The team from Princeton has released their cold boot attack tools at The Last HOPE. Earlier this year they showed how to recover crypto keys from the memory of a machine that had been powered off. Now they’ve provided the tools necessary to acquire and play around with your own memory dumps. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There’s also efi_memimage which implements the BSD TCP/IP stack in EFI, but it can be problematic. aeskeyfind can recover 128 and 256bit AES keys from the memory dumps and rsakeyfind does the same for RSA. They’ve also provided aesfix to correct up to 15% of a key. In testing, they only ever saw 0.1% error in there memory dumps and 0.01% if they cooled the chips first.
We saw another interesting tool today: coreinfo is a library for the custom BIOS coreboot. Using it you can examine the memory directly without any damage.
The Q&A session at the end of [Jacob Appelbaum]‘s talk included a discussion of possible countermeasures. We’re convinced that this won’t be solved until there’s a fundamental change to RAM design. One of the interesting suggestions we heard was building a “RAM condom”. It would be a riser card that the RAM plugs into. When the case intrusion system triggered it would blank the RAM. It’s an interesting idea; anyone want to build it?