These last days I must be set on a Apple devices destruction mode. First I lost access to my MacBook while trying to increase its physical security – I configured it to boot from network and I lost all access to boot sequence commands. I think my model has an EFI bug because the security-mode set to full doesn’t ask for a password when I start/restart my laptop, only asks for password if I want to boot from other devices. I had to install a Snow Leopard Server to boot from a netboot image (the process works extremely well!) and fix the startup sequence… This of course after quite a few (known) attempts to reset the damn startup sequence – I even removed the NRAM battery, to no effect!
Proceeding in this “destruction” sequence, I set my iTunes to encrypt backups and I forgot the damn password (too many passwords…). Since losing that backup wasn’t a big issue, I tried just to remove the encrypted option but that doesn’t work since it requires the old password. Some web searching without any relevant results. The best clue was to mess with keychain-2.db file, located at /var/Keychains. I tried to move it but it didn’t work, so I went checking its contents, since it’s a sqlite3 database. The interesting field is located at the genp table and it is something like (your results should differ, at least the first row, which is “rowid” field):
153||||||||||||||BackupPassword|BackupAgent|||apple|dk
So I deleted this row (delete from genp where rowid = 153) and reconnected my iPad to iTunes. I tried to remove the Encrypt iPad Backup option but it asked again for the password. Fill it with random junk and voila, problem solved 
A new, unencrypted, backup will start. After it finishes (or you can stop it), you will be able to set a new password and the encrypted backup will start.
Most probably you will need to have your iOS device jailbroken to access that file. If you can access that file from a file system browser then you can edit it at your iTunes computer and copy back to the device (I doubt that this is possible with devices not jailbroken).
That’s it!
fG!
Update: This method doesn’t seem to be valid in iOS 5.x. The database has changed and the fields appear to be encrypted. Need to do some research on this.
Tags: backups, encrypted, ipad, iphone, ipod touch, passwords, remove
-
Sure you need JB
What tool tou used to access keychain-2.db? I’m thinking of iFile, SSH or iPhone Explorer with full file access.-
I accessed the file via SSH and edited it there since Cydia installs a sqlite3 client.
-
-
Thank you for this guide. This helped me out so much!
-
Thanks!! Worked like a charm.
-
i tried mention steps for unlock my backup encryption for my iphone 4g on ios 4.3.3
keychain-2.db file, located at /var/Keychains. I move it to my laptop and then i install sqllite browser and edit keychain-2.db file. The interesting field is located at the genp table and it is something like (your results should differ, at least the first row, which is “rowid” field):(As mention above), the rowid may be differ because it depend on the password sequence in all versions of iphone,ipad and ipod so just remove the row belongs to backup key in genp table
So I deleted this row (delete from genp where rowid = 106) and reconnected my iphone to iTunes. before doing that i remove all the available old backup files and rename backup directory (in windows 7, C:\Users\username\AppData\Roaming\Apple Computer\MobileSync\Backup). I tried to remove the Encrypt iPhone Backup option but it asked again for the password. fill it with a random password any thing, problem solved
A new, unencrypted, backup will start. After it finishes, you will be able to set a new password and the encrypted backup will start, or you can use backup with out password -
I had a a problem with my ipad2 ios 4.3.3. (Jjailbreak) Since the device password didn’t work, I has changed from simple (4 character numeric). Password into comlex ( iuse 5 character numeric). Problem is springboard show only simple password (4 digit). Icant open my ipad, will this method also work. To restore my ipad?
-
I doubt that this will work but you could give it a try. Save your current backups to another directory so you don’t lose them and try to do this
-
-
Hey, if I’m reading this correctly, this is helpful only if you haven’t already gone and erased your phone, upgrading it before remembering that you had encrypted your backups and have no idea what the password is, correct? If my phone is now factory reset and empty, and I have a bunch of backups sitting on my computer, encrypted with a password I can’t remember, I don’t have many options, right?
-
Yes in your scenario you will need to crack your backups password.
Elcomsoft (http://www.elcomsoft.com/) has such product but I think it’s only available to Governments entities or it’s damn expensive.I assume that the restore will require you to introduce the backups password, correct? If it doesn’t require you can try to restore and then use this trick to try to regain access.
-
-
Here’s my situation: I wanted to upgrade to the 5OS on a 3GS phone, however, after I downloaded the upgrade, iTunes asked for my encrypted backup password. I forgot the password essentially. I tried every word/number combination I ever use for my personal stuff to no avail. Been scouring the internet for internet and aside from starting from scratch I dont have many options unless if I jailbreak it and then try your method outlined above. I have tried to download the Elcomsoft program but its going to take 9 days to find the password and my current version of the encrpypted phone/list is not coming up w/the phone information when I go to select it in the program. Some people have said it was their current passcode (4 digit pin) or an old one when they reset to factory setting but I find that hard to believe. Do have any other options on getting my data back until I remember what the lost password is?
-
Jailbreaking should be the easiest and fastest option to solve your problem. Jailbreak it, apply the described trick to get an unencrypted backup and voila, you can upgrade it
-
Can I do this: first create a copy of the encrpyted pw-protected backup in the event it gets deleted. Then I have to set the phone back to factory settings (wipping it clean and starting fresh), create a new version of the phone in iTunes with no previous data, then jailbreak 5OS – use your trick described above to get an unencrypted backup file and then restore it back to my current phone (which would be running on 5OS)?
-
Yes, it’s a good idea to backup your backup folder in case something goes wrong.
Your strategy only works if it’s possible to restore the old encrypted backups without having to input the password, something that doesn’t make that much sense from a security point of view. I doubt it works like that.
If this is true then your strategy will not work because the only backups you have are encrypted. You need to jailbreak now and use the trick to create unencrypted backups that you can easily restore into iOS 5.
-
-
-
-
I got the same problem. Actually, I got wifi problem and so jailbroken again without any backup. Previous backups were encrypted. Password didn’t know. What I did…Select the main backup and try for 10-15 times for retrying password. No luck.
The last time just click over restore and god know…IT DIDNT ASK FOR PASSWORD AND SYNC AUTOMATICALLY. ALSO, THE ENC PASSWORD WAS ALSO DISABLED. Do you think this make sense. I think this incident must be shared to you guys.-
Interesting case! I have to give it a try one of these days. It doesn’t make any sense if you can just restore and password is gone and everything is backup’ed and restored. That would be a security issue
-
I will verify the same scenario. Forgot my password, tried multiple times to guess without any luck, and then just hit cancel – BINGO! My iPod Touch began synching automatically, restoring all the old applications and other things with no problem. The box to check if you want to encrypt the backup was empty. Believe me, I left it that way this time.
-
Hi!!! You tried multiple times like what? 20? With me its not workin… :s
-
-
-
Thanks it worked like a charm.
-
i was trying to update my ipod. it updated it then deleted everything. there is a backup encrypted password but i dont know it. is there anyway to get around it and recover all my information
-
You probably need to try Elcomsoft tools. I don’t know about any other solution to decrypt your backups.
-
-
how would i do this on a windows 7 pc?
-
Download a sqlite3 client for Windows. There should be quite a few available.
-
thanks i think i figured it out
-
-
-
Hi, thanks for your explanation.
However, I can’t find the ‘BackupPassword|BackupAgent|||apple|dk’ row!
I have used iFile and SSH, but in neither of these does the row appear. Do you have
any suggestions to what I can do? Could it be that the row is there but hidden?
Unfortunately I stored all of my passwords on my ipod, and after updating it I can’t
access the password app…Thanks for your help
-
Hello,
I have no idea about the missing row. Is it iOS 4.x or 5.x ?
fG!
-
It is iOS 5.1, I recently updated it because the untethered jailbreak came out.
It is a 4th generation ipod touch.Thanks
-
Humm it seems that Apple changed the db format in iOS 5.x. The fields are probably obfuscated/encrypted and this doesn’t applies anymore to iOS 5.x.
Need to research a little more about this.
-
-
-
-
Thanks, I really have no clue about this kind of stuff. It’s not anything important, mostly save data for apps/games that I want to recover.
-
Hi there,
Guys you are my only hope, I backed up my my iphone ver. 4.3.3 with a password on itunes, my iphone is not jailbroken, i forgot my password as i tried all the words possible but with no luck, so my next step is to deal with sqlite editor to change the mentioned file?-
If you are still in 4.x then you should be able to use the method described here.
-
-
It will be my best news for 2012 already, what software i should use to edit the mentioned file plz, as i am not that expert on these matters but i will learn everything to get my orginal phone back.
-
If i am on 4.x that means i have to JB??? coz the backup file on my computer and now my iphone is set as new iphone, please don’t tell me i cant play with file which is on my comp. I NEED TO RESTORE IT BACK
((((-
No, you can’t use it if you lost the password and restored your phone without using this trick first.
The only way to recover is to try to crack the password, check http://www.elcomsoft.com for such software.
-
34 comments
Comments feed for this article
Trackback link: http://reverse.put.as/2011/05/09/how-to-remove-ipadiphoneipod-touch-encrypted-backups-password-if-you-forgot-it/trackback/