Results

See more...

Jailbreak iOS 4.2.1 GM on iPad with PwnageTool Bundle [How-To Guide]

A new iPhone hacker named Johnny Franks (@0xjohnny) just released PwnageTool bundle to jailbreak iOS 4.2.1 GM on iPad (Wifi+3G) model. For those who don't know, Apple released iOS 4.2.1 GM to fix issues related to Exchange and the audio devices. You can use this bundle to patch PwnageTool 4.1.2 which then can be used to jailbreak iOS 4.2.1 on iPad using the procedure below.

iPad 4.2.1 GM PwnageTool bundle
Cydia on Jailbroken iOS 4.2.1 GM for iPad

Steps to Patch PwnageTool 4.2.1 with PwnageTool Bundle:

*Find download links at the end of post

  1. *Download PwnageTool 4.2.1 for Mac OS X
  2. *Download iPad iOS 4.2.1 GM PwnageTool bundle
  3. *Download iOS 4.2.1 GM IPSW for iPad
  4. Place PwnageTool 4.2.1 (PwnageTool), PwnageTool bundle file (iPad1,1_4.2.1_8C148.bundle) and iOS 4.2.1 GM IPSW for iPad (iPad1,1_4.2.1_8C148_Restore.ipsw) on your desktop or in one directory.
  5. Jailbreak iOS 4.2.1 GM on iPad

  6. Right-click on PwnageTool and select Show Package Contents
  7. Jailbreak iOS 4.2.1 GM on iPad

  8. Now navigate to Contents/Resources/ and drag or copy PwnageTool bundle file (iPad1,1_4.2.1_8C148.bundle) in FirmwareBundles directory as shown in the screenshot below:
  9. Jailbreak iOS 4.2.1 GM on iPad

  10. Once done, launch the PwnageTool and select iPad, Apple TV 2G option as shown in the screenshot below:
  11. Jailbreak iOS 4.2.1 GM on iPad

  12. Now PwnageTool will detect iPad iOS 4.2.1 GM IPSW automatically. If it fails to detect, go to Expert mode and browse to the IPSW you downloaded in step 3 manually.
  13. Jailbreak iOS 4.2.1 GM on iPad

  14. Now wait while PwnageTool cooks iOS 4.2.1 GM custom IPSW which will jailbreak your iPad on iOS 4.2.1 GM when restored through iTunes.
  15. Jailbreak iOS 4.2.1 GM on iPad

  16. Once done, connect your iPad to your Mac through USB cable and hold down the Power and Home button simultaneously for 10 seconds, after 10 seconds release the Power button but continue holding the Home button until PwnageTool detects your iPad in DFU mode.
  17. Jailbreak iOS 4.2.1 GM on iPad

  18. Thats it! Now you can iOS 4.2.1 custom IPSW (iPad1,1_4.2.1_8C148_Custom_Restore.ipsw) on your desktop as shown in the screenshot below:
  19. Jailbreak iOS 4.2.1 GM on iPad

Steps to Restore iOS 4.2.1 GM Custom IPSW Through iTunes:

Select Device from iTunesOnce you have successfully created the iOS 4.2.1 GM custom IPSW through PwnageTool and your iPad is in DFU mode, launch iTunes and click on the name of the device from the side panel to view the summary page.
Restore Through iTunes
Now you will see two buttons, Check for Updates and Restore. Hold down the ALT key (SHIFT for Windows) and click on the Restore button to browse for iOS 4.2.1 GM custom IPSW file you just created with the patched version of PwnageTool 4.1.2
Restore Through iTunes
Now wait until iTunes restores the custom cooked iOS 4.2.1 GM IPSW on your iPad. If you see iTunes error 1004 or 1015 during the restore, don't panic because the firmware restore on your device is now complete. All you need is to kick your device out of recovery mode by using RecBoot or TinyUmbrella software.

Steps to Boot into Jailbroken State After iOS 4.2.1 Custom IPSW Restore:

  1. Download tetheredboot file by msft_guy from here.
  2. Create a new folder on desktop and rename it to tetheredboot.
  3. Place the tetheredboot file you downloaded in step 1 in the directory you created in step 2.
  4. Download and install LibUSB for Mac OS X (Tiger (10.4.x) | Leopard (10.5.x) | Snow Leopard (10.6.x))
  5. Put your device into Recovery mode by using Recboot. Download Recboot from here.
  6. Rename iOS 4.2.1 custom IPSW from iPad1,1_4.2.1_8C148_Custom_Restore.ipsw to iPad1,1_4.2.1_8C148_Custom_Restore.zip and extract the contents on the desktop.
  7. IPSW to ZIP

  8. Open iPad1,1_4.2.1_8C148_Custom_Restore directory and copy kernelcache.release.k48 to tetheredboot directory.
  9. kernelcache.release.k48 File

  10. Similarly navigate to /Firmware/dfu/ and copy iBSS.k48ap.RELEASE.dfu to tetheredboot directory.
  11. iBSS.k48ap.RELEASE.dfu File

  12. Now you should have 3 files in tetheredboot directory as shown in the screenshot below:
  13. Tetheredboot Directory

  14. Rename kernelcache.release.k48 to "kernel" and iBSS.k48ap.RELEASE.dfu to "iBSS"
  15. Kernel & iBSS Renamed

  16. Now open Terminal app on Mac OS X and type the following set of commands:
  17. sudo sh
    cd ~/Desktop/tetheredboot
    ./tetheredboot iBSS kernel

    You will see some code running in the window, and then it will say that the device needs to be in DFU mode to continue. So, while the process is still running in Terminal, put the device into DFU mode.

    Once it’s correctly put into DFU mode, the tetheredboot program will do the rest for you. It will upload the kernel and iBSS, and then boot of the patched kernel. Click here for full terminal log.

Steps to Patch Cydia on iOS 4.2.1 GM for iPad:

Note that Cydia for iOS 4.2.1 GM is still broken. However you can patch the existing version of Cydia by using bspatch utility to make it work with iOS 4.2.1 GM by using the steps below:

  1. Download cy-3.zip from here and unzip it to find Cydia.patch file for iOS 4.2.1.
  2. SSH into your iPad (WinSCP | CyberDuck), navigate to /Applications/Cydia.app/ and place Cydia.patch file in Cydia_ directory.
  3. Open Terminal app on Mac OS X and use the following commands as shown in the screenshot below:
  4. apt-get install bsdiff
    cd /Applications/Cydia.app/
    cp Cydia_ Cydia.bak
    bspatch Cydia.bak Cydia_ Cydia.patch
    chmod +x+s /Applications/Cydia.app/Cydia_

    Cydia Fix on iOS 4.2.1

Download Links:

Download iTunes 10.1 for Windows & Mac OS X
Download PwnageTool 4.2.1 for Mac OS X
Download iPad iOS 4.2.1 GM PwnageTool bundle
Download iOS 4.2.1 GM IPSW for iPad (Developers Only)
[Update via @0xjohnny, Image via @0xjohnny, Cydia fix via 0xjohnnyiphone]

Update#1: Download Redsn0w 0.9.6b3 to Jailbreak iOS 4.2.1 GM on Windows & Mac OS X
Update#2: Download official PwnageTool 4.2 for untethered iOS 4.2.1 jailbreak on Mac
Update#3: Download Sn0wbreeze 2.2 for untethered iOS 4.2.1 jailbreak on Windows

Contact Us for News Tips, Corrections and Feedback

Related posts

10 comments
Leave a message...

  •  
    iXaier5 years, 10 months ago

    I’m stuck at part 8
    it didn’t detect the bundle in both ways Automatically and Expert : (

    btw, when i went to download PwnageTool 4.2.1, it says 4.1 instead of 4.2.1, is there any difference ???????

  •  
    jk5 years, 10 months ago

    i have to admit that your guide is a true step-by-step guide, and the best out there! congrats!

    However i have a question. When iPad is in DFU mode: i get this message in Terminal:

    sh-3.2# ./tetheredboot iBSS.k48p.RELEASE.dfu kernelcache.release.k48
    Initializing libpois0n
    No matching processes were found
    Waiting for device to enter DFU mode
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    Device must be in DFU mode to continue
    opening device 05ac:1227…
    Found device in DFU mode
    Checking if device is compatible with this jailbreak
    Checking the device type
    Identified device as iPad1,1
    Preparing to upload limera1n exploit
    Resetting device counters
    Sending chunk headers
    Sending exploit payload
    Sending fake data
    libusb:error [darwin_transfer_status] transfer error: timed out
    Exploit sent
    Reconnecting to device
    Waiting 2 seconds for the device to pop up…
    opening device 05ac:1227…

    and it stops here!!! according to the full log you provided it should say “Uploading ibss to device” right next.

    Any ideas what is going wrong? :S

    •  
      Wolverine5 years, 10 months ago

      Just leave it this method now. Download Redsn0w 0.9.6b3 from here and point it to iOS 4.2.1 GM for iPad. Use “Just boot tethered right now” option to boot your iPad into jailbroken state. Before that make sure to add SSH bundle so that you can patch Cydia by SSH’ing into your iPad later on.

  •  
    bobby5 years, 10 months ago

    can some one make me a custom ipsw for my ipad…64g non 3g..so i can use it on my pc..i have no mac just windows…thank you

  •  
    Antonello5 years, 10 months ago

    What i can do?
    I repatch kernel?

    •  
      Wolverine5 years, 10 months ago

      If your iPad is stuck at Apple logo then there must be a restore failure of some type. Try to restore again.

  •  
    Antonello5 years, 10 months ago

    If if i reboot ipad it will not load and still to apple logo!

    •  
      Wolverine5 years, 10 months ago

      Try to restore iPad again, AFAIK your iPad should boot normally (at-least) after iOS 4.2.1 custom IPSW restore.

  •  
    Piersoft5 years, 10 months ago

    Great guide, but only a question: ssh is natively insert to ipad by pwnage tool or in expert mode i have to insert deb file before ipws creation?

    •  
      Wolverine5 years, 10 months ago

      Once you will successfully boot into jailbroken state after custom IPSW restore, you will get access to SSH and APT automatically.