Uhm... Technically

Technically speaking "chances" are not real, your aren't actually "following the wind" in random number generation.
So, basically, a 100 is predetermined.
What's stopping folks from running a simulation on Unix Epoch to get a 100%?

Why this isn't done? Take game lootboxes, why isn't anyone running a simulation and opening the box at xx:xx?

Most use rand(), and most use x86 architecture

Attached: ezrand.jpg (1280x720, 42K)

Other urls found in this thread:

gcc.gnu.org/onlinedocs/gcc/x86-Built-in-Functions.html
twitter.com/NSFWRedditImage

Because seeding from system time is generally insecure.
>what is rdrand/rdseed

Attached: 22f.jpg (782x767, 98K)

People are not as stupid as you assume them to be

It's not news. Yes, it can be exploited obviously. Most of the time, it's not worth exploiting. Just because you know a fault in a system, doesn't mean you can easily exploit it to your advantage.

Try it, then explain to the Jow Forums class what you learned :D

>explain to the Jow Forums class what you
So by this, this means basically intel has "every CPU different" or else how do you make a source for this particular "random"?
Yeah, i know, i just don't like lootboxes and tought, uuuuuuuhm
Not everyone has a collar attached to their cat

Loot boxes or anything else random in an online game is going to do the RNG server side anyway if the devs have a brain larger than a walnut

true random numbers can be generated from feedback noise of two transistors, which can depend on quantum fluctuations if properly insulated.

bazinga

>rdseed
WOW THIS BLEW MY MIND, Intel uses THERMAL Temperature to generate a stream. WOW
Yes, exactly, that's why you just need to take the "server time"

Rdrand is seeded from a hardware csprng that generates more entropy than rand() or mersenne twister algorithms.
They are different because there is a piece of hardware the reseeds rdrand after so many bits of data are read from it.

Meant for
From

>Yes, exactly, that's why you just need to take the "server time"
Subsequent calls to rand() change the result. Good luck figuring out how many times the game server called rand() and when the last time the sever was seeded. Let alone the fact that there can be multiple servers with different seeds and startup times balancing the server load. You will find this task impossible without additional knowledge.

>Yes, exactly, that's why you just need to take the "server time"
And you do that by......

Common user think.

Is this provided in major compilers like MSVC or GCC?? How to use it?

R-right, i did not figure it out, but still, it's actually simple if you are dedicated, and take some tries collecting data

[Code]
Uint32_t rnd_int32 = 0;
__builtin_ia32_rdrand32_step(&rnd_int32);
[/code]

That's about gist of it, I'm phone posting so it might be fucked, just look up compiler intrinsics rdrand

Thanks, is this inside a header file?

Thanks, i started understanding now... i did not know those type of function existed in a compiler

>__builtin_ia32_rdrand32_step(&rnd_int32);
Knowing the step solves a tiny tiny bit of the problem. The real problem is you have no idea how rand is used and what the current step will be when trying to exploit a remote server.

Also, that callback, that's runtime specific isn't it? I'm pretty sure rand() (and its implementation) are extremely lax in requirements so there is no guarantee the target server will have an implementation that is even remotely similar.

gcc.gnu.org/onlinedocs/gcc/x86-Built-in-Functions.html

Just looked it up. Its a built-in function for GCC. Means nothing unless you know that the target is using the exact same rand implementation. Which is something you cannot assume and I don't think you could easily find out.

Good luck guessing the seed and the number of times rand has been called when your request arrives.

If it worked like that people would be doing it already.