SHARE

I may be posting this tutorial little late about – how to untethered jailbreak and unlock iPhone 3GS using Ultrasn0w on iOS 5.1.1, but none the less – You can be at least sure on the fact that, using the same process I was able to successfully jailbreak & unlock my 3GS.

This is process mentioned below is also important to hacktivate 3GS on unofficial SIM without any activation errors in jailbreak process using redsn0w. We will create a custom firmware using Sn0wbreeze so that we can keep iPad baseband intact for previously jailbroken iPhone.

This tutorial will also possibly fix 1600 / 1601 or 2005 error in iTunes. I faced these while experimenting through redsn0w. The instructions below are for illustration purpose only.

Lets begin! 🙂

Prerequisites

Download the following tools and stock IPSW

Step 1: Fresh installation of iTunes

Uninstall existing iTunes & AppleMobileSupport from Add/Remove programs. Clean-up registry using CCleaner, restart your computer & freshly install the latest version of iTunes

Step 2: Backup your iPhone

Backup of your iPhone data in iTunes. In left pane > right-click on device name > select Backup

Step 3: Change HOSTS file

Since we will be stitching SHSH blobs using TinyUmbrella , this step is not mandatory but its good to have it changed as follows. Make sure to save HOSTS file with these entries. HOSTS file on Windows XP can be found here: C:WINDOWSsystem32driversetc

127.0.0.1 localhost
74.208.10.249 gs.apple.com

Save & then using Start menu > Run >
Type: ipconfig /flushdns & then hit Enter

Step 4: Download & Save SHSH Blobs for 5.1.1 on your computer

The most important step is to have your SHSH blobs saved on your computer before you think of installing a custom firmware and then jailbreaking your iPhone. We’ll be using this file later in the process to stitch SHSH blobs to a custom 5.1.1 IPSW.

  • Open TinyUmbrella, make sure you have connected your iPhone to the system. Click on SAVE SHSH button & wait for process to finish.
  • Once done, you should have SHSH blobs saved in C:Documents and Settings[user].shsh folder on Windows. The shsh file will have iOS version mentioned in the file name.
  • Remember: This file is specific for your connected device only. We cannot use this file with other iPhones.

Save SHSH Blobs using TinyUmbrella

Step 5: Create custom firmware using stock 5.1.1 IPSW

Open Sn0wbreeze and follow the instructions on-screen to begin. You should choose ‘Check for updates’ button instead of ‘Ok‘ button to begin if the Windows XP seems to be freezing.

Sn0wbreeze 2.9.6 to install iOS 5.1.1 custom firmware on iPhone 3GS

To begin the process – we first need to feed our stock 5.1.1 IPSW to sn0wbeeze to verify & process it so. Click ‘Browse for an IPSW’ button & select the file (The file name should be: iPhone2,1_5.1.1_9B206_Restore.ipsw)

Supply stock 5.1.1 IPSW to sn0wbreeze

Supply stock 5.1.1 IPSW to sn0wbreeze

After processing – Sn0wbreeze will ask whether your iPhone 3Gs has new bootrom or old bootrom. 3GS made after 45th week of year 2009 have new bootrom. Easy way to understand this by looking at the serial number. If the third digit in the serial number isn’t ‘9’ then your iPhone has a new bootrom. Think twice before you decide the option because a wrong choice here would lead to complete brand-new restoration from iTunes.

I picked – New Bootrom.

New Bootrom or Old Bootrom?

You shall see a successful IPSW verification message. Click next to continue.

Successful IPSW verification message

Step 6: Stitching SHSH Blobs to a stock IPSW using iFaith Mode

On the following screen you should see various modes for building a custom IPSW. We should select ‘iFaith Mode’ so we can stitch SHSH blobs we downloaded earlier.

iFaith mode for stitching SHSH blobs to IPSW

Select right SHSH blob file from the folder C:Documents and Settings[user].shsh on Windows.

select correct SHSH blob file for iOS 5.1.1

Step 7: Configure settings for 5.1.1 custom IPSW

After providing the shsh file – the following screen shows options to customize IPSW file. We have to pick GENERAL from the available menus and click next.

customize IPSW

Step 8: Activate (Hacktivate) iPhone 3GS 5.1.1

On this General settings page – the only option we need is to activate iPhone 3GS for unofficial carrier. This is important to bypass the activation screen on iOS & to fix ‘activate your iPhone first’ error shown on redsn0w. I found using sn0wbreeze is a better alternative for redsn0w due to its simplified, error-proof use.

Activate / Hactivate on iOS 5.1.1

Step 9: Installing iPad Baseband 06.15.00

This step is ONLY needed if you do not have iPad baseband installed on iPhone 3GS. Having this baseband installed is the only option for unlocking 3GS using ultrasn0w. You will lose on warranties, and break your GPS using this. If you chose to install – the same will be downloaded from the Apple server & installed on your iPhone.

I already had this installed – so I skipped this step.

Install iPad baseband on 3GS with iOS 5.1.1

Step 10: Adding custom packages

This setting screen allows to add downloaded .deb files, or Cydia package sources to include on IPSW restore. Skip this if your packages are available on Cydia and if you have WiFi connection.

Or else, download ultrasn0w.deb file & load it using this setting screen. Click next

Add ultrasn0w.deb to iOS 5.1.1 IPSW

Step 11: Cook custom IPSW with the recipe we just prepared

Select ‘Build IPSW’ to process cooking a custom firmware for your iPhone 3GS & wait until its done.

build custom IPSW using sn0wbreeze

Step 12: Put iPhone in DFU / Restore mode

It is necessary to put iPhone into a DFU mode to install custom IPSW using iTunes. Sn0wbreeze will help you do this or else, you can watch the video below. If something goes wrong > disconnect, restart and the reconnect iPhone to the USB cable.

You shall see a prompt confirming the DFU mode.

iPhone in DFU mode

Step 13: Restore IPSW using iTunes

Open iTunes & it will tell you “iTunes has detected an iPhone in recovery mode…”. Click ok to continue.

Now, keep pressed the SHIFT on keyboard & click on RESTORE. This will bring-up the file browser window. Select your cooked & SHSH signed IPSW from this menu.

Shift + Restore to select custom IPSW in iTunes

Sn0wbreeze always stores custom IPSWs on Desktop after creating them. The file should have the numbers in the beginning & ‘signed’ at the end.

select SHSH signed custom IPSW

Step 14: Have some coffee

iTunes will begin the restore process. Wait patiently while its finishing.

iTunes IPSW restore process

  • iPhone will show the progress after a while on its screen along with sn0wbreeze logo. Do not disconnect your phone. The phone will automatically reboot when installation is finished & iTunes will detect it.
IPSW restore progress on iPhone screen

Please Note: If your iPhone does not reboot on its own (just in case) then you must have picked a wrong option in telling whether the iPhone is old bootrom or new bootrom. You will have to re-do the entire process again with correct answer. This is also one of the reasons why you’re getting the 1600 / 1601 or 2005 error in iTunes if you keep on trying to install the same wrongly made IPSW with non-matching iBoot sector.

Step 14: Restore iPhone from backup

This step is available immediately because we have successfully hacktivated our iPhone. Now, we are going to set up this new iPhone with backup we created earlier. Restoring backup should take up to 30 minutes to complete depending upon the number of applications, photos or data you had backed-up.

Setup new iPhone on 5.1.1 & Restore from backup

Step 15: Unlock using Ultrasn0w

It should be unlocked already if you provided the deb file from one of the steps above. If not, then – open Cydia & install latest ultrasn0w using WiFi connection. Restart springboard & you’re good to go!

Step 16: Say Thanks

No, don’t thank me – instead – thank ih8sn0w for making this wonderful sn0wbreeze & Dev-Team for letting us peacefully install 5.1.1, jailbreak, activate and unlock our iPhone 3GS.

Ask questions

If you have any questions about this then let me know through comments below. I will try to respond back asap.

Note

This is the same process I used on one of my iPhone 3GS to upgrade from iOS 4.3.3 with iPad baseband to iOS 5.1.1

iPhones with A5 chip (iPhone 4S & iPad 2 – not 3GS of course) cannot hacktivate / activate using this method. The only option for them is to buy official SIM card from one of the sellers on eBay & start activating on device’s welcome screen. It does not matter whether the SIM is now active or not.

Enjoy iOS 5.1.1 & hope you liked this tutorial. You can follow us on Facebook, Twitter or Google+ for latest updates. 🙂

CEX.IO Bitcoin Exchange
  • Faisal

    JazakAllah hidayat, thanks man you are awesome i jailbreak-ed my iphone… thankkkkkkkkkkkkkkkkkkkkkkkkkkkkks very much…

  • Faisal

    Sir,
    tinyumbrella is showing me this thing when i save the shsh.

    11/12/2012 07:39:01.602 CYDIA DOES NOT HAVE YOUR SHSH FOR iPhone3GS 5.1 (9B176) THERE IS NO WAY FOR YOU TO GET THEM. SORRY. YOU ARE JUST TOO LATE. 11/12/2012 07:39:02.009 For version [iPhone3GS 6.0b3 (10A5355d)] – This device isn’t eligible for the requested build.