×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows RT Jailbreak Tool Released

samzenpus posted about a year ago | from the right-tool-for-the-job dept.

Microsoft 101

An anonymous reader writes "Earlier this week, reports surfaced that the Windows RT operating system had been jailbroken to allow for the execution of unsigned ARM desktop applications. Microsoft quickly issued a statement saying it does not consider the findings to be part of a security vulnerability, and applauded the hacker for his ingenuity. Now, a Windows RT jailbreak tool has been released."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

101 comments

windows rt (-1)

Anonymous Coward | about a year ago | (#42552787)

what'sthat?

Re:windows rt (5, Insightful)

Fluffeh (1273756) | about a year ago | (#42552821)

what'sthat?

A new and innovative way to lock hardware to only the applications that you want your users to run.

*sips coffee*

Oh, and apparently it failed to live up to the owners expectations to be locked down.

Re:windows rt (3, Insightful)

Decker-Mage (782424) | about a year ago | (#42552855)

Actually Microsoft had the same response, after thinking a bit, to the jailbreaking of Windows Phone 7. No matter how hard you try, if one human, or group of humans, comes up with a protection scheme, another will figure out a way through or around it. Nature of the beast and the sooner others (Sony!?) get a clue, the sooner everyone can start thinking of more innovative things to do rather than waste resources this way.

Re:windows rt (0)

Anonymous Coward | about a year ago | (#42552913)

Your first example for unreasonably fighting the jailbreak beast is sony? Really?

Re:windows rt (5, Insightful)

Microlith (54737) | about a year ago | (#42552947)

And then you end up in the situation jailbreakers are with iOS 6. There is still no jailbreak for the platform. And when one is released, Apple will patch it.

Playing silly cat and mouse games with vendors that do this is effort and time wasted. If you see value in using devices you purchase as you see fit, then buy from vendors that don't deliberately interfere with you and make those devices and the software for them better.

Re:windows rt (2)

Sydin (2598829) | about a year ago | (#42552973)

Most people who jailbreak don't do it for the value: they do it for the challenge. I doubt the ones who jailbreak iOS are thinking about all the cool new apps they'll get to run once they're finished: that's just a bonus. They're thinking that they want to be the one to break apple's security, to make apple scramble to fix it, and then to do it all over again.

Re:windows rt (1)

thoughtlover (83833) | about a year ago | (#42553245)

Actually, I jailbroke my iPhone so I could change the MMS server because I wasn't able to access that setting. But I don't think that's what you're talking about.

Re:windows rt (2)

the_humeister (922869) | about a year ago | (#42554441)

Exactly why I bought an SGS 2 so I can put Android 4.1 and Debian 7 on it.

Re:windows rt (0)

Anonymous Coward | about a year ago | (#42557337)

wait what? seriously? you could have bought a galaxy nexus which is infinitely easier to root... from any platform.

The method for rooting the sgs2 isn't even guaranteed to leave you with a working phone.

Re:windows rt (1, Interesting)

meta-monkey (321000) | about a year ago | (#42554109)

The only reason I continue to use an iPhone is because it is jailbreakable. I'm still using 5.1.1, though, and won't upgrade to 6 until there is an untethered JB.

I see it as the best of both worlds. I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

I think that's a good mix for Apple, too. They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users. Call it plausible deniability, maybe? However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

Re:windows rt (3, Insightful)

Microlith (54737) | about a year ago | (#42555431)

I see it as the best of both worlds.

But its not. You're patronizing a hostile vendor.

I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

Then perhaps the right answer is, instead of giving money to a company that is hostile to you, that you should look around for a vendor who provides what you want. Android's done a good job at crippling that market however.

They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users.

No. iOS 6 proves that this argument is and always has been shit. Apple doesn't give a flying fuck about jailbreakers and will fight them until they've got nothing and thus far Apple is winning.

However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

You'll eventually jump ship.

Re:windows rt (1)

meta-monkey (321000) | about a year ago | (#42555629)

Maybe so, but in the meantime, I like my iPhone. When my contract is up next year, if jailbreaking is over, I'll jump ship.

Re:windows rt (0)

Anonymous Coward | about a year ago | (#42557383)

lol. polish.... never lawled so hard in my life.

Re:windows rt (1)

JonBoy47 (2813759) | about a year ago | (#42563043)

I see it as the best of both worlds.

But its not. You're patronizing a hostile vendor.

I'm also an iPhone user. I don't see Apple as a hostile vendor; they're a vendor of more failsafe products

I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

Then perhaps the right answer is, instead of giving money to a company that is hostile to you, that you should look around for a vendor who provides what you want. Android's done a good job at crippling that market however.

They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users.

No. iOS 6 proves that this argument is and always has been shit. Apple doesn't give a flying fuck about jailbreakers and will fight them until they've got nothing and thus far Apple is winning.

However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

You'll eventually jump ship.

Re:windows rt (1)

JonBoy47 (2813759) | about a year ago | (#42563241)

The Apple walled garden results in a more failsafe user experience compared to alternatives such as Android. The higher price-points of their devices also attract a customer-base that is not averse to actually purchasing apps. In addition to a user-base more inclined to buy apps to begin with, the walled garden virtually eliminates malware, and greatly reduces the level of piracy of paid apps. Developers can make money on the iOS platform much more readily than on Android, despite the smaller marketshare. For me as a user, this translates directly into higher quality, more usable and polished apps on iOS compared to Android. Apple actively combats jailbreaking as a proxy war against app piracy, third-party in-app purchase capability, and unauthorized wifi tethering. The first one is Apple protecting the value of their platform, the second is protecting their bottom line, and the third is carrier placation.

Re:windows rt (0)

Anonymous Coward | about a year ago | (#42554775)

You are misinformed. There is a jailbreak for iOS 6 but it is not released cause those that made it fear Apple will patch it right away. Those iOS hackers are wanting to use the current exploit to find a second exploit.

Re:windows rt (1)

sjames (1099) | about a year ago | (#42555045)

It's time wasted unless you do it for entertainment purposes. Some people enjoy crosswords, some prefer cracking and jailbreaking.

It's not a half bad way to learn about software and systems in great depth and detail.

Re:windows rt (1)

Anonymous Coward | about a year ago | (#42552971)

...No matter how hard you try, if one human, or group of humans, comes up with a protection scheme, another will figure out a way through or around it...

Not really. A properly implemented secure bootloader is pretty much impossible to circumvent. It is enforced, in part, by immutable hardware. Have they cracked RIM's Playbook yet? Nope.

That said, if there is even a teeny, tiny exploitable error in the chain of security (hardware->bootloader->OS->application) somebody is going to figure out how to break it.

Re:windows rt (1)

ixidor (996844) | about a year ago | (#42558647)

they said the same thing about playstation. then geohot got bored, and broke it ... seems maybe just no one had tried before what with the boot linux option that WAS there.

Re:windows rt (0)

Anonymous Coward | about a year ago | (#42552857)

Oh, and apparently it failed to live up to the manufacturer's expectations to be locked down.

FTFY

Kudos (4, Insightful)

gadzook33 (740455) | about a year ago | (#42552845)

Kudos to MS for being good sports about it.

Re:Kudos (4, Interesting)

DavidClarkeHR (2769805) | about a year ago | (#42552931)

Kudos to MS for being good sports about it.

Why wouldn't they? Now that I can run (and compile) my own programs on it, I'd be willing to buy a windows RT tablet.

Well ... maybe.

Re:Kudos (1)

gadzook33 (740455) | about a year ago | (#42552999)

I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

Re:Kudos (1)

Anonymous Coward | about a year ago | (#42553207)

I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

Crysis on the Surface RT anyone?

Re:Kudos (2)

DavidClarkeHR (2769805) | about a year ago | (#42553497)

I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

Crysis on the Surface RT anyone?

Exactly.

I bought my playbook the moment they announced the playbook keyboard because of the same reason. In this case, it's citrix at work and splashtop at home.

Re:Kudos (1)

icebike (68054) | about a year ago | (#42553621)

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

That makes a lot of sense. Tie up TWO machines to do the work you could otherwise handle with the tablet alone. I think MS marketing department has an opening for you.

Re:Kudos (0)

Anonymous Coward | about a year ago | (#42555163)

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

That makes a lot of sense. Tie up TWO machines to do the work you could otherwise handle with the tablet alone. I think MS marketing department has an opening for you.

Nice strawman. My server is actually a dual Xeon quad-core 16Gb RAM with SLI RadeonHD 5750s 2Gb RAM, it can handle vastly greater workloads and outperform any tablet on the market. With Remote Desktop I can access all of my dev tools, and with RemoteFX enabled it offloads all the heavy lifting to the server, most interesting to me is the new compression they are using.

I think the future will be this. For me, my "real" tablet is the Surface RT combined with a server running RemoteFX. My guess is that in a year or two we'll see "dumb tablets" that are literally just touch-screens for RemoteFX through DSP and wifi chips. Better battery life, more actual power.

You probably think Smart Glass for the Xbox 360 + iOS/Android/RT is stupid too?

Nice but not new and may be better ways (0)

dbIII (701233) | about a year ago | (#42553871)

How does RemoteFX stack up in real life instead of on paper compared with say OpenGL over X11 in 1999? Back then for a few weeks my animated desktop background on a Pentium90 was the "atlantis" screensaver (swimming 3D whales) thanks to some unused capacity on an SGI machine on the network.
For an MS Windows only comparison or *nix to MS Windows, how does it stack up against TurboVNC? I really don't see what RemoteFX can do that VirtualBox plus TurboVNC couldn't do a few years ago unless they've rewritten half of RDP to get better performance out.

Re:Nice but not new and may be better ways (0)

Anonymous Coward | about a year ago | (#42555123)

How does RemoteFX stack up in real life instead of on paper compared with say OpenGL over X11 in 1999? Back then for a few weeks my animated desktop background on a Pentium90 was the "atlantis" screensaver (swimming 3D whales) thanks to some unused capacity on an SGI machine on the network.
For an MS Windows only comparison or *nix to MS Windows, how does it stack up against TurboVNC? I really don't see what RemoteFX can do that VirtualBox plus TurboVNC couldn't do a few years ago unless they've rewritten half of RDP to get better performance out.

RemoteFX adds a WDDM driver for a physical GPU (or cluster) that can be partitioned in a VDI. When you log in with RDC version 8.0 (it might work as early as 7.1 I'm not sure) and the Hyper-V server has RemoteFX enabled, your desktop gets a virtual 3D adapter.

Can you run AutoDesk Rev-IT on your tablet with TurboVNC or OpenGL over X11? There is a reason I mentioned Crysis on the RT. Because it is viable today, and I cannot figure out why no one is raging about it...

Re:Nice but not new and may be better ways (0)

Anonymous Coward | about a year ago | (#42555179)

What are you smoking? What does RemoteFX providing GPU access for VMs have to do with tablet gaming? Why the hell would you run Crysis in Hyper-V guest?

Only relevant part for remote gaming is bandwidth and latency, and even with RemoteFX few enhancements to this it's nowhere near good.

And yeah, I could run 3D applications on my tablet over VNC for a long time. It's fucking streaming video plus command stream, why the hell would I be unable to stream it?

Go away and come back after you learn more than just buzzwords.

Re:Nice but not new and may be better ways (2)

dbIII (701233) | about a year ago | (#42555551)

RemoteFX adds a WDDM driver for a physical GPU (or cluster) that can be partitioned in a VDI

Yes, which is why I mentioned TurboVNC which has been doing the same sort of thing for a couple of years. I think I know how RemoteFX works, what I don't know is how it performs.

Can you run AutoDesk Rev-IT on your tablet with TurboVNC or OpenGL over X11?

Similar things of course even back in 1999 with that p90 and a 64CPU beast at the other end of a 10Mb/s pipe, I'd say exactly the same thing now with TurboVNC exporting a Windows7 screen running Rev-IT or blender or whatever.
Of course where RemoteFX and TurboVNC fail is they are just streaming bitmaps and they can't get the sort of acceleration you could get by sending less bits to do the same job in the form of OpenGL objects - like you could do back in 1999 and earlier with X. So while you may get something prettier than your local hardware could render in real time the frame rate is going to suck without a really fat pipe (so forget about wireless tablets doing it well) and you need at least some grunt in the graphics hardware to keep on refreshing those bitmaps so you may as well be rendering it locally anyway from 3D information on the server (eg. use OpenGL).
I can't see RemoteFX or TurboVNC as a viable option for something with a lot of 3D graphics and requiring decent frame rates. With your Rev-IT example I'm assuming it's a different story if it's like other solid modelling packages and there's not a lot of change to refresh (compared to a 3D game with lots of movement, textures etc) so any of the three options is going to look OK.

Re:Kudos (1)

Barlo_Mung_42 (411228) | about a year ago | (#42553407)

Did you know that you could already compile and run your own apps on it? They even give you the dev tools for free:
http://msdn.microsoft.com/en-US/library/windows/apps/hh974577

Re:Kudos (1)

GigaplexNZ (1233886) | about a year ago | (#42554495)

That link only applies to WinRT apps (ie the don't-call-it-Metro interface), it does not apply to desktop applications. This "jailbreak" only applies to desktop applications.

ARM desktop apps? (1)

Rob Y. (110975) | about a year ago | (#42559855)

You can compile and run your own apps on it if you happen to have completely rewritten them as metro apps. I wonder whether this jailbreak could unleash a protest movement to enable compiling WIN32 desktop code for ARM. Do the tools even exist for that?

Just because Microsoft wants to force-feed their phone/tablet ecosystem - and are willing to screw win32 developers to do it - doesn't mean there aren't plenty of win32 dev's with code out there they'd like to port. Microsoft should've provide a way to either make that code runnable in desktop mode on ARM or to minimally rewrite it to a metro wrapper that closes some security holes, etc, but allows an upgrade path. Maybe a popular revolt would do the trick.

Seriously, the attempt to deprecate desktop mode in Windows 8 is its biggest shortcoming - and I say that having just happily bought a new Windows 7 desktop yesterday (to run Linux on, but hey...). But apparently the old monopoly magic is gonna make Windows 8 succeed on PC's. Not so much on tablets.

Re:ARM desktop apps? (1)

cbhacking (979169) | about a year ago | (#42566803)

Not only do the tools exist for developing desktop apps for RT, they're actually the same (free, for the Express versions) Visual Studio tools used for developing Metro apps. You have to change one configuration file to stop it from bitching at you about not being able to create ARM desktop apps, and you'll find the list of .LIBs is sorely lacking, but the fix for the first was posted on StackOverflow weeks (months?) ago, and the second is easily fixed by "cutting" LIBs out of DLLs using scriptable programs which come with the build tools.

In fact, this hack would be mostly pointless if such tools didn't exist. Just because RT can now run desktop apps doesn't mean that it can run legacy (x86) software... at least without an emulator, which was one of the first things ported. Most programs recompile pretty smoothly, once you've gotten the tools set up. Just load the .SLN file in VS, select ARM as the target, and hit Build.

Re:Kudos (1)

ConceptJunkie (24823) | about a year ago | (#42560043)

Why wouldn't they?

Because in nearly 40 years, Microsoft has never been a good sport about anything, and the last thing Microsoft has ever wanted is any decrease in their ability to control what their users do.

Frankly, I'm surprised at their reaction. Maybe they already have a fix in the channels and know they will plug the hole soon.

I can't imagine Microsoft being so blase about this particular form of jailbreak, otherwise they wouldn't have bothered to implement the app lockout in RT in the first place. The whole point of Windows 8 seems to be, yeah, there are the usual improvements and bug fixes that come with each new release of Windows, but primarily the whole point of the product seems to be nothing more than laying the groundwork for their own walled garden, and to get a foothold in the mobile device market where they have been foundering for years.

If you take away the drive towards the walled garden and the idea of running Windows on tablets and phones, nothing about Windows 8 makes any sense.

Re:Kudos (0)

Anonymous Coward | about a year ago | (#42569907)

Because in nearly 40 years, Microsoft has never been a good sport about anything

Besides letting rampant piracy go virtually unchallenged to ensure market dominance...

Re:Kudos (4, Informative)

Jerry Atrick (2461566) | about a year ago | (#42552995)

They don't have a lot of choice. The 'hack' leverages the debug support. Can't remove that support while they desperately need devs and it won't be easy to safely plug exploits via it. While the debugger is available there's no point blocking the exploit, it's certain another will be found as quickly as they can fix them.

In a few months when they've had time to decide if RT is worth continuing expect them to do something drastic disruptive to block jailbreaks. While it's struggling there's no point.

Re:Kudos (2)

gadzook33 (740455) | about a year ago | (#42553117)

I'm sure this won't be the popular opinion here but I'll bet money right now that they quickly wipe out jailbreaks on RT. Bear in mind that the *first* jailbreak is not trivial but an incredibly sophisticated break compared to the early iOS breaks. That being said, I agree with everyone that RT should be opened up. Where I work we've already given up on RT (and we're not too thrilled with 8). If MS wants to keep our business, they're going to need to lighten up.

Re:Kudos (1)

icebike (68054) | about a year ago | (#42553591)

That they didn't lead the charge with a bunch of lawyers does not mean they won't try to
fix the problem.

The guy did them a service, finding a hole that they can now try to patch.
Further Microsoft knows that this will only be used by a quarter of the 28 existing Windows RT users, so its no big deal.

Applause? (4, Insightful)

guttentag (313541) | about a year ago | (#42552847)

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

Re:Applause? (0)

Anonymous Coward | about a year ago | (#42553051)

Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

Linux and BSD have the exact same "security hole": being root and having debug privileges allows you to edit memory to change the code to do anything you want, including launching binaries not normally allowed. Somebody better tell Torvalds and de Raadt to get to work on a fix. LOL

Re:Applause? (4, Funny)

Anonymous Coward | about a year ago | (#42553075)

Linus Torvald hereby announces that he will be the only person with Root access on all Linux systems. He will not share the passwords with anybody.

Theo removes Root access even from himself.

Re:Applause? (4, Informative)

AdamStarks (2634757) | about a year ago | (#42553053)

They could also just be reminding everyone that this "feature" is not officially supported. It's very possible that there are legitimate reasons to change the implementation of the security mechanism in ways that break the tool.

Keep in mind they didn't take any action against the homebrew Kinect stuff.

Re: Applause? (0)

Anonymous Coward | about a year ago | (#42554241)

Microsoft is becoming sentient.

Re: Applause? (1)

AdamStarks (2634757) | about a year ago | (#42554333)

Since when did playing devil's advocate call for that kind of insinuation?

I must have forgotten to end my post with a cynical anti-M$ blurb. Ya know, a unique contribution that really enhances the discussion.

Re: Applause? (0)

Anonymous Coward | about a year ago | (#42556425)

Seriously, I get so sick and tired of the anti-Microsoft echo-chamber that I just can't bring myself to visit Slashdot often at all anymore.

Oh, and just so you DON'T HAVE TO FUCKING WONDER, I'm a Unix admin with about a dozen years of experience that has not touched a Windows machine in weeks.

Goodbye.

Re:Applause? (2)

cbhacking (979169) | about a year ago | (#42555561)

Note that this hack does actually make use of a genuine security vulnerability. Specifically, the user-mode system process CSRSS.EXE (Client/Server Runtime SubSystem) makes a bunch of calls into the kernel. The kernel checks that CSRSS is the process making these calls, but beyond that, it doesn't bother validating the parameters much, if at all. Some of the calls have parameters that, if deliberately modified, can be used for write-only access to kernel memory. That's what this hack is doing: changing a kernel-mode flag that controls what signature level is required on EXEs (RT defaults to "Microsoft", or 0x80000 x86 Windows defaults to "None" or 0x00000; this hack simply decrements that memory address by approximately 0x80000 depending on the state of the other flags).

This vulnerability has existed for years, and previously has not been worth patching. In order to exploit it, you need to attach a debugger to csrss. In order to attach a debugger to a system process, you must be Admin. If you're Admin, you *used* to be able to just attach a debugger to the kernel directly. However, doing so requires a bootloader option change, and Secure Boot on Windows RT device prohibits adding the debug flag to the bootloader configuration. Therefore, while this bug was never before a priority for MS to patch (why bother, when they can squeeze a bit of performance out of skipping the parameter checks and the security is functionally identical?), the fact that Admin on RT does *not* automatically also imply kernel access means they may re-evaluate the priority of the bug.

Re:Applause? (1)

gl4ss (559668) | about a year ago | (#42558017)

the kinect stuff is way, way more different.

they made a high level political decision about this being out of limits on RT. it's not a question about support or it's technically feasible, it was a question of promoting metro and the app market.

Re:Applause? (1)

ConceptJunkie (24823) | about a year ago | (#42560103)

It seems to me the homebrew Kinect stuff can only affect Microsoft by causing more Kinects to be sold. Jailbreaking RT obviates the whole reason it exists.

Re:Applause? (1)

AdamStarks (2634757) | about a year ago | (#42560981)

There were arguments on Slashdot that the homebrew Kinect stuff actually could hurt Microsoft. They could no longer assume that 8 million Kinects sold meant 8 million Xbox 360 systems with the Kinect peripheral, which turn could make it harder to convince developers that there's an actual market for Kinect games.

I have no idea if that's true, I just remember it being brought up around here.

Re:Applause? (1)

cbhacking (979169) | about a year ago | (#42566835)

Similarly, jailbreaking RT can be argued to give it a new reason *for* existing. Before, it was a partially crippled device which had excellent battery life and portability, but you were so restricted in what you could do with it, no matter where you were or how long the battery lasted, that it wasn't as compelling a purchase. The Windows Store is ramping up quickly, but there will always be some classes of apps that just can't run in it, or at least not practically, and there will be more people who choose not to go through the effort of re-writing their UI for the new interface. It's a lot easier to take an existing Windows app's source code in VS 2012, open the Configuration Manager, select "ARM", and hit build again...

Re:Applause? (1)

ConceptJunkie (24823) | about a year ago | (#42606119)

True, but clearly Microsoft has clearly considered this scenario and rejected it.

Jailbreaking RT might be a great thing, but it's not what MS wants or they wouldn't have made it necessary in the first place. I think they place as much importance on control as they do sales.

I could personally do some cool stuff with a jailbroken RT machine since I run a lot of open-source software, but I would be afraid of Microsoft doing everything in its power to plug that hole and leaving me with a device that only runs don't-call-it-Metro apps.

If, on the other hand, they were to relent and not try to stuff the genie back in the bottle, it could be a win all around.

Re:Applause? (1)

ConceptJunkie (24823) | about a year ago | (#42606047)

Perhaps, but Microsoft has released libraries to use Kinect with Windows. I would think that they would be doing everything they can to come up with ways to use this innovative and successful device as a new peripheral for computers because:

1. There are possibly some really cool applications of Kinect technology that could enhance Windows (though I'm not too sure what they would be... certainly using a Kinect to control a Windows Media Center could be very useful).
2. There would be a reason to purchase a Kinect beyond using with the X-Box, which means more sales.

Maybe 8 million Kinects no longer means 8 million X-Boxes, but what if it's 16 million Kinects instead?

On the other hand, jailbreaking RT means more people might be using it, but they wouldn't be using it in ways that Microsoft intended. Of course, if that happens, then it goes to show Microsoft's short-sightedness or narrow-mindedness in creating such a crippled product in the first place. Nonetheless, I would think that maintaining control of how their products are used is as important to Microsoft (for better or worse) as is their ability to sell them.

Re:Applause? (1)

grcumb (781340) | about a year ago | (#42553395)

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

Also, now we know where to put the crocodiles.

Ok (1)

M0j0_j0j0 (1250800) | about a year ago | (#42552853)

This is a very honest question, who would want to buy this Windows RT?

Re:Ok (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#42552951)

People who can't tell a 'Surface' and a 'Surface Pro' tablet apart; but see that one is thinner and cheaper... Never you mind about those return rates.

Re:Ok (1)

vux984 (928602) | about a year ago | (#42554781)

The RT is notable for its better battery life too. Depending on the circumstances its the right option for the right person... not me personally, and probably not here in the slashdot echo chamber... but it would probably be the right choice for my mom.

Re:Ok (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#42558117)

It's not that it's necessarily an objectively bad product(reports are that 'metro' is actually an OK interface on the devices it was designed for), just that 'Windows RT' is the biggest break with backwards compatibility in the history of Windows, yet it is sold in a package barely distinguishable from Windows 8 devices that have roughly the behavior and backwards compatibility that people expect from 'Windows'.

Re:Ok (1)

Anonymous Coward | about a year ago | (#42552965)

I don't know. But it's fair to say that before this jailbreak and Microsoft's pleasantly surprising reaction to it, I wouldn't have even considered the question. Now it might be worth looking at.

Re:Ok (2)

Sylak (1611137) | about a year ago | (#42552997)

I would like a Windows powered tablet personally, and now that there's a way to deliver software outside of the Windows store, I've got a bit more incentive to buy one.

Re:Ok (1)

cbhacking (979169) | about a year ago | (#42555223)

You could always deliver sideloadable APPX packages. They would require your users to install a developer license (free, supported, less complicated than this jailbreak tool, and doesn't rely on a patchable OS security hole) but it works fine. In fact, this tool requires sideloading such a package already.

The difference is that APPX packages (bundled "Metro" apps) only work for apps that run within an "AppContainer" sandbox. That means very restricted access to the whole system, no ability to run as Admin, no ability to run as a service, and almost no ability to run on the desktop (the final item is, unofficially, partially possible but it's a total hack). This "jailbreak" (I don't care for the term but can't come up with a better one) allows you to simply compile normal Windows binaries for ARM and run them like any other .EXE.

Re:Ok (2)

PPH (736903) | about a year ago | (#42553087)

Restate the question: Who would want to buy ARM hardware without knowing whether they would be locked into Windows RT forever. Or could rescue the hardware by loading some other O/S.

This is going to boost the market value of used ARM devices. It may have the perverse effect of selling some more Windows RT, as people don't have the useless brick issue to deal with should they tire of RT.

Re:Ok (1)

petermgreen (876956) | about a year ago | (#42555765)

Note that this "jailbreak" allows the user to trick the kernel into disabling the signature requirements for desktop apps.

It does not let them directly mess with the kernel itself or load an alternate OS.

Re:Ok (1)

Sepodati (746220) | about a year ago | (#42556421)

I'd buy one, but I'm just an average Internet user. Browsing, mail, maybe a video here and there. So long as few of the popular tablet games get copied over into the RT Store, I'd be totally content with it. For the right price, though, of course.

I'm sure there are plenty of other folks like me, but all you hear is the squeaky wheels around here.

I also have no problems using Unity or Windows 8... just to peg out your rage meter... :)

ARMless (5, Funny)

OhANameWhatName (2688401) | about a year ago | (#42552863)

allow for the execution of unsigned ARM desktop applications

Awesome! Quick, somebody write some applications!

Re:ARMless (2)

ChunderDownunder (709234) | about a year ago | (#42552933)

Supposing RT does indeed include the full Win32 API to support Office, for many FLOSS applications it's theoretically as simple as a recompile.

e.g. when I evaluated a simple text editor that would work on both Linux and Windows, with easy installation, I chose geany (sorry emacs/vi users!) The code is cpu and OS agnostic, so there would be minimal porting to ARM Win32 provided the code for Windows didn't contain too many x86-isms.

Re:ARMless (1)

PRMan (959735) | about a year ago | (#42553177)

I don't think Windows RT includes the full Win32 API.

Re:ARMless (3, Informative)

Gwala (309968) | about a year ago | (#42553845)

Actually it looks like it does from my own examination of a Surface - it's just locked so that only Microsoft can use it.

Re:ARMless (2)

cbhacking (979169) | about a year ago | (#42555241)

Gwala is correct, and the purpose of this hack is to remove that restriction. There are a handful of apps which have already been ported. PuTTY, TightVNC, Bochs, and 7-Zip were the first. There are ongoing efforts to port more (including some mildly ambitious projects, like Firefox, Chromium, Thunderbird, Java, and Python).

Additionally, any pure .NET 4.5 app will run, unmodified, on the Surface RT after "jailbreaking". It has to be entirely 4.5 though; Windows RT doesn't include the legacy versions.

There's a thread on the XDA-Developer forums with a list of ported software: http://forum.xda-developers.com/showthread.php?t=2092348 [xda-developers.com]

DEAR SOME APPLICATIONS !! (0)

Anonymous Coward | about a year ago | (#42553071)

In reference to the request of a lost soul, I am writing to some applications, whom I believe to be you !!

I have satisfied his wish, for which I want to thank all those involved: The Academy, the Marx Brothers, George Burns, and Alf.

Yours for evermore,
Phil Lynott

do these count? (0)

Anonymous Coward | about a year ago | (#42555899)

Dir /s
Filesystem viewer

Cls
Flashlight app (white background required)

congrats! (3, Funny)

DrEldarion (114072) | about a year ago | (#42552961)

I'm sure the three people using windows rt are grateful.

Re:congrats! (2, Funny)

Anonymous Coward | about a year ago | (#42552993)

I'm sure the three people using windows rt are grateful.

Those three people? They're WINNING.

They are not full of grate, they are full of windows.

Re:congrats! (1)

Anonymous Coward | about a year ago | (#42553849)

Ha ha. Three? There are TENS of users now.

Re:congrats! (-1)

Anonymous Coward | about a year ago | (#42554615)

Sorry to disappoint you, but I have just got rid of nokia's windows rt phone, so there are only 2 users left.

Microsoft applauded the hacker for his ingenuity (4, Informative)

hcs_$reboot (1536101) | about a year ago | (#42553323)

I was not used to that behavior... Things change at Microsoft!

Re:Microsoft applauded the hacker for his ingenuit (1)

Anonymous Coward | about a year ago | (#42554787)

But in the same written statement, MS said it will be patched in the future.

Re:Microsoft applauded the hacker for his ingenuit (1)

Anonymous Coward | about a year ago | (#42556305)

Whereabouts?

The quote I see is

We’ll not guarantee these approaches will be there in future releases.

... which isn't saying they WILL patch it, just that it's not a supported thing that they will guarantee will always be there. That's fair.

Re:Microsoft applauded the hacker for his ingenuit (1)

ConceptJunkie (24823) | about a year ago | (#42560179)

I see their compliment sort of like a scene in an action movie:

"Ah, Mr. Bond. Your escape from my heavily armed henchmen was clever. Very clever, indeed. But let's see how clever you are when I drop you in the piranha tank."

It's good PR on their part to not act offended, but I would bet they are.

Now to see whether MS buys these people off (1)

sethstorm (512897) | about a year ago | (#42554149)

If they can maintain their independence from Microsoft, unlike the sellouts from the WP7 era, more power to them.

Flashing shitty windows 8 with Android rom? (0)

Anonymous Coward | about a year ago | (#42554597)

Will this allow me to flash this shitty windows 8 with some Android rom (cyanogenmod or something)?

What's the point? (1)

lseltzer (311306) | about a year ago | (#42554915)

I really don't see the point of jailbreaking this device. [informationweek.com] There is no native Windows software that will run on it because that's all x86 code. You could run .NET code (at least some, we don't know if the full .NET is in there). And while it's possible to write native Windows programs for ARM, who's really going to do that for the few systems that are jailbroken? BTW, there is no simple jailbreak procedure to invoke this. It's complicated.

Re:What's the point? (1)

cbhacking (979169) | about a year ago | (#42555279)

The "why" is twofold. First of all, it's there, and we could. People have been working on this since literally launch day. Hackers gonna hack. Second, the Surface RT (and presumably other Windows RT devices) actually make very nice highly portable computers. With the familiar Windows interface and standard system tools, plus the keyboard and mouse provided by the cover, and excellent battery life... the only thing they are missing is software. The restrictions on third party apps (the AppContainer sandbox) makes it difficult to do things like create a decent IM client that is permanently connected without any lag, or an x86 PC emulator. Furthermore, all of the UI and much of the program code will need to be re-written (in most cases, at least) even if you want to target a Windows Store app.

This jailbreak largely solves the second problem. While closed-source software is still not going to be available, it turns out to be very easy to persuade Visual Studio to build desktop apps for Windows RT (something it's not *supposed* to do, but is fully capable of) and people have been working on re-building open-source software pretty much all day. The list is growing slowly at the moment, but it is growing.

As for complicated... not really. The most complex part is installing the sideloaded Metro application, and there's a script that almost completely automates that part. The rest is easy; run the tool, press Volume Down when instructed to do so, hit Enter and you're done.

Rabble Rabble Rabble (1)

AlphaBro (2809233) | about a year ago | (#42554949)

I know this is /. and we rabble rabble hate M$$$$$ rabble, but can someone point me to another company that actually applauded the hackers who jailbroke their hardware? The standard reaction is quite the opposite.

Re:Rabble Rabble Rabble (0)

Anonymous Coward | about a year ago | (#42555137)

I don't know and I don't care, but I can point you to companies which make hardware that doesn't need jailbreaks in the first place.

Anyways, applauding hackers who find vulnerabilities isn't uncommon and it's orthogonal to jailbreaking. Note how they "applaud the ingenuity", not approve of jailbreak (which "We’ll not guarantee these approaches will be there in future releases.")

So yeah, "g1 u guise, c u next Patch Tuesday, lol"

Now desktops need a jailbreak utility (0)

Anonymous Coward | about a year ago | (#42555339)

How times have changed.

(Well technically Windows RT is only used on tablets right now... but that will soon change.)

Not a Jailbreak (1)

mic0e (2740501) | about a year ago | (#42555463)

A jailbreak is some sort of privilege escalation from inside a locked-down system, using bugs in the system. This "hack" just consists of attaching a debugger to the running system, which is perfectly allowed, and modifying the live memory. That might be hard, since debug symbols are probably not released by Microsoft and source code is not available, but it is by no means anything security-relevant.

Re:Not a Jailbreak (1)

mic0e (2740501) | about a year ago | (#42555487)

Anyway, it's great marketing for Microsoft - this is the first time I actually hear about the Surface on the news in a 'positive' way.

Re:Not a Jailbreak (1)

cbhacking (979169) | about a year ago | (#42555631)

You came *so close* to understanding, and then you lost it.

This hack involves the following steps:
1. Probe the address of a kernel flag.
2. Attach a debugger to the user-mode CSRSS.exe and modify a function call it makes into the kernel using info from step 1.
3. Execute the function call to change kernel-mode memory.

Step 1 is fairly legit, even though it's not really supposed to be possible from a WinRT app.
Step 2 is completely legit, assuming step 1 succeeds.
Step 3 is the tricky one. This is not a kernel debugger, those are *NOT* allowed on Windows RT devices. But, it's changing *kernel* memory (because that's where the relevant flag resides). HOW'D THEY DO THAT?!?

Turns out that the kernel trusts CSRSS a lot, and doesn't validate the parameters of some calls it makes. Some of those parameters can be used to modify kernel memory. It's a write-only process, but we know the target address (from step 1) and we know (approximately) what the desired value is - more accurately, we know the difference between the initial value and the desired value, which is good because the exploit works by decrementing the value - so that's usually not a problem.

Anyhow, this fully meets your definition of a jailbreak.
"some sort of privilege escalation": Yes, from Admin (required to attach the debugger) to kernel. Not normally a boundary that matters, which is why a multi-year-old exploit was left unpatched and we were able to use it, but on Windows RT there is in fact a boundary between Admin and kernel.
"from inside a locked-down system": Pretty much obvious, although it's worth noting that this hack requires already being able to sideload a sandboxed app and attach a debugger to a user-mode system process, which is a lot less locked down than some other systems.
"using bugs in the system": Yep. The kernel could, and arguably should, prevent CSRSS from sending it invalid parameters like that; the API in question isn't actually supposed to allow decrementing an *arbitrary* memory address.

That said, it's earned MS a lot of press coverage in the tech community, and there's been a lot of excitement over the hack amongst RT users, so hopefully they don't patch this out without providing an alternative method (or until we find one ourselves...)

Re:Not a Jailbreak (1)

ledow (319597) | about a year ago | (#42556011)

Take a simpler view of it.

Using a stock device, and some external software that's easily available and can send certain commands, you can modify the device remotely and run arbitrary code on it.

Sounds like a jailbre, ak on a closed to me. It's like saying that plugging in a USB device into a laptop gives you admin access, or that you can send certain packets over the network to a machine and end up with admin access.

Those functions shouldn't be available remotely, the processes should have permission to modify kernel memory and there shouldn't be a magic binary switch that lets you run arbitrary programs - if MS are actually serious about locking down the machine.

This is no different to any other jailbreak, some of which are as simple as getting to an internal command prompt, some of which involve exploiting save game files to cause a crash. But they all gain access to a "locked-down" machine using nothing but what's installed on the machine and a remote device.

Physical access to a machine is game-over, anyway. We all know this. But this is about something which doesn't require anything more than a USB cable or network connection and sending the right packets to the remote debugging service to gain full access.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...