- If you're patching the kernel after it has already booted, you can (but need not) skip patches with names starting with "-".
- apply_patchfile patches the kernel to start /sbin/lunchd instead of launchd. You can remove that, but the idea is that the filesystem looks like this:
/sbin/launchd: untether exploit that execs /sbin/lunchd
/sbin/lunchd: a script that execs /sbin/launchd.real with DYLD_INSERT_LIBRARIES set to the dylibs in /Library/LaunchExtensions; this may be used in the future by MobileSubstrate
/sbin/launchd.real: the original /sbin/launchd
This is the lunchd script:
#!/bin/bash
shopt -s nullglob
dylibs=$(for dylib in /Library/LaunchExtensions/*.dylib; do echo -n "$dylib:"; done)