This tutorial is only recommended for experienced users.
anything goes wrong i will not liable for anything ( i am not owner or programer of this i am just user of it same like you but just trying to help you guys because i have experience of this )
Requirements:
3GS iPhone with Old iBoot
This file spirit2pwn_r2.zip( http://code.google.c…/downloads/list )
STEPS:
1. Restore to orignal 3.1.3 firmware and jailbreak it with spirit
2. install fowllowing from cydia
packages: Afc2Add, OpenSSH and mobile terminal.
3. create a custom firmware 3.1.3 using PwnageTool Mac or Sn0wBreeze Windows.
4. Now go to the directory where you saved the custom firmware 3.1.3 and change the extension. IPSW to. ZIP and unzip the file you just created.
Once finished, open the folder indicated by the name of the firmware and placed in Firmware/all_flash/all_flash.n88ap.production and move all the files in the / tmp directory on your iPhone using an SSH connection.
Decompression spirit2pwn_r2.zip the previously downloaded file, and once again move all the files in the directory / tmp on your iPhone.
Run on the iPhone Mobile Terminal and type these commands:
su root
Alpine (your password)
cd / tmp
chmod 755 pwn_old_boot_r2.sh
./pwn_old_boot_r2.sh
When the process really SUCCEED.
You can now restore ios 4 the custom firmware with PwnageTool 4.0 or Sn0wBreeze created earlier. but make sure your hosts files are not edited, remove ip address’s if you entered any and you will got 16XX error
THANK YOU!!!
This totally works, I tried it on my stock 3.1.3 iPhone 3GS with OLD bootrom.
works like a charm, very easy, just had to change "r1.sh" to "r2.sh" as in the file download.
THANK YOU SO MUCH!!!
Worked like a charm! Thank you! I am now running a 3GS old bootrom thatw as jailbroken on 3.1.3 with Spirit, and am now jailbroken on 4.0 thanks to this page!!!! woot!
I keep having error 160x when restoring to iOS4 with and without DFU or recovery mode, any idea what to do?
would upgrading to 3.1.3 solve my problem?
tell me all info about your device and firmware, baseband etc
I followed everything you suggested above. After reboot it says to restore custom firmware created earlier. Do I need to restore this 3.1.3 custom firmware or can go straight to restore a 4.0 custom firmware?
go to ios 4 there is no need to restore again custom 3.1.3
How to restore from 4.0 to 3.1.3 if I didn’t save shsh files?
its you can not restore to 3.1.3 without shsh, you have to wait a newer verison of spirit jailbreak will be released within couple of days may b within 2,3 days
What is password in the "Alpine (your password)" line?
alpine is default password, use alpine is you did not change your password or if you have changed your password then enter your password
Thanks, aftab. Can I use "IPhone Browser" software instead OpenSSH connection method? I used it many times in past to browse iPhone folders.
ya sure, go for it this does not matter what app you use to transfer files
ya sure, go for it this does not matter what app you use to transfer files
Sounds good, but what I have to type in the iPhone Mobile Terminal mode if I don’t use OpenSSH? Should I still install Afc2Add and OpenSSH via Cydia if I use the Iphone Browser software?
Afc2Add is necessary to browse you files no matter what software you are using to access file system, you have to install Afc2Add and Mobile terminal but openssh is not necessary if Iphone Browser does not require wifi to access file system.
commands will be again same (following):
Run on the iPhone Mobile Terminal and type these commands:
su root
Alpine (your password)
cd / tmp
chmod 755 pwn_old_boot_r1.sh
./pwn_old_boot_r1.sh
I have 3GS 3.1.3 old bootrom. Is it worth trying your method or better to wait for the new spirit?
it totally depends on you if you can not wait for new jailbreak then go for it but in my personal view spirit is not good to use, now see how late new jailbreak is. jailbreak by dev team is good to use. simply in short i think you should use this because new jailbreak that is coming is not an exploit in bootroom and apple will easily stop it in newer firmware version 4.0.1 that is coming next week. jailbreak using this method is better and stable but its up to you
Hi i have a 3gs which i had to update to 3.1.3 with old bootrom. when i tried to update thru pwnage i get 1604 error. any help would be appreciated.
Thanks.
I will try. What version of Sn0wbreeze and iTunes I can use to create custom 3.1.3 firmware? Can I use 4.2 iTunes and the latest 1.6.1 Sn0wbreeze?
ya you can use itunes 9.2 but snowbreeze 1.5.3 you have to use
1604 is error because you are using custom firmware and you can not use custom jailbreak, if you used spirit ti jailbreak 3.1.3 then you are not able to use custom firmware made by pwngtools or snowbreeze because spirit and pwngtools are made by 2 different persons
Thank you for this. But i never used spirit. it was initially jailbroken with blackrain. had to update it so used the apple firmware to update to 3.1.3. so now when i tried to jailbreak and unlock with pwnage ios4 firmware i get 1604 error message. any thoughts
hmmmm spirit and blackra1n is from different person (GeoHot)and pwngage by (dev team)
if you want to restore ios4 then you can follow these steps
1. restore to 3.1.2 and jailbreak it with redsnow
2. then use custom ios 4 to restore. if you are able to use redsnow on 3.1.2 then there will no error
Unfortunately never backed up shshs. any solution. my iphone has been locked for 4 months.
thank you for all the help.
Thanks. it worked!
no worries, are you to downgrade to 3.1 ?
Hi, I tried the method but the spirit2pwn_r1.zip link points to r2 file. I downloaded and did the method with r2 file and after seeing SUCCEED, i restarted the phone but it stucked in DFU mod and had to restore to official 4.0
downgrade to 3.1.2 and jailbread it with redsnow or if you are not able to downgrade to 3.1.2 then downgrade to 3.1.3 and jailbreak it with spirit and then do this all again. why you entered in DFU mode ? there is no need to enter in DFU
is it safe for sim locked iphones ? (if we dont have the original sim card of the carrier the phone is locked to)
will there be any activation problem ?
and what is the exact settings for snowbreeze made custom FWs ? ( both for 3.1.3 and 4.0 FW s) ( i mean the simple-expert mode selection , activation yes or no etc.)
what i understood is step by step
1-) we need a spirit JB over 3.1.3 FW . And download the required packages from cydia
2-) we use sn0wbreeze to make a custom 3.1.3 FW .
3-) we unzip that 3.1.3 custom FW and make required changes ,then copy to the phone .
4-) Run the rename commands.
5-) Reboot
6-) Make another ,that time 4.0 custom FW . And restore with that 4.0 custom FW and have full Jailbroken 3GS running 4.0.
Am i 100% correct ? or am i misunderstood in any step ?
(That most important part is whether is it safe to do it on a sim-locked and activation needed phone , i cak take the risk ,but i dont have original sim card)
i believe my itunes doesnot allow me to downgrade. i even tried to downgrade to 3.1.2 and it doesnot allow me to downgrade.
its upto you mate, this is same like jailbreak if you dont want to take risk then leave it and wait for proper jailbreak that is near to come. yes you correct, steps are right you told
thats because of shsh, are you using tinyumbrella ? which .shsh do you have ?
I did not enter DFU mod. it says restart the iphone after done. I shut down the iphone but it did not start. It stucked in dfu mode
you are 100% sure if this works on activation needed sim locked devices
all right i know it’s now jailbroken with spirit , but the steps i take here could harm activation again ?
only info i need to take the risk =)
oh,,,, you have to start from beginning by installing 3.1.2 or 3.1.3
sorry dont think i have any shshs.
let me clear you, when you use snowbreeze to make custom firmware then it will ask you for hactivation, then please press yes. after installing custom firmware it will not ask you to connect to itune to active iphone.
let me clear you, when you use snowbreeze to make custom firmware then it will ask you for hactivation, then please press yes. after installing custom firmware it will not ask you to connect to itune to active iphone.
this is for only those users who used spirit to jailbreak 3.1.3 with old bootroom
Do you think i am out of luck or can i do something.
thank you
there is no need to worry, a proper jailbreak is on its way it will be released soon by dev team
Thank you. Much appreciated.
all right , all the stuff is now ready for action
do you have any other tips ?
i have last (fortunate for you =) 2 questions
is it enough for me to make both (3.1.3 and 4.0) custom FWs in simple mode (both with activation)
and what is that r1 r2 issue , is there any missing or changed file other than the one in the first message and the link
thanks very + very + very much
there is not problem with r1 and r2, use r2 downloaded from goole projects and in simple mode you will lose apple logo when you restart iphone there will be snowbreeze logo and if you want to use expert user uncheck custom logo and all else will be fine……. i will suggest you if you are facing any problem let me know i will help you but please do not do anything wrong because one wrong step would make your device locked till next jailbreak tool
Where is custom ipsw located? I can’t find it on desktop.
did you use snowbreeze
yes, it’s done, but I can’t find custom file
try to find file with this name
sn0wbreeze_iPhone 3GS
found the file…but Alpine password doesn’t work
use alpine instead of Alpine………. nothing is in capital…………. alpine is pass
the terminal at the end of the process , says :
ABORTING file not found . needservice.s518920x.img
am i safe to reboot now ?
is it a normal error ? ,
no do not restart it until it says SUCCESS, you did not copy all files of custom 3.1.3, try again to copy files from custom 3.1.3
i decompressed all the files in directory "/firmware/all flash / all flash.n88app.production" to /private/var/tmp
and also copied the 2 files from spirit2pwn.zip file to the same directory
typed the commands , but after 2 or 3 [OK] , says Aborting .. needservice.s518920x.img3 not found.
I have the pwn_old_boot_r2.sh file saved in the tmp folder but command "chmod 755 pwn_old_boot_r2.sh" doesn’t work, it can’t find the file
try to see the file in iphone tmp folder, is it threre?
try to see the file in iphone tmp folder, is it threre?
try to see the file in iphone tmp folder, is it threre?
yes, it’s there!
try again with the correct name then
chmod 755 pwn_old_boot_r2.sh
tryed 5 times…
did you enter this command before ???
cd / tmp
chmod 755 pwn_old_boot_r2.sh
it says: chmod: cannot access "chmod 755 pwn_old_boot_r2.sh": No such file or directory
i think you forgot this command
cd / tmp
then enter this
chmod 755 pwn_old_boot_r2.sh
yes, sure
you are entering wrong command as error is saying………. chmod 755 pwn_old_boot_r2.sh this is not command……
just enter
chmod 755 pwn_old_boot_r2.sh
I did cd / tmp and have line:
iPhone:/ root#
Success it said.
now the last part
connect itunes , shift + restore to sn0wbreeze made custom 4.0 right ?
great now restore with custom ios 4 and enjoy
try this command
dir
and then check and tell me file names that are showen as same as you copied in tmp folder ???????
will i lose my stuff on the phone ?
can i shift + update , instead of restore ?
Error 1600
I did:
cd / tmp
chmod 755 pwn_old_boot_r2.sh
Display showed:
iPhone:/var/mobile root# cd / tmp
iPhone:/ root# chmod 755 pwn_old_boot_r2.sh
chmod: cannot access "chmod 755 pwn_old_boot_r2.sh": No such file or directory
yes you will lose all of your stuff, i am not sure about shift + update but i think this will also work, give it a try this will work i think
Sorry, it says:
I did:
cd / tmp
chmod 755 pwn_old_boot_r2.sh
Display showed:
iPhone:/var/mobile root# cd / tmp
iPhone:/ root# chmod 755 pwn_old_boot_r2.sh
chmod: cannot access "pwn_old_boot_r2.sh": No such file or directory
try
dir
and then tell me file names that terminal will show, or do you know how to change permissons ?
It shows all the iPhone folders, not files
do you have ifile installed on you iphone or know how to change permissions of files ?
i have a backup , so i will try shift + restore
because as far as i know , even i manage to do shift + update , i will lose all JB stuff ,but only prevent apps and contacts ,messages etc (that are also retrievable from backup) , so restore or update wont make any difference. i dont want to be the first one to try smt , that has not been tried before :)
am i right ?
no
ok do not restart you phone, open cydia and install ifile from there then after installing open it and tell me you have installed it
done
nice, open ifile and go to tmp folder and see is there all files ?
yes!
yap right
yes, in "/var/tmp" folder
in conclusion , this method patches (or fakes) bootrom to accept custom FWs by extending the spirit JB advantage to boot-level temporarily .
ya thats same /var / tmp folder see all files are there ?
when I open tmp, it goes to var/tmp
in sn0wbreeze , says , enter recovery mode (home button pressed , connect itunes method) ..
do i need this , or just in normal mode , can i shift + restore ?
thats same is all files there ?
yes, all of them (16)
do it as normal
yes
now there is an arrow in from of that file press it and there will be options tell me that sorry i am not able to use ifile now it crashes on ios4
Owner: root
Group: wheel
Acess permissions:
User: Read, Write
Group: Read
World: Read
ya thats i needed, thanks now change all options by tapping them one by one,
user
group
world
when you will tap user there will be 4 more options and 2 will be checked and remaining will not be but you have to check them all of user group and world then tell me how it looks like ? ok got it ?
it’s error 1602 :(
why ?
Done! Shouls I do the same for all the files in the temp folder?
strange, was your process succeed> was there mentioned success in the end >???? try to create a new custom ios 4 and then try shift + restore or you can try now recovery mode
no not for all, just the file that need chmod 77
now try other commands in mobile terminal
@popov do it like this
su root
Alpine (your password)
cd / tmp
./pwn_old_boot_r2.sh
it’s strange that now itunes even doesnt recognize iphone ,in recovery mode
the same error :(
unplug your iphone and plug it again itune will recognize it
read this page from end, there is a comment for you to read
restarted itunes and i now try in recovery mode , but not very optimistic about it
but i’m 100% sure i saw the SUCCESS screen in terminal
this pwn to the boot is permanent ?
no
no worry everything is going to fine, and yes this is permanent unless you use spirit or any jailbreak by geohot instead of dev team………. this works like remove effects of spirit jailbreak and move you to redsnow, may be understand it
what no ? did not get you
the same error, can’t find the file…
in recovery mode , this time , it’s 1604 .
should i try DFU ?
buddy delete all custom firmwares you made and make a new with snowbreeze and then try it, thats impossible if your process was successful
are you restoring to ios 4 custom ?
now there is no need to do chmod 755, try following files
su root
Alpine (your password)
cd / tmp
./pwn_old_boot_r2.sh
of course i’m dude =)
no DFU would give you 1604 error, try to make new custom firmware of ios 4 and restore it and please make sure your itune is 9.2
it doesn’t work too
i will try .
what error are you getting now ??? and are you sure you was on iphone 3gs 3.1.3 with spirit jailbreak ?
you can not restore ios 4 without having itunes 9.2 version
what is strange , in recovery mode , while it says "preparing iphone for restore" , there’s not sn0wbreeze logo on the phone screen ,
yes, I just jailbroke it with the newest Spirit with iTunes 4.2 support, I am on 3.1.3
the same error, can’t file the file
it’s 9.2 man :)
the same error, can’t file the file
mate try with new generated custom firmware having itune 9.2 else it will not work
I coped the files by Iphone Browser….may be this is why it doesn’t work?
understand you but there is nothing that i can even be wrong in sn0wbreeze , even i try to do a mistake :)
i just select hactivate ,
no, thats not problem, you are not able to go to tmp folder thats all ok lets try with another way. can you please paste all the files that you pasted in tmp folder to
/private/var/root
and then try all the commands with chmod 755 as well
Can’t i run these commands with WinSCP. cause i cannot instal mobile terminal through cydia. i cannot find the program.
winscp is best way to do this…
I did:
dir tmp
alll the files are there!
ya but the thing is that snowbreeze replace the ios4 with os 3 because of same name
nice then simply use
cd tmp
then see your terminal show like
iPhone:/tmp root#
anyone else getting "aborting needservice.s518920x.img3 not found!" that file wasn’t in the custom firmware.. is that possibly the pwnage logos? i chose not to include those.. i copied the files from the firmware directory of my ios4 ipsw by the way. i’m not sure if that was a typo when it said to use the 3.1.3 package
and one lsta thing i cannot find snowbreeze 1.5.3… any link to download???
well, I did
cd root
instead of
cd / root
and it worked!!!
yes but there is a way of that, do you have shsh saved on cydia or in your pc ?
well, I did
cd root
instead of
cd / root
and it worked!!!
I don’t think you need to go into restore or DFU mode. Just do a restore while your phone is booted normally. That’s how I did mine and it worked without issue.
i was mistaken about that as well .
then deleted the copied ones . and re-copied from the correct ipsw
No
do you have shsh files of 3.1.3 or any version ? then you can go back else you can not downgrade without them if you have installed ios 4 once. you can go back to os 3.1.3 now, i can tell you how but after installing ios 4 you can not without shsh
copy your shsh files then it would be save for you…. withour shsh files you can not restore 3.1.3 again
if i manage to do this , i dont need to go back 3.1.3 anymore .. i also have SHSH for 3.1.3
but if i continue to get 16xx errors , how can i go back 3.1.3 ?
How to copy the files?
thats easy just use blackra1n in recovery mode it will bring your home screen at that point where you were… thats all
that would be great =)
Ah. Yep.. Don’t make my mistake…
You need to extract the files from your custom 3.1.3 ipsw (made with pwnage tool 3.1.5)
after that the ios4 install was flawless.
Thanks for helping us out!
so how are you doing ? whats your position
check bottom of the page
without saving shsh files it very dangerious to do, you could lose your access to iphone
Cydia says "this device has a pending TSS request". I pressed " make my life easier" when I first time opened Cydia. Should I use Windows software?
open cydia is there any thing written in green colour ? like
the device has shsh files on files for iphone os : 3.1.3
is it in cydia ? on the top ?
worked or not ?
please let me know what software I have to use to save shsh…I heard it’s too late to save for 3.1.3…
back in 3.1.3
better than nothing
thank you for all your help
i will be safe i think in this situation
even i couldnt do JB 4.0 , i will be back to 3.1.3 ..
use this to save your shsh
http://www.redmondpie.com/save-shsh-blobs-ecid-shsh-iphone-3.1.3-ipad-3.2-9140709/
if you are not able to save shsh files then you can not restore to 3.1.3 or older…… then the only way would be to restore to original ios 4 and in Pak i know without ultrasnow no one can use set, for me it is easy to do all but you are not allowing me to enter into your computer i am not hacker or something like that and also dont want to copy your data, the only purpose was to save time and headache of both, but ok as u like do it but remember 1 step you will do wrong and your phone would be locked and you have to wait for new jailbreak tool
there is another vid if you want to see to get help to save your shsh
http://www.youtube.com/watch?v=UwPDuU9cBOE
I used AutoSHSH-3.1.3_3.2–RC2 and it didn’t work
ok try this one that i suggest you it will work fine
yes, I tried http://www.redmondpie.com/…/ and it doesn’t work
it says couldn’t get shsh for your model/version, sorry
how can i install mobile terminal through cydia..? I cannot find it?
try to search MobileTerminal or terminal it should be in front of you
I installed
I did everything, after entering the commands either Win SCP or mobile terminal, when i attempt to restart after SUCCESS iphone stucks at DFU mod.
now try to restore
IT does not restore to cutom firmware. Itunes gives me error. It only accepts original FW. 3.1.3 or 4.0
Gives itunes error 1600
OMG WHO EVER WROTE THIS GUIDE I CANT THANK YOU ENOUGH!!! Ive been dying and looking everywhere for a guide for spirit users and i tried this and it worked great thank you veryyyyyy much!!!
THANKS AGAIN!!! Aftab!!!
I would love for you to tell me exactly why this works!!! I searched for so long and then I found this page! i’ve been trying to help everyone else out in this situation!
Thanks again you are GREAT!!!
Please contact me to discuss! :)
Hi,
I have a 1604 eror on itunes and its stuck with the connect to itunes on iphone-any help appreciated! JK
——————————————————————————–
i’m not a newbie , and 100% sure have the old boot , but always take a couple of 160X errors when "preparing iphone for restore" is on the screen
the sn0wbreeze version i make 3.1.3 custom is 1.5.2 .
and for 4.0 custom , i used 1.6.1 ..
i’m not sure , if any cydia packages conflict with smt here , i’m not able to load 4.0 custom anyway.
but luckily i can kick phone out of recovery mode with blackra1n ,and go on using 3.1.3 from where i’m left..
i may try again from the beginning but 99% sure i dont make any mistake , maybe there are other limitations to get this patch work.
Any ideas ?
Just tried this on my 3gs 16gb 3.1.3 jailbroken with spirit. It didnt work came up with the annoying 1600 error.
How did you restore it? In normal mode, recovery mode or DFU mode?
And are you sure you’ve got the old Bootrom?
Same here , i wrote a while ago
it’s 359.3 … (with usb view) , serial number 4-5 number is 38…
spirit Jailbroken 3.1.3 .. done everything step by step ..
done custom 3.1.3 on snowbreeze 1.5.2 (not 1.5.3) , it may be an issue ?
I see Success in terminal window .
But the custom 4.0 FW , made by snowbreeze 1.6.1 always fails to load in every mode , either 1601 , or 1602 or 1604 errors
i’m 100% sure doing it perfectly , but couldn’t make it happen .. itunes 9.2 is loaded
Go to IH8sn0w.com and download f0recast, my bootrom is 6.4 model mc131. Tried the DFU method, Tried normal after restoring to 3.1.3 and all brought up the same 16xx errors. Itunes is 9.2 as i updated it for this.
i’m afraid that 6.4 is not bootrom , it’s bootloader instead ,which is completely different
but still i dont have any single idea why i dont manage to do this trick
The iBoot version (6.4) and the model (MC or MB) doesn’t have anything to do with the Bootrom. (The MC / Non-MC model thing is only for iPod Touch.) iForecast can only assume if you have the new or old Bootrom based on the production week of your iPhone, which is part of the serial number. But this is a very inaccurate method.
Yesterday, iH8sn0w released "iDetector" which can with 100% accuracy tell you if you have the old 359.3 (good) or new 359.3.2 (bad) Bootrom version. Download it here http://ih8sn0w.com/index.php/products/view/idetector.snow and connect your iPhone in DFU mode.
What’s the result?
it’s old one for me
hi, guys that are facing 16xx error let me tell you, please use winscp and putty and then try to do it, i was doing this to one of my friends and i saw that he was not running commands correctly so that why he was also facing 16xx error then i tried and was working correctly.
make sure when you enter
cd / tmp then you are as
(iphone name) :/tmp root# instead of
(iphone name): root#
and try enter
dir
and then see these files are there or not ? if you are doing this correct then this process will be successful
Edit : files you copied from custom firmware are there or not after entering dir command
yes they are there =) there’s no problem pwn ining the boot also because i see success word at the end of the process (i did try it again a few mins ago)
the problem seems about smt else i think because i’m 100% sure about the correction of steps i take ..
maybe it’s about sim-locked devices , have u tried this on any sim-locked device ? (ok , i also say myself , "what can be different on a sim-locked device , nothing i think" , but cannot find any other reasons for now)
one thing i notice is that a lot of people are probably typing in the commands wrong (like i did) because it looks as if there are spaces between everything when there is not:
cd /tmp (there is only ONE space….)
do not type "cd / tmp" (TWO spaces)
how ?
is it possible that this snowbreeze crap is the problem?
i used my Mac, and official Pwnage Tool, etc etc and everything worked flawlessly the first time.
guys, i have faced a difference here try to enter
cd / tmp
or cd tmp (without /)
then check with
dir
if you got your file names tha you copied in tmp then you are able to make it work
umm, the first step is to restore your phone to stock 3.1.3.
can’t you read?
ya you can try with pwnage tool
maybe it’s about sn0wbreeze , the custom FW (each one) created in pwnage maybe slightly different than the ones with sn0wbreeze
i dont have a mac , but if someone copies the files in question to mediafire ,rapidshare etc .. i can use pwnage made customs in the process
you can download custom firmwares from the internetz :) they are already out there… somewhere…
wow that is really nice of you Aftab!!! David will love you.
THANK YOU AGAIN for this amazing jailbreak option. how does it work exactly? i would love to just know why no one else came up with it, or released it to the public.
YOU ARE AWESOME! :)
actually it is publicly download able and one more thing i did not write or program it, i am also user same like you but i have more experience of this so thats why i am trying to help you guys, i am not really its owner i also copied this from a website
check your mail , mate =)
THANKS AGAIN Aftab.
Not sure where you found this… I was trying to help people in the comments section of the Dev-Team Blog which is where I found a link to this page, and thankfully it totally works!!!
However, because I posted the link to your page they banned me from commenting!!! hahahaha Oh well at least I got to help a few other people in my situation out! :)
Guess they don’t want it around if they didn’t come up with it themselves! haha
I saw your post in the Dev-Team. you did a great job by helping others. I am in the same situation, but wait for a while before update iOS 3.1.3 to 4.0.
USA, not Pakistan :)
hi guys i need a quick answer
so i have a 3gs on 3.1.3 JB with spirit i have a MC model running on the old bootrom
so i think im good to go right?
another was while i am doing the whole process i have to download to itunes 9.2 now or after i create the custom files for 3.1.3? and should i unplug my iphone during this? and do i get 4.0 from itunes or somewhere on the web???
Thanks to msftguy for finding this out and thanks to aftab for spreading the word!
IT WORKED! =D
I’m really happy to be back on the "Jailbreak train"!
To all those who are having problems, here are the exact steps that I took. Maybe it helps someone.
1) Copy everything as described to the folder /tmp on the iPhone using WinSCP or similar. Use an IPSW MADE WITH PWNAGETOOL for the files, and not one made with Sn0wBreeze!
2) In MobileTerminal on the iPhone enter:
su root
(then your password; standard is "alpine")
cd /tmp
(Now enter "dir" and make sure that those files you copied in step 1 are listed. If everything is there, proceed.)
chmod 755 pwn_old_boot_r2.sh
(This should only take a second.)
./pwn_old_boot_r2.sh
(This one takes about 10-15 seconds. Make sure that it says "SUCCESS" at the end.)
3) Now, turn your phone OFF, but not on again!
Then, open iTunes and connect the iPhone WHILE HOLDING THE HOME BUTTON, and release the home button when the "connect to iTunes" picture is displayed on the screen. It’s now in recovery mode which is best for restoring a custom IPSW in our case. Now you can use Shift+Restore and your 4.0 IPSW (made with PWNAGETOOL!) to update – have fun with your jailbroken iOS 4! =D
How about unlock your iPhone with custom iOS 4.0? Is there any negative effect by using this method?
none .. the only negative effect i witnessed in 4.0 , is , when you forget double clicking home button and close the apps , multitasking works in a way that surely slows down your phone .
thanks! :)
all i was trying to do was help, and then they banned me for it! hahaha oh well… guess i won’t waste my extra time trying to help people that they don’t want to! :)
just so you know, this solution uses all legitimate tools (as legitimate as legitimate gets when trying to hack an Apple device! hahaha) and its pretty easy. and it works flawlessly! in case you were holding off on updating. :)
hey paul
you are good to go!
you can download both 3.1.3 and 4.0 firmwares off the web (there are links all over the place)
you don’t need to have your phone plugged in during 3.1.3 because you will be transferring files via SSH so you will need a Wifi connection (some people have used USB file transfer but I am not familiar with this)
you are already on 3.1.3 and jailbroken with spirit, and you have the old bootrom
you create the custom 3.1.3 – then you unzip this and use some of the files.
then you download the file at the top of the page and copy that to your phone also
then you run the commands in MobileTerminal which you install in Cydia
then you can restore to custom 4.0 firmware.
just follow the instructions at the top of the page.
this is for advanced users – you shouldn’t try it if you have no idea what you are doing!
i didn’t have to shut off the phone or put in in recovery or DFU mode to restore to the custom 4.0 firmware.
i just left it on, went into iTunes 9.2, and OPTION-RESTORE to custom 4.0 and it worked perfectly! :)
i have an idea somewhat lol ive been reading up and down this forum and i think i got it… only thing is im running on Windows vista is tht a problem cuz the guy bellow me seems to not like snowbreeze and thats what i have to use… plz reply asap
well it seems that snowbreeze might not work?
i have never used snowbreeze, but i believe it functions SIMILAR to Pwnage Tool. it is not a Dev Team product. i would definitely give it a try and report what happens. you would need to use it to create the custom 3.1.3 and 4.0 firmwares.
as long as you follow the instructions, its really not that complicated. good luck! :)
i see that Aftab (the creator of this page) has posted that you need to use snowbreeze version 1.5.3 for the custom 3.1.3 firmware.
you probably have to use the newest version for the 4.0 firmware. just make sure you are using the right version at the right time :)
hi guys whats going on, astro thanks buddy you helping others, its appreciable but dev team also banned me there because i was helping others and i pasted link there lol
okay so i gotta redo it with 1.5.3 i had a feeling too i haven’t executed anything yet just waiting for more knowlegable people to give me advice i should get it right now ill let you noe… thanks
shit im stumped F#$%@%$ itunes 9.2 wont download to my computer???? it keeps giving me erros the easiest thing to do is now the hardest…. WTF!!! troubleshoot guide someone please!!!
sn0wbreeze 1.5.3 does not exist its FAKE!!! how the hell am i suppose to do this now…
it bricks your iphone
okay so it worked!!! it took a long time but i got it to work!!! I’m so happy i feel like a damn Hacker..
anyways i "had" a 3gs 3.1.3 JB with spirit and i figured out tht the MC only pertains to the Ipod touch series besides tht i managed to use sn0wbreeze on my phone to create the 3.1.3 FW and to create the new 4.0 FW that i am using now!!!
at first i had no service i almost freaked out but then i just installed ultrasn0w on cydia and BAM!!! service thank you im now getting all my apps back tht i saved on rock i recomend you save backups on ROCK it helps!! thank you again!!
Iphone 3gs old bootrom JB with spirit on 3.1.3 Successfully JB on new 4.0 FW!!!
First off: this WORKS; just follow EVERY SINGLE STEP EXACTLY.
If you’re a noob or pseudo-noob, here are some hints you may find helpful:
1) You’ll need both the PwnagTool 3.1.5 (for the custom IPSW using 3.1.3) AND 4.0.1 (for the custom IPSW using 4.0 that you’ll eventually restore with).
2) If you’ve modified your /etc/hosts file to point to Saurik’s server then, according to the instructions above, you’ll want to remove that before you restore to 4.0 – I don’t know if this is required or not, but it’s what I did.
3) Make a backup of your iPhone BEFORE restoring to the stock 3.1.3 FW so you can use this AFTER you do the restore to 4.0.
4) You may be prompted by iTunes upon restore whether you want to restore a phone previously set up on this computer, or set up as a new phone. DO NOT restore an existing backup until you’ve restored to 4.0 using the custom IPSW.
5) You may not have cell service after restore to 4.0 even if you’re on an approved carrier (e.g. I’m on AT&T in the US and did not have service after restore to 4.0); if this is the case then install ultrasn0w via Cydia and that should restore service.
6) Up to you, but after you’re successfully on 4.0 you can use iTunes to restore a prior backup & sync to bring over all your settings, contacts, music, videos, AppStore apps, etc. You’ll have to reinstall any Cydia apps you may have previously had on your 3.1.3 JB.
Again, I had my doubts since there’s no official JB for those of us who were on 3.1.3 and had used Spirit, but this process WORKS.
THANKS!
This method worked for me. I am using T-Mobile on iPhone 3Gs now.
Great job guys!
P.S. If you have iTunes lower than 9.2, please upgrade it before restore the iOS 4.0 custom version.
works! BUT did NOT work for me in DFU mode, i had to take it out of DFU mode and use RECOVERY mode, as one of the anonymouse posters suggested above. (which I did by holding power and home, while connected to computer, then unpluging usb cord) also i HAD to upgrade to iTunes 9.2.
For recovery mode: power off your iPhone, hold the home and plug your iphone (via USB) to computer while hold home button.
Recovery mode your iPhone screen show as iTunes Logo & USB, and DFU mode with black screen LCD.
thanks…!
Work perfect thanks a lot……….!
also just tried it on iTouch 2g (older)… didn’t work :( Any advice on modifying this method for iTouch use? I tried with extracted files from a pwdn iTouch 3.1.3 custom restore file, then got gutsy and tried with files extracted from a pwnd 3.1.3 iPhone custom restore .ipsw for the heck of it. neither exited with success.
THANK YOU!!! WORKS PERFECTLY!