Remix.run Logo
MSI Center – How to gain SYSTEM privileges in seconds(mrbruh.com)
67 points by MrBruh 6 hours ago | 14 comments
nzeid 5 hours ago | parent | next [-]

> After this minor hiccup, the experience with MSI was actually quite pleasant. They prepared a patch for the vulnerability within two days of me reporting it and told me which MSI Center release it was to be bundled with, and when they planned to release the new version.

Was NOT expecting a happy ending.

I don't know if the part of MSI Center with the pipe vulnerability is automatically installed on desktops but this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM.

matheusmoreira 5 hours ago | parent | next [-]

> this is the terribly written software that you need to turn off all the obnoxious lights on your MB and DRAM

You should reverse engineer it and write a free software replacement!

I did this for my Clevo laptop's keyboard LEDs:

https://github.com/matheusmoreira/ite-829x

Still one of my most satisfying projects and I use it to this day. These manufacturer apps are so bad. Clevo control center would take over a minute to display a window on screen, it was so aggravating. My replacement program works instantly and is scriptable.

The LED control was implemented over USB. Reversed it by capturing packets with wireshark and replaying them using libusb. MSI probably used ACPI/WMI for this which is much more annoying to work with. I gave up on reversing my laptop's ACPI/WMI features years ago but now that I've got AI I'm trying again, it's been a huge help.

vlovich123 3 hours ago | parent | prev | next [-]

> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.

Not sure this is that happy of an ending. I wish there was more information why - is the payout process too cumbersome and why is this person continuing to provide uncompensated value to these companies?

edoceo 5 hours ago | parent | prev [-]

I love those lights. Got a case with clear sides so it's blasting rainbows at my wall all the time.

aucisson_masque an hour ago | parent | prev | next [-]

> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.

Why bother reporting to them ?

You could just as well sell it to third parties if it doesn't interest them.

drdexebtjl 5 hours ago | parent | prev | next [-]

I wish the author went into a bit more detail about how MSI fixed it, as is usual in write ups like this.

It left me thinking maybe the patch introduced a different vulnerability that’s still under an embargo :)

KennyBlanken 5 hours ago | parent [-]

More likely MSI just being MSI. They're infamous for being far more concerned about image than most vendors so don't expect much info.

Klathmon 5 hours ago | parent | prev | next [-]

Is there any valid reason to still be using 3DES in 2026?

It was formally deprecated in 2018 and has been surpassed in just about every single way by AES long before that.

At this point I feel like it's use is such a huge red flag

Pxtl 4 hours ago | parent [-]

I mean they're still using Inno Setup which was pretty cool in 2004.

pjmlp an hour ago | parent | next [-]

Unfortunately plenty of folks still didn't got the memo MSI and MSIX exist.

indrora 38 minutes ago | parent [-]

Unfortunately, WiX is still a pain in the ass to use and there's a lot of simple tooling that makes NSIS/InnoSetup/etc shockingly easy to use while the same MSI experience is garbage.

msix is just a different beast entirely too.

pjmlp 25 minutes ago | parent [-]

What about using the Visual Studio packaging tools?

I live on .NET/C++ universe in regards to Windows development, so it might be it isn't as nice for not blessed stacks.

XorNot 2 hours ago | parent | prev [-]

I mean I still build windows installers with NSIS which has somehow just-worked for decades.

huflungdung 5 hours ago | parent | prev [-]

You have physical access to the machine. Dump its bios and inject this https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-...

Shrug.emoji