In the previous article we provided instructions to get Tails up and running on a Qubes live cd. In this article we are going to show you how to integrate the Tails live cd with the Qubes live cd. This will make it easier and faster to boot a Tails VM on a Qubes live cd.

At the end of the article are the configuration scripts (github repo). These include a script for a normal Tails VM and a script for a Tails-gateway with Tails-workstation setup. It also includes two Qubes scripts to automate the setup of the Tails VM’s. You need to include these scripts in the iso files for maximum automation.

Warning:

This is for experimental purposes only. Don’t use this in a production environment.

How to modify a Tails iso image

We begin with basic instructions on how to modify a Tails iso image. You can follow these steps if you want to integrate the Tails-gateway and Tails-workstation scripts. You can also use it to include your own files to the Tails iso.

The instructions work on Debian based systems. This includes Tails.

Prerequisites:

USB stick or (re)writable DVD for the modified Tails iso

2.2 GB or more free space to modify and create the new Tails iso

Latest Tails iso (2.3 or later)

Instructions:

Start Debian/Tails system Install software

# Tails does not require any additional software # Install software for Debian 7

sudo apt-get update && sudo apt-get install syslinux genisoimage # Install software for Debian 8

sudo apt-get update && sudo apt-get install syslinux syslinux-utils genisoimage

Create a directory for storing the Tails iso data. This will need more then 2.2 GB of free space. You can use an USB drive for this.

mkdir -p /path/to/storage

export STORAGE=/path/to/storage

Mount Tails iso

sudo mount /path/to/iso /mnt -o loop

Copy contents of iso to the system

rsync -aHP /mnt/ $STORAGE/iso-data

Set write permissions $STORAGE/iso-data

chmod u+w $STORAGE/iso-data

Create ‘custom’ directory in $STORAGE/iso-data

mkdir $STORAGE/iso-data/custom

Add the Tails configuration scripts to the custom directory – copy the contents to the following files

nano $STORAGE/iso-data/custom/tails-normal.sh

nano $STORAGE/iso-data/custom/tails-gateway.sh

nano $STORAGE/iso-data/custom/tails-workstation.sh

Optional: Add your own files to the custom directory

cp /path/to/files $STORAGE/iso-data/custom Example:

cp ~/script.sh $STORAGE/iso-data/custom

Find volume ID of the original Tails iso

volname /path/to/iso

Generate iso image – Some iso images require a correct volume ID

sudo genisoimage -l -V "EXAMPLE VOLUME ID" -r -J -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -o $STORAGE/image.iso $STORAGE/iso-data/ Example:

sudo genisoimage -l -V "TAILS 2.3 - 20160425" -r -J -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -o $STORAGE/image.iso $STORAGE/iso-data/

Create USB bootable hybrid iso for 1-4 GB images

sudo isohybrid -h 255 -s 63 $STORAGE/image.iso

Your iso image is now ready. You have two options

You can burn the iso to a DVD. Use Brasero or similar CD/DVD burning tool for this. In Brasero select ‘Burn image’ option to burn an iso to disk.

Copy iso to a USB stick.

Recommended: Wipe all the contents of USB stick – might take a long time depending on size and speed of USB drive – modify /dev/sdX to correct USB device



dd if=/dev/zero of=/dev/sdX bs=1M



Optional: View status updates of dd command. Open new terminal and type the command. Status messages appear in original terminal every 30 seconds.



watch -n 30 'pkill -USR1 ^dd$'



Copy iso to USB – might take 10-20 minutes – modify /dev/sdX to correct USB device



dd if=$STORAGE/image.iso of=/dev/sdX bs=1M



Safely remove USB disk from system – modify /dev/sdX to correct USB device



sync

sudo eject /dev/sdX



Remove STORAGE variable from environment



unset STORAGE



See instructions below on how to boot and use the Tails iso

How to integrate Tails on a Qubes live cd

Prerequisites:

USB stick or (re)writable DVD for the modified Qubes iso

6.6 GB or more free space to modify and create the new Qubes with Tails iso

Latest Tails iso (2.3 or later)

Latest Qubes live cd iso (3.1 alpha or later)

Instructions:

Start Debian/Tails system Install software

# Tails does not require any additional software # Install software for Debian 7

sudo apt-get update && sudo apt-get install syslinux genisoimage # Install software for Debian 8

sudo apt-get update && sudo apt-get install syslinux syslinux-utils genisoimage

Create a directory for storing the Qubes and Tails iso data. This will need more then 6.6 GB of free space. You can use an USB drive for this.

mkdir -p /path/to/storage

export STORAGE=/path/to/storage

Mount Qubes iso

sudo mount /path/to/iso /mnt -o loop

Copy contents of iso to the system

rsync -aHP /mnt/ $STORAGE/iso-data

Set write permissions $STORAGE/iso-data

chmod u+w $STORAGE/iso-data

Create ‘custom’ directory in $STORAGE/iso-data

mkdir $STORAGE/iso-data/custom

Add the (modified) Tails iso to the custom directory – save as filename “image.iso”

cp /path/to/tails-i386-2.3.iso $STORAGE/iso-data/custom/image.iso Examples:

cp ~/image.iso $STORAGE/iso-data/custom/image.iso

cp ~/tails-i386-2.3.iso $STORAGE/iso-data/custom/image.iso

Add the Qubes configuration scripts to the custom directory – copy the contents to the following files

nano $STORAGE/iso-data/custom/qubes-normal.sh

nano $STORAGE/iso-data/custom/qubes-gateway.sh

Optional: Add your own files to the custom directory

cp /path/to/files $STORAGE/iso-data/custom Example:

cp ~/script.sh $STORAGE/iso-data/custom

Find volume ID of the original Qubes iso

volname /path/to/iso

Generate iso image – Qubes requires a correct volume ID

genisoimage -l -V "EXAMPLE VOLUME ID" -r -J -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -o $STORAGE/image.iso $STORAGE/iso-data/ Example:

genisoimage -l -V "Qubes-R3.1-alpha1.1-x86_64-LIVE" -r -J -no-emul-boot -boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat -o $STORAGE/image.iso $STORAGE/iso-data/

Create USB bootable hybrid iso for 1-4 GB images

sudo isohybrid -h 255 -s 63 $STORAGE/image.iso

Your iso image is now ready. You have two options

You can burn the iso to a DVD. Use Brasero or similar CD/DVD burning tool for this. In Brasero select ‘Burn image’ option to burn an iso to disk.

Copy iso to a USB stick.

Recommended: Wipe all the contents of USB stick – might take a long time depending on size and speed of USB drive – modify /dev/sdX to correct USB device



dd if=/dev/zero of=/dev/sdX bs=1M



Optional: View status updates of dd command. Open new terminal and type the command. Status messages appear in original terminal every 30 seconds.



watch -n 30 'pkill -USR1 ^dd$'



Copy iso to USB – might take 10-20 minutes – modify /dev/sdX to correct USB device



dd if=$STORAGE/image.iso of=/dev/sdX bs=1M



Safely remove USB disk from system – modify /dev/sdX to correct USB device



sync

sudo eject /dev/sdX



Remove STORAGE variable from environment



unset STORAGE



See instructions below on how to boot and use the Qubes iso

How to use the modified Qubes iso with integrated Tails image

Boot the modified Qubes system The custom files are available in – /run/initramfs/live/custom

ls /run/initramfs/live/custom

Make scripts executable – copy from read only filesystem to read/write filesystem

cp /run/initramfs/live/custom/*.sh ~/

chmod 700 ~/*.sh

Configure specific Tails system

Configure a normal Tails VM



~/qubes-normal.sh

Configure a Tails-gateway and Tails-workstation VM setup

~/qubes-gateway.sh



How to use the modified Tails iso

Boot the modified Tails system Select “More options”, configure a password and login The custom files are available in – /lib/live/mount/medium/custom

ls /lib/live/mount/medium/custom

Make scripts executable – copy from read only filesystem to read/write filesystem

cp /lib/live/mount/medium/custom/*.sh ~/

chmod 700 ~/*.sh

If you use the Tails-workstation and Tails-gateway setup, make sure you login to both VM’s before executing the scripts Configure specific Tails system

Configure a normal Tails VM



sudo ~/tails-normal.sh

Configure a Tails-gateway VM (run on the Tails-gateway)



sudo ~/tails-gateway.sh

Configure a Tails-workstation VM (run on the Tails-workstation)

sudo ~/tails-gateway.sh



Extra: Manual instructions to start Tails VM from Qubes

Create the Tails VM

qvm-create tails --hvm --label green --mem 1024

Mount integrated Tails iso on Qubes system

sudo mount /run/initramfs/live/image.iso /mnt -o loop

A popup will appear with the message: “Attached new device to dom0: /dev/loopXX”. You need to point the –cdrom option to this /dev/loopXX device

qvm-start tails --cdrom=/dev/loopXX Example:

qvm-start tails --cdrom=/dev/loop10

Tails should now boot

Tails configuration scripts

Tails-normal script – tails-normal.sh

#!/bin/sh # Script for normal tails setup ################# ### Variables ### ################# ext_interface=eth0 ext_interface_ip=10.137.2.11 default_gateway=10.137.2.1 tails_useraccount=amnesia user_js=/home/amnesia/.tor-browser/profile.default/user.js tor_torrc=/etc/tor/torrc sysctl_file=/etc/sysctl.d/sysctl-hardening.conf ##################### ### System checks ### ##################### # Only run as root if [ $(id -u) != "0" ]; then echo "ERROR: Must be run as root...exiting script" exit 0 fi ######################## ### System hardening ### ######################## # Disable cups service cups stop # Disable ipv6 echo "# Disable ipv6" >> "${sysctl_file}" echo "net.ipv6.conf.all.disable_ipv6 = 1" >> "${sysctl_file}" echo "net.ipv6.conf.default.disable_ipv6 = 1" >> "${sysctl_file}" echo "net.ipv6.conf.${ext_interface}.disable_ipv6 = 1" >> "${sysctl_file}" ################### ### Tor Browser ### ################### # Set Tor-Browser security slider to high. Note: not recommended by Tor-Browser developers echo 'user_pref("extensions.torbutton.security_slider", 1);' >> "${user_js}" # Set correct permissions and owner for user.js file chmod 600 "${user_js}" chown "${tails_useraccount}" "${user_js}" ############### ### Network ### ############### # Connection to Qubes sys-firewall nmcli con add con-name "${ext_interface}" ifname "${ext_interface}" type ethernet ip4 "${ext_interface_ip}"/24 gw4 "${default_gateway}" nmcli con mod "${ext_interface}" ipv6.method ignore nmcli con up "${ext_interface}" # Apply sysctl changes - applied here to disable ipv6 sysctl -p "${sysctl_file}"

Tails-gateway script - tails-gateway.sh

#!/bin/sh # Script for tails-gateway ################# ### Variables ### ################# int_interface="$(ls /sys/class/net/ | grep -E vif[0-9]+[.][0-9]+)" ext_interface=eth0 int_interface_ip=192.168.199.1 ext_interface_ip=10.137.2.11 default_gateway=10.137.2.1 tails_workstation_ip=192.168.199.2 tor_torrc=/etc/tor/torrc sysctl_file=/etc/sysctl.d/sysctl-hardening.conf ##################### ### System checks ### ##################### # Only run as root if [ $(id -u) != "0" ]; then echo "ERROR: Must be run as root...exiting script" exit 0 fi # Check if Tails-workstation/Tails-gateway connection is available if [ -z "${int_interface}" ]; then echo "Error: Tails-workstation/Tails-gateway vif interface is not available." exit 0 fi ######################## ### System hardening ### ######################## # Disable cups service cups stop # Disable ipv6 echo "# Disable ipv6" >> "${sysctl_file}" echo "net.ipv6.conf.all.disable_ipv6 = 1" >> "${sysctl_file}" echo "net.ipv6.conf.default.disable_ipv6 = 1" >> "${sysctl_file}" echo "net.ipv6.conf.${ext_interface}.disable_ipv6 = 1" >> "${sysctl_file}" ################ ### Firewall ### ################ # Permit TCP traffic from Tails-workstation sed -i "/interface lo ACCEPT;/a \

# CUSTOM RULE - Allow TCP traffic from Tails-workstation

interface vif+ saddr ${tails_workstation_ip} daddr ${int_interface_ip} proto tcp mod state state NEW syn mod multiport destination-ports (9050 9051 9061 9062 9150) ACCEPT;" /etc/ferm/ferm.conf # Permit UDP/DNS traffic from Tails-workstation sed -i "/interface lo ACCEPT;/a \

# CUSTOM RULE - Allow UDP/DNS traffic from Tails-workstation

interface vif+ saddr ${tails_workstation_ip} daddr ${int_interface_ip} proto udp mod state state NEW dport 53 ACCEPT;" /etc/ferm/ferm.conf # Reload iptables/ferm rules service ferm restart ############### ### Network ### ############### # Connection to tails-workstation nmcli con add con-name "${int_interface}" ifname "${int_interface}" type ethernet ip4 "${int_interface_ip}"/30 nmcli con mod "${int_interface}" ipv6.method ignore nmcli con up "${int_interface}" # Connection to Qubes sys-firewall nmcli con add con-name "${ext_interface}" ifname "${ext_interface}" type ethernet ip4 "${ext_interface_ip}"/24 gw4 "${default_gateway}" nmcli con mod "${ext_interface}" ipv6.method ignore nmcli con up "${ext_interface}" # Apply sysctl changes - applied here to disable ipv6 sysctl -p "${sysctl_file}" ########### ### Tor ### ########### # Listen on internal IP address sed -i "s/127.0.0.1/${int_interface_ip}/" "${tor_torrc}" # Listen for DNS on internal IP address # Set to port 53 to allow drop in replacements for Tails-gateway sed -i "s/DNSPort 5353/DNSPort ${int_interface_ip}:53/" "${tor_torrc}" service tor restart

Tails-workstation script - tails-workstation.sh

#!/bin/sh # Script for tails-workstation ################# ### Variables ### ################# ext_interface=eth0 ext_interface_ip=192.168.199.2 tails_gateway_ip=192.168.199.1 tails_useraccount=amnesia user_js=/home/amnesia/.tor-browser/profile.default/user.js tor_torrc=/etc/tor/torrc torbirdy_dir=/usr/share/xul-ext/torbirdy sysctl_file=/etc/sysctl.d/sysctl-hardening.conf ##################### ### System checks ### ##################### # Only run as root if [ $(id -u) != "0" ]; then echo "ERROR: Must be run as root...exiting script" exit 0 fi # Check if Tails-workstation/Tails-gateway connection is available if [ -z "${ext_interface}" ]; then echo "Error: Tails-workstation/Tails-gateway interface is not available." exit 0 fi ######################## ### System hardening ### ######################## # Disable cups service cups stop # Disable ipv6 echo "# Disable ipv6" >> "${sysctl_file}" echo "net.ipv6.conf.all.disable_ipv6 = 1" >> "${sysctl_file}" echo "net.ipv6.conf.default.disable_ipv6 = 1" >> "${sysctl_file}" echo "net.ipv6.conf.${ext_interface}.disable_ipv6 = 1" >> "${sysctl_file}" ################### ### Tor Browser ### ################### # Set Tor-Browser security slider to high. Note: not recommended by Tor-Browser developers echo 'user_pref("extensions.torbutton.security_slider", 1);' >> "${user_js}" # Configure proxy settings echo "user_pref(\"extensions.torbutton.custom.socks_host\", \"${tails_gateway_ip}\");" >> "${user_js}" #echo "user_pref(\"extensions.torbutton.socks_host\", \"${tails_gateway_ip}\");" >> "${user_js}" #echo "user_pref(\"network.proxy.socks\", \"${tails_gateway_ip}\");" >> "${user_js}" # Configure proxy in environment variables in tor-browser script sed -i "s/TOR_SOCKS_HOST='127.0.0.1'/TOR_SOCKS_HOST='${tails_gateway_ip}'/" /usr/local/bin/tor-browser # Set correct permissions and owner for user.js file chmod 600 "${user_js}" chown "${tails_useraccount}" "${user_js}" ########################## ### Torsocks utilities ### ########################## # Configure torsocks.conf sed -i "s/TorAddress 127.0.0.1/TorAddress ${tails_gateway_ip}/" /etc/tor/torsocks.conf # Configure tor-tsocks.conf sed -i "s/server = 127.0.0.1/server = ${tails_gateway_ip}/" /etc/tor/tor-tsocks.conf # Configure tor-tsocks-git.conf sed -i "s/server = 127.0.0.1/server = ${tails_gateway_ip}/" /etc/tor/tor-tsocks-git.conf ############################ ### General applications ### ############################ # Configure Bash environment variables echo >> /home/"${tails_useraccount}"/.bashrc echo "export SOCKS_SERVER=${tails_gateway_ip}" >> /home/"${tails_useraccount}"/.bashrc echo "export SOCKS5_SERVER=${tails_gateway_ip}" >> /home/"${tails_useraccount}"/.bashrc # Configure Electrum bitcoin client sed -i "s/socks5:localhost/socks5:${tails_gateway_ip}/" /home/"${tails_useraccount}"/.electrum/config # Configure Gnupg PGP client sed -i "s#socks5-hostname://127.0.0.1#socks5-hostname://${tails_gateway_ip}#" /home/"${tails_useraccount}"/.gnupg/gpg.conf # Configure Icedove/Torbirdy mail client - works, but needs more love to make it safer/specific sed -i "s/127.0.0.1/${tails_gateway_ip}/" "${torbirdy_dir}"/chrome/content/preferences.js sed -i "s/127.0.0.1/${tails_gateway_ip}/" "${torbirdy_dir}"/components/torbirdy.js sed -i "s/\"mail.smtpserver.default.hello_argument\": \"${tails_gateway_ip}\"/\"mail.smtpserver.default.hello_argument\": \"127.0.0.1\"/" "${torbirdy_dir}"/components/torbirdy.js # Configure Pidgin chat client - works, but needs more love to make it safer/specific sed -i "s/127.0.0.1/${tails_gateway_ip}/" /home/"${tails_useraccount}"/.purple/prefs.xml ################ ### Firewall ### ################ # Disable tor process user from accessing the web sed -i "s/debian-tor ACCEPT;/debian-tor REJECT;/" /etc/ferm/ferm.conf # Allow DNS to Tails-gateway sed -i "s/ daddr 127.0.0.1 proto udp dport 53 REDIRECT to-ports 5353;/#daddr 127.0.0.1 proto udp dport 53 REDIRECT to-ports 5353;/" /etc/ferm/ferm.conf # Allow DNS to Tails-gateway from tails useraccount #sed -i "s/ proto udp dport domain REJECT;/#proto udp dport domain REJECT;/" /etc/ferm/ferm.conf #sed -i "s/proto udp dport domain REJECT;/proto udp dport domain mod owner uid-owner ${tails_useraccount} ACCEPT;/" /etc/ferm/ferm.conf sed -i "/ @subchain \"lan\" {/a \ # CUSTOM RULE - Allow outbound UDP/DNS traffic for Tails useraccount

proto udp mod state state NEW dport 53 mod owner uid-owner ${tails_useraccount} ACCEPT;" /etc/ferm/ferm.conf # Reload iptables/ferm rules service ferm restart ############### ### Network ### ############### # Connection to Tails-gateway nmcli con add con-name "${ext_interface}" ifname "${ext_interface}" type ethernet ip4 "${ext_interface_ip}"/30 nmcli con mod "${ext_interface}" ipv4.dns "${tails_gateway_ip}" nmcli con mod "${ext_interface}" ipv6.method ignore nmcli con up "${ext_interface}" # Set DNS server to Tails-gateway sed -i "s/nameserver 127.0.0.1/nameserver ${tails_gateway_ip}/" /etc/resolv.conf # Apply sysctl changes - applied here to disable ipv6 sysctl -p "${sysctl_file}" ########### ### Tor ### ########### # Disable Tor echo > "${tor_torrc}" echo "DisableNetwork 1" >> "${tor_torrc}" echo "SocksPort 0" >> "${tor_torrc}" service tor stop

Qubes configuration scripts

Create normal Tails VM script - qubes-normal.sh

#!/bin/sh # Script for Qubes with normal tails system ################# ### Variables ### ################# iso_file=/run/initramfs/live/custom/image.iso iso_mountpoint=/mnt tails_vm=tails tails_vm_ram=1024 ##################### ### System checks ### ##################### # Check if iso is available if [ ! -e "${iso_file}" ]; then echo "Error: The ISO file is not available." exit 0 fi # Check if mountpoint is available if mountpoint -q "${iso_mountpoint}"; then echo "Error: The ${iso_mountpoint} is already mounted." exit 0 fi ################# ### Mount ISO ### ################# # Mount iso file at loop device sudo mount "${iso_file}" "${iso_mountpoint}" -o loop loop_device="$(losetup --associated ${iso_file} --list --raw --output NAME --noheadings)" ################ ### Tails VM ### ################ # Create Tails VM qvm-create "${tails_vm}" --hvm --label green --mem "${tails_vm_ram}" --quiet # Start Tails VM qvm-start "${tails_vm}" --cdrom="${loop_device}" --quiet

Create Tails-gateway and Tails-workstation VM script - qubes-gateway.sh

#!/bin/sh # Script for Qubes with tails-workstation/tails-gateway setup ################# ### Variables ### ################# iso_file=/run/initramfs/live/custom/image.iso iso_mountpoint=/mnt tails_gateway_vm=tails-gateway tails_workstation_vm=tails-workstation tails_gateway_vm_ram=1024 tails_workstation_vm_ram=1024 boot_timeout=40 ##################### ### System checks ### ##################### # Check if iso is available if [ ! -e "${iso_file}" ]; then echo "Error: The ISO file is not available." exit 0 fi # Check if mountpoint is available if mountpoint -q "${iso_mountpoint}"; then echo "Error: The ${iso_mountpoint} is already mounted." exit 0 fi ################# ### Mount ISO ### ################# # Mount iso file at loop device sudo mount "${iso_file}" "${iso_mountpoint}" -o loop loop_device="$(losetup --associated ${iso_file} --list --raw --output NAME --noheadings)" ##################### ### Tails-gateway ### ##################### # Create Tails-gateway qvm-create "${tails_gateway_vm}" --hvm --label red --mem "${tails_gateway_vm_ram}" --quiet # Start Tails-gateway qvm-start "${tails_gateway_vm}" --cdrom="${loop_device}" --quiet # Wait for Tails-gateway to boot sleep "${boot_timeout}" ######################### ### Tails-workstation ### ######################### # Create Tails-workstation qvm-create "${tails_workstation_vm}" --hvm --label green --mem "${tails_workstation_vm_ram}" --quiet # Remove default net-firewall connection qvm-prefs "${tails_workstation_vm}" --set netvm none # Start Tails-workstation qvm-start "${tails_workstation_vm}" --cdrom="${loop_device}" --quiet # Wait for Tails-workstation to boot sleep "${boot_timeout}" ###################### ### Create network ### ###################### # Create network between Tails-gateway and Tails-workstation # Note: this might give an error, but should work xl network-attach "${tails_workstation_vm}" script=/xen/scripts/vif-route-qubes backend="${tails_gateway_vm}" # Check for error code on xl command. # Notify user that the network interfaces should be available. if [ "$?" -ne 0 ]; then echo echo "Despite the previous error, the network interfaces should be available." echo fi

License

Consider the code to be public domain. If you or your jurisdiction do not accept that then consider the code to be released under Creative Commons 0 (CC0). If you or your jurisdiction do not accept that... well then settle for the MIT license. What we mean to say is that you are free to copy, modify and relicense the code by all means. But don't hold us liable for any damages incurred by using or abusing the software.

What remains to be done

Testing and auditing. You can help by sending bug reports and feature requests.

Improve the Tails-workstation and Tails-gateway setup. Explore Tor ControlPort options to allow Tor circuit switching on the Tails-workstation. Evaluate whether to enable or disable the Tor TransPort option.

Make pre-configured iso images available to download. We are looking for secure and reliable hosting. The iso files will be 1.1 GB and 3.3 GB in size. Sponsors and/or suggestions are welcome.

Add Tor-Ramdisk as Tor proxy system.

More automation and integration. We aim for plug-and-play.

Fix issues on the todo list of the previous article.

Support

If you have any questions, comments or suggestions you can leave a comment below or send an (encrypted) email.

Support this project by donating to:

Bitcoin:

1Ndk6vc9PST9aCHiyd8R2PAXZ68HxeKSgn

Monero:

463DQj1ebHSWrsyuFTfHSTDaACx3WZtmMFMwb6QEX7asGyUBaRe2fHbhMchpZnaQ6XKXcHZLq8Vt1BRSLpbqdr283QinCRK