The usual disclaimer, Its not my fault if you break your FON. On your own head be it. I take no responsibility for what is documented here, you are playing with electronics and they can be broken. I just got mine working this way, there may be other ways, but this is the one I got it working with.
This text explains how to hack the UK supplied Fon 2201 with the BT Version: 3.0.2 r1 firmware using lots of info from different places around the tinterweb. It will get you to an openwrt install with no problem getting a remote session etc. and all for just £5.50 (Not my payment but for the cable off ebay:) from some other guy)
If you have a wifi card on the same ip range as I used below in your XP box, just change the address range to suit your needs.
Step 1 - the cable
From what I can see, I don't see any other way than to use a serial cable to break into the UK FON. I think the US version 1.x.xxxx firmware or pre Xmass boxes in the UK are able to be broken into using all sorts of things inc. AF51 etc, but cant see it working with the V 3.x.x firmware. So I bit the bullet and bought the £5.50 cable inc. del. You can solder your own, but trying to buy the parts for less than £6 inc. an iron, what the heck.
The cable is described very well in http://www.digininja.org/fon_serial/, don't use a standard serial cable from ebuyer etc., it needs to be one that changes the voltage etc as per the web site ref.
(Thanks for the info Digininja, saved me hours of playing about)
I bought the cable from Ebay from a Hong kong trader for about £5.50 all in, came in 5 days. Even had the same colour cables as the one in the Digininja site (Better to double check though before you blow the box)
Use putty (Free download) http://www.chiark.greenend.org.uk/~sgtatha...y/download.html to terminal in, 9600,8,1 with no flow control (Try XON/XOFF setting if getting junk on screen, and back to none, if you are on XON/XOFF with junk on screen)
Step 2 - the serial session
Ctrl C to get you in before the 2 sec boot. If you miss it, switch it off and back on.
You should now have a prompt, redboot>. (This is you 50% there) If you have a window with redboot>, it means that you have opened the door to allow you to do stuff. Now to get it to do something useful!
Step 3 - the TFTP server
I used XP, prefer mac, but my knowledge at apps is on PC, so used this.
Download the tftp server from Solarwinds (From my cisco days and is free) to get the files onto the box and installed.
Note: Disable the XP firewall as the tftp server is blocked from being seen if it is on.
Set the PC LAN card to 192.168.1.254 with SM 255.255.255.0
Download the files for 8.09 OpenWRT from http://downloads.openwrt.org/kamikaze/8.09/ and put there somewhere you can find them on the XP machine.
on Solarwinds tftp go into File / configure
Point the dir to the place you put the files you downloaded
Don't forget to start the TFTP server in config.
Note: If you dont see any activity on the TFTP server log when you download the files from the command line, there is something wrong and it is not going to work.
Files for the tftp dir are: openwrt-atheros-vmlinux.lzma and openwrt-atheros-root.squashfs
That should be the XP machine ready.
Plug the network cable from the FON to the XP box network card (Not a Xover cable, just a normal one)
Step 4 - The fon image
Now for the Fon.
An explanation may help:
It comes in 2 parts, there is the boot loader (Redboot) then the openwrt that the boot loader starts. Forget all this telnet stuff for the moment, just get the files onto the box, and get it running then worry about all the other stuff
Taken from:http://wiki.cuwin.net/index.php?title=Flashing_the_La_Fonera_with_OpenWRT#Finishing_touches right at the end.
At the prompt redboot>
ip_address -l 192.168.1.1/24 -h 192.168.1.254
-l is the IP address
-h is the default server. The xp box for TFTPing if that is a word. :)
this puts the fon box on the network (Technically a network cable between the PC and the FON, but can be classed as a network)
Try a ping from the XP box to 192.168.1.1, if it don't ping, try plugging the network cable into the other network interface on the FON. If you get this, its a good sign.
Next we need to get openwrt onto the box
Do the following to put the image on the box, clears out the old stuff you dont like and puts on the new, at the 2 load commands below, you should see a start and complete on the tftp server
load -r -b 0x80041000 openwrt-atheros-root.squashfs
fis create -l 0x06F0000 rootfs
load -r -b 0x80041000 openwrt-atheros-vmlinux.lzma
fis create -r 0x80041000 -e 0x80041000 vmlinux.bin.l7
fis load -l vmlinux.bin.l7
The two FIS create commands only took about 5 min each to complete with the loads taking about a second or two.
After the exec command wait a bit for the box to sort its self out It needs to format stuff etc. Give it 5 min
Step 5 - the boot up
Now switch the box off and back on, Ctrl C to get the redbox prompt as before. You now need to do some settings at the boot level.
Again, taken from someone else (Thanks for the help) http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera
You need to set the redboot to boot the openwrt you just put on it.
Do the following:
Run fconfig at the redboot> prompt
Set the settings as per below:
Run script at boot: true
.. fis load -l vmlinux.bin.l7
Boot script timeout (1000ms resolution): 10
Use BOOTP for network configuration: false
Gateway IP address: 0.0.0.0
Local IP address: 192.168.1.1
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.254
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Commit it all to flash ram, it will now remember the settings after power off.
Once you have these settings type fconfig -l - n to see where you are with it.
Taken from http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera
This should let it boot into redboot and then start openwrt
Now you have somthing that you can work with,
ssh should work if you get onto the # promt in openwrt via the serial session and type passwd, and type in your password. try putty to get into the ssh. username root, password, whatever you set it to.
You should now be able to type 192.168.1.1 into your IE or Firefox and the web site can come up, again user=root and password is the one you set.
After all this scroll through the output of the bootup and see if there is anything strange, If there is reboot again as I seen some stuff that seemed to go away later on.
This should let you do what you wanted to do with Hak5 web site chat / an other.
Screw the box back together and you should be able to play about using the SSH session, no more dodgey wires held together toget a serial session.
I thank all that saved me hours trying to work this thing out from the web sites I refer to above. All the people on these web sites above did the hard work. I hope I just made it a bit easier to put it all into a working plan of action. I may have forgot things writing this, but think you now have enough to get you going.
Now onto paying with the router and seeing what it can do like others who dont have the UK problems.!Jasager here we come.