Jailbreak iOS 4 on iPhone 3GS with PwnageTool 4.0.1 [with iBooks fix]

PwnageTool is a popular jailbreaking app for Mac. An updated release, version 4.0 was released yesterday which supports iOS 4. There was an issue with iBooks which has been fixed with an updated version, 4.0.1. PwnageTool 4.0.1 supports iPhone 3GS with old bootrom if you didn’t use Spirit to jailbreak it. It also works with iPhone 3G and iPod Touch 2G, but this guide will focus on the 3GS.

Make sure you have an iPhone 3GS with the old bootrom! And backup your data using iTunes.

  1. Download iOS 4 for iPhone 3GS
  2. Download iTunes 9.2
  3. Download PwnageTool 4.0.1Screenshot20100623at12.22.28AM
  4. Select Expert Mode and click on iPhone 3GS as shown in the picture above and click next.
  5. Browse to the iPhone 3GS iOS 4 firmware.
  6. Click build and let PwnageTool do its work. It’ll take a little time.
  7. There will be a file called iPhone2,1_4.0_8A293__Custom_Restore.ipsw on your desktop. This will be restored to your iPhone 3GS.
  8. Open up iTunes and connect your iPhone 3GS. Select your iPhone in the iTunes sidebar. While holding the Option button, click Restore. It’ll ask you to locate the firmware. Point it to the iPhone2,1_4.0_8A293__Custom_Restore.ipsw  on your desktop.image
  9. The restore will take some time, but after it’s done you’ll have a jailbroken iPhone 3GS!
  10. If you want to unlock your iPhone 3GS to use it with other carriers, go to Cydia and add the following repo https://repo666.ultrasn0w.com. Check here for how to do this. Search for ultrasn0w 0.9.3 and install it and reboot again. Your iPhone 3GS is now carrier unlocked.
  11. To fix and enable Push Notifications, check out our guide here.


If you have any questions, leave them in the comments below. I’ll be glad to help you out!

Technology enthusiast, Internet addict, photography fan, movie buff, music aficionado.

  • Dawnelardo

    Via NewsGallery: THE LIGHT AT THE END OF THE iOS4 TUNNEL FOR iPhone 3: https://bit.ly/iOAS43G

  • Pingback: PwnageTool 4.0 released for Mac. Jailbreaks/Unlocks iPhone 3G/3GS [old bootrom] and iPod Touch 2G with OS 3.1.3/iOS 4 | Apple | ithinkdifferent()

  • Ramza

    does that works with ipod touch mc model??

  • Eddie3mac

    push notifications do not work on 3gs ios4.

  • They work fine with Push Doctor.

  • rjay

    imran hello there…my iphone 3gs is factory unlocked (as far as i know) and hasn't been jailbreaked…i want to update it with iOS 4 but im afraid it may lock my sim carrier.would it be safe?coz at the moment i dont know anyone from my place who knows how to unlock it and i still dont have plans of jailbreaking it just in case…thanks for the help!!!

  • You should get confirmation if it's factory unlocked. Send me a screenshot of the General > About page, of the iPhone model so that I can tell you if it's factory unlocked.
    It it is, it can never be locked to a sim carrier.

    • rjay

      just updated my phone…love it…thanks again imran…

    • rjay

      just updated my phone…love it…thanks again imran…

  • rjay

    please bear with me…these are the info:
    network – almadar
    version – 3.1 (7c144)
    carrier – carrier 5.0
    serial number – 88940sa73ns
    model – mc134t
    wi-fi ad – 64:b9:e8:25:0b:f1
    bluetooth : 64:b9:e8:25:0b:f0
    imei :8921801000024252652
    modem firmware : 05.11.7

    would it be safe and run smoothly when i update it?no need for unlock of whatsoever?thanks imran…im relyin on u…

  • Yup, it's a factory unlocked phone.

  • aitzindari

    is this a tethered or untetehered jailbreak? thanks

  • Pavel H

    Hey but what if I am on a Jailbroken and unlocked FW 3.1.3 with ModemFW 05.11.07 (iPhone 3gs) but my modellNr. is MC132FB ???
    Is it possible then for me to Jailbreak my phone with the Custom FW ?
    Greetz from Moscau

  • Untethered.

  • Untethered.

  • Ttrtilley

    Can a factory unlocked 3Gs with old boot-rom, currently running 3.1.3 jailbroken with Spirit, be “Restored to original”, and then jailbroken with PwnageTool 4.0.1?
    What does Spirit do that causes difficulty?

  • Spirit is a userland jailbreak. It's different than the iboot jailbreaks such as redsn0w and blackra1n. That's why

  • Gabe Trash

    Hey, sorta new to all of this but what does userland mean? Does this mean you cannot restore to factory then procede with pwnagetool? I've got a 3.1.2 jb 3gs. Thanks for any input.

  • Arthursahib

    Hi, i have an iphone 3gs on firmware 3.1.2 05.11.07 and it's unlocked but i don't know if it has been already jailbroken.. how can i know? if i update it to ios4 i will lose my unlock and maybe my jailbreak? :D

  • rjay

    then its safe to do so?thanks a lot Imran…im gonna update it now and hope everything works smooth…i'll address my concerns to you and give you an update…thanks again

  • You can restore to factory and then go for pwnagetool.

  • Does it have Cydia installed? That's a must on jailbroken iPhones. Also was your iPhone factory unlocked or not? If it wasn't then it had to be jailbroken to unlock to work with other carriers.

  • rjay

    then its safe?thanks a lot Imran…my phone depends on you…i'll give you an update and hope you could help me again in my future concerns…

  • Madge

    Hi Imran, Have a jailbroken and unlocked iphone 3gs, 3.0, 04.28.11. Accidentally upgraded through itunes 9.2 to ios4. Now iphone is locked again. Please help, what can i do

  • Arthursahib

    Well, i bought my iPhone in a store where sells products, them i don't know if it's factory unlocked but my iphone doesn't have Cydia istalled but i had another iphone, the same, that i upgraded it and now he is stuck on the emergency screen, so i think that it's not factory unlocked. But still, can u help me? :D

  • Dewey

    Use Ultrasn0w to unlock the phone

  • Rambusram2003

    I have a 3gs running fw 3.1.3 bb 5.12.01. jailbroke with spirt. Can I update to 4.0 and jailbrake it safely.

  • iMarcella

    I got iPhone 3Gs running iOS 4, been trying to JB with Pwnage Tool 4.0.1 with the custom firmware but I keep getting an error. Can you help?


  • MJK

    Dear Imran, I am in Singapore and currently I am running 3.1.2 version. I understand my batch of iphones (MC series) require tethered jailbreak which is the reason I have not jailbroken my iphone yet. I have given the details below. Kindly help to confirm if I can do a untethered jailbreak as I travel out frequently and would not be able to connect to PC to boot when the phone runs out of battery.

    network – Starhub
    version – 3.1,2 (7D11)
    carrier – 5.1
    model – mc133ZA
    modem firmware : 05.11.07

  • Ramis ALi

    Hello Imran Bruv…I was using Iphone 3GS and I just updated to iOS 4. After the first restart everything was normal except It said Invalid Sim card then I just tried to restore using iTune and after restore is completed my phone was stuck on emergency call only. I tried very hard to restore it back to 3.1.3 but unable to do so cause I never saved SHSH file.

    any solution please?

    Im pretty desperate :(

  • Evil five

    I have the same Problem.
    I´m on FW 3.1.3, jailbroken with Spirit. Now i had the same idea, restore to original 3.1.3, go up to iOS 4.0 and the i can jailbreak with PwnageTool.
    Is this correct?!
    'cause when i tried to restore to 3.1.3, i recive an error from iTunes. Is there anything spezial i must know, if i want to restore it to 3.1.3 original? So my final question is, how can i restore to 3.1.3?? ^^

  • You'll have to restore it first using iTunes then you can JB it.

  • You can use Spirit which is an untethered jailbreak but then you wont be able to upgrade to iOS 4 yet. https://www.ithinkdiff.com/jailbreak-iphone-3g3g

  • Nope, no solution when you don't save SHSH blobs.

  • Yes that's the correct way. You need to download iPhone OS 3.1.3 and then restore using iTunes. You also might need to downloaded an older version of iTunes, because Spirit has issues with 9.2. Check filehippo for that.

  • Shoooters

    Hey Imran. I had my iPhone 3Gs jailbroken a long time ago with OS 3.0. (I think it was done by redsnow a long while ago). I recently upgraded to iOS4 using iTunes 9.2 and lost my JB. What do you suggest for Jailbreaking this phone?

    Tried redsnow> but it has issues with any 3GS 4.0 IPSW file that I downloaded.
    Tried restoring using iTunes 9.2 with custom IPSW files but I get the 1604 error.
    Any help would be appreciated.

    My phone info:
    Version 4.0 (8A293)
    Model: MC149C
    iBoot: old boot (359.3)

  • Madge

    But to be able to unlock, i need to be able to jailbreak the iphone. Just discover my iphone has new bootrom. How to jailbreak my iphone 3gs, 4.0, 04.28.11, new bootrom? Any help is welcome.

  • Lynesfotog

    Same :( you are not alone. omgs what should we do? i never saved SHSH file too

  • Martin

    Im getting an error after some minutes (error 1604) – when I try to restore the original ipsw-file (iPhone2,1_4.0_8A293_Restore.ipsw) everything goes well.

    Is this a known bug? Or have someone really succeeded with the above method?

  • Martin

    Hi – see you get the 1604 also… :(

  • Try completely uninstalling Apple and Mobile Device Support and reinstall them again. Then try again.

  • Try completely uninstalling Apple and Mobile Device Support and reinstall them again. Then try again. Let me know if it works.

    • Claude

      No. Doesn’t work. I tried everything and am still getting error 1600 or 1604

  • Try completely uninstalling Apple and Mobile Device Support and reinstall them again. Then try again. Let me know if it works.

  • maddie

    Hi Imran,
    How to jailbreak iphone 3gs, 4.0, new bootrom?

  • There's no jailbreak yet for the new bootom. As soon as there will be one, I'll cover it!

  • Altruisticjay

    Anyone having an ibooks issue even after using pwnagetool 4.01? I don't see the pooh book at all, and if I try to dl a book it gets about 99% done and just hangs. I exit out and all the books are gone. I have searched and searched online and can not seem to find an answer.

    I have an iphone 3gs through att. My previous JB was 3.12 with Blckra1n. I never went to 3.13 since I was not worth it. Any ifo would be great!

    I'll save this page and hope to get some more info. Other than that issue pwnagetool has worked perfect.

    Thanks for your time.


  • Ankur Mathur21

    Will I be a able to jailbreak my iphone 3gs new bootrom on 4.0 (whenever jb for it is available) if i had used spirit to jb on 3.1.3.

    Although I do have saved my SHSH blobs so should I downgrade it and then jb it using another meathod so that if ever available jb for MC model 3gs 4.0 comes up i can jb it then?

  • M232


    i have 3gs and i was able to update it to ios4 using pwange tool , everything went ok , except for the internet tethering , i cant find it setting

    so could plz help me …..

  • Mohammad Ismail SAHIL

    Hi Imran bhai,

    any news regarding push notifations fix for ios 4. im running iphone 3gs ios 4. thanks

  • Read the guide properly, a fix is mentioned in it.

  • Kunalsk

    When abouts do u think the jailbreak for iphone 3gs, 4.0, new bootrom will be out, cuz i accidentally updated my iphone 3gs tothe new ios 4.0 software from itunes and its now sim locked and i need to unlokc it asap

  • Shoooters

    Hi Imran. Thanks for looking into this issue. I reinstalled as you suggested… but no success. One thing to mention is that my SHSH file is not saved in Cydia. Would this have anything to do with the problem?

  • Guest

    How do you uninstall Apple and Mobile Device Support and reinstall it again?

  • Drewwalcott

    Can you please clarify for me
    If you have a 3GS with old bootrom on 4.0 and it has never been jailbroken before, can i Jailbreak using Pwnage Tool 4.01 or 4.0?

    Thank You!

    • Yes. Use the latest version of Pwnage Tool, 4.01.

  • Yes. Use the latest version of Pwnage Tool, 4.01.

  • Taocuc

    Imran, I have an error 1604.. please infor me the next step because i dont understand how to uninstall apple

  • Eddie

    Hello Imran

    I followed all the steps and let PwnageTool build the custom ipsw. When I hold option and select the ipsw on itunes, I get an error message that states “the iphone could not be restored because the firmware is not compatible.”

    Any Ideas?

  • Eddie

    okay now im getting the 1604 error also…. any hints?

  • Ankur Mathur21

    Try using ireb to get pass through this 1604 error.
    I had a3g same error was resolved by ireb.

    Nd yup pwange does throw this error when restoring from itz custom file but sadly i cudnt find a way pass it.

  • Eddie

    i have a 3gs…. looks like iRAB doesnt support it…

  • Arnoldcorino

    sorry if this been discussed before, i have an iPhone 3GS on iOS4.0.1 with old bootrom n i dont think it has been jailbroken before…can i do so with Pwnage tool n unlock it using ultrasn0w? if i give it a shot n it doesnt work, whats the worst case scenario? im desperate here i dont really have another phone that i can use at the moment….

  • Chris B.

    Hi Imram,

    I have 3gs with 4.0.1 version and old bootrom which hasn't been jailbroken before. Is it possible to jailbreak it using your guide?

    Thanks in advance!

  • Scarced

    i cant restoer it there is a thing with itunes help?

  • manuel

    is it possible to make a custom firmware on a macbook an then flash that over a windows pc with itunes 9.2.1 to a 3gs? i get always the 1604, too – but i cannot uninstall apple completely on the mac. any ideas? is the pwagne only possible with the 4.0.0 or also with the the 4.0.1 ios?

    thanks in advance…

  • Brian

    I have a jailbroken 3GS 3.1.3 MC model. is there anyway to unlock without wi-fi?

    Any help is much appreaciated..

  • Pingback: How to Jailbreak iPod Touch 2G with iOS 4 using sn0wbreeze 1.6.1 [guide] | iThinkDifferent()

  • Pingback: How to Jailbreak iPhone 3GS with iOS 4.1 using PwnageTool (old bootrom) | iThinkDifferent()