How to Jailbreak Apple TV 2G on iOS 4.2.1 with PwnageTool [Guide]

The developer behind NitoTV app for jailbroken 2nd-gen Apple TV has released an unofficial PwnageTool bundle which can jailbreak Apple TV 2G on the latest iOS 4.2.1 firmware with the existing version of PwnageTool. This jailbreak however is limited to tethered-boot only for now.

Jailbreak Apple TV 4.2.1

NOTE: We haven’t tested this yet, therefore proceed at your own risk only. The following instructions are posted as it is from the developer himself, if you are not an advanced user, you are strongly recommended to wait for the official tools from the iPhone Dev Team and / or Comex.

Before you proceed with the jailbreak, you will need the following:

  • A MicroUSB cable
  • iOS 4.2.1 for Apple TV
  • PwnageTool 4.1.2 ( 4.1.3 is untested but could potentially work as well)

All download links are posted at the end of this article.

Step 1. Download PwnageTool, PwnageTool bundle for Apple TV iOS 4.2.1 firmware and Tetheredboot utility for Mac. Move PwnageTool to OS X’s Applications folder, and everything else into a new folder named “tethered” on the desktop.

Step 2. Open the Terminal app on Mac OS X. (if you don’t know where this is, you REALLY shouldn’t be doing this)

Step 3. Run the following commands (this will fail if you didn’t move files to the required folders as mentioned in Step 1)

cp -r ~/Desktop/tethered/AppleTV2,1_4.2.1_8C154.bundle /Applications/
PwnageTool.app/Contents/Resources/FirmwareBundles/

Step 4. Start PwnageTool and select iOS 4.2.1 for Apple TV to create a custom firmware for your device. Save this custom .ipsw file in the same “tethered” folder on the desktop.

NOTE: Do not install any packages through Cydia in Expert mode, this produced very unpredictable results.

Step 5. Back in the Terminal, run the following commands:

unzip -j ~/Desktop/tethered/AppleTV2,1_4.2.1_8C154_Custom_Restore.ipsw
Firmware/dfu/iBSS.k66ap.RELEASE.dfu kernelcache.release.k66 -d ~/Desktop/tethered/

Step 6. Restore the Apple TV to the ~/Desktop/tethered/AppleTV2,1_4.2.1_8C154_Custom_Restore.ipsw firmware using iTunes. Note: Your Apple TV SHOULD be in DFU mode after finishing up with PwnageTool.

Step 7. Unplug and then replug the USB, after the Apple TV has finished starting up (will be blinking steadily), plug in the power cable.

Step 8. Run the following commands in Terminal:

    cd ~/desktop/tethered
    ./tetheredboot -i iBSS.k66ap.RELEASE.dfu -k kernelcache.release.k66

NOTE:  It will loop a complaint re: DFU mode, just ignore this, once you are finished getting in DFU mode tethered boot will take over.

Step 9. Now manually put the Apple TV in DFU mode. (*DO NOT USE PWNAGETOOL*)

To enter DFU mode manually:

  • Connect your Apple TV with your Computer via microUSB.
  • Now reboot your Apple TV by holding down Menu + Down buttons together for around 6 seconds.
  • After reboot, immediately hold Menu + Play until you see the message in iTunes saying that Apple TV in recovery mode is detected.

Successful output from tethered boot will look something similar to this:

Initializing libpois0n
No matching processes belonging to you were found
Waiting for device to enter DFU mode
Device must be in DFU mode to continue
opening device 05ac:1227…
Found device in DFU mode
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as AppleTV2,1
Preparing to upload limera1n exploit
Resetting device counters
Sending chunk headers
Sending exploit payload
Sending fake data
libusb:error [darwin_transfer_status] transfer error: timed out
Exploit sent
Reconnecting to device
Waiting 2 seconds for the device to pop up…
opening device 05ac:1227…
Uploading iBSS.k66ap.RELEASE.dfu to device
[==================================================] 100.0%
libusb:error [darwin_reset_device] ResetDevice: device not responding
libusb:error [darwin_close] USBDeviceClose: no connection to an IOService
Waiting 10 seconds for the device to pop up…
opening device 05ac:1281…
Setting to configuration 1
Setting to interface 0:0
Uploading kernelcache.release.k66 to device
[==================================================] 100.0%
libusb:error [darwin_transfer_status] transfer error: device not responding (value = 0xe00002ed)

Step 10. If all went well, unplug USB and plug in HDMI and your Apple TV should be ready to go. You will need to repeat Steps 7-9 every time you restart your Apple TV, this isn’t a convenient process by any stretch!

Once you are done with the jailbreak, you can install the following apps on your jailbroken 2nd-gen Apple TV:

Required download links are as follows:

Download iOS 4.2.1 for Apple TV
Download iTunes 10.1.1 for Mac OS X
Download PwnageTool 4.1.3 for Mac OS X
Download PwnageTool 4.2.1 Bundle for Apple TV 2G
Download Tetheredboot utility for Mac OS X

Source: NitoTV

You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest iPhone jailbreaking and unlocking releases.