iPhone 3GS was released with two types of Bootroms: Old bootrom and New bootrom. Recently we posted tutorials on jailbreaking iPhone 3GS with PwnageTool 4.01 on Mac and Sn0wbreeze 1.6.2 on windows. But, these jailbreak tools can only come to use if your iPhone 3GS has old bootrom! In order to know bootrom version of your iPhone 3GS, you can check iDetector guide.
![iphone os 4 jailbreak e1278233066808 How To Jailbreak iOS 4.0 on iPhone 3GS [New Bootrom]](http://www.techtickle.com/wp-content/uploads/2010/07/iphone-os-4-jailbreak.jpg "iphone-os-4-jailbreak")
Also read:
Just a few hours ago, iH8sn0w, the developer of Sn0wbreeze has posted a tutorial to jailbreak iOS 4.0 on iPhone 3GS with new bootrom. According to him, making a tool would take a bit too long, and in that case, not to disappoint iPhone 3GS new bootrom users, he has come up with the step by step guide.
Here is the tutorial(not for regular users):
**BEFORE PROCEEDING, ENSURE THAT YOU HAVE YOUR PHONE BACKED UP!**
——-
WHAT YOU WILL NEED:
* An iPhone 3G[S] — new bootrom
* 3.1.2 SHSH blobs.
* difrnt’s iBSS grabber (http://bit.ly/3QLb5S)
* Payload Pwner for the 3GS. (http://www.mediafire.com/?jy0wzomw2jk)
* sn0wbreeze V1.6.2
* iBooty (http://www.mediafire.com/?qwzzjhziwz0)
* LibUSB (64-Bit users read carefully!!!)
* 3.1.2/4.0 3GS firmware downloaded. [Download iOS 4.0]
——-
STEP A : Grabbing your 3.1.2 iBSS file.
Pointing your hosts :
I : If you have your shsh blobs saved on Cydia/Saurik’s server then follow this tutorial. — http://saurik.com/id/12
II : If you have it saved with TinyUmbrella, then download the GUI here. — http://thefirmwareumbrella.blogspot.com/
——-
Restoring to grab the iBSS file.
I : Place your device in DFU.
II : Start up the iBSS/iBEC grabber.
III : Put the save folder on a new folder on your desktop.
IV : Hit “Start Monitoring”.
V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
——-
Saving your iBSS
I : After Restoring, Go to the folder that you have specified to save your iBSS file.
II : You will see folders like (Per**.tmp). Go into one of them, and you’ll see a folder called “Firmware”. Go there. Then go to the folder “dfu”.
III : Copy the iBSS file to a safe place, then you can remove the folder created by the iBSS Grabber.
——
STEP B : Creating custom 4.0 firmware.
I : Download sn0wbreeze from http://ih8sn0w.com and create your custom 4.0 ipsw.[Sn0wbreeze Guide]
*Ignore the warnings after browsing for the ipsw.*
——
STEP C : Installing LibUSB for iRecovery
Run this mini tool to detect your O/S + Arch. — Windows + Arch. Detector (http://www.mediafire.com/?imyzm2t3zam)
*********
WARNING : IF LIBUSB IS NOT INSTALLED PROPERLY, YOUR USB MIGHT NO LONGER WORK!
*********
Windows XP Users download this installer — LibUSB Installer (http://www.mediafire.com/?zyy0mjthhij)
*********
Windows Vista/7 users RUNNING 32-Bit:
* Download the installer (http://www.mediafire.com/?zyy0mjthhij) and run it in compatibility mode for Windows XP.
*********
If you are a 64-Bit user, follow this tutorial – (http://bit.ly/9N423f)
*********
Once LibUSB is installed iRecovery should be able to function now.
——-
STEP D : Pwning iBSS + iBoot
I : Download this easy tool here — Payload Pwner for 3GS (http://www.mediafire.com/?jy0wzomw2jk)// It will help you create the payloads.
**SAVE THE PAYLOADS WHERE iBooty is.**
——-
STEP E: iBooty Prep.
Most of you know of the utility “iBooty” that I made for Aki_nG.
It will work as long as you place all of the correct files there.
I : Download iBooty GUI here — iBooty for 3GS (http://www.mediafire.com/?qwzzjhziwz0) and Extract it.
II : Extract your Custom IPSW created by sn0wbreeze with 7-Zip or another un-archiver.
III : Grab the kernelcache and bring it into the same folder as ibooty.
Also grab the iBEC from the folder “Firmware\dfu\iBEC.n88ap.RELEASE.dfu”
IV :
* Rename your iBSS 3.1.2 signed to “ibss312.dfu”
* Rename your Kernel 4.0-Custom to “kernel.40″
* Rename your iBEC 4.0-Custom to “ibec40.dfu”
======
Your folder should look like this :
- iboot.payload <– Created with Payload Pwner.
- exploitibss312 <– Created with Payload Pwner.
- ibec40.dfu <– Grabbed from Custom IPSW made by sn0wbreeze.
- irecovery.exe <– Comes with iBooty.
- readline5.dll <– Comes with iBooty.
- iBooty.exe <– Comes with iBooty.
- ibss312.dfu <– THIS NEEDS TO BE YOUR iBSS from the restore!
- kernel.40 <– Grab from Custom IPSW made by sn0wbreeze.
- sn0w.img3 <– Comes with iBooty.
======
——-
STEP F: Restoring to 4.0 + Booting
——-
*MAKE SURE YOU ARE ON 3.1.2 WHEN DOING THIS*
I : Run iBooty and Select “Prepare Device for Custom Firmware”. Run the Process and if you see a snow flake, you can proceed!
II : Now open iTunes and restore to the custom ipsw.
***WHEN DONE, YOUR DEVICE WILL HAVE A BLACK SCREEN AND NOT BOOT! ITS IN A DFU LOOP [THIS IS NORMAL!]***
——-
STEP G : Booting
I : Just Re-Run iBooty and select “Boot It”. If all goes well it will boot!
——-
Enjoy!
——-
Also read:
- Jailbreak iOS 4 with redsn0w 0.9.5
- Unlock iOS 4 on Any Baseband with Ultrasn0w
- Pwnage Tool 4.01 to Jailbreak iOS 4 on Mac[Custom Firmware]
- Sn0wbreeze to Jailbreak iOS 4 on Windows[Custom Firmware]
Please Note: The guide is complex and is not recommended for regular users!
So I'm guessing that there is still no way to Jailbreak your Iphone 3gs if we have not Jailbroken before and have no SHSH blobs?
Yes. U need to have SHSH blobs. I hope someone comes up with a tool soon. I'm myself stuck with it! Tonight i might try to do it with this guide!