mineek · June 25, 2026 16:24
diff --git a/guide.txt b/guide.txt
 This will permanently block revokes and some ppq stuff.
 Use this together with the profile to block some domains "without" a DNS.
 Even if you don't have the profile, after applying this your device just cannot register revokes anymore. So you'll just not be able to install the app, but you will not get permanently blacklisted.

 note this may lead to side effects. I am not sure. However, it does work.

 AS ALWAYS, USE AT YOUR OWN RISK.

 Basically all u need to do is run these commands one by one in a terminal on a jailbroken device:

 ```
 rm -v /private/var/protected/trustd/private/ocspcache.sqlite3*
 rm -v /private/var/db/MobileIdentityData/*.plist
 rm -v /private/var/MobileDevice/ProvisioningProfiles/mis.db*

 cd /private/var/db/MobileIdentityData

 echo '<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <array>
 </array>
 </plist>' > AuthListBannedUpps.plist
 cp -v AuthListBannedUpps.plist Rejections.plist
 cp -v AuthListBannedUpps.plist AuthListBannedCdHashes.plist
 cp -v AuthListBannedUpps.plist Indeterminates.plist

 chflags schg /private/var/db/MobileIdentityData/AuthListBannedUpps.plist
 chflags schg /private/var/db/MobileIdentityData/AuthListBannedCdHashes.plist
 chflags schg /private/var/db/MobileIdentityData/Indeterminates.plist
 chflags schg /private/var/db/MobileIdentityData/Rejections.plist
 chflags schg /private/var/protected/trustd/private/ocspcache.sqlite3*
 ```
 then reboot

 glhf
diff --git a/profile.mobileconfig b/profile.mobileconfig
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
 	<key>PayloadContent</key>
 	<array>
 		<dict>
 			<key>DNSSettings</key>
 			<dict>
 				<key>DNSProtocol</key>
 				<string>HTTPS</string>
 				<key>ServerURL</key>
 				<string>https://hi.hi</string>
 				<key>SupplementalMatchDomains</key>
 				<array>
 					<string>ocsp.apple.com</string>
 					<string>ocsp2.apple.com</string>
 					<string>valid.apple.com</string>
 					<string>crl.apple.com</string>
 					<string>certs.apple.com</string>
 					<string>appattest.apple.com</string>
 					<string>vpp.itunes.apple.com</string>
 				</array>
 			</dict>
 			<key>OnDemandRules</key>
 			<array>
 				<dict>
 					<key>Action</key>
 					<string>Connect</string>
 				</dict>
 			</array>
 			<key>PayloadDisplayName</key>
 			<string>Anti Revoke</string>
 			<key>PayloadIdentifier</key>
 			<string>dev.mineek.haxx.antirevoke</string>
 			<key>PayloadOrganization</key>
 			<string>Mineek</string>
 			<key>PayloadType</key>
 			<string>com.apple.dnsSettings.managed</string>
 			<key>PayloadUUID</key>
 			<string>BC9E70D8-8828-4AC7-946E-76F65A5CC66F</string>
 			<key>PayloadVersion</key>
 			<integer>1</integer>
 		</dict>
 		<dict>
 			<key>DNSSettings</key>
 			<dict>
 				<key>DNSProtocol</key>
 				<string>HTTPS</string>
 				<key>ServerURL</key>
 				<string>https://hi.hi</string>
 				<key>SupplementalMatchDomains</key>
 				<array>
 					<string>gdmf.apple.com</string>
 				</array>
 			</dict>
 			<key>OnDemandRules</key>
 			<array>
 				<dict>
 					<key>Action</key>
 					<string>Connect</string>
 				</dict>
 			</array>
 			<key>PayloadDisplayName</key>
 			<string>No OTA updates</string>
 			<key>PayloadIdentifier</key>
 			<string>dev.mineek.haxx.nootaupdates</string>
 			<key>PayloadOrganization</key>
 			<string>Mineek</string>
 			<key>PayloadType</key>
 			<string>com.apple.dnsSettings.managed</string>
 			<key>PayloadUUID</key>
 			<string>F524F2C2-C82F-44E2-8AA4-C4565010F0D9</string>
 			<key>PayloadVersion</key>
 			<integer>1</integer>
 		</dict>
 		<dict>
 			<key>DNSSettings</key>
 			<dict>
 				<key>DNSProtocol</key>
 				<string>HTTPS</string>
 				<key>ServerURL</key>
 				<string>https://hi.hi</string>
 				<key>SupplementalMatchDomains</key>
 				<array>
 					<string>ppq.apple.com</string>
 				</array>
 			</dict>
 			<key>OnDemandRules</key>
 			<array>
 				<dict>
 					<key>Action</key>
 					<string>Connect</string>
 				</dict>
 			</array>
 			<key>PayloadDisplayName</key>
 			<string>Anti Revoke PPQ</string>
 			<key>PayloadIdentifier</key>
 			<string>dev.mineek.haxx.antirevokeppq</string>
 			<key>PayloadOrganization</key>
 			<string>Mineek</string>
 			<key>PayloadType</key>
 			<string>com.apple.dnsSettings.managed</string>
 			<key>PayloadUUID</key>
 			<string>19EF686F-4D7A-412B-86C0-9F5EC240F59B</string>
 			<key>PayloadVersion</key>
 			<integer>1</integer>
 		</dict>
 		<dict>
 			<key>DNSSettings</key>
 			<dict>
 				<key>DNSProtocol</key>
 				<string>HTTPS</string>
 				<key>ServerURL</key>
 				<string>https://hi.hi</string>
 				<key>SupplementalMatchDomains</key>
 				<array>
 					<string>example.com</string>
 				</array>
 			</dict>
 			<key>OnDemandRules</key>
 			<array>
 				<dict>
 					<key>Action</key>
 					<string>Connect</string>
 				</dict>
 			</array>
 			<key>PayloadDisplayName</key>
 			<string>Example Domain</string>
 			<key>PayloadIdentifier</key>
 			<string>dev.mineek.haxx.blockexample</string>
 			<key>PayloadOrganization</key>
 			<string>Mineek</string>
 			<key>PayloadType</key>
 			<string>com.apple.dnsSettings.managed</string>
 			<key>PayloadUUID</key>
 			<string>D133BF48-EDFB-4076-9363-C2B973FDD0F1</string>
 			<key>PayloadVersion</key>
 			<integer>1</integer>
 		</dict>
 	</array>
 	<key>PayloadDescription</key>
 	<string>
 |\---/|
 | o_o |
 \_^_/
 	</string>
 	<key>PayloadDisplayName</key>
 	<string>Haxx ( ͡° ͜ʖ ͡°)</string>
 	<key>PayloadIdentifier</key>
 	<string>dev.mineek.haxx</string>
 	<key>PayloadOrganization</key>
 	<string>Mineek</string>
 	<key>PayloadType</key>
 	<string>Configuration</string>
 	<key>PayloadUUID</key>
 	<string>4B1060D0-B77D-4101-BFFD-245480C8DC50</string>
 	<key>PayloadVersion</key>
 	<integer>1</integer>
 </dict>
 </plist>
	This will permanently block revokes and some ppq stuff.
	Use this together with the profile to block some domains "without" a DNS.
	Even if you don't have the profile, after applying this your device just cannot register revokes anymore. So you'll just not be able to install the app, but you will not get permanently blacklisted.

	note this may lead to side effects. I am not sure. However, it does work.

	AS ALWAYS, USE AT YOUR OWN RISK.

	Basically all u need to do is run these commands one by one in a terminal on a jailbroken device:

	```
	rm -v /private/var/protected/trustd/private/ocspcache.sqlite3*
	rm -v /private/var/db/MobileIdentityData/*.plist
	rm -v /private/var/MobileDevice/ProvisioningProfiles/mis.db*

	cd /private/var/db/MobileIdentityData

	echo '<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<array>
	</array>
	</plist>' > AuthListBannedUpps.plist
	cp -v AuthListBannedUpps.plist Rejections.plist
	cp -v AuthListBannedUpps.plist AuthListBannedCdHashes.plist
	cp -v AuthListBannedUpps.plist Indeterminates.plist

	chflags schg /private/var/db/MobileIdentityData/AuthListBannedUpps.plist
	chflags schg /private/var/db/MobileIdentityData/AuthListBannedCdHashes.plist
	chflags schg /private/var/db/MobileIdentityData/Indeterminates.plist
	chflags schg /private/var/db/MobileIdentityData/Rejections.plist
	chflags schg /private/var/protected/trustd/private/ocspcache.sqlite3*
	```
	then reboot

	glhf
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>PayloadContent</key>
	<array>
	<dict>
	<key>DNSSettings</key>
	<dict>
	<key>DNSProtocol</key>
	<string>HTTPS</string>
	<key>ServerURL</key>
	<string>https://hi.hi</string>
	<key>SupplementalMatchDomains</key>
	<array>
	<string>ocsp.apple.com</string>
	<string>ocsp2.apple.com</string>
	<string>valid.apple.com</string>
	<string>crl.apple.com</string>
	<string>certs.apple.com</string>
	<string>appattest.apple.com</string>
	<string>vpp.itunes.apple.com</string>
	</array>
	</dict>
	<key>OnDemandRules</key>
	<array>
	<dict>
	<key>Action</key>
	<string>Connect</string>
	</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Anti Revoke</string>
	<key>PayloadIdentifier</key>
	<string>dev.mineek.haxx.antirevoke</string>
	<key>PayloadOrganization</key>
	<string>Mineek</string>
	<key>PayloadType</key>
	<string>com.apple.dnsSettings.managed</string>
	<key>PayloadUUID</key>
	<string>BC9E70D8-8828-4AC7-946E-76F65A5CC66F</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	</dict>
	<dict>
	<key>DNSSettings</key>
	<dict>
	<key>DNSProtocol</key>
	<string>HTTPS</string>
	<key>ServerURL</key>
	<string>https://hi.hi</string>
	<key>SupplementalMatchDomains</key>
	<array>
	<string>gdmf.apple.com</string>
	</array>
	</dict>
	<key>OnDemandRules</key>
	<array>
	<dict>
	<key>Action</key>
	<string>Connect</string>
	</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>No OTA updates</string>
	<key>PayloadIdentifier</key>
	<string>dev.mineek.haxx.nootaupdates</string>
	<key>PayloadOrganization</key>
	<string>Mineek</string>
	<key>PayloadType</key>
	<string>com.apple.dnsSettings.managed</string>
	<key>PayloadUUID</key>
	<string>F524F2C2-C82F-44E2-8AA4-C4565010F0D9</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	</dict>
	<dict>
	<key>DNSSettings</key>
	<dict>
	<key>DNSProtocol</key>
	<string>HTTPS</string>
	<key>ServerURL</key>
	<string>https://hi.hi</string>
	<key>SupplementalMatchDomains</key>
	<array>
	<string>ppq.apple.com</string>
	</array>
	</dict>
	<key>OnDemandRules</key>
	<array>
	<dict>
	<key>Action</key>
	<string>Connect</string>
	</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Anti Revoke PPQ</string>
	<key>PayloadIdentifier</key>
	<string>dev.mineek.haxx.antirevokeppq</string>
	<key>PayloadOrganization</key>
	<string>Mineek</string>
	<key>PayloadType</key>
	<string>com.apple.dnsSettings.managed</string>
	<key>PayloadUUID</key>
	<string>19EF686F-4D7A-412B-86C0-9F5EC240F59B</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	</dict>
	<dict>
	<key>DNSSettings</key>
	<dict>
	<key>DNSProtocol</key>
	<string>HTTPS</string>
	<key>ServerURL</key>
	<string>https://hi.hi</string>
	<key>SupplementalMatchDomains</key>
	<array>
	<string>example.com</string>
	</array>
	</dict>
	<key>OnDemandRules</key>
	<array>
	<dict>
	<key>Action</key>
	<string>Connect</string>
	</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Example Domain</string>
	<key>PayloadIdentifier</key>
	<string>dev.mineek.haxx.blockexample</string>
	<key>PayloadOrganization</key>
	<string>Mineek</string>
	<key>PayloadType</key>
	<string>com.apple.dnsSettings.managed</string>
	<key>PayloadUUID</key>
	<string>D133BF48-EDFB-4076-9363-C2B973FDD0F1</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	</dict>
	</array>
	<key>PayloadDescription</key>
	<string>
	\|\---/\|
	\| o_o \|
	\_^_/
	</string>
	<key>PayloadDisplayName</key>
	<string>Haxx ( ͡° ͜ʖ ͡°)</string>
	<key>PayloadIdentifier</key>
	<string>dev.mineek.haxx</string>
	<key>PayloadOrganization</key>
	<string>Mineek</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>4B1060D0-B77D-4101-BFFD-245480C8DC50</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	</dict>
	</plist>