PwnageTool 4.1 is the new version of long running jailbreaking and hacktivation tool for Mac OS X platform which supports jailbreaking of iPhone 4, iPad, iPod touch 4G and Apple TV 2G, in addition to hacktivate iPhone on unofficial SIM card. PwnageTool 4.1 has been updated to use and exploit a vulnerability loophole on the boot ROM level of iDevices, which is related to USB and was introduced with by GeoHot in Limera1n jailbreak too, in addition to Comex userland jailbreak based on pf kernel exploit to make the jailbreak untethered, and iPhone Dev Team’s pwnage2 explit.
Note: PwnageTool 4.1 has been upgrade to version 4.1.1 and then to 4.1.2 to to fix jailbreaking issues for Mac OS X 1.5.x Leopard users. No new feature been added.
The new version of Pwnage Tool 4.1 can be used to build custom firmware files for A4 iDevices at iOS firmware OS software version 4.1, with the list of supported devices include:
- iPhone 4
- iPhone 3GS
- iPhone 3G
- iPad (running on iOS 3.2.2)
- Apple TV 2
- iPod touch 3G
- iPod touch 4G
The advantage of PwnageTool over ramdisk-based methods such as GreepPois0n, Limera1n or RedSn0w is that user can use PwnageTool to build and restore a custom IPSW file (iOS firmware). In addition, PwnageTool 4.1 does not include the latest 2.10.04 / 05.14.02 basebands of iOS 4.1, allowing user to restore and upgrade iPhone 4, iPhone 3Gs, iPhone 3G to a pre-jailbroken firmware OS software while preserving the current original baseband (and thus your ultrasn0w carrier unlock). Phone on older baseband can also be unlocked with Ultrasn0w for cross-carrier usage when needed. The newest baseband comes with iOS 4.1 does not yet been hacked, and cannot be unlocked.
Although PwnageTool 4.1 supports AppleTV 2G jailbreak, though apps are not ported for Apple TV 2G yet, nor Apple TV 2G can be used from remote. User with jailbroken Apple TV 2G can do command-line stuff via SSH, or use tools like iFunbox to move files around with afc2 available.
As PwnageTool 4.1 now attacks iDevices at bootroom-level, it means that the A4 processor based iOS devices are pwned for life, even if user upgrades to future firmware iOS versions. Best of all, with userland exploit bits integrated, the device will get untethered jailbreak forever. Tethered jailbreak requires users to plug in and connect the jailbroken device to computer to complete a restart or reboot, while untethered jailbreak does not require such step.
Pwnage Tool 4.1 now has an Expert mode with manual IPSW file selection instead of auto search by using Spotlight. The Expert mode also by default will hacktivate (active the iPhone without going through Apple), so for people with a legit SIM card, deselect the hacktivate option. The DFU button has also been improved to guide user through the DFU process, but then also runs the appropriate exploit to convince the device and iTunes that all is legit.
Download PwnageTool 4.1.2 (for Mac OS X)
Download PwnageTool 4.1 (for Mac OS X)
More download links can be found at iPhone Dev Team blog.
Video showing PwnageTool 4.1 in action:
Prior to the official release of PwnageTool 4.1, a unofficial workaround known as “PwnageTool Bundle” has been made available by msftguy. PwnageTool Bundle uses PwnageTool 3.1.5 or 4.01 to upgrade and jailbreak iPhone 3G and iPhone 3Gs to iOS 4, iOS 4.1 or iOS 4.2 (before official jailbreakers are released to support new version of iOS respectively). However, the iDevices must be on older bootrom version and has already been jailbroken with PwnageTool or Redsn0w (JailbreakMe or Spirit based jailbreak does not work), by loading a patched custom made copy of iOS created by PwnageTool Bundle.
PwnageTool Release History:
- PwnageTool 4.01: Jailbreak iPhone 3Gs, iPhone 3G and iPod touch 2G on iOS 4
- PwnageTool 4.0: Jailbreak iPhone 3Gs, iPhone 3G and iPod touch 2G on iOS 4
- PwnageTool 3.1.4: Jailbreak iPhone 2G, iPhone 3G and iPhone 3Gs, iPod touch 1G and iPod touch 2G on iOS 3.1.2
- PwnageTool 3.1.3: Jailbreak iPhone 2G, iPhone 3G and iPhone 3Gs, iPod touch 1G and iPod touch 2G on iOS 3.1
- Pwnage tool 3.1: Jailbreak iPhone 2G, iPhone 3G and iPhone 3Gs, iPod touch 1G and iPod touch 2G on iOS 3.1 and unlock iPhone