Results 1 to 18 of 18

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Jailbreak iPhone 3GS, 4, ipt4g and atv2g on 4.1 using Windows and preserve baseband!

  1. #1
    Default Jailbreak iPhone 3GS, 4, ipt4g and atv2g on 4.1 using Windows and preserve baseband!
    Ok, so since sn0wbreeze seems to be way off I managed to find out a way to jailbreak the iPhone 3GS on Windows using a PwnageTool custom firmware.

    Firstly, this is not for the faint hearted, it's a pretty complicated procedure and you will want to make sure you read every step thoroughly. Follow these steps exactly and you will be jailbroken on 4.1 before you know it.

    Secondly this does not work on iPhone 3G or ipt3g/2g etc. Only iPhone 3GS, iPhone 4, iPod Touch 4G and Apple TV 2G can be jailbroken with this method. This method will work on any firmware (I did it on a new bootrom 3GS running 3.1.2).

    So, you will need a bunch of tools to get this working.

    iRecovery (THIS VERSION!)
    Greenpois0n latest version (greenpois0n - Mmmm...pois0n)
    A 4.1 firmware cooked by PwnageTool 4.1.2 (I can't link this, but Google might have the answer for you )

    You can create your own custom ipsw using VMWare, or you can find someone to send you one or possibly find one online somewhere. The firmware should be a PwnageTool 4.1.2 creation as 4.1 and 4.1.1 had the option to upgrade baseband.

    Once you have all of these files, here is what to do:

    Procedure:

    1. Put phone into Recovery mode (NOT DFU)
    While the phone is off, hold down the Home button and immediatly plug it into your computer.
    2. From a command prompt (Start>Run>"cmd"), change to the directory where you extracted irecovery, and enter irecovery -s followed by:
    1. setenv boot-args 2
    2. setenv auto-boot false
    3. saveenv
    4. /exit
    3. Run greenpois0n - it will guide you to DFU mode, then it will stop on a white screen after you click "Jailbreak".
    It should say "Jailbreak Complete!" and NOT "Jailbreak Failed!" next to the progressbar at the bottom.
    4. Extract the iBSS from your custom PwnageTool image (firmware.ispw/Firmware/dfu/iBSS.BoardID.RELEASE.dfu) into your irecovery folder.
    You can use WinRAR or another ZIP extractor to do this. IPSW files are really just ZIP files!
    5. irecovery -f iBSS
    iBSS should be replaced with the name of the iBSS that you just extracted from the pwnagetool image - ie iBSS.n88ap.RELEASE.dfu
    6. At a command prompt: irecovery -s
    1. setenv boot-args 0
    2. saveenv
    3. go image decrypt 0x41000000
    4. go jump 0x41000040
    5. /exit
    At the "go jump" point your device should appear to reboot. Whether it goes back to a white screen or shows the Connect to iTunes screen depends on the firmware image used.
    7. Shift + Restore your PwnageTool cooked firmware from iTunes.

    Good luck! - sbingner
    Credit for this goes to sbingner @ Top level
    Last edited by Cer0; 2010-10-28 at 08:35 AM.

  2. The Following 3 Users Say Thank You to bellyfrog For This Useful Post:

    32dave (2010-10-25), eyeRobot (2010-10-25), relkorama (2010-10-26)

  3. #2
    Can someone please confirm will this work for apple tv?

  4. #3
    It does work for Apple TV 2g

  5. #4
    I have problem at step 6. After I enter irecovery -s I can enter only one line and irecovery quit. I need to type again i recovery -s so I can enter 2nd line. And it will not reboot apple tv...

    I get jailbreak success from greenpoison but then apple tv is restarted and not in dfu or recovery mode...
    Last edited by zeljkotv; 2010-10-26 at 12:47 AM.

  6. #5
    Quote Originally Posted by zeljkotv View Post
    I have problem at step 6. After I enter irecovery -s I can enter only one line and irecovery quit. I need to type again i recovery -s so I can enter 2nd line. And it will not reboot apple tv...

    I get jailbreak success from greenpoison but then apple tv is restarted and not in dfu or recovery mode...
    Right, this won't work because you have to be able to saveenv for irecovery to save the settings before it exits.

    Do you have iTunes 10.0.1 installed? I had the same issue on another computer where I couldn't input more than one line at a time, after I installed iTunes 10.0.1 I was able to.

  7. #6
    Quote Originally Posted by bellyfrog View Post
    Right, this won't work because you have to be able to saveenv for irecovery to save the settings before it exits.

    Do you have iTunes 10.0.1 installed? I had the same issue on another computer where I couldn't input more than one line at a time, after I installed iTunes 10.0.1 I was able to.
    Its already itunes 10.0.1. How can I enter recovery mode on tv? I was doing it with menu plus down for 6 sec, and menu plus play for 6 sec. Is this right?

  8. #7
    Quote Originally Posted by bellyfrog View Post
    5. irecovery -f iBSS
    iBSS should be replaced with the name of the iBSS that you just extracted from the pwnagetool image - ie iBSS.n88ap.RELEASE.dfu
    6. At a command prompt: irecovery -s
    1. setenv boot-args 0
    2. saveenv
    3. go image decrypt 0x41000000
    4. go jump 0x41000040
    5. /exit
    At the "go jump" point your device should appear to reboot. Whether it goes back to a white screen or shows the Connect to iTunes screen depends on the firmware image used.
    7. Shift + Restore your PwnageTool cooked firmware from iTunes.
    Ok .. I'm having some major issues here. I have followed your instructions to the "T" .. but something just does not add up or work !!

    I have an iPhone 4 .. so the iBSS file I'm using from my custom iOS 4.1 firmware is iBSS.n90ap.RELEASE.dfu .. so, after running the greenpois0n exploit, my iDevice ends up with the white screen.. Jailbreak Complete .. no issues.

    Finishing the rest of the iRecovery commands .. this is where it gets weird. After I execute the command "go jump 0x41000040", my iDevice does that like reboot flash you mentioned, but it does not come up either White Screen or into Recovery Mode .. the screen on the iDevice is RED !!!!

    I execute iTunes, it states that the iDevice is in recovery mode, Shift-Restore, select my Custom IPSW .. when iTunes states that its preparing the iPhone for recovery, the iDevice screen just goes from RED to BLUE and iTune just sits there .. doing NOTHING !!!!

    I have tried your directions now 5 times with absolutely no success .. ALL times end with the same result of the iDevice having a BLUE screen and nothing happening.

    So .. did I miss something here ???

  9. #8
    Quote Originally Posted by zeljkotv View Post
    Its already itunes 10.0.1. How can I enter recovery mode on tv? I was doing it with menu plus down for 6 sec, and menu plus play for 6 sec. Is this right?
    Honestly I have no idea how to enter recovery mode on an Apple TV I don't have one, sorry.

  10. #9
    i am trying with my new bootrom 3gs with 4.1. but it always says jailbreak failed in greenpoison. is it possible to do it with limera1n? cheers

  11. #10
    Quote Originally Posted by dying4004 View Post
    i am trying with my new bootrom 3gs with 4.1. but it always says jailbreak failed in greenpoison. is it possible to do it with limera1n? cheers
    Why do you want to do a pwnagetool restore if you're already on 4.1?

    You can just do a straight up jailbreak with limera1n or Greenpois0n and have a jailbroken phone.

    I have no idea if this exploit will work with limera1n in place of Greenpois0n, the worst that can happen is you have to restore to stock 4.1. If someone wants to try it then it might help the people who don't have success with Greenpois0n if it works

    EDIT - and if Greenpois0n fails, your best bet is to try on a different PC (preferably one not running Windows 7 64 if that's what you're on), worked for me
    Last edited by bellyfrog; 2010-10-26 at 12:19 PM.

  12. #11
    i am trying to learn it as its a new thing. and my 3gs is factory unlocked so i dont have any prob trying.

    why greenpoison is so problemetic?

    bellyfrog: bro plz help me to understand why greenpoison is used in this procedure? is it used to put the iphone in dfu mode only? or is there any other special reason?

    if only for dfu then we can manually put iphone in dfu. though i tried with manual dfu and limera1n but dint work.

    bro if u get time then plz share some knowledge with me. i am willing to try it as much as possible as i got factory unlocked 3gs. cheers
    Last edited by dying4004; 2010-10-26 at 06:28 PM. Reason: Automerged Doublepost

  13. #12
    Quote Originally Posted by dying4004 View Post
    i am trying to learn it as its a new thing. and my 3gs is factory unlocked so i dont have any prob trying.

    why greenpoison is so problemetic?

    bellyfrog: bro plz help me to understand why greenpoison is used in this procedure? is it used to put the iphone in dfu mode only? or is there any other special reason?

    if only for dfu then we can manually put iphone in dfu. though i tried with manual dfu and limera1n but dint work.

    bro if u get time then plz share some knowledge with me. i am willing to try it as much as possible as i got factory unlocked 3gs. cheers
    The reason is that PwnageTool/Greenpois0n put your iPhone into a special DFU mode. When the phone enters DFU it injects an exploit to the phone which allows it to be jailbroken. That's why you can't just put it in DFU mode and expect it to work.

    Other people have had success trying different versions of Greenpois0n (someone in the other thread got it to work with Greenpois0n rc3 instead of rc4). I don't know if limera1n has the same DFU exploit so that's why it might not work. Since GP/Pwnage are both developed by Chronic Dev/iPhone Dev Team who work together, they share their exploits, whereas Geohot (limera1n) usually has his own exploits.

    I recommend you try some different versions of Greenpois0n and also try using a different PC if you can. Good luck

    FYI sbingner just created an automated irecovery which will save you from doing all the complicated command prompt stuff.

    PwnStrap
    Last edited by bellyfrog; 2010-10-27 at 11:49 PM. Reason: Automerged Doublepost

  14. #13
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    Quote Originally Posted by dying4004 View Post
    i am trying with my new bootrom 3gs with 4.1. but it always says jailbreak failed in greenpoison. is it possible to do it with limera1n? cheers
    Jailbreak your 3gs 4.1 at Home Screen with Limera1n.

  15. #14
    bellyfrog: bro thnx a lot for all the helps. finally i got greenpoison working and with rc3. thnx to the person who found out tht rc3 works.

    however, yesterday i installed leopard in my laptop. so now i can do it in normal way. cheers

  16. #15
    As I know, GP only works with iOS 4.1. How can I jailbreak the iphone with GP if I'm on 4.0.1. I can't upgrade to 4.1 because I need to preserve my BB due I rely on ultrasn0w?

    Thanks

    PD:The last question is for my 3gs. I have an Ip4 too, I tried the procedure using an 32 bit Windows but iTunes stucked on Waiting for iPhone. Any help will be appreciated.

    Quote Originally Posted by LordGeek View Post
    Ok .. I'm having some major issues here. I have followed your instructions to the "T" .. but something just does not add up or work !!

    I have an iPhone 4 .. so the iBSS file I'm using from my custom iOS 4.1 firmware is iBSS.n90ap.RELEASE.dfu .. so, after running the greenpois0n exploit, my iDevice ends up with the white screen.. Jailbreak Complete .. no issues.

    Finishing the rest of the iRecovery commands .. this is where it gets weird. After I execute the command "go jump 0x41000040", my iDevice does that like reboot flash you mentioned, but it does not come up either White Screen or into Recovery Mode .. the screen on the iDevice is RED !!!!

    I execute iTunes, it states that the iDevice is in recovery mode, Shift-Restore, select my Custom IPSW .. when iTunes states that its preparing the iPhone for recovery, the iDevice screen just goes from RED to BLUE and iTune just sits there .. doing NOTHING !!!!

    I have tried your directions now 5 times with absolutely no success .. ALL times end with the same result of the iDevice having a BLUE screen and nothing happening.

    So .. did I miss something here ???
    I have the same proble,m, did you find any solution?
    Last edited by edrojo; 2010-10-28 at 05:52 PM. Reason: Automerged Doublepost

  17. #16
    Quote Originally Posted by edrojo View Post
    As I know, GP only works with iOS 4.1. How can I jailbreak the iphone with GP if I'm on 4.0.1. I can't upgrade to 4.1 because I need to preserve my BB due I rely on ultrasn0w?

    Thanks

    PD:The last question is for my 3gs. I have an Ip4 too, I tried the procedure using an 32 bit Windows but iTunes stucked on Waiting for iPhone. Any help will be appreciated.



    I have the same proble,m, did you find any solution?
    GP isn't jailbreaking your phone, you are just using GP to inject an exploit to your phone which tricks iTunes into letting you restore to custom firmware.

  18. #17
    Can someone please try this with apple tv? I'm unable to restore... after jailbreak done with greenpoions, my apple tv is not recognized in itunes...

  19. #18
    You should try and tell us where the procedure goes wrong, what happens, what error you get etc etc.

    Have you tried the automated iRecovery method?

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •