Only a few days ago, we broke news that the Windows RT Tablet had been Jailbroken allowing the sideloading and execution of unofficial Apps on the ARM architecture. The Windows RT Jailbreak was a glimmer of hope into Microsoft’s cheaper version of Windows running standard Desktop applications – an omission that seriously restricted Windows RT. Microsoft quickly released a statement regarding the Jailbreak, stating that it didn’t consider it a security risk.
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.
But that’s all it was, a glimmer of hope – until today.
A user by the name of netham45 of XDA Developers has released a Windows RT Jailbreak tool. Put simply, it is a batch file that, when run, automates the Jailbreak process using the exploit found by clrokr a few days ago, allowing unsigned Apps to be sideloaded. The bad news is that the value this exploit changes in the kernel gets reset on each reboot so for now at least, this Jailbreak is tethered – meaning it has to be rerun on each reboot.
Extract to a folder on your tablet, double-click ‘runExploit.bat’.
The first time you run the exploit (or if you ever uninstall the ModernUI component of the exploit) it will launch Powershell to install the ModernUI app. Follow all the prompts that it gives you during install.
Boot your RT device and log in, allow it to sit on the desktop for about a minute.
Run runExploit.bat, wait for it to do it’s thing (shouldn’t be more than 20 seconds or so)
Press Volume Down
Wait for runExploit.bat to finish, answer any prompts it gives. They should all be fairly self-explanatory.
With the development of an easy to use tool, hopefully this will open the floodgates to not only improve the exploit, but also begin developing homebrew Apps. On the bright side, even if Microsoft do reconsider this to be a “security risk”, the creator of the tool believes a simple patch will not fix it.
Q) Can Microsoft patch this?
A) Yes and no. They can patch it through Windows Update, but since we have the ability to reinstall from recovery partitions we can revert any Windows Updates they release.
Click here to download the batch file, and be sure to let us know how you get on.
[Source XDA Developers]