I’ve written a couple posts lately about reverse engineering the internal state of a random number generator, first Mersenne Twister then lehmer64. This post will look at xorshift128, implemented below. import random # Seed the generator state a: int = random.getrandbits(32) b: int = random.getrandbits(32) c: int = random.getrandbits(32) d: int = random.getrandbits(32) MASK = 0xFFFFFFFF def xorshift128() -> int: global a, b, c, d t = d s = a t ^= (t << 11) & MASK t ^= (t >> 8) & MASK s ^= (s >> 19) & MASK a, b, c, d = (t ^ s) & MASK, a, b, c return a Recovering state Recovering the internal state of the generator is simple: it’s the four latest outputs in reverse order. This is illustrated by the following chart. This means that once we’ve seen four outputs, we can predict the rest of the outputs. The following code demonstrates this. Let’s generate five random values. out = [xorshift128() for _ in range(5)] Running print(hex(out[4])) shows the output 0xc3f4795d. If we reset the state…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.