News AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.

Makaveli

Distinguished
Jan 15, 2001
746
20
18,985
0
The Department of Energy needs to cancel the contracts for the Frontier and El Capitan supercomputers and restart the bidding process. I mean, if AMD can't keep its crown jewels safe from random hackers on the Internet, it certainly isn't capable of protecting matters concerning national security.
Thankfully you don't have the information or the power to make any changes here.

I think AMD and the Department of Energy can figure this out on their own.
 
Last edited:

joeblowsmynose

Distinguished
Jun 14, 2011
551
225
19,370
3
Thankfully you don't have the information or the power to make any changes here.

I think AMD and the department of Defense can figure this out on their own.
Someone leaks some stolen Xbox and gamer GPU source code:
DOE: "Shut down the billion dollar super computer project everyone!! shut it down! We might be at risk! Let's switch to Intel because at least they know about security!!"

lol. Yeah no one will be saying that ever. I'm pretty sure if anyone understands that <Mod Edit> gets hacked sometimes, its the DOE.

The DOE has been hacked literally hundreds of times. But yeah ...
 
Last edited by a moderator:

Pinhedd

Champion
Moderator
I do find it fascinating that we're taking the word of an 'unknown' hacker, that she actually has " hardware source code" for a subset of AMD's current GPUs-- even though this has not been proven and is actively dismissed by AMD. The only thing AMD has confirmed, is that they were approached by someone (~4 months ago) who CLAIMED to have 'TEST FILES'-- which frankly could be anything as innocent as product performance tests or sub-component simulator testing/results.

Unless we actually have proof that COMPLETE HARDWARE SOURCE CODE has indeed been stolen and leaked, the hyped up dramatizations exuded from this article's presentation are speculative and exaggerated.

The fact that Tom's then makes a front page click bait cannon fodder article, with the title of "AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked", without any real proof of the serious accusations being made, makes me further question the journalistic integrity of this site.



All the best,

Joe
I'm not sure why you're placing "hardware source code" in quotations. Complex digital circuits are designed in one of several Hardware Description Languages (HDL), most commonly in SystemVerilog. There are a number of additional layers on top of this which are required to take the design all the way to fabrication but many of them are reminiscent of software source code. SystemVerilog was designed to be intuitive to C programmers as embedded systems engineers often work with both at the same time.
 

bit_user

Splendid
Herald
I do find it fascinating that we're taking the word of an 'unknown' hacker, that she actually has " hardware source code" for a subset of AMD's current GPUs-- even though this has not been proven and is actively dismissed by AMD. The only thing AMD has confirmed, is that they were approached by someone (~4 months ago) who CLAIMED to have 'TEST FILES'-- which frankly could be anything as innocent as product performance tests or sub-component simulator testing/results.

Unless we actually have proof that COMPLETE HARDWARE SOURCE CODE has indeed been stolen and leaked, the hyped up dramatizations exuded from this article's presentation are speculative and exaggerated.

The fact that Tom's then makes a front page click bait cannon fodder article, with the title of "AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked", without any real proof of the serious accusations being made, makes me further question the journalistic integrity of this site.
Um, did you actually read the article? There were github repos that were taken down. I'd love to see just a list of the files they contained...
 

Joe15555

Distinguished
Nov 9, 2008
6
7
18,515
0
I'm not sure why you're placing "hardware source code" in quotations. Complex digital circuits are designed in one of several Hardware Description Languages (HDL), most commonly in SystemVerilog. There are a number of additional layers on top of this which are required to take the design all the way to fabrication but many of them are reminiscent of software source code. SystemVerilog was designed to be intuitive to C programmers as embedded systems engineers often work with both at the same time.

I'm well aware of the design process, and where these alleged files would fit in. The quotes were from what the alleged hacker stated (via TorrentFreak): “In November 2019, I found AMD Navi GPU hardware source codes in a hacked computer,” the person explained.".


All I'm saying is that we should not be taking the word of this exploitative hooligan, as to what he/she claims to have or believes to have. Further, when the Tom's News title perpetuates this assumption that 'source code has been stolen and leaked' without proper context or first hand proof, it generates an exaggerated and incorrect reaction from those unfamiliar with the IC design process. To the lay person, having the 'source code' to a GPU implies you can magically steal and produce a Navi GPU core. From everything we know about these alleged validation files so far, their overall usefulness to a nefarious actor is quite low.


All the best,

Joe
 
Last edited:

Joe15555

Distinguished
Nov 9, 2008
6
7
18,515
0
Um, did you actually read the article? There were github repos that were taken down. I'd love to see just a list of the files they contained...

Yes, I did read the article. Also, there have been screen shots floating around of the alleged repo file list-- some of the SS are actually from the alleged hacker trying to solicit buyers...lol

I'm not denying the possibility that there are indeed some kind of internal AMD files floating around out there. All I'm saying is we shouldn't be drawing hyped up conclusions as to what these files actually are, their comprehensiveness, or their overall usefulness to a nefarious actor-- without proper proof and context.


All the best,

Joe
 

bit_user

Splendid
Herald
Yes, I did read the article. Also, there have been screen shots floating around of the alleged repo file list-- some of the SS are actually from the alleged hacker trying to solicit buyers...lol

I'm not denying the possibility that there are indeed some kind of internal AMD files floating around out there. All I'm saying is we shouldn't be drawing hyped up conclusions as to what these files actually are, their comprehensiveness, or their overall usefulness to a nefarious actor-- without proper proof and context.
Okay, so, based on the repos being published (which is what actually prompted the article, and which you failed to mention), I feel it was newsworthy.
 

Joe15555

Distinguished
Nov 9, 2008
6
7
18,515
0
Okay, so, based on the repos being published (which is what actually prompted the article, and which you failed to mention), I feel it was newsworthy.

Just to be clear, the only 'proof' the alleged hacker published in their last Github repo was a few images of a directory listing showing compressed file names and file sizes. The repo has since been removed, but there are SS of these images still up on WCCFTECH. If that is enough proof to automatically assume these files are real, authentic, and somehow useful... Then there must be directory list SS proof of big foot and the Loch Ness monster out there as well <3.


All the best,

Joe
 
What about more easily crack games?
Find an attack vector to install malware on the device?
Possible but unlikely. You would have to run an executable that directly accesses the api. If you are running in progra space already, you are already f'd. Its a trivial issue to exploit.

The only exception/weakness might be something like webGL exploits.

But in a way having it open source means anyone can look at it (white hats) and suggest fixes. So a double edged sword.
 

bit_user

Splendid
Herald
The only exception/weakness might be something like webGL exploits.
I was having a think about this, and I suppose it's true that maybe there's a way to interfere with GPU code from a different process, though I gather AMD has already been focusing on that attack surface.

However, even if you succeed in that, I don't know if it would be a possible vector for privilege escalation, since GPU access to system memory is still routed through a MMU. So, it doesn't have free reign to read and write whatever it wants - just the data buffers that were mapped specifically mapped by the host, for communication with it.

But in a way having it open source means anyone can look at it (white hats) and suggest fixes. So a double edged sword.
Really? If I were studying some code for a chip that was illegally leaked, I would be worried that reporting any bugs I found would land me in hot water, simply for possessing a copy of copyright & trade secret IP. In fact, if the repo were still live or there were active torrents, I wouldn't even download it.

Besides, hardware source code probably has a higher learning curve, and security bugs are probably harder to spot than with software. Given that modern GPUs aren't even a good attack vector, in the first place, I doubt any but the most committed state actor would likely invest the time & resources in this route.
 
I was having a think about this, and I suppose it's true that maybe there's a way to interfere with GPU code from a different process, though I gather AMD has already been focusing on that attack surface.

However, even if you succeed in that, I don't know if it would be a possible vector for privilege escalation, since GPU access to system memory is still routed through a MMU. So, it doesn't have free reign to read and write whatever it wants - just the data buffers that were mapped specifically mapped by the host, for communication with it.


Really? If I were studying some code for a chip that was illegally leaked, I would be worried that reporting any bugs I found would land me in hot water, simply for possessing a copy of copyright & trade secret IP. In fact, if the repo were still live or there were active torrents, I wouldn't even download it.

Besides, hardware source code probably has a higher learning curve, and security bugs are probably harder to spot than with software. Given that modern GPUs aren't even a good attack vector, in the first place, I doubt any but the most committed state actor would likely invest the time & resources in this route.
Yes and no. It depends on what you are looking at. If you are trying to figure out how fpu work with giant lookup tables, you have to understand math. (Not to brown nose you're a smart man bit user, so imagine you had your fair share of in depth architectural deep dives.). Ive designed elementary and rudamentry circuits using PICs, r pis and arduino (my fave). Ive also written communication drivers for NASA for custom hardware. Once you understand the basics its not that hard.

Math theory on the other hand can make my head hurt.

Any way im sure AMD would happily take any white hat fixes provided they were done so in a responsible manner. (Notifying them privately and giving them time to fix it.). You really shouldn't bite the hand that is trying to help you.
 

ASK THE COMMUNITY

Latest posts