Nathan

@[email protected]
34 Followers
27 Following
58 Posts
NathanSep 2, 2024
JJTechSep 2, 2024

Announcing a new #TrollStore installation method for iOS 17.0: TrollRestore šŸŽ‰

Uses an interesting method related to backup restoration rather than a kernel exploit. Details to follow.

https://github.com/JJTech0130/TrollRestore

GitHub - JJTech0130/TrollRestore

Contribute to JJTech0130/TrollRestore development by creating an account on GitHub.

GitHub
NathanJul 17, 2024
@zhuowei Hi, I have a question.
So basically, I want to try and get https://github.com/zhuowei/iOS-run-macOS-executables-tools/tree/main/dyldloader working on iOS 16. So far, you can replace __DATA with __DATA_DIRTY on line 43 to get it somewhat working, but the program still crashes with bus error. And if you spawn the program suspended, it says:
"Can't allocate into process: (os/kern) no space availableā€
The whole reason I want to do this is to patch out sigchecks in dyld like livecontainer does and use the dyld insert libraries variable patch from dopamine in order to get tweaks to work in app store apps. Would you happen to know whats wrong with it and how to fix it on iOS 16?
iOS-run-macOS-executables-tools/dyldloader at main Ā· zhuowei/iOS-run-macOS-executables-tools

Failed experiment for running command line macOS tools on jailbroken iOS. There's nothing useful here. - zhuowei/iOS-run-macOS-executables-tools

GitHub
NathanJun 17, 2024
JJTechJun 16, 2024

#RCS unlocked on #iOS šŸŽ‰

Thanks to dhinakg, see his post : https://x.com/dhinakg/status/1802405645955567958

(I was unable to directly test it myself, because it is currently only compatible with AT&T and T-Mobile...)

Dhinak G (@dhinakg) on X

RCS comes to iPhone. h/t https://t.co/X2mRxhGcr1

X (formerly Twitter)
NathanApr 17, 2024
Show threadAltStoreApr 17, 2024

Delta ā€” the app that started it all ā€” is available NOW in the App Store!

Yes, you read that right: our long-rejected game emulator has been approved by Apple themselves šŸŽ

If you live outside the EU, download now from the App Store ā€” no DMA required https://apps.apple.com/app/delta-game-emulator/id1048524688

Delta - Game Emulator App - App Store

Download Delta - Game Emulator by Testut Tech on the App Store. See screenshots, ratings and reviews, user tips, and more games like Delta - Game Emulator.

App Store
NathanJan 22, 2024
Zhuowei ZhangJan 21, 2024
There's nothing in the rules that says you can't boot Linux on the Apple Security Research Device (the special iPhone that Apple gives to security researchers.)

Come on, someone do it for the upvotes!
NathanJan 14, 2024
Show threadZhuowei ZhangJan 14, 2024

Got a statically linked glibc ā€œhello worldā€ running in my silly QEMU project:

Iā€™m trying to speed up QEMU without hardware virtualization by mapping guest code directly into QEMUā€™s host address space and jumping to it (like KQEMU but without a kernel module; or User Mode Linux, but with the kernel still running under TCG).

[ 0.648393] Run /init as init process vmsa_ttbr_write ffff80008004c35c TTBR0_EL1 426e0000 vmsa_ttbr_write ffff80008004c130 TTBR0_EL1 426e0000 vmsa_ttbr_write ffff80008004c138 TTBR1_EL1 20000426f0001 vmsa_ttbr_write ffff80008004c140 TTBR0_EL1 2000048808201 fault! fbefbdff0 tlb flush! 1 tlb_flush_one_mmuidx_locked 2 fault! fbef28b00 fault! fbefc2ea0 fault! fbef46860 fault! fbef3e4d0 fault! fbef61fc0 fault! aabb607d0 about to resume: 18ca28ec4 fault! fbef53090 fault! fbef952e0 tlb flush! 1 tlb_flush_one_mmuidx_locked 4 fault! fbef83458 fault! fbef7ac90 tlb flush! 1 tlb_flush_one_mmuidx_locked 4 fault! fbef10020 Hello world :D 0 Hello world :D 1 Hello world :D 2 Hello world :D 3 Hello world :D 4 Hello world :D 5 Hello world :D 6 Hello world :D 7 Hello world :D 8 Hello world :D 9 [ 0.697763] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00002a00 [ 0.700433] CPU: 0 PID: 1 Comm: init Tainted: G W 6.5.0-9-generic-64k #9-Ubuntu [ 0.700734] Hardware name: linux,dummy-virt (DT) [ 0.700933] Call trace: [ 0.701106] dump_backtrace+0xa0/0x150 [ 0.701637] show_stack+0x24/0x50 [ 0.701734] dump_stack_lvl+0x78/0xf8 [ 0.701822] dump_stack+0x1c/0x38 [ 0.701898] panic+0x360/0x400 [ 0.701971] do_exit+0x56c/0x5d8 [ 0.702044] do_group_exit+0x40/0xa8 [ 0.702122] __arm64_sys_exit_group+0x24/0x30 [ 0.702251] invoke_syscall+0x7c/0x128 [ 0.702331] el0_svc_common.constprop.0+0x5c/0x168 [ 0.702427] do_el0_svc+0x38/0x68 [ 0.702499] el0_svc+0x30/0xe0 [ 0.702571] el0t_64_sync_handler+0x148/0x158 [ 0.702662] el0t_64_sync+0x1b0/0x1b8 [ 0.703020] Kernel Offset: disabled [ 0.703107] CPU features: 0x00000000,380100a1,8001720b [ 0.703364] Memory Limit: none [ 0.703661] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00002a00 ]---
NathanJan 8, 2024
Nick ChanJan 8, 2024

fix YouTube crashing on palera1n on 17.2+

set boot argument thid_should_crash=0

example: palera1n -le thid_should_crash=0

thanks @kok3shidoll
for figuring this out

NathanDec 28, 2023
Boris LarinDec 27, 2023
The recording of our #37c3 talk ā€œOperation Triangulation: What You Get When Attack iPhones of Researchersā€ was published! https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers
Operation Triangulation

media.ccc.de
NathanDec 27, 2023
@zhuowei but what daemon and how is the thing
NathanDec 26, 2023
qwertyoruiopzDec 26, 2023
I have two extra tickets for #37c3 - let me know if anyone needs ā€˜em