Jailbreaking and unlocking the iPhone with PwnageTool

Updated: June 4, 2012

Who is this guide for?
  • iPhone 3G S and iPhone 4 only!
  • Supports firmware up to 5.1.1.
  • For unlocking options view this page.

Thanks again go out to the iPhone Dev Team for providing this amazing, and FREE program for customizing the iPhone. You can visit their blog here. You can read their notes regarding this jailbreak here.

I'm only making this one tutorial for PwnageTool. I'm not going to make a new incarnation of this tutorial every time a new firmware comes out. The only thing that would change would be the screen shot of the latest firmware. I consider PwnageTool to be subordinate to redsn0w as redsn0w has the ability to stitch SHSHs and APTickets to firmware so that you can restore with them forever. PwnageTool can not do this.

The real advantage PwnageTool has is the ability to pre-install the jailbreak and your Cydia programs into your firmware file so that when you restore your iPhone is immediatley jailbroken, and all your programs are ready to go. Keep in mind you can create an PwnageTool custom firmware file then import that into redsn0w to have it stitch your SHSH and APTicket into it. This would be the ideal method of jailbreaking and restoring again and again.

Please read my disclaimer before proceeding. You've been advised. What you do to your iPhone is your responsibility and no one else's.





Step 1.

Download PwnageTool from the iPhone Dev Team here. Decompress this file and install it into your Applications folder. Overwrite any previous versions.

iPhone




Step 2.

Click Expert Mode, then select the iPhone. Click the blue arrow.

iPhone



Double click Browse for IPSW...

iPhone



Select the firmware you want to use and click Open. Note: Screen shots and instructions may discuss older firmware. You can use newer firmware with this program.

iPhone



Click General, then click the blue arrow.

iPhone



Your options are to activate the phone, which you would only check if you do not have a valid SIM to activate the iPhone with. This SIM doesn't even need to be active to work. You can use AT&T, AT&T GoPhone, Cingular, or H2O.

Enable baseband update means what it says. You never want to check this box if you need to be unlocked.

Re-enable functionality should be pretty obvious.

You can also adjust your root partition size. You would do this if you need more space for applications installed via Cydia. You would also do this if you are pre-installing a lot of Cydia software. The default should be fine for most.

Click the blue arrow when you are done.

iPhone



Cydia settings. Based on Saurik's advice (the creator of Cydia), I ignore the Cydia settings screen in PwnageTool. It is better to install any applications you need from Cydia directly. I've found problems when using this screen to automatically install programs. This screen is meant for preinstalling Cydia software into the custom firmware file so that you don't have to redownload the software everytime you restore.

If you want to pre-install software anyway, click Download packages, then click Refresh. A list of programs will appear for the source selected in the drop down box. By default it is apt.saurik.com. This is how you select what to have installed in your custom firmware. Select a program from the list and click Add to queue. It will download the program.

iPhone



Then click the Select packages tab and you'll see your programs listed. You must click the check boxes next to each program if you want them installed.

Click the blue arrow when you are done.

iPhone



Custom packages settings by default has Cydia checked. This screen is for any additional programs that you may have that you want installed with the firmware upon restore.

Click the blue arrow when you are done.

iPhone



Click Build then click the blue arrow.

iPhone



You will be prompted to name your custom firmware file. By default the word custom is included.

iPhone



It will take a few minutes to build your firmware.

iPhone



If you should receive a failure message, then start over. Close and restart the PwnageTool program.

iPhone



You will be prompted to enter your system password. There is nothing nefarious in this request, the reason it is asking is because it is creating your firmware and running commands as the root account (or superuser) on your computer. There are various processes where unmounting and mounting of a file systems is necessary. This is performed while using a system UID of 0 which causes the prompt for a system password. The root access is only for the creation of the ipsw file. So it's completely harmless.

iPhone



You can either restore with this firmware file, or you could take it over to redsn0w and stitch your SHSH and APTicket to this firmware so that you can always restore with it even if newer firmware is released! See my downgrading/restoring older firmware tutorial here for more information.

You will be prompted to connect your iPhone to your Mac, if it isn't already.

iPhone



As soon as it finishes creating your firmware you will be walked through placing your iPhone into DFU mode. You will not be prompted to do this, so if you miss this, just select yes when it asks if you want to try again. You will have 5 seconds to press and hold both the Power (sleep/wake) and Home buttons.

iPhone



You will then press and continue to hold both the Power (sleep/wake) and Home buttons for 10 seconds.

iPhone



You will be prompted to release the Power (sleep/wake) button.

iPhone



Continue holding the Home button for 10 seconds. The program may appear to freeze before the 10 seconds is up. That's okay.

iPhone



You are now in DFU mode. Click OK. The iPhone's screen will appear black, but it is actually on. You can close PwnageTool at this time.

iPhone




Step 3.

Launch iTunes and you'll receive this pop up.

iPhone



iTunes will look like this.

iPhone



Press the Option key on your keyboard, and click the Restore button in iTunes. In the pop up window that opens, navigate to the custom .ipsw file that was just saved by PwnageTool. Click Open.

iPhone



Click Restore at the pop up message afterward. Note: I'm restoring this while 5.0.1 firmware is still the current firmware. If you want to use this custom firmware when it is no longer current then you'll have to take the firmware file into redsn0w and stitch your iPhone's SHSH and APTicket to the file. You can see my redsn0w tutorials for more on this.

iPhone



iTunes will display various status messages while the restore process proceeds. The iPhone's screen will turn white, and you'll see this status bar graphic on the iPhone as the installation process continues.

iPhone




Step 4.

The iPhone will reboot when finished. Set up your iPhone normally. You are now jailbroken, and the Cydia icon should be on your springboard.

iPhone       iPhone




Step 5.

Next, unlocking the iPhone with ultrasn0w. Press the Search button. Enter ultrasn in the search box and it will appear. Press it.

iPhone       iPhone



Install the program. Reboot when prompted. You are now unlocked.

iPhone       iPhone







Return to top of page