iPhone Pwnage Project Opens Up Possibilities [Update]

51 months ago

The Pwnage Tool is OUT NOW!
UPDATED tutorial for PwnageTool 2.0.3 on MAC

Windows Method INCLUDED BELOW!

The Pwnage Tool 2.0.3 is OUT NOW!

If PwnageTool pwned your phone correctly the first time, you do not need to pwn again with 2.0.2.

WINDOWS: You can download winpwn from www.winpwn.com to unlock/jailbreak 2.0 - 2.0.1.

If you want to jailbreak 2.0.2 then update using iTunes and use quickpwn to jailbreak. The unlock remains.

Unlock remains from 2.0.1 on 2.0.2.

IMPORTANT:

The first post in this thread is related to pwnagetool 2.0 - below refers to the previous versions although the advanced settings are the SAME on both pwnagetool versions with the exception of the inclusion of Cydia installer on pwnagetool 2.0.

PwnageTool 2.0.3 supports a beta version of Installer.

Cydia is also included and has many of the same functions and is compatible with 2.0.

Mac Guide below!

This is a very simple process. Below is a detailed guideline with FAQ and solutions to possible problems.

At the most basic level all you have to do to make this work is:

1. Make custom firmware.
2. Pwn your phone and Restore using custom firmware in iTunes.

YOU CAN DIRECTLY "PWN" YOUR PHONE AT 2.0 BY FOLLOWING THE INSTRUCTIONS.

YOU DO NOT NEED TO RESTORE TO 1.1.4! IT WORKS FROM 2.0!

-----------------------------------------------------------------------------------

PWNAGE 2.0.3 FAQ AND HOW TO GUIDE

Download From:

http://xs1.iphwn.org/appcast/PwnageTool_2.0.3.tbz

There are 2 modes in the new version of pwnagetool.

These are:

Simple Mode - Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
custom firmware.

Expert Mode - Where you can adjust the settings on the various different additions to the custom firmware - if you click through and do not change anything in expert mode it will make the same
custom firmware as simple mode however doing this instead of simple mode can fix issues with
the simple firmware not working correctly. There is more on expert mode at the end of this guide.

Original iPhone: This can be unlocked and jailbreaked and activated.

iPod Touch: This can be jailbreaked.

iPhone 3G: At this time you can ONLY jailbreak and activate iPhone 3G.

Step By Step Guide to Simple Mode

Select your device type as below:

PwnageTool will AUTOMATICALLY search for the correct firmware for your device.

IMPORTANT: iPhone and iPhone 3G firmware is differently named.

original iPhone firmware for 2.0.2 is named iPhone1,1_2.0.2_5C1_Restore.ipsw

iPhone 3G firmware is named iPhone1,2_2.0.2_5C1_Restore.ipsw

includes FAQ now

This tool unlocks ONLY 2.0 firmware and activates it.

IMPORTANT:

The advanced settings are the SAME on both pwnagetool versions with the exception of the inclusion of Cydia installer on pwnagetool 2.0.

PwnageTool 2.0.2 supports a beta version of Installer. Cydia is also included has many of the same functions

-----------------------------------------------------------------------------------

PWNAGE 2.0.2 FAQ AND HOW TO GUIDE

There are 2 modes in the new version of pwnagetool.

These are:

Simple Mode - Which provides step by step instructions as below and automatically detects your correct firmware and adds the unlock and activation and jailbreak with Cydia automatically to your
custom firmware.

Expert Mode - Where you can adjust the settings on the various different additions to the custom firmware - if you click through and do not change anything in expert mode it will make the same
custom firmware as simple mode however doing this instead of simple mode can fix issues with
the simple firmware not working correctly. There is more on expert mode at the end of this guide.

Original iPhone: This can be unlocked and jailbreaked and activated.

iPod Touch: This can be jailbreaked.

iPhone 3G: At this time you can ONLY jailbreak and activate iPhone 3G.

Step By Step Guide to Simple Mode

Select your device type as below:

PwnageTool will AUTOMATICALLY search for the correct firmware for your device.

IMPORTANT: iPhone and iPhone 3G firmware is differently named.

original iPhone firmware for 2.0 is named iPhone1,1_2.0.1_5B108_Restore.ipsw

iPhone 3G firmware is named iPhone1,2_2.0.1_5B108_Restore.ipsw

You can make sure you have the correct firmware on your mac by connecting your iPhone/iPod to iTunes and clicking on restore then iTunes will download the correct firmware. Disconnect your device when downloading as you don't want to restore with standard firmware!

If you are going to unlock your original iPhone then you will need the bootloader files for 3.9 and 4.6 - the following steps let you select them.

PwnageTool will automatically detect the bootloader files for you if they are on your mac.

Bootloaders can be downloaded from : http://www.enkrypted.com/bootloaders.rar

If you chose to manually browse for the bootloaders on your mac then follow the next steps.

If you already have the bootloaders and pwnagetool detected them then follow the prompts and continue!

Click on "Yes"

Click on "Yes" when pwnagetool asks your if you are a legit iPhone user! (This will keep the phone locked and not activate it)

on iPhone 3G click on "yes" or you will not have a wireless signal! (NO on 3G activates the phone but as it can't unlock yet there is no signal)

If you have no signal on 3G build another custom firmware and click on "yes" this time.

to UNLOCK and activate CLICK "NO!"

PwnageTool will now build the custom firmware file.

This will take about 5 minutes. Be patient!

Your mac will prompt you to enter your password to continue - if you don't have a password
then just click on "ok" and pwnagetool will continue to build your firmware.

If your Phone/iPod has the pineapple logo already then pwnagetool will tell you that you have
been successful and to exit it and select the custom firmware in iTunes to restore with.

If your device has not be pwned before then click on "No".

PwnageTool will try and enter DFU mode so it can "pwn" your device.

It will either do this automatically or prompt you to turn off the phone and then it will tell you to hold
the power and home buttons and let go of them at certain intervals.

It will prompt you when your phone has succesfully entered DFU mode.

Exit pwnagetool if it gives you the success message below.

Using iTunes click on restore and the "alt" key and browse to the desktop and select the custom firmware that pwnagetool created.

Your device will restore.

If you chose automatic mode it will try and unlock your phone with bootneuter.

FOR MORE PHOTOS OF THE PROCESS PLEASE LOOK AT THE ICLARIFIED TUTORIAL AT:

http://www.iclarified.com/entry/index.php?enid=1557

NEVER EXIT BOOTNEUTER BEFORE IT HAS FINISHED AND RESET ITSELF OR YOU WILL BRICK YOUR PHONE PERMANENTLY!!!!

BootNeuter can take anything up to 30 minutes. DO NOT EXIT OR RESET THE PHONE.

Be patient. It should be successful so don't risk breaking your phone because you are not patient!

Old community applications are not yet compatible with the new 2.0 firmware
So you need to wait developers to update their software.

Patience, they will show up in Cydia installer

Some useful tips from the dev team:

If you get Error 1600 from iTunes (or if you see in your log a failure to prepare x12220000_4_Recovery.ipsw), try: mkdir “~/Library/iTunes/Device Support”
if that directory already exists, remove any files in it. Then re-run PwnageTool.

If DFU restores are giving you trouble, another route to pwned 2.0 for 1G owners
is to use first pwnage at 1.1.4. Once you are pwned there, you can do a normal
Recovery-mode restore to your custom 2.0 ipsw.

iPhone does *not* need to be pre-pwned to be able to DFU-restore into a pwned ipsw — it needs to be pre-pwned only for normal recovery-mode restores of custom ipsw’s.

I have moved my original tutorial for pwnagetool 1.1 to page 18.

If you chose to pwn first at 1.1.4 please follow the instructions http://forums.macrumors.com/showpost.php?p=5863489&postcount=435.

Mail application not working at 2.0?

Please restore to your custom ipsw (you don’t
need to DFU restore if you are pwned, normal restore will work now too) but then
select “Set up as a new iPhone” when iTunes asks.

Your first sync will bring back all of your settings anyway.

My Restore Did Not Unlock/Activate my iPhone!?

When pwnagetool asks if your a legit iPhone user this it can determine whether or not to unlock and activate your phone.

If you click on "Yes" (saying you are a legit user) then the phone will not be unlocked or activated.

If you click on "No" then you will be unlocked and activated when you restore.

If that fails you can select the expert mode and just click through to build firmware without changing any settings and it will work.

I myself used the automatic firmware on my US unlocked iPhone here in the UK and it relocked the phone and did NOT activate it! I made a new firmware
and it was fine and unlocked and activated.

Likewise my 3G firmware did not activate even though it was meant to - however as we are all on legitimate 3G contracts I used iTunes to activate and cydia was there and everything else was working perfectly!

--------------------------------------------------------------------------------------------------

WINDOWS USERS IPHONE 2.0 UNLOCKED!:

Download winpwn from www.winpwn.com - it works the same as pwnagetool above but on windows!

The process is exactly the same although it is only "expert" mode.

Any questions please ask although everything does the same on the windows version as the mac version.

--------------------------------------------------------------------

FAQ

Read below for what various iTunes error messages mean and how to fix them!

Is it for Windows and Mac?

Right now it is only available for Mac. Windows version is expected in the by end of day Sunday 6th April.

Is it safer than ZiPhone/iLiberty+

Yes as it changes your file system BEFORE you restore and therefore avoids all the possible problems you can have with other methods.

Will Installer be added automatically?

If you rebuild the firmware using pwnage then 1.1.4 will have installer added to the firmware. Installer is not added to 1.2 or 2.0 beta firmware as it would not work at this time.

Can I just jailbreak ONLY?

Yes - don't tick any boxes on the firmware options and it will ONLY jailbreak your phone.

How do I pwn my phone?

Video of process courtesy of Engadget.com : http://www.viddler.com/explore/engadget/videos/5/

Download the pwnage tool from the pirate bay! Do a search for "PwnageTool.app"

You can download from the iPhone DevTeam site but it does not have the bootloader files you need and so it is easier to download
a complete copy from torrents.

The download without the bootloader files (which you WILL NEED to use pwnage) can be found here:

http://www.iphone-dev.org/
and
http://theiphoneproject.org/

Bootloaders can be found at: http://www.hackint0sh.org/forum/showthread.php?t=36508&page=2

===========

ITUNES ERROR MESSAGES: WHAT THEY MEAN AND HOW TO FIX THEM!

Error 1013/1014/1015 - This error message occurs when you downgrade or upgrade to a different baseband than the firmware your restoring to has. This message does NOT mean the restore failed - it simply means the phone firmware does not match the baseband. Use iLiberty/Independence to kick the phone into normal mode and out of recovery mode and it will work.

Error 6 and 10 - This error message is because of a problem with your firmware - this message will occur most often because of using unsuitable boot/recovery images. Make a new custom firmware to fix this and use suitable boot images or use the standard images that came with the pwnage software.

Error 1603/1604 - 160? something

IF YOU ARE RESTORING TO A STANDARD APPLE FIRMWARE *NOT CUSTOM FIRMWARE"

This error is down to itunes not liking your USB ports on your computer. Use a different USB slot or a different computer if possible. That is the easiest fix!

IF YOU ARE RESTORING TO A CUSTOM FIRMWARE AFTER RESTORING FROM STANDARD APPLE FIRMWARE

IF you have pwned your phone once and then restored back to apple original firmware successfully and THEN tried to restore custom firmware you WILL get
an error in iTunes as the apple firmware "unpawned" your phone. You have to repwn it using iPwner and then you can restore using custom firmware.

IF YOU ARE RESTORING TO CUSTOM FIRMWARE AND YOUR PHONE IS STILL PWNED

See "if your restoring to apple firmware" above as it is the same issue.

BootNeuter Error 5: This is because you upgraded to the 2.0 beta firmware without unlocking first in 1.1.4 like your supposed to. You will have to restore to 1.1.4 unlocked and then BootNeuter will work.

I CAN'T BUILD MY CUSTOM FIRMWARE! WHAT CAN I DO?

Your problem is related to your Mac. It appears that for whatever reason your computer is
not mounting the image of the firmware and putting it back together so the process fails.

There may be a solution in this thread:

http://www.hackint0sh.org/forum/showthread.php?t=36525

However if there is not you have 2 options: Try a different Mac OR Wait for the Windows version.

---------------------------------------------------------------------------------------------

Can I customise my firmware to add certain applications etc?

Yes.

Can I use pwnage with IPSF unlocked phones?

Yes you can. It will from my understanding it will not touch the IPSF unlock but will unlock the phone a different way and is fully compatible.

Can I use BootNeuter without pwning? Can I use Bootneuter without a Mac?

Yes, details here: http://www.hackint0sh.org/forum/showthread.php?t=36528

I would however recommend using pwnage if you need to change your bootloader as it is the safest method as its fully automated and best for anyone who is not a hacker.

I have no sound/My iPhone is acting strange after being pwned successfully? What is going on?

First of all - ALWAYS set up your iPhone as a "new" phone - never restore from backup unless your phone was not previously jailbreaked!

WARNING! Restoring a backup of a previously jailbreaked phone can cause a number of issues only fixable by another restore so don't restore from a back up of a previously jailbreaked phone!

If you have set up your phone as new and are still having issues then do a full settings reset from settings>general>reset>reset all settings and that should fix it!

I PWNED MY IPHONE/IPOD WITH THE WRONG FIRMWARE! ITUNES SAYS MY IPHONE IS AN IPOD (or vice versa) WHAT CAN I DO?

MY PHONE WON'T TURN ON! ITS REBOOTING CONSTANTLY! I HAVE CONSTANTLY SCROLLING TEXT! and ANY OTHER ISSUE WHERE PHONE IS NON RESPONSIVE

You can fix this!

Put your phone into DFU mode. You can do this by pressing and holding the sleep and home button for 10 seconds WHILST THE USB CABLE IS CONNECTED AND ITUNES RUNNING from when the Apple logo appears until it dissapears and then KEEP holding the home button but let go of the sleep button - the screen will stay off but iTunes will recognise the phone.

If your phone is not recognised by Independence/ iLiberty+ you will have to manually put it in DFU - this CAN be tricky to time right but eventually you WILL get it!

Restore to apple original firmware and you can start over again!

Localization

iPhone 2.0 software DOES NOT have support for every country and there is NO patch as yet to add using Cydia however 2.0 adds support for LOTS of new countries and therefore you may not need any extra support.

Before Localizing

If you are outside one of the 'Official iPhone Countries' you will need to perform a localization of your iPhone in order for it to work. If not, SMS and Phone application will countinuously crash.

Reason is Apple has designed the iPhone to work in the following countries (including 2.0 countries).
- United States
- Canada (as the number formats are the same- but if you have any problems try localization!)
- United Kingdom
- France
- Germany
- Japan
- China
- Italy
- Austria

NEW

- Denmark
- Spain
- Finland
- Korea
- Norwegian Bokmal
- Holland
- Poland
- Portugal
- Brazil
- Russia
- Sweden

So in order to work elsewhere localization kicks in.

Localizing your iPhone

1. Go to Installer
2. If you don't have the iClarified source do the following
i. Go to Sources
ii. Tap Edit
iii. Tap Add
iv. Type www.installer.iclarified.com
v. Refresh
vi. Go back to Install Tab
3. Tap iClarified in the Install Tab
4. Scroll until you find the respective App Support.
>>Important: Go with the respective version!!! (ei. Firmware 1.1.4 uses App Support (1.1.4)
5. Tap it
6. Tap Install.
7. If any notice appears tap Install.
8. IPhone will download and run the package.
9. Once finished, press Home botton.
10. Springboard will reboot.
11. Power down iPhone (off)
12. Power up iPhone (on) and enjoy!

------------------------------------------------------------------------------------------------------

I think the Hackthatphone guides are the best out there

http://www.hackthatphone.com/114/iphone_pwnage_mac.html