Apple released firmware 4.3.1 for the iPod Touch 3G/ 4G, iPhone, and iPad. Now the Dev Team’s Pwnage Tool has been patched to jailbreak the iPhone 4 and iPad running iOS 4.3.1.
Pwnage Tool is only for Mac jailbreaking tool that works by restoring your iDevice to a custom firmware.
Before beginning to jailbreak, please check to make sure that your iTunes version is the current version, and make sure to backup your device. Those who are replying on an unlock MUST stay away.
iPad 2 users should NOT UPGRADE from 4.3 if they can avoid it.
Note: Do at your own risk. No one will be responsible for your action.
Step 1: Download the latest Pwnage Tool, similarly Download the Pwnage Tool bundle for iPhone and for iPad bundle here.
Step 2: Open the PwageTool 4.2.dmg and drag the PwnageTool.app to your /Applications folder. Then, right-click the PwnageTool.app and click Show Package Contents.
Step 3: Drag the “iPhone3,1_4.3.1_8G4.bundle” and/or the “iPad1,1_4.3.1_8G4.bundle” to “/Contents/Resources/FirmwareBundles/” inside the PwnageTool.app.
Repair the Ramdisk
Step 4: Download the Ramdisk Fixer and open the “Ramdisk Fixer_1.7.2.pkg” to do a standard installation to fix the PwnageTool ramdisk. I had originally installed the 1.7.1 version, and PwnageTool would not work with it.
Build a Custom Firmware
Step 5: If you haven’t already, download the 4.3.1 firmware for your device, download it through iTunes.
Drag the 4.3.1 firmware to your Desktop. If you downloaded via iTunes, the firmware is located at “/Users//Library/iTunes/iPad Software Updates/” for the iPad, and at “/Users//Library/iTunes/iPhone Software Updates/” for the iPhone.
Step 6: Open PwnageTool and select “Expert Mode” on the top left. Then, select which device you will be jailbreaking and click the arrow on the bottom right.
Step 7: Browse to the 4.3.1 firmware, which should be located at “/Users//Desktop/”.
Step 8: Select “Build” to assemble the custom firmware file.
Step 9: Select a location for the custom firmware and let PwnageTool do the rest.
Step 10: Use PwnageTool to enter DFU mode by following the steps as they appear. If you aren’t familiar, the steps are:
- Hold the Power and Home buttons for 10 seconds
- Release the Power button but keep holding the Home button for 10 seconds.
- Your device will now be in DFU mode
Step 11: Open iTunes. It will automatically detect your DFU device and ask you to restore. Hold “Option” while clicking “Restore” and browse to your custom firmware. iTunes will now begin to restore your device to the custom firmware.
Step 12: Let iTunes finish the restore, and when your device boots it will be jailbroken.
Boot Tethered
Step 13: Download Tetheredboot.zip and extract the file.
Step 14: Make a copy of your custom firmware on your desktop, and rename the extension to “.zip”. Then, extract the zip file.
iPhone 4
Navigate inside the extracted zip and copy the “kernelcache.release.n90″ from the root and the “iBSS.n90ap.RELEASE.dfu” from /Firmware/DFU/ to a new folder on your Desktop titled “tetheredboot”. Then, copy the “tetheredboot” file to the same folder.
iPad
Navigate inside the extracted zip and copy the “kernelcache.release.k48″ from the root and the “iBSS.k48ap.RELEASE.dfu” from /Firmware/DFU/ to a new folder on your Desktop titled “tetheredboot”. Then, copy the “tetheredboot” file to the same folder.
Step 15: First, power off your iOS device. Then, open Terminal (Applications > Utilities > Terminal) and type “sudo -s” (minus quotes). After entering your password, drag and drop each of the three files into Terminal in the following order so that it shows in Terminal like so and hit enter.
iPhone 4
/Users//Desktop/tetheredboot/tetheredboot
/Users//Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu
/Users//Desktop/tetheredboot/kernelcache.release.n90
If that doesn’t work after Step 16, try
/Users//Desktop/tetheredboot/tetheredboot -i
/Users//Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu -k
/Users//Desktop/tetheredboot/kernelcache.release.n90
iPad
/Users//Desktop/tetheredboot/tetheredboot
/Users//Desktop/tetheredboot/iBSS.k48ap.RELEASE.dfu
/Users//Desktop/tetheredboot/kernelcache.release.k48
If that doesn’t work after Step 16, try
/Users//Desktop/tetheredboot/tetheredboot -i
/Users//Desktop/tetheredboot/iBSS.k48ap.RELEASE.dfu -k
/Users//Desktop/tetheredboot/kernelcache.release.k48
Step 16: Put your device into DFU mode using the same steps as before.
- Hold the Power and Home buttons for 10 seconds
- Release the Power button but keep holding the Home button for 10 seconds
- You device should now be in DFU mode
When you see “Exiting libpois0n”, it means the exploit worked correctly. If it froze along the way, try the alternate lines from Step 15.
Cydia will now launch, and your device is now jailbroken on 4.3.1.
