Apparently, an ex-Apple employee has managed to successfully jailbreak iPhone 3GS on iPhone OS 4 Beta. The redsn0w 0.9.5 jailbreak tool for iPhone OS 4 currently works on iPhone 3G only. The support for other iDevices will naturally follow once Apple releases iPhone OS 4 at WWDC. But KaatjeNL’s jailbreak method works on iPhone 3GS too. And the best thing about it is that it doesn’t upgrade your baseband, which means you can enjoy iPhone OS 4, fully jailbroken on the older baseband with an unlock using ultrasn0w.
This feat has been achieved by patching various files in the firmware and then cooking a custom firmware (just like how PwnageTool and Sn0wbreeze does) to restore it using iTunes on iPhone 3GS, hence keeping the older baseband intact.
This is a work in progress but I thought I would share the results so far. Cydia still has some issues, many applications install but crash, some examples include mobileterminal, sbsettings, five icon dock. I did this only to hopefully motivate the developers to get their applications ready for 4.0 as it is coming very soon and the last thing we need in the community is to have repos full of broken apps! I accomplished this by patching asr, lockdownd, LLB, iBEC, IBSS, iBoot, kernelcache, MobileSafari, Services.plist, and fstab. The binaries were patched with IDA Pro and OxED and were then diffed against the original pwned files with bsdiff to create patch files. I then took the diff files and built a firmware bundle that I dropped into Pwnagetool and updated the cydia tree within Pwnagetool as well. Once this was done, I created a custom ipsw with Pwnagetool, unzipped it, applied a pwned LLB from a pwnagetool generated 3.1.3 ipsw, zipped it back up and restored to my device. At this time I am unable to get my T-Mobile NL sim to work so I downgraded back to 3.1.3 after playing around with 4.0 for a while. I look forward to the release and the official unlock from the Dev-Team. Many thanks to @p0sixninja for many hours patiently showing me the tricks and tips of jailbreaking 4.0b3 and then setting me out on my own to do beta 4. Without his tutelage, this would not have been possible
There is no ETA (Estimated Time of Arrival) on release. This method will probably be integrated in the next version of PwnageTool to jailbreak the final version of iPhone OS 4.
In the meantime, If you are on iPhone OS 3.1.3, you can follow our step by step guides to jailbreak iPhone 3GS with Spirit here, iPod touch 3G untethered here, and iPad on OS 3.2 here. You can also use redsn0w 0.9.3, redsn0w 0.9.4, sn0wbreeze, PwnageTool 3.1.5 to jailbreak iPhone and iPod touch. Unlocking can be done using ultrasn0w or blacksn0w.