Log in

View Full Version : Hardlock dongle

melwarren
November 9th, 2010, 15:20
I have a question about the 128 bytes of dongle memory. I have 2 dongle from the same program running on different computers. I have dumped both dongles. The only thing different in the 2 dongles is the 128 bytes of memory data. Is there anyway of decrypting the data in the memory. I believe this has the code I need to but in the honeywel.ini file to unlock more of the features. There is 128 bytes of memory data and 128 passwords digits. As you can see I have 16 of the digits. Thanks for looking and helping with my problem.

; Password definition file. Created: 08-25-1998 14:51:50
; Serial Number: 36386
[HWELL5000]
Feature01=A6V8
Feature02=w0Tr
Feature03=
Feature04=
Feature05=
Feature06=
Feature07=
Feature08=
Feature09=
Feature10=
Feature11=
Feature12=
Feature13=
Feature14=
Feature15=
Feature16=a7Cb
Feature17=FPxp
Feature18=
Feature19=
Feature20=
Feature21=
Feature22=
Feature23=
Feature24=
Feature25=
Feature26=
Feature27=
Feature28=
Feature29=
Feature30=
Feature31=
Feature32=


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Emulator\Dumps\HardLock\080F]
"Name"="FIL 2"
"Type"=dword:00000001
"Memory"=dword:00000001
"Created"="16.09.2007 03:59:26"
"Copyright"="(c) 2005 Sp0Raw (sp0raw@mail.ru), http://www.sporaw.com/work/ / dumped with HL-DUMP v2.0"
"ACL"=hex:71,94,0C,B8,47,09,79,C2
"HCH"=hex4,9C,94,00,53,C3,68,44
Code:
"Data"=hex:8D,B6,9A,37,74,5E,F6,E2,32,F1,88,3F,EC,80,42,6A,\

3F,3F,E5,E7,FA,6D,07,2C,44,34,34,69,5A,74,6B,8E,\

AD,0B,E4,26,E5,E3,6D,A6,F6,D9,FD,38,A2,31,04,C1,\

7A,C1,B7,F8,FA,34,60,66,77,F3,53,BA,2D,00,3F,BB,\

06,48,4E,C1,A6,63,A9,B6,5B,80,98,85,11,B8,49,3B,\

1F,05,55,41,C5,A8,5A,88,B5,D0,4C,AD,40,C8,B9,C5,\

2D,56,F0,84,31,E2,AD,A8,57,1C,9B,70,0E,7D,6D,BC,\

6A,56,14,6C,1C,0A,2E,0F,E6,CD,FE,16,68,39,CF,9A

"Code"=hex:A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

A4,BC,4A,CB,A1,E3,D3,52,4A,CB,C7,85,A1,E3,52,D3,\

BC,A4,C7,85,A1,E3,3D,25,7C,58,85,C7,D3,52,E3,A1,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

85,C7,CB,4A,52,D3,A1,E3,58,7C,85,C7,52,D3,E3,A1,\

BC,A4,4A,CB,E3,A1,D3,52,7C,58,CB,4A,52,D3,3E,1A,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

52,D3,A1,E3,85,C7,CB,4A,52,D3,E3,A1,58,7C,85,C7,\

E3,A1,D3,52,BC,A4,4A,CB,52,D3,3E,1A,7C,58,CB,4A,\

3D,25,A1,E3,C7,85,BC,A4,E3,A1,D3,52,85,C7,7C,58,\

D3,52,A1,E3,4A,CB,A4,BC,52,D3,A1,E3,C7,85,4A,CB,\

4A,CB,C7,85,A1,E3,52,D3,A4,BC,4A,CB,A1,E3,D3,52,\

7C,58,85,C7,D3,52,E3,A1,BC,A4,C7,85,A1,E3,3D,25,\

4A,CB,BC,A4,D3,52,E3,A1,CB,4A,7C,58,3E,1A,52,D3,\

CB,4A,85,C7,A1,E3,52,D3,85,C7,58,7C,E3,A1,52,D3,\

52,D3,3E,1A,7C,58,CB,4A,E3,A1,D3,52,BC,A4,4A,CB,\

52,D3,E3,A1,58,7C,85,C7,52,D3,A1,E3,85,C7,CB,4A,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

85,C7,7C,58,E3,A1,D3,52,C7,85,BC,A4,3D,25,A1,E3,\

C7,85,4A,CB,52,D3,A1,E3,4A,CB,A4,BC,D3,52,A1,E3,\

CB,4A,7C,58,3E,1A,52,D3,4A,CB,BC,A4,D3,52,E3,A1,\

85,C7,58,7C,E3,A1,52,D3,CB,4A,85,C7,A1,E3,52,D3,\

A1,E3,D3,52,A4,BC,4A,CB,A1,E3,52,D3,4A,CB,C7,85,\

A1,E3,3D,25,BC,A4,C7,85,D3,52,E3,A1,7C,58,85,C7,\

3E,1A,52,D3,CB,4A,7C,58,D3,52,E3,A1,4A,CB,BC,A4,\

E3,A1,52,D3,85,C7,58,7C,A1,E3,52,D3,CB,4A,85,C7,\

E3,A1,1A,3E,BC,A4,7C,58,D3,52,3E,1A,58,7C,CB,4A,\

25,3D,3E,1A,58,7C,A4,BC,52,D3,25,3D,58,7C,BC,A4,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

CB,4A,58,7C,3E,1A,D3,52,7C,58,BC,A4,1A,3E,E3,A1,\

BC,A4,58,7C,25,3D,52,D3,A4,BC,58,7C,3E,1A,25,3D,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,25,3D,7C,58,BC,A4,E3,A1,3D,25,A4,BC,C7,85,\

1A,3E,3D,25,A4,BC,58,7C,A1,E3,1A,3E,A4,BC,7C,58,\

58,7C,CB,4A,D3,52,3E,1A,BC,A4,7C,58,E3,A1,1A,3E,\

58,7C,BC,A4,52,D3,25,3D,58,7C,A4,BC,25,3D,3E,1A,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

1A,3E,A1,E3,7C,58,A4,BC,3D,25,1A,3E,58,7C,A4,BC,\

3D,25,E3,A1,C7,85,A4,BC,25,3D,D3,52,BC,A4,7C,58,\

25,3D,D3,52,BC,A4,7C,58,3D,25,E3,A1,C7,85,A4,BC,\

3D,25,1A,3E,58,7C,A4,BC,1A,3E,A1,E3,7C,58,A4,BC,\

7C,58,A4,BC,1A,3E,A1,E3,58,7C,A4,BC,3D,25,1A,3E,\

C7,85,A4,BC,3D,25,E3,A1,BC,A4,7C,58,25,3D,D3,52,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

52,D3,25,3D,58,7C,BC,A4,25,3D,3E,1A,58,7C,A4,BC,\

D3,52,3E,1A,58,7C,CB,4A,E3,A1,1A,3E,BC,A4,7C,58,\

3E,1A,25,3D,A4,BC,58,7C,25,3D,52,D3,BC,A4,58,7C,\

1A,3E,E3,A1,7C,58,BC,A4,3E,1A,D3,52,CB,4A,58,7C,\

A4,BC,C7,85,E3,A1,3D,25,7C,58,BC,A4,D3,52,25,3D,\

A4,BC,7C,58,A1,E3,1A,3E,A4,BC,58,7C,1A,3E,3D,25,\

A4,BC,58,7C,3E,1A,25,3D,BC,A4,58,7C,25,3D,52,D3,\

7C,58,BC,A4,1A,3E,E3,A1,CB,4A,58,7C,3E,1A,D3,52
melwarren
November 9th, 2010, 16:03
I forgot to say I have the seeds
seed1= 0x2AF4
seed2= 0x3D25
seed3= 0xD9C1
FrankRizzo
November 9th, 2010, 17:33
A couple of comments. Wrap that big glob of data in CODE tags to make it easier to deal with.

Now, as for your issue. If the OTHER machine has the features that you want, just clone the dongle. (Copy the 128 bytes from the one with, to the one without).

I did some hardlock work a long time ago, and I can tell you that the memory locations are usually not defined by Aladdin. They're specific to the app. So, those values could represent ANYTHING.
JMI
November 9th, 2010, 22:20
melwarren:

We have a useful feature on the forums which will let you add a code block without it taking an entire page. You enclose the start of the block with an "open bracket" [ and the word Code (with a capital "C" and a close bracket ] and end it with another open bracket [ and the word /Code (again with a capital "C" and another close bracket ]. Then you get a scrollable box as I've added above.

Regards,
melwarren
November 13th, 2010, 21:10
Looks like I'm going to have to learn reverse engineering on this program and remove the calls to the dongle. Thanks for the replies and making my post smaller.
melwarren
January 12th, 2011, 16:59
Is there away to stop working in softice (but keep softice running and the progam stopped) change a file in windows then return to softice and continue setting through the program. I was wanting to see when the program access the .ini file for the password. I used filemon and it did say the file was accessed but not when.
Kayaker
January 12th, 2011, 17:53
Quote:
[Originally Posted by melwarren;89013]Is there away to stop working in softice (but keep softice running and the progam stopped) change a file in windows then return to softice and continue setting through the program.


eb eip
write the first 2 bytes down
change the bytes to EB FE (will spin on a jmp eip)
Ctrl-D out
do stuff (system response will be slow)
Ctrl-D in
you should be at the same place, change bytes back to original.

if Ctrl-D happens to break elsewhere in system code, which can occasionally happen, Ctrl-D out and back in again and you should get back to the jmp eip
melwarren
January 14th, 2011, 05:09
the spin on jmp worked
melwarren
September 10th, 2013, 10:57
Hello Guys
I'm back again looking for help.
I have been working the problem with softice.
I know it reads the .ini file at 0157:4D63 A10000 MOV AX,[0000]
I'm assuming it moves the feature serial to memory location [0000]
I would like to make softice break at memory read or write at that location [0000] to get closer to the cmp or test to find the serials. I know to set softice to break on memory location its bpm but i don't know what to put after that (the memory address)

[Code]KERNEL!GETPRIVATEPROFILESTRING
0157:02BD 55 PUSH BP
0157:02BE 8BEC MOV BP,SP
0157:02CO 680403 PUSH 0304
0157:02C3 8B4618 MOV AX,[BP+18]
0157:02C6 8B4EIA MOV CX,[BP+IA]
0157:02C9 BBFFFF MOV BX,FFFF
0157:02CC E89106 CALL 0960
0157:02CF 8B4614 MOV AX,[BP+14]
0157:02D2 8B4E16 MOV CX,[BP+16]
0157:02D5 BBFFFF MOV BX,FFFF
0157:02D8 E87F06 CALL 095A
0157:02DB 8B4610 MOV AX,[BP+10]
0157:02DE 8B4E12 MOV CX,[BP+12]
0157:02El BBFFFF MOV BX,FFFF
0157:02E4 E87306 CALL 095A
0157:02E7 8B460C MOV AX,[BP+0C]
0157:02EA 8B4EOE MOV CX,[BP+0E]
0157:02ED 8D5EOA LEA BX,[BP+0A]
0157:02FO E80906 CALL 08FC
0157:02F3 8B4606 MOV AX,[BP+06]
0157:02F6 8B4E08 MOV CX,[BP+08]
0157:02F9 BBFFFF MOV BX,FFFF
0157:02FC E86106 CALL 0960
0157:02FF 59 POP CX
0157:0300 5D POP BP
0157:0301 E9B24E JMP 51B6
0157:51B6 C8040100 ENTER 0104,00
0157:51BA 57 PUSH DI
0157:51BB IE PUSH DS
0157:51BC B86701 MOV AX,0167
0157:51BF 8ED8 MOV DS,AX
0157:51Cl 66837E1800 CMP DWORD PTR [BP+18],00
0157:51C6 7512 JNZ 51DA
0157:51DA FE064E14 1NC BYTE PTR [144E]
0157:51DE 66FF7606 PUSH DWORD PTR [BP+06]
0157:51E2 8D86FCFE LEA AX,[BP+FEFC]
0157:51E6 16 PUSH SS
0157:51E7 50 PUSH AX
0157:51E8 E85305 CALL 573E
0157:51EB 8BF8 MOV DI,AX
0157:51ED 8BD8 MOV BX,AX
0157:51EF E88A04 CALL 567C Step F8 into CALL

0157:567C C8420100 ENTER 0142,00
0157:5680 53 PUSH BX
0157:5681 57 PUSH DI
0157:5682 56 PUSH SI
0157:5683 803E471400 CMP BYTE PTR [1447],00
0157:5688 750F JNZ 5699
0157:568A 803E4C1400 CMP BYTE PTR [144C],00
0157:568F 7408 JZ 5699
0157:5691 8B4706 MOV AX,[BX+06]
0157:5694 OB4704 OR AX,[BX+04]
0157:5697 7503 JNZ 569C
0157:569C 833E881AOO CMP WORD PTR [lA88],00
0157:56Al 7417 JZ 56BA
0157:56A3 90 NOP
0157:56A4 OE PUSH CS
0157:56A5 E8BOF6 CALL 4D58 Step F8 into CALL

0157:4D58 8CD9 MOV CX,DS
0157:4D5A 2E8E1E0200 MOV DS,CS:[0002]
0157:4D5F 8E1E881A MOV DS,[lA88]
0157:4D63 A10000 MOV AX,[0000] Reads feature serial in ini file
0157:4D66 8B160200 MOV DX,[0002]
0157:4D6A 8ED9 MOV DS,CX
0157:4D6C CB RETF
0157:56A5 E8BOF6 CALL 4D58 Return from CALL

0157:56A8 8B9EBCFE MOV BX,[BP+FEBC]
0157:56AC 395712 CMP [BX+12],DX
0157:56AF 7209 JB 56BA
0157:56Bl OF878400 JA 5739
0157:56B5 394710 CMP [BX+I0],AX
0157:56B8 777F JA 5739
0157:5739 5E POP SI
0157:573A 5F POP DI
0157:573B C9 LEAVE
0157:573C C3 RET
0157:51EF E88A04 CALL 567C Return from CALL
0157:51F2 57 PUSH D1
0157:51F3 66FF7618 PUSH DWORD PTR [BP+18]
0157:51F7 66FF7614 PUSH DWORD PTR [BP+14]

It does this 12 times. I know the first 2 times it reads feature serial 1 then 2. I'm assuming it reads features 1 through 12.
[CODE]


The next question is about the program reading the dongle.
It reads the dongle at 4007:1725 E2F9 Loop 1720 ( I don't know how LOOP 1720 works) I know it does it 64 times. So I'm assuming it reads 2 bytes of dongle memory each time for a total of 128 bytes. If i can find were it is moving the dongle information and decoding math (the cmp location) maybe I can see the serial numbers.
[CODE]KERNEL!GETPRIVATEPROFILESTRING
0157:02BD 55 PUSH BP
0157:02BE 8BEC MOV BP,SP
0157:02CO 680403 PUSH 0304
0157:02C3 8B4618 MOV AX,[BP+18]
0157:02C6 8B4E1A MOV CX,[BP+1A]
0157:02C9 BBFFFF MOV BX,FFFF
0157:02CC E89106 CALL 0960
0157:02CF 8B4614 MOV AX,[BP+14]
0157:02D2 8B4E16 MOV CX,[BP+16]
0157:02D5 BBFFFF MOV BX,FFFF
0157:02D8 E87F06 CALL 095A
0157:02DB 8B4610 MOV AX,[BP+10]
0157:02DE 8B4E12 MOV CX,[BP+12]
0157:02E1 BBFFFF MOV BX,FFFF
0157:02E4 E87306 CALL 095A
0157:02E7 8B460C MOV AX,[BP+0C]
0157:02EA 8B4EOE MOV CX,[BP+0E]
0157:02ED 8D5EOA LEA BX,[BP+0A]
0157:02FO E80906 CALL 08FC
0157:02F3 8B4606 MOV AX,[BP+06]
0157:02F6 8B4E08 MOV CX,[BP+08]
0157:02F9 BBFFFF MOV BX,FFFF
0157:02FC E86106 CALL 0960
0157:02FF 59 POP CX
0157:0300 5D POP BP
0157:0301 E9B24E JMP 5IB6
0157:51B6 C8040100 ENTER 0104,00
0157:51BA 57 PUSH DI
0157:51BB IE PUSH DS
0157:51BC B86701 MOV AX,0167
0157:51BF 8ED8 MOV DS,AX
0157:51Cl 66837E1800 CMP DWORD PTR [BP+18],00
0157:51C6 7512 JNZ 51DA
0157:51DA FE064E14 INC BYTE PTR [144E]
0157:51DE 66FF7606 PUSH DWORD PTR [BP+06]
0157:51E2 8D86FCFE LEA AX,[BP+FEFC]
0157:51E6 16 PUSH SS
0157:51E7 50 PUSH AX
0157:51E8 E85305 CALL 573E
0157:51EB 8BF8 MOV DI,AX
0157:51ED 8BD8 MOV BX,AX
0157:51EF E88A04 CALL 567C
0157:51F2 57 PUSH DI
0157:51F3 66FF7618 PUSH DWORD PTR [BP+18]
0157:51F7 66FF7614 PUSH DWORD PTR [BP+14]
0157:51FB 66FF7610 PUSH DWORD PTR [BP+I0]
0157:51FF 66FF760C PUSH DWORD PTR [BP+0C]
0157:5203 FF760A PUSH WORD PTR [BP+0A]
0157:5206 E8E506 CALL 58EE
0157:5209 FEOE4E14 DEC BYTE PTR [144E]
0157:520D IF POP DS
0157:520E 5F POP D1
0157:520F C9 LEAVE
0157:5210 CA1600 RETF 0016
2A37:0076 FF46FC INC WORD PTR [BP-04]
2A37:0079 837EFCOD CMP WORD PTR [BP-04],0D
2A37:007D 7EBA JLE 0039
2A37:007F 833E442FOO CMP WORD PTR [2F44],00
2A37:0084 7406 JZ 008C
2A37:008C B80F08 MOV AX,080F
2A37:008F 50 PUSH AX
2A37:0090 B80300 MOV AX,0003
2A37:0093 A3482F MOV [2F48],AX
2A37:0096 50 PUSH AX
2A37:0097 OE PUSH CS
2A37:0098 E83B03 CALL 03D6
2A37:009B 83C404 ADD SP,04
2A37:009E OBCO OR AX,AX
2A37:00AO 7465 JZ 0107
2A37:00A2 C706462FOI00 MOV WORD PTR [2F46],0001
2A37:00A8 B84A2F MOV AX,2F4A
2A37:00AB IE PUSH DS
2A37:00AC 50 PUSH AX
2A37:00AD OE PUSH CS
2A37:00AE E8CD04 CALL 057E
2A37:00Bl 83C404 ADD SP,04
2A37:00B4 C746FCOIOO MOV WORD PTR [BP-04],0001
2A37:00B9 FF76FC PUSH WORD PTR [BP-04]
2A37:00BC B80500 MOV AX,0005
2A37:00BF F76EFC lMUL WORD PTR [BP-04]
2A37:00C2 05AD2F ADD AX,2FAD
2A37:00C5 IE PUSH DS
2A37:00C6 50 PUSH AX
2A37:00C7 OE PUSH CS
2A37:00C8 E80304 CALL 04CE Step F8 into CALL

2A37:04CE 8CD8 MOV AX,DS
2A37:04DO 90 NOP
2A37:04Dl 45 INC BP
2A37:04D2 55 PUSH BP
2A37:04D3 8BEC MOV BP,SP
2A37:04D5 IE PUSH DS
2A37:04D6 8ED8 MOV DS,AX
2A37:04D8 83ECOC SUB SP,0C
2A37:04DB B80F2A MOV AX,2A0F
2A37:04DE 8ED8 MOV DS,AX
2A37:04EO C746F20000 MOV WORD PTR [BP-0E],0000
2A37:04E5 837EOAOI CMP WORD PTR [BP+0A],01
2A37:04E9 7CIC JL 0507
2A37:04EB 837EOA20 CMP WORD PTR [BP+0A],20
2A37:04EF 7F16 JG 0507
2A37:04F1 8D46FA LEA AX,[BP-06]
2A37:04F4 16 PUSH SS
2A37:04F5 50 PUSH AX
2A37:04F6 FF7608 PUSH WORD PTR [BP+08]
2A37:04F9 FF7606 PUSH WORD PTR [BP+06]
2A37:04FC OE PUSH CS
2A37:04FD E848FD CALL 0248
2A37:0500 83C408 ADD SP,08
2A37:0503 OBDO OR DX,AX
2A37:0505 7504 JNZ 050B
2A37:050B B88000 MOV AX,0080
2A37:050E 50 PUSH AX
2A37:050F 9A6026372B CALL 2B37:2660
2A37:0514 5B POP BX
2A37:0515 8946F8 MOV [BP-08],AX
2A37:0518 OBCO OR AX,AX
2A37:051A 7458 JZ 0574
2A37:051C IE PUSH DS
2A37:051D 50 PUSH AX
2A37:051E FFIE6835 CALL FAR [3568] Step F8 into CALL

4007:0883 B81F40 MOV AX,401F
4007:0886 45 INC BP
4007:0887 55 PUSH BP
4007:0888 8BEC MOV BP,SP
4007:088A IE PUSH DS
4007:088B 8ED8 MOV DS,AX
4007:088D 83EC02 SUB SP,02
4007:0890 E837F9 CALL 01CA
4007:0893 OBC2 OR AX,DX
4007:0895 7505 JNZ 089C
4007:089C C41EEA23 LES BX,[23EA]
4007:08AO 26C747161000 MOV WORD PTR ES: [BX+16] ,0010
4007:08A6 C41EEA23 LES BX,[23EA]
4007:08AA 8B4608 MOV AX,[BP+08]
4007:08AD 8B5606 MOV DX,[BP+06]
4007:08BO 26894714 MOV ES:[BX+14],AX
4007:08B4 26895712 MOV ES:[BX+12],DX
4007:08B8 C41EEA23 LES BX,[23EA]
4007:08BC 26C747181700 MOV WORD PTR ES:[BX+18],0017
4007:08C2 FF36EC23 PUSH WORD PTR [23EC]
4007:08C6 FF36EA23 PUSH WORD PTR [23EA]
4007:08CA E872FA CALL 033F Step F8 into CALL

4007:033F 55 PUSH BP
4007:0340 8BEC MOV BP,SP
4007:0342 83EC02 SUB SP,02
4007:0345 FF7606 PUSH WORD PTR [BP+06]
4007:0348 FF7604 PUSH WORD PTR [BP+04]
4007:034B 90 NOP
4007:034C OE PUSH CS
4007:034D E8091E CALL 2159 Step F8 into CALL

4007:2159 55 PUSH BP
4007:215A 8BEC MOV BP,SP
4007:215C 06 PUSH ES
4007:215D 53 PUSH BX
4007:215E C45E06 LES BX,[BP+06]
4007:2161 OE PUSH CS
4007:2162 E828FB CALL 1C8D Step F8 into Call

4007:1C8D 26837F0600 CMP WORD PTR ES:[BX+06],00
4007:IC92 7403 JZ IC97
4007:1C94 E9DB02 JMP IF72
4007:IC97 26837F180B CMP WORD PTR ES:[BX+18],OB
4007:lC9C 75F6 JNZ lC94
4007:1F72 IE PUSH DS
4007:1F73 55 PUSH BP
4007:1F74 57 PUSH DI
4007:1F75 56 PUSH SI
4007:1F76 52 PUSH DX
4007:1F77 51 PUSH CX
4007:1F78 06 PUSH ES
4007:1F79 53 PUSH BX
4007:1F7A 8BEC MOV BP,SP
4007:1F7C E838FC CALL 1BB7
4007:1F7F 26C747020FOO MOV WORD PTR ES:[BX+02],000F
4007:1F85 26C747040200 MOV WORD PTR ES:[BX+04],0002
4007:1F8B 26C7070313 MOV WORD PTR ES:[BX],1303
4007:1F90 26837F1833 CMP WORD PTR ES:[BX+18],33
4007:1F95 7506 JNZ 1F9D
4007:1F9D 268B471C MOV AX,ES:[BX+1C]
4007:1FA1 250300 AND AX,0003
4007:1FA4 7506 JNZ 1FAC
4007:1FAC 2680BFFEOOFF CMP BYTE PTR ES:[BX+00FE],FF
4007:1FB2 741A JZ IFCE
4007:1FCE 26837F1800 CMP WORD PTR ES:[BX+18],00
4007:1FD3 B80200 MOV AX,0002
4007:1FD6 7503 JNZ 1FDB
4007:lFDB 2680BFFEOOFF CMP BYTE PTR ES:[BX+00FE],FF
4007:1FEl 750B JNZ 1FEE
4007:lFE3 26F747lC0200 TEST WORD PTR ES:[BX+lC],0002
4007:1FE9 7403 JZ lFEE
4007:1FEE 06 PUSH ES
4007:lFEF IF POP DS
4007:lFFO OE PUSH CS
4007:lFFl 07 POP ES
4007:1FF2 8B4706 MOV AX, [BX+06]
4007:lFF5 B90100 MOV CX,000I
4007:1FF8 BFCEOD MOV DI,0DCE
4007:lFFB FC CLD
4007:1FFC F2AF REPNZ SCASW
4007:1FFE 7417 JZ 2017
4007:2017 4F DEC DI
4007:2018 4F DEC DI
4007:2019 83C702 ADD DI,02
4007:201C 2E8B3D MOV DI,CS:[DI]
4007:201F 8B4718 MOV AX, [BX+18]
4007:2022 2E833DFF CMP WORD PTR CS:[DI],-01
4007:2026 740A JZ 2032
4007:2028 2E3905 CMP CS:[DI],AX
4007:202B 741B JZ 2048
4007:202D 83C704 ADD DI,04
4007:2030 EBFO JMP 2022
4007:2032 80BFFEOOFF CMP BYTE PTR [BX+00FE],FF
4007:2037 740A JZ 2048
4007:2048 2E8B5502 MOV DX,CS:[DI+02]
4007:204C 50 PUSH AX
4007:204D B8FF3F MOV AX,3FFF
4007:2050 8ECO MOV ES,AX
4007:2052 58 POP AX
4007:2053 C55EOO LDS BX,[BP+00]
4007:2056 80BFFEOOFF CMP BYTE PTR [BX+00FE],FF
4007:205B 740F JZ 206C
4007:206C 06 PUSH ES
4007:206D IE PUSH DS
4007:206E 53 PUSH BX
4007:206F FFD2 CALL DX Step F8 into CALL

4007:0F95 C57600 LDS SI,[BP+00]
4007:0F98 8B541E MOV DX,[SI+1E]
4007:0F9B 8B5C08 MOV BX,[SI+08]
4007:0F9E E80605 CALL 14A7
4007:0FAl OBCO OR AX,AX
4007:0FA3 7508 JNZ 0FAD
4007:0FAD 8B541E MOV DX,[SI+1E]
4007:0FBO 8B5C08 MOV BX,[SI+08]
4007:0FB3 C57C12 LDS DI,[SI+12]
4007:0FB6 2BCO SUB AX,AX
4007:0FB8 50 PUSH AX
4007:0FB9 E84E07 CALL 170A Step F8 into CALL

4007:170A 53 PUSH BX
4007:170B 51 PUSH CX
4007:170C E81E04 CALL 1B2D
4007:170F E87BFC CALL 138D
4007:1712 E88700 CALL 179C
4007:1715 E8A500 CALL 17BD
4007:1718 OC80 OR AL,80
4007:171A E8DFOO CALL 17FC
4007:171D B91000 MOV CX,0010
4007:1720 E81F01 CALL 1842
4007:1723 DIDO RCL AX,1
4007:1725 E2F9 LOOP 1720
4007:1727 E8DOFC CALL 13FA
4007:172A E84204 CALL 1B6F
4007:172D 59 POP CX
4007:172E 5B POP BX
4007:172F C3 RET
4007:0FB9 E84E07 CALL 170A Return from CALL

4007:0FBC 8905 MOV [DI],AX
4007:0FBE 58 POP AX
4007:0FBF 40 INC AX
4007:0FC0 47 INC DI
4007:0FC1 47 INC DI
4007:0FC2 3D4000 CMP AX,0040
4007:0FC5 72F1 JB 0FB8 {JUMPS 64 TIMES THOUGH CALL 170A}
4007:0FC7 B80000 MOV AX,0000
4007:0FCA C57600 LDS SI,[BP+00]
4007:0FCD 89441A MOV [SI+1A],AX
4007:0FD0 C3 RET
4007:206F FFD2 CALL DX Return from CALL

4007:2071 5E POP SI
4007:2072 1F POP DS
4007:2073 07 POP ES
4007:2074 89441A MOV [SI+1A],AX
4007:2077 F7441C0200 TEST WORD PTR [S1+1C],0002
4007:207C 7417 JZ 2095
4007:2095 837C1800 CMP WORD PTR [SI+18],00
4007:2099 740C JZ 20A7
4007:209B 837C181F CMP WORD PTR [SI+18],1F
4007:209F 7406 JZ 20A7
4007:20A1 837C1801 CMP WORD PTR [SI+18],01
4007:20A5 7510 JNZ 20B7
4007:20B7 5B POP BX
4007:20B8 07 POP ES
4007:20B9 59 POP CX
4007:20BA 5A POP DX
4007:20BB 5E POP SI
4007:20BC 5F POP DI
4007:20BD 5D POP BP
4007:20BE IF POP DS
4007:20BF 2689471A MOV ES:[BX+IA],AX
4007:20C3 CB RETF
4007:2162 E828FB CALL 1C8D Return from CALL

4007:2165 5B POP BX
4007:2166 07 POP ES
4007:2167 5D POP BP
4007:2168 CA0400 RETF 0004
4007:034D E8091E CALL 2159 Return from CALL

4007:0350 8946FE MOV [BP-02],AX
4007:0353 8B46FE MOV AX,[BP-02]
4007:0356 EBOO JMP 0358
4007:0358 C9 LEAVE
4007:0359 C3 RET
4007:08CA E872FA CALL 033F Return from CALL

4007:08CD 83C404 ADD SP,04
4007:08DO 8946FC MOV [BP-04],AX
4007:08D3 C41EEA23 LES BX,[23EA]
4007:08D7 26C747160000 MOV WORD PTR ES:[BX+16],0000
4007:08DD 8B46FC MOV AX, [BP-04]
4007:08EO EBB8 JMP 089A
4007:08E2 59 POP CX
4007:08E3 IF POP DS
4007:08E4 5D POP BP
4007:08E5 4D DEC BP
4007:08E6 CA0400 RETF 0004
2A37:05lE FF1E6835 CALL FAR [3568] Return from CALL

2A37:0522 8946F4 MOV [BP-0C],AX
2A37:0525 OBCO OR AX,AX
2A37:0527 7542 JNZ 056B
2A37:0529 1E PUSH DS
2A37:052A FF76F8 PUSH WORD PTR [BP-08]
2A37:052D B8l000 MOV AX,0010
2A37:0530 50 PUSH AX
2A37:0531 FF1E1639 CALL FAR [3916]
2A37:0535 8946F4 MOV [BP-0C],AX
2A37:0538 OBCO OR AX,AX
2A37:053A 752F JNZ 056B
2A37:053C B80300 MOV AX,0003
2A37:053F 50 PUSH AX
2A37:0540 8D46FA LEA AX,[BP-06]
2A37:0543 16 PUSH SS
2A37:0544 50 PUSH AX
2A37:0545 8B460A MOV AX,[BP+0A]
2A37:0548 8BC8 MOV CX,AX
2A37:054A 03CO ADD AX,AX
2A37:054C 03C1 ADD AX,CX
2A37:054E 0346F8 ADD AX,[BP-08]
2A37:0551 2D0300 SUB AX,0003
2A37:0554 8946F6 MOV [BP-0A],AX
2A37:0557 1E PUSH DS
2A37:0558 50 PUSH AX
2A37:0559 9AEA19372B CALL 2B37:l9EA
2A37:055E 83C40A ADD SP,0A
2A37:0561 3D0100 CMP AX,000l
2A37:0564 1BCO SBB AX,AX
2A37:0566 F7D8 NEG AX
2A37:0568 8946F2 MOV [BP-0E],AX
2A37:056B FF76F8 PUSH WORD PTR [BP-08]
2A37:056E 9ABC26372B CALL 2B37:26BC
2A37:0573 5B POP BX
2A37:0574 8B46F2 MOV AX,[BP-OE]
2A37:0577 8D66FE LEA SP,[BP-02]
2A37:057A IF POP DS
2A37:057B 5D POP BP
2A37:057C 4D DEC BP
2A37:057D CB RETF
2A37:00C8 E80304 CALL 04CE Return from CALL

2A37:00CB 83C406 ADD SP,06
2A37:00CE 8B5EFC MOV BX,[BP-04]
2A37:00DI 03DB ADD BX,BX
2A37:00D3 89876B2F MOV [BX+2F6B],AX
2A37:00D7 FF46FC INC WORD PTR [BP-04]
2A37:00DA 837EFCOD CMP WORD PTR [BP-04],0D
2A37:00DE 7ED9 JLE 00B9
2A37:00EO 837E0600 CMP WORD PTR [BP+06],00
2A37:00E4 7El2 JLE 00F8
2A37:00E6 837E060D CMP WORD PTR [BP+06],0D
2A37:00EA 7FOC JG 00F8
2A37:00EC 8B5E06 MOV BX,[BP+06]
2A37:00EF 03DB ADD BX,BX
2A37:00FI 8B876B2F MOV AX,[BX+2F6B]
2A37:00F5 E9A800 JMP 0IA0
2A37:0lAO 8D66FE LEA SP,[BP-02]
2A37:0lA3 IF POP DS
2A37:0lA4 5D POP BP
2A37:0lA5 4D DEC BP
2A37:0lA6 CA0200 RETF 0002
3107:03EF OBCO OR AX,AX
3107:03F1 751C JNZ 040F GOOD GUY JUMP PROGRAM RUNNING
[CODE]
Elenil
September 11th, 2013, 03:08
offset 0000 ? looks a strainge address for me

however bpm command : bpm 0000 R (on read) , bpm 0000 W (write) bpm 0000 x (execution)


0157:4D5A 2E8E1E0200 MOV DS,CS:[0002]
0157:4D5F 8E1E881A MOV DS,[lA88]
0157:4D63 A10000 MOV AX,[0000] Reads feature serial in ini file

as you can see the data segment has changed (ds)

it comes from cs:[0002] and from there DS,[lA88]

when you set your bp be sure you have the selected in front like bpm 12:0000 R (look what 12 is for you) it also could switch the values

maybe you can write a conditional bp on 0157:4D66 (bpx 0157:4d66 if ax==6633) if you know what value ax has to be
melwarren
November 9th, 2013, 16:41
EAX=00000071 EBX=0000BF2E ECX=00000006 EDX=OOOOOOOO ESI=00020006
EDI=00020000 EBP=0000BF18 ESP=OOOOBFOA EIP=000002E2 0 d I s zaP c
CS=298F DS=3937 SS=IB5F ES=IB5F FS=OOOO GS=OOOO ES:0000BF30=D8
-----XGCMAIN(75)----------------------------------byte--------------PROT---(O)--
IB5F:0000BFOB 50 39 AO 42 06 00 27 00-39 00 31 00 04 00 37 39 P9.B ..'.9.1 79
IB5F:0000BF18 35 BF 00 05 8F 29 B2 2F-37 39 2E BF 5F IB 00 00 5....)./79.._ .
IB5F:0000BF2B BF 29 20 00 6A 2F 37 39-DB 00 37 39 45 BF CB 00 .) .j/79..79E .
IB5F:0000BF3B 8F 29 B2 2F 37 39 01 00-01 00 5F IB C9 BF EF 03 .)./79 _ .
IB5F:0000BF48 F7 26 01 00 AO 42 00 OO-EO OA 00 03 F5 0111 01 .& B .
1B5F:0000BF5B DO OA B1 50 03 00 00 00-00 00 00 00 00 00 00 00 P .
1B5F:0000BF6B 00 00 00 17 5F 1B 00 OO-EO OA 5F IB 00 00 00 00 .
-------------------------------------------------------------------------PROT16-
298F:02CE EB43 JMP 0313
29BF:02DO C45EOA LES BX,[BP+OA]
29BF:02D3 B106 MOV CL,06
298F:02D5 26C6470300 MOV BYTE PTR ES:[BX+03],00
29BF:02DA 8A46FB MOV AL,[BP-OB]
298F:02DD D2EO SHL AL,CL
298F:02DF OA46FA OR AL,[BP-06]
298F:02E2 26884702 MOV ES:[BX+02],AL
298F:02E6 8B46F8 MOV AX, [BP-08]
298F:02E9 DIF8 SAR AX,l
298F:02EB D1F8 SAR AX,1
298F:02ED 240F AND AL,O"F
29BF:02EF B104 MOV CL,04
298F:02F1 8A56F6 MOV DL,[BP-OA]
29BF:02F4 D2E2 SHL DL,CL
29BF:02F6 OAC2 OR AL,DL
298F:02F8 268B4701 MOV ES:[BX+Ol],AL
298F:02FC 8B46F6 MOV AX,[BP-OA]
29BF:02FF D3F8 SAR AX,CL
29BF:0301 2403 AND AL,03
298F:0303 8A4EF4 MOV CL,[BP-OC]


298F:02DF OA46FA OR AL,[BP-06] In this step it writes 2 digit if the password to memory.

What is [bp-06]. What does it stand for. How do I trace it in softice.

29BF:02F6 OAC2 OR AL,DL In this step it writes the second 2 digits of the password.