Jailbreaking/unlocking the iPhone 3G S on 4.2.1 firmware using PwnageTool, redsn0w & ultrasn0w
Page 1 of 2
Who is this guide for?
3G S iPhones with the old bootrom.
I had 4.1 firmware with 5.13.04 modem firmware.
I used iTunes 10.1
I used OS X 10.6.5.
Thanks again go out to the iPhone Dev Team for providing this amazing, and FREE program for
customizing the iPhone. You can visit their website here,
and their blog here.
You can read their
notes regarding 4.2.1 firmware here.
First determine which bootrom is on your iPhone. This tutorial is only for those with an old bootrom.
If you have a new iPhone 3G S (purchased after October 13, 2009) it may have a newer version of
iBoot. This updated iBoot (359.3.2) was created specifically to hamper the jailbreaking process.
You may be able to check prior to purchase by looking at the serial number of the phone. This may
not be a definitive check. Look at the fourth and fifth digits. This is the week the phone was
manufactured. If that number is 40 or higher than you just might have this new iBoot.
Here is how you definitively check your iBoot version. Place the iPhone into DFU mode: have the
phone connected via USB, turn it off. Press and hold the Home and the Sleep/Wake buttons for ten
seconds. Then let go of the Sleep/Wake button and continue holding the Home button for 10 seconds.
The screen will appear black but it will be on.
Click on the Apple in the top left corner of your screen. Select About This Mac. Click the More
Info... button on the pop up that appears. Under the Hardware menu select USB. Now go to the USB
High-Speed Bus menu and look for the Apple Mobile Device (DFU Mode). In the Serial Number field
look for SRT:[iBoot-XXX.X]. Your version number is here. My version, pictured below, allows the
jailbreak to function. To leave DFU mode, simply continue holding the Home and Sleep/Wake buttons
until the iPhone reboots.
If you have a new bootrom you'll have to first restore your iPhone to 4.2.1 firmware and then use
redsn0w for a tethered jailbreak. Of course you just blew your chance at unlocking since you've
updated your modem firmware by restoring to new firmware. I will not make a tutorial for this as
I don't own a new bootrom iPhone 3G S. You could look at my simulated tutorial for the iPhone 4
which also uses redsn0w for a tethered jailbreak
Old bootrom users continue reading.....
Download PwnageTool 4.1.3 Unlock Edition
Download the bundle file from Update 3 of the previous link. You should now have these two icons
on your desktop.
Double click the PwnageTool file to decompress it and then drag the PwnageTool.app icon to your
Double click the bundle zip file. This file will appear.
Right click the PwnageTool.app icon, then select Show Package Contents
Click the Contents folder, then click the Resources folder, then click the FirmwareBundles folder.
Place the bundle on your desktop into this folder. You should have two iPhone 2,1 files in this
folder now. You can either run the PwnageTool application from your desktop or place it into your
Download 4.2.1 firmware for the iPhone 3G S from Apple here:
Launch PwnageTool. Click Expert mode and click the iPhone on the left. It will have a green
check mark on it. Click the blue arrow.
Double click Browse for IPSW...
A file browser window will appear. Navigate to your 4.2.1 firmware file, select it and click Open.
Click General and a check mark should appear. Click the blue arrow.
At the General settings screen make sure that you do NOT check the Activate the phone box.
Redsn0w will take care of hacktivation (and dehacktivation later) so that this is handled properly.
Click the blue arrow.
At the Cydia settings screen you can choose to include Cydia programs in your custom firmware.
Click the blue arrow.
The Custom packages settings screen will display any programs you've chosen from the previous
screen to include in your custom firmware. Click the blue arrow.
Click Build. It should have a check mark. Click the blue arrow.
Name your custom firmware file.
You will now see this screen while your custom .ipsw is assembled. This stage is five to ten
minutes long depending on your computer's speed.
You will be prompted to enter your system password. There is nothing nefarious in this request, the
reason it is asking is because it is creating your firmware and running commands as the root account
(or superuser) on your computer. There are various processes where unmounting and mounting of a
file systems is necessary. This is performed while using a system UID of 0 which causes the prompt
for a system password. The root access is only for the creation of the ipsw file. So it's
As soon as it finished building the firmware, the instructions for entering DFU mode began.
If you miss this process you'll wind up seeing this screen next.
If this happend to you just click Yes. The instructions will then repeat. You will be prompted to
press and hold the home and power buttons.
You will be prompted to release the power button.
You will be instructed to continue holding the home button. The countdown may freeze at 6 seconds,
this is okay.
You should now be in DFU mode. Click OK, close PwnageTool.