暴力破解PHP随机函数seed

获取php_mt_seed-3.2.tar.gz, 解压.

$ wget http://www.openwall.com/php_mt_seed/php_mt_seed-3.2.tar.gz

$ tar -zxvf php_mt_seed-3.2.tar.gz

解压文件, 在php_mt_seed-3.2目录中执行make命令:

$ cd php_mt_seed-3.2

$ make                                                                    1 ↵
gcc -Wall -march=native -O2 -fomit-frame-pointer -funroll-loops -fopenmp php_mt_seed.c -o php_mt_seed
php_mt_seed.c: In function ‘main’:
php_mt_seed.c:209:9: warning: ‘vvalue’ may be used uninitialized in this function [-Wmaybe-uninitialized]
 #pragma omp parallel for default(none) private(base) shared(match, start, end, found, v1, seed_and_0x80000000, seed_shr_30, vvalue)
         ^~~
php_mt_seed.c:181:8: note: ‘vvalue’ was declared here
  vtype vvalue, v1, seed_and_0x80000000, seed_shr_30;
        ^~~~~~

实验一下, 随机数1328851649

$ time ./php_mt_seed 1328851649                                         130 ↵
Found 0, trying 637534208 - 671088639, speed 14955060 seeds per second
seed = 658126103
Found 1, trying 1207959552 - 1241513983, speed 14711479 seeds per second
seed = 1234567890
Found 2, trying 4261412864 - 4294967295, speed 14199503 seeds per second
Found 2
./php_mt_seed 1328851649  708.32s user 5.48s system 236% cpu 5:02.29 total

本文只是验证.

---

参考文档

• php的随机数的安全性分析
• php_mt_seed - PHP mt_rand() seed cracker
• Cracking PHP rand()