How to Jailbreak iPhone 3GS with iOS 4.1 using PwnageTool (old bootrom)

The first unofficial jailbreak for iPhone 3GS (old bootrom) with iOS 4.1 is now available. It requires a custom ROM to be created using a modified version of PwnageTool and iOS 4.1 Jailbreak for Mac. This will only work if your iPhone 3GS has iOS 3.1.2/3.1.3 with a redsn0w/PwnageTool or sn0wbreeze jailbreak. Those who used Spirit, Blackra1n or JailbreakMe – this won’t work for you. Also, hacktivation doesn’t work so you’ll need your iPhone carrier SIM or use the phonebook SIM activation method before you can use ultrasn0w to unlock it.

Make sure you follow the instructions carefully to get the jailbreak working.

Remember to backup your data using iTunes first!

  1. Download iOS 4.1 for iPhone 3GS
  2. Download iTunes 10
  3. Download PwnageTool  and iOS Jailbreak Screenshot20100623at12.22.28AM1
  4. Select Expert Mode and click on iPhone 3GS as shown in the picture above and click next.
  5. Browse to the iPhone 3GS iOS 4.1 firmware. iOS 4.1
  6. In the next window, click on general general
  7. Uncheck activate if you have a factory unlocked phone or use it with an official carrier. Click next,
  8. You’ll be asked about bootneuter, Cydia settings, custom packages, and custom logos over the next screens. Just select Cydia Installer in custom packages and click next.
  9. Click Build and save the file to your desktop.
  10. When PwnageTool asked for your password during custom firmware creation, don’t type it in. Just install the Jailbreak iOS 4.1 app you downloaded with PwnageTool. app-cri1
  11. Now type in the password in the PwnageTool pop up.
  12. There will be a file called iPhone2,1_4.1_8B117__Custom_Restore.ipsw on your desktop. This has to be restored to your iPhone 3GS using iTunes by putting it in recovery mode.
  13. Open up iTunes and connect your iPhone 3GS. Select your iPhone in the iTunes sidebar. While holding the Option button, click Restore. It’ll ask you to locate the firmware. Point it to the iPhone2,1_4.1_8B117__Custom_Restore.ipsw on your desktop. image
  14. The restore will take some time, but after it’s done you’ll have a jailbroken iPhone 3GS!
  15. If you want to unlock your iPhone 3GS to use it with other carriers, go to Cydia and add the following repo Check here for how to do this. Search for ultrasn0w and install it and reboot again. Your iPhone 3GS is now carrier unlocked.
  16. Remember to add this repo to Cydia:
  17. If Safari crashes, install Safari Fix from this repo in Cydia:
  18. To fix and enable Push Notifications, check out our guide here.


If you have any questions, leave them in the comments below. I’ll be glad to help you out!

About the Author

Technology enthusiast, Internet addict, photography fan, movie buff, music aficionado.