Regaining access to a passcode-disabled iOS device

Update 2016-03-16: This 2012 post discussed iOS 5 on iPhone 3GS. Both the iOS hardware and software are more secure these days. I don’t use iOS much these days either. I’m keeping the post up for archival, but chances that I can help you are very low.


You have a passcode-disabled iOS device? You get a message similar to “iPhone disabled for XYZ minutes”? Especially if the message mentions millions of minutes, this may be a problem. Or if the iPhone instructs you to plug it in iTunes, and then iTunes says that you need to unlock the passcode, without a way for you to enter it?

One way is to restore the device. Unacceptable if you have important info on the device.

Let’s instead destroy the passwords and Springboard settings. You’ll still need to enter your passcode, but at least you’ll be able to unlock the device. If you forgot the passcode, you’ll at least have SSH installed and a way to connect to the device. If you find the instructions on how to remove the passcode completely, leave a comment below.

Instructions for OS X. Tested on iPhone 3GS with 5.0.1. You’re expected to have at least a brain, some experience with jailbreaking, and understanding of UNIX systems.

1. Grab latest redsn0w. (At the time of writing, redsn0w 0.9.11b4)

2. Grab “SSH_bundle.tgz“.

3. Run redsn0w and click “Jailbreak”.

4. Follow instructions and choose “Install custom bundle”

5. Wait until device reboots.

6. Grab “usbmuxd”. Tested with “usbmuxd-1.0.7.tar.gz

7. Unpack it, open Terminal, and go into the newly created “usbmuxd-1.0.7” folder.

8. Go to “python-client” subfolder. Type “python tcprelay.py 22:2023”. This allows you to connect to the device via the USB cable.

9. In a new Terminal window or tab, type “ssh root@localhost -p 2023”. This’ll work about 30 seconds after the device boots successfully.

10. Try typing “alpine” as the password. If it works, congratulations! Let’s move on.

11. In terminal that is connected via SSH to your iPhone, type “rm /var/mobile/Library/Preferences/com.apple.springboard.plist”.

12. In terminal that is connected via SSH to your iPhone, type “rm /var/Keychains/keychain-2.db”.

13. Just to be sure, let’s check your date. In your local Mac terminal, type “date”. Copy the result to the clipboard. In terminal that is connected via SSH to your iPhone, type “date”. If the dates aren’t reasonably close (a couple of hours of difference max), type “date -s PASTETHEDATEFROMYOURMAC” into terminal for your iPhone. Now type “date” on iPhone terminal just to be sure.

14. Reboot the device. Enter the passcode.

Congratulations!

Information source: this post, research

 

Again, if you are able to remove the passcode completely, tell me. Thread in which the post I linked to is located contains some info, but I haven’t been able to verify it. (I don’t plan on locking customer’s iPhone again just to check, thank you very much ;))

-=-
Tip me with Bitcoin to: 1ASA9q5VQUxPZvit8X2AP4JYzPcSDk7dFV or using ChangeTip (button below)


10 thoughts on “Regaining access to a passcode-disabled iOS device

      1. sridhar

        Thanks for immediate response..
        Is there any other to connect multiple device with out using wiif..?

        Reply
        1. Ivan Vučica Post author

          Unfortunately, I have no idea. Why is it a problem to connect one device at a time? You can’t be fixing multiple devices anyway, it’s too distracting.

          Reply
        1. mark

          UPDATE: The 4S is indeed different, as jailbreaking no longer works using DFU mode but rather normal (iPhone) mode, and this does not work as long as the device is passcode-locked. So a proper catch 22.

          Reply
  1. soccy

    is there another way to do this on ios 9? I have an ipad on ios 9.1 that is disabled. I went through your steps here and did not regain access to the password prompt. Any ideas?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *