Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step-by-Step Guide]

by Jawwad in Guides, iPad, Mobile | 3 comments


Earlier in the day we reported the release of the iOS 4.3.1 then presented a guide on how to do a tethered jailbreak for the iPhone 4 on the iOS 4.3.1 – and now here is another great news for iPad owners, iOS 4.3.1 has been jailbroken for these users as well! However, every time you will start your iPad you will need to reboot it into jailbreak mode using tethered boot utility (re-jailbreak it every time you restart your phone) because custom iOS 4.3.1 jailbreak is available in tethered mode only for now. You can jailbreak iOS 4.3.1 yourself using Pwnage Tool (version 4.2), Tethered Boot Utility and Universal Ramdisk Fixer.

Just follow the following instructions:

Programs required:

Step 1: Download PwnageTool bundle for iOS 4.3.1 and extract the content into a folder.

Step 2: Because this guide is geared towards iPad we will be using iPad bundle file named “iPad1,1_4.3.1_8G4.bundle”. Copy this file to your desktop.

Step 3: Next you need to download the PwnageTool 4.2.

Step 4: Copy PwnageTool 4.2 in Application folder. Right click on the PwnageTool icon and click on “show Package Contents”.

image thumb | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

Step 5: Now you need to browse to Contents/Resources/FirmwareBundles/ and paste the iPad1,1_4.3.1_8G4.bundle file at this location which we copied on the desktop in step 2.

image13 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

Step 6: Because of the lack of support in PwnageTool 4.2 to patch the iOS 4.3.1 we need to use Ramdisk Fixer to create custom Ramdisk for iOS 4.3.1. You can download Universal Ramdisk Fixer using the above given links and install it.

image14 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

Step 7: Next step is to build iOS 4.3.1 custom firmware for which you need to download iOS 4.3.1 firmware (from the link mentioned in the start).

Step 8: Place iOS 4.3.1 firmware on your desktop.

Step 9: Launch PwnageTool in “expert mode” and select your device which in our case is iPad.

image42 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

Step 10: Locate iOS 4.3.1 which we copied on the desktop in step 8.

image16 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

Step 11: After selecting iOS 4.3.1 click on “Build” button to produce jailbroken custom iOS 4.3.1 ipsw file.

image17 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

Step 12: Once the custom firmware has been produced you need to go into DFU mode by clicking on DFU button on the Pwnage Tool.

    image18 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

    Step 13: Launch iTunes application and select iPad iOS device from the sidebar.

    Step 14: For Windows users press and hold left shift button and for Mac users press and hold “Alt” button on the key while clicking on “restore” button and select Custom iOS 4.3.1 jpsw file which we created in step 11.

    image19 | Jailbreak iPad on iOS 4.3.1 Using PwnageTool Bundle [Step by Step Guide]

    Step 15: Final step!, just wait till iTunes finish installing custom firmware on your iPad. Now you are on the iOS 4.3.1 on your iPad in tethered JB state!

    But, if you reboot you will have to use the following guide to do the tethered boot.

    Tethered Boot Guide:


    So far jailbroken iOS4.3.1 device is available only in tethered mode and to boot in to that mode after rebooting you device follow the following steps.

Step 1: You will need tetheredboot.zip utility which you can download using following link and Unzip the content of the file in folder named tetheredboot.

Step 2: Copy tetheredboot folder in downloads folder.

Step 3: Change the extension of the custom iOS 4.3.1 FW from .jpsw to .zip, and extract the content into a folder.

Step 4: Find and copy kernelcache.release.k48 and iBSS.k48ap.RELEASE.dfu files which will be located at /Firmware/dfu/.

Step 5: Paste kernelcache.release.k48 and iBSS.k48ap.RELEASE.dfu into tetheredboot (created after extracting the content of tetheredboot.zip).

Step 6: Now turn off your iPad and run terminal on OS X and type following commands

sudo -s

/Users/inspiredgeek/Downloads/tetheredboot/tetheredboot
/Users/inspiredgeek/Downloads/tetheredboot/iBSS.k48ap.RELEASE.dfu
/Users/inspiredgeek/Downloads/tetheredboot/kernelcache.release.k48

Use your user name in place of inspiredgeek.

Step 7: At this point you will notice some processing in the terminal window and you will be asked to Enter into DFU (Device Firmware Upgrade) mode on your iPad. To do so hold home and power buttons together for 10 seconds after which release power button while keep holding home button for another 10 seconds after which you will enter DFU mode.

Step 8: After a while “Exiting libpois0n” message on Mac OS X terminal window will appear and your iPad device will boot tethered jailbroken iOS 4.3.1!

You Might Like:




Get Free Email Updates


Inspired Geek is your primary source for latest tech news, guides and articles on Windows software, games, Apple and Android devices.


  • Get extensive coverage on latest tech news.
  • Exclusive guides on rooting, jailbreaking and unlocking mobile devices.
  • Useful apps and tips&tricks for your iOS and Android devices.
  • Exlclusive Top Countdowns for the best software.

This post was written by...

for Inspired Geek.

Hi! We are trying our best to make this spot most interesting and useful for discovering news, articles, tips & tricks and bringing you the latest in Computer, Mobile and Internet technology areas. Please support our efforts by giving your feedback, subscribing to Inspired Geek RSS (Link on top & bottom of the page), by promoting us on social websites (Facebook, Digg, Twitter, StumbleUpon etc.) or any other way you might feel convenient. Thanks for your support!

  • John

    Followed this and another guide. Pawnage says “wrong firmware file selected”

  • ramin

    It’s doesn’t work.

    Last step gives error MacOS 10.6.7×64.
    ./tetheredboot iBSS.k48ap.RELEASE.dfu kernelcache.release.k48
    Initializing libpois0n
    No matching processes were found
    Waiting for device to enter DFU mode
    opening device 05ac:1227…
    Found device in DFU mode
    Checking if device is compatible with this jailbreak
    Checking the device type
    Identified device as iPad1,1
    Preparing to upload limera1n exploit
    Resetting device counters
    Sending chunk headers
    Sending exploit payload
    Sending fake data
    libusb:error [darwin_transfer_status] transfer error: timed out
    libusb:error [darwin_reset_device] ResetDevice: device not responding
    Exploit sent
    Reconnecting to device
    libusb:error [darwin_close] USBDeviceClose: no connection to an IOService
    Waiting 2 seconds for the device to pop up…
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Connection failed. Waiting 1 sec before retry.
    Command completed successfully
    Unable to reconnect
    Unable to upload exploit data
    Exploit injection failed!

  • Marley

    The jailbreak works and I can launch Cydia, etc. after jailbreaking. but when opening iTunes to sync my iPad is not always recognized. When it is recognized and I try to sync iTunes freezes. Don’t know what the problem is. :-/

Previous post:

Next post:

wordpress counter