7/4/2026 at 1:29:24 AM
> After this minor hiccup, the experience with MSI was actually quite pleasant. They prepared a patch for the vulnerability within two days of me reporting it and told me which MSI Center release it was to be bundled with, and when they planned to release the new version.Was NOT expecting a happy ending.
I don't know if the part of MSI Center with the pipe vulnerability is automatically installed on desktops but this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM.
by nzeid
7/4/2026 at 2:04:23 AM
> this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAMYou should reverse engineer it and write a free software replacement!
I did this for my Clevo laptop's keyboard LEDs:
https://github.com/matheusmoreira/ite-829x
Still one of my most satisfying projects and I use it to this day. These manufacturer apps are so bad. Clevo control center would take over a minute to display a window on screen, it was so aggravating. My replacement program works instantly and is scriptable.
The LED control was implemented over USB. Reversed it by capturing packets with wireshark and replaying them using libusb. MSI probably used ACPI/WMI for this which is much more annoying to work with. I gave up on reversing my laptop's ACPI/WMI features years ago but now that I've got AI I'm trying again, it's been a huge help.
by matheusmoreira
7/4/2026 at 6:56:49 AM
I did some ACPI reverse engineering on an old Toshiba laptop some years ago, with the goal of improving the Linux ACPI drivers. Learnt a lot from it, and wrote a blog post that you might find interesting: https://vorpal.se/posts/2022/aug/21/reverse-engineering-acpi... (100% human written, and I hate that I have to specify that these days).by VorpalWay
7/4/2026 at 1:08:36 PM
This is great, thank you!! Wish I could have read this article back then!!by matheusmoreira
7/4/2026 at 11:25:04 AM
#handmade_commentVery good article, thank you!
by oneshtein
7/4/2026 at 11:07:44 AM
Nice! If it doesn't exist yet, I'd also recommend taking it a step further and writing an OpenRGB controller for it, so even more people can benefit from the reverse engineering effort.by jath03
7/4/2026 at 3:54:39 AM
> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.Not sure this is that happy of an ending. I wish there was more information why - is the payout process too cumbersome and why is this person continuing to provide uncompensated value to these companies?
by vlovich123
7/4/2026 at 8:12:16 AM
And this is the only way to set the charging limit on your laptop, which is awful practice.Oh, and of course it's so bad, that if you once uninstalled it, you need a special cleanup software which may or may not work, but most likely you're done and can't install instgain.
All to set the charging level which, say, Framework exposes in BIOS.
I know there are some Linux-based ways that are supposed to safely write the threshold to EC, but none worked in my case (reasonably new model, supported by every piece of Linux-based software I checked), and one of them flipped the VMD Controller support on, which makes my nvmes invisible to the installed OS.
Awful, terrible piece of software.
by subscribed
7/4/2026 at 1:49:50 AM
I love those lights. Got a case with clear sides so it's blasting rainbows at my wall all the time.by edoceo