Ok guys.. Mac version of the guide is now up! (Windows version can be found here) The requirements though as mentioned earlier remains the same. You will need a iPhone 3GS (with new bootrom) on iOS 4, which has SHSH blobs saved for iPhone 3.1.2. Some other important notes about the jailbreak are as follows.
1) it is a tethered jailbreak (whenever you turn off your phone, you will need to re-connect it to a computer to be able to turn it back on) and
2) it will only work for those devices which have their SHSH blobs (ECID SHSH) files for 3.1.2 (NOT 3.1.3) saved on Cydia.
If you meet all the requirements, and have lots of patience, you can follow the guide posted below to jailbreak your iPhone 3GS (with new bootrom) on iOS 4.
Warning Note: All the standard warnings apply. This is for advanced users only. Only proceed if you think you know your iPhone inside out.
Pwning 4.0 on New Bootrom 3G[S] w/3.1.2 SHSH Blobs [Mac]
Credits to iH8sn0w. Thanks to lilstevie for help.
Required:
libusb-1.0
xpwntool
iOS 3.1.2, 4.0
iOS 3.1.2 SHSH blobs
Download this (http://www.mediafire.com/?mmn1nnjlqoy)
STEP 1 : Grabbing your 3.1.2 iBSS file.
Pointing your hosts :
I : If you have your shsh blobs saved on Cydia/Saurik’s server then follow this tutorial. — http://saurik.com/id/12
II : If you have it saved with TinyUmbrella, then download the GUI here. — http://thefirmwareumbrella.blogspot.com/
——-
Restoring to grab the iBSS file.
I : Place your device in DFU.
II : Start up the iBSS/iBEC grabber.
III : Put the save folder on a new folder on your desktop.
IV : Hit "Start Monitoring".
V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
STEP 2: Creating your custom firmware
Use Pwanage Tool (blog.iphone-dev.org) to create a custom ipsw ignore the warnings about the new bootrom.
STEP 3:
Extract the zip file we downloaded earlier and use terminal to enter it
STEP 4:
Create a new folder inside this called 3.1.2 and extract your 3.1.2 ipsw here (unzip *.ipsw in terminal)
STEP 5:
Use xpwntool to patch iBoot & iBSS (run this in terminal)xpwntool Firmware/dfu/iBSS.n88ap.RELEASE.dfu ibss.d -iv 41639d34547ae3dd7921bf3539dba529 -k 9121de4a038675d92e1a28683b2138b7a3bdb80994273d090398051c7f5af53c; bspatch ibss.d ../exploitibss312 ../ibss.patch; xpwntool Firmware/all_flash/all_flash.n88ap.production/iBoot.n88ap.RELEASE.img3 iboot.d -iv 127aa60e77da219961ee70707f44cbd4 -k c72ab4aae971f3a9ec356dfe555e4aef72d8e96c480698445ac236904e6a3443; bspatch iboot.d ../iboot.payload ../iboot.patch; cd ..; rm -rf 3.1.2
STEP 6:
Create a folder called 4.0_cust inside 4.0_pwn and enter it with terminal and copy your custom 4.0 ipsw here.
STEP 7:
Extract your custom ipsw (unzip *.zip)
STEP 8:
Run the following in terminal:cp kernelcache.release.n88 ../kcache.40; cp Firmware/dfu/iBEC.n88ap.RELEASE.dfu ../iBEC.40; cd ..;
STEP 9:
Copy your signed iBSS from earlier into 4.0_pwn
STEP 10:
Place your device in dfu mode (power home for 10 seconds, release power keep holding home (blank screen and itunes asking to restore).
STEP 11:
Run the following in terminal:./irecovery -u ibss312.dfu; ./irecovery -r; sleep 10; ./irecovery -e exploitibss312; ./irecovery -u iBEC.40; ./irecovery -c go; sleep 10; ./irecovery -u sn0w.img3; ./irecovery -c "setpicture 0"; ./irecovery -c "bgcolor 1 1 1";
STEP 12:
Restore your custom 4.0 ipsw
Booting your device:
Run the following in terminal (once in the 4.0_pwn directory):./irecovery -u ibss312.dfu; ./irecovery -r; sleep 10; ./irecovery -e exploitibss312; ./irecovery -u iBEC.40; ./irecovery -c go; sleep 10; ./irecovery -u sn0w.img3; ./irecovery -c "setpicture 0"; ./irecovery -c "bgcolor 1 1 1"; ./irecovery -u kcache.40; ./irecovery -c bootx;
iTunes will detect your device several times before it boots.
PS: When i wake up i will write a script to automate most of this.
Once you have jailbroken your phone, you can unlock it using ultrasn0w 0.93 (on any baseband), guide for which is posted here. [via OpenPwn]
You may also like to check out:
- iPhone 4 Jailbroken Already !
- How to Jailbreak iPhone 3GS on iOS 4, which is already Jailbroken Using Spirit with Spirit2Pwn
- How to Unlock iOS 4 with Ultrasn0w and Blacksn0w on 05.13.04 Baseband [Guide]
- How to Jailbreak iOS 4.0 on iPhone 3GS, iPhone 3G and iPod touch 2G using Redsn0w, PwnageTool 4.0 (Windows)
You can follow me on twitter or join our facebook fanpage to keep yourself updated on all the latest jailbreaking and unlocking releases.
