Renowned PwnageTool bundle creator Msftguy is back with his latest release i.e a PwnageTool bundle for jailbreaking iOS 4.3 Beta 1 on iPhone 4. However, the process is quite complex and is aimed for advanced users only as it requires you to create a ramdisk in order to achieve the jailbreak. In addition, you must also be enrolled in either iPhone Developer Standard or Enterprise Program and most importantly, own a computer running Mac OS.
WARNING : This jailbreak is intended for advanced users only. If you do proceed and unfortunately end up bricking your iPhone, iTD is not to be held responsible!
Download custom PwnageTool bundle from here.
Download iOS 4.3 beta 1 for iPhone 4.
Download PwnageTool v4.2.1 from here.
Modify PwnageTool with the above custom bundle to accept iOS 4.3 beta firmware
Right click PwnageTool and then click on “Show Package Contents”.
Navigate to Contents/Resources/FirmwareBundles/ and paste custom “.bundle” file in this location, then close the folder.
Create an iOS 4.3 custom firmware for iPhone 4 using the PwnageTool.
Create your own ramdisk using the following steps: (source)
Tools needed: OS X, xpwntool
Unpack the original ramdisk: xpwntool orig_restore_rd.dmg restore_rd.dec.dmg -iv .. -k .. (use the keys from wiki)
Mount the ramdisk: hdiutil attach restore_rd.dec.dmg
Free up some space: rm /Volumes/ramdisk/(some unneeded large-ish file)
Patch asr: mv /Volumes/ramdisk/usr/sbin/asr /tmp/; bspatch /tmp/asr /Volumes/ramdisk/usr/sbin/asr (bundle_path)/asr.patch
Change the restore options: edit /Volumes/ramdisk/usr/local/share/restore/options.plist with Property List Editor, add ‘UpdateBaseband’ = false – see https://theiphonewiki.com/wiki/index.php?title=Preventing_Baseband_Update for details
Unmount the ramdisk: hdiutil detach /Volumes/ramdisk
Re-encrypt the ramdisk: xpwntool restore_rd.dec.dmg pwned_restore_rd.dmg -t orig_restore_rd.dmg -iv .. -k ..
Replace the ramdisk inside of CFW produced by the Pwnage Tool with pwned_restore_rd.dmg You can either unzip and re-zip the CFW or replace it inside of /tmp/ipsw dir when PwnageTool is running.
Use tetheredboot to boot into tethered mode.