Fun FON hacking

posted Jul 1st 2006 4:30am by Eliot Phillips
filed under: wireless hacks

With FON now selling their “social routers” for $5 a piece it seems like a good time to mention Hack-A-Day reader [Steve Anderson]’s previous FON hacking experience. By purchasing one of FON’s subsidized routers you agree to participate in their network for at least one year. Steve had a look at the patched OpenWRT firmware FON uses and found the heartbeat system they use to monitor compliance. He then swapped out the firmware and spoofed the heartbeat with a cron job. This hack is an ethical trade off: remove FON’s firmware and violate their terms of service or keep FON’s firmware which probably violates your ISP’s TOS. In related WRT54G news: you can now flash Linux onto v5 and v6 routers without hardware modification. So if you’re at all worried, just buy one for the regular price off the shelf.

[thanks bird603568 and fucter]

Read

Comments [40]

Reader Comments

love this stuff have u a idea of how to fix a bad firm wear upgrade on a bt 24o voyager wired router rooter will not boot up have had problems with this router from day one but thanks bird love ur hack steve preece

Posted at 5:07 pm on Jul 1st, 2006 by steve preece

I’d rather break my ISP’s TOS than FON’s.

Posted at 6:27 pm on Jul 1st, 2006 by cmonkey

The FON hacking article has been pulled. Too much publicity about it is too likely to draw attention from FON, and it’s not worth it.

I recommend, if you want to throw out the FON T&Cs, that you get the source from FON’s website and spend a little time figuring out what’s going on. Me, I’ve got a family to think about.

Posted at 6:33 pm on Jul 1st, 2006 by IrreGular shed

well crap. I had been visiting the website off and on for the past few weeks. It really was the only site that had infomation on the router. Tell me irregular shed, did you finally get a cron job to work?

Posted at 6:42 pm on Jul 1st, 2006 by chris

Google Cache:
http://66.102.7.104/search?q=cache:_oiZ5RJ9WpMJ:www.twindx.com/node/106+fon+site:twindx.com&hl=en&gl=us&ct=clnk&cd=1

Posted at 6:45 pm on Jul 1st, 2006 by dom

if you use google in a certian way you can still see the page thats all im gonna say. sorry irregular shed didnt know you didnt want it to be posted.

Posted at 6:51 pm on Jul 1st, 2006 by bird603568

Very interesting piece of info, but one that helps nobody. Nor FON, nor ISPs, nor us, nor anyone I can think of. It is just like a recipt for a well-done atomic bomb made of sugar, water and salt, it would help no one. My respects for the “irregular shed” but my hacker ethics tell me that I’d not post anything that can bring no advance (but trouble) to the comunity. Greetz from Brazil!

Posted at 6:51 pm on Jul 1st, 2006 by Alexandre, o tabajara

Ah. You beat me to the google cache by like 2 minutes.

Posted at 6:51 pm on Jul 1st, 2006 by David

looks like dom beat me to it also but didnt confirm it when i hinted towards it. i just didnt want to get shed more pissed than he already is

check out oddree magizine today at http://www.oddree.com

Posted at 7:10 pm on Jul 1st, 2006 by bird603568

That’s not fair tp fon. Come on you should’nt even post this. Its borderline unethical just to put it out there. Keep doing this and no company is going to trust us to engage in these interesting type offers with the poorest of us users.

Posted at 7:14 pm on Jul 1st, 2006 by steve hendrix

I also want to mention that someone(I forget who) determined that the mac address that fon sends via the heartbeat function is the wlan interface’s mac, not the one printed on the bottom of the router (wlan mac should be 2 digits higher e.g. ‘a2′ where the mac addy on the router ends with ‘a0′). And also, someone reported that the fon router ssh’s into fon.com once and a while, even if no one is connecting to the hotspot, and the auto-firmware upgrade is turned off, no one knows why yet.

Posted at 7:43 pm on Jul 1st, 2006 by fucter

Trade-offs can go three ways, you know? You don’t have to violate either company’s terms-of-service.

Posted at 7:45 pm on Jul 1st, 2006 by morcheeba

Wow, with this discussion I’m glad I posted “just buy one for the regular price off the shelf”. When cheap routers from FON came up the first time the possibility of Linux running on future WRTs looked very bleak and FON was one of the few ways you could guarantee running it. Things have changed since then. Now v5 and v6 (I didn’t know those exsisted) can be flashed without issue. I think most people reading this will see it for what it is: If you want to support FON, buy their router and if you want to play with Linux, buy your own router.

I may post controversial stuff from time to time, but it is with the firm belief that the hacking community at large is good at heart.

Posted at 8:52 pm on Jul 1st, 2006 by Eliot Phillips

but dont forget that the v4-6 have crippled amounts of flash and ram. I’m not sure about the clock speed thou

Posted at 9:07 pm on Jul 1st, 2006 by bird603568

I think all versions are 200 MHz.

Posted at 11:04 pm on Jul 1st, 2006 by dbpigeon

Is this possible?
using your wrt54g wireless router
as an antenna to pick up hot spots
in an apt. complex. perhaps bridge
router with hot spot in the area?
how is this possible, i have onboard wireless
antenna, and have 3 hotspots in my area but signal is “low”. can i use my router to pick up better signal?

Posted at 11:33 pm on Jul 1st, 2006 by Davidoff channel

#12 just curious…. how do you not violate your ISP’s tos while not voilating fon’s tos? I’m not trying to put you down or anything, I’m just curious if you thought of something…

Posted at 12:23 am on Jul 2nd, 2006 by trebuchet03

trebuchet03, I know Speakeasy is one ISP that specifically allows you to share or resell your service.

Posted at 12:54 am on Jul 2nd, 2006 by Eliot Phillips

I’m pretty sure that #12 means that you can choose not to play – buy a WRT54G from a store and don’t share out your internet connection publicly if it’s against your ISP’s terms-of-service.

It’s not like a store bought WRT54G is going to set you back a whole lot of dough either, and you can hack it without fear of civil action.

Posted at 1:03 am on Jul 2nd, 2006 by Billw

ahh okay I get it… I wouldn’t call not participating a trade-off per say– but I guess that works :P and I guess not all ISP’s are a part of the internet ‘access of evil’ :P

Posted at 1:16 am on Jul 2nd, 2006 by trebuchet03

in many cases isps don’t care who you *share* it with as long as you’re not reselling. Therefore, the only appropriate option is the free wifi sharing, not reselling.

Posted at 5:04 pm on Jul 2nd, 2006 by deltaf

“#12 just curious…. how do you not violate your ISP’s tos while not voilating fon’s tos? I’m not trying to put you down or anything, I’m just curious if you thought of something…”

uhhh. by not using a fon router? I know, it sounds like a crazy idea, but you have to try and think outside the box.

Posted at 3:15 pm on Jul 3rd, 2006 by josh

22… yeah nice patients in reading the thread ;)

you need to have/do something if you want to trade it… so not participating isn’t so much a trade off as it is sitting on your butt :P so if not doing anything is thinking out of the box, most of us have been doing so complaining how someone else’s project is not a hack o.0

Posted at 4:39 pm on Jul 3rd, 2006 by trebuchet03

I ordered one too. Perhaps I’ll even add a FON logo when people first log on :)

Posted at 1:10 pm on Jul 5th, 2006 by rafael vuijk

lool the website author closed down the porojecty adn removed it from his site from getting into trouble does anyone on here has made any backups for the community please uplaod it then thxs.

Posted at 4:11 pm on Jul 5th, 2006 by garryb

I am curious to note- how many of us would, without a second thought, decompile software, download music, reverse engineer a piece of hardware, etc, but found it repugnant to violate the tos from fon? I know I was horrified at the idea, but I can’t quite put my finger on why this more than any of those other tos/eula-breakers feels wrong. Maybe I’m wrong, but…thoughts?

Posted at 2:08 pm on Jul 6th, 2006 by geremy condra

#25: uhh, read the comments?

http://hackaday.com/entry/1234000903073775/#c706073

Posted at 10:38 pm on Jul 6th, 2006 by BAF

Any more information on SSH dial-ins? I can’t find it in the firmware code.

Posted at 11:59 pm on Jul 7th, 2006 by this is L

this is L
i cant either, sometime next week i should be getting my fon router, i’ll sniff it for a couple of days and see what i catch. and i plan to, sometime in the near future, make a page(possibly a wiki) all about our fun with these things

Posted at 2:13 pm on Jul 8th, 2006 by fucter

So does anyone have a copy of the original information?

Posted at 9:43 pm on Jul 9th, 2006 by James

fon ssh function maybe found: http://boards.fon.com/viewtopic.php?t=1219

and basically the original info was to periodlically wget http://download.fon.com/heartbeat.php?mac= at some random times

Posted at 8:30 am on Jul 12th, 2006 by fucter

#26:

I would assume it’s because fon is a cool idea from a seemingly cool company. We don’t really have a good reason to skrew them over. While with warez the assumption is you’ll buy what you like and music that you don’t want to support the authors getting raped out of 90% of the money / whatever.

Posted at 3:39 pm on Jul 17th, 2006 by zite

I got my FON router today. Started messing around with it. I was messing with the FON firmware’s firmware upgrade tool, thought I bricked my router. Just had the blinking power LED of death.. I TFTP’d Linksys’ firmware version 4 and got rid of FON.

Whoever was against hacking the FON router… FON made 20 million dollars already on this. They’re not trying to be nice and create a big wireless community, they’re trying to make money off of YOUR ISP. Lame. So I have no guilt.

Posted at 8:58 pm on Jul 18th, 2006 by David

31# i need your help

prominator1@yahoo.com

Posted at 3:40 am on Jul 21st, 2006 by martin

Although no one is still following this, Fon is still shipping $13 routers ($8 ship) away and Google removed the cache of that very special page (although all you need to know is already in the comments here). It is surprising that Google didn’t remove the page sooner, since its been funding the Fon operation!

What will you do with your router? I am currently using one in client mode as a wireless card to borrow a nearby internet connection. Another is set up to feed it back to the source! Imagine what they’ll think when they connect to the new network in question and see their own router lights buzzing!

Fon is now shipping WRT54GS (speedbooster) V4 models by the way!

I have one discovery to add: while monitoring airborne packets (redirected from the WAN port) from a fon router in airopeek, I noticed that instead of seeing heartbeats, I was registering strange pairs of CRC errors and notifications.

Posted at 8:33 pm on Jul 26th, 2006 by This is l

Screw them over? I was curious about Fon and I decided to install the Firmware in my Linksys router from the Fon website. Like a bad virus, I can’t get rid of it. Fon support hasn’t answered my e-mails, my posts to the Forum on Fon’s website got deleted. Trust me DON’T use your own router and install the firmware. Buy the Fon router for the low price.

Posted at 5:11 am on Jul 28th, 2006 by woosh

Posted at 5:13 am on Jul 28th, 2006 by woosh

I was thinking of getting my fon router (wrt54gs) and switching it for my older wrt54g
Do you think they would have a problem with that?

Posted at 2:05 pm on Jul 28th, 2006 by Levi

Can someone please post this text again, the link is down.. Someone upload it to rapidshare or something..

Posted at 3:25 am on Aug 10th, 2006 by Warezio

ha, i received a letter in the mail from fon today (how long has it been… a year?) anyway, they say if i dont turn my router on, that i wont be able to access free fon hotspots anymore, oh well.
in other words, no finantial penalty will be bestowed upon me :)

Posted at 11:38 am on Apr 13th, 2007 by fucter

Fun FON hacking

Recent Posts

Reader Comments

Leave a Reply

Hacks

Resources

RSS newsfeeds

Most commented on (30 days)

Recent comments