Hi! I just installed this fw. If you want, I can give you the image of the fon fw (original) that was in my fonera (v4.0.2.2-euro). So you can add it in your blog.
You can access U-Boot now. Thank you for your offer. But I am sorry to say that I don't have a file server. Would you please set up a site and add the FW in your site? So I can download it.
Thanks for your firmware. I have updated my site. The firmware (ver.4.0.2.2) has been added a couple of languages, 11N mode and WPS than the previous version (ver.4.0.1.4).
Sorry to be late. Simpl firmware is compressed with squashfs-lzma(not squashfs 4.0). So you can extract the firmware, change shell scripts and rebuilt it. I dont remember exactly. But important things are squashfs-lzma version and to use little endian version.
In this image I modified the file "config.in" to enable the creation of the image format .tgz, and I modified the file "package\microd\microd\etc\config\firewall" to enable access to web panel from wan.
I think that I'll try to disintegrate kernel and rootfs of the v4.0.1.4 to see how it was inserted telnetd in it. Then I'll see how is appropriate to proceed...
If you have still the fw v4.0.1.4 disintegrated, can you send me a copy of it please? (via e-mail or uploading it to megaupload)
PS: If you have any advice please contact me whenever you want.
Now we have a rootfs.img. There is a problem. command tools dir is ./staging_dir/host/bin. But unsquashfs-lzma does not work. So download from: https://sites.google.com/site/hottunalabs/home/fonera-simpl-hacking/unsquashfs?attredirects=0&d=1
$ chmod +x unsquashfs $ ./unsquashfs rootfs.img
If successful, it makes squashfs-root dir. there are no editable files in the firmware. So creating a bypass file.
e.g. $ cd squashfs-root/sbin $ mv dnsmasq dnsmasq.bin $ ln -s ../bin/busybox telnet $ cat > dnsmasq #! /bin/sh
Now creating modified rootfs: $ ../fon/FON_SIMPL_4.0.2.2_GPL/staging_dir/host/bin/mksquashfs_lzma-3.2 squashfs-root/ rootfs_new.img
Creating a new firmware: $ cat kernel.img rootfs_new.img > tmp_new_fw.img $ dd if=tmp_new_fw.img of=new_fw.img bs=1900544 conv=notrunc,noerror,sync
Finally we get a hacked Simpl firmware.
If the new FW is does not work, try this FW: https://sites.google.com/site/hottunalabs/home/fonera-simpl-hacking/fonera-simpl-4.0.1.4-hacked.img?attredirects=0&d=1
I compared the old fw (v4.0.1.4) with the new (v4.0.2.2) and I saw that there are too many different things to implement telnetd.
Seen that I want to continue to share my Internet connection with this Fonera, I hope that Fon will soon release a fw with the repeater mode and the bridge mode.
PS (curiosity): in the version 4.0.2.2 I have seen that there are already some useful files for new features that are not yet implemented: - ap_client (used for the repeater mode: http://goo.gl/rPGMr) - reboot_timer - DDNS - status log - enabling / disabling fonspot
Thanks very much for your help, let me know if you find something useful!
Last thing: I have compiled an image after editing a configuration file (there were some options included but commented out). I do not know if this is enough to enable the hidden settings. When I find some free time I'll try it and let you know.
This is the image that I have compiled: http://www.megaupload.com/?d=GXAD8RWZ ; if you try it before me let me know if there is some new function that works ;)
Hello and thank you for the valuable information. The Simpl I use is fw 4.0.2.3 (not 2.2) and it seems the serial trick does not behave the same: Instead of the menu, a flow of gibberish bytes are displayed - tried all combinations of baud rate / parity / stop bits - tried also to delay the rear button release more...
Tried to use the LAN/WAN ports, and listen with Wireshark...
Well, currently out of options!
Noticed from this page that the source code is available https://forum.openwrt.org/viewtopic.php?id=32793
both 4.0.2.2 and 2.3 are available. However, some binary data or even commands seem not to be available as source ( eg. microd, fonsmcd... data .dat files ...).
Any new idea is welcome - for instance, would it be interesting to search for the code handling the serial, and check the differences between 2.2 and 2.3?
thanks for your work!
ReplyDeleteHi! I just installed this fw.
ReplyDeleteIf you want, I can give you the image of the fon fw (original) that was in my fonera (v4.0.2.2-euro). So you can add it in your blog.
Hi Giuseppe
ReplyDeleteYou can access U-Boot now. Thank you for your offer. But I am sorry to say that I don't have a file server. Would you please set up a site and add the FW in your site? So I can download it.
Here's the file: http://www.megaupload.com/?d=DUD7Q1U7
ReplyDeleteSee you soon!
Hi Giuseppe,
ReplyDeleteThanks for your firmware. I have updated my site. The firmware (ver.4.0.2.2) has been added a couple of languages, 11N mode and WPS than the previous version (ver.4.0.1.4).
Hi!
ReplyDeleteDo you know how to enable the telnetd in the ver.4.0.2.2? (like your "fonera-simpl-4.0.1.4-hacked" firmware)
Thanks
Hi!
ReplyDeleteI have another question: do you know how I can set the repeater mode (simple WiFi repeater without bridge mode)?
I hope you can help me because all the tests I made didn't work... :(
Thanks!
Hello giuseppeg88
ReplyDeleteSorry to be late. Simpl firmware is compressed with squashfs-lzma(not squashfs 4.0). So you can extract the firmware, change shell scripts and rebuilt it. I dont remember exactly. But important things are squashfs-lzma version and to use little endian version.
1. Disintegrate kernel and rootfs
2. Extract rootfs compression
3. Rebuild rootfs
4. Rebuild firmare (kernel + rootfs)
This method is complicated, but not impossible.
Good luck!
There's good news: http://blog.fonosfera.org/simpl-gpl-sources-now-available/
ReplyDeleteThis makes it easier, right?
Thanks!
Thanks for the info.
ReplyDeleteI tried to build it. But compiler stopped with an error.
$ make menuconfig
$ make V=99
...
patching file include/linux/ip.h
patching file include/linux/skbuff.h
patching file include/net/ip.h
ls: cannot access ./patches: No such file or directory
...
Ittakes time to examine.
Now I try to compile a image (simple: without making any changes to the code), so I can see if I get some error.
ReplyDeleteI inform you when it finishes.
I have not received any error in compilation. Maybe you should re-download the source code and extract it to a new folder.
ReplyDeleteThese are the outputs (NOT TESTED):
openwrt-foneraN-fonita-squashfs.img: http://www.megaupload.com/?d=OSRWWGQJ
openwrt-foneraN-rootfs.tgz: http://www.megaupload.com/?d=ZW8D6HO9
In this image I modified the file "config.in" to enable the creation of the image format .tgz, and I modified the file "package\microd\microd\etc\config\firewall" to enable access to web panel from wan.
What should I do to enable telnet?
Thanks for your help!
Makefile:415: *** mixed implicit and normal rules. Stop
ReplyDeleteThe error means that make command cannot understand the makefile. So I googled and found the solution:
downgrade 'make' from ver. 3.82 to 3.81.
Now I built Simpl firmware. And I checked rootfs:
$ cd ./build_dir/mipsel/root-foneraN/
$ find | grep bin
./bin
./bin/login.sh
./usr/bin
./usr/bin/px5g
./usr/bin/arping
./usr/sbin
./usr/sbin/tc
./usr/sbin/pppd
./usr/sbin/iptables
./usr/sbin/chilli
./usr/sbin/chilli_radconfig
./sbin
./sbin/mtd
./sbin/uresd
./sbin/dnsmasq
./sbin/zepttho
./sbin/debug_tcp
./sbin/micro_client
./sbin/chilli_wdt
./sbin/chilloutd
./sbin/firmware_update
./sbin/fonsmcd
./sbin/syslogd
./sbin/ap_client
./sbin/microd
./sbin/switch
./sbin/udhcpc
./sbin/xl2tpd
./sbin/ip_tiny
./sbin/fatserver_client
./sbin/preinit
./sbin/qos_tool
There is no busybox. My conclusion:
you cannot use telnet.
Lots changed since I hacked Simpl firmware.
If you want to use telnet, you have to add BSD telnet or busybox to the source.
:((
ReplyDeleteI think that I'll try to disintegrate kernel and rootfs of the v4.0.1.4 to see how it was inserted telnetd in it. Then I'll see how is appropriate to proceed...
If you have still the fw v4.0.1.4 disintegrated, can you send me a copy of it please? (via e-mail or uploading it to megaupload)
PS: If you have any advice please contact me whenever you want.
Thank you!
Hi
ReplyDeletemtd Address:
0xb6000 - 0x20000 = 0x96000 (614400Byte)
0x1f0000 - 0x20000 = 0x1D0000(1900544Bite)
extract kernel image:
dd if=fonera-simpl-4.0.1.4.img of=kernel.img bs=614400 count=1
extract rootfs image:
dd if=fonera-simpl-4.0.1.4.img of=rootfs.img skip=614400 bs=1
$ hexdump -n 100 -C rootfs.img
00000000 73 68 73 71 0f 01 00 00 84 19 40 7c 90 04 08 b8 |shsq......@|....|
00000010 a1 06 40 00 a5 06 40 d8 ab 06 40 02 03 00 00 00 |..@...@...@.....|
00000020 ed 00 10 00 c0 01 00 43 bb 73 4b b6 01 93 07 00 |.......C.sK.....|
00000030 00 00 00 00 00 01 00 0f 00 00 00 7d 90 00 40 37 |...........}..@7|
00000040 2a 12 00 00 00 00 00 33 2a 12 00 00 00 00 00 00 |*......3*.......|
00000050 00 00 00 00 00 00 00 8a 15 12 00 00 00 00 00 e7 |................|
00000060 1d 12 00 00 |....|
00000064
'shsq' is sqashfs-lzma magic number.
Now we have a rootfs.img. There is a problem. command tools dir is ./staging_dir/host/bin. But unsquashfs-lzma does not work. So download from:
https://sites.google.com/site/hottunalabs/home/fonera-simpl-hacking/unsquashfs?attredirects=0&d=1
$ chmod +x unsquashfs
$ ./unsquashfs rootfs.img
If successful, it makes squashfs-root dir.
there are no editable files in the firmware. So creating a bypass file.
e.g.
$ cd squashfs-root/sbin
$ mv dnsmasq dnsmasq.bin
$ ln -s ../bin/busybox telnet
$ cat > dnsmasq
#! /bin/sh
/sbin/telnetd -l /bin/sh
/sbin/dnsmasq.bin $@
CTRL+d
$ chmod +x dnsmasq
$ cd -
Now creating modified rootfs:
$ ../fon/FON_SIMPL_4.0.2.2_GPL/staging_dir/host/bin/mksquashfs_lzma-3.2 squashfs-root/ rootfs_new.img
Creating a new firmware:
$ cat kernel.img rootfs_new.img > tmp_new_fw.img
$ dd if=tmp_new_fw.img of=new_fw.img bs=1900544 conv=notrunc,noerror,sync
Finally we get a hacked Simpl firmware.
If the new FW is does not work, try this FW:
https://sites.google.com/site/hottunalabs/home/fonera-simpl-hacking/fonera-simpl-4.0.1.4-hacked.img?attredirects=0&d=1
You can extract this FW with unsquashfs.
Hi!
ReplyDeleteI compared the old fw (v4.0.1.4) with the new (v4.0.2.2) and I saw that there are too many different things to implement telnetd.
Seen that I want to continue to share my Internet connection with this Fonera,
I hope that Fon will soon release a fw with the repeater mode and the bridge mode.
PS (curiosity): in the version 4.0.2.2 I have seen that there are already some useful files for new features that are not yet implemented:
- ap_client (used for the repeater mode: http://goo.gl/rPGMr)
- reboot_timer
- DDNS
- status log
- enabling / disabling fonspot
Thanks very much for your help, let me know if you find something useful!
Last thing: I have compiled an image after editing a configuration file (there were some options included but commented out). I do not know if this is enough to enable the hidden settings. When I find some free time I'll try it and let you know.
ReplyDeleteThis is the image that I have compiled: http://www.megaupload.com/?d=GXAD8RWZ ; if you try it before me let me know if there is some new function that works ;)
Hello and thank you for the valuable information.
ReplyDeleteThe Simpl I use is fw 4.0.2.3 (not 2.2) and it seems the serial trick does not behave the same:
Instead of the menu, a flow of gibberish bytes are displayed - tried all combinations of baud rate / parity / stop bits - tried also to delay the rear button release more...
Tried to use the LAN/WAN ports, and listen with Wireshark...
Well, currently out of options!
Noticed from this page that the source code is available
https://forum.openwrt.org/viewtopic.php?id=32793
both 4.0.2.2 and 2.3 are available.
However, some binary data or even commands seem not to be available as source
( eg. microd, fonsmcd... data .dat files ...).
Any new idea is welcome - for instance, would it be interesting to search for the code handling the serial, and check the differences between 2.2 and 2.3?
Thanks
Ok, so it works!
DeleteWas using a Serial to Wifi box that does _not_ work.
Bought the FTDI FT232RL as you suggested, worked immediately!
Very good device.
By the way, is the source code of that 1.8 MB kernel version available?
Next step is to replace the 2MB flash with a 4MB (mx25l3205dm2i).
よろしくおねがいします!
This comment has been removed by the author.
ReplyDelete