Jailbreaking/unlocking the iPhone 3G S on 4.2.1 firmware using PwnageTool, redsn0w & ultrasn0w
Page 2 of 2
Launch iTunes. You'll receive a pop up about being in recovery mode. Click OK.
Press the Option key on your Mac and click the Restore button.
A file browser will open. Navigate to your custom firmware file (not the stock firmware file!),
select it and click Choose.
iTunes will restore the iPhone.
The iPhone will reboot and display the plug into iTunes graphic. Close iTunes.
Download redsn0w 0.96b6 from the iPhone Dev Team
You should have this icon on your desktop.
Double click the redsn0w file and it will place a folder on your desktop. Go into this folder and
place the redsnow.app file into your Applications folder on your computer. Overwrite any previous
Launch redsn0w. Click the Browse button.
A file browser window will open. Navigate to your stock 4.2.1 firmware, not the custom firmware.
A pop up window will appear.
Redsn0w will present a myriad of options.
- Install Cydia is for adding the Cydia program to gain access to the jailbreak community of
- Install custom bundle is for adding your own .tgz or .tar.gz files to the jailbreak. When
you select this a file browser window will open.
- Install iPad baseband is for unlocking the iPhone if your modem version is currently 5.14.02 or
higher. When you select this a warning screen will appear.
- Verbose boot lets you see code scroll on the iPhone when booting.
- Custom boot logo is for adding your own graphic in place of the Apple graphic on boot up. When
you select this a file browser window will open.
- Custom recovery logo is for adding your own graphic in place of the connect to iTunes graphic.
When you select this a file browser window will open.
- Deactivate is for those of you that want to use the Subscriber Artificial Module (SAM) program
on Cydia. This program (SAM), creates authentic activation tickets for the iPhone so that PUSH will
function correctly. SAM also has the side benefit of solving an issue where battery life is
decreased by those who do not have an authorized SIM card to activate with, and use ultrasn0w to
unlock with. The deactivate option works by replacing the modified lockdownd file (created during
the jailbreaking process) with a stock version. To make this work: jailbreak without checking
deactivate, install ultrasn0w, install SAM, run redsn0w again and then check the deactivate box,
then reboot. You can learn more about SAM
- Just boot tethered right now - is for those that are already jailbroken via a tethered method
and need only reboot, not jailbreak all over again.
- Just enter pwned DFU mode right now - walks you through DFU mode used for restoring purposes.
Make sure you iPhone is plugged in and turned off.
Instructions for entering DFU mode will appear. They start right away and go very quickly so try to
keep up! First hold down the Power (sleep/wake) button for three seconds.
Keep holding on to the Power button, and press and hold the Home button for 10 seconds.
Continue holding the Home button, and release the Power button.
Redsn0w will display various messages.
You'll see a graphic that says jailbreak data is being downloaded on the iPhone.
Done will appear in the program.
Scrolling code will appear on the iPhone.
You will see a few different messages (Installing base utilities, Replacing kernel, Flashing NOR,
Installing bundles, Activating, Syncing file systems, Rebooting) on your iPhone during the next
couple minutes. The iPhone will reboot once this has finished.
Your iPhone should now be activated and be at the springboard. Launch Cydia. It will show this
message for a minute and then the iPhone will respring.
Launch Cydia again. Make your selection at this screen and press the Done button. Press Upgrade
Press Continue Queuing. Press the Search button.
Type ultrasn, and then press the ultrasn0w entry when it appears. Press the Install button.
Press the Confirm button. The programs will be installed. When it finishes press the Reboot
Your iPhone should now be unlocked. Here I am on 4.2.1 firmware with 05.13.04 modem firmware. Note
I blur out my personal information on this screen.
This step is to help those that use ultrasn0w to unlock. We will be using the programs called
SAM (Subscriber Artificial Module) and SAMPrefs to fix the hacktivation process, which is supposed
to remedy any issues with proper push notification, and will also aid in longer battery life.
I find the use of this program to be nebulous as there as no documentation on what this program
really does, I'm not certain at all how to actually use it and interpret the various status reports
of the different states of the phone, and I have no results to provide as far as any activation,
push or battery issues being solved. Follow this step if you want to, but don't send me questions
about it. You can read about this program at the developer's site
Launch Cydia. Press the Manage button, press the Sources button, press the Edit button, press the
Add button. Enter repo.bingner.com then press the Add Source button. Press Return to Cydia when
Press Bingner at the top of the list. Install SAM and SAMPrefs.
Press Restart SpringBoard when prompted. Launch Settings and scroll to the bottom and press the SAM button.
The easiest way to remove the hacktivation that redsn0w performed is to press the Revert Lockdownd to
Stock button. The activation state will change to unactivated.
Press De-Activate iPhone. I waited about thirty seconds then assumed the program was finished and I
launched iTunes. I then received these pop ups. Note the activation state has changed. iTunes then
proceeded to sync.