Feather Roadmap

[khcrysalis]

Roadmap

• [x] Implement basic localizations
  • [ ] Translate all available languages in the project
  • [ ] Add force localization changer in settings

• [ ] Fix any potential import errors
• [ ] Warn the user if the certificate used is expired or revoked
• [ ] Allow user to access a webpage to allow installation from other devices
• [ ] Migrate to new zip framework for higher levels of compression

more to be added!

[AushevAhmad]

I recommend pinning this issue for easier access :3

[schweppes-0x]

Great roadmap, but I can't see any priorities, what will happen when or in what order.

if it were up to me, I'd suggest the following order:

1. ESign certificates + DNS -> https://github.com/khcrysalis/Feather/issues/4
2. Add sorting options for version, date, etc. In Stores
3. Clean up messy URL
4. Batch import and export sources
5. URL Scheme for feather
6. Add notices
7. Localizations

[khcrysalis]

Hey there's no order! we will get to it when we can!

This is a passion project and we don't really have any priorities right now, though for now we're doing ones that are considered easy to implement.

[khcrysalis]

Stuff like esign certificates require tons of research, so please don't try to force me or other people to try and do it as a number one priority.

Also trust me when I say this, I am looking into how esign certificates work.

[schweppes-0x]

Hey, I totally get it! I didn’t mean to come across as pushing or forcing anything, just wanted to share my thoughts and priorities based on what might be impactful. I appreciate all the work you’re doing on this project and am excited to see how things progress

[Stetsed]

Hey, some feature suggestions I would love to see within Feather, esign no-log is currently my signer of choice(with me also having acces to the MapleSigner v3 beta esign is still my preffered right now).

Some things I would love to see in feather are:

• Allow adding suffix/prefix to the apps by default, I like having all my apps appended with "Maple" or another indicator to tell me "Hey, it's signed by that".
• Allow background download support, this is a major one as it's pretty annoying that the app download just stops and breaks if you exit the app, this is the major reason I am still using esign cuz it doesn't have issues in this department. The signing part generally is fine as who cares it's quick, but downloading especially from certain places can be very slow.
• Allow naming certificates, it would be great if we could name our certificates to give more overview/info on what they are, and maybe also would be nice if we could export them back into there p12/mobileprovision format for use inside of other applications or saving them/sending them to another device.

Adding to the

Trying to support esign exported sources is unlikely as they're encrypted.

I have today looked into this with Eevee from the MapleSign discord(not affiliated to them in any way). And from what we could find they are not using encryption instead they are using obfuscation. The lines you get with the export are base64 encoded, I was able to convert this into raw byte code and was able to find that when I export 2 sources which both start with "https://raw.githubusercontent.com/" the first 34 bytes(Each charachter is a byte in this case we assume UTF-8), where identical.

As such we can make the assumption that they are using some sort of static obfuscation instead of encryption, as any modern encryption algorithm would not keep such a row of bytes if the data has changed. This is as far as I got for this time. However this may be able to be used as a starting point for other people as it seems like the hardest part is finding the static variables to reverse it. I might take another shot at it soon but for now this is the info that we got.

I hope you lads all have a wonderful day further.

[lpuv]

Adding on to the last person, it would be great if you could select which certificate you wanted to use while signing!

[susandahal]

Support for .esign certificate can be kept at lower priority since the same certificate are available in p12 format in applep12 certificate. Higher priority should be given to ability to signing the apps with revoked certificate since not everyone has access to the live certificate bought from vendors

[Spritzerland]

add qol check for entitlements for feather's own cert it was signed with, if the cert doesn't support app icon changing then remove the section

[Spritzerland]

add source[] support for mass importing repositories, like how esign used to do it

when viewing a source's apps, if there's only 1 screenshot in an app listing, find the checksum of the screenshot and compare it to the app icon. if the checksums are the same, hide the screenshot preview

fix small typo in settings > display ("Appearence" to "Appearance")

add toggle for automatically updating the local certificate if it's been a year since the last retrieval

add feature to pin sources, rename sources, etc

[khcrysalis]

@Spritzerland

add source[] support for mass importing repositories, like how esign used to do it

unlikely to happen, these format is obfuscated and only meant to work on esign. Just import all the repos manually.

when viewing a source's apps, if there's only 1 screenshot in an app listing, find the checksum of the screenshot and compare it to the app icon. if the checksums are the same, hide the screenshot preview

Useless, its up to the repo maintainers to have good screenshots

add feature to pin sources, rename sources, etc

not really needed but I'll consider the possibility

[khcrysalis]

add qol check for entitlements for feather's own cert it was signed with, if the cert doesn't support app icon changing then remove the section

I don't find much use for this, I'll keep the section available regardless

[khcrysalis]

Support for .esign certificate can be kept at lower priority since the same certificate are available in p12 format in applep12 certificate. Higher priority should be given to ability to signing the apps with revoked certificate since not everyone has access to the live certificate bought from vendors

@susandahal feather already can sign apps with revoked certificates, its only the installation thats an issue.

[susandahal]

Support for .esign certificate can be kept at lower priority since the same certificate are available in p12 format in applep12 certificate. Higher priority should be given to ability to signing the apps with revoked certificate since not everyone has access to the live certificate bought from vendors

@susandahal feather already can sign apps with revoked certificates, its only the installation thats an issue.

It seems to be working now after few changes

[tomocrea]

Support for .esign certificate can be kept at lower priority since the same certificate are available in p12 format in applep12 certificate. Higher priority should be given to ability to signing the apps with revoked certificate since not everyone has access to the live certificate bought from vendors

@susandahal feather already can sign apps with revoked certificates, its only the installation thats an issue.

It seems to be working now after few changes

@susandahal how did you get revoked cert apps to install? as khcrysalis said i could only sign them and not install them

[khcrysalis]

I only said that because iOS is the one that manages the installation, iOS is the one that determines if it should be installed/opened

If you use a dns trick it should work as with any other tool that has local installation.

If you have no tricks, it won't install.

[a1zea]

Could you add some of the following things in the next update:

Downloads don’t stop when out of the app

Redirect to photos instead of files when changing a icon in the signer

Upload Dates for apps on repos

And this

[khcrysalis]

And this

Check appearence settings, also avoid posting screenshots and content relating to breaking the law in this repository

Check roadmap for features that are planned to be added as well, I will keep that updated.

[yodaluca23]

What about update notifications? Most other signers offer this where whenever you open it, it will scan all the repositories and scan the apps you have installed. Check the bundle ID and see if there's any new versions available.

It would also be really cool if you could do this every so often in the background and send a notification if updates are found.

[nklowns]

Downloads don’t stop when out of the app

I'd love to have this feature

[Ilovecatz17]

Is it possible for you to add a thing that lets you update sideloaded apps (from repos) without deleting and re signing + installing from source? Altstore does this, and I think it would be great

[GottaLoveAng]

cant really be added since theres no way to differentiate one tweak between other tweaks and etc. due to the same bundleid. would likely cause your screen to be filled with different apps unrelated to the one you're attempting to update depending on your repos.

[ismailcarlik]

It would be better if we use String Catalog for localization because in its current state, after each merge operation, each translator has to check the native language translation file line by line, which is extremely tiring. As can be seen from the sample screenshot, if we switch to this, the translation process will become extremely easy.

[khcrysalis]

It would be better if we use String Catalog for localization because in its current state, after each merge operation, each translator has to check the native language translation file line by line, which is extremely tiring. As can be seen from the sample screenshot, if we switch to this, the translation process will become extremely easy.

Issue with the string catalog is that it requires newer* Xcode for convenience, which not many people have access to.

[MrAlucardDante]

Support for Altstore V2/Sidestore source format would also be great

https://faq.altstore.io/developers/make-a-source

https://docs.sidestore.io/docs/advanced/app-sources

[castdrian]

Support for Altstore V2/Sidestore source format would also be great

The altsource spec is already fully supported

[MrAlucardDante]

Support for Altstore V2/Sidestore source format would also be great

The altsource spec is already fully supported

I feel like there is an issue somewhere then. Here is my source : https://raw.githubusercontent.com/MrAlucardDante/altstore-source/refs/heads/main/repo-v2.json

It works fine in https://altsource.by.lao.sb/browse/ and should be valid as I built it using the spec. But feather says that the JSON is invalid

[castdrian]

feather says that the JSON is invalid

I can repro this, visually it looks fine and altstore accepts it so I'm gonna have a guess and say this is a parsing issue on our side, ideally opening an issue to track this would be the best action to take

[khcrysalis]

@MrAlucardDante

Looking through your source, it seems it does not follow the altstore spec because it does not include an identifier for the repository, heres https://cdn.altstore.io/file/altstore/apps.json

Feather uses identifiers to be able to distinguish between repositories, so once you add this key to your file it will add fine.

[khcrysalis]

You have also posted a screenshot to sidestores documentation, which also includes a identifier you need to add, which again you have not done so yet.