Pwnage Guide For Windows and Mac.

Mac Users: Download Pwnagetool or QuickPwn and use it to unlock/jailbreak original iPhone latest firmware 2.1.

Jailbreak iPhone 3G up to latest firmware 2.1.

Windows Users: Download WinPwn and use it to unlock/jailbreak original iPhone up to firmware 2.0.2.

Download and use QuickPwn to jailbreak/unlock original iPhone up to 2.0.2 (unlock remains from 2.0.1)

Jailbreak iPhone 3G with QuickPwn (no unlock available yet!).


----------------------------------------
CONTENTS

Post 1: Mac - PwnageTool

Post 2: Windows - WinPwn

Post 3: Windows - QuickPwn

-----------------------------------------

Mac Guide below!


This is a very simple process. Below is a detailed guideline with FAQ and solutions to possible problems.

At the most basic level all you have to do to make this work is:

1. Make custom firmware.
2. Pwn your phone and Restore using custom firmware in iTunes.


YOU CAN DIRECTLY "PWN" YOUR PHONE AT 2.0 BY FOLLOWING THE INSTRUCTIONS.

YOU DO NOT NEED TO RESTORE TO 1.1.4! IT WORKS FROM 2.0!

-----------------------------------------------------------------------------------

PWNAGE 2.1 FAQ AND HOW TO GUIDE

Download From:

http://blog.iphone-dev.org/

There are 2 modes in the new version of pwnagetool.

These are:

Simple Mode - Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
custom firmware.

Expert Mode - Where you can adjust the settings on the various different additions to the custom firmware - if you click through and do not change anything in expert mode it will make the same
custom firmware as simple mode however doing this instead of simple mode can fix issues with
the simple firmware not working correctly. There is more on expert mode at the end of this guide.

Original iPhone: This can be unlocked and jailbreaked and activated.

iPod Touch: This can be jailbreaked.

iPhone 3G: At this time you can ONLY jailbreak and activate iPhone 3G.


Step By Step Guide to Simple Mode


Select your device type as below:



PwnageTool will AUTOMATICALLY search for the correct firmware for your device.

IMPORTANT: iPhone and iPhone 3G firmware is differently named.

original iPhone firmware for 2.0.2 is named iPhone1,1_2.1_5F136_Restore.ipsw

iPhone 3G firmware is named iPhone1,2_2.1_5F136_Restore.ipsw

You can make sure you have the correct firmware on your mac by connecting your iPhone/iPod to iTunes and clicking on restore then iTunes will download the correct firmware. Disconnect your device when downloading as you don't want to restore with standard firmware!



If you are going to unlock your original iPhone then you will need the bootloader files for 3.9 and 4.6 - the following steps let you select them.

PwnageTool will automatically detect the bootloader files for you if they are on your mac.

Bootloaders can be downloaded from : http://www.enkrypted.com/bootloaders.rar

If you chose to manually browse for the bootloaders on your mac then follow the next steps.

If you already have the bootloaders and pwnagetool detected them then follow the prompts and continue! (The process is the same for both bootloader types except it will say 3.9 or 4.6 depending on which bootloader it is looking for!).







Click on "Yes" when prompted that pwnagetool will create a custom firmware and place it on your desktop.

http://img.photobucket.com/albums/v6...orm/step-9.png

Click on "Yes" when pwnagetool asks your if you are a legit iPhone user! (This will keep the phone locked and not activate it)

on iPhone 3G click on "yes" or you will not have a wireless signal! (NO on 3G activates the phone but as it can't unlock yet there is no signal)

If you have no signal on 3G build another custom firmware and click on "yes" this time.

to UNLOCK and activate CLICK "NO!"

http://img.photobucket.com/albums/v6...rm/step-10.png

PwnageTool will now build the custom firmware file.

This will take about 5 minutes. Be patient!



Your mac will prompt you to enter your password to continue - if you don't have a password
then just click on "ok" and pwnagetool will continue to build your firmware.

If your Phone/iPod has the pineapple logo already then pwnagetool will tell you that you have
been successful and to exit it and select the custom firmware in iTunes to restore with.

If your device has not be pwned before then click on "No".



PwnageTool will try and enter DFU mode so it can "pwn" your device.

It will either do this automatically or prompt you to turn off the phone and then it will tell you to hold
the power and home buttons and let go of them at certain intervals.

It will prompt you when your phone has succesfully entered DFU mode.

Exit pwnagetool if it gives you the success message below.



Using iTunes click on restore and the "alt" key and browse to the desktop and select the custom firmware that pwnagetool created.



Your device will restore.

If you chose automatic mode it will try and unlock your phone with bootneuter.

FOR MORE PHOTOS OF THE PROCESS PLEASE LOOK AT THE ICLARIFIED TUTORIAL AT:

http://www.iclarified.com/entry/index.php?enid=1557

NEVER EXIT BOOTNEUTER BEFORE IT HAS FINISHED AND RESET ITSELF OR YOU WILL BRICK YOUR PHONE PERMANENTLY!!!!

BootNeuter can take anything up to 30 minutes. DO NOT EXIT OR RESET THE PHONE.

Be patient. It should be successful so don't risk breaking your phone because you are not patient!

Old community applications are not yet compatible with the new 2.0 firmware
So you need to wait developers to update their software.

Patience, they will show up in Cydia installer

I also recommend restarting your Mac before using PwnageTool 2.0 as this may fix issues with DFU mode.

Some useful tips from the dev team:

If you get Error 1600 from iTunes (or if you see in your log a failure to prepare x12220000_4_Recovery.ipsw), try: mkdir “~/Library/iTunes/Device Support”
if that directory already exists, remove any files in it. Then re-run PwnageTool.

If DFU restores are giving you trouble, another route to pwned 2.0 for 1G owners
is to use first pwnage at 1.1.4. Once you are pwned there, you can do a normal
Recovery-mode restore to your custom 2.0 ipsw.

iPhone does *not* need to be pre-pwned to be able to DFU-restore into a pwned ipsw — it needs to be pre-pwned only for normal recovery-mode restores of custom ipsw’s.

I have moved my original tutorial for pwnagetool 1.1 to the posts below.

If you chose to pwn first at 1.1.4 please follow the instructions there.

Mail application not working at 2.0?

Please restore to your custom ipsw (you don’t
need to DFU restore if you are pwned, normal restore will work now too) but then
select “Set up as a new iPhone” when iTunes asks.

Your first sync will bring back all of your settings anyway.

My Restore Did Not Unlock/Activate my iPhone!?

When pwnagetool asks if your a legit iPhone user this it can determine whether or not to unlock and activate your phone.

If you click on "Yes" (saying you are a legit user) then the phone will not be unlocked or activated.

If you click on "No" then you will be unlocked and activated when you restore.

If that fails you can select the expert mode and just click through to build firmware without changing any settings and it will work.

-------------------------------------------------------

QuickPwn 1.1 For Mac

Download from http://blog.iphone-dev.org/

QuickPwn for Mac works on iPhone/iPhone 3G and iPod Touch ALREADY restored to 2.1 Firmware.

It will jailbreak and/or unlock your iPhone/iPod depending on the model.

It is AUTOMATIC.

Simply connect your device and QuickPwn will detect the model and find the firmware.

It will ask you if you want to keep the original Apple boot logos and then it will start the jailbreak and/or unlock process.

You will have to turn it off and put it into DFU mode following on screen instructions and then it will reboot when finshed.

Winpwn

This tutorial will use WinPwn to unlock and jailbreak your 2G iPhone on the 2.0 firmware. The latest version of WinPwn does install Installer.app

Download from http://rapidshare.com/files/13607464...Setup.zip.html or http://rapidshare.de/files/40196561/...Setup.zip.html

IMPORTANT: Some 2G users have experienced problems with the latest version of WinPwn. *****FOR THE PARTITION SIZER, SET IT TO 512MB!!! IF YOU DO NOT SET IT TO SOMETHING ABOVE 500MB, IT WILL NOT WORK*****

Please keep these notes in mind...
- You MUST do a full uninstall of winpwn before installing the new version
- Make sure you have the latest version of iTunes ( Currently 7.7)
- WinPwn uses 300MB of ram at peak due to the ipsw being extracted in memory
- You must first click browse and load an IPSW to use WinPwn
- If you see Failed to load image catalog/payload catalog, this is fine and won't cause problems
- If you already have service with official service do not activate or install Youtube Fix

These are instructions on how to unlock and jailbreak your 2.0/2.0.1, 2G iPhone using Windows and WinPwn.


To follow this tutorial you will need to have iTunes 7.7 installed (make sure to reboot). Also, you may need to download and install .Net Framework if you are on Windows XP.

Step One
Create a folder on your desktop called Pwnage. In it place the following files: Winpwn 2.0.0.4 or Winpwn 2.0.0.4 , 3.9BL , 4.6BL , and the latest 2.0 firmware.



Step Two
Install WinPwn by extracting the downloaded zip from Step One and running the setup executable. Once WinPwn has been installed it will put a shortcut icon on your desktop. Double click to launch the application.



Step Three
Once WinPwn has opened click the Browse .ipsw button.



Step Four
Locate the 2.0 firmware file (iPhone1,1_2.0.1_5B108_Restore.ipsw) from the Pwnage folder on your desktop and click Open.



Step Five
WinPwn will check the firmware to make sure its valid. Now click the IPSW Builder button.



Step Six
The IPSW Builder window will open to the Applications tab. Check to select Cydia and if you are not on AT&T then check to select YouTube Fix.




Step Seven
Click to select the Custom Images tab. From here you can can select
your own boot images.

Remember the rules for them: RGB or Grayscale format with Alpha channel and dimension bellow 320x480. If you would like to use the iClarified ones they can be found here: Boot Logo, Recovery Logo


Step Eight
Click to select the Custom Payload tab. From this tab you can select custom payloads you have created to be automatically installed. We will discuss this in a future tutorial.



Step Nine
Click to select the Advanced tab. Check to select: Activate Phone, Enable Baseband update, and Unlock baseband.


We will also need to load the Bootloader files. Click the Bootloader 3.9 button and then select the BL39.bin file in your Pwnage Folder. Then click the Bootloader 4.6 button and select the BL46.bin file in your Pwnage Folder.









*****FOR THE PARTITION SIZER, SET IT TO 512MB!!! IF YOU DO NOT SET IT TO SOMETHING ABOUT 500MBS, IT WILL NOT WORK*****

Step Ten
Click the Build .ipsw button at the bottom left to build your custom ipsw firmware file. Navigate to your Pwnage folder and click the Save button.


Step Eleven
Once WinPwn has finished creating your custom firmware then click the iPwner button from the main menu.


Step Twelve
Select the custom firmware file we just built from the Pwnage folder on your desktop and click the Open button.



Step Thirteen
You will then be notified that your iTunes has been Pwned!



Step Fourteen
Next we will need to put the iPhone in the DFU mode and restore using iTunes. To put your iPhone into DFU mode please follow these instructions!



Step Fifteen

iTunes will prompt you that you are in recovery mode.

Hold down Shift and click the Restore button in iTunes.

A popup window will appear asking you to select your firmware. Select the Custom firmware file we saved in the Pwnage folder and then click the Open button.

Once the restore is complete you will have your iPhone unlocked and jailbroken!

THANKS TO ICLARIFIED FOR TUTORIAL

QuickPwn

WARNING!

Quickpwn also activates iPhones if you need activation

It will unlock only original iPhone version although some people have said that the iPhone 2G does not get its modem updated - this is unconfirmed at this time.

iPhone 3G Modem IS UPDATED. If you want to unlock it DO NOT update it or you may make it not possible in the future.

Official unlocked 3G phones can update and jailbreak using quickpwn and keep the unlock.[/I]

(Thanks to BigBoss for photos/instructions - I will update this as things change!)

WINDOWS only (Mac version coming)

QuickPwn is a command line based method for jailbreaking ONLY both the original and 3G iPhone as well as iPod Touch.

There is a basic GUI version now available - see below for more!

You do not need to do this if you already have a working, pwned 2.0.1 device.

This should eliminate many of those 160x errors many windows users are experiencing.

Who should use this tool?

This is for those that are not planning to restore. It’s not clear what the activation state is after the process therefore, I only recommend this for those that have a contract carrier or an unlocked phone already. This is also perfect for those that pwned and did not install Cydia as it will result in Cydia being installed. If you are on a 2g and need to unlock, you can do so with bootneuter, but this will not activate for you. If you are on a stock device and using AT&T or a contract carrier, this is the perfect jailbreak for you. You will not lose your contacts or have to do any backups. Finally, if you are going to restore anyway, especially if you need to unlock a 2g, you may as well use winpwn or pwnagetool.

Here are the steps to using the tool:

1) Download the tool http://xs1.iphwn.org/releases/QuickPwnGUI150.zip and extract it to a folder such as c:\quickpwn.



2) Download the proper firmware image such as 2.0.1 3G or 2.0.1 2G. Save this image in a place you can easily find it as quickpwn will ask you to select it when you run it.

You can download the firmware by connected your iPhone/iPod to iTunes and clicking on "restore" - itunes will download the firmware. Disconnect the phone/ipod when the download has started as you do not want to restore!

3) Hook your phone up to your PC and double click "Quickpwn"

4) Browse to the correct firmware and select it.

Chose if you want Cydia and/or Installer on your phone and if you want custom boot images. Just tick the boxes as appropriate!



5) Follow the onscreen instructions to get your phone pwned.



You will have to get your phone into DFU mode as will be shown on the screen.





When you are in DFU mode, the app should automatically take over.



Wait a bit for the process to finish, and congratulations! You are done.


This 5 minutes approx. before it is ready to interact with your iphone/ipod and it takes approximately 10-15 minutes to jailbreak.

It may be quicker than this - but be patient. When the command line part is finished the iPhone will show a spinning circle as it is still being jailbreaked.

Wait for the phone to reboot to the home screen before touching it!



8) Optional 2g phone only. If you need to unlock your phone, install bootneuter from Cydia and run it! Select “neuter, unlock, do not change bootloader settings, and then flash!.

Troubleshooting:

1) If during the process you did not kill iTunes you will see these questions:

Is your device connected to your computer via USB? Type “Y” to continue.
Is your iPhone currently powering on? Type “Y” to continue.

If you see these questions it means that your phone is not being recognized by the PC. Remember you must have iTunes running and it must see your device. If you have to, close and reopen iTunes, disconnect and reconnect your device, or even reboot your PC. You should not see the above two message as part of the process.

2) When you turn on your iPhone, it does not have any display. Man, is it bricked?

This is probably caused by using an invalid boot image (logo.png) in the process. If you wait long enough the thing should boot up to springboard normally. In this state, you do not have any logo showing you the device is booting. You can fix it by repeating the process with a valid png file.

QuickPwn will be updated to work on Mac soon - and with options to add and remove different fuctions so be patient if these options do not suit your needs!

FAQ

DFU MODE

Turn off your phone by holding power, sliding to power off, and waiting for it to power off. Do not take the phone off the pc connection! If you do, you must start over.

a) Wait 5 seconds.
b) Hold the power button for 5 seconds.
c) Press the home and power buttons for 10 seconds.
d) Let go off the power button and keep holding the home button for up to 30 seconds.

Problems?

If you have a problem and were able to solve it, please let me know what you did so I can include it here for others to benefit from.


Problem 1.
PwnageTool 2.0 is a Mac only program. Windows users should go to this site.


Problem 2.
After installing 2.0, Mail.app kept crashing on start, and Safari wouldn't accept cookies. There are three solutions:

1 - This happens when you restore email account settings from iTunes. Set them manually and you won't have this problem.

2 - Restore to your custom ipsw (you don’t need to DFU restore if you are Pwned, normal restore will work). Then select "Set up as a new iPhone" when iTunes prompts you. Your first sync will bring back all of your settings anyway.

3 - Fix by installing OpenSSH from Cydia. Log in as root with the password alpine and enter the following in the Terminal:

* chmod 777 /var/mobile/Library/Mail
* chown mobile /var/mobile/Library/Cookies/
* chown mobile /var/mobile/Library/Cookies/Cookies.plist



Problem 3.
PwnageTool won't run on PPC Macs.

Make sure you do not have any programs running, then move your ~/Library/Caches folder to the trash. Do the same for the /Library/Caches folder. Reboot the Mac.


Problem 4.
If you are a legitimate AT&T customer with a 3G iPhone and you do not have service after Pwning, then uncheck Activate during the Pwnage process. Go to general settings and turn off 3G and then turn it back on again. Also make sure you have an Pwned x122220000 ipsw in your ~/Library/iTunes/Device Support folder.


Problem 5.
PwnageTool 2.0 does not launch, and only bounces in the dock. The solution is:

* Launch PwnageTool
* Launch Activity Monitor (found in Applications/Utilities on your Mac)
* Look for a process called "ps" and quit or force quit it. Alternatively you can use the Terminal to do this by entering "kill -9 -1" but this will quit the Finder and all running programs and reload.


Problem 6.
If you get Error 1600 from iTunes (or if you see in your log a failure to prepare x12220000_4_Recovery.ipsw), then create a folder called Device Support here: ~/Library/iTunes/Device Support If that directory already exists, then remove any files in it. Restart PwnageTool and begin again.


Problem 7.
If DFU restores are giving you trouble, another solution is to use the first version of PwnageTool with 1.1.4 firmware. Once you are Pwned on 1.1.4, you can perform a normal recovery mode restore to your custom 2.0 ipsw. Note: the iPhone does not need to be pre-Pwned to be able to DFU restore into a Pwned ipsw. It needs to be pre-Pwned only for normal recovery mode restores of a custom ipsw.


Problem 8.
Loss of EDGE service on T-Mobile. You receive the message: "Could not activate cellular data network: you are not subscribed to a cellular data service." Press Settings, General, Reset, Reset Network Settings. Service should now be restored.

If you DFU restore to the original 2.0 firmware, your unlock will remain intact. To undo the unlock you would need to run BootNeuter and relock the iPhone, then restore it back to 2.0.

Problem 9.
I have no sound/My iPhone is acting strange after being pwned successfully? What is going on?

First of all - ALWAYS set up your iPhone as a "new" phone - never restore from backup unless your phone was not previously jailbreaked!

WARNING! Restoring a backup of a previously jailbreaked phone can cause a number of issues only fixable by another restore so don't restore from a back up of a previously jailbreaked phone!

If you have set up your phone as new and are still having issues then do a full settings reset from settings>general>reset>reset all settings and that should fix it!

I PWNED MY IPHONE/IPOD WITH THE WRONG FIRMWARE! ITUNES SAYS MY IPHONE IS AN IPOD (or vice versa) WHAT CAN I DO?

Problem 10.
MY PHONE WON'T TURN ON! ITS REBOOTING CONSTANTLY! I HAVE CONSTANTLY SCROLLING TEXT! and ANY OTHER ISSUE WHERE PHONE IS NON RESPONSIVE

You can fix this!

Put your phone into DFU mode.

Restore to apple original firmware and you can start over again!

---------------------------------------------------------------

iTunes Error Messages - What they mean and how to fix them!

Error 1013/1014/1015 - This error message occurs when you downgrade or upgrade to a different baseband than the firmware your restoring to has. This message does NOT mean the restore failed - it simply means the phone firmware does not match the baseband. Use iLiberty/Independence to kick the phone into normal mode and out of recovery mode and it will work.

Error 6 and 10 - This error message is because of a problem with your firmware - this message will occur most often because of using unsuitable boot/recovery images. Make a new custom firmware to fix this and use suitable boot images or use the standard images that came with the pwnage software.

Error 1603/1604 - 160? something

IF YOU ARE RESTORING TO A STANDARD APPLE FIRMWARE *NOT CUSTOM FIRMWARE"

This error is down to itunes not liking your USB ports on your computer. Use a different USB slot or a different computer if possible. That is the easiest fix!

IF YOU ARE RESTORING TO A CUSTOM FIRMWARE AFTER RESTORING FROM STANDARD APPLE FIRMWARE

IF you have pwned your phone once and then restored back to apple original firmware successfully and THEN tried to restore custom firmware you WILL get
an error in iTunes as the apple firmware "unpawned" your phone. You have to repwn it using iPwner and then you can restore using custom firmware.

IF YOU ARE RESTORING TO CUSTOM FIRMWARE AND YOUR PHONE IS STILL PWNED

See "if your restoring to apple firmware" above as it is the same issue.

BootNeuter Error 5: This is because you upgraded to the 2.0 beta firmware without unlocking first in 1.1.4 like your supposed to. You will have to restore to 1.1.4 unlocked and then delete the 2.0 baseband. You can do this by adding iclarified to the installer sources (as explained in the localization part below) then select "Delete 1.2 Baseband" - install that and let it delete your baseband. You MUST then restore to 1.1.4 apple original firmware and then re-pwn your phone and restore to 1.1.4 custom unlocked before BootNeuter will work again.

How about international payload ? I live on a european country , and .. how to make calls ? since it is no support for my Country (romania)

Hmm it sounds like awesome stuff is happening but i will wait until all the bugs are fixed. Good job guys!

i got also the question about the preparation for international use.

What happens if you pwn your iPhone. Neuter your bootloader and unlock and after that disable the neuter button. Will the iPhone stay unlocked with the original OTB unchanged bootloader or will the unlock not work anymore.

crashx

I guess it will not work anymore since the original bootloader will check the integrity of the baseband. Integrity check is skipped by the neuteredbootloader

Ok, so just to be clear, if I have a downgraded BL (done by our beloved Ziphone) should I choose to upgrade in the process of pwonage the phone, or with bootneuter I can go freely between 3.9 and 4.6, even though my phone was downgraded by Ziphone to 3.9?

I feel like such a newbie.