Your iOS 4.0 Jailbreak and Unlock Guide to Pwnage Tool, Redsn0w and Ultrasn0w
Pwnage Tool 4.0 4.0.1 was recently released by the Dev Team and I got a request to clarify the devices that are currently Jailbreakable by this and other methods. You can find the Dev Team’s post that states the same information here. All devices running 3.1.3 or 3.1.2 or iPad 3.2 can be quickly and easily Jailbroken by Spirit, and every jailbroken iPhone can be currently unlocked by Ultrasn0w 0.9.3.
After the break, there is a list of devices that can and cannot be jailbroken on 4.0, and guides for the methods you can use for each device that can!
This info is as of 4:13 pm est on 6/23/10. The post has already been updated once, so check back often for more info and helpful guides to the newest releases.
iPod touch first gen – No 4.0 support
iPod touch 2g non-MC model – Pwnage Tool recovery mode restore to custom 4.0 firmware, or redsn0w once at 4.0 stock.
iPod touch 3g, even 8gb and 2g MC - No jailbreak for 4.0 yet.
iPhone first gen – No 4.0 support.
iPhone 3g – Recovery mode or DFU mode restore from jailbroken state to custom 4.0 Firmware, DFU mode only from clean 3.1.2, or 3.1.3. Recovery Mode can fail, so all
iPhone 3GS Old Bootrom – Must be jailbroken at lower firmware by a means other than Spirit, like a previous version of Pwnage Tool, Redsn0w, or Sn0wBreeze. Must restore to custom 4.o from Recovery mode.
iPhone 3GS New Bootrom – No Jailbreak for 4.0 yet.
iPad (all versions) – No 4.0 support, yet!
The difference between DFU and Recovery:
DFU is Direct Firmware Upgrade mode, the OS is inactive and iTunes communicates with iBoot, which is hardware-level, or it exists or your device in it’s manufactured state forever. If this is compromised, you get a truly pwned-for-life device.
In Recovery mode the OS is active and if the jailbreak (or code to accept custom firmware) is in Userland, the Recovery Mode accepts the custom firmware, not iBoot. Spirit is in user-land but does not kick in until the kernel is running. This is why it cannot enable Hacktivation or acceptance custom firmware.
How to get to Recovery Mode and restore to custom firmware:
Turn your device off normally, hold the home button only and plug it in to an iTunes equipped computer, until the connect to iTunes logo appears. Shift click on Windows or option click on OSX to select the custom firmware you brewed with Pwnage Tool.
iOS Recovery Mode
How to get to DFU Mode:
Plug in to an iTunes equipped computer. Hold “Home” and “Power” buttons until your iPhone’s screen goes black, then release power until the message pops up in iTunes. Shift click on Windows or option click on OSX to select the custom firmware you brewed with Pwnage Tool.
Pwnage Tool “Simple Mode” Guide:
Get your firmware from iTunes. Plug in your iPhone normally. The message, “A new version of the software…” will pop-up. Select “Download only”. Once iTunes has downloaded your .ipsw…
On a Mac please navigate to “Home Folder/Library/iTunes/i(Device) Software Updates” find your recently downloaded file and drag to the desktop.
On Windows it can vary by OS but a good tip is to enable the “Show Hidden Files and Folders” check box and navigate to “Documents and Settings\\Application Data\Apple Computer\iTunes\i(Device) Software Updates”. Find our recently downloaded file and drag to the desktop.
- Open Pwnage Tool and leave it in Simple Mode. Select iPhone 3g(s) for iPhone 3g or 3gs and iPod touch 2G if, and only if you have the non MC iPod touch.
- Pwnage Tool will find the .ipsw you dragged to the desktop. Select continue.
- It will ask you if you are a legit iPhone user. If you need your iPhone hacktivated, or don’t have a valid carrier sim, click “no”. If you use ATT every day of your life, hit yes.
- Pwnage Tool will Auto Create a new .ipsw and place it on your desktop to use for one of the above mentioned methods of restoring.
- Follow the directions in Pwnage tool to get to the correct state to begin the restore.
Redsn0w is a very quick and simple jailbreak that does not require a restore. If your device is applicable as stated above, you may update to stock 4.0, and then proceed. Make sure you have a copy of redsn0w 0.9.5b5-3. This also requires you to have a copy of the firmware that is on your device so please follow the above guide to retrieve the 4.0.ipsw for your device and place it on your desktop.
Select your .ipsw!
Follow the steps in redsn0w and it is very easy, it also specifies what button presses you have to make for your device to get it to Recovery mode (or DFU).
Finally, to unlock any Jailbroken iPhone, simply add “repo666.ultrasn0w.com” to Cydia, in “Manage>Sources>Edit>Add”, then install Ultrasn0w. Your iPhone will reboot, and maybe even require a second reboot if the service doesn’t work right away. You may try popping out the sim, and reinserting, I have found this works if I get a service error. Rest assured, even if you are on ATT or the official carrier in your area, your iPhone is now free to use any GSM sim card.
This post will be updated when new information becomes available. This situation will change by the day, and we have videos on the way!
Posted by Allyn (@xsn0w) also available at iYoshiblog
Related posts:
38 comments
Leave a Reply
What about the phones with new bootrom 6.4 bootloader n mc model of 3gs..????????
Mine is currently on 3.1.3 n bb5.12.01 j cnt make calls bt hv jailbroken wt spirit..
Pls suggest..
Pranav, use ultrasn0w to unlock on that bb and 3.1.3 :p
Wat about MC model for Ipod touch 2G.. Is this come jailbreake?
Is there going to be a jailbreak for iPod touch 3G mc model running 4.0
If you read the beginning, you will see that the iPod touch mc model does not work as well as the 3G iPod touches. The iPod touch 2g mc model really got screwed here, it is the only one that cannot do multitasking, except the iPod touch 1g. The 3G comes with multitasking and the 2g mb models can be jailbroken, wand you can enable multitasking through open ssh. I really hope limera1n will come out soon since pwnagetool obviously isn’t going to help. Geohot where are you!.
someone can tell me why 3gs needs to be jailbroken at a lower firmware? And if i add ultrasn0w in the ipsw does the device hacktivate?
Are you asking why the 3GS needs to be jailbroken at a lower firmware? If that’s the case it doesn’t…and how exactly did you manage to a repository to your .ipsw file?
Can I do the JB with iTunes 9.2??
Only Spirit is broken by iTunes 9.2. Pwnage tool and Redsn0w are safe to use on 9.2. Thanks for the comment, I will add this soon, along with an update concerning the recent release of pwnage tool 4.0.1.
Well on the devteam blog it says “3gs only if old bootrom and already jailbroken at lower firmware” and my 3gs is not. Using expert mode you should be able to add custom cydia packages in the firmware.
Yes, Fox, the 3gs must be OLD bootrom and must be in a jailbroken state, so that it may accept custom firmware. Dadude’s comment is nearly unintelligible and incorrect.
Pwnage Tool update. To 4.0.1 was a small update and the rules for which device can be used remain the same. The blog now urges that pwnage tool users get to DFU mode or recovery mode “using pwnage tool”. The last step includes step by step directions.
@Arpple Thank you so if I’m not jailbroken yet I should wait for geohot?
Can I upgrade 2 4.0 on a 3g with a spirit jailbreak?
Fox, if you have an old bootrom 3gs running 3.1.3 (or 2) or can restore to 3.1.3 (or 2) because you saved your shsh, you can jaibreak with spirit and then follow the steps to upgrade to a pwnage tool created custom 4.0.
JjT, you can simply upgrade to stock 4.0 and jailbreak with redsn0w or follow the steps to upgrade to a pwnage tool created custom 4.0
New bootrom 3gs, ipt2g mc an ipt3g should get a 4.0 jailbreak after iPhone 4 has reached wide global distribution.
Even if it is possible right now, Geohot and the Devteam will both hold out for this. if Geo found a new PWNED4LIFE exploit, his will certaily try to help the most users as possible, and apply it to iPhone 4, which means we begin the waiting game, yet again.
@arpple I’m stuck with a 3gs old bootrom on 3.1.3 and baseband 5.12 without being able to activate it (i dont have at&t sim card and live in europe). Spirit requires an activated iphone so it’s not for me. I think the only chance would be a blackra1n jailbreak followed by an unlock, since blaclra1n hactivates the iphone and does not build a custom ipsw. Is this right? Any other ideas? Thank you very much for your answers
My iPhone 3g 3.1.3 so if I update 4.0 can I jaibreak and unlock it? With one jailbreak and unlock
Fox, blackra1n does not work for 3.1.3. Can you restore to 3.1.2, meaning do you have your shsh on file? If that iPhone was jailbroken before FEB 2, you may be in luck.
You can get firmware umbrella and check if a hash was saved or edit the hosts file to direct to saurik and give it a go.
If not, you will need a sim card from Att or will have to wait for 3gs hacktivation support for older firmware or an update to redsn0w so that you can go to 4.0 stock, then jb and hacktivate.
Sorry to hear your dillema, hope all works out well.
Is my only choice to stay put?
I am running a NEW bootrom 3GS, JB’d with Spirit @ 3.1.2.
Besides maybe going to 3.1.3 (what for?), am I stuck for the moment?
Thanks,
b
Arpple, I have the same situation as Fox. I have 3GS, old bootroom, 3.1.3 and want to have 4.0 jailbroken and activated. The iPhone is already activated with ATT sim card. Should I use Spirit to jailbrake? Will the pwnage tool (or any jailbrake other software) work with the Phone jailbroken with Spirit? If not, what software I have to use?
Biver, if you want to remain jailbroken, unfortunately you mist remain at your current firmware. For now.
Popov, spirit should do the trick for you (although I can not personally test it). Run spout at 3.1.3 and follow my steps and the instructions in Pwnage Tool 4.0.1 to upgrade to a custom 4.0 from recovery mode. You are lucky to have this option. Good luck, and find me on Twitter if you need more help – @xsn0w
Xsnow, I found this on DEV-Team Blog:
Summary: Currently, PwnageTool only works on previously jailbroken 3GS devices with the old bootrom. If you have a Jailbroken iPhone 3GS with the OLD BOOTROM and you DID NOT use Spirit to jailbreak then you can create the ipsw with PwnageTool 4.0 and restore with your jailbroken recovery mode.
It says: “DID NOT use Spirit to jailbreak”. Should I still try Spirit?
Popov, spirit must not be at a deep enough level to accept custom firmware. Thank you for bribing this to my attention. Looks like unless you can go back to 3.1.2 to use blackra1n, 3gs old bootrom spirit jb’d at 3.1.3 is also stuck. Older versions of pwnage tool can create custom firmware for 3.1.3. I would advise trying this, but you must have your hash on file and again, spirit won’t let your device accept custom firmware.
I wish I had an old bootrom to test this for you.
Sorry for the typos guys. I’m at work trying to help everyone on my iPhone and autocorrect is not helping me out.
You can only restore to pwnage tool created 4.0 with an oldbootrom in jailbroken state via redsn0w 0.9, previous pwnage tool versions, or sn0wbreeze
@arpple I have shsh sabed for 3.1.3
Not sure if I sved them when I was on 3.1.2 jailbroken with blackra1n. I’m sure I used cydia, but I can’t remember if i saved my shsh for 3.1.2
I think I’ll try changing the hosts file and go back to 3.1.2 and jailbreak it. Hope it goes well
Nope. Device is not eligible for 3.1.2
Bad luck as usual
Ill have to wait for geohot. Hope he releases tomorrow though!
I do have a jailbroken iphone GS (pwnaged), old bootrom and a spirited iPad.
Question: Does the old iTunes version work with pwnagetool 4.0.1? If not, I have to upgrade, i.o. to jailbreak the GS. If I do so, what happens with the iPad synchro and will I loose the spirit JB then?
Thanks.
Is the iPhone 4 jailbreakable yet
I got mine on the 24th and have been looking for a jailbreak since I got it home
Is red snow activate iPhone 3g for un official career
Hi A. I need your help please.
I have an I phone 3gs with
Modem Firmware 05.13.04
Carrier At&T
Version 4.0
I used to have it jail-broken before the new os 4.0 came out now my phone is not jail broken anymore or unlock. I am not the best in computer stuff but what can i do or HOW can i unlock and jailbreak my 3gs with os 4.0???
if u can help me with the links that be great
Thank you for anyone who can help me
OK i am still lost.
Can i use tiny umbrella while i am on
I phone 3gs with
Modem Firmware 05.13.04
Carrier At&T
Version 4.0
Did you save your shsh files on cydia when you were jailbroken? You prbably did without even knowing.
what firmware where you using when you were jailbroken?
if you were on 3.1.2 jailbroken with blackra1n you must change your hosts file and try downgrading. then jailbreak the 3.1.2 with blackrain then restore the phone to a pwned 4.0 firmware
if you were jailbroken with spirit on 3.1.3 then the best you can do is downgrading by changing the hosts file.
if you post your situation more clearly ill give u better instructions
@ Fox.
OK so i was jail-broken on firmware 3.1.2 with blackra1n. then they came out with 3.1.3 i did not jail brake it. I just update it too 3.1.3
and now i just update it too o.s 4.0 and been trying to find a way to jail brake with out going back to 3.1.2 or 3.1.3 but that is not easy thing to do if your not really good with stuff like this. So Fox do u think i should just stay on o.s 4.0 and wait till something new comes out? or is it better to be back at 3.1.2 and jail brake it or stay at os 4??? i hope this was clear i am not American i am German.
Thank you my friend
you can email me too if u want?
ensleyd@yahoo.com
Daniel
send you an email as soon as i can
@Fox. thank you brother.
email sent
vvvvvery long email too
hope hotmail dosn’t mess up…
hope you succeed
if you haven’t saed your shsh then uou can only wait.
it was good to help you
fox
I have a 3g currently jailbroken with blackra1n and I believe I’m running on 3.12. What’s the best way to upgrade my iPhone to 4.01 with a jailbreak?
Great!!!! Bookmarked this web page that has this striking guidance. Will arrive back again to see if there are any updates. You, the author, are a master. Thanks