Jailbreak Windows RT To Run Third Party Apps

If you have used Windows RT in any device including Microsoft Surface, you should have known that Microsoft only allows the installation of Microsoft signed apps. The Microsoft approved apps are available in Windows Store. If you want to run any Desktop app on Windows RT which is not signed by Microsoft, you are out of luck.

RT Jailbreak Tool

Security signing is a part of Microsoft’s implementation of security in Windows. All the apps signed by a trusted authority mean that we can trust the app we are installing. There are four levels of signing applications and files.

  1. Unsigned (0)
  2. Authenticode (4)
  3. Microsoft (8)
  4. Windows (12)

If you want to run an unsigned application on a system with configuration of Authenticode, you will not be able to run or install it. Similarly, you need to have an appropriate level of signing to install particular apps. Generally, all third party apps are signed with Authenticode while Microsoft apps are signed with Microsoft code. Windows (12) is the highest level of signing and can be trusted without exceptions. These are usually system files required to run Windows.

The purpose of explaining all this is that while Windows 8 on Desktop computers comes with a 0 signing level, Windows RT on Microsoft Surface comes with Microsoft (8) signing level. This is why all apps which are even signed by third party vendors are unable to be installed on Windows 8.

A hacker named clrokr has been able to exploit this signing level by changing the value from 8 to 0. This means that after executing the exploit, the user will be able to run unsigned applications on Windows RT. Windows RT stores this value in the Kernel. Since Microsoft Surface comes with UEFI, it will revert any changes made to any system files. Clrokr was able to change the value from the Kernel loaded in RAM. This means that a user implementing this exploit will need to run this exploit every time Windows RT is restarted.

Enhancing clrokr’s exploit, Netham45, has been able to create complete batch file which when run will be able to jailbreak Windows RT by changing the signing value in the memory every time the system is restarted.

There is no need to jailbreak RT until next reboot

While there is no guarantee that the hack will work or how long it will work, people on XDA Forums are already reporting that they are able to port many third party Desktop apps in Windows RT. And since this exploit gets over when you restart your Surface RT tablet, it should not cause any problems or warranties getting void. If you encounter any problem, just restart your tablet and everything should be running fine.

[download id=”58″]

What is your experience with jailbreaking Windows RT? Share with us in the comments below.