[Prepare knowledge]
When jailbreak is mentioned, many people know that ios jailbreak, Android root also belongs to this class. These jailbreak steps generally have the following two steps:
1. Looking for loopholes, will control the device The right is raised to the root level.
2. Crack the digital signature certificate of the installed application to install the non-app store application.
The Windows 8 just released has joined the app store for the first time. Since the user has admin rights directly after installing win8, the jailbreak work only has the second step.
[Principle]
Under win8, there are only two normal ways to install the new Metro interface application:
1. Register the windows account and download the installer from the official app store.
2. Install a Virsual Studio 2012 own development program, but only for native debugging.
In addition to this, there are actually two ways to go. The first way is to register Microsoft's developer account, and then you can install non-certified applications. Some jailbreak tools that came out some time ago, such as Win8. Optimize the master, this is the way to promote the app store account to the developer account.
This road has fatal drawbacks. It is impossible for all users to register as developers. Developer accounts are now easy to register and free, but maybe one day is like Apple, 100 dollars a year, to At that time, Microsoft has blocked a lot of it?
So, there is only one way left at this stage:
Microsoft provides a function in the Windows 8 Enterprise Edition that allows users to install applications freely. "Sideloading" For this feature, you need to meet the following conditions:
1. Enable "Allow installation of trusted applications" in the registry or group policy. (The specific registry location is: AllowAllTrustedApps key under HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsAppx, set to 1 You can)
2. Add the computer to a domain. The master computer of this domain must have the activation key of the Sideloading function (you can also install the key locally).
The first one is very easy to do, then all the articles will be done on the second article, please continue to look down.
[crack process]
kost's method is to hook the windows store service, so that it thinks the computer has joined the legal domain, so as to achieve the purpose of jailbreak, he provides a wsservice_crk.dll file, registered by the LocalServiceAndNoImpersonation group. Service, running in the background.
In this way, the application can be installed, but where is the application? Of course, some people should download it first, then crack it, and then release it. Users of ios are familiar with these.
To publish your own app, you need to prepare four tools, makeappx, signtool, makecert, and pvk2pfx. The specific usage is mentioned below.
First download and install the app from the app store (TMD has to install it yourself), all apps are installed under C:Program FilesWindowsApps. Note: This directory must first display hidden files and give them permission. turn on.
Copy the entire directory of the application you want to install (the directory name is represented by a string, if you don't know which one, open the application name), delete the microsoft.system.package.metadata sub Directory (hidden folder).
The first step, you need a root certificate, you need to use two tools: makecert and pvk2pfx:
makecert -r -pe -n "CN=microsoft" -a sha256 -cy end -sky exchange -b < ;certificate start date> -e <certificate expiration date> -sv <filename>.pvk <filename>.cer
"CN=microsoft" Set it yourself, the two file names must be the same, this is also taken by yourself. After entering the Enter key, a dialog box will pop up asking you to enter the private key. To enter it three times, choose a password that you can remember. It will be used later. After completion, a pvk and a cer file will be generated.
pvk2pfx -pvk <filename>.pvk -spc <filename>.cer -pfx <filename>.pfx -pi <private key just entered>
last generated The pfx file is the root certificate you want.
The second step, the package of the program file package:
modify the AppxManifest.xml file under the program folder before packaging, change the Publisher property of the Identity item to "CN=<the certificate issuer just set> ;"and save, then open cmd, enter the directory where the MakeAppx tool is located:
MakeAppx.exe pack /d <source folder full path> /p <generated package path and file name>< Br> The generated package file name must end with appx.
Because the appx application must be digitally signed before it can be installed, sign the package with the root certificate you just created:
signtool sign /v /a /fd SHA256 /p <your private key> /f <Certificate path and file name> <Package path and file name>
Step 3, the appx file after the signature is completed can be installed, run PowerShell with administrator privileges, enter:
Add- AppxPackage <package path and file name>
Open your start screen after the progress bar is finished, congratulations! The installation is complete!
[What can I do after jailbreak]
1. Install the paid app, Since the Windows store now has a very small amount of software and few excellent paid applications, cracking payment is not the scope of this article. After some time to write the principles and processes, Kost provides a TokensExtractor tool to crack paid applications, which can be released after cracking. Others installed, it seems that no one is released online at this stage.
2. Offline installation package, because the Windows store is slow to visit the snail in the country, some places even need to change the DNS to open, so offline installation is definitely the first choice for the Chinese.
3. Install an application that you have developed and developed by others that cannot be reviewed by Microsoft (the evil audit system goes to hell!).
[It’s finally my tool to write]
People like fool tools, let me be a good person, the above process has been integrated into several small buttons, in order not to let the big guys more lazy, install applications or through one above command (do not throw rotten eggs):
Note: only supports 64-bit enterprise Edition win8,32 I will make up the future, the options can be set in the background Crack the name of the service, and your own certificate information, the certificate file comes with it, in the certificate directory. You must right-click to run with administrator privileges.