Just wanted to tell people because I thought I was in a hopeless situation...
Have an iPhone 3GS with old bootrom, but only had 3.1.3 SHSH blobs on file (not 3.1.2 or earlier). Therefore, I thought my only option was a Spirit JB and therefore no possibility for carrier unlock.
Not so!! This wonderful hack lets you go from a clean 3.1.3 restore to a Spirit JB, then run Spirit2Pwn and finally restore from a Pwnagetool custom 4.0 FW.
Here's a website with instructions, but it's actually even easier than that now that someone has created a Cydia package for it.
http://leimobile.com/guide-3gs-old-bootroom-spirt-ios4-jailbreak-unlock/
Here's abbreviated instructions:
1) Do a full restore in DFU mode to 3.1.3 FW using a pre-9.2 version of iTunes (I used an old laptop that hadn't been updated lately). Note that you will have to edit /etc/hosts using Saurik's hack to bypass the authentication servers. This is easy, just google it.
2) If you get an error message at the beginning of the restore when it's trying to verify the FW, it's because either you haven't edited /etc/hosts or you don't have the 3.1.3 SHSH blobs on file with Cydia (oops!)
3) You will most likely get an error message at the end of the restore. This is fine. Just use recBoot to kick your phone out of DFU mode (google it). You are now up and running with FW 3.1.3.
4) Open up Cydia and add the following repo: http://repo.woowiz.net/
5) Wait for Cydia to refresh, then search and install Spirit2Pwn. It'll take several minutes to install, so don't exit out - just let it do its thing. When it's done your phone can now be successfully pwned with the latest version of pwnagetool.
6) Download the latest version of pwnagetool and run it to create your custom 4.0 FW.
7) Put your phone in RESTORE mode (NOT DFU this time) and restore from the custom 4.0 FW you just created with pwnagetool.
8) Voila! You now have a jailbroken 3GS on iOS4.0! Open up Cydia and install Ultrasn0w for the carrier unlock.
This can be modified for Windows users, substituting Sn0wbreeze for Pwnagetool. If you have questions let me know... I spent several days working on this to prep my 3GS for E-Bay so I've learned the ins-and-outs.
Have an iPhone 3GS with old bootrom, but only had 3.1.3 SHSH blobs on file (not 3.1.2 or earlier). Therefore, I thought my only option was a Spirit JB and therefore no possibility for carrier unlock.
Not so!! This wonderful hack lets you go from a clean 3.1.3 restore to a Spirit JB, then run Spirit2Pwn and finally restore from a Pwnagetool custom 4.0 FW.
Here's a website with instructions, but it's actually even easier than that now that someone has created a Cydia package for it.
http://leimobile.com/guide-3gs-old-bootroom-spirt-ios4-jailbreak-unlock/
Here's abbreviated instructions:
1) Do a full restore in DFU mode to 3.1.3 FW using a pre-9.2 version of iTunes (I used an old laptop that hadn't been updated lately). Note that you will have to edit /etc/hosts using Saurik's hack to bypass the authentication servers. This is easy, just google it.
2) If you get an error message at the beginning of the restore when it's trying to verify the FW, it's because either you haven't edited /etc/hosts or you don't have the 3.1.3 SHSH blobs on file with Cydia (oops!)
3) You will most likely get an error message at the end of the restore. This is fine. Just use recBoot to kick your phone out of DFU mode (google it). You are now up and running with FW 3.1.3.
4) Open up Cydia and add the following repo: http://repo.woowiz.net/
5) Wait for Cydia to refresh, then search and install Spirit2Pwn. It'll take several minutes to install, so don't exit out - just let it do its thing. When it's done your phone can now be successfully pwned with the latest version of pwnagetool.
6) Download the latest version of pwnagetool and run it to create your custom 4.0 FW.
7) Put your phone in RESTORE mode (NOT DFU this time) and restore from the custom 4.0 FW you just created with pwnagetool.
8) Voila! You now have a jailbroken 3GS on iOS4.0! Open up Cydia and install Ultrasn0w for the carrier unlock.
This can be modified for Windows users, substituting Sn0wbreeze for Pwnagetool. If you have questions let me know... I spent several days working on this to prep my 3GS for E-Bay so I've learned the ins-and-outs.
