February 12, 2007
By: SonicvanaJr

To start off the Fon, or La Fonera router is a small wireless router that is sold to the customer at a relatively low price ($30) provided that the user agrees to connect the Fonera to their internet connection, and provide free internet to those who want it.

The Fon company seems to live to give their routers away for free sometimes.

I have personally seen, and taken advantage of three different instances where they have given away routers. So if you're broke, or cheap. Just wait around for their next “have a router on us” event :)

The device itself is based on the Atheros AR2315 chipset.

Characteristics:

• 5V @ 2A power supply
  
• 1 ethernet jack
  
• RP-SMA antenna connector
  
• serial port
  
• 16MB RAM
  
• 8MB Flash
  
• SPI-Bus

The Fon is able to run the OpenWRT Kamikaze image, and can thus run various pieces of software that are ported to it. Including the Aircrack-ng suite.

The first step to get Aircrack-ng running on the Fon is to get the OpenWRT image on it first.

Please note to be able to do this you either need a Fon that has SSH enabled.

Tutorial/Guide here. This only works on Fons with firmware 7.0 r4 or below, though at the time of writing [2/12/2007] these people claim to have a way to enable SSH on newer firmwares.

If your Fon is not capable of being SSH'd into then you can use a serial console to flash the image as well.

Instructions for building your own image, and various other information about the Fon and OpenWRT can be found here

Before building the image however the Madwifi-Ng drivers must be patched to allow injection. The patch for the Madwifi-Ng driver can be found here Please make note that there are actually only two code changes made to if_ath.c file, rest is just comments, and can and will be omitted when patching for OpenWRT.

To make your own injection capable image of the OpenWRT Kamikaze image follow the steps below.

• svn co https://svn.openwrt.org/openwrt/trunk/

• svn co https://svn.openwrt.org/openwrt/packages

• You can then later update either of those by going into either the trunk or packages directory, and typing

  svn up

• Go into trunk/package directory and create a symbolic link from the packages tree to the trunk/packages directory

   ln -s ../../packages/*/* . 

• Now go into the trunk directory, and type

   make menuconfig 

  • Make sure that “Target System” is Atheros [2.6]
  • Make sure the Aircrack-Ng package is selected in the Network section as a module.
  • Make sure the libpthread package is selected in the Libraries section as a module.
  • Exit out of the kernel configuration, and be sure to save your changes.

• Go to the trunk directory and type

  make

• Once this is done type

  make clean

• Go into the trunk/dl directory
• Extract the madwifi source by typing

   tar xvjf  madwifi-0.9.2.1.tar.bz2 

• Edit the madwifi-0.9.2.1/ath/if_ath.c file
  • Open said file in your favorite text editor and at the beginning you will see a bunch of comments.

Example

/*-
 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer,
 *    without modification.

• Remove one line of this code. I know this seems stupid, and is quite a dirty hack, but it must be done so that when the madwifi-ng package builds the other patches can be applied to it without any problems.
• Now apply the two lines of code found within the patch file mentioned at the beginning of tutorial. Again I know it sucks to do it by hand, but then again it is quite trivial, and easy, so don't complain to much. Once this is done save the file, and exit out of your text editor.

• rm -rf madwifi-0.9.2.1.tar.bz2 && tar cvjf madwifi-0.9.2.1.tar.bz2 madwifi-ng-0.9.2/ && rm -rf madwifi-0.9.2.1/

• Go into the trunk directory, and type

  make

Now that all of this is done you should have some files in your bin directory.

• openwrt-atheros-2.6-vmlinux.lzma
• openwrt-atheros-2.6-root.jffs2-64k
• Some others (don't worry about them)
• A package directory containing the aircrack-ng ipk file, and libpthred ipk file

Now you need to flash your Fon with the OpenWRT image. There are two ways to do this currently, one is to use the serial interface on the Fon, and the Redboot boot loader to flash a image, or you can ssh into the Fon and flash via the OpenWRT shell.

SSH and serial console guide can be found here

However in the ssh guide replace the files they use with the one I provided, or that you have built. If you built them substitute their wget commands with scp commands to get your image files into the /tmp directory.

Once you have successfully flashed your Fon boot it up, and ssh into it. Default login “root”, password “admin”

Now you need the aircrack-ng and libpthread ipk files. They can be found here or if you built them you should have no problem getting them over to your fon at this point.

Use the command

ipkg install <file name here>.ipk

for both of the files.

You now have the Aircrack-ng suite working on your Fon.

Also note that you need to use the wlanconfig tool to create a monitor mode interface. I suggest putting this into a script, and then putting said script into your PATH so that you can setup a monitor mode interface quickly.

 wlanconfig ath create wlandev wifi0 wlanmode monitor 

Enjoy

If you need help I can be found in the Aircrack-ng IRC channel.

However, if you're lazy, or just don't feel like you can do this you can download the image files at this site

Please understand that these packages are provided as is, and I will not be making any changes to their kernel configuration unless I need to or you can prove to me why I should make a certain change