KPPless Jailbreak explained [FAQ]

Everyone is dead set on using Ian Beer’s exploit while the powerful KPPless technique sits along the sidelines. Here’s an in-depth explanation of the most powerful jailbreak to date.

What is KPPless jailbreak?

KPPless jailbreak is a revolutionary jailbreak method that completely circumvents Apple’s KPP protection mechanism. It is developed by iOS hacker and security researcher, Xerub.

It modifies those components of the iOS operating system that are outside the purview of KPP and KTRR.


It was initially released only for iPhone 7 running iOS 10.2 firmware. Now even though iOS 11 is out, Apple is yet to find a way to patch it.

This is a great development since the upcoming iOS 11 jailbreak by Morpheus will utilize this technique.

Frequently Asked Questions

Q. What does KPP refer to?

A. KPP stands for Kernel Patch Protection and is a security mechanism present in modern iOS operating systems. It prevents the kernel cache from outside interference.

You can read more about KPP here.

Q. What does KTRR refer to?

A. In layman’s terms, KTRR is a hardware-based version of Apple’s KPP mechanism. It is also called AMCC-SiDP.

It prevents write access to the kernel memory and marks it as read-only. The main point of difference between KPP and KTRR is that the latter doesn’t perform random checks at any point in time.

iPhone X

It is present on all devices having the A10 Fusion and A11 Bionic processors. This means if you own any of the following devices, you will need to wait a bit more for a jailbreak.

  • iPhone 7/7 plus
  • iPhone 8/8 plus
  • iPhone X

This is also the reason behind why iPhone 6s and below devices can run yalu102 jailbreak up till iOS 10.2.

Q. Why can’t we run KPPless jailbreak on iOS 10/11?

A. As of now, KPPless jailbreak is compatible with both iOS 10 and 11 firmware. However, Saurik needs to rewrite MobileSubstrate and update it for KPPless.

Jailbreak update

Once it receives an update, you will be able to run it on your device. This will obviously be a one-time thing.

Q. How does KPPless differ from a KPP bypass?

A. A KPP bypass directly patches or “hits” the KPP and then prevents it from detecting changes.

As far as KPPless technique goes, it doesn’t patch the KPP. When you install this jailbreak, the KPP still runs actively in the background even though your device has a jailbreak.

iPhone devices

Here’s an analogy that illustrates this point. Let’s say a robber wants to break into a bank vault and, in order to do that, he must bypass the surveillance cameras somehow.

  • Conventional approach – The first way to do that would be to fool the cameras with a still photo. This is how KPP bypass works.
  • Advanced approach – A better way to do that would be to enter from an area that is out of reach of the cameras. This is how KPPless works.

Q. How is this new technique better than the conventional approach?

A. This technique doesn’t flag or alert the KPP so your device won’t experience kernel panics and random reboots. This will make the upcoming iOS 11 jailbreak a whole lot more stable for the end user.

Q. Can Apple patch this method?

A. Yes, Apple can patch it if they really want to, just like all other jailbreaking techniques. All they need to do is detect the areas it modifies and add them to KPP’s purview (open those pages to checks).

For more jailbreak tutorials and updates, follow us on Facebook and Twitter.

Leave a Reply

Share via
Copy link
Powered by Social Snap