Simple USB Tool Cracks Windows BitLocker Encryption

May 14, 2026 Rachel Kim – Technology Editor Technology

A security researcher known as Nightmare-Eclipse has released a software tool called YellowKey that allows for the complete bypass of Microsoft BitLocker drive encryption on specific Windows systems.

The tool enables an attacker to unlock encrypted disks without requiring a password or recovery key. According to technical details released alongside the tool, the exploit leverages residual code within the Windows Recovery Environment (WinRE) to disable encryption during the boot process.

Technical Mechanism of the Bypass

YellowKey functions by triggering a specific test mode within the Windows Recovery Environment. Once this mode is activated, BitLocker encrypted drives are automatically unlocked. The tool then allows the attacker to set a “FailRelock” flag, which prevents the system from relocking the drives before providing the attacker with full command-line access to the data.

From Instagram — related to Windows Recovery Environment, Windows Server

To execute the attack, the YellowKey files must be placed on a USB drive or copied directly into the EFI partition of the target encrypted drive. The bypass is then triggered by booting the computer into the Windows Recovery Environment while holding a specific combination of keyboard keys.

Affected Systems and Scope

The vulnerability affects devices running Windows 11, as well as Windows Server 2022 and Windows Server 2025. Systems running Windows 10 are not affected by this specific exploit due to fundamental differences in the architecture of the Windows 10 Recovery Environment.

Because the tool grants full access to the drive’s contents, any confidential data stored on affected systems—including password lists, personal files, and cryptocurrency wallets—is considered at risk if the physical hardware is accessed by an unauthorized party.

Mitigation and Response

Security recommendations for users of affected Windows versions include moving highly sensitive data into additional encrypted containers. Suggested alternatives include folders secured by AES-256 encryption via 7-Zip or the use of VeraCrypt with multiple encryption methods.

Microsoft has not yet acknowledged the existence of the YellowKey bypass or released a security patch to address the flaw in the WinRE environment.

What is BitLocker & Device Encryption? The Basics Explained in 2025