• Your favorite








    , and
  • [GUIDE] Jailbreak 3.1 with PwnageTool 3.1.3

    This will walk you through jailbreaking your iPhone / iPhone 3G / iPhone 3G[S] with an end result of a jailbroken 3.1 device. This will only work on a Mac.

    If you have a 3G[S], you will need to have ALREADY jailbroken the device at a previous 3.xfirmware (3.0 or 3.0.1) in order for this to work. If you have a 3G[S] which came at or has already been upgraded to 3.1 through Apple, this release of PwnageTool (3.1.3) WILL NOT WORK.

    Alright, download PwnageTool 3.1.3 from here:

    MMi Member Mirror

    You will also need the 3.1 firmware file for your device. We recommend you download the firmware file with FireFox, as Safari tends to mess with the extension with default values. If you have not already clicked the "download but don't install" option for 3.1 in iTunes, you can download the 3.1 firmware for your device here:

    iPhone 2G
    iPhone 3G
    iPhone 3G[S]

    Once you've downloaded the PwnageTool application, and placed it in your Applications folder on your Mac, double-click it to run it.

    You may be shown the Mac warning "'Pwnage Tool' is an application which was downloaded from the Internet. Are you sure you want to open it?" Go ahead and click Open.

    Click OK on the Copyright screen that pops up.

    This version of PwnageTool checks back for updates, so click Allow if OS X asks you if PwnageTool can connect to iPhone Dev Team Portal [iPhone Dev Team] and wikee.iphwn.org.

    Now choose the device you're wanting to jailbreak. For this guide, I'm upgrading my 3G to 3.1 jailbroken. PwnageTool now classifies both the 3G and the 3G[S] under the 3G[S] image on their main screen, so we'll click that. The option would be the same for 3G[S] users.

    Now we'll want to search for our 3.1 firmware bundle (which you downloaded in the beginning of the guide - links above). PwnageTool will most likely find it on its own, but if not you can browse to the firmware file. Make sure it is in .ipsw format (Safari tends to download and uncompress it with default values, which is why we recommend using FireFox to download the file).

    Pwnage Tool should confirm the file. If it does not, you downloaded the wrong firmware or are not using the .ipsw format, and should download the firmware again, using FireFox.

    Next up, PwnageTool lets you know it'll be building a custom .ipsw on your desktop. Hit Yes.

    You'll be asked if you have a legitimately activated contract that activates through iTunes. U.S. T-Mobile users obviously don't. Answer this one truthfully, as it determines whether PwnageTool will activate the phone for you or not. U.S. AT&T users can click Yes assuming you're on a legit iPhone plan through AT&T.

    Now PwnageTool will build the .ipsw file for you. This will take up to 10 minutes, and at some point you'll be asked to provide your computer's password, do so.

    You'll wind up with a successful .ipsw file created on your desktop. Now that we've got that, we'll want to close PwnageTool (Apple+Q quits), and open iTunes and restore with this file.

    Open iTunes (it's ok if it was already open), and with your iPhone connected, hold down the Power and Home button together for about 25 seconds. You should see the Connect to iTunes screen, and iTunes should pop up a window letting you know its found an iPhone in recovery mode.

    Make SURE you HOLD DOWN THE OPTION KEY while pressing Restore - this will bring up a window asking you which file you'd like to restore with. Choose the custom .ipsw you just made. Make sure you are NOT choosing the stock 3.1 file you might have downloaded earlier.

    Now you just sit and wait for 15-20 minutes while iTunes updates your iPhone for you. You'll see a flurry of messages, and your iPhone will cycle through a few different screens including a Pwnapple and the Apple screen with the loading bar as the firmware updates.

    When all's said and done, you will see iTunes ask you to set up as a new iPhone or restore from backup - either way is fine! Restore from backup puts back all your contacts, calendars, settings, etc.

    That's it!
    This article was originally published in forum thread: [GUIDE] Jailbreak 3.1 with PwnageTool 3.1.3 started by Kyle Matthews View original post
    Comments 419 Comments
    1. The Maestro's Avatar
      The Maestro -
      Quote Originally Posted by klonaton View Post
      I have a 3GS, perviously unlocked on 3.0. I tried using the new pwnage tool to upgrade to 3.1, but now I can't get any cell signal. I know the new pwnage doesn't unlock for you, but it won't break a previous unlock, will it?
      im having the same problem but im on at&t idk wtf thats about, ive tryed everything
    1. tonev's Avatar
      tonev -
      Quote Originally Posted by SINC View Post
      Hey guys.. i also need some clarification. If I buy a non-jailbroken 3.01 3GS (unlocked from apple), therefore not previously jailbroken, can i jailbreak it using the previous tool, then update to 3.1 with this Pwnage tool? is that correct? It would mean that I wouldn't have any of the ibSS or ECID information. if i jailbreak, upgrade to 3.1 will that mean that if my phone screws up and I need to do a restore... i can restore with this tool to 3.1 in the future?

      Sorry, just need that clarified before i go out and bust my *** trying to find a 3.01 phone and spend that doe for nothing.

      Cheers guys, SINC
      If you get a 3.0.1 then you can jailbreak with redsn0w. You can then upgrade to JB 3.1 with this new version of pwnage tool.

      You are unable to get your iBSS and ECID with the old method of copying from the itunes temp folder anymore. (as far as im aware, but i could be wrong)

      Once installing Cydia you may be able to still put your hashes(ECID iBSS) on their.

      Hope this answers all your questions.
    1. klonaton's Avatar
      klonaton -
      I've tried redsnow'ing back to 3.0, and it hung up two times at "downloading jailbreak". I've Pwnage tool'ed two or three times and each gets me to the carrier-less, bar-less state.

      Anyone got any ideas, success stories?
    1. neonsector's Avatar
      neonsector -
      Quote Originally Posted by Frostbite View Post
      Ok I am doing some research and I have discovered a similar problem happened with 2.0. Apparently it says we should ensure its in "recovery mode" instead of DFU. I didnt know there was a difference. anyone know how to go from DFU to recovery?

      turn the phone off, hold down the home button while you turn the iphone back on, that will put it in recovery mode
    1. morokcn's Avatar
      morokcn -
      same here, here's how to fix it:

      create another customized ipsw, make sure you DO NOT have "General Settings" -> "Activate the phone" checked if you are a ATT user
    1. neonsector's Avatar
      neonsector -
      Quote Originally Posted by The Maestro View Post
      im having the same problem but im on at&t idk wtf thats about, ive tryed everything
      you can install ultrasn0w from cydia and run it or you can go back and rebuild the file and make sure you uncheck the activate box.
    1. sgt sm00th's Avatar
      sgt sm00th -
      Big Warning - I restored to custom 3.1 via pwnagetool and it was all good....until I installed winterboard.

      It sent my phone into a boot-loop......I'm currently biting the bullet because I've been working on my phone for 2 hours now with no success and I'm upgrading to 3.1 (apple signed). I cannot restore to custom 3.1 because I get error 1600....regardless of DFU or recovery mode. I'm FAR from an iphone jailbreaking newb and can tell you that either this pwnagetool wasn't ready or winterboard needs to be updated.

      Learn from my mistakes - DO NOT INSTALL WINTERBOARD RIGHT NOW.....it jacked up my phone bad
    1. neonsector's Avatar
      neonsector -
      Quote Originally Posted by pikoman View Post
      It works but not showing the carrier ... any solution???
      just download make it mine from cydia
      I had the same problem, also I had to redo the 6.0 carrier firmware in order to get mms again.
      I had the activate phone checked when I created the restore file so I had to reinstall untrasn0w and I got signal
    1. klonaton's Avatar
      klonaton -
      Resolved my no signal issue by re-unlocking with ultrasnow. Everything minus carrier name) is working fine now. Thanks devs!
    1. iPhoneKid1982's Avatar
      iPhoneKid1982 -
      SGT so what did you do I had a similar problem am I screwed for the time being?
    1. noiwontsmile's Avatar
      noiwontsmile -
      I went through the guide and have run into a snag...

      When I put the iPhone into Recovery Mode all I get is a blank screen. iTunes sees that the phone is in recovery mode and prompts me to restore. I try to restore and end up with "The iPhone "iPhone" could not be restored. An unknown error occurred (1600)."

      Any ideas? Phone isn't responding to anything...
    1. knexlegend's Avatar
      knexlegend -
      After you have created the custom ipsw, copy it to your Windows Computer and try restore it on there. I got that error when connected into my apple, but no my windows.
    1. sgt sm00th's Avatar
      sgt sm00th -
      IPHONEKID - If you have itunes host file pointed to Saurik's server and have a ECID on file.....you can restore to 3.0 or 3.0.1, then jailbreak it from there.

      I was pi$$ed off so I just upgraded to 3.1 (apple signed) because I didn't just sacrifice my Friday night for nothing. I might attempt to downgrade in the future, but until then.....I'm going legit.
    1. damniphone's Avatar
      damniphone -
      When is this coming out for windows??
    1. sgt sm00th's Avatar
      sgt sm00th -
      MODS - can you keep an eye on this winterboard issue and if it keeps occurring....please make a note on the front page not to install winterboard until this is worked out.

      I'd hate for everyone to temporarily brick their phone over something that can be avoided. Let's face it 99% of the people who JB install winterboard and if this issue is global.....it's not going to be good.
    1. Frostbite's Avatar
      Frostbite -
      OK I restored to 3.0 re-jailbroke than put into RECOVERY mode and tried to upgrade using the expert mode and simple and got 1600 both times. I am 10.6 and running itunes 9.1. I have tried any combination of recovery, dfu, simple, and expert. Any other ideas people? the only other thing I can think of is installing itunes 8 which I do not wish to do..... At all
    1. sgt sm00th's Avatar
      sgt sm00th -
      Try downgrading the usb drivers like we had to do in a pervious JB...... i don't know if it would help, but I'm fresh out of ideas.
    1. Frostbite's Avatar
      Frostbite -
      Quote Originally Posted by noiwontsmile View Post
      I went through the guide and have run into a snag...

      When I put the iPhone into Recovery Mode all I get is a blank screen. iTunes sees that the phone is in recovery mode and prompts me to restore. I try to restore and end up with "The iPhone "iPhone" could not be restored. An unknown error occurred (1600)."

      Any ideas? Phone isn't responding to anything...
      I have tried everything, my advice is to restore to 3.0 and sit tight until someone has a firm resolution.

      iPhone 3G[S] 3.1 Jailbroken - PwnageTool 3.1.3 Released

      they are having the same issue.
    1. Red-Blitz's Avatar
      Red-Blitz -
      It worked! Yay! ok... do not install winterboard...
      Hope this gets fixed soon!, is it safe to install sbsettings? anyone?
    1. iPhoneKid1982's Avatar
      iPhoneKid1982 -
      SGT im pretty sure i saved my ECID in cydia but I dont know what to do from there havent had this problem before sorry to be a bother