Is You Geeked Up? | Technology Blog for the Computer Geek | isyougeekedup.com

http://www.fonerahacks.com

Yep, that’s what I’ve been up to lately. Many people seemed interested in the aircrack video I had posted here a few weeks ago so I figured I’d make another website dedicated just for the Fonera. I also noticed the lack of comprehensive, easy to understand tutorials regarding flashing procedures, so I decided to make some myself.

The site has many tutorials and guides with screenshots to help you flash the firmware. There is also a growing forum where you can get your questions answered.

I also have 15 invites to give away for people who register for the forums and follow these simple instructions.

Here’s a really cheap way to make a battery pack for the Fonera. It runs off of 4x AA Batteries, which would give the Fonera 5-6 volts (depending on type of battery). The AC adapter that comes with it says it provides 7.5v on the plug, but I measured 8.5v with a DMM. I knew 4x AA batteries would work because I have another Fonera running off of 5v power from the USB bus.

1. First, you need to get a battery holder. I found this one from Radio Shack to be perfect. It’s great because it has an on/off switch built right on and it’s only $1.99.

2. Cut the connector off of the Fonera AC adapter. Leave about 2-3 inches of wire on the end.

3. This is important. You need to figure out which wire is positive and which is negative. On the AC adapter that came with my Fonera 2200, the dotted lines indicated the negative wire and the writing indicated positive.

4. Solder the wires together (red to positive, black to negative). Use flux if you’re having trouble making the solder stick.

5. Then you’re going to have to cover the solder points. I used electrical tape to cover each point individually, then I wrapped the entire area with the tape.

6. Throw some batteries in and you’re done. Use velcro or double sided tape/adhesive to attach the battery pack to the Fonera. I would estimate about 8 hours with the wireless on, but it may vary depending on the batteries used.

The DD-WRT firmware for the Fonera does not support packet injection as it does not have the proper patched Mad-wifi driver. I’ve tried to make injection work with the DD-WRT firmware, but to no avail. As soon as injection begins, the router immediately freezes up. I am not going to go into the process of flashing open source firmware. You can find that guides for that at FoneraHacks.com

A quick rundown of what was done:

* Mount network share for capture files (Fonera does not have enough memory to store capture files)
* Create wireless interface “ath1? in monitor mode
* Start airodump to get quick snapshot
* Restart airodump with “–bssid” option to cut down on file size and “-w” to specify write location
* Start aireplay in fake authentication mode
* Once attack has completed, start aireplay in replay mode
* Collect 35,000 - 60,000 packets (for 128-bit WEP)
* Use aircrack-ptw to decrypt the key

More:

Some of you may be familiar with Fon and the Fon movement. Fon is a company that sells (used to give em out for free) wireless routers for a pretty cheap price. Catch is, you have to agree to share you internet via the wireless network made by the Fon router. Thanks to the Open Source community, alternative firmware is available. Among the choices are DD-WRT, OpenWrt, and Legend which are all Linux based. Although the flashing process is not easy, the payoff is worth it.

DD-WRT has a great interface which lets you control almost every setting. Unlike the default firmware that doesn’t even include static DHCP entries, DD-WRT unlocks a full suite of network tools and functionality. It also comes with ipkg, a package installer which makes installing additional software a breeze. Speaking of additional software, aircrack-ng immediately came to mind. Good thing these new routers have an Atheros chipset or else packet injection would be useless. I installed and gave the aircrack-ng suite a whirl. Sniffing worked fine, but injection was a different story. As soon as I started sending packets, the console froze and the router rebooted. Unfortunately, DD-WRT didn’t have the patched Mad-Wifi drivers required by aircrack-ng

After some searching, I ran across Legend. This is a different firmware based on the OpenWrt platform, but it claimed to support aircrack-ng and included patched Mad-Wifi drivers. I decided to give it a try and I’m glad I did. Aircrack was already installed and good to go after the flash. After running a few tests, I was able to fake associate and replay packets through my home AP! Instead of using the adapter that came with the Fonera, I modified it to recieve power from a USB port. It would then be possible to connect to the Fonera through the onboard ethernet port. I tried injection while being wirelessly connected simultaneously, but as soon as I started the injection process, the router immediately locked up. Oh well, I can still use the Fonera like an external wireless card to perform my pentesting, not to mention it’s essentially a very basic, but portable Linux box!