Jailbreak your iPhone

Guide to Jailbreak iPhone 3GS iOS 4 with Pwnage Tool


Apple released the iPhone Software update iOS Final, the latest firmware update contains a baseband firmware update 05.13.04 and it’s compatible with Ultrasn0w. Actually all firmwares since OS 3.0 up to iOS 4 can be unlocked with Ultrasn0w, for more information check our previous guide to Unlock Baseband 04.26.08, 05.11.07, 05.12.01 and 5.13.04 With Ultrasn0w. That means iOS can be unlocked with any baseband up to iOS 4.

Following is the guide to jailbreak your iPhone 3GS with iOS 4 final version,it’s your choice to preserve your baseband or not to preserve your baseband. Please read the whole post thoroughly and then try to jailbreak your iPhone.

Note / Warning :

  • You must be on already pwned 4.0 Beta / 3.1.3 / lower or check if you satisfies the following conditions.

I am on iPhone 3GS 3.0/3.0.1 Redsn0wed  : You are in

I am on iPhone 3GS 3.0/3.0.1/3.1/3.1.2/ iOS 4 GM Pwned  : You are in

I am on iPhone 3GS 3.1.3 Spirit : Stay Away and Wait

  • iPhone 3GS and Mac OS only.
  • Use this guide on your own risk, i am not responsible for any damage (if any). The procedure mentioned below is tested by me and it works.


Instructions :

Step One). Download the required files and make a folder on Desktop called “iHackintosh” or whatever you want and put the Firmware 3.1 and Pwnage tool in iHackintosh folder.

Step Two). Close all other running programs and launch Pwnage tool from iHackintosh folder by double click.

Step Three). Choose your Mode, Simple Mode or Expert Mode

  • Simple Mode – Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
    custom firmware.
  • Expert Mode – Where you can adjust the settings on the various different additions to the custom firmware – if you click through and do not change anything in expert mode it will make the same

In the following post we used Expert mode for better reliability.

Step Four). In the next window click and select your iPhone. A big green check-mark will appear over the image of the phone which you selected. Once you selected the iPhone model then click the blue arrow button at bottom to continue.

Step Five). You will be brought to the "Browse for IPSW" Windows. On my Hackint0sh, it automatically found the IPSW. If PwnageTool doesn’t automatically find the ipsw file you can click Browse for IPSW(Just in Case)pwnagetool_thumb

Step Six). In the next screen click to select General then click the blue arrow button at the bottom right corner.


Step Seven). You’ll get to the General Settings Screen. The General settings allows you to decide the partition size, Activate the phone and Enabled baseband update. The most crucial step of your process so be careful and read it 3-4 times before getting in to the business. Check Activate the phone if you are not with an official carrier then click the blue arrow button. Deselect Activate if you have an iPhone legitimately activated on an official carrier.

  1. If you are using an Official service provider (i.e. AT&T) you do not need to "Unlock Baseband", therefore you can Uncheck “Activate the phone”.
  2. If You are using an Unofficial service provider (i.e. T-Mobile) then check “Activate the phone” So you can enjoy Ultrasn0w with the 3.1


Note : Enabling the Baseband option is no more available so check the Activate the phone, no matter you need an unlock or not.

Step Eight). The next window Cydia settings menu allows you to create custom packages so you do not have to manually install them later.

  • Click to select the Download packages tab. Then click the Refresh button to display all the available packages. Double clicking the package you want will download it and make it available in the Select Packages tab.
  • Checkmark the ones you want then Click the blue arrow button.
  • The Custom Packages Settings menu displays listed package settings for your custom IPSW. For know leave these settings as is. Click the blue arrow button to continue.

Step Nine). The Custom Logos Settings menu allows you to add your own images, you can pick your custom logo settings. If you uncheck them both, the originals will remain. Once done click the blue arrow button to continue.

Step Ten). You are now ready to begin the Pwnage process! Click the Build button to select it then click the Blue arrow button to begin.

Step Eleven). You will be asked to save your custom .ipsw file. Save it to your Pwnage folder you created on your Desktop.

  • Your IPSW is not being built. Please allow up to 10 minutes.
  • You will be asked to enter your administrator password. Do this then click the OK button.

Step Twelve). Now another question, if your iPhone has been pwned before, or if you already unlocked or did jailbreak earlier. If you do not know, simply answer "No".

If you’re already jailbroken (by whatever means), you don’t need to mess around with DFU mode at all.  Just create (or get from a friend) your custom IPSW and Option-Restore (Shift-Restore on Windows) to it via iTunes.  Don’t enter DFU mode at all.  Please make sure you are restoring to the custom IPSW, not the stock one from Apple!  For best results, use the latest iTunes (9.0.1) — which includes a nice new application organizer.


Step Thirteen). Now one of the most important steps since the PwnageTool makes your iPhone into the mode of repair, called "DFU mode", but then we need your help by pressing the buttons on / off in conjunction with the "home" for 10 seconds after releasing the button on / off and keeping the "home" for another 10 seconds.

Step Fourteen). Don’t worry if your timing goes wrong, because if you can not do at the right time Pwnage toll will ask you to try again. If everything worked, you get into DFU mode and your iPhone is ready to be unlocked. The Pwnage Tool has created an image software on your iPhone containing the release and to be able to finish your iTunes to restore this file "unlocked."


Step Fifteen). Now enter in iTunes to restore your iPhone. Logo of guy that tells iTunes detected an iPhone in DFU mode and you need to restore. .


Step Sixteen). In iTunes, hold the Alt/Option key and click Restore. Navigate to the iHackintosh folder on your desktop using the dialog window that appears. Select the custom IPSW that was created and click the Open button. iTunes will now restore the firmware on your iPhone. This can also take up to 10 minutes.

Stay tuned with us for your daily dose of iPhone news, you can follow us on twitter via @ihackinjosh You can also subscribe to our daily free e-mail news letter and keep your self updated with the latest of iPhone community.


Comments ( 25 )

Have Something To Say ?

  1. Jaun February 3, 2011 Reply

    Hi Guys was hoping for some help.
    My wife received a iPhone 3Gs from her parents in the UK (we live in SA)
    The phone was working correctly but when I connected with Itunes it ask if I should update the OS and I did.
    It appears that the phone was unlocked with third party software as I could not get any carriers i.e. Vodacom after doing the update.
    I thought it might be a good idea to recover the phone using Itunes i.e. to bring back the carrier, but now the phone is stuck on emergency call only page.

    1# Will it be possible to unlock the phone from this stage?
    2# When I did the restore did my baseband get downgraded or does it remain the same i.e. version 05.15.04
    #3 as I have now done the recovery will I still be able to use above mentioned method to unlock the phone assuming that the phone is now on a older version of the firmware, I mean you download the full OS to do the unlock anyway or does the phone need to be running that version 4.2.1 before you attempt the unlock.

    Any help with this would be great as I feel quite bad for destroying my wife’s new iPhone 🙁

  2. bingman September 9, 2010 Reply

    How can i even see what software is on my Iphone? I got 3GS. Thanks

  3. JJ Cab August 13, 2010 Reply

    Can I jailbreak my iPhone 3GS new bottom that I updated to 4.0.2 firmware?

  4. drake July 21, 2010 Reply

    Do I need downgrade into 3.1.2 if I have 3gs with iOS4 jailed? I don’t have SHSH file (not on my computer or cydia), I just got 3gs with iOS4. Thanks.

  5. Ray July 20, 2010 Reply

    I am desperately trying to jailbreak and unlock an iPhone 3Gs that has had iOS 4.0.1 installed on it. This 3Gs has the old bootrom, and has never been jailbroken before.

    I have spent over 12 hours trying different guides, fixes, fixes to guides that are outdated.

    Nothing has worked.

    I think I am right in my understanding that there is no direct jailbreak method for an iPhone 3Gs with iOS 4.0.1 that has never been jailbroken before. After accepting this annoying truth, I began attempting to downgrade the 3Gs to 3.1.3. I am also under the impression that if I am able to install firmware 3.1.3 on the iPhone, I will be able to take various steps to get to jailbroken iOS 4.

    The problem as I see it now:
    Everytime I try use iTunes to restore the 3Gs with anything but the most updated iOS 4.0.1, I get this message:

    “The iPhone “name of iPhone” could not be restored. This device isn’t eligible for the requested build.”

    I get this message even after editing and saving the “hosts” file.

    Is there no way to downgrade my phone? Is my problem especially unique? Why has no one seemed to figure it out?

    I need to jailbreak this phone ASAP. If you are feeling extra nice and eager to help, I will be signed onto Skype (ray.sarno).


  6. Ben July 17, 2010 Reply

    Error 1604 in itunes appear after I have followed your instructions. What do I do?

  7. Yan July 16, 2010 Reply

    I did everything the guide told me, and itunes gave me a 1600 error? help someone please!

  8. JON June 24, 2010 Reply

    I have a 3gs running 3.1.2 (old bootrom). It was jailbroken with blackra1n. Will this work for me???

  9. Retoxx June 24, 2010 Reply

    So… Does any nice mac user want to post a good quality IPSW for us silly windows users? 😀

  10. Guess June 24, 2010 Reply

    – iPhone 3GS, firmware 3.1.3
    – Jailbreak: Spirit

    Question: What if I first update my iPhone THROUGH iTunes to iOS 4 (so un-jailbroken again), could I than Jailbreak it using Pwnage Tool or Redsn0w without problems?

  11. Fabian June 24, 2010 Reply

    Hi Harriet!, To activate your Iphone the only thing that you have to do is to plug it to the computer, start the itunes programe and wai for seconds… It will be activated. Cheers!

  12. Sweden June 23, 2010 Reply

    Forgot, IPCC tele2 doesn’t work either…….

  13. Sweden June 23, 2010 Reply


    I have succesfully upgraded to ios4, but it’s not worth it at present day. Problems are the many apps like autosilent, bitesms, weathericon, mobile terminal doesn’t work. So don’t upgrade yet!!! I’am going back to 3.1.3.

    ps: my wifi download speed has reduce to half. from 20 to 8 mbit/sek…………………

  14. harriet June 23, 2010 Reply

    Hi, thanks for the instructions. I need to clarify something. after i had updated my jailbroken (with blackra1n) iphone 3gs recently, it is in recovery mode and only allow emergency calls. i read somewhere that i need to activate first, but how exactly? and pwnage tool is meant for mac right, not windows, so any instructions for windows users? please help, thanks again!

  15. Simeon Naydenov June 23, 2010 Reply

    I have an iPhone 3GS as follows:
    Version: 3.1.2 (7D11)
    Model: MC135LL
    Modem firmware: 05.13.04
    JB: blackra1n
    Unloc: sn0w

    If I understood right Ultrasn0w is compatible with 05.13.04 but Pwnage can not jaibreak my iphone?

    So actually I can not use Ultrasn0w (as it has to be installed on a jailbroken iphone from Cydia) to unlock my iPhone if I upgrade to iOS 4, is that right?

    Is there any other possibility to upgrade my 3GS to iOS 4.0 and after that to be able to jailbreack and unlock it?


  16. SOE June 23, 2010 Reply


    You say this is “iPhone 3GS and Mac OS only.” Is there any reason why this won’t work on the iPhone 3G or you just haven’t tested it?

    Thanks in advance.

  17. SS June 23, 2010 Reply

    I have iphone 3GS.3.1.3. 05.12.01.Locked for Bell Canada ( later I came to know that) I was using before iphone 3G based on the previous experienceI simply applied all those tools to unlock it. But I was not aware of the disaster that I am going to face in due course of time. Later I googled spent many times to atleast come out of the recovery logo. So, Obviusly, I stuck up with the most hatred Recovery loop Logo. I visited my Iphone consultant who repairs, upgrades and downgrades the iphone. He said ” What have you done so special”. To be frank I don’t know what to answer him. Please help me. ( ss100@windowslive.com) Thnak you all in advance.

  18. vice20 June 23, 2010 Reply

    work with new bootrom ??

  19. mas June 23, 2010 Reply

    HI! Thanks for the good article. I have iphone 3gs with version 3.1.3. I pwnded and jailbreak it using the pwnage tool for os 3.1.3. It’s firmware is 4.xx. Can I upgrade to new OS?

  20. iuziud June 23, 2010 Reply

    is this working with iphone 3gs 05.13.04, iOS 4? because give me error 1600 ;/

  21. Kalis June 23, 2010 Reply

    i have 3GS with 3.1.3 & now boot. so it is possible to unlock it?

  22. Nik June 23, 2010 Reply

    You forgot to mention if it also supports the 3GS new bootrom versions.
    As per the dev site, it told us to wait. but here it does not say so. have you tried the method on 3GS new bootrom before writing?

    If so please share if it worked. thanks

  23. Dave June 23, 2010 Reply

    I have updated my iPhone 3gs to os 4.0 through itunes. The phone was never jailbroken or unlocked. Can I still use this method?

  24. Dominique June 23, 2010 Reply

    When is jailbreak for windows coming??

  25. Dominique June 23, 2010 Reply

    When will jailbreakfor windows come???

Leave your comment here