logoalt Hacker News

BareMetal RAM Dumper – Bare-metal x86 tool for Cold Boot Attack experiments

59 pointsby liffikyesterday at 5:37 PM40 commentsview on HN

Comments

floralhangnailyesterday at 9:16 PM

Are there any tricks or guides out there to protect from this attack? Obviously not leaving hardware running and unattended, but what else can help protect you if your running laptop is stolen out of your hands? Workstations can be configured to shutdown upon intrusion switch being activated but what about laptops? I guess hot gluing the RAM in would be a physical obstacle. What about a BIOS password being required for booting from external media or having secure boot enabled? There are exploits to bypass those things, but to an attacker not finding out they are up against that until they reboot, I would hope that would slow them down enough that they fail. If half of or all of the RAM is mounted under the keyboard, I think they would have difficulty getting it out in time. Besides spraying the RAM directly, can you freeze an entire laptop while it's still running? Won't condensation cause problems pretty quickly?

show 7 replies
Retr0idyesterday at 6:01 PM

> successfully tested

Could you elaborate on this? What device did you test on, what was the test procedure, and what was the outcome?

show 2 replies
wmfyesterday at 9:40 PM

Haters, please stop flagging liffik's comments. I know you don't like AI but this thread was legitimately upvoted onto the front page so at least let the author respond to people.

show 1 reply
Dwedityesterday at 7:14 PM

Does it stop EFI from running first? I'd think that EFI would be clobbering a whole lot of RAM.

show 1 reply
alfiedotwtftoday at 1:35 AM

Phew! Luckily I store all my keys at the 5Gb mark!

Joel_Mckayyesterday at 9:47 PM

Threadlocker red, checkmate... lol =3

liffikyesterday at 5:37 PM

Hey security researchers!

I've released BareMetal-RAM-Dumper — a low-level x86 utility for dumping physical RAM directly to disk, designed for Cold Boot Attack research.

What it does: • Custom 512-byte bootloader (no OS needed) • Boots via BIOS Legacy CSM • Switches to Unreal Mode to access 32-bit physical memory • Dumps RAM in 32KB chunks directly to USB drive • BIOS INT 0x15 E820 for safe memory map parsing • Real-time progress indicator

Cold Boot Attack Use Case: Freeze a laptop's RAM to -60°C → quickly reboot from USB → capture full memory contents for forensic analysis & crypto key recovery

How it works: 1. Stage1: 512-byte boot sector (loads Stage2 via INT 0x13) 2. Stage2: Main logic (memory detection, unreal mode, disk writes) 3. Writes to LBA 64+ on boot drive

Warning: This overwrites data starting at sector 64! Use a dedicated blank USB.

Built with pure Assembly (NASM) — no bloat, direct hardware access

GitHub: https://github.com/pIat0n/BareMetal-RAM-Dumper License: AGPL-3.0

Perfect for: Forensic researchers Security auditors testing cold boot resilience Students learning low-level x86 Penetration testers

Feedback & improvements welcome!

show 1 reply
anyaya1yesterday at 7:46 PM

DevTool ecosystem