1

My installed App is signed with an Ad-hoc certificate. But it is designed only for jailbreak iPhones.

I try to directly read the SMS database in /var/mobile/Library/SMS/sms.db. But I found the app can't read it because the SandBox process denied the action. So my question is whether the SandBox is removed after the iPhone is jailbroken?

(And now I think the apps in /var/mobile/Applications/ are still restricted by the SandBox. The process of jailbreaking does not removed the SandBox in this directory?)

Nate
  • 31,017
  • 13
  • 83
  • 207
SgViTiNer
  • 118
  • 1
  • 10
  • After jailbreak, apps have full access to the file system, as does the internal mobile user. How are you attempting to open the file? Perhaps the method you use has hard-coded checks. – Léo Natan Apr 16 '13 at 00:45
  • Cocoa Touch methods will most likely disallow this. You need to use C calls. – borrrden Apr 16 '13 at 00:54
  • @borrrden I use such function.FILE *fp; fp=fopen("/var/mobile/Library/SMS/sms.db","r");but it failed to open.In the system log,I caught the SandBox denied info. – SgViTiNer Apr 16 '13 at 01:13
  • @LeoNatan So,what method should I use to avoid such problem?How Can I read the SMS database directly?thanks~ – SgViTiNer Apr 16 '13 at 01:17
  • 1
    @LeoNatan, that's not correct (or isn't the full story). Jailbroken phones still have a sandbox that's in use for /var/mobile/Applications apps. – Nate Apr 16 '13 at 08:36

3 Answers3

3

Unfortunately, you guessed correctly. On a jailbroken device, apps installed to the normal location (/var/mobile/Applications/) are still sandboxed (* see comments below).

The jailbreak does not completely remove the sandbox.

It allows you to run code that's not signed by valid Apple certificates. It therefore also allows you to install your app to different locations.

If you install your app to /Applications/, however, it will be able to read /var/mobile/Library/SMS/sms.db, as I describe in this answer. As a system app, you'll be outside the sandbox.

This has nothing to do with Objective-C, or Cocoa Touch, versus C APIs. It wouldn't be much of a sandbox if all you had to do was use well-known C I/O calls to escape it.

See this other similar answer (to a closed question), for some related discussion.

Update: see saurik's comments in this online thread. The summary is that different jailbreaks (e.g. evasi0n, Absinthe, redsn0w) can affect the sandbox in different ways. Saurik's recommendation is certainly that they not be removed entirely.

Community
  • 1
  • 1
Nate
  • 31,017
  • 13
  • 83
  • 207
  • Was typing my answer at the same time yours appeared ;) – newenglander Apr 16 '13 at 08:35
  • @Nate,thanks!But I found the SandBox is weakened by the process of jailbreak.Because,It won't deny my use of "fork" function,or some other functions that are relative with it.In a unjailbreak iphone,the functions I use are heavily restricted.even "execvl" is hooked by the MAC framework.So Thanks jailbreak any way!!+1 for you! – SgViTiNer Apr 19 '13 at 02:51
  • @SgViTiNer, that's right. If you [see my comment on this recent answer](http://stackoverflow.com/a/15897505/119114), `fork()` does work a bit differently on a jailbroken phone. You didn't ask about `fork()` in this question, though, only about reading a file outside the sandbox area. In that way, the sandbox **does** work the same way as on a jailed phone. But, you're right that there are some *other* differences, that people may care about for other reasons. I'll add a note in the answer to see your comment. – Nate Apr 19 '13 at 06:18
  • Also, if you read my answer, in the link at the bottom of the question, I do refer to the fact that there are small differences for a `/var/mobile/Applications/` app on a jailbroken phone. – Nate Apr 19 '13 at 06:25
  • @Nate,Thanks!I have seen your comment on that question!But,I think the Apple have no need to restrict app from downloading code.Because,sandbox will deny any invoking for dynamic link libraries.And,the app can't launch such code while fork and execv will failed in the SandBox.Do you think I am right? – SgViTiNer Apr 19 '13 at 14:21
1

I had this same problem while trying to read from the iPhone's serial port a while ago. Your guess is correct, even after jailbreak the regular App store apps in /var/mobile/Applications/ are still subject to sandbox restrictions. System apps are not subject to these restrictions and are found in the /var/stash/Applications/ (or I think in iOS 6 there's an identifier in the path), this is where jailbreak apps from Cydia are installed to.

Update: With the Cydia app iFile I can open the /var/mobile/Library/SMS/sms.db database and view the contents. And the Mobile SMS app has no special Entitlements files, so I think you should have no problems reading the SMS database if you place your app in the System apps directory.

newenglander
  • 2,019
  • 24
  • 55
  • ,thanks!But,it is exactly weakened by the jailbreak process.see my comment above.Is is some of my experience~I hope it will help you. – SgViTiNer Apr 19 '13 at 03:04
  • I added an extra bit of information. Are you starting your app from the `stash` directory for system apps? – newenglander Apr 19 '13 at 08:15
  • ,no!I install my app by using ad-hoc certificate,the ios will put such app in /var/mobile/Applications.So,I have no way to put it in the dir you mentioned above.But,I am sure it will work!Thanks any way! – SgViTiNer Apr 19 '13 at 14:01
  • I posted an update to my answer, that has an interesting link, with discussion from Saurik about differences in sandbox behaviour after jailbreaking. Just thought you might be interested. – Nate Apr 27 '13 at 09:58
0

There is actually a way around not being able to use sandbox accounts. If you reboot your jailbroken device and when the apple bootlogo is displayed you can hold down the volume up button to disable mobilesubstrate. This allows your device to start up like is was never jailbroken and sandbox is enabled. To go back to your jailbroken state just reboot. Simple as that!

aasatt
  • 600
  • 3
  • 16
  • This doesn't answer the question. The poster doesn't want to undo their jailbreak. They want to be able to escape the sandbox, not enforce it more strictly. – Nate Jul 24 '16 at 09:47