Mersenne Twister - trigger-segfault/TriggersTools.CatSystem2 GitHub Wiki
Mersenne Twister
🚧 This page is a work in progress
Mersenne Twister is an extremely common Pseudo-Random number generator used by CatSystem2 for encryption, and in-game graphics randomization. CatSystem2 uses a MT19937int 1999/10/29 variant. This specific variant can be identified by the seeding operation, which performs 2 multiplications of 69069 (0x10dcd) on the seed for each value in the state.
Encryption
Mersenne Twister randomization is used for generating 32-bit keys, that see use in other encryption methods, such as: Blowfish ciphers and Beaufort ciphers.
In KIF Archives, Mersenne Twister is seeded and used to generate the "__key__.dat" entry's Offset and then Length fields, which are then seeded into Mersenne Twister again to encrypt file data with a Blowfish cipher.
Code examples
Mersenne Twister is a commonly used pseudorandom number generator. It is used during decryption for KIF Archives in two different places to generate decryption keys and unobfuscate file names. Each use of Mersenne Twister first seeds the PRNG then generates one uint32 value. After this, that seeded Mersenne Twister is no longer used.
The exposed class structure during code samples using Mersenne Twister will look as such:
class MersenneTwister {
// Create a new initialized Mersenne Twister instance
public MersenneTwister(uint seed);
// Set the seed of a Mersenne Twister instance and generate a new 32-bit integer.
public uint SetSeed(uint seed);
public uint GenRand();
// Constructs and seeds a Mersenne Twister PRNG then generates one random value
public static uint GenRand(uint seed);
}
Implementation
The implementation of Mersenne Twister used by CatSystem2, is the 1999/10/29 version of MT19937 developed by Makoto Matsumoto and Takuji Nishimura and made publicly available online below. It is very likely that these are the exact source files used in CatSystem2's code. In the assembly, there are multiple implementations of the same Seed functions for Real numbers and Integers, they each have their own static mt state fields, and there's also another Integer static implementation (identical as far as I can tell) inside the assembly. The variant of mt19937 used for real numbers is MT19937-1 1999/10/29, which was identified by the float64 constant 2.3283064370807974e-10, (represented as 0x3df0000000100000 in binary).
- Integer values: mt19937int.c (1999)
- Real numbers: mt19937-1.c (1999)
- Integer values: mt19937int.c (1998) (never used by Cs2 directly)
- MT 1999/10/29: Source Files