QuickPwn 2.1 Guide & Tutorial

UPDATE: This post in kind of outdated since firmware 2.2 became available. I wrote new tutorials on how to jailbreak iPhone 2.2 with QuickPwn and how to unlock iPhone 2.2 with QuickPwn.

UPDATE 2: I closed the comments for this post. If you have any question about QuickPwn, please ask in the forum.

This guide will show you how to use QuickPwn 2.1 to jailbreak your iPhone. This tutorial is for PC users. If you use a Mac, you may want to refer to QuickPwn tutorial for Mac OS X or PwnageTool 2.1 Tutorial for Mac OS X.

This QuickPwn 2.1 tutorial will be short as I have already posted a QuickPwn guide before.

Before starting, make sure you have downloaded the latest version of iTunes. Also make sure you are currently running firmware 2.1 (thanks Tim for pointing that out!). Plug your iPhone and make sure iTunes has detected it. If you’re iPhone is already jailbroken, you may want to remove all the apps that you have downloaded from Cydia. Certain applications such as Winterboard, Categories and more cause trouble. You will be able to reinstall them later.
Supports 2.1 firmware with the unlocking and jailbreaking of iPhone 1st generation (2G) device. Supports the jailbreaking of iPod Touch 1st generation device and iPhone 3G. Does not support the unlocking of iPhone 3G or jailbreaking of second generation (n72ap based) iPod Touch.
Note that you are pwning your iPhone at your own risk… Success is not guaranteed!

Create a folder called “QuickPwn” on your desktop. Download your appropriate iPhone firmare from here. Also download the QuickPwn 2.1 from here and place it. Place these files in the newly created QuickPwn folder on your desktop. If you want to unlock your iPhone (only works with iPhone 2G), download the Bootloader 3.9 & 4.6 Files.
Extract QuickPwn zipped file.
Launch QuickPwn and select your iPhone version.
You will be asked to select your iPhone firmware. Select the firmware your downloaded in Step 1.
If the firmware you selected is valid, QuickPwn will show a green checkmark. Click Continue.
You will then have the opportunity to select Cydia, Installer and to choose a custom boot logo. You have to select Cydia. You may also choose to install Installer. Click Next.
You will now have a message saying that you are ready to launch the QuickPwn process in a new Window. Click Go.
You will then be asked to power off your iPhone and press Enter once it has been turned off.
QuickPwn 2.1 will now help you put your iPhone into DFU Mode (aka recovery mode). Read the instructions carefully then type in Y for YES and press Enter.
You will be asked to hold down the Power button for 5 seconds. Then you will have to also hold down the Home button for 10 seconds without letting go of the Power button. At the end of 10 seconds you will need to release only the Power button.
After a few seconds of holding down just the Home button QuickPwn will detect the your iPhone in DFU mode and start performing some “operations”. After 8 operations are performed QuickPwn will tell you to “Please wait while your iPhone is Jailbroken”. Press any key to continue.
Your iPhone will display a turning wheel and in a few minutes will be jailbroken!

If you have a 2G iPhone and would like to unlock it simply install and run BootNeuter from Cydia.

If this post was helpful, please DIGG it! Thanks.

QuickPwn 2.1 for Windows

It’s here! QuickPwn 2.1 for Windows is not out and available. It’s so new that it is still warm… The DevTeam just spread the news on its blog. You can download QuickPwn 2.1 for Windows from our iPhone Downloads section.

I wrote a new QuickPwn 2.1 Tutorial. So go check it out!
Supports 2.1 firmware with the unlocking and jailbreaking of iPhone 1st generation (2G) device. Supports the jailbreaking of iPod Touch 1st generation device and iPhone 3G. Does not support the unlocking of iPhone 3G or jailbreaking of second generation (n72ap based) iPod Touch.
(sha1) QuickPwn21-1.zip = f8124d0e8f31f64ef3272de8fbc679e1dd1f93a7

Jailbreak iPhone 2.1

A lot of things happened with the last 48 hours in the iPhone jailbreak community; this is due to the release of QuickPwn and PwnageTool 2.1 by the DevTeam. I have been posting quite a few tutorials since yesterday on how to jailbreak the iPhone 2.1 firmware and I understand some of you might be a little overwhelmed by the amount of information.

To make it easier for you, I am writing this post to sum up all the iPhone 2.1 jailbreak tutorials that I posted so you can find your QuickPwn guide or PwnageTool tutorial in one place.

PwnageTool 2.1 Guide
QuickPwn Tutorial
iPhone 2.1 Jailbreak guide

QuickPwn tutorial for Mac OS X

Ok, now that a new version of QuickPwn is out for Mac OS X, you don’t have any excuse for not jailbreaking your iPhone 3G. I already posted a QuickPwn guide a couple weeks ago called QuickPwn Mac OS X Tutorial. The method is exactly the same so instead of doing it all over again, I’ll just put the link to the QuickPwn for Mac tutorial.

Here it is: QuickPwn Mac OS X Tutorial

And here is the PwnageTool 2.1 for Mac OS X Guide

PwnageTool and QuickPwn for 2.1 Firmware

It’s official. It’s clean. It’s easy and it works without having to pull your hair out! That, my friends, is the new releases of PwnageTool 2.1 for Mac OS X and QuickPwn 1.1 for Mac OS X. The DevTeam worked all day and all night to bring you an easy way to jailbreak your iPhone 3G.

Yesterday, we were presented a way to jailbreak the iPod Touch is a couple shady QuickPwn that turned out to be “fake” tools that were not developed by the DevTeam but used their name anyway. Then, BigBoss released a tutorial on how to jailbreak the iPhone 3G but that was still kinda hard for non geekie guys to use.

I don’t like copy/pasting large parts of other people’s posts but I think it is very relevant to do this in the case of the latest post on the DevTeam blog:
Some of the popular press and blogs have been backing the opposition. 🙂

While criticism and competition is fine it should be reported correctly, with all the facts. and certainly minus the FUD. Do you guys think we are “less and less relevant with each passing day” ? We don’t think so, and we certainly prefer our hacks to theirs. 😉  Though even if the world deems us irrelevant, the iPhone family of devices is still fun to hack!

By the way we figured out a way to combat iTunes 8 without patches…and we’re waiting to see what Apple tries next.  But we think they might want to rethink their priorities.  They probably won’t though, and so we get back to the “cat and mouse” game between Apple and the Dev Team and third-party communities.
Whatever this guy at Engadget says, I still think jailbreaking your iPhone is more relevant than ever. Do you really want to rely on Apple? I don’t! Anyways, this is not the point of this post…


PwnageTool 2.1 for Mac OS X
QuickPwn 1.1 for Mac OS X

These can be downloaded from the iPhone Downloads section of my blog.

SHA1 Sums:

PwnageTool_2.1.dmg = 0b2dcb51e224b12590793e8a758dd80c450e5b64
QuickPwn_1.1.dmg = 92487230c66296ec1e414260b5f107e5d351923f

Hey, this is for iPhone 3G only and as you can notice, it is for Mac only. A Windows version is coming out pretty soon. A QuickPwn tutorial can be found here and a PwnageTool Guide can be found here.

How to jailbreak your iPhone 3G 2.1 firmware

Wow, again, it didn’t take long for BigBoss to come up with a not-so-easy way to jailbreak your iPhone 3G.

Download the 2.1 firmware for iPhone 3G from the iPhone Downloads section and save it to your desktop
Install iTunes 8
Update your iPhone to firmware 2.1 with iTunes and make sure it is activated
Uninstall iTunes 8
Uninstall Apple Mobile Device Support (From Add/Remove Programs in Control Panel)
Install itunes v7.7. – you can find it here
Download QuickPwn with the correct 2.1 bundle inside it here
Run QuickPwn. Select the iPhone 3G 2.1 firmware that you downloaded in Step 1
Select at least Cydia. You may also select Installer
Once finished, your iPhone will reboot, which may take a few minutes. Cydia and Installer will not be visible on your springboard. Don’t panik! This is ok.
Download TotalCommander and t-pot addon
Install TotalCommander and in the left pane navigate to T-PoT.1.1.zip and click on it. It will install t-pot automatically
Download the mobileinstallation patch
Use Totalcommander to install the patched mobileinstallation file to /System/Library/PrivateFrameWorks/MobileInstallation.framework. Click on the dropdown box [-\-] top left and select network neighborhood then t-pot. Remember to back up your original mobileinstallation first!
Still in TotalCommander delete /private/var/mobile/Library/Caches/com.apple.mobile.installation.plist
Reboot your iPhone

This is not the most straightforward method to jailbreak your iPhone 3G but it is the only one so far! As usual, use it at your own risks…

Thank BigBoss

iPod Touch 2.1 Jailbreak Update

I posted this morning about a new shady way to jailbreak your 2.1 iPod Touch. It seems many people are having issues with this method and the guy who first posted about this jailbreak technique posted a new way to do it through a GUI version of QuickPwn.

It is still very very shady and we still haven’t heard from the DevTeam about that so again, if I were you, I would NOT attempt to jailbreak my iPod Touch 2.1 for the time being.

Jailbreak your iPod Touch 2.1 with QuickPwn

UPDATE: This method sucks! Read my new post to learn more.

It didn’t take too long. That’s what? Four days? Four days until someone figured out how to jailbreak the new iPod Touch firmware 2.1. The news came from QuickPwn who published a tutorial on how to jailbreak your iPod Touch 2.1 using QuickPwn.

Disclaimer: These comments were found on the QuickPwn website, so please, use at your own risk!
I wouldn’t try this on the iPhone, wait until there is an official update from the iphone dev team
Hi, I’m the one of the developers of QuickPwn and should stress this is a very unsupported mod and I think it causes confusion to present it under the QuickPwn name when it isn’t sanctioned by the developers at all.
Download this stuuf at your own risk…

This is not the official Pwn-age or QuickPwn site…

This on is…

His tutorial is a little messy so I would like to make it a clearer and more user friendly to everybody.

Before starting:

You must already be on a jailbroken iPhone. If you are on a clean iPod Touch 2.1 firmware, this is NOT gonna work. SSH into your iPod Touch to the /System/Library/PrivateFrameworks/MobileInstallation.framework folder. Copy the MobileInstallation file on your desktop as you will need it later during the process. OK. You ready?

Download the iPod Touch 2.1 firmware and save it on your desktop. Go to iTunes 8 and hold the SHIFT key on your keyboard while clicking “Restore”. You do not want to update per say, you want to RESTORE. Make sure you hold the SHIFT key.
Download QuickPwn 2.1 Jailbreak Edition from here, or here, or here, or here.
Unzip the QuickPWN folder, run QuickPWN.exe; select your device; browse for your iPod
Touch 2.1 firmware file that you saved on you downloaded in Step 1and click the “Next” button.
Installer and Cydia should be checked by default. You don’t need Installer but you have to leave Cydia checked.
You should see a message on your screen that says “You are now ready to start the PWNAGE process on your device”, make sure your iPod Touch is connected via USB and click “Next”.
Follow the on-screen instructions for putting your device in DFU mode.
If everything went well, you should see a message that says “The Pwnage process appears to have completed successfully”. Wait for your iPod Touch to reboot.
Once your iPod Touch restarts, you will notice that the Cydia and/or Installer icons are not there. Well, it’s time to use the MobileInstallation file that we copied from your iPod Touch before Step 1. In order to install Installer and Cydia you will need to put this file in your iPod Touch.
To put the MobileInstallation file in your iPod Touch,
download the TotalCommander.
You will need the T-Pot plugin for TotalCommander in order to browse files on your iPod Touch.
Launch TotalCommander, and navigate to /System/Library/PrivateFrameWorks/MobileInstallation.framework
Replace the MobileInstallation file with the one you copied to your desktop before Step 1.
You’re done!

See, it’s not really complicated but it could be simpler. Hopefully, a GUI version will come out soon.

No word so far if this process works with the iPhone firmware 2.1 or not. I doubt it but you never know…

Thanks QuickPwn 🙂

QuickPwn Mac OS X Tutorial

[digg-me]How to use QuickPwn Mac OS X to jailbreak the iPhone? This is a very good question that will find answer in the new few paragraphs. Before we start, I want to make it clear that QuickPwn for Mac OS X does not activate; it just pawns firmware 2.0.2 (at least to this date).

Another thing I would like to add is that you are pawning your iPhone at your own risk and it will void Apple’s warranty. It is also worth noting that pawning your iPhone is illegal. I know, it’s your phone, you should be able to do whatever you do with it but it still illegal. Ok, let’s go.

QuickPwn Mac OS X Guide:

Before starting: your iPhone must be on firmware 2.0.2.

Download QuickPwn Mac OS X from here or from our iPhone Downloads section. Also download the 2.0.2 firmware for your iPhone and place it in your DOCUMENTS folder. It is very important you put it there as QuickPwn will automatically look for it at this location.
Open QuickPwn and click OK to the warning.
The next few steps are all automated, you pretty much have nothing to do but sit and relax. QuickPwn will ask you to connect your iPhone. Do so and click OK.
QuickPwn will then automatically detect your device.
Then QuickPwn will automatically build the custom firmware for you. It should say “Building IPSW”.
It will then ask for your password. Enter it.
OK, now is the part where you actually work a little bit… Follow the onscreen instructions to put your iPhone into DFU mode.
Wait for QuickPwn to pawn your iPhone.
Then you will get a message telling you that “QuickPwn is modifying your device”.
Click OK and you will get a cute success message (you’ll see what I mean).
This process may take a few minutes and your iPhone will reboot automatically.

So, wasn’t that hard, was it? Please leave comments.

QuickPwn for Mac OS X is out

A lot is going on today. First, the release of WinPwn 2.5 (see tutorial here) and now the DevTeam informs us on their blog that they have released the long-awaited QuickPwn for Mac.

From the DevTeam:
QuickPwn is not a replacement for PwnageTool, they are different tools and provide different features, QuickPwn is for quickly pwning a device, whereas PwnageTool is designed to custom build and tailor the ipsw production process, both tools will be actively developed in the future.

To use QuickPwn 1.0 Mac OS X your device should be running 2.0.2, if it isn’t then you can upgrade it to 2.0.2 using iTunes and then use the QuickPwn tool, we repeat, it’ll only work on version 2.0.2 of the iPhone or iPod touch firmware.

If you don’t want specific things to happen such as baseband updates then PwnageTool should be used to create a custom .ipsw with your specifics.
QuickPwn for Mac can be downloaded from here (Bittorent) or from our iPhone Downloads section.

SHA1(QuickPwn_1.0.0.tbz)= 22ee0d6814a6bac9b1b9a8c7715dd714bd6bb449

Thanks DevTeam

QuickPwn vs. Ziphone

PlanetBeing, a member of the DevTeam, wrote a very interesting post about the similarities and differences between QuickPwn and Ziphone. If you’re not an iPhone geek, don’t even bother reading this…

Here is what PlanetBeing took into account (as you can see, there are more differences than similarities):


payload medium


ZiPhone uses, as the root filesystem device, a pseudo-device that provides a window to an arbitrary section of memory. This memory is not allocated or otherwise reserved by the operating system and hence will be used by other random processes in other random ways and will become more and more corrupted with every CPU clock cycle. The only safe way to use this is to mlock all memory used by the jailbreak binary as soon as possible, and then use data previously uploaded to flash. Anything else will cause either the jailbreak binary to crash at random moments or cause random data to be written to flash. I am not sure why Zibri elected not to implement ZiPhone in a safer fashion.

QuickPwn uses the same mechanism that Apple uses to send its update ramdisk. This memory is both allocated and reserved. It will not crash at random moments, or give you repeating BSD root errors. This is the way the XNU kernel is designed to use ramdisks.


ZiPhone hinges on a BUG in iBoot that was quickly fixed by Apple.

QuickPwn uses an iBoot FEATURE that Apple cannot remove without rewriting their own software and undergoing lengthy QA. Even if Apple did change the architecture, it would be straight-forward to simply mimic what they do and adapt to it. The reason QuickPwn can do this is because it relies on a hardware exploit to bootstrap into this phase. Apple cannot fix this problem without changing the manufactured hardware.


ZiPhone modifies an existing Apple ramdisk and ships it as a complete set.

QuickPwn contains all-original code and features a very tiny bootstrapper that allows it to use libraries and code that’s already on the iPhone.

Not only does ZiPhone’s distribution of Apple’s binaries violate copyright laws, it also takes up a large portion of room on the ramdisk that could be used for the payload. Keeping its existing algorithm, ZiPhone would never have been able to install Cydia, for example. The maximum feasible ramdisk size is 32 MB; Cydia takes 13 and Apple’s library take up a significant amount. With some work, Zibri could possibly make it just under the 32 MB limit, but with the large number of files in Cydia, and the large size of the corruptible area of memory, corruption would be inevitable.
Click here to read the full post.

Bugs found in PwnageTool for Mac and Windows Beta of QuickPwn

The DevTeam posted on its blog a few hours ago that bugs have been found in the recent releases of the PwnageTool for Mac and the Windows Beta of QuickPwn.
We’ve had some issues with iPod touch devices and the latest version of PwnageTool for the Mac, in certain conditions incorrect permissions will be used and the keychain doesn’t save passwords. So hold on and wait for the next release, we’ll push out the updated version via Sparkle as soon as it is tested (it is being tested right now). We have also encountered some issues with the Windows Beta of QuickPwn, and we have an update that should fix the issues seen with 64-bit Windows versions and should be able to be used with all versions of Windows, but as with all beta software other bugs may be present.
A new Windows QuickPwn Release Candidate (RC3) was made available.