The iOS 4.3.1 has just been released for the iPod, iPhone and iPad. The moment it was released, it has been jailbroken. This was possible so quickly due to DjayB6 working on the jailbreak bundle for iOS 4.3.1, as well as with the use of Universal Ramdisk Fixer. Although jailbroken, this jailbreak is tethered. This means whenever you reboot, you will need to boot into the jailbroken state. It won’t be long before support for iPod Touch and iPhone 3GS is here.
Jailbreaking iOS 4.3.1 Using PwnageTool
For now if you wish to jailbreak iPhone 4’s iOS 4.3.1 with the help of PwnageTool 4.2 combined with tethered boot utility and Universal Ramdisk, just go through the steps given below.
The Seven Tools Needed to Jailbreak:
- PwnageTool 4.2
- Universal Ramdisk Fixer
- Tetheredboot utility
- iOS 4.3.1 firmware
- Mac OS X
- PwnageTool bundle for iOS 4.3.1
- iTunes 10.2.1
Imp:
- If your iPhone is dependent on a carrier unlock, make sure you DON’T update to iOS 4.3.1. The reason being, there is no unlock available on iOS 4.3.1 new baseband.
- Cydia works perfectly on iOS 4.3.1.
- Users on iPad 2 iOS 4.3 are suggested to wait for a while until we confirm, and keep a distance from iOS 4.3.1.
- While the restore process is on, there will be no upgradation to the baseband.
- This jailbreak is semi-tethered.
- There is support for Hacktivation.
Here are the Steps to Modify The PwnageTool
STEP #1: Based on the version of iOS device you use, Download the PwnageTool bundle. It is a .zip folder that also contains the Universal Ramdisk Fixer. Once unzipped, you will find the appropriate .bundle file. It will be iPhone3,1_4.3.1_8G4.bundle which is an iPhone 4 bundle. You simply have to save it on your desktop.
STEP #2: You will have to Download (below links) the PwnageTool 4.2. Open the Applications directory and copy the PwnageTool to that directory. By right clicking, then click “Show Package Contents”.
STEP #3. Navigate to Contents/Resources/FirmwareBundles/ and paste iPhone3,1_4.3.1_8G4.bundle file in this location.
How to create a Custom Ramdisk for iOS 4.3.1
STEP #4: As you’ve seen above in #1, the Universal Ramdisk Fixer comes with the PwnageTool bundle pack. This is an important step as the PwnageTool current version contains the broken Ramdisk. What this Universal Ramdisk Fixer does is to patch it properly for iOS 4.3.1.
How to Create Custom iOS 4.3.1 Firmware
STEP #5: Now time to move iOS 4.3.1 firmware to your desktop, by Downloading it (below links).
STEP #6: Choose “Expert Mode” to start PwnageTool, and then choose the device you use.
STEP #7: Find the iOS 4.3.1 firmware to be used on your device.
STEP #8: Time to select “Build.” This will begin the job of creating your custom-made 4.3.1 firmware file.
STEP #9: Once that’s done, a new custom .ipsw file will be created by PwnageTool. You would have jailbroken your iPhone.
STEP #10: You will now use the PwnageTool to enter the DFU mode. Here are the steps:
- The Power and Home buttons should be held for ten seconds
- After the 10 seconds are up, time to release the Power button. However, the Home button should be held for ten more seconds
- Now your device has entered the DFU mode
Use iTunes To Restore Custom iOS 4.3.1 Firmware
STEP #11: Start iTunes. You will find an icon for iOS device in the iTunes sidebar, click on that. If you’re on Windows, now press and hold the Left “Shift” button on the keyboard. If you’re on Mac, it’s the Left “alt” button. While holding that left button, click on “Restore” in the iTunes and then release this button. Once that’s done, you will be prompted by iTunes to choose the location of the custom 4.3.1 firmware file. Select the .ipsw file created in the procedure above, and then click “Open.”
STEP #12: You’ve done everything you need to. Time to relax while iTunes continues to go through a few automated steps. You should not do anything while the installation is in progress, except wait and let iTunes install the new 4.3.1 firmware on the specific device you have chosen. Once that’s done, you will have a jailbroken device on iOS 4.3.1.
How to Boot in Tethered Mode
Finally, as we mentioned, the iOS 4.3.1 jailbreak is tethered. Since it’s not untethered, it is important to boot it only in the tethered state. The “Tetheredboot” utility helps us with this. Here are the steps:
STEP #13: The tetheredboot.zip utility will have to be Downloaded for Mac OS X. The zip file then needs to be extracted.
STEP #14: We will now need two files from the firmware iOS 4.3.1 . The first one is kernelcache.release.n90 and we will also need the second file iBSS.n90ap.RELEASE.dfu. For this, you will have to copy the iOS 4.3.1 custom file that has been created in the above steps, and the extension changed to .zip from the original .ipsw. Once changed to .zip, it needs to be extracted. There you’ll find both the files under /Firmware/dfu/. Now move the tetheredboot utility along with these files to a new folder on the desktop, “tetheredboot”.
STEP #15: Switch off your iOS device. Then on OS X, start Terminal. Now Run the commands given below:
sudo -s
your administrator pw has to be entered, and then run the following:
/Users/DirectoryName/Desktop/tetheredboot/tetheredboot
/Users/ DirectoryName /Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu
/Users/ DirectoryName /Desktop/tetheredboot/kernelcache.release.n90
Just change the “DirectoryName” to the directory name that is on your computer. Press Enter.
Imp Note: If, for some reason, the above does not work, instead of using ‘tetheredboot ibss kernel,’try using ‘tetheredboot -i ibss -k kernel’:
/Users/ DirectoryName /Desktop/tetheredboot/tetheredboot –i
/Users/ DirectoryName /Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu -k
/Users/ DirectoryName /Desktop/tetheredboot/kernelcache.release.n90
Note: All you have to do is drag and drop in Terminal. First drag and drop the tetheredboot file. Next do that with the iBSS file. Finally, the kernelcache.release file.
Now, if everything is done correctly and it works, you will see some sort of a code that starts running on the Terminal window. During its run, you will be asked to enter the DFU mode. To enter into the DFU mode, just go through the following steps:
- For ten seconds, Hold Down the Power as well as the Home buttons
- With this, you have taken your device into the DFU mode
- Time to let your device boot. The Terminal will display the message, “Exiting libpois0n.” Wait a while and you will find your devices, be it the iPod Touch, iPhone or iPad, are booted in a jailbroken tethered mode!
