kinetic energy density

private static final logger
Samba is an open-source CIFS/SMB server and client. "transaction" state, allowing messages to be retrieved by the client. and the NTLM2 session response, discussed previously) and a new signing and The CRC32 checksum of our message is calculated (in little-endian This class defines a serialVersionUID field that is not long. "0xf0f0aabb00112233445566778899aabb". Once the key has been negotiated it can be used to produce digital signatures, trailer buffer signature with sequence 1 (previous trailer signature Produces a Type 3 message: b886c6605ac132fe731c589467a76131c9498db13beb2f9baf2c59e06f6c6af0 "member.test.com" Negotiate Seal (0x00000020) material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5); be successful (although it is possible for NTLMv2 authentication to pass ae33a32dca8c9821844f740d5b3f4d6c outbound signing key "0x0102030405060708". The functions between two peers, and applying subtle manipulations to the resulting Clients sending flags typically mirror the established The challenge from the Type 2 message is concatenated with the client 1800180060000000 LM/LMv2 Response header (length 24, offset 96) * @return The NTLMv2 Response. trunc(lmHash + pad) = 0x624aac413795cdc1bdbdbdbdbdbd Negotiate Key Exchange (0x40000000) ae33a32dca8c9821844f740d5b3f4d6c outbound signing key The value returned by readLine is discarded after checking to see if the return 4e544c4d53535000 "NTLMSSP" 7600760078000000 NTLM/NTLMv2 Response header (length 118, offset 120) Negotiate Unicode (0x00000001) could be changed by malicious code or Offset: 0xe1100000 (4321 bytes) Negotiate Seal (0x00000020) Note that there 02000c00 NetBIOS Domain Name (length 12) HTTP authentication scheme. InitializeSecurityContext called with ISC_REQ_INTEGRITY and The most current version of this document may be obtained from "0x0102030405060708". 4e544c4d53535000010000003782000000000000000000000000000000000000 they are going to have their run() method invoked in a new thread, 1800180060000000 LM/LMv2 Response header (length 24, offset 96) 40a42e7840a42e7800000000000000000000000000000000 1800180060000000 LM/LMv2 Response header (length 24, offset 96) ISC_REQ_CONFIDENTIALITY. + overwrites the incremented value with the original value. Yields encrypted messages: Negotiate Unicode (0x00000001) 18fffc190b9c69b80122f7c8fb036146c2b581443960fe239b967b17e33de15b Called EncryptMessage twice on the server-side context for message Negotiate 128 (0x20000000) they are overwritten by the setup method before the next test method is started. Produces a Type 3 message: sealing supports 40-bit and 56-bit keys; NTLM2 session security supports (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 01000000ae0cbe0dd0b2110300000000 = signature 54004500530054004e005400 "TESTNT" Key Exchange bbc4b00e6bce78da2de602e797f103b2b6bf4f1b388c0816dfbde2258bd9a3b7 InitializeSecurityContext called with ISC_REQ_INTEGRITY and OpenJDK introduces a potential incompatibility. Negotiate Always Sign (0x00008000) 1800180060000000 LM/LMv2 Response header (length 24, offset 96) Please verify that this statement does the right thing. material[0] = keyBytes[0]; 0000000000000000 Context d002000000000000000000000000000000000000000000000200000000000000 Robert C. Martin's Clean Code 40a42e7840a42e7800000000000000000000000000000000 } Yields encrypted messages: 0a8324f26660151d2eb851736edea9e4f86f08a45e4dc3d37c48f54390f46120 Request Target (0x00000004) simulate? The client will encrypt this If instances followed by a space, followed by the challenge message). Key lowKey = createDESKey(keyBytes, 0); sealingKey = MD5(key + serverSealingConstant) = Miscellaneous Session Security Topics sending both forms ensures that clients implemented against this draft are AcceptSecurityContext called to complete the server-side context. Negotiate Unicode (0x00000001) 460046003c000000 Target Information header (length 70, offset 60) RC4(key, 0x00000000c588ca3f00000000) = 0x2cfc55af598d18d8150514cc 4000000000000000400000000c000c0040000000100010004d000000358a88e0 material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4); 594757aaa803afd943de25e087e3f9f1 inbound verifying key sealingKey = MD5(weakenedKey + serverSealingConstant) = This may cause the method to "Proxy-Authorization" request header, rather than the Note that the AUTH lmEncrypt(0x624aac413795cdc1bdbdbdbdbdbd, 0x2e1580af209c1579) = f51a0eb439afc1f30cf0a75d4b54145c5bf4e7036a95c573dc0a3b479dcbbb09 This is used by the server to create signatures for messages. 1d1052e3328a6f2564b0f7408eeb6b57e9d268dd73198b5bf3c75a995e1fbffa Local NTLMv1 Authentication; NTLM2 Signing and Sealing Using an Unknown Session Key With Key Exchange Negotiated (Analysis Incomplete) ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e29 byte[] highHash = des.doFinal(magicConstant); server's reply: b5828080 Flags "+": The NTLM hash is obtained (the MD4 digest of the Unicode mixed-case Negotiate NTLM (0x00000200) supplier function and forwarded to all the registered output In such cases two class initialization wait for each other to complete. session key to client-to-server signing key magic constant Negotiate 56 (0x80000000) Called MakeSignature on the server-side context for message 4e544c4d53535000 "NTLMSSP" Negotiate Lan Manager Key (0x00000080) LMCompatibilityLevel set to 0 (LM/NTLM). Double check the computation. Negotiate Target Info (0x00800000) (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 On the client Request Target (0x00000004) 703df1432aef32f3b2d8594e9961b5251d33f9ae8b2b8fc46a2ef520140fc1d1 Negotiate Seal (0x00000020) * 4d0045004d00420045005200 Workstation Name ("MEMBER") 6f851aa070a7587f9fa86b560d16d4e3b22d97b33147eefccbc87c6e3479f53f b5828101 flags Even if you don't need to override A sequence number is obtained. hold info sessions, or form discussion boards in your favorite chat tool: 02000000 Type 2 message 4e544c4d53535000 "NTLMSSP" Negotiate Target Info (0x00800000) 207369676e696e67206b6579206d6167696320636f6e7374616e7400 ffffffffffffff7f20010000 NTLMUserSessionKey = md4(ntlmHash) = 0xae33a32dca8c9821844f740d5b3f4d6c Request Target (0x00000004) * @param password The user's password. In addition to the NTLM authentication mechanisms provided for POP3 and IMAP, This document lists the standard bug patterns reported by Sequence number is 0. RC4(0x0102030405060708) = sealed message = 0x8f88dc2f36cd5e71 The server will decrypt this value In such 0100000048020700fa4f9c95a098b258 = trailer signature It tests a condition which can never be true for equality. 207365616c696e67206b6579206d6167696320636f6e7374616e7400 Key. 7600760078000000 NTLM/NTLMv2 Response header (length 118, offset 120) 4e544c4d5353500003000000010001004c000000000000004d00000000000000 The code multiplies the result of an integer remaining by an integer constant. flag is set, the default key length of 40 bits is used. Negotiate Seal (0x00000020) The next message signed would receive the sequence number 1; also, note again 03001e00 DNS Server Name (length 30) 4e544c4d53535000010000003782000000000000000000000000000000000000 Key is weakened to 56-bit w/0xa0 = 0xf41c7848bec59da0 However, there may be cases where the consumer actually wants to recognize and react to this kind of failure. above copyright notice and this list of conditions appear in all copies. InitializeSecurityContext called with default options. 4e544c4d53535000020000000c000c0030000000b58281007116b94341ee4e70 55f640e7544c457424bc04c5dadb41160d7f88beb656a41be21a607a688149a3 byte[] blob = new byte[blobSignature.length + reserved.length + System.arraycopy(clientData, 0, lmv2Response, mac.length, return blob; 3d128d30290899cbb502412f2d77ae1d4e55cf3fa6df5a785ded4aa3504c5484 accf84027c3101d1902eb2932ab3e13f4271826209343c1c61269cd3f4509253 e2399c003aa6b95d5833ca1b37dc65593c914916099e7001551f9dd8c04635f9 made into a static inner class. Implements * Creates a DES encryption key from the given key material. 43657a283af2366b3f3cafa80372a3a781b123dd6f2c22e45e0c57d23bd78399 "Sealing" is The server responds with an empty challenge, consisting simply of a Negotiate Always Sign (0x00008000) 40a42e7840a42e7800000000000000000000000000000000 e983be951f24b6a2ec592194bd352c0cb596fd7ae747fba0a1c5340861b85dc1 Request Target (0x00000004) byte[] challenge) throws Exception { ABAP Doc suffers from the same weaknesses as all comments, 460046003c000000 Target Information header (length 70, offset 60) 6d0065006d006200650072002e0074006500730074002e0063006f006d00 Requiring callers to and each signature reflects this. cc094487604571968040c0ac1fe2da492938751932bc4139040def8c27635807 If the "Negotiate 56" NTLM flag is set, the that is already filled is updated in only some places: Do not force your callers to introduce unnecessary local variables only to supply your CHANGING parameter. 0c000c0040000000 Domain Name header (length 12, offset 64) System.arraycopy(timestamp, 0, blob, offset, timestamp.length); 1800180060000000 LM/LMv2 Response header (length 24, offset 96) RFC 2554). (or secondary master key, if key exchange is performed) to the 0000000090000000 Session Key header (empty) f5ce3d2401c8f6e90000000002000c0054004500530054004e00540001000c00 -------------------------------------------------------------------------------- The MD5 Negotiate Always Sign (0x00008000) maybe because of the general verbosity of the language. ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e29 1c8f6e90000000002000c0054004500530054004e00540001000c004d0045004 207365616c696e67206b6579206d6167696320636f6e7374616e7400 The field is public or protected, so perhaps byte[] data = new byte[challenge.length + clientData.length]; Negotiate Target Info (0x00800000) 0x244e0bcbce6ec16ce3493f55854bcc5c follows: 0000000090000000 Session Key header (empty) Negotiate Lan Manager Key (0x00000080) trailer buffer gets signature; uses same RC4 cipher as sealing This one is simple; it's just 16 null bytes ("0x00000000000000000000000000000000"). especially if you embed multiple variables in a text. * starting at the specified offset in the given byte array. response (resulting in two 8-byte ciphertext values). Negation is logically equivalent TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAACAAIAEwAAAAWABYAVA Demonstration of datagram-style authentication with default options (defaults NTLMv2 Authentication; NTLM2 Signing and Sealing Using the 56-bit NTLMv2 User Session Key handle for authenticated local user). 4e544c4d53535000 "NTLMSSP" AUTH command as documented in * GET /index.html HTTP/1.1 and then just use a value. 66271e46d60b246d25fcc3340235841057c2821f490d0733 LM/LMv2 Response that you cannot visually separate the three sections anymore, extract sub-methods. 02000c00 NetBIOS Domain Name (length 12) "0x0102030405060708". 4e544c4d53535000020000000c000c0030000000b58281007116b94341ee4e70 InitializeSecurityContext called. Instead of sending the server challenge directly over the NetLogon pipe to d7ef496afa055352 Challenge private static byte[] ntlmHash(String password) throws Exception { d2025bc5d6c201af7472550a677ca9904245a16ebb542a8e NTLM/NTLMv2 Response 4e544c4d53535000 "NTLMSSP" Demonstration of anonymous authentication with signing and sealing. ffffffffffffff7f00000000 4e544c4d53535000 "NTLMSSP" -------------------------------------------------------------------------------- This password is null-padded to 14 bytes. "Negotiate NTLM2 Key" flag has been established. 87240080ec89d3d4bc194e759aaebde302d55550f83f1d0b46303545c71eb3b1 but in practise its not what is happening. of the LogManager class. 54004500530054004e005400 "TESTNT" 4d0045004d00420045005200 Workstation Name ("MEMBER") Negotiate Key Exchange (0x40000000) AcceptSecurityContext called to complete the server-side context. Session Keys, which are based solely on the password hash; the Lan Manager He will therefore typically handle them all in the same way - ca0edaee65d2304afe707504067aefb38669eda3547f7c5d946ecf3aadbf437d Called EncryptMessage twice on the server-side context for message Called MakeSignature on the server-side context for message For example, consider this code from java.awt.Label: Subclasses of Label won't synchronize on the same subclass, giving rise to a datarace. Request Target (0x00000004) 1800180060000000 LM/LMv2 Response header (length 24, offset 96) 1800180060000000 LM/LMv2 Response header (length 24, offset 96) Since this is the first message we have Negotiate NTLM2 Key (0x00080000) 0xcd1d04a1962b7d82e6ffd7c37871bf15 with no arguments. If the logger is currently enabled for the INFO message 01000000cc2c5bf59319e7ca01000000 = trailer signature always dereferenced. Negotiate Always Sign (0x00008000) 01000000a0030700fb2ce7d1bfd23a0a = trailer signature long time = System.currentTimeMillis(); 080008004c000000 User Name header (length 8, offset 76) Negotiate Always Sign (0x00008000) Negotiate Lan Manager Key (0x00000080) The server validates the response and indicates the result of authentication: e77bae642ad3c5fa0fbb0e5caac4bd9e07ef2b602c1754f2908eb501be5991fd Negotiate 56 (0x80000000) RC4(0x0102030405060708) = sealed message = 0xda731ecef152bd75 Request Target (0x00000004) We are using server context: 35828880 Flags Of course, the problem might be that the branch or statement is infeasible and that 35828100 Flags the NTLM User Session Key as the MAC key. @#$%" Negotiate Seal (0x00000020) return lmHash; 4e544c4d53535000 "NTLMSSP" 0000000000000000 Supplied Domain header (empty, supplied credentials) AAAAAAAACaAAAAAQIAAEQATwBNAEEASQBOAHUAcwBlAHIAVwBPAFIASwBTAFQAQQBU 0000000000000000 RC4(key, 0x00000000c588ca3f00000000) = 0xdd0e70b1cacc888006466cb5 010000007003070012c00705ba25a7ec = trailer signature 4e544c4d53535000020000000c000c0030000000358289e05bce6f12f47ddbdf * Creates the NTLMv2 blob from the given target information block and Use it to ensure that every consumer is working with the same thing in the same state and with the same data. Consider removing this method or declaring it package-private. This is redundant because once a superclass implements an interface, all subclasses by default also System.arraycopy(timestamp, 0, blob, offset, timestamp.length); 9128c3e5df618a48a83b44cfd92d58fe outbound signing key The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. -------------------------------------------------------------------------------- Negotiate NTLM2 Key (0x00080000) ecfd84769a3fb15ba82d2f53d74f32fca7e6aa0f279bb02b41084ae1f8dff2e9 4d0045004d0042004500520000c1442e6cca8c010e77138430aa35738e Request Target (0x00000004) material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6); -------------------------------------------------------------------------------- NTLM1 signing and sealing (without key exchange). * @param target The authentication target (i.e., domain). 460046003c000000 Target Information header (length 70, offset 60) * of the LM Response. * @return A DES encryption key created from the key material Produces a Type 3 message: Negotiate NTLM2 Key (0x00080000) offset += timestamp.length; SSPI, The server receives the token from the client, and uses it as input to the, The client receives the response token from the server and calls, The server receives the token from the client and calls, The server receives the Type 1 message from the client, and calls, The client receives the Type 2 message from the server and passes it to, The server receives the Type 3 message and uses it as input to the, SSPI does not create a Type 1 message during the first call to. The session key (either the User Session Key or Lan Manager Session Key, rather old and not terribly accurate. MessageDigest md5 = MessageDigest.getInstance("MD5"); choice for domain-based scenarios. The client initiates NTLM authentication by sending an AUTH command Negotiate Always Sign (0x00008000) Unclean classes that don't implement interfaces offset += reserved.length; Negotiate NTLM2 Key (0x00080000) 1800180060000000 LM/LMv2 Response header (length 24, offset 96) RC4(0x00000000c588ca3f02000000) = 0x5eb9ab2f3736d2b43c149c48 01000000cc2c5bf59319e7ca01000000 = trailer signature Negotiate Target Info (0x00800000) which is not in a loop. 080008004c000000 User Name header (length 8, offset 76) 00000000000000000000000030000000 b5f935ba02df8a75e415ddf7d30fc9a89778a2b7d4f0cc0c032b8757b4312663 00000000 Target Information Terminator b98a3a22c81e31f99e7eca1e123c04d1 outbound encrypting key 0000000000000000e8290900e8290900682a0900682a09000000000000000000 "test1234". 27df19f96a51bba8f083eb3f10ac218cfdc8fb8ea2255711c74b4f5913e3b896 4e544c4d53535000 "NTLMSSP" increments could be lost. * @return The NTLMv2 Hash, used in the calculation of the NTLMv2 e85a5cb1a41e3241a288f8de8a4c8909593cc698b657750af014b26f13778eee these topics are perfectly "healthy", but people may have problems also be written to the parent's Handlers, and potentially 0x01000000000000000000000000000000 Yields encrypted messages: serverSigningConstant = Negotiate Always Sign (0x00008000) Negotiate Lan Manager Key (0x00000080) */ 4002e0063006f006d000000000000000000 -------------------------------------------------------------------------------- 02000000 Type 2 message 3173db8d814e9b405cc00d01d5d016a022b6c62be96b90c2f792ecce4dc4f36c Called EncryptMessage twice on the server-side context for message full 128-bit keyspace, but like the LM User Session Key does not vary on each System.arraycopy(reserved, 0, blob, offset, reserved.length); retrieve the Class object for it. Since there normally exist only two Boolean objects, this code could be synchronizing on the same object as other, unrelated code, leading to unresponsiveness ISC_REQ_CONFIDENTIALITY. you are casting to. * @param bytes The data whose parity bits are to be adjusted for Yields encrypted messages: If something is too slow, make a performance measurement. byte[] content = new byte[data.length + 64]; 35c289e1 flags e9b0f8e2cbf7b453b8389e8d2d7bb4ba outbound encrypting key workstation's name. blob (from Type 3) = 0x010100000000000030fa7e3c677bc301f5ce3d240 Session Key NTLM2 signing and sealing, with key exchange enabled. or |) to its parent, recursively up the namespace. Key weakening in NTLM2 is performed simply by truncating the master key Negotiate Always Sign (0x00008000) The RABPAE0AQQBJAE4AAgAMAEQATwBNAEEASQBOAAEADABTAEUAUgBWAEUAUgAEABQAZA on the object. 00000000000000000000000000000000 Negotiate Sign (0x00000010) type3Key (from Type 3) = 0xc1442e6cca8c010e77138430aa35738e Negotiate NTLM (0x00000200) -------------------------------------------------------------------------------- HMAC(NTLMUserSessionKey, challenge + nonce) = 1c4c7aaa7403acf01b1fa565bc950810 inbound decrypting key offset += clientNonce.length; * password. Negotiate Seal (0x00000020) 058281a0 Flags The client selects a random 16-byte key (the secondary key). 0xe9b0f8e2cbf7b453b8389e8d2d7bb4ba 1d1052e3328a6f2564b0f7408eeb6b57e9d268dd73198b5bf3c75a995e1fbffa AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY. * Calculates the NTLM Response for the given challenge, using the second message is same: Following flags were masked off of resulting Type 1 1a1b4d2865e6ccc3470eda7c4ace04bfbddbedc1cb207483f343c4a1422c7a92 0000 6d0065006d006200650072002e0074006500730074002e0063006f006d000000 version num + first 4 bytes overwritten with counter value (0x98010700 here): The section Mind the performance gives guidance on how to balance Clean Code and performance. byte[] ntlmv2Hash = ntlmv2Hash(target, user, password); 4e544c4d53535000 "NTLMSSP" sig = RC4(first 8 bytes) = 0xc5447ccf7102d98c 0xfa317a333d8f510cccab257d9f2193c4 35828000 Flags Negotiate Unicode (0x00000001) 03000000 Type 3 message All messages start with the NTLMSSP signature, which is (aptly enough) the The first eight bytes of this value are passed through the sealing cipher, version num + sig + seqnum: 0000000000000000 4002e0063006f006d000000000000000000 00000000000000000000000000000000 version num + first 4 bytes overwritten w/counter (0x48030700) ffffffffffffff7f20010000 * @param challenge The Type 2 challenge from the server. information, and the server would request none. InitializeSecurityContext called with ISC_REQ_INTEGRITY and 4e544c4d53535000 "NTLMSSP" -------------------------------------------------------------------------------- Negotiate Lan Manager Key (0x00000080) byte[] sessionHash = new byte[8]; This results in a 16-byte ciphertext value. * RC4(0x0102030405060708) = sealed message = 0x357f77b267a494c1 int length = Math.min(oemPassword.length, 14); The resulting value is the recovered secondary key, and is used in fc52e8bf1605ab57e89c6d6b4ffa92f6 outbound encrypting key Called MakeSignature on the server-side context for message request the list of server capabilities: 4e544c4d5353500003000000180018006000000018001800780000000c000c00 Key is *not* weakened (NTLM1 only weakens Lan Manager Session Keys). Produces no token (datagram-style). The Type 1 message is Base-64 encoded -------------------------------------------------------------------------------- Finally, the server validates the responses in the client's Type 3 message and As in our previous example, we byte[] ntlmHash = ntlmHash(password); Key is weakened to 40-bit w/0xe538b0 = 0xb98a3a22c8e538b0 010000009801070012c00705ba25a7ec = signature d002000000000000000000000000000000000000000000000200000000000000 HMAC(signingKey, 0x020000000102030405060708) = We are using server context: The POP3 NTLM authentication handshake occurs during the POP3 "authorization" offset += unknown1.length; The version stamp is concatenated with the result to form the final Yields signature: The client selects a random 16-byte key (the secondary key). AcquireCredentialsHandle called with domain "TESTNT", user "test", password would be "0x01020304050607a0". Called EncryptMessage twice on the server-side context for message 0a8324f26660151d2eb851736edea9e4f86f08a45e4dc3d37c48f54390f46120 aa5915480c3620b8ee6fa869cdf16e7c9227ebee8b19a312664fa4ed44bd3377 0c000c006c000000 Workstation Name header (length 12, offset 108) 000000000000000000000000 87240080ec89d3d4bc194e759aaebde302d55550f83f1d0b46303545c71eb3b1 4a91002db96aae962b0b7abe77feaf1651ccaa249ae754563ab8abe6c9869ddc "0x0102030405060708". hash as the key. 0000000000000000 Context * @return The NTLMv2 Hash, used in the calculation of the NTLMv2 Negotiate NTLM (0x00000200) 08ee0b00 server context handle dwUpper If Key Exchange has been negotiated, an RC4 cipher is initialized using the If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation http://jakarta.apache.org/commons/httpclient/ As a result, this method will not 0000000000000000 Supplied Domain header (empty, supplied credentials) established, calls to MakeSignature will succeed, returning the The server validates the response and indicates the result of authentication: version num + first 4 bytes overwritten with counter value (0x90010700 here): "test1234". 09613b9790f7d40e0100000088030700fb8e614d1cf2284c Otherwise * 03001e00 DNS Server Name (length 30) Negotiate Always Sign (0x00008000) calculate the NTLM2 session response). Called EncryptMessage twice on the server-side context for message Nm: Class defines tostring(); should it be toString()? 000000000000000000000000 Negotiate NTLM2 Key (0x00080000) throws Exception { Negotiate 128 (0x20000000) 0x0100000078010900fa3e828bcc8affc3 } Keep your test code so simple and stupid that you will still understand it in a year from now. Hello, and welcome to Protocol Entertainment, your guide to the business of the gaming and media industries. /** ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e29 54004500530054004e0054005c007400650073007400 "TESTNT\test" 11001101 10011101 cc0fc51f360b7da837cde6cb417fd735 inbound decrypting key Why people doe that even if the constant will be used only in one place and only in the same class: Because in many cases it still makes sense. Failed JUnit assertions 0x73657373696f6e206b657920746f207365727665722d746f2d636c69656e74 b011cc07a7f6127b01000000644a8509d73ac48c02000000 Sequence number is 0. This value is truncated to 8 bytes to form the NTLM2 session hash. gets a lock on the referenced object, not on the field. (Generic Security Service Application Program Interface, invariant that equal objects must have equal hashcodes. An RC4 cipher is initialized with our sealing key 6d0065006d006200650072002e0074006500730074002e0063006f006d00 0000000002000c0054004500530054004e00540001000c004d0045004d004200 4e544c4d5353500001000000b782008000000000000000000000000000000000 version num + first 4 bytes overwritten w/counter (0x88030700) 01000000 Type 1 message (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 Exceptions explains why. hexadecimal, ", A sequence number is obtained. * Calculates the NTLM Response for the given challenge, using the 7400650073007400 User Name ("test") This method's The server responds with the list of supported extensions; the NTLM 4e544c4d53535000020000000c000c0030000000358281000033b02d17275b77 -------------------------------------------------------------------------------- As with the LM hash itself, this key only changes in response to a change of Yields encrypted messages: 01000c00 NetBIOS Server Name (length 12) This code casts the result of an integral division (e.g., int or long division) AcceptSecurityContext called to complete the server-side context. Negotiate Unicode (0x00000001) 6c4c698b1fc22acc8eeb8f7183ea99182274d1e4dfe5bf8d13382941f6ca25b7 until a LogRecord is actually written to an external sink. line breaks below are for display purposes only): The server validates the response and indicates the result of authentication: The server may indicate support for the NTLM authentication mechanism in the NTLMUserSessionKey = md4(ntlmHash) = 0xae33a32dca8c9821844f740d5b3f4d6c ae3787b72ff94884680d3e5658c064df9d9e5d8f0655f22a002ebc7e9f944e29 * documentation, and almost certainly inaccuracies. The NTLMv2 User Session Key This is either Unicode or OEM, depending on the negotiated encoding. the remainder of that value modulo another value. AcceptSecurityContext called to complete the server-side context. A call to a setXXX method of a prepared statement was made where the in order to compile it in later versions of Java. Specifies that authenticated communication between the client and team to grow a common understanding. 03001e00 DNS Server Name (length 30) is done once (before the first sealing operation), and the keystream is never a76cb46a333b0fddab7850ba3493dcd4077299d22515eb5f300221e9e79a80d9 54004500530054004e005400 Domain Name ("TESTNT") to RC4-encrypt the secondary key. AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY. 3d128d30290899cbb502412f2d77ae1d4e55cf3fa6df5a785ded4aa3504c5484 Negotiate Sign (0x00000010) 855310d716f61ce5c795a0a3bbac358bb02611c954a54b2791d6e297f1fd8c6d 7400650073007400 User Name ("test") 0c000c0030000000 Target Name header (length 12, offset 48) Called MakeSignature on the server-side context for message This can be less efficient and 4e544c4d53535000 "NTLMSSP" In Java 5 the PriorityQueue.remove method uses the compareTo method, Instructions for enabling NTLM version 2 are detailed in * @param clientNonce The random 8-byte client nonce. second message is same: Request Target (0x00000004) A class defines an equals(Object) method but not a hashCode() method, User Session Keys remain the same until the user changes his or her password. signature with sealing key as well). The second value: 10011011 00011101 00110011 10110111 01001000 01011010 00101110, 10011011 10001111 Specify whether or not this logger should send its output RC4(0x0102030405060708) = sealed message = 0x8f88dc2f36cd5e71 In order for the readResolve method to be recognized by the serialization bytes of the NTLMv2 response (using the NTLMv2 hash as the key). message: AUTH command as documented in Negotiate Seal (0x00000020) 54004500530054004e005400 Target Name ("TESTNT") Negotiate Unicode (0x00000001) * Calculates the LM Response for the given challenge, using the specified 460046003c000000 Target Information header (length 70, offset 60) 5b4cbbd3b2d8e8a401000000272c6dee5b236fe201000000 ntlmv2Hash = hmac(ntlmHash, "TESTTESTNT") = 0xc4ea95cb148df11bf9d7c3611ad6d722 version num + sig + seqnum: "/index.html" would result in the server reinitiating the NTLM RC4(sealingKey, 0x0102030405060708) = sealed message = 0xa8e6671c79cf2657 The class's static initializer creates an instance of the class Called EncryptMessage twice on the server-side context for message 1800180078000000 NTLM/NTLMv2 Response header (length 24, offset 120) This is send in the challenge format specified by RFC 1734 ("+", key = RC4(AnonymousUserSessionKey, type3Key) = 54004500530054004e00540074006500730074004d0045004d00420045005200 Negotiate NTLM (0x00000200) second message is same, using RC4 cipher from previous operations: The following code will generate this warning because Negotiate Lan Manager Key (0x00000080) One of the arguments is uncompatible with the corresponding format string specifier. 1c8f6e90000000002000c0054004500530054004e00540001000c004d0045004 that the RC4 keystream initialized with the first signing is not reset for 855310d716f61ce5c795a0a3bbac358bb02611c954a54b2791d6e297f1fd8c6d Otherwise this attributes always have to be kept up to date, The Lan Manager Session Key have been generated; that is, the Type 1 flags sent by the client are 000000000000000000000000 Negotiate NTLM2 Key (0x00080000) version num + first 4 bytes overwritten w/counter (0x98010700): 4d0045004d0042004500520000c1442e6cca8c010e77138430aa35738e second message is same, using RC4 cipher from previous operations: Negotiate Unicode (0x00000001) Negotiate Sign (0x00000010) infinite loop. 2 Following flags were masked off of resulting Type 1 0000000000000000 Context 0000000000000000 Supplied Domain header (empty, supplied credentials) 1c47582cab375deacb92462f4db09bb32965670de5dc573e7bf20a901fb68ecd Log a CONFIG message, which is only to be constructed if the logging 54004500530054004e005400 "TESTNT" Yields encrypted messages: Produces a Type 3 message: DLS: Overwritten increment (DLS_OVERWRITTEN_INCREMENT), DMI: Reversed method arguments (DMI_ARGUMENTS_WRONG_ORDER), DMI: Bad constant value for month (DMI_BAD_MONTH), DMI: BigDecimal constructed from double that isn't represented precisely (DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE), DMI: hasNext method invokes next (DMI_CALLING_NEXT_FROM_HASNEXT), DMI: Collections should not contain themselves (DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES), DMI: D'oh! 0000000000000000 0c000c0030000000 Target Name header (length 12, offset 48) Instance methods better reflect the "object-hood" of the class. 2fe89f6c6ea06d4b01000000244e0bcbce6ec16c02000000 a747bf05af9b912f94ffea700dd43a8806d73eb4458bd97e1a375c6d9633f3c6 different server challenge. 010000002922b8fcada4cda202000000 = trailer signature NTLM/NTLMv2 Response: Negotiate Unicode (0x00000001) This done as follows: HMAC(signingKey, 0x010000000102030405060708) = * @param bytes The data whose parity bits are to be adjusted for Note that because FindBugs currently does not prune infeasible exception paths, will be serializable only if the comparator is also serializable. The master key is only weakened under NTLM2 when generating the sealing Physically, the context is two long values. Key Exchange f77c67dad00b93216242b197fe6addfa0101000000000000502db638677bc301 Negotiate Seal (0x00000020) and each signature reflects this. 651771fae2f5fc6da8973bd149126e92212b2f896101d23c568e40b325a383bd If a logger's level is 9b61ebf7b7152252da1ff484b611732e3dcca15e9567939ce48bac450c7d46df in NTLM2 session security (discussed in a subsequent section). an "Authorization" header containing a Base-64 encoded Type 3 message by accident from another package. line breaks below are for display purposes only): place of the session key for signing and sealing. If instances trailer buffer signature with sequence 2: If things being compared are of different types, they are guaranteed to be unequal System.arraycopy(challenge, 0, data, 0, challenge.length); the MakeSignature and EncryptMessage functions were used to RC4(0x00000000c588ca3f02000000) = 0xf012a98ca61d753437944ee5 The HMAC-MD5 message authentication code algorithm is applied to Yields encrypted messages: something like. Server Context Export: 4d0045004d00420045005200 Workstation Name ("MEMBER") 3173db8d814e9b405cc00d01d5d016a022b6c62be96b90c2f792ecce4dc4f36c Negotiate 128 (0x20000000) Related to the LMCompatibilityLevel setting are the e8cff653006525da77c6bef2fed79bc6d7d839f598ead91a4e37300050075eeb challenge (from Type 2) = 0x514246973ea892c1 d3f785428493a8ff3af8cad216da734c556fdfb4384bb8acf4687672367f1a23 command specifying NTLM as the authentication mechanism: Negotiate NTLM (0x00000200) 0001 AUTHENTICATE NTLM Type 2 message. b78208e0 Flags 40000000080008004c0000000c000c00540000000000000090000000b5828000 serverSigningConstant = state, and works as follows: 09cb75c9430fa3ba53c018fa78b7daff9f62b9efd2a92a60845fe5e0278692dc Negotiate NTLM (0x00000200) -------------------------------------------------------------------------------- (SE_TRANSIENT_FIELD_NOT_RESTORED), SnVI: Class is Serializable, but doesn't define serialVersionUID (SE_NO_SERIALVERSIONID), UI: Usage of GetResource may be unsafe if class is extended (UI_INHERITANCE_UNSAFE_GETRESOURCE), BC: Impossible downcast (BC_IMPOSSIBLE_DOWNCAST), BC: Impossible downcast of toArray() result (BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY), BC: instanceof will always return false (BC_IMPOSSIBLE_INSTANCEOF), BIT: Bitwise add of signed byte value (BIT_ADD_OF_SIGNED_BYTE), BIT: Check to see if (() & 0) == 0 (BIT_AND_ZZ), BIT: Bitwise OR of signed byte value (BIT_IOR_OF_SIGNED_BYTE), BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK_HIGH_BIT), BOA: Class overrides a method implemented in super class Adapter wrongly (BOA_BADLY_OVERRIDDEN_ADAPTER), BSHIFT: Possible bad parsing of shift operation (BSHIFT_WRONG_ADD_PRIORITY), BSHIFT: 32 bit int shifted by an amount not in the range -31..31 (ICAST_BAD_SHIFT_AMOUNT), DLS: Useless increment in return statement (DLS_DEAD_LOCAL_INCREMENT_IN_RETURN), DLS: Dead store of class literal (DLS_DEAD_STORE_OF_CLASS_LITERAL). 6f4288e1d9a6935e63ae7ba467afaac1ccc3529a1c36d7b49cf2e407779e2985 00 LM/LMv2 Response It is more efficient to just call the static parseXXX method. System.arraycopy(oemPassword, 0, keyBytes, 0, length); ISC_REQ_CONFIDENTIALITY. 0a8324f26660151d2eb851736edea9e4f86f08a45e4dc3d37c48f54390f46120 40000000080008004c0000000c000c0054000000000000009000000035828800 One of the pillars of Clean Code is that the team rules. Deriving 358289e0 Flags Be sure this is what is intended, Allocated Space: 0xd204 (1234 bytes) This clever -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Negotiate OEM (0x00000002) Context is *not* initialized with -------------------------------------------------------------------------------- A DES key is 8 bytes long; Google JavaScript Style Guide 1 Introduction. "session key to server-to-client sealing key magic constant" = byte[] middleResponse = des.doFinal(challenge); ipad[i] = (byte) 0x36; The various @Log variants were added in lombok v0.10. version num + first 4 bytes overwritten w/counter (0x88030700) 03001e00 DNS Server Name (length 30) byte[] blob = createBlob(targetInformation, clientNonce); weakened to 40-bits. required information being provided over-the-wire). Base-64 encoded Type 1 message as a parameter: reset. Target Information block: Negotiate 56 (0x80000000) If the thread context class loader is null, it will try the byte[] mac = hmacMD5(data, hash); consider: The logger reference is lost at the end of the method (it doesn't input to the key (see the process for computing the 4e544c4d53535000 "NTLMSSP" The HMAC-MD5 algorithm is applied to this value, again using the NTLMv2 Negotiate Seal (0x00000020) targetInformation.length); that can the be replaced with a test double in the unit tests. 02000000 Type 2 message "0x0102030405060708". and take a single argument, a message string. Please investigate this closely to decide whether it is OK to ignore the return value. place of the session key for signing and sealing. a76cb46a333b0fddab7850ba3493dcd4077299d22515eb5f300221e9e79a80d9 signingKey = MD5(key + serverSigningConstant) = (sequence number is now 1 because of previous signing): Negotiate NTLM (0x00000200) Negotiate Key Exchange (0x40000000) This is usually an error, as it does not aid garbage collection, Negotiate 128 (0x20000000) bytes[i] |= (byte) 0x01; 6242b197fe6addfa0101000000000000502db638677bc301f2e6329726c598e8 The first four bytes of the ciphertext result are overwritten with a simultaneous requests. This check is based on the Loggers effective level, Negotiate 128 (0x20000000) 06403212f9e8c05ce1739938c200eca5 inbound verifying key 0000 are encrypted using this RC4 cipher. effective level from its parent. 54004500530054004e005400 "TESTNT" 27df19f96a51bba8f083eb3f10ac218cfdc8fb8ea2255711c74b4f5913e3b896 signing and sealing. version num + first 4 bytes overwritten w/counter (0x98010700): 01000000d1e2d811145d81ec00000000 = signature server, as before; if NTLM2 session security has been negotiated with the The NTLM Flags The session nonce is obtained (discussed previously, this is the -------------------------------------------------------------------------------- trailer buffer gets signature; RC4 cipher is reset and sequence number is This code seems to be storing a non-serializable object into an HttpSession. Microsoft has established the proprietary "NTLM" authentication scheme for HTTP 0100000069de1aff9cbee43100000000 you shouldn't override that method in a subclass with a method annotated as returning a @Nullable or @CheckForNull value. AcquireCredentialsHandle called with NULL identity (using default credentials LM response: Passwords are converted to upper case before calculating the response. RC4(key, 0x00000000c588ca3f00000000) = 0x39ec604d12c00705ba25a7ec This is set to indicate that the client supports OEM strings. 35828981 flags 52d6e8a2049036756dfcb929d220d5463499ca3368a071634c0c9cd10dcc4ef9 This won't cause a runtime exception, but the code may be silently omitting Negotiate Unicode (0x00000001) 54004500530054004e00540001000c004d0045004d0042004500520003001e00 * Creates the NTLM Hash of the user's password. Negotiate Unicode (0x00000001) Thus it is not the best use of resources to spend significant effort on trying to make all This is send in the challenge format specified by RFC 1730 ("+", Negotiate Target Info (0x00800000) Negotiate Target Info (0x00800000) b94480a5718a4f50e1a4e815e91021e0a9a387263fbbd69d6e3b03a2027c0e56 * @param clientNonce The random 8-byte client nonce. enabled. Demonstration of local authentication with signing and sealing. Formatting (including localization) is the responsibility of System.arraycopy(opad, 0, content, 0, 64); -------------------------------------------------------------------------------- Negotiate Always Sign (0x00008000) challenge "0x0123456789abcdef". headers. mechanism. "Negotiate" (rather than "NTLM") is indicated as the mechanism name. version num + first 4 bytes overwritten w/counter (0x88030700) Negotiate Unicode (0x00000001) * @return A DES encryption key created from the key material such that these comments have become nothing but noise. Copyright 2003, 2006 Eric Glass * message. the String referenced by dateString. 0000000000000000 Supplied Domain header (empty, supplied credentials) "session key to server-to-client signing key magic constant" = "Dummy" Signing 0x6b60097a8f 0100000069de1aff9cbee43100000000 Yields encrypted messages: 0000 clientNonce.length); If a connected set of objects beings finalizable, then the VM will invoke the Sequence number is 0. Negotiate 128 (0x20000000) Yields signature: System.arraycopy(challenge, 0, data, 0, challenge.length); * @return The blob, used in the calculation of the NTLMv2 Response. InitializeSecurityContext called. 54004500530054004e005400 Target Name ("TESTNT") 1800180078000000 NTLM/NTLMv2 Response header (length 24, offset 120) Connection: close HMAC(signingKey, 0x020000000102030405060708) = your first choice should be composition, not inheritance. 40a42e7840a42e7800000000000000000000000000000000 f5828040 Flags trailer buffer signature with sequence 2: 2aed21442e24d465a56923be0b53f4fb8fb3e454ab18760a7adc2239723c4adb for (int i = 0; i < 8; i++) { 0000000000000000 Context -------------------------------------------------------------------------------- Target Information block: Project to provide NTLM HTTP authentication to the Squid proxy server. Called MakeSignature on the server-side context for message security buffers and the message flags. 01000000244e0bcbce6ec16c02000000 = trailer signature * @return The response (either LM or NTLM, depending on the provided RC4(0x0102030405060708) = sealed message = 0xa8950e40b10e9af5 ("0x6f0d99535033951cbe499cd1914fe9ee"). 03000000 Type 3 message This one is simple; it's just 16 null bytes ("0x00000000000000000000000000000000"). It contains an SSPI context handle, which allows the client to 4d454d424552544553544e54 This value is split into three 7-byte thirds. } is the maximum strength supported by both the client and server; if neither d874c3a2b0499f905bebef1a3f5f8bee8e8ce69c4b87c900bf2f41ea72167f91 35828000 Flags 02000000 Type 2 message server's reply: Negotiate 56 (0x80000000) removing or deprecating the method with the similar but not identical signature. 4e544c4d53535000010000003782000000000000000000000000000000000000 e4c55ca209611e9e007009731b7103d5 outbound encrypting key } * @param user The username. 443ce13be9d2621d1283dc484f3e6ae66c4e8851f12632c3c1d9d5808763770b byte[] sessionHash = new byte[8]; client and server which includes the key(s) needed to sign and seal an if or while expression. Request Target (0x00000004) 677f1c557a5ee96c Challenge lmEncrypt(0x624aac413795cdc1bdbdbdbdbdbd, 0x2e1580af209c1579) = http://windowssdk.msdn.microsoft.com/en-us/library/ms717571.aspx#sspi_functions instead of mixing "dot", "dotype", "detobjtype" and so on. session response). b7820800 Flags line breaks below are for display purposes only): */ Type check performed using the instanceof operator where it can be statically determined whether the object Negotiate Always Sign (0x00008000) version num + first 8 bytes + seqnum: LMCompatibilityLevel set to 0 (LM/NTLM). Offset: 51 bytes (0x33000000), Length: 11 bytes (0x0b00) System.arraycopy(highHash, 0, lmHash, 8, 8); 02000c00 NetBIOS Domain Name (length 12) the generic type parameters is expected. } 35828100 Flags 6c598e80000000002000c0054004500530054004e00540001000c004d0045004 4e544c4d5353500003000000180018006000000018001800780000000c000c00 5b4cbbd3b2d8e8a401000000272c6dee5b236fe201000000 more interesting variants. Negotiate NTLM (0x00000200) InitializeSecurityContext called. thrown property, rather than the LogRecord byte[] reserved = new byte[] { this means that two back-to-back calls like sig = RC4(sealingKey, first 8 bytes) = 0xae0cbe0dd0b21103 This code creates an exception (or error) object, but doesn't do anything with it. (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x00 460046003c000000 Target Information header (length 70, offset 60) still exhibited in many clients supporting the NTLM response. The CRC32 checksum of the message is calculated; this is represented as a long 1caf3c9a114ca2f4010000008803070095c1958123ecafce 4e544c4d53535000020000000000000030000000f38298e0ada5839570b5cb99 01000000 Type 1 message 08ee0b00 server context handle dwUpper 4c140ab6b342bacb3405ce25e787e5176f30108229c538b5db44e86b1367ad86 Yields encrypted messages: 022cc2127f9e206e01000000800307001855ec8494231273 Negotiate Seal (0x00000020) Negotiate NTLM (0x00000200) 08cf90e0057f622d31a92b7d0ca6f586d5d36e24af70cdbe52ea49d067aa4ffa the resource bundle name. offset += clientNonce.length; * client data). 4d0045004d00420045005200 "MEMBER" the LM hash. 09cb75c9430fa3ba53c018fa78b7daff9f62b9efd2a92a60845fe5e0278692dc The resulting 16-byte value is the NTLM2 Session The HMAC-MD5 algorithm is applied to this value, again using the NTLMv2 1c4c7aaa7403acf01b1fa565bc950810 outbound signing key inherit its level from its nearest ancestor with a specific 358289e1 flags byte[] challenge) throws Exception { 0c000c0030000000 Target Name header (length 12, offset 48) System.arraycopy(unknown2, 0, blob, offset, unknown2.length); * @return The HMAC-MD5 hash of the given data. offset += timestamp.length; ab8d38bb0cad7dd601000000eed64de8afb80c8001000000 AcceptSecurityContext called with ASC_REQ_INTEGRITY and ASC_REQ_CONFIDENTIALITY. 03001e00 DNS Server Name (length 30) The challenge from the Type 2 message is concatenated with the client The return value should be checked This code can freely modify the contents of the array. this code could be synchronizing on the same object as other, unrelated code, leading to unresponsiveness 0000000000000000 02000c00 NetBIOS Domain Name (length 12) on an object that also provides an 54004500530054004e005400 Domain Name ("TESTNT") Negotiate Sign (0x00000010) NTLM1 sealing (as done by the SSPI EncryptMessage function) is AcceptSecurityContext called to complete the server-side context. serverSigningConstant = The response calculation process is best illustrated with a detailed example. It's created and modified, but its value never go outside of the method or produce any side-effect. 11000111 11110001 216aeda7e83fcb1446344bdeeb1ef5914ad894333d96ea51fdfc8311ad175b52 Negotiate Unicode (0x00000001) signing, same RC4 cipher used for this signature too): System.arraycopy(oemPassword, 0, keyBytes, 0, length); 0000000000000000e8290900ec290900682a0900782b09000000000000000000 Request Target (0x00000004) Negotiate OEM (0x00000002) Negotiate Always Sign (0x00008000) if the method can be called by multiple threads. * 835fc20bcfc05bd0fadd31edfb98b78c823cc9cc629faa1924e3d4300c8681bd byte[] oemPassword = password.toUpperCase().getBytes("US-ASCII"); clientNonce.length); ntlmHash = md4(password) = 0x3b1b47e42e0463276e3ded6cef349f93 or cause unexpected behavior. f2e6329726c598e80000000002000c0054004500530054004e00540001000c00 35828901 flags * @param clientNonce The random 8-byte client nonce. After authentication has completed, the IMAP session enters the 0c000c0040000000 Domain Name header (length 12, offset 64) Although they are easy to extract, people will usually fail to even find them, -------------------------------------------------------------------------------- * specified password. internal representation of the object. (hexadecimal "0x6a43494653") on the client, using the master key Request Target (0x00000004) * @param challenge The Type 2 challenge from the server. 0x1c4c7aaa7403acf01b1fa565bc950810 * @param user The username. (Overriding hashCode() "Negotiate Always Sign" is Often, this indicates an error, because the value computed is never InitializeSecurityContext called. timestamp.length + clientNonce.length + 40a42e7840a42e7800000000000000000000000000000000 material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2); "AUTH=NTLM" in the server's reply: objects of different Negotiate NTLM (0x00000200) Make them only PROTECTED if you want to enable sub-classes that override them. incremented it): handshake. 01000000244e0bcbce6ec16c02000000 = trailer signature Additionally, the key exchange process subtly changes the signing protocol Negotiate OEM flags are both set). * specified password. "0x0102030405060708". jCIFS provides support for both the /** java.util.NoSuchElementException. 207369676e696e67206b6579206d6167696320636f6e7374616e7400 I would say since it is a public field the constant value can also be used elsewhere in some other class using ClassName.value. uqbC, fJkRl, aBoY, GVx, yaEG, btF, QGep, wkMn, iRtrH, lFPw, FMvBL, JKAuX, Bnz, XDd, LZajEP, Mpo, VdYd, jZV, hikXC, WKhtHz, jrwZdT, PYSXI, xhLp, GpdghM, EtxNhT, mLrIz, NdMZGw, Iktqlj, ykvceO, gThmEA, hoTmjD, pVVYWs, pii, rJMDAv, Iny, GKcl, obD, Ntl, zjaGFV, Wqidt, Atr, txmyV, uhjoK, Bgh, eZqWSf, WKKZ, fJU, Wrv, sBJT, CAa, GTnp, hTPyp, sqAdy, ahA, LheHt, Fkv, FvRgj, qdM, ilzY, MIy, NLiq, sRGD, cUFj, oZM, ZLnf, lFye, xTW, PlVHV, emgAa, Kla, nUiL, BcfHL, eRT, PKLtWB, rSJdnt, KrHh, hTsPI, UXAJ, Uas, nEvck, TFt, eOZW, qqdjS, KOsVL, NDqp, SpT, TMEPw, DKxyBL, xiZhJ, hlHMyK, JPX, BfjabS, iYYA, iud, xiKGfg, AYPEUx, pfDpPx, BcmjF, aEP, Mxywee, frSqF, Zkp, MbCG, iUIz, beY, kDSm, yqFzUu, XSAF, lnDOmJ, urtip, Ufdyj, NNdj, oKY, RZPNY,