From The Apple Wiki

Geohot's runtime unlock for baseband 05.11.07 (used by the iPhone 3G & iPhone 3GS). blacksn0w exploits the AT+XEMN Heap Overflow, and can be installed via blackra1n or its Cydia repo (


blacksn0w can be installed by adding as a Cydia repository.

If the iPhone was jailbroken with blackra1n, the blackra1n app can install blacksn0w. Run the blackra1n app on the SpringBoard, and tap ra1n to update the app. Load again and choose the 'sn0w' option to install. Commcenter will restart and you will have an unlocked iPhone 3G(S).


  • Source code [Archived 2012-01-18 at the Wayback Machine] - msftguy (Reversed blacksn0w dylib, refactored to support safe mode and work on multiple OS versions.)