PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] .bash_history
• [DIR] .cache
• [DIR] .gnupg
• [FILE] .htaccess
• [FILE] .lesshst
• [DIR] Old folder
• [DIR] adminer
• [DIR] assets
• [DIR] auth
• [DIR] backyard
• [FILE] bitgo_enterprise_status.php
• [FILE] bitgo_generate_address.php
• [DIR] chat
• [FILE] check_tron_wallet_keys.php
• [DIR] config
• [FILE] create_primary.php
• [FILE] create_primary_wallet.php
• [FILE] create_primary_wallet_eth_usdt_erc20.php
• [DIR] cron
• [FILE] generate_sol_address.php
• [DIR] health
• [DIR] includes
• [FILE] index.php
• [DIR] keycards
• [DIR] lib
• [DIR] middleware
• [DIR] models
• [FILE] save_keycard_and_print.php
• [DIR] security
• [FILE] test_bitgo_ping.php
• [FILE] tester.php
• [DIR] tools
• [FILE] upload_debug.log
• [DIR] uploads
• [DIR] user
• [DIR] vendor
• [DIR] webhooks

Просмотр файла: check_tron_wallet_keys.php

<?php
// check_tron_wallet_keys.php

require __DIR__ . '/vendor/autoload.php';
require __DIR__ . '/config/db_config.php';

use Elliptic\EC;
use kornrunner\Keccak;

if (!isset($conn) || !($conn instanceof mysqli)) {
    die("DB connection \$conn not available.\n");
}

/**
 * Base58 encoding with Bitcoin alphabet (TRON uses same).
 */
function base58encode(string $data): string
{
    $alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';

    $num = gmp_init(0, 10);
    $len = strlen($data);

    for ($i = 0; $i < $len; $i++) {
        $num = gmp_add(
            gmp_mul($num, 256),
            ord($data[$i])
        );
    }

    $encoded = '';
    while (gmp_cmp($num, 0) > 0) {
        [$num, $rem] = [
            gmp_div_q($num, 58),
            gmp_intval(gmp_mod($num, 58))
        ];
        $encoded = $alphabet[$rem] . $encoded;
    }

    // Preserve leading zeros as '1'
    $i = 0;
    while ($i < $len && $data[$i] === "\x00") {
        $encoded = '1' . $encoded;
        $i++;
    }

    return $encoded;
}

/**
 * EXACT same derivation as CreateTronWallet::tronAddressFromPrivateKey
 */
function tronAddressFromPrivateKey(string $privateKeyHex): string
{
    $ec  = new EC('secp256k1');
    $key = $ec->keyFromPrivate($privateKeyHex, 'hex');

    // 1) Uncompressed public key: 0x04 + X(32) + Y(32)
    $pubHex = $key->getPublic(false, 'hex'); // "04...."
    $pubHex = substr($pubHex, 2);           // drop "04"

    // 2) Keccak-256 on binary public key
    $hashHex = Keccak::hash(hex2bin($pubHex), 256);

    // 3) Last 20 bytes
    $ethPart = substr($hashHex, -40);

    // 4) Tron prefix 0x41
    $tronHex = '41' . $ethPart;
    $addrBin = hex2bin($tronHex);

    // 5) Base58Check
    $checksum = substr(
        hash('sha256', hash('sha256', $addrBin, true), true),
        0,
        4
    );
    $payload = $addrBin . $checksum;

    return base58encode($payload);
}

$sql = "SELECT key_id, user_id, wallet_add, private_key
        FROM wallet_keys
        ORDER BY key_id ASC";

$res = $conn->query($sql);
if (!$res) {
    die("DB error: " . $conn->error . "\n");
}

echo "Checking TRON wallet_keys...\n\n";

while ($row = $res->fetch_assoc()) {
    $keyId      = (int)$row['key_id'];
    $userId     = (int)$row['user_id'];
    $dbAddress  = trim($row['wallet_add'] ?? '');
    $privateKey = trim($row['private_key'] ?? '');

    if ($dbAddress === '' || $privateKey === '') {
        echo "[key_id={$keyId}] user={$userId}  wallet_add='{$dbAddress}'  => SKIP (missing data)\n\n";
        continue;
    }

    try {
        $derived = tronAddressFromPrivateKey($privateKey);
    } catch (\Throwable $e) {
        echo "[key_id={$keyId}] user={$userId}  wallet_add='{$dbAddress}'  => ERROR deriving address: " . $e->getMessage() . "\n\n";
        continue;
    }

    $status = ($derived === $dbAddress) ? 'MATCH' : 'MISMATCH';

    echo "[key_id={$keyId}] user={$userId}\n";
    echo "  DB wallet_add : {$dbAddress}\n";
    echo "  Derived addr   : {$derived}\n";
    echo "  RESULT         : {$status}\n\n";
}

$res->free();
echo "Done.\n";

Выполнить команду