Just Got a Sony Mylo, Anyone else got one?

Just got one. (not for Christmas or anything)
Anyone else have one and know of some good stuff to put on it?
I joined a Mylo hacking forum so I could get started on putting homebrew on it, but the sites really slow and not that many people get on it.

Okay, I found out that my firmware was 1.2 and only firmware 1.0 could be hacked, therefore, I am going to try to find an exploit in it and, well, I'm actually doing better than any other hacker has at it.
# I've found the directory that the files in the internal memory are through the web browser.
# I've found that you can load modified .BIN files and they will be loaded like HTML pages so the encrypted update.bin files can't be loaded in the browser like the PSP.
# I'm going to look into a possible BMP exploit like the PSP had with it's TIFF exploit.
# Once I get unsigned code running, I'll be able to do anything I want. There's no kernal mode on the Mylo because it's based on Qtopia (a type of Linux)
# Other exploit ideas are floating around my head.
Got any ideas for me? :P
I would love to hear them.

Alright, here's some more personal notes that you can read about my progress.
# Unlike the PSP, the Update file isn't even signed! This means you can open it right up and modify whatever you want! It is crypted so I can't make sense of what I'm changing, but I actually am changing things! It's creat! I want to change the update to say I'm updating to a 1.4 firmware so the firmware will run. If I put the modified 1.3 update on a Mylo with a lower firmware, the update will be ran perfectly.
# I realized that if you hook up your Mylo to the USB cord then unplug it, the Mylo will briefly show you your last position before sending you back to the Main Menu. I figured I might be able to have a valid image, view it, then go into USB mode, change the image for a corrupted image with code in it, and then exit out of USB mode and have the image read which in turn will run the code. However, the plan failed. I was navigating back to the corrupted image afterwards and before the corrupted thumbnail image came up, I clicked on it to view the image. To my surprise, the Mylo tried running it! This is a very, very good sign!

The Mylo will be hacked.

Video: http://www.youtube.com/watch?v=gObrm2kYxeI
I just uploaded a video on YouTube demonstrating a Proof of Concept.

Hi!!!!!!
well I bought the mylo COM 2 bout three months ago, and I've been looking for any hacks for it but until now this is the first place I find a post related to any hacks for the mylo, so I'd like to know if someone could guide me through the process to hack mine. Thanks!!!

Hey!
Sorry, but right now, I have no Mylo COM-2.
Only the Mylo COM-1.
You might be able to hack it, but I can't help you.
Sorry.
Join this website: http://www.myloforums.net/
They know more about the COM-2 than I do.

Interesting, good luck on your venture! What are the specs of this device?

No one really knows, really.
There was never any official announcements for it. Just screensize. (320x240)

Simialr to the hack found in Jan 07, with the JPG exploit.

http://www.myloforums.net/forums/showthrea...ighlight=11-pho

The error was 'A system error occured. Turn the unit off and then on again. (11-web)'.

Yes, I saw this whenever I was Googling for Opera Mini expoits and hacks a little bit after I found the PNG venerability.
I couldn't download the JPEG image to download. Do you have a more recent link?

Okay, today, I found out something that I've overlooked about a billion times when hex editing the update.bin.
Because of this, I was able to edit the update's firmware number to anything I want to. I can edit it to say a future firmware so that I can actually update to it. If I do, it wouldn't change anything, however because the update I edited was the newest out there and I have the newest update.
Okay, moving on. When the PSP first came out, people wanted to downgrade their firmware. A lot of amateur hackers thought if they edited the number in the update, that the console would update to a previous version. This was not the case and did not work because the encryption on the EBOOT.PBP.
Today, I am pleased to say that for the Mylo, this could actually work because the lack of encryption on the header of the update.bin file.
Once update to a 1.4 update with 1.00 files, people can hack the Mylo through the open WIFi FTP that the Mylo has! Sharry discovered this on his Mylo but edited a crucial file and corrupted his Mylo. We now know which files are editable and which aren't.
WTF do you guys think about this?

The newest released update is installed already.


My new update.


Video: http://www.youtube.com/watch?v=ssIj8za-ycU...re=channel_page


Doesn't work yet, I gotta hex edit a few more points. I may be headed down a no outlet road.

Hey guys! Here's a quick update..
I was hoping that the FTP hack was in a later firmware so that I can use it's update file to make a downgrader to downgrade to a firmware with the FTP hack available. Luckily, it was, however, the update.bin was never released publicly and only Mylo's came with it preloaded.
However, there is another exploitable hack that may be of use to enable the FTP hack.
I can use the 1.1 update.bin file (the first updater available) and make a downgrader so that I can downgrade my 1.3 to a 1.1. On that firmware, there is a hack that allows you to view all of the files on the system. You can't download them but you can look around. This is good because to access the files in the browser, you must type in the equivilant of a ../ folder change. It's .2%e/

Now, to enable this, we must find where the file is located that allows the 4242 port on the Mylo to be open, and have the opened file saved onto the memory card in the Documents folder as a TXT. All we have to do is open the file, and click Save As and name the file the appropriate file name but with the file location in front of the name so that the Mylo will save the file and replace the original file that has a closed port. Now, the port should be open and FTP should be possible.


Here's some helpful links that I will need later:

Extracted update.bin files:
http://www.myloforums.net/forums/showthread.php?t=298

1.001 filesystem:
http://www.myloforums.net/forums/showthrea...ight=filesystem

FTP tutorial for 1.0 & 1.001:
http://www.myloforums.net/forums/showthread.php?t=212

Some files:
http://www.myloshare.net/serve/mylo-latest1.rar


Oh, hey, I just downloaded the Mylo Launch suite, and I used it to upload a picture of me and my chicken as my profile image. I what would happen if I replaced the small thumbnail with a huge image... Oh, just tried it. It compresses it.. Heh.

Alright. I've been doing a lot of research.
Firstly, I looked all over my computer for data on the Mylo. Once you plug it in and use the Mylo Tools program, it shows you what firmware you're running even if you delete all the files off your Mylo. This means it can RO some of the files from it's flash. I used the System Manager and still couldn't find anything.
The second thing I researched was ports. I managed to open a few ports using my wireless router and again with the Skype program on the Mylo, however, I've had no success whenever I tried using Telnet or FTP to transfer files through ports 21, 137, 23, and even SSH, 22.
Any ideas?

I'd also like to say that I tried using the RO method in the web browser with different commands like ..4/ and a lot of .%2e/'s
No luck, though.
I'm going to try to use Javascript to redirect me to the localhost/ and see if I can navigate like that.


==========================================
I also have a list of what I want to put in when we finally have it hacked...

# Enable Games
# New CFW menu by either holding down Home or Num+Q
# Destroy What's Up
# Change theme colors and maybe enable the menu option to change them
# USB mode that doesn't take control over the entire system
# Enable address book
# Enable full screen in Opera
# Change smallest font in Opera to 10
# Take out the exclusions for the file:// in urlfilter.ini
# Custom LED's
# Enable wbmp
# Enable cursor in qpe.conf for Opera
# Put in a Command Console AKA Terminal AKA Console
# Fix the problem with Y!IM
# Fix the problem with Skype that erases your profile
# Allow complete filesystem access in File Browser and Opera (Opera's would be easiest to fix.)
# Change 'Connection Dialog' to 'Connection Manager' (How did they let this typo slip through?)

# Last would be AIM

We all knew that the Sony Mylo Tools could read data off of the Mylo's flash, or it was theorized that. However, I found out that the program can write there too!
If you open the Tools and go to change your profile image, then the file will be transferred to X:/Tools/My_Picture/ with the same name. I thought the Mylo would copy this file to the flash whenever it says, "Updating Database." but it doesn't! I changed the picture before I unplugged the Mylo and yet, the image was changed on the Mylo anyways!
This means it wrote to flash of the Mylo, or at least called a command for the Mylo to do it..
I want to figure this thing out. I'll be researching this too.

Just some quick codes I don't want to forget.
I'll be updating this thread soon with all my nice juicy info. I've discovered a lot of interesting things with the Mylo and a few more potential vernurabilities.


EDIT:
I forgot to include this on the thread: http://www.sony.net/Products/Linux/VAIO/category03.html
Source codes.