Jailbreak your iPhone

Jailbreak iPhone 3GS iOS 4.0.1 with Pwnage Tool (Unofficial)


Apple released the iPhone Software update iOS 4.0.1, the latest firmware update contains same baseband as iOS 4.0, BB 05.13.04 and it’s compatible with Ultrasn0w. So if you are already pwned on iOS 4.0, then you can update to iOS 4.0.1 pwned with the help of modified pwnage tool.Following is the guide to jailbreak your iPhone 3GS with iOS 4.0.1 final version. Please read the whole post thoroughly and then try to jailbreak your iPhone.

Note : Pwnage tool linked in this guide isn’t released by Dev team, it’s an unofficial release by Criminal90. Big thanks to Criminal90 and iSpazio

pwnage tool

Note / Warning :

  • You must be on already pwned 4.0 / Old Bootrom or check if you satisfies the following conditions.

I am on iPhone 3GS 3.0/3.0.1 Redsn0wed  : You are in

I am on iPhone 3GS 3.0/3.0.1/3.1/3.1.2/ iOS 4 GM Pwned  : You are in

I am on iPhone 3GS 3.1.3 Spirit : Stay Away and Wait

  • iPhone 3GS and Mac OS only.
  • Use this guide on your own risk, i am not responsible for any damage (if any).


Instructions :

Step One). Download the required files and make a folder on Desktop called “iHackintosh” or whatever you want and put the Firmware 4.0.1 and Pwnage tool in iHackintosh folder.

Step Two). Close all other running programs and launch Pwnage tool from iHackintosh folder by double click.

Step Three). Choose your Mode, Simple Mode or Expert Mode

  • Simple Mode – Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
    custom firmware.
  • Expert Mode – Where you can adjust the settings on the various different additions to the custom firmware – if you click through and do not change anything in expert mode it will make the same

In the following post we used Expert mode for better reliability.

Step Four). In the next window click and select your iPhone. A big green check-mark will appear over the image of the phone which you selected. Once you selected the iPhone model then click the blue arrow button at bottom to continue.

Step Five). You will be brought to the “Browse for IPSW” Windows. On my Hackint0sh, it automatically found the IPSW. If PwnageTool doesn’t automatically find the ipsw file you can click Browse for IPSW(Just in Case)

Step Six). In the next screen click to select General then click the blue arrow button at the bottom right corner.

pwnagetool 6

Step Seven). You’ll get to the General Settings Screen. The General settings allows you to decide the partition size, Activate the phone and Enabled baseband update. The most crucial step of your process so be careful and read it 3-4 times before getting in to the business. Check Activate the phone if you are not with an official carrier then click the blue arrow button. Deselect Activate if you have an iPhone legitimately activated on an official carrier.

  1. If you are using an Official service provider (i.e. AT&T) you do not need to “Unlock Baseband”, therefore you can Uncheck “Activate the phone”.
  2. If You are using an Unofficial service provider (i.e. T-Mobile) then check “Activate the phone” So you can enjoy Ultrasn0w with the 3.1

Note : Enabling the Baseband option is no more available so check the Activate the phone, no matter you need an unlock or not.

Step Eight). The next window Cydia settings menu allows you to create custom packages so you do not have to manually install them later.

  • Click to select the Download packages tab. Then click the Refresh button to display all the available packages. Double clicking the package you want will download it and make it available in the Select Packages tab.
  • Checkmark the ones you want then Click the blue arrow button.
  • The Custom Packages Settings menu displays listed package settings for your custom IPSW. For know leave these settings as is. Click the blue arrow button to continue.

Step Nine). The Custom Logos Settings menu allows you to add your own images, you can pick your custom logo settings. If you uncheck them both, the originals will remain. Once done click the blue arrow button to continue.

Step Ten). You are now ready to begin the Pwnage process! Click the Build button to select it then click the Blue arrow button to begin.

Step Eleven). You will be asked to save your custom .ipsw file. Save it to your Pwnage folder you created on your Desktop.

  • Your IPSW is not being built. Please allow up to 10 minutes.
  • You will be asked to enter your administrator password. Do this then click the OK button.

Step Twelve). Now another question, if your iPhone has been pwned before, or if you already unlocked or did jailbreak earlier. If you do not know, simply answer “No”.

If you’re already jailbroken (by whatever means), you don’t need to mess around with DFU mode at all.  Just create (or get from a friend) your custom IPSW and Option-Restore (Shift-Restore on Windows) to it via iTunes.  Don’t enter DFU mode at all.  Please make sure you are restoring to the custom IPSW, not the stock one from Apple!  For best results, use the latest iTunes (9.0.1) — which includes a nice new application organizer.


Step Thirteen). Now one of the most important steps since the PwnageTool makes your iPhone into the mode of repair, called “DFU mode”, but then we need your help by pressing the buttons on / off in conjunction with the “home” for 10 seconds after releasing the button on / off and keeping the “home” for another 10 seconds.

Step Fourteen). Don’t worry if your timing goes wrong, because if you can not do at the right time Pwnage toll will ask you to try again. If everything worked, you get into DFU mode and your iPhone is ready to be unlocked. The Pwnage Tool has created an image software on your iPhone containing the release and to be able to finish your iTunes to restore this file “unlocked.”


Step Fifteen). Now enter in iTunes to restore your iPhone. Logo of guy that tells iTunes detected an iPhone in DFU mode and you need to restore. .

Step Sixteen). In iTunes, hold the Alt/Option key and click Restore. Navigate to the iHackintosh folder on your desktop using the dialog window that appears. Select the custom IPSW that was created and click the Open button. iTunes will now restore the firmware on your iPhone. This can also take up to 10 minutes.

Stay tuned with us for your daily dose of iPhone news, you can follow us on twitter via @ihackinjosh You can also subscribe to our daily free e-mail news letter and keep your self updated with the latest of iPhone community.


Comments ( 12 )

Have Something To Say ?

  1. tvrvterwt September 29, 2010 Reply


  2. nirav July 31, 2010 Reply

    it can be done on 4.0 3gs/3g so contact me on nirvyas@yahoo.com to get my guide

  3. kalankit July 25, 2010 Reply

    Modified Pwnage Tool by Criminal90 link is not available.

  4. masoste July 22, 2010 Reply

    I used this jailbreak unlock combo and it worked when the official pwnage tools wouldn’t even create a 4.0 ipsw that would upload (I keept getting 1600 errors) but this one took fine.

    Unlocked fine too. BUT I keep now the iphone keeps rebooting about once every five minutes. It’s very frustrating.

  5. alruhaili July 22, 2010 Reply

    After JB when i make folder and respring all the folder are gone and scattar app come back
    it did not save the status

  6. Itaintrite July 22, 2010 Reply

    If you have an old bootrom 3GS on Spirited 3.1.3, can’t you just use the Spirit2Pwn script by Criminal?

  7. alfkhr July 21, 2010 Reply


    I did it with iPhone 3GS Old bootroom >>
    I face one problem which is I can’t change the wallpaper and I tried to install wallpaper fix from cydia but it can’t installed, error popup.

    Any help

    Thanks for all efforts here and there

  8. toycor July 20, 2010 Reply

    the link for “■Modified Pwnage Tool by Criminal90” is dead

  9. MP July 19, 2010 Reply


    pwnage software link is broken.


  10. Santi July 19, 2010 Reply

    Hi guys!

    Firstly thans for your excellent work!

    I have a problem… I have jailbreaked my iphone 3gs 3.1.3 with spirot a week ago, but because of a problem with cyndia I had to restore my ipgone in DFU mode, and consequently (without know your jailbreak) update my iphone to OS 4.0.1.

    The question is…

    Could I use this jailbreak ( I have OS 4.0 now, but I had 3.1.3 with spirit before…)????


  11. paul July 18, 2010 Reply

    I have two iphone 3gs(old bootrom and new bootrom). They are both restored to 4.0 and i can’t activate them. I’ve tried jailbreaking with custom 4.0 and hv bn unsuccesful for the two units. Can i use this jailbreak 4.0.1 to jailbreak any of these units since my 4.0 firmware is the stock firmware and hasn’t been pwned?

  12. DaiCa July 18, 2010 Reply

    Is it work on base band 05.13.04. Because now, I had 3GS ios 4 05.13.04 I didn’t jailbreak it on 3.1.3. When I receive it I updated to ios 4 from apple. This is big my mistake. Help me Thanks

Leave your comment here