Research

An Empirical Analysis of CryptGenRandom in Windows XP SP3 and Its Historical Relevance to Bitcoin 0.1.5

Technical report / preprint
Melik Lemariey, 2026

This technical report presents a trace-based empirical reconstruction of the CryptGenRandom execution path on Windows XP SP3. It combines dynamic instrumentation under WinDbg, paired memory captures, controlled injections, and offline replay in Python.

The report does not claim a practical attack against Bitcoin, key compromise, or a complete entropy assessment. It documents a historically observable and partially bit-accurate replayable path, with explicit separation between observed behavior, bit-exact replayed transformations, partially attributed structures, and open mechanisms.

HAL record: hal-05611907v1
License: CC BY-NC 4.0

HAL / CNRS record
Download local PDF mirror
SHA256SUMS
Reproducibility artifacts on GitHub

The HAL page is the reference bibliographic record for this preprint. The local PDF mirror and SHA256SUMS file are kept here for convenience and reproducibility.

Back to home