The dev team recently released a new PwnageTool that will allow you to jailbreak iOS4 on your iPhone or iPod touch. Since we covered that, the dev team has upgraded the PwnageTool to 4.0.1. This is our walkthrough of how to jailbreak devices running iOS4. As always here's our disclaimer;

If you are in any way, shape, or form hesitant to jailbreak your device, don't! We take no responsibility for whatever damage you may do to your device during or after the process. Jailbreaking should typically be reserved for semi-advanced to advanced users. Preliminary jailbreaks can sometimes cause more problems. This jailbreak is NOT as simple as a button click like blackra1n or Spirit. If that's what you'd prefer, wait for that... pass on this one."

If you're alright with all of that, hit the jump to see if your device can currently be jailbroken/unlocked and how to do it.

Sorry I don't have a video for you guys this time, I had my 3GS swapped due to it bricking hardcore, and I have the newer baseband, but for now, here's a nice walkthrough. I'll update with a video when the dev team has a solution for newer basebands on 4.0.

iPhone Family (Mac Only)

iPhone 4

Not currently supported, so please don't attempt as you may damage your phone. As with all new hardware, you'll have to wait a bit for an update that supports iPhone 4.

iPhone 3GS

New bootrom: No
Old bootrom and haven't ever jailbroken with Spirit but HAVE been jailbroken before: yes, you can jailbreak
An easy way to tell if you have an older or newer bootrom is to check your serial, if the 4th and 5th digits are 40 or less, you've got an older bootrom. (ie - if my serial was 8B4387323 I'd be okay as my phone's 4th and 5th digits are 38)

iPhone 3G

Easiest way, just use redsn0w regardless of your situation, it should work, or follow the directions below

iPod Family (Mac and Windows)

iPod Touch G2

The second generation iPod touch is currently the ONLY iPod touch that is compatible with PwnageTool 4.0.1 at this time. If you have a first or third generation, you'll have to wait a bit longer. Either follow the directions below for second generation iPods or use redsn0w if you have a non-MC model of the 2nd gen iPod touch, basically older bootrom)

Instructions

Alright, now that we've determined whether or not you're capable of jailbreaking, I'm assuming you'd only be reading this if you're "certain" you can. Here's what you need to do:

Back up your iPhone/iPod in iTunes
Download PwnageTool here from the official source or one of the many mirrors
Make sure your device is connected and open PwnageTool
PwnageTool will ask you to select your device (I always select expert mode by the way, it will give you more choices when building your custom firmware - for iPhone 3G users who would like to activate the multi-tasking functionality, etc, you'll need to select expert mode and further down in the process, you'll be able to select an option that will enable features like multitasking, it may lag though, so consider yourself warned.)
Then select Next and PwnageTool will browse for firmwares on your computer. If for some reason your computer does not find them, you can get firmwares from here. (Remember to make SURE you are downloading the correct firmware for your device. iPhone 1st gen = 1,1 - iPhone 3G = 1,2 - iPhone 3GS = 2,1 - iPhone 4 = 3,1
After PwnageTool finds your correct firmware or you have browsed to the firmware you have downloaded, click next.
(Simple Mode, skip to step 11) If you selected expert most, you will now get a screen asking you to customize your build, select general at the very least, and typically Cydia packages, if you'd like the pineapple logo instead of the Apple logo, select Custom Logos then click next.
Next you will get a screen asking you to partition your space for jailbreak stuff (you don't have to). It'll also ask you if you'd like to activate, uncheck this if you're on AT&T and not unlocking.
The next screen will allow you to select custom packages you'd like pre-installed. Select what you want and click next again.
Select your custom boot logos or browse for your own and click Next.
Select Build on this screen, it'll prompt you for a location to save your custom IPSW, I normally save this to my desktop. (Oh, don't stray too far away from your computer, you'll probably be asked for an admin password at some point during the build process).
Once your bundle is done you'll need to open iTunes and put your phone into DFU mode. Simply turn your phone completely off, open iTunes, and hold down your home button until iTunes recognizes there is an iPhone/iPod in recovery mode.
Next hold down alt+option on your keyboard and click restore, navigate to your custom firmware you just built and restore from that. If all went well, your iPhone/iPod should reboot jailbroken!

Unlocking iPhone 3G and 3GS

As ultrasn0w now supports ALL versions of iPhone basebands, if your jailbreak was successful, you just need to install ultrasn0w via Cydia and you'll be unlocked!

If you have any questions or concerns with this process, feel free to leave them in the comments, forums, contact me on Twitter @iMuggle, or shoot me a quick e-mail at ally.kazmucha@tipb.com! Happy jailbreaking!

iMore senior editor from 2011 to 2015.

42 Comments

darn it ,
i read the title fast and thought it said how to jailbreak iphone 4 :(
Why would you want to do this. This action will void your warrenty
Why will it not work if you jailbroke with spirit?
Because I never had the need for the warranty. I never dropped my 3GS for the whole year from the release date till the day I sold it for the iphone 4. And I watch what I put in my phone while it's jailbroken, and there's still tons of potential in the iPhone 4 waiting to be release by creative developers which were denied by Apple.
Why not. My 3gs warrenty is up. what exactly am i voiding. if it bricks, oh well. Considering my 3Gs is merely a touch now as my ip4 micro sim doesnt work in the 3gs anyway
what would it void? nothing.
if theres ever a problem with your phone restore it. not hard.
Once you resstore your warranty is restored too!!! Duhhhhhh it erases all traces of jailbreak.
Is there a pwnage tool for windows?
Why not windows yet?!?!?! COME ONNNNN
Ok I got refurb 3gs about 2 or 3 weeks ago how can I know if it's the new or old bootrom? my 4th and 5th digit is 20 is this apply to refurb iPhone ?
Nothing for iPod Touch 3G??
Sorry guys nothing for windows or all generation of touch yet.
Spirit jailbreaks in a different way than previous tools, I'm "guessing" that's why if you jailbroke with spirit this won't work. I've never gotten myself into a situation where I couldn't restore from a jailbreak or upgrade but when I tried to upgrade to 4.0 official it bricked my 3GS. I'm only assuming spirit does something funky with the baseband or filesystem. I don't know for sure but I won't use it anymore or recommend it until I know for sure.
For Windows users, u can use Sn0wbreeze to jailbreak iOS4 for iPhone 3GS old bootrom only!!!
does anyone know if sn0wbreeze really works for iphone ios4? i have downloaded it and am waiting to hear some results.
My wife's 3GS is jailbroke they spirit but it's 3.1.3 and I'm waiting for a spirit break for the iPhone 4. This still good news so bc hopefully their getting closer to releasing a break for the new iPhone.
Sn0wbreeze definitely works on the 3gs for ios4. I did it today but had very bad glitches with cydia apps so I had to roll back to 3.1.2. Gonna wait out until some apps are updated
my iphone is an MC model but the 4th and 5th digit from the serial number are 38.... that makes me an older bootrom or a newer one
There is actually a 4.0 jailbreak solution for those who jailbroke with spirit on 3.1.3. It would even work for those who haven't jailbroken 3.1.3 yet. It only works on old bootroms. My phone died a couple of months ago and Apple replaced it with a new model. It came with 3.1.3 installed so no possibility of stepping down to 3.1.2 because SHSHs were not saved. To my delight I found it had the old bootrom and found a comment (now deleted) on the dev-team blog explaining how to jailbreak to 4.0
Basically this method takes a spirit jailbroken 3.1.3 and turns it into a pwnage tool or snowbreeze jailbroken 3.1.3.
You do need to transfer some files to the phone and run some commands from mobile terminal to make it work. The post suggested SSH but if like me you're not comfortable with SSH, you can do this using the free iphone browser or iphone explorer and transfer files over USB.
You create a custom firmware using pwnage tool or snowbreeze for 3.1.3, copy some of the files from that custom firmware to the phone, run some commands, reboot - its now lost the spirit jailbreak and has been replaced by a pwnage tool/snowbreeze jailbreak. Then you create custom firware for 4.0 using same tools, upgrade to itunes 9.2 and restore. Its a little complicated but it works.
See the following website for full details:http://iblog.pk/post/2010/06/27/IOS-4-jaibreak-for-Spirit-users-with-old...
Simply follow the instructions at the following website to make it work
Will jailbreaking my iphone 3gs 4.0 allow me to tether. If it does how and can I use it in Canada?
Jailbroke my 3G with redsnow, enabled multitasking and wallpapers on the ios 4 firmware
@Carol
Once you jailbreak, purchase mywi application And it'll allow u to use your phone as a mobile hotspot. Been using it on my 3GS 3.1.2 for months. Works great.
You should say new bootrom!! The baseband does not Mather.
Just wanted to let you know.
A little correction: The mentioned method using the S/N to determine if you have an old or new Bootrom on a 3GS is not very accurate!! A 100% accurate way of determining this (without having to try out a jailbreak and possibly fail due to new Bootrom) is the tool iDetector ( http://ih8sn0w.com/index.php/products/view/idetector.snow ) with which you just have to connect your iPhone in DFU mode.
And furthermore, a little information: The reason why you can't upgrade to a custom IPSW created in PwnageTool after having used Spirit on iOS 3.1.3 is that the Spirit Jailbreak is a so-called userland JB which means that it takes effect later on in the boot process as opposed to the other JBs which take effect earlier in the boot process and go deeper into the system. Due to that, the iPhone can't be tricked into accepting a custom IPSW when JBen with Spirit because the part of the system responsible for that check is still unaltered.
But if you're in the same situation as I was [3GS, old (!!) Bootrom, iOS 3.1.3, Spirit JB, no earlier 3.1.2 SHSHs on file] there's a workaround to make the iPhone accept a new custom IPSW after all. Thanks to this little hack, I'm now back on the "Jailbreak train" on iOS4! :)
The original instructions (by msftguy) can be found here: http://msftguy.blogspot.com/2010/06/old-bootrom-spirit-40-jb.html
And here is a little more detailed instruction: http://iblog.pk/post/2010/06/27/IOS-4-jaibreak-for-Spirit-users-with-old...
@Greg: Exactly, that's the method I'm talking about too ;)
Thanks for your additional information! One thing to add though: It seems that the custom IPSWs of iOS 3.1.3 and iOS 4.0 should better be made with PwnageTool (Mac) than with Sn0wbreeze (Windows), since some people in the comments there had some problems when using sn0wbreezed firmware images.
So, if you somehow have access to a Mac, better be safe and use PwnageTool. At least I did (even though I'm normally a Windows user) and everything went well. Only if you really have no access to a Mac, you can still try it with a Sn0wbreeze image. Maybe the problems those people are having had nothing to do with Sn0wbreeze - that's just a speculation that developed while finding the cause.
If you could make it work with Sn0wbreezed images, please let everyone know!
I have iPhone 3gs
Model- MC132B
Serial- 87012M2D3NQ
Modem Firmware- 05.13.04
Carrier- o2 7.0
Can I jailbreak this version?
I sold my 3GS on eBay and the guy wants it unlocked. I have 3.1.3 software on it and have never unlocked/jb before. Based on this article, am I better off having him upgrade to OS 4.0 and wait for unlock or have him unlock 3.1.3? Thanks for the help!
@ Mika Germanotta: The model (MC or MB) doesn't have anything to do with the Bootrom, the MC-model thing is only for iPods. To find out if your iPhone 3GS has the old or new Bootrom, use iH8sno0w's tool called "iDetector" and connect your phone in DFU mode.
@jtz5: At the moment, the unlock works on all baseband versions, e.g. the baseband from 3.1.3 as well as the baseband from 4.0. The easiest way would be to use Spirit on 3.1.3, then install ultrasn0w (the unlock) through Cydia. If he wants iOS 4.0, then you must have the old Bootrom and use the workaround that "Greg" posted above to get to a jailbroken iOS4, which I would only suggest if you have some experience in this and know what you're doing.
Thanks Parabel. Is there a video demo of both Spirit and unlocking? I am just afraid this guy is going to brick it and then ask for his money back.
Spirit is really just a one-button tool, very simple to use. The only important thing to know is that you MUST HAVE iTunes 9.1 (or 9.1.1) and NOT 9.2 installed! That is, only while using Spirit, afterwards 9.2 is fine. If necessary, uninstall 9.2 and install 9.1 before using Spirit.
I'm sure there are tutorials and even videos on Youtube, just search for Spirit jailbreak.
Then to perform the unlock, open the newly added "Cydia" icon, go to "manage", then "sources" and check if repo666.ultrasn0w.com is there.
If not, click on "edit", then "add" and enter "http://repo666.ultrasn0w.com" (note that it is a zero instead of an O) and click on add. After a few seconds, it should be done and you can flick on "finished".
Now, if the repo666 was already there or you have just added it, click on it and you should see "ultrasn0w". Click on that again and then choose "install".
Please note that if he wants to use it with T-Mobile, he should disable 3G in the system settings before installing Redsn0w!
But there are many tutorials for that as well, for example on iClarified. Or on Youtube.
Good luck.
"before installing Redsn0w"
I mean: before installing ultrasn0w.
@Greg Thanks for the link it worked like a charm!!! Big hi-5 to you sir. :-)
I need a confirmation to this: Can I update to the official iOS 4 firmware, Jailbreak it with Redsn0w, and unlock it with no problems with Ultrasn0w now? What happens is that I made my custom IPSW with Sn0wbreeze but I keep getting lots of 1600 and 1604 errors, which a lot of people have too apparently, but I haven't been able to find a solution. So I want to try with Redsn0w.
@Vermillion:
iPhone 3G: Yes, because the new Ultrasn0w happens to be able to unlock the new iOS 4 baseband. But don't do the same with the next firmware update 4.0.1 since no one knows yet if that's gonna be unlockable, too.
iPhone 3GS -> no, only PwnageTool / Sn0wbreeze custom IPSWs work, and only if previously jailbroken.
If you're getting those 1600 errors, it may be because of Sn0wbreeze. Try getting your hands on a Mac and use PwnageTool or try to find a custom IPSW made with PwnageTool online (but only from sources you can trust).
@Vermillion me to, iv'e tried many times, with the 1604 error each time.
Spirit leaves a bad taste in my mouth after ios4. It bricked my phone. After I finally was able to get it back the Internet wouldn't work.
I have a 3GS it was jailbroken, not with Spirit. I erased it to factory settings, upgraded it to iOS4, and erased it to factory settings again. It has the older bootrom, but I can I still jailbreak it?
JB my 3G on Redsn0w but find my phone to be very slow and a lot of apps are either crashing or freezing. Anyone else having the same problem?
I don't understand why dev-teams always leave out the iPod Touch 3G, spirit worked amazing for me, but how long did that take to come out? I figured since it's the newest generation of iPods they would put the most work into it. I just feel left out.
I want to jailbreak my ipod touch first generation. How do I do that?
I have 3gs 32GB with Old Botroom...However it has never been jailbreaked and i have OS 4.0......Can i still jail break and unlock it....I am new to iphone so was not sure if i can...what if while doing jailbreak there is an error can i restore to previous settings
Hi my name is tanja and me is new to this information richfull forum.
now my question : some dude knows where to get ecc ram from USA for personal use. 4gb modules would be nice. thank you for helping me.
I enjoy my Ipad. I got one as soon as I could and do not repent it at all. Its so fabulous to use and the technology is solid. I use it most every minute.

Show more comments