iModZone Forums: iModZone Portal

The iPhone DevTeam just released an update for PwnageTool. With this tool you can create a custom 3.1.3 firmware, which you can use to upgrade your iDevices , and still preserve the baseband. If you used Blacksn0w to unlock your iPhone in the past, this tool will not help you, because you already updated your baseband ( even though not to the latest version ) , and all the other unlocking tools will not work. Also, PwnageTool will not downgrade your baseband.


Just to be clear:

• Firmware 3.1.3 updates the baseband to 05.12.01 . No tool will unlock this baseband at the moment, and you can’t downgrade either
  
• Firmware 3.1.2 updated the baseband to 05.11.07 and you could unlock it using blacksn0w.
  
• All other previous baseband versions are compatible with ultrasn0w.

So…

• if in the past you used custom firmwares and your baseband is still at a version prior 05.11.07 , you can use PwnageTool 3.1.5 and unlock it with ultrasn0w.
  
• If you used Blackra1n, updated the baseband to 05.11.07 and unlocked it with blacksn0w DO NOT use pwnagetool 3.1.5. It won’t work. Just stay on firmware 3.1.2
  
• If you updated to firmware 3.1.3 and got the latest baseband ( 05.12.01 )… tough luck. You are stuck!!!

PwnageTool 3.1.5 is compatible with :

• iPhone 2G/EDGE
  
• iPhone 3G
  
• iPhone 3Gs, old bootrom
  
• iPod Touch 1G
  
• iPod Touch 2G, old bootrom

NOTE: If your iPhone 3Gs returns an error while you try to restore with a custom firmware 3.1.3, it means you need to downgrade from 3.1.3 to 3.1.2 . After you succesfully downgraded you will be able to use the custom firmware. If you don’t know how to downgrade, check this tutorial …

NOTE: the tutorial below is from the previous PwnageTool release. That’s why you might see different firmware versions in the attachments. The process is exactly the same though, and if needed it was updated. Pictures are just a visual walkthrough. Read the text.




What do you need:

• PwnageTool 3.1.5
  
• original 3.1.3 firmware – download here
  
• iTunes

[The Dev Team released PwnageTool 3.1.5 just a few hours ago. In this guide and tutorial, I will show you how to use PwnageTool to jailbreak iPhone 3.1.3.

Before we get into the details, please make sure you read this article by the Dev Team. It will explain to you what you can and cannot do. It is a very important piece of information that you should not overlook.

If at any point in time you updated your iPhone to firmware 3.1.3, then you also updated your baseband to 05.12.01. If that’s the case, you will be able to jailbreak by downgrading to 3.1.2 first, but you will not be able to unlock.

PwnageTool will jailbreak the following 3.1.3 devices:

iPhone 2G
iPhone 3G
iPhone 3GS (old bootrom)
iPod Touch 1G
iPod Touch 2G (old bootrom)
If you don’t care about unlocking, RedSn0w is still an easier and quicker way to jailbreak.

Note that this tutorial to jailbreak iPhone 3.1.3 with PwnageTool is for Mac and Mac only. There is no Windows version of PwnageTool and they will most likely never be. If you don’t have a Mac, ask around and see if a friend of yours can help you out and create a custom firmware for.

Again, please make sure you read the information given by the Dev Team. It will answer most questions you may have.

How to Jailbreak iPhone 3.1.3 with PwnageTool

Step 1: Make sure you have the latest version of iTunes installed on your computer. If not, download and install it, then reboot your computer. Now make sure you backup your iPhone by syncing with iTunes, just in case something goes wrong.

Step 2: Download PwnageTool 3.1.5 and your iPhone firmware from our downloads page. Save these 2 files to your desktop.

Step 3: Launch PwnageTool. It should give you a warning message. Click OK.

Step 4: Select “Expert Mode”.

Step 5: Select your device then click the blue arrow to continue.

Step 6: If PwnageTool doesn’t automatically find the correct IPSW file, click “Browse for IPSW” and locate it (it should be on your desktop).

Step 7: You will now have several options. Choose “General” and click the blue arrow to continue.

Step 8: Under “General Settings”, you have the option to activate the phone or not. This is a very important step so please read carefully.

If you have a contract with an official carrier (such as AT&T in the US, or Orange in France, etc…), do not activate.

If you do not have a contract with an official carrier (ie. you want to unlock for another carrier), you have to activate. Then you will have to install UltraSn0w or BlackSn0w from Cydia in order to fully unlock the phone.

You will know you didn’t choose the right option if you don’t have signal after jailbreaking.

You don’t have to, but I suggest increasing the root partition size to somewhere around 700MB, just to be on the safe side. When you’re done, click the blue arrow to continue.

Step 9: You are now taken to the “Bootneuter settings”. All of them should be greyed out. Click the blue arrow to continue.

Step 10: You are now taken to the “Cydia settings”. From here, you may download packages so you don’t have to manually do it later. For example, you may download WinterBoard, which would be installed during the pwnage process. Let’s keep things simple and skip this step which is not necessary. Click the blue arrow to continue.

Step 10: You are now taken to the “Custom packages settings”. Make sure “Cydia” is selected.

Step 11: You are now taken to the”Custom logos settings”. You can choose to add the default logos (see below) or you can add your own logos. If you choose to add your own, make sure the images are not larger than 320 x 480.

Step 12: We’re almost done! You now have to build the custom IPSW. Click “Build” and click the blue arrow to continue.

Step 13: Save your custom IPSW to your desktop.

Step 14: PwnageTool will now start building your custom IPSW. Be patient… It can take up to 15 minutes.

Step 15: PwnageTool will ask you if your iPhone has been pwned before. If you’re not sure, just click NO.

Step 16: If your iPhone was previously jailbroken, you can skip to step 19. If your iPhone wasn’t already jailbroken, follow the following directions. If your iPhone isn’t plugged to your computer yet, plug it. Don’t open iTunes. If iTunes launches automatically, close it. PwnageTool will now deliver the payload.

Step 17: After successfully delivering the payload, PwnageTool will put your iPhone in recovery mode. Click OK.

Step 18: iTunes should pop up saying it has detected an iPhone in recovery mode and that you must restore. Click OK.

Step 19: We are going to restore your iPhone using the custom IPSW you built. In iTunes, hold the “Alt/Option” key and click “Restore” at the same time. DO NOT click “Restore” without holding the “Alt/Option” key! A dialog box will pop up and you’ll be able to choose the custom IPSW file you created that was saved to your desktop.

Step 20: Navigate to the “jailbreak” folder and select the custom IPSW we created.

Step 21: iTunes will now restore your iPhone using the custom firmware which could take a while, so relax. When done, your iPhone will reboot and you will now have a jailbroken iPhone.

That’s it! Your iPhone 3.1.3 should be fully jailbroken, thanks to the good work of the Dev Team and PwnageTool.

In the future, make sure you do not update your iPhone firmware when there is a new one coming out. It will avoid many issues. Besides, these updates are very minor and useless. For what it’s worth, I’m still on iPhone OS 3.0, and happy to be.

If you have any question or comment, please leave a comment.

Apple stopped signing iPhone firmware 3.1.2. What this means is that those owners of an iPhone 3GS or iPod Touch 3G who had updated to firmware 3.1.3 and who did not use Cydia to store their TSS will not be able to restore to anything but firmware 3.1.3.

With the recent firmware 3.1.3 update, many iPhone 3GS/iPod Touch 3G owners jumped the gun to 3.1.3 and have now been trying to revert back to 3.1.2 to regain their jailbreak and/or unlock. Unfortunately that will not work due to Apple no longer signing 3.1.2 firmware for iPhone 3GS and iPod Touch 3G hardware.

Current iPhone 3GS and iPod Touch 3G users of firmware 3.1.2 that want to keep jailbroken, Big Boss warns to make sure that you are very careful with what you do from now until the next jailbroken firmware. In other words, do not do anything that could potentially require your iPhone 3GS or iPod Touch 3G to need to be restored.

Big Boss recommends that users install OpenSSH and learn how to use it so that specific fixes can be performed without the need for a restore.

Elcomsoft iPhone Password Breaker enables forensic access to password-protected backups for iPhone 2G, 3G, 3GS, and iPod Touch 1st, 2nd, and 3rd Gen devices. Featuring the company’s patent-pending GPU acceleration technology, Elcomsoft iPhone Password Breaker is the first GPU-accelerated iPhone/iPod password recovery tool on the market. The new tool recovers the original plain-text password that protects encrypted backups containing address books, call logs, SMS archives, calendars, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.



Features and Benefits
Gain access to information stored in password-protected iPhone and iPod Touch backups
Recover the original plain-text password
Save time with cost-efficient GPU acceleration when one or several ATI* or NVIDIA video cards are installed
Perform advanced dictionary attacks with highly customizable permutations
Perform offline attacks without Apple iTunes installed
Recover passwords to backups for original and ‘jailbroken’ iPhone 2G, 3G, 3GS, and iPod Touch 1st, 2nd, and 3rd Gen devices

Requirements
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 or Windows 7
about 6 megabytes of free space on hard disk
‘manifest.plist’ file from iPhone/iPod backup created by iTunes
one of supported NVIDIA or ATI cards (optional)

This is a Windows only software and beta version is free until 15 March. Download it here.

Via[FunkySpaceMonkey]

Apple and the iPhone evolved a lot in the past couple of years and they learned a couple of things when it comes to software protection against jailbreaking.
iPhone 3GS have to communicate with Apple’s servers before allowing the installation of any version of firmware (restore or update ) .With the release of Firmware 3.1.3, Apple’s server has stopped certifying all previous firmware and this makes it impossible to restore your device to a previous release. The certification is done through 3 files called IBSS, IBEC and ECID that, once signed, are a kind of “green light” to install the firmware through iTunes.
IBSS and IBEC files are generated during a firmware restore in iTunes and placed into a temporary folder on your computer. You will have no problem on retrieving this files, but the missing piece of this puzzle is the ECID file that Apple doesn’t allow you to retrieve.





NOTE: this tutorial is aimed ONLY to iPhone 3Gs users that have saved their ECID file through Cydia. If you are not sure about saving your ECID file throught Cydia, than load Cydia and on the homepage check if you see this message: This iPhone 3Gs has an ECID SHSH on file.
How To Downgrade iPhone 3Gs from Firmware 3.1.3 to 3.1.2

1. find a file called “hosts” that manages connections to the servers:

• Windows: go to C:\Windows\System32\drivers\etc\ and use a text editor to open the file “hosts”
  
• Mac: open a terminal an type sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts

2. At this point we connect the server address to the IP address that corresponds to Saurik’s server instead of Apple. This way we can trick iTunes anxious to check the firmware saved through Cydia. To do this just copy this string and add it to the end of the file “hosts” that we have just opened: 74.208.105.171 gs.apple.com






2.3 In a new terminal window, paste in: sudo dscacheutil -flushcache .Hit return and type in your admin password.

3. Now you can step into the real downgrade process of your iPhone 3Gs, but it will not be as easy as the previous times. First of all you need to put the iPhone in DFU then: Plug it into your computer and simultaneously press the Home key and the Power button for 10 seconds exactly, after issuing only the power button and continue to click on Home until iTunes will not recognized a new device in recovery mode.

4. Your iPhone should have a full black screen and NOT the screen with iTunes icon and the cable. Many people confuse it with the DFU recovery mode but they are two very different processes, so before you continue, make sure you have the screen all black.

5. Now click on the ALT key (MAC) / SHIFT (Windows) of the keyboard and the button “Restore” in iTunes, select the firmware 3.1.2 and wait.
NOTE1: During recovery you may experience various errors.

NOTE2: If you get ” unknown error (3002) ” error, you ddidn’t save your ECID on Saurik’s server and pretty much the downgrade cant take place. Luckily it was found an exploit in iPhone FW 3.1 and with a little bit of patience you might be able to perform the jailbreak directly on iPhone Firmware 3.1

NOTE3: If you will get this error: ” The iPhone “iPhone” could not be restored. An unknown error occured (1015) ” , accept it, and re-do the entire process. ( put the iPhone into DFU mode, select iPhone FW 3.0 and wait ). The process will fail again and iTunes will return the same message as before “The iPhone” iPhone “could not be restored. An unknown error occurred (1015).Do not panic because it’s completely normal.
To resolve this situation can proceed in two ways: The first relates to Mac users and is using iRecovery ( Mac and Windows ) to reboot the device, it will re-ignite in normal mode, the second title is “universal” because it works on both Windows and Mac and is ignoring the ‘error, continuing to work normally. Therefore, there can only start and run a regular Redsn0w Jailbreak Firmware 3.0
You’re done. Now you are back on iPhone OS 3.1.2 and can jailbreak your iPhone. Of course, those of you that depend on unlocking the iPhone, you are screwed anyway, because by updating to 3.1.3 in the first place, you updated your baseband.

A jailbreak exploit has been found! 3.1.3 is now jailbreakable and you should be able to unlock with the new baseband with Ultrasn0w. I only read my tweets really quick, since I had to leave for school (that's where I am now). Of course, please DO NOT UPDATE TO THE OFFICIAL 3.1.3. Read before you update and remember to stay away from the new firmware if you are concerned about unlocking.

iH8sn0w.com has a new version of sn0wbreeze and the dev team has released a tool that is based on the 3.1.2 loophole, but no unlock has surfaced yet FOR THE NEW BASEBAND. More info on the dev team's jailbreak is available here: http://blog.iPhone-dev.org/

As for the iH8sn0w sn0wbreeze jailbreak, it allowsG and 3GS users to PRESERVE THEIR BASEBAND, allowing people to either unlock with blackra1n or ultrasn0w. That's the best way to go if you have itchy jailbreak fingers like me. I'm thinking about updating my baseband to 05.11.07 just to use ultrasn0w, but let's see how that goes. If you have 04.26.08 as your baseband, you should be able to use ultrasn0w.

I'm unsure if push notifications become broken if you decide to use iH8sn0w. let us know if you experience any change in push. I haven't used sn0wbreeze yet, so I'm still a bit sketchy on using it, but I'll probably use it when I get home. 3.1.2 isn't stable for me anymore.

EDIT: Custom firmwares can be downloaded here: http://iModZone.net/...are-collection/

Use iREB if you are having trouble putting your iDevice into DFU Mode. It DOES NOT update your baseband and official carriers will be able to utilize push.

Today, Apple comes with a new feature. They expanded iTunes Preview, that has been available for music for a couple of months now, for the appstore. Now, when you click on a link, that would open the app in the app store, iTunes will also, automatically open in a web browser as well

This is sad news for everybody who was depending on an unlock and in a rush to update to the latest firmware 3.1.3 or updated by mistake. As you might know, you can jailbreak firmware 3.1.3 but with some restrictions. It seems that George is not working on a new update , and i think there won’t be anything available since we might get firmware 3.2 in March.