For all those Windows users who've been SOL because they upgraded to iOS 4.2.1, here's the guide you've been waiting for!

It is possible to jailbreak your ATV2 running iOS 4.2.1 in Windows. However, this is not a true Windows jailbreak (yes it's a jailbreak, and you'll be doing it on your Windows machine, but as you'll see shortly, technically it's not a Windows jailbreak... at least not 100%). All the software needed to be able to recover the ATV2 with a modified .ipsw file & perform a tethered boot are available for Windows. What's lacking is the software to be able to modify the .ipsw natively in Windows. No, I've not written software to do this task, but I am going to tell you how to accomplish just this within Windows. How, you ask? With VMWare.

I'm sure some of you have either already gone this route or have realized it could be done. If you've not considered this, or don't know what VMWare is (or both), it's actually pretty simple concept (though a somewhat complicated process). VMWare is virtualization software that allows you to run a "guest" operating system on top of your natively installed OS. VMWare is available for Windows, Linux & OS X - this guide assumes you're running on Windows, but the same results could be achieved on Linux (though I don't know that you'll actually be able to recover with the modified .ipsw you'll create on Linux).

I'm not going into detail about how to get OS X installed as a guest machine in VMWare. Google is your friend here.
(tip: try Googling "os x vmware image [amd/intel]" choosing the appropriate processor for your machine - you'll save a lot of time )

Once you've got a working OS X install, you need to download these files:

Pwnage tool 4.1.3 - http://torrents.thepiratebay.org/599...02.TPB.torrent
Pwnage tool Bundle for Apple TV 4.2.1 - http://tinyurl.com/24qvd87
Tethered Boot Utility for Windows: https://github.com/downloads/msftguy...boot_win32.zip
iOS 4.2.1 .ipsw: http://appldnld.apple.com/AppleTV/06...4_Restore.ipsw
iReb - Hotfile.com: One click file hosting: iREB-4.0.x-4.1-RC2.zip

Also, you'll need a copy of iTunes for Windows.

Now that you've got everything needed to perform the jailbreak, you'll be using the Pwnage tool to create the .ipsw & creating the files necessary for the tethered boot here on the VM. You'll then move the .ipsw & files back to Windows, restore the .ipsw to your ATV2 & use the tethered boot utility along with the files you created on the VM to perform a tethered boot.

First, you'll need to install the Pwnage tool:

1. Open the Pwnage Tool .dmg
2. Open the Applications folder (Once Finder is open, you should see this displayed on the list to the left)
3. Drag Pwnage tool to the Applications folder
4. Right click the Pwnage tool icon
5. Choose "Show Package Contents"
6. Browse to /Contents/Resources/FirmwareBundles
7. Copy the AppleTV2,1_4.2.1_8C154.bundle file to the /Contents/Resources/FirmwareBundles folder

Now run the Pwnage tool.

Choose the ATV2 option on the right.
Choose the ATV2 4.2.1 bundle.
Let the pwnage tool do it's thing.

The Pwnage tool may ask for your administrator password. If you created a fresh install of OS X using the retail disk, you'll know this already. If you opted to pick up a pre-made image, go to System Preferences > Accounts, select your account & click "Change Password...". Look at the text in the password hint box - optionally, change the password to something you're more familiar with.

Let the Pwnage tool do it's thing. After a while, it will go to the next step & ask you to put your device in DFU mode. The ATV2 shouldn't be connected at this point (it doesn't hurt you if it is, but it's not necessary until we have the files we need to jailbreak the device). You can now close the Pwnage tool.

Now you have a modified .ipsw sitting on your desktop. You can leave it right where it is. Open up the terminal application (Applications > Utilities > Terminal) and type the following command:

unzip -j ~/Desktop/AppleTV2,1_4.2.1_8C154_Custom_Restore.ipsw Firmware/dfu/iBSS.k66ap.RELEASE.dfu kernelcache.release.k66 -d ~/Desktop

If you decided to create a folder on your desktop or elsewhere to hold your files, you may need to change the path from ~/Desktop.

You now have everything you need to jailbreak your ATV2 in Windows. Copy the modified .ipsw, as well as the two files we unzipped from the archive to Windows & go ahead and shut down your VM & head back over to your Windows desktop.

All we have to do at this point is restore the ATV2 using the .ipsw we just created, then use the files & tethered boot program to boot the ATV2.

Before we get to that, though, I highly suggest you use tinyumbrella to back up your SHSH blobs. If you're one of the unlucky ones who upgraded your ATV2 to 4.2.1 before backing these up, you already know what a pain it is to be stuck with whatever version of Apple's software the company is trying to shove down your throat. Follow this guide to back up your SHSH files now: TinyUmbrella 4.2.1 Tutorial: Backup iOS 4.2.1 SHSH Blobs | TechPetals

After those are backed up, we'll be using iReb to help restore the .ipsw file we just created in OS X:

1. Open iTunes
2. Open iReb
3. Connect the ATV2 to your computer via microUSB cable (HDMI does not have to be plugged in)
4. Click the Apple TV 2 button in iREB
5. Put the ATV2 in DFU - http://www.hackint0sh.org/f286/209857.htm
6. Let iReb do it's thing - it will give you a message when then ATV2 is in a Pwned state.

Once this is done, iTunes should be complaining about the ATV2 being in DFU mode & asking you to restore the device. Shift+click the Restore button, browse to the location of your modified .ipsw & select it as the restore file. Let iTunes do it's thing.

This will take a while, and may throw an error at the end. Don't worry about that, we'll just move on to the tethered boot.
(note: You'll have to repeat these next steps each time you power on your ATV2. Since the ATV2 simply goes into sleep mode when not in use, this shouldn't be a major problem for us - if you have a battery backup, then this is virtually a non-issue, save for a real catastrophe)

Be sure that the tethered boot program is unzipped in a folder with both the iBSS.k66ap.dfu and kernelcache.release.k66 that you unzipped from the .ipsw while you were working in OS X. Now perform the following:

1. Open up command.exe (Run > Command for XP or simply type Command in the search box of Vista/7)
2. Browse to the folder where the tethered boot program resides
3. At the command prompt type: tetheredboot -i iBSS.k66ap.RELEASE.dfu -k kernelcache.release.k66

That's it - let the program run to completion. Once it returns you to the command prompt, disconnect your ATV2 from the computer & reconnect your HDMI cable. The ATV2 should be prompting you to set up the device. Go through the screens until you're at the home screen.

Now, ssh into your ATV2. If you're using PuTTY or WinSCP or similar, simply put Apple-TV.local as your host. The username will be root & password alpine.

You're officially jailbroken! Hooray Windows!

Now you can install apps like NitoTV, XBMC, aTV Flash (black), etc. I actually recommend aTV Flash (black), as it installs without having to do anything over ssh in the terminal, and will subsequently allow you to install NitoTV, XBMC as well as Couchsufer - web browser - and a host of other apps - everything available for the ATV2 at this moment I believe.

Enjoy!

Thx a lot for the guide.
I tested it out yesterday and it worked like a charm.

Do you have any ide why the restore doesnt work when running MacOS as a virtual machine.
Before i found your guide i tried to restore my ATV2 with itunes and Seas0npass, and i got the ATV2 in to DFU mode, but iTunes couldnt prepare my ATV for restoring. I got the 16001/1600/1611 failure.

gox

The only thing that is tested or supported is to use a guest (virtualised machine) to make a pwnagetool custom IPSW. You generally need to do restore/direct jailbreak on the host machine.

Olethros - That's been said in the original post.

goxboxlive - it has something to do with USB virtualization - the OS X driver being used isn't actually communicating directly with your USB, but rather talking through VMWare to Windows, which is communicating with the USB. This is what's causing the problem with restoring the ATV2 in iTunes. Unfortunately there's no fix at this point & we have to make the switch back to Windows. :\

I followed your guide and when the unit comes online it does not have any wireless support. Any Idieas?

I tried this and for some reason the pwnagetool keeps giving a "No firmware bundle found!" message. I downloaded and placed the Pwnage tool Bundle for Apple TV 4.2.1 and placed it in the correct location (confirmed this twice) but I still get the same error. The virtual machine seems to be running fine so I am not sure why this is failing.



Also, I am wondering why doesn't someone with a MAC just create the ipsw and put them on the net for download for PC users. I have searched high and low for jailbroken ipsw's for the ATV2 but couldn't find any. I did see several for the iPhone/iPod. It just seems to me that creating the "custom" ipsw file is a wasted step that could be performed once and then shared on the net so why aren't more folks just taking this approach?

At any rate, I guess I am still SOL until greenpois0n RC6 releases.

Originally Posted by jru71

Also, I am wondering why doesn't someone with a MAC just create the ipsw and put them on the net for download for PC users. I have searched high and low for jailbroken ipsw's for the ATV2 but couldn't find any. I did see several for the iPhone/iPod. It just seems to me that creating the "custom" ipsw file is a wasted step that could be performed once and then shared on the net so why aren't more folks just taking this approach?

Because this is ILLEGAL!!! That is why we don't do it and anyone who downloads a custom IPSW from an untrusted source is an idiot who risks installing malware or simply screwing up their iDevice

It's 100% legal to make your own custom IPSW. However you don't have permission from Apple to share files they have copyrighted. Even if you have "customised" these copyrighted files. This is warez, it is illegal and this is why we don't encourage linking to premade custom IPSW from this site.

RC6 won't be too long away. Tethered jailbreak on the ATV2 is not so bad. SeasonPass reportedly works well. Patience...

smoro - I've seen similar problems reported with those jailbreaking using the pwnage tool on OS X - I'm not sure what causes it, but you might want to consider downloading a new copy of the .ipsw file and retrying the jailbreak

jru71 - I had the exact same problem the first time I tried to jailbreak using this method - in my case I was originally using the terminal to copy the file to directory & had just typed the wrong location - this is why I suggested using finder to copy the file to avoid problems. Just to make sure, you're definitely copying the bundle to the folders found within the pwnagetool.app directory in your Applications folder?