====== Fon ====== {{:user:ruza:fon_logo.svg.png?nolink |}} ===== Flashing ===== ==== Oficial firmware ==== http://wiki.fon.com/wiki/Firmware_Update_Instructions ==== flashing over serial ==== * hw: http://www.webalice.it/fede.tft/fonera/fonera_serial.html * sw: http://karmetasploit.com/archives/10 * http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port ==== Yasager! ==== http://www.digininja.org/jasager/installation.php http://www.digininja.org/jasager/download.php ==== Devices ==== === Fon (2100) === {{ :user:ruza:fon2100.jpg?nolink&350}} * machine 192.168.1.1 * Fon 192.168.1.254 * CPU: Atheros AR531X_COBRA – MIPS 4KEc V6.4 – 183.50 MHz * RAM: Hynix hy57v281620etp-h – 16 MB * Flash: ST(84) H – 25P64V6P – MYS 636 – 8 MB * Ethernet: (1x) Altima AC101 (10/100 Mbit/s) [Auto-MDI(X)] * Wireless: IEEE 802.11b / 802.11g (up to 54 Mbps) * Serial Port exposed on PCB J2 * Antenna Connector: RP-SMA Connector (Reverse SMA) * Antenna Omni-Directional detachable antenna (2dBi) * Powersupply Input: 100-240V ~ 50-60 Hz 0.3A. Output: 5V DC, 2.0A Output * Power Consumption: 4 Watt === downgrading 7.0.2 r3 to initial firmware === http://wavetenna.blogspot.com/2008/02/fonera-702-r3-hack.html also http://www.metacafe.com/watch/1116957/fonera_7_0_2_r3_hack_initial_hack_enable_ssh/ * no internet connectivity * pres reset button at the bottom of the Fon for 40s (until only 1 light is on) * wait 3-5 minutes until all lights go on * config your pc/ntb: * ip: 169.254.255.2 * mask: 255.255.0.0 * gw: 169.254.255.1 * dns: 169.254.255.1 * http://169.254.255.1 (7.0.1 r2 aka 0.7.1 r2) * in Fon webiface in "Internet connection" reconfigure to get real Internet connection, with dns: 88.198.165.155 (applies Kolofinum hack for 7.0.1 r2) * power off, power on * 5-10min later ssh 169.254.255.1 (root/admin) * upload new fw ==== Pentesting ==== * http://stefans.datenbruch.de/lafonera/ * http://web.archive.org/web/20081007064711/http://k0k0.k1k2.de/ssh/open-ssh-access-to-fonera_en.htm