Darren Kitchen Posted September 23, 2008 Share Posted September 23, 2008 This guide has been replaced with a version on the Hak5 wiki. Feel free to make edits there and add discussion here. http://wiki.hak5.org/wiki/Fon_Jasager_Install <---Unlocking the Fon 2100 and Installing Jasager Guide http://wiki.hak5.org/wiki/Jasager <--- Place for further Jasager tutorials, payloads, etc So I figured it would be best if I tried out the official release and seeing as how my old Fon has been through hell and back with all sorts of frankenstein experiments I figured why not just pop a new Fon and document the unlocking / install process. This was also great practice for an upcoming segment I'm doing on episode 405 I believe. At the bottom of this guide I have included a link to download all of the files used in this guide as well as links to resources I used while installing. If I borked something up or you know of an easier way to do this please post a comment. Also note I did this in Windows because it was easiest for me using Firefox, Putty, and WinSCP. Substitute tools for your OS. Warning: Applying these changes to your Fonera will void it of its warranty. FON does not support these modifications and will not be held responsible for their consequences. This should only be done by advanced users. Step 0: Unbox FON 2100. Make note of the serial number on the bottom and NO NOT UNDER ANY CIRCUMSTANCES PLUG HIM INTO THE INTERNET Step 1: Give FON some power but not Ethernet yet. Open your wireless connection manager and connect to the MyPlace access point. The WPA key is the serial number on the bottom of FON. Step 2: Browse to http://192.168.10.1/ and make sure FON is wearing firmware version 0.7.1 r1 or below. If not consult another thread on downgrading it. Step 3: Click the Advanced link and login with username admin and password admin. Step 4: Open sshenable.html (provided in download at the bottom of this post) and click Submit Step 5: SSH on over to 192.168.10.1 Step 6: Login as root with password admin Step 7: Rename dropbear to S50dropbear so that it comes up on boot mv /etc/init.d/dropbear /etc/init.d/S50dropbear Step 8: Transfer over out.hex and openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma to /tmp/ using SCP (or wget them, or however you want to transfer 'em) Step 9: Patch the kernel, reboot, and eat some pineapple while it comes back up. mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7 reboot Step 10: Reconnect to MyPlace, SSH back in, patch the redboot config, reboot, eat some more pineapple. mtd -e "RedBoot config" write out.hex "RedBoot config" reboot Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 23, 2008 Author Share Posted September 23, 2008 Step 11: Flash FON's firmware. Fire up the Freifunk Ap51 EasyFlash GUI utility (Download for Windows or Linux). Connect Ethernet between FON and your PC. Unplug FON's power. In the GUI under Rootfs check Use external file and browse to openwrt-atheros-2.6-root.squashfs. Under Kernel check Use external file and browse to openwrt-atheros-2.6-vmlinux.lzma. Select your Ethernet interface from the Interface drop-down. Plug FON's power back in then immediately click Go! in the GUI. Spend the next 20 minutes enjoying some pineapple. Step 12: Time for an easy step. Telnet to 192.168.1.1 telnet 192.168.1.1 Step 13: Change the root password then enable wireless. passwd pineapplesareyummy pineapplesareyummy uci set wireless.wifi0.disabled=0 uci commit wireless && wifi Step 13.5: Transfer over the IPK files from the download below to /tmp/. Again SCP, wget, however you wanna move them bits. Step 14: Install webif ipkg install haserl_0.8.0-2_mips.ipk ipkg install webif_0.3-10_mips.ipk Step 15: Browse to http://192.168.1.1/ login as root with password pineapplesareyummy (if you've been following along literally) and enjoy the beautiful new web interface. Take a moment to click through to the Graphs tab and appreciate the beauty that is the dynamically updating CPU meter. Ahhh Step 16: Install Ruby ipkg install libruby_1.8.6-p36-1_mips.ipk ipkg install ruby_1.8.6-p36-1_mips.ipk Step 17: Install Jasager patched madwifi drivers ipkg install jasager-madwifi_1.ipk Step 18: Install Jasager and reboot. I installed from the package which seems to have installed fine but not without warnings. The next step seems to have fixed the issue. Anyway you might want to install Jasager from the tarball, at least until Robin Wood aka Digininja gets another FON for testing and updates the package. (I'll be delivering Robin some FONs at Toorcon) ipkg install jasager_1.2.ipk reboot Step 19: Copy (or move) the contents of /karma/www/ to /www/ (if you installed from package version 1.2). Also note I renamed the original index.html in /www/ to webif.html for easy access mv /www/index.html /www/webif.html cp -R /karma/www/* /www/ reboot Step 20: Login to Jasager and turn Karma on. And would you look at that, was someone trying to connect to their NETGEAR router? We might have to nmap 192.168.1.114 and see if we can help them. Download all of the files used in this guide zipped from http://www.hak5.org/files/fon2100--unlock--jasager_1.2.zip Sites I referenced: http://www.digininja.org/jasager/ (of course) http://wiki.hak5.org/wiki/Episode_3x07#Unl...RT_on_La_Fonera http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera http://download.berlin.freifunk.net/fonera/ http://wiki.openwrt.org/OpenWrtDocs/KamikazeConfiguration http://downloads.x-wrt.org/xwrt/kamikaze/7...s-2.6/packages/ http://wiki.x-wrt.org/index.php/Kamikaze_Installation http://download.berlin.freifunk.net/sven-ola/area51/ http://downloads.openwrt.org/kamikaze/7.09...s-2.6/packages/ http://downloads.openwrt.org/kamikaze/packages/mips/ Quote Link to comment Share on other sites More sharing options...
thetron Posted September 23, 2008 Share Posted September 23, 2008 Do the same steps work for the linksys WRT54g? There more common than the Fon in other places thats all. Fon in Australia is impossible to find an international buyer that will ship here Quote Link to comment Share on other sites More sharing options...
digininja Posted September 23, 2008 Share Posted September 23, 2008 Do the same steps work for the linksys WRT54g? There more common than the Fon in other places thats all. Fon in Australia is impossible to find an international buyer that will ship here No, these instructions are specific to the Fon, some bits will be similar but others are different. For good info on getting openwrt on the WRT see PaulDotCom's site or his book, that covers it in full detail. Quote Link to comment Share on other sites More sharing options...
crater Posted September 23, 2008 Share Posted September 23, 2008 Great guide. I had my fon with SSH enabled and setup for a while, but i had not found any where that told how to get into the redboot config. To add to this exchange putty and winscp with ssh root@ and scp on OSX, the GUI can be replaced with the BSD version of the script offered over at http://download.berlin.freifunk.net/fonera/ and just remember to use en0 as the network adapter and follow it by the 2 files used in the GUI separated by a space. Works great! Quote Link to comment Share on other sites More sharing options...
Mat Posted September 23, 2008 Share Posted September 23, 2008 Locating the Fon 2100 seems difficult. Will this guide be usable with the "La Fonera+" as available here https://shop.fon.com/FonShop/shop/GB/ShopCo...product=PRD-019 or can the guide be updated to work with this. After all, if the hardware cant be found, the hack cant be performed :) Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 23, 2008 Author Share Posted September 23, 2008 I will be providing digininja with additional FON 2100 and La Fonera+ units this weekend. AFAIK the Fonera+ model is Atheros based and has been unlocked so it seems possible. Quote Link to comment Share on other sites More sharing options...
Matt {Undead} Posted September 23, 2008 Share Posted September 23, 2008 really good guide there darren, this should help alot more n00bies get some mad wifi on :) looking forward to unlocking fonera+ aswell. Quote Link to comment Share on other sites More sharing options...
CHainer Posted September 24, 2008 Share Posted September 24, 2008 is there anyway to convert dd-wrt firmware to jasager? Quote Link to comment Share on other sites More sharing options...
digininja Posted September 24, 2008 Share Posted September 24, 2008 is there anyway to convert dd-wrt firmware to jasager? Jasager isn't an OS, it is an application. You would need to convert dd-wrt to OpenWrt which is basically a reinstall from scratch. Quote Link to comment Share on other sites More sharing options...
joker5893 Posted September 25, 2008 Share Posted September 25, 2008 Hey guys, i started to do the process of all this and i ran into a problem. In an email i told Darren that my Fon was 0.7.0 r4. So i got up to step 4 where you run the sshenable and it takes me to a Fon splash page that tells me that i have no connection. When i try to SSH in i get a connection refused. Any ideas? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 25, 2008 Author Share Posted September 25, 2008 Hey guys, i started to do the process of all this and i ran into a problem. In an email i told Darren that my Fon was 0.7.0 r4. So i got up to step 4 where you run the sshenable and it takes me to a Fon splash page that tells me that i have no connection. When i try to SSH in i get a connection refused. Any ideas? Looks like there is a bug in the sshenable.html file. oops. I remember fixing this on the copy on my laptop but it must not have made it back to my desktop for the archive. Anyway, just replace the 169. IP address with 192.168.10.1, save it and try again. It might take two tries to work. I'll update the archive Quote Link to comment Share on other sites More sharing options...
joker5893 Posted September 25, 2008 Share Posted September 25, 2008 Looks like there is a bug in the sshenable.html file. oops. I remember fixing this on the copy on my laptop but it must not have made it back to my desktop for the archive. Anyway, just replace the 169. IP address with 192.168.10.1, save it and try again. It might take two tries to work. I'll update the archive Hey Darren, that was it. I was looking at the code and i was thinking along those lines but wasn't sure. Quote Link to comment Share on other sites More sharing options...
joker5893 Posted September 25, 2008 Share Posted September 25, 2008 Hey Darren, that was it. I was looking at the code and i was thinking along those lines but wasn't sure. Success!! Ok so i ran into a couple of problems. One being the IP in the sshenable that you cleared up. Another problem is when i was patching the kernel and reboot config, it would lock up and i would have to physically unplug the Fon and try again. (only took two attempts). Also when i tried launching the Flash Firmware GUI it gave off an error. The error said it couldn't find the wpcap.dll. So i downloaded it, then tried again, then it said couldn't' find packet.dll. So i downloaded that and tried to launch again. Still an error so i deleted the packet.dll and wpcap.dll files out of frustration and tried to launch again. Then it worked. But now i got it up and interested in seeing whats next for it. Thank you for your help Darren. Quote Link to comment Share on other sites More sharing options...
CHainer Posted September 25, 2008 Share Posted September 25, 2008 alright then, since i am using dd-wrt so i just follow the steps above or can i skip some steps? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 25, 2008 Author Share Posted September 25, 2008 Success!! Ok so i ran into a couple of problems. One being the IP in the sshenable that you cleared up. Another problem is when i was patching the kernel and reboot config, it would lock up and i would have to physically unplug the Fon and try again. (only took two attempts). Also when i tried launching the Flash Firmware GUI it gave off an error. The error said it couldn't find the wpcap.dll. So i downloaded it, then tried again, then it said couldn't' find packet.dll. So i downloaded that and tried to launch again. Still an error so i deleted the packet.dll and wpcap.dll files out of frustration and tried to launch again. Then it worked. But now i got it up and interested in seeing whats next for it. Thank you for your help Darren. Good to hear you got it installed. Thats odd about the dll problems with the GUI. All I ever needed was the executable. Quote Link to comment Share on other sites More sharing options...
staulkor Posted September 26, 2008 Share Posted September 26, 2008 You probably had libpcap installed Darren. That is what those DLLs are for ;) I got my fon and fon+ from fedex this morning and I just got this working on my fon. I am going to try it for my fon+ Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 26, 2008 Author Share Posted September 26, 2008 Let me know how the Fon+ goes. I'm bringing one to digininja tomorrow. I've got another spare at home so I'd love to get it going. Sadly Fon+ requires more voltage and is too big for my other mod...which I'll post about later Quote Link to comment Share on other sites More sharing options...
staulkor Posted September 26, 2008 Share Posted September 26, 2008 I am having issues flashing it. I am got into redboot and formatted the fs, but when trying to flash the root fs, telnet times out. Quote Link to comment Share on other sites More sharing options...
Mike S. Posted September 26, 2008 Share Posted September 26, 2008 Thanks man! That tutorial saved a lot of time and it worked without problem! Quote Link to comment Share on other sites More sharing options...
.exe Posted September 27, 2008 Share Posted September 27, 2008 First of all thanks to the guys who make this site what it is. Right.....got a few newbie problems.......so hopefully I havn't just screwed up my fon as they retail for $44 where I currently live (UK). I have worked my way through the guide exactly as printed except I made the mistake of connecting the unit to the internet and requiring a firmware downgrade. Currently, I have made it to the Firmware flashing stage with Freifunk. I have the fon connected to my switch via 10/100 Ethernet (no wifi) back to my pc. My pc has these settings: IP: 192.168.0.252 MASK: 255.255.255.0 Now I have tried the flash three times (minimum of 50 minutes) but the telnet access is not coming back up. I am receiving no errors in Freifunk GUI and wireless now seems to be disabled (so i presume its flashing). The fon when it comes out the box uses dhcp so im not sure if flashing openWRT assigns the FON nic a static 192.168.1.1 (the address im trying to telnet to). So two questions: What the hell have I done wrong here and why? (ANY help would be very appreciated) Is my FON now useless and beyond repair? Quote Link to comment Share on other sites More sharing options...
.exe Posted September 27, 2008 Share Posted September 27, 2008 Just found this in the Readme for Freifunk. [Windows] 1) Connect the Fonera to the ethernet jack. Use a cross linked cable. 2) Browse to http://winpcap.org/ , download the installer and install it. 3) Download http://download.berlin.freifunk.net/fonera...-gui-1.0-42.exe 4) Run the program. Select interface. Click Go. Switch on the Fonera. I believe this answers my first question but I need confirmation from someone more experienced with the flashing process for this technique. Quote Link to comment Share on other sites More sharing options...
DeepN1KE Posted September 27, 2008 Share Posted September 27, 2008 Still trying to get hold of one of these at a reasonable price. Thanks for the guide though. Quote Link to comment Share on other sites More sharing options...
James0331 Posted September 27, 2008 Share Posted September 27, 2008 First of all thanks to the guys who make this site what it is. Right.....got a few newbie problems.......so hopefully I havn't just screwed up my fon as they retail for $44 where I currently live (UK). I have worked my way through the guide exactly as printed except I made the mistake of connecting the unit to the internet and requiring a firmware downgrade. Currently, I have made it to the Firmware flashing stage with Freifunk. I have the fon connected to my switch via 10/100 Ethernet (no wifi) back to my pc. My pc has these settings: IP: 192.168.0.252 MASK: 255.255.255.0 Now I have tried the flash three times (minimum of 50 minutes) but the telnet access is not coming back up. I am receiving no errors in Freifunk GUI and wireless now seems to be disabled (so i presume its flashing). The fon when it comes out the box uses dhcp so im not sure if flashing openWRT assigns the FON nic a static 192.168.1.1 (the address im trying to telnet to). So two questions: What the hell have I done wrong here and why? (ANY help would be very appreciated) Is my FON now useless and beyond repair? If you are following the guide Darren put together, connect straight from the FON RJ-45 jack to your computer's NIC card. You do not need to use a crossover cable (in fact you shouldn't), as the steps up to this point have switched the FON port from an WAN to LAN. You FON is now operating similar to a standard router with the WAN port removed, connect to is normally. ALSO, when you bring the router back up after the Kernal patch (right before the Telnet step), you will not see the WLAN LED light up. This is normal, as the router is not fully booting. Make sure you make your make your telnet connection quickly as there is a window of opportunity while the router is listening on port 23. If you miss the window the connection will be refused, simply cycle power to the router and try again. If these notes are obvious, this post was not for you. I hope this helps anyone having trouble. Quote Link to comment Share on other sites More sharing options...
James0331 Posted September 27, 2008 Share Posted September 27, 2008 Just found this in the Readme for Freifunk. [Windows] 1) Connect the Fonera to the ethernet jack. Use a cross linked cable. 2) Browse to http://winpcap.org/ , download the installer and install it. 3) Download http://download.berlin.freifunk.net/fonera...-gui-1.0-42.exe 4) Run the program. Select interface. Click Go. Switch on the Fonera. I believe this answers my first question but I need confirmation from someone more experienced with the flashing process for this technique. WINCAP is only necisary in order to get the libraries the flasher gui requires. As long as the flasher will start, don't sweat it. Use a regular cable, see my post above. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.