[How-To] Jailbreak Apple TV 2G on iOS 4.2.1 with PwnageTool
Thursday, December 23, 2010
The developer behind NitoTV app for jailbroken 2nd-gen Apple TV has released an unofficial PwnageTool bundle which can jailbreak Apple TV 2G on the latest iOS 4.2.1 firmware with the existing version of PwnageTool. This jailbreak however is limited to tethered-boot only for now.
NOTE: We haven’t tested this yet, therefore proceed at your own risk only. The following instructions are posted as it is from the developer himself, if you are not an advanced user, you are strongly recommended to wait for the official tools from the iPhone Dev Team and / or Comex.
Before you proceed with the jailbreak, you will need the following:
- A MicroUSB cable
- iOS 4.2.1 for Apple TV
- PwnageTool 4.1.2 ( 4.1.3 is untested but could potentially work as well)
Step 1. Download PwnageTool, PwnageTool bundle for Apple TV iOS 4.2.1 firmware and Tetheredboot utility for Mac. Move PwnageTool to OS X’s Applications folder, and everything else into a new folder named “tethered” on the desktop.
Step 2. Open the Terminal app on Mac OS X. (if you don’t know where this is, you REALLY shouldn’t be doing this)
Step 3. Run the following commands (this will fail if you didn’t move files to the required folders as mentioned in Step 1)
cp -r ~/Desktop/tethered/AppleTV2,1_4.2.1_8C154.bundle /Applications/Step 4. Start PwnageTool and select iOS 4.2.1 for Apple TV to create a custom firmware for your device. Save this custom .ipsw file in the same “tethered” folder on the desktop.
PwnageTool.app/Contents/Resources/FirmwareBundles/
NOTE: Do not install any packages through Cydia in Expert mode, this produced very unpredictable results.
Step 5. Back in the Terminal, run the following commands:
unzip -j ~/Desktop/tethered/AppleTV2,1_4.2.1_8C154_Custom_Restore.ipswStep 6. Restore the Apple TV to the ~/Desktop/tethered/AppleTV2,1_4.2.1_8C154_Custom_Restore.ipsw firmware using iTunes. Note: Your Apple TV SHOULD be in DFU mode after finishing up with PwnageTool.
Firmware/dfu/iBSS.k66ap.RELEASE.dfu kernelcache.release.k66 -d ~/Desktop/tethered/
Step 7. Unplug and then replug the USB, after the Apple TV has finished starting up (will be blinking steadily), plug in the power cable.
Step 8. Run the following commands in Terminal:
cd ~/desktop/tetheredNOTE: It will loop a complaint re: DFU mode, just ignore this, once you are finished getting in DFU mode tethered boot will take over.
./tetheredboot -i iBSS.k66ap.RELEASE.dfu -k kernelcache.release.k66
Step 9. Now manually put the Apple TV in DFU mode. (*DO NOT USE PWNAGETOOL*)
To enter DFU mode manually:
- Connect your Apple TV with your Computer via microUSB.
- Now reboot your Apple TV by holding down Menu + Down buttons together for around 6 seconds.
- After reboot, immediately hold Menu + Play until you see the message in iTunes saying that Apple TV in recovery mode is detected.
Initializing libpois0nStep 10. If all went well, unplug USB and plug in HDMI and your Apple TV should be ready to go. You will need to repeat Steps 7-9 every time you restart your Apple TV, this isn’t a convenient process by any stretch!
No matching processes belonging to you were found
Waiting for device to enter DFU mode
Device must be in DFU mode to continue
opening device 05ac:1227…
Found device in DFU mode
Checking if device is compatible with this jailbreak
Checking the device type
Identified device as AppleTV2,1
Preparing to upload limera1n exploit
Resetting device counters
Sending chunk headers
Sending exploit payload
Sending fake data
libusb:error [darwin_transfer_status] transfer error: timed out
Exploit sent
Reconnecting to device
Waiting 2 seconds for the device to pop up…
opening device 05ac:1227…
Uploading iBSS.k66ap.RELEASE.dfu to device
[==================================================] 100.0%
libusb:error [darwin_reset_device] ResetDevice: device not responding
libusb:error [darwin_close] USBDeviceClose: no connection to an IOService
Waiting 10 seconds for the device to pop up…
opening device 05ac:1281…
Setting to configuration 1
Setting to interface 0:0
Uploading kernelcache.release.k66 to device
[==================================================] 100.0%
libusb:error [darwin_transfer_status] transfer error: device not responding (value = 0xe00002ed)
Once you are done with the jailbreak, you can install the following apps on your jailbroken 2nd-gen Apple TV:
- [How-To] Install Plex Media Center on Apple TV 2G
- [How-To] Install NitoTV Weather and RSS App on Apple TV 2G
Required download links are as follows:
Download iOS 4.2.1 for Apple TV
Download the latest version of iTunes (10.1.1) for Mac OS X
Download PwnageTool 4.1.3 for Mac OS X
Download PwnageTool 4.2.1 Bundle for Apple TV 2G
Download Tetheredboot utility for Mac OS X