Reputation: 1499
iOS - Accessing filesystem outside sandbox on a jailbroken device
I'm developing an app using theos [application_swift] and would like to gain access to the filesystem, outside the sandbox.
To my understanding, using the [application_swift] with theos should enable me to access files outside the sandbox, but I've tried using FileManager.default.fileExists(atPath:) to access the file I like and the result was that the file was not found.
Worth mentioning I'm obviously running on a jailbroken device running 11.2.
Am I missing something?
Upvotes: 4
Views: 3836
Answers (4)
Reputation: 4095
I like your plist permisson change. If you want an alternative, like @Creker said, try stat or access from C.
I have seen your problem, when trying to detect a Frida running on a jailbroken device:
NSString *frida_on_filesystem = @"/usr/sbin/frida-server";
NSURL *theURL = [ NSURL fileURLWithPath:frida_on_filesystem isDirectory:NO ];
NSError *err;
if ([ theURL checkResourceIsReachableAndReturnError:&err] == YES )
return YES;
if ( err != NULL ) {
NSLog(@"[*]🐝Error in file check: %ld", (long)err.code);
if ( err.code == 257 )
NSLog(@"[*]🐝Sandbox permission error.");
}
FILE *file;
file = fopen(frida_on_filesystem.fileSystemRepresentation, "r");
if ( !file )
NSLog(@"[*]🐝if ObjC APIs fails, fopen also failed!");
but then access() - which loads from libsystem_kernel.dylib - works:
return (access(frida_on_filesystem.fileSystemRepresentation, F_OK) == 0) ? YES : NO;
Upvotes: 0
Reputation: 1499
I've been able to solve this issue by adding com.apple.private.security.no-container to my entitlements file and adding them using codesign.
codesign --entitlements app.entitlements -f -s "iPhone Developer: xxxxxxxxxxxxxxxxx" MyApp.app
Upvotes: 4
Reputation: 304
If you're still looking for the answer to this, you must add the com.apple.private.security.no-sandbox entitlement to your app.
Upvotes: 0
Reputation: 9570
Jailbreak doesn't open everything to everyone, that's not how it works in general and could open different things depending on specific jailbreak. For example, electra on iOS 11 allows me to read SMS database from inside a regular app. But I still can't read someone else's sandbox. It all depends on how jailbreak is implemented and what it patches inside the kernel. It could even be that you can't access anything outside of the sandbox. That's actually would be preferable to preserve security of AppStore apps.
It could also be much simpler - Swift knows which paths you shouldn't try to access and throws an error without even actually trying to access them. Try to access the files with C or Objective-C as these are proven to work without any artificial restrictions.
Upvotes: 2
Related Questions
- View the file system of iPad/iPhone to verify saved files
- File access in a sandboxed Mac app with swift
- Is there any way currently to browse an App Folder / App Sandbox on an iOS device with iOS 9
- Browse for sandbox files iOS device
- Cocoa: read files outside sandbox
- Access iOS filesystem without jailbreak?
- Accessing and using the files in the app sandbox
- Storing file out of sandbox in iphone or Accessing filesystem by other applications
- How do I access the filesystem outside of the sandbox on a jailbroken iOS device?
- iphone 4.0 OS. Is it possible to read the file system beyond the application sandbox?