How to Jailbreak Your iPhone 3GS Using PwnageTool (Mac) [4.0]

Posted June 22, 2010 at 7:11pm by iClarified | Please help us and submit a translation by clicking here | 301926 views

These are instructions on how to jailbreak your iPhone 3GS on iOS 4.0 using PwnageTool for Mac.

Currently, PwnageTool only works on previously jailbroken 3GS devices with the old bootrom.

● If you have a Jailbroken iPhone 3GS with the OLD BOOTROM and you DID NOT use Spirit to jailbreak then you can create the ipsw with PwnageTool 4.0 and restore with your jailbroken recovery mode.
● If you have an iPhone 3GS with the NEW BOOTROM this is NOT supported by PwnageTool 4.0. Please don't use this tutorial.

Step One
Make a folder called "Pwnage" on the desktop. In it, you will need a couple of things. PwnageTool 4.0, found here or here

You will also need the 4.0 iPhone firmware.
4.0.0 (3GS): iPhone2,1_4.0_8A293_Restore.ipsw

When downloading the IPSW file, it is best to download it with Firefox since Safari often auto extracts it!

Step Two
Double click to mount PwnageTool then drag the PwnageTool icon into the Pwnage folder.

Then from the Pwnage folder double click to launch the PwnageTool application.

Click Ok if presented with a warning.

Step Three
Click to select Expert Mode from the top menu bar

Step Four
Click to select your iPhone. A check-mark will appear over the image of the phone.

Step Five
Click the blue arrow button to continue. You will be brought to the "Browse for IPSW" page. On my laptop, it automatically found the IPSW. If PwnageTool doesn't automatically find the ipsw file you can click Browse for IPSW....

Click to select the found IPSW file, a checkmark will appear next to it. Then click the blue arrow button to continue.

Step Six
You will then be brought to a menu with several choices. Click to select General then click the blue arrow button.

The General settings allows you to decide the partition size. Check Activate the phone if you are not with an official carrier then click the blue arrow button.

NOTE*: Deselect Activate if you have an iPhone legitimately activated on an official carrier.

The Cydia settings menu allows you to create custom packages so you do not have to manually install the necessary them later.

Click to select the Download packages tab. Then click the Refresh button to display all the available packages. Double clicking the package you want will download it and make it available in the Select Packages tab.

Checkmark the ones you want then Click the blue arrow button.

The Custom Packages Settings menu displays listed package settings for your custom IPSW. For know leave these settings as is. Click the blue arrow button to continue.

The Custom Logos Settings menu allows you to add your own images as boot logos. Click the Browse button to select your Boot logo and Recovery logo. If you would like to use the iClarified ones they can be found here: Boot Logo, Recovery Logo

Remember the rules for them: RGB or Grayscale format with Alpha channel and dimensions below 320x480...

Click the blue arrow button to continue.

Step Seven
You are now ready to begin the pwnage process! Click the Build button to select it then click the Blue arrow button to begin.

Step Eight
You will be asked to save your custom .ipsw file. Save it to your Pwnage folder you created on your Desktop.

Your IPSW is now being built. Please allow up to 10 minutes.

You will be asked to enter your administrator password. Do this then click the OK button.

Step Nine
Once your ipsw has been built you will be asked to place your iPhone into recovery mode. Click OK to close the popup message telling you this, then connect your iPhone to the computer and follow these instructions on how to put your iPhone into recovery mode.

Step Ten
Once In iTunes, hold the Alt/Option key and click Restore.

Step Eleven
Navigate to the Pwnage folder on your desktop using the dialog window that appears. Select the custom IPSW that was created and click the Open button.

Step Twelve
iTunes will now restore the firmware on your iPhone. This can also take up to 10 minutes. Once done you will be rebooted into jailbroken iPhone OS 4.0!

***THANKS: Thank you to the Dev-Team for their hard work in making this jailbreak and tutorial possible!

Add Comment
Somesh Pant - September 15, 2010 at 9:33am
Hi, I have these details about my iphone: [iBoot-359.3] : Thats old boot rom, i think. Version: 4.1 (8B117) Model: MC137LL Modem Firmware: 05.14.02 I accidently updated it recently using iTunes, my bad. I want to jailbreak/downgrade it so that i can jailbreak it easily. Any pointers if someone has done it before or from admins from this site. I have tried almost all ways in search engines, but didnt work. Please help. Thanks, Somesh
Somesh Pant - September 15, 2010 at 9:34am
yes, i get 16XX error when i tried pwnagetool 4.1 to restore it.
Steve - August 23, 2010 at 12:52am
When I go to restore my iPhone with my custom firmware, i keep getting an error 1600.. any ideas to help?
MV - August 26, 2010 at 9:34am
I have the same problem, any ideas on how to solve this?
Markus - July 30, 2010 at 8:44am
I have a 3GS with the new bootrom (MC...) and it was never jailbreaked. iOS4 is installed. How can I unlock this iphone? A \"downgrade\" with PWnage to OS 3.x dosen´t work. iTunes said, that this is not possible... any ideas or recomendations?
matador - July 30, 2010 at 7:57am
Will anyone be able to help here please......? I am running 3.0.1 firmware on iphone 3GS .... the bootrom is without doubt the old one....... device is jailbroken (redsnow) and unlocked (ultrasnow). I have no access to a Mac computer.... Wish to upgrade to iOS 4.x.x. Supposing I download a custom firmware 4.x.x (not official apple firmware), can I upgrade and jb/unlock successfully? thanks in advance for your help.... :)
qutecpye - August 5, 2010 at 11:13am
I am in the same boat as you are, I have a 3gs running 3.1.2 firmware (unlocked and jb via blacksn0w, old bootroom ) and no access to Mac either so if you find anything would you please let me know. Thank you very much in advance:)
BRIA - July 28, 2010 at 9:26am
iPhone friends, i have a iPhone 3gs running 4.0 (8A293) with bootloader 05.13.04 and old bootrom. Previously i was running jailbroken 3.0 (not spirit) but accidently updated to 4.0 trough iTunes. I\'m aware of the importance of saving the shsh files (didnt did that on 3.0) but can i still request my old shsh files with Umbrella? Because when i\'m using umbrella it says that it saved iPhone3gs 4.0.1 shsh files. Does that means that i can downgrade to 3.1.2 or upgrade to 4.0.1 and jailbreak with pwnagetool? Most likely it should be for 4.0.1 but i just want to know for sure!! Many thanks! Grtz Bria
259 More Comments
Follow iClarified
Firefox for iOS Preview Now Available in New Zealand
Mozilla has announced the roll out of Firefox...
Apple Updates Final Cut Pro, Motion, Compressor With Numerous Improvements
Apple Acknowledges There's 'A Bit of Homework to Be Done' to Improve Apple Music
Google Drive App Now Lets You Select Multiple Files to Keep Offline, Star, or Organize
Japan Display CEO Hints at Strong iPhone 6s Orders
Japan Display's new CEO hinted at strong orde...