Now don't get too excited but I've been working on the Sagem router, trying to crack it, although I'm not there yet. Actually, I'll come clean and admit that in fact, I've managed to "brick" my router.

I bought the router off eBay. I've tested it and it manages to establish a connection to Sky's network, so the username and password are still valid (they haven't been deleted from Sky's authentication server).

The CD has a router recovery utility, but the flash image accompanying it seems to be version 1.1sky rather than version 1.5sky reported by the router. I couldn't find any way of pulling the 1.5 firmware off the router so I could only actually do any work with the 1.1 version. But does the 1.1 software work? Having explored all the alternatives without success, I realised that I was going to have to try it out and see. Fortunately, it does seem to work. Whatever changes there are between 1.1sky and 1.5sky - the connection password algorithm seems to be the same. Phew.

I found a utility called nb4-unsquash with which I was able to extract the root filesystem of the 1.1sky flash image, and I put in a similar set of changes to the filesystem as I had used on the Netgear V2 router, dumping the pppd arguments at the point where the router tries to establish a connection. I rebuilt the flash image, but it wouldn't load. After many attempts, I decided to try to flash the router with the latest F@ST 2404 firmware, to see if that was more amenable to loading one of my hacked firmware images.

The first attempt at loading the 2404 firmware seemed to go well, but when the router rebooted, it was dead - or it seemed to be anyway. I noticed however, that the router had changed its address to 192.168.1.1 and was running a stripped-down webserver, which was inviting me to download a new firmware image and assign a MAC address to the device. This would appear to be the router's recovery mode which it goes into if the router's flash memory becomes corrupted. I set the MAC address to be the one on the base of the router, and tried the 2404 firmware image again. Surprisingly it worked! When the router rebooted it was configured as a standard Sagem F@ST 2404 router.

If that seemed like a success, it wasn't. Well, not as far as cracking the router was concerned. Although I'd managed to transform the Sky router into a standard Sagem router, I discovered that it was impossible to get it back to the 1.1sky firmware - it would report an error during download and just reboot with the Sagem firmware. I tried various hacked firmware images based on the 1.1sky firmware, but all I got was either the same error during download, or, if the download was successful, a router in its recovery mode.

With my final attempt to get the router back to Sky's firmware, I managed to get a flash image which was close enough to being OK that the router didn't go into its recovery mode, but not close enough not to crash. The upshot of this is that I now have a Sky branded Ethernet switch, rather than a Sky branded router. Quite a disappointment after the amount of work I'd put into this.

I've bid on another Sagem router on eBay. This time, I definitely won't be putting the 2404 firmware on it. What I'm going to do is concentrate on getting the hacked version of the Sky firmware correct. To do this, I'll unsquash the 1.1sky image, and then, without altering it in any way, try to rebuild a flash image. Only once I've mastered this process - which means getting a rebuilt flash image which is identical to Sky's image - will I attempt to modify the root filesystem.

I should be able to keep working on perfecting this image building process even without a working router, so I'll be carrying on with that. I'm pretty confident that I'll get this problem cracked, although it looks like the process of extracting the connection credentials will mean that you won't be able to get back to the 1.5sky firmware that the router came with. This is in contrast to the Netgear V2 router, where it is possible to get your router back to its original state

Ooh - and checking on eBay I see that I've won the eBay auction - £5 plus £6 postage. Bargain!