Windows RT Jailbreak Allows Unsigned Apps To Run
Windows RT is pretty darn similar to Windows 8, but Microsoft just couldn’t help itself from locking things down to make it that much less useful than a proper general-purpose computer. If you’ve been looking forward to the day when someone might get around to jailbreaking the platform, allowing the installation of unsigned, non-Windows-Store apps, we’ve got good news, upon one hacker discovering the key to opening up RT devices like Microsoft’s Surface tablet.
It all boils down to one byte in memory, which the platform refers to in order to judge what level of control it should enforce over permissible apps. Normally, Windows RT limits apps to those signed only by Microsoft. Changing that value unlocks the system and allows the use of any compatible app you choose.
Of course, it’s a little more complicated than that, mostly because fiddling around with system memory isn’t too easy on an already-locked platform. The key to this exploit is connecting a Windows RT device to a remote debugger, and delivering a payload that changes that permission byte.
Unfortunately, the secure boot process means that the OS will be re-locked next time it starts up, but this is still a huge step forward for the RT development scene.