2013年1月8日火曜日

Windows RT jailbroken to run third-party Desktop apps

It was only a matter of time: Windows RT has been hacked to allow non-Microsoft applications to run in Desktop. Prior to this hack, your Windows RT tablet (such as the Surface RT) could only run Metro apps, a special, touch-oriented version of Office… and that's it. Now, in theory, you can run any Desktop app on Windows RT
The hack, performed by Clokr, exploits a vulnerability in the Windows kernel that has existed for a long time — since before Microsoft ported Windows from x86 to ARM, in fact. Basically, the Windows kernel on your computer is configured to only execute files that meet a certain level of authentication. There are four levels: Unsigned (0), Authenticode (4), Microsoft (8), and Windows (12). On your x86 Windows system, the default setting is Unsigned — you can run anything you like. With Windows RT, the default, hard-coded setting is Microsoft (8); i.e. only apps signed by Microsoft, or parts of Windows itself, can be executed.
If you've ever wondered what some low-level exploit code looks like, now you know
Now, in theory, you could change this hard-coded setting– but all Windows RT devices use UEFI, and so Secure Boot detects the altered code and locks the system down.Secure Boot doesn't stop you from changing the setting in memory, however — and that's exactly what Clokr has done. By using some fairly simple (but ingenious) reverse engineering, Clokr discovered the location of this setting in memory — and then used Microsoft's remote debugger (usually used to debug Metro apps on a Surface RT) to execute some code that altered the value stored in memory. Voilà: A completely unlocked version of Windows RT that will run any Desktop app.
There are some complications, of course. First, you need to run the "jailbreak" every time you reboot (though it's not like you reboot a tablet very often). Second, you will need some developer tools to perform this jailbreak (but hopefully someone releases a standalone tool in the near future). Third, you are still limited to Desktop apps that have been compiled to ARM. It's easy to recompile an x86 program to ARM, but there currently aren't a lot of Desktop ARM apps in existence. You're not suddenly going to run Photoshop on your Surface RT, or Call of Duty. For the most part, you will be limited to apps that you compile yourself — but hey, over on XDA Developers, some users have already managed to get Putty and TightVNC working on Windows RT (pictured above).
It is a little bit ironic that Microsoft engineers slaved over Windows RT to make it a perfect port of x86 Windows, and yet the Microsoft bigwigs decided to artificially lock the operating system down. Again, the only thing preventing Windows RT from running third-party Desktop apps is that single digit setting; otherwise, Windows RT is a clean port of Windows 8.
… and not one of them is an official app
Ostensibly Windows RT is locked down for usability reasons — consumers really don't want a tablet that is unstable, has unreliable battery life, or is constantly under attack from malware — but Microsoft could've easily made the setting configurable. It just seems so arbitrary to prevent Windows RT users from ever installing Desktop apps, especially when the Windows Store is devoid of so many critical apps. There are thousands of apps (open-source or otherwise) that could be compiled to run on the Windows RT Desktop, and yet Microsoft doesn't want to hear it. It is understandable that Microsoft wants to keep the tablet experience "pure" — but then why include the Desktop at all?
I don't think we'll ever know why Microsoft disabled third-party Desktop apps on Windows RT — but now that it's been jailbroken, Microsoft has two options: Plug the hole, or embrace the change and roll out a fix that allows users to disable the setting in the Control Panel. Here's hoping for the latter.
 
 

0 件のコメント:

コメントを投稿