From 0fdf39fe22f2cc0de19f2012bb47925c3df80ddd Mon Sep 17 00:00:00 2001
From: Mineek <mineek@mineek.nl>
Date: Mon, 8 Jan 2024 15:41:39 +0100
Subject: [PATCH] fix ios 16.1.2-, amongst other things.

---
 .github/workflows/build.yml                   |  36 ++++++++++++++++++
 .../SpringBoardShim/SpringBoardHook/Tweak.x   |   3 +-
 .../springboardhooksigned.dylib               | Bin 113309 -> 112637 bytes
 usprebooter/fun/offsets.h                     |   5 +++
 usprebooter/fun/offsets.m                     |  12 +++++-
 usprebooter/fun/vnode.h                       |   1 +
 usprebooter/fun/vnode.m                       |  34 ++++++++++++++++-
 usprebooter/overwriter.m                      |  11 +++++-
 8 files changed, 97 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..90cba85
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,36 @@
+name: Build Serotonin
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: macos-13
+
+    steps:
+    - uses: actions/checkout@v3
+      
+    - name: Switch to Xcode 15
+      run: sudo xcode-select -s /Applications/Xcode_15.0.app
+
+    - name: Install theos
+      run: bash -c "$(curl -fsSL https://raw.githubusercontent.com/roothide/theos/master/bin/install-theos)"
+
+    - name: Download ct_bypass to /usr/local/bin
+      run: |
+        curl -L -o /usr/local/bin/ct_bypass https://cdn.mineek.dev/serotonin/action_deps/ct_bypass
+        chmod +x /usr/local/bin/ct_bypass
+
+    - name: Install ldid
+      run: brew install ldid-procursus
+
+    - name: Compile IPA
+      run: make
+
+    - name: Upload IPA
+      uses: actions/upload-artifact@v2
+      with:
+        name: Serotonin.tipa
+        path: Serotonin.tipa
diff --git a/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x b/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x
index 19e9ee6..14b63bf 100644
--- a/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x
+++ b/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x
@@ -136,8 +136,8 @@ bool OpenedTweaks = false;
 bool os_variant_has_internal_content(const char* subsystem);
 %hookf(bool, os_variant_has_internal_content, const char* subsystem) {
     if (OpenedTweaks == false) {
+        spawnRoot(jbroot(@"/basebin/bootstrapd"), @[@"daemon",@"-f"], nil, nil);
         if (isarm64e()) {
-            spawnRoot(jbroot(@"/basebin/bootstrapd"), @[@"daemon",@"-f"], nil, nil);
             dlopen(jbroot(@"/basebin/bootstrap.dylib").UTF8String, RTLD_GLOBAL | RTLD_NOW);
         } else {
             NSLog(@"[mineek's supporttweak] loading actual tweaks");
@@ -164,7 +164,6 @@ bool os_variant_has_internal_content(const char* subsystem);
                     }
 			    }
             }
-            spawnRoot(jbroot(@"/basebin/bootstrapd"), @[@"daemon",@"-f"], nil, nil);
         }
         OpenedTweaks = true;
         return true;
diff --git a/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib b/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib
index 3bdf556c21d42813f1957df4c45ffa8f510a687c..daecbcf920391b8b2f0462d4903cc6d258431386 100755
GIT binary patch
delta 7040
zcmbtZ2~<<py52j15FE-NlS~O{5gbq)5P`};WRNN<ptM$uF$4&NBql*oTZ0X?NC!C{
zuZOA#YHg9;YpuKrIMwP~POp7Ft(|W5iF$i4`fOjZwGvzP{yS%%uJd%MZ@qV1-`W57
z|KFa6!;a0j75DyI(OB<~803D`K0=BZcJow!^=yH~%4l>pdt+)~&Rl^p)JwRGdk&}g
z*B1y8rI4Wd0<Hm1^>3tZ7Z&`D1>9fp)WCJ~1j<skn{#7iDS_cdLZqCQL%59V^A6*V
zdU$kfm0gs}?sal26%AABK|z`k0{F%gBM#DfUnp<@LIc5`10WBnia-H)36Mle^Hlm^
zw3u5X8^T$<lw;pY*=6<i%KC6qP2kC>g01!AL8k@?-GqUW`61F&IRN4N-1}ZO*=8jd
zuAHyf3_ae2IJGj2<CJUV&5VKz_Z}_BQ<J#oy{lu6Ld!@C;{d(@(o*t700?gk#Yo@W
z(dQkS$kmjGL^2*|qtXK<^m?^~#-ZB$>jP1@5~InGD`1=lx2HVWI|p*1S&Zut*H^Cc
zRuhK2*xlSv!!TK&oSSNhj&n=qGOqTYFC|@<BeqvQpgk5NS2T#H)q1f_P|H1eL_5c=
zGlXF$x66>>w?>XOwmLQa_f}=@e&EDxCFe4Xii?FDN~lbU8CRP#vcL5jI`@e)yx$1w
zE7^>zRgTYnA`kB`=VnzD2u+*ExbnE&6(ev8cdjBhZagSS>wAhA*I1IPfRwbLzjrcn
zwK^B}D`;C1IKN62R&xpP-o(wVObPS{b<YIk8ccJogLDSBy)syKU&bA%jGvTG1Y;SO
zc2I48Gz?Y_<rwTMMX0-gWGrI3i6$59)(qLXL@vS@7DXc4GZu9bPtOSCng%(dNbV7g
zYrA|=*EH@$qbf0jsE!v4s$pdKYV-YwY8a@T#a&|8dP8dc+nhmNq&p{N+#X|$pA2NZ
za@5|Vg5G8Xb@_7N8^=aQgO`j&n{!^j(i5?5&cOa#4;}=!I$!7ylXK&%V(5G-VLr80
zBV@;ATtn5!q3%hpRk9moXrnjehlR5j^*+NM<UX%zdG<JXTcJ7c+<(B6S)C8O_nM6D
z4MwgW4FQ=E))b8Aa=T5cXa7v}(8*V+K8@&)gMJ8TUm{>!ler&2pUioh$7aSu{K`OK
zu1ASBtOGb3HnwFHclD}J_ipE+e(73KV(<Uz4Q>f7N5a~j#H}!=4pRECa#VZX0}#V~
zY92n+?n91%y-`g*Y_xAJ%qQBb>+)gMGVZ>4iGMOwK<0AC5OmH7c_L+;)sl-{++oXD
zZzTkK<V^SX+--|0^zRt<4MIzMPqu`%(K^v9wfX;!x%j1H^7f*ezU<qe>G6X8c`>dW
zSl1ZVH0<!kY3Nxt15zE5vpYc(OV)ff<AV8fK@H^WYK&@)VW$zTTFy3eyO*ZLtpOz|
zMX806accUv%QgM({e`?)gwwtvwUAL;&iPqKgt*I;?jx9alAD`jRXc>~^=8jPkz@kr
zk%nd?R}`sO?du-1t8#h!xAz|KJ+SGfLtNPR1KDFVPY%g58@Vzdz4AQc`UKK+T$^9)
z_QQli`W-ACp{{`}(F<h^ieWzjLMkRAlDSnbv<|(<xW1>caa^EHg=4u%@DAnX*&NuL
z`_iWJAbsZgZNo?Yh=j~NHW)S=Ll2ul>@X1M&|vmkTF~DRmt~LkaQEJ54+*#+=BtE!
zl|nwQ$sR5Y3wnk<4+2;Q=X>P1{Tr}JOFxCQM}=IyJ7L|1As3vljdAIW>v|D#c{5%4
z*E>-6gHF^9yQMMCZwh-I_JN>Lu-A3SrCbB2;xM71ZKMHV?)i4_*WNPZg7T+91&nJO
zsR;HvX+S&Juowb*GUTvqYtO$Ya-G1hz=qpS3JYdjJx)2hjjOIM8(vLS;w;|+PP$M7
zX^)RE%Nv%3Oe`fihmgUSpR<bgHQ70{XdjoIGlET85DU9v1{wI7%aS6bYwO{CSIKQ(
zmg1K}ihz~e328cHoyYyKER3Ei&#=#d*Hc^?$cLT6MJ-Rk!@1(+qZ~sac5hWWd=U_P
zRId4I98~J7U|dM166^sI`x%MtFR_CpcBsUTl-SV{JLV7D(daw!57OuxFR{l<>_my3
zEU~9b>@10$E3xw>_I$yH5A#pH3yAGdedQ*LB!MLoyHsLVNNkhDwo2@k5_`48epO<x
zmDr9333*#$Z;;rVB=%;By-i~8kl61@>~@L0M`G_2Y=^t|`z3(`68nh6J|?kG2zC?<
zW0VKua+e_!d}^e=Ai^D2J~8h2DQeIY1wTdkJ|!OTlz7OK;tuFR_>%+>S3e~_{3-F+
zC&V3O2uD9bK;q+`5}){#c+%tJ4)+|TK3?FCGf#<6e@Z;(v2m{pA@H5Jkkg@f`8Uj4
z!f?Q-WHhfZE2+S4HJHkf)?(3{N(7RObY_!XYcSbF&a*){%0p+itl(^`$B!z}mujnx
z_E}n!woGqDr3Rxuv&LYv+tTfGwD$63RIarZRF{?-YLdAxR%i0Jg0YHMh2R8ku_JDX
z&0S-W!CszawpMBF$p~><9M47}1|evp8{(~r@IM~zOGm=K0ruDqMeSznIFv^MzUUX4
zI_D9thHC{$5h7O);I*f`+y)YEP-=m|`{6k2zG129Rprt6Mj8(kN^m?<KsyzP*T07=
zm{~}2su69^Bl!zye27rNBk^(?C-*OeU_n1zftd<qk14=P;~|fUzd_?;9ux1TarpeZ
z>wlyH*Qh{f;iC<_@sxNUjng51q<k+r#iRj=q!AB~KmrvECqZ}~j?bUhao!o9>JYBY
zzNp2m_eJeA?V{-^nqH^rk2L*-rmFd*bYB!tQ--F`(^N}S8%-TFeOpL}pgq)anWoC3
zjtxh@N^@YCI~)l}1uO$>0Q?zn5ilGh%m7L-k~LxE@gCq5Mv7iQqzoyh0`dSa16l!x
z09OIG0C0^`L;^+vQUP$oQxpP90CvEBz+HJZQUrJ)MKoYBzzBF5a0u`tAk-5nmH@1P
z0|4^RAD{+|1|$Qr6v%5nACGZ3zd?qF@bxn6!_SrB2);vxi-wvlc8y8D9BIr;Ds&o~
z-E7svA!9a`@mKtDcuZcwOmi91%qqw+n=5DOZ8kVyGHXOfR<%iIH<(Sl#UDoo8f+G=
zU01Hr+E$o!NK;}o!x6??Fb<7?g0;Fzjjp^>Q>rx>k;b;drn4KDtT1V-^n98>4$Q8$
z8TEP#(p2fIY<fG=XrLUM-fGua?Ixtr*BHRJTx+mf3?)cYYPMDi6lpAatJQ3UBJI|a
zY74)92p-NC%5fM!C;<C;A&t&vw%GW&;PE$@NGVpm7K*Ugty-O)Ulf2N`PKj&z@L=k
z3`LoqR3Lbd24HVeQgoa~L+j8P%{D#cHCW(Xsx#T4E2UOFkSeXwXx8zU{qPk20}sqD
zgnJi49;gd`eSlkGEi4Vx<9=UUPwXbRvmsgTjKWNlc8O76g2J@cs>F$U6y<^HoDlPz
z4Wp+oDO|4CR@#tvX^F;Q(=5{(q5D4kVow|p1Otvnz?d&L<(tiR1b^%zsE9w{i6b54
z<3gT=9tb@HrCp%BigE`2#wO1m%G)TvLHTs|A&$@_`13gu*COF?M`$kP!Xb~4g>bms
zioc(&6SxDF(;w7!Q9(WB$0={4{1)Y>DEEZ3iWJyO`B2K0`9g#9DUYSxOnDCF>)jj<
z<8ta~qk?+MKcl>j@|%>OqFe!=19t-`A4a*-{WXCRpgflHM#^(2KS{VJ^q{<eU*Ltq
z2Kga$^r+DIJbt?uR^_f$B2*%H-0v9g|H;PzFGU!wS8ml40n8tYCocv75B%AQ;Oqg;
z4^ZOBXwfg~7Bdiohx`;rbc-22m*_;lsH;nN%TO-W)ur<dL?`-1T}ZZ|W2i19n?FNz
zqF>Zqq`L7`cQKnE;0-#_FY3g_c@_Fe+82_;=MtUh7j@#IC5xEoF68hHL?`-1ow%6E
z;wCy~27iX=M8BvL7dct<MAtThA20xPqF>aBi=S);qMM$_=MtUh7j@#MAe)5f4(0I;
zL?`-1ow!-Z<{`RY^7u2LOBVhAfF+}bF%usd7;2F~>I3T~M!JlY{Ir2Mahf>qWS-$y
zUzleh6B&QP#c?NY!o~R_^G$eNdgp<Gc&*$47j^_6H?#`yGT;@!YQRbWY$dcDPz+cI
zAip$M0pP-pOn`F0dO#zf8c+&=i#^%^SPEbPYXENpUIRD*m4LN?w*YUFDjL9e9Z(Ng
z2e1L&0Mr4>02P2&0TzH2U<Z@{RsjA#jn_f`a?(Z80|VfH(~DZrJ*FrBw~llk_Qe6p
zPLHAZ1RgLsamvJ`DLQ?;na6=R3=R_1IU)kjbSNiJD%CAXoK(WE+KTP6&_=#*E6#mR
z^u|}4Y=$!UVxYpL^qGa(v*y2$hpM)Q2kl(+kLK_ETMz8Wy4n0{%f0kpYa<TM8DS_n
zax0|_{>MPAE)F{MpleIar8|4q?vLr1J~pyWowvZUdi)XX@69K6zkZtUYQ~G12dDiH
zG$k-!B#taxpz6IeW@+6G)rDUjTi;hcXV)#gw&}~%gZS@LT8l@2U2*5Ns(Y?(tb3<0
zjc-cmsGc_T!<hdhr7-HMEoFBi_Nmgo&-ab1_Ph1_4*%dawl`D>+9RtX_Lx4s;I2#k
zzWsOOXO*?@4pue&QkQTz;B3f;QOB~^#m>IbaOUQCZI;lY6Ei&iwCP=b{u}!yA2{B7
zd2rLOt9K{XwGB?2-?AiOhfLRZcH6{+6Jr{74!`%eZKs<@6&;-3aQM2uY|v}>zpUUE
zrgVPOf-M2+qiM4vKR<h8=gPjjpM9{RIN|c-@Z2pw|E2lg_GjL`^p4k>&WJ7?fy0(h
zpE4)MHepWU(!9i^QtPax6O1LZN|GkzWSaTbk8!eN$^90`D+5&@tF~@GU-xZmdyPH)
z!AEP`zUVpq=Ij11{`}FL=A9LbZcM1ij_vapb;F*F4U^NdHb?%e^X3`FY0JjxQ!)#$
zoZphQaOW$=?+$Oy>bt|f^q04)_HC?e89A)~bd{%hak2i?CGXS^GI#!TWBhx!``3H+
z&6wC6e!u&A@qet>IhGDB`fT*?sf{<@9h>lR;@8`+tQgaDIcV2!3u-#fhFx_|x;ig)
zT`*g7cc4KtF=_hbBIb3+t_2?rdiNNAEGa^93EduZdsWcE+WfR1y2sD`oVogDk!<7F
zLE8*pzc8(ICHpNCaO6+1FWsp`4-)bd+u7I7+`XDJ*>miI-%S6KdPuRQOJ*F@`PcpU
Gxcr~F5e(V@

delta 7266
zcmbVR2~-rvx~}RThe1#fa0#LeOBB43MGYcu!+@ZID2Sj&g;5Z28IVB~qs}PNs5dHO
zqu`F3co7pb5hLi+h)dM0PrSw@n?t-Y=+)%;a&9hTK;Qp&S0{b&D(Ad9=cE3w{-yt}
zt*eH%U(~z*r7m0Nu{4*6Me8QjOLMI|MtM{&kysEX)s;)E_eXVaD3O?swIc5%jHJUo
z$Z|=ekt#x#3mfPt4-IQ}P^Mlkd`(An=T=H|2Wv)7g@N4g?z_yAW(JFcoD&{7_ZAvd
zs@h%Lw>-D|q_9lAVVDIhFpXY-E1f8*fV#n*l3Z6pTtJ=#z%q?N4Rr<}5~Fp}xlxiS
ztl~U{0w+!A=7T#Q1m7LLvYh*JpX>j;JAV+^X#vt}LdU4w38u;e2%RSU&B?^oItf0S
zG<B^LA=`+c)$|qw&00SC+fIUy^D8``)n7<(Ufi!9GQ$jm0qy|I6iXif@~}RXWbdwh
z<m?u4v~y|D7F{py9xr(7ytz+#Awn1B90WdOg3j?kDAD;kgU1y@oUF~lK3xFkrV=jd
z{DVc4WSyht*Y6_l@x<E9cdiMd!~xk~(OaCXl`2x+#`meYDs+qPP0tAfqhq?A=1F-~
zX+}%i>thZ*Ev43d!m8-M1jFcE(fH{c8me<tm-cO`x<eYzl=`$(gLPB9&QZnF#xuN6
z%iF?N(UYarrsy0ig>ZfUmzRkVy<4h(ofcV5NCdp6R~0|KWf8QaY){uYjKT_iZ(1O1
z*Za~8;RO60Bizyt4@m|a`(WZo#OF-bIo3m60%+z*jeW4raj0}^OASA@C8%UT%Sc|(
z$AlzLL6=aS!{BO3@h6s)bjB&jP3h!B8t|rc-3hdr0CH6f*QkfOnt!cDL&>A&o_oEk
zDH$rJSxOp1g|ji9T?S*6{yN7#epdZJp()0f`U*7Gvr7QB2S9u2%=$ipU#usmhT)0r
z*UbeKVwS$pV=+DIJ%xp_q1>08uqW1=yTl16WBai|(^$)ed$IjF7hdofGvFn0BrO{2
z3XYV6g%@xexg2J_Bup8zcVs5CR>8BjKY3b#L$?)p^BvCG+><!$83>(YBer1&^~4T(
ztp$f1-u~)FAw15v+c=B>Z?T$1SSc9dJYOo7eLTSjdP4Ro7B<F(j+qDACKqX#b7UE&
zKo-c=F*EC%eaVSKrL$U;(?mm^|A~E>OQgQ^7HIqk*XA%Q52>gCMZ&oFz?V|Pt<cjp
zzop?;e|Jj?EF{~U%5dwiR9G87+v5qvIbuoK?@1a<!RH4mJdPhvn}jiAL!GtobUUv*
z@rAHrtS|R6bnVz4oDU})A3HFqjC?-G`UQB~ouE^kbdDehOo!=k?w9H9YHI*Ki15~R
zU;}B}G%Iut=rjie#679Z4~D=W+VxuAx?Bh!H#+z<SYi~70XhO!$UZ)!1)|yX#Mw&d
z=<E0t?4(*@`?&tS#F)wzQ`)@+y@i|Ow78Yoh{f5O3?Xq8;T_BE@i<D*6Iyq%i+<qw
znp<s8E9|hmN<lCB5EpAK^LZ0}CKAVLsGAaWjx$h4Q%g#!*sgOFL;a0Be=IK6!N8>$
zuKh%U4@M(&uHvQa$TXefM`%M`zOZ||FU=87!{2GbcjL`;pfEGRSB38^SP}vU3}nuB
z6LgzN>{^@N;tJVg*LJbqVu1pv@MVI37`{D$-ROsWcp)|i8kvcw9BMv<nlFVCw23~r
z-`WW2YCTQFiE!1<)0(RwV}h{rmfL-aqxk^L|K7v_tHl=FMKC7zba~`$y$7oSTZFPi
zuW3JlOH*%gglp`uBAauF<3nge`8%v(3F8vE3o<TzdkhcL66TxC=SaK>mKoYN!P2sq
z^470~w!|FsF=izXYY}ivunuaw8yi-OG^}?#i35lB_f{BMH=W}hj0TIYisu`T$nqVo
z@vtnP=NhX)#;k&1B?QAO1vPQQP}Wf50TAv?2=1etZ|#@fBq2Cy_?TrF5oR}L6%F2r
zP~+-ohItE7#EtJVTddNXbhW~mm3NXS5plBy3Wt)0t1_WgxDwxM%S3nc6p-6qkA`mr
zu{Q7-*Wue`bLVsp!ud+FS|N8<$Q}y0heGyN$bA)ZKZQKt57}&U5BY=G+y^P-2!$M_
zkVh$Gy+V#t$m11ql0r^V$Z05>*;`ImC}t_-xe9rnLN+SoLWNwcke4as)e3p7LN;$u
zkWC7Ci$dO}kasBLJqmfhLO!UFYZUSkg?v<!&Ej|;S13*@<c}2cIfZ;tlKo(=_z|5$
zj4@kk(-Q498KPeGLcQ7Mr+J})&Cj(1y?Y0GuNUdf@CLnJWB_`f4)od%^nowX!>7dN
z7xV%H)W6b!KCA=%kmu{o;uwv1zJaLMb)b*!KtJ}mdZ%k;1%xCns@*jCcRGN~$u|}m
z@{Fd*MTL3BoG4-_D9AQu$!tn$T%;ruVPl$K#k3yOPYpf=B}8~QWsp0`%ARXjyr5`;
z!Dz_IE+oRhw7zhE7}b;Z5DaM{6@J~RCl^J8_tFLl-=_`mASUrK>3K!DaruP{4MkBx
z@AQ|u<HczN?4XG4?7B2UFr<gqsx3RHd5GBLP8P8G_Z47Av~YjGnh^Zv0k>R+3j`MF
zs-zWV{L^0VEMBFw>`wBm-j(UQOA*Y^1n_4D?4I|G{sPmpe4f#N&h(xv#r6r>nI11%
zgusk#Z}1Z{fRlw-+UxH#J>HkFwAb^j2M0>(XY}Dr58qDl`Og@<#tftkpMAjW4)l3U
z&${@T_+~`{5tu~#H#o!$0#OO2z5dG;wO30+MwqqY{n(v&uv)q=yOTu5jjS$W^)gl;
zWc6`YUuN|+R^MlJE2}klM1^~3PgcJowR@5f){x2S4d&V{4cAAT@l>ethl_D6A?g&k
ziCUnp0bB&!1hfMDDN%<3Mge94;83G}8(;%`1o#wi9dH-$8zofD5vl_e0k!~+06qoW
z1;CY?h5?rHM7@iTC+hD(_!;mR;H4t!>3}_eZvkC95p@(`HQ*eevzn;A0sR0GfE2)N
zfUzQkQlE<N-Dyz8mTokp?uTylK38$38}+L=tfE%4i;C2*g7a;siLkF^XQeL5Hq1AX
zPII#|@=O`Uh6Q<9BrzwuC~2~^&BPVvFO17ukWEtZOk|d+z_7%alAm8hmZ?a~6-rd(
zCLDlO<eD9pJ~w_`>KLP8_JZszGSyJHFk(nHDN>QL+i21HcZwe7%(uC6mkV^nDY_tc
zm-Es{93`Sx!3h~6;7*8T2IGl~B)*XGdd811t}T@G_ZdG`Eb&+2#MhTvh_q1=lFaym
zCE}nHQh*K63-Yf%>lwGRUxD6XoWPM2%X!ANjQ=m=I>tM}y2E&xjK9RVg>e`jQD0?d
z4f(90f$`0Z+ZnHBoV+e2@HyjJ#vd@QV_Xeeo0tIO0gPK1PiEX)#Tv?3Lj&WN7`HS2
z6LMz@DO)8a;0DL@uJHR)bE(ApGv30u9(gzD(FRGsit)>g<EJ4DK1F+-sI&P5D6=Fx
z@$WRa<|z3b;B#Sxl>U2XHX5LF2>g+M(CglrkU#}TeIOtcfCYI{J3ac}%oWvU;?DxG
z2GIcnU{EY_0Hq!SwB||rq0C?AXpjDQ)xaYAEA{AKmXBJPgnAZ0YLFZ-zy;Jpkpn38
z7$B9ckVNJ$bF@eQ5$Fs>_E+k~1kfKB!E`wR7Elgw3caDo0pul#90SNpvWWT1T=rie
zdjILK)T2KxVQ~?zVFBbdEeDW>=+6L3JqD21{6*$3bJ>5FO3DCvlENN2`okU}Z2}zp
zl#1gmZyIQTUAPp01vv&#>M?-4sZ3!0GMD|OE$vT#r5^qN*o5*}0O=SdIbZ^>;M1XC
zKukc^uLFB6Dp;`r@26Ojml>Cr<ehf*k5G?G)VV>55awFZ*@Z^v<z>|en&HP|d6|gc
zaOCnN(lNa}DaSM3npd~lg|6kz8PJdkFaU5I=K<yea8einIQwzF;Wmz2w+R40HIT&s
z+`92RiQSL8Fm8mn7vaeXzuh=!7QiaNY5?v#YXEBjZvxh#$$Ahr0R9Si3$PKe39uPZ
z2CxFQ00aR3mb4YH4WLXs2YCDB7eZUdF90b%?+x&D^t`ut19a`)<p1{~b!*(ImnLkn
z(P&thot0rIEHsp4n2PcX;VwWjGX7(G$dEyG+j`MYXy>r-p|c~yvId9bS5&yuK<%F&
zdpH`f&pAkceB|pcd(m)OQP7J9kNS_HU+_qhp*((6Kmtqa)_Kzevu4<kh_Jziu<(j+
zw!^8ZPgq6r4my6M+#0gjXv)iha|=n0j806ApO7{+iM;;K^?%$O(w6ki2k)A0ue)*n
z;F4qI{?j+7uYWMFe)@yoK862^XtkLK;s#%vST^kU)lE66=LgurVod)I%siW*pIiCK
z<)`_H6}@)S%!<gJRF`=+hCZAXYkVAWhhMUI^r6$km-K)0>G7tal^5#2zC6*!O=|j3
zuetHg){~8wN<+s#ewuqacxL2Vtt%g?7r*zw)jntGTjUq_sW+3ax31Zg{?o*ehPHm1
zH@wdEJdk(E=}6~aj*E}dPJ3g`!GzXRsYjQ)yNx(`C9Y<R%fkug?ZedB@z=vkJ{&Dt
z>4p@!x;iC!rS19ctIdta9AA5x^aqkZSk%z8|CbYw^G3V0MV)CnbGGuebIIWaVfQZG
ze%}=Kk=I-HD+4DQzF1#5e@I>AZd%}_{YTr+!wXl<D6kyrT)64Uq-<`le_e!eLA+^u
z=$gFn_vhBF_>lIYy<eR)c=5!+3HqsHW1<%&7nIB^el>Y|a>Cqkg>$ym(kSz;zkc%b
zses6>-IvY$Xz#=QV+R#+wQJ6HExF~`W-jsYoIW9K>sKdy((ing_J!f<nZw3qGwKIe
zLSxJCRv(UujyPl5`&sR6&l^X4Z|LI#9~h%ZU+baadp>U15%74}{Xu`{%hPWgyPWiG
z3;yrOm;Wnw!#`IJt*tznarEO_<Bz|7|1c=lyf0$)*7V}0`1MZ)*$?!~+qo_I;*C{-
ztv_bHUpM2k-aa9;|D{{1fUBz3<%f^>t(&-W|NFOhmyg<csWNxt_HL$;5d&0dM>QL~
z-Xpb!yP;_#clLeq+kt<5-ny>w-H+=_XZQrfPS5(_Sjl@kt1o<(Q&4J84yr#>d^h}2
VgvXTf-TeAgu6TZ3)G>OV|3B9$_x%6>

diff --git a/usprebooter/fun/offsets.h b/usprebooter/fun/offsets.h
index 354fb5c..23ebe14 100644
--- a/usprebooter/fun/offsets.h
+++ b/usprebooter/fun/offsets.h
@@ -48,6 +48,8 @@ extern uint32_t off_fp_glob;
 extern uint32_t off_fg_data;
 extern uint32_t off_fg_flag;
 extern uint32_t off_vnode_v_ncchildren_tqh_first;
+extern uint32_t off_vnode_v_ncchildren_tqh_last;
+extern uint32_t off_vnode_v_nclinks_lh_first;
 extern uint32_t off_vnode_v_iocount;
 extern uint32_t off_vnode_v_usecount;
 extern uint32_t off_vnode_v_flag;
@@ -70,7 +72,10 @@ extern uint32_t off_mount_mnt_fsgroup;
 extern uint32_t off_mount_mnt_devvp;
 extern uint32_t off_mount_mnt_flag;
 extern uint32_t off_specinfo_si_flags;
+extern uint32_t off_namecache_nc_dvp;
 extern uint32_t off_namecache_nc_vp;
+extern uint32_t off_namecache_nc_hashval;
+extern uint32_t off_namecache_nc_name;
 extern uint32_t off_namecache_nc_child_tqe_prev;
 extern uint32_t off_ipc_space_is_table;
 extern uint32_t off_ubc_info_cs_blobs;
diff --git a/usprebooter/fun/offsets.m b/usprebooter/fun/offsets.m
index e57948c..6e8f4c9 100644
--- a/usprebooter/fun/offsets.m
+++ b/usprebooter/fun/offsets.m
@@ -49,6 +49,8 @@
 uint32_t off_fg_data = 0;
 uint32_t off_fg_flag = 0;
 uint32_t off_vnode_v_ncchildren_tqh_first = 0;
+uint32_t off_vnode_v_ncchildren_tqh_last = 0;
+uint32_t off_vnode_v_nclinks_lh_first = 0;
 uint32_t off_vnode_v_iocount = 0;
 uint32_t off_vnode_v_usecount = 0;
 uint32_t off_vnode_v_flag = 0;
@@ -68,10 +70,14 @@
 uint32_t off_mount_mnt_devvp = 0;
 uint32_t off_mount_mnt_flag = 0;
 uint32_t off_specinfo_si_flags = 0;
+uint32_t off_namecache_nc_dvp = 0;
 uint32_t off_namecache_nc_vp = 0;
+uint32_t off_namecache_nc_hashval = 0;
+uint32_t off_namecache_nc_name = 0;
 uint32_t off_namecache_nc_child_tqe_prev = 0;
 
 #define SYSTEM_VERSION_EQUAL_TO(v)                  ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] == NSOrderedSame)
+#define SYSTEM_VERSION_LOWER_THAN(v)                ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] == NSOrderedAscending)
 
 void _offsets_init(void) {
     if(SYSTEM_VERSION_EQUAL_TO(@"16.1.2")||SYSTEM_VERSION_EQUAL_TO(@"16.2")||SYSTEM_VERSION_EQUAL_TO(@"16.3")||SYSTEM_VERSION_EQUAL_TO(@"16.3.1")) {
@@ -136,6 +142,8 @@ void _offsets_init(void) {
         
         //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/vnode_internal.h#L158
         off_vnode_v_ncchildren_tqh_first = 0x30;
+        off_vnode_v_ncchildren_tqh_last = 0x38;
+        off_vnode_v_nclinks_lh_first = 0x40;
         off_vnode_v_iocount = 0x64;
         off_vnode_v_usecount = 0x60;
         off_vnode_v_flag = 0x54;
@@ -161,7 +169,10 @@ void _offsets_init(void) {
         off_specinfo_si_flags = 0x10;
         
         //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/namei.h#L243
+        off_namecache_nc_dvp = 0x40;
         off_namecache_nc_vp = 0x48;
+        off_namecache_nc_hashval = 0x50;
+        off_namecache_nc_name = 0x58;
         off_namecache_nc_child_tqe_prev = 0x10;
         
     } else if (SYSTEM_VERSION_EQUAL_TO(@"16.7.2")||SYSTEM_VERSION_EQUAL_TO(@"16.7.1")||SYSTEM_VERSION_EQUAL_TO(@"16.7")||SYSTEM_VERSION_EQUAL_TO(@"16.6.1")||SYSTEM_VERSION_EQUAL_TO(@"16.6")||SYSTEM_VERSION_EQUAL_TO(@"16.4")||SYSTEM_VERSION_EQUAL_TO(@"16.4.1")||SYSTEM_VERSION_EQUAL_TO(@"16.5") || SYSTEM_VERSION_EQUAL_TO(@"16.5.1")) {
@@ -253,7 +264,6 @@ void _offsets_init(void) {
         //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/namei.h#L243
         off_namecache_nc_vp = 0x48;
         off_namecache_nc_child_tqe_prev = 0x0;
-        
     }else {
         NSLog(@"[-] No matching offsets.");
         exit(EXIT_FAILURE);
diff --git a/usprebooter/fun/vnode.h b/usprebooter/fun/vnode.h
index b295680..a8f1daf 100644
--- a/usprebooter/fun/vnode.h
+++ b/usprebooter/fun/vnode.h
@@ -116,4 +116,5 @@ uint64_t funVnodeOverwriteFileUnlimitSize(char* to, char* from);
 
 void ChangeDirFor(int pid, const char *where); // change directory for something with chroot
 
+uint64_t SwitchSysBin160(char* to, char* from, uint64_t* orig_to_vnode, uint64_t* orig_nc_vp); // overwrite v_name to swap files
 int SwitchSysBin(uint64_t vnode, char* what, char* with); // overwrite v_name to swap files
diff --git a/usprebooter/fun/vnode.m b/usprebooter/fun/vnode.m
index 6145fb6..fcf6b44 100644
--- a/usprebooter/fun/vnode.m
+++ b/usprebooter/fun/vnode.m
@@ -589,6 +589,38 @@ int SwitchSysBin(uint64_t vnode, char* what, char* with)
         }
         vp_namecache = kread64(vp_namecache + off_namecache_nc_child_tqe_prev);
     }
-
     return 0;
 }
+
+uint64_t SwitchSysBin160(char* to, char* from, uint64_t* orig_to_vnode, uint64_t* orig_nc_vp)
+{
+    uint64_t to_vnode = getVnodeAtPath(to);
+    if(to_vnode == -1) {
+        NSString *to_dir = [[NSString stringWithUTF8String:to] stringByDeletingLastPathComponent];
+        NSString *to_file = [[NSString stringWithUTF8String:to] lastPathComponent];
+        uint64_t to_dir_vnode = getVnodeAtPathByChdir(to_dir.UTF8String);
+        to_vnode = findChildVnodeByVnode(to_dir_vnode, to_file.UTF8String);
+        if(to_vnode == 0) {
+            printf("[-] Couldn't find file (to): %s", to);
+            return -1;
+        }
+    }
+
+    uint64_t from_vnode = getVnodeAtPath(from);
+    if(from_vnode == -1) {
+        NSString *from_dir = [[NSString stringWithUTF8String:from] stringByDeletingLastPathComponent];
+        NSString *from_file = [[NSString stringWithUTF8String:from] lastPathComponent];
+        uint64_t from_dir_vnode = getVnodeAtPathByChdir(from_dir.UTF8String);
+        from_vnode = findChildVnodeByVnode(from_dir_vnode, from_file.UTF8String);
+        if(from_vnode == 0) {
+            printf("[-] Couldn't find file (from): %s", from);
+            return -1;
+        }
+    }
+
+    uint64_t to_vnode_nc = kread64(to_vnode + off_vnode_v_nclinks_lh_first);
+    *orig_nc_vp = kread64(to_vnode_nc + off_namecache_nc_vp);
+    *orig_to_vnode = to_vnode;
+    kwrite64(to_vnode_nc + off_namecache_nc_vp, from_vnode);
+    return 0;
+}
\ No newline at end of file
diff --git a/usprebooter/overwriter.m b/usprebooter/overwriter.m
index cf83daf..39f888d 100644
--- a/usprebooter/overwriter.m
+++ b/usprebooter/overwriter.m
@@ -2,6 +2,7 @@
 @import Foundation;
 @import MachO;
 
+#include <UIKit/UIKit.h>
 #import <mach-o/fixup-chains.h>
 #import "vm_unaligned_copy_switch_race.h"
 #import "overwriter.h"
@@ -14,11 +15,19 @@
     return jbroot(@"lunchd");
 }
 
+#define SYSTEM_VERSION_LOWER_THAN(v)                ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] == NSOrderedAscending)
+
 bool overwrite_patchedlaunchd_kfd(void) {
     // ayo whats this – bomberfish
 //    SwitchSysBin(getVnodeAtPathByChdir("/System/Library/CoreServices/SpringBoard.app"), "SpringBoard", "/var/jb/SprangBoard");
     printf("[i] performing launchd hax\n");
-    SwitchSysBin(getVnodeAtPathByChdir("/sbin"), "launchd", getLunchd().UTF8String);
+    if (SYSTEM_VERSION_LOWER_THAN(@"16.2")) {
+        uint64_t orig_nc_vp = 0;
+        uint64_t orig_to_vnode = 0;
+        SwitchSysBin160("/sbin/launchd", getLunchd().UTF8String, &orig_to_vnode, &orig_nc_vp);
+    } else {
+        SwitchSysBin(getVnodeAtPathByChdir("/sbin"), "launchd", getLunchd().UTF8String);
+    }
     printf("[i] launchd haxed\n");
     return true;
 }