Will CERBERUS run on my 8088?

Yes. 8088 with 256 KB and MDA is the hard floor. VGA-only visuals (Mandelbrot, Lissajous) skip gracefully on lower adapters. Text-mode visuals run on every adapter including Hercules and MDA. No 386+ instructions leak into the 8088 code path.

Does CERBERUS work in DOSBox-X, 86Box, or PCem?

Yes. CERBERUS detects the emulator and automatically caps all confidence values at MEDIUM because emulated hardware is not ground truth.

How is CERBERUS different from CheckIt 3.0?

CheckIt tells you what your hardware says it is. CERBERUS additionally tells you when what your hardware says disagrees with how it behaves. Eleven consistency rules catch counterfeit CPUs, remarked chips, thermal throttling, cache disabled in BIOS, TSRs stealing cycles, timing bugs, and frankenboards.

Can CERBERUS damage my vintage PC?

No. CERBERUS performs no destructive operations: no low-level format, no disk writes outside the working directory, and no port writes outside documented probe targets. DMA probing explicitly skips the refresh and cascade channels.

CERBERUS

> The open-source counterfeit detector for vintage PCs.

Run CERBERUS on a vintage PC. It looks at what the silicon claims to be, then watches what it actually does. When those two answers disagree, a counterfeit 486SX-with-faked-silkscreen, a thermally throttled chip, a TSR stealing BIOS ticks, a remarked Cyrix, CERBERUS catches it. Eleven rules in force right now, every one of them documents what it catches and what it structurally cannot.

Every run produces an 8-character hardware fingerprint and a verdict tally you can publish as a Cerberus Card. The fingerprints are now public URLs at barelybooting.com/hw/<hwid> and the community database is live.

DETECTION pane. Layered probes against a community-editable hardware database.

BENCHMARKS pane. Dhrystone 2.1 integer, Whetstone FPU, memory bandwidth. PC-XT factors normalize against the canonical floor.

VERDICTS pane. The consistency engine in colored tags: where detection and behavior agree, where they don’t, and why.

CERBERUS RUN COMPLETE end-of-run summary card. Hardware fingerprint bea50129. Verdicts 37 PASS, 3 WARN, 0 FAIL, 89 UNK. Result keys 129 total. PC-XT factors with horizontal bar chart: CPU 11.02x, MEM 40.98x, FPU n/a. Prompt: Press any key to view detailed report. — End-of-run summary card. Hardware fingerprint, verdict tally, PC-XT factor bars at a glance. Any key opens the full three-pane report.

Detects, diagnoses, and benchmarks DOS PCs from the 8088 up through the Pentium. Eight detection modules find what they find; an eleven-rule consistency engine flags when detection and behavior disagree. 8088 + 256 KB + MDA is the hard floor. v0.10.0 shipped 2026-05-19 with HEARO port phase 1: two-tier fingerprint, Hall of Tested Machines, two-tier keyboard, INT 33h mouse hook, boot card. Open Watcom V2, MIT.

v0.10.0 RELEASED 2026-05-19. First final of the v0.10 arc, lifting five end-user surfaces from the HEARO sibling project and adding one piece of foundational scaffolding for v0.11. Developed as a four-milestone arc (m1 through m4) plus a final release milestone (m5); each milestone passed an end-to-end quality gate with red-team review, fix, and verification before tagging. Aggregate across the arc: 1 Fatal caught and fixed in M2 before any caller invoked the storage layer; 7 Significants all closed; ~15 Minors with ~80% fixed inline.

Two-tier fingerprint (M1). Splits the v0.9 single signature hash into signature_stable (4-key identity: cpu.vendor, cpu.class, bios.rom_hash, bus.class) and signature_config (the broader 7-key set the v0.9 signature used). Memory upgrades, sound-card swaps, and peripheral changes no longer break a machine's identity record. The legacy signature= key remains as a one-release alias of signature_stable; signature_schema bumps from 1 to 2 to mark the canonical-key-set change.
Hall of Tested Machines (M2 + M3). Persistent per-machine memory at CERBERUS.HAL in the working directory, keyed on signature_stable. Each machine record carries first-seen / last-seen timestamps, a boot counter, the last config hash, the last dhrystone and FAdd-ns benchmarks, and a rolling 32-event log (FIRSTSEEN, HARDWARE_CHANGE, RUN). Atomic save uses a .TMP staging file plus DOS rename. On first boot the layer walks the CWD for v0.8 / v0.9 / v0.10 INIs and ingests each as a RUN event. 16 machines maximum; the cap is constrained by Watcom DOS medium model's 16-bit _fmalloc(size_t) ceiling at ~3.3 KB per machine.
Two-tier keyboard + INT 33h mouse (M4). AH=09h capability probe at startup picks the read path. AH=10h primary on enhanced BIOSes (AT BIOS Nov 1985+) with AH=00h fallback for pre-1985 machines AND for the 320CDT-class quirk where AH=10h reports empty when a key is waiting. Cursor-pad arrow scans normalised so consumers see the same scan code regardless of which keyboard region produced the press. Lone-Alt BDA polling primitive surfaced for v0.11 menu-bar consumers. INT 33h mouse driver hook: AX=0x0000 probe at init, AX=0x0003 polling, AX=0x0000 release at shutdown. No v0.10 consumer for either surface yet; both available for v0.11 modals.
Boot card (M5). Full-screen machine-identity panel rendered between the detect phase and the diag/bench phases. Shows the stable signature, detected CPU, memory totals, bus class, and run mode. Held for ~2 seconds or until any key press. Replaces the pre-test dog-head as the user-meaningful "this is the machine you are on" surface. Skipped under /NOUI and /NOINTRO so batch and scripted callers retain v0.9 timing. The legacy summary-UI dog-head art is retained this release for visual continuity; full retirement lands in v0.11 alongside the modal-framework migration.
Capability-gating skeleton (M5). requires_all + requires_any bitmasks (u32 today, expandable to u64 when ~25 capability bits are lit), a capability_detect walker that reads the result table and returns the machine's capability bitmask, a capability_satisfies predicate, and a capability_emit_skip helper that emits a VERDICT_UNKNOWN row with the missing-capability hex mask for INI consumers. No tests migrated this release; the scaffolding is available for v0.11+ when individual diag/bench tests start tagging their prereqs.

EXE 230,114 bytes stock (+13,372 vs v0.9.1.1's 216,742, dominated by hall.c + boot_card.c + capability.c + mouse.c bodies). DGROUP 61,408 / 64 KB (status OK, +2,080 headroom vs 62 KB soft target, above the 2 KB hard-reserve threshold). 29 host suites green; test_hall.exe is the new addition with 13 phases and ~85 assertions. DOSBox-X smoketest produces SMOKE.INI with version=0.10.0, signature_schema=2, all three signatures present, plus dist/CERBERUS.HAL with the boot_count incrementing across runs.

Three heads

Cerberus the dog guarded the gates of the underworld. Cerberus the program guards the gates of your case.

Detect. CPU, FPU, memory, cache, bus, video, audio, BIOS. Layered probes against a community-editable hardware database.
Diagnose. Memory pattern walk, ALU correctness, bit-exact FPU ops, VRAM probe, cache stride, every DMA channel.
Benchmark. Integer (Dhrystone 2.1), FPU (M6 per-op microbench: FADD / FSUB / FMUL / FDIV / FSQRT / FSIN / FCOS / FYL2X ns-per-op), memory bandwidth, cache throughput, video. Calibrated multi-pass mode for thermal trend analysis.

Three heads sharing one body of timing, display, and reporting infrastructure. Their results feed the consistency engine. That is the project’s reason to exist.

Vital signs

Most diagnostic tools tell you what your hardware says it is. CERBERUS tells you when what it says disagrees with how it behaves. Eleven rules in force, each emitting a consistency.* row in the INI. Three representative ones:

A 486DX must report an integrated FPU. If it doesn’t, that is a counterfeit 486SX with a faked silkscreen, a real thing in the VOGONS archives.
Integer iterations per second must fall inside the CPU database’s empirical range. A 486 DX-2 reporting 2.2M iters when the floor is 4.7M is evidence of thermal throttle, TSR storms, cache disabled in BIOS, or a remarked chip. The narration consults the cache diagnostic before assigning blame.
Mann-Kendall rank trend test on per-pass timings. Monotonic upward drift at α=0.05 flags thermal throttling: dusty heatsink, dying voltage regulator, failing capacitor.

Every rule documents what it catches and what it structurally cannot. Opacity is the anti-pattern.

The visual journey

v0.6.0 turned CERBERUS from a tool that produces numbers into one that shows the hardware working. Eight live demonstrations:

CPU ALU Bit Parade. A 16-bit register as a row of CP437 blocks. Real ROL / SHL / AND / XOR / ADD execute in sequence. On an 8088 you see individual ops tick past. On a 486 DX-2 the pattern blurs. The speed difference IS the performance.
FPU Lissajous. 1800 parametric points drawn via native x87 FSIN. A broken FPU produces visible distortion.
FPU Mandelbrot. The FPU renders the set in real time. Pixel by pixel, row by row.
Memory Cache Waterfall + Latency Heat Map. Nine bars per block size; sixty-four cells across 32 KB. The cache boundary shows as a sharp color line.
PIT Metronome. A dot bounces at 18.2 Hz with a PC-speaker click per tick. Stutter means a TSR is stealing ticks.
Video Bandwidth + Audio Hardware Scale. The pattern fill IS the measurement. SB DSP first, then OPL2, then PC speaker.

Real-iron validation

cpu.dhrystones = 31,862 on a 486 DX-2-66 lands within 5% of CheckIt 3.0’s number on the same hardware (33,609), the agreement target for 486-class boxes. Phase 2 Homage research confirmed CheckIt’s “Dhrystones” is a custom synthetic, not a Dhrystone port. CERBERUS ships the actual Weicker reference plus the synthetic so cross-tool readings line up.

Output

Plain ASCII INI with every detected property, diagnostic verdict, benchmark number, and consistency outcome. Each row carries a confidence indicator: HIGH when authoritative, MEDIUM when inferred, LOW when emulated or guessed. Three identity SHA-1 hashes plus one record hash on every v0.10+ run:

signature_stable. Hardware identity over the 4 most-stable canonical keys (cpu.vendor, cpu.class, bios.rom_hash, bus.class). Memory upgrades, sound-card swaps, and peripheral changes do NOT change it. Drives the Hall lookup.
signature_config. Configuration snapshot over the broader 7-key set the v0.9 signature used. Drives HARDWARE_CHANGE detection in the Hall by comparing against the stored last-config value for the matched stable identity.
signature. Legacy alias of signature_stable for one release of forward compat. v0.9 INI parsers continue to read the line; the value semantic flipped from config-hash to stable-hash at v0.10. signature_schema=2 marks the canonical-key-set change.
run_signature. Differs between runs. Two runs of the same machine with divergent run_signatures under the same signature_stable is the counterfeit-CPU detector: behavior changed while claimed identity did not.

v0.10 also writes CERBERUS.HAL in the working directory: persistent per-machine memory keyed on signature_stable. Each machine record carries first-seen / last-seen timestamps, a boot counter, last bench metrics, and a rolling 32-event log of FIRSTSEEN / HARDWARE_CHANGE / RUN events. The Hall file format is human-readable INI; full schema in docs/ini-format.md.

Hardware

Floor8088 + 256KB + MDA

Common286 / 386 + CGA/EGA

Ceiling486 + VGA + VLB/PCI

RAM256KB min

OSMS-DOS 3.3+

LicenseMIT

8088 support is a hard requirement, not an aspiration. Anything that breaks it is out.

FAQ

Will it run on my 8088?: Yes. 8088 + 256 KB + MDA is the hard floor. VGA-only visuals skip gracefully on lower adapters. No 386+ instructions leak into the 8088 path.
Does it work in DOSBox-X / 86Box / PCem?: Yes. CERBERUS detects the emulator and caps confidence at MEDIUM. Benchmarks still run; cross-tool comparisons against real-iron numbers should be flagged.
How is this different from CheckIt?: CheckIt tells you what your hardware says it is. CERBERUS also tells you when what your hardware says disagrees with how it behaves.
Will it damage my machine?: No destructive operations. No low-level format, no disk writes outside the working directory, no port writes outside documented probe targets. DMA probing explicitly skips refresh and cascade channels.
License?: MIT. Hardware databases are CC0.

Download

CERBERUS.EXE ships as a single DOS real-mode binary. v0.10.0 stock build is 230,114 bytes (about 225 KB); wmake NO_UPLOAD=1 strips that by omitting the HTGET / NetISA transport modules. The growth from v0.8.1's ~167 KB came from the v0.9.0 hardware-ID expansion (BIOS / video-BIOS / expansion-ROM hashes, NIC ladder, UART classifier, parallel ECP/EPP), the v0.9.0 M5 upload client, M6's eight-instruction FPU microbench panel, the v0.9.1 A-m1 display-table FAR migration, and now the v0.10 HEARO port phase 1 surfaces (hall.c, boot_card.c, capability.c, mouse.c plus tui_util.c extensions). Drop it on a FAT16 volume, run from the prompt, read the resulting CERBERUS.INI. v0.10 also produces CERBERUS.HAL alongside, which is the persistent per-machine memory file the Hall lookup uses.

Current download: v0.10.0 GitHub Release (HEARO port phase 1). CERBERUS-v0.10.0.zip contains the EXE, README, LICENSE, and a CHANGELOG snippet. The previous v0.9.1.1, v0.9.1, v0.9.0.1, and v0.9.0 tags stay available; v0.10.0 is the recommended download.

Past releases (source archives, dl.barelybooting.com): v0.4.0 · v0.8.0 · v0.8.1.

Milestone-tagged development line on the v0.10.0 arc (no Release artifact for the intermediate tags, source via the repository at the tag): v0.10.0-m1 → m2 → m3 → m4 → v0.10.0. The full per-milestone audit trail lives in CHANGELOG.md; the rolled-up release notes for the v0.10 line are at docs/releases/v0.10.0.md. The v0.9 release notes remain available: v0.9.0.md, v0.9.0.1.md, v0.9.1.md.

Companion server

The community submission server shipped 2026-05-16 at barelybooting.com/api/ per the barelybooting-submissions Cloudflare Worker, hardened through a six-round adversarial quality gate. Cerberus Cards are live at barelybooting.com/hw/<hwid>. The DOS-side upload client is part of stock builds since v0.9.0: HTGET (mTCP) shell-out is the primary transport, NetISA INT 63h ships as a stub pending card hardware, and wmake defaults compile the upload path in. The opt-in /UPLOAD flag (or the post-run prompt, when omitted) drives transmission. With v0.10's two-tier fingerprint, the server-side cerberus.signature grouping now keys on machine identity instead of configuration snapshot; tooling that wants the v0.9 grouping semantic should switch to the new signature_config field. Live end-to-end round-trip from a 486 against the live Worker remains the next hardware-gated validation step.