Windows RT exploited to run unsigned non-Windows Store apps, not yet fully jailbroken
Written by @ronwinbetaon Sunday, Jan 6th, 2013 at 08:59PM
The minimum signing level determines how good an executable’s signature is on a scale like this: Unsigned(0), Authenticode(4), Microsoft(8), Windows(12). The default value on x86 machines is of course 0 because you can run anything you like on your computer. On ARM machines, it defaults to 8. That means that even if you sign your apps using your Authenticode certificate, the Surface or any other Windows RT device (at this moment) will not run them. This is not a user setting, but a hardcoded global value in the kernel itself. It cannot be changed permanently on devices with UEFI’s Secure Boot enabled. It can, however, be changed in memory.The hacker mentions that Windows RT is a clean port of Windows 8 therefore Code Integrity is enforced to artificially separate these platforms. He mentions that this will not stop pirates from modifying Windows Store apps to run unsigned. He also mentions that Code Integrity can be enforced on Windows 8 to see what Windows RT runs like. Now keep in mind that this is not a fill-fledged jailbreak but merely a demonstration of the vulnerability by the hacker. This methodology resets itself every time the operating system is restarted. It wouldn't be surprising if a jailbreaking tool was released in the future, based on his methods, but for now this is the first step towards that direction. Hit the source link to read more about this vulnerability.