Hack the iPhone





Unlocking the 3G iPhone with QuickPwn and yellowsn0w (on 2.2 firmware)

intel Mac & PPC

Page 1 of 2

Updated: January 19, 23:53 MST


iPhone


Who is this guide for?
  • Jailbroken 3G iPhones on 2.2 firmware (with 02.28.00 baseband only).
  • Unactivated 3G iPhones on 2.2 firmware.
  • I used iTunes version 8.0.2 and OS X 10.5.6

If you have 2.2 firmware but a baseband version other than 02.28.00, apparently there is a method for unlocking without having to restore your iPhone to get the correct baseband installed here: http://pastebin.com/m74501a07   I have no way to test the validity of this method as my phones are all on 02.28.00 baseband.

Note: In my screen shots below, I used two different phones: iPhone (white) - to demonstrate already being activated and on 2.2 firmware, and iPhone (black) - to demonstrate an unactivated iPhone. The end result is the same.

Thanks again go out to the iPhone Dev Team for creating yellowsn0w, which is the program that allows the iPhone to be unlocked. The iPhone Dev Team also created the QuickPwn program which is needed to load custom firmware onto the iPhone, jailbreak, activate, and install both Cydia and the Installer. You can visit the iPhone Dev Team's website here.

Anyone reading this tutorial should first read the iPhone Dev Team's post about the yellowsn0w program here. They give a lot of background information and tips on how to use the program.

The iPhone Dev Team is also requesting your feedback on whether your unlock was successfull or not. Submit your results to them directly here.

I have personally received e-mail from people in Sweden, New Zealand and Australia who have used this tutorial and are now unlocked.


The 3G iPhone comes with a black or white plastic back case cover. The top and bottom of this case cover is rounded. This sets it apart from the 1st generation iPhone which had a metal silver colored back case cover that was rectangular at the top and bottom. The 3G iPhone also has silver colored buttons on the side, where the 1st generation iPhone has black buttons.

iPhone



Attention

 This is beta software. The iPhone Dev Team has updated the yellowsn0w program a few times since its initial release. This tutorial is based on version 0.9.6.

I hear that if you are a T-Mobile user in the United States, that you should look at your SIM. If the vertical string of numbers and letters starts with 36 or higher, apparently you will not be able to use yellowsn0w yet. My 3Gs are unlocked and as you can see my number is higher than 36, so this is just one more thing to think about.

iPhone








Step 1.

Verify your firmware, and modem firmware by pressing Settings, General, About. Your "Version" must be 2.2. Your "Modem Firmware" must be 02.28.00. If your versions match these, then skip ahead to Step 2. In this instance I am already activated and using AT&T as my carrier. Starting at Step 2, I'll switch to using an unactivated iPhone.

iPhone       iPhone



If you do not have these versions on your iPhone, then plug it into iTunes and click the Restore button.

iPhone



You may get prompted to back up your iPhone.

iPhone



Yes, we are sure. Click Restore.

iPhone



And now we are restoring.

iPhone



During the update process you will see a status bar graphic on the iPhone.

iPhone



When it has finished updating, you'll receive this message. You are now on 2.2 firmware.

iPhone



I restored with my AT&T SIM installed so I saw this message next.

iPhone



Next decide if you want to restore from a backup or not.

iPhone



You can dismiss the message on how to edit your Home Screen (the SpringBoard). You are now at the SpringBoard. Now we need to jailbreak the device and install Cydia and the Installer.

iPhone       iPhone




Step 2.

Insert the SIM you want to use at this point.

iPhone




Step 3.

If you do not have version 2.2. of the iPhone firmware on your computer, then download it directly from Apple here. It is important that QuickPwn can find it on your computer.

iPhone




Step 4.

Download QuickPwn 2.2 from me here, or via the iPhone Dev Team's download link list here.

Install QuickPwn. Make sure to drag the program icon from the disk image into your Applications folder!   Do not attempt to run the program from the disk image window, it will cause problems.

iPhone




Step 5.

Launch QuickPwn. Connect your iPhone and then click OK.

iPhone



QuickPwn will detect your device.

iPhone



QuickPwn will then search for the 2.2 firmware on your Mac.

iPhone








You will be asked if you would like to switch out the standard Apple boot logo, and restore screen which shows a USB cable pointing at the iTunes program logo.

iPhone








You will get a PwnApple (pineapple) for the boot logo, and a Steve Jobs caricature for the restore screen if you select yes. Otherwise, select no to leave them alone.

iPhone       iPhone



Your custom 2.2 firmware file (.ipsw) will now be compiled.

iPhone



QuickPwn will prompt you for your system password. There is nothing nefarious in this request, the reason it is asking is because it is creating your firmware and running commands as the root account (or superuser) on your computer. There are various processes where unmounting and mounting of a file systems is necessary. This is performed while using a system UID of 0 which causes the prompt for a system password. The root access is only for the creation of the ipsw file. So it's completely harmless.

iPhone



Now simply follow the on screen prompts for putting your iPhone into DFU mode. First press the Sleep/Wake (or power) button to turn the iPhone off.

Note: While using QuickPwn to put the iPhone into DFU mode worked for me, there are other options like using a hub (either powered or not), or by swapping out the kext files from 10.5.5 to 10.5.6 as described here. I had no luck at all with these alternatives, however.

iPhone



You will get 5 seconds to get your fingers in place to press and hold the Sleep/Wake (power) and Home buttons. Then hold them for 10 seconds.

iPhone








Then release the Sleep/Wake (power) button.

iPhone



Continue holding the Home button for 10 seconds.

iPhone



iTunes should launch (unless you closed it and killed the iTunes Helper process). You may get a pop up message citing error 2001 or similar. Just click ok.

iPhone



You will also get a pop up about your iPhone being in recovery mode. Once again just click OK.

iPhone



You should see the PwnApple logo on your iPhone at this point, or the Apple logo if you decided not to change it.

iPhone



QuickPwn will send several files to the iPhone.

iPhone

iPhone






iPhone

iPhone

iPhone



You should then receive this message. Understand what it says, then click OK and wait. This stage took about three minutes.

iPhone



You will see a few different messages (Replacing kernel, Flashing NOR, Installing bundles, Syncing file systems) on your iPhone during these three minutes.

iPhone       iPhone



You should then see the success message. If it fails, then repeat the process. The process could fail for numerous reasons, the least of which being you were running (or trying to run) a memory or CPU intensive program in the background at the same time, et cetera.

iPhone



The iPhone will reboot. If your iPhone was already personalized, it will still be that way. The only changes should be that Cydia and Installer have been added to your SpringBoard. If you were unactivated you will see this.

iPhone



Click here to go to page 2.









Return to top of page




My other cell phone modding sites:   Hack the L7, Hack the V3 and Hack the V3i.   Copyright © 2010, MCJ