-1

I am looking for a function that will return a seed of C# Random class based on the first two int numbers produced by Random.Next(). I would like to avoid brute force (this is what I tried). Essentially, I am looking for a reverse function for this code, that is not based on brute force

using System;

public class Program
{
    public static void Main()
    {
        int seed = 0;
        Random rnd = new Random(seed);
        Console.WriteLine($"Seed: {seed}");
        Console.WriteLine($"Rnd1: {rnd.Next()}");
        Console.WriteLine($"Rnd2: {rnd.Next()}");
    }
}

Which prints out

Seed: 0
Rnd1: 1559595546
Rnd2: 1755192844

Is there a fast way to obtain Seed given Rnd1 and Rnd2?

oleksii
  • 35,458
  • 16
  • 93
  • 163
  • So what did you try? I expected some steps already taken, at least giving information about the PRNG used in .NET(?). Doing that, you will probably find a formula which looks easy to exploit, pretty much too easy (too fitting giving your constant of 2) which makes me think, that this comes from some kind of coding-test or competition? – sascha Aug 04 '17 at 15:01
  • You can find the source for Random [here](https://referencesource.microsoft.com/#mscorlib/system/random.cs,4c2fc83207c654d1) – spectacularbob Aug 04 '17 at 15:05
  • [Is this post of any use?](https://stackoverflow.com/questions/17420424/determine-the-seed-of-c-sharp-random-instance). It seems to suggest it's not possible, or at least that brute force is actually quite fast. – Equalsk Aug 04 '17 at 15:06
  • @sascha I've tried brute force, which is doable but takes a long time for what I want to use this for. This is not coming from a coding-test, it's me thinking about a particular problem on a train. – oleksii Aug 04 '17 at 15:10
  • @Equalsk Looks like it's doable, at least in [Oracle Java](https://stackoverflow.com/a/20183412/706456) – oleksii Aug 04 '17 at 15:11
  • It's always doable if it's not a cryptoPRNG. So check out which PRNG is in use (probably changed over years), grab the formula's and do some math. Keep in mind that's it's not really an inverse. It seems you ask for one compatible seed. There might be no unique one! – sascha Aug 04 '17 at 15:12
  • @sascha I will have a look at the formula, thanks. Actually, I deliberately look for a weak PRNG and the first seed that gives me the two numbers. – oleksii Aug 04 '17 at 15:16
  • @sascha It's always possible to *eventually* infer the internal state for non-cryptoPRNGs, but whether you can do so from two observations depends on the specific generator. For instance, [MT19937 requires 624 values](https://en.wikipedia.org/wiki/Mersenne_Twister#Alternatives) to peg down the state. – pjs Aug 04 '17 at 18:23
  • @pjs I think i made it clear that i'm not interested in the state, but a compatible seed (of many possible seeds producing expected output; of course seed != internal-state for most PRNGs, especially MT). – sascha Aug 04 '17 at 18:49
  • @sascha My working assumption is that OP wants to get the seed for purposes of prediction/reproducibility. Getting a "compatible seed" which would produce the two numbers already observed is pretty useless in that context, since there's no guarantee that you'll be able to correctly forecast what the next value will be. – pjs Aug 04 '17 at 21:59
  • @pjs I am interested in just two values. I am not sure it is always possible and would like to check as a hack project. I've seen some examples for MT generator and for Java implementation. I will try MT and see what happens. – oleksii Aug 05 '17 at 10:12
  • @oleksii So if I'm understanding correctly, you don't care what the actual seeding is? You just want to find a seed that will reproduce the first two observed values? Why would that be useful, or is this just a "can I do it" question? – pjs Aug 05 '17 at 14:24
  • @pjs I was thinking if I could compress data that is already compressed or encrypted. A good compression should render data as a pseudo random noise, as is encryption. If I can find an RNG and a seed that represents 2 numbers, I can compress two int values into 1. If I can carry on with this process, compressed/encrypted data will take half its original size. I further thought I can then repeat the process up to a very small sequence that can represent potentially large compressed or encrypted data. I don't think this is possible in a generic way but was just an interesting idea. – oleksii Aug 05 '17 at 18:43

1 Answers1

0

Hi one possible to get the seed, but without rnd1 and rnd2 would be to do the following

  var tickCount = Environment.TickCount;
        var random = new Random();
        var seededRandom = new Random(tickCount);


        for (int i = 0; i < 100000000; i++)
        {
            // Does not enter the if case at any point.
            if (random.Next() != seededRandom.Next())
            {
                Console.WriteLine("No match");
            }
        }

Source: http://referencesource.microsoft.com/#mscorlib/system/random.cs,53

Robert Andersson
  • 71
  • 1
  • 8
  • Well, I am looking for something like: `int GetSeed(int firstRnd, int SecondRnd)`. The condition is: given two numbers, find a seed – oleksii Aug 04 '17 at 15:18
  • Ah ok, maybe this [site](https://jazzy.id.au/2010/09/20/cracking_random_number_generators_part_1.html) can help you. – Robert Andersson Aug 04 '17 at 15:35