Pwning 4.0 on New Bootrom 3G[S] w/3.1.2 SHSH BlobsOnce you have jailbroken your phone, you can unlock it using ultrasn0w 0.93 (on anybaseband), guide for which is posted here.
I wrote this all on the road with my iPad, so sorry if there is any major Grammar errors. If anyone points out any errors, I’ll fix it up. Anyways…
——-
I figured making a tool would take a bit too long. So, i’m going to write up this tutorial. It isn’t recommended for regular users.
**BEFORE PROCEEDING, ENSURE THAT YOU HAVE YOUR PHONE BACKED UP!**
——-
WHAT YOU WILL NEED:
* An iPhone 3G[S] — new bootrom
* 3.1.2 SHSH blobs.
* difrnt’s iBSS grabber (http://bit.ly/3QLb5S)
* Payload Pwner for the 3GS. (http://www.mediafire.com/?jy0wzomw2jk)
* sn0wbreeze V1.6.2
* iBooty (http://www.mediafire.com/?qwzzjhziwz0)
* LibUSB (64-Bit users read carefully!!!)
* 3.1.2/4.0 3GS firmware downloaded. [Download iPhone 3.1.2 / DownloadiOS 4.0]
——-
STEP A : Grabbing your 3.1.2 iBSS file.
Pointing your hosts :
I : If you have your shsh blobs saved on Cydia/Saurik’s server then follow this tutorial. — http://saurik.com/id/12
II : If you have it saved with TinyUmbrella, then download the GUI here. — http://thefirmwareumbrella.blogspot.com/
——-
Restoring to grab the iBSS file.
I : Place your device in DFU.
II : Start up the iBSS/iBEC grabber.
III : Put the save folder on a new folder on your desktop.
IV : Hit "Start Monitoring".
V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
——-
Saving your iBSS
I : After Restoring, Go to the folder that you have specified to save your iBSS file.
II : You will see folders like (Per**.tmp). Go into one of them, and you’ll see a folder called "Firmware". Go there. Then go to the folder "dfu".
III : Copy the iBSS file to a safe place, then you can remove the folder created by the iBSS Grabber.
——
STEP B : Creating custom 4.0 firmware.
I : Download sn0wbreeze from http://ih8sn0w.com and create your custom 4.0 ipsw. [How to Guide]
*Ignore the warnings after browsing for the ipsw.*
——
STEP C : Installing LibUSB for iRecovery
Run this mini tool to detect your O/S + Arch. — Windows + Arch. Detector (http://www.mediafire.com/?imyzm2t3zam)
*********
WARNING : IF LIBUSB IS NOT INSTALLED PROPERLY, YOUR USB MIGHT NO LONGER WORK!
*********
Windows XP Users download this installer — LibUSB Installer (http://www.mediafire.com/?zyy0mjthhij)
*********
Windows Vista/7 users RUNNING 32-Bit:
* Download the installer (http://www.mediafire.com/?zyy0mjthhij) and run it in compatibility mode for Windows XP.
*********
If you are a 64-Bit user, follow this tutorial – (http://bit.ly/9N423f)
*********
Once LibUSB is installed iRecovery should be able to function now.
——-
STEP D : Pwning iBSS + iBoot
I : Download this easy tool here — Payload Pwner for 3GS // It will help you create the payloads.
**SAVE THE PAYLOADS WHERE iBooty is.**
——-
STEP E: iBooty Prep.
Most of you know of the utility "iBooty" that I made for Aki_nG.
It will work as long as you place all of the correct files there.
I : Download iBooty GUI here — iBooty for 3GS (http://www.mediafire.com/?qwzzjhziwz0) and Extract it.
II : Extract your Custom IPSW created by sn0wbreeze with 7-Zip or another un-archiver.
III : Grab the kernelcache and bring it into the same folder as ibooty.
Also grab the iBEC from the folder "Firmware\dfu\iBEC.n88ap.RELEASE.dfu"
IV :
* Rename your iBSS 3.1.2 signed to "ibss312.dfu"
* Rename your Kernel 4.0-Custom to "kernel.40"
* Rename your iBEC 4.0-Custom to "ibec40.dfu"
======
Your folder should look like this :
- iboot.payload <– Created with Payload Pwner.
- exploitibss312 <– Created with Payload Pwner.
- ibec40.dfu <– Grabbed from Custom IPSW made by sn0wbreeze.
- irecovery.exe <– Comes with iBooty.
- readline5.dll <– Comes with iBooty.
- iBooty.exe <– Comes with iBooty.
- ibss312.dfu <– THIS NEEDS TO BE YOUR iBSS from the restore!
- kernel.40 <– Grab from Custom IPSW made by sn0wbreeze.
- sn0w.img3 <– Comes with iBooty.
======
——-
STEP F: Restoring to 4.0 + Booting
——-
*MAKE SURE YOU ARE ON 3.1.2 WHEN DOING THIS*
I : Run iBooty and Select "Prepare Device for Custom Firmware". Run the Process and if you see a snow flake, you can proceed!
II : Now open iTunes and restore to the custom ipsw.
***WHEN DONE, YOUR DEVICE WILL HAVE A BLACK SCREEN AND NOT BOOT! ITS IN A DFU LOOP [THIS IS NORMAL!]***
——-
STEP G : Booting
I : Just Re-Run iBooty and select "Boot It". If all goes well it will boot!
——-
Enjoy!
——-
Join The Community