AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked

(Image credit: Shutterstock)

Update 3/26/20 5:30am PT: The hacker has now posted a second Github repository with "proof" of the hack, again soliciting bidders for AMD's proprietary IP. We contacted the hacker, who confirmed the system was hacked remotely. However, the individual refused to provide further details.

Original article:

AMD posted a press release to its website today announcing that it had found stolen graphics IP posted online, followed quickly by news from Torrentfreak that the information pertains to source code for Big Navi and Arden GPUs. Torrentfreak claims to have contacted the hacker responsible, who claims the information is worth $100 million and is seeking bidders.

AMD has filed 'at least two DCMA notices' against Github repos that contained the stolen source code for the company's Navi 10, Navi 21, and Arden GPUs. The latter is arguably the most interesting as it powers Microsoft's forthcoming Xbox Series X consoles, while Navi 21 is thought to be the design for the RDNA 2 'Big Navi' GPUs.

Github has since removed the repositories, but there are other sources, including via a post on 4chan, hosting the leaked information. Torrentfreak purportedly contacted the hacker and she projects the information is worth $100 million. If she doesn't get a buyer, she says she will just "leak everything." The hacker claims she found the unencrypted information in a computer/server hacked via exploits.

AMD says that all while of the information hasn't been posted yet, the leaked information is not core to its competitiveness and the company is taking legal actions to remedy the situation, including working with law enforcement officials. We've reached out to AMD for further comment and will update as necessary. In the meantime, here's AMD's press release:

"At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.

While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.

We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation."

Paul Alcorn is the Managing Editor: News and Emerging Tech for Tom's Hardware US. He also writes news and reviews on CPUs, storage, and enterprise hardware.

See more GPUs News

Latest

More AMD Zen 5 Strix Point CPUs spotted — Linux patch notes suggest up to 64 models

See more latest ►

37 Comments Comment from the forums

bit_user

Oops?
Reply
drea.drechsler

What's the real significance of this?

Can someone build pirate X-Box's now? With who's CPU/GPU?
Reply
bit_user

drea.drechsler said:
What's the real significance of this?
Unless someone has seen the pirated repos, we don't know. However, this makes it sound fairly harmless:

we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products

Leaks of test files wouldn't worry me much. However, tests are usually stored in the same source control repositories as the core IP.

drea.drechsler said:
Can someone build pirate X-Box's now? With who's CPU/GPU?
If the hacker stole the entire source code for the GPUs mentioned (or even just key bits), then the concern would be that their competitors could either lift whole blocks, or at least study it to see how they implemented certain features and functions. In other words, it could give would-be competitors (and, if we're honest, that's basically China) a huge leg up.

I believe Nvidia is not interested, nor Intel, ARM, or Qualcomm. They have developed their own IP to a point where it's not worth the legal risk of even peeking at AMD's code. That's not to say some of their employees wouldn't, on their own, if the code ever were to be released into the wild. But, I'm sure if any of those companies found AMD code being imported into their own IP, that would get the person fired and maybe even reported to AMD.

There was an incident where some ex-AMD employees stole some IP from AMD, before going to work for Nvidia. It didn't end well, for said employees.
Reply
kokotas

Ouch... Amd must be using Intel CPUs in their servers I guess:sneaky:
Reply
hotaru251

drea.drechsler said:
What's the real significance of this?

you still dont have the masterkey to console so you couldnt do anything with it w/o 1st cracking the console itself.
Reply
drea.drechsler

bit_user said:
...
If the hacker stole the entire source code for the GPUs mentioned (or even just key bits), then the concern would be that their competitors could either lift whole blocks, or at least study it to see how they implemented certain features and functions. In other words, it could give would-be competitors (and, if we're honest, that's basically China) a huge leg up.

I believe Nvidia is not interested, nor Intel, ARM, or Qualcomm.
...
They are the ones I think indeed would be most interested...but are also more than smart enough not to use pirated IP in any of their products. Maybe to "see what she's got", as they say, but don't they have the ability to reverse engineer everything anyway? Costly I imagine...but surely not $100,000,000 costly; at that price they'll just do business as usual.

Besides, I've read elsewhere it's far cheaper and simple to hire AMD's engineering staff. What you got in your head is IP that can never be erased, they just mustn't use or share it. It's a dangerous game if someone does and it's not caught.

And China already DOES reverse engineer everything/anything they want to copy. It would appear to me that all they're buying is 'time' when they buy that data.
Reply
fball922

Hacker: "I have this source code!"
Buyer: "I will give you $10,000 for it."
Hacker: "It is worth $100,000,000!!!"
Buyer: "Ok, how about $15,000?"
Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
Buyer: "Offer rescinded."
Reply
spongiemaster

fball922 said:
Hacker: "I have this source code!"
Buyer: "I will give you $10,000 for it."
Hacker: "It is worth $100,000,000!!!"
Buyer: "Ok, how about $15,000?"
Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
Buyer: "Offer rescinded."
If there were competing entities for the code, it would be in the interest of each party to pay the ransom to prevent everyone else from getting the code. $100 million is completely absurd though. The code is certainly not worth that much.
Reply
digitalgriffin

fball922 said:
Hacker: "I have this source code!"
Buyer: "I will give you $10,000 for it."
Hacker: "It is worth $100,000,000!!!"
Buyer: "Ok, how about $15,000?"
Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
Buyer: "Offer rescinded."

They aren't that smart. Anything over 10,000 is easily tracked. It's not like anyone is going to hand over bitcoin either.

Somehow I doubt this code includes uCode. (Actual masking and circuit design info)

The only bad thing here is if there is a private key for things like CODECS/HDCP that gets compromised. If this is the case it will be revoked and a new one will have to be issued, which can be quite costly.
Reply
dalauder

digitalgriffin said:
The only bad thing here is if there is a private key for things like CODECS/HDCP that gets compromised. If this is the case it will be revoked and a new one will have to be issued, which can be quite costly.
That's what I was thinking. The only real impact of releasing the code is slightly decreasing the security of the architecture.
Reply

Show more comments

Stay on the Cutting Edge

Most Popular