• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Hackers Threaten to Release NVIDIA GPU Drivers Code, Firmware, and Hash Rate Limiter Bypass

AleksandarK

News Editor
Staff member
Joined
Aug 19, 2017
Messages
2,999 (1.06/day)
A few days ago, we found out that NVIDIA corporation has been hacked and that attackers managed to steal around 1 TB of sensitive data from the company. This includes various kinds of files like GPU driver and GPU firmware source codes and something a bit more interesting. The LAPSUS$ hacking group responsible for the attack is now threatening to "help mining and gaming community" by releasing a bypass solution for the Lite Hash Rate (LHR) GPU hash rate limiter. As the group notes, the full LHR V2 workaround for anything between GA102-GA104 is on sale and is ready for further spreading.

Additionally, the hacking group is making blackmailing claims that the company should remove the LHR from its software or share details of the "hw folder," presumably a hardware folder with various confidential schematics and hardware information. NVIDIA did not respond to these claims and had no official statement regarding the situation other than acknowledging that they are investigating an incident.


Update 01:01 UTC: The hackers have released part of their files to the public. It's a 18.8 GB RAR file, which uncompresses to over 400,000 (!) files occupying 75 GB, it's mostly source code.



View at TechPowerUp Main Site | Source
 
Whaddyaknow the hackers weren't russki after all.
 
not gonna make a difference when the RTX30 Series are 2 years old and gonna be replaced by the RTX40 Series.
 
If they had a proper hashrate limiter bypass - it would make more sense to sell it to miner farms before even trying to blackmail nvidia.

Who ever made up this story, didn't think it through properly...
 
"We want to help mining and gaming community by removing LHR limiter" - sure you want.
 
“The LAPSUS$ hacking group responsible for the attack is now threatening to "help mining and gaming community" by releasing a bypass solution for the Lite Hash Rate (LHR) GPU hash rate limiter.”

hmmmm I’m not sure how that will help gaming community but what do I know.
 
How the fuck removing LHR limits will "help" gaming. Damn ****, hack Putin instead.
 
Last edited by a moderator:
You have to laugh, hackers threaten to help Nvidia sell even more graphics cards!!!1
 
How the fuck removing LHR limits will "help" gaming. Damn ****, hack Putin instead.

Well, I will tell you. As the crypto prices have fallen, removing the LHR lock will improve the value of gamers' LHR locked cards.

On to a scenario then; When the next bull market arrives and rockets cryptos to new heights, gamers will be able to sell their cards at the prices they bought these cards, hopefully by that time, they will also have saved up another few $100's and buy a new RTX5000 or whatever might be available at that time.

I hate this whole situation; In the meantime, I am happily playing my games. My baby will never see the inside of a mine while it's in my possession. :love:
 
Last edited by a moderator:
They should post it, who cares about driver code at this point? It can almost be completely reverse engineered, same for a lot of BIOS data.

The only bad part is the compute unlock and whatever optimizations they have spent time on might be of interest to competitors, of which there is really Intel that could use a lesson in drivers, but I’m sure even Intel has some test machines running that can spit out raw code. I bet AMD does too.
 
Yea either release the data or dont, just stop the whiney ass threats.
 
NGL, I didn't think we had hackers of that level in this region of the world. Either that or Nvidia got *very* careless
 
Interesting that just as I've noticed GPU prices have started to fall coincidently now there is a team of hackers claiming they're going to release code that will help people remove the hash rate limiters. I am sure that's just a crazy coincidence.
 
Interesting that just as I've noticed GPU prices have started to fall coincidently now there is a team of hackers claiming they're going to release code that will help people remove the hash rate limiters. I am sure that's just a crazy coincidence.
The leak is real, it's floating around even public trackers now. It contains full current and future driver sources, firmware, CUDA, libraries, tools. Basically most of NV software. The main driver branch is very interesting because it contains code and information about Ada, Hopper and AFAIK unannounced Blackwell architectures.
 
it would make more sense to sell it to miner farms before even trying to blackmail nvidia.
Did you read the article? They are.

They should post it, who cares about driver code at this point? It can almost be completely reverse engineered, same for a lot of BIOS data.
Bios sig keys can't though. They would be a great boon to the likes of nouveau on linux.
 
Bios sig keys can't though. They would be a great boon to the likes of nouveau on linux.
Unfortunately they won't use it, neither will they look at the leaked code. It would contaminate them and prevent from working on the nouveau code. The leak contains release and debug versions of every firmware, but again it can't ever be distributed without NV's consent, so it won't legally help Linux.
 
The leak is real, it's floating around even public trackers now. It contains full current and future driver sources, firmware, CUDA, libraries, tools. Basically most of NV software. The main driver branch is very interesting because it contains code and information about Ada, Hopper and AFAIK unannounced Blackwell architectures.
Any sig keys for the bioses?
 
Unfortunately they won't use it, neither will they look at the leaked code. It would contaminate them and prevent from working on the nouveau code.
They don't have to. They simply have to instruct the user on how to do so, to unlock flashing a modded vbios for linux reclock purposes.

The groundwork is all there.
 
Any sig keys for the bioses?
I doubt it's there, but I haven't looked too closely. I found the signing application (with banal hardcoded AES IV, which might be a security issue).
This particular leak is about software, there are no GPU schematics in it, for example.
I hope that NV has proper security practices for signing, and isn't just keeping the keys in the main repository. Having them outed would mean a lot of problems for everybody.

They don't have to. They simply have to instruct the user on how to do so, to unlock flashing a modded vbios for linux reclock purposes.

The groundwork is all there.
True, but NV had issues with nouveau providing scripts and methods of extracting the firmware files from the binary drivers in the past.
Unfortunately we are at NV's mercy because ultimately they own the hardware by having the firmware be signed.
 
I doubt it's there, but I haven't looked too closely. I found the signing application (with banal hardcoded AES IV, which might be a security issue).
This particular leak is about software, there are no GPU schematics in it, for example.
I hope that NV has proper security practices for signing, and isn't just keeping the keys in the main repository. Having them outed would mean a lot of problems for everybody.


True, but NV had issues with nouveau providing scripts and methods of extracting the firmware files from the binary drivers in the past.
Unfortunately we are at NV's mercy because ultimately they own the hardware by having the firmware be signed.
Honestly, I'd love if they were outted. I see the benefits as far outweighing the problems.

Unfortunately we are at NV's mercy because ultimately they own the hardware by having the firmware be signed.
Not legally speaking. They just act like they do. But at least in usa, we have every right to defeat those protections on a personal level.
 
Back
Top