Before the days when you could easily opt to use a “complex” passcode from the iPhone Settings, you had to manually use the iPhone Configuration Utility (iPCU). When I created a profile to use a complex passcode, I inadvertently forced my iPhone backups to be encrypted and now that the “Encrypt iPhone backup” checkbox is grayed out, I can’t stop encrypting my backups.
But after I jailbroke my phone (because the baseband died), I had the option of mucking around with the system files to see if it could be undone. Backup encryption happens on the phone, so the phone must know your password, and where are (most) passwords stored? In /var/Keychains/keychain-2.db
of course.
Download the file using iPhone Explorer (or whichever tool you prefer), and execute sqlite3 keychain-2.db
. Poke around. Hmmm this looks interesting:
sqlite> select * from genp where svce = 'BackupAgent'; rowid = 10 cdat = . . prot = acct = BackupPassword svce = BackupAgent gena = data = agrp = apple pdmn = aku
Let’s see what happens when I remove it (of course after I made a backup first):
sqlite> delete from genp where svce = 'BackupAgent';
Now upload the file back to the iPhone.
By removing the BackupPassword
, the next time you sync/backup to iTunes, it will prompt you to enter your password to “unlock” your backups or something similar. It should be pre-filled from your keychain if you had opted to save it.
After that, it creates an unencrypted backup and the “Encrypt iPhone backup” checkbox can now be unchecked. I’m using iOS 4.3.2 by the way. The table names or fields could be different in other iOS versions.
On the flipside, your passwords will no longer be carried over when you restore the backup into a new device.
Hi just asking how do you ‘execute sqlite3 keychain-2.db’?
If you’re on Windows you can download the precompiled
sqlite3.exe
binary, and you execute that from the Command Prompt. If you’re on Linux you can install the appropriate package(s) and use the Terminal.This will open the keychain sqlite database for editing.