I have not been able to get it working on Hyper-V or Virtualbox. What I've tried:
- placing the files onto a FAT32 USB with a Win11 installation (which includes RE). Booting into the USB will actually delete files in the FsLogs folder.
- placing the files onto an ntfs hdd attached to the system. Booting into the USB seems to delete the folder within FsTx
- booting into USB as well as on drive RE
There has been inconsistent behavior with holding control to get to a cmd- in my hyperv environment the cmd would open from booting on the usb drive, but not to storage RE. Virtualbox would not open cmd either way. In this cmd window, diskpart and cd showed that the drive was still locked.
Opening the cmd thru the recovery menus would always ask for the recovery key.
I believe this exploit may have to do with the specific version of RE or install USB. Furthermore, I believe it is dependent on a TPM only or PIN optional unlock.
More testing needs to be done and published with recorded results, not just a random readme and some issue comments on github.
TPM only unlocking has always been riddled with insecurities, it is inherently insecure. I would be surprised if required PIN had a vulnerability allowing access to an encrypted drive.
Also, has this vulnerability been disclosed to MS, or this user just posted it for the public clout?
I have not been able to get it working on Hyper-V or Virtualbox. What I've tried:
There has been inconsistent behavior with holding control to get to a cmd- in my hyperv environment the cmd would open from booting on the usb drive, but not to storage RE. Virtualbox would not open cmd either way. In this cmd window, diskpart and cd showed that the drive was still locked.
Opening the cmd thru the recovery menus would always ask for the recovery key.
I believe this exploit may have to do with the specific version of RE or install USB. Furthermore, I believe it is dependent on a TPM only or PIN optional unlock.
More testing needs to be done and published with recorded results, not just a random readme and some issue comments on github.
TPM only unlocking has always been riddled with insecurities, it is inherently insecure. I would be surprised if required PIN had a vulnerability allowing access to an encrypted drive.
Also, has this vulnerability been disclosed to MS, or this user just posted it for the public clout?