Systems & Sketches

Free Forums with no limits on posts or members.
zIFBoards - Free Forum Hosting
Welcome to Systems & Sketches. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Name:   Password:


 

 Just Got a Sony Mylo, Anyone else got one?
crait
Posted: Dec 5 2008, 10:51 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



user posted image

Thrusting_Storm_Trooper_Avatar_by_Falln_Avatars.gif

Just got one. (not for Christmas or anything)
Anyone else have one and know of some good stuff to put on it?
I joined a Mylo hacking forum so I could get started on putting homebrew on it, but the sites really slow and not that many people get on it.


--------------------
user posted image
user posted image
^^^
crait
Posted: Dec 7 2008, 11:35 AM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Okay, I found out that my firmware was 1.2 and only firmware 1.0 could be hacked, therefore, I am going to try to find an exploit in it and, well, I'm actually doing better than any other hacker has at it.
# I've found the directory that the files in the internal memory are through the web browser.
# I've found that you can load modified .BIN files and they will be loaded like HTML pages so the encrypted update.bin files can't be loaded in the browser like the PSP.
# I'm going to look into a possible BMP exploit like the PSP had with it's TIFF exploit.
# Once I get unsigned code running, I'll be able to do anything I want. There's no kernal mode on the Mylo because it's based on Qtopia (a type of Linux)
# Other exploit ideas are floating around my head.
Got any ideas for me? :P
I would love to hear them.

chewy.gif


--------------------
user posted image
user posted image
^^^
crait
Posted: Dec 7 2008, 06:17 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Alright, here's some more personal notes that you can read about my progress.
# Unlike the PSP, the Update file isn't even signed! This means you can open it right up and modify whatever you want! It is crypted so I can't make sense of what I'm changing, but I actually am changing things! It's creat! I want to change the update to say I'm updating to a 1.4 firmware so the firmware will run. If I put the modified 1.3 update on a Mylo with a lower firmware, the update will be ran perfectly.
# I realized that if you hook up your Mylo to the USB cord then unplug it, the Mylo will briefly show you your last position before sending you back to the Main Menu. I figured I might be able to have a valid image, view it, then go into USB mode, change the image for a corrupted image with code in it, and then exit out of USB mode and have the image read which in turn will run the code. However, the plan failed. I was navigating back to the corrupted image afterwards and before the corrupted thumbnail image came up, I clicked on it to view the image. To my surprise, the Mylo tried running it! This is a very, very good sign!
Thrusting_Storm_Trooper_Avatar_by_Falln_Avatars.gif
The Mylo will be hacked.


--------------------
user posted image
user posted image
^^^
crait
Posted: Dec 8 2008, 09:57 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06





Video: http://www.youtube.com/watch?v=gObrm2kYxeI
I just uploaded a video on YouTube demonstrating a Proof of Concept.


--------------------
user posted image
user posted image
^^^
ilanrenardie
  Posted: Dec 9 2008, 05:40 PM


N00B


Group: Members (N)
Posts: 1
Member No.: 119
Joined: 9-December 08



QUOTE (crait @ Dec 8 2008, 09:57 PM)
Video: http://www.youtube.com/watch?v=gObrm2kYxeI
I just uploaded a video on YouTube demonstrating a Proof of Concept.

Hi!!!!!!
well I bought the mylo COM 2 bout three months ago, and I've been looking for any hacks for it but until now this is the first place I find a post related to any hacks for the mylo, so I'd like to know if someone could guide me through the process to hack mine. Thanks!!!
ninja.gif
^^^
crait
Posted: Dec 9 2008, 05:57 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Hey!
Sorry, but right now, I have no Mylo COM-2.
Only the Mylo COM-1.
You might be able to hack it, but I can't help you. mad.gif
Sorry.
Join this website: http://www.myloforums.net/
They know more about the COM-2 than I do.

chewy.gif


--------------------
user posted image
user posted image
^^^
AdventWolf
Posted: Dec 12 2008, 11:27 AM


Frequent Poster


Group: Members (N)
Posts: 224
Member No.: 86
Joined: 23-June 08



Interesting, good luck on your venture! What are the specs of this device?


--------------------
user posted image
Eh it was a work in progess, my 4th sig.
^^^
crait
Posted: Dec 13 2008, 09:31 AM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



No one really knows, really.
There was never any official announcements for it. Just screensize. (320x240)


--------------------
user posted image
user posted image
^^^
sharry
Posted: Mar 23 2009, 07:21 AM


N00B


Group: Members (N)
Posts: 1
Member No.: 130
Joined: 23-March 09



QUOTE (crait @ Dec 8 2008, 09:57 PM)
Video: http://www.youtube.com/watch?v=gObrm2kYxeI
I just uploaded a video on YouTube demonstrating a Proof of Concept.

Simialr to the hack found in Jan 07, with the JPG exploit.

http://www.myloforums.net/forums/showthrea...ighlight=11-pho

The error was 'A system error occured. Turn the unit off and then on again. (11-web)'.
^^^
crait
Posted: Mar 23 2009, 05:08 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Yes, I saw this whenever I was Googling for Opera Mini expoits and hacks a little bit after I found the PNG venerability.
I couldn't download the JPEG image to download. Do you have a more recent link?


--------------------
user posted image
user posted image
^^^
crait
Posted: Apr 25 2009, 12:40 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Okay, today, I found out something that I've overlooked about a billion times when hex editing the update.bin.
Because of this, I was able to edit the update's firmware number to anything I want to. I can edit it to say a future firmware so that I can actually update to it. If I do, it wouldn't change anything, however because the update I edited was the newest out there and I have the newest update.
Okay, moving on. When the PSP first came out, people wanted to downgrade their firmware. A lot of amateur hackers thought if they edited the number in the update, that the console would update to a previous version. This was not the case and did not work because the encryption on the EBOOT.PBP.
Today, I am pleased to say that for the Mylo, this could actually work because the lack of encryption on the header of the update.bin file.
Once update to a 1.4 update with 1.00 files, people can hack the Mylo through the open WIFi FTP that the Mylo has! Sharry discovered this on his Mylo but edited a crucial file and corrupted his Mylo. We now know which files are editable and which aren't.
WTF do you guys think about this?


--------------------
user posted image
user posted image
^^^
crait
Posted: Apr 25 2009, 01:29 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



The newest released update is installed already.
user posted image

My new update.
user posted image

Video: http://www.youtube.com/watch?v=ssIj8za-ycU...re=channel_page

Snow.gif
Doesn't work yet, I gotta hex edit a few more points. I may be headed down a no outlet road.


--------------------
user posted image
user posted image
^^^
crait
Posted: Apr 29 2009, 05:19 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Hey guys! Here's a quick update..
I was hoping that the FTP hack was in a later firmware so that I can use it's update file to make a downgrader to downgrade to a firmware with the FTP hack available. Luckily, it was, however, the update.bin was never released publicly and only Mylo's came with it preloaded.
However, there is another exploitable hack that may be of use to enable the FTP hack.
I can use the 1.1 update.bin file (the first updater available) and make a downgrader so that I can downgrade my 1.3 to a 1.1. On that firmware, there is a hack that allows you to view all of the files on the system. You can't download them but you can look around. This is good because to access the files in the browser, you must type in the equivilant of a ../ folder change. It's .2%e/

Now, to enable this, we must find where the file is located that allows the 4242 port on the Mylo to be open, and have the opened file saved onto the memory card in the Documents folder as a TXT. All we have to do is open the file, and click Save As and name the file the appropriate file name but with the file location in front of the name so that the Mylo will save the file and replace the original file that has a closed port. Now, the port should be open and FTP should be possible.


Here's some helpful links that I will need later:

Extracted update.bin files:
http://www.myloforums.net/forums/showthread.php?t=298

1.001 filesystem:
http://www.myloforums.net/forums/showthrea...ight=filesystem

FTP tutorial for 1.0 & 1.001:
http://www.myloforums.net/forums/showthread.php?t=212

Some files:
http://www.myloshare.net/serve/mylo-latest1.rar


Oh, hey, I just downloaded the Mylo Launch suite, and I used it to upload a picture of me and my chicken as my profile image. I what would happen if I replaced the small thumbnail with a huge image... Oh, just tried it. It compresses it.. Heh.


--------------------
user posted image
user posted image
^^^
crait
Posted: Jun 19 2009, 04:02 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



Alright. I've been doing a lot of research.
Firstly, I looked all over my computer for data on the Mylo. Once you plug it in and use the Mylo Tools program, it shows you what firmware you're running even if you delete all the files off your Mylo. This means it can RO some of the files from it's flash. I used the System Manager and still couldn't find anything.
The second thing I researched was ports. I managed to open a few ports using my wireless router and again with the Skype program on the Mylo, however, I've had no success whenever I tried using Telnet or FTP to transfer files through ports 21, 137, 23, and even SSH, 22.
Any ideas?


--------------------
user posted image
user posted image
^^^
crait
Posted: Jun 19 2009, 04:19 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



I'd also like to say that I tried using the RO method in the web browser with different commands like ..4/ and a lot of .%2e/'s
No luck, though.
I'm going to try to use Javascript to redirect me to the localhost/ and see if I can navigate like that.
pirate.gif

==========================================
I also have a list of what I want to put in when we finally have it hacked...

# Enable Games
# New CFW menu by either holding down Home or Num+Q
# Destroy What's Up
# Change theme colors and maybe enable the menu option to change them
# USB mode that doesn't take control over the entire system
# Enable address book
# Enable full screen in Opera
# Change smallest font in Opera to 10
# Take out the exclusions for the file:// in urlfilter.ini
# Custom LED's big_smile.gif
# Enable wbmp
# Enable cursor in qpe.conf for Opera
# Put in a Command Console AKA Terminal AKA Console
# Fix the problem with Y!IM
# Fix the problem with Skype that erases your profile
# Allow complete filesystem access in File Browser and Opera (Opera's would be easiest to fix.)
# Change 'Connection Dialog' to 'Connection Manager' (How did they let this typo slip through?)

# Last would be AIM


--------------------
user posted image
user posted image
^^^
crait
Posted: Jun 23 2009, 10:57 AM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



We all knew that the Sony Mylo Tools could read data off of the Mylo's flash, or it was theorized that. However, I found out that the program can write there too! bug_eye.gif
If you open the Tools and go to change your profile image, then the file will be transferred to X:/Tools/My_Picture/ with the same name. I thought the Mylo would copy this file to the flash whenever it says, "Updating Database." but it doesn't! I changed the picture before I unplugged the Mylo and yet, the image was changed on the Mylo anyways!
This means it wrote to flash of the Mylo, or at least called a command for the Mylo to do it..
I want to figure this thing out. I'll be researching this too.
Snow.gif


--------------------
user posted image
user posted image
^^^
crait
Posted: Jul 13 2009, 02:09 PM


Handheld Fanatic


Group: Administrator
Posts: 1,437
Member No.: 7
Joined: 11-December 06



CODE
-exec shell code
command  shutdown -r now
#!/bin/bash
echo Hello World

Just some quick codes I don't want to forget.
I'll be updating this thread soon with all my nice juicy info. I've discovered a lot of interesting things with the Mylo and a few more potential vernurabilities.
pika.gif

EDIT:
I forgot to include this on the thread: http://www.sony.net/Products/Linux/VAIO/category03.html
Source codes.


--------------------
user posted image
user posted image
^^^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
DealsFor.me - The best sales, coupons, and discounts for you





Brewology Systems & Sketches
Bookmark Want to Affiliate With Us?

Hosted for free by zIFBoards* (Terms of Use: Updated 2/10/2010) | Powered by Invision Power Board v1.3 Final © 2003 IPS, Inc.
Page creation time: 0.0322 seconds · Archive