Skip to main content
Skip table of contents

Lockdown method - Unlocking a passcode-protected iPhone

MOBILedit Forensic is able to connect to iPhones protected by passcodes. Many iPhone users use iTunes, especially for managing music and almost everyone has connected their iPhone to iTunes at least once. To get through the passcode, you need to access the computer that the locked iPhone was connected to and obtain the 'lockdown file' that iTunes creates automatically for any iPhone that connects to that PC.

Lockdown method does NOT unlock phone (eg. screen will stay locked, even if it’s successfull), but enables our software to communicate with phone and extract data from it, that can be used for further examination.

You will find the lockdown files located in the iTunes folder along with one of these file paths, depending on your operating system. 

  • Windows Vista, 7, 8, 10

C:\ProgramData\Apple\Lockdown

  • Windows 2000/XP

C:\Documents and Settings\All Users\Application Data\Apple\Lockdown

  • Mac OS X

/var/db/lockdown

After finding these files, move them to a different location on the disk or transfer them to the computer with MOBILedit Forensic installed if needed.

If the lockdown button does not appear as shown below, you will need to stop Apple Mobile Device Services from running from within the Windows Task Manager.

Once you have the file and the Upload lockdown file button appears, click on the "Upload lockdown file".

Then select your lockdown file.

Click on Open and your iPhone will reconnect and will be unlocked.

If your device is running iOS 9, or higher, if device was rebooted prior connecting, lockdown files are not accepted by device, until first device unlock.

The lockdown files method works in different ways for certain iOS versions.

  • for iOS 8 and lower, it works basically without any limitations (reboot doesn’t affect accepting lockdown files, lockdown file is unique to the device and can be used even after factory reset)

  • for iOS 9 - 11.2, it does work without any significant limitations (except reboot explained above)

  • for iOS 11.3 and above the expiration date for the lockdown file added, after one week from the last computer connection, they will become invalid.

  • for iOS versions 11.4 and above the "restricted mode" was introduced, which means if the device is disconnected from the PC for more than an hour or connected to the PC it was never connected before, the user is forced must unlock the phone to connect, otherwise, the PC will not recognize the device is connected to USB.

  • for iOS versions 15 and above the lockdown method may not work at all as the device will prompt the user for the passcode.

Restricted mode is turned on by default, however, the user can disable it in the settings.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close