RainbowTable - ONsec-Lab/Rand-attacks GitHub Wiki

Table's file format

Rainbow file is raw data file which consist of 4 bytes integer values.

Rainbow table have only one parameter - D (deep) which show how many serial mt_rand() calls exists in table.

File format listed bellow:


offset   data
0        seed //seed which provide mt_rand()===0
4        mt_rand() //second call after mt_rand()===0
8        mt_rand() //thid call after mt_rand()===0
    . . .           
D        mt_rand() //D call after mt_rand()===0 (D is deep parameter of Rainbow table)
    . . .
R        seed //seed which provide mt_rand()===R
R+4      mt_rand() //second call after sought-for R
    . . .
R+4*D    mt_rand() //D call after mt_rand()===R (D is deep parameter of Rainbow table)

To find seed by mt_rand()===R value you will need to read 4 bytes by 4(D+1)R offset

To convert 4 bytes to PHP integer value use: $seed = current(unpack('N',$rainbow_4-bytes_string));\

Table's sizes

To calculate table size use simple formula: S=4*2^31*(D+1)

Basically size of rainbow table with D=0 (provide only recover seed by mt_rand()) is 4*2^31 bytes which equal to 8Gb.

RainbowTable - ONsec-Lab/Rand-attacks GitHub Wiki

Table's file format

Table's sizes

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️