Author Topic: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?  (Read 1103786 times)

kanzler and 3 Guests are viewing this topic.

Offline sumino2000

  • Newbie
  • Posts: 1
I only wish FrankBuss would elaborate on how to utilize that UART...

The serial port location:



All you need are some jumper wires, if you don't want to drill a hole. Fits nicely through the USB connector hole 8)



You can then stop the u-boot with space (can be difficult, you have to be fast, use something like HTerm which has a useful "repeat" function to send a sequence automatically until you stop it, or just hold down space while you boot it). Then you can boot the image from network like this:

Code: [Select]
set serverip 192.168.11.108
dhcp 0x4000000 nk.bin;bootm 0xf8050000

Where 192.168.11.108 is your own server, where TFTP is running and providing nk.bin. You should see something like this:

Code: [Select]
BOOTP broadcast 1
DHCP client bound to address 192.168.11.106
Using smsc device
TFTP from server 192.168.11.108; our IP address is 192.168.11.106
Filename 'nk.bin'.
Load address: 0x4000000
Loading: **#################################################################
#################################################################
...

You get the nk.bin from the nk.bin.comp from the firmware update cab-file with the bincompress.exe tool, which is included in the evaluation version of the WindowsCE development environment. Use http://www.t-hack.com/wiki/index.php/NK.BIN_toolset to take a look at the content of nk.bin and to modify it.


Hi, here is info if someone want to make a NAND dump with JTAG debugger:

To Enable JTAG, you need this SPEAr600 TEST[2:0] pin configuration:
TEST_0=1, TEST_1=1, TEST_2=0

With debugger I did 128MB dump from NAND:

0000:0000-005F:FFFF  empty, just 0xFF
0060:0000-00C0:9F61  NK.BIN.COMP, size 12623714 bytes (FW 02.20)

02C2:0000- ????      Other data/files


Now we have NAND dump and need to:
1) hack MD5/RSA file consistency check to enable another files to modify
2) hack RSACryptoServiceProvider::VerifyData() or function which use it (AGILEN~1.003)
With Uboot write modificaton into NAND. Then just install licenses with any signature :-)

Now I'm not able to find MD5/RSA file consistency check. Please help.
 
The following users thanked this post: ebclr, Andrew

Offline abyrvalg

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
There is no file consistency check afaik. There is no need to use jtag also, just use the infiniivisionstartupoverride.txt method desribed in previous posts and you'll be able to run a patched scope app from usb flash drive whithout opening the case. There is more that enough info posted in this thread already, just nobody wants to post that final "here is .zip, unpack it to usb flash and use"  ;)
Funny situation - dissecting Rigol and Hantek in public is ok, but Agilent's name invokes some kind of shame (or fear?) )))
 
The following users thanked this post: Andrew, ELIK

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
I guess the difference might be that the Hantek and Rigol hacks are just for bandwidth upgrade, all the other features are already included, so it is nice to have it, but most of the time not that important.

Agilent wants even for the voltmeter license EUR 61. And just the RS232/UART decoding license costs EUR 642. You want I2C/SPI, too? Another EUR 642. The sum of all available licenses might be more than EUR 10,000. And there might be people who considers to buy one or more licenses, like I did with the network license. So could be a big loss for Agilent, if there would be a public hack. Which makes it more dangerous to publish such a hack and which might even have negative consequences for Agilent: less money for Agilent means that they have less money for developing more good scopes.

So in my opinion, hack it for fun if you are a hobbyist and if you wouldn't buy one of the expensive licenses anyway, but don't publish the hack.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
There is no file consistency check afaik. There is no need to use jtag also, just use the infiniivisionstartupoverride.txt method desribed in previous posts and you'll be able to run a patched scope app from usb flash drive whithout opening the case. There is more that enough info posted in this thread already, just nobody wants to post that final "here is .zip, unpack it to usb flash and use"  ;)
Funny situation - dissecting Rigol and Hantek in public is ok, but Agilent's name invokes some kind of shame (or fear?) )))

Few reasons:
1. There is security risk when we publish it.
2. Agilent and their engineers are really helpful when I need real assistence.
3. On this forum were hack offered for $$$, so it is under supervision for sure.
4. This thread is in the top when you Google "Agilent DSOX hack".
5. Hack will double or triple the price of hardware.




 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
There is no file consistency check afaik. There is no need to use jtag also, just use the infiniivisionstartupoverride.txt method desribed in previous posts and you'll be able to run a patched scope app from usb flash drive whithout opening the case. There is more that enough info posted in this thread already, just nobody wants to post that final "here is .zip, unpack it to usb flash and use"  ;)
Funny situation - dissecting Rigol and Hantek in public is ok, but Agilent's name invokes some kind of shame (or fear?) )))

Few reasons:
1. There is security risk when we publish it.
2. Agilent and their engineers are really helpful when I need real assistence.
3. On this forum were hack offered for $$$, so it is under supervision for sure.
4. This thread is in the top when you Google "Agilent DSOX hack".
5. Hack will double or triple the price of hardware.
lol you think making a hack public will double or triple the hardware price?! Are you serious? So I guess all the other scopes/phones/tablets/games/consoles/computers/EVERYTHING ELECTRONIC have all doubled and tripled in price right? Since they have ALL been hacked since there was something to hack! Man, guess Ill be paying $599 for my $299 iPhone next time I upgrade since they jailbroke it.

And to you other "statements"

1) Nope, no security risk here, my scope is just as safe and secure as it was. Are you thinking that if the hack got out to the public that some malicious person might write a "virus" for my scope? Well who's to say I trust that the individuals on this site trying to sell me a hack arent going to do the same thing?! Or that they messed up somewhere and they made a mistake that hasnt been found and it might brick my scope?! This is why its better to let everyone look at your work if youre going to do this sort of thing.

2) Yes, they still are and always will be. They are paid to be so. They want to keep selling products. 99.9999% of the owners of electronic devices never hack or mod them anyway.

3) Most feel its insulting to reverse engineer some other work and then try and charge for it. I would never pay to jailbreak my iPhone or mod my Wii for example.

4) So?

5) You have to be kidding me... Already responded to this in the beginning of this post.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
There is no file consistency check afaik. There is no need to use jtag also, just use the infiniivisionstartupoverride.txt method desribed in previous posts and you'll be able to run a patched scope app from usb flash drive whithout opening the case. There is more that enough info posted in this thread already, just nobody wants to post that final "here is .zip, unpack it to usb flash and use"  ;)
Funny situation - dissecting Rigol and Hantek in public is ok, but Agilent's name invokes some kind of shame (or fear?) )))

Few reasons:
1. There is security risk when we publish it.
2. Agilent and their engineers are really helpful when I need real assistence.
3. On this forum were hack offered for $$$, so it is under supervision for sure.
4. This thread is in the top when you Google "Agilent DSOX hack".
5. Hack will double or triple the price of hardware.
lol you think making a hack public will double or triple the hardware price?! Are you serious? So I guess all the other scopes/phones/tablets/games/consoles/computers/EVERYTHING ELECTRONIC have all doubled and tripled in price right? Since they have ALL been hacked since there was something to hack! Man, guess Ill be paying $599 for my $299 iPhone next time I upgrade since they jailbroke it.

And to you other "statements"

1) Nope, no security risk here, my scope is just as safe and secure as it was. Are you thinking that if the hack got out to the public that some malicious person might write a "virus" for my scope? Well who's to say I trust that the individuals on this site trying to sell me a hack arent going to do the same thing?! Or that they messed up somewhere and they made a mistake that hasnt been found and it might brick my scope?! This is why its better to let everyone look at your work if youre going to do this sort of thing.

2) Yes, they still are and always will be. They are paid to be so. They want to keep selling products. 99.9999% of the owners of electronic devices never hack or mod them anyway.

3) Most feel its insulting to reverse engineer some other work and then try and charge for it. I would never pay to jailbreak my iPhone or mod my Wii for example.

4) So?

5) You have to be kidding me... Already responded to this in the beginning of this post.

My opinion, my rulezz... You can try to hack it by yourself and publish it ;-) I will never do that, for the reason above. Every year I spent more than 25k USD for various test equipment. When I really need for business I will buy it.
I posted in this thread lot of tricks which will be quite useful, thats all.
 
The following users thanked this post: ebclr, Andrew, ImABeginner

Offline KTP

  • Frequent Contributor
  • **
  • Posts: 512
Bragging about a hack and then refusing to give out information does make you look like a bit of a douche...

But then so does spelling rules with a z...
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
Read whole thread....
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
Benemorius, did you tryied change de splash screen?
did you get any results with yours tests?

Yes, changing the splash screen worked.

I did not attempt to overwrite any .exe or .dll files but I see no reason to doubt that it will work too. Running the firmware from USB is slower (longer boot time and occasional menu lag) and you have to remember not to pull the flash drive or else it crashes, but otherwise it works about like normal. I'm happy enough with that that I'd rather not overwrite any other files until I have NAND access, despite all indications being that there's nothing to worry about really.
 
The following users thanked this post: Andrew

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2365
  • Country: de
    • Frank Buss
Yes, changing the splash screen worked.

Nice, maybe you can provide a zip file with the USB flash drive content and attach it here? It will be small with a simple monochrome image as an example. Then that crazy aussie bloke and others can just replace the splash screen with their favorite image, if they want to.

Quote
I did not attempt to overwrite any .exe or .dll files but I see no reason to doubt that it will work too. Running the firmware from USB is slower (longer boot time and occasional menu lag) and you have to remember not to pull the flash drive or else it crashes, but otherwise it works about like normal. I'm happy enough with that that I'd rather not overwrite any other files until I have NAND access, despite all indications being that there's nothing to worry about really.

There is more than one way to skin a cat, but it is possible with just booting patched files from USB, and all necessary files to patch (one or two, depending on how you hack it) are writable. But needs some work with IDA or other disassemblers. Fortunately the DLLs are not encrypted. With more secure systems like used in iOS, it would be more complicated because of the additional decrypt step.
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
Yes, changing the splash screen worked.

I did not attempt to overwrite any .exe or .dll files but I see no reason to doubt that it will work too. Running the firmware from USB is slower (longer boot time and occasional menu lag) and you have to remember not to pull the flash drive or else it crashes, but otherwise it works about like normal. I'm happy enough with that that I'd rather not overwrite any other files until I have NAND access, despite all indications being that there's nothing to worry about really.

The boot time is annoying,  I need to restore backup of my USB two times, because the files on flash became corrupted.
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
There is more that enough info posted in this thread already, just nobody wants to post that final "here is .zip, unpack it to usb flash and use"  ;)
Funny situation - dissecting Rigol and Hantek in public is ok, but Agilent's name invokes some kind of shame (or fear?) )))

Not shame I think, but fear of a couple of things.

Fear of what the response from Agilent might be if the .zip file makes it to Hackaday or wherever things go to get really popular these days. It would be sad enough if Rigol responded to the popularity by patching the recent hacks, but an order of magnitude more sad at least if Agilent did the same. For the Rigol options are at least affordable if you really want them. With Agilent some of the stuff is off limits to a large number of us. As in can't have ever. Like at all. The hacks are the only way for some of us to ever have these things and nobody wants to make them go away for anyone.

There is also some fear of Agilent's attitude toward us individually. It is conceivable that I may actually contact Agilent if I ever have a problem with my scope some day since they're one of those remaining companies with whom that is actually worth doing. Given that possibility, it would be good for me if I haven't pissed them off in such a way that their desire to provide assistance is diminished. This is much less true with Rigol. I wouldn't expect much service there whether I'd pissed them off or not.

Someone will eventually post the damn .zip file. Part of the reason it's taking longer is simply that there are fewer Agilent owners out there than Rigol owners. The Agilent owner who just doesn't give a flying fuck simply hasn't come along yet.
 
The following users thanked this post: Andrew

Offline benemorius

  • Regular Contributor
  • *
  • Posts: 173
The boot time is annoying,  I need to restore backup of my USB two times, because the files on flash became corrupted.

That's interesting. I've used my scope a lot and haven't encountered any problems with corruption. It doesn't seem like any of the files there are regularly written anyway. I wonder if a different flash drive would change anything?
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
The boot time is annoying,  I need to restore backup of my USB two times, because the files on flash became corrupted.

That's interesting. I've used my scope a lot and haven't encountered any problems with corruption. It doesn't seem like any of the files there are regularly written anyway. I wonder if a different flash drive would change anything?

I'm using micro SD Reader and card, not regular USB flash. It can be also source of problems.
 
The following users thanked this post: Andrew

Offline wersi

  • Contributor
  • Posts: 25
I only wish FrankBuss would elaborate on how to utilize that UART...

The serial port location:



All you need are some jumper wires, if you don't want to drill a hole. Fits nicely through the USB connector hole 8)



You can then stop the u-boot with space (can be difficult, you have to be fast, use something like HTerm which has a useful "repeat" function to send a sequence automatically until you stop it, or just hold down space while you boot it). Then you can boot the image from network like this:

Code: [Select]
set serverip 192.168.11.108
dhcp 0x4000000 nk.bin;bootm 0xf8050000

Where 192.168.11.108 is your own server, where TFTP is running and providing nk.bin. You should see something like this:

Code: [Select]
BOOTP broadcast 1
DHCP client bound to address 192.168.11.106
Using smsc device
TFTP from server 192.168.11.108; our IP address is 192.168.11.106
Filename 'nk.bin'.
Load address: 0x4000000
Loading: **#################################################################
#################################################################
...

You get the nk.bin from the nk.bin.comp from the firmware update cab-file with the bincompress.exe tool, which is included in the evaluation version of the WindowsCE development environment. Use http://www.t-hack.com/wiki/index.php/NK.BIN_toolset to take a look at the content of nk.bin and to modify it.


Hi, here is info if someone want to make a NAND dump with JTAG debugger:

To Enable JTAG, you need this SPEAr600 TEST[2:0] pin configuration:
TEST_0=1, TEST_1=1, TEST_2=0

With debugger I did 128MB dump from NAND:

0000:0000-005F:FFFF  empty, just 0xFF
0060:0000-00C0:9F61  NK.BIN.COMP, size 12623714 bytes (FW 02.20)

02C2:0000- ????      Other data/files


Now we have NAND dump and need to:
1) hack MD5/RSA file consistency check to enable another files to modify
2) hack RSACryptoServiceProvider::VerifyData() or function which use it (AGILEN~1.003)
With Uboot write modificaton into NAND. Then just install licenses with any signature :-)

Now I'm not able to find MD5/RSA file consistency check. Please help.

Hey Sumino2000,

I found on Agilent site this data sheet containing "memory map", maybe this will help: Link
 
The following users thanked this post: Andrew

Offline wersi

  • Contributor
  • Posts: 25
Hi guys!

Recently i bought a 2000 series scope with Lan/Vga option, so i started poking around and this is what i managed to find out.

If you have LAN/VGA option you can boot from USB stick and using VNC get access to windows ce desktop,
windows have frame buffer in RAM for user interface, user interface you see on a scope's LCD is generated by MegaZoom,
and original agilent vnc is transmitting megazoom's frame buffer to computer...

This is how you can do it:

1. Make some batch file in "startup" folder on usb stick containing this code:

taskkill /im infiniivisionLauncher.exe
taskkill /im AgilentLxiWebService.exe

This prevents starting infiniivision application and vnc.

2. Download "mobileVNC", you can find a demo version (you'll need version for ARM). You can search "MobileVNC_Demo.zip" i used that one.

Copy executable somewhere on usb and put shortcut to executable in startup folder.

This is how you do it:
write path to executable, in my case its:

48#\usb\Secure\infiniiVision\ARM\MobileVNC.exe

and save it as ".lnk" file, copy that file to startup folder.


If you don't know ip address you can boot scope normaly and see in options-->IO-->LAN assigned ip address.
Enter this address in vnc viewer and conntect to scope, that's it!

You'll notice that it's imposible to copy any .exe files from windows folder.
There are some hidden folders, for example folder containing license and calibration data, you need to check "view hidden files" in options
and then you can "backup" them on USB drive.


If you ever looked at firmware update you probably noticed in recepie.xml:

   <!-- Try to update DSO2000 FPGA -->
   <installStep>
      <file checksum="c4e300bc784756148a13e95f83cf44da">fpga2000a.bin</file>
      <command>\windows\loadP500Flash -u fpga --target economy %TEMP%\fpga2000a.bin</command>
   </installStep>
   <!-- Try to update DSO3000 FPGA -->
   <installStep>
      <file checksum="12173c04dc2dee18976902c36fc42809">fpga3000a.bin</file>
      <command>\windows\loadP500Flash -u fpga --target performance %TEMP%\fpga3000a.bin</command>
   </installStep>


but when i called "loadP500Flash -help" in command prompt it responded with:

USAGE:

   \Windows\loadP500Flash.exe  [-t <economy|performance|coyote>] [-a
                               <hexidecimal integer>] -u <tloSplash|fpga
                               |ceImage1|ceImage2|ceImage3|custom> [--]
                               [--version] [-h] <filename>


Where:

   -t <economy|performance|coyote>,  --target <economy|performance|coyote>
     FPGA target

   -a <hexidecimal integer>,  --address <hexidecimal integer>
     NAND Flash address for the custom update type.

   -u <tloSplash|fpga|ceImage1|ceImage2|ceImage3|custom>,  --update
      <tloSplash|fpga|ceImage1|ceImage2|ceImage3|custom>
     (required)  Update Type

   --,  --ignore_rest
     Ignores the rest of the labeled arguments following this flag.

   --version
     Displays version information and exits.

   -h,  --help
     Displays usage information and exits.

   <filename>
     (required)  Filename to write to NAND Flash


   updateP500Flash


So what is this "coyote" option? Some model (or series) better than 3000???

What do you think???
 
The following users thanked this post: Andrew

Offline abyrvalg

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
Coyote is 4000. InfiniiVision is common sw for 2k, 3k, 4k.

Why do you need VNC if there is a built in telnet?
 
The following users thanked this post: Andrew

Offline abyrvalg

  • Frequent Contributor
  • **
  • Posts: 823
  • Country: es
Some "oil into the fire":
telnet login/pass:
infiniivision
skywalker1977
 
The following users thanked this post: [IDC]Dragon, Andrew, ImABeginner

Offline punkerdood

  • Newbie
  • Posts: 4
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #168 on: September 24, 2013, 05:16:20 am »
Apparently djvinc doesnt exist on the interwebs anymore.  I'd be happy to pay $140 for a fix. 

Oh well.  I guess I'll start digging into my 3034. Bummer, I've got better things to do with my time.
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
Re: DSOX2000 and 3000 series - licence , have anyone tried to hack that scope ?
« Reply #169 on: September 24, 2013, 03:10:12 pm »
You don't really need to pay, all the required info is in this thread. You can just boot using a USB flash drive to unlock everything.
Someone needs to throw together a thorough walk through for those that arent as savvy in this area.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline Lazarus4_

  • Newbie
  • Posts: 8
I don´t really understand what to do in order to "hack" the DSO.
I tried it with the USB method, but I think I haven´t done it the right way.

Maybe someone can help me via private message or so :)
 
The following users thanked this post: Andrew

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
Yea me too please. What exactly has been figured out and what can we get out of it? Of course without having to buy it from someone else I mean.
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew

Offline romantao

  • Contributor
  • Posts: 36
  • Country: pt
I want to buy one of those Agilent oscilloscopes and, as a young academic i'm interested in some particular addons.
I'm not particularly in favor of those who profit with these hacks so i understand all the secrecy about this talk.
However, the way this topic is evolving is putting myself up to the challenge of finding the way to enable some licenses :)

As it seems possible to run the firmware from a USB pen without having to sign any cab and safely make some changes in the files, i ask a naive question that contribute with something (or not) to this topic:

Is it possible to edit one specific binary file in such way that the public key used to verify the license files is changed to the old one so we can use the known private key to sign the licenses?

Since i dont have access to any scope of this range, i have no way to check this idea.... just my two thoughts...

Regards

« Last Edit: November 02, 2013, 03:33:21 am by romantao »
 
The following users thanked this post: Andrew

Offline plesa

  • Frequent Contributor
  • **
  • Posts: 965
  • Country: se
How to hack the firmware
1. Unpack the firmware *.cab by 7zip
2. Unpack infiniiVisionSetup.cab ( e.g. with WinCE CAB Manager 3.0)
    Find \Secure\infiniiVision\infiniiVisionCore.dll
3. Change at location 0x277e50 in infiniiVisionCore.dll
    byte sequence 04 00 a0 e1 to byte sequence 00 00 a0 e3
4. Enable startup Overide by creating USB flash with following structure in root of USB drive (copy structure from Secure folder from point 2)
    Edit in Startup folder file infiniivision.lnk to contains following sequence "62#\usb\infiniiVision\infiniivisionLauncher.exe -l All -l SCPIPS"
    Replace in infiniiVision folder  infiniiVisionCore.dll with patched infiniiVisionCore.dll file
5. Create infiniivisionStartupOverride.txt file in root of USB flash drive containing "True"
6. Plug the USB drive to scope and turn it ON
7. There will be red  message in letf top corner "Unfinalized Software"  and "System Concerns detected: OS version is not correct. Please reload system firmware"

Applications needed:
 WinCE CAB Manager http://www.ocpsoftware.com/products.php
 7Zip http://www.7-zip.org/
 
The following users thanked this post: Andrew, ImABeginner

Offline ben_r_

  • Frequent Contributor
  • **
  • Posts: 419
  • Country: us
  • A Real Nowhere Man
How to hack the firmware
1. Unpack the firmware *.cab by 7zip
2. Unpack infiniiVisionSetup.cab ( e.g. with WinCE CAB Manager 3.0)
    Find \Secure\infiniiVision\infiniiVisionCore.dll
3. Change at location 0x277e50 in infiniiVisionCore.dll
    byte sequence 04 00 a0 e1 to byte sequence 00 00 a0 e3
4. Enable startup Overide by creating USB flash with following structure in root of USB drive (copy structure from Secure folder from point 2)
    Edit in Startup folder file infiniivision.lnk to contains following sequence "62#\usb\infiniiVision\infiniivisionLauncher.exe -l All -l SCPIPS"
    Replace in infiniiVision folder  infiniiVisionCore.dll with patched infiniiVisionCore.dll file
5. Create infiniivisionStartupOverride.txt file in root of USB flash drive containing "True"
6. Plug the USB drive to scope and turn it ON
7. There will be red  message in letf top corner "Unfinalized Software"  and "System Concerns detected: OS version is not correct. Please reload system firmware"

Applications needed:
 WinCE CAB Manager http://www.ocpsoftware.com/products.php
 7Zip http://www.7-zip.org/
Nice. So what can you do with it from this point?
If at first you don't succeed, redefine success!
 
The following users thanked this post: Andrew


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf