Here's the way to hack fonera plus to get the access of SSH.
You would need these below:
1. telnet client (pietty also support telnet)
2. ssh client (pietty)
3. tftpd (tftpd32)
4. image file (choose oone of it. image.bin , Firmware_FrancoFon.bin )
FrancoFon one would be better. After you hacked, it would already support vi, etc. As below would take the FrancoFon one as example.
step 1:
set your computer IP 192.168.1.254 , mask 255.255.255.0
Connect it with fonera plus. Do not turn on fonera plus right now.
step2:
The moment telnet to the fonera plus would be a tricky in this step.
Set all already before power up the fonera plus.
telnet 192.168.1.1 9000
Once you power up the fonera plus, start try to telnet to it. If succeed, you would get the message as below.
== Executing boot script in 0.370 seconds - enter ^C to abort
^C
RedBoot>
step 3:
Unzip tftpd file and put firmware_francofon.bin into the same folder where tftpd is.
Run tftpd.
step 4: 
Please be careful and follow the direction below.
( The text behind "RedBoot>" would be the commend you have to type, others are what you would see. )
RedBoot> fis delete image
Delete image 'image' - continue (y/n)? y
... Erase from 0xa8040000-0xa8270004: ....................................
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> load -r -b 0x80100000 firmware_francofon.bin
Using default protocol (TFTP)
Raw file loaded 0x80100000-0x8033703f, assumed entry at 0x80100000
RedBoot> fis create -b 0x80100000 -l 0x00237040 -f 0xA8040000  -e 0x80040400  -r 0x80040400 image
... Erase from 0xa8040000-0xa8277040: ....................................
... Program from 0x80100000-0x80337040 at 0xa8040000: ....................................
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
It would take up to 10 minutes or more. Please be patient and do not type anything during waiting. Otherwise would get error and need to start up it again. You would see Redboot> again after it is already to continue.
step 5:
RedBoot> reset
Now all the setting has been reset and can access via SSH to fonera plus now. You may go to WebGUI to do more setting.
optional:
You may get an error message about the fonera plus didn't registered. You can use the commend below to solve this error.
# echo 1 > /etc/config/registered
Also you would be able to change the firewall setting weather to open SSH to WAN or not. The default setting would be YES. Please deny it for security concern.
/etc/firewall.user
refer to:
http://www.francofon.fr/modules/mediawiki/index.php/La_Fonera_Plus/Ouvrir_ssh_sans_cable
http://www.fonboard.nl/wiki/HowTo_Foneraplus_unlocking/en
Thursday, November 8, 2007
Subscribe to:
Comments (Atom)
