Friday, November 24, 2006

La Foneras want an autoupdate

FON wants all La Foneras to update. Here is the shellcode to be executed:

cd /tmp
wget http://download.fon.com/firmware/update/0.7.0/4/upgrade.fon
/bin/fonverify /etc/public_fon_rsa_key.der /tmp/upgrade.fon

rm -f /tmp/.thinclient.sh

exit
It will upgrade the La Fonera to 0.7.1 rev 1.

Btw, if you want to have a look into the .fon files you can use this short unfonify.sh script:
#!/bin/sh
SIZE=$(du -b $1 | cut -f1)
tail -c $((SIZE-519)) $1 > $1.tar.gz
Usage: unfonify.sh upgrade.fon
It will cut off the first bytes containing the signature and generate a gzipped tarball, which you can easily extract.

WARNING: If you still waiting for your La Fonera and want to gain ssh access, you should NOT connect it to the internet. Just plug in the powercable, connect to the private network (the WPA key is the serial no.) and exploit it via the webinterface.

4 comments:

Anonymous said...

After exploiting La Fonera can I update firmware without losing SSH access?

Michael Kebe said...

mariomix: It depends. Some updates are full firmwares and some only replace some files. In the latter case you should not loose the SSH access. But the best way is to gain SSH access and do all updates manually (look into the fon files and do the needed changes).

Anonymous said...

hi,
when i connect la foneras to internet, can i retain SSH access?

Wout Mertens said...

The unfonify script is a bit inefficient. Here's one using the built-in dd:

dd if=upgrade.fon bs=1 skip=519 | tar -tvzf -

This lists the contents. Just use

dd if=upgrade.fon bs=1 skip=519 |tar -xvzf -

to unpack.