论坛 › 无线安全深入攻防 › phpWiFi万能钥匙查询接口（亲测可用）！

虐死周丽焕 发表于 2016-8-21 13:51

phpWiFi万能钥匙查询接口（亲测可用）！

代码：
<form action="" method="post">
<p>ssid: <input type="text" name="ssid" /></p>
<p>bssid: <input type="text" name="bssid" /></p>
<input type="submit" value="提交" />
</form>

<?php
$bssid = $_POST["bssid"] ;
$ssid = $_POST["ssid"] ;
if (isset( $bssid ) && isset( $ssid )){
//update salt
   $ret = request( $bssid , $ssid , md5(rand(1, 10000)));
   $ret = json_decode( $ret );
   $ret = request( $bssid , $ssid , $ret ->retSn);
   $ret = json_decode( $ret );
   if ( $ret ->retCd == 0){
   if ( $ret ->qryapwd->retCd == 0){
       $list = $ret ->qryapwd->psws;
       foreach ( $list as $wifi ){
         echo 'SSID: ' . $wifi ->ssid. "<br>" ;
         echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;
         echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
         if ( $wifi ->xUser){
         echo 'xUser: ' . $wifi ->xUser. "<br>" ;
         echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;
         }
       }
   }
   else {
       echo $ret ->qryapwd->retMsg;
   }
   }
}
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
   $data = array ();
   $data [ 'appid' ] = '0008' ;
   $data [ 'bssid' ] = $bssid ;
   $data [ 'chanid' ] = 'gw' ;
   $data [ 'dhid' ] = $dhid ;
   $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
   $data [ 'lang' ] = 'cn' ;
   $data [ 'mac' ] = '60f81dad28dh' ;
   $data [ 'method' ] = 'getDeepSecChkSwitch' ;
   $data [ 'pid' ] = 'qryapwd:commonswitch' ;
   $data [ 'ssid' ] = $ssid ;
   $data [ 'st' ] = 'm' ;
   $data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
   $data [ 'v' ] = '324' ;
   $data [ 'sign' ] = sign( $data , $salt );
   $curl = curl_init();
   curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
   curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
   curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
   curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
   curl_setopt( $curl , CURLOPT_POST, true); // enable posting
   curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
   curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
   $r = curl_exec( $curl );
   curl_close( $curl );
   return $r ;
}
function registerNewDevice(){
   $salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
   $data = array ();
   $data [ 'appid' ] = '0008' ;
   $data [ 'bssid' ] = $bssid ;
   $data [ 'chanid' ] = 'gw' ;
   $data [ 'dhid' ] = $dhid ;
   $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;
   $data [ 'lang' ] = 'cn' ;
   $data [ 'mac' ] = '60f81dad28de' ;
   $data [ 'method' ] = 'getDeepSecChkSwitch' ;
   $data [ 'pid' ] = 'qryapwd:commonswitch' ;
   $data [ 'ssid' ] = $ssid ;
   $data [ 'st' ] = 'm' ;
   $data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
   $data [ 'v' ] = '324' ;
   $data [ 'sign' ] = sign( $data , $salt );
}
function sign( $array , $salt ){
   // 签名算法
   $request_str = '' ;
   // 对应apk中的 Arrays.sort 数组排序，测试PHP需用 ksort
   ksort( $array );
   foreach ( $array as $key => $value ) {
   $request_str .= $value ;
   }
   $sign = md5( $request_str . $salt );
   return strtoupper ( $sign );
}
function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
   //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
   //
   $decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
   return substr (trim( $decrypted_string ),3,-13);
} ?>可惜每天限制了查询次数！
截图：

我的博客：www.bluexiang.com

德国之声 发表于 2016-8-24 15:12

<form action="" method="post">
<p>ssid: <input type="text" name="ssid" /></p>
<p>bssid: <input type="text" name="bssid" /></p>
<input type="submit" value="提交" />
</form>

<?php
$bssid = $_POST["bssid"] ;
$ssid = $_POST["ssid"] ;
if (isset( $bssid ) && isset( $ssid )){
//update salt
   $ret = request( $bssid , $ssid , md5(rand(1, 10000)));
   $ret = json_decode( $ret );
   $ret = request( $bssid , $ssid , $ret ->retSn);
   $ret = json_decode( $ret );
   if ( $ret ->retCd == 0){
   if ( $ret ->qryapwd->retCd == 0){
       $list = $ret ->qryapwd->psws;
       foreach ( $list as $wifi ){
         echo 'SSID: ' . $wifi ->ssid. "<br>" ;
         echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;
         echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
         if ( $wifi ->xUser){
         echo 'xUser: ' . $wifi ->xUser. "<br>" ;
         echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;
         }
       }
   }
   else {
       echo $ret ->qryapwd->retMsg;
   }
   }
}
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
   $data = array ();
   $data [ 'appid' ] = '0008' ;
   $data [ 'bssid' ] = $bssid ;
   $data [ 'chanid' ] = 'gw' ;
   $data [ 'dhid' ] = $dhid ;
   $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
   $data [ 'lang' ] = 'cn' ;
   $data [ 'mac' ] = '60f81dad28dh' ;
   $data [ 'method' ] = 'getDeepSecChkSwitch' ;
   $data [ 'pid' ] = 'qryapwd:commonswitch' ;
   $data [ 'ssid' ] = $ssid ;
   $data [ 'st' ] = 'm' ;
   $data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
   $data [ 'v' ] = '324' ;
   $data [ 'sign' ] = sign( $data , $salt );
   $curl = curl_init();
   curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
   curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
   curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
   curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
   curl_setopt( $curl , CURLOPT_POST, true); // enable posting
   curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
   curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
   $r = curl_exec( $curl );
   curl_close( $curl );
   return $r ;
}
function registerNewDevice(){
   $salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
   $data = array ();
   $data [ 'appid' ] = '0008' ;
   $data [ 'bssid' ] = $bssid ;
   $data [ 'chanid' ] = 'gw' ;
   $data [ 'dhid' ] = $dhid ;
   $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;
   $data [ 'lang' ] = 'cn' ;
   $data [ 'mac' ] = '60f81dad28de' ;
   $data [ 'method' ] = 'getDeepSecChkSwitch' ;
   $data [ 'pid' ] = 'qryapwd:commonswitch' ;
   $data [ 'ssid' ] = $ssid ;
   $data [ 'st' ] = 'm' ;
   $data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
   $data [ 'v' ] = '324' ;
   $data [ 'sign' ] = sign( $data , $salt );
}
function sign( $array , $salt ){
   // 签名算法
   $request_str = '' ;
   // 对应apk中的 Arrays.sort 数组排序，测试PHP需用 ksort
   ksort( $array );
   foreach ( $array as $key => $value ) {
   $request_str .= $value ;
   }
   $sign = md5( $request_str . $salt );
   return strtoupper ( $sign );
}
function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
   //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
   //
   $decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
   return substr (trim( $decrypted_string ),3,-13);
} ?>

cixiclq 发表于 2016-8-21 14:41

厉害，这个太牛逼了，为大家送福利了啊

马上发财 发表于 2016-8-21 15:25

这玩意怎么用的，楼主

qinwangming 发表于 2016-8-21 15:48

怎么用的，楼主

虐死周丽焕 发表于 2016-8-21 15:55

先确定你要查询的WiFi是否共享然后再获取你要查询WiFi的名称(ssid)和mac地址(bssid)输入查询即可！

qq1450377115 发表于 2016-8-21 16:08

虐死周丽焕 发表于 2016-8-21 15:55
先确定你要查询的WiFi是否共享然后再获取你要查询WiFi的名称(ssid)和mac地址(bssid)输入查询即可！

代码怎么用?

虐死周丽焕 发表于 2016-8-21 16:29

搭建本地PHP环境就可以了嘛！你可以搜PHPstudy

自由的我 发表于 2016-8-21 16:32

如何使用

自由的我 发表于 2016-8-21 16:32

最好是搞一个视频教程出来

大唐唐龙殿下 发表于 2016-8-21 20:25

说中文好吗

phyyes 发表于 2016-8-21 20:48

最好是搞一个视频教程出来 +1

阿拉伯 发表于 2016-8-22 01:35

大家说得对应该做个视频出来跟大家分享一下

查看完整版本: phpWiFi万能钥匙查询接口（亲测可用）！