// https://syzkaller.appspot.com/bug?id=19fb554305ab534dc6183a3986d5fc1579be1677 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } #define MAX_FDS 30 #define USB_MAX_IFACE_NUM 4 #define USB_MAX_EP_NUM 32 #define USB_MAX_FDS 6 struct usb_endpoint_index { struct usb_endpoint_descriptor desc; int handle; }; struct usb_iface_index { struct usb_interface_descriptor* iface; uint8_t bInterfaceNumber; uint8_t bAlternateSetting; uint8_t bInterfaceClass; struct usb_endpoint_index eps[USB_MAX_EP_NUM]; int eps_num; }; struct usb_device_index { struct usb_device_descriptor* dev; struct usb_config_descriptor* config; uint8_t bDeviceClass; uint8_t bMaxPower; int config_length; struct usb_iface_index ifaces[USB_MAX_IFACE_NUM]; int ifaces_num; int iface_cur; }; struct usb_info { int fd; struct usb_device_index index; }; static struct usb_info usb_devices[USB_MAX_FDS]; static struct usb_device_index* lookup_usb_index(int fd) { for (int i = 0; i < USB_MAX_FDS; i++) { if (__atomic_load_n(&usb_devices[i].fd, __ATOMIC_ACQUIRE) == fd) return &usb_devices[i].index; } return NULL; } static int usb_devices_num; static bool parse_usb_descriptor(const char* buffer, size_t length, struct usb_device_index* index) { if (length < sizeof(*index->dev) + sizeof(*index->config)) return false; memset(index, 0, sizeof(*index)); index->dev = (struct usb_device_descriptor*)buffer; index->config = (struct usb_config_descriptor*)(buffer + sizeof(*index->dev)); index->bDeviceClass = index->dev->bDeviceClass; index->bMaxPower = index->config->bMaxPower; index->config_length = length - sizeof(*index->dev); index->iface_cur = -1; size_t offset = 0; while (true) { if (offset + 1 >= length) break; uint8_t desc_length = buffer[offset]; uint8_t desc_type = buffer[offset + 1]; if (desc_length <= 2) break; if (offset + desc_length > length) break; if (desc_type == USB_DT_INTERFACE && index->ifaces_num < USB_MAX_IFACE_NUM) { struct usb_interface_descriptor* iface = (struct usb_interface_descriptor*)(buffer + offset); index->ifaces[index->ifaces_num].iface = iface; index->ifaces[index->ifaces_num].bInterfaceNumber = iface->bInterfaceNumber; index->ifaces[index->ifaces_num].bAlternateSetting = iface->bAlternateSetting; index->ifaces[index->ifaces_num].bInterfaceClass = iface->bInterfaceClass; index->ifaces_num++; } if (desc_type == USB_DT_ENDPOINT && index->ifaces_num > 0) { struct usb_iface_index* iface = &index->ifaces[index->ifaces_num - 1]; if (iface->eps_num < USB_MAX_EP_NUM) { memcpy(&iface->eps[iface->eps_num].desc, buffer + offset, sizeof(iface->eps[iface->eps_num].desc)); iface->eps_num++; } } offset += desc_length; } return true; } static struct usb_device_index* add_usb_index(int fd, const char* dev, size_t dev_len) { int i = __atomic_fetch_add(&usb_devices_num, 1, __ATOMIC_RELAXED); if (i >= USB_MAX_FDS) return NULL; if (!parse_usb_descriptor(dev, dev_len, &usb_devices[i].index)) return NULL; __atomic_store_n(&usb_devices[i].fd, fd, __ATOMIC_RELEASE); return &usb_devices[i].index; } struct vusb_connect_string_descriptor { uint32_t len; char* str; } __attribute__((packed)); struct vusb_connect_descriptors { uint32_t qual_len; char* qual; uint32_t bos_len; char* bos; uint32_t strs_len; struct vusb_connect_string_descriptor strs[0]; } __attribute__((packed)); static const char default_string[] = {8, USB_DT_STRING, 's', 0, 'y', 0, 'z', 0}; static const char default_lang_id[] = {4, USB_DT_STRING, 0x09, 0x04}; static bool lookup_connect_response_in(int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, struct usb_qualifier_descriptor* qual, char** response_data, uint32_t* response_length) { struct usb_device_index* index = lookup_usb_index(fd); uint8_t str_idx; if (!index) return false; switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_GET_DESCRIPTOR: switch (ctrl->wValue >> 8) { case USB_DT_DEVICE: *response_data = (char*)index->dev; *response_length = sizeof(*index->dev); return true; case USB_DT_CONFIG: *response_data = (char*)index->config; *response_length = index->config_length; return true; case USB_DT_STRING: str_idx = (uint8_t)ctrl->wValue; if (descs && str_idx < descs->strs_len) { *response_data = descs->strs[str_idx].str; *response_length = descs->strs[str_idx].len; return true; } if (str_idx == 0) { *response_data = (char*)&default_lang_id[0]; *response_length = default_lang_id[0]; return true; } *response_data = (char*)&default_string[0]; *response_length = default_string[0]; return true; case USB_DT_BOS: *response_data = descs->bos; *response_length = descs->bos_len; return true; case USB_DT_DEVICE_QUALIFIER: if (!descs->qual) { qual->bLength = sizeof(*qual); qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER; qual->bcdUSB = index->dev->bcdUSB; qual->bDeviceClass = index->dev->bDeviceClass; qual->bDeviceSubClass = index->dev->bDeviceSubClass; qual->bDeviceProtocol = index->dev->bDeviceProtocol; qual->bMaxPacketSize0 = index->dev->bMaxPacketSize0; qual->bNumConfigurations = index->dev->bNumConfigurations; qual->bRESERVED = 0; *response_data = (char*)qual; *response_length = sizeof(*qual); return true; } *response_data = descs->qual; *response_length = descs->qual_len; return true; default: break; } break; default: break; } break; default: break; } return false; } typedef bool (*lookup_connect_out_response_t)( int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done); static bool lookup_connect_response_out_generic( int fd, const struct vusb_connect_descriptors* descs, const struct usb_ctrlrequest* ctrl, bool* done) { switch (ctrl->bRequestType & USB_TYPE_MASK) { case USB_TYPE_STANDARD: switch (ctrl->bRequest) { case USB_REQ_SET_CONFIGURATION: *done = true; return true; default: break; } break; } return false; } #define UDC_NAME_LENGTH_MAX 128 struct usb_raw_init { __u8 driver_name[UDC_NAME_LENGTH_MAX]; __u8 device_name[UDC_NAME_LENGTH_MAX]; __u8 speed; }; enum usb_raw_event_type { USB_RAW_EVENT_INVALID = 0, USB_RAW_EVENT_CONNECT = 1, USB_RAW_EVENT_CONTROL = 2, }; struct usb_raw_event { __u32 type; __u32 length; __u8 data[0]; }; struct usb_raw_ep_io { __u16 ep; __u16 flags; __u32 length; __u8 data[0]; }; #define USB_RAW_EPS_NUM_MAX 30 #define USB_RAW_EP_NAME_MAX 16 #define USB_RAW_EP_ADDR_ANY 0xff struct usb_raw_ep_caps { __u32 type_control : 1; __u32 type_iso : 1; __u32 type_bulk : 1; __u32 type_int : 1; __u32 dir_in : 1; __u32 dir_out : 1; }; struct usb_raw_ep_limits { __u16 maxpacket_limit; __u16 max_streams; __u32 reserved; }; struct usb_raw_ep_info { __u8 name[USB_RAW_EP_NAME_MAX]; __u32 addr; struct usb_raw_ep_caps caps; struct usb_raw_ep_limits limits; }; struct usb_raw_eps_info { struct usb_raw_ep_info eps[USB_RAW_EPS_NUM_MAX]; }; #define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init) #define USB_RAW_IOCTL_RUN _IO('U', 1) #define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event) #define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor) #define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, __u32) #define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io) #define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io) #define USB_RAW_IOCTL_CONFIGURE _IO('U', 9) #define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, __u32) #define USB_RAW_IOCTL_EPS_INFO _IOR('U', 11, struct usb_raw_eps_info) #define USB_RAW_IOCTL_EP0_STALL _IO('U', 12) #define USB_RAW_IOCTL_EP_SET_HALT _IOW('U', 13, __u32) #define USB_RAW_IOCTL_EP_CLEAR_HALT _IOW('U', 14, __u32) #define USB_RAW_IOCTL_EP_SET_WEDGE _IOW('U', 15, __u32) static int usb_raw_open() { return open("/dev/raw-gadget", O_RDWR); } static int usb_raw_init(int fd, uint32_t speed, const char* driver, const char* device) { struct usb_raw_init arg; strncpy((char*)&arg.driver_name[0], driver, sizeof(arg.driver_name)); strncpy((char*)&arg.device_name[0], device, sizeof(arg.device_name)); arg.speed = speed; return ioctl(fd, USB_RAW_IOCTL_INIT, &arg); } static int usb_raw_run(int fd) { return ioctl(fd, USB_RAW_IOCTL_RUN, 0); } static int usb_raw_configure(int fd) { return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0); } static int usb_raw_vbus_draw(int fd, uint32_t power) { return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power); } static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io); } static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io) { return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io); } static int usb_raw_event_fetch(int fd, struct usb_raw_event* event) { return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event); } static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc) { return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc); } static int usb_raw_ep_disable(int fd, int ep) { return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep); } static int usb_raw_ep0_stall(int fd) { return ioctl(fd, USB_RAW_IOCTL_EP0_STALL, 0); } #define USB_MAX_PACKET_SIZE 4096 struct usb_raw_control_event { struct usb_raw_event inner; struct usb_ctrlrequest ctrl; char data[USB_MAX_PACKET_SIZE]; }; struct usb_raw_ep_io_data { struct usb_raw_ep_io inner; char data[USB_MAX_PACKET_SIZE]; }; static void set_interface(int fd, int n) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return; if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) { int rv = usb_raw_ep_disable( fd, index->ifaces[index->iface_cur].eps[ep].handle); if (rv < 0) { } else { } } } if (n >= 0 && n < index->ifaces_num) { for (int ep = 0; ep < index->ifaces[n].eps_num; ep++) { int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep].desc); if (rv < 0) { } else { index->ifaces[n].eps[ep].handle = rv; } } index->iface_cur = n; } } static int configure_device(int fd) { struct usb_device_index* index = lookup_usb_index(fd); if (!index) return -1; int rv = usb_raw_vbus_draw(fd, index->bMaxPower); if (rv < 0) { return rv; } rv = usb_raw_configure(fd); if (rv < 0) { return rv; } set_interface(fd, 0); return 0; } static volatile long syz_usb_connect_impl(uint64_t speed, uint64_t dev_len, const char* dev, const struct vusb_connect_descriptors* descs, lookup_connect_out_response_t lookup_connect_response_out) { if (!dev) { return -1; } int fd = usb_raw_open(); if (fd < 0) { return fd; } if (fd >= MAX_FDS) { close(fd); return -1; } struct usb_device_index* index = add_usb_index(fd, dev, dev_len); if (!index) { return -1; } char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]); if (rv < 0) { return rv; } rv = usb_raw_run(fd); if (rv < 0) { return rv; } bool done = false; while (!done) { struct usb_raw_control_event event; event.inner.type = 0; event.inner.length = sizeof(event.ctrl); rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event); if (rv < 0) { return rv; } if (event.inner.type != USB_RAW_EVENT_CONTROL) continue; char* response_data = NULL; uint32_t response_length = 0; struct usb_qualifier_descriptor qual; if (event.ctrl.bRequestType & USB_DIR_IN) { if (!lookup_connect_response_in(fd, descs, &event.ctrl, &qual, &response_data, &response_length)) { usb_raw_ep0_stall(fd); continue; } } else { if (!lookup_connect_response_out(fd, descs, &event.ctrl, &done)) { usb_raw_ep0_stall(fd); continue; } response_data = NULL; response_length = event.ctrl.wLength; } if ((event.ctrl.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD && event.ctrl.bRequest == USB_REQ_SET_CONFIGURATION) { rv = configure_device(fd); if (rv < 0) { return rv; } } struct usb_raw_ep_io_data response; response.inner.ep = 0; response.inner.flags = 0; if (response_length > sizeof(response.data)) response_length = 0; if (event.ctrl.wLength < response_length) response_length = event.ctrl.wLength; response.inner.length = response_length; if (response_data) memcpy(&response.data[0], response_data, response_length); else memset(&response.data[0], 0, response_length); if (event.ctrl.bRequestType & USB_DIR_IN) { rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response); } else { rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response); } if (rv < 0) { return rv; } } sleep_ms(200); return fd; } static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatile long a2, volatile long a3) { uint64_t speed = a0; uint64_t dev_len = a1; const char* dev = (const char*)a2; const struct vusb_connect_descriptors* descs = (const struct vusb_connect_descriptors*)a3; return syz_usb_connect_impl(speed, dev_len, dev, descs, &lookup_connect_response_out_generic); } static volatile long syz_usb_disconnect(volatile long a0) { int fd = a0; int rv = close(fd); sleep_ms(200); return rv; } static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { unsigned long nb = a1; char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(nb % 10); nb /= 10; } return open(buf, a2, 0); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // syz_open_dev$evdev arguments: [ // dev: ptr[in, buffer] { // buffer: {2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 23 00} // (length 0x12) // } // id: intptr = 0x0 (8 bytes) // flags: open_flags = 0x0 (8 bytes) // ] // returns fd_evdev memcpy((void*)0x200000000040, "/dev/input/event#\000", 18); res = -1; res = syz_open_dev(/*dev=*/0x200000000040, /*id=*/0, /*flags=*/0); if (res != -1) r[0] = res; // syz_usb_disconnect arguments: [ // fd: fd_usb (resource) // ] syz_usb_disconnect(/*fd=*/r[0]); // syz_usb_connect$cdc_ncm arguments: [ // speed: usb_device_speed = 0x0 (8 bytes) // dev_len: len = 0x6e (8 bytes) // dev: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {12 01 00 00 02 00 00 08 25 05 a1 a4 40 00 01 02 // 03 01 09 02} (length 0x14) // } // } // } // conn_descs: nil // ] // returns fd_usb_cdc_ncm memcpy((void*)0x200000000100, "\x12\x01\x00\x00\x02\x00\x00\x08\x25\x05\xa1\xa4\x40\x00\x01\x02\x03" "\x01\x09\x02", 20); syz_usb_connect(/*speed=*/0, /*dev_len=*/0x6e, /*dev=*/0x200000000100, /*conn_descs=*/0); // ioctl$HIDIOCGRDESC arguments: [ // fd: fd_hidraw (resource) // cmd: const = 0x90044802 (4 bytes) // arg: ptr[inout, hidraw_report_descriptor] { // hidraw_report_descriptor { // size: bytesize = 0xfe6 (4 bytes) // value: buffer: {13 f9 7b d1 2f 05 a4 53 f0 a4 39 84 67 1b f2 30 93 // d4 ee 13 ad 96 e5 2e 9c 7d 92 41 23 d0 e6 a8 26 62 dc e5 08 fd 6d 8f // 0b d1 2c 5c bb 70 d3 50 84 60 32 23 e8 a8 19 6e 84 d7 98 3d 97 98 5a // 59 fb 71 a2 a3 98 4c 3e d1 0b dc d0 ae 99 15 26 0f 70 7d e4 64 2e 9d // c1 3a 7b d4 ad 6f 7b 66 13 44 1f 37 0c 7f 67 9b 86 b9 d3 30 6e 3e 12 // c6 41 1e e2 09 4d 6a f4 f0 87 32 67 3a 24 6b 36 fe 05 4e c9 0c 47 8b // fa 3c 53 90 9a a2 bd 8a 30 f0 16 2a 89 3c fc 23 3a 83 89 6d dd 20 18 // d7 6a 67 89 07 b5 65 39 1d 8a a6 0b cf 66 be ee ba 6c 42 04 c7 6c 29 // 90 c0 bb ee 58 61 60 68 16 ab be 64 67 53 fa 0b 0e e1 16 41 5e 16 84 // 78 d6 41 a9 74 e6 60 9d 6b d3 46 93 4c fd 39 05 e1 d5 00 62 cd 40 71 // a0 a0 b5 3a f0 1a 28 20 60 96 e8 af 4d aa f3 c7 4f a0 de 8d d8 28 bf // 9b e9 32 4b 13 d4 22 66 b1 81 45 a1 c2 47 49 2c 60 ad 1b 19 74 23 82 // 09 9a 44 68 f8 f2 f6 81 b9 18 7c 22 ce d6 25 05 58 f1 c6 96 12 97 8e // 4c 95 7b 88 50 59 d2 50 e6 7f 0b 53 4b 4c 1e 73 b9 35 82 5d 69 da 68 // 61 d6 a3 e4 98 2e 86 15 f6 52 50 4c 97 65 d0 9d 7a fe 73 e4 b2 88 0f // 09 75 52 7f 2c 47 43 a7 61 ad 01 43 ad 09 f6 5e 3a f2 0a 7e 24 2a bd // 31 a2 41 f4 ab 83 73 21 0b d7 4f 3b fe c3 6e 25 95 fe 2a 94 a7 e2 ed // d9 ae 74 72 ed 56 4e 22 ad 85 98 aa cc 1d 5b 97 7e 2e d8 3d 10 d7 c1 // 39 ee 64 f4 ea 8d f3 d1 39 7b 35 77 53 e5 c7 71 72 b9 e2 72 d6 d6 ca // 20 d4 f8 e1 da 6e db 38 f5 eb 70 c4 ea 2e a2 37 f0 98 75 94 42 bb 7f // 27 87 f1 97 4f cb 2d 65 a2 d3 7a d8 53 49 11 ac e9 65 d5 f6 40 c4 8e // 72 61 d3 d7 b2 d5 77 1a 6a e9 cd e3 ef 13 16 ff 7c cf f8 b0 73 67 6c // c8 4c 81 52 cc 62 4e 7f 30 6d 81 cc 78 df 5b 5b bc bb 37 b6 68 69 76 // d3 46 d6 b0 ee 50 22 89 03 ed e6 c5 72 ac 49 c1 95 4a 57 58 2d fb 9d // 81 9d 8b 07 9a 0b 50 ed 43 ee 2f b6 90 ac 72 ce 60 ba c8 e1 bd 4b 5c // 1c 03 a9 6c 9c 47 4e fa cf e1 e5 21 dc 48 be 15 51 2b 78 6f fc 9d b7 // 9e b0 fe 62 e1 e2 ef d5 bf b5 1b 7e 86 d3 b5 87 dd 2e 59 3e 0f 1a a5 // 6f d1 81 c8 0f 7c a0 32 d6 82 f7 0a 0b d0 d7 39 1b a2 bc fe 54 73 27 // 9d d2 e5 4f 07 14 d5 bd cb 09 94 9b 81 50 6f fd e5 2c 43 20 fc 96 1d // 8c 5c db 26 bb ea 1d 30 05 26 19 cc 3a 22 c6 25 7b e1 e2 9e 09 9c fd // 0a 11 9d 63 4f 1d e0 64 15 15 1f 43 46 20 29 5d d8 ea 1a e9 58 e0 78 // 49 75 f4 94 0b 25 5a af d6 b1 6f c1 1a fa e5 e0 89 32 42 b2 8f c2 15 // 03 86 ca 32 b4 6c df c1 64 4d 86 64 3d 83 07 93 81 70 b5 a4 9c eb 0f // d3 d6 10 fa a4 d7 c7 ed fb c7 7d 7e 89 83 85 5d e9 91 f1 12 d3 1c e7 // 11 ba 1d ba c1 34 34 ed f6 08 a0 17 4a 15 1c 98 1e 7f 15 35 37 ae 2a // aa fa 5f 03 a0 45 4c fc 49 eb 83 8b 6a 0a 30 b7 f5 99 cf e3 15 ea 88 // 40 9f ec 26 ee a5 bb 70 27 31 4d 28 09 50 d5 f0 01 1d e2 45 cb 51 53 // 60 63 97 ef d8 5d b9 0e e1 77 31 f1 61 64 ff 9b d5 ae 1e fc 40 73 45 // ab 0e 43 9c f1 d8 2a 3f 00 90 6e fa ef d6 20 50 bf c9 33 22 92 a0 57 // ed 14 d5 91 f8 6d 94 8e 98 57 65 52 c2 6b fc 8e 4e 3b f3 33 f1 1e 31 // 6e 7a cd 0a 3f 28 73 6e 03 e2 26 12 e2 7d 5a c9 36 f3 e9 6d d8 f4 41 // f6 58 64 1b a4 ea d8 a1 db 43 97 18 a4 a8 29 26 46 6a 49 ff 4d bf a6 // 5a ad 58 d2 6f 93 39 49 00 77 c3 6b 52 84 6d 8e 0b 64 b8 c8 84 73 b7 // 02 30 ba 59 d9 6b 59 52 af f3 a8 59 53 77 89 90 d5 3d 47 ad ae 52 e8 // 8e 4b eb 0e 9a a1 5e 5d 26 76 71 6c 88 6c fe a8 76 d5 66 45 4b 2a f5 // c2 15 49 81 cf 6e 9e 53 48 a9 57 7d 3e c4 ff cc 4a c8 08 58 d5 a5 4b // 5d f9 25 cc 63 8b 4a 5c 97 72 9c 0e 2f 6e 4a 42 9b da 81 a4 83 4e a9 // 15 4c 2e b1 d2 40 2b 48 19 dd 6b 03 8f a8 6e 47 fe 7f d3 56 23 8f ff // 3d ed 22 8b 68 d8 a4 b4 95 d1 9d 56 43 ce 80 30 c4 fb be d4 2d dc 77 // 4a 33 1a 75 46 97 e0 9b 67 35 aa d6 4b c3 ff 41 86 43 60 2b 71 81 f0 // e5 b2 6e 74 96 58 be 6a 97 70 73 ac 57 59 d4 83 10 d6 8e 86 a3 a4 81 // 04 c7 cd 4e 57 79 15 b0 af de 6f a5 fb ea 83 41 2d c1 ff 17 90 57 16 // c9 55 79 9e e7 72 df c4 ca 80 2e 58 2b 18 d6 d8 42 98 aa 5c 75 df 38 // d1 2b c8 06 fb 19 53 b2 be 14 79 aa ee 55 e7 ea 32 24 41 9d 64 b9 28 // a9 a8 ae db 06 ff cc 36 93 f0 56 53 de 12 78 8e 85 4f 7d 4c 9e b1 0b // c8 d7 51 85 95 d0 f0 3e 76 df d4 65 b7 90 28 65 de b3 78 01 5a 86 0e // d4 bf 1d 40 40 c4 7f 0e 69 92 7d 9b 0c c6 f3 47 a9 60 3f 14 05 5b 69 // aa 2d 47 89 6e 32 02 38 f5 87 39 f4 61 56 ee 62 07 ac 57 bb 1e 13 1f // b1 43 14 7d 9e 49 01 5f 24 33 f4 15 75 4f 47 61 66 e8 9b 2f 7a 8a b2 // b9 66 c1 9b fd be 79 57 13 62 7e 7e 42 a2 56 9b 44 1e 56 7c bb 76 a6 // 10 c5 c2 36 a5 a7 a5 b9 3e 54 88 9d ea 86 30 f3 c2 24 e5 17 62 7d 2f // 92 de b6 5f b1 9d 6c 58 00 f6 be 5e 45 26 88 ac 28 ba 6c 73 71 1d 78 // a4 4e 4e 57 39 7b 86 5e 35 98 f9 c1 aa fe 7c 4a f7 cb d6 ce 2d d1 1d // 24 48 7b 33 92 f4 a9 c0 f8 5c 4e 1a 30 05 1f b9 26 71 ce 48 ba b7 dd // 9e 83 48 8d e2 c6 c0 a1 9e d7 26 19 75 33 71 d4 9b 76 70 a6 cb 1a 9e // 27 4b d9 1c e5 e1 a6 19 02 dc 69 bd 7c 2b 91 d6 2c fc 11 8d fb 6a 1a // d8 94 4e 08 29 c6 e1 74 85 4c 8d 46 98 c5 77 f0 ba a1 94 32 db b9 cf // e0 5e 06 e4 28 e3 b8 c9 a6 ad e8 8d 81 82 9d 51 a3 36 ca a6 ed 63 c5 // 6a 67 0a ea 58 69 e0 3d 41 66 74 4b 19 18 f4 78 5e 06 d3 2c 16 7f cb // f7 fc 3d 66 f1 be 0c ad ac 64 86 a9 bc e1 18 b0 0d ce 07 c7 0b 96 8c // 07 2f 1e 3f a6 d2 e1 46 fd 03 9b 33 70 01 89 fa 8d a0 00 23 25 ee 2d // 99 a6 35 4f be 58 ad a8 74 04 b8 a0 1c 13 8d f5 d0 04 20 fe 8e 04 86 // 35 72 f2 6e c1 96 2a 2e e9 48 80 55 bf 26 af 30 74 f9 ef cc a0 0e 25 // aa f4 38 46 da a5 7a 0c 07 5a 73 b7 5d fb fb 97 bb 8a fb e4 a8 dd f6 // c6 81 79 05 32 8c bb 88 c1 e8 ec 9f d6 5f a3 7b 83 c2 a3 bb 7a 8b 49 // b3 c3 b9 a4 7f cd 8a 2b 91 7b 38 39 2f 6d 09 af e3 22 ec 87 75 ce 0b // 8d 24 4d 04 01 ca 48 a7 0a 5b e6 df 48 32 cf 2f 10 63 8b 12 d4 a3 32 // f1 69 f1 7d a8 89 7f 0e 3f 81 f3 5f 25 83 76 26 3e ab 48 8a 7d 90 39 // 8b 6a f3 a2 74 9d dd e4 5c 62 1b f1 8f a1 14 74 f6 a5 3a fd 38 8a 1e // ba 00 26 50 73 02 23 c8 c5 52 ad 65 57 9e 50 1d 58 ab 77 3e 14 55 5f // d2 42 9b 04 7f df ca 2d 73 c2 c1 a3 54 64 06 a0 63 a9 70 21 4a db 4f // df 7f 43 5c 2a f8 02 38 b4 84 b9 6a 36 a2 9e f8 06 82 76 61 6c e7 ae // 67 0c b0 94 bf fe 5e 21 41 44 c0 a6 3a ce 64 7f 32 8f 80 ab 34 b2 fc // 42 05 02 0e e8 89 0a 14 0a c6 41 d4 7e 3f 36 23 37 84 8c c0 2a d3 48 // 5c 24 9e d7 85 a4 67 93 74 71 6a c4 ae 13 43 f1 2b c4 41 19 bf 69 88 // 8e 3c 0c 62 a8 37 d4 fd 69 17 61 bc 32 b9 49 74 3b bc 40 75 45 c3 1c // 5c cd d0 da df 3e a3 63 45 e6 24 66 b1 29 6a 48 74 b8 e0 d2 51 ad 40 // d4 72 8f ae 10 a9 de b6 69 c1 4b c0 0f 94 c0 59 e0 75 c5 ca eb 69 73 // 8c ad f2 03 13 7e cc 04 57 ed 81 1d 86 4a de 11 70 09 3c 2b b2 14 f0 // f9 f2 80 4a e4 0e ae c4 7c 49 cc f2 5a d1 9f f1 4b 76 ec 88 a6 9b f8 // c2 2e c3 4e b3 a4 1c d3 ce 2e 24 5c 02 d9 6c fb 9e d7 61 45 d4 76 5a // c1 48 9e 9a 38 6b 1e c8 04 7e ea 29 3a 3d 8c 1e 58 17 31 c9 8f be c7 // 96 55 0b c7 3f 01 be 2b be 2c f9 54 a8 8c 6f 51 95 cf 28 dc 26 18 09 // d3 1b b2 a4 cd e7 60 73 39 16 01 a5 dc 2e 66 2e 2a 13 95 97 f4 8d 33 // 32 10 a2 94 eb e7 31 24 6b a4 35 6e 69 8a f8 61 e8 76 19 70 8e 1e 1b // 02 61 e7 10 e7 37 dd c0 9f 75 3b 74 89 28 42 98 6d d6 37 cf 05 e0 80 // ef 36 b1 35 9b 3b 7d 01 50 b5 43 62 30 d2 96 22 60 bd 6d 23 c1 ac 0d // eb a2 c5 75 fd 8d 3c 50 ea cc 5f 7f c4 f9 15 ed 1e b9 c8 d4 fd e9 e3 // 67 d4 0e a8 84 43 75 29 ec e6 9b 5d b6 36 4f 0a 00 3a f5 c0 2a 32 b5 // 5d 41 1d d7 a6 36 61 5a e5 b9 88 f8 9f bb 1b 3f d6 f3 c4 e7 43 0b ee // fe ab 39 56 ff 3b 96 5e 14 4d cb 57 17 a2 95 f7 b4 73 fc dd 98 c8 df // ee 5f 91 71 67 38 c3 58 3c 0d 94 59 96 ca 43 76 b3 38 17 31 fb 5d 30 // 58 62 88 3f bf 56 a3 f3 68 8f fd b9 ff 9f a1 aa ec de d1 41 a0 91 d1 // 69 67 7c 81 54 16 53 8e 5c 2b a7 7e 9b 00 a0 b1 d7 ce 3f ba f5 7a 8f // 3d 66 3f 6a 74 48 aa 89 8d 33 f7 62 f4 0a 6c 05 c1 82 7a 25 c4 ab 54 // b9 41 dd 05 ad 36 4f 8c c4 96 2f 8c 7f 9d 16 b8 60 b9 df e1 98 67 40 // e5 08 3f dd 9c aa b9 8b ce 3c cc 94 65 68 56 e3 9e 02 e1 dc a6 b5 4c // 17 87 9b 86 31 c1 c0 17 c3 69 a7 86 f5 97 ce 3a 08 ba 64 39 59 6c 54 // d4 93 42 ff 77 b2 22 2a 11 98 de 47 b7 1f bc cb 44 02 f1 ce 92 dc 93 // d9 7d bf cb d1 96 01 12 7b 07 fe 17 fb 06 42 d2 e8 07 b0 24 3c 53 4d // de a7 7b fa b5 ac 11 6f a6 13 5a ed e2 86 de 5c 54 9e a3 1f 21 ef 31 // 1b 98 62 26 9b fe 79 f2 81 2d f7 27 a1 7e 2b 99 e4 ac 22 4f bb dd f3 // a0 74 76 52 9f 89 92 8f 74 73 6f 65 d2 94 b1 a0 40 de af 04 55 10 ba // dc af ad 7c 38 0e 5e 41 99 6b 3d d3 24 c4 e2 f5 e8 65 1e 7c 18 71 1d // ff 19 36 19 b9 32 7a 67 2d 8c 4d 93 ad 00 5c 9d 46 f7 7f 52 87 ee c6 // 5f 66 86 5c ca 88 de bb 6e 95 f3 20 fc bc dc ee 7e 72 c4 5b 2f c0 10 // 09 65 93 20 75 15 da 93 5b b6 38 30 54 74 27 97 f8 93 d9 79 15 43 b6 // 72 a9 d4 27 ee 09 6a a5 e7 41 e6 b5 52 98 25 fe aa 9c e6 2b 0e 42 7d // 6a ba 02 d0 bc 97 cb 8b 5c fc bd 61 ab dd 03 a0 07 64 e2 45 6b 30 27 // f6 82 56 8f 3f a0 8f c0 90 c9 b3 81 de d5 a1 c4 ac 92 83 56 79 6f 70 // 65 a6 dc 35 bf a8 8c 6b 7a ea 30 5e 60 2f e9 22 f2 fe 81 c8 48 e7 49 // c4 32 7e 77 2b eb 95 1d 32 fe 67 2a e3 d0 3f 8d e5 db c9 89 52 31 a3 // 3d 4e 1a e7 a7 76 19 3a 6d d2 bc 90 92 ef da 20 21 72 a5 74 7d c9 34 // bc be 5e 36 5f a4 ef a4 34 8d 20 f0 0e e2 39 5e a0 a5 a9 52 1f 38 6f // 68 8c a7 4b 58 48 70 58 49 3a 68 c0 48 c4 22 25 2d 41 f7 55 39 66 e3 // cb 43 0f 99 37 5a 95 6f 89 81 05 00 cc 8f 9b 80 d6 fd 2a a6 f8 b9 f1 // 34 f8 09 6e 2c 15 d0 58 82 ac ab 96 f4 45 33 15 b1 9c 3b 92 b7 7d 28 // f2 c2 3d 52 b8 4b 2e bb ff eb 1b 6e 60 e6 ab 87 b3 6b ce a4 63 fc 5e // 64 eb c9 12 aa 8c b2 95 60 ac d6 af d6 b8 e9 7d 6c 7e d2 b4 2c a8 74 // c8 98 f5 48 76 28 e1 77 86 bc 00 a1 7f fe b2 39 b9 6b 6e 24 e8 56 02 // 70 6e 6f 9a cb 16 f2 38 f1 e9 44 43 0a 7b ac 8d ce f9 64 1f 59 77 60 // fc 44 62 12 3a b5 8e 5e d5 97 17 7f ca 5a c9 d3 e2 3d 06 a0 f2 26 7a // 4c 77 09 46 4b 5c 82 97 9e 45 38 28 00 8e a8 3a 53 17 23 16 59 98 e7 // ce 0f 8a 98 fe 0e a4 1d 76 fa 58 da 13 16 9c 89 a1 16 9a 4b c3 43 b2 // b6 e1 7e d3 9f a7 2b 28 e4 66 82 1c 20 98 24 c8 9e 8e 61 13 04 76 7e // f2 2a e9 f1 95 02 20 fd 84 e8 5f f9 2a 71 3b ab 65 9a 3f 6e 7f 88 ae // 8e 2b 31 78 08 6e 76 bc 0e 27 6b 9d 1f e2 ee 08 c5 df 79 3d b9 26 95 // 77 94 ae 34 12 a9 a3 f4 31 e7 27 fd a6 72 fc a4 98 79 e7 e9 5b 9a 87 // 99 c5 f9 7d 7b d1 67 89 89 94 ba a9 68 50 25 ce 22 2b f1 97 58 94 d1 // 04 58 8c 0c 6b 03 40 2c 28 3c 96 58 04 ec 7a 2d e6 fd 68 9b 37 10 8d // f4 9f 75 17 b3 dd c5 47 cd d5 d1 20 96 26 b1 4d 1b 5a 34 c1 5c 46 f6 // a5 13 6e d9 f6 d9 44 ee 68 df 65 38 96 83 f4 4d e0 57 eb f6 90 6a 2b // 77 b9 95 65 fc 4c 19 04 54 14 e1 40 ae 44 0f 3e b2 b4 2e 99 2c 98 d6 // 39 d1 ad 21 37 4e ad 5a 35 3d 03 9e fa d0 47 71 45 d9 67 60 01 ca a1 // 6b 49 06 1f 7e c9 54 7b a6 6a 48 ab 0b 10 af ef a1 b5 94 a4 2f ba 68 // 9b 9f 16 09 00 bb 66 88 02 0a 99 f3 18 e0 b7 29 0b 53 0c 65 37 c0 54 // 75 64 53 be ac 3b e0 f2 8d 86 3f 00 fe 5d 37 ed 7e 7f 60 ae 50 8a 19 // da b8 f5 1e 7e 4d 30 47 42 ef a3 ba 23 90 86 d5 8b b2 87 16 b8 0e 01 // b8 96 53 52 85 98 7a 9c 41 5c 31 08 f0 6c 55 92 78 26 f8 51 07 26 9e // 0f 33 ca 15 9a a5 65 f0 32 63 30 5b db f8 1e d6 8d 90 28 a7 8a d4 dc // b7 da 72 0d 33 dc b3 f3 19 d0 dd cd 1a 7a 74 62 f0 a1 cf 3a c4 a1 51 // 2e 90 31 82 24 7e 75 fc 3b cf 30 89 c6 1e 57 fe 0a c0 92 93 f4 6c 04 // b3 34 b3 c3 72 73 cd 8a 12 ca 1e ba bc 48 6f 05 1a de f2 a1 3b 07 b4 // 0c 0c 8a e0 2a fb 96 e2 61 89 46 31 9f 98 a3 19 b1 90 55 47 e5 19 7b // 10 84 00 85 d2 f9 77 de 9f 12 30 d9 50 5d 41 e0 2e 8d 45 ac e9 a7 65 // 0a b4 bb 2c 2d e9 69 ab 12 c2 69 3c ba bc 02 48 d7 87 87 a2 0d c9 05 // d2 b8 83 bf ea cb 53 9f ae 7c 7e 1e 89 6c cb 87 dd 20 a3 ac df aa 92 // b6 8d 8a 60 ec 22 63 11 54 15 25 19 3c 46 09 9a c3 0d 58 6c f4 2f ae // 88 7f 1d 1d f9 2d 78 65 7b 4a d5 40 33 ca db e3 46 ef d0 51 03 b8 83 // c7 b9 a0 48 6a 58 48 3b a2 f1 9f 10 6d 8a c1 2b 33 2e 09 5a 92 aa 6a // ef 0f 39 91 37 8c 20 75 ba a6 4d d4 66 17 ce 23 7a ec 8c 20 2b 53 62 // 3a 62 43 f3 51 45 68 a7 da ce 23 07 c7 23 93 49 a4 0e bc 3c b0 04 e3 // 49 de 41 4d 33 88 50 65 7c a8 a5 a5 da f9 0f 45 f6 d3 c9 bc cc b0 14 // 70 2d 43 55 76 79 88 56 1f 3d b2 06 32 1d 6a 35 87 26 54 2b b1 db 25 // bf 17 0c 47 71 fb 26 b9 41 55 0d 69 82 95 b0 59 2b c4 9c 6f b6 74 db // 06 f8 1d c2 d3 f9 e1 db 02 a3 f1 2f 26 1d 94 95 73 0e 56 12 68 88 ed // ff 00 df 75 46 3a 4a 40 66 45 fd b6 f8 e2 6a 0a f4 b7 7d 36 2a 4b e1 // de 7b 05 c3 e0 d4 1e af 33 5f cf 70 22 ce 61 cc 91 75 a8 6a 0b 4f 07 // b4 37 ab aa 8a a4 0d e9 4a 01 26 61 ec d9 6d bc b0 33 be 73 f6 3c cf // 70 2a d4 17 3f ed 41 bd ef 76 17 b6 bc fb 5c 05 c7 29 6c b1 26 7a ee // 64 6a 72 52 cc db 4b 9f e2 9f 14 e2 03 c5 b9 24 cd a9 23 cc 73 c4 b1 // f7 59 fa fe d0 47 21 5a 78 09 2a d7 34 34 ea 70 e2 95 b4 04 e2 28 19 // 49 61 98 73 81 1f de 0e 29 db 7b 21 e2 27 27 6c 13 b9 d9 a2 3b 60 a1 // 2b 3f c4 e7 08 88 1f ad 20 a1 db 88 67 23 5b ed 83 f2 f4 86 04 01 d1 // d3 08 14 02 ec 92 61 b4 a7 93 8f 63 98 7c 6b 43 59 0d 0c 45 79 1d af // ab 09 f1 af 4e 71 45 d8 a4 41 51 34 4b 21 cb b9 1c e4 3e 56 1b f2 04 // 65 47 89 b6 e2 e9 df e2 45 39 6f 22 67 5e a1 4f 62 d0 45 b9 d4 13 98 // 36 36 e9 83 aa} (length 0xfe6) // } // } // ] *(uint32_t*)0x200000000040 = 0xfe6; memcpy( (void*)0x200000000044, "\x13\xf9\x7b\xd1\x2f\x05\xa4\x53\xf0\xa4\x39\x84\x67\x1b\xf2\x30\x93\xd4" "\xee\x13\xad\x96\xe5\x2e\x9c\x7d\x92\x41\x23\xd0\xe6\xa8\x26\x62\xdc\xe5" "\x08\xfd\x6d\x8f\x0b\xd1\x2c\x5c\xbb\x70\xd3\x50\x84\x60\x32\x23\xe8\xa8" "\x19\x6e\x84\xd7\x98\x3d\x97\x98\x5a\x59\xfb\x71\xa2\xa3\x98\x4c\x3e\xd1" "\x0b\xdc\xd0\xae\x99\x15\x26\x0f\x70\x7d\xe4\x64\x2e\x9d\xc1\x3a\x7b\xd4" "\xad\x6f\x7b\x66\x13\x44\x1f\x37\x0c\x7f\x67\x9b\x86\xb9\xd3\x30\x6e\x3e" "\x12\xc6\x41\x1e\xe2\x09\x4d\x6a\xf4\xf0\x87\x32\x67\x3a\x24\x6b\x36\xfe" "\x05\x4e\xc9\x0c\x47\x8b\xfa\x3c\x53\x90\x9a\xa2\xbd\x8a\x30\xf0\x16\x2a" "\x89\x3c\xfc\x23\x3a\x83\x89\x6d\xdd\x20\x18\xd7\x6a\x67\x89\x07\xb5\x65" "\x39\x1d\x8a\xa6\x0b\xcf\x66\xbe\xee\xba\x6c\x42\x04\xc7\x6c\x29\x90\xc0" "\xbb\xee\x58\x61\x60\x68\x16\xab\xbe\x64\x67\x53\xfa\x0b\x0e\xe1\x16\x41" "\x5e\x16\x84\x78\xd6\x41\xa9\x74\xe6\x60\x9d\x6b\xd3\x46\x93\x4c\xfd\x39" "\x05\xe1\xd5\x00\x62\xcd\x40\x71\xa0\xa0\xb5\x3a\xf0\x1a\x28\x20\x60\x96" "\xe8\xaf\x4d\xaa\xf3\xc7\x4f\xa0\xde\x8d\xd8\x28\xbf\x9b\xe9\x32\x4b\x13" "\xd4\x22\x66\xb1\x81\x45\xa1\xc2\x47\x49\x2c\x60\xad\x1b\x19\x74\x23\x82" "\x09\x9a\x44\x68\xf8\xf2\xf6\x81\xb9\x18\x7c\x22\xce\xd6\x25\x05\x58\xf1" "\xc6\x96\x12\x97\x8e\x4c\x95\x7b\x88\x50\x59\xd2\x50\xe6\x7f\x0b\x53\x4b" "\x4c\x1e\x73\xb9\x35\x82\x5d\x69\xda\x68\x61\xd6\xa3\xe4\x98\x2e\x86\x15" "\xf6\x52\x50\x4c\x97\x65\xd0\x9d\x7a\xfe\x73\xe4\xb2\x88\x0f\x09\x75\x52" "\x7f\x2c\x47\x43\xa7\x61\xad\x01\x43\xad\x09\xf6\x5e\x3a\xf2\x0a\x7e\x24" "\x2a\xbd\x31\xa2\x41\xf4\xab\x83\x73\x21\x0b\xd7\x4f\x3b\xfe\xc3\x6e\x25" "\x95\xfe\x2a\x94\xa7\xe2\xed\xd9\xae\x74\x72\xed\x56\x4e\x22\xad\x85\x98" "\xaa\xcc\x1d\x5b\x97\x7e\x2e\xd8\x3d\x10\xd7\xc1\x39\xee\x64\xf4\xea\x8d" "\xf3\xd1\x39\x7b\x35\x77\x53\xe5\xc7\x71\x72\xb9\xe2\x72\xd6\xd6\xca\x20" "\xd4\xf8\xe1\xda\x6e\xdb\x38\xf5\xeb\x70\xc4\xea\x2e\xa2\x37\xf0\x98\x75" "\x94\x42\xbb\x7f\x27\x87\xf1\x97\x4f\xcb\x2d\x65\xa2\xd3\x7a\xd8\x53\x49" "\x11\xac\xe9\x65\xd5\xf6\x40\xc4\x8e\x72\x61\xd3\xd7\xb2\xd5\x77\x1a\x6a" "\xe9\xcd\xe3\xef\x13\x16\xff\x7c\xcf\xf8\xb0\x73\x67\x6c\xc8\x4c\x81\x52" "\xcc\x62\x4e\x7f\x30\x6d\x81\xcc\x78\xdf\x5b\x5b\xbc\xbb\x37\xb6\x68\x69" "\x76\xd3\x46\xd6\xb0\xee\x50\x22\x89\x03\xed\xe6\xc5\x72\xac\x49\xc1\x95" "\x4a\x57\x58\x2d\xfb\x9d\x81\x9d\x8b\x07\x9a\x0b\x50\xed\x43\xee\x2f\xb6" "\x90\xac\x72\xce\x60\xba\xc8\xe1\xbd\x4b\x5c\x1c\x03\xa9\x6c\x9c\x47\x4e" "\xfa\xcf\xe1\xe5\x21\xdc\x48\xbe\x15\x51\x2b\x78\x6f\xfc\x9d\xb7\x9e\xb0" "\xfe\x62\xe1\xe2\xef\xd5\xbf\xb5\x1b\x7e\x86\xd3\xb5\x87\xdd\x2e\x59\x3e" "\x0f\x1a\xa5\x6f\xd1\x81\xc8\x0f\x7c\xa0\x32\xd6\x82\xf7\x0a\x0b\xd0\xd7" "\x39\x1b\xa2\xbc\xfe\x54\x73\x27\x9d\xd2\xe5\x4f\x07\x14\xd5\xbd\xcb\x09" "\x94\x9b\x81\x50\x6f\xfd\xe5\x2c\x43\x20\xfc\x96\x1d\x8c\x5c\xdb\x26\xbb" "\xea\x1d\x30\x05\x26\x19\xcc\x3a\x22\xc6\x25\x7b\xe1\xe2\x9e\x09\x9c\xfd" "\x0a\x11\x9d\x63\x4f\x1d\xe0\x64\x15\x15\x1f\x43\x46\x20\x29\x5d\xd8\xea" "\x1a\xe9\x58\xe0\x78\x49\x75\xf4\x94\x0b\x25\x5a\xaf\xd6\xb1\x6f\xc1\x1a" "\xfa\xe5\xe0\x89\x32\x42\xb2\x8f\xc2\x15\x03\x86\xca\x32\xb4\x6c\xdf\xc1" "\x64\x4d\x86\x64\x3d\x83\x07\x93\x81\x70\xb5\xa4\x9c\xeb\x0f\xd3\xd6\x10" "\xfa\xa4\xd7\xc7\xed\xfb\xc7\x7d\x7e\x89\x83\x85\x5d\xe9\x91\xf1\x12\xd3" "\x1c\xe7\x11\xba\x1d\xba\xc1\x34\x34\xed\xf6\x08\xa0\x17\x4a\x15\x1c\x98" "\x1e\x7f\x15\x35\x37\xae\x2a\xaa\xfa\x5f\x03\xa0\x45\x4c\xfc\x49\xeb\x83" "\x8b\x6a\x0a\x30\xb7\xf5\x99\xcf\xe3\x15\xea\x88\x40\x9f\xec\x26\xee\xa5" "\xbb\x70\x27\x31\x4d\x28\x09\x50\xd5\xf0\x01\x1d\xe2\x45\xcb\x51\x53\x60" "\x63\x97\xef\xd8\x5d\xb9\x0e\xe1\x77\x31\xf1\x61\x64\xff\x9b\xd5\xae\x1e" "\xfc\x40\x73\x45\xab\x0e\x43\x9c\xf1\xd8\x2a\x3f\x00\x90\x6e\xfa\xef\xd6" "\x20\x50\xbf\xc9\x33\x22\x92\xa0\x57\xed\x14\xd5\x91\xf8\x6d\x94\x8e\x98" "\x57\x65\x52\xc2\x6b\xfc\x8e\x4e\x3b\xf3\x33\xf1\x1e\x31\x6e\x7a\xcd\x0a" "\x3f\x28\x73\x6e\x03\xe2\x26\x12\xe2\x7d\x5a\xc9\x36\xf3\xe9\x6d\xd8\xf4" "\x41\xf6\x58\x64\x1b\xa4\xea\xd8\xa1\xdb\x43\x97\x18\xa4\xa8\x29\x26\x46" "\x6a\x49\xff\x4d\xbf\xa6\x5a\xad\x58\xd2\x6f\x93\x39\x49\x00\x77\xc3\x6b" "\x52\x84\x6d\x8e\x0b\x64\xb8\xc8\x84\x73\xb7\x02\x30\xba\x59\xd9\x6b\x59" "\x52\xaf\xf3\xa8\x59\x53\x77\x89\x90\xd5\x3d\x47\xad\xae\x52\xe8\x8e\x4b" "\xeb\x0e\x9a\xa1\x5e\x5d\x26\x76\x71\x6c\x88\x6c\xfe\xa8\x76\xd5\x66\x45" "\x4b\x2a\xf5\xc2\x15\x49\x81\xcf\x6e\x9e\x53\x48\xa9\x57\x7d\x3e\xc4\xff" "\xcc\x4a\xc8\x08\x58\xd5\xa5\x4b\x5d\xf9\x25\xcc\x63\x8b\x4a\x5c\x97\x72" "\x9c\x0e\x2f\x6e\x4a\x42\x9b\xda\x81\xa4\x83\x4e\xa9\x15\x4c\x2e\xb1\xd2" "\x40\x2b\x48\x19\xdd\x6b\x03\x8f\xa8\x6e\x47\xfe\x7f\xd3\x56\x23\x8f\xff" "\x3d\xed\x22\x8b\x68\xd8\xa4\xb4\x95\xd1\x9d\x56\x43\xce\x80\x30\xc4\xfb" "\xbe\xd4\x2d\xdc\x77\x4a\x33\x1a\x75\x46\x97\xe0\x9b\x67\x35\xaa\xd6\x4b" "\xc3\xff\x41\x86\x43\x60\x2b\x71\x81\xf0\xe5\xb2\x6e\x74\x96\x58\xbe\x6a" "\x97\x70\x73\xac\x57\x59\xd4\x83\x10\xd6\x8e\x86\xa3\xa4\x81\x04\xc7\xcd" "\x4e\x57\x79\x15\xb0\xaf\xde\x6f\xa5\xfb\xea\x83\x41\x2d\xc1\xff\x17\x90" "\x57\x16\xc9\x55\x79\x9e\xe7\x72\xdf\xc4\xca\x80\x2e\x58\x2b\x18\xd6\xd8" "\x42\x98\xaa\x5c\x75\xdf\x38\xd1\x2b\xc8\x06\xfb\x19\x53\xb2\xbe\x14\x79" "\xaa\xee\x55\xe7\xea\x32\x24\x41\x9d\x64\xb9\x28\xa9\xa8\xae\xdb\x06\xff" "\xcc\x36\x93\xf0\x56\x53\xde\x12\x78\x8e\x85\x4f\x7d\x4c\x9e\xb1\x0b\xc8" "\xd7\x51\x85\x95\xd0\xf0\x3e\x76\xdf\xd4\x65\xb7\x90\x28\x65\xde\xb3\x78" "\x01\x5a\x86\x0e\xd4\xbf\x1d\x40\x40\xc4\x7f\x0e\x69\x92\x7d\x9b\x0c\xc6" "\xf3\x47\xa9\x60\x3f\x14\x05\x5b\x69\xaa\x2d\x47\x89\x6e\x32\x02\x38\xf5" "\x87\x39\xf4\x61\x56\xee\x62\x07\xac\x57\xbb\x1e\x13\x1f\xb1\x43\x14\x7d" "\x9e\x49\x01\x5f\x24\x33\xf4\x15\x75\x4f\x47\x61\x66\xe8\x9b\x2f\x7a\x8a" "\xb2\xb9\x66\xc1\x9b\xfd\xbe\x79\x57\x13\x62\x7e\x7e\x42\xa2\x56\x9b\x44" "\x1e\x56\x7c\xbb\x76\xa6\x10\xc5\xc2\x36\xa5\xa7\xa5\xb9\x3e\x54\x88\x9d" "\xea\x86\x30\xf3\xc2\x24\xe5\x17\x62\x7d\x2f\x92\xde\xb6\x5f\xb1\x9d\x6c" "\x58\x00\xf6\xbe\x5e\x45\x26\x88\xac\x28\xba\x6c\x73\x71\x1d\x78\xa4\x4e" "\x4e\x57\x39\x7b\x86\x5e\x35\x98\xf9\xc1\xaa\xfe\x7c\x4a\xf7\xcb\xd6\xce" "\x2d\xd1\x1d\x24\x48\x7b\x33\x92\xf4\xa9\xc0\xf8\x5c\x4e\x1a\x30\x05\x1f" "\xb9\x26\x71\xce\x48\xba\xb7\xdd\x9e\x83\x48\x8d\xe2\xc6\xc0\xa1\x9e\xd7" "\x26\x19\x75\x33\x71\xd4\x9b\x76\x70\xa6\xcb\x1a\x9e\x27\x4b\xd9\x1c\xe5" "\xe1\xa6\x19\x02\xdc\x69\xbd\x7c\x2b\x91\xd6\x2c\xfc\x11\x8d\xfb\x6a\x1a" "\xd8\x94\x4e\x08\x29\xc6\xe1\x74\x85\x4c\x8d\x46\x98\xc5\x77\xf0\xba\xa1" "\x94\x32\xdb\xb9\xcf\xe0\x5e\x06\xe4\x28\xe3\xb8\xc9\xa6\xad\xe8\x8d\x81" "\x82\x9d\x51\xa3\x36\xca\xa6\xed\x63\xc5\x6a\x67\x0a\xea\x58\x69\xe0\x3d" "\x41\x66\x74\x4b\x19\x18\xf4\x78\x5e\x06\xd3\x2c\x16\x7f\xcb\xf7\xfc\x3d" "\x66\xf1\xbe\x0c\xad\xac\x64\x86\xa9\xbc\xe1\x18\xb0\x0d\xce\x07\xc7\x0b" "\x96\x8c\x07\x2f\x1e\x3f\xa6\xd2\xe1\x46\xfd\x03\x9b\x33\x70\x01\x89\xfa" "\x8d\xa0\x00\x23\x25\xee\x2d\x99\xa6\x35\x4f\xbe\x58\xad\xa8\x74\x04\xb8" "\xa0\x1c\x13\x8d\xf5\xd0\x04\x20\xfe\x8e\x04\x86\x35\x72\xf2\x6e\xc1\x96" "\x2a\x2e\xe9\x48\x80\x55\xbf\x26\xaf\x30\x74\xf9\xef\xcc\xa0\x0e\x25\xaa" "\xf4\x38\x46\xda\xa5\x7a\x0c\x07\x5a\x73\xb7\x5d\xfb\xfb\x97\xbb\x8a\xfb" "\xe4\xa8\xdd\xf6\xc6\x81\x79\x05\x32\x8c\xbb\x88\xc1\xe8\xec\x9f\xd6\x5f" "\xa3\x7b\x83\xc2\xa3\xbb\x7a\x8b\x49\xb3\xc3\xb9\xa4\x7f\xcd\x8a\x2b\x91" "\x7b\x38\x39\x2f\x6d\x09\xaf\xe3\x22\xec\x87\x75\xce\x0b\x8d\x24\x4d\x04" "\x01\xca\x48\xa7\x0a\x5b\xe6\xdf\x48\x32\xcf\x2f\x10\x63\x8b\x12\xd4\xa3" "\x32\xf1\x69\xf1\x7d\xa8\x89\x7f\x0e\x3f\x81\xf3\x5f\x25\x83\x76\x26\x3e" "\xab\x48\x8a\x7d\x90\x39\x8b\x6a\xf3\xa2\x74\x9d\xdd\xe4\x5c\x62\x1b\xf1" "\x8f\xa1\x14\x74\xf6\xa5\x3a\xfd\x38\x8a\x1e\xba\x00\x26\x50\x73\x02\x23" "\xc8\xc5\x52\xad\x65\x57\x9e\x50\x1d\x58\xab\x77\x3e\x14\x55\x5f\xd2\x42" "\x9b\x04\x7f\xdf\xca\x2d\x73\xc2\xc1\xa3\x54\x64\x06\xa0\x63\xa9\x70\x21" "\x4a\xdb\x4f\xdf\x7f\x43\x5c\x2a\xf8\x02\x38\xb4\x84\xb9\x6a\x36\xa2\x9e" "\xf8\x06\x82\x76\x61\x6c\xe7\xae\x67\x0c\xb0\x94\xbf\xfe\x5e\x21\x41\x44" "\xc0\xa6\x3a\xce\x64\x7f\x32\x8f\x80\xab\x34\xb2\xfc\x42\x05\x02\x0e\xe8" "\x89\x0a\x14\x0a\xc6\x41\xd4\x7e\x3f\x36\x23\x37\x84\x8c\xc0\x2a\xd3\x48" "\x5c\x24\x9e\xd7\x85\xa4\x67\x93\x74\x71\x6a\xc4\xae\x13\x43\xf1\x2b\xc4" "\x41\x19\xbf\x69\x88\x8e\x3c\x0c\x62\xa8\x37\xd4\xfd\x69\x17\x61\xbc\x32" "\xb9\x49\x74\x3b\xbc\x40\x75\x45\xc3\x1c\x5c\xcd\xd0\xda\xdf\x3e\xa3\x63" "\x45\xe6\x24\x66\xb1\x29\x6a\x48\x74\xb8\xe0\xd2\x51\xad\x40\xd4\x72\x8f" "\xae\x10\xa9\xde\xb6\x69\xc1\x4b\xc0\x0f\x94\xc0\x59\xe0\x75\xc5\xca\xeb" "\x69\x73\x8c\xad\xf2\x03\x13\x7e\xcc\x04\x57\xed\x81\x1d\x86\x4a\xde\x11" "\x70\x09\x3c\x2b\xb2\x14\xf0\xf9\xf2\x80\x4a\xe4\x0e\xae\xc4\x7c\x49\xcc" "\xf2\x5a\xd1\x9f\xf1\x4b\x76\xec\x88\xa6\x9b\xf8\xc2\x2e\xc3\x4e\xb3\xa4" "\x1c\xd3\xce\x2e\x24\x5c\x02\xd9\x6c\xfb\x9e\xd7\x61\x45\xd4\x76\x5a\xc1" "\x48\x9e\x9a\x38\x6b\x1e\xc8\x04\x7e\xea\x29\x3a\x3d\x8c\x1e\x58\x17\x31" "\xc9\x8f\xbe\xc7\x96\x55\x0b\xc7\x3f\x01\xbe\x2b\xbe\x2c\xf9\x54\xa8\x8c" "\x6f\x51\x95\xcf\x28\xdc\x26\x18\x09\xd3\x1b\xb2\xa4\xcd\xe7\x60\x73\x39" "\x16\x01\xa5\xdc\x2e\x66\x2e\x2a\x13\x95\x97\xf4\x8d\x33\x32\x10\xa2\x94" "\xeb\xe7\x31\x24\x6b\xa4\x35\x6e\x69\x8a\xf8\x61\xe8\x76\x19\x70\x8e\x1e" "\x1b\x02\x61\xe7\x10\xe7\x37\xdd\xc0\x9f\x75\x3b\x74\x89\x28\x42\x98\x6d" "\xd6\x37\xcf\x05\xe0\x80\xef\x36\xb1\x35\x9b\x3b\x7d\x01\x50\xb5\x43\x62" "\x30\xd2\x96\x22\x60\xbd\x6d\x23\xc1\xac\x0d\xeb\xa2\xc5\x75\xfd\x8d\x3c" "\x50\xea\xcc\x5f\x7f\xc4\xf9\x15\xed\x1e\xb9\xc8\xd4\xfd\xe9\xe3\x67\xd4" "\x0e\xa8\x84\x43\x75\x29\xec\xe6\x9b\x5d\xb6\x36\x4f\x0a\x00\x3a\xf5\xc0" "\x2a\x32\xb5\x5d\x41\x1d\xd7\xa6\x36\x61\x5a\xe5\xb9\x88\xf8\x9f\xbb\x1b" "\x3f\xd6\xf3\xc4\xe7\x43\x0b\xee\xfe\xab\x39\x56\xff\x3b\x96\x5e\x14\x4d" "\xcb\x57\x17\xa2\x95\xf7\xb4\x73\xfc\xdd\x98\xc8\xdf\xee\x5f\x91\x71\x67" "\x38\xc3\x58\x3c\x0d\x94\x59\x96\xca\x43\x76\xb3\x38\x17\x31\xfb\x5d\x30" "\x58\x62\x88\x3f\xbf\x56\xa3\xf3\x68\x8f\xfd\xb9\xff\x9f\xa1\xaa\xec\xde" "\xd1\x41\xa0\x91\xd1\x69\x67\x7c\x81\x54\x16\x53\x8e\x5c\x2b\xa7\x7e\x9b" "\x00\xa0\xb1\xd7\xce\x3f\xba\xf5\x7a\x8f\x3d\x66\x3f\x6a\x74\x48\xaa\x89" "\x8d\x33\xf7\x62\xf4\x0a\x6c\x05\xc1\x82\x7a\x25\xc4\xab\x54\xb9\x41\xdd" "\x05\xad\x36\x4f\x8c\xc4\x96\x2f\x8c\x7f\x9d\x16\xb8\x60\xb9\xdf\xe1\x98" "\x67\x40\xe5\x08\x3f\xdd\x9c\xaa\xb9\x8b\xce\x3c\xcc\x94\x65\x68\x56\xe3" "\x9e\x02\xe1\xdc\xa6\xb5\x4c\x17\x87\x9b\x86\x31\xc1\xc0\x17\xc3\x69\xa7" "\x86\xf5\x97\xce\x3a\x08\xba\x64\x39\x59\x6c\x54\xd4\x93\x42\xff\x77\xb2" "\x22\x2a\x11\x98\xde\x47\xb7\x1f\xbc\xcb\x44\x02\xf1\xce\x92\xdc\x93\xd9" "\x7d\xbf\xcb\xd1\x96\x01\x12\x7b\x07\xfe\x17\xfb\x06\x42\xd2\xe8\x07\xb0" "\x24\x3c\x53\x4d\xde\xa7\x7b\xfa\xb5\xac\x11\x6f\xa6\x13\x5a\xed\xe2\x86" "\xde\x5c\x54\x9e\xa3\x1f\x21\xef\x31\x1b\x98\x62\x26\x9b\xfe\x79\xf2\x81" "\x2d\xf7\x27\xa1\x7e\x2b\x99\xe4\xac\x22\x4f\xbb\xdd\xf3\xa0\x74\x76\x52" "\x9f\x89\x92\x8f\x74\x73\x6f\x65\xd2\x94\xb1\xa0\x40\xde\xaf\x04\x55\x10" "\xba\xdc\xaf\xad\x7c\x38\x0e\x5e\x41\x99\x6b\x3d\xd3\x24\xc4\xe2\xf5\xe8" "\x65\x1e\x7c\x18\x71\x1d\xff\x19\x36\x19\xb9\x32\x7a\x67\x2d\x8c\x4d\x93" "\xad\x00\x5c\x9d\x46\xf7\x7f\x52\x87\xee\xc6\x5f\x66\x86\x5c\xca\x88\xde" "\xbb\x6e\x95\xf3\x20\xfc\xbc\xdc\xee\x7e\x72\xc4\x5b\x2f\xc0\x10\x09\x65" "\x93\x20\x75\x15\xda\x93\x5b\xb6\x38\x30\x54\x74\x27\x97\xf8\x93\xd9\x79" "\x15\x43\xb6\x72\xa9\xd4\x27\xee\x09\x6a\xa5\xe7\x41\xe6\xb5\x52\x98\x25" "\xfe\xaa\x9c\xe6\x2b\x0e\x42\x7d\x6a\xba\x02\xd0\xbc\x97\xcb\x8b\x5c\xfc" "\xbd\x61\xab\xdd\x03\xa0\x07\x64\xe2\x45\x6b\x30\x27\xf6\x82\x56\x8f\x3f" "\xa0\x8f\xc0\x90\xc9\xb3\x81\xde\xd5\xa1\xc4\xac\x92\x83\x56\x79\x6f\x70" "\x65\xa6\xdc\x35\xbf\xa8\x8c\x6b\x7a\xea\x30\x5e\x60\x2f\xe9\x22\xf2\xfe" "\x81\xc8\x48\xe7\x49\xc4\x32\x7e\x77\x2b\xeb\x95\x1d\x32\xfe\x67\x2a\xe3" "\xd0\x3f\x8d\xe5\xdb\xc9\x89\x52\x31\xa3\x3d\x4e\x1a\xe7\xa7\x76\x19\x3a" "\x6d\xd2\xbc\x90\x92\xef\xda\x20\x21\x72\xa5\x74\x7d\xc9\x34\xbc\xbe\x5e" "\x36\x5f\xa4\xef\xa4\x34\x8d\x20\xf0\x0e\xe2\x39\x5e\xa0\xa5\xa9\x52\x1f" "\x38\x6f\x68\x8c\xa7\x4b\x58\x48\x70\x58\x49\x3a\x68\xc0\x48\xc4\x22\x25" "\x2d\x41\xf7\x55\x39\x66\xe3\xcb\x43\x0f\x99\x37\x5a\x95\x6f\x89\x81\x05" "\x00\xcc\x8f\x9b\x80\xd6\xfd\x2a\xa6\xf8\xb9\xf1\x34\xf8\x09\x6e\x2c\x15" "\xd0\x58\x82\xac\xab\x96\xf4\x45\x33\x15\xb1\x9c\x3b\x92\xb7\x7d\x28\xf2" "\xc2\x3d\x52\xb8\x4b\x2e\xbb\xff\xeb\x1b\x6e\x60\xe6\xab\x87\xb3\x6b\xce" "\xa4\x63\xfc\x5e\x64\xeb\xc9\x12\xaa\x8c\xb2\x95\x60\xac\xd6\xaf\xd6\xb8" "\xe9\x7d\x6c\x7e\xd2\xb4\x2c\xa8\x74\xc8\x98\xf5\x48\x76\x28\xe1\x77\x86" "\xbc\x00\xa1\x7f\xfe\xb2\x39\xb9\x6b\x6e\x24\xe8\x56\x02\x70\x6e\x6f\x9a" "\xcb\x16\xf2\x38\xf1\xe9\x44\x43\x0a\x7b\xac\x8d\xce\xf9\x64\x1f\x59\x77" "\x60\xfc\x44\x62\x12\x3a\xb5\x8e\x5e\xd5\x97\x17\x7f\xca\x5a\xc9\xd3\xe2" "\x3d\x06\xa0\xf2\x26\x7a\x4c\x77\x09\x46\x4b\x5c\x82\x97\x9e\x45\x38\x28" "\x00\x8e\xa8\x3a\x53\x17\x23\x16\x59\x98\xe7\xce\x0f\x8a\x98\xfe\x0e\xa4" "\x1d\x76\xfa\x58\xda\x13\x16\x9c\x89\xa1\x16\x9a\x4b\xc3\x43\xb2\xb6\xe1" "\x7e\xd3\x9f\xa7\x2b\x28\xe4\x66\x82\x1c\x20\x98\x24\xc8\x9e\x8e\x61\x13" "\x04\x76\x7e\xf2\x2a\xe9\xf1\x95\x02\x20\xfd\x84\xe8\x5f\xf9\x2a\x71\x3b" "\xab\x65\x9a\x3f\x6e\x7f\x88\xae\x8e\x2b\x31\x78\x08\x6e\x76\xbc\x0e\x27" "\x6b\x9d\x1f\xe2\xee\x08\xc5\xdf\x79\x3d\xb9\x26\x95\x77\x94\xae\x34\x12" "\xa9\xa3\xf4\x31\xe7\x27\xfd\xa6\x72\xfc\xa4\x98\x79\xe7\xe9\x5b\x9a\x87" "\x99\xc5\xf9\x7d\x7b\xd1\x67\x89\x89\x94\xba\xa9\x68\x50\x25\xce\x22\x2b" "\xf1\x97\x58\x94\xd1\x04\x58\x8c\x0c\x6b\x03\x40\x2c\x28\x3c\x96\x58\x04" "\xec\x7a\x2d\xe6\xfd\x68\x9b\x37\x10\x8d\xf4\x9f\x75\x17\xb3\xdd\xc5\x47" "\xcd\xd5\xd1\x20\x96\x26\xb1\x4d\x1b\x5a\x34\xc1\x5c\x46\xf6\xa5\x13\x6e" "\xd9\xf6\xd9\x44\xee\x68\xdf\x65\x38\x96\x83\xf4\x4d\xe0\x57\xeb\xf6\x90" "\x6a\x2b\x77\xb9\x95\x65\xfc\x4c\x19\x04\x54\x14\xe1\x40\xae\x44\x0f\x3e" "\xb2\xb4\x2e\x99\x2c\x98\xd6\x39\xd1\xad\x21\x37\x4e\xad\x5a\x35\x3d\x03" "\x9e\xfa\xd0\x47\x71\x45\xd9\x67\x60\x01\xca\xa1\x6b\x49\x06\x1f\x7e\xc9" "\x54\x7b\xa6\x6a\x48\xab\x0b\x10\xaf\xef\xa1\xb5\x94\xa4\x2f\xba\x68\x9b" "\x9f\x16\x09\x00\xbb\x66\x88\x02\x0a\x99\xf3\x18\xe0\xb7\x29\x0b\x53\x0c" "\x65\x37\xc0\x54\x75\x64\x53\xbe\xac\x3b\xe0\xf2\x8d\x86\x3f\x00\xfe\x5d" "\x37\xed\x7e\x7f\x60\xae\x50\x8a\x19\xda\xb8\xf5\x1e\x7e\x4d\x30\x47\x42" "\xef\xa3\xba\x23\x90\x86\xd5\x8b\xb2\x87\x16\xb8\x0e\x01\xb8\x96\x53\x52" "\x85\x98\x7a\x9c\x41\x5c\x31\x08\xf0\x6c\x55\x92\x78\x26\xf8\x51\x07\x26" "\x9e\x0f\x33\xca\x15\x9a\xa5\x65\xf0\x32\x63\x30\x5b\xdb\xf8\x1e\xd6\x8d" "\x90\x28\xa7\x8a\xd4\xdc\xb7\xda\x72\x0d\x33\xdc\xb3\xf3\x19\xd0\xdd\xcd" "\x1a\x7a\x74\x62\xf0\xa1\xcf\x3a\xc4\xa1\x51\x2e\x90\x31\x82\x24\x7e\x75" "\xfc\x3b\xcf\x30\x89\xc6\x1e\x57\xfe\x0a\xc0\x92\x93\xf4\x6c\x04\xb3\x34" "\xb3\xc3\x72\x73\xcd\x8a\x12\xca\x1e\xba\xbc\x48\x6f\x05\x1a\xde\xf2\xa1" "\x3b\x07\xb4\x0c\x0c\x8a\xe0\x2a\xfb\x96\xe2\x61\x89\x46\x31\x9f\x98\xa3" "\x19\xb1\x90\x55\x47\xe5\x19\x7b\x10\x84\x00\x85\xd2\xf9\x77\xde\x9f\x12" "\x30\xd9\x50\x5d\x41\xe0\x2e\x8d\x45\xac\xe9\xa7\x65\x0a\xb4\xbb\x2c\x2d" "\xe9\x69\xab\x12\xc2\x69\x3c\xba\xbc\x02\x48\xd7\x87\x87\xa2\x0d\xc9\x05" "\xd2\xb8\x83\xbf\xea\xcb\x53\x9f\xae\x7c\x7e\x1e\x89\x6c\xcb\x87\xdd\x20" "\xa3\xac\xdf\xaa\x92\xb6\x8d\x8a\x60\xec\x22\x63\x11\x54\x15\x25\x19\x3c" "\x46\x09\x9a\xc3\x0d\x58\x6c\xf4\x2f\xae\x88\x7f\x1d\x1d\xf9\x2d\x78\x65" "\x7b\x4a\xd5\x40\x33\xca\xdb\xe3\x46\xef\xd0\x51\x03\xb8\x83\xc7\xb9\xa0" "\x48\x6a\x58\x48\x3b\xa2\xf1\x9f\x10\x6d\x8a\xc1\x2b\x33\x2e\x09\x5a\x92" "\xaa\x6a\xef\x0f\x39\x91\x37\x8c\x20\x75\xba\xa6\x4d\xd4\x66\x17\xce\x23" "\x7a\xec\x8c\x20\x2b\x53\x62\x3a\x62\x43\xf3\x51\x45\x68\xa7\xda\xce\x23" "\x07\xc7\x23\x93\x49\xa4\x0e\xbc\x3c\xb0\x04\xe3\x49\xde\x41\x4d\x33\x88" "\x50\x65\x7c\xa8\xa5\xa5\xda\xf9\x0f\x45\xf6\xd3\xc9\xbc\xcc\xb0\x14\x70" "\x2d\x43\x55\x76\x79\x88\x56\x1f\x3d\xb2\x06\x32\x1d\x6a\x35\x87\x26\x54" "\x2b\xb1\xdb\x25\xbf\x17\x0c\x47\x71\xfb\x26\xb9\x41\x55\x0d\x69\x82\x95" "\xb0\x59\x2b\xc4\x9c\x6f\xb6\x74\xdb\x06\xf8\x1d\xc2\xd3\xf9\xe1\xdb\x02" "\xa3\xf1\x2f\x26\x1d\x94\x95\x73\x0e\x56\x12\x68\x88\xed\xff\x00\xdf\x75" "\x46\x3a\x4a\x40\x66\x45\xfd\xb6\xf8\xe2\x6a\x0a\xf4\xb7\x7d\x36\x2a\x4b" "\xe1\xde\x7b\x05\xc3\xe0\xd4\x1e\xaf\x33\x5f\xcf\x70\x22\xce\x61\xcc\x91" "\x75\xa8\x6a\x0b\x4f\x07\xb4\x37\xab\xaa\x8a\xa4\x0d\xe9\x4a\x01\x26\x61" "\xec\xd9\x6d\xbc\xb0\x33\xbe\x73\xf6\x3c\xcf\x70\x2a\xd4\x17\x3f\xed\x41" "\xbd\xef\x76\x17\xb6\xbc\xfb\x5c\x05\xc7\x29\x6c\xb1\x26\x7a\xee\x64\x6a" "\x72\x52\xcc\xdb\x4b\x9f\xe2\x9f\x14\xe2\x03\xc5\xb9\x24\xcd\xa9\x23\xcc" "\x73\xc4\xb1\xf7\x59\xfa\xfe\xd0\x47\x21\x5a\x78\x09\x2a\xd7\x34\x34\xea" "\x70\xe2\x95\xb4\x04\xe2\x28\x19\x49\x61\x98\x73\x81\x1f\xde\x0e\x29\xdb" "\x7b\x21\xe2\x27\x27\x6c\x13\xb9\xd9\xa2\x3b\x60\xa1\x2b\x3f\xc4\xe7\x08" "\x88\x1f\xad\x20\xa1\xdb\x88\x67\x23\x5b\xed\x83\xf2\xf4\x86\x04\x01\xd1" "\xd3\x08\x14\x02\xec\x92\x61\xb4\xa7\x93\x8f\x63\x98\x7c\x6b\x43\x59\x0d" "\x0c\x45\x79\x1d\xaf\xab\x09\xf1\xaf\x4e\x71\x45\xd8\xa4\x41\x51\x34\x4b" "\x21\xcb\xb9\x1c\xe4\x3e\x56\x1b\xf2\x04\x65\x47\x89\xb6\xe2\xe9\xdf\xe2" "\x45\x39\x6f\x22\x67\x5e\xa1\x4f\x62\xd0\x45\xb9\xd4\x13\x98\x36\x36\xe9" "\x83\xaa", 4070); syscall(__NR_ioctl, /*fd=*/(intptr_t)-1, /*cmd=*/0x90044802, /*arg=*/0x200000000040ul); // ioctl$EVIOCRMFF arguments: [ // fd: fd_evdev (resource) // cmd: const = 0xc0085508 (4 bytes) // arg: ptr[in, int32] { // int32 = 0x1d (4 bytes) // } // ] *(uint32_t*)0x200000000500 = 0x1d; syscall(__NR_ioctl, /*fd=*/r[0], /*cmd=*/0xc0085508, /*arg=*/0x200000000500ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; }