Hacker News — vinext + Cloudflare Workers

NHacker Next

new
past
show
ask
show
jobs
submit

▲YellowKey Bitlocker Bypass Vulnerability (github.com)

56 points by entuno 1 days ago | 8 comments

protimewaster 13 hours ago [-]

What's the data in the FsTx folder? Is it just some magic data that Windows looks for?

e12e 18 minutes ago [-]

Looks like it triggers a debug modus which in turn replay filesystem transactions from transaction logs?

https://infosec.exchange/@wdormann/116565129854382214

jllyhill 12 hours ago [-]

Does anyone know if the fix was shipped already? If it not a backdoor, of course.

msuser 11 hours ago [-]

How is this a backdoor if one of the steps is to reboot the system while holding down SHIFT? To boot in the first place, the drive needs to be unlocked.

e12e 16 minutes ago [-]

In addition to sibling comments, the author claims it also affects tpm+pin.

fh67 10 hours ago [-]

Most users have it unlocked by TPM only as that is the default Microsoft configuration - you then reboot into windows recovery, yes if windows recovery is disabled or if bitlocker requires a startup pin then this is mitigated.

msuser 7 hours ago [-]

Point taken, but I would call this an authentication bypass (i.e. you can become administrator without any credentials) instead of a BitLocker bypass. It looks like at most, having BitLocker turned on is a requirement to trigger the bug/backdoor.

In any case I'd be very curious to read a response to these findings from someone at Microsoft.

coopreme 13 hours ago [-]

Seems like a backdoor.

Rendered at 01:20:57 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.