Root filesystem access

[CCRDude]

After Delphi XE7 trial serials were sent without requesting them, I wasted a few days to try Delphi to enter iOS. Neither their own components nor the (better) DPF native components brought me where I felt okay with it.

I then thought about pas4mobile, but I disliked them for wanting to sell a modified Lazarus.

Finally, I came around to simonsayz' work. Worth more than all other documentation I read before combined, his helped me set up a working compiler on an older Mac. Demo runs fine.

Anyway... arriving at my first question: apps are sandboxed, but I want to (need to) develop for jailbroken phones... how is it possible to access the root file system from a standard FPC app?

[Jonas Maebe]

"jailbroken" does not mean "any application becomes a rootkit or gets the ability to spy on all user files". In fact, some jailbreaks even patch exploits that allow applications to escape the sandbox.

That said, there are presumably ways to specify entitlements or permissions for an application so that it has more access, but those are definitely not FPC or Lazarus specific. Once you have those permissions (I can't help you with that), you should be able use the regular FPC api's (system.assign/sysutils.fileopen) to access such files.

[CCRDude]

Many thanks for the reply

In fact, I'm not trying to write a rootkit or spy on anyone, I don't care the tiniest bit about user data. On the contrary, I'm an anti-malware developer with a long record of working against the type of software you describe. If you need some kind of proof, just specify.

I know roughly what jailbroken means, having jailbroken since iOS 1.03. But I didn't went further than changing my SSH password and installing PMP, Firewall iP and Adblocker, my attempts at own code are dated back to the inofficial iPhone SDK 2.0 Windows toolchain and didn't go deeper into the system back then. My assumption is that on a jailbroken device, I can let UI apps run as root instead of mobile, I think that's what iFile does.

Point is: our windows anti-malware software is taking up most resources, and I'm trying to evaluate how difficult it would be to wrap something together that does at least flag some standard Cydia repository monitoring apps (conversion of Cydia package name to rules for our signature language is about done) as a start to persuade my team to invest more time in this direction. Not a commercial route (our Windows anti-malware is free for personal use as well), but because I can't stand the spying crap on the iPhone I use.

So... if you have more information you could share with one of the "good guys" (perhaps by PM since it's probably sensible to not post instructions how to write rootkits in FPC in the public, I agree on that), I would be thankful, but I'm already thankful for giving me a few more hints for asking a search engine

[Jonas Maebe]

When I wrote "I can't help you with that" it wasn't because I assumed that you want to write malware, but literally because I can't: I don't know how to do that. But again, this is not FPC/Lazarus-specific in any way.

[CCRDude]

Okay, understood

Except that it is... according to this StackOverflow question, it for example involves calling setuid() and setgid(), which are probably ObjC wrappers around  the two syscalls with the same name:

Code: [Select]

  syscall_nr_setgid            = 46 ; // Implemented via setregid() in SunOS
  syscall_nr_setuid            = 105;
Which need to get called some way or another, of which I don't know how to do it in FPC. Probably using SysCall, but the name oldlinux is irritating me. Granted, SysCalls are a wrapper around system calls, but the FPC implementation is kind of FPC specific

Well, I'll play around with that the next time.

[Jonas Maebe]

setgid and setuid are low level libc functions. Most such functions are exposed via the baseunix and unix units, prefixed with "fp". E.g. http://www.freepascal.org/docs-html/rtl/baseunix/fpsetgid.html and http://www.freepascal.org/docs-html/rtl/baseunix/fpsetuid.html