How to Jailbreak Your iPhone 3GS Using PwnageTool (Mac) [4.1]

POST

MAIL

Posted October 20, 2010 at 12:48pm by iClarified

These are instructions on how to jailbreak your iPhone 3GS on iOS 4.1 using PwnageTool for Mac.

Step One
Make a folder called "Pwnage" on the desktop. In it, you will need a couple of things. PwnageTool 4.1, found here

You will also need the 4.1 iPhone firmware.
4.1.0 (3GS): iPhone2,1_4.1_8B117_Restore.ipsw

When downloading the IPSW file, it is best to download it with Firefox since Safari often auto extracts it!

How to Jailbreak Your iPhone 3GS Using PwnageTool (Mac) [4.1]

Step Two
Double click to mount PwnageTool then drag the PwnageTool icon into the Pwnage folder.

Then from the Pwnage folder double click to launch the PwnageTool application.

Click Ok if presented with a warning.

Step Three
Click to select Expert Mode from the top menu bar

Step Four
Click to select your device. A check-mark will appear over the image of the device. Click the blue arrow button to continue.

Step Five
You will be brought to the "Browse for IPSW" page. Click the Browse for IPSW... button.

From the popup window select your firmware from the Pwnage folder then click the Open button.

Step Six
You will then be brought to a menu with several choices. Click to select General then click the blue arrow button.

The General settings allows you to decide the partition size. Check Activate the phone if you are not with an official carrier then click the blue arrow button.

NOTE*: Deselect Activate if you have an iPhone legitimately activated on an official carrier.

The Cydia settings menu allows you to create custom packages so you do not have to manually install the necessary them later.

Click to select the Download packages tab. Then click the Refresh button to display all the available packages. Double clicking the package you want will download it and make it available in the Select Packages tab.

Checkmark the ones you want then click the blue arrow button.

The Custom Packages Settings menu displays listed package settings for your custom IPSW. For know leave these settings as is. Click the blue arrow button to continue.

Step Seven
You are now ready to begin the pwnage process! Click the Build button to select it then click the Blue arrow button to begin.

Step Eight
You will be asked to save your custom .ipsw file. Save it to your Pwnage folder you created on your Desktop.

Your IPSW is now being built. Please allow up to 10 minutes.

You will be asked to enter your administrator password. Do this then click the OK button.

Step Nine
Once your ipsw has been built you will be asked to connect your iPhone to the computer. Once it detects your device PwnageTool will guide your through the steps to putting your iPhone into DFU mode.

Press and hold the power and home buttons for 10 seconds.

Then release the power button and continue holding the home button for 10 seconds.

Once your iPhone is successfully in DFU mode, PwnageTool will prompt you to launch iTunes.

Step Ten
Once In iTunes, hold the Alt/Option key and click Restore.

Step Eleven
Navigate to the Pwnage folder on your desktop using the dialog window that appears. Select the custom IPSW that was created and click the Choose button.

Step Twelve
iTunes will now restore the firmware on your iPhone. This can also take up to 10 minutes. Once done you will be rebooted into jailbroken iOS 4.1!

***THANKS: Thank you to Geohot and the Dev-Teams for their hard work in making this jailbreak and tutorial possible!

Follow iClarified

dunno78 - December 13, 2010 at 5:04pm

Old bootrom unlocked 3GS currently on 4.0.1 -- when I try to restore to a pwnage tool cooked 4.1, using the Pwnage Tool and ipsw links above, iTunes says my device is not eligible for that build. I see in other sites that some people recommend UNchecking the "Activate this phone" in expert mode -- if I do that, will I lose my ability to unlock with Ultrasn0w?

Reply · Like

Slyppry - November 16, 2010 at 11:43am

I am lost. I have an iBook running Leopard 10.5.8, running the new Pwnage Tool, trying to upgrade a 3gs new bootrom to 4.1 from 4.0 without updating the baseband. I cooked the firmware with PT and followed the steps for the DFU Mode within PT. Problem is, on the step where you are holding only the Home button, it only counts to 6 and then stops. The iphone itself starts up on its own shortly after that, normal startup. If I keep holding the Home button, after PT stops counting at 6, the iphone goes into Recovery (?) where it shows the screen to connect to itunes and itunes opens automatically, saying it detected an iPhone in recovery mode and that it needs to be restored to continue. I thought that it worked! WRONG. I continue to follow the directions, holding the alt/option button while clicking restore, selecting the custom fw, and itunes looks like it is going to work, puts the iphone in dfu (Black screen) but then pops up with error 21. I have to use TinyUmbrella to kick it out of recovery mode. I have tried this about 15 times, I have also cooked the firmware a total of 3 times, thinking maybe it was just a software glitch. I tried putting the iphone into DFU myself. I have tried the Pwnage Tool DFU button so many times that I can hear that beep in my sleep. I have tried using the custom fw on my PC to do the restore, no luck, same error 21. Any and all help would be greatly appreciated. iPhone 3gs, Model MB716LL, currently on iOS 4.0 (8A293) trying to upgrade to 4.1.

Nick - November 2, 2010 at 4:17am

After done restoration i got error 29, and the phone booted itself into recovery mode. So i use tinyumbrealla to kick out and get into springboard. However, my phone 3gs 16gb on baseband 05.11.07 with old bootroom without SHSH saved on cydia, restarted itself every 3-4 minutes. I've been stuck in this loop for a few days already. Any help would appreciate.

luck - November 1, 2010 at 1:24am

will this work on my 3gs 5.11 baseband?

jackjohn - October 31, 2010 at 9:21pm

hi, after following the instructions, i have the cydia app on my phone but when i try to open it, it just opens and closes. please help!!

iPPLE - October 27, 2010 at 12:41am

Hi All, I'm having problem with 3GS 4.1 custom restore cooked by Pwnage 4.1.2 . The process of restoring almost done, but the phone stop responding for too long. Anybody having the same problem ? Thanks

Jay - October 29, 2010 at 2:01pm

try to disable 'activation' when you create ispw. that worked for me. (before that, I spent almost 10 hours to figure out!)

brian e - October 29, 2010 at 5:27pm

Similar issue with 3gs (same 4.1 custom restore by 4.1.2 pwnage). Gets stuck on 'preparing iphone ..' then after 4 minutes or so gets a 16xx type error.

brian e - October 29, 2010 at 5:34pm

I've tried on three separate computers and differing usb connection / cables. Starting to think that it is the ipsw file from apple.

rbr04 - October 25, 2010 at 10:03pm

Tried to Pwnage, got 1600 error or 21 error. Rebooted and DFU again, still the same problem. Phone was locked in DFU mode. Switched it to Recover mode. Used TinyUmbrella to kick it out of Recover mode and it worked. However, lost Wifi access. Turn Wifi on, joins network without a problem but does not transmit/receive. (no icon either). I have another 3GS that is accessing the wifi network. 2 questions, 1st any help in getting wifi back. 2nd, tried the suggestion of rebooting and DFU but still got error any suggestions. Even tried DFU and moving custom file to a windows computer to finish installation. I cannot uncheck activate because I do not want to upgrade the baseband.

iPPLE - October 27, 2010 at 12:50am

Hi rbr04, i had this error once. because i didn't use Pwnage to enter to DFU Mode. so you need to enter into DFU Mode by using Pwnage and then try to restore in iTunes.

Solidst8 - October 24, 2010 at 11:11pm

Compass not working on 4.1, anybody else notice this? Have 2 3GS with old bootrom compass not working.

Jon - October 24, 2010 at 10:52am

Anybody having problems getting wifi to work afterwards? My wifi connects, but nothing works. I tried resetting network and forgetting my network, but nothing... multiple reboots, too. I ended up backgrading to my 3.1.2, but so many of my apps no long work that I really need to move back to 4-something... TIA

Jon - October 27, 2010 at 4:45am

Replying to myself, hoping it may help others. I got the JB working with wifi. Here's what I did, though I don't know what, exactly worked. ;-) First of all, I used the 4.1.2 version of Pwnage, not the 4.1 that I used the first time. Secondly, before I restored my old iPhone, I connected to my wifi, and made sure it worked, and then restored. Last time, I restored immediately, which may have been my mistake. In any case, it's working now, and I'm at 4.1 (without my ProSwitcher--waaa!) Patience, I guess.

jith - October 24, 2010 at 8:02am

My heartfull thanks to the full team .. I'd successfully degraded my 3G from 4.1 to 4.0 and jailbreaked it very easily .., even this were the first time Im doing this !!! Thanks for the entire team !! Now waiting for the 5.14 baseband unlock

lepaka - October 24, 2010 at 6:55am

I have a 3GS 16 (unlocked from origin) and a 3GS 32 (locked at the Network, but without contract). Both cases worked perfectly, just had to UNSELECT the Activation Process in the step six. Thankx you are the Jailbreak Masters.

Andy - October 23, 2010 at 1:26pm

I did it, now what? SHould i restore it from a backup or as a new iPhone? That and, i don't notice any visible changes. What am i supposed to see differently?

Gazi - October 23, 2010 at 11:25am

4.1 Customs FW restored usuing DFU mode on 3GS old BR. iPhone continuously rebooting and showing only logo. Tried 2nd,3rd,4th .... times restore, if DFU showing error 1600 and recovery mode showing error 21. Help is appreciated.

lepaka - October 24, 2010 at 6:58am

Try just UNSELECT the Activation Process at step six. it worked for me perfectly.

Mommy22angels - October 22, 2010 at 2:27pm

I have my iPhone unlocked with the new 4.1. I am running on tmobile, but just noticed under my carrier in settings, it says AT&T. I thought I had read that this new jail real was going to fool iTunes in some way. Is that part of it. I also live in Indiana but am currently in Michigan. Thanks for any answers.

emilio - October 22, 2010 at 11:07pm

nesesito ayuda con iphone

Jbz - October 22, 2010 at 1:20pm

How is everyone bypassing the "verifying restore with Apple" window??

hadesphoenix - October 24, 2010 at 1:33pm

DFU should take care of that, what you need to do is to do the DFU process again. Even though you think FDU is fine, do it again and restore your iphone using your custom firmware and you will see the error prompt disappearing. Thanks Dev-Team

Steve - October 22, 2010 at 9:02am

Pwn Tool is 4.1.1 now. anyone knows what are the changes compare to 4.1? I know it should be better but i just don't want to format my phone again with the new tool. For those got error 21, or 1600. you have to use Mac to make it work. use Pwn tool to go to DFU mode then restore within iTunes.

Daniel - October 22, 2010 at 4:46am

Occording to my Macbook the Pwnage tool here in this article is not a DMG. I had to go here to get a working one. http://www.iphoneworld.ca/download-for-iphone1/pwnageTool_4.1.dmg

Daniel - October 22, 2010 at 4:48am

Ah its a torrent link? Why do you have a torrent link when there are direct download of the Pwnage tool available.?? Not everyone has Bit Torrent. Not point in forcing people to install it eh?

Mark - October 21, 2010 at 7:21pm

since PwnageTool is for making custom firmwares, any mac owners nice enough to upload a custom firmware they've made (3GS - iOS 4.1 but w/o baseband update), for all us windows users? thanks in advance! :)

Vaccaria - October 21, 2010 at 12:47pm

I also got the error 1600, any solutions yet? Thanks.

dmoney - October 21, 2010 at 2:48pm

Try using iTunes 9

Mommy22angels - October 21, 2010 at 3:45pm

I got the error also. Went back and made sure I put the phone in DFU mode through pwnage and it worked. I also have updated iTunes so that wasn't the problem.

Vaccaria - October 21, 2010 at 4:46pm

You made it using iTunes 10? Thanks.

Jon - October 24, 2010 at 10:50am

I got that, and on rebooting, I got it all to connect. It seems that sometimes the USB bus gets messed up. Try a reboot and then use the DFU tool in Pewnage to connect again.

Lakegeorge - October 21, 2010 at 11:18am

i accidently upgraded my 3gs to 4.1 using itunes, i am stuck at emergency calling mode, i tried to put the phone in dfu and then restore with the custom pwnage 4.1 does not work it gives out a message saying iphone software update server could not be contacted what to do now...Please Help

dmoney - October 21, 2010 at 2:47pm

You will have to use limera1n to get it out of emergency mode.. and UNFORTUNATELY you cannot unlock using ultrasn0w because your baseband has been upgraded and will have to wait until ultrasn0w comes out with new version

More Comments