Jump to content

Jasager is released


Recommended Posts

Great project mate, and I will be following this with interest as it progresses.

If I can find a bargain I might even get a Fon for the lab to try this out for myself.

I wonder if we could organise a mass shipment from the US to the UK? Get a load shipped in in bulk then distribute them.

Link to comment
Share on other sites

It's correct that shop.fon.com is not selling any Fonera model 2100/2200 anymore; only the model 2201 which is basicly thesame but with an additional port... eg which makes it interesting to turn it into a firewall (wan/lan port) appliance for instance...

but at www.confero24.com you can get the original accton unbranded router and they sell in UK, Europe and USA for also a cheap price;

this device is by default installed with Robin Open Mesh (meraki killer) firmware but you can easily replace it with Openwrt,DDwrt or other firmware using apflash51 from the Freifunk group (opensource)

btw I read something about : "and refuses to allow any packages to be installed'... perhaps you were hit by the RM/IPKG bug ?

check out : http://fon.rogue.be/ to have it fixed... or you could just backup your development (scp is your tool) and reflash the device to factory defaults

Link to comment
Share on other sites

btw I read something about : "and refuses to allow any packages to be installed'... perhaps you were hit by the RM/IPKG bug ?

check out : http://fon.rogue.be/ to have it fixed... or you could just backup your development (scp is your tool) and reflash the device to factory defaults

I will do a re-install at some point but seeing as I only have a single Fon I didn't want to risk re-flashing it and having something go wrong before launch. I'm going to get hold of some spares so that I can make sure I always have a working one and then play with the others.

Link to comment
Share on other sites

I will do a re-install at some point but seeing as I only have a single Fon I didn't want to risk re-flashing it and having something go wrong before launch. I'm going to get hold of some spares so that I can make sure I always have a working one and then play with the others.

You could contact http://www.fondoo.net/ they have perhaps a nice stock of Classic La Fonera.

On the European mainland you can get these Foneros at 12 euro in France (just take the EuroTunnel :-), Belgium (fonero.be shop on ebay), Netherlands (multimedia machines)...

check out http://retail.spread-fon.com for other retailers... they aren't nicely sorted by country though :(

And I believe their "retail offer" for the Classic fonera is outdated (as none in stock @ FON HQ)

Offcoze you can also hack the Fonera+ using my wiki at wiki.fonboard.nl ; or using "gargoyle router" and then replace it with your madwifi drivers...

But the Fonera+ FGF deal doesn't work in the UK...due to a settlement with investor British Telecom

and offcoze the version from www.confero24.com should be thesame but a bit more expensive (not subsidized by Google/Ebay/Skype/...)

Getting them from the US will give you 110V adaptors I guess;

Getting them from the Mainland will give you European powerplugs...

Link to comment
Share on other sites

You could contact http://www.fondoo.net/ they have perhaps a nice stock of Classic La Fonera.

On the European mainland you can get these Foneros at 12 euro in France (just take the EuroTunnel :-), Belgium (fonero.be shop on ebay), Netherlands (multimedia machines)...

check out http://retail.spread-fon.com for other retailers... they aren't nicely sorted by country though :(

And I believe their "retail offer" for the Classic fonera is outdated (as none in stock @ FON HQ)

Offcoze you can also hack the Fonera+ using my wiki at wiki.fonboard.nl ; or using "gargoyle router" and then replace it with your madwifi drivers...

But the Fonera+ FGF deal doesn't work in the UK...due to a settlement with investor British Telecom

and offcoze the version from www.confero24.com should be thesame but a bit more expensive (not subsidized by Google/Ebay/Skype/...)

Getting them from the US will give you 110V adaptors I guess;

Getting them from the Mainland will give you European powerplugs...

I'll have a look at these but just may try to pick a couple up when I go to Toorcon.

The one I have was sent over by Darren and it has the US plug on it but the adaptor is switchable so I just plugged it into a travel converter and it worked fine.

Link to comment
Share on other sites

It's correct that shop.fon.com is not selling any Fonera model 2100/2200 anymore; only the model 2201 which is basicly thesame but with an additional port... eg which makes it interesting to turn it into a firewall (wan/lan port) appliance for instance...

For me the fon shop shows both la fonera and la fonera+

51198478.png

I'll have a look at these but just may try to pick a couple up when I go to Toorcon.

The one I have was sent over by Darren and it has the US plug on it but the adaptor is switchable so I just plugged it into a travel converter and it worked fine.

I'll bring you a spare Fon and Fon+ at Toorcon

Link to comment
Share on other sites

Has anyone thought about ways to detect Jasager? I had nothing better to do for a few hours today and came up with a couple possibilities:

Do all the fake networks share a common MAC address?

Do all the fake networks share a common forward facing IP address?

Is their a page on the hacked Fon that you can grab without authorization? If every router has the same exact page that's a dead giveaway.

Does network-manager on Linux see multiple copies of the same router when you're near a legit and illegitimate router?

If you have a directional antenna, of course, all of the networks would appear and disappear in Kismet when you point the antenna towards/away from the Fon.

If any/all of these are true (with exception of the kismet test) it'd be easy enough to cook a bash script that would tell you if the skies are clear or Jasager is on the prowl.

Link to comment
Share on other sites

Has anyone thought about ways to detect Jasager? I had nothing better to do for a few hours today and came up with a couple possibilities:

Do all the fake networks share a common MAC address?

Yes

Do all the fake networks share a common forward facing IP address?

Yes

Is their a page on the hacked Fon that you can grab without authorization? If every router has the same exact page that's a dead giveaway.

It doesn't do it at the moment, but my suggestion is to limit all access to the device to the wired network only, when that is implemented then no.

Does network-manager on Linux see multiple copies of the same router when you're near a legit and illegitimate router?

I'm not sute, it doesn't send out beacons, just probe responses. If the network manager just listens to beacons then no, if it detects probe responses (which I doubt) then yes

If you have a directional antenna, of course, all of the networks would appear and disappear in Kismet when you point the antenna towards/away from the Fon.

They would

If any/all of these are true (with exception of the kismet test) it'd be easy enough to cook a bash script that would tell you if the skies are clear or Jasager is on the prowl.

It is easier than that, just send out a batch of probe requests for random SSIDs, if most or all come back then you can be pretty sure that it is some version of Karma replying.

If you want to be stealthier with Jasager you could use white listing to restrict the SSIDs that you respond to. I reckon that if you did tmobile, linksys and whatever your local coffee shop uses then you'd still get a good connection rate.

Link to comment
Share on other sites

It is easier than that, just send out a batch of probe requests for random SSIDs, if most or all come back then you can be pretty sure that it is some version of Karma replying.

If you want to be stealthier with Jasager you could use white listing to restrict the SSIDs that you respond to. I reckon that if you did tmobile, linksys and whatever your local coffee shop uses then you'd still get a good connection rate.

Interesting. So it's not totally bulletproof out of the box but your average user will be fooled.

Link to comment
Share on other sites

It seems you cant buy the old ones off the uk site, I had to pay £30 for a new version.

Hope i can unlock this and get open wrt installed on it.

Still waiting for it to arrive tho, been 4 days now :(

Whatever you do, read the jail break instructions first, if you don't and you plug the device into the internet before you should you'll get the new firmware then have a real problem getting anything else on it.

Link to comment
Share on other sites

Interesting. So it's not totally bulletproof out of the box but your average user will be fooled.

Not really, it would be hard to make it undetectable without stopping it doing its job of replying to every request. Anyone looking for it would be aware enough to know if there was a real AP around with the SSID that they received, i.e. getting their home SSID sitting in an airport should be a give away.

Link to comment
Share on other sites

Whatever you do, read the jail break instructions first, if you don't and you plug the device into the internet before you should you'll get the new firmware then have a real problem getting anything else on it.

just unplug it and press the reset button to go back to the factory default firmware...

the fon 2201 (the 30euro version with LAN/WAN) can be nicely jailbreaked as well... allready 3 methods out

but upto now no nice guides on openwrt (paid by FON not to make it easy?) and dd-wrt as far as i notice

gargoyle router has a working firmware for the fon 2201 which is based on openwrt though!

yes USA has no good sales...So they still have the 110volt fonera for sale

you can even buy them at Dell USA shop or in Amazon Japan shop...

even on SKype SHop bundlded with a skype wifi phone i believe

Link to comment
Share on other sites

Not really, it would be hard to make it undetectable without stopping it doing its job of replying to every request. Anyone looking for it would be aware enough to know if there was a real AP around with the SSID that they received, i.e. getting their home SSID sitting in an airport should be a give away.

So once I'm aware their's a Jasager around, could I then bombard it with bogus requests and cause Karma or some other component of the Fon to crash? Essentially say NEIN!

Link to comment
Share on other sites

So once I'm aware their's a Jasager around, could I then bombard it with bogus requests and cause Karma or some other component of the Fon to crash? Essentially say NEIN!

Probably, but there wouldn't be much difference here with doing an association DOS on a normal AP, i.e. send loads of fake assoc packets with different MAC addresses and use that to fill the buffers.

It may be a bit different in terms of buffer sizes but would probably do the same thing. Especially on a device with only 8M memory+disk.

Link to comment
Share on other sites

Does Jasager capture the SSID/Password combination of the client when it connects to the fake network? If not, is it planned to implement sutch a feature?

At the moment all it logs is the ssid, ip and date and time of connection. What passwords would you want to collect? Web, ldap, imap...

Link to comment
Share on other sites

If possible, it would be great to get the password to the network, regardless if it's WEP, WPA or WPA2. This would be a convenient way to collect passwords to networks without the need of paket injection, use of endless password lists or brute force.

Ah, one more idea: Could you implement a function to send a disassociation paket to a specific workstation?

Link to comment
Share on other sites

If possible, it would be great to get the password to the network, regardless if it's WEP, WPA or WPA2. This would be a convenient way to collect passwords to networks without the need of paket injection, use of endless password lists or brute force.

WEP, WPA, WPA2 don't send their passwords across the network, they exchange information which they encrypt and send send back to prove the both know the passwords. The only way I know to get a WEP key without packet capturing from the real network is to use the cafe latte attack (from the guys are Airtight I think).

Ah, one more idea: Could you implement a function to send a disassociation paket to a specific workstation?

Do you mean on that is associated to Jasager? If so, use the Kick MAC function, if you mean from a different AP then that would mean sniffing networks for other connections which wouldn't work too well with the card being in AP mode.

Link to comment
Share on other sites

Has anyone thought about ways to detect Jasager? I had nothing better to do for a few hours today and came up with a couple possibilities:

Do all the fake networks share a common MAC address?

Do all the fake networks share a common forward facing IP address?

Is their a page on the hacked Fon that you can grab without authorization? If every router has the same exact page that's a dead giveaway.

Does network-manager on Linux see multiple copies of the same router when you're near a legit and illegitimate router?

If you have a directional antenna, of course, all of the networks would appear and disappear in Kismet when you point the antenna towards/away from the Fon.

If any/all of these are true (with exception of the kismet test) it'd be easy enough to cook a bash script that would tell you if the skies are clear or Jasager is on the prowl.

Best way to stop it, would to, set your network connection to not Auto Connect, that way, when your down the street and you see your works connection randomly is available your less likely to click it.

Also it would be possible to built a kinda a Wireless firewall for this, as soon as it detects that a new connection has been made, it would check the SSID against know SSID -> MAC address, if its incorrect, it would disconnect and or alert. New SSID's will prompt for an add to the Database. This also wouldnt be to hard to program.

Link to comment
Share on other sites

Also it would be possible to built a kinda a Wireless firewall for this, as soon as it detects that a new connection has been made, it would check the SSID against know SSID -> MAC address, if its incorrect, it would disconnect and or alert. New SSID's will prompt for an add to the Database. This also wouldnt be to hard to program.

With iwconfig, you just set the MAC address of the AP you want to connect to, use the ap parameter.

Link to comment
Share on other sites

Has anyone encountered this error when installing? Also when you try and access the Jasager interface, it'll say ruby not found. I assume ruby package should be part of the requirements but it's not listed?

root@OpenWrt:~# ipkg install jasager-madwifi_1.ipk

Installing kmod-madwifi (2.6.21.5+r2568-20070710-atheros-2) to root...

Nothing to be done

Done.

Collected errors:

Package kmod-madwifi md5sum mismatch. Either the ipkg or the package index are corrupt. Try 'ipkg update'.

root@OpenWrt:~# ipkg install jasager_1.ipk

Installing jasager (1) to root...

Configuring jasager

chown: /karma_www: No such file or directory

chown: /etc/rc.d/S91karma_ui: No such file or directory

cat: /karma_www/.version: No such file or directory

WARNING: Installation may have failed.

Detected r is installed, but this is r0.1.

Done.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...