/python-random-playground

This repository contains code snippets and POCs associated to our article on breaking Python's PRNG with a few values and no bruteforce.

Primary LanguagePythonMIT LicenseMIT

Python random playground

This repository contains code snippets and POCs associated to our article on breaking Python's PRNG with a few values and no bruteforce.

The functions shared accross all POCs are located in functions.py.

POCs

  • poc_predict : This POC shows how to predict the futur PRNG outputs given 624 consecutive outputs.
  • poc_IFrom2S : This POC shows how to recover an initial state I value from a pair of current state S values.
  • poc_KFrom3I : This POC shows how to recover a value of K (the seed array) from three consecutive initial state I values.
  • poc_stateRewind : This POC shows how to rewind a full state S up to the initial state I.

Example seed recovery

  • recover_32bitSeed : Example recovery of a 32-bit seed using 6 outputs.
  • recover_64bitSeed : Example recovery of a 64-bit seed using 8 outputs.
  • recover_FloatSeed : Example recovery of a 64-bit seed using 8 outputs. This time the PRNG is seeded with a float.
  • recover_BytesV1Seed : Example recovery of a 64-bit seed using 8 outputs. This time the PRNG is seeded with bytes, using the version 1 algorithm.
  • recover_BytesV2Seed : Example recovery of a 7 characters long seed using 8 outputs. This time the PRNG is seeded with bytes, using the version 2 algorithm (the default).
  • recover_DefaultSeed : Example recovery of the operating system's CSPRNG generated seed using 624 outputs. The PRNG is not seeded explicitely (the default case).