Fonera 0.7.2 r3 Hacked !!!!

This could be it people. I get people from all over coming to read my blog because of the former post and tutorial I did on hacking the La fonera, but a lot of people have come here in hopes of a new hack. Some have come looking for a R3 hack. It appears this wait is over.

* First this is not my hack or tutorial so I have no way to verify this info is 100% working. I would be willing to try this on someone elses router should someone sent it to me.

In the newest firmware FON had blocked the “internal” DNS that is used for downloading updates. This rendered the modification of the DNS useless or so they thought!

In order to preform the new hack you must have the following:

  • You must have a Router
  • You must be able to set the Routers IP to :213.134.45.129
  • You must be able to set the Routers DNS to: 88.198.165.155

First make sure your router is not plugged into the internet. Next connect to the La Fonera (default MyPlace) and access http://192.168.10.1 /. Once logged in go to Advanced Options / Connect and insert 213.134.45.200 as IP, 255.255.255.0 as the subnet, 213.134.45.129 as the Gateway and DNS. Then save the La fonera and restart. It should revert the firmware back to 0.7.1 r1. *note some people said you may have to reboot the La Fonera a few times in order for this to work.

    Now save the below cost as a HTML doc.

    < HTML >
    < head></head><body><center >
    < form method=”post” action=”http://192.168.10.1/cgi-bin/webif/connection.sh” enctype=”multipart/form-data” >
    < input name=”username” value=”$(/usr/sbin/iptables – INPUT 1 – p tcp –dport 22 – j ACCEPT && /etc/init.d/dropbear)” / >
    < input type=”submit” name=”submit” value=”Submit” / >
    </form >
    </center></body></html >

    Once you have executed this command you can loggin via SSH and follow the other tutorials on hacking the firmware.

    Quick setup would be:

    1. Set the non-fon router IP to 213.134.45.129
    2. Set both primary and alternate DNS on non-fon router to 88.198.165.155
    3. Plug Fon router into the non-fon router
    4. Connect via the private wireless (MyPlace) to the Fon router
    5. Navigate to 192.168.10.1
    6. Click on Advanced Options / Connect. Select static IP and enter 213.134.45.200 as IP, as a mask 255.255.255.0, and 213.134.45.129 both as a gateway and as DNS.
    7. Then push the reset button on the router or unplug the router and replug it in
    8. Wait for the router to reboot(at least 3 minutes) and then wait another 5(Just in case)
    9. Try to SSH into 192.168.10.1 via the wireless
    10. If that does not work, do 7 to 9 over again

    After I SSH’d into the router I disconnected the fon router from the non fon router and flashed the firmware.

    Advertisements

    36 responses to “Fonera 0.7.2 r3 Hacked !!!!

    1. wow… what a roundabout way to get to kolofonium

    2. It’s fake.

    3. It doesn’t work here either

    4. sorry guys.. wish i could test the validity of this but i cant.. sorry if it doesnt work if you get it to work let me know.

    5. I was able to get this to work and another member was also on the DDWRT forums where I originally posted these steps. The numbered steps are a direct copy/paste from from my post here:
      http://www.dd-wrt.com/phpBB2/viewtopic.php?t=25354

      I suggest posting there with issues/success

    6. this definitely worked on my 7.2 r3. I was able to flash ddwrt on it easily.

      Thanks so much for posting this.

    7. Downgrading Fonera 0.7.2 r3 without an extra router.
      I found a solution to use a pc as router, if you dont have an extra router you can set up for downgrading the fonera using the dns-injection trick.
      What you need is:
      PC with two network interfaces (wlan and regular nic worked fine for me)

      I did the following:
      1. Connect your pc to your fon router (through private wlan, default is called MyPlace) and access 192.168.10.1 using a web browser. Click on Advanced Options / Connect. Select static IP and enter 213.134.45.200 as IP, as a mask 255.255.255.0, and 213.134.45.129 both as a gateway and as DNS. Apply and close.
      2. Connect the Fon to my PC with the cable included in the packaging (my nic has autosense and could connect straght away, you might need a crossed cable if your nic cant autodetect this.)
      3. Connect to the wlan access point that is connected to the internet using your wlan in your pc. (if you have two nics, connect your computer using a cable to your internet connection)
      4. Go to network connections and right click your nic that is connected to the internet. Go to properties. Click advanced and click “Allow other network users to connect to the internet through this computer’s internet connection”. Click General tab.
      Go to TCP/IP click properties again. On alternate configuration
      set Preferred DNS Server to 88.198.165.155.
      5. Now set your other Nic (that is connected to the fon router) (it will be set to 192.168.0.1 by default) to 213.134.45.129
      6. Just to make sure dns cache on your pc is cleared, Click Start-Run write CMD then press enter. in the prompt write ipconfig /flushdns then press enter.
      7. Reboot your fonera. If you have access to another pc with wlan, try connecting to the MyPlace again and check status tab on the web interface on the router (this is what i did). Is it 7.1 r1? then you’ve been downgraded and can continue flashing. Otherwise try rebooting the fonera (make sure you are still sharing your internet connection on your pc while rebooting the fonera). Took me 3 tries before it flashed to the old version.

      Thanx for the tutorial!

    8. i think that a lot of the people having problems with this might be those people with a limited understanding of what to do at the stage where you say “Now save the below cost as a HTML doc.” and supply some html code.

      a lot of people wouldn’t know what to do with that and it is not explained very well at all.

      from my (limited) understanding, what you are doing is fooling your fonera into thinking it is connecting to it’s regular update server when in fact it is connecting to a web server created by you to tell it to downgrade it’s firmware.

      it connects to the IP addres sis thinks is it’s update server, when in fact it’s actually connecting to your router spoofing that IP address and then redirecting it’s ‘phone home’ signal to a webserver running on your PC with the above html file set as the homepage.

      if this is he case then I think it would be a good idea to expand your guide for people who are unsure how to do this as not everyone wanting to re-flash their fonera will know how to do this.

      a link to a simple webserver app and instructions on fowarding the port on your router etc. might go a long way to helping people understand the guide better.

      as it is, i think I understand it and have had a go at getting all this working but i’ve still failed to downgrade my firmware so I’m obviously doing something wrong. :o(

    9. I did hack my Fon today. I used google to find some info, and found this guide. And it worked. Now I use my Fon as a wireles bridge to my xbox.

      Thanks!

    10. after doing some more investigation it looks like I’ve totally misunderstood what was happening and I was wrong about all the webserver stuff (where’s the delete post button when you need it!).

      rather than what I thought was happening it seems to be basically the kolofonium hack but being a little bit cleverer in fooling the fonera into thinking it’s going to it’s legitimate update server when infact you’ve re-directed it to the kolofonium dns server instead.

      i think my confusion came from thinking that the non-fon router needed to be disconnected from the net to avoid communicating with the outside world, wheras it’s just the fonera that needs to be disconnected until after it’s IP & DNS settings are changed, then it needs to be plugged into the non-fon router after that has been configured to point to the kolofonium server.

      maybe that could be made clearer in your tutorial so others don’t make the same mistake as I did?

      thanks again though, I think I’ll have it sorted in the morning, but it’s too late now and I’ll need to do a lot of messing with my home network to get it all working (and adsl2mue, 3x wrt54gs’s with WDS and 6 wifi clients and 3 wired ones) and I don’t want to mess it up. but once i have this figured out I can ditch the extra wrt’s and wired clients and go totally wifi and avoid having to rewire my whole house. :o)

    11. Got it all sorted thanks. A couple of things worth mentioning though. It did take a few of the 30 second resets before the router downgraded itself, so be patient. Also, after I got SSH enabled permanently I was not able to connect it to the net to access the needed downloads, so I had to return my main router to it’s default config to give the fonera net access again and after a little while it re-upgraded it’s firmware to 0.7.2 r3 BUT SSH was still enabled and this did not cause any issues at all and I was still able to re-flash the fonera with dd-wrt without problems.

    12. Since I have a BT router i could not change my ip address, but the NoRouter solution it worked like a charm! Thx

    13. Thanks for your information.
      It is work for me. My La Fonera has been downgraded to 0.7.0 r5.

      Thanks again! 🙂

    14. hi , anyone can confirm that it can be done without the extra router?
      i only have one modem

    15. Richardo, I will try it without another router. I have got a Linksys, but first I’ll use without it. Be patient, I’ll send some info about it.

    16. Zoltan, Is it works now or not because i try to make it work but neither two way can fix my fon it still has 0.7.2 r3

      what I do wrong?

      Please I was a little help

    17. Unfortunately I realized a little too late that I grabbed the wrong Fon when preparing to leave the country, (I’ve got 3, one was stock)… Once I got to the hotel I was faced with a dilemma: No wireless.

      What I had:

      – Fon with 0.7.2 r3
      – MacBook Pro with Leopard
      – 4 port switch

      What I did:
      Preparation:
      – Turned off DHCP on the MacBook’s en0 (Ethernet) port
      – Connected the switch to the wall
      – Connected the MacBook to the switch
      – Connected the Fon to the switch

      1) Connected to the Fon’s MyPlace
      1a) Set the Fon’s IP to 213.134.45.200
      1b) Set the Fon’s gateway to 213.134.45.129
      2) Opened a Terminal on the mac
      2a) Typed `sudo ifconfig en0 213.134.45.129 netmask 255.0.0.0` (Without backticks; Figured the netmask couldn’t hurt, figured it was going to be more complicated than it was)
      3) Configured Internet Connection Sharing
      3a) Shared from Ethernet to Ethernet (Awesome feature, thanks Apple!)
      3b) Turned on Internet Connection Sharing
      4) Set the DNS on en0 (Ethernet) to 88.198.165.155
      5) Turned off the Wireless
      5a) Turned on DHCP on en0 (Ethernet)
      6) Hit the reset button on the Fon,
      6a) Waited until the Fon’s lights all came up
      6b) Turned on AirPort
      6c) Connected to MyPlace via AirPort
      6d) Checked http://192.168.10.1/cgi-bin/status.sh
      6e) If the version was still 0.7.2 r3…
      7) Turned off DHCP on en0 (Ethernet)
      7a) Go to step 5

      (This took 3 iterations of steps 5-7a for me)

      What I got: My firmware was reverted to 0.7.1 r5!

    18. I followed the basic procedure (using my router) on a new 7.2 r3 and it reverted to 7.1 r1. Note this this alone will not open SSH. Also, my router was NOT connected to the internet, so I have no idea why this works.
      It took many resets.

    19. Ok, if you get to to 7.1 r1, then I did this:
      I have a linux box running on my lan.
      My pc is connect to the lan and the fon.
      I put step1.html:

      And step2.html:

      on the linux box’s web server and browsed to them.

      (which do the exact same thing as fondue.pl, but since the linux box is not on wireless, I ran these on the pc which is on both networks)
      Bingo, SSH connects. Log in as root/admin.

    20. Pingback: Salusa Secundus » Hack d’une fonera 2100 avec le firmware 0.7.2 r3

    21. hai.. I have a Mikrotik Tutorial site. It pretty much covers Mikrotik related stuff. Come and check it out if you get time 🙂

    22. I should’ve hacked my fonera a long time ago but I didn’t

      The DNS server at 88.198.165.155 is down for and I have 0.7.2 r3 and I want to downgrade. Any chance I can still do this? 😦

      Maybe any info on how I can set up my own DNS server? I have no idea what I could possibly do

    23. The Kolofonium site states that server address has changed and that: “You can retrieve the correct address by resolving the hostname “kolofonium.datenbruch.de”, e.g. by issuing a ping request. The hostname will always point to the right IP address you can use as fake DNS server.”

      At the moment its set to: 188.40.206.43

    24. kolofonium hack still work? (As of 2010.6.4)
      I try new IP(188.40.206.43), but i can’t.
      my fon ver is fon2200(0.7.2r3).and downgraded to
      0.7.1r2(not 0.7.1r1).
      any idea?

    25. 188.40.206.43 is alive, I just downgrade my FON from 0.7.2.

    26. Pingback: paulocabido.com » Hacking La Fonera router (rev 2200)

    27. I can not downgrade my fon.t It is a 0.7.2 r3, and I have it connected to my router. So what i do is change the ip to static and put the kolofonium dns. After y reboot the fonera, and i wait several minutes, after i connect to the fon wireless and try to make the ssh. Nothing change. I´ve tried it several times.

    28. Thank you. 🙂

      I managed to downgrade my 0.7.2 r3 fonera to 0.7.1 r1
      I only used a different DNS as the DNS above didn’t reply to my ping requests.
      I used 188.40.206.43 for the DNS.

      It took me 2-3 restarts as well.

    29. Following the post of Blast I was able to downgrade my Fon to 0.7.1r1 in the first restart.

      Only the following 2 things I did different.
      1) I used connection sharing from my Airport connection to Ethernet (instead of ethernet-ethernet). Airport connection was connection to a non-fon device and fully usable. (Used my ipad to check the status of the Fon Myplace wifi).
      2) Updated the DSN server to the ip address Paul mentioned.

      Thx!

    30. Puh, this really has been hard work! I think I needed more than 15 reboots but finally it worked. My problem was that after the reboots I ended up with version 0.7.2 r2, then 0.7.1 r5, then again 0.7.2 r3, then some time 0.7.1 r3 and back to 0.7.2 r3. It looks like the box will update to 0.7.2 r3 if you just wait after the reboot. So for me the following did the trick: unplug the lan cable immediately as soon as the wlan light comes up again after the reboot. For the reboots I used the 30 sec reset-method.
      Thanks for the guide and all the tips.

    31. It wouldn’t change the IP address for me, but I plugged it into ethernet (internet) and it worked

    32. Can anybody reach kolofonium.datenbruch.de?

    33. Not working for me, maybe too old post ?

    34. Can anybody reach kolofonium.datenbruch.de, today?

    35. Uli, kolofonium.datenbruch.de can not be pingged/reached because it does not exist anymore.

      Michael & Stefan have hacked the fonera:
      http://stefans.datenbruch.de/lafonera/

      I own serval fonera’s that have a higher firmware installed than 0.7.1-2 and like to put DD-WRT or Gargoyle firmware on them so they would have some purpose again.

    36. Stefan’s kolofonium site kolofonium.datenbruch.de is down. Does 88.198.165.155 do the same hack? It seems to be alive, still.

      I would be glad about a quick answer.

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s