forked from bnchdrff/breakafon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
breakafon.sh
31 lines (24 loc) · 1.41 KB
/
breakafon.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/bin/sh
# this helps!
# you'll have to delete previous ssh known_hosts entries for 169.254.255.1
# also, if it's an older fonera (0.7.0ish), change fondue to grammofon
# fondue works for 0.7.1 r1
# BEFORE YOU START (but after you connect the fonera)
# set your ethernet interface to 169.254.255.2 netmask 255.255.0.0
# these two commands will jailbreak a 0.7.1-ish era fon 2100a/b/c
# before running these, plug in a powered Fon to your ethernet port
echo -n 'mv /etc/init.d/dropbear /etc/init.d/S50dropbear' | perl xss-attacks/grammofon.pl 169.254.255.1 admin
echo -n 'sh /etc/init.d/S50dropbear start' | perl xss-attacks/grammofon.pl 169.254.255.1 admin
# this copies the new firmware to the router and then flashes it
scp ./flash-images/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma [email protected]:/tmp/
ssh [email protected] 'cd /tmp ; mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7'
ssh [email protected] 'sync && reboot'
# wait a minute, then copy+flash the new bootloader
# check the md5 sums to make sure everything's kosher
sleep 120
scp ./flash-images/out.hex [email protected]:/tmp/
ssh [email protected] 'cd /tmp && cp /dev/mtd/5 /tmp/mtd5 && cp /dev/mtd/6 /tmp/mtd6'
ssh [email protected] 'cd /tmp && mtd erase "FIS directory" && cat mtd5 >/dev/mtd/5 && cat out.hex >/dev/mtd/6 && sync && md5sum out.hex /dev/mtd/6 mtd5 /dev/mtd/5'
#sudo ./open-mesh-flash eth0
# done
echo 'done'