Hack to run traditional desktop apps on Windows RT detailed

Jos

Posts: 3,073   +97
Staff

Microsoft's ARM-based version of Windows is only intended to run Metro-style apps downloaded directly from the Windows Store as well as a pre-loaded, touch-oriented version of Office and IE10. But an enterprising hacker claims to have come up with a workaround that would in theory enable any unsigned application, even those designed for the old Windows desktop, to run on Windows RT.

According to the hacker, who goes by the online moniker "clrokr", the restriction of installing only Metro-style apps on Windows RT is enforced through a code integrity mechanism that checks the application's signature before allowing it to be installed. This mechanism is hardcoded in the kernel itself and cannot be modified permanently in systems using UEFI Secure Boot.

It can, however, be changed in memory.

Using some clever reverse engineering, clrokr discovered the location of this setting in memory, and then used Microsoft's remote debugger to execute some code and alter its value.

So what exactly does this mean? For one thing, since the procedure requires changing a setting in memory, the "jailbreak" will be reverted after every reboot and just must do the whole thing each time to run unsanctioned apps. This isn't something the average Windows RT user will be able to do.

Another limitation is that x86 desktop programs can't simply be installed on Windows RT, they need to be recompiled for the ARM architecture. According to a discussion thread on the XDA-Developers forums, some users have already managed to get Putty and TightVNC working on Windows RT, and there's talk about porting Chromium as well. For open-source programs like these that might be easier to do, but for closed-source programs the original developers would have to create versions for ARM.

windows

Clrokr concludes that Windows RT is a clean port of Windows 8, and that the decision to ban traditional desktop applications was not a technical one. Microsoft on the other hand has argued the reason for the lockdown boils down to making sure Windows RT tablets are stable and have long battery life.

Permalink to story.

 
Well... it sounds like they would have to be recompiled for ARM anyway you look at it...
 
Another limitation is that x86 desktop programs can't simply be installed on Windows RT, they need to be recompiled for the ARM architecture.
Doesnt that sort of defeat the purpose then?
 
For every effort the corporates take to limit the public, hackers find the backdoors, front doors, loop holes and re'imagine the concepts in such lateral ways they will never win. someone is always smarter. RESPECT
 
M$ really dropped the ball with their Apple like pricing and limited functionality.
 
Although it's not practical at all, that is a damn clever hack.

Damn right statement, though I wonder people have so much time to do this kinda hardcore stuff.

This is hardly "hardcore". It's about knowing how things work. Perhaps being an MIT student gives me some sort of bias but this is pretty trivial.
I actually thought the guy found a secret ARM dynarec/binary translator, but personally I would have allowed running native executables (recompiled).
 
Back