| ▲ | BareMetal RAM Dumper – Bare-metal x86 tool for Cold Boot Attack experiments(github.com) | |||||||
| 30 points by liffik 2 hours ago | 6 comments | ||||||||
| ▲ | anyaya1 3 minutes ago | parent | next [-] | |||||||
DevTool ecosystem | ||||||||
| ▲ | Dwedit 35 minutes ago | parent | prev | next [-] | |||||||
Does it stop EFI from running first? I'd think that EFI would be clobbering a whole lot of RAM. | ||||||||
| ||||||||
| ▲ | Retr0id 2 hours ago | parent | prev | next [-] | |||||||
> successfully tested Could you elaborate on this? What device did you test on, what was the test procedure, and what was the outcome? | ||||||||
| ▲ | liffik 2 hours ago | parent | prev [-] | |||||||
Hey security researchers! I've released BareMetal-RAM-Dumper — a low-level x86 utility for dumping physical RAM directly to disk, designed for Cold Boot Attack research. What it does: • Custom 512-byte bootloader (no OS needed) • Boots via BIOS Legacy CSM • Switches to Unreal Mode to access 32-bit physical memory • Dumps RAM in 32KB chunks directly to USB drive • BIOS INT 0x15 E820 for safe memory map parsing • Real-time progress indicator Cold Boot Attack Use Case: Freeze a laptop's RAM to -60°C → quickly reboot from USB → capture full memory contents for forensic analysis & crypto key recovery How it works: 1. Stage1: 512-byte boot sector (loads Stage2 via INT 0x13) 2. Stage2: Main logic (memory detection, unreal mode, disk writes) 3. Writes to LBA 64+ on boot drive Warning: This overwrites data starting at sector 64! Use a dedicated blank USB. Built with pure Assembly (NASM) — no bloat, direct hardware access GitHub: https://github.com/pIat0n/BareMetal-RAM-Dumper License: AGPL-3.0 Perfect for: Forensic researchers Security auditors testing cold boot resilience Students learning low-level x86 Penetration testers Feedback & improvements welcome! | ||||||||
| ||||||||