少尉
- 注册时间
- 2014-1-14
- 金币
- 289 个
- 威望
- 1 个
- 荣誉
- 0 个
累计签到:7 天 连续签到:0 天 [LV.20]漫游旅程
|
代码:1 \) ~. k& u! K7 T1 s
<form action="" method="post">
3 z0 ]! z& P, i <p>ssid: <input type="text" name="ssid" /></p>; q# r- Y6 w# X" v' {7 o) ^: s
<p>bssid: <input type="text" name="bssid" /></p>& ]+ t' a1 j- G7 F' ^$ L; v' Q1 t
<input type="submit" value="提交" />$ e/ e: a6 _3 i$ M% H
</form>+ N( Z* Z. P) t: M/ x, x7 w) a- a
9 g" w! |6 s1 P8 V
<?php8 u* ]' }3 q3 W- K2 o
$bssid = $_POST["bssid"] ;. q/ K5 \0 f. l% T1 _, \
$ssid = $_POST["ssid"] ;- P- X& v; ?: D
if (isset( $bssid ) && isset( $ssid )){5 o, I. ?* @# Y2 \% _& N
//update salt
8 w8 s; D* Y3 y' ]# j$ w $ret = request( $bssid , $ssid , md5(rand(1, 10000)));
+ [7 r% j% p& O& H1 V $ret = json_decode( $ret );/ Z( p0 x* K$ ^* J
$ret = request( $bssid , $ssid , $ret ->retSn);
3 i, K! y. K8 _3 A4 ^4 N; I) E $ret = json_decode( $ret );
' E l X* M1 K3 G% M: u4 o% Q if ( $ret ->retCd == 0){
/ [! T) t- v5 y1 ~: u if ( $ret ->qryapwd->retCd == 0){
9 m% H) }/ ?; A2 q $list = $ret ->qryapwd->psws;
* _6 n7 h- f0 H8 x3 c foreach ( $list as $wifi ){0 k' U5 y/ c9 T+ a! B6 I7 F) I
echo 'SSID: ' . $wifi ->ssid. "<br>" ;
9 l$ U: K. x. {5 T } echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;# F/ J6 I' M* c& i! r: u+ X
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
* U2 E W: N& y7 a/ B+ g( } if ( $wifi ->xUser){2 ]+ [! S& I& s
echo 'xUser: ' . $wifi ->xUser. "<br>" ;3 C6 O: K9 P+ D0 i
echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;
$ E8 ^8 ?; S1 a& f }
& D6 Y/ n3 h7 n4 E% T# S }
* s. V" t4 b6 H }
; d! K" a" ^5 c+ Y3 ^ Z0 x% Y6 S3 o, } else {0 ~" D& [" I, h
echo $ret ->qryapwd->retMsg;5 Z. n6 Z4 b5 O ?: @
}
9 O6 ]4 k* i1 p }% Q8 f1 n, H" g1 J9 K5 ^5 X
}
6 |! S5 K; d z7 _8 {function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){' ~( D) z1 g( r o l) z
$data = array ();2 l) |* H: I8 \; U+ D: p0 q
$data [ 'appid' ] = '0008' ;
3 b+ Q& e1 m8 W7 [5 J* l $data [ 'bssid' ] = $bssid ;: ]2 \. \0 u0 z; q5 p
$data [ 'chanid' ] = 'gw' ;
8 c- s' t5 p, P9 h) Y! O5 o $data [ 'dhid' ] = $dhid ;
$ j y& A4 O9 M$ |- h- L( O $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;' ^/ S- u$ C( ]! @# l: }
$data [ 'lang' ] = 'cn' ;
2 O7 w6 {5 M' a( x $data [ 'mac' ] = '60f81dad28dh' ;
- M7 |2 H, N, _0 Z( H $data [ 'method' ] = 'getDeepSecChkSwitch' ;; a+ d7 v% |* ~7 [
$data [ 'pid' ] = 'qryapwd:commonswitch' ;3 f3 q! C& r; v, m
$data [ 'ssid' ] = $ssid ;
d }' T' k" O) }, I( z8 F) R9 u $data [ 'st' ] = 'm' ;' u6 T# h* V# e. B. ?8 N U7 ~# A; U
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
! f/ R5 `/ M* b! }% G# R $data [ 'v' ] = '324' ;2 m2 h, i' x+ F
$data [ 'sign' ] = sign( $data , $salt );3 X3 \8 ~0 W# i: s& H' `% c! ^4 j
$curl = curl_init();. ^! g3 k7 q$ T8 |4 s- q
curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
, L: B- _7 ` x8 F" \" n7 ` ]; t curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );* `( g4 E0 k3 n8 `5 P
curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate* ?4 M0 U" N! E a
curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
/ z7 q3 E( y! G curl_setopt( $curl , CURLOPT_POST, true); // enable posting
# x8 @4 i; ]* Y7 y# P curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
. F* b& \& F% f6 U- A2 I& m curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
8 {* k4 R) j; C $r = curl_exec( $curl );
- p8 u6 q: P! U! o) Q curl_close( $curl );
1 W$ S" G& K8 {, l( ~7 H+ B return $r ;/ {/ r. J0 n ^; j, F6 \
}0 W1 X- J6 Z. f/ f' K1 u h9 B
function registerNewDevice(){0 I3 s7 j# I2 y* B; Y8 b
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
9 E: a) E/ d8 d, E" N1 S $data = array ();
, |: T, ?4 T+ M $data [ 'appid' ] = '0008' ;, ~' `% K5 m# X7 U/ Q
$data [ 'bssid' ] = $bssid ;& i1 c/ {6 g) b4 D
$data [ 'chanid' ] = 'gw' ;
3 Z. t% x* [+ M# S' n% Y $data [ 'dhid' ] = $dhid ;0 q9 e i) T8 o' ~6 a! J7 k1 p% N
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;, s3 W8 c' v: l+ {) w
$data [ 'lang' ] = 'cn' ;
- {' w" a8 _/ ] $data [ 'mac' ] = '60f81dad28de' ;
3 l) W2 w+ c* I2 i% F& J/ B8 b $data [ 'method' ] = 'getDeepSecChkSwitch' ;
$ S+ u9 }6 b3 Y% m. m2 q $data [ 'pid' ] = 'qryapwd:commonswitch' ;/ j8 j/ Y# s1 ^! _( t/ H- e) A/ q$ C
$data [ 'ssid' ] = $ssid ;
$ V0 x* @8 k: [ $data [ 'st' ] = 'm' ;8 { C1 i1 T! {2 M
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
: b" g! \, B7 a1 V1 D/ F+ J/ M $data [ 'v' ] = '324' ;
( A9 Z0 x1 I: _6 X $data [ 'sign' ] = sign( $data , $salt );
- m$ x. ?, l9 P& Q' e6 t) Q& ?}" x- q0 o+ V" b7 G: v8 j
function sign( $array , $salt ){" Y2 G+ u3 E7 P0 W8 s0 D0 Y# n
// 签名算法
% b" i; E& Q3 U! Q" [ Y p+ f2 x $request_str = '' ;
; t: X9 |& b' l$ ]; o // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort9 R" ^. i, T1 z: r
ksort( $array );% s. L) C7 o; r
foreach ( $array as $key => $value ) {9 `& h0 \" t# B8 t
$request_str .= $value ;: ^! Q" {9 G% ? n: A+ \0 s# W( N `
}) e2 X b P" @8 z' C3 C/ A1 c. f6 l
$sign = md5( $request_str . $salt );. ^4 @2 u R$ {1 r4 b6 `3 d: l0 F( P( B
return strtoupper ( $sign );
1 s) f* D5 F: h" Q1 g R}6 m, y w$ a( c7 \% {- U1 R
function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){: k6 H, ^6 Y7 c% `! u7 j
//Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
" r% B( H* i# R& _" g# @ //[length][password][timestamp]
: A4 b! N, w0 x $decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
+ b$ F. Q# ~" k: o9 i% h return substr (trim( $decrypted_string ),3,-13);7 W- J# U) ], B( k0 |: V- b
} ?>可惜每天限制了查询次数!
/ p& N, W& H$ b- K6 y! E截图:
; c( k6 L6 ^% `" J) T0 C/ e3 n0 U: z, ]+ x
我的博客:www.bluexiang.com
; ]6 f+ v7 _, F+ _: y
' f$ j9 q u9 K5 r0 V& V |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
x
评分
-
2
查看全部评分
-
|