CrySyS SecChallenge 2020: Files, files everywhere
Published on 02 Mar 2020
Do you eat raw meat, or are you a vegan?
If you do, then eat this disk image.
Hint for the first course: The password is weak, it should be cracked by john using rockyou.txt within seconds.
This is a forensics challenge, definitely not a stego challenge, keep this in mind.
Categories
Forensics, Linux
Files
Links
Solution
Opening the file in a hex editor shows us the familiar magic LUKS. Let’s try cracking it, with the suggested rockyou.txt: Running hashcat64 -a 0 -m 14600 image.enc rockyou.txt promptly outputs image.enc:password in a few seconds.
Let’s see what we have in here:
root@ubuntu:~# cryptsetup luksOpen image.enc tmpData
Enter passphrase for image.enc:
root@ubuntu:~# mkdir image
root@ubuntu:~# mount -o loop,rw /dev/mapper/tmpData image
root@ubuntu:~# ls image
root@ubuntu:~#
Weird, seems to be mountable, but the filesystem is empty. What might the filesystem be?
root@ubuntu:~# xxd /dev/mapper/tmpData | head
00000000: eb52 904e 5446 5320 2020 2000 0208 0000 .R.NTFS .....
00000010: 0000 0000 00f8 0000 0000 0000 0000 0000 ................
00000020: 0000 0000 8000 8000 ff2f 0000 0000 0000 ........./......
00000030: 0400 0000 0000 0000 ff02 0000 0000 0000 ................
00000040: f600 0000 0100 0000 b844 4a5b 7951 807a .........DJ[yQ.z
00000050: 0000 0000 0e1f be71 7cac 22c0 740b 56b4 .......q|.".t.V.
00000060: 0ebb 0700 cd10 5eeb f032 e4cd 16cd 19eb ......^..2......
00000070: fe54 6869 7320 6973 206e 6f74 2061 2062 .This is not a b
00000080: 6f6f 7461 626c 6520 6469 736b 2e20 506c ootable disk. Pl
00000090: 6561 7365 2069 6e73 6572 7420 6120 626f ease insert a bo
Let’s look for recoverable deleted files then with ntfsundelete:
root@ubuntu:~# umount image
root@ubuntu:~# ntfsundelete /dev/mapper/tmpData -p 1
Inode Flags %age Date Time Size Filename
-----------------------------------------------------------------------
64 FN.. 100% 2020-01-18 06:16 80935 open-me.pdf
Files with potentially recoverable content: 1
root@ubuntu:~# ntfsundelete /dev/mapper/tmpData -u -i 64
Inode Flags %age Date Size Filename
---------------------------------------------------------------
64 FN.. 0% 2020-01-18 06:16 80935 open-me.pdf
Undeleted 'open-me.pdf' successfully to open-me.pdf.
What does this pdf file contain?
Oh ok. Maybe try opening it in notepad? Upon opening it, there’s an interesting line in what seems to be the metadata section
/JS (var _0x4e0e=['HFpHfnE=','w5UkC8OiwpXDn8OrPcKqZ0pG','LWk9GMO4w5E=','wohHPQQtwq/Dqj8nKhFgSx3DvsOXTMKhGlEHIgkxw7vDk8KJwpARPmvCiA==','Thsdw4HCrsOjwpRHbsOXwr8nwql+w6hBwojDrcOsw40Nw6djw6zCsV7CqnjCrcKQUMKJw4HDocKOwrsef8KZ','W8OZwpFrw4zClQ==','HgwMOmzCtQ==','woY7w4Ubw5rDosONwrV2w6hUw7MOw74lw4s=','w4R+MMO6TsOAUcOCwrTDnVrCk8KgVytYw6XCj8KmSMOaU8KUDGNGwp7ChMOhUUU7','w518w6NeAsO6w6IKHcOceW4sJ8KObU1gXMOWTijCnkwCwq7CrMO0IcK/wq/DlHHCoMKNOcKHens6GMOfGsOwEcKCTcKcKsOWw6ZmaTDDvA5Dw5XCtj5IZkI3EsOcwrXDvsKOw7jCo2FGw7TCuMKdwrcPwphOw549wqVER8OxWcKXfGx0w7XDqmrCl2LDnsOMPhUJXEfDo8KZw6fDrgrDgEN0woNYAWvDtjTCtcKkw4hww7AswrTCi8OVwqo/U3nDvMKvURHDhWjCi8KzesO7wpDDuMKi','wpEnwovCusKr','w6dRw77DgDzCqm4ywqTDmDpvJgjCgTA=','wowfw6s3w50=','MyMnG8OXw5fCmUwVbg==','MScjG8Og','TcOowpzCp8K3Zw==','FcKXwrPCrnx+wp7DjsOWwoU=','w6VMw7LDmBLCp2E0wqHDnjJv','CcOfwoDDgBM=','wprDhUMDw5hCXsOEwoXCqw==','Ck5OwpbCng=='];(function(_0x15f484,_0x11332c){var _0x3c9f85=function(_0x2807e0){while(--_0x2807e0){_0x15f484['push'](_0x15f484['shift']());}};_0x3c9f85(++_0x11332c);}(_0x4e0e,0x1b9));var _0x178c=function(_0x15f484,_0x11332c){_0x15f484=_0x15f484-0x0;var _0x3c9f85=_0x4e0e[_0x15f484];if(_0x178c['hmsPYN']===undefined){(function(){var _0x2807e0=function(){var _0x5da00b;try{_0x5da00b=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');')();}catch(_0x279aa6){_0x5da00b=this;}return _0x5da00b;};var _0x147381=_0x2807e0();var _0x10417f='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x147381['atob']||(_0x147381['atob']=function(_0x356d){var _0x40ff47=String(_0x356d)['replace'](/=+$/,'');var _0x20b106='';for(var _0x2ed87c=0x0,_0x45cb65,_0x5f0609,_0x3535ef=0x0;_0x5f0609=_0x40ff47['charAt'](_0x3535ef++);~_0x5f0609&&(_0x45cb65=_0x2ed87c%0x4?_0x45cb65*0x40+_0x5f0609:_0x5f0609,_0x2ed87c++%0x4)?_0x20b106+=String['fromCharCode'](0xff&_0x45cb65>>(-0x2*_0x2ed87c&0x6)):0x0){_0x5f0609=_0x10417f['indexOf'](_0x5f0609);}return _0x20b106;});}());var _0x3510e9=function(_0x2bc407,_0x11332c){var _0x12568a=[],_0x5365c2=0x0,_0x84ad93,_0x46ac98='',_0x573edb='';_0x2bc407=atob(_0x2bc407);for(var _0x3837e6=0x0,_0x39c6f1=_0x2bc407['length'];_0x3837e6<_0x39c6f1;_0x3837e6++){_0x573edb+='%'+('00'+_0x2bc407['charCodeAt'](_0x3837e6)['toString'](0x10))['slice'](-0x2);}_0x2bc407=decodeURIComponent(_0x573edb);var _0x4a16d2;for(_0x4a16d2=0x0;_0x4a16d2<0x100;_0x4a16d2++){_0x12568a[_0x4a16d2]=_0x4a16d2;}for(_0x4a16d2=0x0;_0x4a16d2<0x100;_0x4a16d2++){_0x5365c2=(_0x5365c2+_0x12568a[_0x4a16d2]+_0x11332c['charCodeAt'](_0x4a16d2%_0x11332c['length']))%0x100;_0x84ad93=_0x12568a[_0x4a16d2];_0x12568a[_0x4a16d2]=_0x12568a[_0x5365c2];_0x12568a[_0x5365c2]=_0x84ad93;}_0x4a16d2=0x0;_0x5365c2=0x0;for(var _0x29eeef=0x0;_0x29eeef<_0x2bc407['length'];_0x29eeef++){_0x4a16d2=(_0x4a16d2+0x1)%0x100;_0x5365c2=(_0x5365c2+_0x12568a[_0x4a16d2])%0x100;_0x84ad93=_0x12568a[_0x4a16d2];_0x12568a[_0x4a16d2]=_0x12568a[_0x5365c2];_0x12568a[_0x5365c2]=_0x84ad93;_0x46ac98+=String['fromCharCode'](_0x2bc407['charCodeAt'](_0x29eeef)^_0x12568a[(_0x12568a[_0x4a16d2]+_0x12568a[_0x5365c2])%0x100]);}return _0x46ac98;};_0x178c['kVWneQ']=_0x3510e9;_0x178c['TDIRbt']={};_0x178c['hmsPYN']=!![];}var _0x46b3a2=_0x178c['TDIRbt'][_0x15f484];if(_0x46b3a2===undefined){if(_0x178c['IjFNZt']===undefined){_0x178c['IjFNZt']=!![];}_0x3c9f85=_0x178c['kVWneQ'](_0x3c9f85,_0x11332c);_0x178c['TDIRbt'][_0x15f484]=_0x3c9f85;}else{_0x3c9f85=_0x46b3a2;}return _0x3c9f85;};function _0xa6e49e(_0x37910b,_0x2f41c6){var _0x10eec1=[],_0x47a294=0x0,_0x3f6215,_0x123beb='';for(var _0x43ea68=0x0;_0x43ea68<0x100;_0x43ea68++){if(_0x178c('0x0','XYXb')==='xejTe'){var _0x11332c=[],_0x3c9f85=0x0,_0x2807e0,_0x5da00b='';for(var _0x279aa6=0x0;_0x279aa6<0x100;_0x279aa6++){_0x11332c[_0x279aa6]=_0x279aa6;}for(_0x279aa6=0x0;_0x279aa6<0x100;_0x279aa6++){_0x3c9f85=(_0x3c9f85+_0x11332c[_0x279aa6]+_0x37910b['charCodeAt'](_0x279aa6%_0x37910b[_0x178c('0xf','mi0j')]))%0x100;_0x2807e0=_0x11332c[_0x279aa6];_0x11332c[_0x279aa6]=_0x11332c[_0x3c9f85];_0x11332c[_0x3c9f85]=_0x2807e0;}_0x279aa6=0x0;_0x3c9f85=0x0;for(var _0x147381=0x0;_0x147381<_0x2f41c6[_0x178c('0x6','8yX1')];_0x147381++){_0x279aa6=(_0x279aa6+0x1)%0x100;_0x3c9f85=(_0x3c9f85+_0x11332c[_0x279aa6])%0x100;_0x2807e0=_0x11332c[_0x279aa6];_0x11332c[_0x279aa6]=_0x11332c[_0x3c9f85];_0x11332c[_0x3c9f85]=_0x2807e0;_0x5da00b+=String[_0x178c('0x1','IXLQ')](_0x2f41c6[_0x178c('0xd','GQNn')](_0x147381)^_0x11332c[(_0x11332c[_0x279aa6]+_0x11332c[_0x3c9f85])%0x100]);}return _0x5da00b;}else{_0x10eec1[_0x43ea68]=_0x43ea68;}}for(_0x43ea68=0x0;_0x43ea68<0x100;_0x43ea68++){_0x47a294=(_0x47a294+_0x10eec1[_0x43ea68]+_0x37910b[_0x178c('0x13','mlPz')](_0x43ea68%_0x37910b[_0x178c('0x2','KK4l')]))%0x100;_0x3f6215=_0x10eec1[_0x43ea68];_0x10eec1[_0x43ea68]=_0x10eec1[_0x47a294];_0x10eec1[_0x47a294]=_0x3f6215;}_0x43ea68=0x0;_0x47a294=0x0;for(var _0x266bbc=0x0;_0x266bbc<_0x2f41c6[_0x178c('0x5','aZS]')];_0x266bbc++){_0x43ea68=(_0x43ea68+0x1)%0x100;_0x47a294=(_0x47a294+_0x10eec1[_0x43ea68])%0x100;_0x3f6215=_0x10eec1[_0x43ea68];_0x10eec1[_0x43ea68]=_0x10eec1[_0x47a294];_0x10eec1[_0x47a294]=_0x3f6215;_0x123beb+=String[_0x178c('0x11','hLhx')](_0x2f41c6[_0x178c('0x10','H7(1')](_0x266bbc)^_0x10eec1[(_0x10eec1[_0x43ea68]+_0x10eec1[_0x47a294])%0x100]);}return _0x123beb;}f=unescape(_0x178c('0x4','24aX'));ff=unescape(_0x178c('0x9','RR&k'));function _0x4a454a(){if(this[_0x178c('0xb','hLhx')]==_0xa6e49e('',f)){_0x2d0402();}else{if(_0x178c('0xc','#qa4')===_0x178c('0xa','4s^m')){if(this['documentFileName']==_0xa6e49e('',f)){_0x2d0402();}else{app[_0x178c('0x12',')rGW')](_0x178c('0x3','B%vX')+this[_0x178c('0x7','#qa4')]);}}else{app[_0x178c('0x14','24aX')](_0x178c('0x8','wgK5')+this['documentFileName']);}}}function _0x2d0402(){app[_0x178c('0xe','GQNn')](_0xa6e49e('',ff));}_0x4a454a();)
Erm… Let’s beautify this a bit:
var _0x4e0e = ['HFpHfnE=', 'w5UkC8OiwpXDn8OrPcKqZ0pG', 'LWk9GMO4w5E=', 'wohHPQQtwq/Dqj8nKhFgSx3DvsOXTMKhGlEHIgkxw7vDk8KJwpARPmvCiA==', 'Thsdw4HCrsOjwpRHbsOXwr8nwql+w6hBwojDrcOsw40Nw6djw6zCsV7CqnjCrcKQUMKJw4HDocKOwrsef8KZ', 'W8OZwpFrw4zClQ==', 'HgwMOmzCtQ==', 'woY7w4Ubw5rDosONwrV2w6hUw7MOw74lw4s=', 'w4R+MMO6TsOAUcOCwrTDnVrCk8KgVytYw6XCj8KmSMOaU8KUDGNGwp7ChMOhUUU7', 'w518w6NeAsO6w6IKHcOceW4sJ8KObU1gXMOWTijCnkwCwq7CrMO0IcK/wq/DlHHCoMKNOcKHens6GMOfGsOwEcKCTcKcKsOWw6ZmaTDDvA5Dw5XCtj5IZkI3EsOcwrXDvsKOw7jCo2FGw7TCuMKdwrcPwphOw549wqVER8OxWcKXfGx0w7XDqmrCl2LDnsOMPhUJXEfDo8KZw6fDrgrDgEN0woNYAWvDtjTCtcKkw4hww7AswrTCi8OVwqo/U3nDvMKvURHDhWjCi8KzesO7wpDDuMKi', 'wpEnwovCusKr', 'w6dRw77DgDzCqm4ywqTDmDpvJgjCgTA=', 'wowfw6s3w50=', 'MyMnG8OXw5fCmUwVbg==', 'MScjG8Og', 'TcOowpzCp8K3Zw==', 'FcKXwrPCrnx+wp7DjsOWwoU=', 'w6VMw7LDmBLCp2E0wqHDnjJv', 'CcOfwoDDgBM=', 'wprDhUMDw5hCXsOEwoXCqw==', 'Ck5OwpbCng=='];
(function(_0x15f484, _0x11332c) {
var _0x3c9f85 = function(_0x2807e0) {
while (--_0x2807e0) {
_0x15f484['push'](_0x15f484['shift']());
}
};
_0x3c9f85(++_0x11332c);
}(_0x4e0e, 0x1b9));
var _0x178c = function(_0x15f484, _0x11332c) {
_0x15f484 = _0x15f484 - 0x0;
var _0x3c9f85 = _0x4e0e[_0x15f484];
if (_0x178c['hmsPYN'] === undefined) {
(function() {
var _0x2807e0 = function() {
var _0x5da00b;
try {
_0x5da00b = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');')();
} catch (_0x279aa6) {
_0x5da00b = this;
}
return _0x5da00b;
};
var _0x147381 = _0x2807e0();
var _0x10417f = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
_0x147381['atob'] || (_0x147381['atob'] = function(_0x356d) {
var _0x40ff47 = String(_0x356d)['replace'](/=+$/, '');
var _0x20b106 = '';
for (var _0x2ed87c = 0x0, _0x45cb65, _0x5f0609, _0x3535ef = 0x0; _0x5f0609 = _0x40ff47['charAt'](_0x3535ef++); ~_0x5f0609 && (_0x45cb65 = _0x2ed87c % 0x4 ? _0x45cb65 * 0x40 + _0x5f0609 : _0x5f0609, _0x2ed87c++ % 0x4) ? _0x20b106 += String['fromCharCode'](0xff & _0x45cb65 >> (-0x2 * _0x2ed87c & 0x6)) : 0x0) {
_0x5f0609 = _0x10417f['indexOf'](_0x5f0609);
}
return _0x20b106;
});
}());
var _0x3510e9 = function(_0x2bc407, _0x11332c) {
var _0x12568a = [],
_0x5365c2 = 0x0,
_0x84ad93, _0x46ac98 = '',
_0x573edb = '';
_0x2bc407 = atob(_0x2bc407);
for (var _0x3837e6 = 0x0, _0x39c6f1 = _0x2bc407['length']; _0x3837e6 < _0x39c6f1; _0x3837e6++) {
_0x573edb += '%' + ('00' + _0x2bc407['charCodeAt'](_0x3837e6)['toString'](0x10))['slice'](-0x2);
}
_0x2bc407 = decodeURIComponent(_0x573edb);
var _0x4a16d2;
for (_0x4a16d2 = 0x0; _0x4a16d2 < 0x100; _0x4a16d2++) {
_0x12568a[_0x4a16d2] = _0x4a16d2;
}
for (_0x4a16d2 = 0x0; _0x4a16d2 < 0x100; _0x4a16d2++) {
_0x5365c2 = (_0x5365c2 + _0x12568a[_0x4a16d2] + _0x11332c['charCodeAt'](_0x4a16d2 % _0x11332c['length'])) % 0x100;
_0x84ad93 = _0x12568a[_0x4a16d2];
_0x12568a[_0x4a16d2] = _0x12568a[_0x5365c2];
_0x12568a[_0x5365c2] = _0x84ad93;
}
_0x4a16d2 = 0x0;
_0x5365c2 = 0x0;
for (var _0x29eeef = 0x0; _0x29eeef < _0x2bc407['length']; _0x29eeef++) {
_0x4a16d2 = (_0x4a16d2 + 0x1) % 0x100;
_0x5365c2 = (_0x5365c2 + _0x12568a[_0x4a16d2]) % 0x100;
_0x84ad93 = _0x12568a[_0x4a16d2];
_0x12568a[_0x4a16d2] = _0x12568a[_0x5365c2];
_0x12568a[_0x5365c2] = _0x84ad93;
_0x46ac98 += String['fromCharCode'](_0x2bc407['charCodeAt'](_0x29eeef) ^ _0x12568a[(_0x12568a[_0x4a16d2] + _0x12568a[_0x5365c2]) % 0x100]);
}
return _0x46ac98;
};
_0x178c['kVWneQ'] = _0x3510e9;
_0x178c['TDIRbt'] = {};
_0x178c['hmsPYN'] = !![];
}
var _0x46b3a2 = _0x178c['TDIRbt'][_0x15f484];
if (_0x46b3a2 === undefined) {
if (_0x178c['IjFNZt'] === undefined) {
_0x178c['IjFNZt'] = !![];
}
_0x3c9f85 = _0x178c['kVWneQ'](_0x3c9f85, _0x11332c);
_0x178c['TDIRbt'][_0x15f484] = _0x3c9f85;
} else {
_0x3c9f85 = _0x46b3a2;
}
return _0x3c9f85;
};
function _0xa6e49e(_0x37910b, _0x2f41c6) {
var _0x10eec1 = [],
_0x47a294 = 0x0,
_0x3f6215, _0x123beb = '';
for (var _0x43ea68 = 0x0; _0x43ea68 < 0x100; _0x43ea68++) {
if (_0x178c('0x0', 'XYXb') === 'xejTe') {
var _0x11332c = [],
_0x3c9f85 = 0x0,
_0x2807e0, _0x5da00b = '';
for (var _0x279aa6 = 0x0; _0x279aa6 < 0x100; _0x279aa6++) {
_0x11332c[_0x279aa6] = _0x279aa6;
}
for (_0x279aa6 = 0x0; _0x279aa6 < 0x100; _0x279aa6++) {
_0x3c9f85 = (_0x3c9f85 + _0x11332c[_0x279aa6] + _0x37910b['charCodeAt'](_0x279aa6 % _0x37910b[_0x178c('0xf', 'mi0j')])) % 0x100;
_0x2807e0 = _0x11332c[_0x279aa6];
_0x11332c[_0x279aa6] = _0x11332c[_0x3c9f85];
_0x11332c[_0x3c9f85] = _0x2807e0;
}
_0x279aa6 = 0x0;
_0x3c9f85 = 0x0;
for (var _0x147381 = 0x0; _0x147381 < _0x2f41c6[_0x178c('0x6', '8yX1')]; _0x147381++) {
_0x279aa6 = (_0x279aa6 + 0x1) % 0x100;
_0x3c9f85 = (_0x3c9f85 + _0x11332c[_0x279aa6]) % 0x100;
_0x2807e0 = _0x11332c[_0x279aa6];
_0x11332c[_0x279aa6] = _0x11332c[_0x3c9f85];
_0x11332c[_0x3c9f85] = _0x2807e0;
_0x5da00b += String[_0x178c('0x1', 'IXLQ')](_0x2f41c6[_0x178c('0xd', 'GQNn')](_0x147381) ^ _0x11332c[(_0x11332c[_0x279aa6] + _0x11332c[_0x3c9f85]) % 0x100]);
}
return _0x5da00b;
} else {
_0x10eec1[_0x43ea68] = _0x43ea68;
}
}
for (_0x43ea68 = 0x0; _0x43ea68 < 0x100; _0x43ea68++) {
_0x47a294 = (_0x47a294 + _0x10eec1[_0x43ea68] + _0x37910b[_0x178c('0x13', 'mlPz')](_0x43ea68 % _0x37910b[_0x178c('0x2', 'KK4l')])) % 0x100;
_0x3f6215 = _0x10eec1[_0x43ea68];
_0x10eec1[_0x43ea68] = _0x10eec1[_0x47a294];
_0x10eec1[_0x47a294] = _0x3f6215;
}
_0x43ea68 = 0x0;
_0x47a294 = 0x0;
for (var _0x266bbc = 0x0; _0x266bbc < _0x2f41c6[_0x178c('0x5', 'aZS]')]; _0x266bbc++) {
_0x43ea68 = (_0x43ea68 + 0x1) % 0x100;
_0x47a294 = (_0x47a294 + _0x10eec1[_0x43ea68]) % 0x100;
_0x3f6215 = _0x10eec1[_0x43ea68];
_0x10eec1[_0x43ea68] = _0x10eec1[_0x47a294];
_0x10eec1[_0x47a294] = _0x3f6215;
_0x123beb += String[_0x178c('0x11', 'hLhx')](_0x2f41c6[_0x178c('0x10', 'H7(1')](_0x266bbc) ^ _0x10eec1[(_0x10eec1[_0x43ea68] + _0x10eec1[_0x47a294]) % 0x100]);
}
return _0x123beb;
}
f = unescape(_0x178c('0x4', '24aX'));
ff = unescape(_0x178c('0x9', 'RR&k'));
function _0x4a454a() {
if (this[_0x178c('0xb', 'hLhx')] == _0xa6e49e('', f)) {
_0x2d0402();
} else {
if (_0x178c('0xc', '#qa4') === _0x178c('0xa', '4s^m')) {
if (this['documentFileName'] == _0xa6e49e('', f)) {
_0x2d0402();
} else {
app[_0x178c('0x12', ')rGW')](_0x178c('0x3', 'B%vX') + this[_0x178c('0x7', '#qa4')]);
}
} else {
app[_0x178c('0x14', '24aX')](_0x178c('0x8', 'wgK5') + this['documentFileName']);
}
}
}
function _0x2d0402() {
app[_0x178c('0xe', 'GQNn')](_0xa6e49e('', ff));
}
_0x4a454a();
What happens if we paste this into our browser?
> VM44:149 Uncaught ReferenceError: app is not defined
> at _0x4a454a (<anonymous>:149:13)
> at <anonymous>:157:1
>_0x4a454a @ VM44:149
>(anonymous) @ VM44:157
Ok, let’s try poking around with the arguments to app, maybe we can find something:
<_0x178c('0xe', 'GQNn')
>"alert"
<_0xa6e49e('', ff)
>"cd20{0n3-d035-n0t-51mply-3xtr4ct-th3-fl4g-fr0m-4-r4w-1m4g3}"