iOS 4.3.4 was released a few hours back, and already it has been jailbroken thanks to custom PwnageTool bundles.

PwnageTool-4.3-4

The jailbreak is tethered for now, but we’re certain that it will be untethered as soon as it is verified that I0n1c’s exploit has been patched in iOS 4.3.4 or not, we have our hopes high for this one. iOS 4.3.4 was released to patch the PDF vulnerability once and for all, something which JailbreakMe 3.0 takes advantage of when jailbreaking iOS 4.3.3 untethered. Keep in mind that this guide applies to Mac users only! Let’s get on with the jailbreaking part:

Step 1: Download PwnageTool from this link and the custom bundles from the link provided at the end of this post. Save the bundle file on your desktop. Make sure you download the bundle file that’s right for you.

Step 2: Copy PwnageTool to the Applications directory, right-click on PwnageTool’s icon, select Show Package Contents and left click.

Step 3: Navigate to: Contents/Resources/FirmwareBundles/ and paste the bundle file from your desktop to this location.

Step 4: Download iOS 4.3.4 from this link required for your type of device.

Step 5: Launch PwnageTool in Expert Mode and choose the device which is yours from the selection of three devices shown on the screen.

Step 6: Point PwnageTool to the location of the iOS 4.3.4 lying on your desktop and then click Open, then click on Build. At this point, PwnageTool will build a custom iOS 4.3.4 file which is jailbroken.

Step 7: Follow the on screen instructions to put your device in DFU mode.

Step 8: Restore the jailbroken iOS 4.3.4 to your device, this can be done by launching iTunes, from the sidebar choose your device, then click on the Restore button whilst holding down the left alt key on your Mac’s keyboard. A new window will open up, point it towards the custom iOS 4.3.4 file which you created using PwnageTool and click on Open. iTunes will now restore your device to the jailbroken iOS 4.3.4 file, it shouldn’t take more than a few minutes if everything goes smoothly.

Since this is a tethered jailbreak, therefore you need to follow the steps given below in order to boot your device into the jailbroken state again in case it restarts or powers down.

Step 9: Download tetheredboot utility from here, extract the zip file on your desktop inside a folder for easy access.

Step 10: Rename the custom iOS 4.3.4 file lying on your Mac to “.zip” extension from “.ipsw”. Once you’re done, extract the zip file.

Step 11: Go to the location /Firmware/dfu/ in the extracted iOS 4.3.4 zip file and look for the files named kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu, once you find them, place them inside the tetheredboot folder which you created on your desktop.

Step 12: Now open Terminal and punch in the following commands as shown below:

sudo –s

Enter your administrator password, whatever that might be, then type the following:

/Users/TaimurAsad/Desktop/tetheredboot/tetheredboot
/Users/TaimurAsad/Desktop/tetheredboot/iBSS.n90ap.RELEASE.dfu
/Users/TaimurAsad/Desktop/tetheredboot/kernelcache.release.n90

As RedmondPie points out, you should replace “TaimurAsad” with the name of the username which uses your Mac. Can be you or anyone, make sure what it is.

Step 13: Now you’ll see that Terminal will ask you to put your device in DFU mode. It can be done by performing the following combination.

  • Hold power and home button for 10 seconds
  • let go of power button and hold home for 10 seconds
  • You’re now in DFU mode

That’s it, you’re done. You’ll know boot into iOS 4.3.4 jailbroken tethered!

[Source RedmondPie 1, 2, 3]

Liked this post? Then follow our feed on Twitter or join our Facebook Fanpage for the latest updates! Or Subscribe to our RSS Feeds.

Follow the author of this post on Twitter by clicking this link.