少尉
- 注册时间
- 2014-1-14
- 金币
- 289 个
- 威望
- 1 个
- 荣誉
- 0 个
累计签到:7 天
连续签到:0 天
[LV.20]漫游旅程
|
代码:, G4 [0 g" p2 N$ \6 K
<form action="" method="post">& m. q, @$ L& X+ e( _- L, a
<p>ssid: <input type="text" name="ssid" /></p>
. c/ o# z3 a- z. P7 | <p>bssid: <input type="text" name="bssid" /></p>- E# ^! F K |& r: Z* _2 y9 @
<input type="submit" value="提交" />
S Q; d& `0 \/ [* v- s) q. i</form>9 W4 F! H8 o3 S- }' X
* c' u3 o; e3 A; D& s<?php
! j1 q" M. ~( e5 R$bssid = $_POST["bssid"] ;
" ^& a# @$ P( `3 ~$ssid = $_POST["ssid"] ;
4 y" G/ g! ?3 }if (isset( $bssid ) && isset( $ssid )){
" F: S( v* B/ k6 K1 L//update salt
/ Q- ~1 i/ `. J $ret = request( $bssid , $ssid , md5(rand(1, 10000)));& w8 \( h. \6 C! ?
$ret = json_decode( $ret );
9 c; q# @8 Q0 Q $ret = request( $bssid , $ssid , $ret ->retSn); V- A, s3 w0 r! P) R& w6 h
$ret = json_decode( $ret );( E& z& V. O4 I* W9 R w
if ( $ret ->retCd == 0){3 b4 N9 U$ X9 ^
if ( $ret ->qryapwd->retCd == 0){
! {5 H7 _ U& v" v5 h6 ~. h $list = $ret ->qryapwd->psws;
0 I& d$ C$ ~- h foreach ( $list as $wifi ){# n/ L5 @# ]% S, y9 I+ g$ @
echo 'SSID: ' . $wifi ->ssid. "<br>" ;
# ~$ }: O0 ?! b0 k% S echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;
) m% W& ?2 L0 t echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
6 p: B) m- `- I T( { if ( $wifi ->xUser){) H+ }# l, i+ q5 U; A' u& p
echo 'xUser: ' . $wifi ->xUser. "<br>" ;
8 e# E2 A: s9 ]5 J, S' x$ T echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;4 ]1 I- u8 h+ i) z R. L0 Y i
}1 o# \- O. d. c2 i
}
3 ] J; |$ q$ o5 S9 m" S" P# E P }1 s1 E% g9 k8 }* ?- h T, }
else {& \4 P/ @, e( S) X$ L) _/ @2 \5 {
echo $ret ->qryapwd->retMsg;
0 {0 r, b5 n: W }
' g' @* U2 f; S1 j+ e }
$ [. q8 f: c1 L7 G}
+ u1 A" b% p' F5 |) Afunction request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){1 |, X3 c* F9 H- G/ }. U& p
$data = array ();2 Q: v! r- e/ [+ [5 Y! l% d3 ?
$data [ 'appid' ] = '0008' ;
2 E( c$ n1 `" U: a& Y( z- \5 A $data [ 'bssid' ] = $bssid ;$ F: D, P# N" r/ ~6 p% g; _+ i( k
$data [ 'chanid' ] = 'gw' ;
5 Y7 w. s4 [9 {! n: y* \ $data [ 'dhid' ] = $dhid ;
' w( T p0 h, I' I: e8 s; X $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
7 ~0 l+ V2 c, G0 ?$ g9 Q! G $data [ 'lang' ] = 'cn' ;7 h7 G/ ]# b/ j
$data [ 'mac' ] = '60f81dad28dh' ;
- g1 V4 L; Q+ J, X+ P $data [ 'method' ] = 'getDeepSecChkSwitch' ;- m" u9 ^4 f' i- t
$data [ 'pid' ] = 'qryapwd:commonswitch' ;* h8 P ~% H- v* _
$data [ 'ssid' ] = $ssid ;
0 x4 ?7 j% G" }' T4 Y) l% N! c( m $data [ 'st' ] = 'm' ;
5 a0 ` _1 x4 X) @7 m $data [ 'uhid' ] = 'a0000000000000000000000000000002' ;! p* u/ `, s& a+ ^
$data [ 'v' ] = '324' ;; H6 U( V5 G, y9 X+ D0 W1 f
$data [ 'sign' ] = sign( $data , $salt );3 m1 }! n* J" `3 f& b# y
$curl = curl_init();
. P& y3 V" c) c1 j' e ] curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );, B) R6 @$ x# T# g/ b1 ^
curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );- r+ a& a- p5 X6 g8 K8 i/ `
curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate) ]& U! @( v' [) j2 Q
curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);& F5 K$ G2 o6 }( I
curl_setopt( $curl , CURLOPT_POST, true); // enable posting
, o1 d7 t6 _) e, s' h curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
( ^+ q' |1 X& K$ B$ L" J% f6 \ curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
, {$ J& ^6 }) [" ] $r = curl_exec( $curl );; r. D# ^8 F& F9 X, S
curl_close( $curl );
# U1 W2 @8 o7 T) K7 ^: j7 j9 n return $r ;
1 y* w! W: z2 [$ y7 I+ p}1 l4 P. \6 y& `4 q
function registerNewDevice(){
1 Y9 W4 v; U1 @: f $salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
! \( d M& g2 S/ @ $data = array ();" g3 t4 ]. R: V
$data [ 'appid' ] = '0008' ;
2 R0 d, r+ z$ i/ x( { $data [ 'bssid' ] = $bssid ;: h# i. L% O) q7 y
$data [ 'chanid' ] = 'gw' ;( H) A3 b1 r3 `/ ^# g3 W$ X, j1 a
$data [ 'dhid' ] = $dhid ;
9 K: l; t6 Q' G% b $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;
, d9 N/ L e& U3 Z $data [ 'lang' ] = 'cn' ;
! e/ o4 _& C' H $data [ 'mac' ] = '60f81dad28de' ;
* K0 G, Q- P) m. d/ P5 L+ \- u# R $data [ 'method' ] = 'getDeepSecChkSwitch' ;- F& D( I; p7 }2 T% J) q
$data [ 'pid' ] = 'qryapwd:commonswitch' ;/ w, x9 Y- ?& [
$data [ 'ssid' ] = $ssid ;0 Q8 N2 M6 ~# M% q
$data [ 'st' ] = 'm' ;
' U( K3 d" K/ b9 c' Y, ]9 M/ Q $data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
8 i; n6 U; b9 ^7 `* k) T, r" p4 i3 Q0 v $data [ 'v' ] = '324' ;, t) g8 B( z2 U- W$ z1 Z
$data [ 'sign' ] = sign( $data , $salt );0 E% B6 U4 B: D
}
4 \0 b: T* C- V: jfunction sign( $array , $salt ){
- E# B, I2 b; x" e$ z // 签名算法# r. f. N- T! ^5 y0 |$ x X* J+ u
$request_str = '' ;! i0 t/ W1 @, R4 a4 Y2 _
// 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
. X6 b/ p$ |/ R0 E& B ksort( $array );, { v" z7 O. x' _2 Z9 N0 b
foreach ( $array as $key => $value ) {
* T- s2 j' ]3 o5 @" n $request_str .= $value ;% A# l+ V. j5 w T, X
}8 J$ `! o E( B7 h
$sign = md5( $request_str . $salt );+ F8 d; q' B. F6 @! A$ P
return strtoupper ( $sign );
' w1 E7 y6 s5 q2 C, x}
; o# W2 f& e3 l1 w% Dfunction decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){# I2 h5 C2 x1 D! e7 A
//Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密( S* E7 b; `5 \
//[length][password][timestamp]& S2 S5 o* l# M! M# ]8 u2 G
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
) S. @; E2 h W1 f/ k3 N return substr (trim( $decrypted_string ),3,-13);
n/ |8 r. H: S) o7 y} ?>可惜每天限制了查询次数!( {6 o- H6 \7 ^
截图:
$ b. n# }* l$ j
( [" g8 ?" J+ U3 } m, a我的博客:www.bluexiang.com+ U3 f. [8 l" _: Q, P
. x8 Y c/ |# p( r; c& ?2 _ |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
x
评分
-
2
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-21 13:51
提升卡
置顶卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡
