MS SurfaceRT Security Broken–Now you can run ANY Desktop App

surface-tablet-windows-rt

We knew it’s a matter of time, in fact I am surprised it took this long, but it has finally happened. Someone has found a way to circumvent the built-in Security of Surface preventing arbitral running of Desktop Apps on SurfaceRT devices. Its all about a Byte in the Kernel, and a hacker going by the handle of Clrokr (@Clrokr) has found it as below:

SeGetImageRequiredSigningLevel+0x18
LDR R3, =0x59FFA6 This is our byte, 0x19FFA6 at 0x400000 image base
LDRB R3, [R3]
CMP R3, #4
BHI loc_HighSigReq
B.W loc_LowSigReq

Here is what he said about it:

Finding the right spot

The minimum signing level determines how good an executable’s signature is on a scale like this: Unsigned(0), Authenticode(4), Microsoft(8), Windows(12). The default value on x86 machines is of course 0 because you can run anything you like on your computer. On ARM machines, it defaults to 8.
That means that even if you sign your apps using your Authenticode certificate, the Surface or any other Windows RT device (at this moment) will not run them. This is not a user setting, but a hardcoded global value in the kernel itself. It cannot be changed permanently on devices with UEFI’s Secure Boot enabled. It can, however, be changed in memory.
Finding this byte in the kernel takes a while, there is no exported symbol for it and not even in the symbol database at MSFT. I found it using WinDbg and a machine running Windows 8 Pro, creating processes and watching how the system behaves when the signature checks happen all the way through CI.dll and back. Because Windows 8 and Windows RT are so similar, locating it in the ARM kernel was not hard…

He provided the sample exploitation code on his blog. But what does it all mean to you as user? First, this is not for the faint hearted, you must know what you are doing. Second, someone will probably write a code to automate the jailbreaking. But the question is would you run this code on your ARM device?

I personally will like to to see how SurfaceRT performs after jailbreak. Remember the version of Office on SurfaceRT is specially crafted and optimized for the RISC architecture and its small power environment. So, will you be able to run the likes of AutoCAD/Photoshop now on Surface, I doubt it, you will be frustrated possibly with the performance speed. We will be keeping an eye on developments for you and report back if anything new come up around this story.

It’s a brave world out there, once again, it has been proven that nothing is secure by default. If it is written by man, it will be broken by man, period. Now that you can jailbreak SurfaceRT, what are you going to do about it? The decision is yours and yours alone.

You can read the rest at Clrockr site: http://surfsec.wordpress.com/2013/01/06/circumventing-windows-rts-code-integrity-mechanism/

[Update]
I have been made aware of the fact that you can’t run “ANY” desktop Apps on ARM devices like the hacker’s post suggested, but even after this jailbreak, you still have to compile your standard Desktop App for ARM before it will run in a jailbroken desktop. So, with this news, we can expect Google and the likes to start compiling Chrome and other apps for Windows RT desktop. And of course all the security risks and exploits will follow. Hopefully people will not be blaming Microsoft for their misfortune then.

About these ads

Adobe ReaderX Desktop App is in the Store

image

Hey, guess who just joined the Desktop App party in the Windows 8 Store? Right, Adobe Reader X! I guess Adobe doesn’t like the idea that Microsoft’s newly deployed Office2013 was encroaching on its PDF turf with the new PDF Read/Write feature of Word2013, and decided to do something about the visibility of its reader app on Windows 8 Desktop. Of course ReaderX needs no introduction to most of us. For those that doesn’t know ReaderX is the tablet-focused Reader from Adobe. The app features Annotation features built-in, inclusive Pen annotation. So PDF files are actually editable to a lesser extent on this app, only you can’t print to the app like you can with Acrobat.

Well, there you have it. Another Desktop app for your pleasure and easy discoverability. As indicated in the picture, Adobe ReaderX can be found in the Productivity section of the Store.

Microsoft’s Desktop Game “Age of Empires Online” in Windows 8 Store

The fourth Desktop App has been added to the store. This time it is the ubiquitous game Age Of Empires Online from Microsoft’s own Studios. Of course the App does not need any introduction to fans of the game, but for those of you who wants something new, the promise of the Windows App Store is now being realized, that is, easy discoverability of Desktop Apps. Now you don’t have to go start looking all over the internetz, but you simply go now to the app source to install. Go try it if you are interested.

#Win8 App Alert: Office2010 Desktop App debut in Store

We knew this was coming, and Microsoft didn’t take long to make it happen. The first Desktop App has appeared in the Store, and it is Microsoft Office 2010! Yes, you can find it under Productivity Category. Go check it out and install it if you must.

But Microsoft, you promised us Office15 Preview in June, do we have to wait really long for it? :)

[Update] If you can’t see it in the Productivity Category, open up the Search Charm and search for Office.