Unlocking 1st generation iPhones (with 2.2 firmware) using PwnageTool in Expert mode

intel Mac & PPC

Page 1 of 2


Updated: December 20, 2008





Who is this guide for?
  • 1st generation iPhones (3.9 or 4.6 bootloaders)
  • Official contract, or not
  • Pwned or not
  • Any firmware version
  • I used iTunes 8.0.2
  • Make sure to Sync your iPhone prior to using this tutorial. This way your personal information, and any App Store applications will be preserved.
  • The "late 2008" MacBook Air and MacBook Pro lines of computers have an issue with DFU mode. While it's possible to go from Pwned 2.1 firmware to Pwned 2.2 firmware (using PwnageTool), you can't yet go from stock firmware to Pwned firmware. If in any doubt use a different machine.
Warning! If you are using OS X 10.5.6 (or later) then you may have problems getting into DFU mode. If you must enter DFU mode, use PwnageTool (answer no at the question about your iPhone being previously Pwned before) to walk you through the process of getting into DFU mode.

Thanks again go out to the iPhone Dev Team for providing this amazing, and FREE program for jailbreaking, activating, unlocking, and customizing the 1st generation iPhones. You can visit their website here.

I was already Pwned on 2.1 firmware. If you are not currently Pwned, you can still use this tutorial, just pay attention to the information in the bordered area, that will contain additional instructions for you. Also note, my iPhone was already unlocked as well.

Apple has an excellent support document regarding update and restore error messages on the iPhone. Should you have any troubles, consult this article.



Step 1.

Download PwnageTool 2.2.1 from me here, or via the iPhone Dev Team's download link list here.

Download the 3.9 and 4.6 bootloaders from the Internet. You'll have to find them yourself, I won't provide them.

If you haven't already downloaded 2.2 firmware from Apple, then you can download it here.

You should now have these three icons on your desktop:

iPhone




Step 2.

Install PwnageTool. Make sure to drag the program icon from the disk image into your Applications folder!   Do not attempt to run the program from the disk image window, it will cause problems.

iPhone




Step 3.

Launch PwnageTool. Make sure the Expert mode button in the top left corner is selected. Click the iPhone on the left.

iPhone



You should get a green check mark on the iPhone you selected. Click the blue arrow button in the lower right corner.

iPhone




PwnageTool will search for the 2.2 firmware on your computer first, then from the Internet. When it displays the firmware file, click on it. Multiple firmwares may be displayed, so make sure you select the correct one. Then click the blue arrow in the lower right corner.

iPhone



You will be at this screen and have many choices you can make. Click on General. Then click the blue arrow at the bottom.

iPhone



At the General Settings screen, if you are not using an authorized carrier, then check the box for Activate the phone. If it is not greyed out, then check the box for Enable baseband update. Check the box for Disable partition wipe-out. Click the blue arrow in the lower right corner when you have made your choices.

iPhone



At the Bootneuter settings screen, check Neuter bootloader, check Unlock baseband (only if you want to unlock - I checked this and I was already unlocked), then check Auto delete BootNeuter.app. Click the blue arrow in the lower right corner.

iPhone



Based on Saurik's advice (the creator of Cydia), I ignore the the Cydia settings screen in PwnageTool. It is better to install any applications you need from Cydia directly. I've found problems when using this screen to automatically install programs. Just click the blue arrow in the lower right corner, to continue to the next screen.

iPhone




Here you can decide whether or not to install Cydia, or the Installer. After you've made your choices, click the blue arrow in the lower right corner.

iPhone



At the Custom logos settings screen, you can choose to use the suggested images by leaving their boxes checked, or uncheck them and use the stock images. If you click on Browse... you can add your own images in their place. Click the blue arrow in the lower right corner when done.

iPhone



Here is a template image you can use. It is 320 by 480 in size. It has a one pixel, transparent border on all sides. All you have to do is paste in your 318 by 478 image onto it and center it. Then just save the image with the transparency intact and your image will work. Make sure your saved image is 100kb or less.

iPhone



Finally, click the Build button and the blue arrow in the lower right corner.

iPhone



Note: Since I was already Pwned, the following instructions (within this bordered area) did not apply to me. They may apply to you, however.

You will receive a pop up warning if the 3.9 version bootloader is not found. Answer No to this question.

iPhone



You will then be asked if you would like to browse for the bootloader. Answer Yes.

iPhone



Now navigate to where you saved the two bootloader files from Step 1. Select the BL-39.bin file and click Open.

iPhone





You will receive a pop up warning if the 4.6 version bootloader is not found. Answer No to this question.

iPhone



You will then be asked if you would like to browse for the bootloader. Answer Yes.

iPhone



Now navigate to where you saved the two bootloader files from Step 1. Select the BL-46.bin file and click Open.

iPhone



Name your custom firmware file, and select where to save it.

iPhone



You will now see this screen while your custom .ipsw is assembled. This stage is about four minutes long.

iPhone



You will be prompted to enter your system password. There is nothing nefarious in this request, the reason it is asking is because it is creating your firmware and running commands as the root account (or superuser) on your computer. There are various processes where unmounting and mounting of a file systems is necessary. This is performed while using a system UID of 0 which causes the prompt for a system password. The root access is only for the creation of the ipsw file. So it's completely harmless.

iPhone



Has your iPhone been Pwned before? If you select Yes, finish this step then skip to Step 5 next. If you select No, then go to Step 4 next.

iPhone



Click OK and close PwnageTool.

iPhone




Step 4.

You will receive instructions on how to put the iPhone into DFU mode. Simply follow the on screen prompts to do this.

First turn off your iPhone.   iTunes may open, you can just drag it out of the way.

iPhone



You will then get 5 seconds to press and hold both the Power (sleep/wake) and Home buttons. Don't do this until told to though.

iPhone



You will then press and continue to hold both the Power (sleep/wake) and Home buttons for 10 seconds. You will be prompted to release the Power (sleep/wake) button after 10 seconds.

iPhone



Continue holding the Home button for 10 seconds.

iPhone



You are now in DFU mode. Click OK.

iPhone



You may receive a pop up indicating error 1. Just click OK. Skip to Step 6.

iPhone







Click here to go to page 2.






Return to top of page