When you try to update, restore, or reset a 3GS iPhone that has been unlocked using the iPad2 06.15.00 Modem Firmware (baseband), that iPhone goes into protected mode.
This blog post provides you the steps to get out of protected mode. Things were difficult enough when Apple was signing iOS 4.3.3 but now that they are no longer signing iOS 4.3.3 things have gotten quite a bit more difficult.
There currently is no untethered jailbreak for iOS versions 4.3.4 and 4.3.5 and I don’t expect there ever will be. When someone makes the mistake of trying to update, restore, or reset a 6.15′ed iPhone 3GS and if you end up an iPhone that can’t be taken out of protected mode because the 4.3.3 iOS has been damaged you will have to restore 4.3.3 to the iPhone. For this you will need 4.3.3 SHSH Blobs to do this.
Here are the steps to restore 4.3.3 to a 3GS that has a baseband of 06.15.00 when you don’t have the 4.3.3 Blobs for that iPhone saved on your computer.
I just finished fixing a recovery mode error on a 3GS for a customer where we didn’t have the blobs and it cost him $50.
1. IPSW Download — Download the 4.3.3 IPSW for your iPhone model.
2. sn0wbreeze Download — Download and install sn0wbreeze for the PC platform or Pwnagetool for the Mac and build a custom IPSW. If you don’t have a SIM for the original Carrier then you will need to check Hactivation.
3. USBView Download — Install USBView, start USBView, connect your iPhone to your USB port, make sure Options–>Config Descriptors is checked then press F5, find the entry in the left pane that states “Apple Mobile Device (Recovery Mode)” and highlight it, highlight and copy the 16 digit ECID number from the right pane.
4. TinyUmbrella Download — Download, install, and start TinyUmbrella. Then add a Device to TinyUmbrella by clicking on Manual ECID under the General Tab and adding the ECID, selecting 3GS for the iDevice field, give the iPHone a display name, and then click on Create Custom Device.
5. Save SHSH Blobs — Make sure Request SHSH from Cydia is check and then highlight the 3GS display name you manually added and click on Save SHSH. This will copy the SHSH blobs to your local computer. You need to do this so that when you install the 4.3.3 your computer can sign the Restore.
6. TSS Server — Start the TSS Server on TinyUmbrella so you can restore the 4.3.3 to your 3GS using the saved SHSH Blobs.
7. Pwned DFU — Put the iPhone in pwned DFU mode. You can use RedSn0w 0.9.6rc16 or iREB to do this.
8. iTunes Restore — Start iTunes and do a Shift-Restore (PC) or Option-Restore in iTunes (Mac) and restore the custom IPSW.
9. Fixrecovery — Put iPhone in DFU mode and run fixrecovery.
10. Activation — Activate your iPhone on iTunes. Here you will need a SIM card from the original carrier. If you don’t have a SIM from the original Carrier you will have needed to check Hacktivation when you build your custom IPSW so you can bypass the Activation process.
If you do Hacktivate your iPhone you should run the Subscriber Artificial Module (SAM) app which simulates an official SIM card ID (ICCID) and IMSI so that notifications will work. You will find the SAM app by doing a search in Cydia on your iPhone. You may need to add the Bingner Source to Cydia before you can find SAM via a Cydia search.
Recent Comments