Comments on: La Fonera+ hack it if you can

By: Coova.org » Blog Archive » Project news

Coova.org » Blog Archive » Project news — Sun, 30 Mar 2008 16:23:29 +0000

[...] great to see CoovaChilli and CoovaAP being used and supported by more companies and projects! FON has been using CoovaChilli, Open-Mesh.com plans to, supported by Worldspot, and Coova officially works with Radiator. In fact, [...]

By: oxy

oxy — Sat, 13 Oct 2007 17:22:13 +0000

Not sure why FON insists on closing these holes. If they were to open it and add SD memory etc, they would sell loads more!

By: steven

steven — Wed, 05 Sep 2007 19:25:59 +0000

Try Cain from the site oxid.it you can arp poison a pc…and get their dns requests translated… like disney.com becomes playboy.com

By: sid77

sid77 — Tue, 04 Sep 2007 09:34:44 +0000

hi, interesting post
As written by Tommie, trapping dns requests isn’t really difficult: take a look at my “How to transparent proxy la fonera via tor” howto: the firewall script does it as first rule after default policy setup.

By: Tommie

Tommie — Fri, 31 Aug 2007 23:58:15 +0000

I also experimented with the fonera. By redirecting the DNS request on my router, I was able to fake the radius server and replace the hotspot configuration – I was able to verify this by watching the resulting DNS queries after adding hosts to uamallowed. However, the fonera plus does not execute the “ipup” code injected by Kolofonium. I did not check whether my site was blocked, I’ll do that on my next try. I’d also appreciate getting my hands on the firmware images

By: antonde

antonde — Wed, 29 Aug 2007 10:40:40 +0000

@Lama just arrived today la fonera+ for betatesting welcome package.
1)that’s why people didn’t notice activity to download.fon.com on port 1937
2)I just monitoring with tcpdump the dns query
3)I think I don’t get this point . How did you manage to spoof DNS on lafonera+?
4)me neither not so skill in kernel and redboot but you can send I can pass to linux guru Anselmi.
5)your english is perfait

Bye Anton

By: Lama Bleu

Lama Bleu — Wed, 29 Aug 2007 10:20:06 +0000

Hi from France.
Same result on the fonera+ here except this :
- thinclient is always working to fatserver.fon.com on port 1938, with a new SSH key.
- have seen too DNS query every minute ( type TXT). New heartbeat ?
- I made my own radius server, and DNS spoofing to radius01.fon.com :
the line uamallowed is still working ! ( I can add my own site).

Redboot is avalaible so :
New and interesting : i made a dump off all the flash partitions, Redboot bootloader, rootfs and kernel and FIS directory.
Seems to be compressed by LZMA and perhaps encrypted. I can send you the dump by MP. I can’t do nothing with this, and I have a bad knowledge of kernel booting.
I can try to boot fonera+ on ramdisk if you need some testing.
Sorry for this bad english..
Regards.