[How To][Mac] Jailbreak iPad on iOS 4.3 GM Using PwnageTool

[lyje17]

PwnageTool bundle for jailbreaking iOS 4.3 on iPad has been released. You can use this bundle with existing version of PwnageTool to create custom firmware files that are jailbroken for the first-generation iPad.

The jailbreak though will be tethered, which means that you will have to boot into jailbroken state using ‘tetheredboot’ utility on every reboot.

Follow the instructions below to jailbreak iPad on iOS 4.3.

You will need the following:

PwnageTool 4.2
Access to iOS 4.3 GM firmware
iTunes 10.2
Mac OS X
PwnageTool bundle for iOS 4.3 GM (iPad)
tetheredboot utility
Modifying PwnageTool

Step 1: Download PwnageTool bundle for iPad. Extract the .zip folder, in there you will find a .bundle file iPad1,1_4.3_8F190.bundle. Move this file to your desktop.

Step 2: Download PwnageTool 4.2 and copy it to /Applications directory. Right click, and then click on “Show Package Contents” as shown in the screenshot below.



Step 3: Navigate to Contents/Resources/FirmwareBundles/ and paste iPad1,1_4.3_8F190.bundle file in this location.



Building iOS 4.3 Custom Firmware

Step 4: Download iOS 4.3 GM firmware for iPad. Move this file to your desktop.

Step 5: Start PwnageTool in “Expert mode” and select your device:



Step 6: Browse for iOS 4.3 GM firmware for iPad as shown in the screenshot below:



Step 7: Now select “Build” to start creating custom 4.3 firmware file:



Step 8: PwnageTool will now create the custom .ipsw file for your iPad which will be jailbroken.



Step 9: Now follow the following steps to enter DFU mode using PwnageTool:

Hold Power and Home buttons for 10 seconds
Now release the Power button but continue holding the Home button for 10 more seconds
You device should now be in DFU mode



Restore iOS 4.3 Custom Firmware on iPad Using iTunes

Step 10: Start iTunes, click on your iOS device icon from the sidebar in iTunes. Now press and hold left “alt” (option) button on Mac, or Left “Shift” button if you are on Windows on the keyboard and then click on “Restore” (Not “Update” or “Check for Update”) button in the iTunes and then release this button.



This will make iTunes prompt you to select the location for your custom firmware 4.3 file. Select the required custom .ipsw file that you created above, and click on “Open”.

Step 11: Now sit back and enjoy as iTunes does the rest for you. This will involve a series of automated steps. Be patient at this stage and don’t do anything silly. Just wait while iTunes installs the new firmware 4.3 on your iOS device. Your iOS device screen at this point will be showing a progress bar indicating installation progress. After the installation is done, your iOS device will be jailbroken on iOS 4.3.

Booting in Tethered Mode

Last but not the least, since there is no untethered jailbreak for iOS 4.3 yet, we will have to boot it into a tethered jailbroken state. To do this, we will make use of a utility named “tetheredboot” as shown in the steps below.

Step 12: Download tetheredboot.zip utility for Mac OS X and extract the .zip file.

Step 13: First, we will need two files from the custom iOS 4.3 GM firmware for iPad namely: kernelcache.release.k48 and iBSS.k48ap.RELEASE.dfu. To do this, make a copy of your custom iOS 4.3 GM file that you created above, change the extension of this file from .ipsw to .zip, and then extract this .zip file.

Now copy kernelcache.release.k48 file, and then copy iBSS.k48ap.RELEASE.dfu files which are found under /Firmware/dfu/.

Move all these files, and tetheredboot utility to a new folder named “tetheredboot” on the desktop as shown in the screenshot below.



Step 14: Turn off your iPad, and start Terminal on OS X and run the following commands:

sudo -s

enter your administrator password, then:

/Users/TaimurAsad/Downloads/tetheredboot/tetheredboot
/Users/TaimurAsad/Downloads/tetheredboot/iBSS.k48ap.RELEASE.dfu
/Users/TaimurAsad/Downloads/tetheredboot/kernelcache.release.k48

You will have to of course replace “TaimurAsad” with the name of the directory on your computer.

now press enter.



You should now see some code running in the Terminal window, at some point, it will ask you to enter DFU mode. Follow the steps as illustrated in Step 8 above to enter DFU mode on iPad.

Now wait for your iPad to boot, Terminal at this point will be showing “Exiting libpois0n” message. After a short while, your iPad will be booted in a jailbroken tethered mode !

Looking to jailbreak iPhone 4 on iOS 4.3? Follow the complete step by step instructions posted here to jailbreak iPhone 4 on iOS 4.3 using PwnageTool.

UPDATE 1: PwnageTool bundles for jailbreaking iPod touch 4G / 3G on iOS 4.3 can be found here.

(Credits: iH8sn0w and jcf_dev for PwnageTool bundles)

[via RedmondPie]

[Wendee82]

no pics are showing up lyje17

[AppleHacker]

hey no pics bud? upload it to tinypic or imageshack!

[lyje17]

Fixed the pics. Thanks to both Wendee82 and applehacker.

[AppleHacker]

Quote:

Originally Posted by --=={lyje17}==--

Fixed the pics. Thanks to both Wendee82 and applehacker.

[/COLOR]awesome works gr8 now !

[lyje17]

photobucket!

[DarkH2O]

After resupported screwed up my phone where it wouldnt boot I decided to go to 4.3 with the release today.

Since I have a 3GS with old bootrom I can boot untethered. So far so good.