Jump to content

MK1: Step-By-Step Unlocking / Install guide (with pictures)


Recommended Posts

This guide has been replaced with a version on the Hak5 wiki. Feel free to make edits there and add discussion here.

http://wiki.hak5.org/wiki/Fon_Jasager_Install <---Unlocking the Fon 2100 and Installing Jasager Guide

http://wiki.hak5.org/wiki/Jasager <--- Place for further Jasager tutorials, payloads, etc

So I figured it would be best if I tried out the official release and seeing as how my old Fon has been through hell and back with all sorts of frankenstein experiments I figured why not just pop a new Fon and document the unlocking / install process. This was also great practice for an upcoming segment I'm doing on episode 405 I believe.

At the bottom of this guide I have included a link to download all of the files used in this guide as well as links to resources I used while installing.

If I borked something up or you know of an easier way to do this please post a comment. Also note I did this in Windows because it was easiest for me using Firefox, Putty, and WinSCP. Substitute tools for your OS.

Warning: Applying these changes to your Fonera will void it of its warranty. FON does not support these modifications and will not be held responsible for their consequences. This should only be done by advanced users.

Step 0: Unbox FON 2100. Make note of the serial number on the bottom and NO NOT UNDER ANY CIRCUMSTANCES PLUG HIM INTO THE INTERNET

Step 1: Give FON some power but not Ethernet yet. Open your wireless connection manager and connect to the MyPlace access point. The WPA key is the serial number on the bottom of FON.

1.png

Step 2: Browse to http://192.168.10.1/ and make sure FON is wearing firmware version 0.7.1 r1 or below. If not consult another thread on downgrading it.

2.png

Step 3: Click the Advanced link and login with username admin and password admin.

3.png

Step 4: Open sshenable.html (provided in download at the bottom of this post) and click Submit

4.png

Step 5: SSH on over to 192.168.10.1

5.png

Step 6: Login as root with password admin

6.png

Step 7: Rename dropbear to S50dropbear so that it comes up on boot

mv /etc/init.d/dropbear /etc/init.d/S50dropbear

7.png

Step 8: Transfer over out.hex and openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma to /tmp/ using SCP (or wget them, or however you want to transfer 'em)

8.png

Step 9: Patch the kernel, reboot, and eat some pineapple while it comes back up.

mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7

reboot

9.png

Step 10: Reconnect to MyPlace, SSH back in, patch the redboot config, reboot, eat some more pineapple.

mtd -e "RedBoot config" write out.hex "RedBoot config"

reboot

10.png

Link to comment
Share on other sites

  • Replies 172
  • Created
  • Last Reply

Top Posters In This Topic

Step 11: Flash FON's firmware.

  • Fire up the Freifunk Ap51 EasyFlash GUI utility (Download for Windows or Linux).
  • Connect Ethernet between FON and your PC.
  • Unplug FON's power.
  • In the GUI under Rootfs check Use external file and browse to openwrt-atheros-2.6-root.squashfs. Under Kernel check Use external file and browse to openwrt-atheros-2.6-vmlinux.lzma.
  • Select your Ethernet interface from the Interface drop-down.
  • Plug FON's power back in then immediately click Go! in the GUI.
  • Spend the next 20 minutes enjoying some pineapple.

11.png

Step 12: Time for an easy step. Telnet to 192.168.1.1

telnet 192.168.1.1

12.png

Step 13: Change the root password then enable wireless.

passwd

pineapplesareyummy

pineapplesareyummy

uci set wireless.wifi0.disabled=0

uci commit wireless && wifi

13.png

Step 13.5: Transfer over the IPK files from the download below to /tmp/. Again SCP, wget, however you wanna move them bits.

Step 14: Install webif

ipkg install haserl_0.8.0-2_mips.ipk

ipkg install webif_0.3-10_mips.ipk

14.png

Step 15: Browse to http://192.168.1.1/ login as root with password pineapplesareyummy (if you've been following along literally) and enjoy the beautiful new web interface. Take a moment to click through to the Graphs tab and appreciate the beauty that is the dynamically updating CPU meter. Ahhh

15.png

Step 16: Install Ruby

ipkg install libruby_1.8.6-p36-1_mips.ipk

ipkg install ruby_1.8.6-p36-1_mips.ipk

16.png

Step 17: Install Jasager patched madwifi drivers

ipkg install jasager-madwifi_1.ipk

17.png

Step 18: Install Jasager and reboot. I installed from the package which seems to have installed fine but not without warnings. The next step seems to have fixed the issue. Anyway you might want to install Jasager from the tarball, at least until Robin Wood aka Digininja gets another FON for testing and updates the package. (I'll be delivering Robin some FONs at Toorcon)

ipkg install jasager_1.2.ipk

reboot

18.png

Step 19: Copy (or move) the contents of /karma/www/ to /www/ (if you installed from package version 1.2). Also note I renamed the original index.html in /www/ to webif.html for easy access

mv /www/index.html /www/webif.html

cp -R /karma/www/* /www/

reboot

19.png

Step 20: Login to Jasager and turn Karma on. And would you look at that, was someone trying to connect to their NETGEAR router? We might have to nmap 192.168.1.114 and see if we can help them.

20.png

Download all of the files used in this guide zipped from http://www.hak5.org/files/fon2100--unlock--jasager_1.2.zip

Sites I referenced:

http://www.digininja.org/jasager/ (of course)

http://wiki.hak5.org/wiki/Episode_3x07#Unl...RT_on_La_Fonera

http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera

http://download.berlin.freifunk.net/fonera/

http://wiki.openwrt.org/OpenWrtDocs/KamikazeConfiguration

http://downloads.x-wrt.org/xwrt/kamikaze/7...s-2.6/packages/

http://wiki.x-wrt.org/index.php/Kamikaze_Installation

http://download.berlin.freifunk.net/sven-ola/area51/

http://downloads.openwrt.org/kamikaze/7.09...s-2.6/packages/

http://downloads.openwrt.org/kamikaze/packages/mips/

Link to comment
Share on other sites

Do the same steps work for the linksys WRT54g?

There more common than the Fon in other places thats all. Fon in Australia is impossible to find an international buyer that will ship here

No, these instructions are specific to the Fon, some bits will be similar but others are different. For good info on getting openwrt on the WRT see PaulDotCom's site or his book, that covers it in full detail.

Link to comment
Share on other sites

Great guide. I had my fon with SSH enabled and setup for a while, but i had not found any where that told how to get into the redboot config.

To add to this exchange putty and winscp with ssh root@ and scp on OSX, the GUI can be replaced with the BSD version of the script offered over at http://download.berlin.freifunk.net/fonera/ and just remember to use en0 as the network adapter and follow it by the 2 files used in the GUI separated by a space. Works great!

Link to comment
Share on other sites

Hey guys, i started to do the process of all this and i ran into a problem. In an email i told Darren that my Fon was 0.7.0 r4. So i got up to step 4 where you run the sshenable and it takes me to a Fon splash page that tells me that i have no connection. When i try to SSH in i get a connection refused. Any ideas?

Link to comment
Share on other sites

Hey guys, i started to do the process of all this and i ran into a problem. In an email i told Darren that my Fon was 0.7.0 r4. So i got up to step 4 where you run the sshenable and it takes me to a Fon splash page that tells me that i have no connection. When i try to SSH in i get a connection refused. Any ideas?

Looks like there is a bug in the sshenable.html file. oops. I remember fixing this on the copy on my laptop but it must not have made it back to my desktop for the archive. Anyway, just replace the 169. IP address with 192.168.10.1, save it and try again. It might take two tries to work.

I'll update the archive

Link to comment
Share on other sites

Looks like there is a bug in the sshenable.html file. oops. I remember fixing this on the copy on my laptop but it must not have made it back to my desktop for the archive. Anyway, just replace the 169. IP address with 192.168.10.1, save it and try again. It might take two tries to work.

I'll update the archive

Hey Darren, that was it. I was looking at the code and i was thinking along those lines but wasn't sure.

Link to comment
Share on other sites

Hey Darren, that was it. I was looking at the code and i was thinking along those lines but wasn't sure.

Success!! Ok so i ran into a couple of problems. One being the IP in the sshenable that you cleared up. Another problem is when i was patching the kernel and reboot config, it would lock up and i would have to physically unplug the Fon and try again. (only took two attempts). Also when i tried launching the Flash Firmware GUI it gave off an error. The error said it couldn't find the wpcap.dll. So i downloaded it, then tried again, then it said couldn't' find packet.dll. So i downloaded that and tried to launch again. Still an error so i deleted the packet.dll and wpcap.dll files out of frustration and tried to launch again. Then it worked.

But now i got it up and interested in seeing whats next for it. Thank you for your help Darren.

Link to comment
Share on other sites

Success!! Ok so i ran into a couple of problems. One being the IP in the sshenable that you cleared up. Another problem is when i was patching the kernel and reboot config, it would lock up and i would have to physically unplug the Fon and try again. (only took two attempts). Also when i tried launching the Flash Firmware GUI it gave off an error. The error said it couldn't find the wpcap.dll. So i downloaded it, then tried again, then it said couldn't' find packet.dll. So i downloaded that and tried to launch again. Still an error so i deleted the packet.dll and wpcap.dll files out of frustration and tried to launch again. Then it worked.

But now i got it up and interested in seeing whats next for it. Thank you for your help Darren.

Good to hear you got it installed. Thats odd about the dll problems with the GUI. All I ever needed was the executable.

Link to comment
Share on other sites

First of all thanks to the guys who make this site what it is.

Right.....got a few newbie problems.......so hopefully I havn't just screwed up my fon as they retail for $44 where I currently live (UK).

I have worked my way through the guide exactly as printed except I made the mistake of connecting the unit to the internet and requiring a firmware downgrade. Currently, I have made it to the Firmware flashing stage with Freifunk.

I have the fon connected to my switch via 10/100 Ethernet (no wifi) back to my pc.

My pc has these settings:

IP: 192.168.0.252

MASK: 255.255.255.0

Now I have tried the flash three times (minimum of 50 minutes) but the telnet access is not coming back up. I am receiving no errors in Freifunk GUI and wireless now seems to be disabled (so i presume its flashing).

The fon when it comes out the box uses dhcp so im not sure if flashing openWRT assigns the FON nic a static 192.168.1.1 (the address im trying to telnet to).

So two questions:

What the hell have I done wrong here and why? (ANY help would be very appreciated)

Is my FON now useless and beyond repair?

Link to comment
Share on other sites

Just found this in the Readme for Freifunk.

[Windows]

1) Connect the Fonera to the ethernet jack. Use a cross linked cable.

2) Browse to http://winpcap.org/ , download the installer and install it.

3) Download http://download.berlin.freifunk.net/fonera...-gui-1.0-42.exe

4) Run the program. Select interface. Click Go. Switch on the Fonera.

I believe this answers my first question but I need confirmation from someone more experienced with the flashing process for this technique.

Link to comment
Share on other sites

First of all thanks to the guys who make this site what it is.

Right.....got a few newbie problems.......so hopefully I havn't just screwed up my fon as they retail for $44 where I currently live (UK).

I have worked my way through the guide exactly as printed except I made the mistake of connecting the unit to the internet and requiring a firmware downgrade. Currently, I have made it to the Firmware flashing stage with Freifunk.

I have the fon connected to my switch via 10/100 Ethernet (no wifi) back to my pc.

My pc has these settings:

IP: 192.168.0.252

MASK: 255.255.255.0

Now I have tried the flash three times (minimum of 50 minutes) but the telnet access is not coming back up. I am receiving no errors in Freifunk GUI and wireless now seems to be disabled (so i presume its flashing).

The fon when it comes out the box uses dhcp so im not sure if flashing openWRT assigns the FON nic a static 192.168.1.1 (the address im trying to telnet to).

So two questions:

What the hell have I done wrong here and why? (ANY help would be very appreciated)

Is my FON now useless and beyond repair?

If you are following the guide Darren put together, connect straight from the FON RJ-45 jack to your computer's NIC card. You do not need to use a crossover cable (in fact you shouldn't), as the steps up to this point have switched the FON port from an WAN to LAN.

You FON is now operating similar to a standard router with the WAN port removed, connect to is normally.

ALSO, when you bring the router back up after the Kernal patch (right before the Telnet step), you will not see the WLAN LED light up. This is normal, as the router is not fully booting.

Make sure you make your make your telnet connection quickly as there is a window of opportunity while the router is listening on port 23. If you miss the window the connection will be refused, simply cycle power to the router and try again.

If these notes are obvious, this post was not for you. I hope this helps anyone having trouble.

Link to comment
Share on other sites

Just found this in the Readme for Freifunk.

[Windows]

1) Connect the Fonera to the ethernet jack. Use a cross linked cable.

2) Browse to http://winpcap.org/ , download the installer and install it.

3) Download http://download.berlin.freifunk.net/fonera...-gui-1.0-42.exe

4) Run the program. Select interface. Click Go. Switch on the Fonera.

I believe this answers my first question but I need confirmation from someone more experienced with the flashing process for this technique.

WINCAP is only necisary in order to get the libraries the flasher gui requires. As long as the flasher will start, don't sweat it.

Use a regular cable, see my post above.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...