
Ask HN: Is the “big hack” technically possible? - kuon
I guess we&#x27;ve all read the big hack story by now.<p>Like all sensational tech stories, I have my doubts on it.<p>I cannot verify any claim made by either party, but what I can do is evaluate the technical feasibility of the hack.<p>As I understand, it was a tiny chip used to control the BMC of supermicro servers.<p>By the look of it, it has 6 pins, which 2 must be used for power, that let us with four for whatever it was doing.<p>I do a bit of electronics, I went as far as designing my own low power arduino like board. But that&#x27;s not enough to have a clear idea on how this chip could attack the board. The chip must be using SPI or something similar but where would it be hooked?<p>I know that this is mostly speculations, but I&#x27;m interested in all possible theories about how this chip works.
======
4x5_Rules
The Register has an interesting article about it, and how it could be
possible. On the other hand, they point out that it would be more likely that
the actual firmware to be changed. It reminds me of the fiction book "Ghost
Fleet", where China starts a war with the US and a bunch of the US war machine
is compromised.

[https://www.theregister.co.uk/2018/10/04/supermicro_bloomber...](https://www.theregister.co.uk/2018/10/04/supermicro_bloomberg/)

------
setquk
Feasible yes. Unlikely yes.

It would require multi master bus arbitration which isn’t built into the SPI
protocol so it would have to intercept the protocol’s MOSI/MISO lines. Thus
requiring more pins.

That means larger package.

And a larger piece of steaming evidence sitting there.

I can’t see any logic however in doing this because there are tens of not
hundreds of easier vectors involving the software side of it. Edit: which are
all plausibly deniable.

Also rewriting SPI would be difficult to do fast without dedicated silicon
(expensive dev cycle) or FPGA (physically large).

Edit: to note, eSPI was only formalised in 2016 by Intel to replace LPC so
this either predates that or talks to the LPC bus which has a much higher pin
count.

Edit 2: also these would be very easy to find. You pull the known components
attached to the SPI bus off the board at a rework station, dump a few hundred
volts down the SPI bus and look for where the smoke comes out. Then you buy
another identical board and analyse that part of it. The change in impedance
and current drain of the device would be evident as well.

~~~
Thetawaves
Spinning custom silicon is not beyond the capability of a nation-state.

~~~
setquk
You're right. It isn't beyond it. But to do this you need access to the
binaries and build process to do a differential analysis for injection. If you
had access to that why would you not modify at firmware load time?

I can't see any logic in leaving a physical device on the board as evidence.
It's like leaving a machete with your fingerprints all over it when you murder
someone.

------
fulafel
i2c/smbus is a standard 2-wire multi node bus that is used all over the place
in motherboards.

