Alright guys, this is a tutorial for all of you guys with a useless iPhone right now to gain all access to all the features of your phone. Hopefully I don't get flamed for posting another tutorial of the same thing but when I was doing this, I found the other tutorials to be fairly useless in the small details, and I could NOT get a straight answer from anyone on the forums, so here is my tutorial with every detail.
Just so you know I am not full of it, here is a picture of my iPhone in it's current condition:

As you can see, it is a week 47 phone with 3.9 bootloader version.

Okay, so to get started.

What you will need:
1. iBrickr http://cre.ations.net/creation/ibrickr
2. Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/
3. Firmware versions 1.1.2 and 1.1.1 (1.1.1 - http://appldnld.apple.com.edgesuite....a_Restore.ipsw)
(1.1.2 - http://appldnld.apple.com.edgesuite....b_Restore.ipsw)
4. Small tools
5. Magnifying Glass
6. About 5-7 hours of time
7. 2 needles hooked together with some wire

I'm going to assume you are using Windows, simply because I don't know wtf to say if you are using Mac. The overlay of this tutorial is going to be: Downgrade to 1.1.1 -> erase old bootloader via testpoint -> get pissed off -> write new bootloader -> downgrade/upgrade and unlock using old methods

Disclaimer: This is not an easy task, you are going to lose ALL data and I am not responsible for any damage to your iPhone.

Here we go.

Step 1: Getting your phone ready:
Okay, so you are going to have to downgrade your phone to firmware 1.1.1 (some people say 1.0.2 but I did it in 1.1.1 and it was fine) To do this, you hold your power and home buttons for about 30 seconds until you see the picture of "plug into iTunes" on your phone, then you go to iTunes (version 7.6 is okay), which will detect a phone in "restore mode". Now this is important, you have to HOLD SHIFT and press restore at the same time, a window should pop up asking you to locate the file you want. this is where you select the 1.1.1 firmware you just downloaded. It will take about 5 minutes to do this, and it will give an error in the end. This is fine. Now your phone is still in restore mode, so you have to run iBrickr, it will recognize your phone and you click on "boot my phone in normal mode" and it will kick your phone out of restore mode.

Alright, now you again have an unjailbroken, unactivated, and unlocked iPhone. You need to jailbreak it now. For the sake of time, this step is quite easy and I can explain it later if need be but for now, follow this tutorial to do that: http://iphone.unlock.no/#Bypass-Acti...-and-Jailbreak

Now, you should have an activated and jailbroken 1.1.1 iPhone. Good. Go to installer -> sources, type http://i.unlock.no, let it refresh and stuff. Now go to the install tab again and install the following programs:
1. BSD Subsystem
2. Term-vt100 <- VERY IMPORTANT
3. Bootloader downgrade
(Small edit here, seems that the nor files have been updated, bootloader should have all the proper files!)

Now, people are saying they use PuTTy over wifi to run commands on their phone, but I lost wifi during the installation and had to do it all through the terminal in my phone (so if you didn't follow my earlier warning and don't have it, you could be fucked if you lose wifi)
I am going to use the terminal on the phone in this tutorial.

Step 2: Opening your phone
Alright guys, here is the cry-because-a 1 mm-thick- piece-of-plastic-defeated-me part. Turn your phone off now.
I used this video to open my phone, it helped me a lot.
[youtube]XlkKQoUlOQg[/youtube]
Now, what I found most confusing during the opening of my phone was how much force I had to use. They never portrayed that in any of the tutorials. But, you are going to have to put in quite a lot of effort to open this bitch up. Like...push like a motherfucker effort. So don't be too worried, but don't cross the line.
After you have removed the metal casing in the back, you're still not done, there is another metal piece right above the battery covering all the chips that you need to remove. It is on there with glue so you have to use a bit of force to get it out (a BIT).

This part was the part that surprised me the most. How freaking small these two parts actually are. It is unbelievable and really really hard to do without a magnifying glass. Here is a picture: (courtesy of iphone.unlock.no)

You don't need to connect these just yet, so just go ahead and power your phone on.
I wish I had a picture to show you of what I used to connect the testpoint. It was 2 needles, connected together by solder (not melted, I just wrapped the wire around the needles) and taped at the end so I had something to hold on to. Pretty much anything sharp will work here.

Step 3 - Erasing old bootloader and writing new one
After your phone has powered on, open up terminal and type the following: (This is going to erase your bootloader, if you restart after this step you WILL lose wifi and get a LOT of errors, but it is fixable, and quite easily at that. In fact I restarted my phone after this step.)
cd/usr/bin
launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
ienew

My phone hung here, thus I had to restart. Your phone may LOOK like it has hung, but it actually may not have. Give it about 10 minutes before restarting. If you restart, you will get errors saying you can't make calls and such. Don't worry, we will fix those.
Now here is the hard part. You have to connect the test point AND run a command at the same time. Since all of your hands are doing something, you are going to delay the command by typing the following:
sleep xx; iunew where xx is however many seconds you want. I found 15 was okay.
Now, to connect the test points, you will need to scratch a bit of the top layer of the wire off. Now, do this GENTLY, as if you do it too hard and disconnect the wire you have a newly created iBrick. Scratch GENTLY until you see some gold. That's the wire. This step was the most discouraging for me. It took me nearly 50 tries to get the test point hooked up while that command was running. so don't give up, take a deep breath and try again.

Here is a picture of my "apparatus" to connect the testpoint, more ghetto than most, but it worked!


Since your phone is going to be face down on a table, I found that counting (one one thousand...) worked. You only have to hold the two points together for about 5 seconds after the command runs, so if you set it to 15, hold em for 20! If you get a message that says "Testpoint works", good job. If you get "Please connect the testpoint" have another go. Like I said, this took me about 50 tries. (without a magnifying glass though)
There! You did the hard part! Some data should scroll on the screen and it should say "enjoy your unlocked phone" at the end. You have done ALL the hard parts!

Step 4 - Finishing up
Now, to restore some firmware onto your phone.
Put your phone into "restore mode" again by holding the power and home buttons for 30 seconds. Go to iTunes hold shift, restore, and chose 1.1.2 (Make SURE you restore to 1.1.2 FIRST! I guess I didn't stress this enough!). Let it restore to that. Get your phone out of restore mode with iBrickr. Put it in restore more again, go to iTunes, shift restore, pick 1.1.1.
Alright, now you have a 1.1.1 unlocked, unactivated, unjailbroken phone WITH BOOTLOADER 3.9.
You can now use ANY old method to activate/jailbreak/unlock and then update your phone to 1.1.2. These steps are trivial and involve a lot of waiting.

ENJOY.

And how exactly do you use putty after you 'restart' and loose wifi???

You don't. You use terminal.
Also, loose is what porn stars are. Lose is what you just did when you attempted to spell.



haha JK!

lol okay so im gonna follow this tutorial.. i shall PM when i get stuck.

Good luck!
Update: (Small edit here, seems that the nor files have been updated, bootloader should have all the proper files!)

I want to see a picture of your 2 needles and wire.. =/

That's all I honestly care to see. I want to know how others are doing this.

Right now I took an idea I read yesterday.. 2 needles through bottle caps.

All I'm unsure about is the wire..

Hm, i'm so confused whether to attempt this or not. It seems so easy. I don't get why so many ppl fuck up. They get a lot of different errors. iunew not running ienew not running etc. I just don't get it if it's got anything to do with luck or not. Hmhm...

Where did you get those opening tools they use in the video?

instead of bottle caps i used tape. I found it to be less intrusive.
PS. it is NOT easy.

I got them in a battery replacement kit for replacing the battery of my old iPod.