So I’ve just had a quick play with this and yes, it works.
-
@GossiTheDog could this be used to unlock a drive taken from a dead laptop/pc, when the user doesn't have the bitlocker key saved?
@kirenida @GossiTheDog if the drive is still in the dead system you'd be better off trying to get it to a point where it'll boot to the point of the TPM being read.
-
I think my prior toot on NightmareEclipse auto deleted so to make a perm one - it isn’t me. I suspect it’s somebody who used to work at MSFT, who departed after my era.
@GossiTheDog It did cross my mind that this could perhaps be the person who used to drop 0-days on Twitter a few years ago when they were having a bad day.
-
@gsuberland @kirenida @GossiTheDog It could maybe restore my windows where bitlocker prompts me for the key which I have forgotten. Or I get that prompt because my TPM forgot the key, and that's then not possible.
Anyway, running linux now. -
@barubary @GossiTheDog It might be a "We've to deliver this and test this quicker" and someone forgot to remove.
A backdoor implies planning and we're talking about Microsoft.
I'd bet for bad QA and controls and lazy development with a pinch of "hurry, deliver now"
Which is ... Worse?
@prsfalken
This probably would be the only option that this is not a back door.Otherwise I'd say this is the reason the backdoor was found
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog I never trusted #BitLocker with it's #Govware - #Backdoor anyway!
- Cuz now people put that trust into some #BackBox IC (#TPM) that is usually soldered down on the board that may or may not be #exploitable from the factory (whether due to #bugs, #incompetence or "Export Restrictions #Compliance" is irrelevant for the affected End-Users!)…
- If (for some horrible reason that I refuse to acknowledge as legitimate!) someone needs a #Windows machine BUT with #FullDiskEncryption, they should use the only REAL #FDE: #VeraCrypt!
#CensorBoot never was about #Security…
- Calling it "#SecureBoot" is adopting the enemy's #Propaganda-Speak!
-
@gsuberland @kirenida @GossiTheDog It could maybe restore my windows where bitlocker prompts me for the key which I have forgotten. Or I get that prompt because my TPM forgot the key, and that's then not possible.
Anyway, running linux now.@gunstick @kirenida @GossiTheDog nope. it needs a functioning TPM with the right key, and BitLocker in no password mode. this is only functionally a login bypass.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog
Oh wow, a backdoor in a Microsoft product, much wow \s -
M mrmasterkeyboard@mastodon.social shared this topic
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog I am shocked. Shocked I say!
-
@GossiTheDog I am shocked. Shocked I say!
Rememeber: never ask “is this Microsoft security product backdoored?”
Instead ask: “how exactly is it backdoored? How many back doors are there?”
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog i wouldn't be surprised if this was supposed to only be built in certain branches via velocity configuration, and someone fucked up when merging some other changes in -
Rememeber: never ask “is this Microsoft security product backdoored?”
Instead ask: “how exactly is it backdoored? How many back doors are there?”
@GossiTheDog Also: that’s worse?
- Microsoft and intentionally backdooring BitLocker
- Microsoft unintentionally backdooring bitlocker -
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
-
I think my prior toot on NightmareEclipse auto deleted so to make a perm one - it isn’t me. I suspect it’s somebody who used to work at MSFT, who departed after my era.
For anybody looking at this, testing showed two things:
- TPM unlocked the storage
- it provides a login bypass, as you’re dumped as SYSTEM prior to Windows Hello or password loginBitLocker operates without a PIN by default so it’s basically a big gap, it’s unclear how this code made it into the production version of Windows.
-
For anybody looking at this, testing showed two things:
- TPM unlocked the storage
- it provides a login bypass, as you’re dumped as SYSTEM prior to Windows Hello or password loginBitLocker operates without a PIN by default so it’s basically a big gap, it’s unclear how this code made it into the production version of Windows.
I should point out I’ve only tested with one version of Windows 11 - maybe the scope is smaller.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog I'd be highly surprised if it didn't have a backdoor. Microsoft is not a company you should trust -
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
I was worried I'd run out of tools that do not require opening a computer/laptop case, now that Microsoft's planning to patch Bitpixie this year.
But Windows is a gift that just keeps on giving
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog I always assumed anything that could unlock an encrypted drive with no password or other authentication from the user could be bypassed. I figured if you don't have to enter a password, you have to assume that neither does anybody else.
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
@GossiTheDog hi just out of curiosity why would a bios password help / be required? is that only for if pcr7 isn't bound?
-
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey
Mitigation = BitLocker PIN and BIOS password lock.
-
@tanavit @GossiTheDog
Haha oui j'ai vu passer ça, ainsi qu'une faille RCE dans Word.
