Research note

2025-01-09 15:55:58 +01:00 · 2025-01-09 15:55:58 +01:00 · 83b9f5cbdf
parent b6d3dbfc00
commit 83b9f5cbdf
2 changed files with 18 additions and 2 deletions
--- a/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/README.md
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_A_pattern/README.md
@ -2,4 +2,14 @@

 Vulnerable wallet range of Trust Wallet on iOS with CVE-2024-23660.

-See https://milksad.info/posts/research-update-5/ for details.
+See https://milksad.info/posts/research-update-5/ for details.
+
+## Anomaly
+
+One used wallet in the "B" range is also present in the "A" range, and therefore its addresses are in both victim lists.
+
+This is an anomaly of the PRNG behavior, which generates a very simple entropy output (consisting of just all binary zeros) at a certain PRNG index. The output happens to be identical with [a well-known BIP39 example mnemonic](https://github.com/trezor/python-mnemonic/blob/b57a5ad77a981e743f4167ab2f7927a55c1e82a8/vectors.json#L4-L7), explaining its usage. In other words, this weak wallet is not unique to this specific weak range.
+
+| PRNG seed id | Mnemonic |
+| - | - |
+|`2147483647`|`abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about`|
--- a/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/README.md
+++ b/LCG16807_MINSTD_RAND0__trezor_crypto_B_pattern/README.md
@ -2,4 +2,10 @@

 Vulnerable wallet range of Trust Wallet on iOS with CVE-2024-23660.

-See https://milksad.info/posts/research-update-5/ for details.
+See https://milksad.info/posts/research-update-5/ for details.
+
+## Anomaly
+
+One used wallet in the "B" range is also present in the "A" range, and therefore its addresses are in both victim lists.
+
+See the "A" range documentation for more details.