• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Release] RT Jailbreak Tool

Status
Not open for further replies.
Search This thread

coldbloc

Senior Member
Nov 25, 2013
60
8
Trying to enable the server? If you get anywhere with that let me know, I'd be interested to see it. I spent a while looking into getting it working and never got anywhere. I never did anything with editing the running process, though; I just manipulated various registry keys into thinking I was on Win 8 pro. I believe there's a thread about it somewhere on here.

EDIT: Added some details in this thread

http://forum.xda-developers.com/showpost.php?p=47821520&postcount=20
 
Last edited:

southbird

Senior Member
Feb 12, 2010
249
100
Is this the type of tool that can brick a rt if a mistake is made?

No one will make any warranties or guarantees around here, but this jailbreak (which is only for RT, not 8.1, to be clear) is a fairly harmless in-memory patch which will disappear with a reboot. It doesn't really modify any system files or the like.
 

Ace42

Senior Member
Jul 20, 2009
11,344
2,047
New York
Moto G Power
Motorola Edge
:cowboy:
No one will make any warranties or guarantees around here, but this jailbreak (which is only for RT, not 8.1, to be clear) is a fairly harmless in-memory patch which will disappear with a reboot. It doesn't really modify any system files or the like.
Just tried and works good on my new surface. I'll probably move to 8.1 for the split screen and faster speed.
 

BIade

Senior Member
Apr 11, 2013
692
544
Cologne
I haven't updated yet, still want to try more ported apps. Also I am unable to install ANY apps from the store. Everything fails, or it's stuck on pending install.

Sent with Virtue

ohh sad to hear. Never had such a Problem... perhaps try to create a new store-account.
(there are some apps, that say they Need 8.1 to work, but except for those, there should be no Problem)

Wish you all the best
 

wojtas29

Member
Dec 10, 2007
35
1
Does It working on windows rt 8.1?
I have nokia 2520 tried install
Looks done well but when tried install recompiled putty
Got info there is no proper signature in some file ... bla bla bla

Someone got same issue and resolve problem?
 

southbird

Senior Member
Feb 12, 2010
249
100
For the amount of times a question about 8.1 comes up, I wonder if the thread title should just be modified to clearly state [8.0 ONLY, NOT 8.1] or something like that
 

ell82

Senior Member
Jul 19, 2005
155
2
www.windowsmobile.pl
Do you guys still believe in 8.1 jailbreak on anytime soon? I have stopped a while ago. Myriachan doesn't show us anything beside she's idea, and it seems that nobody else is think of working on that. Two weeks ago I have decided to upgrade to 8.1 and that was good move. Benefits from jailbreaked device is anyway not so big because lot's of program doesn't work anyway. But today I have decided to sold my Surface and give a chance to Asus T100. Surface is great device and I love it, I love it's design, touch cover, magnesium connectors (for keyboard and charger) but for today Windows RT without desktop apps and x86 compatibility is worth almost nothing. If Surface had x86 atom processor (baytrail would be nice) then it would be best tablet on the market ever. And I hope for that and will be waiting. Cheers and good luck with the jailbreak.
 
  • Like
Reactions: Topogigi

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,931
Seattle
All the working exploits I know of (and I'm following this project closely, though my actual hacking efforts are focused on WP8 right now) either too unstable (bloody PatchGuard BS...) or are too sensitive (not safe to release publicly, at this time, for one reason or another). If Microsoft continues this anti-owner policy of denying us the ability to control what happens on our own devices and nothing better comes up, it's possible that something in the latter category will see the light of day, but in that case MS would probably patch it quickly.

The first jailbreak was a lovely piece of work; requiring user interaction but not onerous or confusing, stable (once the initial issues were resolved), harmless to the OS itself (cleared at reboot), and exploiting what is only in a very technical sense a security vulnerability (the boundary between user-mode Admin and kernel-mode had never really mattered before except as a "don't break anything by accident" safeguard). At this point, it looks likely that some of those features are not going to make it into the 8.1 jailbreak. People are still making progress (though seriously, it's the holidays; folks will be busy with other things), and if it were absolutely vital to release a jailbreak tomorrow, we could, but it is not ready for public release yet!
 
  • Like
Reactions: SixSixSevenSeven

Topogigi

Senior Member
Oct 21, 2005
1,414
1,525
Turin
All the working exploits I know of (and I'm following this project closely, though my actual hacking efforts are focused on WP8 right now) either too unstable (bloody PatchGuard BS...) or are too sensitive (not safe to release publicly, at this time, for one reason or another). If Microsoft continues this anti-owner policy of denying us the ability to control what happens on our own devices and nothing better comes up, it's possible that something in the latter category will see the light of day, but in that case MS would probably patch it quickly.

The first jailbreak was a lovely piece of work; requiring user interaction but not onerous or confusing, stable (once the initial issues were resolved), harmless to the OS itself (cleared at reboot), and exploiting what is only in a very technical sense a security vulnerability (the boundary between user-mode Admin and kernel-mode had never really mattered before except as a "don't break anything by accident" safeguard). At this point, it looks likely that some of those features are not going to make it into the 8.1 jailbreak. People are still making progress (though seriously, it's the holidays; folks will be busy with other things), and if it were absolutely vital to release a jailbreak tomorrow, we could, but it is not ready for public release yet!

Don't forget we are in a developer forum. Everyone here is aware (or should be) of any possible effect of applying a patch or modifying a working OS environment. Not releasing a half-working solution publicly, dramatically reduces the chances of that solution to become the final solution by means of cooperation of other valued developers.
Acting this way, people having the solution in their hands, are acting just like MS when they think they are protecting us when they deny us the ability to choose what is useful or not for our devices.

And I say this with the utmost respect for you.

But we are going severely OT here....
 
Last edited:
  • Like
Reactions: KalleEatingBrain

SixSixSevenSeven

Senior Member
Dec 26, 2012
1,617
317
Don't forget we are in a developer forum. Everyone here is aware (or should be) of any possible effect of applying a patch or modifying a working OS environment. Not releasing a half-working solution publicly, dramatically reduces the chances of that solution to become the final solution by means of cooperation of other valued developers.
Acting this way, people having the solution in their hands, are acting just like MS when they think they are protecting us when they deny us the ability to choose what is useful or not for our devices.

And I say this with the utmost respect for you.

But we are going severely OT here....

Actually think about the sheer number of people who are being directed here to get a jailbreak for their new devices, when you read through the app requests half of them are not developers and probably couldnt tell C++ from HTML.
 

Topogigi

Senior Member
Oct 21, 2005
1,414
1,525
Turin
Actually think about the sheer number of people who are being directed here to get a jailbreak for their new devices, when you read through the app requests half of them are not developers and probably couldnt tell C++ from HTML.

AFAIK this is the way everything had always worked here (at least since the day 1 from my subscription to this forum). A simple disclaimer with an explicit warranty exclusion should be enough to let your conscience stay secure. There will always be someone claiming you destroyed his/her device: that's part of the game. Take it or leave it, this still remains a developer forum: You can't stop the entire knowledge process only because someone not-so-skilled could self-harm.
 
  • Like
Reactions: KalleEatingBrain
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 136
    RT Jailbreak Tool
    By Netham45, Version 1.20

    An all-in-one program to jailbreak Windows RT tablets using the method recently released by clrokr​

    Usage
    Boot your RT device and log in, allow it to sit on the desktop for about a minute.
    Extract all files out of the latest version of the .ZIP attached to this post. To do this on Windows RT, right-click on the .zip, choose 'Extract all', and select the destination folder.
    Run runExploit.bat. It'll prompt you to either install the jailbreak to run on login, uninstall it not to, or run the jailbreak once.
    Choose an option and follow all subsequent prompts. They're all quite easy and self-explanatory.

    FAQ
    Q) What does this do, in layman's terms?
    A) It allows non-Microsoft ARM-compiled .exes to run on the desktop. That is it.
    Update (03/01/2013): The jailbreak now allows unsigned drivers to load.

    Q) Can I use this to run Photoshop, Steam, AutoCAD, <Insert commercial product here>?
    A) While it is -technically- possible for the companies to port their stuff over to Windows RT using the hack it is extremely unlikely. As a rule of thumb, if it's a commercial piece of software it won't run on the ARM.

    Q) Can I use this to run PuTTY, VNC, X-Chat, <Insert open-source product here>?
    A) Yes! Open-source programs are ones that you, having the source code, can recompile to work on the ARM. If it's not already available (A small but growing number of programs are) it's easy to get started. There are some useful threads in the Windows 8 Development and Hacking board on XDA-Developers.
    Please note that not all programs can reasonably be ported over to ARM, due to either program complexity, overuse of inline assembly, or the current lack of a GNU Compiler

    Q) Can I use this to run any random x86 app I find on the internet?
    A) No. Apps must be recompiled for ARM. Stop asking why Chrome doesn't run.

    Q) Can I use this to hack my Android tablet?
    A) Not really. Most Android hacks require custom kernel-mode drivers (APX, Odin, ADB all require drivers that are unavailable), and this hack only allows us to run unsigned User-mode code.
    If you don't know the difference between User-mode and Kernel-mode, I'm sure Wikipedia has a good article on the subject.

    Q) Will Chrome/Firefox be ported over?
    A) I don't see any major technical hurdles for those, but I probably won't be the one to do it.

    Q) Are there any precompiled apps for this available?
    A) Check out THIS THREAD for a list of all currently known compiled apps.

    Q) I ran the jailbreak, now where can I download pirated apps from?
    A) Nowhere. This jailbreak does not allow for pirated apps, and it is a long ways off from actually supporting pirated apps. If you manage to get pirated apps to run on Windows RT you will be doing the entire community a large disservice, along with ruining what credibility this hack may have in Microsoft's eyes.

    Q) I don't know how to recompile code, can I get someone else to do it?
    A) If it's a simple project you can likely find someone who will be more than happy to recompile it for you. If it's a large project with numerous dependencies, or a commercial project, I will be willing to take a look at it and quote a price to do it. (On that note, please realize that I am not affiliated with XDA-Developers at all.)

    Q) I keep BSoD'ing! What's up?
    A) I haven't managed to track down the cause of the BSoDs, except that they seem to happen when the exploit is ran within the first minute or so of the tablet booting and logging in. If you're getting BSoDs, boot your tablet to the desktop and wait 2 or 3 minutes before trying the exploit. Also, make sure that you're up to date with Windows Updates, as of 2/26/2013.

    Q) I ran the .bat and it told me it couldn't find it's bin folder. What's wrong?
    A) Extract the ZIP in entirety. Don't just open the ZIP and double-click on the runExploit.bat.

    Q) It's not working! What do?
    A) Post in this thread describing what you're doing and the issue you're having, do not PM me, even if you don't have the number of posts to post in the developer sections. I'll consider it spam and disregard it. Don't message me on Twitter either, the only place that I will provide support for this tool is in this thread.

    Q) Is this persistent across reboots?
    A) No, it resets every time the device reboots.

    Q) Is this a tethered exploit?
    A) No. Tethering is connecting the device to a computer, or other device to jailbreak it. This is done entirely on the device. It just has to be redone at reboot.

    Q) Will this work with all the latest updates, as of 02/26/2013?
    A) There was an updated .zip posted for the latest update (Patch Tuesday, Feburary 2013.) It should work.

    Q) How do I compile apps for the Surface RT? It says I'm missing a bunch of .libs!
    A) Visual Studio 2012 does not come with all the required ARM .libs for compiling most desktop apps. Please see THIS post by _peterdn for a useful utility for generating .libs and .exps from the .dlls on the tablet.

    Q) Why would you want desktop apps? They suck for touch.
    A) Mainly for the library of easily ported software, along with the things that metro apps just can't do. I agree, they're more inconvenient to use with touch, but that's the tradeoff for having a huge library of software. You also don't have to use desktop mode, the tablet still is quite good without it (Except the mail client). I also believe that since it's my device I should be able to do whatever I want with it, regardless of what MS says. Traditionally MS has leaned the same way with Windows, which makes it rather disappointing they chose to lock this platform down.

    Q) Will this void my warranty?
    A) Since it doesn't persist across reboots chances are the support center will never know, though it may be against the terms of your devices warranty.

    Q) Is there any warranty for this program?
    A) No express or implied warranty exists.

    Q) Your hack caused the paint to chip off my tablet, the felt to peel off my type keyboard, the kickstand to fall off, and my tablet to display nothing but satanic messages while it's on! I want you to buy me a new one!
    A) No it didn't, and see my warranty policy.

    Q) Can Microsoft patch this?
    A) Yes and no. They can patch it through Windows Update, but since we have the ability to reinstall from recovery partitions we can revert any Windows Updates they release.

    Q) Will this allow people to run viruses on my tablet?
    A) Yes and no, if something malicious is compiled and ran while jailbroken it could act like a virus, yes. Once you reset, though, it'll be gone.

    Q) I came across a malicious RT application! Who do I tell?
    A) If it's a jailbroken application then the most you can do is make a post informing about it. That's one downside to having unsigned code, there's no one regulating body who can decide what is and isn't available, and manage safety. If it's a store application then I suggest you contact Microsoft. If it's a Modern UI app that requires the jailbreak to run you still may have luck contacting Microsoft, as they can blacklist the developer's certificate.

    Q) Can any random Store app do this?
    A) No, this requires tools and privileges that Windows Store apps can't possess. The appcontainer model that MS uses is very strict and good at preventing things like this from happening. There's a number of things that flat-out aren't possible to do from a Store app that this uses, not to mention that it would get rejected by MS.

    Q) Will I (The user) get my developer license banned?
    A) It's possible, though I doubt that MS will do that.
    Update: With the new payload (as of 1/18/2013) users no longer need to get their own developer certificate.

    Q) Won't you (Netham45) get your developer license banned?
    A) Time will tell, I knew the risk when I posted this. I suspect that their banning system is more geared towards piracy, though, which this doesn't really enable.
    Update: With the new payload (as of 1/18/2013) my developer certificate is no longer required.

    Q) I've got this great feature/idea for the jailbreak! Where can I tell you at?
    A) Post it in this thread. Note that the area where we can script and such before the exploit is limited and restricted to pretty much batch scripts, and that I am under no obligation to implement a feature if you suggest it. And, seriously, do not PM me about it. If you don't have the prerequisite number of posts to post in the developer section then go get them.

    Q) Can I throw money at you for writing the tool to automate this?
    A) There's a donate link on the side of this post. (I'd love to get a Surface Pro. :D)

    Q) Can I throw money at clrokr for documenting the exploit?
    A) You'll have to talk to him about that.Here's his profile.

    FAQ last updated 2/26/2013 10:17 PM MST

    Thanks to clrokr for documenting the usage of the exploit, and to the numerous people who contributed positively in the [Q] Hacking Windows RT to Run Desktop Apps thread

    Download is attached to this post.

    Update log
    Update 1.01(1/10/2013): Uncommented pause in the PS script to install the ModernUI app -- It was causing it not to prompt to install a developer license/my cert for some reason.
    Update 1.02(1/10/2013): Fixed issue on non-English devices.
    Update 1.03(1/11/2013): Fixed issue with usernames with spaces in them, fixed issue where the user running the jailbreak isn't the first user logged in
    Update 1.1(1/18/2013): Redid functionality; it now gets the kernel base inside the payload, instead of requiring a Metro application. Added a startup folder that gets ran after jailbreak. Cleaned up output. Click for more info
    Update 1.11(1/18/2013): Added commandline options, added a simple interface to handle creating scheduled tasks to run, added a powershell script to keep it from running if the system hasn't been up for two minutes, added missing startup folder, added sanity check so it doesn't freak out if the startup folder isn't there
    Update 1.12(2/12/2013): Fixed the scheduled task to not require AC power to run, tweaked script to not crash on latest patches, Fixed startup folder not getting executed properly
    Update 1.12a(2/12/2013): Fixed it to actually work on the latest updates. Oops.
    Update 1.13(2/14/2013): Added the ability to dynamically get the signing level. It now requires internet on the first launch, and after an update changes ntoskrnl.exe. This version is slightly experimental, so if it doesn't work use one of the older versions.
    Update 1.13a(2/15/2013): Tweaked the script to return from the hook in a way that seems more robust. If 1.12a or 1.13 work for you there's no need for an update.
    Update 1.20(3/01/2013): Made the bat use registry keys instead of files in system32, added registry-based startup folder, altered payload to support unlocking kernel-mode code


    Older versions may be downloaded here

    (Note: If you wish to mirror this post please retain a link to it at http://forum.xda-developers.com/showthread.php?t=2092158 so users can always get the latest version.)
    20
    eg
    does it need the sdk/wdk secure boot policy
    maybe a way to turn the debugger into a protected process so it can access another protected process (csrss)

    Personally I hope it isnt too easy to set up, as then only those who really need it and know how to do it (and the consequences) will use it, and there will be less chance of MS closing it off further

    My in-progress 8.1 jailbreak hack doesn't require the Windows Kits Policy to be installed, no. It bootstraps execution of unsigned native code using an exploit in PowerShell, then loads a kernel driver using a flaw in the code signing system.

    The PowerShell exploit is, in effect, a sandbox escape. It does not require Administrator privilege, but all you get is native code execution at the same privilege as your user account.

    The kernel driver loading bug requires Administrator privilege; it is not bypassing the requirement of your account needing Administrator privilege to ask the Service Control Manager to load a driver on your behalf. In Raymond Chen terms, it's "already on the other side of the airtight hatchway".

    The hack is designed to be automatically started and permanent; once installed, it'll load at each boot, until you uninstall it. It won't load if Safe Mode is enabled, to aid with troubleshooting. When it loads, it will write to the Security audit log to indicate that it has jailbroken the system. Also, I plan on enabling the desktop watermark as if a prerelease build and changing the text to "Jailbroken" or similar.

    Melissa
    15
    I'm locking this due to this no longer being maintained. When the 8.1 jailbreak is released there will be a new thread created.

    Edit: Seriously, guys, it's super not cool to PM me about this after not reading the FAQ at all. Also, whoever is following me around on other sites and messaging me about this, please stop. If I don't answer your 'WAAH CHROME DUN WORK' PMs on here I'm surely not answering them on Youtube.
    9
    The only responses I got to the query "8.1" said it wouldn't work. No mention of possible updates so it would. To repeat my question: Is such a thing possible?

    We're working on it. =^-^=

    https://twitter.com/Myriachan/status/365350790803619840/photo/1
    7
    Thank you!!

    Now that I can post in the development section I wanted to post a huge thank you to everyone that has worked to make the RT "jailbreak" possible. I have followed it since its inception in the original thread, but until recently didn't have an xda account. All the work in developing the script as well as all those who have recompiled apps have made my Surface RT so much more than its original limited state, and I am in your debt. In all honesty, I wouldn’t have bought it were it not for this community working to make the desktop side of Windows on ARM truly useful.