==Phrack Inc.== Volume 0x0b, Issue 0x3e, Phile #0x0f of 0x10 |=--------=[ Introduction for Playing Cards for Smart Profits ]=--------=| |=----------------------------------------------------------------------=| |=------------------=[ ender ]=-----------------=| --=[ Contents ]=---------------------------------------------------------- 1 - Introduction 2 - Dealing with ISO7816 standard 2.1 - Receiving Answer To Reset 2.2 - Sending commands 2.3 - Receiving answers 2.4 - For example 2.5 - Your Rights 3 - SmartCard Man in the middle 4 - BruteForcing unidenfitied cards 5 - Examples of mapping and filesystem 5.1 - Mapping of old french Credit cards 5.2 - File System of SIM Cards 6 - Cyphering with smartcards 7 - Magnetic stripe 7.1 - ISO 7.2 - ALPHANUMERIC 7.3 - BINARY 8 - Synchronous smartcards 9 - Programming a card for ISO7816 purposes 10 - Conclusion 11 - Greetings 12 - Bibliography Appendix A: Communication log --[ 1 - Introduction ]----------------------------------------------------- All what is written in this article must be used for cracking cards and shouldn't be used to secure already existing application. However, the aim of this article is to show you how to engage the dialog with your smartcards (very useful when you don't have a girlfriend to talk with), and not the way to use already cracked cards. What you need for studying card is : - THE standard : ISO7816 ( http://www.cardwerk.com/smartcards/smartcard_standards.aspx ) - a smartcard reader (Phoenix) - optionally a Reader/Writter for magnetic stripes (just for fun). - maybe a Season -I will explain later-, - some bank cards, - and a computer: - Under Linux/Unix : you can check for shcap (www.afturgurluk.org/~ender/) or try SmartCard ToolKit (http://freshmeat.net/projects/sctk/ ) - Under bill's non-operating system : WinExplorer from Dexter (www.geocities.com/Winexplorer/) --[ 2 - Dealing with ISO7816 standard ]------------------------------------ You will need to refer to this standard. Here we will see how to engage the communication with a smartcard plugged in your phoenix (smartcard reader), which is plugged in your rs232 port. I have put two examples with : a credit card, and a SIM card. If no specific card is mentionned in the presentation of the protocol, it means that the information is valid for all 7816 ISO compliant cards. ----[ 2.1 - Receiving Answer To Reset (ATR) ]------------------------------ First, you will need to reset the card (with an ioctl, or directly typing 'reset' in a smartcard shell) to boot the card, then it sends a data buffer to identify itself, and to explicit its specifications such as the frequency, the programming voltage, the GuardTime the Convention (inverse/direct)... What is really useful to know is : The ATR looks like that : ATR : TS T0 TA1 TB1 TC1 TD1 TA2 ... TDn Tk TCK TS : 3B Direct Convention 3F Inverse Convention T0 : gives the number of Historical Bytes (specific to the card) TD : gives the protocol (mostly T=0 send Word, T=1 send Characters) Tk : The k Historical Bytes... not really verbose in fact :/ TCK : Just a checksum to verify you have a good ATR... Nota : If you don't receive 0x3B or 0x3F for TS, maybe you must reconfigure your soft to receive Byte in another convention... ----[ 2.2 - Sending commands ]--------------------------------------------- The instructions are send to the card via a serial link. The protocol is explained in the standard but is mereley like an I2C without scl. The packets are composed with five parts : CLA : 1 Byte. ISO Class. e.g. : BC = french credit cards, A0 = SIM cards, 00 = Moneo/Open cards... INS : 1 Byte. Instruction. e.g.: 20 = PIN verification, B0 = Read B2 = Read record D0 = Write DC = Write record A4 = Select directory 8x = Encryption with key 'x', the algorithms depends on the card, C0 = Get answer... P1, P2 : 2 Bytes. Parameters, mostly it's an address to read/write. LEN : 1 Byte. Length expected for the answer or lenght of the argument ARG : LEN Byte. Argument you give for the instruction (bytes to write, data to cypher, PIN to verify...), sometimes, the card must answer a byte of aknowledgement -depending on the instruction- between each bytes in the argument buffer. ----[ 2.3 - Receiving answers ]-------------------------------------------- To aknowledge to a command, the card send the instruction byte back to the terminal, then a length of datas equal to the parameter LEN of the command, and finish with SW1, SW2. ( 0x90 0x00 when the operation was succesful ). If the operation wasn't successful, then only SW1 and SW2 are sent, with a specific error code : 0x6E 0x00 CLA error 0x6D 0x00 INS error 0x6B 0x00 P1, P2 error 0x67 0x00 LEN error 0x98 0x04 Bad PIN 0x98 0x08 Unauthorized Access 0x98 0x40 Card blocked ... ----[ 2.4 - For example ]-------------------------------------------------- Here are some examples taken from shcap. You can download it from . But you can do the same with 7816shell If you use Shcap : oops:~/7816/shcap_rel$ sudo ./shcap Terminal> help Shcap v0.0.9 by ender connect - Connect to the Serial port given with -D parameter XX .. XX - Send XX .. XX to the card log - Log comm between card and terminal (need a season) bf - Try to find ISO CLA byte of the card reset - Reset the card direct - Set direct convention inverse - Set inverse convention cd XX XX - Select directory XX XX cat XX XX - Read rd_len bytes at address XX XX readrec XX - Read rd_len on record XX of current file get N - Get N bytes of the answer login - Verify PIN given cypher XX .. XX - Cypher 8 Bytes set - Set parameter : cla=XX Set the iso class to XX (default 00) key=X Set the cyphering key to X (default 0) rd_len=N Set the read lenght to N (default 8) timeout=N Set the poll timeout to Nms (default 500ms) help - Display this help quit - Exit the shell ###### Example with a Bull CP8 mask 4 BO' (french credit card) ###### Terminal> connect Reset for a B4/B0' : ATR: 3F 65 25 08 93 04 6C 90 00 Analysing the ATR : 3F - Convention inverse 6 - TB and TC sent (if TD is not sent, the protocol is 0 : send words) 5 - 5 historical Bytes 25 - TB : Programming current : max 50mA - Programming Voltage 5V 08 - TC : GuardTime : 8 * 1/9600Hz = 833us Historical Bytes 93 04 6C 90 00 --Note that the 90 00 change to 90 10 after a first wrong PIN code Reading Constructor Area of a B4/B0' : Terminal> set cla=bc ISO CLASS set to BC Terminal> set rd_len=8 READ LENGHT set to 8 Terminal> cat 09 C0 --Read at $09C0 8 bytes Card> B0 19 DF 64 08 1F F4 0F B0 90 00 Analysing Constructor Area : 19 DF 64 08 : Card Serial Number 1FF4 / 0FB0 : Free Read area : $07F8 / Access Control : $03E8 90 00 : ok Signing Data with salt in [07E8] : Terminal> set key=0 --Cipher 8 Bytes with K0 KEY set to 0 Terminal> cypherCB 09 11 15 04 16 00 07 E8 --ARG=09 11 15 04 16 00 [07 E8] Card> 90 00 --Instruction ok Getting response : Terminal> get 8 --Get answer 8 bytes Card> C0 12 4F 54 A3 64 C5 2B 07 90 00 --12 4F 54 A3 64 C5 2B 07 ok ##### Example with a SIM card for GSM ##### Terminal> set cla=a0 ISO CLASS set to A0 Verifying PIN 12345678 on a SIM : Terminal> login --Check PIN 8 Bytes Enter your PIN code : 12345678 --The PIN is encoded in ASCII Card> 90 00 --PIN ok Selecting /TELE COM/SMS/ directory in a SIM : Terminal> cd 7f 10 --Select TELECOM dir : 7F 10 Card> 9F 16 --Dir description, 20Bytes Terminal> cd 6f 3c --Select SMS subdir : 6F 3C Card> 9F 0F --Dir description, 15Bytes Reading msg (15 Bytes) : Terminal> get 15 --Get 15 Bytes Card> C0 00 00 ** ** 6F 3C ** ** ** ** ** ** ** ** ** 90 00 Reading the 3rd SMS of current file : Terminal> set rd_len=176 READ LENGHT set to 176 Terminal> redrec 3 --Read record 3, 176Bytes Card> B2 00 FF .. FF 90 00 --status = 00, data=0xff..ff Terminal> quit Well. That's all for the examples...not really dificult, isn't it ? --[ 2.5 - Your Rights ]---------------------------------------------------- SmartCards use some kind of filesystems, so there are some rights (xrw) for the different areas are files. The right to execute is obviously for instructions only... Generally, for a single-provider card, there are three levels : -Nobody, when you boot the card you are not yet identified... -Owner, you are "logged in" when you enter your PIN -Provider, there is another code named PUK you can't know. It is used for example when you stupidly block your card, to reset the blocking mechanism. In a SIM card (at least, the SIM card I have worked on), you cannot read or write if you didn't login. When you enter (the instruction name is verify) the PIN, then you can read, and even write in some files (mostly in TELECOM directory, containing your SMS, your dialing numbers, etc.). In credit cards, which are divided in areas, you need the PIN just to read/write your Transaction Bulletin (at least for french ones... It is also a major security hole if the PIN is not verifyed dynamically by the bank). --[ 3 - SmartCard Man in the middle ]-------------------------------------- Something which is very useful for studying smartcards is a Season : _____________ __________ | |-- 6 |-- | | Terminal | |--/------------| Card | |___________|-- | |________| | / 3 Display ;) ___|____ ____________ | Season | 3 | logging: | |________|------/-----RS232-->| 3F 16 15 | |__________| You need to connect 6 wires from your smartcard to a Wafer, but only 3 to your computer. If you have read the standard, you now that there is only one pin dedicated to the Input/Output. You also need to connect the ground (useful to have a reference...) and the Reset pin in order to start logging when the card boots. It will permit you to log the dialog between the terminal and the smartcard. This the most common way to analyse a smartcard when you have an access to the terminal, but you might want to study the terminal with a logic analyser awfuly expensive and reverse the results on the screen of your oscilloscope (might sound very silly, but someone did that :p). If for some reasons you don't have any physical access to the terminal, report to next part. The scheme for a season is quite simple, you can add some LEDs to see what is going on. The MAX232 is here to convert the 5V from the card pins to the 12V of the RS232 link of your computer (or laptop ;). +-------------------------+ | | +-----------------------------|-+ LED 3mm R1 250ohm| | 1 _ _16| | ____|/|___/\/\/\__+ | -| |_| |-+ | | |\| | | +---------------+ -| M |---|-----+ | Connector ISO 1 | | | -| A |---+ __|__ | __|_|_______ 5 | -| X |- ///// 1 |______ 5 | | | . . ._______ | -| 2 |- /+_| __+-------+ \ . . . . / | | -| 3 |---------------------------+_| |___| | 6 \_______/ 9 | +---| 2 |-----------------+ |___|__|_+----+ | DB9 | -|_____|- | 4 \__|__|__/ 8 | | | 8 9 +---------------------+ | | | +-------------------------------------------------------+ __|__ ///// Scheme for a season ISO Pins DB9 Pins 1. Vcc 5. Gnd 1 2 3 4 5 2. Rst 6. Nc DCD RxD TxD GND 3. Clk 7. I/O 6 7 8 9 4. Nc 8. Nc Don't forget to add 4 x 0.1uF between pins 2-16, 15-6, 1-3 and 4-5 of the MAX232. You can refer to the MAX232 datasheet for more details (ascii scheme are not that clear...) Now you have to log the data, just write somewhere on your hard drive the datas sent and received by the card. You can try this with the 'log' command in shcap, or with the program 7816logger from sctk. The real problem is to analyse these datas. * Firstly, the card send an ATR (which stand for Answer To Reset). * Now that the terminal know the identity of the card, it can send instructions composed firstly of 5 bytes. * Then the card repeat the code of the instruction and the terminal can send the argument buffer if it is not empty, then the card can answer, * et caetera... You can try to search the ISO class (sent just after the ATR) and try to indent your log with just this information, and the knowledge of the "protocol" as explained earlier... After that, you should be able to recreate the behaviour expected by the terminal, excepted for the cryptographic instructions... but this is another problem. You have surely heard of S/DPA (Single/Differential Power Analysis), DFA (Differential Fault Attack) or Time Attack which are the current means for retrieving "easily" the keys stored inside cards. But this is not our topic. Obviously, if you want to make an attack against a terminal with such a system, you can : by overriding the real card, recording what the card must answer, and processing the answer before replaying. The processing could be used, for example, to make the terminal believe the PIN you entered was the good one (because you are evil and you are trying a card which is not yours), by putting the card in standby and reproducing the behaviour of the card as if the PIN was really the good one... It only works if the authentification system of the smartcard doesn't need the PIN for generating the certificate, which is not really common. Well, if you can reproduce the authentification, it is not necessary to do such an attack, because you can get rid of the original card, but it is not an easy way ;) You can find at the end of the article an exemple of a communication between a credit card and a terminal. The datas inside the cards are not always obvious to guess. Generally, you can hope to find an official documentation somewhere, or try to see the changes that happen between each use of the card. --[ 4 - BruteForcing unidenfitied cards ]---------------------------------- When you don't know the ISO class of the card you want to play with, you can bruteforce the iso class. It is not very dificult if your computer is able to count from 0x00 to 0xFF. By retrieving the error codes from the card, you know the class is the good one because the card send you an INS Error (6D 00), instead of a CLA error (6E 00). So you've got it. And instructions are public, so I put some examples upper, and others are in the ISO7816, and on the Internet... To guess the architecture of a card is a different matter. Always try the instruction 0xB0 to see if you can read some addresses, and you'll can interpret the error messages if you cannot read. If the smartcard has got a filesystem, you can verify it with selecting (ins 0xA4) the root directory 0x3F00, and see what is going on. Get the response to see if there are some other directories. As you know the error code for a P1 P2 wrong (bad address) you also can try to evaluate the capacity of the card: 8ko ? 64 ko ?. It works only if there is no filesystem, like in credit cards... See for examples down here : --[ 5 - Examples of mapping and filesystem ]------------------------------- ----[ 5.1 - Mapping of old french Credit cards ]--------------------------- Bull CP8 mask B0-B0' _____________________ $1000 | Constructor area | |___________________| $09C0 | | | FREE READ | |___________________| $07F8 | Transaction | | Bulletin | |___________________| $03E8 | ACCESS COUNTER | |___________________| $02B0 | SECRET AREA | |___________________| $0200 | N/A | |___________________| $0000 ----[ 5.2 - File System of SIM Cards ]------------------------------------- --GSM SIMcard 3F00 ROOT dir | \__2FE2 Card serial Number 7F10 TELECOM | |\__6F3A Directory |\__6F3B Fixed directory |\__6F3C SMS |\__6F40 Last calls |\__6F42 SMS pointer |\__6F43 SMS status |\__6F44 Dialing numbers |\__6F4A Extension 1 \__6F4B Extension 2 7F20 GSM | |\__6F05 Language |\__6F07 IMSI |\__6F20 Cyphering Key |\__6F30 Provider selector |\__6F31 Search Period |\__6F37 Account Max |\__6F38 Sim Service Table |\__6F39 Cumulated calls |\__6F3D Capability Config Param |\__6F3E Group ID 1 |\__6F3F Group ID 2 |\__6F41 Price per unit |\__6F45 Cell Broadcast msg ID |\__6F74 Broadcast Control Chan |\__6F78 Access Control Class |\__6F7B Providers Forbidden |\__6F7E Location Info |\__6FAD Admin data \__6FAE Phase ID Then, you can log the communication between your SIM card and your mobile phone if you want more information ;) --[ 6 - Cyphering with smartcards ]---------------------------------------- All smartcards can cypher or generate a certificate to authenticate itself to a terminal or a provider. Mostly the instructions 0x80 to 0x8F are used to do it. To get the answer, just ask for it with the 0xC0 instruction. Open cards are made particularly to such things. Open means you can find all the documentation you want about it on the Internet (www.opensc.org), so I won't stay on it... The encryption system in smartcards is mostly to authenticate the card. But all its security do not depends only on the cryptographic mechanisms inside the card. The protocol is generally the weak part of the authentication... --[ 7 - Magnetic stripe ]-------------------------------------------------- Magnetic stripes on smartcards are very common. As this is a completely passive way of authentification, it can easily be cloned. However, it also means that all the difficulty is in the interpretation of the data contained in the stripes and the understanding of the algorithms for cyphering discretionnary data in the case you might want to generate your own card, or just change some information. You will need for this part of a magnetic stripe reader. It is quite expensive but it is also possible to make its own driver and do it with just a tape recorder. You can try cmread http://www.afutgurluk.org/~ender/cmread.tgz for a driver on LPT1. Depending on your software and hardware, you will have more or less easily these informations : the density of encoding, and the number of bits per character. For the number of bits per character, if you have read with the good number of bits without errors, then you have to check the parity bits. Normally, the soft you used to read the stripe is able to to do such a thing, other wise the method consist in : - Take the first bit equal to 1 - Check the parity on the first 5 bit - If it is not OK, then try with 6,7,8 or 9 - Try on the next pack of [5,6,7,8,9] till the end. - Check the LRC There are two ways for detecting error, the first is with the parity bits, the second is the LRC for Longitudinal Redondancy Check. The character of the track is equal to the XOR of all characters. There are 3 different cases easily recognizable : ----[ 7.1 - ISO ]---------------------------------------------------------- ISO-1 (210 bpi - 7 bits) : The stripe is divided in several parts : - '%' Start sentinel - 'B' Format code - Primary account number (your account number on your credit card for example) - '^' Field separator - Name of the owner - Field separator - Expiration date (4 BCD numbers) - Service Code (101 for VISA, ...) - Discretionnary data - '?' End Sentinel - LRC Example : % B 0123456789012345 ^ MR SMITH JOHN ^ 9910 101 123456789000000123000000 ? It is not compulsory exactly like that, but it cannot differ a lot. ISO-2/3 (75 bpi - 5 bits): - ';' Start Sentinel - Primary Account Number - '=' Field separator - Expiration date - Service code - Discretionnary data - '?' End Sentinel - LRC Example: ; 01236789012345 = 9910 101 123456789000000123 ? Note that the PAN (Primary Account Number) must verify the Lhun Algorithm. The standard is ISO-7811 if you want more information... ----[ 7.2 - ALPHANUMERIC ]------------------------------------------------- It is quite like ISO, but a bit less verbose. You just have the same Start sentinel depending on the number of the track (1 : '%', 2 & 3 : ';'), the same Field Separators, and End Sentinel. Between Start and End Sentinels, you have data coded in BCD or ALPHA separated by the field separator of the track related. ----[ 7.3 - BINARY ]------------------------------------------------------- Keep in mind that there is not necessarily a structure like that. Sometimes bit are put in desorder, as if the designer of the stripe was completly drunk and was playing dice with friends to know what to do... Just use your card and try to understand what has changed. --[ 8 - Synchronous smartcards ]------------------------------------------- I just put this part in order to do a complete tour on smartcards. This type of card is very lame, They have a poor capacity (less than 1kb in general), they don't always respect ISO standard for pins. What is sure is that you have 2 pins for Vcc and the ground, 1 pin for the Clock, 1 pin for the reset, 1 pin for the I/O, and sometimes 1 pin for the Vpp (programming voltage) and 1 pin for the Write Enabled. They don't have an ATR. They just react on negative edges of the Clock pin by sending the next bit (or first if it is reseted) in its memory on the I/O pin. If you can write, you will need a different voltage put on the Vpp pin (up to 21V) and enable the Write pin. Generaly, you just can set a bit from 1 to 0 beacuse of the OTP (One Time Programmable) technology used inside (you just flash a fuse in the chip). French telephone cards use such a technology (Merci, France TeleCom.) ;) --[ 9 - Programming a card for ISO7816 purposes ]-------------------------- If you can read this line, it is because Phrack has accepted my article without asking me to paste some of my codes to write a bloody tutorial to code your own smartcard emulator using a pic from microchip (www.microchip.com) and then you will need to think by yourself if you are interested in how to write such programs (it is not very obvious...). As I am nice and gentle, I give you the most common architecture : - Send the ATR (On each reset it will restart here) - Wait for the first Byte (ISO class) and verify it is the right one - Receive the second byte and compare it with each byte INS you have implemented, other wise send an error. - Jump to the part of code written for the INS asked for and process the arguments - Then you have 2 choices (The Hacker's Choice is the best :p) : * use an eeprom to save all your datas, and then read and write it in order to complete the instrion asked for by the terminal * use the PIC flash, by writting a list of RETLW 0xXX, determine the offset of the Byte nee ded and then just add this offset to the current Program Counter. Some advises : - ISO 7816-3 is your friend ;) - Never forget the parity bit to send datas, and also the ACK (or NACK) when you receive - Wait for a ACK from the terminal, if it is a NACK, just send again, and it will works - Write your own code, it will avoid you from silly bugs you don't understand that could lead you in prison in case of problem (big brother is always watching you, you cannot be wrong...) - Don't do too nasty things, work only on an emulated terminal on your computer :p - Google is your friend to find URL for programming PIC-based smartcards --[ 10 - Conclusion ]----------------------------------------------------- No need to work in a laboratory to play with smartcards security at an interesting level. Don't believe that S/DPA, or DFA is the only way to study cards. Some of the articles on such methods are written by people who has never seen a glitch generator in their whole life... Eventually you just need an old 486 and a soldering iron to find security holes in smartcard protocols and then buy some food with emulated credit cards, phone friends with a self made SIM card watching numeric tv with a self made viaccess/seca smartcard and enter in almost place protected with smartcard or magnetic cards. Or just keep it for you ;) --[ 11 - Greetings ]------------------------------------------------------- Roland Moreno ;) --[ 12 - Bibliography ]---------------------------------------------------- -PC et Cartes a puce, Patrick Gueule -Ender's Game, Orson Scott Card -The Hitchhiker's Trilogy, Douglas Adams -Discworld, Terry Pratchett --[ Appendix A: Communication log - old_log.txt (uuencoded) --------------- <++> ./old_log.txt.uue begin 744 old_log.txt M("`@("`@("`@("`@("`@(",C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C M(R,C(R,C#0H@("`@("`@("`@("`@("`@(R`@("`@("`@("`@("`@("`@("`@ M("`@("`@("`@("`@(",-"B`@("`@("`@("`@("`@("`C("!(3U=43R`Z(%!A M>2!7:71H(%9I2`R-3`@.B!F'!O;F5N="!E(#T@,RP@5FES M82!#87)D("@T.32D@9F]R($-!22P@7!H97)I;F<@*$-"0R!-;V1E*0T*("`@(#=&(`T*("`@ M(#X^,C$-"B`@("`W1B`-"B`@("`^/C4T#0H@("`@-T8@#0H@("`@/CXP.0T* M("`@(#=&(`T*("`@(#X^,#`-"B`@("`W1B`-"B`@("`^/C`X#0H@("`@-T8@ M#0H@("`@/CY&-2`@("`-"B`@("`W1B`-"B`@("`^/C`X#0H@("`@-T8@#0H@ M("`@/CY$,"`@("`@("`@("`@("`\+2T@,C$@-30@,#D@,#`@,#@@1C4@6S`X M($0P72`-"B`@("`Y,"`P,"`-"@T*("`@(#X^0D,@0S`@,#`@,#`@,#@@/"TM M(%)E861I;F<@7!H97)I;F<-"B`@("`W1B`-"B`@("`^/C`Y#0H@("`@-T8@#0H@ M("`@/CXR,`T*("`@(#=&(`T*("`@(#X^,4,-"B`@("`W1B`-"B`@("`^/D,S M#0H@("`@-T8@#0H@("`@/CXQ1@T*("`@(#=&(`T*("`@(#X^1C<-"B`@("`W M1B`-"B`@("`^/C`X#0H@("`@-T8@#0H@("`@/CY$,"`@("`@("`@("`@("`\ M+2T@,#D@,C`@,4,@0S,@,48@1C<@6S`X($0P70T*("`@(#DP(#`P(`T*#0H@ M("`@/CY"0R!#,"`P,"`P,"`P."`\+2T@4F5A9&EN9R!R97-U;'0-"B`@("!# M,"`@("`@("`@("`@("`@(`T*("`@(#`Y(#(P(#%#($,S(#%&($8W(#`X($0P M(#PM+2!#04D@*'=H870@:7,@;VX@=&AE(&YO=&4I#0H@("`@.3`@,#`@#0H- M"B\J*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ M*BHJ*BHJ*BHJ*BHJ*BH-"B`J(%)E860@5')A;G-A8W1I;VX@8G5L;&5T:6X@ M86YD('=R:71E('1R86YS86-T:6]N("`@("`@("H-"B`J("HJ*BHJ*BHJ*BHJ M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHO M#0H-"B`@("`^/D)#($(P(#`R($(P($9#(#PM+2!296%D:6YG('1R86YS86-T M:6]N(&)U;&QE=&EN(#H@0414#0H@("`@0C`@(`T*("`@(#,P(#`P(#DY(#$Q M("`@("`@/"TM($1U2`Z(#$X,RP@3&]C871I;VX@,#$L(%!E#7!H97)I;F<@*#-R9"!K97DI M+"!386QT(#T@,#D@-3`-"B`@("`W0B`-"B`@("`^/C(V#0H@("`@-T(@#0H@ M("`@/CY$1@T*("`@(#="(`T*("`@(#X^138-"B`@("`W0B`-"B`@("`^/C)" M#0H@("`@-T(@#0H@("`@/CY&0PT*("`@(#="(`T*("`@(#X^1C$-"B`@("`W M0B`-"B`@("`^/C`Y#0H@("`@-T(@#0H@("`@/CXU,"`@("`@("`@("`@("`\ M+2T@,C8@1$8@138@,D(@1D,@1C$@6S`Y(#4P70T*("`@(#DP(#`P(`T*#0H@ M("`@/CY"0R!#,"`P,"`P,"`P."`\+2T@4F5S=6QT#0H@("`@0S`@(`T*("`@ M(#(V($1&($4V(#)"($9#($8Q(#`Y(#4P(`T*("`@(#DP(#`P(`T*#0H@("`@ M/CY"0R!","`P.2`V."`P-"`-"B`@("!","`-"B`@("`S,2`P,2`Y.2`Q,2`@ M("`@(#PM+2!296%D:6YG(&9A8G)I8V%T:6]N(&1A=&4@9F]R('-A;'0-"B`@ M("`Y,"`P,"`-"@T*("`@(#X^0D,@.#0@,#`@,#`@,#@@/"TM($-Y<&AE