I have already previously published a C program that discovers the internal state of a PCG generator with 64 bits of state and 32 bits of output in a few seconds (exhaustive search would require centuries).
I am now providing a C++ program that will discover in a few seconds the internal state of a PCG generator with 128 bits of state and 64 bits of output, even faster, looking at a few outputs of the generator. You will need Victor Shoup's amazing NTL library to compile it.
The programs can be found here: http://pcg.di.unimi.it/pcg.php#claims
Both programs use the same logic: guessing exhaustively a few bits, deriving a lot of other bits, and solving a simple modular equation. However, in the 64-bit case the equation can be solved by trying all possible solutions, whereas in the 128-bit case I use a standard technique based on lattice reduction: as a result, discovering initial state takes usually _less_ time than in the 64-bit case (in fact, the computation time can be brought down to well below a second if you are willing to examine more outputs).
This settles once and for all, negatively, the question "have PCG generators any cryptographic strength?".
PS: I'm purposely putting quotes around "crackable" because you cannot "crack" a non-cryptographic generator in the same way cannot crack a fig. But in view of the claims of the author of PCG generators, it seems appropriate.
