La Fonera Hacked Again. 0.7.2 Firmware is hackable

Kolofonium is the new hack for La Fonera routers with 0.7.2 firmware loaded to enable SSH. It is described in detail at Stefan’s website.

The hack is really simple: All one must do is login to your La Fonera and change the nameserver (DNS) of your La Fonera to and reboot. What this does is allow Stefan’s website to send the hack back to your router for you. Meaning you don’t really have to do a thing. After the router reboots you should be able to connect via SSH. This should work with other firmwares, too so please leave feedback. Please change the nameserver according to your ISP or network setup after the reboot.

Working on latest firmware release 0.7.1-2.

To enable just do the following:

  1. connect to web interface of la fonera via “My place”
  2. change the dns to
  3. reboot la fonera
  4. Download Putty and Connect via ssh access
  5. change the DNS entry once logged in to the one of your choice ( I suggest OpenDNS )

If you are not familiar with OpenDNS i suggest you go to I just added it to all my routers 🙂 its very simple and saves time.


18 responses to “La Fonera Hacked Again. 0.7.2 Firmware is hackable

  1. Probably a newbie question 😉
    I can’t change the DNS to when I am connected to the web interface ( of la fonera via “My place”.
    Please, what do I miss?

  2. you connect wirelessly and its under the setup options to change the DNS

  3. in the 3rd step when you say reboot the fonera what do you mean by that?
    Power off followed by power on again?

    Thanks in advance

  4. ok so i got ssh access can i upload dd-wrt firmware??

  5. Yes you can. just have to boot into it

  6. well i like how it hacks it remotely but it doesn’t look like it keeps ssh enable and auto update disabled.

    so i followed everything upto ip_address -l -h
    fis init
    load -r -v -b 0x80041000 root.fs
    fis create -b 0x80041000 -f 0xA8030000 -l 0x002C0000 -e 0x00000000 rootfs
    load -r -v -b 0x80041000 vmlinux.bin.l7
    fis create -r 0x80041000 -e 0x80041000 -l 0x000E0000 vmlinux.bin.l7
    fis create -f 0xA83D0000 -l 0x00010000 -n nvram

    after i load root.fs and want to load it the fon never does anything i tryed 3 times and once left it for 20 mins

  7. Work perfect on my Fonera. It came with version 0.7.1-r3. And now it’s unlocked!
    Thanks .

  8. So is this working with 0.7.2r2?

  9. no, it will not work with 0.7.2-r2

  10. I have a 0.7.2-r3 and it refuse to do any tricks. If any body know a way of reflashing it. Please let me know.

  11. i have a r3 and i am the same no ssh and minimalistic clames he has done a r3 i have read that you can do upto 5 but i dono if its true.

  12. Has anyone found any information on how to do the hack on 0.7.2 r3? Please post if you have…Thanks.

  13. If i had a R3 i would post my results however i do not have access to a R3. Someone care to send me one?

  14. I have an R3. All my internet is wireless though, so I was unable to successfully test the DNS hack above. (agreement with the neighbors).

    I am able to use a serial cable borrowed from a friend, and that seems to be working though.

  15. Sorry. I just typed in a junk website to submit the form, and it ended up pointing at a linkbait site. If someone could remove my link above or point it somewhere nicer, that’d be nice.

  16. The DNS server doesn’t respond 😦

    It’s Down, how can I hack my 2100 fonera?

    I have telnet closed for redboot, so i don’t know what to do.

  17. The Kolofonium server address has changed! You can retrieve the correct address by resolving the hostname “”, e.g. by issueing a ping request. The hostname will always point to the right IP address you can use as fake DNS server.

  18. does this work with fw.0.7.2 r1

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s