PwnageTool 4.01 – Mac & Sn0wbreeze 1.6.2 – Win are only capable of Jailbreaking devices with old bootrom. Because, to jailbreak a new bootrom we need to find an new exploit within the new bootrom. But, with little hard work you could jailbreak your iPhone 3GS [New Bootrom] running iOS 4, only if you have your SHSH Blob saved for 3.1.2. (Users who have SHSH Blob 3.1.3 are out of LUCK).

As we mentioned yesterday, this will be a tethered Jailbreak. That means, ever time you turn off your device you would need to jailbreak you device again.

Warning: This is only for Advance users. Please do it on your own risk. We will not be responsible for any damage or breakage of your phone.

Many thanks to @iH8Sn0w for putting up this tutorial.

If you not comfortable please don’t attempt this tutorial – @iH8Sn0w mentioned that he will be working on a tool. Which should be much easier to use, than this tutorial. So wait for it.

**BEFORE PROCEEDING, ENSURE THAT YOU HAVE YOUR PHONE BACKED UP!**
——-
WHAT YOU WILL NEED:

* An iPhone 3G[S] — new bootrom
* 3.1.2 SHSH blobs.
* difrnt’s iBSS grabber
* Payload Pwner for the 3GS
* sn0wbreeze V1.6.2
* iBooty
* LibUSB (64-Bit users read carefully!!!)
* 3.1.2/4.0 3GS firmware downloaded.
——-
STEP A : Grabbing your 3.1.2 iBSS file.

Pointing your hosts :

I : If you have your shsh blobs saved on Cydia/Saurik’s server then follow this tutorial. — http://saurik.com/id/12

II : If you have it saved with TinyUmbrella, then download the GUI here. — http://thefirmwareumbrella.blogspot.com/
——-
Restoring to grab the iBSS file.

I : Place your device in DFU.

II : Start up the iBSS/iBEC grabber.

III : Put the save folder on a new folder on your desktop.

IV : Hit “Start Monitoring”.

V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
——-
Saving your iBSS

I : After Restoring, Go to the folder that you have specified to save your iBSS file.

II : You will see folders like (Per**.tmp). Go into one of them, and you’ll see a folder called “Firmware”. Go there. Then go to the folder “dfu”.

III : Copy the iBSS file to a safe place, then you can remove the folder created by the iBSS Grabber.
——
STEP B : Creating custom 4.0 firmware.

I : Download sn0wbreeze from http://ih8sn0w.com and create your custom 4.0 ipsw.

*Ignore the warnings after browsing for the ipsw.*
——
STEP C : Installing LibUSB for iRecovery

Run this mini tool to detect your O/S + Arch. — Windows + Arch. Detector

*********
WARNING : IF LIBUSB IS NOT INSTALLED PROPERLY, YOUR USB MIGHT NO LONGER WORK!
*********
Windows XP Users download this installer — LibUSB Installer
*********
Windows Vista/7 users RUNNING 32-Bit:

* Download the installer and run it in compatibility mode for Windows XP.

*********
If you are a 64-Bit user, follow this tutorial — LibUSB 64-Bit Tut
*********

Once LibUSB is installed iRecovery should be able to function now.
——-
STEP D : Pwning iBSS + iBoot

I : Download this easy tool here — Payload Pwner for 3GS // It will help you create the payloads.

**SAVE THE PAYLOADS WHERE iBooty is.**
——-
STEP E: iBooty Prep.

Most of you know of the utility “iBooty” that I made for Aki_nG.

It will work as long as you place all of the correct files there.

I : Download iBooty GUI here — iBooty for 3GS and Extract it.

II : Extract your Custom IPSW created by sn0wbreeze with 7-Zip or another un-archiver.

III : Grab the kernelcache and bring it into the same folder as ibooty.
Also grab the iBEC from the folder “Firmware\dfu\iBEC.n88ap.RELEASE.dfu”

IV :
* Rename your iBSS 3.1.2 signed to “ibss312.dfu”
* Rename your Kernel 4.0-Custom to “kernel.40″
* Rename your iBEC 4.0-Custom to “ibec40.dfu”
======
Your folder should look like this :

- iboot.payload <– Created with Payload Pwner.
- exploitibss312 <– Created with Payload Pwner.
- ibec40.dfu <– Grabbed from Custom IPSW made by sn0wbreeze.
- irecovery.exe <– Comes with iBooty.
- readline5.dll <– Comes with iBooty.
- iBooty.exe <– Comes with iBooty.
- ibss312.dfu <– THIS NEEDS TO BE YOUR iBSS from the restore!
- kernel.40 <– Grab from Custom IPSW made by sn0wbreeze.
- sn0w.img3 <– Comes with iBooty.
======
——-
STEP F: Restoring to 4.0 + Booting
——-
*MAKE SURE YOU ARE ON 3.1.2 WHEN DOING THIS*

I : Run iBooty and Select “Prepare Device for Custom Firmware”. Run the Process and if you see a snow flake, you can proceed!

II : Now open iTunes and restore to the custom ipsw.

***WHEN DONE, YOUR DEVICE WILL HAVE A BLACK SCREEN AND NOT BOOT! ITS IN A DFU LOOP [THIS IS NORMAL!]***
——-
STEP G : Booting

I : Just Re-Run iBooty and select “Boot It”. If all goes well it will boot!
——-
Enjoy!
——-
Hopefully I can get a tool out there that will make all of this much easier. Of course, that only happens when I get bored from ppl msging me on Twitter =p

To know more about iPhone Jailbreaks,  you can always follow us on twitter @machackpc and/or follow us on Buzz machackpc and/or join our facebook fanpage to keep yourself updated.

Articles you may be interested in

• Fix YouTube/Error 2 iTunes Restore Issues with Sn0wBreeze v1.6.2 Jailbreak
• Fix iPhone 3G iOS 4 APN/MMS issue when Jailbroken w/ Redsn0w
• Downgrade your iOS 4 iPhone 3GS, 3G or iPodTouch to 3.1.3 or 3.1.2 [Windows]
• iPhone 3GS iOS 3.1.3 on Spirit Jailbreak ? You can now upgrade to iOS 4 & Jailbreak it.
• Very Important – iPhone 4, users grab your SHSH Blob Now! & How