FON Boards

dema

Here a proposal.
As long as many of ours still prefer to have control of our routers , and on the other side , FON needs to have a feedback of their network , I launch this proposal:
To build a script for heartbeat for dd-wrt or openwrt or self made routers.
With this we still remain in full control of our devices and FON is happy to know that his net is up and running.
Sound simple ugh !
So let's do it Smile

_________________
status: Linus
setup: ADSL2MUE linksys » Linksys WRT54GL
firmware: dd-wrt v23 sp2 09/15/06 std nokaid FON compliant
link: 1024><256 kbit/s
ISP: NGI Milano - Italy
wlan devices: apple mac book

callme on skype
Proud member of the "Borat" english speakers

Nik_Doof · Posted: Tue Jul 18, 2006 09:16 Post subject:

Sounds good, you could use the script out of the FON firmware as a starting point, after all you'll need their key to push the heartbeat anyway.

That is, of course, if FON finds it OK to do.
_________________
status: Linus
setup: ADSL » Solwise 705 » IPCop Firewall » Linksys WRT45GL
firmware: 0.6.6
ssid: fon_edwin_street
link: 8mbps / 488kbps (shaped to 128kbps / 128kbps)
ISP: Bulldog
wlan devices: Apple Powerbook, Nintendo DS

bird603568 · Fonero Joined: 18 Jul 2006 Posts: 24

hasnt this already been done? i mean sheed posted it and took it down

bird603568 · Fonero Joined: 18 Jul 2006 Posts: 24

from my source:

MAC=`nvram get il0macaddr|sed s/:/-/g`
wget "http://download.fon.com/heartbeat.php?mac=$MAC" -O /tmp/inet.html

those are the only 2 lines you need

dioid · Posted: Tue Jul 18, 2006 13:01 Post subject:

When/where is that run? I can only find access to http://www.download.fon.com/heartbeat.php from /etc/init.d/S56redirect in my FON 0.6.6 Beta, so it will only run at reboot and not periodically. Also, I don't see it passing MAC anymore, but there is a comment in the script that says it does.

Excerpt from S56redirect:

bird603568 · Fonero Joined: 18 Jul 2006 Posts: 24

no clue i didnt look at the source code but "#" only comments 1 line so its not commented out

dioid · Posted: Tue Jul 18, 2006 13:32 Post subject:

Yes, my point was that the wget in the S56redirect didn't contain the heartbeat.php?mac=$MAC but just a plain heartbeat.php which seem to contradict the comment on the line above that says that the MAC is sent to the FON server. Perhaps it's sent anyway, somehow. I didn't look at what the response is for that line.
_________________
status: Linus
setup: TP RJ-45 10Mbit ethernet connection in wall » WRT54GL with FON ))
firmware: FON Firmware (Beta 0.6.6)
link: Static IP ethernet 10><10 Mbit/s
ISP: visit.se
wlan devices: Fujitsu-Siemens Amilo A7640W laptop, Dell Latitude D420 laptop

dema · Posted: Tue Jul 18, 2006 13:44 Post subject:

I didn't find in the source the init.d file S56redirect.
Here the content of /FONbasic/package/base-files/default/etc/init.d

bird603568 · Fonero Joined: 18 Jul 2006 Posts: 24

http://72.14.209.104/search?q=cache:1dFhUd8iVoIJ:www.twindx.com/node/106/137%3FPHPSESSID%3D896364f62b47ceecd60a9175db90670a+%22www.twindx.com/node/106/%22&hl=en&gl=us&ct=clnk&cd=2&client=firefox-a

thats all i have to say. there is my source.
also
http://www.hackaday.com/entry/1234000903073775/

also the 2 lines i posted arent in the source, they are what you need to run to spoof the heart beat

mephisto · Fonero Joined: 12 Jul 2006 Posts: 7

In 0.6.6 the heartbeat has been changed. Read this post for an updated script.
_________________
--
NO SUPPORT VIA PMs - keep it public

dioid · Posted: Tue Jul 18, 2006 17:15 Post subject:

The S56redirect is in FONbasic-0.6.6/package/webif/files/etc/init.d/S56redirect and it is installed in /etc/init.d on my FON router that I got from FON with FON 0.6.6 Beta preinstalled on. It also refers to /etc/init.d/chillispot which in the source tar is FONbasic-0.6.6/package/chillispot/files/chillispot-fon.init and in fact /etc/init.d/chillispot runs in a loop mode and once per day downloads /tmp/chilli.conf with /usr/sbin/chilli_radconf (to which it passes the MAC address too) and checks if it's different than /etc/chilli.conf and if so, replaces the /etc/chilli.conf with it.

I think the main heart beat is with thinclient which is called once per hour from cron, but also in that /etc/init.d/chillispot script which sleeps about one day before each verification that /etc/chilli.conf wasn't tampered with. It also checks that chilli is up and running more often but that's only local checks as far as I can tell.
_________________
status: Linus
setup: TP RJ-45 10Mbit ethernet connection in wall » WRT54GL with FON ))
firmware: FON Firmware (Beta 0.6.6)
link: Static IP ethernet 10><10 Mbit/s
ISP: visit.se
wlan devices: Fujitsu-Siemens Amilo A7640W laptop, Dell Latitude D420 laptop

bird603568 · Fonero Joined: 18 Jul 2006 Posts: 24

why do dont you put another box between the fon and the internet and mitm attack it. dont draw andytraffic or try not to and see what happens. a good time would be over night.
_________________
www.oddree.com is a sweet tech zine

fulbrich · Posted: Thu Jul 27, 2006 09:21 Post subject:

The following lines were found at :
http://www.schlubtech.org/?p=8

I have no idea if the old mechanism still works beside the new one. Has anyone more information about it ?

--->schnipp <--------
Telnet/SSH to your router and perform the following commands, your console window should look exactly the same when you’re finished:

~ # nvram set rc_startup=”
> echo ‘00 03 * * * root /usr/bin/wget “http://download.fon.com/heartbeat.php?mac=XX-XX-XX-XX-XX-XX” -O /tmp/inet.html’ > /tmp/cron.d/heartbeat
~ # nvram commit
~ # reboot
The system is going down NOW !!
Sending SIGTERM to all processes.
_________________
Tschüs,
Frank
---------------------------------
status: former Linus quitted 04.July.2006 due to legal concers.
setup: - » -
firmware:

rolelael · Fonero A Joined: 17 Jul 2006 Posts: 36

I tried this one but I seem to make a mistake

On line 1 I enter : nvram set rc_startup=” +enter
then I get a > 'sign'
then I enter echo ‘00 03 * * * root /usr/bin/wget “http://download.fon.com/heartbeat.php?mac=XX-XX-XX-XX-XX-XX” -O /tmp/inet.html’ > /tmp/cron.d/heartbeat +enter
the > stays there ???
If I enter nvram commit , it doesn't do anything , also the reboot doesn"t do anything

any help ?

R
_________________
status: Linus
setup: Cable Modem » Linksys WRT54GL
firmware: dd-wrt v23 sp1 overclock to 216 mhz
link: 10Mbps DOWN ><256 kbit/s UP
ISP: Telenet - Belgium
wlan devices: acer aspire 1694 wlmi

AustinTX · Posted: Thu Jul 27, 2006 18:53 Post subject:

Strolls · Fonero A Joined: 28 Jul 2006 Posts: 35

mathsped · Fonero A Joined: 24 Jul 2006 Posts: 44 Location: Denmark

So if he were to do it like this, it could work ? (Can't try myself)

~ # nvram set rc_startup="
> echo ‘00 03 * * * root /usr/bin/wget http://download.fon.com/heartbeat.php?mac=XX-XX-XX-XX-XX-XX -O /tmp/inet.html’ > /tmp/cron.d/heartbeat
"
~ # nvram commit
~ # reboot

~ # nvram get rc_startup (check what was comitted)

p.s. also removed the quotation marks around the URL as I doubt wget would understand them ? (Note; just leave the quotes anyways)

Edited to remind me

Strolls · Fonero A Joined: 28 Jul 2006 Posts: 35

Have edited my post for clarity. I hope it makes better sense now. But it'd be great if you could play around with the examples before posting any more questions about this.

Once you're comfortable setting foo to be bar with two carriage returns after it, can you tell use what `nvram set rc_startup` shows?
Can you set set rc_startup to be bar with two carriage returns after it, and can you set it back again? Worst case is you have to stick a paperclip in the back of your router.
Finally, re-read my previous post & see if it makes sense.

dioid · Posted: Fri Jul 28, 2006 07:03 Post subject:

Another thing is why go to the trouble of running /usr/bin/wget “http://download.fon.com/heartbeat.php?mac=XX-XX-XX-XX-XX-XX” once per day when it's not used as heartbeat by fon anymore. In firmware 0.6.6 it is run once at boot and it is run without mac address in argument, it is just getting http://download.fon.com/heartbeat.php with wget. But if you want to announce to fon that you read the "hacking" hint on how to pretend to be a fon router (or that you are running old fon firmware), sure, go ahead, I won't stop you. See previously in this thread message by mephisto who links to another thread that discusses the current heartbeat (with thinclient and chillispot scripts).
_________________
status: Linus
setup: TP RJ-45 10Mbit ethernet connection in wall » WRT54GL with FON ))
firmware: FON Firmware (Beta 0.6.6)
link: Static IP ethernet 10><10 Mbit/s
ISP: visit.se
wlan devices: Fujitsu-Siemens Amilo A7640W laptop, Dell Latitude D420 laptop

Strolls · Fonero A Joined: 28 Jul 2006 Posts: 35