[Tutorial] Jailbreaking iOS 4.1 using limera1n
This guide is primarily made for users running the iPhone 4 on iOS 4.x with access to a computer running Windows. The process itself is pretty straight forward, and shouldn't take any longer than 20 minutes. If you see any errors in this guide, or would you've encountered an error and found a fix for it, please do not hesitate to contact me on IRC (details below), and I'll credit your finding. Here goes:
Step 1 - Preserving your baseband (only works on iPhone 4)
- If you do not need to preserve your baseband, then skip this step completely. At the time of this guide, I'm running iOS 4.0.1 on an iphone 4, and want to preserve my baseband, as upgrading to iOS 4.1 will normally upgrade the baseband to an unexploitable version. For the iPhone 4 only, it is possible to remedy this;
- Ensure that you have your SHSH blob saved by Cydia or TinyUmbrella. For the purpose of this guide, I will assume that cydia has your SHSH blobs.
- Download and run the most recent version of TinyUmbrella from The Firmware Umbrella - it will ask for permission to run.
- Click Start TSS Server
- Click Stop TSS Server
- Close TinyUmbrella
- Goto C:\Windows\system32\drivers\etc & locate your hosts file.
- Open the hosts file with Wordpad, and check that the following line was added by TinyUmbrella:
- Note that this line must not have a # symbol at the beginning of the line. If the line is missing or has the # symbol, repeat the tiny umbrella steps above. (or add the line manually - editing this file requires administrative rights - be sure to launch wordpad as administrator)
Step 2 - Restoring to iOS 4.1
- Ensure your iPhone is plugged into your computer, and you are running iTunes 10.
- Start up iTunes.
- Navigate to the iPhone page, and press the Restore button, and follow the prompts to restore your iPhone to iOS 4.1
- iTunes will now begin to download the iOS 4.1 restore file, which weighs at approx. 590MB, so this may take a while depending on your connection.
- Once that has finished, with any luck iTunes will begin to restore your iPhone to iOS 4.1. Relax, and let it do its magic.
- Your iPhone will restart as soon as the restore has been completed, and two things will happen:
- If you had followed step 1 and preserved your baseband, iTunes will give you an error (error 1004 normally). Dont panic! This error is good. It means that iTunes did not update the baseband, which is exactly what we want. Now download TinyUmbrella if you havent already, and run it. Now at this point, select the 'Kick device out of recovery' button, and it should kick the iPhone out of DFU mode, and back to its homescreen.
- If you skipped step 1 (i.e. you did not preserve your baseband), then you will be greeted with the activation screen.
- Since limera1n will activate your iPhone for you, you do not need to use iTunes to activate it, and thus wont require the use of an official sim card in order to so.
- iTunes may (also) at this point, ask you if you would like to restore your iPhone to an earlier backup (if you had done one), you can do this now, or do it later. I would suggest later, as you can sync any apps after you have jailbroken & installed cydia, to minimize any issues popping up.
Step 3 - Jailbreaking
- Open up your browser, and navigate to limera1n to download limera1n. The program weighs in at only 320kb, so no problems there.
- Run limera1n.exe once you've downloaded it.
- Once limera1n has launched, you'll be greeted with a fairly large button with 'make it ra1n' written in the middle. Press the button.
- Limera1n will now kick your iPhone into restore mode, and will then prompt you to hold both the power & home buttons.
- After a while, it will then prompt you to let go of ONLY the power button, do so when instructed.
- Finally, it should upload the payload, and then will inform you that the jailbreak process is complete, and to start up the iPhone when it has shut down.
Step 4 - Installing Cydia
- Once you have started up your iPhone after the previous step, you will be greeted with the usual lock screen. Get to your home screen, then navigate to the next 'page' till you see a white icon named limera1n.
- Run the app, and you will be greeted with the option to install Cydia. Do so.
- Once limera1n downloads, unpacks & installs cydia, it will respring. (Restart springboard).
- Cydia should appear. Hurrah! You should now restore from an old backup on iTunes, and also start Cydia and get it to update its lists, and start downloading all the apps that you require.
Step 5 - Unlocking the iPhone
This step is only applicable if you followed step 1 earlier and preserved your baseband. Check the F.A.Q below for all supported basebands; otherwise continue on.
- Start up Cydia, then goto the search page and type in ultrasn0w.
- Select the ultrasn0w package from the search results, and choose Install.
- Cydia will then prompt you to restart Springboard, do so.
- With any luck, your iPhone is now unlocked.
- Q) When I'm restoring my iPhone to 4.1, as soon as it gets to around 60% on the progress bar, it just stays there and doesnt do anything.
- A) Make sure that you do not have Wifi-Sync installed on your computer. If you do, remove it. Dont just disable or close the program, actually remove it completely, as it patches iTunes.
- Q) I keep getting error 1034 when trying to restore to 4.1
- A) Ensure that you have Saurik's server in your hosts file, and that Cydia actually has a copy of your SHSH blob. The easiest way to check this would be to run Cydia whilst you're still on 4.0 / 4.0.1 and look at the top. It will tell you what SHSH's are saved. Also, make sure your hosts file is set to read-only to prevent iTunes from actively editing the hosts file.
- Q) Whilst I was restoring to iOS 4.1, iTunes gave me an error 1004.
- A) Thats a good thing! It means that iTunes did not upgrade your baseband, and you can preserve your unlock. Follow the steps above to kick your iPhone out of DFU using TinyUmbrella.
- Q) I've installed ultrasn0w, but my iPhone 3G / 3GS / 4 is not unlocked!
- A) Ensure that you are running a compatible baseband.
- iPhone 3G(S): 04.26.08, 05.11.07, 05.12.01 and 05.13.014
- iPhone 4: 01.59.00
- Q) DiskAid / iPhonebrowser no longer work after the jailbreak.
- A) The latest limera1n beta adds the AFC2 modification, however if you dont want to go through the jailbreak process again, you can simply add the AFC2 service. Load up cydia, and search for afc2add. Install & restart.
- Q) When I run limera1n, it stays on 'waiting for device'
- A) Make sure you are running the latest version of iTunes, as its required for limera1n to function correctly.
- Q) My iPhone seems to be eating up its battery, barely lasts 8hrs a day! Whats going on?
- A) Whilst some folk may dispute this, I'm pretty sure its down to a bug present in the older beta's of limera1n & greenpois0n. My iPhone was barely hitting the 8hr mark before requiring a charge, and to remedy this, I downloaded the latest version of greenpois0n, and jailbroke a freshly restored 4.1 iPhone. (I didnt restore my backups until I let it run for a day to make sure that the battery 'bug' was gone, and it was) As usual, YMMV.
Credits: (No particular order)
Geohot - For all your hard work into limera1n, and previous jailbreaks.
Comex - Untethered solution for limera1n.
bubba - Helping me out in a tight pickle ;)
John - Answering the barage of questions that I had.
ZOOL - For being my abusive surrogate-father figure.
apocolipse - For providing me with my 72 virgins.
Saurik - Cydia & your ingenious SHSH server.
Sean - For going through the restore process with me a gazillion times.
toxicpopcorn - For identifying the wifi-sync issue.
olethros - Proof-reading the guide for me before approval.
Gregory - Proof-reading & suggesting further workarounds.
If you see any errors in the guide, have any questions, have encountered an error and have found a fix for it and would like to see it added to this guide, believe that you need to be credited for helping me out etc.. then head on down to the #iOS IRC channel:
You will need to register for your nickname on IRC, by sending a message to nickserv. (Type: /msg nickserv register password email) Obviously replace 'password' with your preferred password and 'email' with your email address. This is in order to join the #iOS channel, as you wont gain access with an unregistered nickname.