API tools faq
paste
enderphan

TronLinkWalletPOC

enderphan
Apr 30th, 2019
4,120
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.66 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: TronLink Wallet-TRON blockchain wallet 2.2.0 - Sensitive Information Exposure Through Log
  2. # Date: 2019-04-25
  3. # Software Link: https://play.google.com/store/apps/details?id=com.tronlink.wallet&hl=en_US
  4. # Version: 2.2.0 Android App
  5. # Vendor: TRON Community Developer
  6. # Exploit Author: Loc Phan Van
  7. # CVE: N/A
  8. # Category: Mobile Apps
  9. # Tested on: Android 8.1
  10.  
  11. # Description
  12. The user password via the registration form of TronLink Wallet 2.2.0 is stored in log when class CreateWalletTwoActivity is called, other authenticated users can read in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
  13.  
  14. # PoC
  15.  
  16. 04-25 09:09:20.301 10832 10832 D ViewRootImpl@34d8a26[CreateWalletTwoActivity]: MSG_RESIZED: frame=Rect(0, 0 - 720, 1480) ci=Rect(0, 42 - 0, 84) vi=Rect(0, 42 - 0, 626) or=1
  17. 04-25 09:09:20.333 461 461 I SurfaceFlinger: Device | 0xa9107c00 | 0002 | RGBA_8888 | 0.0 0.0 720.0 1480.0 | 0 0 720 1480 | com.tronlink.wallet/com.tron.wallet.[...]let.CreateWalletTwoActivity[10832]#0
  18. 04-25 09:09:20.901 10832 10832 D ViewRootImpl@34d8a26[CreateWalletTwoActivity]: ViewPostIme key 0
  19. 04-25 09:09:20.902 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  20. 04-25 09:09:20.990 10832 10832 D ViewRootImpl@34d8a26[CreateWalletTwoActivity]: ViewPostIme key 1
  21. 04-25 09:09:21.310 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:1] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  22. 04-25 09:09:21.311 10832 10832 E lll : onTextChanged: P
  23. 04-25 09:09:21.653 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  24. 04-25 09:09:21.654 10832 10832 E lll : onTextChanged: P4
  25. 04-25 09:09:22.330 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  26. 04-25 09:09:22.331 10832 10832 E lll : onTextChanged: P4s
  27. 04-25 09:09:22.480 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  28. 04-25 09:09:22.481 10832 10832 E lll : onTextChanged: P4ss
  29. 04-25 09:09:22.705 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  30. 04-25 09:09:22.707 10832 10832 E lll : onTextChanged: P4ssw
  31. 04-25 09:09:22.840 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  32. 04-25 09:09:22.841 10832 10832 E lll : onTextChanged: P4ssw0
  33. 04-25 09:09:23.022 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  34. 04-25 09:09:23.023 10832 10832 E lll : onTextChanged: P4ssw0r
  35. 04-25 09:09:23.240 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  36. 04-25 09:09:23.241 10832 10832 E lll : onTextChanged: P4ssw0rd
  37. 04-25 09:09:25.362 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  38. 04-25 09:09:25.364 10832 10832 E lll : onTextChanged: P4ssw0rd1
  39. 04-25 09:09:25.671 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  40. 04-25 09:09:25.673 10832 10832 E lll : onTextChanged: P4ssw0rd12
  41. 04-25 09:09:25.907 4943 4943 I SKBD : [IIManager] IIfo SI [il:0x656e4742] [p:0] [c:0] [t:0] [im:0/0/0/0/0/0] [sC:0] [aC:1] [sS:0] [aS:1] [aP:0] [pW:1] [eM:0] [uR:0] [acI:0] [iT:81] [iO:6] [pID:10832] [pO:null]
  42. 04-25 09:09:25.909 10832 10832 E lll : onTextChanged: P4ssw0rd123
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!