How to jailbreak and unlock a 2G iPhone (2.0)
July 19, 2008
The iPhone Dev Team, a group of hackers who have made it their mission to jailbreak and unlock iPhones, announced that version 2.0 of their iPhone-freeing application PwnageTool, would be released on Sunday. Fortunately for us on the west coast of the United States, this meant Saturday night. As soon we discovered the tool’s availability, we grabbed PwnageTool 2.0 and began our journey to running firmware 2.0 on our 2G iPhone still running on T-Mobile, the cheaper alternative to AT&T.
While TUAW claims that the new PwnageTool is for “dedicated hackers only”, this statement is misleading. Since Apple’s AppStore already offers the brunt of what most iPhone users needed jailbreaking for in the past, the primary purpose of PwnageTool is to enable unlocked 2G iPhone users to upgrade to the 2.0 firmware and stay unlocked. For that purpose, PwnageTool works wonderfully, with no real skills necessary other than being able to put one’s phone into DFU mode. When more unsigned, third-party applications are available outside the AppStore, then we can talk about how “difficult” dealing with a jailbroken iPhone has become, but we currently see no annoyance with the new system. In fact, compared to the original unlock we did on the iPhone, this one was quick and easy. Not quite as easy as the upgrade to 1.1.4, but let’s not complain needlessly.
In the discussion thread for the PwnageTool 2.0 release announcement, one can easily find the directions to get one’s iPhone working with 2.0, but not all the instructions posted were clear. Let’s go through the steps accordingly.
Install the latest version of iTunes if it hasn’t been updated earlier. We want to be at version 7.7.
Connect the iPhone, and when asked if an upgrade is desired, select the option to download the upgrade only, without performing an installation.
Put the iPhone into DFU mode. Note that this is not the basic restore mode, and is only complicated in the sense that one needs a bit of timing instead of simply pressing the iPhone’s home and power buttons for 25-30 seconds. Instructions for putting an iPhone into DFU mode are available, but the basic jist is this: when the iPhone is on, hold down the home and power buttons for approximately seven second (enough time to see the iPhone’s screen go black). Once the black screen can be seen, continue holding the buttons for approximately two more seconds, then let go of the power button. Continue holding the home button for another ten seconds, and the iPhone should stay on a black screen. We did this with the iPhone already connected to our computer, albeit “ejected” in iTunes. As we had iTunes running the whole time, as soon as our iPhone entered DFU mode, iPhone prompted to restore it.
Now, one needs to acquire the 3.9 and 4.6 bootloaders. There are numerous links to these files in the aforementioned discussion thread, but we grabbed ours from iPhone Hacks. Once acquired, uncompress the package and take note of where the respective files are stored.
We’re now ready to run PwnageTool 2.0, which we happily grabbed from the official mirror location. While the tool can jailbreak every iPhone/Touch model available, we were concerned with the 2G iPhone, so we did not try any other hardware variant. Note that the tool does not currently unlock 3G iPhones, but it can jailbreak them. Select the model device one is looking to jailbreak and/or unlock, and follow the wizard. We did this in PwnageTool’s “simple” mode.
PwnageTool 2.0 should automatically find the restore file since it was downloaded in iTunes’ default download location. The tool will then ask for the locations of the bootloaders downloaded in step four. After this, one will be prompted to allow the creation of a custom IPWS file. When asked if one is using a “legit” iPhone, answer “yes” if one is contracted with AT&T, else “no” for the unlock. Obviously, for most of us, we want to use our iPhone’s unlocked, so we’re going to happily admit that our devices are not legitimate, even though this could have been phrased better.
After the custom IPWS file is generated, the tool will look for a connected iPhone in DFU mode. Once found, the tool will spend a couple seconds doing it’s thing, and then ask that the device be put back into DFU mode. It seems that some users received mixed responses at this point, but in short, our solution was to hold down the home and power buttons on our iPhone to restart it, whereupon PwnageTool greeted us with a visual indicator mirroring the DFU process we outlined in step three above. Follow along with the visual cues, and the iPhone will be back in DFU mode in short order.
Once back in DFU mode, PwnageTool informs the user that it should be shut down, and one can upgrade the iPhone to 2.0 via iTunes. So, exit the application and jump over to iTunes. Before pressing the restore button on the iPhone information page, hold down the alt/option key. This will make iTunes prompt for the IPWS file to use for the restore procedure. Rather than using the one iTunes downloaded, select the one that PwnageTool put on the Desktop. Proceed with glee.
The iPhone, and iTunes, take care of the rest at this point. Visual indicators will show up on the iPhone to explain where in the process it is. After a few minutes time, the iPhone will reboot in a jailbroken and unlocked state.
Note that PwnageTool doesn’t install Installer.app, as other jailbreakers/unlockers have in the past. Rather, PwnageTool installs Cydia, which is very much like Installer.app, and shares many of its resources. Running Cydia allows one to view an information page about 2.0 compatibility; in short, a lot of older third-party applications don’t work in firmware 2.0, though common Unix applications like OpenSSH work fine. For now, we decided to hold off on messing too much with Cydia, as most of the third-party applications we were running are available in some form or another via the AppStore.