├── ics
    └── pcap
    │   ├── asn_to_hash.rb
    │   ├── tcp_payload_filter.rb
    │   ├── mms_extract_file.rb
    │   └── ics_analysis.rb
├── misc
    ├── pcap
    │   ├── mots_check.rb
    │   ├── tsc_tspl_printer.rb
    │   ├── usbmouse.rb
    │   └── usbkeyboard.rb
    ├── encoder
    │   ├── morese_decode.rb
    │   ├── base92.rb
    │   └── brainfuck.rb
    ├── image
    │   └── png_size_recover.rb
    ├── compress
    │   ├── zipfake.rb
    │   └── rarfake.rb
    └── stego
    │   ├── zwsp-steg.rb
    │   └── stegosaurus.py
├── crypto
    ├── shiro_rememberMe_decrypt.rb
    ├── weblogic_password.rb
    ├── weblogic_password.py
    └── shiro_keys.txt
├── README.md
└── awd
    └── scanner
        ├── synproxy-scan.rb
        └── old-synproxy-scan.py


/ics/pcap/asn_to_hash.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | # 
 3 | # Author L
 4 | #
 5 | 
 6 | require 'awesome_print'
 7 | 
 8 | filename = ARGV[0]
 9 | value_name = ARGV[1]
10 | 
11 | unless filename && value_name
12 |   abort <<~EOF
13 |   Usage: ./asn_to_hash.rb <file.asn> <value_name>
14 |   EOF
15 | end
16 | 
17 | data = File.read(filename).match(/#{value_name}\s+::=\s+CHOICE\s+{(.*?)}/m)
18 | 
19 | abort '[!] Not Find' unless data
20 | 
21 | hash = {}
22 | data[1].each_line do |line|
23 |   line.strip!
24 |   next if line.start_with? '--'
25 |   if line =~ /(.*?)\s+\[(.*?)\]/
26 |     hash[$2] = $1
27 |   end  
28 | end
29 | 
30 | print "#{value_name} = "
31 | ap hash
32 | 


--------------------------------------------------------------------------------
/ics/pcap/tcp_payload_filter.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | # 
 3 | # Author L
 4 | #
 5 | 
 6 | pcap_file = ARGV[0]
 7 | display_filter = ARGV[1]
 8 | filter_regexp = ARGV[2]
 9 | filter_regexp = Regexp.new(filter_regexp) if filter_regexp
10 | 
11 | separator = "%6s #{'=' * 75}"
12 | 
13 | unless pcap_file && display_filter
14 |   abort <<~EOF
15 |   Usage: ./tcp_payload_filter.rb <pcap_file> <display_filter> [filter_regexp]
16 |   EOF
17 | end
18 | 
19 | `tshark -r #{pcap_file} -Y '#{display_filter}' -Tfields -e frame.number -e tcp.payload`.each_line do |line|
20 |   num, hex_data = line.chomp.split("\t")
21 |   raw = [hex_data].pack 'H*'
22 | 
23 |   if filter_regexp
24 |     if raw.match?(filter_regexp)
25 |       puts separator % num
26 |       puts raw 
27 |     end
28 |   else
29 |     puts separator % num
30 |     puts raw
31 |   end
32 | end
33 | 


--------------------------------------------------------------------------------
/misc/pcap/mots_check.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | #
 5 | 
 6 | require 'oj'
 7 | 
 8 | pcap_file = ARGV[0]
 9 | 
10 | abort "Usage: ./mots_check.rb <pcap_file>" unless pcap_file
11 | 
12 | json_data = `tshark -r '#{pcap_file}' -Y 'tcp.payload && tcp.flags == 0x18' -T json -e frame.number -e tcp.seq -e tcp.ack -e tcp.payload -e tcp.dstport -e tcp.srcport -e ip.src -e ip.dst`
13 | 
14 | mots = []
15 | json = Oj.load(json_data).map{|x| x['_source']['layers'].transform_values(&:first) }
16 | json.each_cons(2) do |i, j|
17 |   ii = i.values_at('ip.src', 'ip.dst', 'tcp.srcport', 'tcp.dstport', 'tcp.seq', 'tcp.ack')
18 |   jj = j.values_at('ip.src', 'ip.dst', 'tcp.srcport', 'tcp.dstport', 'tcp.seq', 'tcp.ack')
19 |   if ii == jj && i['tcp.payload'] != j['tcp.payload']
20 |     mots << i['frame.number'] << j['frame.number']
21 |   end
22 | end
23 | 
24 | if mots.empty?
25 |   puts "No suspicious packets found"
26 | else
27 |   puts "Discover suspicious packets: #{mots.size / 2}"
28 | 
29 |   puts "wireshark display express:"
30 |   puts "  frame.number in {#{mots.join(' ')}}"
31 | end
32 | 


--------------------------------------------------------------------------------
/misc/encoder/morese_decode.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | #
 5 | 
 6 | code_map = {".-"=>"A", "-..."=>"B", "-.-."=>"C", "-.."=>"D", "."=>"E", "..-."=>"F", "--."=>"G", "...."=>"H", ".."=>"I", ".---"=>"J", "-.-"=>"K", ".-.."=>"L", "--"=>"M", "-."=>"N", "---"=>"O", ".--."=>"P", "--.-"=>"Q", ".-."=>"R", "..."=>"S", "-"=>"T", "..-"=>"U", "...-"=>"V", ".--"=>"W", "-..-"=>"X", "-.--"=>"Y", "--.."=>"Z", "-----"=>"0", ".----"=>"1", "..---"=>"2", "...--"=>"3", "....-"=>"4", "....."=>"5", "-...."=>"6", "--..."=>"7", "---.."=>"8", "----."=>"9", ".-.-.-"=>".", "--..--"=>",", "..--.."=>"?", ".----."=>"'", "-.-.--"=>"!", "-..-."=>"/", "-.--."=>"(", "-.--.-"=>")", ".-..."=>"&", "---..."=>"=>", "-.-.-."=>";", "-...-"=>"=", ".-.-."=>"+", "-....-"=>"-", "..--.-"=>"_", ".-..-."=>"\"", "...-..-"=>"$", ".--.-."=>"@", "...---..."=>"SOS"}
 7 | 
 8 | code = $<.read.strip
 9 | chars = code.chars.uniq - [' ']
10 | abort '[!] Not a Morese Code' unless chars.size == 2
11 | 
12 | ok = false
13 | %w( .- -. ).each do |cs|
14 |   codes = code.tr(chars.join, cs).split
15 |   strs = codes.map(&code_map)
16 |   if strs.all?
17 |     ok = true
18 |     puts "[+] code: #{codes.join(' ')}"
19 |     puts strs.join
20 |     puts
21 |   end
22 | end
23 | 
24 | abort '[!] Not a Morese Code' unless ok
25 | 


--------------------------------------------------------------------------------
/crypto/shiro_rememberMe_decrypt.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | # Shiro rememberMe decrypt
 5 | #
 6 | 
 7 | require 'openssl'
 8 | 
 9 | if ARGV.size != 1 or !File.readable?(ARGV[0]) 
10 |   puts <<~EOF
11 |   Usage: ruby shiro_rememberMe_decrypt.rb <rememberMe_value_file>
12 | 
13 |     e.g. ruby shiro_rememberMe_decrypt.rb a.txt > /tmp/java_serialization.bin
14 | 
15 |   EOF
16 |   exit
17 | end
18 | cipher = File.binread(ARGV[0]).unpack1 'm'
19 | 
20 | Keys = File.readlines("#{__dir__}/shiro_keys.txt", chomp: true)
21 | 
22 | def aes_decrypt(mode, key, payload)
23 | 	iv = payload[0,16]
24 |   data = payload[16..-1]
25 | 	aes = OpenSSL::Cipher.new("aes-128-#{mode}")
26 | 
27 |   data = data[0...-16] if aes.authenticated?
28 | 	aes.decrypt
29 |   aes.iv_len = 16 if mode == :gcm
30 |   aes.iv = iv
31 | 	aes.key = key.unpack1('m0')
32 | 	aes.update(data) + (aes.final rescue '')
33 | end
34 | 
35 | # require 'pry';binding.pry
36 | mark_head = "\xAC\xED\x00\x05".b
37 | found = false
38 | Keys.each do |key|
39 |   [:cbc, :gcm].each do |mode|
40 |     plaintext = aes_decrypt(mode, key, cipher)
41 |     if (index = plaintext.index(mark_head))
42 |       plaintext = plaintext[index..-1]
43 |       STDERR.puts "Mode: #{mode.upcase}, Key: #{key}"
44 |       print plaintext
45 |       found = true
46 |       break
47 |     end
48 |   rescue => e
49 |     STDERR.puts "[!] mode:#{mode} key:#{key}, #{e}"
50 |   end
51 | end
52 | STDERR.puts "[!] Key not found" unless found
53 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CTF Scripts
 2 | 
 3 | ### MISC
 4 | ```ruby
 5 | compress/
 6 |   zipfake.rb              --  PKZip 文件伪加密
 7 |   rarfake.rb              --  RAR 文件伪加密
 8 | 
 9 | pcap/
10 |   usbkeyboard.rb          --  USB 协议提取键盘输入内容
11 |   usbmouse.rb             --  USB 协议提取鼠标输入转为图片轨迹图
12 |   tsc_tspl_printer.rb     --  TSC TSPL 打印机，打印数据图片输出 (目前仅支持BITMAP/BAR)
13 |   mots_check.rb           --  MOTS 攻击检测
14 | 
15 | stego/
16 |   stegosaurus.py          --  .py/.pyc/.pyo 的隐写工具
17 |   zwsp-steg.rb            --  ZWSP 隐写信息编码成不可见字符 (3或5个不可见字符编码)
18 | 
19 | encoder/
20 |   base92.rb               --  base92 encode/decode
21 |   brainfuck.rb            --  brainfuck && ook text encode/decode
22 |   morese_decode.rb        --  莫斯电码解码
23 | 
24 | image/
25 |   png_size_recover.rb     --  Png 文件的size恢复
26 | ```
27 | 
28 | ### CRYPTO
29 | ```ruby
30 | weblogic_password.rb      --  Weblogic 密码解密脚本 (支持{AES256})
31 | weblogic_password.py      --  旧版 Weblogic 密码解密脚本 (该版本停止维护; 依赖旧版Cipher)
32 | shiro_rememberMe_decrypt.rb -- Shiro Cookie rememberMe 解密
33 | ```
34 | 
35 | ### AWD
36 | ```ruby
37 | scanner/
38 |   synproxy-scan.rb        --  SYN Proxy Scan v2. (不支持Windows 使用)
39 |   old-synproxy-scan.py    --  SYN Proxy Scan v1. (不建议OSX 使用)
40 | ```
41 | 
42 | ### ICS
43 | ```ruby
44 | pcap/
45 |   ics_analysis.rb         --  ICS Protocol Analysis 字段提取统计
46 |   tcp_payload_filter.rb   --  过滤TCP Payload 内容
47 |   mms_extract_file.rb     --  Multimedia Messaging Service 文件提取
48 |   asn_to_hash.rb          !-  .asn 数据转换成 Ruby Hash
49 | ```
50 | 
51 | #### 备注
52 | ```ruby
53 | !- 为工具开发协助脚本
54 | ```
55 | 


--------------------------------------------------------------------------------
/misc/image/png_size_recover.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | # png_size_recover.rb image
 5 | #
 6 | 
 7 | require 'crc'
 8 | 
 9 | abort "Usage: ./png_size_recover.rb <png_file>" if ARGV.empty?
10 | 
11 | max = 3000
12 | @png_file = ARGV[0]
13 | 
14 | data = File.binread(@png_file)
15 | 
16 | ihdr_head = data[12,4]
17 | org_width = data[16,4]
18 | org_high  = data[20,4]
19 | ihdr_tail = data[24,5]
20 | crc       = data[29,4]
21 | 
22 | ihdr = ihdr_head + org_width + org_high + ihdr_tail
23 | if CRC.crc32.digest(ihdr) == crc
24 |   abort 'No problem with the picture'
25 | end
26 | 
27 | 
28 | def recover_file(data, values)
29 |   values.each do |name, i|
30 |     if name == :width
31 |       data[16,4] = [i].pack('i>')
32 |     else
33 |       data[20,4] = [i].pack('i>')
34 |     end
35 |     puts "[+] recover #{name}: #{i}"
36 |   end
37 | 
38 |   file = "recover_#{@png_file}"
39 |   File.binwrite(file, data)
40 |   puts "[+] save to: #{file}"
41 |   exit()
42 | end
43 | 
44 | 
45 | max.times do |i|
46 |   ihdr = ihdr_head + [i].pack('i>') + org_high + ihdr_tail
47 |   recover_file(data, width: i) if CRC.crc32.digest(ihdr) == crc
48 | 
49 |   ihdr = ihdr_head + org_width + [i].pack('i>') + ihdr_tail
50 |   recover_file(data, high: i) if CRC.crc32.digest(ihdr) == crc
51 | end
52 | 
53 | (1..max).each do |wi|
54 |   width = [wi].pack('i>')
55 |   (1..max).each do |hi|
56 |     ihdr = ihdr_head + width + [hi].pack('i>') + ihdr_tail
57 |     recover_file(data, width: wi, high: hi) if CRC.crc32.digest(ihdr) == crc
58 |   end
59 | end
60 | 
61 | puts "[!] recover fail"
62 | 


--------------------------------------------------------------------------------
/misc/compress/zipfake.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | # 
 3 | # Author L
 4 | #
 5 | require 'zip'
 6 | 
 7 | # bytes_num & 1 为加密位，0为无加密，1为需要加密
 8 | class ZipFake
 9 |   # block_size 10M
10 |   def initialize(filename, block_size = 10485760)
11 |     @path  = filename
12 |     @bsize = block_size
13 |     @size  = File.size(filename)
14 |     @mark  = "PK\x01\x02"
15 |   end
16 | 
17 |   def lock
18 |     # 判断是否文件，仅对文件设置lock，
19 |     # 否则会造成ZipFake#unlock无法恢复正常文件
20 |     lock_seq = ''
21 |     Zip::File.foreach(@path) do |entry|
22 |       lock_seq << ( entry.file? ? 1 : 0 )
23 |     end
24 |     set_encrypt_bytes(lock_seq)
25 |   end
26 | 
27 |   def unlock
28 |     lock_seq = []
29 |     set_encrypt_bytes(lock_seq)
30 | 
31 |     # "PK\x03\x04\x14\x03\x00\x00\b\x00" 第7位的全局加密解锁
32 |     if File.binread(@path, 7).match? /PK\x03\x04..\x01/
33 |       open(@path, 'rb+') do |fio|
34 |         fio.seek(6)
35 |         fio.putc("\x00")
36 |       end
37 |       puts "recover zip magic head encryption bit"
38 |     end
39 |   end
40 | 
41 |   private
42 |   def set_encrypt_bytes(seq)
43 |     fio = open(@path, 'rb+')
44 |     pos = 0
45 |     n = 0
46 |     while block = fio.read(@bsize)
47 |       if index = block.index(@mark) 
48 |         offset = (block.size - index - 8)
49 |         fio.seek(-offset, IO::SEEK_CUR)
50 |         fio.putc(seq[n] || "\x00")
51 |         n += 1
52 |       elsif fio.pos != @size
53 |         fio.seek(-3, IO::SEEK_CUR)
54 |       end
55 |     end
56 |     puts "success #{n} flag(s) found"
57 |   ensure
58 |     fio.close
59 |   end
60 | end
61 | 
62 | if __FILE__ == $PROGRAM_NAME
63 |   if ARGV.size == 2 
64 |     abort "No such option '#{ARGV[0]}'" unless 're'.index ARGV[0]
65 |     abort "No such file '#{ARGV[1]}'"   unless File.exist? ARGV[1]
66 | 
67 |     zip = ZipFake.new(ARGV[1])
68 |     if ARGV[0] == 'r'
69 |       zip.unlock
70 |     else
71 |       zip.lock
72 |     end
73 |   else
74 |     puts <<~EOF
75 |     usage:
76 |       zipfake.rb <option> <zipfile>
77 |     option:
78 |       r - recover a PKZip
79 |       e - do a fake encrypton
80 |     EOF
81 |   end
82 | end
83 | 


--------------------------------------------------------------------------------
/misc/encoder/base92.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | # base92 encode/decode
 5 | #
 6 | 
 7 | class Base92
 8 | 
 9 |   def self.decode(str)
10 |     return '' if str == '~'
11 | 
12 |     bitstr = ''
13 |     str.chars.each_slice(2) do |x,y|
14 |       if y
15 |         n = base92_ord(x)*91 + base92_ord(y)
16 |         bitstr += '%013b' % n
17 |       else
18 |         n = base92_ord(x)
19 |         bitstr += '%06b' % n
20 |       end
21 |     end
22 | 
23 |     bitstr.scan(/[01]{8}/).map{|n| n.to_i(2)}.pack('C*')
24 |   end
25 | 
26 |   def self.encode(str)
27 |     return '~' if str == ''
28 |     
29 |     bitstr = str.bytes.map{|x| '%08b' % x}.join
30 |     bitstr.chars.each_slice(13).map{|bs|
31 |       bs = bs.join
32 |       case bs.size
33 |       when 13
34 |         x, y = bs.to_i(2).divmod(91)
35 |         base92_chr(x) + base92_chr(y)
36 |       when 0..6
37 |         base92_chr((bs+'0'*(6-bs.size)).to_i(2))
38 |       else
39 |         x, y = (bs+'0'*(13-bs.size)).to_i(2).divmod(91)
40 |         base92_chr(x) + base92_chr(y)
41 |       end
42 |     }.join
43 |   end
44 | 
45 |   private
46 | 
47 |   def self.base92_chr(val)
48 |     raise 'val must be in (0..91)' unless (0..91).include? val
49 |     return '!' if val == 0
50 |     val <= 61 ? ('#'.ord + val - 1).chr : ('a'.ord + val - 62).chr
51 |   end
52 | 
53 |   def self.base92_ord(val)
54 |     case val
55 |     when '!'
56 |       0
57 |     when '#'..'_'
58 |       val.ord - '#'.ord + 1
59 |     when 'a'..'}'
60 |       val.ord - 'a'.ord + 62
61 |     else
62 |       raise 'val is not a base92 character'
63 |     end
64 |   end
65 | end
66 | 
67 | if __FILE__ == $PROGRAM_NAME
68 |   if ARGV.size == 2
69 |     abort "No such option '#{ARGV[0]}'" unless 'ed'.index ARGV[0]
70 |     abort "No such file '#{ARGV[1]}'"   unless File.exist? ARGV[1]
71 | 
72 |     data = File.binread(ARGV[1]).strip
73 |     if ARGV[0] == 'e'
74 | 			puts Base92.encode data
75 |     else
76 | 			puts Base92.decode data
77 |     end
78 |   else
79 |     puts <<~EOF
80 |     usage:
81 |       base92.rb <option> <file>
82 |     option:
83 |       e - encode
84 |       d - decode
85 |     EOF
86 |   end
87 | end
88 | 
89 | 


--------------------------------------------------------------------------------
/misc/pcap/tsc_tspl_printer.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | # TSC TSPL Printer to Image
 5 | #
 6 | 
 7 | require 'pycall/import'
 8 | include PyCall::Import
 9 | pyfrom :PIL, import: :Image
10 | ENV['PYTHON'] = 'python3'
11 | 
12 | require 'slop'
13 | 
14 | begin
15 |   opts = Slop.parse do |o|
16 |     o.banner = 'Usage: ./tsc_tspl_printer.rb [options] <.pcap|.tspl>+'
17 |     o.separator ""
18 |     o.separator "Options:"
19 |     o.string '-s', '--save',    'Save image to directory' do |s|
20 |       Dir.mkdir(s) unless File.directory? s
21 |     end
22 |     o.bool   '-n', '--no-show', 'Do not display images directly'
23 |     o.bool   '-a', '--all',     'all content'
24 |     o.on     '-h', '--help' do
25 |       puts o
26 |       exit
27 |     end
28 |   end
29 | rescue Slop::UnknownOption, Slop::MissingArgument => e
30 |   abort e.to_s
31 | end
32 | 
33 | ARGV.replace opts.arguments
34 | 
35 | imgfile_index = 1
36 | bar_points = []
37 | paste_imgs = []
38 | bar_width = bar_height = 0
39 | 
40 | $<.each_line do |line|
41 |   if line.delete_prefix! 'BAR'
42 |     # BAR x, y, width, height
43 |     sx, sy, width, height = line.split(?,).map(&:to_i)
44 |     (sx..(sx+width)).each do |x|
45 |       (sy..(sy+height)).each do |y|
46 |         bar_width = [x, bar_width].max
47 |         bar_height = [y, bar_height].max
48 |         bar_points << [x,y]
49 |       end
50 |     end
51 |   elsif line.delete_prefix! 'BITMAP'
52 |     # BITMAP x,y,width,height,data
53 |     # data: data.bits to width*8 x height
54 |     x, y, width, height, _, data = line.b.split(?,, 6)
55 |     x, y, width, height = [x, y, width, height].map(&:to_i)
56 |     im = Image.new('L', [width * 8, height])
57 |     im.putdata(data.strip.unpack1('B*').chars.map{|c| (c.to_i^1)*255})
58 |     bar_width = [x + width, bar_width].max
59 |     bar_height = [y + height, bar_height].max
60 |     paste_imgs << [[x,y], im]
61 |     if opts.all?
62 |       im = im.rotate(180)
63 |       if opts.save?
64 |         im.save("#{opts[:save]}/#{imgfile_index}.png")
65 |         imgfile_index += 1
66 |       end
67 |       im.show() unless opts.no_show?
68 |     end
69 |   end
70 | end
71 | 
72 | im = Image.new('L', [bar_width + 20, bar_height + 20])
73 | bar_points.each{|point| im.putpixel(point, 255) }
74 | paste_imgs.each{|point, img| im.paste(img, point) }
75 | im = im.rotate(180)
76 | im.save("#{opts[:save]}/printer.png") if opts.save?
77 | im.show() unless opts.no_show?
78 | 


--------------------------------------------------------------------------------
/misc/pcap/usbmouse.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | # Get USB Keyboard Input Data to Png
 5 | #
 6 | 
 7 | require 'tempfile'
 8 | 
 9 | if ARGV.delete '-h'
10 |   puts <<~EOF
11 |     Usage:
12 |       ./usbmouse.rb [option] <pcap_file>
13 |       cat usb_capdata.txt | ./usbmouse.rb -o result.png
14 | 
15 |     Option: 
16 |       -o <file> Set Output File (Default: mouse.png)
17 |       -left     Left Keystroke
18 |       -right    Right Keystroke
19 |       -move     Mouse Move
20 |       -all      Mouse All (Default)
21 |       -f        Force Mode (Ignore Wireshark Error)
22 |       -v        Verbose Mode
23 |       -h        Help Info
24 |   EOF
25 |   exit
26 | end
27 | verbose = ARGV.delete '-v'
28 | force   = ARGV.delete '-f'
29 | left    = ARGV.delete '-left'
30 | right   = ARGV.delete '-right'
31 | move    = ARGV.delete '-move'
32 | all     = ARGV.delete('-all') || [left, right, move].none?
33 | output  = (i = ARGV.index '-o') ? ARGV.slice!(i,2).last : 'mouse.png'
34 | 
35 | if ARGV[0] 
36 |   cmd = "tshark -r #{ARGV[0]} -T fields -e usb.capdata #{force ? "2>&-" : ""}"
37 |   data = `#{cmd}`
38 |   unless force
39 |     abort "[!] Error `#{cmd}` " unless $?.success? and `file #{ARGV[0]}`.include? 'capture'
40 |   end
41 | else
42 |   data = ARGF
43 | end
44 | 
45 | tempfile = Tempfile.new('usb_mouse_data')
46 | 
47 | posx, posy = 0, 0
48 | data.each_line do |line|
49 |   if line =~ /^(00|01|02):?(\h{2}):?(\h{2}):?\h{2}$/
50 |     action, x, y = $1, $2.to_i(16), $3.to_i(16)
51 |     x -= 256 if x > 127
52 |     y -= 256 if y > 127
53 |     posx += x
54 |     posy += y
55 |     recoding = case action
56 |                when '00' then move
57 |                when '01' then left
58 |                when '02' then right
59 |                else
60 |                  puts "[-] Known operate" if verbose
61 |                end
62 |     tempfile.puts "#{posx} #{posy}" if recoding || all
63 |   end
64 | end
65 | 
66 | tempfile.close
67 | if tempfile.size.zero?
68 |   puts "[!] Mouse input not found"
69 |   exit
70 | end
71 | 
72 | cmd = "gnuplot -e \"set terminal png; plot '#{tempfile.path}'\""
73 | data = `#{cmd}`
74 | unless $?.success?
75 |   debug_file = 'mouse_coordinate.txt'
76 |   File.write(debug_file, File.read(tempfile.path)) # copy
77 |   puts "[*] Debug Output: #{debug_file}"
78 |   abort "[!] Error `#{cmd}` "
79 | end
80 | 
81 | File.binwrite(output, data)
82 | puts "[+] Output: #{output}"
83 | tempfile.unlink
84 | 


--------------------------------------------------------------------------------
/misc/stego/zwsp-steg.rb:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env ruby
  2 | #
  3 | # Author L
  4 | # zwsp-steg
  5 | # Reference: https://github.com/offdev/zwsp-steg-js
  6 | #
  7 | 
  8 | class ZWSP
  9 | 
 10 |   MODE_ZWSP = 0
 11 |   MODE_FULL = 1
 12 | 
 13 |   ZERO_WIDTH_SPACE = "\u200b"
 14 |   ZERO_WIDTH_NON_JOINER = "\u200c"
 15 |   ZERO_WIDTH_JOINER = "\u200d"
 16 |   LEFT_TO_RIGHT_MARK = "\u200e"
 17 |   RIGHT_TO_LEFT_MARK = "\u200f"
 18 | 
 19 |   ArrayZWSP = [
 20 |     ZERO_WIDTH_SPACE,
 21 |     ZERO_WIDTH_NON_JOINER,
 22 |     ZERO_WIDTH_JOINER,
 23 |   ]
 24 | 
 25 |   ArrayFULL = [
 26 |     ZERO_WIDTH_SPACE,
 27 |     ZERO_WIDTH_NON_JOINER,
 28 |     ZERO_WIDTH_JOINER,
 29 |     LEFT_TO_RIGHT_MARK,
 30 |     RIGHT_TO_LEFT_MARK,
 31 |   ]
 32 | 
 33 | 
 34 |   def self.get_padding_length(mode)
 35 |     mode == MODE_ZWSP ? 11 : 7
 36 |   end 
 37 | 
 38 | 
 39 |   def self.encode(message, mode: MODE_FULL)
 40 |     return '' if message.empty?
 41 | 
 42 |     alphabet = mode == MODE_ZWSP ? ArrayZWSP : ArrayFULL
 43 |     padding = get_padding_length(mode)
 44 |     encoded = ''
 45 |     message.each_char do |char|
 46 |       code = '0' * padding + char.ord.to_s(alphabet.size).to_i.to_s
 47 |       code = code[(code.size-padding)..-1]
 48 |       code.each_char do |c|
 49 |         encoded += alphabet[c.to_i]
 50 |       end
 51 |     end
 52 |     encoded
 53 |   end
 54 | 
 55 | 
 56 |   def self.decode(message, mode: MODE_FULL)
 57 |     alphabet = mode == MODE_ZWSP ? ArrayZWSP : ArrayFULL
 58 |     padding = get_padding_length(mode)
 59 | 
 60 |     encoded = ''
 61 |     #message.chars.map{|c| alphabet.index(c)}.join
 62 |     message.each_char do |char|
 63 |       index = alphabet.index(char)
 64 |       encoded << index.to_s if index
 65 |     end
 66 | 
 67 |     raise 'Unknown encoding detected!' if encoded.size % padding != 0
 68 | 
 69 |     decoded = ''
 70 |     cur_char = ''
 71 |     encoded.chars.each_with_index do |char, index|
 72 |       cur_char += char
 73 |       if index > 0 and (index + 1) % padding == 0
 74 |         decoded += cur_char.to_i(alphabet.size).chr
 75 |         cur_char = ''
 76 |       end
 77 |     end
 78 |     decoded
 79 |   end
 80 | end
 81 | 
 82 | if __FILE__ == $PROGRAM_NAME
 83 |   if ARGV.size == 2
 84 |     abort "No such option '#{ARGV[0]}'" unless 'ed'.index ARGV[0]
 85 |     abort "No such file '#{ARGV[1]}'"   unless File.exist? ARGV[1]
 86 | 
 87 |     data = File.read(ARGV[1], encoding: 'utf-8')
 88 |     if ARGV[0] == 'e'
 89 |       puts ZWSP.encode data
 90 |     else
 91 |       puts ZWSP.decode data
 92 |     end
 93 |   else
 94 |     puts <<~EOF
 95 |     usage:
 96 |       zwsp-steg.rb <option> <file>
 97 |     option:
 98 |       e - encode
 99 |       d - decode
100 |     EOF
101 |   end
102 | end
103 | 


--------------------------------------------------------------------------------
/misc/pcap/usbkeyboard.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | #
 3 | # Author L
 4 | # Get USB Keyboard Input Data
 5 | #
 6 | 
 7 | NormalKeys = {"04"=>"a", "05"=>"b", "06"=>"c", "07"=>"d", "08"=>"e", "09"=>"f", "0a"=>"g", "0b"=>"h", "0c"=>"i", "0d"=>"j", "0e"=>"k", "0f"=>"l", "10"=>"m", "11"=>"n", "12"=>"o", "13"=>"p", "14"=>"q", "15"=>"r", "16"=>"s", "17"=>"t", "18"=>"u", "19"=>"v", "1a"=>"w", "1b"=>"x", "1c"=>"y", "1d"=>"z","1e"=>"1", "1f"=>"2", "20"=>"3", "21"=>"4", "22"=>"5", "23"=>"6","24"=>"7","25"=>"8","26"=>"9","27"=>"0","28"=>"<RET>","29"=>"<ESC>","2a"=>"<DEL>", "2b"=>"\t","2c"=>"<SPACE>","2d"=>"-","2e"=>"=","2f"=>"[","30"=>"]","31"=>"\\","32"=>"<NON>","33"=>";","34"=>"'","35"=>"<GA>","36"=>",","37"=>".","38"=>"/","39"=>"<CAP>","3a"=>"<F1>","3b"=>"<F2>", "3c"=>"<F3>","3d"=>"<F4>","3e"=>"<F5>","3f"=>"<F6>","40"=>"<F7>","41"=>"<F8>","42"=>"<F9>","43"=>"<F10>","44"=>"<F11>","45"=>"<F12>"}
 8 | 
 9 | ShiftKeys = {"04"=>"A", "05"=>"B", "06"=>"C", "07"=>"D", "08"=>"E", "09"=>"F", "0a"=>"G", "0b"=>"H", "0c"=>"I", "0d"=>"J", "0e"=>"K", "0f"=>"L", "10"=>"M", "11"=>"N", "12"=>"O", "13"=>"P", "14"=>"Q", "15"=>"R", "16"=>"S", "17"=>"T", "18"=>"U", "19"=>"V", "1a"=>"W", "1b"=>"X", "1c"=>"Y", "1d"=>"Z","1e"=>"!", "1f"=>"@", "20"=>"#", "21"=>"$", "22"=>"%", "23"=>"^","24"=>"&","25"=>"*","26"=>"(","27"=>")","28"=>"<RET>","29"=>"<ESC>","2a"=>"<DEL>", "2b"=>"\t","2c"=>"<SPACE>","2d"=>"_","2e"=>"+","2f"=>"{","30"=>"}","31"=>"|","32"=>"<NON>","33"=>"\"","34"=>"=>","35"=>"<GA>","36"=>"<","37"=>">","38"=>"?","39"=>"<CAP>","3a"=>"<F1>","3b"=>"<F2>", "3c"=>"<F3>","3d"=>"<F4>","3e"=>"<F5>","3f"=>"<F6>","40"=>"<F7>","41"=>"<F8>","42"=>"<F9>","43"=>"<F10>","44"=>"<F11>","45"=>"<F12>"}
10 | 
11 | if ARGV.delete '-h'
12 |   puts <<~EOF
13 |     Usage:
14 |       ./usbkeyboard.rb usb.pcap
15 |       cat usb_capdata.txt | ./usbkeyboard.rb
16 | 
17 |     Option: 
18 |       -f     Force Mode (Ignore Wireshark Error)
19 |       -v     Verbose Mode
20 |       -h     Help Info
21 |   EOF
22 |   exit
23 | end
24 | verbose = ARGV.delete '-v'
25 | force = ARGV.delete '-f'
26 | 
27 | if ARGV[0] 
28 |   cmd = "tshark -r #{ARGV[0]} -T fields -e usb.capdata #{force ? "2>&-" : ""}"
29 |   data = `#{cmd}`
30 |   unless force
31 |     abort "[!] Error `#{cmd}` " unless $?.success? and `file #{ARGV[0]}`.include? 'capture'
32 |   end
33 | else
34 |   data = ARGF
35 | end
36 | 
37 | result = ''
38 | data.each_line do |line|
39 |   if line =~ /^(00|02|20):?\h{2}:?(\h{2})(?::?\h{2}){5}$/   # TODO Confirm <shift> code
40 |     shift, key = $1, $2
41 |     keyboard = ( shift == '00' ? NormalKeys[key] : ShiftKeys[key] )
42 |     if keyboard
43 |       result << keyboard
44 |     else
45 |       puts "[-] Unknow Key : 0x#{key}" if verbose
46 |     end
47 |   end
48 | end
49 | 
50 | if result.empty?
51 |   puts "[!] Keyboard input not found"
52 | else
53 |   puts "[+] Result: " if verbose
54 |   puts result
55 | end
56 | 


--------------------------------------------------------------------------------
/ics/pcap/mms_extract_file.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | # 
 3 | # Author L
 4 | #
 5 | 
 6 | require 'oj'
 7 | require 'filesize'
 8 | 
 9 | pcap_file = ARGV[0]
10 | extract_file = ARGV[1]
11 | 
12 | unless pcap_file
13 |   abort <<~EOF
14 |     Usage
15 |       Read file list : ./mms_extract_file.rb <pcapfile>
16 |       Extract file   : ./mms_extract_file.rb <pcapfile> <extract_file>
17 |     EOF
18 |   EOF
19 | end
20 | 
21 | if extract_file
22 |   # 查找文件对应的 invokeID
23 |   invokeids = `tshark -r '#{pcap_file}' -Y 'mms.FileName_item == "#{extract_file}"' -Tfields -e mms.invokeID`.split.join(' ')
24 |   # 对应 invokeID 的 frsmID
25 |   frsmids = `tshark -r '#{pcap_file}' -Y 'mms.invokeID in {#{invokeids}} && mms.confirmedServiceResponse && mms.frsmID' -Tfields -e mms.frsmID`.split.join(' ')
26 |   # 通过 frsmID 查找到对应内容请求包
27 |   invokeids = `tshark -r '#{pcap_file}' -Y 'mms.fileRead in {#{frsmids}} && mms.confirmedServiceRequest' -Tfields -e mms.invokeID`.split
28 | 
29 |   invokeids.each do |invokeid|
30 |     hex_data = `tshark -r '#{pcap_file}' -Y 'mms.invokeID == #{invokeid} && mms.confirmedServiceResponse' -Tfields -e mms.fileData`.chomp.delete(':')
31 | 
32 |     if hex_data.empty?
33 |       frame_number = `tshark -r '#{pcap_file}' -Y 'mms.invokeID == #{invokeid} && mms.confirmedServiceRequest' -Tfields -e frame.number`.to_i
34 |       puts "Not Find Response PDU"
35 |       puts "Request PDU Frame: #{frame_number}"
36 |     else
37 |       puts [hex_data].pack('H*')
38 |     end
39 |   end
40 | else
41 |   file_directory_json = `tshark -r #{pcap_file} -Y 'mms.confirmedServiceResponse == 77' -Tjson -e mms.FileName_item -e mms.sizeOfFile -e mms.lastModified`
42 |   file_directory = Oj.load(file_directory_json).map{|data| a, *b = data["_source"]["layers"].values; a.zip(*b) }.flatten(1).uniq
43 | 
44 |   mms_fileopen_request =
45 |     `tshark -r #{pcap_file} -Y 'mms.confirmedServiceRequest == 72' -Tfields -e mms.invokeID -e mms.FileName_item`.
46 |     each_line(chomp: true).
47 |     map(&:split)
48 | 
49 |   mms_fileopen_response =
50 |     `tshark -r #{pcap_file} -Y 'mms.confirmedServiceResponse == 72' -Tfields -e mms.invokeID -e mms.sizeOfFile -e mms.lastModified`.
51 |     each_line(chomp: true).
52 |     map{|x| id, size, time = x.split("\t", 3); [id, size, time]}
53 | 
54 |   mms_fileopen = []
55 |   mms_fileopen_request.each do |id, name|
56 |     _, size, time = mms_fileopen_response.find{|x| x.first == id}
57 |     mms_fileopen << [name, size, time] if size && time
58 |   end
59 |   mms_fileopen.uniq!
60 | 
61 | 
62 |   read_files = mms_fileopen_request.map(&:last).uniq
63 |   files = (file_directory | mms_fileopen).uniq{|x| x[0..1]}
64 |   puts "%-25s  %11s\t  %-4s   %s" % ['Time', 'Size', 'OP', 'FileName']
65 |   files.each do |name, size, time|
66 |     read = read_files.include?(name) ? 'READ' : '    '
67 |     puts "%-25s  %11s\t  %-4s   %s" % [time, Filesize.from(size).pretty, read, name]
68 |   end
69 | end
70 | 


--------------------------------------------------------------------------------
/misc/compress/rarfake.rb:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env ruby
  2 | #
  3 | # Author L
  4 | # TODO support RAR5
  5 | #
  6 | require 'bindata'
  7 | require 'crc'
  8 | 
  9 | class RAR
 10 |   RAR_FILE_PASSWORD = 0x0004
 11 | 
 12 |   class RAR3_HEAD < BinData::Record
 13 |     endian :little
 14 |     string :mark_head, :length => 7
 15 |     string :main_head, :length => 13
 16 |   end
 17 | 
 18 |   class RAR3_FILE_HEAD < BinData::Record
 19 |     endian :little
 20 |     uint16 :crc32
 21 |     string :ftype, :length => 1
 22 |     uint16 :flags
 23 |     uint16 :head_size
 24 |     string :bytes_remaining, read_length: -> {head_size - 7}
 25 | 
 26 |     def real_crc
 27 |       CRC.crc32(to_binary_s[2..-1]) & 0xFFFF
 28 |     end
 29 | 
 30 |     def crc_invaild? 
 31 |       real_crc != crc32
 32 |     end
 33 | 
 34 |     def crc_recalc
 35 |       self.crc32 = real_crc
 36 |     end
 37 | 
 38 |     def need_password?
 39 |       flags.to_i.allbits? RAR_FILE_PASSWORD
 40 |     end
 41 |   end
 42 | 
 43 |   def initialize(filename, bsize = 10485760)
 44 |     @filename = filename
 45 |     @bsize = bsize  
 46 |     @mark = "\x74" # RAR File
 47 |   end
 48 | 
 49 |   def action(op)
 50 |     f = open(@filename, 'rb+')
 51 |     rar_head = RAR3_HEAD.read f 
 52 | 
 53 |     @n = 0
 54 |     while block = f.read(@bsize)
 55 |       if index = block.index(@mark)
 56 |         offset = block.size - index + 2
 57 |         f.seek(-offset, IO::SEEK_CUR)
 58 |         file_head = RAR3_FILE_HEAD.read f
 59 | 
 60 |         case op
 61 |         when :recover
 62 |           if file_head.crc_invaild?
 63 |             file_head.flags ^= RAR_FILE_PASSWORD
 64 |             data = file_head.to_binary_s
 65 |             if file_head.crc_invaild?
 66 |               f.seek(-data.size+3, IO::SEEK_CUR)
 67 |             else
 68 |               f.seek(-data.size, IO::SEEK_CUR)
 69 |               f.write(data)
 70 |               @n += 1
 71 |             end
 72 |           end
 73 | 
 74 |         when :fake
 75 |           unless file_head.crc_invaild?
 76 |             file_head.flags ^= RAR_FILE_PASSWORD
 77 |             data = file_head.to_binary_s
 78 |             f.seek(-data.size, IO::SEEK_CUR)
 79 |             f.write(data)
 80 |             @n += 1
 81 |           end
 82 | 
 83 |         when :unlock, :lock
 84 |           if not file_head.crc_invaild?
 85 |             if (op == :unlock and file_head.need_password?) or 
 86 |                 (op == :lock and not file_head.need_password?)
 87 |               file_head.flags ^= RAR_FILE_PASSWORD
 88 |               file_head.crc_recalc
 89 |               data = file_head.to_binary_s
 90 |               f.seek(-data.size, IO::SEEK_CUR)
 91 |               f.write(data)
 92 |               @n += 1
 93 |             end
 94 |           end
 95 |         end
 96 | 
 97 |       end
 98 |     end
 99 |   rescue IOError
100 |   ensure
101 |     f.close
102 |     puts "success #{@n} flag(s) found"
103 |   end
104 | 
105 | end
106 | 
107 | if __FILE__ == $PROGRAM_NAME
108 |   ops = {
109 |     'r' => :recover,
110 |     'f' => :fake,
111 |     'u' => :unlock,
112 |     'l' => :lock
113 |   }
114 | 
115 |   if ARGV.size == 2
116 |     op = ops[ARGV[0]]
117 |     abort "No such option '#{ARGV[0]}'" unless op
118 |     abort "No such file '#{ARGV[1]}'"   unless File.exist? ARGV[1]
119 |     rar = RAR.new(ARGV[1])
120 |     rar.action(op)
121 |   else
122 |     puts <<~EOF
123 |     usage:
124 |       rarfake.rb <option> <rarfile>
125 |     option:
126 |       r - recover a RAR
127 |       f - do a fake encrypton/decrypton
128 |       u - unlock RAR (keep crc vaild)
129 |       l - lock RAR (keep crc vaild)
130 |     EOF
131 |   end
132 | end
133 | 
134 | 


--------------------------------------------------------------------------------
/awd/scanner/synproxy-scan.rb:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env ruby
  2 | #
  3 | # Use Bridged for virtual machine
  4 | # Dependency nmap tshark
  5 | #
  6 | __author__ = 'L'
  7 | 
  8 | require 'l-tools'
  9 | require 'socket'
 10 | require 'optparse'
 11 | 
 12 | banner = %q[
 13 |  ______   ___   _   ____                        ____
 14 | / ___\ \ / / \ | | |  _ \ _ __ _____  ___   _  / ___|  ___ __ _ _ __
 15 | \___ \\\ V /|  \| | | |_) | '__/ _ \ \/ / | | | \___ \ / __/ _` | '_ \
 16 |  ___) || | | |\  | |  __/| | | (_) >  <| |_| |  ___) | (_| (_| | | | |
 17 | |____/ |_| |_| \_| |_|   |_|  \___/_/\_\\\__, | |____/ \___\__,_|_| |_|
 18 |       author: L  version: 2.2.0         |___/
 19 | 
 20 | 
 21 | ]
 22 | 
 23 | def create_tshark(args)
 24 |   ifaces = Socket.ip_address_list.select(&:ipv4?).map(&:ip_address)
 25 |   src_hosts = ifaces.map{|ip| " dst host #{ip} "}.join '||'
 26 |   bpf = src_hosts ? "tcp && (#{src_hosts})" : "tcp"
 27 |   LTools::Tshark.capture(
 28 |     interface: args[:interface],
 29 |     bpf: bpf,
 30 |     filter: 'tcp.flags.ack==1 && tcp.window_size_value!=0',
 31 |     fields: 'ip.src_host tcp.srcport'
 32 |   )
 33 | end
 34 | 
 35 | def print_result(records)
 36 |   ip_port_map = records.group_by(&:first).transform_values{|x| x.map(&:last) }
 37 |   ips = `nmap -Pn -sn -n -sL #{File.file?(ARGV.first) ? "-iL #{ARGV.first}" : ARGV.shelljoin}`.b
 38 |   ip_port_map.each do |ip, ports|
 39 |     next unless ips.match? /\b#{Regexp.quote(ip)}\b/
 40 |     puts "Scan report for #{ip}"
 41 |     puts "PORT   STATE   SERVICE"
 42 |     ports.map(&:to_i).sort.uniq.each do |port|
 43 |       server = Socket.getservbyport(port) rescue 'unkown'
 44 |       puts "%-6s open    %s" % [port, server]
 45 |     end
 46 |     puts
 47 |   end
 48 | end
 49 | 
 50 | def start(args)
 51 |   tshark = create_tshark(args)
 52 |   tshark.start
 53 |   sleep 1
 54 | 
 55 |   nmap = LTools::Nmap.portscan(
 56 |     ARGV.size == 1 ? ARGV.first : ARGV,
 57 |     ports: args[:ports],
 58 |     mode: 'T'
 59 |   )
 60 |   nmap.io_inherit! if args[:nmap]
 61 |   nmap.start
 62 |   nmap.wait
 63 | 
 64 |   if args[:nmap]
 65 |     sep = '-'*25
 66 |     puts "\n\n#{sep + " SYN Proxy Scan Result " + sep}\n\n\n"
 67 |   else
 68 |     last = nmap.stdout.read[/^.*?\Z/]
 69 |   end
 70 | 
 71 |   sleep 2
 72 |   tshark.stop
 73 |   
 74 |   print_result(tshark.records)
 75 |   puts last.gsub('Nmap', 'SYN Proxy Scan') if last
 76 | end
 77 | 
 78 | if __FILE__ == $PROGRAM_NAME
 79 |   args = {
 80 |     interface: nil,
 81 |     ports: nil,
 82 |     debug: false,
 83 |     nmap: false
 84 |   }
 85 |   optparser = OptionParser.new do |opts|
 86 |     opts.banner = banner + "Usage: ./synproxy-scan.rb [options] <target specification>"
 87 |     opts.on('-i <iface>', '--interface', String, "Specify sniff network interface(tshark). [default: auto]")
 88 |     opts.on('-p <ports>', '--ports', String, "Specify scan ports [default: most common 1,000 ports]")
 89 |     opts.on('-n', '--nmap', "Nmap Interaction Mode")
 90 |     opts.on('-d', '--debug', "Debug Mode")
 91 |     opts.separator "\nExamples:"
 92 |     opts.separator "  ./synproxy-scan.rb 192.168.1.1"
 93 |     opts.separator "  ./synproxy-scan.rb -p 1-100 192.168.1.1"
 94 |     opts.separator "  ./synproxy-scan.rb -p 1-100 ip_list.txt"
 95 |     opts.separator "  ./synproxy-scan.rb -i eth0 -p 1-20,30-100,3389 192.168.1.1/24 github.com"
 96 |   end
 97 |   optparser.parse! into: args
 98 |   if args[:debug]
 99 |     puts "[Debug] Args: #{args}"
100 |     LTools.verbose = true
101 |   end
102 | 
103 |   if ARGV.empty? 
104 |     puts "[!] Please specify target"
105 |     puts optparser.help
106 |   else
107 |     puts banner
108 |     start(args)
109 |   end
110 | end
111 | 


--------------------------------------------------------------------------------
/misc/encoder/brainfuck.rb:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env ruby
  2 | #
  3 | # Author L
  4 | # brainfuck && ook text encode/decode
  5 | #
  6 | 
  7 | module Brainfuck
  8 |   module_function
  9 | 
 10 |   def decode code
 11 |     le = code.length
 12 |     cp = -1 # code pointer
 13 |     p = 0   # cell pointer
 14 |     c = [0] # cells
 15 |     bm = {} # bracket map, jump directly to matching brackets! :)
 16 |     bc = 0  # bracket counter
 17 |     s = []  # bracket stack
 18 |     ccp = 0 # code pointer for cleaned code
 19 | 
 20 |     commands = [">", "<", "+", "-", ".", "[", "]", ","]
 21 |     cleaned  = []
 22 | 
 23 |     until (cp+=1) == le
 24 |       case code[cp]
 25 |         when ?[ then s.push(ccp) && bc += 1
 26 |         when ?] then (bm[s.pop] = ccp) && bc -= 1
 27 |       end
 28 |       bc < 0 && raise("Ending Brainfuck without opening, mismatch at #{cp}") && exit
 29 |       commands.include? code[cp] && (cleaned.push code[cp]) && ccp += 1
 30 |     end
 31 | 
 32 |     !s.empty? && raise("Opening Brainfuck without closing, mismatch at #{s.pop}") && exit
 33 | 
 34 |     cp = -1
 35 | 
 36 |     output = ''
 37 |     until (cp+=1) == le
 38 |       case cleaned[cp]
 39 |         when ?> then (p += 1) && c[p].nil? && c[p] = 0
 40 |         when ?< then p <= 1 ? p = 0 : p -= 1
 41 |         when ?+ then c[p] <= 254 ? c[p] += 1 : c[p] = 0
 42 |         when ?- then c[p] >= 1 ? c[p] -= 1 : c[p] = 255
 43 |         when ?[ then c[p] == 0 && cp = bm[cp]
 44 |         when ?] then c[p] != 0 && cp = bm.key(cp)
 45 |         when ?. then output << c[p]
 46 |         when ?, then c[p] = get_character.to_i
 47 |       end
 48 |     end
 49 |     output
 50 |   end
 51 | 
 52 |   def encode msg
 53 |     result = ''
 54 |     value = 0
 55 |     msg.each_byte do |c|
 56 |       diff = c - value
 57 |       value = c
 58 | 
 59 |       if diff.zero?
 60 |         result += '>.<'
 61 |         next
 62 |       end
 63 | 
 64 |       op = ( diff > 0 ? '+' : '-' )
 65 |       if diff.abs < 10
 66 |         result += ('>' + op * diff.abs)
 67 |       else
 68 |         _loop = Math.sqrt(diff.abs).to_i
 69 |         result += '+' * _loop
 70 |         result += "[->#{op * _loop}<]>#{op * (diff.abs - _loop ** 2)}"
 71 |       end
 72 | 
 73 |       result += '.<'
 74 |     end
 75 | 
 76 |     result.gsub('<>', '')
 77 |   end
 78 | 
 79 |   def ook_encode msg
 80 |     char_map = {
 81 |       '>' => 'Ook. Ook? ',
 82 |       '<' => 'Ook? Ook. ',
 83 |       '+' => 'Ook. Ook. ',
 84 |       '-' => 'Ook! Ook! ',
 85 |       '.' => 'Ook! Ook. ',
 86 |       ',' => 'Ook. Ook! ',
 87 |       '[' => 'Ook! Ook? ',
 88 |       ']' => 'Ook? Ook! ',
 89 |     }
 90 |     encode(msg).each_char.map(&char_map).join.strip
 91 |   end
 92 | 
 93 |   def short_ook_encode msg
 94 |     ook_encode(msg).gsub(/[^.?!]/, '')
 95 |   end
 96 | 
 97 |   def ook_decode code
 98 | 		char_map = {
 99 | 			'.?' => '>',
100 | 			'?.' => '<',
101 | 			'..' => '+',
102 | 			'!!' => '-',
103 | 			'!.' => '.',
104 | 			'.!' => ',',
105 | 			'!?' => '[',
106 | 			'?!' => ']',
107 |     }
108 |     code = code.gsub(/[^.?!]/, '').each_char.each_slice(2).map(&:join).map(&char_map)
109 |     decode(code)
110 |   end
111 | end
112 | 
113 | if __FILE__ == $PROGRAM_NAME
114 |   if ARGV.size == 2
115 |     op, file = ARGV
116 |     data = File.read(file)
117 |     output =
118 |       case op.to_i
119 |       when 0
120 |         Brainfuck.decode(data)
121 |       when 1
122 |         Brainfuck.ook_decode(data)
123 |       when 2
124 |         Brainfuck.encode(data)
125 |       when 3
126 |         Brainfuck.ook_encode(data)
127 |       when 4
128 |         Brainfuck.short_ook_encode(data)
129 |       end
130 |     puts output
131 |   else
132 |     puts <<~EOF
133 |     usage:
134 |       brainfuck.rb <option> <file>
135 |     option:
136 |       0 - Brainfuck to Text
137 |       1 - Ook to Text
138 |       2 - Text to Brainfuck
139 |       3 - Text to Ook
140 |       4 - Text to Short Ook
141 |     EOF
142 |   end
143 | end
144 | 


--------------------------------------------------------------------------------
/crypto/weblogic_password.rb:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env ruby
  2 | #
  3 | # Author L
  4 | # Weblogic console login account
  5 | #
  6 | 
  7 | require 'openssl'
  8 | require 'bindata'
  9 | 
 10 | WEBLOGIC_MASTER_KEY = '0xccb97558940b82637c8bec3c770f86fa3a391a56'
 11 | #RE = %r'([^>]+?)<\/[^>]+?>\s+?<[^>]+?>\{(AES|3DES)\}(.+?)<\/'
 12 | RE = %r'([^>\s]+?)(?:<\/[^>]+?>\s+)+?<[^>]+?>\{(AES|AES256|3DES)\}(.+?)<\/'
 13 | CipherRE = %r'()\{(AES|AES256|3DES)\}(.+?)$'
 14 | 
 15 | 
 16 | class SerializedSystemIni < BinData::Record
 17 |   class Key1 < BinData::Record
 18 |     uint8 :key_len
 19 |     string :ini_key, :read_length => :key_len
 20 |   end
 21 | 
 22 |   class Key2 < BinData::Record
 23 |     uint8 :skip_len
 24 |     skip :length => :skip_len
 25 |     uint8 :key_len
 26 |     string :ini_key, :read_length => :key_len
 27 |   end
 28 | 
 29 |   endian :little
 30 |   uint8 :salt_len
 31 |   string :salt, :read_length => :salt_len 
 32 |   uint8 :version
 33 | 
 34 |   choice :encryption, :selection => ->{ version >= 2 } do
 35 |     key1 false
 36 |     key2 true
 37 |   end
 38 | end
 39 | 
 40 | 
 41 | def decrypt(algo, key, iv, data)
 42 |   de = OpenSSL::Cipher.new(algo)
 43 |   de.decrypt
 44 |   de.key = key
 45 |   de.iv = iv
 46 |   de.update(data) + (de.final rescue '')
 47 | end
 48 | 
 49 | 
 50 | def pbkdf3(p, s, count, dklen, ivlen, hash)
 51 |   def makelen(bytes, tolen)
 52 |     q, r = bytes.empty? ? [0, 0] : tolen.divmod(bytes.size) 
 53 |     bytes * q + bytes[0, r]
 54 |   end
 55 | 
 56 |   u = hash.digest_length
 57 |   v = hash.block_length
 58 | 
 59 |   s = makelen(s, v * (s.size.to_f / v).ceil)
 60 |   p = makelen(p, v * (p.size.to_f / v).ceil)
 61 | 
 62 |   ii = s + p
 63 | 
 64 |   kdf = lambda do |xlen, id, i|
 65 |     k = (xlen.to_f / u).ceil
 66 |     d = id.chr * v
 67 |     ai = d + i
 68 |     count.times { ai = hash.digest(ai) }
 69 |     [ai[0, xlen], i]
 70 |   end
 71 | 
 72 |   key, i = kdf[dklen, 1, ii]
 73 |   init, i = kdf[ivlen, 2, i]
 74 |   [key, init]
 75 | end
 76 | 
 77 | 
 78 | def decrypt_pbe_with_and_128rc2_CBC(cipher_text, password, salt, count)
 79 |   kdf = pbkdf3(password, salt, count, 16, 8, OpenSSL::Digest::SHA1.new)
 80 |   decrypt('rc2-cbc', kdf[0], kdf[1], cipher_text)
 81 | end
 82 | 
 83 | def read_ini_file(filename)
 84 |   io = open(filename, 'rb')
 85 |   begin
 86 |     r = SerializedSystemIni.read(io)
 87 |   rescue
 88 |     abort 'SerializedSystemIni.dat Error' 
 89 |   end
 90 |   io.close
 91 |   [r.salt, r.encryption.ini_key]
 92 | end
 93 | 
 94 | 
 95 | def weblogic_decrypt(ini_file, accounts)
 96 |   # encode this key the "Java" encoding utf-16-be
 97 |   password = (WEBLOGIC_MASTER_KEY + "\0").encode('utf-16be').b
 98 |   salt, encryption_key = read_ini_file(ini_file)
 99 | 
100 |   # generate the secret-key using:
101 |   #  - PBEWITHSHAAND128BITRC2-CBC
102 |   #  - 5 rounds
103 |   secret_key = decrypt_pbe_with_and_128rc2_CBC(encryption_key, password, salt, 5)
104 | 
105 |   accounts.each do |username, algo, ciphertext|
106 |     data = ciphertext.unpack1 'm0'
107 |     passwd =
108 |       case algo
109 |       when 'AES'
110 |         decrypt('aes-128-cbc', secret_key, data[0,16], data[16..-1])
111 |       when 'AES256'
112 |         decrypt('aes-256-cbc', secret_key, data[0,16], data[16..-1])
113 |       when '3DES'
114 |         decrypt('des3', secret_key, salt[0,4] * 2, data)
115 |       end
116 |     if username.empty?
117 |       puts "[+] Plaintext: #{passwd}"
118 |     else
119 |       puts "[+] Account: #{username}\t#{passwd}"
120 |     end
121 |   end
122 | end
123 | 
124 | 
125 | if __FILE__ == $PROGRAM_NAME
126 |   if ARGV.size == 2
127 |     ini_file, opt = ARGV
128 | 
129 |     if File.file?(opt)
130 |       config = File.read opt
131 | 
132 |       server_port = config.match(/<listen-port>(\d+)<\/listen-port>/)
133 |       puts "[*] Server Port: #{server_port[1]}" if server_port
134 | 
135 |       jdbc = config.each_line.grep /jdbc:/
136 |       puts "[*] JDBC: #{jdbc[0].gsub(/<.*?>/, '')}" if jdbc.size > 0
137 | 
138 |       accounts = config.scan(RE)
139 |     else
140 |       accounts = opt.scan(CipherRE)
141 |     end
142 | 
143 |     weblogic_decrypt(ini_file, accounts)
144 |   else
145 |     puts <<~EOF
146 |     usage: weblogic_password.rb <SerializedSystemIni.bat> <config.xml|ciphertext>
147 | 
148 |     SerializedSystemIni.bat:
149 |       wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/security/SerializedSystemIni.dat
150 | 
151 |     config.xml:
152 |       wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/config/config.xml
153 | 
154 |     ciphertext:
155 |       security/boot.properties
156 |     EOF
157 |   end
158 | end
159 | 


--------------------------------------------------------------------------------
/crypto/weblogic_password.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # /console/ login account
  3 | # -i ~/wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/security/SerializedSystemIni.dat
  4 | # -f ~/wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/config/config.xml
  5 | from Crypto.Cipher import ARC2, AES, DES3
  6 | from Crypto.Hash import SHA
  7 | 
  8 | import struct
  9 | import re
 10 | import os
 11 | from base64 import b64decode
 12 | 
 13 | from optparse import OptionParser
 14 | 
 15 | # Script version
 16 | VERSION = '1.0'
 17 | 
 18 | parser = OptionParser(usage="%prog [options]\nVersion: " + VERSION)
 19 | parser.add_option("-i", "--ini", dest="ini_file",  help="Path to SerializedSystemIni.dat file", default='./SerializedSystemIni.dat')
 20 | parser.add_option("-s", "--string", dest="cipher_string",  help="Cipher string from config.xml")
 21 | parser.add_option("-f", "--config-file", dest="config_file", help="Weblogic configuration file", default='./config.xml')
 22 | 
 23 | # shortcut functions
 24 | BS = 8
 25 | pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
 26 | unpad = lambda s : s[0:-ord(s[-1])]
 27 | ceildiv = lambda n, d: (n + d - 1) // d
 28 | 
 29 | # key used by all Weblogic servers
 30 | WEBLOGIC_MASTER_KEY = "0xccb97558940b82637c8bec3c770f86fa3a391a56"
 31 | 
 32 | RE_AES =  re.compile(r'([^>]+?)<\/[^>]+?>\s+?<[^>]+?>\{AES\}(.+?)<\/')
 33 | RE_3DES = re.compile(r'([^>]+?)<\/[^>]+?>\s+?<[^>]+?>\{3DES\}(.+?)<\/')
 34 | 
 35 | def unpack_helper(fmt, data):
 36 |     size = struct.calcsize(fmt)
 37 |     return struct.unpack(fmt, data[:size]), data[size:]
 38 | 
 39 | def PBKDF3(P, S, count, dklen, ivlen, hash):
 40 |     def makelen(bytes, tolen):
 41 |         q, r = divmod(tolen, len(bytes)) if bytes else (0, 0)
 42 |         return bytes * q + bytes[:r]
 43 | 
 44 |     u = hash.digest_size
 45 |     v = hash.block_size
 46 |     S = makelen(S, v * ceildiv(len(S), v))
 47 |     P = makelen(P, v * ceildiv(len(P), v))
 48 |     II = S + P
 49 | 
 50 |     def kdf(xlen, id, I):
 51 |         k = ceildiv(xlen, u)
 52 |         D = chr(id)*v
 53 |         A = []
 54 | 
 55 |         for i in xrange(1, k+1):
 56 |             Ai = reduce(lambda Ai,_: hash.new(Ai).digest(), xrange(count), D + I)
 57 |             A.append(Ai)
 58 | 
 59 |             if i == k:
 60 |                 break
 61 | 
 62 |             B = btol(makelen(Ai, v)) + 1
 63 |             I = ''.join([ltob(btol(I[j:j+v]) + B, v) for j in range(0, len(I), v)])
 64 |         return b''.join(A)[:xlen], I
 65 | 
 66 |     key, I = kdf(dklen, 1, II)
 67 |     init, I = kdf(ivlen, 2, I) if ivlen > 1 else None
 68 | 
 69 |     return key, init
 70 | 
 71 | def read_ini_file(path):
 72 |     with open(path) as fd:
 73 |         b = fd.read()
 74 | 
 75 |     (salt_len, ), b = unpack_helper("=B", b)
 76 |     (salt, version, key_len), b = unpack_helper("=%ssBB" % salt_len, b)
 77 |     (key, ), b = unpack_helper("=%ss" % key_len, b)
 78 |     if version >= 2:
 79 |         (key_len, ), b = unpack_helper("=B", b)
 80 |         (key, ), b = unpack_helper("=%ss" % key_len, b)
 81 | 
 82 |     return (salt, key)
 83 | 
 84 | def decrypt_pbe_with_and_128rc2_CBC(cipher_text, password, salt, count):
 85 |     kdf = PBKDF3(password, salt, count, 16, 8, SHA)
 86 |     cipher = ARC2.new(kdf[0], ARC2.MODE_CBC, kdf[1], effective_keylen=128)
 87 |     secret_key = unpad(cipher.decrypt(cipher_text))
 88 | 
 89 |     return secret_key
 90 | 
 91 | 
 92 | def decrypt_AES(key, data, salt):
 93 |     # AES/CBC/PKCS5Paddin with iv = salt[:16]
 94 |     cipher = AES.new(key, AES.MODE_CBC, data[:AES.block_size])
 95 |     plain_password = unpad(cipher.decrypt(data[AES.block_size:]))
 96 | 
 97 |     return plain_password
 98 | 
 99 | def decrypt_3DES(key, data, salt):
100 |     # DESEDE/CBC/PKCS5Padding with iv is the salt
101 |     cipher = DES3.new(key, DES3.MODE_CBC, salt[DES3.block_size])
102 |     plain_password = cipher.decrypt(data)
103 | 
104 |     return plain_password
105 | 
106 | def main():
107 |     (options, args) = parser.parse_args()
108 | 
109 |     if not options.ini_file:
110 |         parser.error('Missing SerializedSystemIni.dat file')
111 | 
112 |     datas = []
113 |     if options.cipher_string:
114 |         if options.cipher_string[:5] == '{AES}':
115 |             datas = [(decrypt_AES, None, options.cipher_string[5:])]
116 |         elif options.cipher_string[:5] == '{3DES}':
117 |             datas = [(decrypt_3DES, None, options.cipher_string[5:])]
118 |         else:
119 |             parser.error('Cipher string must start with "{AES}" or "{3DES}"')
120 |     elif options.config_file:
121 |         if not os.path.isfile(options.config_file):
122 |             parser.error('Config file does not exist')
123 | 
124 |         with open(options.config_file) as fd:
125 |             f = fd.read()
126 | 
127 |         datas = map(lambda i: (decrypt_AES, i[0], i[1]), RE_AES.findall(f)) + map(lambda i: (decrypt_3DES, i[0], i[1]), RE_3DES.findall(f))
128 | 
129 |         if len(datas) == 0:
130 |             parser.error('No password found in the config file')
131 |     else:
132 |         parser.error('Missing cipher string or configuration file')
133 | 
134 | 
135 |     # encode this key the "Java" encoding utf-16-be
136 |     password = (unicode(WEBLOGIC_MASTER_KEY) + u'\0').encode('utf-16-be')
137 | 
138 |     # read the ini file to get the salt and encryption key
139 |     salt, encryption_key = read_ini_file(options.ini_file)
140 | 
141 |     # generate the secret-key using:
142 |     #  - PBEWITHSHAAND128BITRC2-CBC
143 |     #  - 5 rounds
144 |     secret_key = decrypt_pbe_with_and_128rc2_CBC(encryption_key, password, salt, 5)
145 | 
146 |     for decrypt_fn, username, ciphertext in datas:
147 |         data = b64decode(ciphertext)
148 |         # decrypt the passwors using the correct cipher
149 |         plain_password = decrypt_fn(secret_key, data, salt)
150 | 
151 |         if username:
152 |             print "[+] Account: {}\t{}".format(username, plain_password)
153 |         else:
154 |             print "[+] Password:", plain_password
155 | 
156 | if __name__ == "__main__":
157 |     main()
158 | 


--------------------------------------------------------------------------------
/awd/scanner/old-synproxy-scan.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | __author__ = 'L'
  3 | __date__ = '2017-08-11'
  4 | __version__ = '1.0.2'
  5 | 
  6 | import warnings
  7 | import logging
  8 | warnings.filterwarnings('ignore', category=DeprecationWarning)
  9 | logging.getLogger('scapy.runtime').setLevel(logging.ERROR)
 10 | import time,socket,threading,argparse,sys
 11 | from datetime import datetime
 12 | 
 13 | 
 14 | def prn(pk):
 15 |     p_or_s = pk.sprintf('%TCP.sport%').replace('_', '-')
 16 |     port = p_or_s if p_or_s.isdigit() else socket.getservbyname(p_or_s, 'tcp')
 17 |     service = 'unknown' if p_or_s.isdigit() else p_or_s
 18 |     return '{:<5} open  {}'.format(port, service)
 19 | 
 20 | def lfilter(pk):
 21 |     global open_ports
 22 |     flags = pk.sprintf('%TCP.flags%') == 'A' 
 23 |     window = pk.sprintf('%TCP.window%') != '0'
 24 |     ip = pk.sprintf('%IP.src%') == ip_src
 25 |     port = pk.sprintf('%TCP.sport%')
 26 |     if all((flags, window, ip, port not in open_ports)):
 27 |         open_ports.add(port)
 28 |         return True
 29 | 
 30 | def SYNProxy_filter():
 31 |     sniff(lfilter=lfilter, prn=prn, store=0)
 32 | 
 33 | 
 34 | def send(ip, port, timeout):
 35 |     try:
 36 |         c = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
 37 |         c.settimeout(timeout)
 38 |         c.connect((ip, port))
 39 |         c.close()
 40 |     except:
 41 |         pass
 42 | 
 43 | 
 44 | def Thread(target, *args):
 45 |     t = threading.Thread(target=target, args=args)
 46 |     t.setDaemon(True)
 47 |     t.start()
 48 | 
 49 | 
 50 | def commandline():
 51 |     port_default = '1,7,9,11,13,15,17,18,19,20,21,22,23,25,37,42,43,49,50,53,57,65,67,68,70,77,79,80,87,88,95,101,102,104,105,107,109,110,111,113,115,117,119,123,129,135,137,138,139,143,161,162,163,164,174,177,178,179,191,194,199,201,202,204,206,209,210,213,220,345,346,347,369,370,371,372,389,406,427,443,444,445,464,465,487,500,554,607,610,611,612,628,631,512,513,514,515,526,530,531,532,538,540,543,544,546,547,548,549,556,563,587,636,655,706,749,765,873,989,990,992,993,994,995,1080,1093,1094,1194,1099,1214,1241,1352,1433,1434,1524,1525,1645,1646,1649,1677,1701,1812,1813,1863,1957,1958,1959,2000,2010,2010,2049,2086,2101,2119,2135,2401,2430,2431,2432,2433,2583,2628,2792,2811,2947,3050,3130,3260,3306,3493,3632,3689,3690,4031,4094,4190,4369,4373,4353,4569,4691,4899,5002,5050,5060,5061,5190,5222,5269,5308,5353,5432,5556,5671,5672,5688,6000,6001,6002,6003,6004,6005,6006,6007,6346,6347,6444,6445,6446,7000,7001,7002,7003,7004,7005,7006,7007,7008,7009,7100,8080,8181,8443,9101,9102,9103,9667,10809,10050,10051,10080,11112,11371,13720,13721,13722,13724,13782,13783,17500,22125,22128,22273,750,751,754,760,901,1109,2053,2105,2111,2121,871,1127,98,106,775,777,783,808,1001,1178,1236,1300,1313,1314,1529,2003,2121,2150,2600,2601,2602,2603,2604,2605,2606,2607,2608,2988,2989,4224,4557,4559,4600,4949,5051,5052,5151,5354,5355,5666,5667,5674,5675,5680,6514,6566,6667,8021,8081,8088,8990,9098,9418,9673,10000,10081,10082,10083,11201,15345,17004,20011,20012,24554,27374,30865,57000,60177,60179'
 52 |     def port_parse(ports_str):
 53 |         if '-' == ports_str:
 54 |             return range(1,65536)
 55 |         else:
 56 |             ports = ports_str.split(',')
 57 |             ps = []
 58 |             for p in ports:
 59 |                 if '-' in p:
 60 |                     start, end = p.split('-')
 61 |                     ps += range(int(start), int(end)+1)
 62 |                 else:
 63 |                     ps.append(int(p))
 64 |             return set(ps)
 65 |     parser = argparse.ArgumentParser(prog='L-SYN Proxy Scan', add_help=False, description='Author: {__author__}, Version: {__version__}, Date: {__date__}'.format(**globals()))
 66 |     parser.add_argument('TARGET', help='Hostname or IP address')
 67 |     parser.add_argument('-p', metavar='PORTS', help='Port Ranges', default=port_default)
 68 |     parser.add_argument('-t', metavar='THREADS', help='MAX Threads [default:%(default)s]', default=300, type=int)
 69 |     parser.add_argument('--timeout', metavar='SECONDS', help='Timeout [default:%(default)s]', default=5, type=int)
 70 |     if not sys.argv[1:]:
 71 |         parser.print_help()
 72 |         exit()
 73 |     args = parser.parse_args()
 74 |     try:
 75 |         ip = socket.gethostbyname(args.TARGET)
 76 |     except:
 77 |         raise SystemExit('Failed to resolve "{}"'.format(args.TARGET))
 78 |     return ip, port_parse(args.p), args.t, args.timeout
 79 | 
 80 | 
 81 | if __name__ == '__main__':
 82 |     ip, ports, MAX_THREAD, timeout = commandline()
 83 |     try:
 84 |         from scapy.all import sniff
 85 |     except:
 86 |         raise SystemExit('Please install scapy module')
 87 |     banner = r''' ______   ___   _   ____                        ____                  
 88 | / ___\ \ / / \ | | |  _ \ _ __ _____  ___   _  / ___|  ___ __ _ _ __  
 89 | \___ \\ V /|  \| | | |_) | '__/ _ \ \/ / | | | \___ \ / __/ _` | '_ \ 
 90 |  ___) || | | |\  | |  __/| | | (_) >  <| |_| |  ___) | (_| (_| | | | |
 91 | |____/ |_| |_| \_| |_|   |_|  \___/_/\_\\__, | |____/ \___\__,_|_| |_|
 92 |       author: {__author__} version: {__version__}          |___/                        
 93 | '''.format(**globals())
 94 |     print(banner)
 95 |     open_ports = set()
 96 |     try:
 97 |         ip_src = ip
 98 |         Thread(SYNProxy_filter)
 99 |         start = time.time()
100 |         print('Strting SYN Proxy Scan {} at {}'.format(__version__, datetime.now().strftime('%Y-%m-%d %H:%M:%S')))
101 |         print('\nScan report for {}\nPORT  STATE SERVICE'.format(ip))
102 |         for port in ports:
103 |             Thread(send, ip, port, timeout)
104 |             if threading.activeCount() > MAX_THREAD:
105 |                 time.sleep(0.5)
106 | 
107 |         while threading.activeCount() > 2:
108 |             time.sleep(0.5)
109 |         end = time.time() - start
110 |         if not len(open_ports):
111 |             print(' --   None   ----')
112 |         print('\nSYN Proxy Scan Done: {} ports ({} open) in {:.2f} seconds'.format(len(ports), len(open_ports), end))
113 |         exit()
114 |     except KeyboardInterrupt:
115 |         raise SystemExit('\nInterrrput success')
116 | 


--------------------------------------------------------------------------------
/ics/pcap/ics_analysis.rb:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env ruby
  2 | # 
  3 | # Author L
  4 | #
  5 | 
  6 | CommentMap = {
  7 |   'mms.confirmedServiceRequest' => {
  8 |      "0" => "status",
  9 |      "1" => "getNameList",
 10 |      "2" => "identify",
 11 |      "3" => "rename",
 12 |      "4" => "read",
 13 |      "5" => "write",
 14 |      "6" => "getVariableAccessAttributes",
 15 |      "7" => "defineNamedVariable",
 16 |      "8" => "defineScatteredAccess",
 17 |      "9" => "getScatteredAccessAttributes",
 18 |     "10" => "deleteVariableAccess",
 19 |     "11" => "defineNamedVariableList",
 20 |     "12" => "getNamedVariableListAttributes",
 21 |     "13" => "deleteNamedVariableList",
 22 |     "14" => "defineNamedType",
 23 |     "15" => "getNamedTypeAttributes",
 24 |     "16" => "deleteNamedType",
 25 |     "17" => "input",
 26 |     "18" => "output",
 27 |     "19" => "takeControl",
 28 |     "20" => "relinquishControl",
 29 |     "21" => "defineSemaphore",
 30 |     "22" => "deleteSemaphore",
 31 |     "23" => "reportSemaphoreStatus",
 32 |     "24" => "reportPoolSemaphoreStatus",
 33 |     "25" => "reportSemaphoreEntryStatus",
 34 |     "26" => "initiateDownloadSequence",
 35 |     "27" => "downloadSegment",
 36 |     "28" => "terminateDownloadSequence",
 37 |     "29" => "initiateUploadSequence",
 38 |     "30" => "uploadSegment",
 39 |     "31" => "terminateUploadSequence",
 40 |     "32" => "requestDomainDownload",
 41 |     "33" => "requestDomainUpload",
 42 |     "34" => "loadDomainContent",
 43 |     "35" => "storeDomainContent",
 44 |     "36" => "deleteDomain",
 45 |     "37" => "getDomainAttributes",
 46 |     "38" => "createProgramInvocation",
 47 |     "39" => "deleteProgramInvocation",
 48 |     "40" => "start",
 49 |     "41" => "stop",
 50 |     "42" => "resume",
 51 |     "43" => "reset",
 52 |     "44" => "kill",
 53 |     "45" => "getProgramInvocationAttributes",
 54 |     "46" => "obtainFile",
 55 |     "47" => "defineEventCondition",
 56 |     "48" => "deleteEventCondition",
 57 |     "49" => "getEventConditionAttributes",
 58 |     "50" => "reportEventConditionStatus",
 59 |     "51" => "alterEventConditionMonitoring",
 60 |     "52" => "triggerEvent",
 61 |     "53" => "defineEventAction",
 62 |     "54" => "deleteEventAction",
 63 |     "55" => "getEventActionAttributes",
 64 |     "56" => "reportEventActionStatus",
 65 |     "57" => "defineEventEnrollment",
 66 |     "58" => "deleteEventEnrollment",
 67 |     "59" => "alterEventEnrollment",
 68 |     "60" => "reportEventEnrollmentStatus",
 69 |     "61" => "getEventEnrollmentAttributes",
 70 |     "62" => "acknowledgeEventNotification",
 71 |     "63" => "getAlarmSummary",
 72 |     "64" => "getAlarmEnrollmentSummary",
 73 |     "65" => "readJournal",
 74 |     "66" => "writeJournal",
 75 |     "67" => "initializeJournal",
 76 |     "68" => "reportJournalStatus",
 77 |     "69" => "createJournal",
 78 |     "70" => "deleteJournal",
 79 |     "71" => "getCapabilityList",
 80 |     "72" => "fileOpen",
 81 |     "73" => "fileRead",
 82 |     "74" => "fileClose",
 83 |     "75" => "fileRename",
 84 |     "76" => "fileDelete",
 85 |     "77" => "fileDirectory"
 86 |   },
 87 |   'mms.confirmedServiceResponse' => {
 88 |      "0" => "status",
 89 |      "1" => "getNameList",
 90 |      "2" => "identify",
 91 |      "3" => "rename",
 92 |      "4" => "read",
 93 |      "5" => "write",
 94 |      "6" => "getVariableAccessAttributes",
 95 |      "7" => "defineNamedVariable",
 96 |      "8" => "defineScatteredAccess",
 97 |      "9" => "getScatteredAccessAttributes",
 98 |     "10" => "deleteVariableAccess",
 99 |     "11" => "defineNamedVariableList",
100 |     "12" => "getNamedVariableListAttributes",
101 |     "13" => "deleteNamedVariableList",
102 |     "14" => "defineNamedType",
103 |     "15" => "getNamedTypeAttributes",
104 |     "16" => "deleteNamedType",
105 |     "17" => "input",
106 |     "18" => "output",
107 |     "19" => "takeControl",
108 |     "20" => "relinquishControl",
109 |     "21" => "defineSemaphore",
110 |     "22" => "deleteSemaphore",
111 |     "23" => "reportSemaphoreStatus",
112 |     "24" => "reportPoolSemaphoreStatus",
113 |     "25" => "reportSemaphoreEntryStatus",
114 |     "26" => "initiateDownloadSequence",
115 |     "27" => "downloadSegment",
116 |     "28" => "terminateDownloadSequence",
117 |     "29" => "initiateUploadSequence",
118 |     "30" => "uploadSegment",
119 |     "31" => "terminateUploadSequence",
120 |     "32" => "requestDomainDownLoad",
121 |     "33" => "requestDomainUpload",
122 |     "34" => "loadDomainContent",
123 |     "35" => "storeDomainContent",
124 |     "36" => "deleteDomain",
125 |     "37" => "getDomainAttributes",
126 |     "38" => "createProgramInvocation",
127 |     "39" => "deleteProgramInvocation",
128 |     "40" => "start",
129 |     "41" => "stop",
130 |     "42" => "resume",
131 |     "43" => "reset",
132 |     "44" => "kill",
133 |     "45" => "getProgramInvocationAttributes",
134 |     "46" => "obtainFile",
135 |     "72" => "fileOpen",
136 |     "47" => "defineEventCondition",
137 |     "48" => "deleteEventCondition",
138 |     "49" => "getEventConditionAttributes",
139 |     "50" => "reportEventConditionStatus",
140 |     "51" => "alterEventConditionMonitoring",
141 |     "52" => "triggerEvent",
142 |     "53" => "defineEventAction",
143 |     "54" => "deleteEventAction",
144 |     "55" => "getEventActionAttributes",
145 |     "56" => "reportActionStatus",
146 |     "57" => "defineEventEnrollment",
147 |     "58" => "deleteEventEnrollment",
148 |     "59" => "alterEventEnrollment",
149 |     "60" => "reportEventEnrollmentStatus",
150 |     "61" => "getEventEnrollmentAttributes",
151 |     "62" => "acknowledgeEventNotification",
152 |     "63" => "getAlarmSummary",
153 |     "64" => "getAlarmEnrollmentSummary",
154 |     "65" => "readJournal",
155 |     "66" => "writeJournal",
156 |     "67" => "initializeJournal",
157 |     "68" => "reportJournalStatus",
158 |     "69" => "createJournal",
159 |     "70" => "deleteJournal",
160 |     "71" => "getCapabilityList",
161 |     "73" => "fileRead",
162 |     "74" => "fileClose",
163 |     "75" => "fileRename",
164 |     "76" => "fileDelete",
165 |     "77" => "fileDirectory"
166 |   },
167 |   "s7comm.param.func" => {
168 |     "0x00000000" => "CPU services",
169 | 	  "0x000000f0" => "Setup communication",
170 | 	  "0x00000004" => "Read Var",
171 | 	  "0x00000005" => "Write Var",
172 | 	  "0x0000001a" => "Request download",
173 | 	  "0x0000001b" => "Download block",
174 | 	  "0x0000001c" => "Download ended",
175 | 	  "0x0000001d" => "Start upload",
176 | 	  "0x0000001e" => "Upload",
177 | 	  "0x0000001f" => "End upload",
178 | 	  "0x00000028" => "PI-Service",
179 | 	  "0x00000029" => "PLC Stop"
180 | 	},
181 |   "modbus.func_code" => {
182 | 		 "1" => "Read Coils",
183 | 		 "2" => "Read Discrete Inputs",
184 | 		 "3" => "Read Holding Registers",
185 | 		 "4" => "Read Input Registers",
186 | 		 "5" => "Write Single Coil",
187 | 		 "6" => "Write Single Register",
188 | 		 "7" => "Read Exception Status",
189 | 		 "8" => "Diagnostics",
190 | 		"11" => "Get Comm. Event Counters",
191 | 		"12" => "Get Comm. Event Log",
192 | 		"15" => "Write Multiple Coils",
193 | 		"16" => "Write Multiple Registers",
194 | 		"17" => "Report Slave ID",
195 | 		"20" => "Read File Record",
196 | 		"21" => "Write File Record",
197 | 		"22" => "Mask Write Register",
198 | 		"23" => "Read Write Register",
199 | 		"24" => "Read FIFO Queue",
200 | 		"43" => "Encapsulated Interface Transport",
201 | 		"90" => "Unity (Schneider)"
202 | 	},
203 |   "cotp.type" => {
204 | 		"0x00000001" => "ED Expedited Data",
205 | 		"0x00000002" => "EA Expedited Data Acknowledgement",
206 | 		"0x00000004" => "UD",
207 | 		"0x00000005" => "RJ Reject",
208 | 		"0x00000006" => "AK Data Acknowledgement",
209 | 		"0x00000007" => "ER TPDU Error",
210 | 		"0x00000008" => "DR Disconnect Request",
211 | 		"0x0000000c" => "DC Disconnect Confirm",
212 | 		"0x0000000d" => "CC Connect Confirm",
213 | 		"0x0000000e" => "CR Connect Request",
214 | 		"0x0000000f" => "DT Data",
215 | 	},
216 | 	"ams.cmdid" => {
217 | 		"0" =>  "Invalid",
218 | 		"1" =>  "ADS Read Device Info",
219 | 		"2" =>  "ADS Read",
220 | 		"3" =>  "ADS Write",
221 | 		"4" =>  "ADS Read State",
222 | 		"5" =>  "ADS Write Control",
223 | 		"6" =>  "ADS Add Device Notification",
224 | 		"7" =>  "ADS Delete Device Notification",
225 | 		"8" =>  "ADS Device Notification",
226 | 		"9" =>  "ADS Read Write",
227 |   }
228 | }
229 | 
230 | if ARGV.size != 2
231 |   puts 'Usage: ./ics_analysis.rb <pcap_file> <analysis_field>'
232 |   puts 'Common Field'
233 |   puts CommentMap.keys.map{|x| '  ' + x}
234 |   exit
235 | end
236 | 
237 | pcap_file = ARGV[0]
238 | field = ARGV[1]
239 | 
240 | puts "Analyzing..."
241 | puts
242 | 
243 | data = `tshark -r '#{pcap_file}' -Y #{field} -T fields -e #{field}`.lines(chomp: true)
244 | field_count = data.group_by(&:itself).transform_values(&:size)
245 | total = field_count.values.sum
246 | 
247 | field_count.sort_by(&:last).each do |value, count|
248 |   comment = CommentMap.dig(field, value)
249 |   comment = "[#{comment}]" if comment
250 |   puts "(%05.2f%%) %4s => %-10s #{comment}" % [(count / total.to_f) * 100, count, value]
251 | end
252 | 
253 | puts
254 | puts "Keys: #{field_count.size}, Total: #{total}"
255 | 


--------------------------------------------------------------------------------
/misc/stego/stegosaurus.py:
--------------------------------------------------------------------------------
  1 | import argparse
  2 | import logging
  3 | import marshal
  4 | import opcode
  5 | import os
  6 | import py_compile
  7 | import sys
  8 | import math
  9 | import string
 10 | import types
 11 | 
 12 | if sys.version_info < (3, 6):
 13 |     sys.exit("Stegosaurus requires Python 3.6 or later")
 14 | 
 15 | 
 16 | class MutableBytecode():
 17 |     def __init__(self, code):
 18 |         self.originalCode = code
 19 |         self.bytes = bytearray(code.co_code)
 20 |         self.consts = [MutableBytecode(const) if isinstance(const, types.CodeType) else const for const in code.co_consts]
 21 | 
 22 | 
 23 | def _bytesAvailableForPayload(mutableBytecodeStack, explodeAfter, logger=None):
 24 |     for mutableBytecode in reversed(mutableBytecodeStack):
 25 |         bytes = mutableBytecode.bytes
 26 |         consecutivePrintableBytes = 0
 27 |         for i in range(0, len(bytes)):
 28 |             if chr(bytes[i]) in string.printable:
 29 |                 consecutivePrintableBytes += 1
 30 |             else:
 31 |                 consecutivePrintableBytes = 0
 32 | 
 33 |             if i % 2 == 0 and bytes[i] < opcode.HAVE_ARGUMENT:
 34 |                 if consecutivePrintableBytes >= explodeAfter:
 35 |                     if logger:
 36 |                         logger.debug("Skipping available byte to terminate string leak")
 37 |                     consecutivePrintableBytes = 0
 38 |                     continue
 39 |                 yield (bytes, i + 1)
 40 | 
 41 | 
 42 | def _createMutableBytecodeStack(mutableBytecode):
 43 |     def _stack(parent, stack):
 44 |         stack.append(parent)
 45 | 
 46 |         for child in [const for const in parent.consts if isinstance(const, MutableBytecode)]:
 47 |             _stack(child, stack)
 48 | 
 49 |         return stack
 50 | 
 51 |     return _stack(mutableBytecode, [])
 52 | 
 53 | 
 54 | def _dumpBytecode(header, code, carrier, logger):
 55 |     try:
 56 |         f = open(carrier, "wb")
 57 |         f.write(header)
 58 |         marshal.dump(code, f)
 59 |         logger.info("Wrote carrier file as %s", carrier)
 60 |     finally:
 61 |         f.close()
 62 | 
 63 | 
 64 | def _embedPayload(mutableBytecodeStack, payload, explodeAfter, logger):
 65 |     payloadBytes = bytearray(payload, "utf8")
 66 |     payloadIndex = 0
 67 |     payloadLen = len(payloadBytes)
 68 | 
 69 |     for bytes, byteIndex in _bytesAvailableForPayload(mutableBytecodeStack, explodeAfter):
 70 |         if payloadIndex < payloadLen:
 71 |             bytes[byteIndex] = payloadBytes[payloadIndex]
 72 |             payloadIndex += 1
 73 |         else:
 74 |             bytes[byteIndex] = 0
 75 | 
 76 |     print("Payload embedded in carrier")
 77 | 
 78 | 
 79 | def _extractPayload(mutableBytecodeStack, explodeAfter, logger):
 80 |     payloadBytes = bytearray()
 81 | 
 82 |     for bytes, byteIndex in _bytesAvailableForPayload(mutableBytecodeStack, explodeAfter):
 83 |         byte = bytes[byteIndex]
 84 |         if byte == 0:
 85 |             break
 86 |         payloadBytes.append(byte)
 87 | 
 88 |     payload = str(payloadBytes, "utf8")
 89 | 
 90 |     print("Extracted payload: {}".format(payload))
 91 | 
 92 | 
 93 | def _getCarrierFile(args, logger):
 94 |     carrier = args.carrier
 95 |     _, ext = os.path.splitext(carrier)
 96 | 
 97 |     if ext == ".py":
 98 |         carrier = py_compile.compile(carrier, doraise=True)
 99 |         logger.info("Compiled %s as %s for use as carrier", args.carrier, carrier)
100 | 
101 |     return carrier
102 | 
103 | 
104 | def _initLogger(args):
105 |     handler = logging.StreamHandler()
106 |     handler.setFormatter(logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s'))
107 | 
108 |     logger = logging.getLogger("stegosaurus")
109 |     logger.addHandler(handler)
110 | 
111 |     if args.verbose:
112 |         if args.verbose == 1:
113 |             logger.setLevel(logging.INFO)
114 |         else:
115 |             logger.setLevel(logging.DEBUG)
116 | 
117 |     return logger
118 | 
119 | 
120 | def _loadBytecode(carrier, logger):
121 |     try:
122 |         f = open(carrier, "rb")
123 |         header = f.read(12)
124 |         code = marshal.load(f)
125 |         logger.debug("Read header and bytecode from carrier")
126 |     finally:
127 |         f.close()
128 | 
129 |     return (header, code)
130 | 
131 | 
132 | def _logBytesAvailableForPayload(mutableBytecodeStack, explodeAfter, logger):
133 |     for bytes, i in _bytesAvailableForPayload(mutableBytecodeStack, explodeAfter, logger):
134 |         logger.debug("%s (%d)", opcode.opname[bytes[i - 1]], bytes[i])
135 | 
136 | 
137 | def _maxSupportedPayloadSize(mutableBytecodeStack, explodeAfter, logger):
138 |     maxPayloadSize = 0
139 | 
140 |     for bytes, i in _bytesAvailableForPayload(mutableBytecodeStack, explodeAfter):
141 |         maxPayloadSize += 1
142 | 
143 |     logger.info("Found %d bytes available for payload", maxPayloadSize)
144 | 
145 |     return maxPayloadSize
146 | 
147 | 
148 | def _parseArgs():
149 |     argParser = argparse.ArgumentParser()
150 |     argParser.add_argument("carrier", help="Carrier py, pyc or pyo file")
151 |     argParser.add_argument("-p", "--payload", help="Embed payload in carrier file")
152 |     argParser.add_argument("-r", "--report", action="store_true", help="Report max available payload size carrier supports")
153 |     argParser.add_argument("-s", "--side-by-side", action="store_true", help="Do not overwrite carrier file, install side by side instead.")
154 |     argParser.add_argument("-v", "--verbose", action="count", help="Increase verbosity once per use")
155 |     argParser.add_argument("-x", "--extract", action="store_true", help="Extract payload from carrier file")
156 |     argParser.add_argument("-e", "--explode", type=int, default=math.inf, help="Explode payload into groups of a limited length if necessary")
157 |     args = argParser.parse_args()
158 | 
159 |     return args
160 | 
161 | 
162 | def _toCodeType(mutableBytecode):
163 |     return types.CodeType(
164 |         mutableBytecode.originalCode.co_argcount,
165 |         mutableBytecode.originalCode.co_kwonlyargcount,
166 |         mutableBytecode.originalCode.co_nlocals,
167 |         mutableBytecode.originalCode.co_stacksize,
168 |         mutableBytecode.originalCode.co_flags,
169 |         bytes(mutableBytecode.bytes),
170 |         tuple([_toCodeType(const) if isinstance(const, MutableBytecode) else const for const in mutableBytecode.consts]),
171 |         mutableBytecode.originalCode.co_names,
172 |         mutableBytecode.originalCode.co_varnames,
173 |         mutableBytecode.originalCode.co_filename,
174 |         mutableBytecode.originalCode.co_name,
175 |         mutableBytecode.originalCode.co_firstlineno,
176 |         mutableBytecode.originalCode.co_lnotab,
177 |         mutableBytecode.originalCode.co_freevars,
178 |         mutableBytecode.originalCode.co_cellvars
179 |         )
180 | 
181 | 
182 | def _validateArgs(args, logger):
183 |     def _exit(msg):
184 |         msg = "Fatal error: {}\nUse -h or --help for usage".format(msg)
185 |         sys.exit(msg)
186 | 
187 |     allowedCarriers = {".py", ".pyc", ".pyo"}
188 | 
189 |     _, ext = os.path.splitext(args.carrier)
190 | 
191 |     if ext not in allowedCarriers:
192 |         _exit("Carrier file must be one of the following types: {}, got: {}".format(allowedCarriers, ext))
193 | 
194 |     if args.payload is None:
195 |         if not args.report and not args.extract:
196 |             _exit("Unless -r or -x are specified, a payload is required")
197 | 
198 |     if args.extract or args.report:
199 |         if args.payload:
200 |             logger.warn("Payload is ignored when -x or -r is specified")
201 |         if args.side_by_side:
202 |             logger.warn("Side by side is ignored when -x or -r is specified")
203 | 
204 |     if args.explode and args.explode < 1:
205 |         _exit("Values for -e must be positive integers")
206 | 
207 |     logger.debug("Validated args")
208 | 
209 | 
210 | def main():
211 |     args = _parseArgs()
212 |     logger = _initLogger(args)
213 | 
214 |     _validateArgs(args, logger)
215 | 
216 |     carrier = _getCarrierFile(args, logger)
217 |     header, code = _loadBytecode(carrier, logger)
218 | 
219 |     mutableBytecode = MutableBytecode(code)
220 |     mutableBytecodeStack = _createMutableBytecodeStack(mutableBytecode)
221 |     _logBytesAvailableForPayload(mutableBytecodeStack, args.explode, logger)
222 | 
223 |     if args.extract:
224 |         _extractPayload(mutableBytecodeStack, args.explode, logger)
225 |         return
226 | 
227 |     maxPayloadSize = _maxSupportedPayloadSize(mutableBytecodeStack, args.explode, logger)
228 | 
229 |     if args.report:
230 |         print("Carrier can support a payload of {} bytes".format(maxPayloadSize))
231 |         return
232 | 
233 |     payloadLen = len(args.payload)
234 |     if payloadLen > maxPayloadSize:
235 |         sys.exit("Carrier can only support a payload of {} bytes, payload of {} bytes received".format(maxPayloadSize, payloadLen))
236 | 
237 |     _embedPayload(mutableBytecodeStack, args.payload, args.explode, logger)
238 |     _logBytesAvailableForPayload(mutableBytecodeStack, args.explode, logger)
239 | 
240 |     if args.side_by_side:
241 |         logger.debug("Creating new carrier file name for side-by-side install")
242 |         base, ext = os.path.splitext(carrier)
243 |         carrier = "{}-stegosaurus{}".format(base, ext)
244 | 
245 |     code = _toCodeType(mutableBytecode)
246 | 
247 |     _dumpBytecode(header, code, carrier, logger)
248 | 
249 | 
250 | if __name__ == "__main__":
251 |     main()
252 | 


--------------------------------------------------------------------------------
/crypto/shiro_keys.txt:
--------------------------------------------------------------------------------
   1 | +1pbesZjg+S6peSDyfAXRg==
   2 | +QJM+wFrfOeHtK5LygPKTw==
   3 | +RVeD7SZGjcDDjWP9Z8C3w==
   4 | +RrBOj1VB+ddMkyE3x68Zw==
   5 | +VMJeSsvKaxwJAZZ1hblBQ==
   6 | +YblQXFNIzeXbAeVHNweQg==
   7 | +cEp2B6cNDcaOYVoDLfQ6Q==
   8 | +eymeZd19l/86RGLFONUKQ==
   9 | +lcLFAA1yxmFcAuk9qyD9Q==
  10 | +vrdvOXgTEaNOjdFBzRNtg==
  11 | /2/uKHXDN4a+BEmBcMLDeA==
  12 | /8YvdnG+rQJJHMfnH39saw==
  13 | /MY7M9QQuIDQG85dlRMJvg==
  14 | /QEmZ7iT7D3pj66Sw03E/g==
  15 | /V2P6mmLlk7I9Ke6NaqsoA==
  16 | /kqpXbaVg8+Mhao6SIxHog==
  17 | /nPSgNUwEh4zqY9l5zb0bA==
  18 | /sLIpUl2/OiffIc5clPTYQ==
  19 | /tpr5CMddtY9FziFFfrHMA==
  20 | /yXsA+EB5DnLoJo5Z9CXPw==
  21 | /zFVooPJ56jNvd13SFUGNg==
  22 | 07lQjaDPEgxgFhmSnBqM8g==
  23 | 09rhOoTPDaH1ljnc0076Aw==
  24 | 0AvVhmFLUs0KTA3Kprsdag==
  25 | 0GTL0kjOhhS6V8Svqu8xrw==
  26 | 0H95dRmBRrrvn8MIG/DRKg==
  27 | 0KqPNEcL1Y49k5rstQHQaA==
  28 | 0RHWwBRW/5mX/v9c9skbIg==
  29 | 0S8aBnbt6jv3m4JFxw5Weg==
  30 | 0SDzLtJ8UuoRzfsxKzPE5w==
  31 | 0XtKyENo4oWCvETi+03Hog==
  32 | 0YLZUNY6flkRCCSA7vMe0A==
  33 | 0cRUHddgjatn1COPtwaQvQ==
  34 | 0ffr1y8Ssug0EV2/YJOJuQ==
  35 | 0hMZEy8OroEKsK0kN6AQQA==
  36 | 0mG2OTtoTs2Y89WTju+7pQ==
  37 | 0vOR4C9LYcm08vaDSfBXfw==
  38 | 1/s4/bFFYBB8O0k8Ldj0hw==
  39 | 12fHAgOxlxTpryIUbz+F8Q==
  40 | 1AvVhdsgUs0FSA3SDFAdag==
  41 | 1CI56vLMJzmliETlqMVf+A==
  42 | 1LGmqbv4LV+JGbDEy48kDA==
  43 | 1QWLxg+NYmxraMoxAXu/Iw==
  44 | 1V3vxLUapbDLCXn18sXjJA==
  45 | 1XErOMoWXqZqXKKdfKmSyA==
  46 | 1ZRhDKYjjiUsr+dTh+RLSQ==
  47 | 1aO2nAnn8z2EOF3Q16oh1Q==
  48 | 1bzZDJ4csrla1+c7jrVRFg==
  49 | 1tC/xrDYs8ey+sa3emtiYw==
  50 | 25BsmdYwjnfcWmnhAciDDg==
  51 | 271KmY3+KvUh2sBSApKm/Q==
  52 | 2A2V+RFLUs+eTA3Kpr+dag==
  53 | 2AD5qdyUxmuHAPeTjVavtg==
  54 | 2AvVCXsxUs0FSA7SYFjdQg==
  55 | 2AvVhdsgERdsSA3SDFAdag==
  56 | 2AvVhdsgUsOFSA3SDFAdag==
  57 | 2AvVhmFLUs0KTA3Kprsdag==
  58 | 2AvVidsaUSofSA3SDFAdog==
  59 | 2EGezjl919ObkTcLdtSQfA==
  60 | 2K0Ul3Uyf0ISYN4EWJ/KFA==
  61 | 2KrgmHewPOOD74594m2Kaw==
  62 | 2MXfsNLrlhQHdJDGfOU+uQ==
  63 | 2RKhgkEYQ5HuJoopGypdZw==
  64 | 2UZAA672rJ4jGbdeZUCxHw==
  65 | 2cVtiE83c4lIrELJwKGJUw==
  66 | 2itfW92XazYRi5ltW0M2yA==
  67 | 2weDYcR3DPa6nf8Z42d2XQ==
  68 | 35jO+rcK0gVSbiz8EBU/Ng==
  69 | 36+uSbxl5y2IWpTvhJ4TaQ==
  70 | 39aIK53enFDDL5m3YKqOzQ==
  71 | 3AvVhMFLIs0KTA3Kprsdag==
  72 | 3AvVhdAgUs0FSA4SDFAdBg==
  73 | 3AvVhdAgUs1FSA4SDFAdBg==
  74 | 3AvVhmFLUs0KTA3KaTHGFg==
  75 | 3AvVhmFLUs0KTA3Kprsdag==
  76 | 3E92o3ZEfPs1R97EGb0CFQ==
  77 | 3GhvvedFFWwBFoy79XHNNw==
  78 | 3JvYhmBLUs0ETA5Kprsdag==
  79 | 3Op6LjBuEEzTEIxw/ssdrQ==
  80 | 3YZizJpixP/LihPJZuzUeA==
  81 | 3qDVdLawoIr1xFd6ietnsg==
  82 | 3qDVdLawoIr1xFd6ietnwg==
  83 | 3qUg2oom36xN6dEML/+DCA==
  84 | 3qtbwjEqsAAKRNcUsPG6oQ==
  85 | 3rvVhmFLUs0KAT3Kprsdag==
  86 | 3wTQWkiwIkt69WWpuPF05w==
  87 | 3yKGEeoL3UuSheG88Xj0Dw==
  88 | 3zAW7kCci5liNJ+mpMEMYQ==
  89 | 3zB7MxgDvrohItkxzKaXYw==
  90 | 40QGucfe7ezeee7VWsVTyQ==
  91 | 45ZNU2QNlfn2MpMhhIgzWw==
  92 | 47MjsnX27weP77kZ/PYJDQ==
  93 | 4AvVhdsgUs0F563SDFAdag==
  94 | 4AvVhm2LUs0KTA3Kprsdag==
  95 | 4AvVhmFLUs0KTA3KAAAAAA==
  96 | 4AvVhmFLUs0KTA3KprSdAg==
  97 | 4AvVhmFLUs0KTA3Kprsdag==
  98 | 4AvVhmFLUs0KTA3Kprsdcg==
  99 | 4AvVhmFLUs0TTA3Kprsdag==
 100 | 4AvVhmFLUs5KTA1Kprsdag==
 101 | 4AvVhmFLUsOKTA3Kprsdag==
 102 | 4BvVhmFLUs0KTA3Kprsdag==
 103 | 4QarltgBQ/Y3AkDr5Ege4A==
 104 | 4R5dUAiiks37jE89c71K9A==
 105 | 4ULGKcagW9PZi8tkB2kuGw==
 106 | 4WCZSJyqdUQsije93aQIRg==
 107 | 4XLSlSa2QjQ11Oivfg9Mrg==
 108 | 4ctN4etEzkKHlu2YtseiDw==
 109 | 4mV3efu4c8b1FPlTUKGwsg==
 110 | 4rvVhmFLUs0KAT3Kprsdag==
 111 | 4uwHqqrGg7rS3gdvhL3ZZw==
 112 | 4zRMjhBbEYT+o+xapa1Zjw==
 113 | 506RGgcNE31pDjwlWDiwxA==
 114 | 54bzYW9QWJvnaHtphT6Eow==
 115 | 54mW1bYsq9A5UU1hhanXtA==
 116 | 56JhCmN0cpkT9M+OmgtcsA==
 117 | 56NW7+Za661wp5ppefIOqA==
 118 | 57yx2QDYQeRH4mLhJRALVw==
 119 | 59fN/AcWCzQHJaolntHsmA==
 120 | 5AvVhCsgUs0FSA3SDFAdag==
 121 | 5AvVhmFLUS0ATA4Kprsdag==
 122 | 5AvVhmFLUs0KTA3Kprsdag==
 123 | 5CtfxSr4VezPKEPq6yOa9Q==
 124 | 5FFlaVMw4+7zCOhvIw3uuQ==
 125 | 5Iwm76a/AvJM1J9RkNUmGQ==
 126 | 5J7bIJIV0LQSN3c9LPitBQ==
 127 | 5K2d4Q1PwnGUB6GVO8QOMA==
 128 | 5KvT9MLa0ymIoLgh3RKexw==
 129 | 5Nh9k0+fZfeKSx5j0ucxIA==
 130 | 5P/GjvgJghEDSo4kEtrssA==
 131 | 5QhsHiHWqcq1XUzACwCi3A==
 132 | 5RC7uBZLkByfFfJm22q/Zw==
 133 | 5WWE+MoCJ6j2r7OlAmDrqw==
 134 | 5WkLnbfXx7Cy1/ofLnt9Ew==
 135 | 5aaC5qKm5oqA5pyvAAAAAA==
 136 | 5hUx1oXMN3mbn/gLgidUaw==
 137 | 5mW+3H9iaABI9+jnnKtWPQ==
 138 | 5oiR5piv5p2h5ZK46bG8IQ==
 139 | 5rPhukmqC4KAa6T88uTp6Q==
 140 | 5wasyUGKKm3aiseLvFmmYg==
 141 | 5xTa/RH7CcBf5Y/n4U0lkQ==
 142 | 6+8FnOFjYxzh/1J8R7WEhA==
 143 | 6/69OoWKWL+zcTiIG8WTag==
 144 | 66InzvlSOqPwXSjtZ5Ev9g==
 145 | 66v1O8keKNV3TTcGPK1wzg==
 146 | 6AvVhmFLUs0KTA3Kprsdag==
 147 | 6CriZafvxrM7Wmv8B7m5Kw==
 148 | 6IxMUkxgl0GY7FeHXRkvBA==
 149 | 6MFZ3yw1i3EyCEnjFTvzpg==
 150 | 6NfXkC7YVCV5DASIrEm1Rg==
 151 | 6NmINZLmvrFkEP2Oo0gTrA==
 152 | 6SOZM51g46dAJrWVrWJEjA==
 153 | 6TmQChE+a/TsZouL/9IV0A==
 154 | 6WD3jm9uiwdH7y5aI3f6NQ==
 155 | 6Zm+6I2j5Y+R5aS+5ZOlAA==
 156 | 6ZmI6I2j3Y+R1aSn5BOlAA==
 157 | 6ZmI6I2j5Y+R5aSn5ZOlAA==
 158 | 6bNrn06EaUqB3JJTLKPf6w==
 159 | 6f67ztlb3iuKi3Ln8OeDlg==
 160 | 6pcKolcRorUvxww+6aeTMQ==
 161 | 6pxCDD2lP8HhJrBR1asM3g==
 162 | 6r7NmGlHDcGA0ftjmsdG2Q==
 163 | 6u59YWBWkNOfu+zuzPc/mQ==
 164 | 6uVbvNtjw6dRuGtDETeMGQ==
 165 | 6xnEN+fJ2uWV+IQWeiKKtA==
 166 | 70ThU0MtA5QhtnqM60QJjA==
 167 | 76CdgbL1fsd3QdJz5HNKDA==
 168 | 7AvVhmFLUs0KTA3Kprsdag==
 169 | 7DJrOYuS2p3L+z6WLqqs0Q==
 170 | 7FydUkX1gjdTmPQ9ZSE7sg==
 171 | 7IuKU0557RkyEorS2LUAjQ==
 172 | 7LUn3ZcI1+OKtJ5OI9NQsQ==
 173 | 7LenMEz3efeQpnHWvMFS8Q==
 174 | 7NQwTajmuBk2B4rx8Iw5sw==
 175 | 7ODxF331OcSD7vTz//85dA==
 176 | 7QoskKccSRLZ+fTUQ+BgOA==
 177 | 7d1DulD2qFUJ4bnrqSHqkw==
 178 | 7fcwU6Fl8hNv2dI8MpNrlA==
 179 | 7luZOFja9b2dwX7s3CsldQ==
 180 | 7oIedR6b/cUAWJ5tCYlpJQ==
 181 | 7uydkPcjDmOySt8Fwvh8Fw==
 182 | 7xBkbDnTEnnj9+PyPN16BQ==
 183 | 81+PQ+WCHCTgbJIorsoySQ==
 184 | 81L1R6OF61F5B4mmJT3WTA==
 185 | 84CeAUF8LDZTuMpje6HRRA==
 186 | 89z+V4VHNasXcSF0JbRz0g==
 187 | 8AlVlFcCZX6xA0abrwb+hw==
 188 | 8AvVhdsgUs0FSA3SDFAdag==
 189 | 8AvVhmFLUs0KTA3Kprsdag==
 190 | 8BvVhmFLUs0KTA3Kprsdag==
 191 | 8CSl6x7/t7E08vA0uMZ5kA==
 192 | 8CkBXbUTWeXee9Vzcqlg3w==
 193 | 8Fpr+G1IF1cu+6XYwBdxgA==
 194 | 8HNs+8eZa1QfOdRKJlqyKQ==
 195 | 8OKKa+EfTWoKns5bRrcpkA==
 196 | 8SeVV6PJzHOSaawIZ2vJLA==
 197 | 8akOWHPKV6jLtRxI11O1gg==
 198 | 8fafybmSRtH/YtbKk3oukg==
 199 | 8nAEOthu2VW8pX4t7dNynA==
 200 | 8qrWMvAJv3hZsFS7ut27SA==
 201 | 8tQXCdV6Kkshe/XeZGcf6A==
 202 | 8uYiuo/Q76TXOnUR/nWH9A==
 203 | 9/nEKy7bGL/5B5ryscPZJQ==
 204 | 91JUbSrN9zppguzYK8l+iw==
 205 | 91kA/WSY7jsTP7oPMCQImg==
 206 | 94+fXLQOpTc44EXoL7yZXg==
 207 | 96CYtleV6nPjdUG4sdvxnw==
 208 | 96a6bapQxRWq+1iATSDXIA==
 209 | 98+IcWx3VSz+C82jRHVFAA==
 210 | 9A9+odXk/OQh+P8r+0SyYg==
 211 | 9AVvhnFLuS3KTV8KprsdAg==
 212 | 9AvVhmFLUs0KTA3Kprsdag==
 213 | 9CJsxvcfyFF1ea9Nm8rOpA==
 214 | 9FvVhtFLUs0KnA3Kprsdyg==
 215 | 9LD7f2zlv0br0NELwDVo/w==
 216 | 9SHPULSj2D2sDRDfB0WLyw==
 217 | 9VEyZK+wi+YVIxJUst2yiQ==
 218 | 9b6N1D3gWQua6p3PbF9mlA==
 219 | 9lXVT+jfNirJb4xBFpMlJw==
 220 | 9necoTkYoVNqFiLb9SWNFA==
 221 | 9ngB38tCjOcSiXIK52dpNw==
 222 | 9q0l/tVbLsQNz8ELHqn3+A==
 223 | 9x0ajtN4AG5cfRoVcvTTCA==
 224 | A+kWR7o9O0/G/W6aOGesRA==
 225 | A7UzJgh1+EWj5oBFi+mSgw==
 226 | ABebf9rEp3kGz5L0U/MwQA==
 227 | ACXqe6jeAu5c4Jmrjj/8UQ==
 228 | AF05JAuyuEB1ouJQ9Y9Phg==
 229 | AH5e0F0OlmWEaLhb9rFu6Q==
 230 | AQi46zCIJqTFFRtd3h00Og==
 231 | AR+rqjnfvayHngqD6KH/hw==
 232 | ARW/+Vuvws9XL6p0/PwGDQ==
 233 | AVDaCiHISmZ8HlwohDCnlw==
 234 | Ad0izFDaWb8kEsNT8gD+sQ==
 235 | Al4cA7Q7LZNNjD8MfLPuOQ==
 236 | Arj8HTsTMtMtV2+3joLIvA==
 237 | AsSSSuoeryMETDBS+JeWQw==
 238 | AsfUOJrxzKst49ZRM72RGQ==
 239 | AsfawfsdfaAasdWWAAAAAA==
 240 | AtVmYtrgbPsGPzk6pNqoVQ==
 241 | AuDOjmBLAoWr9ydc+HZT7g==
 242 | AztiX2RUqhc7dhOzl1Mj8Q==
 243 | B00eEFv3nbb8G46kw3R5Ew==
 244 | B2AcUkKclzANdhqg8SbahA==
 245 | B2WG5sN+1FnszplfF7FJvQ==
 246 | B5H/R1ayOULCFTrbzGYzqQ==
 247 | B6IoTgxz1ymZ4msBGX7vHw==
 248 | B9rPF8FHhxKJZ9k63ik7kQ==
 249 | B9utzLRfZgD5fRabm5MHhg==
 250 | BCABPaHfhaRYh80JgD3Tkw==
 251 | BHogItrxbd3zQKap1B+zJg==
 252 | BQNT1Qi+4SMtH3nrasirnQ==
 253 | BT1xocbnsXuFFDkVaX+2gw==
 254 | BTnBn6pWqjv4eWrxbRWICA==
 255 | Bf6qJMKJMgvaNvPFrod8ZQ==
 256 | Bf7MfkNR0axGGptozrebag==
 257 | Bj+obVPo1xoECMq9q0FBug==
 258 | BofqRUXsBOJMEHWHnooaAw==
 259 | Bp0kdoLPijHN7Z/YLXoUsA==
 260 | Bqq480BcDCPJYTY1Mtm+Yg==
 261 | BvKsZXD9gpUAyEIGgyWCFQ==
 262 | C3VOK0pkmt9AF0vT85sGig==
 263 | CHxbWpgeuzcDFfNf+oRC+A==
 264 | CI4JLF3sOmIY/pmR3PVFag==
 265 | CVdjRwPp636UqAaw0KWMVA==
 266 | CYz2cvPF2n0qAiS+PPjefg==
 267 | CZffrYmHS8H6yTQQcBesTA==
 268 | Cdsh7NssSv3NLSZKmpNTgA==
 269 | CepKkLWZBFk/sHrBzxeSow==
 270 | Cg59cnqmatFwMSz+qbG4zQ==
 271 | Ci+T8C76sSWiLmjdoxyNYA==
 272 | Ci7o2yADtl4ZhgWtP/s9cQ==
 273 | Cj6LnKZNLEowAZrdqyH/Ew==
 274 | ClLk69oNcA3m+s0jIMIkpg==
 275 | CnJ+f11AyQCUKtSjgpxlJA==
 276 | CpwhI52rh5BNa8UNC3x6ew==
 277 | D+fiSrlqvpBh+3AlY2ujBA==
 278 | D09Xhs6+JtEDWlQ8s7ih0Q==
 279 | D3oDbyat9VtEdS3T79OKRw==
 280 | D63CNaC3sef9ScZvV1kxhw==
 281 | DD9te+cdvK5S8B5htjDmGw==
 282 | DGNT1t5Dn+dTTs31cJsDVA==
 283 | DUvfdXs4/5yz8tEu1BI7Ow==
 284 | DgPemaJsujPrXpzIMM4eJQ==
 285 | E+zfSTQJvHdd4MNSurg4ow==
 286 | E5TOqDt5uXY1RqR05f+vLw==
 287 | E6LZ+dwbsEvciq8EHNnIbw==
 288 | EBZj/MEBCYGaLRn2LoJmyw==
 289 | EDVG9+H0vi6vxWSe4N47pw==
 290 | EG6TNEu0UUYehyuWz4SymQ==
 291 | EPU2xnpxf4t5wnij0pJN7A==
 292 | ERk7EUiipu4wAO+/dkbePQ==
 293 | EhjRZM/BquF0CMpmGMRQYA==
 294 | EnNWD1sCImjA5JEg9s2I6Q==
 295 | F5NLv0wSCwxMpX2O3lQJBA==
 296 | FJoQCiz0z5XWz2N2LyxNww==
 297 | FL9HL9Yu5bVUJ0PDU1ySvg==
 298 | FP7qKJzdJOGkzoQzo2wTmA==
 299 | FQJvuXFs29R4xPVcq21Crg==
 300 | FS1mG0SjNWryfLuF4CpldQ==
 301 | FZRmnBoagm3fd6KuQTxU5w==
 302 | FdgZS4YBMSo5qfmrdnS8lg==
 303 | FfxOka+7tOIMl5jDgw1e9w==
 304 | Fic3KTUApmDjB2fIE0WvNg==
 305 | Fl25bNmwQh4j7GeMK2efUA==
 306 | FqabmM6CHHMobnPTQsZZXA==
 307 | FtXsj0LX/K+O9ZEoXS6VDg==
 308 | FyAvWSGAmOKRjRcGrQ5wmg==
 309 | G23qP/ZWlNSh3ho3VI6h3w==
 310 | G7gu2rS0ti8wW3HbNBKXZg==
 311 | GA8r35xmXeyh6fntBUAPcA==
 312 | GAevYnznvgNCURavBhCr1w==
 313 | GC2Qbmz3w+xyRrFdWbEbDg==
 314 | GHxH6G3LFh8Zb3NwoRgfFA==
 315 | GMHdvOaNg6/+Rm/LCXJIVA==
 316 | GNmlTRjPBVP9R0DA69Wz9Q==
 317 | GQe6mCeMc6Z6lTdDl0gzHA==
 318 | GUzjOfbzs4Pxgv9yMhM6uw==
 319 | GVhzw6evfca7HinTMw8H4A==
 320 | GWUPbYlvA6ntxk7G2dJt/w==
 321 | GhgV7Q0vrU3nL8MtuvsPZw==
 322 | GhrF5zLfq1Dtadd1jlohhA==
 323 | GjgJtMHoO6H3Yb2mlc6sfw==
 324 | GktHuaZChQVuhPOC/b8gxw==
 325 | Gnnwwcw0hMSixl7UEE6vtw==
 326 | GoJtb6K+ThrWTBo3uj9fOA==
 327 | Gr91/byFEX7yJiXsugvpZA==
 328 | GsHaWo4m1eNbE0kNSMULhg==
 329 | GwG/LnKAvJ5P2Tlffch7IA==
 330 | GwNhy9r9baHSg9GTsWY4xQ==
 331 | GwbPFPPTDzQbD3avoy/89w==
 332 | H2hP6SbXIPHw9s0BUYO2hw==
 333 | H2vgvlCbySrIRPQnBlq+Hg==
 334 | H5rAGk0B2NVcTHmemLIkIw==
 335 | H8RAzkCYRh3cy3zL8QhaSA==
 336 | HB9pyD0YqDBSJcPS9DQlLA==
 337 | HCtEf5+VR8PoPYfG3I45gw==
 338 | HJmdUrUp6Dsg2VO2v3wv7Q==
 339 | HKTWOjXfR4PfOFgHvakpKg==
 340 | HKvm9qPVsM394X3BK7OD7w==
 341 | HOlg7NHb9potm0n5s4ic0Q==
 342 | HQnwADAtXsklOnnLhT5c8g==
 343 | HTTt7RactY9TjDlAAQKNIw==
 344 | HWrBltGvEZc14h9VpMvZWw==
 345 | HakO9RtH16R/oxtza+1r7A==
 346 | HeUZ/LvgkO7nsa18ZyVxWQ==
 347 | HfudR3B+9yfBPpBb9qEwVQ==
 348 | HmCe4n6s/yDUpnw3MAkbnQ==
 349 | HnmlHLiaGc0fGlX4rY+3Ug==
 350 | HoTP07fJPKIRLOWoVXmv+Q==
 351 | HpQB6bO2nmXIyClT4TXd4Q==
 352 | Hqka1tCvGUaG7DqNi6iQEg==
 353 | Hsk1KiQuzcE1qQQ+yt5SPw==
 354 | HtcGODlIJO+EU/IlNhzwNA==
 355 | HuMVTKK8CWjl4zPJ++re0g==
 356 | ICOQvn4XG/VfztJDxcPeIQ==
 357 | IGTEAvdZho8k52R/9fSvfA==
 358 | IJH4eIwPTn9riG+kC8vvaA==
 359 | IK+XIvVt8mcnLomtmaUddQ==
 360 | IOTtqu6ruHH7Dwv887GqUA==
 361 | ISb4dFqbnEntvolNd4NXIg==
 362 | IUz/ZnUDrZ2Sd5tS6jiFyQ==
 363 | IbnjfjpwZGAFbb6jr08KHw==
 364 | Ibqk/JyDwMKR7AMexfI3bg==
 365 | IduElDUpDDXE677ZkhhKnQ==
 366 | IeN7S0UuVdlYLTfxp3dGmQ==
 367 | IieDwWqCrK5w+kaOYM83iQ==
 368 | IrdpwVyBWTJcOXDlM6bD0g==
 369 | Is9zJ3pzNh2cgTHB4ua3+Q==
 370 | IsFmYBh8HFuCDyVuSz2J8w==
 371 | J05wXq6OZdx4qP4W6E0brQ==
 372 | J0wJ0IY9wLhnrqLJJY0Xxw==
 373 | J5qov1aNWvnbT+bg5qbUcQ==
 374 | J7fzrVRGqPR3TsPJQfNhYg==
 375 | J9li7axRRNFmi0/NWTm/aA==
 376 | JG+oiT9hyF/8sxvD9c+uMQ==
 377 | JUQroIlwRjbp/ayECZ8mAA==
 378 | JVH0vTfud4g78iIn1jGOhg==
 379 | JWIaCZ/XD+hgs/EnmzgRYg==
 380 | JaUcb0PkikD4jeBJQs7WNw==
 381 | JdQE7pR+n7/2bpT4A6SeiA==
 382 | JntwRsOntrfK7HRY6je2Yw==
 383 | JoZGvnrazEPs+ThAcu67Vg==
 384 | JoriZ92/TAxFIPDKnNHcSw==
 385 | Jpf353cUQOTyvJT3ufTZBw==
 386 | Jt3C93kMR9D5e8QzwfsiMw==
 387 | K665w7XaxOUZsaONGbzO1Q==
 388 | K7TEBIz7Q7O3tiQ5U5d46A==
 389 | K9ItaCS/4HJTBW1FNqQB3g==
 390 | KBYIFuRTI1gviPNCJhDXCA==
 391 | KJCgLeHak3CmvUP5QBRV4A==
 392 | KSxv9OLp4iF4aX2HZqel4g==
 393 | KU471rVNQ6k7PQL4SqxgJg==
 394 | KWXVjpMavntfCIUpbbX/OA==
 395 | KZG0Ue47twPiuRvNely0EA==
 396 | KdXgwmJcB7CehJB6mICIKQ==
 397 | KgNyRsw7JRTUeJhEQHpA1A==
 398 | KgolQkTcu2WareAMWVronA==
 399 | KveZnXN53Pchgs8QkC/zbA==
 400 | L7RioUULEFhRyxM7a2R/Yg==
 401 | L9QRwKaBssh6blQU5Z1YPw==
 402 | LArS/GIWtU7VktgBDRGm7A==
 403 | LEGENDCAMPUSCIPHERKEAA==
 404 | LM3MaY6AGdl1MSP5uwDTLg==
 405 | LOuvBu4FKfAftfWGUovwSg==
 406 | LS7L9CQYElDW1GNdIdtV6Q==
 407 | LVu5DyL+1BiLB0Rn+XwVwQ==
 408 | LWBCN1m+fEPbsax+wAIQzg==
 409 | LXuxZLoht0UUJVggFYRMmw==
 410 | LYtvmjyAB5akv6VkXauT2A==
 411 | LZt/pGlYTStcpZXHLJNCKg==
 412 | LlZj+OtiQKEra7Cajp4hrA==
 413 | LsDRpr15c8LYDXGdLjigGA==
 414 | Lt5OgHNXQdoAkjQd5X0avw==
 415 | LwZym2fyTFuX4VwAeTAeMw==
 416 | LzCln9AJWUlyR3sh51hhaA==
 417 | LzRy+OaLfWTFfuJNiX8yRw==
 418 | M2djA70UBBUPDibGZBRvrA==
 419 | MCtps3P1EXznEtCViWO1Jg==
 420 | MCy2MabsZQOFdCC+hxkY4Q==
 421 | MPdCMZ9urzEA50JDlDYYDg==
 422 | MPf4a3V38X1OTIHuyVmdAA==
 423 | MScVTVaaOXtDMCMdVe+YAw==
 424 | MTIzNDU2Nzg5MGFiY2RlZg==
 425 | MTIzNDU2NzgxMjM0NTY3OA==
 426 | MUuCpWhlDR0RVRpcZJ8vdQ==
 427 | Mc7UHlco4o+U4WE/yhS+Lg==
 428 | McrNcVVhWKRwWWMPQrRaQw==
 429 | McvKftJgY13mJB76o2dAGg==
 430 | MgFNk1sAvrjSvWHnIHRphA==
 431 | Mk9GW4++ZtULSDvgAlQhlw==
 432 | MwCx6THVCcpoUZZUtHLjLQ==
 433 | MzVeSkYyWTI2OFVLZjRzZg==
 434 | N3gBjXv3lnoV7UfInsymkQ==
 435 | N6tNNUpqAcT742q7kKJw7A==
 436 | NGk/3cQ6F5/UNPRh8LpMIg==
 437 | NGuSH5SlOyyL4Q4F8dinlw==
 438 | NIMDWM65xOyzKR1J75EztA==
 439 | NJ6dfAxm8crlUZpjPD4F3w==
 440 | NNm9hUSxnnPdmOx1a82Snw==
 441 | NRQ20AY950S1RyVuwX6k4A==
 442 | NU7b2jYbAb9n8W//X9aFdA==
 443 | NUaHEJFLG/Hz0zJElk7kIw==
 444 | NXR5UB3ar94z0AfLnUjikg==
 445 | NoIw91X9GSiCrLCF03ZGZw==
 446 | NqIFHQHosax9bZyVpeMgHA==
 447 | NrO8cyhbV/8p2ZwlhNYT7w==
 448 | NsZXjXVklWPZwOfkvk6kUA==
 449 | NuNKv8aDZzwmTZtFjx0Ybg==
 450 | NxA4AFYn1rVjPARKiQTBjA==
 451 | O/s7kkmJQAgnu/B6/5iq9Q==
 452 | O0s6r++mThjoABu+9YyrSg==
 453 | O4pdf+7e+mZe8NyxMTPJmQ==
 454 | O4qOHpCKb9EZpxMyuqNq8w==
 455 | OCSjJxTz18w0eUQMNfYWkA==
 456 | OGGtVzn1VVRb/l2J3aTf0Q==
 457 | OIg8ifwr4qul6Ht5PZeYww==
 458 | OIoWVg1ZDsnDJfTZLskjKg==
 459 | OUHYQzxQ/W9e/UjiAGu6rg==
 460 | OXfqK7nqbtEFfbxQddmNDQ==
 461 | OY//C4rhfwNxCQAQCrQQ1Q==
 462 | OdhyUSBd4lurJ2/JEGCU1A==
 463 | OjeC9QQHRVN0+MPOF1kMhA==
 464 | Onv+PU0mQjvO/PQla2JPlQ==
 465 | OqSwQK7xzZl7VzFq+2bwwA==
 466 | Ozu1yBye3V/dsZ+S4E4AXQ==
 467 | P1L2k9rNacua96TVsmS+BQ==
 468 | P5K0IrkGictESx6SSeidSg==
 469 | PChiLKgfS/i989iEsBc06A==
 470 | PDnfnlU81E16yAGcyHiGtw==
 471 | PHRUV3dibrU+hQ8Cblm9Pg==
 472 | PS4RoDyNohRdvNauE/0/Qw==
 473 | PWgjPzOMKIDrKUHIF+wgww==
 474 | Pav4cfRrpd+aN36C5cmabg==
 475 | PbkLE1WBd83eXS955dR/Xg==
 476 | PrOTh4LmDqa3qVMHfrmG0A==
 477 | PsPCJeY6dvBKyzaK9rLKiw==
 478 | Pv3LoFikgoGdN5zrUUCdsg==
 479 | PvwBYyuXCXcc8m+Ne5Mj8g==
 480 | PxnmBMJh+fanAvJS2LOVcA==
 481 | Q01TX0JGTFlLRVlfMjAxOQ==
 482 | Q55MvauAArwaGIyOEDRwvw==
 483 | QAcfQFxDiWFLsChHJfTAkg==
 484 | QAk0rp8sG0uJC4Ke2baYNA==
 485 | QDFCnfkLUs0KTA3Kprsdag==
 486 | QF5HMyZAWDZYRyFnSGhTdQ==
 487 | QGBviBCC1FKdB+8IQSJjpQ==
 488 | QJDzFhmaviegEwiWOl7oVA==
 489 | QN05couJazlmQIbbANls6A==
 490 | QNt+bkknL6MX5wgoQDEg5g==
 491 | QR3ecdiAfKWJFeNDTyGJ8w==
 492 | QSYtsmm+U98Ope124BG5WQ==
 493 | QUTkR0qMhihYTe6OgrsAng==
 494 | QUxQSEFNWVNPRlRCVUlMRA==
 495 | QVN1bm5uJ3MgU3Vuc2l0ZQ==
 496 | Qa8X00xRi8gO3soRG+VtNQ==
 497 | QeCRRyBe/lpH53tT3QTU4w==
 498 | QifiFQ4pT6BfxVjTujrZ2A==
 499 | Qk/vRpkxuH2CxLHeIMhQ0w==
 500 | QmaWPJvpPlu0HMrl4Sa3Jg==
 501 | Qs/XjULTiF7iGCoqZWn4Cg==
 502 | Qtk3Y8nJw09N0dAiUz1oMQ==
 503 | QufC6eTREtF8Gs+VaB48kw==
 504 | QwiuqDdi8+QBXr3Zzs/qng==
 505 | R1ETlOnQCoVMT0saIqJRzw==
 506 | R1XEDe90giZdBpkZ0j02zA==
 507 | R29yZG9uV2ViAAAAAAAAAA==
 508 | R2lwhEFqOaLj8Tu5x2U6YQ==
 509 | R84S4DwfZAg4hSd8qk03Vg==
 510 | R9Jr160gRUMN0F41OoZ6vw==
 511 | RECjHlkxJs1tbXNphGz8kg==
 512 | RJkr27V510c1ffmtGqJfIQ==
 513 | ROspGQOkOfQsAQIsP6iCQA==
 514 | RQI83/FvHlgQmLU+R1QTwg==
 515 | RQinuUPlV14PhWCvUsQctQ==
 516 | RR42z6mz9If5NI8YSgrMFw==
 517 | RUBuUYx7G0ofN6T7exO6fA==
 518 | RVZBTk5JR0hUTFlfV0FPVQ==
 519 | RYqWA045R3If9Fi+sd+n6w==
 520 | RZcaWoOLv0e7V7hPmrcOAg==
 521 | Rb5RN+LofDWJlzWAwsXzxg==
 522 | Rex83buusTWQixSAkIy8ow==
 523 | RfRcjCa7c8Jx0eNHGKgMbQ==
 524 | RhDyhiJOSBOT0QKC2oW73g==
 525 | Ru63HIe+326keGJ04zAY/g==
 526 | Rul5yXP/rUjRzmVe+YsVkQ==
 527 | RyP2NjoBcNVExq2HHnR97Q==
 528 | Rz9jyXi4HKvOAuScMshMSw==
 529 | S2XfX78OnaeuWbRWpdb6vQ==
 530 | S2iA0C9U6RsRm0/dAA6CBQ==
 531 | S8+74LJR9whLdemqJbJeeA==
 532 | S9vRYdD01UjsAZD81PygOA==
 533 | SDKOLKn2J1j/2BHjeZwAoQ==
 534 | SLtVBe8b7HniWCGZw2h79A==
 535 | SN9GhcCmD65CE/4y1gEgxQ==
 536 | SkZpbmFsQmxhZGUAAAAAAA==
 537 | SrpFBcVD89eTQ2icOD0TMg==
 538 | StAdjLXZ6K4Aq2IVjv7h/w==
 539 | Stb6CLMggIVDD+utiBfSMg==
 540 | SvNlwDv6jDEpifibc438YQ==
 541 | Sx13QlxYD7CZ2CY33sI6Kw==
 542 | T0OqmtenQU0+8m+zLGfUag==
 543 | T2hUcgl4mjv2LfjEkwgLiQ==
 544 | T36Ns+kDpv9nCPAyxq3pXA==
 545 | T3xJ2lsxluHCPS1cEHkQng==
 546 | TBj5kkafTZt2EV8Nqq+qsg==
 547 | TCURyI0rypPD3Yvt8EZR2Q==
 548 | TEAp6kn+p3ZWVSO61Tsh6A==
 549 | TGMPe7lGO/Gbr38QiJu1/w==
 550 | TH6/hBjzhGD3tNQeMVgMwA==
 551 | TPSJxALhvJH5h6GWIpKlTA==
 552 | TRplDSQjxQ71LR8v6p4HDg==
 553 | TSXh3fsPdz0MRqRpMQbMHg==
 554 | TV6j4/LDRVmhb6SMpbqAcA==
 555 | TamvlItBsA+f4xMtHyt26A==
 556 | TbF3Wlqiak86TWTFWz72YA==
 557 | TiWYf2RP/hj51RzvyUklEQ==
 558 | Tll912eb/Ye7a+Ca65tzwg==
 559 | Tn9PDhLfiMYpIB3RTtLclg==
 560 | Tngu4BIn4K03RjChLuwcBw==
 561 | To7HW3huIozfHYZR98I5zA==
 562 | Trx5hWvCLS9gY+zzTvp0qA==
 563 | U0hGX2d1bnMAAAAAAAAAAA==
 564 | U3BAbW5nQmxhZGUAAAAAAA==
 565 | U3ByaW5nQmxhZGUAAAAAAA==
 566 | U3eqmQoJmHvO2eglQYVoKA==
 567 | U6PCPQHtbp0TySTBdtB1DA==
 568 | UGlzMjAxNiVLeUVlXiEjLw==
 569 | UPm7OwQEekOJ7B8WjO3opQ==
 570 | UXW20JH+CfPiU1NBG9XDRA==
 571 | UYfyM9Rhmh4bYziROef7KA==
 572 | UdyNOVKCnjO5NBxPYirKKA==
 573 | Ujp/8ZaruI9N4HCZ4e4hzg==
 574 | Ul7XhPoIX91QMWVIFfzudg==
 575 | Us0KvVhTeasAm43KFLAeng==
 576 | Uv2ERjG9dVBJ2+wEsaQaUQ==
 577 | Uxsu+ftrZfKpmXUmzbnQGA==
 578 | V+M4bC5sx3ZujbTQa9dOlw==
 579 | V2VcUIehNHUfPXd3fyR8RA==
 580 | V2hhdCBUaGUgSGVsbAAAAA==
 581 | V5H557QELRS5ZdxkQvYgmg==
 582 | VGEP8rLf4iEgsYwhMvG0tA==
 583 | VOk7ViwSydf4EY6ruA9zZQ==
 584 | VYVv6CRQ+lyOHYh7Zv2yLQ==
 585 | VYmjVEPAOVpVU58x9y3pWA==
 586 | ViWSuUQW1f7M681eKFGyfg==
 587 | VwV3YhoaaM2MVN9JdN9Tpg==
 588 | VyGe72rPOaK87G+ABjUCZA==
 589 | VymUjZsjvzaxP+XkdI+UWQ==
 590 | VzZfnAjTpZn5CRQdTQd6jA==
 591 | W1VlVuC+Zft4x7GkTDG+0A==
 592 | WAnqMvPwKUlvxyfxXYEx9g==
 593 | WC0BEFAUEHU9wvlSp/jpcg==
 594 | WJVwhXfbQSJWV0Xrha2TBQ==
 595 | WR9dNEpyg6/oeald+iIvVA==
 596 | WTIgNZczYyTh6LOKIGHluA==
 597 | WTUQ/xPWjsJGNnBFR11IBg==
 598 | WTZ0ThY0n8hQ9/uPqFZcjg==
 599 | WTnZdWfs5ql7uG2qdbqGtA==
 600 | WVAqIEVQ4/aYx/4z9x1Wnw==
 601 | WVUmoMW1RXIaDueFkKz/cA==
 602 | WVV0HDL3HJGuhMzDnoVWWQ==
 603 | WXXBlwQDwNxQpr35T6JkTw==
 604 | WcfHGU25gNnTxTlmJMeSpw==
 605 | Wf2BaXQtRBmcCYWmP9mlhg==
 606 | WfbEgXvtHv8PTUo2iTi1yw==
 607 | Wj/xOkEHAvWElm0OIvsmnQ==
 608 | WkhBTkdYSUFPSEVJX0NBVA==
 609 | Wo+Qdn0ohO8H3LGZadDpSw==
 610 | Wr7T8+IV/oaj85gusB6yfg==
 611 | WuB+y2gcHRnY2Lg9+Aqmqg==
 612 | WvpoI7I8CE0Qf8cKY0XXLg==
 613 | Wwe2QiNrUiBxohsBBRzBbw==
 614 | X1oOTCNiVGCBoMIp30lINw==
 615 | XCH4v4mcDPfcV4lHNqmLWQ==
 616 | XNC9wey7BKls4AvHjGEJvg==
 617 | XSwGPFV7+xTL8SxlT+dQzw==
 618 | XT1HgOPKkd+k8CToofgHDQ==
 619 | XTx6CKLo/SdSgub+OPHSrw==
 620 | XZZD8h/KnmLUJUnztOlpng==
 621 | Xa2BUoemidT4qx27x+6FHw==
 622 | XaOn+SYPn14Qk6OWpRBW1Q==
 623 | XgGkgqGqYrix9lI6vxcrRw==
 624 | Xhsf4Iij4Y3XCX+AHr4vJg==
 625 | XqfUzRIKXyB5S/tHBlRxIQ==
 626 | XqqKUNwXqMB7Fy5OB7S64g==
 627 | XzEhaOMqe7ah+lCTFgei5g==
 628 | XzmxkJjmitZBhShr3+QxOw==
 629 | Y1JxNSPXVwMkyvES/kJGeQ==
 630 | Y21iYwAAAAAAAAAAAAAAAA==
 631 | Y8heN9Dsic+soMb6+1/IEg==
 632 | YBon/+xYTgZ/V3jn0mqcBw==
 633 | YFYCR5ogsM13QQjTfXg9Lw==
 634 | YFtvi8pacvsKGqsnySW0rQ==
 635 | YI1+nBV//m7ELrIyDHm6DQ==
 636 | YJ1osyFBJ9KlYJXyKFjGKw==
 637 | YNz8npzB1DPbyr6ktmLlYA==
 638 | YOjL5Ae89pXtJenE+3tD/A==
 639 | YTu9ac2+EmKbFBb9WXR+cQ==
 640 | YWJjZGRjYmFhYmNkZGNiYQ==
 641 | YWdlbnRAZG1AMjAxOHN3Zg==
 642 | Ya3RwFngzwgROfilIVTgLg==
 643 | YjH56meM6FzqdHgbiQJz/w==
 644 | YkDdlpQqGijjB5pdXvnPXg==
 645 | Ymx1ZXdoYWxlAAAAAAAAAA==
 646 | YnlhdnMAAAAAAAAAAAAAAA==
 647 | YuHIWYgtrZ1n1RkWEleWhg==
 648 | YydX5W3QfJ/VIwSooW/big==
 649 | YystomRZLMUjiK0Q1+LFdw==
 650 | YzF8FyUaopfPPsCLvl/KCA==
 651 | Z1RXPL02N+hf9ezDEmFzyA==
 652 | Z3VucwAAAAAAAAAAAAAAAA==
 653 | Z3VucwACAOVAKALACAADSA==
 654 | Z47VLi9XSPDQIKTqmOtqzg==
 655 | ZA2b6VFa0idJrmz0meeLTg==
 656 | ZAvph3dsQs0FSL3SDFAdag==
 657 | ZGFPfewPRhnGSoN2IwiIjg==
 658 | ZHazuuhUgPuWkp/5IsE5hQ==
 659 | ZKDGFZNxzvRaNPqsX+/B7w==
 660 | ZOZR+uu8NCzBnK2x2dFtbw==
 661 | ZRndFxNm3OI8tMaRBl6RLQ==
 662 | ZUdsaGJuSmxibVI2ZHc9PQ==
 663 | ZWvohmPdUsAWTwAApPqdAA==
 664 | ZgH3tx9R6C7Boxp4j2e5Ag==
 665 | ZjQyMTJiNTJhZGZmYjFjMQ==
 666 | ZmFsYWRvLnh5ei5zaGlybw==
 667 | ZmxvZ19zaGlyb19rZXkAAA==
 668 | ZnJlc2h6Y24xMjM0NTY3OA==
 669 | Zoj4siv/qhoi6cC4gekvow==
 670 | ZsxdsTMaLxJ59nnKQU2laQ==
 671 | Zzeywn7eyBUvpElPBvsOdQ==
 672 | a+6/WRxnu40k9IP59VQHIA==
 673 | a0NntqdlxrH8o+eu2TBoHw==
 674 | a2D3arFI+Z1aVR1iwf0ZxQ==
 675 | a2LzSKulwiQlE12iHJ34zw==
 676 | a2VlcE9uR29pbmdBbmRGaQ==
 677 | a3dvbmcAAAAAAAAAAAAAAA==
 678 | a6QMaUFTtwTmfflVJt+vTg==
 679 | a8kfG7yj4MaAXssKGRVZ2w==
 680 | aG91c2Vob3VzZWhvdXNlMg==
 681 | aHkHNxVf+9pIjR55STWceg==
 682 | aQuXh+m9soqTSBg58e56yg==
 683 | aRAymGzlmTzq7XaOV9i6NQ==
 684 | aSIPlKD8PmbfiroG7da4+Q==
 685 | aU1pcmFjbGVpTWlyYWNsZQ==
 686 | aWV0FeLDDwgn/lHh8QjTWA==
 687 | aXwaLrDY+DnSYjqCrtw20Q==
 688 | abnN7qNyMxHnyUA095KarQ==
 689 | ahXsyYVHYtAtoG0U3AZZ7g==
 690 | ake4Fho0TPLiTc6+Mw+eGw==
 691 | akw6fJ/MXENxwpIh0w4Dvg==
 692 | arnCyNG11LS/XMjF5ckKDw==
 693 | asImMWVQomqFU234+PmaSA==
 694 | atn+sDJtu2lGpKqWAMTBhA==
 695 | ayRW9VUXsAnbPbVStLcITQ==
 696 | b2EAAAAAAAAAAAAAAAAAAA==
 697 | bAs99sjQCdrGkX5Q01bWEw==
 698 | bK+3YbV76eFM/aaxm90AJQ==
 699 | bMNbFN1hD72PqSYpLZWmkQ==
 700 | bNXyFjN46/uG70MIQ17Xxg==
 701 | bQY8T1A6hrHOfQrg0mv7Eg==
 702 | bSqtfpTeQHIOOKKjugqPjg==
 703 | bTyW37jAcYF/fL0/Wu5t0Q==
 704 | bWFveXUtY2hhbgAAAAAAAA==
 705 | bWljcm9zAAAAAAAAAAAAAA==
 706 | bWluZS1hc3NldC1rZXk6QQ==
 707 | bXRvbnMAAAAAAAAAAAAAAA==
 708 | bXdrXl9eNjY2KjA3Z2otPQ==
 709 | bfMPXGDMZwSqpBWfAeXOqQ==
 710 | bk1W0BuO1imKVp/Fx94nAg==
 711 | blyGEQEhBYYVjrzAzP30GQ==
 712 | btQuG8vtGbZsLFZH88e//A==
 713 | bxZQGR7TDAigQizh9lH2JA==
 714 | bya2HkYo57u6fWh5theAWw==
 715 | c+3hFGPjbgzGdrC+MHgoRQ==
 716 | c0qQHzrRa/T8Mf0l6H+90A==
 717 | c2hpcm9fYmF0aXMzMgAAAA==
 718 | c2hvdWtlLXBsdXMuMjAxNg==
 719 | c6Uc0HTa7k4fvkFCkuJITg==
 720 | cGhyYWNrY3RmREUhfiMkZA==
 721 | cGljYXMAAAAAAAAAAAAAAA==
 722 | cHHr+Qpi+Xi3e7VGRugddg==
 723 | cTHiZHEszKKag1lKa+mKvQ==
 724 | caYIJ4PKftngqyIg8+YN9Q==
 725 | cbFPIbyf4mlv02MzHgF2rw==
 726 | clKY0Cx5neyUezjY0SwEuQ==
 727 | clZhrCN1I+VbFCGNsVkEiA==
 728 | cmVtZW1iZXJNZQAAAAAAAA==
 729 | cntMsMivwe4IsnWHA8ojtw==
 730 | cqEY26TR40vtmcgLtzXuEg==
 731 | ctatwWPonT9asCD1Xd9/5A==
 732 | czI1Pc0ajoTUrfmGsCQUjw==
 733 | d+jQ30vufpb5+lUYjT1nYQ==
 734 | d2ViUmVtZW1iZXJNZUtleQ==
 735 | d3LMihVDcI4fwxwocmTEvw==
 736 | d8Hmf7jfowPbnkiefDb+Sw==
 737 | dBdeu+9+OnBBxpGvRPjJ/Q==
 738 | dCOWshdJwFAcf+qLwUe/HA==
 739 | dJOhN2Hz3SB/K08rOWQ07A==
 740 | dKQgJQM/SEXIv3D2U2BLLQ==
 741 | dQs2xTXT3f86W6Ga2xjRTw==
 742 | dSElt4CZVAf7mXQlIQGgdg==
 743 | dhbQJptL7bP3elOzvRoBZA==
 744 | dkwe6n4PPAcRMmZhBG6uAg==
 745 | dsesfswfjn23409isfadAA==
 746 | duvI/5lJBm1p16InaO2IHg==
 747 | dv23QPiv17KhKxPYw+LaqQ==
 748 | dxvOQklgvjWQsaVmVqqDag==
 749 | e+hNRfVOpEuNI0Tz2/Z1zQ==
 750 | e3xEI91uMej9kMVoR3O6cA==
 751 | e8tyr9KH+eQDjYoNe5uISA==
 752 | eDDcywsTQLgD0jv8txgfgA==
 753 | eF49VEaI7nzFubJ/1YMW3Q==
 754 | eIBmReoHnQE8QpezBg96LQ==
 755 | eIbVurGQwMcwBwibhdCStQ==
 756 | eKAtvlkS4Sg0P3WtWq/CFQ==
 757 | eLAPYEnxRxv1y7YmUaMS7Q==
 758 | ePD6C5YhbaRlOxi5IzBiNA==
 759 | eQenOR0MiUdqVp2q6EzVfg==
 760 | eRAI4qw17Gk7TC2e7270fQ==
 761 | eVNnrlql+ozZQvxznwyRwg==
 762 | eXNmAAAAAAAAAAAAAAAAAA==
 763 | eZiC1NLcP3ZF2j4s0/TtVw==
 764 | ecZIaXxIP4GAFlSQJhnM/Q==
 765 | eg4ExfXBIlIqaBsXP+uiKg==
 766 | emRdeAprDZ7u9RmpvuCI6g==
 767 | empodDEyMwAAAAAAAAAAAA==
 768 | enpyX2Nvb2tpZV9rZXkAAA==
 769 | epslfB+UfHbGKJBHxoW5aA==
 770 | eqqH7Afdc/joWJiKqrY9Ng==
 771 | ertVhmFLUs0KTA3Kprsdag==
 772 | esIFhH1i4dluPefLq9YuMQ==
 773 | etVIWI1LRDu5U5Y4rM8MAg==
 774 | f/SY5TIve5WWzT4aQlABJA==
 775 | f16qEEBy1ifeiozjYXU9kA==
 776 | f5KSsKNlnWsAuGQEfTqF9w==
 777 | fAOhaWOz5eVekXl7a0YeKQ==
 778 | fAjy5xG9sDVid3AWBUB0pA==
 779 | fCq+/xW488hMTCD+cmJ3aQ==
 780 | fMAUSJqC/zJOEZOodWvJhw==
 781 | fdCEiK9YvLC668sS43CJ6A==
 782 | fgeqMjT3DZHUqKQCKToWXg==
 783 | fjL4Z8Pswu5nue712ux6Fw==
 784 | fkPzDy46ixPw5E7rtuujew==
 785 | fmwUQnLYgDRIWz5vTdbKRA==
 786 | fsHspZw/92PrS3XrPW+vxw==
 787 | fyky+G+P8/XRX3CFuMe70w==
 788 | g505NhJYIOupAmEjw5ddEw==
 789 | g5ewm7WJc2sUnkDY6SLj5g==
 790 | gDPjdNSA72TtGlY09QYgcg==
 791 | gGVVrU3tHXvKK9AcixHe+A==
 792 | gLGnrqn2l3kYhE1d+rYrbQ==
 793 | gNWb+Qi2C/qF/F1jcWRnhw==
 794 | gUL0C3OU+Q9UgKqp3scoag==
 795 | gWMaJL5DD6zDGn+g8sLEig==
 796 | gXeVotXfQ/3sVgU3QNGu3A==
 797 | gagDOciQ8Vu+zRC2dD2RaA==
 798 | gdsEc/5SDdlZCrhksvq1/w==
 799 | gh/TCYN93/Rimgv02O0OtA==
 800 | gm7XujoeC7Lr5XtlNTg0mg==
 801 | gorTaGLZin0diS0pubIsFw==
 802 | gp32s2iKKrxe3gjx/+Zb+w==
 803 | gscO3vAVprs2KAgKZfLeEQ==
 804 | h/okoqkglVxuGA0iJz5c+w==
 805 | h2q1et6Po90LAKzq3pRwUg==
 806 | h3G6nJ8DogwWJwbJke0BuA==
 807 | hBlzKg78ajaZuTE0VLzDDg==
 808 | hJ5zAP4V5V8QCrtQJ0BdEw==
 809 | hJmIqflinJiougKHjf6/gQ==
 810 | hLeds76xCNsWaT0cDs6z8w==
 811 | hQ4ZfMNvm9QpbUkUZ245Ng==
 812 | hQPaEAp+Uz/lIGTZ4nEnAA==
 813 | hYK4jrzaDud+R73c8OOKew==
 814 | hh2eycp1zprStKiXC8G7Ug==
 815 | hi6igx3kZ3kzKrp2awOxUw==
 816 | hkvPHf5hKr+0bu1NLNvuKw==
 817 | hnQ6/3gOdsxBM/J+TQ+h3g==
 818 | hnZ0xb7t7ATtlqQve94CaA==
 819 | hqFmMAqTUXHmsLvsAaFWOw==
 820 | hydjS5HItmn/8WT8sofTiQ==
 821 | i45FVt72K2kLgvFrJtoZRw==
 822 | i4f61DGtOvM1kup49TdUXw==
 823 | i9a9F0BgCJT5JicwPaH6rw==
 824 | i9grFjucwAtKd153/qIIqg==
 825 | iBmetixJnj3rXIx+NxtKEg==
 826 | iJBpbYLrFFdTVwkegX2zTA==
 827 | iKi0XKxsivI728hyUbNv9Q==
 828 | iKygDyKEQ+RBHNV1tipHkg==
 829 | iLj7EOWlNryTsqekWcZaSg==
 830 | iOT+QKetxw4ZMBes438nYw==
 831 | iPkbVi+dhsykLmnvR1GiwQ==
 832 | iTLtyiWRiqye9GWlh46wEg==
 833 | ig295VyXfcr7WjYatMZGzg==
 834 | ivazQmxWOmBExSIpF1J9sQ==
 835 | iycgIIyCatQofd0XXxbzEg==
 836 | j/XRd0lirr08bFIgBvS/wQ==
 837 | j7PNUBNq7qkfcPWU/tXauQ==
 838 | jJZ4j/xjSQxWtngCk52e1Q==
 839 | jNbcLmxTzydpF1DHOhhxyQ==
 840 | jO6Do3PKndQb3DVPQuLf0A==
 841 | jcrU8WDhgrth1FdRnwsklw==
 842 | jeoq9Gpi/YnSyIFq97Ldkg==
 843 | jjYTxI4L+KCuuJZqHq0x1Q==
 844 | jpcVaBhNkx7MS1SxRecpmg==
 845 | jpkjzDBNhdCe82Gigv3qOw==
 846 | jqdfJBP9tITnYZKxXU1CDg==
 847 | jw2r2XPI4j4OLFDYtD2Rtw==
 848 | jwgaFzdpReuEuPkkown+EA==
 849 | jx1IcFTh6W2atCS/Bc6t/w==
 850 | k3eHFlm5B8vqOSRwvxKTgw==
 851 | kCCaUwSKJ86Yd51edXFa0w==
 852 | kF5zCKYapekD1nfECd6ZnA==
 853 | kFZz7FHqbXBmYS1NW/8cWQ==
 854 | kKKRmFDe0Ji9g5AdJ3apcA==
 855 | kKYxEOWn0H5+YNlfX7IObA==
 856 | kN2OaR5TqldmZlrcHqDnZA==
 857 | kPH+bIxk5D2deZiIxcaaaA==
 858 | kPH+bIxk5D2deZiIxcabaA==
 859 | kPH+bIxk5D2deZiIxcacaA==
 860 | kPv59vyqzj00x11LXJZTjA==
 861 | kYB5/1U8tcXXof88H8xPlA==
 862 | keTRMjLlMXCLFDnIqztsoQ==
 863 | khEcHvSJbAUPM/pIyK9mPw==
 864 | kqTJCp1featbhyw7jTFYYw==
 865 | kv58wnIjGD/z8oOrD7u//w==
 866 | kvehJmOhxUH28P3Fqxd3TQ==
 867 | kxOUUaWSF4AL6r8DvkfOOg==
 868 | l6NgJ0Cx3EQypphGotpi5g==
 869 | l8UXW+AoYklIH7we3bAXIg==
 870 | l8cc6d2xpkT1yFtLIcLHCg==
 871 | l8gw/I0XGAljwxThcoc4xw==
 872 | lAOnKOpdoUY1UNhmfTPGdw==
 873 | lKAvKzqZizqW6NIKXznH6A==
 874 | lOwFgM/dqZXXBxaqaby7sQ==
 875 | lT2UvDUmQwewm6mMoiw4Ig==
 876 | ld/TklCGmgoKjASiaZO4Vg==
 877 | lpqAaZD3J+4O/qFz4OmPrA==
 878 | lt181dcQVz/Bo9Wb8ws/Cg==
 879 | ltOUZ4rRGyU5N+NOgSj41g==
 880 | m0/5ZZ9L4jjQXn7MREr/bw==
 881 | m05ZZ9L4jjQXn7MREpb7AA==
 882 | m8QW9x8efj+drr+BlCcz9A==
 883 | mIccZhQt6EBHrZIyw1FAXQ==
 884 | mLA5w3x7Snh+IpB93uhEUw==
 885 | mRfrdiNj7616ZfHZ1GGgzw==
 886 | mSfK3eJLpnu10P4EJCOptg==
 887 | mXFxXYeWJk9VlusBnG4O8Q==
 888 | mY7wtxGTzm45WjekUJ/8jA==
 889 | mZF/GuHb8Ru01c4AqhcUKA==
 890 | mbPOU6Bicp+qfM40ZtCtew==
 891 | mkdlTv+aEXnrrn9aF8djwQ==
 892 | mt1dfvEhxJ5iCG0XAKwXtw==
 893 | mwTvS9wftMmeo/VCLhhD7Q==
 894 | n/H/9WotS/XT7xCChs2WLQ==
 895 | n8T5hZWHAj1K8XTbt4qbNQ==
 896 | nP3VFneEItDmYUwme2842Q==
 897 | nYlUKrxAB6geGRVWkxMOSw==
 898 | nfvFo4PjKBkLiTEpo3APHw==
 899 | nixWQpJdDKLAxpEwjlmFiQ==
 900 | nlBYYjIH6ROTrOo8bUaSjw==
 901 | nlDRTKndpcIXZD/+ZnSbWQ==
 902 | nx12iAW12CkB4R/KsijG2A==
 903 | nxfo1oYcJCo1knGwEiFMWg==
 904 | o+x6Hu8oT3P+/v0wrLM2Qw==
 905 | o0JRyHDliwkfVGLlBBFXZg==
 906 | oGAJj5ptvxn+fePc7p12Rw==
 907 | oOb9pJBSAdWN7lhifj3sLQ==
 908 | oPH+bIxk5E2enZiIxcqaaA==
 909 | oPYfpwZrE5YZqV7kQtDaGw==
 910 | oPgANeWJACdwQd4NJ1zHKw==
 911 | oT4m6z+gd+Qj0ZBz1RZ5qg==
 912 | oX/XTCGgj2bIVBr4TEwzEg==
 913 | ob7j+RFt0AYRlj80VVdRyg==
 914 | odfMvPFeBz8CkTGcrIvdFg==
 915 | oeOAqlwsz7YGh/IqqhQ+Jw==
 916 | oektKzqtSu8kpqcsS2Sg4g==
 917 | ofjz4Ln/Wl7FuMC9Vg19mA==
 918 | ok14FnCz9IltBii+BiXveg==
 919 | ok8wssACq+UGPk78xx69fA==
 920 | osJ0HzCBt5/Y0umy+9Qqaw==
 921 | otifL/3x7EznbJPnyZ+ECQ==
 922 | ouaD8k/vPrj3ciMATK+2/w==
 923 | oy8ELUj/VgzlCNdWf3h//Q==
 924 | p3dp8ojPX4R0GRMVeSAd4Q==
 925 | p5BESMRL9wyZ1oj7B6geHg==
 926 | p6bIYZCynq7cXFFrdGAl1Q==
 927 | p7NcX6q0slluQCAWEGdwVQ==
 928 | pKLt7P9oogEfSc77KEQoZQ==
 929 | pLed3YBRRIhitK3C8+PxHA==
 930 | pSj0ujKIu9rqWE6KiqkXwQ==
 931 | pSnUw0ykd+COIvsJGFq3rg==
 932 | paVp5kn5aOLQwNXf4XIBjQ==
 933 | pbnA+Qzen1vjV3rNqQBLHg==
 934 | pcJOpNekDJEtXIFb7TeU8g==
 935 | phDoODMycFSFCdBTTmDxNQ==
 936 | pnAyV1S2EggTG1uJqbGomw==
 937 | prx0GOkoatLNrtYIbfoPxQ==
 938 | psEX/kWfxE0INGre8QDHDw==
 939 | pvXSm7Eh4i0LqULmcFyUhw==
 940 | q4rYOgVnG2Qi+yYQZgprew==
 941 | qIhbwUpNl6YUe+gjPP/NEg==
 942 | qJnaEQtpTumShsoEBPTS/w==
 943 | qKfduuy+f7TW8BnOJuZeHw==
 944 | qMEzyGxs6PcHCe16m+DZKA==
 945 | qMQfy3WOiHLyYkzcXpNsLA==
 946 | qPr9FPiu5Vu+6soaD2W9Rw==
 947 | qQFtSnnj/sx7vu51ixAyEQ==
 948 | qTxK2Riqb0nIq02mZ30Y2A==
 949 | qUbzSwjhBfAWpOiOugYe5w==
 950 | qajDHDT91DFjQvf+vZR7Kw==
 951 | qvi4m0lRfl0Zizk5ip1r5A==
 952 | r0e3c16IdVkouZgk1TKVMg==
 953 | r20flUTNuoVqV3fnJsMUwg==
 954 | r89fpQXp13fmF4kzUfDuoA==
 955 | r8eg47skSEyfA2btmErRQQ==
 956 | rD03BQk2kdBkqqNNL+HWVA==
 957 | rDzITdJ0ayTaG3S1pulFxQ==
 958 | rE7cQLcfrjoHVUhU31kALw==
 959 | rEXZ5oHbZOKgs2MBJdTkEA==
 960 | rFLib6x+ktTecvkpxt6OFg==
 961 | rGbM1vT+zLmRqThyn/VIwQ==
 962 | rMe6KnHoN/7M1YE/EPRhhQ==
 963 | rOR/3TpLLCVwLC7l07r90Q==
 964 | rOvHadwM8KttfSOi/q1Pvw==
 965 | rPNqM6uKFCyaL10AK51UkQ==
 966 | rQQKRPVmmpIQ8cljFPHIYQ==
 967 | rQc3dKkwP45hAb2pXHnM/A==
 968 | rVeaKPC//gvovFD1If4nHg==
 969 | rVnuqPTlXkEtQR0CsdxV9w==
 970 | rXLUcoImJP8RBgP8L64uGQ==
 971 | ra/xC+nrOTuI/vPdLYfpGQ==
 972 | ran5rq7YzA6hG7wQTZsP6Q==
 973 | rcuaIKtKMQbZh9O+LQ0y9A==
 974 | rdHI8JgsiklSqDiHj6FTPg==
 975 | rdOa2Brixuhnc+K2+lcNFw==
 976 | ri7bl4Q32mnFLX4HyqJyYQ==
 977 | rvovJeBXWeI4ohSPNnfzjw==
 978 | s/wTft5+uSaONMF3vnlZkw==
 979 | s0KTA3mFLUprK4AvVhsdag==
 980 | s2SE9y32PvLeYo+VGFpcKA==
 981 | s2mFzuS3Cw985oS++umoGQ==
 982 | s9h9uiscldRNfCNy672Xfg==
 983 | sAcbMSdf2dz4hBtz+uKGsg==
 984 | sBCqEOwraWJEHpOJjWPU4w==
 985 | sBZ+y0i5UfLmLwf5EjXHlg==
 986 | sFTAHkio5ljbhBxWWiDh+Q==
 987 | sGhc4rkEcYumNA8WahqwJg==
 988 | sHdIjUN6tzhl8xZMG3ULCQ==
 989 | sIfaz3uuv/KpmCp70W/gwQ==
 990 | sNr3NaS3o58cvxyL6tC5WA==
 991 | sZ6glnU252P46aeK1qEQog==
 992 | sdodasF2xI446mVp5UIM2A==
 993 | sfXaK7Slf0qPeQNEi7jK8Q==
 994 | sgIQrqUVxa1OZRRIK3hLZw==
 995 | siHt7SxnHhaI86OIrArMwA==
 996 | slnGASPnV2E1ZDCU8Yrd0Q==
 997 | srNnRz3w7RBWKCU/zjTmYw==
 998 | sy05dMAiiJtLfoCo29xjrg==
 999 | t41dczuACfHuZK1tckv/5Q==
1000 | t50cFSIgZ9c/86OCrZ8X7w==
1001 | tDxnIAIcal1pg0ajWxI56A==
1002 | tEOJKNEX+Q/FthUWNLwxOw==
1003 | tFHEWD1iAftKlAO+h7FrWA==
1004 | tQa31QsLrMT3gp3EjMu4Vw==
1005 | tTDwW0Tn4cQQcp8Qu23ZTQ==
1006 | tVWukoRTPhoMyRHJ0Verfw==
1007 | tW0NnDW8fP83y5Q5HMr6ew==
1008 | tXdQr43/fZpfP3LT0dWgIQ==
1009 | tfYteaCxNqGoDe5WGPKHBQ==
1010 | tiNQp1lwJCnEvU4CsZoDjw==
1011 | tiVV6g3uZBGfgshesAQbjA==
1012 | tpXDa3rd1T8Is3Esk6774A==
1013 | tuPBaCh7xvo/aaqL3dbw6g==
1014 | u6jFX/puCoaWgj605jG2Aw==
1015 | uA/LpLw5VGa5ZAOYlKqFYg==
1016 | uEqDzVoHwFd6bOmWF5mfkA==
1017 | uHDj/ApSuPah0ATdmFtneQ==
1018 | uQq7qzqMdTkReRclk/vg3w==
1019 | uXCDAhHvZ2Xi2JrMQPHz0w==
1020 | ueLnhDgNYs0l6CNY2ie0HA==
1021 | uiZDeD9f999GmetIA4wspw==
1022 | uizChCzf7D4gHr7cYhJysg==
1023 | uppV9kZeD8kihlYY+VAGCQ==
1024 | uvZe+X2+GyV/zzgVdNOUyw==
1025 | v4M2sMhcxz5zXpWst9LxDg==
1026 | v4nkwWOqi6gO4pTD1kwdXg==
1027 | v6J1Z6oJcUCCJeg/U7q4qA==
1028 | v9hbbr19KYfwYMODGS4fVQ==
1029 | vIFcqWLpL5sZN0NKuRRLcA==
1030 | vKjf7jtnLVzKlpiEBj6g6g==
1031 | vXP33AonIp9bFwGl7aT7rA==
1032 | vY2CPWf08YvTlxHZHxJB5g==
1033 | vYFLuRvchlgmo3fWMEAVOA==
1034 | vzKf4la46A+sdpblFEn60A==
1035 | w2vMYewyr+KXmNlv39XEEQ==
1036 | w793pPq5ZVBKkj8OhV4KaQ==
1037 | wGiHplamyXlVB11UXWol8g==
1038 | wH1KOSuiv7Kn6GeNVZ9+7w==
1039 | wMa+wwDpXgJwyjrqQGre5Q==
1040 | wRTQp0M40hcUq6p22x6DNQ==
1041 | wY5M5k/cJ5cd8Scms+Ivvw==
1042 | wgMkUJ0+IHKwc163fwW6WQ==
1043 | wpKnsDvV7zzReQSmY05Jfw==
1044 | wrjUh2ttBPQLnT4JVhriug==
1045 | wyLZMDifwq3sW1vhhHpgKA==
1046 | wyY0puJrynwfuBoX/5SfXg==
1047 | x5RT17zr46N4v32uMGoT7Q==
1048 | x8OUddV52M1sD2iX1TgwPQ==
1049 | xVmmoltfpb8tTceuT5R7Bw==
1050 | xY/Py8rrXpIaiP5DYHKHJQ==
1051 | xaOWanZ5FMwjZLcg3OkZpg==
1052 | xfHhfJa8H2fhxb70d4wPhg==
1053 | xliLxYKmWp7FdJDTvR64aw==
1054 | xvhzjL0Dz3zX0J5H6+G7mw==
1055 | xxOUGpTHB6ZL6FcjXxNmZg==
1056 | y+iKxEfLmoz/46fcMdne5g==
1057 | y+lrzDXb0bQi74d7a2YsoA==
1058 | y9N/A+XzRNmFhBSJMnwtew==
1059 | yNeUgSzL/CfiWw1GALg6Ag==
1060 | yWz42JvzwNDc/xifdSINLA==
1061 | yeAAo1E8BOeAYfBlm4NG9Q==
1062 | yg8tW9kDLR7wzoSLvPwvwg==
1063 | ygJw7ry1XevpnCys1hOmZg==
1064 | ykFi595/Fl04fJ2xuBYwYw==
1065 | yl3gvDmII9F74JQSaPUuIA==
1066 | ypb2mLD/Y9ZF4LlsPGRJUw==
1067 | ys6irM6SToSvJtWOfere4Q==
1068 | yunQrhFO8OmTyUwFz/OCVA==
1069 | ywM+CNdZoaXVGX9ybf9btQ==
1070 | z4rUCB8E9U71fFOwh//GjA==
1071 | z9Pdt1YVDM+4O0qjVSMz1g==
1072 | zC8aC11AVNa1g3rHB5p8tg==
1073 | zFz5Hu1NTuGLNZfmmPRUuQ==
1074 | zGB+ygayX4v8GHrp/vYOyg==
1075 | zGTO3faB2+62LU9ZV81b8w==
1076 | zH+m8pQ49HUq3Ru7Oym9/w==
1077 | zIiHplamyXlVB11UXWol8g==
1078 | zKi5alGrBnK0lWU0rLZfrQ==
1079 | zSyK5Kp6PZAAjlT+eeNMlg==
1080 | zWbMTzTmFtUVciUE3Yo2Xg==
1081 | zZG0cSIvFgY83wrVLVYj/w==
1082 | zcR8SLYBJFyOknQxqW46Hg==
1083 | zfDkwwF9ydiIbXTMxRaHGA==
1084 | znJ984VkEEKwW5ZbbCYd0Q==
1085 | zx9DvPzTSauVSdn2XDWIdg==
1086 | zy1KJFZ6eucDxK6nGW0xcQ==
1087 | 


--------------------------------------------------------------------------------