nightmare-eclipse/yellowkey — explained in plain English
Analysis updated 2026-05-18
Learn how a specific Bitlocker bypass technique works for security research purposes.
Reference this disclosure when auditing Windows 11 Bitlocker protections in an organization.
| nightmare-eclipse/yellowkey | openmoss/moss-tts-nano | misolabsai/misotts | |
|---|---|---|---|
| Stars | 3,046 | 3,032 | 3,061 |
| Language | — | Python | Python |
| Last pushed | — | — | 2026-06-09 |
| Maintenance | — | — | Maintained |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 1/5 | 3/5 | 4/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
No software to install, reproducing it requires physical access to a Windows 11 device and a USB stick.
YellowKey is a security research repository that documents a Bitlocker bypass vulnerability found on Windows 11 systems, including Server 2022 and 2025. Windows 10 is not affected. The author describes copying a folder from the Windows Recovery Environment onto a USB stick, or directly into a device's EFI partition, then using a specific key sequence during a Windows 11 reboot to reach a command shell with full access to a Bitlocker protected drive, without needing the encryption password or recovery key. The README walks through the exact reproduction steps: copying the FsTx folder to a USB stick formatted with NTFS, FAT32, or exFAT, holding Shift while clicking restart to enter the recovery environment, then holding Ctrl during the boot sequence. If the steps are followed correctly, an unrestricted shell opens on the protected volume. The author raises a concern about why this happens: the component responsible for the bypass exists inside the Windows Recovery Environment image but not in a normal Windows installation, even though a component with the same name is present there without the same behavior. The author speculates this could be intentional rather than accidental, though this is presented as personal suspicion rather than a confirmed fact. This is not a software tool or application. There is no code to install, no dependencies, and no setup process. It is a short writeup describing a specific vulnerability and the manual steps to trigger it, along with one screenshot showing the resulting shell. The README credits several named parties for making the public disclosure possible, suggesting the finding went through some form of coordinated disclosure process before being shared here. Given the sensitive nature of the content, this repository is best understood as a public vulnerability advisory rather than a piece of software meant to be used, extended, or integrated into other projects.
A public writeup describing a Bitlocker bypass affecting Windows 11 devices, with the manual steps needed to reproduce it.
No license is stated in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.