Every time a new iPhone OS comes out, it gives headaches to jailbreakers and unlockers. This time is no exception to the rule... The new iPhone OS 3.1 has been available for a few weeks and the Dev Team has successfully been able to unlock it.
It took a while but all 3 iPhones (iPhone 2G, 3G, and 3GS) can now be unlocked. You will either need to use PwnageTool or UltraSn0w to unlock your iPhone, depending on the model.
This guide and tutorial will show you step by step how to jailbreak and unlock your iPhone 2G using PwnageTool for Mac. At the time I am writing this, only PwnageTool for Mac is available to jailbreak or unlock iPhone 2G 3.1. Tools for PCs should be available soon. For the latest information about jailbreaking methods (including iPhone 3G and 3GS), I suggest you read our jailbreak page.
UPDATE: This tutorial also works for iPhone OS 3.1.2. Instead of using the 3.1 firmware, simply use a 3.1.2 firmware.
Please make sure you read and understand everything before starting the process. If you're new to jailbreaking, please take the time to follow the tutorial step by step. Problems often come when people want to go to fast or skip a step, so again, please take your time to read and understand every step.
1. First, make sure you have the latest version of iTunes installed on your computer. If not, update to the latest iTunes available.
2. On your desktop, create a folder called "jailbreak". In this folder download and save the following files available from our downloads page:
PwnageTool 3.1 3.1 IPSW firmware for iPhone 2G (iPhone1,1_3.1_7C144_Restore.ipsw), or 3.1 firmware for iPhone 2G (iPhone1,1_3.1.2_7D11_Restore.ipsw) if you want to jailbreak 3.1.2 BL 3.9 BL 4.6When downloading the 3.1 firmware, make sure you use FireFox and not Safari as Safari often brings up unwanted issues. To download PwnageTool, you will need a torrent downloader such as uTorrent.
3. Launch PwnageTool. Click OK to the warning message. Then choose "Expert Mode".
4. Choose your device. It should be the one on the very left. A green check mark should appear when you click on it. Click the blue arrow to continue.
5. You will now be able to "Browse for IPSW". Click on it and look for the 3.1 firmware you downloaded in step 2. Select the IPSW file and click the blue arrow to continue.
6. You should now be taken to the general menu where you have 7 different options. Choose "General".
7. In the "General settings", make sure that "activate the phone" and "enable baseband update" are checked. This is important. Again, make sure these 2 options are checked. Change the root partition size to about 600 MB and click the blue arrow to continue.
8. In the "Bootneuter settings", check "Neuter bootloader", "Unlock baseband", and "Auto-delete bootneuter.app", then click the blue arrow to continue.
9. You should now be in the "Cydia settings". This allows you to install packages so you don't have to do it later via Cydia. I like to install my packages manually but feel free to select a few if you want to. I will skip this step. Click the blue arrow to continue.
10. In "Custom packages settings", I recommend only checking Cydia. Icy is quite unstable so I don't recommend installing it. Do as you want but make sure at least Cydia is checked. Click the blue arrow to continue.
11. You are now taken to the "Custom logos settings". You can choose pre-selected logos or upload your own. I don't recommend installing any. I suggest unchecking the 2 custom logos that are pre-selected, then click the blue arrow to continue.
12. You should now be back to the general menu. It is time to start building your custom firmware. Click "Build", then click the blue arrow to continue.
13. If you haven't pwned your iPhone before, you will have to upload the bootlader files you downloaded in step 2. Follow the instructions on the screen to upload BL 3.9 and BL 4.6.
14. PwnageTool will then ask you if "you have an iPhone contract that would activate normally with iTunes". If you're using an official phone carrier (ie AT&T in the US, 02 in UK, etc...), and don't want to unlock your iPhone, click YES. Your iPhone will just be jailbroken. Click NO if you want to unlock your iPhone to use with other carriers.
15. You will now have to save your custom IPSW. Save it to your "jailbreak" folder on your desktop. PwnageTool will now create your custom IPSW which may take up to 15 minutes.
16. If asked for it, enter you admin username and password.
17. PwnageTool will ask you if your iPhone has been pwned before. Just say No.
18. This is a very important step. PwnageTool will ask you to turn off your device, the put it into DFU mode. After turning off your iPhone, follow the on-screen instructions to put your iPhone into DFU mode. Hold the power and home buttons for 10 seconds. Let go of the power button but keep holding the home button until you enter DFU mode. If you fail, PwnageTool will give you an error message and you will have the opportunity to start over this process until completed successfully.
19. Once your in DFU mode, launch iTunes if it hasn't already launched automatically. It will tell you that iTunes has detected an iPhone in recovery mode. Click OK.
20. We will now restore your iPhone using the custom firmware you created. In iTunes, hold the Alt/Option key while clicking "Restore". This is extremely important that you hold the Alt/Option key while clicking. A window will pop up and will let you browse for the custom firmware you created (which should now be saved in your "jailbreak" folder). Select it.
21. The restore will start, which may take up to 15-20 minutes. Once done, your iPhone will reboot.
Congratulations! You just jailbroke and unlocked your iPhone. If you have any question or comment, please leave a comment below.
The Dev Team posted an official update on their blog about the 3.0.1 jailbreak and unlock. I guess the aim of this post is to clarify a little bit on what to do and how it works.
The 3.0.1 release is a “branch” from 3.0 that occurs (code-wise) before all the 3.1 betas. The programs redsn0w needs to change for the jailbreak are identical when you compare the 3.0 and 3.0.1 versions. It seems pretty much the only changes Apple made were for the SMS bug, which affects programs that redsn0w doesn’t touch. That’s why you can re-use redsn0w 0.8 on 3.0.1 even though it was written for 3.0.
As I explained yesterday, you can still jailbreak your iPhone running 3.0.1 running RedSn0w and pointing it to firmware 3.0. Then, should you want to unlock, simply install UltraSn0w from Cydia if your are on an iphone 3G or 3GS. If you're on a 2G, just use RedSn0w to jailbreak and unlock.
The Dev Team says that they will update RedSn0w at some point so it recognizes firmware 3.0.1 but it will just be "aesthetic" changes, so there is no reason to wait for it.
For more detailed information about jailbreaking and unlocking, I recommend you check out the jailbreak page and the unlock page of this site. It is updated with the latest info.
The last version of UltraSn0w was supposed to fix a number of bugs and overall, it did a great job. However, some people are still having issues. The Dev Team posted an article with a few ultratips for those of you still having problems with your unlock.
Battery draining too fast? It's probably because you restored your iPhone from backup. You should restore your iPhone and set up as a new phone. Issues with T-Mobile? T-Mobile's 3G doesn't work on the iPhone. It's a frequency issue. Simply deactivate 3G in Settings > General > NetworkI think these two are the most common issues after unlocking. For more information, I suggest you hop over the Dev Team's blog and read the full article.
The friendly fight between the Dev Team and GeoHot keeps going as the Dev Team posted a blog post this morning highlighting how much better than PurpleSn0w UltraSn0w is.
Works on both 3G and 3GS Works on hacktivated devices Works regardless of how you jailbroke your device Doesn’t patch any mach-o binary whatsoever. (Doesn’t require a separate patch as each new firmware comes out). Doesn’t install any additional daemon Has no race conditions, no popups about “Missing SIM”, no network issues Is almost 7000 times smaller than its nearest competition :) Is available now via Cydia. Source repo is http://repo666.ultrasn0w.com (that last “0” in ultrasn0w is a zero!)That was the short version... If you want to full geeky version of this, head over the Dev Team's blog. Although PurpleSn0w might not be perfect, the Dev Team used parts and pieces of GeoHot's findings and included them in the latest UltraSn0w 0.9 update (available through Cydia).
What's really better? UltraSn0w or PurpleSn0w?
Honestly, I don't know. I don't need to unlock my iPhone right now so I haven't even tried any of these. If I had to pick one though, I'd choose UltraSn0w. I trust the Dev Team is doing what's best for your iPhone now but also takes into account future updates that might render the unlock impossible. GeoHot on the other hand, seems to be a burning head.
Have you tried UltraSn0w and PurpleSn0w? If so, what do you think?
A few days after releasing PurpleRa1n, the first iPhone 3GS jailbreak, GeoHot has now created his own iPhone 3GS unlock called PurpleSn0w.
Wifi fails? Battery fails? Unlock fails? You need purplesn0w, the geohot 3GS unlock solution. Now I know you here a lot about different colors of sn0w, but I'm here to tell you why purplesn0w is the best. First off, what is purplesn0w? It's a soft unlock for your 3GS that I'd actually use day to day. It's not a daemon that takes any resources, and it doesn't add a task to your baseband. It's very close to a true unlock. All it does is patch three files, CommCenter, lockdownd, and your wildcard activation plist(which you need, activate w at&t sim first, no hacktivation support yet).
Many users reported losing wifi connection and not being able to get any signal after unlocking their iPhone with UltraSn0w, so hopefully PurpleSn0w will get better feedback.
Follow these steps to install PurpleSn0w:
First your iPhone has to be jailbroken (see jailbreak guides) Launch Cydia and add this source: http://apt.geohot.com Install the com.geohot.purplesn0w package Reboot your iPhone Done!If you want to unlock your iPhone for T-Mobile, make sure you disable 3G in the settings.
GeoHot also posted technical information about PurpleSn0w. If you're into dissecting lines of codes, GeotHot made the source code available for you to play with.
There is a lot of confusion among noobies about jailbreaking and unlocking. One of our readers recently asked for a clear "non geeky" definition of both terms.
If you already know the difference between jailbreaking and unlocking, this article might not be very helpful to you but you may still be able to give us some insights or maybe add your comments and suggestions. If you don't know what jailbreaking or unlocking means, then read on because you're just about to get a crash course on iPhone hacking.
This short tutorial will show you how to unlock your iPhone 3GS using UltraSn0w. Unlocking your iPhone 3GS will allow you to use your iphone with any cellphone carrier in the US and in the world, assuming they use SIM cards.
Before starting, make sure this is the latest tutorial on unlocking the iPhone 3GS by visiting this page.
Unlock iPhone 3GS Guide:
First you have to jailbreak your iPhone 3GS. Read my RedSn0w tutorial on how to do that first. It should take about 10 minutes and it is a necessary step to be able to unlock your iPhone.
After jailbreaking your iPhone 3GS, follow these simple steps to install UltraSn0w:
Launch Cydia. Add the following source to Cydia repo666.ultrasn0w.com (note there is a “0″ in sn0w, not an “o”). After installing this source in Cydia, search for “UltraSn0w”. Install UltraSn0w and reboot your iPhone.That's it :)
I just added 2 new pages to the blog's navigation bar: jailbreak and unlock. I will make sure to keep these pages up to date with the latest tutorials on how to jailbreak and/or unlock your iPhone.
If you have a look at these pages, you will see that it's pretty straightforward: look for the firmware you want to jailbreak/unlock, then choose your device (2G, 3G, or 3GS) and click on the appropriate guide.
I decided to create these 2 pages because it might be a little hard for newbies to figure out what they're supposed to do or even how to search for information on this blog. This way, I make it dead simple for everyone to find relevant and clear information on both jailbreaking and unlocking the iPhone.
Note that I am starting this page with the latest 3.0 firmware. By now, most people have updated their iPhone to 3.0 and it wouldn't make much sense to list previous tutorials I wrote.
Since the release of PurpleRa1n, the first iPhone 3GS jailbreak, you are now able to unlock your iPhone 3GS.
To do so, you first have to jailbreak your iPhone with PurpleRa1n (see PurpleRa1n tutorial), and then, simply install UltraSn0w from Cydia.
It's that simple! Note that even though PurpleRa1n got an update, it's still a little buggy.
Shortly after GeoHot released his PurpleRa1n jailbreak, the Dev Team posted a video showing a jailbroken iPhone 3GS running the UltraSn0w unlock.
Our ultrasn0w program uses the at+xlog crash as an injection vector of our unlocking payload — and it does so on the 3GS in exactly the same way as on the 3G! But this injection vector will be lost if you update to 3.1 using the official Apple IPSW, which updates the baseband. So stay away from official 3.1 IPSWs until we release the tools that let you update the firmware without updating the baseband.
The Dev Team is still waiting on the OS 3.1 update to release its jailbreak.
Less than a week after the launch of the iPhone 3GS, the Dev Team confirmed it will soon be possible to jailbreak the 24Kpwn exploit that the hybrid team used on the iPod Touch 2G. This 24Kpwn exploit applies for the bootrom of the iPhone 3GS. In other words, you will soon be able to use RedSn0w to jailbreak your iPhone 3GS.
The other news is that once jailbroken, you will be able to use the current version of UltraSn0w to unlock the iPhone 3GS.
This is great news, but how did it happen? Why didn’t Apple fix this in their normal cat&mouse fashion? Well it seems this bootrom was cut in about the August 2008 timeframe, so the unintended early reveal of 24Kpwn earlier this year didn’t affect the iPhone 3GS.
Important: Apple has not given up on the cat&mouse game, and in fact there are challenging aspects of the 3GS jailbreak that aren’t in the other devices. It’ll take some time to safely work these into our tools, but the fundamental weaknesses are there: The bootrom is exploitable via 24Kpwn, and the baseband is exploitable via ultrasn0w. (And just like with the 3G, ultrasn0w for 3GS requires that you not update your baseband when Apple comes out with new firmware.)
If you're really into iPhone hacking, the Dev Team released the technical notes about the 24Kpwn exploit in the iPhone 3GS. These notes can be found here.
There is no information so far on the expected release date of the iPhone 3GS jailbreak but I am confident the Dev Team will have it ready within the next 2 weeks. The sooner, the better. I don't know about you guys, but I'm going nuts with my unjailbroken iPhone.