is it possible to completely undo the changes done by pwanagetool to the iphone bootloader?

all you would have to do is just switch back the options to thiere default postion and restore to a normal firmware file,no?

but it's still pwned then.... isn't it?

just flash an original firmware file :)

but what is with the modified bootloader?

So, what pwned mean?
what change when the iphone is pwned?

the iPhone PWNED software completely changes the OS bootloader.

i'm not sure about a revirginizing solution... for now...

so then, why do i have to use ipwner the first time i want to use the tool and build firmware due to my needs. i thought that the first initial pwning via ipwner prepares the bootloader for accepting any unsigned firmware. but when i flash an original firmware file from apple, i still have the iphone accept unsigned firmware, right? if right the phone would not be virgin as oob...
please clear things up. thanx!

Ok... when you 'restore' or 'update' using iTunes (originally), you can only use Firmware that uses a special digital signature that tells the iPhone, 'yeah it's from apple, yeah, it's cool'. After you use PWNED, it doesn't really matter if it's signed or not by apple. You can still use the originals if you want, or you can build custom ones, and iTunes (and your iPhone/iTouch), won't know the difference.

Ok... when you 'restore' or 'update' using iTunes (originally), you can only use Firmware that uses a special digital signature that tells the iPhone, 'yeah it's from apple, yeah, it's cool'. After you use PWNED, it doesn't really matter if it's signed or not by apple. You can still use the originals if you want, or you can build custom ones, and iTunes (and your iPhone/iTouch), won't know the difference.

cool, that's exactly what i said. and therefore the iphone is not VIRGIN!

Can I use this tool on an unlocked iphone with iplus 2.0b where I have modified the bootloader with the 3.9 fake blank bootloader or will I have to flash it with an original apple firmware first.

My question from another thread:
Is Neuter=ON in BootNeuter equal to Pwned using PwnageTool?

cool, that's exactly what i said. and therefore the iphone is not VIRGIN!

Exactly. Which is why i said i don't believe that there is a virginizing solution available right now.

I sure won't complain though. :)

Exactly. Which is why i said i don't believe that there is a virginizing solution available right now.

I sure won't complain though. :)

but why is there nowhere stated that it modifies the iphone in a irreversible way. this is somehow just zibri style....

My question from another thread:
Is Neuter=ON in BootNeuter equal to Pwned using PwnageTool?

clever question. i thought of that before. then if neutering is set to off and flashed, the original apple bootloader should be flashed. after a restore with apple firmware the iphone would be oob. but what if not...? can anyone confirm?

If BootNeuter=OFF equal to Depwned, I see what Zf mean when he said it can be reverse just by restore stock FW.

Any dev to confirm this?

hey, i just found his in the wiki!
http://img510.imageshack.us/img510/1945/bild4mf8.png

yes, i read this one, too. but if you can virginize your phone just by turning bootneuter off and restore with apple firmware, then the label on the button in pwnagetool should be altered from iPwner to BootNeuter to make everything clear. at least for my logical understanding as ipwning and bootneutering were 2 different things for me....

The pwning stays until you restore using a regular Apple .ipsw, once you do that the changes to the iPhone boot loader are reversed.

Now, as far as the baseband is concerned, I don't really know but I guess resetting the Neuter switch to Off will revert the changes in the BB bootloader (and therefore relock it unless it was already unlock).

So in short if I'm not making a huge mistake somewhere the process is, in fac, reversable.

yes, i read this one, too. but if you can virginize your phone just by turning bootneuter off and restore with apple firmware, then the label on the button in pwnagetool should be altered from iPwner to BootNeuter to make everything clear. at least for my logical understanding as ipwning and bootneutering were 2 different things for me....
Why should it be changed? Pwning is just the trick you have to do with your Mac (and in the future PC) to alter the bootloader for the first time, it's the only operation you do with the computer.
Neutering happens directly on the iPhone (in fact you can even neuter without pwning first if you upload the app through SSH and run it as root).

Ok... Im not a dev... but after a lot of testing... its just like how if you have a fake blank bootloader, and some FW versions will reset the bootloader. the same here... when you restore to a new firmware it repairs the bootloader

ok, but i thought itunes restore bootloader to version 3.8???

Why should it be changed? Pwning is just the trick you have to do with your Mac (and in the future PC) to alter the bootloader for the first time, it's the only operation you do with the computer.
Neutering happens directly on the iPhone (in fact you can even neuter without pwning first if you upload the app through SSH and run it as root).

exactly. and thats why iPwner is nothing else then BootNeuter, just done with the computer.

ok, we can split hairs and say pwning is the name for bootneutering via computer, but that's not the point. the point is that it has been unclear for me and many others what iPwner does.

if i got nothing wrong from reading here and there: http://www.hackint0sh.org/forum/showpost.php?p=270246&postcount=4
(sorry for double posting with this thread here!)

you can VIRGINIZE your phone to OOTB status simply by restoring with original apple firmware!

ok, but i thought itunes restore bootloader to version 3.8???

this will be the next question. which bootloader will be flashed to the phone when restoring with official apple firmware?:confused:

but since when does itunes flash bootloaders:confused: :eek: :confused:

maybe someone can clear everything up and just tell how pwnage tool works by explainig what iphone software is altered by pwning and neutering and flashing and in which order and so on. why is it so easy to upgrade bootloader from 3.9 to 4.6 now? new exploit found in 3.9?

I think, iPwner just copy/installs Neuter to the iPhone, since it runs after the firmware is loaded into the iPhone, so iPwner doesnt "neuter" the iPhone..

-EDIT-

erased by me

Maybe this would be better with some clarification from the dev team. Would be interested in knowning the mechanics of this. Not every little detail. But an idea of what is doing what.

ok, but i thought itunes restore bootloader to version 3.8???

if you want 3.8bl then use 3.9fb and restore to either 1.1.1 or 1.0.2........

EDit: 1.1.1 and 1.0.0 thanks for catching me on that Z00L

this will be the next question. which bootloader will be flashed to the phone when restoring with official apple firmware?:confused:

but since when does itunes flash bootloaders:confused: :eek: :confused:

maybe someone can clear everything up and just tell how pwnage tool works by explainig what iphone software is altered by pwning and neutering and flashing and in which order and so on. why is it so easy to upgrade bootloader from 3.9 to 4.6 now? new exploit found in 3.9?

Itunes flashes the baseband bootloader if the bootloader is fakeblanked (i.e. itunes sees it as being blanked) and if there is a baseband bootloader file in the ipsw.

As with why it is so easy now, well the bootloader altered by the pwnage tool is the PHONE bootloader not the baseband bootloader, which is what you are referring to when you say bootloader 3.9 or 4.6, and so by altering the phone bootloader to allow unsigned code etc. now the baseband bootloader can be reflashed to any version as the checks have been removed.

And so i am guessing itunes does flash the phone bootloader if it has been modified, but it doesn't flash the baseband bootloader (only in special circumstances- FB bootloader + ipsw with included bootloader files). So this is how restoring to an unmodified apple ipsw undoes the pwning process.

this is just what i have learnt so far, correct me if im wrong,

james

if you want 3.8bl then use 3.9fb and restore to either 1.1.1 or 1.0.2........
Correction...1.1.1 or 1.0.0

:)

When you click the "iPwner" button in PwnageTool, your main s5l8900 bootloader gets pwned. To undo this, use iTunes to restore to a Apple ipsw.

When you neuter using BootNeuter, your S-Gold radio bootloader gets "pwned". To undo this, run BootNeuter again and turn off all options (and pick 3.9 or 4.6 depending on your preference).

Two different CPUs, two different tools. But both the s5l8900 pwnage and S-Gold pwnage are 100% reversible.

So if you restore to stock Apple firmware and then try and install custom firmware it WILL fail unless you use the ipwner again?

Yes, if you restore to stock Apple firmware you lose s5l8900 pwnage and won't be able to use custom ipsw files (until you re-pwn). A restore replaces the hacked s5l8900 bootloader with Apple's (along with all of its signature checking).

This doesn't affect the hacked S-Gold bootloader (unless it's fakeblanked and you restore to certain FW versions). The most straightforward way to make your S-Gold bootloader stock Apple is via BootNeuter itself.

if this is the same dev team that modified the psp, and im pretty sure it is, i have a good idea of what PWNED does.

It is modifying the phone to read firmwares NOT allowed by Apple, at least before using this tool. THIS IS A GOOD THING!!! This can lead to using custom firmwares, which means COMPLETE ACCESS. Why in the world would you want to reverse this change?? To go back to a state where you CANT run custom?! lol Correct me if im wrong...

Benz

if this is the same dev team that modified the psp, and im pretty sure it is, i have a good idea of what PWNED does.

It is modifying the phone to read firmwares NOT allowed by Apple, at least before using this tool. THIS IS A GOOD THING!!! This can lead to using custom firmwares, which means COMPLETE ACCESS. Why in the world would you want to reverse this change?? To go back to a state where you CANT run custom?! lol Correct me if im wrong...

Benz
Most of the time, its good to know if there is a way back to a OTB state.
Cause ie, your battery is dead, and you need apple to change, or your LCD display sttoped working, and others problems with your iphone that needs apple assistance.

So sometimes they ask just to be shure that if something happens with their iphone they can return to apple and get a new one. They wont loose the warranty.

Abras

if i unstand that. i just have to switch all "off" in BootNeuter.app an choos my real bootloader at the top and my iphone is just ike OTB?

How would you like to come in otb state if your batterie or your screen is hs... :-)

If I good understand, to completely reverse the pwnage process :

- Set up your BL in the OTB state with BootNeuter app.
- Restore the phone with an original apple firmware.

That's it..... Easy

to restore BL to OTB i have just to swith neuter off in the BootNeuter.app???

to restore BL to OTB i have just to swith neuter off in the BootNeuter.app???

yes, all options should be set to off then you'll be back to the OTB version.

yes, all options should be set to off then you'll be back to the OTB version.

anyone tried that?

When you click the "iPwner" button in PwnageTool, your main s5l8900 bootloader gets pwned. To undo this, use iTunes to restore to a Apple ipsw.

When you neuter using BootNeuter, your S-Gold radio bootloader gets "pwned". To undo this, run BootNeuter again and turn off all options (and pick 3.9 or 4.6 depending on your preference).

Two different CPUs, two different tools. But both the s5l8900 pwnage and S-Gold pwnage are 100% reversible.

Thanks MuscleNerd for the above statement.
A lot of people are confused because they simply think of bootloader and forgot to distinguish the two.

PWNED = deals with OS bootloader
BootNeuter = deals with BB bootloader

anyone tried that?

yup, working as expected :)

thanks. that's what i want to know.
PS: very good work.

So now can an iphone downgraded to 3.9BL (by ZiPhone), be restored to 4.6BL, and be sent to Apple for repairs without being detected that it was modified?

So now can an iphone downgraded to 3.9BL (by ZiPhone), be restored to 4.6BL, and be sent to Apple for repairs without being detected that it was modified?

yes, just reflash a stock firmware after that and it'll be in OOTB condition

exactly. and thats why iPwner is nothing else then BootNeuter, just done with the computer.

ok, we can split hairs and say pwning is the name for bootneutering via computer, but that's not the point. the point is that it has been unclear for me and many others what iPwner does.

if i got nothing wrong from reading here and there: http://www.hackint0sh.org/forum/showpost.php?p=270246&postcount=4
(sorry for double posting with this thread here!)

you can VIRGINIZE your phone to OOTB status simply by restoring with original apple firmware!
Hardly the same thing, they are different bootloaders residing in different physical places as MuscleNerd explained :)

By the way, can some dev explain one last thing to me?
If a future iPhone update updates the baseband and I want to customize this ipsw and allow it to upgrade it do I have to neuter the BB Bootloader again?
In other words does the BB update via iTunes also reflash the BB bootloader?

When you click the "iPwner" button in PwnageTool, your main s5l8900 bootloader gets pwned. To undo this, use iTunes to restore to a Apple ipsw.

When you neuter using BootNeuter, your S-Gold radio bootloader gets "pwned". To undo this, run BootNeuter again and turn off all options (and pick 3.9 or 4.6 depending on your preference).

Two different CPUs, two different tools. But both the s5l8900 pwnage and S-Gold pwnage are 100% reversible.
Just one thing.

If I want to install Customs Firmwares in my iphone i need both bootloaders pwned right?

For example, i pwned my phone, so now i have my main s5l8900 bootloader and my S-Gold radio bootloader pwned, and installed 1.1.4 Custom with itunes like everyone is doing right now.

So, i decide to restore to an original FW from apple, like stock 1.1.4. Now my main s5l8900 bootloader gets UNpwned right?

But my S-Gold radio bootloader still pwned (cause the only way to UNpwn it is using BootNeuter).

So can i use custom firmware on my iphone this way??Just having the S-Gold radio bootloader pwned?

And the other way? Just having the main s5l8900 pwned, and my S-Gold radio bootloader being 4.6OEM. Can i install a Custom Firmware on it?

Thanks a lot,
I just want to understand the logic of PWNED.
Abras

How I understand it is that you CAN'T have custom firmware if your s5l8900 bootloader gets unpwned... as that removes the security checks that a restore has to pass.

If your s5l8900 bootloader is unpwned by restoring to a normal IPSW then custom firmware installs will fail.

But we know - from people who ran bootneuter on unpwned phones that you can unlock using just bootneuter and pwning the S-Gold.

So you could install custom firmware if your S-Gold was unpwned (but the other was still pwned) but you couldn't unlock/reflash 3.9 up to 4.6BL.

An example of this IS running BN on phones that pwnagetool did not restore.

If your s5l8900 bootloader is not pwned then you can't install firmware but can still unlock etc.

So in order to get back to factory settings yourd have to use bootneuter to turn off the FB/unlock/neuter and relock the phone.

Then restore to an official apple firmware to unpwn the first bootloader.

Just one thing.

If I want to install Customs Firmwares in my iphone i need both bootloaders pwned right?

For example, i pwned my phone, so now i have my main s5l8900 bootloader and my S-Gold radio bootloader pwned, and installed 1.1.4 Custom with itunes like everyone is doing right now.

So, i decide to restore to an original FW from apple, like stock 1.1.4. Now my main s5l8900 bootloader gets UNpwned right?

But my S-Gold radio bootloader still pwned (cause the only way to UNpwn it is using BootNeuter).

So can i use custom firmware on my iphone this way??Just having the S-Gold radio bootloader pwned?

And the other way? Just having the main s5l8900 pwned, and my S-Gold radio bootloader being 4.6OEM. Can i install a Custom Firmware on it?

Thanks a lot,
I just want to understand the logic of PWNED.
Abras

It would seem to me that one must have the s5l8900 pwned to run the unsigned code, only having bootneuter would not work. I look at it this way, think of the BL for the s5l8900 as being the bios, once you have control of this you can kind of do what you want. Of course, it's far more complex than this, but that's the easiest way I can think of putting it. :hack::D

pwnage of s5l8900 bootloader lets you use unsigned/custom ipsw files
pwnage of s-gold bootloader lets you use unsigned/patched baseband

It's probably bad form of me to say "pwnage of s-gold bootloader"...that probably conflates things more than it clarifies them.

It's probably bad form of me to say "pwnage of s-gold bootloader"...that probably conflates things more than it clarifies them.

even worse of you to use such grandiloquence....LOL:D

pwnage of s5l8900 bootloader lets you use unsigned/custom ipsw files
pwnage of s-gold bootloader lets you use unsigned/patched baseband

It's probably bad form of me to say "pwnage of s-gold bootloader"...that probably conflates things more than it clarifies them.
Ok, so i really dont need to patch my BL to run unsigned ipsw right?
The Neuter BootLoader is just so i can unlock furthurs updates in a easy way right?
Thanks a lot,
Abras

Ok, so i really dont need to patch my BL to run unsigned ipsw right?
The Neuter BootLoader is just so i can unlock furthurs updates in a easy way right?


Right, if you're a legit customer with no need to unlock, then there's no need to neuter bootloader.

Or (at least for now), if i have already unlocked my 1.1.4 phone with iLiberty+, or iPlus. Cause now i have a 04.04.05bb unlocked, and if i restore to 1.1.4 ill keep it unlocked. So there is no need to RE-unlock, at least for now. Is there anyway i can PWN my phone without BootNeuter?

And MuscleNerd, congrats to you and all The Dev Team for this amazing job!!!Really, the best part of iPhone is 3rd Party Apps. Steve Jobs should thank you guys, cause you guys manage to make the best device ever created even better.

Abras

Is there anyway i can PWN my phone without BootNeuter?
Yes, because BootNeuter does not Pwn your iPhone, the PwnageTool does.

On a side, Pwning just means your iPhone bootloader (not the BB bootloader) will be able to run unsigned code and therefore you will be able to restore using custom ipsw.
So Pwning != Neutering != restoring with custom ipsw

If you want to Pwn your iPhone so you will be able to restore using your own ipsws in the future you can do it using the PwnageTool (iPwner button).
If what you want is to build a custom ipsw and restore your iPhone with it without unlocking (with BootNeuter) you can create one from PwnageTool and deselect the first checkbox (or even better leave it checked but deselect "Neuter Bootloader").

Hope this clears everything :P

thank you all first for the bunch of answers, that made the whole neutering and pwning stuff very much clearer to a lot of us! :)
often it it just the lack of not understanding and/or knowing the differences between the various instances of the inner iphone processes like os bootloader and bb bootloader.
thanks for clearing this up!

Yes, because BootNeuter does not Pwn your iPhone, the PwnageTool does.

On a side, Pwning just means your iPhone bootloader (not the BB bootloader) will be able to run unsigned code and therefore you will be able to restore using custom ipsw.
So Pwning != Neutering != restoring with custom ipsw

If you want to Pwn your iPhone so you will be able to restore using your own ipsws in the future you can do it using the PwnageTool (iPwner button).
If what you want is to build a custom ipsw and restore your iPhone with it without unlocking (with BootNeuter) you can create one from PwnageTool and deselect the first checkbox (or even better leave it checked but deselect "Neuter Bootloader").

Hope this clears everything :P


does the unlocking process survive a restore with apple firmware?

of course the pwned os bootloader gets replaced but the neutered bootloader should survive this procedure. i understand that BootNeuter app will of course neuter and/or fakeblank my bootloader in any version (4.6 or 3.9) i want to.
if i want an unlock BootNeuter app patches the baseband for me to an unlocked baseband. the before neutered bootloader allows me to run the patched baseband. okay, but the baseband should be replaced too with a restore to official firmware, right? so the unlock would be gone.
i am really not into programming - but can't there be some code placed into the neutered bb bootloader to automatically patch the baseband to unlocked if it's not (and jailbreak and activtate the phone - however this may work inside...)?
that would make the unlock (jailbreak and activation) resistant to official firmware flashes!?

firmware restore does not replace the baseband firmware unless it is newer than the one currently on the phone

firmware restore does not replace the baseband firmware unless it is newer than the one currently on the phone

ok, that does mean a patched baseband in a newer or same version as in the firmware file will NOT be replaced even though it has been altered through the patch, therefore the unlock will survive all yet existing firmware flashes on a 1.1.4 phone...

jailbreak and activation is not done via baseband modification i assume. therefore this will be gone...

yes - this has been discussed many times.
if your baseband say 04.04.05_G is unlocked/patched; when you restored 1.1.4, the baseband remains the same.
If you restore with say 1.2/2.0 the baseband will be replaced hence the unlock is gone. Because of this, you don't want to restore but what you should do is pwned the phone and use ipsw builder to build your custom FW and then restore it with the custom fw.

JB+ACT is done at the OS level and has nothing to do with baseband.

Go back and read the thread from the beginning and you should see MuscleNerd's explanation on 2 CPU and 2 bootloaders....

yes - this has been discussed many times.
if your baseband say 04.04.05_G is unlocked/patched; when you restored 1.1.4, the baseband remains the same.
If you restore with say 1.2/2.0 the baseband will be replaced hence the unlock is gone. Because of this, you don't want to restore but what you should do is pwned the phone and use ipsw builder to build your custom FW and then restore it with the custom fw.

JB+ACT is done at the OS level and has nothing to do with baseband.

Go back and read the thread from the beginning and you should see MuscleNerd's explanation on 2 CPU and 2 bootloaders....

of course i am following this thread closely, since i started it....

i just want to understand some things, sorry for bothering you.

i am not a programmer at all, but just want to know what is done to my phone and waht i do to phones of others as well because they are gonna ask me the same questions, as i am asking you for know. thanks so far. just thought it could be possible to integrate jailbreak and activation on the bb bootloader but probably the file sizes would be to big...

you are not bothering me at all - don't worry.
It's cool to ask questions

Yes, because BootNeuter does not Pwn your iPhone, the PwnageTool does.

On a side, Pwning just means your iPhone bootloader (not the BB bootloader) will be able to run unsigned code and therefore you will be able to restore using custom ipsw.
So Pwning != Neutering != restoring with custom ipsw

If you want to Pwn your iPhone so you will be able to restore using your own ipsws in the future you can do it using the PwnageTool (iPwner button).
If what you want is to build a custom ipsw and restore your iPhone with it without unlocking (with BootNeuter) you can create one from PwnageTool and deselect the first checkbox (or even better leave it checked but deselect "Neuter Bootloader").

Hope this clears everything :P
Ok, i know that. But I think I expressed myself in a wrong way.
PWN, NEUTER and everything i already understand what it is. MuscleNerd already explained here in a very clear way.

What i wanted to ask was, if we can install CUSTOM FIRMWARE(PWNing your phone of course), but without installing BootNeuter. Cause i watched a lot of videos (i dont have a mac) and right after you PWN your phone you go to BootNeuter.

Abras

Ok, i know that. But I think I expressed myself in a wrong way.
PWN, NEUTER and everything i already understand what it is. MuscleNerd already explained here in a very clear way.

What i wanted to ask was, if we can install CUSTOM FIRMWARE(PWNing your phone of course), but without installing BootNeuter. Cause i watched a lot of videos (i dont have a mac) and right after you PWN your phone you go to BootNeuter.

Abras

i think that has already been explained by idarbert.

here you can find a lot of screens that will show you the progress of the tool.
http://iclarified.com/entry/index.php?enid=893

as you can see you don't have to neuter or activate the phone at all! if bootneuter is installed as an app anyway, that i don't know.

http://iclarified.com/images/tutorials/893/4307/4307.png

following is from the original PwnageTool help:


PwnageTool.app - Help

Using IPSW Builder

Once you have loaded an existing original Apple IPSW file that you obtained earlier (using the browse .ipsw button) you are ready to create a custom ipsw, click the "IPSW Builder" button. This will cause a window to appear with a few different selection items, these are listed as following:-

Enable baseband update - Determines if the baseband update should be enabled in the custom ipsw. Only check this button if you wish to update the baseband modem portion of your iPhone. Warming! This may remove previous baseband unlocks or other modifications that have been previously made. If in doubt leave it unchecked.

Neuter bootloader - This will enable "Bootneutering" to the baseband firmware allowing custom firmware to be installed onto the iPhone baseband by convincing the iPhone that it is secure. Arbitrary secpacks and fls files will be accepted when the device is in this state. In order to use these features you will need to locate the two bootloader files. Please note, these files are not shipped with Pwnage Tool.

Under the BootNeuter checkbox will present two new options that are selectable these are -

Updrade to 4.6 NB: Unless you understand this option you should avoid it.
Downgrade to 3.9 NB: Unless you understand this option you should avoid it.

Unlock baseband - This will enable the unlocking of the baseband to all networks using a custom "software unlock" process. This should be used if you plan to use a SIM card from a carrier other than the one provided by your original iPhone carrier.

Activate Phone - This will activate the phone so that it can be used with iTunes. This will bypass the Apple activation process and set the iPhone to be in an Activated state allowing access to the device's functions.

Use Custom Pictures - This option enables the use of custom iPhone graphics to replace the stock images that are used when the phone boots or goes into recovery mode.

---> here an update to the above options



Your iPhone will be jailbreaked with installer even if you DO NOT select any of the above options!
------------------------------------------------------------------------------------------------------


taken from: http://www.hackint0sh.org/forum/showpost.php?p=271320&postcount=4

i think that has already been explained by idarbert.

here you can find a lot of screens that will show you the progress of the tool.
http://iclarified.com/entry/index.php?enid=893

as you can see you don't have to neuter or activate the phone at all! if bootneuter is installed as an app anyway, that i don't know.

http://iclarified.com/images/tutorials/893/4307/4307.png

following is from the original PwnageTool help:


PwnageTool.app - Help

Using IPSW Builder

Once you have loaded an existing original Apple IPSW file that you obtained earlier (using the browse .ipsw button) you are ready to create a custom ipsw, click the "IPSW Builder" button. This will cause a window to appear with a few different selection items, these are listed as following:-

Enable baseband update - Determines if the baseband update should be enabled in the custom ipsw. Only check this button if you wish to update the baseband modem portion of your iPhone. Warming! This may remove previous baseband unlocks or other modifications that have been previously made. If in doubt leave it unchecked.

Neuter bootloader - This will enable "Bootneutering" to the baseband firmware allowing custom firmware to be installed onto the iPhone baseband by convincing the iPhone that it is secure. Arbitrary secpacks and fls files will be accepted when the device is in this state. In order to use these features you will need to locate the two bootloader files. Please note, these files are not shipped with Pwnage Tool.

Under the BootNeuter checkbox will present two new options that are selectable these are -

Updrade to 4.6 NB: Unless you understand this option you should avoid it.
Downgrade to 3.9 NB: Unless you understand this option you should avoid it.

Unlock baseband - This will enable the unlocking of the baseband to all networks using a custom "software unlock" process. This should be used if you plan to use a SIM card from a carrier other than the one provided by your original iPhone carrier.

Activate Phone - This will activate the phone so that it can be used with iTunes. This will bypass the Apple activation process and set the iPhone to be in an Activated state allowing access to the device's functions.

Use Custom Pictures - This option enables the use of custom iPhone graphics to replace the stock images that are used when the phone boots or goes into recovery mode.
Thanks a lot for this explanation,
Abras