Windows RT 8.1 anti-jailbreak differences
- Thread starter Myriachan
- Start date
I did all the updates as of yesterday and the JB doesn't work (I use v1.20 which worked on the sufraced RT)
I really doubt 8.1 was pushed to my device that early.
@geniv: Actually, RT (including 8.1) *does* allow doing the same thing as Android. The ability to sideload apps, without getting them from the store or going through Microsoft approval, is well documented and has been known for over a year...
PowerShell (as Admin) > Show-WindowsDeveloperLicenseRegistation > enter credentials > install .APPX all you want.
Android does not (without significant work) let you run "desktop" Linux apps (well, graphical ones) as it lacks an X11 server. WRT does at least have the desktop mode... With that said, I agree that MS is screwing up by the numbers here. They are wasting engineering time (design, dev, test, maintenance) that could be better spent on actual features, they are pissing off users, and they are crippling their own product. I don't expect them to *help* us, but they could at least stop wasting their time breaking things!
PowerShell (as Admin) > Show-WindowsDeveloperLicenseRegistation > enter credentials > install .APPX all you want.
Android does not (without significant work) let you run "desktop" Linux apps (well, graphical ones) as it lacks an X11 server. WRT does at least have the desktop mode... With that said, I agree that MS is screwing up by the numbers here. They are wasting engineering time (design, dev, test, maintenance) that could be better spent on actual features, they are pissing off users, and they are crippling their own product. I don't expect them to *help* us, but they could at least stop wasting their time breaking things!
You can say that again. I'm pretty irked (to put it nicely) that Microsoft deliberately broke the jailbreak in 8.1. I know they said they couldn't guarantee it would work in future versions, but I was hoping they'd just leave it alone, or better yet, give us an official way of unlocking the desktop. Looks like I'll be staying at 8.0.
Natively lacks an X11 server, yes. But there is a partial X11 server app. I don't know if I consider spinning up a Linux chroot "significant work", and you can use a VNC client in the absence of a proper X11 server. Granted not a high performance solution, but it's a possible one.
well that really sucks. I may just downgrade back to 8 to get back app support. I love my RT, but not being able to sideload is a bunch of bull. 
well that really sucks. I may just downgrade back to 8 to get back app support. I love my RT, but not being able to sideload is a bunch of bull.
You can sideload....
Sent from my GT-I9505 using xda app-developers app
well that really sucks. I may just downgrade back to 8 to get back app support. I love my RT, but not being able to sideload is a bunch of bull.
Sideloading and running desktop applications are actually 2 seperate things. Sideloading simply means installing software from somewhere other than the built in app store, namely firing up Visual studio 2012 express, making a windows 8 app and deploying it to your tablet (actual touch app that is) which can be done on a non jailbroken device. I think you can install .appx on the device natively too.
I know you meant desktop but as this is a development forum it is perhaps best to not confuse the 2 terms.
I apologize, I was talking to not being able to load a lot of the apps that had been ported to RT. (FileZilla, Transmission GUI, etc) I apologize for muddying the waters
Hehe.
Yesterday MS and Asus released several updates. Asus firmware update blocks the UEFI hole I was using to run unsigned apps on 8.1 - now my UEFI hangs instead of booting to EBL. The update is safe for ordinary users, it was just my own fault.
So now I have an unbootable device and heading to service
I assume that service would replace the motherboard (as I have the screen blinking issue, that can be fixed only with MB replacement), and after receiving the device back - I'm planning to boot from USB and scan disk for deleted files (or better to make a sector-by-sector disk image and work with it). Maybe I'll get some extra tools, like the ones here: http://xdaforums.com/showthread.php?t=2477285
Yesterday MS and Asus released several updates. Asus firmware update blocks the UEFI hole I was using to run unsigned apps on 8.1 - now my UEFI hangs instead of booting to EBL. The update is safe for ordinary users, it was just my own fault.
So now I have an unbootable device and heading to service
I assume that service would replace the motherboard (as I have the screen blinking issue, that can be fixed only with MB replacement), and after receiving the device back - I'm planning to boot from USB and scan disk for deleted files (or better to make a sector-by-sector disk image and work with it). Maybe I'll get some extra tools, like the ones here: http://xdaforums.com/showthread.php?t=2477285
Well it's still a security hole in their security - you had to expect that they'd patch is. The thing is, this is probably a big security concern - it does open the path to all those viruses and etc. we have on normal Windows, and with all the security measures MS put in place, I imagine that they REALLY don't want that to happen.
I know we'd all like RT to be as open as normal Windows, but you have to think of MS - they'll be the ones responsible when some moron comes running to them because he installed so much crap on his tablet it stopped working.
Actually, they didn't patch the exploit used by the jailbreak if I understand correctly, just made it really hard to "exploit". Somebody with a more technical understanding please correct my if I'm wrong. Also, I believe the debugger was either removed or somehow made unusable by the jailbreak script, and I know they changed all the signing keys on the executables in 8.1 so you couldn't just pull something from 8.0 to exploit it. Sounds more like an active attempt to kill the jailbreak, instead of a routine patching of holes.
They have to deal with that on any x86 tablet... which is very shortly going to be the vast majority of Windows tablets/convertibles on the market, seeing as Surface 2 is the only RT device left...
You live in fantasy land if you think cheap atom tablets like Asus t100 or expensive tablets like surface pro will outsell surface 2. Surface Pro will never be mass market. If people didn't buy cheap clovertrail tablets last year that last more than 8hrs...almost no storage, low-res screens, cheap materials, no SSD...why would I want baytrail? ATOM CANNOT HANDLE FULL WINDOWS THAT'S WHY NETBOOKS FLOPPED YEARS AGO. MANY WOMEN, STUDENTS, SENIORS, AND OTHER DEMOS CHOSE THE LIMITED IPAD EVEN WITH ATOM PCs AVAILABLE. DID YOU READ THE NEW KINDLE FIRE PREVIEWS? ALMOST NOBODY CARES ABOUT HAVING FULL DESKTOP ON A MOBILE DEVICE. NOT ONCE DID I READ WHAT'S THE POINT OF THIS OR WHO'S THIS FOR WHEN I CAN BUY ATOM. IT'S ONLY SAID WHEN TALKING ABOUT RT! AND RT WAS ONE OF THE BEST SELLING WINDOWS TABLETS THIS PAST YEAR!
I don't want full windows running on atom processor as they exist today. Atom was and is garbage. It needs to run a limited and/or closed OS. If OEMs can/want to give me Haswell i5 at an affordable price maybe windows would do better on mobile. The way that the surface pro flies through most of the desktop is what everyone should experience when using windows. That's the standard performance consumers should see and come to expect no matter what tablet they pick up. You won't get that from Atom.
Last edited:
You live in fantasy land if you think cheap atom tablets like Asus t100 or expensive tablets like surface pro will outsell surface 2. Surface Pro will never be mass market. If people didn't buy cheap clovertrail tablets last year that last more than 8hrs...almost no storage, low-res screens, cheap materials, no SSD...why would I want baytrail? ATOM CANNOT HANDLE FULL WINDOWS THAT'S WHY NETBOOKS FLOPPED YEARS AGO. MANY WOMEN, STUDENTS, SENIORS, AND OTHER DEMOS CHOSE THE LIMITED IPAD EVEN WITH ATOM PCs AVAILABLE. DID YOU READ THE NEW KINDLE FIRE PREVIEWS? ALMOST NOBODY CARES ABOUT HAVING FULL DESKTOP ON A MOBILE DEVICE. NOT ONCE DID I READ WHAT'S THE POINT OF THIS OR WHO'S THIS FOR WHEN I CAN BUY ATOM. IT'S ONLY SAID WHEN TALKING ABOUT RT! AND RT WAS ONE OF THE BEST SELLING WINDOWS TABLETS THIS PAST YEAR!
I don't want full windows running on atom processor as they exist today. Atom was and is garbage. It needs to run a limited and/or closed OS. If OEMs can/want to give me Haswell i5 at an affordable price maybe windows would do better on mobile. The way that the surface pro flies through most of the desktop is what everyone should experience when using windows. That's the standard performance consumers should see and come to expect no matter what tablet they pick up. You won't get that from Atom.
You clearly havent touched atom since the old crappy netbooks then. Clovertrail jumped the performance at the same clock speed massively, and ramped up the clockspeed too. Bay trail bumps it even further and on some tablets also bumps the clock speed over clovertrail too.
I think your a bit of a cynic stereotyping women and seniors as buying iPads, and here at uni I am yet to see anyone using an iPad for productivity yet see quite a few surfaces.
In my experience the old netbooks were slow yes, but they ran visual studio, eclipse, web browsers and office suites fine. Clovertrail is yet more powerful, bay trail is a surprisingly competent little chip. Your not going to be playing skyrim or whatever on it anyway.... Cant run visual studio on a surface RT anyway.
PHP:
I touched the Asus t100 this past Friday. Its combination of CPU, GPU, and eMMC storage gives it entry-level performance. The keyboard dock is cramped and the trackpad is too small because of the form factor. It's a fool's errand to force baytrail tablets to run the full OS vs. iPad running IOS. It's like running a race with two 15 lb. weights around your ankles and you're allowing the other contestant to drive a car on the track. Windows needs its entry-level machines to fly through much of the desktop OS like an iPad flies through many lightweight IOS tasks. Additionally, I'm saying the iPad has had great success with the aforementioned mass market demos and these people are not picking up cheap atom PCs that can supposedly do real work. I didn't intend to stereotype those groups. Moreover, I'm not talking about complex games at all on tablets. The surface pro sucks for modern PC games. It's like a console. No mass market tablet will be great for modern PC gaming anytime soon.
I'm tired of x86 being given multiple chances to succeed in the mobile battle while RT gets repeatedly shat on. And I'm sick of the salt and the hate. RT exists precisely because Wintel x86 UI and its concept has failed on mobile devices. Plain and simple. This strategy did not work. It did not sell. Nobody ever made a tablet that put it all together. Design, price, marketing, power, and hype. How this fact is conveniently absent from whether or not the ARM to Windows port makes sense drives me nuts. If Intel and OEMs would've handled their damn business, then MS wouldn't need to get involved. I never hear well darn XP tablets flopped, Windows 7 tablets flopped, and all the Windows 8 tablets flopped.... so why will this time be different for x86? Who is this for? What's the point of this?
It's annoying when no other mobile product has to put up with a fraction of the compatibility FUD from a niche of self-proclaimed #realwork users. Leading up to surface pro launch, I saw many folks constantly telling MS store reps they wanted a tablet for real work so they were going to wait for the Pro. A manager told me just wait for the Pro because it will be a game changer when I asked about tablet sales. I also saw this garbage across the internet and still see it today. It was like the Outlook complaints which MS chose to answer. However, I estimate Surface Pro sales and it shipped less than 2 million. Less than 2 million tablets to date post-price cut. AFAIK not a single windows tablet can say hey look at me I am a success story. I appealed to everyday people and made millions of lives better. Of course not a single tech journalist will look into sales except when it comes to the surface line because that's the only public information someone caught. If only people knew why OEMs combine android/windows tablets, why Samsung isn't all aboard the Baytrail train, etc. People would be clamoring for everyone to pack up and go home. Because holiday 2012 and YTD 2013, the iPad and Galaxy Tab has kicked all of their asses multiple times over with ease.
Last edited:
I upgraded foolishly thinking that there would be a way to jailbreak. Luckily, I was able to downgrade back to RT 8.0. I use my Surface RT as a second screen to my laptop on the road so I NEED Synergy. I also use SumatraPDF as my default PDF reader because the Windows Store readers are terrible. Microsoft just doesn't get it. I understand it is a security hole and must be fixed but at least provide a "DEVELOPER OPTION" that allows you to run applications in desktop mode that are unsigned. If you enable "DEVELOPER OPTION" a warning box comes up with disclaimers, etc. Google figured this out with Android. Why does Microsoft have to be so dense.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
11It looks like they locked out the jailbreak from 8.1 by invalidating all old signatures. Windows RT 8.1's ci.dll does not trust the "1.3.6.1.4.1.311.10.3.6" OID in certificates anymore, only a new "1.3.6.1.4.1.311.10.3.21" OID. Both are required now. How it works is, if a certain configuration bit is not set in the call to CipMinCryptToSigningLevel, attempting to load an executable with a *10.3.6 OID on the certificate but not a *10.3.21, CipMinCryptToSigningLevel will explicitly fail with STATUS_INVALID_IMAGE_HASH--it won't even bother to consider it a 0 signing level.
I bet that this time, they will not give device manufacturers anything but executables that require booting Windows in test mode, something only Microsoft and device manufacturers can accomplish due to Secure Boot.
Microsoft Office's executables are signed with both the 2010 and 2011 keys, presumably so that it can run on both 8.0 and 8.1.
Visual Studio 2012's remote debugger doesn't work anymore, either. I bet that they're working on further locking down the remote debugger to avoid letting us use it to jailbreak.
The only good news I see is that NtUserSetInformationThread sub 7--the kernel exploit--has not been fixed.7Some good news:
There is a method of booting with any unsigned EFI file (for example Linux GRUB) on Asus VivoTab devices with the recent firmware.
This also allows loading a "cracked" bootmgfw.efi that does not check for signatures of Windows kernel modules, and after patching the ci.dll - you'll be able to run any app or load any unsigned driver (even the boot-mode driver, unlike the 8.0 jailbreak).
The limitations of my method:
- It works only on Asus VivoTab RT tablets. Surface is not supported due to differences in UEFI firmware modules.
- Bitlocker should be disabled (manage-bde.exe -protectors -disable c: )
- There would be a line stating that secureboot is incorrectly set up, you can see it in the lower-right corner of the screenshot.
- The most inconvenient thing: it requires a FAT32-formatted USB stick with a "hack" file to be inserted on boot.
And, obviously, the "hole" could be closed by Asus in one of the next firmware updates. So Windows Update should be switched to manual mode (8.1 allows to select this from GUI).
So this should be considered as a temporary method until something universal would be found. But it can be used to start developing Linux (or android) for Tegra3.
I'll publish the instructions after 8.1 would be released.3Is anyone else working on this?
I dimly remember some other devs working on this before abandoning their efforts due to OP claiming to come out with a fix "soon" ... this obviously was all just a load of BS, so I thought it might be a good idea to circle back to some of the other devs ...3I upgraded foolishly thinking that there would be a way to jailbreak. Luckily, I was able to downgrade back to RT 8.0. I use my Surface RT as a second screen to my laptop on the road so I NEED Synergy. I also use SumatraPDF as my default PDF reader because the Windows Store readers are terrible. Microsoft just doesn't get it. I understand it is a security hole and must be fixed but at least provide a "DEVELOPER OPTION" that allows you to run applications in desktop mode that are unsigned. If you enable "DEVELOPER OPTION" a warning box comes up with disclaimers, etc. Google figured this out with Android. Why does Microsoft have to be so dense.3
Sadly, no, for two reasons. The first is that Windows RT's enforcement of what is allowed to run is enforced by the same kernel driver that enforces what kernel drivers can run, ci.dll. ci.dll has a hard-coded list of certificates that it trusts and there is no way to add additional certificates.
The second is that the certificates aren't really the problem - the object identifiers (OIDs) are. Windows 8.1 didn't invalidate the 8.0 certificates in the ordinary certificate revocation sense; rather, they changed ci.dll to require that a new OID be present in any signature for it to be trusted in 8.1. None of the 8.0 signatures have this OID.
Windows Apps seem to use a different signature system overall. Unsigned Apps can be used if you have a developer certificate, and Apps installed by 8.0 are still valid in 8.1. Similarly, there is something special going on for sideloading. I don't personally know how any of that works, but I do know that sideloading isn't useful, because the privilege level of Apps is too low to be useful for much of anything.
By the way, progress on breaking 8.1:
https://twitter.com/Myriachan/statuses/365350790803619840
New posts
-
[App][8.0+][Magisk]App Volume Control
- Latest: crystaldolly
-
-
