Unlock iPhone 4 On iOS 4.3.5 Using Pwnage Tool [Guide]

iOS 4.3.5 was recently released by Apple to fix a security issue with certificate validation.Thankfully Redmondpie Team has cooked a custom PwnageTool bundle that will allow you to jailbreak iOS 4.3.5 and Preserve Baseband unlock.

 

Here's what you will need:

• iOS 4.3.5 IPSW for iPhone 4 [Download]
• iTunes 10.4 [Download]
• PwnageTool 4.3.3 [Download]
• PwnageTool Bundle [Download]
• tethered-boot utility [Download]

Warning:If your baseband is 4.10.1 Do not update to iOS 4.3.5 as there is no unlock for it now.

 Modify PwnageTool For Custom Bundle

Step 1: extract the custom bundle we mentioned above and drag it to your desktop.

Step 2: drag the PwnageTool app to the /Applications folder but do not launch it yet. Instead, right-click it and select Show Package Contents, in order to insert the bundle. For reference, check out the screenshot below.

 

Step 3: you should now see a Finder window identical to the one below. Navigate over to Contents/Resources/FirmwareBundles/ and place the .bundle file you had selected earlier to this location, then close the window.

 

Creating Custom 4.3.5 Firmware

Step 4: start up PwnageTool in Expert mode, as shown on the screenshot below. Select the device you’re using, then click on the blue arrow on the bottom-right corner of the window to proceed.

 

Step 5: when requested, point PwnageTool to the iOS 4.3.5 IPSW file you downloaded earlier, as shown in the screenshot below.

 

Step 6: on the next screen, you’ll be given the option to further customize the software you’re about to build. Feel free to toy around with these settings, but only if you know what you’re doing. If you’re not sure what to do, just click on "Build" as shown below. PwnageTool will then build a jailbroken firmware, a process that could take a few minutes, so kick back and have a soda.

 

Step 7: when instructed, you need to put your phone into DFU mode. Just do as follows:

Hold down both the Power and Home buttons simultaneously for 10 seconds.

Release the Power button but keep holding the Home button for 10 more seconds.

If your screen is black, you’re in DFU mode. If an iTunes logo is displayed, you’re in Restore Mode: just try the steps above a few more times, sometimes it doesn’t go well on the first try. Nonetheless, a notification will be displayed if you’ve managed to enter this mode correctly.

 

Restoring Custom 4.3.5 Firmware On iPhone

Step 8: once this process is done, you’re free to exit out of PwnageTool. Now launch iTunes and restore to the firmware file you’ve just created: select your device from the iTunes sidebar, and click Restore while holding down the Alt key on your keyboard. Select the firmware file you’ve just saved (make sure it’s the one created by PwnageTool, not the default firmware) and click Open. iTunes should now begin loading the jailbroken firmware to your device, avoid interacting it at this point. If everything goes as expecting, your device should be jailbroken at this point.

 

Booting iPhone In Tethered Mode

Since this is a tethered jailbreak, whenever you boot up your device you’ll have to plug it into your computer and run a small utility known as tetheredboot. You’ll need to follow the following Step 11 and Step 12 whenever you start up your device!

Step 9: place tetheredboot (download link at the beginning of the article) in an accessible directory.

Step 10: change the extension of the custom IPSW file you’ve just created to .zip by renaming the file, then extract it much like a real ZIP file. Navigate to /Firmware/dfu/ and copy two files (kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu) from that directory to the folder you’ve pasted tetheredboot utility into, as shown below.

 

 Step 11: with your device plugged in but turned off, bring up the Mac OS X Terminal (by heading to Applications/Utilities/Terminal), type in the following commend, press enter and insert your password when requested:

sudo -s

Then type in the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot

/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu

/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

if the commands above don’t work, try the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot –i

/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu -k

/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

Important: Make sure you replace /Users/TaimurAsad/Desktop/tetheredboot/ with the directory where you have placed the tetheredboot utility.

 

 If you’re not comfortable typing in commands, you can simply drag the 3 files in your tetheredboot folder right into the terminal window after the original sudo -s command.

Step 12: after some code runs through the terminal, you’ll be asked to set your phone into DFU mode. Do so, as shown below:

    Hold down both the Power and Home buttons simultaneously for 10 seconds.

    Release the Power button but keep holding the Home button for 10 more seconds.

    If your screen is black, you’re in DFU mode. If an iTunes logo is displayed, you’re in Restore Mode: just try the steps above a few more times, sometimes it doesn’t go well on the first try.

If you wait a few seconds, you should see “Exiting libpois0n” on the terminal. Your device is now in a jailbroken state until next time you power off.

Boot OS X Lion From USB Flash Drive [Guide]

Mac OS X Lion has been released yesterday, But only on Mac App Store and Apple announced that there won't be any physical DVD Copies from Lion, However a $69 USB flash drives of lion will be available in August. Here is how to get one before August.

First of all you will need to Access to the Mac App Store and a working Apple ID so you can purchase and download Lion. Also an empty  flash drive with at least 4GB of memory, 8GB would be better.

Here's what we will do:

Step 1: Download OS X Lion from the Mac App Store.

Step 2: Once downloaded, go to the Applications folder and find the copy of Lion you just downloaded.

Step 3: Right click on the downloaded file and select “Show Package Contents”.

Step 4: Go to “Contents” and jump inside the “SharedSupport” folder and you’ll find a file titled “InstallESD.dmg”. Copy this over to the desktop.

Step 5: Plug in a USB flash drive to your Mac having at least 4GB memory. We highly suggest going ahead with an 8GB one just to be on the safe side.

Step 6: Now open up “Disk Utility” and drag InstallESD.dmg from the desktop to the left-hand sidebar. Select the attached USB from left side and click on “Partition” tab.

Step 7: Select “1 Partition” from the Volume Scheme dropdown menu. Choose “Mac OS Extended (Journaled)” from the left.

Step 8: Now click on “Option” at the bottom. Select “GUID Partition Table” and press OK. Now click on Apply at the bottom right to start formatting.. (NOTE: This is will erase all data on your USB flash drive)

Step 9: Once the drive has been formatted, click on “Restore” (it’s right next to where you clicked on “Partition in Step 5).

Step 10: Choose USB drive you plugged-in in Step 5 as “Destination” with the InstallESD.dmg file as “Source”.

Step 11: Click Restore and type in your password. This will create the intended Lion bootable USB flash drive

Step 12: Reboot your Mac with the USB drive plugged in. Hold the “Option” key on your keyboard when you hear the iconic OS X startup chime. You can now boot into your Flash drive from there.

Step 13: Follow the on-screen instructions to install OS X Lion.

You may then follow Steps 12 and 13 to install Lion on all your Macs.

Downgrade your iOS 4.3.4 to 4.3.3, 4.3.2, 4.3.1 or 4.3 [Guide]

iOS 4.3.4 has been released recently for iPhone, iPad, iPod Touch and Apple TV 2G to patch the PDF security flaw used by Comex to Jailbreak iDevices with JailbreakMe 3.0. if you have saved SHSH blobs for iOS 4.3.3, 4.3.2 or 4.3.1, you will be able to downgrade from iOS 4.3.4 to anyone of them.

This Guide won't work with iPad 2 3G because its baseband can't be downgraded so far.

Step 1: Download the required IPSW file to which you want to downgrade to, the links are given below for your convenience:

iOS 4.3.3

iOS 4.3.2

iOS 4.3.1 

Step 2: Once you’ve downloaded the required IPSW file, its time you put your iPhone, iPad or iPod touch into DFU mode. The steps are as follows:

Connect your iPhone, iPad or iPod touch to your PC or Mac.

Turn your device off.

Now launch iTunes.

Hold down the Power button and the Home button simultaneously for 10 seconds.

After 10 seconds, release the Power button but don’t let go of the Home button, your computer should detect a new USB device.

At this point, iTunes will also recognize your device, whether its an iPhone, iPad or iPod touch.

At this point, your device’s screen should be off, if that’s so, then you’ve successfully put your device in DFU mode. If iTunes logo shows up, you’re in Recovery Mode, NOT DFU mode. 

Step 3: Here comes the tricky and the most important part, you’re going to fool iTunes into thinking that its in contact with Apple’s servers, whereas we’re going to change that to Saurik’s server. In order to do this, follow the steps given below:

Windows users:

Navigate to C:\Windows\System32\drivers\etc\ and locate the file named as “hosts”.

Mac users:

Mac users can access the “hosts” file by navigating to “/etc/” folder, which can be found through Go > Go to Folder from within Finder.

If you’re on Windows, then open the “hosts” file in Notepad. If on a Mac, then open the “hosts” file in TextEdit, and add the following line at the end:

74.208.105.171 gs.apple.com

Refer to the screenshot below if you’re having confusion:

Just save the file and close Notepad or TextEdit, and you’re all set for the downgrade.

A quick note for Windows 7 and Vista users: Start Notepad with “Administrator privileges”, that can be done by right-clicking the Notepad app, and there you will see the “Administrator privileges” option, simply click and launch.

A quick note for Mac OS X users: While saving the host file on your Mac, you should have complete read and write privileges in order to make changes. Getting a permission error? A simple workaround is to copy the host file to your Mac’s desktop, from there make the changes in TextEdit, save the file, and copy it back to the original location, and replace the original host file with the one which you just created. 

Step 4: Launch iTunes, choose your device from the left sidebar. Hold down the left “Shift” key if you’re on Windows or hold down the left “alt” key if you’re on a Mac and click on “Restore”, do not click anything else! A new window will pop up asking you for the location of the IPSW file.

Navigate to the desired firmware to which you want to downgrade to, in this case it can be either iOS 4.3.3, 4.3.2, 4.3.1, 4.3 or 4.2.1. Once you find the required IPSW file, click “Open” and let iTunes do its thing.

In a matter of few minutes, iTunes will install the version of iOS which you directed it to install. At this point you should see a progress bar on your device, everything is automated, therefore don’t do anything silly. Your device will reboot automatically when everything is done.

In some cases, iTunes will throw 1013 error, ignore it, its perfectly normal when downgrading. At this point, your device will be in Recovery Mode with your desired version of iOS fully installed.

You should see a screen like the one below:

Its quite simple to get out of Recovery Mode, simply down this nifty program called TinyUmbrella (Windows, Mac) along with Fix Recovery (Windows, Mac).

Once you’re done downloading TinyUmbrella, launch it, and then click on the “Exit Recovery” button. In a matter of seconds, your device will boot up normally.

Once you’re done with this, the last thing you’re going to do is remove the line you added to the “host” file in step 3, which is 74.208.105.171 gs.apple.com in order to receive updates from Apple’s servers normally.

That's it you are done, Hopefully we will have a jailbreak for iOS 4.3.4 soon.

Redsn0w 0.9.8b3: Tethered jailbreak For iOS 4.3.4 From iPhone Dev Team

Also RedSn0w reverts the carrier unlock, So if you are using one Don't use RedSn0w and Use PwnageTool bundles instead, And For the iPad 2 owners with a 3G or CDMA baseband should stay awy from this update to maintain your jailbreak. This update doesn't bring any new features just fixes for jailbreak exploits.

Remember this is a tethered jailbreak that will require you to connect the device to a 

computer every time you boot up.

Download RedSn0w 0.9.8b3 For Mac.

Download RedSn0w 0.9.8b3 For Windows.

iOS 4.3.4 Tethered Jailbreak For iOS 4.3.4

Apple have just released iOS 4.3.4 for iPhone, iPad, and iPod Touch. Now RedmondPie made a custom PwnageTool bundles which allows you to jailbreak iOS 4.3.4 on iPhone, iPad, iPod Touch but not iPad 2, and saves your baseband for an Ultrasn0w unlock later on.

Remember this is a tethered jailbreak that will require you to connect the device to a computer every time you boot up.

Here's how to jailbreak your iOS 4.3.4 and preserve your baseband and unlock it with Ultrasn0w.

Things you’ll need:

• PwnageTool 4.3.3

• iOS 4.3.4 firmware

• iTunes 10.3.1

• Mac OS X

• PwnageTool bundles for iOS 4.3.4

• tetheredboot utility

Important note:

There is no unlock for iOS 4.3.4’s baseband, hence do not hit the update button in iTunes if you rely on a carrier unlock.

Your baseband will be preserved during the whole process.

This jailbreak is semi-tethered.

Hacktivation is fully supported

Modify PwnageTool

Step 1: Download the custom PwnageTool bundle for iPhone 4 from this link. (Please DO NOT hotlink this file. These bundles have been created by Redmond Pie. Credit the original source. Thanks)

Extract the .zip on your desktop, and inside it you should see a .bundle file. For this guide we’re going to use the iPhone 4 bundle, you should choose the one that applies to your device. Move the .bundle file to your desktop.

Step 2: Download PwnageTool 4.3.3 and then copy it to the /Applications directory. Right click on the PwnageTool icon and then click on Show Package Contents. Refer to the screenshot below if you’re having confusion:

Step 3: Now you’re going to navigate to the following address: Contents/Resources/FirmwareBundles/ and paste the .bundle file which you copied to your desktop in this location.

Build Custom iOS 4.3.4 Firmware

Step 4: Download iOS 4.3.4 from this link tailored for your iOS device and save it on your desktop.

Step 5: Fire up PwnageTool in Expert mode and select your device as show in the screenshot below:

Step 6: Now you’re going to browse for the iOS 4.3.4 firmware for your device, direct it to the location where you downloaded the iOS 4.3.4 file.

Step 7: Now click on Build.

Step 8: PwnageTool will now create a jailbroken IPSW firmware file for your iOS device.

Step 9: Now you’re going to put your iOS device in DFU mode, follow the on screen steps on how to do so, they are as follows:

Hold down the Power and Home buttons simultaneously for 10 seconds.

Let go of the Power button but keep on holding the Home button for 10 seconds.

If you followed the steps correctly, then you’re in DFU mode.

Restore Your Device to iOS 4.3.4 Using iTunes

Step 10: Start up iTunes on your Mac and select your device from the sidebar on the left. Hold down the “alt” key on your keyboard and click on “Restore”, do not press “Update” or “Check for Update”.

Now a pop up window will appear, simply guide it to the jailbroken custom iOS 4.3.4 file which was created by PwnageTool, then click Open.

Step 11: From this point onwards, iTunes will do its thing and restore your device to the jailbroken iOS 4.3.4 custom firmware file. Don’t do anything crazy at this point, just let iTunes complete its job. When everything is done, your device will boot up into a custom jailbroken version of iOS 4.3.4.

How to Boot Tethered?

Since this is not a tethered jailbreak therefore you have to boot into the jailbroken state every time your device loses power. Simply follow the steps given below on how to do so using “tetheredboot” utility.

Step 12: Download the tetheredboot utility from this link. Extract the zip file.

Step 13: Make a copy of the custom iOS 4.3.4 firmware file which you created, rename it to .zip instead of .ipsw. And extract the file. We need two files from the extracted zip file, kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu.

Copy both these files under the location /Firmware/dfu/ from the custom iOS 4.3.4 firmware file. Now move them to the directory where the tetheredboot utility is lying, refer to the screenshot below:

Step 14: Turn off your iPhone, start Terminal on your Mac and type in the following commands:

sudo –s

Enter your administrator password, whatever that might be, then type the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot

/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu

/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

The commands might be a different on your Mac, replace “TaimurAsad” with the name of the user directory on your Mac accordingly.

Hit Enter key.

In case if the above doesn’t work, then try the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot –i

/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu -k

/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

Quick tip: Drag and drop the tetheredboot file, the iBSS file and then the kernelcache.release file into Terminal.

You will now see some code running in Terminal and in a short while, it will ask you to put your device in DFU mode, you can do so by following the steps given below:

Hold down the Power and Home buttons simultaneously for 10 seconds.

Let go of the Power button but keep on holding the Home button for 10 seconds.

If you followed the steps correctly, then you’re in DFU mode.

Wait for you device, and you should see “Exiting libpois0n” message on Terminal. In a short amount of time, your device will boot into the jailbroken tethered state, that’s it, you’re done.