ܲÜÜ Ü Ü Ü Ü ÜÜܲßÛßßÛßßÛßÜÜÜ Ü ÞÝÞÝÞÝÞÞÝÞ Ü Üß²²ß²Üß Üß Üß Üß ÜßÜÜ Ü Üß ÞÜþÛÜÛÛÜÝÛÜÝÞÝ Üß Üß²ßÜ °ÞÝ ÞÝ Üß ÞÝ Û ÞÝÜßÜ ÞÝ ÛÜßÜÛßÜþßÜßÛÜßÛ ÞÝ Û²ÜßÞÝ° Û Û ÞÝ Û Þݲ ² ÜÞÝ ÛßÞÝÜÞÜ ²ß ÜÝÜÞÝßÜ Þ²ßÛÛÛÛÜ Ü²ÜÛ ÜÝÜÛ۲ܲÜÛÛÛÛßÛ ÜÜÜÜÜÜÜÜÜÜÜÜÜÜ Ü²ßþÛßÛß ß²ÜÜ²ß ßÛßÛþß²Ü Ûß²²ßÜÞ þß Üß²ÜÛ²ßÛßßþ ÝÜßÛ²ÛÝ ÛÛÛÛßßÛÛÛÛÛßßÛ޲ݲÞÛ²Ý ß Û² ß Þ²ÛÝ²Þ²Ý Ü²ßÜÝÛÛÛÛ²ÜÜ ßßÛß ÜܲÛÛÛÛÜÜß²Ü ÛÛÛÜß²ÜßÛßܲ Û ß²ÜÜþßÜ Ü±ßÛ±Ü ÜßþÜܲßÜÞÝÜ Ü²ß ßÜß²ÜÜ²ß ßß Üß²ÜßþÞÝ ÛßܲßÞÛÝÜ²ß Ü²ßÜÜÞÝþßܲÛßßÜÜßßÛ²ÜßþÞÝÜÛÛÜßþÞ²Ý Û þ Þ²Ý Û þÞ²ÝÜß ÝÞÛÝ° ÛÛÛݱÞÛÝÛÛÛÜßÜÞ²ß ÜßÛßÛÜ ß²ÝÜß ÛÛÛÛÛÛÜß²ÜÜ ßÜÛÛÛÛÜ ßÜ²ß ÛÜß²ÜÞß ß²Ü ß²ÜßÛÛÛÜ ßÜÛÜÜ Ü ÜÛÜßÜÜÜÛÛÛÛÛÛÛÛ²Üß²±ÛܲÛßÜÜÜÜßÛ²ÜÛ±ßß ÛÛÛÜܲßÛÜ ÜÛÛÜ ÜÛÛÛÛÛÜÜ ßßÛßß ÜÜÜÜ ßß ÜÜ ß ÜÜßßÜßßÛÜÜÛß ßÛÜÜÛß ÛÛÛ²ßܲÜßÛßÜÜßÛßÜÜßÜÜ ßÛÛÜ ÜÛÛßßÜÜßÛÛßÜÜßÛßÜßÛÛÜ ÜÜܲÛÛÛÛÛÛ²ÜÜÜÛßÛÜ Û²ßÜÛÛÛ۲ܲÛÛÛÜÛßÜÛÛÛÛ²Üß²ÛÛßÜÛÛ²Û² ܲÛÛÛÜÛÛÛÜßÛÛÛßÜÜÜÜÜßÛÜÛÛßÜÜÛÜßÛÜ Û ÛÛÛ²ß ÛÛÝ ß²Û²ßÛÛÝ ßßÛ²ÜßÜÛÛ²ß ÛÝÛÛÛß²Û²ßÛÛÝÛÝÞÛÛßßß²Û ÛßÜÛÛÛÛÛ²ÜßÛ ÛÜß²ßÜÛÝÞÛÛ ß ÞÛÛ ÞÛÛ²ß²ß ÜÛÞÛÛ² ß ²ÛÝ ÛÛ ÛÛ²ß ßÛÛÛÝÛ ÛÛÛܲÛÜÛÜÞ²± ÞÛÛ ÜÛÛÛ²ß ÜÜÛÞÛÝÛÛÝ ÞÛ² ÛÛÝcoax!cphÛÝ Û²ÞÛ ÛÜÛ Û²ÛÞÛÝ²Ý ²ÛÛݲßß ÜÛÛÛ²ß ÛÝÛÛ ÞÛÛ ßÛÛ²ÜÜ ßß ÞÛÝÛÛ ÛÜÛÛÜÛÜÛÜÞÛÝ ÞÛÛß ÜÛÜÞÛÛÝ ÞÛÞÛÛ ÛÛÝ ßÛÛ²Ü ßßÛÛ²ÞÛ ÛÜÛÝÛÞßÛßÞÛ² ÛÛÝ ÜÛÛ²ß ßÛÛÜÜ ÛÛÞÛÛÝ ÞÛÛÝÜÛ² ÞÛÛ ÜÛÜ ÛÛÝÛ ÛÜÛÜÜÜÛÜÝÛ²Ý ßÛÛÛÛ²ß ßÛÛ²Û²ÝÛÛ² ÛÛ² ÛÛÛÝ ÜÜÛ²ßÞÛÛÛÛÜ ÞÛ²ÞÛ ÛÜÛÜßÜßÜßÜßÜÜÜÜÜÜÜÜßßßÜÜÜÜÜÜÜÜÜÜßßÜÜÜßÜÜÜÜÜÜÜßÜÜÜßÛÛÛÛ²ßÜÜÜßÛÛÛÛÛ²ßÜÞÛ ÛÜÛܲܲܲTEAM-53.TUTORiALS.PACK.NUMBER.SiXTEEN.#16 ßßÜÜÛÜÛÜÛÜßÛß² ÛßÛÛ –¥«ì: KeygenMe #9 by HMX0101 €¢â®à: lord_Phoenix :: Intro :: PEiD'ã ¢¥à¨âì ­¥«ì§ï, ­® ¯® ¯à¨¢ë窥, ï ­ âà ¢¨« ¥£® ­  keygenme9.exe ¥§ã«ìâ âë: - "Borland Delphi 6.0 - 7.0" - Detected 1 crypto signature (in 0.8s) -> MD5 :: 00003920 :: 00014520 HMX ®¡¥é « ­ ¬ ªàª¬¨ ¯®á«®¦­¥¥ ¨ ¤ ¦¥ á ªà¨¯â®. ‚ ¯ãâì! ;) :: Tools :: - IDA - ¤«ï  ­ «¨§  - masm - ¤«ï ª¥©£¥­  :: Into the deeps :: Ÿ § £à㧨« ªà窱¨á ¢ ¨¤ã ¨ ¯®è¥« ¯¨âì ª®äí =) ®â®¬ ï ¡ëáâà® ­ è¥« ®¡à ¡®â稪 á®®¡é¥­¨© ®ª­  ¨ ᮡáá­® ®¡à ¡®â稪 WM_COMMAND. CheckButtonOnClick - sub_15694 ’®¥áâì ¯® ­ ¦ â¨î ª­®¯ª¨ Check ¬ë ¯®¯ ¤¥¬ á: CODE:00015694 push ebp CODE:00015695 mov ebp, esp CODE:00015697 add esp, 0FFFFFF70h CODE:0001569D xor eax, eax CODE:0001569F mov [ebp+szModdedNameBased64], eax CODE:000156A5 mov [ebp+szModdedName], eax CODE:000156AB mov [ebp+szName], eax CODE:000156AE mov [ebp+szSerial], eax CODE:000156B1 xor eax, eax CODE:000156B3 push ebp CODE:000156B4 push offset loc_15818 CODE:000156B9 push dword ptr fs:[eax] CODE:000156BC mov fs:[eax], esp CODE:000156BF lea edx, [ebp+szName] CODE:000156C2 mov eax, ds:dword_17AD4 CODE:000156C7 call GetText CODE:000156CC lea edx, [ebp+szSerial] CODE:000156CF mov eax, ds:dword_17AD8 CODE:000156D4 call GetText CODE:000156D9 xor eax, eax CODE:000156DB mov [ebp+szChecks], eax CODE:000156DE xor eax, eax CODE:000156E0 mov [ebp+name_mod_crc32], eax CODE:000156E3 mov eax, [ebp+szName] CODE:000156E6 call @System@Length ; System::Length CODE:000156EB cmp eax, 5 CODE:000156EE jge short loc_156FD CODE:000156F0 mov eax, [ebp+szName] CODE:000156F3 call @System@Length ; System::Length CODE:000156F8 cmp eax, 19h CODE:000156FB jg short loc_15700 CODE:000156FD CODE:000156FD loc_156FD: ; CODE XREF: sub_15694+5Aj CODE:000156FD inc [ebp+szChecks] ; pre_check passed CODE:00015700 CODE:00015700 loc_15700: ; CODE XREF: sub_15694+67j CODE:00015700 cmp [ebp+szChecks], 1 CODE:00015704 jnz short loc_15715 CODE:00015706 mov eax, [ebp+szSerial] CODE:00015709 call length_checking CODE:0001570E test al, al CODE:00015710 jz short loc_15715 (¯®¬­¨â¥, çâ® ¯®ç⨠¢á¥ ¨¬¥­  ¯¥à¬¥­­ëå, ¯à®æ¥¤ãà - ¬®¨,   ­¥ á㯥à-¨¤ë ;p) ‘­ ç «  ¬ë ¯®¯ ¤ ¥¬ ¢ ¯à¥ªà á­¥©èãî ¯à¢®¥àªã ¤«¨­­ë á¥à¨ « . …᫨ ã ¢ á âà㤭®á⨠á fpu - ¯®ç¨â ©â¥ â «¬ã¤ë ˆ­â¥« . ஢¥àª : ((len^4)/4)+((len^2)/8) = 262272 ’®¥áâì ­ ¬ ­ ¤® à¥è¨âì ãà ¢­¥­¨¥: (x^4)/4+(x^2)/8=262272 ¥è ¥¬: 2*x^4 + x^2 - 2098176 = 0 y= x^2 2*y^2 + y - 2098176 = 0 D = b^2 - 4*a*c = 1 + 4*2098176*2 = 16785409 y2 == (b - sqrt(d))/4 == 1024 x = 32 - ¤«¨­­  á¥à¨ «  =) த®«¦¨¬  ­ «¨§: CODE:0001571B mov eax, [ebp+szSerial] CODE:0001571E call format_check ; ⮫쪮 [0..9][A..Z] CODE:00015723 test al, al CODE:00015725 jz short loc_1572A CODE:00015727 inc [ebp+szChecks] CODE:0001572A CODE:0001572A loc_1572A: ; CODE XREF: sub_15694+85j CODE:0001572A ; sub_15694+91j CODE:0001572A cmp [ebp+szChecks], 3 CODE:0001572E jnz short loc_1573E CODE:00015730 lea edx, [ebp+szSerialInBytes] CODE:00015733 mov eax, [ebp+szSerial] CODE:00015736 call serial_to_hex CODE:0001573B inc [ebp+szChecks] CODE:0001573E CODE:0001573E loc_1573E: ; CODE XREF: sub_15694+9Aj CODE:0001573E cmp [ebp+szChecks], 4 CODE:00015742 jnz short loc_15774 CODE:00015744 lea edx, [ebp+szModdedName] CODE:0001574A mov eax, [ebp+szName] CODE:0001574D call ROT13 CODE:00015752 mov eax, [ebp+szModdedName] CODE:00015758 lea edx, [ebp+szModdedNameBased64] CODE:0001575E call base CODE:00015763 mov eax, [ebp+szModdedNameBased64] CODE:00015769 call CRC32 CODE:0001576E mov [ebp+name_mod_crc32], eax  è¥ ¨¬ï è¨àäã¥âáï á ¯®¬®éìî ROT13 - lord_Phoenix->ybeq_Cubravk. ®¨£à ©â¥áì á http://www.rot13.com ;) ‡ â¥¬ ¨¤¥â base64(encrypted_name) -  «ä ¢¨â ¨§¬¥­¥­ - bdfhjlnprtvxzacegikmoqsuwyBDFHJLNPRTVXZACEGIKMOQSUWY/+9876543210 (­ã ¨ '?' ¢¬¥áâ® '=') ®á¥« í⮣® keygenme ¢§ï«® ¡ë crc32 ¨§ "based rot13'ed name". =) CRC32: CODE:00014E58 CRC32 proc near ; CODE XREF: sub_15694+D5p CODE:00014E58 push ebx CODE:00014E59 push esi CODE:00014E5A mov esi, eax CODE:00014E5C or ebx, 0FFFFFFFFh CODE:00014E5F mov eax, esi CODE:00014E61 call @System@Length ; System::Length CODE:00014E66 test eax, eax CODE:00014E68 jle short loc_14E8B CODE:00014E6A mov edx, 1 CODE:00014E6F CODE:00014E6F loc_14E6F: ; CODE XREF: CRC32+31j CODE:00014E6F xor ecx, ecx CODE:00014E71 mov cl, [esi+edx-1] CODE:00014E75 xor ecx, ebx CODE:00014E77 and ecx, 0FFh CODE:00014E7D shr ebx, 8 CODE:00014E80 xor ebx, ds:dword_1767C[ecx*4] CODE:00014E87 inc edx CODE:00014E88 dec eax CODE:00014E89 jnz short loc_14E6F CODE:00014E8B CODE:00014E8B loc_14E8B: ; CODE XREF: CRC32+10j CODE:00014E8B not ebx CODE:00014E8D mov eax, ebx CODE:00014E8F pop esi CODE:00014E90 pop ebx CODE:00014E91 retn CODE:00014E91 CRC32 endp â® áâ ­¤ àâ­ë© crc32-ª®¤. …£® â ¡«¨æ  ­¥ ¢è¨â , ®­  ¨­¨æ¨ «¨§¨à®¢ « áì ¡ë âãâ: CODE:00014E20 crcr32_init_table proc near ; CODE XREF: Sockets::initialization(void)+9p CODE:00014E20 push esi CODE:00014E21 xor esi, esi CODE:00014E23 mov eax, offset dword_1767C CODE:00014E28 CODE:00014E28 loc_14E28: ; CODE XREF: crcr32_init_table+31j CODE:00014E28 mov [eax], esi CODE:00014E2A mov edx, 8 CODE:00014E2F CODE:00014E2F loc_14E2F: ; CODE XREF: crcr32_init_table+25j CODE:00014E2F mov ecx, [eax] CODE:00014E31 test cl, 1 CODE:00014E34 jz short loc_14E42 CODE:00014E36 shr ecx, 1 CODE:00014E38 xor ecx, 474F4F44h CODE:00014E3E mov [eax], ecx CODE:00014E40 jmp short loc_14E44 CODE:00014E42 ; --------------------------------------------------------------------------- CODE:00014E42 CODE:00014E42 loc_14E42: ; CODE XREF: crcr32_init_table+14j CODE:00014E42 shr dword ptr [eax], 1 CODE:00014E44 CODE:00014E44 loc_14E44: ; CODE XREF: crcr32_init_table+20j CODE:00014E44 dec edx CODE:00014E45 jnz short loc_14E2F CODE:00014E47 inc esi CODE:00014E48 add eax, 4 CODE:00014E4B cmp esi, 100h CODE:00014E51 jnz short loc_14E28 CODE:00014E53 pop esi CODE:00014E54 retn CODE:00014E54 crcr32_init_table endp ˆâ ª, ¯®«¨­®¬ ¨§¬¥­¨«áï ­  474F4F44h. ‡ ¯®¬­¨â¥ í⮣® ¤«ï ¢ è¥£® ª¥©£¥­ . ;) € § â¥¬... CODE:0001577A lea eax, [ebp+Context] CODE:0001577D mov edx, [ebp+name_mod_crc32] CODE:00015780 call MD5Init ; modified CODE:00015785 mov eax, [ebp+szName] CODE:00015788 call @System@Length ; System::Length CODE:0001578D push eax CODE:0001578E mov eax, [ebp+szName] CODE:00015791 call @System@@LStrToPChar$qqrv ; System::__linkproc__ LStrToPChar(void) CODE:00015796 mov edx, eax CODE:00015798 lea eax, [ebp+Context] CODE:0001579B pop ecx CODE:0001579C call MD5Update CODE:000157A1 lea edx, [ebp+Result] CODE:000157A7 lea eax, [ebp+Context] CODE:000157AA call MD5Final â® ¯®á«¥¤­ïï ç áâì § é¨âë. MD5Init ¬®¤¨ä¨æ¨à®¢ ­ - ª®­áâ ­âë ¢§ï⨠¨§ crc32 + ­¥¬­®£® åoring'­£ : CODE:00014C70 MD5Init proc near ; CODE XREF: sub_15694+ECp CODE:00014C70 mov ecx, edx CODE:00014C72 xor ecx, 4D48205Bh CODE:00014C78 mov [eax], ecx CODE:00014C7A mov ecx, edx CODE:00014C7C xor ecx, 30313058h CODE:00014C82 mov [eax+4], ecx CODE:00014C85 mov ecx, edx CODE:00014C87 xor ecx, 41482D31h CODE:00014C8D mov [eax+8], ecx CODE:00014C90 xor edx, 5D204853h CODE:00014C96 mov [eax+0Ch], edx CODE:00014C99 xor edx, edx CODE:00014C9B mov [eax+10h], edx CODE:00014C9E xor edx, edx CODE:00014CA0 mov [eax+14h], edx CODE:00014CA3 add eax, 18h CODE:00014CA6 mov edx, 40h CODE:00014CAB call zero_memory CODE:00014CB0 retn CODE:00014CB0 MD5Init endp à®á¬ âਢ ï ª®¤ ¢ IDA, ï § ¬¥â¨«, çâ® ¥áâì ­¥ª®¥ ¨§¬¥­¥­¨¥ ¢ MD5Transform: CODE:00014500 push eax CODE:00014501 push 7 CODE:00014503 push 0D76AA477h ; should be 0D76AA478h =) CODE:00014508 mov eax, esi CODE:0001450A mov ecx, [ebp+0] CODE:0001450D mov edx, [edi] CODE:0001450F call FF ¥ § ¡ã¤ì⥠ᤥ« âì í⨠¨§¬¥­¥­¨ï ¢ ¢ è¥¬ ¨á室­¨ª¥ md5. ;) ’¥¯¥àì á ¬ ï á« ¡ ï ç áâì § é¨âë: CODE:00014DA8 compare_serials proc near ; CODE XREF: sub_15694+12Dp CODE:00014DA8 CODE:00014DA8 var_20 = dword ptr -20h CODE:00014DA8 var_10 = dword ptr -10h CODE:00014DA8 CODE:00014DA8 push esi CODE:00014DA9 push edi CODE:00014DAA add esp, 0FFFFFFE0h CODE:00014DAD mov esi, edx CODE:00014DAF lea edi, [esp+20h+var_10] CODE:00014DB3 movsd CODE:00014DB4 movsd CODE:00014DB5 movsd CODE:00014DB6 movsd CODE:00014DB7 mov esi, eax CODE:00014DB9 lea edi, [esp+20h+var_20] CODE:00014DBC movsd CODE:00014DBD movsd CODE:00014DBE movsd CODE:00014DBF movsd CODE:00014DC0 xor eax, eax CODE:00014DC2 mov dl, 1 CODE:00014DC4 jmp short loc_14DD5 CODE:00014DC6 ; --------------------------------------------------------------------------- CODE:00014DC6 CODE:00014DC6 loc_14DC6: ; CODE XREF: compare_serials+33j CODE:00014DC6 xor edx, edx CODE:00014DC8 mov dl, al CODE:00014DCA mov cl, byte ptr [esp+edx+20h+var_20] CODE:00014DCD cmp cl, byte ptr [esp+edx+20h+var_10] CODE:00014DD1 setz dl CODE:00014DD4 inc eax CODE:00014DD5 CODE:00014DD5 loc_14DD5: ; CODE XREF: compare_serials+1Cj CODE:00014DD5 test dl, dl CODE:00014DD7 jz short loc_14DDD CODE:00014DD9 cmp al, 10h CODE:00014DDB jb short loc_14DC6 CODE:00014DDD CODE:00014DDD loc_14DDD: ; CODE XREF: compare_serials+2Fj CODE:00014DDD mov eax, edx CODE:00014DDF add esp, 20h CODE:00014DE2 pop edi CODE:00014DE3 pop esi CODE:00014DE4 retn CODE:00014DE4 compare_serials endp ‚®-¯¥à¢ëå, ¬ë ¬®¦¥¬ ¢¨¤¥âì ¤«¨­ã ¯à ¢¨«ì­®£® á¥à¨©­¨ª  ¡¥§ à¥è¥­¨ï ãà ¢­¥­¨ï: CODE:00014DD9 cmp al, 10h ‘¥à¨©­¨ª á®á⮨⠨§ 10h ¡ ©â - 32ᨬ¢®« . ;) ˆ âãâ ¦¥ ¬®¦­® ¢ë«®¢¨âì ¯à ¢¨«ì­ë© á¥à¨©­¨ª. VI- Keygen =================== ˆâ ª, ¢ ­ è¥¬ ª¥©£¥­¥ ¤®«¦­® ¡ëâì: 1. ¯®«ã祭¨¥ ¨¬¥­¨ 2. rot13 ¨¬¥­¨ 3. ¨§¬¥­ï¥¬ ¡ §¨á (¢ ᮮ⢥âá⢨¨ á  «ä ¢¨â®¬) 4. ¯®«ãç ¥¬ crc32 (­¥ § ¡ë¢ ¥¬ ®¡ ¨§¬¥­ñ­­®¬ ¯®«¨­®¬¥) 5. md5 (¨§¬¥­ï¥¬ çãâì-çãâì, ï ¯à®á⮠ਯ­ã« ¨§ ª¥©£¥­¬¨ ¢ ida) 6. bytes->serial ‘¬®âਬ ¯à¨« £ î騩áï ¨á室­¨ª ¤«ï ¯®¤à®¡­®á⥩. ;) V- Š®­¥æ =================== ˆâ ª, ¢áñ à §à¥è¨«®áì. Œ­¥ ¯®­à ¢¨«®áì ¢áñ íâ®  ­ «¨§¨à®¢ âì, ­® ¢áñ à ¢­® ï ¡ë ¯®áâ ¢¨« ®æ¥­ªã - 4/10. ;) •®ç¥âáï ¡®«ì襣®! ® ¢áñ à ¢­® ᯠᨡ® HMX0101 §  â ª®© ¨­â¥à¥á­ë© ªà窱¨. ‚áñ. =) ਢ¥âë ã«¥â îâ ¢®â í⨬ ¯®ç¨â¨¢­ë¬ «î¤ï¬: ¢á¥¬ ¬¥¬¡¥à ¬ REVENGE, TSRh, tPORt, CPH, iNT3 [Ru]Ban.OK!, ALe}{, ALiEN, Asterix, BiSHEP, BiZON, Black Neuromancer, deroko, EGOiST, Funbit, Gelios, Getorix, GHOST, GPcH, Grim Fandango, gryzon, HMX0101, LaZzy, mc707, Mr.Clumsy, newborn, nice, NJOY, Ox87k, PlainTeXT, Red_Baron, sanniassin, Skitz0, SLV, smoke, Spiteful, V0land, vins, Zer0, ZOoMiK ¨ ⥬, ª®£® ï § ¡ë«... VI- ˆá室­¨ª =================== .data b64chars label byte db 'bdfhjlnprtvxzacegikmoqsuwyBDFHJLNPRTVXZACEGIKMOQSUWY/+9876543210',0 rot13 label byte db 0AAh, 000h, 030h, 00Ch, 0ABh, 080h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 04Eh, 04Fh, 050h db 051h, 052h, 053h, 054h, 055h, 056h, 057h, 058h db 059h, 05Ah, 041h, 042h, 043h, 044h, 045h, 046h db 047h, 048h, 049h, 04Ah, 04Bh, 04Ch, 04Dh, 08Bh db 0C0h, 06Eh, 06Fh, 070h, 071h, 072h, 073h, 074h db 075h, 076h, 077h, 078h, 079h, 07Ah, 061h, 062h db 063h, 064h, 065h, 066h, 067h, 068h, 069h, 06Ah db 06Bh, 06Ch, 06Dh, 08Bh, 0C0h, 0A8h, 054h, 001h .data? .DATA? sName CHAR 20h dup(?) rNam CHAR 20h dup(?) sSerial CHAR 60h dup(?) sSer CHAR 60h dup(?) temp CHAR 50h dup(?) _len dd ? hashtab dd ? based CHAR 100h dup(?) buf dd ? Base64Encode proc pInputData:DWORD,dwDataLen:DWORD,pOutputStr:DWORD push ebp push esi push edi push ebx mov esi,[pInputData] mov edi,[pOutputStr] mov ebp,[dwDataLen] .repeat test ebp,ebp jz @F; exact divide 3? ; EEEEEEFF CCDDDDDD BBBBCCCC AAAAAABB mov al,[esi+0] mov dl,[esi+1] mov bl,[esi+2] mov ah,al mov dh,dl mov bh,bl and ah,00000011b and dh,00001111b and bh,00111111b shr al,2 shr dl,4 shr bl,6 shl ah,4 shl dh,2 or ah,dl or bl,dh movzx edx,al movzx ecx,ah mov al,[edx+b64chars] mov ah,[ecx+b64chars] movzx edx,bl movzx ecx,bh mov bl,[edx+b64chars] mov bh,[ecx+b64chars] and eax,0FFFFh shl ebx,16 add esi,3 or eax,ebx stosd sub ebp,3 .until SIGN? add edi,ebp .repeat mov byte ptr [edi],'?' inc edi inc ebp .until ZERO? @@: mov eax,edi pop ebx mov [eax],bp pop edi pop esi pop ebp sub eax,[pOutputStr] ret Base64Encode endp CRC32 proc push esi push ecx push edx push ebx lea esi, based mov ecx, _len mov ebx,[hashtab] xor edx, edx xor eax,eax dec eax CRC32calc: mov dl, byte ptr [esi] xor dl, al shr eax, 8 xor eax, dword ptr [ebx + 4*edx] inc esi dec ecx jnz CRC32calc not eax pop ebx pop edx pop ecx pop esi ret CRC32 endp inittable proc ; crc32 table initialization push ebx mov edx,[hashtab] xor ebx,ebx initl: xor eax,eax mov al,bl xor cx,cx entryloop: test eax,1 jz nobit shr eax,1 xor eax,474F4F44h jmp entrygon nobit: shr eax,1 entrygon: inc cx test cx,8 jz entryloop mov dword ptr [ebx*4+edx],eax inc bx test bx,256 jz initl pop ebx ret inittable endp Generate PROC USES ebx esi edi hWnd:HWND .code invoke RtlZeroMemory, addr sSer,60 invoke RtlZeroMemory, addr sSerial,60 invoke RtlZeroMemory, addr rNam,20 invoke RtlZeroMemory, addr temp,50 invoke RtlZeroMemory, addr based,100 INVOKE GetDlgItemText, hWnd, IDC_NAME, ADDR sName, SIZEOF sName cmp eax, 5 jb nameError ;...KeyGeneration algo here... ; name modifying MOV ESI, EAX MOV EDI, 1 loc_1513D: MOV EAX,offset sName MOV BL,BYTE PTR DS:[EAX+EDI-1] MOV EAX,EBX ADD AL,0BFh SUB AL,01Ah JNB loc_1516B XOR EDX,EDX MOV DL,BL MOV DL,BYTE PTR DS:[EDX+offset alpha+4] mov eax, offset rNam mov byte ptr[eax+edi],dl JMP loc_151A7 loc_1516B: MOV EAX,EBX ADD AL,09Fh SUB AL,01Ah JNB loc_15192 mov eax, offset rNam XOR EDX,EDX MOV DL,BL MOV DL,BYTE PTR DS:[EDX+offset alpha] mov byte ptr[eax+edi],dl JMP loc_151A7 loc_15192: mov dl, byte ptr[offset sName-1+edi] mov eax, offset rNam mov byte ptr[eax+edi],dl loc_151A7: INC EDI DEC ESI JNZ loc_1513D invoke lstrlen, addr rNam+1 invoke Base64Encode, addr rNam+1,eax,addr based invoke VirtualAlloc,0,256*4,MEM_COMMIT,PAGE_READWRITE mov hashtab,eax invoke lstrlen, addr based mov _len,eax call inittable call CRC32 push eax invoke VirtualFree, hashtab, 256*4,MEM_DECOMMIT invoke VirtualAlloc,0,256*4,MEM_COMMIT,PAGE_READWRITE mov buf, eax pop edx call MD5Init invoke lstrlen, addr sName push eax mov edx, offset sName mov eax, buf pop ecx call MD5Update lea edx, sSer mov eax, buf call MD5Final invoke VirtualFree, buf, 256*4,MEM_DECOMMIT mov esi, offset sSer mov edi, offset sSerial mov ecx, 16 call @FMT INVOKE SetDlgItemText, hWnd, IDC_SERIAL, ADDR sSerial mov eax, TRUE jmp endGenerate nameError: INVOKE SetDlgItemText, hWnd, IDC_SERIAL, SADD("Make it longer :P") mov eax, FALSE endGenerate: ret @FMT: push ebp mov ebp,esp add esp,-8 mov dword ptr ss:[ebp-4],ecx xor ecx,ecx xor eax,eax mov dword ptr ss:[ebp-8],eax next_byte: mov al,byte ptr ds:[esi+ecx] mov ebx,eax shr eax,4 add al,090h daa adc al,040h daa mov edx,dword ptr ss:[ebp-8] add edx,ecx mov byte ptr ds:[edi+edx],al inc dword ptr ss:[ebp-8] mov al,bl and eax,0Fh add al,090h daa adc al,040h daa mov edx,dword ptr ss:[ebp-8] add edx,ecx mov byte ptr ds:[edi+edx],al inc ecx cmp ecx,dword ptr ss:[ebp-4] jnz next_byte leave retn Generate ENDP ; ripped md5 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_14044 proc near ; CODE XREF: MD5Init+3Bp MD5Final+6Ap xor ecx, ecx call FillCharz ; System::__linkproc__ FillChar(void) retn sub_14044 endp ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› FillCharz proc near ; CODE XREF: sub_14044+2p push edi mov edi, eax mov ch, cl mov eax, ecx shl eax, 10h mov ax, cx mov ecx, edx sar ecx, 2 js short loc_126C5 rep stosd mov ecx, edx and ecx, 3 rep stosb loc_126C5: ; CODE XREF: System::__linkproc__ FillChar(void)+12j pop edi retn FillCharz endp ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_1403C proc near ; CODE XREF: sub_14164+79p ; MD5Update+3Ep ... xchg eax, edx call Movez ; System::Move(void *,void *,int) retn sub_1403C endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› ; __fastcall System::Move(void const *, void *, int) Movez proc near ; CODE XREF: System::SysReallocMem(void *,int)+81p ; System::__linkproc__ LStrAsg(void)+1Bp ... push esi push edi mov esi, eax TextIn: mov edi, edx mov eax, ecx cmp edi, esi ja short loc_125AB jz short loc_125C9 sar ecx, 2 js short loc_125C9 rep movsd mov ecx, eax and ecx, 3 rep movsb pop edi pop esi retn ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ loc_125AB: ; CODE XREF: System::Move(void *,void *,int)+Aj lea esi, [ecx+esi-4] lea edi, [ecx+edi-4] sar ecx, 2 js short loc_125C9 std rep movsd mov ecx, eax and ecx, 3 add esi, 3 add edi, 3 rep movsb cld loc_125C9: ; CODE XREF: System::Move(void *,void *,int)+Cj ; System::Move(void *,void *,int)+11j ... pop edi pop esi retn Movez endp sub_14324 proc near ; CODE XREF: II+13p and edx, eax not eax and ecx, eax or edx, ecx mov eax, edx retn sub_14324 endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 10h ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_14330 proc near ; CODE XREF: HH+13p and eax, ecx not ecx and edx, ecx or eax, edx retn sub_14330 endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_1433C proc near ; CODE XREF: GG+13p xor eax, edx xor ecx, eax mov eax, ecx retn sub_1433C endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_14344 proc near ; CODE XREF: FF+13p not ecx or eax, ecx xor edx, eax mov eax, edx retn sub_14344 endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 10h ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_14350 proc near ; CODE XREF: II+25p HH+25p ... push ebx xor ecx, ecx mov cl, dl push ecx mov ecx, 20h pop ebx sub ecx, ebx mov ebx, [eax] shr ebx, cl mov ecx, edx mov edx, [eax] shl edx, cl or ebx, edx mov [eax], ebx pop ebx retn sub_14350 endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 10h ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› ; Attributes: bp-based frame II proc near ; CODE XREF: MD5Transform+5BBp ; MD5Transform+5D8p ... arg_0 = dword ptr 8 arg_4 = byte ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp push ebx push esi push edi mov edi, ecx mov esi, edx mov ebx, eax mov ecx, [ebp+arg_C] mov edx, edi mov eax, esi call sub_14324 add eax, [ebp+arg_8] add eax, [ebp+arg_0] add [ebx], eax mov eax, ebx mov dl, [ebp+arg_4] call sub_14350 add [ebx], esi pop edi pop esi pop ebx pop ebp retn 10h II endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› ; Attributes: bp-based frame HH proc near ; CODE XREF: MD5Transform+3EFp ; MD5Transform+40Cp ... arg_0 = dword ptr 8 arg_4 = byte ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp push ebx push esi push edi mov edi, ecx mov esi, edx mov ebx, eax mov ecx, [ebp+arg_C] mov edx, edi mov eax, esi call sub_14330 add eax, [ebp+arg_8] add eax, [ebp+arg_0] add [ebx], eax mov eax, ebx mov dl, [ebp+arg_4] call sub_14350 add [ebx], esi pop edi pop esi pop ebx pop ebp retn 10h HH endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› ; Attributes: bp-based frame GG proc near ; CODE XREF: MD5Transform+223p ; MD5Transform+240p ... arg_0 = dword ptr 8 arg_4 = byte ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp push ebx push esi push edi mov edi, ecx mov esi, edx mov ebx, eax mov ecx, [ebp+arg_C] mov edx, edi mov eax, esi call sub_1433C add eax, [ebp+arg_8] add eax, [ebp+arg_0] add [ebx], eax mov eax, ebx mov dl, [ebp+arg_4] call sub_14350 add [ebx], esi pop edi pop esi pop ebx pop ebp retn 10h GG endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› ; Attributes: bp-based frame FF proc near ; CODE XREF: MD5Transform+57p ; MD5Transform+74p ... arg_0 = dword ptr 8 arg_4 = byte ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp push ebx push esi push edi mov edi, ecx mov esi, edx mov ebx, eax mov ecx, [ebp+arg_C] mov edx, edi mov eax, esi call sub_14344 add eax, [ebp+arg_8] add eax, [ebp+arg_0] add [ebx], eax mov eax, ebx mov dl, [ebp+arg_4] call sub_14350 add [ebx], esi pop edi pop esi pop ebx pop ebp retn 10h FF endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 10h ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› MD5Decode proc near ; CODE XREF: MD5Transform+24p push ebx shr ecx, 2 test ecx, ecx jbe short loc_14473 loc_14448: ; CODE XREF: MD5Decode+31j xor ebx, ebx mov bl, [eax] mov [edx], ebx inc eax xor ebx, ebx mov bl, [eax] shl ebx, 8 or [edx], ebx inc eax xor ebx, ebx mov bl, [eax] shl ebx, 10h or [edx], ebx inc eax xor ebx, ebx mov bl, [eax] shl ebx, 18h or [edx], ebx inc eax add edx, 4 dec ecx jnz short loc_14448 loc_14473: ; CODE XREF: MD5Decode+6j pop ebx retn MD5Decode endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_14478 proc near ; CODE XREF: MD5Final+13p MD5Final+5Ep push esi mov esi, eax mov eax, edx mov edx, ecx test edx, edx jbe short loc_144B2 loc_14483: ; CODE XREF: sub_14478+38j mov cl, [esi] and cl, 0FFh mov [eax], cl inc eax mov ecx, [esi] shr ecx, 8 and cl, 0FFh mov [eax], cl inc eax mov ecx, [esi] shr ecx, 10h and cl, 0FFh mov [eax], cl inc eax mov ecx, [esi] shr ecx, 18h and cl, 0FFh mov [eax], cl inc eax add esi, 4 dec edx jnz short loc_14483 loc_144B2: ; CODE XREF: sub_14478+9j pop esi retn sub_14478 endp ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› sub_144B4 proc near ; CODE XREF: MD5Transform+787p ; MD5Transform+791p ... bswap eax retn sub_144B4 endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› MD5Transform proc near ; CODE XREF: MD5Update+48p ; MD5Update+55p var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch var_48 = dword ptr -48h var_44 = dword ptr -44h var_40 = dword ptr -40h var_3C = dword ptr -3Ch var_38 = dword ptr -38h var_34 = dword ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 push ebx push esi push edi push ebp add esp, 0FFFFFFACh mov ebx, edx mov [esp+54h+var_54], eax lea esi, [esp+54h+var_50] lea edi, [esp+54h+var_4C] lea ebp, [esp+54h+var_48] lea edx, [esp+54h+var_40] mov ecx, 40h ; Len mov eax, [esp+54h+var_54] call MD5Decode mov eax, [ebx] mov [esi], eax mov eax, [ebx+4] mov [edi], eax mov eax, [ebx+8] mov [ebp+0], eax mov eax, [ebx+0Ch] mov [esp+54h+var_44], eax mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_40] push eax push 7 push 0D76AA477h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call FF mov eax, [ebp+0] push eax mov eax, [esp+58h+var_3C] push eax push 0Ch push 0E8C7B756h ; MD5 ; MD5 transform ("compress") constants lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call FF mov eax, [edi] push eax mov eax, [esp+58h+var_38] push eax push 11h push 242070DBh mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call FF mov eax, [esi] push eax mov eax, [esp+58h+var_34] push eax push 16h push 0C1BDCEEEh mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call FF mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_30] push eax push 7 push 0F57C0FAFh mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call FF mov eax, [ebp+0] push eax mov eax, [esp+58h+var_2C] push eax push 0Ch push 4787C62Ah lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call FF mov eax, [edi] push eax mov eax, [esp+58h+var_28] push eax push 11h push 0A8304613h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call FF mov eax, [esi] push eax mov eax, [esp+58h+var_24] push eax push 16h push 0FD469501h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call FF mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_20] push eax push 7 push 698098D8h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call FF mov eax, [ebp+0] push eax mov eax, [esp+58h+var_1C] push eax push 0Ch push 8B44F7AFh lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call FF mov eax, [edi] push eax mov eax, [esp+58h+var_18] push eax push 11h push 0FFFF5BB1h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call FF mov eax, [esi] push eax mov eax, [esp+58h+var_14] push eax push 16h push 895CD7BEh mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call FF mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_10] push eax push 7 push 6B901122h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call FF mov eax, [ebp+0] push eax mov eax, [esp+58h+var_C] push eax push 0Ch push 0FD987193h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call FF mov eax, [edi] push eax mov eax, [esp+58h+var_8] push eax push 11h push 0A679438Eh mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call FF mov eax, [esi] push eax mov eax, [esp+58h+var_4] push eax push 16h push 49B40821h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call FF mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_3C] push eax push 5 push 0F61E2562h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call GG mov eax, [ebp+0] push eax mov eax, [esp+58h+var_28] push eax push 9 push 0C040B340h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call GG mov eax, [edi] push eax mov eax, [esp+58h+var_14] push eax push 0Eh push 265E5A51h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call GG mov eax, [esi] push eax mov eax, [esp+58h+var_40] push eax push 14h push 0E9B6C7AAh mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call GG mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_2C] push eax push 5 push 0D62F105Dh mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call GG mov eax, [ebp+0] push eax mov eax, [esp+58h+var_18] push eax push 9 push 2441453h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call GG mov eax, [edi] push eax mov eax, [esp+58h+var_4] push eax push 0Eh push 0D8A1E681h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call GG mov eax, [esi] push eax mov eax, [esp+58h+var_30] push eax push 14h push 0E7D3FBC8h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call GG mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_1C] push eax push 5 push 21E1CDE6h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call GG mov eax, [ebp+0] push eax mov eax, [esp+58h+var_8] push eax push 9 push 0C33707D6h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call GG mov eax, [edi] push eax mov eax, [esp+58h+var_34] push eax push 0Eh push 0F4D50D87h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call GG mov eax, [esi] push eax mov eax, [esp+58h+var_20] push eax push 14h push 455A14EDh mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call GG mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_C] push eax push 5 push 0A9E3E905h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call GG mov eax, [ebp+0] push eax mov eax, [esp+58h+var_38] push eax push 9 push 0FCEFA3F8h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call GG mov eax, [edi] push eax mov eax, [esp+58h+var_24] push eax push 0Eh push 676F02D9h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call GG mov eax, [esi] push eax mov eax, [esp+58h+var_10] push eax push 14h push 8D2A4C8Ah mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call GG mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_2C] push eax push 4 push 0FFFA3942h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call HH mov eax, [ebp+0] push eax mov eax, [esp+58h+var_20] push eax push 0Bh push 8771F681h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call HH mov eax, [edi] push eax mov eax, [esp+58h+var_14] push eax push 10h push 6D9D6122h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call HH mov eax, [esi] push eax mov eax, [esp+58h+var_8] push eax push 17h push 0FDE5380Ch mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call HH mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_3C] push eax push 4 push 0A4BEEA44h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call HH mov eax, [ebp+0] push eax mov eax, [esp+58h+var_30] push eax push 0Bh push 4BDECFA9h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call HH mov eax, [edi] push eax mov eax, [esp+58h+var_24] push eax push 10h push 0F6BB4B60h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call HH mov eax, [esi] push eax mov eax, [esp+58h+var_18] push eax push 17h push 0BEBFBC70h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call HH mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_C] push eax push 4 push 289B7EC6h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call HH mov eax, [ebp+0] push eax mov eax, [esp+58h+var_40] push eax push 0Bh push 0EAA127FAh lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call HH mov eax, [edi] push eax mov eax, [esp+58h+var_34] push eax push 10h push 0D4EF3085h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call HH mov eax, [esi] push eax mov eax, [esp+58h+var_28] push eax push 17h push 4881D05h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call HH mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_1C] push eax push 4 push 0D9D4D039h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call HH mov eax, [ebp+0] push eax mov eax, [esp+58h+var_10] push eax push 0Bh push 0E6DB99E5h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call HH mov eax, [edi] push eax mov eax, [esp+58h+var_4] push eax push 10h push 1FA27CF8h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call HH mov eax, [esi] push eax mov eax, [esp+58h+var_38] push eax push 17h push 0C4AC5665h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call HH mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_40] push eax push 6 push 0F4292244h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call II mov eax, [ebp+0] push eax mov eax, [esp+58h+var_24] push eax push 0Ah push 432AFF97h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call II mov eax, [edi] push eax mov eax, [esp+58h+var_8] push eax push 0Fh push 0AB9423A7h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call II mov eax, [esi] push eax mov eax, [esp+58h+var_2C] push eax push 15h push 0FC93A039h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call II mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_10] push eax push 6 push 655B59C3h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call II mov eax, [ebp+0] push eax mov eax, [esp+58h+var_34] push eax push 0Ah push 8F0CCC92h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call II mov eax, [edi] push eax mov eax, [esp+58h+var_18] push eax push 0Fh push 0FFEFF47Dh mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call II mov eax, [esi] push eax mov eax, [esp+58h+var_3C] push eax push 15h push 85845DD1h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call II mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_20] push eax push 6 push 6FA87E4Fh mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call II mov eax, [ebp+0] push eax mov eax, [esp+58h+var_4] push eax push 0Ah push 0FE2CE6E0h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call II mov eax, [edi] push eax mov eax, [esp+58h+var_28] push eax push 0Fh push 0A3014314h mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call II mov eax, [esi] push eax mov eax, [esp+58h+var_C] push eax push 15h push 4E0811A1h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call II mov eax, [esp+54h+var_44] push eax mov eax, [esp+58h+var_30] push eax push 6 push 0F7537E82h mov eax, esi mov ecx, [ebp+0] mov edx, [edi] call II mov eax, [ebp+0] push eax mov eax, [esp+58h+var_14] push eax push 0Ah push 0BD3AF235h lea eax, [esp+64h+var_44] mov ecx, [edi] mov edx, [esi] call II mov eax, [edi] push eax mov eax, [esp+58h+var_38] push eax push 0Fh push 2AD7D2BBh mov eax, ebp mov ecx, [esi] mov edx, [esp+64h+var_44] call II mov eax, [esi] push eax mov eax, [esp+58h+var_1C] push eax push 15h push 0EB86D391h mov eax, edi mov ecx, [esp+64h+var_44] mov edx, [ebp+0] call II mov eax, [esi] add [ebx], eax mov eax, [edi] add [ebx+4], eax mov eax, [ebp+0] add [ebx+8], eax mov eax, [esp+54h+var_44] add [ebx+0Ch], eax mov eax, [ebx] call sub_144B4 mov [ebx], eax mov eax, [ebx+4] call sub_144B4 mov [ebx+4], eax mov eax, [ebx+8] call sub_144B4 mov [ebx+8], eax mov eax, [ebx+0Ch] call sub_144B4 mov [ebx+0Ch], eax add esp, 54h pop ebp pop edi pop esi pop ebx retn MD5Transform endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 10h ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› MD5Init proc near ; CODE XREF: sub_15694+ECp mov ecx, edx xor ecx, 4D48205Bh mov [eax], ecx mov ecx, edx xor ecx, 30313058h mov [eax+4], ecx mov ecx, edx xor ecx, 41482D31h mov [eax+8], ecx xor edx, 5D204853h mov [eax+0Ch], edx xor edx, edx mov [eax+10h], edx xor edx, edx mov [eax+14h], edx add eax, 18h mov edx, 40h call sub_14044 retn MD5Init endp ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ align 4 ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› MD5Update proc near ; CODE XREF: MD5Final+42p MD5Final+50p ... push ebx push esi push edi push ebp mov edi, ecx mov ebp, edx mov esi, eax mov eax, [esi+10h] shr eax, 3 and eax, 3Fh mov edx, edi shl edx, 3 add [esi+10h], edx cmp edx, [esi+10h] jbe short loc_14CD7 inc dword ptr [esi+14h] loc_14CD7: ; CODE XREF: MD5Update+1Ej mov edx, edi shr edx, 1Dh add [esi+14h], edx mov ebx, 40h sub ebx, eax cmp ebx, edi ja short loc_14D1C lea eax, [esi+eax+18h] mov ecx, ebx mov edx, ebp call sub_1403C mov edx, esi lea eax, [esi+18h] call MD5Transform jmp short loc_14D11 ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ loc_14D03: ; CODE XREF: MD5Update+62j mov edx, esi lea eax, [ebp+ebx+0] call MD5Transform add ebx, 40h loc_14D11: ; CODE XREF: MD5Update+4Dj lea eax, [ebx+3Fh] cmp edi, eax ja short loc_14D03 xor eax, eax jmp short loc_14D1E ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ loc_14D1C: ; CODE XREF: MD5Update+34j xor ebx, ebx loc_14D1E: ; CODE XREF: MD5Update+66j lea eax, [esi+eax+18h] mov ecx, edi sub ecx, ebx lea edx, [ebp+ebx+0] call sub_1403C pop ebp pop edi pop esi pop ebx retn MD5Update endp ; ››››››››››››››› S U B R O U T I N E ››››››››››››››››››››››››››››››››››››››› MD5Final proc near ; CODE XREF: sub_15694+116p push ebx push esi add esp, 0FFFFFFF8h mov esi, edx mov ebx, eax mov edx, esp lea eax, [ebx+10h] mov ecx, 2 call sub_14478 mov eax, [ebx+10h] shr eax, 3 and eax, 3Fh cmp eax, 38h jnb short loc_14D65 mov edx, 38h sub edx, eax mov eax, edx jmp short loc_14D6E ; „„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ loc_14D65: ; CODE XREF: MD5Final+24j mov edx, 78h sub edx, eax mov eax, edx loc_14D6E: ; CODE XREF: MD5Final+2Fj mov edx, offset rot13 mov ecx, ebx xchg eax, ecx call MD5Update mov edx, esp mov eax, ebx mov ecx, 8 call MD5Update mov edx, esi mov eax, ebx mov ecx, 4 call sub_14478 mov eax, ebx mov edx, 58h call sub_14044 pop ecx pop edx pop esi pop ebx retn MD5Final endp