Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
For usage on the LA Time's powerball simulator. Careful about clicking the page.

Blog post: https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f

Run the following snippet in your browser's console.

    _ = []; for(var i=0; i<5; ++i) { _.push(Math.random()) } ; console.log(_)

Paste at least 3 of those (5 for Chrome) values into the dubs array in main().

It will warn you if the model is too "loose" and has multiple solutions.

Set the browser in main() to Chrome or Firefox. (Safari hasn't updated yet.)

    python xs128p.py

The winning numbers should have an arrow. Click once on the number inputs and tab between them to enter your "pick".

Click once on the play button.

Enjoy your lotto winnings :)



Hey, while you're here, I teach some security stuff on YouTube. https://cybering.cc

Follow me on Twitter! @cyberingcc

About

Symbolic execution for the XorShift128+ algorithm.

Resources

Releases

No releases published

Packages

No packages published

Languages