Not satisfied with the iPhone OS 4.0 beta1/2? Have you tested it and want back to 3.1.3 or lower? Here`s the guide:
Get your iPhone into the DFU mode by turning it off and holding the homebutton by connecting it with the USB cable. If you see the iTunes logo on your screen you can release the homebutton
Install the 3.1.3 firmware with iTunes on your device (Press alt while clicking on the restorebutton in iTunes and choose the iPhone 3.1.3_restore.ipsw file manually). The installation will end up with an error
The OS 4.0 beta1/2 has updated your Baseband to a higher version that 3.1.3 comes with. This results in the "iphone restore error", iTunes says that it needs to be restored each time you connect it
Windows only: install libusb-win32-filter-bin-0.1.12.2.exe from the package above. Vista needs to run this file as administrator and in compatibility mode
Open Terminal. Type in cd{space} and drag your iRecovery file into the Terminal, before you press enter delete the "iRecovery" textpart at the end
Type in "iRecovery -s" , sometimes this only works for Mac: "./iRecovery -s"
Type in the following commands: "setenv auto-boot true" {enter}, "saveenv" {enter}, "exit" {enter}
Restart your device
After the reboot you have successfully downgraded your firmware to 3.1.3!
Before the redsn0w jailbreak was public you could see a video on iH8snow`s twitter blog at http://www.twitvid.com/UI21P showing him modifying the root_fs.dmg from an .ipsw file:
All the guides you find on the net are not complete, missing a few important steps and, most important, the reason why it cant`t be done this way. Complete Guide:
Place the .dmg you want to decrypt in the vfdecrypt folder
Open Terminal, cd (switch) to the vfdecrypt folder by typing in "cd"{space} and dragging the vfdecrypt folfer into the Terminal, press enter
Type in "./vfdecrypt -i {dmg) -o rootfs.dmg -k {key}" replace {dmg} with the filename of the .dmg that you want to decrypt and {key} with the key for the firmware you want to edit. Firmware keys can be found here. Press enter
Your decrypted .dmg will be created in the vfdecrypt folder under the name "rootfs.dmg"
Right click on it and open it with hdd utility. Click on "convert" and choose "read/write" and "without" in the encryption tab.
That`s it. Save the .dmg to a new file and mount it. Your are now able to browse and edit the .dmg (for example edit the SystemVersion.plist like shown in the video). The problem and the reason why this guide can`t be used to create custom .ipsw files is that you can not re-encrypt .dmg files with the same key you used to decrypt them after changing something! Your created .ipsw files will be corrupted.
To finish the custom .ipsw you have to be able to re-encrypt the .dmg with the same key which is not possible and to add it back to the .ipsw (.zip) without changing the checksum which is impossible too (iH8sn0w posted a few days after the video that you also need to patch a few system files to make this work.)
I tried working on the redsn0w 0.9.5 beta2 to make it able to jailbreak the new OS 4.0 beta2. The jailbreak on the beta1 is done by using an already known exploit. As apple released the 3.0.1 update of the 3.0 software you were able to use the redsn0w release for the 3.0 firmware to jailbreak 3.0.1.
The idea was, in case that the modifications weren`t big, to simply edit the redsn0w 0.9.5 beta2 by changing the names of the .dmgs (like the 018-7262-033.dmg to 018-7411-002.dmg ), -k and -iv keys (posted by iH8snow here) and the sha1 checksum (from "a855ef177392d3df6aa28bc3557d6a87a57846ae" for the beta1 to "865e331b9588ce20b949cbf11ca2e9a4ee439fca" for the beta2). The last part with the sha1 checksum will let redsn0w recognize the new beta2 and display ".ipsw successfully identified".
This is how far you get, by clicking on "next" Redsn0w crashes in the Kernel Part and can not work with the Beta2.
This happens because Redsn0w is not able to patch all the files even if it can decrypt the firmware with the keys you manually entered.
We have to wait for the 0.9.5 beta3 if there will be one! As soon as I get any news about the 4.0 beta2 I`ll post them here, so stay tuned.
You may have noticed that there are a few major things missing on the iPhone 3G: Desktop wallpapers and multitasking.
You can enable this hidden features with this guide:
Open iPhone explorer, if you haven`t downloaded it already you can find it here: iPhone Explorer 1.1.8.3
Navigate to „System/Library/CoreServices/SpringBoard.app“ and copy „N82AP.plist“ to your desktop by dragging it there.
Download PrefSetter to edit the .plist here: PrefSetter 2.0
Start PrefSetter and open the „N82AP.plist“
Click on „Capabilities“ and choose „add new key“ in „Actions“ on the top
Name the new key „multitasking“, choose „Boolean“ and „true“
Add a second key by choosing „add new key“ in „Actions“ again
Name the second key „homescreen-wallpaper“ and set „Boolean“ and „true“
Save the file and add it back to your device by dragging it back into iPhone Explorer by overwriting the original file. Wait a few seconds and restart your iPhone
That`s it, desktop wallpaper is applied and multitasking is activated, you can start it by pressing the homebutton twice.
We need to make invisible system folders in Mac OS X visible. The easiest way to do this is to download a software called inVisibles here: inVisibles 1.5
Open the Software and click on „visible“.
Now you can browse to the „etc/“ folder on your harddrive. Search for a file called „hosts“. Copy it to your Desktop by dragging it there and open it with Textedit.
Add the following entry to the bottom of the text: „74.208.10.249 gs.apple.com“
Choose „save as“ and uncheck the „use .txt extension“ box, save the file under the original name „hosts“ on your desktop.
Drag it back to the „etc/“ folder and choose „overwrite“. Follow the instructions on the screen.
You should be able to activate your iPhone with iTunes!
That`s it, worked fine for me. You can restore your iPhone with your saved 3.x backups. To backup from 4.0 with iTunes you need to install the latest iPhone OS 4.0 SDK (google).
This Guide works ONLY with the iPhone 3G and the iPhone OS 4.0 b1 due to the limitations of the redsn0w jailbreak!
Have you been trying almost everything to get the iPhone OS 4.0 Beta to work like I did and asked yourself why all the „guides“ doesn`t work? They just coudn`t work because they were all fakes. You can NOT run a customized .ipsw file on a non-jailbroken device (read here why)!
The iPhone dev team released the new redsn0w Beta2 Jailbreak for the iPhone 4.0 Beta1. It jailbreaks your device but there`s no hacktivation included, what means that the UDID registration is still needed to activate your device!
I figured out a way to combine the „fake“ guides to a single one that WORKS! :-)
I will not take any responsability for broken devices, this is just for experimental purpose!
Guide:
Download a copy of the iPhone OS 4.0 Beta (google: "os4-iPhone1,2_4.0_8A230m_Restore.ipsw download")
Install this Version with iTunes on your device (Press alt while clicking on the restorebutton in iTunes and choose the iPhone 4.0 .ipsw file manually)
That`s it, worked fine for me. You can restore your iPhone with your saved 3.x backups. To backup from 4.0 with iTunes you need to install the latest iPhone OS 4.0 SDK (google).
