Windows RT has been jailbroken, you can now run un-signed code

The day that Microsoft announced Windows RT and that it would be a closed platform, many began to wonder how long it would take for the platform to be jailbroken. While we are still testing the waters ourselves, it looks like the platform has been opened up by vulnerability in the Windows kernel that was ported to the Windows RT platform.

The information comes from a post penned to the Surfsec blog who claims that they have been able to run unsigned desktop applications on Windows RT. Yes, you read that correctly, unsigned desktop applications on Windows RT. The crux of the post is this, there is no technical limitation to stopping desktop applications from running on Windows RT and it appears to be purely a marketing move. We posted the conclusion of the lengthy post explaining the exploit that was used to allow an unsigned desktop application to run on Windows RT:

Windows RT is a clean port of Windows 8. They are the same thing and MSFT enforces Code Integrity to artificially separate these platforms. It does not stop pirates from modifying store apps (and their license checks) because store apps are the only things that can actually run unsigned. The fact that this method works on Windows 8 as well shows how similar the systems are. You can even enforce Code Integrity on Windows 8 to see what Windows RT feels like!
The decision to ban traditional desktop applications was not a technical one, but a bad marketing decision. Windows RT needs the Win32 ecosystem to strengthen its position as a productivity tool. There are enough “consumption” tablets already.

There is a lot to consider as the exploit will only last until you restart the device and it requires quite a few steps to actually unlock and run unsigned code on the platform. But, seeing that, according to the author, the only thing from stopping traditional applications from running on Windows RT is Microsoft blocking the action, it does show the true power of Windows RT.

While we do not know if there is a demand for a home-brew community for the Windows RT platform, iOS arguably became popular after its home-brew community ran wild with the platform and was able to add significant functionality to the device. If Windows RT can develop a serious following, it could be the key to making Microsoft's mobile Windows platform the next billion dollar revenue stream for the company.

Source: Surfsec

Report a problem with article
Previous Story

Toshiba announces Satellite U845t budget touchscreen Ultrabook

Next Story

NVIDIA unveils Tegra 4, seen in prototype Windows tablet

86 Comments

View more comments

We can only hope! Best bet's VLC, first I have to get this exploit working though. M8 is actually pretty good though, it's my replacement for the ****ty music app!

please,save the drama. If you care about running desktop apps, buy an atom x86 tablet,like the acer w510. it gets the same battery life as winrt tablets, it has better performance, and it runs all desktop apps without needing to recompile code to arm.

true about everything but battery life. At the moment ARM processors outdo X86 processors like atom but this could soon change with the next gen. Anyhow some of us Microsoft Surfaces and it's nice to be able to hack things together and unlock your device to get as much raw capability for the money! its also really fun

I actually have a surface and a w510. the w510 actually gets a tad more juice than the surface. I tested both devices doing the exact same tasks. the acer has a smaller screen though(10.1" vs 10.6"),so it could give it an advantage in battery life, but my point was,battery life is similar.

and I like hacking devices for the fun of it too, but some people are going off about how locked down windows rt is and whatnot, when in reality if they were so concerned about that,then they should have gotten an x86 variant instead.

Edited by vcfan, Jan 7 2013, 8:47am :

vcfan said,
I actually have a surface and a w510. the w510 actually gets a tad more juice than the surface. I tested both devices doing the exact same tasks. the acer has a smaller screen though(10.1" vs 10.6"),so it could give it an advantage in battery life, but my point was,battery life is similar.

and I like hacking devices for the fun of it too, but some people are going off about how locked down windows rt is and whatnot, when in reality if they were so concerned about that,then they should have gotten an x86 variant instead.

I think the w510 has a larger battery but I can't remember off the tip if my head but yeah I completely agree if you don't want to suffice to the "limitations" of Windows RT then you shouldn't be using it!

vcfan said,
please,save the drama. If you care about running desktop apps, buy an atom x86 tablet,like the acer w510. it gets the same battery life as winrt tablets, it has better performance, and it runs all desktop apps without needing to recompile code to arm.

If you care about running x86 apps, avoid Atom like the plague

I think we got into a little misunderstanding. yeah the atom might use up more juice than arm, but im comparing overall total tablet battery life you're getting with the device.

"Windows RT needs the Win32 ecosystem..."

Except Windows RT is specifically for ARM and doesn't emulate or have the Win32 APIs AFAIK.

FACEPALM. How do you think applications like control panel and notepad work? They are accessing win32 APIs likewise with Office 2013!

ingramator said,
FACEPALM. How do you think applications like control panel and notepad work? They are accessing win32 APIs likewise with Office 2013!

They are arm specific versions ...

ingramator said,
FACEPALM. How do you think applications like control panel and notepad work? They are accessing win32 APIs likewise with Office 2013!

That's why I added AFAIK (As Far As I Know) to the end of my post!!!!!

neo158 said,
"Windows RT needs the Win32 ecosystem..."

Except Windows RT is specifically for ARM and doesn't emulate or have the Win32 APIs AFAIK.


It doesn't have ALL of the Win32 APIs. So you were half right.

SharpGreen said,

It doesn't have ALL of the Win32 APIs. So you were half right.

What are you going on about with this half the amount of Win32 APIs crap... Windows RT is Windows 8 compiled for ARM the APIs are there just not accessible by WinRT applications for security reasons. Hackers like me have ways of bypassing these restrictions, one way is to parse LoadLibraryA and GetProcAddresse in memory through kernel32.dll injection. It's a trick we've been doing to access full APIs since the dawn of Windows and in fact many viruse/malware services use it to gain superuser privileges and write any arbitrary code into memory without being questioned by the OS memory integrity checker. Anyways I know what I'm talking about but I think you are just a software dev playing in the wrong ball park, this is hardcore kernel level shiit not user level coding.

Regards.

ingramator said,

What are you going on about with this half the amount of Win32 APIs crap... Windows RT is Windows 8 compiled for ARM the APIs are there just not accessible by WinRT applications for security reasons. Hackers like me have ways of bypassing these restrictions, one way is to parse LoadLibraryA and GetProcAddresse in memory through kernel32.dll injection. It's a trick we've been doing to access full APIs since the dawn of Windows and in fact many viruse/malware services use it to gain superuser privileges and write any arbitrary code into memory without being questioned by the OS memory integrity checker. Anyways I know what I'm talking about but I think you are just a software dev playing in the wrong ball park, this is hardcore kernel level shiit not user level coding.

Regards.

Again with the needless insults. Look up "WINAPI_FAMILY_PARTITION" and stop spreading missinformation and insults.

SharpGreen said,

Again with the needless insults. Look up "WINAPI_FAMILY_PARTITION" and stop spreading missinformation and insults.

I give up, do you have a Surface RT or Windows RT device? I do and it's running all of my .NET 4.5 applications and a few ARM compiled ones like PuTTY, TightVNC and Bochs. All work 100% networking, sound and graphics. I would love you to explain to me how these applications have access to all their APIs if they do not exist on Windows RT? Please, I didn't know you were such an expert!!!

ingramator said,

I give up, do you have a Surface RT or Windows RT device? I do and it's running all of my .NET 4.5 applications and a few ARM compiled ones like PuTTY, TightVNC and Bochs. All work 100% networking, sound and graphics. I would love you to explain to me how these applications have access to all their APIs if they do not exist on Windows RT? Please, I didn't know you were such an expert!!!


Well since it's obvious you didn't read what I said originally...why should I continue wasting my time? All I've really said is that the entire Win32 API was not available on Windows RT. Just because some of your apps are working doesn't guarantee 100% of Windows desktop apps will.

A proper IM solution would be nice. I am not sure if there are even developer tools out there that can compile a program to work on ARM Windows RT, the system was closed, so why would there need to be tools?

neonspark said,
this is awesome. unleash RT. it is a lot better than windows 8 in that most of the malware has yet to be re-compiled

How is it better, when it's effectively the same thing?

It's effectively the same thing but different.

Windows RT only runs on the ARM architecture, therefore any malware has to be recompiled. Even then it won't run due to Code Integrity being enforced and apps only being available through the Store.

Commenting is disabled on this article.