Windows RT Hacked To Run Unsigned Code, Full Desktop Applications

Over the weekend a hacker by the name of Clrokr claims to have discovered a method for running unsigned code on Windows RT–including desktop applications. This Windows RT jailbreak amounts to changing a entry in the Windows 8 kernel, a value which determines the minimum signing level that desktop apps are allowed to run. Change the entry, and you can run unsigned desktop applications instead of being limited to software signed by Microsoft or Windows. Here’s Clrokr’s explanation:

The minimum signing level determines how good an executable’s signature is on a scale like this: Unsigned(0), Authenticode(4), Microsoft(8), Windows(12). The default value on x86 machines is of course 0 because you can run anything you like on your computer. On ARM machines, it defaults to 8.

Office Home & Student RT Suite: Disclaimer

Office was one of the few apps on Windows RT that was authorized to run in desktop mode.

Now, it’s not as simple as opening an editor and changing a line of text–as this isn’t a user-accessible setting, but a string hardcoded into the OS. That said, the string wasn’t too difficult for Clrokr to find, as the kernel in Windows RT apparently is quite similar to the kernel in the x86 version of Windows 8 (hmm). I only half-understand the process, at best, but this looks like the real deal, which could mean more user-friendly jailbreak tools will pop up in the near future.

The only bad news is any device with UEFI Secure Boot enabled can’t be permanently jailbroken with this method–this security measure would have to be bypassed to retain the changed value.

What’s really interesting is this jailbreak method is absolutely useless for pirating Windows Store apps–Windows RT apps don’t check the altered value in the first place. All it does is remove an artificial barrier implemented by Microsoft–a barrier which prevents Windows RT tablets from installing the same software as full Windows 8 computer. We will post an update when we hear more details.

Windows RT Hacked

Does Windows RT need to be more than a tablet OS?

In Clrokr’s own words:

“The decision to ban traditional desktop applications was not a technical one, but a bad marketing decision. Windows RT needs the Win32 ecosystem to strengthen its position as a productivity tool. There are enough “consumption” tablets already.”

If Windows RT can run traditional Windows programs by modifying a single entry in the kernel, why would Microsoft insist on hamstringing their platform? Share your thoughts in the comments section below.

Don't forget to follow on Facebook, Twitter and Google+.
  • David Margolin

    hmm… wonder if bluestacks can be installed after changing signature values… that would make getting a surface worth it…

  • Chris Andes

    My question is why Microsoft made an RT version of Windows. if they wanted an OS that could not run desktop programs, why still include it in the OS in the first place. It should be more like Windows Phone 8 OS.
    But for windows, that wouldn’t make sense, so the traditional Windows should be available, in my opinion.

  • Benlego65

    Maybe even installing virtualbox and running OS X, perhaps with that you could use the iOS simulator.

  • Michael Schnier

    I’m 90% sure that would make most ARM processors explode.

  • David Margolin

    both a snapdragon 600 and an 800 wouldnt :)

  • Michael Schnier

    Right off the bat, it wouldn’t work because virtualbox doesn’t emulate hardware. You’d have to be running an emulated version of iOS through OSX on top of an emulated x86 processor, in Windows RT on an ARM chip. Any sensible chip would explode on principle.

    You’d save yourself the headache by buying a used iPod.