4.0.1 JB for 3GS with old bootroms
24. Jul, 2010 
25 Comments
Note: This JB bundle works with the current version of Ultrasn0w and supports hacktivation.
Please be aware of the the following requirements:
- iPhone 3GS (with older bootroom, aka can be jb without tethering)
- iTunes 9.2.1
- iPhone is currently jailbroken (pwned, not spirited)
If you meet these requirements than you may proceed at your own risk. I will not be liable for any headaches, lost of productivity, lost messages, etc. Be aware as always, you many not be getting what you think if you are not grabbing the files directly from Apple. Ok so lets get started!
Pick a new clean place to work, i recommend making a folder called jb. Extract all of the files and place them in this directory. You should have the following files:
- Pwnagetool.app
- iPhone2,1_4.0.1_8A306.bundle
Open a terminal window and change into the jb directory:
kaatje:jb kaatje$ ls -al total 0 drwxr-xr-x@ 5 kaatje staff 170 11 jun 05:48 . drwxr-xr-x 9 kaatje staff 306 11 jun 05:40 .. drwxr-xr-x 3 kaatje staff 102 7 feb 13:20 PwnageTool.app drwxr-xr-x 13 kaatje staff 442 10 jun 15:49 iPhone2,1_4.0.1_8A306.bundle kaatje:jb kaatje$ mv iPhone2,1_4.0.1_8A306.bundle PwnageTool.app/Contents/Resources/FirmwareBundles/ kaatje:jb kaatje$ exit
Once you have completed these few steps, you may proceed to build your custom ipsw. Launch Pwnagetool, when it fails to find your firmware, select the location to it, possibly in your Downloads folder. After a couple of minutes of working, it will prompt you for your password, so enter it and then let it proceed. Once it is complete, and your custom ipsw has been built, it is time to go into iTunes. I *HIGHLY* recommend that you sync before going any further. Backup your contacts, calendars, music, photos, etc as these will all be wiped away.
So, you synced everything and are ready to restore… Select your iPhone, Hold the Option key and click on Restore. A dialog box will open and allow you to choose your image to restore. Navigate to the ipsw that you just created. Click on OK and let it do it’s thing.
Congrats, your iPhone is now running iOS 4.0.1. Once you activate, you will see Cydia in your list of applications. Do not hesitate to do a complete update. If it hangs, sometimes it will, just power cycle your phone and try again.
To recap, this is for Mac users only! Your baseband will be preserved! You must be already jailbroken for this to work. This does not use any new magical exploits, just the famous 24kpwn exploit so older bootroms are required. I will not offer support on why application or tool xyz does not work. Use of this is at your own risk!
NOTE: If you Hacktivate, you will need to add cydia source http://www.cmdshft.ipwn.me/apt/ and install pushdoctor for youtube and push notifications to work. This is not needed if you activate with an official sim.
Related posts:
https://twitter.com/kaatje_tgil/status/21295986131So you have a serious illness? Then recovering is far more important than an iPhone firmware/jailbreak… Get well soon!
4.0.2 working?! https://twitter.com/kaatje_tgil/status/21138634515Cool!
Hope you will release this!
I’m encountering the 1604 error as well, trying to upgrade from jailbroken 4.0 software on an older 3GS to the 4.0.1 custom firmware.
Any chance of writing a new bundle for iOS 4.0.2?
Love your work!
Prefer it above the recent Comex jailbreak and really hope you will provide a new bundle once Apple releases the new firmware that fixes the exploits which JailBreakMe uses!
iOS 4.0.2 has been released!
I hope you will be able to release an update as well… (soon?)
Hey kaatje thanks a lot. It worked great but before i had to use spirit2pwn, just a tip. Recently I can’t enable tethering and ibooks sync doesn’t work. I know there is a fix on redsnow but can’t use it on 3gs. Have you done any improvements to fix this? Anyways, thanks! At least I have my 3gs on 4.0.1, unlocked no tethering.
I have an iPhone 3Gs Mc model but Old bootrom, will this work with it??
Thanks
I think it should work without a prob
Works GREAT Kaatje! Thanks a lot!
Can you explain a little more thoroughly on how you did it?
I agree with jay, especially the terminal window part. also the link to the cydia source is wrong.
any help would be greatly appreciated. thanx
OK actually figured out everything.
but still didnt work . error 1600 in DFU and error 1604 in restore.
im oldbootrom, MC model, was jailbroken on 3.1.2 before i stupidly updated to 4.0.1. IS there a reason why it still doesn’t work ?
To do this process you need to be jailbroken before restoring and you restore using Recovery Mode not DFU (DFU gets me 1600 errors).
But either way you’ll get 1600 errors cause you updated and it’s not jailbroken. But your SHSH was probably saved already since you jailbreaked on 3.1.2 so you can downgrade. Search up How to Downgrade SHSH on Google and theirs this little modification you have to do on the hosts file either on your Mac or Windows PC.
Then download the firmware file for your iPhone (Google iPhone firmware downloads) and download the appropriate file for your iPhone and any version you want.
This is a longer process then you think it is because of stupidly updating to 4.0.1
Do the modification on your hosts file so iTunes is tricked into thinking it’s contacting Apple’s servers but it’s really contacting Saurik’s. Saurik’s servers will let you downgrade as Apple has required a check before every restore to not allow downgrading. To use Saurik’s servers you need to have your SHSH saved which like I told you is probably already saved.
Get iOS 3.1.2 first as the only solution to getting iOS 4.0.1 and iOS 4.0 JB’ed is through custom firmware for the 3GS which means like I said you need to be pre-jailbroken for it to work. There isn’t realy any one-click solution for 3GS users on iOS 4.0 and iOS 4.0.1 yet.
Download the firmware and downgrade to it through DFU MODE (Shift + Click Restore and DFU MODE cause DFU MODE bypasses all checks and forces restore)
Then use either redsn0w or blackra1n to jailbreak 3.1.2.
Afterwards you are jailbroken right? Just do the custom firmware creation process again or if you already made it then just go into Recoery MODE (RECOVERY MODE always when RESTORING TO CUSTOM FIRMWARE) and Shift click Restore and restore to custom firmware
It’s really an easy process but the long parts is just the restoring part that’s al. It’s just around 15 mouse clicks overall (10 clicks for websites and 5 clicks for the whole restoring process)
NEed help?
justinxtreme@live.com
If you are not pwned, it will not work.
The cydia repo for pushdoctor is correct.
Thanks for the walkthrough guys, really appreciate it.
And you are correct about the restore so no jailbreak, thanks for clearing that up for me.
Gonna try the downgrade, ill let you know if it works.
thanx
Glad that it worked! I appreciate all tweets about this!
hello,
i did all your method the way you descibe how to use the tools am i suppose to put all this in the terminal
kaatje:jb kaatje$ ls -al
total 0
drwxr-xr-x@ 5 kaatje staff 170 11 jun 05:48 .
drwxr-xr-x 9 kaatje staff 306 11 jun 05:40 ..
drwxr-xr-x 3 kaatje staff 102 7 feb 13:20 PwnageTool.app
drwxr-xr-x 13 kaatje staff 442 10 jun 15:49 iPhone2,1_4.0.1_8A306.bundle
kaatje:jb kaatje$ mv iPhone2,1_4.0.1_8A306.bundle PwnageTool.app/Contents/Resources/FirmwareBundles/
kaatje:jb kaatje$ exit
if not can u email me the command lines pls thank you =O)
Michael
email me at adalitt@yahoo.com
I have a 3gs, old bootrom, never been jailbroken/unlocked, on ios4 & Modem 5.13.04, with no blobs saved on cydia/saurik, except 4.0. It is my understanding that, as of now, a jailbreak and unlock is not possible. Correct?
Any hope in the next few weeks? Specifically, the much-discussed release coming soon from dev-team, primarily comex?
Thank you.
You will need to wait for a jailbreak from comex which should be coming soon.
Got error 1604 while restoring to custom firmware made from PwnageTool 4.0.1. Was jailbroken but accidentally upgraded to 4.0.1 and lost jailbroken firmware. Couldn’t jailbreak again or downgrade.
That is expected if you are no longer pwned, You will need to wait for comex’s spirit which should be soon.
Nice one Kaatje, thanks!
Looking at the serialno it is from week 46 2009. So it is possible to have old bootrom for 3Gs from week 46.