Walk through 2024-01-19 Encrypted Database Challenge

Background

I've been playing with SQLCipher encrypted databases while researching how Signal stores content on local devices. I decided I wanted to share some of those learnings with the rest of you through a challenge.

The Challenge

You were presented with base64 encoded gzip data (content at the bottom of the blog for brevity). There is no obfuscation involved here, it's just the mechanism to post it into the tweet. If you have viewed other challenges I have posted, or are exposed frequently to base64 encoded gzip archives, this is familiar to you by now.

However, a 'gotcha' that could have messed with you is if you recognized right away the base64 gzip and decided to decode and decompress it into the original binary without giving it a second thought. An example of that would be this:

pbpaste| base64 -d | gunzip > decoded.bin

file decoded.bin

Good luck to you trying to figure out what this blob of data is. It's entirely encrypted with aes-256-cbc and a random and changing per page initialization vector. Absent any leads you may have got from my tweets, you would be pretty hosed at this point. In a previous blog I mentioned how gzip can (but is not required to) store metadata such as the internal file name and timestamps. The point is to perform an operation, examine the results, and continue. If you rushed this step, it was painful. One technique I like to use is piping to the file command. If you use a dash, it tells the file command to read from standard in (stdin)

pbpaste | base64 -d | file -

This metadata, specifically the name of the file, is a critical lead. At this point you believe this is an encrypted sqlite database. You recall I have been tweeting about how Signal stores content on local devices in an SQLCipher encrypted sqlite database named db.sqlite, so you begin researching how to decrypt it. There are a lot of options. I will cover a few of them, but undoubtedly there are more.

SQLCipher Command Line and Manual Password Guessing

sqlcipher db.sqlite
SQLite version 3.44.2 2023-11-24 11:41:44 (SQLCipher 4.5.6 community)
Enter ".help" for usage hints.
sqlite> .table
Error: file is not a database
sqlite> PRAGMA key = "attribution";
ok
sqlite> .table
Error: file is not a database
sqlite> PRAGMA key = "imposecost";
ok
sqlite> .table
passwords
sqlite>

I decided that password reuse was going to be a factor in this challenge, as I have presented you with other challenges where "imposecost" is the password, and this challenge can be fairly hard if the password is complex or obscure. What you see in the screenshot is launching sqlcipher and connecting it to db.sqlite. I use the .table command to attempt to read the database, and of course it fails. However, that failure is consistent and is going to be relevant for another technique we will discuss. I attempted a couple of previously used passwords, which are defined with PRAGMA key = "<password>". Irrelevant Side Note: With Signal, the raw key is stored in plaintext, but it is provided with the following format: PRAGMA key = "x'<raw hex key from the config.json file>'".

After each setting of the password, I receive an "ok" message. This message only means I was successful in defining the key; it doesn't mean that it's the right key. This is why I must run some follow-on command on the database to check if the error is the same or if I get the tables. We see once I give it the password "imposecost" I get the table "passwords". That's an excellent sign. I can move on to exploiting the next phase.

Alternative: DB Browser for SQLite and Manual Password Guessing

One participant in the challenge used this approach. It's essentially the same as the sqlcipher approach, but it's admittedly faster if you are picking a manual password guessing approach.

With this, you launch DB Browser, and click Open Database. The default settings apply, as I'm not a sadist. You begin entering your password attempts until one works. The nice part about this is you aren't needing to manually define the key and check the table. You can type your guesses and hit enter as fast as you can think of them, and once you've entered the correct one, you will decrypt the database.

This approach was employed by @shmleverser, who to the best of my knowledge is the only one who has solved this challenge before publishing. I don't know who they are, but they've cutting through my challenges like a hot knife through butter.

This approach worked, and was more efficient than using the command line sqlcipher methods; however, if you wanted to automate a dictionary attack, you would want to look at other methods.

In discussing the approach I took with @shmleverser, they discovered there is in fact a perl script to generate a SQLCipher hash to throw at hashcat. This was a new revelation to me, and so I am including it here, but first, the hacky password guessing script.

Alternative: SQLCipher and Python Word List Iteration

Manual password guessing is fine but it's not efficient. As I pointed out earlier, the order of operations for sqlcipher is define the key, try to decrypt, if decryption fails, it won't recognize it as a database, repeat. That means all we're looking for is a non-error.

from pysqlcipher3 import dbapi2 as sqlite
# open database file
conn = sqlite.connect('db.sqlite')
c = conn.cursor()

# check password
def test_password(password):
	print(f'Testing {password}')
	c.execute(f"PRAGMA key='{password}'")
	try:
		test = c.execute("SELECT * FROM sqlite_master")
		print(f"The password is {password}")
		c.close()
		exit()


	except Exception as e:
		print(f"{password} wasn't it, full exception: {e}")

# open wordlist
def dict_attack(wordlist):

	with open(wordlist, "r") as wl:
		for line in wl:
			test_password(line.strip())

wordlist = "./wordlist.txt"

dict_attack(wordlist)

This hacky script reads each word in the word list, sets each as the key, if there's an exception, try the next, if there's not, print the password and exit. This thing wasn't written for distribution, so your mileage may vary.

Alternative: Hash Extraction and Hashcat Cracking

As mentioned earlier, speaking with @shmleverser we explored more, and he found you can in fact generate and crack hashes for SQLCipher. This perl script is the first step.

perl sqlcipher2hashcat.pl db.sqlite 2 > hash.txt
hashcat -h | grep -i sql
hashcat -m 24600 -a 0 hash.txt wordlist.txt ## Not in screenshot
hashcat hash.txt --show

We execute the perl script against the encrypted database using 2 to specify our configuration and output it to hash.txt. We identify the hash mode number is 24600 by grepping the output of hashcat's help. We fire off hashcat using our custom word list. Once it's cracked, we can show it by using hashcat hash.txt --show.

From here we can use any of the compatible tools such as sqlcipher and DB Explorer to view the decrypted database.

Second Password Cracking Challenge

Once we decrypt the database, we find there's a table called passwords, and in that table there's a password for Andrew Thompson. If you have participated in other challenges, you may recall the password hash of apr1.

sqlcipher db.sqlite -cmd "PRAGMA key = 'imposecost'; SELECT password FROM passwords WHERE first_name = 'Andrew';"

$apr1$impose$sssx3P2.Dv6gI8.DVmduK0

We throw this hash into a file determine the appropriate configuration of hashcat as done previously, and let it rip.

That gives us our 10% off coupon code: beatdown

Thanks for participating and for reading. If you did something different and would like to see your approach represented here, let me know.

Appendix

Tools

SQLCipher: https://github.com/sqlcipher/sqlcipher

pysqlcipher3: https://github.com/rigglemania/pysqlcipher3

hashcat: https://github.com/hashcat/hashcat

DB Browser: https://sqlitebrowser.org/

The Original Data

H4sICGAsq2UAA2RiLnNxbGl0ZQABACD/34JcZe0AnXsOnDr3WJYFCl6pMh6VmMjTFhEjAVmiGaa/Qj+npQbZ+Rob/Rac8+C4k9iyJ/sDUVZLFWSeAR0ySRLJWF78hP26W/MnD7n7zTs2v62jlAZfiRLkN8mWDsebgfBvvSzOvNdURw8oHUk2SZ8H1/N6gV4hAzBa6zFO/NzUCTxjoL4gDqrZyBjvhE7n/1QAZwXR0fKCu/MvHY/w0Pt01RfHP5DaHkrOSrAFATbY7pSzabiIuO46d4b9km0+75D1hMuwFDlioGkqua4qfeB+v6IkbSq55ICC08dN5G9jAE/XG7g5TzScXENm559aQOZ6fgR7PGyC/0aGa+BkBBmu7JpEn3/tmEiWZOBbuLnFWD//B0P+ggD8O3/Ya0L74yiuM/g7MziX7DbZ8Dj+NRWjCU9LjkhNVQrtaT1Yp3QdsQamSzD2rxUTYUNis4tFqpV9xOMdWxjQeyF4y3q8kl2NY+Fp6kqPEtz64WK78n+xv5FCuVlsCx33SxaQWj6YCzcjp0SBossIHN+C/3SXlzDiDSWLFdnEwb8IoTY2SkW+SjI0BRbbznh9JeSjYhoF53gQ/RSvUodlrPlm6OWX12l76VF27uMcQ+AbENIXAjYgcqYNETf1GNEXzAfTBQUkYlBMjzUzPu7zhEa2IEmnlFL3mSSQvRbSGVVY9GRQYNY+AWAj4dfOE8I1xX289roWnGOa4JDQ8DWKEzddzr+DJLBOOzG4BUlzfyjHj9WaSfP3XbLxuGF4DgVu0iqZ811JNPkc/D3Ysx8wkpz7eyTF8ksJq7WlkM4jyIf9bzFtknEFK22XN7A7IJ7OPDnojsliO2+I4QQxtuJD+F9x/TPr8ptpWEy39TaQb/LftnE1kynpCYVT/DBwDfzE8omx4zG9osBCKFex/w7RKDTJL7aSBW1PYZiJFv+XzEqPcu2pHiJpxjpq+ay4jLUcMFYZ3Xy/vizcCT5cGEFs21YL7/rB5MyUvOkXSgHk8+orcIPWXiz8LOKkU6gWFLy0K9STtgJg/eq7AEQfZ9qY7GT3KP9KdDxkFyG8tvDQ9LnsUK7lUjY6hlEFyQiwzAwRyTq6Lar0Ju/WpREgp/U7vkepPv6SFWIwbgHguqTN5yl1/OXnPAGmWvzQcgDDQUR1U/TRbzePpy9GYbuo2qnSFuZjncylsbYsW492E/j30leWuayGXHOVu1kmxMgVKx//ry8ZhKEx6eX/r428JKBuDnzCjA8nonfR1GvdIJFA4IVvrZcur73MLDNaWH25tXMIEK5KNvuiW4s/TWIeYE544Y/s1ykKaimoHkjIUiHBWKcvF7y+RQHEZmaI17RwwxhtY9rSpir+/lKGKWc4xBDS4hTyif8sPyYyfakrjb4uTyg34VoI1SAT0XhGyxUJZy/ynOKkbEYYxTlC6yfKVmTaLzrm1zYMex99/XnK5PKRHOp6ZZ1Obp7ets/OVBDXhp07FXQfc5TElOdA6Irhn1/VHbwReJC3vT8xd5oGNXOMnwwUoCokop4cFYa66Pe4GXDYp6e3/0mlBRAqdPVXLTp/x32xGdAV0x4gCgXvSMYdcxtMbxng9hiW2/QT0grgc+s1pebBGqUNerv8Pap/NTNGPPNE/gzEaaCwduINfy0hiPcMlcvN70FmRKLqmQMIaKMhrRNqYRWfmdBv9F+JWErtC9j7/t2oVSZYCg0Cq9hndUYcm8xSjg0rSgWbg8/wjngz9ASXmhZyd58gVI9JHl2oFKNKz+IJpM4wXYumU/saio1ESBLHbSx2h4dTZCSkpLL9QVL430zqPj2NcCh2BtdLE31O1H206GgHRK/HURuxN/hKnMDFY7YfvRrmqkMdbcN4PXtyXooX3ChwIDuRWrGfxZYHcqz4PdYtLcOzTX68TPEmtBC5YWz4AKW3rIW39BUPTkr1ejVkX4LZCnDKINFenE2paJgiBaliZfXbj51PFJepWo/JIIqfjFUmmWANj0EaQ3JEOIjhBnY59Q4Lx6vzHA9owmPPZkrzt7D0n+ubAwDN8rVGvn0/f1bT1GAPbcXUx3vQiCxGDIls7Zeju2dlTohp6T+w5XUy4Z7v9T48pFNnGDZ0WJ0xIe2Z7oqIKwewN34DVyik50f+oYDPAU2lKufCNysohEkdTwVeAxnlYy08FOBCVWFgq2wBueormtp9Yl44uxtLLBY6nihPj2V0yEjSWpkcG7qLdMtlXzXwvNus2XjXohEqk/cao/0AQnAWShdrELruLOnq0Q1VB5pnhn8S84eqUOOdWiZTeQgmQRpv8ZguKzxHEb0CPmbNxEay1GmT+CfzbGJdpAj0pDVFgHzasy9YJiBGJNDmToQeaoDYt/4Mo3ExPLwH6Wvud2gwD98JHae15ILyXPs8dGHsbGU89eCOTKRN51+6/XiZRmbM+oR8dCjC5LbEl6i9gjKpCEvpSPbacoMeARYRyOhAfrs1PpeRyQdIkGd5lCobg8keXvLm+pQvcY1JGI+WlE20zh+YwQz9Jv5ixBLoVnnJo6rFw8fkg70PXw1XHd++TwGtY2ipMA+Umh/MzkctlpPuYrMOA12G+xofwYVHo+SczKB5YzzJob5EeRcWOGdzaaB2YYlyppOWpuQx75p/xqJRKSMQnytGpqcFqNxZZwXAYkABACpGYnGo+udQCVRhXbjNZg6GQuFcYUQOKte8knAicljv6JFLZL73LPjgjsa7xBHDT3drKJSGZYkmgwaS99bsTemh6/csp9ALlI2v7/fu7gFkI8dbAGRUQ8a+iTQ4NKqK3yVLd0mMRyotOOKEtvpZ63fAP0Ym9u6YmNqVB3XinOtHjzedsMz1wuKW9QgJmHxIsPuG18jMRUIlyZhZKx8kVR1gMY5luPAL/ZluO3X0c1X8HuzmBXHJcUFwvs6xGjwl+bbm0ylfKQiyJEhjgV8Il2xkMCwAaqVdzmFlNmQIyUu/ZL4lFvUJCDnC83YTUdh/MfB89l3xfOijTOil4mRbwxnMdG5QkoNJL+Fix6Xgtr0e9ofgdpzWTO39AHbGV0yt3LetA64G4TCIhy/TnzlvWPCg53cfNrCUdRW7ZrzFs8lU73JJT5NEVffeQfmD8CycA4J3C7qklI3pg91OemRUnEbWUWaYjkD1a7mmgmhgXrDFZqUzBQ+Xyi04+0xSfpU97eov4WM5HbN43MLXc67JeKserbEw4mVvDokosYlLres6eRhl9W9bF0htNAkfehXUMS4FfEFuK7+ePV/ldk6P/yfhMYjM7PbgAWK2TgNVHVsTiT8A08PFeLAwkquqggoyS9fJjFQZQPXuMm/zznMVi6ow5pNdV1Kejny2s8eq/ERmWU+dQMZMF/EJEpKdDUXU8QuW/YPC+8BlsIp1odiJ9RST9sI9RqZOt4kGdDp15AoKb/VUjBogbUTN9GQlc7T9jR3xDdN0DlhrdtnDMp/gf8hycNtJCn8vWMzyX4oEWY6KSfxXMxb/KqO8pckqL9/+b8mYcZ5dD6UG2NL+adDVVNKC35NB7fMXVjHyTogqnsrrFiHPY8kCNTgc0/ZLTK9OvtoJwiW+33MxyBw8znMMbKGyQ9r+vBQM4V+B3vY6UPfH6TpnSsPrZF0uLIGlCPQby6+Lx+rkEaL9f6yV1vp5UtUt/QElXs8bHVxa9JIanNxrh2oNf7OmfCw1HvceEAu0NtSAItPy1+EJbw9w0V88KR6eq31rekCvqLCPibI/PEXRhPgiMxKuyJf3Qwx+b8zKwJmIR5BLfWIofpM03XD4Qodp3+aaFCL8NN7UorfDFcmj28QA/YsBgNuXLbeEM000mHtoOEaAiVkjeA7jJgXOytWTU+LacjjeNrdVyvRjrXTgPGxW7UPfOAZ+Qio1UPGcckx5QqXtaogP/Vl9YrjoCyPE53ujoCvmGvcsspP7psdJ1dxfh7kHA58IEalFzEVHiX8pB40t7zuZ0SIQ5GB8TqEA0+/cJqtudWomgv+rI2wsTnluDIBk8AhkRLvMlXVEw/XeT3/hw3L2otsyO0NHcB3WIIdjk3IeNoMXHE80w3Y+7I3ms2n8GfIbbjtTymkjlDHaz5xjFKPqif5+69udwkpDP8aaawszkq0tvtdk91XJF/4fYSWtJ6SJnttu5/TyR9HAULQD8aUnXYjDrNCK3SN8nHPG28J9oh1/9NfB6vRs/wmm3UptTnSe2zPwWzVloYns3JS6+QTtqP5ZVciXPNJeAvgrDXuAqZA3PRCo8dFqIALJXcdeBRp22nDx/DjcI7+02+0q0fr8relM0X4lKGFSsZaN5kgyqPkIX8goH7YwB+lPTj/RHruyYSa4tc8KFs5wPSmQndCZpMzKEwXzWJmcoX//FAw5OLGkZFgdBgmCK6dKJemgi0yOZAkKEq7MMS89lA85EzQdX0TGOckH19kMDrDJG8rsacgL2ZZ5J8ALgorCpSpZ5XD3B6zglpgRplc2YRioIFYsdz1kp1UsX0t/CLXxx6Rr5xXqJf4JNkUQPn/FPfzQxF5Yf8WlhTu6eGjUvYtN3jpysJAoxlrKdk1pM/Lp6WOL9Q0lhR69p98kKmvLdBv7DB1vSwypkxK9x76vJkgZpD2Lo3AYh80vnSqqCwNqLt27jluJu07llt3T+SzdA1wDyaB3K9UndrUI8RLxPghskjCfcgjE2kSbteykm8iDXXH0AG17HVoxp25VmJlBJzoW8NCqObtdXdwwXu5CWB/pX886bd/Y455gUI+0bkbK6lf3LUx0ebFOIdo1G1rXbzNeWJ1x+XjIh7aGYcCGZyXgASCBKAWbdAF/+jXXC3leN49GwnZAAGh1KtUAhPrFaqUAlp6OBWiyECS+Tt62DneAo9nebYyknPQEWSg7Ve9j7nh7JNd0DLRlmvlbiTtCdZxDunqFvuh6SJDUDphpCwnxootJTjXlIkMETOvzqKJLdiHn6dJoO7L4nPuL/vEqs5CFhjMn3XSBqRxbLlmyWzuyHeeqG0uEj73hejCh2A7rhiIssU4ObUBBkrSMqBr8K0rqPN7yZuBan5pwFrzj33m5pHVHuGZfB23NK5SdKActRJK3vbJOZMu23NOLcdNiWXxK64J7LaL3ogQ8oyOql4XpvTiSBhOnhFFOesuCRqmb88fL8wQMU+059Gug4w6YcHqZMzPXeuL3q8T+mHUyPnTGmXiy0E24WtjxjOqjmrl8CHf6JbqDr+3eOfEbZyvzKkoqjmYxeLSDnEEeW3Eu+QFNkiQnsu8ep+W92DGkzzJjFkBUMcfIIAhWYs06+lNtTxOttn/LLbLo2TTAo8v5cCZ8/sO7G8l+ladyAhBnwXyxBpDCFNLD4q1LEZIwMCWr3hJ2enTXsTuENTutq8hKR1hDhDwXw+UIF9fL3Y6Oy54GkVAjvDw2O1j+6G8s81YA4wJuvZcRplq62QZOzAmP0T0YhliTlXafog7wFMvGjmWM+ocuhabOl92dAzgLX446HiI572VG2kCl7E33dCKl/KriZL9DRQENre5QGoXlkgrIsk9LtwGFp4k246x5UPxVwlfaQjyuakmrwk+ekPA8a2n08IwbLKDLiC6WBsevciE9dCpgHgANK2lwVdBvHg8sDbpwwpUCUsa+S0HArRbpdtoa0zBjusvuBNSng9LwumO3jjiom7fP91Dte8xOu/c5wjAZDhp4COsNw/OBS2aHwzlokJFIIt+Al8n9FTSa9lPiOJBpbe2nucTF43Gw2lIUlDsuTVe6dq0Wb4VGv5TpdO/eIOkU+08I5Nzg69da3wNBzHCCzV9MD7LHaIubrCX//KiG01+Olwy+gYpq6AkwZ5xTSI2k8FBKSbHY5vcKrOgr4f5RtKRWsAgBv/pHGaLczIRWclk/xIz6ChIuZYOOTjnDO0FeBOLm2m+PBQgsLpVE2JlI2rHKMpFy3aezOhWd9TFxvFo6Rclu7FC7jFVmAx8bnD4VaX1d5B4sfZ0OcDfp2iu1+FuIMIMFl3qbw5vPkLPeUzOA1RfZOCYATsoADA0yNiZeraD9RGP/NX8L3mY2uCsfgl7uOlTJQ1HqBl1KyHn/NZ5AxomLa3QeaMgs3ENu/f2yMGJUk1gtHWN/YSt03iEN2kNTG3xDBFGPvbaL1i24+VF726P5x8KAO5R3WtHJgaNpumD8v5K9RP4IXh0qQbAvD43AWf1lCDvhtSvMjRK1Z1m0yV6GcgO8zxeAVpAIBpbXYWxBNXx8Jp8Ei+fv+t9bH8KmFJs2Tjg469uNtXxJu9/6UJSlDeMGLFtyiWmw5XYAZFQtS6gQYLCFW9Gf8oJg27Wc3itdlkpAm4xit/05UXXp5iZc7hASCxPsCBrYhi6q6A+n5ejqIMGhUFdfAKjVS/tIEwMBRqb8nfGjxzrRWp5hFeOyUU+JQNUICmcMqaH3RUz/ULUnSkosiFCXd/hrzspjQUdrgZ/SuMG7bmxT8MUbk/Ke/JKCXMptOzS7gTJ826WbPaapx4apdO7wM8w+kdWahIojmVian53tSFmfmCR6BwUt6JhduvLoUy2JiHaw+eel0T3qCDDE2K/coSinJQG4uP0DZJ5AhSRDYZVnrxArkVy1fqrjhEoPmDeSwYNwGXyFgCco5kPnGCLsodW0VTTqCw7XmEZVGyStbTBPxRNe5K7PpuxiBEG8ye2X5TpVcyRjZc/zowOxfN2jJzXU2B585/fM5YEstT+Zx7sTC/KJTepCKp0/fWuLy9801jWa8ukhPDWvyDqAGqU4jqb788am/IDrXDdP0juDpY91xS23QK8UAepkqVrurcOa8bPUBKUNEDw8+9jU1ewhAUwzR7eEbcUxwJhqM2GG89C5xkkIkLYtsQxbNbRZ/Poiis2OeXNcJ31nrVbVLZNfDfHPH9XcROoynxEChNHHwkEAomBi9/o2i22yIwwuAmVmY+pcQd74XNw7KX5pg+1cSEj67crcAFVeK3jbbcY/TjBVgXhU2oscameYpFIQcaVbyaS8PQiSnPkxp+4uIzxnPbKukCsLTGUWnnC0Ka8T9gQrKhsPPRWAn9v//yNPEVXdrrPT2pvne6xjRSM1D83Aa/etzHwdE5vCMbjh5zmtNm2QQqGs8dkfba2c5CbTsiicfryG7siL6haMk1sPgclOHlI6GwQyaJw9q0GDPz2eT89GCTiJfJer38mAnW6cPzz5vldU+GpjgZIRQE53ATKo+kG4JkqmxhFN34SkkGkYBV5QnX+he1gONCXsmCvfrZVHrIFQvoeUY6QRGoCCBkMTMggozZUxKO9d3Ahj9yFLCXueoHhrKe7EzqGj+C/R+mcVDuINXwfy1Bdc0JYG4TFjnnSapaeLn4CjWNOxPxXEjQtG6OuZyW3Dlh/zi+bAzlNxYQ7Jif9zI/fSCsNFbadS/HeXLdWJAr27Xv68caraGO3ygQwdsyd7un8hutTJr3oop/jzRGOewWzzUELfq9kOPYhbivtvIr9t/K5pC64q/KZNGiuE98pXA99mhym6MzoXUkPVQ6Rp5XIGHTlgIk18rcalxQyDcIQzFfw8zxBzFEf7PZgJMg2aQw6X3O75E+JQFcgeZGHEkNWnx9TKzu893twoZDvJU9pHAU/yYUKVKFhBU0FW0fHugwoeF5Yr13P1FMGyestoPvjeQaPTuorA3PdgUZ+oZbGDX2GXBdR6tDzLX0t6ToNP2PF481mHO9C9pPtcKtTo6PAXdvBHsaGAXgzMUyNMLa5sPSCja2E79uJ5et7f389p0OjTaA1fkchBjzk9yCGVoCKL7fvfl+x4vM+XZSYECuqlHFENzKb9uOadoX58rQ37kBUmgBqJ+3MDv5eAPOxcq2zL11Gtfeuy/odP4BdpWf5L02fw3z8w3iBSIS8x2YC2/WFoGTvXAhXJBIUdXtG/7Gtkh+cFFLRILxogLuVgqBlAWb6UPJz7Dtb5sB63aDCpDY8HmI/PTz0FixxBGOLJJB0xZs5m/i3RvVrcBpz/6VJrtyo9N7aH3WW/9oZXm5Bn8qAUBViEpju3rbzhQ0u4AJSvIRQOn4BmLqdMonwlPcJk2Y15nwanl+oeAdMjit4qauoHDvzSrSb4bNay4iAnf0XIsVShVGumrSRt6qRGXtCh+ztN4/Y3Yd7PCqQCVRGHwMvGKF0KMu8jBZ2lRnSfMlY3jb585iLqfzM5sWuGuKEsWFz7ObTY53HXc3Lca/O/DjJOnzagqD1jiHJt4CxJmb3kziUModC0+PWpaaQ2Gv8jOhGYvucSPLor9bCO+EpCKERuL6GEVi30LxDEtZYJ/UKTL+rw6xEbd9Ew+9q7+3E9KvjWhURSsH6cb8olyVAoEaCS47gPwFq6ic9WEXWyxh+svF2ZYyc5E/aYipITBsrSrOM5PD3mEdLDdZgS35YNW4VTMS3jB2PHUmgKS2CijlQfN/JhMU3leZAQEpSsbz+fM9uJZV0VEr0hEmXOryKFcNClmlfkALZd6PB7u33uyq0yqg9ewQRcsk8ITiJbPmlPCqxMPj0l5RhuPZjemvX9YbZc9ZMZe7Y3D7GbDRn4UU71HVF4e7emrLn//IIWb5iuNFWT83vhrriTt/emvn4TGh18d4zj/sH1ZaPVUHVrgdjsAn1lX2dYA7FguMIClSPQ59dUKytm8eI0P9BdYMmIUy6MeGi2neWqZkARJX9ngJX8ZL/Mjfk8SfYlWyz5uYAzE+qQr37qwh/eWrflEFUI5JCx2th230RSaVN9jT8uf20kd3QxO06xkwIMRCK1g6fmG19rPAo5ud9YiGw+gBoE/wKwz8FqTEsajmhGvFB107hpV3wBXOvpP5wznwByIkVBvjgGfenAlCNPDEZCmReO1rnVqlEBeLlE1+W6N5VaF6pVq6mNqz829DyO6sDhvmSc7QqRVOcqGyQl/WjkpJSt9VLQ3WslIqV+mnyfY9K8BTwfK0Zp2KxGYsgHu1VccRQ3E5WPe3kgPz8qkVSD1MZKdteP6nMw2uk8HRCy0iubayZSXRG/kd/JKE2h5gka0uJTrN2m/HTbux/2CydJj86w3PvLSChbMIKD+iWn/X+lf5KYujosMtWzgwia323h+2KVHsMyXoJxLEJMZXlZ1NXBMVd0iVvAQ0qhUKTeSb8eKq2S17HxHzKogaBo7v+/0q+7gI4Nql+PR6D8KpKIz/4EhGTX5c1LnbGhW8hb8a0LctrtWcjLb62bKn0FMBUGQymHC7lBoL/9kFyM/sImfto0aljD+OObLZ3zr37QY45CYznM2Fo9jzXv5pGemk1whkZi2IwVbmy3+I6Qs98Z3b1V3GVyeJPVW5auqyx1WcDDQqKkLj3GJ51LZmzOM35Gn3ceJbb/fm/n6GG96qVEVyADI9zs3/4hXxfeJZULyfBzN3TyrthG+cpL6+ozwf9ZXW/u8u+qrgDG8oyfV0v6LdDKayGc1KZAS6P2GKMr8mzAVesJEUx9zmI94Yz/Oi4F3X6Ar1ldmFxodvHBb4HlXFkPgGOFLeIjtUC7UNcOnrdGRr8RXzhntpVaM2miT1oPTk2B4ejYvjCyggFVcnrV6bSWxwbFyjLbkK6pgeF3wTSLT3KqTadiOZhoU4thS80CpveqbKOu77gtdBpE7+j6RBJiNc+5THR2e7/+HiGnH9/AAEzHBSOeFW+zA7nir8UQHjiYH2D+B8JMNbJmiqtPCAvMm0Ptu8My91gfBLVsyeKk4/O3NB1Qu5vTWCAYcPzE7tAbBxvh2w2UAImO6wj/naNuoRCAbxvocTn0XyBYNvs7IB+HvxjLXv8zirPbH4LFb6oEn/HpnZCR1qmCuUVfb5OBz4ZpQfqnvGPpjiFT3Gp3litmiikUufPoeZAeCB+q3NyG9yQXoxKrQ/fRfn8SW5UXf+BNi3sJAQt7x7HHbxEMbPyz9emtcfORbF2vXWbwXQ8TceGdfdzbeU5J/vf5fe7EcWZDXnj2qrMdprCy0/DvwRY14a74ujKAOdfmXQtN/SkGraFaET0VBLF1NVZ03JxomrDs5B2lNifNjdf9BX2DuSWXlWiyAG2g0Cr5MYzz4/SmbgjKdncKpi4Rqwz2AMtseAFydJ0sCXjgx0DE+Ixn12HETmfYRZY/QErUmCHBNj3hBHMc2EUhCQ8wjYFf4GKPtB0pAm5JDuEGvmng36NWDxZQIj7sgR0WVAi3FOsLqomzFW/dfVtTxovYYZT8DwGZ+FSeZk99zF5mHCzY/SPs+GxTT7VMrpCSq57IRCBy5Y36pkQnAOpJTBMrZYXTGQoG19ellWcCSDNLFNAW0BODejcrp7VXZi8BT1V1FOOSjo58vbZ2qelFTvJNJKuJEhyA32Do8QSLDhXtjTc4rzCzaMV8t5SfmgZbFyzaz2JxtqcUjfhfOjHZYYHu1J0QyCPTtAqtdGH5aAPar6UBMXn8PgEb3SgUXNsuOyCP6fljBL6tIJWIL6XNIV2H9r+qiAHLaVn3lbPoqpQu+04J52UHel4apDBWR9Zz92kETqD59nrqA7TQziB1HNWuTra9ZiqPle2uaQIW7BmKFo4BMGOteJuB2lK4SC/3jGWkLMTYejN6j8MfeB931NfY1/lpeiWIf9yOqSjYCgqcklTn2hmx5jo3waMdLZORROPbniW98dADWvbrDoDJ5+KHYP8UvRbntcgb81qZKzQkvrTBfSfh23UX7RZ5d5fEkJjFL8GaJmKuhCUmYLsLOCo0/D9xiCYc4QPNMli1ljckcsMzJyYDoaNATfLwKLp/AgRagwgjvaKk+ajaKwXc4SRZu8BE5daf2Sd3Qck45JugshQNxGbgYhlt9mwA27R80/+6M0EvcPZ1xhoXBn5MhawBV94yCsUb66ni8aKmGXy9JX/thZuSPx6QkDNoTRDp687p/IE6I71g1bl3YjG/iY9R/eZMPGoXQo9sKRRP94fhJ6kvizm7vyR4sovEj/PEtbvz2kvd7oxijxpA/JC5rSdDdovpUdfVTuo9pWrooHz3RtwzZzg56SbLN5+pBpus4Sse1QAgAAA=