Yes, confirming--almost everything, if not everything, in this thread is stuff we've figured out on our own through various means.
would you please tell me how to patch the ci.dll?I want to lock my windows 8 pro for security reason.Some good news:
There is a method of booting with any unsigned EFI file (for example Linux GRUB) on Asus VivoTab devices with the recent firmware.
This also allows loading a "cracked" bootmgfw.efi that does not check for signatures of Windows kernel modules, and after patching the ci.dll - you'll be able to run any app or load any unsigned driver (even the boot-mode driver, unlike the 8.0 jailbreak).
The limitations of my method:
- It works only on Asus VivoTab RT tablets. Surface is not supported due to differences in UEFI firmware modules.
- Bitlocker should be disabled (manage-bde.exe -protectors -disable c: )
- There would be a line stating that secureboot is incorrectly set up, you can see it in the lower-right corner of the screenshot.
- The most inconvenient thing: it requires a FAT32-formatted USB stick with a "hack" file to be inserted on boot.
And, obviously, the "hole" could be closed by Asus in one of the next firmware updates. So Windows Update should be switched to manual mode (8.1 allows to select this from GUI).
So this should be considered as a temporary method until something universal would be found. But it can be used to start developing Linux (or android) for Tegra3.
I'll publish the instructions after 8.1 would be released.
would you please tell me how to patch the ci.dll?I want to lock my windows 8 pro for security reason.
My patch is for removing an enforced lock.
And you don't need to patch anything for "locking" Windows. The functionality is there since Windows XP. Google for "software restriction policies", there are even videos on this topic.
- There would be a line stating that secureboot is incorrectly set up, you can see it in the lower-right corner of the screenshot.
How do you change the Windows Update policy with the UI in 8.1? I don't see the Change Settings option that I do on my PC.
A more accurate way to state this, for technically-minded people reading the thread:
The raw exploit used to attack the kernel has not been fixed, but access to the place where we need to be in order to make use of the exploit has been blocked off.
If you are talking about the ability to run any unsigned EFI module (like the Windows loader with removed signature checks) - than it was currently tested to work only on VivoTab devices and not to work on Surface. It is based on the Nvidia code, so devices based on other CPUs would not be supported.A bit related, but is the Vivo Tab the only one with that exploit, or do Lenovo's RT devices also have a similar exploit?
Well the Yoga 11 RT is also NVidia based like the Surface RT and Vivo RT.
I was reading through Sideload Windows Store Apps. Is it possible to install the 8.0 certificate on an 8.1 device and then side load the needed tools (for example, the debugger)?It looks like they locked out the jailbreak from 8.1 by invalidating all old signatures. Windows RT 8.1's ci.dll does not trust the "1.3.6.1.4.1.311.10.3.6" OID in certificates anymore, only a new "1.3.6.1.4.1.311.10.3.21" OID. Both are required now....
I was reading through Sideload Windows Store Apps. Is it possible to install the 8.0 certificate on an 8.1 device and then side load the needed tools (for example, the debugger)?
I was reading through Sideload Windows Store Apps. Is it possible to install the 8.0 certificate on an 8.1 device and then side load the needed tools (for example, the debugger)?