The RND function is based on an implementation of the XORSHIFT algorithm that I found here. The algorithm is described in this paper.

The core of it is this 20 byte routine:

LHLD RNG_SEED
MOV A,H
RAR
MOV A,L
RAR
XRA H
MOV H,A
MOV A,L
RAR
MOV A,H
RAR
XRA L
MOV L,A
XRA H
MOV H,A
SHLD RNG_SEED

The middle 14 bytes of this code are instructions that operate on A,H,L and flags. There are about 45 such instructions.

I wonder whether it would be possible to search the space of all 13-byte or shorter sequences of these instructions to look for a shorter RNG. It’s a large search space, but it could be pruned by omitting combinations of instructions that make no change of state or that cause information loss or that erase the effect of a preceding instruction, so e.g. MOV H,A could not be followed by MOV H,A (no change of state) or MOV A,H (no change of state) or MOV L,A (information loss) or MOV H,L (erases effect).

The search would count how many times the sequence has to be executed before HL returns to its original state. Sequences that give a cycle close to 65536 would be RNG candidates. In addition to RNG candidates, the search would throw up trivial things like INX H all by itself, which would be rejected by an RNG tester.