Over the weekend a hacker by the name of Clrokr claims to have discovered a method for running unsigned code on Windows RT–including desktop applications. This Windows RT jailbreak amounts to changing a entry in the Windows 8 kernel, a value which determines the minimum signing level that desktop apps are allowed to run. Change the entry, and you can run unsigned desktop applications instead of being limited to software signed by Microsoft or Windows. Here’s Clrokr’s explanation:
The minimum signing level determines how good an executable’s signature is on a scale like this: Unsigned(0), Authenticode(4), Microsoft(8), Windows(12). The default value on x86 machines is of course 0 because you can run anything you like on your computer. On ARM machines, it defaults to 8.
Now, it’s not as simple as opening an editor and changing a line of text–as this isn’t a user-accessible setting, but a string hardcoded into the OS. That said, the string wasn’t too difficult for Clrokr to find, as the kernel in Windows RT apparently is quite similar to the kernel in the x86 version of Windows 8 (hmm). I only half-understand the process, at best, but this looks like the real deal, which could mean more user-friendly jailbreak tools will pop up in the near future.
The only bad news is any device with UEFI Secure Boot enabled can’t be permanently jailbroken with this method–this security measure would have to be bypassed to retain the changed value.
What’s really interesting is this jailbreak method is absolutely useless for pirating Windows Store apps–Windows RT apps don’t check the altered value in the first place. All it does is remove an artificial barrier implemented by Microsoft–a barrier which prevents Windows RT tablets from installing the same software as full Windows 8 computer. We will post an update when we hear more details.
In Clrokr’s own words:
“The decision to ban traditional desktop applications was not a technical one, but a bad marketing decision. Windows RT needs the Win32 ecosystem to strengthen its position as a productivity tool. There are enough “consumption” tablets already.”
If Windows RT can run traditional Windows programs by modifying a single entry in the kernel, why would Microsoft insist on hamstringing their platform? Share your thoughts in the comments section below.