Jump to content

fonera+ a.k.a. fon 2201 with Firmware 1.1.1 r2 -> no software-flash?


Recommended Posts

Hi hak5-team and digininja, :)

i recently got my fonera+ model 2201 and now i am unlucky since its the firmware v.1.1.1 r2 and i wanted to install openWRT with jasager or piranah or something similar for pentesting-purposes (was actually the reason buying the device).

now i googled around for days but did not find a solution on flashing it just another post in the board (http://hak5.org/forums/index.php?showtopic=13615) where "newbie" has problems flashing it.

reading the two most popular tutorials:

http://www.fonboard.nl/w/index.php?title=H...us_unlocking/en

http://www.moliets-bastide.info/post/FONERAM

did not take me a step closer to my target.. and also the guides in the board are for much older versions.

so it seems the only way to accomplish it with that firmware is building a serial-cable and flash it via the hardware?

plz tell me that i am wrong... i am really not keen on that flash-cable action... :-S

if there is another possibility i would appreciate that much.

but if thers no solution yet i will go the flash-cable way.

any useful hints are appreciated. :)

edit:

i found a page (japanese?) that seems to describe successful flash over firmware 1.1.1 r2 via software -> http://translate.google.de/translate?hl=de...og-entry-9.html

the problem in here is that the images from the page are not avail :S

Link to comment
Share on other sites

I have a cable and UK Fons need one to get redboot so don't keep abrest of the version numbers and what can be hacked and what can't.

The way I'd go about it is with one of the MiTM attacks where you put up your own firmware server and trick the Fon into downloading your firmware and updating from that rather than the real one.

Or just do a cable. They are really easy and it is hard to break anything. I'm making and shipping them for a small fee at the moment if you are interested.

Link to comment
Share on other sites

Hi digi,

thx for your fast reply. :)

Okay that MITM-attack sounds also interessting. Is there a possibility that i crash the fon so i cannot use it anymore?

I mean can i always revert to the original-firmware? (sry did not find that answered in the FAQ? :huh: )

I would be able to make such a cable on my own, but since i like your software and your support i am interessted in buying such a cable from you. So whats the fee to pay? B)

btw. my fon shipped from spain and i live in germany and since the german-fon-redistributor dont seem to exist any more i believe its a spanish fon (not sure if that differs from UK ones). :unsure:

Link to comment
Share on other sites

The cable is 3 bits of soldering and if you can't solder you can always twist the wires together and tape them. Check out my instructions - building a serial cable.

Using it is easy, just pop the lid and plug it in the fire up putty.

I'm selling in the UK for £25 and I guess shipping to Germany won't add too much more on top of that. The ones I'm building now also have a break button on the ground wire so you don't have to try to plug it in after you've given power. Going to write that up at some point.

Link to comment
Share on other sites

The cable is 3 bits of soldering and if you can't solder you can always twist the wires together and tape them. Check out my instructions - building a serial cable.

Using it is easy, just pop the lid and plug it in the fire up putty.

I'm selling in the UK for £25 and I guess shipping to Germany won't add too much more on top of that. The ones I'm building now also have a break button on the ground wire so you don't have to try to plug it in after you've given power. Going to write that up at some point.

Hmm thx for that offering but since the british-pound is so strong that would be equal the price for a new fon, so i can even risk crashing my one. x-D

soldering will not be a problem for mee (i think ^^) ... the thing is i dont have such a cable but i have several other cables including one which is allready an usb to serial-cable-adapter ( this one -> http://www.aten-usa.com/?product&cat=5...mp;Item=UC232A) and some old serial-extension cables (https://www.mycablemart.com/store/images/products/861_small.jpg) now i think about cutting of one of the old serial extension cables and plug that onto the usb-to-serial-adapter and then access my fon that way?

i'll try to document that stuff if i can lent a photo-cam from my big brother ^^

thx for your help and advise digininja :)

edit: kk currently on it and documenting it.

i am just not sure if the voltage for RXD and TXD are corret for the UC-232A-Adapter... wit a multimeter i dont get any voltage on the serial port? oO

in the UC-232A-Datasheet it states that it supports USB v1.1 and Power Consumption is 450mW while maximum Data Transfer Rate can be 230Kbps ... i am not really sure if that is okay.

Link to comment
Share on other sites

I can imagine what you mean witht that MITM-Attack to give the Fon another fake-Firmware-Update-Server but i did not find any tutorial on that except chaning the Fon+ DNS.

The people from Freifunk just told me to use the AP51-Tool which should (magicially) do the job... i dont get that since on v1.1.1 r2 it seems the telnet-access to redboot is disabled so i am not sure if the AP51 does allready that MITM-Fake-Firmware-Trick or not... will check that today.

I found another real interessting setup for the serial-connection on the fon+

http://0101lounge.com/projects-gallery/fon...al-port-install

That guy did it without a 5V to 3,3V TTL-converter he just installs a normal simple serial-connector... and he says that worked? oO

Also the ppl in the Freifunk-Forum said its possible to use a max232 that normally runs 5V to use with a 3,3V logic. Oo

Link to comment
Share on other sites

I have this fonera model and currently I'm using the piranha firmware and it works great. The easiest way to accomplish this is to use Linux and an Ethernet cable.

- Use easyflash for Linux

- download the squashfs and lzma piranha firmware

- create a script and name it "flash"

sudo ./easyflash eth0 openwrt-atheros-root.squashfs openwrt-atheros-vmlinux.lzma

- open a terminal and cd into the directory and type ./flash

Link to comment
Share on other sites

lopez1364 <-- the hero of the day! x-D

Amazing i was on that serial-console trip all the time but there was no indication that the easyflash tool would just work and i thought it would only work for older firmware and i did not want to brick my fon... but i just did it like u said (with some abreviations) but it worked fine... flashing took a bit long about 20min but after that its running i am just configuring jasager...

THX a lot dude, i owe u one ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...