3 comments

  • Dwedit 5 minutes ago
    Does it stop EFI from running first? I'd think that EFI would be clobbering a whole lot of RAM.
  • Retr0id 1 hour ago
    > successfully tested

    Could you elaborate on this? What device did you test on, what was the test procedure, and what was the outcome?

  • liffik 1 hour ago
    Hey security researchers!

    I've released BareMetal-RAM-Dumper — a low-level x86 utility for dumping physical RAM directly to disk, designed for Cold Boot Attack research.

    What it does: • Custom 512-byte bootloader (no OS needed) • Boots via BIOS Legacy CSM • Switches to Unreal Mode to access 32-bit physical memory • Dumps RAM in 32KB chunks directly to USB drive • BIOS INT 0x15 E820 for safe memory map parsing • Real-time progress indicator

    Cold Boot Attack Use Case: Freeze a laptop's RAM to -60°C → quickly reboot from USB → capture full memory contents for forensic analysis & crypto key recovery

    How it works: 1. Stage1: 512-byte boot sector (loads Stage2 via INT 0x13) 2. Stage2: Main logic (memory detection, unreal mode, disk writes) 3. Writes to LBA 64+ on boot drive

    Warning: This overwrites data starting at sector 64! Use a dedicated blank USB.

    Built with pure Assembly (NASM) — no bloat, direct hardware access

    GitHub: https://github.com/pIat0n/BareMetal-RAM-Dumper License: AGPL-3.0

    Perfect for: Forensic researchers Security auditors testing cold boot resilience Students learning low-level x86 Penetration testers

    Feedback & improvements welcome!