Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: TronLink Wallet-TRON blockchain wallet - Credential Disclosure
- # Date: 2019-04-25
- # Software Link: https://play.google.com/store/apps/details?id=com.tronlink.wallet&hl=en
- # Version: 2.2.0 Android App
- # Vendor: Medha Apps
- # Exploit Author: Loc Phan Van
- # CVE: N/A
- # Category: Mobile Apps
- # Tested on: Android 8.1
- # Description
- # TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml. An attacker can read and reuse other users keystore to gain the access.
- # PoC
- <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
- <map>
- <long name="create_time_key" value="0" />
- <int name="mnemonic_length>" value="0" />
- <string name="wallet_address_key">TYsgBWPut4gbB8X4NQJ9TPJ8xxxxxxx</string>
- <long name="bandwidth_key" value="0" />
- <string name="wallet_name_key">enderphan</string>
- <boolean name="is_cold_wallet_key" value="false" />
- <string name="name_key"></string>
- <string name="assets_v2_key">{}</string>
- <long name="energy_used_key" value="0" />
- <long name="net_free_limit_key" value="0" />
- <long name="balance_key" value="0" />
- <long name="wallet_createtime_key" value="1556158195185" />
- <long name="freeze_bandwidth_key" value="0" />
- <long name="energy_limit_key" value="0" />
- <long name="total_energy_limit_key" value="0" />
- <long name="latest_operation_time_key" value="0" />
- <long name="freeze_energy_key" value="0" />
- <string name="assets_key">{}</string>
- <long name="total_energy_weight_key" value="0" />
- <string name="wallet_keystore_key">{"address":"41fb3f160ac35e8d278861539ff2af97e843fb4a46","crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"780e8262613ba44e175cbbfd66b78c15"},"ciphertext":"xxxxxxxxxx42e6f2e4ec353bd4193c2fe321b54e0bfc2dbc318284xxxxxxxxxx","kdf":"scrypt","kdfparams":{"dklen":32,"n":65536,"p":1,"r":8,"salt":"38f685c5a79409cf6d0e000e2a0f4329e2599c94101ed701bfcc3cd6f5c61b50"},"mac":"xxxxxxxxxxx12e4a15f43089ef15f38854f1ea12f2ed3871c41eb13xxxxxxxxxx"},"id":"ea0701e7-c3b8-4f88-8a73-aa26f58e0736","version":3}</string>
- <int name="wallet_color_key" value="-1" />
- <string name="pwd_key">c27f25d1ad5bb75282996axxxxxxxxxx</string>
- <long name="net_free_used_key" value="0" />
- <int name="wallet_createtype_key" value="0" />
- <long name="energytime_key" value="0" />
- <long name="net_used_key" value="0" />
- <long name="total_net_limit_key" value="0" />
- <string name="frozen_key">{}</string>
- <string name="wallet_icon_key">six</string>
- <string name="pub_key">xxxxxxxxxx8a56794f793cef4789d1d4b26a971eb3c82b4980ced3625535afdf80a3a7e295e19cbc82b4d77937ebb2fe324ee1faa09012518c04dc4ff4a9c03718</string>
- <string name="votes_key">{}</string>
- <long name="total_net_weight_key" value="0" />
- <boolean name="set_hasaccount_key" value="true" />
- <boolean name="is_watch_only_setup_key" value="false" />
- <string name="address_key">3QJmnh</string>
- <long name="delegated_frozen_balance_for_bandwidth_key" value="0" />
- <long name="delegated_frozen_balance_for_energy_key" value="0" />
- <boolean name="backup_key" value="false" />
- <long name="net_limit_key" value="0" />
- <string name="wallet_newmnemonic_key">{"address":"41fb3f160ac35e8d278861539ff2af97e843fb4a46","crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"2a2b7ad79a9b09930538886acebd519a"},"ciphertext":"xxxxxxxxxxx4e910adc371b0b9d6328d886563841edc80540df090a0940fbe7a0ff1e428c098xxxxxxxxxxx7f6a5afc637577f424b53927ae749179528c046c12baedcaed4d681211f12bc31","kdf":"scrypt","kdfparams":{"dklen":76,"n":65536,"p":1,"r":8,"salt":"224f092265a4843e16a1571781800d89d094f917f2e2a6bbcf62766223e7c4875072e7b7eef1640d1ba439e9b278d7fa41e037506f372a500bc9f326d604c2a0635ed961f9146exxxxxxxxxx"},"mac":"8a47c6b78c46bd57d889731a9047bd7cdbe33ef24c9f1b67273e5122f5b0b559"},"id":"d02c080a-032f-4a15-90b3-e9384bd4f2a0","version":3}</string>
- <long name="energy_key" value="0" />
- </map>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement