rss

Jailbreak iPhone 3GS (Old Bootrom) on iOS 4.0.2 with PwnageTool

Posted by Ben on August 18, 2010

You can jailbreak iOS 4.0.2 on iPhone 3GS (Old bootrom) with the unofficial build of PwnageTool. For those who don't know, Apple released iOS 4.0.2 for iPhone 4, 3GS, 3G and iPod Touch 2G, 3G fixing the PDF exploit which enabled all iPhone, iPod Touch and iPad users to jailbreak their devices on all firmwares. If you are on iOS 4.0 / 4.0.1 or less, you can use this PDF patch to save your device from PDF vulnerability without updating firmware to iOS 4.0.2.

If you have upgraded your device firmware to iOS 4.0.2, you can still downgrade from iOS 4.0.2 to iOS 4.0 / 4.0.1 / iPhone OS 3.1.x by using the step-by-step guide here. However if you want to jailbreak iOS 4.0.2 on iPhone 3GS (Old bootrom), follow the steps-by-step guide below:

Jailbreak iPhone 3GS on iOS 4.0.2 with PwnageTool (Unofficial)

*Find all download links at the bottom of the post.

  1. *Download latest version of iTunes.
  2. *Download iOS 4.0.2 for iPhone 3GS
  3. *Download PwnageTool 4.0.2
  4. Connect your iPhone to iTunes and sync to backup all of your data including apps, contacts, messages and photos etc
  5. Place PwnageTool, iOS 4.0.2 IPSW and kernelcache.release.n88 on your desktop.

    6. PwnageTool 4.0.2

  6. Launch PwnageTool and click OK to accept the warning message.

    7. PwnageTool Warning Message

  7. Click on iPhone 3GS and hit the next button at the bottom-right of the window.

    8. PwnageTool Select iPhone 3GS

  8. Now PwnageTool will automatically detect iOS 4.0.2 IPSW file from your desktop and validate it. Incase PwnageTool fails to detect the iOS 4.0.2 IPSW, click on the Expert Mode button at the top, browse for iOS 4.0.2 IPSW manually and click next button.

    9. PwnageTool iOS 4.0.2 Validated

  9. Now PwnageTool will ask Do you have an iPhone contract that would activate normally through iTunes?, choose NO if you are on unofficial carrier and YES if you are on official carrier like AT&T. Remember clicking YES will upgrade your baseband to the latest version.

    10. PwnageTool Carrier Warning

  10. Now PwnageTool will show the final popup after which it will start creating a custom cooked IPSW file on your desktop. Click Yes button to continue.

    11. PwnageTool Final Warning Message

  11. Wait for 4-5 mins while PwnageTool creates a custom IPSW file of iOS 4.0.2 which will be placed on your desktop.

    12. PwnageTool Creating Custom IPSW

  12. During the creation of custom IPSW by PwnageTool, you will be prompted to enter the Administrator password. Enter your correct Administrator username and password.

    13. PwnageTool Admin Login

  13. Once you see "ihaz Success" on your screen, you are all done!

    14. PwnageTool ihaz Success

  14. Check your desktop, you will see custom IPSW file of iOS 4.0.2 cooked by PwnageTool for your iPhone.

How to Restore Custom IPSW File of iOS 4.0.2 with iTunes

Once you have got the custom IPSW file of iOS 4.0.2, connect your iPhone to your computer and start iTunes. Click on the name of the iPhone on the sidebar of iTunes to go to the summary panel. You will see two buttons i-e "Check for Update" and "Restore". Hold down the SHIFT key (ALT key for Mac) and click on the "Restore" button, browse to the IPSW file of iOS 4.0.2 which you just cooked with PwnageTool. Sit back and relax while iTunes restore jailbroken iOS 4.0.2 on your device.

Unlock iPhone 3GS on iOS 4.0.2 with Ultrasn0w 1.1-1

Once you have jailbreaked iOS 4.0.2 on iPhone 3GS (Old bootrom), you can now unlock your device by using Ultrasn0w 1.1-1.

Download Links:

Download iTunes 9.2.1
Download PwnageTool 4.0.2 | Mirror
Download iOS 4.0.2 for iPhone 4, 3GS, 3G & iPod Touch 2G, 3G

Update1: Jailbreak iOS 4.0.2 on iPhone 3G & iPod Touch 2G with Redsn0w 0.9.5b5-5
Update2: Sn0wbreeze 2.0 Jailbreaks iPhone 3GS (Old Bootrom) on iOS 4.0.2

Thanks to Stefano for the tip via email!

Stefano Email

(Thanks to Stefano for the tip)

Update: After creating the custom IPSW through PwnageTool, rename it from .IPSW to .ZIP and open it with WinZip or WinRAR, replace kernelcache.release.n88 and then rename it back from .ZIP to .IPSW.



  • Doc Hodges

    Same 1600 error here. I've done it a dozen times and end up with an error 1600.

    Some clarifications
    1 - The instructions say to use Restore mode and dfu. Which is correct?
    2 - When you unzip the customer ipsw to a folder and replace kernel file, does it matter what utility is used to rezip it? Will a regular compress with finder do it?
    3 - What does the 1600 error mean is wrong?
    4 - If you have a correct ipsw for 4.0.2 could you post it?
    Thanks!
    Doc

  • rendy

    i've followed the steps mentioned above and still can't restore using the custom firmware.. is there any other condition for this to work??

  • http://www.robertongo.blogspot.com Robertongo

    I could not run. It indicates that the software is not compatible. And I think I did the steps as indicated.

  • buibui

    does the PwnageTool works in windows?

    • http://jaxov.com/ Wolverine

      No, Sn0wbreeze is used to create custom IPSW in Windows. Its a PwnageTool port on Windows!

  • Star777

    It says that the firmware file is not compatible, I used the archiving program on a mac to unarchive then i replaced the kernel compressed and then changed back to .ipsw did I do something wrong?

    • http://jaxov.com/ Wolverine

      Did you replaced the kernel in original IPSW (before creating the custom IPSW) OR you replaced the kernel in custom IPSW file made by PwnageTool?

      • Star777

        I actually figured, i was replacing the kernel after the custom ipsw was made but i was re-compressing the entire unzipped folder instead of just the contents of the ipsw. Now I am getting error 1603. Thanks

      • Star777

        It should be replaced after cooking the firmware correct?

        • http://jaxov.com/ Wolverine

          Yes! Make sure you are restoring it in DFU mode, not in recovery mode. Moreover you should have the latest version of iTunes.

          • Star777

            I've tried in dfu mode and I still get errors 1600, 1603, or 1604,, Have you done this successfully?

          • http://jaxov.com/ Wolverine

            My friend has jailbreaked it successfully after trying 4 times, however i am waiting for iOS 4.1 whose jailbreak is promised by iPhone-Dev Team, so its better to wait for iOS 4.1 final version and jailbreak it with OFFICIAL version of PwnageTool which will be released soon after iOS 4.1 update!

          • Rendy

            hi.. i've followed all the steps mentioned above, but still can't do the restore using the custom firmware..
            my device is an iphone 3gs running on OS 4.0.2 and now it's stuck in emergency call and can't be activated..

            i hope you have solutions for this.. thanks!!