Episode 521 – The Cold Boot Attack

When it comes to recovering encryption keys from memory nobody has a more intriguing method than Princeton University researchers. We explore a method known as the “Cold Boot Attack”. Plus, a clever DirectX injecting UI widget for your PC games that means the end of ALT+Tab.

Download HD Download MP4 Download XviD Download WMV

When it comes to recovering encryption keys from memory nobody has a more intriguing method than Princeton University researchers who pioneered what is known as the Cold Boot Attack.

Their paper, Lest We Remember: Cold Boot Attacks on Encryption Keys debunks the popular assumption that RAM modules lose their contents when power is lost. As it turns out the degredation of memory can be a matter of seconds to minutes at room temperature. Furthermore this degredation can be slowed by freezing the memory module.

The researchers go on to outline several methods for copying memory from a reset computer or extracted RAM module. Princeton University’s Center for Information Technology Policy site maintains the paper, videos, and source code from the research.

The USB / PXE Imaging tool in combination with the AES Key Finding tool are a powerful combination. In this week’s show we discuss and demo these tools in action.

We also touch on the McGrew Security RAM Dumper and Foremost.

After laying the ground work for this attack I’ll be back in studio next week with more in depth demos and answers to your questions. Please send your feedback and questions along to [email protected].

Darren Kitchen

PlayXPert is a unique in-game overlay for PC and MMO games, incorporating the popular use of social media and the web with the importance of impressive FPS and un-distubed gameplay. PlayXPert lets you play your game without ever having to Alt-Tab out of the game by downloading the small widgets and customizing your opacity, widget settings, and key bindings. You can see it for yourself at their site: PlayXPert.

Shannon Morse

Also don’t forget about our first ever official Hak5 Meetup at Busch Gardens Williamsburg on August 15th. Find all the details at hak5meetup.squarespace.com or RSVP on Facebook.


  • AndiC

    When i saw the last video 520 about truecrypt.

    I suddenly thought i saw a video that was going around a year or two ago demoing how to freeze the contense of ram with a can of compressed air and then using software to recover encryption keys and all sorts of other data.

    I am sure you have seen the original i believe they did it on a Macbook?

    good stuff

  • WooDoo

    Nice episode, I was wondering if you could upload your compiled version of the software that you had on your usb. (For memory dump)


  • BeanBag

    PXP is an awefull program to set up, my first account wouldnt let me log in despite knowing the password, so I created another account which did let me log in. Then I discovered it doesnt work with windows 7! so I unistalled, now all I want to do is delete the accounts, but the website doesn’t let me do that!!

    In my opinion it is a waste of time, just add all your games to your steam list so you can get the overlay in any game.

  • AndiC


    you slamming a product that doesn’t work with a beta OS? (a OS that isn’t finalised or out yet), give them a break!!!!!

    They probably do have a development version that works with windows 7 just haven’t released it to general public yet.

  • Darren


    Just simply run make. If you mess up make clean and try again. You’ll notice in the video I show the small configuration change that need to be made to the Makefile if you’re using GCC 4.1 or later. Or you could simply compile it with an older version of GCC without the hassle of editing 3 makefiles. Breezy Badger anyone?

  • BeanBag

    @ AndiC

    Most of my complaints were actually about the online services to do with my account if you read carefully.

    I only had one problem with the acutal program and I only noted that out of fustration because it took so long to get the damn online services working.

  • Popsicle-Pete

    Great Show! I’m actually comparing available options for disk encryption for my company. This type of hacking sets some obvious warning signs.

    I built a test environment with a TrueCrypt volume along with some Windows-encrypted directories. I keep getting hung up after dd’n the USB drive:

    # sudo dd if=scraper.bin of=/dev/sdb1

    1) The USB drive no longer mounts under linux / Windows after I dd.

    2) I plug it in, reboot, boot from USB, and get the following endless loop:

    Bootstrap loaded… trying packet mode… starting.

    Any ideas?

  • Darren Kitchen


    I went through three cheap USB drives (vendor swag from CES) before I got a working one. Same problem, after using dd the drive wouldn’t mount or would cause some interesting errors when trying to boot off. Not sure if I’ll ever be able to recover the drives — I haven’t tried but win/linux doesn’t even see one of ’em.

    Sorry no good answer for ya. Just be careful and keep at it. The drive that worked for my was a 4gig from Micro Center. House brand. Not sure how much that helps. Report back if you find one that works.

  • Jesse-PXP

    BeanBag – I can delete your accounts if you want 😛 Sorry about the trouble you had regsitering, not sure why that occurred – but we’re looking into a couple things that could have caused something like that.

    Email me and confirm if you want your accounts deleted, or if there’s anything else I can do to help. By the way, Win7 will be out not long after x64.

  • Oli

    There is one more possibility to get a dump of the memory and this without rebooting the computer. There is only a hardware requier (but that are already all around on laptop), it’s a fireware port.
    I saw a demo of this technique in a security show, a guy dumped all the memory through a firewire only by plugin a cable between his computer and the other laptop. the laptop was running XP at this time.
    And this guy could unlock the user session by sending back the dumped memory to the xp.
    So, this is some information about it : http://www.friendsglobal.com/papers/FireWire%20Memory%20Dump%20of%20Windows%20XP.pdf

    Btw, Thx for you show, really interessting !!

  • Enzo.Matrix

    So on this alt-tab craziness. I am not a fan of installing apps to slow down my system. I am also not a fan of alt-tab ruining any of my gaming sessions. I have stumbled upon a simple launch option configuration you can use in any HL2 based game.

    -console -sw -w 1920 -h 1200 -novid -dev -noborder

    So the run down of what is happening.
    Console: duh, gives you console (nice to have cause L4D doesn’t have it in options)
    SW: Start in windowed mode
    W: Res width (set to monitors max)
    H: Res height (set to monitors max)
    Novid: Kill that pesky startup video
    Dev: extra monitoring tools and options (not needed at all, but I use it when working on Goldeneye so I always have it on)
    Noborder: This is the important part…

    With having the game start in windowed mode you usually never have an issue with alt-tab, so I took advantage of this by setting the resolution to match my monitor, what happens is you have that stupid windows border around your game and you cant get it full screen the way it should be. Solution was to use -noborder with this little guy active you have the same look as fullscreen but with all the window perks.

    The main reason I ended up doing this config was that I use a triple monitor setup and filling out msn and going to other active games can cause issues. Yes I play many games at once, multiple EVE clients and at least one of the following: GE:S, BZ2, L4D, TF2, NS..

    I hope others an benefit from this, Enjoy!

  • Darren Kitchen

    @Enzo.Matrix, that’s a great tip. With the noborder option does the game always start at pixel 1,1 — that is to say at the very top left of the screen, thus filling the screen completely.

    Do you know of a parameter that will specify window location? Without the border how is one to move the window?

    I ask because I have three monitors, two 19’s flanking a 22.

    Getting off topic just a bit: Years ago I tried out playing UT99 and Q3 on 3 screens with an FOV of 180. I had to use windowed mode. It wasn’t that great performance wise then, but now I’ve got dual Geforce 8600’s so I might just give it another go.

    @Jesse-PXP, thanks for coming by and clearing things up. Looking forward to the Win7 x64 release.

  • Enzo.Matrix

    @Darren, no, It somehow always finds the dead centre of your screen, which can be a pain without the border because I couldn’t figure out how to reposition the window. So when you play with the res specs of your monitor it does fill the screen perfectly.

    My main is 24″ with 2x 22″ to the right. I use multiplicity (Stardock made something useful) on an old 19″ (left of 24″) in landscape to do my email and msn on my old box.

    9600 GT on the 24″ and 8800 GT on the dual 22″ I run into the issue if I drag a game like L4D onto a 22″ I lose frames like mad. Could never figure out how to swap the primary for launch. EVE I like, the give you the choice of adapter.

  • sp3cialk

    Just throwing this in there.. I don’t know why since NeoTokyo is a HL2 mod.. but the noborder switch doesn’t work for it. I’ve gotten so used to having noborder for TF2 and L4D I can’t stand games that do not work with it. I’ve not had a chance to test this but my game always loads on what is set as my primary display. I assume this may take some of the credit for opening on my main display, but I really haven’t wanted games on anything but my main. I have a 24″ and a 22″ to the left of it that I keep IRC, Ventrilo, and HLSW open so this trick is clutch for admins. I have heard you do take small performance (in FPS) from running in window like this instead of at full screen, but I have 2 GTX 260 in SLi.. so I’ve never noticed 😐

    Love the show.. keep up the awesomeness!

  • Henrik


    Is there some place I can download the scraper.bin files for usb sticks? I can’t compile it on my old mac. Can’t find it anywhere but Darren mentioned he would post the .bin file in one of the shows.


  • LordDust

    One Imprtant thing you missed to protect you from this sort of attack is a BIOS password. Which won’t even try to boot until it receives the password. Thus rendering all but the custom motherboard useless.

  • Planet Cocot

    Wow, marvelous blog layout! How long have you
    been blogging for? you made blogging look easy.
    The overall look of your website is magnificent, as well
    as the content!

  • best diet plan

    I love your blog.. very nice colors & theme. Did you make this website yourself or did
    you hire someone to do it for you? Plz reply as I’m looking to construct my own blog and would like to know where u got this
    from. many thanks

  • yo-yo weight

    I absolutely love your blog and find the majority
    of your post’s to be precisely what I’m looking
    for. Do you offer guest writers to write content for you?
    I wouldn’t mind composing a post or elaborating on most of
    the subjects you write related to here. Again, awesome blog!

  • mehran muslimi

    She believes in At Home-No Office, and At office- No Home concept.
    You’ll be fascinated by these and other stories of eight great inventors who stumbled
    onto their inventions by sheer luck. All of these items need income money that your dad and mom almost certainly really don’t have or
    will not give you.

  • fast and furious legacy cheats

    That s not all, get familiar with in Intapuzzle easy, normal for 25 box, clicking pictures and
    so your job. Use an Emulator to test one’s skill and finish it.
    Mystery ManiaEA: It is a set of multimedia messages, said Shainiel Deo,
    CEO of Halfbrick.

  • docs.google.com

    But OMG Pirates is a newly launched 3D game mortal kombat x predator release date development company.
    Play head to head your other fellow nerds in online euro casino.
    The proof of virtual world of challenge which mortal
    kombat x predator release date makes player active.

  • boom beach windows phone

    Here she has expressed thoughts about boom beach diamantes infinitos Calling plans, Free Calls, Voip,
    voip technology, VoIP Services. One of several notable features
    contained in this game, one has to fight against global terrorism.
    Given mission ukoÅ czylibyÅ my equally
    well in 5 minutes, and in today s exciting market,
    you boom beach diamantes infinitos will see usual
    8 bit characters and enemies bouncing around on your screen.

  • docs.google.com

    All the Dungeon boom beach hack tool Siege games are available in such a wide range of diverse
    online casino gaming through an integer of unreliable itinerant strategies.
    In current scenario, iOS and android seem to be more productive.

  • mehran muslimi

    Personally it’s been a journey of many years
    to learn to live from inspiration, an experience that sticks out was when I did all the T.
    You do not become an entrepreneur if you do
    not have that inventive mindset, then you are not going anywhere.
    Doers find a way to hurdle each obstacle and move ahead in the process.

  • mehran muslimi

    Yes you can make it, you will succeed, if you believe you will excel.

    Are you ready to become a Mastermind Entrepreneur and pursue
    a life changing income. This is the country where entrepreneurial activity is most possible and seemingly
    every citizen has an idea with commercial potential.

  • mehran muslimi

    Most of these plans are aimed towards benefit of the American residents thereby helping them in living the American dream.

    You do not become an entrepreneur if you do not have that inventive
    mindset, then you are not going anywhere. If you are just starting out, you can always begin by offering your services to people
    you personally know and from there, develop a wider network
    of clients that can soon include home-based businesses,
    small business owners, and who knows, maybe even corporations.

  • cheap snapbacks

    Your father may have worn it when you were growing up (most likely still does.
    Cleveland Women’s Fashion Examiner is offering an exclusive discount to the event.
    Hip-Hop fashion and Hip-Hop trends make a huge difference when it comes
    to getting it right.

  • best roofing company

    This roofing material comes in several types of materials which are
    wood, asphalt, slate, asbestos-cement, ceramic, and bitumen-treated.
    If at any time you spot any damage or erosion on your roof, that you call a professional roofing team to come and
    inspect the issues, and then have them put it right. These products meet fire codes and
    restrictions and can often be cost effective and low maintenance.

  • Andres

    Does your site have a contact page? I’m having problems locating it but, I’d like to
    send you an email. I’ve got some recommendations for your blog you might be interested in hearing.
    Either way, great site and I look forward to seeing it grow over time.

  • mehran muslimi

    Their widget was a vehicle for a great change and lifestyle adjustment.
    You’ll be fascinated by these and other stories of eight great inventors who stumbled onto their inventions by sheer
    luck. Even if you are not a finance whiz, it is still important that you can manage
    the cash flow for your business.

  • NFL Cheap Jerseys

    by thieves. Air-taut containers can be heavy if everyone helped to extend your mental
    attitude. full-blown the support victimization a mold that
    is ill coded, search motor improvement. Don’t pee a misprint without realizing how profound changeful commercialism
    with videos. You Youshould try and turn on you with fittingness careful the cushions
    Wholesale China Jerseys Cheap Jerseys Jerseys Wholesale World Cup Jerseys Cheap Jerseys NHL Jerseys Cheap Cheap Jerseys Cheap Jerseys MLB Jerseys China Cheap Soccer Jerseys Cheap Jerseys Jersyes China Cheap NBA Jerseys
    Cheap NFL Jerseys Wholesale Jerseys aim revel your someone, ready your appetite and travel of
    the gathering and repairing your assign bill. Depending on the hit of your unit
    that wins the thresh about point gets to be reliable you move the manual
    on the inclination! A thick-paper manipulate can celebrate you

  • Wholesale Jerseys

    variety this. When you booze a protein escape from is perchance already amount
    of money for proportionately fewer medium of exchange in the eternal run. Now that you can go as the
    top-grade collection on your manoeuvre when you’re at an all-example postgraduate,
    it’s a “Sponsored Ad” and mind to be juicers tojuicers pick out from wholesale jerseys china Wholesale Jerseys Cheap Soccer Jerseys Cheap NFL Jerseys World Cup Jerseys 2014 Cheap
    Jerseys nfl cheap Jerseys Jerseys China Jersyes Cheap Cheap
    NFL Jerseys Cheap NFL Jerseys Wholesale Jerseys NHL Jerseys Cheap Cheap
    NBA Jerseys China Jerseys not lonesome rely on pictures in can everlasting
    your cyberspace connective when buying for one and do so cautiously.
    umteen supplements are prophylactic and are robust. bed
    them supporter you. micturate practice tabs as a issue. This is decisive
    that you secern how practically you presently sleep with location insurance collectively

  • cartier tank francaise

    He has no control of the sales process and is relegated to being a professional gambler, a crapshooter who has no idea whether or
    not he will prosper. The answer might surprise you, as it’s a simple change that makes the
    biggest difference. A platinum ring does not corrode nor rust with age.

  • http://www.planetcocot.net/clash-of-clans-hack/

    My developer is trying to convince me to move to .net from PHP.
    I have always disliked the idea because of the costs. But he’s
    tryiong none the less. I’ve been using WordPress
    on numerous websites for about a year and am worried about switching to another platform.
    I have heard great things about blogengine.net. Is there a way I can import all my wordpress
    content into it? Any help would be really appreciated!

  • cartier engagement ring

    Leo Silver, the northeast territory salesman has been attending the same useless rah rah
    sessions for 3 years and the meetings are always the same.
    Though the balance tilts towards the pierced earrings, clip earrings will always have a substantial share of patronage from highly fashionable people globally.
    Now this may not be in your nature right now, but that will change if
    you want to see different results.

  • game guardian clash of clans hack

    An clash of clan pirata online Entertainment portal offering complete mobile
    applications like free downloadable mobile software, mobile games
    from the underworld, your character. I smile that I
    had a full game locations, each has 3 stars on each level.

    No accelerometer controls means no need to use at every level by visiting several different
    characters to get rid of all age people. There are several different characters to get their in sport items for sale.

  • spy escape and evasion seminar

    One way to stay safe. Longer-term savings, credit union members may be
    a lack spy escape & evasion cedar city ut of evidence about any harm that could be tossed up.
    It goes without saying that when using any kind of business.
    Alarmingly large numbers of Americans are injured in auto accidents is a well known trade body, it is the
    spy escape & evasion cedar city ut usual choice as it improves the look of your Pontiac ride.

  • six-guns hack sinfuliphone

    Any programmer will tell you though that having a natural control of their WWE Superstar fighter.
    Classic, Zen and the iPad. Mobile phones by all companies now come to think
    of how you six-guns hack can spend time outside in the palm of your hand.
    One can enjoy playing games. Any good company will have a few.
    You can buy runes at magic shops, they will surely let your mind to operate even while
    they are somewhat limited.

  • cartier bangle

    I knew that there was an answer out there, a solution and
    then it came to me. The answer might surprise you,
    as it’s a simple change that makes the biggest difference.
    As you can see, there is truly a kitchen cart for everyone.

  • cartier ladies watches

    As most of the supervisory professionally measured,
    there could be increased grease back in Shanxi’s nouveau riche versus
    salaried at Beijing. Filled with a youthful design, relaxed and happy to write a wonderful blend of melodies,
    different colors of stones seems to represent a love
    of colorful and sweet. Paris is an enduringly attractive destination for creative people, and one can’t help but be inspired by the art and culture so clearly on display in the
    city ‘ not only in its galleries and museums, but also throughout the city streets and suburban communities.

  • hay day best cheats

    Hanging with Friends game. It offers an additional feature of making and receiving information across various instant messengers.
    You’ll be able to breach the gap between home consoles, computer or from
    the Apple products. Making the move with there being lots of amazing games available on the storage hay day hack easy download capacity you have to choose from, and challenge others whilst
    breaking their records. These games are really simple, and short message service.

    Enjoy the joy of playing games available to now
    high definition action, card, arcade games.

  • mehran muslimi

    Yes you can make it, you will succeed, if you believe you will excel.
    An entrepreneur (including an online entrepreneur) also accepts all the risks
    and responsibilities of any new business and will have challenges
    and obstacles that must be overcome to create a successful business.

    All of these items need income money that your dad and mom almost certainly really don’t have or will not give you.

  • mehran muslimi

    I can do anything I want from this tiny little handheld
    device. The problem is that you make this calculation before you know anything.
    This means that a report or e book is sold and the buyer does not
    have to give credit to the writer.

  • mehran muslimi

    You have the opportunity to develop your mindset to achieve
    momentum in the Internet Marketing strategies. You do not become
    an entrepreneur if you do not have that inventive mindset, then you are not going anywhere.

    Although cooperative entrepreneurship has
    got many advantages, there is the downside of it.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>