Randar: A Minecraft exploit that uses LLL lattice reduction to crack server RNG
RNG Vulnerability & Design Lessons
- Thread treats the exploit as a textbook case of why sharing RNG state across subsystems is dangerous.
- Several comments note this is not a flaw in the PRNG algorithm itself, but in using a non-cryptographic PRNG where security properties are implicitly needed.
- Suggested fixes split between “just use a CSPRNG everywhere” and “use many separate, non‑crypto PRNGs with isolated state so compromising one reveals nothing about others.”
- The attack is framed as a State Compromise Extension Attack: once state is inferred from observations, future outputs become predictable.
- Some argue libraries should default to CSPRNGs in 2024, much like modern TLS defaults.
CSPRNG vs Game PRNG Performance
- One side claims CSPRNGs would have made early Minecraft too slow (chunk loading, random placement), favoring ultra‑cheap PRNGs.
- Others counter that modern CSPRNGs (e.g., ChaCha, AES-based) reach GB/s and are “fast enough” even for games.
- Detailed benchmarks (Go, multiple CPUs) show ChaCha variants within a small constant factor of PCG/xoshiro for typical use, especially with internal buffering.
- Counter‑arguments emphasize latency vs throughput, instruction‑level parallelism, determinism with many RNG instances, and the large state needed to run CSPRNGs efficiently.
- No clear consensus: CSPRNGs may now be viable for many games, but non‑crypto PRNGs remain simpler, smaller, and still significantly faster in some regimes.
Game Exploits and Anarchy Servers
- Many praise the exploit as “art” and one of the most significant in anarchy Minecraft, though financially minor compared to real‑world RNG failures.
- Discussion of 2b2t and similar servers: heavy metagaming, logistics, spying, and bug exploitation; some liken it to real warfare, others find it tedious.
- PvP meta described as dominated by duped items, ender crystal spam, and automated hacked clients rather than vanilla combat mechanics.
- Social downsides noted: pervasive slurs in chat; suggested mitigations include client‑side filters or moving coordination to external platforms.
Other RNG-Cracking Anecdotes
- Historical examples: rock‑paper‑scissors bots that reverse PRNG state, fork‑based bots that try all moves, and code that rewrites stack history to “fix” past outcomes.
- An online poker site once documented its PRNG for transparency; someone exploited this, ultimately helping improve their security.
- Proposed fairness scheme: commit publicly to a daily seed (e.g., via hash), use it in a CSPRNG, and reveal later so players can verify non‑cheating.
LLL, Cryptography, and In‑Game RNG Manipulation
- LLL lattice reduction is linked to other recent attacks (e.g., biased nonces in PuTTY, truncated LCG recovery, ECDSA key leaks).
- Multiple comments praise the clarity of the LLL explanation and point to step‑by‑step treatments on Q&A sites.
- Related Minecraft feats: farms and contraptions that deterministically force “random” lightning or maximum block drops, and even in‑game machinery predicting RNG state from TNT behavior.
- Some participants frame all of this as “black magic” but also as highly inspirational for learning reverse engineering and crypto.