iH8sn0w, developer of popular jailbreaking tools such as Sn0wbreeze has just published a detailed guide on how to jailbreak iOS 4 for iPhone 3GS with new bootrom.
iH8sn0w was planning to release an updated version of Sn0wbreeze to make this possible but has decided to write the tutorial as he realized it would take too long.
Some important points before we proceed:
-
This guide is only for advanced users. This guide is only for Windows users. Mac users can checkout this step-by-step guide.
-
Please note that jailbreaking your iPhone or iPod Touch may void your warranty and hence proceed with caution.
-
Do not forget to backup your iPhone before you proceed. You can refer to this post for instructions on how to backup your iPhone 3GS.
-
This guide is only for iPhone 3GS users with new bootrom. You can use F0recast to find out if your iPhone 3GS has newer or older bootrom.
-
It will be a tethered jailbreak, which means that the jailbreak needs to be reapplied every time you power down your iPhone 3GS. If you let the battery run out or restart your iPhone 3GS then you will need to reapply the jailbreak by connecting to your computer (tethering).
-
It will only work if you had saved your iPhone 3GS’s SHSH blobs (or ECID files) for iPhone OS 3.1.2. iH8sn0w has clarified that it won't work with iPhone OS 3.1.3 SHSH blobs.
-
iPhone 3GS with older bootrom can use PwnageTool for Mac or Sn0wbreeze for Windows users.
-
iPhone 3G users can use Redsn0w to jailbreak iOS 4. You can checkout our detailed step-by-step guide for Mac and Windows users.
-
Currently there is no tool available to jailbreak iPhone 4.
-
After the jailbreaking process is complete, do not forget to checkout our article on tips to keep your iPhone secure. Also, remember to change the password of your jailbroken iPhone.
- This guide will NOT unlock your iPhone 3GS. You can use Ultrasn0w to unlock it after you have successfully jailbroken iOS 4.
If you gone through all the points mentioned above and meet the requirements then you can follow the step-by-step instructions given below:
WHAT YOU WILL NEED:
* An iPhone 3G[S] -- new bootrom
* 3.1.2 SHSH blobs.
* difrnt's iBSS grabber
* Payload Pwner-r2 for the 3GS.
* sn0wbreeze V1.6.2
* iBooty
* LibUSB (64-Bit users read carefully!!!)
* 3.1.2/4.0 3GS firmware downloaded.
-------
STEP A : Grabbing your 3.1.2 iBSS file.
Pointing your hosts :
I : If you have your shsh blobs saved on Cydia/Saurik's server then follow this tutorial. -- http://saurik.com/id/12
II : If you have it saved with TinyUmbrella, then download the GUI here. -- http://thefirmwareumbrella.blogspot.com/
-------
Restoring to grab the iBSS file.
I : Place your device in DFU.
II : Start up the iBSS/iBEC grabber.
III : Put the save folder on a new folder on your desktop.
IV : Hit "Start Monitoring".
V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
-------
Saving your iBSS
I : After Restoring, Go to the folder that you have specified to save your iBSS file.
II : You will see folders like (Per**.tmp). Go into one of them, and you'll see a folder called "Firmware". Go there. Then go to the folder "dfu".
III : Copy the iBSS file to a safe place, then you can remove the folder created by the iBSS Grabber.
------
STEP B : Creating custom 4.0 firmware.
I : Download sn0wbreeze from http://ih8sn0w.com and create your custom 4.0 ipsw.
*Ignore the warnings after browsing for the ipsw.*
------
STEP C : Installing LibUSB for iRecovery
Run this mini tool to detect your O/S + Arch. -- Windows + Arch. Detector
*********
WARNING : IF LIBUSB IS NOT INSTALLED PROPERLY, YOUR USB MIGHT NO LONGER WORK!
*********
Windows XP Users download this installer -- LibUSB Installer
*********
Windows Vista/7 users RUNNING 32-Bit:
* Download the installer and run it in compatibility mode for Windows XP.
*********
If you are a 64-Bit user, follow this tutorial -- LibUSB 64-Bit Tut
*********
Once LibUSB is installed iRecovery should be able to function now.
-------
STEP D : Pwning iBSS + iBoot
I : Download this easy tool here -- Payload Pwner-r2 for 3GS // It will help you create the payloads.
**SAVE THE PAYLOADS WHERE iBooty is.**
-------
STEP E: iBooty Prep.
Most of you know of the utility "iBooty" that I made for Aki_nG.
It will work as long as you place all of the correct files there.
I : Download iBooty GUI here -- iBooty for 3GS and Extract it.
II : Extract your Custom IPSW created by sn0wbreeze with 7-Zip or another un-archiver.
III : Grab the kernelcache and bring it into the same folder as ibooty.
Also grab the iBEC from the folder "Firmware\dfu\iBEC.n88ap.RELEASE.dfu"
IV :
* Rename your iBSS 3.1.2 signed to "ibss312.dfu"
* Rename your Kernel 4.0-Custom to "kernel.40"
* Rename your iBEC 4.0-Custom to "ibec40.dfu"
======
Your folder should look like this :
- iboot.payload <-- Created with Payload Pwner.
- exploitibss312 <-- Created with Payload Pwner.
- ibec40.dfu <-- Grabbed from Custom IPSW made by sn0wbreeze.
- irecovery.exe <-- Comes with iBooty.
- readline5.dll <-- Comes with iBooty.
- iBooty.exe <-- Comes with iBooty.
- ibss312.dfu <-- THIS NEEDS TO BE YOUR iBSS from the restore!
- kernel.40 <-- Grab from Custom IPSW made by sn0wbreeze.
- sn0w.img3 <-- Comes with iBooty.
======
-------
STEP F: Restoring to 4.0 + Booting
-------
*MAKE SURE YOU ARE ON 3.1.2 WHEN DOING THIS*
I : Run iBooty and Select "Prepare Device for Custom Firmware". Run the Process and if you see a snow flake, you can proceed!
II : Now open iTunes and restore to the custom ipsw.
***WHEN DONE, YOUR DEVICE WILL HAVE A BLACK SCREEN AND NOT BOOT! ITS IN A DFU LOOP [THIS IS NORMAL!]***
-------
STEP G : Booting
I : Just Re-Run iBooty and select "Boot It". If all goes well it will boot!
-------
Enjoy!
-------
As always, please don't forget to drop us a line to tell us how it goes.
Thanks everyone for the tip!
[courtesy iH8sn0w]
God what a pain in the arse, where's Geohot when you need him?
pls come up with easier version.
If my iPhone firmware currently is 3.1.3, Can i jailbreak or not?
this is ridiculous, no need to keep rehashing the same methods as new news articles. Stop getting everyone's hopes up and wait till some real news is released
It Works!! Try it before knocking it
i cant restore to 3.1.2 it comes up with error message plz help
i Have Iphone 3G i need to downgrade it to firmware 3.1.3 please help me No shsh has been saved in saurik server…….. please i am desperate please please help me to downgrade my iphone 3G from IOS 4 to 3.1.3 please help me guys please thank you in Advance…..
As mentioned in the other post, you can use this guide for iPhone 3G to downgrade to iPhone OS 3.1.3:
http://www.iphonehacks.com/2010/07/how-to-downgrade-iphone-3g-from-ios-4-to-iphone-os-3-1-3.html
Ive got an iPhone 3GS with 3.1.3 blobs! This sucks! I have a 3GS and an iPhone 4 that I can't jailbreak. Not interested in unlocking, but the factory tones are crap! Hope a solution for iPhone 4 is available soon.
Yes u can http://www.spiritjb.com
This doesn't work for my 3GS. Please make one for 3.1.3 blops.
i have got two payload files
iboot.payload
ibss.payload
but unable to get "exploitibss312".
anybody who have got this file then tell me or send me this file!!!!
i have also changed the name of this "ibss.payload" to "exploitibss312.payload". but no success.
Also unable to see the flake sign on my iphone screen.
if somebody have success with it then help me out.
can u send me the exploitibss312 file?
i have got ibss.payload file when i used payload pwner.
Totally unexpected. This is pain….. Dev team pls give us something simple and easy like previous.
what version of iTunes do you need?
What a load of hassle jailbreaking is these days. I'm sticking at 3.1.2 I think
Change the Name of ibss.payload to exploitibss312 without the extension
There is an easy way to jailbreak 3G S ios 4 ^_^. I successfully downgraded 3GS with ios4 to 3.1.2, then re upgraded to 4.0. It's fully working now. Somebody link me where to submit my guide in this site. Thx
I was using iphone 3gs 3.1.3 then i upgraded to ios 4 so plz tell me does now i'll be able to jb or not ??
the payload pwner r2 does not create exploitibss312, instead it creates another payload file named ibss.payload. I renamed it to the exploitibss312 and dropped it in iBooty folder but it results in a BSOD when you prepare. There has seriously got to be an easier way to do this. Everything installed perfectly (LibUSB) but this last step is pissing me off
admin@iphonehacks.com
WARNING!!!
"STEP C : Installing LibUSB for iRecovery
Run this mini tool to detect your O/S + Arch. — Windows + Arch. Detector "
This detector is NOT working.
Just for fun i ran it on my x64 win7 system and it said Windows 7 Ultimate 32bit.
Do not use it!
it's too complicated, i think i cant catch the point.
Apple is winning, jailbreaking isn't
much fun these days
wtf i cant even do step one lol…
Boss..
Excellent solution. It perfectly worked for me. I also request you to try building another version which is a consolidated single executable file for this entire multistep process of cracking.. Anyway very very good job done. Keep it going…..
Lots of people are having problems with this, if you unplug the phone from the computer or usb power source it kicks it back into recovery mode when the phone enters deep sleep.
Im just going back to 3.1.3
This hack is load of craps!
They do say for experienced users, and to a degree I am an experienced user, but this is bordering on madness to do and then only as a tethered result getting lost after reboots. Looking at F0recast the results don't match what the above is asking, bootrom version, I still can't tell.. is this the bootloader, and what is 6.4 when I see it.
I have to say the instructions, guides that are coming our are all very scrappy.. I think I will wait for a simple run/connect/trigger/done solution… Please somebody, release a nice easy patch.
BTW, how many links do you need in an iphonehacks article that just lead back to other iphonehack articles? These pages lead you in circles without ever actually going to the site they are discussing
This is totally useless… The majority of us are on 3.1.3 with the new bootrom and this solution is completely useless for us!
I suggest to only post relevant information that will allow all new bootrom users to utilize these tools.
I want
Libusb messed up my USB, lost my keyboard and mouse, I'm a quite computer savvy an knew a system restore would do the trick but had no idea how to do it without a mouse and keyboard, and mine dont have old style plugs just usb… So had to pay dell £40 + 2hr call to sort it…. From my experience of this I suggest u use quickpwn to get out of restore loop, works perfect, is simpler and is less of a risk! (for win 7, 64bit users)
Hi
I followed all instructions. I also need to download the payload files as I couldn't create them for some reason. Anyway once all was downloaded I ran ibooty, I got the icon/logo on th eiphon. I then went to restore using custom firmware but I get the following error "the iphone "iphone" could not be restored, an unknown error occurred (23)
Can any one shed any light on this. The reason for doing the upgrade was that I was using my jawbroken 3GS 3.1.2 on the motorway. I was actually using TomTom and I lost signal after a few minutes I got a message saying I will need to re sync with itunes. I don't remember the exact message. All I know I lost all signals "No Services" "NO wifi" Grayed out and also "No Bluetooth" the phone was jailbroken a few days earlier with Blakrain.
Please please help
Sorry to hear about your issue. We've updated the post to warn readers about it.
Yea I get the same problem! any Help would be greatly appreciated~!
sorry no downgrade 4 u =( if u DID NOT save ur SHSH then u CANT NOT downgrade. i dont know if i did and tried anyways and it worked for me but (lol so i guess i saved mine =) *thumbs up*) after that was a bigger pain in the ass… i had to find a way to kick my iPhone out of recovery mode and this is my solution 1. find ECID 2 TinyUmbrella and then kick out of recovery mode and then SYNC with old 3.1.3 sync wont work with 4.0 sync YAY then redsn0w JAILBRREAK FTW!!
100% agree with this comment. There are too many requirements that most people simply do not meet. So please stop getting peoples hopes up with the same methods that has been out since the release day of iOS 4. Thanks.
IVe found that YouTube does not work on my 3GS when I jailbreaked using sn0wbreeze… I've read a few solutions on the net but nothing definitive, have you experienced this problem, and if so do you know a solution that you have tested?
My hopes were kinda high when I saw this msg.
hi, my iphone is a 3gs w/ ios4 and holding an older bootrom(used idetector) so is it still possible for my phone to jb? previously i had jb my phone using spirit.. but after upgraded to ios4 now everythn have retored to original settings.. so is my phone still capable of jb?
another thing i would like to know is that, if using snowbreeze, must my phone be already jailbroken only it will work?
hope to recieve a reply asap.. thank u
I am already on 4.0, but I have SHSH stored for 3.1.2 and 3.1.3, so can i still jailbreak?
newiOS4User, would you be kind enough to send me the payload files, payload pwner isn't working for me at all. I got everything else worked out except for that. it doesn't generate anything. skasol@hotmail.com please. or anyone else that has these files. it would be greatly appreciate it. thanks.
philious everything worked fine for me. what trouble are you having?
what's the problem, did you downgrade to 3.1.2? where are you stuck?
where did you get the payload files, I need them as well. would you be kind enough to email them or link them for me please. skasol@hotmail.com
thanks in advance. that's where I am stuck.
Hi,
The same happend for me, do you have any idea how to fix this?
Hi,
did you used the PC tutorial or the mac tutorial?
i used the mac tutorial
Hi,
have you recieved the files?
can you please send them over to roy.mosko@gmail.com.
Thanks
hi i have a iphone 3gs 16gb os 4
it's factory unlock but i am unable to install apps which i have not download form itune store please help me to install apps
i get this error msg "the application was not installed on the iphone because an unknown error occurred (0xE8008001)
wht should i do to solve the problem
Don't Waste your Time
Just Wait for Jailbreak Release is coming soon
Don't Try Jailbreak OS4….
This might sound ridiculous but I have an iphone 3GS with the new botroom but with 3.0 OS, if I were to upgrade to IOS 4 in the near future, is it mandatory that I have 3.1.2? or can I simply upgrade directly from 3.0 to IOS 4? Any help or comments will be greatly appreciated.