Windows RT jailbroken

Stefan Mileschin · 9th January 2013, 07:26

Microsoft's attempts to mirror Apple's success by releasing a locked in Surface tablet have gone exactly the same way as any Cupertino plan. Someone has jailbroken the tablet and made the effort pointless.

Windows RT has been hacked to allow non-Microsoft applications to run in desktop. When Vole shipped the tablet you could only run Metro apps, a special, touch-oriented version of Office... er that was it.

A hacker called Clokr managed to exploit a vulnerability in the Windows kernel to free the Surface from Microsoft's walled garden.

What is embarrassing for Microsoft is that not only has its Surface been jailbroken, but it was taken down by an ancient vulnerability in Windows.

The Windows kernel can only execute files that meet one of four levels of authentication: Unsigned (0), Authenticode (4), Microsoft (8), and Windows (12). On your x86 Windows the default setting is Unsigned and you can run anything.

But Windows RT, the default, hard-coded setting is set to Microsoft (8) which means that only apps signed by Microsoft, or parts of Windows itself, can be executed. Secure Boot detects any altered code and locks the system.

But Secure Boot doesn't stop you from changing the memory settings and that is what Clokr did by using some reverse engineering.

Clokr discovered the location of this setting in memory used Microsoft's remote debugger to execute some code that altered the value stored in memory.

The downside is that you need to run the "jailbreak" every time you reboot and you will need some developer tools. But it is only a matter of time before someone releases a standalone tool to do the job.

Extreme Tech points out that it was silly that Microsoft engineers slaved over Windows RT to make it a perfect port of x86 Windows, and yet the Microsoft bigwigs decided to artificially lock the operating system down.

The jailbreak is proof that the only thing stopping Windows RT from running third-party Desktop apps is that single digit setting; otherwise, Windows RT is a clean port of Windows 8.

http://news.techeye.net/security/windows-rt-jailbroken

9th January 2013, 07:26	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,597	Windows RT jailbroken Microsoft's attempts to mirror Apple's success by releasing a locked in Surface tablet have gone exactly the same way as any Cupertino plan. Someone has jailbroken the tablet and made the effort pointless. Windows RT has been hacked to allow non-Microsoft applications to run in desktop. When Vole shipped the tablet you could only run Metro apps, a special, touch-oriented version of Office... er that was it. A hacker called Clokr managed to exploit a vulnerability in the Windows kernel to free the Surface from Microsoft's walled garden. What is embarrassing for Microsoft is that not only has its Surface been jailbroken, but it was taken down by an ancient vulnerability in Windows. The Windows kernel can only execute files that meet one of four levels of authentication: Unsigned (0), Authenticode (4), Microsoft (8), and Windows (12). On your x86 Windows the default setting is Unsigned and you can run anything. But Windows RT, the default, hard-coded setting is set to Microsoft (8) which means that only apps signed by Microsoft, or parts of Windows itself, can be executed. Secure Boot detects any altered code and locks the system. But Secure Boot doesn't stop you from changing the memory settings and that is what Clokr did by using some reverse engineering. Clokr discovered the location of this setting in memory used Microsoft's remote debugger to execute some code that altered the value stored in memory. The downside is that you need to run the "jailbreak" every time you reboot and you will need some developer tools. But it is only a matter of time before someone releases a standalone tool to do the job. Extreme Tech points out that it was silly that Microsoft engineers slaved over Windows RT to make it a perfect port of x86 Windows, and yet the Microsoft bigwigs decided to artificially lock the operating system down. The jailbreak is proof that the only thing stopping Windows RT from running third-party Desktop apps is that single digit setting; otherwise, Windows RT is a clean port of Windows 8. http://news.techeye.net/security/windows-rt-jailbroken

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hacker claims to have jailbroken iPhone 5	Stefan Mileschin	WebNews	0	24th September 2012 07:48
iPhone 5 jailbroken, but not yet ready for public consumption	Stefan Mileschin	WebNews	0	24th September 2012 07:48
Apple IOS 6 beta 3 jailbroken	Stefan Mileschin	WebNews	0	20th July 2012 06:20
iOS 6.0 beta gets jailbroken on an A4 device	Stefan Mileschin	WebNews	0	13th June 2012 08:35
Apple's New iPad Already Jailbroken	Stefan Mileschin	WebNews	0	19th March 2012 07:03
Apple's iOS 5 Already Jailbroken	jmke	WebNews	0	7th June 2011 14:25
Windows 7, Windows Server 2008 R2 Service Pack 1 hit Windows Update	jmke	WebNews	0	23rd February 2011 10:04
XBMC now running on jailbroken Apple TV or iDevice	jmke	WebNews	0	22nd January 2011 14:47
Apple Patents Remotely Disabling Jailbroken Phones	jmke	WebNews	2	20th August 2010 21:00