How to run foresight?

[mutepigz]

i want to run a example
$ python predict_captcha.py
but it doesn't work:
Traceback (most recent call last): File "predict_captcha.py", line 12, in <module> from foresight.php import rand File "build/bdist.linux-x86_64/egg/foresight/php/rand.py", line 6, in <module> File "/usr/local/lib/python2.7/dist-packages/foresight-0.1-py2.7.egg/foresight/glibc/random.py", line 82 yield from gen SyntaxError: invalid syntax
can you tell me how to run this in the right way?

[ALSchwalm]

foresight is not compatible with python2. I believe 3.3 is the earliest python version that can run it.

[mutepigz]

thanks very much!

[mutepigz]

I have another problem ..... if i have a series of number generated by PHP's rand() likes 1341324123,can i use this library to find the seed?

[mutepigz]

by the way .... how to use the option '-o' in the command line?

[ALSchwalm]

This answer requires a little setup, so bear with me. PHP's rand has very different behavior based on platform. For example, a PHP server on linux is (generally) much less predictable than one on windows. This is why foresight requires that you provide the platform before it can make any predictions for PHP.

The rest of this answer will address PHP on windows. If you do not know the number of times 'rand' was called between the outputs you have and the seed point, then this is impossible. Not as a limitation of foresight, but in general. This is because the seed is just being used to establish an initial state for the RNG. There is nothing else special about it. So, it is impossible to know which prior state is the initial state (or 'seed' state).

Say, however, you know that there were 4 calls to rand that you do not have output from after the call to srand, but you do have the output from 10 calls after those 4. It is (in principle) possible to recover the seed value used in the srand call.

However, foresight does not have an easy way to do this in general. In the special case that the outputs you have are from immediately after the call to srand, (that is, there are no 'rand' calls you don't have outputs from) then you could recover the state by calling the function php.rand.predict_state(your_list_of_outputs, "windows"). But this is not really what foresight is designed for.

The excellent 'untwister' project here has some additional facilities for predicting seeds. 'glibc' prediction would be what you want for PHP on linux.

[mutepigz]

Thanks for your patiently explain! But can i do this if i know the time when 'rand()' was called?i can get this with the return time from the server.....But i have only one rand number beacause the server gives me only one number when i fresh it....... but If i can't find the seed ,can i predict the number follow on it?

[ALSchwalm]

That depends a lot on whether the time is being used to seed the RNG. If you know the server is seeding with srand(time()) each time the page is refreshed, then yes, you could predict the outputs by just running foresee php windows rand -s <time from the server response>. Otherwise, you will not be able to predict future outputs with only one number. Default RNGs are weak, but they are not usually that weak.

[mutepigz]

OK... thank you always..