Future-proofing the 3GS jailbreak

If there’s one thing we’ve been stressing the last few weeks, it’s that if you want to keep the jailbreak or unlock on your 3GS, you should resist all urges to install Apple’s official firmware updates without knowing if a jailbreak exists for that version yet.  Unless another (different) bootrom exploit is found for the 3GS that doesn’t require a “foot in the door” with a signed official iBoot, then accepting official updates willy-nilly may cause you to be cutoff from the jailbreak.  And it will definitely cause you to be cutoff from the carrier unlock.

Now, there are ways to ensure that even after taking an official 3GS update (which you really shouldn’t do!), that you’ll nonetheless be able to revert to a jailbreakable 3GS (this is NOT true for the unlock, see NOTE #1 below).  We’ve been explaining these methods (like the iTunes /tmp technique) over the last few weeks, and there’s been some great discussion and feedback for the methods in the comments.

Having said all that, we realize that some of you updated your 3GS to 3.1 anyway.  If you want to come back to the world of the jailbreak (but NOT the sim unlock, sorry!) then saurik’s new “on file” server may be able to help.  He’s got all the details in a new article so do check it out.

Even if you did not update your 3GS to official 3.1 (good job!  You really shouldn’t do that!), then you should still read the article and make those changes today.  We fully recommend redirecting your iTunes signing process through saurik’s “on file” server to future-proof your 3GS jailbreak through all future updates.

NOTE #1: the carrier sim unlock is a different story.  Jailbreaking and unlocking have two different security mechanisms, and if you update your 3GS (or 3G) to 3.1, you will lose your carrier unlock, possibly forever.  Even if you downgrade from 3.1 to 3.0, you will have lost your carrier unlock.  So if you think you’ll ever want to carrier unlock your 3G or 3GS (or maybe give it away or resell it later as an unlockable iPhone), then please stay clear of all official Apple IPSWs.  You’ll soon be able to create custom 3.1 IPSWs using PwnageTool that let you pre-hack your 3.1 update in a way that preserves the carrier unlock.

NOTE #2: The custom IPSW flow using PwnageTool also ensures that even if Apple fixes all the iBoot holes, you’ll still be able to retain your jailbreak through later updates.  That’s because a jailbroken iPhone will happily accept a custom (pre-jailbroken) firmware update even though it’s not blessed with Apples signatures.  This is the “once jailbroken, always jailbroken” approach.  It’s very powerful, but it requires you to only update to pre-hacked IPSWs.

NOTE #3: None of this applies if you have an iPhone 2G, iPod touch 1G, or iPod touch 2G.  The iPhone 3G is also unaffected by Apple’s signing process for the jailbreak, but it is susceptible to permanent loss of the carrier unlock as mentioned in note #1.

via iphone dev team blog