The iPhone DevTeam has just released an update to their PwnageTool which allows us to untethered jailbreak iOS 4.3.1. The 4.3.1 untether exploit comes courtesy of Stefan Esser (@i0n1c on twitter), a security researcher based in Germany. Stefan has a long history of vulnerability research, and ironically his first contribution to the iPhone jailbreak community was improved security — last year he beat Apple to the punch and implemented ASLR for jailbroken iPhones with his “antid0te” framework.
The 4.3.1 untether works on all devices that actually support 4.3.1 except for the iPad2:
- iPhone3GS
- iPhone4 (GSM)
- iPod touch 3G
- iPod touch 4G
- iPad1
- AppleTV 2G (PwnageTool only for now)
The reason the untether won’t work as-is on the iPad2 is that it requires a bootrom or iBoot-level exploit to install, and the iPad2 is not susceptible to either the limera1n or SHAtter bootrom exploits.
WARNING WARNING — ultrasn0w users don’t update yet! We need to first release an update to ultrasn0w that fixes some incompatibilities when FW 4.3.1 is used on the older basebands supported by ultrasn0w. And remember once we do fix ultrasn0w for 4.3.1 (we’ll announce it here and on twitter), you must only get there via a custom IPSW from PwnageTool, Sn0wbreeze or xpwn! Don’t ever try to restore or update to a stock IPSW, or you’ll lose the unlock!
What you need:
- iOS 4.3.1
- PwnageTool
HOW TO:
NOTE: the below tutorial is made using the previous version of PwnageTool. The process is exactly the same…
1. Load iTunes and sync your iDevice so you can backup. If you dont want to backup with iTunes, you can to it manually…
2. Download and load PwnageTool 4.2. You will get a pop-up window, click OK
3. Click on expert mode button, select your device and click on the blue arrow to continue.
4. In the next window, you will need to select the original firmware for your device. Click on Browse for IPSW and then click on the blue arrow…
5. In the next window select “General” and lets start customizing the firmware
5.1. In the next screen adjust the size of the partition or leave as it is and click on continue.
NOTE: Deselect Activate if you have an iPhone legitimately activated on an official carrier.
NOTE: You may need to increase the size of the root partition slightly. My first attempt failed at creating the IPSW until I increased the size to about 695 MB.
5.2 In the next screen you can add repositories and install any application that you want so when you restore your iDevice it will already be full of everything you need. To do this, first go to “Manage Sources” and add all the sources that you want. Now go to the “Download Packages” tab, refresh the list and select the apps that you want to be install and click on “Add to queue”. All the apps will be displayed in the “Select Packages” tab. Make sure everything is right and than click on the blue arrow to continue
5.3 In the next window you have the option to install Cydia or not. We suggest you do….
6 Now select “Build” and than click on the blue arrow to continue and start creating your custom firmware
6.1 Now you will be asked where you want to save the custom firmware. Choose your path and click on Save
7. Now wait until the custom firmware is built and saved on your computer
8. Now it’s time to put the iOS device into DFU mode. Connect your device to your computer turned ON and follow the steps on the screen
10. Once you are into DFU mode, open iTunes ( it will recognize a device in recovery mode ) , alt+restore and browse for the custom FW you just created. Wait for the restore
11. That’s it you’re done!
12. If you preserved the baseband you can install ulran0w via Cydia.