Results

See more...

Jailbreak iOS 4.3.1 on iPhone 4 with PwnageTool Bundles [How-To Guide]

DjayB6 (@DjayB6), the PwnageTool bundles creator who previously released PwnageTool bundles for iOS 4.3 has just released the bundles for iOS 4.3.1. By using these PwnageTool bundles, you can jailbreak iPhone 4 on iOS 4.3.1 while preserving your current baseband. Although the guide below is for jailbreaking iOS 4.3.1 on iPhone 4 but same guide can be used to jailbreak iOS 4.3.1 on iPhone 3GS, iPod Touch 4G and iPad with PwnageTool bundles.

PwnageTool (Main)

Notes:

  • It is a tethered jailbreak which means you have to use TetheredBoot Utility to boot your iPhone into tethered jailbroken state on every restart.
  • Ultrasn0w is broken on iOS 4.3.1 due to ASLR security feature by Apple. If you rely on unlock, do not use these bundles until Ultrasn0w Fixer for iOS 4.3.1 is released.
  • Hacktivation is supported and Cydia is fully working on iOS 4.3.1.

Prerequisites:

  • iTunes 10.2.1 [Download]
  • Stock iOS 4.3.1 IPSW for iPhone 4/3GS, iPod Touch 4G/3G, iPad 2/1st-Gen [Download]
  • PwnageTool 4.2 [Download | Direct Link]
  • PwnageTool Bundles for iOS 4.3.1:
  • Download iOS 4.3.1 PwnageTool bundle for iPhone 4 | Direct Mirror
    Download iOS 4.3.1 PwnageTool bundle for iPhone 3GS (Old Bootrom) | Direct Mirror
    Download iOS 4.3.1 PwnageTool bundle for iPhone 3GS (New Bootrom) | Direct Mirror
    Download iOS 4.3.1 PwnageTool bundle for iPod Touch 4G | Direct Mirror
    Download iOS 4.3.1 PwnageTool bundle for iPad | Direct Mirror

  • Ramdisk Fixer 1.7.1 for all iDevices [Download]
  • TethetedBoot Utility for Mac OS X [Download]

Steps to Add PwnageTool Bundle to PwnageTool 4.2:

  1. Create a new folder on your desktop and name it iOS 4.3.1 Jailbreak with PwnageTool. Put PwnageTool, Ramdisk Fixer, PwnageTool Bundle file and stock iOS 4.3.1 ISPW for your iDevice in this folder.
  2. Prerequisites

  3. Right-click on PwnageTool and choose Show Package Contents from the context-menu.
  4. PwnageTool (Show Package Contents)

  5. Now navigate to Contents/Resources/FirmwareBundles/ and copy the bundle file (iPhone3,1_4.3.1_8G4.bundle) to FirmwareBundles directory. Once done, close all opened windows of PwnageTool.
  6. PwnageTool (Firmware Bundles)

  7. After adding bundle, you need to move PwnageTool to /Applications directory.
  8. PwnageTool (Applications)

  9. Once done, you are ready to patch PwnageTool with Ramdisk Fixer.

Steps to Patch PwnageTool Ramdisk with Universal Ramdisk Fixer:

  1. Before using Ramdisk Fixer, make sure PwnageTool is present in your /Applications directory and firmware file (.IPSW) is present on your desktop.
  2. Run Ramdisk Fixer package and follow the on-screen instructions.
  3. Ramdisk Fixer (Launch)
    Ramdisk Fixer (Read Me)
    Ramdisk Fixer (Installation Location)
    During installation, Ramdisk Fixer will prompt you to enter your Administrator password. Just enter your Admin password and click OK button.
    Ramdisk Fixer (Enter Password)
    Installing Ramdisk Fixer
    Ramdisk Fixer (Installed)

  4. Thats it! When Ramdisk Fixer finishes the installation, click on Close button to exit Ramdisk Fixer app.

Steps to create iOS 4.3.1 Custom IPSW with PwnageTool 4.2:

  1. Launch PwnageTool, click on the Expert mode, select iPhone 3GS, 3G, 4 from the displayed options and click Next button to continue.
  2. PwnageTool (Select iDevice)

  3. Click on the Browse button and select stock iOS 4.3.1 firmware file present on your desktop.
  4. PwnageTool (Browse for IPSW)
    PwnageTool (Select iOS 4.3.1 IPSW)

  5. Click on the Build tab and hit the Next button.
  6. PwnageTool (Select Build)

  7. Choose Desktop as the save location and click on the Save button.
  8. PwnageTool (Select IPSW Name)

  9. Wait while PwnageTool cooks iOS 4.3.1 custom IPSW file for your iPhone. It may take a while, so be patient.
  10. PwnageTool (Building IPSW)

  11. During the creation of custom IPSW of iOS 4.3.1, PwnageTool might prompt you to enter your Administrator password.
  12. PwnageTool (Enter Password)

  13. Once PwnageTool has successfully created the custom IPSW of iOS 4.3.1 for your iPhone, connect your iPhone to your Mac through USB cable. Hold down the Power and Home button simultaneously for 10 seconds, after 10 seconds release the Power button but continue holding the Home button until PwnageTool detects your iPhone in DFU mode.
  14. PwnageTool (DFU Mode)

  15. Close the PwnageTool and follow the instructions below to restore iOS 4.3.1 custom IPSW on your iPhone. At this moment, you can find iOS 4.3.1 custom IPSW on your desktop.
  16. iPhone 4 » iPhone3,1_4.3.1_8G4_Custom_Restore.ipsw
    iPod Touch 4G » iPod4,1_4.3.1_8G4_Custom_Restore.ipsw
    iPod Touch 3G » iPod3,1_4.3.1_8G4_Custom_Restore.ipsw
    iPhone 3GS » iPhone2,1_4.3.1_8G4_Custom_Restore.ipsw
    iPad » iPad1,1_4.3.1_8G4_Custom_Restore.ipsw

Steps to Restore iOS 4.3.1 Custom IPSW on iPhone 4:

  1. Launch iTunes 10.2.1 and wait while it detects your iPhone in recovery mode.
  2. Click on your iPhone name from the side-panel to view the summary page.
  3. iPhone Name in iTunes

  4. You will see two buttons on the summary-panel i-e Check for Update and Restore. Hold down the ALT (Option) key (SHIFT key for Windows) and click on the Restore button.
  5. Select iOS 4.3.1 custom IPSW from your desktop and click Open to start the restore process.
  6. iOS 4.3.1 Restore Using iTunes

  7. Now wait until iTunes restores the custom cooked iOS 4.3.1 IPSW on your iPhone. Once done, your iPhone will restart automatically and it should be jailbroken on iOS 4.3.1 with fully working Cydia.

Steps to Boot iPhone 4 into Tethered Jailbroken State:

As told earlier, if you will lose the power of your iPhone due to low battery or any other reason, you will be needing to boot into a tethered jailbroken state using TetheredBoot Utility. To do so, follow the steps below:

  1. Download TetheredBoot.zip utility from here and extract the zip on your desktop.
  2. Create a copy of iOS 4.3.1 custom IPSW you just created with PwnageTool. Rename it from .IPSW to .ZIP and extract it on your desktop. Once done, open the extracted directory and copy two files namely kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu on your desktop.
  3. Extracting IPSW

  4. Create a new folder on your desktop and name it tetheredboot. Put kernelcache.release.n90, iBSS.n90ap.RELEASE.dfu, tetheredboot and itnl in this folder.
  5. TetheredBoot Utility

  6. Turn off your iPhone completely, open the Terminal app and use the command below:
  7. sudo -s

  8. After executing the above command, Terminal will prompt you for your Administrator password. Enter your Administrator password and use the command below:
  9. /Users/Jaxov/Desktop/tetheredboot/tetheredboot /Users/Jaxov/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu /Users/Jaxov/Desktop/tetheredboot/kernelcache.release.n90

    TetheredBoot Commands

  10. After executing the above commands, you will see some code running on your Terminal screen. After a while, you will be prompted to put your iPhone into DFU mode. Use the following steps to put your iPhone into DFU mode:
    • Hold down Home and Power button simultaneously for 10 seconds.
    • After 10 seconds, release the Power button but continue holding the Home button for another 10 seconds.
    • Now your iPhone should be in DFU mode.

    Now wait while your iPhone boots into a tethered jailbroken state. Once done, enjoy your iPhone 4 jailbroken on iOS 4.3.1 with fully working Cydia on it.

  11. If for some reason TetheredBoot Utility for Mac is not working, you can try TetheredBoot Utility on Windows.

Update#1: DjayB6 has updated Ramdisk Fixer to v1.7.2 for all iDevices [Get it here]
Update#2: Download PwnageTool Bundle to Jailbreak iOS 4.3.1 on iPhone 3GS
Update#3: Download PwnageTool Bundle to Jailbreak iPad on iOS 4.3.1
Update#4: Download PwnageTool Bundle to Jailbreak iOS 4.3.1 on iPod Touch 4G
Update#5: Jailbreak iOS 4.3.1 on Mac OS X Using Official PwnageTool 4.3 [Untethered]
[Source(s): Link1; Link3]

Contact Us for News Tips, Corrections and Feedback

Related posts

25 comments
Leave a message...

  •  
    anton lelaki5 years, 8 months ago

    i have try to following command, but the result is loss

    Password:
    bash-3.2# /Users/Jaxov/Desktop/tetheredboot/tetheredboot /Users/Jaxov/Desktop/tetheredboot/iBSS.n81ap.RELEASE.dfu /Users/Jaxov/Desktop/tetheredboot/kernelcache.release.n81
    bash: /Users/Jaxov/Desktop/tetheredboot/tetheredboot: No such file or directory
    bash-3.2#

    what should i do ?

    •  
      Wolverine5 years, 8 months ago

      Change “Jaxov” with your own usersname in the above command :) Also why are you trying tethered jailbreak when untethered jailbreak is already out? Get it here http://bit.ly/hEOyrT

      •  
        anton lelaki5 years, 8 months ago

        i had try to change “jaxov” with my own username, but the result :

        Password:bash-3.2# /Users/kholika/Desktop/tetheredboot/tetheredboot /Users/kholika/Desktop/tetheredboot/iBSS.n81ap.RELEASE.dfu /Users/kholika/Desktop/tetheredboot/kernelcache.release.n81
        Initializing libpois0n
        Waiting for device to enter DFU mode
        Device must be in DFU mode to continue
        Device must be in DFU mode to continue
        opening device 05ac:1227…
        Found device in DFU mode
        Checking if device is compatible with this jailbreak
        Checking the device type
        Identified device as iPod4,1
        Preparing to upload limera1n exploit
        Resetting device counters
        Sending chunk headers
        Sending exploit payload
        Sending fake data
        libusb:error [darwin_transfer_status] transfer error: timed out
        libusb:error [darwin_reset_device] ResetDevice: no connection to an IOService
        Exploit sent
        Reconnecting to device
        libusb:error [darwin_close] USBDeviceClose: no connection to an IOService
        Waiting 2 seconds for the device to pop up…
        opening device 05ac:1227…

        may you tell me please mr wolverine ? :)

  •  
    iMario5 years, 8 months ago

    Please help ive done everything followed the tutorial and this is frustrating me

    Initializing libpois0n
    No matching processes were found
    Waiting for device to enter DFU mode
    Device must be in DFU mode to continue
    opening device 05ac:1227…
    Found device in DFU mode
    Checking if device is compatible with this jailbreak
    Checking the device type
    Identified device as iPod4,1
    Preparing to upload limera1n exploit
    Resetting device counters
    Sending chunk headers
    Sending exploit payload
    Sending fake data
    libusb:error [darwin_transfer_status] transfer error: timed out
    Exploit sent
    Reconnecting to device
    libusb:error [darwin_close] USBDeviceClose: no connection to an IOService
    Waiting 2 seconds for the device to pop up…
    opening device 05ac:1227…
    bash-3.2#

  •  
    Cyrus Brands5 years, 8 months ago

    Hi i follow everything exactly but when restoring the custom firmware on my 3GS “New bootrom” itunes give me an error 29 and that he was unable to restore the devise “unknown error”. And i got stuck in the restore mode showing the itunes ICON with the USB. How ever I choose to try TetheredBoot Utility and got this,

    Initializing libpois0n
    No matching processes were found
    Waiting for device to enter DFU mode
    opening device 05ac:1227…
    Found device in DFU mode
    Checking if device is compatible with this jailbreak
    Checking the device type
    Identified device as iPhone2,1
    Preparing to upload limera1n exploit
    Resetting device counters
    Sending chunk headers
    Sending exploit payload
    Sending fake data
    libusb:error [darwin_transfer_status] transfer error: timed out
    Exploit sent
    Reconnecting to device
    Waiting 2 seconds for the device to pop up…
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    opening device 05ac:1281…
    Setting to configuration 1
    Setting to interface 0:0
    bash-3.2#

    And Again I’am in the Restore mode with the itunes Logo.
    Please coeld some one help me???? I’am not able to start my phone any more.

    •  
      Wolverine5 years, 8 months ago

      After restoring, you should not get stuck in recovery mode. This signals that either your custom IPSW is corrupted (Ramdisk not correctly patched) or you might have not restored the custom IPSW correctly. Just download the stable custom IPSW made with Sn0wbreeze 2.4b1 from here and use this guide to restore it.

      •  
        Cyrus Brands5 years, 8 months ago

        Thanks @ Wolverine, I will try this once again.

  •  
    RP5 years, 8 months ago

    Finished the jailbreak and now trying to tetherboot, but when administrator password is typed into terminal app, it says ‘sorry, try again’ tried it over and over again and still getting the same message, any help?

    •  
      Wolverine5 years, 8 months ago

      You are tying your administrator password wrong or root account is not enabled. Use guide at this site to change your root password or enable ur admin account.

  •  
    Cindy Nguyen5 years, 8 months ago

    i have a question. right after i type in my administrative password, pwnagetool quits and then opens this in safari http://www.iphone-privacy.com/
    can you tell me why?

    •  
      Wolverine5 years, 8 months ago

      You must be using Leopard? or Hackintosh? Leave all the mess and get the custom IPSW directly from here http://bit.ly/fdHmUZ

      •  
        Cindy Nguyen5 years, 8 months ago

        Alright if i get that how do i use it? do you have a guide for that also?

        •  
          Wolverine5 years, 8 months ago

          Yes, i do have a guide to restore custom IPSWs here http://bit.ly/hi3Bdu but do tell me your iPhone model and also if you rely on an unlocked iPhone or not? So that i may guide you which file to download.

          •  
            Cindy Nguyen5 years, 8 months ago

            It’s an iphone 3gs and no it’s not unlocked. i’ve gotten to the terminal part but i’m stuck there. after i type in everything this comes up

            dyld: unknown required load command 0x80000022
            Trace/BPT trap

          •  
            Wolverine5 years, 8 months ago

            It is because you are using Mac OS X 10.5.x (Leopard). To use TetheredBoot Utility, you must be running atleast Snow Leopard on your machine!

    •  
      RP5 years, 8 months ago

      Same thing happened to me, you may need to download the updated version of ramdisk fixer.

  •  
    AG5 years, 8 months ago

    hi and thanks for the post! i followed the intructions exactly how you wrote them and i ran into a couple problems. first, after i restored to the custom firmware after putting my iphone 4 in DFU mode, it wouldnt boot up, it would be stuck on the apple logo. Then i tried the tetheredboot and it worked. when it booted up cydia works perfectly fine except i noticed i cant make calls. do you have any suggestions? thanks

  •  
    femi5 years, 8 months ago

    Hello and thank you much for your post!!!!!! I used your instructions for ipod touch 4g for 4.3.1. I do have a question though… In step 23 i see kernelcache.release.n90 and iBSS.n81ap.RELEASE.dfu…. I don’t see iBSS.n90ap.RELEASE.dfu…. can u tell me where i went wrong??? Thanx!!!

    •  
      femi5 years, 8 months ago

      oh never mind, is see that it was right to begin with….. thanx!!!!!

      •  
        Wolverine5 years, 8 months ago

        Use iBSS.n81ap.RELEASE.dfu and kernelcache.release.n81 for iPod Touch 4G.

  •  
    martin5 years, 8 months ago

    hi,
    Thanks for your post.
    Please i have an iphone 3GS, new bootrom. I have followed the tutorial to the letter like 4 times now.
    My phone keeps getting stuck on the apple logo + spinning gear after installing the custom firmware created, all the time.
    I have to go back to 4.2.1. No problem with that.
    Has anyone tried this tutorial and gotten it to work on the 3gs new bootrom??.
    Would be grateful to know if the official pwnage tool is going to be released soon.
    Thanks in advance.

    •  
      Wolverine5 years, 8 months ago

      Thats because it is a tethered jailbreak. You have to use TetheredBoot Utility to boot your iPhone on every restart.