In theory, everything is simple, yes and no. You just need to create your own random generator, with all these exceptions, then no additional verification is needed. The generator is not needed numeric, but directly in hex
The random data is binary anyway. Why don't you use octal instead of hex? Or binary directly?