[Linux] Multiplexing Screen

And now an nice tip by Darren Kitchen of Hak5!
( www.hak5.org )

HakTip: Multiplexing Screen Sessions

What’s more wicked than a screen session? Two screen sessions! As we’ve talked about recently the unix command Screen is a great way to maintain bash sessions from multiple SSH clients without losing your work. My favorite shortcut after invoking the “screen” command is CTRL+a followed by “S”, which splits the screen horizontally in two. Use CTRL+a then Tab to switch between the views. Debian users get the added sexyness of vertical split by hitting CTRL+a then Pipe.

[pRoToTyPe] LaFonera OpenWRT/Kismet/GPS/SD-Mod

So, here is the Documentation of the Project that I have been working on the past Months. I called it "Prototype" for no other reason as not having another name ^^'. But actually its just an plain and simple Kismet Server running on an LaFonera 2100 and using GPS for Positing and Time aswell as an SD Card for the Log Files. So... there were many things to do on that project, so that thing will get quite a bit longer and get some pics.

After the installation the use of this system is very easy: Just connect up power, wait about an minute for it to load, attach the GPS Mouse and as soon as the GPS System gots its log, pRoToTyPe will load Kismet and start logging your Wardrive to the SD Card. After you're done, shutdown the System, grab the SD-Card, plug it into your PC and translate the Kismet Files with this Log Viewer: http://mindflip.org/klv/ or use this Script: http://www.perrygeo.net/wordpress/?p=55 to translate the File into an Google Earth File. Additionally you can look upon what your Kismet Client is doing with this Tool: http://www.d3tr.de/dkc/ (you need to allow your client ip in the /etc/kismet/kismet.conf to access Kismet!) or with cgps http://home.arcor.de/ulf.lamping/gpsd/gpsd.html#mozTocId950639 you can see the GPS Data from the pRoToTyPe Box.

Have fun!

Thanks a lot to:

Digininja, Darren Kittchen, lOrdnicO, beakmyn, tOOdy, lopez1364 and cptdondo !

Well we start with the first thing:

I. Modding the LaFonera Router (Hardware)

1. Building an battery pack:

Thats an easy one. Just get an battery pack ( 4 * 1,5 AA Batterys Holder with 9V Clip ) and build the connector for this thing. I just used an 9V Battery Clip Connector and an suiting Connector to the original Fonera Power Port as I wanted an "Plug 'n Play" Solution which should be as easy as it should be reliable.

1_batterypack

1_batterypack2

2. Integrate an RS232 Port with V24 Standard Voltage

To do this, I used an Dremel and installed it on the outside of the Fonera. I also did shorten down one unused Pin and the Screws that secured the Port as there isn't much space within the Fonera and I wanted to install an custom/big Heatsink (later!). For the Conversion I did use this simple Circuit: http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port#Very_simple_console_adapter

2_serial_console_1_drilled

2_serial_console_2_testing

3. SD-Card Mod

The SD-Card Mod is really important as you have not much memory on your Fon left after installing OpenWRT - and the Kismet Server uses up quite a lot of space if not configured correctly - or if you want to do longer Wardrives. So first thing is to accquire an SD-Card Slot - possibly from an old and damaged MultiCard Reader. I did it that way, just openend the Case and unsoldered the Slot, so I could use it. Then, I did drill an hole into the buttom of the Fonera and installed the SD Card Slot there.  For more pictures: http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_SD-Card/Reader_Position

Additional to the Instruction there I did install an "Touch Protection" with Hotglue and Plexi as I didn't wanted the PCB to lay out unprotected to everything...

3_sd-card_3

After installing the Card Reader Slot Physically, you need to wire it. That was quite an problem for me, as the pictures in the net seemed a bit problematic and "not saying" - so I try to provide you with a bit more information than the other How To.

3_sd-card_4_final_wire

3_sd-card_5_sd_slot

If you run the wires like this, this should be an easy step. I actually did solder on the wires "directly" to the connector pins of the sd card slot, as the reader had been damaged and i did not wanted to solder some points onto the really connectors and some onto the pins - so i run everything onto them and did isolate (and stablize) the whole thing with hot glue.

So, that should be it for the SD-Card Mod - with one exception: You need to desolder some smd capacitors (C142, C143, C144, C145). They're found on the upper side of the Fonera Board directly next to the Ethernet Port, a little beneth the GPIO Ports we just soldered.

3_sd-card_6_cond_out

I marked the "earlier" place of the capacitors red, just use an soldering iron with an small head and quickly give the one side 1-2 seconds warmth, than directly the other one, and it should come off by itself - or stick to the soldering iron. Now, the SD-Card Mod is finished - in terms of hardware.

4. Phantom Powered GPS TTL Inteface

So, for the GPS I did integrate and second Connector which does - unlike the Serial Port I added, does connect the Serial Port of the LaFonera directly (so on "TTL Level" without the Converter I did add for the serial port conversion) - and does add some phantom power aswell. But do only(!!!) do this if you know that your GPS Mouse works on TTL Level aswell. If you plug in an V24 (standard PC Level GPS Mouse) it will damage your LaFonera.

4_gps_ttl_1_connector

Wiring is following: Black - Ground, Yellow - RX, Blue - TX, Red - 5V: Tx and Rx are directly wired to the Serial Port of the LaFonera Interface, the 5 V come from the Main Power Connector of the LaFonera.

4_gps_ttl_2_connector_inside

5. Adding an Bigger Heatsink to the LaFonera

As the "old" LaFonera had serious Issues concering the CPU Temperature - and also was fitted only with an small stock heatsink, I decided to replace the "old" and small with an custom one which did cover the whole metal casing of the Atheros CPU. I did not remove this casing as I did not wanted to expose the SMD stuff to any possible damage through the bigger heatsink. And I could attach it quite more easily. To remove the old heatsink, turn around the PCB - you will see that it is not only "glued" onto the metal shield with an thermal pad - but also has two solder points onto the backside of the PCB - which led to two metal fingers - which are soldered or glued to the heatsink. So long story short: First unsolder the two big solder points on the back of the PCB, then lever off the old Heatsink with an flat sharp screwdriver - gently. Otherwise you could damage the PCB or the Chipset! The new Heatsink is made from aluminium and derieved from an old and dead ATI Graphics Card. I did only cut it down with an saw to the needed size and did rasp the cut edges smooth. Then I applied thermal grease to the metal shield and did install the heatsink onto that. With super glue I secured the heatsink so that it can't fall off or move. The old heatsink went onto the memory and I did secure it there with hot glue (yeah, you should NOT do that on things that get REALLY hot... but its ok on that thing).

5_heatsink_1

5_heatsink_2

6. Hardware on the LaFonera is done

So thats it, you're done with the modifications on the LaFonera concerning the Hardware. One thing you should really look out is space - you can see you're not going to have much space left after all these mods. In truth the most problematic thing was the perspex cover for the SD-Card Mod - and the cables that came from that. Always remind to keep all the cables only that long that you maybe can laydown the PCB flat onto an table an be able to work on it. The cable lengths for the SD-Mod onto its chapter is already correct. I had pictures with longer cables attached to it and other soldering points ( Earlier I did drain VCC and GND from the serial port - making it even worse.. ^^' ) - but I did only use the "correct" ones in this how to, so you should go for these lengths - or even shorter ones. It really makes your life a lot easier ( I did retrim the cables and the perspex VERY often until I could quite easily close the case again).

6_completed

II. Building Attachments and additional Adaptors (etc.)

1. Building an GPS / Fonera Adaptor

Building the Adaptor to connect the GPS Mouse to the Fonera is quite easy. I did even use the same colors in this Connector as within the Fonera: Black - Ground, Yellow - RX, Blue - TX, Red - 5. The 5V is the Phantom Power. You should NEVER connect an normal Serial GPS Mouse to this Connector, as the 5V Power are supplied over an Pin thats normally used for other Serial Data. So in the best case, this is not even connected in the Mouse. In the worst, you will kill your GPS Mouse. We're going to modify an Serial GPS Mouse to our needs later. You may even forget about the Phantom Power, unplug it and use an normal serial GPS Mouse or build in an switch to enable or disable phantom power. But as I only wanted to use these particular Mouse... I did just leave it like that (simpler and easier Design - and I love the Phantom Power idea: So I only have to use one big battery for everything and not 2 or 3 for every part of the gadget - and if one is empty nothing will work anymore...). First picture does show the completed adaptor. I did use shrinkin tube to make the cable more robust in physical terms. I did also use hot glue and the installed strain relief to protect the cable and soldering points. The Pin Out for this Male RS232 plug is following: Pin 4 Rx (Yellow), Pin 3 Tx (Blue), Pin 1 GND (Black), Pin 9 5V (Red).

II_1_gps_fon_1

II_1_gps_fon_2

2. Building an GPS / PC Adaptor

To use the (later) modified serial Mouse on an stock RS232 (V24) PC Interface, we would need three things: 1.) Power injection for the GPS, 2.) TTL to V24 Conversion, 3.) Not giving the Phantom Power to your PC. All in all thats quite easy to handle. Sadly I don't have many pictures of the Adaptor, but I'll try to explain as good as I can. Basically you need to pack within that Adaptor the same RS232 / TTL Logic as you build into the Fonera. Then you need to wire up an USB Connector to this thing. You wire GND from the USB Connector and RS232 together and the 5V to a) the Phantom Power Port and b) you need to build an simple  5V to 3,3V Converter for the TTL to V24 Converter. This Converter you can see in the third Picture. R (Resistor) is 120 Ohm, while the Zenner Diode (3,3V) is set to reverse-biasing. You grab the power for the TTL Converter between the R and Z and connect minus to the end of the Z Diode. You connect from the female PC Port to the male GPS Port everything through (GND, RX, TX) except the Phantom Power which is only attached to the GPS Port.

II_2_gps_injector_1

II_2_gps_injector_2

II_2_gps_injector_3_z

3. Modding an Royaltek RGM 2000 (Bluemouse) for use with the Adaptors

For this project I used an Royaltek RGM 2000 "Bluemouse". Its an serial Mouse that I choosed mainly because of 3 Points: 1.) Its cheap (14€ I got one), 2.) Its widely available (Aldi did produce one Navigation System with this Mouse and therefor there are many of them on ebay...), 3.) It was the first serial Mouse to find on googeling ;-). So, as the mouse has an proprietary connector, I did cut this down first. You now can see four wires, black (GND, Pin 5), red (5V, Pin 6), yellow (TX, Pin 2), white (RX, Pin 3) - packed into an female RS232 Connector. So the wiring can be found on the picture two (By the way, you will find that the RX is wired to the TX of the PC / Fonera Adaptor and vice versa - thats ok, should be and is an must ;-)).

II_3_gps_mouse_1

II_3_gps_mouse_2

III. Modding the LaFonera Router (Software)
You got two possibilties:
I. The Quickinstall with my Installscript
II. The Manual Install by Hand (same Standard, describes more details if first does fail)

I. Modding the LaFonera Router (Software) Script/Quickstart:

1. Installing OpenWRT

Download http://downloads.openwrt.org/kamikaze/8.09/atheros/openwrt-atheros-vmlinux.lzma
Download http://downloads.openwrt.org/kamikaze/8.09/atheros/openwrt-atheros-root.squashfs
Download Fon Flash http://www.gargoyle-router.com/download.php (and install wpcap Drivers as well, are included in Wireshark)
Download Prototype Install Script prototype_install

a) via Fon Flash:

- Start FonFlash
- Select your Network Interface Card
- Select Rootfs (openwrt-atheros-root.squashfs)
- Select Kernel (openwrt-atheros-vmlinux.lzma)
- Press Flash Router now and Power Up the Fonera.
- Takes approx. 20 Minutes

b) via Serial Port and Tftp Server:
- Extract the two Firmware Files onto an reachable tftp Server
- Connect the Lan Port to your Network
- Connect to Serial (9600 baud, 8 Bit Data, 1 Stop Bit, No Software/Hardware Flow Control)
- Power Up the Fonera and Press CTRL+C (within 2 Seconds)
You end up in RedBoot>

Enter these Commands:
// First IP is the Fonera IP/Subnet, Second is the TFTPServer
ip_address -l 192.168.1.254/24 -h 192.168.1.1
// Complete Kill of the Fonera Software:
fis init -f
// Download the Firmware Header and Root (fis can take about 20 Minutes!)
load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
fis create -e 0×80041000 -r 0×80041000 vmlinux.bin.l7
// Read Out Free Space
fis free  ( Output like 0xA80F0000 .. 0xA87E0000 )
// Calculate on another Linux System the free Space with bc
bc
obase=16
ibase=16
A87E0000 – A80F0000
6F0000 -> 0xlength
// Download the Firmware Root
load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
// Create Root on the next free Space that you calulcated (0xANDWHATYOUGOT)
fis create -l 0×6F0000 rootfs
// Configure Bootup, enter:
fconfig
// Enter Bootup Script, enter these two lines and press Enter a third time
fis load -l vmlinux.bin.l7
exec

// The complete Config should look like that (nothing else changed as the Bootup Script!)
RedBoot> fconfig
Run script at boot: true
Boot script:
.. fis load -l vmlinux.bin.l7
.. exec
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.l7
>> exec
>>
Boot script timeout (1000ms resolution): 1
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address: 192.168.1.254
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.1
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot>
// Reboot, you’re done with flashing!
reset

2. Configure OpenWRT
vi /etc/config/network

config interface loopback
option ifname    lo
option proto    static
option ipaddr    127.0.0.1
option netmask    255.0.0.0

config interface lan
option ifname   eth0
option type     bridge
option proto    dhcp

3. Installing Software
opkg update
opkg install luci-app-mmc_over_gpio
opkg install kmod-nls-base
opkg install kmod-nls-cp437
opkg install kmod-nls-iso8859-1
opkg install kmod-fs-vfat
opkg install kmod-mmc-over-gpio --force_reinstall
opkg install luci-app-mmc_over_gpio --force_reinstall
opkg install kismet-server
opkg install gpsd
opkg install netcat
opkg install hotplug2
reboot

4. Configure
Set password with passwd
Connect with WinSCP to the Box
Upload prototype_install to /tmp
chmod +x /tmp/prototype_install
./tmp/prototype_install
reboot

./etc/init.d/mmc_over_gpio start
./etc/init.d/mmc_over_gpio stop
./etc/init.d/mmc_over_gpio start
mount /dev/mmcblk0p1 /mnt
reboot

Done

II. Modding the LaFonera Router (Software) Manual:

1. Installing OpenWRT

Download http://downloads.openwrt.org/kamikaze/8.09/atheros/openwrt-atheros-vmlinux.lzma
Download http://downloads.openwrt.org/kamikaze/8.09/atheros/openwrt-atheros-root.squashfs
Download Fon Flash http://www.gargoyle-router.com/download.php (and install wpcap Drivers as well, are included in Wireshark)

a) via Fon Flash:

- Start FonFlash
- Select your Network Interface Card
- Select Rootfs (openwrt-atheros-root.squashfs)
- Select Kernel (openwrt-atheros-vmlinux.lzma)
- Press Flash Router now and Power Up the Fonera.
- Takes approx. 20 Minutes

b) via Serial Port and Tftp Server:
- Extract the two Firmware Files onto an reachable tftp Server
- Connect the Lan Port to your Network
- Connect to Serial (9600 baud, 8 Bit Data, 1 Stop Bit, No Software/Hardware Flow Control)
- Power Up the Fonera and Press CTRL+C (within 2 Seconds)
You end up in RedBoot>

Enter these Commands:
// First IP is the Fonera IP/Subnet, Second is the TFTPServer
ip_address -l 192.168.1.254/24 -h 192.168.1.1
// Complete Kill of the Fonera Software:
fis init -f
// Download the Firmware Header and Root (fis can take about 20 Minutes!)
load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7
// Read Out Free Space
fis free  ( Output like 0xA80F0000 .. 0xA87E0000 )
// Calculate on another Linux System the free Space with bc
bc
obase=16
ibase=16
A87E0000 - A80F0000
6F0000 -> 0xlength
// Download the Firmware Root
load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
// Create Root on the next free Space that you calulcated (0xANDWHATYOUGOT)
fis create -l 0x6F0000 rootfs
// Configure Bootup, enter:
fconfig
// Enter Bootup Script, enter these two lines and press Enter a third time
fis load -l vmlinux.bin.17
exec

// The complete Config should look like that (nothing else changed as the Bootup Script!)
RedBoot> fconfig
Run script at boot: true
Boot script:
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.l7
>> exec
>>
Boot script timeout (1000ms resolution): 2
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address: 192.168.1.1
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.254
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration – continue (y/n)? y
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0×80ff0000-0×81000000 at 0xa87e0000: .
RedBoot>
// Reboot, you’re done with flashing!
reset

2. Configure OpenWRT

Change the Network Settings to whatever you want. I personally did use my Laptop with ICS as "Router" to Connect the LaFonera to my Work Network. The configuration of the file was within /etc/config/network:

config interface loopback
option ifname    lo
option proto    static
option ipaddr    127.0.0.1
option netmask    255.0.0.0

config interface lan
option ifname    eth0
option type     bridge
option proto    static
option ipaddr    192.168.0.2
option netmask    255.255.255.0
option dns    192.168.0.1
option gateway    192.168.0.1

Or use dhcp:

config interface loopback
option ifname    lo
option proto    static
option ipaddr    127.0.0.1
option netmask    255.0.0.0

config interface lan
option ifname   eth0
option type     bridge
option proto    dhcp

Than I did also set the correct Timezone for the LaFonera. In my case that was GMT+1. You set it with:

echo GMT+1 > /etc/TZ

OR  COMPLETE /etc/TZ for Europe, Berlin:

echo CET-1CEST,M3.5.0,M10.5.0/3 > /etc/TZ

3. Installing SD-Card Mod

Basically it breaks down to the commands "opkg update" and "opkg install luci-app-mmc_over_gpio" but, there were many errors on my trial as it did install program parts in an wrong order and needed dependencys which weren't installed at that point. So I do attach my install log to the end of this How to - maybe that will help you. After you installed it without errors, you need to configure the mmc drivers to the Fonera standards ( These steps were taken from http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_SD-Card#OpenWRT_Kamikaze_8.09 )

vi /etc/init.d/mmc_over_gpio

edit:
add_device "default" 5 4 3 7 0

to:
add_device "default" 1 3 4 14 0
sleep 1
remove_device "default"
sleep 1
add_device "default" 1 3 4 7 0

then start with
/etc/init.d/mmc_over_gpio start

you should see:
configfs on /config type configfs (rw)
gpio-mmc: Failed to request mmc_spi module.
mmc_spi spi32761.0: SD/MMC host mmc0, no DMA, no WP, no poweroff
gpio-mmc: MMC-Card "default" attached to GPIO pins di=1, do=3, clk=4, cs=7
mmc_spi spi32761.0: can't change chip-select polarity
root@OpenWrt:~# mmc0: new SD card on SPI
mmcblk0: mmc0:0000 SD01G 1006080KiB
mmcblk0: p1

then create an dir where you want to mount the sd-card:
mkdir /mnt/mmc

and mount the sd-card:
mount /dev/mmcblk0p1 /mnt/mmc

you should also change the /etc/config/fstab according to your setup:

config 'mount'
option 'enabled' '1'
option 'device' '/dev/mmcblk0p1'
option 'fstype' 'vfat'
option 'target' '/mnt'
option 'options' 'defaults'

config 'swap'
option 'device' '/dev/sda2'

COMPLETE /etc/init.d/mmc_over_gpio at the end

4. Installing Kismet-Server

Installing the Kismet-Server to make your Wardrive is easy. Just enter

opkg update
opkg install kismet-server

To configure the Kismet-Server you need to make some basic changes. From the OpenWRT Forum this quote:

I found the way to launch the ksimet server. The Fonera with Atheros AR2315 with Kamikaze 7.09
edit /etc/kismet/kismet.conf and configure source as
source=Madwifi_g,wifi0,wireless

run kismet server as
kismet_server -f /etc/kismet/kismet.conf

COMPLETE /etc/kismet/kismet.conf at the end

5. Installing gpsd

GPSD is the gps Daemon for Linux which does get the signals from the GPS Mouse and does send them to Kismet - or an remote Network Source. Netcat is an tool to use network sessions like telnet with pipes. In our case we do use netcat to connect to the gpsd and try to grab an valid time signal from it. An valid time signal has two meanings: a) We do use it to set the inside clock of the Fon to the current time, b) We know that we have an valid GPS Lock and can go on and fire up kismet.

opkg update
opkg install gpsd
opkg install netcat

Install Log at the End

6. Installing the pRoToTyPe Script
create the prototype file in /etc/init.d and give it chmod +x:

#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org

START=94
STOP=15

start() {
echo "Loading pRoToTyPe..."

# mount sd card
echo "Load SD-Card Driver..."
/etc/init.d/mmc_over_gpio stop
/etc/init.d/mmc_over_gpio start
sleep 1
echo "Mount SD-Card.."
mount /dev/mmcblk0p1 /mnt

# setup serial port
echo "Setup Serial Port..."
stty -F /dev/ttyS0 raw speed 4800 -clocal cs8 -parenb -cstopb

# setup gpsd
echo "Setup GPSD..."
gpsd /dev/ttyS0 -n # with none wait

#setup time via gps
i=0;
while (i=$(($i+1)) && [ "$i" -lt 5 ]);
do
sleep 5
(echo d ; sleep 1; echo d; sleep 1; echo d) | (nc localhost 2947) > /tmp/gps_time &
TEST=$!
sleep 4
kill -s SIGINT $TEST
killall nc
date=$`cat /tmp/gps_time | tail -n 1`
year=$(echo $date | sed 's/.*D=\([0-9]*\)-.*/\1/')
[ "$year" -gt 2004 ] && break
done;
echo "slept $i times while waiting gps lock.."

echo "Setting date $date"
date -s $(echo $date | sed 's/GPSD,D=\([0-9]*\)\(.*\):.*/\2\1/' | sed 's/[^0-9]//g')

# start kismet
echo "Start Kismet..."
/usr/bin/kismet_server -f /etc/kismet/kismet.conf &

# thats it, we rock!
echo "Prototype up and running!"
}

stop() {
echo "Unloading pRoToTyPe..."
# command to kill application

echo "Kill Kismet..."
killall kismet_server
echo "Kill GPSD..."
killall gpsd
echo "Reset Serial Port..."
stty -F /dev/ttyS0 raw speed 9600 -clocal cs8 -parenb -cstopb

echo "UmountSD-Card..."
umount /mnt
sleep 5
echo "Unload SD-Card Driver..."
/etc/init.d/mmc_over_gpio stop
}

Then you should symlink this file so that it get executed at lunch and shutdown;
ln -s /etc/init.d/prototype /etc/rc.d/K15prototype
ln -s /etc/init.d/prototype /etc/rc.d/S94prototype

7. Installing Rescue System

If something with the Ethernet Console goes wrong and you need to access the pRoToTyPe via Serial Port, you're in trouble: On normal boot, the pRoToTyPe System does change the console settings and does use it for gpsd. With this Rescue System, you're in the boat again: Just press and release the Reset Button for one second, the Rescue System will kick in, overwrite the inittab with console Settings,
Reset the Serial Port to 9600, Remove pRoToTyPe Autostart and Plant an "Rebirth" System. Then it will reboot the box. After the boot, you can access it via Serial Port and work on it. The Rebirth System does automatically set back the Inittab and pRoToTyPe Autostart - so on the next boot, pRoToTyPe will automatically be in working order again! Great, ain't it? And easy to realize!

opkg install hotplug2

vi /etc/hotplug.d/button/30-button-trigger

#!/bin/sh
if [ "${ACTION}" == "released" ]
then
/etc/init.d/prototype_reset
fi

vi /etc/init.d/prototype_reset
#!/bin/sh
echo '::sysinit:/etc/init.d/rcS S boot' > /etc/inittab
echo '::shutdown:/etc/init.d/rcS K stop' >> /etc/inittab
echo 'tts/0::askfirst:/bin/ash --login' >> /etc/inittab
echo 'ttyS0::askfirst:/bin/ash --login' >> /etc/inittab
echo '#tty1::askfirst:/bin/ash --login' >> /etc/inittab
init -q
stty -F /dev/ttyS0 raw speed 9600 -clocal cs8 -parenb -cstopb
rm /etc/rc.d/K15prototype
rm /etc/rc.d/S94prototype
ln -s /etc/init.d/prototype_rebirth /etc/rc.d/S94prototype_rebirth
reboot

chmod +x /etc/init.d/prototype_reset

vi /etc/init.d/prototype_rebirth
#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org
START=94
start() {
ln -s /etc/init.d/prototype /etc/rc.d/K15prototype
ln -s /etc/init.d/prototype /etc/rc.d/S94prototype
echo '::sysinit:/etc/init.d/rcS S boot' > /etc/inittab
echo '::shutdown:/etc/init.d/rcS K stop' >> /etc/inittab
echo '#tts/0::askfirst:/bin/ash --login' >> /etc/inittab
echo '#ttyS0::askfirst:/bin/ash --login' >> /etc/inittab
echo '#tty1::askfirst:/bin/ash --login' >> /etc/inittab
rm /etc/rc.d/S94prototype_rebirth
}

chmod +x /etc/init.d/prototype_rebirth

What does these files do?

30-button-trigger:
Setting Up the File to determine what it shall do upon an Button Press (1 sec) and Release.
(Trigger prototype_reset)

prototype_reset:
Reset the Inittab to Console, Reset the Serial Port, Erase Autostart of pRoToType, Set Rebirth System (prototype_rebirth) and reboot

prototype_rebirth:
After the ResetReboot the Rebirth System does set the Autostart of the pRoToTyPe System again and removes the Rebirth System

Attachment Quickinstall Log:

BusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

_______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
|__| W I R E L E S S   F R E E D O M
KAMIKAZE (8.09, r14511) ----------------------------
* 10 oz Vodka       Shake well with ice and strain
* 10 oz Triple sec  mixture into 10 shot glasses.
* 10 oz lime juice  Salute!
---------------------------------------------------
root@OpenWrt:/# opkg    ifconfig
br-lan    Link encap:Ethernet  HWaddr
inet addr:134.96.74.122  Bcast:134.96.74.127  Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:47 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3694 (3.6 KiB)  TX bytes:812 (812.0 B)

eth0      Link encap:Ethernet  HWaddr
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:60 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5288 (5.1 KiB)  TX bytes:1855 (1.8 KiB)
Interrupt:4 Base address:0x1000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@OpenWrt:/# opg kg update
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/Packages.gz
Connecting to downloads.openwrt.org (78.24.191.177:80)
Packages.gz            0% |                               |     0  --:--:-- ETAPackages.gz          100% |*******************************|   143k --:--:-- ETA
Inflating http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/snapshots
root@OpenWrt:/# opkg install luci-app-mmc_over_gpio
Installing luci-app-mmc_over_gpio (0.8.6-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./luci-app-mmc_over_gpio_0.8.6-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
luci-app-mmc_over_gp   0% |                               |     0  --:--:-- ETAluci-app-mmc_over_gp 100% |*******************************|  2061  --:--:-- ETA
Installing kmod-mmc-over-gpio (2.6.26.5-atheros-2) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-mmc-over-gpio_2.6.26.5-atheros-2_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-mmc-over-gpio_2   0% |                               |     0  --:--:-- ETAkmod-mmc-over-gpio_2 100% |*******************************|  5565  --:--:-- ETA
Installing kmod-mmc-spi (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-mmc-spi_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-mmc-spi_2.6.26.   0% |                               |     0  --:--:-- ETAkmod-mmc-spi_2.6.26. 100% |*******************************|  7219  --:--:-- ETA
Installing kmod-mmc (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-mmc_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-mmc_2.6.26.5-at   0% |                               |     0  --:--:-- ETAkmod-mmc_2.6.26.5-at 100% |*******************************| 28898  --:--:-- ETA
Installing kmod-crc-itu-t (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-crc-itu-t_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-crc-itu-t_2.6.2   0% |                               |     0  --:--:-- ETAkmod-crc-itu-t_2.6.2 100% |*******************************|  2269  --:--:-- ETA
Installing kmod-crc7 (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-crc7_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-crc7_2.6.26.5-a   0% |                               |     0  --:--:-- ETAkmod-crc7_2.6.26.5-a 100% |*******************************|  1911  --:--:-- ETA
Installing kmod-spi-gpio (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-spi-gpio_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-spi-gpio_2.6.26   0% |                               |     0  --:--:-- ETAkmod-spi-gpio_2.6.26 100% |*******************************|  3945  --:--:-- ETA
Installing kmod-spi-bitbang (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-spi-bitbang_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-spi-bitbang_2.6   0% |                               |     0  --:--:-- ETAkmod-spi-bitbang_2.6 100% |*******************************|  3580  --:--:-- ETA
Configuring kmod-crc-itu-t
Configuring kmod-crc7
Configuring kmod-mmc
Configuring kmod-mmc-over-gpio
spi_gpio: Unknown symbol spi_bitbang_stop
spi_gpio: Unknown symbol spi_bitbang_start
gpiommc: Unknown symbol spi_gpio_next_id
Configuring kmod-mmc-spi
Configuring kmod-spi-bitbang
Configuring kmod-spi-gpio
Configuring luci-app-mmc_over_gpio
cfg24c30b
root@OpenWrt:/# opkg install kmod-nls-base
Installing kmod-nls-base (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-nls-base_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-nls-base_2.6.26   0% |                               |     0  --:--:-- ETAkmod-nls-base_2.6.26 100% |*******************************|  3724  --:--:-- ETA
Configuring kmod-nls-base
root@OpenWrt:/# opkg install kmod-nls-cp437
Installing kmod-nls-cp437 (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-nls-cp437_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-nls-cp437_2.6.2   0% |                               |     0  --:--:-- ETAkmod-nls-cp437_2.6.2 100% |*******************************|  2977  --:--:-- ETA
Configuring kmod-nls-cp437
root@OpenWrt:/# opkg install kmod-nls-iso8859-1
Installing kmod-nls-iso8859-1 (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-nls-iso8859-1_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-nls-iso8859-1_2   0% |                               |     0  --:--:-- ETAkmod-nls-iso8859-1_2 100% |*******************************|  2650  --:--:-- ETA
Configuring kmod-nls-iso8859-1
root@OpenWrt:/# opkg install kmod-fs-vfat
Installing kmod-fs-vfat (2.6.26.5-atheros-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-fs-vfat_2.6.26.5-atheros-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-fs-vfat_2.6.26.   0% |                               |     0  --:--:-- ETAkmod-fs-vfat_2.6.26. 100% |*******************************| 37664  --:--:-- ETA
Configuring kmod-fs-vfat
root@OpenWrt:/# opkg install kmod-mmc-over-gpio --force_reinstall
Reinstalling kmod-mmc-over-gpio (2.6.26.5-atheros-2) on root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kmod-mmc-over-gpio_2.6.26.5-atheros-2_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kmod-mmc-over-gpio_2   0% |                               |     0  --:--:-- ETAkmod-mmc-over-gpio_2 100% |*******************************|  5565  --:--:-- ETA
Configuring kmod-mmc-over-gpio
root@OpenWrt:/#
root@OpenWrt:/# opkg install luci-app-mmc_over_gpio -f -force_reinstall
Reinstalling luci-app-mmc_over_gpio (0.8.6-1) on root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./luci-app-mmc_over_gpio_0.8.6-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
luci-app-mmc_over_gp   0% |                               |     0  --:--:-- ETAluci-app-mmc_over_gp 100% |*******************************|  2061  --:--:-- ETA
Configuring luci-app-mmc_over_gpio
cfg26c30b
^Copkg: interrupted. writing out status database
root@OpenWrt:/# root@OpenWrt:/# opkg install luci-app-mmc_over_gpio --force_reinstall
Reinstalling luci-app-mmc_over_gpio (0.8.6-1) on root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./luci-app-mmc_over_gpio_0.8.6-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
luci-app-mmc_over_gp   0% |                               |     0  --:--:-- ETAluci-app-mmc_over_gp 100% |*******************************|  2061  --:--:-- ETA
Configuring luci-app-mmc_over_gpio
cfg28c30b
root@OpenWrt:/#
root@OpenWrt:/# opkg install kismet-server
Installing kismet-server (2008-05-R1-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./kismet-server_2008-05-R1-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
kismet-server_2008-0   0% |                               |     0  --:--:-- ETAkismet-server_2008-0 100% |*******************************|   214k --:--:-- ETA
Installing uclibcxx (0.2.2-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./uclibcxx_0.2.2-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
uclibcxx_0.2.2-1_mip   0% |                               |     0  --:--:-- ETAuclibcxx_0.2.2-1_mip 100% |*******************************| 60685  --:--:-- ETA
Installing libpcap (0.9.8-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./libpcap_0.9.8-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
libpcap_0.9.8-1_mips   0% |                               |     0  --:--:-- ETAlibpcap_0.9.8-1_mips 100% |*******************************| 67504  --:--:-- ETA
Installing dbus (1.2.3-2) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./dbus_1.2.3-2_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
dbus_1.2.3-2_mips.ip   0% |                               |     0  --:--:-- ETAdbus_1.2.3-2_mips.ip 100% |*******************************|   220k --:--:-- ETA
Installing libexpat (1.95.8-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./libexpat_1.95.8-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
libexpat_1.95.8-1_mi   0% |                               |     0  --:--:-- ETAlibexpat_1.95.8-1_mi 100% |*******************************| 50640  --:--:-- ETA
Configuring dbus
Configuring kismet-server
Configuring libexpat
Configuring libpcap
Configuring uclibcxx
root@OpenWrt:/# opkg install gpsd
Installing gpsd (2.37-3) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./gpsd_2.37-3_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
gpsd_2.37-3_mips.ipk   0% |                               |     0  --:--:-- ETAgpsd_2.37-3_mips.ipk 100% |*******************************| 39945  00:00:00 ETA
Installing libpthread (0.9.29-14) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./libpthread_0.9.29-14_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
libpthread_0.9.29-14   0% |                               |     0  --:--:-- ETAlibpthread_0.9.29-14 100% |*******************************| 19159  --:--:-- ETA
Installing libstdcpp (4.1.2-14) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./libstdcpp_4.1.2-14_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
libstdcpp_4.1.2-14_m   0% |                               |     0  --:--:-- ETAlibstdcpp_4.1.2-14_m 100% |*******************************|   232k --:--:-- ETA
Configuring gpsd
Configuring libpthread
Configuring libstdcpp
root@OpenWrt:/# opkg install netcat
Installing netcat (0.7.1-1) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/./netcat_0.7.1-1_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
netcat_0.7.1-1_mips.   0% |                               |     0  --:--:-- ETAnetcat_0.7.1-1_mips. 100% |*******************************| 16579  --:--:-- ETA
Configuring netcat
root@OpenWrt:/# opkg install hotplug2
Package hotplug2 (0.9+r102-2) installed in root is up to date.
root@OpenWrt:/# cd /
root@OpenWrt:/# ls
bin   etc   jffs  mnt   rom   sbin  tmp   var
dev   home  lib   proc  root  sys   usr   www
root@OpenWrt:/# reboot      reboot
root@OpenWrt:/# Restarting system.

BusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

_______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
|__| W I R E L E S S   F R E E D O M
KAMIKAZE (8.09, r14511) ----------------------------
* 10 oz Vodka       Shake well with ice and strain
* 10 oz Triple sec  mixture into 10 shot glasses.
* 10 oz lime juice  Salute!
---------------------------------------------------
root@OpenWrt:/#
root@OpenWrt:/# passwd
Changing password for root
New password:
Bad password: too short
Retype password:
Password for root changed by root
root@OpenWrt:/# ifconfig
br-lan    Link encap:Ethernet  HWaddr
inet addr:134.96.74.122  Bcast:134.96.74.127  Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3552 (3.4 KiB)  TX bytes:812 (812.0 B)

eth0      Link encap:Ethernet  HWaddr
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4754 (4.6 KiB)  TX bytes:1855 (1.8 KiB)
Interrupt:4 Base address:0x1000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@OpenWrt:/# chmod +x /tmp/prototype_install
root@OpenWrt:/# ./tmp/prototype_install
Setting Up /etc/inittab for pRoToTyPe...
Setting Up TZ for Europe, Berlin...
Setting Up Rescue System:
Creating /etc/hotplug.d/button/30-button-trigger...
mkdir: cannot create directory '/etc/hotplug.d/button': File exists
Creating /etc/init.d/prototype_reset...
Creating /etc/init.d/prototype_rebirth...
Creating /etc/config/network Config...
Creating /etc/config/network.ics Config...
Creating /etc/config/network.home Config...
Creating /etc/config/system Config...
Creating /etc/config/fstab...
Creating /etc/init.d/mmc_over_gpio...
Creating /etc/init.d/prototype...
Creating /etc/kismet/kismet.conf...
mkdir: cannot create directory '/etc/kismet': File exists
Creating /etc/kismet/ap_manuf...
Creating /etc/kismet/client_manuf...
pRoToTyPe installed! Lets rock!
root@OpenWrt:/# reboot
root@OpenWrt:/# Restarting system.

root@pRoToTyPe:/etc/init.d# ./mmc_over_gpio start
configfs on /config type configfs (rw)
mkdir: cannot create directory '/config/gpiommc/default': File exists
root@pRoToTyPe:/etc/init.d# ./mmc_over_gpio stop
root@pRoToTyPe:/etc/init.d# ./mmc_over_gpio start
configfs on /config type configfs (rw)
root@pRoToTyPe:/# mount /dev/mmcblk0p1 /mnt
root@pRoToTyPe:/# df -h
Filesystem                Size      Used Available Use% Mounted on
rootfs                    1.5M      1.5M         0 100% /
/dev/root                 1.5M      1.5M         0 100% /rom
tmpfs                     6.7M     48.0k      6.6M   1% /tmp
tmpfs                   512.0k         0    512.0k   0% /dev
/dev/mtdblock3            5.4M      1.7M      3.7M  31% /jffs
mini_fo:/jffs             1.5M      1.5M         0 100% /
/dev/mmcblk0p1            6.5M         0      6.5M   0% /mnt
root@pRoToTyPe:/#
root@pRoToTyPe:/# reboot

Attachment Manual Install:

- Install Log GPSD

root@OpenWrt:/# opkg update
Downloading http://downloads.openwrt.org/kamikaze/8.09.2-RC2/atheros/packages/Packages.gz
Connecting to downloads.openwrt.org (78.24.191.177:80)
Packages.gz          100% |*******************************|   141k --:--:-- ETA
Inflating http://downloads.openwrt.org/kamikaze/8.09.2-RC2/atheros/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/snapshots
root@OpenWrt:/# opkg list | fgrep gps
gpsd - 2.37-3 - An interface daemon for GPS receivers
root@OpenWrt:/# opkg install gpsd
Installing gpsd (2.37-3) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09.2-RC2/atheros/packages/gpsd_2.37-3_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
gpsd_2.37-3_mips.ipk 100% |*******************************| 39956  --:--:-- ETA
Installing libpthread (0.9.29-14.6) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09.2-RC2/atheros/packages/libpthread_0.9.29-14.6_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
libpthread_0.9.29-14 100% |*******************************| 19161  --:--:-- ETA
Installing libstdcpp (4.1.2-14.6) to root...
Downloading http://downloads.openwrt.org/kamikaze/8.09.2-RC2/atheros/packages/libstdcpp_4.1.2-14.6_mips.ipk
Connecting to downloads.openwrt.org (78.24.191.177:80)
libstdcpp_4.1.2-14.6 100% |*******************************|   232k --:--:-- ETA
Configuring gpsd
Configuring libpthread
Configuring libstdcpp
root@OpenWrt:/#

- /etc/init.d/mmc_over_gpio

#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org
START=90

CONFIGFS_DIR="/config/gpiommc"

# add_device(name, DI_pin, DO_pin, CLK_pin, CS_pin, mode)
add_device() {
local dir="$CONFIGFS_DIR/$1"

mkdir $dir
[ $? -eq 0 ] || return 1
echo $2 > $dir/gpio_data_in
[ $? -eq 0 ] || return 1
echo $3 > $dir/gpio_data_out
[ $? -eq 0 ] || return 1
echo $4 > $dir/gpio_clock
[ $? -eq 0 ] || return 1
echo $5 > $dir/gpio_chipselect
[ $? -eq 0 ] || return 1
echo $6 > $dir/spi_mode
[ $? -eq 0 ] || return 1
# XXX We have more config options available. Use defaults for now.

echo 1 > $dir/register
[ $? -eq 0 ] || return 1

return 0
}

# remove_device(name)
remove_device() {
local dir="$CONFIGFS_DIR/$1"

rmdir $dir
}

mount_configfs() {
# FIXME: This should probably be done somewhere else.
mount | grep configfs
if [ $? -eq 0 ]; then
# already mounted
return 0
fi
mkdir -p /config
[ $? -eq 0 ] || return 1
mount configfs -t configfs /config
[ $? -eq 0 ] || return 1

return 0
}

start() {
# Make sure configfs is mounted
mount_configfs
[ $? -eq 0 ] || return 1

#FIXME we should use a config file, but I dunno how that parser works.
#add_device "default" 5 4 3 7 0

add_device "default" 1 3 4 14 0
sleep 1
remove_device "default"
sleep 1
add_device "default" 1 3 4 7 0
}

stop() {
remove_device "default"
}

- /etc/kismet/kismet.conf

# Kismet config file
# Most of the "static" configs have been moved to here -- the command line
# config was getting way too crowded and cryptic.  We want functionality,
# not continually reading --help!

# Version of Kismet config
version=2005.01.R1

# Name of server (Purely for organiational purposes)
servername=Kismet

# User to setid to (should be your normal user)
#suiduser=nobody
suiduser=root

# Sources are defined as:
# source=cardtype,interface,name[,initialchannel]
# Card types and required drivers are listed in the README.
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
#source=wrt54g,eth1,wireless
# For v1 hardware uncomment this:
# source=wrt54g,eth2,wireless
source=Madwifi_g,wifi0,wireless

# Comma-separated list of sources to enable.  This is only needed if you defined
# multiple sources and only want to enable some of them.  By default, all defined
# sources are enabled.
# For example:
# enablesources=prismsource,ciscosource

# Do we channelhop?
#channelhop=true
channelhop=false

# How many channels per second do we hop?  (1-10)
channelvelocity=5

# By setting the dwell time for channel hopping we override the channelvelocity
# setting above and dwell on each channel for the given number of seconds.
#channeldwell=10

# Do we split channels between cards on the same spectrum?  This means if
# multiple 802.11b capture sources are defined, they will be offset to cover
# the most possible spectrum at a given time.  This also controls splitting
# fine-tuned sourcechannels lines which cover multiple interfaces (see below)
channelsplit=true

# Basic channel hopping control:
# These define the channels the cards hop through for various frequency ranges
# supported by Kismet.   More finegrain control is available via the
# "sourcechannels" configuration option.
#
# Don't change the IEEE80211<x> identifiers or channel hopping won't work.

# Users outside the US might want to use this list:
# defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
defaultchannels=IEEE80211b:1,6,11,2,7,3,8,4,9,5,10

# 802.11g uses the same channels as 802.11b...
defaultchannels=IEEE80211g:1,6,11,2,7,3,8,4,9,5,10

# 802.11a channels are non-overlapping so sequential is fine.  You may want to
# adjust the list depending on the channels your card actually supports.
# defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,184,188,192,196,200,204,208,212,216
defaultchannels=IEEE80211a:36,40,44,48,52,56,60,64

# Combo cards like Atheros use both 'a' and 'b/g' channels.  Of course, you
# can also explicitly override a given source.  You can use the script
# extras/listchan.pl to extract all the channels your card supports.
defaultchannels=IEEE80211ab:1,6,11,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64

# Fine-tuning channel hopping control:
# The sourcechannels option can be used to set the channel hopping for
# specific interfaces, and to control what interfaces share a list of
# channels for split hopping.  This can also be used to easily lock
# one card on a single channel while hopping with other cards.
# Any card without a sourcechannel definition will use the standard hopping
# list.
# sourcechannels=sourcename[,sourcename]:ch1,ch2,ch3,...chN

# ie, for us channels on the source 'prism2source' (same as normal channel
# hopping behavior):
# sourcechannels=prism2source:1,6,11,2,7,3,8,4,9,5,10

# Given two capture sources, "prism2a" and "prism2b", we want prism2a to stay
# on channel 6 and prism2b to hop normally.  By not setting a sourcechannels
# line for prism2b, it will use the standard hopping.
# sourcechannels=prism2a:6

# To assign the same custom hop channel to multiple sources, or to split the
# same custom hop channel over two sources (if splitchannels is true), list
# them all on the same sourcechannels line:
# sourcechannels=prism2a,prism2b,prism2c:1,6,11

# Port to serve GUI data
tcpport=2501
# People allowed to connect, comma seperated IP addresses or network/mask
# blocks.  Netmasks can be expressed as dotted quad (/255.255.255.0) or as
# numbers (/24)
allowedhosts=127.0.0.1,192.168.2.4,192.168.0.1
# Maximum number of concurrent GUI's
maxclients=5

# Do we have a GPS?
#gps=false

## GPSd
gps=true
#gpstype=gpsd
#gpshost=localhost:2947
#gpsmodelock=false
#gpsreconnect=true

## GPS Manual
#gps=true
#gpstype=serial
#gpsdevice=/dev/ttyS0
#gpsreconnect=true

# Host:port that GPSD is running on.  This can be localhost OR remote!
gpshost=localhost:2947
# Do we lock the mode?  This overrides coordinates of lock "0", which will
# generate some bad information until you get a GPS lock, but it will
# fix problems with GPS units with broken NMEA that report lock 0
gpsmodelock=false

# Packet filtering options:
# filter_tracker - Packets filtered from the tracker are not processed or
#                  recorded in any way.
# filter_dump    - Packets filtered at the dump level are tracked, displayed,
#                  and written to the csv/xml/network/etc files, but not
#                  recorded in the packet dump
# filter_export  - Controls what packets influence the exported CSV, network,
#                  xml, gps, etc files.
# All filtering options take arguments containing the type of address and
# addresses to be filtered.  Valid address types are 'ANY', 'BSSID',
# 'SOURCE', and 'DEST'.  Filtering can be inverted by the use of '!' before
# the address.  For example,
# filter_tracker=ANY(!00:00:DE:AD:BE:EF)
# has the same effect as the previous mac_filter config file option.
# filter_tracker=...
# filter_dump=...
# filter_export=...

# Alerts to be reported and the throttling rates.
# alert=name,throttle/unit,burst
# The throttle/unit describes the number of alerts of this type that are
# sent per time unit.  Valid time units are second, minute, hour, and day.
# Burst describes the number of alerts sent before throttling takes place.
# For example:
# alert=FOO,10/min,5
# Would allow 5 alerts through before throttling is enabled, and will then
# limit the number of alerts to 10 per minute.
# A throttle rate of 0 disables throttling of the alert.
# See the README for a list of alert types.
alert=NETSTUMBLER,5/min,2
alert=WELLENREITER,5/min,2
alert=LUCENTTEST,5/min,2
alert=DEAUTHFLOOD,5/min,4
alert=BCASTDISCON,5/min,4
alert=CHANCHANGE,5/min,4
alert=AIRJACKSSID,5/min,2
alert=PROBENOJOIN,5/min,2
alert=DISASSOCTRAFFIC,5/min,2
alert=NULLPROBERESP,5/min,5
alert=BSSTIMESTAMP,5/min,5
alert=MSFBCOMSSID,10/min,1/sec
alert=LONGSSID,10/min,1/sec
alert=MSFDLINKRATE,10/min,1/sec
alert=MSFNETGEARBEACON,10/min,1/sec
alert=DISCONCODEINVALID,10/min,1/sec
alert=DEAUTHCODEINVALID,10/min,1/sec

# Known WEP keys to decrypt, bssid,hexkey.  This is only for networks where
# the keys are already known, and it may impact throughput on slower hardware.
# Multiple wepkey lines may be used for multiple BSSIDs.
# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900

# Is transmission of the keys to the client allowed?  This may be a security
# risk for some.  If you disable this, you will not be able to query keys from
# a client.
allowkeytransmit=true

# How often (in seconds) do we write all our data files (0 to disable)
#writeinterval=300
writeinterval=60

# Where do we get our manufacturer fingerprints from?  Assumed to be in the
# default config directory if an absolute path is not given.
ap_manuf=ap_manuf
client_manuf=client_manuf

# Use metric measurements in the output?
metric=false

# Do we write waypoints for gpsdrive to load?  Note:  This is NOT related to
# recent versions of GPSDrive's native support of Kismet.
waypoints=false
# GPSMap waypoint file.  This WILL be truncated.
waypointdata=%h/.gpsdrive/way_kismet.txt

# How many alerts do we backlog for new clients?  Only change this if you have
# a -very- low memory system and need those extra bytes, or if you have a high
# memory system and a huge number of alert conditions.
alertbacklog=50

# File types to log, comma seperated
# dump    - raw packet dump
# network - plaintext detected networks
# csv     - plaintext detected networks in CSV format
# xml     - XML formatted network and cisco log
# weak    - weak packets (in airsnort format)
# cisco   - cisco equipment CDP broadcasts
# gps     - gps coordinates
#logtypes=dump,network,csv,xml,weak,cisco,gps
logtypes=csv,gps

# Do we track probe responses and merge probe networks into their owners?
# This isn't always desireable, depending on the type of monitoring you're
# trying to do.
trackprobenets=true

# Do we log "noise" packets that we can't decipher?  I tend to not, since
# they don't have anything interesting at all in them.
noiselog=false

# Do we log corrupt packets?  Corrupt packets have enough header information
# to see what they are, but someting is wrong with them that prevents us from
# completely dissecting them.  Logging these is usually not a bad idea.
corruptlog=true

# Do we log beacon packets or do we filter them out of the dumpfile
beaconlog=true

# Do we log PHY layer packets or do we filter them out of the dumpfile
phylog=true

# Do we mangle packets if we can decrypt them or if they're fuzzy-detected
mangledatalog=true

# Do we do "fuzzy" crypt detection?  (byte-based detection instead of 802.11
# frame headers)
# valid option: Comma seperated list of card types to perform fuzzy detection
#  on, or 'all'
fuzzycrypt=wtapfile,wlanng,wlanng_legacy,wlanng_avs,hostap,wlanng_wext

# What type of dump do we generate?
# valid option: "wiretap"
dumptype=wiretap
# Do we limit the size of dump logs?  Sometimes ethereal can't handle big ones.
# 0 = No limit
# Anything else = Max number of packets to log to a single file before closing
# and opening a new one.
dumplimit=0

# Do we write data packets to a FIFO for an external data-IDS (such as Snort)?
# See the docs before enabling this.
#fifo=/tmp/kismet_dump

# Default log title
logdefault=Kismet

# logtemplate - Filename logging template.
# This is, at first glance, really nasty and ugly, but you'll hardly ever
# have to touch it so don't complain too much.
#
# %n is replaced by the logging instance name
# %d is replaced by the current date as Mon-DD-YYYY
# %D is replaced by the current date as YYYYMMDD
# %t is replaced by the starting log time
# %i is replaced by the increment log in the case of multiple logs
# %l is replaced by the log type (dump, status, crypt, etc)
# %h is replaced by the home directory
# ie, "netlogs/%n-%d-%i.dump" called with a logging name of "Pok" could expand
# to something like "netlogs/Pok-Dec-20-01-1.dump" for the first instance and
# "netlogs/Pok-Dec-20-01-2.%l" for the second logfile generated.
# %h/netlots/%n-%d-%i.dump could expand to
# /home/foo/netlogs/Pok-Dec-20-01-2.dump
#
# Other possibilities:  Sorting by directory
# logtemplate=%l/%n-%d-%i
# Would expand to, for example,
# dump/Pok-Dec-20-01-1
# crypt/Pok-Dec-20-01-1
# and so on.  The "dump", "crypt", etc, dirs must exist before kismet is run
# in this case.
#logtemplate=%n-%d-%i.%l
logtemplate=/mnt/%n-%d-%i.%l

# Where do we store the pid file of the server?
piddir=/var/run/

# Where state info, etc, is stored.  You shouldnt ever need to change this.
# This is a directory.
configdir=%h/.kismet/

# cloaked SSID file.  You shouldn't ever need to change this.
ssidmap=ssid_map

# Group map file.  You shouldn't ever need to change this.
groupmap=group_map

# IP range map file.  You shouldn't ever need to change this.
ipmap=ip_map

[Jasager] Fon/Fon+ Newbie Guide to Installlation of Jasager 1.0 Firmware

Pre Info:
This guide has been made with an Fon+ (2201), but should work with any other
Fonera Classic as well. Only limitation is that I have Problems with my
Jasager in Terms of SSIDs, there seems to be a Problem which hasn't been
addressed by Digininja, but the Rest should work.
(Problem described here: http://hak5.org/forums/index.php?showtopic=13883 )

This guide should be quite useful and has been written by using guides and
stuff from this Forum, I just wrote it together and added my own experiances.
Maybe that will turn out as a good starting point and help some newbies.

This Guide ain't perfect and if you think I could add some info - just write me,
I would be happy to provide more accurate Information to make life for new Jasager Friends easier!

Good Luck,
Yours, Nico

0.) Get it started!
- Get the Jasager 1.0 Firmware from Digininja
http://www.digininja.org/jasager/download.php
- Built an Serial Adapter
Its not that hard and you should built one - so you can recover an dead Fonera.
I.e. http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port
I built that myself ("the ugly one") and it works.
Just to add two things:
i) You need to wire RS232 TX to the RX of the Serial (S2) and RS232 RX to the TX
(S3) of the Serial Connector (and 5 is the Ground)
ii) If you use an Fon+ (2201), the Serial Connector on the Phone is like that:

ethernet port

c x VCC 3,3 V MEMORY
a x TX
s x RX CPU
e x GND

1.) Flashing the Fon+ to Jasager
a) With Serial Port only:
- Extract the two Firmware Files onto your PC
- Connect to Serial (9600 baud, 8 Bit Data, 1 Stop Bit, No Software/Hardware Flow Control)
- Power Up the Fonera and Press CTRL+C (within 2 Seconds)
You end up in RedBoot>

Enter fconfig and press Enter until you come to the point Console Baud Rate.
Change the 9600 to 115200. Press enter again till the end and accept the flash with y.
Enter Reset and change the Serial Port settings to 115200 baud.
Repower the Fonera and Press CTRL+C (within 2 Seconds)
You end up in RedBoot>

Enter these Commands:
// Complete Kill of the Fonera Software:
fis init -f
// Download the Firmware Header and Root (fis can take about 20 Minutes!)
load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma -m xmodem
fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.17
load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs -m xmodem
fis create -l 0x6F0000 rootfs
// Configure Bootup, enter:
fconfig
// Enter Bootup Script, enter these two lines and press Enter a third time
fis load -l vmlinux.bin.17
exec

// The complete Config should look like that (nothing else changed as the Bootup Script!)
RedBoot> fconfig
Run script at boot: true
Boot script:
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.17
>> exec
>>
Boot script timeout (1000ms resolution): 2
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address: 192.168.1.1
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.254
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot>
// Reboot, you're done with flashing!
reset

b) With Serial Port and Tftp Server:
- Extract the two Firmware Files onto an reachable tftp Server
- Connect the Wan Port to your Network
- Connect to Serial (9600 baud, 8 Bit Data, 1 Stop Bit, No Software/Hardware Flow Control)
- Power Up the Fonera and Press CTRL+C (within 2 Seconds)
You end up in RedBoot>

Enter these Commands:
// First IP is the Fonera IP/Subnet, Second is the TFTPServer
ip_address -l 192.168.2.99/24 -h 192.168.2.8
// Complete Kill of the Fonera Software:
fis init -f
// Download the Firmware Header and Root (fis can take about 20 Minutes!)
load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.17
load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
fis create -l 0x6F0000 rootfs
// Configure Bootup, enter:
fconfig
// Enter Bootup Script, enter these two lines and press Enter a third time
fis load -l vmlinux.bin.17
exec

// The complete Config should look like that (nothing else changed as the Bootup Script!)
RedBoot> fconfig
Run script at boot: true
Boot script:
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.17
>> exec
>>
Boot script timeout (1000ms resolution): 2
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address: 192.168.1.1
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.254
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot>
// Reboot, you're done with flashing!
reset

c) Via Fon Flash:
- Get FonFlash (and install wpcap Drivers as well, are included in Wireshark)
- Start FonFlash
- Select your Network Interface Card
- Select Rootfs (openwrt-atheros-root.squashfs)
- Select Kernel (openwrt-atheros-vmlinux.lzma)
- Press Flash Router now and Power Up the Fonera.
- Takes approx. 20 Minutes

2.) Connect and Basic Settings
// telnet to 192.168.1.1 and change the root passwd to enable SSH.
telnet 192.168.1.1
passwd
ilovepineapples
ilovepineapples

3.) Fixing Webif
You got two Webinterfaces on the Jasager.
First the Karma/Jasager one at 192.168.1.1:1471,
and Second the Webif/X-Wrt on 192.168.1.1.
In Webif, you can change things like IP Adresses and watch a bunch of data.
Easy configuration for your Fon+ if you're not so used to the CLI in Linux.
Now that you have changed the root password and therefor have access to ssh,
you can use putty to connect to 192.168.1.1

a) Opkg
echo "src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09/atheros/packages" >> /etc/opkg.conf
opkg update
opkg remove -recursive luci-*
opkg update
opkg install webif
reboot

Manual
// Remove Previous Install
opkg -recursive remove haserl
// Download and move these files to the tmp directory on the fon using winSCP
haserl_0.9.24-1_mips.ipk
webif_0.3-4709_mips.ipk
webif-theme-xwrt_0.3-4709_all.ipk
// Install the files using putty.
opkg install haserl_0.9.24-1_mips.ipk
opkg install webif_0.3-4709_mips.ipk
opkg install webif-theme-xwrt_0.3-4709_all.ipk

4.) Enable Wireless
uci set wireless.wifi0.disabled=0
uci commit wireless && wifi
reboot

5.) Duplicate Ports (only on Fon+ 2201)
http://www.frontiernet.net/~beakmyn/JasagerIntercept_Install.html

6.) There is no Step 6. Have fun!

(( http://hak5.org/forums/index.php?showtopic=14973 More Info on Jasager on http://www.digininja.org/jasager/ ))