Earlier, iPhone Dev Team released the updated version of PwnageTool to cater for iPhone 3.1 jailbreak. To simplify your jailbreak, I have updated the jailbreak guide for iPhone 3.1 OS using PwnageTool. For any reason you do not want to upgrade your iPhone to the latest version, you can also refer the old jailbreak guide here for firmware 3.0.
Personally, I recommend the upgrade of iPhone OS 3.1. To learn more about the new features of the OS, you can check out “What’s New in iPhone OS 3.1“.
Before you read on and take action to jailbreak your iPhone, please note that:
- This jailbreak guide is for PwnageTool, which is for Mac Only. For Windows user, please refer to this jailbreak guide. However, as of now, you can only jailbreak iPhone OS 3.0.
- You can use this guide to jailbreak & unlock iPhone 2G (the 1st generation iPhone)
- You can use this guide to jailbreak iPhone 3G (Please note jailbreak only. You’ll need to use ultrasn0w to unlock it.)
- If you’re using lower version of firmware (e.g. 1.1, 2.0, 2.1 or 2.2), you can also follow the jailbreak procedures to upgrade the firmware to 3.0. But please note that you’ll have to re-install all the Cydia applications after upgrade. And, at the time I write this post, not all Cydia applications are compatible with iPhone 3.1. So, if you have any cydia applications that you rely on, please ensure its compatibility before the upgrade.
- For iPhone 3GS user, please do not use PwnageTool to jailbreak your new iPhone. Presently, there is no way to jailbreak iPhone 3GS.
Ready? Let’s get started.
Preparation for the jailbreak
1. First, make sure you have upgraded to iTunes version 9.0 and backup your iPhone data by synchronizing it with iTunes.
Tip: If you’re upgrading the iPhone from older version of firmware, make sure you sync the iPhone with iTunes. This ensures all your SMS, contacts and applications can be restored after the firmware upgrade.
2. Download all the files including PwnageTool 3.1 (or download from here), bootloader and iPhone firmware 3.1 (2G / 3G)
Tip: Please use Firefox to download iPhone Firmware 3.1. Do not use Safari as by default it’ll unzip the IPSW file
3. Launch PwnageTool_3.1.dmg and copy PwnageTool to your desired folder. Also, extract bootloader files to the same folder.
Note: Make sure you copy the bootloader files to the same folder. Also, please note the image above shows the firmware file for iPhone 2G. If you’re jailbreaking iPhone 3G, the IPSW file should be iPhone1,2_3.1_7C144_Restore.ipsw.
4. Copy the iPhone firmware 3.1 file to “~/Library/iTunes/iPhone Software Updates”. If the folder does not exist, create it by yourself. However, in case the folder contains other firmware files, please delete them. (This step is optional. Normally PwnageTool can search the firmware file even it’s saved in other folders. But this may speed up the search.)
5. Finally, connect your iPhone to the dock/USB cable. Please keep connected for the whole process and close iTunes if it has been launched.
Running PwnageTool 3.1
6. Let’s start the core part. Go to the folder you save PwnageTool. Click “PwnageTool” to launch it.
7. Click “Expert” mode. For iPhone 2G, select “iPhone”. For iPhone 3G, please select “iPhone 3G”. Then click the arrow to continue.
8. Next, Pwnage tool searches for the iPhone 3.1 firmware file. It may take some time to locate the file. Once completed, select the firmware file and click the blue arrow to proceed. Please note the below screenshot is for iPhone 2G. For iPhone 3G, the firmware file is “iPhone1,2_3.1_7A341_Restore.ipsw”.
9. In PwnageTool main menu, select “General” and click the blue arrow.
In general settings, please set the root partition size to 580MB. This value works fine for me. But if you have any problem with your jailbreak, you can try to set the partition size to larger value (say, 600MB).Once you’ve configured the size, click the blue arrow to continue.
Note: If you are using a legitimate iPhone from official carrier (for instance, iPhone with AT&T), you need to uncheck the ?Activate the iPhone? option.
10. Next, select “Bootneuter” and click the blue arrow. You will be go through several configuration screens. Keep all the default settings and proceed as shown.
** For iPhone 3G, the bootneuter settings screen is grayed out.
Tip: If you want to keep the original logos, uncheck both “Boot logo” and “Recovery logo” checkboxes.
11. After complete all the settings, you will go back to the main screen. Select “Build” and click the arrow to start building the custom firmware.
** In case PwnageTool prompts you to provide the bootloader file (v3.9 / v4.6), please browse to the location that you have saved these files (BL-39.bin / BL-46.bin). You should have saved these files in step 2.
12. Accept the default filename for the custom firmware. (Of course, you can choose a better name)
13. Next, Pwnage will start creating a custom firmware file that will be used later to recover the iPhone. During the process, you will be prompted to enter your logon password.
14. When complete, PwnageTool will ask you whether your iPhone has been pwned before. Okay, take note here. If you haven’t pwned your iPhone before, please Answer “No” and go directly to step 15 to put your iPhone into DFU mode.
But if you have pwned it using Pwnage tool before (say, you’re upgrading from firmware 2.2 and have jailbroken the iPhone before using PwnageTool), please Answer “Yes” here. You’ll then be prompted to close Pwnage Tool. Close it and continue and put your iPhone in recovery mode. Then you can go to step 18 to continue with the jailbreak.
Tip: To put your iPhone into recovery mode, first disconnect your iPhone from USB cable and power off your iPhone. Then hold the “Home” button and connect USB cable again. Keep holding the “Home” button until you see a dock cable pointing to the iTunes icon (or yellow triangle for older version of iPhone). Now you are in recovery mode.
Put your iPhone in DFU mode
15. Now, the game starts. Pwnage shows you some instructions to follow. You should follow exactly the instructions to put your iPhone in DFU mode. Remember timing is important!
16. By following exactly the instruction, your iPhone can enter DFU mode. In case you fail, don’t panic! It won’t brick your iPhone. I did the procedures twice when I first jailbreak my iPhone. To retry, you can just disconnect your iPhone from USB, turn on your iPhone and connect it again.
17. Ok, your iPhone should appear as if it’s turned off. Don’t touch it. Quit Pwnage and go to the final procedures.
Install the Custom Firmware
What you have completed with Pwnage is you have created a custom firmware 3.0 for your iPhone. The remaining procedures are to use iTunes and install that custom firmware onto the iPhone.
18. Start iTunes and it automatically detects your iPhone is in recovery mode.
19. Confirm “OK”. Hold down “Option” button and click “Restore”. You will be prompted to select the firmware file. Remember to select the custom firmware file.
20. Now, iTunes will start loading the firmware onto iPhone. Don’t touch anything, keep your iPhone connected. It may take several minutes to complete the process. Once complete, iTune will prompt you that it has recovered your iPhone to the default factory settings.
21. The iPhone will then start up automatically. For first time bootup, BootNeuter will be launched to flash the baseband and unlock your iPhone. The process will take around 3-4 minutes to complete. Again, don’t touch your iPhone. Let it complete the process alone.
22. Okay, I believe everything is smooth. You should see your iPhone come back with firmware 3.1.
23. Finally, you can sync back all your data using iTunes and try out the new app management feature on iTunes 9.
Note: For iPhone 2G user, your iPhone should have be unlocked after the jailbreak process. But for iPhone 3G user, PwnageTool do not handle the unlock for you. To unlock your iPhone, you have to launch Cydia and install ultrasn0w.
