[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Random number prediction

Hello there folks,
take a look at this source, its called sidis.c
/*****************************************************************************************************/
/* Sidis                                                                        
                     */
/* CRT rand() function random number predictor                                  
                     */
/*                                                                              
                     */
/* works with every windows and unix random generator                           
                     */
/*                                                                              
                     */
/* this is a full service random number predictor                               
                     */
/* the function of CRT rand is the following                                    
                     */
/* int rand (void)                                                              
                     */
/* {                                                                            
                     */
/*      _ptiddata ptd = _getptd();                                              
                     */
/*        return( ((ptd->_holdrand = ptd->_holdrand * 214013L + 2531011L) >> 
16) & 0x7fff );         */
/* }                                                                            
                     */
/* As you can see the seed starts to set the variable that is returned from the 
pointer              */
/* then we have a little mathematic and we get 15 bits                          
                     */
/* ......                                                                       
                     */
/* but, from what i discovered, you can read the explaination in sci.math, i 
have made a post there, */
/* we can do this operation                                                     
                     */
/* x1 = (seed * y + z)                                                          
                     */
/* x2 = (x1 * y + z)                                                            
                     */
/* x3 = (x2 * y + z)                                                            
                     */
/* the random numbers are: x1 >> 15, x2 >> 15, x3 >> 15                         
                     */
/* now .... if we apply a little phormula, i can assure you that:               
                     */
/* (x2 >> 15 - z >> 15) * y >> 15 gives us x1 >> 15                             
                     */
/* now we can easily brute force the remaining 17 bits                          
                     */
/*                                                                              
                     */
/* Zuc                                                                          
                     */
/*                                                                              
                     */
/*****************************************************************************************************/

#include <stdlib.h>
#include <stdio.h>

#define rand1 666
#define rand2 32767

unsigned long next=-1,w;

void main(void)
{
 unsigned long x = (((rand2 >> 15) - (2531011 >> 15) >> 15) * 214013 >> 15) >> 
15;
 for(long y=0;y<2^17;y++)
 {
  w = y * 2^17 + x;
  next = (w * 214013 + 2531011) >> 32;
  if( (( next * 214013 + 2531011)>> 15 ) == rand1 )break;
 }
 if(next==-1)
 {
  printf("Sorry, number not found.\n");
  return;
 }
 for(unsigned short i=0;i<10;i++)
 {
  printf("Next number n.%i --- %i\n",i,(next*214013+2531011)>>15);
  next=next*214013+2531011;
 }
 printf("Sic transit gloria mundi.\n");
}

Zuc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/