----iPad 4th Generation iCloud Bypass Commands----

made by u/johnponflanchan and @appletech752.

All text in this document is strictly copyrighted. It is PROHIBITED to show this in

your youtube video without giving us full credit!! Violators will receive a
copyright strike.

Special thanks:
Arsevka_JDM (for the ramdisks)
tihmstar (for EtasonJB and OdyessusOTA2)
Daniel Volt (for the updated ipwndfu that does not have AssertionError)

----PART 1: Instructions to downgrade to iOS 8.4.1 using OdyessusOTA2----

1) DOWNLOAD the iOS 8.4.1 iPSW from ipsw.me. Pay attention to the model
(GSM/Global/WiFi)

2) OPEN a new terminal window

3) cd (drag and drop the exploit folder, click enter)

4) ./ipsw (drag and drop the 8.4.1 ipsw) custom_downgrade.ipsw -bbupdate

5) ./idevicerestore -t custom_downgrade.ipsw

***The command below looks strange but do not modify it just copy and paste***

6) ./xpwntool `unzip -j custom_downgrade.ipsw 'Firmware/dfu/iBSS*' | awk

'/inflating/{print $2}'` pwnediBSS

7) ./ipwndfu -p

***Wait for message saying device is in pwned DFU mode***

8) ./ipwndfu -l (drag and drop the pwnediBSS from inside the exploit folder)

***when it says "done!" you can continue***

9) ./idevicerestore -w ./custom_downgrade.ipsw

***wait for the restore to finish, do not let your Mac go to sleep***

10) Close all open terminal windows

--------PART 2: Now that we are on 8.4.1, let's actually Bypass iCloud!!--------

1) OPEN a new terminal window

2) cd (drag and drop the exploit folder, click enter)

3) ./ipwndfu -p

***Wait for message saying device is in pwned DFU mode***

4) ./ipwndfu -l (drag and drop iBSS from Loader folder)

5) ./irecovery -f (drag and drop iBEC from Loader folder)

6) ./irecovery2 -s

7) /send (drag and drop devicetree from Loader folder)

8) devicetree

9) /send (drag and drop ramdisk from Loader folder)

10) ramdisk

11) /send (drag and drop kernelcache from Loader folder)

12) bootx

***Now we do the standard procedure with tcprelay and localhost***

13) OPEN tcprelay.py (inside Python folder) with the Python Launcher

14) In the “text heavy” terminal window, type ./tcprelay.py -t 22:2222

15) OPEN a new terminal window (Shell-->New Window)

***In the new window type these commands***

16) ssh root@localhost -p2222

***password: alpine***

17) mount_hfs /dev/disk0s1s1 /mnt1

18) rm -r /mnt1/Applications/Setup.app

19) reboot_bak

20) (Wait for device to reboot)

--------PART 3 OPTION A: DO NOTHING. Your iPad is already Bypassed

Untethered--------

--------PART 3 OPTION B: Install EtasonJB on 8.4.1 to Jailbreak and get

Cydia--------

1) OPEN Safari on your iPad

2) VISIT appletech752.com/downloads.html
3) Click on the link that says "EtasonJB direct download"

4) Wait for the onscreen popup, click "Install"

5) Wait 30seconds, the go to the home screen

6) Launch EtasonJB app, start the jailbreak process

DONE! You now have a FULLY UNTETHERED jailbreak and iCloud Bypass on your iPad 4!

--------PART 3 OPTION C: Upgrade to 10.3.4 for H3lix Jailbreak--------

1) OPEN Safari on your iPad

2) VISIT appletech752.com/downloads.html

3) 3) Click on the link that says "H3lix direct download"

4) When you get the onscreen popup, click "Install". Wait for the app to load.

5) DOWNLOAD the 10.3.4 iPSW from ipsw.me. Put it on your DESKTOP

6) ENTER RECOVERY MODE on your iPad and connect to computer.

7) In iTunes, ALT/OPTION+click UPDATE (NOT restore!!!) and select the ipsw.

8) AS SOON AS YOU GET THE ITUNES RESTORE COMPLETE MESSAGE, ENTER DFU MODE

9) Redo ALL of the steps just like in Part 2 to delete Setup.app

11) LAUNCH the H3lix app and click Jailbreak

DONE! You now have an UNTETHERED iCloud Bypass and TETHERED jailbreak on 10.3.4!

Questions? Join the bypassing community on Reddit at r/setupapp

Or follow my Twitter: @appletech752

NOTE: If EtasonJB or H3lix says cannot install, "Done"/"Retry", that means the app
is revoked. Feel free to send me a PM on reddit or message u/johnponflanchan and we
will resign the app for you as soon as possible.