php_mt_seed is a PHP mt_rand() seed cracker. In the most trivial invocation mode, it finds possible seeds given the very first mt_rand() output after possible seeding with mt_srand(). With advanced invocation modes, it is also able to match multiple, non-first, and/or inexact mt_rand() outputs to possible seed values.
Currently, it attacks the mt_rand() algorithm of PHP versions 5.2.1 through 7.0.x. PHP below 5.2.1 is totally unsupported. PHP 7.1.0+ is mostly unsupported, although in the simplest modes PHP 7.1.0+ seeds will occasionally be found (in those special cases where the algorithm does not deviate from 5.2.1's).
php_mt_seed is written in C with optional SIMD intrinsics (SSE2, SSE4.1/AVX, XOP, AVX2, AVX-512, as well as MIC) and OpenMP. On a modern quad-core CPU, it is able to search the full 32-bit seed space in under 1 minute. On second generation Xeon Phi, the search completes in 3 seconds.
You may view the latest README file, which provides php_mt_seed usage examples, as well as benchmarks on a variety of systems (ranging from quad-core CPU to 16-core server and to Xeon Phi). The README file is also included in the archive below.
Download (release notes, previous release notes):
This and older versions of php_mt_seed are also available from the Openwall file archive. The source code of php_mt_seed may be browsed via CVSweb. (You might find the older versions and revision history useful to better understand how php_mt_seed works and what optimizations have been made.)
Follow this link for information on verifying the signatures.
Reddit /r/netsec discussion on php_mt_seed.