It is good to clarify that the desktop applications on ARM available today are only Office RT, integrated into the operating system, and other pre-installed programs such as the browser. All third-party applications must go through the Windows Store and be Modern UI-style only, there is no escaping, and this is an important restriction.
Microsoft has established four levels – Unsigned(0), Authenticode(4), Microsoft(8), Windows(12) – per determine whether an application can work or not, and with what restrictions. On systems equipped with an x86 microprocessor from Intel or AMD the default value set is zero, and this allows any application to run smoothly as long as it is compiled correctly. On ARM devices, the Redmond company has instead set the value 8.
It is a "number" present inside the kernel, not directly controllable by the user and which cannot be changed permanently on devices with Secure Boot enabled. However, as the security researcher revealed, this stake can be bypassed by memory. "The artificial incompatibility established by Microsoft does not work because Windows RT is in no way diminished in its functions. It is a clear port, well done. Deep inside the kernel, however, in an encrypted section of the Secure Boot, lies a byte which represents the minimum level of signature, "said Clrokr.
The hacker then ends by stating that Windows RT is an obvious port of Windows 8. "Microsoft has enforced Code Integrity to artificially separate these platforms. This will not stop pirates from modifying the Store apps and their license checks, because the apps on the Store are the only things that can work without a signature. The fact that this method also works on Windows 8 shows how similar the systems are. You can harden Code Integrity on Windows 8 to have a Windows RT-like experience, "said the researcher.
"The decision to stop traditional desktop applications from working is not a technical one, but it is a bad marketing decision. Windows RT needs the Win32 ecosystem to improve its position as a productivity tool, "ruled Clrokr.
The issues raised are therefore two: the first concerns the vulnerability itself and everything that could ensue, such as piracy and other typical operations of jailbreaking. Apparently we are far from having a system within everyone's reach to replicate what the researcher has achieved, so the Windows team can sleep peacefully, even if not for long.
The second, perhaps even more important and stronger than the first, calls into question an alleged marketing choice made by the Redmond company, which would have decided to fictitiously separate two ecosystems that otherwise, according to the researcher, could be one, with obvious consumer benefits. All that remains is to wait for a response from the company led by Steve Ballmer, which we hope will enter into the merits not only of the problem, but also of the other accusations.
Windows RT can run apps in desktop mode