Circumventing Windows RT’s code integrity mechanism

“It’s taken longer than expected but it has finally happened: unsigned desktop applications run on Windows RT. Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible. MSFT’s artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It’s a clean port, and a good one. But deep in the kernel, in a hashed and signed data section protected by UEFI’s Secure Boot, lies a byte that represents the minimum signing level.” Good stuff. Very good stuff.

33 Comments

  1. 2013-01-06 11:38 pm
    • 2013-01-06 11:53 pm
    • 2013-01-07 12:04 am
      • 2013-01-07 9:43 am
        • 2013-01-07 10:55 am
          • 2013-01-07 12:04 pm
          • 2013-01-07 1:24 pm
          • 2013-01-07 1:40 pm
          • 2013-01-07 3:26 pm
          • 2013-01-07 3:35 pm
          • 2013-01-07 5:59 pm
          • 2013-01-08 6:11 am
          • 2013-01-08 6:27 am
          • 2013-01-08 7:20 am
          • 2013-01-08 7:24 am
          • 2013-01-08 5:48 am
        • 2013-01-07 3:23 pm
      • 2013-01-08 6:06 am
        • 2013-01-08 6:24 am
    • 2013-01-07 12:23 pm
    • 2013-01-07 7:44 pm
  2. 2013-01-07 7:20 am
    • 2013-01-07 7:23 am
    • 2013-01-07 11:00 am
    • 2013-01-07 3:59 pm
  3. 2013-01-07 10:19 am
    • 2013-01-07 10:58 am
      • 2013-01-07 11:02 am
        • 2013-01-07 11:05 am
          • 2013-01-07 11:25 am
          • 2013-01-07 12:47 pm
      • 2013-01-07 1:40 pm
  4. 2013-01-08 7:51 pm