How-to remove iPad/iPhone/iPod Touch encrypted backups password if you forgot it

These last days I must be set on a Apple devices destruction mode. First I lost access to my MacBook while trying to increase its physical security – I configured it to boot from network and I lost all access to boot sequence commands. I think my model has an EFI bug because the security-mode set to full doesn’t ask for a password when I start/restart my laptop, only asks for password if I want to boot from other devices. I had to install a Snow Leopard Server to boot from a netboot image (the process works extremely well!) and fix the startup sequence… This of course after quite a few (known) attempts to reset the damn startup sequence – I even removed the NRAM battery, to no effect!

Proceeding in this “destruction” sequence, I set my iTunes to encrypt backups and I forgot the damn password (too many passwords…). Since losing that backup wasn’t a big issue, I tried just to remove the encrypted option but that doesn’t work since it requires the old password. Some web searching without any relevant results. The best clue was to mess with keychain-2.db file, located at /var/Keychains. I tried to move it but it didn’t work, so I went checking its contents, since it’s a sqlite3 database. The interesting field is located at the genp table and it is something like (your results should differ, at least the first row, which is “rowid” field):

153||||||||||||||BackupPassword|BackupAgent|||apple|dk

So I deleted this row (delete from genp where rowid = 153) and reconnected my iPad to iTunes. I tried to remove the Encrypt iPad Backup option but it asked again for the password. Fill it with random junk and voila, problem solved :-)
A new, unencrypted, backup will start. After it finishes (or you can stop it), you will be able to set a new password and the encrypted backup will start.

Most probably you will need to have your iOS device jailbroken to access that file. If you can access that file from a file system browser then you can edit it at your iTunes computer and copy back to the device (I doubt that this is possible with devices not jailbroken).

That’s it!
fG!

Update: This method doesn’t seem to be valid in iOS 5.x. The database has changed and the fields appear to be encrypted. Need to do some research on this.

40 thoughts on “How-to remove iPad/iPhone/iPod Touch encrypted backups password if you forgot it

  1. Sure you need JB :)
    What tool tou used to access keychain-2.db? I’m thinking of iFile, SSH or iPhone Explorer with full file access.

  2. i tried mention steps for unlock my backup encryption for my iphone 4g on ios 4.3.3

    keychain-2.db file, located at /var/Keychains. I move it to my laptop and then i install sqllite browser and edit keychain-2.db file. The interesting field is located at the genp table and it is something like (your results should differ, at least the first row, which is “rowid” field):(As mention above), the rowid may be differ because it depend on the password sequence in all versions of iphone,ipad and ipod so just remove the row belongs to backup key in genp table

    So I deleted this row (delete from genp where rowid = 106) and reconnected my iphone to iTunes. before doing that i remove all the available old backup files and rename backup directory (in windows 7, C:\Users\username\AppData\Roaming\Apple Computer\MobileSync\Backup). I tried to remove the Encrypt iPhone Backup option but it asked again for the password. fill it with a random password any thing, problem solved :-)
    A new, unencrypted, backup will start. After it finishes, you will be able to set a new password and the encrypted backup will start, or you can use backup with out password

  3. I had a a problem with my ipad2 ios 4.3.3. (Jjailbreak) Since the device password didn’t work, I has changed from simple (4 character numeric). Password into comlex ( iuse 5 character numeric). Problem is springboard show only simple password (4 digit). Icant open my ipad, will this method also work. To restore my ipad?

  4. Hey, if I’m reading this correctly, this is helpful only if you haven’t already gone and erased your phone, upgrading it before remembering that you had encrypted your backups and have no idea what the password is, correct? If my phone is now factory reset and empty, and I have a bunch of backups sitting on my computer, encrypted with a password I can’t remember, I don’t have many options, right?

    1. Yes in your scenario you will need to crack your backups password.
      Elcomsoft (http://www.elcomsoft.com/) has such product but I think it’s only available to Governments entities or it’s damn expensive.

      I assume that the restore will require you to introduce the backups password, correct? If it doesn’t require you can try to restore and then use this trick to try to regain access.

  5. Here’s my situation: I wanted to upgrade to the 5OS on a 3GS phone, however, after I downloaded the upgrade, iTunes asked for my encrypted backup password. I forgot the password essentially. I tried every word/number combination I ever use for my personal stuff to no avail. Been scouring the internet for internet and aside from starting from scratch I dont have many options unless if I jailbreak it and then try your method outlined above. I have tried to download the Elcomsoft program but its going to take 9 days to find the password and my current version of the encrpypted phone/list is not coming up w/the phone information when I go to select it in the program. Some people have said it was their current passcode (4 digit pin) or an old one when they reset to factory setting but I find that hard to believe. Do have any other options on getting my data back until I remember what the lost password is?

    1. Jailbreaking should be the easiest and fastest option to solve your problem. Jailbreak it, apply the described trick to get an unencrypted backup and voila, you can upgrade it :-)

      1. Can I do this: first create a copy of the encrpyted pw-protected backup in the event it gets deleted. Then I have to set the phone back to factory settings (wipping it clean and starting fresh), create a new version of the phone in iTunes with no previous data, then jailbreak 5OS – use your trick described above to get an unencrypted backup file and then restore it back to my current phone (which would be running on 5OS)?

        1. Yes, it’s a good idea to backup your backup folder in case something goes wrong.
          Your strategy only works if it’s possible to restore the old encrypted backups without having to input the password, something that doesn’t make that much sense from a security point of view. I doubt it works like that.
          If this is true then your strategy will not work because the only backups you have are encrypted. You need to jailbreak now and use the trick to create unencrypted backups that you can easily restore into iOS 5.

  6. I got the same problem. Actually, I got wifi problem and so jailbroken again without any backup. Previous backups were encrypted. Password didn’t know. What I did…Select the main backup and try for 10-15 times for retrying password. No luck.
    The last time just click over restore and god know…IT DIDNT ASK FOR PASSWORD AND SYNC AUTOMATICALLY. ALSO, THE ENC PASSWORD WAS ALSO DISABLED. Do you think this make sense. I think this incident must be shared to you guys.

    1. Interesting case! I have to give it a try one of these days. It doesn’t make any sense if you can just restore and password is gone and everything is backup’ed and restored. That would be a security issue :-)

    2. I will verify the same scenario. Forgot my password, tried multiple times to guess without any luck, and then just hit cancel – BINGO! My iPod Touch began synching automatically, restoring all the old applications and other things with no problem. The box to check if you want to encrypt the backup was empty. Believe me, I left it that way this time.

  7. i was trying to update my ipod. it updated it then deleted everything. there is a backup encrypted password but i dont know it. is there anyway to get around it and recover all my information

  8. Hi, thanks for your explanation.
    However, I can’t find the ‘BackupPassword|BackupAgent|||apple|dk’ row!
    I have used iFile and SSH, but in neither of these does the row appear. Do you have
    any suggestions to what I can do? Could it be that the row is there but hidden?
    Unfortunately I stored all of my passwords on my ipod, and after updating it I can’t
    access the password app…

    Thanks for your help

      1. It is iOS 5.1, I recently updated it because the untethered jailbreak came out.
        It is a 4th generation ipod touch.

        Thanks

        1. Humm it seems that Apple changed the db format in iOS 5.x. The fields are probably obfuscated/encrypted and this doesn’t applies anymore to iOS 5.x.
          Need to research a little more about this.

  9. Thanks, I really have no clue about this kind of stuff. It’s not anything important, mostly save data for apps/games that I want to recover.

  10. Hi there,
    Guys you are my only hope, I backed up my my iphone ver. 4.3.3 with a password on itunes, my iphone is not jailbroken, i forgot my password as i tried all the words possible but with no luck, so my next step is to deal with sqlite editor to change the mentioned file?

  11. It will be my best news for 2012 already, what software i should use to edit the mentioned file plz, as i am not that expert on these matters but i will learn everything to get my orginal phone back.

  12. If i am on 4.x that means i have to JB??? coz the backup file on my computer and now my iphone is set as new iphone, please don’t tell me i cant play with file which is on my comp. I NEED TO RESTORE IT BACK :(((((

  13. I have an JB iPhone 3G running 4.2.1. I have the same problem. To my knowledge I have not set any pw for the backup but now it says there is and I cannot uncheck. I wanted to transfer/sync my sms to my PC for this SMS export app requires to remove the pw for the encryption. Now i’m kinda stuck.
    I cannot see SQLite3 in cydia or am I looking in the wrong place. Do I have to install SQLite in my iPhone or in my PC.
    Is there any other way to copy the SMS to my PC

  14. I found a solution to your problem, as I was having the same problem for about a year. if you are using Mac, then go to Applications -> utilities -> keychain Access. once the program opened, type iphone. you’ll find the device and login in this list. click on one of them, the new window will open. click on show password, enter your mac administrator password, then you can see your iphone encryption password.

    hope it helps you.

  15. Hi there if anyone can help me unlock the itunes encrypted password please contact me asap – really loosing a lot of time trying to get software to find the password I did not set
    Medical information of my elderly mom was backed up by me like a fool I trusted it would be fine – but some how the encryption is on – I have tried every password even from the date of getting the 3gs way back
    Im getting another iphone need to access my backup
    Any help is greatly appreciated fryreyesonly at hotmail dot com
    Jen

    1. Hello,

      The described method on this post is only available for old iOS versions.
      Recent ones have their database encrypted and this does not work.

      fG!

  16. I did not see it mentioned here, but if you use the screen lock with a password try using it. I worked for me.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>