Let’s see how the Fonera automatically updates itself.
Enter you La Fonera (by SSH). Edit your cron jobs and you’ll see that every day your Fonera runs the following command:
<pre>root@fon01:~# crontab -l
0 * * * * /bin/thinclient cron</pre>
During startup, your Fonera also runs “/bin/thinclient start” from /etc/init.d/N40thinclient.
Let’s see what is that thinclient about:
Firts, check that the last line of /bin/thinclient is commented, like this:
<pre># . /tmp/.thinclient.sh</pre>
Then, run the following command (It won’t upgrade your Fonera!)
<pre>root@fon01:~# sh -x /bin/thinclient start
…
+ echo mode=’start’ wlmac=’00:18:84:XX:XX:XX’ mac=’00:18:84:XX:XX:XX’ fonrev=’2′ firmware=’0.7.1′ chillver=’1.0-1′ thclver=’1.0′ device=’fonera’
+ ssh -T -p 1937 -i /etc/dropbear/key openwrt@download.fon.com
root@fon01:~#
</pre>
(I’ve XX’ed my MAC addresses for obvious privacy reasons).
So, here is how the Fonera start an automatic upgrade: it send by ssh some information about itself: macs, version and revision… What for?
The result of the last command is written into the /tmp/.thinclient.sh file, which is then supposed to be launched. Let’s look at it:
<pre>root@fon01:~# cat .thinclient.sh
cd /tmp
wget http://download.fon.com/firmware/update/0.7.1/2/upgrade.fon
/bin/fonverify /etc/public_fon_rsa_key.der /tmp/upgrade.fon
rm -f /tmp/.thinclient.sh
exit
</pre>
Ok, the the next step of the upgrade is to get the upgrade.fon file from FON, check it’s authenticity and extract it (fonverify)
From a Linux box (not my Fonera), I wget the file and run a hacked version of fonverify (skipping the verification of the file and only extracting it).
Running the fonverify scripts in my Linux, we will get the actual update tarball (in that case: upgrade_0713.tgz) and we will be able to see what it affects in our Fonera:
<pre>alegrome$ tar ztf upgrade_0713.tgz
bin/
bin/thinclient
etc/
etc/init.d/
etc/init.d/N45ntpclient
etc/functions.sh
etc/fon_revision
etc/banner
usr/
usr/lib/
usr/lib/webif/
usr/lib/webif/validate.awk
usr/lib/qos.sh
usr/bin/
usr/bin/haserl
www/
www/cgi-bin/
www/cgi-bin/webif/
www/cgi-bin/webif/adv_net.sh
www/cgi-bin/webif/adv_pf.sh
www/cgi-bin/webif/adv_wifi.sh
www/cgi-bin/webif/connection.sh
www/cgi-bin/webif/language.sh
www/cgi-bin/webif/password.sh
www/cgi-bin/webif/private.sh
www/cgi-bin/webif/public.sh
www/cgi-bin/webif/upgrade.sh
alegrome$
</pre>
Notice that the update from 7.1r2 to 7.1r3 modifies the /bin/thinclient script, what actually re-enabled the automatic updates! Beware of it.
Recent Comments