Jailbreak iOS 4.3 on iPad, iPod Touch 4G and iPhone 4 with PwnageTool Bundles [Guide]

Here is step by step guide to jailbreak iPad, iPod Touch 4G and iPhone 4 on iOS 4.3 using the PwnageTool bundles. Like the method shared in our previous post, this one is also complex and requires advanced knowledge and skill to perform.

However, after the release of ramdisk maker, a script by djayb6 to build ramdisk manually, an ordinary user can also jailbreak his device if he follows the steps carefully.

Disclaimer: This guide is for testing and educational purposes only. Follow it at your own risk. Please don’t use it if you don’ know what you are going to do.

Part 1: Downloadig Required Files

First of all you should download all the required files and softwares and place them on desktop for ease. You will need following files for this method.

• Download PwnageTool
• Download iTunes 10.1.x (if iTunes is not updated on your system)
• Download ramdisk maker
• Download iOS 4.3 beta 1 for your iPhone 4, iPod Touch 4G and iPad (dev only)
• Download PwnageTool bundle to jailbreak iPhone 4 on iOS 4.3
• Download PwnageTool bundle to jailbreak iPad on iOS 4.3
• Download PwnageTool bundle to jailbreak iPod Touch 4G on iOS 4.3 beta 1

Part 2: Patching/Modifying PwnageTool

Step 1: Now you have to patch / modify PwnageTool to make it compatible with iOS 4.3 beta 1. This part is very easy. Right click PwnageTool and then click on “Show Package Contents”.

Step 2: Navigate to this path /Applications/PwnageTool.app/Contents/Resources/FirmwareBundles and put the bundle folder download for your device in Part 1 in this location.

Step 3: In this step put the Cydia Bundle ( You will find it in iPhone 4 bundle only. Get it for other idevices) in /Applications/PwnageTool.app/Contents/Resources/FirmwareBundles.

Step 4: Close the folder and run PwnageTool to build custom firmware.

Part 3: Building Custom Firmware

Step 1: Install the latest version of iTunes and reboot your PC.

Step 2: Run the modified PwnageTool.

Step 3: Backup all the contents on your iPhone before starting the actual jailbreak process. After the backup is completed, close iTunes and leave you iPhone connected via USB.

Step 4: Launch PwnagTool and select either Expert Mode or Normal Mode. We will go with Expert Mode.

Step 5: Now select your iPhone and click the blue arrow to continue.

Step 6: Browser for iPSW file (iOS 4.3) which you have already downloaded in Part 1.

Step 7. Now hit the Build button to cook the custom firmware and save it on your PC.

Step 8. Once you have created the custom firmware, close PwnageTool but don’t restore to this firmware yet.

Part 4: Making Ramdisk Manually

Open Ramdisk which you have downloaded in Part 1.

Requirements : xpwntool, ldid .

• Open ramdisk.sh with a text editor, and change the tools path and your user directory name in the === TO CHANGE === section.
• Open Terminal, type “su root” then type your root password, then type  “/path/to/./ramdisk_maker.sh” . Follow the instructions.

You can also find the detailed procedure to create custom Ramdisk for custom iOS 4.3 here.

Part 5: Restoring iOS 4.3 Custom Firmware

Put your iPhone into DFU mode. PwnageTool will help you in this process. Follow the onscreen instructions for this purpose.

• Hold Power and Home buttons for 10 seconds
• Now release the Power button but continue holding the Home button for 10 more seconds
• You device should now be in DFU mode

After the iPhone is in DFU mode, launch iTunes and it will tell you it has found an iPhone in recovery mode. Press OK to continue.

To install the custom cooked firmware, press the Alt/Option key and click on “Restore” in iTunes.

Now wait for few minutes until iTunes does its job. The iPhone will reboot after it has been restored successfully.

Part 6: Booting the Device in Tethered Boot

Since iOS 4.3 jailbreak is tethered, we will have to connect the device with PC and use a software “tetheredboot” to boot it into a tethered jailbroken state.

Tetheredboot utility requires three files from iOS 4.3 to do its jobs. The names of those files are

• kernelcache.release.n90, 
• iBEC.n90ap.RELEASE.dfu,
• and iBSS.n90ap.RELEASE.dfu.

To get these files, change the extension of iOS 4.3 from .ipsw to .zip and extract it. You will find them under /Firmware/dfu/ folder.

Put all these three files and tetheredboot utility into a new folder on desktop and name it “tetheredboot”.

Now connect your device with your computer and boot it into Recovery Mode by holding power and home button until “Connect to iTunes” screen appears on iPhone.

Start terminal and run the following commands:

sudo sh

type your admin password and run:

cd desktop/tetheredboot

./tetheredboot iBSS kernel

When you are asked to put your device into DFU mode, follow the same method you used in Part 5. After a short while you will see “Exiting libpois0n” in the terminal windows which indicates your iPhone, iPad, iPod Touch will be booted within few moments.

Enter email to get Updates in your inbox: