CBSab Posted March 20, 2009 Share Posted March 20, 2009 The usual disclaimer, Its not my fault if you break your FON. On your own head be it. I take no responsibility for what is documented here, you are playing with electronics and they can be broken. I just got mine working this way, there may be other ways, but this is the one I got it working with. This text explains how to hack the UK supplied Fon 2201 with the BT Version: 3.0.2 r1 firmware using lots of info from different places around the tinterweb. It will get you to an openwrt install with no problem getting a remote session etc. and all for just £5.50 (Not my payment but for the cable off ebay:) from some other guy) If you have a wifi card on the same ip range as I used below in your XP box, just change the address range to suit your needs. Step 1 - the cable From what I can see, I don't see any other way than to use a serial cable to break into the UK FON. I think the US version 1.x.xxxx firmware or pre Xmass boxes in the UK are able to be broken into using all sorts of things inc. AF51 etc, but cant see it working with the V 3.x.x firmware. So I bit the bullet and bought the £5.50 cable inc. del. You can solder your own, but trying to buy the parts for less than £6 inc. an iron, what the heck. The cable is described very well in http://www.digininja.org/fon_serial/, don't use a standard serial cable from ebuyer etc., it needs to be one that changes the voltage etc as per the web site ref. (Thanks for the info Digininja, saved me hours of playing about) I bought the cable from Ebay from a Hong kong trader for about £5.50 all in, came in 5 days. Even had the same colour cables as the one in the Digininja site (Better to double check though before you blow the box) Use putty (Free download) http://www.chiark.greenend.org.uk/~sgtatha...y/download.html to terminal in, 9600,8,1 with no flow control (Try XON/XOFF setting if getting junk on screen, and back to none, if you are on XON/XOFF with junk on screen) Step 2 - the serial session Ctrl C to get you in before the 2 sec boot. If you miss it, switch it off and back on. You should now have a prompt, redboot>. (This is you 50% there) If you have a window with redboot>, it means that you have opened the door to allow you to do stuff. Now to get it to do something useful! Step 3 - the TFTP server I used XP, prefer mac, but my knowledge at apps is on PC, so used this. Download the tftp server from Solarwinds (From my cisco days and is free) to get the files onto the box and installed. Note: Disable the XP firewall as the tftp server is blocked from being seen if it is on. Set the PC LAN card to 192.168.1.254 with SM 255.255.255.0 Download the files for 8.09 OpenWRT from http://downloads.openwrt.org/kamikaze/8.09/ and put there somewhere you can find them on the XP machine. on Solarwinds tftp go into File / configure Point the dir to the place you put the files you downloaded Don't forget to start the TFTP server in config. Note: If you dont see any activity on the TFTP server log when you download the files from the command line, there is something wrong and it is not going to work. Files for the tftp dir are: openwrt-atheros-vmlinux.lzma and openwrt-atheros-root.squashfs That should be the XP machine ready. Plug the network cable from the FON to the XP box network card (Not a Xover cable, just a normal one) Step 4 - The fon image Now for the Fon. An explanation may help: It comes in 2 parts, there is the boot loader (Redboot) then the openwrt that the boot loader starts. Forget all this telnet stuff for the moment, just get the files onto the box, and get it running then worry about all the other stuff Taken from:http://wiki.cuwin.net/index.php?title=Flashing_the_La_Fonera_with_OpenWRT#Finishing_touches right at the end. At the prompt redboot> type ip_address -l 192.168.1.1/24 -h 192.168.1.254 -l is the IP address -h is the default server. The xp box for TFTPing if that is a word. :) this puts the fon box on the network (Technically a network cable between the PC and the FON, but can be classed as a network) Try a ping from the XP box to 192.168.1.1, if it don't ping, try plugging the network cable into the other network interface on the FON. If you get this, its a good sign. Next we need to get openwrt onto the box Do the following to put the image on the box, clears out the old stuff you dont like and puts on the new, at the 2 load commands below, you should see a start and complete on the tftp server fis init load -r -b 0x80041000 openwrt-atheros-root.squashfs fis create -l 0x06F0000 rootfs load -r -b 0x80041000 openwrt-atheros-vmlinux.lzma fis create -r 0x80041000 -e 0x80041000 vmlinux.bin.l7 fis load -l vmlinux.bin.l7 exec The two FIS create commands only took about 5 min each to complete with the loads taking about a second or two. After the exec command wait a bit for the box to sort its self out It needs to format stuff etc. Give it 5 min Step 5 - the boot up Now switch the box off and back on, Ctrl C to get the redbox prompt as before. You now need to do some settings at the boot level. Again, taken from someone else (Thanks for the help) http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera You need to set the redboot to boot the openwrt you just put on it. Do the following: Run fconfig at the redboot> prompt Set the settings as per below: Run script at boot: true Boot script: .. fis load -l vmlinux.bin.l7 .. exec Boot script timeout (1000ms resolution): 10 Use BOOTP for network configuration: false Gateway IP address: 0.0.0.0 Local IP address: 192.168.1.1 Local IP address mask: 255.255.255.0 Default server IP address: 192.168.1.254 Console baud rate: 9600 GDB connection port: 9000 Force console for special debug messages: false Network debug at boot time: false Commit it all to flash ram, it will now remember the settings after power off. Once you have these settings type fconfig -l - n to see where you are with it. Taken from http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera This should let it boot into redboot and then start openwrt Now you have somthing that you can work with, step 6 ssh should work if you get onto the # promt in openwrt via the serial session and type passwd, and type in your password. try putty to get into the ssh. username root, password, whatever you set it to. You should now be able to type 192.168.1.1 into your IE or Firefox and the web site can come up, again user=root and password is the one you set. After all this scroll through the output of the bootup and see if there is anything strange, If there is reboot again as I seen some stuff that seemed to go away later on. This should let you do what you wanted to do with Hak5 web site chat / an other. Screw the box back together and you should be able to play about using the SSH session, no more dodgey wires held together toget a serial session. I thank all that saved me hours trying to work this thing out from the web sites I refer to above. All the people on these web sites above did the hard work. I hope I just made it a bit easier to put it all into a working plan of action. I may have forgot things writing this, but think you now have enough to get you going. Now onto paying with the router and seeing what it can do like others who dont have the UK problems.!Jasager here we come. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 20, 2009 Share Posted March 20, 2009 That all seems good but just something I found, sometimes the Fon doesn't like to start up if the ground cable is connected. I usually start with RX and TX connected then throw on ground after a second. Quote Link to comment Share on other sites More sharing options...
LauBen Posted March 21, 2009 Share Posted March 21, 2009 CBSab, you got the details of the e-bay seller?? I know I'm just being lazy but hell it's weekend and I can't be arsed to search :D Quote Link to comment Share on other sites More sharing options...
Seshan Posted March 21, 2009 Share Posted March 21, 2009 I bought the cable, I think it's the same one, I haven't tried it yet. I just searched ebay for what digininja put on his site. http://cgi.ebay.ca/ws/eBayISAPI.dll?ViewIt...em=110359887627 Quote Link to comment Share on other sites More sharing options...
LauBen Posted March 21, 2009 Share Posted March 21, 2009 Thanks man Quote Link to comment Share on other sites More sharing options...
CBSab Posted March 21, 2009 Author Share Posted March 21, 2009 CBSab, you got the details of the e-bay seller?? I know I'm just being lazy but hell it's weekend and I can't be arsed to search :D sitedv88 was the name. But can search on ebay as per http://www.digininja.org/fon_serial/ for Kyocera KX440 KX433 KX444 K4130 K404 K9, 3 are coming up now on uk ebay from seller. Good luck, after you open it up, the fun starts. 8.09 openwrt seems very stable. Not got round to playing with the FON properly yet. Still playing with Trixbox. If only weekends were longer. Quote Link to comment Share on other sites More sharing options...
Khorne Posted March 21, 2009 Share Posted March 21, 2009 To build my cable I used a pre built TTL to RS232 converter. There are a few on ebay. Khorne Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.