Possible Exploit Through Force-Feeding Code On Sony Mylo

A while back, I was trying to hack my Sony Mylo COM-1 and experimented with many, many exploits that I found. I think that this one may actually be the most promising. I was using the 1.300 Mylo COM-1 firmware when experimenting with this.

Basically, whenever you view a file on the Sony Mylo, it will take a second to load the thumbnail. If the file is not able to be read or is read as corrupted, a ‘corrupted icon’ will be displayed. The Mylo, for whatever reason, actually can allow you to select a file to be viewed before the thumbnails are finished loading. This is so that you don’t have to wait, but the code for checking for corrupted files is within the functions for loading the thumbnail, so if there is no thumbnail displayed, the Sony Mylo COM-1 will not know that the image is corrupted. Through this exploitable vulnerability, we should be able to force the Sony Mylo COM-1 to read an image that’s stuffed with code and make it run the code, but the offsets are highly volatile, so I never got the chance the completely study the exploit.

Later this weekend, I’ll be releasing my Sony Mylo Hack Portal, which contains a bulk of exploits that I was working on. Unfortunately, I was never able to pin-point where I was able to inject code into these images to be read, so I could not continue with this.

If you are interested in helping me with this, feel free to e-mail me at: crait.is@gmail.com

Check out my downloads and other exploits that I’ve found in my Download section: crait’s Downloads

Tags: 1.300, COM-1, Exploit, Firmware, Mylo, Portal, Project, Sony