WARNING: THE ORIGINAL CREATORS OF THIS GUIDE ARE NOT RUNNING THEIR WEBSITE ANYMORE. PLEASE DO NOT EMAIL ME WITH YOUR PROBLEMS. SOME OF THE LINKS CONTAINED IN THIS POST MAY BE BROKEN AND YOU MIGHT NOT BE ABLE TO DOWNLOAD ALL OF THE NECESSARY FILES. I WILL FIND A WAY TO DISTRIBUTE ALL OF THE FILES SO THAT USERS CAN DOWNLOAD THEM. UPDATE: ALL LINKS SHOULD BE GOOD TO GO************************************************************************************
I know that this is totally against what My Fon Blog is all about, but I think it is important to take the time and try to understand why the hacker community loves Fon (and their cheap routers). Yes, I'll will admit it, one of my Foneras is running DD-WRT and I don't regret doing it. I now understand why people do it. The whole process is very simple and once everything is done, you will realize the power that DD-WRT has and how crappy Fon's firmware really is. Sometime later I will make a post on how to put the Fon firmware back onto the router, and maybe some other stuff as well. We'll just have to wait and see. Have Fon! (Yes, I was trying to make a joke.)
*************************************************************************************
(Below is a is a copy and paste from
UselessHacks (with a few minor changes)
, They are the ones who created this guide and deserve full credit. I am merely distributing this guide to help people out. Oh yeah, here's another tip, disable any firewall or security suite you have installed on your computer. Some stuff won't work with it running.)
Note: This guide has been updated as of Aug 8, 2008 to reflect the new flashing procedures related to DD-WRT v24 SP1.
The following is a guide to flashing the Fonera Access Point, into a mini-router (albeit with only one ethernet jack) running the excellent, open-source DD-WRT firmware. This provides many useful features, such as turning the router into a wireless repeater, or even an ethernet to wireless bridge.
Preparation
Download the latest version of the following items (I recommend saving them all into a special folder on your desktop for convenience):
Putty
HTTP File Server (HFS)
Tftpd32 (Extract the Tftpd32 zip file to your special folder)
DD-WRT Fonera Firmware-> Atheros WiSoc-> Fonera
(Download linux.bin for v24-sp1, root.fs and vmlinux.bin.l7 for pre-RC7)
SSHEnable.htm
openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
out.hex
It’s important to download everything you need before you get started, because you will not have internet access throughout this tutorial. All of the programs listed are installer free, meaning that at the end of this tutorial, you just have to throw everything in the trash. No messy uninstalls, no shortcuts all over the place.
If you have already enabled SSH access on your router, please skip to Flashing the Firmware.
Connecting La Fonera
Plug the Fonera into the power, and into the LAN port on your computer.
In Windows, disable all other network connections besides the one connected to the Fonera. You’ll need to set the following settings in the LAN ports properties. Disable all firewalls, or at least make sure that port 22, 23, and 9000 are open.
IP: 169.254.255.2
Subnet: 255.255.0.0 (System will fill it in for you)
Default Gateway: 169.254.255.1
DNS: 169.254.255.1
Once all three leds are blinking (1-2 minutes), you should be able to open a browser, type 169.254.255.1 and see the Router Status. If not, wait a little while longer. If you are still not getting anything, re-check your settings.
The first time you log into the router, you will need to supply the following:
Username: root
Password: admin
If the firmware version is 0.7.1 r1 or lower, please skip to Enabling SSH.
If you have version 0.7.1 r2, you will fall in two categories:
1. Your router shipped with a previous firmware, and you let it update itself from FON’s servers. You will need to downgrade before continuing with this guide.
Downgrading
- After the Fonera has been on for a couple minutes, push the reset button on the bottom, and hold it in for several seconds (30-45 secs is fine). Wait for it to finish rebooting (1-2 minutes), then check again to see wh at f irmwa re version you have.
- If it’s now at or below 0.7.1 r1, then you may move to the next step, Enabling SSH.
2. Your router shipped with 0.7.1r2 installed. You will need to do the Kolofonium Hack, then when you come back here, you will start at Enabling RedBoot.
This works on the newest firmware:
1. Hold reset button for 30 seconds
2. Remove the power connector while still holding reset.
3. Replace power connector and continue holding reset button until “wifi” lights up and goes away again (a good 2-3 minutes of holding it).
4. Let go and wait for “wifi” to come back (2-3 minutes).
- Supposedly, you will now be able to follow the rest of this guide without troubles. I will need to verify this, but for now, I am all out of routers. Feel free to give it a shot.
Enabling SSH
Now open the SSHEnable.htm (that you downloaded earlier), hit submit.
Enabling RedBoot
Now open HFS. The first time you open it, a prompt will ask you if you want to include HFS in your context menu. I chose “No”. Now, right click on the little house icon, and select “Add Files…”, and add openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma and out.hex.
Now, open Putty and SSH into 169.254.255.1, click “Open”:
If this is your first time SSH’ing into the router, you will be faced with the following dialog prompt. Despite how serious it sounds, never fear, just click “Yes.”
Login using:
Username: root
Password: admin
As you type in the password, nothing will appear to happen, but continue typing anyways, and then hit enter.
I’ll also share with you a huge time saver. In order to copy from this tutorial the commands and paste them into the SSH terminal, first highlight what you want to copy (make sure not to include any extra spaces), right click the highlighted text and hit copy. Then right click your SSH window. This will automatically insert whatever you highlighted into where the green cursor is located.
Once logged in, execute the following command:
mv /etc/init.d/dropbear /etc/init.d/S50dropbear
This enables SSH permanently so that if you need to reset the router, you won’t need to run SSHEnable.htm again. If you have done this step before, it will return an error, and you can just continue on with the guide.
For the following, after every line, hit enter and wait for it return to a prompt again:
cd /tmp
wget http://169.254.255.2/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7
reboot
Now a prompt should pop up saying “Server unexpectedly closed network connection”; Just hit “OK”. The Fonera will now be restarting and will take 1-2 minutes (all three lights will be on). If you are impatient, you can do the following:
Unplug the Fonera from the power. Open up a command prompt in Windows (Start->Run->”cmd”), and type the following line:
ping 169.254.255.1 -t
Plug the Fonera back into the power. Whenever you start to see “Reply from 169.254.255.1…”, you can move on to the following step.
Right click on title bar of Putty and hit “Restart Session.” You will now need to login again.
Username: root
Password: admin
For the following, after every line, hit enter and wait for it return to a prompt again:
cd /tmp
wget http://169.254.255.2/out.hex
mtd -e "RedBoot config" write out.hex "RedBoot config"
reboot
Click “OK” on the unexpected connection close box.
Congratulations, you have now enabled RedBoot, which will allow us access to the bootloader. There we can flash the firmware to DD-WRT.
You can now exit the HFS program if you want.
Flashing the Firmware
Change the IP to 192.168.1.166, subnet 255.255.255.0.
You should not need to change the gateway or DNS servers, but you can if you want (i.e. if you are having an error). They will need to be changed back in the last step if you decide to change them here.
Now open Tftpd32:
Make sure that linux.bin (
Note: root.fs and vmlinux.bin.l7 for pre-RC7) is in the same folder as the Tftpd32 program (or in the folder that is listed in “Current Directory” in Tftpd32).
Now, we can use Putty again for Telneting to the Fonera, or you can use whatever other program you have available. Right-click title bar of Putty, select “New Session.” Make sure to select the Telnet button in Putty, IP to 192.168.1.254, and then change the port to 9000. Its best to do it in that order, since Putty automatically changes the port number to 23 whenever you click the Telnet button.
If you are having trouble knowing when to start the Telnet connection, open up a command prompt in Windows (Start->Run->”cmd”), and type the following line:
ping 192.168.1.254 -t
Whenever you start to see “Reply from 192.168.1.254…”, then hit connect in the Telnet client.
Once you’re connected, enter the following commands. After each line, hit enter. The “fis” commands will take a long time (up to 10 minutes), but it will return to a “RedBoot>” prompt whenever it is ready to continue (refer to the second picture for how it will look). I got impatient and entered the next lines before the prompt appeared, and I ended up having to restart the whole process.
For the newer releases after RC7,
there is a new flashing procedure, as follows:
ip_address -l 192.168.1.254/24 -h 192.168.1.166
fis init
Type “y”, and hit enter.
load -r -b 0x80041000 linux.bin
fis create linux
Do not reboot yet. Boot script needs to be modified.
RedBoot> fconfig
and press ENTER
Run script at boot: true
Press ENTER
Boot script:
.. fis load -l vmlinux.bin.l7
.. exec
Enter script, terminate with empty line
>> fis load -l linux
and press ENTER
>> exec
and press ENTER
>>
Press ENTER
Boot script timeout (1000ms resolution):
10
and press ENTER
Use BOOTP for network configuration: false
Press ENTER
Gateway IP address:
Press ENTER
Local IP address: 192.168.1.254
and press ENTER
Local IP address mask: 255.255.255.0
and press ENTER
Default server IP address:
press ENTER
Console baud rate: 9600
and press ENTER
GDB connection port: 9000
and press ENTER
Force console for special debug messages: false
Press ENTER
Network debug at boot time: false
Press ENTER
Update RedBoot non-volatile configuration - continue (y/n)? y
and press ENTER
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e000
0: .
RedBoot>reset
and press ENTER
Now skip to Post Flashing.
The following procedures are for RC6.2 and earlier:
ip_address -l 192.168.1.254/24 -h 192.168.1.166
fis init
Type “y”, and hit enter.
load -r -v -b 0x80041000 root.fs
Note: The line below is correct; “rootfs” is not a typo.
fis create -b 0x80041000 -f 0xA8030000 -l 0x002C0000 -e 0x00000000 rootfs
load -r -v -b 0x80041000 vmlinux.bin.l7
fis create -r 0x80041000 -e 0x80041000 -l 0x000E0000 vmlinux.bin.l7
fis create -f 0xA83D0000 -l 0x00010000 -n nvram
reset
Post Flashing
Once it finishes rebooting, you can connect to it over a wireless card at IP 192.168.1.1, or if you want to manage it over the ethernet port, you will need to change your IP address again to
IP: 169.254.255.2
Subnet: 255.255.0.0 (System will fill it in for you)
Default Gateway: 169.254.255.1
DNS: 169.254.255.1
Now, you can connect to the DD-WRT web interface by opening a web browser and typing 192.168.1.1. If you want the router to give you an IP address automatically over ethernet, you will need to change the mode of the router. As of right now, they are still working out some of the bugs, but I have gotten the “Client Bridge” mode to work on 3/19/07 firmware, following these instructions.
Also, you need to remember that any time you reset your router by hitting the button on the bottom (or in the firmware), you will need to manually set your IP again to the 169.254.255.2…etc. as above, in order to access it over the Ethernet port (well, until they change the firmware to where it defaults to putting the DHCP server on the ethernet port, if they ever do).
Also, watch the DD-WRT wiki for news about less buggy firmware releases, and make sure to upgrade using the fonera-firmware.bin files through the web gui. Its much easier!
If you are to this point, and your router is not responding, wait 5 minutes, and check your IP settings. If you are still not getting an response, I would recommend the following:
1. Unplug the power from the fonera
2. Make sure you have all the other network connections disabled
3. Set the ip to the 192.168.1.166 with the same options as above.
4. Start the pinging (ping 192.168.1.254 -t)
5. Plug in the power to the router
6. In about 10-50 seconds, you should see a response. If you don’t, wait a little longer and double check your IP settings.
7. If you finally see a response, Start again “Flashing the Firmware,” but unplug the power from the router first, because there is a narrow gap of time that the Redboot option is open.
Related links:
Original Hackers of the FON
DD-WRT Fonera Wiki
*************************************************************************************
LINKAGE:
DD-WRTFON router hacking guide