The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 19:01:57 GMT

jernej__s@infosec.exchange — Wed, 13 May 2026 19:01:57 GMT

@0xabad1dea Looks like one of the files causes winpeshl.ini on the ramdrive to be deleted, which eventually results in command prompt to be spawned instead of the usual UI.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 18:08:07 GMT

0xabad1dea@infosec.exchange — Wed, 13 May 2026 18:08:07 GMT

@babble_endanger @oilheap if you have a password on bitlocker itself (as opposed to your Windows account) then yes, this debug backdoor cannot work.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 17:55:46 GMT

babble_endanger@freeradical.zone — Wed, 13 May 2026 17:55:46 GMT

@oilheap @0xabad1dea yeah i was wondering that... So this exploit only works if you don't use a password or pin?

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 17:17:02 GMT

slyborg@vmst.io — Wed, 13 May 2026 17:17:02 GMT

@0xabad1dea I feel certain that FileVault also has some kind of magic bypass. Either of the ‘haha nobody will ever discover the arcane incantation needed to put this developer test mode’ or more likely requested by a three letter agency.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 17:05:20 GMT

rrb@infosec.exchange — Wed, 13 May 2026 17:05:20 GMT

@energisch_ @0xabad1dea And this is unrelated to a former student of mine working on security for Huawei, because another student is managing security for Microsoft

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:45:09 GMT

glitchy404@wetdry.world — Wed, 13 May 2026 15:45:09 GMT

@0xabad1dea

Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.
another win 10 w!!!!!!!!!!!!!!!!

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:33:41 GMT

shana@mastodon.gamedev.place — Wed, 13 May 2026 15:33:41 GMT

@0xabad1dea

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:28:30 GMT

0xabad1dea@infosec.exchange — Wed, 13 May 2026 15:28:30 GMT

@jernej__s they're just empty log files (a header plus megabytes of zeroes), presumably because if they're missing entirely, something errors out before the flag gets processed

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:27:08 GMT

jernej__s@infosec.exchange — Wed, 13 May 2026 15:27:08 GMT

@0xabad1dea There's also about 20 MB of other files.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:14:51 GMT

crazyeddie@mastodon.social — Wed, 13 May 2026 15:14:51 GMT

@0xabad1dea How did they come by the content of these files?

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:11:06 GMT

0xabad1dea@infosec.exchange — Wed, 13 May 2026 15:11:06 GMT

@pa27 that's why I was quick to download it

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 15:07:41 GMT

pa27@mastodon.social — Wed, 13 May 2026 15:07:41 GMT

@0xabad1dea Kind of ironic that this is posted on github!!

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 14:50:52 GMT

energisch_@troet.cafe — Wed, 13 May 2026 14:50:52 GMT

@rrb exactly! @0xabad1dea

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 14:48:58 GMT

rrb@infosec.exchange — Wed, 13 May 2026 14:48:58 GMT

@energisch_ @0xabad1dea and I don't live in China, so their ability to mess with me is limited

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 14:42:37 GMT

capnthommo@c.im — Wed, 13 May 2026 14:42:37 GMT

@0xabad1dea oh I'm sure if was the merest accidental oversight and that they're very very sorry and feel so foolish now.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 14:41:19 GMT

energisch_@troet.cafe — Wed, 13 May 2026 14:41:19 GMT

@rrb Well you got a point there. At least it wouldn't be worse than a US tech phone @0xabad1dea

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 14:32:07 GMT

energisch_@troet.cafe — Wed, 13 May 2026 14:32:07 GMT

@0xabad1dea MS has been known - from the start with their first windows versions that they distribute beta versions that come with bugs galore. The user/customer then hands in all those problematic situations which (with luck) get repaired and updated every other day. Those repair updates will happen as long as the version is distributed and only stop when there is a new and "better" version... again, of course, beta, full of bugs.
Microsoft customers are used to being used as beta testers.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 14:13:49 GMT

rrb@infosec.exchange — Wed, 13 May 2026 14:13:49 GMT

@0xabad1dea To be honest, I had a Huawei phone for a long time, because I trust the human rights record of the PRC more than I trust the US tech companies.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 13:52:34 GMT

equity7804@hostux.social — Wed, 13 May 2026 13:52:34 GMT

@kallisti @0xabad1dea well by asking Microsoft nicely for the decryption keys they store in plain text among account data on their server of course ‍ (fck microsoft)

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 13:43:58 GMT

landelare@mastodon.gamedev.place — Wed, 13 May 2026 13:43:58 GMT

@0xabad1dea This would be pretty serious if BitLocker was a security feature, not a user annoyance one.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 13:40:17 GMT

csolisr@hub.azkware.net — Wed, 13 May 2026 13:40:17 GMT

I already went through the hassle of configuring my laptop to get secure boot and encryption on my Windows and Linux partitions, and then I learned the NTFS encryption key gets automatically submitted to Microsoft so decrypting it is as easy as stealing my Outlook account. I'm yet to rekey my hard drive with a local-only key, as I fear I'd have to format and reinstall. Does this exploit make local-only keys equally unsafe, too?

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 13:39:48 GMT

oilheap@infosec.exchange — Wed, 13 May 2026 13:39:48 GMT

@0xabad1dea this is what you get when you do disk encryption without user input

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 13:32:35 GMT

jackemled@furry.engineer — Wed, 13 May 2026 13:32:35 GMT

@0xabad1dea Maybe their new LLM forgot to remove the code before shipping a new production version.

Reply to The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename… on Wed, 13 May 2026 13:23:16 GMT

somevegancheeseisok@mastodon.social — Wed, 13 May 2026 13:23:16 GMT

@0xabad1dea shiiiiiiiiiit that's cool