#development

Perhaps Im stupid hold on

Ok I'm not, it needs the file descriptor

Looks like zebra doesn't support finish:

https://github.com/zbrateam/Zebra/blob/86312f07646dcbfa3fc44df4d90385cb5160f539/Zebra/Tabs/Packages/Helpers/ZBPackage.m#L82-L149

It doesnt, I'm working on it right now

there is also uicache:(1|[Yy][Ee][Ss])

Can you expand that for me

and finish:(return|reopen|restart|reload|reboot)

oh and all of them run uicache

k

bro there are a lot

just do a case insentitve check for yes or 1

(1|[E-y]{3})

Alternative solution, just do sbreload in postinst and hope you don’t break anything

Read the second part

you can do ( sleep 5; sbreload ) &

That is very true

hopefully that 5 seconds is enough for whatever needs to happen

finish:return - nothing
finish:reopen - reopen cydia/zebra/sileo
finish:restart - respring
finish:reload - sbreload
finish:reboot - ldrestart(?)

Yes

(I think from taking a 5 min look at MobileCydia.mm)

Oh btw Cameron

now I wanna burn my eyes out

yes?

I find it very funny how you made a funny remark about me taking an hour longer than I said to make a PR and now it’s been sat open for over a week

mobile cydia implies the existence of desktop cydia

it’s not agnostic

doesn't support odysseyra1n

or checkra1n

I copied the logic from libhooker

Literally every jb that runs Procursus supports userspace reboot

i will make a truly free version of libhooker

Why does the old logic need to exist

librehooker

no, older odyssey versions didn't iirc

It will do nothing then

If you call reboot3 and userspace reboot isn’t available nothing happens

oh fr?

So it will fall back to the previous logic

Making the if check slightly redundant looking back

so you can just remove the plist part i guess

It does appear that way

is that true all the way back to iOS 11?

I have no idea about 11

Do those 3 users care?

no user space on 11

ok, well 12 is the lowest target I care about actually

no jailbreak supports that and pro doesn’t either

So surely it’ll do nothing then

uikittools-ng kinda supports it

did you test every bin on 11 dog

uikittools-ng is bootstrap agnostic after all

does electra use ng on 11

buy a correlium vm for me than

pre-procursus ng obviously

no

Just use the free trial

from uicache(1):

Later, it was reimplemented by CoolStar for the Chimera jailbreak on April 30, 2019.

Nice

can I be added to beta.anamy.gay? I'll merge your uikittools-ng PR tonight after I finish some physics hw

which I should be doing rn

after I test it ofc

If you remove that if check it should work fine

I tested it on checkra1n ora1n and taurine

I would never merge something without testing it first

But I know it works on latest chimera and odyssey

And it should be fine on older versions

coolio, are there any jailbreaks that don't support userspace reboot

rootless ?

does that count

No

then no

my only device is running 14.8

still waiting for check to fix their user space reboot bug

gonna patch pongoOS to not enable it

what's wrong with it?

it mounts something every time you run it

Apparently ur UDID is now added

forget what it was

maybe it was binpack

is reboot3 in xnu source?

actually

lemme check something

which could simplify my code a lot

i think so

see I'm just thinking now

could you check the return value of it

and then use that to see if it worked

yes

if ret != 0

something went wrong

I mean, if it succeeds execution will end...

not entirely

theres a slight delay

because it runs async

if ret > 0

I can't believe they implemented reboot 3 times

best

it will never be a negative

the internal implementation is just

if (ret) {
throw
}

what's the difference between reboot, reboot2, and reboot3

reboot so good they did it thrice

lovely

reboot my beloved

reboot(2):

RETURN VALUES

If successful, this call never returns. Otherwise, a -1 is returned and an error is returned in the global variable errno.

https://man.cameronkatri.com/macOS/reboot.2

not sure about reboot2...

or reboot3

true

malware pages

“never negative”

it’s always better practice smh

1994 docs lied to me

i wish swift could have functions that exit a closure or something

i’m not sure how to say it

you mean

reboot2() returns itself...

void *
reboot2(uint64_t flags)
{
    mach_port_t rootbs = MACH_PORT_NULL;
    (void)bootstrap_get_root(bootstrap_port, &rootbs);
    if (vproc_mig_reboot2(rootbs, flags) == 0) {
        (void)mach_port_deallocate(mach_task_self(), rootbs);
        return NULL;
    }

    return reboot2;
}

return

func something() {}
guard true else { something() }

https://github.com/apple-oss-distributions/launchd/blob/main/liblaunch/libvproc.c#L902

and something does the return implicitly

return something()

its not that bad

thats why you use exit()

which would do what you asked

yea true

just not the best way

just show a warning asking the user to restart the app

ok, is reboot3() a syscall or a function?

it exists

I'm gonna throw it into ida ghidra

to see what it's actually doing

and what it returns

@grim sparrow if it was a thing reimplementing fatalError 1:1 would be possible to use a custom logging system

idk

I'm on FreeBSD

yeah

but like

avoid fatalErrors anyway

gonna do this after I finish this hw 😭

bye

overriding fatalError like i do print

nerd

I was right

be back in like an hour or two

reboot3 is only ever positive

or 0

nerd

ok but what if you are a reboot 2 user

what are you on ios 3?

@nonreturning func piss() { fatalError(“anal”) }

would be fun

int ret = reboot3(RB_HALT);
if (ret)
  INFO_LOG("Failed to shutdown");

why

lol

true

thats taken from powermanagement

source

nfr

somewhere theres probably a list of defines

was keychain source published intentionally in the end

putting pmset on procursus

as to what the error is

it is currently 2:38am

is it in my best interest to sleep or keep studying

Seek therapy

https://github.com/evelyneee/accord/blob/main/Accord/Backend/RPC/IPC.swift

Should i finish this

?

that’s the real version

i really have no idea what i’m doing if you can’t tell

https://tenor.com/view/clash-royale-emotes-thumbs-up-smile-gif-14309344

which do you want?

reboot3

no, like which ones? all of them? and you want the defines for reboot3(flag)'s flag, right?

no

the return value

I have all the flags

oh, not sure if I have that

int ret = reboot3(poo);

list of defines for ret

I'll let you know when I get to my computer

i.e. what error they are associated with

I have one question than 4 pages to read, than I get them for you (if they exist)

@grim sparrow

@result
NULL if the operation began successfully, non-NULL if there was a failure.
In the event of a failure, errno will be set to an error code describing the
failure

That’s cool

wait no

that's reboot2

@result
Zero if the reboot operation began successfully, otherwise an error 
describing the failure.

this is reboot3()

oh weird, it has va_args...

ah, some types of reboots have args

began

Meaning it could run async

However

hmm

yeah it may be worth just doing a check ngl

m yess reboot0-9

I wonder who has the job of deciding when to make a new one

Person just woke up and chose violence by making reboot4

i'll skip 4

thank you for your contribution, can’t wait for reboot5

https://tenor.com/view/clash-royale-emotes-laugh-smile-king-gif-14309345

bozo

@grim sparrow your PR looks fine and I want to merge it but testing it is a huge pain, cause 1. I have to figure out how to force it to fail to make sure the ldrestart continues like it should and 2. if it fails and does a full reboot I can't rejailbreak unless I boot into odysseyn1x

and merging something without testing is very unlike me

ooh, new sileo icons

merge without test is the way

nah, that is very unlike me

smh

totally out of character

test with an old chimera / odyssey build

if you don’t have the devices make keto do it

troll

my only device is on 14.8

This is why you steal ur family members old phones

I did

not enough apparently

but they got taken from me when I was grounded and this is the only one I got back

sometimes i be forgetting not all of you are as boomer as i

if ( (*(_DWORD *)((_BYTE *)&_vm_region_recurse_64 ) & 0xFFFFFC1F) == 0xD61F0000 )

Can someone tell me what's going on here. This is decomp output from a function used for jailbreak detection (I think?) It's getting the address of vm_region_recurse_64and dereferencing it? but why

that's used as a guard clause to break out of the function but i don't get why

nice profile picture dog

hm this is IDAs decomp

Can you make a tweak in

Swift?

Considering this JSON:

            "user1": {
                name = 'John',
                surname = 'Doe'
            }
            "user2": {
                name = 'Michael'
            }
        }

How would you retrieve the list of usernames in Python?

I need this output:

user1
user2

I tried this approach, but it just prints the whole list of data:

for user in user_data:
  print(user_data[user])

lemme try

i think just list(dict) should do

there's ten ways to do anything in python

only one pythonic way thoufh

the real python way would be importing a library

think that's the rust way

🚀

fast 🚀 safe 🚀 maintainable 🚀

This worked, I had no idea this existed

minimal 🚀, blazing-fast 🚀 , customizable 🚀 , memory safe 🚀 program written in Rust 🚀

Yeah I only needed the actual key, to replace the value I can do it other ways

the apple engineer when he enables the arm64e abi for appstore apps:

d61f deez nuts

I retract myself from this statement lol

@grave sparrow wanna see me screw up code live

imagine having classes in january

you can upload to app store connect too

assuming 15.2+

I'm trying to print now all the values within

for data in user_data['user1']
    print(user_data[data])

Expecting:

name = 'John',
surname = 'Doe'

d61f0000 is br x0

brx0

no idea why that would appear as the first instruction of anything

trolley

void trolling(void (*gaming)(void)) {
       gaming();
   }```

that

inlined

you asked

yep it's checking against br x0

me trolling tweak developers by putting in fake checks

but why vm_region_recurse_64

me hiding racial slurs in tweak binaries

theres one in settingswidgets at offset 0xb0??

do you need to write that like an essay

real

hoes

ugh

it would be really funny if apple allowed appstore apps to modify pages

it would

theres no jit so yeah

everything would have custom encryption like on android

ill just go buy an android and stop getting updates in 30 days

and that function is called from __mod_init_func

mod innit func

briish

oi do you have a loicense for that bu'er knife there

i only have a porn license

f#Q4fa

IDA Pro 7.7 SP 1 Crack 2022 Full No Survey No Virus

dm for link

you so guys making code for tweaks whilst i’m out here doing blocks for the micro:bit

An arduino aimed at education more or less

Hi, I have this problem. I run openvpn connect (iOS 14.7.1, u0), but not all traffic is routed over the VPN, this affects mainly Apple services (apns, iMessage). I figured out this is due to the ContentFilterExclusionList in the Info.plist of the NetworkExtension.framework (/S/L/Frameworks/NetworkExtension.framework). Would it be safe/even possible to just edit the plist and remove the entry, or would it be better to develop a theos tweak to hook the plist reading to not return the values (problem is I have no experience with theos and objc). Thanks for your help.

the best approach would be to hook wherever in NE.framework it reads that list into memory, it might be a pretty easy tweak to make actually. but if you're just wanting this for yourself, you might be able to get away with just editing that plist manually (keep a backup of the original file before you change it)

I believe this exclusion list has been super cut down in iOS 15 by the way, there were complaints about it being so broad

    0 => "/System/Library/Frameworks/NetworkExtension.framework/PlugIns/NEIKEv2Provider.appex"
    1 => "/usr/libexec/nesessionmanager"
    2 => "/usr/libexec/neagent"
    3 => "/usr/sbin/racoon"
    4 => "/usr/sbin/pppd"
    5 => "/System/Library/PreferencePanes/Network.prefPane/Contents/XPCServices/com.apple.preference.network.remoteservice.xpc/Contents/MacOS/com.apple.preference.network.remoteservice"
    6 => "/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/Helpers/SCHelper"
  ]```this is what I have on macOS 12.1

so if you want to cut it down, I'd recommend filtering it down to just those (#5 wouldn't exist on iOS, not sure what the equivalent would be)

Yeah people complained about it on sur so Apple removed it in the later versions, there were a lot of news articles about it

Thanks btw I’ll look into it

Updating cydia to use libapt-pkg6 is surprisingly difficult 😭 @restive ether @lime pivot

Cydia uses like every single deprecated method

But deprecated to the point of removal

Not just compiler time warning

thanks person with manage messages perms

idk im being non-specific by default

that’s awesome bro

gm

😭

Why am I doing this? Cydia is gonna die in iOS 15 so there is literally no point

memes

Boomer memes

BoomerInstaller.app moment

so I experimented with the NetworkExtension framework, but it's not behaving as I expected, I removed the exclusionlist entries, but nothing changed, so I decided to add another app there, I put in the bundle id of the Speedtest app (com.ookla.speedtest) and expected it to show my original ip and not the vpns, but it was still being routed thru the vpn. I did a ldrestart and launchctl reboot userspace. could it be that I need a full reboot (which will unjailbreak) or is it more likely that I'm just hacking at the wrong file?

my dad is in jail

weird flex but ok

i might be approaching this wrong, this is a statement from some vpn company from when the problem was in big sur, the routing issue is probably not related to the content filter exclusion list as a vpn is not like a firewall/blocker/something

can I "simulate" collecting daily tasks in a mobile game via requests from my PC?
example: collect hourly coins in Soccer Stars via API request from PC

where is actual exploit development discussed? are there any open forums where people collaboratively develop jailbreak exploits?

hackdifferent

https://hackdiffe.rent/

but most vulnerabilities used in jailbreaks are found individually

@ocean raptor thanks

https://hackdiffe.rent/apple-knowledge/

@faint timber did you ever get to test ldid with that one commit reverted on your A15?

@ocean raptor I can now I just charged all my devices if you want me to test on all of them lol

Yes please

These artifacts https://github.com/ProcursusTeam/ldid/actions/runs/1719182850

Or you can just checkout the fix-15.1 branch

none of my devices have ever touched 15.1 tho

thats no the problem I've been having

I know

I named it that cause I reverted the patch I did for 15.1 which according to git bisect is what caused the issue

that if sha1 line broke passwordless somehow?

Technically it should be called fix-authority but I'm lazy

I tested master and that branch using a cert without a password

On M1

Both worked

iPod 5: 7.1.1
5s: 7.1.2
iPhone 6s: 14.8
iPhone X: 14.5.1
iPhone 13 Pro: 15.0

are these fine for testing?

Yep

Perfect

What hashes does iOS actually support? Just sha256 and sha1? Or do they also support sha512 etc

CryptoKit has sha256 512 and 1

more like Crypto Cringe am i right

Test with and without -Hsha256

see

the thing is

to use sha1

you have to accept a warning will forever be in your code

as its like

thats not allowed

SHA-1 more like mega cringe ha!

its even marked as part of insecure

@ocean raptor

passwordless no work

Ummm

my p12 doesn't have a password

Is this the artifacts?

yes

M1? x86?

x86_64

I'm on a ryzentosh

https://stackoverflow.com/a/56619466 Anyone know what the "packageID" param is here?

the literal package id...

eg:

net.angelxwind.appsyncunified

I meant how is the function in the answer reading the packageid

its user input

-I means info not install

-i is install

and install would be a file path to the deb

-I info is for the package id already installed

Really all I want to know is just how to run commands with obj-c

because no answer is direct

it's either in swift or just says "use x header"

nstask is correct but objective c is a boomer language

Go ahead then, explain how to hook swift

orion

those bastards lied to me

oh

yah idk

its probably pinned tho

@faint timber try this bin....

no crash

So it fixed the issue that you opened the issue for

But it GH actions' x86_64 macOS build is not working correctly

it still can't validate the codesignature when I install it tho

Oh...

Does codesign -dvvv show the authority?

that was the original problem too

also it doesn't install on my X either

not just an iOS 15 issue

Ok, so the authority is getting set now

But it still doesn't work?

yep

codesign still works with the same app

Would you be able to run a git bisect for me?

maybe I'm using ldid wrong for valid codesigning?

tried these two formats

Try just ldid -Kkey.p12 -Sents.plist whatever.app

(I've never tested this, I just know ldid supports specifying a .app as the file to sign)

still failed lol

why do you need to hook swift

???

You’re trying to run commands

lmfao

braindead moment

@tepid olive what's the proper way to legit sign an app with ldid?

bending down and praying

True

let me ask bingner

I doubt he'll know

@snow python

Lmao

ayoo kermit getting laid

Doing better than 99% of rjb

kermit the flop used to be my old discord name

🤞 🤞

did kermit consent

https://tenor.com/view/mickey-moue-how-to-kill-read-reading-planning-gif-5173960

Depends on what type of class/method you need to hook.

https://www.securify.nl/en/blog/hooking-swift-methods-for-fun-and-profit/

this is pretty informative

bump

yes

Didn’t we give you resources you could use to do that like a month ago

Mitmproxy

N check the requests being sent

Then just make a python script or use httpie to send the request

And as long as there's no token that's generated for each request by the app

Unless they change their auth key lmao

Yea

Yup mitmproxy gives you the option to export to curl

User-Agent: python3.9

Yup use mitmproxy, export curl command and use https://curlconverter.com

Its handy asf

I still haven’t finished mine

I am in calculus 2 and we are reviewing on calc 1 since we are going to be using everything we learned in calc 1

It sucks

completely true, just wanted to double check on it

Uh idek what year, i am in community college rn finishing general ed so i can transfer to a another college. I am 3rd year but i barely took classes the 1st year since i was working full time

No i am completing my general ed before going to a 4 year lmao

Saving money

Its the smarter way, alot of people that were way smarter than me in HS ended up doing that, you would think they went straight to a ivy league or a good college or something

@grave sparrow

last

last

see they probably don’t have 100k

im still last

just like 99% of us

@grave sparrow

give me zefram

Exactly, idek what college i wanna go to. Right now i am completing all required courses for UC schools

Since i live in cali

hell even if i did have 100 grand i wouldn’t go an ivy league

Yes

r word

im in quebec

Starting my lemonade stand

n

erd

i forgot to finish my word mb

dont you live somewhere on the east coast

like fucking vermont or something

your mom and i got a summer home in vermont

lmaooo

if someone gave me 100k to go to college I’d go to the cheapest non-garbage one I can find and pocket the rest

I mean, in Australia a CS degree is like $35k

so if you gave me 100k for that you’re crazy but I’ll take it as a gift for my startup 🙃

nfr

idk man

i dont think anyone lives in vermont

tbh

Take a flight to Argentina and uni is $0

I don’t wanna go all the way to Argentina, europe smells bad

americans.

American geography moment

Okay I’m not that dumb, I know that Argentina is in Asia

Not Europe

🙄

argentina

asia.

dumbass fiore.

didn't expect anything different though.

ok but fr though

I’m not that dumb

It’s in Antarctic

See the A’s match up

So it’s the capitol

And since it’s freezing there, no one wants to go to school there

That’s why tuition is free

Obviously

shut the fuck up.

who wants to jailbreak their iOS 12 device with chimera 1.5.x for me?

bro I have a 5s but idk the password on it

it’s a long story

umm, restore with ipsw...

then do a icloud bypass

definitely not related to this message but

Checkra1n doesn’t work on a7 Linux

Because devs are shit

I took a flight to Argentina to get cheap youtube premium 🙃

I mean, you weren’t wrong. It’s in America. Just like I’m an American, just not from the United States of AMERICA

I’m paying a family plan for Spotify and I’m paying cents; don’t tell them

man I want to try and get cheaper Spotify family but if I touch anything about my subscription, they'll force me to enter my address

on principle I just don't want them to have it, even though it is my real family on there not my friends

i have a family plan with 5 of my friends and my friends dad pays for it

did they ever do the thing they planned on doing which involved stalking the members on the plan to make sure they lived together

Clearly not

sucks to suck

you have to provide address now, but I'm not sure if they even enforce the rules

I don't know how they even can

what if I travel for a month, will spotify yell at me that I don't live at my home address any more

well "have to provide" --> if you sign up fresh for family plan or make any changes to an existing family plan

probably would

dad ended up making a 2nd spotify login because idfk how, and I can't even change his email on the family plan cause I have to give address first

I prolly should have showed him songshift now I think of it, oops

i haven’t gotten song shift to work properly since apple changed their API

what a shame

I have a family plan

they probably have my address

it's great except that my dad disabled explicit songs

can someone test this https://cdn.discordapp.com/attachments/688122301975363591/935367482854768730/ldrestart and lmk if it works

doesn't work on windows

thanks guys, very helpful

My family account is in the US while I’m in EU, I don’t think they enforce it

When you join the family you just have to provide the address, don’t need to be there at that time

Unless they changed that since

Doesn't work on macos

🙄

Ok so what do you want me to do with this

sudo ./ldrestart

Or su -c ./ldrestart?

or that, yeah

Or su -c sudo ./ldrestart

why do you Use Windows

Is it gonna fuck my shit

Like real ldrestard

it will userspace reboot, but if that fails than it will ldrestart

ldrestart -luv 👀 @restive ether

@grim sparrow how do you feel about adding options to ldrestart to

1. skip userspace reboot
2. print the error message from reboot3() (fprintf(stderr, "Warning: userspace reboot failed: %s\n", xpc_strerror(userspaceError)))
3. don't ldrestart if userspace fails

sudo su -c sudo ./ldrestart

bruhh

ah yes version f365fe, a good vintage

If i found a vulnerability in a service’s network api that allows me to change crucial information about my profile that should only be changed by an admin. What should i do

Should i report it, or just keep my mouth shut lmao

chariz 😄

pickax 😁

Is that a desirable default?
You could have -u for userspace reboot and -s for systemwide reboot (or something)
And always print error messages somewhere (unless you add a verbose flag)

I decided on always printing to error and adding -f to force a normal ldrestart instead of a userspace reboot

but we still need a way to detect if userspace reboot is supported

https://github.com/ProcursusTeam/uikittools-ng/pull/46#issuecomment-1020827514

It was also brought to my attention that checking the return of reboot3() will not work as a gauge for whether userspace reboots work. For example, on versions of Odyssey before 1.3.0, reboot3() will work but jailbreakd will not persist, losing the jailbreak. This will also not work on Checkra1n, where a userspace reboot will appear to work fine but actually cause issues.

huh really, it's broken on checkrain? like what happens?

is the answer possibly that loaderd doesn't survive the restart? considering it lives in the dmg, which I have a feeling could become unmounted due to the restart

loaderd or payload, can't remember what the process name is now

luv restart

🥰

innit

on check it gets mounted every time you run userspace

so you can have like 60 instances if you try hard enough

oops

has, uh

release a semi untether that doesn’t ruin ios core services challenge

(impossible)

has someone actually reported this to the checkrain bugs repo

probably not i don’t think anyones noticed because they take up such a minimal amount of memory no one would notice it unless they were looking real hard

sounds like at least you know and should have reported it 😬

someone showed me it, i’ve never used a checkm8 based jailbreak before i assumed they would’ve reported it

aha fair

just would have been nice to fix, like, long ago, hah

considering that code has only changed minimally since initial release

judging by my quick issue searching it doesn’t look like they did and i’m forgetting who showed me it

you can probably easily check to confirm it’s still an issue and someone hasn’t accidentally fixed it, but i doubt there’s been a new release since i last heard about the issue

only time that code has changed as far as I remember is because some iOS release (14? a point release? idk) broke it very subtly

so either we fixed it by luck then, or it's still broken, I guess

14 brought in the sep so they had to work around that

for a7-a10 it wasn’t too big of an issue

not talking about that

it was specifically that dmg mount broke

o

ah i found who showed me

it was nick

#840294945553907763 message

very nice

it seems like a rather inconsistent issue though

lmao

to your credit you suggested reporting it #840294945553907763 message

oh well

yeah i just read that

better late than never i suppose

i hope someone can reproduce it at a minimum and it’s not nick being bored and breaking it somehow like he usually does

heh, well it’s an edge case for sure but still one that should be fixed

Not an edge case, it happens every single time I userspace reboot

anyone have any tricks to like

do stuff

I exported a React Native project into a payload folder, sent to zip, changed the zip file type to .ipa. I'm getting this error when I try installing the .ipa to a jailbroken device. Anyone know how to fix this?

maaaannnnn

fuck react native

just don’t not don’t

wut

Is Theos better? For app development

my brain cells

yea

make do

repeat

Is there a way to use react native at all for this? Because I have a strong web dev background so react native is much easier to use than theos

yes

Just when you don’t do something, don’t do that, but since you wanna do something, don’t not do the not-ing

import react frameworks

thanks i’m cured

@crimson plover you’ll want to setup theos via the guide

then make a new app project

then add the react frameworks

https://theos.dev

and then you can build it however you would in xcode

Is it a private framework

i mean it’s a public sdk

so

So is it just TWEAKNAME_FRAMEWORKS

and what would the name be

react-native

?

you have to add them manually i think

an then do that

yea whatever the name is

Idk the name, was asking if you knew it

no

I have theos installed already. On win 10

i don’t use shit frameworks

wsl linux

I swear by the time I finish tweaking discord, they’re gonna switch to a native app

professional developer

sexy theme 100/10

Do you guys think it's smart to program an ios app on visual code using theos?

that’s what I do

Without xcode

wsl Linux theos and use vscode

Sweet that's my setup

I have a lot of confusion with theos tho

I mean react native is basically javascript so

It’s not that hard

It's just cuz I've never used it

@lime pivot react native theos template wen?

fair enough

It’s pretty straightforward

I think

I tested exporting the template of swift_app (option 4) using make. Works great

But

I have no idea where to start with my code 😂

I see the table thing they have going

start your code in one of the .swift files

Duh

🗿

wen you upload it

Ik ik

git pull

bruh moment

I want to make a theos template

And then I get a contribute on the repo

???

And then I get advanced dev

profit.

waiting for the safari extension template

If I get advanced dev for it

yea dawg

you will

fo sho

What's the easiest way to install libs to a theos project?

Can you do it from the command line?

Or do you have to install from git and place in a lib folder?

most people add it to $THEOS/lib and then just add a line in male file

makefile

or just add a lib or framework folder to project root and add -L./lib to ldflags

male file
Tweak.male

It’s how iOS caches your emales

Wrong, every tweak dev is trans, it should be Tweak.female

I am not trans.

same

Wrong

lmao true tho

Finally getting my thigh socks 🙏

every linux user be like

@primal perch Okay cool. First option sounds the easiest. So I'd add a line like this: 'demo2_FRAMEWORKS = UIKit CoreGraphics', but where would I reference the library file location?

To the makefile ^

tweak_LDFLAGS = -L./liblocation

or something else for frameworks i haven’t used clang in a while

i just deleted my entire linux install because swift wouldn't work

I'm trying to export a theos project using the SwiftUI framework, but every time I open the app on a jailbroken device, it crashes instantly.

Do you have a crash reporter installed?

[[cr4shed]]

Let me install it

It's ios 13.3.1

iphone 7

As I suspected, it was from trying to load the SwiftUI framework

Does anyone know where the sourcecode is for SwiftUI?

This is the log

Not SwiftUI, but I reimplementation of it https://github.com/TokamakUI/Tokamak

what am I forgetting

@grave sparrow I created a new swift app and only have a view with Text("Hello World"). I'm still getting the same error. Also, I have support in the make file for ios 7.0-14.5

The default for new projects is 7.0 so I just kept it as is

And no, it's as basic as possible

Where is armv7?

So change

TARGET = iphone:clang:latest:7.0

to

TARGET = iphone:clang:latest:11.0

no keep armv7

what about the 2 people using iphone 5

Lol

I changed to 11.0 and compiled

Same error w/ the symbol

I installed on an iphone 8 with ios 13.6.1 and same error

I am literally only trying to make SwiftUI work on a jailbroken app. Idk why this is so difficult. Thus why I wanted to code this app in react

ghost blah blah blah

I only have SDK 14.5 installed

Could that have something to do with it?

it should’ve thrown a compile time warning if it was 14 only

and asked you to wrap it in @available

Note that I am doing this on linux

no wonder

/s

It doesn't compile the same as xcode

I may need to

lmao I feel like a noob with theos. I appreciate your efforts capt

I may need to reverse engineer an IPA

You may be able to help me read assembly

@grave sparrow can zefram hook swift?

cool

zefram is for macOS right?

SIP needs to be disabled, I assume

yeah i can

fr

parker-stephens 🙏

no way

capt face reveal

why are you using NSTask

it’s called Process now

no

no he won’t

ok add me

there’s enough people

im not a person

im an italian

i dont think he needs anymore context, right

[image]
your mom thinks it will be a good idea to add me to the gc

@tepid olive Using theos, is there a way to have swiftUI applications on ios 13?

Yes

add me to the group chat

shutup capt

i am 18 now

i am mature now.

@wild hatch

?

joe

too much work

Is there any reference code for doing that?

add me to group

if i was in le group i would

but im not

L

@grave sparrow add me into group.

in a group everyone can add

Oooof

scammer 😔

@balmy mantle

.

which slurs do i call him to add me

he not even asian.

ill call him italian slurs

@grave sparrow what is the name of the group chat called

@misty cradle L

ok everyone agree please

thank you

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

buy me a new macbook

and I'll add you

i am broke.

i have less than 36 euro on my bank account

😔

just make akara 2

these mfs are broke @grim sparrow

we need new hype

when ios 15 jb

omw to release

thakn you 🙏

@grave sparrow how many have agreed yet??????????????

read.

there was a tweet in response to tanner by an apple engineer lemme find it

I though tale is Indian

yeah he is

Then he is Asian

one would not typically call that asian

^

working on it

ok

https://twitter.com/pedantcoder/status/1282383317346611200?s=21

There's a whole thread, but that's the important part

Basically injecting into every process stops the closures from being used

Hi, I'm really sorry that I'm bothering you again, but I'm really confused by this. To recap the issue:

iOS does not tunnel all traffic through NE Packet Tunnel Provider VPNs (I don't know how it is with native ipsec). A lot of Apple services seem to be exempt ( I noticed APNS, iMessage and Facetime mainly) This is also mentioned on the OpenVPN (app uses ne packet tunnel provider, I checked that) website: Apple services such as Push Notifications and FaceTime never route through a VPN tunnel, per Apple policy..

• I went and found that there used to be an issue in Big Sur, regarding firewalls not blocking certain Apple services. It was an entry in the Info.plist of the NE framework containing a list of executables/bundle IDs etc. called ContentFIlterExclusionList. Editing it in macOS supposedly fixed the issue and it was later removed altogether in Monterey due to public backlash (probably) - https://tinyapps.org/blog/202010210700_whose_computer_is_it.html

• As per suggestion from this Discord I tried editing the plist and removing the entries. This however caused no change even after a ldrestart or userspace reboot. I also tried adding in a bundle ID of another app to test whether it would get routed outside the VPN but again, nothing. I even tried a full reboot and rejailbreak (at that point I was on a different device and just adding the new bundle, not removing the og ones, but still, nothing)

• I read some more and got confused whether the ContentFilterExclusionList affected only like content blockers/firewalls or also VPNs and got some conflicting information, but it does seem it should also affect VPNs

• After this confusion I went and examined other frameworks (running strings on the executable) and plists related to networking, but couldn't find any trace of a similar list. Besides, NetworkExtension is the framework related to the VPN stuff, it should be there. It also doesn't seem to be enforced on the app side (nothing in strings on OpenVPN binaries, or Passepartout (oss openvpn reimplementation for ios/macos) code on github)

• Checking the route table also yielded nothing, no strange routes everything seemed to be set to go thru the utun device when VPN was connected

• Another interesting thing is that the ExclusionList while removed in Monterey is still present in iOS 15

• To add insult to injury when wireshark sniffing the traffic from my iPhone (14.7.1, u0), all sorts of crap was running outside the VPN, well mainly APNS and I was trying iMessage so also that. But when trying on iPad (12.5something last supported, u0) there wasn't a single TCP packet that didn't go thru the VPN even though the NE plist looked the same

So my questions at this point are:

• Am I looking in the wrong place? Cause I really have no idea where else it should be located and this seems pretty obvious.
• Is there something I have to do to the framework to make the changes visible? Like signing it or reloading it in some special way or I don't know.
• Should I approach fixing it by force routing the 17.0.0.0 subnet for example to the utun interface (that's where APNS is, you can read about the IPs and ports for different Apple services on their website). This seems like a stupid idea

Many thanks If you find some time to read this and answer.


iOS

I'm not sure what dylib you're looking at but the solution you're describing is already a thing minus the dlclose because it caused some issues iirc (check substrate changelog). SubstrateLoader.dylib does the deciding in what to load (written in barebones C for extra performance), tweaks then link against libsubstrate which is the dylib the handles the hooking. SubstrateInserter.dylib also exists but I'm not totally sure what that does.

i don’t think substrate ever addressed those kinds of issues

substitute / libhooker to some degree did

but not fully

I have no idea about dyld3 closures but Substrate, substitute and libhooker all have a dylib that injects system wide but depends on nothing and I think for Substrate and substitute at least they're written in pure C. I think that guy on twitter is implying that a single non apple dylib injecting into a process is destroying dyld3, but not sure.

I think a possible solution could be to handle all tweak injection from a separate process and not by a dylib that injects, but then again I have no actual idea how the injection is working in the first place and whether something like this would even be possible (like instead of injecting SubstrateLoader, whatever injects that would parse the filter plists by itself and inject the matching tweaks instead).

fair point, that's definitely an issue

tldr

I would consider that an edge case considering sure it can happen, but how often does a user really do that

some people do it all the time

there will always be someone on r/jailbreak that does a really weird thing for no reason

it’s kinda become the de facto option to fix issues you can’t directly diagnose, so a fair bit

some might still be using ldrestart but at least with procursus that’s going to change so

yeah, but it’s still very infrequently used

oh yeah you won’t end up with 60 mounted dmgs like nick did

but you’ll have a handful probably if your uptime is more than a few weeks

yep

so should be fixed for sure

wen eta capt inject

I just found out there is something called the dyld cache where the frameworks and dylibs are stored all in one file and I managed to extract the binary of the framework along with some NE dylibs from there but as far as I understand there shouldn't also be another copy of the info.plist there, even though I did find occurences of the strings from the contentfilter in a strings dump of the entire dyld cache but I assume they are there for a different reason as there is stuff related to everything in that file, they weren't actually in the framework bin/dylib

and i don’t have it

can you fix that

i gave u my private repo access

now give me yours

i think apple hired pwn

got my first panic on unjailbroken 15.3 today

Epic panic time

gaming

@evulate Every time I export my theos project, if I import SwiftUI anywhere, my app crashes on load with the error 'Symbol not found.' I've been at this all day. I even used UIKit's UIHostingController to avoid using SwiftUI's 'App'.

I'm told you are the swift professional. Is there anything you know that could point me in the right direction?

Anyone got an update to date/working Theos Windows install guide?

I thought that was old

theos.dev

thx

Already failed at step 2:
Package 'libtinfo5' has no installation candidate

gj

I'm probably being dumb lmao

@tepid olive Are you running it on WSL?

Yeah WSL 2

Install the dependencies one at a time.

make sure you ran apt update first

Will do, thanks so much 😄

wholesome

Oh no

You're the guy who just forked EggNotch

lmao

Cope

hate to break it to you man but you're not getting that memory back

On my Twitter search for substrate stuff I noticed people saying that dlclose is basically a noop in dyld

chariz 😄

now you know how jailbreak developers feel

windows when the

me when the when you at the when you you when the: chariz 😄

when they kalloc 8 bytes but every kalloc actually allocates a minimum of 16k

trollage

Pickax 😁 https://twitter.com/Packixrepo/status/1485732640745476103?s=20/

who even owns packix

@lime pivot does

Makes sense.

page size moment?

i'm packix

slavery was abolished 200 years ago btw

does anyone know apple's exploit release policy

yes

they release every monday

this

same with racism

abraham lincoln signed the emancipation proclamation and racism was finally gone

wholesome

good work guys we fixed racism

do i get 64gb of ddr4 for 180$

3200cl16 ballistix 2x16 is on sale for 90$

buy me some

mac users explaining why 8gb is a good option in 2022

i have 8gb @primal perch

rip

when are u buying me some ram

i’m gonna solder it myself

have fun getting full size ddr4 dimms on that

i’m good at microsoldering

it’ll be fine

Just cut it in half

that's what I bet it is tbh

how can you even "close" code that very likely has memory references from other parts of the program

if you are loading into anything you don't need than the optimizations that substrate is killing is being killed by your loader too

https://tenor.com/view/hello-chat-cat-gif-22139058

does having a daemon monitor for new processes not work?

gm

that's the big issue SIMBL/now rebranded to MacForge for whatever reason had/still has

gm

gm

how are we

we are all good on this fine day

https://tenor.com/view/clash-royale-emotes-thumbs-up-smile-gif-14309344

thats good

that there was no guarantee of when it would load, but at minimum it was always after applicationDidFinishLaunching:

so any hooks you needed early were just impossible

hee hee hee haw

what is the n for

would anyone happen to have a library/binary with a lot of swift metadata?

wdym metadata

just like functions and shit

yeah

trole

just an average swift bin

ty

gm

have been very slowly for a bit

i'm going off of the dsdump writeup (or trying, anyways, its missing details at some bits but its helpful)

• just doing the usual fucking around in IDA & REing it without help bc that's a lot more enjoyable to do

real

cant wait to get to demangling

objc keeping that information is an anomaly

every other compiled language strips 99% of the symbols

i really wanna see an implementation of this in objc

register all of your classnames + method selectors + properties at runtime

thatd be cool

with procedurally generated strings

although thats basically just C++ with extra steps / syntax

virtual functions can do a lot in cpp

does it point to selname in memory or something

but the con of that is: using C++

i admittedly have almost no idea about what goes on at actual runtime vs what's static on disk

oo that's nice

it does

but its also really good

^

once a project gets beyond a couple thousand lines its time to pack it up into OOP for me

and theres no other compiled language that gives you control like C++ does

theres rust but its still immature and lame

yea but who wanna be doing that

struct View {
    Rect frame;
};

void View_init(View *view) {
    view->frame = RectMake(PointZero, SizeZero);
}```

fun

and theres no way to get inheritance with that

gotta implement it and vtables yourself

at that point just use C++

31 c0 90 c3

1f 20 03 d5

yeah seems (i think?) like this shouldn't be too hard to add in

i will read it when i give up on the less efficient approach

2 days off of work i have basically infinite time

c++ has use cases

writing a program in it bc it's the only language that properly suits what i need