This guide and tutorial will show you step by step how to jailbreak and unlock your iPhone 2G using PwnageTool for Mac. At the time I am writing this, only PwnageTool for Mac is available to jailbreak or unlock iPhone 2G 3.1. Tools for PCs should be available soon. For the latest information about jailbreaking methods (including iPhone 3G and 3GS), I suggest you read our jailbreak page.

UPDATE: This tutorial also works for iPhone OS 3.1.2. Instead of using the 3.1 firmware, simply use a 3.1.2 firmware.

Please make sure you read and understand everything before starting the process. If you’re new to jailbreaking, please take the time to follow the tutorial step by step. Problems often come when people want to go to fast or skip a step, so again, please take your time to read and understand every step.

1. First, make sure you have the latest version of iTunes installed on your computer. If not, update to the latest iTunes available.

2. On your desktop, create a folder called “jailbreak”. In this folder download and save the following files available from our downloads page:

  • PwnageTool 3.1
  • 3.1 IPSW firmware for iPhone 2G (iPhone1,1_3.1_7C144_Restore.ipsw), or
  • 3.1 firmware for iPhone 2G (iPhone1,1_3.1.2_7D11_Restore.ipsw) if you want to jailbreak 3.1.2
  • BL 3.9
  • BL 4.6

When downloading the 3.1 firmware, make sure you use FireFox and not Safari as Safari often brings up unwanted issues. To download PwnageTool, you will need a torrent downloader such as uTorrent.

3. Launch PwnageTool. Click OK to the warning message. Then choose “Expert Mode“.

4. Choose your device. It should be the one on the very left. A green check mark should appear when you click on it. Click the blue arrow to continue.

5. You will now be able to “Browse for IPSW“. Click on it and look for the 3.1 firmware you downloaded in step 2. Select the IPSW file and click the blue arrow to continue.

6. You should now be taken to the general menu where you have 7 different options. Choose “General“.

7. In the “General settings“, make sure that “activate the phone” and “enable baseband update” are checked. This is important. Again, make sure these 2 options are checked. Change the root partition size to about 600 MB and click the blue arrow to continue.

8. In the “Bootneuter settings“, check “Neuter bootloader“, “Unlock baseband“, and “Auto-delete bootneuter.app“, then click the blue arrow to continue.

9. You should now be in the “Cydia settings“. This allows you to install packages so you don’t have to do it later via Cydia. I like to install my packages manually but feel free to select a few if you want to. I will skip this step. Click the blue arrow to continue.

10. In “Custom packages settings“, I recommend only checking Cydia. Icy is quite unstable so I don’t recommend installing it. Do as you want but make sure at least Cydia is checked. Click the blue arrow to continue.

11. You are now taken to the “Custom logos settings“. You can choose pre-selected logos or upload your own. I don’t recommend installing any. I suggest unchecking the 2 custom logos that are pre-selected, then click the blue arrow to continue.

12. You should now be back to the general menu. It is time to start building your custom firmware. Click “Build“, then click the blue arrow to continue.

13. If you haven’t pwned your iPhone before, you will have to upload the bootlader files you downloaded in step 2. Follow the instructions on the screen to upload BL 3.9 and BL 4.6.

14. PwnageTool will then ask you if “you have an iPhone contract that would activate normally with iTunes”. If you’re using an official phone carrier (ie AT&T in the US, 02 in UK, etc…), and don’t want to unlock your iPhone, click YES. Your iPhone will just be jailbroken. Click NO if you want to unlock your iPhone to use with other carriers.

15. You will now have to save your custom IPSW. Save it to your “jailbreak” folder on your desktop. PwnageTool will now create your custom IPSW which may take up to 15 minutes.

16. If asked for it, enter you admin username and password.

17. PwnageTool will ask you if your iPhone has been pwned before. Just say No.

18. This is a very important step. PwnageTool will ask you to turn off your device, the put it into DFU mode. After turning off your iPhone, follow the on-screen instructions to put your iPhone into DFU mode. Hold the power and home buttons for 10 seconds. Let go of the power button but keep holding the home button until you enter DFU mode. If you fail, PwnageTool will give you an error message and you will have the opportunity to start over this process until completed successfully.

19. Once your in DFU mode, launch iTunes if it hasn’t already launched automatically. It will tell you that iTunes has detected an iPhone in recovery mode. Click OK.

20. We will now restore your iPhone using the custom firmware you created. In iTunes, hold the Alt/Option key while clicking “Restore”. This is extremely important that you hold the Alt/Option key while clicking. A window will pop up and will let you browse for the custom firmware you created (which should now be saved in your “jailbreak” folder). Select it.

21. The restore will start, which may take up to 15-20 minutes. Once done, your iPhone will reboot.

Congratulations! You just jailbroke and unlocked your iPhone. If you have any question or comment, please leave a comment below.

  • jhaz

    Does this work? any feedback?

  • peter

    i selected my custom FW but i couldnt restore my phone at the last stage. all im getting is an error messagr saying “iphone cannot be restored” . please help.. thanks

  • Thanks for your tutorial.
    It worked like a charm 😉

  • Ciaran Delaney

    It unlocked my sim, but iTunes is giving me an error sayin that the sim carrier is not supported!

  • Lisa

    Worked great, THANKS!

  • Justin

    Thanks for this.

    will be doing it shortly.

    Does it mater if the SIM is in or not?

    I have a 2G iphone without a SIM on me but not sure if I need to start this process with a card in the phone or not?

  • Brad

    If I want to build the custom ipsw now, but actually jailbreak my phone later, can I just go through your steps and let PwnageTool fail to put my iPhone into DFU mode, since it isn’t connected, and then later click on the DFU button and continue the process when I’m ready?

  • arun

    Hi,

    I had successfully jailbroke and unlocked an iphone 2g with 3.1 firmware. The best part of it was , i had used mac to create the customer restore, but for restoring i could not use the mac as from my proxy server itunes was blocked. so i moved the custom restored ipsw file to my windows machine then connected this windows machine to a proxy server from where itunes connection was allowed and then restored. It worked as a magic and i am happy.

  • Justin

    Success!
    Thanks Sabastien.

    Had a few issues and had to restart a couple of time.

    Ended up using the simple install method to create the custom .ipsw rather then the expert.

    I think my main issue was I didn’t load the 3.1 firmware onto the iphone at the start, i was on 3.0 and thought that these steps would upgrade that for me, perhaps it does for some but for me everything went smooth after I loaded the 3.1 firmware onto the iphone and then started folowing this the instructions above.

  • chynuh

    the instructions are great.. very specific instructions given.
    BUT, sadly i’m having trouble. i’m not able to restore my iphone with the custom firmware. i’ve done an update that itunes did automatically just to see if i was still able to restore it and it worked. but yet again, after trying to install custom firmware, i get the error 1604. HELP PLEASE! thanks

  • chynuh

    nvm it worked out of the blue. thank you SOOOO SOOOO much. you’re a life saver!

  • Mani

    Hi,
    Everything went on fine till the last step, but unfortunately when my iPhone shows only the emergency call option. Also when I connect to iTunes it is asking me to register my phone with ATT, when I click continue, it fails saying ‘Unable to register’.

    (Note: I have a prepaid ATT SIM: will that be an issue?)

  • Adi

    Hi Sabastien,

    I updated my iphone 2g to 3.1 os directly through the itunes..now its locked i followed all the steps..but im still not able to unlock its still locked.. 🙁 pleasee help.. 🙁

  • Topi

    Thanks,
    It worked like a charm.

  • booby

    im getting the error 1604. HELP PLEASE! what am i doing wrong?

  • You are the bomb!!!!!!!!!!!!
    I had my phone on ebay with less than an hour left, then I stumbled upon your post… I didn’t think there was anything out there that was going to work but I gave it a shot anyways.
    Worked like MAGIC!! I owe you BIG!!
    Thank you so much!!!

    ps… thank heavens for the ability to end an auction early on ebay!!

  • DougInWA

    Awesome directions. There’s a slightly out-of-order thing where I didn’t have to actually perform step#13. The hardest part was step#18…I’m terrible at pushing and holding buttons. I have no idea why. But after iTunes “restored” the conjured firmware file and rebooted the iPhone, the phone automatically flashed the base freq loader and all the other stuff. Shortly after that, I had a lovely little “T-Mobile” text in the corner. Only problem is on the 2G phone my reception is kinda crappy at my house compared to my old phone.

  • Liem Tran

    will it work for my IP 2G FW 3.1 (directly upgrade from itunes ) ?thank you

  • mich

    I followed this and the upgrade was smooth and successful. However, applications seem to have a problem. For instance Notes will not save any new notes and neither can i add to already existing notes. Whenever i do this it crashes on selecting done. I installed terminal and cydia which also dont load up. They open for a couple of seconds then close and return back to the home space. I had selected the option to install ssh as well now when i try to ssh i get the following $ssh root@10.0.1.3
    ssh_exchange_identification: Connection closed by remote host

    it was previously on 1.1.4 and moved directly to 3.1.

    will appreciate any help.

  • Michel

    I tried to upgrate from 1.1.4 to 3.1 with Pwnage tool and followed the inscription on http://iclarified.com/entry/index.php?enid=4255
    im getting the error 1600! Does someone know what the problem is and to go on?

  • I had a 3.0.1 jailbroken 3G, now I have it with 3.1

    Thanks specially for this tip, on step 14:

    PwnageTool will then ask you if “you have an iPhone contract that would activate normally with iTunes”. If you’re using an official phone carrier (ie AT&T in the US, 02 in UK, etc…), and don’t want to unlock your iPhone, click YES. Your iPhone will just be jailbroken. Click NO if you want to unlock your iPhone to use with other carriers.

    Might I add it’s best to have iTunes closed before starting the whole process (unlike when I did it with 3.0.1).

  • Abbz

    I have a similar question as Liem Tram…i am currently on 3.0 so should i update normally via itunes to 3.1 before doing all of this…or do this straight away ?

  • Kay

    successfully and easily done.

    Thanks a lot!!!

    This is pure genuine guys. works great!! So much great information for no charge. That’s how things should be. Makes the world a happier place!

    Thanks once again!

  • phelipe

    Yeah i did all this. And when i put my sims card it just keeps searching but doesn’t find the carrier. Do you have any clue what i did wrong? Or what i need to do to make it work?

  • Kay

    mate, i stumbled upon this thread today, tried it once and it worked perfectly for me.

    Note however that i’m in the UK and my default sim carier was 02.

    However, following the steps, it all went perfectly, after everything was done, the phone re-booted, then started flashing the system, which is related to unlocking the phone to use any sim card.

    I then tried a different sim card with t-mobile and worked perfectly.

    What you could do, is probably, re-set your settings again, and re-doing the process…

    alternatively, try a different sim to see if it works..

    Also, be aware i’m just a normal user like yourself so I may be in the wrong.. I’m just trying to help, as it seems the author of this post doesn’t reply back to people who encountered problems.

    If anything, i’m not to be held responsible 🙂

    Good luck dude.

  • Abbz

    so yea..still have jst one confusion…should i normally update to 3.1 using itunes before doing a full restore using custom ipsw ( i am currently on 3.0) or should i do a full restore straight away ?

    plz re:

  • Nijat

    Well, while trying to unlock my iphone 2g, pwnage tool skipped steps 13 and 14iphone 2g. 3.1 I did the rest but it did not work.
    i upgraded my iphone using itunes, and now i don’t know if i can unlock my phone yet or not.
    Hope to hear back from you.
    Thanks in advance.

  • Basant

    I got the same itunes 1600 error at the beginning, then I repeated the steps with only the simple mode, while keeping the itunes closed. Then reached the DFU mode step, try to do it exactly right. Then it opened itunes automatically and restored successfully. Just keep itunes closed till the last step and it will work.
    Thanks for the great effort 🙂

  • Jonas

    Many thanks for the accurate instructions. Worked perfectly!

  • lesimoun

    Hello,

    Thank you for your meticulous explanation.
    I followed them down to the letter, except for step 13.

    13. If you haven’t pwned your iPhone before, you will have to upload the
    bootlader files you downloaded in step 2. Follow the instructions on
    the screen to upload BL 3.9 and BL 4.6.

    My first generation iPhone had not been pwned before but I did not get any instructions on how to upload the BL files.

    Beyond that everything went as described, except for the result.
    My iPhone still shows a padlock at the top in the middle of the screen and iTunes (9.0) does not allow activation.

    Sofar I had only used my iPhone as an iPodTouch since I had my office phone. Now that I upgraded to 3.1, I needed to register before could use it. So ended on your website…..

    Please HELP.
    many thanks from Belgium
    Patrick

  • kristina

    didnt work 🙁 tried it all…and it still says the sim card is not compatible etc. ahhhhhh

  • kristina

    yayyyyyyyy!! worked. thank you SO much!

  • sparaxin

    Any news about pawnage 3.1 for windows?

  • kelvin

    this worked like a charm i accidentally updated my iphone 2g to the 3.1.2 firmware and culd not use my t-mobile sim now i used this method and it works fine so far

  • Alex

    Thank YOU!!!!
    Skipped 13 and 14, but nevermind! Works perfectly (iPhone 2g)!
    Just be careful and you will make it 🙂

  • Gustavo

    Worked fine! Just a small hint, the 3.1.2 update only works with PwnageTool 3.1.4.

    Thanks very much!!

  • New Mac user

    didn’t work out the first time.
    the program did not follow the instructions given here exactly, not for me any way.

    but at last it did work out fine

  • Alejandro

    I wanted to have FW 3.1.2, the only difference was that I had to use PwnageTool 3.14dmg….
    Great content ! Thks !!!

  • Luke A

    Hi
    first off just want to say thank u for the awesome site! I have a PC so I’m waiting to use someone’s mac or for pwnagetool to come out 4 PC, whichever comes first. that being said, I am reading up to make sure I do this process correct in the meantime. The only problem that I see me having is around step 18. My iphone 2g’s power button never worked when I bought it. Is there any other way to complete the important 18th step without a power button. or anoter way to put it into DFU mode? PLZ PLZ HELP ME!!!

    Thanks in advance

  • joao

    Tried several times. didn’t work on 3.1.2

  • jonl

    Hi, Please help…i’ve been trying to jailbreak using the 3.1.2 ipsw…but
    it’s been telling me that i have the wrong firmware, i’ve downloaded and installed the 3.1.2 firmware first on my iPhone 2g
    Thanks a lot

  • Jagat

    Hi I tried these steps, but could not unlock my iphone. First thing how would i know if my iphone requires this method ? I donno whether it is 3g or 2g

    here, we are downloading the ipsw file, but anywhere we are using it ? We are using the ipsw that is generated by the software. So whats the difference ? I tried to restore with 2.1 ipsw files also to no success !

    any help is appreciated

  • Chris

    I had 3.0.1 on my iPhone 2G i followed the instructions and it worked on my macbook to Unlock and Jailbreak to work on orange UK.

    1. When i was going through the options the bit where it asks you about unlocking etc didnt come up so dont worry.

    2. When going into DFU mode make sure iTunes is CLOSED it will re open automatically once you enter DFU mode.

    3. Mine was unlocked on 3.0.1 but i still pressed NO when it asked me if i had it already unlocked

    4. It took the good part of 20mins so it the bar looks like its going slow DONT worry.

    5. DONT unplug it because even when it looks like its done it still reboots and does other stuff so just leave it for 5mins on the homescreen to be sure its not going to do anything else.

  • Resh

    hi, thanks for tutorial. but i cant unlock my iphone when i try 1st time. i dont understand how to upload the bootloader files. can u please tell me in detail how to upload bootloader files. i cant get it from screen. thanks resh.

  • Joaquin

    It finally worked!!!

    Do what Sebastien says at the beginning of his blog: “please take the time to follow the tutorial step by step”

    I have an iPhone 2g. It was on OS 3.0 never jailbroken or unlocked. I downloaded OS 3.1.2 from iTunes. I did get the 1604 error but finally after I finished putting the iPhone on DFU with PwnageTool I closed the program and removed the iPhone from the dock and reconnected it. Then everything unfolded by itself.

    Again… “please take the time to follow the tutorial step by step”

    Hope it helps a few!

  • harpers

    Anybody here to answer some question to a newcomer?

    (1) Will PwnageTool 3.1.4 jailbrake AND unlock my iPhone 2G that has recently been upgraded to official FW 3.1.2 via iTunes using a Mac – see technical data below?

    (2) Do I have to insert unofficial SIM card before starting the process?

    (3) How high is the risk of receiving one of those arcane 16XX errors?

    Technical data:
    iPhone 2G
    FW 3.1.2 (7D11)
    model MB217D
    modem firmware 04.05.04_G

    Any hints are highly appreciated. Thank you.

  • andy

    once jailbroken with pwnage does it erase everything on your phone? ie. everything is wiped out. thanks!

  • Mon

    I did it once without the sim card in, and it didnt work.. but the second time around with the sim card in it worked perfectly! And yes, it will erase everything on your phone and you will have to restore it afterwards.

  • Daniel

    Please help me!!!!
    Ive already dowload everything that i need, but when the program ask me to browse the ips, it doesnt work….. what can i do??

    • Read the instructions carefully. You probably didn’t download the right ipsw

  • Mon

    you have to download

    3.1 IPSW firmware for iPhone 2G (iPhone1,1_3.1_7C144_Restore.ipsw), or

    if you already did this, then just look for it on you computer “browse”…. not sure what you mean by “it doesnt work”…