[GUIDE] How to Jailbreak iOS 4.3 using Pwnagetool

Apple iOS 4.3GM was released yesterday and it looks like it has already been jailbroken for the iPhone 4. However this is still a tethered jailbreak, which means that you will have to boot it into the jailbroken state every time you reboot. The final version of iOS 4.3 has been released and it looks like the same guide can be used to Jailbreak iOS 4.3. 

For the Unlock head over to the Unlocking section of this guide.

This guide requires an Mac OS X computer.

Users of iPhone 4/3GS, iPad 1/2 and iPod Touch 3/4 can follow the instructions below to jailbreak iOS 4.3 using a combination of PwnageTool 4.2, Universal Ramdisk Fixer and tetheredboot utility.

Modifying the PwnAgeTool

• Download PwnageTool bundle for your version of iOS device:
• iPhone 4
• iPhone 3GS Old | New Bootrom
• iPad
• iPod Touch 3G | 4G
• Extract the zipped folder. 
• You will find a .bundle (iPhone3,1_4.3_8F190.bundle)file.
• Move this file to your desktop
•  Download PwnageTool 4.2
• copy it to /Applications directory
• right click, and click 'Show Package Contents'.
  
  
  
  
  
  
  
  
• Navigate to Contents/Resources/FirmwareBundles/
  
  
  
  
  
  
  
  
• Paste iPhone3,1_4.3_8F190.bundle in here.
  
  

Creating Custom Ramdisk for iOS 4.3 Custom Firmware

• Download Universal Ramdisk Maker and simply install it as shown in the screenshots below. This step is required as the Ramdisk in the current version of PwnageTool isnt ready for iOS 4.3 and The Universal Ramdisk Maker patches PwnageTool for iOS 4.3. Once downloaded install the application.

Building iOS 4.3 Custom Firmware

• Download iOS 4.3 Final or developers download iOS 4.3 GM Firmware. 
• Start PwnageTool in 'Expert Mode' and select your device:
  
  
  
  
  
  
  
  
•  Browse for the IPSW file you just moved to your desktop.
  
  
  
  
  
  
  
  
• Next select 'Build to start creating your custom 4.3 firmware file.
• Pwnage tool will create a custom .ipsw file for your iPhone to be jailbroken with.
• Quit PwnageTool once file is created.

Restore custom iOS 4.3 firmware using iTunes

• Start iTunes
• Select your iOS device from the iTunes sidebar.
• Press and Hold 'Left Alt' on your Mac keyboard ('Left Shift' on Windows).
• While holding the above mentioned key click 'Restore'.
• A windows will open asking you to point to your firmware file. 
• Select the file you just created. iTunes will do the rest.

Booting Tethered Mode

Since there is no untethered jailbreak for iOS 4.3 you will have to boot into a tethered jailbroken state. To do this you will have to use the 'tetheredboot' utility.

• Download tetheredboot.zip for Mac OS X and extract the file.
• Make a copy of your recently created custom firmware.
• Rename the copy from .ipsw to .zip and extract the file to a folder.
• Copy kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu found under /Firmware/dfu/
•  create a new folder named 'tetheredboot' on the desktop and move these files mentioned above along with the tetheredboot utility.
• Turn off your iOS device, start Terminal in OS X and run the following commands:
• sudo -s
• Enter your admin password:
• /Users/(username)/Downloads/tetheredboot/tetheredboot
• /Users/(username)/Downloads/tetheredboot/iBSS.n90ap.RELEASE.dfu
• /Users/(username)/Downloads/tetheredboot/kernelcache.release.n90
• Use your account name where (username)
• Press 'Enter'
• Once the code has finished running you will be asked to enter DFU mode:
• Hold Power and Home button for 10 seconds
• Release Power button, but continue holding Home button for 10 more seconds.
• Your device should now be in DFU.
• Wait for your device to boot, Terminal will show: 'Exiting libpois0n'.
  
  
  
  

After a while your iDevice will be booted in a jailbroken tethered mode.