From dd7953b45259cd36421e582f6bba1280b4caa9b8 Mon Sep 17 00:00:00 2001 From: Etzelia Date: Tue, 10 Aug 2021 00:16:27 -0500 Subject: [PATCH] Initial commit Signed-off-by: Etzelia --- .gitignore | 2 + LICENSE | 7 +++ cfb.go | 48 ++++++++++++++++ digest.go | 46 +++++++++++++++ encryption.go | 115 +++++++++++++++++++++++++++++++++++++ favicon.png | Bin 0 -> 14796 bytes go.mod | 10 ++++ go.sum | 25 ++++++++ main.go | 43 ++++++++++++++ ping.go | 69 ++++++++++++++++++++++ server.go | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++ 11 files changed, 521 insertions(+) create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 cfb.go create mode 100644 digest.go create mode 100644 encryption.go create mode 100644 favicon.png create mode 100644 go.mod create mode 100644 go.sum create mode 100644 main.go create mode 100644 ping.go create mode 100644 server.go diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d24e2fa --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea/ +/mcm-register* \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..82b4eb1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,7 @@ +Copyright 2020 Etzelia + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/cfb.go b/cfb.go new file mode 100644 index 0000000..2919a6e --- /dev/null +++ b/cfb.go @@ -0,0 +1,48 @@ +package main + +import "crypto/cipher" + +type cfb8 struct { + c cipher.Block + blockSize int + iv, ivReal, tmp []byte + de bool +} + +func newCFB8(c cipher.Block, iv []byte, decrypt bool) cipher.Stream { + if len(iv) != 16 { + panic("bad iv length!") + } + cp := make([]byte, 256) + copy(cp, iv) + return &cfb8{ + c: c, + blockSize: c.BlockSize(), + iv: cp[:16], + ivReal: cp, + tmp: make([]byte, 16), + de: decrypt, + } +} + +func (cf *cfb8) XORKeyStream(dst, src []byte) { + for i := 0; i < len(src); i++ { + val := src[i] + cf.c.Encrypt(cf.tmp, cf.iv) + val = val ^ cf.tmp[0] + + if cap(cf.iv) >= 17 { + cf.iv = cf.iv[1:17] + } else { + copy(cf.ivReal, cf.iv[1:]) + cf.iv = cf.ivReal[:16] + } + + if cf.de { + cf.iv[15] = src[i] + } else { + cf.iv[15] = val + } + dst[i] = val + } +} diff --git a/digest.go b/digest.go new file mode 100644 index 0000000..ae86a49 --- /dev/null +++ b/digest.go @@ -0,0 +1,46 @@ +package main + +import ( + "crypto/sha1" + "encoding/hex" + "fmt" + "strings" +) + +func digest(secret, publicKey []byte) (string, error) { + hash, err := func() (hash []byte, err error) { + h := sha1.New() + _, err = h.Write(secret) + if err != nil { + return nil, err + } + _, err = h.Write(publicKey) + if err != nil { + return nil, err + } + return h.Sum(nil), nil + }() + if err != nil { + return "", fmt.Errorf("error writing sha1: %v", err) + } + + var s strings.Builder + if (hash[0] & 0x80) == 0x80 { + hash = twosComplement(hash) + s.WriteRune('-') + } + s.WriteString(strings.TrimLeft(hex.EncodeToString(hash), "0")) + return s.String(), nil +} + +func twosComplement(p []byte) []byte { + carry := true + for i := len(p) - 1; i >= 0; i-- { + p[i] = ^p[i] + if carry { + carry = p[i] == 0xff + p[i]++ + } + } + return p +} diff --git a/encryption.go b/encryption.go new file mode 100644 index 0000000..cd3e3b5 --- /dev/null +++ b/encryption.go @@ -0,0 +1,115 @@ +package main + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "crypto/rsa" + "encoding/json" + "errors" + "fmt" + "github.com/Tnze/go-mc/net" + pk "github.com/Tnze/go-mc/net/packet" + "io" + "net/http" + "net/url" +) + +var hasJoinedURL = func() *url.URL { + u, err := url.Parse("https://sessionserver.mojang.com/session/minecraft/hasJoined") + if err != nil { + panic(err) + } + return u +}() + +func (s *Server) encryptionRequest(conn net.Conn) ([]byte, error) { + verify := make([]byte, 4) + _, _ = rand.Read(verify) + return verify, conn.WritePacket(pk.Marshal(0x01, + pk.String(""), + pk.ByteArray(s.publicKey), + pk.ByteArray(verify), + )) +} + +type profile struct { + ID string `json:"id"` + Name string `json:"name"` +} + +func (p *profile) UUID() string { + return fmt.Sprintf("%s-%s-%s-%s-%s", p.ID[:8], p.ID[8:12], p.ID[12:16], p.ID[16:20], p.ID[20:32]) +} + +func (s *Server) encryptionResponse(conn net.Conn, username string, verify []byte) (*profile, []byte, error) { + var ( + p pk.Packet + sharedSecret pk.ByteArray + verifyToken pk.ByteArray + ) + + err := conn.ReadPacket(&p) + if err != nil { + return nil, nil, fmt.Errorf("could not read packet: %w", err) + } + + err = p.Scan(&sharedSecret, &verifyToken) + if err != nil { + return nil, nil, fmt.Errorf("could not scan packet: %w", err) + } + + valid, err := s.verify(verifyToken, verify) + if err != nil || !valid { + return nil, nil, errors.New("could not verify token") + } + + secret, err := rsa.DecryptPKCS1v15(rand.Reader, s.privateKey, sharedSecret) + if err != nil { + return nil, nil, fmt.Errorf("could not decrypt secret: %w", err) + } + + serverID, err := digest(secret, s.publicKey) + if err != nil { + return nil, nil, fmt.Errorf("could not create digest: %w", err) + } + + u := *hasJoinedURL + q := u.Query() + q.Set("username", username) + q.Set("serverId", serverID) + u.RawQuery = q.Encode() + + res, err := http.Get(u.String()) + if err != nil { + return nil, nil, fmt.Errorf("could not join server API: %w", err) + } + defer res.Body.Close() + + var player profile + if err := json.NewDecoder(res.Body).Decode(&player); err != nil { + return nil, nil, fmt.Errorf("could not decode profile: %w", err) + } + + return &player, secret, nil +} + +func (s *Server) verify(encryptedVerifyToken, actualVerifyToken []byte) (bool, error) { + decryptedVerifyToken, err := rsa.DecryptPKCS1v15(rand.Reader, s.privateKey, encryptedVerifyToken) + if err != nil { + return false, fmt.Errorf("error decrypting verify token: %v", err) + } + return bytes.Equal(decryptedVerifyToken, actualVerifyToken), nil +} + +func encryptedConn(conn net.Conn, secret []byte) (io.Writer, error) { + block, err := aes.NewCipher(secret) + if err != nil { + return nil, err + } + return &cipher.StreamWriter{ + S: newCFB8(block, secret, false), + W: conn, + }, nil +} diff --git a/favicon.png b/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..ce6bdad30a118c5d4b1f9d6f9abc3b39f02fb1c5 GIT binary patch literal 14796 zcmeHsWmH_v((d3MGz1AYKycSV2e)8@1PKrr26uNSSa1za&;mY_WeDa(zm1WBPv7 zhj^Dubut{D?ZPzsftddNCH4bXyIcKv!t#%3-ISgChBlY+WnZNgquRJk*20tbQv9yw43?x zmi6y_u`*4iKQ*qC-SrNOPp4kaHH8lQOmki9wBCZX%9MR>*UCjN9Iw0Z)cA8wxPqjz z&-5dB&MMY7LKVl8+j6?e`EW7qahH3W);w93w-0%jP9nqVcluX}2brda;UBQQ?p?Ay z6Hk^!4{uAf-l%-4!jw{4X$bebx=oasdv>+IKl4a1Ba2u~<_Hbk_;`%Nb*pT{5d8^B zz`<~PN0+emXaw*Q*U^-4gBsTj9ql;6*8+9QbGQ;W>l--o6IwjZReFa>B2||bsuD(O zn&+2#ONnR43-1X1dn-HT%{*RqGQwGHDl105Bmr$FII=cuCwY?7CaF6x zfa(^YG~&cBDuYL|CQ;y}+TvUJ$HK3{<-MTbqpZ+$wOt?l2GO2Fwoi3ky!&Cpz&y^$ z9Ff?QjerShGl{$l+eatg%lD5V2)L-eYAvS8q;w(P4u|dzyRlZGOG`hLM+BMCw+Eds zT3_;~RLeIPF4(#v!|Ul%T<^tFW~ufQ5A+Z#c=L{%H9G0Ge)vS1>GFfzqjp1R0skU@ z#bb)E_T)R4!U#IRg4q^cnFo}x(?(_Hy>|OijS4xhSV>1F+L4=o-Y*TdVWU7 zI#5dGMYt?Y8Bj7UU_UwZp~&|+Z)wl|_=q8saJY54lXc|kd$nddbSrcock%kG_~(RB zad4RU&86Mdbz{@EBlUu)O9J*c#!G-!rDJyHDf41epgehMZ{ihh`XFveKIOTJwPjk| z@B#A0s6wRD zTMMWD{;A!mV$TWM>!QXJP>^k9ad65Jm6d*@h%E_SAI1!VGa=exTSQFTfZ4O8`*_P$9FZc5&5`fx)02% za0I#)aB)$l@c+)A7;IfL3|FIxCb1ygV7FQ57a@GGdK$|2`tai5r6yJ)l!|PDD3(j- z_Mncl>Gbt-LrFBANnp|(bX5y9tQ4jK6D)OLE%sr&u5+A^|4f>`Dv+-!LuGwCj*QP$ zdP*o}TfB@$0e+Pr-E4h=jTS3zZk<2h5QG0Smwbn%!G$piD{r91#mC<<3_Vl+tWWRV zx33`$4lmz+!pz7F)BbVR1Cw9m6O#^0(qHj^rhaNpU`3s1o!U7|k%zWVm@&N7Y$8%9 zcoigEI)tb2G14)!%ShBigjngxMRP8N*E9RK*m9*f(}_oh7Vt>=s=$LvPqQ6_XU@a3 zSfss6xGDJ3M)YM!m-D@)`QFk^{&tSm+pJr3wMm2m66bBbh7}djG(mo&v$phzYY5H; z^l;nTARwva^>P()5ybL64$t-2gZg!1gD_4BJl3jnCDq52Rp*g<1df$bU`Z78^Cap{ zhj^w9?zYYMVL0qOnw+I$#SN`BO~6^P4FmNTrM~0QggE52VL6*p$w_7^FX8X&FV##@O&{WSBu|LMa;PNrTQIg{ue_k=5tDMnXq-J0F8s|BpEo=GSchM} z7!Q<^JQO(Z#jPe$7?jeEO_qz96#{YmNS&ukp1RxiW+D!-x8$V1Mw?8yEI4{Y(c!w_iLr0&wRbIMB~vIno`R zww~6L-g&}_0F0mxu|sE;RmX6-914E4Xld17(I*J*cg>YK^Xg7%>JNqkF?1-QHc?8+ zT!=A<|bm(tsPAz>AKA18*QMz?x9`Y*U*kSnb{NNi3${ z%D}laRcpp@3LLDYfeur0-x&lP z-VuK9Z3VBF?(}3Jc zm$*3VWfh#4v5lVr(=5ikr~#VNM9CVs%L%V~8CBGL2d@aKY`}^03s%;CV4HMJSHKlNWD63HdEF=f>OEWx59w|a=E5(k zu#^Uz?}5}8%9wa#uPMq=1jg9iw;#S&1hFH{#3Rl#4(W|!xj$%X=^WP6BGbok_r}ut z|N0bAgzVD_r=g(3zzBj@ZRd~3`0iz2mIzC+Y<9r^QMnzgA-0}JUq}0FKeuToL6rv31gHK9tKFcuH(>)uWj9TsN}+-w5!1!+K9 zL0*`|2MdF5(Y-P?8)Vs>=<-KMzUVnsd?<)?Q}RZcYaE#GdaSoSrHhTB!Nioev|tdM zMyB|^f2tdOFGM1%V_LF7<9UQWQ6+c#{Z;?;Xk-w+fn=<4?L_L&bcLhV`vnql70OB*=@aqg%Z(DfKXGrWq~$dhWjoc&nQK=n5y`=4n;7A% zfWNbGvm{+t;&lu535x<2PH1eP?~bP_X)2nN5g;(Re?q=HYDN8ljm<`H^G&p{z9qB|vi}Zs{*zD^5fKJqAS<6-)Ga}o55kG>|3v$n?OatHU&#%tcWk2_7CK`v{eGbkH zBZ7_65~HVnaSR5ephxf--pr$xy&a*16tVl^YNEX1mr}=AeZTebXKF(-l>L!X<-J(} z%`b}Y22ixuisj$H&nxmOdLuLMNU&pKV_V~R5a_YoJoh3{r@oZF1LaSulY30C`=FYC zVvr{KiFD^~OsS4uEP#nvg@`|0;LsHqy-FI+po&TJg6?PC$|}f#_4`-6WW6v{UUBcK z{>2tmgH_>LRuB`frD@^ll(gvA+A4OLE`pa<8arpUS)s;E1(g`&OD*5222eb4P^A*M zD?Fg|FLD?4aBTfI&g}|4&Rd35mybqWZF@gw6*fr4R>x!DFc6#NX*mQ4(|eq+2{Z`E z?(Tt_m2ynXkw+t5(3{{!HEuB#NwKNIBdb=4-TLqikByPkRw39j%%a= zNV64Xp^^F1V)f5QB2gty)+UAonUQ=BKU?&5+n@8I7~PF)mGS-@z)k((0ARq42v3bI zPYRKkg}j!KFV3kcOCJ3~iXl&Yosohn1?Qj>ry`;vkmw)ir9j;{x@Upi<{t}y`J;-d8G5(G6T z(F8Xm#c21Tb#tkO8>fk=i0v*@t`)T+G8ugx2G)W79StVbv)HSxAv3b#87cKrCf>9^ zO3=<;O(D%O{7Of|ZC=JfX)Cz&S8?RtlyX}`GQ49j9L?iG9e+u5coHYsr0F!|{`QI< zV&E}N!^bN=R*eadAmDj^Ftt9yPr5JhoR)L4%%@L^7)d%WG{gAIIQKy4r`R%@ALr!D zVnAm!Md5ZxpVT+oS|1f$yEm%JQhw_Pu|5enzGAKZi54y<4HPE%sh56>BjOXnq{D)> z_RO=g4_8`1xHG@^0+skVJlW6DRXovfMy07z0FD`Tp5Zui1w^ugRQvVEqH{W$mM6d1k;p| zRKr*+G^7C2*VvZ&DLj`PLN z8{p|w$IRuzCvseuy9l(JzuJ!ljMvi_)``Uavq8sa&2?ai?zill+!Y1lvQQ@NEW86EhV`32&Cc z3l6?*V*EYPyy~xTy5^ks0@^Eij_`23y3eG46}&s#6Q{7C3mg97E%>%R(U2QQM86^i_syqrLJz# z>v_%reu?M&Jle{;1JR=rw7<8i;!opg248Db-tUko7Zrj|II8p!{0;(VMs|gNMjtBb zOkOO5!aHd#f%06t?Vb1)#JSp4-P)3jMf!e|F6hLaW@h|2>+95>!PhnBuZP*Ta-t}L zyEu(H>?3<-GcVBwtVD%)=IJde+cFIlINxfxrNMvxxV*#IgUdvuzc)M=6!DSZ7rk|8 zr18nw4@5Xt2|KMpHkHPhBjx=4$qPSCE!s<6GJ-FUOm`q|2Xvx9L(<~A0(qMCg-)5K z7s8&-TEL`*Az$jaFxmlWBkLcl{y&mu*G!h|RtH8bN(H~wg@32FH*L}3Bt27;c?_h? zWLKZ#cFs3&?5gySGF1CE&%7e4h>!Xzo2?*)5ZqI-=eCU2Fg*BkUrVry@)6_YQ$u`# z5yrr*1xDMHc+NEN0y8490YE1;|3i#phiLUX%!B&VgpInV8q`MZh^IzNHB9sJfptj(?VHmMisE&u3;8^d z12+*xK1VT--9Q85HuSe91d8y)51kRQBJrlPzeky?qK7BaA%;q(F zWAcVqj=8zEU1REsRU^>9IujS3@n#n8gKZ0pN0xp=T}AsNuzkx#yk%*@LWP`Gm{H`S z$Zb_j&J+)Bj(+7HQYbtJKluv+S-d%r;5|>GUPFmc^35@1nfxwUN+V8{SJ^|vS9{5^ zV2MtncXow044`R}!&RE50@o!cLEhk5Q7W|Koo|jAY|iAq!sL%IvOFOZIeErQqd{!8 ze~*l&D`QCNMA=a)q~7l5a>;+@g?mz>SqQx*JxfPOI+q$bn?)AVDp?rUn~9IZ<&5aL zZ;K(jZ@c@@*>+WtPC}wzoItCmv5Jon~niF+OX6qE;zGBYZHhZ zN3y~5TYX${BC%AokJ{boH2G_Stw*@4w|eQO*E9E^o2h^6f-QVI{o%%JnW>nJk-CX1J$6M+a- z0+Hv=10TN~FY9#m1tk;6!MCtQopPX`9m1Es-|(UkRN6;G6+w98(PLl<&y|(OC!lkH zN;HeiS|*rUh4S_YAff!;s=tgNkCq^!{g&8Ujhv_%>AR)=%KQ$$H=t^=_zcU=4)sGK zz30--QqI#Oz3#-(3O22#Lnte0^6k@x1&R67#)OvQYXPXOHLIbqtr3jX&D!p1;{pH> z5_PjPgj&L!D2-sI<~G8>{hI>t~om=(^v|Y7?%+*@4rCF**H2G+CX8yp`O55&7W`#`HT(O zIgPkjj9~0MEZn?L)*wS8ZWb;+PF@ff7r&tq|Gz>gJD5LJrJ>coM)e!Y_z8-S55#K( zGT~t{F@!-`xOq%KEc_-&B^dLn;g8H{5-teygWRd zARZoe{{Kf?msQRyG7tBnI~cmf7j^~z#sWjE&>t`FheI>2X$Lp zD`DX804RT3{wZ%tp}#ss*4*()!~J)~|6TKHF#Er*{u%;S=6{+fDgTtMfFblRCys_L zFylXtp6vc=f|?oHn8KdM_umEe54rjO(pkJPV-P!xou7pl1bXT$BV#Cw5r;81ixD5l z1j=Fj)MHS-e@Az;HF0t^bbyJOK4top%~JvW$%c~t50wo6uI*|D`^^(OCkM-u6Lyd~ zC#L{Aw*UtZ3pFRIJ ze$)8>@$+|I{D1WD1pQwp{}I3crR%?R{YMP^N6P=LuK&{YA2IMBDgU>+{-4o>{y#4~ zFq@~RAlIkYnR;;9kEd55WFrL`Nxv3RIofO!Zj<}AyC;-gbqAHZGG61?^^0A{CJM}xTB3h-izQ)iM{DB6oYaCChyHs z#ufdL{Lry-wXQPo6Q7EmB~<_ZJj=7}=8@d5?M8v({!BtwFuA^aV?b=5EmpO|7Dw|tcHqqYXN7;CY>E@j*$fudCcfEaC+4xu47O{C=^yHO`Z4yR!Hw&+No`aM4#qvcW8% z`2m@l&|OJ?`)oZ(?4{ZiR{aadAB{N+doeC*PscI~f^eU4F?f4|35sW59o>4@4pL~M zcDoo_l%ly0aiqc<%e0x3jh)drvlFr_r{werR#^MDuetYx_((oH^tAcjBp$TFU3s>h zOoC-@=v?_m^o|NL23nMMa1ogY;sojNH4D0tmBWop+4B|-RkTN}Y9%qgH4G`H|5C4| z4Tl0t%}6Amn6(_JNXy!YtIhem&vU;KiZhx-fHXdGy!Nz;lFl|_glZWxmGBTK%2|^b zJ*N)NOTH+2jf9sZ6Wnmxy`I%}qRaQt^(ZHLF9vX`uPaA6=6%B-Ua*?iOP~6_nVEh7 zlUN8fSgx_8ImZTZ7!<(AJ^EAlxao|#m{7vjM<2B{I z2oB(R4+d4|EAdgH4#okkQcm7(C~Jo3NW%j%UJ4B3)c|ev93}%&3pXt!wWE*Yn@5d$ zC{|au8v-p4OrPCg*sgygy#u67VD8Z&;;iBLH9b2K7zwOxK8%kT z3Yg0?Iqpvoy*m<|?KZTww5AH$^F{y|9eIOMV<31v92>t-$;=r|zlw-TqWepak~+x= zphY?h)p*8ATDpWlw<9n~37$W%-oo4wris%k;8v8-n85*Gdb%B}LQZ0rFghWsTf_sv z4ZGHC3lf(bQY&m}W2wIL%P6EtkRYHILQ}&(ham*!l^w;z5fT=IvK`V?*?b;#Z;j0KDu2+j> zi+q5MqPDC=ByH{7n>e4zd}^Z-S7sZwUkE?HR}XSpOt2F@+l`j-@^VD672>S~?m&CP~^q(t^)zt^$&Mcwnr-e<1 z&0F_@3!Co#^@RJ(!`z{O4yEKMNT)c2mq%L<+HBf1QyAZQ@T{A8KTg`sYHQASKP9bP ziD3uXk{KeO?)r6pOt}dW3{=q^e@XhiPLe7tPrTd6X9e)~_Ry7XPl;lREYK2vN0lQV zzwn9%C)E%9E+e)Wxzczo2BW?*o6*{a>LZ^5M4;KOMB@>83wR2hl7~8TGZt;w)%82wN zuCyrK6?I^fN$ZweyrYbQF4~K!WWG8^{i~b3pVe!_^ET=NEg9R)04fn@j zUcmP8q4Mc1^6IIm!y0=zbB|)5MO$~XPbki)_YK}F)!9L+{2=cTZ9C{M+3^R4DU0$w<{@s387K zWJ;c?8|WJ7HF!>Op^cS*p3Co6qBwq9#ev4z^h(Pci|@O!>Qk8I?XvNL*@Oljd8uZn z$$;qgg8_g%OYLf~q5--2S7lq=qdn!||N&u#&aotc6 zU(c-`5v|JzgyK-uf)#vS$E+~NLAMl`es|d@HW{0zx$bgvLWA}MenX2Hqw3Rlewih$Nivzs z#+}n>17lZ5FkKifI59E3*}F5+blK2@J(mO7pYjXOk?0olaz>R-sogL>{Jt{3bEL`* zuOGTU_C6U_fQtKpAp$Fy4ApT)#K0|}8qwBHq~`P*tjc$5x(;t}x7igBc-X4H%)5lM z6t1UpT-Sn@%24j+aj53~Y8~in;%UXV3&E=105K&`-1$iR)`v{Tc_^lfqoUHWAM-EP zNuz}sfEGI`d6B*$iEoc?ARaF)mL*0=`gPL3~sFH zf>RDY+|E++>u4s_N-#(fn8W)w7k#!^;H)|(x}(s*X+O}onvZX5qVcruZz#oWaeaPL z7xKyvo11Mrp-oT%Eg02LeX|Ft>l{_J(-b^S!hn>k9}dBzU2v;b zYM9`v1o-WgA7n_%AE8pwTPUdNjz?sPhxwJ-7?#57zNpC8xqAqgdALZOiz{7L7OGrx z_~W@_o)mO_d45tEYD3qp{=C)6jWkD4uRoVT9M!{IvhvN?8(au_y1mx^Ppa%%ai+eC z7u3P;8cWz&vo!|zN-#|E5dc8i?OJX4qllpa#2yho24Ke_+^xJ z+3IRg_JSe~oRh5|c^1Mu&qdgxvM$7VsEXsDlIvxRp26Dwg?ENzwcruQ0Zq_6H6s6x z`3G7YA}9PC^Ti{66;jWeqi+8Gd7~0h5iX2bviy+Z@lh?AJc8&<(rVRAy9!3LX`lKQ z!R@e+`UdZ+&G`%l`@Asfp(2Wum&RHTG&$v+&!h^el9KY|=^v3c6NLf2mK_ncE8Fjq)=H>Y zpYhj^<*bC6rPGavN9)aQ()k>4z>g{d6B1J5)6{Q|ap5PsH@wV1=a1u=_M%jA$GqKdT!gjG;pQxa3posXKKaT@M9%Y%{8HV?H;0nTo{0YX_UrF zle%6|`iq3fd@E)V#Ld(_jmRyt*lNCyTpvvn62;{Dpf7l@zHcO>g7fCzbjO-_=8hzj zw{`ZgS*egJFO_(M5J@&T#DEFX;eI+zL3)MjG!}u`*l?vZ<|UOP**9rgJC#S6P%!G+ zCaX5_8Ki$67=#EH51T9Kz~N74RsrJdlWSPdX0e7+f2&B#O!aEZ-J?wnbgz9@5q@a+ z;ut|3JppHOXg<#wJi`=(p3+W26cL(RcVHtVf(T@xCk@2FD`(b#Ce_mw{}=>(tr(lL zE$QJO$xe3gS)_|1s8>!}6iSDd=FTX_h*$NJ!pAB5Iz6FIg9?h_H-vEPT5E}@bml!w z8`~S(vq>k2WUODx*D|Qci8Tv=>JPb6akvEv!myJp8fD`7oO#1lmysW zq_{HSS_&5?w96=QvXx`X?psUVj8I&7lZbRWisiMjB@RekY$Lv<$Z7Ah-1D-wHqo8h zVwAyCv^;`+5%9q7hjUc0W!J@589XMOxT2Y)vFTb4DZr9?J>4M7IGrgO0+Gu` zE=^pt&Wn^1i*!r1aVL#YMWbeH^+*XKos)F=gEsttGWau8Ui-r%)28_V)8>kA%1NU&Py|tUVX`qvPN=76cyM8b8HL zqr$mdqHRvg*i9_(?_9@|((UpnIJIi@F7udE=oDNQewCyfBdDc@;C%)&?PXv;G9o@q zm&R|6eMITOT&RvcWj>~FBTa2ymrbUk%)z34!x;Gew}QM1>Q^l3CEx f;a74)aMF24I_k_AXx zE^$R_yOetOL#X`W^&9iatgW>d({=HCTgQn{?wh9xr?uBz#aH)_4-^fWRumvVeCVz&7Cavki(Ok!U$osNKSYk~$WUc@E6J~v zM@ljEB`)B{$#NWYX|eIQjcur5+d|W+BY`eGELv>MQx3trH}$k-c<}o|;<9nSp3Rz2 z{SP9a95P}Gn|Qj@X({lcFld{{ zLMnt0s+bu~wC8x0NqYv~T<#TE&&+7`Oczx@%Y^^T&3X9XU%zd6yeM#!TirZg$Pc|9 zt_|GQEnjiFV9N5@eUpbHQaosCxxZne*J`5C@xVy>r)lKxV{5QT}98q8M;xv*SZNm44bWcS}$*)gv zx0AeLiI8QxpxdhG&323PFigs)ROY3%uSUTOD1X}$-{y5beC&MzeetkVM2byKn{_~| zqp|*^a@ z!rH`PqJ*ToU!?V)No4T$>Knrz=8~5iPEW9nghdnfPXNk~wQP4Ojt?)Q3kTZtC*QZY z9~F1sS2;hV9a9V|JT&+6wf_9YcAr>CejlCXZhTw(_d*!L^|$^