Wiki Installation Instructions

[WUWA]

So after much trial and error (including bricking a couple of routers, several times, and reviving them with the Kyocera cable item number 10002518, per Digininja's instructions), I managed to install Jasager 2.1 on a Fon2100 using the newly posted wiki instructions at http://www.hak5.org/w/index.php/Fon_Jasager_Install_v2_1 and http://www.hak5.org/w/index.php/Fon_Jasager_Install. I used these pages because I tried simply installing the firmware (1.0), and it was too unstable on all (three) of the FON 2100 routers I tested. I also tried 1.2, and had similar buggy results. So when the above URLs were recently posted, I jumped on them to upgrade to Jasager 2.1 in an effort to get a stable version.

My results are that there still seems to be issues with the FON. I am using:

openwrt-atheros-2.6-root.squashfs

openwrt-atheros-2.6-vmlinux.lzm, and the packages in the above URLs, namely:

haserl_0.8.0-2_mips.ipk

webif_0.3-10_mips.ipk

libruby_1.8.6-p36-1_mips.ipk

ruby_1.8.6-p36-1_mips.ipk

ruby-core_1.8.6-p36-1_mips.ipk

ruby-rexml_1.8.6-p36-1_mips.ipk

jasager-madwifi_1.ipk

kmod-gpio_2.6.21.5-atheros-1_mips.ipk

jasager_2.1.ipk

and my symptoms are:

1) Windows boxes don't seem to get an IP address when associated to the FON and the computer it is connected to is IP forwarding to the Internet. (Although Linux and Mac boxes do seem to get an IP address, which is strange).

2) When not IP forwarding through a laptop to the Internet, associated clients (targets) seem to only maintain a connection for less than a minute, then drop out.

3) portscan.rb doesn't work in the drop down, and errors out saying that it doesn't look like it was given an IP address. However, often running it from a shell (./portscan.rb foo bar IP) seems to work.

4) Often the FON will lock up, meaning that you can't even ping it.

I wouldn't mind troubleshooting, but it is just seems that it is unstable, giving me the feeling that I have some installation incorrect, or some configuration not set accurately. Has anyone else ran into these symptoms, and might be able to offer some advice? If there is a firmware 2.1 version somewhere, or some other method of installing so that the FON is more stable, I'd welcome any suggestions.

[digininja]

Forget installing the packages just flash from my firmware and you are ready to go with Jasager. Find it on my site

[WUWA]

Forget installing the packages just flash from my firmware and you are ready to go with Jasager. Find it on my site

Maybe I'm missing something. The only firmware I can find on your site is 1.0. Which, as I mentioned above, is buggy. I can't find firmware for the other versions (1.2 and 2.1), so I had to install them from scratch, and have the bugs that I mentioned. If you would be kind enough to post the firmware for 2.1, I'd be ecstatic to try it.

[Netshroud]

Jasager Firmware 1.0 has Jasager Package 2.1 installed.

[Dark Ansi]

Question is your all in one firmware compatable with the miraki mini or just fon+. Im having trouble with my firmware picking up anything outside the net including packages.

p.s. the meraki has an atheros chip.

[digininja]

Don't know, I don't have a Miraki to test it with.

[Dark Ansi]

Im willing to try. I have a serial cable and a backup in case it goes bad.

But for some reason my meraki has not liked using any external apps to flash. The only way I got it going is by using a serial cable and tftp.

Edited June 21, 2010 by Dark Ansi

[Dark Ansi]

Scratch my above post. I found out the meraki's dont like .lzma files.

Oh well.

[WUWA]

Forget installing the packages just flash from my firmware and you are ready to go with Jasager. Find it on my site

I finally found the time to go back and nuke my Fon (for the 40th or so time) and reinstall the 1.0 firmware. My results are the same, meaning I have no webif interface, the Fon locks up constantly (so you can't even ping it), and for some strange reason always gives my laptop an 10.42.43.1 IP address. One of the few times I was able to log into the Jasager interface (on port 1471), the version of Jasager says v2. as in, not 2.1.

Perhaps I am doing something wrong. I think I have a UK router, because it booted with a 0.0.0.0 IP when I first got it, and the only way to flash it was/is with a Kyocera serial cable. Perhaps that is a part of the problem, or maybe the problem is that I have a UK router and the memory addresses to flash to are other than 0x80041000?

The 1.0 firmware really is not working for me at all. Does anyone have any suggestions for a fix?

[digininja]

Check if there is a dhcp server running on the Fon, I'm pretty sure there shouldn't be by default. If you can ssh to it run

ps | grep dnsm

and look for an answer. As I don't think it does give out DHCP then you need to find where the 10. IP address is coming from, I really don't think this is the Fon.

[WUWA]

Check if there is a dhcp server running on the Fon, I'm pretty sure there shouldn't be by default. If you can ssh to it run

ps | grep dnsm

and look for an answer. As I don't think it does give out DHCP then you need to find where the 10. IP address is coming from, I really don't think this is the Fon.

The 10. is definitely coming from the FON. It is the only thing plugged into that port (there is no switch or router or anything between the FON and my laptop), and the laptop has a 192.186 address prior to plugging into the FON and subsequently gets changed to 10.42.43.1 by the FON.

I noticed that the wireless interface seems more stable on the 1.0 firmware version on my FON than the wired interface. From the install (using the instructions on your site), and making no modifications, I can see the wireless Jasager SSID, and connect to it wirelessly easily, but I can't ssh into it from the wireless interface (assuming ssh is disabled from the wireless side).

I tried to ssh into the wired side, to do a 'ps | grep dnsm' as you suggested, but ssh is problematic. Meaning, I think I was able to initially (since I changed the SSID), but can't seem to ssh from the wired side any longer for some reason (even though I didn't change anything but the SSID).

My symptoms at this point on the wired side are, I plug in a laptop, get the 10.42.43.1 IP, change it manually to a 192.168.1.x address, and then try to ping 192.168.1.1 (or 254), which I set the FON to, and it seems to lock up the FON, disabling both the wired and wireless interfaces. (At that point I can't even connect wirelessly any longer).

Perhaps it would be useful to walk through my installation method to see if I am doing something wrong:

1) I use the Kyocera cable connected to the JTAG port, powering up and breaking out of the boot up, to access redboot.

2) I then flash the firmware per the instructions on http://www.digininja.org/jasager/installation.php (for Firmware Users)

3) I got the1.0 firmware from http://www.digininja.org/jasager/download.php

4) This is where I noticed that the Jasager firmware is 2., not 2.1, and it seems very less stable than the method I used to install from scratch http://www.hak5.org/w/index.php/Fon_Jasager_Install_v2_1 and http://www.hak5.org/w/index.php/Fon_Jasager_Install.

5) With #4, I have the webif interface accessable, 2.1 Jasager firmware, and it seems more stable. (More, but still with the symptoms that I mentioned when I initially posted).

If you would like to offer suggestions on how to proceed, I'd be happy to try them out. At this point I'm considering going back to http://www.hak5.org/w/index.php/Fon_Jasager_Install_v2_1 and http://www.hak5.org/w/index.php/Fon_Jasager_Install to start back over at what, for me, is the most stable version I've seen so far.

[digininja]

I really can't understand where the 10. IP address is coming from, nothing should be giving that out unless you've asked it to or if you've got your laptop somehow set to default to that IP if it doesn't get one through DHCP.

You could try starting wireshark on that interface before you connect then watch for DHCP traffic and confirm that that is where the IP is coming from.

BTW, step 1, you are connecting to the serial port, the JTAG port is the larger block of pins used to directly access the processor.

[WUWA]

I really can't understand where the 10. IP address is coming from, nothing should be giving that out unless you've asked it to or if you've got your laptop somehow set to default to that IP if it doesn't get one through DHCP.

You could try starting wireshark on that interface before you connect then watch for DHCP traffic and confirm that that is where the IP is coming from.

BTW, step 1, you are connecting to the serial port, the JTAG port is the larger block of pins used to directly access the processor.

The FON is where the IP is coming from, as it's a 192. before I plug it into the FON, and a 10. after. Roger that on the serial port. I'm using that, (thanks to your instructions).

It is not usable in its current state, so I'm going to reflash. My choices are to use the 1.0 firmware, or use the instructions at http://www.hak5.org/w/index.php and http://www.hak5.org/w/index.php/Fon_Jasager_Install_v2_1, which honestly seem more stable. If however, you'd like to offer any suggestions, I'd be happy to follow them. My goal is to get a stable platform, but I haven't achieved that yet.

[digininja]

The ipk files come from the same build as the firmware so should be exactly the same but go with whatever makes you happier.

[WUWA]

The ipk files come from the same build as the firmware so should be exactly the same but go with whatever makes you happier.

Is there anything that would make them NOT the same, say because I have a UK router, or because I'm flashing via the serial cable, or perhaps I'm getting the firmware from the wrong place (http://www.digininja.org/jasager/download.php), or I need a different memory address (than 0x80041000)? They are definitely very different from what I've seen.

[WUWA]

Is there anything that would make them NOT the same, say because I have a UK router, or because I'm flashing via the serial cable, or perhaps I'm getting the firmware from the wrong place (http://www.digininja.org/jasager/download.php), or I need a different memory address (than 0x80041000)? They are definitely very different from what I've seen.

Or perhaps post installation instructions? Maybe I'm doing something wrong after I get done with http://www.digininja.org/jasager/installation.php.

[digininja]

Some of mine are UK models and I always flash via serial. If it was going to fail because of the packages or memory addresses it would be catastrophic not intermittent.

I would guess it probably is something you are doing after the install happened as it works for most people (not always first time) so I know the install works.

[WUWA]

Some of mine are UK models and I always flash via serial. If it was going to fail because of the packages or memory addresses it would be catastrophic not intermittent.

I would guess it probably is something you are doing after the install happened as it works for most people (not always first time) so I know the install works.

Do you see anything wrong with the below install:

RedBoot> ^C

RedBoot> ip_address -l 192.168.1.1/24 -h 192.168.1.254

IP: 192.168.1.1/255.255.255.0, Gateway: 192.168.1.254

Default server: 192.168.1.254

RedBoot> fis init

About to initialize [format] FLASH image system - continue (y/n)? y

*** Initialize FLASH Image System

... Erase from 0xa87e0000-0xa87f0000: .

... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma

Using default protocol (TFTP)

Raw file loaded 0x80040800-0x800f07ff, assumed entry at 0x80040800

RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7

... Erase from 0xa8030000-0xa80e0000: ...........

... Program from 0x80040800-0x800f0800 at 0xa8030000: ...........

... Erase from 0xa87e0000-0xa87f0000: .

... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs

Using default protocol (TFTP)

Raw file loaded 0x80040800-0x802807ff, assumed entry at 0x80040800

RedBoot> fis create -l 0x6F0000 rootfs

... Erase from 0xa80e0000-0xa87d0000: ........................................................................... ....................................

... Program from 0x80040800-0x80280800 at 0xa80e0000: ....................................

... Erase from 0xa87e0000-0xa87f0000: .

... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

RedBoot> fconfig

Run script at boot: true

Boot script:

.. fis load -l vmlinux.bin.l7

.. exec

Enter script, terminate with empty line

>> fis load -l vmlinux.bin.l7

>> exec

>>

Boot script timeout (1000ms resolution): 2

Use BOOTP for network configuration: false

Gateway IP address:

Local IP address: 192.168.1.1

Local IP address mask: 255.255.255.0

Default server IP address: 192.168.1.254

Console baud rate: 9600

GDB connection port: 9000

Force console for special debug messages: false

Network debug at boot time: false

Update RedBoot non-volatile configuration - continue (y/n)? y

... Erase from 0xa87e0000-0xa87f0000: .

... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

RedBoot> reset

[digininja]

Looks ok to me

[WUWA]

Looks ok to me

OK, so installing, and changing nothing but the passwd so that I can ssh vs telnet, I have the below install (pic), which looks like 2., not 2.1 to me. Also the web interface (to the router, via http://192.168.1.1, not to the Jasager website interface on port 1471) is not accessible.

Since I am now able to ssh, I also ran the ps command. Below is the output.

Before I proceed any further, is this a normal configuration?

BusyBox v1.11.2 (2009-03-28 00:20:52 GMT) built-in shell (ash)

Enter 'help' for a list of built-in commands.

_______ ________ __

| |.-----.-----.-----.| | | |.----.| |_

| - || _ | -__| || | | || _|| _|

|_______|| __|_____|__|__||________||__| |____|

|__| W I R E L E S S F R E E D O M

KAMIKAZE (8.09, unknown) ----------------------------

* 10 oz Vodka Shake well with ice and strain

* 10 oz Triple sec mixture into 10 shot glasses.

* 10 oz lime juice Salute!

---------------------------------------------------

root@OpenWrt:~# ps | grep dnsm

720 nobody 1284 S /usr/sbin/dnsmasq -K -D -y -Z -b -E -s lan -S /lan/ -

941 root 1956 S grep dnsm

[digininja]

ye, looks ok to me.

Don't get hung up on the version numbers, I probably just forgot to update the one on the web page.

[WUWA]

ye, looks ok to me.

Don't get hung up on the version numbers, I probably just forgot to update the one on the web page.

OK, so with that configuration, when I log in to port 1471 and turn on the wireless Interface and turn on Jasager, the Fon locks up whenever a victim tries to associate to it. After this, it is not even pingable from the Ethernet port. Is this normal, or is there some post-flash set up instructions that you follow to get past this state?

[digininja]

If it is locking up as soon as something connects then it sounds like you've probably got something corrupt somewhere. I'd be tempted to go for a rebuild, its usually easier than trying to debug whats going wrong.

[WUWA]

If it is locking up as soon as something connects then it sounds like you've probably got something corrupt somewhere. I'd be tempted to go for a rebuild, its usually easier than trying to debug whats going wrong.

I agree that something is corrupt, but I don't know what. I didn't change anything from the initial firmware install. Is there some way that the firmware install would be different on my router than on yours (perhaps because it's a UK router)? This is why I went through all the steps I initially posted on in order to try to get a working Jasager. I'm kind of stuck, because the firmware isn't stable, and neither is the install from scratch. I know that I am bugging you, and I really apologize for that, but I just can't seem to get a stable platform no matter which angle I approach it from.

By a rebuild, do you mean just reflashing the firmware again? Maybe that is what is hurting me. I'm flashing with putty via a Kyocera cable (the same one you posted about). I'm using putty because I didn't find a linux driver for the Kyocera USB to serial cable, so I'm stuck with flashing from Windows.

I am really wondering if a UK router has a different memory address or something and I'm screwed from the get-go when I flash it.

Any suggestions?

[digininja]

I'm in the UK, if anyone is going to have problems with different addresses it will be the non-UK residents.

If a bit gets flipped by accident while installing all will seem OK but it might kill everything.

I was meaning reflash and see what happens.