iPhone 3G with 4.2.1 – jailbreak and unlock

Wow – where did the month of June go? I’ve kept busy, but haven’t been very good about posting to the blog – I’ll try to get back to my once a week posts.

Recently my Dad rediscovered my blog and found the iPhone 3G with 3.1.2 post. He also has an older Rogers iPhone 3G and wanted some help unlocking it for use with any carrier, especially for use in the States.

He had upgraded the iPhone 3G to 4.2.1. This came along with the baseband (modem) version 05.15.04. I believe that 4.2.1 is the most current version of iOS that can be run on this generation of the hardware, and from what I’ve been told many feel that 3.1.3 is better performing but will prevent you from running some of the more recent applications that require newer features.

One of the problems with 4.2.1 is that while it can be jailbroken, it doesn’t have an unlock due to the baseband (modem) version. So my first thought was – why not just put the phone into DFU mode, and install 3.1.3 on it?

This is where I ran into the first problem. The firmware installed just fine, but we then got a 1015 error. There are two steps that happen when you’re installing a new firmware on your iPhone. (1) The firmware is installed (2) your PC calls home to Apple to verify the firmware.  There is a good write-up on this by Jay Freeman (saurik) that goes into details (read up on the signature server).

At this point I allowed iTunes to just restore back to 4.2.1 to get the phone back into a working state. Still not deterred, I figured there had to be a way to solve this problem. There is probably more than one solution, but I’ll focus on the one I used: it turns out that you can downgrade your baseband (modem) in 4.2.1 IF you have the right bootloader (5.08).

I used tiny-umbrella to check the bootloader version, I puzzled a bit over the information it was providing until I realized the bootloader version was tacked onto the end of the modem version. This is actually not a required step as the downgrade process will check for the correct bootloader anyways.

On the right is my conceptual model (potentially incorrect) of how the iPhone lays things out. There is the bootloader which is a little bit of code that runs when the phone is powered on. It knows enough to help recover if things are in a very bad state and there appears to be no firmware – or we’re in DFU mode. Breaking the bootloader would be a very bad thing.

The firmware and modem (or baseband) are bundled together for distribution, but occupy unique areas in memory and are installed somewhat independently. There are a number of hacks which allow you to prevent the modem from being upgraded (allowing for unlocking to still work).

My understanding of iPhone unlocking is that most of the unlocks are software tweaks to the modem. This is not a true unlock, but a patch that is run each time the phone is booted (or possibly more often). The reason you need to jailbreak your device in order to unlock, is you need to run some unsigned code to unlock the phone. No jailbreak, no unlock.

So, assuming you’ve got the 5.08 bootloader the steps are:

  1. Jailbreak 4.2.1 with redsnow (the latest)
  2. Launch Cydia and install FuzzyBand
  3. Modify FuzzyBand with a new ‘cert’ (download ICE2-05.15.04.cert)
  4. Run FuzzyBand to downgrade the modem/baseband
  5. Install ultrasn0w via Cydia

That’s it. At the end of step 4 you’ll see the “I HAZ DOWNGRADE!” as pictured at the top of this post.

I find it a bit odd that FuzzyBand in Cydia needs to be modified with an additional ‘cert’ file to identify the 05.15.04 modem/baseband. I used a trial version of DiskAid as I was using a Mac. The modification is simply reaching into the FuzzyBand application installed on your iPhone using DiskAid and adding the cert file to it, very easy. If you don’t modify FuzzyBand, it will refuse to downgrade the 05.14.04 modem, it also appears to check that you’ve got the right bootloader (I did) – so it tries fairly hard to be helpful.

Now that your phone is jailbroken and unlocked, sync it to iTunes to recover all of your apps an files. Do not upgrade the firmware again – or you will be back to square one (or worse, possibly locked out). Also consider capturing your SHSH blob.

30 thoughts on “iPhone 3G with 4.2.1 – jailbreak and unlock”

  1. This sounds straight forward, but definitely not for the typical user. Even after a hand on session, I would probably fry the iPhone for the first dozen times or more. It was most enlightening to watch someone works through the problem with care and confident. But then luckily I have one of the very best in the tech industry.
    My requirement for a unlock phone is because I spend consider time over the winter month, south of the border. The cellular roaming charges are anything but consumer friendly. “For a 1MB download on wireless data plans from Bell and Rogers, Canadian’s pay around $25 in roaming charges.” And that is, for those with a $70 monthly plan. So for my case, it is best to have a disposable, pay as you go phone, supplemented with WiFi for 99% of the time.
    “The European Commission unveiled a plan to slash roaming fees, by up to almost 80 per cent over three years”. It can’t come soon enough, if only Canada and US would adapt similar regulation. But for now, next winter, I will thumb my nose up at Bell and Rogers. Cool !

  2. Can my iphone 3G with band 05.15.04 and 4.2.1 version be jailbreak and unlock? What software is available for this?

  3. Brewster. Yes – the post above describes what I did for an iPhone 3G with band 05.15.04 to jailbreak and unlock. It does require that you have the correct bootloader (5.08).

    Follow the 5 steps listed in the post above. FuzzyBand will tell you if the bootloader is not the right version.

  4. Ok, how do you modify Fuzzyband with the new cert? And then, how do you run Fuzzyband? Just install it?

  5. a) FuzzyBand is installed on the device via Cydia.
    b) Once installed, it’s just and app that you run.
    c) However, as it exists in Cydia – it doesn’t have the certificate for the 05.15.04 modem/baseband.
    d) Use a utility like DiskAid (Mac) to reach into the files installed on the phone and modify them.
    e) Once modified, re-run FuzzyBand and you’re all good [of course, FuzzyBand requires v5.08 bootloader]

  6. Thank you so much! Haven’t been in the upgrade/Jb for a little while and somhow, upgraded from 3.2.1 to 4.2.1 and got stuck with the 05.15.04 BB!! Took me like 6hr to find the good info and fix the problem, now I’m back on track with that fuzzyband trick!

    THANK YOU soo much, best info I found about that mather.. Too sad this only work for Iphone 3G on Bootloader 5.08!!

    I shall now go to sleep! 🙂

  7. Hi, my girlfriend intelligently let some phone shop try to fix her frozen iphone which was on 3.1.3, unlocked/jailbroken. it was upgrade to 4.2.1 with 05.15.04. i got it jb with redsn0w and installed fuzzyband. i did not modify fuzzyband with the cert, rather, just ran fuzzyband and the info it gave me said bootloader version 6.02 and downgrade it not possible.

    question: is this the automatic response because i didnt modify the cert or if i modify the cert, will i get a different action from fuzzyband?

  8. As far as I know the bootloader version doesn’t ever change (ie: think of it like your computer BIOS). So if fuzzyband detects 6.02, then it doesn’t even try to downgrade.

    Some people install the iPad baseband, but this will break GPS. Given that the 3G doesn’t have real GPS, this may not matter too much but I still wouldn’t recommend this course of action.

    You could also look into using a Gevey sim. It pairs up with your existing SIM card and fools the phone on boot into thinking it is in emergency mode.

    There is also some chatter out there about the ability to downgrade more recent base bands (including the iPad version) – but no actual code yet. (so another option is just wait)

  9. Thanks Roo, this is helpful. So I have now gone through the effort of unlocking/jailbreaking the iPhone back to 4.2.1 with BB 6.15 and the baseloader is 6.02. Is there any way to downgrade the software to 3xx? I’ve scoured the net, not finding anything with this bootloader

  10. Well, downgrading the software to 3xx won’t help fix the baseband issue. Now that you’ve moved to BB 6.15 you’re stuck there until someone figures out how to downgrade from that baseband.

    The bootloader issue is something that there are no fixes for. You’ve got 6.02 and that’s what will always be on that phone.

    In terms of moving to 3xx firmware: you can assuming you were smart and told Cydia to ‘remember my SHSH blob’ for you – then you should be able to get the SHSH’s for your device (they are device specific) and then use one of the utilities out there with the SHSH blob to allow you to fake the authentication from Apple’s servers.

    This is a complex topic, so all I can really do here in a comment is try to point you in the general right direction. I haven’t done this myself. In the case I documented in this post, I didn’t have SHSH blobs for the phone I was working with, so I just left it at 4.2.1.

  11. Thanks for the insight. The challenges I’m running into are of someone trying to help someone else who didnt take the necessary precautions to protect themselves. Basically, having the iphone 3G running on 6.15 is not a problem but not being able to get it off iOS 4xx and back to 3xx is killing the battery/performance.

    Continue with your great blog, it’s a nice place to read!

  12. Okay then, based on all the great-awesome-stupendous comments/websites/forums/etc. that I’ve worked my way thru, I’m guessing the answer to this is pretty obvious, but going to ask anyway…

    Using TinyUmbrella, I have a 3G – FW: 4.2.1 (8C148) – BB: 5.15.04 – BL: 6.4, so thinking that as far as I’ve researched, I can’t go the ‘downgrade’ route (correct??), but the only ‘current’ option available to me is to either do the redsn0w iPad BB: 6.15 path (which once done, you can’t EVER go back) to unlock this phone, or…

    …wait until a ‘hopeful’ future release of redsn0w/Ultrasn0w/etc. is released that has a ‘proper’ break for this.

    That about sum this up?

    Thanks again to all who post and share their wisdom and knowledge.

  13. Philly Idol – yes, what you’ve written is correct.

    Simply put – if you’re on 4.2.1 unless you fall into the very special case of having a 3G that has the 5.08 bootloader, then you are stuck. This special case is what my blog posting above is focused on.

    Folks that saved their SHSH blobs can go to earlier versions of the firmware, but end up stuck with the more recent baseband. People who upgraded very carefully preserving their old unlockable basebands will have 4.2.1 installed, but with an older baseband. Honestly people in these two categories are more rare than those with the 5.08 bootloader.

    Going forwards to baseband 6.15 apparently wrecks your GPS. Many don’t notice since the GPS via wifi access points will work, but you won’t get any actual satellites from what I understand. Folks in North American cities may find enough wifi points to get reasonable GPS – but outside of the city it’s not going to work reliably at all.

    The other option is to chase down a Gevey SIM that will work with the 3G. Most material out there claims it is for iPhone4 only, but I’ve seen some evidence that it could be made to work with the 3G.

  14. Hey Roo,

    That’s pretty much what I figured, although the phone was intended for my niece as a Xmas/New Years/B-day present, and I’m pretty sure she (or her mom) doesn’t care about GPS, as she just turned 12, and it’s just for her and her mom to be able to keep in touch, as she’s now walking to school by herself, so if the only ‘downside’ to the 6.15 BB is the GPS, we might just go for it, unless you (or someone in the community), know(s) that a FW 4.2.1 BB 6.15 break is in the works and soon to be released???

    Thanks again

    P.S. I do have a friend with the same locked provider as this one, with same FW and BB, but their BL is 5.9, so if anyone knows if THAT BL is closer to being broken, I can swap out with him and unlock that phone (figured I’d ask 😉 – thanks

  15. You give me a lot of undeserved credit for being in touch with the ‘community’ – I’m more of an Android fan.

    A friend of mine had a 3GS in basically the same issue. They are using the locked Rogers phone in a different country and opted to go the 6.15 baseband route. It seems to work acceptably for them.

    My guess is that while these (bootloaders/basebands) could be broken – most of the community effort is focused on the newer devices and newer versions. This makes it less unlikely that a fix will be available.

  16. LOL,

    Well if it wasn’t for this blog (of which I’ve received very quick responses from ;-), I would still be ‘in the dark’ on some of my questions, so credit is deserved for the 411 and the replies.

    I think after all’s said and done, the iPad route isn’t that big of a deal with who the phone is going to, because by the time she’s old enuf to care about GPS, she’ll have a newer phone and this one’ll be in the bin (or used as a doorstop 😉

    Cheers and thanks again for the info.

  17. Okay – Help!!

    I was able to jailbreak the phone (I think), although somethings not quite right.

    First – I had to use redsn0w 0.9.6rc19, because the newest one(s) (0.9.9b8 & 0.9.10b3) would kick back the “USB communication problem” and after researching, found that this was known with other RS releases except for 0.9.6rc19.

    So, it ran, but I didn’t seem to have to load the iPad 6.15 baseband, as the carrier field now shows ‘Not available’, which I’m hoping means ‘put a SIM in from whichever carrier you like’ (although, I haven’t done the Cydia-ultrasn0w step), so if that’s true, then step 1 achieved with 4.2.1 BB 05.15.04 BL 5.9.

    Now for the other BUT…

    As I said, I haven’t done the Cydia-ultrasn0w step, because I’m now having the ‘no wifi after jailbreak’ issue, so if there’s some/any info ANYONE has on this (or ‘you didn’t do it right’) – I’d be really appreciative

  18. P.S. Of course, I could just ‘Restore’ the phone to factory and see what happens, but the question I really have is, “should I have wifi on and running BEFORE I jailbreak?”

  19. I don’t know of any requirement to have wifi enabled prior to jailbreak. I’m pretty sure redsnow re-installs the firmware + hack, so it’s always basically a fresh install.

    I don’t recall what the phone said prior to having a SIM installed, it’s been a while. I had previously checked that it didn’t accept a non Rogers SIM (my phone was locked to Rogers) – and after I installed ultrasn0w, it was happy to take the Fido SIM.

    I wouldn’t hesitate to restore to ‘factory’ – but one caution would be to make sure you’ve backed up your SHSH blobs first. This will ensure you can return to this firmware level. I think 4.2.1 is still a valid version to install, but I like to plan for the future.

    [Searching around a bit, it seems some people claim rebooting your wifi router will ‘fix’ the jailbroken + wifi issue – I find that a bit odd, but some wifi routers are a bit wonky. Reboot everything and try again. If not, start over]

  20. Hey Roo,

    Looks like it was a ‘You didn’t do it right’ thing and we found out it was a bum phone to boot, as the wi-fi [b]never[/b] worked (kind of a ‘nned-to-know’ item lol).

    Anyway, it wasn’t a total waste, cuz I now have the process down pat from so much practice ;-).

    As it is, they went and got another phone that was unlocked, so they’re good-to-go now, but I sincerely thank you for all your wise advice and assistance on this, as I can now say I have some experience in this, and there’s nothing better than that in my book.

    Cheers to you and all the other jailbreakers and unlockers out there 🙂

  21. Hey Roo,

    Have one ‘glitch’ that one of my friend can’t seem to hunt down a fix for.

    Her’s is the whole 3G, 4.2.1 with JB iPad BB 6.15, nd the phone works (can make/receive calls/texts/etc.), except for when she tries to browse (i.e. Safari, Google, Facebook, etc.). She gets a ‘need to connect to wifi’ pop up, which is fine if she’s at home with wifi, then she can browse, but she has a data plan with her provider and it doesn’t seem to connect to it.

    She found a ‘cydia.pushfix.info’ fix on the web, which included a quick SIM pull and tried it, but didn’t work, so was wondering if any of the guru’s you know (or out there) had any advice, or how-to’s to try?

    Thanks for all the assists/advice so far, as I had 2 other phones thru friends that we ran JB’s on and all your points really helped get them up and runing 🙂 🙂


  22. You again give me way more credit than is deserved.

    A few searches found at least one thread that talks about this issue – with mixed information http://forum.iphone-developers.com/carrier-sim-unlocking/1256-no-service-issue-after-unlocking-iphone-3g-6-15-baseband.html

    There are a couple of possibilities here:
    a) The APN settings are wrong.
    b) Her provider data network is not compatible with the iPhone (or iPad baseband) capabilities.
    c) Her provider network is blocking her iPhone data access because it is not a recognized phone. They can do this via IMEI blocking. Usually this is linked to the type of data plan you have as well.

    The cydia.pushfix.info appears to be for push notifications specifically – this is not the problem you describe your friend having.

    A couple of things I’d do.
    1) Verify that another phone with her SIM works with data.
    2) Check the APN settings, here is a potential resource: http://www.mingwireless.com/iphone-repair-a-unlocking/iphone-internet-setting.html
    3) See if the iPhone works with a different SIM (on a different network)

  23. Hey Roo,

    We think we may have figured it out as the phone was with Bell and now uses Telus, so the APN might be wrong, but when we went into the Network settings, we only get an ‘on/off’ option – no options to check/change/edit it.

    We went thru the web searching for tools to allow for editing and found one called Supreme Preferences, but when we went to install it, we received a warning of it potentially being unsafe (that and we saw the developer has discontinued support), so we cancelled it.

    then we saw there was a tool called APN editor, but it failed with some ‘half-installed’ error, so we removed it as well.

    Any other ‘safe/working’ tools out there, or is the Supreme Pref okay?

    P.S. I checked and my friend does have a Data plan

  24. Okay,

    Looks like my APN ‘guess’ was right on the money.

    I found a link to a site that showed how to change the APN via a web page (unlockit.co.nz), went thru the prompts to set proper provider – and bam – we’re in business.

    The last piece of the puzzle is to get the notifications to work (i.e. if she gets an email, or Facebook notice). So far I’ve found some links regarding SAM…


    …and something called ‘Mobile Notifier’…


    …so not sure if I’m heading down the right road, but will keep you posted (altho, as always, if you (or anyone) have a ‘guru’ fix/item/comment – please feel free.


  25. Glad you sorted that out. I’m usually more of a nuts and bolts type and would have probably tried to enable the APN settings through hacking the system as per http://www.simonblog.com/2009/09/07/how-to-enable-edgeapn-editing-on-jailbroken-iphone/ – however that link is pretty old, and http://unlockit.co.nz will likely be more current.

    For your next problem, I suspect yes – chasing the “enable push notification” is the right path. The first link looks like what you want – more details here http://www.bingner.com/SAM.html. Here is a friendly looking how-to if the previous link looks too technical: http://maketecheasier.com/hactivate-your-iphone-with-subscriber-artificial-module-sam/2010/12/14

    The second one, pointing at Mobile Notifier is about changing the style of notifications to be more Android like – you don’t need this one.

  26. Thanks Roo,

    I went thru quite a few forums/sites/blogs trying to R&D this (primarily to find what was the [b][u]best[/u][/b] option), so I appreciate the 411’s you listed.

    I’m definitely going to try the SAM link/path, as I like the ”technical’ feel of it (seems to cover exactly what I’m looking for 😉 and post back ASA I have results (good or bad).


    P.S. BTW – that ‘unlockit’ site/tool also puts an APN unlock tool in your menu after it’s run, so for me, that’s a nice touch, especially (like me) if you want to go through the settings for FYI stuff after the fact 😉

  27. Every time I try to jailbreak my friends iPhone 3G fw 4.2.1 redsn0w crashes I’m using the latest version of redsn0w…. Do I have to use a different version of redsn0w?

  28. Hey Habbzzz,

    As per my posts, I had the same phone and issue.

    Found I needed to use 0.9.6rc19, so give that a try (just scroll down the Redsn0w page to find earlier versions)


Leave a Reply

Your email address will not be published. Required fields are marked *