compile your own openssl bro

-- apple

yes

make openssl

bam done

now you got openssl3

Why don’t you openssl deez nuts

i will

present them to me

i will chop your nuts off

do it

Please

that guy in germany who got arrested for castrating people wishes he were me

alright now

how to load dylib into process

that wasn’t you?

maybe if he was a catgirl

i am

proof?

ask your mom

1. alloc space in remote process for stack and dylib name
2. spawn thread in remote process pointed at dlopen with correct arg registers
3. set mach exception handler to catch when your thread returns from dlopen and crashes
4. 

true

what the Heck

you asked

shit

no easier way

no LdrLoadDll on macos/ios

just use the injector tool provided by the jailbreak

your jailbreak has one, right?

Idk how taurine provides one

it has one

it's somewhere

libsyringe

/usr/libexec/libhooker/libsyringe <pid> <dylib path>

oh pog

is that on unc0ver

no

(eventually i have to deploy what i make to thousands of users)

oh rip

this isn’t how you’d normally do this

can i steal libsyringe and just deploy it on users that have unc0ver

since most people usually just let theos handle all the fun stuff

if you wanna get sued sure

aight bet

is it open source

oh hm

no

cynject <pid> <dylib> args

for unc0ver?

both

oh bet

cynject is just a symlink on libhooker

are there mach o tools like elf tools

scoopMachOTool™️

to do what

view exports

cock tool

you just need nm for that

    char* args[] = {pid_str, "scriptware.dylib", NULL};
    char* env[] = {NULL};
    execve("/usr/bin/cynject", args, env);

nice

am i dumb or is this supposed to work

regardless using it from command line isn't working

tried writing a file and even crashing

it won't do either

assuming it isn't running at all

what editor is that

probably vscode, but that theme kinda reminds me of atom

It’s called Atom one dark

At least that’s the one I use

it looks nord themed though

not one dark

Mayhaps, I was just replying to semvis

Does anyone have experience using AltList outside of a preference bundle?

Figured it out, endedup creating a face specifier

Sublime Text 3

I meant the text editor Atom lol, but yeah it's also a theme for vscode

Atom one dark is the theme of atom

default

I think

first arg needs to be /usr/bin/libsyringe

oh shit

right

uh

it’s fine

cyinject is just a symlink to libsyringe

it isn't working regardless

trying to exit(0) or force a crash with the command line isn't working either

dylib is signed

yes but to execute a command the first argument needs to be the path of the executable

im not talking about argv[0]

it is being run from the shell as a test

i was replying to cameren

o

Can anyone help with a flex patch pls 🙏🏽

!t crosspost

@lethal ice i remember you saying you no longer need to decrypt an apps binary to view it in ida after iOS 13, is this also true for dumping its headers?

Or do I still need to decrypt the binary for that

i popped stuff into ida just fine

no issues

ios 14.2.1

ida does have a warning that the app is encrypted but i can disassemble and decompile the entire app just fine

when ignoring the warning

no its not encrypted at all

Ah okay, thank you

no its not encrypted at all

nyo its nyot encwypted at aww

how do I decrypt headers

On device

No computer

never fear

there is a solution

https://github.com/dlevi309/classdank-dyld

or just use that

there's a classdump-ios as well i found on github

Amy

It doesn’t work

I tried

And all it does

Is say

Done. Check outdir

I check outdir

And it’s empty

well then u did it wrong

https://github.com/DreamDevLost/classdumpios

THAI WORKED FOR ME

BEFORE

I NESD TO TRY AGIN

worked for me on ios 12 before

@indigo peak which app do you need headers for

I use dsdump which usually works for most

http headers

Or just create your own

https://derekselander.github.io/dsdump/

Recommended read

oooo a nice blog

Discord

Dw I know what I’m doing

wait no

nevermid im dumb

Concord will be released before 2022

Everyone doubted me

Ill dump them rn hol up

Bc react native

But I am so depressed that I can make anything work

I am gonna dump the latest version if thats not a problem

Even better

^

I need 1.0

Yes sir

cumdump coming soon

me with aemulo for 8 months

True

there was a massive spike in my mood when things started working

@grave sparrow rate my xpc hax

oh no

lol I spent so long on that solution

Is that a good spike?

thanks bestie that’ll help the zero users make packages

Or a bad spike

I went from a synchronous notification wrapper to xpc hax

yeah

A spike of happiness or a spike of depression

when something you've worked on for so long starts working well

Because I got both from working on gameseagull for 4 months

cant

the reason i chose that xpc route is because passbook has that entitlement

seek help

I’m an suing your mother for my child support

@grave sparrow we do a little capt trolling

Ok capt go turn down easy 200$

passbook is an entitled bitch

yes

Go off jk9375

How tall?

do you want a dolphin with that

@indigo peak here u are pssy

i dumped the swift shit too if thats of any help

i like having all the shit in one file since you can just search through keywords easily

Thank

Sort of helps@me

: )

bruh ngl I love my new m1 air

I heard it’s amazing

Best purchase of my whole entire life, right next to my water flosser

It is bro, if you can get it then do it. I got it on installments for around 80 a month

For a year

On 0% apr

Idk I might get a Mac

Bc otherwise my only portable device is a chromebook

gameseagull2 for 1.99

Which I have to give back at the end of my highschool years

And then in college I won’t have anything

Find a way to get 80$ a month lmao

You need a Apple Card though, if someone in your family has one ask them

No one does

Mow some fucking lawns or some shit

L

Break into cars and hit a lick

I have no source of income

That’s what I used to do

Oh I hit an absolute devious lick today

I put tape over my computer science teachers mouse

lmaoo I hit a lick in my cs class in my ha

Ha

Hs*

Stole teachers blackberry phone

Sold it for like 400$

ha

ha

.

hs

Spent it all on weed

That was years ago

Stole a keyboard from my workplace fast food

Absolute amazing licks

Found beats in a car that was open, offer up

why is it called a lick

when it's theft

are you fr

It’s called borrowing for a greater good

yeah when i was like 16

In my childhood years

💀

I was down bad

Used to go around my neighborhood looking for open cars

Make sure you don’t fuck up the alarm

Because some cars have nice security

All beware of the red blinking light in the car

If you end up hitting one of those, get ready for the alarm going off and running for ur life

I believe in you fiore, go get urself a MacBook

I might just get one used

Bc who know what the state of laptops will be In 2023

Just sit on tweakbounty all day for a year

And save up

I know 3 devs who do that

time bomb

But do it 24/7 no sleep

Problem is

I lazy

Do it when they are asleep

steal all the clientele

if they say “I ll do it” reply under and say “No actually I got it”

lmfao

please someone

Fuck teamseas i will take the 1000

if u accept crypto

amd@make the app

and*

crypto being eth

not btc or shit

doge

是否有权允许二进制文件自动访问我的桌面/下载文件夹，而无需在系统偏好设置中授予权限

set com.apple.private.tcc.allow to an array of TCC constant strings (try strings on system binaries to find them)

of course

private
so you’d need to neuter amfi to use it

yeah unfortunately not because it’s effectively the same as codesign -s - (sign ad-hoc, ie with no particular private key)

does anyone know how to use libsyringe with a dylib you make

the command succeeds with correct pid and a valid dylib

yet not constructor or main are called

No

Not that I know of anyway

when you reverse engineer something so well that the author open sourcing it adds nothing new to your knowledge

Damn does Capt inc actually know assembly?

@grave sparrow

Cuz I spent 4 hours trying to fix syscalls and failed

UUGH I'm so close to getting my daemon to work but it keeps getting terminated due to the 6mb memory limit

anyway I can raise that?

I know it must be possible since sshd exeeds this limit

Damn

If I knew how to fix syscalls

Probably exceeded jetsam limit, which can be changed
Check this out https://github.com/PoomSmart/BlockEmAll/blob/master/README.md#increasing-memory-limit

however daemons live here in this plist file

Either that or optimize your code for memory usage harder

should launchd automatically add my daemon here when I load it since it isn't appearing for me

as no other tweak deamons are either other than openssh, I assume I need to manually add it?

I feel like I shouldn't change the global override value since that's probably in place for a reason

you might need to add your daemon's name in there i think

just fix them

nerd

True

I wish

I at least figured out to how to compile the assembly

Cuz I couldn’t figure that out before

lmfao

All the examples I were given by a friend were for 32 bit

Not 64

seems a bit hacky on apple's side?

unless this change is part of the unc0ver jailbreak

lemme check mine

hell yeah! I manually added a key for my daemon (I set the memory limits to 30) and it works!

could be modified since my wifid has an ActiveSoftMemoryLimit of 17

InactiveHardMemoryLimit is 14

which jailbreak are you on?

odysseyra1n, 14.8, iPhone 8+

I'm on unc0ver, ios 14.4.1

¯_(ツ)_/¯

hey is there anyway I can autorun a command after respring?

without any on device input? asking as my device bootloops upon jailbreak, but killing springboard and backboardd via ssh fixes it

why don’t you remove bad tweak

ceebs identifying bad tweak, cr4shed not showing culprit

idk then

bruh

just disable them all and troubleshoot until you find the issue

make a wrapper

doesnt go past apple logo, screen shuts off and loops couple times, eventually shuts off and reboots into non jb state, i think thats a bootloop

can you educate me on the difference?

your mom

Ratio

@grave sparrow not as bad as me doing this in bootrom

I accidently remapped the page to RWX but thats not a allowed at the same time unless you set other bits too so it crashed epically

@twilit jungle when you were using WATodayAutoupdatingLocationModel did you ever have it give the error The operation couldn’t be completed. (com.apple.weather.errorDomain error 4.)?

Nope

:/

is that an NSError?

Im running it the same way as always, but the completion handler returns that error

yah

are you doing it in Swift?

You can probably do something similar in objc but if you do String(describing: error) it will sometimes give you a lot more detail on it

4 is usually not reachable or refused connection

Ok thats good to know

Could be different in this case though

”// convert objective c to swift “ doesn’t always work

Thanks

I wrote this one my self

Smart

Ill try that, I may just do this part in objc

It helped me with NearField stuff, it would return a placeholder error but then doing describing would give something quite detailed

Cheers

it can

@grim sparrow lmao it made it worse

Somewhat accurately

Error Domain=com.apple.weather.errorDomain Code=4 \"(null)\")"

Yeah that does happen sometimes

Its always either amazing or useless

never inbetween

lmao

I never looked into it further

I'm guessing you've looked in the logs for potential warnings?

@grave sparrow
https://github.com/apple/darwin-xnu/blob/main/osfmk/arm64/proc_reg.h#L1139-%23L1155
here's where my research lead me though

does that make sense to you

the link

Yes, not seeing any

That being said perhaps Im not looking in the right place, where should I look

What you should do first is just filter to warnings and errors and you may get lucky

if that fails filter to just the process you're running as and or trying to communicate with

disable bit 54 and 53

I'm confused right now

I've found some code and I'm not sure what it technically does

try it

uint8_t * output;

output = memccpy(output, baseKeys->typeString, '\0', sizeof(baseKeys->typeString));

would this copy typeString into output but then set output to an empty unsigned char?

@grim sparrow it returns a pointer to the location of c, n is the amount to search

its searching for null terminator in the entire size of the string

yeah

the null terminator is at the end

output is the pointer to the end of the string afaik

not the string itself

If the character (unsigned char)c was found memccpy returns a pointer to the next character in dest after (unsigned char)c, otherwise returns null pointer.

@grave sparrow I can test it real quick

@grave sparrow the first link

disabled XN and PXN

Disable interupts:
MSR DAIFSet, #0xF

Enable interupts:
MSR DAIFClr, #0xF

probably need to save the flags tho

MRS #FLAG_SAVE_ADDR, DAIF
MSR DAIFSet, #0xF
CODE HERE
MSR DAIFClr, #0xF
MSR DAIF, #FLAG_SAVE_ADDR

idk what the correct order is

@grave sparrow SCTLR_WXN_ENABLED would be bit 19

oh it says it there

im blind

heres my SCTLR_EL1 dump

bit 19 is enabled

true

heres the game plan

that only lets W code execute

you still need to mark text section writeable

unless you are aren't patching text mem

like I am

the funny thing is despite WXN being abled, trampoline still allows for RWX by default

I don't quite understand how that works

Are there times where you need to add entitlements to tweaks? I can't remember

yes

there’s also those people who add extra entitlements to their projects for no reason at all...it’s great

Sounds like it

I have no idea why I cant update weather... I gave it all the ents the weather app has just for the heck of it, but still no dice

The tweak has the entitlements of the process its injected in

Well SpringBoard definetly doesn't have weathers entitlements, but I really dont think it would be wise for me to inject ents into springboard

For the record, the error is there in objc as well, so at least we know its no #swiftthings

Do you know what entitlement it is you need?

I have no idea as of right now, Im guessing its one of these, but I don't 100% know if it is an ent issue at all

Assuming what Dgh0st said is correct and its a communication bug, is it an XPC entitlement perhaps?

<plist version="1.0">
    <dict>
        <key>com.apple.developer.ubiquity-kvstore-identifier</key>
        <string>com.apple.weather</string>
        <key>com.apple.locationd.effective_bundle</key>
        <true/>
        <key>com.apple.locationd.prompt_behavior</key>
        <true/>
        <key>com.apple.locationd.prompt_from_background</key>
        <true/>
        <key>com.apple.security.application-groups</key>
        <array>
            <string>group.com.apple.weather</string>
        </array>
        <key>com.apple.security.exception.shared-preference.read-write</key>
        <array>
            <string>com.apple.weather</string>
            <string>com.apple.weather.internal</string>
            <string>kCFPreferencesAnyApplication</string>
        </array>
        <key>com.apple.security.network.client</key>
        <true/>
    </dict>
</plist>```

Perhaps, these are the ents that the weather widget has, the ent I would think is most likely is either the locationd or the network

Weather widget is hosted in SpringBoard

Atleast it was at one point not sure about newer iOS versions

you’re a widget hosted in springboard

Does HSWidgets run on ios 14? I tested your weather model and it gives the same error that mine did

It does not, because iOS 14 has native HS widgets

I thought it ran as a separate process?

Similar to how something like a keyboard extension runs

Yeah well you are remote view

Well, I could go WeatherGrounds route and hook the widget

no me and springboard are like this is bro 🤞🏻

So just to make sure, there isn't a way to dynamically add ents, other than like manually signing a target process, which I already know is a terrible idea

well

I mean there is

you could hook stuff if you wanted to go that route

e.g.

https://github.com/hbang/TypeStatus-Plus/blob/master/assertionhax/Tweak.x

tf

you know its good when its called "assertionhax"

In Aemulo I was able to get lucky with my xpc stuff

and use a workaround that meant I didn't need to add entitlements to Passbook

So just return true on entitlements I need

What are the rammifications of using this

that any process on the system can use that

oooh...

hm

So its up to you how bad you see that

Let me see if this even fixes the issue before I descide lol

Could you not just make an external tool that your tweak calls to get it?

that way you can entitle it how you want

That is a very good idea

Let me just go do that

Its up to you if you want to only let your tweak call that

Only other tweaks would be able to use it so its not a huge deal?

I saw lol

any follow ups on this?

Figured it would be something like that

Yah I’ll try that route, it’s definitely a entitlement issue

L

F

smh literally no one knows how libsyringe works and coolstar wont respond to pings

@plain python someone needs help with libsyringe

not surprised most of their pings for jailbreak related servers are off

(here)

attention all active users of development

@grave sparrow is a bitch

only if my issue isn't solved

dylibs don't have a main

that's not the issue

i tried making a main because constructor wasn't working

neither are running regardless

show ur code

if i remove the main will that somehow make a difference and make my constructor run

#include <cstdlib>
#include <cstring>
#include <string>
#include <filesystem>
#include <fstream>

__attribute__((constructor)) static void scriptware_main(void)
{
    printf("hello\n");
    std::ofstream F("test.txt", std::ios::binary | std::ios::trunc);
    F.write("hello", 5);
    F.close();
    *(int*)(0) = 'pepe';
    return;
}

int main(int argc, char* argv[])
{
    printf("hello\n");
    std::ofstream F("test.txt", std::ios::binary | std::ios::trunc);
    F.write("hello", 5);
    F.close();
    *(int*)(0) = 'pepe';
    exit(0);
    return 0;
}

tried exiting, crashing, writing a file

none runs

yes

just to indicate

my shit ran

none of the code is even called

./libsyringe pid dylib

dylib has entitlements

ents don't matter for dylibs it takes the parent processes

try it with a tweak injector to see if it works

Yea

its a part of libhooker i think

It is

if you can get it to work lol