So I’ve just had a quick play with this and yes, it works.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
I think my prior toot on NightmareEclipse auto deleted so to make a perm one - it isn’t me. I suspect it’s somebody who used to work at MSFT, who departed after my era.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog Oh, fun.
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.
-
R relay@relay.infosec.exchange shared this topic
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog it's not clear to me what config this bypasses. is it only the no password config?
(Edit: thought about it and yeah ofc it's just that config)
-
@GossiTheDog Oh, fun.
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.
@barubary @GossiTheDog It might be a "We've to deliver this and test this quicker" and someone forgot to remove.
A backdoor implies planning and we're talking about Microsoft.
I'd bet for bad QA and controls and lazy development with a pinch of "hurry, deliver now"
Which is ... Worse?
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog not a Windows guy so forgive me but I don’t get it. Copy the Fstx folder from where? The target system itself?
-
@GossiTheDog not a Windows guy so forgive me but I don’t get it. Copy the Fstx folder from where? The target system itself?
@mkoek @GossiTheDog the repo.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog could this be used to unlock a drive taken from a dead laptop/pc, when the user doesn't have the bitlocker key saved?
-
@mkoek @GossiTheDog the repo.
@gsuberland @GossiTheDog oh right, sorry didn’t notice it there
and how do you click restart without being already in? Not a Windows user, I’m sure you can tell -
@gsuberland @GossiTheDog oh right, sorry didn’t notice it there
and how do you click restart without being already in? Not a Windows user, I’m sure you can tell@mkoek @GossiTheDog I'm pretty sure this only bypasses the bitlocker config where there's no password, just a key held by the TPM, which is supposed to protect against offline attacks (e.g. unplug your disk and plug it into another machine). so what you do is boot the victim system up to the login screen, follow the procedure here, and it drops you into cmd after bitlocker unlocks. so it really functions more like a login bypass than what most people would think when you say "bitlocker bypass".
-
@mkoek @GossiTheDog I'm pretty sure this only bypasses the bitlocker config where there's no password, just a key held by the TPM, which is supposed to protect against offline attacks (e.g. unplug your disk and plug it into another machine). so what you do is boot the victim system up to the login screen, follow the procedure here, and it drops you into cmd after bitlocker unlocks. so it really functions more like a login bypass than what most people would think when you say "bitlocker bypass".
@mkoek @GossiTheDog you can also usually get the same general result in this config by poking the motherboard with a logic analyser and dumping the TPM data off the bus.
-
@GossiTheDog could this be used to unlock a drive taken from a dead laptop/pc, when the user doesn't have the bitlocker key saved?
-
@GossiTheDog could this be used to unlock a drive taken from a dead laptop/pc, when the user doesn't have the bitlocker key saved?
@kirenida @GossiTheDog if the drive is still in the dead system you'd be better off trying to get it to a point where it'll boot to the point of the TPM being read.
-
I think my prior toot on NightmareEclipse auto deleted so to make a perm one - it isn’t me. I suspect it’s somebody who used to work at MSFT, who departed after my era.
@GossiTheDog It did cross my mind that this could perhaps be the person who used to drop 0-days on Twitter a few years ago when they were having a bad day.
-
@gsuberland @kirenida @GossiTheDog It could maybe restore my windows where bitlocker prompts me for the key which I have forgotten. Or I get that prompt because my TPM forgot the key, and that's then not possible.
Anyway, running linux now. -
@barubary @GossiTheDog It might be a "We've to deliver this and test this quicker" and someone forgot to remove.
A backdoor implies planning and we're talking about Microsoft.
I'd bet for bad QA and controls and lazy development with a pinch of "hurry, deliver now"
Which is ... Worse?
@prsfalken
This probably would be the only option that this is not a back door.Otherwise I'd say this is the reason the backdoor was found
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog I never trusted #BitLocker with it's #Govware - #Backdoor anyway!
- Cuz now people put that trust into some #BackBox IC (#TPM) that is usually soldered down on the board that may or may not be #exploitable from the factory (whether due to #bugs, #incompetence or "Export Restrictions #Compliance" is irrelevant for the affected End-Users!)…
- If (for some horrible reason that I refuse to acknowledge as legitimate!) someone needs a #Windows machine BUT with #FullDiskEncryption, they should use the only REAL #FDE: #VeraCrypt!
#CensorBoot never was about #Security…
- Calling it "#SecureBoot" is adopting the enemy's #Propaganda-Speak!
-
@gsuberland @kirenida @GossiTheDog It could maybe restore my windows where bitlocker prompts me for the key which I have forgotten. Or I get that prompt because my TPM forgot the key, and that's then not possible.
Anyway, running linux now.@gunstick @kirenida @GossiTheDog nope. it needs a functioning TPM with the right key, and BitLocker in no password mode. this is only functionally a login bypass.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog
Oh wow, a backdoor in a Microsoft product, much wow \s -
M mrmasterkeyboard@mastodon.social shared this topic
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog I am shocked. Shocked I say!
-
@GossiTheDog I am shocked. Shocked I say!
Rememeber: never ask “is this Microsoft security product backdoored?”
Instead ask: “how exactly is it backdoored? How many back doors are there?”
