CVE-2023-31290 PoC — Trust Wallet Core 安全特征问题漏洞

Source

https://github.com/00000rest/py_trustwallet_wasm

Associated Vulnerability

Title:Trust Wallet Core 安全特征问题漏洞 (CVE-2023-31290)
Description:Trust Wallet Core是Trust Wallet公司的一个开源的、跨平台的、以移动为中心的库。 Trust Wallet Core 3.1.1之前版本、Trust Wallet browser extension 0.0.183之前版本存在安全漏洞，该漏洞源于mt19937 Mersenne Twister 采用单个 32 位值作为输入种子，结果只有 40 亿种可能的助记符。

Description

(CVE-2023-31290) Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023.

File Snapshot


 [4.0K]  /data/pocs/3c11c7569c012bfe3c33b7ec90b5913be9b54dc5
├── [ 16K]  LICENSE
├── [  72]  Makefile
├── [ 169]  requirements.txt
├── [4.0K]  tests
│   ├── [   0]  __init__.py
│   └── [ 249]  test_mnemonic.py
└── [4.0K]  trustwasm
    ├── [ 114]  __init__.py
    ├── [ 466]  mnemonic.cpp
    ├── [1.4K]  mnemonic.py
    └── [ 13K]  mnemonic.txt

2 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!