This step-by-step guide and tutorial will show you how to jailbreak your iPhone 3G or 3GS OS 3.1.2 using PwnageTool 3.1.4 for Mac OS X. PwnageTool is a Mac and Mac only tool. There is no equivalent for Windows and no one knows yet when such a tool for Windows will be released.

If you updated your iPhone via iTunes to 3.1.2 or if you bought your iPhone with 3.1.2 pre-installed, you will be able to jailbreak it, however, you will not be able to unlock it. On the other hand. if you are still on 3.0 or if you have updated to 3.1 using PwnageTool, you preserved your baseband and you will be able to unlock using UltraSn0w.

This tutorial is written for both the iPhone 3G and 3GS. The steps are identical. The only thing that changes is the file you have to download in order to create your custom IPSW.

How to jailbreak iPhone 3G/3GS 3.1.2:

Step 1: Make sure you have downloaded and installed the latest version of iTunes.

Step 2: Create a folder called “jailbreak” on your desktop. Download and save the following files to this “jailbreak” folder (all these files can be downloaded here):

  • PwnageTool 3.1.4 for Mac OS X
  • If your iPhone is a 3GS: 3.1.2 for iPhone 3GS (iPhone2,1_3.1.2_7D11_Restore.ipsw)
  • If your iPhone is a 3G: firmware 3.1.2 for iPhone 3G (iPhone1,2_3.1.2_7D11_Restore.ipsw)

Note that I highly suggest downloading these files with FireFox as Safari usually creates issues.

Step 3: Launch PwnageTool. It should give you a warning message. Click OK.

Step 4: Select “Expert Mode”.

expert mode

Step 5: Select your device then click the blue arrow to continue.

select device

Step 6: If PwnageTool doesn’t automatically find the correct IPSW file, click “Browse for IPSW” and locate it (it should be in your “jailbreak folder”).

firmware

Click the blue arrow to continue.

Step 7: You will now have several options. Choose “General” and click the blue arrow to continue.

options

Step 8: Under “General Settings”, you have the option to activate the phone or not. This is a very important step and I’m pretty sure that we’re going to have a bunch of comments related to this setting, so please read carefully.

If you have a contract with an official carrier (such as AT&T in the US, or Orange in France, etc…), do not activate.

If you do not have a contract with an official carrier (ie. you want to unlock for another carrier), you have to activate. Then you will have to install UltraSn0w from Cydia in order to fully unlock the phone.

You will know you didn’t choose the right option if you don’t have signal after jailbreaking.

general settings

You don’t have to, but I suggest increasing the root partition size to somewhere around 700MB, just to be on the safe side. When you’re done, click the blue arrow to continue.

Step 9: You are now taken to the “Bootneuter settings”. All of them should be greyed out. Click the blue arrow to continue.

bootneuter

Step 10: You are now taken to the “Cydia settings”. From here, you may download packages so you don’t have to manually do it later. For example, you may download WinterBoard, which would be installed during the pwnage process. Let’s keep things simple and skip this step which is not necessary. Click the blue arrow to continue.

cydia settings

Step 10: You are now taken to the “Custom packages settings”. I highly suggest only selecting Cydia as Icy can be very buggy sometimes. Click the blue arrow to continue.

custom settings

Step 11: You are now taken to the”Custom logos settings”. You can choose to add the default logos (see below) or you can add your own logos. If you choose to add your own, make sure the images are not larger than 320 x 480. I personally don’t like these custom logos so I uncheck them all and keep my stock logos. Click the blue arrow to continue.

custom logos

Step 12: We’re almost done! You now have to build the custom IPSW. Click “Build” and click the blue arrow to continue.

build

Step 13: Save your custom IPSW to the “jailbreak” folder we created in step 2.

save

Step 14: PwnageTool will now start building your custom IPSW. Be patient… It can take up to 15 minutes.

Step 15: PwnageTool will ask you if your iPhone has been pwned before. If you’re not sure, just click NO.

pwned

Step 16: If your iPhone was previously jailbroken, you can skip to step 19. If your iPhone wasn’t already jailbroken, follow the following directions.

If your iPhone isn’t plugged to your computer yet, plug it. Don’t open iTunes. If iTunes launches automatically, close it. PwnageTool will now deliver the payload.

payload

Step 17: After successfully delivering the payload, PwnageTool will put your iPhone in recovery mode and you should get the following message. Click OK.

recovery

Step 18: iTunes should pop up saying it has detected an iPhone in recovery mode and that you must restore. Click OK.

itunes recovery

Step 19: We are going to restore your iPhone using the custom IPSW you built. In iTunes, hold the “Alt/Option” key and click “Restore” at the same time. DO NOT click “Restore” without holding the “Alt/Option” key! A dialog box will pop up and you’ll be able to choose the custom IPSW file you created that was saved to your “jailbreak” folder.

Step 20: Navigate to the “jailbreak” folder and select the custom IPSW we created:

  • iPhone2,1_3.1.2_7D11_Custom_Restore.ipsw for iPhone 3GS, or
  • iPhone1,2_3.1.2_7D11_Custom_Restore.ipsw for iPhone 3G

Step 21: iTunes will now restore your iPhone using the custom firmware which could take a while, so relax. When done, your iPhone will reboot and you will now have a jailbroken iPhone.

You may now unlock your iPhone. For more information about unlocking your iPhone, please read our iPhone 3.1.2 unlock page.

If you have any question, please leave a comment below.

  • Danz

    my jailbreak didnt work on my 3gs 3.1.2 it came up with an error on itunes with error 1600… any fixes plz email me

  • ssbgd

    didnt work on my 3Gs, follow the tutorial…. came out with error 1604… what should i do?

  • kidphysik

    I bought a brand new 3G 3.1.2 (7D11) mid Dec. 09 from apple store with AT&T service contract. I would like to JB it but need to know, if I follow instructions, will PwnageTool work for me and should/will I be able to continue using AT&T service after JBing.

    Many many thanks to anyone who can assure me either way.

  • wally28

    This definitely works. all those on Vodafone india shd uncheck the activate option.

    Tks sebastien

  • Juggler

    Followed the directions (using simple mode instead of expert) on a previously pwanged 3g with 3.0 with no problems. Then followed directions to unlock with ultrasn0w and again no problems.

    Thanks very much!

  • This is an amazing good an clear tutorial. Wow! And thanks.

    To those who got an error when iTunes tried to restore your phone (eg. in step 21 of this guide) I experienced this too. My problem was that I still had the PwnageTool software running. After I closed down Pwnage iTunes was able to do the restore error-free.

  • Great post and should work OK for most everyone without the firmware 3.1.2 pre-installed. From some of your comments I wonder if that’s the case here. Just to be sure, I attempted your instructions on my Iphone with 3.1.2 pre-installed from Apple and it did NOT work. From what I understand pwnage tool can only restore the 3.1.2 firmware back to it’s older counterpart, but 3.1.2 pre-installed has no counterpart and therefore this will not work.

    Just wanted to give a heads up also that Apple has also came out with a new update today as well.

    If you followed these instructions correctly and you have 3.1.2 already pre-installed restore is easy.

  • kidphysik

    -JunkyFungus or anyone,

    my 3G did come with the 3.1.2 (7D11) firmware pre-installed, however it was a “replacement” phone which I got after warranting a defective one. I’ve heard the phones Apple exchanges for warrantied ones are sometimes used but refurbished. If that’s the case, would there be any chance my current phone could have that counterpart you referred to? Sorry if I’m repeating what you already posted but want to make sure if I were to attempt this JB, that I don’t end up with a “brick”. Maybe a better question would be, is there another method to JB pre-installed 3.1.2 phones?

    Again, many thanks.

  • @kidphysik As I mentioned above your comment if you do a complete backup and sync to iTunes before you attempt the jailbreak you should be able to restore just fine. 🙂

    @anyone else that cares
    I want to also apologize for the erroneous comment yesterday that Apple has come up with a new update: it was a carrier update and not an Apple update.

    Here’s what happened when I attempted to jailbreak my iPhone 3G(s) with 3.1.2 pre-installed by Apple: The first time it seemed like it worked A-OK and everything went through great. After I restored using the Alt/Option / Restore feature the iPhone rebooted and came on no issues. While still plugged in to my Mac iTunes said I now needed to create an account as it had found a “new” iPhone, or I could indeed thus restore it again. I knew if I restored it again it would thus restore it to the original 3.1.2 and that would supersede the jailbreak. Having a PC with iTunes I brought the iPhone over and created a new account with it and discovered the dreaded “error 1600”! PAPER WEIGHT, Oh No;-), nah not if you followed directions.

    A suggestion: DO NOT send Apple feedback on the error if you do get it and have Apple Care. DOH!

    OK so after error 1600, I simply brought it back to the mac and chose restore. After some rigmarole of jumping through hoops I successfully restored.

    2nd and third attempts were all variations of the first as mentioned above, all met with some error starting with 16. Blasted Apple and here I thought upgrading from my 2g iPhone aluminum casing was going to be succulent, but instead I am left with a factory set iPhone from Apple that I adore, but can’t get no nooky from.

    I really do hope someone comes up with a legit jailbreak (an oxymoron at its best) that does not simply rely on reverting firmware back, when no additional firmware is available, except what came with the phone. Until I humbly bow down and accept my iPhone as it is.

  • Jay

    Just use blackra1n already. I have the brand new 3GS that comes with 3.1.2 preinstalled, and it took less than 30secs to jailbreak using blackra1n. I don’t see why people still leave comments over and over again even after solutions after solutions have been recommended.

  • TG

    Hey I just tried to jailbreak my 3gs and for some reason everything was going great until I was on last step I pressed the alt key and downloaded the new firmware and from there i saw the one logo of the pineapple after that it just went blank when it was almost done with the loading bar what do I do???

  • TG

    And when I tried to do the whole process again it’s won’t let me download the firmware to the phone it gives me an error code of 1600

  • Thrumyeyes

    Can’t find the (iPhone2,1_3.1.2_7D11_Restore.ipsw) file in the link provided.

    It only had the PwnageTool 3.1.4 for Mac OS X file for download.

    Where can I get this first file????

  • If I purchase an iPhone 3Gs (3.1.2 preinstalled) with no att commitment, would I be able to jailbreak/unlock it and use my SIM card from my current phone (my current service provider is att, but I don’t want to pay the extra for the iPhone plans)?
    Got a little confused because in the beginning of this article it says that a purchased iphone with 3.1.2 can’t be unlocked using ultrasn0w, yet another article on this site states otherwise.

    Thanks!

  • @Jay 🙂 I was only demonstrating this method with pwnage which does not work with 3.1.2 pre-installed however many attempts I made.

    Every-time I used pwnage to attempt a jailbreak, just to check it out, I had multiple errors and countless hours restoring my iPhone, but I was able to restore! I have not spoken of my blackra1n experience since the OP is only giving instructions in this post of how to use PwnageTool. I’ve heard and read that PwnageTool only reverts Firmware and it makes sense why it wouldn’t work if this in fact is the case. My experiences tells me it is since I was unsuccessful at jailbreaking with using it on a 3.1.2 pre-installed. (Don’t know, check your model number, seek and ye shall find;) ).

    In the regards of using blackra1n: It works in less than thirty seconds:)

  • Jay

    @ JunkyFungus, yeah i wrote that because your last paragraph had mentioned “… someone come up with a legit jailbreak…” which i think blackra1n is. I had the same problems you had using the method in this article (i tried so many times that i thought i might end up damaging the phone) and then came the “blackra1n enlightenment”. lol.

    I’m glad it worked for you. The iphone experience is truly exceptional after jailbreaking. Have fun!

  • Jay

    @ Zoomrix, i don’t know how you can get the iphone from att and skip adding the mandatory data plan (for $30, i think) especially as you’re a current att customer. It says so explicitly on their website, no iphone without the special data plan. And even if u did, they also say they reserve the right to automatically add the data plan when they find out you are using an iphone on their network, so i don’t really see you winning this one. Also, if u’re on att, why try to unlock for another network? It’s already built for att so unlocking it and then putting att sim card in it will make no difference, i think. But it’s worth the trial, so give it a shot, if u will. I haven’t unlocked an iphone ever because i’m on att but i think ultrasn0w might work; u just need to check the original developers website and find out the latest version.

  • oneofmanymonkeys

    AT&T SERVICE ISSUE FIXED FOR ME…the first time around, i followed the directions perfectly (i think) but I couldn’t call or text after the jailbreak. My AT&T service had vanished. I went through the process again, made sure I unchecked “activate the phone”, and when it was all done i made sure NOT TO restore the phone from the previous saved version, but added it to itunes as a new phone instead (I’m not using the proper terminology here, but I think it captures the gist of it). Service was back immediately. Only problem was the language was now… I don’t know, Dutch or something. But I had this problem when I first got the phone as well. Obviously, I changed this setting in the Settings section and all was well. Hope this helps somebody…

  • Ahmed El Tonsi

    How do we press option on mac?

  • Ahmed El Tonsi

    please someone answer if he/she nows!!!

  • @Ahmed El Tonsi It’s the Alt button between the ctrl and the Apple key, well at least it is for me on my macbook pro. Bottom row left hand side. Hope that helps:)

  • Sonic2312

    Jailbreaking does work,yes,but……
    If you have a new 3Gs chances are it has the new software on the rom chip at boot.This means that it would be in fact a “tethered jailbreak” only.

  • Cat

    Going through the process and I have the option to “Enable baseband update,” which doesn’t seem to be explained in the tutorial. I’m not familiar with this terminology – can anyone translate that for me and tell me if it’s something I need/want to do? I have a 3G (not 3GS) with AT&T.

    Thanks, thanks.

  • Joanna Ruiz

    hi there i really want to jailbreak my phone but im scared that i will loose service or my phone wont work anymore… can any1 help??

    is there a way to jailbreak with no consequences??

  • Jay

    @Joanna.
    Sorry to tell you, but there will “Always” be risks with jailbreaking! But it is worth it! Most of the time all you have to do is restore it and everything is back to normal.

  • S_Tommy

    Hello Everyone,
    I currently have the jailbroken 3.0.1 version 3GS, is it worth it to update to 3.1.2?
    Do i run any additional risks? Sorry I’m kinda new to all this jailbreaking business, should I also follow the above steps?

  • fuk that ho u all ga y as heooo

  • phantomgreen

    Just figured this out in case anyone else comes across it…

    If PwnageTool hangs looking for the ipsw (forever-ish), unmount your external hard drive . Time Machine drive not included and may only apply to NTFS volumes(?).

  • i have successfully jailbreak my phone foloowing ur steps but i am not able to unlock my iphone coz i am able to add in the source for ultrasnow, i used this repo (repo666.ultrasn0w.com)

  • cassadagax

    I go through all the steps and then when itunes restores my phone with the custom firmware, it won’t reboot. The computer will still recognize my phone as on…but the screen is completely blank and will stay that way until I restore with factory defaults…I’ve tried jailbreaking it about 7 times…any suggestions?

  • sweetmndy

    I’m having the black screen problem too! I’m trying to restore back to normal settings now, and will try blackra1n…this one does NOT work on the new 3gs ! Don’t waste your time!

  • sweetmndy

    IF YOU ARE STUCK ON THE BLACK SCREEN:

    Well, I was able to restore back to factory settings after being stuck on the black screen! Whew!
    All you have to do is just restore in itunes and then it will let you restore from your backup and everything goes back to normal!

  • jimmy

    I have a factory unlocked iphone 3GS running on firmware 3.1.2 with 05.11.07 baseband. Is it OK to make a jailbreak?

  • Tommy

    is it possible to un-jailbreak my iphone 3gs? also are there any risks i should worry about?

  • Marlene

    everytime i get to the step where you plug in the phone to deliver the payload.. it keeps saying connect the phone and i keep plugging it in but nothing happens

  • Al Amin

    Carrier: AT&T (GSM based), T-Mobile
    Technology: 3G EURO Standard, Quad Band 850/900/1800/1900

    Buy 2Units And Get 1 Unit FREE

    Apple iPhone 3G S 32GB Unlocked
    Apple Earphones with Remote and Mic
    Dock Connector to USB Cable
    USB Power Adapter
    Documentation
    Price : $320USD

    For More Information, Inquiry & Order Placement, Contact us as below :

    Email: techmob213@gmail.com
    MSN IM: techmob213
    Tel: +20148404558

  • Brooke

    I can build my IPSW just fine, but when it tells me to connect to USB and I do it never recognized it. What am I doing wrong?

  • AlexRmF

    Hi Sebastien,

    Nice tutorial, with a lot of details, thanks.
    I have a small question regarding jailbraking on an iphone 3GS:
    I previously jailbroken a few iphones using pwnage tool and blackra1n, now, i have this iphone which is a 3GS and it’s officially unlocked (so I don’t need any chance for unlocking it)
    I need to know whether or not the 3GS (new bootrom) can be jailbroken without any issues? when I say issues I’m talking about “tethered jailbreak”, because I don’t want to restore the firmware every time the phone is shutdown.

    Thanks in advance for your help,
    Alex

  • Nicolas

    I would like to know if it is possible to jailbreak Iphone 3.1.2 now that Apple updated the firmware to 3.1.3 with this tool?

  • Lexxxii

    umm.. so when i plugged my phone in for step 16, it wont go past that.
    it still says “connect phone”..
    but its connected, and charging. so obviously its not my cords or anything?
    :/ help?!

  • Aleksander

    Hi, I´ve having problems with Pwnage won´t find my Iphone during the process even though it´s connected…what can I do?

  • In case any of you were as stubborn as I was, here is something else that doesn’t work for you iPhone 3GS week 40 or later owners. (Once again, the last two of the first five digits of your serial number will tell you your manufacture week. If your week is a larger number than 40 [mine is 44] there is no untethered jailbreak for you.)

    With the release of PwnageTool 3.1.5 (http://tinyurl.com/y8ffrjk) and Cydia’s new ECID SHSH backup feature (http://tinyurl.com/ylf85q9), I thought I was finally going to get an untethered jailbreak on my iPhone 3GS and bid a fond adiue to GeoHot’s smiling mug. Since I had stored my ECID SHSH with Cydia while running iPhone firmware 3.1.2, it was a simple matter to tell my /etc/hosts file to look to Cydia when verifying the restore with Apple. (see above link)

    I restored to 3.1.2 with no trouble at all, and this was very reassuring. Before modifying my /etc/hosts file, I kept getting an error message that “This iPhone cannot be restored” and that was understandably a little panic-inducing.

    I thought to myself, “hmm, if iTunes is being fooled when it comes to restoring to the standard firmware, wouldn’t it also be fooled when restoring to CUSTOM firmware?” and the jailbreaking lightbulb went off in my head once again. I d/led the new PwnageTool 3.1.5 with high hopes for redirecting iTunes’s request for verification and getting that sweet sweet umbilical-free jailbreak.

    Well, no dice. I just wanted to let you would-be cord-cutters know that, even with your /etc/hosts filed modified to look to saurik for verification instead of the iPhone Software Update Server, you will still end up with iTunes telling you it has recognized an iPhone in recovery mode.

    To reiterate, this is a problem with iPhone 3GS models manufactured after week 40. Anything else (or any iPhone with an earlier manufacture date) should be able to burst through the placenta and run screaming down the halls with no problem.

  • Pauly

    Same deal…. doesnt find iphone to deliver payload..

  • B

    It wont deliver the payload??
    help

  • I have a 3gs running 3.1.3 and i followed all your steps but it wont find my iphone when it says connect device. and it just keeps looking endlessly ive tried turning it on and off and all that.

  • I have a 3gs running 3.1.3 and i followed all your steps but it wont find my iphone when it says connect device. and it just keeps looking endlessly ive tried turning it on and off and all that. it gives me no prompts or anything just the little loading circle that keeps spinning..

    whats wrong?

  • Oliver

    Hey i am having the same problems connecting as everyone else.. what should i do?

  • Jay

    I’m still in the process of jailbreaking my 3gs version 3.1.3 but need to know if anyone would happen to know why every time I finish step 8 that it asks me to connect device to USB, and I do…..but nothing happens! What am I doing wrong? Please help.

  • Jay

    Oops, I meant to say when i finish step 15

  • emkay

    My iphone 3G is factory Unlocked. will it still be unlocked when I jailbreak it?
    I heard it from somewhere that I cannot have my sim in when jailbreaking it. is it true?