Deutsches Howto

=Unlock der La Fonera Plus= Diese Anleitung wurde ursprünglich geschrieben von: Giorgio Zarrelli.

Editiert und angepasst von: Dema.

Die Freischalt-Methode wurde entwickelt von: Lama Bleu.

Diese Howto unterliegt der GPL Lizenz

Der große und wichtige Haftungsausschluss
Der hier beschriebene Vorgang beinhaltet das Überschreiben (Reflashen) des Speichers der La Fonera+. Da dies eine sehr heikle Prozetur ist, übernehmen wir keine Verantwortung für Fehlfuntionen ab, die nach der Anwendenung oder Veränderung oder Verlust der Gerätefunkionalität auftreten.

Alle vorgenommenen Änderungen erfolgen also auf eigne Gefahr und eigener Verantwortung.

Nun, nachdem dies ggesagt wurde: LASST UNS BEGINNEN !

=Ubuntu Linux Howto=

Mit diesem Howto stellt eine Schritt für Schritt Anleitung Freisclatung der La Fonera plus unter Ubuntu Linux dar. Diese Anleitung kann auch mit anderen Linux Distributionen verwendet werden - Mit Ausnahme der spezifischen anzuwendenden Befehle (nicht durch diese Anleitung unterstützt) für den TFTP Daemon oder Sudoer Aktionen.

Was benötigt wird:

 * 1) ein Computer mit funktionierendem Ubuntu Linux (benutzt als Server)
 * 2) daruf einen LAN-Anschluß für das Ethernet Kabel

Serverseitig
Zuerst installieren wir den TFTP Daemon auf dem Ubuntu server

sudo apt-get install tftpd

Da tftpd durch inetd gestartet ist, ist es notwendig, die Datei /etc/inetd.conf wie hier beschrieben zu verändern:

sudo nano -w /etc/inetd.conf tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd /srv/tftp

Danach wird das Verzeichnis angegeben, in dem die Image-Datei abgelegt wird, um dem Speicher der Fonera+ zu flashen.

sudo mkdir /srv/tftp

Jetzt erfolgt die Angabe dieses Verzeichnisses als Zielort der Image-Datei und der Befehl, um diese aus dem Web dorthin herunterzuladen:

cd /srv/tftp sudo wget http://eric.levine.free.fr/foneraplus/image.bin

Dieser Vorgang kann etwas dauern - es sind ca. 6,5 MB Datengröße.

ist das erledigt, so wird openbsd-inetd neu gestartet (warscheinlich wurde es mit tftpd bereits gestartet):

sudo /etc/init.d/openbsd-inetd restart

Clientseitig
Verbinde die La Fonera + und den Client PC (Latop) mit einem Ethernetkabel - verwende die schwarze Netzwerkbuchse der La Fonera+.

Weise dem Client PC eine neue Netzwerkadresse zu: sudo ifconfig eth0 192.168.1.254

Jetzt wird ein script erstellt, das eine ARP-Anforderung sendet und auf einen Antwort von 192.168.1.1 (Fonera+) wartet. Das Script reagiert auf eine Antwort per telnet mit dem Senden eines CTRL C Signals. Das Script weist einen kleinen Fehler im tnc Bereich auf, welches die Funktion unterstützt und das aber später breinigt wird. Hier das Schreiben des Scripts:

echo 'echo -e "\0377\0364\0377\0375\0006" >break.bin; sudo /usr/bin/arping -f 192.168.1.1; sudo nc -vvv 192.168.1.1 9000  catch_fonera+

Jetzt wird es ausführbar gemacht:

chmod u+x catch_fonera+

Zugriff auf den Redboot der La Fonera plus
Zu Begin schaltet man die La Fonera+ aus.

Nun dieses Script ausführen:

./catch_fonera+

Nach der Eingabe des Ubuntu User passworts wechselt man auf die La Fonera+. Der kleine Router rebootet und Redboot wartet 2 Sekunden auf das Empfangen des CTRL C Signals über die Telnet Session am 192.168.1.1 Ethernet Interface.

Folgenden Zeilen sollten nun angezeigt werden:

./catch_fonera+ [sudo] password for zarrelli: ARPING 192.168.1.1 from 192.168.1.254 eth0 Unicast reply from 192.168.1.1 [XX:XX:XX:XX:XX:XX] 0.992ms Sent 9 probes (9 broadcast(s)) Received 1 response(s) fonera [192.168.1.1] 9000 (?) open == Executing boot script in 0.890 seconds - enter ^C to abort ^C RedBoot> sent 6, rcvd 82 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. RedBoot>

Achtung: Wenn man die folgenden Zeilen angezeigt bekommt:

RedBoot> �� muss man CRTL C über die Tastatur eingeben und erhält darauf ein funktionierendes RedBoot>

Einige Kontrollen vor dem Flashen
Jetzt wird kontrolliert, ob die FLASH Adressen wie folgt angezeigt werden (das kann mittels Ausgabe des "fis list" Befehles erfolgen): RedBoot> fis list Name             FLASH addr  Mem addr    Length      Entry point RedBoot          0xA8000000  0x80040400  0x00030000  0xA8000000 loader           0xA8030000  0x80100000  0x00010000  0x80100000 image            0xA8040000  0x80040400  0x00230004  0x80040400 image2           0xA8660000  0xA8660000  0x00140000  0x80040400 FIS directory    0xA87E0000  0xA87E0000  0x0000F000  0x00000000 RedBoot config   0xA87EF000  0xA87EF000  0x00001000  0x00000000

Die Zeilen oben müssen genau verglichen werden - die Ausgabe muss dem genau entsprechen.

Jetzt werden weitere Kontrollen durchgeführt.

RedBoot> x -b 0xa8040000 -l 32 A8040000: 00 21 BF DE A2 14 D3 9B 00 0A 50 34 6D 00 00 80  |.!........P4m...| A8040010: 00 FF FF FF FF FF FF FF FF 00 04 02 48 80 0E 0F  |............H...|

und weitere...

RedBoot> x -b 0xa8250000 -l 32 A8250000: 1E 5E B5 70 5D FA DE 16 AE 98 85 61 87 D5 E2 09  |.^.p]......a....| A8250010: D2 C1 70 A0 DD F6 2A 30 7F C8 5E 0B 00 DF 50 0A  |..p...*0..^...P.|

Nochmals wichtig zu wiederholen: Wenn die exakten Werte hier wie auch in der Anzeige erscheinen, sollte der Falsh durchführbar sein.

Image Datei auf die La Fonera+ laden mittels TFTP
In nächsten Schritt wird mittles TFTP die Image-Datei vom PC auf die La Fonera+ geladen und ein Checksummentest durchgeführt.

Flashing
We are at a dangerous step, reprogramming the FLASH memory:

Bestätigen Sie mit "y" wenn die Frage gestellt wird, um das Flashen fortzusetzen.

Resetten
Ok, wir sind fertig! Der letzte Befehl löst den Reset aus und startet die nen FREIE Fonera+: RedBoot> reset

Letzte Einstellungen und Kontrollen
Nachdem die La Fonera+ rebootet hat, verbindet man mit dem privaten WLAN (AKA MyPlace) und verwendet SSH, um zur Fonera+ zu verbinden:

zarrelli@moveaway:~$ ssh -l root 192.168.10.1 The authenticity of host '192.168.10.1 (192.168.10.1)' can't be establish RSA key fingerprint is 5c:d3:42:ed:52:6d:c0:c6:fb:ec:84:57:18:24:d7:be. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.10.1' (RSA) to the list of known host root@192.168.10.1's password: BusyBox v1.4.1 (2007-09-03 10:39:50 UTC) Built-in shell (ash) Enter 'help' for a list of built-in commands. ______                                          __ /\  ___\                                         /\ \ \ \ \__/  __     ___      __   _ __    __        \_\ \___ \ \  _\/ __`\ /' _ `\  /'__`\/\`'__\/'__`\     /\___  __\  \ \ \/\ \L\ \/\ \/\ \/\  __/\ \ \//\ \L\.\_   \/__/\ \_/ \ \_\ \____/\ \_\ \_\ \____\\ \_\\ \__/.\_\     \ \_\    \/_/\/___/  \/_/\/_/\/____/ \/_/ \/__/\/_/       \/_/ --  Fonera 1.5 Firmware (v1.1.1.1) - * Based on OpenWrt - http://openwrt.org * Powered by FON - http://www.fon.com - root@OpenWrt:~# Ohhhhh...la Fonera+ è aperta....

Wow!!! Die Fonera+ ist jetzt FREI!

<-- vorläufiges Ende der deutschen Übersetzung -->

=Windows howto=

With this howto we will guide you through a the step by step method for unlocking La Fonera plus using Windows.

What you need

 * 1) one computer running Windows 2000 or Windows XP or Vista (bleah)
 * 2) one ethernet cables patch

Swiss-knife for Window$-fonero
We strongly suggest to install following tools for Windows users : TFTPD32.exe to access RedBoot and upload your image file to the Fonera+. Last version 3.23 is only 480 kB size, download page is here. Autor's homepage is here (also DHCP server, Syslog..) Another freeware TFTPD server can be downloaded on sourceforge.net here

PuTTY is a client terminal which supports telnet, SSH, SSH-tunneling and serial connections, all that we need for La Fonera+. Official PuTTY page is here For download page we suggest to download full installer package "A Windows installer for everything except PuTTYtel" WinSCP is also a good tool to transfer files to/from your Fonera+ and also editing files ( vi editor is not implemented on the Busybox compiled by FON )

The server side
First switch-off your LaFonera+ !

Install PuTTY with default settings. Copy TFTPD32.EXE to your Windows Desktop

We need assign to LAN a static IP for the computer on which TFPTD32 is installed. Open your control panel, network connections, and set your IP address to 192.168.1.254, netmask 255.255.255.0 If your computer is normally running with static IP, please write your config on a little post-it first ! Or use advandced configuration for TCP/IP protocol and add a second IP address to your ethernet interface.

As it is not easy to access RedBoot console, just launch a in a MS-DOS background windows a permanent ping to your Fonera+: Start Menu/Run and type : cmd (plus Enter ..)

Don't worry when you receive the message "Host is not responding" or similar..

Accessing RedBoot
Not easy to access RedBoot, perhaps some scripts can help you on this NSLU2 excellent page Just few seconds after booting your Fonera+ you must start a telnet connection to your Fonera+ on 192.168.1.1 port 9000. By default RedBoot is listening on port 9000 only 2 seconds before normal kernel boot.

Launch PuTTY configuration and use this screen-copy to configure it. Parameters to configure : "Host name (or IP address): 192.168.1.1", "Port 9000", and for connection type check "Telnet" You can save this configuration ( in this example fill "RedBoot" or "Fonera+" for "saved sessions", then click "Save".



Now try to connect RedBoot, but be very prompt and synchrone !! Only 2 seconds from starting ! - manage your windows on the screen to see simultaneously "MSDOS ping -t" and PuTTY connection window. - power-on your LA Fonera+, click "Open" button on PuTTY screen. - as you see from "ping windows" : "reply from 192.168.1.1", press Enter and immediately CTRL-C on your keyboard. OK ! You've got the prompt for RedBoot like this ! Most complicated task is done now !

== Executing boot script in 0.890 seconds - enter ^C to abort ^C RedBoot>

If your Fonera+ seems to boot normally and you can't acces RedBoot, please re-try.

Some checkings before flashing
Now, do check if you FLASH addr are shown as those following (you can do it by issuing "fis list" command):

Take a sharp look to the above output, you should get exactly the same values in your screen.

Now we make some other checkings

and another one

Once again, if you get exactly the same values on your screen , you should be able to perform the flashing.

Now it's time to load the file to RAM of the La Fonera+

Loading the image to la fonera with tftp
Let's prepare the TFTPD32 server. Launch TFTPD32.EXE, and as in this example, create a new directory C:\local (the server root directory) Change parameters : Current directory : C:\local Server interface : select 192.168.1.254 if necessary.

Download and unzip this file to C:\local

Now it's time to tftp the image.bin file from you PC to the Fonera+, and verify checksum:

A pop-up will appear on TFP32D during transfer

Flashing
We are at a dangerous step, reprogramming the FLASH memory:

Answer "y" when it asks you to continue flashing the memory.

Important note : while pressing "y" to accept flash process, your Fonera+ stop to answer pings on background MSDOS windows. Message "Erase from 0xa8260000-0xa8650000: ." and remaining dots don't appear. Don't worry, don't reboot just wait few minutes. Ping will answer, remaining text will be displayed on your screen. Each dot is 64 kB memory-block. Scrolling is correct while flashing from serial port.

Resetting
Ok, you are done! The last command is a reset, to reboot your new FREE Fonera+:

Final settings and checkings
As the Fonera+ reboots, connect to your private wireless network (AKA MyPlace), or with ethernet cable, and use SSH to step in your Fonera+. If your Fonera+ is connected to WAN (internet), wait Power LED becomes to green before SSH to it. If no WAN connected, wait 2 minutes.

As in first step, create a new profile in PuTTY to connect your Fonera+ Parameters to configure : "Host name (or IP address): 192.168.10.1". For connection type check "SSH", port number will toggle to "22" You can save this configuration : choose a name for "saved sessions", then click "Save". Click "Open". This is first connection, so accept PuTTY security alert below)

You get the login prompt, default password for "root" is "admin

=MacosX howto= in this sections we will guide you in the unlocking process under MacosX. This is my laptop OS, so I can guarantee upon direct testing that it works like a charm.

What you need

 * 1) one computer running MacosX
 * 2) one ethernet cable patch

The server side
We need to install the Tftp program. I choose a very easy to use tftpserver.

It's called tftpserver (doh!) and you can grab it here.

Once installed, open a terminal (yes macosx is fun also with terminal) and type to create the tftp directory.

Now open the tftpserver program and change path to the tftp directory which you created in your home.



Back to the terminal and grab the image file for flashing la fonera

cd cd tftp wget http://eric.levine.free.fr/foneraplus/image.bin

Wait a while, it's 6.5 Mb of stuff.

now we can click on start TFTP in the tftpserver window

The Client side
Take a network cable, plug one end in the Fonera+ (black hole) and the other end in the ethernet port on your macbook(pro) or Imac or MacPro or Minime.

Time to give your Mac a new network address:

And now let's create a little dirty script. It will arp the network waiting for 192.168.1.1 (the Fonera+ to answer). As it answers, the script will telnet on it and send a CTRL C signal. Look, there's a tiny error in the script, in nc section, just to force the things to work. I will look later how to fix it. Anyway, it works.

Let's create the script:

Time to make it executable:

Access redboot of la Fonera plus
At this point, switch off La Fonera+.

Now execute the script:

Fill in your Mac user password and switch on the Fonera+. This little box will boot up and RedBoot will wait for 2 seconds to receive a CTRL C signal through a telnet session on his 192.168.1.1 ethernet interface.

Here what you will likely see:

Be careful: as you will see the following line:

RedBoot> ��

strike CRTL C on your keyboard and you will receive a working

RedBoot>

prompt.

Some checkings before flashing
Now, do check if you FLASH addr are shown as those following (you can do it by issuing "fis list" command):

Take a sharp look to the above output, you should get exactly the same values in your screen.

Now we make some other checkings

and another one

Once again, if you get exactly the same values on your screen , you should be able to perform the flashing.

Loading the image to la fonera with tftp
Now it's time to tftp the image.bin file from you PC to the Fonera+ and verify checksum:

Flashing
We are at a dangerous step, reprogramming the FLASH memory:

Answer "y" when it asks you to continue flashing the memory.

Resetting
Ok, you are done! The last command is a reset, to reboot your new FREE Fonera+:

Final settings and checkings
As the Fonera+ reboots, connect to you private wireless network (AKA MyPlace), and use SSH to step in your Fonera+:

Wow!!! Your Fonera+ is now FREE!

= Final settings, tweaking (all OS)=

Updating personal config from FON
Just after flashing your Fonera+ will reset with factory default settings. You can verify this going into your HTTP console on 192.168.10.1

To update your config log-on to www.fon.com, and access userzone. Select your router, and update WiFi private and public SSID names. If you don't want to change the name, please just change one letter, click on "update" button, and change again to the right name. For the private WLAN: change the WEP/WPA key encryption using the same method.

Fon.com servers will send the new config to your Fonera+. Wait few minutes and check in your local HTTP console. You don't need to reboot.

Registered or not ?
If your Fonera+ has been registered before the SSH-unlock, check on your local HTTP console status if all is OK. If logo displayed is "your Fonera+ has not been registered", it is important to change this parameters to give access to users on your public WLAN.

To do this, open SSH console :

Reboot your Fonera+, connect again to your HTTP local console, and verify the change to the logo: " Your Fonera is registered OK"

Installing packages
Official kernel version compiled for firmware 1.1.1r1 is 2.6.19.2. You can install ipk packages from this OpenWRT repository : http://downloads.openwrt.org/kamikaze/7.06/atheros-2.6/packages except for kmod-* packages. kmod packages must be installed from original FON compilation Here you can find a temporary repository for these kmod-*-fonera-1_mips.ipk packages.

Sometimes ipkg is very long to run, and memory errors can occur. Tips : "wget" your ipk package to /tmp, and then run it. Kill not needed processes with a "killall" command for : dnsmasq,chilli,fonstate,httpd,fonsmcd,crond,hotplug2,logger,syslogd,klogd,watch_chilli

Busybox upgrade
Busybox provided in original firmware by FON is very poor. Upgrading Busybox to version 1.4.2-1 will permit you to use "vi" editor, and retrieve colors for displaying files and directories. Perhaps more !

Installation is about 5 to 7 minutes, be patient. If you get error message : ipkg: fork failed: Cannot allocate memory , please kill all processes as described in "ipkg installing packages" section Reboot your Fonera+ after upgrading

Auto-updates (thinclient)
'''FREEWLAN comments welcome !! You have more experience about bricking with auto-update...'''

Edit the file /bin/thinclient :

Comment this line with a starting # like this

Insert a new line just after, like this:

Verify :

Upgrade commands files sent by thinclient are now stored on /tmp. Check messages on FON thematic boards to know if this upgrade will modify or not the firmware. As with classic Fonera, you can launch the upgrade manually. In this example " . /tmp/thinclient-20071024-0745" will start upgrade for hotfix/firmware.