“Recently, a method was found for Windows RT that allowed running unsigned code through a rather clever exploit. This method has now been turned into a full fledged tool by XDA Developers member Netham45. All the details are over in this XDA post, including the download.” Super-simple, even a child can do it. A big <3 to XDA.
Would one be able to wipe Windows and install Cyanogen with this hack?
Nope, this is a kernel hack, not a UEFI firmeware hack. In other words, you still can’t boot unsigned code, you can only run it once the OS is in place. But it’s a stepping stone to start attacking the firmware.
saso,
“Nope, this is a kernel hack, not a UEFI firmeware hack. In other words, you still can’t boot unsigned code, you can only run it once the OS is in place. But it’s a stepping stone to start attacking the firmware.”
It will likely be necessary to flash an unrestricted EFI firmware over top of the restricted one that comes with the device. So it may take a while to reverse engineer but assuming we can find a way to re-flash the firmware from within windows then it will happen.
If I understand correctly, it changes some value in the memory that allows to run unsigned applications. It doesn’t hack the bootloader to be able to boot any operating system.
Microsoft’s own response was that–even though they see the hack as no security threat–they will be patching against it in the future (go figure). It seems like the best thing to do if your requirements are to run Windows and Windows software compiled for x86 is to just get an x86 Windows machine with Win8 instead of an ARM machine with WinRT. Or if your Windows software needs are not as heavy, use Wine.
This is just going to lead to yet another Corporation vs. Customers conflict where Microsoft continually patches their OS purely to control their users, the users will just continually use new methods to gain access to their own systems… and yet another feud between will dominate tech news for months. Apple and Sony style.
You’d have thought that a special jailbreak tool would either be put in your Startup folder or run as a service and then “forgotten about” (i.e. it would run non-interactively each time you boot, so you’ve effectively got a jailbroken machine every time you start it).
Not this jailbreak tool, though. Here’s what the XDA post says you have to do:
* Extract a batch file and run it to install part of the hack.
* Reooot your RT machine and wait a minute at the desktop (this is like a recipe for instant noodles!).
* Run the extracted batch file again.
* Wait for 20 seconds (let the noodles cool).
* Press the Volume Down key (WTF?).
* Wait some more time for the batch file to finish, *including* some possible interactive prompts.
Those final 4 steps have to be done *every* time you boot! A new tool needs to come out where it’s completely non-interactive (and when the jailbreak is done, it displays a success or failure notification somewhere ideally). Until then, this isn’t fit for anyone’s consumption, IMHO.