- Install PwnageTool 4.2
- iOS 4.3.1 for your iDevice
- iTunes 10.2.1
- Mac OS X
- tetheredboot utility
- PwnageTool bundle for iOS 4.3.1 (includes Universal Ramdisk Fixer) (For TETHERED Jailbreaks)
- PwnageTool 4.3 (ONLY for UNTETHERED Jailbreaks)
Before you begin, please read the following carefully:
- Jailbreak also Hacktivates your iPhone 4.
- There is no unlock for the new baseband on iOS 4.3.1.
- iPad 2 users on iOS 4.3 should stay away from iOS 4.3.1 for the meantime.
- This is a Tethered Jailbreak.
- Your baseband will not be touched or upgraded during restore process.
Phase I: Modifying the PwnageTool for iOS 4.3.1 Jailbreak
Step 1: Extract the pwnagetool bundle .zipuse the bundle corresponding to your device.e.g. for iPhone 4 use iPhone3,1_4.3.1_8G4.bundle. Select this bundle and move to desktop.
2: Goto /Applications > PwnageTool right click >Show package contents and Navigate to Contents/Resources/FirmwareBundles/ and paste iPhone3,1_4.3.1_8G4.bundle file in this location. Your pwnage tool is now ready.
Phase II Creating Custom RAM disk
3: From the PwnageTool bundle package locate “Universal Ramdisk Fixer” and install it.
Phase III: Building Custom iOS 4.3.1 Firmware
4: Download iOS 4.3.1 dor your device (google it) and start PwnageTool in “expert mode”. Select your device from the pictures.
5: Browse for iOS 4.3.1 firmware for your device and then select “build” to create custom 4.3.1 firmware file and wait for the process to finish.
Phase IV: Restoring custom iOS 4.3 Firmware to your device.
6: Bring your device to DFU mode. Use the instructions below:
- Hold Power and Home buttons for 10 seconds
- Now release the Power button but continue holding the Home button for 10 more seconds
- You device should now be in DFU mode
7: Open iTunes and restore using the custom firmware you prepared in Phase III. Be patient while your device is restored. After the process is over your iOS device will be jailbroken on iOS 4.3.1.
Phase V: Booting in Tethered Mode
As there is no untethered jailbreak for iOS 4.3.1 yet, we will have to boot it into a tethered jailbroken state.
8: Unzip tetheredboot utility and copy two files from the custom iOS 4.3.1 firmware namely: kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu. Hint: you can rename your custom iOS 4.3.1 from .ipsw to .zip and extract.
Copy kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu files from /Firmware/dfu/ to tetheredboot folder.
9: Power off your iOS device and run terminal on your mac.
tetheredboot iBSS.n90ap.RELEASE.dfu kernelcache.release.n90
Replace “fx” with your user.
NOTE: If the above fails, try ‘tetheredboot -i ibss -k kernel’ instead of ‘tetheredboot ibss kernel’:
You should now see some code running in the Terminal window, at some point, it will ask you to enter DFU mode. Follow the same steps as earlier for DFU mode.
Now wait for your device to boot, Terminal at this point will be showing “Exiting libpois0n” message. After some processing and wait, your iOS device will be booted in a jailbroken tethered mode. enjoy!