PwnageTool is a software utility that can be used to jailbreak (root) and hacktivate the supported iDevices, including iPhone, iPad, iPod touch and Apple TV. PwnageTool 4.1.2 (initial release at version 4.1) is based on GeoHot’s Limera1n exploit, Comex userland pf kernel exploit, and iPhone Dev Team original pwnage2 exploit to jailbreak untethered on A4 processed based devices running on firmware iOS 4.1.

PwnageTool 4.1 supports iPhone 4, iPhone 3Gs, iPhone 3G, iPod touch 4G, iPod touch 3G and Apple TV running on iOS 4.1, plus iPad running on iOS 3.2.2. PwnageTool 4.1 can be used to build custom firmware file (.ipsw) which does not upgrade baseband of iPhone to latest 2.10.4 / 05.14.02 in order to preserve carrier unlock or use Ultrasn0w to unlock in future when need arises.

Here’s step-by-step instructions and guide on how to jailbreak iDevices on iOS 4.1 using PwnageTool 4.1 (or any of its minor versions such as PwnageTool 4.1.1, 4.1.2, 4.1.3, 4.1.4 and so on).

  1. Download and install iTunes 10.0.1.
  2. Download PwnageTool 4.1.x.
  3. Download the original iOS .ipsw package for the device to jailbreak – iOS 4.1 for iPhone, iPod touch and Apple TV or iOS 3.2.2 for iPad.
  4. Move all the downloaded files to Macintosh desktop.
  5. Run PwnageTool in Simple Mode (default).
  6. Select the type of device on PwnageTool.

    PwnageTool 4.1 Supported Devices

  7. PwnageTool should automatically detect the corresponding firmware bundle .ipsw for the selected device.
  8. At the prompt that asks “Do you have an iPhone 3G, 3GS, 4 contract that would activate normally through iTunes?”, click on No to preserve the device baseband for unlock.

    Jailbreak with PwnageTool to Latest Version iOS Preserving Baseband

  9. PwnageTool will build and create a custom .ipsw file for the iDevice which will be jailbroken with baseband preserved or upgraded.

    PwnageTool Build Custom Firmware IPSW

  10. Let the iDevice goes into DFU mode:
    1. Press and hold Power and Home buttons simultaneously for 10 seconds.
    2. Release the Power button and continue holding the Home button for 10 more seconds.
    3. The device will start in DFU mode.

    For Apple TV to goes into DFU mode:

    1. Connect Apple TV to computer via microUSB.
    2. Reboot Apple TV by pressing and holding Menu + Down buttons simultaneously for around 6 seconds.
    3. After restart, immediately press and hold Menu + Play buttons until a message in iTunes that indicates Apple TV in recovery mode is detected.

    PwnageTool Detects DFU Mode

  11. Launch iTunes.
  12. Select the device by clicking on the device’s icon at the iTunes sidebar.
  13. Press and hold Options keyboard button, and click on Restore (not “Update” or “Check for Update”) button in iTunes. Then, release the “Options” button.

    iTunes Restore

  14. iTunes will prompt user to select the .ipsw firmware file to restore. Select the PwnageTool-made custom .ipsw file and click on Open.
  15. iTunes will perform a series of steps automatically in order to install or restore the new firmware into iPhone, iPad, iPod touch or Apple TV. After installation is done, the mobile portable device will restart automatically, with the iDevice running on iOS 4.1 jailbroken with full root access.