环境:
1、Mac OS X 10.9.2
2、xcode 5.1.1
3、gcc 4.8
4、redsn0w 0.9.15b3
前提:
1、获取 iOS 4.3.3 的kernelcache,并解密
操作步骤:
1、修改 datautils0/sandbox.S 的19行,将“movs r2, #19”改为“movs r2, #1”
2、编译 datautils0,也可以从此处下载
3、制作内核Patch:./make_kernel_patchfile ./kernel-iPod4,1-v4.3.3.decrypted ./kernel-iPod4,1-v4.3.3.patch
4、应用内核Patch:./apply_patchfile ./kernel-iPod4,1-v4.3.3.decrypted ./kernel-iPod4,1-v4.3.3.patch ./kernel-iPod4,1-v4.3.3.patched
5、使用redsn0w引导Patch后的内核:/Applications/redsn0w.app/Contents/MacOS/redsn0w -i iPod4,1_4.3.3_8J2_Restore.ipsw -k kernel-iPod4,1-v4.3.3.patched
6、写demo测试,读取MobileSafari的Info.plist
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
NSString *safariInfoFilePath = @"/Applications/MobileSafari.app/Info.plist";
NSDictionary *infoContent = [NSDictionary dictionaryWithContentsOfFile:safariInfoFilePath];
NSLog(@"-------->%@", infoContent);
self.window = [[[UIWindow alloc] initWithFrame:[[UIScreen mainScreen] bounds]] autorelease];
// Override point for customization after application launch.
self.window.backgroundColor = [UIColor whiteColor];
[self.window makeKeyAndVisible];
return YES;
}
===========================================
接下来找时间详细得读读 datatuils0 的代码。
.