Update 2019-12-16: Seriously, this is VERY OUTDATED and I cannot help you. I will still approve comments in case anyone else wants to chime in. I have no reason to study this, as I don't deal with any form of iPhone servicing these days. This post was for iPhone 3GS with iOS 5.0.1. That's ancient, very exploited hardware with ancient, very exploited OS. I don't follow jailbreak scene in 2019 at all. I don't know if working around passcode lock is remotely possible these days.
Update 2016-03-16: This 2012 post discussed iOS 5 on iPhone 3GS. Both the iOS hardware and software are more secure these days. I don't use iOS much these days either. I'm keeping the post up for archival, but chances that I can help you are very low.
You have a passcode-disabled iOS device? You get a message similar to "iPhone disabled for XYZ minutes"? Especially if the message mentions millions of minutes, this may be a problem. Or if the iPhone instructs you to plug it in iTunes, and then iTunes says that you need to unlock the passcode, without a way for you to enter it?
One way is to restore the device. Unacceptable if you have important info on the device.
Let's instead destroy the passwords and Springboard settings. You'll still need to enter your passcode, but at least you'll be able to unlock the device. If you forgot the passcode, you'll at least have SSH installed and a way to connect to the device. If you find the instructions on how to remove the passcode completely, leave a comment below.
Instructions for OS X. Tested on iPhone 3GS with 5.0.1. You're expected to have at least a brain, some experience with jailbreaking, and understanding of UNIX systems.
- Grab latest redsn0w. (At the time of writing, redsn0w 0.9.11b4)
- Grab "SSH_bundle.tgz".
- Run redsn0w and click "Jailbreak".
- Follow instructions and choose "Install custom bundle"
- Wait until device reboots.
- Grab "usbmuxd". Tested with "usbmuxd-1.0.7.tar.gz"
- Unpack it, open Terminal, and go into the newly created "usbmuxd-1.0.7" folder.
- Go to "python-client" subfolder. Type "python tcprelay.py 22:2023". This allows you to connect to the device via the USB cable.
- In a new Terminal window or tab, type "ssh root@localhost -p 2023". This'll work about 30 seconds after the device boots successfully.
- Try typing "alpine" as the password. If it works, congratulations! Let's move on.
- In terminal that is connected via SSH to your iPhone, type "rm /var/mobile/Library/Preferences/com.apple.springboard.plist".
- In terminal that is connected via SSH to your iPhone, type "rm /var/Keychains/keychain-2.db".
- Just to be sure, let's check your date. In your local Mac terminal, type "date". Copy the result to the clipboard. In terminal that is connected via SSH to your iPhone, type "date". If the dates aren't reasonably close (a couple of hours of difference max), type "date -s PASTETHEDATEFROMYOURMAC" into terminal for your iPhone. Now type "date" on iPhone terminal just to be sure.
- Reboot the device. Enter the passcode.
Information source: this post, research
Again, if you are able to remove the passcode completely, tell me. Thread in which the post I linked to is located contains some info, but I haven't been able to verify it. (I don't plan on locking customer's iPhone again just to check, thank you very much ;))