How To Jailbreak iOS 4 For iPhone 3GS (New Bootrom) Users With SHSH Blobs (Mac)

Jailbreak iOS 4 on iPhone 3GS

iH8sn0w, developer of popular jailbreaking tools such as Sn0wbreeze has just published a detailed guide on how to jailbreak iOS 4 for iPhone 3GS with new bootrom for Mac users.

Windows users can checkout this guide to jailbreak iOS 4 for iPhone 3GS (new bootrom) with SHSH blobs (ECID files).

Some important points before we proceed:

If you gone through all the points mentioned above and meet the requirements then you can follow the step-by-step instructions given below:

Required:
libusb-1.0
xpwntool
iOS 3.1.2, 4.0
iOS 3.1.2 SHSH blobs
Download this (
http://www.mediafire.com/?mmn1nnjlqoy)
STEP 1 : Grabbing your 3.1.2 iBSS file.
Pointing your hosts :
I : If you have your shsh blobs saved on Cydia/Saurik's server then follow this tutorial. —
http://saurik.com/id/12
II : If you have it saved with TinyUmbrella, then download the GUI here. –http://thefirmwareumbrella.blogspot.com/
——-
Restoring to grab the iBSS file.
I : Place your device in DFU.
II : Start up the iBSS/iBEC grabber.
III : Put the save folder on a new folder on your desktop.
IV : Hit "Start Monitoring".
V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
STEP 2: Creating your custom firmware
Use Pwanage Tool (blog.iphone-dev.org) to create a custom ipsw ignore the warnings about the new bootrom.
STEP 3:
Extract the zip file we downloaded earlier and use terminal to enter it
STEP 4:
Create a new folder inside this called 3.1.2 and extract your 3.1.2 ipsw here (unzip *.ipsw in terminal)
STEP 5:
Use xpwntool to patch iBoot & iBSS (run this in terminal)

xpwntool Firmware/dfu/iBSS.n88ap.RELEASE.dfu ibss.d -iv 41639d34547ae3dd7921bf3539dba529 -k 9121de4a038675d92e1a28683b2138b7a3bdb80994273d090398051c7f5af53c; bspatch ibss.d ../exploitibss312 ../ibss.patch; xpwntool Firmware/all_flash/all_flash.n88ap.production/iBoot.n88ap.RELEASE.img3 iboot.d -iv 127aa60e77da219961ee70707f44cbd4 -k c72ab4aae971f3a9ec356dfe555e4aef72d8e96c480698445ac236904e6a3443; bspatch iboot.d ../iboot.payload ../iboot.patch; cd ..; rm -rf 3.1.2

STEP 6:
Create a folder called 4.0_cust inside 4.0_pwn and enter it with terminal and copy your custom 4.0 ipsw here.
STEP 7:
Extract your custom ipsw (unzip *.zip)
STEP 8:
Run the following in terminal:

cp kernelcache.release.n88 ../kcache.40; cp Firmware/dfu/iBEC.n88ap.RELEASE.dfu ../iBEC.40; cd ..;

STEP 9:
Copy your signed iBSS from earlier into 4.0_pwn
STEP 10:
Place your device in dfu mode (power home for 10 seconds, release power keep holding home (blank screen and itunes asking to restore).
STEP 11:
Run the following in terminal:

./irecovery -u ibss312.dfu; ./irecovery -r; sleep 10; ./irecovery -e exploitibss312; ./irecovery -u iBEC.40; ./irecovery -c go; sleep 10; ./irecovery -u sn0w.img3; ./irecovery -c "setpicture 0"; ./irecovery -c "bgcolor 1 1 1";

STEP 12:
Restore your custom 4.0 ipsw
Booting your device:
Run the following in terminal (once in the 4.0_pwn directory):

./irecovery -u ibss312.dfu; ./irecovery -r; sleep 10; ./irecovery -e exploitibss312; ./irecovery -u iBEC.40; ./irecovery -c go; sleep 10; ./irecovery -u sn0w.img3; ./irecovery -c "setpicture 0"; ./irecovery -c "bgcolor 1 1 1"; ./irecovery -u kcache.40; ./irecovery -c bootx;

iTunes will detect your device several times before it boots.

As always, please don't forget to drop us a line to tell us how it goes.

[courtesy iH8sn0w]

Like this post? Share it!

  • nitish

    crap , i dont hav mac

  • http://profile.typepad.com/iphonehacks iPhoneHacks
  • Diwas

    i Have a 3g and i Need to downgrade to 3.1.3 please help me this IOS 4 is being to much slow and hangs my iphone now and then hey guys u are genious and i know u guys help me…………. thank you in advance i need a downgrade tool for iphone 3g and shsh bolb wasn't saved and i tried it but My phone 3g does not support it so please i need a big help please help me to downgrade my firmware to 3.1.3 please guys help me please please please

  • Jimmy

    so if i have SHSH from 3.1.3 it doesn't work?

  • http://profile.typepad.com/iphonehacks iPhoneHacks

    You can use this guide for iPhone 3G to downgrade to iPhone OS 3.1.3:
    http://www.iphonehacks.com/2010/07/how-to-downgrade-iphone-3g-from-ios-4-to-iphone-os-3-1-3.html

  • http://profile.typepad.com/iphonehacks iPhoneHacks

    iH8sn0w has clarified that it won't work with iPhone OS 3.1.3 SHSH blobs.

  • teller

    why it won't work with 3.1.3 ssh bobs?

    • http://www.Facebook.com Ahmed

      Because you are a donkey

  • Lol E

    OMG people read the blog before commenting!! 3.1.3 ssh blobs will not work end of!

  • http://Www.nospam.com MastaBlasta Costa Rica

    My 3gs has the 3.1.2 shsh blobs saved at sourik's server and it is still at 3.1.2 jailbreaked. Do I still need to restore? Is it because a fresh never jailbreaked 3.1.2 is needed or were you assuming most were at 3.1.3 or even 4.0?

  • Tom

    http://www.youtube.com/watch?v=kmNRL8ZMJuM ? omg iphone 4 :O its real or fake ?

  • http://profile.typepad.com/cyrexking Cyrexking

    i dont think its real , i think its fake or something . Other wise it will be all over the internet .

  • http://profile.typepad.com/iphonehacks iPhoneHacks

    It's real as it comes from iH8sn0w, who is well known for jailbreaking tools like Sn0wbreeze. Its not all over the internet as it is complicated.

  • Big boy

    Why it is so hard for 3.1.3 new
    New Bottroom to jailfreak

  • Serwi

    I got Os 3.1.2 but weirdly my shsh blobs are for 3.1.3. Does this means I cannot jailbreak or am I missing something???

  • Kallias

    Because it is? Reverse engineering code and finding holes to exploit is not easy, every different scenario has its own challenges…

  • Kallias

    I don't think it effects the jailbreak, what it might effect is your ability to downgrade back to 3.1.2 if you decide to at any point. Funnily enough I have 3.1.2 and 3.1.3 blobs (according to Cydia) and have never run 3.1.3?

  • http://profile.typepad.com/shawnedwards Shawn Edwards

    "II : Start up the iBSS/iBEC grabber." Isn't this a "windows" program??? Geez I'm stuck in step 1.

  • Serwi

    That's actually what i was trying to say… and i am wondering if that means i cannot get iOs 4 and jailbreak it using this guide?

  • Marshalleq

    Wow still no solution for 3.1.3 people who's phone came with new bootrom. I'm beginning to think we've been forgotten!

  • jay

    dats totally true man .,., evn i've been stuck with a new bootroom brick since i did the shit mistake of upgrading to 3.1.3 .,., don't know whn the waits gonna be over

  • http://profile.typepad.com/mastnyzmrd mz159

    I'm just a little confused. Have 3GS with new bootrom and OS 3.1.2 on it. Never JB the phone before, so what are my choices to upgrade to OS 4.0?

  • http://profile.typepad.com/shawnedwards Shawn Edwards

    No insight on iBSS/iBEC grabber being a Windows-only (.exe) program? Has anyone got this to work?

  • Kallias

    There's a tool called TinyUmbrella that forces the SHSH backup to Cydia. I would try backing up a 3.1.2 blob before I attempted any of the current 4.0 jailbreaks.

    It took me three attempts to upgrade to 4.0 using PwnageTool 4.01, two of them followed by a downgrade to 3.1.2 and re-jailbreak with blackra1n.

  • Technicolor

    I can't figure the ibss grabber out either… Any help?

  • http://profile.typepad.com/maxtor182 Maxtor182

    Not even worth it for tethered jb. Wait for comex

  • Ben

    They said it will only take days to release the unlock and jailbreaking the 4.0 software where the HELL is the software its taking now a week soon it will be weeks