The "official" challenge solution involved reading the tiny Mersenne twister (tinyMT) paper, writing some equations, and using a solver. The tinyMT is tricky to initialize. Giving a proper seed is not enough. You need to provide initial state matrices with certain properties (there is a generator for this). The challenge used improper initialized matrices (zeros) that reduced the PRNG period. During tests, we found that ~12hr were needed to solve the challenge (solver time only), but we did not test the amount of entropy reduction by improper state initialization. Fortunately, the problem was not in the PRNG.
FYI to those who want good randomness on an arduino: use an online source to get a truly random seed and store that into eeprom on the arduino. Then anytime that value is used update the EEPROM value with a new random number. This will make every execution be new and random even if power cycled or program reset
OtakuSanel That works well if you can expect the Arduino to always have an internet connection, trust the online source to provide good entropy, protect the network connection against MitM, and handle the entropy produced properly. For a toy project this is fine but if you need cryptographically secure entropy to defend against attackers a local TRNG (timing/electrical noise or similar unpredictable events) is the way to go.
the arduino doesn't even need internet at all, im talking about completely offline. all you need to do is manually grab a good seed to begin with then the arduino can just generate new random numbers to replace the original seed itself.
@@skipfred we're talking about an arduino not a secure platform. if the idea is to always get different behavior an initial seed from the internet is a good place to get it. and by always updating it it'll never behave the same for every powerup. again not a secure platform so don't expect to be doing any kind of cryto with it.
If the token is implemented on a some weird ARM chip or if the board has a weird network of transistors and resistors attached, this solution would be screwed: ARM chips can and often do come with built-in hardware RNG, and the weird transistor/resistor network can implement a shot noise generator which is also a hardware RNG, those sources has better random quality than anything you can think of.
The bitwise tests in the Burp suite are copied from SP800-22. Not fit for purpose. We are in the process of trying to get SP800-22 withdrawn because it gets misused like this all the time.
Once you've shown all the ones you solved, will you also show the solutions to the ones you didn't solve? I really enjoy these and they're teaching me a lot.
so since you found duplicates constantly wouldn’t that mean that the seed is constant. so you could figure out what the next token is from the previous token? or is that the solution that he did. i’m really tired so sorry if my grammar and explanation is bad.
A computer is as deterministic as its instructions. Every X86 CPU for the last decade comes with nondeterministic instructions - RdRand and later RdSeed. Similarly, non X86 CPUs have adopted random number instructions with built in entropy sources.
have you tried tying all analog pins to ground to see if expected values are always the same? As in, if this caused the seed the always be the same? Also, was it possible to dump atmega flash?
Good video! Note on English pronunciation of "duplicate": long "u' as in "dooplicate", if the "p" were doubled then it would be a short "u" as you pronounced it. Sorry, 1066 really screwed things up.
You clearly don't see my point dude, the "ooh" sound in "Jew" and "do" is the same. My point is that Americans pronounce "duplicate" with a hard D, and the English pronounce it with a soft D. Try it yourself, say "do" followed by "plicate". That's American. Then try saying "Jew" followed by "plicate". This isn't a hard concept.
Do you have mental difficulties? The J in "Jew" is a soft D. Not a hard D. On the very website you linked, click on the "English" tab, and listen to how it pronounces "duplicate". Notice how the first sound is the same as the first sound in "Jew".
Who needs math when you can bruteforce?
oh god x2
oh god x3
yes, who needs to know physics when u can teach AI to do it for you
who needs programming when you can iterate over characters until it works?
Cool one, thanks for sharing, I actually heard of PRF once, when I implemented an SSL server using Struct in python, that was awesome!
You said this wasn't the intended way to solve this challenge... So which one was it?
i would also like to know that
The "official" challenge solution involved reading the tiny Mersenne twister (tinyMT) paper, writing some equations, and using a solver. The tinyMT is tricky to initialize. Giving a proper seed is not enough. You need to provide initial state matrices with certain properties (there is a generator for this). The challenge used improper initialized matrices (zeros) that reduced the PRNG period. During tests, we found that ~12hr were needed to solve the challenge (solver time only), but we did not test the amount of entropy reduction by improper state initialization. Fortunately, the problem was not in the PRNG.
Thank you!
*Damn line endings!*
FYI to those who want good randomness on an arduino: use an online source to get a truly random seed and store that into eeprom on the arduino. Then anytime that value is used update the EEPROM value with a new random number. This will make every execution be new and random even if power cycled or program reset
OtakuSanel
That works well if you can expect the Arduino to always have an internet connection, trust the online source to provide good entropy, protect the network connection against MitM, and handle the entropy produced properly. For a toy project this is fine but if you need cryptographically secure entropy to defend against attackers a local TRNG (timing/electrical noise or similar unpredictable events) is the way to go.
the arduino doesn't even need internet at all, im talking about completely offline. all you need to do is manually grab a good seed to begin with then the arduino can just generate new random numbers to replace the original seed itself.
OtakuSanel Bonus additional entropy from the EEPROM cells failing from the repeated writes.
@@skipfred we're talking about an arduino not a secure platform. if the idea is to always get different behavior an initial seed from the internet is a good place to get it. and by always updating it it'll never behave the same for every powerup. again not a secure platform so don't expect to be doing any kind of cryto with it.
If the token is implemented on a some weird ARM chip or if the board has a weird network of transistors and resistors attached, this solution would be screwed: ARM chips can and often do come with built-in hardware RNG, and the weird transistor/resistor network can implement a shot noise generator which is also a hardware RNG, those sources has better random quality than anything you can think of.
You say "PNRG" in this video a lot, "pseudo number random generation" xD
*designs a new system that uses
as the end of line terminator instead of
*
And I thought this would have been a time to use Burp Suite's entropy checker.
The bitwise tests in the Burp suite are copied from SP800-22. Not fit for purpose. We are in the process of trying to get SP800-22 withdrawn because it gets misused like this all the time.
Once you've shown all the ones you solved, will you also show the solutions to the ones you didn't solve? I really enjoy these and they're teaching me a lot.
Finally got around to watching this video, quite a good one too :)
So you basically built a dictionary :)
Did you noticed if the number of iterations required to get a duplicated token was always the same? Were they related to MT19937's 624 iterations?
Was the intended solution more complicated and worth the 400?
No. The intended solution would have to guess the seed more or less (or find it somehow). In this case it was a really easy solution
@@column.01 the intended solution apparently from a commenter is to read the tinyMT paper and use some equations to write a solver
@@XENON2028 the apparent commenter was the creator
really appreciate it ☺️ keep it up man
pnrg? more like prng?
so since you found duplicates constantly wouldn’t that mean that the seed is constant. so you could figure out what the next token is from the previous token? or is that the solution that he did. i’m really tired so sorry if my grammar and explanation is bad.
Do you know what the intended solution was?
You're so smart.
duplicate is pronounced doop-li-kit
I personally pronounce it doop-li-kate
@@1e1001 I think it's kit for the noun, kate for the verb. Also I don't think English is his first language, since he's German
A computer is as deterministic as its instructions. Every X86 CPU for the last decade comes with nondeterministic instructions - RdRand and later RdSeed. Similarly, non X86 CPUs have adopted random number instructions with built in entropy sources.
have you tried tying all analog pins to ground to see if expected values are always the same? As in, if this caused the seed the always be the same?
Also, was it possible to dump atmega flash?
Didn't try because I heard that somebody else had tried that, but I considered it first.
No it was not possible to dump the flash.
if you save both wrong token and expected token, the error of new line may not happen xD
"PNRG"
"Tokng"
Good video!
Note on English pronunciation of "duplicate": long "u' as in "dooplicate", if the "p" were doubled then it would be a short "u" as you pronounced it.
Sorry, 1066 really screwed things up.
lohphat American. Not English.
To my knowledge you're a non-native engish speaker, so, I'm just trying to help. Duplicate is pronounced doop (rhymes with soup) licate
VegaDeftwing Only in American. In English it sounds the same as "Jew".
MrSparklyStuff you seem to be missing the point. in American English, it's a hard D. In correct English, it's a soft one. Think "do" vs "Jew".
You clearly don't see my point dude, the "ooh" sound in "Jew" and "do" is the same. My point is that Americans pronounce "duplicate" with a hard D, and the English pronounce it with a soft D. Try it yourself, say "do" followed by "plicate". That's American. Then try saying "Jew" followed by "plicate".
This isn't a hard concept.
Do you have mental difficulties? The J in "Jew" is a soft D. Not a hard D.
On the very website you linked, click on the "English" tab, and listen to how it pronounces "duplicate". Notice how the first sound is the same as the first sound in "Jew".
a very hot scholastic discussion 😎
hello bro i am the one who sent you an email but you didnt respond.
He is not your bro. And why would he respond to you? And why are you saying this on a video?