This guide and tutorial will show you how to jailbreak your iPhone 3G running firmware 3.1, using PwnageTool for Mac OS X. So far, only PwnageTool is available for jailbreaking the 3.1 iPhone 3G and it is only for Mac. I believe a RedSn0w method for both Mac and PC will be available soon.

1. Make sure you have installed the latest version of  iTunes (iTunes 9).

2. On your desktop, create a folder called “jailbreak” or whatever name you want to give it. It doesn’t really matter. Download PwnageTool 3.1 and the 3.1 IPSW (iPhone1,2_3.1_7C144_Restore.ipsw) from here and save them into the “jailbreak” folder. Note that you should download the firmware using FireFox as Safari often brings up issues. Also note that the PwnageTool download link is a torrent and you will need a torrent downloader (ie. uTorrent) to download it.

3. Launch PwnageTool. It will give you some sort of warning. Just click OK. On the next screen, choose the “Expert Mode”.

4. Select your iPhone model and click the blue arrow to continue.

5. Browse for the IPSW you downloaded in step 2. You should then get a green check mark.

6. You will now be offered several options. Choose “General”. Make sure the “Activate the phone” box is left UNCHECKED if you use an official carrier (such as AT&T in the US, Roger in Canada, etc…). This is very important. If you are not using an official carrier, then CHECK “Activate the iPhone”.

7. Increase the root partition size to 700 MB. This is not necessary but it is safer. Then click the blue arrow to continue. Click the blue arrow one more time to skip the bootneuter settings, which aren’t available for the iPhone 3G.

8. You will now have the possibility to pre-install a few packages from Cydia so you don’t have to do it manually later. I will skip this part. Click the blue arrow to go to the next step.

9. You will now be in the “Custom packages settings”. Make sure Cydia is selected and you may want to select Icy as well. For what it’s worth, I do not use Icy. I only use Cydia but you’re free to select both if you want. Whatever you do, make sure at least Cydia is selected. Click the blue arrow to continue.

10. You can now set your own “Custom logos settings”. I don’t use any but again, you can choose the one pre-selected or you can even upload your own. If you choose to upload your own, remember the logo mustn’t be bigger than 320 x 480. Click the blue arrow when done to continue.

11. It is now time to start the pwnage process. You should be on the main options screen offering you 6 different options. Choose “Build” and click the blue arrow to continue.

12. You will now have to save your custom IPSW file. Save it in the “jailbreak” folder we created in step 2.

13. Your custom IPSW firmware will now be built, which may take up to 15 minutes, so be patient.

14. You will most likely be asked for your administrator password. Fill in the blanks and click OK.

15. You will then be asked if your iPhone has been pwned before. Just answer “No”.

16. Now is the most important step. You will first be asked to turn off your iPhone. Follow the instructions on your computer screen to put your iPhone into DFU mode. Basically, you have to hold the home and power buttons together for 10 seconds, then release the power button but still hold the home button. If done correctly, PwnageTool will tell you you successfully entered the DFU mode.

17. If iTunes hasn’t launched automatically, open it. iTunes should tell you it has detected an iPhone in recovery mode. Click OK.

18. In iTunes, hold the “Alt/Option” key and click Restore at the same time. DO NOT click “restore” without holding the “Alt/Option” key! A window will pop up and you’ll be able to choose the custom IPSW file you created in step12 that you saved in your “jailbreak” folder.

19. iTunes will now work on restoring your iPhone using the custom firmware.

20. Done! You will now be offered the option to set up your iPhone as a new phone or restore from a previous backup. I personally like to start fresh and I always choose to set it up as a new phone, but it’s your choice.

21. You should now see the Cydia icon on the second page of applications on your iPhone. Congratulations, you just jailbreaked your iPhone 3G 3.1 with PwnageTool.

If you have any question or concern, please leave a comment.

  • Yash

    Thanks Henri for the prompt reply

    No its isnt locked yet. I am not sure if that what your question. Sorry I am new to the iphone world

    So by unofficial carrier you mean willit work if I shift my carrier to AT&T but without data plan ?

    Do you expect that the fix will come in soon for this problem?

    Thanks
    Yash

  • I can’t get past the 1600 errors on my 3G. I have 3.1 running with 05.11.07 basecode. What can I do to get past this. I’ve tried iReb, but keep getting a bunch of errors on my Mac about h8sn0w.app not found. I’ve tried the DRAG HERE FIRST thing successfully too. Help.

  • Yash

    Please ignore the prev post

    The app known as FuzzyBand downdrader will work for baseband bootlaoder 05.08

    Mine is 05.09 which is why I am still stuck 🙁

    Any help or update in this topic would be much appreciated

    Thanks

  • henri

    @ Yash,

    You are out of chances for now, you can either wait till the Dev Team finds a solution or use it on the
    original carrier. Some carriers do allow you to unlock after a certain period, except for AT&T …they are
    not allowing this at any time. A last resort might be a piggy back sim..but don’t expect too much from
    that

  • henri

    @ Marz,

    If your bootloader allows you to downgrade (see 2 posts up) then yes, but that is only for devices manufactured before week 30 -2008… if it’s manufactured after that date.. see post above this one

    You should all be very careful while doing this, there is no way back for most devices once you updated the baseband firmware

    another issue I noticed is that an IPSW I created on a MAC did not work on a windows machine, always got 16xx errors .. strange

  • Yash

    Yeah.Henri.I realized that..

    I am not sure with Piggy back sim either. They promise to be 100% guranteed but can be sure with them either

    Let’s see I guess. Hope my wait is not too long…

    Please let me know asap when ypou hear something…I dont mind paying a little to get it to use..

    FYI, I am on tmobile network

    Thanks

  • henri

    All the piggy back sims i used had one thing in common > they didn’t really work …but you never know 😉

    by the way, doesn’t T-mobile allow you to unlock legally after a certain period??….

  • henri

    One remark for all … all till present soft unlocks have been made by the Dev-team or Geohot, so please do NOT pay anyone except those for the hard work they have done, there are a lot of vultures on the net, do not feed them,, a simple visit to the dev-team’s blog will show you if what you need is available yet.. if it’s not there, then it will be nowhere

  • Yash

    @Henri

    Henri, what about the paid service which promise to unlock any iphone 3g with 100% money back gurantee and backed by paypal option ?

    Any experience with those creatures?

    Thanks

  • henri

    They sell you Yellowsnow or Ultrasnow, and the “money back guarantee” … hmm, want to try it? , as from what I read in varous forums it’s hard to get it back since they do not sell you software but “services” and “download access” …anyway, if you try it please share your experiences 😀

  • Yash

    Might be a super duper dumb question

    Why wont the restore option from itunes work ? When I got my phone it was set to version 3.0

    Sorry if this was a bullseye….I am like a zhombie right now…Am after fixing this beast since 12 hours now

    Thanks

  • henri

    @ Yash

    When you simply use “restore” then it will flash the latest firmware, which is now 3.1. Itunes will also update the baseband firmware which will make it impossible to unlock afterward. if you hold the shift (on PC) or option (on MAC) while clicking “restore” then you can choose which firmware to restore, might be a standard 3.0 or customized version

    does that help?

  • Yash

    Thanks Henri

    But will that change the bootloader settings too ?

    I am not able to figure it out whether my bootloader got upgraded to 5.9 during jailbreaking my new iphone 3.0.1 ( purchased from an user who used it officially with At&t ) to 3.1 or it was there since before..

    I had got this iphone from a user who restored this iphone from and at&t store for me…

    Thanks a ton Henri for all your replies..

    Really appreciate it.

  • Marz

    @Henri

    Many thanks from me to, Henry.
    Will check the manufacture date and keep you posted…

  • henri

    @ Yash,

    Nope…bootloader is like your mom, you are born with it and cannot change ~~
    that is why those with the old bootloader can go back anytime, no matter what version they flashed

  • LOO

    Does this unlock the iphone aswell? i.e. could i use a t-mob sim after this or am i able to unlock the iphone to allow me to use a t mobile sim and keep jail broke? replies to lewis-flanagan@hotmail.co.uk, thanks 😀

  • Marz

    @Henri,

    Hi again, i’m so sorry but i can’t find the bootloader or iphone manufactury date any where… Is it the same as firmware?

  • Mathew

    same as ll the above people. I look like a fool who went to upgrade my 3g to 3.1

  • Yash

    @Marz

    Manufacture date can read in the following fashion. Read the Serial number of your iphone . This is displayed when you connect your iphone to computer and use itunes. ->Device history/info

    The first 2 digits are company id, next 3 digits should be read as year and week of manufacture For eg
    832 means year 2008 and 32nd week

    For bootloader version, AFAIK, you’ll need app like FuzzyBand downgrader etc which when run, at start will display your bootloader version and the baseband version

    Hope that helps

    Thanks

  • Emre

    Hi

    I also have 05.09 and stuck like everyone else in 3.1. My phone was working fine with 3.0.1. i did the pawnage jailbreak on mac os for 3.1.
    the thing i dont understand is, if bootloader version comes from the factory, what does the new firmware change, that we cant go back using 3.0.1. i tried with different machines and itunes versions. even the custom firmwares dont work. i know we cant downgrade from 05.09 but why cant we go back using the old firmwares

  • Marz

    @Yash & @Henri

    I have the same issue as Emre.
    Just found out that my serial number is 888353XW1R4, so if i’m correct my Iphone is manufactured in week 35 of 2008. That would mean i can not go back with my baseband, right?
    The previous redsn0w on 3.0 worked fine though. What’s new now so we can’t use it anymore?

    Hope i’m not screwed!!

  • Yash

    Hi Marz

    Hard to believe and difficult to digest – bit yeah we are stuck right now ….

    Thanks
    Yash

  • Jared

    ok i have a problem…

    i have the iphone 3g and just installed the 3.1 firmware so i have MMS and it deleted my previous jailbrake i had on it with 3.0 firmware. Earlier today i was following a tutorial on how to jailbreak and it had me follow the same steps as this tutorial did…i mistakenly chose to use the 3gs option in Pwnage Tool…but it seemed to load just fine…when i realized what i did, i restored my iphone to factory settings, then synced my phone so it had all my media files and apps on it…so essentially it is an unjailbroken device. So, i begin trying to jailbreak it again using pwnage tool, and this time i choose the iphone 3g in expert mode…when it comes time to select the firmware, pwnage tool doesn’t recognize it so i browse to find it…i select the file (the exact one they told me to download) and it tells me i chose the wrong firmware! Any help or guidance would be greatly appreciated! i don’t think i can go back to having an unjailbroken phone, i miss my old one!!!

  • Stuck on 1600

    I kept getting the 1600 error in itunes with my pwned ipsw.
    I tried restoring in recovery mode instead of DFU mode, and it worked perfectly!

  • Jared

    ok…i jailbroke it ok…but i don’t have phone service at all!!!! can someone tell me what to do??

    pleaaaassssseeeeeee

    thnx

  • henri

    @ Jared,

    read a little bit the story above….

    1- what is your baseband version? (if it’s 05.11.07 then go to step 2)
    2- what is your bootloader version? ( 5.8 for ex , you can find that by fuzzy baseband downgrader)

    If your baseband is still 04.26.08, then you can relax already, if you are at 05.11.07 but your
    bootloader is 5.8 then you can even relax more~~~

    ok, now further

    baseband = 04.26.08 but no signal > INSTALL Ultrasn0w trough cydia & restart

    Baseband= 05.11.07 and bootloader is higher than 5.8 …go on top of a big roof and yell it out, you’re stucked… nothing you can do (thanks to Apple )

    Baseband= 05.11.07 and bootloader is 5.8 >install 3G Fuzzy Downgrader trough cydia and let it do the job ~~ after it downgraded the baseband install a stock 3.0 firmware to bring the baseband back at 04.26.08, then either JB it or install your “custom 3.1” firmware

    hope that helps 😉 ~~~

  • Yash

    @ Jared

    While your first post you should have read the post which warned users to not to jail break your iphone to 3.1

    Anyways hope you are not trapped with bootloader version 5.9 or greater,

    All the Best

    ALL YOU PEOPLE WHO HAVE NOT JAILBREAKED YOUR IPHONE SUCCESSFULLY YET TO 3.1.. “””PLEASE ABORT/HALT THE PROCEDURE “””””””

    YOU CANNOT UNLOCK YOUR PHONE IF YOU JAILBREAK YOUR IPHONE TO 3.1

    Thanks

  • henri

    @ Yash,

    Thats actually not true, I have several ones here on 3.1 with 4.26.08 baseband.

    The problem could be that some people “cross” the option to UPDATE the baseband when they make the IPSW with Pwnagetool, (see my first reply in this post)

    If you are not on an official carrier then you can NOT, i repeat, can NOT update the baseband.. if you did then you are stuck for now.
    Reason that you cannot reverse this process is that the baseband loader only allows upgrade, not downgrade. In the 5.8 loader there was a flaw that allowed downgrading, from 5.9 and up this security flaw has been addressed by Apple

    So again people, be sure to be carefull… if you do not need to unlock, then nothing can go wrong, but for those that need to unlock the carrier lock, DONT update baseband firmware and ACTIVATE the phone (since you do not have any official sim to activate trough Itunes)

  • Marz

    Thanks a lot, guys.

    I’m screwed unfortunately, as my baseband loader is most probably a 5.9. Does any of you have any idea or experience how fast there will be a solution to unlock again? Is this a matter of days, weeks or months?
    Cheers

  • zeeshan

    hi all;

    i accidently updated my 3g baseband to (05.11.07) . now it is locked any possible way to unlock it

  • cobaltblue1975

    “iPhone 3GS said:

    “Activate the phone” is for those who do NOT have the official carrier sim in the iPhone. So in the US, you would check this if you have a T-Mobile sim in the iPhone. If it is an AT&T sim, you would need to uncheck that box.”

    This is a very crucial step for those of you looking to unlock your phone for another carrier like T-Mobile in the U.S for example. If you don’t check “Activate the phone” then you WILL run into a dead end.

  • Yash

    @ Thanks for correcting that Henri

    @ Marz From what I read from various other blogs, people have been waiting since June I believe with the problem of boot loader version 5.9.

    Could be matter of weeeks now….Cannot say anything for now..As Henri mentioned earlier, try your luck with turbo simcards…

  • Yash

    @Henri

    Emre had posted this question few days back. Am curios to know the answer for this question

    “i know we cant downgrade from 05.09 but why cant we go back using the old firmwares”

    If we redo the whole jail break process with 3.0.1..essentialy you are formatting a HDD , then why cant you still unlock it and make it work with 3.0.1 firmware

  • alex

    im using a macbook pro and whenever i alt/option click restore, it wont bring up the window where i can choose the custom firmware like it should. what am i doing wrong?

  • Nik

    Hi….

    I accidently updated my iphone 3g from 3.0.1 to 3.1 … The base band is 5.11 rt now..

    Please let me know whether i can i jailbrek and unlock it .. Its been almost a month now since the 3.1 v released …

  • Nik

    adding to my post above my iphone was never jailbroken or unlocked.. I use with AT&T for a month or so………….

  • henri

    @ Nick

    Jailbreak = yes

    Unlock = No

    to jailbreak… just follow the procedure

  • Trevor

    Hey I jailbroke my iphone 3g successfully but it cut’s out my phone service for fido in canada, how can i solve this ???
    help please

  • Nik

    @Henry

    Thanks 🙂
    will it be possible to unlock it later … i heard tat 3.1 cant be unlocked in the near future also…is it true?????

    Also wat r the other ooptions i can do to unlock it… like downgrading ????

  • henri

    @ Yash,

    The so called “bootloader” is the piece of firmware that loads the bootfiles, this is flashed by a different procedure and user protected. So basically you cannot change this. I do say basically, since I think that soldering JTAG wires onto the CPU might let him boot different code.. but never went deep into it to be honest

    henri

  • henri

    @ Nik

    only options are patience or an adventure with piggy-back simcards such as Rebelsim and all those other (crap)solutions … but i think you will need a LOT of patience, at a given time all security holes will be closed…and we might have arrived at this point now, just keep an eye
    on the dev-teams blog…

  • sonny

    Is there a chance my iphone 3g will break?

  • henri

    Depends.. .when you drive over it with a truck, then probably yes. If you follow the instructions to the point, then no…

  • travis

    when cydia installed, it didn’t install the databases or something. i can’t download anything, and i get an error that says, “error:database encountered a section with no package: header”. any ideas? icy doesn’t seem to be working either. i am new to jailbreaking, so i really don’t know what is going on.

  • liberty

    I tried to Jailbreak my iphone 3g with Pwnage tool and all the steps were followed but my itunes says that there is a invalid Sim card and it cannot read it.

    I am in another country using that Sim card it is the only one I have …….what can I do to then follow the rest of the steps to unlock the phone?

  • henri

    @ Liberty,

    make another IPSW, but ACTIVATE this one, if you do not activate then you need an official
    simcard!~~

    ( be sure NOT to update your baseband )

  • Johann

    hi everyone.
    i have tried to restore my custom ipsw but when my iphone (3g) is starting again, my old settings are gone and instead i cannot activate it because my sim is not correct. hence i can’t even use cydia to unlock it. how can i overcome this problem/access my iphone again?

    regards

  • Johann

    oh, should have read the post of henri and liberty.
    sorry, will try that first..

  • Johann

    @henri
    awesome

  • john

    i have a iphone 3g on 3.1 and at 05.11.07…im in canada…should i have any problems jalibreaking this?or should i think about paying someone whos done this before?lol