Jailbreak your iPhone

How to Jailbreak iPhone 3GS 3.1.2 Pwnage Tool (Mac)


Finally Dev Team released Pwnage tool for iPhone 3GS Firmware 3.1.2, if you upgrade your iPhone 3GS 3.0, 3.1 to 3.1.2 stock firmware your baseband also upgrades from Modem FW 04.26.08 to 5.11.04, Now the problem is you can’t unlock baseband 5.11.04 with any utility out in the wild. Thanks to Dev team, PwnageTool program let’s you update your main firmware without touching your baseband firmware, so you can still have the best of both worlds. Here we have a simple to follow guide which shows you how to upgrade and unlock your iPhone 3GS from Firmware 3.0/3.1 to Firmware 3.1.2 without upgrading your baseband.


Am i eligible for Pwnage tool or not ?

  1. I have an iPhone 3GS 3.0/3.0.1 redsn0wed  : You are in
  2. I have an iPhone 3GS 3.0/3.0.1/3.1 pwned  : You are in
  3. I have an iPhone 3GS 3.1/3.1.2 blackra1ned  : You can jailbreak but not the unlock


Requirements :


Step One). Download the required files and make a folder on Desktop called “iHackintosh” or whatever you want and put the Firmware 3.1 and Pwnage tool in iHackintosh folder.

Step Two). Close all other running programs and launch Pwnage tool from iHackintosh folder by double click.

Step Three). Choose your Mode, Simple Mode or Expert Mode

  • Simple Mode – Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
    custom firmware.
  • Expert Mode – Where you can adjust the settings on the various different additions to the custom firmware – if you click through and do not change anything in expert mode it will make the same

In the following post we used Expert mode for better reliability.

Step Four). In the next window click and select your iPhone. A big green check-mark will appear over the image of the phone which you selected. Once you selected the iPhone model then click the blue arrow button at bottom to continue.

Picture 1

Step Five). You will be brought to the "Browse for IPSW" Windows. On my Hackint0sh, it automatically found the IPSW. If PwnageTool doesn’t automatically find the ipsw file you can click Browse for IPSW(Just in Case)

Step Six). In the next screen click to select General then click the blue arrow button at the bottom right corner.

Step Seven). You’ll get to the General Settings Screen. The General settings allows you to decide the partition size, Activate the phone and Enabled baseband update. The most crucial step of your process so be careful and read it 3-4 times before getting in to the business. Check Activate the phone if you are not with an official carrier then click the blue arrow button. Deselect Activate if you have an iPhone legitimately activated on an official carrier.

  1. If you are using an Official service provider (i.e. AT&T) you do not need to "Unlock Baseband", therefore you can Uncheck “Activate the phone”.
  2. If You are using an Unofficial service provider (i.e. T-Mobile) then check “Activate the phone” So you can enjoy Ultrasn0w with the 3.1

Picture 2

Note : Enabling the Baseband option is no more available so check the Activate the phone, no matter you need an unlock or not.

Step Eight). The next window Cydia settings menu allows you to create custom packages so you do not have to manually install them later.

  • Click to select the Download packages tab. Then click the Refresh button to display all the available packages. Double clicking the package you want will download it and make it available in the Select Packages tab.
  • Checkmark the ones you want then Click the blue arrow button.
  • The Custom Packages Settings menu displays listed package settings for your custom IPSW. For know leave these settings as is. Click the blue arrow button to continue.

Step Nine). The Custom Logos Settings menu allows you to add your own images, you can pick your custom logo settings. If you uncheck them both, the originals will remain. Once done click the blue arrow button to continue.

Step Ten). You are now ready to begin the Pwnage process! Click the Build button to select it then click the Blue arrow button to begin.

Step Eleven). You will be asked to save your custom .ipsw file. Save it to your Pwnage folder you created on your Desktop.

  • Your IPSW is not being built. Please allow up to 10 minutes.
  • You will be asked to enter your administrator password. Do this then click the OK button.

Step Twelve). Now another question, if your iPhone has been pwned before, or if you already unlocked or did jailbreak earlier. If you do not know, simply answer "No".

If you’re already jailbroken (by whatever means), you don’t need to mess around with DFU mode at all.  Just create (or get from a friend) your custom IPSW and Option-Restore (Shift-Restore on Windows) to it via iTunes.  Don’t enter DFU mode at all.  Please make sure you are restoring to the custom IPSW, not the stock one from Apple!  For best results, use the latest iTunes (9.0.1) — which includes a nice new application organizer.


Step Thirteen). Now one of the most important steps since the PwnageTool makes your iPhone into the mode of repair, called "DFU mode", but then we need your help by pressing the buttons on / off in conjunction with the "home" for 10 seconds after releasing the button on / off and keeping the "home" for another 10 seconds.

Step Fourteen). Don’t worry if your timing goes wrong, because if you can not do at the right time Pwnage toll will ask you to try again. If everything worked, you get into DFU mode and your iPhone is ready to be unlocked. The Pwnage Tool has created an image software on your iPhone containing the release and to be able to finish your iTunes to restore this file "unlocked."


Step Fifteen). Now enter in iTunes to restore your iPhone. Logo of guy that tells iTunes detected an iPhone in DFU mode and you need to restore. .


Step Sixteen). In iTunes, hold the Alt/Option key and click Restore. Navigate to the iHackintosh folder on your desktop using the dialog window that appears. Select the custom IPSW that was created and click the Open button. iTunes will now restore the firmware on your iPhone. This can also take up to 10 minutes.

Note : This procedure is tested by many iPhone users but we are not responsible for any damage. Do this at your own risk, and if you have any problem, question feel free to ask us on twitter also you can subscribe our free daily e-mail newsletter to keep yourself updated with the latest of iPhone community.


Comments ( 31 )

Have Something To Say ?

  1. shaw July 21, 2010 Reply

    Does anyone ever post solutions? All i see on here is everyone posting the same problems. But no answers. LOL I’m so bumbed. I too have the 3GS but firmware 3.1.2. Tried everything on every site I can find, abut end up with error code 1600 or 1604. There is so much information out there, yet now sure ONE way to do it and do it right. F(c@!*$ing sucks.

    I have tried on Mac: pwnage 3.1.5 and had success with my 3G, but not my 3GS (using respective firmware)
    I have tried blackra1n on the pc, and gotten the supposed succes of having the blackra1n screen appear, yet no cydia installed and thus, …I dunno, again, no firm solution from anyone.

    Pwnage on the macintosh worked like a champ. used the firmware 3.1.3 to customize the restore package, and it installed the first time. then I used YellowSn0w to unlock for T-Mobile. Perfect.

    The 3GS, I’m f*(!king sick of trying. lol. I just get me arse kicked everytime. If anyone has successfully done a 3GS, new out of the box, firmware 3.1.2, basband. 05.11.07. POST it, please 🙂 with details.

  2. anon June 10, 2010 Reply

    before doing this you must have pwn’d your iphone. spirit does not count.

  3. krish June 7, 2010 Reply

    Can someone help..Upgraded from 3.1.2 to 3.1.3 ..I have to jailbreak.used the custom 3.1.3 ipsw to restore in all modes getting 1600 error while error. Please help iReb doesn’t support 3gs..any way to get away from this..

  4. castro December 11, 2009 Reply



  5. Rags November 7, 2009 Reply

    Iphone 3Gs factory unlocked. Having error 16xx while trying to restore custom ipsw. Tried in DFU, recovery and normal mode. Even tried with different custom ipsw. No luck. iREB not supporing iphone 3Gs. Any other sofware out there for 3Gs like iREB? only jailbreaking is required. any ideas….???

    Using a windows system. tried in other windows system but with the same error message.

  6. Rags November 7, 2009 Reply

    Iphone 3Gs factory unlocked. Having error 16xx while trying to restore custom ipsw. Tried in DFU, recovery and normal mode. Even tried with different custom ipsw. No luck. iREB not supporing iphone 3Gs. Any other sofware out there for 3Gs like iREB? only jailbreaking is required. any ideas….???

  7. Paul Godard October 30, 2009 Reply

    I have now managed to build a custom ipsw 3.12 with PwnageTool 3.1.4 for my 3GS (US – AT&T) and restore it successfully with iTunes. Originally I was also getting the 1600 error but when I triggered DFU mode on the phone successfully while creating the custom built (getting the usb plug and iTunes on the phone screen), then I could restore successfully in iTunes. I also waiting longer to get the final blue message in PwnageTool. Hope this will work for you as well!

    However my pay-as-you-go MTN (RSA) sim card does not seem to be recognized. On top left there is only … and network and carrier is not available. Also my phone can not go to the internet when attached to my Mac Book Pro via USB (It was doing it when I received the phone 3.0.1 locked to AT&T).

    Should I do something else?

  8. skyblu-ish October 30, 2009 Reply

    Ehh, i tried the pwnage method. Firstly, yea at first the pwnage tool booted my iphone 3gs to a recovery mode, then i restored my iphone with the custom firmware. However after installing, it suddenly got booted into dfu mode and i can’t do anything with it. i’ll get error 1600 when restoring with custom firmware. Only way to get out is to use the original firmware. Can any1 help me with this?

    • Vinay October 30, 2009 Reply

      @Skybluish Yeah custom firmware is also a good option, download iReb from ttapple.net and follow the onscreen instruction for custom restore.

  9. st4887 October 26, 2009 Reply

    Was able to restore my phone to original settings, but was originally experiencing problems with the firmware. I was unable to make any calls nor was I able to receive calls. I have 3.1.2 iTunes software originally installed then tried to jailbreak.

  10. st4887 October 26, 2009 Reply

    Having problems with my iphone 3GS. Followed directions to a T, and am now not getting any carrier signal. I think that this is a big problem 🙁
    Anyone with any solutions?

  11. Didi October 25, 2009 Reply

    Tried and tried, always 1600 error, no way 🙁

  12. mo October 25, 2009 Reply

    hi ive jailbroken, but my apps are gone. am i allowed to restore to the previous back-up without losing cydia and icy

  13. DigitalChaos October 24, 2009 Reply

    My 3GS is jailbroken with the 3.0.1 firmware and is a legit ATT phone. I have gotten the 1600 error on two different Macs and a 1602 error on a windows box. Retried it many many times, remaking the firmware, etc. All with no success.

    I saw the suggestion here to “Just plug your iPhone, start iTunes normally and press Alt/Restore” and IT ACTUALLY WORKED! I even decided to try a restore from backup instead of setting up as a new phone and that worked as well.

  14. Jaz October 23, 2009 Reply

    I mean to add to that, will the jailbreak work inorder for me to unlock the phone ?

  15. Jaz October 23, 2009 Reply

    Will this jailbreak work for an iphone 3Gs out of box with 3.1 firmware already in there? Because the baseband is at 5.11 already. Plase let me know, thanks

  16. flo October 22, 2009 Reply

    got 1600 error, did on regularly, got stuck on preparing i phone, any ideas?

  17. Grishnnakh October 15, 2009 Reply

    For those with 1600 Error. Do NOT put your iPhone in DFU or Restore Mode. Just plug your iPhone, start iTunes normally and press Alt/Restore.

  18. Lee DeYoung October 14, 2009 Reply

    Are the firmware links noted above under “requirements” definitely NOT the standard Apple/iTunes versions? In other words, will these firmware files preserve an iPhone 3G’s 4.28.09 baseband?

    I’d assume that the answer is yes but want to be absolutely certain that using these firmware files will not disturb the older baseband.


  19. DiabloBlue October 14, 2009 Reply

    The iREB 3.1.2 does not support iPhone 3GS 🙁
    Still Getting the 1600 error!!!
    Please anyone with a solution.

  20. Hank October 14, 2009 Reply

    I was able to jailbreak with no problems on simple mode. the only flaw i noticed was that the att logo is gone.

  21. Bjorn October 14, 2009 Reply

    I had the error 1600, but got it working using iREB 3.1.2 from iphonix.fr

  22. DiabloBlue October 14, 2009 Reply

    I also keep getting the 1600 message!!! Can any one help with this : (

  23. John October 13, 2009 Reply

    Hi, thanks for the updates and hoping someone could help me as
    getting pretty confused with all these updates…

    Ive been jailbreaking since I got my ipod touch 1G and now have an iPhone 3GS on 3.0. which was jailbroken using purplera1n.

    So what do I do next to upgrade?

    Do I upgrade my phone via itunes to 3.1.2 or download a custom 3.1.2 firmware?

    Do I use Blackra1n or do I use this Pwnage Tool on my Mac??

    Im keen to get this upgraded to 3.1.2 but no idea how to Jailbreak, any help would be massively appreciated!

  24. Oscar Franzén October 13, 2009 Reply

    Can I restore from a personal backup after the jailbreak restore is done?

  25. zeropointfx October 13, 2009 Reply

    Yes i also experience the same problem with my iphone 3gs as with solidturk. My iphone has been JB using purplera1n when it first came out and its been at 3.0.1 till now that i can be bothered to update it. Followed the step downloaded 3.1.2 7D11 and created an customer ipsw using the tool. Went into itunes(9.0.1) and pressed alt+restore on my mbp and it came back with error msg 1600.
    I have no idea whats going on and would like some help.


  26. elliot October 13, 2009 Reply

    I keep getting the same 1600 error saying preparing iphone for restore. Please help.

  27. robbo1337 October 13, 2009 Reply

    I also keep getting the 1600 message. I suspect it may be because I am in recover mode rather than DFU mode.

  28. fahrulazmi October 13, 2009 Reply

    Thanks! My iPhone 3GS OS 3.1.2 is now jailbroken. 😉

    But what ‘root partition size’ means? What if i increase it or decrease it? thanks.

    Anyway, there are some typos in the tutorial.

  29. solidturk October 13, 2009 Reply

    I created a custom IPSW using Pwnage Tool 3.1.4 for my iPhone 3GS but keep getting error 1600 when trying to restore custom firmware (DFU Mode) in iTunes. I have tried restoring on both my Hackintosh and PC and get the same error 🙁

  30. Meth October 13, 2009 Reply

    But does anything work for a virgin (ie brand new) 3GS.. can they be jailbroken or unlocked or both?

Leave your comment here