Help with jailbreaking and Cydia for iPhones, iPads, and iPod touches.

Pangu provides an iOS 9.0 untethered jailbreak. TaiG provides an iOS 8.4 and 8.3 untethered jailbreak.
Check @PanguTeam, @taig_jailbreak, @saurik, and /r/jailbreak for news and updates.
You can use Cydia Impactor if you need to un-jailbreak an 8.1-8.4 device without restoring.
Instructions for jailbreaking iOS 8.0-8.4.
Before asking a question, check Frequently Asked Questions to find quick answers!
How to fix some mysterious problems.


Hi I need clarification. My fiancée has a jailbroken 3GS which we got from ebay. She likes her pink, and boy is it pink from the case to the theme. I'd like to upgrade it from the current 5.0 to 6.1.2. Some details:

It is an old-bootrom 3GS (checked in DFU mode)

Modem firmware: 05.13.04

According to a link I found, it is still locked, so must be software unlocked. I've no idea who the original carrier was. This is what makes me nervous in upgrading.

I see generic instructions on this site for similar situations, but need clarification for my circumstance. I see mention of upgrading then downgrading from the iPad baseband, but since the current firmware works well (with GPS), I'm hoping not to mess with it.

I've downloaded RedSn0w 9.15b for Mac, iPhone2,1_6.0_10A403_Restore.ipsw, and Evasi0n. I've backed up the phone, and have backup software for Cydia.

What are the precise steps for these circumstances?

Thanks in advance.

redsn0w- Extras- Even More- restore: Give it the 6.1.2 IPSW and tell it to preserve the baseband. (5.13 is perfect)

It will restore, but redsn0w will leave it in recovery mode.

Now after the restore (and in recovery mode), Redsn0w- Extras- Select IPSW: Choose 6.0. (you have to trick redsn0w)

Click back- then "Jailbreak" - You will come to checkboxes. Only check "Install Cydia" and hit next. Follow the instructions.

Since it's old bootrom it should be untethered as soon as it's done.

Just install "Ultrasn0w" via Cydia to unlock


answered 06 Mar '13, 11:35

cybr1d's gravatar image

cybr1d ♦

Thanks. So use the 6.1.2 ipsw? Some instructions for Redsn0w talk of using 6.0 despite newer iOS, but maybe those were old instructions.

The Tricking Redsn0w step, is it choosing an ipsw file, or an option? (I've downloaded both 6.0 and 6.1.2 ipsw now to be covered)

Some instructions use iTunes to restore an ipsw file, but I guess that might update the firmware with it.

I shall try the upgrade as soon as I get a chance (the phone is always by her side, and she's addicted to a few games).

Thanks for your time.

(06 Mar '13, 12:27) msandersen msandersen's gravatar image

Use the 6.1.2 ipsw to restore with. Let Redsn0w do the restore, forget itunes.

For the 'tricking redsn0w step' you'll be choosing the actual 6.0 .ipsw.

(redsn0w can restore any version but hasnt been updated to jailbreak the newer ones yet, hence the tricking)

(06 Mar '13, 12:32) cybr1d ♦ cybr1d's gravatar image

Mr msandersen, if you have a windows PC, the process is very simple using sn0wbreeze, would yo be interested?

(06 Mar '13, 13:29) sandkuma002 sandkuma002's gravatar image

I do have a PC laptop with Windows 7, haven't investigated Sn0wbreeze. Any advice in appreciated. I just don't want to stuff up the unlocking.

(06 Mar '13, 19:36) msandersen msandersen's gravatar image

I'm stuck in Recovery mode! I've finally had time to try this using Redsn0w, I was anxious for precisely this reason. Now after restoring the 6.1.2 ipsw, the phone is stuck in Recovery mode, when the next step is to turn it off to enter DFU mode. I seriously hope I haven't stuffed it up too badly. I need advice.

(13 Mar '13, 13:32) msandersen msandersen's gravatar image

@msandersen, could you please confirm your current baseband and which process you followed to reach restore?

(13 Mar '13, 14:12) sandkuma002 sandkuma002's gravatar image

The firmware is as stated, and the process exactly as above. I think where I might have gone wrong is in previously determining it as an old bootrom; that is the only decision in the above instructions - which carried a clear warning in Redsn0w - which I can think of that could have derailed it. I had misplaced some notes, and once in the process you can't check the serial number as it stated. I trusted my previous determination was correct. Currently I'm running Sn0wbreeze on a PC to build a custom ipsw from the downloaded 6.1.2 file, since using it as in the instructions below you can use iTunes to restore. That is all I can think of since using TinyUmbrella to break out of recovery mode doesn't do much, as it just starts back up in it, and can;t get into DFU mode.

(13 Mar '13, 15:13) msandersen msandersen's gravatar image

The reason for trying the Redsn0w way on the Mac is that the phone is synced there and has its backups. I couldn't get Sn0wbreeze to verify the bootrom, as it didn't enter DFU mode, but at least it's not showing the "plug into iTunes" graphic, it's just black.

(13 Mar '13, 15:17) msandersen msandersen's gravatar image

@msandersen Ending up in recovery mode after a redsn0w restore is, as stated in the answer above, expected, normal, and not a mistake. You can go to DFU from any mode, no need to turn off the device. Follow these instructions to get into DFU:

Plug device into computer via USB. Don't look at the device, concentrate on the counting. Hold home+power for 10 seconds, then release power but keep holding home for 12 more seconds. Screen should be black. That's DFU. If the screen isn't black, start over and do it again, this process relies on timing. It won't hurt anything to try it several dozen times if needed.

(13 Mar '13, 15:25) spockers ♦♦ spockers's gravatar image

The same basic problem in sn0wbreeze it would seem; it can't get out of Recovery mode and into pwned DFU mode. I fear this is going to be a major headache. My fiancée won't like that.

(13 Mar '13, 15:25) msandersen msandersen's gravatar image

@msandersen you were going right as per @curly420's suggestions. After stuck in the recovery mode you had to select ipsw 6.0 and back and jailbreak and install cydia. Since you have checked before for old bootrom, it should be ok, even otherwise, it is a matter of tethered vs untethered jailbreak which is solvable by tethered boot and installing evasi0n. But sn0wbreeze also works fine, but since you have used tiny umbrella, your host files could have been modified and you might get 3194/16XX error while restoring. I would still suggest, try redsn0w again without feeling scared, today, withing next 3-4 hours, you will have a working phone.And keep the custom ipsw created by sn0wbreeze safe on your desktop, you might use them some other times and please save your 6.1.2 blobs locally (must have been by using tinyumbrella, if not, use ifaith/redsn0w to save them on pc)

(13 Mar '13, 15:28) sandkuma002 sandkuma002's gravatar image

spockers, I'm afraid that doesn't seem to work. Things were fine up to that point, I've had it in DFU mode previously, it's just as soon as you release the top power button, it will go into Recovery mode with the "plug into iTunes" graphic. Leaving it unplugged seems to eventually power it off, but plugging it back in gets it back in the recovery mode loop.

(13 Mar '13, 15:29) msandersen msandersen's gravatar image

sandkuma, I followed the instructions up to the point of loading the file iPhone2,1_6.0_10A403_Restore and then going back to start the Jailbreaking process. It was fine up to the point of requiring DFU mode. I just used Tinyumbrella as per someone's suggestion to break out of the Recovery Mode. It only worked temporarily. I can edit the hosts file if need be. I see the line I just commented it out and flushed the DNS cache. I used some instructions somewhere to get into DFU mode to check the model number, which it said was the only way to really tell. I don't remember the details, it was a couple of weeks ago, as I put this project off. I just found the notes obtained from a website looking up the serial number, it seems to indicate a newer model (2010), serial 5K0140GA3NP.

(13 Mar '13, 15:44) msandersen msandersen's gravatar image

My concern is if I can't get it into DFU mode to complete the process, my only option is an iTunes restore, which will upgrade my baseband, and since I bought it off ebay and don't know who the provider was, I'd be stuck with a locked phone. Sn0wbreeze did make a custom ipsw of 6.1.2, I don't know if it contains the old firmware, but I have is saved for later. Is there a way to use this if I do have to restore via iTunes?

(13 Mar '13, 16:00) msandersen msandersen's gravatar image

My night is not going good. Now the power supply to the PC laptop has gone south and the battery is old so holds little charge. So sn0wbreeze is out for now, not that I could get past the Recovery mode (plug into iTunes graphic).

(13 Mar '13, 16:16) msandersen msandersen's gravatar image

DFU is a hardware function. If your buttons work and you have 5 volts USB power, you can DFU from any state. You can even do it from a wall charger. Just keep trying, using these instructions with no deviation (don't worry about turning it off, etc):

Plug device into computer via USB. Don't look at the device, concentrate on the counting. Hold home+power for 10 seconds, then release power but keep holding home for 12 more seconds. Screen should be black.

(13 Mar '13, 17:38) spockers ♦♦ spockers's gravatar image

Well, I can't explain it, but I managed to get it going again, after umpteen times trying. The only difference this time is I paid no attention to redsn0w, what screen it was on. I even found posts and videos about the Recovery Loop. I tried running the older BlackRa1n to break it out of it as one post (old) suggested, so who knows if it changed anything. Now the next problem; it says it is tethered (currently it it's in the Setup phase, presumably not in jailbroken mode), do I have to go on to evasi0n for untethering? Also, do I choose New iPhone and restore later, or Restore from Backup?

(13 Mar '13, 17:53) msandersen msandersen's gravatar image

Well it boots to plain vanilla unjailbroken iOS with no service fine now, trying to get it to boot tethered now to install Ultrasn0w on Cydia. I'm getting

Missing Keys.plist data for this build

and then 3 lines of info with device, ECID, and Build (I loaded the unsupported 6.1.2 after all). 2 options: Autoboot this device when connected in DFU mode; and do this for all limera1n devices. Next is greyed out however. I might have to use evasi0n first.

(13 Mar '13, 18:12) msandersen msandersen's gravatar image

Hmm, ran evasi0n... says I'm using a semi-tether jailbreak, and to use the evasi0n untether package from Cydia to untether instead. Another impasse. How to get into Cydia... Redsn0w won't let me boot because it seemingly doesn't recognise 6.1.2. Maybe I should try restoring the Sn0wbreeze firmware I created? Start all over setting the phone up. This is a lot trickier than anticipated, as I feared, but at least there is progress.

(13 Mar '13, 18:23) msandersen msandersen's gravatar image

@msandeesen, sorry to hear about all the hassles you are undergoing. Nevertheless, sn0wbreeze custom ipsw can definitely put your iPhone back in operation, you might encounter some iTunes restore errors! Please go ahead ! Best of luck!

(13 Mar '13, 22:21) sandkuma002 sandkuma002's gravatar image

Hesitant since I got it installed with the right baseband, but unable to boot tethered, and since the PC laptop power chord isn't working right, but given that the ipsw is built, hopefully will be quick and without issues. Famous last words, I know... the ideal would be an updated Mac tool, but will give this a shot.

(13 Mar '13, 23:03) msandersen msandersen's gravatar image

Had a quick go on the PC with iReb since the battery is limited, but it went into recovery mode. At least was able to get it out and boot normally. Will have to try again later, and see if the faulty charger can provide some power first. I'm attempting to restart the below instructions from step 8.

It seems the key for the Redsn0w DFU mode above was not to click Next (I can now reliably get past that, just not the tethered boot), maybe something similar is needed for Sn0wbreeze. Hopefully a clear head later will help.

(13 Mar '13, 23:45) msandersen msandersen's gravatar image

@msandersen, the key to less hassles is to follow the right procedure, too many procedure will take you to multiple confusing paths. As @spockers guided you to enter DFU mode, after that, it would have been few minutes, there was no need to try to kick out of the recovery mode. Nevertheless, you still are good to go for any option (mac or PC) if you have 6.1.2 and baseband 5.13.04 but you are still not jailbroken. You can still use mac, redsn0w- select ipsw 6.0 -back, jailbreak- install cydia. And then do tethered boot using redsn0w if it was new bootrom, then install ultrasn0w and update evasi0n if prompted in Cydia "changes". For pc use iReb for pwned DFU and shift+restore itunes and choose sn0wbreeze custom ipsw 6.1.2 to get untethered jailbreak with cydia, then install ultrasn0w and update evasi0n if prompted in Cydia "changes". You are just 15-20 mins away from a working phone.

(14 Mar '13, 03:27) sandkuma002 sandkuma002's gravatar image

That's what I tried to do, but I got unstuck by whether it really was an old bootrom (the instructions above assumed an Old bootrom); I'll find the post (I think from the Dev-Team) that guided me to find the info in the system Info in DFU mode, as it said the serial number is unreliable (any links to tell definitely would be appreciated). Using Redsn0w however, it suggested from the erial number that it is a 2010 model and hence a new bootrom.

Secondly, it seems clicking "next" to follow the instructions in Redsn0w caused it to get stuck in a Recovery loop; it wasn't until I tried the DFU mode without clicking "Next" that it just worked, and Redsn0w advanced on its own. Jailbreak to 6.0 in redsn0w may be the way if my PC laptop power supply can't be stabilised. Would it be bad to try the "Old" (not-fixed) option first in Redsn0w?

Currently it has a semi-tethered jailbreak, but Redsnow can't boot with 6.1.2 (so only boots to "normal"), it has retained the baseband so that is promising, so redoing it with 6,0 and then using evasi0n may be the best way. I will have time to tinker later on.

(14 Mar '13, 04:31) msandersen msandersen's gravatar image

A little background on the issue of Old-New bootrom: I followed this guide:

and determined iBoot to be version 359.3, which it states as Old Bootrom. Now the serial number is: 5K0140GA3NP

which appears to be 2010, which suggests New Bootrom. Hence my confusion. Anyone can clarify?

(14 Mar '13, 05:45) msandersen msandersen's gravatar image

@msandersen, iDetector from iH8sn0w can tell you what bootrom your 3GS is. However, have you tried to use redsn0w to install cydia?

(14 Mar '13, 05:49) sandkuma002 sandkuma002's gravatar image

I found a post showing how Redsn0w can be used to identify the bootrom on Pwned DFU mode.

Extras > Even more > Identity states:

Based on the last time this iPhone 3GS connected in DFU mode:

CPID: 8920

CPRV: 14

CPFM: 03

SCEP: 01

BDID: 00

ECID: 0000033FAA1A5DF6

SRTG: [iBoot-359.3] -- OLD BOOTROM

This backs up my original assertion that it is old bootrom, so I may go back and re-jailbreak with 6.1.2 with the Unpatched option, so it can boot untethered. I chickened out the last time when reviewing the info on the serial number and the warning of using the wrong option.

I did successfully run the Redsn0w jailbreak (with the Patched tethered option) having loaded 6.1.2, then loading 6.0 to trick it as stated above. I may try and see what iDetector says, the brief experiment I had this afternoon I didn't get it into DFU mode successfully to test.

(14 Mar '13, 07:06) msandersen msandersen's gravatar image

@msandersen, my suggestion to you would be to start all over again and follow @Curly420's process and you will find that it will take you 20 mins by the watch. I just did that to my old bootrom 3GS. It will also eliminate any incomplete patches if left over. Restore to 6.1.2. Please do not get scared of the recovery mode and do not try to kick it out(for DFU follow @spockers suggestions),after that just select ipsw 6.0 and jailbreak - install cydia and then ultrasn0w and you should be good!

(14 Mar '13, 07:15) sandkuma002 sandkuma002's gravatar image

I will, I'll have time shortly. I can now get into DFU mode from Redsn0w, so it should be fine (fingers crossed).

(14 Mar '13, 07:33) msandersen msandersen's gravatar image

Well, I started over in Redsn0w using the old-bootrom option, and thankfully everything went smoothly this time!! It is now a fully untethered jailbroken 3GS on 6.1.2 with working hactivation, and I'm busy restoring everything to how it was. iTunes just restored and the old apps are downloding, and backup files for OpenBackup has been copied back with iExplorer, ready to restore Cydia apps.

(14 Mar '13, 09:40) msandersen msandersen's gravatar image

Great! Congrats! Enjoy your fiancée's admiration now!

(14 Mar '13, 09:48) sandkuma002 sandkuma002's gravatar image

Hehe thanks :) Special thanks to you Sandkuma for all your help, although I accepted Curly420s answer, since that is the procedure I used. The phone is fully restored now with all the data, addresses, Cydia tweaks, the works, all on iOS 6.1.2.

(14 Mar '13, 11:14) msandersen msandersen's gravatar image

You are welcone @andersen! They are experts who have designed these procedure, jail breakers like me are only trying to help those who get confused by multiple inputs! I am sure if we follow them point by point, things would work out smoothly for everyone :) I went a step further in experimenting. Today I installed SAM as per spockers suggestions in one post and hope to enjoy the push notifications also on my 3GS !

(14 Mar '13, 11:41) sandkuma002 sandkuma002's gravatar image

While I appreciate Apple's focus on security, I just wish they would allow more customisation like theming on their phones, as well as having an option to install from other sources; something akin to the Mac's gatekeeper, where it allows signed apps or Mac store apps. Even limiting it to the first two options (not allowing unsigned apps at all) and keeping the Mac App store only option as the default, would remove pretty much most reasons people jailbreak, save for some hardcore tinkerers. Unless of course Hactivation was blocked this way. This would also solve the Piracy issue, as pirates don't have security certificates requiring them to confirm their identity to Apple.

(15 Mar '13, 12:17) msandersen msandersen's gravatar image

iPhone 3GS Jailbreak Guide for upgrading to iOS 6.1.2: (for 5.13.04 baseband already unlocked with ultrasn0w)

Step 1: Download iOS 6.1.2 IPSW and save the firmware to the desktop.

Step 2: Download Sn0wbreeze 2.9.11 to the desktop and launch it.

Step 3: Hit Browse button to locate the iOS 6.1.2 firmware file that was downloaded in Step 1.

Step 4: Wait until Sn0wbreeze recognizes the device and firmware, and verify that they are correct.

Step 5: Choose the Simple Mode as it will preserve baseband as well as enable jailbreaking and hacktivating the device later on

Step 6: When prompted for Hacktivate process, choose "Yes" and wait until the program rebuilds your custom iOS 6.1.2.

Step 7: Once the firmware is rebuilt, custom iOS 6.1.2 file should appear on the desktop, let sn0wbreeze place the iPhone into pwned DFU mode. If you exit then later using iREB you can place the iPhone in pwned DFU mode.

Step 8: Pwned DFU mode is now started on the phone and it will initiate the restoring process.

Step 9: Launch iTunes and press Shift key on the computer and click Restore.

Step 10: Select your custom iOS 6.1.2 firmware that reads something like Sn0wbreeze_iPhone_XXXXXXX. Wait until the installation process completes and then reboot the phone. (By chance if you get errors like 3194, 1600, 1601 etc read FAQ how to get over them)

Your iPhone is now successfully updated to iOS 6.1.2 AND JAILBROKEN WITH HAVING CYDIA while also preserving its older baseband.

Step 11. Search for Ultrasn0w in Cydia and download it and you are good to go with IOS 6.1.2 unlocked.


answered 07 Mar '13, 03:24

sandkuma002's gravatar image


if you recommend hacktivating you should at least link to the FAQ article (see number 5) for them to un hacktivate

(07 Mar '13, 04:00) theiphoneguy ♦ theiphoneguy's gravatar image

Hi iphoneguy! is your suggestion to warn them about battery drain or to avoid writing all the stuff again and just provide the link? 1. My opening line was for those users who already are using ultrasn0w for unlocking - means they want to continue hacktivate and unlock! 2. I still have to understand how to link to FAQ, even this will avoid my time to retype :)

(07 Mar '13, 04:18) sandkuma002 sandkuma002's gravatar image

Thank you, I will give it a go soon (not being my phone, it needs to suit my fiancée). I bought the phone jailbroken off eBay; I didn't realise it was Hacktivated rather than factory unlocked (frankly didn't know there was a software unlock) until recently when investigating upgrading. It does have Ultrasn0w on it, and has no battery issues. It doesn't have a lot of tweaks, it is mainly for the theming and for some small eyecandy addons, like Barrel. Nonetheless, the FAQ article was good to know. If Apple provided proper theming support, including modding the battery charging screen, we'd have no real reason to jailbreak, except as it turns out the hacktivating.

(07 Mar '13, 20:18) msandersen msandersen's gravatar image

Mr Andersen, generally it is advisable to upgrade to the latest software even if you are comfortable with earlier version because Apple comes up with some changes because they always try to improve unless sometimes the idea is to remove/add inbuilt apps such as YouTube and google maps are removed in iOS 6+ and apple maps are added which are not liked by many yet. But if one is not interested in too many new apps or tweaks, one can continue to stay where they are. And iOS 5 is good enough compared to iOS 6. So definitely you can take it easy :)

(07 Mar '13, 23:58) sandkuma002 sandkuma002's gravatar image

I'm taking it easy, except there's a chance the window will close once 6.1.3 comes out; likely a fix will be found for this also, but you never know, and it appears to be getting tougher for them to hack iOS. I have an (unjailbroken) iPhone 4s myself, and mostly I'd like Do Not Disturb and subscription photostreams from iOS 6 for the 3GS. I have no major issues with Apple Maps on my 4s where I am (Sydney), and although I do have Google Maps as well, I keep it mainly as a backup, as Google is the master of search and can find places of interest better, but rarely use it. Same with the YouTube app; Google has issued a better version themselves, so no issue there, and besides my fiancée doesn't use it except on her laptop where you can see the video better. I also figure there are various bugfixes and improvements in the core system from 5.0 to 6.1.2. that might be worth it. iOS 7 is around the corner after all. I checked, and all but one tweak (Graviboard) is compatible with iOS 6, an acceptable loss.

(08 Mar '13, 11:41) msandersen msandersen's gravatar image

Sir, you already seem to know everything so you can really take a good decision considering the pros and cons of each! My suggestion would still stay as close as possible to the latest ios version and it is not at all difficult to do so, I definitely would feel left out if I am not :) but when it comes to the matters of ones fiancée, indeed one has to be cautious ;)

(08 Mar '13, 12:17) sandkuma002 sandkuma002's gravatar image
Your answer: (please use the "add new comment" button unless you are actually answering the original question)
toggle preview

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 06 Mar '13, 11:20

Seen: 6,079 times

Last updated: 15 Mar '13, 12:17

JailbreakQA is by chpwn and comex.
About JailbreakQA. Powered by OSQA.