Does jailbreaking break Pythonista out of the iOS sandbox?
If you jail break your phone, can you write to the filesystem using pythonista, install pip, etc? The iOS 7 jailbreak news just got me curious.
I don't think omz would like there to be too much discussion about Pythonista and jailbreaking, as such conversation may spook Apple. I'll discuss some of my thoughts, but feel free to delete this post (fortunately, however, my conclusion works in Pythonista's favor).
Without going into too much detail, the easiest way to "break out" of the sandbox would be to run the app as
root. In order to run an app as
root, the app must be built in a certain way (see this stackoverflow question). Presumably, only the app developer, who has access to the source code, can make these modifications. Therefore, we are not able to run the app itself as
root, and we cannot break out of the iOS sandbox. For more detailed information about how the iOS sandbox works, see saurik's description of the jailbreak patching process on Hacker News. In short:
App Store applications on jailbroken devices still cannot snoop into your keychain, mail, or the data stored for other applications such as Facebook. They do have access to your camera roll, but that is true of non-jailbroken devices as well (this is fixed on iOS 6).
We can gain some advantages on a jailbroken device, however. You may try symlinking directories within the Pythonista app to other areas of the filesystem, but I doubt the sandbox would let Pythonista access the filesystem that way. (EDIT: I tried this, and Pythonista can browse the filesystem, but you cannot create or modify files outside of the sandbox.) You can launch Pythonista scripts via url, so you can set up cronjobs and launch daemons which run scripts in Pythonista. Perhaps most interestingly, with root access you can install Python 2.7.3 on your device (download the .deb here), and make use of Pythonista as a top-of-the-line IDE. (I also have some python packages available here which worked on the 2.6 iOS python build.) You may be able to make Pythonista run persistently in the background, but not sure about that one.
With access to the iOS filesystem, take a look in
Pythonista.app/pylib, and you'll find a bunch of python modules and scripts which may be of use. It seems that omz implements the iOS modules using open-source "wrappers" located in the
pylibdirectory which provide front ends to the actual closed-source modules (I wasn't able to find Pythonista's iOS modules (
_contacts, etc.), so I think they are compiled as part of the app binary along with Pythonista's python distribution). Even so, you can try to import Pythonista's modules (e.g.
pylib/notification.py) from the system python distribution and see if they work. (EDIT: Just tried this, and indeed python cannot find the underscored modules. However, if you run the python REPL in the
Pythonista.app/pylibdirectory, you can import any of the non-Pythonista modules included in the Pythonista distribution, like
bs4, etc. Additionally, since you have write access to the
pylibdirectory you could plausibly add your own modules to Pythonista.)
Again, because Pythonista is a great app I do not want to jeopardize its availability by broadcasting its uses on jailbroken devices, but I do think it can be extremely useful in this regard.
(I did find an easter egg though :-P)
I went away for vacation and forgot all about this — thanks a lot for the awesome (and timely) reply.
I know this is a bit late but:
Should do the trick
I'm a newbie to Python and iOS programming so use my advice at your own risk.
If you've jailbroken your phone and have installed iFile (search for it on Cydia), you can do two things that were crucial to me.
- Create symbolic links
If you create symbolic links, you can place the link inside the Pythonista sandbox and it will point elsewhere in the filesystem. These symbolic links will remain even after you restore a phone to its non jailbroken state.
- Change user priveleges for certain files.
I'm working on a jailbroken app that consolidates messages across multiple media. When jailbroken, I can access the sandboxes of other apps, but accessing the iOS AddressBook.db and sms.db is trickier. Using iFile, I changed the privileges on those files to "Read, Write, Execute" for everybody. Problem solved.
@alpinerunner I've been trying to change privaleges for files like the python2.7 folder to read, write, execute. Every time I reboot Pythonista, all of the privaleges then change back to their original state without changes.
Do you know how to fix this? Because I really want to have my Pythonista rooted so I can have my workflow improved.
@AtomBombed what method are you using to change the file permissions?
@Webmaster4o I have been using iFile, and tapping on the folder, and changing the group and permissions from there.
I've never jailbroken a device, mostly because of powerful apps like Pythonista. But isn't there something called
OpenSSHor something like that which will let you get a shell into your iOS device from a mac? If you use that, you could try
chmod -R <directory>. That might be more permanent. I have no idea.
There are Terminal "emulators" that I can get on Cydia (jailbreak store). Do you think those would work for SSHing into my own device right from there? Or does the connection need to be from a seperate computer?
No idea. Try it. Also do research on unix filesystems and how they work. I'm almost positive iOS is unix-based, which is also what powers Mac and Linux.
Yes. iOS is Unix-operated. There are things like Unix-handling files, and in the Pythonista documentation for modules (global module index) it says in the time module (or a module similar to that, I can't remember) that it operates and works with Unix clocks and stuff like that.
@AtomBombed To ssh into a jailbroken device, you need install the OpenSSH server on the device first (via Cydia). Then you can ssh to the device from an iOS ssh app installed on the same device. I used to do that on earlier version of iOS. Many ssh apps are available. The one I used is called iSSH but has since demised. But there are many other, e.g. Serverauditor, Prompt2.
You can even ssh to it using just StaSh. The latest 0.6.3 version has a proper terminal emulation for ssh. So from stash, you can do
ssh --password SECRET root@localhost
If you haven't changed the password, the default password is