How To Jailbreak iOS 4.3.3 On iPhone 4, iPad, iPod & Preserve Baseband For Unlock Using PwnageTool

May 14, 2011

The recent release of  iOS 4.3.3 firmware for iPhone 4 was Jailbroken a few days back with the use of custom PwnageTool bundles. This jailbreak is tethered only for now, which means that you will require booting into Jailbroken state every time you reboot. This jailbreak is courtesy of the Redmond Pie team, which has been as quick as ever to cover this Jailbreak shortly after the iOS 4.3.3 firmware release.

Although iOS can be easily broken using Redsn0w, but the Pwnage Tool bundle provides the utility to preserve the old baseband, which can be handy to unlock the iPhone by using Ultrasn0w. To jailbreak iOS 4.3.3 on an iPhone 4 device, follow the below instructions:

Requirements:

  • PwnageTool 4.3.2
  • iOS 4.3.3 firmware
  • iTunes 10.2.2
  • Mac OS X
  • PwnageTool bundle for iOS 4.3.3
  • Tetheredboot utility

Note:

  • There is no unlock for the new baseband on iOS 4.3.3.
  • iPad 2 users on iOS 4.3 should avoid iOS 4.3.3 until further confirmation.
  • Cydia is functional on iOS 4.3.3
  • This jailbreak is semi-tethered
  • Baseband will not be upgraded during restore process.
  • Hacktivation is supported.

Modifying PwnageTool

Step 1:

  • Download PwnageTool bundle for your version of iOS device.
  • Extract the .zip folder, in there you will find a .bundle file.

Step 2:

  • Download PwnageTool 4.3.2 and copy it to /Applications directory. Right click, and then click on “Show Package Contents” .
  • Step 3:
  • Navigate to Contents/Resources/FirmwareBundles/ and paste iPhone3,1_4.3.3_8J2.bundle file in this location.
  • Building iOS 4.3.3 Custom Firmware

Step 4:

  • Download iOS 4.3.3 firmware and move this file to your desktop.

Step 5:

  • Start PwnageTool in “Expert mode” and select your device:

PwnageTool-4.1

Step 6:

  • Browse for iOS 4.3.3 firmware for your device as shown in the screenshot below:

Step 7:

  • Select “Build” to start creating custom 4.3.3 firmware file.

Step 8:

  • PwnageTool will now create the custom .ipsw file for iPhone which will be jailbroken.

Step 9:

Eenter DFU mode using PwnageTool:

  • Hold Power and Home buttons for 10 seconds
  • Now release the Power button but continue holding the Home button for 10 more seconds
  • You device should now be in DFU mode
  • Restore iOS 4.3.3 Custom Firmware Using iTunes

Step 10:

  • Start iTunes, click on your iOS device icon from the sidebar in iTunes. Now press and hold left “alt” (option) button on Mac, or Left “Shift” button if you are on Windows on the keyboard and then click on “Restore” (Not “Update” or “Check for Update”) button in the iTunes and then release this button.
  • This will make iTunes prompt you to select the location for your custom firmware 4.3.3 file. Select the required custom .ipsw file that you created above, and click on “Open”.

Step 11:

  • Now sit back and enjoy as iTunes does the rest for you. This will involve a series of automated steps. Be patient at this stage and don’t do anything silly. Just wait while iTunes installs the new firmware 4.3.3 on your iOS device. Your iOS device screen at this point will be showing a progress bar indicating installation progress. After the installation is done, your iOS device will be jailbroken on iOS 4.3.3.
  • Booting in Tethered Mode
  • Last but not the least, since there is no untethered jailbreak for iOS 4.3.3 yet, we will have to boot it into a tethered jailbroken state. To do this, we will make use of a utility named “tetheredboot” as shown in the steps below.

Step 12:

Download Tethered boot.zip utility for Mac OS X and extract the .zip file.

Step 13:

  • First, we will need two files from the custom iOS 4.3.3 firmware namely: kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu. To do this, make a copy of  custom iOS 4.3.3 file (created earlier), change the extension of this file from .ipsw to .zip, and then extract this .zip file.
  • Copy kernelcache.release.n90 file, and then copy iBSS.n90ap.RELEASE.dfu files which are found under /Firmware/dfu/.
  • Move all these files, and Tetheredboot utility to a new folder named “Tetheredboot” on the desktop as shown in the screenshot below.

Step 14:

  • Turn off your iOS device, and start Terminal on OS X and run the following commands:

sudo -s

  • enter your administrator password, then:

/Users/Username/Desktop/tetheredboot/tetheredboot
/Users/Username/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu
/Users/Username/Desktop/tetheredboot/kernelcache.release.n90

  • Press enter.

NOTE: If the above fails, try ‘tetheredboot -i ibss -k kernel’ instead of ‘tetheredboot ibss kernel’:

/Users/Username/Desktop/tetheredboot/tetheredboot –i
/Users/Username/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu -k
/Users/Username/Desktop/tetheredboot/kernelcache.release.n90

Tip: Simply drag and drop in Terminal – Tetheredboot file, then iBSS file and then kernelcache.release file.

You should now see some code running in the Terminal window, at some point, it will ask you to enter DFU mode. Now follow the following steps to enter DFU mode:

  • Hold Power and Home buttons for 10 seconds
  • Now release the Power button but continue holding the Home button for 10 more seconds
  • You device should now be in DFU mode

Now wait for your device to boot, Terminal at this point will be showing “Exiting libpois0n” message. After a short while, your iPhone, iPad or iPod touch will be booted in a jailbroken tethered mode !

[via RedmondPie]

Disclaimer: WML Cloud administration will not be responsible for any issues which may occur due to the implementation of the above mentioned procedure. Try this at your own risk.