PwnageTool

PwnageTool is a jailbreak method by the iPhone Dev Team. PwnageTool can jailbreak any iPhone while preserving the baseband, which is sometimes necessary to unlock.

iPhone 3.0 Jailbreak & Unlock Roundup

Sébastien Page ∙ June 23, 2009

The new iPhone 3.0 came out about a week ago and the Dev Team already managed to jailbreak and unlock it. All the info available about jailbreaking and unlocking might be a little confusing so I wanted to write some sort of summary in order for you to figure out what's the best solution for you.

iPod Touch & iPod Touch 2G

If you're an iPod Touch user and want to jailbreak it, then you will have to use RedSn0w. I wrote a tutorial on how to use RedSn0w for the iPhone but the steps are pretty much the same for the iPod Touch. Refer to this tutorial to learn how to jailbreak your iPod Touch or iPod Touch 2G.

iPhone 2G

You have 2 options to jailbreak your iPhone 2G. If you're on a Mac, the best way to do this is to use PwnageTool. You can read my PwnageTool jailbreak tutorial here. If you're on a PC, you may want to use RedSn0w, for which I also wrote a guide here.

The tools to unlock the iPhone 2G are the same as the tools to jailbreak it. If you're using a Mac, read my PwnageTool unlock tutorial here. If you're on a PC, read my RedSn0w unlock guide here.

Note that RedSn0w works on both PC and Mac, so if you're on a Mac, you can still use RedSn0w, which I recommend as it is a little more straightforward than PwnageTool.

iPhone 3G

Once again, you have 2 options to jailbreak your iPhone 3G. First option is to use PwnageTool for Mac (see tutorial here). The second option is to use RedSn0w, which works on both PC and Mac (see tutorial here).

Now if you want to unlock your iPhone 3G, you will first have to jailbreak it using one of the methods mentioned above, and then you will have to run UltraSn0w (see tutorial here).

iPhone 3G S

Unfortunately, there is no jailbreak or unlock method for the iPhone 3G S yet. The Dev Team just released the iPhone 3G unlock UltraSn0w and I believe they will now focus on finding a jailbreak and unlock for the 3G S.

Stay tuned for more information coming as these new tools are released.

Unlock Your iPhone 3G With UltraSn0w

Sébastien Page ∙ Updated August 1, 2009

UltraSn0w, the soft unlock for the iphone 3G 3.0 firmware is now available thanks to the good work of the Dev Team. Don't wait any minute to install UltraSn0w and unlock your iPhone 3G.

Note that this tutorial was originally written for the 3.0 unlock but the steps are exactly the same to unlock iPhone OS 3.0.1. I simply updated this guide with the latest info.

Before installing UltraSn0w, your iPhone 3G has to be jailbroken and running the latest 3.0 3.0.1 firmware. You can either jailbreak your iPhone 3G using RedSn0w (see tutorial here) or by using PwnageTool (see tutorial here).

After jailbreaking your iPhone 3G, follow these simple steps:

Launch Cydia. Add the following source to Cydia repo666.ultrasn0w.com (note there is a "0" in sn0w, not an "o"). After installing this source in Cydia, search for "ultraSn0w". Install UltraSn0w and reboot your iPhone. Voila!

Note that T-Mobile users should disable 3G before using UltraSn0w.

Unfortunately, the new iPhone 3G S still can't be unlocked because there is no jailbreak for it yet.

Tutorial: Unlock iPhone 2G 3.0 Using PwnageTool For Mac

Sébastien Page ∙ Updated January 29, 2016

This tutorial will show you how to unlock your iPhone 2G using PwnageTool for Mac. This guide will allow you to use your iPhone 2G with any carrier.

1. Make sure you have downloaded the latest version of iTunes 8.2 and that you have updated your iPhone to the latest 3.0 firmware.

2. Create a folder on your desktop. In this folder, download PwnageTool 3.0 and your iPhone 2G 3.0 firmware from our iPhone downloads page. Also download bootloader files 3.9BL, 4.6BL.

3. Launch PwnageTool, agree to the warning, and select the “expert mode”.

4. Select your iPhone model (iPhone 2G) and click the blue arrow to continue.

5. Now if your computer doesn’t automatically detect the iPhone 2G 3.0 firmware you downloaded in step 1, browse for it.

6. You will then have a menu with 7 choices. Choose “general”, which will allow you to set your own root partition size. Click the blue arrow to continue.

7. You will now have 3 checkboxes. Make sure that "activate the phone" and “enable baseband update” are checked. You will also need to increase the root partition size. Usually setting the root partition around 700MB is enough. Click next to continue.

8. When you get to the “bootneuter settings”, only check the boxes for "unlock baseband" and "auto delete bootneuter.app". Click the blue arrow to continue.

9. The “Cydia settings” allow you to choose packages to download now so you don’t have to download them from Cydia later. Choose any of the packages you want and click next.

10. You will now have the possibility to choose your own boot logo. I will skip this step as it is useless.

11. After setting your own boot logos (if you chose to), you will now be able to build your own IPSW file. Click the blue “build” button to start.

12. If it's the first time you do this, you will get a message asking you to upload the bootloader file v3.9. When asked to search the web for it, click "no". When asked to browse for it, click "yes" and select it from the folder we created in step 2. Repeat the process for bootloader v4.6.

13.You will then be asked if you're a legit iPhone user. If you click "yes" this will not unlock the phone, thus defeating the whole purpose of this guide. Make sure you click "no".

14. You will then have to choose a folder to save your custom firmware (ie. desktop). You custom firmware will now be built, which may take up to 15-20 minutes. Be patient.

15. Enter your administrator password.

16. When asked if your iPhone has been pwned before, say “no”, even if it has. Make sure your iPhone is connected to your computer and turn it off, as prompted.

17. This is the tricky part. You will now have to follow directions to enter DFU mode. It will ask you to hold the home and power buttons for 10 seconds. Then, you will have to release the power button and hold the home button for 10 seconds.

18. If done correctly, you will get a message saying that you successfully entered DFU mode. Close PwnageTool and launch iTunes.

19. iTunes will then give you a message saying it has detected an iPhone in recovery mode. Click OK.

20. In iTunes, hold the Alt/Option key and click “restore” at the same time. It will open a window where you will have to select the custom firmware that you built a few minutes before.

21. iTunes will then restore your iPhone 2G using the custom firmware. This step may take 15-20 minutes so again, be patient.

22. Once done, you will have to “set up your iPhone”, either as a new phone (which I recommend), or from backup.

23. Reboot your iPhone and you should have a Cydia icon on the springboard.

24. Congrats! You just unlocked your iPhone 2G using PwnageTool 3.0

Dev Team Releases PwnageTool 3.0 For Mac

Sébastien Page ∙ Updated April 18, 2016

The Dev Team just released a new version of PwnageTool that will jailbreak the iPhone 1st gen., iPhone 3G, and the iPod Touch 1s gen. The new iPhone 3G S is not supported yet.

According to the Dev Team:

Because of some bugs and unexpected changes this will be a multipart release, starting with the release of PwnageTool for Mac OS X. QuickPwn for Mac OS X and Windows will follow sometime soon, please don’t bug us about it, we are working flat out to get everything finished to release them.

GOLDEN RULE: If you are using a 3G iPhone with yellowsn0w and rely on yellowsn0w to obtain cellular service, then you should NOT use PwnageTool right now. UltraSn0w is not included with this release and therefore your baseband will be locked and unable to use an operator other than the official one it was bought for. UltraSn0w will be release via APT (cydia and icy) soon. If you have an original iPhone (1st generation) then 3.0 unlock works with this PwnageTool release. Yellowsn0w in its current form will NOT work with the baseband version that is present in the 3.0 update, you will need Ultrasn0w, which will be released sometime soon, Ultrasn0w will work with all iPhone 3G models (but not 3GS), even ones that were previously unlockable, Ultrasn0w (when available) will be released via APT (this means you can get it via Cydia or Icy). Please read all parts of this post before downloading and using these tools. Read items 1, 2 and 3 again and again. At the bottom of this post are the bittorrent files for the 3.0 capable version of PwnageTool. This app is suitable for the recent 3.0 release. PwnageTool will NOT work for the iPhone 3GS. PwnageTool WILL work for Original iPhone (1st Generation), Original iPod touch (1st Generation) and the iPhone 3G.

This will just unlock the 1st gen iPhone. It will not unlock your iPhone 3G or iPhone 3G S. The Dev Team will release UltraSn0w soon and this is the tool you will need to unlock your iPhone 3G.

Official Bittorrent Releases -

http://torrents.thepiratebay.org/4963802/PwnageTool_3.0.dmg.4963802.TPB.torrent SHA1 = 2e19d39398233f88ae0782fd82462a9223791f7f

iPhone 3G S owners will have to wait for the Dev Team to come up with a jailbreak first. Stay tuned for more info and tutorials on how to do all this...

Dev Team Demos UltraSn0w – iPhone 3G Unlock

Sébastien Page ∙ June 16, 2009

As announced yesterday, Dev Team member MuscleNerd did a demo of UltraSn0w, the new software unlock for the iPhone 3G (skip to 2.20 min on the video below). Unlike its predecessor YellowSn0w, UltraSn0w will unlock your iPhone 3G no matter what firmware, bootloader or baseband you have, as long as you have the new 3.0 firmware installed.

The actual program that UltraSn0w injects into the baseband to accomplish the unlock is the exact same one the Dev Team developed for YellowSn0w. What changed is that the Dev Team found a new "hole" to inject the unlocking payload.

During his demo, MuscleNerd successfully jailbroke his iPhone 3G and proved it by inserting a T-Mobile SIM card.

UltraSn0w won't be available until Friday and like YellowSn0w, it will be downloadable through Cydia. Your iPhone will obviously have to be jailbroken and the Dev Team will release the necessary tools for that (QuickPwn and PwnageTool) soon.

Again, just to make this clear, there is no baseband downgrade needed. You can just upgrade to 3.0 tomorrow and wait for the Dev Team to push its unlocking tools and UltraSn0w on Friday.

Note that this unlock is only valid for the iPhone 3G. According to the Dev Team, this hack may be applicable to the new iPhone 3G S if it can be jailbroken, which should happen sometimes soon. Go Dev Team!

PwnageTool 2.2.1 Guide & Tutorial

Sébastien Page ∙ Updated January 23, 2016

This tutorial will show you how to use PwnageTool to jailbreak your iPhone firmware 2.2.1. Note that PwnageTool only works with Mac OS X. PwnageTool will create a custom 2.2.1 firmware that you will then load to your iPhone. This will allow you to update your iPhone without updating the baseband, which is a very important feature if you're considering using YellowSn0w to unlock your iPhone.

Dev Team Updates QuickPWN and PwnageTool for 2.2.1

Sébastien Page ∙ Updated November 12, 2019

I thought the Dev Team would release updated version of QuickPWN and PwnageTool sometimes next week, but as usual, they were faster than I expected. In a blog post, the Dev Team gives us more info about these 2 jailbreaking tools and also tells us about the dos and donts.

I could try to paraphrase what they said but I think it's better I just copy/paste their post entirely. I do not like doing this but I believe it is very important information that shouldn't be disregarded.

I highly suggest you go visit the Dev Team blog and leave a nice comment over there. Click here to read this post on the Dev Team blog.

You can expect a QuickPWN guide and tutorial from me within the next couple hours, so stay tuned!

UPDATE:

Tutorial for QuickPWN: QuickPWN 2.2.1 Guide Tutorial for PwnageTool: PwnageTool 2.2.1 Guide

This is the low down on our tools for use with the 2.2.1 firmware from Apple, read the whole post in full before attempting anything.

GOLDEN RULE: If you have a 3G iPhone running 2.2 firmware and you want to keep your ability to use yellowns0w (or the option to use it in the future) do NOT use QuickPwn, and do not use the official ipsw or the iTunes update process without using PwnageTool. Yellowsn0w will NOT work with the baseband version (02.30.03) that is present in the recent 2.2.1 update - you will need to create a custom ipsw that will allow you to update safely without affecting the baseband. Please read all parts of this post before downloading and using these tools. Read items 1, 2 and 3 again and again. At the bottom of this post are the bittorrent files for the latest versions of PwnageTool and QuickPwn. These apps are suitable for the recent 2.2.1 release. The Yellowsn0w version has been updated to 0.9.7. Yellowsn0w is available from Cydia or Installer - this version allows compatibility with pwned 2.2.1 system (not baseband) - again - remember 0.9.7 yellowsn0w DOES NOT WORK WITH 2.2.1 (02.30.03) directly - you need to be running a ‘pwned’ version of 2.2.1 which doesn’t upgrade the baseband. Users of OS X 10.5.6 will be unable to use DFU mode correctly, please see the note towards the end of this post to easily fix this issue.

Baseband 101

The ‘baseband’ is the generic name given to the internal components of the iPhone that handle the phone calls and Internet access. This ‘baseband’ is a tiny and unique independent computer system that runs inside your iPhone, it is separate to the main system that handles the applications (such as email and google maps) and it talks to the main part of the phone over an internal communications network. Think of it like a cable modem or other peripheral that is attached to your home PC that needs occasional updates. When a software update is released and presented to you within iTunes the baseband is sometimes updated (to fix bugs or add new features). The 2.2.1 update for the iPhone 3G contains such an update, so running the vanilla updater straight away with iTunes will reprogram and update the baseband. This could be bad for certain people, depending on your ultimate aim.

SIM Free/SP Unlocked/Factory Unlocked iPhone 3G

This applies if you bought your iPhone 3G for $$$$$$$. This model of iPhone 3G doesn’t have an Service Provider lock (aka factory unlocked) and you are able to put any SIM card into the phone and get service. Your phone is already unlocked so you do not need to worry about baseband updates, simply upgrade to 2.2.1 using iTunes and then use QuickPwn to Pwn and Jailbreak. This will add Cydia and Installer too.

Locked iPhone 3G - Preserve Baseband

This applies if you have a locked iPhone 3G and you wish to update to 2.2.1 but preserve the iPhone’s current baseband software. Preserving the baseband will ensure that you can still use “yellowsn0w” the iPhone 3G unlock application. To upgrade your phone to 2.2.1 and preserve the state of the baseband you need to create a custom .ipsw with PwnageTool. This custom .ipsw will not contain the baseband update but of course will still give you any new stuff from 2.2.1

There are plenty of tutorials about this process on the web, but PwnageTool contains intuitive graphics and easy to follow prompts that should have you up and running in no time at all. Please note: PwnageTool is only available for Mac OS X.

Locked iPhone 3G

If you are using your iPhone with one carrier and have no interest in the possibility of an iPhone 3G unlock in the near future then just restore or upgrade to 2.2.1 using iTunes and use QuickPwn to Jailbreak and add Cydia and Installer.

iPhone 2G (1st Generation)

Update or Restore your iPhone 2G with iTunes then run QuickPwn to do the magic, ‘nuff said, you don’t need to worry about anything. iPod Touch 1G (Original iPod Touch)

Update to 2.2.1 with iTunes and run QuickPwn. iPod Touch 2G (New iPod Touch)

Sorry, no support at this time, but Redsn0w is being actively researched and developed.

Fixing DFU mode on 10.5.6

As noted previously OS X 10.5.6 introduced a bug that affected the use of DFU mode. with some Macs. There have been previously published hacks and techniques to fix this, but here is another method that can be used to easily restore functionality.

You will need an account with ADC (Apple Developer Connection) this is free and takes a few minutes to sign up, you should read the terms and conditions carefully and you should only sign up if you are thinking of developing applications in the future - http://developer.apple.com/mac/ Download the disk image “IOUSBFamily Log release for Mac OS X 10.5.5 Build 9F33” (yes, that is a “5” in 10.5.5 - this is a developer debug package of the USB kernel extension). Install IOUSBFamily-315.4.1.pkg from within the disk image Reboot your system!

Official Bittorrent Releases -

PwnageTool 2.2.5 for Mac OSX is here SHA1 Sum - 8fe2f20c00f48b37d8262d6872a12166c6e165ba QuickPwn 2.2.5 for Mac OSX is here SHA1 Sum - 2f1353242ef10dc408e95786643e497fcd04e4ea QuickPwn 2.2.5-2 for Windows is here SHA1 Sum - 82aae63218316af42e4fa20f8c69d9eb4fe9d4ee

Click here for the official blog post by the Dev Team.

Sorta QuickPWN 2.2.1 Is Out. I Say Stay Away

Sébastien Page ∙ January 29, 2009

I knew it wouldn't take long for some hacker to come up with an unofficial version of QuickPWN to jailbreak the new firmware 2.2.1. This time, it's Russian hacker Vortex that created the bundles and if I can give you a piece of advice, STAY AWAY from it.

People using this unofficial QuickPWN had varied results. So again, wait for the Dev Team to come up with an official version. They are most likely already working on it and I bet you we'll have updated versions of QuickPWN and PwnageTool within a week.

As usual, I will give you the heads up when I have more info!

If you really can't wait and want to take the risk of messing up your iPhone, then you can download this unofficial version of QuickPwn here.

UPDATE: Just got a tweet from MuscleNerd saying "iphone users in particular (even 2G) can do permanent damage running "untrusted" bundles (either broken or intentionally bad)"

If I wasn't clear enough before... DO NOT USE unofficial versions of QuickPWN or PwnageTool!

Heads Up On Firmware 2.2.1 And Jailbreak/Unlock

Sébastien Page ∙ January 28, 2009

Since firmware 2.2.1 was released yesterday, a lot of concerns were raised whether or not you should update. The quick answer is NO, do not update if you care about your jailbreak or your unlock. MuscleNerd released a video on Qik giving us more info about the situation. Below are notes from the video.

About the iPhone 3G:

If you use YellowSn0w, you do not want to update to 2.2.1 as it will remove the possibility to install it. The only way you could do it is my installing a custom firmware that doesn't update the baseband. PwnageTool and QuickPwn do just that but they haven't been updated for 2.2.1 yet so wait for them to come out.

About the iPod Touch 2G:

The 2.2.1 firmware doesn't affect your ability to jailbreak your iPod Touch 2G. It didn't remove the ability for the Dev Team to do a tethered jailbreak. The Dev Team is still looking for an exploit to allow an untethered jailbreak. In other words, hang in there, they are working on it.

About iPhone 2G and iPod Touch 1st Gen:

2.2.1 doesn't affect your ability to jailbreak or unlock but again, wait for an updated version of QuickPwn and PwnageTool to do that.

As usual, I will report to you as the news come about 2.2.1 and jailbreaking/unlocking so you may want to subscribe to the RSS feed to be notified in time.

iPhone 2.2 Jailbreak

Sébastien Page ∙ November 23, 2008

Update: The Dev Team cracked the code again and you can now jailbreak your iPhone 2.2 firmware. I highly recommend you read this before doing anything!

Update 2: I wrote new tutorials on how to jailbreak or unlock your iPhone 2.2 firmware using QuickPwn:

jailbreak iPhone 2.2 unlock iPhone 2.2

Like I mentioned in my previous post, there is no jailbreak available so far for iPhone firmware 2.2. The Dev Team is working on it and from what I understand, it shouldn't take too long...

We believe that our Pwnage technique (and therefore the Jailbreak) isn’t affected, but PwnageTool and QuickPwn do not support this release as yet, so DO NOT install 2.2 using iTunes as you will lose your jailbreak.

It's also worth noting that if you're on a jailbroken iPhone, you really don't want to update using iTunes yet as it may modify your baseband and make future jailbreak and/or unlock impossible.

I suspect that it will take a few days to the Dev Team to update PwnageTool to allow it to jailbreak your iPhone firmware 2.2, so please hang on... Once PwnageTool is released, other methods including WinPwn, and QuickPwn will be following.

We will let you know as soon as PwnageTool, WinPwn, and QuickPwn are available, and we will also release our tutorials on how to use them. You may want to subscribe to our RSS feeds (if not done yet) to keep in touch and be notified as soon as the news fall.

Jailbreak iPhone 2.1

Sébastien Page ∙ September 14, 2008

A lot of things happened with the last 48 hours in the iPhone jailbreak community; this is due to the release of QuickPwn and PwnageTool 2.1 by the DevTeam. I have been posting quite a few tutorials since yesterday on how to jailbreak the iPhone 2.1 firmware and I understand some of you might be a little overwhelmed by the amount of information.

To make it easier for you, I am writing this post to sum up all the iPhone 2.1 jailbreak tutorials that I posted so you can find your QuickPwn guide or PwnageTool tutorial in one place.

PwnageTool 2.1 Guide QuickPwn Tutorial iPhone 2.1 Jailbreak guide

PwnageTool 2.1 Tutorial for Mac OS X

Sébastien Page ∙ Updated September 29, 2008

[digg-me]That's a lot of work for me this morning with all these news falling... I just posted about a tutorial for QuickPwn 1.1 for Mac OS X and now I'm gonna show you how to jailbreak your iPhone 3G with PwnageTool. This tutorial (or guide) will show you how to use PwnageTool 2.1 and how to update your iPhone to 2.1.

Before we start, make sure you backup your iPhone in iTunes and also download your iPhone firmware from here and save it to your desktop.

Download PwnageTool 2.1 from here. in iTunes, go to the summary tab and download (do not update!) the latest iPhone firmware 2.1 Launch PwnageTool 2.1 Select your device and click "Next" Select the right iPhone firmware You will then get a message that says "We will now create an .ispw file that you can use to restore your iPhone with iTunes. This file will be placed on your desktop. Do you want to continue?". Click YES The it will ask "Do you have an iPhone contract that would normally activate with iTunes?". If you are a legit AT&T customer, click YES, if not, click NO Then wait while PwnageTool 2.1 builds the custom .ispw file. It could take a few minutes. Enter your password when asked to. Then wait for the custom .ipsw to be built The it will ask if your iPhone has been Pwned before. Click YES or NO Turn off your iPhone You will then get a message saying: "Close the PwnageTool application, put your iPhone into recovery mode, start iTunes and restore with your custom firmware bundle". Close PwnageTool Put your iPhone into recovery mode (Google it or go to YouTube to see how to do this) Start iTunes. iTunes will say "iTunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes." Click OK Do NOT just click "Restore". Hold the OPTION key + click "Restore" With Finder, select the Custom .ipsw file PwnageTool created on your desktop Select whether to set up as a new iPhone or restore your it from a backup. I recommend setting it up as a new phone. You will lose all your contacts and everything but these can be synced again later on. Restoring from a backup sometimes created problems. You're done!

How was this PwnageTool 2.1 guide? Hope that helped!