Repository files navigation

This script is able to predict python'srandom module random generated values.

Script was tested against Python versions from3.5 to3.10. Should work against other versions of Python as well, since the generator is pretty much the same in2.7.12. Enjoy!

To install randcrack, simply:

$ pip install randcrack

The generator is based uponMersenne Twister, which is able to generate numbers with excellent statistical properties(indistinguishable from truly random). However, this generator was not designed to be cryptographycally secure. You should NEVER use in critical applications as a PRNG for your crypto scheme.You can learn more about this generatoron Wikipedia.

This cracker works as the following way. It obtains first 624 32 bit numbers from the generator and obtains the most likely state of Mersenne Twister matrix, which is the internal state. From this point generator should be synchronized with the cracker.

It isimportant to feed cracker exactly 32-bit integers generated by the generator due to the fact that they will be generated anyway, but dropped if you don't request for them.As well, you must feed the cracker exactly after new seed is presented, or after 624*32 bits are generated since every 624 32-bit numbers generator shifts it's state and cracker is designed to be fed from the begining of some state.

Cracker has one method for feeding:submit(n). After submitting 624 integers it won't take any more and will be ready for predicting new numbers.

Cracker can predict new numbers with following methods, which work exactly the same as their siblings from therandom module but withoutpredict_ prefix. These are:predict_getrandbits,predict_randbelow,predict_randrange,predict_randint,predict_choice andpredict_random

Here's an example usage:

importrandom,timefromrandcrackimportRandCrackrandom.seed(time.time())rc=RandCrack()foriinrange(624):rc.submit(random.getrandbits(32))# Could be filled with random.randint(0,4294967294) or random.randrange(0,4294967294)print("Random result: {}\nCracker result: {}".format(random.randrange(0,4294967295),rc.predict_randrange(0,4294967295)))

Output

Random result: 127160928Cracker result: 127160928

As well as predicting future values, it can recover theprevious states to predict earlier values, ones that came before the numbers you submit. After having submitted enough random numbers to clone the internal state (624), you can use theoffset(n) method to offset the state by some number.

A positive number simply advances the RNG byn, as if you would ask for a number repeatedlyn times. Anegative number however willuntwist the internal state (which can also be done manually withuntwist()). Then after untwisting enough times it will set the internal state to exactly the point in the past where previous numbers were generated from. From then on, you can call thepredict_*() methods again to get random numbers, now in the past.

importrandom,timefromrandcrackimportRandCrackrandom.seed(time.time())unknown= [random.getrandbits(32)for_inrange(10)]cracker=RandCrack()for_inrange(624):cracker.submit(random.getrandbits(32))cracker.offset(-624)# Go back -624 states from submitted numberscracker.offset(-10)# Go back -10 states to the start of `unknown`print("Unknown:",unknown)print("Guesses:", [cracker.predict_getrandbits(32)for_inrange(10)])

Warning: Therandint(),randrange() andchoice() methods all userandbelow(n), which will internally may advance the statemultiple times depending on the random number that comes from the generator. A number is generated with the number of bitsn has, but it may still be aboven the first time. In that case numbers keep being generated in this way until one is belown.

This causes predictingprevious values of these functions to become imprecise as it is not yet known how many numbers were generated with the single function call. You will still be able to generate all the numbers if you offset back further than expected to include all numbers, but there will be an amount of numbers before/after the target sequence (e.g. if the sequence is[1, 2, 3], guesses may be[123, 42, 1, 2, 3, 1337]).

This is not a problem with thegetrandbits() method, as it always does exactly 1. And therandom() method always does exactly 2