HOW TO: Use Redsn0w 0.9.6rc9 To Untethered Jailbreak iOS 4.3.1 [Mac & Windows]

The iPhone DevTeam has just released an update to their redsn0w which allows us to untethered jailbreakiOS 4.3.1. The 4.3.1 untether exploit comes courtesy of Stefan Esser (@i0n1c on twitter), a security researcher based in Germany. Stefan has a long history of vulnerability research, and ironically his first contribution to theiPhone jailbreak community was improved security — last year he beat Apple to the punch and implemented ASLR for jailbroken iPhones with his “antid0te” framework.

The 4.3.1 untether works on all devices that actually support 4.3.1 except for the iPad2:

  • iPhone3GS
  • iPhone4 (GSM)
  • iPod touch 3G
  • iPod touch 4G
  • iPad1
  • AppleTV 2G (PwnageTool only for now)

The reason the untether won’t work as-is on the iPad2 is that it requires a bootrom or iBoot-level exploit toinstall, and the iPad2 is not susceptible to either the limera1n or SHAtter bootrom exploits.

WARNING WARNING — ultrasn0w users don’t update yet! We need to first release an update to ultrasn0w that fixes some incompatibilities when FW 4.3.1 is used on the older basebands supported by ultrasn0w.  And remember once we do fix ultrasn0w for 4.3.1 (we’ll announce it here and on twitter), you must only get there via a custom IPSW from PwnageTool, Sn0wbreeze or xpwn!  Don’t ever try to restore or update to a stock IPSW, or you’ll lose the unlock!

What you need:

  • iOS 4.3.1
  • redsn0w ( Mac or Windows )

HOW TO:

NOTE: the process is identical on both Mac OSX and Windows, and also identical with previous redsn0w releases. The images used in this tutorial are from previous redsn0w tutorial, so do not be alarmed.

1. Restore your device with a stock iOS 4.3.1 firmware. ( again, by doing this you will loose the ability to unlock!!!)

2. Run redsn0w, and click on browse. Browse for the stock iOS 4.3.1 and open it

3. Wait for redsn0w to recognize it and click ‘Next’

4. On the next screen select what you want to be installed on your iOS device(s). By default, Cydia and ‘enable battery percentage’ is selected. I suggest you deselect battery percentage and everything else, and just install Cydia. This will improve ( a bit ) the overall speed of your device – if you are on a iPhone 3G. If you choose to “Enable battery percentage”, you actually toggle that off and on via Settings->General->Usage.

IF you only need to restore with a custom firmware, deselect everything, and select only “Just enter pwned DFU mode right now”

5. redsn0w will ask you to turn your device off. If it’s not already off, plug it in FIRST and then turn it off. Click next to continue

6. Now, you will need to put your device in DFU mode. Follow the instructions on the screen.

7. Wait a few seconds for redsn0w to do its thing, and you are done. You can close redsn0w because everything else it’s happening directly on the device.

NOTE: Any Windows users seeing “Waiting for reboot” for too long (more than 20 seconds or so), please try “shaking” the JB process by unplugging then replugging your USB cable (while letting redsn0w continue to run). Also, try using a USB port “closer” to your computer (as opposed to on your monitor or behind another hub).