Follow @Openwall on Twitter for new release announcements and other news

php_mt_seed - PHP mt_rand() seed cracker

php_mt_seed is a PHP mt_rand() seed cracker. In the most trivial invocation mode, it finds possible seeds given the very first mt_rand() output after possible seeding with mt_srand(). With advanced invocation modes, it is also able to match multiple, non-first, and/or inexact mt_rand() outputs to possible seed values.

PHP's mt_rand() algorithm changed over the years since its introduction in PHP 3.0.6. php_mt_seed 4.0 supports 3 major revisions of the algorithm: PHP 3.0.7 to 5.2.0, PHP 5.2.1 to 7.0.x, and PHP 7.1.0+ (at least up to the latest as of this writing, which is PHP 7.2.0beta3).

php_mt_seed uses attack-optimized reimplementations of PHP's mt_rand() algorithms. It is written in C with optional SIMD intrinsics (SSE2, SSE4.1/AVX, XOP, AVX2, AVX-512, as well as MIC) and OpenMP. On a modern quad-core CPU, it is able to search the full 32-bit seed space in under a minute. On second generation Xeon Phi, it does the same in 3 seconds.

You can view the latest README file, which explains php_mt_seed use cases, provides usage examples, and includes benchmarks on a variety of systems (ranging from quad-core CPU to 16-core server and to Xeon Phi). The README file is also included in the archive below.

Download (release notes, previous release notes):

These and older versions of php_mt_seed are also available from the Openwall file archive. The source code of php_mt_seed can be browsed on GitHub or via CVSweb. (You might find the older versions and revision history useful to better understand how php_mt_seed works and what optimizations have been made.)

Follow this link for information on verifying the signatures.

Why crack mt_rand() seeds?
It is well-known that mt_rand() is a non-cryptographic PRNG and that its 32-bit seed space would be too small for cryptographic applications. Yet many PHP applications misuse mt_rand() for purposes where a CSPRNG would be needed. Thus, a use case of php_mt_seed is to demonstrate to developers and users of those applications just how very practical it is to attack mt_rand() and how vulnerable those applications are, so that the misuses of mt_rand() would decline. Specific opportunities for such demonstration include source code audits and network/system penetration tests. In the latter, the cracked seeds may allow the penetration test to proceed further into the network or system, potentially exposing other vulnerabilities there may be. Other opportunities to practice with php_mt_seed include CTFs (capture the flag competitions).

External web pages illustrating usage of php_mt_seed (including CTF writeups):

Other relevant external web pages and projects:

Please consider sponsoring the online PHP editor, a third-party project which was extremely helpful for development, testing, and documentation of php_mt_seed (in particular, identifying quirks of different PHP versions).

Quick Comment: