- Although this had not been officially confirmed, the exploit used here is, more likely than not, the long awaited SHAtter. I am fairly sure because the JB comes with custom boot logo (and it is even animated) so it has to be an iboot/kernel level JB which is not exactly abundant.
- Chronic Dev Team was going to hold onto SHAtter for as long as they can, however it has been patched in beta versions of iOS 4.3 therefore there is no longer any point to save it anymore. They were almost pushed to use it for 4.1 back in October; however limera1n was released just in time so it did not happen.
- There is currently no usable exploit for 4.3 and up, however Redsnow's Monte mode should allow JB on all future versions as long as you have the shsh blobs for 4.2.1. (The essence of Monte is to insert a patched earlier kernel version at iBoot level, hence the blobs are needed by iTunes to sign the kernel and allow it to load untethered)
There are plenty of tutorials out there, however I am going to provide my workflow that is least likely to have many hiccups that you might come across otherwise (mainly the issues with activation and the utterly broken Cydia loader in both versions) This also allows for offline operation in case you don't have access to data service or wifi.
- Turn on your iPhone, connect it to your computer, back up everything in iTunes just in case. (nothing sould be lost unless you screwed up massively)
- Close iTunes, shut down iPhone by holding the Sleep button and slide the red slider as it appears.
- Run redsn0w 0.96rc8, choose the factory 4.21 firmware for your device, follow the instructions and choose "Install Cydia" when prompted. For 3Gs unlockers only: You can choose "install iPad baseband" at the same time to streamline the process.
- Run redsn0w again as in step 3 however choose "boot tethered".
- You should enter a fully jailbroken state, run Cydia to initialize it, check other system applications like Safari and make sure everything is working before turning the phone off again. Don't bother downloading any packages yet, we can leave this for later.
- Run greenpois0n RC5, follow the instructions. Note that there is a 5 second countdown at the start for "getting ready", this can be somewhat confusing if you become used to redsn0w's DFU routines.
- Keep the Home button pressed the whole time even after it says "complete", your iPhone should boot up in verbose mode in a minute, simply watch and you should be able to see the boot animation pretty soon.
- The phone will turn off automatically when everything is done; simply turn on the phone again to enjoy the benefits of untethered JB.
- Whenever errors come up or the phone gets stuck at any step for more than 5min in verbose mode, simply force power off by holding Sleep+Home for a few seconds and start over. It actually happens more often than thought so don't panic, just keep trying and it will work eventually. In the worst case you can always use trusty redsn0w to boot tethered and start over from step 6.
- Unlike limera1n, RC5 does not contain any activation bundles. If you are having trouble getting past the activation screen, you will have to run redsn0w 0.97beta6 to hacktivate. The usual precautions of hactivating still apply and it is always better to activate using the right carrier's SIM.
- RC5 is Mac-only and will fail within virtual machines or hackintosh. RC5_2 is said to work with VM at least however I still recommend getting hold of a Mac before wasting your own time due to pod2g's own impotency.
