How to Jailbreak iPad on iOS 4.3 GM Using PwnageTool [Guide]

PwnageTool bundle for jailbreaking iOS 4.3 on iPad has been released. You can use this bundle with existing version of PwnageTool to create custom firmware files that are jailbroken for the first-generation iPad.

The jailbreak though will be tethered, which means that you will have to boot into jailbroken state using ‘tetheredboot’ utility on every reboot.

Follow the instructions below to jailbreak iPad on iOS 4.3.

You will need the following:

  • PwnageTool 4.2
  • Access to iOS 4.3 GM firmware
  • iTunes 10.2
  • Mac OS X
  • PwnageTool bundle for iOS 4.3 GM (iPad)
  • tetheredboot utility

Modifying PwnageTool

Step 1: Download the .zip file that contains PwnageTool bundle for iPad. Unzip it to a folder and inside that folder there will be a file named .bundle file iPad1,1_4.3_8F190.bundle. Put this file to your desktop.

Step 2: Download PwnageTool 4.2 and place it in /Applications directory. Show the Package contents by right clicking and then clicking on “Show Package Contents”.

iOS 4 Jailbreak (1)

Step 3: Inside Contents/Resources/FirmwareBundles/ copy and paste the iPad1,1_4.3_8F190.bundle file.

Building iOS 4.3 Custom Firmware

Step 4: Download the official iOS 4.3 GM firmware for iPad and move it to your desktop.

Step 5: Run PwnageTool in “Expert mode”, Select your device that you want to jailbreak (that is iPad):

Step 6: In this step, a file browser will open when you click “Browse for IPSW”. Here select the .ipsw file that you downloaded in one of the previous step.

Step 7: Click “Build” to select it. Custom firmware creation will start.

Step 8: PwnageTool shows the following screen when IPSW building is in progress.

Step 9: Enter your device in DFU mode. PwnageTool will show the following screen when your device successfully enters DFU mode. An iOS device can be entered in DFU mode by holding power and home buttons for 10 seconds and then releasing the power button while holding the home button for further 10 seconds.

    Restore iOS 4.3 Custom Firmware on iPad Using iTunes

    Step 10: The custom cooked iOS firmware can be restored via iTunes. In iTunes, open your iOS device and click “Restore” button while holding “alt/option” key on Mac and “Shift” key on Windows. This will open a file browser that will allow you to select the custom .ipsw firmware file.

    Step 11: iTunes will automatically reboot your device to a jailbroken state running iOS 4.3 when it’s done with restoring process.

    Booting in Tethered Mode

    To make this jailbreak tethered, you need to use a utility named “tetheredboot” (there is no untethered jailbreak for iOS 4.3 yet). Here is how you can do it.

    Step 12: First download tetheredboot.zip utility unzip the .zip file.

    Step 13: Make a copy of the custom .ipsw file that you created recently and change it’s file extension to .zip. extract the contents of this .zip file.

    In the extracted contents, look for kernelcache.release.k48 file, and  iBSS.k48ap.RELEASE.dfu files which are found under /Firmware/dfu/.

    Move these files to a new folder named “tetherboot”. Make this folder on your desktop. See the screenshot below:

    Step 14: Make sure your iPad is turned off. Start Terminal and execute the following commands:

    sudo -s

    enter your administrator password, then:

    /Users/TaimurAsad/Downloads/tetheredboot/tetheredboot
    /Users/TaimurAsad/Downloads/tetheredboot/iBSS.k48ap.RELEASE.dfu
    /Users/TaimurAsad/Downloads/tetheredboot/kernelcache.release.k48

    You will have to of course replace “TaimurAsad” with the name of the directory on your computer.

    now press enter.

    Terminal will appear to be running some code and will ask you to enter your device in DFU mode. See Step 8 to know how to enter your iOS device in DFU mode.

    Your iPad will reboot and Terminal will show “Exiting libpois0n” message. Your iPad will restart to a jailbroken tethered state later. Done!

    Looking to jailbreak iPhone 4 on iOS 4.3? Follow the complete step by step instructions posted here to jailbreak iPhone 4 on iOS 4.3 using PwnageTool.

    UPDATE 1: PwnageTool bundles for jailbreaking iPod touch 4G / 3G on iOS 4.3 can be found here.

    (Credits: iH8sn0w and jcf_dev for PwnageTool bundles)

    You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest iPhone jailbreaking and unlocking releases.