Wednesday, November 11, 2009

How to Jailbreak iPhone 3GS on OS 3.1 Pwnage Tool (Mac)

Finally Dev Team released Pwnage tool for iPhone 3GS Firmware 3.1, the latest firmware update OS 3.1 contains a baseband firmware update 5.11.04 which is not compatible with Ultrasn0w. Means if you upgrade your iPhone 3GS 3.0 to 3.1 your baseband also upgrades from Modem FW 04.26.08 to 5.11.04, Now the problem is you can’t unlock baseband 5.11.04 with any utility out in the wild. Thanks to Dev team, PwnageTool program let’s you update your main firmware without touching your baseband firmware, so you can still have the best of both worlds. Here we have a simple to follow guide which shows you how to upgrade and unlock your iPhone 3G from Firmware 3.0 to Firmware 3.1 without upgrading your baseband.

_____________________________________________________________________________________

Am i eligible for Pwnage tool or not ?

1. I have an iPhone 3GS 3.0/3.0.1 redsn0wed : You are in
2. I have an iPhone 3GS 3.1 and saved SHSH to Cydia : You are in But Downgrade to 3.0 with the following guide Downgrading iPhone 3GS from 3.1 to 3.0 with Cydia SHSH.
3. I have an iPhone 3GS 3.1 but didn’t saved SHSH to Cydia : You are out of luck

In short new pwnage tool release is specifically for 3gs users who are using 3.0.X, If you updated to 3.1 without your shsh saved to Cydia then you can’t do anything with this release.

_____________________________________________________________________________________

Requirements :

* iPhone 3GS
* Mac OS X Leopard, Snow Leopard
* iPhone Firmware OS 3.1
* Pwnage Tool Download Here

_____________________________________________________________________________________

Step One). Download the required files and make a folder on Desktop called “iHackintosh” or whatever you want and put the Firmware 3.1 and Pwnage tool in iHackintosh folder.

Step Two). Close all other running programs and launch Pwnage tool from iHackintosh folder by double click.

Step Three). Choose your Mode, Simple Mode or Expert Mode

* Simple Mode - Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
custom firmware.
* Expert Mode – Where you can adjust the settings on the various different additions to the custom firmware – if you click through and do not change anything in expert mode it will make the same

In the following post we used Expert mode for better reliability.

Expert Mode Pwnage Tool

Step Four). In the next window click and select your iPhone. A big green check-mark will appear over the image of the phone which you selected. Once you selected the iPhone model then click the blue arrow button at bottom to continue.

Step Five). You will be brought to the "Browse for IPSW" Windows. On my Hackint0sh, it automatically found the IPSW. If PwnageTool doesn’t automatically find the ipsw file you can click Browse for IPSW(Just in Case)

Step Six). In the next screen click to select General then click the blue arrow button at the bottom right corner.

Pwnage Tool for 3.1

Step Seven). You’ll get to the General Settings Screen. The General settings allows you to decide the partition size, Activate the phone and Enabled baseband update. The most crucial step of your process so be careful and read it 3-4 times before getting in to the business. Check Activate the phone if you are not with an official carrier then click the blue arrow button. Deselect Activate if you have an iPhone legitimately activated on an official carrier.

1. If you are using an Official service provider (i.e. AT&T) you do not need to "Unlock Baseband", therefore you can Uncheck “Activate the phone”.
2. If You are using an Unofficial service provider (i.e. T-Mobile) then check “Activate the phone” So you can enjoy Ultrasn0w with the 3.1

20027-500

Step Eight). The next window Cydia settings menu allows you to create custom packages so you do not have to manually install them later.

* Click to select the Download packages tab. Then click the Refresh button to display all the available packages. Double clicking the package you want will download it and make it available in the Select Packages tab.
* Checkmark the ones you want then Click the blue arrow button.
* The Custom Packages Settings menu displays listed package settings for your custom IPSW. For know leave these settings as is. Click the blue arrow button to continue.

Step Nine). The Custom Logos Settings menu allows you to add your own images, you can pick your custom logo settings. If you uncheck them both, the originals will remain. Once done click the blue arrow button to continue.

Step Ten). You are now ready to begin the Pwnage process! Click the Build button to select it then click the Blue arrow button to begin.

Build Custom Firmware

Step Eleven). You will be asked to save your custom .ipsw file. Save it to your Pwnage folder you created on your Desktop.

* Your IPSW is not being built. Please allow up to 10 minutes.
* You will be asked to enter your administrator password. Do this then click the OK button.

Step Twelve). PwnageTool makes your iPhone into the mode of repair, called "Recovery Mode", Make sure your iPhone is connected to the computer then follow Step Thirteen to put your iPhone into recovery mode.

20045-500

Step Thirteen). How to put your iPhone in recovery mode.

1. Turn the device completely off and disconnect it from cable/dock.
2. Hold down the home button.
3. While holding down the home button connect to a computer with a cable (easiest) or dock.
4. Keep holding down the home button until you see a connect-to-itunes screen You are now in recovery mode.

When done correctly your iPhone will display an image of the iTunes logo and a usb cable. iTunes will also pop-up saying it has detected an iPhone in recovery mode.

Step Fourteen). Now enter in iTunes to restore your iPhone. Logo of guy that tells iTunes detected an iPhone in DFU mode and you need to restore.

16212-500

Step Sixteen). In iTunes, hold the Alt/Option key and click Restore. Navigate to the iHackintosh folder on your desktop using the dialog window that appears. Select the custom IPSW that was created and click the Open button. iTunes will now restore the firmware on your iPhone. This can also take up to 10 minutes.

How to Downgrade iPhone 3GS OS 3.1 to 3.0 With Cydia SHSH

As promised earlier, Saurik made iPhone 3GS Downgrade/Restore to 3.0 possible. Today Saurik posted on his blog in a more detail about this hack, for Saurik post click here. The hack is useful for only those peoples who submitted their SHSH to Cydia Server before the release of OS 3.1 via Cydia’s “make my life easier” button. According to Saurik “over 50,000 3G[S] devices got their ECID SHSHs “on file”, and are now prepared to continue to restore to iPhone OS 3.0 indefinitely.” The process is very simple all you have to do is to add Saurik’s Server address to your system hosts file. This trick make iTunes thinks it is talking to Apple, it is talking to Cydia instead while the restoring process. Doing this will allow iTunes to access signatures already stored by Cydia’s “on file” feature. In simple words this duplicates the functionality exposed by Apple’s signature server, except using “on file” results rather than live requests.

If you aren’t aware of ECID, Cydia SHSH then read the following to understand what ECID is and why you need to dump your Signature files.

_____________________________________________________________________________________

ECID : This is a unique chip ID and will be different for every iPhone. When iTunes starts the restore process, they contact Apple servers to generate signatures just for your device. It’s important you get these signatures for your phone before a new version of the software comes out.

Why i need ECID SHSH Dump : Apple added a new piece of security called ECID, The nature of the 3GS hardware allows Apple to stop IPSWs from being usable unless you’ve already gotten the signed chunks they send to you based on your ECID (a unique chip ID). Actually Apple applies ECID so the iPhone will refuse to accept the ipsw file while downgrading because of a bad signature. It will treat it as a custom ipsw without having the apple server sign the ipsw specifically for your phone id before flashing.

_____________________________________________________________________________________

Note:

1. This process is only for those who saved their SHSH to Cydia Server already.
2. Don’t use this procedure for 3.0.1, because Saurik Server do not have signatures for 3.0.1
3. Read the process and Saurik post two-three times before starting the process.
4. If you upgraded to 3.1 then wait for Pwnage tool for Jailbreaking 3.1, though your baseband is updated so chances of Soft Unlocking or UltraSn0wing your phone again are very less.

_____________________________________________________________________________________

How to Edit and Save Hosts file in Windows

* Open Notepad with Administrative privileges by clicking Start, All Programs,Accessories, and then right-click Notepad and select to open as Administrator.

22

* Now that Notepad is open with Administrative privileges browse to (C:WindowsSystem32driversetc) in Notepad and open the hosts file, and add the following entry to the bottom of the file.

74.208.105.171 gs.apple.com

Host in Notepad

Now you navigate to files menu and save the hosts file. By doing this you changed the communication server, and then we will ensure that iTunes checks the firmware
on the server rather than opens Saurik to Apple! Because your ECID is on that server, the verification will fail and restore the previous version will be done without too many problems!

_____________________________________________________________________________________

How to Edit and Save Hosts file in Mac OS X

* Navigate to /etc and look for hosts file, right click on hosts file and open with Text Edit, and add the following entry to the bottom of the file.

74.208.105.171 gs.apple.com

Picture 1

* Now save the file and click on Save As.Picture 2
* Because Text Editor can’t save your system files, here comes the tricky part, in save as windows use the following settings. Or take a close look at the following image.

1. In Where locate to Desktop
2. Uncheck the “ If no extension is provide, use .txt “ and then press the save button.

Picture 3

* A host file will be appear on your Desktop, just drag and drop to /etc and follow the onscreen instructions.Picture 4
* Press the Replace and enter your PasswordPicture 5

By doing this you changed the communication server, and then we will ensure that iTunes checks the firmware on the server rather than opens Saurik to Apple! Because your ECID is on that server, the verification will fail and restore the previous version will be done without too many problems!

____________________________________________________________________________________

Now you can do your Normal Restore to 3.0 (with Recovery Mode) and Downgrading from 3.1 to 3.0 (with DFU Mode) as usual. For more details on Recovery Mode and DFU Mode read our previous article here.

____________________________________________________________________________________

To Downgrade iPhone 3GS from 3.1 to 3.0 :

Step 1: Put your iPhone in DFU mode with following instructions.

* Connect your iPhone to your computer.
* Turn iPhone off.
* Hold power and home together for 10 seconds (exactly).
* Release power but keep holding home until the computers beeps (observed on a PC) as a USB device is recognized.
* A few seconds later iTunes should detect your iPhone.
* If the Restore Logo is present on the screen, you are in Recovery Mode, not DFU.

Step 2: Once your iPhone is in DFU mode following message will be appeared in iTunes. Click on “OK” , Now hold Option key while clicking Restore in iTunes and browse the OS 3.0 firmware for your iPhone 3GS. Now the restore process will take 10 – 15 minutes.

If you get error message like 1011, 1013, 1015, just ignore them(Actually the firmware 3.0 is already successfully installed). For error (1015) “Instead, we should accept the message and run a new restore exactly as you have just done. In short will: Re-Put the iPhone into DFU, re-select the Firmware 3.0, and wait. The process will fail again and iTunes will return the same message as before “The iPhone” iPhone “could not be restored. An unknown error occurred (1015). Do not panic because it’s completely normal. To resolve this situation can proceed as, Simply launch RedSn0w and do the Jailbreaking Unlocking process again.

But if you encountered with error message like 1601, 1602, 1600 or anything else then try putting the iPhone into DFU mode and try again.

How to Downgrade iPhone OS 3.1 to 3.0 for iPhone 2G 3G 3GS

Dev team already warned don’t upgrade to 3.1 and wait for next version of Pwnage Tool to preserve your baseband. Upgrading to 3.1 with Ultrasn0w installed will cause people to lose Ultrasn0w and will be unable to get it back. OS 3.1 contains a baseband update 5.11.04 BB for iPhone 3G and 3GS. The latest Modem Firmware

5.11.04 BB which is not down gradable. So if you accidentally updated your iPhone 2G, 3G or 3GS to OS 3.1 here is the handy guide for downgrading. Remember this will not downgrade your baseband only your firmware will be downgraded. It’s possible to downgrade OS however we strongly suggest you to carry on with OS 3.0 until Dev team releases Pwnage Tool.

Update for iPhone 3GS : So as of today, Apple has stopped signing 3.0 and 3.0.1 restore files. That means that if you have a 3GS iPhone you cannot restore any firmware other than 3.1. If you are happily jailbroken today and something goes wrong you are pretty much screwed. So this means you can’t downgrade even your OS from 3.1 to 3.0, Thanx to Saurik for making iPhone 3GS Downgrading possible. Follow the link below for our new guide.

Step 1: Make sure you have iTunes 8.2, Now connect your iPhone to your computer.

Step 2: Put your iPhone in DFU mode with following instructions.

  • Connect your iPhone to your computer.
  • Turn iPhone off.
  • Hold power and home together for 10 seconds (exactly).
  • Release power but keep holding home until the computers beeps (observed on a PC) as a USB device is recognized.
  • A few seconds later iTunes should detect your iPhone.
  • If the Restore Logo is present on the screen, you are in Recovery Mode, not DFU.

Step 3: Once your iPhone is in DFU mode following message will be appeared in iTunes 8.2. Click on “OK” , Now hold Option key while clicking Restore in iTunes and browse the OS 3.0 firmware for your iPhone 2G, 3G, 3GS. Now the restore process will take 10 – 15 minutes.

16212-500

Step 4: From here the guide is divided for iPhone 2G, 3G users and for iPhone 3GS users. iPhone 2G, 3G users simply RedSn0w your phone and you are fine, For iPhone 3GS user the way is little longer so be patience and follow the steps carefully.

  • (For iPhone 2G and 3G only ) If you get error message like 1011, 1013, 1015, just ignore them(Actually the firmware 3.0 is already successfully installed). Simply launch RedSn0w and do the Jailbreaking Unlocking process again. Check our guides on Jailbreaking iPhone 2G here or Jailbreaking iPhone 3G here.

But if you encountered with error message like 1601, 1602, 1600 or anything else then try putting the iPhone into DFU mode and try again.