iPhoneguide

Short description This guide show you how to use the “Pwnage Tool” application to “Pwn” your iPhone or iPod Touch. An pwned iPhone can run customized firmware not signed by Apple. This means that you can make an unlocked firmware file. This guide is for mac only. Note This guide has become obsolete, follow this [...]

Short description
This guide show you how to use the “Pwnage Tool” application to “Pwn” your iPhone or iPod Touch. An pwned iPhone can run customized firmware not signed by Apple. This means that you can make an unlocked firmware file.

This guide is for mac only.

Note
This guide has become obsolete, follow this guide instead: http://iphoneguide.dk/english/guide-unlock-med-pwnage-tool-11-mac-in-english/

Degree of difficulty
Easy. 10 min.

Warning
There is always a risk when using your iPhone in ways as described here. It is on your own risk if you choose to continue.

Do you run into trouble, feel free to post a comment.

Before we start
Before we start, I will try to explain what the whole point with Pwning is. Pwning, in this contest, is a process which patches the official Apple bootloader in the iPhone or iPod Touch to run unsigned code. This means that we can put a customized firmware on the iPhone. This customized firmware could for instance be unlocked or jailbroken.

We are now ready for action.

Get the Pwnage program here: http://ipp.iphwn.org/PwnageTool_1.0.zip

If you are on a non-1.1.4 firmware, start by restore to 1.1.4 in iTunes.

Step 1
When you start the Pwnage program you will see this picture:

Push “Browse .ipsw” an choose the 1.1.4 iPhone firmware file. If you do not have the firmware .ipsw file you can download it from here: iPhone 1.1.4

The program will load the .ipsw file and you will see some information in the text window:

2008-04-03 12:04:24 – Loaded .ipsw file from ‘/Users/iPhoneguide.dk/Documents/iPhone/iphoneguide.dk/iPhone1,1_1.1.4_4A102_Restore.ipsw.zip’.
2008-04-03 12:05:38 – Recognized .ipsw file as version iPhone1,1_1.1.4_4A102.

When done the “iPwner” and IPSW Builder” buttons will be activated:

Step 2

Push the “IPwner” button and wait. You will see this in the text window:

2008-04-04 11:47:05 – Unzipping .ipsw file to /tmp/ipsw.
2008-04-04 11:47:27 – OK
2008-04-04 11:47:27 – Patching iBoot.
2008-04-04 11:47:27 – OK
2008-04-04 11:47:28 – Attaching custom ramdisk to ‘/Volumes/Ramdisk’.
2008-04-04 11:47:38 – OK
2008-04-04 11:47:38 – Updating custom ramdisk.
2008-04-04 11:47:43 – OK
2008-04-04 11:47:43 – Detaching custom ramdisk from ‘/Volumes/Ramdisk’.
2008-04-04 11:47:46 – OK

You will then be asked to connect your iPhone and put it into recovery mode.

The best way to do this is by powering off the phone, removing the sync cable (or removing from the dock) on the bottom of the iPhone then while holding the round “home button” at the bottom of the phone reconnect the phone to the sync cable (and keep holding the button).

Once PwnageTool has detected the recovery mode the pwnage process will start, information will be sent to the device that will start the pwnage process.

When the Pwnage process is done the iPhone will boot and you will see that the original Apple logo is replaced by the Pwnage logo.

Now your iPhone is Pwned and you can continue to the next step.

Step 3
Push the “IPSW Builder” button:

With IPSW Builder you can edit the original iPhone firmware files after your choice. I recommend you do the following:

When clicking “OK” you will be asked for the location of the bootloader files (only the first time you use the program):

If you do not have the files, you can get them here. Decompress the archive.

Click the “Browse” button for the bootloader 3.9 image, find the location of the file and do the same for the bootloader 4.6 image.

When done click “OK” and name your customized firmware. IPSW Builder will then ask you to login using your administrator username and password. Do this then click the OK button.

PwnageTool will then show you that IPSW Builder has completed successfully.

Now you have a customized iPhone firmware file.

Step 4

Now you have to restore to the firmware file you have just made.
Put your iPhone into recovery-mode and open iTunes. Alt+click “Restore” and choose the customized file. iTunes will now restore your iPhone. It will take some time.

Wait for the iPhone to reboot. It will then launch the BootNeuter application. BootNeuter will flash the bootloader and the baseband. It is important that you do not interrupt this. When done the iPhone will boot one more time.

Your Pwnage process is complete! You now have an iPhone with your own customized firmware. Depending on what you have chosen, the iPhone will now be unlocked.

Next time you will restore your iPhone, you do not have to Pwn it again. Just build your .ipsw file and restore in iTunes.

Note
Comments in this thread is English only. Danish readers can post here: http://iphoneguide.dk/iphone/guide-pwnage-tool-mac/