Step-By-Step Unlocking / Install guide (with pictures), Documenting my most recent Fon adventure Options

[Darren Kitchen]

This guide has been replaced with a version on the Hak5 wiki. Feel free to make edits there and add discussion here.

http://wiki.hak5.org/wiki/Fon_Jasager_Install <---Unlocking the Fon 2100 and Installing Jasager Guide
http://wiki.hak5.org/wiki/Jasager <--- Place for further Jasager tutorials, payloads, etc


So I figured it would be best if I tried out the official release and seeing as how my old Fon has been through hell and back with all sorts of frankenstein experiments I figured why not just pop a new Fon and document the unlocking / install process. This was also great practice for an upcoming segment I'm doing on episode 405 I believe.

At the bottom of this guide I have included a link to download all of the files used in this guide as well as links to resources I used while installing.

If I borked something up or you know of an easier way to do this please post a comment. Also note I did this in Windows because it was easiest for me using Firefox, Putty, and WinSCP. Substitute tools for your OS.

Warning: Applying these changes to your Fonera will void it of its warranty. FON does not support these modifications and will not be held responsible for their consequences. This should only be done by advanced users.

Step 0: Unbox FON 2100. Make note of the serial number on the bottom and NO NOT UNDER ANY CIRCUMSTANCES PLUG HIM INTO THE INTERNET

Step 1: Give FON some power but not Ethernet yet. Open your wireless connection manager and connect to the MyPlace access point. The WPA key is the serial number on the bottom of FON.



Step 2: Browse to http://192.168.10.1/ and make sure FON is wearing firmware version 0.7.1 r1 or below. If not consult another thread on downgrading it.



Step 3: Click the Advanced link and login with username admin and password admin.



Step 4: Open sshenable.html (provided in download at the bottom of this post) and click Submit



Step 5: SSH on over to 192.168.10.1



Step 6: Login as root with password admin



Step 7: Rename dropbear to S50dropbear so that it comes up on boot

mv /etc/init.d/dropbear /etc/init.d/S50dropbear

Step 8: Transfer over out.hex and openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma to /tmp/ using SCP (or wget them, or however you want to transfer 'em)



Step 9: Patch the kernel, reboot, and eat some pineapple while it comes back up.

mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7
reboot

Step 10: Reconnect to MyPlace, SSH back in, patch the redboot config, reboot, eat some more pineapple.

mtd -e "RedBoot config" write out.hex "RedBoot config"
reboot

[Darren Kitchen]

Step 11: Flash FON's firmware.

• Fire up the Freifunk Ap51 EasyFlash GUI utility (Download for Windows or Linux).
• Connect Ethernet between FON and your PC.
• Unplug FON's power.
• In the GUI under Rootfs check Use external file and browse to openwrt-atheros-2.6-root.squashfs. Under Kernel check Use external file and browse to openwrt-atheros-2.6-vmlinux.lzma.
• Select your Ethernet interface from the Interface drop-down.
• Plug FON's power back in then immediately click Go! in the GUI.
• Spend the next 20 minutes enjoying some pineapple.

Step 12: Time for an easy step. Telnet to 192.168.1.1

telnet 192.168.1.1

Step 13: Change the root password then enable wireless.

passwd
pineapplesareyummy
pineapplesareyummy
uci set wireless.wifi0.disabled=0
uci commit wireless && wifi

Step 13.5: Transfer over the IPK files from the download below to /tmp/. Again SCP, wget, however you wanna move them bits.

Step 14: Install webif

ipkg install haserl_0.8.0-2_mips.ipk
ipkg install webif_0.3-10_mips.ipk

Step 15: Browse to http://192.168.1.1/ login as root with password pineapplesareyummy (if you've been following along literally) and enjoy the beautiful new web interface. Take a moment to click through to the Graphs tab and appreciate the beauty that is the dynamically updating CPU meter. Ahhh



Step 16: Install Ruby

ipkg install libruby_1.8.6-p36-1_mips.ipk
ipkg install ruby_1.8.6-p36-1_mips.ipk

Step 17: Install Jasager patched madwifi drivers

ipkg install jasager-madwifi_1.ipk

Step 18: Install Jasager and reboot. I installed from the package which seems to have installed fine but not without warnings. The next step seems to have fixed the issue. Anyway you might want to install Jasager from the tarball, at least until Robin Wood aka Digininja gets another FON for testing and updates the package. (I'll be delivering Robin some FONs at Toorcon)

ipkg install jasager_1.2.ipk
reboot

Step 19: Copy (or move) the contents of /karma/www/ to /www/ (if you installed from package version 1.2). Also note I renamed the original index.html in /www/ to webif.html for easy access

mv /www/index.html /www/webif.html
cp -R /karma/www/* /www/
reboot

Step 20: Login to Jasager and turn Karma on. And would you look at that, was someone trying to connect to their NETGEAR router? We might have to nmap 192.168.1.114 and see if we can help them.







Download all of the files used in this guide zipped from http://www.hak5.org/files/fon2100--unlock--jasager_1.2.zip


Sites I referenced:

http://www.digininja.org/jasager/ (of course)
http://wiki.hak5.org/wiki/Episode_3x07#Unl...RT_on_La_Fonera
http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera
http://download.berlin.freifunk.net/fonera/
http://wiki.openwrt.org/OpenWrtDocs/KamikazeConfiguration
http://downloads.x-wrt.org/xwrt/kamikaze/7...s-2.6/packages/
http://wiki.x-wrt.org/index.php/Kamikaze_Installation
http://download.berlin.freifunk.net/sven-ola/area51/
http://downloads.openwrt.org/kamikaze/7.09...s-2.6/packages/
http://downloads.openwrt.org/kamikaze/packages/mips/

[thetron]

Do the same steps work for the linksys WRT54g?

There more common than the Fon in other places thats all. Fon in Australia is impossible to find an international buyer that will ship here

[digininja]

Do the same steps work for the linksys WRT54g?

There more common than the Fon in other places thats all. Fon in Australia is impossible to find an international buyer that will ship here

No, these instructions are specific to the Fon, some bits will be similar but others are different. For good info on getting openwrt on the WRT see PaulDotCom's site or his book, that covers it in full detail.

[crater]

Great guide. I had my fon with SSH enabled and setup for a while, but i had not found any where that told how to get into the redboot config.

To add to this exchange putty and winscp with ssh root@ and scp on OSX, the GUI can be replaced with the BSD version of the script offered over at http://download.berlin.freifunk.net/fonera/ and just remember to use en0 as the network adapter and follow it by the 2 files used in the GUI separated by a space. Works great!

[Mat]

Locating the Fon 2100 seems difficult. Will this guide be usable with the "La Fonera+" as available here https://shop.fon.com/FonShop/shop/GB/ShopCo...product=PRD-019 or can the guide be updated to work with this. After all, if the hardware cant be found, the hack cant be performed

[Darren Kitchen]

I will be providing digininja with additional FON 2100 and La Fonera+ units this weekend. AFAIK the Fonera+ model is Atheros based and has been unlocked so it seems possible.

[Matt {Undead}]

really good guide there darren, this should help alot more n00bies get some mad wifi on
looking forward to unlocking fonera+ aswell.

[CHainer]

is there anyway to convert dd-wrt firmware to jasager?

[digininja]

is there anyway to convert dd-wrt firmware to jasager?

Jasager isn't an OS, it is an application. You would need to convert dd-wrt to OpenWrt which is basically a reinstall from scratch.

[joker5893]

Hey guys, i started to do the process of all this and i ran into a problem. In an email i told Darren that my Fon was 0.7.0 r4. So i got up to step 4 where you run the sshenable and it takes me to a Fon splash page that tells me that i have no connection. When i try to SSH in i get a connection refused. Any ideas?

[Darren Kitchen]

Hey guys, i started to do the process of all this and i ran into a problem. In an email i told Darren that my Fon was 0.7.0 r4. So i got up to step 4 where you run the sshenable and it takes me to a Fon splash page that tells me that i have no connection. When i try to SSH in i get a connection refused. Any ideas?

Looks like there is a bug in the sshenable.html file. oops. I remember fixing this on the copy on my laptop but it must not have made it back to my desktop for the archive. Anyway, just replace the 169. IP address with 192.168.10.1, save it and try again. It might take two tries to work.

I'll update the archive

[joker5893]

Looks like there is a bug in the sshenable.html file. oops. I remember fixing this on the copy on my laptop but it must not have made it back to my desktop for the archive. Anyway, just replace the 169. IP address with 192.168.10.1, save it and try again. It might take two tries to work.

I'll update the archive

Hey Darren, that was it. I was looking at the code and i was thinking along those lines but wasn't sure.

[joker5893]

Hey Darren, that was it. I was looking at the code and i was thinking along those lines but wasn't sure.

Success!! Ok so i ran into a couple of problems. One being the IP in the sshenable that you cleared up. Another problem is when i was patching the kernel and reboot config, it would lock up and i would have to physically unplug the Fon and try again. (only took two attempts). Also when i tried launching the Flash Firmware GUI it gave off an error. The error said it couldn't find the wpcap.dll. So i downloaded it, then tried again, then it said couldn't' find packet.dll. So i downloaded that and tried to launch again. Still an error so i deleted the packet.dll and wpcap.dll files out of frustration and tried to launch again. Then it worked.

But now i got it up and interested in seeing whats next for it. Thank you for your help Darren.

[CHainer]

alright then, since i am using dd-wrt so i just follow the steps above or can i skip some steps?

[Darren Kitchen]

Success!! Ok so i ran into a couple of problems. One being the IP in the sshenable that you cleared up. Another problem is when i was patching the kernel and reboot config, it would lock up and i would have to physically unplug the Fon and try again. (only took two attempts). Also when i tried launching the Flash Firmware GUI it gave off an error. The error said it couldn't find the wpcap.dll. So i downloaded it, then tried again, then it said couldn't' find packet.dll. So i downloaded that and tried to launch again. Still an error so i deleted the packet.dll and wpcap.dll files out of frustration and tried to launch again. Then it worked.

But now i got it up and interested in seeing whats next for it. Thank you for your help Darren.

Good to hear you got it installed. Thats odd about the dll problems with the GUI. All I ever needed was the executable.

[staulkor]

You probably had libpcap installed Darren. That is what those DLLs are for

I got my fon and fon+ from fedex this morning and I just got this working on my fon. I am going to try it for my fon+

[Darren Kitchen]

Let me know how the Fon+ goes. I'm bringing one to digininja tomorrow. I've got another spare at home so I'd love to get it going. Sadly Fon+ requires more voltage and is too big for my other mod...which I'll post about later

[staulkor]

I am having issues flashing it. I am got into redboot and formatted the fs, but when trying to flash the root fs, telnet times out.

[Mike S.]

Thanks man! That tutorial saved a lot of time and it worked without problem!