==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 4 of 18 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART II ------------------------------------------------------------------------------ +===================================+ | CONSTRUCTING AN FM BUG | | -------------------- | | | | written by | | + Obi-1 | | * edjjs@cc.newcastle.edu.au| | * * | | | | $ Written for Phrack | | x$x if any other magazine | | $ wishes to print this | | x$x article they must let the | | author know in advance | +===================================+ INTRODUCTION Before anything this article sole purpose is to teach everyone out there about electronics. If you do build it use it at your own risk. You will need a decent knowledge of electronics and how to solder some components. So if you dont know how to build electronic kits and want a bug you can buy one ready-made from me, just write to the e-mail address above. Ok enough crap.. so you ask what is an FM bug, well an FM bug is like a tiny microphone that can transmit crystal clear audio to a near by Walkman/stereo etc. The range of the bug we are making is about 800 meters, and the battery life is about 100hrs on a normal alkaline battery. This bug however is not to be moved while in use, so you cant put it in your pocket and walk around. There are other bugs on the market but this I found to be the most reliable and relatively easy to build. The actual size of the PCB is only 2cm X 2cm! However the battery is actually the biggest component. Some parts like the Surface Mount resistors, air trimmer and electret microphone maybe hard to find. I find mail-order catalogs are the best source of parts as they have a bigger range than a store like Dick Smith. I did not actually design this circuit, Talking Electronics did, but felt everyone out there might like to know how to build one of these. The surface mount resistors can be replaced with normal resistors but I recommend using the surface mount resistors as they give more of an educational experience to this project If you dont have a clue how to build a bug and have no knowledge of electronics whatsoever e-mail me and you can purchase one pre-built from me. COMPONENT LIST Resistors 1- 470 R surface mount 1- 10k surface mount 1- 47k surface mount 1- 68k surface mount 1- 1M surface mount Capacitors 1- 10p disc ceramic 1- 39p disc ceramic 1- 1n disc ceramic 2- 22n disc ceramics 1- 100n monoblock (monolithic) 1- Air trimmer 2p-10p Other 2- BC 547 transistors 1- 5 turn coil 0.5mm enameled wire 1- electret mic insert- high sensitivity 1- 9V battery snap 1- 15cm tinned copper wire 1- 30cm fine solder 1- 170cm antenna wire NOTE: use 170cm of electrical wire for the antenna, this length will give you maximum range, however since the antenna wire needs to be extended when bugging the concealability might be a factor. You can shorten the wire's length but this will shorten the range yet make it easier to conceal. Weigh the factors and do whats right for you. ASSEMBLY OF CIRCUIT First familiarize yourself with the layout of the components. Now the only polarized (parts that have to put around the right way) are the two transistors, the battery and the microphone. All other parts can be soldered either way around. I recommend using this order for assembly as it is the most practical and easiest way to build the bug. 1. 5 surface mount resistors. 2. 6 capacitors. 3. 2 transistors. 4. air trimmer 5. 5-turn coil. 6. battery snap. 7. microphone. 8. antenna wire. READING RESISTOR AND CAPACITOR VALUES If you dont know how to read the value of a surface mount resistor or disc ceramic capacitor read on. Surface mount resistor: These have three numbers, with the first two digits being multiplied by the third. The third digit represents how many zeros after the first two. For example a surface mount resistor with code 1-0-5 would mean that the first two digits (1-0) would be multiplied by 5 zeros. To give the value 10 00000ohms or 1Mohm. Capacitor: These are similar to the above but the base number is pF or pico farads. eg a capacitor labeled 2-2-3 has the value of 22 000pF. HOW IT WORKS The FM bug circuit consists of two stages: an audio amplifier and a RF oscillator stage. 1.THE AUDIO AMPLIFIER STAGE The microphone detects audio in the form of air vibrations that enter the hole at the end of the microphone and move the diaphragm. The diaphragm is a thin piece of metalised plastic and is charged during manufacture. Some of these vibrations pass down a lead which touches it to and into a FET transistor. A FET transistor has a very high input impedance and does not have a loading effect on the charges. The audio then gets passed through a BC 547 transistor which amplifies the sound around seventy times. The BC547 then passes it to the base of the oscillator stage. 2.THE OSCILLATOR STAGE The 47k resistor picks up the pulse from the transistor and then turns the second or oscillator transistor ON, but the 47k resistor has a value so that it will not turn the transistor on fully. So the feedback pulse from the 10p capacitor turns it ON fully. Normally a transistor is turned ON/OFF via the base, however it can be also done by holding the base firm and differing the emitter voltage. In the FM bug this is whats done, the 1p capacitor holds the base firm and the 10p feedback capacitor differs the emitter voltage. However for a capacitor to do this the emitter must have a DC voltage that can be increased and decreased. The DC voltage is about 2V and the base will be 0.6V higher than this so the base voltage is fixed at 2.6V by the 1p capacitor. The voltage does not rise or fall when the oscillator is operating only when the audio is injected into the base via the 100n capacitor. This is how the circuit works and continues like this at a rate of about 100 million times per second. The oscillator is designed to operate at around 100mhz, however this figure is dependent on a lot of factors such as the 6 turn coil, the 10p capacitor and 470R and 47k resistors also and the figure of operation is about 90mhz (my FM bug operated at 88.5mhz). GETTING THE BUG READY FOR ACTION Ok so you have built the bug now and are ready to use it. Well first of all you will need some sort of FM radio. Alright put the bug next to or near the radio's antenna. Turn the bug and the radio on. Alright starting from the bottom end of the radio's FM scale. Slowly progress your way through the FM band. Usually your bug will tend to be around the 85-95mhz range. Once you hear a beep (because your bug is close to the radio) or any other strange static noise stop. Alright you might have been lucky and your bug is exactly tuned already, however in most cases you will need to adjust your bug slightly. Using a small screwdriver slowly turn the air trimmer, whilst doing this babble out some words, stop turning until the echo of your voice through the radio becomes crystal clear. Your bug is now tuned and you are ready to put it to use. You might have some problems with your bugs frequency being exactly same as a radio stations. No problem, by compressing or uncompressing the coil you can change your bugs frequency. Use the coil method if your bug is in the middle of a few radio stations frequencies, if you just need to move it up or down one or two mhz then use the air trimmer. PUTTING THE BUG TO USE Many of you already have your ideas on how to use the bug. Remember it might be illegal in your Country/State/city to use this bug in the way you intend. Hey its up to you I dont mind, however I take no responsibility if you get in trouble. Anyway here are a few "friendly methods": 1. CHRISTMAS. Yes it will soon be that time of year again, and this time also brings a great opportunity to discover some of those family secrets or maybe even find out what lame presents those relatives have brought you and save you from the disappointed face they will see when you open it. Okay put the bug either in the pot the tree is standing in or fasten it to a branch relatively close to the bottom of the tree. We place it at the bottom of the tree because the antenna needs to be extended if we want really cool range. Okay put the bug in its position and then unravel the wire all over the tree. 2. TV listening. Okay if you are out in the backyard whether it because you want to, or there is some chore that needs to be done. You can listen to a favorite TV show, or a basketball game or such. I know your saying why not listen to the radio, well you now have a choice of listening to a radio station or one of the 10000000 TV channels your state offers you. Set the bug up about 3-5m away from the TV, then adjust the TV volume so that it is just right to hear on your radio. 3. Bug-a-friend. Okay you can bug your friend to see what he/she is up to. Okay you will need to know where your friend goes and then previously go there and set up the bug and your listening point. Make sure that you set up a place where conversation happens, it is very boring listening to insects and such. Conceal the bug anywhere within a 3-5m radius of where your friend talks and stuff. Now conceal yourself and then sit back and listen. Now there are a few of the more "legally friendly" methods, there are thousands more not-so-friendly and even malicious methods that I will leave up to your imagination. CONCLUSION I hope the information contained can help you successfully build a bug, and then good luck using it. If you have trouble just e-mail me. If you can not get hold of some of the components, you can order them through me. Also if you want a bug, but dont have the electronic skill to do it, you can buy pre-built bugs through me.. just e-mail me. may the force be with you Obi-1. ------------------------------------------------------------------------------ My short time as a hacker. by Kwoody I live in a small town in northern British Columbia where the city owns the phone company. All of BC is serviced by BCTel, except here in Prince Rupert. The phone company used, up until 1991, mechanical switches, no lie! Tech dating back to the 50's sometime. I know this because I know some of the workers of CityTel. (The name of the phone company). Because of this they were not able to offer all the goodies like Caller ID, Call Forward etc...and it was easy to hack then, not the phone company, but all the other systems in this small town of 16000+ people. I got into hacking sort of accidently. I have had a computer and modem of one kind or other since about 1983. I moved here after high school in 1986 and found a good paying job I have worked at for the last 8 years. One night night in 1990 I was sitting around with my roommate having a few beers and decided to call a buddy of ours to come over but I dialed the number wrong and got a computer tone. Cool I thought... I knew the numbers of the 2 local BBS's and that wasnt one of them. I fired up the computer and called it again. I got the prompt: Xenix 386 Login:. I had some knowledge of other OS's and knew this was some kind of Unix box. A friend of my roomie was going to university (UBC) and he happened to phone that night. I chatted with him for a bit and told him what I had found. He told me to try sysadm or root. I got in with sysadm, no password! I found that I had complete control of the system and it belonged to the local school board. I bought a book on Unix and learned as much as I could about the system and Unix in general. I guess being a rookie (read lamer?) and not knowing shit about how to cover my tracks they discovered the system had been hacked and shut down the dial-in. They went back online a few weeks later and left sysadm wide open no password again. I could not believe it! Even after being hacked they still left their system open like that. By now I was hooked and I wanted to see if there were any other systems in town. I could program a little in Pascal and basic (lame) and tried to write a dialer of some kind. No go...so instead I figured out the script language of Q-modem and wrote a 40 line script that worked. It dialed all numbers sequentially but I did not worry too much about being caught since the switch they used was so ancient because they didnt have caller ID or anything like that yet. I did not know at this time of the hacker community and some of the programs available that would do this already. And even if I did I wouldnt have known where to call and get them. At any rate I had two computers an XT and a 386 both with modems and two phone lines, one I used as my normal voice line and one for data. I setup the dialer on both and away I went. By the time I had finished scanning both the prefixes, 624 and 627, I found about 30 computers. Of those I was able to get into about 10. All of them used defaults and all except the one below were Unix boxes. Although I did find one number that connected at 1200 I think it belonged to the phone company. After I was connected nothing would happen. I tried for a while to get a prompt of some kind then suddenly a line of text appeared that listed two phone numbers and some other stuff that I cant remember. So I just left it alone for a while to see what came up. It soon became clear that the numbers in one column were always one of 4 numbers. RCMP, Fire Dept, Battered Womens Shelter and a second RCMP detachment. It looked like it recorded all calls coming into those 4 places. One hack I did was on a system that dispensed fuel. It was called a KardGuard 3000C. I knew of two places in town that had these systems. One was where I worked and the other was our competitor. And since I knew how it worked it was easy to get in. I saw their volume of fuel dispensed and such and could have done really nasty things like erase their transaction buffer or get free fuel from them. But I didnt since I did not see the point in hurting them or their system even if they were our competitor. For those of you who might find such a system I'll give a brief run down on it. The hardware is limited to 300 bps 7E1 and consists of a few things. You can tell the system as it announces it when you connect: KardGuard 3000C Motor Fuel Dispensing System. PASSWORD: The system uses punch coded cards read by a card-reader. You have a 4 digit security code that you need to activate the pump to dispense fuel. Everything is kept track of by a computer that reads the amount of fuel pumped, date, card number and a few other things depending on how the card is coded. Like odometer reading or car number. Now to get into this system via dial-in all you have to know is the Serial Number of the system. All of these type systems use the serial number as the default password to access it via dial-up. And its easy to get the serial number. If you know the location of the card-reader go and look on the side of it. Generally the actual card reader is housed in a metal box. On the side of the card reader itself near the back is a small sticker and the serial number will be written on the sticker. That was how I did it. I just went to their card reader and took the serial number off it and got in. Once in you can do any number of things. Shut off the pumps or manually activate them without a card and get free fuel, see how much of any product was dispensed. Products range from 0-15. 0 being regular gas, 1 regular unleaded etc. It is fairly limited of what you can do but you can do some nasty stuff to the company who owns it if you know how. A note to this all commands must be UPPERCASE. And all commands are one letter. Like E is for looking up the 4 digit code for individual cards. I dont remember all of them as we upgraded to the latest version of the KardGuard which supports up to 14.4k and is a faster system. After about 3 months of this sort of stuff I was at work one Saturday and got a phone call from a Constable Burke of the RCMP Special Investigation Unit. He informed me that he knew about my hacking and would like to take a look at my computers. I told him that I didnt know what he was talking about, he just said we could do this the hard way and he could get a warrant to search the place. He wanted to meet me at my place in 10 minutes. I said ok. I was shitting bricks by this time. I phoned my roomie and told him to get all printouts and disks out of the house and take them away...anywhere. I took off home and got there to find my roomie gone with all printouts and disks. I fired up the computers and formatted both HD's. Formatting a hard drive had never taken so long before!! I waited for like an hour...no sign of the cops. My roomie came back and said where are the cops? I dont know I told him. I waited some more still no sign of them. I got a call about 3 hours later from a friend of my roomie and he asked if Constable Burke had showed up. I asked how he knew about that and all he did was laugh his ass off! Now I was thinking joke...bad joke...and it was. I managed to find out that this "friend" had gotten someone to pose as a police officer and call me to see my computers regarding hacking. Well the guy he got to pose as a cop did a good job at fooling me. I guess I was just over paranoid by this time. Plus I was really pissed as I lost a lot of info that I had acquired over the previous months when I formatted my hard drives. I guess my roommate had been telling a few people about what I was doing. I was more than a little pissed off at him as I had not told a soul of what I was doing since I knew it was illegal as hell. I got my disks back and burned the printouts and laid off the hacking for a few weeks. I started up again and was a tad more careful. I didnt keep any printouts and kept the info on disk to a minimum. Then about a month later my roommate, who worked for our landlord, came home one day and said that our landlord had been approached by some RCMP officer regarding me and my computers and what I might be doing with them. I said is this another joke? No he said, go talk to him yourself. I did but he wouldnt tell me much except that something was definitely going on regarding me, my phones and my computers. And the RCMP were involved. After asking around I found out that quite a few people knew what I had been up too. All they knew is that I was some guy who had been cracking systems in town. But word had spread and I still dont know how the cops found out or how much they knew. But after talking to my landlord I quit right there and then. I went home formatted the drives again, all floppies and got rid of everything. I had hacked my way through everything in town that I could in about 6 months. Also by this time CityTel had upgraded their switch to some of the latest tech and had Caller-ID installed along with all the other goodies you can get these days. It was definitely time to quit. Not long after I started a BBS that I still run to this day. I figured that was a way to kill the hacking urge and be legit. I dont live with that roommate anymore. I'm married now and still think about it now and again but have too much to lose if I do and get caught. On another note about 3 months ago I was at work and dialed a wrong number. As fate would have it I got a blast of modem tone in my ear. My old hacker curiosity came alive and I made note of the number. We have a small lan at work that has a modem attached and when I had a free moment I dialed the number up. I got the banner: city telephones. No unauthorized use. xxxxxxx <----a bunch of numbers username: I hung up right there but it was interesting to see that I had found CityTel's switch or something of that nature. To this day I dont know if there were any other hackers in this small city where I live. As far as I know I was the only one that did any of this sort of thing. It was fun but near the end I could feel the noose around my neck. And I quit while the quitting was good. Today I help admin our small lan at work with 2 servers and 8 workstations and the Unix I learned hacking helped me when my boss first started to get serious about computerizing the business. Since then I have been able to help setup and maintain the systems we have today. I'll give the specs on our new KardGuard if anyone is interested as I know they come from the States and there must be more than a few out there. kwoody ------------------------------------------------------------------------------ USING ALLTEL VMBs By Leper Messiah Ok. This is everything you need to know in hacking AllTel Mobile's Voice Mail. The default password on all their boxes is 9999. Here are the docs, word for word. Enjoy! ----------------------------------------------------------------------------- Features -=Basic=- Accessing your mailbox Changing your security code Recording your name Recording a personal greeting Playing a message Recovering deleted messages Playback mode options -=Enhanced=- All of the Basic Features plus... Setting up your greeting schedule Replying to a message Redirecting a message Recording and sending a message Creating a broadcast list Personal greeting schedule At a glance VOICE MAIL SET UP Press To change your security code 8 2 3 To record your name response 2 3 3 To record your personal greeting 2 2 3 To edit a greeting in your schedule 2 2 7 To activate your greeting schedule 2 2 8 To change your playback mode 8 8 3 SENDING AND RECEIVING MESSAGES To play a message 1 To save and play the next message 2 To reply to a message 3 To redirect a message 7 To create and send a message 3 Accessing your Voice Mail 1. Access your Voice Mail. From a cellular phone press # 9 9 Send. From a landline phone dial your cellular phone number, which will automatically transfer to your voice mail and press # when greeting begins. 2. Enter your security code. Creating/Changing your security code 1. Access your Voice Mail. 2. Press 8 for Personal Options. 3. Press 2 3 to change your security code. * Note: Your security code can contain 1 to 7 digits. Recording your name 1. Access your Voice Mail. 2. Press 2 for your Greeting Menu. 3. Press 3 3 to record your name. 4. Record your name, finish by pressing #. Options Press 3 1 to play your name. Press 3 3 to erase and re-record your name. Recording a personal greeting 1. Access your Voice Mail. 2. Press 2 for Greeting Menu. 3. Press 2 1 to play your greeting. 4. Press 2 3 to record your greeting, record your greeting, finish by pressing #. Playing a message 1. Access your Voice Mail. 2. Press 1 to play your messages. 3. Message will play. Options Press 1 to keep this message as new and play the next. Press 2 to save and play the next message. Press 3 to reply to a message. Press 4 4 to replay a message. Press 5 to erase a message. Press 7 to redirect the message. Press 8 8 3 from the main menu to choose a playback mode.* Continue to press 8 3 until the desired playback mode is selected. * Note: The system has three playback modes: normal, automatic, and simplified. Recovering deleted messages To recover a message that has been deleted: ** Press * 1 to go to the main menu, Press * 4 to recover all deleted messages. ** Note: Deleted messages can only be recovered before you exit the mailbox. Replying to a message From the Play Menu: 1. Press 3 during or after a message. 2. Record your reply finish by pressing #. 3. Press 3 to continue recording a voice message. Press 5 to erase a message. Press 7 to select a special delivery option. 4. Press 9 to address the message. If sent from a subscriber's mailbox, the reply with be automatic. If not, enter the mailbox number. Redirecting a message From the Play Menu: 1. Press 7 during or after a message. 2. Press 3 to continue recording a voice message. Press 5 to erase a voice comment. Press 7 to select a special delivery option. Press 8 to play the original message. 3. Press 9 to address the redirected message. Enter: a. mailbox number b. broadcast list number. Recording and sending a message 1. Access your Voice Mail. 2. Press 3 to record a message. 3. Record your message finish by pressing #. Press 3 to continue recording a voice message. Press 4 4 to review the recorded message. Press 5 to erase a message. Press 7 to select a special delivery option. Press 1 to mark a message urgent. Press 2 to mark a message confidential. Press 3 to select notification of non-delivery. Press 4 for future delivery. Press 5 to delete special delivery tags. 4. Press 9 to address a message. Enter: mailbox number broadcast list 0 + last name - 0 + first name Creating or editing a broadcast list 1. Access your Voice Mail. 2. Press 6 to access your broadcast list. 3. Press 3 to create or edit a broadcast list. 4. Enter a one- or two-digit broadcast list number. If new list, select any one- or two- digit number. If editing, enter the one- or two- digit number assigned. 5. Enter all of the destinations. Press # after each destination entry. (destinations can be mailbox number or broadcast list numbers.) 6. Press 7 3 to record a name for your broadcast list. 7. Press # when finished. Setting up your greeting schedule. 1. Press 2 from main menu. 2. Press 2 6 to select your active greeting. 3. Enter the greeting number you want active. 4. Press 2 7 to edit a greeting. 5. Enter the greeting number to be edited. Press 1 to play the current greeting. Press 3 to record a greeting. Press 5 to erase the greeting. Press 7 to change the time interval for this greeting. Press 8 to review the time interval for greeting. 6. Press 2 8 to activate/deactivate your greeting schedule. Message waiting notification 1. Press 8 for Personal Options menu. 2. Press 6 for Notification Options. 3. Press 1 to play notification telephone number. Options Press 6 to enable/disable message notification. AT ANY TIME DURING A MESSAGE PRESS To rewind by 6 seconds 4 To rewind to the beginning of a message 4 4 To fast forward by 6 seconds 6 To fast forward to the end 6 6 of the message To replay the date and time stamp 8 8 To stop and function # To return to the main menu * 1 ----------------------------------------------------------------------------- Good luck hacking. -- Leper Messiah ----------------------------------------------------------------------------- Hacking At Ease for the Macintosh.................. By: Ace Introduction: Some educational institutions and businesses use At Ease to discourage the pirating of programs and access to sensitive files, and generally screwing up any fun you would have! Wouldn't it be nice to know how to be rid of it?? How to: Well, this will tell you how to remove the password for At Ease so you can gain access to the Finder, and also let you change the password to one of your chosing, really screwing some one up. First off, the computer you will need a copy of Microsoft Word 5.1 or 6.0 (Norton Utilities Disk Editor will also work, and I'm trying my best to find other programs that will allow you to do this). Launch Microsoft Word and go to the "File" menu, and select "Open". Now change the "File Type" to "All Files". Navigate to the Preferences folder and open At Ease Preferences. It should look like a giant mess. Somewhere in there is the password. It doesn't really matter where. Select all of the text with Command-A and press the delete key, and save the now empty file. Restart the computer. Now you can select "Go to finder" from At Ease's menu. Other Programs: You can also use the following program called DisEase. There is also a HyperCard stack that will bypass At Ease. I have used them both, although I feel that using the above method is better. ___ / _ \ / / \ \ / /___\ \ce / _______ \ / / \ \ (This file must be converted with BinHex 4.0) :#d4TFd9KFf8ZFfPd!&0*9%46593K!3!!!#iE!!!!!"Dd8dP8)3!"!!!Z'h*-BA8 #r`!!!"Err`d!"d4TFd9KFf8!!kB8!0phS!!4QKS!!!#!!!!!!!$RQdl"G!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd&38%a&390&)3#SX5K#U,)ak!!!Ah8 !!!!!!!!YP3!!!!"j!`!!!!!!!!!!E$d1!&h(r2bZe8l@f@95I#BhbSpfRTQlBe[ GZRV*IQ9bSprES-Z&df[JCqmPT`0qRTYYSl9`F1ZHk'ffA-rG'BYZdmh@@Mc22B! l$RR#(H@AF$pG#19#YJrZK,aL9`cbK5mm9V&0&mVGP(YHjbP3A8F[Z9m'0cbI,(Q Jj1#41AcbN!$F3JD3!"')6q"h8PH-5Bba$`mcGJrH[PeSiT&&LDFRr84p'`Y1"`T H-XZcQpSAV@Z[edU,Si45[DkYBqA5Q[!%i(X6Pji[IrK2h%jY*r0,JZVrURhm)I@ qG&NM4TfhhhBBFab8MT2Mj1"e831I@rZ*c4c'@MUhEVe8CEXkHc@(bj86S%Hrf3* rjKa@cE)V9cXCUl&Nh[Lqp1D+fXC%G*kcE'qcNdVel4TMFPE#fE3J-Ijj6&9JDM' ImQ&U!&1I5eGcj-m4HZ9cqB%2e6UCb[XU1cpPE`2c,BXHU'rTB!`-Kl3@PM0[%`X i)kK8Cf`HZ$K$U#UFi95,-p6U2pELR&R)H$f%HJce@EFHAXM5KdU+@3ja*E6HQiR Pam'bE9dMP!6$-HY3Vk%"imJ6M6Q%e9Y3&k!khCjU(YpEq9cfTV9lA'f@YL5hYA4 `E8Vb#j[(pjANpqSPqCA2qDhL6rG'#QXV1bYA-jC66+jTr#hV8+#B69rDYj!!pGj 49$[q#0ImNI6Q"EAMZphH&[3qZA!HIqqZI-jhSq$k@'TGbmDYpAI@lh#Y3%TP"1H FHBb02l'kcfE[6cJ1&#J!Ef"qdYjQEZKSHQ"G"pN@H+`#hS%[8CAN3(e@q9cZPk( TdbAPL)*ZG)p3PbC4IaV[ahSrC68Z,'IGm-6(hlH65H02eA!p2V1L[ReECpZ'qN9 YEG[D`1iVl(#UQ4hZI5Yr(P"k'Qk`EPPBlMMNQ'Mcq*-P1GDKG0hlDXGheJ9l[c% jfpY+-aacC`0Mhih1'pqERf!jkaPl,RQHpIh`,CP9rN"N!r#kHqI#(`m"j5'ipI% YM2hqQN4MpHDX&BR0UqYb9L8f-rC`AG`k4(Lp(rSI(T1HAEZRVJ+6F-$i!I6ZF([ $k-9)*HVhIVeZ$[!1Y$TpmmEr'AQimVQ-!B3!DRpG,["BR4qp64AcaTpUC*Q4bNl RV*2#qaKr[q'FGXj8VXi-Pq4E,FjB&)N#$ImF'[kBkhCX`Fk"!@HB9fGj0E*Jjk2 h1ZFAl0bpfaRM9FBk"$IZXJkPYMY1lml#@UZapaR5)G@5'8Ph`2Zc5[,6l4bPqh" q8DdcC+hK#,,@l!ceh&U5MdNC$Xm!F4MDIURh-kQY,&!bcaNk2$29l!`I"S2HAHL FVh`Zkd[hlUR,KDrEJ$M@qpRm&LBjB`f$32KGcZFfMSZ8"2[fe(B@6Up(G90k3pd F9j&jQGFA3QPdahSA@ifmrLDPZm!85B8N[DZqTG0XEGf+U+,%j1l)hj),Cf5*h(% 6MA!@0a(-"-i@hCq3!+6'i1BE9L5fA!Zfm',Qm4SS*hV1NCSpm-RmLcPDHpH1@Q, L*RlUCllCFeTBS,#&j6r%SQTMhCElILI4Q,0jlGV%jTUkk"qICR,$XT+mG(Y*AUq HfM,K&kiiCPbr6(ZJq&1pN6SG161AjA,2c#d[L'CY#5#Pj,TFfPfLcc2T)HRp5jL kl+Hcqk"*"m[re-S1E)Z3!,8$#abc[T)j6AZ$-e55rb'H"V`DiGAj$e%Q$(f)dZ! -ViBVJ0I)T$2D[-cT)dqcR!BQ[8(FZIY1TpXVjQ@HET`MNZ0`[TFC&iDdjXcT&$D TN[c$-r(1J@0QHM23mh2TJeCMqP(+#1`(mpP59%[Br[3KGf13!+6T5)L(A$C2%XZ D2BeCB(lfm#aJ202+![1!4,[%Pi"b9#3$9i1m-B3YDI(D2@jU#*Bl1-[Gll#%Jl0 QZbc,rcG,hmR,,$F`UMiRVEh)-JrZrCTJHIl(rj8PI#6p*jlE2ClN0BRe2ZpjlI` M,[0E1229dYhT3eSq'1D8j00NqLaa5Mm+[ckEDXimRck,DJ$GiiF,h*QAq-b2d$f *Q@+ifmh1[DYD0f,$Ueh9dY(8XE9qBkR)Y*(8cl,C(GM!bl&[4jHBTc+I[bhR8pM $Si[08mkpa6Pld)0Z)`ZR4E2hEXml[*!!4DGP*D50U,1c%Z`T-C-qa"8fV%2B1B# 'A2Ka5EQ'J`AD3+aE8YXPGRK48@hQ0&*[%Z29+aLp)F)3EKKpJ()*Q`T9"FX'f8R R0#Rjk@4E2C4Fdp5bFGZ$3X@KNQahhmm&,h",hfrG![A"%5lj5N8"FLm)(YqiiTU k"`LYYbd+V#2BqaYbd6Q2cYR'HbmcZ,%LZf(fVcNm*0AGGJQViBD+l-CVIqh5KpJ mm(@'V9Yk1i$c-($8Aq-)9Gl9X""Ek*'E@(ifNaU3!,dmNrbdNIYZUX0@a[[6H*p hiE!hm$k&pmrG$IeKE1L2)X%C1cl"lLA"M[fTUqil'I,I(5)B6$RN(3l[1)4M[H1 3!%YBIqZ3!(G`,MY%+1$ZJ-8&2#IXECI6$UF[f!-2UpM2dhKr+IelVFkaj[%[,f5 mqpR*1HV`@FUfcr)-AiqC,q0pQ%p64b"1cK$fiI4RLIZMLp[@0GF[j@G4QGG,XR( Zp'fF4$8l,r+6U1rbNkJrGBC4(A91SIUKFhVHcZD'M@h1kpJ+bpZE'PZJm1YJlLH PSq8j0kH[[D1JBNP$"mf[UhqJSk6mrXkQ$Tl01#AKQ6S8,Fp6ACaPY%8l3hLISQd $A8TCC'qdI-Ce,NBKa`!lfCqqePSM'%cd6SPHUe6A&Pe#*d'CebZIBdrQ,aPrBL* p*%SEeM142M,[laAR3jRAN6bRm4kF1KrLh2k4-bXZcTcNZrabL'afZ)H+HQf`)&T 3)6Ak$bfZNlqiZ(Khj3mkC+efS9b5mj8h1eMPH@GBfmEm@JR,`4BaU09@9e8H)qI IA995[V*Q4B4frGiH(4ZmT@J&MEU@d+UMXf0dMR$Yea,VJkeXTGQB&CMpJlkkXi( !LN42FH9pB,'RmPM&G[Qa,AUdR1hpiQ)pKIU*3iZrr[h'J&kVe8B,5UEhl&fBB2l +6Z+2D8P2e@Aj3RQba0!0[*CBQE$@,[qq-aE$CUpYPjmZfqPNQ*aIb"`f[G'U+'3 j,4TQ(#CcTY%bC"Rem[60"RSi4kfld@VLL$+`!SdjQ2*M+JZeMmQBpHI2Cl*8dT) EQ#q9V%L%%LbEFjQC-jrjmr6'V""abXRI[Y#4(eX[ZY-$mq@Ec221Kf2B*BjSDrU GX49QQFPb+qE,Rpdb1cKIZJ!*VmQAX(2N3VIMS8dXQmdSfbi(f-b+lEkcc6DBc`4 kZG@i(1KD9HRfh,9XGQ[1Nh804ZNQ&QIA2TRGF%0i%lZ(4F-l&keBHLHlX9A#G&E C*RBYQeReeka,@kVAhPYear-rIk6b"cL9IK(E[53fZiG`AYEc@bZ@j#pKdj[2pQa !RMbAENPRHS1pdGi"*-T(N!!l1,[@#RTLk@UJ"Gac3cUh[EpQ$dHHe[ac#qGYf*p ZAl#6&BirLFl1pbA'HrMH1TG[iR,[mpJqRqAEjeIBNhc'afHq`8r(-)20k6DDmjh k&CE[c5YBl[RD6CJk2S@%ma@D1HNKdBB($3f@LqTHCY&j3qBPp1Vja"qk%`1YqFH D-pr''6A9ck-H4[fL@q1NND2mL%pred9jbChq8lIq2U(Jp1ECRPY4IB0AahPeXZG @D0'&pm2&a@,6rZ65PUD1TR9EQlSSHhYaAXV2+ri%fQ&,%GV4b4ek(k#kT0aHXAT &ledF4q)iTcb0-Aq+F(Tr'bI$iY3Ufi,hm(k'YVE-9rQ')2%cNUq`IGK2F$kre3m rhe"5RUj$'Mc(@QpLlfYa4M02SaV*2,0f6b"El(Tlee3Z@YUqY"N(JmdipklIk*l BJH1KN[)epU,&#mYPeYXcVaERpP$ZMS,m*3j1lMMc)h9qU("%-2R%QNe0'cB4iL3 $1TNX+'Cjd1@6a#"DRRlL#iZr1ZL-VIkHRHeTm*QDYR@YjJ2VQVDZ@mm2(TR-cr2 arTbe2EIL$ip#33-Ee`j+Ua5fK03DE'D5IV[cDZ@r$$#YQ@fYh0XlI2HHN[*l&Uf SJNipaKVUfQD059eYM9DYEjqHBkbSQaPlT5%hGN1GE&e2QIZYrSE"hLrfIT'MV9L %hBr3HQl@UPp,'$2UXQ+cr``-XAf-p(i4'dTYE(CmpT'eb2Vc&9CMTR*)'h0R(Vm iFpkGX9TbpjV0@FF5jK$1K3)dbaJf,(q*bI`k0Uf5@QMj-`U`19,+HZNlKH`f+EA SqrrQ4hE+XUbq&iip[1bRV&`[!20h88Ya2XiqMrP2rphm6Nhk"i5jrc#I2mQJSR[ cM4@l0ZIEhIBZ6'US1QhD@UrP%jfBcH@6@CMU,1DlaGHk0f6TV*99GKjjG(eqp`Z T4)aCL95LX[0VMkkrSCMhD#Uej!k@@[,B#p(Xe**BGQ8R1H+ehDpp!LJMh5rd24V c[GKAl%XY1GUA@[,$4qYcpMfmhNqF9bEUAUqNBqBH[)mJ14j"[4G[MIRj1H)3fqI @iPaaL$hReMm@Y83RpP62GHY+Yfi4Y9`SD[mh8FZp3p05SXlqT+Mcbphk@9&,Bfj p305-SIC4cA*c6V)Xe26'dETh1BKm3Jqr)M9e,@VLqT!!1mrB,*`6apM6NSeYeB2 MGkPQXd*@+-ACN!!f0CJET4$Y[R)e+KYLj1#H8J$86rSF"`$5%b-,hqVa*kBr-ec lCPUY[[A+QqCS2Zf[RTiHAXjlK%P[`UHh+p+[RfbcZRSCK%D,Uh2M)R2P)QSZAN% ,!kQd0&NC%4fm%p3Sk$[jXFa(-miEhh[MHaRRYHm-rM6cd@k`p%J9p!PMA(RFmAG eCc01R$L"%K8pVq*pR0H$Jlr!Hr$%kB(6,jmHQ+TrJIIJL3(8!e3lU*h"9`HGFE` c*dkm6"51!TSr[j,GFr6I2k2LQ@LZlYV4Y@1('"TcKeGe6I6(k0Qa@Y68[qfffmC @V4,eIqPhG8hdrk+SU)Mk[%ErP5,('H[D)HUadI(aF9LSUd[8Bk0GA9fVGU!J99D Y%U3[2[p0hPpj3(,kN!"a5'J@B#2XQUXMj-qlr(h15CEY$,R4Hc@"jcH-*bmkrY0 $kFAcbhe1$*`B1(lmf-6imCF(AXEM$TmiMZ'"P`FSi5MMMJr300i$aemq-A"8M#( 94(f8jJF'MJi-L2VSmH18D%G2[#aUc*mH'1LMH9krH[a5rmVmZhKZrf@h"Mm5M[U m"Kr1'h`prTrQr41L4Vpm`(')$kr4[ichjiF22q1-RcJKkU-RALAGIJ(PH3fpi39 5'Li"*)K"mCH4hc!)pEd-rpXXrlm2PUfV46cZ5M'jFe`HAleU94HpmAX2J)q[S[F 1r0i"%*X+(ke#bB%ZNX8ZX30MH(CJ%0-##'5`AD!l0V(Pd%-F,r@"2iUGaAf`iQ$ *QHS$Ia3EMAL+X#+Y@Mh9VaSEhB%qYL!mc-1Il+m@q*2c9DZUhZPcrT0pN[LGrYJ SmIdEIPeAjV&8AFB(hr1ZPc#rHMA`*[Y#RdQpi4R-Ap'IYMThR[1El'-Hr&j"LrB 86jq,r5[mi1mVr'JV&)ZK3dXUha+p2[QMDh)aK+GhV*lU%ckYN!!`I"@0dT)VXS4 ERIa2NR@YjYP44IKm&LJdmGlZq6phdDY!2$0a6U1bEdR0V0ZfMp$Tc16%`qi%A3D KTj@0XNHNKAkjkNkai$'E98S,Gm[hLD1MD[6ASjr2l`KVPFrIVYe(ph9dGqAqHhc IQ6T`TH0DN!$&K3&F*[ZC02Z1BKE%*FfCZ2DC[f8p,JVl@ZipPSJZB&Q9&m!JK8- VRHAH[BFI#MmrTeE,DbcAlZbTZ291A!Z1iE,GpdUbF3#BU+kU-eEYi4I"jl)(dUG `a8KYPHBPQ&SAp&#NIG99VBaQPJh1lRD'kES),M6Ndl86jpA8cpKX+*&[$MU[*Nq cJ2B6l5GcYV+(YCA43TEeJaBJY$K[d&9`D6FkJqR(d`I5rccpjqLpQ[i#CrdIF1( Up94IV0JjQATKlki5A#'(VVQT[K)FE%V2cdPSHH#V0JB)V552BriP,U(qK$V!2TA UXlYaADmBPm&i*hf5)mePEHRM9,8kZ!$&d[ralMhT9qE8dJ63MjINY8TmMY!``I% iVr5ri%VYKpl-q6%GIBZ,K"*GMXeThIU&Q`T6@RlMeQJ4bi*Z4EK!#0hDVMQfke4 h-IZ,2DR[BG+2b4$0k8b$Lq6m,p`d,i9,`cRDXTk#9PBAjGIiF&8j[He@A&*PmJH AX#aY@I9Zr8lbN!!*,iN1A3",Yf[jh(hmfJ,8'#6I3Bemce1NE@&Y54'8,),fq@P i,[h[m2l*45hIF0&ad9HJ`lNjdEPFaI*ZpQ+L8G@f-TPddUV[K4,k+rSVZ+l,9D% HCi%%%0IjFHdHq(!#VXfQ2dV)23@NEL(dG*N1dCALFU39%LZh)3Zk-japJ[QF6C3 4b8&RZ'Bh-B0lchkfa6Q2HKMeL28dric"-+i`2e+Bd2,A9VRSAm28%2F0,L%63[S X($+8EKIZ4TVPi5+hR2lhP$R12F)A1GQ-h9Z&DkCj`$f1#r*l8,p@8p8UpbeT[*d `k0S$TZP#kA'U8Yq&%ZG6IAV@[ZlAGLf8@N95B,)N(pKrbC&qdZS(rZb5['M@AQL (+bJ#"5`j"V+%qlE2i9Hpk1LH(p[,"R[T"Fdbk$*"AbVaBYq26,T)m)-AY4`$"rK )rDr4)Y!Gi2Z!KTrhT0`h(90)lae9L!N2m9)A6`%1N4Fk6Ymr[8I`([[(0hK1[8I SlI'('!Pk4jbaK-(Na-fV,&(Ab+*1A+kV48h[L226%FMTeeM*X-B+9BhGp[ZDla6 9H&1IjM4rJA25M`XR`hLM,TMJM`IEP(H-6bG5U'@U"`DBccfdJfZqp5h8dhEcKf8 pb"q@,GCIPQ2cKdhAqF1ZqFmlj$@6TiedUi#G%AMdP2bQ,`M[hZhf#aAhNDr@dGF [qJ!1m26Q04!QqL6j9(qASJ6qTZmiPrUS[EjKAF+,a%3I@`1EiZ2bprajKQ#T$j2 [h[f*r@GL)%Rp"MbBQ-!MpcFdE[r%r[e2N!#H&rdY(1lliG8+8[[+NidXZ`DR+&G ,1"1rc2eU$(G5a(R-4'UlU5bl+HcE[jqRYhmr(Y66U0krRf8e02"q0YASjlKT2pe 0qe`hlI2FY-ph8hl'2k6k93!H#3%jC@fejJ2eeN4A85$U5M[X*QR`ZSff[AM*)Jc &1jCdfTCk2ieGCbrKiah@GGH6Z[YXNkYZ@1VeT0kqHR-IbPXMX@Z[,pbpZa[cqf# DkFB+9I56EKri["mAr8KXeL@m0VHrj(l4Mi@Zli0+qaBYrcc+kEH!$qII+IMI![l rL[S2h[m(SKqk[RHrii$2ja#DScGMRZ-p-+(A4dqFq+PcVV%4"rf1!chE5,pE1KZ j#cXXYG&HNPbpTV'KCSRGBG[@G3mqZ0*Hp0ZGMAC(`dVd*hFSelGA)AKb2Xl2k@l %Zj,kANl"`kk0DDA&Na#hSIifmA-i[X+X!$RE8+f!T0LQ"41JDbTa@`dV'&A$c!r r"a8c8+VDCXL1++CL"XfbH-`-+UA"'X8U8a1+U8C+`dSiSZK+5&'NH%K466XF$+X 4-f$DDSJTIP8T"4d$ND)'H++%3S'!EB5Pd+a`)""35Je,!8Y9X@+4J")X9Aaf4&+ @5iUN5P)3@ULUSKY"b94#)!+@08UB+B#1k*4LFSaQG1#VbNT&3K93N!"R%UMiiU8 kBNleQj!!ae*Y)US%`dSd%$#93"$L!LmJ"94E#8TK99(#DLJ3$"R*T+%%3bEkJ8" F!l%DDhN5%iTFTTLQ,flUX!8J!dT))aFTBG-S09GLaZ,V!%d%)9%LU!C-96AMLT) `3f&&Kc@3!+e)9`81X0&Ar,SD9p95+fbBm!Bdm'&Y0293Z03(H3a3+N@GM%"99B* &bZ#pN!#ZP*@Uj!89#LU5U8,A)%5)5J(6$#Pf+)c(,Je*9J,18[5JDUV35j%N+45 dbjB(JRB)RLJeH-,$4$"3Z"4@$+0T,P)L5U68Y"8,4Sr"6CB5$2K9%eb83#3-3NU TCBGJ&b9%8U[+,-Xd`U@K*+`9P",a3#NS+k8Q*X-"-!VCF"X%S&KKLJ4-#l1)'UJ Q+D8"-kB`+3QbNXq#bp9`h%3@3EP5#B6#bXdDHQVB9')5'Gj80F@dV6*P9K$4B+) "5D3B!)Ah`NJRf-8dlB!8$"S"#+F#%NNL+6AJ,)'k(T*#(0T5T9$!#UX)28KL+9B bS*Kq+%F`a-%LIj5#6eJbQ336Ni%P0Bld3B*"*eK#a8B89fa%8!Jr9BA1#"$%Jk3 Q5@0l1EN)ZX#!!!r$ENSiVUL"L"%[JqGK$6H)%8Vq)#NPUc8f021[L#YQ'I3A34c #GFd`@EPDY@0*NaQ3!*0F1a(%*LLS5SfK*'(D@@@aZ'AC%"#j*S)Bp&@BLVJVUQ@ 'c4!*JZ`33Cb%aq'M**)HrJF%P#&aN!!F2)L43F&S++MB&K`"VP*Te)4UX*m)BPJ 32*!!8XKE-f3'N!$EDY+@CLPZ%*2e*"11Kdf$XP*'CN+kFlY4%)-YV+Y)-&%5[*! !!#5!6`ql33`AKT8D&Ei#ja#NK9HJ&eL))%CQdaT!+3AFm!H3!([Fq+Dk3S%$3NJ d#j%%Am'#55aZ%8Sq43dL)V(eK0A5F%#'@`+'S[KM5&4!"5LfH')(%9%f6%f#mb% %H,Jd'E`CKLUe&6880%-@'L3Up)62`!fl%(F[l6Kaa3UTDS)BN6PXb)L)8J2"P8T 5LGd-J$)*X8lNJY`FJ3M(aP*$U`Ul@9d1)@L#PK-6HaQ-EbPf')ST5X3U0A8+9F` +F`"9$G&HJ4d#HTJ4'pTL3k!pLXb"d$!45dUC'Jk&&-PBC',l-#e6Y3-4'`+TjLb EGJ2`J)U5A`AK1)5dVE#PK-RqYNPkQH(P)@9@`N61@qDXB%$&,&GBKa8X"$TD#U8 H8S3XKEd![L#&I8JK*43h*GK-X,6ML#6NP-hY$`("!"4J%*2VDJ0"5CEL63UESG* 5*@c8b)Z849Jb6"YlT4@bJRB3lSA#38KLJ!b3!'0)$0U5b$i4+j3)NIe*$MJA)cE F5C6K+L88,,86Y&!"VBB8T-H%!L&9YU%%9,()JEST*@4b)RQ%Ee%8JE38U9#5far ,@8#*)ecmN9Q8Z)MR)0Ba#-6Y$`[@m*49E&5'BGp-L`Mf-pKBE$X)FT8@+`42NPC EV'`JLDLh9jTa1%i0"d,KU)MTQR!iC+T*``S##Lj@bLaP%E6!aMFV@4S*Blq46&P 4lD$URK"-Bic1SA!bKA0SIN+&FqMpqaXDk%5,prQ*&[SidD+65*`I2(5eJC-)24& @%MJcN3dpT0Zf(Nr%$0h3rC'bT&qA)lVI-R`a1fMSL6*0el5B*ZXa24baBVTY*(6 !ahA9X+c5B0Lb)Z#4X!cEXJ,m(#B@#`B6LE!H5qM"B$#Lf6+B"8')aB)keSTiSM4 XK28`FPbApD"Z@4Uc*%2Ab`KF0b`Y(06dB#!US4rf%A00$PUkCF6#ZQlTY2$L-%# AbT+3!%8,QMEQ$GP1J#K1JI3)@1Yk8!Bji'%VaP'4T!%BleK3MYVaD&+AicVk`9! #a'cEEm4d14Efa3`MA'CVXKpU5+!B*5DkCQK*`b#$q'RCj3G28P!cJV+PkTBGXE" `k9&GmaZ*-1%CPK(%GUVjpA"#6PT@dX#A'$6LDi9a,UeUFLb#KSaV)$V-)a[4'&3 e)E!["Zp&j8K86j)A,!JD0R659GB-(2HSKKicV#JXD56e8X-IK,-d@ECe'`JiIY" MrQ4F$rU6TEB1ij($B3%b8!4He0!dB+qB"TdYJi`1raN`#Sj3$&)Z%!8K2@,i,5L Lkh%Ui!qrPSMSm4L$l%E)#N&T13)F#`B#[6M)"r''Al"hi56HJ(h!(q!5p&8MFPJ aiU42R&bHL0K3&jN3#F-6$&mT)K86X)*%@U'&f,&p-4hU3aBd$#52$%$Z23f8C!Y 1`,Q5,M0,KA!@+-K`ZT'd)$(&3DNH)fK$0[@BbJ!!CVBK'rjB%,X+0#8BF,"PF)k J(d!N+6!a'6L-5!T%'GaNk6)XBGY`-I,GJT%JL`8)*!TTEm21NN(k'mJG-U!186' N3Ae`5#DMF$@PNQA,#S95f)+5%-l'VU0,YXmb)P&b(JpL,"JD@GNIXT2qH$J!1A@ i9[H#'+P*3CU``R'B0PRQXreq+dbj)S+Br'2#)*B'MH"D3bmP0@AiP!Ga(%cK)d3 Ih!1lJLU*!fH+)%B'qB)a'Dk!DNMS5%3P9r%-S5"'XL%3iDX`j%,1),GYR-YC%6H )35KX`2(N#%Q1a-K-&M3NZe%3J`UX#er"1(#$35&LK+2-#f)p!)dY+%UHLI[K2Kl LB#'#'-+4Gf&*i-*L0V)#!#SPC'N3L,UIJ59mKG#)iiC!$-N(6#E,#)#!RY4d"@D `!K!KL83PlA%+3EV#)FK$k!X[d"c2IEm@-@)XS8H`h@&hm1YaRf&a8@%1(ZJD!Sb lPr,--Z5BC8-T5)&%J$()k9E3(c0L%3DRBahN'a*%iqB)d#d95L"%(8jES#Hrab+ 6d2#4$6,)V!38#qSDZ'Xbl4V%J*Z$!M)1'8"+J['d1!,CaSD!2BUE!c'+@0)M@-4 LXE"QfeJk$-5qE3@4f@4rj#NN!!m'rMLeXT+dV0N-N8(f0fc5bi"4i&Kb0F!Y1BM GMV`Be#3i@UESKMbd(e++36j,dc5ZX!*B@5qc-BKd)CC)k&)%T3jcN!$#%"#F+'f `NA"G,5!BC4JJKIek@36ETfeL(8@N3)&%`T!!il,ImXPFB6qbhZ5QLIKTcB'jD9@ +qq*3'2DRI+(%3+4&i&QS6eNImaPfN!$X6fP$#T,)Y0r&L#KB3#YD$reK!dI&X"& jK1KKA4*,83*V#pNIbjN9M'#l##H`+pJ!#b,ISBXPNrfa-B)JV8B'a0)5GS)[)N% rI1GZ1`Kb'iX9JXHJ*4$,08K'))`GMpJ3(6Yd0%,"LDd!34$AlDJYqmY!$3FTF35 @E[PJ4EY-LaU'M#8'I#`SB,&i4,-XfX5B*5FK'16JUlSQilamm[D4Hq)JZAGTC2F ZMFqp3q0hlp!`G[2N9d*`'HH#T%ihefrVl0#+LqP68%c#*jM&mhjT!JP!MTqq9HZ R6pfaj@,U'LEP8emc1c6hihF6)j-IfEDCC&SlY)TYlCZde,DfG5h&-pDd0AAJ8p2 DJddGQl5D68dY@l5NpS(LD2'-hUVQVI9JJqpMYE@f0EAAYmr95Mri`6,`H*Y0ZmN PUM@eDbhE1V6@Y[TfI%TVk`jY@fYp5h%CrqUZaMmVVI'EfX@H00U'ECeE0h,3pI8 Db$8hYH!$R4Z,2q4pr9QV&i!VYcAADq$&KpUeG@fBK%ceE9Tc8hYl8dZMKJ[J'lD eYA@fGK3AH[3fV@X(-8MDhVN"X1d0R4$P)Xhj(Y#$!#)9IS-c9p[B#AQfDHYDA$h `3C-Ej"ZihHEMTmK12RIMK)IRZfpkEX,a%&eV&eL2Gq2+PG[le9'5$#aaqAh'dPG i,6hc*lM'K5mK2FSIaVj66Eq*DeY6MmH*erlK`kbALUHSf%Y&)SXGIRX9IArTUN' PRr81ShL+LVe8*2"aIhJbC)I%%P$#[[jH1RbG6iURKcf-pf-A8i)`(qrqKYX6pD@ 8b!'@q-bqrR@k,XCRN!!5r%[mJLP9@$"i63X'eA685A8CJY[6Je!%(Pp3H#h`"JB %hX#!`+0TU[IMfTQS"CjBB+J@H2[h#cbqeU"ZD""i$3d#MeBH83ZmKJD"4efUbmS %APQC`#XV%hKPC3+[$)qS[D0Dlbh`D1N5YF"M61!*Qj!!fJ*,+%Sei9&0H&36RR# &1%S@H-)IlY%bV`@Hm)HBTPViJfU"*rcK(N(c@Z!*Ia!,J5Im3EA!%rkJ@Z!*Ia" EJ5Im3EA!%rkJ@Z!*IhLH%&ML,I#%2kJ@H-)IT*l`N!$`"p@%4cAK88ei3Q@UK6r F"CIA!NmS4VA!%`c*$3*26,J,-Um&R[#(ZaDM&[kJ@Z!*IhK(pe3,21%23KGi`Kp 8#ccK$kS&R[#(Pa@H*`5@H!Xmi3qK"Xd)Ie!Y2#6m36AK88ei3M@UK6qS&RM#(e3 ,21%2S5l9`KrZ!3'["Cj3Q'U"*a3K&`Jm`B"UJ5Im3CA!%rkJVX!6rU"Di!Pr8#h `K$qm$2@b`[1%`"*[J5Im3Ha%jJTr8#dm*2a"0H%*&DJ@rU"Di!Pr8#h`K$q%@P3 ,Ie!Ym)3rU"Ci`Kp#9DU&2kJ@H-)I9!XmSE43RfUK$08#6c#K@Z!*IiKUFVI`-Y6 ,#Xm6!NZm*dpY[-h,fkLm6FREJ+BZS8aY)Yk'i@d1hNEJ*EfAi&ibHiRV*DQAN!" HmRQ*jL@9Pd"HXRL*i5@"jh$2ZCiM2DGj$[+Fi5RZ+HNTj$(h'$(QIA$-qliE[cU 1jr"K8H0L1Rp`NC`rq&`%Ilc$0Zq#-Ql1ZFr9,KKj(eN6AjmM,[33&hU)#ch%K4l L3JpaSBHiL%[CiMEl1kG!G(i`8@I['[fhScJaR-j'Ga8G+rVr1h2Ck)8LGZ$YrXa "kF#"m5jflUfLD50G"`pfMCc'h"P[lUX%&XBAciUNNB1$r6,QKiYBehJrkrSjMCc Zj`JPE24Fd9Mr@*(rh,Q4VJ2Rqk@$)fH,f%(J($b&`I0&dmk0M(4e(F`)[%+"GjB SA##`NBYJEaIj4Jlf#k"E"0!`!Bd4d+M,RS#'Lq34&mF9i*F61'!Xj#3JM2Ah2eq 8kFIRaITp4886!TbC`$[Z`AbV++qrU+LIr`#N#k#h""!l5$Kra#%1ASBBFL&'6Na !G(N3e`Q)[bjL)d!i3!KI)0Q@LVP"U$r@2`)#d$FEZ[Ah3lN46,j40"eqS[k",MK UB[B-T#FhN5'K$F-rD[#B%-14-G53!,[V!SNbdLmG',Q!k6I42A"@f-1E1qGf$Sj !IXBf#akr`*YeC4!&9)m44UBrjf$AZA-N!'L4qpL"dD)mXLT%)0r$`D$a,KM2MNa r&JD+-%'b`-m-(kpfUE)$!$j30)V"FB%&'Z0)!6"cQ5*"r-48#%F"m#i51CkdJ0* mNSfm65cA6E#Nh$J)5FQN"mC&(f!b3)NPd%E3i0L))jib9e"FBU-H933BrRI,"-- 4`9!S4"44RqFK4362L9a$lK+*Jq")H-6a)SbB23IHU!p`IY@6r-EkA881MT0"b3d (!6U)0lF#1*d6e#HQ+3P)3P$#+#HdH),3Z5P#)S(2F$B5jIbNL1cJ,eePhUBT#Jh 'lK)d6Y-%`DpfkblLrNZHqPNLp5Faq1cEVL6B%%JYa-+N+"0)3QY8N!"ef,2Re,4 B-D!Gk(!&1BdU3B1G3a+k9L!`Z%!X'QIG2"NXNXj"M)Nj1!FT4%jh0aAb+rJXZXM (XbYF`d11VcQ8dK5&Er&%2RpamMbirC9JBIq'"3m8MS82*#,VH6T2$PdSHJYl'$Z 3!"%159dN3B+I%b6B1Bii+K$(qNq*P2)IS2`P%hV$&!TrHA&AB#-JFS"-6E$X(-p T6KaINHcr+e+$KmU9kBc(`e-92%K6JF2hL3XJ4541Hd&*qPkFT43H[b`',8I#J36 PVSBBi8RPdL#c8@l`@Gp)84&jpKb-FiN(6kVc[%[E+Ud`2"(2rE@Ei$$8j,#[#jX D#FKj,2Gi$2%9L[YiV0m2V[d(N!#K2!`p-X+'&15A%(`(LiVi,X!ChHNbkJ)MGhe `i4!1)ZFmh35G#rhqeC26`LYXj'G6kR5p*4BmE"&MrG1!GV!IS6bj''$"kJFb)4' IDC!!H!)"K#!1K%95-(DIaqM-P-N)X!ZpLEJL"*F8bF&$JYBC#23ZPJZ!EC1a64k pAhVd4$Y6*'1E`cE2Y4AmhZBl%!M#P,RZYYMIA`5%,,$$k%8m[Q1"*-*I41`f3C4 ([,FC#J-4@CpB$-@L3-R%TrNq4RCi@eKfM"1GJZ,4#VIb$6FMGP#aD,5`89,m2#Q &fD,*"IKXdAQ3!*V1pf+Z)CqL2H35@)B@R)2R4+45`pZ3!$NHcqdc3LF4EaI2B'L $)T)B`$Tr32MK02K-*MM(m[Cl$X,Ai3qrHr"$b`[dKr`mZA$1J+AS`*[B3l,SY!& X4iZ#hVP$dH4Ta*QTS`NFT2cMN911k$M-[i[4ajYlf"kmIjGZXdL$q(f(h50GB2[ `N3Ta38Bq*LFHCcQB@iZjalejVkE,13X[1+`[LfRiCQGI0Y2'm2pEh0VReYQS`f1 VT$@mIeKkjLT)r5`@%Dkm4C3PSR5YbXY*ahm96Rlc2FFI`Gb3!$I[eH6iM`'rfbf cfFI'(#RMeQ0Z2B,k)5M4JrUM8+Ek+NMp,,B6!BabZbKE49NR5Qj912jU#$FT2l+ 6ep*ArrArZ8N*F#UbU,L"LXhi#`Zi!(Mi+N)P[U%bM#+,LKZSf)clUV32I&[k0RI LGHb0pp,K$EcGr`Kf-4eQBqlalTXQHYjcPrX',IlMkI"4ppE'l"AdZF3F0`fQrXA B"!GHcaM(VBT"E#XC*XR*A(3,d"dDii-,d4V"S1mDkRi-h6(UrM4[R2h#B4RUrGl &h['m$$LIaYpjNH32jSMH'*XFmTAQLKl)2*'2PZqdikF3qicEC0fSRjUD(+*Q0LD K$qZGDYC-0CpfQhjmG9$k%M@[`H4*e(rX0[dR%D+lU&Q!b5(8clY02cj9+6p,cB@ BK0cX"FMd9iiI(IRe22UHpXmG(m6i,MNBImZ#ra-*(rl*f[[aRU[phAAb!GH9lm2 R)b[BYr[`CbliX`Vr4-h2[V2lMl3C'Ye0EmFYmff0q+XmG1PmF9Ypr4TF#5qHJ@& kUVI@dkhZ4I2Z`RmUdA"cI&h(lHkS4J3Q(V0UfHeFM1Ce,61@NKiYp4fhEh-R%ZZ fE5hHX+hCTHAGMemrG@fH4Yr6djAcmRpq#qdiA[J54Qk8-qakqQmQk2f3!2ka#HT AkGqAS2jjXXTHK#hPl-UPpq!2BNKc0QlS`*m9Nf,fXUSP1-HiBfQb#KmCNPD,2ii KV4Gr*%0UX5TYi%YG64[Dm6FbT)qMMU2HKaSlM(4!r,d-kA$6KUddpdh802HLZ@a &$AJGYCI@,-1rkRK$r)-91AG$d`Em'brjfYE@G4fSLqpD9,N+p@,k,cc-*ppA[64 C`kE*Mce3hpB1["r6(P9)AJdp1*Gk50$Ed-1Re[RFI26L6(BFN!!Z4`mI'+AHc!E d%[5CdKZC-KFprUp*#PRS2[6QLkaACI45E"I["9M`)h1a1&,2aTcUc[d1HM9ZE`G kG5l'1(VhLK#CPB2H@M%hD`Ck'phH224DhGlpk(@i[EI4fb4keikLpkcSA8HF6SV H$4*khd$!AD1aQkDKGachZ@HKGaek!jJV31p@&YTqA'KcMi(Hkm#i'A00k"f6S6G kHi$A3j`dT[prk$e2H"UEX`#pl`ZZYbRSI9l`L2d"H[MI8h52I-(ldH[$B3QmXf! aHLp*daQbB%%MHMZPA(BhHPhSECAb'2kZdi,2S,GAF&V`CqJG`EqpJiI,Mk,hCA$ k#'0hR#E(q%i4aSSiG$VLHj0k0A1!mC3%lc+fHMCkTi4qDhm,[66j@'0hMk!AQ&R eB!Zqcq"pY'%Drr6$p15kPMrVd&CdYPcTjkrXf+M4AbE6jQRU04HEp)',GcjS-F2 lP!A[jZ'[MA8dEG"UkVGhC&FhEHMSE+[hk[m(4#S!!!: ------------------------------------------------------------------------------ Hackin' GIRLS 'n SYSTEMS - .... by SevenUp - sec@sec.de - http://www.sec.de/sec/ Hitting on girls and hitting on systems (I'll call them both "targets") has quite some similarities. If you are good in hacking one of them, it won't be too hard to enter the other one.... It also represents IRC channel #hack's current state of mind: Women's talk is taking over. THE GOALS ========= - Biggest Challenge: To get inside the first time - Targets that have already been successfully hit by others lose a lot of their attraction - The goal is to keep as many successfully (formerly virgin) targets as possible - Different game: Hit one target from every region - Mark every target you hit - You don't really care much after you got your target, unless (in rare cases) you love it TIPS FOR BECOMING SUCCESSFUL ============================ - Key to Success: The right "defaults", depending on situation and targets - Be Cool: Don't care too much about the target. Don't get involved emotionally, but play a little with the target. - Knowing different languages and keywords may be useful with targets of different origins - Social Engineering and spending time (sometimes money) might lead to your goal easier - The more targets you'll hit on, the more you'll succeed. Just ignore any failings. Remember: Better to have tried (and maybe lost) than not even have tried. - Best time to find targets is at night - Backdoors are always inviting (sometimes dangerous) - Don't start with the top target. Start slow and easy and look for more difficult ones after some success - If you get rejected on the first time, don't give up. There is always a second chance - When you just got little time to hit on the target, don't hesitate - a quick first try is never wrong and leaves you more time to think about your second step. - Scanning (and probing) is neccessary. Don't give up, even your rate of success lays somewhere between 1% and 50% SELECT THE RIGHT ONE ==================== - Be selective about your targets! - Try targets with tight openings - Targets with many users have more experience - Targets with shadows / shades are harder to enter - From the inside it's easier to reach the root-climax than from the outside - Many targets look uninviting from the outside, but welcome you deeply inside - Some targets are leaking even before touching them - If a target blows, it sucks TECHNIQUES FOR MORE FUN ======================= - After entering it, let the target become active too! Let it do some work and see what comes up. - To protect your target, close all openings and save the key - Even some targets that suck can be nice - Sniffing Targets: For lamers and perverts - Fingering Targets: Can be interesting... - Leeching targets dry makes fun, takes time and let's them become kinda useless - The right wrapper controls the intrusion and its consequences WARNINGS ======== - Remember: The number of tries is limited. After unsuccessful hits, the target and its environment will become aware - start searching in a new area - NEVER just pay to get into a target - Don't fall for booby traps! - When calling up targets, make sure their owner doesn't notice - Don't use crack on the target... it fucks up the brain - Don't fuck (up) the targets without protection - Be aware: Some targets with change-root-environments can fake the root-orgasm, or make you feel coming inside when you are not inside - Penetrating a target too hard could use up or damage your tools - Try to identify faked and "cross dressed" targets before totally unwrapping them and finding a bad surprise - When entering a virgin target the first time, you have to wipe the tracks - this can often be messy - Remember to get out of the target when you fall asleep - Never lose your mind over the beauty of a target. Always check for guards. - If you don't watch out, you may get a lifelong sentence after a 9 month trial.