iPhone Dev Team released PwnageTool 3.1.3 for iPhone OS 3.1, which added support for iPhone 3GS so that users can upgrade their jailbroken iPhone 3GS to iPhone OS 3.1 and also preserve the baseband firmware so that they can unlock their iPhone.
This step-by-step guide will show you how to use Dev Team's PwnageTool 3.1.3 courtesy folks at iClarified.
Some important points to note before we start:
-
Hacking your iPhone could void its warranty. So please proceed with caution.
-
This guide is applicable only for iPhone 3GS users. iPhone 3G users can refer to this guide. We’ll publish a guide for iPhone 2G users shortly.
-
PwnageTool 3.1.3 will work only if you had jailbroken or pwned your iPhone 3GS running iPhone OS 3.0 or iPhone OS 3.0.1. If you accidentally upgraded your jailbroken iPhone 3GS to iPhone OS 3.1 then PwnageTool 3.1.3 might not work.
-
If your iPhone 3GS came with iPhone OS 3.1 pre-installed or you have not jailbroken your iPhone 3GS running iPhone OS 3.0 or iPhone OS 3.0.1 then PwnageTool 3.1.3 will not work. Dev Team is figuring out a way to make it work so please be patient.
-
PwnageTool does not unlock iPhone 3GS but it allows you to jailbreak your iPhone 3GS by allowing you to create a pre-jailbroken iPhone OS 3.1 and also preserves your iPhone 3GS’s baseband from getting updated so that you can use UltraSn0w to unlock it. (After unlocking your iPhone running jailbroken iPhone 3.1 if you notice that the name and/or logo of the carrier is missing then it appears to be a cosmetic issue, it shouldn’t impact coverage or signal. Dev Team are looking into the issue.)
-
This guide cannot be used to downgrade your baseband from 05.11.07 to 04.26.08 (currently there no method away to downgrade the baseband from 05.11.07 included in iPhone OS 3.1).
-
If you already have a jailbroken iPhone and have installed jailbreak iPhone apps then this method will also result in wiping out the jailbreak apps. You'll need to reinstall them via Cydia.
-
The only way to update your jailbroken iPhone 3GS to jailbroken iPhone OS 3.1 and preserve its baseband is by using the PwnageTool 3.1. PwnageTool is only available for Mac users, so Windows users who want to unlock their iPhone 3GS should either get the custom firmware created by the PwnageTool on a Mac from someone they trust or borrow their friend's Mac and follow this guide.
Preparatory steps before Jailbreaking your iPhone 3GS and preserving its baseband:
1. Please take a backup of your iPhone, refer to this post for more details.
2. Please download PwnageTool from any of these download links:
- http://apfelportal.de/host/images/PwnageTool__3.1.3.dmg
- http://imodzone.net/pwn/PwnageTool__3.1.3.dmg
- http://nevyn.nu/files/PwnageTool__3.1.3.dmg
- http://zcr.me/f/PwnageTool__3.1.3.dmg
- http://dl.opt-6.com/public/PwnageTool__3.1.3.dmg
- http://mirrors.c2wifi.org/iPhone/PwnageTool__3.1.3.dmg
- http://www.spiralnine.com/bin/PwnageTool__3.1.3.dmg
- http://www.hackthatphone.net/PwnageTool__3.1.3.dmg
- http://downloads2.touch-mania.com/PwnageTool__3.1.3.dmg
- http://coldgame.de/PwnageTool__3.1.3.dmg
- http://files.mackgoodstein.com/PwnageTool__3.1.3.dmg
- http://dev.poorlad.com/PwnageTool__3.1.3.dmg
3. You need to download the iPhone firmware 3.1 file for iPhone 3GS from this link (iPhone2,1_3.1_7C144_Restore.ipsw).
Create Custom Firmware 3.1 using PwnageTool 3.1.3:
1. Launch PwnageTool 3.1.3. You will see the following warning message, click OK. 
2. Please select the Expert Mode from the menu bar in the next screen.
3. Then select iPhone 3GS from the options presented and then click on the blue arrow button to continue. 
4. You will see the "Browse for IPSW" screen. PwnageTool will automatically find the iPhone2,1_3.1_7C144_Restore.ipsw file that you had downloaded on your Mac. If PwnageTool doesn't automatically find the ipsw file you can click Browse and select the file. 
5. Click iPhone2,1_3.1_7C144 to select the IPSW file, a checkmark will appear next to it. Then click the blue arrow button to continue. 
6. In the next screen, select General and then click on the blue arrow button to continue. 
7. The General settings allows you to decide the partition size (you have to increase the size of the root partition to 695 MB). Keep "Activate the phone" option checked if you want to unlock your iPhone or deselect it if you are using an official iPhone carrier. Click the blue arrow button to continue. 
8. In the next screen, you will see the Bootneuter settings greyed out for iPhone 3GS. Click the blue arrow button to continue. 
9. In the next Cydia settings screen; you can pre-install the packages in the custom firmware so you don't have to manually install them later. Select the packages and click the blue arrow button to continue.
10. The Custom Logos Settings screen allows you to change the boot and restore logos. Once you have selected the boot and restore logos, click the blue arrow button to continue. 
11. In the next screen, select Build and then click on the blue arrow button to continue. You will be prompted to save the custom firmware file, save it as iPhone2,1_3.1_7C144_Custom_Restore.ipsw so that you differentiate the custom firmware file created by PwnageTool with the firmware file you had downloaded earlier.
12. While building the custom firmware, you will be prompted to enter a password. Enter your administrator password and then click OK.
13. You will then be prompted to close PwnageTool application then put your iPhone 3GS in recovery mode. Click the Ok button to continue. 
14. You can follow these instructions to put your iPhone 3GS in recovery mode:
- Disconnect your iPhone 3GS from your computer.
- Turn off your iPhone 3GS.
- Press and hold the Home button while reconnecting the USB cable to iPhone. When you reconnect the iPhone 3GS to your computer via USB port, the device should then power on.
- Continue holding the Home button while your iPhone starts up. While starting up, you will see the Apple logo.
- When you see "Connect to iTunes" on the screen, you can release the Home button and iTunes will display the recovery mode message as seen below:
15. When iTunes pops up the message as seen above telling you that it has detected an iPhone in recovery mode. Select "Ok".
Restore your iPhone 3GS in Recovery mode with Custom iPhone Firmware created using PwnageTool 3.1.3:
You can now use the custom iPhone firmware created using the PwnageTool 3.1.3 to restore your iPhone 3GS in recovery mode on either Mac or Windows by following these steps.
1. Connect your iPhone 3GS to your Mac or PC and select your iPhone from the list of devices in iTunes.
2. In the Summary Tab, Hold down Option and press the "Restore" button. If you are using Windows hold down Shift and press the Restore button. (This is a VERY IMPORTANT STEP as just pressing the "Restore" button will result in restoring your iPhone with the latest firmware which is firmware 3.1 currently, by holding down Option in case of Mac or Shift in case of Windows, allows you choose the custom iPhone firmware file.) 
3. You should be able to see all the older iPhone firmware files you had downloaded so far, select the custom iPhone firmware (iPhone2,1_3.1_7C144_Custom_Restore.ipsw file) that was created earlier using PwnageTool to restore your iPhone 3GS (it’s important that you use the custom firmware file iPhone2,1_3.1_7C144_Custom_Restore.ipsw).
4. Once your iPhone 3GS is restored, it will be jailbroken and updated with iPhone firmware 3.1 but the baseband will still be 04.26.08 (and not 05.11.07) so you can unlock your iPhone 3GS using UltraSn0w. You can check it by going to Settings -> General -> About and looking for Version, it should be 3.1 (7C144) and Modem firmware should be 04.26.08.
5. The last step is to set up your iPhone 3GS from a backup.
Update:
Updated the instructions for putting iPhone 3GS in recovery mode thanks to feedback from our readers.
As always, don't forget to drop us a line to tell us how it goes.
[via iClarified]
Follow us on Twitter
SUCCESS!!!! FIRST TIME AROUND!! THANK YOU ONCE AGAIN
Any idea on when the Windows version will be released?
Works great! No issues…
They WILL NOT release a windows version, they are NOT working on it. They do NOT have any intentions to release a pc version…
omfg…. this thing works beautifully and this works on windows 7!!!!!!
i just used it on here and jailbroke my baby
I got an error 1600. Please help
I got error 1604.. any ideas?
It looks like you haven't put your iPhone in recovery mode properly. Follow the steps mentioned in the guide to put your iPhone 3GS in recovery mode and try to restore using the custom firmware again.
make sure u put phone on restore mode not dfu, if u put on dfu it won't work.
Now why would they all of a sudden not want to release a version for windows i call Bulls***
It looks like you haven't put your iPhone in recovery mode properly. Follow the steps mentioned in the guide to put your iPhone 3GS in recovery mode and try to restore using the custom firmware again.
Said to said that Dev Team had give up with MS Windows users….
I agree. I'll wait to see what they Dev Team has to say!
how can you tell the diffrence?
Really it worked on Windows 7? I find that hard to believe unless you are using an emulator for OSX
Can this down the baseband to 04.26.08 for the one accidently upgraded to 3.1 from apple ?
Or is ther any other way ?
With the baseband 05.11.07 i cannot unlock it.
how about the accidentally 3Gs ?
Does a Purplera1n jailbroke 3Gs ver 3.o qualify as a prior "jailbroken" phone that this will work on? The phone is now unjailbroken running 3.1. I thought my SHSH was captured thru Cydia but I'm unable to downgrade after following the hosts file modifications to return to version 3.0.
http://jaxov.com/2009/09/revert-downgrade-iphone-3gs-firmware-3-1-to-3-0/comment-page-1/#comment-1517
It's not said enough,thank you for all your great work!
Dev Team has mentioned that they will update RedSn0w but they haven't given an ETA. They have mentioned that PwnageTool to jailbreak any iPhone 3GS is the priority as it is the only way to preserve baseband.
I jailbroke my 3gs with windows today.
Just search Google there's a way to do it…
Yes, PwnageTool is compatible with Purplera1n. You should be able to jailbreak.
so does this work for windows or no?
Hi, my iPhone 3GS came with OS 3.0.1 installed and I have jailbroken it successfully. In Cydia, it says "This Device has a 3.1 ECID SHSH on File". Will I be able to update my iPhone 3GS to iPhone OS 3.1 Using PwnageTool 3.1.3? Thanks!
I have a iPhone 3GS came with OS 3.0.1 installed and I have NOT jailbroken it. Can anyone offer some steps or helpful insights?
I tried it again and am still getting the 1604 error.
I had no problems. Please just take the time to read and understand instructions. Works like a champ!
B
how about the accidentally 3Gs ?
I did exactly that, and also got the 1600 error. I've then tried holding both the Sleep/Wake and Home buttons, and now have an Apple logo just sitting there.
Caution – these instructions clearly still have the potential for failure when followed to the letter.
Now I just hope I can get my phone back to 3.0.1 with the jailbreak, because at the moment I have a shiny apple-logo'd brick.
OK – full run down on the situation while I try not to panic.
iPhone 3GS, jailbroken and running 3.0.1. Was running very nicely. At the moment asking myself why I tried to upgrade it… but there is an app which sounds really good that only runs on 3.1, so I guess that's why.
Followed the instructions in this guide to the letter – reread several times before attempting, then followed them through in order.
I did add some of the packages to Cydia to save myself time reconstructing the phone afterwards… was this a mistake? The instructions here say it's OK, but maybe they're wrong.
I then did exactly this to put my phone in recovery mode:
Press and hold the Home button and the Sleep/Wake button at the same time.
As soon as the screen goes black release the Sleep/Wake button.
Continue holding the home button until you iTunes pops up a message as seen below telling you that it has detected an iPhone in recovery mode.
It did that, I selected the "custom_restore" firmware I created, it said "extracting software", then repeatedly zipped through progress bars saying "preparing iPhone for restore", then…
The iPhone "iPhone" could not be restored. An unknown error occurred (1600).
Suggestions, please?
Incidentally, I just tried creating a new custom firmware using the "Simple" option and not messing with it at all… and that failed in exactly the same way.
Umm… help? Please??
WARNING. Following the instructions isn't enough – you need to follow the instructions and be lucky. I followed the instructions, but I wasn't lucky. Now I don't know if I can get my phone working again without losing my jailbreak.
what was the site?
ive never had a problem in the last 2 years jailbreaking, but this time, when it came back up, i have no carrier logo and cant use my phone, it appears to be jailbroken, but cant use phone, any ideas?
In case anyone else gets stuck like I did, here's how I got out: press and hold both buttons until the screen goes blank, then comes back to the Apple logo. Connect it to the computer (I had iTunes running, but I don't think that matters). Press and hold the Home button for a LONG time… eventually, the phone vibrates, and at that point I let go of the Home button. A moment later, it woke up to the normal unlock screen.
As far as I can tell, nothing had written anything to the phone, so that "escape" got me back to the phone the way it was before.
Once bitten, I think I might leave this "upgrade" unless/until I know how to make it really work.
never mind i forgot to uncheck the activate button…i got it
Luck must have a lot to do with it. I've tried about a dozen times. Nothing worked.
what if say you wanted to jailbreak the 3gs and also upgrade the baseband since im using a offical iphone carrier? is there some checkbox i can tick?
If I jailbroke my phone at OS3.0 with purplerain and then upgraded to 3.1 can I use this to jailbreak or does the phone have to be currently jailbroken at 3.0.
well i had my iphone jailbroken through pc using redsnow but accidently updated through i tunes and lost my jailbrake. i don't think i ever hit the button in cydia "make my life easy" so i am asking for you all to help me out. i have a pc and really don't have access to a mac. is there any way i can re jailbreak my phone
thanks
oh yea i have a 3gs
well one more question. is it possible for someone on a mac to create a file for me to use on a pc to jailbreak my phone?
That's suck.Not any more for Windows version ?
thanx Robin!!! to everyone here who efffed up their iphone, just listen to what Robin did. It worked for me and i'm back to my jailbroken 3.0 iphone. this was life-saving advice. and i'm gonna do the same and wait for a better way to jailbrake to 3.1
Again, if you effed up your iphone like i did and got some "1600" error or something, just look up at a couple posts earlier and listen to how Robin fixed this problem…it worked for me. unfortunately it doesnt jailbrake your iphone…but the good news is that it brings your iphone back to it's previous jailbroken 3.0 self again…thanx again, Robin
tried on two friends phones iphone 3gs and 3g same exact deal had two upgrade them to 3.1 to make phone work agree with u followed to letter mac had to have changed something sux
so Windows users who want to unlock their iPhone 3GS should either get the custom firmware created by the PwnageTool on a Mac from someone they trust or borrow their friend's Mac and follow this guide
about this
why don't you post for us a custom firmware pleasssssseeeeee
Yours
Ramy Yasser
it is so disappointed Dev Team forget all the Windows uses. but there is way to over come this issue. Use the VMware to install a MAC virtual computer on windows.
Hello, I dont have a mac but my friend does and he has a custom firmware that he created for his 3G, would that still work with my 3gs? or does he have to re create a custom firmware for 3gs? also what are the steps for a windows user that has gotten his hands on a trusty persons custom firmware?
From here you can download directly the already customized firmwares (jailbroken and without baseband upgrade) for iPhone 3G and iPhone 3GS.
http://myoi.wordpress.com
for some reason I cant seem to jailbreak my 3GS with 3.1
My custom firmware doesnt seem to work. Everything goes fine till I need to restore with custom firmware.. its preparing iphone for restore and my iphone shows itunes + usb connect logo..
after 5 minutes i get error code 1604(Iphone could not be restored. Unknown error occured )
Dev team please advise!
followed exact and get error 1600 3 times in a row