Jailbreak iPod touch 4G / 3G and iPad on iOS 4.3 GM Using PwnageTool [How To Guide]

iOS developer and hacker iH8sn0w and jcf_dev have released PwnageTool bundles to jailbreak iOS 4.3 GM on iPhone, iPad and iPod touch. You can use these bundles with PwnageTool 4.2 to create custom jailbroken 4.3 firmware files.

Unfortunately though, this is a tethered jailbreak, which means you will need to restart your iPod touch in a tethered-jailbroken mode on every reboot using tetheredboot utility.

But the real news is not that iOS 4.3 GM has come out but that the new OS has been already jailbroken using PwnageTool, although the whole procedure is a little more complex and requires some more experience/patience to get it done. 

Here’s what you will need:
* PwnageTool 4.2
* Access to iOS 4.3 GM firmware
* iTunes 10.2
* Mac OS X
* PwnageTool bundle for iOS 4.3 GM
* Universal Ramdisk Fixer
* tetheredboot utility

Modifying PwnageTool
Step 1: Download iOS 4.3 PwnageTool Bundle for iPod touch 4G 

             Download iOS 4.3 PwnageTool Bundle for iPod touch 3G 

             Download iOS 4.3 PwnageTool bundle for iPad

Extract the .zip folder, in there you will find a .bundle file

Step 2: Download PwnageTool 4.2 and copy it to /Applications directory. Right click, and then click on “Show Package Contents”.
Step 3: Navigate to Contents/Resources/FirmwareBundles/ and paste .bundle file in this location.

Creating Custom Ramdisk for iOS 4.3 Custom Firmware
Step 4: Download Universal Ramdisk Maker and simply install it . This is important because Ramdisk in the current version of PwnageTool is broken. This Universal Ramdisk Maker basically patches it correctly for iOS 4.3 firmware.

Building iOS 4.3 Custom Firmware
Step 5: Download iOS 4.3 GM firmware. Move this file to your desktop.
Step 6: Start PwnageTool in “Expert mode” and select your device.
Step 7: Browse for iOS 4.3 GM firmware for your device.
Step 8: Now select “Build” to start creating custom 4.3 firmware file.
Step 9: PwnageTool will now create the custom .ipsw file for your iPhone which will be jailbroken.
Step 10: Once you have created the custom firmware, quit PwnageTool.

Restore iOS 4.3 Custom Firmware Using iTunes
Step 11: Start iTunes, click on your iOS device icon from the sidebar in iTunes. Now press and hold left “alt” (option) button on Mac, or Left “Shift” button if you are on Windows on the keyboard and then click on “Restore” (Not “Update” or “Check for Update”) button in the iTunes and then release this button.
This will make iTunes prompt you to select the location for your custom firmware 4.3 file. Select the required custom .ipsw file that you created above, and click on “Open”.

Step 12: Now sit back and enjoy as iTunes does the rest for you. This will involve a series of automated steps. Be patient at this stage and don’t do anything silly. Just wait while iTunes installs the new firmware 4.3 on your iOS device. Your iOS device screen at this point will be showing a progress bar indicating installation progress. After the installation is done, your iOS device will be jailbroken on iOS 4.3.

Booting in Tethered Mode
Step 13: Download tetheredboot.zip utility for Mac OS X and extract the .zip file.

Step 14: FOR iPad  ==>> First, we will need two files from the custom iOS 4.3 GM firmware for iPad namely:kernelcache.release.k48 and iBSS.k48ap.RELEASE.dfu. To do this, make a copy of your custom iOS 4.3 GM file that you created above, change the extension of this file from .ipsw to .zip, and then extract this .zip file.

Now copy kernelcache.release.k48 file, and then copy iBSS.k48ap.RELEASE.dfu files which are found under /Firmware/dfu/.

          For iPod Touch ==>> use kernelcache.release.n81 and iBSS.n81ap.RELEASE.dfu instead ofkernelcache.release.k48 and iBSS.k48ap.RELEASE.dfu


Move all these files, and tetheredboot utility to a new folder named “tetheredboot” on the desktop.

Step 15: Turn off your iOS device, and start Terminal on OS X and run the following commands:
sudo -s
enter your administrator password, then:

For iPad:

/Users/iTycoon/Downloads/tetheredboot/tetheredboot
/Users/iTycoon/Downloads/tetheredboot/iBSS.k48ap.RELEASE.dfu
/Users/iTycoon/Downloads/tetheredboot/kernelcache.release.k48

For iPod Touch:

/Users/iTycoon/Downloads/tetheredboot/tetheredboot
/Users/iTycoon/Downloads/tetheredboot/iBSS.k48ap.RELEASE.dfu 
/Users/iTycoon/Downloads/tetheredboot/kernelcache.release.k48

You will have to of course replace “iTycoon” with the name of the directory on your computer.
now press enter.

You should now see some code running in the Terminal window, at some point, it will ask you to enter DFU mode. Now follow the following steps to enter DFU mode:
* Hold Power and Home buttons for 10 seconds
* Now release the Power button but continue holding the Home button for 10 more seconds
* You device should now be in DFU mode

Now wait for your device to boot, Terminal at this point will be showing “Exiting libpois0n” message. After a short while, your iPhone, iPad or iPod touch will be booted in a jailbroken tethered mode !
That’s it.