I notified you yesterday that iH8sn0w managed to jailbreak an iPhone 3GS with a new iOS 4.0 bootrom and that he will release a jailbreak solution so that all owners can switch to iOS 4.0. He didn't release a jailbreak solution yet, but he made a tutorial through which all those with an iPhone 3GS with a new bootrom that SHSH saved for firmware 3.1.2 can restore to jailbroken iOS 4.0.
This tutorial is complicated and requires at least intermediate computer skills. Do not start it if you do not have such knowledge, because you will solve absolutely nothing. Do not use it if you do not have SHSH saved for firmware 3.1.2, because only from firmware 3.1.2 you can restore to jailbroken iOS 4.0.
This type of jailbreak is tethered so you will have to run the iBooty program to restart the phone. You can check your phone's bootrom using iDetector by here.
You can find the original tutorial here.
I haven't tested this tutorial on my phone (because it has an old bootrom), so try it at your own risk. iH8sn0w said that he will make a program that will perform these operations automatically, but it is not known when it will be available.
Step 1
Download the following files to your computer: difrnt's iBSS grabber, Payload Pwner-r2 for the 3GS, iBooty, sn0wbreeze 1.6.2 , and LibUSB.
Step 2
1. In this step you have to restore to 3.1.2 but at the same time we have to save the iBEC and iBSS files. First of all, you have to take the steps from tutorial downgrade to be able to restore to 3.1.2.
2. If you followed the steps correctly, then connect the phone to the computer and enter it in DFU Mode.
3. Start the iBSS/iBEC Grabber program downloaded in step 1.
4. Set the folder where the iBEC/iBSS files will be saved. My advice is to set a folder that you will remember. After setting the folder, press the "Start Watching" button.
5. After doing the steps above, you can restore/downgrade your phone.
6. After restore, jailbreak your phone either with redsn0w either blackra1n, it doesn't matter with which.
Step 3
Make a custom firmware using sn0wbreeze 1.6.2, you have a tutorial here. Ignore the warnings you receive
Step 4
Install LibUSB downloaded in step 1. Windows 7 32 bit users must set the program's compatibility with Windows XP, otherwise they will no longer be able to use USBs (right click on libusb, propreties, compatibility, Windows XP and tick Run as Admin). Those with Windows 7 64 bit must follow the tutorial this to install LibUSB.
Step 5
Use the Payload Pwner downloaded in step 1 to make the payloads. Follow the program instructions to do the process.
Step 6
1. Unzip the contents of the iBooty archive in the folder where you saved the payloads from step 5. If you do not copy them to the exact same folder, then iBooty will not work.
2. Unzip the custom firmware made in step 3. With Winrar su 7-zip archiver.
3. Copy the file kernelcache in the folder where you have iBooty. Also copy from firmware\dfu\ file iBEC.n88ap.RELEASE.dfu in the same folder where you have iBooty and rename it to ibss312.dfu.
4. In step 2 I told you that you have to save the iBEC and IBSS files, well go to the folder where you chose to save these files and you will find a folder with a name like Per**.temp, enter it and navigate to Firmware/dfu and copy the iBSS file to the folder where you have iBooty.
5. Rename the following files from the folder where you have iBooty and implicitly these files:
- iBSS 3.1.2 in "exploitibss312"
- ketnelcache in "kernel.40"
- iBEC.n88ap.RELEASE.dfu in "ibec40.dfu"
In your folder you should have the following files:
- iboot.payload <– Made with Payload Pwner.
- exploitibss312 <– Made with Payload Pwner and renamed by you.
- ibec40.dfu <– Taken from custom firmware 4.0 and renamed by you.
- irecovery.exe <– Part of iBooty.
- readline5.dll <– Part of iBooty.
- iBooty.exe <– Part of iBooty.
- ibss312.dfu <– The iBSS file saved by you in step 2.
- kernel.40 <– Taken from custom firmware 4.0 and renamed by you.
- sn0w.img3 <– Part of iBooty.
Step 7
This step must be done ONLY on firmware 3.1.2 otherwise it will not work!
1. Connect the phone to the computer, open iBooty and press the "Prepare Device for Custom Firmware" button. Go through the whole process and if at the end you see a snowflake, it means that the process worked.
2. Open iTunes and restore using the modified 4.0 firmware.
3. After the process is finished, your phone will have a black screen and won't boot, it's normal because it's in the Recovery Loop.
4. To start the phone, start iBooty again and press "Boot it".
When you connect the phone to iTunes, after restarting it, choose "Set as New iPhone" otherwise after the restart the phone will stop working and you won't be able to start it with iBooty.
Every time you restart the phone it won't boot and you have to run iBooty to restart it. It is a tethered jailbreak and for now there is no solution for it.
