AMD GPU Source Code Hack : What’s Going On?

In case you missed it, AMD suffered a massive cybersecurity breach, losing the source codes to their Navi 10, Navi 21 and Arden GPUs in a hack!

Here is a summary of how the hack went down, and what this could mean for AMD and their partners…

 

AMD GPU Source Code Hack : A Quick Summary

A hacker managed to get her hands on AMD source codes for current and future graphics products, and has apparently tried to blackmail AMD.

After that failed, she leaked some of the source codes on Github, and threatened to release everything if she does not find a buyer.

The hacker recently leaked some of the source codes on Github, which was quickly removed after AMD issued a DMCA notice.

She has treated to release all of the stolen source codes, if she does not find a buyer for them,.

 

AMD GPU Source Code Hack : The Timeline

November 2019

A hacker called Palesa hacked into an unprotected computer / server, where she found and downloaded AMD source codes, which were determined to be for :

  • the current Navi 10 GPU (based on RDNA)
  • the upcoming Navi 21 GPU (based on RDNA 2), as well as
  • the Arden SoC for the Microsoft Xbox Series X console.

The source code was unexpectedly achieved from an unprotected computer / server through some exploits.

I later found out about the files inside it. They weren’t even protected properly or even encrypted with anything which is just sad.

Palesa told TorrentFreak that she valued the source codes at $100 million, but did not reveal how she came to that mind-blowing valuation.

Credit : WCCFTech

December 2019

Palesa contacted AMD, allegedly to blackmail them into paying for the return of the source codes.

Mid-March 2020

Rumours started circulating that a hacker obtained the source codes for Navi 10, Navi 21 and Arden.

24 March 2020

AMD discovered that some of the source codes were uploaded to the new xxXsoullessXxx repository on Github, as the project called AMD-navi-GPU-HARDWARE-SOURCE.

They issued a DCMA notice, notifying Github that, “This repository contains intellectual property owned by and stolen from AMD.” and that “The original IP is held privately and was stolen from AMD.

Github took down that repository, as well as four other repositories that AMD later identified as forks :

25 March 2020

When contacted by TorrentFreak, Palesa said that she will leak all of the stolen source codes if she does not get a buyer for them :

If I get no buyer I will just leak everything.

AMD issued this statement on the theft of their graphics IP :

At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.

While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.

We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.

 

AMD GPU Source Code Hack : What Was Leaked So Far?

According to WCCFTech who spoke to people who have vast experience with Verilog, and viewed those source codes, this was what was leaked so far :

  • Partial Verilog files that are typically used in the construction of processors.
  • The Verilog files in question represent a single and isolated function(s) on the GPU – NOT the whole/actual GPU blueprint.
  • Based on the leaker’s screenshots, the files not yet leaked are more of the same and also nowhere close to being a complete “source code”.
  • These Verilog files are built on a proprietary schematic that is only compatible with AMD’s internal design language (in other words, these are going to be close to useless to a third party).

 

AMD GPU Source Code Hack : The Implications

From what those experts told WCCFTech, the leaked source codes :

  • cannot be used to design or reverse engineer any of the three GPUs.
  • cannot be used to easily determine product specifications
  • cannot be used to bypass security features on AMD GPUs, although they may reveal vulnerabilities that can be exploited
  • does not contain any “crown jewel” IP

That said, their opinions are based on what was leaked so far. It is possible that Palesa may have at lot more that she has not revealed.

But considering the fact that she took the step of leaking some source code, they are likely not useful or important enough to be worth the trouble, especially now that a criminal investigation is underway.

What this leak has likely achieved is put a target on Palesa’s back, cause some embarrassment to AMD, and force them to relook at their cybersecurity measures and protocols.

 

Recommended Reading

Go Back To > Cybersecurity | Computer | Software | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Leave a ReplyCancel reply