Research note

LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/README.md

@@ -2,4 +2,14 @@
 
 Vulnerable wallet range of Trust Wallet on iOS with CVE-2024-23660.
 
-See https://milksad.info/posts/research-update-5/ for details.
+See https://milksad.info/posts/research-update-5/ for details.
+
+## Anomaly
+
+One used wallet in the "B" range is also present in the "A" range, and therefore its addresses are in both victim lists.
+
+This is an anomaly of the PRNG behavior, which generates a very simple entropy output (consisting of just all binary zeros) at a certain PRNG index. The output happens to be identical with [a well-known BIP39 example mnemonic](https://github.com/trezor/python-mnemonic/blob/b57a5ad77a981e743f4167ab2f7927a55c1e82a8/vectors.json#L4-L7), explaining its usage. In other words, this weak wallet is not unique to this specific weak range.
+
+| PRNG seed id | Mnemonic |
+| - | - |
+|`2147483647`|`abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about`|

LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/README.md

@@ -2,4 +2,10 @@
 
 Vulnerable wallet range of Trust Wallet on iOS with CVE-2024-23660.
 
-See https://milksad.info/posts/research-update-5/ for details.
+See https://milksad.info/posts/research-update-5/ for details.
+
+## Anomaly
+
+One used wallet in the "B" range is also present in the "A" range, and therefore its addresses are in both victim lists.
+
+See the "A" range documentation for more details.