# Exploit Title: TronLink Wallet-TRON blockchain wallet - Credential Disclosure # Date: 2019-04-25 # Software Link: https://play.google.com/store/apps/details?id=com.tronlink.wallet&hl=en # Version: 2.2.0 Android App # Vendor: Medha Apps # Exploit Author: Loc Phan Van # CVE: N/A # Category: Mobile Apps # Tested on: Android 8.1 # Description # TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage /data/data/com.tronlink.wallet/shared_prefs/.xml. An attacker can read and reuse other users keystore to gain the access. # PoC TYsgBWPut4gbB8X4NQJ9TPJ8xxxxxxx enderphan {} {} {"address":"41fb3f160ac35e8d278861539ff2af97e843fb4a46","crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"780e8262613ba44e175cbbfd66b78c15"},"ciphertext":"xxxxxxxxxx42e6f2e4ec353bd4193c2fe321b54e0bfc2dbc318284xxxxxxxxxx","kdf":"scrypt","kdfparams":{"dklen":32,"n":65536,"p":1,"r":8,"salt":"38f685c5a79409cf6d0e000e2a0f4329e2599c94101ed701bfcc3cd6f5c61b50"},"mac":"xxxxxxxxxxx12e4a15f43089ef15f38854f1ea12f2ed3871c41eb13xxxxxxxxxx"},"id":"ea0701e7-c3b8-4f88-8a73-aa26f58e0736","version":3} c27f25d1ad5bb75282996axxxxxxxxxx {} six xxxxxxxxxx8a56794f793cef4789d1d4b26a971eb3c82b4980ced3625535afdf80a3a7e295e19cbc82b4d77937ebb2fe324ee1faa09012518c04dc4ff4a9c03718 {} 3QJmnh {"address":"41fb3f160ac35e8d278861539ff2af97e843fb4a46","crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"2a2b7ad79a9b09930538886acebd519a"},"ciphertext":"xxxxxxxxxxx4e910adc371b0b9d6328d886563841edc80540df090a0940fbe7a0ff1e428c098xxxxxxxxxxx7f6a5afc637577f424b53927ae749179528c046c12baedcaed4d681211f12bc31","kdf":"scrypt","kdfparams":{"dklen":76,"n":65536,"p":1,"r":8,"salt":"224f092265a4843e16a1571781800d89d094f917f2e2a6bbcf62766223e7c4875072e7b7eef1640d1ba439e9b278d7fa41e037506f372a500bc9f326d604c2a0635ed961f9146exxxxxxxxxx"},"mac":"8a47c6b78c46bd57d889731a9047bd7cdbe33ef24c9f1b67273e5122f5b0b559"},"id":"d02c080a-032f-4a15-90b3-e9384bd4f2a0","version":3}