[How To] Use Pwnage Tool to make a custom firmware

This is a general guide for how to use pwnage tool to make a custom
firmware. i will be using pwnage tool 4.1.3 and using iPhone 3G as an
example. You can adjust what you are doing for what firmware and device
you are making it for. I will not get into the full expert mode options
either since if you know how to use those then you don't need this
guide.

Pwnage Tool can be found here: Dev-Team Blog

Open Pwnage Tool, Click on Expert mode and select your device, then click next
[You must be registered and logged in to see this image.]

Double-click on "Browse for IPSW" and choose the regular firmware that
you want to make a custom firmware with. I will be choosing 4.2.1 in
this case.
[You must be registered and logged in to see this image.]

With this particular version of pwnage tool you will have the option of
updating your baseband to the iPad one if you want to unlock. DO NOT DO
THIS if you are already have an unlockable baseband. If you want to do
this (if you have 5.14.02 or 5.15.04 baseband and want to unlock) then
press yes, you will need to point pwnage tool to a iPad 3.2.2 firmware
for this.

Double click on General
[You must be registered and logged in to see this image.]

If you have a official carrier sim to activate with then deselect the activate box. If you dont then leave it checked.
[You must be registered and logged in to see this image.]

Press the back button then double click Build and select where you want to save the custom firmware
[You must be registered and logged in to see this image.]

Let pwnage tool do its thing. You will need to type your admin password half way through.
[You must be registered and logged in to see this image.]

At the end of the process you will get a message asking you if you are
pwned already. Just click no and follow the instrctions for entering
pwned dfu. Once done you should see the blue message that you have
successfully entered dfu.
[You must be registered and logged in to see this image.]

Close pwnage tool, open iTunes, you will get a message saying the phone
is in recovery. Press ok and then hold down option and click restore. A
window will pop up where you can choose the custom firmware you just
created.
Let iTunes restore your firmware.

If you are trying to make a custom 4.2.1 firmware for 3GS then you need
to add a custom bundle to pwnage tool first. See here how to do that: iClarified - iPhone - How to Add a Firmware Bundle to PwnageTool

Since the 3GS 4.2.1 is a custom bundle it will not add cydia like a
normal custom firmware would. In this case you would need redsnow
0.9.6rc8 to install cydia. If you have new bootrom you will also need to
boot tethered with redsnow after installing cydia and every reboot
after that until a untethered jailbreak for new bootrom devices on 4.2.1
is released.

Steps for using redsnow:
1: Get past emergency call screen by putting in a official sim and
plugging into itunes. If you dont have one proceed to next step.
2: Run redsnow 0.9.6rc8 and browse for a regular (not custom) 4.2.1
firmware, say yes to the new model question if you have new bootrom or
no if you have old bootrom. If you aren't sure which you have use
idetector to find out:iH8sn0w.com | Jailbreak your iPod touches and iPhones
3: Choose the option to install cydia
4: Follow directions for going into dfu
5: Once booted up you if you are old bootrom you are done STOP HERE. If
you are new bootrom you will see cydia but if you try and open it will
immediately close
6:Turn phone off
7: Run redsnow again this time choose the option to boot tethered
8: When booted up run cydia and install any available updates
9: When that finishes do not press reboot, instead manually turn the phone off
10: Run redsnow again and choose boot tethered again
11: Open cydia search for ultrasnow and install it
12: Do not press reboot, follow same things you did in steps 9&10
13: When booted up you should be fully working and unlocked.

Remember if you are new bootrom you have a tethered jailbreak on 4.2.1
for now. This means every time you turn the phone off you will need to
run redsnow again to boot tethered. If you dont you will end up with
boot loop (apple logo on screen forever). If you ever end up in boot
loop because you rebooted for whatever reason you can still run redsnow
and boot tethered even if the phone is not in a starting point of being
off. Entering dfu is the same method.

Pwnage tool 4.1.3 can make custom firmware for all idevices for 4.1 but
not all for 4.2.1. If you get a "wrong firmware bundle selected" then
pwnage tool can not make custom firmware for that device for that
particular firmware.

If you want to make custom firmare for other firmwares lower (and in the
future higher) then you will need a different version of pwnage tool.
4.1.3 can only make custom firmware for 4.1 and 4.2.1. The steps for
making a custom firmware will be very similar though.

If you are trying to restore to a custom 4.1 you will need 4.1 SHSH.

If you are on windows you can use snowbreeze 2.1 to make custom 4.1
firmware. Snowbreeze does not support 4.2.1 yet though. Also if you have
a iPhone 3G then use snowbreeze 2.0.2 to make a custom 4.1 firmware as
Snowbreeze 2.1 is broken for making iPhone 3G custom 4.1. Guide here: HOW TO: Jailbreak iOS 4.1 with Sn0wbreeze 2.1


Anyone needing custom firmware for 4.2.1 and don't have access to a Mac see here: Let me google that for you

Linking to custom firmware is against forum policy







[You must be registered and logged in to see this link.]

Sn0wbreeze 1.6 has been released. This is by the same developer who is behind other popular iPhone jailbreak tools such as sn0wbreeze for iPhone 3.1.3, f0recast and BlackBreeze. Just like the PwnageTool for Mac, Sn0wbreeze 1.6 can jailbreak iPhone 3GS (old bootrom, and already pwned on 3.1.2 with anything other than Spirit), iPhone 3G and iPod touch 2G (non MC model).

[You must be registered and logged in to see this image.]

So if you have a Windows machine, you can use Sn0wbreeze 1.6 to create custom firmware files without the upgraded baseband. Again, just like the PwnageTool 4.0 / 4.01, only the following devices are supported.

• iPhone 3G/3GS (old bootrom/already jailbroken with anything other than Spirit)
  
• iPod Touch 2G (non MC model)
  

Instructions are as follows.

Step 1: Download and install the latest version of iTunes.

Step 2: Now start iTunes and sync your iPhone with
your PC so that it backs-up all your important data including settings,
apps, music, contacts and photos.

Step 3: Download Sn0wbreeze and the original iOS 4
firmware file for your version of iPhone or iPod touch (download links
given below). Move all these files to your desktop.

Step 4: Start Sn0wbreeze and select “Simple Mode”.

[You must be registered and logged in to see this image.]

Step 5: Sn0wbreeze will now ask you to browse for
your .ipsw file. Select the correct iOS 4 firmware .ipsw file by
clicking the “Browse” button. Sn0wbreeze will verify the selected file
and then will present you with following screen.

[You must be registered and logged in to see this image.]

Step 6: Click on "Yes" when Sn0wbreeze asks you “Do
you want to activate your iPhone?” for hacktivation. Click on “No” only
if you are on an officially supported carrier like AT&T.

[You must be registered and logged in to see this image.]

Step 7: Sn0wbreeze will now create the custom .ipsw file for your iPhone which will be jailbroken.

[You must be registered and logged in to see this image.]

Step 8: Now you will have to restore your
iPhone to this custom firmware 4.0 that you just cooked using
Sn0wbreeze for your iPhone. Click on your phone from the sidebar in
iTunes and then press and hold left “Shift” button on the keyboard and
then click on “Restore” (Not “Update” or “Check for Update”) button in
the iTunes and then release the “Shift” button.

This will make iTunes prompt you to select the location for your
custom firmware 4.0. Select that custom .ipsw file and click on “Open”.

Step 9: Now sit back and enjoy as iTunes does the
rest for you. This will involve a series of automated steps. Be patient
at this stage and don’t do anything silly. Just wait while iTunes
installs the new iOS 4 on your iPhone. Your iPhone screen at this point
will be showing a progress bar indicating installation progress. After
the installation is done, iPhone will restart automatically and you
should now have a fully jailbroken iPhone running on iOS 4.

How to: Unlock iPhone on iOS 4.0 (Any Baseband):
Follow the complete step by step guide posted here to unlock iPhone 3GS and iPhone 3G, on iOS 4, on any baseband using Ultrasn0w 0.93.

Step 10: Once you are done with the unlocking and
jailbreak process. You can now restore all your settings, apps, music,
contacts and photos to the newly installed iOS 4 by restoring the backup
that you made in Step 2 from iTunes.

Feel free to ask me any question here should you run into any problem during the jailbreak process.

Download iTunes 9.2 for Windows and Mac OS X
Download iOS 4 for iPhone 3GS, iPhone 3G and iPod touch
Download .NET Framework 3.5 (required to run Sn0wbreeze)
Download Sn0wbreeze 1.6 / 1.6.1 for 4.0 (Windows Only) [Fast Mirror link]

Disclaimer: This guide is for testing &
educational purposes only. Follow it on your own risk. I’m not
responsible for any loss of important data or malfunctioning of your
iPhone.

UPDATE 1: Sn0wbreeze 1.6.1 is now available. Download Sn0wbreeze 1.6.1 for 4.0 from the updated link given above.

You may also like to check out:

• AppSync 4.0 Now Available for iOS 4.0 Jailbroken Devices
  
• Fix 1604, 1600 Error During iOS 4 Custom Firmware Restore in Tunes
  
• Unlocked iPhone 4 Available in UK, France and Canada
  
• How to Unlock iOS 4 with Ultrasn0w and Blacksn0w on 05.13.04 Baseband
  
• How to Jailbreak iOS 4.0 on iPhone 3GS, iPhone 3G and iPod touch 2G using Redsn0w, PwnageTool 4.0 (Windows)