Windows RT Hacked To Run Unsigned Code, Full Desktop Applications

Over the weekend a hacker by the name of Clrokr claims to have discovered a method for running unsigned code on Windows RT–including desktop applications. This Windows RT jailbreak amounts to changing a entry in the Windows 8 kernel, a value which determines the minimum signing level that desktop apps are allowed to run. Change the entry, and you can run unsigned desktop applications instead of being limited to software signed by Microsoft or Windows. Here’s Clrokr’s explanation:

The minimum signing level determines how good an executable’s signature is on a scale like this: Unsigned(0), Authenticode(4), Microsoft(8), Windows(12). The default value on x86 machines is of course 0 because you can run anything you like on your computer. On ARM machines, it defaults to 8.

Office Home & Student RT Suite: Disclaimer

Office was one of the few apps on Windows RT that was authorized to run in desktop mode.

Now, it’s not as simple as opening an editor and changing a line of text–as this isn’t a user-accessible setting, but a string hardcoded into the OS. That said, the string wasn’t too difficult for Clrokr to find, as the kernel in Windows RT apparently is quite similar to the kernel in the x86 version of Windows 8 (hmm). I only half-understand the process, at best, but this looks like the real deal, which could mean more user-friendly jailbreak tools will pop up in the near future.

The only bad news is any device with UEFI Secure Boot enabled can’t be permanently jailbroken with this method–this security measure would have to be bypassed to retain the changed value.

What’s really interesting is this jailbreak method is absolutely useless for pirating Windows Store apps–Windows RT apps don’t check the altered value in the first place. All it does is remove an artificial barrier implemented by Microsoft–a barrier which prevents Windows RT tablets from installing the same software as full Windows 8 computer. We will post an update when we hear more details.

Windows RT Hacked

Does Windows RT need to be more than a tablet OS?

In Clrokr’s own words:

“The decision to ban traditional desktop applications was not a technical one, but a bad marketing decision. Windows RT needs the Win32 ecosystem to strengthen its position as a productivity tool. There are enough “consumption” tablets already.”

If Windows RT can run traditional Windows programs by modifying a single entry in the kernel, why would Microsoft insist on hamstringing their platform? Share your thoughts in the comments section below.

Don't forget to like iJailbreak on Facebook, follow on Twitter and add to your circle on Google+ to stay up-to-date on all the latest Jailbreak and Apple news!


  1. David Margolin says:

    hmm… wonder if bluestacks can be installed after changing signature values… that would make getting a surface worth it…

  2. Chris Andes says:

    My question is why Microsoft made an RT version of Windows. if they wanted an OS that could not run desktop programs, why still include it in the OS in the first place. It should be more like Windows Phone 8 OS.
    But for windows, that wouldn’t make sense, so the traditional Windows should be available, in my opinion.

  3. Benlego65 says:

    Maybe even installing virtualbox and running OS X, perhaps with that you could use the iOS simulator.

  4. Michael Schnier says:

    I’m 90% sure that would make most ARM processors explode.

  5. David Margolin says:

    both a snapdragon 600 and an 800 wouldnt :)

  6. Michael Schnier says:

    Right off the bat, it wouldn’t work because virtualbox doesn’t emulate hardware. You’d have to be running an emulated version of iOS through OSX on top of an emulated x86 processor, in Windows RT on an ARM chip. Any sensible chip would explode on principle.

    You’d save yourself the headache by buying a used iPod.

Speak Your Mind