Jailbreak iPhone 3GS iOS 4 New Bootrom on Mac

Earlier we covered the Windows version of Jailbreak of iPhone 3GS on iOS 4.0 New Bootrom of the same but thanks to the hackers, the Mac version is also available and hence we would like to share it with our readers. As we said earlier, this process involves a lot of steps and hence recommended for advance users. Moreover, you have to re jailbreak every time you start your iPhone once it has been turned off, either by user or because of battery going down. This is because its not a complete Jailbreak but a tethered jailbreak. You will need a iPhone 3GS (with new bootrom) on iOS 4, which has SHSH blobs saved for iPhone 3.1.2. You can find other requirements here in our previous post here.

Jailbreak your iPhone 3GS (with new bootrom) on iOS 4 for Mac

Pwning 4.0 on New Bootrom 3G[S] w/3.1.2 SHSH Blobs [Mac]

Credits to iH8sn0w. Thanks to lilstevie for help.
Required:
libusb-1.0
xpwntool
iOS 3.1.2, 4.0
iOS 3.1.2 SHSH blobs
Download this (http://www.mediafire.com/?mmn1nnjlqoy)
STEP 1 : Grabbing your 3.1.2 iBSS file.
Pointing your hosts :
I : If you have your shsh blobs saved on Cydia/Saurik’s server then follow this tutorial. — http://saurik.com/id/12
II : If you have it saved with TinyUmbrella, then download the GUI here. — http://thefirmwareumbrella.blogspot.com/
——-
Restoring to grab the iBSS file.
I : Place your device in DFU.
II : Start up the iBSS/iBEC grabber.
III : Put the save folder on a new folder on your desktop.
IV : Hit “Start Monitoring”.
V : Now go back to iTunes and do SHIFT + Restore. Then browse for your 3.1.2 IPSW. You will need to restore
to 3.1.2 in order to pwn 4.0.
STEP 2: Creating your custom firmware
Use Pwanage Tool (blog.iphone-dev.org) to create a custom ipsw ignore the warnings about the new bootrom.
STEP 3:
Extract the zip file we downloaded earlier and use terminal to enter it
STEP 4:
Create a new folder inside this called 3.1.2 and extract your 3.1.2 ipsw here (unzip *.ipsw in terminal)
STEP 5:
Use xpwntool to patch iBoot & iBSS (run this in terminal)

xpwntool Firmware/dfu/iBSS.n88ap.RELEASE.dfu ibss.d -iv 41639d34547ae3dd7921bf3539dba529 -k 9121de4a038675d92e1a28683b2138b7a3bdb80994273d090398051c7f5af53c; bspatch ibss.d ../exploitibss312 ../ibss.patch; xpwntool Firmware/all_flash/all_flash.n88ap.production/iBoot.n88ap.RELEASE.img3 iboot.d -iv 127aa60e77da219961ee70707f44cbd4 -k c72ab4aae971f3a9ec356dfe555e4aef72d8e96c480698445ac236904e6a3443; bspatch iboot.d ../iboot.payload ../iboot.patch; cd ..; rm -rf 3.1.2

STEP 6:
Create a folder called 4.0_cust inside 4.0_pwn and enter it with terminal and copy your custom 4.0 ipsw here.
STEP 7:
Extract your custom ipsw (unzip *.zip)
STEP 8:
Run the following in terminal:

cp kernelcache.release.n88 ../kcache.40; cp Firmware/dfu/iBEC.n88ap.RELEASE.dfu ../iBEC.40; cd ..;

STEP 9:
Copy your signed iBSS from earlier into 4.0_pwn
STEP 10:
Place your device in dfu mode (power home for 10 seconds, release power keep holding home (blank screen and itunes asking to restore).
STEP 11:
Run the following in terminal:

./irecovery -u ibss312.dfu; ./irecovery -r; sleep 10; ./irecovery -e exploitibss312; ./irecovery -u iBEC.40; ./irecovery -c go; sleep 10; ./irecovery -u sn0w.img3; ./irecovery -c “setpicture 0″; ./irecovery -c “bgcolor 1 1 1″;

STEP 12:
Restore your custom 4.0 ipsw
Booting your device:
Run the following in terminal (once in the 4.0_pwn directory):

./irecovery -u ibss312.dfu; ./irecovery -r; sleep 10; ./irecovery -e exploitibss312; ./irecovery -u iBEC.40; ./irecovery -c go; sleep 10; ./irecovery -u sn0w.img3; ./irecovery -c “setpicture 0″; ./irecovery -c “bgcolor 1 1 1″; ./irecovery -u kcache.40; ./irecovery -c bootx;

iTunes will detect your device several times before it boots.
PS: When i wake up i will write a script to automate most of this.