Thursday, 21 December 2006

My way to hack lafonera

I spend the last hours the get ssh-access on my lafonera. Now I want to write a little howto.
  1. Open the case of the router. This is not really necessary but it makes it easier and you can have a view on this beautifully circuit board. Remove the two black nipples on the bottom of the case. (The both on the other side of the antenna.) Under the nipple are bolts. Screw them out. Now you can remove the white part of the case.

  2. Enable the power supply.

  3. Now you need a computer with WLAN. On Linux run
    wpa_passphrase MyPlace serialnumber > /etc/wpa_supplicant/fonera.conf
    Replace serialnumber with the serial number of your lafonera. You can find it on the backside of the green circuit board or on the backside of the grey case.
    Start the wlan with
    wpa_supplicant -Dwext -ieth1 -c/etc/wpa_supplicant/fonera.conf
    Maybe you have to replace eth1 with the device of your WLAN.
    Get an IP with
    dhclient eth1
    and try to contact the fonera with
    ping 192.168.10.1

  4. The hack, described in this howto, is only tested with firmware version 0.7.1r1 and 0.7.0r4 Check on http://192.168.10.1 which firmware version runs on your lafonera. If the firmware is newer than 0.7.1r1 you have to reset the lafonera. Wait until both led's on the circuit board are lighting. (If only one is lighting, wait a few seconds) Now press the reset button on the backside of the circuit board. Press it until the one led stop blinking. It could take around one minute.
    Restart your wlan and check the web-frontend if the firmware version is now 0.7.0r4 or 0.7.1r1

  5. Now you need a little webshell. Copy the html code, you found here: http://futejia.fu.funpic.de/webshell.htm and safe it as webshell.htm or something else. (There are other versions of this webshell, but there are more complicated or didn't work.)
    With this little shell you can execude commands. First you need to open the ssh port. Run this command:
    /usr/sbin/iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
    After you have to start the ssh daemon. Run this command:
    /etc/init.d/dropbear
    The run of a command was succesfull when the webfrontend reports no error.

  6. Last step is to connect the lafonera over ssh. Use
    ssh root@192.168.10.1
    1)to connect to lafonera. The password is admin.
    Now have fun with your lafonera. To automatically enable ssh after a restart. Run this on your ssh console:
    mv /etc/init.d/dropbear /etc/init.d/S50dropbear
    Then you have to edit the file /etc/firewall.user
    Uncomment the two lines
    # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
    # iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
    Uncomment means remove the # (In vi you can use x to remove one character. Then press ESC :wq to safe and quite)

I hope this howto was helpfull. Leave a comment if you have problems, or if you want to add something.
I took a few pictures of my lafonera. You can find them in my picasa-webalbum.

3 comments:

Anonymous said...

OK, it might be too obvious, but it cost me a couple of hours: the WAN cable has to be detached for that.

Anonymous said...

Eure Seite ist echt schoen, aber da wir auch eine heisse Seite haben, auf der es Zwar um den [url=http://www.sexakt.org][b]Livesex[/b][/url] geht, aber dennoch das ein bestandteil des Internets ist, moechte ich Euch die Seite auch mal vorstellen.
Hier sind eben ganz private Frauen die mit einer Livecam zu hause sitzen um hemmungslos den [url=http://www.sexcamamateure.net][b]Sex[/b][/url] zu erleben. Mit einem Chat hast Du die Chance diese Sexgirls live zu sehen und mit ihnen ueber den Chat vor
der Sexcam zu schreiben. Hier ist sie nun die geile und hemmungslose Seite fuer private Frauen die vor ihren tabulosen [url=http://www.sexcamamateure.net][b]Sexcams[/b][/url] auf Dich warten.

Schau rein und geniesse die Show!

Anonymous said...

top [url=http://www.xgambling.org/]online casino[/url] hinder the latest [url=http://www.realcazinoz.com/]online casino[/url] free no consign bonus at the chief [url=http://www.baywatchcasino.com/]spare casino games
[/url].