We brought you a guide on how to jailbreak iOS 4.3 beta on iPhone 4 using Msftguy’s custom PwnageTool bundle back in Jaunary. Now, since iOS 4.3 is out of beta has been publicly released, a similar procedure with different PwnageTool bundles can be used to jailbreak iOS 4.3 on iPhone 4 GSM, iPhone 3GS (old bootrom) and iPhone 3GS (new bootrom). The process is primarily aimed for advanced users as it requires creating a ramdisk, but we’ll try to keep it as simple as possible.
NOTE: The PwnageTool bundles used here were released for GM build, however they work perfectly fine on the final release of iOS 4.3 as well. It is a tethered jailbreak, meaning you will have to reboot your device every time in a jailbroken state (we’ll show you how). Your baseband will not be upgraded.
Step 1: Download the following tools:
2) PwnageTool for iOS 4.3
3) PwnageTool bundle for your device from following links:
> iPhone 3GS (Old Bootrom)
> iPhone 3GS (New Bootrom)
5) iOS 4.3 for your device [Direct Links]
Step 2: Now we need to patch / modify PwnageTool with the downloaded custom PwnageTool bundle to jailbreak iOS 4.3.
1) Right click on the PwnageTool which you have already download and then click on “Show Package Contents”.
2) Navigate to Contents/Resources/FirmwareBundles/ and paste the downloaded custom bundle file in this location, then close the folder.
Step 3: We have to patch the Ramdisk now.
1) Launch Universal Ramdisk Fixer you downloaded.
2) Just follow the simple on-screen instructions to fix the ramdisk.
Step 4: Its now time to create custom iOS 4.3 firmware.
1) Launch iTunes.
2) Launch modified PwnageTool and select your iPhone. Then click the blue arrow to continue.
3) Now in “Browse for iPSW…” select the official iOS 4.3 which you downloaded in step 1.
4) Now create the custom firmware and save it on your computer.
Step 5: To restore this custom iOS 4.3 on your device, put your iPhone in DFU mode.
1) Simply follow the PwnageTool onscreen instructions for this purpose.
2) Once your iPhone is in DFU mode, launch iTunes and it will tell you it has found an iPhone in recovery mode.
3) To restore the custom iOS 4.3 firmware your’ve created, press the Alt/Option key and click on “Restore” in iTunes.
4) Wait for few minutes. Your iPhone will reboot jailbroken on iOS 4.3 after it has been restored successfully.
Step 6: Now, since this jailbreak is currently tethered, you’ll need to use TetheredBoot (downloaded in step 1) to boot it into jailbroken state. There are three files needed to make TetheredBoot work for iOS 4.3. These files are kernelcache.release.n90, iBEC.n90ap.RELEASE.dfu, and iBSS.n90ap.RELEASE.dfu.
To get these files, first change the extension of iOS 4.3 from .ipsw to .zip and then extract it. You will find the above files under /Firmware/dfu/ folder.
1) Put these three files and TetheredBoot utility into a folder and name it “tetheredboot”.
2) Now connect your device with your computer and boot it into “Recovery Mode”. This is done by holding power and home button until “Connect to iTunes” screen appears on iPhone.
3) Now start “Terminal” and run these commands:
Now type your admin password and run :
./tetheredboot iBSS kernel
4) You’ll be asked to put your device into DFU mode. Just follow the same method you used in step 5.
5) After a few moments, you will see “Exiting libpois0n” in the Terminal windows which indicates your iPhone will be booted within a few moments.