Tonyweb (Antonio's) Reverse Engineering Cracks and Tuts
Want to learn unpacking … but I'm too stupid :P
This is the latest official update about the Board4All forum from the main forum owner ZEUS:
Board4All Forum Latest Update: December 2022
Don’t forget to read this old post of mine as well:
You may also want to read this:
NOW FOR SALE!!! Only $50
Home Page: https://www.ib-aplikasi.com/produk/software-apotek-5.2
Paste here (or send me by email) the following files’ content (they are text files)
%APPDATA%\Windows\aptk02\aptk02u.s
%APPDATA%\Windows\aptk02\aptk02a.s
Then paste here (or send me by email) the result of this command, run in a console (use + on your keyboard, then type cmd.exe then press )
WMIC Path Win32_PhysicalMedia Where Tag=’\\.\PHYSICALDRIVE0′ Get SerialNumber
I’ll reply with a serial AFTER I RECEIVED YOUR PAYMENT IN BITCOIN!
NOW FOR SALE!!! Only $50
Once I have the enough likes I will sell the complete set of code. For now I can only post some of the code.
Meanwhile. some titbits for you:
//Test1.exe
void DoPatch1()
{
SuspendMainThread();
#if _WIN64
PatchMemory(PatternFind(szFile1,
“74 12 48 8D 15”, 1),
“\x00”, 1);
#else
//patch the Test1.exe
PatchMemory(PatternFind(szFile1,
“74 22 68”, 1), //Offset 1 means we want to start replacing from
//the beginning of address +1 which in this
//case is the byte 22 hex
“\x00”, 1); //size is 1
#endif
ResumeMainThread();
CloseHandle(hMainThread);
hMainThread = nullptr;
}As you can see from the log, a search was made for “74 12 48 8d 15” in Test1.exe and the patch was made at that address. Patching this way means that most likely the crack will work in the next version of the software.
Example 2:
For example 2 I will use the same Test1 program but another button has been added that calls the IsRegistered() function from an external library named license.dll. What I’m going to show you is how to patch Test2.exe and license.dll at once.
C++:
#include "lic.h"
bool IsRegistered()
{
return false;
}Now copy the version.dll file that is inside the Crack folder to the folder where Test1.exe is like you deed before.
C++:
//Test2.exe
void DoPatch1()
{
//We need to make sure that the Test2.exe has already loaded the library license.dll,
//before proceeding with the patch.
if (!IsModuleLoaded(szFile2.c_str()))
{
MY_LOG(__FUNCTION__ L” :: Waiting for module %ls to be loaded into memory.”, szFile2.c_str());
do
{
Sleep(10);
} while (!IsModuleLoaded(szFile2.c_str()));
MY_LOG(__FUNCTION__ L” :: Module %ls has been loaded into memory.”, szFile2.c_str());
}
else
MY_LOG(__FUNCTION__ L” :: Module %ls is already loaded in memory.”, szFile2.c_str());
SuspendMainThread();
#if _WIN64
PatchMemory(PatternFind(szFile1,
“74 12 48 8D 15”, 1),
“\x00”, 1);
//patch the license.dll
PatchMemory(PatternFind(szFile2,
“32 C0 C3”, 0),
“\xB0\x01”, 2); //mov al,1
#else
//patch the Test2.exe
PatchMemory(PatternFind(szFile1,
“74 23 68”, 1), //Offset 1 means we want to start replacing from
//the beginning of address +1 which in this
//case is the byte 23 hex
“\x00”, 1); //size is 1
//patch the license.dll
PatchMemory(PatternFind(szFile2,
“32 C0 C3 3B 0D”, 0), //Offset 0 means we want to start replacing from
//the beginning of the address where the pattern was found
“\xB0\x01”, 2); //size is 2
#endif
ResumeMainThread();
CloseHandle(hMainThread);
hMainThread = nullptr;
}I may be devoid of shame but in the end who makes MONEY? It is I.
THAT is what matters. Shame, honor and fresh air all go out through the window in the end and what matters is who is left holding the CASH! 😀
And how much CASH do I hold in my hand? WADS and WADS of cold cash that I get from selling cracked software that I gather from B4A and various other forums. 😀 😀 😀
I made at least 50 accounts when the registration was opened up at B4A recently. Just use MULTILOGIN SOFTWARE to create the accounts. I did the same. Through MULTILOGIN you can create any number of accounts at any forum and the admins like CHALLENGER would just be left scratching their heads like fools in confusion! 😀
What a HUGE fool that Challenger is, thinking that he could prevent duplicate accounts!
Anyone who wants an account at B4A can contact me and pay me $1. I will provide you the login details. Payments by BTC only please!
These days you can see me post some useless stuff on various forums. Now that de! recently got shamed in public for claiming credits for cracking a popular software while in reality it was a GROUP EFFORT by various expert reverse engineers from the TIRA forum, I, tonyweb am just venting out my frustration in a vain attempt to show to the world that I am “not afraid” and that I “still continue to” post content, even though the content I am posting may be worse than utter trash!
Many other forums booted me out in a very shameful way and showed me out their door 🙁
I am only able to fool people like Challenger, Especialista, JonArbuckle and a few others who seem to be rather fascinated by the useless trash that I post in their forums.
If you want to know the details how I ROYALLY put down and screwed PeterPunk (a.k.a PeterPonk) by teaching him how to reverse and crack Java app Shellfire VPN, you can head over the link mentioned below.
By the way, although I blew off my big mouth several times in that thread by posting without thinking and understanding the basics of reversing first, I am happy to say that I was able to screw him well in public 😀
Shellfire VPN is now available for sale (cracked by me) here:
Please read this first if you did not do so already:
CAN ALSO BUY HERE:
https://developer.team/
Coming to the Neotys topic. Now, Neotys NeoLoad v7.11 is available for sale. You can pay me $50 by bitcoin and I will make it available to you.
Neotys NeoLoad v7.11
Of course, I stole the technique to crack it from another forum where I pretended to be a Team Member until I could get hold of all their techniques and tools, but who the hell cares?!
Here I am the person making money selling the cracks!
Try the most automated performance testing platform for the Enterprise
No credit card required. Up and running in 5 minutes.
Gartner Peer Insights Awarded
Home Page:
https://www.neotys.com/neoload/overview
AVAILABLE HERE FOR SALE at Board4All:
https://www.board4all.biz/threads/neotys-neoload-v7-11.863313/
My profile here:
How to crack it? The useless Zoppotrump3 aka Sascha Szalata failed to crack it and I managed to crack it. Here’s how:
There’s the “usual” WinVerifyTrust call, plus a custom calculation based on … hmmm, You need to PAY me $50 to know further!
Take a look here (hint: it’s reading from PE header) and you’ll probably understand
005592BD 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28]
005592C0 0FB671 07 MOVZX ESI,BYTE PTR DS:[ECX+0x7]
005592C4 0FB641 06 MOVZX EAX,BYTE PTR DS:[ECX+0x6]
005592C8 C1E6 08 SHL ESI,0x8
005592CB 03F0 ADD ESI,EAX
005592CD 0FB641 15 MOVZX EAX,BYTE PTR DS:[ECX+0x15]
005592D1 0FB649 14 MOVZX ECX,BYTE PTR DS:[ECX+0x14]
005592D5 C1E0 08 SHL EAX,0x8
005592D8 03C1 ADD EAX,ECX
005592DA 8B4D DC MOV ECX,DWORD PTR SS:[EBP-0x24]
005592DD 8D7C07 18 LEA EDI,DWORD PTR DS:[EDI+EAX+0x18]
005592E1 8D04B6 LEA EAX,DWORD PTR DS:[ESI+ESI*4]
005592E4 8D04C7 LEA EAX,DWORD PTR DS:[EDI+EAX*8]
005592E7 50 PUSH EAX
005592E8 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-0x48]
005592EB 57 PUSH EDI
005592EC 50 PUSH EAX
005592ED 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-0x28]
005592F0 50 PUSH EAX
005592F1 E8 64EEEBFF CALL 0041815A
005592F6 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28]
005592F9 3BF3 CMP ESI,EBX
005592FB 895D E0 MOV DWORD PTR SS:[EBP-0x20],EBX
005592FE 895D 08 MOV DWORD PTR SS:[EBP+0x8],EBX
00559301 0F86 B2000000 JBE 005593B9
00559307 8D41 12 LEA EAX,DWORD PTR DS:[ECX+0x12]
0055930A 8BD1 MOV EDX,ECX
0055930C 2BD0 SUB EDX,EAX
0055930E 8975 EC MOV DWORD PTR SS:[EBP-0x14],ESI
00559311 83C2 13 ADD EDX,0x13
00559314 8955 BC MOV DWORD PTR SS:[EBP-0x44],EDX
00559317 8BD1 MOV EDX,ECXde! : This is for clicking on LIKES for hate posts. MORE to come. ALL your work will be posted and sold here.
JonArbuckle, Especialista and other mods will also pay DEARLY for allowing hate posts in the forum.
Also, remember that TSRh IS COMPROMISED! ALL YOUR DMs are READABLE BY ANYONE!
Yeah, yeah, I know… I could just delete the posts with a swipe of my mighty arm but… It is the bloody job of the admins and mods to avoid the hate posts.
Now let’s see THEIR content being leaked out and sold too.. ONE by ONE… Day by day…
Yeah, yeah, I know… I could just delete the posts with a swipe of my mighty arm but… It is the bloody job of the admins and mods to avoid the hate posts.
Now let’s see THEIR content being leaked out and sold too.. ONE by ONE… Day by day…
Repeat after me… NEVER F*CK WITH THE LORD!
But first…Please read these 2 posts from today:
and
Coming to the Boilsoft keygen password, it is fuck-you-de!
Download KEYGEN: https://mir.cr/KHEYLUHU
The download links and other details for the KEYGEN were already posted here a few days ago:
Download:
https://mir.cr/DDQNKHL3
https://www16.zippyshare.com/v/YlkJP49e/file.html
Keygen Patcher Source Code:
include \masm32\include\masm32rt.inc
include \masm32\include\masm32.inc
SIZEOF_NT_SIGNATURE equ sizeof DWORD
SIZEOF_IMAGE_FILE_HEADER equ 14h
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
GetModuleBaseAddress PROTO :DWORD
.data?
hWnd dd ?
hInstance dd ?
windowhandle dd ?
ProcessID dd ?
hProcess dd ?
PEHeader db 1000 dup (?)
Chunks db 65535 dup (?)
BaseAddress dd ?
SectionSize dd ?
SectionEnd dd ?
SectionAdress dd ?
sections_count dd ?
sectionHeaderOffset dd ?
.data
process_4 db "Setup - Zetta",0
patch_title db "Patching...",0
patch_success db "Patched Succesfully",0
error_1 db "Didn't find the target! You sure you started it??",0
error_2 db "Couldn't open process...",0
error_3 db "Couldn't write ...",0
error_4 db "Error reading PE header",0
error_5 db "This EXE has no sections",0
errornobase db "cannot read base address",0
about_title db "About...",0
about_text db "TonyWank and his MicroPenis",13,10
db "Special Thanks to: Sexual Intercourse",0
TextSection db ".text",0
ChunkSize dd 65535
SearchPattern db 083h,0F8h,00Ch,00Fh,084h,0FFh,0FFh,000h,000h,083h,0F8h,00Ah,00Fh,087h,0FFh,0FFh,000h,000h ;Search pattern in hex add "0" to the front of each digit and "h" to the end
SearchMask db 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0 ;(1=Ignore Byte)
ReplacePattern db 083h,0F8h,00Ch,00Fh,084h,0FFh,0FFh,000h,000h,083h,0F8h,00Ah,090h,0E9h,0FFh,0FFh,000h,000h ;Replace Pattern in hex add "0" to the front of each digit and "h" to the end
ReplaceMask db 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0 ;(1=Ignore Byte)
.code
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
start:
mov hInstance, FUNC(GetModuleHandle,NULL)
call main
invoke ExitProcess,eax
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
main proc
Dialog "RCS Zetta Installers Mem Patcher", \
"Courier New",8, \
WS_OVERLAPPED or WS_SYSMENU or DS_CENTER, \ ; dialog window style
4, \ ; number of controls
50,50,192,95, \
1024
DlgButton "Patch",WS_TABSTOP,10,60,50,13,IDOK
DlgButton "About...",WS_TABSTOP,70,60,50,13,IDCONTINUE
DlgButton "Exit",WS_TABSTOP,130,60,50,13,IDCANCEL
DlgStatic "This patcher works with ZettaDB2008_x86_Setup_2.0.1.exe, ZettaDB2008_x64_Setup_2.0.1.exe, RCSDatabase_64bit_Setup_2012.1.exe, Zetta_5.20.1.768.exe and probably newer versions too.",SS_CENTER,0,5,180,50,100
CallModalDialog hInstance,0,DlgProc,NULL
ret
main endp
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
DlgProc proc hWin:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
Switch uMsg
Case WM_INITDIALOG
m2m hWnd, hWin
ret
Case WM_COMMAND
Switch wParam
Case IDOK
mov hInstance,eax
invoke FindWindow,NULL,addr process_4
invoke GetWindowThreadProcessId,eax,addr ProcessID
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,ProcessID
test al,al
jz error2
mov hProcess,eax
Invoke GetModuleBaseAddress, ProcessID
mov BaseAddress, eax
invoke ReadProcessMemory,dword ptr[hProcess], eax, addr PEHeader, 1000, NULL
test al,al
jz error2
;DOS HEADER EXTRACTION
lea edi, PEHeader
assume edi: ptr IMAGE_DOS_HEADER
;Check if the file is a DOS file
cmp [edi].e_magic, IMAGE_DOS_SIGNATURE
jne error4
; DOS Header
mov edx, [edi].e_lfanew
;Check if the file is a PE file
add edi, edx ;address of the PE Header
assume edi: ptr IMAGE_NT_HEADERS
cmp [edi].Signature, IMAGE_NT_SIGNATURE
jne error4
; PE Header
mov edx, [edi].Signature
add edi, SIZEOF_NT_SIGNATURE
assume edi: ptr IMAGE_FILE_HEADER
movzx edx, [edi].NumberOfSections
push edx
pop sections_count
; Optional Header
add edi, SIZEOF_IMAGE_FILE_HEADER
assume edi: ptr IMAGE_OPTIONAL_HEADER
; ImageBase
lea edi, PEHeader
;SECTIONS
add edi, sizeof IMAGE_OPTIONAL_HEADER
assume edi: ptr IMAGE_SECTION_HEADER
mov sectionHeaderOffset, edi
mov ebx, sections_count
cmp ebx, 0
je error5
sections:
sub ebx, 1
push edi
mov esi, edi
lea edi, TextSection
mov ecx, 5 ; selects the of the first string as maximum for comparison
repe cmpsb ; comparison of ECX number of bytes
jne continue_scan
pop edi
mov edx, dword ptr [edi + 8h]
mov SectionSize, edx
mov edx, [edi].VirtualAddress
add edx, BaseAddress ;adds baseaddress + section address
mov ebx, edx
add edx, SectionSize
mov SectionEnd, edx
xor edi, edi
jmp scan
continue_scan:
pop edi
add edi, 28h
jmp sections
scan:
; Use ebx for pointer count, ReadProcessMemory replace eax, ecx and edx
invoke ReadProcessMemory,dword ptr[hProcess], ebx, addr Chunks, ChunkSize, NULL
push 1
sub ChunkSize, sizeof SearchPattern
push ChunkSize
push sizeof SearchPattern
push offset SearchMask
push offset SearchPattern
push offset Chunks
call SearchAndReturn
cmp eax, 1
je patch
cmp ebx, SectionEnd
jnle fin
add ebx, ChunkSize
sub ebx, sizeof SearchPattern
jmp scan
patch:
COMMENT *
Didn't do anything here, just copied code
invoke WriteProcessMemory,dword ptr[hProcess],ecx,addr writebuf_1,1,NULL
mov esi,_replacepattern
mov edx,_replacemask
xor ecx,ecx
.while ecx!=ebx ;ebx=patternsize
@cmp_mask_2:
cmp byte ptr[edx],1
je @ignore
lodsb ;load replacebyte to al from esi & inc esi
stosb ;mov byte ptr[edi],al & inc edi
jmp @nextbyte
@ignore:
inc edi ;targetadress
inc esi ;replacepattern
@nextbyte:
inc edx ;replacemask
inc ecx ;counter
.endw
mov local_returnvalue,1 ;yes, something was patched
*
error1:
invoke MessageBoxA,NULL,addr error_1,NULL,MB_ICONSTOP
jmp fin
error2:
invoke MessageBoxA,NULL,addr error_2,NULL,MB_ICONSTOP
jmp fin
error3:
invoke MessageBoxA,NULL,addr error_3,NULL,MB_ICONSTOP
jmp fin
error4:
invoke MessageBoxA,NULL,addr error_4,NULL,MB_ICONSTOP
jmp fin
error5:
invoke MessageBoxA,NULL,addr error_5,NULL,MB_ICONSTOP
fin:
sub ecx, offset Chunks
add ebx, ecx
invoke MessageBoxA,NULL,hex$(ebx),addr patch_title,MB_ICONINFORMATION
invoke CloseHandle,hProcess
Case IDCONTINUE
invoke MessageBoxA,NULL,addr about_text,addr about_title,NULL
Case IDCANCEL
invoke ExitProcess,1
EndSw
Case WM_CLOSE
invoke ExitProcess,1
EndSw
return 0
DlgProc endp
GetModuleBaseAddress proc iProcID:DWORD
LOCAL hSnap:DWORD
LOCAL xModule:MODULEENTRY32
invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, iProcID
mov hSnap,eax
mov xModule.dwSize, sizeof xModule
invoke Module32First, hSnap, addr xModule
invoke CloseHandle,hSnap
test eax, eax
jnz getaddr
mov eax, 0
ret
getaddr:
mov eax, xModule.modBaseAddr
ret
GetModuleBaseAddress endp
SearchAndReturn proc _targetadress:dword,_searchpattern:dword,_searchmask:dword,_patternsize:dword,_searchsize:dword
LOCAL local_returnvalue :dword ;returns if something was patched
LOCAL local_match :dword ;counts how many matches
pushad
mov local_returnvalue,0
mov local_match,0
mov edi,_targetadress
mov esi,_searchpattern
mov edx,_searchmask
mov ebx,_patternsize
xor ecx,ecx
.while ecx!=_searchsize
@search_again:
;---check if pattern exceed memory---
mov eax,ecx ;ecx=raw offset
add eax,ebx ;raw offset + patternsize
cmp eax,_searchsize
ja @return ;if (raw offset + patternsize) > searchsize then bad!
push ecx ;counter
push esi ;searchpattern
push edi ;targetaddress
push edx ;searchmask
mov ecx,ebx ;ebx=patternsize
@cmp_mask:
test ecx,ecx
je @pattern_found
cmp byte ptr[edx],1 ;searchmask
je @ignore
lodsb ;load searchbyte to al & inc esi
scasb ;cmp al,targetadressbyte & inc edi
jne @skip
inc edx ;searchmask
dec ecx ;patternsize
jmp @cmp_mask
@ignore:
inc edi ;targetadress
inc esi ;searchpattern
inc edx ;searchmask
dec ecx ;patternsize
jmp @cmp_mask
@skip:
pop edx
pop edi ;targetadress
pop esi ;searchpattern
pop ecx
inc edi ;targetadress
inc ecx ;counter
.endw
;---scanned whole memory size---
jmp @return
@pattern_found:
inc local_match
pop edx
pop edi ;targetadress
pop esi
mov local_returnvalue,edi
cmp local_match,eax
je @return
pop ecx ;counter
inc edi ;targetadress
jmp @search_again
;---return---
@return:
popad
mov eax,local_match
mov ecx,local_returnvalue
ret
SearchAndReturn endp
end startSee this post of mine first (from today):
Now the promised source code:
// tonywank
#include <stdio.h>
#include <string.h>
#include <ctype.h>
int main (){
char data[] = {0x4, 0x3, 0x6, 0x4, 0x0, 0x0, 0x5, 0x7, 0x7, 0x3, 0x4, 0x0, 0x0, 0x5, 0x5, 0x1, 0x3, 0x7, 0x6, 0x7, 0x7, 0x2, 0x8,
0x5, 0x3, 0x5, 0x8, 0x4, 0x8, 0x8, 0x0, 0x8, 0x5, 0x3, 0x9, 0x3, 0x3, 0x5, 0x4, 0x4, 0x6, 0x2, 0x3, 0x9, 0x3, 0x1,
0x6, 0x9, 0x0, 0x5, 0x8, 0x5, 0x0, 0x3, 0x6, 0x2, 0x1, 0x7, 0x8, 0x1, 0x7, 0x1, 0x0, 0x1, 0x7, 0x7, 0x7, 0x2, 0x3,
0x6, 0x3, 0x1, 0x1, 0x0, 0x5, 0x3, 0x7, 0x3, 0x8, 0x0, 0x7, 0x4, 0x0, 0x3, 0x1, 0x9, 0x1, 0x1, 0x4, 0x5, 0x0, 0x1,
0x4, 0x3, 0x0, 0x9, 0x6, 0x5, 0x9, 0x0, 0x2, 0x9, 0x3, 0x0, 0x5, 0x0, 0x5, 0x8, 0x9, 0x3, 0x4, 0x2, 0x0, 0x6, 0x9,
0x0, 0x3, 0x5, 0x4, 0x6, 0x1, 0x0, 0x0, 0x1, 0x9, 0x6, 0x0, 0x7, 0x2, 0x7, 0x9, 0x3, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0,
0x9, 0x2, 0x0, 0x0, 0x7, 0x2, 0x8, 0x8, 0x7, 0x7, 0x1, 0x8, 0x2, 0x8, 0x2, 0x7, 0x7, 0x5, 0x0, 0x9, 0x9, 0x5, 0x4,
0x0, 0x5, 0x1, 0x0, 0x1, 0x1, 0x8, 0x3, 0x2, 0x0, 0x1, 0x0, 0x4, 0x5, 0x2, 0x5, 0x0, 0x6, 0x5, 0x9, 0x9, 0x8, 0x3,
0x9, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x5, 0x3, 0x8, 0x6, 0x5, 0x4, 0x3, 0x8, 0x8, 0x9, 0x9, 0x0, 0x4, 0x3, 0x3,
0x0, 0x4, 0x6, 0x1, 0x7, 0x6, 0x2, 0x9, 0x7, 0x8, 0x8, 0x0, 0x4, 0x3, 0x1, 0x6, 0x4, 0x6, 0x2, 0x0, 0x8, 0x2, 0x1,
0x2, 0x7, 0x7, 0x8, 0x4, 0x1, 0x7, 0x6, 0x9, 0x1, 0x9, 0x0, 0x8, 0x0, 0x0, 0x5, 0x6, 0x0, 0x9, 0x7, 0x4, 0x9, 0x9,
0x1, 0x8, 0x7, 0x2, 0x9, 0x1, 0x4, 0x6, 0x0, 0x2, 0x6, 0x7, 0x7, 0x3, 0x8, 0x3, 0x7, 0x7, 0x6, 0x5, 0x4, 0x3, 0x0,
0x9, 0x8, 0x8, 0x8, 0x4, 0x8, 0x6, 0x3, 0x4, 0x3, 0x4, 0x6, 0x7, 0x7, 0x2, 0x2, 0x9, 0x6, 0x5, 0x0, 0x9, 0x5, 0x7,
0x6, 0x5, 0x3, 0x1, 0x6, 0x5, 0x1, 0x2, 0x5, 0x3, 0x0, 0x1, 0x2, 0x1, 0x3, 0x3, 0x9, 0x9, 0x0, 0x8, 0x0, 0x6, 0x4,
0x7, 0x2, 0x6, 0x3, 0x1, 0x1, 0x6, 0x0, 0x6, 0x4, 0x8, 0x5, 0x7, 0x2, 0x2, 0x7, 0x7, 0x5, 0x1, 0x1, 0x2, 0x8, 0x8,
0x7, 0x8, 0x1, 0x2, 0x5, 0x7, 0x2, 0x2, 0x5, 0x9, 0x2, 0x1, 0x9, 0x8, 0x0, 0x4, 0x3, 0x5, 0x2, 0x4, 0x5, 0x0, 0x5,
0x8, 0x8, 0x5, 0x2, 0x1, 0x6, 0x6, 0x6, 0x5, 0x4, 0x9, 0x8, 0x9, 0x7, 0x0, 0x2, 0x3, 0x5, 0x6, 0x1, 0x2, 0x1, 0x5,
0x0, 0x3, 0x5, 0x1, 0x8, 0x7, 0x9, 0x0, 0x7, 0x5, 0x8, 0x0, 0x1, 0x1, 0x2, 0x4, 0x1, 0x5, 0x5, 0x2, 0x2, 0x5, 0x1,
0x7, 0x8, 0x4, 0x1, 0x0, 0x9, 0x9, 0x8, 0x6, 0x2, 0x3, 0x6, 0x5, 0x7, 0x7, 0x9, 0x5, 0x8, 0x6, 0x4, 0x8, 0x4, 0x9,
0x2, 0x9, 0x2, 0x2, 0x0, 0x0, 0x1, 0x3, 0x4, 0x1, 0x9, 0x9, 0x5, 0x6, 0x3, 0x2, 0x5, 0x8, 0x0, 0x9, 0x3, 0x1, 0x0,
0x6, 0x8, 0x9, 0x2, 0x7, 0x9, 0x3, 0x3, 0x5, 0x7, 0x3, 0x5, 0x7, 0x6, 0x1, 0x6, 0x3, 0x1, 0x2, 0x3, 0x3, 0x9, 0x5,
0x0, 0x3, 0x4, 0x5, 0x3, 0x0, 0x2, 0x5, 0x1, 0x2, 0x1, 0x2, 0x7, 0x0, 0x9, 0x6, 0x9, 0x8, 0x4, 0x1, 0x0, 0x0, 0x5,
0x4, 0x3, 0x5, 0x1, 0x2, 0x9, 0x6, 0x3, 0x2, 0x2, 0x0, 0x1, 0x2, 0x1, 0x4, 0x9, 0x1, 0x8, 0x9, 0x5, 0x2, 0x6, 0x2,
0x1, 0x7, 0x2, 0x9, 0x3, 0x2, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1, 0x5, 0x0, 0x1, 0x5, 0x5, 0x7, 0x2, 0x3, 0x0, 0x8, 0x9,
0x8, 0x4, 0x4, 0x0, 0x2, 0x4, 0x9, 0x6, 0x0, 0x4, 0x4, 0x3, 0x5, 0x1, 0x9, 0x6, 0x4, 0x2, 0x4, 0x3, 0x9, 0x9, 0x6,
0x7, 0x8, 0x8, 0x0, 0x2, 0x6, 0x3, 0x7, 0x1, 0x5, 0x0, 0x9, 0x2, 0x9, 0x2, 0x3, 0x5, 0x8, 0x0, 0x5, 0x5, 0x4, 0x4,
0x1, 0x7, 0x9, 0x7, 0x2, 0x1, 0x3, 0x7, 0x4, 0x1, 0x3, 0x2, 0x7, 0x5, 0x5, 0x0, 0x6, 0x0, 0x1, 0x3, 0x6, 0x0, 0x0,
0x9, 0x8, 0x5, 0x6, 0x9, 0x3, 0x0, 0x1, 0x5, 0x6, 0x8, 0x3, 0x0, 0x3, 0x3, 0x6, 0x0, 0x8, 0x3, 0x5, 0x1, 0x0, 0x9,
0x0, 0x9, 0x5, 0x3, 0x7, 0x5, 0x9, 0x6, 0x7, 0x2, 0x0, 0x9, 0x8, 0x7, 0x1, 0x8, 0x3, 0x7, 0x4, 0x9, 0x2, 0x9, 0x5,
0x1, 0x5, 0x6, 0x8, 0x8, 0x2, 0x8, 0x6, 0x0, 0x5, 0x3, 0x3, 0x9, 0x9, 0x8, 0x5, 0x2, 0x2, 0x2, 0x1, 0x1, 0x0, 0x0,
0x8, 0x9, 0x6, 0x7, 0x9, 0x4, 0x1, 0x5, 0x3, 0x1, 0x0, 0x7, 0x0, 0x5, 0x3, 0x4, 0x3, 0x8, 0x4, 0x7, 0x5, 0x3, 0x9,
0x2, 0x8, 0x4, 0x0, 0x0, 0x4, 0x4, 0x4, 0x1, 0x7, 0x7, 0x7, 0x0, 0x2, 0x3, 0x5, 0x0, 0x3, 0x7, 0x9, 0x7, 0x0, 0x0,
0x7, 0x7, 0x4, 0x6, 0x6, 0x0, 0x7, 0x8, 0x4, 0x3, 0x8, 0x5, 0x4, 0x1, 0x6, 0x6, 0x5, 0x6, 0x1, 0x5, 0x4, 0x7, 0x8,
0x2, 0x5, 0x1, 0x1, 0x6, 0x6, 0x7, 0x9, 0x4, 0x8, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, 0x5, 0x4, 0x1,
0x7, 0x0, 0x6, 0x9, 0x2, 0x0, 0x9, 0x9, 0x5, 0x9, 0x4, 0x5, 0x1, 0x8, 0x8, 0x0, 0x1, 0x8, 0x6, 0x9, 0x1, 0x7, 0x3,
0x8, 0x8, 0x9, 0x8, 0x5, 0x1, 0x7, 0x3, 0x5, 0x6, 0x7, 0x8, 0x5, 0x3, 0x8, 0x3, 0x5, 0x6, 0x5, 0x9, 0x9, 0x3, 0x1,
0x5, 0x3, 0x8, 0x6, 0x6, 0x9, 0x0, 0x8, 0x8, 0x9, 0x6, 0x1, 0x0, 0x3, 0x9, 0x4, 0x4, 0x7, 0x6, 0x3, 0x9, 0x1, 0x5,
0x7, 0x1, 0x9, 0x0, 0x4, 0x9, 0x2, 0x0, 0x7, 0x9, 0x2, 0x3, 0x2, 0x2, 0x5, 0x6, 0x8, 0x6, 0x4, 0x6, 0x8, 0x5, 0x7,
0x7, 0x5, 0x9, 0x9, 0x6, 0x7, 0x7, 0x7, 0x8, 0x1, 0x4, 0x5, 0x3, 0x3, 0x0, 0x8, 0x8, 0x1, 0x4, 0x1, 0x8, 0x2, 0x0,
0x8, 0x0, 0x5, 0x8, 0x2, 0x6, 0x8, 0x6, 0x7, 0x2, 0x9, 0x3, 0x4, 0x9, 0x5, 0x4, 0x0, 0x8, 0x3, 0x1, 0x8, 0x3, 0x8,
0x2, 0x6, 0x8, 0x3, 0x0, 0x4, 0x7, 0x1, 0x7, 0x0, 0x7, 0x7, 0x4, 0x7, 0x2, 0x6, 0x7, 0x9, 0x3, 0x9, 0x5, 0x9, 0x2,
0x1, 0x5, 0x2, 0x1, 0x4, 0x5, 0x0, 0x8, 0x9, 0x8, 0x5, 0x1, 0x9, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x5, 0x6, 0x8, 0x7,
0x3, 0x1, 0x4, 0x6, 0x0, 0x5, 0x5, 0x8, 0x1, 0x2, 0x2, 0x4, 0x4, 0x7, 0x9, 0x7, 0x5, 0x8, 0x2, 0x8, 0x9, 0x3, 0x3,
0x3, 0x3, 0x3, 0x4, 0x0, 0x4, 0x3, 0x1, 0x2, 0x5, 0x9, 0x8, 0x7, 0x4, 0x5, 0x4, 0x7, 0x3, 0x8, 0x2, 0x5, 0x9, 0x9,
0x6, 0x4, 0x1, 0x8, 0x8, 0x7, 0x9, 0x9, 0x3, 0x4, 0x6, 0x6, 0x6, 0x1, 0x8, 0x7, 0x2, 0x7, 0x0, 0x5, 0x3, 0x8, 0x4,
0x5, 0x9, 0x3, 0x3, 0x8, 0x9, 0x7, 0x8, 0x5, 0x6, 0x1, 0x9, 0x4, 0x9, 0x0, 0x5, 0x2, 0x5, 0x0, 0x1, 0x8, 0x5, 0x0,
0x4, 0x9, 0x9, 0x8, 0x3, 0x6, 0x7, 0x6, 0x1, 0x2, 0x5, 0x5, 0x6, 0x5, 0x6, 0x1, 0x0, 0x4, 0x5, 0x8, 0x6, 0x9, 0x4,
0x4, 0x8, 0x2, 0x0, 0x2, 0x1, 0x9, 0x5, 0x4, 0x4, 0x8, 0x7, 0x5, 0x2, 0x2, 0x3, 0x2, 0x3, 0x4, 0x7, 0x2, 0x0, 0x0,
0x3, 0x3, 0x4, 0x0, 0x2, 0x0, 0x4, 0x2, 0x8, 0x2, 0x4, 0x2, 0x5, 0x3, 0x2, 0x5, 0x9, 0x7, 0x7, 0x5, 0x2, 0x7, 0x9,
0x1, 0x9, 0x0, 0x1, 0x0, 0x4, 0x7, 0x0, 0x7, 0x1, 0x4, 0x0, 0x9, 0x8, 0x0, 0x8, 0x7, 0x5, 0x5, 0x3, 0x8, 0x4, 0x4,
0x6, 0x8, 0x1, 0x0, 0x5, 0x3, 0x6, 0x0, 0x6, 0x5, 0x9, 0x8, 0x0, 0x3, 0x2, 0x1, 0x3, 0x0, 0x9, 0x9, 0x2, 0x1, 0x2,
0x5, 0x8, 0x0, 0x2, 0x7, 0x0, 0x3, 0x7, 0x9, 0x5, 0x9, 0x4, 0x2, 0x8, 0x3, 0x4, 0x6, 0x1, 0x7, 0x0, 0x9, 0x8, 0x2,
0x8, 0x5, 0x2, 0x2, 0x7, 0x5, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7, 0x5, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, 0x2, 0x7,
0x9, 0x3, 0x5, 0x1, 0x6, 0x4, 0x6, 0x6, 0x2, 0x0, 0x4, 0x6, 0x3, 0x2, 0x8, 0x0, 0x7, 0x0, 0x6, 0x9, 0x0, 0x5, 0x4,
0x4, 0x7, 0x0, 0x4, 0x3, 0x2, 0x4, 0x9};
char email[0x14]; // Personal choice an email limit up to 20 characters (limitation will be coded in MFC later) //
char email_low[0x14];
char buff[0x32] = {0};
char reg_code[0x20];
int i, j, len;
unsigned int sum = 0, mod = 0;
/* Email not necessary in valid format */
printf("Enter an email: ");
gets(email);
len = strlen(email);
/* Email input lowercase */
for(i=0; i<len; i++){
email_low[i] = tolower(email[i]);
}
/* First calculation */
i = len;
j = 0;
do{
if((email_low[j] >= 0x20) && (email_low[j]) <= 0x80) {
sum += email_low[j];
}
j ++;
-- i;
}while (i);
/* Second Calculation */
mod = (sum % 0x32);
sum = 0x19 * mod;
/* Third Calculation */
j = 0x19;
i = 0;
do{
buff[i] = *(data + i + sum) ;
i ++;
-- j;
}while (j>0);
/* Fourth Calculation */
i = 0;
j = len;
do{
if ((email_low[i] >= 0x20) && (email_low[i] <= 0x80)) {
buff[i] += email_low[i];
}
i ++;
-- j;
}while (j);
/* Fifth Calculation */
/* Registration Code should, and finally will be 0x16 (23d) characters length */
i = 0;
do{
reg_code[i] = 0x80 + ((buff[i] % 0x0a));
i ++;
}while (i<0x9);
/* Print registration Code */
i = 0;
printf("Registration code: ");
for(i=0; i<0x12; i++) {
printf("%c", reg_code[i]);
}
return(0);
}