The Dopamine Jailbreak that was originally based on Fugu15 and supported iOS 15.0 – 15.4.1 has today been updated to support iOS 16.0 – 16.6.1 as well.

We have known for quite a few months that developer Lars Fröder (@opa334) is working on Dopamine 2.0 to support iOS 16, but today the official release was made available.

Dopamine 2.0 is a semi-tethered rootless jailbreak that supports installing tweaks and themes, comes with Sileo and works like a normal jailbreak. Rootless jailbreaks are not less powerful than traditional, rootful jailbreak tools.

Tweak injection on Dopamine Jailbreak is achieved thanks to ElleKit.

IMPORTANT: Dopamine v2.0.8 was released with several Bug Fixes and stability improvements. Read more here.

What iOS versions and devices does Dopamine 2 jailbreak support?

Dopamine 2 Jailbreak released by @opa334 supports several iOS 16 builds depending on what device you have.

Since not all devices are supported on the same firmware range, here’s a breakdown of Dopamine 2 device support.

If you have an A15 – A16 device:

• iPhone 14 & 14 Plus – iOS 15.0 – 16.5 supported.
• iPhone 13 & 13 Mini – iOS 15.0 – 16.5 supported.
• iPhone 13 Pro & 13 Pro Max – iOS 15.0 – 16.5 supported.
• iPhone SE (3rd generation) – iOS 15.0 – 16.5 supported.
• iPad mini (6th generation) – iOS 15.0 – 16.5 supported.
• iPhone 14 Pro & 14 Pro Max – iOS 15.0 – 16.5 supported.

If you have an A12 – A14 device:

• iPad (10th generation) – iOS 15.0 – 16.5.1 supported.
• iPad Air (4th generation) – iOS 15.0 – 16.5.1 supported.
• iPhone 12 & 12 Mini – iOS 15.0 – 16.5.1 supported.
• iPhone 12 Pro & 12 Pro Max – iOS 15.0 – 16.5.1 supported.
• iPhone 11 – iOS 15.0 – 16.5.1 supported.
• iPhone 11 Pro & 11 Pro Max – iOS 15.0 – 16.5.1 supported.
• iPhone SE (2nd generation) – iOS 15.0 – 16.5.1 supported.
• iPad (9th generation) – iOS 15.0 – 16.5.1 supported.
• iPhone XS & XS Max – iOS 15.0 – 16.5.1 supported.
• iPhone XR – iOS 15.0 – 16.5.1 supported.
• iPad Mini (5th generation) – iOS 15.0 – 16.5.1 supported.
• iPad Air (3rd generation) – iOS 15.0 – 16.5.1 supported.
• iPad (8th generation) – iOS 15.0 – 16.5.1 supported.

If you have an arm64 device (A9-A11 for now):

• All devices are supported on iOS 15.0 – 16.6.1.

According to developer @opa334, Dopamine 2.0 will eventually support A8 devices too on iOS 15.0 – 16.6.1.

Additionally, iOS 16.6b1 – 16.6b4 are supported too, however, A15+ support has only been verified up to iOS 16.6 Beta 2.

Is the Dopamine 2.2.2 jailbreak tested and stable?

Dopamine 2.0 jailbreak was tested a lot by developer @opa334 and possibly by other testers as well. It should be usable just like Dopamine 1.x was.

Still, developer @opa334 does make it clear that reliability may not be 100% due to page allocations being flaky. They also point out that the KFD Landa exploit is also a bit unstable and can cause random and late device panics (reboots).

Overall, I think more bugs will eventually be fixed in the future, but some of the issues stem from the exploit and the techniques used which aren’t easy to fix.

How to download Dopamine 2.2.2 jailbreak IPA?

Dopamine 2.0, just like the previous version of Dopamine is available in IPA format. You can download the IPA file and sideload it to your device using Sideloadly, AltStore, TrollStore, or other such tools.

Developer @opa334 recommends installing via TrollStore which also bypasses the need to re-sign every 7 days.

How to install Dopamine 2 Jailbreak?

To install Dopamine 2 jailbreak you must have TrollStore already installed. If you don’t have TrollStore 2, here is a full tutorial on how to install it on your device.

Once you have TrollStore installed you can simply share the Dopamine 2.0 TIPA file to TrollStore and it will be installed permanently. Please follow the step-by-step tutorial below:

Dopamine 2.x Jailbreak Changelog

Dopamine v2.2.2 – LATEST

• Stop redirecting all execve calls to posix_spawn, fixes issues with certain sandbox profiles (e.g. configd) that block posix_spawn but allow execve, fixes WPA2/3 Enterpise networks not working (these issues started in 2.2 but were not a regression, in earlier versions the exec call was not hooked properly which is why this wasn’t noticed before)

Dopamine v2.2.1

• Bump default jetsam multiplier back to 3x because apparently people don’t read changelogs and that’s why we can’t have nice things (Most people should still be using 2x, but that’s on their own to figure out now…)

Dopamine v2.2

• Remove DYLD_INTERPOSE in favor of other hooking techniques, since DYLD_INTERPOSE was apparently causing memory usage to be much higher than what it should be
• The jetsam multiplier can now be configured inside the Dopamine app, in previous Dopamine versions this was 3x everywhere with no option to configure it, due to the removal of the DYLD_INTERPOSE, the default setting has been able to be lowered to 2x
• NSTask is now supported everywhere by default, unlike before where it was only supported inside tweak dylibs or when you called dopamine_fix_NSTask yourself
• Due to the better hooking techniques, a lot of unnecessary code has been able to be removed
• Fix kcall on iOS 15 arm64 not working from libkrw and iDownload
• Fix frida-ps -U panicing the device (To be honest, I have no clue what change actually fixed this, the only thing I know is that it happens in older Dopamine versions and doesn’t happen in 2.2 anymore)
• Improve launchd crash reporter in various different ways
• Code cleanup

Dopamine v2.1.7

• Remove libkrw0 dependency of libkrw plug-in, should fix rejailbreaking when libkrw0 has been uninstalled
• Improve verbose logging, also log stderr to it

Dopamine v2.1.6

• Fix jailbreaking with developer mode disabled not working on iOS 16.0 – 16.3.1 arm64
• Fix weightBufs not working on some device / version combinations
• Fix libkrw physrw not working when kcall is not available
• Improve libkrw packaging and error handling
• Skip installing a bundled package if a newer version is installed already
• When an update is available while unjailbroken, open it directly in TrollStore if it’s URL scheme is enabled

Older Dopamine Builds

Dopamine v2.0.15

• Allow binaries to get custom pmap_cs trust level via the jb.pmap_cs_custom_trust entitlement, possible values: {"PMAP_CS_PROFILE_PREFLIGHT", "PMAP_CS_COMPILATION_SERVICE", "PMAP_CS_OOP_JIT" (iOS 16 only), "PMAP_CS_LOCAL_SIGNING", "PMAP_CS_PROFILE_VALIDATED", "PMAP_CS_APP_STORE", "PMAP_CS_IN_LOADED_TRUST_CACHE", "PMAP_CS_IN_STATIC_TRUST_CACHE"}, a lower trust level allows the process to be less restricted by PMAP_CS, this in practice fixes the EQE app and it’s Lua recompiler not to work (but only if it has the entitlement, so make sure you use the newest EQE build)
• Fix posix_spawnattr_setarchpref_np not being supported by the codesign bypass (#573)

Dopamine v2.0.11

• Actually fix relevant file path permissions when rejailbreaking (previously the method for this existed but was never called, sigh…), this should now actually automatically fix issues such as NewTerm / SSH not working

Dopamine v2.0.10

• Fix jailbreaking not working when developer mode was disabled (Developer mode will now be automatically enabled in a non persistent way for the current boot)
• Fix NECP connections failing after some time on arm64 (Apple Watch, VPN…)
• Fix terminusd crashes on arm64, reenable injection into it and nesessionmanager
• Automatically fix wrong permissions for /private and /private/preboot when jailbreaking
• Fix app icons disappearing or no longer opening on OTA updates (Will only be fixed for future updates, not for the one to 2.0.10, also requires TrollStore 2.0.13)

Dopamine v2.0.9

• Fix a super bad security issue where app store apps would be allowed to obtain full system captabilities (root + phys r/w) that were otherwise only intended to be accessible by root processes, as a result of this Dopamine 2.0.0 – 2.0.8 have been pulled and are no longer recommended to be used by anyone
• Fix an issue where the arm64 related fixes of 2.0.7 and 2.0.8 were only working when ellekit was installed and tweak injection was enabled
• Disable injection into terminusd and nesessionmanager on arm64 in an attempt to resolve issues with crash loops and VPN apps still not working for some users
• Immediately allow invalid pages on all processes that are spawned via POSIX_SPAWN_START_SUSPENDED, this fixes an issue where several Frida features would not work correctly
• Actually fix support for early iOS 15.0 betas (2.0.8 changelog lied)

Dopamine v2.0.8

• Fix VPN not working on arm64 (2.0.7 regression)
• Fix iCloud settings being partially greyed out on arm64 (2.0.7 regression)
• Fix apps not showing up in settings on arm64 (2.0.7 regression)
• Fix support for iOS 15.0b1 – 15.0b3

Dopamine v2.0.7

• Fix several issues on arm64 (Battery section not loading, camera app not working, …)
• Improve hiding jailbreak to also remove jailbreak apps from icon cache while the jailbreak is hidden
• Fix idownloadd getting started during userspace reboots even if iDownload was disabled in settings
• Fix jailbreak not working when /var/jb is an actual directory and not a symlink, improve error handling regarding this

Dopamine v2.0.6

• More kfd adjustments, should be even more reliable now (Contributed by @dhinakg)
• Fix a random panic caused by a launchd crash when trusting certain files
• Fix boomerang zombie processes getting created when userspace rebooting
• Workaround a stock bug where nano launch daemons would not get registered after a userspace reboot, resuling in some apple watch functionality breaking
• Various UI improvements (Contributed by @tomt000)
• Fix a race condition resulting in an app crash during jailbreaking
• Fix support for iOS 16.4b1 – 16.4b3
• Properly abort with an error if creating /var/jb fails
• Prefer physpuppet over landa on devices that support it
• Fix smith and physpuppet being selectable on iOS 15.x, even on versions that they do not support

Dopamine v2.0.5

• Improve kfd reliability by memory hogging, also fixes support for devices with 16GB RAM, contributed by @dhinakg
• Fix an issue where /var/jb/var/mobile would get the wrong file permissions on new bootstraps (Fixed retroactively on next rejailbreak)
• Improve the way injection into problematic processes is blocked
• Block injection into dataaccessd because it seemed to be crash looping for some users
• Fix verbose logs not showing in error log when they aren’t enabled
• Actually print the error that caused the failure in the error log……..
• Fix app crash on iPads when sharing log
• Fix a random app crash while jailbreaking

Dopamine v2.0.4

• Actually fix libkrw not working (The 2.0 changelog was lying…)

Dopamine v2.0.3

• Fix localization fallback not properly working (would show placeholder instead of english when no localization for the selected language was available)
• Don’t attempt jbupdate if the phone is not already jailbroken
• Fix an issue where PAC primitives would get lost during a jbupdate, causing the launch of a sideloaded Dopamine app to trigger a kernel panic on <15.2

Dopamine v2.0.2

• Fix new bootstrap getting created every rejailbreak (super dumb 2.0.1 regression…)

Dopamine v2.0.1

• Fix XPF not working on 15.0.x arm64e
• Fix an app crash during the jailbreak process
• Fix an app crash when launching the app on a jailbreak that is not Dopamine (this is still not really supported)

Dopamine v2.0 (initial v2 release)

• Add support for arm64e iOS 15.5 – 16.5.1
• Add support for arm64 15.0 – 16.6.1 (A8 not supported for now) (by u/kok3shidoll)
• Support installation via sideloading (Only works on non beta iOS versions using libgrabkernel for now, also a few features are only supported when installing via TrollStore)
• Rewrite the jailbreak app in Objective C with flexibility in mind (UI has been written by u/tomt000)
• Add exploit picker (only kfd for now, more exploits for older versions will be added later)
• Add themes to app (in app + icon)
• Add support for using NSTask from tweaks, previously was unsupported, calling it from apps and other processes is also possible but you will have to call `dopamine_fix_NSTask()` yourself beforehand
• Remove libfilecom, switch to using XPC for handoff communication – Deprecate jailbreakd in favor of launchd hook
• Instead of boot_info.plist, all jailbreak related info is now stored inside launchd and can be retrieved via XPC
• Rework kcall handoff to be stateless
• Rework trustcaching to be stateless
• Replace kernel patchfinder with XPF (https://github.com/opa334/XPF)
• Fix various issues with trustcaching
• Include libroot provider library (https://github.com/opa334/libroot)
• Make libkrw actually work (Yes, it was broken all throughout 1.x and nobody noticed)

More iDevice Central Guides

• iOS 17 Jailbreak RELEASED! How to Jailbreak iOS 17 with PaleRa1n
• Dopamine 2 Jailbreak IPA RELEASED For iOS 16.0 – 16.6.1
• Download iRemovalRa1n Jailbreak (CheckRa1n for Windows)
• Dopamine Jailbreak (Fugu15 Max) Release Is Coming Soon for iOS 15.0 – 15.4.1 A12+
• Cowabunga Lite For iOS 16.2 – 16.4 Released in Beta! Install Tweaks and Themes Without Jailbreak
• Fugu15 Max Jailbreak: All Confirmed Working Rootless Tweaks List
• iOS 14.0 – 16.1.2 – All MacDirtyCow Tools IPAs
• iOS Jailbreak Tools for All iOS Versions