Back in March, Dopamine jailbreak tool and TrollStore perma-signing utility lead developer Lars Fröder, or perhaps better known in this community as @opa334dev, spoke at a cybersecurity conference called Nullcon Goa 2025 to discuss the state of jailbreaking in 2025.
At the time, all we had was a photograph of Fröder presenting on the stage, with a particularly interesting slide on the projector screen entitled “Wen eta iOS 17/18 jailbreak???” and some interesting details outlined below it, as shown above. But now, we have access to a full video recording of Fröder’s presentation thanks to a post shared by the developer himself in /r/jailbreak on Tuesday.
Embedded below, you can view the full video presentation, which goes into detail about not only Fröder’s background and the state of jailbreaking in 2025, but also some particularly interesting details about jailbreaking in general, how Dopamine works, and how TrollStore works.
The slides bring up some interesting points, including why people jailbreak their devices today. The primary motivators are running unsigned, third-party software on iPhones and iPads, enabling system introspection capabilities like Frida and lldb, and loading system extensions that we know more colloquially as jailbreak tweaks.
Because it may also be of interest, the slides also discussed TrollStore and how it works. Fröder explained that TrollStore is effectively an app installer tat itself is signed with a CoreTrust bug. Most of us knew that already, but here’s what’s interesting: TrollStore gets root via persona-mgmt entitlement, accepts unsigned IPA files to be opened with it, applies the CoreTrust bug in all executables in the app bundle, places the app in the filesystem, adds it the icon cache, and then adds it to the Home Screen to be used like any other app.
Contrasting the two for the uninitiated, TrollStore is described as a persistent tool that can execute only explicitly signed binaries, can’t spawn launch daemons, and doesn’t offer system-wide tweak injection. A jailbreak, on the other hand, isn’t persistent unless chained with a separate persistence bug (an untether), allows all unsigned binaries to execute, can spawn launch daemons, and enables system-wide tweak injection.
Fröder explains that some of the main challenges impacting jailbreak development today are that:
- Kernel memory is read-only, and this is enforced by hardware via Kernel Text Readonly Region (KTRR)
- Some pointers are protected by pointer authentication via Pointer Authentication Codes (PAC)
- Some sensitive pares are protected by the Page Protection Layer (PPL)
If you’ve been following along with jailbreaking thus far, this is why you’ve heard us say that jailbreaks need more than just a kernel exploit to be made. You also need bypasses for the aforementioned security mitigations put forth by Apple, and the requirements vary depending on the device and firmware version. When we cite a PPL bypass or KTRR bypass, these are the exact things we’re referring to.
Unfortunately, Apple is making it so tough to jailbreak modern devices, that Fröder doesn’t see a bright future for jailbreaking iOS & iPadOS 17 and later on A12 chip and newer-equipped devices unless public exploits and security mitigation bypasses suddenly begin dropping out of the sky. But as this doesn’t seem to be the case due to Apple’s bug bounties, Apple is seriously winning the fight right now.
We encourage you to watch Fröder’s full presentation to learn more about what goes into making a jailbreak, as it’s not an easy task – especially not on modern devices and firmware versions.
