This can't be solved without brute-forcing, well not without smart brute-forcing anyway.
The decryption routine is impossible to solve in 1 swoop. However if you create a typical brute-forcer only incrementing +1 char of last index that will takes ages to find a password that generates the checksum 0xDCA (I think this checksum has changed since people previous posted). You need to think of a better way to generate checksums closer to 0xDCA as fast as possible.
A lot of junk code was annoying, I also mistook the password generation as junk too, and just focused on generating a valid checksum, then once it was found, using that brutce-forced input, in the original program to get the password to complete the level.
I think without IDA this is really difficult, so I will print screen just 1 routine in the decryption, to give you a helping hand. Though there's still a quite a bit to do.