La Fonera flashing

La Fonera

In my repeater post, I mentioned that I had a La Fonera I was planning on flashing next. Fon routers can be tricky; they phone home to determine if there’s new firmware to be installed and then upgrade automatically. If you’re not careful, it’ll patch all of its security holes before you get a chance to hack it.

I had two La Foneras on hand. One was new-in-box and, from my memory, quite a few years old. The other I snagged from the donor gear table at Crash Space last week. I figured if I was putting in the effort to flash one I might as well do two (and then return it new and improved). I followed DD-WRT’s flashing guide and ran into a few different hurdles along the way.

I plugged in the Crash Space La Fonera first and connected. By default, Foneras have an SSID of MyPlace with the WPA password set to the serial number. The status page said the firmware version was 0.7.1 r2. The first step in flashing is getting the SSH daemon started. For a firmware this new, you have to make the router connect to your spoofed RADIUS server in order to launch SSHD. Luckily, the folks at datenbruch.de developed the kolofonium method. I pointed my router at their DNS, 188.40.206.43 at time of writing. When the Fonera attempted to connect to Fon it used the datenbruch RADIUS server instead and launched SSHD. The rest of the flashing process went ahead normally. The last thing I had to do was update the boot script since it has changed in v24 RC7 and later.

The new-in-box router had firmware 0.7.0 r4. Older Fon firmware like this only require a simple script injection in the admin interface to start SSHD. The rest of the flashing procedure was the same.

I’m glad I’ve got these two devices flashed to DD-WRT, a much more fun firmware than stock. The only disappointment was discovering that this version of DD-WRT doesn’t support repeater mode, just client.

Leave a Reply