UMC Report: Full Technical Investigation on LLT

-

 Published on UMC Blogger Official

Overview

During an active testing session, our team conducted a deep investigation into unexpected behavior observed in Lenovo's WMI GameZone interface and the custom boot logo functionality within the Lenovo Legion Toolkit (LLT). This report summarizes the findings, root causes, and pending action items identified throughout the session.

Background

Testing began with the deployment of test1.ps1 a diagnostic script targeting the root\WMI namespace — specifically the LENOVO_GAMEZONE_DATA class. The script operates in safe mode, meaning it only invokes Get/Is methods that require no [In] parameters, to protect system integrity during automated testing.

Initial output from the script returned minimal results, causing confusion among the team. At this stage, the root cause was not yet identified.

Finding 1 — WMI Method Parameter Requirement

After testing on a 2025 Legion 5 15AKP10 running Windows PowerShell ISE as administrator, it was confirmed that two WMI methods had changed behavior on newer Lenovo hardware:

  • GetIfSupportOrVersion
  • Get_Lighting_Current_Status

Both methods now require input parameters ([In]) to execute. Because the diagnostic script is designed to skip any method requiring [In] parameters for safety reasons, these methods were silently bypassed — producing output that appeared empty or broken.

This was subsequently confirmed across multiple devices by independent testers, ruling out any device-specific or OS-related cause.

Root Cause: Lenovo quietly changed the WMI GameZone interface on newer hardware models. The script's safe mode design, while intentional, cannot reach these methods without modification.

Required Fix: LLT must be updated to correctly pass the required input parameters when invoking these WMI methods on 2025+ hardware.

Finding 2 — Custom Boot Logo Silently Reverted

A separate issue was discovered during boot logo testing. When a custom boot logo is applied via LLT, the firmware silently reverts to the original Lenovo boot logo upon restart. Testing with a 3200×2000 black image confirmed the custom logo is not applied. Additionally, applying a logo through LLT causes the boot logo option within Lenovo Vantage to disappear entirely, even after reverting to the default image in LLT.

Suspected Cause: Secure Boot enforcement at the firmware level is likely blocking the custom logo from being applied. Third-party tools known to handle boot logo modification typically require Secure Boot to be disabled.

Status: Pending — A controlled test comparing behavior with Secure Boot ON vs OFF has been proposed but not yet completed. The conclusion cannot be confirmed until this test is conducted.

Summary Table

FindingStatusFix Target
WMI methods require [In] parametersConfirmedLLT update required
Custom boot logo silently revertsPartially confirmedPending Secure Boot ON/OFF test

Credits

Investigation conducted by the active testing team. Special recognition to BlazeGaming Triage for identifying the WMI root cause, conducting structured hardware testing, and delivering the final report. Additional confirmation provided by Brick and Aretzera.

This report was compiled from the #active-testing session log and reflects findings as of the final report timestamp (20:29).

Note: This is based on AI-generated writing assistance from the Claude Sonnet 4.6 used for writing.

Comments

Post a Comment

Popular posts from this blog

UMC Security Advisory - Celxpert Battery Issues

-
Image
Issue date: 30/07/2025  Updated : 31/07/2025  Note:  We updated with example of LNV -5B10W13897 batteries. (Update: UMC officially designated as L17C3PS2.) UMC ID: UMC01-07042   UMC today announced that was issued formal advisory that would recall of current fleet laptops is Lenovo ThinkPad L15 Gen 2a was equipped with Celxpert batteries because that degradation trend was flaw , lasting only 3+ hour battery life as observed. Key findings were included in screenshots. Figure 1: A degradation trend from 45.73Wh to 38.39Wh in Commercial Vantage. Multiple complaints from Reddit users raised concerns over the Celxpert batteries because they degrade into 16% wear level based on observations from linux-hardware.org sites that used to lookup for battery models and concluded that Celxpert (e.g,  LNV-5B10W13897  (L17C3PS2 detected) batteries) was worst long-term retention of advertised watt-hours. UMC recommends AVOIDING  Celxpert-made geninue Lenovo ba...
Read more

How I Became a Proactive Battery Monitor (Catching Issues Early)

-
Author : Felisitas Faya P. Most users notice battery problems only after something feels wrong — shorter runtime, sudden health drops, or unstable charging. By that point, degradation has already accumulated. My goal was different from the start: catch battery issues early , before they become visible, irreversible, or expensive. The Beginning: Observing, Not Assuming (2022) In 2022, I began continuously monitoring battery health on my Lenovo Yoga Slim 7 Carbon 13ITL5. Using Lenovo Vantage Battery Details alongside HWiNFO’s tray monitoring, I tracked capacity, temperature, charging behavior, and long-term trends in real usage. The purpose wasn’t to follow battery myths or chase perfect numbers. It was to understand how batteries actually age over time — slowly, quietly, and often invisibly. Expanding the Scope: Gaming Laptops and Heat (2024) In early 2024, I expanded this monitoring to my first gaming laptop, the IdeaPad Gaming 3 15ACH6. This introduced new variables: higher power draw...
Read more

UMC Bans the DeepSeek amid security concerns

-
 We are announcing the UMC now starting to ban the DeepSeek due to amid security concerns. The DeepSeek is a Chinese AI was developed by  Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd. that doing business created the AI models is a thing dangerous. And the UMC banned the DeepSeek for employee using dangerous AI models that expose the personal and company information could potentially leak and vulnerable attacks that penetrated for my studio UMC Corporation. We advise to not use DeepSeek AI for security reasons. We appreciate this take serious action by UMC officials at representative from using Chinese AI apps. 
Read more