Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows RT Jailbreak Tool Released

Posted by samzenpus on from the right-tool-for-the-job dept.

An anonymous reader writes "Earlier this week, reports surfaced that the Windows RT operating system had been jailbroken to allow for the execution of unsigned ARM desktop applications. Microsoft quickly issued a statement saying it does not consider the findings to be part of a security vulnerability, and applauded the hacker for his ingenuity. Now, a Windows RT jailbreak tool has been released."

26 of 101 comments (clear)

  1. Re:windows rt by Fluffeh · · Score: 5, Insightful

    what'sthat?

    A new and innovative way to lock hardware to only the applications that you want your users to run.

    *sips coffee*

    Oh, and apparently it failed to live up to the owners expectations to be locked down.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  2. Kudos by gadzook33 · · Score: 4, Insightful

    Kudos to MS for being good sports about it.

    1. Re:Kudos by DavidClarkeHR · · Score: 4, Interesting

      Kudos to MS for being good sports about it.

      Why wouldn't they? Now that I can run (and compile) my own programs on it, I'd be willing to buy a windows RT tablet.

      Well ... maybe.

      --
      - Nec Impar Pluribus, or so I'm told.
    2. Re:Kudos by Jerry+Atrick · · Score: 4, Informative

      They don't have a lot of choice. The 'hack' leverages the debug support. Can't remove that support while they desperately need devs and it won't be easy to safely plug exploits via it. While the debugger is available there's no point blocking the exploit, it's certain another will be found as quickly as they can fix them.

      In a few months when they've had time to decide if RT is worth continuing expect them to do something drastic disruptive to block jailbreaks. While it's struggling there's no point.

    3. Re:Kudos by gadzook33 · · Score: 2

      I'm sure this won't be the popular opinion here but I'll bet money right now that they quickly wipe out jailbreaks on RT. Bear in mind that the *first* jailbreak is not trivial but an incredibly sophisticated break compared to the early iOS breaks. That being said, I agree with everyone that RT should be opened up. Where I work we've already given up on RT (and we're not too thrilled with 8). If MS wants to keep our business, they're going to need to lighten up.

    4. Re:Kudos by DavidClarkeHR · · Score: 2

      I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

      I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

      Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

      Crysis on the Surface RT anyone?

      Exactly.

      I bought my playbook the moment they announced the playbook keyboard because of the same reason. In this case, it's citrix at work and splashtop at home.

      --
      - Nec Impar Pluribus, or so I'm told.
  3. Applause? by guttentag · · Score: 4, Insightful

    We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

    Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

    1. Re:Applause? by AdamStarks · · Score: 4, Informative

      They could also just be reminding everyone that this "feature" is not officially supported. It's very possible that there are legitimate reasons to change the implementation of the security mechanism in ways that break the tool.

      Keep in mind they didn't take any action against the homebrew Kinect stuff.

    2. Re:Applause? by Anonymous Coward · · Score: 4, Funny

      Linus Torvald hereby announces that he will be the only person with Root access on all Linux systems. He will not share the passwords with anybody.

      Theo removes Root access even from himself.

    3. Re:Applause? by cbhacking · · Score: 2

      Note that this hack does actually make use of a genuine security vulnerability. Specifically, the user-mode system process CSRSS.EXE (Client/Server Runtime SubSystem) makes a bunch of calls into the kernel. The kernel checks that CSRSS is the process making these calls, but beyond that, it doesn't bother validating the parameters much, if at all. Some of the calls have parameters that, if deliberately modified, can be used for write-only access to kernel memory. That's what this hack is doing: changing a kernel-mode flag that controls what signature level is required on EXEs (RT defaults to "Microsoft", or 0x80000 x86 Windows defaults to "None" or 0x00000; this hack simply decrements that memory address by approximately 0x80000 depending on the state of the other flags).

      This vulnerability has existed for years, and previously has not been worth patching. In order to exploit it, you need to attach a debugger to csrss. In order to attach a debugger to a system process, you must be Admin. If you're Admin, you *used* to be able to just attach a debugger to the kernel directly. However, doing so requires a bootloader option change, and Secure Boot on Windows RT device prohibits adding the debug flag to the bootloader configuration. Therefore, while this bug was never before a priority for MS to patch (why bother, when they can squeeze a bit of performance out of skipping the parameter checks and the security is functionally identical?), the fact that Admin on RT does *not* automatically also imply kernel access means they may re-evaluate the priority of the bug.

      --
      There's no place I could be, since I've found Serenity...
  4. Re:windows rt by Decker-Mage · · Score: 3, Insightful

    Actually Microsoft had the same response, after thinking a bit, to the jailbreaking of Windows Phone 7. No matter how hard you try, if one human, or group of humans, comes up with a protection scheme, another will figure out a way through or around it. Nature of the beast and the sooner others (Sony!?) get a clue, the sooner everyone can start thinking of more innovative things to do rather than waste resources this way.

    --
    "[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
  5. ARMless by OhANameWhatName · · Score: 5, Funny

    allow for the execution of unsigned ARM desktop applications

    Awesome! Quick, somebody write some applications!

    1. Re:ARMless by ChunderDownunder · · Score: 2

      Supposing RT does indeed include the full Win32 API to support Office, for many FLOSS applications it's theoretically as simple as a recompile.

      e.g. when I evaluated a simple text editor that would work on both Linux and Windows, with easy installation, I chose geany (sorry emacs/vi users!) The code is cpu and OS agnostic, so there would be minimal porting to ARM Win32 provided the code for Windows didn't contain too many x86-isms.

    2. Re:ARMless by Gwala · · Score: 3, Informative

      Actually it looks like it does from my own examination of a Surface - it's just locked so that only Microsoft can use it.

      --
      #!/bin/csh cat $0
    3. Re:ARMless by cbhacking · · Score: 2

      Gwala is correct, and the purpose of this hack is to remove that restriction. There are a handful of apps which have already been ported. PuTTY, TightVNC, Bochs, and 7-Zip were the first. There are ongoing efforts to port more (including some mildly ambitious projects, like Firefox, Chromium, Thunderbird, Java, and Python).

      Additionally, any pure .NET 4.5 app will run, unmodified, on the Surface RT after "jailbreaking". It has to be entirely 4.5 though; Windows RT doesn't include the legacy versions.

      There's a thread on the XDA-Developer forums with a list of ported software: http://forum.xda-developers.com/showthread.php?t=2092348

      --
      There's no place I could be, since I've found Serenity...
  6. Re:windows rt by Microlith · · Score: 5, Insightful

    And then you end up in the situation jailbreakers are with iOS 6. There is still no jailbreak for the platform. And when one is released, Apple will patch it.

    Playing silly cat and mouse games with vendors that do this is effort and time wasted. If you see value in using devices you purchase as you see fit, then buy from vendors that don't deliberately interfere with you and make those devices and the software for them better.

  7. congrats! by DrEldarion · · Score: 3, Funny

    I'm sure the three people using windows rt are grateful.

    1. Re:congrats! by Anonymous Coward · · Score: 2, Funny

      I'm sure the three people using windows rt are grateful.

      Those three people? They're WINNING.

      They are not full of grate, they are full of windows.

  8. Re:windows rt by Sydin · · Score: 2

    Most people who jailbreak don't do it for the value: they do it for the challenge. I doubt the ones who jailbreak iOS are thinking about all the cool new apps they'll get to run once they're finished: that's just a bonus. They're thinking that they want to be the one to break apple's security, to make apple scramble to fix it, and then to do it all over again.

  9. Re:Ok by Sylak · · Score: 2

    I would like a Windows powered tablet personally, and now that there's a way to deliver software outside of the Windows store, I've got a bit more incentive to buy one.

  10. Re:Ok by PPH · · Score: 2

    Restate the question: Who would want to buy ARM hardware without knowing whether they would be locked into Windows RT forever. Or could rescue the hardware by loading some other O/S.

    This is going to boost the market value of used ARM devices. It may have the perverse effect of selling some more Windows RT, as people don't have the useless brick issue to deal with should they tire of RT.

    --
    Have gnu, will travel.
  11. Microsoft applauded the hacker for his ingenuity by hcs_$reboot · · Score: 4, Informative

    I was not used to that behavior... Things change at Microsoft!

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  12. Re:windows rt by GigaplexNZ · · Score: 2

    Sydin was referring to the developers of the jailbreak tools, not the users.

  13. Re:windows rt by the_humeister · · Score: 2

    Exactly why I bought an SGS 2 so I can put Android 4.1 and Debian 7 on it.

  14. Re:windows rt by Microlith · · Score: 3, Insightful

    I see it as the best of both worlds.

    But its not. You're patronizing a hostile vendor.

    I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

    Then perhaps the right answer is, instead of giving money to a company that is hostile to you, that you should look around for a vendor who provides what you want. Android's done a good job at crippling that market however.

    They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users.

    No. iOS 6 proves that this argument is and always has been shit. Apple doesn't give a flying fuck about jailbreakers and will fight them until they've got nothing and thus far Apple is winning.

    However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

    You'll eventually jump ship.

  15. Re:Nice but not new and may be better ways by dbIII · · Score: 2

    RemoteFX adds a WDDM driver for a physical GPU (or cluster) that can be partitioned in a VDI

    Yes, which is why I mentioned TurboVNC which has been doing the same sort of thing for a couple of years. I think I know how RemoteFX works, what I don't know is how it performs.

    Can you run AutoDesk Rev-IT on your tablet with TurboVNC or OpenGL over X11?

    Similar things of course even back in 1999 with that p90 and a 64CPU beast at the other end of a 10Mb/s pipe, I'd say exactly the same thing now with TurboVNC exporting a Windows7 screen running Rev-IT or blender or whatever.
    Of course where RemoteFX and TurboVNC fail is they are just streaming bitmaps and they can't get the sort of acceleration you could get by sending less bits to do the same job in the form of OpenGL objects - like you could do back in 1999 and earlier with X. So while you may get something prettier than your local hardware could render in real time the frame rate is going to suck without a really fat pipe (so forget about wireless tablets doing it well) and you need at least some grunt in the graphics hardware to keep on refreshing those bitmaps so you may as well be rendering it locally anyway from 3D information on the server (eg. use OpenGL).
    I can't see RemoteFX or TurboVNC as a viable option for something with a lot of 3D graphics and requiring decent frame rates. With your Rev-IT example I'm assuming it's a different story if it's like other solid modelling packages and there's not a lot of change to refresh (compared to a 3D game with lots of movement, textures etc) so any of the three options is going to look OK.