UPDATE: Please take a look at the new jailbreak/activation tool, check This Article.
Every methods on the net claims that to jailbreak a 1.1.2, a 1.1.1 jailbroken iPhone is required. However, this is not true. You may also prepare from a 1.0.2 jailbroken iPhone. Following is the way I used to achieve this.
First, you must have a jailbroken 1.0.2 iPhone which has BSD Subsystem and OpenSSH installed. Installer must be installed.
Secondarily, you need an Intel Mac to deal with the DMG file.
1. Prepare your 1.0.2 for upgrading. Enter the following command through SSH shell:
cd /var/root/Media mknod rawdisk c 14 1
Since the upgrading will not overwrite the user’s data, so the above rawdisk will survive after an upgrading.
2. Remove all the installed packages from Installer. If you leave some packages while upgrading, the Installer may not work after the upgrading. So make sure to uninstall all packages before upgrading.
3. Upgrade to 1.1.2. Don’t use the restore button, use Update button. You may have to Shift-Click (or Option-Click on Mac) to choose the 1.1.2 firmware because as of the time this article is written, the 1.1.2 update is not available in iTunes update list.
Get the RootFS
4. Now the tricky part, we need to jailbreak 1.1.2 manually. You need iPHUC to do this. Get a copy of iPHUC, start iPHUC, and enter the following command:
getfile rawdisk iphonefs/rootfs112.dmg 314572800
The above command takes about 5 minutes to finish,when it’s done, you have a mountable rootfs112.DMG of the 1.1.2’s root filesystem in folder ‘iphonefs’.
5. Modify the rootfs. Use an Intel Mac to mount the rootfs you get in the previous step. Then make the following changes:
Edit etc/fstab, change ‘ro’ to ‘rw’ for /dev/disk0s1, remove the ‘noexec’ option from /dev/disk0s2, so the modified fstab looks like this:
/dev/disk0s1 / hfs rw 0 1 /dev/disk0s2 /private/var hfs rw 0 2
Copy the needed files to the Applications folder (on the mounted rootfs). The Installer.app is probably the must-have so copy it to Applications folder (make sure it has the right permission).
Since there’s no patched lockdownd for 1.1.2 yet, you need to copy the 1.1.1 patched lockdownd (1.1.1 Lockdownd Patched) into usr/libexec to overwrite the 1.1.2 original one (back it up before doing so).
UPDATE: the new patched lockdownd is here: 1.1.2 Lockdownd Patched
The modification is done, you’re ready to jailbreak 1.1.2.
6. Start iPHUC, and enter the following command:
putfile iphonefs/rootfs112.dmg rawdisk
Give it one minute or so to complete. Once the putfile is done, your 1.1.2 iPhone has been jailbroken. Reboot to show the SpringBoard.
Installer Not Work?
If the Installer doesn’t work after the upgrading, this may be due to the wrong local installer database files. Download the Required Plist Files, extract it and use iPHUC to upload all files to:
The Installer should now work as usual.
With modem 04.02.13_G (bootloader 3.9), you have to use anySIM 1.2.1u to unlock it. This revision is not from Dev Team, but from Elite Team, so it’s not ‘official’.
To run anySIM 1.2.1u on 1.1.2, you MUST turn on Airplane mode, otherwise the application will crash for sure. Once it’s done, just insert your SIM and enjoy your new 1.1.2!