Not long after a hacker posted details of how a vulnerability in Windows NT kernel could be used to let unsigned applications run on the platform, a ready-made tool has appeared to do the job. Available on the XDA developers forums this tool automates the complex bits of the Windows RT hacking process. The Windows RT kernel has a flag that specifies what kind of code the system can run. Normally this flag is set such that only applications signed by Microsoft can run, the hack changes this flag such that any unsigned executable is allowed to run. Due to secure boot which will prevent the system from booting if modified, this flag can only be modified in memory after the system has already booted. This also means that flag will be reset on boot, and the system will have to be jailbroken once again. In other words the hack allows Windows RT to run what it was always capable of, running full fledged desktop applications, like Microsoft’s own Office suite. Since Windows RT is still running on ARM devices it wont run any old software that you have running on standard Windows 8. It will only run Windows apps compiled for ARM, which is not a straightforward task due to the lack of an official toolkit to create Windows apps for ARM. Still some hackers have managed to port a few applications such as a VNC Server / Client, PuTTY and Bochs. The fact that Bochs is running is especially exciting. For those who haven’t heard of it, it is a VM software, like VMWare Workstation, VirtualBox or QEmu. Bochs can emulate an x86 PC and has previously been used to run Windows XP on N900 and even the iOS. With Bochs on Windows RT it might be possible to run x86 software on ARM Windows. Of course this is just a theoretical exercise since any software run this will probably run too slow to be of any real use. You can find more about this hack and how to run it on your own device here
