#development

cum

"Thanks capt, this is why we can't have nice things"

unfortunate

i want to inject dylib into an ipa i want to use my own cert at sideloadly is that possible?

use a tool like azule to inject into the ipa then just sign and install using sideloadly

when i sign it with something else sideloadly tries to sign again

azule doesnt sign just modifies the ipa

Sideloadly has an option to install without signing again.

fr ? ok imma try it

Sideloadly is cringe, the correct way is to buy a paid dev account, get a wildcard mobile provision, sign .app with procursus ldid, zip .app into ipa, then use ideviceinstaller to install the ipa

Under advanced options, select “normal install”

my brother in christ

What?

I'm correct

kinda

the correct way is not paying apple 99$ a year

the correct way is using codesign

what if procursus servers went down again⁉️

Procursus ldid is hosted on GitHub

https://github.com/ProcursusTeam/ldid

anybody here able to help with an xcode question?

having trouble debugging a generic sounding error

Post the error…

And maybe the code too that’s causing the issue

https://dontasktoask.com

for context I have basically zero development experience here

Have you set a simulator?

I don't think so

those errors are tied to a few specific frameworks in my project

dumbest message of the day

wdym

Substrate or substitute selection

whats different

i have obj c keypanel tweak that work at nonjb

that i want to add

what

Sideloadly should have made the substrate substitute a drop-down menu, not two different check boxes

That's all we're saying

Or at least make it radio selectors smh

what happens if you select both

so my one is old?

lmfo

what are you saying

i can select

both

lol

lmao

bro i sign my ipa with cert at esign .

when i upload it and add dylib with sideloadly app crashs

Is there anyway to automate same thing but in iOS?

Pirated apps and pirated windows

And named after a pirate store

?

Zxtouch

Or Frida maybe

It just clicks on x y axis?

Yeah

Is that Appium?

Its uiautomator2

It works by clicking through element resource id

Does that click a given x y coordinate

Oh

There’s nothing like that that I know of

Idk would Frida work

I dont think Frida can click on app front-end

In uiautomator2 we inspect elements the same way we inspect in web through devtools.

You can add waits until they load

In android, its very stable,fast and intelligent.

racist

While not the most efficient way to do things it’s a quick solution rather than reversing an API

Both tiktok and Instagram has employed various checks on api calls.

Automating apps seems more easier and more humanly thing to do.

Reversing api is only good for Scraping.

It’s easier but API is better

Of course. Thats the ideal thing to settle for.

How appium works in iOS btw?

Appium is for Android

Works on iOS also I don't know whats the procedure in detail but it sounds like a hassle.

Its not easy as we do on Android

https://appium.io/docs/en/drivers/ios-uiautomation/

It feels me that through appium in iOS, we can only test/automate those app which i developed.

cum

cock

why is this not working

install_name_tool -change /Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate @executable_path/Frameworks/CydiaSubstrate.framework/CydiaSubstrate BHTwitter.dylib

oh nvm

the other dylib needs changing too

which is ironic because that tweak is specifically made for jailed devices

@executable_path worked too, what’s the difference

you should be using libloader

what’s that

Sys.dylib loads everything in libloader folder

oh that sounds epic

and it automatically changes paths too?

nah

but on iOS 14 or later too many load commands = broken bin

https://github.com/julioverne/libloader-sideloader/

replace /usr/lib/libSystem.B.dylib with @executable_path/Sys.dylib in main app binary

Sys.dylib will load any dylib in @executable_path/libloader/

Yes

@rpath scans a set of directories, /usr/lib /usr/local/lib, any LC_RPATH and any set with env vars
@tepid olive_path is relative to the .app or executable

working on an app, need to launch something in /usr/bin, trying to use NSTask but getting Couldn't posix_spawn: error 1

any tips?

I have com.apple.private.security.no-container set to false and platform-application to true in entitlements

@grave sparrow will send code in a minute

How do i ensure its installed in /Application?

Well, how do i tell xcode to install it there?

(Or theos)

Its not but im tempted to switch if that will fix my problems

I set one up and it had the same issues

@grave sparrow https://paste.maxleiter.com/post/35bfee22-6f67-48a0-b019-a2f04916fe1b

the theos deb does install it to Applications/

theos should apply them automatically, right? ill check

ah no

i didnt add any entitlements in theos

I did in Xcode but thats not in /Applications

(any ideas on how to have it install there?)

theos does install there

I want to do it with xcode (not a theos project)

yeah but ive set up a codesign script to run after build

ah

well thank you from saving me from further head-bashing

platform-application is essentially useless as of iOS 11

I switched to theos

seems to be working fine

thanks a lot @grave sparrow

calling mmap() seems to send the Death Sentinel after me. is that an entitlements thing?

im getting MAP_FAILED

so yeah, probably my issue

yeah

Everything Is a File 😛

wherever i want, but currently ~/tmp

(where ~ is mobile)

I just get [application<com.maxleiter.app>:44269] Death sentinel fired!

right after the mmap

It was improper flags

👌

Thanks 🙏

i am using azule for inject dylib to ipa but i want it to inject dylib to another path at ipa

azule source ^^

mf gave a dylib executable

and cd'ed into an archive

what in the world

so tell me what i have to do

use libloader and do it by hand

don't use that script

Do iOS employs any other check to see the device integrity? Soical media apps usually collects lot of device fingerprinting.

I'm building a theos swift app with an objective c header, and that all works

but the c header doesnt seem to expose macros in a library

is that expected? or am i doing something wrong?

I don't believe you can use C macros in Swift that are more complex than constant definitions like

#define pi 3.141592

They are constants

No defines are recognized even if i put them in the bridge

Rn im undeffing, defining as consts, and redefining

https://developer.apple.com/documentation/devicecheck?language=objc

really hard if not impossible to bypass, afaik

int *j = "cum";

what will i get if i derefernce this

0x006d7563 (on little endian architectures)

otherwise 0x63756d00

why

what does that number mean

check an ascii table

how'

is it jujst the chjaracters

@primal perch The great software for some game that exploiting anime girls (and boys).

OH FFS

YET ANOTHER HOME ASSISTANT UPDATE

ya

oh

what if i dont dereference it

then its a pointer to an integer

THEN U BE QUIET

does the pointer go to the binary itself

wut

like what does it point at

the characters

are the characters its pointing at in the binary in ram

the executable i mean

somewhere in virtual memory

in this small program yeah its pretty likely the whole binary got loaded in ram

what if its go and the binary is huge

like say 130 MB

intjshrug

im loooking at you gitea

most binaries are probably loaded directly into ram otherwise it would be slow as fuck to wait for a page to get mapped

but idk depends on the OS and its behavior

trolled

thick

103 MiB for gitea

let me seew hcih is the biggest

golang moment

are there any guides on debugging a theos swift tweak from xcode

@lime pivot i was told you may know

@gentle grove what the notarization prompt looks like

yep

i was under the impression though that all it checked for was whether or not the developer paid apple to have a dev account so they could sign it

99 a year is expensive af tho ngl

should be like 49 at most

it should be $0

nah

not even the play store is free

what

its 25$ one time

iirc

wtf

well at least you dont have to install stuff from play store on android

you can just install stuff with no computer needed

and its even still signed by the developer anyways

but insecure!

the only thing its mising is google having some screening for the play store

apks still have to be signed unless you disable an option

read: any

and if its signed it will verify that signature when you update the app

so it makes sure you install one signed by the same dev

cool the btd6 cursor on macos is 2x bigger than it should be

thanks for hardcoding DPI ninjakiwi

L

its tiny on my monitor but my cursor is normally tiny anyways

even proton doesnt have this problem

so i wasnt sure if it was the fault of:

• wine/proton
• ninja kiwi hardcoding dpi
• it just being the correct size but small because my cursor is small anyways

it looks like it's 144p on proton though

nto sure if thats because hidpi

ya it has weird red lines

idk why

but at least its the right size

it doesnt have red lines for me

it mightve been too small idk

wen eta Apple loses a lawsuit and is forced to allow shops other than the app store

any day now tm

yep it’s not as strong as ios signing but it’s still pretty sufficient

EU Digital Markets Act is doing that

those ARCHS are a little unnecessary, no need to set that, theos sets it appropriately for you

can’t see anything wrong from just eyeballing the code

is the XML valid?

you can try plutil -p Blah.plist (remove -p on iOS)

since you’re getting a blank screen that’s probably successful loading of the bundle, but some failure to load specifiers from there

no

you forgot ppc

and m68k

you forgot armv7e

and arm65

and arm64[a-z]

cum

arm69 is the new hotness

those extra bits make all the difference

I only use arm69z

or m69k

(the m stands for your mom)

oh Motorola you were so innocent back then

little did you know you were 1 digit off from 69

morello = arm129

is it possible to transfer music to apple music local library using limd?

if you wanna talk about terrible model numbering Motorola beat Intel to it with 68k series containing only: 68000, 68008 (nice), 68010, 68020, 68030, 68040, 68060

good thing they reserved all those digits in case they made the 68696

ahhh the age old iPod_Control question

no, to my phone, not my ipod

yeah it’s a folder in iOS

I haven't bothered to find a 30 pin charger for my ipod, cause I only have airpods and own no music

/var/mobile/Media/iPod_Control

oh fr?

I assume it has proprietary metadata?

I think the iOS version has been truly figured out by now, but for a long time they kept changing how it works probably because of music label licensing bs

I don’t think they care now considering how easy it is to pirate music with a youtube downloader

literally me

lmao

yt-dlp --audio-format mp3 -x --audio-quality 0

I'm not even joking

I'm trying to put songs downloaded from yt into my spotify library

and spotify links local files from AM

I mean YouTube Music literally works by Google having uploaded hundreds of thousands of videos containing the music with a 1024x1024 video track containing the album art

I have YT Music because my dad pays for yt premium for the whole family

so every song ever produced that Google has a license for, you can get a perfectly clean 192kbps rip for free courtesy of google

but I don't like using multiple apps for music

i recommend buying a 1$ tidal sub then using tidal-gui to pirate all your shit with good quality rips

source: did it

hah

so a looooong long time ago in a galaxy far far away there was a tweak called PwnTunes

these are rookie numbers too

@old geyser has like 1TB in flac all from tidal

if not more

amazing

it let you add music to the on device Music/iPod app on device without using iTunes

the downside is it was, well, bad, lmao

you had to just have id3 tags set in your mp3s or it would just add to your library as the filename

and as your totally legit library grew it would take longer to rebuild the iPod database

I’m talking like you tap the Music icon and it’s a tossup whether PwnTunes or watchdogd would win

kek

what should i get for consumerism day

we do a little ifuse crashing computer

nice

@lime pivot it's called iTunes_Control now

I’ve really abused ifuse over the years and it’s never crashed

sounds like a skill issue

also stop using PaidBSD

you've never used it on freebsd though

never

lmao

love to see it ls: /tmp/tmp.lV16S0vzkj/: Input/output error

yikes

ifuse don't freeze konsole challenge (IMPOSSIBLE)

I’ve used ifuse to hack Overcast’s sqlite database directly so many times now

limd is very unstable on fBSD

idevicebackup2 fails backing up at like 99%

solid app but where it doesn’t implement something, it’s always an absolute pain in the butt

it's the most annoying thing

I really should switch back to debian, but it's so much work

I would have said wine might work better but then sadly wine still doesn’t have USB support

and I hate GNU software

I was actually kinda amped that I could sync my iPod with Foobar2000 until I realised it’s impossible because it can’t see it as a USB device

even though I have HDD mode enabled so it exposes the iPod drive with the iPod_Control folder

oh right it’s iPod_Control on iPod OS, iTunes_Control on iOS

I like how they change the mp3 names

another way they trolled us, they couldn’t just port the iPod database backend as-is, they had to change the folder naming for no obvious reason

yeah it’s based on some weirdo hash algorithm

you end up with like iTunes_Control/AB/CDE.mp3

so that the itunes team has something to work on so they don't all get fired

given how fast iPhone OS 1 was slapped together I’m amazed they had time to change things in the iPod code

iPods were Samsung ARM chips so it should have been an almost straight port

just the new UIKit-based iPod app that had to be put together

@lime pivot running ifuse as root fixed like all the instability

that's like marginally better than it running in the kernel I guess lmao

fuse is literally part of FreeBSD base, but it's so unstable

ifuse and smbnetfs have both been completely unusable

that's a shame

https://media.discordapp.net/attachments/710745951236522019/986736845729697802/femboy_thinker.gif

@vivid dew is this you

i love this gif

fr

im a bit high but i agree

i’d fuck a boy

🤤

no, i'm normal

trust me it’s not a voluntary desire

telling yourself it doesn’t exist doesn’t work

it’s uncontrollable

this you?

how do i can ios ssl unpinning with frida . i tired one time but logs i didnt see logs at burp suite

too much text

not gonna read all that

SWITCH TO LINUX

is that like an affirmation for your switch to boot into linux or something

SWITCH TO FREEBSD

SWITCH TO TEMPLEOS

switch to windows 2000

switch to solaris

https://tenor.com/view/linux-linux-users-gaming-computer-computers-gif-23121479

opinion ignored

https://swift.org/blog/vscode-extension/

Could you Orion with this?

Try and see

True

can frida interact with ios apps running on m1

whenever i try to attach, it halts for a few seconds until..

Failed to attach: unexpected early end-of-stream

and get hit with EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid))

https://tryitands.ee

• fixed my issue by disabling SIP

thanks to this i noticed ios 16 got a new player

I have a storyboard in my Resources/ and the file exists/bundle is loaded, but I still get NSInvalidArgumentException', reason: 'Could not find a storyboard named 'Main' in bundle NSBundle

any ideas?

I have <key>UIMainStoryboardFile</key> <string>Main</string> in my plist

You just noticed now? Lol

yea

Jul 14 13:00:56 securityd[132] <Notice>: trustd[166]/1#12 LF=0 copy_parent_certificates Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={numberOfErrorsDeep=0, NSDescription=Client has neither application-identifier nor keychain-access-groups entitlements}

tf?

int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{
  JUMPOUT(0x100007FB8LL);
}

wtf is JUMPOUT

and that hex thing

It's a long long is hex format

And the JUMPOUT is because the function boundary it detected was incorrect

int __cdecl main(int argc, const char **argv, const char **envp)
{
  return 1;
}

thats what it is in armv7s format

using a decompiler in 2022

using a compiler in 2022

using a

using

_ _

In otherwords jumpout is ida being a lazy shit

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ gnisu

gnusing

mhmmm girl pills

gay

wish i had the balls to do a physical transition smh

Dont u mean you wish you had the ovaries

True

Wtf

if you wanna do it then do it

if you don’t, dont

deep

part of it is i simultaneously want both options at once

lol

Lmao

Then do both

Troll

> ldid -h Taurine | grep "Authority"       
Authority=We Do A Little Trolling iPhone Root CA
Authority=We Do A Little Trolling iPhone Certification Authority
Authority=We Do A Little Trolling iPhone OS Application Signing
Authority=We Do A Little Trolling iPhone Root CA
Authority=We Do A Little Trolling iPhone Certification Authority
Authority=We Do A Little Trolling iPhone OS Application Signing

Hmm... one question about exploited signature: I found this in Taurine execution file when I search Certificate - this words is used in execution file 6 times: We Do A Little Trolling iPhone OS Application Signing - what does this mean. If this is not a trolling, why you give that name?

you can have that

I always steal more

im gonna buy estrogen from brazil off the street

brb

pick up some souvenirs for us

this is in indeed a trolling universe

@vivid dew

https://twitter.com/0xdade/status/1547647751550226434?s=19

python

smh

probably something different

my screenshot was something relating to mailcap so I think its different

anyone know what header SBSUIWallpaperSetImage is in

like any other

💀

https://youtube.com/shorts/V-Q8d77t65U?feature=share

Good

https://reddit.com/r/iamverysmart

This application is not allowed to access Photo data.
anyone know if theres an entitlement to get around this

TCC stuff

What's TCC?

oHH

how do i get around it though?

ios 8.1 btw

what's the entitlement

Man, if only you could use google

.

@marble perch what is the entitlement

com.apple.private.tcc.allow-prompting
?

nope

lmgtfy

i

am

googling

all

over

bro

please

what

is

it

Just search this repo for TCC

https://github.com/CRKatri/entitlements

Idk, that's why I'm telling you to google it

https://github.com/CRKatri/entitlements/blob/main/System/Library/PrivateFrameworks/TCC.framework/tccd.plist

this dont work

https://github.com/CRKatri/entitlements/blob/main/usr/local/bin/tccctl.xml

this dont work

ok now it does this

2022-07-15 15:33:15.028 wallpaper[11700:1971027] CoreData: error: -addPersistentStoreWithType:SQLite configuration:(null) URL:file:///var/root/Media/PhotoData/Photos.sqlite?readonly_shm=1 options:{
    NSPersistentStoreFileProtectionKey = NSFileProtectionCompleteUntilFirstUserAuthentication;
    NSReadOnlyPersistentStoreOption = 1;
    NSSQLitePersistWALOption = 1;
    NSSQLitePragmasOption =     {
        "journal_mode" = WAL;
    };
} ... returned error Error Domain=NSCocoaErrorDomain Code=260 "The operation couldn’t be completed. (Cocoa error 260.)" with userInfo dictionary {
}
2022-07-15 15:33:15.035 wallpaper[11700:1971027] CoreData: error: -addPersistentStoreWithType:SQLite configuration:(null) URL:file:///var/root/Media/PhotoData/Photos.sqlite?readonly_shm=1 options:{
    NSPersistentStoreFileProtectionKey = NSFileProtectionCompleteUntilFirstUserAuthentication;
    NSReadOnlyPersistentStoreOption = 1;
    NSSQLitePersistWALOption = 1;
    NSSQLitePragmasOption =     {
        "journal_mode" = WAL;
    };
} ... returned error Error Domain=NSCocoaErrorDomain Code=260 "The operation couldn’t be completed. (Cocoa error 260.)" with userInfo dictionary {
}

nvm

i ran as mobile

and of course it still doesn't work

#import <stdio.h>
#import <string.h>
#import <dlfcn.h>
#import <objc/runtime.h>
#include "PLWallpaperImageViewController.h"
#include "PLStaticWallpaperImageViewController.h"

int main() {
    UIImage *image = [UIImage imageWithContentsOfFile:@"/var/mobile/IOS_6_Logo_2012_Original.png"];
    PLStaticWallpaperImageViewController *wallpaperViewController = [[PLStaticWallpaperImageViewController alloc] initWithUIImage:image];
    wallpaperViewController.saveWallpaperData = YES;
    [wallpaperViewController setValue:@(PLWallpaperModeLockScreen) forKey:@"_wallpaperMode"];
    [wallpaperViewController _savePhoto];
}

im trying to set a wallpaper from cli

Nathans-Alarm:~ mobile$ 

it runs now but wallpaper not set

Yeah, that

@grave sparrow it does this
but wallpaper not set

Nathans-Alarm:~ mobile$ 

@tepid olive watch syslog to see the actual error smh

Cydia

Speaking facts

works fine over here, perhaps try removing the repo and re-adding it

no help

i was busy but just checked

nothing

i changed to this, this time
UIImage *image = [UIImage imageNamed: @"/var/mobile/IOS_6_Logo_2012_Original.png"];

oh thats probably why

wallpaperViewController isn't in shared cache
cant find

That's not have imageNamed works

I highly encourage you to read developer.apple.com

JB. Father, Amazon founder

what version of ios are you trying this on

there's multiple things that are wrong with that but one of them is that PhotosLibrary hasn't had that class since iOS 14

☠️☠️

oh lmAo

who knows then the dev wiki might have actually relevant info for once

nope its all for ios 6

@silver rampart did you rewrite the front page of the wiki?

yes

It threw me off

http://iphonedev.wiki/index.php/Dark_Mode

trying to improve our discoverability because it's currently not that great

Bro said "copy these 1 million lines"

Smh

Just add it into the website

Ever heard of prefers-color-scheme smh

you're underestimating how much mediawiki makes it difficult to do anything

trolling

you're underestimating how much mediawiki makes it difficult to do anything
like the new top-of-the-page-header on there looks kinda off because it's a css hack since mediawiki doesn't allow you to actually remove a page header

It has relevant info here http://iphonedev.wiki/index.php/Updating_extensions_for_iOS_15/16

(Only because I added it )

🙄

should tell people to switch to dragon since theos doesn't officially support ios 15.1 yet

is there an admin online

i'd like to report someone for spamming friend requests

How can I be of service

Oh, that’s not really a offense we can handle. Just block them

ok

goodbye @grave sparrow

#BlockCaptAll2022

no i just dont work on it at all now

only two development modes

faster/easier and less stable theos alternative

https://dragon.krit.me/

ninja, L

i find a lot of irony in this

absidue cutting off the part of that note that is trashing my project and cameren believing it immediately

your benefits are subjective, absolute L

that wasn't a benifit

they aren’t based in fact

learn how to format your writing then? i don’t know what to tell you

???

read the page?

why do u do this every time i talk

because you’re a massive hypocrite constantly

????

irony could strike you in the face and you still wouldn’t get it

who needs stability anyways

i'm saying that note that you clipped out was me trashing my project and saying to not depend on it, to keep using theos/having it installed

lol

and cam is assuming that i was calling my project stable and maintained, and trashing me for it

that’s not why i called it ironic

i mean i dont disagree with the fact that i'm dense and a hypocrite

just trying to understand what prompts you to say that every time i join

if i’m here then i’m here? i don’t know what to tell you

definitely an issue with it, trying to bring over some of the improvements it had to theos instead of dumping more time into it

got the device manager fully functional in the theos context

(and made the device manager a lot cooler)

if you want to

python3 device.py theos adapter_install

8.1

it should be fine with an existing ~/.theosrc in place but might back it up anyways to be safe

make commands it adds are:
install_all / iall - install to all devices you've added
respring / rs - respring active device
unins - uninstall the current package
device - add/remove/swap devices

ok, is there any fixes i can make to this to get it working on ios 8

#import <stdio.h>
#import <string.h>
#import <dlfcn.h>
#import <objc/runtime.h>
#include "PLWallpaperImageViewController.h"
#include "PLStaticWallpaperImageViewController.h"

int main() {
    UIImage *image = [UIImage imageWithContentsOfFile:@"/var/mobile/IOS_6_Logo_2012_Original.png"];
    PLStaticWallpaperImageViewController *wallpaperImageViewController = [[PLStaticWallpaperImageViewController alloc] initWithUIImage:image];
    wallpaperImageViewController.saveWallpaperData = YES;
    [wallpaperImageViewController setValue:@(PLWallpaperModeLockScreen) forKey:@"_wallpaperMode"];
    [wallpaperImageViewController _savePhoto];
}

helps to know what errors you're getting

it literally gives no errors

lmfao

in os_log as well?

nope

checked

are you sure running that code in the photos app actually does what you expect it to?

im trying to set wallpaper from cli

yes

how did you come up with that code to do that

it's mainly @lime pivot's code

here

https://www.reddit.com/r/jailbreakdevelopers/comments/24uyr6/which_private_framework_and_methods_set/chbsk11/?utm_source=share&utm_medium=ios_app&utm_name=iossmf&context=3

@silver rampart any idea here

nop not really

wish i had an ios 8 device around to test on

also

dyld shared cache

i'm assuming that means it's not supposed to be in there and i am completely wrong

nah your capitalization was just wrong

oh shit

#import <stdio.h>
#import <string.h>
#import <dlfcn.h>
#import <objc/runtime.h>
#include "PLWallpaperImageViewController.h"
#include "PLStaticWallpaperImageViewController.h"

int main() {
    UIImage *image = [UIImage imageWithContentsOfFile:@"/var/mobile/IOS_6_Logo_2012_Original.png"];
    PLStaticWallpaperImageViewController *WallpaperViewController = [[PLStaticWallpaperImageViewController alloc] initWithUIImage:image];
    WallpaperViewController.saveWallpaperData = YES;
    [WallpaperViewController setValue:@(PLWallpaperModeLockScreen) forKey:@"_wallpaperMode"];
    [WallpaperViewController _savePhoto];
}

i changed the spelling and still nothing

Nathans-Alarm:~ mobile$ ```

it does that and the wallpaper doesn't change

no it had nothing to do with your variable spelling lol

just the reason your search result came up with nothing

there

is nothing

in the syslog

if only correllium supported armv7 phones

nothing in the syslog when i run that command

does it have a iphone 6/5s

on ios 8

they only go back to ios 10

ah

is there anything wrong here

?

not at first glance which is why people are begging you to check syslog (yes i know there's nothing there)

nothing helpful there

@marble perch what now

why dont you try doing this in a springboard tweak and see if it works there

if it works from a springboard tweak but not your cli program it is likely an entitlements issue

also can you send the binary itself i'm curious

ok

btw, this is what happens on ios 7

i have a lot of 4ses

2022-07-15 19:20:06.709 wallpaper[762:507] Warning: bundleIdentifer is nil!
Segmentation fault: 11
iPhone:~ mobile$ 

heres the deb itself

yes this was capts i was too lazy to relabel the package

@silver rampart

frcoal

did you try adding the entitlements

yeah thats what im doing

there are none on the package you sent though

i know

i sign it with this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.private.tcc.allow</key>
    <array>
    <string>kTCCServicePhotos</string>
    </array>
    <key>com.apple.security.personal-information.photos-library</key>
    <true/>
</dict>
</plist>```

can you sign it with that and then send over the package

okay

@silver rampart

hopefully should be signed

it was signed with the wrong entitlements

lol

it is not signed with those entitlements

yeah

lol

tried running it with these entitlements yet?

i have

thats what ive been using

or it would give error

oh TIL iphone 4s supported up to ios 9

give me 30 minutes i have 4

@silver rampart what framework do i need to fix this

where are you seeing that error

compiler

can you paste the full output it spits out

> Making all for tool wallpaper…
==> Compiling main.x (armv7)…
In file included from main.x:1:
/home/nathan/building/WallpaperChanger/SBSUIWallpaperPreviewViewController.h:12:68: error: no type or protocol named 'SBFWallpaperViewLegibilityObserver'
@interface SBSUIWallpaperPreviewViewController : UIViewController <SBFWallpaperViewLegibilityObserver, SBFLegibilitySettingsProvider> {
                                                                   ^
1 error generated.
make[3]: *** [/home/nathan/theos/makefiles/instance/rules.mk:262: /home/nathan/building/WallpaperChanger/.theos/obj/debug/armv7/main.x.da155d8a.o] Error 1
make[2]: *** [/home/nathan/theos/makefiles/instance/tool.mk:20: /home/nathan/building/WallpaperChanger/.theos/obj/debug/armv7/wallpaper] Error 2
make[1]: *** [/home/nathan/theos/makefiles/instance/tool.mk:11: internal-tool-all_] Error 2
make: *** [/home/nathan/theos/makefiles/master/rules.mk:117: wallpaper.all.tool.variables] Error 2
nathan@Nathan-PC:~/building/WallpaperChanger$ 

where'd you pull the headers from?

https://developer.limneos.net/index.php?ios=8.0&framework=SpringBoardUIServices.framework&header=SBSUIWallpaperPreviewViewController.h

https://raw.githubusercontent.com/nst/iOS-Runtime-Headers/master/PrivateFrameworks/SpringBoardUIServices.framework/SBSUIWallpaperPreviewViewController.h
this one shits errors

i remove the imports because it cant find

just create a custom interface in your .m file that only declares the things you specifically need

#import <SpringBoardUIServices/SpringBoardUIServices-Structs.h>
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/nathan/building/WallpaperChanger/SBSUIWallpaperPreviewViewController.h:9:9: note: did not find header 'SpringBoardUIServices-Structs.h' in framework 'SpringBoardUIServices' (loaded from '/home/nathan/theos/sdks/iPhoneOS9.3.sdk/System/Library/PrivateFrameworks')
1 error generated.
make[3]: *** [/home/nathan/theos/makefiles/instance/rules.mk:262: /home/nathan/building/WallpaperChanger/.theos/obj/debug/armv7/main.x.da155d8a.o] Error 1
make[2]: *** [/home/nathan/theos/makefiles/instance/tool.mk:20: /home/nathan/building/WallpaperChanger/.theos/obj/debug/armv7/wallpaper] Error 2
make[1]: *** [/home/nathan/theos/makefiles/instance/tool.mk:11: internal-tool-all_] Error 2
make: *** [/home/nathan/theos/makefiles/master/rules.mk:117: wallpaper.all.tool.variables] Error 2
nathan@Nathan-PC:~/building/WallpaperChanger$ ```

limneos' site doesn't allow you to download the whole sdk and my site only goes back to ios 13

i need SBSUIWallpaperPreviewViewController and controller

however like, i think? from memory that this framework is used by Preferences.app for rendering the preview in prefs

#import <dlfcn.h>

int main() {
// open the private framework dynamically
void *handle = dlopen("/System/Library/PrivateFrameworks/SpringBoardUIServices.framework/SpringBoardUIServices", RTLD_NOW);

UIImage *wallpaper = [UIImage imageNamed: @"background.jpg"];

Class sbClass = NSClassFromString(@"SBSUIWallpaperPreviewViewController");
// we create a view controller, but don't display it. 
//  just use it to load image and set wallpaper
SBSUIWallpaperPreviewViewController *controller = (SBSUIWallpaperPreviewViewController*)[[sbClass alloc] initWithImage: wallpaper];
[controller setWallpaperForLocations: 3];  // 3 -> set both for lock screen and home screen

dlclose(handle);
}```

#include <UIKit/UIKit.h>
@interface SBSUIWallpaperPreviewViewController
-(instancetype)initWithImage:(UIImage *)image;
-(void)setWallpaperForLocations:(NSInteger)locations;
@end

at the top of your file

it compiled

still waiting for one of the 4ses to charge

cursed old phones

Jul 15 20:13:54 Nathans-Alarm wallpaper[986] <Error>: CGContextTranslateCTM: invalid context 0x0. This is a serious error. This application, or a library it uses, is using an invalid context  and is thereby contributing to an overall degradation of system stability and reliability. This notice is a courtesy: please fix this problem. It will become a fatal error in an upcoming update.
Jul 15 20:13:54 Nathans-Alarm wallpaper[986] <Error>: CGContextScaleCTM: invalid context 0x0. This is a serious error. This application, or a library it uses, is using an invalid context  and is thereby contributing to an overall degradation of system stability and reliability. This notice is a courtesy: please fix this problem. It will become a fatal error in an upcoming update.
Jul 15 20:13:54 Nathans-Alarm wallpaper[986] <Error>: CGContextGetCTM: invalid context 0x0. This is a serious error. This application, or a library it uses, is using an invalid context  and is thereby contributing to an overall degradation of system stability and reliability. This notice is a courtesy: please fix this problem. It will become a fatal error in an upcoming update.
Jul 15 20:13:54 Nathans-Alarm wallpaper[986] <Error>: CGContextSetBaseCTM: invalid context 0x0. This is a serious error. This application, or a library it uses, is using an invalid context  and is thereby contributing to an overall degradation of system stability and reliability. This notice is a courtesy: please fix this problem. It will become a fatal error in an upcoming update.
Nathans-Alarm:~ mobile$```

does it work tho

no

F

@silver rampart go to 8.4.1 on your 4s

or see if you can get this working on 9

and see if it works on 8.1

LETS

GO

IT WORKS

@silver rampart

nice!

i had to change the UIImage part

imageWithContentsOfFile

to that

@grave sparrow finally got it

if you have any suggestions for it they're v welcome

Yes, imageNamed is for getting the image from the current NSBundle

Like I told you earlier

yeah, my bad

☠️

i got arguments working

now time to add to my website

similar to audio player
but wallpaper this time

final product

This isn’t fair I’m on mobile

Can’t do it easily

its completely different code wise

#import <dlfcn.h>
#include <UIKit/UIKit.h>
@interface SBSUIWallpaperPreviewViewController
-(instancetype)initWithImage:(UIImage *)image;
-(void)setWallpaperForLocations:(NSInteger)locations;
@end

int main(int argc, char *argv[], char *envp[]) {
// open the private framework dynamically
void *handle = dlopen("/System/Library/PrivateFrameworks/SpringBoardUIServices.framework/SpringBoardUIServices", RTLD_NOW);
const char *rawPath = argv[1];
NSString *path = [NSString stringWithUTF8String:rawPath];
UIImage *wallpaper = [UIImage imageWithContentsOfFile:path];

Class sbClass = NSClassFromString(@"SBSUIWallpaperPreviewViewController");
// we create a view controller, but don't display it. 
//  just use it to load image and set wallpaper
SBSUIWallpaperPreviewViewController *controller = (SBSUIWallpaperPreviewViewController*)[[sbClass alloc] initWithImage: wallpaper];
[controller setWallpaperForLocations: 3];  // 3 -> set both for lock screen and home screen

dlclose(handle);
}

mix of code

which is how PhotoLibrary.framework does it :D

anyways i added it to my website

http://4s.sudaox.com/wallpaperupload.php
@silver rampart

what hte fuck is this website

its being run off of the 4s

amazing

oh wow, don’t use that, lmao

they're on ios 8 so

you really really should be using SBS functions directly

i got it working eventually

take a look at what _savePhoto itself is doing

it calls into a SpringBoardServicesUI view controller which then calls this

ok yeah that explains why I was too lazy to call them directly

ah found the right way to do it

there is an alternative I realised

you can throw the images in /var/mobile/Library/SpringBoard as .jpg, delete the .cpbitmaps, and then post the wallpaper change notification

that’s a migration left over from iOS 4.0 when they used .jpg, in 4.1 it became .cpbitmap

SBSUIWallpaperSetImageAsWallpaperForLocations(image, NSInteger locations)

ahhhh yep that’s the one

yeah that’s way way better than loading PhotosUI and having it do weird stuff trying to load photos.sqlite for no reason

I recommend:

1. indenting your code
2. don't mix #import and #include

gasp binja dev uses ida

i actually got frustrated with their DSCU and swapped to using an older manual extractor

how’s it going for you there anyway

bc it refuses to rename variables after you load a module

why don't you just fix it?

IDA's?

oh, I thought you were talking about binja

i already have a page on the dev wiki about how to fix that specific issue with ida though

its just stupidly tedious and it's a coin toss as to whether it works

and doesnt work on Foundation objc so all the Foundation classes will still be red addresses

good! it's a vibe

we have a lot of cool stuff coming up

and i've only broken the build server twice 😊

seems fine to me

that’s good

to have a job that isn’t a dead end is always a godsend

glad i'm able to work on a product i actually use with a sane non-terrible codebase

heart goes out to all those devs out there staring at react/node.js for 8 hours a day

TIL: QuickActions is built with dragon, huh
I didn't know that

or 16 if you're kirb

@restive ether

actually didn’t write any code yesterday at all

ym

TIL also

i tend to assume i'm the only one that used it lol

I barely just set up a whole thing to back up the way too many CD-Rs I have so I can stop letting them rot in my cupboard forever

how many bays do you have plugged in?

is Chariz a side project for you, or is it your full-time job?

y’all need DVD drives? cause I got DVD drives for dayz

that sticky note is cause I connected the bottom drives backwards once and didn’t feel bothered fixing it

lmAo

was gonna say "better have all 4 bays running"

mans out here with, 9?

and 3 floppy readers?

lolz

another maybe 3 you can’t see too

kirb still doing warez in 2022

idk how I even accumulated all these drives gotta be honest with you

gotta copy those floppies

the shiny LG bluray one I know my friend just gave me for no reason

com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system): Caller not allowed to perform action: mybin.36838, action = bootout, code = 1: Operation not permitted, uid = 501, euid = 501, gid = 20, egid = 20, asid = 100006

anyone know why I can't use libxpc to control daemons on macos?

dang just checked and this still works on current ios

that's gonna be an easy wiki page then

I get the vibe iOS 16 will be different heh

lemme check

it’s not even in SpringBoard any more, it’s /Applications/PosterBoard.app

that feels like an extremely overdue use case for remote views

remote view that itself loads remote views (widgets)

trippy

ios 16 initial beta i think maybe the second cant remember

I thought PosterBoard is just the configurator

if you launch it directly it’s a configurator

or debug testing UI I guess

not anymore

you used to be able to opening it using shortcuts

but they broke that

and get to the debug ui

hey at least we got to see it before they realised lmao

https://headers.cynder.me/headers/ios/16.0-beta/visualizer/ also ima repost this here bc its sick

dont bother on mobile its busted there for now

i mean they aren't even distributing the package

its for a meme website that cant even see it from what i can tell

could u just copy it out of the .app and re-sign+install it?

looks like the new ios 16 SBS stuff might be connecting to the process, then?

none of the existing tools can properly extract or load ios 16 dscs yet so this is about as good as lifting will get

https://cdn.discordapp.com/attachments/892782301266722866/997673871492784179/unknown.png

entitlements is the issue

makes sense, lame

@indigo peak for reference heres how to compile some bullshit manually if you really want

~/theos/toolchain/linux/iphone/bin/clang -O3 test.c -o test_bin -isysroot"/home/shepgoba/theos/sdks/iPhoneOS14.5.sdk" -target arm64-apple-ios7.0 -multiply_defined suppress -arch arm64

adjust paths as necessary

deadass

thats a long ass command

@celest quiver happy birthday big man

the actual commands to do it in theos are far longer lol

i used messages=YES just to get it

😊ty!

then filtered out some of the extra fat

it'll also need -framework BlahFramework for all the ones you link with

and if it's logos and all that you probably need to -L and -F a ton of dirs

https://github.com/cxnder/Guides/blob/master/TweakWithoutTheos.md 2 year old guide on how to do it here

walks through all of the steps and what they do / what the flags mean

lmao i dont think 16k segments has been required for a very long time

was relevant for 32 bit only

yeah

would say 'maybe theos still does it' but it looks like the messages=YES i got all the args from had armv7 listed as an arch so /shrug

honestly Theos was doing it wrong for a long time, it was applying it always when it only should have been done for armv7(s/k)

it was like the first thing I patched when I one day innocently thought “what if I fork theos so it just works for everyone without hacks” so shrug

i think for arm64 libs they'd be 16k aligned by default though (?)

anyways it is nice when they are i can map the segments to pages and do very fast address translation :D

finally got my Athlon 64 going, whole pain in the butt getting linux to install and finding a GPU that Nvidia hasn’t decided no longer exists

dvd drives go brrrr

since updating to latest theos I'm getting all sorts of weird compilation errors

In file included from Undirector.xmi:1:
In file included from /Users/opa334/theos/vendor/include/substrate.h:55:
/Users/opa334/theos/toolchain/Xcode11.xctoolchain/usr/bin/../include/c++/v1/stdlib.h:115:93: error: redefinition of 'div'
inline __attribute__ ((__visibility__("hidden"))) __attribute__ ((internal_linkage)) ldiv_t div( long __x, long __y) throw() {return ldiv(__x, __y);}
                                                                                            ^
/Users/opa334/theos/toolchain/Xcode11.xctoolchain/usr/bin/../include/c++/v1/stdlib.h:115:42: note: previous definition is here
inline _LIBCPP_INLINE_VISIBILITY  ldiv_t div(     long __x,      long __y) _NOEXCEPT {return  ldiv(__x, __y);}

any idea?

I just do aarch64-apple-darwin-clang -isysroot $TARGET_SYSROOT -arch arm64 or use proenv if I need all the procursus libraries/patched headers

Xcode 11 toolchain moment

yeah about to try without it

I remember seeing that someone figured out how to build the old arm64e abi with newer toolchains

is that a thing now?

Yep, but it only works on Xcode because apple didn't open source the required changes smh

This

you mean it only works on macOS right?

Yes

Well that's enough for me

well my compilation errors are definitely caused by the xcode11 toolchain so I may need to give this a try, thanks

==> Linking tweak libSandySupport (armv7)…
Undefined symbols for architecture armv7:
  "__Unwind_SjLj_Register", referenced from:
      _getProcessExtensions in lsd.x.996c67c6.o
  "__Unwind_SjLj_Resume", referenced from:
      _getProcessExtensions in lsd.x.996c67c6.o
  "__Unwind_SjLj_Unregister", referenced from:
      _getProcessExtensions in lsd.x.996c67c6.o
ld: symbol(s) not found for architecture armv7

still getting this crap tho

-lunwind

ld: library not found for -lunwind

L

well, libSystem reexports unwind

same issue

I mean like the first one

these just don't go away no matter what I do

?

well I added -Lunwind

no, I was saying that is an L

yeah it was an l in what I tried too lol

ok, __Unwind is arm64[e] only

yeah this only happens on armv7

the armv7 symbols have slightly different names

then why does the compiler use these lol

armv7 uses $ld$hide$os3.0$__Unwind_SjLj_Resume

or $ld$hide$os4.3$__Unwind_SjLj_Resume

yeah I don't call them

well maybe you should try smh

did this issue just pop up

https://pastebin.com/XqLyLe86

this is the function

idk I just wrote it

why do you need armv7 anyways

cause I want to support iOS 8 and up

so I can use this library in Safari Plus

which also supports iOS 8 and up (and also still compiles)

it seems like calling xpc_array_set_string triggers this issue

if I comment that out, it compiles

turns out this is an issue with the sdk I'm using

Hi! I'm trying to use DYLD_INTERPOSE to hook into a private function in libboringssl.dylib but keep getting KERN_PROTECTION_FAILURE. I'm building on iPhone XS 14.5.1 using uncover/subsitute.

I tried signing the callback but I get Translation Failures then.

snippet is here https://pastebin.com/mqvWK7Sm - has anyone used DYLD_INTERPOSE before? Or know if this is the best way of hooking that function? it's only ever called by libboringssl.dylib

I doubt thats accessible on iOS

use fishhook to interpose

I tried using MSHookFunction but the instructions of the function I'm trying to hook are too short to be overridden https://www.reddit.com/r/jailbreakdevelopers/comments/w06ujy/mshookfunction_never_enters_the_hooked_function/

void *ptr = dlopen("/path/libname.dylib", RTLD_NOW);
//func proto def eg:
int (*old_thefunc)(int arg1, int arg2);
old_thefunc = dlsym(ptr, "thefuncname");
struct rebinding rebindings[] = {
  {"thefuncname", (void *)thefunc_hook, (void **)&old_thefunc},
};
rebind_symbols(rebindings, 1);

fishhook

yeah I've done that, the process just crashes

with "exception" : {
"type" : "EXC_BAD_ACCESS",
"signal" : "SIGBUS",
"subtype" : "KERN_PROTECTION_FAILURE at 0x0000000101461760"
},

Do I need to re-sign the injected function?

boring ssl noooo

Here's the fishhook version that crashes https://pastebin.com/FqG1SPdT

https://gist.github.com/summertriangle-dev/6b0449ce561f756ac82a4bc3de7af30a I was thinking maybe I need to call make_sym_callable?

yes

it's on iPhone XS - iOS 14.5.1 - uncover, with Subsittute

I'm injecting into com.apple.WebKit.Networking as the filter

right now yes, but I want the tweak to eventually be injected everywhere

yes

With the DYLD_INTERPOSE version it crashes right when the function is called. With fishhook it says that the symbol has been rebound but crashes on a translation failure

Actually interestingly enough, it looks like when I inject into all com.apple.AuthKit and com.apple.UIKit, those processes dont crash (the network requests still go through, in safari it just repeatedly says and error has occurred), but it never enters my custom implementation (which just logs a message and calls the original function).

I have an iphone 8 and a xs

let me try with that one

great idea, let me try

ok cool, so it doesnt crash on the iphone 8

but it doesn't get called either

fishhook

you’re the worst hooker ever

no refunds either

iPhone 8

iphone xs

@rustic void why are you hooking libssl 😭

I want to dump the TLS secrets

Found a good way to generically defeat TLS pinning

Don't trust anything @vivid dew says

It works pretty much all the time. I'm using frida and injecting it right now, but I want to make a native tweak thats more resilient

It's the ssl lib used by apple

static void replaced_SSL_CTX_set_info_callback(void *ssl, void*(*callback)(void *ssl, uint8_t *out_alert))
{
    TweakLog(@"Entering replaced_SSL_CTX_set_info_callback()");
    original_SSL_CTX_set_info_callback(ssl, callback);
    TweakLog(@"Called original replaced_SSL_CTX_set_info_callback()");
    return;
}```

This is the replaced function. The first log is never called anywhere (the "entering..." one)

Yes

It's returning 0 at least

is apache not a good enough license for papa apple

i don’t know how permissible it is

So actually maybe I'll take a step back and say that what I'm actually trying to do is conver this frida script into an actual tweak.

const CALLBACK_OFFSET = 0x2b8; // iOS 14.x offset
// const CALLBACK_OFFSET_13 = 0x2a8; // iOS 13.x offset

// Logging function, reads null terminated string from address in line
function key_logger(ssl, line) {
  console.log(new NativePointer(line).readCString());
}

// Wrap key_logger JS function in NativeCallback
const key_log_callback = new NativeCallback(key_logger, "void", ["pointer", "pointer"]);

/*
 * SSL_CTX_set_keylog_callback isn't implemented in iOS version of boringssl
 *
 * Hook SSL_CTX_set_info_callback as it can access SSL_CTX and
 * directly set SSL_CTX->keylog_callback to address of logging callback above
 */
const SSL_CTX_set_info_callback = Module.findExportByName("libboringssl.dylib", "SSL_CTX_set_info_callback");

// @ts-ignore
Interceptor.attach(SSL_CTX_set_info_callback, {
  onEnter(args) {
    const ssl = new NativePointer(args[0]);
    const callback = new NativePointer(ssl).add(CALLBACK_OFFSET);
    callback.writePointer(key_log_callback);
  },
});

Boringssl is google's openssl fork that doesn't have a stable API

It's used by chrome and such

i don’t care + get ratio’ed

Always statically linked

use openssl or you’re a virgin

Also, llvm is Apache and that's practically apple's project

How about both?

I use openssl and I'm a virgin

I actually just want to set a property on the first argument of that function

The first argument of SSL_CTX_set_info_callback is the SSL Context. This has a pointer at offset 0x2b8 that is the SSL info callback function, which is used internally to log the TLS secrets

At the highest level I just want to write a pointer to a custom logging function on every SSL context object allocated. In implementation it seems like the easiest way to do this is to hook this specific function, which is used to register the callback, and make it my callback

Any library

Well its only ever called internally within boringssl, it's not actually a public function

I'm passing in the handle to libboringssl and the symbol SSL_CTX_set_info_callback, so AFAIK it only replaces it on libboringssl, in every process its injected in

so what you’re saying is they should use open ssl

this is correct advice

Yeah that was one of the drawbacks of fishhook - its unsafe, because if a library already has a pointer to its original symbol, it doesn't care about the hooked one. I was thinking DYLD_INTERPOSE would help here? but idk

yeah brutal. is there a clever instruction trick I could do that jmp s to a custom function allocated somewhere else

Yeah I dont care about unhooking, and I can totally replicate the logic of the original function msyelf. I can't jmp to msylef?

oh damn

yeah

yeah thats awesome. i dont have libboringssl extracted rn, do you?

I can use hopper and try and poke around

oh nice

Yeah I'm ok with hooking two functions as long as I get a reference to the SSL context object, and that it's before the TLS negotiation has occurred

the whole purpose if this exercise is to write a callback function to 0x2b8 on ssl context, that logs the C Strings to a file or to console

Yes

Kinda of, SSL Context has a format like

struct SSLContext {
int64 id;
void* keylogCallback
...
}

and I want to write that keyLog callback (that is pretty much always null), and then libboringssl will call that callback whenever a secret is generated

The callback is never written to. It's the debug secret dumping callback, theres no way it's actually set

it's always null AFAIK

Im hooking set_info_callback but that's just to get access to the SSL context. I'm not writing the info callback, I'm writing the keylog callback

It's open source btw

Bro doesn't know what ssl is

https://boringssl.googlesource.com/boringssl

Bro thinks apple wrote an ssl impl

google didn't even write boringssl

Just look at the plist in their repo

Multiple versions of libressl actually

wow amazing

love it

ok i think hooking ssl context new works, will need to make sure that it all looks proper

touch grass

i'm mapping all my code at least 4 gb away from yours

schizophrenic ramblings

find god

also

happy birthday

god is at 0x7ffffffe100a7eb0

amount of people wondering: 0

@primal perch fix pfp

@lime pivot I love how all the "mp3"s in iTunes_Control aren't even mp3s, file(1) recognizes them as data

really?

yeah lol

they might either be FairPlay encrypted if they’re from Apple Music, or m4a or something else?

MediaInfo might be better

they are mp3s I dragged into itunes from file explorer

that I guess they reencoded

or

split maybe to data and metadata?

or some other weird unnecessary stuff

win

i watched all of regular show over the course of a month

ya im watching it rn it slaps

going through all of the shows my mom didnt let me watch as a kid

like i was only allowed to watch spongebob and phineas and ferb for wahtever reason

wtf

where is charbolzorb

MALWARE!

@indigo peak ldid -Kkey.p12 -M -S Payload/Whatever.app && zip -9r test.ipa Payload && ideviceinstaller -i test.ipa

it's your private key

idiot

just export it from keychain access

get a better operating system

mormons after being banned from watching kids shows while their founders says the most violently racist comments imaginable

mormons can't watch kids shows?

@indigo peak CRINGE!

a lot of the overtly religious people from any sect are usually pretty crazy about that stuff

@indigo peak I just call you "idiot"

yea basically

my dad didnt really care tho

let’s play a game called hitler or young

ill do it later

@grave sparrow cause it's not signed

idiot

dumbass

@grave sparrow why don't you try signing it with sideloadly too

then use ldid

ldildo

your gf needs one of those, because you can't satisfy her

what gf

https://tenor.com/view/self-burn-brooklyn-nine-rare-andy-samberg-detective-jake-peralta-gif-5606998

@grave sparrow would y'all like to see how easy side loading is

@grave sparrow

just make sure to put your mobileprovision into the .app

@indigo peak get a mac vm then

"it was just a product of the time"

oh wait

I just remembered

ldid can't sign stuff if you don't have a paid cert

@grave sparrow send zefram so I can show y'all how easy sideloading is

@grave sparrow clean your logs 😭

idevicesomething

idevicecrashreport

you can probably just delete them using console.app

@grave sparrow delete all the files in /var/mobile/Library/Logs/CrashReporter