Cheesy Musings

A new version of the firmware that runs in la fonera routers has been released, you can get this from the Fon website http://en.fon.com/downloads it comes as a 1.9MB file called fonera_0.7.1.1.fon, you can upload this to your router to install it.

I wanted to see what exactly is in this .fon file so I downloaded the source code. You can get this from here. This is an 88.7MB file called fonera.tar.bz2. (The .tar.bz2 extension means it is a compressed file for Linux known as a tarball, a bit like a .zip file). I uncompressed this and had a look inside.

First thing I noticed is the file dates are mostly October 4th 2006, I don’t think this is the source for version 7.1.1. I couldn’t find any indication of what version it actually is, which is a bit of a shame. I used the “find” command to produce this List of files in fonera.tar.bz2 so you can see the structure of it without downloading the whole thing yourself.

One part I was a bit surprised at was finding ./binary-only-modules/ar531x-wdt.o this is a binary driver for the Atheros AR531x chip which provides the wireless functionaility. The initial release of the source code for the Fonera was delayed for a while because Fon were working on GPL compliance with Atheros I guess they were hoping to get the source code to this module released, but failed in the end. Binary kernel modules are fairly common and I think are within the letter of the GPL if not the full spirit of the GPL.

Most of the code is fairly standard stuff taken from the OpenWrt project, I am only really interested in the bits that Fon have customised, so I started by looking for all the filenames containing “fon” here they are:

./package/iptables/files/firewall.fon
./package/base-files/default/etc/config/fon
./package/base-files/default/etc/resolv.conf.fon
./package/base-files/default/etc/fon_version
./package/base-files/default/etc/fon_revision
./package/base-files/default/etc/fon_device
./package/foncheckrsa
./package/foncheckrsa/files
./package/foncheckrsa/files/etc
./package/foncheckrsa/files/etc/public_fon_rsa_key.der
./package/foncheckrsa/src
./package/foncheckrsa/src/rmd160.h
./package/foncheckrsa/src/bigint.h
./package/foncheckrsa/src/rmd160.c
./package/foncheckrsa/src/bigint_impl.h
./package/foncheckrsa/src/foncheckrsa.c
./package/foncheckrsa/src/bigint.c
./package/foncheckrsa/Makefile
./package/chillispot/files/chillispot-fon.init
./package/chillispot/patches/100-fon.patch

The ./package/foncheckrsa/* files are a small package for checking digital signatures. The comment in foncheckrsa.c explains it rather well:

/*
* foncheckrsa.c
*
* Verifies a file against an RSA crypted RIPMD160 signature
*
* 20060728 Pablo Martín Medrano
*
* The signature is created using openssl as follows:
* openssl dgst -rmd160 -sign signature
*
* This creates a signature of the same length of the key (512 bytes),
* that is made _decrypting_ the RMD160 checksum of the file, after
* padding it to expand it to 512 bytes using the padding mechanism
* described as PKCS#1 v1.5 in RFC 271.., using the private key.
*
* This program performs the check, by _crypting_ the signature using
* the RSA public key, getting rid of the padding bytes, and comparing
* the resulting RMD160 checksum with the one it calculates by itself.
*
* RIPEMD-160 software written by Antoon Bosselaers,
* available at http://www.esat.kuleuven.be/~cosicart/ps/AB-9601/.
*
* The bignumber implementation have been liberally taken from the code
* of axSSL
*
* This is just a small wrapper to make it work alltogether in an
* embedded device
*
* The same verification can be performed with openssl by issuing:
* openssl dgst -rmd160 -verify \
* -signature
*
* But OpenSSL is too bulky to be included in a 4MB of flash router
*
* $Id: foncheckrsa.c 50 2006-07-31 13:57:43Z pablo.martin $
*
*/

I will carry on digging and blogging about interesting bits I find over the next days and weeks.