iPad 4.3.1 Jailbreak Guide

Apple has finally rolled out iOS 4.3.1 for the iPad and it did not take a long time for the jailbreak community to jailbreak the iPad. Just like the iOS 4.3 iPad jailbreak, this one too is tethered. This implies that your iPad will boot into jailbroken state everytime you do a soft reset / reboot.


First, you will need to download pwnagetool bundle. All links are the bottom of this post. Download it and extract it. Inside, you will find a bundle file. Choose, the bundle “iPad1,1_4.3.1_8G4.bundle” and move this bundle file to your desktop. Then, download an app called “pwnagetool 4.2″ from the link given below and copy it to the Applications directory. Start the app. Right click it to select “Show Package Contents” from the pop-up menu.


Start up finder and navigate to “Contents/Resources/FirmwareBundles/” and paste the “iPad1,1_4.3.1_8G4.bundle” I mentioned in the previous step. Now, we are going to make a Ramdisk for the iOS 4.3.1. To do that, we will need to install “Universal Ramdisk maker” (again, link given below). Install it and run it.


Now, you will need to download iPad 4.3.1 firmware. Download it to your desktop. Start the pwnagetool in “expert mode”. Select iPad from the 3 images being shown.


Browse and select the iOS 4.3.1 firmware for iPad. Now, select “build” to create custom iOS 4.3.1 firmware. This will create a custom .ISPW file (jailbroken) for the iPad.


Now, we will need the iPad enter DFU mode. 

* Hold Power and Home buttons for 10 seconds
* Now release the Power button but continue holding the Home button for 10 more seconds
* You iPad should now be in DFU mode

Now, fire up iTunes and select your iPad from the sidebar. Press and hold the option button and click on restore button to select the custom firmware you created in the previous step. This will now flash the new firmware 4.3.1


Since there is no untethered jailbreak for the iOS 4.3.1, we will have to jailbreak it into tethered mode.

Download Tetheredboot and extract it. Now, we need two files for custom 4.3 GM firmware which are kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu. So, we will make a copy of the custom IPSW file we created earlier and change its extension from IPSW to .zip. Extract this file then. Copy kernelcache.release.n90 and iBSS.n90ap.RELEASE.dfu files under /Firmware/dfu/ . Now, move all of these files along with the tetheredboot utility to a new folder called “tetheredboot” on the desktop.

Turn the iPad off and fire up Terminal app on your Mac computer. Type in these commands:

sudo -s

Enter your password. Enter these (replace “jazz” by your username) and press enter.


You will asked to enter DFU mode. For this:

* Hold Power and Home buttons for 10 seconds
* Now release the Power button but continue holding the Home button for 10 more seconds
* You device should now be in DFU mode

[pwnage bundle 4.3.1] [pwnagetool 4.2 download link] [download universal Ramdisk maker]

Note – iPad 2 jailbreak is still not available. I repeat, this jailbreak method works for iPad 1 only.

Note 2 – Windows Jailbreak for iOS 4.3.1 is not released. If you still on iOS 4.3, make sure to check out my iPad 4.3 Jailbreak guide.