iPhone 3GS (new boot) Jailbreak + Unlock process

Hi,

Here I'll be describing my 'adventure' to successfully unlock iPhone 3GS (new bootloader) without SHSH blobs.


If you check my previous Blog entry you'll see how hard it was for me to downgrade. Well, unlocking wasn't easier!

The key points to unlock this phone are:

• Upgrade to iPad baseband (if you have an incompatible baseband)
• Restore to stock iOS 4.1, then to custom iOS 4.1
• If need install iPad baseband again!

Upgrading to iPad baseband was pretty easy at first but there are a few thing you should have into consideration BEFORE doing this:

1. Upgrading doesn't allow you to restore your previous baseband (so far there is no such tool but there might be in the future)
2. Using iPad baseband might make your GPS useless. (not sure if this was ever fixed or if it will be)
3. Installing a stock IPSW after this might render you iPad baseband useless, if so reinstall iPad baseband.

Ugrading to iPad baseband can be done using either redsn0w or sn0wbreeze. 

What I did was what is think is the safest:

1. Restore to stock iOS 4.1 (not 4.3.3) - see my previous post
2. Saved my SHSH blobs using TinyUmbrella
3. Enter normal DFU mode and restore to costume iOS 4.1 (not 4.3.3)
4. After all is done upgrade to iPad baseband (using latest Redsn0w)
5. Use ultrasn0w (current version 1.2.4) to unlock you device, from cydia.

Comment if you have any questions! ;)

iPod / iPhone Downgrade WITHOUT NO SHSH blobs! (any OS version up tp 4.3.5)

The technique might seem simple to most but I assure you this is easy to mess up!

You'll need:
iREB
fixrecovery421
TinyUmbrella
iTunes

(you may use others tools at your own risk)

[useful link: Download Restore Files (Mirror)]

Steps:

1. Enter DFU
2. Use iREB (enters Back screen Pwnd DFU)
3. Use fixrecovery421
4. Run TinyUmbrella and run Tss Server.
5. Restore with any ipsw using iTunes.

HOW-TOs (each step corresponds to the ones before)

1.
a) search the web
b) use a trustworthy resource:
c) use my technique(s):  (PB: power button, HB home button)

• [DO IT SLOWLY NO RUSH] With iDevice off and plugged in (absolutely off!), press PB until it turns on (1-3 secs) and hold, then also press and hold HB until it goes from apple logo to black screen (usually ~10 secs), then release the PB (you should now only hold HB) until it enters DFU (usually 15-30 secs, screen can remain black or turn white, windows indicates a new hardware connected/just makes a sound if it is already installed)
• With iDevice on any DFU or Recovery Mode press and hold both HB and PB and when it turns off  release at once both and press and hold only PB and proceed as above.

2. Open iREB choose you iDevice and follow on screen instructions (includes entering DFU mode).

3.Must have zlib1.dll to run fixrecovery421. Run it and you should see some code running on your computer and after (and during) some running on your iDevice.

4. If in Win 7 and/or x64 you can't see TinyUmbrella and only see a black bar onscreen then switch to widows basic theme or to windows 7 Aero wich ever you and NOT in at the moment (it's switching the AERO that triggers it). Then wait and it will show. Then click Start Tss.

NOTE: before starting the server no processes must be using port 80 or else Tss Server simply WON'T run.

5.I've faced many errors here but i've found a weird error 2005 that wasn't documented anywhere on the web in this situation which is: iDevice in Black DFU mode (PWND or not) and couln't get it in any other mode, then to get it to what should be white DFU mode (not sure if it is but screen is white) I did:

• Run fixrecovery421 and PAY ATTENTION to the window that is running.
• When it says "waiting 10 secs for device to pop up" wait until your device's screen is white and CLOSE the window (alt+F4 or Ctrl+C).
• Proceed to restoring.

NOTE: couldn't restore 4.3.3 for some reason but did it for 4.1. In a different device 4.3.3 was sucessful both custom and stock iOS 4.3.3

Good luck!


Wan't Jailbreak?
Consult http://blog.iphone-dev.org/ aka DEV-TEAM

try:
Redsn0w
Sn0wnbreeze
JailbreakMe 3.0