New fork of Santander file manager adds partial support for browsing & modifying /var contents

At the beginning of the 2023 year, we showed you a MacDirtyCow-based file manager project called Santander that would allow you to browse and make modifications to your iOS or iPadOS 15.x-16.1.2 device’s file system without a jailbreak.

Santander is a file manager app for devices using the MacDirtyCow bug.

Santander was originally made by @CoreSerena, and while the SantanderMacDirtyCow version we showed you earlier this year was forked by palera1n team member @mineekdev, another fork now being made available on GitHub dubbed SantanderEscaped by @haxi0sm appears to support making modifications to files in /var.

Citing a post shared to /r/jailbreak early Saturday morning, SantanderEscaped does allow users to access and modify files in /var, but not fully, as several limitations exist in the tccd exploit by @zhuowei that prevent extravagant changes from happening. More specifically, the exploit doesn’t change the entitlements of some folders residing in /var that would be required for making said modifications.

So while a lot of the contents found in /var will be both read and write accessible under the new SantanderEscaped build, a smaller number of contents won’t be, such as app containers, as pointed out by iOS developer Avangelista in a comment in the /r/jailbreak post. This limits what users can do in certain folders.

While it is a baby step, it’s a step in the right direction. With a simple exploit, the SantanderEscaped project allows for more file modifications than the version we showed you earlier this year, and it doesn’t require a jailbreak. Instead, it continues to rely on the MacDirtyCow exploit for iOS & iPadOS 15.x-16.1.2 devices, regardless of what chip resides within.

If you’re interested in learning more about the SantanderEscaped project, then you can view it on GitHub. Please note that the project is still considered to be in its beta stages, so bugs may be present.

Are you planning to take advantage of the upgraded Santander file manager now that it can access certain parts of /var? Let us know in the comments section down below.