Lee Duna@lemmy.nz to Technology@lemmy.worldEnglish · 19 days agoMicrosoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoorwww.tomshardware.comexternal-linkmessage-square158linkfedilinkarrow-up1922file-text
arrow-up1922external-linkMicrosoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoorwww.tomshardware.comLee Duna@lemmy.nz to Technology@lemmy.worldEnglish · 19 days agomessage-square158linkfedilinkfile-text
minus-squareCornballer@lemmy.ziplinkfedilinkEnglisharrow-up53·18 days agoSomebody on twitter “reverse engineered” the exploit. Apparently ms shipped debug code in production. At least it’s not called Backdoor_FBI outright. How it works: Recovery tools look for a config file called RecoverySimulation.ini on the OS drive If Active=Yes, it enables “test mode” for the recovery tools Test mode unlocks your BitLocker drive but a flag called FailRelock tells it to skip relocking cmd.exe spawns with full access to your “encrypted” drive
minus-squarejabberwock@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up18·18 days ago“Ah yes, but think about how much faster they shipped that code with Copilot doing all the heavy lifting.” Some Microsoft exec, probably
minus-squareBigDanishGuy@sh.itjust.workslinkfedilinkEnglisharrow-up18·18 days agoDoes test mode unlock without the key?!? So it’s just “encrypted” with a generic key, and the unlock key is for authentication? That sounds insane, even for microsoft.
Somebody on twitter “reverse engineered” the exploit. Apparently ms shipped debug code in production. At least it’s not called Backdoor_FBI outright.
“Ah yes, but think about how much faster they shipped that code with Copilot doing all the heavy lifting.”
Does test mode unlock without the key?!? So it’s just “encrypted” with a generic key, and the unlock key is for authentication? That sounds insane, even for microsoft.
😮💨