Blog

Download the following tools before you start the actual jailbreak process:

* Download latest iTunes 10.2.1 and install it on your Mac machine.
* Download PwnageTool
* Download PwnageTool bundles
* Download Universal Ramdisk Fixer
* Download iOS 4.3 final version

Part 2: Patching / Modifying PwnageTool using custom bundles

Since official Pwnagetool doesn’t support iOS 4.3, we have to modify it using the custom PwnageTool bundles.

Step 1: Right click on the PwnageTool which you download in Par-1 and then click on “Show Package Contents”.

Step 2: Navigate to this path /Contents/Resources/FirmwareBundles and put the bundle folder which you downloaded for your device in Part 1 in this location.

Step 3: Close the folder.

Part 3: Patching Ramdisk

Now we have to fix the broken PwnageTool ramdisk process to support iOS 4.3.

Step 1: Launch Universal Ramdisk Fixer.

Step 2: Follow the simple on-screen instruction to fix the ramdisk.

Part 4: Creating Custom iOS 4.3

Step 1: Launch the updated iTunes.

Step 2: Back up your device.

Step 3: Launch modified PwnageTool.

Step 4: Now select your iPhone and click the blue arrow to continue.

Step 5: Browse for iPSW file (iOS 4.3) which you have already downloaded in Part 1. (Make it sure that iPSW file is placed on desktop)

Step 6. Now hit the Build button to cook the custom firmware and save it on your PC.

Part 5: Restoring iOS 4.3 Custom Firmware

Put your iPhone into DFU mode. PwnageTool will help you in this process. Follow the onscreen instructions for this purpose.

* Hold Power and Home buttons for 10 seconds
* Now release the Power button but continue holding the Home button for 10 more seconds
* You device should now be in DFU mode

After the iPhone is in DFU mode, launch iTunes and it will tell you it has found an iPhone in recovery mode. Press OK to continue.

To install the custom cooked firmware, press the Alt/Option key and click on “Restore” in iTunes.

Now wait for few minutes until iTunes does its job. The iPhone will reboot after it has been restored successfully.

Part 6: Booting the Device in Tethered Boot

Since iOS 4.3 jailbreak is tethered, we will have to connect the device with PC and use a software “tetheredboot” to boot it into a tethered jailbroken state.

Tetheredboot utility requires two files from iOS 4.3 to do its jobs. The names of those files are

* kernelcache.release.n90,
* and iBSS.n90ap.RELEASE.dfu.

To get these files, change the extension of iOS 4.3 from .ipsw to .zip and extract it. You will find them under /Firmware/dfu/ folder.

Put all these files and tetheredboot utility into a new folder on desktop and name it “tetheredboot”.

Method 1 to Invoke Tethered Boot:

Start terminal and run the following commands:

sudo -s

type your admin password and run:

/Users/aamirusman/Desktop/tetheredboot/tetheredboot
/Users/aamirusman/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu
/Users/aamirusman/Desktop/tetheredboot/kernelcache.release.n9

Replace “aamirusman” with the name of user on your Mac machine and “Desktop” with name of location where you placed the “tetheredboot” folder.

When you are asked to put your device into DFU mode, follow the same method you used in Part 5. After a short period of time you will see “Exiting libpois0n” in the terminal windows which indicates your iPhone, iPad, iPod Touch will be booted within few moments.

Method 2 to Invoke Tethered Boot:

Put your device into DFU mode. Open the terminal and run the following commands.

cd /Users/username/Desktop/Tetherboot/
./tetheredboot iBSS.n90ap.RELEASE.dfu kernelcache.release.n90