Smooth Blog

iH8sn0w has posted a process quite complex to jailbreak iOS 4 for iPhone 3GS with new iBoot.
This jailbreak based on the creation of a custom firmware using Sn0wbreeze, that you will install thanks to a new tool iBooty from iH8sn0w.

iPhone 3GS, find the version of your iBoot.
For old iBoot, follow this guide.
For iPhone 3GS with new iBoot, this tutorial concerns you !

Required :

• iPhone 3GS New iBoot. [Windows only]
• Have your ECID (shsh) signed for FW 3.1.2 only on Saurik server.
• IBSS Grabber
• Pwner Paylod RC2 pour iPhone 3GS
• iBooty 4.0 GUI
• Sn0Wbreeze 1.6.2
• Libusb (links below)
• Firmwares 3.1.2 et 4.0 pour le 3GS
• iTunes 9.2

First condition : Have your file shsh 3.1.2 signed with Saurik server.

• Modify your file Host. Read this guide.
• You can have locally your ECID/ShSh on your PC grabbed with Umbrella.
• If you do NOT have your ECID/ShSh signed for firmware 3.1.2, it is NOT possible to do it, actually only Firmware 4.0 is signed !

Grab the fileIBSS from Firmware 3.1.2

• Put your iPhone in DFU mode (black screen)
• Use the software IBSS Grabber
• Click on Save. Save the folder or the file IBSS on your desktop of your computer.
• Then click on “Start Watching”.

• When it is finished, start iTunes and restore the Firmware 3.1.2
• When the restore is finished, go to the folder thath you put on your desktop thanks to IBSS Grabber.
• In this folder, go to Firmware and then in the folder DFU.
• You will find the file IBSS extracted from the Firmware 3.1.2.

Creation of a Custom Firmware iOS 4

• Follow this guide for Windows or Mac.

Install libusb

• libusb win32 XP
• libusb win32
• libusb win64

WARNING! this program is very important for your USB drivers. Windows Vista and Seven, right click libusb-win32-….exe and put XP SP3 compatibility and execute as admin.

After executingt this tool, you are in the ideal mode to leave Recovery mode and then reboot your iPhone.

Free your IBSS and iBoot

• Execute the tool Pwner Paylod RC2 pour iPhone 3GS
• Follow the steps.
• This will create some files that you must copy in the same folder as iBooty-4.0.

Prepare iBooty

• Extract with 7-zip your Custom Firmware created before with Sn0wbreeze.
• Put the files or folder Kernelcache and Firmware/DFU/iBEC.n88ap.RELEASE.dfu in the same folder as iBooty 4.0

Rename the 3 following files :

• iBSS 3.1.2 signed to « ibss312.dfu »
• Kernel 4.0-Custom to « kernel.40″
• iBEC 4.0-Custom to « ibec40.dfu »

So, in the folder iBooty, you should have the following files :

* iboot.payload – created with Payload Pwner.
* exploitibss312 – created with Payload Pwner.
* ibec40.dfu – extracted from Custom Firmware created with Sn0wbreeze.
* irecovery.exe – included with iBooty.
* readline5.dll – included with iBooty.
* iBooty.exe – included with iBooty.
* ibss312.dfu – your IBSS file during the restore of FW 3.1.2
* kernel.40 – extracted from Custom Firmware created with Sn0wbreeze.
* sn0w.img3 – included with iBooty.

Restore Firmware iOS 4 Custom.

• You are with Firmware 3.1.2 restored just before.
• Start iBooty.exe and select “Prepare Device for Custom Firmware”. The process starts and you will obtain snow, you can continue..
• Start iTunes, then press SHIFT + Restore to install Custom iOS 4
• At the end of the restore, the screen is black, this is normal !

Activate your Custom iOS 4

• Start iBooty.exe
• Click on « Boot It »

You should then have a jailbroken iOS 4 on your iPhone 3GS New iBoot.