5 hours ago, goates said:

And which the article calls into question.

 

 

The article simple said it appeared to be in the software. Which of course we know it is... plus the BIOS. NVidia said it was in both. 

 

Quote

I wouldn't put it past Nvidia at all to lie about it, they've pulled some shady things in the past

 

Point is though, such things can be verified. 

 

Quote

 This proves that whatever they tried to do to lock out crypto mining could be overridden with just the driver.

 

Well no, not true. That was only the case because Nvidia left a tool in the driver designed to do exactly that. It was a mistake, that tool wouldn't ordinarily be in the driver.

A driver is perfectly capable of accessing the BIOS. The tool Nvidia left in the driver was designed to switch off the hash rate limiter. And its perfectly plausible that it accessed the BIOS too and did the same. Furthermore, if BOTH the hash rate limiter in the driver AND the feature in the BIOS  was required for the hash rate limiter to function, the disabling of one half of what was required would disable it. 

I know its fashionable to "hate Nvidia" and find them guilty of misdoings, but I see no evidence that its the case here. 

 

Quote

 If it really was as secure as Nvidia claimed, I wouldn't have expected the developer driver to work like this on end user GPUs.

 

Of course it would! 😄 they left a SPECIFIC TOOL in the driver that would do that. That software wouldn't normally be there. Your comment is like giving someone the key to your house and then being mystified how they got it. 

Edited March 17, 20215 yr by martin-w

2 hours ago, martin-w said:

Well no, not true. That was only the case because Nvidia left a tool in the driver designed to do exactly that. It was a mistake, that tool wouldn't ordinarily be in the driver.

A driver is perfectly capable of accessing the BIOS. The tool Nvidia left in the driver was designed to switch off the hash rate limiter. And its perfectly plausible that it accessed the BIOS too and did the same. Furthermore, if BOTH the hash rate limiter in the driver AND the feature in the BIOS  was required for the hash rate limiter to function, the disabling of one half of what was required would disable it. 

Actually, this does very much prove that the protection they designed was not nearly as strong as they tried to make it out to be. When they first announced the GPUs would have restrictions against ethereum mining, people started speculating that someone would eventually find a workaround in the driver. Nvidia responded claiming the restriction also involved the BIOS and was thus essentially impossible to get around (or at least it would take too long for the crypto miners to bother with). So this does prove the theories correct that one only needed to hack the driver. If Nvidia had the ability to add or change something in the driver alone that disabled it, sooner or later someone else would figure it out too*. Or the "tool", as you call it, would have leaked in a different fashion.

And regarding the BIOS, I would have expected the production version in shipping GPUs to recognize the development driver and ignore any requests to disable the hash rate limiter (and maybe even refuse to run in anything more than a basic VGA mode if they really wanted to lock things down). Again, not nearly as strong of a design as they made it out to be.

2 hours ago, martin-w said:

Your comment is like giving someone the key to your house and then being mystified how they got it. 

Not quite. Nvidia's comment was more like they claimed there was no key or way to break into the house at all, when we now know there very well was. Although, I was expecting this to be discovered by a crypto miner or hacker, not by Nvidia themselves.

I'm not claiming they were doing anything nefarious in this case, just that their claims of the hash rate limitation being impossible to remove or work around were grossly exaggerated. Make extraordinary claims, and you had better be able to back it up. Nvidia made the claim and proved themselves wrong.

 

*This is also an excellent example of why encryption back doors are a terrible idea.

Edited March 17, 20215 yr by goates
Speeling

11 hours ago, goates said:

 So this does prove the theories correct that one only needed to hack the driver. 

 

 

 

They didn't hack the driver though. The TOOLS were accidentally left in the driver. Development tools with the capability to switch it off. They simply used the tool to switch it off. Again... its like you giving somebody your front door key and then being surprised they had the ability to enter your house. Those tools wouldn't ordinarily be in the driver, they accidentally left them in a beta driver. So in this case, it wasn't a case of "only needing to hack the driver". Its a case of Nvidia accidentally providing a beta driver with a development tool left in it. 

 

Quote

Or the "tool", as you call it, would have leaked in a different fashion.

 

Well that applies to any software. There are all manner of software tools and encryption keys in safe keeping. Its up to the developer to keep them secure.

 

Quote

Not quite. Nvidia's comment was more like they claimed there was no key or way to break into the house at all, when we now know there very well was. 

 

I think its quite obvious that Nvidia were referring to the driver and BIOS in their natural state. Not to a driver that had included a development tool.

. 

Edited March 18, 20215 yr by martin-w

5 hours ago, martin-w said:

So in this case, it wasn't a case of "only needing to hack the driver". Its a case of Nvidia accidentally providing a beta driver with a development tool left in it.

You're getting too caught up in the specifics and missing the point. Nvidia stated they were limiting the GPU when it comes to ethereum mining. Then people hypothesized that there would be a way around this limit by tweaking or hacking just the driver. Nvidia responds by saying that no, they designed it so securely that the restriction relies on both the driver and the BIOS, implying that messing with only one or the other wouldn't be enough. Now they have accidentally released a development driver that can disable the rate limiter, which shows that you can indeed disable the limitations by changing just the driver. This is what I'm trying to get across. Yes, in this case it was Nvidia leaving the development code in the driver, however, if Nvidia can disable the limit through just changing something in the driver, then so too could someone else. Which proves the original predictions correct, that you just needed to tweak or hack the driver.

 

Quote

Now they have accidentally released a development driver that can disable the rate limiter, which shows that you can indeed disable the limitations by changing just the driver. 

 

 

 Only if you have access to the tool. Writing your own "tool" would be a whole different ball game. 

So not by "changing" the driver, no. By using a specific tool that was WITH the driver. The driver wasn't hacked, tweaked or modified, the tool was simply used as intended.

 

I would hypothesis that the Nvidia tool was able to write to the BIOS, thus the desired result, switching off the limiter. It wouldn't be enough for a hacker to simply hack the driver, they would also have to construct an identical tool to the Nvidia tool and not just switch off the limiter in the driver, but also do what was required in the BIOS. That would be a VERY difficult task, if its actually possible at all.

 

Quote

if Nvidia can disable the limit through just changing something in the driver, then so too could someone else.

 

It would be silly to say that a driver or BIOS could never be hacked, but I see no reason to suggest that Nvidia were not truthful. I see nothing that would suggest that there was only a driver limiter and nothing in the BIOS. 

Neither of us are software experts, but fun to speculate. 

 

 

 

 

Edited March 18, 20215 yr by martin-w