Forgot your password?
typodupeerror
Microsoft Windows Hardware

Windows RT Jailbreak Tool Released 101

Posted by samzenpus
from the right-tool-for-the-job dept.
An anonymous reader writes "Earlier this week, reports surfaced that the Windows RT operating system had been jailbroken to allow for the execution of unsigned ARM desktop applications. Microsoft quickly issued a statement saying it does not consider the findings to be part of a security vulnerability, and applauded the hacker for his ingenuity. Now, a Windows RT jailbreak tool has been released."
This discussion has been archived. No new comments can be posted.

Windows RT Jailbreak Tool Released

Comments Filter:
  • Kudos (Score:5, Insightful)

    by gadzook33 (740455) on Thursday January 10, 2013 @08:05PM (#42552845)
    Kudos to MS for being good sports about it.
    • Re:Kudos (Score:5, Interesting)

      by DavidClarkeHR (2769805) <david.clarke@nosPAM.hrgeneralist.ca> on Thursday January 10, 2013 @08:18PM (#42552931)

      Kudos to MS for being good sports about it.

      Why wouldn't they? Now that I can run (and compile) my own programs on it, I'd be willing to buy a windows RT tablet.

      Well ... maybe.

      • by gadzook33 (740455)
        I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\
        • by Anonymous Coward

          I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

          I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

          Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

          Crysis on the Surface RT anyone?

          • I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

            I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

            Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

            Crysis on the Surface RT anyone?

            Exactly.

            I bought my playbook the moment they announced the playbook keyboard because of the same reason. In this case, it's citrix at work and splashtop at home.

          • by icebike (68054)

            Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

            That makes a lot of sense. Tie up TWO machines to do the work you could otherwise handle with the tablet alone. I think MS marketing department has an opening for you.

          • How does RemoteFX stack up in real life instead of on paper compared with say OpenGL over X11 in 1999? Back then for a few weeks my animated desktop background on a Pentium90 was the "atlantis" screensaver (swimming 3D whales) thanks to some unused capacity on an SGI machine on the network.
            For an MS Windows only comparison or *nix to MS Windows, how does it stack up against TurboVNC? I really don't see what RemoteFX can do that VirtualBox plus TurboVNC couldn't do a few years ago unless they've rewritten
        • The fan?

      • Did you know that you could already compile and run your own apps on it? They even give you the dev tools for free:
        http://msdn.microsoft.com/en-US/library/windows/apps/hh974577

        • Did you know that you could already compile and run your own apps on it? They even give you the dev tools for free: http://msdn.microsoft.com/en-US/library/windows/apps/hh974577 [microsoft.com]

          That's like saying the ipad is open because you can get your apps by sending them through the app store. Not quite the same, but close enough that it doesn't make a big difference.

        • That link only applies to WinRT apps (ie the don't-call-it-Metro interface), it does not apply to desktop applications. This "jailbreak" only applies to desktop applications.
        • You can compile and run your own apps on it if you happen to have completely rewritten them as metro apps. I wonder whether this jailbreak could unleash a protest movement to enable compiling WIN32 desktop code for ARM. Do the tools even exist for that?

          Just because Microsoft wants to force-feed their phone/tablet ecosystem - and are willing to screw win32 developers to do it - doesn't mean there aren't plenty of win32 dev's with code out there they'd like to port. Microsoft should've provide a way to eit

          • by cbhacking (979169)

            Not only do the tools exist for developing desktop apps for RT, they're actually the same (free, for the Express versions) Visual Studio tools used for developing Metro apps. You have to change one configuration file to stop it from bitching at you about not being able to create ARM desktop apps, and you'll find the list of .LIBs is sorely lacking, but the fix for the first was posted on StackOverflow weeks (months?) ago, and the second is easily fixed by "cutting" LIBs out of DLLs using scriptable programs

      • Why wouldn't they?

        Because in nearly 40 years, Microsoft has never been a good sport about anything, and the last thing Microsoft has ever wanted is any decrease in their ability to control what their users do.

        Frankly, I'm surprised at their reaction. Maybe they already have a fix in the channels and know they will plug the hole soon.

        I can't imagine Microsoft being so blase about this particular form of jailbreak, otherwise they wouldn't have bothered to implement the app lockout in RT in the first place.

    • Re:Kudos (Score:5, Informative)

      by Jerry Atrick (2461566) on Thursday January 10, 2013 @08:28PM (#42552995)

      They don't have a lot of choice. The 'hack' leverages the debug support. Can't remove that support while they desperately need devs and it won't be easy to safely plug exploits via it. While the debugger is available there's no point blocking the exploit, it's certain another will be found as quickly as they can fix them.

      In a few months when they've had time to decide if RT is worth continuing expect them to do something drastic disruptive to block jailbreaks. While it's struggling there's no point.

      • by gadzook33 (740455)
        I'm sure this won't be the popular opinion here but I'll bet money right now that they quickly wipe out jailbreaks on RT. Bear in mind that the *first* jailbreak is not trivial but an incredibly sophisticated break compared to the early iOS breaks. That being said, I agree with everyone that RT should be opened up. Where I work we've already given up on RT (and we're not too thrilled with 8). If MS wants to keep our business, they're going to need to lighten up.
    • by icebike (68054)

      That they didn't lead the charge with a bunch of lawyers does not mean they won't try to
      fix the problem.

      The guy did them a service, finding a hole that they can now try to patch.
      Further Microsoft knows that this will only be used by a quarter of the 28 existing Windows RT users, so its no big deal.

  • Applause? (Score:5, Insightful)

    by guttentag (313541) on Thursday January 10, 2013 @08:06PM (#42552847) Journal

    We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

    Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

    • Re:Applause? (Score:4, Informative)

      by AdamStarks (2634757) on Thursday January 10, 2013 @08:38PM (#42553053)

      They could also just be reminding everyone that this "feature" is not officially supported. It's very possible that there are legitimate reasons to change the implementation of the security mechanism in ways that break the tool.

      Keep in mind they didn't take any action against the homebrew Kinect stuff.

      • by cbhacking (979169)

        Note that this hack does actually make use of a genuine security vulnerability. Specifically, the user-mode system process CSRSS.EXE (Client/Server Runtime SubSystem) makes a bunch of calls into the kernel. The kernel checks that CSRSS is the process making these calls, but beyond that, it doesn't bother validating the parameters much, if at all. Some of the calls have parameters that, if deliberately modified, can be used for write-only access to kernel memory. That's what this hack is doing: changing a ke

      • by gl4ss (559668)

        the kinect stuff is way, way more different.

        they made a high level political decision about this being out of limits on RT. it's not a question about support or it's technically feasible, it was a question of promoting metro and the app market.

      • It seems to me the homebrew Kinect stuff can only affect Microsoft by causing more Kinects to be sold. Jailbreaking RT obviates the whole reason it exists.

        • There were arguments on Slashdot that the homebrew Kinect stuff actually could hurt Microsoft. They could no longer assume that 8 million Kinects sold meant 8 million Xbox 360 systems with the Kinect peripheral, which turn could make it harder to convince developers that there's an actual market for Kinect games.

          I have no idea if that's true, I just remember it being brought up around here.

          • by cbhacking (979169)

            Similarly, jailbreaking RT can be argued to give it a new reason *for* existing. Before, it was a partially crippled device which had excellent battery life and portability, but you were so restricted in what you could do with it, no matter where you were or how long the battery lasted, that it wasn't as compelling a purchase. The Windows Store is ramping up quickly, but there will always be some classes of apps that just can't run in it, or at least not practically, and there will be more people who choose

            • True, but clearly Microsoft has clearly considered this scenario and rejected it.

              Jailbreaking RT might be a great thing, but it's not what MS wants or they wouldn't have made it necessary in the first place. I think they place as much importance on control as they do sales.

              I could personally do some cool stuff with a jailbroken RT machine since I run a lot of open-source software, but I would be afraid of Microsoft doing everything in its power to plug that hole and leaving me with a device that only runs

          • Perhaps, but Microsoft has released libraries to use Kinect with Windows. I would think that they would be doing everything they can to come up with ways to use this innovative and successful device as a new peripheral for computers because:

            1. There are possibly some really cool applications of Kinect technology that could enhance Windows (though I'm not too sure what they would be... certainly using a Kinect to control a Windows Media Center could be very useful).
            2. There would be a reason to purchase a

    • by grcumb (781340)

      We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

      Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

      Also, now we know where to put the crocodiles.

  • by M0j0_j0j0 (1250800)

    This is a very honest question, who would want to buy this Windows RT?

    • People who can't tell a 'Surface' and a 'Surface Pro' tablet apart; but see that one is thinner and cheaper... Never you mind about those return rates.

      • by vux984 (928602)

        The RT is notable for its better battery life too. Depending on the circumstances its the right option for the right person... not me personally, and probably not here in the slashdot echo chamber... but it would probably be the right choice for my mom.

        • It's not that it's necessarily an objectively bad product(reports are that 'metro' is actually an OK interface on the devices it was designed for), just that 'Windows RT' is the biggest break with backwards compatibility in the history of Windows, yet it is sold in a package barely distinguishable from Windows 8 devices that have roughly the behavior and backwards compatibility that people expect from 'Windows'.

    • Nokia.
    • by Anonymous Coward

      I don't know. But it's fair to say that before this jailbreak and Microsoft's pleasantly surprising reaction to it, I wouldn't have even considered the question. Now it might be worth looking at.

    • by Sylak (1611137)
      I would like a Windows powered tablet personally, and now that there's a way to deliver software outside of the Windows store, I've got a bit more incentive to buy one.
      • by cbhacking (979169)

        You could always deliver sideloadable APPX packages. They would require your users to install a developer license (free, supported, less complicated than this jailbreak tool, and doesn't rely on a patchable OS security hole) but it works fine. In fact, this tool requires sideloading such a package already.

        The difference is that APPX packages (bundled "Metro" apps) only work for apps that run within an "AppContainer" sandbox. That means very restricted access to the whole system, no ability to run as Admin,

    • by PPH (736903)

      Restate the question: Who would want to buy ARM hardware without knowing whether they would be locked into Windows RT forever. Or could rescue the hardware by loading some other O/S.

      This is going to boost the market value of used ARM devices. It may have the perverse effect of selling some more Windows RT, as people don't have the useless brick issue to deal with should they tire of RT.

      • Note that this "jailbreak" allows the user to trick the kernel into disabling the signature requirements for desktop apps.

        It does not let them directly mess with the kernel itself or load an alternate OS.

    • by Sepodati (746220)

      I'd buy one, but I'm just an average Internet user. Browsing, mail, maybe a video here and there. So long as few of the popular tablet games get copied over into the RT Store, I'd be totally content with it. For the right price, though, of course.

      I'm sure there are plenty of other folks like me, but all you hear is the squeaky wheels around here.

      I also have no problems using Unity or Windows 8... just to peg out your rage meter... :)

  • ARMless (Score:5, Funny)

    by OhANameWhatName (2688401) on Thursday January 10, 2013 @08:07PM (#42552863)

    allow for the execution of unsigned ARM desktop applications

    Awesome! Quick, somebody write some applications!

    • Supposing RT does indeed include the full Win32 API to support Office, for many FLOSS applications it's theoretically as simple as a recompile.

      e.g. when I evaluated a simple text editor that would work on both Linux and Windows, with easy installation, I chose geany (sorry emacs/vi users!) The code is cpu and OS agnostic, so there would be minimal porting to ARM Win32 provided the code for Windows didn't contain too many x86-isms.

      • by PRMan (959735)
        I don't think Windows RT includes the full Win32 API.
        • Re:ARMless (Score:4, Informative)

          by Gwala (309968) <adam@@@gwala...net> on Thursday January 10, 2013 @10:08PM (#42553845) Homepage

          Actually it looks like it does from my own examination of a Surface - it's just locked so that only Microsoft can use it.

          • by cbhacking (979169)

            Gwala is correct, and the purpose of this hack is to remove that restriction. There are a handful of apps which have already been ported. PuTTY, TightVNC, Bochs, and 7-Zip were the first. There are ongoing efforts to port more (including some mildly ambitious projects, like Firefox, Chromium, Thunderbird, Java, and Python).

            Additionally, any pure .NET 4.5 app will run, unmodified, on the Surface RT after "jailbreaking". It has to be entirely 4.5 though; Windows RT doesn't include the legacy versions.

            There's

    • by nwoolls (520606)

      People are already doing this. Notepad++, putty, bochs, and 7zip (with UI) are already ported.

  • by DrEldarion (114072) on Thursday January 10, 2013 @08:20PM (#42552961)

    I'm sure the three people using windows rt are grateful.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I'm sure the three people using windows rt are grateful.

      Those three people? They're WINNING.

      They are not full of grate, they are full of windows.

    • by Anonymous Coward

      Ha ha. Three? There are TENS of users now.

  • by hcs_$reboot (1536101) on Thursday January 10, 2013 @09:09PM (#42553323)
    I was not used to that behavior... Things change at Microsoft!
    • by Anonymous Coward

      But in the same written statement, MS said it will be patched in the future.

      • by Anonymous Coward

        Whereabouts?

        The quote I see is

        We’ll not guarantee these approaches will be there in future releases.

        ... which isn't saying they WILL patch it, just that it's not a supported thing that they will guarantee will always be there. That's fair.

    • I see their compliment sort of like a scene in an action movie:

      "Ah, Mr. Bond. Your escape from my heavily armed henchmen was clever. Very clever, indeed. But let's see how clever you are when I drop you in the piranha tank."

      It's good PR on their part to not act offended, but I would bet they are.

  • If they can maintain their independence from Microsoft, unlike the sellouts from the WP7 era, more power to them.

  • I really don't see the point of jailbreaking this device. [informationweek.com] There is no native Windows software that will run on it because that's all x86 code. You could run .NET code (at least some, we don't know if the full .NET is in there). And while it's possible to write native Windows programs for ARM, who's really going to do that for the few systems that are jailbroken? BTW, there is no simple jailbreak procedure to invoke this. It's complicated.
    • by cbhacking (979169)

      The "why" is twofold. First of all, it's there, and we could. People have been working on this since literally launch day. Hackers gonna hack. Second, the Surface RT (and presumably other Windows RT devices) actually make very nice highly portable computers. With the familiar Windows interface and standard system tools, plus the keyboard and mouse provided by the cover, and excellent battery life... the only thing they are missing is software. The restrictions on third party apps (the AppContainer sandbox)

  • I know this is /. and we rabble rabble hate M$$$$$ rabble, but can someone point me to another company that actually applauded the hackers who jailbroke their hardware? The standard reaction is quite the opposite.
  • A jailbreak is some sort of privilege escalation from inside a locked-down system, using bugs in the system. This "hack" just consists of attaching a debugger to the running system, which is perfectly allowed, and modifying the live memory. That might be hard, since debug symbols are probably not released by Microsoft and source code is not available, but it is by no means anything security-relevant.
    • by mic0e (2740501)
      Anyway, it's great marketing for Microsoft - this is the first time I actually hear about the Surface on the news in a 'positive' way.
    • by cbhacking (979169)

      You came *so close* to understanding, and then you lost it.

      This hack involves the following steps:
      1. Probe the address of a kernel flag.
      2. Attach a debugger to the user-mode CSRSS.exe and modify a function call it makes into the kernel using info from step 1.
      3. Execute the function call to change kernel-mode memory.

      Step 1 is fairly legit, even though it's not really supposed to be possible from a WinRT app.
      Step 2 is completely legit, assuming step 1 succeeds.
      Step 3 is the tricky one. This is not a kernel de

    • by ledow (319597)

      Take a simpler view of it.

      Using a stock device, and some external software that's easily available and can send certain commands, you can modify the device remotely and run arbitrary code on it.

      Sounds like a jailbre, ak on a closed to me. It's like saying that plugging in a USB device into a laptop gives you admin access, or that you can send certain packets over the network to a machine and end up with admin access.

      Those functions shouldn't be available remotely, the processes should have permission to mo

Programmers do it bit by bit.

Working...