HACKSTOR: [How-To] Jailbreak iPhone 3GS / iPod Touch 2G (MC) / 3G FW 4.0 using iBooty [Windows] *Update*

Update : iBooty has been updated to v1.6 ! Added a video tutorial.

iH8sn0w has just updated his software iBooty, avoiding you to use libusb.
Here is a new guide quite complex to jailbreak your iOS 4 for iPhone 3GS new iBoot, iPod Touch 2G (MC) and 3G.
But this models MUST be with firmware 3.1.2 only !

You must have your ShSh blobs signed for 3.1.2 to downgrade if you have FW 4.0You will create a custom iOS 4 with Sn0wbreeze v1.7 and install with iTunes and iBooty

iPhone 3GS new iBoot, iPod Touch 2G (MC) and 3G.
Firmware 3.1.2
Windows only.
Sn0wbreeze v.1.7
iBooty 1.6
Payload Pwner-r6
Firmwares
iTunes 9.2

Pwning iBoot

Extract Payload Pwner-r4.1 with 7-zip.

Choose your model.

Choose Firmware 3.1.2

Pwner must create a file PAYLOAD and you must put it in the same folder as iBooty.exe

Create your Custom iOS 4

Disable NOR Flash must be ticked
Then tick options you need!

The creation of the custom firmware is still the same as this guide.

Your custom iOS 4 is created and is located on the desktop of your PC.

iBooty

Download iBooty and extract it into a folder.
Unzip with 7-zip your custom iOS 4 created previously.
Put kernelcache in the same folder as ibooty.exe
Also for IBEC located in « Firmware \ DFU ».
And for DeviceTree located in « Firmware \ all_flash all_flash.n88ap.production \ \ DeviceTree.n88ap

Rename Kernel 4.0-Custom to kernel.40
Rename iBEC 4.0-Custom to ibec.40
Rename DeviceTree 4.0-Custom to devtree.40

Then you must have in the folder iBooty :
- iboot.payload – Created by Payload Pwner.
- devtree.40 – extracted from Custom iOS4 done with Sn0wbreeze.
- ibec.40 – created with Payload Pwner.
- bspatch.exe - included in iBooty.
- iBooty.exe - included in iBooty.
- kernel.40 – extracted from Custom iOS4 done with Sn0wbreeze.
- sn0w.img3 – included in iBooty.
- wait.img3 – included in iBooty.