I have an iPad 2 running iOS 5.1.1 and it is jailbroken (though as far as I know, not running SSH). A few hours ago I set a new 4-digit device passcode which I subsequently forgot. I've tried a few times now and it blocked me out for a full hour twice now, I suspect if I try again it will completely block the device.
I last made an iTunes backup and synchronisation about 3-4 months ago on a laptop that I still have, but is currently unusable (the HDD is in another country, I won't be able to use that laptop for at least 2 more weeks).
I have other computers with iTunes, when I connect my iPad to this other machines I get a message telling me that I have to unlock it first before iTunes will connect to it, which means that I cannot browse the filesystem using iExplorer or iFunBox (then I would be able to delete the keychain file and get in that way… I hope). I think that if I connect my iPad to my original laptop (2 weeks away) that I'll be able to get-in without needing the passcode? Is this true?
I found out about the Gecko iPhone Toolkit, however that only works up to iPhone 4 (A4) whereas the iPad 2 is an A5-powered device. I also couldn't find any download links, oddly enough.
I read about a Ramdisk that I could boot from in Recovery Mode that has an SSH server, but the steps looked too complicated and the forum posts don't mention the iPad 2 and iOS 5 which made me wonder if it would work or not, I didn't want to risk it.
I see that commercial forensics tools like Elcomsoft's iOS Toolkit and Cellebrite UFED claim to be able to get into my device, but if they can do it how come the jailbreakers can't?
Coincidentally, I contacted a local data recovery company and they left me a voicemail just now saying that they wouldn't be able to recover data from an iPad 2, only a first-generation iPad, which is a bummer – but I don't know what tool they use.
I'll try contacting other data recovery companies in the meanwhile, but is my situation really helpless?
Update:
I tried another passcode attempt and that caused my iPad to be disabled. Ho-hum. I returned home today and plugged my iPad into my laptop and while iTunes did not offer to remove the passcode I was able to access the raw filesystem using iFunBox, which I could not do when my iPad was connected to any of my other computers.
I deleted the keychain-2.db and com.apple.springboard.plist files and rebooted my device, however the passcode prompt still persists.
I'm not too bothered about the passcode on the device preventing me from logging-in because iFunBox gives me the raw filesystema access so I can grab the files and data I need (such as my iMessages database) and wipe the device at a later date if I can't get the passcode back.
Still, if anyone knows why deleting keychain-2.db didn't work, please let me know.
Best Answer
The canonical way to fix this is to erase and restore the device.
See http://support.apple.com/en-us/HT1212 for more details and options.