Page 2 of 2

Posted: Wed Oct 19, 2011 2:27 am
by LaptoniC
As I said in earlier post this program uses QueryPerformanceCounter for initial seed. However I didn't get what you mean by
If that's the case, then your keyspace just dropped dramatically.
How we can predict the result of QueryPerformanceCounter? Could you elaborate on this topic?

Posted: Wed Oct 19, 2011 9:22 am
by FrankRizzo
What I was saying was that if they use the value of Query... for range limiting the acceptable values, and that value is LOW, then that limits the range of the random numbers, and might reduce the area you have to search.

Posted: Wed Oct 19, 2011 10:08 am
by LaptoniC
I want to know what is predictable the range of QueryPerformanceCounter if you know. I didn't come up with any predictable range. That is why I am searching 0-FFFFFFFFh range. Another problem is we also don't know how many times author generated big number. Each generation also affects RandomSeed. However, I am open to new ideas always.

Recca ?

Posted: Tue Feb 07, 2012 6:31 pm
by ShyKittten
Why do you search the next prime number ?

prime(M) + b = M with M the 1st random number and b a small number
prime(N) + c = N with N the 2nd random number and c a small number

So :
- choose a seed
- compute M and N
- if (M*N - P) is small enough, you probably find the seed (with P = prime(M)*prime(N)), In other words : Take the most significant 32 bits of N and M, multiply, if the result is close to the most significant bits of P, take the next 32 bits of N and M, multiply...

Bruteforce would be easy...

Posted: Sat Feb 11, 2012 2:26 am
by LaptoniC
What is the relation between M, N and P?
Program generates P and Q (primes of RSA) by using Random function and searching next prime like this

Code: Select all

P=Random(Seed)
P=FindNextPrime(P)
Q=Random(Seed)
Q=FindNextPrime(Q)
N=P*Q
The idea is if we can find fast method to find IsPrime function we can speed up searching. Because if we can recover the seed either seed of P or seed of Q we will find the prime numbers. Other than that I didn't get what you mean by M and N. drizz's code is very detailed and fast but I abandoned the project until I get my new computer.

Posted: Sun Feb 12, 2012 7:59 am
by ShyKittten
In my previous post : P = M*N.

You say :

Code: Select all

P=Random(Seed)
P=FindNextPrime(P)
Q=Random(Seed)
Q=FindNextPrime(Q)
N=P*Q
My idea :

Code: Select all

P'=Random(Seed)
Q'=Random(Seed)
N'=P'*Q'
if(|N'-N| small enough)
{
       P=FindNextPrime(P')
       Q=FindNextPrime(Q')
       if(N==P*Q)
       {
              Correct Seed !
       }
}

I use it to break RSA-1024 with similar weak RNG (<1h to check all the 32-bits values).

Posted: Mon Feb 13, 2012 6:31 am
by LaptoniC
What is that small enough number? I have searched prime gaps and found that biggest gap is 4724 for 75 digits so theoretically that number will be 4724^2= 22316176 ( http://www.trnicely.net/gaps/g4k.html ) is this info true or it is lower than that?

Posted: Mon Feb 13, 2012 2:30 pm
by ShyKittten
http://en.wikipedia.org/wiki/Prime_gap#Conjectures_about_gaps_between_primes
g(pn) = O((ln pn)^2)
If P and Q were independents, you would choose the gap carefully,
But, here, P and Q are linked together by the seed so few (P',Q') (and probably only 1) will pass the test even if you choose a too big gap...

Posted: Fri Mar 30, 2012 11:58 pm
by LaptoniC
Thanks. It worked :)

Posted: Sat Mar 02, 2013 6:42 am
by winndy
Thanks
Here is the tutorial by Laptonic
http://forum.exetools.com/showthread.php?t=14836