Help with jailbreaking and Cydia for iPhones, iPads, and iPod touches.

Well unless something has changed you know from IRC chat that we didn't find a difference between 3 x 4.3.5 ipsw's, all seemingly downloaded between July and today. It needs to looked into further, but the risk is high.

Based on my two failed trials, the downgrade to 4.1 does not break the radio( or erase the baseband if thats the same thing).. It is after running of the redsnow with 4.1 / 6.15 is when the baseband disappears. The phone is still usable as a locked phone with 4.1fw and 5.16 bb after downgrade..

That is good to know, and just to throw it into the mix, RS does fetch what it needs with regard to ipad BB direct from Apple, as opposed to using Pwnage which takes what it needs from a 3.2.2 ipsw. I don't know if it means anything, but there you go. Would be nice for someone else to confirm the downgrade isn't doing the bricking.

I concur.

concur what?

After downgrade to 4.1 2 new out of the box 3Gs's phones are usable. Running redsn0w and fetching ipads bb breaks it. Recently discovered the way flashing bb on iphone 3Gs locally, pointing redsn0w directly to ipads ipsw. Have not done testing yet.

K, so it's not the downgrade itself, it's running RS/ipad BB right?...and MuscleNerd said in IRC that restoring to a custom 4.1 probably wouldn't brick it, which uses a local ipad ipsw instead of fetching what it needs. Still, someone has to try it and risk the loss. There's another thread running as well, you may have some input for that :-)

I tried custom restore with 6.15 in it and it bricked it... I am temporarily out of devises (3Gs), hopefully will get some next week to play with.

Really? shit, so you built a custom 4.1 and downgraded from 4.3.5/5.16.xx? and it bricked, MN said that would work..stumped. I guess tethered is the best option here.

LOL, yes. I took to apple after restoring it to 4.3.5 however there were no baseband and they were clueless about what is going on...

k, at least there's a get out clause of some sorts for those that have warranty, but why the need to install 6.15 on new 3Gs's anyway?, you know it kills warranty dead, thats a big loss on a new idevice.....you also have a post on DTBlog where you warn people not to install ipad bb on new 3Gs's, so does it break radio if you install it on 4.3.5 as you don't mention downgrade/firmware etc?

i think apple is getting tired of getting bricked iphones from ipad bb

If that's the case they could release a new update and mark its baseband 06.16 or higher.

i actually didn't think about that...

Finally an answer that makes sense, can we know how you come to the conclusion of week 36 specifically?

I have two 35-week 3GS with 4.3.5, new from the box, and two 36-week and one 37-week, all with 4.3.5, new from the box. First, i didn't know anything about this new problem. I opened one 36-week, as usually downgraded it to 4.1, installed ipad modem and then got the problem of this topic. I supposed this was some bug of that phone. Then i tried another 36-week 3GS and got the same problem. Then frist 35-week: installed ipad modem on 4.3.5 with RS 0.9.9b4 and did tethered jailbreak - everything was good, it works perfectly now. The second 35-week: downgraded it to 4.1, install ipad modem and did untethered jail - it works perfect too. So i had last 3GS of 37 week. I tried to install ipad modem and jailb it on 4.3.5 - i got a brick, of course. So in conclusion: it's not the problem of some kind of "new 4.3.5 ipsw", different from the old 4.3.5 ipsw. It's the problem of NEW IPHONE 3GS, from 36 week of 2011.

This should clarify the issue for everyone who intends to unlock more 3GS's and now know what to do and not to do. @iFree, just to clarify once more, the serial number that does not work are ( 3rd to 5th ) 136 and higher. And 135 and lower should work?? just wanna make sure that we are all on the same page here... But thanks for the input...

@jojo2010 yep, "135" and below work great with iPad baseband, "136" and later don't work. A few days ago I was stuck, because i don't know the reason of dead new 3GS with 06.15.00. Now i know definitely, but how to decide this problem? Nobody knows, i think. And this is sad.

@theiphoneguy thank you for all of your hard work and research you have taken the time to put into this. just wanted an update on what is current info, the topic has become such a large monster as you've stated that I've found it difficult to discern what is fact or fiction. Here are my questions: Could you please define newer 3GS in strict terms, I think most people still interpret this as old bootrom (359.3) vs new bootrom (359.3.2), but I do not believe that is what this issue refers to. How does one strictly identify the "newer" 3GS you mention and what exactly is the actual difference in the hardware and/or software causing this. Is it something embedded in factory restored ipsw 4.3.5 or any 4.3.5 restore via iTunes, is it an actual identifiable difference in the hardware? Since you are the resident expert on this particular topic, maybe reposting as a new simplified tutorial or warning? Thanks in advance!

Newer 3GS from week 36 and up of 2011 (serial XX136XXX). Something in the phone (theory) codewise rejecting 6.15 outright (/theory). Happens on a 3GS 8/16/32GB on 4.3.3, 4.3.4, 4.3.5, 5.0, 5.0.1 and even on 4.1 if downgraded to that(open signing).

Bootrom's are identical, bootloaders are identical, but the brick is reproduceable

I thought it's been established there is new Baseband NOR?

what i did was to restore the 2 iphones back to 4.1. The sim card would say "Searching" and the phone is in connect to Itunes page/emergency call ( not recovery mode). It is though still blank imei. i have since tried to return it to the apple store and will not attempt to do it again until i find out what i did wrong. Apple replaced it since they could not prove that it had 6.15 bb since the bb is blank. i have not been able to jb using 9.6rc18 since i have returned the phones to apple. what really bothers me is that i did the exact same procedures on many other iphone 3gs's on 4.3.5 and downgraded to 4.1 with 6.15 but this is the first time that this has happened to me. The only variable is that these are new phones straight from apple store from the past week. anybody had the same issue??

I can't believe that a new 3Gs from the Apple store will be any different to one sold last year, but I guess you never know. If you feel brave enough to try it again, try using 0.9.6rc18 and split the intial jailbreak and ipad BB install into two seperate processes....and if you didn't do it before, just double check that everything is in order after exiting recovery from the 4.1 downgrade. Still no guarantees though. I see you say you have done this procedure before i.e. a 4.1 downgrade with 6.15, but that wouldn't be the case here as you'd still have 5.16, but I'm sure you're just trying to say the process is the same regardless.

when i get hold of a new 3gs again i will post my results. i have always used the 096b5 and it has always worked for me. never used rc18 before but i will try your suggestion even for older 3gs's. i have seen several phones before with the blank imei and have never found the solution for loading the baseband. i guess i will have to find where those phones are so i can try loading a baseband and imei. i will keep in touch.

One way to kill the baseband is when process gets interrupted on redsn0w's "flashing baseband" process. But you having done it before and 2 in a row occurence seems unlikely but worth a look into.

downgrade to 4.1 ok but dont touch the bb, dont do the ipad bb to 6.15 !

IF you try to put the ipad bb on that device (serial QR1389X) it will blow out the baseband. That device is from 2011 week 38. You can try, since it is still under warranty, but be ready to exchange it with apple

Ok i won't do it bout I did the jailbreak w sn0brez and after everything I only get one bar and not signal in my iPhone w AT&T I try to reset the network but nothing ! And try to restore the phone and samething one bar! But if a put it back to 4.3.5 I will get the signal and back to normal

Thats because you are choosing hactivation (or using simple mode in snowbreeze) remake the custom with snowbreeze, choose expert. Click general, then the blue arrow. on that first screen make sure "hactivate" is NOT checked. click the blue arrow till you see general again. Click build. click the blue arrow. Wait. Restore with the NOT hactivated firmware

Hey how can u talk me this serial is ok to downgrade and install bb06.15 serial # The first 5# are 87943 ... Please let me know ASAP thanx

Up or downgrading os is not the problem just don't do the iPad bb 6.15 because it will kill the bb chip

error 3194 on restore to latest firmware means your computer has redirect to cydia shsh check in host file. You need to point to apple server since 4.3.5 is still being signed.

here is the fix for windows...

1. launch notepad as administrator

2. Open C:/Windows/System32/drivers/etc/Hosts

3. Delete all lines with "gs.apple.com" in it

4. Save

5. Reboot PC

On Mac:

• Open Finder

• Hold down COMMAND + SHIFT keys and press 'G'

• Enter "/private/etc/" in the field and press "Go"

• Find "hosts" file in the directory

• Drag the file to your desktop

• Open it in text editor

• Remove the line that has gs.apple.com entirely or put a # at the beginning of it to comment it out

• Save the file

• Drag it back to the /private/etc/ folder.

• You'd need to enter your username and password to authenticate the move

Do above fix and restore. TinyUmbrella must not be running on restore.

I know that. Tried with the 4.3.5 from multiple computers never touched by tiny umbrella or anything that changes the hosts file.

Apple ninja added something. Get 4.3.5 from felixburns.de, you'll see

why get ipsw from somewhere else when you can get directly from apple servers?

edit: I checked. Site you mentioned download links for iphone firmwares also comes from apple servers.

Removed my own thought that apple had changed the ipsw files. there was no change in the 4.3.5 firmware

3194 is a signing/verification error, usually means you're not pointing at the right server for the signing/verification, be it Apple, Cydia, or Local. I see you're saying that you have two matching ipsw's but only one will restore without error, the other will give 3194, can't understand why would that happen unless one is corrupted. Try swapping out their locations and see what happens then, logic says it will still error out, but you never know. Did you ever have a successful restore with one that 3194's?

Removed by myself, ipsw had not changed

OK if Apple did in fact change the file without changing the name, you can just run a checksum to find out. It won't tell you what changed, but it will at least confirm that there was one. I vaguely recall @MuscleNerd mentioning something about this very thing... found it:

From http://blog.iphone-dev.org/redsn0w-iOS5

Update #7: Apple updated the iPad1 iOS5b6 IPSW without changing its version number or filename, so we’re releasing redsn0w 0.9.8b7 to handle both the original and changed IPSW.

But you were connecting to Starbucks wifi to connect to Apple servers right? What do you mean up there ^^^ where you say an ipsw has been modified by Apple, what is your thinking there?

None of the phones have had any flavor of iOS 5 betas. All on 5.16.02 (by memory, the stock bb with 4.3.5), pouring over iTunes logs, there are 85 recent logs to pour over

No, I've always used my home wifi (comcast) or tethered to my iPhone 4 while at Starbucks

I really can't see Apple modifying an official ipsw and making all previous versions of that ipsw redundant, there would be too many people who would have the older version in their itunes software updates folder, and if that didn't automatically get overwritten, then they'd all get itunes errors. Can't see Apple causing that amount of confusion.

A conspiracy by apple ninja? Cannot hardly call it that because it seems to be affecting just you.

I'm determined to find out what's causing it, I really don't want to brick a phone not my own so I'm very hesitant to do the iPad bb update now. Apple is signing 4.1 again so iPad bb'ers have an easier restore path

Apple have probably been signing 4.1 ever since and we just never realised it, but I guess I could be wrong.MN did say that latest version of RS has the ipad BB flash option, so there'll be no need to downgrade it to 4.1, but it's not listed as the latest release on the blog post yet, despite him saying it would be released @10hrs ago.

ipsw wasnt changed :)

Why would they be stuck in recovery?

@Tdumaine can you come to the chat? I think this would go better "live."

@venus they started signing 4.1 about 4ish weeks ago, i dont have an exact date. I recently found out about it (2 weeks ago) and had a friend with a brand new 3gs 8gb on 4.3.5. No host mods, no tiny umbrella, no shsh anywhere, and just shift clicked itunes with the phone running and pointed to 4.1 stock. Restored just fine, activated just fine since shes on att (carrier locked to att, no unlock needed) thats when i tried on another, putting it on 4.1, flashed to ipad bb, pwned dfu via ireb, snowbreeze firmware to skip bb update and hactivated. All went smooth and that 3gs was on 4.1 untethered jailbreak with the ipad bb unlocked on tmobile, no issues. Todays brand new (refurb) from apple with 4.3.5, the stock 4.1 fails with 1015, and neither irebs 1015 fix or tiny umbrellas exit recovery will kick it. (ireb r4, TU .11)--Stuck in recovery, if you have the ipad bb, and try a stock restore (just click restore and say go) to 4.3.5 will fail with the ipad bb