Jailbreaking / unlocking the 3G / 3G S iPhone on 4.0 firmware using PwnageTool in Expert mode

Page 1 of 2

There is something I want to point out when I make these tutorials. All of my iPhones are day one iPhones, and I am always on the jailbreak train. This means I never accidentally update my iPhone without a jailbreak and an unlock at my disposal.





This is the perspective that my tutorials are written from. So for those of you that have to worry about new bootroms (iBoot), new bootloaders, et cetera, I am most likely not on the same upgrade path as you. I also do not have the ability to purchase an iPhone for every possible permutation of upgrade path out there to document it.

Whenever I create a jailbreaking/unlocking tutorial I also link to the latest blog post by the iPhone Dev Team discussing their latest release. The team does their best to address the various iPhone models and permutations for jailbreaking and unlocking solutions. It is in your interest to read those linked posts from within my tutorials before proceeding with my instructions. Any risks you take with your iPhone are yours, and not mine.


Who is this guide for?
  • 3G iPhones.
  • 3G S iPhones with the old bootrom. This means you did not have to use Spirit to jailbreak with. For help determining whether you have an old or new bootrom read Note 3 on this page.
  • I used iTunes version 9.2.
  • I used OS X 10.6.4

Thanks again go out to the iPhone Dev Team for providing this amazing, and FREE program for customizing the iPhone. You can visit their website here, and their blog here.





Step 1.

Note: This tutorial is for both the 3G and 3G S iPhones. Make sure to read each step carefully, and follow the instructions that pertain to your phone model.

Download PwnageTool 4.01 from the iPhone Dev Team's download link list here. You should also read the section on that post pertaining to the iPhone 3G which states:
  • If you have a jailbroken iPhone 3G on 3.1.2 firmware (but not jailbroken with Spirit), then you should create a custom 4.0 ipsw with PwnageTool and restore from recovery mode or DFU mode.
  • If you have an out of the box (purchased brand new, not used from someone else) iPhone 3G then you should create a custom 4.0 ipsw with PwnageTool and restore from DFU mode.
  • If you have a jailbroken iPhone 3G on 3.1.3 firmware it is very possible that this can fail when trying to restore using recovery mode. If this happens restore using DFU mode.
  • As an alternative to PwnageTool, you can use redsn0w on the iPhone 3G.
Or if you have an iPhone 3G S, you should read the section on the iPhone Dev Team's blog pertaining to that phone which states:
  • PwnageTool only works on previously jailbroken 3G S iPhones with the old bootrom.
  • If you have a jailbroken iPhone 3G S with the old bootrom and you did not use Spirit to jailbreak, you can create a custom ipsw with PwnageTool and restore with recovery mode.
  • If you have an iPhone 3G S with the new bootrom this is NOT supported by PwnageTool.


If you haven't already downloaded iPhone 3G 4.0 firmware from Apple, then you can download it here: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone4/061-7436.20100621.58Yt4/iPhone1,2_4.0_8A293_Restore.ipsw

You can download iPhone 3G S 4.0 firmware from Apple here: http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone4/061-7437.20100621.5urG8/iPhone2,1_4.0_8A293_Restore.ipsw

Note: Safari likes to open "safe" files by default. You must turn this feature off for this download to work correctly. Click "Safari", select "Preferences", from the "Geneal" tab uncheck the box that says "Open "safe" files after downloading". Otherwise just use Firefox to download this firmware file.

You should now have two of these three icons on your desktop. If your firmware file ends in .zip, then click on the firmware icon and remove the .zip extension from the file name. Confirm this change when you receive a pop up message warning.

iPhone




Step 2.

Note: iTunes is not open at this point. It can be if you want, but I find it gets in the way.

Double click the PwnageTool_4.01.dmg. It will open the window seen below. Install PwnageTool. Make sure to drag the program icon from the disk image into your Applications folder!   Do not attempt to run the program from the disk image window, it will cause problems. If you have a previous installation of PwnageTool, then overwrite it.

iPhone




Step 3.

Launch PwnageTool. Make sure the Expert mode button in the top left corner is selected. Click the iPhone on the left.

iPhone



You should get a green check mark on the iPhone you selected. Click the blue arrow button in the lower right corner.

iPhone




PwnageTool will search for the 4.0 firmware on your computer. When it displays the firmware file, click on it. Multiple firmwares may be displayed, so make sure you select the correct one. iPhone1,2_4.0_8A293 is for the 3G, iPhone2,1_4.0_8A293 is for the 3G S. Then click the blue arrow in the lower right corner.

iPhone



You will be at this screen and have many choices you can make. Click on General. Then click the blue arrow at the bottom.

iPhone



The General Settings screen is different for the 3G and the 3G S. If you are using a 3G and you are using an authorized carrier, then do not check the box for Activate the phone. If you are not using an authorized carrier (i.e. you want to unlock), then check the box for Activate the phone.

Note: If you are interested in having push notifications working (I don't use this so I can't attest to it), you will need to activate your iPhone with an official SIM. Push does not work on hacktivated iPhones. So when using PwnageTool you will need to uncheck the activate Phone box.

Check the box for Enable baseband update. Normally we don't do this, but since this is a major OS release we want the new baseband (and it's unlocked anyway).

You can check the box for Re-enable functionality (multitasking, homescreen wallpaper, battery percentage). You can also increase your root partition size to accommodate more Cydia applications and themes, et cetera. Click the blue arrow in the lower right corner when you have made your choice(s).

iPhone



If you are using a 3G S you screen will be a little different. The same rules apply to activation and baseband updating, but the re-enable functionality option will not work and the root partition size will be a little larger.

iPhone



Based on Saurik's advice (the creator of Cydia), I ignore the Cydia settings screen in PwnageTool. It is better to install any applications you need from Cydia directly. I've found problems when using this screen to automatically install programs. Just click the blue arrow in the lower right corner, to continue to the next screen.

iPhone



Here you can decide whether or not to install Cydia. After you've made your choice, click the blue arrow in the lower right corner.

iPhone



At the Custom logos settings screen, you can choose to use the suggested images by leaving their boxes checked, or uncheck them and use the stock images. If you check the boxes you can click on Browse... to add your own images in their place. Click the blue arrow in the lower right corner when done.

iPhone



Here are a couple boot graphics I like to use. They are 320 by 480 in size. They both have a one pixel, transparent border on all sides. All you have to do is paste your image onto it. Then just save the image in png format and your image will work. Make sure your saved image is 100kb or less. These graphics are in the proper format so you can use them on your iPhone too.

iPhone       iPhone



Finally, click the Build button and the blue arrow in the lower right corner.

iPhone



Name your custom firmware file, and select where to save it.

iPhone

iPhone



You will now see this screen while your custom .ipsw is assembled. This stage is about five minutes long.

iPhone



If you should receive a failure message, then start over. Close and restart the PwnageTool program.

iPhone




You will be prompted to enter your system password. There is nothing nefarious in this request, the reason it is asking is because it is creating your firmware and running commands as the root account (or superuser) on your computer. There are various processes where unmounting and mounting of a file systems is necessary. This is performed while using a system UID of 0 which causes the prompt for a system password. The root access is only for the creation of the ipsw file. So it's completely harmless.

iPhone



When I did this using my 3G I was prompted to turn off the iPhone.   iTunes may open (it won't if it wasn't running before now), you can just drag it out of the way. PwnageTool will now walk you through putting the iPhone into DFU mode. Note: If you need to use recovery mode, simply turn off the iPhone. Then, while holding down the home button, plug in the USB cable and continue holding the home button until the iPhone displays the connect to iTunes graphic.


iPhone



You will then have 5 seconds to press and hold both the Power (sleep/wake) and Home buttons. Don't do this until told to though.

iPhone



You will then press and continue to hold both the Power (sleep/wake) and Home buttons for 10 seconds.

iPhone



You will be prompted to release the Power (sleep/wake) button.

iPhone



Continue holding the Home button for 10 seconds.

iPhone



You are now in DFU mode. Click OK. The iPhone's screen will appear black, but it is actually on.

iPhone



When I did this using my 3G S I saw this screen instead of the above series of images for entering DFU mode. You can close PwnageTool at this point. Then to get into recovery mode, turn off the iPhone. Disconnect the USB cable. Hold down the home button and plug in the USB cable. Keep holding down the home button until you see the connect to iTunes graphic on your iPhone. If iTunes doesn't launch on its own, then launch it.

iPhone







Click here to go to page 2




Return to top of page