YellowKey reportedly works in Windows 11, Windows Server 2022 and 2025, but not in Windows 10.
Somebody on twitter “reverse engineered” the exploit. Apparently ms shipped debug code in production. At least it’s not called Backdoor_FBI outright.
How it works:
- Recovery tools look for a config file called RecoverySimulation.ini on the OS drive
- If Active=Yes, it enables “test mode” for the recovery tools
- Test mode unlocks your BitLocker drive but a flag called FailRelock tells it to skip relocking
- cmd.exe spawns with full access to your “encrypted” drive
Closed source security mechanism has backdoor
More news at 9
of course there’s a back door. You motherfuckers think they’ll TPM secure boot lock file manage SECURTYYYY and not let five eyes waltz in whenever they fucking well please?
the billionaires don’t care about your “security”
This only works if you don’t have the TPM PIN set.
Er, no?
Eclipse notes that using a full TPM-and-PIN setup doesn’t help, as apparently, they have a variant for that scenario that they haven’t published a PoC for
I guess LUKS is safe.
Why people are saying that the files being deleted indicate a backdoor? This is clearly to be executed while having access to the laptop. So it’s not like I’m tricking someone into connecting the USB drive and after the PC is infected I want to get rid of the evidence. If some FBI agent is using a USB drive to unlock a laptop at work, what’s the point of making the drive single use?
This could also be part of the PoC created by the researcher, not part of the backdoor.
Buttlocker
Lmao, remember when Microsoft wouldn’t make a backdoor for the US government? https://mashable.com/archive/fbi-microsoft-bitlocker-backdoor
I wonder what favor the government traded for this. Or maybe what threats were made to Microsoft…
I wonder what favor the government traded for this. Or maybe what threats were made to Microsoft…
Probably none; don’t forget, the majority of Lose11 is vibecoded
Maybe it’s just a coincidence! Maybe those files just randomly do that lmao. Including deleting themselves!
Lol, imagine if they made that defense. “This was the result of an AI hallucination!”
JuSt MaKe A sEcUrE bAcKdOoR
Surely the bad guys would never use an encryption backdoor made for the “good” guys??
I lost 3 years of work and my research dissertation because of bitlocker. Fuck you microslop, now I do everything on Linux because of your security garbage
Not to be that guy, but that’s 100% on you for not having backups of important work. It’s 3 years and your fucking research dissertation, how the fuck do you keep that all in one place?
This time you got fucked by Microsoft for having shit software. But it could have been your hardware that exploded, your house catching fire, your shit being stolen, you downloading malware from that one site you told your girlfriend you’d never visit again, shitty infrastructure causing power issues or flooding, you yourself having a nervous breakdown and nuking the thing.
Keep everything important at least in three places, one of which should be in a physically different (remote) place. Backup often, keep to the schedule and test your backups.
Jeez man, using Microsoft software and not having backups is like walking around with a loaded gun pointed at your dick. It’s all well and good till you get your dick blown off.
You sound like a paid shill for microslop
I have a better backup system in place for my factorio saves. Script syncs the live copy to several places on the network along with compressing a timestamped copy to an external HDD which stores a bunch of copies. Then manually I might trim them down every few years or so as I don’t really need 3 different copies from March 2024 still.
In the immortal words of Daniel Rutter (again): If nothing else, backups are necessary because at some point in your life you will confidently instruct your computer to destroy your data.
A few years ago I deleted my whole home folder by bind-mounting it inside a chroot. When I was done with the chroot, I
rm -rf-ed it without unmounting my home first.Been there, done that.
I was lucky last time, was able to reconstruct almost all of it (99.7%) in 3 weeks of after-work messing around. The 0.3% is non-critical.
Now I do something I wrote myself with cron, rsync, hardlinks and gpg. It’s simple, easy to test and fairly bulletproof. Protip: keep many backups of your keys or you’ll wish you had.
Syncthing (distributed folder sharing including “keep x copies of each file”) and duplicity (gpg-encrypted, incremental backup anywhere) are your friends.
Been using them for a very, very long time. A++ open source, cross-platform solutions.
Yeah, I was hesitant to encrypt backups for a long time, and now I have the problem that you can’t store backups of encryption headers on the encrypted device(s)
i just deleted a month of notes by doing:
find $(pwd) “*.tmp” -delete
instead of:
find $(pwd) -iname “*.tmp” -delete
turns out the former throws an error on “*.tmp” but still deletes everything lol… PSA for everyone
Damn! That’s a brutal one. Someone should maybe change that behavior.
Yeah, I would also like to know more on how bitlocker screwed him. Like was it a legit problem or that the device died and didnt have the keys to decrypt it? If it’s not keeping the keys somewhere safe, which it even makes you do by not allowing you to select the local device, then idk how the blame is microsoft is shitty. Need more info though.
IT lapsed and diddnt have keys for the computer. So windows 10 “updated” to windows 11 the computer bricked. IT also blocked us from plugging in usb sticks. Which they then blamed me for not backing everything thing up to one drive. It’s all just left a sour taste in my mouth
“If it only exists on your laptop, it doesn’t exist”
I to have multi tiered backups for my laptops and do regular restores to validate them. Same for my parents and all my non technical family and friends. Its amazing that big companies mess this up since everyone does it. It’s just so cheap and easy to do. /s
- Find online backup service
- Pay for subscription
- Install backup software
- …
- Still have your data
I use Backblaze myself… But there are many other straightforward and easy backup solutions out there.
Storing important data online on someone else’s computer is beyond fucked up levels of stupid: You only need to lose your encryption key once in your lifetime afterwards, and you can consider your backup public for all the world to see. And a single encryption weakness / backdoor will expose data just the same. Not to mention using third party sw to “do the backup” for you and relying on them to encrypt it so that they themselves can’t read it, is very naive.
Once your data left your home network, it is no longer yours to control.
Well… That depends entirely on your threat model…
In my setup, the backup is encrypted locally, and then uploaded to Backblaze. If I leak my encryption key, then yes, Backblaze and any state actor that can compel Backblaze, might be able to read my backup (and the same goes for an encryption vulnerability). But since the connection to access the backup is also authenticated, the rest of the public would not be able to read my backup. If I leak my access credentials, then everyone could get my encrypted backup data, but not be able to decrypt it. Of course if I leak both the access credentials and the encryption key, then yes anyone that obtains both can read my backup.
Many regular people use Microsoft Onedrive or Google Drive, which offers even less protection, but it’s certainly sufficient and well enough protected to keep your dissertation protected.
In most backup services you have the option to choose what gets backed up, and what does not. But sure, it entirely depends on who you want to protect yourself from.
If your main concern is state actors, then yeah… You probably shouldn’t use something like Backblaze. You should keep everything on your own hardware. And convince a friend or some family to have a NAS sitting somewhere that can host your backup destination.
For my case I’m mostly concerned about data continuity (not losing data). But privacy is certainly also a concern, and here I have chosen to believe that the encryption is sound enough, and that my ability to keep my encryption key safe, is sufficient for the data it protects.
My main concern is that all my data is online, potentially forever (I have to assume it will be) and the only thing needed to access it is a comparatively tiny encryption key (we’re talking Megabytes) that I have to keep safe forever (or until I delete it). If I ever mess up, or a computer with the encryption key gets compromised, then there goes my data into the public domain…
I mean, the concept behind BitLocker is fine. Encrypting drives by default should be the norm, the same way we encrypt our web traffic by default with https. The issue is Microsoft’s awful implementation that has led lots of users to accidentally lock themselves out of their own data, without even realizing what they were doing.
From their blog:
Now regarding YellowKey, lots of you are wondering how does one even find such backdoor ?
I’ll tell you how, it took me more time trying to get it to work than the amount of sleep I had in two years combined. No AI involved, no help in any shape or form. I could have made some insane cash selling this but no amount of money will stand between me and my determination against Microsoft.
[…]
I can’t wait when I will be allowed to disclose the full story, I think people will find my crashout very reasonable and it definitely won’t be a good look for Microsoft.
Looking forward to the full story.
I could have made some insane cash selling this but no amount of money will stand between me and my determination against Microsoft.
There is no better motivator than pure anger and spite.
Ngl I feel like it’s just going to be “I thought it was backed up but it wasn’t and M$ wouldn’t write me a back door”
Which is fine as a back story, but also a dime a dozen really.
Down voted because you rushed this comment and it’s not really clear what you’re trying to say.
YellowKey can be triggered simply by merely copying some files to a USB stick and rebooting to the Windows Recovery Environment. We tested this ourselves, and sure enough, not only does it work, it bears all the hallmarks of a backdoor, down to the exploit’s files disappearing from the USB stick after it’s used once.
100% certainty of backdoor. Is bitlocker developed outside of MSFT? Would seem to need MSFT cooperation to implement.
Bitlocker was developed entirely inside MSFT. Upon further review, there is a chance that this is all somewhat normal behaviour. Part of MSFT safeOS to make it convenient to recover bitlocker access, and update windows.
And be able to easily comply with law enforcement requests for decryption.
Ergo, the encryption is actually worthless.
They also state the vulnerability is well-hidden, and that they “could have made some insane cash selling this, but no amount of money will stand between me and my determination against Microsoft.”
based.
You’d think this would only be the 100th-or-so embarrassing security-defying bug to plague micro$oft but you’d be wrong.
It’s like we’re in a world where most people use windows to log on to facebook. Its bizarre.
Backdoors are features, not bugs though.
