How To: Jailbreak iPhone 3GS iOS 4.0.1 Old Bootroom With PwnageTool Bundle


Finally there is some good news for users looking to jailbreak their iPhone 3GS on iOS 4.0.1 using PwnageTool bundle. Kaatje, an iPhone developer and hacker, has released her detailed guide on jailbreaking iPhone 3GS (old bootrom) on iOS 4.0.1 using PwnageTool bundle. Kaatje is also credited with introducing the first iPhone 3GS jailbreak for iOS 4.0 GM.

Here is the step by step guide on jailbreaking  iPhone 3GS on iOS 4.0.1 using PwnageTool bundle. Please note that this guide is intended for Mac users only.

Note: This JB bundle works with the current version of Ultrasn0w and supports hacktivation.

Please be aware of the the following requirements:

  • iPhone 3GS (with older bootroom, aka can be jb without tethering)
  • iTunes 9.2.1
  • iPhone is currently jailbroken (pwned, not spirited)

If you meet these requirements than you may proceed at your own risk. I will not be liable for any headaches, lost of productivity, lost messages, etc. Be aware as always, you many not be getting what you think if you are not grabbing the files directly from Apple. Ok so lets get started!

  1. Download Pwnagetool from Here
  2. Download Bundle from Here

Pick a new clean place to work, i recommend making a folder called jb. Extract all of the files and place them in this directory. You should have the following files:

  • iPhone2,1_4.0.1_8A306.bundle

Open a terminal window and change into the jb directory:

kaatje:jb kaatje$ ls -al
total 0
drwxr-xr-x@  5 kaatje  staff  170 11 jun 05:48 .
drwxr-xr-x   9 kaatje  staff  306 11 jun 05:40 ..
drwxr-xr-x   3 kaatje  staff  102  7 feb 13:20
drwxr-xr-x  13 kaatje  staff  442 10 jun 15:49 iPhone2,1_4.0.1_8A306.bundle
kaatje:jb kaatje$ mv iPhone2,1_4.0.1_8A306.bundle
kaatje:jb kaatje$ exit

Once you have completed these few steps, you may proceed to build your custom ipsw. Launch Pwnagetool, when it fails to find your firmware, select the location to it, possibly in your Downloads folder. After a couple of minutes of working, it will prompt you for your password, so enter it and then let it proceed. Once it is complete, and your custom ipsw has been built, it is time to go into iTunes. I *HIGHLY* recommend that you sync before going any further. Backup your contacts, calendars, music, photos, etc as these will all be wiped away.

So, you synced everything and are ready to restore… Select your iPhone, Hold the Option key and click on Restore. A dialog box will open and allow you to choose your image to restore. Navigate to the ipsw that you just created. Click on OK and let it do it’s thing.

Congrats, your iPhone is now running iOS 4.0.1. Once you activate, you will see Cydia in your list of applications. Do not hesitate to do a complete update. If it hangs, sometimes it will, just power cycle your phone and try again.

To recap, this is for Mac users only! Your baseband will be preserved! You must be already jailbroken for this to work. This does not use any new magical exploits, just the famous 24kpwn exploit so older bootroms are required. I will not offer support on why application or tool xyz does not work. Use of this is at your own risk!

Disclaimer: Please use this guide at your own risk. AddictiveTips won’t be held responsible in case you incur any permanent or non-permanent damage to your device using this procedure.


  • Jackjohnson

    Great! And next, windows users. ^^