RotoRouter 1.0 - Traceroute log & fake

[humble () HUMBLE GERBIL COM (#include)]

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime () docserver cac washington edu for more info.

--0-124077869-902877552=:3840
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.BSF.4.02.9808112046021.4159 () humble gerbil com>

-----BEGIN PGP SIGNED MESSAGE-----

Preface
-------
  Arhghghghghghg... Is there a portable way to read raw udp? This version
  does only linux (I believe) as nothing else seems to wanna read incoming
  traceroutes from a raw socket. This is presented only as a proof of
  concept, and you should be aware that everything which follows sucks like
  a fat intern in the oval office. I will do my best to include something
  semi-workable in another release. To get future versions see the Contact
  information at the bottom. Maybe I'll add latency faking next. =)


Program
-------
  RotoRouter v1.0 (pronounced row-toe row-ter) by Richard Thomas (Humble).
  A program for logging and faking the standard unix udp-based traceroute.


Purpose
-------
  The other day I noticed something interesting. When someone is about to do
  a DoS, it is common place for them to traceroute to the target, launch the
  attack, and traceroute again to see the effect and get a hard-on, secure
  in the belief that their traceroute will never be noticed. They commonly
  trace from their home machines (99% of packet warriors have 28.8k modems
  and bandwidth envy, right :P), or if nothing else from the hacked machine
  they are attacking with. This gives an invaluable opportunity to log the
  real ips of the attacker.

  During the process of researching traceroute, I noticed something else.
  Traceroutes can be faked. The generic unix traceroute operates like this:

   - Send a UDP packet to the final destination, port P, ttl T
   - Receive the ICMP Time Exceeded msg generated when ttl expires
   - Print the source of the Time Exceed msg and how long it took to receive
   - Increment P, increment T after X number of probes

  Where P defaults to 33434 (32767+666, aka how to count by powers of two in
  hell), T starts at 1, and X defaults to 3. Simple right? Well the
  interesting part happens on the final hop, which looks something like this:

   - Send a UDP packet to the final destination, port P, ttl T
   - Receive the ICMP Dest Unreachable (Port Unreachable)
   - Print the source of the Dest Unreachable msg and time it
   - End traceroute.

  The final hop (the target of the traceroute) makes some interesting
  assumptions. We assume that the port we are probing to is not listening,
  and the destination will automatically generate a dest unreachable msg.
  But what happens if there IS something listening? No dest unreachable msg
  is generated, and the traceroute never ends (well it times out after 30
  hops by default, or when the user gets bored and hits ctrl-c). If there IS
  something listening, it now knows the source of the traceroute, and how
  many hops it is from the source. Log it.

  Since we are listening on those ports and preventing the kernel from
  generating a dest unreachable, their traceroute will now timeout. BUT,
  what if we send back spoofed Time Exceeded and Dest Unreachable ICMPs?
  Guess what, it shows up on their traceroute. You now have complete control
  of where their traceroute goes (from 1 hop above you until they hit 30
  hops). What can you do with this? Applications are left as an exercise for
  the reader. But some suggestions:

   - Lead them to your neighborhood oc48 where they promptly piss themselves
   - Lead those stupid smurf kiddies away from your vulnerable routers
   - Lie to customers about your bandwidth (be like sy.net!)
   - Scare your bgp loving friends with odd routes, watch their heads explode
   - Make the final hop reverse to "this.traceroute.has.been.logged.com"

  "But wait," you say, "I'm one of the good guys, and I think someone is
  pulling my chain. What can I do?" Well, the fake responses are generated
  by making assumptions about the traceroute assumptions, so just change
  some defaults. For example, the -n option can be used to change the
  default base port.


Downsides
---------
  Welp like any good program there are always downsides. I'll just save
  people the trouble of pointing them out to me like I didn't know already
  by listing them all myself.

  #1: You need to be root to run this (or be able to open raw sockets)
  #2: This uses a hefty number of file descriptors. By default 90 (thats 3
      probes * 30 hops) are used to listen on likely ports and prevent your
      kernel from sending the dest unreachable. If this is a problem, muck
      with your kernel and up the fds. Or if you're bored you can change
      the max sockets and base port to lessen your port coverage (ex: if there
      are are 5 internal hops that everyone must go through to reach your
      machine, and you are sure the people you want to lie to will be coming
      from outside your network, you can save 15 fd's by adding 5*3 to the
      baseport and subtracting 5*3 from the max sockets in config.h).
  #3: This could be done MUCH better as a kernel mod. Very true, however this
      program was (originally) designed to be portable, and I'm not going to
      make kernel mods for everyone's unix flavor of choice.
  #4: This doesn't log/fake Windoze tracert.exe traceroutes. Tracert.exe uses
      ICMP Echo requests instead of udp directed at certain ports. If you're
      bored you can make a variant of this program to work w/tracert.exe, but
      it won't be made by me unless someone is paying. =)
  #5: "<insert what's broken here> is goofed." Ohh well, I didn't have the
      time or full range of systems I would have liked to test this more
      fully. The only claim I make is that it works when I traceroute from
      Linux, FreeBSD, Solaris, and even a cisco, to my home Linux machine.
  #6: I deliberatly make no attempts to prevent log-filling floods in this
      version, didn't have time, didn't care, will fix it later. =)
  #7: This code is VERY sloppy. This was a kinda hurried release and I didn't
      have time to nitpick my stuff... Don't use this as an example of a good
      program. =)

   That's it, take it or leave it, it's the best you're gonna get considering
   I could be doing other things that actually help pay bills. =)


Platforms
---------
  I have fully tested this on Linux (libc5 and libc6), and it compiles
  without errors or warnings on FreeBSD, OpenBSD, and Solaris. If you can
  donate an account on another OS for future projects (especially root
  accounts <g>) let me know <humble () lightning net>.


How to use
----------
  Edit config.h, compile:

  Linux: gcc -O2 -o rr rr.c
  BSD: gcc -O2 -o rr rr.c
  Solaris: cc -o rr rr.c -lnsl -lsocket

  By default everything goes to stdout, so you'll most likely want to
  redirect that to a log file and background it. Something like:
    rr 10.0.0.1 10.0.0.2 10.0.0.3 > logfile &

  If you do not pass any params we will just log without affecting the
  traceroute (or using the boatload of fd's), otherwise the first arg is the
  first fake hop, etc. I recommend you use dotted quad ips or else have a
  quick/cached name server.


Thanks to
---------
  Thanks to MayTrickZ for his assistance in nearly every area of this
  project (translation: mad props), Dianora for listening to me ramble 'til
  I figured things out myself, Moogle for next to nothing (but likes to be
  greeted so who am I to deprive him), habit for the spell check, panasync
  for letting me whore bitchx.com, and Temp for not NOT A DAMN THING. =)

  And a special thanks to Dianora for the eggdrop song.

You Wish
--------
  A big giant YOU WISH to Ted Hickman (meek) from sy.net, who tried to steal
  an earlier version of my work and claim it as his own (despite not being
  able to code his way out of a paper bag), after I told him I would not let
  him use this program to lie to customers about their bandwidth.

  And an extra FUCK YOU for trying to steal hardware I co-located, and for
  not paying me a dime for the work I did for him. Wow you can rob a 19 year
  old kid with $5 to his name, you must feel big.

  <meek> all i need is to publish it to bugtraq
  <meek> and it's worthless to you
  <humble> publish what to bugtraq?
  <meek> the source
  <meek> the source you left on humble.sy.net
  <meek> my post will be first


Contact
-------
  IRC:   humble (EFnet)
  EMAIL: humble () lightning net
  WWW:   http://www.bitchx.com/~humble/
  FTP:   ftp.bitchx.com/pub/misc/humble/

-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0

iQA/AwUBNdDPQqZC7z/N4STPEQIT1QCg41G/UyEPnhN03c0zV4vIjsFTUu0AnjUn
7potsm3coCr6NE50xAJA+C8s
=mRpf
-----END PGP SIGNATURE-----

--
Richard Thomas <humble () lightning net> humble@EFnet
pgpk -a hkp://keys.pgp.com/humble () lightning net  PGP key ID: 0xCDE124CF
PGP key fingerprint: 3268 5FDE 715D 1E7F 2D9D  BAC1 A642 EF3F CDE1 24CF

--0-124077869-902877552=:3840
Content-Type: APPLICATION/octet-stream; name="rr-1.0.tgz"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.02.9808112048090.4159 () humble gerbil com>
Content-Description: RotoRouter 1.0
Content-Disposition: attachment; filename="rr-1.0.tgz"

H4sIAArm0DUAA+xaa3vTxrbu1/hXTOk+YAfHuRJoIHBCYsCnkKSJA7T72Y8f
WRrbaiSN0CXGPbv7t5/3XTOS5RC6P7U9H7ZLk3g0s2bNurzrosmyje3e1uZF
/+jkXf+bP+azvbW1v7envlH8bN36rXa29rZ3lNp/tL+3vff40e6+Utv47H2j
tv4gflY+ZV54mVLfZMYUvzdvPtM6+jMY+nM/G/y87L8enKrz1+fqcvD6tH+i
3vUvL49e9+Vhq3We6Ynn69aG/bSUOspm0+V/vV5PDXJVzHSmladSkxXeONJq
7i1UYVSmvUBl3lyVQfpCDWdhrm50locmAaXA6FyZJFqoKEzKz6o9UGMdhfpG
d5SXq8QUszCZKh3lWuVaxzkpzr0k8SzdMPFNjBkgVWRgMjNlAYqTzMRghbvm
xr/WRc9ujH9ppnOdFDqw22ITsAztT5SZgIpvEl+nRVd5SaAWplT5zJRRAK6U
N/dwwGLmFQr8ZQvL2nwW+jM1MVFk5rnKS/86x1muNWh5aoK5ITbLEvyihJS5
8SLsNAl9DampeRhFEIKKF9ghL3g6HCkqAxzXxFq2AKVcx+HG3GTXIliQ8igZ
nUEIkfZykBoaNdWFmpRFCSadgHPKTLY9Nknh+QVIhcnEZLFX4LECd3w4NkVh
4p565y1wzMEDsOQFgYq8Qif+Aoe45kET/RliPOy0aBFmmnlxwyIuTGEuKPtM
3QBQVBsiTUwJWUL3Zr5RGG1/66yjxgt1AaF5WQCtmBgqaL8pY5ys06NxUR0k
D6FmKjLTKXenOhwjZBlemwQkUCbhZ1rWxhhiCBpG0COfZZaavGm5Q6pAJBfA
Ogc0sJA81sK26oIq8HdPfZjpRJ6ZRNN4vDFIU0mBEf2emMuuCgs+gh3GEGka
gQHhHLvEnLpkSb6BASAOdNWFgCGgGYdIrICCrq3dNZZ4U4+WY2pN6slE+4VM
o8I9RTlumKSLGT50Lyq2aqUjTazB4nuYNemK4SW0Y5q2EwO9RC/cUaJF5VTW
nSwJ6Eur2PMhK/hZ+/vv/wvWrFKPTgbHzLLQZDl4utFq50nvybWKTQC35QHB
8Rg/5mFQzJRObhZdlYXTWaEOzjtdBYmFk1WHr7YFOZAPqm3JFtmkN1qpiR+G
xcx5+TS8AW8efQ7eVorPmJS4BGspBJRgVk7ugJFIhWnOY3AvS1FnsB+lTsqs
sjgYpa9zmUYE8TJfGF2KtHunOfEgtOphA518sAahw5ydyKHJRGehb625oSWT
6szjEiIK2AjzA7KlNtSlhjg9dXVyXgnfGdckTHCgQCxYvLwriKzOu6ooIjW0
yy+0ryElWTE4fneuhiH02v/sax1Q0vnU8uQRKOf0Ai7Wn9MQh7ckziEaix+5
KTNYiRNgg5LQod5nZg6R07vIp7m2cUFYsMQGiZ/pGLhMPsP6y1B5E2LKR5UA
IPAHbS0zgEqK4YNEnHMcduKVUSGxYXd3b3dPtXd3Hu8/fri/vw+HuvZkfzz0
gUgF4Sc1cyCkcDwn4oLYTEcRzHBIaMlAC06zbb3x4+oGPXUZxilMSoz3hfqA
hc6WGtgBrUDoMy9NdcII19DNzKRdFzYiyCJvWMsfruYTBpmrBEYP/KVftM+5
qjHS+X3tfkGgUnFBtYeFXd1PbkGxRd76/Kq9xMGK8nJ+B55+ra1cmjIliOR5
Gac8bw501va7rjHOymCuBRtoKOKihvgM14R4c4Q0jHUdHnFJQ4YWFb0S0RDf
fS9CglC5AbTAmXDRlbPTt18iJszJQaXucOKyocHlinLd7i/UqbmTGE0oXzpe
t+axAQkWs2EWQN85TY8uBdnDyMCGdZfdLRq0AajB1p3xCsJaTwbBMsc0CB8z
TAZHFScN8dUvsmjD7yA3WZ6BCciXp5DAl8CxrhNmPl+aShMaHQiAUuwlC8ub
jZs1yNvFPfXWECbEZi6BBLpSZ72x9SbEddF2LrSR1d0AMCqwBn4nOhLaIOME
KmnEF3Lvfi02EjIgV4z01MurIU1GlAzlzpmMSjjzr1WeInmECFcRlEx94St0
wfwFCL0uGUpITqSIHBMSLFOHEyvc9NRPyELJjQRVxGZgT8E/kiIzEYhB3HPR
1BcHmTK7bouEt8XtkL+ABtNaAGEY2TgKvS8tpsOkB6dkjOI85KaMrAJKL9RR
mkbwC/E/qxQ9KSSHThAcdOaHuSQ/NkRLio5IKg4izpyX0yndDcsrhHvLNL7K
lbBjBgsHsMIsZ8YgSff3niyPt6BTw//hl2mYi9HFuY5uqpjkiNE28qJMQ0Ti
uMwm6joMgpA5AWsSkYfsdFNGtAyqRgSWVWRCydV8FIfgOqvyPlmzTGHaY20B
O1/0El1865Dz0qdg7NxpCoi/oeFNslB8VoRpgsBumCMQeIXNAZlcgf2cUTZC
0mSpvfOu9WrsUDT1LBcO71EtvYaxzLy8N9Y66TFvRnYBc7lHQd8TjPLConvP
VjUesq97gwexYmbrHHZKgU/LRW79dUClJ9eN/BeE0jKKeB4ULDDqMGmYywDG
8uKexMOuZZm8A7tTqFtbe6mxDaSATbHN6BuoXqXYq6DXmIA816hfoBnun0y1
A6c6RvfUKwCd/uzRTywfGwkSKcF3l3mVUioYR8EFb0dAsZAQZGEFcWLmSR4C
M6oaQqoIHDG1qieYidiqmsVVwfw/grHlkImj0LOVlbCee5L4pNowkbCHNaXk
qUhwTFgjWaxcwRE7W4OQwyB5UAjqYg+62MIKkwBZL0Psgo7gGxNB0u+2DyyO
aHvyMS3eCOWsTMS7VdtILSDugHHknkmjgs5p3t/tHNgUuxSFwmAnyKeXudkk
jCSg+lmYFigE4Pp1AFLfbzHse0Ds3Zbt/dhUTq0Dfiz4iOAq7VjAJyby5HT5
23AvXuZoNSBfwLkKBbfx3kU22wyQ0h+DcVfFqNwdKfFRcWBHlFsCncWmAxzq
TGoVzHiQaRdA6VS0rtoo+eGC2PtcSdCVQM685IgIAzqxe8mYD3zOPNhkW38+
qPMIR85zlvXI9RQsHuSNlgTdNKaBTZklwqSmM9eC8WdNYblKatnlINm8tCBb
mSXH515iGbWIKJFxLFHI5mP8iMhhprTyCsELNiu6tVRo72r7EaT3QHISLxD9
PFrfdfmsI0XhiBzIV16OCQFFNbPOFJoiRa2LSDgJp72ZdA++23UW6ldtm4BC
eXd1/AZfCmZH0vJxmkV12lPvITk4YAl5IBBLfkUDWRqpePbcExcJpwTiaNGh
ZYXTpPanqu/lwBPQypRzamwKWgv+Wjf2zqVTUKkOspECcBJ5N0b8yZ8ZNop4
rj13LnbM6P8A+E0B2A9hEphfK7gseojDzV5Yz5We9gH91rEi9UAfO8A8PiEf
EWHC4xBBsXMZpEAa1GgsAAnwoMBOhPig+JA1/0pxK04gp/TUjZeFtB/jHK7G
SBgSzEPNNxs8d9W4LBw1JCRzw0OOqWxYFUMFmE/oL81+TOotpE9zKOD06EDd
e4Yz6Mzm47S1zFzDwehEzyW3llytd0+dzWZqLpGqRlTJr5a2KAUN1DBBxAMO
MlDgIPkCIopztu7EwGQR8UnMoJAeHs8am1o2JLCwdb60HP3IC2MQECmFzn3l
yNl1blP0QTP4uSyWn7dsknbVq0zrl5cnXXVpIsjYxWtCIqSOHMw3XYkZC9uu
kVWVz4sx7R/w2DoKx4zG0cLykhh2PzQCrVS6FcjC0jYA7BL2J6hYg9x2mGoP
cd3G7qogIb56hClR16LHBAaOw7K5mFWKe1z7bCASed+/+EnlkUnThWvpzK3T
wtQRdMoMyVRQ9T5drmJ3chzVHPAcSVikIRJ1iANJ4WTCfvWJmFeZ22q7zmAl
aaCaPYnqqwhgm5+KpazYFpIplLDUYUE7ATM3WgZDPrUduLyowsTUsGnNehd4
RajMHIIOmlAl5Y30J6XacsYBECylGJ0x8YDRqzFEmVfdWMiSPd3VHGVghSDG
J3ZJC+VZEU+tQbShfv+RiI9/7XesGYWFFBmI5NQvYyFTEJ1lbOyxhvSyRFgD
odoQz5AsyB+k4KyyQglCgrT6EymjYaO+bcSYZR/77FKQ0LWvIfBfgDzAWySP
2g/l7MxXWLbbxbl6Nn3egdALIoMkQ89m0kT+74h9GbLIrPw5s7g3tv1TLlvB
Vkb9QA5rw0e3OrZUJiKiAzX1fbVxtqM2gJIZ/vV81vuXJ1954k5+oPiwfqA2
oiSP8NMGLZJvpEWNdwlSr7HXWwSQuWS6tB6mciYvqjTIxWTpXVqIdv0PuK80
NiUL81x9OgWIiFZ74K7ZZzoQ6waL21s9/rdd/bFT/bGrnpOekLtPrp0+URMy
tKXIyiUBTj14R86qWDxcMlzyUdmOJy1rl5CtvKmRnLPMq1xtbABGxgYgpgps
C9M85mFeFUEZaHvZ1OImidkhiYTSWNOFzxcrEIuJY+3SGzp6YAr6wKeSr41S
MWXpMoubeKD0qQRKbPqASUxLPJarOruRTnALLp9cUzcrPlaP8tXJMMPyn8WM
LaTkId9S+PK+JtFeBtWJrplseVVQbKnK2pEcI8rkkVTXB4x7fJJSCCcIoybz
7AuRug1iqwKIngn7A5Tz4vWw5TKzvi5OCvnbOqCr3hkzjezLCb7MEWx0/fY2
gq9YRW6zGXZN4NuF9LIRk2BaDFl886HTjC3FWRiDM6TUcCH3ukPBWaF/yI8v
MlIv8fJFQrcQvpF8SeGoSY55c4jC9zMrVIsaQwQeyxts6/RsqI7UydG7UzV8
Mzh9XWHvkbRDHSjQ7J38mxKStyTTaQDhgXnAQKvF0udDmM9aDeUdgQO4nGQo
P51dqQ+DyzckNcSZ30CVMZCqHWt93XFFhVT5XRFGIQFIPFV7kTQTFTUc8v2X
jYZUMCKOJDo8no36oXRLBIbnII8UMg0Lef8CobsWp6u/JBja2LcQNUpYSr2U
r2y8KdFamn3UChMRySlsUiK9Tk205Ggd5Rr5V3R3h8O2IeoWR68WOYMjzFO9
ujr+QaQlgs4Wzg5FDPImSt6RMqRtRMZfNjFtT8iixsKZgYeYHdfvyqykJI47
H0LA/QDgrpJKFGpYsv29WkDSbHvhoNeYLNXa3x6RDR6SjmsLDymEJhqZNhQt
R3lGdT6X2ji0pXBoMx2U3rAO+3YCeegUR/3UmC/4iZgOFouZ5KC2V8UpNug8
r2nMHRQ7Ki+WZJZNzrvGhGVpp8F2LNGeNbnl7Jg1MA5VlWGCfUCn6u1uI/pf
HB8wDxI6qt1/BTpMtfrvjgZvD9RdkZJ9jQ8fZFVRpAebm/P5vLd00s1/2UWb
mPdqeM55kyJtToAENmMkn5vVxNYdtwuOhlcX7mLBe+soB/LsUW+r1Qp/PNo8
ml+9PA1Ozn/89PPx4183T/cuh+f9HwfD7R+Pp3vbrzevFv3zZHa6tetv/fp+
72bwS/5qeFVuHSW/XCWtx6kp8njXN8fZ/mn/0dbno/85enj8JG8dxhfpxPLT
Pz25i5u/+ibGX/PJ7P2fKgf6Q/b4/fs/Su3u7db3f/b2d3j/Z397+z/3f/6M
z3fIQlEUrr08uuyfn10M1+T96dra5nqj56rs3Qr8Ub8IXd9sVUvfHX0cXZ4d
/7D2/dZyncSFgjdd2NtbV7t1rw8LkY/qiXo1OD16O3pzdj56e3b2w+Xo7eCH
Pn6cXn0klRMhbuMWEx3md9Jbsn1wkFnjBzPZEud7VNsfddeIsPfh/l6H8/5q
Ef+//jj/Z5Xyh+3x+/6/vbe7ve/8f3/n8ePH9P+t3Uf/8f8/4/NdddvsGWrO
0PRmz1srQ1E4Xh0rE9Qfwb+flxfsb9waW+SbbMp8OSoV5JfDofGLyA5PBDNG
o6vL/gj1d4U+zRE2/SeNB6+O3p9dNCevhenIBzjxN37d5myR6vxLHtz9wZVx
ZEsgV2yGyYj9wPhrT78ynn5tfBT68VcelsGtB16Wept89MX84JYqdJYlq5q9
V8X7ey2KlpJtyvTV4GM76azhfwgVJfLtB7PCJLl9KiJvAYUt7tqOEvsoqGLH
YcTbVkT8cKIsiaA9GsnU0aij7t9X7W+X46/fDl4ec/yf/1TLr+qZ2ul0ahWW
s1HOHvTamkulGw8C+4BvfJrDZaQThAr8rEfZ+x5dnV70j47fjCTuyQj/qobv
nLtmv530L78ybzh49/G43z9Zq7/2R30Z6Z/cPXM0OB1eHJ1e2lHMHQ2Hb2vJ
1kvOR5eDn/tra+08/FWbSRv+VfqFCtOGbISCTLs9C2bVFOLVyd3zYGSzIGtM
5KT67PtPVseH9mBrj/bFAi6FRpnZIN/cWf0vW03liFc+ZWREX3sq0ZtfFb9y
0a1ZrIDtLJmQl2NbFFcz8xlfFdmp13BoO1faD/i2SrBM+Frx73v/sJNYiSb2
pgam/fa0VTOcjHjRyrJcCxn/njYGrJz462lji1x/kstXzZmEO974LW6eyi7Y
+jwzhRGw4dbVKYhL7erLOu/AFZ2neCq35pjelGmbjWN57Z2pdTy8MaHcidWj
TKfRon3rBOtFRUUmzlDFRjq9LtqO3XoTXvSaZt545N6pte0weX0dmTG4f+9l
wixn5kmQs73DjaUT+7Rlya1zhO8jsbTWTWI1szyZFwSZbIxaFwgiYs70lE2t
TIYTqYEP+fjpysOaxBxPSebux16Sz/WtZ8I3LOJQbcm5WshI1RmSSS+amiws
ZjEbAXlorwzYfqSndnfYo2LDuYzLyCtMptqg0unKct5KCgIqveTFI0gJaczY
vsYJJGcN3S1ydzUNHt3lPfFAlsvVIc/eHOTrkYw9/aJxHapAWmsp8nWLu/UX
8d6irHePei1n5vMZu7RtK73narujrAnTFHHyh4eQ28OHT92QnbZxqHZk5Dd5
rQF9x9i0TNnu4RWV8YJXt3grV/Pqq5ct3GYYcjsdHmKrW/vUBtaZP60IU1Ry
ZHtUvi12R20cU+7lzuuvdi+rNwpePce59jvqof12X219nuDTebrmNpiFXLuk
siTwcIXCU1s4cIllx060loPN/mWxRIAnKxO2sUh1la9MA+sS1bar4C+/tX7H
XWcmL9iZcha/dFUa8tKa3Thn883buvvDipFSb3NqL7fLDhXjv/zdrjfoUCcb
0H+lfi77tl2RPOQrKH4ZLzi9sa5SY+NsWx27M19c69hPF+220+z9Bh/dit+N
57MvB+DH02LWadhZLbklCSu+fwdo/OPaohqrvlVZErxIahQmcuejKU8A+HqY
bnf5c2flgYSndf66A9/XbwE8rHZcTv6+vfPkHzJMPsAQY+hSQyxHn6l2DY9q
Ax4isl1zc6GDZvwUUpJm3THHxV5LPuZlt6Jt2eiqrW61u5Wue3yfp5enq8G9
IaCO0ytkosS5lmLqOPKWpETnxgQrrmrOQ5eVuLl49BVi1cSHdYZil/CSQWNJ
JfavL2vsyPU8ae//2reW3qaBIHwOv2KJlGqtONAUggSuK0VNeBxKqxAJoVJF
aR23llqnitMCQvx35rG7nnUepVzg4D20yXr2NTv7zTebMaD1JJ3eZNc/Go1Y
9d8CoRqOI++xsDSU0XxOA7anzgEQcowIFhdGxm/MpJJdB+sMWwhx2aU5+tYV
nsKfM6sebpdgt4+bim1638AmL726q2uq7HmVy3lBtd3Xe149E+GYeLxnOlYg
S+i5P5ss8WTmadow+hC1t1T34eRkdDw+nuCG+TNa8jz3ej1ny4gnYDSh2inH
qxot8ttIyIOJCHn6Zsls8NAZLBERzBgGs0SUJi4pebQqh7xzRc5SdyuPryEd
uIAjdjNj7ONfG3/agGvz9ZcdXaouVq9g301UsH0VDjK2L0JGPw8tAFxuVzIF
2LU1mw7SkXxamuaTyjyQEho7Y3pY8sMAJUJVAQp36LDdpoYI8KVVE5yDvpZz
bSmrBU4jRBhZRUf0bQygxhDxSyD80yqPznLq1ee0Vd8FDRjycpM0RpwUsSVU
FLfyjEFMYqhtHdAY7KIoPy5WQAmvCm2PwTMbF7O+ko1CiRGyR4Ul95W9AMbg
m+sOlLaVbXvH60gC+3AzZ3xVJNXNsZ+y9Ea1imbIFAXmMdU+wJlznabXd8WV
5owHrrL9IedqFUq3mIkWgXo/v4VeEwyhzmf46Wu+aQSAWSTqCrcEdtmss0Pv
B/UC9Vy9QCIJFmOetEzF+lk5+iVGwOvt/biMg/g+o8ScpwCRTl+C1RCFqfTT
oYHBxNbFYmKIjYwHHJWjJIvpN7Be0IvHGnZAxGMFTAOwuywXTlT5PtQ+9Hkn
YNdgMJr0P34RusFc4dgkZmrTR6jQbCaj/ucQtQGGtlvi8C0lFekmN2kGDrKw
N7q1Qi47PBmOjvhSqKzrHx4OP0nKmhqrgS0DqVA16ddfzG2eFpQ6BKbiBph9
z5Z6T3JSHFLspOTOBj62Ls1CIHypLnLLOv9yqY9dbWXBbs2KEjN0Fu9G2b49
4e1ulLXb3vRZCZvWP3g36h+F0gms0cB2JdgJdmWlm6MwQoNqfP/owCmrKvQ8
yxNdrMd2OgXyCGybK3b0JzMV/3/RvckAc08wNWp2By4DM40uMVNhpm7ohVdO
OcoxUYNei5wtOBvBBKyzJUjrS/5nDykALlfemUoRSsHJc+hxM81yQo3p4vIi
NOEnfL4/PTPwYa/Y8pVgBvqhkIcg0AFZTF0hRkX2AaWdU/09gqaZDLXGCFMC
WHmqTL+g2Ciy5lx6U+NF8X0GzT3BBpLHNd7PbRt9Cyoq2EUF/OtfU+pSl7rU
pS51qUtd6lKXutTl/y2/ARFvx/oAUAAA
--0-124077869-902877552=:3840--