nxboot
nxboot copied to clipboard
mologie
Trollstore Support
Hello, I saw that sideloading this ipa is impossible due to sandboxxing causing issues, but since Trollstore allows you alot of free reign like arbitrary entitlements and unsandboxing I was wondering if there are any plans to update this to allow installing with Trollstore, it would be very helpful for me and my modded switch.
Would love to, but I do not have any device compatible with TrollStore to test this.
From reading TrollStore's readme it appears to me that all we need to do to get NXBoot to run is to package it as IPA and fakesign it. Its entitlements file is already set up to provide raw USB access (even on jailbroken devices NXBoot would sandbox itself but request appropriate exceptions).
Welcome to accept pull requests that add an IPA for TrollStore, but w/o testing device I don't have plans to integrate this myself right now.
How does one build an IPA to sideload it with trollstore? Been reading that a few have gotten it to work.
Gta car tracker app is broken when i try to open it i get crashed out of the app my phone version is 15.5
How does one build an IPA to sideload it with trollstore? Been reading that a few have gotten it to work.
We are building with Xcode already, which can produce an IPA through its standard archival function. It will probably not work as-is due to its signing requirements, so chances are that TrollStore-specific hacks are needed to get Xcode to output an IPA that works with TrollStore. I did not check their documentation, but there must be some since we're not the first who try to do this.
I'm unfamiliar with XCode, but after making random changes, it finally works with Trollstore. BTW, can we enlarge kMaxRelocatorSize?
If the changes you made are random then I dare assume that it was not broken at all, and just needs different packaging :3
kMaxRelocatorSize cannot be changed, it is already at the maximum for this Switch/Tegra hardware exploit. This is not a problem in practice, all existing payloads are smaller or load code from the SD card.
thx, this is my packaging code, you may need to make some modifications. reference from https://github.com/utmapp/UTM.
fake_sign() {
local _name=$1
local _bundle_id=$2
local _input=$3
local _output=$4
local _fakeent=$5
mkdir -p "$_output"
cp -a "$_input" "$_output/"
find "$_output" -type d -path '*/Frameworks/*.framework' -exec ldid -S \{\} \;
ldid -S${_fakeent} -I${_bundle_id} "$_output/Applications/$_name.app/$_name"
}
create_fake_ipa() {
local NAME=$1
local BUNDLE_ID=$2
local INPUT=$3
local OUTPUT=$4
local FAKEENT=$5
pwd="$(pwd)"
rm -rf "$OUTPUT"
mkdir -p "$OUTPUT"
fake_sign "$NAME" "$BUNDLE_ID" "$INPUT/Applications" "$OUTPUT" "$FAKEENT"
mv "$OUTPUT/Applications" "$OUTPUT/Payload"
cd "$OUTPUT"
zip -r "$NAME.ipa" "Payload" -x "._*" -x ".DS_Store" -x "__MACOSX"
rm -r "Payload"
cd "$pwd"
}
FAKEENT="/tmp/fakeent.$$.plist"
cat >"$FAKEENT" <<EOL
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.private.iokit.IOServiceSetAuthorizationID</key>
<true/>
<key>com.apple.security.exception.iokit-user-client-class</key>
<array>
<string>AGXCommandQueue</string>
<string>AGXDevice</string>
<string>AGXDeviceUserClient</string>
<string>AGXSharedUserClient</string>
<string>AppleUSBHostDeviceUserClient</string>
<string>AppleUSBHostInterfaceUserClient</string>
<string>IOSurfaceRootUserClient</string>
<string>IOAccelContext</string>
<string>IOAccelContext2</string>
<string>IOAccelDevice</string>
<string>IOAccelDevice2</string>
<string>IOAccelSharedUserClient</string>
<string>IOAccelSharedUserClient2</string>
<string>IOAccelSubmitter2</string>
</array>
<key>com.apple.system.diagnostics.iokit-properties</key>
<true/>
<key>com.apple.vm.device-access</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>
<key>com.apple.private.security.storage.AppDataContainers</key>
<true/>
<key>com.apple.private.security.storage.MobileDocuments</key>
<true/>
<key>platform-application</key>
<true/>
</dict>
</plist>
EOL
NAME=NXBoot
BUNDLE_ID=com.mologie.NXBoot
INPUT=NXBoot
OUTPUT=NXBoot-Fake
create_fake_ipa "$NAME" "$BUNDLE_ID" "$INPUT" "$OUTPUT" "$FAKEENT"
rm "$FAKEENT"
That's great, thank you for the info that UTM's approach works for NXBoot. I'll adjust it as needed, update NXBoot's build scripts with it, and get back to you with a link to the IPA here for testing.
Fixed the UI, reworked it a bit for modern iOS versions, added dark mode, and have a branch now that produces an IPA. I'll try to test it with AppSync on one of my jailbroken devices and if that works, I'll post it here this weekend 🎉
@forhuan All done, the following IPA should work with iOS 9-16.5 as long as there is some installation method available that keeps entitlements: https://mologie.de/tmp/nxboot/NXBoot-0.3.0-1.ipa (AppSync, TrollStore, etc.)
I tested this on an iPhone 5C (iOS 10 h3lix), iPhone 12 (iOS 12, checkra1n), and iPhone 14 Pro (iOS 16, no jailbreak, UI only).
Please give it a shot, looking forward to hear whether it works for you!
Thank you so much! I'll test it out later cause I did not bring an OTG adapter.
The app crash when choosing Payload for the first time. But it works after reopening it.
The app crash when choosing Payload for the first time. But it works after reopening it.
@forhuan which iOS version and device does this happen with?
Took some time, but note to self, it crashes because:
NSInternalInconsistencyException: Invalid batch updates detected: the number of sections and/or rows returned by the data source before and after performing the batch updates are inconsistent with the updates.
Data source before updates = { 3 sections with row counts: [2, 1, 1] }
Data source after updates = { 3 sections with row counts: [2, 1, 1] }
Updates = [
Insert row (2 - 0)
]
Table view: <UITableView: 0x11180de00; frame = (0 0; 393 852); clipsToBounds = YES; autoresize = W+H; tintColor = UIExtendedSRGBColorSpace 0.001 0.732 0.883 1; gestureRecognizers = <NSArray: 0x283c8f4e0>; backgroundColor = <UIDynamicSystemColor: 0x282781d40; name = systemGroupedBackgroundColor>; layer = <CALayer: 0x283282c20>; contentOffset: {0, -149.66666666666666}; contentSize: {393, 424.66666666666674}; adjustedContentInset: {149.66666666666666, 0, 34, 0}; dataSource: <MainViewController: 0x11380a800>>
?
?, in main
...
(26 additional frame(s) were not displayed)
Will be fixed in an upcoming TrollStore IPA that I'll also put on the project page
Trollstore iPA does work on arm64e! and also its working without an OTG cable
iPad Air 5th M1 iOS 16.4.1 Trollstore
Curious as to how this would work on an iPhone 15, as trollstore for 17.0 is imminent and there may be no need for an adapter with a USBC port already. @mologie is there something I’m missing regarding the camera adapter’s functionality, or would this work?
Unfortunately I don't know how USBC iPhones would react to a Switch being connected. Chances are that it just works if the USB controller acts in host mode by default. Best just give it a shot and report the results once TrollStore for iOS 17 is out :)
can you update your NXBoot Github page and mologie.github.io/nxboot (lots of homebrew guides link to this for those looking to rcm load with a jailbroken ios device, it would be really nice if you updated it with the trollstore ipa info for those of us finding NXBoot via these guides) with the most current trollstore ipa for us on dopamine jb/rootless jb? Really appreciate you creating this for us, thank you! <3
Happy to announce this is officially released for TrollStore 2 with NXBoot 0.3.1. Also the annoying crash on first import is now fixed. The website is now updated too.
Please drop a comment if you end up using this and if it works for you. It's a gamble with jailbreak stuff everytime after all :)
Tested configs are iOS 14.8.1 and iOS 16.1.2 with TrollStore 2.0.15.
So awesome Dev thank you so much! Cant wait to load it up and give it a whirl! 😁
See #12? Maybe this info would be relevant to add to the GitHub pages site?
Thanks
