Skip to main content

AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked (Updated)

(Image credit: Shutterstock)

Update 3/26/20 5:30am PT: The hacker has now posted a second Github repository with "proof" of the hack, again soliciting bidders for AMD's proprietary IP. We contacted the hacker, who confirmed the system was hacked remotely. However, the individual refused to provide further details. 

Original article: 

AMD posted a press release to its website today announcing that it had found stolen graphics IP posted online, followed quickly by news from Torrentfreak that the information pertains to source code for Big Navi and Arden GPUs. Torrentfreak claims to have contacted the hacker responsible, who claims the information is worth $100 million and is seeking bidders.

AMD has filed 'at least two DCMA notices' against Github repos that contained the stolen source code for the company's Navi 10, Navi 21, and Arden GPUs. The latter is arguably the most interesting as it powers Microsoft's forthcoming Xbox Series X consoles, while Navi 21 is thought to be the design for the RDNA 2 'Big Navi' GPUs. 

Github has since removed the repositories, but there are other sources, including via a post on 4chan, hosting the leaked information. Torrentfreak purportedly contacted the hacker and she projects the information is worth $100 million. If she doesn't get a buyer, she says she will just "leak everything." The hacker claims she found the unencrypted information in a computer/server hacked via exploits.

AMD says that all while of the information hasn't been posted yet, the leaked information is not core to its competitiveness and the company is taking legal actions to remedy the situation, including working with law enforcement officials. We've reached out to AMD for further comment and will update as necessary. In the meantime, here's AMD's press release: 

"At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.

While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.

We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation."

  • bit_user
    Oops?
    Reply
  • drea.drechsler
    What's the real significance of this?

    Can someone build pirate X-Box's now? With who's CPU/GPU?
    Reply
  • bit_user
    drea.drechsler said:
    What's the real significance of this?
    Unless someone has seen the pirated repos, we don't know. However, this makes it sound fairly harmless:

    we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products

    Leaks of test files wouldn't worry me much. However, tests are usually stored in the same source control repositories as the core IP.

    drea.drechsler said:
    Can someone build pirate X-Box's now? With who's CPU/GPU?
    If the hacker stole the entire source code for the GPUs mentioned (or even just key bits), then the concern would be that their competitors could either lift whole blocks, or at least study it to see how they implemented certain features and functions. In other words, it could give would-be competitors (and, if we're honest, that's basically China) a huge leg up.

    I believe Nvidia is not interested, nor Intel, ARM, or Qualcomm. They have developed their own IP to a point where it's not worth the legal risk of even peeking at AMD's code. That's not to say some of their employees wouldn't, on their own, if the code ever were to be released into the wild. But, I'm sure if any of those companies found AMD code being imported into their own IP, that would get the person fired and maybe even reported to AMD.

    There was an incident where some ex-AMD employees stole some IP from AMD, before going to work for Nvidia. It didn't end well, for said employees.
    Reply
  • kokotas
    Ouch... Amd must be using Intel CPUs in their servers I guess:sneaky:
    Reply
  • hotaru251
    drea.drechsler said:
    What's the real significance of this?

    you still dont have the masterkey to console so you couldnt do anything with it w/o 1st cracking the console itself.
    Reply
  • drea.drechsler
    bit_user said:
    ...
    If the hacker stole the entire source code for the GPUs mentioned (or even just key bits), then the concern would be that their competitors could either lift whole blocks, or at least study it to see how they implemented certain features and functions. In other words, it could give would-be competitors (and, if we're honest, that's basically China) a huge leg up.

    I believe Nvidia is not interested, nor Intel, ARM, or Qualcomm.
    ...
    They are the ones I think indeed would be most interested...but are also more than smart enough not to use pirated IP in any of their products. Maybe to "see what she's got", as they say, but don't they have the ability to reverse engineer everything anyway? Costly I imagine...but surely not $100,000,000 costly; at that price they'll just do business as usual.

    Besides, I've read elsewhere it's far cheaper and simple to hire AMD's engineering staff. What you got in your head is IP that can never be erased, they just mustn't use or share it. It's a dangerous game if someone does and it's not caught.

    And China already DOES reverse engineer everything/anything they want to copy. It would appear to me that all they're buying is 'time' when they buy that data.
    Reply
  • fball922
    Hacker: "I have this source code!"
    Buyer: "I will give you $10,000 for it."
    Hacker: "It is worth $100,000,000!!!"
    Buyer: "Ok, how about $15,000?"
    Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
    Buyer: "Offer rescinded."
    Reply
  • spongiemaster
    fball922 said:
    Hacker: "I have this source code!"
    Buyer: "I will give you $10,000 for it."
    Hacker: "It is worth $100,000,000!!!"
    Buyer: "Ok, how about $15,000?"
    Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
    Buyer: "Offer rescinded."
    If there were competing entities for the code, it would be in the interest of each party to pay the ransom to prevent everyone else from getting the code. $100 million is completely absurd though. The code is certainly not worth that much.
    Reply
  • digitalgriffin
    fball922 said:
    Hacker: "I have this source code!"
    Buyer: "I will give you $10,000 for it."
    Hacker: "It is worth $100,000,000!!!"
    Buyer: "Ok, how about $15,000?"
    Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
    Buyer: "Offer rescinded."

    They aren't that smart. Anything over 10,000 is easily tracked. It's not like anyone is going to hand over bitcoin either.

    Somehow I doubt this code includes uCode. (Actual masking and circuit design info)

    The only bad thing here is if there is a private key for things like CODECS/HDCP that gets compromised. If this is the case it will be revoked and a new one will have to be issued, which can be quite costly.
    Reply
  • dalauder
    digitalgriffin said:
    The only bad thing here is if there is a private key for things like CODECS/HDCP that gets compromised. If this is the case it will be revoked and a new one will have to be issued, which can be quite costly.
    That's what I was thinking. The only real impact of releasing the code is slightly decreasing the security of the architecture.
    Reply