|

»

»

Samba - cifs-protocol

KVNO of trusts

View: New views

13 Messages — Rating Filter: Alert me

	KVNO of trusts by Andrew Bartlett :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC? For normal users, we have msDS-KeyVersionNumber, but as per our previous discussions, trusts do not need cn=user type objects for interoperability (I point I dispute, but regardless). So, what is the source of the key version number for these principals? (Is it the 'for NETLOGON use' version number in the trustAuthIncoming and trustAuthOutgoing attributes, for example?) Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol signature.asc (196 bytes) Download Attachment
	RE: KVNO of trusts by Bill Wesse :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Good morning Andrew. Thank you for your question! I have created a new case for this (info below); one of my colleagues will take ownership of this and contact you soon. SRX080903600016 [MS-ADTS] 3.1.1.4.5.16 kvno for trusted domain entities Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Wednesday, September 03, 2008 12:13 AM To: Interoperability Documentation Help Cc: pfif@...; cifs-protocol@... Subject: KVNO of trusts How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC? For normal users, we have msDS-KeyVersionNumber, but as per our previous discussions, trusts do not need cn=user type objects for interoperability (I point I dispute, but regardless). So, what is the source of the key version number for these principals? (Is it the 'for NETLOGON use' version number in the trustAuthIncoming and trustAuthOutgoing attributes, for example?) Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol
	RE: KVNO of trusts by John Dunning-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello Andrew, I will be investigating this issue for you. I will keep you updated as things progress. Thanks John Dunning Senior Escalation Engineer Microsoft Corporation US-CSS DSC PROTOCOL TEAM Email: johndun@... Tele: (469)775-7008 We're hiring -----Original Message----- From: Bill Wesse Sent: Wednesday, September 03, 2008 4:52 AM To: 'Andrew Bartlett'; Interoperability Documentation Help Cc: pfif@...; cifs-protocol@... Subject: RE: KVNO of trusts Good morning Andrew. Thank you for your question! I have created a new case for this (info below); one of my colleagues will take ownership of this and contact you soon. SRX080903600016 [MS-ADTS] 3.1.1.4.5.16 kvno for trusted domain entities Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Wednesday, September 03, 2008 12:13 AM To: Interoperability Documentation Help Cc: pfif@...; cifs-protocol@... Subject: KVNO of trusts How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC? For normal users, we have msDS-KeyVersionNumber, but as per our previous discussions, trusts do not need cn=user type objects for interoperability (I point I dispute, but regardless). So, what is the source of the key version number for these principals? (Is it the 'for NETLOGON use' version number in the trustAuthIncoming and trustAuthOutgoing attributes, for example?) Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol
	RE: KVNO of trusts by John Dunning-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello Andrew, We have concluded our investigation regarding this issue. Question: "How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC?" Answer: The key version number of the trust password for a trust object is set by making a LsarSetTrustedDomainInfoByName ([MS-LSAD] section 3.1.4.7.6) request when the trust is created. It is incremented by 1 each time the trust password is changed. The key version number can be determined at any time by making an LsarQueryTrustedDomainInfoByName request or parsing the trustAuthInfoIncoming/trustAuthInfoOutgoing attributes using the information provided in MS-ADTS section 7.1.6.9.1 and looking for an LSAPR_AUTH_INFORMATION structure with AuthType equal to TRUST_AUTH_TYPE_VERSION (3). A change will be made to the [MS-ADA2]document section 2.235 Attribute msDS-KeyVersionNumber which will be similar to the following: 2.235 Attribute msDS-KeyVersionNumber For a given user, computer or built-in account, this attribute specifies the Kerberos version number of the current key for that account. The Kerberos key version number for trusts is stored in the trusted domain object (TDO) whose object class is trustedDomain cn: ms-DS-KeyVersionNumber ldapDisplayName: msDS-KeyVersionNumber attributeId: 1.2.840.113556.1.4.1782 attributeSyntax: 2.5.5.9 omSyntax: 2 isSingleValued: TRUE schemaIdGuid: c523e9c0-33b5-4ac8-8923-b57b927f42f6 systemOnly: TRUE searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT \| FLAG_ATTR_IS_CONSTRUCTED schemaFlagsEx: FLAG_ATTR_IS_CRITICAL Version-Specific Behavior: Implemented on Windows Server 2003, Windows Server 2003 R2, and Windows Server 2008. The schemaFlagsEx attribute was added to this attribute definition in Windows Server 2008. Please let me know if this fully answers this issue. Thanks John Dunning Senior Escalation Engineer Microsoft Corporation US-CSS DSC PROTOCOL TEAM Email: johndun@... Tele: (469)775-7008 -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Tuesday, September 02, 2008 11:13 PM To: Interoperability Documentation Help Cc: pfif@...; cifs-protocol@... Subject: KVNO of trusts How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC? For normal users, we have msDS-KeyVersionNumber, but as per our previous discussions, trusts do not need cn=user type objects for interoperability (I point I dispute, but regardless). So, what is the source of the key version number for these principals? (Is it the 'for NETLOGON use' version number in the trustAuthIncoming and trustAuthOutgoing attributes, for example?) Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol
	RE: KVNO of trusts by Andrew Bartlett :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 2008-10-02 at 09:17 -0700, John Dunning wrote: > Hello Andrew, > > We have concluded our investigation regarding this issue. > > Question: "How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC?" > > Answer: > The key version number of the trust password for a trust object is set > by making a LsarSetTrustedDomainInfoByName ([MS-LSAD] section > 3.1.4.7.6) request when the trust is created. It is incremented by 1 > each time the trust password is changed. The key version number can be > determined at any time by making an LsarQueryTrustedDomainInfoByName > request or parsing the trustAuthInfoIncoming/trustAuthInfoOutgoing > attributes using the information provided in MS-ADTS section > 7.1.6.9.1 and looking for an LSAPR_AUTH_INFORMATION structure with > AuthType equal to TRUST_AUTH_TYPE_VERSION (3). Great. What is the kvno if the client does not provide one in that structure, when it initially calls CreateTrustedDomainEx? (I think it is -1) > A change will be made to the [MS-ADA2]document section 2.235 Attribute msDS-KeyVersionNumber which will be similar to the following: > > 2.235 Attribute msDS-KeyVersionNumber > For a given user, computer or built-in account, this attribute > specifies the Kerberos version number of the current key for that > account. The Kerberos key version number for trusts is stored in the > trusted domain object (TDO) whose object class is trustedDomain Can i suggest a slight rewording: For a trusted domain (objectClass trustedDomain), the Kerberos key version number is stored in the trusted domain object (TDO), embedded in the trustAuthIncoming and trustAuthOutgoing attributes. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol signature.asc (196 bytes) Download Attachment
	RE: KVNO of trusts by John Dunning-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello Andrew, Thank you for your rewording suggestion. I have passed this information on to my Product Team. I also have an answer to your question: "What is the kvno if the client does not provide one in that structure, when it initially calls CreateTrustedDomainEx? (I think it is -1)?" Answer: If TRUST_AUTH_TYPE_VERSION is missing, the key version # for that trust key in Kerberos protocol is not filled. In such a case, the Windows Kerberos will ignore the missing key version # field. The key version (and the TRUST_AUTH_TYPE_VERSION field) is always present in Microsoft implementations to maximize interoperability. Please let me know if this fully answers this question. Thanks John Dunning Senior Escalation Engineer Microsoft Corporation US-CSS DSC PROTOCOL TEAM Email: johndun@... Tele: (469)775-7008 -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Friday, October 03, 2008 12:04 PM To: John Dunning Cc: Interoperability Documentation Help; pfif@...; cifs-protocol@... Subject: RE: KVNO of trusts On Thu, 2008-10-02 at 09:17 -0700, John Dunning wrote: > Hello Andrew, > > We have concluded our investigation regarding this issue. > > Question: "How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC?" > > Answer: > The key version number of the trust password for a trust object is set > by making a LsarSetTrustedDomainInfoByName ([MS-LSAD] section > 3.1.4.7.6) request when the trust is created. It is incremented by 1 > each time the trust password is changed. The key version number can be > determined at any time by making an LsarQueryTrustedDomainInfoByName > request or parsing the trustAuthInfoIncoming/trustAuthInfoOutgoing > attributes using the information provided in MS-ADTS section > 7.1.6.9.1 and looking for an LSAPR_AUTH_INFORMATION structure with > AuthType equal to TRUST_AUTH_TYPE_VERSION (3). Great. What is the kvno if the client does not provide one in that structure, when it initially calls CreateTrustedDomainEx? (I think it is -1) > A change will be made to the [MS-ADA2]document section 2.235 Attribute msDS-KeyVersionNumber which will be similar to the following: > > 2.235 Attribute msDS-KeyVersionNumber For a given user, > computer or built-in account, this attribute specifies the Kerberos > version number of the current key for that account. The Kerberos key > version number for trusts is stored in the trusted domain object (TDO) > whose object class is trustedDomain Can i suggest a slight rewording: For a trusted domain (objectClass trustedDomain), the Kerberos key version number is stored in the trusted domain object (TDO), embedded in the trustAuthIncoming and trustAuthOutgoing attributes. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol
	RE: KVNO of trusts by Andrew Bartlett :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 2008-10-08 at 09:31 -0700, John Dunning wrote: > Hello Andrew, > Thank you for your rewording suggestion. I have passed this information on to my Product Team. > > I also have an answer to your question: > > "What is the kvno if the client does not provide one in that structure, when it initially calls CreateTrustedDomainEx? (I think it is -1)?" > > Answer: > > If TRUST_AUTH_TYPE_VERSION is missing, the key version # for that > trust key in Kerberos protocol is not filled. In such a case, the > Windows Kerberos will ignore the missing key version # field. > The key version (and the TRUST_AUTH_TYPE_VERSION field) is always > present in Microsoft implementations to maximize interoperability. I didn't find the version in the blob attached to the CreateTrustedDomainEx2 call I got from Windows 2008. That is why I asked. Perhaps I'm (as a server) meant to add this to the record? If so, what information should I use to do so? Also, while this element is indeed optional according to the ASN.1, it seemed to be filled in by windows in this case. I'll try to reproduce the setup we had at the IO lab this week, and give you some more concrete details. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol signature.asc (196 bytes) Download Attachment
	RE: KVNO of trusts by John Dunning-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello Andrew, I am sorry for the delayed response but I was out of the office the first part of the week. Were you still going to provide more concrete details or did you want me to pursue this with the information I have? Thanks John Dunning -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Wednesday, October 08, 2008 6:32 PM To: John Dunning Cc: Interoperability Documentation Help; pfif@...; cifs-protocol@... Subject: RE: KVNO of trusts On Wed, 2008-10-08 at 09:31 -0700, John Dunning wrote: > Hello Andrew, > Thank you for your rewording suggestion. I have passed this information on to my Product Team. > > I also have an answer to your question: > > "What is the kvno if the client does not provide one in that structure, when it initially calls CreateTrustedDomainEx? (I think it is -1)?" > > Answer: > > If TRUST_AUTH_TYPE_VERSION is missing, the key version # for that > trust key in Kerberos protocol is not filled. In such a case, the > Windows Kerberos will ignore the missing key version # field. > The key version (and the TRUST_AUTH_TYPE_VERSION field) is always > present in Microsoft implementations to maximize interoperability. I didn't find the version in the blob attached to the CreateTrustedDomainEx2 call I got from Windows 2008. That is why I asked. Perhaps I'm (as a server) meant to add this to the record? If so, what information should I use to do so? Also, while this element is indeed optional according to the ASN.1, it seemed to be filled in by windows in this case. I'll try to reproduce the setup we had at the IO lab this week, and give you some more concrete details. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol
	RE: KVNO of trusts by Andrew Bartlett :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 2008-10-24 at 12:53 -0700, John Dunning wrote: > Hello Andrew, > I am sorry for the delayed response but I was out of the office the first part of the week. > > Were you still going to provide more concrete details or did you want me to pursue this with the information I have? I've not had a chance to reproduce it yet (in terms of the KDC <-> KDC interaction that showed -1 in use). The original blob without the in the CreateTrusteDomainEx is in my request about the parsing of that structure. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol signature.asc (196 bytes) Download Attachment
	RE: KVNO of trusts by John Dunning-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello Andrew, I have been looking through some of the network traces that Richard Guthrie obtained during the plugfest. Although I did find one that had the call to CreateTrustedDomainEx the fields that I am interested in, in particular the Authblob, are encrypted. Would it be possible for you to supply an NDR dump of the behavior that you are describing? Thanks John Dunning Senior Escalation Engineer Microsoft Corporation US-CSS DSC PROTOCOL TEAM Email: johndun@... Tele: (469)775-7008 -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Sunday, October 26, 2008 7:39 PM To: John Dunning Cc: Interoperability Documentation Help; pfif@...; cifs-protocol@... Subject: RE: KVNO of trusts On Fri, 2008-10-24 at 12:53 -0700, John Dunning wrote: > Hello Andrew, > I am sorry for the delayed response but I was out of the office the first part of the week. > > Were you still going to provide more concrete details or did you want me to pursue this with the information I have? I've not had a chance to reproduce it yet (in terms of the KDC <-> KDC interaction that showed -1 in use). The original blob without the in the CreateTrusteDomainEx is in my request about the parsing of that structure. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol
	RE: KVNO of trusts by Andrew Bartlett :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2008-11-03 at 12:26 -0800, John Dunning wrote: > Hello Andrew, > I have been looking through some of the network traces that Richard Guthrie obtained during the plugfest. Although I did find one that had the call to CreateTrustedDomainEx the fields that I am interested in, in particular the Authblob, are encrypted. > > Would it be possible for you to supply an NDR dump of the behavior that you are describing? These are the decrypted blobs. They don't show the version number being exchanged. The KDC interaction I saw at the plugfest - I don't have a trace for at this time (just not had a chance to reproduce it). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. decode_trustDomainPasswords: struct decode_trustDomainPasswords in: struct decode_trustDomainPasswords blob: struct trustDomainPasswords confounder: ARRAY(512) [0] : 0x9e (158) [1] : 0xa0 (160) [2] : 0x58 (88) [3] : 0x4f (79) [4] : 0x3a (58) [5] : 0x02 (2) [6] : 0x8a (138) [7] : 0x6c (108) [8] : 0x83 (131) [9] : 0xf2 (242) [10] : 0xf2 (242) [11] : 0x8d (141) [12] : 0x8c (140) [13] : 0xa4 (164) [14] : 0xfb (251) [15] : 0x8f (143) [16] : 0xd7 (215) [17] : 0xf9 (249) [18] : 0xf4 (244) [19] : 0x66 (102) [20] : 0x0d (13) [21] : 0x8c (140) [22] : 0xa3 (163) [23] : 0xf8 (248) [24] : 0x02 (2) [25] : 0x0a (10) [26] : 0xed (237) [27] : 0x52 (82) [28] : 0x6d (109) [29] : 0x1a (26) [30] : 0xe1 (225) [31] : 0x66 (102) [32] : 0x20 (32) [33] : 0x6b (107) [34] : 0x49 (73) [35] : 0x43 (67) [36] : 0xce (206) [37] : 0x1a (26) [38] : 0x0f (15) [39] : 0xc4 (196) [40] : 0x94 (148) [41] : 0xfe (254) [42] : 0x00 (0) [43] : 0x38 (56) [44] : 0x30 (48) [45] : 0x96 (150) [46] : 0xbd (189) [47] : 0xa1 (161) [48] : 0x6f (111) [49] : 0xbe (190) [50] : 0x38 (56) [51] : 0x42 (66) [52] : 0x77 (119) [53] : 0x06 (6) [54] : 0x25 (37) [55] : 0x5c (92) [56] : 0x22 (34) [57] : 0xaa (170) [58] : 0x05 (5) [59] : 0xdf (223) [60] : 0xae (174) [61] : 0x7b (123) [62] : 0xd8 (216) [63] : 0x35 (53) [64] : 0x87 (135) [65] : 0xaa (170) [66] : 0x05 (5) [67] : 0x44 (68) [68] : 0x80 (128) [69] : 0x65 (101) [70] : 0x0a (10) [71] : 0xe4 (228) [72] : 0x56 (86) [73] : 0xfe (254) [74] : 0x81 (129) [75] : 0x85 (133) [76] : 0x3d (61) [77] : 0xea (234) [78] : 0x97 (151) [79] : 0x55 (85) [80] : 0x95 (149) [81] : 0x02 (2) [82] : 0x09 (9) [83] : 0xcd (205) [84] : 0xfa (250) [85] : 0x27 (39) [86] : 0x64 (100) [87] : 0xbc (188) [88] : 0x67 (103) [89] : 0x89 (137) [90] : 0x83 (131) [91] : 0xf3 (243) [92] : 0xe3 (227) [93] : 0xd3 (211) [94] : 0x70 (112) [95] : 0x8c (140) [96] : 0x37 (55) [97] : 0xd9 (217) [98] : 0xb0 (176) [99] : 0x16 (22) [100] : 0xbe (190) [101] : 0x38 (56) [102] : 0xc2 (194) [103] : 0x2e (46) [104] : 0x28 (40) [105] : 0xa0 (160) [106] : 0xbc (188) [107] : 0x67 (103) [108] : 0xa4 (164) [109] : 0x7b (123) [110] : 0xab (171) [111] : 0xed (237) [112] : 0x51 (81) [113] : 0x1e (30) [114] : 0x06 (6) [115] : 0xc1 (193) [116] : 0xe1 (225) [117] : 0xe6 (230) [118] : 0xbc (188) [119] : 0xb8 (184) [120] : 0x28 (40) [121] : 0x98 (152) [122] : 0xa3 (163) [123] : 0x25 (37) [124] : 0xc9 (201) [125] : 0x3b (59) [126] : 0xfd (253) [127] : 0x98 (152) [128] : 0xaa (170) [129] : 0xd6 (214) [130] : 0xf6 (246) [131] : 0x95 (149) [132] : 0x68 (104) [133] : 0x60 (96) [134] : 0x7c (124) [135] : 0x27 (39) [136] : 0xd1 (209) [137] : 0x8c (140) [138] : 0x3f (63) [139] : 0x29 (41) [140] : 0xa3 (163) [141] : 0xf7 (247) [142] : 0x99 (153) [143] : 0x0b (11) [144] : 0x4d (77) [145] : 0xcc (204) [146] : 0x64 (100) [147] : 0xb3 (179) [148] : 0x1b (27) [149] : 0x5e (94) [150] : 0x60 (96) [151] : 0x7d (125) [152] : 0x74 (116) [153] : 0x79 (121) [154] : 0xd8 (216) [155] : 0xcf (207) [156] : 0xcd (205) [157] : 0x67 (103) [158] : 0xf7 (247) [159] : 0x06 (6) [160] : 0xc0 (192) [161] : 0x0a (10) [162] : 0xed (237) [163] : 0x07 (7) [164] : 0xfb (251) [165] : 0xbd (189) [166] : 0xbd (189) [167] : 0x57 (87) [168] : 0xe7 (231) [169] : 0x89 (137) [170] : 0x4e (78) [171] : 0xc9 (201) [172] : 0x8e (142) [173] : 0x09 (9) [174] : 0x96 (150) [175] : 0xd8 (216) [176] : 0xcf (207) [177] : 0x32 (50) [178] : 0x1e (30) [179] : 0x7e (126) [180] : 0x5e (94) [181] : 0x3e (62) [182] : 0x39 (57) [183] : 0x99 (153) [184] : 0x5d (93) [185] : 0x54 (84) [186] : 0xa3 (163) [187] : 0x25 (37) [188] : 0x64 (100) [189] : 0xcf (207) [190] : 0x83 (131) [191] : 0x20 (32) [192] : 0xf2 (242) [193] : 0x14 (20) [194] : 0x6b (107) [195] : 0x2d (45) [196] : 0xbf (191) [197] : 0x07 (7) [198] : 0x8f (143) [199] : 0x71 (113) [200] : 0x09 (9) [201] : 0xfb (251) [202] : 0x59 (89) [203] : 0x54 (84) [204] : 0xac (172) [205] : 0xf1 (241) [206] : 0x2b (43) [207] : 0x40 (64) [208] : 0x25 (37) [209] : 0x65 (101) [210] : 0x1c (28) [211] : 0x2b (43) [212] : 0x6d (109) [213] : 0x64 (100) [214] : 0x69 (105) [215] : 0x64 (100) [216] : 0x3b (59) [217] : 0x7e (126) [218] : 0x4b (75) [219] : 0x29 (41) [220] : 0x24 (36) [221] : 0x97 (151) [222] : 0x27 (39) [223] : 0x37 (55) [224] : 0xc7 (199) [225] : 0x84 (132) [226] : 0x5b (91) [227] : 0x8a (138) [228] : 0x37 (55) [229] : 0x3e (62) [230] : 0x53 (83) [231] : 0x42 (66) [232]