Untitled

All this discussion... Is there anyone who actually look into disassembled code?

1) First of all each of three keys:
- CDKEY: kjfxqwwakdkxyb
- CUSTID: (varies with each installation)
- Each of six of unlock keys
Are a two 32bit integer.
As example for the CDKEY it was:
key1: BEA9AC1A
key2: 072CCD2D
Just split each key to 7-char sequence and use this code for each part:

unsigned int strtokey(char *s) {
unsigned int r, i;
  r = 0;
  for (i = 0; i < 7; i++) {
    r *= 26;
    r += (toupper(s[i]) - 'A');
  }
  return(r);
}

2) Both key1 and key2 have some kind of additional check between each other, so you can't use some random values here. In the end you have 64 bits of data (32+32) to bruteforce. It's huge if you take into account that there is only one (and slow) way to check each key - run the CLI.EXE tool (see below).

3) UNLOCKV2.EXE calls the CLI.EXE with the following commandline:
CLI A "ABCDEFGHIJKLMN"
Where instead of ABCDEFGHIJKLMN you should write a correct 14-char unlock key.
You can use this to quick check for the unlock key. Just don't forget to run once this two before (assumming game installed to C:\SPCDV2):
DPMS
vendrun C:\SPCDV2\setup

4) SETUP\SYSINFO.DOS file contains infromation about TEAM?.VCL files. Here is a brief format info:
// 7 records total
// format for recod 0 is unknown
// but for next records 1 till 6 as follows:
uint32 filesize; // TEAM?.VCL size
uint32 unknown; // unknown data
uint16 zero; // always zero (unlock flag?)

You can decrypt HLS image and check that filesize of each TEAM?.VCL file match this fields in the SYSINFO.DOS file.

5) And the last hint: each of .VCL file starts with the static 52 bytes of copyright and signature data. So you can use this to check any encryption method you want to compare original data (see STATUS.VCL for example) with the decrypted.

I hope this helps.