logoalt Hacker News

liffikyesterday at 9:34 PM0 repliesview on HN

Ah, I see what you mean! You are totally right, the physical execution is the truly interesting part.

To clarify, I actually didn't swap the RAM modules to another system. Moving cooled RAM is incredibly difficult and leads to rapid data decay. Instead, I left the frozen RAM exactly where it was on the original board. After the hard power-off, I just quickly swapped the system drive for my prepared drive and booted the same machine back up.

Regarding memory zeroing on boot: that is a highly relevant point. Modern systems (especially with TCG MOR enabled) try to scrub memory during POST to prevent exactly this. However, two things help here:

Fast Boot / Board Specifics: Many BIOSes, including the one on the industrial board I tested (DPX-W250), skip full memory checks and zeroing to speed up boot times.

Hard Power-Off: By cutting power abruptly, the OS doesn't get a chance to set any "clean shutdown" flags. Upon reboot, the BIOS just did a quick POST and handed control to my 16-bit bootloader via CSM, leaving the frozen memory completely intact.

P.S. I'm using AI to translate my messages because I don't speak English. Hope this explains the physics of the attack!