Q2h1Cg · June 13, 2015 13:54 · koke2c95 · Aug 20, 2018
diff --git a/wifikey b/wifikey
 #!/usr/bin/env python3
 # -*- coding:utf-8 -*-

 import codecs
 import hashlib
 import random
 import sys

 import requests
 from Crypto.Cipher import AES


 API_URL = "http://wifiapi02.51y5.net/wifiapi/fa.cmd"
 SALT = "LQ9$ne@gH*Jq%KOL"
 AES_KEY = "jh16@`~78vLsvpos"
 AES_IV  = "j#bd0@vp0sj!3jnv"
 DHID = ("4028b29d4b72236a014b780339777ef7", "40289ec14942672d014954ad909a1147")


 def get_sign(data):
    """
    获取 sign
    :param data: POST 数据
    :type data: dict

    :return: sign
    :rtype: str
    """
    data["sign"] = sign = ""
    
    for k, v in sorted(data.items()):
        sign += v

    sign += SALT

    return hashlib.md5(sign.encode()).hexdigest().upper()


 def get_aes(sign, data):
    """
    发送 HTTP 请求，获取 AES 密文
    :param sign: sign 
    :type sign: str 
    :param data: POST 数据
    :type data: dict 

    :return: AES 密文 列表
    :rtype: list
    """
    global SALT

    data["sign"] = sign

    try:
        resp = requests.post(API_URL, data)
        resp.close()
        resp.encoding = resp.apparent_encoding
        j = resp.json()
        SALT = j["retSn"]

        if j["retCd"] == "-1111":
         # 重新请求
            return get_aes(get_sign(data), data)
        elif j["retCd"] == "0":
            return j.get("qryapwd", {}).get("psws", {})

    except Exception as err:
        print("发送 HTTP 请求时出现错误:", err)
        sys.exit()


 def decrypt(data):
    """
    解密 AES 密文
    :param data: AES 密文
    :type data: str

    :return: 明文密码
    :rtype: str
    """
    cipher = AES.new(AES_KEY.encode(), AES.MODE_CBC, AES_IV.encode())
    decrypt_data = cipher.decrypt(codecs.decode(data.encode(), "hex"))
    length = int(decrypt_data[:3])
    password = decrypt_data[3:][:length]

    return password.decode()


 def get(ssid, mac):
    """
    获取 WIFI 密码
    :param ssid: SSID
    "type ssid: str 
    :param mac: mac 
    "type mac: str 

    :return: WIFI 密码列表
    :rtype: list
    """
    pwds = []
    data = {
        "chanid": "guanwang", 
        "st": "m", 
        "appid": "0001", 
        "pid": "qryapwd:commonswitch", 
        "lang": "cn", 
        "v": "633", 
        "dhid": "4028b29d4b72236a014b780339777ef7", 
        "method": "getDeepSecChkSwitch", 
        "och": "wandoujia", 
        "ii": "", 
        "uhid": "a0000000000000000000000000000001", 
        "mac": "d8:86:e6:6f:a8:7c",
        "dhid": random.choice(DHID),
        "mac": "d8:86:e6:6f:a8:7c"
    }

    sign = get_sign(data)
    data["sign"], data["ssid"], data["bssid"] =sign, ssid, mac
    psws = get_aes(sign, data)

    for k, v in psws.items():
        pwds.append({"ssid": v["ssid"], "mac": v["bssid"], "password": decrypt(v["pwd"])})

    return pwds


 def main():
    pwds = get(sys.argv[1], sys.argv[2])

    if len(pwds):
        for p in pwds:
            print("SSID:", p["ssid"])
            print("MAC:", p["mac"])
            print("PWD:", p["password"])
            print()
    else:
        print("Not Found.")


 if __name__ == '__main__':
    if len(sys.argv) == 3:
        main()
    else:
        print("USAGE: ./wifikey <ssid> <mac>")
	#!/usr/bin/env python3
	# -- coding:utf-8 --

	import codecs
	import hashlib
	import random
	import sys

	import requests
	from Crypto.Cipher import AES


	API_URL = "http://wifiapi02.51y5.net/wifiapi/fa.cmd"
	SALT = "LQ9$ne@gH*Jq%KOL"
	AES_KEY = "jh16@`~78vLsvpos"
	AES_IV = "j#bd0@vp0sj!3jnv"
	DHID = ("4028b29d4b72236a014b780339777ef7", "40289ec14942672d014954ad909a1147")


	def get_sign(data):
	"""
	获取 sign
	:param data: POST 数据
	:type data: dict

	:return: sign
	:rtype: str
	"""
	data["sign"] = sign = ""

	for k, v in sorted(data.items()):
	sign += v

	sign += SALT

	return hashlib.md5(sign.encode()).hexdigest().upper()


	def get_aes(sign, data):
	"""
	发送 HTTP 请求，获取 AES 密文
	:param sign: sign
	:type sign: str
	:param data: POST 数据
	:type data: dict

	:return: AES 密文列表
	:rtype: list
	"""
	global SALT

	data["sign"] = sign

	try:
	resp = requests.post(API_URL, data)
	resp.close()
	resp.encoding = resp.apparent_encoding
	j = resp.json()
	SALT = j["retSn"]

	if j["retCd"] == "-1111":
	# 重新请求
	return get_aes(get_sign(data), data)
	elif j["retCd"] == "0":
	return j.get("qryapwd", {}).get("psws", {})

	except Exception as err:
	print("发送 HTTP 请求时出现错误:", err)
	sys.exit()


	def decrypt(data):
	"""
	解密 AES 密文
	:param data: AES 密文
	:type data: str

	:return: 明文密码
	:rtype: str
	"""
	cipher = AES.new(AES_KEY.encode(), AES.MODE_CBC, AES_IV.encode())
	decrypt_data = cipher.decrypt(codecs.decode(data.encode(), "hex"))
	length = int(decrypt_data[:3])
	password = decrypt_data[3:][:length]

	return password.decode()


	def get(ssid, mac):
	"""
	获取 WIFI 密码
	:param ssid: SSID
	"type ssid: str
	:param mac: mac
	"type mac: str

	:return: WIFI 密码列表
	:rtype: list
	"""
	pwds = []
	data = {
	"chanid": "guanwang",
	"st": "m",
	"appid": "0001",
	"pid": "qryapwd:commonswitch",
	"lang": "cn",
	"v": "633",
	"dhid": "4028b29d4b72236a014b780339777ef7",
	"method": "getDeepSecChkSwitch",
	"och": "wandoujia",
	"ii": "",
	"uhid": "a0000000000000000000000000000001",
	"mac": "d8:86:e6:6f:a8:7c",
	"dhid": random.choice(DHID),
	"mac": "d8:86:e6:6f:a8:7c"
	}

	sign = get_sign(data)
	data["sign"], data["ssid"], data["bssid"] =sign, ssid, mac
	psws = get_aes(sign, data)

	for k, v in psws.items():
	pwds.append({"ssid": v["ssid"], "mac": v["bssid"], "password": decrypt(v["pwd"])})

	return pwds


	def main():
	pwds = get(sys.argv[1], sys.argv[2])

	if len(pwds):
	for p in pwds:
	print("SSID:", p["ssid"])
	print("MAC:", p["mac"])
	print("PWD:", p["password"])
	print()
	else:
	print("Not Found.")


	if __name__ == '__main__':
	if len(sys.argv) == 3:
	main()
	else:
	print("USAGE: ./wifikey <ssid> <mac>")