- Stop redirecting all `execve` calls to `posix_spawn`, fixes issues with certain sandbox profiles (e.g. `configd`) that block `posix_spawn` but allow `execve`, fixes WPA2/3 ENTERPRISE networks not working (these issues started in 2.2 but were not a regression, in earlier versions the exec call was not hooked properly which is why this wasn't noticed before)
- Bump default jetsam multiplier back to 3x because apparently people don't read changelogs and that's why we can't have nice things (Most people should still be using 2x, but that's on their own to figure out now...)
- Remove `DYLD_INTERPOSE` in favor of other hooking techniques, since `DYLD_INTERPOSE` was apparently causing memory usage to be much higher than what it should be
- The jetsam multiplier can now be configured inside the Dopamine app, in previous Dopamine versions this was 3x everywhere with no option to configure it, due to the removal of the `DYLD_INTERPOSE`, the default setting has been able to be lowered to 2x
- `NSTask` is now supported everywhere by default, unlike before where it was only supported inside tweak dylibs or when you called `dopamine_fix_NSTask` yourself
- Due to the better hooking techniques, a lot of unnecessary code has been able to be removed
- Fix kcall on iOS 15 arm64 not working from libkrw and iDownload
- Fix `frida-ps -U` panicing the device (To be honest, I have no clue what change actually fixed this, the only thing I know is that it happens in older Dopamine versions and doesn't happen in 2.2 anymore)
- Improve launchd crash reporter in various different ways
- Allow binaries to get custom pmap_cs trust level via the `jb.pmap_cs_custom_trust` entitlement, possible values: {`"PMAP_CS_PROFILE_PREFLIGHT"`, `"PMAP_CS_COMPILATION_SERVICE"`, `"PMAP_CS_OOP_JIT"` (iOS 16 only), `"PMAP_CS_LOCAL_SIGNING"`, `"PMAP_CS_PROFILE_VALIDATED"`, `"PMAP_CS_APP_STORE"`, `"PMAP_CS_IN_LOADED_TRUST_CACHE"`, `"PMAP_CS_IN_STATIC_TRUST_CACHE"`}, a lower trust level allows the process to be less restricted by PMAP_CS, this in practice fixes the EQE app and it's Lua recompiler not to work (but only if it has the entitlement, so make sure you use the newest EQE build)
- Fix `posix_spawnattr_setarchpref_np` not being supported by the codesign bypass (#573)
- Only automatically fix up permissions of relevant directories inside `/var/jb/var/mobile`, rather than the entirety of it
- Skip permission fix up if either `/var/jb/var` or `/var/jb/var/mobile` is a symbolic link, previously there was a bootloop risk when either of them point to the real `/var` or `/var/mobile`
- Fix system deadlocks on some devices resulting in watchdogd timeout [2.0 regression]
- Automatically recursively fix /var/jb/var/mobile permissions (Fixes file sharing with jb apps still not working for some people)
- Fix codesigning bypass not working on binaries that have an armv6 slice (There probably isn't a single binary with such a slice though) [2.1 regression]
- Fix multicast_bytecopy not working on iPad Mini 6 (Contributed by @m1zole)
**Build has been pulled due to a rare bootloop risk, use a later version**
2.1.2
2024-05-02T17:29:03Z
- Fix app switcher not displaying preview images of jailbreak apps in some cases [2.1 regression]
- Sandbox: Allow writing to /var/jb/var/mobile system wide
- Fix codesigning bypass failing on binaries/libraries that have an armv7s slice (Fixes Designer not working) [2.1 regression]
- Fix sharing files to jailbreak apps not working in some instances [2.1 regression]
- Fix string corruption in sandbox bypass, the fact I never noticed this before means it probably wasn't that bad of an issue (don't use strcat on uninitialized stack buffers!)
- Fix Dopamine app instantly crashing when installed using TrollStore on A8 devices
- Add kcall implementation on arm64 iOS 15.x (this was needed for A8 support)
- Use kcall for allocating page tables when available
- Improve performance of some parts of the jailbreaking process by ~1000x (because A8 was getting stuck in them for multiple minutes.....)
- Fix support for some obscure device / version combinations (e.g. A9 15.0.1, early 15.0 betas, etc...)
- Add `weightBufs` and `multicast_bytecopy` as Kernel exploit options
- Protect system files in preboot partition so users cannot delete them and cause the device to recovery loop
- Add "Allow JIT in Apps" toggle, enabled by default, when enabled this will add `CS_DEBUGGED` to apps (Note: This has no effect on apps that have tweak injection disabled via Choicy)
- Fix `/var/mobile/Library/Application Support/Containers/`, `/var/mobile/Library/SplashBoard/Snapshots/` getting polluted with some jailbreak files
- Fix jailbreak apps disappearing after the system (or TrollStore) reloads the icon cache
- Add back "Change mobile password" option in Dopamine settings
- Switch to libgrabkernel2 (@alfiecg24, @dhinakg), removes the requirement for Dopamine to be installed by TrollStore on beta versions
- Fix smith not working on iOS 15
- Order exploits by recommendation score, add "(Recommended)" to the best one
30-04-2024 21:13 UTC: Build was reuploaded to fix issues with OTA updates on 15.x arm64, people who have already updated do not need it, so I decided to not make it a new update
- **Actually** fix relevant file path permissions when rejailbreaking (previously the method for this existed but was never called, sigh...), this should now actually automatically fix issues such as NewTerm / SSH not working
- Fix jailbreaking not working when developer mode was disabled (Developer mode will now be automatically enabled in a non persistent way for the current boot)
- Fix NECP connections failing after some time on arm64 (Apple Watch, VPN...)
- Fix `terminusd` crashes on arm64, reenable injection into it and `nesessionmanager`
- Automatically fix wrong permissions for `/private` and `/private/preboot` when jailbreaking
- Fix app icons disappearing or no longer opening on OTA updates (Will only be fixed for future updates, not for the one to 2.0.10, also requires TrollStore 2.0.13)
- Fix a super bad security issue where app store apps would be allowed to obtain full system captabilities (root + phys r/w) that were otherwise only intended to be accessible by root processes, as a result of this Dopamine 2.0.0 - 2.0.8 have been pulled and are no longer recommended to be used by anyone
- Fix an issue where the arm64 related fixes of 2.0.7 and 2.0.8 were only working when ellekit was installed and tweak injection was enabled
- Disable injection into terminusd and nesessionmanager on arm64 in an attempt to resolve issues with crash loops and VPN apps still not working for some users
- Immediately allow invalid pages on all processes that are spawned via `POSIX_SPAWN_START_SUSPENDED`, this fixes an issue where several Frida features would not work correctly
- Actually fix support for early iOS 15.0 betas (2.0.8 changelog lied)
- Fix iCloud settings being partially greyed out on arm64 (2.0.7 regression)
- Fix apps not showing up in settings on arm64 (2.0.7 regression)
- Fix support for iOS 15.0b1 - 15.0b3
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2.0.7
2024-02-24T16:48:17Z
- Fix several issues on arm64 (Battery section not loading, camera app not working, ...)
- Improve hiding jailbreak to also remove jailbreak apps from icon cache while the jailbreak is hidden
- Fix idownloadd getting started during userspace reboots even if iDownload was disabled in settings
- Fix jailbreak not working when /var/jb is an actual directory and not a symlink, improve error handling regarding this
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2.0.6
2024-02-21T19:57:42Z
- More kfd adjustments, should be even more reliable now (Contributed by @dhinakg)
- Fix a random panic caused by a launchd crash when trusting certain files
- Fix boomerang zombie processes getting created when userspace rebooting
- Workaround a stock bug where nano launch daemons would not get registered after a userspace reboot, resuling in some apple watch functionality breaking
- Various UI improvements (Contributed by @tomt000)
- Fix a race condition resulting in an app crash during jailbreaking
- Fix support for iOS 16.4b1 - 16.4b3
- Properly abort with an error if creating /var/jb fails
- Prefer physpuppet over landa on devices that support it
- Fix smith and physpuppet being selectable on iOS 15.x, even on versions that they do not support
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2.0.5
2024-02-17T13:59:34Z
- Improve kfd reliability by memory hogging, also fixes support for devices with 16GB RAM, contributed by @dhinakg
- Fix an issue where /var/jb/var/mobile would get the wrong file permissions on new bootstraps (Fixed retroactively on next rejailbreak)
- Improve the way injection into problematic processes is blocked
- Block injection into `dataaccessd` because it seemed to be crash looping for some users
- Fix verbose logs not showing in error log when they aren't enabled
- Actually print the error that caused the failure in the error log........
- Fix app crash on iPads when sharing log
- Fix a random app crash while jailbreaking
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2.0.4
2024-02-17T02:14:59Z
- Actually fix libkrw not working (The 2.0 changelog was lying...)
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2024-02-16T21:39:59Z
- Fix localization fallback not properly working (would show placeholder instead of english when no localization for the selected language was available)
- Don't attempt jbupdate if the phone is not already jailbroken
- Fix an issue where PAC primitives would get lost during a jbupdate, causing the launch of a sideloaded Dopamine app to trigger a kernel panic on <15.2
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2.0.2
2024-02-16T17:56:37Z
- Fix new bootstrap getting created every rejailbreak (super dumb 2.0.1 regression...)
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
2.0.1
2024-02-16T17:26:39Z
- Fix XPF not working on 15.0.x arm64e
- Fix an app crash during the jailbreak process
- Fix an app crash when launching the app on a jailbreak that is not Dopamine (this is still not really supported)
**This build was pulled due to a bad bootstrap bug that was fixed in 2.0.2**
2.0
2024-02-16T16:18:13Z
- Add support for arm64e iOS 15.5 - 16.5.1
- Add support for arm64 15.0 - 16.6.1 (A8 not supported for now) (by @kok3shidoll)
- Support installation via sideloading (Only works on non beta iOS versions using libgrabkernel for now, also a few features are only supported when installing via TrollStore)
- Rewrite the jailbreak app in Objective C with flexibility in mind (UI has been written by @tomt000)
- Add exploit picker (only kfd for now, more exploits for older versions will be added later)
- Add themes to app (in app + icon)
- Add support for using NSTask from tweaks, previously was unsupported, calling it from apps and other processes is also possible but you will have to call `dopamine_fix_NSTask()` yourself beforehand
- Remove libfilecom, switch to using XPC for handoff communication
- Deprecate jailbreakd in favor of launchd hook
- Instead of boot_info.plist, all jailbreak related info is now stored inside launchd and can be retrieved via XPC
- Rework kcall handoff to be stateless
- Rework trustcaching to be stateless
- Replace kernel patchfinder with XPF (https://github.com/opa334/XPF)
- Fix various issues with trustcaching
- Include libroot provider library (https://github.com/opa334/libroot)
- Make libkrw actually work (Yes, it was broken all throughout 1.x and nobody noticed)
**This build was pulled due to a bad security issue that was fixed in 2.0.9**
1.1.11
2023-11-20T23:28:19Z
- Fix "Invalid kernel stack pointer" random panic
- Apply forkfix for forks coming out of the `daemon()` and `forkpty()` functions
- Fix a bug in the codesign bypass where the wrong slice could get trustcached in some rare circumstances, causing the binary to fail to spawn
- Fix a minor inaccuracy in the `execve` systemwide hook
All the changes of this update have been contributed by @RootHide
`KFDopamine-BETA.tipa`:
Experimental beta version of Dopamine that uses kfd instead of oobPCI, for the time being this is a secondary build as the PAC bypass seems a little more unreliable and progress updates and verbose logs during PAC and PPL bypass are broken. This build adds support for iOS 15.5b1 - 15.5b3, it also removes the need for the Wi-Fi fixup on 15.0 - 15.1.1. An upcoming Dopamine version will add an exploit picker, this build is just a stop gap solution as that version is still far off. The post jailbreak environment is 1:1 the same, stability will be the same, just the exploitation process is different.
**IMPORTANT: This build is held together by toy glue and does not reflect the exploit reliability that the final version with the exploit picker will have**
- Fix an issue where on some devices launchd would get killed by jetsam during the initial userspace reboot, resulting in a kernel panic (1.1.3 regression)
- Fix an issue where under some super rare circumstances some incorrect code path could invoke the functionality of the "Hide Jailbreak" button without it being pressed
- Fix a miniscule and rare memory leak
`KFDopamine-BETA.tipa`:
Experimental beta version of Dopamine that uses kfd instead of oobPCI, for the time being this is a secondary build as the PAC bypass seems a little more unreliable and progress updates and verbose logs during PAC and PPL bypass are broken. This build adds support for iOS 15.5b1 - 15.5b3, it also removes the need for the Wi-Fi fixup on 15.0 - 15.1.1. An upcoming Dopamine version will add an exploit picker, this build is just a stop gap solution as that version is still far off. The post jailbreak environment is 1:1 the same, stability will be the same, just the exploitation process is different.
**IMPORTANT: This build is held together by toy glue and does not reflect the exploit reliability that the final version with the exploit picker will have**
- Fix a bug where jailbreakd would crash while parsing a malformed MachO with an empty dependency path, this issue also prevented rejailbreaking if such a file existed somwhere inside `/var/jb`
- Also parse `LC_LAZY_LOAD_DYLIB` and `LC_LOAD_UPWARD_DYLIB` when scanning for dependencies to add to TrustCache
- Make `execvp` and `execvP` function reimplementations behave more closely to their stock implementations
`KFDopamine-BETA.tipa`:
Experimental beta version of Dopamine that uses kfd instead of oobPCI, for the time being this is a secondary build as the PAC bypass seems a little more unreliable and progress updates and verbose logs during PAC and PPL bypass are broken. This build adds support for iOS 15.5b1 - 15.5b3, it also removes the need for the Wi-Fi fixup on 15.0 - 15.1.1. An upcoming Dopamine version will add an exploit picker, this build is just a stop gap solution as that version is still far off. The post jailbreak environment is 1:1 the same, stability will be the same, just the exploitation process is different.
**IMPORTANT: This build is held together by toy glue and does not reflect the exploit reliability that the final version with the exploit picker will have**