13.02.2008, 17:05
This is a guide on how to downgrade your 4.6 iPhone (either 4GB, 8GB, or 16GB - it works on all of them) to a 3.9 iPhone with software only.
All of this is possible thanks to George Hotz. If you find his work helpful, then please donate to him - you can find a PayPal donate link on his blog.
Additionally, an advantage this has over the hardware downgrade (apart from not requiring disassembly of the phone), is that it also works on 1.1.3 OTB phones, or if you accidentally upgraded to 1.1.3.
WARNING: You may brick your phone with this. There is a very slight chance of this happening if you follow these instructions to the letter. You are performing this at your own risk; I am not responsible for anything.
Step 1 - Download the Software Bootloader Downgrade Kit
The software bootloader downgrade kit contains the bootloader downgrade tool, the bootloader erase tool, the bootloader download tool, and the first 0×20000 of the NOR dump of a 3.9 phone. This is everything you need to perform this downgrade.
You can download the software bootloader downgrade kit here.
Step 2 - Verify the Integrity of Your Software Bootloader Downgrade Kit
It is highly recommended that you verify the integrity of your software bootloader downgrade kit. To do this you will MD5 hash the downloaded file and compare the resulting MD5 sum to the MD5 sum of the original, unmodified file. On Mac OS X and most Linux distributions, a tool called md5sum is included that will do this. On Windows, there are several tools you can use, such as MD5summer.
The MD5 hash of the SoftwareBLKit.zip file is
cffd1a1d81bdf32fa74b8902dfeec3b8.
To check the MD5 sum of your downloaded file on a Mac, go into Applications, then Utilities, and open Terminal. cd into the location your SoftwareBLKit.zip file is at; on OS X 10.5, this is probably your Downloads folder (in your home folder). Then, run the following command:
md5sum SoftwareBLKit.zip
The MD5 hash of SoftwareBLKit.zip will be outputted. It should match the MD5 hash above. If it does not, then your SoftwareBLKit.zip file is corrupted and you should follow step 1 and step 2 again.
Step 3 - Extract the ZIP File
Using the Archive Utility included with Mac OS X 10.5, or if you do not have Mac OS X 10.5 (or do not have a Mac at all), any ZIP extraction tool such as StuffIt Expander, extract the SoftwareBLKit.zip archive. The contents should be extracted into a new folder.
Step 4 - Prepare Your Phone
The software bootloader downgrade process is risky on the 1.1.2 or 1.1.3 firmware. As such, it is not recommended that you use 1.1.2; use 1.1.1 or older.
If you have the 1.1.1 OS (or older) on your iPhone, then you are good to go. If you have the 1.1.2 software on your iPhone, then you will need to put your iPhone in DFU mode (by holding the power and sleep buttons, and releasing the power button after 10 seconds, while having the iPhone plugged into your computer with USB) and restore it to 1.1.1 (if you can use AppSnapp to jailbreak) or 1.0.2 (if you are unable to use AppSnapp for some reason). Once you’re at 1.1.1 or 1.0.2, jailbreak your phone as normal. (Jailbreaking your phone is out of the scope of this guide.)
Once you’re finished, if Auto-Lock is not already set to Never, set it to Never. This is important - if your phone shuts off in the middle of the downgrade process, you could permanently brick your phone and then you’d have a pretty iPod Touch.
Step 5 - Upload the Files to Your iPhone
Using Transmit or Fugu (on a Mac), or WinSCP (on Windows), create a folder in /usr/bin called ul. Upload the contents of the ZIP you extracted in step 3, to that folder.
Step 6 - Install MobileTerminal
This procedure should not be performed with Wi-Fi. If, for some reason, your Wi-Fi connection fails in the middle of the process, you could permanently brick your phone. You should install MobileTerminal on your phone using AppTapp. The simplest way to install this is by using the Installer - and this is the method I will be using.
In the Installer, touch the Install tab, then go into the System category and install the Term-vt100 package. (If you do not see this package, then you most likely do not have the Community Sources installed. To install this, go into the Sources category and install the Community Sources package.)
Step 7 - Set the Proper Permissions
SSH into your iPhone and type the following command:
chmod 755 /usr/bin/ul/*
Step 8 - Unload CommCenter
Using the SSH session from step 8, type the following command:
launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
Close the SSH session now.
Step 9 - Open MobileTerminal
On your SpringBoard, touch the vt100-Terminal icon. MobileTerminal will open.
Step 10 - Change Your Folder
cd into the /usr/bin/ul folder. To do this, type:
cd /usr/bin/ul
Step 11 - Downgrade Your Bootloader
Before you do this, verify that you set auto-lock to never. Also, you should have a battery with a good charge - it doesn’t have to be full, but it should be fairly high. I like to keep the phone plugged in - that way, there will be no battery problems.
In MobileTerminal, type:
./gbootloader secpack bleraser bldl 3.9_M3S2.nor
Step 12 - Restore Your iPhone
Using iTunes, restore your iPhone to 1.0.2 (if you can’t use 1.0.2, then use bbupdater to flash firmware onto your baseband manually). This will restore your baseband firmware as well. (You should not receive an error from iTunes.) At this point, you will have a phone with 1.1.1 and 3.9. You can unlock using anySIM as normal.
Source: aCujo.com
All of this is possible thanks to George Hotz. If you find his work helpful, then please donate to him - you can find a PayPal donate link on his blog.
Additionally, an advantage this has over the hardware downgrade (apart from not requiring disassembly of the phone), is that it also works on 1.1.3 OTB phones, or if you accidentally upgraded to 1.1.3.
WARNING: You may brick your phone with this. There is a very slight chance of this happening if you follow these instructions to the letter. You are performing this at your own risk; I am not responsible for anything.
Step 1 - Download the Software Bootloader Downgrade Kit
The software bootloader downgrade kit contains the bootloader downgrade tool, the bootloader erase tool, the bootloader download tool, and the first 0×20000 of the NOR dump of a 3.9 phone. This is everything you need to perform this downgrade.
You can download the software bootloader downgrade kit here.
Step 2 - Verify the Integrity of Your Software Bootloader Downgrade Kit
It is highly recommended that you verify the integrity of your software bootloader downgrade kit. To do this you will MD5 hash the downloaded file and compare the resulting MD5 sum to the MD5 sum of the original, unmodified file. On Mac OS X and most Linux distributions, a tool called md5sum is included that will do this. On Windows, there are several tools you can use, such as MD5summer.
The MD5 hash of the SoftwareBLKit.zip file is
cffd1a1d81bdf32fa74b8902dfeec3b8.
To check the MD5 sum of your downloaded file on a Mac, go into Applications, then Utilities, and open Terminal. cd into the location your SoftwareBLKit.zip file is at; on OS X 10.5, this is probably your Downloads folder (in your home folder). Then, run the following command:
md5sum SoftwareBLKit.zip
The MD5 hash of SoftwareBLKit.zip will be outputted. It should match the MD5 hash above. If it does not, then your SoftwareBLKit.zip file is corrupted and you should follow step 1 and step 2 again.
Step 3 - Extract the ZIP File
Using the Archive Utility included with Mac OS X 10.5, or if you do not have Mac OS X 10.5 (or do not have a Mac at all), any ZIP extraction tool such as StuffIt Expander, extract the SoftwareBLKit.zip archive. The contents should be extracted into a new folder.
Step 4 - Prepare Your Phone
The software bootloader downgrade process is risky on the 1.1.2 or 1.1.3 firmware. As such, it is not recommended that you use 1.1.2; use 1.1.1 or older.
If you have the 1.1.1 OS (or older) on your iPhone, then you are good to go. If you have the 1.1.2 software on your iPhone, then you will need to put your iPhone in DFU mode (by holding the power and sleep buttons, and releasing the power button after 10 seconds, while having the iPhone plugged into your computer with USB) and restore it to 1.1.1 (if you can use AppSnapp to jailbreak) or 1.0.2 (if you are unable to use AppSnapp for some reason). Once you’re at 1.1.1 or 1.0.2, jailbreak your phone as normal. (Jailbreaking your phone is out of the scope of this guide.)
Once you’re finished, if Auto-Lock is not already set to Never, set it to Never. This is important - if your phone shuts off in the middle of the downgrade process, you could permanently brick your phone and then you’d have a pretty iPod Touch.
Step 5 - Upload the Files to Your iPhone
Using Transmit or Fugu (on a Mac), or WinSCP (on Windows), create a folder in /usr/bin called ul. Upload the contents of the ZIP you extracted in step 3, to that folder.
Step 6 - Install MobileTerminal
This procedure should not be performed with Wi-Fi. If, for some reason, your Wi-Fi connection fails in the middle of the process, you could permanently brick your phone. You should install MobileTerminal on your phone using AppTapp. The simplest way to install this is by using the Installer - and this is the method I will be using.
In the Installer, touch the Install tab, then go into the System category and install the Term-vt100 package. (If you do not see this package, then you most likely do not have the Community Sources installed. To install this, go into the Sources category and install the Community Sources package.)
Step 7 - Set the Proper Permissions
SSH into your iPhone and type the following command:
chmod 755 /usr/bin/ul/*
Step 8 - Unload CommCenter
Using the SSH session from step 8, type the following command:
launchctl unload /System/Library/LaunchDaemons/com.apple.CommCenter.plist
Close the SSH session now.
Step 9 - Open MobileTerminal
On your SpringBoard, touch the vt100-Terminal icon. MobileTerminal will open.
Step 10 - Change Your Folder
cd into the /usr/bin/ul folder. To do this, type:
cd /usr/bin/ul
Step 11 - Downgrade Your Bootloader
Before you do this, verify that you set auto-lock to never. Also, you should have a battery with a good charge - it doesn’t have to be full, but it should be fairly high. I like to keep the phone plugged in - that way, there will be no battery problems.
In MobileTerminal, type:
./gbootloader secpack bleraser bldl 3.9_M3S2.nor
Step 12 - Restore Your iPhone
Using iTunes, restore your iPhone to 1.0.2 (if you can’t use 1.0.2, then use bbupdater to flash firmware onto your baseband manually). This will restore your baseband firmware as well. (You should not receive an error from iTunes.) At this point, you will have a phone with 1.1.1 and 3.9. You can unlock using anySIM as normal.
Source: aCujo.com
keine Lust auf nen bricked iPhone
