Tuesday, 9 June 2026

Regarding YellowKey PIN+TPM

 -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512


A lot of you had the question of, how will YellowKey work with TPM+PIN.


It wasn't simple, it was an executable that you needed to run in WinRE that will perform all of the required work and output special transaction files. Those transaction files are then put those transaction files in the recovery partition.


Then you have to give the victim their machine back and wait for them to enter the PIN, once the PIN is entered, the machine will keep crashing using some magic you can do to the WinRE partition, once the machine enters WinRE, it will cause the transaction files to be recovered and overrite arbitrary files in the bitlocker protected volume with controllable content. I didn't release the PoC because I rely on bitlocker myself, bitlocker is great, the issue is it have to rely on retarded software to function which is a huge flaw.

-----BEGIN PGP SIGNATURE-----


iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCaiinLQAKCRDFFoRCS0/S

bHk3AQClJoP4SPtxIQIBClPaCWDB4p2qVEiONWFAYfu9WMLAnwD/dEP2XuKzPuKp

Iv3uk97oZi7wJbhzbdRGGhCAIdbT1AY=

=y3l7

-----END PGP SIGNATURE-----


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Regarding YellowKey PIN+TPM

  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 A lot of you had the question of, how will YellowKey work with TPM+PIN. It wasn't simp...

  • Public disclosure
    I was not bluffing Microsoft and I'm doing it again. https://github.com/Nightmare-Eclipse/BlueHammer Unlike previous times, I'm not ...
  • July 14th
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Okay, So let me get this straight, when I actively asked you to communicate with me, you ref...
  • We're doing silent patches now huh, also a quick note about YellowKey
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I just noticed that Microsoft silently patched the RedSun vulnerability, no CVE, no nothing,...