QODS ec

Tuesday, July 13, 2004

PHRACK: Introduction for Playing Cards for Smart Profits



==Phrack Inc.==

Volume 0x0b, Issue 0x3e, Phile #0x?? of 0x??

|=--------=[ Introduction for Playing Cards for Smart Profits ]=--------=|
|=----------------------------------------------------------------------=|
|=------------------=[ ender ]=-----------------=|

--=[ Contents ]=----------------------------------------------------------

1 - Introduction
2 - Dealing with ISO7816 standard
2.1 - Receiving Answer To Reset
2.2 - Sending commands
2.3 - Receiving answers
2.4 - For example
2.5 - Your Rights

3 - SmartCard Man in the middle
4 - BruteForcing unidenfitied cards
5 - Examples of mapping and filesystem
5.1 - Mapping of old french Credit cards
5.2 - File System of SIM Cards

6 - Cyphering with smartcards
7 - Magnetic stripe
7.1 - ISO
7.2 - ALPHANUMERIC
7.3 - BINARY

8 - Synchronous smartcards
9 - Programming a card for ISO7816 purposes
10 - Conclusion
11 - Greetings
12 - Bibliography

Appendix A: Communication log

--[ 1 - Introduction ]-----------------------------------------------------

All what is written in this article must be used for cracking cards
and shouldn't be used to secure already existing application. However,
the aim of this article is to show you how to engage the dialog with
your smartcards (very useful when you don't have a girlfriend to talk
with), and not the way to use already cracked cards.

What you need for studying card is :
- THE standard : ISO7816
( http://www.cardwerk.com/smartcards/smartcard_standards.aspx )

- a smartcard reader (Phoenix)

- optionally a Reader/Writter for magnetic stripes (just for fun).

- maybe a Season -I will explain later-,

- some bank cards,

- and a computer:
- Under Linux/Unix : you can check for shcap
(www.afturgurluk.org/~ender/)
or try SmartCard ToolKit
(http://freshmeat.net/projects/sctk/ )
- Under bill's non-operating system : WinExplorer from Dexter
(www.geocities.com/Winexplorer/)


--[ 2 - Dealing with ISO7816 standard ]------------------------------------

You will need to refer to this standard. Here we will see how to engage
the communication with a smartcard plugged in your phoenix (smartcard
reader), which is plugged in your rs232 port. I have put two examples with :
a credit card, and a SIM card. If no specific card is mentionned in the
presentation of the protocol, it means that the information is valid for all
7816 ISO compliant cards.

----[ 2.1 - Receiving Answer To Reset (ATR) ]------------------------------

First, you will need to reset the card (with an ioctl, or directly
typing 'reset' in a smartcard shell) to boot the card, then it sends a data
buffer to identify itself, and to explicit its specifications such as the
frequency, the programming voltage, the GuardTime the Convention
(inverse/direct)... What is really useful to know is :

The ATR looks like that :
ATR : TS T0 TA1 TB1 TC1 TD1 TA2 ... TDn Tk TCK

TS : 3B Direct Convention
3F Inverse Convention

T0 : gives the number of Historical Bytes (specific to the card)

TD : gives the protocol (mostly T=0 send Word, T=1 send Characters)

Tk : The k Historical Bytes... not really verbose in fact :/

TCK : Just a checksum to verify you have a good ATR...

Nota : If you don't receive 0x3B or 0x3F for TS, maybe you must reconfigure
your soft to receive Byte in another convention...

----[ 2.2 - Sending commands ]---------------------------------------------

The instructions are send to the card via a serial link. The protocol
is explained in the standard but is mereley like an I2C without scl. The
packets are composed with five parts :

CLA : 1 Byte. ISO Class. e.g. :
BC = french credit cards,
A0 = SIM cards,
00 = Moneo/Open cards...

INS : 1 Byte. Instruction. e.g.:
20 = PIN verification,
B0 = Read
B2 = Read record
D0 = Write
DC = Write record
A4 = Select directory
8x = Encryption with key 'x', the algorithms depends on the card,
C0 = Get answer...

P1, P2 : 2 Bytes. Parameters, mostly it's an address to read/write.

LEN : 1 Byte. Length expected for the answer or lenght of the argument

ARG : LEN Byte. Argument you give for the instruction (bytes to write,
data to cypher, PIN to verify...), sometimes, the card must answer
a byte of aknowledgement -depending on the instruction- between
each bytes in the argument buffer.

----[ 2.3 - Receiving answers ]--------------------------------------------

To aknowledge to a command, the card send the instruction byte back to
the terminal, then a length of datas equal to the parameter LEN of the
command, and finish with SW1, SW2. ( 0x90 0x00 when the operation was
succesful ). If the operation wasn't successful, then only SW1 and SW2 are
sent, with a specific error code :

0x6E 0x00 CLA error
0x6D 0x00 INS error
0x6B 0x00 P1, P2 error
0x67 0x00 LEN error
0x98 0x04 Bad PIN
0x98 0x08 Unauthorized Access
0x98 0x40 Card blocked
...


----[ 2.4 - For example ]--------------------------------------------------

Here are some examples taken from shcap. You can download it from
.
But you can do the same with 7816shell

If you use Shcap :
oops:~/7816/shcap_rel$ sudo ./shcap

Terminal> help
Shcap v0.0.9 by ender

connect - Connect to the Serial port given with -D parameter
XX .. XX - Send XX .. XX to the card
log - Log comm between card and terminal (need a season)
bf - Try to find ISO CLA byte of the card
reset - Reset the card
direct - Set direct convention
inverse - Set inverse convention
cd XX XX - Select directory XX XX
cat XX XX - Read rd_len bytes at address XX XX
readrec XX - Read rd_len on record XX of current file
get N - Get N bytes of the answer
login - Verify PIN given
cypher XX .. XX - Cypher 8 Bytes
set - Set parameter :
cla=XX Set the iso class to XX (default 00)
key=X Set the cyphering key to X (default 0)
rd_len=N Set the read lenght to N (default 8)
timeout=N Set the poll timeout to Nms (default 500ms)
help - Display this help
quit - Exit the shell

###### Example with a Bull CP8 mask 4 BO' (french credit card) ######
Terminal> connect

Reset for a B4/B0' :
ATR: 3F 65 25 08 93 04 6C 90 00

Analysing the ATR :
3F - Convention inverse
6 - TB and TC sent (if TD is not sent, the protocol is 0 : send words)
5 - 5 historical Bytes
25 - TB : Programming current : max 50mA - Programming Voltage 5V
08 - TC : GuardTime : 8 * 1/9600Hz = 833us

Historical Bytes
93 04 6C 90 00 --Note that the 90 00 change to 90 10 after a first
wrong PIN code


Reading Constructor Area of a B4/B0' :
Terminal> set cla=bc
ISO CLASS set to BC

Terminal> set rd_len=8
READ LENGHT set to 8

Terminal> cat 09 C0
--Read at $09C0 8 bytes
Card> B0 19 DF 64 08 1F F4 0F B0 90 00

Analysing Constructor Area :
19 DF 64 08 : Card Serial Number
1FF4 / 0FB0 : Free Read area : $07F8 / Access Control : $03E8
90 00 : ok


Signing Data with salt in [07E8] :
Terminal> set key=0 --Cipher 8 Bytes with K0
KEY set to 0

Terminal> cypherCB 09 11 15 04 16 00 07 E8 --ARG=09 11 15 04 16 00 [07 E8]
Card> 90 00 --Instruction ok

Getting response :
Terminal> get 8 --Get answer 8 bytes
Card> C0 12 4F 54 A3 64 C5 2B 07 90 00 --12 4F 54 A3 64 C5 2B 07 ok

##### Example with a SIM card for GSM #####
Terminal> set cla=a0
ISO CLASS set to A0

Verifying PIN 12345678 on a SIM :
Terminal> login --Check PIN 8 Bytes
Enter your PIN code : 12345678 --The PIN is encoded in ASCII
Card> 90 00 --PIN ok

Selecting /TELE
COM/SMS/ directory in a SIM :
Terminal> cd 7f 10 --Select TELECOM dir : 7F 10
Card> 9F 16 --Dir description, 20Bytes
Terminal> cd 6f 3c --Select SMS subdir : 6F 3C
Card> 9F 0F --Dir description, 15Bytes

Reading msg (15 Bytes) :
Terminal> get 15 --Get 15 Bytes
Card> C0 00 00 ** ** 6F 3C ** ** ** ** ** ** ** ** ** 90 00

Reading the 3rd SMS of current file :
Terminal> set rd_len=176
READ LENGHT set to 176

Terminal> redrec 3 --Read record 3, 176Bytes
Card> B2 00 FF .. FF 90 00 --status = 00, data=0xff..ff
Terminal> quit

Well. That's all for the examples...not really dificult, isn't it ?


--[ 2.5 - Your Rights ]----------------------------------------------------

SmartCards use some kind of filesystems, so there are some rights (xrw)
for the different areas are files. The right to execute is obviously for
instructions only...
Generally, for a single-provider card, there are three levels :

-Nobody, when you boot the card you are not yet identified...
-Owner, you are "logged in" when you enter your PIN
-Provider, there is another code named PUK you can't know. It is
used for example when you stupidly block your card, to reset the
blocking mechanism.

In a SIM card (at least, the SIM card I have worked on), you cannot
read or write if you didn't login. When you enter (the instruction name is
verify) the PIN, then you can read, and even write in some files (mostly
in TELECOM directory, containing your SMS, your dialing numbers, etc.).
In credit cards, which are divided in areas, you need the PIN just to
read/write your Transaction Bulletin (at least for french ones... It is also
a major security hole if the PIN is not verifyed dynamically by the bank).


--[ 3 - SmartCard Man in the middle ]--------------------------------------

Something which is very useful for studying smartcards is a Season :


_____________ __________
| |-- 6 |-- |
| Terminal | |--/------------| Card |
|___________|-- | |________|
|
/ 3 Display ;)
___|____ ____________
| Season | 3 | logging: |
|________|------/-----RS232-->| 3F 16 15 |
|__________|


You need to connect 6 wires from your smartcard to a Wafer, but only 3
to your computer. If you have read the standard, you now that there is only
one pin dedicated to the Input/Output. You also need to connect the ground
(useful to have a reference...) and the Reset pin in order to start logging
when the card boots. It will permit you to log the dialog between the
terminal and the smartcard. This the most common way to analyse a smartcard
when you have an access to the terminal, but you might want to study the
terminal with a logic analyser awfuly expensive and reverse the results on
the screen of your oscilloscope (might sound very silly, but someone did
that :p). If for some reasons you don't have any physical access to the
terminal, report to next part.
The scheme for a season is quite simple, you can add some LEDs to see what
is going on. The MAX232 is here to convert the 5V from the card pins to
the 12V of the RS232 link of your computer (or laptop ;).


+-------------------------+
| |
+-----------------------------|-+ LED 3mm R1 250ohm|
| 1 _ _16| | ____|/|___/\/\/\__+
| -| |_| |-+ | | |\| |
| +---------------+ -| M |---|-----+ | Connector ISO
1 | | | -| A |---+ __|__ |
__|_|_______ 5 | -| X |- ///// 1 |______ 5
| | | . . ._______ | -| 2 |- /+_| __+-------+
\ . . . . / | | -| 3 |---------------------------+_| |___| |
6 \_______/ 9 | +---| 2 |-----------------+ |___|__|_+----+ |
DB9 | -|_____|- | 4 \__|__|__/ 8 | |
| 8 9 +---------------------+ |
| |
+-------------------------------------------------------+
__|__
/////
Scheme for a season

ISO Pins DB9 Pins
1. Vcc 5. Gnd 1 2 3 4 5
2. Rst 6. Nc DCD RxD TxD GND
3. Clk 7. I/O 6 7 8 9
4. Nc 8. Nc

Don't forget to add 4 x 0.1uF between pins 2-16, 15-6, 1-3 and 4-5 of the
MAX232. You can refer to the MAX232 datasheet for more details (ascii scheme
are not that clear...)

Now you have to log the data, just write somewhere on your hard drive
the datas sent and received by the card. You can try this with the 'log'
command in shcap, or with the program 7816logger from sctk.

The real problem is to analyse these datas.

* Firstly, the card send an ATR (which stand for Answer To Reset).

* Now that the terminal know the identity of the card, it can send
instructions composed firstly of 5 bytes.
* Then the card repeat the code of the instruction and the terminal can
send the argument buffer if it is not empty, then the card can answer,
* et caetera...

You can try to search the ISO class (sent just after the ATR) and try to
indent your log with just this information, and the knowledge of the
"protocol" as explained earlier...

After that, you should be able to recreate the behaviour expected by the
terminal, excepted for the cryptographic instructions... but this is another
problem. You have surely heard of S/DPA (Single/Differential Power Analysis),
DFA (Differential Fault Attack) or Time Attack which are the current means for
retrieving "easily" the keys stored inside cards. But this is not our topic.

Obviously, if you want to make an attack against a terminal with such a
system, you can : by overriding the real card, recording what the card
must answer, and processing the answer before replaying. The processing could
be used, for example, to make the terminal believe the PIN you entered was the
good one (because you are evil and you are trying a card which is not yours),
by putting the card in standby and reproducing the behaviour of the card as
if the PIN was really the good one...
It only works if the authentification system of the smartcard doesn't need
the PIN for generating the certificate, which is not really common.
Well, if you can reproduce the authentification, it is not necessary to do
such an attack, because you can get rid of the original card, but it is not
an easy way ;)

You can find at the end of the article an exemple of a communication between
a credit card and a terminal. The datas inside the cards are not always
obvious to guess. Generally, you can hope to find an official documentation
somewhere, or try to see the changes that happen between each use of the
card.


--[ 4 - BruteForcing unidenfitied cards ]----------------------------------

When you don't know the ISO class of the card you want to play with,
you can bruteforce the iso class. It is not very dificult if your computer
is able to count from 0x00 to 0xFF.
By retrieving the error codes from the card, you know the class is the good
one because the card send you an INS Error (6D 00), instead of a CLA error
(6E 00).

So you've got it. And instructions are public, so I put some
examples upper, and others are in the ISO7816, and on the Internet...

smartcard_standard_ISO7816-4_6_basic_interindustry_commands.aspx>

To guess the architecture of a card is a different matter. Always try the
instruction 0xB0 to see if you can read some addresses, and you'll can
interpret the error messages if you cannot read. If the smartcard has got
a filesystem, you can verify it with selecting (ins 0xA4) the root directory
0x3F00, and see what is going on. Get the response to see if there are some
other directories.
As you know the error code for a P1 P2 wrong (bad address) you also can try to
evaluate the capacity of the card: 8ko ? 64 ko ?. It works only if there is no
filesystem, like in credit cards... See for examples down here :


--[ 5 - Examples of mapping and filesystem ]-------------------------------

----[ 5.1 - Mapping of old french Credit cards ]---------------------------

Bull CP8 mask B0-B0'

_____________________
$1000 | Constructor area |
|___________________|
$09C0 | |
| FREE READ |
|___________________|
$07F8 | Transaction |
| Bulletin |
|___________________|
$03E8 | ACCESS COUNTER |
|___________________|
$02B0 | SECRET AREA |
|___________________|
$0200 | N/A |
|___________________|
$0000


----[ 5.2 - File System of SIM Cards ]-------------------------------------

--GSM SIMcard

3F00 ROOT dir
|
\__2FE2 Card serial Number

7F10 TELECOM
|
|\__6F3A Directory
|\__6F3B Fixed directory
|\__6F3C SMS
|\__6F40 Last calls
|\__6F42 SMS pointer
|\__6F43 SMS status
|\__6F44 Dialing numbers
|\__6F4A Extension 1
\__6F4B Extension 2

7F20 GSM
|
|\__6F05 Language
|\__6F07 IMSI
|\__6F20 Cyphering Key
|\__6F30 Provider selector
|\__6F31 Search Period
|\__6F37 Account Max
|\__6F38 Sim Service Table
|\__6F39 Cumulated calls
|\__6F3D Capability Config Param
|\__6F3E Group ID 1
|\__6F3F Group ID 2
|\__6F41 Price per unit
|\__6F45 Cell Broadcast msg ID
|\__6F74 Broadcast Control Chan
|\__6F78 Access Control Class
|\__6F7B Providers Forbidden
|\__6F7E Location Info
|\__6FAD Admin data
\__6FAE Phase ID

Then, you can log the communication between your SIM card and your
mobile phone if you want more information ;)

--[ 6 - Cyphering with smartcards ]----------------------------------------

All smartcards can cypher or generate a certificate to authenticate
itself to a terminal or a provider. Mostly the instructions 0x80 to 0x8F are
used to do it. To get the answer, just ask for it with the 0xC0 instruction.
Open cards are made particularly to such things. Open means you can
find all the documentation you want about it on the Internet
(www.opensc.org), so I won't stay on it...
The encryption system in smartcards is mostly to authenticate the card.
But all its security do not depends only on the cryptographic mechanisms
inside the card. The protocol is generally the weak part of the
authentication...

--[ 7 - Magnetic stripe ]--------------------------------------------------

Magnetic stripes on smartcards are very common. As this is a completely
passive way of authentification, it can easily be cloned. However, it also
means that all the difficulty is in the interpretation of the data contained
in the stripes and the understanding of the algorithms for cyphering
discretionnary data in the case you might want to generate your own card,
or just change some information.
You will need for this part of a magnetic stripe reader. It is quite expensive
but it is also possible to make its own driver and do it with just a tape
recorder. You can try cmread http://www.afutgurluk.org/~ender/cmread.tgz
for a driver on LPT1.

Depending on your software and hardware, you will have more or less easily
these informations : the density of encoding, and the number of bits per
character. For the number of bits per character, if you have read with the good
number of bits without errors, then you have to check the parity bits. Normally,
the soft you used to read the stripe is able to to do such a thing, other wise
the method consist in :
- Take the first bit equal to 1
- Check the parity on the first 5 bit
- If it is not OK, then try with 6,7,8 or 9
- Try on the next pack of [5,6,7,8,9] till the end.
- Check the LRC

There are two ways for detecting error, the first is with the parity bits, the
second is the LRC for Longitudinal Redondancy Check. The character of the track
is equal to the XOR of all characters.

There are 3 different cases easily recognizable :

----[ 7.1 - ISO ]----------------------------------------------------------

ISO-1 (210 bpi - 7 bits) : The stripe is divided in several parts :

- '%' Start sentinel
- 'B' Format code
- Primary account number (your account number on your credit card for example)
- '^' Field separator
- Name of the owner
- Field separator
- Expiration date (4 BCD numbers)
- Service Code (101 for VISA, ...)
- Discretionnary data
- '?' End Sentinel
- LRC

Example :
% B 0123456789012345 ^ MR SMITH JOHN ^ 9910 101
123456789000000123000000 ?

It is not compulsory exactly like that, but it cannot differ a lot.

ISO-2/3 (75 bpi - 5 bits):

- ';' Start Sentinel
- Primary Account Number
- '=' Field separator
- Expiration date
- Service code
- Discretionnary data
-
'?' End Sentinel
- LRC

Example:
; 01236789012345 = 9910 101 123456789000000123 ?

Note that the PAN (Primary Account Number) must verify the Lhun Algorithm.

The standard is ISO-7811 if you want more information...

----[ 7.2 - ALPHANUMERIC ]-------------------------------------------------

It is quite like ISO, but a bit less verbose. You just have the same
Start sentinel depending on the number of the track (1 : '%', 2 & 3 : ';'),
the same Field Separators, and End Sentinel. Between Start and End Sentinels,
you have data coded in BCD or ALPHA separated by the field separator of the
track related.

----[ 7.3 - BINARY ]-------------------------------------------------------

Keep in mind that there is not necessarily a structure like that.
Sometimes bit are put in desorder, as if the designer of the stripe was
completly drunk and was playing dice with friends to know what to do...
Just use your card and try to understand what has changed.

--[ 8 - Synchronous smartcards ]-------------------------------------------

I just put this part in order to do a complete tour on smartcards. This
type of card is very lame, They have a poor capacity (less than 1kb in
general), they don't always respect ISO standard for pins. What is sure is
that you have 2 pins for Vcc and the ground, 1 pin for the Clock, 1 pin for
the reset, 1 pin for the I/O, and sometimes 1 pin for the Vpp (programming
voltage) and 1 pin for the Write Enabled.
They don't have an ATR. They just react on negative edges of the Clock
pin by sending the next bit (or first if it is reseted) in its memory on the
I/O pin. If you can write, you will need a different voltage put on the Vpp
pin (up to 21V) and enable the Write pin. Generaly, you just can set a bit
from 1 to 0 beacuse of the OTP (One Time Programmable) technology used
inside (you just flash a fuse in the chip).
French telephone cards use such a technology (Merci, France TeleCom.) ;)

--[ 9 - Programming a card for ISO7816 purposes ]--------------------------

If you can read this line, it is because Phrack has accepted my
article without asking me to paste some of my codes to write a bloody
tutorial to code your own smartcard emulator using a pic from microchip
(www.microchip.com) and then you will need to think by yourself if you are
interested in how to write such programs (it is not very obvious...). As I
am nice and gentle, I give you the most common architecture :

- Send the ATR (On each reset it will restart here)
- Wait for the first Byte (ISO class) and verify it is the right one
- Receive the second byte and compare it with each byte INS you have
implemented, other wise send an error.
- Jump to the part of code written for the INS asked for and process the
arguments
- Then you have 2 choices (The Hacker's Choice is the best :p) :
* use an eeprom to save all your datas, and then read and write
it in order to complete the instrion asked for by the terminal
* use the PIC flash, by writting a list of RETLW 0xXX, determine
the offset of the Byte nee
ded and then just add this offset to
the current Program Counter.

Some advises :

- ISO 7816-3 is your friend ;)
- Never forget the parity bit to send datas, and also the ACK (or NACK)
when you receive
- Wait for a ACK from the terminal, if it is a NACK, just send again,
and it will works
- Write your own code, it will avoid you from silly bugs you don't
understand that could lead you in prison in case of problem (big brother
is always watching you, you cannot be wrong...)
- Don't do too nasty things, work only on an emulated terminal on your
computer :p
- Google is your friend to find URL for programming PIC-based smartcards

--[ 10 - Conclusion ]-----------------------------------------------------

No need to work in a laboratory to play with smartcards security at
an interesting level. Don't believe that S/DPA, or DFA is the only way
to study cards. Some of the articles on such methods are written by people
who has never seen a glitch generator in their whole life...
Eventually you just need an old 486 and a soldering iron to find security
holes in smartcard protocols and then buy some food with emulated credit
cards, phone friends with a self made SIM card watching numeric tv with a
self made viaccess/seca smartcard and enter in almost place protected with
smartcard or magnetic cards. Or just keep it for you ;)

--[ 11 - Greetings ]-------------------------------------------------------

Roland Moreno ;)

--[ 12 - Bibliography ]----------------------------------------------------

-PC et Cartes a puce, Patrick Gueule
-Ender's Game, Orson Scott Card
-The Hitchhiker's Trilogy, Douglas Adams
-Discworld, Terry Pratchett

--[ Appendix A: Communication log - old_log.txt (uuencoded) ---------------

<++> ./old_log.txt.uue

begin 744 old_log.txt
M("`@("`@("`@("`@("`@(",C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C
M(R,C(R,C#0H@("`@("`@("`@("`@("`@(R`@("`@("`@("`@("`@("`@("`@
M("`@("`@("`@("`@(",-"B`@("`@("`@("`@("`@("`C("!(3U=43R`Z(%!A
M>2!7:71H(%9IM("`@("`@("`@("`@("`@("`@("`@("`@("`@("`C#0H@("`@("`@("`@("`@
M("`@(R`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@(",-"B`@("`@
M("`@("`@("`@("`C("`Q-"\P,2\R,#`R("`@("`@("`@("`@("`@("`@("`@
M(PT*("`@("`@("`@("`@("`@(",@("`@("`@("`@("`@("`@("`@("`@("`@
M("`@("`@("`C#0H@("`@("`@("`@("`@("`@(R,C(R,C(R,C(R,C(R,C(R,C
M(R,C(R,C(R,C(R,C(R,C(R,-"@T*#0H@("`@4VEM=6QA=&EO;B!O9B!A('1R
M86YS86-T:6]N(&)E='=E96X@82!CM;&EC871I;VX@#0I","<@86YD(&%N(&5L96-TM:6YA;"!#2T0@4S(P-3`N(%1H92!N;W1A=&EO;B!IM("`@("`^/E1EM="`H-"!B:71S*2!O9B!E86-H('=OM(')I9VAT("AR=RD@;V8@#0ID871AM(&%R96$@6S`Y($,P72X@#0H@("`@,B`M(#,N("!R96%D+6]N;'D@9F]R($%L
M;`T*("`@(#8@+2`W+B`@M9"D-"B`@("!&+B`@("`@(')E860O=W)I=&4@9F]R(%5S97(-"E)E860@:6YS
M=')U8W1I;VX@.B!"0R!","!;04$@04%=($Q%+"!W:&5R92!!02!!02!IM;B!A9&1R97-S(&%N9"!,12!T:&4-"FQE;F=H="!I;B!B>71E+@T*0WEP:&5R
M(&ENM($,P(#`P(#`P(#`X#0I7M05T@3$4L('=H97)E($%!($%!(&ES(&%N(&%D9')EM;&5N9VAT(&EN(&)Y=&4N#0I!8VMN;W=L961G92`Z(#DP(#`P#0I4:&4@:6YS
M=')U8W1I;VX@:7,@86QW87ES(')E<&5A=&5D(&)A8VL@=&\@=&AE('1EM;F%L+@T*0U-.+"!-86YU9F%C='5R97(L(&%N9"!0;VEN=&5UM82!AM"GP@24Y315)4('P-"GP@($-!4D0@('P-"BLM+2TM+2TM+2L-"@T*+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+0T*("`@(#X^1D8@("`@("`@("`@("`@("`@("`@("`@("`\+2T@
M4F5S970-"B`@("`S1B`V-2`R-2`P."`S-B`P-"`V0R`Y,"`P,"`@/"TM($%4
M4B`H06YS=V5R(%1O(%)EM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+0T*#0HO*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ#0H@*B!296%D('1A8FQE(&]F(&%R96$@("`@("`@("`@("`@("`@
M("`@("`@("`@("`@("`@("`@("`J#0H@*B`J*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ+PT*#0H@("`@
M/CY"0R!","`P.2!#,"`R,`T*("`@($(P(`T*("`@(#%$(#E&($8U(#$V("`@
M("`@/"TM(%)E861I;F<@<&]I;G1EM(#PM+2!!1$P@/2`P."`X,"`H.48@,$$I+"!CM:&%N(#$Q+SDY#0H@("`@,$$@0S,@,$$@-3<@#0H@("`@,#D@1C$@,#@@1#D@
M#0H@("`@,T8@134@,C`@,#(@("`@("`\+2T@0W)E9&ET(&-AM871I;VX-"B`@("`P."`T1"`P,"!",2`@("`@(#PM+2!-86YU9F%C='5R97(@
M240@*%-H;'5M8F5R9V5R*0T*("`@(#0T($,R(#A!(#!%("`@("`@/"TM($-3
M3B`Z($-AM(#DP(#`P(`T*#0H@("`@/CY&1B`@("`@("`@("`@("`@("`@("`@("`@(#PM
M+2!297-E=`T*("`@(#-&(#8U(#(U(#`X(#,V(#`T(#9#(#DP(#`P("`\+2T@
M0512("A!;G-W97(@5&\@4F5S970I#0HM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM#0H-"B\J*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BH-"B`J($%U=&AE;G1I8V%T92!#87)D('=I=&@@82!S=&%T:6,@
MM*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHO#0H-"B`@
M("`^/D)#($(P(#`Y($,P(#(P(`T*("`@($(P(`T*("`@(#%$(#E&($8U(#$V
M("`@("`@/"TM(')E861I;F<@86=A:6X@;6%N=69A8W1UM("`R,R`Y1B`P02!#,R`-"B`@("`P02!#,R`P02`U-R`-"B`@("`P.2!&,2`P
M."!$.2`-"B`@("`S1B!%-2`R,"`P,B`-"B`@("`P."`T1"`P,"!",2`-"B`@
M("`T-"!#,B`X02`P12`-"B`@("!%0B`T.2`Y1B!#0R`-"B`@("`Y,"`P,"`-
M"@T*("`@(#X^0D,@0C`@,#@@13`@-S`-"B`@("!","`@#0H@("`@,D4@,#,@
M,S`@,S,@("`@("`\+2T@<')O=FED97(@,#,@.B!!=71H96YT:69I8V%T:6]N
M(%9A;'5E("A24T$@,S(P(&)I=',I#0H@("`@,S`@,#`@,#D@,C$@#0H@("`@
M,T(@,D8@.#0@-40@#0H@("`@,T$@1CD@.$4@-$0@#0H@("`@,S(@.#(@03`@
M,C<@#0H@("`@,S8@1C@@,30@-#$@#0H@("`@,S0@1C$@-$8@140@#0H@("`@
M,T(@-30@1#$@,C,@#0H@("`@,S,@,38@0CD@-#$@#0H@("`@,S,@1C0@.#(@
M0T,@#0H@("`@,S$@1D,@.3(@1#0@#0H@("`@,S,@.$,@-S4@138@#0H@("`@
M,S(@1C(@,$8@-SD@#0H-"B`@("`R12`P,B`S."!&,2`@("`@(#PM+2!PM:61EM(#PM+2!004X@.B!0M(#@P(#8W("`@("`@/"TM(#0Y-S$@,38W-"`X,#8W(#8S,S$@*$-R961I="!!
M9W)I8V]L92D-"B`@("`S-B`S,R`Q1B!&1B`-"B`@("`S,2`P,2`Y.2`Q,2`@
M("`@(#PM+2!&86)R:6-A=&EO;B!$871E(#H@,3$O.3DL('9A;&ED('5N=&EL
M;"`P,2\P,@T*("`@(#,R(#4P(#`R(#`Q("`@("`@/"TM($QA;F<@,C4P(#H@
M9G(@+R!-;VYE>2`R-3`@.B!FM(#,R(#4P(#,T(#DW("`@("`@/"TM(%)302!E>'!O;F5N="!E(#T@,RP@5FES
M82!#87)D("@T.3M(")-4B!*14%.($U!4D-/("`@("`@("`@("`@("(@#0H@("`@,T$@-#4@-#$@
M-$4@#0H@("`@,S(@,#0@1#0@,34@#0H@("`@,S(@-#,@-$8@,C`@#0H@("`@
M,S(@,#(@,#(@,#(@#0H@("`@,S`@,C`@,C`@,C`@#0H@("`@,S(@,#(@,#(@
M,#(@#0H@("`@,S`@,C`@1C$@,#`@("`@(#PM+2!"24X@.B!"86YK($E$($YU
M;6)EM("`@/CY&1B`@("`@("`@("`@("`@("`@("`@("`@(#PM+2!297-E=`T*("`@
M(#-&(#8U(#(U(#`X(#,V(#`T(#9#(#DP(#`P("`\+2T@0512("A!;G-W97(@
M5&\@4F5S970I#0HM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM#0H-"B\J*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BH-"B`J
M($%U=&AE;G1I8V%T92!O=VYEM("`@("`@("`@("H-"B`J("HJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHO#0H-"B`@("`^/D)#($(P(#`Y
M($8P(#`T#0H@("`@0C`@#0H@("`@-#0@0S(@.$$@,$4@("`@("`\+2T@0U-.
M#0H@("`@.3`@,#`@#0H@("`@#0H@("`@/CY"0R`R,"`P,"`P,"`P-"`-"B`@
M("`R,"`@("`@("`@("`@("`@(#PM+2!!M-"`X1"`S1B!&1B`@("`@(#PM+2!024X@/2`Q,C,T#0H@("`@.3`@,#`@#0H@
M("`@#0H@("`@/CY"0R`T,"`P,"`P,"`P,"`-"B`@("`T,"`Y,"`P,"`@("`@
M("`@(#PM+2!2871I9FEC871I;VX@4$E.+"!/2R`[*2`-"@T*+RHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*@T*("H@1V5N97)A=&4@0T%)(&9OM("`@("`@("`@("`@("`@("`@*@T*("H@*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*B\-"B`-"B`@("`^
M/D)#($(P(#`X($0P(#`T(`T*("`@($(P("`@("`@("`@("`@("`@/"TM(%)E
M861I;F<@1VQO8F%L($-H96-KM1B`-"B`@("`Y,"`P,"`-"@T*("`@(#X^0D,@.#`@,#`@,#`@,#@@/"TM($-Y
M<&AE2D@9F]R($-!22P@M24XI#0H@("`@-T8@#0H@("`@/CXP,0T*("`@(#=&(`T*("`@(#X^,30-"B`@
M("`W1B`-"B`@("`^/C(Q#0H@("`@-T8@#0H@("`@/CXU-`T*("`@(#=&(`T*
M("`@(#X^,#@-"B`@("`W1B`-"B`@("`^/C`P#0H@("`@-T8@#0H@("`@/CXP
M.`T*("`@(#=&(`T*("`@(#X^1#`@("`@("`@("`@("`@/"TM(#`Q(#$T(#(Q
M(#4T(#`X(#`P(%LP."!$,%T-"B`@("`Y,"`P,"`@#0H-"B`@("`^/D)#($,P
M(#`P(#`P(#`X(#PM+2!296%D:6YG(')EM("`@("`@#0H@("`@,#$@,30@,C$@-30@,#@@,#`@,#@@1#`@/"TM(%=E;&PN
M+BX@35D@86YS=V5R(#LI#0H@("`@.3`@,#`@#0H-"B`@("`^/D)#(#@P(#`P
M(#`P(#`X(#PM+2!#>7!H97)I;F<@*$-"0R!-;V1E*0T*("`@(#=&(`T*("`@
M(#X^,C$-"B`@("`W1B`-"B`@("`^/C4T#0H@("`@-T8@#0H@("`@/CXP.0T*
M("`@(#=&(`T*("`@(#X^,#`-"B`@("`W1B`-"B`@("`^/C`X#0H@("`@-T8@
M#0H@("`@/CY&-2`@("`-"B`@("`W1B`-"B`@("`^/C`X#0H@("`@-T8@#0H@
M("`@/CY$,"`@("`@("`@("`@("`\+2T@,C$@-30@,#D@,#`@,#@@1C4@6S`X
M($0P72`-"B`@("`Y,"`P,"`-"@T*("`@(#X^0D,@0S`@,#`@,#`@,#@@/"TM
M(%)E861I;F<@M1C4@,#@@1#`@#0H@("`@.3`@,#`@#0H-"B`@("`^/D)#(#@P(#`P(#`P(#`X
M(#PM+2!#>7!H97)I;F<-"B`@("`W1B`-"B`@("`^/C`Y#0H@("`@-T8@#0H@
M("`@/CXR,`T*("`@(#=&(`T*("`@(#X^,4,-"B`@("`W1B`-"B`@("`^/D,S
M#0H@("`@-T8@#0H@("`@/CXQ1@T*("`@(#=&(`T*("`@(#X^1C<-"B`@("`W
M1B`-"B`@("`^/C`X#0H@("`@-T8@#0H@("`@/CY$,"`@("`@("`@("`@("`M+2T@,#D@,C`@,4,@0S,@,48@1C<@6S`X($0P70T*("`@(#DP(#`P(`T*#0H@
M("`@/CY"0R!#,"`P,"`P,"`P."`\+2T@4F5A9&EN9R!R97-U;'0-"B`@("!#
M,"`@("`@("`@("`@("`@(`T*("`@(#`Y(#(P(#%#($,S(#%&($8W(#`X($0P
M(#PM+2!#04D@*'=H870@:7,@;VX@=&AE(&YO=&4I#0H@("`@.3`@,#`@#0H-
M"B\J*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BH-"B`J(%)E860@5')A;G-A8W1I;VX@8G5L;&5T:6X@
M86YD('=R:71E('1R86YS86-T:6]N("`@("`@("H-"B`J("HJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHO
M#0H-"B`@("`^/D)#($(P(#`R($(P($9#(#PM+2!296%D:6YG('1R86YS86-T
M:6]N(&)U;&QE=&EN(#H@0414#0H@("`@0C`@(`T*("`@(#,P(#`P(#DY(#$Q
M("`@("`@/"TM($1UM(#@P("`@("`@/"TM(&]N(#(W(#H@-30T+#`P($9R#0H@("`@,S,@13`@1#@@
M-C@@("`@("`\+2T@;VX@,C@@.B`U-30L,#`@1G(-"B`@("`S,R!%,"!!1B!#
M."`@("`@(#PM+2!O;B`R."`Z(#0T-RPT-"!&<@T*("`@(#,S($4X($-#(#0V
M("`@("`@/"TM(&]N(#(Y(#H@-3(R+#DT($9R#0H@("`@,S,@13@@044@-S0@
M("`@("`\+2T@;VX@,CD@.B`T-#8L-C`@1G(-"B`@("`S,"`P,"`Y.2`Q,B`@
M("`@(#PM+2!$=7)I;F<@;6]N=&@@;V8@,3(O.3D-"B`@("`S,R`Q."`S,B!#
M."`@("`@(#PM+2!O;B`P,R`Z(#$S,"PP,"!&<@T*("`@(#,S(#(P($)&(#8X
M("`@("`@/"TM(&]N(#`T(#H@-#DP+#`P($9R#0H@("`@,S,@1#@@.48@-#(@
M("`@("`\+2T@;VX@,C<@.B`T,#M("`@(#PM+2!$=7)I;F<@;6]N=&@@;V8@,#$O,#(-"B`@("`S,R`P."`R-R`Q
M,"`@("`@(#PM+2!O;B`P,2`Z(#$P,"PP,"!&<@T*("`@($9&($9&($9&($9&
M("`@("`@/"TM($9IM("`@($9&($9&($9&($9&(`T*("`@(#DP(#`P(`T*#0H@("`@/CY"0R!","`P
M-"!!."!&0R`\+2T@1F]L;&]W:6YG(&]F(')E861I;F<@0414#0H@("`@0C`@
M#0H@("`@1D8@1D8@1D8@1D8@#0H@("`@+BX@+BX@+BX@+BX-"B`@("!&1B!&
M1B!&1B!&1B`-"B`@("`Y,"`P,"`-"@T*("`@(#X^0D,@0C`@,#8@03`@1D,@
M/"TM($%G86EN($%$5`T*("`@($(P(`T*("`@($9&($9&($9&($9&(`T*("`@
M("XN("XN("XN("XN#0H@("`@1D8@1D8@1D8@1D8@#0H@("`@-C8@,#0@,3`@
M13,@("`@("`\+2T@36%X:6UU;2!F;W(@<&%Y;65N=`T*("`@(#M($$P("`@("`@/"TM($-AM-R!D87ES#0H@("`@.3`@,#`@#0H-"B`@("`^/D)#($(P(#`X(#DX(#(T(&9O
M;&QO=VEN9R`H96YD(&]F(&%D="D-"B`@("!","`@#0H@("`@-S4@-S0@.3,@
M13`@("`@("`\+2T@0W)E9&ET(#,P,#`L,#`@1G(@979EM("`@-S<@-S0@.3,@13`@("`@("`\+2T@0V%S:"`S,#`P+#`P($9R(&5V97)Y
M(#<@9&%YM,#`P+#`P($9R(&5V97)Y(#<@9&%YM/"TM(%!EM("`@/"TM($1A>2`Z(#$X,RP@3&]C871I;VX@,#$L(%!EMM#0H@("`@-S`@1D8@.$8@1D8@("`@("`\+2T@1VQO8F%L($-H96-KM("`@1D8@1D8@1D8@1D8@#0H@("`@.3`@,#`@#0H-"B`@("`^/D)#($(P(#`S
M(#$P(#`T(`T*("`@($(P(`T*("`@($9&($9&($9&($9&("`@("`@/"TM(&9I
MM("`@(#X^0D,@1#`@,#,@,3`@,#0@/"TM(%=R:71T:6YG('1R86YS86-T:6]N
M#0H@("`@,D8@(`T*("`@(#X^,S,-"B`@("`R1B`-"B`@("`^/CM,D8@#0H@("`@/CXR-PT*("`@(#)&(`T*("`@(#X^,3`@("`@("`@("`@("`@
M/"TM(#,S(##M:"!J86X@,C`P,@T*("`@(#DP(#`P(`T*#0H@("`@/CY"0R!","`P,R`Q,"`P
M-"`\+2T@4F5A9&EN9R!WM("`@,S,@-S`@,C<@,3`@("`@("`@#0H@("`@.3`@,#`@#0H-"B`@("`^/D)#
M(#M("`@(#DP(#`P(`T*#0H@("`@/CY"0R!","`P,R`Q,"`P-"`\+2T@5F5R:69Y
M:6YG('9A;&ED871E("AV86QI9&%T:6]N(&)I="!IM,"`-"B`@("`S,R`W,"`R-R`Q,"`-"B`@("`Y,"`P,"`-"@T*+RHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*@T*("H@1V5N97)A=&4@5F5R:69Y97(@0T%)("AK97ER:6YG(#,I("`@
M("`@("`@("`@("`@("`@("`@*@T*("H@*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ
M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*B\-"BTM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2T-"B`@("`^/D9&("`@("`@("`@("`@("`@("`@("`@("`@/"TM(%)E
MM*$%NM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2T-"@T*("`@(#X^0D,@
M0C`@,#D@1C`@,#0@#0H@("`@0C`@#0H@("`@-#0@0S(@.$$@,$4@("`@("`M+2T@4F5A9&EN9R!#4TX-"B`@("`Y,"`P,"`-"@T*("`@(#X^0D,@0C`@,#D@
M-3`@,#0@#0H@("`@0C`@#0H@("`@,S`@,#0@.3<@,3$@("`@("`\+2T@4F5A
M9&EN9R!B96=I;FYI;F<@;V8@4$%.(&9OM"B`@("`^/D)#(#@T(#`P(#`P(#`X(#PM+2!#>7!H97)I;F<@*#-R9"!K97DI
M+"!386QT(#T@,#D@-3`-"B`@("`W0B`-"B`@("`^/C(V#0H@("`@-T(@#0H@
M("`@/CY$1@T*("`@(#="(`T*("`@(#X^138-"B`@("`W0B`-"B`@("`^/C)"
M#0H@("`@-T(@#0H@("`@/CY&0PT*("`@(#="(`T*("`@(#X^1C$-"B`@("`W
M0B`-"B`@("`^/C`Y#0H@("`@-T(@#0H@("`@/CXU,"`@("`@("`@("`@("`M+2T@,C8@1$8@138@,D(@1D,@1C$@6S`Y(#4P70T*("`@(#DP(#`P(`T*#0H@
M("`@/CY"0R!#,"`P,"`P,"`P."`\+2T@4F5S=6QT#0H@("`@0S`@(`T*("`@
M(#(V($1&($4V(#)"($9#($8Q(#`Y(#4P(`T*("`@(#DP(#`P(`T*#0H@("`@
M/CY"0R!","`P.2`V."`P-"`-"B`@("!","`-"B`@("`S,2`P,2`Y.2`Q,2`@
M("`@(#PM+2!296%D:6YG(&9A8G)I8V%T:6]N(&1A=&4@9F]R('-A;'0-"B`@
M("`Y,"`P,"`-"@T*("`@(#X^0D,@.#0@,#`@,#`@,#@@/"TM($-Y<&AEM9RP@M,@T*("`@(#="(`T*("`@(#X^-#<-"B`@("`W0B`-"B`@("`^/C8T#0H@("`@
M-T(@#0H@("`@/CXP.0T*("`@(#="(`T*("`@(#X^-C@@("`@("`@("`@("`@
M/"TM(#@P(#A"($8Y(#DR(#0W(#8T(%LP.2`V.%T-"B`@("`Y,"`P,"`-"@T*
M("`@(#X^0D,@0S`@,#`@,#`@,#@@/"TM($=E="!R97-U;'0-"B`@("!#,"`X
M,"`X0B!&.2`Y,B`T-R`V-"`P.2`V."`-"B`@("`Y,"`P,"`-"B`@("`-"B`@
M("`^/D)#($(P(#`Y(#M92!F;W(@M(#`P(`T*#0H@("`@/CY"0R`X-"`P,"`P,"`P."`\+2T@0WEP:&5R:6YG('=I
M=&@@M-0T*("`@(#="(`T*("`@(#X^-C@-"B`@("`W0B`-"B`@("`^/C-�H@("`@
M-T(@#0H@("`@/CXP.0T*("`@(#="(`T*("`@(#X^-S`@("`@("`@("`@("`@
M/"TM($1#(#DX(#$Y(#$U(#8X(#-&(%LP.2`W,%T-"B`@("`Y,"`P,"`-"@T*
M("`@(#X^0D,@0S`@,#`@,#`@,#@@/"TM($=E="!R97-U;'0-"B`@("!#,"`-
M"B`@("!$0R`Y."`Q.2`Q-2`V."`S1B`P.2`W,"`-"B`@("`Y,"`P,"`-"@T*
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+0T*#0HK+2TM+2TM+2TM*PT*?"!2151)4D5:('P-"GP@
M($-!4E1%("!\#0HK+2TM+2TM+2TM*PT*#0I%;F0@;V8@=')A;G-A8W1I;VX-
%"@T*#0H`
`
end

<++> ./old_log.txt.uue

|=[ EOF ]=---------------------------------------------------------------=|

0 Comments:

Post a Comment

<< Home


Get Firefox!