commit ea4689c79195e243bdbefef66d469a886aea750f
Author: Pedro Loures <120764243+iPedroLB@users.noreply.github.com>
Date:   Sat Apr 8 14:47:59 2023 -0300

    Add Files

diff --git a/2003.c b/2003.c
new file mode 100644
index 0000000..3cf2c61
--- /dev/null
+++ b/2003.c
@@ -0,0 +1,341 @@
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include <assert.h>
+
+typedef unsigned char U8;
+typedef unsigned long U32;
+
+U8 cset[] = "BCDFGHJKMPQRTVWXY2346789";
+
+#define FIELD_BITS_2003 512
+#define FIELD_BYTES_2003 64
+
+void unpack2003(U32 *osfamily, U32 *hash, U32 *sig, U32 *prefix, U32 *raw)
+{
+	osfamily[0] = raw[0] & 0x7ff;
+	hash[0] = ((raw[0] >> 11) | (raw[1] << 21)) & 0x7fffffff;
+	sig[0] = (raw[1] >> 10) | (raw[2] << 22);
+	sig[1] = ((raw[2] >> 10) | (raw[3] << 22)) & 0x3fffffff;
+	prefix[0] = (raw[3] >> 8) & 0x3ff;
+}
+
+void pack2003(U32 *raw, U32 *osfamily, U32 *hash, U32 *sig, U32 *prefix)
+{
+	raw[0] = osfamily[0] | (hash[0] << 11);
+	raw[1] = (hash[0] >> 21) | (sig[0] << 10);
+	raw[2] = (sig[0] >> 22) | (sig[1] << 10);
+	raw[3] = (sig[1] >> 22) | (prefix[0] << 8);
+}
+
+static void endian(U8 *x, int n)
+{
+	int i;
+	for (i = 0; i < n/2; i++) {
+		U8 t;
+		t = x[i];
+		x[i] = x[n-i-1];
+		x[n-i-1] = t;
+	}
+}
+
+void unbase24(U32 *x, U8 *c)
+{
+	memset(x, 0, 16);
+	int i, n;
+	
+	BIGNUM *y = BN_new();
+	BN_zero(y);
+	
+	for (i = 0; i < 25; i++)
+	{
+		BN_mul_word(y, 24);
+		BN_add_word(y, c[i]);
+	}
+	n = BN_num_bytes(y);
+	BN_bn2bin(y, (U8 *)x);
+	BN_free(y);
+	
+	endian((U8 *)x, n);
+}
+
+void base24(U8 *c, U32 *x)
+{
+	U8 y[16];
+	int i;
+	
+	BIGNUM *z;
+	memcpy(y, x, sizeof(y));
+	for (i = 15; y[i] == 0; i--) {} i++;
+	endian(y, i);
+	z = BN_bin2bn(y, i, NULL);
+	
+	c[25] = 0;
+	for (i = 24; i >= 0; i--) {
+		U8 t = BN_div_word(z, 24);
+		c[i] = cset[t];
+	}
+	BN_free(z);
+}
+
+void print_product_key(U8 *pk)
+{
+	int i;
+	assert(strlen(pk) == 25);
+	for (i = 0; i < 25; i++) {
+		putchar(pk[i]);
+		if (i != 24 && i % 5 == 4) putchar('-');
+	}
+}
+
+void verify2003(EC_GROUP *ec, EC_POINT *generator, EC_POINT *public_key, char *cdkey)
+{
+	U8 key[25];
+	int i, j, k;
+	
+	BN_CTX *ctx = BN_CTX_new();
+
+	for (i = 0, k = 0; i < strlen(cdkey); i++) {
+		for (j = 0; j < 24; j++) {
+			if (cdkey[i] != '-' && cdkey[i] == cset[j]) {
+				key[k++] = j;
+				break;
+			}
+			assert(j < 24);
+		}
+		if (k >= 25) break;
+	}
+	
+	U32 bkey[4] = {0};
+	U32 osfamily[1], hash[1], sig[2], prefix[1];
+	unbase24(bkey, key);
+	printf("%.8x %.8x %.8x %.8x\n", bkey[3], bkey[2], bkey[1], bkey[0]);
+	unpack2003(osfamily, hash, sig, prefix, bkey);
+	
+	printf("OS Family: %u\nHash: %.8x\nSig: %.8x %.8x\nPrefix: %.8x\n", osfamily[0], hash[0], sig[1], sig[0], prefix[0]);
+	
+	U8 buf[FIELD_BYTES_2003], md[20];
+	U32 h1[2];
+	SHA_CTX h_ctx;
+	
+	/* h1 = SHA-1(5D || OS Family || Hash || Prefix || 00 00) */
+	SHA1_Init(&h_ctx);
+	buf[0] = 0x5d;
+	buf[1] = osfamily[0] & 0xff;
+	buf[2] = (osfamily[0] & 0xff00) >> 8;
+	buf[3] = hash[0] & 0xff;
+	buf[4] = (hash[0] & 0xff00) >> 8;
+	buf[5] = (hash[0] & 0xff0000) >> 16;
+	buf[6] = (hash[0] & 0xff000000) >> 24;
+	buf[7] = prefix[0] & 0xff;
+	buf[8] = (prefix[0] & 0xff00) >> 8;
+	buf[9] = buf[10] = 0;
+	SHA1_Update(&h_ctx, buf, 11);
+	SHA1_Final(md, &h_ctx);
+	h1[0] = md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24);
+	h1[1] = (md[4] | (md[5] << 8) | (md[6] << 16) | (md[7] << 24)) >> 2;
+	h1[1] &= 0x3FFFFFFF;
+	printf("h1: %.8x %.8x\n", h1[1], h1[0]);
+	
+	BIGNUM *s, *h, *x, *y;
+	x = BN_new();
+	y = BN_new();
+	endian((U8 *)sig, 8);
+	endian((U8 *)h1, 8);
+	s = BN_bin2bn((U8 *)sig, 8, NULL);
+	h = BN_bin2bn((U8 *)h1, 8, NULL);
+
+	EC_POINT *r = EC_POINT_new(ec);
+	EC_POINT *t = EC_POINT_new(ec);
+	/* r = sig*(sig*generator + h1*public_key) */
+	EC_POINT_mul(ec, t, NULL, generator, s, ctx);
+	EC_POINT_mul(ec, r, NULL, public_key, h, ctx);
+	EC_POINT_add(ec, r, r, t, ctx);
+	EC_POINT_mul(ec, r, NULL, r, s, ctx);
+	EC_POINT_get_affine_coordinates_GFp(ec, r, x, y, ctx);
+	
+	U32 h2[1];
+	/* h2 = SHA-1(79 || OS Family || r.x || r.y) */
+	SHA1_Init(&h_ctx);
+	buf[0] = 0x79;
+	buf[1] = osfamily[0] & 0xff;
+	buf[2] = (osfamily[0] & 0xff00) >> 8;
+	SHA1_Update(&h_ctx, buf, 3);
+	
+	memset(buf, 0, FIELD_BYTES_2003);
+	BN_bn2bin(x, buf);
+	endian((U8 *)buf, FIELD_BYTES_2003);
+	SHA1_Update(&h_ctx, buf, FIELD_BYTES_2003);
+	
+	memset(buf, 0, FIELD_BYTES_2003);
+	BN_bn2bin(y, buf);
+	endian((U8 *)buf, FIELD_BYTES_2003);
+	SHA1_Update(&h_ctx, buf, FIELD_BYTES_2003);
+	
+	SHA1_Final(md, &h_ctx);
+	h2[0] = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) & 0x7fffffff;
+	printf("Calculated hash: %.8x\n", h2[0]);
+	
+	if (h2[0] == hash[0]) printf("Key VALID\n");
+	else printf("Key invalid\n");
+	
+	BN_free(s);
+	BN_free(h);
+	BN_free(x);
+	BN_free(y);
+	EC_POINT_free(r);
+	EC_POINT_free(t);
+	BN_CTX_free(ctx);
+}
+
+void generate2003(U8 *pkey, EC_GROUP *ec, EC_POINT *generator, BIGNUM *order, BIGNUM *priv, U32 *osfamily, U32 *prefix)
+{
+	BN_CTX *ctx = BN_CTX_new();
+
+	BIGNUM *k = BN_new();
+	BIGNUM *s = BN_new();
+	BIGNUM *x = BN_new();
+	BIGNUM *y = BN_new();
+	BIGNUM *b = BN_new();
+	EC_POINT *r = EC_POINT_new(ec);
+
+	U32 bkey[4];
+	U8 buf[FIELD_BYTES_2003], md[20];
+	U32 h1[2];
+	U32 hash[1], sig[2];
+	
+	SHA_CTX h_ctx;
+	
+	for (;;) {
+		/* r = k*generator */
+		BN_pseudo_rand(k, FIELD_BITS_2003, -1, 0);
+		EC_POINT_mul(ec, r, NULL, generator, k, ctx);
+		EC_POINT_get_affine_coordinates_GFp(ec, r, x, y, ctx);
+			
+		/* hash = SHA-1(79 || OS Family || r.x || r.y) */
+		SHA1_Init(&h_ctx);
+		buf[0] = 0x79;
+		buf[1] = osfamily[0] & 0xff;
+		buf[2] = (osfamily[0] & 0xff00) >> 8;
+		SHA1_Update(&h_ctx, buf, 3);
+		
+		memset(buf, 0, FIELD_BYTES_2003);
+		BN_bn2bin(x, buf);
+		endian((U8 *)buf, FIELD_BYTES_2003);
+		SHA1_Update(&h_ctx, buf, FIELD_BYTES_2003);
+		
+		memset(buf, 0, FIELD_BYTES_2003);
+		BN_bn2bin(y, buf);
+		endian((U8 *)buf, FIELD_BYTES_2003);
+		SHA1_Update(&h_ctx, buf, FIELD_BYTES_2003);
+		
+		SHA1_Final(md, &h_ctx);
+		hash[0] = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) & 0x7fffffff;
+			
+		/* h1 = SHA-1(5D || OS Family || Hash || Prefix || 00 00) */
+		SHA1_Init(&h_ctx);
+		buf[0] = 0x5d;
+		buf[1] = osfamily[0] & 0xff;
+		buf[2] = (osfamily[0] & 0xff00) >> 8;
+		buf[3] = hash[0] & 0xff;
+		buf[4] = (hash[0] & 0xff00) >> 8;
+		buf[5] = (hash[0] & 0xff0000) >> 16;
+		buf[6] = (hash[0] & 0xff000000) >> 24;
+		buf[7] = prefix[0] & 0xff;
+		buf[8] = (prefix[0] & 0xff00) >> 8;
+		buf[9] = buf[10] = 0;
+		SHA1_Update(&h_ctx, buf, 11);
+		SHA1_Final(md, &h_ctx);
+		h1[0] = md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24);
+		h1[1] = (md[4] | (md[5] << 8) | (md[6] << 16) | (md[7] << 24)) >> 2;
+		h1[1] &= 0x3FFFFFFF;
+		printf("h1: %.8x %.8x\n", h1[1], h1[0]);
+	
+		/* s = ( -h1*priv + sqrt( (h1*priv)^2 + 4k ) ) / 2 */
+		endian((U8 *)h1, 8);
+		BN_bin2bn((U8 *)h1, 8, b);
+		BN_mod_mul(b, b, priv, order, ctx);
+		BN_copy(s, b);
+		BN_mod_sqr(s, s, order, ctx);
+		BN_lshift(k, k, 2);
+		BN_add(s, s, k);
+		BN_mod_sqrt(s, s, order, ctx);
+		BN_mod_sub(s, s, b, order, ctx);
+		if (BN_is_odd(s)) {
+			BN_add(s, s, order);
+		}
+		BN_rshift1(s, s);
+		sig[0] = sig[1] = 0;
+		BN_bn2bin(s, (U8 *)sig);
+		endian((U8 *)sig, BN_num_bytes(s));
+		if (sig[1] < 0x40000000) break;
+	}
+	pack2003(bkey, osfamily, hash, sig, prefix);
+	printf("OS family: %u\nHash: %.8x\nSig: %.8x %.8x\nPrefix: %.8x\n", osfamily[0], hash[0], sig[1], sig[0], prefix[0]);
+	printf("%.8x %.8x %.8x %.8x\n", bkey[3], bkey[2], bkey[1], bkey[0]);
+	base24(pkey, bkey);
+	
+	BN_free(k);
+	BN_free(s);
+	BN_free(x);
+	BN_free(y);
+	BN_free(b);
+	EC_POINT_free(r);
+
+	BN_CTX_free(ctx);
+	
+}
+
+int main()
+{
+	BIGNUM *a, *b, *p, *gx, *gy, *pubx, *puby, *n, *priv;
+	BN_CTX *ctx = BN_CTX_new();
+	
+	a = BN_new();
+	b = BN_new();
+	p = BN_new();
+	gx = BN_new();
+	gy = BN_new();
+	pubx = BN_new();
+	puby = BN_new();
+	n = BN_new();
+	priv = BN_new();
+
+	/* Windows Sever 2003 VLK */
+	BN_set_word(a, 1);
+	BN_set_word(b, 0);
+	BN_hex2bn(&p,    "C9AE7AED19F6A7E100AADE98134111AD8118E59B8264734327940064BC675A0C682E19C89695FBFA3A4653E47D47FD7592258C7E3C3C61BBEA07FE5A7E842379");
+	BN_hex2bn(&gx,   "85ACEC9F9F9B456A78E43C3637DC88D21F977A9EC15E5225BD5060CE5B892F24FEDEE574BF5801F06BC232EEF2161074496613698D88FAC4B397CE3B475406A7");
+	BN_hex2bn(&gy,   "66B7D1983F5D4FE43E8B4F1E28685DE0E22BBE6576A1A6B86C67533BF72FD3D082DBA281A556A16E593DB522942C8DD7120BA50C9413DF944E7258BDDF30B3C4");
+	BN_hex2bn(&pubx, "90BF6BD980C536A8DB93B52AA9AEBA640BABF1D31BEC7AA345BB7510194A9B07379F552DA7B4A3EF81A9B87E0B85B5118E1E20A098641EE4CCF2045558C98C0E");
+	BN_hex2bn(&puby, "6B87D1E658D03868362945CDD582E2CF33EE4BA06369E0EFE9E4851F6DCBEC7F15081E250D171EA0CC4CB06435BCFCFEA8F438C9766743A06CBD06E7EFB4C3AE");
+	BN_hex2bn(&n,    "4CC5C56529F0237D"); // from mskey 4in1
+	BN_hex2bn(&priv, "2606120F59C05118");
+	
+	
+	EC_GROUP *ec = EC_GROUP_new_curve_GFp(p, a, b, ctx);
+	EC_POINT *g = EC_POINT_new(ec);
+	EC_POINT_set_affine_coordinates_GFp(ec, g, gx, gy, ctx);
+	EC_POINT *pub = EC_POINT_new(ec);
+	EC_POINT_set_affine_coordinates_GFp(ec, pub, pubx, puby, ctx);
+	
+	assert(EC_POINT_is_on_curve(ec, g, ctx) == 1);
+	assert(EC_POINT_is_on_curve(ec, pub, ctx) == 1);
+	
+	U8 pkey[25];
+	U32 osfamily[1], prefix[1];
+	
+	osfamily[0] = 1280;
+	RAND_pseudo_bytes((U8 *)prefix, 4);
+	prefix[0] &= 0x3ff;
+	generate2003(pkey, ec, g, n, priv, osfamily, prefix);
+	printf("Product Key: "); print_product_key(pkey); printf("\n\n");
+	verify2003(ec, g, pub, pkey);
+
+	BN_CTX_free(ctx);
+	
+	return 0;
+}
diff --git a/auto2003.c b/auto2003.c
new file mode 100644
index 0000000..69dea10
--- /dev/null
+++ b/auto2003.c
@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main()
+{
+  int numero = 1;
+  char cmd[300];
+  while (numero < 1001){
+    sprintf(cmd, "./server2003 > %d.txt", numero, numero);
+    system(cmd);
+    numero=numero+1;
+  }
+}
diff --git a/autoxp.c b/autoxp.c
new file mode 100644
index 0000000..1eebc33
--- /dev/null
+++ b/autoxp.c
@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main()
+{
+  int numero = 1;
+  char cmd[300];
+  while (numero < 1001){
+    sprintf(cmd, "./windowsxp > %d.txt", numero, numero);
+    system(cmd);
+    numero=numero+1;
+  }
+}
diff --git a/build-all.bat b/build-all.bat
new file mode 100644
index 0000000..823184c
--- /dev/null
+++ b/build-all.bat
@@ -0,0 +1,4 @@
+g++ 2003.c -fpermissive "libcrypto-1_1.dll" "libssl-1_1.dll" -o server2003
+g++ xp.c "libcrypto-1_1.dll" "libssl-1_1.dll" -o windowsxp
+g++ -Wformat-extra-args autoxp.c -o autoxp
+g++ -Wformat-extra-args auto2003.c -o auto2003
\ No newline at end of file
diff --git a/libcrypto-1_1.dll b/libcrypto-1_1.dll
new file mode 100644
index 0000000..5a68bb2
Binary files /dev/null and b/libcrypto-1_1.dll differ
diff --git a/libssl-1_1.dll b/libssl-1_1.dll
new file mode 100644
index 0000000..093722a
Binary files /dev/null and b/libssl-1_1.dll differ
diff --git a/xp.c b/xp.c
new file mode 100644
index 0000000..b051e0a
--- /dev/null
+++ b/xp.c
@@ -0,0 +1,367 @@
+/*
+	Windows XP CD Key Verification/Generator v0.03
+	by z22
+	
+	Compile with OpenSSL libs, modify to suit your needs.
+	http://gnuwin32.sourceforge.net/packages/openssl.htm
+
+	History:
+	0.03	Stack corruptionerror on exit fixed (now pkey is large enough)
+			More Comments added
+	0.02	Changed name the *.cpp;
+			Fixed minor bugs & Make it compilable on VC++
+	0.01	First version compilable MingW
+
+
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/sha.h>
+#include <assert.h>
+
+
+#define FIELD_BITS 384
+#define FIELD_BYTES 48
+unsigned char cset[] = "BCDFGHJKMPQRTVWXY2346789";
+
+
+static void unpack(unsigned long *pid, unsigned long *hash, unsigned long *sig, unsigned long *raw)
+{
+ // pid = Bit 0..30 
+	pid[0] = raw[0] & 0x7fffffff;
+ 
+ // hash(s) = Bit 31..58
+	hash[0] = ((raw[0] >> 31) | (raw[1] << 1)) & 0xfffffff;
+ 
+ // sig(e) = bit 58..113
+	sig[0] = (raw[1] >> 27) | (raw[2] << 5);
+	sig[1] = (raw[2] >> 27) | (raw[3] << 5);
+}
+
+static void pack(unsigned long *raw, unsigned long *pid, unsigned long *hash, unsigned long *sig)
+{
+	raw[0] = pid[0] | ((hash[0] & 1) << 31);
+	raw[1] = (hash[0] >> 1) | ((sig[0] & 0x1f) << 27);
+	raw[2] = (sig[0] >> 5) | (sig[1] << 27);
+	raw[3] = sig[1] >> 5;
+}
+
+// Reverse data
+static void endian(unsigned char *data, int len)
+{
+	int i;
+	for (i = 0; i < len/2; i++) {
+		unsigned char temp;
+		temp = data[i];
+		data[i] = data[len-i-1];
+		data[len-i-1] = temp;
+	}
+}
+
+void unbase24(unsigned long *x, unsigned char *c)
+{
+
+	memset(x, 0, 16);
+	int i, n;
+
+	BIGNUM *y = BN_new();
+	BN_zero(y);
+	
+	for (i = 0; i < 25; i++)
+	{
+		BN_mul_word(y, 24);
+		BN_add_word(y, c[i]);
+	}
+	n = BN_num_bytes(y);
+	BN_bn2bin(y, (unsigned char *)x);
+	BN_free(y);
+	
+	endian((unsigned char *)x, n);
+}
+
+void base24(unsigned char *c, unsigned long *x)
+{
+	unsigned char y[16];
+	int i;
+	BIGNUM *z;
+
+ // Convert x to BigNum z
+	memcpy(y, x, sizeof(y));				// Copy X to Y; Y=X
+	for (i = 15; y[i] == 0; i--) {} i++;	// skip following nulls
+	endian(y, i);							// Reverse y
+ 	z = BN_bin2bn(y, i, NULL);				// Convert y to BigNum z
+
+
+ // Divide z by 24 and convert remainder with cset to Base24-CDKEY Char
+	c[25] = 0;
+	for (i = 24; i >= 0; i--) {
+		unsigned char t = BN_div_word(z, 24);
+		c[i] = cset[t];
+	}
+
+	BN_free(z);
+}
+
+void print_product_id(unsigned long *pid)
+{
+	char raw[12];
+	char b[6], c[8];
+	int i, digit = 0;
+	
+ //	Cut a away last bit of pid and convert it to an accii-number (=raw)
+	sprintf(raw, "%d", pid[0] >> 1);
+ 
+ // Make b-part {640-....}
+	strncpy(b, raw, 3);
+	b[3] = 0;
+
+ // Make c-part {...-123456X...}
+	strcpy(c, raw + 3);
+
+ // Make checksum digit-part {...56X-}
+	assert(strlen(c) == 6);
+	for (i = 0; i < 6; i++) 
+		digit -= c[i] - '0';	// Sum digits
+
+	while (digit < 0) 
+		digit += 7;
+	c[6] = digit + '0';
+	c[7] = 0;
+	
+	printf("Product ID: 55274-%s-%s-23xxx\n", b, c);
+}
+
+void print_product_key(unsigned char *pk)
+{
+	int i;
+	assert(strlen((const char *)pk) == 25);
+	for (i = 0; i < 25; i++) {
+		putchar(pk[i]);
+		if (i != 24 && i % 5 == 4) putchar('-');
+	}
+}
+
+void verify(EC_GROUP *ec, EC_POINT *generator, EC_POINT *public_key, char *cdkey)
+{
+	unsigned char key[25];
+	int i, j, k;
+
+	BN_CTX *ctx = BN_CTX_new();
+// remove Dashs from CDKEY
+	for (i = 0, k = 0; i < strlen(cdkey); i++) {
+		for (j = 0; j < 24; j++) {
+			if (cdkey[i] != '-' && cdkey[i] == cset[j]) {
+				key[k++] = j;
+				break;
+			}
+			assert(j < 24);
+		}
+		if (k >= 25) break;
+	}
+	
+ // Base24_CDKEY -> Bin_CDKEY
+	unsigned long bkey[4] = {0};
+	unsigned long pid[1], hash[1], sig[2];
+	unbase24(bkey, key);
+ 
+ // Output Bin_CDKEY
+	printf("%.8x %.8x %.8x %.8x\n", bkey[3], bkey[2], bkey[1], bkey[0]);
+
+ // Divide/Extract pid_data, hash, sig  from Bin_CDKEY
+	unpack(pid, hash, sig, bkey);
+	print_product_id(pid);
+	
+	printf("PID: %.8x\nHash: %.8x\nSig: %.8x %.8x\n", pid[0], hash[0], sig[1], sig[0]);
+
+	
+	BIGNUM *e, *s;
+	
+	/* e = hash, s = sig */
+	e = BN_new();
+	BN_set_word(e, hash[0]);
+	endian((unsigned char *)sig, sizeof(sig));
+	s = BN_bin2bn((unsigned char *)sig, sizeof(sig), NULL);
+	
+	BIGNUM *x = BN_new();
+	BIGNUM *y = BN_new();
+	EC_POINT *u = EC_POINT_new(ec);
+	EC_POINT *v = EC_POINT_new(ec);
+	
+	/* v = s*generator + e*(-public_key) */
+	EC_POINT_mul(ec, u, NULL, generator, s, ctx);
+	EC_POINT_mul(ec, v, NULL, public_key, e, ctx);
+	EC_POINT_add(ec, v, u, v, ctx);
+	EC_POINT_get_affine_coordinates_GFp(ec, v, x, y, ctx);
+	
+	unsigned char buf[FIELD_BYTES], md[20];
+	unsigned long h;
+	unsigned char t[4];
+	SHA_CTX h_ctx;
+	
+	/* h = (fist 32 bits of SHA1(pid || v.x, v.y)) >> 4 */
+	SHA1_Init(&h_ctx);
+	t[0] =  pid[0] & 0xff;
+	t[1] = (pid[0] & 0xff00) >> 8;
+	t[2] = (pid[0] & 0xff0000) >> 16;
+	t[3] = (pid[0] & 0xff000000) >> 24;
+	SHA1_Update(&h_ctx, t, sizeof(t));
+	
+	memset(buf, 0, sizeof(buf));
+	BN_bn2bin(x, buf);
+	endian((unsigned char *)buf, sizeof(buf));
+	SHA1_Update(&h_ctx, buf, sizeof(buf));
+	
+	memset(buf, 0, sizeof(buf));
+	BN_bn2bin(y, buf);
+	endian((unsigned char *)buf, sizeof(buf));
+	SHA1_Update(&h_ctx, buf, sizeof(buf));
+	
+	SHA1_Final(md, &h_ctx);
+	h = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
+	h &= 0xfffffff;
+	
+	printf("Calculated hash: %.8x\n", h);
+	if (h == hash[0]) printf("Key valid\n");
+	else printf("Key invalid\n");
+	putchar('\n');
+	
+	BN_free(e);
+	BN_free(s);
+	BN_free(x);
+	BN_free(y);
+	EC_POINT_free(u);
+	EC_POINT_free(v);
+
+	BN_CTX_free(ctx);
+}
+
+void generate(unsigned char *pkey, EC_GROUP *ec, EC_POINT *generator, BIGNUM *order, BIGNUM *priv, unsigned long *pid)
+{
+	BN_CTX *ctx = BN_CTX_new();
+
+	BIGNUM *k = BN_new();
+	BIGNUM *s = BN_new();
+	BIGNUM *x = BN_new();
+	BIGNUM *y = BN_new();
+	EC_POINT *r = EC_POINT_new(ec);
+	unsigned long bkey[4];
+
+ // Loop in case signaturepart will make cdkey(base-24 "digits") longer than 25 
+	do {
+		BN_pseudo_rand(k, FIELD_BITS, -1, 0);
+		EC_POINT_mul(ec, r, NULL, generator, k, ctx);
+		EC_POINT_get_affine_coordinates_GFp(ec, r, x, y, ctx);
+		
+		SHA_CTX h_ctx;
+		unsigned char t[4], md[20], buf[FIELD_BYTES];
+		unsigned long hash[1];
+		/* h = (fist 32 bits of SHA1(pid || r.x, r.y)) >> 4 */
+		SHA1_Init(&h_ctx);
+		t[0] =  pid[0] & 0xff;
+		t[1] = (pid[0] & 0xff00) >> 8;
+		t[2] = (pid[0] & 0xff0000) >> 16;
+		t[3] = (pid[0] & 0xff000000) >> 24;
+		SHA1_Update(&h_ctx, t, sizeof(t));
+		
+		memset(buf, 0, sizeof(buf));
+		BN_bn2bin(x, buf);
+		endian((unsigned char *)buf, sizeof(buf));
+		SHA1_Update(&h_ctx, buf, sizeof(buf));
+		
+		memset(buf, 0, sizeof(buf));
+		BN_bn2bin(y, buf);
+		endian((unsigned char *)buf, sizeof(buf));
+		SHA1_Update(&h_ctx, buf, sizeof(buf));
+		
+		SHA1_Final(md, &h_ctx);
+		hash[0] = (md[0] | (md[1] << 8) | (md[2] << 16) | (md[3] << 24)) >> 4;
+		hash[0] &= 0xfffffff;
+		
+		/* s = priv*h + k */
+		BN_copy(s, priv);
+		BN_mul_word(s, hash[0]);
+		BN_mod_add(s, s, k, order, ctx);
+		
+		unsigned long sig[2] = {0};
+		BN_bn2bin(s, (unsigned char *)sig);
+		endian((unsigned char *)sig, BN_num_bytes(s));
+		pack(bkey, pid, hash, sig);
+		printf("PID: %.8x\nHash: %.8x\nSig: %.8x %.8x\n", pid[0], hash[0], sig[1], sig[0]);
+	} while (bkey[3] >= 0x62a32);
+
+	base24(pkey, bkey);
+	
+	BN_free(k);
+	BN_free(s);
+	BN_free(x);
+	BN_free(y);
+	EC_POINT_free(r);
+
+	BN_CTX_free(ctx);
+}
+
+int main()
+{
+ // Init
+	BIGNUM *a, *b, *p, *gx, *gy, *pubx, *puby, *n, *priv;
+	BN_CTX *ctx = BN_CTX_new();
+	
+	// make BigNumbers
+	a = BN_new();
+	b = BN_new();
+	p = BN_new();
+	gx = BN_new();
+	gy = BN_new();
+	pubx = BN_new();
+	puby = BN_new();
+	n = BN_new();
+	priv = BN_new();
+
+ // Data from pidgen-Bink-resources
+	/* Elliptic curve parameters: y^2 = x^3 + ax + b mod p */
+	BN_hex2bn(&p,    "92ddcf14cb9e71f4489a2e9ba350ae29454d98cb93bdbcc07d62b502ea12238ee904a8b20d017197aae0c103b32713a9");
+	BN_set_word(a, 1);
+	BN_set_word(b, 0);
+	
+
+	/* base point (generator) G */
+	BN_hex2bn(&gx,   "46E3775ECE21B0898D39BEA57050D422A0AF989E497962BAEE2CB17E0A28D5360D5476B8DC966443E37A14F1AEF37742");
+	BN_hex2bn(&gy,   "7C8E741D2C34F4478E325469CD491603D807222C9C4AC09DDB2B31B3CE3F7CC191B3580079932BC6BEF70BE27604F65E");
+
+	/* inverse of public key */
+	BN_hex2bn(&pubx, "5D8DBE75198015EC41C45AAB6143542EB098F6A5CC9CE4178A1B8A1E7ABBB5BC64DF64FAF6177DC1B0988AB00BA94BF8");
+	BN_hex2bn(&puby, "23A2909A0B4803C89F910C7191758B48746CEA4D5FF07667444ACDB9512080DBCA55E6EBF30433672B894F44ACE92BFA");
+
+ // Computed data
+	/* order of G - computed in 18 hours using a P3-450 */
+	BN_hex2bn(&n,    "DB6B4C58EFBAFD");
+
+	/* THE private key  - computed in 10 hours using a P3-450 */
+	BN_hex2bn(&priv, "565B0DFF8496C8");
+
+ // Calculation
+	EC_GROUP *ec = EC_GROUP_new_curve_GFp(p, a, b, ctx);
+	EC_POINT *g = EC_POINT_new(ec);
+	EC_POINT_set_affine_coordinates_GFp(ec, g, gx, gy, ctx);
+	EC_POINT *pub = EC_POINT_new(ec);
+	EC_POINT_set_affine_coordinates_GFp(ec, pub, pubx, puby, ctx);
+	
+	unsigned char pkey[26];
+	unsigned long pid[1];
+	pid[0] = 640000000 << 1; /* <- change */
+
+ // generate a key
+	generate(pkey, ec, g, n, priv, pid);
+	printf("Product Key: "); print_product_key(pkey); printf("\n\n");
+
+ // verify the key
+	verify(ec, g, pub, (char*)pkey);
+	
+ // Cleanup
+	BN_CTX_free(ctx);
+	
+	return 0;
+}