Here is a working winpwn 2.0 guide updated to include 2.0.1 firmware. Here is what you need:

1) Winpwn 2.0.0.4 or newer.
2) iTunes 7.7 or newer.
3) Boot images for 3.9 and 4.6.
4)  The proper restore file. Get your 2g restore image or 3g restore image.

Let’s get started.

Step 1: Install winpwn, iTunes, and extract your restore images and bootloaders to your desktop. Note: if you have a previous copy of winpwn installed, uninstall it before installing the new one.

Step 2:  Connect your iPhone to your PC and load up winpwn. You will see this screen:

Step 3: Winpwn will not allow you to do anything without selecting a firmware image. So, click “Browse .ipsw” button and select your firmware image from your desktop. Note: winpwn will determine if you have an iPod, an iPhone 3g, or an iPhone 2g based off the firmware image you select and downloaded. So make sure you got the correct image. 2g and 3g iPhones have different firmwares!

Step 4: Next, we need to build the iPhone software image. Click “IPSW Builder” and you will be presented with some screens. Start on the Applications tab. On this screen you must select “Install Cydia”. If you need youtube patched then select also “YouTube activation fix”. You do not need to select this if you have a contract carrier such as AT&T. As far as installer goes, feel fee to select it if you want. But do not select installer instead of Cydia. Cydia has all the apps. Installer does not and installer is still very beta as of August 9, 2008 and contains virtually no packages to install. If you select installer, also select Cydia.

Step 5: Click the custom images tab. Here you can select custom boot images if you care to. This is optional.

Step 6: Click the custom payload tab. Here you can select some payloads in .tar format. At this time there are a couple built in payloads so there is nothing to do here. If you make your own payloads for packages you can select them here. So we are skipping this screen.

Step 7: Click Advanced tab. This is a critical tab. If you have a contract carrier such as AT&T you do not need to unlock. So you must make sure everything is unchecked here. Again, if you have a contract carrier, select nothing here! If you do not have a contract carrier, you will need to use this to configure activation and unlocking. Check activate phone, Enable Baseband Update, Unlock Baseband, Autodelete Bootneuter.app. Click the two bootloader file buttons and browse for your 3.9 and 4.6 firmware we downloaded at the start of this guide. Your finished screen needs to look something like this:

Note: If you are activating here by checking the “activate iphone” you should also patch youtube on the first applications screen.

Step 8: Partition resizer. Here is the partition resizer screen. With the current version fo Winpwn, move this to 550 mb. The extra packages will fill the root partition before Cydia gets to run and move things about. Do not make it any larger though because Cydia moves your apps around properly to the larger partition so if you resize this larger here you are just losing space.

Step 9: Build the custom IPSW. Click “Build .ipsw” at the bottom of the window. Note: save your file to some place sensible so you can find it. The default location is going to be hard to find. Try your documents or your desktop. Winpwn will crank away and finally you will see the success box:

Step 10: Note: if you are currently pwned, (phone boots with custom logo still) you can skip to step 12 and restore with the image you just made. Doing this step will not hurt but is not required for you.

Back to the main screen, select iPwner. This will ask you to select your custom firmware we just built in step 8. So select that file.

You will get a success message and you are done with winpwn!

Step 11: Get your phone into DFU mode. You cannot use any tools to do this. It must be hardware DFU mode only done by pressing the buttons on your device. Use my guide here for the steps. This works on every device so keep trying if you are having problems.

Step 12: While in DFU mode, load iTunes 7.7, and restore using shift-restore. Load the custom firmware image we made. And after about 10-15 minutes you are done. If you are having problems with iTunes or getting errors consult my restore guide. Note: if your device was already pwned and you are just upgrading, you do not need DFU mode. Normal recovery mode may work fine. You should try either one and if you have problems try the other.

Troubleshooting:

If you are getting errors in iTunes less than 20 you are not in DFU mode. Refer to my DFU guide.

If you are getting 160x errors (1600, 1601, 1602, 1604) you may have used the wrong firmware image for your device.  Make sure you got the correct image for your 2g or 3g phone. They are not the same. For help on iTunes errors refer to my restore guide.

If you are using winpwn version earlier than 2.0.0.3 you may see 160x errors.

If the last tab only lets you select activate, (step 7) you probably loaded the 3g firmware image. iPhone 3g cannot be unlocked at this time. If you have 2g, you loaded the wrong firmware image to start.

If you have no signal on a contract carrier (AT&T for example), you probably activated but did not unlock (checked the activate box on step 7). If you do not have a contract carrier, you need to unlock. Redo the steps again making sure not to make this mistake.

If your mail crashes after you sync your backup, use BossPrefs, more, fix user dir permissions.

If iTunes will not stop asking you if you want to restore your backup, see this.

If you guys have been visiting iPhone Dev Team you have notice that they are very close on releasing the jailbreak/unlock for 2.0.  While they don’t have 3G working at the moment the release should be very helpful for all of us with 1st generation iPhone’s.  Soon we will have installer and the App Store together. Keep it on here for new updates as we will keep you up to date with the Dev Team… 

2.0 can be manually downloaded and installed. But do not do it! I tried it on my test phone and it seems to be permanently updated. You will need to wait for dev team and pwn 2.0 as a straight upgrade may be a one-way street. Understand that there is a difference between pwning 2.0 and updating to 2.0. Your pwning would start in 1.1.4.

Using common download procedures, DFU mode results in error 1600 and restore mode in error 20. No downgrade occuring.

Update: I have managed to downgrade successfully thanks to Geeb and Crumpx. I have added a guide to do the downgrade in the guides section.

The dev-team released the OSX version of the pwnage tool.

From the dev-team’s site:

The “DevTeam” would like to announce the release of the OS X version of the PwnageTool application.

The team (and especially Wizdaz) have been working hard to bring you this release in as short a time as possible.

The plan (4 weeks ago) was to release a Mac tool only. This was decided because of the lack of reliable Mac filesystem tools on Windows, and the fact that the task of porting them would be too time consuming.

With that in mind the genius that is “cmw” stepped up to the plate and offered his services to the DevTeam. He proposed to provide a tool that would give the same functionality and User Interface as the Mac tool.

cmw has done an almost unthinkable task and ported the almost complete Pwnage Tool to Windows in a little under a week, and we would like to thank him for this unbelievable work. He is currently in the final test stages and hopefully this should be finished within the next 24 hours (but even he needs sleep and family time occasionally!) We’ll post a link as soon as the testing has finished.

Windows version due shortly, guide will be added later. Download from here.

iLiberty+ is out! This is a combination of iLiberty and iPlus. It has a nice GUI and has some nice extras beyond just jailbreak and unlock. Included are some special options to boot phone from recovery and put phone into DFU mode.

This is the best jailbreak option out in my opinion!

I have posted an iLiberty+ Guide in the Guides section. Check it out.

There are so many ways to jailbreak your 1.1.4 iPhone: Ziphone, iPlus, iLiberty, Independence. Which is the best method? Which is the safest? I’ll try to analyze each of these methods and make some recommendations:

Ziphone

This is the first method that was released. It runs on both OSX and Windows, and it generally works. But be warned many people have had problems with it, and when you do have a problem, you probably cannot recover. Phone brick rate is relatively high using this method. This happens often enough that it now has a term, “You’ve been Ziphone’d”. Not good. In general, I cannot recommend using it. (Note: Zibri has a help channel dedicated for Ziphone assistance, but those that join to ask for help usually get banned).

Unfortunately, it’s impossible to discuss this method without discussing a bit about Zibri, its author. Zibri was a member of the dev team who was against the dev team taking donations. At some point he left the dev team and formed the iPhone elite. He opened his site at iPhone elite. Their motto: “Monetary contributions are not accepted. If you have money you want to donate, please donate it to a good charity.” When 1.1.3 came out, the elite team and dev team remerged and worked together to discover several exploits, but agreed to not release these exploits so that Apple won’t quickly patch them. Zibri left the dev team and released the best exploit himself and put up his site very heavy on taking donations. Unfortunately, the exploit really was not his, and now he’s all about taking in money.

Still, the exploit works. The problem lies within Zibri himself. He is not a SW developer and admits that writing code is not his thing. He has corrected numerous versions due to “typos” as he says. His app Ziphone is able to change the IMEI which is dangerous as well as downgrade the bootloader, which, if the proces fails is currently unfixable. I recommend staying away from Ziphone.

Independence

Independence works well but only runs on OSX. If you have a MAC, this is a good option for you. The software has been around forever, is open source, and is written by Planetbeing who is a well known respectable developer. If you have a MAC, this is a good option for you. The only issue here is that installer may not come as part of the 1.1.4 jailbreak meaning you have to follow manual steps to install it.

iPlus

iPlus is probably the best method out there. iPlus runs on both Windows and OSX and has been written by another reputable developer, Arnaldo Viega (Aviegas). If I have to jailbreak an iPhone, this is the method I would use. In addition to being stable, iPlus supports payload files. It comes with a payload file that adds bsd subsystem, term, installer, and moves fonts to free up plenty of disk space for installing apps. It even provides some app fixes! Fantastic! But you can create your own custom payload files, download payload files for foreign languages, and other things. The possbilities are endless. iPlus is going to get even better because it’s merging with iLiberty. I recommend using iPlus.

One more major advantage for iPlus, because it uses a fake bootloader to unlock, it is totally reversable unlike Ziphone. That means if something goes wrong you can just restore to 1.1.4 and start again and no harm done. This is a huge advantage!

For a tutorial on how to jailbreak and/or unlock your iPhone, see my jailbreak guide in the guides section.

Here is some general terminology you may hear in reference to iPhone hacking. People often confuse these terms so I will attempt to help clarify them:

Unlocking vs Jailbreaking - Jailbreaking is the process of opening the phone up for installation of 3rd party apps. Unlocking is the process of allowing non-approved SIM cards to be used on your phone. If you have an approved provider, you only need to jailbreak your phone, not unlock your phone.

Activate - The iPhone has two levels of SIM card protection. The first is in the baseband and requires some form of unlock to bypass. The second is in the operating system and requires either iTunes or a hacked lockdownd (hactivation) in order to bypass. Most jailbreak methods will also hacktivate your phone for you to bypass activation. When the phone comes from Apple, it has on it only the option to slide for emergency call. Activating your phone will allow you to see the icons on the home screen. Activation is required for any form of unlocking.

Baseband - The baseband is a subsystem on the phone that handles phone line communication. Modifying this subsystem is how unlocks are achieved. These are updated in iTunes with new firmware versions. iTunes will not downgrade your baseband. Baseband versions are like 4.01.13_G (1.1.1) 4.03.13_G (1.1.3). Currently, an iTunes restore will not modify your baseband unless your baseband is erased or downgraded prior to the restore.

Bootloader - The bootloader is the first thing that runs on the phone. The bootloader is not upgraded by iTunes (yet). Phones have the same bootloader that they came with. There are two shipping bootloaders, 3.9 and 4.6 (out of box 1.1.2 and newer). The bootloader can be downgraded using hacking methods. It is risky downgrading your bootloader because of something goes wrong, you cannot repair it (at the time of this writing).

Firmware - The firmware is the operating system installed on your phone. The firmware versions include 1.0.2, 1.1.1, 1.1.2, 1.1.3, 1.1.4. All jailbreaking only affects the firmware, not the bootloader or baseband. This is why restoring will undo a jailbreak but will not affect an unlock.

Restore / Upgrade - iTunes provides two options to change the firmware on your phone. Restore and upgrade. Restore is a full erase and reprogramming of your device. This will result in a factory fresh device. All songs and contacts are wiped out. Upgrade will only wipe out the smaller disk partition leaving all your songs and settings intact. Upgrade is only useful if you are trying to go from one version to the next version of firmware. It will not solve any problems on your phone unless they are naturally solved by the new firmware. I generally recommend using restore in all cases.

TurboSIM, Hypercard, X-Sim, StealthSIM - These devices tricked the phone’s baseband into thinking that an authorized SIM card was inserted. In effect, the phone appeared unlocked. These devices no longer work on newer phones.

DFU Mode vs Restore mode - DFU (device firmware upgrade) mode is a special mode that bypasses the operating system and lets you upgrade the device. When in DFU mode, the phone will have no display on the screen. Restore mode is more common. In this mode you can also restore or upgrade your device, but it is not as drastic as DFU mode. Many restore problems can be solved by using DFU mode.