Delphi RNG reversing

LaptoniC · Post by **LaptoniC** » Wed Oct 19, 2011 2:27 am

As I said in earlier post this program uses QueryPerformanceCounter for initial seed. However I didn't get what you mean by

If that's the case, then your keyspace just dropped dramatically.

How we can predict the result of QueryPerformanceCounter? Could you elaborate on this topic?

FrankRizzo · Post by **FrankRizzo** » Wed Oct 19, 2011 9:22 am

What I was saying was that if they use the value of Query... for range limiting the acceptable values, and that value is LOW, then that limits the range of the random numbers, and might reduce the area you have to search.

LaptoniC · Post by **LaptoniC** » Wed Oct 19, 2011 10:08 am

I want to know what is predictable the range of QueryPerformanceCounter if you know. I didn't come up with any predictable range. That is why I am searching 0-FFFFFFFFh range. Another problem is we also don't know how many times author generated big number. Each generation also affects RandomSeed. However, I am open to new ideas always.

ShyKittten · Post by **ShyKittten** » Tue Feb 07, 2012 6:31 pm

Why do you search the next prime number ?

prime(M) + b = M with M the 1st random number and b a small number
prime(N) + c = N with N the 2nd random number and c a small number

So :
- choose a seed
- compute M and N
- if (M*N - P) is small enough, you probably find the seed (with P = prime(M)*prime(N)), In other words : Take the most significant 32 bits of N and M, multiply, if the result is close to the most significant bits of P, take the next 32 bits of N and M, multiply...

Bruteforce would be easy...

LaptoniC · Post by **LaptoniC** » Sat Feb 11, 2012 2:26 am

What is the relation between M, N and P?
Program generates P and Q (primes of RSA) by using Random function and searching next prime like this

Code: Select all

P=Random(Seed)
P=FindNextPrime(P)
Q=Random(Seed)
Q=FindNextPrime(Q)
N=P*Q

The idea is if we can find fast method to find IsPrime function we can speed up searching. Because if we can recover the seed either seed of P or seed of Q we will find the prime numbers. Other than that I didn't get what you mean by M and N. drizz's code is very detailed and fast but I abandoned the project until I get my new computer.

ShyKittten · Post by **ShyKittten** » Sun Feb 12, 2012 7:59 am

In my previous post : P = M*N.

You say :

Code: Select all

P=Random(Seed)
P=FindNextPrime(P)
Q=Random(Seed)
Q=FindNextPrime(Q)
N=P*Q

My idea :

Code: Select all

P'=Random(Seed)
Q'=Random(Seed)
N'=P'*Q'
if(|N'-N| small enough)
{
       P=FindNextPrime(P')
       Q=FindNextPrime(Q')
       if(N==P*Q)
       {
              Correct Seed !
       }
}

I use it to break RSA-1024 with similar weak RNG (<1h to check all the 32-bits values).

LaptoniC · Post by **LaptoniC** » Mon Feb 13, 2012 6:31 am

What is that small enough number? I have searched prime gaps and found that biggest gap is 4724 for 75 digits so theoretically that number will be 4724^2= 22316176 ( http://www.trnicely.net/gaps/g4k.html ) is this info true or it is lower than that?

ShyKittten · Post by **ShyKittten** » Mon Feb 13, 2012 2:30 pm

http://en.wikipedia.org/wiki/Prime_gap#Conjectures_about_gaps_between_primes

g(pn) = O((ln pn)^2)

If P and Q were independents, you would choose the gap carefully,
But, here, P and Q are linked together by the seed so few (P',Q') (and probably only 1) will pass the test even if you choose a too big gap...

LaptoniC · Post by **LaptoniC** » Fri Mar 30, 2012 11:58 pm

Thanks. It worked

winndy · Post by **winndy** » Sat Mar 02, 2013 6:42 am

Thanks
Here is the tutorial by Laptonic
http://forum.exetools.com/showthread.php?t=14836

RCE Messageboards Regroupment

Delphi RNG reversing

Recca ?