Spirit2Pwn: Hack Allows Users To Update And Jailbreak iPhone 3GS With iOS 4, Which Is Already Jailbroken Using Spirit [Updated]

Spirit jailbreak ported to Linux

Things have got quite complicated and confusing for users who want to jailbreak their iPhone after Apple released iOS 4.

Currently it is possible to jailbreak iOS 4 for iPhone 3G and iPhone 3GS but in case of iPhone 3GS, there are still some ifs and buts.

You can only jailbreak iPhone 3GS with an older bootrom only if you’ve already jailbroken your iPhone 3GS but haven’t used Spirit to jailbreak it.

Update: ModMyI is reporting that Spirit2Pwn is not developed by Gojonnyboi and is probably fake. 

iPhone hacker by the handle, Gojohnnyboi has just released a hack called Spirit2Pwn to patch Spirit jailbreak so that users who have jailbroken their iPhone 3GS using Spirit can also jailbreak it using PwnageTool or Sn0wbreeze.

Please note that this won’t work for iPhone 3GS with newer bootrom.

You can follow these steps to install the Spirit2Pwn hack:

  1. Please don’t forget to backup your iPhone before you proceed. You can refer to this post for instructions on how to backup your iPhone 3GS.

  2. We haven’t been able to test it out so please proceed at your own risk.

  3. Launch Cydia on your jailbroken iPhone 3GS with older bootrom. You can use F0recast to find out if your iPhone 3GS has newer or older bootrom. Please DO NOT install Spirit2Pwn if you have a newer bootrom as it could end up bricking your iPhone.

  4. Tap on the Manage tab at the bottom and then tap on Sources.

  5. Tap on the ‘Edit’ button and then on ‘Add’ to add the repository required to install Spirit2Pwn.

  6. Then add the repo http://repo.woowiz.net to Cydia.

  7. Search for ‘spirit2pwn’ in Cydia and tap on Install to install the hack.

After Spirit2Pwn is installed, you should be able to use PwnageTool for Mac Users and Sn0wbreeze for Windows users to create the custom iOS 4 firmware file to update and jailbreak your iPhone 3GS (old bootrom) that was previously jailbroken using Spirit with iOS 4.

Please drop us a line to tell us how it goes.

Update: ModMyI is reporting that the Spirit2Pwn hack is not developed by Gojonnyboi and is probably fake. But surprisingly it seems to have worked for some of our readers. It looks like the developer of the hack used the img3flasher program that was developed by Gojonnyboi and msft.guy, which helps flash firmware images into nor. So its not clear if it is fake. We would recommend users to avoid it until we get more clarity. Thanks everyone for your comments.

Stay tuned here at iPhone Hacks or follow us on Twitteror subscribe to our RSS feed.

[via RedmondPie]

Like this post? Share it!
  • ninja

    can you clarify what bootroom is new and old now, is 5.12 (on 3.1.3) what your saying as new? Just its more confusing as iOS4 is 5.13 now? i think the numbers are right, if not you know what i mean.

  • Symph

    About time!!! WIll be trying this soon

  • New Bootrom

    What? what's the point of this hack? LOL

  • sam

    which boot rom is this on my 3gs? using forecast my bootloader is 6.4, model number is MB716LL, and first 6 digits of my serial is 880245. Can I use this hack. thanks

  • Nightedge

    When will they make one for dumb people like me who didn't wait and updated to the os? I'm on a 3GS old bootrom. Any info thank you!

  • Ricardo

    Yea! "Can you clarify what bootroom is new and old"?

  • n00b

    You need to find the serial # for your iPhone. To do this go to Settings->General->About. The important digits are the 3rd, 4th, and 5th digits. The 3rd digit indicates the year it was made. For example, 9 for 2009 or 0 for 2010. The 4th and 5th digit tell what week of that year it was made. An old bootrom is before the 40th week of 2009. So, if it's below "940" then it is an old bootrom. If it's after that, then it's a new bootrom (like when the 3rd digit is 0).

  • Rolf

    Hello how about the jailbreak and unlock of the iphone 4 with baseband 01.59.00 .?
    Are some informations?
    Best regards


  • nomos

    now, please help dumb ass like me who upgraded 3gs, with new botroom and jailbroken with spirit, to ios4. thank you!!!

  • simon

    please i have iphone 4.can it be jailbreak,please tell me

  • 3GS/old bootrom/iOS4…. tried Snowbreeze & had to upg because of 1604 error that NO ONE FIGURED OUT! where is the new spirit?

  • Rolf

    What about this GoldRa1n is it able to unlock the iphone 4 ?

  • Confusing.. do we need to install both JBs . Spirit and Spirit2Pwn?

  • Karman

    Has anyone attempted this yet? If so can you please post your results!


  • gmack

    I tried installing the 'Spirit2Pwn' from Cydia, but it failed several times.

    Keep trying boys!

  • tanbouz

    hey i dont under stand
    when i use the f0recast to know what is my bootrom is
    it says that am not tethered
    but the new tool from ih8sn0w ( idetector ) says that am a new bootrom so please any one can help me to understand or what is the trusted tool ??? i cant even use my iphone sence febrewary :S:S its stucked on the emergency call logo :S:S

  • dre

    this spirit2pwn works! =] sp happy now =]]]]

  • Nightedge

    Please clarify in more detail! If it not for updated os for the 3GS than state cause we are causing a lot of confusion!

  • The subject line says it all.

    You need a jailbroken iPhone to install Spirit2Pwn. So this won't work if you have updated your iPhone 3GS to iOS 4. We'll let you know when its possible so stay tuned.

  • me

    wth this post doesnt make sense, its telling you to jailbreak through a jailbroken phone. when ur iphone is jailbroken, then only you can use cydia. but at the end it says now you can jailbreak through pwnagetool :S can someone please explain CLEARLY!?

  • Sorry for the confusion.

    You essentially need a jailbroken iPhone 3GS (on iPhone OS 3.1.3 or iPhone OS 3.1.2) to update and jailbreak iPhone 3GS with iOS 4. We've updated the post to specify that after you install the hack, you can use PwnageTool for Mac and Sn0wbreeze for Windows to create the custom iOS 4 firmware file to update and jailbreak your iPhone 3GS (old bootrom) that was previously jailbroken using Spirit with iOS 4.

  • simon

    i have 3gs 3.1.3 jailbroken with spirit.i just add download the spirit2pwn in cydia.its didn't do anything.what spirit2pwn suppose to do.

  • After Spirit2Pwn is installed, you should be able to use PwnageTool for Mac Users and Sn0wbreeze for Windows users to update and jailbreak your iPhone 3GS (old bootrom) that was previously jailbroken using Spirit with iOS 4.

  • Rawly


  • simon

    so if i go upgrades to 4.0 and i can jailbreak it and unlock it right.

  • rawly

    Can someone give me a basic answer, why would you want ios4 on a 3GS
    does it give you the facetime software?
    I know the 3GS does not have the hardware (front facing cam)
    But why would u want to upgrade?

  • Viktor

    THAKS A LOT!!!!

  • Andyman

    Can the phone be unlocked with this method????

  • Viktor

    sure after upgrade instal ultrasn0w
    and youll be unlocked

  • joe

    please can someone help me i have a 3gs with ios 4 installed. but i dont have a utilities fold on it how do i get the fold. any info please.

  • joe

    folder sorry.

  • AvionicZ

    Hey Fucktards, if there was a Jailbreak for the iPhone4, don't you think they would have posted it front and center for everyone to see. Durrrrrr Rolftard! So if anyone asks again about the iPhone 4, I hope you get pancreatic cancer of the tongue!!! Mostly it's you half English knowing foreign fucks. So while your sitting there with a hearty plate of goat testicles, eating lunch, stay on google news and keep typing in "iphone4 jailbreak" and refresh every 10 minutes until the fucking jailbreak appears there. Stop typing your inane goony goo goo language here!

  • Alex

    It seems that some kind of a spirit jailbreak for iOS 4 is just a matter of time.
    If you follow planetbeing on tweeter (one of the guys from the dev team and the one that put android on the iphone), a bootroom level jailbreak is on the way (android on iphone 3gs and 4?).. so relax and wait!

  • Rolf

    Hey AvionicZ
    So du Arsch i bi di ganz zit fründlech gsi! I gloub du hesch es psychischs Problem mit we eine haut echli fähler schribt.Das isch kei grund unfründlech zsi.My Englisch is not so god but is your swiss german better?
    What is (inane) best regards Rolftard 🙂

  • Madblaster6

    Did it before this post came out with sn0breez instructions. Worked great.

  • sharvihani@yahoo.com

    plse verify ur frimware is 5.12 it's ok for me try it

  • sharvihani@yahoo.com

    new is direct apple iOS4 update frimware old is with 3.1.3 jailbreak with spirite

  • Robinho

    It's worked with me
    Thanx guys!

  • I used the instructions and my 3Gs came out great no probs

  • D3@th


  • Joe

    http://repo.woowiz.net does not download or fails to download.Is there another source?

  • Rolf

    Hallo D3@th
    Be carefull with iphone 4 Questions ! Here are Crazy People .
    Sow i am not alone searching a iphone 4 unlock and jailbreak.
    Best Regards

  • Joe

    what I mean is it stays on the Downloding Packages screen but it does not respring and after a few minutes i press home button and resping it with Respring App and the woowiz source does not appear on the manage tab

  • wolverinemarky

    other sites are reporting spirit2pwn as being a fake and shouldnt be installed or ran just a heads up the dev that supposedly made it says on twitter that he didnt make it at all and thats its a fake

  • D3@th

    Sorry mate but i've become tired of this situation! They're only working on previous models jailbreaks and unlocks because they just can't unlock the new one! That's driving me insane! We deserve something too don't we???

  • Orla2bory

    Hey I have a problem, mi iphone 3gs jailbreak with spirit and install the Spirit2Pwn and later te iphone screen its turn black … I try to restore and its not working , error 28 … Please some body tell what happen or tell me the solution …

  • Rolf

    Yes you are wright 🙂 sorry for future writing faults:-) I have my iphone 4 since 1 week and my iphone 4 is great the only problem is no phone calls
    And SMS .I am in switzerland with a iphone 4 locked with AT&T in switzerland a factory unlocked iphone cost 1400 swiss francs that is to mutch for me ! Sow i buyd one in usa for 800 dollars and now its only normal that i am hoping of a unlock .

  • amalio

    I have been trying for two hours to get it to finish restoring and its at the tip of the white bar on my iphone 3gs old bootrom but just WONT complete the restore!!!!!! Anyone have the same problem or any suggestions!?!?

  • endri


  • Spirit2Pwn is FAKE!!!! DO NOT INSTALL. DO NOT!

  • Brian Hernandez

    ok i did the install used pawnage to jailbreak but im getting error 1600 ? am i doing something wrong please help

  • Brian hernandez

    im sorry i have a iphone 3gs that was jailbroken with spirit older bootrom on 3.1.3 i downloaded the spirt patch that suppose to let u do the pawnage jailbreak i did all the steps but getting error code should i keep trying to jailbreak using pawnage please help

  • iPhonw User

    Worked like a charm!!! I got my Spirit Jailbroken 3GS now on 4.0 jailbroken. Can't be happier!!! Thanks!!

  • tanbouz

    its fake guys i just read it on modmyi.com 😉

  • Azures

    For 3GS users.. I using forecast to determine my boot rom version only to get the "i don't know" answer…"Depends on if it was refurbished" I used the 'long' method to find out what bootrom version i have, and it is a lot more accurate than forecast is. Turns out that I have the newer bootrom. Looks like us new bootrom people have a long wat ahead of us. How to find your version here.. http://www.ihackintosh.com/2010/06/how-to-check-iphone-3gs-bootrom-version/

  • wolf39us

    Didn't work… iPhone 3G[S] Old Bootrom

    Froze at "Preparing iPhone for restore" … eventually errored with a 1600

  • John

    even if it fake how come it work for me? I try many time before this hack and it work on my first try.

  • akakig

    I'm doing it now it is 8:44pm in toronto
    i'll report back soon !!!

  • gotojanoo

    Noway they pull that out no more spirit2pwn

  • akakig

    WTF ??? i think it works :ooooo
    BUT !!! :
    DFU mode gave me 1600
    now i'm in just recovery mode and it went on and writes firmware,lets see what will happen

  • akakig

    guys…… it worked, it friggin worked !!!!!!!!!!!!!!!!
    now i'm in restore mode to put my old stuff in,
    used :
    itunes 9.2
    restore mode (screen with iphone plug)
    3gs old bootrom,
    from 3.1.3(spirited) to 4.0 i guess it is spirited

  • akakig

    oh yeah time is 9:03 pm

  • Jip

    This is awesome. I'm also on 3.1.3 3gs jailbreak by Spirit (old bootrom). have been trying to upgrade but not successful.

    This fixes the problem (i used to get 160x errors on iTunes). Now i'm on 4.0 and can also unlock with ultrasnow.

    Great job and Thanks!

  • Raul


  • Vinny.

    Just confirming that it works.

    I have previously had a Jailbroken 3GS on 3.1.3 by Spirit. Using this guide, I have successfully Jailbroken to iOS 4.0. Thank you, masked crusader.

  • j

    if you have previously register your 3.1.3 jailbreak with cydia you can downgrade your ios4 back to 3.1.3.

  • j

    USE Sn0wbreeze/PwnageTool to create the custom firmware for your upgrading..

  • hav0k

    ih8sn0w can jailbreak 4.0 on a 3GS (new bootrom) although its really tedious but worth it.
    Follow the instructions carefully to jailbreak it


  • Edisson

    don't work i get error (1600)

  • Edisson

    please hell me

  • KWD2010

    Worked on mine perfect…

    Have old bootrom and jailbroken with Spirit.

    When to repository and downloaded the Spirit2Pwn and installed it. After this, used Snowbreeze 1.6.2 to create the custom firmware on iOS4.

    What I did then was just connected it to iTunes, but I DIDN'T put the phone in DFU mode OR Recovery mode.

    With the phone connected to iTunes, I just hit the SHIFT and clicked on Restore… Navigated to my custom firmware and it updated it fine…. But it does not update your baseband, so I'm still on 05.12.01.

    So currently now on iOS4, Jailbroken, Unlocked

    For anyone who is having problems, please try restoring when the phone is idle and don't put it in DFU or Recovery Mode.

  • Robinho

    My iPhone is 3GS (old bootroom) already jailbroken with spirit on version 3.1.3

    and now i successfully upgraded it to 4.0 by custom firmware from sn0wbreeze 1.6.2, so even it's FAKE as what you said it's worked at the end

  • anon


  • Edmund

    Iphone 3gs (old bootrom)FW 3.1.3 Spirit JB

    Restore to ios4 using this method with no problem.
    But alot of cydia applications still not compatible.

  • Jan

    Worked for me too – thanks for the suggestion to skip DFU and restore directly form iTunes when iPhone is conceded and idle.

    When installing spirit2pwn in Cydia a mine got stuck at the reloading screen as well, but I just restarted the phone and it worked.

  • Vichi

    why DFU NOOB?

  • Edmund

    Please ensure that you create the custom firmware correctly when it asks you whether to activate your iphone.
    if you got it wrong then there will be error and no carrier network at all.
    I got it wrong at first try so i create again this time with "NO". Shift restore and i successfully upgrade to ios4 with no error.

  • jimjack@yahoo.om

    make sure phone is recovery mode (shows plug) and not DFU mode. that was what I did wrong. to get to recovery mode: turn off iphone by holding down power button and swiping to turn off. plug into computer, hold down home button until it shows plug. then run restore in itunes. yay!

  • akaki

    recovery mode !

  • I read about this somewhere else where they said this is for 3GS with NEW bootroms. So I installed this in Cydia and now my iPhone 3GS (5.12 bootrom) is in DFU loop. And nothing helps.

    iREB doesn't seem to recognize it or see it's there, iRecovery (windows version) can't connect to it ("could not claim interface").
    iTunes won't restore the device either. Even when I try to upgrade to iOS4 – it won't. It gives me a "error 28". I've tried several different PCs.

    I am totally frustrated and hoping for a kind (and knowledgable) person to help me out here. Does anyone have an idea what to do?

    I do have a backup of my SHSH file, but only from 3.1.3 (not 3.1.2). Thanks in advance.

  • rocky

    my 3gs was jailbreak using spirit, and unlock using ultrasnow. if i want to check what version is my bootrom using the dfu mode. is it ok to do it? thanks

  • Mrniceguy

    i had the same issue but you should have tried black rain again i did that and got out of upgrading

  • mrniceguy

    I attempted this with an old bootrom 3gs made a custom firmware for os4 but got unknown errors i had a previous jb with black rain on 3.1.3 and had to rerun blackrain to avoid upgrading to 4.0

  • mrniceguy

    so is this doable if i have a previous jb using black rain? i seem to meet all the other needs

  • moronFighter

    Besides the racist tone of your comment, which says much about your intellect (or lack thereof) in general, you should make some attempt to master the English language a bit better yourself. All day long I see maddening evidence in forums of people who missed the day in school when they explained the difference between "your" and "you're". You're no exception to the other idiots. These are different words with entirely different meanings. Look it up…YOU'RE going to find that YOUR use of the English language is no less goony goo goo.

  • moronFighter

    By the way…that comment was @AvionicZ

  • Brian Hernandez

    @jim john thanks bro that worked im jailbroke and unlocked on the 4.0os now

  • KWD2010

    Just download F0recast mate and apparently if it says 'Tethered = No' I think it means you have the old bootrom…

  • SJ

    Hi…just wanted to let everyone know that I tried this patch and it worked. I am now running IOS 4.0 on my 3GS. My previous firmware was 3.1.3 and the baseband was (and still is) 05.12.01. Please note that I have the OLD BOOTROM 359.3. Found it out by following the method here (http://tipsneeded.com/find-bootrom-version-iphone-3gs/)
    My 3GS was jailbroken with SPIRIT and unlocked at 3.1.3 with ultrasn0w 0.93.
    The following were the steps I took:
    1) Open Cydia add the source (repo.woowiz.net)
    2) Click on the source after installation and scroll down to spirit2pawn
    3) Install spirit2pawn
    4) Follow the procedure to create the custom IOS 4.0 firmware (I used Pwnage tool on my Mac) or find an already created custom firmware for IOS 4.0
    5) Restore using iTunes 9.2 (be sure to use the custom firmware saved on your computer…you access it on the Mac by using the Alt-Option key and clicking restore in iTunes)
    6) After restore I ran ultrasn0w 0.93 to unlock
    7) The end result…running IOS 4.0 with 05.12.01 baseband…I had some issues with the signal, but later realized that I had to do the unlock in order to use T-mobile

  • i was on 3.1.3 j/b with Spirit but still on the old bootrom. i thought black rain was only for 3.1.2.

  • iPhone User

    It's worked for me. I have a 3GS 32GB jailbroken iOS 3.1.3 with Spirit. It has the old bootrom. I used iDetect to check it. Following the instructions, the process went smoothly without a hitch.

  • Jip

    aftaer testing this a couple of days, noticed my PUSH NOTIFICATION doesn't work.
    Has anyone experienced this?

  • Ive tried the above and it worked for me.

    I was running 3.1.3 on 3GS (jailbroken with spirit) with old bootrom.

    Downloaded spirit2pwn on saturday night when i read about this. Then simply restores my iphone to a pre-cooked iOS4 which a friend already had.

    So all good for me except youtube doeant swem to be working

  • akaki

    hi guys, after jailbreak when i receive call i cannot see buttons like keypad and mute and stuff … anyubody has same issue ?

  • Akaki

    Didn't get what u mean

  • Webenjamin@gmail.com

    Works fine for me as well using the same procedures mentioned by SJ.

  • Motorola VE440:
    If you have a Jailbroken iPhone 3G at 3.1.2 (but not jailbroken with Spirit) then you should create the ipsw with PwnageTool 4.0 and restore from recovery mode or DFU mode.

  • ali_tamimi@live.com

    please someone help i did this and know my iphone doesnt turn on or restore

    Launch Cydia on your jailbroken iPhone 3GS with older bootrom. You can use F0recast to find out if your iPhone 3GS has newer or older bootrom. Please DO NOT install Spirit2Pwn if you have a newer bootrom as it could end up bricking your iPhone.

  • Chase

    Mb old mc new u have mb so u r ok to use this hack

  • zen

    MB is old bootrom

    MC is new bootrom

  • Rob

    He also mentioned pancreatic cancer of the tounge how do you get that they are two totally different organs what an a**

  • This isnt fake and does work i tried it just now =D

  • mjpoetic

    Spirit2pwn worked here too! After being VERY VERY cautious and researching/fact checking as to how real it was, I took the plunge and all is well!! At least, so far so good anyway

  • jawad

    MC and MB does not apply for iphone 3gs thats only for ipod touch…. dont misguide people if u do not know..

  • Lucas

    Get a refund and buy one in Canada at launch they are factory unlock for same price

  • MIKO


  • miko

    please help,,,,
    My Iphone 3GS went to DFU loop(black screen)when i used spirit2Pwn. once i dowonloded this file from, my iphone went directly to dfu loop.
    when i connected to itune i am trying to resore with the original software, itune message comes and say error 28. i tried many other stuff like irecovery but i coldnt solve my problem. pleasei need your help guys
    iphone 3gs 3.1.3 old bootrom jb by spirit , and unlocked by ultrasnow.

  • jwchips

    It's been a while since I left the iCommunity but as far as I remember it goes like this:

    1. Bootrom. 2nd letter of model number. E.g MAxxx/MBxxx = OLD bootrom. MCxxx = NEW bootrom

    2. Baseband. You say baseband, I say radio. This is the 5.1x.xx.xx that handles the phone calls and other functions. This is what you need to patch to UNLOCK you phone. Ipod Touch's do not have basebands.

    3. Firmware. This is the iOS, latest version 4.0.1. This is what you must patch to JAILBREAK your phone.

    Hope this clears things up. If I'm wrong, flame away.. I'm a WinMo user now!

  • Stanley

    Hey I have a problem, mi iphone 3gs jailbreak with spirit and install the Spirit2Pwn and later te iphone screen its turn black … I try to restore and its not working , error 28 … Please some body tell what happen or tell me the solution …

  • Joey G

    Ok, so i have a 3gs old bootrom, ( to check you use idetector) and it was on 3.1.3 jailbroken and unlocked with spirit. i then installed spirit2pwn and went into recovery mode and restored with my custom ipsw from sn0wbreeze. IT WORKS. if you need help you can email me (pkeliscool@hotmail.com)

  • Joey G

    did you have the old bootrom? after you installed it, you need to go to recovery mode and restore to the custom ipsw. worked for me

  • MIKO

    yes i do have the old bootrom, but after i installed the spirit2pwn from cydia. i left on my desk for like 3 minutes. then when i went to restore it with new software, i found my iphone dead with black screen. when i connect it to the itune it shows this fone in DFU mode.
    i even tried to restore it with the apple software but it give me error 28.
    help please, also i have question if my iphone was by mistake has the new bootrom. is that means my iphone is dead forever, or there is a possible way to have it back?

    • GORAN


  • paul

    This worked. I had a 3gs old bootrom running 3.13 with a Spirit jailbreak. i tried for a week to restore a custom firmware with Pwnage tool on mac with no luck. Kept getting error 1600 and 1604. After installing this patch, it worked perfectly the first time! Woo Hoo!

    I used pwnage tool 4.1 with this guide: http://www.redmondpie.com/how-to-jailbreak-iphone-3gs-on-ios-4.1-with-pwnagetool-guide/

  • Yoegyu

    Rong.. mine 3GS is on new bootroom and has 013 …so…check this: http://www.redmondpie.com/how-to-check-iphone-3gs-bootrom-iboot-version/


    THOSE WHO WHOse iphone is new br BE AWARE WITH THIS


    IF U R IPHONE 3GS WITH NEW BOOTROOM install spirit2pwn= erorr 28 =internal failure DO NOT