Of course it is SysEx. SysEx is to standard MIDI what inline assembler is to Python. A world of undocumented proprietary stuff lurks within just about every MIDI device !
I wish it was somehow possible to perform a piece of music that would cause remote code execution. It’d be so cool to plug in a MIDI keyboard, play an Am6,9/G# and have it open a terminal window with root access.
Oh there definitely is some MIDI device out there that will get a buffer overrun from a particular set of just regular note inputs. Maybe 11 notes at once due to the programmer thinking "humans have only 10 fingers, a static array of 10 elements is enough to hold all notes currently playing".
More notes or voices playing than the player has fingers is quite common, a note doesn't stop just because you let go of the key. Sometimes you want it to ring out so most synthesizers handle that case. Some even let you configure the behaviour, for example you could reallocate the longest playing note or the closest note.
Many synthesizers have limits on how many sounds they can support. Midi was originally started because 1970's (analog) synthesizers could only produce one sound and so they wanted a way to have several synthesizers connected together. Before midi was finished synthesizers (now digital) could play more than one note. Though hardware limitations (not just software) didn't support infinite notes and so until around 2000 that synthesizers could generally play enough notes that players wouldn't run out in the real world.
The companies that came together to make MIDI all had analog polysynths capable of true polyphony before the MIDI standard was even finished. (distinct osc/amp/filter outputs per note and not just paraphonic synths that shared AMP/Filter circuits between OSCs)
MIDI was more about unifying the entire studio of synths, samplers, drum machines, and recording equipment. And creating interoperability between various manufacturers of music equipment. It was a solution to the multiple control voltage standards that predated it and made it troublesome to tie equipment together.
Yep, and not forgetting that serial ports on a computer were (at the time) expensive, and the sounds most synths were capable of were.. kind of simple. So there was the motivation for stacking multiple synths up to produce bigger/richer sound, doing keyboard splits (possible on some hardware of the time but not most), as well as driving many devices from a single port.
Multi timbral synths (different sounds addressable per MIDI channel) were a later thing too, analog polysynths could play more than one voice, but very few could play more than maybe two different _sounds_ at once.
Polyphonic analog synths existed before MIDI. Notably, the Novachord from the late 30s. For the modern era, analog 2-8 note polyphony was available by the late 70s.
It was well before 2000. Most of my gear is 1990s vintage and while some has limited polyphony, most has unlimited polyphony and doesn‘t do note stealing.
Sustain pedal. Not sure how it’s implemented in midi, but that’s one way to have more than ten notes playing at once. (There’s also four-hand duets and the rare but not non-existent play two adjacent white keys with one finger technique.)
That doesn't make much sense as note on and note off messages are very simple and you can't insert arbitrary bytes with them, unless maybe you use some very particular run mode.
Note on/off are just messages. We by convention map them to notes, but note 69 is A-440 on most keyboards, but you could see note 69 and play a C instead (this is somewhat common - have the computer transpose so you can play with others who play the music in a different key - better players can do this in their head but it is not a universal skill even with great players)
There is no reason you can't take a sequence of notes and do something else - pop up a root window for example. It isn't normally done because it would confuse everyone for no reason. (IIRC The original MIDI spec from the 1980s didn't have conventions of nearly as much and some midi devices did really weird things from note commands)
of course webmidi must support sysEx, it's essential to work with midi2 at all. but mostly because you must parse the weird sized packet to properly ignore it.
what might show up are chrome specific sysEx messages which then leads to exploits as the article.
I tried to make a bidirectional channel from a webpage to a python script over MIDI. I'd just found that with sysex you can pack any arbitrary data that you want, that python can create virtual MIDI devices, and that Chrome can then connect to such devices.
Wow, this is a whole thing I had no idea about. Was recently looking into what it would take to fuzz MIDI and while I found some resources to generate a .mid file to this end it wasn't exactly what I was hunting for. This is maybe something I should consider exploring instead, thanks!
