Jailbreak iPhone 3GS 4.0.1 with PwnageTool [Unofficial] - iPhoneHeat

Jailbreak iPhone 3GS 4.0.1 with PwnageTool [Unofficial]

In this guide you’ll learn how to jailbreak iPhone 3GS iOS 4.0.1 firmware with PwnageTool (Unofficial). Using this guide you can jailbreak iPhone 3GS (old bootRom) and must already be jailbroken. Read the IMPORTANT part below and continue jailbreaking iPhone 3GS 4.0.1.

*** Comex Jailbreak is out now. Check the Update at the bottom. ***
jailbreak ios 4.0.1

The steps mentioned below are NOT recommended for newbies. If you’re not confident then better wait for the Comex’s Spirit jailbreak which is expected in a few days.


  • PwnageTool bundles used in this guide are unofficial (NOT from iPhone Dev-Team)
  • iPhone 3GS OLD Bootrom only.
  • iPhone 3GS MUST already be jailbroken.
  • This also hacktivated iPhone 3GS
  • Your baseband will be preserved!
  • After jailbreak, you can unlock iPhone 3GS with UltraSn0w 0.93.
  • Mac OS X only.

If you fulfill the above requirements then you can follow the step-by-step instructions below to create custom firmware 4.0.1 and then jailbreak iPhone 3GS iOS 4.

Disclaimer: This guide for educational purposes only. So, try it at your own risk. We can NOT be held responsible if anything goes wrong.

Jailbreak iPhone 3GS 4.0.1 (OLD BOOTROM)

Required Stuff

Download all the stuff linked above, create a folder “JB” on your desktop and put all the files into JB folder after extracting. Folder should look like this:

jailbreak iphone 3gs 4.0.1


Open the Terminal.app in your Mac and execute the following commands:

  • cd /Users/USERNAME/Desktop/JB
  • ls -al
  • mv iPhone2,1_4.0.1_8A306.bundle PwnageTool.app/Contents/Resources/FirmwareBundles/
  • exit

See the screenshot below:

You’ve added the custom bundle to PwnageTool.app


Now create a custom firmware 4.0.1 using the PwnageTool.app in the JB folder. Follow the step by step instruction in the guide linked below to create custom iOS 4.0.1 firmware. Make sure you select iOS 4.0.1 when PwnageTool asks for it. Then restore via iTunes.

How to: Create Custom Firmware with PwnageTool

via [Veeence][techblog.tgil]

Unlock iPhone 3GS iOS 4.0.1

After jailbreak, you can unlock iPhone 3GS with UltraSn0w. steps are exactly similar to that in the guide linked below:

How to: Unlock iPhone 3GS

Update 1

You can follow us on Twitter, Join us at Facebook, and also Subscribed to RSS Feed to receive latest updates.

53 comments… add one
envmyz July 24, 2010, 6:57 pm

I’m assuming “iPhone 3GS MUST already be jailbroken” but not by spirit?

acurawin July 24, 2010, 11:57 pm

Can someone make a custom ipsw file and upload it for us who don’t have a mac.

IronCross1788 July 26, 2010, 1:00 am

I made one last night. How would I be able to upload it to the community

Bannana Joe July 25, 2010, 1:27 am

Too bad is not for the Brand new iPhone 4 or iPhone 3GS. We will still waiting for the official releas.

Hope this will happen soon.

waseem4u July 25, 2010, 3:03 am

I m having the same problem that occurred during creation of custom ipsw. Cydia is not working. Everything goes right. restored the custom firmware but Cydia is not working. It crashes as soon as I tap the cydia icon. Therefore i cannot unlock my 3Gs.
its old bootrom, 4.24.08 FW.
PREVIOUISLY jailbroken with custom made ipsw 3.1.3and unlock with ultrasnow.
Please help

short_ray1 July 27, 2010, 4:08 am

I’m in the same boat. I finished jailbreaking and tried to open Cydia on my 3gs and nothing: it crashed as soon as I tried to start it. Can anyone please assist.

waseem4u August 12, 2010, 1:54 pm

I’ve tried the simple mode and it worked. Cydia is working. Now I can jailbreak and unlock my 3GS.

Jax July 25, 2010, 3:15 am

Yeah right, old bootroom and ALREADY JAILBROKEN? how is that if there is no JB for 3GS yet…. This is soooooo fake

Ryanu July 25, 2010, 5:44 am

I think you need to search and read properly before u even post something..3Gs on firmware 3.1.2 and 3.1.3 can be jailbroken using spirit. If u r on ios4 with new bootrom and have ur shsh blobs saved on saurik’s server u can jb ios4 using sn0wbreeze.. Whereas 3gs with old bootrom and jailbroken with spirit can also be jb ios4 using spirit2pwn which can be installed via cydia…hope it helps

jax July 25, 2010, 9:46 am

I meant this doesnt work on ALL iphones 3GS, most of the 3GS users with firm 4.0 and old bootroom DONT HAVE THE SHSH Blobs SAVED, and because of this THERE IS NO JB for 3GS…

the few 3GS with SHSH saved on 4.0 can be jailbroken, but its only a few people.

“can also be jb ios4 using spirit2pwn which can be installed via cydia…”

WTF?… to have cydia you NEED to JAILBREAK THE IPHONE… and the whole point of this is that THERE IS NO JAILBREAK FOR:

– 3GS
– FIRM 4.0

My iphone was JB on the firm 3.1.2 but NO SHSH Saved and updated via Itunes.


Kaizoku July 25, 2010, 7:12 pm

There is jb for 3GS.. it’s called blackra1n, look it up. I got 3GS, and my iOS 4 is jailed broken and unlocked.

Jax July 26, 2010, 3:32 am

LOL * 10000!!! Nice joke, first read my posts and then answer it… Blackra1n doesnt work on the iPhone i described on my previous post

Taleb July 26, 2010, 11:49 pm

hi there i’ve posted a comment below explaining everyting
about 3gs so be my guest. I hope it helps. take care

Erikve88 July 25, 2010, 4:17 am

Please can some make me a custom ipsw for me I don’t have a Mac only windows

Kaizoku July 25, 2010, 7:14 pm

I had the same problem as you, had to hack the virtualbox to get snow leopard working on it, then it worked awesome. I followed this guide. http://www.sysprobs.com/mac-os-guest-virtualbox-326-snow-leopard-1064-windows-7-32-bit

IronCross1788 July 26, 2010, 1:01 am

I have a custom 4.0.1 Pwned ISPW I made last night I am using personally. How would I be able to upload this for everyone

IronCross1788 July 26, 2010, 1:14 am

Would I have to upload the custom 4.0.1 to metafile or something like that?

Acurawin July 26, 2010, 5:12 am

Yes upload to metafile or sendspace and post the link. Thx

IronCross1788 July 26, 2010, 5:15 am

Its over 300 megabytes. Otherwise i would have to set up an account; not something im willing to do. I dont feel like paying to help. You know anywhere else I can upload this

Acurawin July 26, 2010, 5:29 am

Use winrar and split it into 2 files the upload both

IronCross1788 July 26, 2010, 5:32 am

I am uploading it to file dropper as we speak. Its halfway done. I will post a link when its done with a full description

Acurawin July 26, 2010, 6:10 am

Thanks I really appriciate it

IronCross1788 July 29, 2010, 10:30 am

did it work for you?

Tomo July 26, 2010, 5:03 am

iBooks does not work properly with 4.0.1JB made by the methods here. Is it reproduced by anyone? Or is there any workaround?

IronCross1788 July 26, 2010, 5:49 am

iPhone Custom 4.0.1 Pwnage Tool. Updated Cydia bits, so everything works. I hope everybody enjoys this.


Uploaded by Ahmed AlRwazek

IronCross1788 July 26, 2010, 5:53 am

I forgot to add this part.
iPhone 4.0.1 Custom ISPW

vesh July 26, 2010, 7:34 am

can you tell me why i still cannot unlock and jailbreak my iphone 3gs 3.1.3 baseband 05.12.01. my iphone shows a usb connected to itunes and there is a lock sign above my iphone. it happened when i update the new version 3.1.3 from itunes.

R.S.Aggarwal July 26, 2010, 10:39 am

My iphone 3gs new bootroom with firmware 3.1.3(7E18)modem firmware 05.13.03.I jailbreak this by spirit..Now i am unable to unlock this using ultrssnow 0.93.. plz help me in unlocking my iphone …..

Taleb July 26, 2010, 4:48 pm

Jailbreak and Unlock iPhone 3GS (New or Old bootrom)….

If you have iPhone 3GS 4.0, 3.1.3 or 3.1.2 (It doesn’t matter new or old bootrom) and if you trying to jailbreak and unlock it, here is the easiest way to jailbreak and unlock it. If you don’t have your SHSH saved, no problem we will save the SHSH first then jailbreak and unlock it!

What you need to use this method

1. iPhone 3GS (New or Old bootrom) with any firmware.

2. Have access to a SIM card that will allow your iPhone 3GS to activate through iTunes.

Software You Need:
1. iTunes 9.2
2. TinyUmbrella-4.01.01
3. Sprit (Old version)

Step 1: Modifying the Host file

1. Open Notepad with administrator privileges and then right click on the icon of notepad and click on “Open as administrator”
2. Navigate to C:\Windows\System32\drivers\etc\ and locate “hosts” file.
3. Add the following line at the end of the document and save it: gs.apple.com
If u need to know more detailed instruction about modifying host file, just google it.

Step 2: Download all software you need.

Step 3: Save SHSH file using TinyUmbrella 4.01.01

Connect your iPhone 3GS to your computer and activate it using iTunes (If your iPhone 3GS is currently on recovery mode, don’t worry. You can come out from recovery mode using umbrella-4.01.01).

1. Open the TinyUmbrella 4.01.01

2. Click the “Save my SHSH” button. It will save the current SHSH file on iPhone 3GS.

3. Now click on “Advanced options”. You will get some more options.

4. Click on “Device/Version” drop down menu. You will get all iPhone 3GS, iPad and iPod firmware version.

5. Click on “iPhone 3GS 3.1.3” version.

6. Click “Reset” button on right side of the window.

7. Click the option “Save my SHSH” button again.

8. Click the “Display SHSHs” button. You will see the saved SHSH files.

Now close the TinyUmbrella window.

Step 4: Jailbreak using Spirit

1. Now we are going to jailbreak the iPhone 3GS using Spirit.
2. Open the Spirit.
3. Click “Jailbreak” button after a second you will see “Jailbreak is successful”.

Step 5: Unlock using ultrasn0W on Cydia
Now we are going to unlock the iPhone 3GS using Cydia.

1. On your iPhone 3GS, open Cydia.

2. Go to “Manage” option.

3. Tap on “Sources” option.

4. Press “Edit” button on right top of the screen.

5. Press “Add” button on left top of the screen. It will ask to enter the source. Write this line: repo666.ultrasn0w.com and

6. Press “Add Source” button. It will download the link.

7. Now press “Done” button.

8. Tap on repo666.ultrasn0w.com link and install it.

9. Press “Reboot the device” button. It will restart the iPhone 3GS.

Unlock done!

Mach July 27, 2010, 4:57 am

SIR YOU ARE A RETARD and you confirmed that by posting this in your last post (5. Click on “iPhone 3GS 3.1.3” version.)

For Gods sake READ JAX comment properly then talk!!!!

THERE ARE NO JAILBREAK FOR IOS.4.0!!!!!!!!!!!!!!!!!!!!!!!!

STOP Posting crap and understand what others is saying first..

Taleb July 29, 2010, 1:48 pm

1 stay out of this
2 don’t use the same words that your mother used about u to call other people

jax July 27, 2010, 7:23 am

You are the biggest clown ever!!! all your post is bullcrap

“If you have iPhone 3GS 4.0, 3.1.3 or 3.1.2″…


“If you don’t have your SHSH saved, no problem we will save the SHSH first then jailbreak and unlock it!”

“2. Open the Spirit.
3. Click “Jailbreak” button after a second you will see “Jailbreak is successful”.”



Dont come here confusing people when you dont have any idea of what you are talking about.


I hate when people comes thinking they know when they dont.

Still waiting the new SPIIT2!!!

Taleb July 27, 2010, 1:05 pm

hi there
first of all you don’t need to be so rude to people who are
trying to help
secondlly, to clarify the misunderstanding, i need to repeat that what i explained above is for downgrading from
4.0 to 3.1.3 and then jailbreaking
thirdlly, it worked for me, and i’m sure if you do everything like i explained you’ll find out that i was completely right and then you will need to appologize
fourth, when i said ”we” it means ‘you and I’…i guess you need to take up some english courses
finally i urge those who used my guide to downgrade and then jailbeak and unlock to write and tell me about thier experince
i will be around to answer any questions
by the way this is my e-mail, just in case, talebali_sedaghat@yahoo.com

sean July 30, 2010, 7:15 am

agree with JAX, it doesnt work and i tried all the steps one by one and i receive errors 3194 or 16xx errors, confirmed by several people, (including myself)that this method doesnt work, you cant downgrade firmware without shsh blobs saved previously for that version.

i dont mean to be mean as others but dude, your whole post is crap if you have the iphone that JAX described (3GS, Firmware 4.0, no shsh blobs saved, etc )

but nice try dude.

Taleb July 27, 2010, 1:22 pm

further to my post above
if you have 3gs on 4.0 you need to downgrade
after modifying the host file now you are ready to downgrade
connect your iphone to the pc and then hold the shift button and click restore and choose the orginal 3.1.3 firmware (that you have downloaded and saved earlier)when the window open that’s it, apple will verify your restore
at the end you will get an iTunes error 1015, that’s a good signal.
after doing all those steps you will see USB cable on your iPhone screen then close the iTunes and open tinyUmberella
on click “kick my iPhone out of recovery”
and then run spirit and jailbreak is done
good luck

Jax July 28, 2010, 6:27 am

Thanks for Your intention to help but is still a lie and let me tell you why, its because you cant downgrade 3GS on 4.0, not because an 1015 iTunes error, its always a 16XX error so downgrade never gets completed.

No matter what, it cant be done untill SPIRIT2 comes out

Taleb July 28, 2010, 3:08 pm

well.. you suit yourself
but for those who tried or have the intention of trying i repeat it’s for real
it worked for me and there is no doubt it can work for you.
and you JAX guy .. you’d better watch your mouth..and for your records I NEVER LIE
take good care everyone
by the way this is my e-mail, for more help: talebali_sedaghat@yahoo.com

jax July 29, 2010, 7:09 am

Taleb, come on man… enough lies for the month.

To make it clear, THERE IS NO WAY TO JAILBREAK IPHONE 3GS on FIRM 4.0, with NO SHSH Blobs saved, so make all fake tutorials but IT WONT WORK.

If it “worked for you” then you are COMEX, MUSCLENERD or other guy that works on the SPIRIT, or all the other soft to JB the iphones, otherwise you are just like any other of us, STILL WAITING FOR THE SPIRIT 2

…”and for your records I NEVER LIE”…

Well, i guess that if you mean you never lie, you dont mean when you write posts here… because CLEARLY you ARE LYING when you said “IT WORKED FOR ME”

So… we just need to wait for the REAL solution.

Taleb July 29, 2010, 1:47 pm

have u tried what i wrote above?
you are just guessing?

Kaizoku July 29, 2010, 9:36 pm

Err.. I downgraded from iOS4 to 3.1.2 before, just go in Recovery mode, not DFU mode.

Taleb July 29, 2010, 10:50 pm

You can kick it out of recovery by tinyUmberrella

Kaizoku July 29, 2010, 11:16 pm

WTF you talking about? Learn more english please.

I was saying you go into Recovery Mode to Downgrade…
[Comment Edited]

Kaizoku July 30, 2010, 6:43 am

I was saying you go into Recovery Mode to Downgrade to DFU..

Muhammad August 1, 2010, 12:25 am

every thing is fake. i did 10 times as per the guide. have 3gs old bootrom os 4.0.1 officially unlocked. never JB with spirit.

all requirements ok, but error in restore 16XX.

did every thing. surf the web and different methods, i used. but no luck.

now i realize this JB is not possible. and every thing these idiots are writing is just to confused others. i m not new or its not my first time to doing jail break. im fighting since 20 days and every day in the end i restore with original IPSW and restore my contacts and music and tomorrow morning go to office. after office. come back and again start searching on JB.

stupids, basterds. idiots. none sense.

all users suffering like me. plz dont waster your time. perhaps you can read a good book or spent time with family.

thanks and good luck to all.

except these idiots who said this method is working.

Leave a Comment