This is very interesting. Can you be a bit more specific about the design?
When you say you created a two terminal device; do you mean you have a PCB (or equivalent) with two IO pads which you soldered to the pads which would normally be occupied by I2C pull-up R, but on a different PCB.
Basically, I'm wondering how the attiny85 was powered.
Given your description, I'm guessing you made a local power well which floated on the SDA line similar to how a boost cap works in a buck regulator (or more generally a charge pump). This is also approximately how a one-wire device works, like say the DS28E07.
To turn a 0->1 strengthen the pull-up equivalent which is in parallel to the uC circuit. I could probably add a simple feedback circuit to make sure the pull-up is just strong enough to keep SDA above VOH_min which should help prevent the I2C driver from getting damaged. To turn 1->0 open the pull-up equivelent and let the bit leak down.
Assuming standard I2C, I just need to make sure by uC is fully booted and ready to go by the end of the start bit. Should be doable.
I think I mostly convinced myself I could build one too. Of course any board I want to attack probably uses a SPI ROM, so roughly the same idea, but in a series termination resistor. :)
«Basically, I'm wondering how the attiny85 was powered»
You guys are overthinking this. Server motherboard PCBs are usually 4-8 layers with GND and VCC planes available near any component. The hackers, according to Bloomberg, modified the motherboards, so presumably they would simply add vias to the GND and VCC planes to power their rogue chip. You don't gain much by going the trouble of making the chip self-powered by leeching current from the SPI line... The vias that bring power to the chip can be hidden within layers (it's a standard thing to do) It would not even be detectable by a visual inspection. You would have to x-ray the PCB to detect it.
I'm with the GP. I've said it before (https://news.ycombinator.com/item?id=18146566): the presumed hack described by Bloomberg is actually not that hard, and perfectly doable. All the attacker has to do is compromise the PCB manufacturer. Actually not even that. He would swap a box of legit PCBs with a box of compromised PCBs when they are in transit from the PCB manufacturer to the assembler. The assembler (the one who solders components on the PCB) wouldn't suspect a thing because normally PCBs are just passive things. No chip. No logic. No firmware. Just stupid layers of copper that either work (conduct electricity) or don't. That's why no one pays attention to PCB manufacturers and instead supply chain security is focused on everything higher in the chain: the providers of components, the assemblers, the distributors, etc.
This Supermicro rogue chip story is in fact an attack much less advanced than some real-world attacks we have seen, like Stuxnet which exploited four(!) zerodays...
The assembler still has to put a special SKU 5k resistor (with our BMC modifying framework burnt in to it) on the modified PCB without anyone noticing though. I don't follow your conclusion that only the PCBs would have to be swapped.
The attackers supposedly installed the tiny rogue chip, sandwiched between the layers of the PCB (which is unusual and the main innovation of this whole attack), before the PCBs reached the assembler. The assembler start soldering components without knowing one is already hidden in there...
When you say you created a two terminal device; do you mean you have a PCB (or equivalent) with two IO pads which you soldered to the pads which would normally be occupied by I2C pull-up R, but on a different PCB.
Basically, I'm wondering how the attiny85 was powered.
Given your description, I'm guessing you made a local power well which floated on the SDA line similar to how a boost cap works in a buck regulator (or more generally a charge pump). This is also approximately how a one-wire device works, like say the DS28E07.
To turn a 0->1 strengthen the pull-up equivalent which is in parallel to the uC circuit. I could probably add a simple feedback circuit to make sure the pull-up is just strong enough to keep SDA above VOH_min which should help prevent the I2C driver from getting damaged. To turn 1->0 open the pull-up equivelent and let the bit leak down.
Assuming standard I2C, I just need to make sure by uC is fully booted and ready to go by the end of the start bit. Should be doable.
I think I mostly convinced myself I could build one too. Of course any board I want to attack probably uses a SPI ROM, so roughly the same idea, but in a series termination resistor. :)