Wifi router firmware links:
OpenWrt
DD-Wrt
Jasager
Tutorials
Enabling Redboot
Unbricking a bricked Fon and installing OpenWrt
Darren Kitchen's Jasager Howto
Tools to help install:
Tftp server configuration tool for OS X
Redboot.pl - a perl script to help automate redboot access (Linux/BSD/Mac)
Freifunk AP51 EasyFlash tftp gui for Linux/Win
Hardware Hacks:
- RS232 serial port adapters
- Better RP-SMA Antennae
- Battery Packs
If we think of more, We'll leave it in the comments. As for me, it's time for sleep (finally)
A few notes:
ReplyDeleteJasager is a "VERY CAPTIVE PORTAL" - That will listen for Wifi probe requests, then send out a beacon that forces all wireless clients in range to associate with it (as opposed to associating with the access point they thought). This can be used for black-holing wireless access in a secure environment where WiFi is not allowed. If combined with other tools such as Middler, SSLStrip or Metasploit, havoc can be wrought by exploiting browser vulnerabilities, using iFrames and DNS spoofing to grab session IDs, or creating a very stealthy man-in-the-middle attack to gather sensitive information that the user expects to be encrypted.
Battery-powered hacks:
A battery pack can be made with the properly-sized barrel connector (center pin is Positive DC voltage) couples to a 4AA or modified 6AA battery clip from Radio Shack. The 6AA pack must be modified to hold 5 AA batteries, so solder some wire between the 6th battery contacts. 6 AA batteries would push 7.2 Volts, enough that it might damage the Fon router. I did not test it with 6 AAs.
I ended up using a Modified 6AA battery clip with a built-in 9v-style plug on top and bought some 9V battery clips to go with it, which I soldered to the barrel connector. Photo here, featuring the 12dBi antenna.
A 4AA pack with 2500 mAh Nickel-Metal-Hydride rechargeable cells ran my Fon (with Jasager) for a little over 1 hour. 5 AAs ran it for close to 3 hours. This is because 5 cells actually starts by pushing more volts than the Fon was designed for (don't worry, it can handle it) but it takes much longer for the voltage to drop too low for the Fon to function.
The Antenna connector is RP-SMA, so many aftermarket antennae will work great. Fon sells the Fontenna, a large omnidirectional antenna. Larger "Rubber Ducky Antennae" are readily available with RP-SMA connectors, as are Waveguide- and yagi-style directional antennae.
Also, if you open the Fon, there are solder terminals for a second antenna. You can solder an antenna directly to these pads or use a short pigtail to the connector of your choice (N-Connector, RP-TNC, or NC for example)
ReplyDelete