No holds barred -- Windows RT can be jailbroken
What's the first thing that springs to mind when you encounter the term "jailbroken"? Naturally, iPad, iPhone or iOS are among the most likely answers, but what about Windows RT? Microsoft's tablet operating system also embodies a walled garden principle, however, similar to some Apple products, a developer uncovered a method to run unsigned apps, by exploiting a kernel vulnerability.
The jailbreaking method currently available for Windows RT is aimed at more advanced users that are familiar with modifying system files, as there is no installer or one-click-to-jailbreak solution ready. Daring users have to change the minimum signing level from "8" (also known as "Microsoft" level) to "0" (also known as "Unsigned"), the latter, which is the default value for the x86 counterpart, Windows 8. Sounds easy, but the process is not.
Using the Windows Debugger and Microsoft's ARM Assembler (also known as WinDbg), users have to store a "small payload", set a breakpoint right "after the legitimate NtUserSetInformationThread call in TerminalServerRequestThread", press the volume button to activate it, redirect the instruction pointer to the payload found in memory, set another breakpoint and afterwards set the instruction back to the first breakpoint only to remove both breakpoints at the end of the process. Pressing F5 after gets the wheels in motion.
It all sounds rather complicated to be honest, but at the time of writing this article users have reported running PuTTY, after compiling the open-source telnet and SSH client, and the 7-Zip benchmark, for instance.
When and if the jailbreaking solution will be made available in a more user-friendly package is unknown, but it could potentially turn Microsoft's Windows RT tablet operating system into a hacker's delight. As is the case with the Android modding community, that is an advantage not to be taken lightly.