The Demonic Vulnerability (CVE-2022-32969) refers to a problem where a plugin wallet stores mnemonic phrases in plaintext on disk under certain conditions. For details, refer to MetaMask's official notice: "Security Notice: Extension Disk Encryption Issue" or SlowMist's analysis article: "MetaMask Browser Extension Wallet Demonic Vulnerability Analysis".
After creating a mnemonic with the plugin wallet, close the page.
Download the Python script, install the required dependencies, and run the script to check if plaintext mnemonics are cached in the specified disk path. If plaintext mnemonics are found, the script will emit a notification sound 🔔 and display the plaintext mnemonics.
If the extension wallet allows mnemonic input in plaintext on the Tabs page, it may be affected by the Demonic Vulnerability. Refer to MetaMask version >= 10.11.3, which defines separate input fields for each mnemonic and sets their type to password.
Reffer : MetaMask 浏览器扩展钱包 demonic 漏洞分析
Download Script : Download extract_mnemonic.py
Download Victim Extensions Wallet : Download FoxWallet Extensions
# Install the third-party library dependencies:
pip install termcolor mnemonic# Usage:
python3 extract_mnemonic.py '/Users/$(whoami)/Library/Application Support/Google/Chrome/Default/Sessions/'