Breaking Math.random(): An Improved Algorithm for Inverting Xorshift128+
The recent vulnerability CVE-2025-7783 exploits an edge case in the Node.js ecosystem, affecting applications using axios or the deprecated request library. The attack requires five consecutive outputs of JavaScript's Math.random(), allowing prediction of future outputs using the z3 solver. This blog post presents a more efficient approach. The author demonstrates a 226-operation algorithm to invert the Xorshift128+ algorithm used by Math.random(), requiring only two full 64-bit outputs. By analyzing Xorshift128+, knowing only the least significant 26 bits of R1 allows determining the remaining bits of L1 and R2. The post also discusses adapting this to the full Math.random() function, highlighting challenges due to bit truncation and proposing a solution using three outputs. Finally, the author shares their experience using ChatGPT for research, noting its potential while acknowledging current limitations.