Note: This tutorial is for iPhone 3GS and MAC users only. Windows users subscribe to my blog or follow me on Twitter, so that I can give you a heads up when the windows jailbreak tool(Redsn0w) for 3.1 is out!
Let’s find out under what conditions this tutorial will work:
- If you have an iPhone 3GS 3.0/3.0.1 which is already jailbroken with either redsn0w or pwnage then you can use this tutorial.
- If you have an iPhone 3GS running 3.1 firmware and have saved SHSH to Cydia , then you can downgrade to 3.0. Once you are done downgrading, you can use the tutorial below.
- If you have an iPhone 3GS running 3.1 firmware but didn’t save SHSH to Cydia, then you CANNOT use this tutorial as it won’t work.
.
(In a nutshell, this tutorial is for iPhone 3GS users who are on 3.0 or 3.0.1 firmware. If you updated to 3.1 without saving your SHSH to Cydia then this Pwnage 3.1.3 release is useless for you)
Here are the steps to jailbreak iPhone 3GS 3.1 firmware using Pwnage 3.1.3:
1) Create a folder named Pwnage on your desktop. In that folder download the following files
i) Pwnage 3.1.3: Download it from here – Link 1 or Link 2
ii) iPhone 3GS 3.1 firmware: Download it from here – Link
(Please use firefox instead of safari if not it will be downloaded as a zip file)
2) Mount PwnageTool 3.1 by double clicking PwnageTool_3.1.dmg and drag the PwnageTool icon that opens up, into the Pwnage folder.Then from the Pwnage folder double-click PwnageTool application.
3) Select “Expert Mode” from the top menu bar.
4) Select your iPhone (In this case iPhone 3GS) and click the blue button to continue.
5) Now browse for the IPSW file. Remember you downloaded it in Pwnage folder. (In some cases it may automatically be found).
Click on the IPSW file, if you do it right, a green check mark will appear next to it. Now click the blue button to continue.
6) On the following screen you will see 7 different options.
Inside General settings DO NOT CHECK ‘Activate the phone’ option. Repeat: Since you are using an iPhone 3GS, irrespective of whether you are on an official carrier or not, you always need to make sure that the option is UNCHECKED.
Increase the size of the root partition slightly. To about 695 MB. Then click blue button.
Skip the Bootneuter settings by just clicking the blue button.
You will then be taken to Cydia settings where you can create custom packages so you don’t have to manually install them later.
Select the Download packages tab. Then click the Refresh button to display all the available packages. Double click the package that you want to download in order to make it available in the Select Packages list.
In the Select Packages tab, check the packages you want and click the blue arrow button.
On the following Custom Packages Settings screen. Leave all the settings as it is and click the blue arrow button.
You will then reach the boot logo settings. Just skip this step and click the blue button.
7) On the following screen click the “build” button to start the pwnage process (i.e build your own IPSW file).
8 ) Save the custom firmware(IPSW file) in Pwnage folder on the desktop (which you created in step 1) and wait for about 15 mins for it to be built.
9) Enter your administrator password.
10) Whether or not your iPhone has been pwned before just select NO on the next screen.
11) Keep your iPhone connected to your mac and switch it off, when indicated.
12) Now the part where you have to pay rapt attention and follow directions to enter DFU mode.
i) Hold the home and power buttons for 10 seconds.
ii)Release the power button and hold the home button for 10 seconds.
On doing this you will get a notification that reads successfully entered DFU (recovery) mode.
13) In iTunes, hold the Alt/Option key and click restore simultaneously. A new window will open where you can select the CUSTOM firmware that you built in step 7.
14) Browse to the Pwnage folder on your desktop.Select iPhone2,1_3.1_7C144_Custom_Restore.ipsw file and click the choose button. (REMEMBER: you have to choose CUSTOM IPSW in this step)
15) iTunes will then restore your iPhone 3GS using the custom firmware in about 15 minutes.
16) You will then get the option of setting up your iPhone either as a new phone or restoring from backup.
17) Now just restart your iPhone and you will find cydia on your springboard. Hurray you are done 
NOTE: Once you are done jailbreaking, you can unlock your iPhone 3.1 using ultrasn0w to use any carrier! Here is the tutorial – Link .
{ 21 comments… read them below or add one }
The dev team blog post states that if you pwned your 3GS at 3.0 or 3.0.1 then this tool will jailbreak it. What if it was pwned and then updated to 3.1?
whoa 3.1.3…
This PwnageTool 3.1.3 BaseBand 05.11.07 Support ?
or BootLoader 05.09 Support ?
thanks…
i Building IPSW…
Sry For my bad englisht
my iPhone
Uptaded 3.1
Bootloader 05.09
BaseBand 05.11.07
How to Unlock
(((( 
(
@khanage Yes that’s true. But irrespective of whether you have pwned before or not, if you have updated to 3.1 then you can’t jailbreak your iPhone using Pwnage 3.1.3.
However, there is an exception, if you have saved SHSH to cydia after updating to 3.1, then you can carry out the jailbreak process. Lemme know if you are still confused.
@neFos I am sorry my friend Pwnage 3.1.3 doesn’t support 05.11.07 baseband. As of now there is no solution to your problem.
Will definitely let you know when an unlock solution presents itself for bootloader: 05.09 and baseband firmware:05.11.07
Hi everybody…
I tried to follow each step as mentioned but It doesnt work during the restore from the custom.ipsw… iTunes shows error 1600 and I cant restore my iPhone…
Any idea?
Thanks
Hi. It is giving me the following error: “the iphone coupld not be restored because the firmware file is not compatible” Any ideas how to fix this? Thanks. You can email me at jonathankgonzalez@yahoo.com Thanks!
@Amedeo You can use iREB to get rid of 1600 error and restore your iPhone. Click on the link below for more details
http://www.digitalmarketingtalk.com/iphone/how-to-get-rid-off-16xx-or-21-error-in-itunes/
@KENNETH Do you have an iPhone 3G or 3GS
If iPhone 3G – Use this firmware file:
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-6600.20090909.AwndZ/iPhone1,2_3.1_7C144_Restore.ipsw
iPhone 3GS – Then this one:
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-6609.20090909.mwws4/iPhone2,1_3.1_7C144_Restore.ipsw
After using the right custom firmware, you wont get the error.
Let me know if you are on iPhone 2G.
Rohit, I updated my 3gs via itunes without backing it up on cydia. Is there no way to jailbreak it now? Can I still downgrade it, so then I can jailbreak 3.1? Please advise… I know it was stupid to update it, but was excited for MMS. I tried using this process several times and got the error message 1604, at first i thought it was Itunes so I tried pretty much every version, but when I try restoring using the custom restore that was created by pwnage, I still get the same message. So again, is there no way to jailbreak it now? Please let me know bud… Thanks!!
@SRS Since you haven’t backed up on cydia you cannot downgrade your iPhone. In order to get rid of 1604 or any 16XX error follow this tutorial.
http://www.digitalmarketingtalk.com/iphone/how-to-get-rid-off-16xx-or-21-error-in-itunes/
After going through the tutorial if you need some visual aid here is a iREB video I found on youtube (It’s not my video).It will kinda assist you thru the steps.
http://www.youtube.com/watch?v=TymOsKDQslg
Hope that helps.. Cheers!
Hey Rohit,
Thanks for the quick response. But this will NOT work for 3GS correct?
@SRS The latest version: iREB 3.1-3 works for 3GS
U is the Man!! thanks for ur help bud…
Hey Rohit,
apologies but I am still a bit confused. I don’t think they make an iREB 3.1-3 for Mac. Correct me if I am wrong.
Hi Rohit,
I have a iPhone 3G Everything went well, but now I have no signal. I am on AT&T with no signal. I didnt check the option of activate iPhone. Any solutions? Thanks
I did it with my 3gs and everything went well. I had did the backup on cydia since my 3gs was already pwned through redsnow. Everything was fine until I installed winterboard and then when it said reboot device, it went into that mode and now it will not come out of it! powerbook wont pick it up, power button and home button no go as well! Please help cuz as of right now my phone is unresponsive. it will not even vibrate when I plug it to power source
@SRS Sorry about that
@Kenneth Sometimes after the jailbreak AT&T signal goes bad on the phone. Many have faced this problem and the only way they could get back the signal was by using ultrasnow.
Since you are a 3G user follow this tutorial and once u have installed ultrasn0w ur iPhone should be able to receive any carrier signal including AT&T.
Follow this tutorial
http://www.digitalmarketingtalk.com/iphone/how-to-unlock-iphone-3g3gs-firmware-3-1-2-to-use-any-carrier-via-ultrasn0w/
@Yusuf I just wrote a post on how to solve the issue of iPhone being stuck on Apple logo after installing any Cydia application (including winterboard). Follow this link:
http://www.digitalmarketingtalk.com/iphone/solution-if-iphone-is-stuck-on-apple-logo-after-installing-any-cydia-application/
Exclusive Jailbreak iPhone / iPod firmware 3.1.3 year 2010 at
www mob2all.com