PwnStrap

Notes

This procedure should work to bootstrap the restore of any 3GS or later PwnageTool 4.1+ image

This will work on the iPhone3GS, iPhone4, iPad, and AppleTV2.

Linux

Required files:

Procedure:

  1. Place your device into Recovery Mode.

    While the phone is off, hold down the Home button and immediately plug it into your computer. Or else.

  2. In a command prompt, run ./irecovery -p Path/To/Firmware.ipsw
  3. Follow the instructions.

    If you don't read the actual output from greenpois0n may the fleas of a thousand camels infest your private parts.

Windows

Required files:

Procedure:

  1. Place your device into Recovery Mode.

    While the phone is off, hold down the Home button and immediately plug it into your computer. Or else.

  2. In a command prompt, run irecovery.exe -p Path\To\Firmware.ipsw
  3. Follow the instructions.

    If you don't read the actual output from greenpois0n may the fleas of a thousand camels infest your private parts.

Manual

Procedure:

  1. Put phone into Recovery mode (NOT DFU)

    While the phone is off, hold down the Home button and immediatly plug it into your computer. Or else.

  2. From a command prompt (Start>Run>"cmd"), change to the directory where you extracted irecovery, and enter irecovery -s followed by:
    setenv boot-args 2
    setenv auto-boot false
    saveenv
    /exit

    Keep this window open for use later on!

  3. Run greenpois0n - it will guide you to enter DFU mode, then it will stop on a white screen after you click "Jailbreak".

    It should say "Jailbreak Complete!" and NOT "Jailbreak Failed!" next to the progressbar at the bottom.

  4. Extract the iBSS from your custom PwnageTool image (firmware.ispw/Firmware /dfu/iBSS.BoardID.RELEASE.dfu) into your irecovery folder.

    You can use WinRAR or another ZIP extractor to do this. IPSW files are really just ZIP files!

  5. At a command prompt: irecovery -f iBSS

    iBSS should be replaced with the name of the iBSS that you just extracted from the pwnagetool image - ie iBSS.n88ap.RELEASE.dfu

  6. At a command prompt: irecovery -s
    setenv boot-args 0
    saveenv
    go image decrypt 0x41000000
    go jump 0x41000040
    /exit

    At the "go jump" point your device should appear to reboot. Whether it goes back to a white screen or shows the Connect to iTunes screen depends on the firmware image used.

  7. Restore your PwnageTool cooked firmware from iTunes.

Thanks to p0sixninja for updated code to support the Apple TV in libiRecovery - and of course for greenpois0n

Valid CSS  -  Valid HTML