How hackers reverse Math.random()

Lobsters Hottest News

Summary

This article demonstrates how to reverse common pseudo-random number generators (such as linear congruential generators, XOR shift, and Flash's RNG), and shows a practical attack by predicting mine positions in a Minesweeper game, emphasizing that ordinary random numbers should not be used in security contexts.

<p><a href="https://lobste.rs/s/kzw3rt/how_hackers_reverse_math_random">Comments</a></p>
Original Article
View Cached Full Text

Cached at: 06/24/26, 01:59 PM

### TL;DR A computer's "random numbers" actually come from a predictable mathematical formula. As long as you know the algorithm and enough state, you can reverse-engineer all past and future random numbers. This article demonstrates how to crack linear congruential generators, XOR shift generators, and Flash's random number generator, and finally shows a practical attack by predicting mine locations in Minesweeper. --- ## How Computers Generate Random Numbers When you ask a computer to pick a random number, it usually takes a value from a completely predictable sequence. That sequence is generated by a short mathematical formula, run once each time a random number is needed. The simplest example is the **Linear Congruential Generator (LCG)**: `` next = (previous × 9301 + 49297) % 233280 `` "Modulo" means that when the number exceeds 233280, it wraps back to 0, like an object in the game *Asteroids* moving from one side of the screen to the other. The "random" sequence produced by such a formula is long enough (about 230,000 numbers before repeating in this example) and looks roughly like noise when plotted as an image. But if you change the grid size, you can still see line patterns. --- ## Cracking the Linear Congruential Generator The reversibility of an LCG relies on the **modular inverse**. To go from a known next number back to the previous one, you need to reverse the formula: `` previous = (next − 49297) × modular_inverse % 233280 `` Normal division doesn't work under modulo. However, when the multiplier and the modulus are coprime, there exists a number (called the modular inverse) such that `multiplier × modular_inverse ≡ 1 (mod modulus)`. In this example, the modular inverse of 9301 is 179509, so we can write the inverse function. **Real-world scenario**: PHP's `lcg_value()` uses a similar LCG. If a website uses it to generate CAPTCHA codes, an attacker only needs to use one of their own received CAPTCHAs to reverse the seed and predict the code that would be used to reset your lost account. --- ## Cracking the XOR-Shift Generator XOR shift is another common random number generator, especially used in Flash and JavaScript. A 32‑bit version looks like: `` x ^= x << 13 x ^= x >> 17 x ^= x << 5 `` Each line does "first shift, then XOR". The XOR operation has a nice property: **XORing twice with the same value restores the original**. So reversing an XOR shift is about progressively recovering the bits that were affected. For example, when left‑shifting and XORing by 7 bits, the lowest 7 bits remain untouched, and you can use them to repeatedly XOR back until the original value is fully restored. For Xorshift128+ (JavaScript's `Math.random()`), there are manual reversal methods (Scott Contini) or using the Z3 solver. The Xoroshiro128++ used by Minecraft is harder, but the community is still working on it. --- ## Cracking Flash's Random Number Generator Flash Player's random number mechanism is very complex: it first initializes a seed using a **Linear Feedback Shift Register (LFSR)**, then combines XOR shift, subtract‑with‑borrow shift, a polynomial‑style LCG, followed by another XOR shift and subtract‑with‑borrow. Each step is reversible. In 2017, Dango wrote a complete inverse function; in 2019, a paper by George Teșeleanu optimized the process. Later, speedrunner Koong implemented a working demo, but the original project files were lost. The community recovered them by decompiling an archived version, fixed a decompiler bug, and finally succeeded. Now it is possible to completely control every random number in Flash. For example, in the Clover game, you can force low values so that all three‑leaf clovers appear at the top of the field. --- ## Practical Demo: Predicting Mine Locations in Minesweeper **Without modifying the seed or injecting code**, by observing only the mine locations in an easy Minesweeper puzzle, you can reverse‑search through billions of seeds to find the one that produces exactly that puzzle, then predict the 99 mines in an expert puzzle. The demo successfully flagged all mines. Interestingly, when reversing the expert mode generator, a bug was discovered in the source code that prevents certain mines from ever appearing in specific positions – this flaw itself is more useful than the reverse generator. --- ## Conclusion and Recommendations - Don't use ordinary random number generators for security‑sensitive tasks (e.g., CAPTCHAs, encryption). Always use generators labeled "cryptographically secure". - For local offline random number generation (e.g., single‑player games), you can be fairly certain that it can be cracked. Developers don't need to obsess over algorithm choice; instead, focus on **data leakage** (e.g., Flash sharing seeds between programs) and **predictable patterns** (e.g., the Minesweeper bug). - "Supernatural luck" in speedrunning records may simply be the result of reverse‑engineering random numbers. > *"I only gamble when the odds are entirely in my control."* --- **Source**: How hackers reverse Math.random() – YouTube (https://www.youtube.com/watch?v=XDsYPXRCXAs) (Comments on Lobsters (https://lobste.rs/s/kzw3rt/how_hackers_reverse_math_random))

Similar Articles

What is random generation?

Lobsters Hottest

An exploration of pseudo-random number generation in computers, focusing on linear congruential generators (LCGs) and their quality visualization. The article also touches on entropy sources like Cloudflare's lava lamps and serves as a precursor to property-based testing.

Correlated randomness in Slay the Spire 2

Lobsters Hottest

A blog post reveals that Slay the Spire 2's random number generators are correlated due to linearity in C#'s System.Random, allowing players to predict in-game outcomes. The post details how different RNGs initialized with seed+hash produce exploitable correlations, affecting various game events.

@apivixtls: Pre-open source core results (DeepSeek V4 Flash Driver) Before the project was open-sourced, I used https://github.com/zhaoxuya520/reverse-skill... to complete multiple high-difficulty reverse engineering and security research tasks, fully verifying the model's capabilities in practical complex engineering...

X AI KOLs Timeline

The author @apivixtls released the reverse-skill tool, an AI Agent workflow routing and tool orchestration system designed specifically for reverse engineering and security analysis, and demonstrated its powerful capabilities in scenarios such as Go disassembly, APK decompilation, and Web vulnerability exploitation.

Myths about /dev/urandom (2014)

Hacker News Top

Debunks common myths about /dev/urandom and /dev/random, explaining that /dev/urandom is the preferred source of cryptographic randomness on Unix-like systems.

Entropy

Lobsters Hottest

A technical blog post exploring randomness, Linux entropy, and building a tool called morerandom that uses WASM plugins to feed the system entropy pool.