I can imagine what you mean witht that MITM-Attack to give the Fon another fake-Firmware-Update-Server but i did not find any tutorial on that except chaning the Fon+ DNS.
The people from Freifunk just told me to use the AP51-Tool which should (magicially) do the job... i dont get that since on v1.1.1 r2 it seems the telnet-access to redboot is disabled so i am not sure if the AP51 does allready that MITM-Fake-Firmware-Trick or not... will check that today.
I found another real interessting setup for the serial-connection on the fon+
http://0101lounge.com/projects-gallery/fon...al-port-install
That guy did it without a 5V to 3,3V TTL-converter he just installs a normal simple serial-connector... and he says that worked? oO
Also the ppl in the Freifunk-Forum said its possible to use a max232 that normally runs 5V to use with a 3,3V logic. Oo