Jailbreak - Unlock

This is the low down on our tools for use with the 3.1 firmware from Apple, please read the whole post in full before attempting anything. Because of changes with Apple’s update techniques (that complicate the 3GS upgrade process) this will be a multipart release. This release starts with PwnageTool 3.1 for Mac OS X - this application supports the iPhone 1st Generation (2G), the iPhone 3G and the iPod touch 1G. NB: THIS DOES NOT SUPPORT THE 3GS OR 2G/3G IPOD TOUCH. redsn0w for Mac OS X and Windows will follow sometime in the near future, please don’t bug us about it - we’ll release when we have something ready.

1. GOLDEN RULE: If you are using a 3G iPhone with ultrasn0w and rely on ultrasn0w to obtain cellular service, then you should only upgrade to 3.1 with a PwnageTool created .ipsw. - Stay away from Apple’s direct updates as described here and here please get up to speed on the whole subject by reading the information contained in these posts.
2. If you have an original iPhone (1st generation) then 3.1 unlock works with this PwnageTool release. iPhone 3G users upgrading to 3.1 will need to continue using ultrasn0w with a PwnageTool created 3.1 .ipsw
3. Please read all parts of this post before downloading and using these tools.
4. Read items 1, 2 and 3 again and again.
5. At the bottom of this post are the bittorrent files for the 3.1 capable version of PwnageTool.
6. This app is suitable for the recent 3.1 release.
7. This version of PwnageTool will NOT work for the iPhone 3GS.
8. PwnageTool WILL work for Original iPhone (1st Generation), Original iPod touch (1st Generation) and the iPhone 3G.

Baseband 101

The ‘baseband’ is the generic nickname given to the internal components of the iPhone that handle the phone calls and Internet access. This ‘baseband’ is a tiny and unique independent computer system that runs inside your iPhone, it is separate to the main system that handles the applications (such as email and google maps) and it talks to the main part of the phone over an internal communications network. Think of it like a cable modem or other peripheral that is attached to your home PC that needs occasional updates. When a software update is released and presented to you within iTunes the baseband is sometimes updated (to fix bugs or add new features). The 3.1 update for the iPhone 3G contains such an update, so running the vanilla updater straight away with iTunes will reprogram and update the baseband.

SIM Free/SP Unlocked/Factory Unlocked iPhone 3G

This applies if you bought your iPhone 3G for $$$$$$$. This model of iPhone 3G doesn’t have an Service Provider lock (aka factory unlocked) and you are able to put any SIM card into the phone and get service. Your phone is already unlocked so you do not need to worry about baseband updates, simply upgrade to 3.1 using iTunes and then use PwnageTool to create an ipsw and then use this to jailbreak your phone.

iPhone 2G (1st Generation)

Use PwnageTool to do the magic and then restore with iTunes using your newly created .ipsw ‘nuff said, you don’t need to worry about anything, the baseband will be unlocked, the phone jailbroken.

iPod touch 1G (Original iPod Touch)

Use PwnageTool to create a firmware image and restore with that .ipsw using iTunes.

iPod touch 2G

Sorry, no support at this time within PwnageTool, use Redsn0w for an earlier (pre 3.1) firmware release instead.

iPod touch 3G (New iPod Touch)

Sorry, no support at this time within PwnageTool

Official Bittorrent Releases -

• PwnageTool_3.1.dmg.5089960.TPB.torrent
• SHA1 = ccc1e5db026362fc7eb9a40c76322b1fdcc90332

Unofficial Mirrors

The following links are unofficial download mirrors, you download these at your own risk, we accept no responsibility if your computer explodes or if it becomes part of a NASA attacking botnet or even worse if your hands fall off mid-way during the use of these files. We do not check these links or archives and we accept no responsibility with regard to the validity of the files, or with other content these links provide or with the content that is on the linked site. Always check the published SHA1 sums. We would prefer that you downloaded the official bittorrent release that is linked above, but you are welcome to try these if you really must. Mirror owners should email direct links only to blog@iphone-dev.org , please don’t place mirrors in the comments as they will be deleted.

• http://foskarulla.com/PwnageTool_3.1.dmg
• http://downloads2.touch-mania.com/PwnageTool_3.1.dmg
• http://fosk.it/PwnageTool_3.1.dmg
• http://www.peltner-kfz.de/PwnageTool_3.1.dmg
• http://bentkowski.com.pl/PwnageTool_3.1.dmg
• http://www.iemanduitnederland.nl/PwnageTool_3.1.dmg
• http://miphone.ca/iphone-dev/PwnageTool_3.1.dmg
• http://dehek.us/PwnageTool_3.1.dmg

If there’s one thing we’ve been stressing the last few weeks, it’s that if you want to keep the jailbreak or unlock on your 3GS, you should resist all urges to install Apple’s official firmware updates without knowing if a jailbreak exists for that version yet. Unless another (different) bootrom exploit is found for the 3GS that doesn’t require a “foot in the door” with a signed official iBoot, then accepting official updates willy-nilly may cause you to be cutoff from the jailbreak. And it will definitely cause you to be cutoff from the sim unlock.

Now, there are ways to ensure that even after taking an official 3GS update (which you really shouldn’t do!), that you’ll nonetheless be able to revert to a jailbreakable 3GS (this is NOT true for the unlock, see NOTE #1 below). We’ve been explaining these methods (like the iTunes /tmp technique) over the last few weeks, and there’s been some great discussion and feedback for the methods in the comments.

Having said all that, we realize that some of you updated your 3GS to 3.1 anyway. If you want to come back to the world of the jailbreak (but NOT the sim unlock, sorry!) then saurik’s new “on file” server may be able to help. He’s got all the details in a new article so do check it out.

Even if you did not update your 3GS to official 3.1 (good job! You really shouldn’t do that!), then you should still read the article and make those changes today. We fully recommend redirecting your iTunes signing process through saurik’s “on file” server to future-proof your 3GS jailbreak through all future updates.

NOTE #1: the sim unlock is a different story. Jailbreaking and unlocking have two different security mechanisms, and if you update your 3GS (or 3G) to 3.1, you will lose your sim unlock, possibly forever. Even if you downgrade from 3.1 to 3.0, you will have lost your sim unlock. So if you think you’ll ever want to sim unlock your 3G or 3GS (or maybe give it away or resell it later as an unlockable iPhone), then please stay clear of all official Apple IPSWs. You’ll soon be able to create custom 3.1 IPSWs using PwnageTool that let you pre-hack your 3.1 update in a way that preserves the sim unlock.

NOTE #2: The custom IPSW flow using PwnageTool also ensures that even if Apple fixes all the iBoot holes, you’ll still be able to retain your jailbreak through later updates. That’s because a jailbroken iPhone will happily accept a custom (pre-jailbroken) firmware update even though it’s not blessed with Apples signatures. This is the “once jailbroken, always jailbroken” approach. It’s very powerful, but it requires you to only update to pre-hacked IPSWs.

NOTE #3: None of this applies if you have an iPhone 2G, iPod touch 1G, or iPod touch 2G. The iPhone 3G is also unaffected by Apple’s signing process for the jailbreak, but it is susceptible to permanent loss of the unlock as mentioned in note #1.