iPhoneguide

Short description This guide show you how to use the “Pwnage Tool” application version 1.1 to “Pwn” your iPhone or iPod Touch. An pwned iPhone can run customized firmware not signed by Apple. This means that you can make an unlocked firmware file. This guide is for mac only. Degree of difficulty Easy. 10 min. [...]

Short description
This guide show you how to use the “Pwnage Tool” application version 1.1 to “Pwn” your iPhone or iPod Touch. An pwned iPhone can run customized firmware not signed by Apple. This means that you can make an unlocked firmware file.

This guide is for mac only.

Degree of difficulty
Easy. 10 min.

Warning
There is always a risk when using your iPhone in ways as described here. It is on your own risk if you choose to continue.

Do you run into trouble, feel free to post a comment.

Before we start
Before we start, I will try to explain what the whole point with Pwning is. Pwning, in this contest, is a process which patches the official Apple bootloader in the iPhone or iPod Touch to run unsigned code. This means that we can put a customized firmware on the iPhone. This customized firmware could for instance be unlocked or jailbroken.

We are now ready for action.

If you have an older version of Pwnage Tool, you can update to the latest version (1.1) with the build in, update function. If not you can download the program from here: http://xs1.iphwn.org/appcast/PwnageTool_1.1.zip

If you are on a non-1.1.4 firmware, start by restoring to 1.1.4 in iTunes.

Step 1
Launch Pwnage Tool. You will see this:

Push “Browse .ipsw” an choose the 1.1.4 iPhone firmware file. If you do not have the iPhone firmware .ipsw file you can download it from here: iPhone 1.1.4 or iPod Touch 1.1.4

The program will load the .ipsw file and you will see some information in the text window:

2008-04-03 12:04:24 – Loaded .ipsw file from ‘/Users/iPhoneguide.dk/Documents/iPhone/iphoneguide.dk/iPhone1,1_1.1.4_4A102_Restore.ipsw.zip’.
2008-04-03 12:05:38 – Recognized .ipsw file as version iPhone1,1_1.1.4_4A102.

When done the “iPwner” and IPSW Builder” buttons will be activated:

Step 2

Push the “IPwner” button and wait. You will see this in the text window:

2008-04-04 11:47:05 – Unzipping .ipsw file to /tmp/ipsw.
2008-04-04 11:47:27 – OK
2008-04-04 11:47:27 – Patching iBoot.
2008-04-04 11:47:27 – OK
2008-04-04 11:47:28 – Attaching custom ramdisk to ‘/Volumes/Ramdisk’.
2008-04-04 11:47:38 – OK
2008-04-04 11:47:38 – Updating custom ramdisk.
2008-04-04 11:47:43 – OK
2008-04-04 11:47:43 – Detaching custom ramdisk from ‘/Volumes/Ramdisk’.
2008-04-04 11:47:46 – OK

You will then be asked to connect your iPhone and put it into recovery mode.

The best way to do this is by powering off the phone, removing the sync cable (or removing from the dock) on the bottom of the iPhone then while holding the round “home button” at the bottom of the phone reconnect the phone to the sync cable (and keep holding the button).

Once PwnageTool has detected the recovery mode the pwnage process will start, information will be sent to the device that will start the pwnage process.

When the Pwnage process is done the iPhone will boot and you will see that the original Apple logo is replaced by the Pwnage logo.

Now your iPhone is Pwned and you can continue to the next step..

Step 3

Now it is time to make your own personal firmware file. Push the “IPSW Builder” button.

With IPSW Builder you can edit the original iPhone firmware files after your choice. I recommend you do the following:

Step 4

If you click on “Custom Packages” you can make son additions to the firmware file. In the picture below I have showed how to install danish language. Be sure to include Installer if you want the possibility to install 3. party applications directly from the iPhone.

Step 5
If you prefer, you can include custom logos by clicking the “Custom Logos” tab. I will not go into details, but it could look like this:

Step 6

When ready click “OK”. You will be asked for the location of the bootloader files (only the first time you use the program):

If you do not have the files, you can get them here. Decompress the archive.

Click the “Browse” button for the bootloader 3.9 image, find the location of the file and do the same for the bootloader 4.6 image.

When done click “OK” and name your customized firmware. IPSW Builder will then ask you to login using your administrator username and password. Do this then click the OK button.

PwnageTool will then show you that IPSW Builder has completed successfully.

Now you have a customized iPhone firmware file.

Step 7

Now you have to restore to the firmware file you have just made.
Put your iPhone into recovery-mode and open iTunes. Alt+click “Restore” and choose the customized file. iTunes will now restore your iPhone. It will take some time.

Wait for the iPhone to reboot. It will then launch the BootNeuter application. BootNeuter will flash the bootloader and the baseband. It is important that you do not interrupt this. When done the iPhone will boot one more time.

Your Pwnage process is complete! You now have an iPhone with your own customized firmware. Depending on what you have chosen, the iPhone will now be unlocked.

Next time you will restore your iPhone, you do not have to Pwn it again. Just build your .ipsw file and restore in iTunes.

Note
Comments in this thread is English only. Danish readers can post here: http://iphoneguide.dk/mac-software/guide-unlock-med-pwnage-tool-11-mac/