; This wasn't meant to be released as source.. but wtf.... ; enjoy it! ;) - oh btw.. this was spread thru Stone's homepage - find me :) .MODEL SMALL .STACK 100h .386 .DATA input DB 22h,0 ; Allow usernames up till 16 Chars - disregard more sentence DB 22h dup ('$') ; buffer to store real input at stat1 DW 0 ; Statistic no.1. - (half the serial) stat2 DW 0 ; Statistic no.2. - (other half the serial) count DW 0ffFFh ; byte need to count with flaf DB 0 rightkeytxt DB 'The key is: ' rightkey DB '12345678',10,13,'$' ; Store the generated key here introtxt DB 'Enter your name: ','$' lnfd DB 10,13,'$' ; Line feed reginfo DB 'Username: $' UCF DB 'ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ',10,13 DB ' ÜÜÜ ÜÜÜ ÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜ ',10,13 DB ' ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛÜÜÜ ',10,13 DB ' ÛÛÛÜ ÛÛÛ ÛÛÛÜ ÛÛÛ ',10,13 DB ' ßßßßßßßßß ßßßßßßßßß ßßß ',10,13 DB 'ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ',10,13 DB ' u N I T E D c R ’ C K I N G f O R C E ',10,13 DB 'ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ',10,13 DB ' WinZip 6.2 & 6.3 Beta 5 Keymaker',10,13 DB ' By Drone [F4CG] & Stone [UCF] (C) 1997',10,13,10,13,'$' .CODE START: MOV AX, @DATA ; Make DS&ES point to the DATA MOV DS,AX MOV ES,AX LEA EDX, [ucf] ; Prime example of non efficient coding :) MOV AH,9h INT 21h LEA EDX,[introtxt] ; Write the introductory text MOV AH,9h INT 21h LEA EDX,[input] ; Fetch Input XOR EBX,EBX MOV AH,0ah INT 21h CMP BYTE PTR [input+1],0 ; did the sucker type nothing? JZ nokey MOVZX EBX, BYTE PTR [input +1] ; zero-terminate MOV BYTE PTR [sentence+EBX],0h LEA EDX, [lnfd] ; Write a linefeed MOV AH,9h INT 21h XOR EBX,EBX genstat1: INC WORD PTR [count] ; Increase counter INC EBX LEA EAX,[sentence+EBX-1] MOVZX EAX,BYTE PTR [EAX] TEST EAX,EAX JZ endstat1 LEA EAX,[sentence+EBX-1] MOVZX EAX,BYTE PTR [EAX] MOVZX ECX,WORD PTR [count] IMUL EAX,ECX MOVZX ECX,WORD PTR [stat1] ADD EAX,ECX MOV [stat1],AX JMP genstat1 endstat1: XOR EBX,EBX MOV WORD PTR [count],0ffffh genstat2: INC DWORD PTR [count] ; Counter - ini =0 INC EBX LEA EAX,[Sentence+EBX-1] ; username MOVZX EAX,BYTE PTR [EAX] TEST EAX,EAX JZ endstat2 PUSH 00001021h LEA EAX,[Sentence+EBX-1] MOVZX AX,BYTE PTR [EAX] PUSH EAX PUSH DWORD PTR [STAT2] ; ebp-8 = stat2 CALL c40AF3C ADD ESP,0Ah ;? MOV WORD PTR [STAT2],AX JMP genstat2 endstat2: MOV AX, WORD PTR [STAT2] ADD AX, 63h SHL EAX,16 MOV AX, WORD PTR [stat1] MOV ESI,EAX LEA EBX, [rightkey+8] CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX,4 CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX, 8 CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX, 12 CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX, 16 CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX, 20 CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX, 24 CALL al1 MOV EAX, ESI ; Fetch ax SHR EAX, 28 CALL al1 LEA EDX, [reginfo] MOV AH,9 INT 21h LEA EDX,[sentence] MOV AH,9h INT 21h LEA EDX, [lnfd] MOV AH,9 INT 21h LEA EDX, [rightkeytxt] MOV AH,9h INT 21h nokey: MOV AH,4ch INT 21h al1: DEC EBX SHL AL,4 ; fetch first half byte SHR AL,4 ADD AL,055d ; make it a letter CMP AL,41h ; was it really a number? JGE endal1 SUB AL,7 endal1: MOV BYTE PTR [EBX],AL RET c40AF3C: PUSH EBP MOV EBP,ESP ADD ESP,04 SUB EBP,2 PUSH EBX PUSH ESI PUSH EDI SHL WORD PTR [EBP+0Ch],08 MOV DWORD PTR [EBP-04],00000000 JMP d40AF59 d40af56: INC DWORD PTR [EBP-04] d40af59: CMP DWORD PTR [EBP-04],08 JGE d40AF98 MOVZX EAX,WORD PTR [EBP+0Ch] MOVZX ECX,WORD PTR [EBP+08] XOR EAX,ECX TEST AH,080h JZ d40AF8B MOVZX EAX,WORD PTR [EBP+08] ADD EAX,EAX MOVZX ECX,WORD PTR [EBP+010h] XOR EAX,ECX MOV [EBP+08],AX JMP d40AF8F d40af8b: SHL WORD PTR [EBP+08],1 d40af8f: SHL WORD PTR [EBP+0Ch],1 JMP d40AF56 d40af98: MOV AX,[EBP+08] POP EDI POP ESI POP EBX RET END START