This tutorial is a step-by-step guide that will show you how to jailbreak OS 3.1 for your iPhone 3GS using PwnageTool for Mac OS X.

PwnageTool will be used to create a custom firmware (also called custom IPSW). After creating the custom firmware, we will restore your iPhone 3GS in iTunes using this firmware. A custom IPSW is needed in order to avoid updating the baseband, which would render any software unlock impossible, at least for the time being.

Please read the next 2 notes over and over and over again… Seriously, please make sure you read and understand the following:

Note 1: PwnageTool does not support the 3GS out of the box. If your iPhone 3GS has 3.1 preinstalled and is not Pwned then there is no tested jailbreak solution at the moment. In other words, if you are on a pwned version of 3.0 or 3.0.1 (either using PwnageTool, RedSn0w, or PurpleRa1n), then you are fine; just follow this tutorial. If you updated to 3.1, you will have to wait for another method. We don’t know when this other method will be available.

Note 2: there is no Windows version at the moment. We have no indication about when a Windows jailbreak will be available.

This post was written on 10/02/09. For the latest information about jailbreaking, visit our jailbreak section.

As usual, proceed with caution. You are doing this at your own risk…

1. Create a folder called “jailbreak” on your desktop. Go to our download page and download the iPhone 3GS 3.1 firmware and PwnageTool 3.1.3 in your “jailbreak” folder. Make sure you download the right files… I suggest you download the 3.1 firmware using FireFox because Safari sucks and can cause problems.

2. Update iTunes to the latest version available. Sync your iPhone to back it up.

3. Launch PwnageTool. You should get a warning message. Agree to it.

warning

4. Now you have the option to jailbreak your iPhone 3GS in “simple mode” or “expert mode”. For the sake of this tutorial, we will choose “simple mode”.

5. Select your device. A green check-mark will appear. Click the blue arrow to continue.

6. If PwnageTool doesn’t automatically find the correct IPSW file, click “Browse for IPSW” and locate it (it should be in your “jailbreak folder”). Click the blue arrow to continue.

correct firmware

7. You will now get a message that tells you that you are going to create a custom IPSW that will be saved on your desktop. Click OK arrow to continue.

now create

8. PwnageTool will now ask you if you have a contract that you would normally activate through iTunes. Click YES if you use an official carrier (such as AT&T in the US, Roger in Canada, etc…). If you are not using an official carrier, then say NO.

contract

9. PwnageTool will now start building your custom IPSW. Be patient…

building ipsw

10. Once the building process is over, you will get a message asking you to close PwnageTool, put your iPhone 3GS into recovery mode, start iTunes and restore with your new custom firmware. Click OK to continue.

success

11. Launch iTunes and plug your iPhone. In iTunes, hold the “Alt/Option” key and click “Restore” at the same time. DO NOT click “Restore” without holding the “Alt/Option” key! A dialog box will pop up and you’ll be able to choose the custom IPSW file you created that was saved to your desktop.

restore

12. Navigate to your desktop to select your custom 3.1 firmware iPhone2,1_3.1_7C144_Custom_Restore.ipsw. iTunes will now restore your iPhone using this custom firmware. It could take a while so relax and don’t stress out.

13. When done, your iPhone will reboot.

14. You now have a jailbroken iPhone 3GS running OS 3.1.

If you have any question, please ask in the comments.

  • I notice you state to put the phone in recovery mode and yet the procedure to do so sounds like putting the phone in DFU mode. Would turning off phone, holding the Home button while plugging in USB cable not put the iPhone into recovery mode for iTunes to pick up? Thanks for the tutorial!

  • Hunter

    please someone can post a 3GS custom ipsw, I got no mac =(

  • sylvan

    i have a little/big problem here , first of all i have an iphone 3GS with firmware 3.0 and it is jailbroke with redsnow or the pwnage tool . now the problem is i installed this program called Rock ,which am sure u guys now , but the thing is ,since i installed Rock , CYDIA DOESNT START ANYMORE , it crashes as soon as i click on the icon and doesnt open and am not sure if i have saved the signatures for the 3.0 baseband ( i dont think i did) . what can i do to save the signatures if i can’t run cydia , cause i dont wanna jailbreak my iphone and loose my baseband permanently , plzzzzzzzzzzzzz someone help me to figure out the solution for that ,thanks…( between i used pwn to re-install Cydia , but cydia is still crashing , how can i fix that , thanks…

  • Pete

    Question::

    — I bought my iPhone 3GS a few months ago, at firmware 3.0.

    — When firmware 3.1 came out I updated to that.

    Can I use this? I’ve never used any tools to jailbreak whatsoever. So with the official iPhone firmware 3.1, can I use this to jailbreak my 3GS?

  • Just a lillte note on your recovery mode procedure:

    I wasn’t able to enter in recovery mode with your method, instead I used the previously mentioned one: Unplug the device, turn it off, wait for 5 seconds, while holding the home button plugged it to iTunes.

    This worked just fine for me.

  • Oh, and Pete …. you can’t jailbreak it anymore, at least not for now. You’ll have to wait until the Dev Team comes with an 3.1 OTB procedure.

  • humantraffic

    I agree with Amani77. Your tutorial tells you how to put the phone into DFU mode which doesnt work this time around… it kept giving me an error 1600 to be exact.

    I got it to work simply by…

    1) turning off the phone and waiting 10sec…
    2) hold the Home button for 5sec and then plug in the usb cable
    3) continue to hold the home button until you see the cable / itunes logo screen and then release
    4) if iTunes is open (hint you should have it open) then itunes will tell you ‘hey your in restore mode’
    5) do your magic with your Pwn’d firmware file

  • David

    Since this entire process requires a JB phone to begin with, there’s no need for recovery mode. After saving the custom ipsw file, just hit shift and the restore button in iTunes and navigate to the file. Did this already on two 3GSs last night.

  • bummer

    Hi Guyes I tryed to update my jailbroken iPhone 3gs with the new PwnageTool… but I did it just be following instructions on PwnageTool and when it said turn off, go to iTunes and update, I did that and now I am having a big Problem because I did what everybody warned me about, updating a jailbroken iPhone on iTunes!!!! Is there anyway how I can get out of this missery???? It says ICCID Unknown and IMEI: 01 198200 258…..

  • hobbes3

    @ humantraffic:

    You advice made my day lol… Thanks ;-).

  • Alright everybody. Sorry about the confusion about the whole DFU/recovery mode. Following David (comment #8), I made the tutorial more simple. Apparently you don’t have to enter recovery mode at all and you can just skip this step by clicking Alt+restore directly. I haven’t tried it myself but I read about it on several forums so I assume it works. Can anyone else confirm?

  • Lee

    I followed these steps to jailbreak my iPhone 3G (rather than 3GS) and it all succeeded.

    However, the phone won’t pick up any cell networks now so I can’t make calls or use SMS. Anyone know how to fix?

    Regards,
    Lee.

  • Lee,
    You must have messed up at step 8, when it asks if you would normally activate through iTunes. Are you on an official carrier? If so, click Yes. If not, click No.
    s

  • Ali

    Hi guys, another nice work from Dev Team. some ppl must be very happy to finally get their iPhone 3GS jailbreak with this new update. This is not the case for me as i bought my iPhone 3GS directly from the apple site with OS 3.1 already installed on it! So there’s not such a tool for me to get this jailbreak done. NOT YET! I’ll be impatiently waiting for the next update, hoping that the rest of ppl like me can also get benefit from Dev team.

    Many thanks
    Ali

  • 5uck3rpunch

    Once it’s Jailbroken with this procedure & working, can I go back thru the steps to try it again in Expert mode? This procedure changed my Apple boot logo the the Dev Team pineapple logo & I don’t want that. Any ideas?

  • 5uck3rpunch

    PS: I already Jailbroke it with these steps & it’s working fine. I just want the Apple start up logo back…

  • P2BNL

    I just finished jailbreaking it and now everything is kinda screwy. I have service but It doesnt sat AT&T. Under Network it says ” Not available”. I also got that pineapple logo when it starts up. How do I get rid of that?

  • dru_dickins

    omg you failed to mention that new macbooks pros will not work with this!!!!!!!!!!!!!! wtf am i suppose to…

  • dru_dickins

    i got pwned!!!!!!

  • Lalita Raman

    The jailbreak did not work. The carrier and phone did not work. and I get the pineapple sign rather than the apple sign.

    Any help in this pls?
    How do I get my carrier back?

    First time I unlocked and jaibroke my phone it all worked fine but not this time

    Pls help

  • Pogos

    I have a 3GS running 3.0 firmware and has never been jailbroken. So what would my process be? Do I first jailbreak as 3.0 or 3.0.1 and then follow the process here to jailbreak to 3.1? Thanks

  • How do you disable the persistant prompts to update the baseband in the new version of iTunes?

  • Dorkust

    I didn’t want the pineapple, so ran “expert” mode. Left everything default, but unchecked “pineapple logo”. No carrier after jailbreak.
    Ran “simple” mode and PwnageTool asked about contract – select “YES”. I now get carrier signal.
    Don’t know what went wrong with “expert” mode. Probably because I’m an advanced noob and dropped the ball somewhere.

    iPhone 3GS (3.0 OTB)–>JB(3.01)–>JB(3.1)

  • 5uck3rpunch

    @ Dorust:
    The same exact thing happened to me. I think it’s a glitch so I’m stuck with the pineapple logo.

  • iPhone 3GS

    @ Dorkust & 5uck3rpunch

    Can you both double check your BB and let me know if you are still on 4.26 or did “simple mode” using the “contract” option upgrade you to 5.11? It seems like carrier only works with 3.1 if you are on 5.11 BB

  • iPhone 3GS

    @ Chuckles

    The “Carrier Update” prompt that you are receiving in iTunes is NOT a “BaseBand Update”. It is safe to do the “Carrier Update”. It will update you to 5.5 which is the official MMS update.

    Please note that even if you had done the 5.5 carrier update while you were on 3.0, updating to 3.1 will drop you back to 5.1 (or 5.0), causing you to need to re-update to 5.5.

  • 5uck3rpunch

    @IPhone 3GS: Where do I get that info?

  • iPhone 3GS

    @ 5uck3rpunch

    Go to Settings>General>About>Modem Firmware

  • 5uck3rpunch

    My Modem Firmware displays: 4/26/08

  • Dorkust

    04.26.08 here too.

  • iPhone 3GS

    That is VERY interesting… so it does appear to be more of a Pwnage bug if carrier does display properly when using simple vs expert. I’m tempted to give it a try myself… although I HATE the pwnapple boot logo that you are forced into when using simple mode. Maybe I’ll wait a week or so to see if a fix is released. Isn’t there a cydia app that allows you to replace the boot logo? or a way to change it via ssh?

  • Dorkust

    Tried SSH, no dice. Found out boot logos are part of the EFI, so it is embedded in firmware.

  • iPhone 3GS

    hmmm… I gave simple mode a try and my carrier did not reappear. I even went back to 3.0, JB, and then restored to 3.1JB and still nothing. Tried this on a 3GS. I’m just going to go back to my previous custom 3.1 IPSW and just deal with the missing carrier bug.

  • praveen

    it kept giving me an error 1604
    Plz Any One Help Me Out Guys

  • Abbz

    To get rid of custom logos

    make the custom ipsw in pwnage tool expert mode and untick the relative options

    follow on the guide for jailbreaking 3g on this website as that explains how to use expert mode

  • Andrew

    Hey Praveen, I have the exact problem EVERY time, someone please please answer back explaining how to get rid of the (1604) error!!!! I get the exact error each time!!!

  • John

    I followed your directions completely and everything seemed to work fine until it started to restore. I was not connected to the internet and cannot until I get home. Can I pick up where I left off, then, or do I have to start all over? Am I OK until then or am I screwed?

  • Angela

    Mine says error 604 too. God.

    Hey Sebastien, when will the will a jailbreak come out?

  • I have an iPhone that came with 3.0 and I jailbroke it on that version, but then, stupidly, updated it to 3.1 via iTunes, removing the jailbreak. Will this work to re-jailbreak my phone?

  • Hi Julia,

    It will not work not unless you downgrade your iPhone 3GS back to firmware 3.0. Or, wait for the newer redsn0w to release as of now.

  • Mr. D

    in app purchase problem after jailbreak to 3.1. Anyone can help??

  • I thought I couldn’t downgrade unless I already saved my ECID file through Cydia when I had 3.0? (which I hadn’t done)

    I’m confused because the Dev-Team post for the 3.1 release says “The iPhone 3GS is now supported in PwnageTool 3.1.3, assuming the phone was pwned at 3.0 or 3.0.1” — which sounds like my scenario.

  • daniele sampieri

    I have the 3G S that I updated to 3.1 using the disgraceful procedure of iTunes. Thanks for the information and procedure you gave us. Unfortunately i got the following msg: error 1604 and it didn’t jailbreak my phone.Thanks for any help regards

  • Phil M

    @ Dorkust and whoever else is having problems with Expert mode

    If you’re on an official carrier, you must UN-select “Activate Phone” (which is selected by default) in General options.

    It’s a bit confusing, but the checkbox checked means unofficial activation (for later software unlocking) whereas UN-CHECKING the box sets the phone up for official activation.

  • Phil M

    The above is also directed towards “iPhone 3GS”

  • ibrahim

    hay guys just need some help it says an error code after i do all the jail broke has any one else got that plzz help

  • Kenton

    This worked perfectly using my Mac 10.6 snow leopard and Iphone 3gs 16gb os 3.1.2 (05.11.07) with the current version of PwnageTool (3.1.4)
    The only thing not mentioned is when you finish you can then restore your backup of your iphone settings from itunes. It actually asks you if you want to do so. Also the new version on Pwnagtool will put your iphone in restore mode automatically if you follow the prompts.

    (I programmed Microsoft systems for 30 years and switched to a Mac about 2 years ago. I used to make fun of Apple users. I will never go back unless of course Apple buys Microsoft and makes their OS available to all the clones. Would that be a MacAsoft OS? Of course that thought makes me shutter.)

  • Brandon

    How do I remove the jailbreak from my iPhone 3GS?

    • Brandon, simply restore your iPhone in iTunes.

  • Tati

    I followed the steps and got my 3G jailbroken just fine and running perfectly. When I tried to do the same on my husband’s phone, which is a 3GS, everything was going smoothly, until it got to the restore part when it gave me an error and now the phone is not even turning on. Can anyone tell me what happened and even better, how can i fix it?

  • Peter

    Guys I can’t believe that the dev team didn’t give us a clue how to get out of the 16xx erros?
    I have 3gs 0511 3.1.2 because I bouhgt new one now on december and I couldn’t jaibroke it because the bloody 16xx erros.
    I don’t care about unlock I just want jailbroken it.
    I tryed everything such as dfu mode restore mode nothing works
    thanks if someone knows how to solve it