Comments on: HOPE 2008: Cold boot attack tools released

By: dfgdfgd

dfgdfgd — Thu, 12 Feb 2009 23:04:54 +0000

“Bootstrarp loaded… epic fail!” anyone knows whats that supposed to mean

By: Kevin

Kevin — Mon, 04 Aug 2008 21:32:29 +0000

has anyone here used this code after compiling it. I used the usb dump method and was able to capture the contents of ram, but the usbdump application keeps giving me an error saying bad checksum. Just wondering if anyone else is having the same problem. Thanks.

By: Wileur

Wileur — Sat, 19 Jul 2008 11:29:05 +0000

Or have the operating system blank the RAM as the last thing it does before shutting off. At that point disks are not mounted so the keys are not needed anymore. Then the only data left in RAM to hack would be the code for blanking it.

By: poweruser

poweruser — Sat, 19 Jul 2008 09:42:06 +0000

I’d like to see this used to sign software on the Xbox 360 so we can finally have softmodding available for the thing. I also see this useful in getting around DRM.

By: Chris

Chris — Sat, 19 Jul 2008 08:37:48 +0000

Sorry for the double post, but couldn’t you just do a tiny 8 or 16 byte key in the L2 cache that encrypts the RAM key?

By: Chris

Chris — Sat, 19 Jul 2008 08:33:06 +0000

Have the system clear RAM on reset, and have a small chip on the stick itself that clears the RAM on loss of power. Could also do a bit of a bios thing that creates a boot ID that changes at bootup, and have a chip on the RAM passively overwrite what’s from the previous session.

*Points to previous poster.* He’s got the idea with the small capacitor on the memory modules. The transparent encryption/decryption might work for HDDs, but RAM would be too hindered by it and most people would just disable it.

By: ReVrenHex

ReVrenHex — Sat, 19 Jul 2008 06:47:28 +0000

Wow, I would say that just about covers it. And if you need more security for your data, you might want to look into something outside the PC (like building security).

By: Alex

Alex — Sat, 19 Jul 2008 04:53:09 +0000

Lock the case shut. Stick a timer circuit between the power button and motherboard that prevents you from powering on the system for 10 seconds after shut down. Stick a case trigger switch that does the same - open up the pc, pc shuts down, by the time they figure out what it happening/bypass the circuit the memory is empty. Stick an enclosure around the ram to prevent them from cooling the chips while the pc is off (or else they can retain data for more than 10 seconds and get around the circuit). Lastly tilt switches and stuff will trigger a shutdown if the case it moved.

This just leaves the reset button. You could replace it with a key switch or just disable it all together (the inconvenience of having to wait 10 seconds for a reboot - clearing the memory might be beneficial in some restart cases, for the convenience of security. Fair price).

As an added measure epoxy the connectors between the switch, timer circuit and motherboard to prevent a quick easy bypass.

How far do you want to go?

By: Peter

Peter — Sat, 19 Jul 2008 04:05:15 +0000

Why not put a battery/capacitor on the motherboard with enough power to blank the ram whenever the mains go?

Can they pull the chip with the computer still running?

By: pascal

pascal — Sat, 19 Jul 2008 02:50:54 +0000

well, the case intrusion detection can be circumvented, if you know the hardware design…

but wouldn’t adding transparent encryption to the memory controller do the trick? the secret key to encrypt memory could be regenerated with every boot directly on the controller and (since it’s small) be stored locally in some other type of memory cell that (somehow) is not attackable?

By: Snaptastic

Snaptastic — Sat, 19 Jul 2008 02:16:03 +0000

I love that photo. The reflection with the hackaday logo on the phone, awesome.