Fun FON hacking

With FON now selling their “social routers” for $5 a piece it seems like a good time to mention Hack-A-Day reader [Steve Anderson]‘s previous FON hacking experience. By purchasing one of FON’s subsidized routers you agree to participate in their network for at least one year. Steve had a look at the patched OpenWRT firmware FON uses and found the heartbeat system they use to monitor compliance. He then swapped out the firmware and spoofed the heartbeat with a cron job. This hack is an ethical trade off: remove FON’s firmware and violate their terms of service or keep FON’s firmware which probably violates your ISP’s TOS. In related WRT54G news: you can now flash Linux onto v5 and v6 routers without hardware modification. So if you’re at all worried, just buy one for the regular price off the shelf.

[thanks bird603568 and fucter]


  1. steve preece says:

    love this stuff have u a idea of how to fix a bad firm wear upgrade on a bt 24o voyager wired router rooter will not boot up have had problems with this router from day one but thanks bird love ur hack steve preece

  2. cmonkey says:

    I’d rather break my ISP’s TOS than FON’s.

  3. The FON hacking article has been pulled. Too much publicity about it is too likely to draw attention from FON, and it’s not worth it.

    I recommend, if you want to throw out the FON T&Cs, that you get the source from FON’s website and spend a little time figuring out what’s going on. Me, I’ve got a family to think about.

  4. chris says:

    well crap. I had been visiting the website off and on for the past few weeks. It really was the only site that had infomation on the router. Tell me irregular shed, did you finally get a cron job to work?

  5. dom says:
  6. bird603568 says:

    if you use google in a certian way you can still see the page thats all im gonna say. sorry irregular shed didnt know you didnt want it to be posted.

  7. Very interesting piece of info, but one that helps nobody. Nor FON, nor ISPs, nor us, nor anyone I can think of. It is just like a recipt for a well-done atomic bomb made of sugar, water and salt, it would help no one. My respects for the “irregular shed” but my hacker ethics tell me that I’d not post anything that can bring no advance (but trouble) to the comunity. Greetz from Brazil!

  8. David says:

    Ah. You beat me to the google cache by like 2 minutes.

  9. bird603568 says:

    looks like dom beat me to it also but didnt confirm it when i hinted towards it. i just didnt want to get shed more pissed than he already is

    check out oddree magizine today at

  10. steve hendrix says:

    That’s not fair tp fon. Come on you should’nt even post this. Its borderline unethical just to put it out there. Keep doing this and no company is going to trust us to engage in these interesting type offers with the poorest of us users.

  11. fucter says:

    I also want to mention that someone(I forget who) determined that the mac address that fon sends via the heartbeat function is the wlan interface’s mac, not the one printed on the bottom of the router (wlan mac should be 2 digits higher e.g. ‘a2′ where the mac addy on the router ends with ‘a0′). And also, someone reported that the fon router ssh’s into once and a while, even if no one is connecting to the hotspot, and the auto-firmware upgrade is turned off, no one knows why yet.

  12. morcheeba says:

    Trade-offs can go three ways, you know? You don’t have to violate either company’s terms-of-service.

  13. Wow, with this discussion I’m glad I posted “just buy one for the regular price off the shelf”. When cheap routers from FON came up the first time the possibility of Linux running on future WRTs looked very bleak and FON was one of the few ways you could guarantee running it. Things have changed since then. Now v5 and v6 (I didn’t know those exsisted) can be flashed without issue. I think most people reading this will see it for what it is: If you want to support FON, buy their router and if you want to play with Linux, buy your own router.

    I may post controversial stuff from time to time, but it is with the firm belief that the hacking community at large is good at heart.

  14. bird603568 says:

    but dont forget that the v4-6 have crippled amounts of flash and ram. I’m not sure about the clock speed thou

  15. dbpigeon says:

    I think all versions are 200 MHz.

  16. Davidoff channel says:

    Is this possible?
    using your wrt54g wireless router
    as an antenna to pick up hot spots
    in an apt. complex. perhaps bridge
    router with hot spot in the area?
    how is this possible, i have onboard wireless
    antenna, and have 3 hotspots in my area but signal is “low”. can i use my router to pick up better signal?

  17. trebuchet03 says:

    #12 just curious…. how do you not violate your ISP’s tos while not voilating fon’s tos? I’m not trying to put you down or anything, I’m just curious if you thought of something…

  18. trebuchet03, I know Speakeasy is one ISP that specifically allows you to share or resell your service.

  19. Billw says:

    I’m pretty sure that #12 means that you can choose not to play – buy a WRT54G from a store and don’t share out your internet connection publicly if it’s against your ISP’s terms-of-service.

    It’s not like a store bought WRT54G is going to set you back a whole lot of dough either, and you can hack it without fear of civil action.

  20. trebuchet03 says:

    ahh okay I get it… I wouldn’t call not participating a trade-off per say– but I guess that works :P and I guess not all ISP’s are a part of the internet ‘access of evil’ :P

  21. deltaf says:

    in many cases isps don’t care who you *share* it with as long as you’re not reselling. Therefore, the only appropriate option is the free wifi sharing, not reselling.

  22. josh says:

    “#12 just curious…. how do you not violate your ISP’s tos while not voilating fon’s tos? I’m not trying to put you down or anything, I’m just curious if you thought of something…”

    uhhh. by not using a fon router? I know, it sounds like a crazy idea, but you have to try and think outside the box.

  23. trebuchet03 says:

    22… yeah nice patients in reading the thread ;)

    you need to have/do something if you want to trade it… so not participating isn’t so much a trade off as it is sitting on your butt :P so if not doing anything is thinking out of the box, most of us have been doing so complaining how someone else’s project is not a hack o.0

  24. rafael vuijk says:

    I ordered one too. Perhaps I’ll even add a FON logo when people first log on :)

  25. garryb says:

    lool the website author closed down the porojecty adn removed it from his site from getting into trouble does anyone on here has made any backups for the community please uplaod it then thxs.

  26. geremy condra says:

    I am curious to note- how many of us would, without a second thought, decompile software, download music, reverse engineer a piece of hardware, etc, but found it repugnant to violate the tos from fon? I know I was horrified at the idea, but I can’t quite put my finger on why this more than any of those other tos/eula-breakers feels wrong. Maybe I’m wrong, but…thoughts?

  27. BAF says:
  28. this is L says:

    Any more information on SSH dial-ins? I can’t find it in the firmware code.

  29. fucter says:

    this is L
    i cant either, sometime next week i should be getting my fon router, i’ll sniff it for a couple of days and see what i catch. and i plan to, sometime in the near future, make a page(possibly a wiki) all about our fun with these things

  30. James says:

    So does anyone have a copy of the original information?

  31. fucter says:

    fon ssh function maybe found:

    and basically the original info was to periodlically wget at some random times

  32. zite says:


    I would assume it’s because fon is a cool idea from a seemingly cool company. We don’t really have a good reason to skrew them over. While with warez the assumption is you’ll buy what you like and music that you don’t want to support the authors getting raped out of 90% of the money / whatever.

  33. David says:

    I got my FON router today. Started messing around with it. I was messing with the FON firmware’s firmware upgrade tool, thought I bricked my router. Just had the blinking power LED of death.. I TFTP’d Linksys’ firmware version 4 and got rid of FON.

    Whoever was against hacking the FON router… FON made 20 million dollars already on this. They’re not trying to be nice and create a big wireless community, they’re trying to make money off of YOUR ISP. Lame. So I have no guilt.

  34. martin says:

    31# i need your help

  35. This is l says:

    Although no one is still following this, Fon is still shipping $13 routers ($8 ship) away and Google removed the cache of that very special page (although all you need to know is already in the comments here). It is surprising that Google didn’t remove the page sooner, since its been funding the Fon operation!

    What will you do with your router? I am currently using one in client mode as a wireless card to borrow a nearby internet connection. Another is set up to feed it back to the source! Imagine what they’ll think when they connect to the new network in question and see their own router lights buzzing!

    Fon is now shipping WRT54GS (speedbooster) V4 models by the way!

    I have one discovery to add: while monitoring airborne packets (redirected from the WAN port) from a fon router in airopeek, I noticed that instead of seeing heartbeats, I was registering strange pairs of CRC errors and notifications.

  36. woosh says:

    Screw them over? I was curious about Fon and I decided to install the Firmware in my Linksys router from the Fon website. Like a bad virus, I can’t get rid of it. Fon support hasn’t answered my e-mails, my posts to the Forum on Fon’s website got deleted. Trust me DON’T use your own router and install the firmware. Buy the Fon router for the low price.

  37. woosh says:

    Screw them over? I was curious about Fon and I decided to install the Firmware in my Linksys router from the Fon website. Like a bad virus, I can’t get rid of it. Fon support hasn’t answered my e-mails, my posts to the Forum on Fon’s website got deleted. Trust me DON’T use your own router and install the firmware. Buy the Fon router for the low price.

  38. Levi says:

    I was thinking of getting my fon router (wrt54gs) and switching it for my older wrt54g
    Do you think they would have a problem with that?

  39. Warezio says:

    Can someone please post this text again, the link is down.. Someone upload it to rapidshare or something..

  40. fucter says:

    ha, i received a letter in the mail from fon today (how long has it been… a year?) anyway, they say if i dont turn my router on, that i wont be able to access free fon hotspots anymore, oh well.
    in other words, no finantial penalty will be bestowed upon me :)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,732 other followers