iPhone Dev Team released PwnageTool 3.1.3 for iPhone OS 3.1, which added support for iPhone 3GS so that users can upgrade their jailbroken iPhone 3GS to iPhone OS 3.1 and also preserve the baseband firmware so that they can unlock their iPhone.
This step-by-step guide will show you how to use Dev Team's PwnageTool 3.1.3 courtesy folks at iClarified.
Some important points to note before we start:
-
Hacking your iPhone could void its warranty. So please proceed with caution.
-
This guide is applicable only for iPhone 3GS users. iPhone 3G users can refer to this guide. We’ll publish a guide for iPhone 2G users shortly.
-
PwnageTool 3.1.3 will work only if you had jailbroken or pwned your iPhone 3GS running iPhone OS 3.0 or iPhone OS 3.0.1. If you accidentally upgraded your jailbroken iPhone 3GS to iPhone OS 3.1 then PwnageTool 3.1.3 might not work.
-
If your iPhone 3GS came with iPhone OS 3.1 pre-installed or you have not jailbroken your iPhone 3GS running iPhone OS 3.0 or iPhone OS 3.0.1 then PwnageTool 3.1.3 will not work. Dev Team is figuring out a way to make it work so please be patient.
-
PwnageTool does not unlock iPhone 3GS but it allows you to jailbreak your iPhone 3GS by allowing you to create a pre-jailbroken iPhone OS 3.1 and also preserves your iPhone 3GS’s baseband from getting updated so that you can use UltraSn0w to unlock it. (After unlocking your iPhone running jailbroken iPhone 3.1 if you notice that the name and/or logo of the carrier is missing then it appears to be a cosmetic issue, it shouldn’t impact coverage or signal. Dev Team are looking into the issue.)
-
This guide cannot be used to downgrade your baseband from 05.11.07 to 04.26.08 (currently there no method away to downgrade the baseband from 05.11.07 included in iPhone OS 3.1).
-
If you already have a jailbroken iPhone and have installed jailbreak iPhone apps then this method will also result in wiping out the jailbreak apps. You'll need to reinstall them via Cydia.
-
The only way to update your jailbroken iPhone 3GS to jailbroken iPhone OS 3.1 and preserve its baseband is by using the PwnageTool 3.1. PwnageTool is only available for Mac users, so Windows users who want to unlock their iPhone 3GS should either get the custom firmware created by the PwnageTool on a Mac from someone they trust or borrow their friend's Mac and follow this guide.
Preparatory steps before Jailbreaking your iPhone 3GS and preserving its baseband:
1. Please take a backup of your iPhone, refer to this post for more details.
2. Please download PwnageTool from any of these download links:
- http://apfelportal.de/host/images/PwnageTool__3.1.3.dmg
- http://imodzone.net/pwn/PwnageTool__3.1.3.dmg
- http://nevyn.nu/files/PwnageTool__3.1.3.dmg
- http://zcr.me/f/PwnageTool__3.1.3.dmg
- http://dl.opt-6.com/public/PwnageTool__3.1.3.dmg
- http://mirrors.c2wifi.org/iPhone/PwnageTool__3.1.3.dmg
- http://www.spiralnine.com/bin/PwnageTool__3.1.3.dmg
- http://www.hackthatphone.net/PwnageTool__3.1.3.dmg
- http://downloads2.touch-mania.com/PwnageTool__3.1.3.dmg
- http://coldgame.de/PwnageTool__3.1.3.dmg
- http://files.mackgoodstein.com/PwnageTool__3.1.3.dmg
- http://dev.poorlad.com/PwnageTool__3.1.3.dmg
3. You need to download the iPhone firmware 3.1 file for iPhone 3GS from this link (iPhone2,1_3.1_7C144_Restore.ipsw).
Create Custom Firmware 3.1 using PwnageTool 3.1.3:
1. Launch PwnageTool 3.1.3. You will see the following warning message, click OK. 
2. Please select the Expert Mode from the menu bar in the next screen.
3. Then select iPhone 3GS from the options presented and then click on the blue arrow button to continue. 
4. You will see the "Browse for IPSW" screen. PwnageTool will automatically find the iPhone2,1_3.1_7C144_Restore.ipsw file that you had downloaded on your Mac. If PwnageTool doesn't automatically find the ipsw file you can click Browse and select the file. 
5. Click iPhone2,1_3.1_7C144 to select the IPSW file, a checkmark will appear next to it. Then click the blue arrow button to continue. 
6. In the next screen, select General and then click on the blue arrow button to continue. 
7. The General settings allows you to decide the partition size (you have to increase the size of the root partition to 695 MB). Keep "Activate the phone" option checked if you want to unlock your iPhone or deselect it if you are using an official iPhone carrier. Click the blue arrow button to continue. 
8. In the next screen, you will see the Bootneuter settings greyed out for iPhone 3GS. Click the blue arrow button to continue. 
9. In the next Cydia settings screen; you can pre-install the packages in the custom firmware so you don't have to manually install them later. Select the packages and click the blue arrow button to continue.
10. The Custom Logos Settings screen allows you to change the boot and restore logos. Once you have selected the boot and restore logos, click the blue arrow button to continue. 
11. In the next screen, select Build and then click on the blue arrow button to continue. You will be prompted to save the custom firmware file, save it as iPhone2,1_3.1_7C144_Custom_Restore.ipsw so that you differentiate the custom firmware file created by PwnageTool with the firmware file you had downloaded earlier.
12. While building the custom firmware, you will be prompted to enter a password. Enter your administrator password and then click OK.
13. You will then be prompted to close PwnageTool application then put your iPhone 3GS in recovery mode. Click the Ok button to continue. 
14. You can follow these instructions to put your iPhone 3GS in recovery mode:
- Disconnect your iPhone 3GS from your computer.
- Turn off your iPhone 3GS.
- Press and hold the Home button while reconnecting the USB cable to iPhone. When you reconnect the iPhone 3GS to your computer via USB port, the device should then power on.
- Continue holding the Home button while your iPhone starts up. While starting up, you will see the Apple logo.
- When you see "Connect to iTunes" on the screen, you can release the Home button and iTunes will display the recovery mode message as seen below:
15. When iTunes pops up the message as seen above telling you that it has detected an iPhone in recovery mode. Select "Ok".
Restore your iPhone 3GS in Recovery mode with Custom iPhone Firmware created using PwnageTool 3.1.3:
You can now use the custom iPhone firmware created using the PwnageTool 3.1.3 to restore your iPhone 3GS in recovery mode on either Mac or Windows by following these steps.
1. Connect your iPhone 3GS to your Mac or PC and select your iPhone from the list of devices in iTunes.
2. In the Summary Tab, Hold down Option and press the "Restore" button. If you are using Windows hold down Shift and press the Restore button. (This is a VERY IMPORTANT STEP as just pressing the "Restore" button will result in restoring your iPhone with the latest firmware which is firmware 3.1 currently, by holding down Option in case of Mac or Shift in case of Windows, allows you choose the custom iPhone firmware file.) 
3. You should be able to see all the older iPhone firmware files you had downloaded so far, select the custom iPhone firmware (iPhone2,1_3.1_7C144_Custom_Restore.ipsw file) that was created earlier using PwnageTool to restore your iPhone 3GS (it’s important that you use the custom firmware file iPhone2,1_3.1_7C144_Custom_Restore.ipsw).
4. Once your iPhone 3GS is restored, it will be jailbroken and updated with iPhone firmware 3.1 but the baseband will still be 04.26.08 (and not 05.11.07) so you can unlock your iPhone 3GS using UltraSn0w. You can check it by going to Settings -> General -> About and looking for Version, it should be 3.1 (7C144) and Modem firmware should be 04.26.08.
5. The last step is to set up your iPhone 3GS from a backup.
Update:
Updated the instructions for putting iPhone 3GS in recovery mode thanks to feedback from our readers.
As always, don't forget to drop us a line to tell us how it goes.
[via iClarified]
Follow us on Twitter
well, what i did is this:
From the off position, i pressed both the home button and the wake/sleep button until the apple logo came on and then i released both….and then i connected the iphone to the computer with itunes open…and then i held on to the home button for maybe 2 minutes or so..and my iphone booted up like normal. there you go…hope it works out for you!!!
You can checkout this post for more details:http://www.iphonehacks.com/2009/09/dev-team-re-jailbreak-iphone-3gs-after-accidentally-upgrading-to-iphone-os-31.html
Yeah it didn't work. It kept going straight to the itunes with the usb logo on the phone as soon as I let go of the buttons. I kept holding it for another almost 5 min and nothing. Ended up having to restore and use my latest backup.
Everyone is getting this error. It looks like if you have 3GS with 3.1 it won't work AT ALL even if you already JB your phone earlier on a different FW.
Jus tried everything in that blog and in the comments… Nothing worked….. I DID however get a different error message…. error 21. When I tried to do it in windows it made it a little farther on the "Preparing iPhone For Restore" then it failed with the error 21… what is that error mean?
Those instructions are certainly different!
Thanks – I'll give it a go, although probably not for a day or two: I want plenty of time available for reinstalling all the existing customisations.
Incidentally, even when it *doesn't* work for me, I really do appreciate the hard work done by both iPhoneHacks & the Dev Team – just the brief threat of losing my jailbreak made me realise just how much I appreciate it!
While I never expect them to offer unlocked phones for contract prices, I do hope Apple will drop the restrictions of the App Store some day: an un-jailbroken iPhone is a very good device, but a jailbroken iPhone is everything the iPhone should be.
Success! Thank You.
It seems everything alright, but except I find no carrier logo in the upper left corner of the iPhone. I had "Activate the phone" option unchecked because my Iphone need not to be unlocked. Should I have the "Activate the phone" option checked to get back the carrier logo?
Some of u people need to quit crying about the dev team not releasing a windows version. They always release the mac version 1st so if ur to impatient to wait then kick rocks.
I was wonderin have the issues in 3.1 been resolved like battery life ect.
Correct, since you had already upgraded to 3.1 the jailbreak won't work for now. You had to be on 3.0 or 3.01 jailbreak before applying the custom IPSW.
When is available for Windows users ?
There's no carrier logo, I still can use the phone.
The reason you are getting the error is because you upgraded to 3.1. The current jailbreak method ONLY works for users who are on 3.0 or 3.01 3GS and jailbroken. Even though you are looking for a jailbreak and not unlock it won't work for you for now until the Dev team finds an alternate solution.
Hope this helps.
No you cannot jailbreak now (at least with the given Pwnadge tool) you were not supposed to upgrade to 3.1. This solution only works if you are on 3.0 or 3.01 & jailbroken.
I was on OS 3.0.1 with JB using redsn0w 0.8,I was facing problem in carrier so I used Reset Network but that did not help me so then I used Erase All Contents,after tapping that button restarted and stuck on apple logo.
I tired to restored it and lot othere options,
1) ECHD (for that I an not sure saurik server have for mt device but I tired if any possibility !!!)
2) used umberalla options
3) iRecovery options
4) Aging used redsn0w but stuck at Activing with pinapple logo.
I am confused shall I upgared to os 3.1 from Itunes or is there any other way to start my phone with out upgrading to 3.1 ?
Is pwnage 3.1 work after upgrading to 3.1 using Itunes ?
or shall I get cutome rom and directly try to restore usgin already customized firmwares (jailbroken and without baseband upgrade) as I also want carrier umlock ? will it work directly to restore my phone with out updating to 3.1 ??
please help me ??
Thanks in advance…
my iphone was already jailbrocken i followed the instructions but it had no service
(at&t)
Dear Iphonehacks
Plz Make a custom firmware for windows user in 2 version.
1. lock iphone 3gS
2. Unlock iphone 3gs.
so its easy windows users download the file & flash it.
We are waiting for positive reply from you. You are our trusted source.
Thanks & best regards to Devtem & IphoneHacks
Oh,I see.This shit is work for 3.0 and 3.0.1.Not for users had already updated to 3.1.It won't work and useless anyway.
I am from Singapore. This guide sure works like a charm. Everything was done within like 20 minutes.
Thanks a lot iPhoneHacks, and the Dev Team.
Just a reminder for everyone who wants to give this a go: backup your iPhone with iTunes first so that you can restore everything (settings, photos, contacts, etc) back swiftly after the operation. This is a wipe clean operation, you will get a pristine iPhone 3.1 after that, not a single bit of data will be left.
What are the advantages of upgrading to 3.1 I don't want to have to reinstall all my jail-broken apps only to find there is no difference.
Thanks
i got the iTunes has detected an iPhone in recovery mode. With DFU and recovery mode, we got the same message right? so im thinking that who updated to 3.1 even if we had jailbroken the 3.0 and the 3.01 with the file thing in cydia, we are unable to jailbreak at this time, right?
hey if i do jailbreak my 3gs, will i still be able to download and install cracked apps through cydia.hackulo.us and installous?
hi there, could u post the link for windows ?
thanks
So, I should follow the guide from beginning to end. With the "Activate The Phone" option UNCHECK. Then re-setup the phone from my backup. Once done, I should run the "check for updates" on iTunes to get this carrier settings update for the MMS? Thx
my itunes gets stuck in preparing iphone for restore… i already upgrade to 3.1 anyone have sucess jailbreaking it?
no-one that I know of. I have tried almost everything i know how to and even things I had never heard of and still didn't get it to work.
Boom! Now I can run Dropbox on 3.1. About time.
i upgrade my iphone 3gs to 3.1 with itune, which upgrade the baseline to 5.11.07. Does this mean i am unable to jailbreak and unlock at this time?
My carrier logo is missing. anyone else noticing that?
Jailbreak it.
I did everything and it worked great. Now when I connect to itunes it says update carrier settings? Should I? Is this what enables the MMS? Thanks!
yes same here
everything works well for me (thank you very much!) but my carrier name is no longer listed on the top bar. Is that normal?
It appears to be a cosmetic issue, it shouldn’t impact coverage or signal. Dev Team seem to be aware of the issue. They were to fix it in this version of PwnageTool. They recently reported that they have heard similar complaints even from users who had not jailbroken/unlocked their iPhone so they are not sure if it is due to jailbreaking/unlocking.
Updated the post to mention this known issue. Thanks for highlighting it.
On Tue, Oct 6, 2009 at 12:49 AM, Admin@iPhoneHacks.com <admin@iphonehacks.com> wrote:
It appears to be a cosmetic issue, it shouldn’t impact coverage or signal. Dev Team seem to be aware of the issue. They were to fix it in this version of PwnageTool. They recently reported that they have heard similar complaints even from users who had not jailbroken/unlocked their iPhone so they are not sure if it is due to jailbreaking/unlocking.
No. If you upgraded to 3.1 without using pwnagetool, you cannot jailbreak it currently. Hopefully a solution will be released soon.
when will be available the jailbreak for the iphone os 3.1 for windows??
iphone hacks do we have any kind of time frame for the pwnage tool to jailbreak the 3G[S]
Used 3.1_3GS_Jailbroken_NO_BASEBAND.ipsw everything went through but now no VVM and it seems to be unlocked. I had to install Ultrasnow just to get it to connect to AT&T with no carrier logo in the status bar.
Used 3.1_3GS_Jailbroken_NO_BASEBAND.ipsw everything went through but now no VVM and it seems to be unlocked. I had to install Ultrasnow just to get it to connect to AT&T with no carrier logo in the status bar.
Found this and it worked for VVM
to fix your visual voicemail after doing tthe 3.1 update. go to Settings > General > Profile > then remove the BENM.at Call your phone, leave a voicemail and it will work!!!!!!
I was already jail broken at 3.0.1 and then restored to 3.1 will this work for me
I don't care about unlock Im at&t
Ok So I jailbroke my 3.1 3gs.. and everything was cool .. until i installed installous and then i tried istalling a app then all my apps disapeared and i cant sync them back on my phone?? can you help?
Where did you get that ispw file???
i've got 3gs originally jailbroken 3.0.1. Unknowingly upgraded to 3.1. It seems, the above procedure doesn't work with iphones 3Gs 3.1 installed. is waiting for apple dev team the only solutions or is there any alternative. someone pls. help. you can email me on: shamsarabia(at)gmail(dot)com
After updating from 3.0 to 3.1 using these instructions, I get a message "an update to your carrier setting is available. Would you like to install it now?" I am NOT planning to unlock the phone and have a contract with ATT here in the U.S. Should I install the update and does it impact the jailbreak?
does this jailbreak mean the iPhone 2g can work with the Virgin network in the UK? as when I look in the carrier menus Virgin or 3 aren't listed? could someone please advise? thanks.
What's the advantage of upgrading to 3.1?
From the source posted. Installed in Win7 and with a little tweaking all is well.
man i am in the same boat as u guys