Ok, I've looked at the code snippet and know exactly what it does, I've done some basic analysis and identified the following...
Each generated number can be 0-15 (hex digit of the pwd hash) plus 45,46,48-57,65-90 (ASCII val of char to be encrypted) minus 0-480 (sum of the MD5 hash digits)
When working this back each value in the "encrypted" string has a possibility of 570 collisions, that is there are 15 possible combinations of the above values for each of 38 ASCII chars that could result in the same number being output.
Admittedly we only need to brute force 9 of the 20 serial characters as the rest are either -.OEM1 or CR/LF, so that’s 324 combinations (of 0-1,A-Z) but without the password I'm struggling to realise how I am supposed to verify I've selected the correct combination.

I’m probably missing something fundamentally obvious somewhere but I’ve been looking at this for a couple of days now on and off and it’s just not falling into place. So any help anyone can give will be appreciated, PM me if you don’t want to spoil thing for others.
On the plus side, I’m no programmer but I’ve completed 5 of these missions so far, they are really helping me get to grips with PHP, much better that reading a book that’s for sure.
So cheers to all the fiendish swine who have contributed to these missions and helped me and no doubt countless others stretch their lacklustre minds.
SWF.