Ads 468x60px

Tuesday, January 18, 2011

How to jailbreak iPhone 4 on iOS 4.3 Beta 1 with PwnageTool Bundles

PwnageTool bundles for iOS 4.3 Jailbreak

PwnageTool Bundles for jailbreaking iOS 4.3 Beta has been released! The bundle can be used with the existing version of PwnageTool to create custom firmware files for a semi-tethered jailbreak for iPhone 4 on iOS 4.3b1. Being tagged as BETA, only those who have a membership of the iPhone Developer Standard or Enterprise Program can proceed jailbreaking their iPhone 4 firmware iOS 4.3. Follow detailed guide listed below on how to jailbreak iOS 4.3 BETA on iPhone 4 using PwnageTool.

Warning: The method is bit complex and requires you to modify the restore Ramdisk manually. If you don’t know what you are doing, then stay away! We should not be held responsible for bricking the iPhone.
Important notes
  • Make your own ramdisk to be able to restore, for PwnageTool makes a broken one. Do not restore for the moment. Instructions for making ramdisk can be found below.
  • Updated Cydia is working on 4.2+.
  • Your baseband is not upgraded during restore process.
  • You must boot tethered with “tetheredboot” to enjoy unsigned apps.
  • Never run Cydia when you have booted untethered, this will make MobileSafari and others apps crash.

How to jailbreak iPhone 4 on iOS 4.3 Beta 1 with PwnageTool Bundles

Modifying the restore ramdisk manually for iOS 4.3 Jailbreak

Tools needed: OS X, xpwntool
  • Unpack the original ramdisk: xpwntool orig_restore_rd.dmg restore_rd.dec.dmg -iv .. -k .. (use the keys from wiki)
  • Mount the ramdisk: hdiutil attach restore_rd.dec.dmg
  • Free up some space: rm /Volumes/ramdisk/(some unneeded large-ish file)
  • Patch asr: mv /Volumes/ramdisk/usr/sbin/asr /tmp/; bspatch /tmp/asr /Volumes/ramdisk/usr/sbin/asr (bundle_path)/asr.patch
  • Change the restore options: edit /Volumes/ramdisk/usr/local/share/restore/options.plist with Property List Editor, add ‘UpdateBaseband’ = false – see for details
  • Unmount the ramdisk: hdiutil detach /Volumes/ramdisk
  • Re-encrypt the ramdisk: xpwntool restore_rd.dec.dmg pwned_restore_rd.dmg -t orig_restore_rd.dmg -iv .. -k ..
  • Replace the ramdisk inside of CFW produced by the Pwnage Tool with pwned_restore_rd.dmg You can either unzip and re-zip the CFW or replace it inside of /tmp/ipsw dir when PwnageTool is running.


Post a Comment