After Matt’s great tip on longer passcodes for your iPhone, I thought I’d follow up with the risks associated with the false sense of security that this could give you. To illustrate this, I have set a passcode on my phone (1234). I’m going to remove that passcode without ever having entered it. That’s right, I can take your passcoded iPhone and remove the passcode while retaining all of your data.
The process is actually pretty simple. You will need a few of tools that can be found easily on the internet. First up is redsn0w. Redsn0w is a tool created by the iPhone dev-team. Next up is an open source program called iPhoneBrowser. Lastly we need an SQLite browser/editor from here. Now we’re going to move along pretty quick here, so try and keep up:
1. After installing both programs, start up iPhoneBrowser with the iPhone in question plugged in. In the status bar at the bottom it will tell you if the iPhone in question is Jailbroken. If it is, we can skip step 5.
2. Exit iPhoneBrowser. Now, we need to get the correct firmware to Jailbreak this iPhone. Most people are now on 3.0, but you can get a complete list of firmware revisions per device here.
3. After getting the correct firmware (I leave it up to the reader to figure this out), open up redsn0w. You have to tell it where the ipsw firmware file is that you downloaded. Next it will tell you to turn off the phone while it is plugged into the PC. The next screen will give you instructions to put your phone in DFU mode. This is how redsn0w does its magic.
4. After a couple of reboots, you will have a jailbroken iPhone…but still with a passcode. Reopen iPhoneBrowser and notice that it says that it is Jailbroken in the statusbar.
5. Now to remove the passcode. The passcode is stored in a keychain file along with other passwords. So when you do this, you might also lose the password for the accounts email and your voicemail, oh and any wifi networks you had joined and pretty much every password in every app you have installed too. The passcode is stored in /private/var/Keychains/keychain-2.db. Backup this file and copy the backed up file to your desktop. (Note: After backing up, click on the “Functions” menu and then click “View Backup Files” to get to the actual folder where the SQLite file was backed up to. Copy the file from there to your desktop to work on it)
6. Open up the SQLite browser and open the keychain-2.db file now on your desktop. Click on the second tab (Browse Data) and then switch to the genp table. Find the row that has something like “DeviceLockPassword” in the acct column and SpringBoard in the svce column. Delete this row using the DeleteRecord Button. Hit the save icon and close the SQLite browser.
SQLite browser
7. Now back in iPhoneBrowser, right click on the keychain-2.db file again and hit replace file option and then pick the saved keychain-2.db file off of your desktop that we just modified.
8. Reboot. Done!
That’s it! When your phone comes back up, it will be passcode free. That was pretty easy, wasn’t it. Just remember, this should be used to recover your own password, not to break into other peoples phones. I lost a couple of passwords to other stuff for some reason when I did this, but overall it went well. Please use this information responsibly. Happy hacking!
Disclaimer: The information provided in this article is provided as-is and without warranty for information purposes only. The iPhone Guru and Oliver Nelson are not responsible for any damage you may cause to your hardware or software as a result of this information. Also note that performing any of the steps outlined in this article could void your iPhone’s warranty. This article was intended to assist iPhone owners who have forgotten their passcode. Any other use is strongly discouraged.
One Response
works kind of, but after u erase the field u can’t use the lock feature again coz it remembers that u failed the attempts.