iPhone 3GS Jailbreak Delayed

Author: BigBoss  //  Category: Jailbreak, News

The dev team announced that it has a jailbreak for iPhone 3gs but has delayed release on it until after 3.0.1 firmware release. Many people are upset over this and really don’t understand why. Here are some details in layman’s terms:

1) Jailbreaking is done by exploiting bugs in existing hardware / software in order to gain access to the device (that Apple should have given in the first place).

2) On all devices to date, the jailbreak is permanent, meaning that it is at the hardware level and Apple lost those platforms.

3) On 3GS, Apple added another layer of security, an ECID. This is a key that is retrieved from Apple on restore to sign your IPSW image. If the image isn’t signed, the 3GS and iTunes will reject it and you will not be able to restore your device with that image.

On the 3GS, we can use an existing single exploit to retrieve the ECID and use that to sign “files” allowing to restore custom firmwares. (This is really dumbed down, but you should get the idea). Once the jailbreak is released, Apple will patch this hole.

The hole is such that anyone that has 3.0 firmware, you can obtain the necessary signing key. But once the jailbreak is out, Apple will patch it on the next firmware release. Those with the older firmware that saved off whatever was needed will always be able to jailbreak. Those that update without doing so will probalby never be able to jailbreak. Such is the nature of the exploit.

The logic in waiting is this. There are only a few iPhone 3gs devices sold. A 3.0.1 firmware release is due soon to fix some obvious 3.0 bugs and to patch up Ultrasn0w. If the jailbreak is released now, when 3.0.1 comes out, the only people that can jailbreak, ever, are those that had 3.0 and did not rush to update. If we release after 3.0.1 then 6 months worth of users should be able to jailbreak forever. (This assumes its 6 months from 3gs to 3.0.2 release, probably not that bad of an assumption). This should be a significant amount of people, which is better than nothing.  Releasing now gives apple a chance to patch the hole before the 3GS is even released in all markets around the world.

Note: those of you that are interested, you can save your ECID in a usable format using these instructions. Windows users can find USBView here.

Personal speculation: I believe that we may be near the end of the software jailbreaks. In the future, new devices may require some sort of tethered jailbreak. This means when you reboot your device you must be hooked up to a pc or such, do the jailbreak, and then unhook the device and use it – until you reboot again. I predict small tethered jailbreak devices to be sold from hong kong that you will be able to keep in your car or your pocket in case you have to reboot your iPhone. Not a perfect solution, but not that bad either. Personally, I never reboot my iPhone. But if it did crash, it would work as a “normal” iPhone until you attached the device and “hit the button” again or whatever.

Of course, you 2g, 3g, and ipod touch users will never have to worry. Your devices should remain jailbreakable forever.

BigBoss Authors: Mark Bruce & Kory Lee


76 Responses to “iPhone 3GS Jailbreak Delayed”

  1. Chris Says:

    What do you mean that the jailbreak is permanent???

    if i restore, the phone isn’t jailbroken…

    It is not like, via software we can change anything at the hardware level… or is it that way?

  2. ChaoticMayhem65 Says:

    Man thats kinda sad to hear. If i couldnt jailbreak my iphone i donno if i would buy one. And to never buy a new iphone again is a depressing thought lol. Well im glad i already got my 3gs and have followed your instructions.
    Thanks BB.

  3. Mike45 Says:

    That sounds logical and all, but right now they can jailbreak AND unlock 3.0 on the 3GS. But they don’t now if a 3.0.1 jailbreak will even be possible or if Apple will update the phone firmware in 3.0.1 so that ultrasn0w won’t work anymore. If they wait till Apple releases 3.0.1 (whenever that will be, could be months) then maybe it’ll too late because the “few” 3GS owners already updated their phones (the Dev team said “no jailbreak for 3.0, wait until 3.0.1″).

  4. Patience Says:

    “If i couldnt jailbreak my iphone i donno if i would buy one.”
    I agree!!!

    In a way, I’m kinda glad I didn’t get the new iPhone.

  5. BigBoss Says:

    Now’s the time to get it.

  6. BigBoss Says:

    No, it means the ability to jailbreak is permanent.

  7. BigBoss Says:

    You lose nothing by this only time. If everything can be done on 3.0, by waiting, you should also get everything on 3.0.1. We’ll see though.

  8. reznor9 Says:

    Here is my thoughts… they have been telling everyone that the 3GS is susceptible to the 24Kpwn exploit that they used in the iPod touch…thus saying that the jailbreak is doable and they are making it sound fairly easy…

    And now they want to delay the release until 3.0.1 because they are scared that apple will patch the exploit if they release it now…

    What doesnt make sense, is that they already blabbed about the exploit, and we all know it is the same exploit from the Touch JB, and they have confirmed it working on the 3GS… so what is to stop Apple from simply studying the Touch and finding all the holes from the 24Kpwn exploit by reverse engineering the Touch JB tool, and then closing all those holes along with the Ultrasn0w hole in the 3.0.1 update… It would only make sense that they are going to close both holes and we are doing all this waiting for nothing..

  9. BigBoss Says:

    This is not really the case at all. Yes the 3gs is susceptible to the 24kpwn exploit, but that alone is not enough to jailbreak a device. Apple added a second layer of protection to the 3gs. This does not exist in the touch and the exploit will be patched in firmware, unlike the 24k. This is what is being protected. Apple cannot patch this by studying touches.

    The feeling is to release it in a few weeks after the 3.0.1 so that apple has to do 3.0.2 to patch it. That gives more time and more devices with it. The thought is that once jailbroken, a device will be able to be jailbroken in the future. The more devices that get sold before it’s patched, the more of the community that can benefit from it. The 3gs hasnt even launched in many markets yet.

  10. Ucuy Says:

    should i buy one or not? I’m planning to buy one today … but if it cannot be jailbroken I prefer to stick at 3G … Apple is half stupid I think… they have to thanks jailbreak method, therefore they can sell their devices more in the world … they are too greedy to have a lot of money both from hardware and software … they don’t think a lot the feeling of the ‘loyal’ users in the world…from iPhone 1st generation to 2G to 3G to 3Gs they always buy them… and when they buy a new one they sell to someone else…it’s kinda a free marketing for Apple to increase their ‘loyal’ users … they will buy accessories from Apple, they will buy some software from them … still Apple does not think their feeling by KILLING JAILBREAK METHOD …. I think I should report this to Mr. OBAMA … and asked HTC to create one similar…

  11. ChaoticMayhem65 Says:

    Agreed. People just need to stop being greedy and selfish and realize all this work by the dev team and everybody else in the iphone development community is givin to us for free. And the key word here is COMMUNITY. This is for the greater good of the majority of our community as a whole. The dev team is simply trying to leave no man behind.

  12. Stanley Says:

    I like the idea of waiting because my contract isn’t up until December and I would be at a real loss without jailbreak. Please think about the greater good for everyone and support delaying the JB. Thanks for all your hard work.

  13. berry Says:

    “The thought is that once jailbroken, a device will be able to be jailbroken in the future.”

    How sure are we about this? Coz if we’re not, then that would mean that sooner or later Apple will fix all the holes and we won’t be able to JB the 3GS…

  14. J.B. Says:

    Just curious, if you don’t reboot your phone does that mean you never turn it off? And is your phone crash free or something?

  15. george Says:

    hey Bigbosss i asked you to respond on SBSETTINGS PROBLEM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! that CLOSE BUTTON WIDGET ( CLOSE APP TOGGLE) CRASHES WHEN YOU USE IT ON 3.0 FIRMWARE!!!!!!!!
    PLEASE FIX IT !!!!!!!!!
    THANK YOU!!!!!!

  16. My Opinion Says:

    Just my opinion, I think it is better to release the OS 3.0 Jailbreak on mid July, since iPhone is released in most of countries. Than when the Jailbreak is released I think the sales of iPhone 3GS will increase … iPhone will have no time to upgrade the new deii if jailbreak is made for the sake of greater good or community I think this is the time …. don’t wait until the release 3.01 … otherwise if Apple find the bug, the delay is meaningless …

  17. Ade Says:

    Big Boss
    Pardon me I am a novice in all this jailbreak issue. I have a 3g 16G iphone, can I be able to jailbreak it after 3.0.1 release by Apple? And why is Apple releasing firmware 3.0.1 so soon after 3.0?

  18. Randombod Says:

    Surely through telling people they need to get thier ECID is a big hint to apple?

    I’m prob wrong but it seemed like the ECID was gained from normal debug info from USB, which no doubt will be patched in 3.0.1 and can’t be fixed until 3.0.1

    so realisticly every 3.0 iPhone produced from now until 3.0.1 it will be possible to get the ECID so holding off the jailbreak won’t really enable more users

  19. stooovie Says:

    @Ade, no one said Apple IS releasing 3.0.1 yet. They should, though.

  20. JD Says:

    BB -

    What updates\fixes do you expect to see in the 3.0.1 patch? What known problems are in the 3.0 firmware?

    I have a 3g.

  21. Whitewolf99 Says:

    so when fw 3.0.1 will be released, we will have to redo our folders in categories again and sort the apps back in the folders?

    some soft of save and restore function would make the update so much less tedious….

  22. reznor9 Says:

    I understand about the 2nd layer of security and how they have made it so that it checks a signature specific to your iPhone 3GS proior to allowing the installation of a ipsw so to prevent you from installing custom ipsw firmware.

    And like GeoHotz has on his purplerain site, showing the USB dump that gives you the number for the signature so you can always run custom firmwares and such… ok this I understand

    But doesnt that still reply on 24Kpwn exploit?
    Without the exploit are they going to be able to break that 2nd layer of security? It just seems like they might be stalling for nothing if apple patches the exploit early… But the dev team arent a bunch of idiots, so I guess they have an ace in the hole that they havent told the public… infact the 24Kpwn might be a decoy for all we know.

  23. ernie Says:

    So if I buy a 3gs today or tomorrow I will be able to jailbreak as of now?

  24. reznor9 Says:

    yes… as it has always been

  25. Chris Says:


  26. Chris Says:

    Not per the Dev Team, unless someone else comes with a jailbreak program.

  27. BigBoss Says:

    You cant patch 24kpwn without spinning the hardware. It’s the 2nd layer of security that is the big fuss.

  28. BigBoss Says:

    I dont own or work on the close widget. Contact its author.

  29. stldirty Says:

    ok i have one HUGE question. i don’t have very much knowledge of this signing process so bear with me.

    1) can’t you get your ecid by clicking you’re serial number in itunes? why do we need usbview to find this?

    2) are they concerned about apple preventing them from actually going into the system and jailbreaking or are they concerned about apple not signing files AFTER they go into the system and try and jailbreak? if the later is true then why can’t we just falsify this signing process?

  30. stldirty Says:

    oops sorry. just realized its the udid you can get from itunes.

  31. Driz Says:

    So I got a question… If I go out and buy an Iphone 3gs today just to preserve the ECID, Can I switch the sim card to my iphone 3g until the jailbreak is released? And when you go into ATT, do you have to bring your 3g at all? Could I just bring my SIM card and say I want to buy a 3gs?

  32. Keyaku Says:

    I don’t think you got it Chris:
    the Dev Team /has/ a jailbreak. The problem on the 3GS isn’t the hack though, but implementing the jailbreak RAW data is:
    Apple was waiting for this to safely secure the newest generation iDevices and get away from jailbreak. The Dev Team, to prevent this, decided to publish their jailbreak only when this IPSW signing is fixed

  33. David H Says:

    You can buy the 3GS without showing them your 3G; all you need is your ATT account info, picture ID, and a credit card with sufficient funds available. I did this and they activate the new SIM, but I did not have them activate the 3GS. Clearly, you want to activate the 3GS and take the steps indicate by Big Boss, above, to SAVE your ECID. Then, you can move your SIM from the 3GS to your jailbroken 3G if the jailbreak and Cydia apps are more important to you than the upgrades to the 3GS.

    I bought the 3GS in large part due to what I believed was the imminent release of the 3GS jailbreak. While I am DISAPPOINTED with the Dev Team’s decision to wait, I certainly respect it.

  34. David H Says:

    One more thing if you are an ATT customer!

    CHECK YOUR UPGRADE DATE! They will text you with it if you dial *NEW#

    AT&T subsidized my 3GS purchase with a 2 yr contract renewal, even though It was LESS THAN 1 YEAR since I renewed my contract upon my upgrade to and purchase of the 3G on 7/11/08! I wasbone of the first on the west coast to get home with it.

    When the 3GS was released, I was sort of bummed about waiting for another year to upgrade, MISTAKENLY thinking ATT would make me wait. First, ATT accelerated by 3 months the upgrade date of 3G owners to reward early adopters. Second, depending upon the size of your account, ATT may authorize an upgrade in as little as 1 year into a 2 year contract, which is what they did for me.

    I have a family plan with 4 lines, 3 of which are iPhones. By allowing me to upgrade early (only my one phone, not the others), they lock me in for another 2 years, so they can be sure the others are going to roll over and continue even after their 2 years are up. My kids with the 2 other 3G phones won’t be eligible to upgrade with the $200 subsidy for a little more than a year still.

  35. BigBoss Says:

    Yes. They’ll activate it in store and you just swap it back yourself.

  36. Justin Says:

    You can jailbreak it now using redsn0w. When Apple release 3.0.1, don’t update to it unless the Dev Team give the go-ahead

  37. bassplayer2408 Says:

    With all the people owning iPhones, I don’t know anyone with a jailbroken phone. Give it up with the jailbreaking already. It’s like chasing a girl you’ll NEVER get… and for God sake, Dev Team, get out of your parent’s basement :)

  38. Zack Hébert Says:

    The current devices (except 3GS) are Jailbroken forever because the Jailbreaks depend upon a bug in the iBoot of the devices which allows the device to restore to an unsigned firmware image. The different firmwares cannot overwrite the iBoot on the current devices. Compare iBoot to a PC’s bios. No matter how badly screwed up an operating system becomes, the computer can always be saved by reloading the operating system from scratch.

  39. ChaoticMayhem65 Says:

    ok so why are you even here then?

  40. HandyRandy Says:

    actually if u click on phone # u get ICCID. Would this help?

  41. reznor9 Says:

    Thats my train of thought… we are already talking about how 3.0 is susceptible and easy to get the ECID from.. so you know apple has a team of people monitoring the dev team blog, so Im sure they know they need to patch everything they can around that ECID now… so Im not sure how delaying is going to help anyone. As soon as the iPhones start coming out with 3.1 preinstalled, then those people are all Fked as far as I can tell from reading the blogs… which sucks.. cause I just bought myself one to replace my 3G and want to get my wife one too, to replace he 3G, but they are so damn expensive. I fear by the time I can afford the 2nd one, the hole will be patched.

  42. reznor9 Says:

    dont hate us because you cant figure out how to get into DFU mode. :p
    Maybe someone off craigslist will jailbreak it for you

  43. toeknee93 Says:

    ICCID only identifies the SIM in the phone, not the low level hardware ECID information.

  44. iphone_slut Says:

    yea when the fuck is the proper jailbreak comming out for 3.0 cause at the moment my iphone looks gay & i wanna set it on fire, i tried redsn0w & worked when i crack it but cydia & iccy where good for fuck all so now me iphone is a standard gammon 3.0 & looks absolutely shit….. not happy

  45. pimp Says:

    Date: 06/30/2009

    To Bigboss,

    I jailbroke my iPhone 3G on the 3.0 firmware. The phone works correctly. When I started installing Cydia apps,,,when I get to a certain number of cydia apps,,the screen said I was running out of memory on my iphone. I then realized it was because I needed “bosstool” to make installing cydia apps on 3.0 work, past a certain number of installed apps. This is the problem. Bosstool doesn’t work on 3.0.

    Do you have any suggestions on how to fix this? Am I, as well as everyone, just currently limited to the number of cydia apps one can install, until this is fixed?


  46. Stef Says:

    Just wondering…

    ok, Dev Team doesn’t want to publish their JB exploit for 3GS for X reasons (even if according to me, these reasons are “poor”)… What about this site and its tool :


    has someone already tested it ? will it work ? (they explain that their tool will JB and Unlock 3GS…)

    Thanks for info


  47. Dennis (written on my JB 3.0 iPod touch 2gen) Says:

    I also think the 24Kpwn is a decoy, just to make Apple engineers worry, but there’s also the 2nd layer of protection that makes me think apple left it like a challenge to the dev-team. So it is kind of confusing, and then pops out another question, why is the dev team waiting until 3.0.1? If you JB your 3GS on 3.0.1 won’t they have the same problem with 3.0.2? That I’m really sure apple will release (and maybe a new iTunes release) when they know about the 3.0.1 JB on 3GS

  48. Dennis (written on my JB 3.0 iPod touch 2gen) Says:

    The problem is not the firmware it doesn’t matter the only thing dev-team is looking for is for a bug in the hardware, and I’m pretty sure they have already discovered how to pass the second layer of security but if they let apple know they beautiful 3GS can be jailbroken is for sure that apple will do something to stop them, so the dev-team waits until 3.0.1 so apple will be weaker and will have a slower response

  49. Driz Says:

    Thanks for the response bro. I bought it and saved my ECID! Can’t wait for the jailbreak, until then Ill be using my 3g so I have sbs settings and all my fun stuff

  50. noPush!?! Says:

    pimp, not sure that is your problem. it looks like you ran out of memory not space. do you still get the error after a fresh reboot?

  51. pimp Says:

    no it is not the ram,,otherwise it would just freeze or crash, like other apps do when they run out of ram. ie: safari crashing, etc.

    Rather, this is a specific message given to me about the phones memory. I know that the partition towhich the cydia apps are stored is very small. And bosstool fixes this. However since there is no bosstool,,,When I get to a certain number of apps,,i get that message. I was wondering what i could do? thx

  52. mbhullar Says:

    Attempt to explain in layman language why Dev team decided to postpone the release of 3GS Jailbreak software. Please note I am not attempting to be condescending in any way.

    First some history, all devices prior to 3GS have been jailbroken due to a hardware exploit that is called the 24Kpwn exploit and the fact that the iboot (think of this as the bios on your PC) does not care if the IPSW firmware (think of this is as the software on your PC, XP, Vista etc) installed is signed or not. The 24KPwn exploit is hardware dependent, therefore all hardware prior to 3GS can be jailbroken. Whether they can be unlocked is a different story. Software like Yellosn0w and Ultrasn0w exploit bugs in the baseband that enables the phone to become unlocked. However, in theory this problem can always be circumvented as new releases of software come out (3.1, 3.2 etc) one can always create a custom image with a firmware where the baseband is not updated but rest of the software is. So based on this all users prior to 3GS can always be jailbroken and stay unlocked.

    Now let’s talk about 3GS.
    1. The 24KPwn exploit still exists in the 3GS hardware and Apple cannot patch this without changing the hardware, so this is good news for all 3GS owners.
    2. The additional change that Apple has done is any IPSW that is now installed (custom or otherwise) needs to get a signature from the Apple store based on the ECID that is unique to each device. As of now for people who have 3GS phone with the current 3.0 software this signature file can be captured and this will enable them to jailbreak their existing 3GS phone for ever.

    Now let me get into rationale of why Dev team has pushed out the jailbreak for 3GS. If the jailbreak software is released now then you hand over to Apple the exploit and they will immediately fix it in 3.0.1 locking the majority of community to never be able to jailbreak the phone (likely scenario). However, if Apple cannot find this exploit themselves prior to 3.0.1 coming out many more users will have their hands on this device, with the exploit in place more users will have jailbreak on their iphone. If however, Apple finds the hole and fixes it prior to 3.0.1 which is entirely possible then only the lucky 3GS users with 3.0 software who have captured the signature file will be able to permanently jailbreak their iphone. Bottom line existing 3GS owners with 3.0 software are safe and must stay patient in the interest of the larger community that hasn’t bought the 3GS device.

  53. Handsfull Says:

    Now this was a great explanation….thank you. For all of us who are just smart enough to be dangerous…we appreciate it.

  54. Anupam Says:

    Looks like 3.1 (BETA) is out to developers.


  55. tottieboy Says:

    i need hlp to unzip 3g firmware. iam using winrar to unzip it, but its not right its a .dmg filewherein i open the readsnow and browse it theres no restore firmware..
    i appreciate ne bodys hlp..tks


  56. Iblackdude Says:

    Well said, but I still have a question.
    You said at the end that people with 3.0 right now are safe.
    Question : if I buy the 3GS now, keep it in the box, not activated, never connected to iTunes, if a jailbreak/unlock is released after 3.0.1, am I still safe ???? I mean do I need to get the 3GS Now with 3.0 and connect it to iTunes to be safe ????
    For those shaking their heads, I have a 2G iPhone running 2.2 and riding tmobile. I just don’t wanna buy the 3Gs and open the box, then being unable to return it to Best Buy in case of apple screw de jailbreak. That will be $700 in the trash !!!!
    Thanks to reply.

  57. iphone_slut Says:

    so yea when the fuck is a good jailbreak for 3.0 ready & out for windows huh when when daddy when wwwwwwwwwhhhhhhhheeeeeennnnnnnn??????? if so tell me daddy tell me………..

  58. mike Says:

    Who needs a jail break? Just buy one in Hong Kong in a week or so when it comes out. They always sell unlocked here.

  59. mbhullar Says:

    Based on everything I’ve read as long as you are on 3.0 of the software and you capture the signature files you will be able to jailbreak 3GS for ever. With newer firmwares as well. The trick really is to get the Iphone before Apple updates/closes the exploit in the iboot. The post at the top has instructions on how to capture the signature files.

    Hope this provides some clarity.

  60. iphone_slut Says:

    Fuck hong bong baa hahahhaha…….

  61. iphone_slut Says:

    big boss sluts work harder do it for daddy…

  62. Shane Says:

    Since 3.1 beta is out not long to wait now for a jb for 3.0 if dev team is honest about the original delay

  63. Shane Says:

    If it’s the same prolem I had you do not unzip it. You hange the file name to .ispw and it reads it correctly in redsnow

  64. Shane Says:

    If it’s the same problem as mine you don’t unZip you just change the last part of the file name to .ipsw or whatever resnow is searching for!

  65. Shane Says:

    Shane said:
    Jul 1st @ 08:44 am
    If it’s the same prolem I had you do not unzip it. You hange the file name to .ispw and it reads it correctly in redsnow


  66. Shane Says:


  67. John Says:

    Are we hooped if we ever have to replace our phones after 3.0.2 comes out?

  68. Anonymous Says:


  69. Vegassteven Says:

    You know a pc can have it’s BIOS flashed as long as it is a ram chip and not a rom chip…

    In the same way you cannot write to a gameboy advance retail cart (rom or read ONLY memory) but can buy a RAM cart (random ACCESS memory) and write images to it

    this assumes the 3gs uses a bios that has the ecid written to a rom chip. I’ve has iPhone 3gs which have told me they have an invalid ecid so there is a slim chance the 3gs uses ram, right?

    I’m not even as close to as smart as most people here but that’s my basic understanding of it

  70. Paul Says:

    Sorry if this is a stupid question.

    But if the exploit is fixed in 3.0.1 or 3.0.2 or whatever; couldn’t the 3GS owner just downgrade to 3.0 and capture the ECID that way.

  71. PG Says:

    You can still use PURPLERA1N though and jailbreak now.

  72. Leon Says:

    In the “Speculation” you suggested that a future Apple update to the 3GS could end software jailbreak/unlocks. This suggests that hardware keys/devices that could come from Asia might need to be inserted in the Iphone port to effect the jailbreak/unlock.

    Here is my question: I rely greatly on a jailbroken/unlocked iphone. I really don’t want to get a 3GS at this time. In the future, I don’t mind having to purchase/use a hardware device to jailbreak/unlock.

    However, what is the probability of this speculation? Is it likely that Apple can make a change that woud make a jailbreak/unlock impossible regardless of the method used (hardware or software). Should I “panic” and get a 3GS now to assure a jailbroken/unlocked Iphone in the future?

    Or, is it very likely that a hardware method as previously speculated will be available regardless of Apples efforts?

  73. Drew Says:

    If you set it on fire, you won’t be able to jailbreak it. Trust me on that…

  74. Anonymous Says:

    How do u jailbreak an ipod touch I have no clue and I need help thanks

  75. cheap mac Says:

    I do not even know the way I stopped up here, however I believed this submit used to be great. I do not understand who you might be but definitely you’re going to a famous blogger for those who are not already ;) Cheers!

  76. iphone 4 unlock Says:

    I like the valuable information you supply to your articles. I will bookmark your blog and take a look at again right here frequently. I am slightly sure I will be told a lot of new stuff proper right here! Good luck for the following!

Leave a Reply