Apple Complete iOS Jailbreak Guide

 
 

admin

Chad
Staff member
85%
iOS Jailbreak Guide
This guide was last significantly updated on August 11, 2014 at 9:34 PM EST. It has not been updated for newer jailbreaks that have been released between then and now.


This guide is maintained by Dialexio, with help from iFish. It was based on the guide written by Danny600kill, iFish, and alidsl, but has since been (nearly) rewritten.


Glossary
Here are a few terms you might come across while jailbreaking.
  • DFU Mode: Device Firmware Upgrade Mode. This mode is embedded into every iOS device, and is often exploited for jailbreaking.
  • IPSW: Originally standing for "iPod Software", an IPSW contains the firmware for a device. (It's actually a renamed .ZIP file.) Each device has its own firmware— you can't use an iPod touch 5G firmware on an iPad or iPod touch 4G.
  • Jailbreaking: The process of allowing iOS to run programs that Apple didn't approve. They can extend the capabilities of your device in many ways, breaking Apple's boundaries in the process (try finding custom themes in the App Store!). You'll have all of the features that Apple typically provides with iOS, and everything else Apple won't provide!
  • Semi-tethered jailbreak: It's like an untethered jailbreak in that it can boot without a cable and can run most Apple-approved apps. Some things may not work properly though, like Safari.
  • SHSH: A signature that is used within Apple's firmware. In recent devices, the firmware is customized with a device-unique string, requiring iTunes to get new SHSHs from Apple.
  • Tethered jailbreak: A jailbreak that requires you to connect your device to your computer every time you reboot.
  • Untethered jailbreak: A jailbreak that does not require a computer to reboot.


Can your device be jailbroken?
Since this guide was last updated, the newest version of iOS is 10.0.2 and does not have a jailbreak. Although jailbreaks for newer versions of iOS are available, the latest covered by this guide is iOS 7.0.6. This guide does not cover newer jailbreaks for ethical reasons. (#NO PLS #PIRCAY)

The following do not have a jailbreak release:
  • Apple TV 2G (6.0.2 Build 11B651)
  • Apple TV 3G (all firmwares, all models)


What device do I have?
Apple TV

Apple provides a pretty comprehensive comparison of their Apple TV models and how to determine your model.

iPad + iPad mini

Apple provides a pretty comprehensive comparison of their iPads and how to determine your model.

iPad 2
There are actually two different Wi-Fi only models. To tell the difference between an iPad2,1 and iPad2,4, open up the Settings app and go to General, then About. If the model number is either MC954 or MC989, you have an iPad2,4. If it's anything else, you have an iPad2,1.

iPhone

Apple provides a pretty comprehensive comparison of their iPhones and how to determine your model.

iPhone 4
The iPhone 4 (GSM model) has a model number of A1332 on the back.
The iPhone 4 (CDMA model) has a model number of A1349 on its back.
gallery_164087_240_44904.png



iPod touch

Apple provides a pretty comprehensive comparison of their iPods and how to determine your model.


Important Notes About This Guide
iFish and I have done all that we can to ensure every step is correct, and to ensure you will not have a brick. However, things can go awry at any time. We are not responsible for such incidents, though we recommend attempting a restore in DFU Mode; it solves most problems.

We run this guide as a favor, and have a simple request: please redirect all drivel related to piracy somewhere else. (Preferably /dev/null.) We realize the irony of this site, but we want to make it clear that jailbreaking is not piracy. See no evil, hear no evil, speak no evil. Thanks for understanding.


SHSH Tutorials (Please read, even if you decide not to jailbreak!)
What's the big deal about SHSHs?
Since the iPhone 3GS was released, Apple uses something known as an "SHSH blob" to prevent downgrades. When you update/restore your device, iTunes sends a device-unique string (called an ECID) to Apple's server, and receives the SHSH blob in return. iTunes then applies the ECID and SHSH strings from the blob to the firmware.

Via this method, Apple can prevent downgrades, which could come in handy to people, particularly jailbreakers. But why should you worry about SHSHs, even if you don't want to jailbreak? A new update pushed out by Apple may contain an annoying bug, and downgrading may be your only option for getting rid of it, since we don't know when Apple will push an update.

Click on your device to see what firmwares Apple is signing:
Apple TV
Apple TV 2G
Apple TV 3G
Apple TV 3G Rev A

iPad
iPad (1st generation): 5.1.1
iPad 2:
iPad (3rd generation):
iPad (4rd generation):
iPad Air:

iPad mini
iPad mini (1st generation):
iPad mini (2nd generation):

iPhone
iPhone 3GS: 4.1, 6.1.6
iPhone 4:
iPhone 4S
iPhone 5
iPhone 5C
iPhone 5S


iPod touch
iPod touch 3G: 4.1, 5.1.1
iPod touch 4G: 6.1.6
iPod touch 5G

Backing Up/Using SHSHs with TinyUmbrella
TinyUmbrella can save all available SHSHs for your devices, provided Apple is still signing them.

Downloads
- TinyUmbrella
- Java, if it is not on your computer yet

Saving SHSHs
  1. Install Java if necessary.
  2. Open up TinyUmbrella, and plug in your device.
    NOTE: TinyUmbrella may request your administrator password. It's nothing harmful.
  3. Click on "Show All SHSHs" (top-left corner), then the "Save SHSH" button (top-right corner). The SHSHs will now be saved on your computer!
    gallery_164087_669_43061.png
  4. Remember: Whenever Apple releases a new firmware, look for an update to TinyUmbrella. That way, you can keep your SHSHs safe.
Restoring with SHSHs (for iOS 4.3.5 and lower!)
  1. Close iTunes.
  2. Open up TinyUmbrella and click "Start TSS Server."
    NOTE: TinyUmbrella may request your administrator password. It will merely edit the hosts file to send SHSH requests to Cydia or TinyUmbrella.
    gallery_164087_1042_57720.png
  3. Perform a DFU restore to whatever firmware you have SHSHs for! (For instance, the above screenshot states I can restore to 4.2.1.)
  4. When you're done, hit "Stop TSS Server." You can also close TinyUmbrella now. :)

Keeping your A5(X) Device on iOS 5.1.1
Let's say your copy of iOS got messed up. You need to restore your device, but you still want that jailbreak of yours. This method should work with keeping you on the same firmware!

NOTE: Your baseband will still be updated to the latest version. Also, you must not have used OTA updates to get on the firmware you're on. (i.e. You must have used iTunes for updating/restoring.)

Downloads:
Click here to download redsn0w for Mac OS X.
Click here to download redsn0w for Windows.

Guide
  1. Run redsn0w (Windows users may need to run it as an Administrator and in Compatibility Mode for Windows XP SP2). Click on "Extras."
    gallery_164087_135_15592.png
  2. You will be presented with a list of options. Select "Even more."
    gallery_164087_897_30953.png
  3. Click on the "Restore" button.
    gallery_164087_1151_7550.png
  4. Click "IPSW." You must browse to the IPSW you want to downgrade to (e.g. iOS 5.0.1).
    gallery_164087_1152_34610.png
  5. Click "Local" if the SHSH blobs are on your computer (you'll need to browse for them), or "Remote" if they are on Cydia's servers.
  6. redsn0w will now (try to) put your device in Recovery Mode.

Dumping/Using SHSHs with iFaith
iFaith from iH8sn0w was the first available option for dumping SHSHs from a device. It supports iOS 5.0+'s new "APTicket" nonce, so you can dump your SHSHs and downgrade to iOS 5.0!

Download: Check iH8sn0w's site for the latest version)

Dumping SHSHs
  1. Start the app, and hit "OK" on the disclaimer.
    gallery_164087_584_35036.png
  2. Select "Dump SHSH Blobs."
    gallery_164087_584_16119.png
  3. iFaith displays a screen providing information about dumping SHSHs from your device. Click "Proceed."
    gallery_164087_584_40811.png
  4. A list of people that helped with iFaith appear on the screen. Click "Let's Go!"
    gallery_164087_584_33646.png
  5. iFaith will ask if you're dumping SHSHs from an Apple TV 2G or not. Answer this truthfully.
    gallery_164087_584_10518.png
  6. iFaith will tell you to turn off your device, as you will put your device in DFU Mode.
    gallery_164087_584_24513.png
  7. Follow iFaith's on-screen instructions to enter DFU Mode.
    gallery_164087_584_65017.png
  8. Wait for iFaith to finish dumping your SHSHs. Your device will automatically reboot. (This will not boot up a tethered jailbreak.)
    gallery_164087_584_77456.png
  9. iFaith will ask you where you'd like to save your SHSHs. It will also upload them to a remote server…
    gallery_164087_584_11771.png
  10. …And report its success.
    gallery_164087_584_3648.png
Restoring with SHSHs
  1. Start the app, and hit "OK" on the disclaimer.
    gallery_164087_584_35036.png
  2. Select "Build *signed* IPSW w/ Blobs."
    gallery_164087_584_26684.png
  3. Click on "Browse for SHSH Blobs cache," and find your SHSH file.
    gallery_164087_584_12203.png
  4. If you have SHSH blobs created by an old version of iFaith, you may receive a prompt asking about the certificate.
    If you updated or restored in iTunes before dumping the SHSHs, select "Yes." Otherwise, select "No."
    gallery_164087_584_26312.png
  5. If you have the IPSW on your computer, you can browse to it. Otherwise, you can have iFaith download it.
    gallery_164087_584_7008.png
  6. A credits screen will show up. Just click "Build IPSW."
    gallery_164087_584_21596.png
  7. When the IPSW finishes building, iFaith will offer to put your device in pwned DFU Mode, if you want to restore to the IPSW now.
    gallery_164087_584_29808.png


Useful Tutorials
How to Enter DFU Mode
gallery_164087_240_1514.png



DFU Mode, short for "Device Firmware Upgrade," is basically a more lenient and more thorough version of Recovery Mode. Recovery Mode is what Apple tells you to do if your firmware is messed up, but the dudes at the Genius Bar use DFU Mode. Need I say more on which I think you should use? :p

DFU Mode is also handy if you need to eliminate as many tracks of your jailbreak as possible. (You know, in case your device's future owner doesn't want hacks or Apple declares your warranty void.)

Apple TV instructions
Connect your Apple TV to your computer. (Everything else should be unplugged.)

Hold the Menu and Down buttons for six seconds to reboot the Apple TV. Immediately afterwards, hold Menu and Play.




Instructions for everything else
Connect your device to your computer and then turn it off.



Press and hold the Sleep and Home buttons for 10 seconds. After 10 seconds, let go of the Sleep button ONLY.
NOTE: If (and only if) your device does not have a physical Home button, use the Volume down button instead.



The screen should now be completely off, while your computer will identify the device as "Apple Mobile Device (DFU Mode)."


If you see an iTunes logo on your screen instead, you are in Recovery Mode. Try following these steps again from the beginning.


Open up iTunes, and it will say that it has detected a device in recovery mode.


Now, we're gonna restore the device. If you just want the latest firmware and don't want to jailbreak, click "Restore."

If you care about what firmware gets installed, hold down Option (Mac OS X) or Shift (Windows) and click the "Restore" button. Then browse to the IPSW you wish to use.



Jailbreaking Tutorials
Remember: In this guide, if the device/firmware combination is magenta-colored and underlined, the jailbreak is tethered (unless you have an "old bootrom" device). Otherwise, the jailbreak is untethered.
Guide maintained by Dialexio and iFish.
What jailbreak tool should I use?
If you're jailbreaking…
  • An Apple TV 2G, go with Seas0nPass.
  • iOS 5.1.1, look into Absinthe, PwnageTool, redsn0w, or sn0wbreeze.
  • iOS 6.1.3 through 6.1.6, look into p0sixspwn.
  • iOS 7.0 through 7.0.6, look into evasi0n7.
It's finally here. And super-easy.

CAUTION
This jailbreak requires you to update/restore your firmware through iTunes. Your iPhone's baseband will be updated unless you use a custom firmware. If your baseband is upgraded, your ability to unlock may be hindered. (iPhone 3G/3GS users can use baseband 06.15.00, but will lose GPS functionality until they downgrade their baseband.) If you rely on an unofficial unlock, I would recommend PwnageTool or sn0wbreeze instead.​

Click here to download Absinthe for Mac OS X.
Click here to download Absinthe for Linux.
Click here to download Absinthe for Windows.

Absinthe works with:
  • iPad (iOS 5.1.1 only)
  • iPad 2
  • iPad 3rd generation
  • iPhone 3GS (iOS 5.1.1 only)
  • iPhone 4 (both models, iOS 5.1.1 only)
  • iPhone 4S
  • iPod touch 3G (iOS 5.1.1 only)
  • iPod touch 4G (iOS 5.1.1 only)

Guide
  1. Firstly, it is STRONGLY recommended that you backup your device since this jailbreak is very new and something could happen. (Though it's smart to make a backup before any jailbreak just in case.)
  2. NOTE: If your backups are encrypted, you must disable the encryption. If you cannot disable it, you need to restore your device before continuing. (Do NOT restore from the backup until you are finished jailbreaking.)
    gallery_164087_825_13698.png
  3. You will be greeted by this screen urging you to plug in your device. Hit "Jailbreak."
    gallery_164087_825_35928.png
  4. …Have tea or coffee or something while Absinthe does its duty, I guess.
    gallery_164087_825_2456.png

    gallery_164087_825_6288.png

    gallery_164087_825_16970.png
  5. (iOS 5.1.1) When the jailbreak is complete, you're good to go! If you need to restore from a backup, you may now do so.
    gallery_164087_825_22130.png
  6. (iOS 5.0.x only from hereon) When Absinthe on your computer is done, turn to your device.
  7. Find the "Absinthe" icon and tap on it.
  8. A web clip will open up. Absinthe should automatically reboot; if it doesn't, tap on the green "Jailbreak" button that shows up.
  9. After another reboot, your device should now show Cydia!

Jailbreaking with evasi0n7

evasi0n7 supports iOS 7.0 through 7.0.6.
After a dramatic release, the dust has finally settled. evasi0n7 is available for your jailbreaking pleasure! It's pretty straightforward actually, so you shouldn't have trouble with it! (Especially if you've used evasi0n; the UI is the same!)

Click here to get the latest version of evasi0n7!

evasi0n7 works with:
  • iPad 2
  • iPad 3rd generation
  • iPad 4th generation
  • iPad Air
  • iPad mini 1st generation
  • iPad mini 2nd generation
  • iPhone 4
  • iPhone 4S
  • iPhone 5
  • iPhone 5C
  • iPhone 5S
  • iPod touch 5G

Guide
  1. Firstly, it is STRONGLY recommended that you backup your device since this jailbreak is very new and something could happen. (Though it's smart to make a backup before any jailbreak just in case.)
  2. Connect your device to your computer.
  3. If you updated to iOS 7 with an OTA update, you must update or restore in iTunes first.
  4. If you have a passcode set, you may need to disable it for the jailbreak process.
  5. Close iTunes if it is open, and open evasi0n7. (evasi0n7 will force iTunes to quit anyways.)
  6. Hit the "Jailbreak" button.
    mia3Xdt.png
  7. Wait for evasi0n7 to download some necessary files, and push the first stage of the jailbreak.
    BbzH088.png


    IjSFl55.png


    Clnsyj9.png


    eevZGjY.png
  8. Your device will reboot, and evasi0n7 will wait for you to open an app on your device.
    7QtTIhs.png


    PxTiRGO.png
  9. After you tap on the "evasi0n 7" icon, let evasi0n7 continue working.
    iCkpAgM.png
  10. evasi0n7 will require you to perform yet another action with your phone: unlock it.
    i4iK2qc.png
  11. After one or two more screens, evasi0n7 will tell you that it is done. Your device will say otherwise, however. The rest of the jailbreak occurs on the device— bear with the wait just a little longer!
    MaS43UG.png
  12. Once you're on the Lock screen, you're done!
    moEapap.png

Jailbreaking with p0sixspwn

p0sixspwn supports iOS 6.1.3 through 6.1.5.
p0sixspwn is an untethered jailbreak for iOS 6.1.3 through 6.1.5. It's as easy as it is fast. Or as fast as it is easy… Whatever.

Click here to download p0sixspwn.

p0sixspwn works with:
  • iPad 2 Guide maintained by Dialexio and iFish.
  • iPad 3rd generation
  • iPad 4th generation
  • iPad mini 1st generation
  • iPhone 3GS
  • iPhone 4 GSM model
  • iPhone 4 CDMA model
  • iPhone 4S
  • iPhone 5
  • iPod touch 3G
  • iPod touch 4G
  • iPod touch 5G

Guide
…Well, I would put the guide here, but the program is very straightforward; there's only one button, and no further interaction is needed.

There might be some troubleshooting required, particularly for the Windows version. If it's not working, try modifying the Compatibility Mode settings.In some cases, another computer might be required to proceed with the jailbreak.

Jailbreaking with PwnageTool
PwnageTool allows you to create custom IPSW files, and restore to them right within iTunes.

All versions of PwnageTool require you to download an IPSW on your computer. Most firmware links are available on The iPhone Wiki, but some aren't because no Apple-hosted link exists anymore.

PwnageTool 3.1.5 for iOS 3.1.2/3.1.3 (download)
PwnageTool 3.1.5 requires the IPSW for iOS 3.1.2 or 3.1.3 for your device. It works for:
  • iPhone 2G
  • iPhone 3G
  • iPhone 3GS with old bootrom (pwned, or has iOS 3.1.2 or earlier)
  • iPod touch 1G
  • iPod touch 2G (old bootrom)
PwnageTool 4.1.3 for iOS 3.2.2/4.1 (download)
PwnageTool 4.1.3 requires the IPSW for iOS 3.2.2 or 4.1 for your device. The only incompatible device is the iPod touch 2G.

PwnageTool 4.2 (MOD) for iOS 4.2.1/4.2.6/4.2.8 (download)
PwnageTool 4.2 requires the IPSW for iOS 4.2.1, 4.2.6, or 4.2.8 for your device. The only incompatible device is the iPod touch 2G.

PwnageTool 4.3.3.1 (MOD) for iOS 4.3.3 (download)
PwnageTool 4.3.3.1 requires the IPSW for iOS 4.3.3 for your device. The only incompatible device is the iPad 2 (all models).

PwnageTool 5.0.1 for iOS 5.0.1 (download)
PwnageTool 5.0.1 requires the IPSW for iOS 5.0.1 for your device. The only incompatible devices are those with the A5(X) chip.

icon11.gif

PwnageTool 5.1.1 for iOS 5.1.1 (download)
PwnageTool 5.1.1 requires the IPSW for iOS 5.1.1 for your device. The only incompatible devices are those with the A5(X) chip.

Guide
  1. Download PwnageTool and install PwnageTool. Run it.
  2. Download the IPSW for your appropriate device.
  3. Run PwnageTool. Click OK to bypass the scam window.

  4. Choose "Expert Mode," select your device, and then click on the right arrow. (NOTE: Your windows may look slightly different due to differences in PwnageTool versions.)

  5. PwnageTool 4.01 and lower will now use Spotlight to find a compatible IPSW. If you have Boot Camp, I highly recommend blacklisting the Boot Camp partition prior to this step. If PwnageTool does not return any IPSWs, you can manually browse to it.

  6. If you have an iPhone 3G(S), PwnageTool 4.1.3 will ask if you want to use the iPad baseband for an unlock. Say no for now; if you want to do this, check out the "Unlocking with ultrasn0w" section.


  7. You can now tinker with many options to customize your IPSW. We'll start in "General."

  8. If you are NOT with an officially-supported carrier, check "Activate the phone." If you ARE on an officially-supported carrier, uncheck it!
    iPhone 2G owners may leave the baseband update in. All other iPhone models should not enable said update, provided the option isn't disabled. Guide maintained by Dialexio and iFish.
    Shrinking the root partition size gives you a slight bit more amount of space for music, videos, etc. You could just leave this as-is.
    iPhone 3G owners also have the option of you can enabling features Apple doesn't want you to have.

  9. If your device is not an iPhone 2G, skip the BootNeuter screen (not that you can do anything on it).

    BootNeuter is the unlocking tool for the iPhone 2G. If you are on an officially-supported carrier, uncheck "Neuter bootloader." Otherwise, proceed.

  10. You can download and install Cydia packages right into the IPSW. Click "Download packages" and refresh the sources to download whatever packages you wish to install. Then switch to the "Select packages" tab and select the packages you want installed.
  11. In "custom packages," just leave Cydia checked and proceed.
  12. If permitted for your device, you may set custom boot logos! These images appear when you boot up your device. The boot logo will replace the Apple logo, while the Recovery logo will replace the "Connect to iTunes" image that appears when you enter Recovery Mode.

  13. When you're satisfied, click "Build." You will now be asked where you want to save the custom IPSW.

  14. If your device was never pwned before, PwnageTool may automatically ask you to enter DFU Mode. If this doesn't occur automatically, you can click on the "DFU" button on the top.

  15. Restore to this custom firmware via iTunes. Option-click the "Restore" button and browse to the custom IPSW.
If you're having trouble with making a custom IPSW, here's a YouTube video I made to walk you through the basics of making an IPSW (I used 4.3.1 on the iPod touch 4G).
[youtube]kuCo73wxM-M[/youtube]

Jailbreaking with redsn0w 0.9.4

redsn0w 0.9.4 was designed for jailbreaking iOS 3.1.3 only. You might be looking for redsn0w 0.9.15b3 instead.
redsn0w is a tad more complicated way of jailbreaking. It requires you to have an IPSW (which IPSW is required depends on which firmware you're jailbreaking).

Downloads
redsn0w 0.9.4 requires you to download the IPSW for iOS 3.1.2 on your computer. Most firmware links are available on The iPhone Wiki, but some aren't because no Apple-hosted link exists anymore.

Click here to download redsn0w for Mac OS X.
Click here to download redsn0w for Windows.

Although you would like to jailbreak iOS 3.1.3, you'll need the IPSW for iOS 3.1.2 for your device.

redsn0w 0.9.4 works with:
  • iPhone 2G
  • iPhone 3G
  • iPod touch 1G
  • iPod touch 2G (old bootrom)

  1. Download the files beforehand. Open redsn0w.
    gallery_164087_759_32999.png
  2. Select an IPSW. redsn0w will patch the kernel and such.
    gallery_164087_759_12006.png

    gallery_164087_759_5663.png
  3. Okay, now is where you can customize it to your liking, by picking the features you like. Click next when you're done.
    gallery_164087_759_53200.png
  4. Make sure your device is off and plugged in.
    gallery_164087_759_15404.png
  5. Follow on-screen instructions in order to get into DFU mode and then the rest of the jailbreak process happens on the device!
    gallery_164087_759_4912.png

    NOTE: redsn0w is known to hang at times when it says "Uploading ramdisk" or "Waiting for reboot." If you see the "Uploading ramdisk," try using Windows 95 for Compatibility Mode. (It's odd, but it helps.) If you get "Waiting for reboot," disconnect and reconnect your device until redsn0w recognizes it.

Jailbreaking with redsn0w 0.9.15b3

redsn0w 0.9.15b3 supports iOS 3.2.2, and 4.1 through 6.0! iOS 4.2.7*, 4.2.9, 4.2.10, 4.3.4, 4.3.5, 5.0, 5.1, and 6.0 are tethered.
redsn0w may seem a bit complicated, but it can perform a bunch of different tasks related to hacking iOS.
Guide maintained by Dialexio and iFish.
CAUTION
This jailbreak requires you to update/restore your firmware. Doing so may result in an updated baseband, which hinders your ability to use ultrasn0w or a "SIM interposer" to unlock your iPhone. If you have an iPhone 3GS or an iPhone 4, you can restore your iPhone in redsn0w without updating the baseband.​

Click here to download redsn0w for Mac OS X.
Click here to download redsn0w for Windows.

You need the IPSW of whatever's on your device. (e.g.- If you have iOS 4.3.2 on your iPod touch 3G, download iOS 4.3.2 for the iPod touch 3G.)

redsn0w 0.9.15b3 works with:
  • iPad 1G
  • iPad 2 (iOS 5.0.1 and 5.1.1 only)
  • iPhone 3G
  • iPhone 3GS (old bootrom)
  • iPhone 3GS (new bootrom)
  • iPhone 4 GSM model
  • iPhone 4 CDMA model
  • iPhone 4S (iOS 5.0.x and 5.1.1 only)
  • iPod touch 2G (old bootrom)
  • iPod touch 2G (new bootrom)
  • iPod touch 3G
  • iPod touch 4G
Devices in bold can have custom boot logos.

Guide maintained by Dialexio and iFish.
Guide
First, run redsn0w (Windows users may have to run it as an Administrator and in Compatibility Mode for Windows XP SP2).

  1. Wait for one second as redsn0w identifies your device, then click on the "Jailbreak" button.
    gallery_164087_135_31178.png
  2. (iOS 5.1.1 only!) redsn0w will ask you which method you want to use to jailbreak.

    - The backup/restore method is quick, but requires activation and you must start from scratch (unless you restore from a backup).
    - The DFU ramdisk method is how redsn0w usually works. It's far slower, but will let you keep your content intact.

    If you chose to use the backup/restore method, this is the only step… I told you it was quick and easy. :p Just be sure to wait until your device is done! (There's a point where the device looks like it's done, but quickly resprings.)
    gallery_164087_135_10690.png
  3. Connect you iDevice to your PC, and turn it off (if possible). Hit next in redsn0w.
    gallery_164087_135_42340.png
  4. Follow along with redsn0w to enter DFU Mode.
    gallery_164087_135_2269.png
  5. redsn0w will identify your device and firmware in this stage. Once it does, you will be presented with a list of options. (The options shown will vary based on what device you have.) When you're done, click Next.
    gallery_164087_135_25219.png
  6. Have some patience as redsn0w works on jailbreaking your device.
  7. Once it's done, your device will be jailbroken. If you see the following screenshots, continue reading. (Don't fret, you didn't do anything wrong!) If you don't see the following screenshots, you're done!
    gallery_164087_135_15020.png

    gallery_164087_135_9714.png

    Guide maintained by Dialexio and iFish.
  8. If your jailbreak is tethered (device may hang at the Apple logo, or Cydia won't open), you need to perform a tethered boot. Reopen redsn0w. (For future reference, you may refer to the "Booting your Tethered Device with redsn0w" section.)
  9. Click on the "Extras" button.
    gallery_164087_135_15592.png
  10. The program will present some options. Select the "Just boot" button.
    gallery_164087_897_15830.png
  11. Now, you'll need to turn off your device (if possible; this doesn't matter too much). It's time to get ready to enter DFU Mode again.
    gallery_164087_135_42340.png
  12. redsn0w will now provide instructions to enter DFU Mode.
    gallery_164087_135_2269.png
  13. Your device will flash white, then show a pwnapple. It is booting up now!

NOTE: If you have an iPhone 3GS (with baseband 06.15.00) and restored to stock iOS 5.0, you should reflash baseband 06.15.00.

Jailbreaking with Seas0nPass
Seas0nPass is a new jailbreak tool from FireCore to jailbreak the Apple TV 2G. Basically, it's a greatly simplified version of PwnageTool.

NOTE: Mac versions of Seas0nPass require Mac OS X Snow Leopard (10.6) or later. Windows versions require the .NET Framework 4.0.

Click here for the latest Mac version of Seas0nPass.

Click here for the latest Windows version of Seas0nPass.

Guide
  1. Download and run Seas0nPass.
  2. Select "Create IPSW."
  3. Seas0nPass will now download the IPSW from Apple's/Akamai's servers, as well as patch it.
  4. Follow the instructions Seas0nPass offers to enter DFU Mode.
  5. iTunes will open automatically and begin to restore to a custom IPSW.
  6. When the restore finishes, you must disconnect your Apple TV, and perform a tethered boot if necessary.

Jailbreaking with Saffron (a.k.a. JailbreakMe 3.0)
gallery_164087_240_1514.png


The domain lives on! Saffron is yet another reincarnation of the infamous JailbreakMe website. Once again, comex masterminded the exploitation.

WARNING: If your device is already jailbroken (i.e.- with redsn0w), do not use Saffron.

Works for:
  • iPad (iOS 4.3-4.3.3)
  • iPad 2 (iOS 4.3 and 4.3.3)
  • iPhone 3GS (iOS 4.3-4.3.3)
  • iPhone 4 GSM model (iOS 4.2.1-4.3.3)
  • iPhone 4 CDMA model (iOS 4.2.6-4.2.8)
  • iPod touch 3G (iOS 4.3/4.3.2/4.3.3)
  • iPod touch 4G (iOS 4.3-4.3.3)
Guide maintained by Dialexio and iFish.
Guide
  1. Sync your device with your computer.
  2. Just load up http://www.jailbreakme.com/ on your device.
    NOTE: If that link doesn't work, try http://www.jailbreakme.com/saffron/jbme3.php a variation of it.
  3. You will be greeted with a site that resembles an App Store page. Tap on "FREE."
  4. Now tap on "INSTALL."
  5. Then presto! Cydia will be installing like any regular app!
  6. You now have a jailbroken device! Be sure to install "PDF Patcher 2" in Cydia to stay safe!

Jailbreaking with sn0wbreeze
sn0wbreeze is made by iH8sn0w, and is meant to be PwnageTool for Windows. sn0wbreeze creates a custom IPSW that you restore to via iTunes.

sn0wbreeze 2.9.9 (download) works with:
  • iPhone 2G
  • iPhone 3G
  • iPhone 3GS
  • iPhone 4 GSM model
  • iPhone 4 CDMA model
  • iPod touch 1G
  • iPod touch 2G
  • iPod touch 3G
  • iPod touch 4G
Guide maintained by Dialexio and iFish.

Guide
  1. Download sn0wbreeze.
  2. When sn0wbreeze is loaded, you will see a "not for sale" message. Just hit OK, and proceed.
    gallery_164087_827_50678.png

    gallery_164087_827_4266.png
  3. If you have your device's IPSW on your computer, you may browse to it. Otherwise, you can have sn0wbreeze download it onto your desktop.
    gallery_164087_827_36961.png
  4. If you choose to let sn0wbreeze download it for you, it will ask you for your device, and then what version you want. If the device or firmware you want is not shown, download it from your browser and browse to it.
    gallery_164087_827_44179.png

    gallery_164087_827_60795.png
  5. If you have an iPhone 3GS or iPod touch 2G, sn0wbreeze will ask about your bootrom version. Answer this to the best of your ability, or let sn0wbreeze determine.
    gallery_164087_827_69742.png
  6. After sn0wbreeze picks up the device and firmware you want to jailbreak, proceed to the next window.
    gallery_164087_827_104045.png
  7. Select Expert Mode, and carry on.
    gallery_164087_827_56651.png
  8. Now, you will see 5 options: General, Unlocks (not used for iPod touches), Custom Boot Logos (not applicable to "new bootrom" devices), Custom packages, and Build IPSW. We'll start in General.
    gallery_164087_827_4089.png
  9. In General, you choose the options you want in your custom IPSW, like native multitasking, native wallpapers, and battery percentage. If (and only if) you use an unauthorized carrier, you need to check "Activate The iPhone."
    gallery_164087_827_5081.png
  10. If you use an unauthorized carrier on an iPhone 3G or 3GS, sn0wbreeze offers to install iPad baseband 06.15.00. This baseband is covered in the "Unlocking with ultrasn0w" section.
    gallery_164087_827_69027.png
  11. For the sake of simplicity, we'll skip over the "Custom Apps" section. (The section is used for pre-installing Cydia packages, by the way.)
  12. Build the IPSW.Guide maintained by Dialexio and iFish.
    gallery_164087_827_214473.png
  13. While you wait, you can choose to play Pac-Man.
    gallery_164087_827_20292.png
  14. If you chose to jailbreak iOS 5.0.1, you will be asked to donate to pod2g. If you're able to support future jailbreak efforts, do consider it!
    gallery_164087_827_19841.png
  15. The IPSW is now created. If you press "OK," sn0wbreeze will walk you through entering "pwned DFU Mode."
    gallery_164087_827_26788.png

    gallery_164087_827_51840.png

    gallery_164087_827_51809.png
  16. If you wish to restore to the IPSW, load iTunes and hold down the Shift key while clicking on the "Restore" button. You can now browse to an IPSW on your computer; browse to the IPSW you just made.


Noteworthy Post-Jailbreak Info
Booting your Tethered Apple TV with Seas0nPass


Downloads
Seas0nPass for Mac OS X Snow Leopard, or Seas0nPass for Windows XP/later

Guide
  1. Download and run Seas0nPass. This time, select "Boot Tethered."
  2. Connect your Apple TV to both a power source and via USB.
  3. Follow the instructions to enter DFU Mode.
  4. Seas0nPass will notify you when the boot finishes. Remove the USB cable (not the power cable!) and connect the HDMI cable.


FAQ (if they weren't frequently asked, they will be)
  1. I followed your guide, and now my device is stuck on the Apple logo!
    - Your jailbreak is probably tethered. The program that you used to jailbreak your device most likely has a mode to boot a tethered jailbreak.
    These lines are here to improve readability.
  2. Can I downgrade without SHSH——
    - NO, NO, NO! The only cases where you can are with really old devices and really old firmwares.
    If there were a way, why is backing them up still advocated?
  3. I have an iPod touch 1G. Could you help me get iOS 3.1.3?
    - Upon purchasing it for $4.95 USD, iTunes will download iOS 3.1.3. (On Mac OS X, the IPSW can be found in "~/Library/iTunes/iPod Software Updates". On Windows, the IPSW can be found in "%AppData%\Apple Computer\iTunes\iPod Software Updates".)
    Super-Vague Hint That I Won't Explain To You: Set "touchUpdate" to true, and you can download the IPSW (from Apple) in your web browser.
  4. What the hell are those tables on The iPhone Wiki's firmware page? It's just as cluttered as this page, so just link to the simpler Felix--
    - That Felix link contains warez. Certain versions of iOS are paid firmwares for the iPod touch 1G and 2G, and that website provides MegaUpload links to said firmwares.
    If you don't believe me, just look at the source code.
  5. Can you help me download App Store apps for free?
    - No. Get lost.
    It may be more fun to be a pirate than join the navy, but being a ninja beats being a pirate. ;P
  6. Well... Can you help me download Cydia Store apps for free?
    - From a technical standpoint, pirating something from iOS (especially a Cydia program) is downright stupid. Anything you get from Cydia runs under the super user "root," which can do anything to your iOS installation. A malicious crack could share your text messages and pictures with the whole world. Developers may collect a unique ID from your device, which can (that does not mean "will," though) result in being blacklisted from multiple things.

    Now, that mini-rant was probably heavy with FUD, but those are technically possible.
    Before you ask me who that person is, it's chpwn. Not that you're reading this.
  7. Will a jailbreak affect my iTunes or App Store apps?
    - It will not make a difference in most cases. Certain App Store apps might detect your jailbreak and present an "error" message, but an app called "xCon" in Cydia can address that.
    M
  8. Does a jailbreak void my warranty?
    - Yes. However, all traces of a jailbreak can be erased so Apple would never know. (Note that they may detect funny baseband issues like having 06.15.00 installed.)
    A
  9. I want to wipe out my jailbreak! How do I do this?
    - In most cases, a restore in iTunes should do the trick. If you really want to be sure, a DFU restore covers pretty much every trace (except for basebands).
    R
  10. I jailbroke my device! What should I do now?
    - We can't answer this directly; jailbreaking gives you the freedom to do basically anything you want. Most people who have a fresh jailbreak have a search through Cydia and see what apps interest them. There are some great apps out there just waiting for you to download. A few popular ones include "Five Icon Dock," "SBSettings," and "Winterboard."

    alidsl also wrote up [topic=254055]a guide detailing many post-jailbreak things of interest[/topic].
    B
  11. What's the difference between (Device X) and (Device X Rev A)?
    - There are slight internal differences that force Apple to use different firmwares. For instance, there are two variants of the iPad 2 Wi-Fi model: one is the original, and a revised model uses a more power-efficient A5 chip.
    L
  12. THEREZ NO JALEPRAKE 4 MAI IFON! Y NOT? DEV TEAM SUKCZ AND U TOO
    - It's being worked on. (You know what's not going to fix it? Your shouting! ;P)
    E
  13. Can I save my SHSHs for device X/firmware Y?
    - Yes, provided Apple is still signing it. The list of device/firmware combinations that Apple is still signing can be found above, in the "Backing Up/Using SHSHs with TinyUmbrella" section.
    C
  14. I have SHSHs backed up for firmware X, but my friend doesn't. Can they use mine?
    - No. They are unique to every device.
    A
  15. I have SHSHs backed up for firmware X. Can I use them to restore to firmware Y?
    - No.
    K
  16. I don't have baseband 01.59.00 on my iPhone 4 GSM model. Can I use the iPad baseband (06.15.00)?
    - No. The first generation iPad does not use the same baseband chip as the iPhone 4.
    E
  17. I have a baseband that doesn't work with ultrasn0w. I CAN HAS UNLOCK?
    - Yes, but be prepared to shell out money (and possibly risk privacy). Some sites can unlock your iPhone if you provide your iPhone's IMEI number (be alert for scams, though).

    There are also some SIM card hacks (two legal ones being the "Gevey Ultra" and the "Rebel SIM") that promises to unlock current basebands, and provide updates for future basebands.
    ))
  18. Why do you not use Simple Mode for PwnageTool?
    - I'm a bit of a control freak, so I'd rather know what's going into the IPSW. If you want to use Simple Mode, by all means go for it.
Credits
Current Writers: Dialexio, iFish
Original Writers: alidsl, Danny600kill, iFish
Select images (DFU Mode images, pwnapple, anything else I forgot): iPhone Dev Team
Developing jailbreak tools: Chronic Dev, evad3rs, geohot, iH8sn0w, and the iPhone Dev Team
Developer of SAM: sbingner
iPhone 4 baseband preservation process: semaphore
TSS API: iNeal

Questions? Comments? Suggestions? Errors? Don't hesitate to drop a message! :)
Please keep in mind that "iPhone 3Gs" means "more than one iPhone 3G," "iPhone 4s" means "more than one iPhone 4," and "iTouch" is a DS flashcard.​
 
 

Recent Content

Newest Downloads

Tutorials

Back
Top