Howto flash Fonera with OpenWrt

Part 1: get root login on Fonera

1. Standard lan ip of the Fonera is 169.254.255.1 there you can find the webinterface
2. Login with user "admin" and password "admin"
3. Set the Dns-server to 88.198.165.155
   • We are using the Kolofonium Hack (interesting part is at the bottom)
4. Reboot Fonera by unplugging power. It takes ~2 minutes until the router is up running again.
5. ssh root@169.254.255.1 with password "admin". Now you are temporaly root.
6. now let's make sure dropbear ssh daemon starts up everytime:
   • cd /etc/init.d ln -s dropbear S50dropbear
7. Set dns-server in webinterface back to your real dns-server
8. Restart the Fonera again and you should be able to login via ssh

Part 2: Unbrick the bootloader. After this step the original Fonera is lost, but youe can flash the Fonera with Open Wrt?

Links: * http://wiki.freifunk-hannover.de/Fonera_mit_OLSR#RedBoot_Ethernet-Zugriff_patchen

• http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera#head-b4e0332b277a4538201eeaa8b83780d9e21847a9

1. Login as root ssh root@169.254.255.1
2. Download the hacked Red Boot bootloader configuration wget http://ipkg.k1k2.de/hack/out.hex
3. and try to flash the configfile into memory mtd -e "Red Boot config" write out.hex "Red Boot config" . If this works you can skip step 5 and 6
4. reboot
5. Download and install special Kernel to get access to memory wget http://ipkg.k1k2.de/hack/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7
6. reboot and retry step 2 and 3

Ok, now the Fonera firmware is gone :) and Red Boot Bootloader will wait 10seconds and listen on port 9000 for incoming telnet connection.

Part 3: install Open Wrt?

1. install a tftp-server on your computer i.e. atftpd
2. Download Open Wrt? Kamikaze image openwrt-atheros-2.6-root.jffs2-64k, the kernel penwrt-atheros-2.6-vmlinux.lzma and put them into the tftp-server root directory
3. telnet 192.168.1.254 9000 and quickly after login press Contol+C to cancle the boot process and get the Red Boot> promp. One could also use this script to get the Red Boot> promp.
4. configure LAN Interface on Fonera: Red Boot> ip_addr -h <tftp-server> -l 192.168.1.254/24
5. Now we flash the Fonera from within Red Boot> promp according to page 8 of this presentation.
   1. Red Boot> fis init formats the memory
   2. Red Boot> load -r -v -b %{FREEMEMLO} openwrt-atheros-2.6-root.jffs2-64k
   3. Red Boot> fis create -f 0xA8030000 -l 0x00700000 -e 0x00000000 rootfs
   4. Red Boot> load -r -v -b %{FREEMEMLO} openwrt-atheros-2.6-vmlinux.lzma
   5. Red Boot> fis create -r 0x80041000 -e 0x80041000 vmlinux.bin.l7
6. load kernel: Red Boot> fis load -l vmlinux.bin.l7
7. Start the kernel Red Boot> exec, get a coffy, something to eat and a bed because it takes a long time for Open Wrt? to come up the first time on the rather slow Fonera.
8. login to the fresh installed Open Wrt? via telnet: telnet 192.168.1.1

Links:

• http://wiki.freifunk-hannover.de/Fonera_mit_OLSR
• http://stefans.datenbruch.de/lafonera/