Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on January 7, 2013

Microsoft investigating claims of Windows RT jailbreak allowing unsigned ARM desktop applications


Microsoft investigating claims of Windows RT jailbreak allowing unsigned ARM desktop applications

Reports started to surface on Sunday that the Windows RT operating system has been jailbroken. A Microsoft spokesperson confirmed with The Next Web on Monday that the company is investigating the claims.

Update at 6:00PM ESTMicrosoft determines Windows RT jailbreak poses no security threat, applauds hacker for ingenuity

Security researcher clrokr claims to have developed a workaround for allowing desktop applications to run on Microsoft’s ARM-based OS. All it takes is the flip of a switch: the company has apparently put in a setting to restrict ARM-based desktop apps to Microsoft ones.

This is a rather limited exploit for now. The setting needs to be changed each time a given PC boots up, and it only works for unsigned ARM desktop apps.

The specific value can’t be permanently altered on devices enabled with Secure Boot, but that doesn’t mean it can’t be changed in memory when the OS is already running. It appears clrokr was able to change the setting in the Windows RT kernel after tracking down the right value to open up the types of apps that the OS can run.

The vulnerability can thus allow for Windows RT to run ARM-compiled desktop apps. While this is technically a jailbreak, x86 desktop apps still can’t be executed unless they are recompiled to ARM first.

One of the reasons Microsoft limited desktop apps to its own is battery life. As such, if you use this exploit and run ARM desktop apps on your Surface or other Windows RT device, expect an impact on how long your tablet can run.

Despite these issues, this is still a rather exciting hack. If it works as outlined, you can expect homebrew ARM desktop apps to make their way to Windows RT and thus the Microsoft Surface. From clorkr’s conclusion:

Windows RT is a clean port of Windows 8. They are the same thing and MSFT enforces Code Integrity to artificially separate these platforms. It does not stop pirates from modifying store apps (and their license checks) because store apps are the only things that can actually run unsigned. The fact that this method works on Windows 8 as well shows how similar the systems are. You can even enforce Code Integrity on Windows 8 to see what Windows RT feels like!

Technically-savvy users will be able to reproduce the hack but most will have to wait for software to do it for them. For more technical details on clrokr’s hack, head over to his post here: Circumventing Windows RT’s Code Integrity Mechanism.

See also – Why Microsoft loves homebrew and hacking

Update at 6:00PM ESTMicrosoft determines Windows RT jailbreak poses no security threat, applauds hacker for ingenuity

Image credit: Michal Zacharzewski

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with