Michael Yuan

Okay, I finally bit the bullet and pwned an iPhone. No, I did not try yellowsn0w to jailbreak my 3G iPhone — although I might do it now since I enjoy the jailbroken iPhone so much. What I did was to jailbreak a brand new unused 1st-gen iPhone and update to firmware v2.2. The result is a jailbroken iPhone that can be used with any SIM card or even without a SIM card (to function as a Wifi device). This sounds simple but it is not. I just want to share some notes here in case other people encounter similar issues.

I first tried the obvious: QuickPwn. The issue with QuickPwn is that it does not actually update the firmware. It just jailbreak whatever firmware that is already on the iPhone. Since I want firmware v2.2 and the iPhone is shipped with v1.x, I have to upgrade the firmware somehow. To make matters worse, iTunes 8.0.3 no longer gives the option to “update” an iPhone firmware without activating it. The first screen I see when I plug the iPhone to iTunes is the activation screen. Fine. I just put my iPhone into DFU mode (the “hold both Home and Power for 10 sec, and then hold just Home for another 10 sec, while the phone is plugged in” maneuver), and plugged the DFU iPhone to iTunes. Now, iTunes detects the iPhone in “recovery mode” and offers the option to “restore and update”. I proceeded to update to v2.2.

Next is to run QuickPwn 2.2. It ran smoothly, showed the “ihaz success” message, and rebooted the iPhone. Good? No. The first sign of problem is that the iPhone still showed Apple logo instead of the Pineapple logo when it rebooted. Sure enough, it only shows the “emergency call” screen after booting up. The phone is NOT activated. I am not sure what went wrong in the process. Maybe the iPhone is too old to be jailbroken by the latest QuickPwn? I downgraded the iPhone to 1.1.4 and tried QuickPwn 1.1 again — no luck, same result.

If QuickPwn does not work, I am left with the good old but more complicated Pwnage Tool. Make sure that you download one of the firmware from the same download page as well, since Pwnage Tool actually modifies the firmware and uses iTunes to re-flash the iPhone. Naturally, I downloaded firmware v2.2. It is actually quite straightforward to run the Pwnage Tool. I ran it in the “expert mode” so that I can confirm all the selected options (e.g., I need to make sure that “Activate the iPhone” box is checked!). Once Pwnage builds a new firmware and saves the ipsw file to your disk, it will instruct you to put your iPhone into DFU mode again. Then in iTunes, you “opt click” on the “restore” button, and choose the firmware you just saved from Pwnage to restore.

The first time I did this, iTunes complained a “1600 error”. So, I went back to Pwnage and re-build a new ipsw without selecting the “replace Bootneuter” option — I do not really know what it does, just some random experiment. This time iTunes worked without any error. The restore process takes a while. After it is done, the phone reboots and re-flashes itself. Done! Jailbroken, unlocked, and activated iPhone with Cydia installed!

So, how do I like the jailbroken iPhone? Well, that will be the topic for the next post …

This entry was posted on Tuesday, January 27th, 2009 at 2:45 pm and is filed under mobile. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.