Download: https://www1.zippyshare.com/v/Ke81RfWT/file.html
VB Decompiler Pro v11.1 (RETAIL) (CRACKED) by me
Tag: tonyweb great
Roentgen (TSRh.ws): His Own Shit Slapped Back at his Face
If you did not check this out yet, please check this post from yesterday first about @Roentgen the sex maniacal person at Tsrh.ws:
In short, Roentgen made a muddled attempt to create an abusive and child-unfriendly keygen in an attempt to insult a well known reverse engineer.
But as the saying goes, Roentgen was humbled and brought back to Earth when all his efforts which lasted days to create that joke of a keygen, were nullified with a SINGLE BYTE PATCH.
Yes, a SINGLE byte patch was all that was needed to restore the keygen to a kid-friendly state.
I agree that it was SHAMEFUL of me that I also stooped to Roentgen’s level to make a post in his thread at tsrh.ws saying that I liked the keygen, but what to do? To bag girls and to take underskirt photos (which was why Roentgen was also known by his other nickname of X-Ray at TSRh.ws) Roentgen is the best person. Selling such vids and photos is the best way to make a quick buck these days… 😀
By the way, Roentgen went to the trouble of getting the keygen taken down. So here are lot more fresh links:
Download:
https://www.solidfiles.com/v/3dD4WPj8jwn8z
https://turbobit.net/47nvlqhu0ulw.html
https://tusfiles.com/180bd49wn1eo
https://www.file-upload.com/efgxj6ubl4a2
https://1fichier.com/?v7io9zzss0hbu53tni3h
https://anonfiles.com/00q9F4lau6/Klnd-KGEN_rar
https://dropapk.to/2wrlixptv8ab
https://usersdrive.com/n1x411n6pu9r
https://bayfiles.com/22qeF3lbu7/Klnd-KGEN_rar
https://www113.zippyshare.com/v/3R0PLdPf/file.html
Qoppa PDF Studio Pro 2020.3.1 (Free Lic, $20 for KEYGEN)
I do not know how to shut the f*ck up 😀
NO WONDER I and de! get my releases leaked!!! F*cking TSRh ChatBox lol!
Windows
x64 https://download.qoppa.com/pdfstudio/PDFStudio_win64.exe
x86 https://download.qoppa.com/pdfstudio/PDFStudio_win.exe
License Link: https://mir.cr/0GZQ56MJ
Archive password: PDF’n’Qoppa
Follow the instructions found in the ReadMe.1st.txt file.
The provided solution should work also for Linux/MacOS (with instructions tweaked accordingly) but I personally didn’t test.
Feedback is appreciated.
Just a FYI. License files are watermarked
If you want the KEYGEN you need to pay for it: $20 only
You can also contact my friends with the payment in Bitcoin here:
RCS Zetta 5.20 Keygen and Source Code ($50 Only)
Download:
https://mir.cr/DDQNKHL3
https://www16.zippyshare.com/v/YlkJP49e/file.html
Keygen Patcher Source Code:
include \masm32\include\masm32rt.inc
include \masm32\include\masm32.inc
SIZEOF_NT_SIGNATURE equ sizeof DWORD
SIZEOF_IMAGE_FILE_HEADER equ 14h
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
GetModuleBaseAddress PROTO :DWORD
.data?
hWnd dd ?
hInstance dd ?
windowhandle dd ?
ProcessID dd ?
hProcess dd ?
PEHeader db 1000 dup (?)
Chunks db 65535 dup (?)
BaseAddress dd ?
SectionSize dd ?
SectionEnd dd ?
SectionAdress dd ?
sections_count dd ?
sectionHeaderOffset dd ?
.data
process_4 db "Setup - Zetta",0
patch_title db "Patching...",0
patch_success db "Patched Succesfully",0
error_1 db "Didn't find the target! You sure you started it??",0
error_2 db "Couldn't open process...",0
error_3 db "Couldn't write ...",0
error_4 db "Error reading PE header",0
error_5 db "This EXE has no sections",0
errornobase db "cannot read base address",0
about_title db "About...",0
about_text db "TonyWank and his MicroPenis",13,10
db "Special Thanks to: Sexual Intercourse",0
TextSection db ".text",0
ChunkSize dd 65535
SearchPattern db 083h,0F8h,00Ch,00Fh,084h,0FFh,0FFh,000h,000h,083h,0F8h,00Ah,00Fh,087h,0FFh,0FFh,000h,000h ;Search pattern in hex add "0" to the front of each digit and "h" to the end
SearchMask db 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0 ;(1=Ignore Byte)
ReplacePattern db 083h,0F8h,00Ch,00Fh,084h,0FFh,0FFh,000h,000h,083h,0F8h,00Ah,090h,0E9h,0FFh,0FFh,000h,000h ;Replace Pattern in hex add "0" to the front of each digit and "h" to the end
ReplaceMask db 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0 ;(1=Ignore Byte)
.code
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
start:
mov hInstance, FUNC(GetModuleHandle,NULL)
call main
invoke ExitProcess,eax
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
main proc
Dialog "RCS Zetta Installers Mem Patcher", \
"Courier New",8, \
WS_OVERLAPPED or WS_SYSMENU or DS_CENTER, \ ; dialog window style
4, \ ; number of controls
50,50,192,95, \
1024
DlgButton "Patch",WS_TABSTOP,10,60,50,13,IDOK
DlgButton "About...",WS_TABSTOP,70,60,50,13,IDCONTINUE
DlgButton "Exit",WS_TABSTOP,130,60,50,13,IDCANCEL
DlgStatic "This patcher works with ZettaDB2008_x86_Setup_2.0.1.exe, ZettaDB2008_x64_Setup_2.0.1.exe, RCSDatabase_64bit_Setup_2012.1.exe, Zetta_5.20.1.768.exe and probably newer versions too.",SS_CENTER,0,5,180,50,100
CallModalDialog hInstance,0,DlgProc,NULL
ret
main endp
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
DlgProc proc hWin:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
Switch uMsg
Case WM_INITDIALOG
m2m hWnd, hWin
ret
Case WM_COMMAND
Switch wParam
Case IDOK
mov hInstance,eax
invoke FindWindow,NULL,addr process_4
invoke GetWindowThreadProcessId,eax,addr ProcessID
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,ProcessID
test al,al
jz error2
mov hProcess,eax
Invoke GetModuleBaseAddress, ProcessID
mov BaseAddress, eax
invoke ReadProcessMemory,dword ptr[hProcess], eax, addr PEHeader, 1000, NULL
test al,al
jz error2
;DOS HEADER EXTRACTION
lea edi, PEHeader
assume edi: ptr IMAGE_DOS_HEADER
;Check if the file is a DOS file
cmp [edi].e_magic, IMAGE_DOS_SIGNATURE
jne error4
; DOS Header
mov edx, [edi].e_lfanew
;Check if the file is a PE file
add edi, edx ;address of the PE Header
assume edi: ptr IMAGE_NT_HEADERS
cmp [edi].Signature, IMAGE_NT_SIGNATURE
jne error4
; PE Header
mov edx, [edi].Signature
add edi, SIZEOF_NT_SIGNATURE
assume edi: ptr IMAGE_FILE_HEADER
movzx edx, [edi].NumberOfSections
push edx
pop sections_count
; Optional Header
add edi, SIZEOF_IMAGE_FILE_HEADER
assume edi: ptr IMAGE_OPTIONAL_HEADER
; ImageBase
lea edi, PEHeader
;SECTIONS
add edi, sizeof IMAGE_OPTIONAL_HEADER
assume edi: ptr IMAGE_SECTION_HEADER
mov sectionHeaderOffset, edi
mov ebx, sections_count
cmp ebx, 0
je error5
sections:
sub ebx, 1
push edi
mov esi, edi
lea edi, TextSection
mov ecx, 5 ; selects the of the first string as maximum for comparison
repe cmpsb ; comparison of ECX number of bytes
jne continue_scan
pop edi
mov edx, dword ptr [edi + 8h]
mov SectionSize, edx
mov edx, [edi].VirtualAddress
add edx, BaseAddress ;adds baseaddress + section address
mov ebx, edx
add edx, SectionSize
mov SectionEnd, edx
xor edi, edi
jmp scan
continue_scan:
pop edi
add edi, 28h
jmp sections
scan:
; Use ebx for pointer count, ReadProcessMemory replace eax, ecx and edx
invoke ReadProcessMemory,dword ptr[hProcess], ebx, addr Chunks, ChunkSize, NULL
push 1
sub ChunkSize, sizeof SearchPattern
push ChunkSize
push sizeof SearchPattern
push offset SearchMask
push offset SearchPattern
push offset Chunks
call SearchAndReturn
cmp eax, 1
je patch
cmp ebx, SectionEnd
jnle fin
add ebx, ChunkSize
sub ebx, sizeof SearchPattern
jmp scan
patch:
COMMENT *
Didn't do anything here, just copied code
invoke WriteProcessMemory,dword ptr[hProcess],ecx,addr writebuf_1,1,NULL
mov esi,_replacepattern
mov edx,_replacemask
xor ecx,ecx
.while ecx!=ebx ;ebx=patternsize
@cmp_mask_2:
cmp byte ptr[edx],1
je @ignore
lodsb ;load replacebyte to al from esi & inc esi
stosb ;mov byte ptr[edi],al & inc edi
jmp @nextbyte
@ignore:
inc edi ;targetadress
inc esi ;replacepattern
@nextbyte:
inc edx ;replacemask
inc ecx ;counter
.endw
mov local_returnvalue,1 ;yes, something was patched
*
error1:
invoke MessageBoxA,NULL,addr error_1,NULL,MB_ICONSTOP
jmp fin
error2:
invoke MessageBoxA,NULL,addr error_2,NULL,MB_ICONSTOP
jmp fin
error3:
invoke MessageBoxA,NULL,addr error_3,NULL,MB_ICONSTOP
jmp fin
error4:
invoke MessageBoxA,NULL,addr error_4,NULL,MB_ICONSTOP
jmp fin
error5:
invoke MessageBoxA,NULL,addr error_5,NULL,MB_ICONSTOP
fin:
sub ecx, offset Chunks
add ebx, ecx
invoke MessageBoxA,NULL,hex$(ebx),addr patch_title,MB_ICONINFORMATION
invoke CloseHandle,hProcess
Case IDCONTINUE
invoke MessageBoxA,NULL,addr about_text,addr about_title,NULL
Case IDCANCEL
invoke ExitProcess,1
EndSw
Case WM_CLOSE
invoke ExitProcess,1
EndSw
return 0
DlgProc endp
GetModuleBaseAddress proc iProcID:DWORD
LOCAL hSnap:DWORD
LOCAL xModule:MODULEENTRY32
invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, iProcID
mov hSnap,eax
mov xModule.dwSize, sizeof xModule
invoke Module32First, hSnap, addr xModule
invoke CloseHandle,hSnap
test eax, eax
jnz getaddr
mov eax, 0
ret
getaddr:
mov eax, xModule.modBaseAddr
ret
GetModuleBaseAddress endp
SearchAndReturn proc _targetadress:dword,_searchpattern:dword,_searchmask:dword,_patternsize:dword,_searchsize:dword
LOCAL local_returnvalue :dword ;returns if something was patched
LOCAL local_match :dword ;counts how many matches
pushad
mov local_returnvalue,0
mov local_match,0
mov edi,_targetadress
mov esi,_searchpattern
mov edx,_searchmask
mov ebx,_patternsize
xor ecx,ecx
.while ecx!=_searchsize
@search_again:
;---check if pattern exceed memory---
mov eax,ecx ;ecx=raw offset
add eax,ebx ;raw offset + patternsize
cmp eax,_searchsize
ja @return ;if (raw offset + patternsize) > searchsize then bad!
push ecx ;counter
push esi ;searchpattern
push edi ;targetaddress
push edx ;searchmask
mov ecx,ebx ;ebx=patternsize
@cmp_mask:
test ecx,ecx
je @pattern_found
cmp byte ptr[edx],1 ;searchmask
je @ignore
lodsb ;load searchbyte to al & inc esi
scasb ;cmp al,targetadressbyte & inc edi
jne @skip
inc edx ;searchmask
dec ecx ;patternsize
jmp @cmp_mask
@ignore:
inc edi ;targetadress
inc esi ;searchpattern
inc edx ;searchmask
dec ecx ;patternsize
jmp @cmp_mask
@skip:
pop edx
pop edi ;targetadress
pop esi ;searchpattern
pop ecx
inc edi ;targetadress
inc ecx ;counter
.endw
;---scanned whole memory size---
jmp @return
@pattern_found:
inc local_match
pop edx
pop edi ;targetadress
pop esi
mov local_returnvalue,edi
cmp local_match,eax
je @return
pop ecx ;counter
inc edi ;targetadress
jmp @search_again
;---return---
@return:
popad
mov eax,local_match
mov ecx,local_returnvalue
ret
SearchAndReturn endp
end startKeygen [C Source Code] – Atlantis Word Processor v4.0.6.4
See this post of mine first (from today):
Now the promised source code:
// tonywank
#include <stdio.h>
#include <string.h>
#include <ctype.h>
int main (){
char data[] = {0x4, 0x3, 0x6, 0x4, 0x0, 0x0, 0x5, 0x7, 0x7, 0x3, 0x4, 0x0, 0x0, 0x5, 0x5, 0x1, 0x3, 0x7, 0x6, 0x7, 0x7, 0x2, 0x8,
0x5, 0x3, 0x5, 0x8, 0x4, 0x8, 0x8, 0x0, 0x8, 0x5, 0x3, 0x9, 0x3, 0x3, 0x5, 0x4, 0x4, 0x6, 0x2, 0x3, 0x9, 0x3, 0x1,
0x6, 0x9, 0x0, 0x5, 0x8, 0x5, 0x0, 0x3, 0x6, 0x2, 0x1, 0x7, 0x8, 0x1, 0x7, 0x1, 0x0, 0x1, 0x7, 0x7, 0x7, 0x2, 0x3,
0x6, 0x3, 0x1, 0x1, 0x0, 0x5, 0x3, 0x7, 0x3, 0x8, 0x0, 0x7, 0x4, 0x0, 0x3, 0x1, 0x9, 0x1, 0x1, 0x4, 0x5, 0x0, 0x1,
0x4, 0x3, 0x0, 0x9, 0x6, 0x5, 0x9, 0x0, 0x2, 0x9, 0x3, 0x0, 0x5, 0x0, 0x5, 0x8, 0x9, 0x3, 0x4, 0x2, 0x0, 0x6, 0x9,
0x0, 0x3, 0x5, 0x4, 0x6, 0x1, 0x0, 0x0, 0x1, 0x9, 0x6, 0x0, 0x7, 0x2, 0x7, 0x9, 0x3, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0,
0x9, 0x2, 0x0, 0x0, 0x7, 0x2, 0x8, 0x8, 0x7, 0x7, 0x1, 0x8, 0x2, 0x8, 0x2, 0x7, 0x7, 0x5, 0x0, 0x9, 0x9, 0x5, 0x4,
0x0, 0x5, 0x1, 0x0, 0x1, 0x1, 0x8, 0x3, 0x2, 0x0, 0x1, 0x0, 0x4, 0x5, 0x2, 0x5, 0x0, 0x6, 0x5, 0x9, 0x9, 0x8, 0x3,
0x9, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1, 0x5, 0x3, 0x8, 0x6, 0x5, 0x4, 0x3, 0x8, 0x8, 0x9, 0x9, 0x0, 0x4, 0x3, 0x3,
0x0, 0x4, 0x6, 0x1, 0x7, 0x6, 0x2, 0x9, 0x7, 0x8, 0x8, 0x0, 0x4, 0x3, 0x1, 0x6, 0x4, 0x6, 0x2, 0x0, 0x8, 0x2, 0x1,
0x2, 0x7, 0x7, 0x8, 0x4, 0x1, 0x7, 0x6, 0x9, 0x1, 0x9, 0x0, 0x8, 0x0, 0x0, 0x5, 0x6, 0x0, 0x9, 0x7, 0x4, 0x9, 0x9,
0x1, 0x8, 0x7, 0x2, 0x9, 0x1, 0x4, 0x6, 0x0, 0x2, 0x6, 0x7, 0x7, 0x3, 0x8, 0x3, 0x7, 0x7, 0x6, 0x5, 0x4, 0x3, 0x0,
0x9, 0x8, 0x8, 0x8, 0x4, 0x8, 0x6, 0x3, 0x4, 0x3, 0x4, 0x6, 0x7, 0x7, 0x2, 0x2, 0x9, 0x6, 0x5, 0x0, 0x9, 0x5, 0x7,
0x6, 0x5, 0x3, 0x1, 0x6, 0x5, 0x1, 0x2, 0x5, 0x3, 0x0, 0x1, 0x2, 0x1, 0x3, 0x3, 0x9, 0x9, 0x0, 0x8, 0x0, 0x6, 0x4,
0x7, 0x2, 0x6, 0x3, 0x1, 0x1, 0x6, 0x0, 0x6, 0x4, 0x8, 0x5, 0x7, 0x2, 0x2, 0x7, 0x7, 0x5, 0x1, 0x1, 0x2, 0x8, 0x8,
0x7, 0x8, 0x1, 0x2, 0x5, 0x7, 0x2, 0x2, 0x5, 0x9, 0x2, 0x1, 0x9, 0x8, 0x0, 0x4, 0x3, 0x5, 0x2, 0x4, 0x5, 0x0, 0x5,
0x8, 0x8, 0x5, 0x2, 0x1, 0x6, 0x6, 0x6, 0x5, 0x4, 0x9, 0x8, 0x9, 0x7, 0x0, 0x2, 0x3, 0x5, 0x6, 0x1, 0x2, 0x1, 0x5,
0x0, 0x3, 0x5, 0x1, 0x8, 0x7, 0x9, 0x0, 0x7, 0x5, 0x8, 0x0, 0x1, 0x1, 0x2, 0x4, 0x1, 0x5, 0x5, 0x2, 0x2, 0x5, 0x1,
0x7, 0x8, 0x4, 0x1, 0x0, 0x9, 0x9, 0x8, 0x6, 0x2, 0x3, 0x6, 0x5, 0x7, 0x7, 0x9, 0x5, 0x8, 0x6, 0x4, 0x8, 0x4, 0x9,
0x2, 0x9, 0x2, 0x2, 0x0, 0x0, 0x1, 0x3, 0x4, 0x1, 0x9, 0x9, 0x5, 0x6, 0x3, 0x2, 0x5, 0x8, 0x0, 0x9, 0x3, 0x1, 0x0,
0x6, 0x8, 0x9, 0x2, 0x7, 0x9, 0x3, 0x3, 0x5, 0x7, 0x3, 0x5, 0x7, 0x6, 0x1, 0x6, 0x3, 0x1, 0x2, 0x3, 0x3, 0x9, 0x5,
0x0, 0x3, 0x4, 0x5, 0x3, 0x0, 0x2, 0x5, 0x1, 0x2, 0x1, 0x2, 0x7, 0x0, 0x9, 0x6, 0x9, 0x8, 0x4, 0x1, 0x0, 0x0, 0x5,
0x4, 0x3, 0x5, 0x1, 0x2, 0x9, 0x6, 0x3, 0x2, 0x2, 0x0, 0x1, 0x2, 0x1, 0x4, 0x9, 0x1, 0x8, 0x9, 0x5, 0x2, 0x6, 0x2,
0x1, 0x7, 0x2, 0x9, 0x3, 0x2, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1, 0x5, 0x0, 0x1, 0x5, 0x5, 0x7, 0x2, 0x3, 0x0, 0x8, 0x9,
0x8, 0x4, 0x4, 0x0, 0x2, 0x4, 0x9, 0x6, 0x0, 0x4, 0x4, 0x3, 0x5, 0x1, 0x9, 0x6, 0x4, 0x2, 0x4, 0x3, 0x9, 0x9, 0x6,
0x7, 0x8, 0x8, 0x0, 0x2, 0x6, 0x3, 0x7, 0x1, 0x5, 0x0, 0x9, 0x2, 0x9, 0x2, 0x3, 0x5, 0x8, 0x0, 0x5, 0x5, 0x4, 0x4,
0x1, 0x7, 0x9, 0x7, 0x2, 0x1, 0x3, 0x7, 0x4, 0x1, 0x3, 0x2, 0x7, 0x5, 0x5, 0x0, 0x6, 0x0, 0x1, 0x3, 0x6, 0x0, 0x0,
0x9, 0x8, 0x5, 0x6, 0x9, 0x3, 0x0, 0x1, 0x5, 0x6, 0x8, 0x3, 0x0, 0x3, 0x3, 0x6, 0x0, 0x8, 0x3, 0x5, 0x1, 0x0, 0x9,
0x0, 0x9, 0x5, 0x3, 0x7, 0x5, 0x9, 0x6, 0x7, 0x2, 0x0, 0x9, 0x8, 0x7, 0x1, 0x8, 0x3, 0x7, 0x4, 0x9, 0x2, 0x9, 0x5,
0x1, 0x5, 0x6, 0x8, 0x8, 0x2, 0x8, 0x6, 0x0, 0x5, 0x3, 0x3, 0x9, 0x9, 0x8, 0x5, 0x2, 0x2, 0x2, 0x1, 0x1, 0x0, 0x0,
0x8, 0x9, 0x6, 0x7, 0x9, 0x4, 0x1, 0x5, 0x3, 0x1, 0x0, 0x7, 0x0, 0x5, 0x3, 0x4, 0x3, 0x8, 0x4, 0x7, 0x5, 0x3, 0x9,
0x2, 0x8, 0x4, 0x0, 0x0, 0x4, 0x4, 0x4, 0x1, 0x7, 0x7, 0x7, 0x0, 0x2, 0x3, 0x5, 0x0, 0x3, 0x7, 0x9, 0x7, 0x0, 0x0,
0x7, 0x7, 0x4, 0x6, 0x6, 0x0, 0x7, 0x8, 0x4, 0x3, 0x8, 0x5, 0x4, 0x1, 0x6, 0x6, 0x5, 0x6, 0x1, 0x5, 0x4, 0x7, 0x8,
0x2, 0x5, 0x1, 0x1, 0x6, 0x6, 0x7, 0x9, 0x4, 0x8, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, 0x5, 0x4, 0x1,
0x7, 0x0, 0x6, 0x9, 0x2, 0x0, 0x9, 0x9, 0x5, 0x9, 0x4, 0x5, 0x1, 0x8, 0x8, 0x0, 0x1, 0x8, 0x6, 0x9, 0x1, 0x7, 0x3,
0x8, 0x8, 0x9, 0x8, 0x5, 0x1, 0x7, 0x3, 0x5, 0x6, 0x7, 0x8, 0x5, 0x3, 0x8, 0x3, 0x5, 0x6, 0x5, 0x9, 0x9, 0x3, 0x1,
0x5, 0x3, 0x8, 0x6, 0x6, 0x9, 0x0, 0x8, 0x8, 0x9, 0x6, 0x1, 0x0, 0x3, 0x9, 0x4, 0x4, 0x7, 0x6, 0x3, 0x9, 0x1, 0x5,
0x7, 0x1, 0x9, 0x0, 0x4, 0x9, 0x2, 0x0, 0x7, 0x9, 0x2, 0x3, 0x2, 0x2, 0x5, 0x6, 0x8, 0x6, 0x4, 0x6, 0x8, 0x5, 0x7,
0x7, 0x5, 0x9, 0x9, 0x6, 0x7, 0x7, 0x7, 0x8, 0x1, 0x4, 0x5, 0x3, 0x3, 0x0, 0x8, 0x8, 0x1, 0x4, 0x1, 0x8, 0x2, 0x0,
0x8, 0x0, 0x5, 0x8, 0x2, 0x6, 0x8, 0x6, 0x7, 0x2, 0x9, 0x3, 0x4, 0x9, 0x5, 0x4, 0x0, 0x8, 0x3, 0x1, 0x8, 0x3, 0x8,
0x2, 0x6, 0x8, 0x3, 0x0, 0x4, 0x7, 0x1, 0x7, 0x0, 0x7, 0x7, 0x4, 0x7, 0x2, 0x6, 0x7, 0x9, 0x3, 0x9, 0x5, 0x9, 0x2,
0x1, 0x5, 0x2, 0x1, 0x4, 0x5, 0x0, 0x8, 0x9, 0x8, 0x5, 0x1, 0x9, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x5, 0x6, 0x8, 0x7,
0x3, 0x1, 0x4, 0x6, 0x0, 0x5, 0x5, 0x8, 0x1, 0x2, 0x2, 0x4, 0x4, 0x7, 0x9, 0x7, 0x5, 0x8, 0x2, 0x8, 0x9, 0x3, 0x3,
0x3, 0x3, 0x3, 0x4, 0x0, 0x4, 0x3, 0x1, 0x2, 0x5, 0x9, 0x8, 0x7, 0x4, 0x5, 0x4, 0x7, 0x3, 0x8, 0x2, 0x5, 0x9, 0x9,
0x6, 0x4, 0x1, 0x8, 0x8, 0x7, 0x9, 0x9, 0x3, 0x4, 0x6, 0x6, 0x6, 0x1, 0x8, 0x7, 0x2, 0x7, 0x0, 0x5, 0x3, 0x8, 0x4,
0x5, 0x9, 0x3, 0x3, 0x8, 0x9, 0x7, 0x8, 0x5, 0x6, 0x1, 0x9, 0x4, 0x9, 0x0, 0x5, 0x2, 0x5, 0x0, 0x1, 0x8, 0x5, 0x0,
0x4, 0x9, 0x9, 0x8, 0x3, 0x6, 0x7, 0x6, 0x1, 0x2, 0x5, 0x5, 0x6, 0x5, 0x6, 0x1, 0x0, 0x4, 0x5, 0x8, 0x6, 0x9, 0x4,
0x4, 0x8, 0x2, 0x0, 0x2, 0x1, 0x9, 0x5, 0x4, 0x4, 0x8, 0x7, 0x5, 0x2, 0x2, 0x3, 0x2, 0x3, 0x4, 0x7, 0x2, 0x0, 0x0,
0x3, 0x3, 0x4, 0x0, 0x2, 0x0, 0x4, 0x2, 0x8, 0x2, 0x4, 0x2, 0x5, 0x3, 0x2, 0x5, 0x9, 0x7, 0x7, 0x5, 0x2, 0x7, 0x9,
0x1, 0x9, 0x0, 0x1, 0x0, 0x4, 0x7, 0x0, 0x7, 0x1, 0x4, 0x0, 0x9, 0x8, 0x0, 0x8, 0x7, 0x5, 0x5, 0x3, 0x8, 0x4, 0x4,
0x6, 0x8, 0x1, 0x0, 0x5, 0x3, 0x6, 0x0, 0x6, 0x5, 0x9, 0x8, 0x0, 0x3, 0x2, 0x1, 0x3, 0x0, 0x9, 0x9, 0x2, 0x1, 0x2,
0x5, 0x8, 0x0, 0x2, 0x7, 0x0, 0x3, 0x7, 0x9, 0x5, 0x9, 0x4, 0x2, 0x8, 0x3, 0x4, 0x6, 0x1, 0x7, 0x0, 0x9, 0x8, 0x2,
0x8, 0x5, 0x2, 0x2, 0x7, 0x5, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7, 0x5, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, 0x2, 0x7,
0x9, 0x3, 0x5, 0x1, 0x6, 0x4, 0x6, 0x6, 0x2, 0x0, 0x4, 0x6, 0x3, 0x2, 0x8, 0x0, 0x7, 0x0, 0x6, 0x9, 0x0, 0x5, 0x4,
0x4, 0x7, 0x0, 0x4, 0x3, 0x2, 0x4, 0x9};
char email[0x14]; // Personal choice an email limit up to 20 characters (limitation will be coded in MFC later) //
char email_low[0x14];
char buff[0x32] = {0};
char reg_code[0x20];
int i, j, len;
unsigned int sum = 0, mod = 0;
/* Email not necessary in valid format */
printf("Enter an email: ");
gets(email);
len = strlen(email);
/* Email input lowercase */
for(i=0; i<len; i++){
email_low[i] = tolower(email[i]);
}
/* First calculation */
i = len;
j = 0;
do{
if((email_low[j] >= 0x20) && (email_low[j]) <= 0x80) {
sum += email_low[j];
}
j ++;
-- i;
}while (i);
/* Second Calculation */
mod = (sum % 0x32);
sum = 0x19 * mod;
/* Third Calculation */
j = 0x19;
i = 0;
do{
buff[i] = *(data + i + sum) ;
i ++;
-- j;
}while (j>0);
/* Fourth Calculation */
i = 0;
j = len;
do{
if ((email_low[i] >= 0x20) && (email_low[i] <= 0x80)) {
buff[i] += email_low[i];
}
i ++;
-- j;
}while (j);
/* Fifth Calculation */
/* Registration Code should, and finally will be 0x16 (23d) characters length */
i = 0;
do{
reg_code[i] = 0x80 + ((buff[i] % 0x0a));
i ++;
}while (i<0x9);
/* Print registration Code */
i = 0;
printf("Registration code: ");
for(i=0; i<0x12; i++) {
printf("%c", reg_code[i]);
}
return(0);
}How to Crack Hasp HL Time Dongle
First check app files on envelops (for sample use DIE), or by hand check sections names (envelops have “.protect” or “.AKS1”).
UIf no envelops – this be ok and maybe possible to solve, if are envelops – that need check login feature for envelop,
if it is expired – no luck(becouse envelops crypted by AES and without working feature impossible to decrypt it).
I remember the early versions of HASP HL envelopes (around 2005-2007) used the same AES keys in all features, so it was possible to unpack files with expired feature by forcing the software to read feature 0 instead (feature 0 was set to perpetual by default in early versions).
but, in case of SRM, there is no chance with expired feature + envelope.