iPhone Dev Team had released PwnageTool 4.3 few weeks back, which allows users who want to jailbreak and also unlock their iPhone to update their iPhone with a pre-jailbroken iOS 4.3.1 while preserving the baseband from getting upgraded so that it can be unlocked using Ultrasn0w.
This guide will provide iPhone 4 and iPhone 3GS users with step-by-step instructions to update and jailbreak their iPhone with iOS 4.3.1.
Some important points before the step-by-step instructions:
-
Please note that jailbreaking your iPhone may void its warranty so proceed with caution.
-
Don’t forget to backup your iPhone before you proceed. You can refer to this post for instructions on how to backup your iPhone.
-
Please ensure that your iPhone has enough charge.
-
This guide is only for iPhone 4 and iPhone 3GS users.
-
iPad, iPod Touch and iPhone users who don’t care about unlocking or preserve their iPhone’s baseband can use Redsn0w to jailbreak their iOS device on iOS 4.3.1 as it is a lot easier.
-
PwnageTool is only supported on Mac OS X and is not supported on Microsoft Windows. Windows users should use Sn0wbreeze, which unofficial version of PwnageTool for Windows.
-
Users who want to unlock their iPhone:
-
PwnageTool does not unlock your iPhone.
-
You can use Ultrasn0w to unlock your iPhone after you have successfully updated and jailbroken your iPhone with iOS 4.3.1.
-
But there is a catch. Ultrasn0w 1.2.1 can only unlock the following basebands (you can check the baseband by going to Settings –> General –> About –> Modem Firmware):
-
iPhone 4 baseband – 01.59.00
-
iPhone 3GS basebands – 04.26.08, 05.11.07, 05.12.01, 05.13.04 and 06.15.00.
-
-
So if your iPhone is currently on baseband mentioned above then PwnageTool 4.3 will allow you to create a custom pre-jailbroken iOS 4.3.1 and preserve the baseband so that you can unlock your iPhone using Ultrasn0w 1.2.1.
-
If you accidentally upgraded your iPhone 4 with iOS 4.3.1/iOS 4.3/ iOS 4.2.1/ iOS 4.1 then its baseband would have got upgraded to 02.10.04/ 03.10.01/ 04.10.01. Unfortunately, 02.10.04, 03.10.01, 04.10.01 basebands for iPhone 4 cannot be unlocked nor can it be downgraded currently.
-
Similarly, if you accidentally upgraded your iPhone 3GS with iOS 4.3.1/iOS 4.3/ iOS 4.2.1/ iOS 4.1 then its baseband would have got upgraded to 05.14.02/ 05.15.04/ 05.16.01/ 05.16.02. Unfortunately, 05.14.02, 05.15.04, 05.16.01, 05.16.02 basebands for iPhone 3GS cannot be unlocked nor can it be downgraded currently.
-
-
After the jailbreaking process is complete, do not forget to checkout our article on tips to keep your iPhone secure. Also, remember to change the password of your jailbroken iPhone.
-
Please read the instructions carefully especially the ones highlighted in bold.
If you meet the requirements mentioned above then you can proceed with the step-by-step instructions to jailbreak your iPhone using PwnageTool.
Step 1: Download PwnageTool 4.3 from here or here and save it in a folder named “Pwnage” on your Mac desktop.
Step 2: You also need to download the iOS 4.3.1 firmware file (use Firefox or Chrome to download the firmware file instead of using Internet Explorer or Safari):
iOS 4.3.1 firmware file for iPhone 4 users (iPhone3,1_4.3.1_8G4_Restore.ipsw)
iOS 4.3.1 firmware file for iPhone 3GS users (iPhone2,1_4.3.1_8G4_Restore.ipsw)
Step 3: Double click and launch the PwnageTool. This will create a PwnageTool icon that you can click and drag into the Pwnage folder.
Step 4: Double click on the PwnageTool icon to launch the application. You will be presented with a warning. Click ‘OK’ to proceed.
Step 5: The PwnageTool window will now open. On the top menu bar, click on the Einstein icon to select “Expert mode“.
Step 6: You will also need to select your device from the next screen. Click on the iPhone 3G, 3GS, 4 picture to select the model. Click the blue arrow button at the bottom-right side of the window to continue.
Step 7: The application will now ask you to “Browse for IPSW“. If the application does not automatically pick the appropriate IPSW, you may click on the ‘Browse for IPSW‘ link and select the IPSW file (iPhone 4 users: iPhone3,1_4.3.1_8G4_Restore.ipsw and iPhone 3GS users: iPhone2,1_4.3.1_8G4_Restore.ipsw) that you have saved on your desktop Pwnage folder. Click on the blue arrow button to proceed.
Step 8: You will now be shown the Firmware bundle customization page. Click on ‘General‘ and press the blue arrow button to continue.
Step 9: In ‘General Settings‘, you will find an option that reads ‘Activate the phone‘. Check this option if you are NOT using an official iPhone carrier. Deselect the option if you are with an official network carrier. Press the blue arrow to proceed.
Step 10: In the ‘Cydia Settings‘ window, click on the ‘Download packages‘ tab and press ‘Refresh‘. This will display all the available packages. Select the ones you want (OpenSSH and OpenSSL) and then click on the blue arrow button.
Step 11: Now click on the ‘Select Packages‘ tab. You will see the selected packages displayed here. Press ‘Select All‘ and click on the blue arrow button to continue.
Step 12: The ‘Custom Packages Settings‘ window will list package settings for your custom .ipsw. Click on the blue arrow button to move to the next step.
Step 13: Here you have the option to change logos for Boot and Recovery. You can choose the default images or click on browse to provide your own logos. Do note that the images need to be in grayscale/RGB with a maximum dimension of 320×480. Once selected, press the blue arrow button to continue.
Step 14: You are now ready to start the Pwnage process. Click on the Build button to select it and then click on the blue arrow to start the Pwnage process.
Step 15: The application will now prompt you to save your custom .ipsw file. Save the file in the Pwnage folder on your desktop. Save the file with a suffix Custom_Restore so that you can easily identify it. The IPSW file will take close to ten minutes to be completely built.
Step 16: You will be prompted to enter your administrator credentials. Enter the details and click ‘OK’.
Step 17: You will then be prompted if your iPhone has been Pwned before, click on “No”.
Step 18: After the custom ipsw has been built you will be asked to connect your iPhone to the computer. Once it detects your device PwnageTool will guide your through the steps to putting your iPhone into DFU mode.
Press and hold the power and home buttons for 10 seconds.
Then release the power button and continue holding the home button for 10 seconds.
Once your iPhone is successfully in DFU mode, PwnageTool will prompt you to launch iTunes.
Step 19: iTunes will now prompt you with a message that reads “iTunes has detected an iPhone in recovery mode“. Press OK. Your iPhone is now in recovery mode.
Step 20 : While on the iTunes window, hold the Alt/Option key and click on the ‘Restore‘ button. (This is a VERY IMPORTANT STEP as just pressing the “Restore” button will result in restoring your iPhone with the latest firmware, which is iOS 4.3.1 firmware currently, by holding down Alt/Option button, allows you choose the custom iPhone firmware file).
Step 21: Navigate to the Pwnage folder on your desktop and select the custom IPSW file (REMEMBER the custom firmware file with Custome_Restore suffix) that was just built (and NOT the original firmware file). Click on the ‘Choose‘ button to proceed.
Step 22: iTunes will now restore the custom firmware on your iPhone. The process will take up to 10 minutes. Once it is completed, your iPhone will reboot and should be updated with iOS 4.3.1. It should also be successfully jailbroken and you should find Cydia jailbreak app on your iPhone’s home screen..
If you’re new to the jailbreaking world and wondering what to do after jailbreaking your iPhone, checkout our jailbreak apps category page to find out the apps you can install on your iPhone using the Cydia app.
We hope you found this tutorial useful. Please let us know how it goes in the comments below.
