How to Jailbreak iOS 4.3 on iPhone, iPad and iPod touch [Guide]

The following detailed step by step guide will help you jailbreak iOS 4.3 Beta on iPhone 4, iPad and iPod touch 4G using PwnageTool bundles.

Here’s what you will need:

Note:

  • Cydia is fully working on iOS 4.3 Beta.
  • It is a semi-tethered jailbreak.
  • Your baseband will not be upgraded during restore process.

WARNING: The jailbreaking procedure is complex, and hence is meant for advanced users only. It will require you to make your own ramdisk because the latest official version of PwnageTool makes a broken one for iOS 4.3. Proceed at your own risk only. We are not to be held responsible if you end up bricking your iPhone, iPad or iPod touch.

Modifying PwnageTool

Step a) Download PwnageTool bundle according to your iOS device and extract the zip file. You will see that there are these two files: CydiaInstaller.bundle and a .bundle file. For this tutorial, we will use  iPhone3, 1_4.3_8F5148b.bundle. Place all these files to your desktop.

Step b) Now Download PwnageTool 4.1.2 put in on your desktop. Right click on it and then click “Show Package Contents”. See the screenshot below.

iOS 4 Jailbreak (1)

Step c) Navigate to Contents/Resources/FirmwareBundles/ and copy/paste iPhone3, 1_4.3_8F5148b.bundle file here.

Step d) Now navigate to Contents/Resources/CustomPackages and here copy and replace the CydiaInstaller.bundle file here with the one you downloaded in the Step a.

How to Build a Custom Firmware

Step e) Now, download iOS 4.3 Beta on your desktop.

Step f) Run PwnageTool in “Expert mode”. When the following screen appears, select your iOS device:

Step g) Now at this step, we need to select the downloaded iOS 4.3 beta firmware to customize it. See the screenshot below:

Step h) At this point, check “Build” and click next to start cooking the custom firmware.

Step i) Wait while PwnageTool customizes the firmware that you can restore to your iOS device to jailbreak it.

Step j) When done, close the PwnageTool. Do not restore the firmware yet because there are few more things you need to take care of.

Creating Custom Ramdisk for iOS 4.3 Custom Firmware

Step k) Download the Ramdisk_Maker.zip by DjayB6 (Click here to Download). Unzip the files and put them on your desktop.

Step j) Open the ramdisk_maker.sh file and edit the strings as highlighted in the following screenshot:

Step k) Now it’s time to run few commands, start the Terminal app and run the following commands:

cd desktop

cd ramdisk_maker

./ramdisk_maker.sh

Follow the guides by the automated script running in the Terminal. See the highlighted text in the screenshot below:

Step l) Create a folder on the desktop named My_Ramdisk. Extract the contents of iOS 4.3 by first changing the file extension from .ipsw to .zip.

Step m) There will be a file named 038-0408-002.dmg. copy this file to My_Ramdisk folder that you made in Step l.

Step n) Terminal will automatically show something, see the screenshot below:

Step o) Now go back to the ramdisk_maker folder that you saved earlier on desktop. There will be a file named Options.plist here. Open this file in a program like TextWrangler (available for free on the Mac App Store). After opening it, change the <integer></integer> value under SystemPartitionSize <key></key> to 1116, see the highlighted text in the screenshot below:

Step p) Save the file and move it back to the My_Ramdisk folder. You will notice again that the Terminal is doing something. It will actually notify you about completing the process.

Step q) When done, there will be a file named final_ramdisk.dmg in My_Ramdisk folder. Change the name of this file to 038-0408-002.dmg

Step r) Extract the contents of the custom iOS 4.3 Beta firmware file that you created in previous steps by changing it’s extention from .ipsw to .zip. Now change the extension of the custom iOS 4.3 Beta firmware file that you created earlier from .ipsw to .zip, and then extract this .zip file. Inside the extracted folder, replace the 038-0408-002.dmg file with the one you created in Step q.

Step s) Select all files in this folder and then click “Compress 9 Items” that will create a .zip file. Change the extension of this .zip file to .ipsw file. This is your final custom firmware.

Simple restore this firmware using iTunes to your iOS device. To do this, connect your device while running iTunes and your iOS device will appear in the sidebar. Click on it and hold “alt” key in Mac or “Shift” key on Windows and press “Restore” button. When the file browser opens, select the custom .ipsw that you recently created and let iTunes restore the device.

When done, your iOS device will boot to a jailbroken state.

Booting in Tethered Mode

As there is no untethered jailbreak for iOS 4.3 yet, you must boot your iOS device to a tethered jailbroken state. There is a utility called “tetheredboot” that can do this. Here how you can do it:

Step t) Click here to Download tetheredboot.zip utility for Mac OS X , extract the .zip file.

Step u) Get these three files from the original iOS 4.3 firmware: kernelcache.release.n90, iBEC.n90ap.RELEASE.dfu, and iBSS.n90ap.RELEASE.dfu. by extracting the contents of .ipsw. You can do it by first changing the file extention from .ipsw to .zip and then extracting the .zip file.

Copy kernelcache.release.n90iBEC.n90ap.RELEASE.dfu, and iBSS.n90ap.RELEASE.dfu files located at /Firmware/dfu/. move all these files and tetheredboot utility to a new folder named “tetheredboot”. See the screenshot below:

Step v) Finally, you need to boot your iOS device to into tethered mode. Plugin your iOS device to your computer and boot it in recovery mode. You can do it by holding “Home” and “Power” button until the following screen appears:

Step w) Run Terminal and execute the following commands:

sudo sh

enter your administrator password, then:

cd desktop/tetheredboot

./tetheredboot iBSS kernel

You will notice some scripts running in the Terminal Window. Keep your eyes on it until it asks you to enter your device into DFU mode. To enter your iOS device in DFU mode, Press and hold “Home” and “Power” button together for about 10 seconds and then release “Power” button but keep holding the “Home button”.

 

Wait while your iOS device reboots. You will see terminal showing “Exiting libpois0n” message. In few moments, your iOS device will start in a jailbroken tethered mode,

You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest iPhone jailbreaking and unlocking releases.