Home    Articles     Fun with La Fonera     2 Hacking the Fonera
Previous  1  2  3  4  5  6  A  Next 

Gaining access
There are several ways to get access to the firmware of your Fonera. Thanks to Stefan Tomanek and Michael Kebe it is very easy to enable ssh access on your Fonera, see http://stefans.datenbruch.de/lafonera/.
With ssh enabled you can use LaFonera Software Flashing guide

You can find more information about flashing at:
- http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera
- http://www.fonerahacks.com

If you plan to flash your Fonera more often it realy is worthwile to solder yourself a serial interface. This is discribed at http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port

My Fonera had a new circuitboard:

From the DB9 connector with MAX 3232 chip there are four wires that lead to a four pin connector on the circuitboard.

Yellow is +3.3V Black is Ground Brown is RX Yellow is TX

Looks pretty good after spending some time:


Using Redboot and tftp to flash your Fonera

You need a PC, serial cable from PC to Fonera and a running tfp server (like tftpd)

Start Hyper terminal and make a connection with the following settings:


Next power on La Fonera. Hyper terminal should show output like:

+Ethernet eth0: MAC address 00:18:84:82:f8:50 IP: 192.168.1.1/255.255.255.0, Gateway: 0.0.0.0 Default server: 192.168.1.254 RedBoot(tm) bootstrap and debug environment [ROMRAM] Non-certified release, version V1.00 - built 10:37:27, Dec 12 2006 Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc. Board: FON1 RAM: 0x80000000-0x81000000, [0x80040aa0-0x80fe1000] available FLASH: 0xa8000000 - 0xa87f0000, 128 blocks of 0x00010000 bytes each. == Executing boot script in 2.000 seconds - enter ^C to abort

Press ^C within 2 seconds:

^C RedBoot>

Now tell RedBoot what Ip to use which IP to find a tftp server:

RedBoot> ip_address -h 192.168.39.200 -l 192.168.39.116/24 IP: 192.168.39.116/255.255.255.0, Gateway: 0.0.0.0 Default server: 192.168.39.200

Load the kernel image:

RedBoot> load -r -b %{FREEMEMLO} fon-7.1.5-jh-0.1-vmlinux.lzma Using default protocol (TFTP) Raw file loaded 0x80040c00-0x800c0bff, assumed entry at 0x80040c00

Initialise fis:

RedBoot> fis init About to initialize [format] FLASH image system - continue (y/n)? y *** Initialize FLASH Image System ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

Create the kernel in flash memory:

RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7 ... Erase from 0xa8030000-0xa80b0000: ........ ... Program from 0x80040c00-0x800c0c00 at 0xa8030000: ........ ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

RedBoot> fis free   0xA80B0000 .. 0xA87E0000

Load the rootfs image:

RedBoot> load -r -b %{FREEMEMLO} fon-7.1.5-jh-0.1-root.squashfs Using default protocol (TFTP) Raw file loaded 0x80040c00-0x801c0bff, assumed entry at 0x80040c00

0xA87E0000 minus 0xA80B0000 = 0x00730000. use that to create the rootfs:

RedBoot> fis create -l 0x00730000 rootfs ... Erase from 0xa80b0000-0xa87e0000: .......................................... ......................................................................... ... Program from 0x80040c00-0x801c0c00 at 0xa80b0000: ........................ ... Erase from 0xa87e0000-0xa87f0000: . ... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

Reboot the router:

RedBoot> reset ... Resetting.

Previous  1  2  3  4  5  6  A  Next