Jailbreak iPhone 3G or iPhone 3GS 3.1.2 with PwnageTool

This step-by-step guide and tutorial will show you how to jailbreak your iPhone 3G or 3GS OS 3.1.2 using PwnageTool 3.1.4 for Mac OS X. PwnageTool is a Mac and Mac only tool. There is no equivalent for Windows and no one knows yet when such a tool for Windows will be released.

If you updated your iPhone via iTunes to 3.1.2 or if you bought your iPhone with 3.1.2 pre-installed, you will be able to jailbreak it, however, you will not be able to unlock it. On the other hand. if you are still on 3.0 or if you have updated to 3.1 using PwnageTool, you preserved your baseband and you will be able to unlock using UltraSn0w.

This tutorial is written for both the iPhone 3G and 3GS. The steps are identical. The only thing that changes is the file you have to download in order to create your custom IPSW.

How to jailbreak iPhone 3G/3GS 3.1.2:

Step 1: Make sure you have downloaded and installed the latest version of iTunes.

Step 2: Create a folder called “jailbreak” on your desktop. Download and save the following files to this “jailbreak” folder (all these files can be downloaded here):

  • PwnageTool 3.1.4 for Mac OS X
  • If your iPhone is a 3GS: 3.1.2 for iPhone 3GS (iPhone2,1_3.1.2_7D11_Restore.ipsw)
  • If your iPhone is a 3G: firmware 3.1.2 for iPhone 3G (iPhone1,2_3.1.2_7D11_Restore.ipsw)

Note that I highly suggest downloading these files with FireFox as Safari usually creates issues.

Step 3: Launch PwnageTool. It should give you a warning message. Click OK.

Step 4: Select “Expert Mode”.

expert mode

Step 5: Select your device then click the blue arrow to continue.

select device

Step 6: If PwnageTool doesn’t automatically find the correct IPSW file, click “Browse for IPSW” and locate it (it should be in your “jailbreak folder”).


Click the blue arrow to continue.

Step 7: You will now have several options. Choose “General” and click the blue arrow to continue.


Step 8: Under “General Settings”, you have the option to activate the phone or not. This is a very important step and I’m pretty sure that we’re going to have a bunch of comments related to this setting, so please read carefully.

If you have a contract with an official carrier (such as AT&T in the US, or Orange in France, etc…), do not activate.

If you do not have a contract with an official carrier (ie. you want to unlock for another carrier), you have to activate. Then you will have to install UltraSn0w from Cydia in order to fully unlock the phone.

You will know you didn’t choose the right option if you don’t have signal after jailbreaking.

general settings

You don’t have to, but I suggest increasing the root partition size to somewhere around 700MB, just to be on the safe side. When you’re done, click the blue arrow to continue.

Step 9: You are now taken to the “Bootneuter settings”. All of them should be greyed out. Click the blue arrow to continue.


Step 10: You are now taken to the “Cydia settings”. From here, you may download packages so you don’t have to manually do it later. For example, you may download WinterBoard, which would be installed during the pwnage process. Let’s keep things simple and skip this step which is not necessary. Click the blue arrow to continue.

cydia settings

Step 10: You are now taken to the “Custom packages settings”. I highly suggest only selecting Cydia as Icy can be very buggy sometimes. Click the blue arrow to continue.

custom settings

Step 11: You are now taken to the”Custom logos settings”. You can choose to add the default logos (see below) or you can add your own logos. If you choose to add your own, make sure the images are not larger than 320 x 480. I personally don’t like these custom logos so I uncheck them all and keep my stock logos. Click the blue arrow to continue.

custom logos

Step 12: We’re almost done! You now have to build the custom IPSW. Click “Build” and click the blue arrow to continue.


Step 13: Save your custom IPSW to the “jailbreak” folder we created in step 2.


Step 14: PwnageTool will now start building your custom IPSW. Be patient… It can take up to 15 minutes.

Step 15: PwnageTool will ask you if your iPhone has been pwned before. If you’re not sure, just click NO.


Step 16: If your iPhone was previously jailbroken, you can skip to step 19. If your iPhone wasn’t already jailbroken, follow the following directions.

If your iPhone isn’t plugged to your computer yet, plug it. Don’t open iTunes. If iTunes launches automatically, close it. PwnageTool will now deliver the payload.


Step 17: After successfully delivering the payload, PwnageTool will put your iPhone in recovery mode and you should get the following message. Click OK.


Step 18: iTunes should pop up saying it has detected an iPhone in recovery mode and that you must restore. Click OK.

itunes recovery

Step 19: We are going to restore your iPhone using the custom IPSW you built. In iTunes, hold the “Alt/Option” key and click “Restore” at the same time. DO NOT click “Restore” without holding the “Alt/Option” key! A dialog box will pop up and you’ll be able to choose the custom IPSW file you created that was saved to your “jailbreak” folder.

Step 20: Navigate to the “jailbreak” folder and select the custom IPSW we created:

  • iPhone2,1_3.1.2_7D11_Custom_Restore.ipsw for iPhone 3GS, or
  • iPhone1,2_3.1.2_7D11_Custom_Restore.ipsw for iPhone 3G

Step 21: iTunes will now restore your iPhone using the custom firmware which could take a while, so relax. When done, your iPhone will reboot and you will now have a jailbroken iPhone.

You may now unlock your iPhone. For more information about unlocking your iPhone, please read our iPhone 3.1.2 unlock page.

If you have any question, please leave a comment below.