This is a tutorial that i just used to get my ipod into the run rs state using windows. There is a small portion of manual work with iRecovery, but its copy/paste, so no worries. You will need the following programs: Redtool 99.5 (can be found here: http://www.[PIRACY.mf].com/?0yfyz0tno5w) "iRecovery" + "libsub" C++ Redistribution (google it.) 2.1.1 Original IPSW 2.2.1 Original IPSW All of these except the c++ and Redtool can be found here: http://www.ifans.com/forums/showthread.php?t=137796 This so far only works with a full restore. i haven't tried it yet with the "FLASH NOR ONLY" feature of Redtool... Credit Goes to: Chris Stroud (redtool), iCrap (for the second half of the tutorial), the iPhone Dev team and MuscleNerd (for finding this exploit and stuff in the first place!) now that formalities are out of the way... ON TO THE FUN! 1) Assuming you have downloaded all the above files... put your ipod into DFU mode. (power + home for 10 "enunciated Mississippi" seconds.. then hold just home until itunes pops up and says "IPOD IN RECOVERY!!! BWAAH!") 2) open up RedTool 99.5 3) select "Begin Jailbreak Process". its the bottom button of the 2... 4) Now browse for your 2.1.1 IPSW, and let the program hash it. then do the same for the 2.2.1 IPSW and let it hash.. then select to install cydia, and you can do installer if you would like (i didn't since i don't use it). 5) Click "Build IPSW" 6) NOW BE PATIENT! this will take a little bit. just leave your computer and go chill.. don't do anything to take up CPU and make it go any slower than it has to. 7) when it is done, you will be brought to a screen with 3 buttons. a) button 1: used to apply the redsn0w patch. b) a useless inactive continue button c) some other useless inactive button... click the first one.. thats important... now let the program go and apply the redsn0w patch.. this is the equivalent to typing the arm7_stop commands... 8) when that is done, iTunes will pop up and say "IPOD IN RECOVERY BWAAH!!!" ok thats fine and good. do a SHIFT+Restore and go to your desktop. find the custom FW named "Redtool Custom". it is named this by default. click that and let the ipod restore. 9) when thats all done, itunes will say "ipod is restoring to factory settings.. etc etc.." but then BAM! itunes picks it up again in recovery mode, but now u have the "Connect to iTunes" logo on your ipod.. DON'T FREAK! thats a good thing. now just go back to Redtool, click continue, and the close it... YES i know that it has a booter there, but it doesn't do its job.. at least not for the first reboot. so for now close it. 10) open up a cmd prompt. and change directories to your iRecovery_SVN folder. hopefully u know how to do that. (if not, check out this http://www.ifans.com/forums/showthread.php?t=137796. it has exactly what to type in step 8 if you are using vista, and if u using XP, then the root will be different and the root is in step 5). 11) once you are there, type the following Code: iRecovery -s 12) now... this next part is crucial. you need to run these codes INDIVIUALLY!!! if you run them all at once, it isn't as safe.. so DON'T! Code: setenv rs "arm7_stop;mw 0x9000000 0xe59f3014;mw 0x9000004 0xe3a02a02;mw 0x9000008 0xe1c323b4;run rs1" setenv rs1 "mw 0x900000c 0xe59f300c;mw 0x9000010 0xe3e02000;mw 0x9000014 0xe503223f;run rs2" setenv rs2 "mw 0x9000018 0xeafffffe;mw 0x900001c 0x0ff1a100;mw 0x9000020 0x0ff2afff;arm7_go;run rs3" setenv rs3 "sha1 0x8000000 0x3000000;arm7_stop;mw 0xff006d4 0x21906943;mw 0xff006d8 0x68da6898;run rs4" setenv rs4 "mw 0xff006dc 0x9300699b;mw 0xff006e0 0x69c40509;mw 0xff006e4 0x47a02300;run rs5" setenv rs5 "mw 0xff006e8 0xf0002000;mw 0xff006ec 0xe002fde3;tsys" saveenv now by one at a time, i mean each time it says setenv, that is a line... now the easiest and quickest way to do this is to copy each line, and then in ur cmd prompt, right click, then paste. you WILL hit enter after the FIRST cmd. iRecovery will automatically hit enter for you after that. 13) now type in this Code: run rs and now your ipod should be booting! Congrats, your ipod is now 8-bytes away from booting into a jailbroken state on its own! -------------------------------------------------------------------------- a small side note! *When your ipod tries to reboot now, it automatically goes into Recovery mode, which is nice... so no more need to do the buttons! YAY!!!! You can use Redtool to reboot your ipod if need be, but u can also use irecovery. if u use redtool, just hit the top button when u open it.. (DO NOT click boot as original tethered) IF u decide to use iRecovery, all u need to type is this. Assuming your in the iRecovery_SVN directory already... first type Code: iRecovery -s NOW!!! irecovery will bring up a LOT of words saying stuff like "NAND failed initiation" and "boolsignature found false" and stuff. don't freak out.. its ok. when the " <iRecovery> iPhone$ " pops up, then type Code: run rs a WHOLE LOTTA code will flash before your very eyes and... VIOLA! your ipod is now booting up! if u go back afterward and check what code flashed up, it is the code that u had typed in earlier... all that "setenv" mumbo jumbo. the stuff after that.. the numbers and mw stuff.. yeah all that... IF you install winterboard.. you are going to have to reboot, so just use one of these methods. So i hope that this helped you all out. this is a n00b proof guide.. so yeah.. get workin guys! Please Register or Log in to view images THANKS FOR READING!