BareMetal RAM Dumper – Bare-metal x86 tool for Cold Boot Attack experiments
23 points
1 hour ago
| 3 comments
| github.com
| HN
Dwedit
9 minutes ago
[-]
Does it stop EFI from running first? I'd think that EFI would be clobbering a whole lot of RAM.
reply
Retr0id
1 hour ago
[-]
> successfully tested

Could you elaborate on this? What device did you test on, what was the test procedure, and what was the outcome?

reply
liffik
1 hour ago
[-]
Hey security researchers!

I've released BareMetal-RAM-Dumper — a low-level x86 utility for dumping physical RAM directly to disk, designed for Cold Boot Attack research.

What it does: • Custom 512-byte bootloader (no OS needed) • Boots via BIOS Legacy CSM • Switches to Unreal Mode to access 32-bit physical memory • Dumps RAM in 32KB chunks directly to USB drive • BIOS INT 0x15 E820 for safe memory map parsing • Real-time progress indicator

Cold Boot Attack Use Case: Freeze a laptop's RAM to -60°C → quickly reboot from USB → capture full memory contents for forensic analysis & crypto key recovery

How it works: 1. Stage1: 512-byte boot sector (loads Stage2 via INT 0x13) 2. Stage2: Main logic (memory detection, unreal mode, disk writes) 3. Writes to LBA 64+ on boot drive

Warning: This overwrites data starting at sector 64! Use a dedicated blank USB.

Built with pure Assembly (NASM) — no bloat, direct hardware access

GitHub: https://github.com/pIat0n/BareMetal-RAM-Dumper License: AGPL-3.0

Perfect for: Forensic researchers Security auditors testing cold boot resilience Students learning low-level x86 Penetration testers

Feedback & improvements welcome!

reply