Page 1 of 2 12 LastLast
Results 1 to 10 of 11
Discuss Bypass Passcode on jailbroken devices at the iOS 4.x (iPhone OS 4.x) - Hackint0sh.org; Hi, with FW 3.1.x it was possible to bypass a passcode by deleting the keychain-2.db ...
  1. #1
    Newbie Array

    Join Date
    Aug 2010
    Posts
    1
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Bypass Passcode on jailbroken devices

    Hi,

    with FW 3.1.x it was possible to bypass a passcode by deleting the keychain-2.db (or the entry in genp witch acct="DeviceLockPassword") and com.apple.springboard.plist on the device.

    As far as I can see this is not longer working with iOS 4. If you delete keychain-2.db it is create automatically after a reboot and the passcode is still active. genp does not longer have a entry acct="DeviceLockPassword". There are two entries (passwords) in the automatically create keychain-2.db. One for the service "EnhancedVoicemail" and one for "PortableStorage".

    Does anyone has more or detailled information about the changes with iOS 4?

    GrisoMG



  2. #2
    Newbie Array

    Join Date
    Oct 2010
    Posts
    1
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Any update on this?

    I have same issue on iphone 4 4.0.1 jailbroken.
    I have access to file system. I'm able to reset passcode retry count, but removing keychain-2.db does not reset the password, it looks they store it in different place now..

  3. #3
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by timmo4ka View Post
    Any update on this?

    I have same issue on iphone 4 4.0.1 jailbroken.
    I have access to file system. I'm able to reset passcode retry count, but removing keychain-2.db does not reset the password, it looks they store it in different place now..
    Yes they do.. I haven't yet had the time to dig and find out where they store it now.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  4. #4
    Advanced Array

    Join Date
    Jul 2010
    Posts
    49
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    There's a flaw on 4.1:
    "An iPhone glitch spotted by 9to5Mac lets users access locked iPhone 4 devices running iOS 4.1 by pressing a series of buttons. If a user taps "Emergency Call," on an iPhone 4, dials a non-emergency number, and then clicks "Send," the user will then be able to access the main Phone application, which includes the dial pad, contacts (send an email or SMS), voicemails, favorites, and recent calls. Engadget said that if you hold down the menu button to access voice controls, you'll be able to access the iPhone's music, too."

  5. #5
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by aneagle View Post
    There's a flaw on 4.1:
    "An iPhone glitch spotted by 9to5Mac lets users access locked iPhone 4 devices running iOS 4.1 by pressing a series of buttons. If a user taps "Emergency Call," on an iPhone 4, dials a non-emergency number, and then clicks "Send," the user will then be able to access the main Phone application, which includes the dial pad, contacts (send an email or SMS), voicemails, favorites, and recent calls. Engadget said that if you hold down the menu button to access voice controls, you'll be able to access the iPhone's music, too."
    This is not what the original poster was after. The glitch you speak about only allows access to the phone and music functions. Not to settings or other apps.

    Anethema (one of the key people behind Push Doctor / Push Donor) has figured out how to disable this passcode on 4.x I will ask him next time I find the time.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!


  6. #6
    H__
    H__ is offline
    Newbie Array

    Join Date
    Oct 2010
    Posts
    2
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Bump - I have found the same thing. Deleting the DeviceLockPassword row from keychain-2.db table 'genp' worked fine on 3.1.3 but that value no longer exists in 4.1. Deleting the springboard file doesn't clear it either. The info doesn't seem to be out there...

    Has anyone figured it out or do I need to do a DD image before and after enabling it? :p

  7. #7
    Newbie Array

    Join Date
    Feb 2011
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Try to delete both "com.apple.springboard.plist" AND "keychain-2.db" , then reboot .

    in /var/mobile/Library/Preferences/
    and /var/Keychains/

  8. #8
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by Pygmalion View Post
    Try to delete both "com.apple.springboard.plist" AND "keychain-2.db" , then reboot .

    in /var/mobile/Library/Preferences/
    and /var/Keychains/
    Did you read the whole thread? This is about iOS 4.x where the technique you described no longer works. Don't give bad/incorrect advice!
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  9. #9
    Newbie Array

    Join Date
    Feb 2011
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Sorry about that. I did read the whole thread and I understand that the 3.1.3 methode doesn't work on ios 4 anymore but I thought I read somewhere that by deleting both files at the same time and rebooting was the solution. Although I havent tested it before my post and I just tryed it and it doesn't work. I will not post untested "steps" anymore.

    Anyway, going back to the problem, the key in finding how to bypass the passcode is to understand how it works and where it stores its data on ios 4.
    Maybe a way to do that is by watching what files have been changed after a passcode change/removal .
    SSH: / # find . -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort | tail -n 25
    This will list the last 25 files changed ...

    I'd like to help...

  10. #10
    Newbie Array

    Join Date
    Feb 2011
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    It looks like these two files are working together:

    //private/var/Keychains/keychain-2.db
    //private/var/keybags/systembag.kb

    What does systembag.kb do ?


    Things to try:

    Change passcode to 1234
    Backup keychain-2.db and systembag.kb
    Change passcode to whatever
    restore keychain-2.db and systembag.kb
    Reboot and check if passcode came back to 1234

    I can't work on this now but becarefull and make sure to backup everything , you my get locked out playing with these files.

    Also it would be nice to see if these two files were working together back in ios 3.1.3 . If not then it's a good sign .
    Last edited by Pygmalion; 03-04-2011 at 08:11 PM.


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. 4.3.3 passcode bypass anyone?
    By keshaxe in forum iOS 4.x (iPhone OS 4.x)
    Replies: 1
    Last Post: 06-30-2011, 12:26 PM
  2. Jailbroken 3GS Passcode bypass needed
    By LS6_5SPD in forum iOS 4.x (iPhone OS 4.x)
    Replies: 1
    Last Post: 03-29-2011, 09:18 AM
  3. Bypass passcode lock in 2.1 firmware?
    By PhoneInside in forum Free Toolchain Software (Cydia App's)
    Replies: 2
    Last Post: 10-14-2008, 12:35 AM
  4. [Guide] How to bypass iPhone's Passcode
    By TatesMan in forum General
    Replies: 2
    Last Post: 08-29-2008, 03:09 AM
  5. Bypass Passcode
    By JSN1 in forum General
    Replies: 9
    Last Post: 10-29-2007, 07:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 01:54 PM.
twitter, follow us!