I may be posting this tutorial little late about – how to untethered jailbreak and unlock iPhone 3GS using Ultrasn0w on iOS 5.1.1, but none the less – You can be at least sure on the fact that, using the same process I was able to successfully jailbreak & unlock my 3GS.
This is process mentioned below is also important to hacktivate 3GS on unofficial SIM without any activation errors in jailbreak process using redsn0w. We will create a custom firmware using Sn0wbreeze so that we can keep iPad baseband intact for previously jailbroken iPhone.
This tutorial will also possibly fix 1600 / 1601 or 2005 error in iTunes. I faced these while experimenting through redsn0w. The instructions below are for illustration purpose only.
Lets begin! 🙂
Download the following tools and stock IPSW
- Latest iTunes version
- Sn0wbreeze 2.9.6 (or higher)
- Stock 5.1.1 IPSW (9B206) for iPhone 3GS
- One to two hours of spare time
- Good eye, brain & hand coördination for DFU mode 😛
Step 1: Fresh installation of iTunes
Uninstall existing iTunes & AppleMobileSupport from Add/Remove programs. Clean-up registry using CCleaner, restart your computer & freshly install the latest version of iTunes
Step 2: Backup your iPhone
Backup of your iPhone data in iTunes. In left pane > right-click on device name > select Backup
Step 3: Change HOSTS file
Since we will be stitching SHSH blobs using TinyUmbrella , this step is not mandatory but its good to have it changed as follows. Make sure to save HOSTS file with these entries. HOSTS file on Windows XP can be found here: C:WINDOWSsystem32driversetc
Save & then using Start menu > Run >
Type: ipconfig /flushdns & then hit Enter
Step 4: Download & Save SHSH Blobs for 5.1.1 on your computer
The most important step is to have your SHSH blobs saved on your computer before you think of installing a custom firmware and then jailbreaking your iPhone. We’ll be using this file later in the process to stitch SHSH blobs to a custom 5.1.1 IPSW.
- Open TinyUmbrella, make sure you have connected your iPhone to the system. Click on SAVE SHSH button & wait for process to finish.
- Once done, you should have SHSH blobs saved in C:Documents and Settings[user].shsh folder on Windows. The shsh file will have iOS version mentioned in the file name.
- Remember: This file is specific for your connected device only. We cannot use this file with other iPhones.
Step 5: Create custom firmware using stock 5.1.1 IPSW
Open Sn0wbreeze and follow the instructions on-screen to begin. You should choose ‘Check for updates’ button instead of ‘Ok‘ button to begin if the Windows XP seems to be freezing.
To begin the process – we first need to feed our stock 5.1.1 IPSW to sn0wbeeze to verify & process it so. Click ‘Browse for an IPSW’ button & select the file (The file name should be: iPhone2,1_5.1.1_9B206_Restore.ipsw)
After processing – Sn0wbreeze will ask whether your iPhone 3Gs has new bootrom or old bootrom. 3GS made after 45th week of year 2009 have new bootrom. Easy way to understand this by looking at the serial number. If the third digit in the serial number isn’t ‘9’ then your iPhone has a new bootrom. Think twice before you decide the option because a wrong choice here would lead to complete brand-new restoration from iTunes.
I picked – New Bootrom.
You shall see a successful IPSW verification message. Click next to continue.
Step 6: Stitching SHSH Blobs to a stock IPSW using iFaith Mode
On the following screen you should see various modes for building a custom IPSW. We should select ‘iFaith Mode’ so we can stitch SHSH blobs we downloaded earlier.
Select right SHSH blob file from the folder C:Documents and Settings[user].shsh on Windows.
Step 7: Configure settings for 5.1.1 custom IPSW
After providing the shsh file – the following screen shows options to customize IPSW file. We have to pick GENERAL from the available menus and click next.
Step 8: Activate (Hacktivate) iPhone 3GS 5.1.1
On this General settings page – the only option we need is to activate iPhone 3GS for unofficial carrier. This is important to bypass the activation screen on iOS & to fix ‘activate your iPhone first’ error shown on redsn0w. I found using sn0wbreeze is a better alternative for redsn0w due to its simplified, error-proof use.
Step 9: Installing iPad Baseband 06.15.00
This step is ONLY needed if you do not have iPad baseband installed on iPhone 3GS. Having this baseband installed is the only option for unlocking 3GS using ultrasn0w. You will lose on warranties, and break your GPS using this. If you chose to install – the same will be downloaded from the Apple server & installed on your iPhone.
I already had this installed – so I skipped this step.
Step 10: Adding custom packages
This setting screen allows to add downloaded .deb files, or Cydia package sources to include on IPSW restore. Skip this if your packages are available on Cydia and if you have WiFi connection.
Or else, download ultrasn0w.deb file & load it using this setting screen. Click next
Step 11: Cook custom IPSW with the recipe we just prepared
Select ‘Build IPSW’ to process cooking a custom firmware for your iPhone 3GS & wait until its done.
Step 12: Put iPhone in DFU / Restore mode
It is necessary to put iPhone into a DFU mode to install custom IPSW using iTunes. Sn0wbreeze will help you do this or else, you can watch the video below. If something goes wrong > disconnect, restart and the reconnect iPhone to the USB cable.
You shall see a prompt confirming the DFU mode.
Step 13: Restore IPSW using iTunes
Open iTunes & it will tell you “iTunes has detected an iPhone in recovery mode…”. Click ok to continue.
Now, keep pressed the SHIFT on keyboard & click on RESTORE. This will bring-up the file browser window. Select your cooked & SHSH signed IPSW from this menu.
Sn0wbreeze always stores custom IPSWs on Desktop after creating them. The file should have the numbers in the beginning & ‘signed’ at the end.
Step 14: Have some coffee
iTunes will begin the restore process. Wait patiently while its finishing.
- iPhone will show the progress after a while on its screen along with sn0wbreeze logo. Do not disconnect your phone. The phone will automatically reboot when installation is finished & iTunes will detect it.
Please Note: If your iPhone does not reboot on its own (just in case) then you must have picked a wrong option in telling whether the iPhone is old bootrom or new bootrom. You will have to re-do the entire process again with correct answer. This is also one of the reasons why you’re getting the 1600 / 1601 or 2005 error in iTunes if you keep on trying to install the same wrongly made IPSW with non-matching iBoot sector.
Step 14: Restore iPhone from backup
This step is available immediately because we have successfully hacktivated our iPhone. Now, we are going to set up this new iPhone with backup we created earlier. Restoring backup should take up to 30 minutes to complete depending upon the number of applications, photos or data you had backed-up.
Step 15: Unlock using Ultrasn0w
It should be unlocked already if you provided the deb file from one of the steps above. If not, then – open Cydia & install latest ultrasn0w using WiFi connection. Restart springboard & you’re good to go!
Step 16: Say Thanks
If you have any questions about this then let me know through comments below. I will try to respond back asap.
This is the same process I used on one of my iPhone 3GS to upgrade from iOS 4.3.3 with iPad baseband to iOS 5.1.1
iPhones with A5 chip (iPhone 4S & iPad 2 – not 3GS of course) cannot hacktivate / activate using this method. The only option for them is to buy official SIM card from one of the sellers on eBay & start activating on device’s welcome screen. It does not matter whether the SIM is now active or not.
Enjoy iOS 5.1.1 & hope you liked this tutorial. You can follow us on Facebook, Twitter or Google+ for latest updates. 🙂