上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">) E2 a' P+ X2 d9 \) ?
<p>ssid: <input type="text" name="ssid" /></p>1 S: k8 K) v: R! Q
<p>bssid: <input type="text" name="bssid" /></p>
. h, S" O- @) P; c <input type="submit" value="提交" />- m# O/ J% w6 A3 ~0 U4 `
</form>
6 e5 v( i3 U3 M/ u7 x% ?: K
4 H; M5 N( _; W) _: Q Q<?php7 p- f- q$ d* t
$bssid = $_POST["bssid"] ;% h6 |, a, w0 A* f/ l
$ssid = $_POST["ssid"] ;
. U8 R2 u# e# D( uif (isset( $bssid ) && isset( $ssid )){
2 s; D/ ~0 n ~3 |4 h//update salt
! f A9 [4 u1 l6 m9 Y, _* f. _ $ret = request( $bssid , $ssid , md5(rand(1, 10000)));5 ]) z* c& g9 [" i' D
$ret = json_decode( $ret );- V) I2 A% h) ~/ D9 [0 I( C
$ret = request( $bssid , $ssid , $ret ->retSn);
7 B" F8 E2 G3 ^/ N9 n $ret = json_decode( $ret );
- K9 {3 {' C. X8 `6 H9 Q$ K5 P if ( $ret ->retCd == 0){0 N) W( y+ W3 R; ~5 Z# ?: `- p
if ( $ret ->qryapwd->retCd == 0){3 ~2 P O0 {; u. X6 O
$list = $ret ->qryapwd->psws;$ t q6 w9 k. X, y2 K$ {/ `6 Q
foreach ( $list as $wifi ){
0 @: s' O' d8 Y$ u echo 'SSID: ' . $wifi ->ssid. "<br>" ;
/ a- _) u$ L2 S9 L/ v: ^! P0 _ echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;
! A+ R J$ A5 a, [9 A; ~# h2 u echo 'BSSID: ' . $wifi ->bssid. "<br>" ;* H4 |$ x" u5 ~: w. `; W5 B2 T
if ( $wifi ->xUser){
2 @7 M: R. E: m echo 'xUser: ' . $wifi ->xUser. "<br>" ;
/ H! l3 ~3 F% l- P( d echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;
+ L/ W! ?8 n) i: n( _- C% N }+ a" M3 \6 `/ x( Y: b& s
}) \4 G/ u) _* a: A
}4 B( P" j, t* p9 |, R
else {8 K; }, ]7 n% ?( D4 E
echo $ret ->qryapwd->retMsg;
$ B* Q; @; i4 S- v- d2 T }
7 @; H+ S) y- R6 b D1 a }
" j: g" \, |8 I}
8 f: W9 A3 H7 Q; N4 X0 y9 Afunction request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){' d3 a2 f- \6 n! B1 P
$data = array ();, ^9 J# I W2 X. p
$data [ 'appid' ] = '0008' ;3 m+ u4 M, {5 T5 ^2 p! J- x: j
$data [ 'bssid' ] = $bssid ;+ Z9 [* V8 X; k
$data [ 'chanid' ] = 'gw' ;& n1 v# I# `8 q |, ?
$data [ 'dhid' ] = $dhid ;
3 S: e# N# R) Q) v0 y* B $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
5 {- r: ]9 L3 L $data [ 'lang' ] = 'cn' ;
! D5 Y2 z9 z# H $data [ 'mac' ] = '60f81dad28dh' ;
7 G' l0 i5 H* s2 V1 o $data [ 'method' ] = 'getDeepSecChkSwitch' ;$ s6 ~9 F7 E) S, K
$data [ 'pid' ] = 'qryapwd:commonswitch' ;
8 d& u" p K6 n6 ?7 r2 u: W $data [ 'ssid' ] = $ssid ;; Y$ q$ O, P7 u% j
$data [ 'st' ] = 'm' ;7 I0 a6 t% R/ G9 z; P( s# g
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;4 \- ^+ o. B! L1 J
$data [ 'v' ] = '324' ;
4 \: _( S3 m0 Q. Y! }. J5 O. E $data [ 'sign' ] = sign( $data , $salt );
8 O# j% e, L$ R" u* U1 k1 p $curl = curl_init();. B z- J J3 z5 J
curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );2 r$ {1 a; ^' G! t9 h3 p0 h
curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
6 k( H4 K. Y, _ W) X. p7 K curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
: a% `8 [3 I c, y; G ^" y, c curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);( x+ ]7 S$ o# k7 @
curl_setopt( $curl , CURLOPT_POST, true); // enable posting4 x* j1 W( K0 x% E" k
curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images0 B: G" b8 X$ C k( w
curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload0 i' W. C" A, |4 \' |
$r = curl_exec( $curl );
! c8 m" w/ m9 t& p curl_close( $curl );+ b4 a8 w+ \# _3 X
return $r ;
6 @5 O$ |/ }; j. W! i) u}
9 q5 m" I) ~5 H1 X$ f. Z1 rfunction registerNewDevice(){7 a" E5 n Y: a+ H1 E0 Q! O8 \. ]
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;- ]4 v, ^: U) ~
$data = array ();! ?& Y. `4 e. k- b: b& \+ U. e e
$data [ 'appid' ] = '0008' ; A* F' D6 j$ i$ @$ p+ `/ [+ v
$data [ 'bssid' ] = $bssid ;
$ v3 n3 {' J9 x3 b $data [ 'chanid' ] = 'gw' ;
8 u6 G3 l, R1 H6 D0 Q5 ] $data [ 'dhid' ] = $dhid ;
1 E8 t6 `& Z$ V' Q# i# C, {. p7 \ $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;
' h+ l( v7 [2 {; W7 g $data [ 'lang' ] = 'cn' ;2 j$ ^' K4 b. q8 [% G/ z
$data [ 'mac' ] = '60f81dad28de' ;
0 k) O' d& P& `# e) N" P $data [ 'method' ] = 'getDeepSecChkSwitch' ;
1 m+ m* s% d+ `4 H $data [ 'pid' ] = 'qryapwd:commonswitch' ;
k2 }1 a( N5 q7 w4 ~1 n, R: c- v $data [ 'ssid' ] = $ssid ;
' f, @+ e* Q* X4 F u4 H $data [ 'st' ] = 'm' ;
+ I; H# q7 i H B8 j $data [ 'uhid' ] = 'a0000000000000000000000000000001' ;+ H0 m. G/ k2 e8 u; j9 l0 X
$data [ 'v' ] = '324' ;2 b% Y7 o. P& Q, n+ Z3 s- W Q6 p
$data [ 'sign' ] = sign( $data , $salt );: x. L1 Z" k. o& y) l) C2 T
}
/ g" J# P" m) _7 Y; D) Gfunction sign( $array , $salt ){" W+ g& ]2 V: C* C1 x$ D& T3 v
// 签名算法$ Y* i) N4 N+ m4 C' V
$request_str = '' ;
( K* b" G1 z& F% t C; z // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort
! S! C7 V- Y3 d. p* z4 T ksort( $array );
5 {8 {5 I* ]+ X0 T foreach ( $array as $key => $value ) {
" y: @' C2 D+ F! r' E $request_str .= $value ;
! N- S2 A# j4 G7 t6 E }3 I/ [" F& g* k
$sign = md5( $request_str . $salt );% V! ~$ P: m$ m& ?
return strtoupper ( $sign );
$ {( b8 @6 O. x8 h U- G}
8 U+ b1 @4 r2 i; M+ l X: B; Lfunction decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
5 S( U8 A# w/ {& ^) S4 \+ E% @ //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密- }# i# {4 ^9 t
//[length][password][timestamp]: C: r$ A6 S+ z
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
: ]' O- x# }( H; E return substr (trim( $decrypted_string ),3,-13);
3 u E5 |& p( z) |+ ]% m* g} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
