Dopamine

• Initial release

• Fix system freeze when jailbreakd crashes or restarts
• Make systemwide hook more leightweight (thanks to @Cryptiiiic)
• Fix bootstrapping error when /var/jb is a symlink that points nowhere

• Fix initial bootstrap (Beta 2 regression)
• Fix off by one causing jailbreakd to enter a crash loop if more than 743 macho files exist in /var/jb

• ACTUALLY fix system freeze when jailbreakd crashes or restarts

• Add support for userspace reboots (NOTE: As this is still a beta mainly intended for developers, you have to manually userspace reboot after jailbreaking)
• Fix AutoFill not working after respring
• Fix function hooking and tweak injection into processes with very hard sandboxed (e.g. WebContent)
• Fix some device / version combinations not being supported (namely iPad 8 on 15.1)
• Update bootstrap to latest
• Improve system wide hook to always respect safe mode and keep libary out of DriverKit and BlastDoor processes
• Prevent tweak injection into processes that could use fork, as hooking C functions in a process currently breaks fork from working, a proper fix for this is still pending
• Add default repos (Chariz, Havoc, Ellekit.space, BigBoss)
• Fix memory leaks in jailbreakd
• Fixes SSH as mobile
• jbupdate functionality, /var/jb/basebin/jbctl update tipa <path/to/Fugu15.tipa> or /var/jb/basebin/jbctl update basebin <path/to/basebin.tar>, note that updating to a TIPA also updates basebin but depends on TrollStore being installed on the device
• Update fallback ellekit for launchd hook, properly implement fallback using rpaths
• Delete more Xina leftover Xina files on jailbreak
• Lots of stability improvmeents

• Fix some memory corruptions in the systemwide and launchd hooks, should fix "initproc exited" random panic

• Fix setuid properly, fixes NewTerm and probably other stuff too
• Transition to stable Sileo 2.4, only applied on new bootstraps

• Add workaround for fork() and vfork() inside processes that have hooks applied (previously the child would instantly crash)
• Even better setuid solution (Thanks to @sbingner)
• Update shipped Sileo to 2.4.4
• Add option to hide / uninstall jailbreak environment to the app, accessible by long pressing on the jailbreak button (stop gap solution until final version with proper UI), ONLY USE WHILE NOT JAILBROKEN
• The alert that appears after jailbreaking now has a button to do the userspace reboot (stop gap solution until final version with proper UI)

• Initial Release

• Fix userspace reboot getting stuck when tweaks are disabled inside Dopamine app settings
• Attempt to fix an app crash

• Fix system instability caused by forkfix regression (Fixes system freezes when connected to a WPA Enterprise endpoint)
• Rename iDownload option to clarify it's a Developer shell

• Make jailbreakd more memory efficient and fix some small memory leaks
• Remove hacky way to disable Jetsam for jailbreakd, maybe this fixes the spinlock panics, but it's a really far stretch so I doubt it
• The update option inside the Dopamine app should now also work when the device is not jailbroken
• (15.0 -15.3.1) Increase delay after disabling wifi because some people claimed it would improve the success rate

• Fix forkfix leaking file descriptors under certain conditions
• Adapt forkfix to be more similar to regular fork
• Work around issue with dpkg-deb just randomly failing if forkfix is used, this issue does not make any sense (issue triggers with a fork implementation 1:1 identical to the system one, but not on the system one itself, there really is some voodoo going on here), so I solved it by blocking tweak injection into dpkg-deb
• Add IPC hook, supporting system wide access to match services prefixed with cy: or lh:
• Update fallback Ellekit to 0.6.3
• Some UI improvements (#87, #131, #120), thanks to @sourcelocation

• Fix an issue with forkfix where it would break reinstalling dpkg
• Automatically fix the permissions of /private/preboot/<UUID> when jailbreaking in case they are wrong (Wrong permissions can cause SSH / NewTerm to not work)

• Improve PPLRW performance by a factor of ~1000x
• Fix all remaining forkfix issues, now works completely reliably, fork is also way faster now thanks to the PPLRW improvements mentioned above
• Fix some race conditions with kcall and PPLRW
• Add a watchdogd hook that intercepts userspace panics due to watchdog timeouts and instead disables tweak injection and triggers a userspace reboot (demo video: https://twitter.com/opa334dev/status/1669067846008143872)
• Add a ptrace hook that unconditionally allows debugging processes (via debugserver or other tools), even when tweak injection has been disabled
• Refactor iDownload and put it in it's own daemon, this now works through userspace reboots and the daemon can be enabled / disabled in real time in the Dopamine app, also fixes deep sleep panic when iDownload is enabled
• Fix "opainject not found" error that could happen under rare circumstances when rejailbreaking
• Refactor systemhook to make it more maintainable in the future
• Deprecate /usr/lib/sandbox.plist in favor of storing sandbox extensions in the environment of spawned processes, improves security
• Add JB_ROOT_PATH environment variable that gets injected into all processes that have tweaks enabled, there have been some talks in making the /var/jb symlink optional in the future to better protect against jailbreak detections. If that actually materializes, this environment variable will be the way to know where the rootless jailbreak root directory is.
• Fix jbctl not setting debugged flags correctly (Thanks to @XsF1re)
• Disable tweak injection into the Dopamine app itself as some jailbreak detection tweaks were blocking it's ability to check whether the device is jailbroken
• Stop using installed ellekit dylib for launchd hook, should prevent the jailbreak from fully breaking when a broken ellekit build is installed
• Fix libKRW kalloc / kfree not working correctly due to mismatching signatures
• Enable several compiler optimizations for base binaries
• Add a mechanism where xina symlinks (e.g. /var/LIY) will not be automatically removed on rejailbreak if the file /var/.keep_symlinks exists
• Improve Wi-Fi disabling code to make a better effort at preserving the Wi-Fi state before the jailbreak attempt (Thanks to @singlekeycap for the suggestion)
• Several localizations have been updated

• Add crash reporter for launchd crash reports, when launchd crashes now you will receieve a detailed separate crash log, alongside the (incredibly cryptic) "initproc exited" panic
• Fix several wrong offsets related to the ptrace hook
• Fix bug in macho parser where it would fail when parsing the dependencies from certain libraries
• Improve wifi reenable reliability
• Update opainject to 1.0.6

• Disable launchd crash reporter again, as this triggered a lot of jailbreak detections (No idea how they detect this or what specifically they check for :/)
• Disable jailbreak button when the device / version combination is unsupported

NOTE: When OTA updating to this release your device will reboot, unlike other releases where it would do a userspace reboot, this is expected, you will have to rejailbreak manually afterwards

• Transition away from old PPLRW method to a new PPLRW method that works by mapping in the entire kernel physical address space into the userland process, this fixes all remaining issues with PPLRW such as multithreading support and TLB issues (unfortunately this is also what breaks jbupdate'ing with just a userspace reboot, as the primitives from earlier versions cannot easily be transferred to this one)
• Reenable launchd crash reporter in a way that cannot be detected by apps
• Hide uninstall jailbreak button when jailbroken as it didn't work properly in this state, only appears in unjailbroken mode now
• Fix iDownload option not working (probably hasn't worked since 1.1, because there was a dumb issue with codesigning the idownloadd binary, sorry)

• Fix unreliability when jailbreaking on A14 (1.1.3 regression)
• Make forkfix only load when absolutely neccessary rather than inside every single process that is able to fork (This should decrease spinlock panic frequency back to how it was on pre-1.1, but tweaks with C function hooks will obviously still cause it, also the effectiveness of this change has not been confirmed yet, but at least it shouldn't make anything worse)

• Minor PPLRW improvements (better address translation, prevent process crashes when passing an invalid physical address)
• Remove some leftover debug logs in launchdhook from during the 1.1.3 development phase

• Update the bundled packages of Sileo and Zebra to their latest versions

• Potentially fix spinlock panics??? (or at least make them less likely...) (actually it's a workaround becuase it's a stock bug yada yada, but doesn't matter anymore) THANKS TO @RootHide

• Fix issues with trustcaching machos that have both old and new ABI arm64e slices
• Fix several bugs in system wide exec(cve/cle/lp/v/vp/vP) hooks, which could cause arguments and environment variables to become malformed
• Fix a path finding bug in execvP hook
• Add missing execl hook

• Fix a bug where jailbreakd would crash while parsing a malformed MachO with an empty dependency path, this issue also prevented rejailbreaking if such a file existed somwhere inside /var/jb
• Also parse LC_LAZY_LOAD_DYLIB and LC_LOAD_UPWARD_DYLIB when scanning for dependencies to add to TrustCache
• Make execvp and execvP function reimplementations behave more closely to their stock implementations

• Fix an issue where on some devices launchd would get killed by jetsam during the initial userspace reboot, resulting in a kernel panic (1.1.3 regression)
• Fix an issue where under some super rare circumstances some incorrect code path could invoke the functionality of the "Hide Jailbreak" button without it being pressed
• Fix a miniscule and rare memory leak

• Fix "Invalid kernel stack pointer" random panic
• Apply forkfix for forks coming out of the daemon() and forkpty() functions
• Fix a bug in the codesign bypass where the wrong slice could get trustcached in some rare circumstances, causing the binary to fail to spawn
• Fix a minor inaccuracy in the execve systemwide hook

• Add support for arm64e iOS 15.5 - 16.5.1
• Add support for arm64 15.0 - 16.6.1 (A8 not supported for now) (by u/kok3shidoll)
• Support installation via sideloading (Only works on non beta iOS versions using libgrabkernel for now, also a few features are only supported when installing via TrollStore)
• Rewrite the jailbreak app in Objective C with flexibility in mind (UI has been written by u/tomt000)
• Add exploit picker (only kfd for now, more exploits for older versions will be added later) - Add themes to app (in app + icon)
• Add support for using NSTask from tweaks, previously was unsupported, calling it from apps and other processes is also possible but you will have to call `dopamine_fix_NSTask()` yourself beforehand
• Remove libfilecom, switch to using XPC for handoff communication - Deprecate jailbreakd in favor of launchd hook
• Instead of boot_info.plist, all jailbreak related info is now stored inside launchd and can be retrieved via XPC
• Rework kcall handoff to be stateless
• Rework trustcaching to be stateless
• Replace kernel patchfinder with XPF (https://github.com/opa334/XPF)
• Fix various issues with trustcaching
• Include libroot provider library (https://github.com/opa334/libroot)
• Make libkrw actually work (Yes, it was broken all throughout 1.x and nobody noticed)

• Fix XPF not working on 15.0.x arm64e
• Fix an app crash during the jailbreak process
• Fix an app crash when launching the app on a jailbreak that is not Dopamine (this is still not really supported)

• Fix new bootstrap getting created every rejailbreak (super dumb 2.0.1 regression...)

• Fix localization fallback not properly working (would show placeholder instead of english when no localization for the selected language was available)
• Don't attempt jbupdate if the phone is not already jailbroken
• Fix an issue where PAC primitives would get lost during a jbupdate, causing the launch of a sideloaded Dopamine app to trigger a kernel panic on <15.2

• Actually fix libkrw not working (The 2.0 changelog was lying...)

• Improve kfd reliability by memory hogging, also fixes support for devices with 16GB RAM, contributed by @dhinakg
• Fix an issue where /var/jb/var/mobile would get the wrong file permissions on new bootstraps (Fixed retroactively on next rejailbreak)
• Improve the way injection into problematic processes is blocked
• Block injection into dataaccessd because it seemed to be crash looping for some users
• Fix verbose logs not showing in error log when they aren't enabled
• Actually print the error that caused the failure in the error log........
• Fix app crash on iPads when sharing log
• Fix a random app crash while jailbreaking

• More kfd adjustments, should be even more reliable now (Contributed by @dhinakg)
• Fix a random panic caused by a launchd crash when trusting certain files
• Fix boomerang zombie processes getting created when userspace rebooting
• Workaround a stock bug where nano launch daemons would not get registered after a userspace reboot, resuling in some apple watch functionality breaking
• Various UI improvements (Contributed by @tomt000)
• Fix a race condition resulting in an app crash during jailbreaking
• Fix support for iOS 16.4b1 - 16.4b3
• Properly abort with an error if creating /var/jb fails
• Prefer physpuppet over landa on devices that support it
• Fix smith and physpuppet being selectable on iOS 15.x, even on versions that they do not support

• Fix several issues on arm64 (Battery section not loading, camera app not working, ...)
• Improve hiding jailbreak to also remove jailbreak apps from icon cache while the jailbreak is hidden
• Fix idownloadd getting started during userspace reboots even if iDownload was disabled in settings
• Fix jailbreak not working when /var/jb is an actual directory and not a symlink, improve error handling regarding this

• Fix VPN not working on arm64 (2.0.7 regression)
• Fix iCloud settings being partially greyed out on arm64 (2.0.7 regression)
• Fix apps not showing up in settings on arm64 (2.0.7 regression)
• Fix support for iOS 15.0b1 - 15.0b3

• Fix a super bad security issue where app store apps would be allowed to obtain full system captabilities (root + phys r/w) that were otherwise only intended to be accessible by root processes, as a result of this Dopamine 2.0.0 - 2.0.8 have been pulled and are no longer recommended to be used by anyone
• Fix an issue where the arm64 related fixes of 2.0.7 and 2.0.8 were only working when ellekit was installed and tweak injection was enabled
• Disable injection into terminusd and nesessionmanager on arm64 in an attempt to resolve issues with crash loops and VPN apps still not working for some users
• Immediately allow invalid pages on all processes that are spawned via POSIX_SPAWN_START_SUSPENDED, this fixes an issue where several Frida features would not work correctly
• Actually fix support for early iOS 15.0 betas (2.0.8 changelog lied)

• Fix jailbreaking not working when developer mode was disabled (Developer mode will now be enabled in a non persistent way for the current boot)
• Fix NECP connections failing after some time on arm64 (Apple Watch, VPN...)
• Fix terminusd crashes on arm64, reenable injection into it and nesessionmanager
• Automatically fix wrong permissions for /private and /private/preboot when jailbreaking
• Fix app icons disappearing or no longer opening on OTA updates (Will only be fixed for future updates, not for the one to 2.0.10, also requires TrollStore 2.0.13)

• Actually fix relevant file path permissions when rejailbreaking (previously the method for this existed but was never called, sigh...), this should now actually automatically fix issues such as NewTerm / SSH not working