Support for V8 Javascript Engine's Math.Random()?

[innsternet]

Awesome project by the way.

Would it be possible to support Javascript's Engine (V8) Math.Random() which is used by Chrome/Node.js?
(https://github.com/v8/v8-git-mirror/blob/master/src/math.js)
(http://v8.googlecode.com/svn-history/r8490/branches/bleeding_edge/src/v8.cc)

function MathRandom() {
  var r0 = (MathImul(18030, rngstate[0] & 0xFFFF) + (rngstate[0] >>> 16)) | 0;
  rngstate[0] = r0;
  var r1 = (MathImul(36969, rngstate[1] & 0xFFFF) + (rngstate[1] >>> 16)) | 0;
  rngstate[1] = r1;
  var x = ((r0 << 16) + (r1 & 0xFFFF)) | 0;
  // Division by 0x100000000 through multiplication by reciprocal.
  return (x < 0 ? (x + 0x100000000) : x) * 2.3283064365386962890625e-10;
}

For example making it possible to predict the upcoming values from Math.random() on Chrome/Web Applications running NodeJs.

Thanks.

[moloch--]

On the subject as well:
https://jonasnick.github.io/blog/2015/07/08/exploiting-csgojackpots-weak-rng/

[altf4]

Nodejs is too popular to ignore, we should really have support for this. I'll try to take it up after defcon.

[altf4]

The line...

  return (x < 0 ? (x + 0x100000000) : x) * 2.3283064365386962890625e-10;

...bothers me because it's floating point multiplication. But I'll see what I can do to replicate it...

[innsternet]

Yeah I whipped up a quick and dirty brute-forcer a while ago in C++ and had the same issue and in the end I just kept it simple and dealt with everything in integers and then did the floating point conversion in Javascript with the browser manually at the end; which wasn't ideal but I got the end result I was after.

[altf4]

Yea, that's what I'm afraid of. For untwister, we can't do offloading to another engine like a browser, so I'll just have to figure out the floating point division thing. No big deal.