Updated June 2, 2010.

Note: Pwnage is MAC only. Pwnage does not work on the following devices:

iPhone 3gs later than week 40 2009 manufacturing date (look at your serial number. Digit 3 is the year, digits 4 and 5 are the weeks. xx940xxxxxx serial means 2009 week 40. xx002xxxx means 2010 week 2.

iPod touch 2nd/3rd generation devices cannot be pwned currently.

Use spirit for the above devices.

Pwnage 3.1.5 is out. This guide is for the MAC version of pwnage. Here are the steps to pwning your phone. Pwnage for the MAC can be downloaded from here. The required bootloader files can be found here.

Step 1: If your firmware is lower than 1.1.4 or you have not jailbroken your device before, restore a fresh 3.1.2 (or 3.1.3 for 2g users). If you are already at 3.1.2 or you have already pwned or jailbroken your device on an older firmware, this is not necessary. You can follow the restore guide for help on restoring in iTunes. Note: you may see “Preparing iPhone software for restore” for a very long time. Could be 10 minutes. This is normal. Don’t panic and stick with it. Note 2: If you get error 1600 you may try restore mode instead of DFU mode. It can be finicky. Try going back and forth from restore to DFU mode.

Step 2: Install the pwnage from the DMG by dragging it to your applications folder. Extract the rar file for the bootloaders and put that in your Documents folder. Load up the pwnage tool. You will see this screen so click away the warning. Note: some folks having problems loading the pwnage tool and the icon just sits there bouncing. You may try clearing your cache by deleting the {your name}/Library/Caches folder and/or /Library/Caches and reboot. You may also try booting into safe mode.

Step 3: At the top, select “Simple Mode” and click the phone or iPod that matches your device.

Step 4: Select the firmware you used to restore your phone in step 1 and click the blue next arrow.

Step 5: (2g unlockers only. 3g/3gs/ipod skips to step 7) Select your bootloaders that you downloaded from step #1. You will be presented a screen asking you if you wish to search the web for the bootloaders. Select NO.

Step 5a: Now select YES you wish to browse for the 3.9 bootloader.

Step 6: Repeat steps 5 for the 4.6 bootloader files.

Step 7: You will be prompted to create a custom FW image now. Select YES unless you have already done so in which case you can select NO. For first time users select YES. If you select NO, you will skip to step 10.

Step 8: You are asked “Are you legit iPhone”. This means do you need to unlock and activate (NO) or do you have a contract carrier like AT&T (YES). Select NO to unlock, YES to not unlock. (Note: if you do not unlock and you do not have a contract carrier, you will be stuck at connect to iTunes screen and will need to repeat this tutorial again). Note: on 2.0.2, this asks if you have a valid contract instead. The premise is the same. If you have a 3g you always want to say “yes” to this since there is no way to unlock. The exception is if you are intending to use a sim adapter.

Step 9: Wait for custom IPSW / custom restore image to be generated. This takes a few minutes. Also, be prepared to enter your password as part of the process.

Step 10: If your iPhone has been pwned before, say YES. Otherwise say NO. Note: if you have restored a generic image, you should say NO. Only say yes if you have pwned and your iPhone boots with the pineapple or custom boot image. If you pwned 1.1.4 or higher or are already jailbroken, you do not have to pwn again. This will pwn your phone. There is no harm in pwning your phone again, so if you’re in doubt go ahead and say NO.  Note: if you say “YES” skip to step 13.

Step 11: You are now instructed how to get into DFU mode. These steps are identical to my steps here. Follow the steps and you will be fine. If you get lost or behind just click my link and do it manually. Remember, DFU mode means you will not see anything on your iPhone screen. It will appear as it if is turned off but the computer will see the phone. Note: if you have a new macbook released in 4th quarter 2008, you probably cannot get into DFU mode as Apple prevents this. You have some the easiest is to hook your iPhone to a USB hub and plug that into the mac.  The same occurs if you’ve updated to Leopard 10.5.6. You can also try to replace  adriver, IOUSBFamily.kext with one from 10.5.5 (instructions to do this are beyond scope of this tutorial).

Step 12: Restore your custom firmware in iTunes. Remember you need to use Option-Restore to select your custom firmware file.

Step 13: Wait for iTunes to finish its restore. This takes a while. Be patient.

Step 14: If you selected “NO” to a legit phone, wait for bootneuter to run and do its thing.

Congratulations. You have a freshly pwned phone. Enjoy Cydia. For a recommendation on what to install, check out this.