PwnageTool Bundle for Jailbreaking iOS 4.3 Beta on iPhone 4

Msftguy is back, this time with a new release of PwnageTool bundle to jailbreak iOS 4.3 beta 1. The process of it is actually not easy this time, it is quite complicated. So you could say that it is aimed for the advanced users only.

It requires the following things

  • create a ramdisk in order to achieve the jailbreak
  • you must also be enrolled in either iPhone Developer Standard or Enterprise Program
  • And you must own a MAC OS computer

WARNING : This jailbreak is intended for advanced users only. If you do proceed and unfortunately end up bricking your iPhone, we are not to be held responsible!

Step 1:

Download custom PwnageTool bundle from here.

Step 2:

Download iOS 4.3 beta 1 for iPhone 4.

Step 3:

Download PwnageTool v4.2.1 from here.

Step 4:

Modify PwnageTool with the above custom bundle to accept iOS 4.3 beta firmware

Right click PwnageTool and then click on “Show Package Contents”.

Navigate to Contents/Resources/FirmwareBundles/ and paste custom “.bundle” file in this location, then close the folder.

Step 5:

Create an iOS 4.3 custom firmware for iPhone 4 using the PwnageTool.

Step 6:

Create your own ramdisk using the following steps:

Tools needed: OS X, xpwntool

Unpack the original ramdisk: xpwntool orig_restore_rd.dmg restore_rd.dec.dmg -iv .. -k .. (use the keys from wiki)

Mount the ramdisk: hdiutil attach restore_rd.dec.dmg

Free up some space: rm /Volumes/ramdisk/(some unneeded large-ish file)

Patch asr: mv /Volumes/ramdisk/usr/sbin/asr /tmp/; bspatch /tmp/asr /Volumes/ramdisk/usr/sbin/asr (bundle_path)/asr.patch

Change the restore options: edit /Volumes/ramdisk/usr/local/share/restore/options.plist with Property List Editor, add ‘UpdateBaseband’ = false – see http://theiphonewiki.com/wiki/index.php?title=Preventing_Baseband_Update for details

Unmount the ramdisk: hdiutil detach /Volumes/ramdisk

Re-encrypt the ramdisk: xpwntool restore_rd.dec.dmg pwned_restore_rd.dmg -t orig_restore_rd.dmg -iv .. -k ..

Replace the ramdisk inside of CFW produced by the Pwnage Tool with pwned_restore_rd.dmg You can either unzip and re-zip the CFW or replace it inside of /tmp/ipsw dir when PwnageTool is running.

Step 7:

Use tetheredboot to boot into tethered mode.

DONE!