Jailbreak iOS 4.3.5 On iPhone 4 Using PwnageTool To Preserve Baseband For Unlock [How To Tutorial]

Apple has recently released iOS 4.3.5 and you might be wondering what the best way to jailbreak it might be. Thankfully, we have made custom PwnageTool bundle that allow users who rely on carrier unlock to jailbreak iOS 4.3.5 on iPhone 4. Why use PwnageTool over Redsn0w for 4.3.5 jailbreak? well by using this method, you’ll be able to preserve your old iPhone baseband which is useful if you’re looking to unlock your device using Ultrasn0w afterwards.

Note: For iPhone, iPad, and iPod touch jailbreak 4.3.5 with Redsn0w on Windows and Mac, follow the complete step by step guide posted here.

iOS 4.3 WM

Jailbreak 4.3.5

Cydia running on iOS 4.3.5, iPhone 4 (GSM)

This is a tethered jailbreak: no untethered jailbreak is currently available for iOS 4.3.5 and this is no exception. This is a fully tethered jailbreak, requiring users to plug their devices into a computer running a special utility whenever they’re powered on, in order to boot said devices into a jailbroken state. Don’t worry, we’ll cover how to go about doing this in more detail later on in this article.

In order to jailbreak your device using PwnageTool, you’ll need the following:

  1. iOS 4.3.5 IPSW for iPhone 4 (download links can be found here).
  2. iTunes 10.4 (download it from here).
  3. PwnageTool 4.3.3 (download link can be found here).
  4. PwnageTool Bundle (download it from here). Since this is our own, please do not hotlink to it, link to this article instead, we’d appreciate it.
  5. tetheredboot utility (download it from here).

Before you proceed, make sure you have downloaded all the files we mentioned above, they’re all necessary for this jailbreak to be performed correctly. Once you’re done, please follow the steps below.

Important Note: There is currently no unlock for 4.10.01 baseband of iOS 4.3.5. If you rely on carrier unlock, do NOT update to the stock 4.3.5 from iTunes.

Modify PwnageTool For Custom Bundle

Step 1: extract the custom bundle we mentioned above and drag it to your desktop.

Step 2: drag the PwnageTool app to the /Applications folder but do not launch it yet. Instead, right-click it and select Show Package Contents, in order to insert the bundle. For reference, check out the screenshot below.

Step 3: you should now see a Finder window identical to the one below. Navigate over to Contents/Resources/FirmwareBundles/ and place the .bundle file you had selected earlier to this location, then close the window.

22

Creating Custom 4.3.5 Firmware

Step 4: start up PwnageTool in Expert mode, as shown on the screenshot below. Select the device you’re using, then click on the blue arrow on the bottom-right corner of the window to proceed.

Step 5: when requested, point PwnageTool to the iOS 4.3.5 IPSW file you downloaded earlier, as shown in the screenshot below.

13

Step 6: on the next screen, you’ll be given the option to further customize the software you’re about to build. Feel free to toy around with these settings, but only if you know what you’re doing. If you’re not sure what to do, just click on "Build" as shown below. PwnageTool will then build a jailbroken firmware, a process that could take a few minutes, so kick back and have a soda.

Step 7: when instructed, you need to put your phone into DFU mode. Just do as follows:

  • Hold down both the Power and Home buttons simultaneously for 10 seconds.
  • Release the Power button but keep holding the Home button for 10 more seconds.
  • If your screen is black, you’re in DFU mode. If an iTunes logo is displayed, you’re in Restore Mode: just try the steps above a few more times, sometimes it doesn’t go well on the first try. Nonetheless, a notification will be displayed if you’ve managed to enter this mode correctly.

Restoring Custom 4.3.5 Firmware On iPhone

Step 8: once this process is done, you’re free to exit out of PwnageTool. Now launch iTunes and restore to the firmware file you’ve just created: select your device from the iTunes sidebar, and click Restore while holding down the Alt key on your keyboard. Select the firmware file you’ve just saved (make sure it’s the one created by PwnageTool, not the default firmware) and click Open. iTunes should now begin loading the jailbroken firmware to your device, avoid interacting it at this point. If everything goes as expecting, your device should be jailbroken at this point.

Booting iPhone In Tethered Mode

Since this is a tethered jailbreak, whenever you boot up your device you’ll have to plug it into your computer and run a small utility known as tetheredboot. You’ll need to follow the following Step 11 and Step 12 whenever you start up your device!

Step 9: place tetheredboot (download link at the beginning of the article) in an accessible directory.

Step 10: change the extension of the custom IPSW file you’ve just created to .zip by renaming the file, then extract it much like a real ZIP file. Navigate to /Firmware/dfu/ and copy two files (kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu) from that directory to the folder you’ve pasted tetheredboot utility into, as shown below.

Step 11: with your device plugged in but turned off, bring up the Mac OS X Terminal (by heading to Applications/Utilities/Terminal), type in the following commend, press enter and insert your password when requested:

sudo -s

Then type in the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot
/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu
/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

if the commands above don’t work, try the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot –i
/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu -k
/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

Important: Make sure you replace /Users/TaimurAsad/Desktop/tetheredboot/ with the directory where you have placed the tetheredboot utility.

If you’re not comfortable typing in commands, you can simply drag the 3 files in your tetheredboot folder right into the terminal window after the original sudo -s command.

Step 12: after some code runs through the terminal, you’ll be asked to set your phone into DFU mode. Do so, as shown below:

  • Hold down both the Power and Home buttons simultaneously for 10 seconds.
  • Release the Power button but keep holding the Home button for 10 more seconds.
  • If your screen is black, you’re in DFU mode. If an iTunes logo is displayed, you’re in Restore Mode: just try the steps above a few more times, sometimes it doesn’t go well on the first try.

If you wait a few seconds, you should see “Exiting libpois0n” on the terminal. Your device is now in a jailbroken state until next time you power off.

Want to downgrade your device from iOS 4.3.5 back to iOS 4.3.3? Follow our complete write-up posted here.

You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest iPhone jailbreaking and unlocking releases.