If you meet all the requirements, and have lots of patience, you can follow the guide posted below to jailbreak your iPhone 3GS (with new bootrom) on iOS 4.
Warning Note: All the standard warnings apply. This is for advanced users only. Only proceed if you think you know your iPhone inside out.
Pwning 4.0 on New Bootrom 3G[S] w/3.1.2 SHSH Blobs
I wrote this all on the road with my iPad, so sorry if there is any major Grammar errors. If anyone points out any errors, I’ll fix it up. Anyways… ——- I figured making a tool would take a bit too long. So, i’m going to write up this tutorial. It isn’t recommended for regular users. **BEFORE PROCEEDING, ENSURE THAT YOU HAVE YOUR PHONE BACKED UP!** ——- WHAT YOU WILL NEED: * An iPhone 3G[S] — new bootrom * 3.1.2 SHSH blobs. * difrnt’s iBSS grabber (http://bit.ly/3QLb5S) * Payload Pwner for the 3GS. (http://www.mediafire.com/?jy0wzomw2jk) * sn0wbreeze V1.6.2 * iBooty (http://www.mediafire.com/?qwzzjhziwz0) * LibUSB (64-Bit users read carefully!!!) * 3.1.2/4.0 3GS firmware downloaded. [Download iPhone 3.1.2 / Download iOS 4.0] ——- STEP A : Grabbing your 3.1.2 iBSS file. Pointing your hosts : I : If you have your shsh blobs saved on Cydia/Saurik’s server then follow this tutorial. — http://saurik.com/id/12 II : If you have it saved with TinyUmbrella, then download the GUI here. — http://thefirmwareumbrella.blogspot.com/ ——- Restoring to grab the iBSS file. I : Place your device in DFU. II : Start up the iBSS/iBEC grabber. III : Put the save folder on a new folder on your desktop. IV : Hit "Start Monitoring". V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore to 3.1.2 in order to pwn 4.0. ——- Saving your iBSS I : After Restoring, Go to the folder that you have specified to save your iBSS file. II : You will see folders like (Per**.tmp). Go into one of them, and you’ll see a folder called "Firmware". Go there. Then go to the folder "dfu". III : Copy the iBSS file to a safe place, then you can remove the folder created by the iBSS Grabber. —— STEP B : Creating custom 4.0 firmware. I : Download sn0wbreeze from http://ih8sn0w.com and create your custom 4.0 ipsw. [How to Guide] *Ignore the warnings after browsing for the ipsw.* —— STEP C : Installing LibUSB for iRecovery Run this mini tool to detect your O/S + Arch. — Windows + Arch. Detector (http://www.mediafire.com/?imyzm2t3zam) ********* WARNING : IF LIBUSB IS NOT INSTALLED PROPERLY, YOUR USB MIGHT NO LONGER WORK! ********* Windows XP Users download this installer — LibUSB Installer (http://www.mediafire.com/?zyy0mjthhij) ********* Windows Vista/7 users RUNNING 32-Bit: * Download the installer (http://www.mediafire.com/?zyy0mjthhij) and run it in compatibility mode for Windows XP. ********* If you are a 64-Bit user, follow this tutorial – (http://bit.ly/9N423f) ********* Once LibUSB is installed iRecovery should be able to function now. ——- STEP D : Pwning iBSS + iBoot I : Download this easy tool here — Payload Pwner for 3GS // It will help you create the payloads. **SAVE THE PAYLOADS WHERE iBooty is.** ——- STEP E: iBooty Prep. Most of you know of the utility "iBooty" that I made for Aki_nG. It will work as long as you place all of the correct files there. I : Download iBooty GUI here — iBooty for 3GS (http://www.mediafire.com/?qwzzjhziwz0) and Extract it. II : Extract your Custom IPSW created by sn0wbreeze with 7-Zip or another un-archiver. III : Grab the kernelcache and bring it into the same folder as ibooty. Also grab the iBEC from the folder "Firmware\dfu\iBEC.n88ap.RELEASE.dfu" IV : * Rename your iBSS 3.1.2 signed to "ibss312.dfu" * Rename your Kernel 4.0-Custom to "kernel.40" * Rename your iBEC 4.0-Custom to "ibec40.dfu" ====== Your folder should look like this : – iboot.payload <– Created with Payload Pwner. – exploitibss312 <– Created with Payload Pwner. – ibec40.dfu <– Grabbed from Custom IPSW made by sn0wbreeze. – irecovery.exe <– Comes with iBooty. – readline5.dll <– Comes with iBooty. – iBooty.exe <– Comes with iBooty. – ibss312.dfu <– THIS NEEDS TO BE YOUR iBSS from the restore! – kernel.40 <– Grab from Custom IPSW made by sn0wbreeze. – sn0w.img3 <– Comes with iBooty. ====== ——- STEP F: Restoring to 4.0 + Booting ——- *MAKE SURE YOU ARE ON 3.1.2 WHEN DOING THIS* I : Run iBooty and Select "Prepare Device for Custom Firmware". Run the Process and if you see a snow flake, you can proceed! II : Now open iTunes and restore to the custom ipsw. ***WHEN DONE, YOUR DEVICE WILL HAVE A BLACK SCREEN AND NOT BOOT! ITS IN A DFU LOOP [THIS IS NORMAL!]*** ——- STEP G : Booting I : Just Re-Run iBooty and select "Boot It". If all goes well it will boot! ——- Enjoy! ——-
Again, this is currently for iPhone 3GS with new bootrom only. Apparently, a similar guide for iPod touch (MC models) and iPod touch 3G is also in works. Oh and a tool to automate all this procedure will be released (no ETA) some time later. Stay tuned for more!