[实验]通过内核Patch去掉iOS-v4.3.3的沙盒特性

环境：

1、Mac OS X 10.9.2

2、xcode 5.1.1

3、gcc 4.8

4、redsn0w 0.9.15b3

前提：

1、获取 iOS 4.3.3 的kernelcache，并解密

操作步骤：

1、修改 datautils0/sandbox.S 的19行，将“movs r2, #19”改为“movs r2, #1”

2、编译 datautils0，也可以从此处下载

3、制作内核Patch：./make_kernel_patchfile ./kernel-iPod4,1-v4.3.3.decrypted ./kernel-iPod4,1-v4.3.3.patch

4、应用内核Patch：./apply_patchfile ./kernel-iPod4,1-v4.3.3.decrypted ./kernel-iPod4,1-v4.3.3.patch ./kernel-iPod4,1-v4.3.3.patched

5、使用redsn0w引导Patch后的内核：/Applications/redsn0w.app/Contents/MacOS/redsn0w -i iPod4,1_4.3.3_8J2_Restore.ipsw -k kernel-iPod4,1-v4.3.3.patched

6、写demo测试，读取MobileSafari的Info.plist

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
    NSString *safariInfoFilePath = @"/Applications/MobileSafari.app/Info.plist";
    NSDictionary *infoContent = [NSDictionary dictionaryWithContentsOfFile:safariInfoFilePath];
    NSLog(@"-------->%@", infoContent);

    self.window = [[[UIWindow alloc] initWithFrame:[[UIScreen mainScreen] bounds]] autorelease];
    // Override point for customization after application launch.
    self.window.backgroundColor = [UIColor whiteColor];
    [self.window makeKeyAndVisible];
    return YES;
}

===========================================

接下来找时间详细得读读 datatuils0 的代码。

.