Sunday, July 4, 2010

Jailbreak iOS 4 on iPhone 3GS (New Bootrom).....

yep..iOS 4 on iPhone 3GS with new bootrom can now be jailbroken..but there's a catch and a procedure..full details below..

credits to ih8sn0w...

-------------------------------------------------------------------------------------
Pwning 4.0 on New Bootrom 3G[S] w/3.1.2 SHSH Blobs
I wrote this all on the road with my iPad, so sorry if there is any major Grammar errors. If anyone points out any errors, I'll fix it up. Anyways...
-------
I figured making a tool would take a bit too long. So, i'm going to write up this tutorial. It isn't recommended for regular users.

**BEFORE PROCEEDING, ENSURE THAT YOU HAVE YOUR PHONE BACKED UP!**
-------
WHAT YOU WILL NEED:

* An iPhone 3G[S] -- new bootrom
* 3.1.2 SHSH blobs.
* difrnt's iBSS grabber
* Payload Pwner-r2 for the 3GS.
* sn0wbreeze V1.6.2
* iBooty
* LibUSB (64-Bit users read carefully!!!)
* 3.1.2/4.0 3GS firmware downloaded.
-------
STEP A : Grabbing your 3.1.2 iBSS file.

Pointing your hosts :

I : If you have your shsh blobs saved on Cydia/Saurik's server then follow this tutorial. -- http://saurik.com/id/12

II : If you have it saved with TinyUmbrella, then download the GUI here. -- http://thefirmwareumbrella.blogspot.com/
-------
Restoring to grab the iBSS file.

I : Place your device in DFU.

II : Start up the iBSS/iBEC grabber.

III : Put the save folder on a new folder on your desktop.

IV : Hit "Start Monitoring".

V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
-------
Saving your iBSS

I : After Restoring, Go to the folder that you have specified to save your iBSS file.

II : You will see folders like (Per**.tmp). Go into one of them, and you'll see a folder called "Firmware". Go there. Then go to the folder "dfu".

III : Copy the iBSS file to a safe place, then you can remove the folder created by the iBSS Grabber.
------
STEP B : Creating custom 4.0 firmware.

I : Download sn0wbreeze from http://ih8sn0w.com and create your custom 4.0 ipsw.

*Ignore the warnings after browsing for the ipsw.*
------
STEP C : Installing LibUSB for iRecovery

Run this mini tool to detect your O/S + Arch. -- Windows + Arch. Detector

*********
WARNING : IF LIBUSB IS NOT INSTALLED PROPERLY, YOUR USB MIGHT NO LONGER WORK!
*********
Windows XP Users download this installer -- LibUSB Installer
*********
Windows Vista/7 users RUNNING 32-Bit:

* Download the installer and run it in compatibility mode for Windows XP.

*********
If you are a 64-Bit user, follow this tutorial -- LibUSB 64-Bit Tut
*********

Once LibUSB is installed iRecovery should be able to function now.
-------
STEP D : Pwning iBSS + iBoot

I : Download this easy tool here -- Payload Pwner-r2 for 3GS // It will help you create the payloads.

**SAVE THE PAYLOADS WHERE iBooty is.**
-------
STEP E: iBooty Prep.

Most of you know of the utility "iBooty" that I made for Aki_nG.

It will work as long as you place all of the correct files there.

I : Download iBooty GUI here -- iBooty for 3GS and Extract it.

II : Extract your Custom IPSW created by sn0wbreeze with 7-Zip or another un-archiver.

III : Grab the kernelcache and bring it into the same folder as ibooty.
Also grab the iBEC from the folder "Firmware\dfu\iBEC.n88ap.RELEASE.dfu"

IV :
* Rename your iBSS 3.1.2 signed to "ibss312.dfu"
* Rename your Kernel 4.0-Custom to "kernel.40"
* Rename your iBEC 4.0-Custom to "ibec40.dfu"
======
Your folder should look like this :

- iboot.payload <-- Created with Payload Pwner.
- exploitibss312 <-- Created with Payload Pwner.
- ibec40.dfu <-- Grabbed from Custom IPSW made by sn0wbreeze.
- irecovery.exe <-- Comes with iBooty.
- readline5.dll <-- Comes with iBooty.
- iBooty.exe <-- Comes with iBooty.
- ibss312.dfu <-- THIS NEEDS TO BE YOUR iBSS from the restore!
- kernel.40 <-- Grab from Custom IPSW made by sn0wbreeze.
- sn0w.img3 <-- Comes with iBooty.
======
-------
STEP F: Restoring to 4.0 + Booting
-------
*MAKE SURE YOU ARE ON 3.1.2 WHEN DOING THIS*

I : Run iBooty and Select "Prepare Device for Custom Firmware". Run the Process and if you see a snow flake, you can proceed!

II : Now open iTunes and restore to the custom ipsw.

***WHEN DONE, YOUR DEVICE WILL HAVE A BLACK SCREEN AND NOT BOOT! ITS IN A DFU LOOP [THIS IS NORMAL!]***
-------
STEP G : Booting

I : Just Re-Run iBooty and select "Boot It". If all goes well it will boot!
-------
Enjoy!
-------
Hopefully I can get a tool out there that will make all of this much easier. Of course, that only happens when I get bored from ppl msging me on Twitter =p
============
CREDITS:
============
* iPhone Dev-Team (Borrowed the iBoot payload from them =])
* msft.Guy (Helping out here and there.)
* AKi_nG (For being the first to test this)
* difrnt (For iBSS Grabber)
* posixninja (For his continuous help!!!)


original source
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)