Forums
Main Category
General (Technical,...
Microsoft Surface R...
 
Notifications
Clear all

Microsoft Surface RT

 
Page 2 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 12 years ago
28 Posts
11 Users
0 Reactions
3,084 Views
RSS
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
08/12/2012 5:18 am  

@PaperClip_CCE

The Surface does NOT run Windows 8, it runs Windows RT.

It is NOT a i386 platform, it is an ARM one, for all the info there are, ONLY Windows RT can currently boot on that device, it uses Secure Boot, but it seems like it additionally has a "locked" certificate.

See
http//superuser.com/questions/502771/microsoft-surface-alternative-os

On a "generic" Secure Boot enabled hardware, that can have certificates added, Ubuntu will most probably boot, and surely before or later *some* way to by-pass this MS limitation will be found out, but right now it seems like not possible.

jaclaz


   
ReplyQuote
 PaperClip_CCE
(@paperclip_cce)
Active Member
Joined: 13 years ago
Posts: 6
08/12/2012 6:58 am  

@PaperClip_CCE

The Surface does NOT run Windows 8, it runs Windows RT.

It is NOT a i386 platform, it is an ARM one, for all the info there are, ONLY Windows RT can currently boot on that device, it uses Secure Boot, but it seems like it additionally has a "locked" certificate.

See
http//superuser.com/questions/502771/microsoft-surface-alternative-os

On a "generic" Secure Boot enabled hardware, that can have certificates added, Ubuntu will most probably boot, and surely before or later *some* way to by-pass this MS limitation will be found out, but right now it seems like not possible.

jaclaz

Thanks jaclaz.
I'm aware of this fact. (Forgive me, I should have been clear on that)
I would assume that most people on this forum would know the difference between the Surface running Windows RT (which is locked) with an ARM Cortex-A9, and the Windows 8 Pro model. I should have been clear.

(Again, none of this I have actually tried. Just thinking of possibilities - just trying to help)

Additionally
Ubuntu 12.10 has a "Texas Instruments OMAP4 (Hard-Float) desktop image" that COULD possibly work
http//releases.ubuntu.com/quantal/
That version works with ARM Cortex-A9
https://wiki.ubuntu.com/ARM/OmapDesktopInstall

But if the RT machine is locked via cert requirements…. who knows.

One more thing
I called EnCase tech support & asked about this. They told me this was a "Pending Request" to have implemented as a feature in (perhaps) future versions of EnCase.

I'm really curious to see how this issue gets resolved.


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
08/12/2012 3:39 pm  

I'm aware of this fact. (Forgive me, I should have been clear on that)
I would assume that most people on this forum would know the difference between the Surface running Windows RT (which is locked) with an ARM Cortex-A9, and the Windows 8 Pro model. I should have been clear.

Yep ) , but the topic is about the RT, the Pro version has only been announced at the moment.

From all the info around it seems like the Surface RT is "strictly" locked to Windows RT (and it is very likely that the Surface Pro will be "strictly" locked to Windows 8).

The situation of different manufacturer's tablets (still running RT or 8 ) is likely to be more "open" and undoubtedly before or later someone will find a way to boot to them some alternate OS and/or to image BOTH the non MS and the MS ones.

Right now it seems like the only option is to open the thingy and get to the storage with "mechanical" means, though it is not seemingly "easy-peasy"
http//www.ifixit.com/Teardown/Microsoft+Surface+Teardown/11275/1
http//www.techrepublic.com/photos/cracking-open-the-microsoft-surface-with-windows-rt/6391348?seq=63&tag=siu-container;thumbnail-view-selector
but even once you have it open reading the Samsung chip contents may not be easy.

jaclaz


   
ReplyQuote
 gilly_uk
(@gilly_uk)
Eminent Member
Joined: 13 years ago
Posts: 23
Topic starter 08/12/2012 7:26 pm  

I think that technet documents relates to the old microsoft surface which was a massive table that you could pass documents around on.


   
ReplyQuote
 colinr
(@colinr)
New Member
Joined: 13 years ago
Posts: 4
31/01/2013 3:41 am  

I have managed to create a physical sector-by-sector image of my own 32GB Surface RT, at the moment it is not exactly forensically sound, but it is sufficient to meet principle 2 of the ACPO guidelines.

I hope to have a better solution in the near future, I have noticed a few strange quirks with the RT which can work to my advantage, however, it could be just my machine that is not performing as intended.

I'm not going to disclose my methods on a public forum, but should anyone (only in the UK for the time being) require my assistance, please feel free to get in contact with me.

Colin.

Here is a few screen shots of the partition structure / file system displayed within WinHex.


   
ReplyQuote
TuckerHST
 TuckerHST
(@tuckerhst)
Estimable Member
Joined: 16 years ago
Posts: 175
31/01/2013 3:54 am  

I'm not going to disclose my methods on a public forum, but should anyone (only in the UK for the time being) require my assistance, please feel free to get in contact with me.

Why the secrecy? Why the geographic exclusivity?


   
ReplyQuote
 colinr
(@colinr)
New Member
Joined: 13 years ago
Posts: 4
31/01/2013 4:09 am  

Because it's still a work in progress, furthermore, as the UK is such a small country, it is easy for practitioners to visit our lab and even easier for me to offer telephone assistance without time zone issues.

There is also a potential quirk that I have discovered, that if revealed, may be rectified by MS!

I suppose I should also take this opportunity to mention that the offer of assistance only extends to the Law Enforcement community.

Thanks,

Colin


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
31/01/2013 8:52 am  

Windows RT is jailbroken. That is, unsigned app that is compiled for ARM can be run as admin.

As in dd…

Is your method different or better?


   
ReplyQuote
Adam10541
 Adam10541
(@adam10541)
Honorable Member
Joined: 13 years ago
Posts: 550
31/01/2013 12:08 pm  

There is also a potential quirk that I have discovered, that if revealed, may be rectified by MS!

In my experience with MS they are very pro LE and provided this "quirk" doesn't pose a security risk to the normal operation of the device I very much doubt they'd even care. That's also assuming that either a MS employee lurks on this forum, or someone here is going to go running to tell them D

But I understand your reticence here……but if you change your mind I know I'd be very curious as to the method used and I'm pretty sure a few other people here would too.


   
ReplyQuote
 colinr
(@colinr)
New Member
Joined: 13 years ago
Posts: 4
31/01/2013 2:20 pm  

@ jhup, spot on for that part, except not dd, just a proof of concept app that I wrote myself.

I have contributed quite a lot to the WinFE project (www,ramsdens,org,uk), so you can probably see where I'm going with this, jailbreak just does not work in my prefered environment just yet.

@Adam10541, I imagine that it may be classed as a security risk, I must stress that it only appears to happen under certain curcumstances.

I'm not being intentionally stubborn by withholding the information, but the quirk is easily fixed, there are only three reasons why I can see this happening

1. it's intentional, which then makes it not a problem.
2. My surface is faulty!
3. it's a bug.

More research/testing is required.

Regards,

Colin.


   
ReplyQuote
Page 2 / 3
Forum Jump:
  Previous Topic
Next Topic  
Share: