Writing to system files and registry?

Myriachan

Myriachan

Senior Member
Feb 11, 2013
117
174
0
Aug 11, 2013 at 11:54 PM
Hi... I'm from the Windows RT jailbreaking world and don't have a Windows Phone, so please excuse my ignorance.

I have an exploit in Microsoft's Secure Boot code that works on all architectures. I suspect that the same bug works on Windows Phone 8. However, it requires writing to privileged areas of the system. This is easy in desktop Windows and in Windows RT, but I have no idea of its feasibility on Windows Phone 8.

Doss anyone here have insight into this? =^_^=

My RT jailbreak proof (8.1, so not the existing one):
https://mobile.twitter.com/Myriachan/statuses/365350790803619840
 
  • Like
Reactions: Et3rnal
P

petard

Senior Member
Feb 12, 2006
1,049
38
0
Aug 12, 2013 at 12:03 AM
Myriachan said:
Hi... I'm from the Windows RT jailbreaking world and don't have a Windows Phone, so please excuse my ignorance.

I have an exploit in Microsoft's Secure Boot code that works on all architectures. I suspect that the same bug works on Windows Phone 8. However, it requires writing to privileged areas of the system. This is easy in desktop Windows and in Windows RT, but I have no idea of its feasibility on Windows Phone 8.

Doss anyone here have insight into this? =^_^=

My RT jailbreak proof (8.1, so not the existing one):
https://mobile.twitter.com/Myriachan/statuses/365350790803619840
Click to expand...
Unfortunately WP8 is locked down tight and no one can write to the OS partition as far as I know.
 
Myriachan

Myriachan

Senior Member
Feb 11, 2013
117
174
0
Aug 12, 2013 at 12:09 AM
petard said:
Unfortunately WP8 is locked down tight and no one can write to the OS partition as far as I know.
Click to expand...
So to pull it off, you'd need an NT kernel privilege escalation exploit that could be done from a low box token in the WP8 sandbox...yuck. Possible, though. Such an exploit would obviate my exploit, though, because then you could make a side loaded app that jailbreaks the phone when you run it.
 
A

aclegg2011

Guest
Aug 12, 2013 at 2:10 AM
some of the registry can be accessed, but not all. snickler, gooddaytodie and others are trying to find a way to write to registry. theres a thread on here that talks about the progress.
 
G

GoodDayToDie

Inactive Recognized Developer
Jan 20, 2011
6,066
2,930
0
Seattle
Aug 12, 2013 at 8:31 AM
In particular, we have read-only access to most of the registry, but not much (if any) in the way of write access, beyond what a handful of built in and OEM apps can do (OEM apps can have extra permissions; some store settings in the registry and/or change system configurations, but I haven't yet found a way to get arbitrary access).

Great work on that RT exploit, though. It actually may be useful on the phone even if we do find an arbitrary app EoP exploit - it could make it a lot easier to do certain things - but the most likely EoP is actually us finding a way to abuse an OEM (or built-in) app to change the registry and/or file system. If we can find that, a way to then run arbitrary code with full permissions would be a really useful thing to use such a hack for...
 
  • Like
Reactions: IzaacJ, DavidinCT, snickler and 1 other person
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone