We previously reported on security researcher Linus Henze publishing a rootful edition of his Fugu15 semi-untethered perma-signed iOS & iPadOS 15.0-15.4.1 jailbreak for developers.
It’s also worth noting that Dopamine jailbreak lead developer Lars Fröder (@opa334dev), who borrowed a lot of material from the original rootless edition of Fugu15 to make Dopamine, had some interesting comments to share about the news and the future of his jailbreak tool.
In a comment posted to an /r/jailbreak thread on Wednesday in response to a post about Linus Henze’s new rootful edition of Fugu15, Fröder said that there are no plans to make Dopamine into a rootful jailbreak as the community has been moving in the direction of rootless for a while now:
Regarding people curious about this: I have known rootful was still possible one way or another for quite some time, the problem is this will take up a lot of your space and that’s why I decided against it for Dopamine. Also Procursus (the bootstrap maintainers) only support rootless as of iOS 15 and going against their plans and making a fork is not something that I wanted to do. We’re much better off with rootless in the long run and we really should have switched to it in the iOS 11 days, but back then there would have probably been too many backlash hence it was not done.
Besides that, I don’t see anything wrong with this, you can use it if you want. Some techniques of it might be implemented by Dopamine at some point, but probably not too many. This also has the ability to load arm64 tweaks on arm64e devices and contains oldABI stuff out of the box (for those curious, it does this by disabling arm64e features system wide). I thought about whether I wanted to do this since Linus told me about this, but I ultimately decided against doing this as I figured it would reduce the overall device security too much.
In general I’m currently working, albeit VERY slowly, on Dopamine 2.0, which will probably not have any notable new features, but will drop oobPCI for kfd/whatever (exploit picker) and improve the maintainability of the jailbreak by A LOT. I might also add support for arm64 15.x, although I’m currently not fully sure on that, just don’t expect it any time soon (probably not even this year) as I’m really busy with a bachelor thesis currently . I already have a KFD build ready that works (albeit PAC bypass is a little unreliable) but it’s REALLY hacky, has none of the much-needed refactors and also has some additional bugs with logging during the jailbreak so I don’t feel like releasing it as an actual new version. As we confirmed this does add support for 15.5b1 – 15.5b3 and fixes the horrendous success rate on M1 iPads, I might post this build at some point, but there is also some copyright stuff left to be figured out about it.
Regarding the future of jailbreaking, it’s currently not looking good, but we might get a 17.0 kernel exploit by Project Zero soon and I’d hope we will see at least one SPTM bypass at some point. In terms of 16.x it’s a matter of finding the PPL bypass(es!) that were patched in 17.0, but keep in mind exploiting them might be very hard without a PAC bypass, potentially burning techniques that I don’t think anyone would wanna burn, so I believe there won’t be anything happening in this regard any time soon, especially not by me. I bought a 15 Pro on 17.0 recently and it’s unlikely that I will work on 16.x as I don’t have any personal demand for such a jailbreak.
People need to realize that there currently is no real reason to even publicly disclose exploit chains, let alone build a jailbreak around them, besides personal interest in a jailbreak or kindness in your heart. And unless that changes, jailbreaking is not sustainable long term.
Fröder pointed to several examples, such as how the Procursus Team has put so much work into developing tools for rootless, how making a jailbreak rootful would take up more storage space on users’ devices, and how we should have probably started going rootless as early as iOS 11.
It’s worth noting that Henze’s Fugu15 Rootful Edition actually has some useful techniques in it that Fröder plans to take a closer look at, and possibly incorporate into Dopamine at some point. For example, Fugu15 Rootful Edition supports arm64 jailbreak tweaks on arm64e, and incorporating oldABI stuff.
One major takeaway from Fröder’s comment is that he appears to be working on a major update for Dopamine that will be called Dopamine version 2.0. Fröder didn’t offer any ETAs for version 2.0, but did say that he is working very slowly on it and not to expect it soon (or perhaps even this year), as not to arouse too much excitement from an already ETA-crazy community.
From what we can gather, the newer version of Dopamine will remain rootless, but is likely to replace the older oobPCI with kfd or another exploit to improve its maintainability.
Fröder also juggled the idea of adding arm64 device support (iPhone X and older) which are currently jailbreakable with palera1n already, but Dopamine would provide a much better on-device user experience with a GUI as opposed to having to use Terminal commands to initiate a jailbreak.
In closing comments, Fröder touched on what Henze archiving his GitHub page likely means for the jailbreak community.
The gist of what he said about it was that the future of jailbreaking doesn’t look good. The best news he shared was the fact that Google Project Zero may soon drop a kernel exploit for iOS & iPadOS 17, but it remains to be seen what would ever happen with that. As for iOS & iPadOS 16, we are still waiting for a PPL bypass to see the light, which would theoretically make creating a jailbreak with the kfd exploit on this version possible.
Fröder did say that even if all resources for an iOS & iPadOS 16 jailbreak are met, he doesn’t expect one to surface any time soon, and especially not from him, as he just picked up an iPhone 15 Pro on iOS 17 and plans to move forward as he doesn’t have any personal demand for iOS & iPadOS 16.
Unless someone else decides to pick up the torch, the future of iPhone and iPad jailbreaking certainly appears troubled. We might actually need that hypothetical Dream Team reunion after all.