Microsoft’s attempts to mirror Apple’s success by releasing a locked in Surface tablet have gone exactly the same way as any Cupertino plan. Someone has jailbroken the tablet and made the effort pointless.
Windows RT has been hacked to allow non-Microsoft applications to run in desktop. When Vole shipped the tablet you could only run Metro apps, a special, touch-oriented version of Office… er that was it.
A hacker called Clokr managed to exploit a vulnerability in the Windows kernel to free the Surface from Microsoft’s walled garden.
What is embarrassing for Microsoft is that not only has its Surface been jailbroken, but it was taken down by an ancient vulnerability in Windows.
The Windows kernel can only execute files that meet one of four levels of authentication: Unsigned (0), Authenticode (4), Microsoft (8), and Windows (12). On your x86 Windows the default setting is Unsigned and you can run anything.
But Windows RT, the default, hard-coded setting is set to Microsoft (8) which means that only apps signed by Microsoft, or parts of Windows itself, can be executed. Secure Boot detects any altered code and locks the system.
But Secure Boot doesn’t stop you from changing the memory settings and that is what Clokr did by using some reverse engineering.
Clokr discovered the location of this setting in memory used Microsoft’s remote debugger to execute some code that altered the value stored in memory.
The downside is that you need to run the “jailbreak” every time you reboot and you will need some developer tools. But it is only a matter of time before someone releases a standalone tool to do the job.
Extreme Tech points out that it was silly that Microsoft engineers slaved over Windows RT to make it a perfect port of x86 Windows, and yet the Microsoft bigwigs decided to artificially lock the operating system down.
The jailbreak is proof that the only thing stopping Windows RT from running third-party Desktop apps is that single digit setting; otherwise, Windows RT is a clean port of Windows 8.