Flashing a FON 2100B (stderr:Telnet for RedBoot not enabled)

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
JPMG
DD-WRT Novice


Joined: 20 May 2007
Posts: 5

PostPosted: Tue May 19, 2009 1:36    Post subject: Flashing a FON 2100B (stderr:Telnet for RedBoot not enabled) Reply with quote
I just opened the box on a pair of new 2100B units and wanted to flash them to DD-WRT. I followed the instructions, but now I'm stumped.

I followed the "LaFonera Software Easy Flashing" wiki all the way through step 1 .... I can get to the status screen and it shows "Firmware Version: 0.7.0 r4"

However when I go to use AP51 to load the new firware, it halts with a message "stderr: Telnet for RedBoot not enabled".

I can't get past that.

Any ideas and help will be greatly appreciated.
Hopefully I just missed something simple.

THanks!
... MIke ...
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17638
Location: Hesse/Germany

PostPosted: Tue May 19, 2009 6:06    Post subject: Reply with quote
plz write a PM to orange....he's the fon guy here
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
orange
DD-WRT Guru


Joined: 05 Sep 2007
Posts: 532
Location: 49.50N, 08.44E

PostPosted: Fri May 22, 2009 11:10    Post subject: Reply with quote
Quote:
I followed the "LaFonera Software Easy Flashing" wiki all the way through step 1 .... I can get to the status screen and it shows "Firmware Version: 0.7.0 r4"

This step just allows you to enable SSH on the fon. This is needed to patch redboot afterwards.
Quote:
However when I go to use AP51 to load the new firware, it halts with a message "stderr: Telnet for RedBoot not enabled".

This isn't astonishing. As I said above, you won't be able to access redboot through telnet without patching it first.

Here is a step-by-step guide for you:

1st step: Setup your PC with IP 169.254.255.2, Netmask 255.255.0.0, Gateway&DNS 169.254.255.1 and connect via ethernet to the fon
2nd step: Boot the fon and access the admin interface at 169.254.255.1 (fon firmware 0.7.1r1 or below)
3rd step: Save the following as "sshenable.htm", open it with your webbrowser and hit submit
Code:
<html>
<head>
</head>
<body>
<center>
<form method="post" action="http://169.254.255.1/cgi-bin/webif/connection.sh " enctype="multipart/form-data">
<input name="username" value="$(/etc/init.d/dropbear)" size="68" >
<input type="submit" name="submit" value="Submit" onClick="{this.form.wifimode.value='";' + this.form.wifimode.value +';"'}" />
</form>
</body>
</html>

4th step: Use PuTTY to ssh in at 169.254.255.1 and execute
Code:
mv /etc/init.d/dropbear /etc/init.d/S50dropbear

5th step: Download these two files and HFS
http://fonera.info/camicia/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
http://fonera.info/camicia/out.hex
http://www.rejetto.com/hfs/download
6th step: Reboot the fon and ssh back in (ssh access is now permanent due to step 4)
7th step: Host openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma and out.hex with HFS locally
8th step: Execute these code tags while connected via ssh
Code:
cd /tmp
wget http://169.254.255.2/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7
reboot

Code:
cd /tmp
wget http://169.254.255.2/out.hex
mtd -e "RedBoot config" write out.hex "RedBoot config"
reboot

Don't interrupt the redboot patching!!! Otherwise you'll have a bricked device.

Now you can flash dd-wrt or openwrt or whatever with Fon Flash or better manually :)

HTH orange

_________________
7x La Fonera 2100, 1x NanoStation2 Loco
running bleeding edge openwrt backfire/attitude adjustment
or4n9e on irc.freenode.net
DoesItMatter
DD-WRT Guru


Joined: 10 May 2008
Posts: 1373
Location: Pacific North West, USA

PostPosted: Fri May 22, 2009 12:23    Post subject: Reply with quote
http://wifi.wikia.com/wiki/Unlock_la_fonera_plus#Windows_howto

you could also try that method.

I have a Fon 2201+ and HAD a Fon 2200

Both of them were free'd from the tyranny of their original firmwares.

I used that guide for both, but again - QUICK

You only have 2 seconds to access the Redboot - took me multiple tries, especially on the Fon 2200

Once you get to redboot

fis init -f

that way it erases all the flash EXCEPT the redboot

this way, in case the router reboots or something, it'll always halt at redboot.

once you've got the flash formatted - load up whatever you want.

Incidentally - this is the same method you can use to get initial redboot access
for the Airlink AR-430W's and DLink DIR-300's as well

I no longer have the Fon 2200 because I tried to overclock it and it bricked.

_________________
Evil or Very Mad Soylent Green Is People ! Evil or Very Mad
Twisted Evil =-=-=-=-=-=-=-=-=-=-= Twisted Evil
2x Asus RT-N16 - Asuswrt-Merlin 3.0.0.4.376.43
Belkin F7D3302 - Toastman Tomato USB VPN 1.28.7505
Linksys E3000 - Toastman Tomato USB VPN 1.28.7505
-------------------------
2x Buffalo WZR-HP-G300NH V1 - OpenWRT Chaos Calmer 45860
2x Engenius ESR900 - Stock Firmware 1.4.0 / OpenWRT Chaos Calmer 45860
TP-Link WR1043ND V1.8 - Gargoyle 1.7.1
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 6814
Location: Dresden, Germany

PostPosted: Fri May 22, 2009 14:38    Post subject: Reply with quote
you can use the redboot hacking tool from the senao thread to open up the bootloader for telnet access
_________________
one cigarette costs 2 minutes of your life.
one bottle of beer costs 4 minutes of your life.
one working day costs 8 hours of your life.

Yummee:
Linux DD-WRT 4.14.8 #42 SMP PREEMPT Thu Dec 21 18:11:16 CET 2017 armv7l DD-WRT
root@DD-WRT:/sys# nvram get DD_BOARD
Netgear R7800
JPMG
DD-WRT Novice


Joined: 20 May 2007
Posts: 5

PostPosted: Mon May 25, 2009 1:02    Post subject: Reply with quote
My thanks go out to Orange and all the others who really gave me some good input. I had found MANY different ways to do it from various sources .... and it was almost too much info, the single post really made it all work out.

I used the steps and the two FON units started to soar like eagles ... Until they crashed and burned like the Hindenburg. Now I think I have two small doorstops.

So ... just to give you a good laugh ... here is what happened....

When I first opened them up they had an older version of the firmware (0.7.0 r4), thinking the failures I had were based on that (all the references I saw sounded like you needed firmware 0.7.1r1) I searched and found the 0.7.1r image. Both were burned to that level and worked OK to the test page.

Next I read multiple (and sometimes conflicting) write-ups about enabling SSH. But I did find the part about setting the DNS to 88.195.165.155 and letting the little unit “phone home” and enable SSH. Unfortunatly while doing this one connected live to the net and was updated to the lasted 0.7.2 firmware. Not too bad, that meant I had one ready to upgrade, and one that I would have to “downgrade” the firmware to 0.7.1.r2. On a positive note, I got VERY adept in the multiple steps to reset the routers (push, wait, push, wait, power cycle, etc.)

So with these two ready to go, I got coffee and began the steps.

Step 1 (OK)

Step 2 (OK) – Found the status page, looks promising!

Step 3 (OK) – Duh, cut and pasted to an HTM file I can do! But for some reason my test box kept throwing a “script error” on line 7 .... So I just hooked the unit up to another box. The patch took fine.

Step 4 (OK) – EXCELLENT! Got into the box, saw the logo and command prompt! Ran the command and it took.

Step 5 (OK) – Files all down and HFS up and running.

Step 6 (OK) – Even better, SSH still working after a reboot (by now small things make me happy)

Step 7 (OK) – HFS running and hosing the files.

Step 8 – Things start to go south .....

Step 8.1 – Copied the four lines and pasted into Putty. It looks like it is working. However in retrospect I perhaps should have done them one at a time ??? But it looks like its working since HFS shows data transferred. When the letters were no longer changing the cursor was winking after “reboot”, so I hit enter and (surprise to me at least) the thing rebooted.

Step 8.1 – Back into it via SSH, looks great. Do the four lines like before, wait until the letters are no longer changing, hit the enter after reboot and ...... POOF !!

System reboots (since the terminal disconnected), but I can no longer get in. I waiting until all was done, but maybe no long enough. So it seems unit one want down in flames, sort of a toasted brick.

But wait ... there’s more !!

The other unit was still OK, but at firmware level 0.7.2. No sweat (I thought), just connect up to it and select “Update Firmware” to a lower level. I had done it before so it should be OK to do it again.

Connect to the page, pick the correct fon file, hit update and wait ... and wait ... and wait ... and (you get the idea). No complete page ever came back, and when I eventually power cycled it (after waiting two hours) ... another unit ready for butter and jam (toast), but not really usefull as a router.

So tonight I am gonna have a beer, sit back and NOT throw them out the window.
In the morning I will go though the multiple step “reset dance” and see it they come up via SSH to 169.254.255.1.

Maybe all is not lost ... Does the IP address of the unit change from 169.254.255.1?

Maybe it’s there and I’m not hitting the correct address? I figured they were gone since the WIFI light never came back on, but maybe that is not a correct assumption.

Anyway .... I’ll bang at it again the AM ... I hope you all are not falling out of your chairs laughing.

Cheers!
... Mike ...
orange
DD-WRT Guru


Joined: 05 Sep 2007
Posts: 532
Location: 49.50N, 08.44E

PostPosted: Mon May 25, 2009 4:52    Post subject: Reply with quote
Quote:
So ... just to give you a good laugh ...

You definitely managed to give me a good laugh with it - especially as I'm a German guy, the Hindenburg metaphor was great!

Onto your problem, which most likely isn't a problem at all, assumed that I understood one thing right. You successfully finished the patching of Redboot and the writing of the RedBoot config on both units, correct? If so, it's absolutely normal that your fon stays in an unbootable state now. And this is just due to the fact, that Redboot now waits for your sympathy lol - it wants you to flash dd-wrt or openwrt onto the fon.

So, to transform your doorstops into routers, just setup your PC with IP 192.168.1.166, Gateway&DNS 192.168.1.254, Netmask 255.255.255.0, open PuTTY and prepare telnet access to 192.168.1.254 at port 9000. Once this is all prepared, ping 192.168.1.254, plug the fon's power cord and wait for replies - you'll get those within a 10 seconds timeframe and during this timeframe you just press connect in PuTTY (which you preconfigured previously) and you'll get to the RedBoot prompt (redboot>). That's it, flash dd-wrt or openwrt and you're done. If you need instructions to do that, let me know!

best,
orange

PS: After re-reading your comments I realized that your second device is in another situation as the first one actually. As of the second one, you just assumed something that is, at least from my perspective, not correct. You need to know something about downgrading of the fon firmware. The fon comes with one particular version (e.g. 0.7.0r4) PRE-flashed and once you connect the fon to the Internet it does "incremental" updates to the PRE-flashed version, i.e. it NEVER overrides the version it came with PRE-flashed. That means, that you'll be able to reset the fon at any time to the PRE-flashed version assumed you haven't flashed another fon firmware version manually. Thus it's imho not at all possible (and I might be wrong here) to "downgrade" the fon firmware using the webinterface, at least I never tried this. You just need to find out the PRE-flashed version the fon shipped with and if this version is equal or below 0.7.1r1 you can downgrade to it and enable SSH the way I described it to you. If you're unsure about the PRE-flashed version of your fon, just open it up and look on the bottom of the PCB: there's the flash rom and on this chip there's a sticker with the version written to it.

_________________
7x La Fonera 2100, 1x NanoStation2 Loco
running bleeding edge openwrt backfire/attitude adjustment
or4n9e on irc.freenode.net
JPMG
DD-WRT Novice


Joined: 20 May 2007
Posts: 5

PostPosted: Tue May 26, 2009 4:58    Post subject: The little buggers are alive ... Reply with quote
Ahhh ... good things tonight.

Perhaps the two routers should not be called “Hindenburg”, rather Graf Zepplin, since they did not crash and burn. As of tonight I have been able to get into RedBoot console on both, that is a very good sign.

The first unit was correctly fixed last night, your description was correct. It was just waiting for something. Once I set the IP correctly I could telnet in and get the prompt.

The second unit (which I thought was bricked) was a bit odd. I powered it up and after a while saw the WIFI lamp lit. When I did a scan I saw a MyPlace AP listed, so that meant something was running on the runt. When I got to the status page over the ethernet it showed up and listed firmware level 0.7.1.r1. Thus the reflash last night must have taken. Since it was working at level 0.7.1.r1, I used all the steps and got that to the Reboot prompt level.

On a side note, I saw your comment about the second unit and “downgrade” flashing. I had guessed they did incremental flashes (to update and “protect” the units from actions such as this). However when researching the 88.195.165.155 DNS solution, I came across an item where someone else had their unit “upgraded” accidentially. Basically like my case, using the new DNS setting then accidentially allowing it to talk to the live net. They posted a link to the ENTIRE 7.1.1.1 firmware image. Since the package was about 2 MB that seemed reasonable. I think the reference link was on the same page that describes the alternate DNS solution. While I don’t know much (duh) it seems that based on at least one case (mine) you CAN downgrade your firmware level from the web interface, assuming you have the FULL version of the firmware to load. However it might not work for everyone and as they like to say “your mileage may vary”.

Now that both are at the Redboot stage, I would greatly appreciate the flashing steps. Your other ones worked perfect. Right now I am looking at multiple “methods” to flash, from command line to AP51 to Fon Flash ... each a bit different. And most mention the 2200 (not the 2100) so I’m not sure if they will work with mine.

Past the doorstop stage ... perhaps next onto AP stage.

Cheers!
... Mike ...

Also: When these get done, I’m looking at x86 DD-WRT on a mini-ITX that I will have available. Any thoughts about that?
orange
DD-WRT Guru


Joined: 05 Sep 2007
Posts: 532
Location: 49.50N, 08.44E

PostPosted: Tue May 26, 2009 14:28    Post subject: Reply with quote
Quote:
As of tonight I have been able to get into RedBoot console on both, that is a very good sign.

Awesome!
Quote:
While I don’t know much (duh) it seems that based on at least one case (mine) you CAN downgrade your firmware level from the web interface, assuming you have the FULL version of the firmware to load. However it might not work for everyone and as they like to say “your mileage may vary”.

Thanks for working this out. It's at least interesting to know that it's definitely possible. Something I was not aware of yet, thanks.
Quote:
Now that both are at the Redboot stage, I would greatly appreciate the flashing steps. Your other ones worked perfect. Right now I am looking at multiple “methods” to flash, from command line to AP51 to Fon Flash ... each a bit different. And most mention the 2200 (not the 2100) so I’m not sure if they will work with mine.

As of the flashing methods:
I'd highly recommend doing it from the commandline. I'd avoid using those GUIs whenever possible due to several reasons. However if you want to flash utilizing a GUI, I'd vote for Fon Flash from Gargoyle - it's from my perspective the best GUI available, while even that one doesn't issue a "full initialization flash" and this can become tricky in several scenarios. You have been warned herewith.

As of the flashing instructions:
Whether you're going to flash dd-wrt or OpenWrt, the following assumes, that you have tftpd32 (or another tftp server) hosting your firmware files and furthermore your PC needs to be configured with IP 192.168.1.166, netmask 255.255.255.0, gateway&dns 192.168.1.254. Then access RedBoot via Telnet, port 9000 - I already explained how to do that. Once everything is prepared, paste the following lines to your RedBoot prompt one-by-one, never interrupt the process and be patient... it'll take up to 15 minutes until you get to the RedBoot prompt again.

For dd-wrt:
Code:
ip_addr -h 192.168.1.166 -l 192.168.1.254/24
fis init -f
load -r -b 0x80041000 linux.bin
fis create linux
fconfig
reset

When configuring RedBoot (fconfig), make sure to leave the defaults and just adjust the bootscript to
Code:
>>fis load -l linux
>>exec
>>

For OpenWrt:
Code:
ip_addr -h 192.168.1.166 -l 192.168.1.254/24
fis init -f
load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7
load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
fis create -l 0x006F0000 rootfs
fconfig
reset

When configuring RedBoot (fconfig), make sure to leave the defaults and just adjust the bootscript to
Code:
>>fis load -l vmlinux.bin.l7
>>exec
>>

OpenWrt provides you the possibility to flash a jffs2 root filesystem besides the standard squashfs. If you'd like to run the jffs2 one, just replace
Code:
load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs

with
Code:
load -r -b %{FREEMEMLO} openwrt-atheros-root.jffs2-64k

in the instructions above.
Quote:
Also: When these get done, I’m looking at x86 DD-WRT on a mini-ITX that I will have available. Any thoughts about that?

No experiences, sorry.

_________________
7x La Fonera 2100, 1x NanoStation2 Loco
running bleeding edge openwrt backfire/attitude adjustment
or4n9e on irc.freenode.net
Vaako
DD-WRT User


Joined: 10 Jun 2009
Posts: 313

PostPosted: Mon Feb 06, 2012 3:11    Post subject: Reply with quote
Orange thank you so much for this step-by-step HowTo!!!

>>>>>>> RESPECT <<<<<<<

orange wrote:
Quote:
I followed the "LaFonera Software Easy Flashing" wiki all the way through step 1 .... I can get to the status screen and it shows "Firmware Version: 0.7.0 r4"

This step just allows you to enable SSH on the fon. This is needed to patch redboot afterwards.
Quote:
However when I go to use AP51 to load the new firware, it halts with a message "stderr: Telnet for RedBoot not enabled".

This isn't astonishing. As I said above, you won't be able to access redboot through telnet without patching it first.

Here is a step-by-step guide for you:

1st step: Setup your PC with IP 169.254.255.2, Netmask 255.255.0.0, Gateway&DNS 169.254.255.1 and connect via ethernet to the fon
2nd step: Boot the fon and access the admin interface at 169.254.255.1 (fon firmware 0.7.1r1 or below)
3rd step: Save the following as "sshenable.htm", open it with your webbrowser and hit submit
Code:
<html>
<head>
</head>
<body>
<center>
<form method="post" action="http://169.254.255.1/cgi-bin/webif/connection.sh " enctype="multipart/form-data">
<input name="username" value="$(/etc/init.d/dropbear)" size="68" >
<input type="submit" name="submit" value="Submit" onClick="{this.form.wifimode.value='";' + this.form.wifimode.value +';"'}" />
</form>
</body>
</html>

4th step: Use PuTTY to ssh in at 169.254.255.1 and execute
Code:
mv /etc/init.d/dropbear /etc/init.d/S50dropbear

5th step: Download these two files and HFS
http://fonera.info/camicia/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
http://fonera.info/camicia/out.hex
http://www.rejetto.com/hfs/download
6th step: Reboot the fon and ssh back in (ssh access is now permanent due to step 4)
7th step: Host openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma and out.hex with HFS locally
8th step: Execute these code tags while connected via ssh
Code:
cd /tmp
wget http://169.254.255.2/openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma
mtd -e vmlinux.bin.l7 write openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma vmlinux.bin.l7
reboot

Code:
cd /tmp
wget http://169.254.255.2/out.hex
mtd -e "RedBoot config" write out.hex "RedBoot config"
reboot

Don't interrupt the redboot patching!!! Otherwise you'll have a bricked device.

Now you can flash dd-wrt or openwrt or whatever with Fon Flash or better manually Smile

HTH orange

_________________
Regards,
Vaako

1x Netgear R7800 Nighthawk - firmware not decided yet !!!!
1x Netgear R7000 Nighthawk r36410
1x Ubiquiti RouterStation Pro DD-WRT r23204 std (12/24/13)
1x Asus RT-N16 SVN revision 20675 NEWD-2 K2.6
1x Linksys E4200 v3.0 r34777 mega (01/31/18 )
1x Buffalo WZR-HP-G300NH B0 B0 Gargoyle FW
1x Linksys WRT600N v1.1 (Bricked)
1x Linksys WRT54GL v1.1 (DD-WRT 26446)
1x Linksys WRT54GS v2.2 (DD-WRT 26446)
1x Linksys RVS4000 (stock fw)
3x D-Link DWL-7100AP (openWRT)
2x TP-Link TL-WA801ND (Bridge mode) 100mW TX-Power
Asus WL-520GU SVN 16403M NEWD-2 Eko std-nokaid
4x Fonera with Gargoyle FW
Vaako
DD-WRT User


Joined: 10 Jun 2009
Posts: 313

PostPosted: Tue Sep 15, 2015 14:41    Post subject: Reply with quote
@orange

when try to run the HTML I receive the message:

Code:
Internet Connection Settings: Error

Error in Mode: Invalid value


The firmware is 0.7.1 r5

Is there a way to hack this?

_________________
Regards,
Vaako

1x Netgear R7800 Nighthawk - firmware not decided yet !!!!
1x Netgear R7000 Nighthawk r36410
1x Ubiquiti RouterStation Pro DD-WRT r23204 std (12/24/13)
1x Asus RT-N16 SVN revision 20675 NEWD-2 K2.6
1x Linksys E4200 v3.0 r34777 mega (01/31/18 )
1x Buffalo WZR-HP-G300NH B0 B0 Gargoyle FW
1x Linksys WRT600N v1.1 (Bricked)
1x Linksys WRT54GL v1.1 (DD-WRT 26446)
1x Linksys WRT54GS v2.2 (DD-WRT 26446)
1x Linksys RVS4000 (stock fw)
3x D-Link DWL-7100AP (openWRT)
2x TP-Link TL-WA801ND (Bridge mode) 100mW TX-Power
Asus WL-520GU SVN 16403M NEWD-2 Eko std-nokaid
4x Fonera with Gargoyle FW
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum