How to Jailbreak iOS 4.3 on iPhone with PwnageTool [Tethered] [Mac]

We previously shared a tutorial for Windows users on how to Jailbreak iOS 4.3 Final using Sn0wBreeze. This time we got instructions on how to perform the same tethered jailbreak using PwnageTool on your Mac.

In case you haven’t upgraded to iOS 4.3 yet, make sure you read the previous post Should I Upgrade my iPhone to iOS 4.3? Since this is a tethered jailbreak you will have to boot tethered using your computer, everytime the iOS device restarts. Ultrasn0w unlockers beware, you cannot unlock carrier on iOS 4.3 yet.

Note: PwnageTool hasn’t officially been updated yet for iOS 4.3 [Final] yet. We will make use of the bundles released for the iOS 4.3 GM build(beta iOS) since they work just fine with the final release. Works fine for me, except that it’s a tethered method.

This is a somewhat complicated tutorial compared to the previous ones. Novice users should just wait for a simpler jailbreak tool to be released later this month.

Tools Required for Jailbreaking iOS 4.3:

• iTunes 10.2 – Download here
• PwnageTool
• Universal Ramdisk Fixer
• iOS 4.3 Firmware for your device
• TetheredBoot Utility

Also, download PwnageTool bundles for your device here:

• iPhone 4
• iPhone 3GS (New Bootrom)
• iPhone 3GS (Old Bootrom)
• iPad

Instructions to Jailbreak iOS 4.3:

Modify PwnageTool:

Extract the bundles archive that you downloaded in the previous steps. Right Click on PwnageTool and select Show Package Contents. Navigate to Contents/Resources/FirmwareBundles/ and paste the downloaded custom bundle file.

Now run the Ramdisk Fixer and follow onscreen instructions.

Creating Custom Firmware:

Launch the modified PwnageTool and then select Expert Mode at the top.

Click on the iPhone’s icon and then on the blue arrow to proceed.

Now tap on browse for IPSW and point it to the firmware file you downloaded above and click on open.

Click on General and then on Next arrow. Select Activate the iPhone if you are not using a SIM from official carrier. If on official carrier make sure you deselect the option.

Now click on Back and then on Build. When you press the next button you will be asked where to save the custom firmware file. Your IPSW is now being saved.

After the custom firmware has been built you will see instructions to place iPhone into the DFU mode for restoring in iTunes.

Once in DFU mode, close PwnageTool and launch iTunes.

Press Alt key on your Mac’s keyboard and click on Restore. Show iTunes the location of the custom IPSW file. After a while the iPhone will reboot once restore is over.

Boot in Tethered Mode:

Change the extension of the IPSW file to .zip and extract its contents. From the folder Firmware>Dfu copy the following three files to the folder containing TetheredBoot utility. To make it easier place everything in a folder called tboot on your desktop.

• kernelcache.release.n90
• iBEC.n90ap.RELEASE.dfu
• iBSS.n90ap.RELEASE.dfu

Put your iPhone into Recovery Mode by referring to this guide.

Now launch Terminal and type these two commands:

sudo sh

You will be requested to enter the password. Type it(no onscreen feedback) and press enter.

/Users/Rajat/Desktop/tetheredboot/tetheredboot /Users/Rajat/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu /Users/Rajat/Desktop/tetheredboot/kernelcache.release.n90

Don’t forget to change username. press enter after the previous command. Now you need to put iPhone in DFU mode again, like you did earlier. Tutorial on how to place iPhone in DFU here.

Your iPhone should boot in a few minutes and Terminal will display “Exiting libpois0n”

Have fun with your jailbroken iPhone and iOS 4.3.

Tagged as: Cydia, iOS 4.3, iPad, iPhone, iPhone Jailbreak, Jailbreak, PwnageTool