From c9360587cbcc08944297d6b4e2d5b18b5a385b13 Mon Sep 17 00:00:00 2001
From: Triggered_Tux <triggered_tux@protonmail.com>
Date: Wed, 23 Jan 2019 12:01:27 -0500
Subject: [PATCH] aaa

---
 Rhme-2016-master/README.md                    |  32 ++
 .../RHme2_prequalification_challenge          | Bin 0 -> 9144 bytes
 .../binaries/animals/animals_readme.txt       |   2 +
 .../Requête fonctionnelle.logicdata          | Bin 0 -> 71362 bytes
 .../avr_filesystem/avr_filesystem_readme.txt  |  26 +
 .../binaries/avr_filesystem/file_system.py    |  25 +
 .../binaries/avr_filesystem/untitled.csv      | 375 ++++++++++++++
 .../binaries/casino/casino_readme.txt         |  11 +
 .../emergency_transmitter_readme.txt          |  10 +
 .../binaries/fiasco/fiasco_readme.txt         |  64 +++
 .../binaries/fiesta/fiesta_readme.txt         |  25 +
 .../fine_tuning/fine_tuning_readme.txt        |  35 ++
 .../challenges/binaries/jumpy/jumpy.bin       | Bin 0 -> 3574 bytes
 .../binaries/jumpy/jumpy_readme.txt           |   6 +
 .../binaries/key_server/key_server_readme.txt |   8 +
 .../photo_manager/photo_manager_readme.txt    |  10 +
 .../piece_of_scake/piece_of_scake.txt         |   6 +
 .../challenges/binaries/scalate/scalate.txt   |   3 +
 .../secret_sauce/secret_sauce_readme.txt      |  12 +
 .../still_not_scary/still_not_scary.txt       |   3 +
 .../whac_the_mole/whac_the_mole_readme.txt    |   6 +
 Rhme-2016-master/src/Makefile                 |  24 +
 Rhme-2016-master/src/README.md                |  13 +
 .../src/aesprotected/aesProtected.c           | 486 ++++++++++++++++++
 .../src/aesprotected/aesProtected.h           |  74 +++
 Rhme-2016-master/src/aesprotected/gf256mul.S  | 119 +++++
 Rhme-2016-master/src/aesprotected/gf256mul.h  |  36 ++
 Rhme-2016-master/src/hardsca/hardsca.c        | 121 +++++
 Rhme-2016-master/src/jumpy/jumpy.c            | 375 ++++++++++++++
 Rhme-2016-master/src/jumpy/solution.txt       |   1 +
 Rhme-2016-master/src/jungle/jungle.c          | 370 +++++++++++++
 Rhme-2016-master/src/mediumsca/mediumsca.c    | 120 +++++
 .../src/secretsauce/secretsauce.c             | 364 +++++++++++++
 Rhme-2016-master/src/simplesca/simplesca.c    | 119 +++++
 .../src/whac_the_mole/whack_the_mole.c        | 310 +++++++++++
 35 files changed, 3191 insertions(+)
 create mode 100644 Rhme-2016-master/README.md
 create mode 100644 Rhme-2016-master/RHme2_prequalification_challenge
 create mode 100644 Rhme-2016-master/challenges/binaries/animals/animals_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/avr_filesystem/Requête fonctionnelle.logicdata
 create mode 100644 Rhme-2016-master/challenges/binaries/avr_filesystem/avr_filesystem_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/avr_filesystem/file_system.py
 create mode 100644 Rhme-2016-master/challenges/binaries/avr_filesystem/untitled.csv
 create mode 100644 Rhme-2016-master/challenges/binaries/casino/casino_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/emergency_transmitter/emergency_transmitter_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/fiasco/fiasco_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/fiesta/fiesta_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/fine_tuning/fine_tuning_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/jumpy/jumpy.bin
 create mode 100644 Rhme-2016-master/challenges/binaries/jumpy/jumpy_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/key_server/key_server_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/photo_manager/photo_manager_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/piece_of_scake/piece_of_scake.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/scalate/scalate.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/secret_sauce/secret_sauce_readme.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/still_not_scary/still_not_scary.txt
 create mode 100644 Rhme-2016-master/challenges/binaries/whac_the_mole/whac_the_mole_readme.txt
 create mode 100644 Rhme-2016-master/src/Makefile
 create mode 100644 Rhme-2016-master/src/README.md
 create mode 100644 Rhme-2016-master/src/aesprotected/aesProtected.c
 create mode 100644 Rhme-2016-master/src/aesprotected/aesProtected.h
 create mode 100644 Rhme-2016-master/src/aesprotected/gf256mul.S
 create mode 100644 Rhme-2016-master/src/aesprotected/gf256mul.h
 create mode 100644 Rhme-2016-master/src/hardsca/hardsca.c
 create mode 100644 Rhme-2016-master/src/jumpy/jumpy.c
 create mode 100644 Rhme-2016-master/src/jumpy/solution.txt
 create mode 100644 Rhme-2016-master/src/jungle/jungle.c
 create mode 100644 Rhme-2016-master/src/mediumsca/mediumsca.c
 create mode 100644 Rhme-2016-master/src/secretsauce/secretsauce.c
 create mode 100644 Rhme-2016-master/src/simplesca/simplesca.c
 create mode 100644 Rhme-2016-master/src/whac_the_mole/whack_the_mole.c

diff --git a/Rhme-2016-master/README.md b/Rhme-2016-master/README.md
new file mode 100644
index 0000000..c4d983d
--- /dev/null
+++ b/Rhme-2016-master/README.md
@@ -0,0 +1,32 @@
+# Rhme-2016
+
+## Challenge Binaries
+
+You can use the challenge binaries on a normal Arduino Nano or Uno board (atmega328p chip). To upload the challenge to the board, use the following command:
+
+    avrdude -c arduino -p atmega328p -P /dev/ttyUSB* -b115200 -u -V -U flash:w:CHALLENGE.hex
+
+Please keep in mind that depending on the bootloader that is installed on your board, the baudrate will change. Stock Nano baudrate should be 57600, and stock Uno is 115200. (Thanks [HydraBus]kag for this info).
+
+## Write-ups
+* https://github.com/hydrabus/rhme-2016
+* https://www.balda.ch/posts/2017/Mar/01/rhme2-writeup/
+* https://www.youtube.com/playlist?list=PLhixgUqwRTjwNaT40TqIIagv3b4_bfB7M
+* https://ctf.rip/rhme2-secretsauce/
+* https://ctf.rip/rhme2-fridgejit/
+* https://github.com/mrmacete/writeups/tree/master/rhme2/fridge-plugin
+* https://github.com/gijsh/rhme2_writeups
+* https://www.youtube.com/watch?v=6_Z5RcHoykE
+* https://n0wblog.blogspot.nl/2017/03/rhme2-writeups-secure-filesystem.html
+* https://n0wblog.blogspot.nl/2017/03/rhme2-writeups-jumpy.html
+* https://github.com/ikizhvatov/jlsca-tutorials
+* https://firefart.at/post/rhme2_whac_the_mole/
+
+## Old readme
+The second round is coming!
+
+The RHme2 (Riscure Hack me 2) is our low level hardware CTF challenge that comes in the form of an Arduino Nano board. The new edition provides a completely different set of new challenges to test your skills in side channel, fault injection, cryptoanalysis and software exploitation attacks.
+
+For more information and registration, visit http://rhme.riscure.com
+
+Follow us on twitter at @riscure and #rhme2 for updates.
diff --git a/Rhme-2016-master/RHme2_prequalification_challenge b/Rhme-2016-master/RHme2_prequalification_challenge
new file mode 100644
index 0000000000000000000000000000000000000000..5ea7b4a2b13994783506dadaae5ae1537664eb49
GIT binary patch
literal 9144
zcmeHNeQ;FO6~DWikmbY820;T@dD`HhHcP@s8o`#gA%PbR5R*l)ijU3iOR};b>F!%h
z{G&pHACX4Wsng=rPSa_f>NwM(ovA||hb&;xwzh*>J4|f_ZFLfriqc|cilpb<cg}vi
z?26Nw{?{|}-nr*@&pG$p`|iE(-LrdNOWS&<!y%ZQ;;RCsKDR0%>n_CPA}JEqC}s*(
zEEZRZ8Gw|-rOF!QR*Cr}xn}MrJs0pYxEh@n(CAcUf%#Py3@up15hBO-a->qx;vdYm
zMCL*$5<okQRd}Qbe5X|)K1y*MB+hmyqFpuFRg*sR(-atU?jQCIuK@WAI8~5PR*{Kj
zdCzgwMQVS?3}gAgEGYt4Wr6w47A%;v-K}6J`$zScVqQ|{p!Q0Qi{SAfPTdvDqLHqK
zmCK^x+Gr%6?yv1{Y^ZHm=}RSi%VodOKk9DSyj8Zu<EVgyG0%ew=K$8f`qti~(bhN4
z_8flZ=@k!t@?rY<)!#<_%izjBH=&3<AR{5(vo*+FkeK~e2Y_M+L0($|{|Vr8i|Bu^
z1pfOHc%}r7{Z-(yQzrn59RxWBSFv~oO5jhIz>k-}p98!~EEJ>Oolp{j=dFO}8cGiI
znF)NB^}ae^ozPnYoAj`eG<qT_(?|w3t&1k&Mj+S~HH5DB#1e5mWd@U`t_ywRZoPx_
z)<uJ<l##N`iyHe|I>E1OPGC7@m@MnNi~$)7hS31c^d%#4vs(}K?h<`z6TD)Zp<M{*
z-N8syq|9(6F1mXRsEir0P^=Ghus0N3EC|(G+FLevcDCtO$2PRJHm%c_`&J4rt;j1c
z_pOpc12-qkRVOWlGMK;RS;+x2)Bzee85O*4yc?EbnK%VyBnMay1Lw&)FA{<2TQ1HJ
zW-f@##Fg*~$?1hCLwo2HXtHvr<hZs8k}^Lx+zY{Bma6G_Rse$Qi%H4DdC$PQrFnS%
zzFL=u=kF_xc{l``B{dJHtxMKvc{pv&5^vAL=VZMIp$&fE*7le0n5hWu{)|~Z{(Y#_
z248R=vy`S*bwJhBk^tN*7pqW0xfd%ZPEP?X*@!X@)x-%YH=&H%$wWrVt5L?GnK&rr
z<tXEjOpHqT29$9qCPt)uEy_3q6MLk*5M><Ri9RX+!mWtz5s)Qy{tA1q?fu{&gb>#D
zmn~U}^3cATrvRwWK;NpMac%gC8aDvi&?&5&M4kQRQxGPK_@wJI=d@?KN3_t{p`(@0
zKC%bK>&V+>Gmj2t9QD5)oKznAE<)*3+Hjzz>@Zr4AuzrMf|8gv{JiCN=*{sf0355C
zrHb*FFGBVH`A<U7sIVRE4!1+=<A1{nLY~9fs)3yc?BFRZJM0JBG0=su#vcbw?8p<c
zOJQxrRkDxih1%X1u-A7SJG`CM$D^S9{ww3Z1Xj7Y8SKxr4!v@hHuSbO`1iBzfz}r@
zUeMKEJTf{H*^BKJ5ab5X{%5z;KlD@R)K;x_6qq(R>CuMX*}dox1R|$L)s8W&m^uy0
z`w$d6j^V86_OW~z>$hrq{~;Y5x#$81+R$0;$oN{#aa?=lqB%e7Z8m$WTnv7!_V;{c
zZ-pX6x@s#Jj>lm<b{sE{1LQa-TN?9vFtD{EUH<-ez%J|TBQ%&gv18(1u*t<!pRxR2
z^0}gW7%%@e|84%EDgRb~plx``<}w93GhB<jvvufv>(J|M*S{mz%#lxB<6{@#8Qy=!
zRO;X0{<jUi*EV#%89YqQ`-?Vs%%R=%e)>IJP<QO`-|64szss*58_C6Y4%V6UM@!BD
zd(pPups7SsirH%@DcG(JQ|W`P{hmZJyjIK#P;ES6DxpL&X@tycgqXF>h(?t#yeF<v
zZcn6@?nF8sF6IGrksf>dT<u>Ue&hD;mwvZxZR%@Hjzz9D_>F@LuNu1b5b#65Ujlye
z)2XTL$YGis1n!0rJ`21bcq2|yAbj5<IqvNcj()FW(VPnRh@--bIDS+1gO3|ffvC8?
z5H(Pb`VakkYH9>^J>K=6>W!7N?{V)DYZtD$VMWcg2%|kbE}=k7HzGiU_IJWH4)%*M
zHowO^=xp<3T+Z{eJYK)Y?U&mk+U|qP3-$(Z(d6+y>TL2<KjLcfD8pq<o~7R^*F1F(
z%+NfIgB6=RYSPo__tg14OPf3j=z)Hd$1US{8O$5O4{mz@r~i+@XN`ag+b)tqTnccb
zWi*WslLEi9M`oxJ;ct+6u$v<-kaxJj_K3vCN4Jy&e0f^rrg~gsNL>G~i&F`d4>(n1
z*)yNF%#v|mK*~5(xWj%U??O~k;Brv`R!#VP;>_>^KoYzjka(?Rq?Fq~@I{YwrNzXF
za#fZXA0?UNt|LAEHsbbSIm-U1qz_w_l)2rrBr8-;ZvN+t&$0G~j?;7f6Y+P6pC>*8
z-qT1|5WkLi194gTIc|Z0Thz<0TUveL4@dueXy4w4Zw+m`Z_Vm2Tz&rHg+Ko6!l^em
ztXsEQS-Q0=9XHd;D&I<9U2Q{JO7-8UZ}8Qv^wnQ);mY#5`i8oOx|=T9staayqf?!x
zhu`>tqPR<#Me(xi{LFXeg4voWsy{>U{4Lb45XGLm3swWqmqPuSVzkISaltC!`B|tx
zTktw9#OH{E^gIjk%Y<6wIl3T8fZu0!a*0a8>ps8E1*aZ`_JcyaDx23R#OI2WMfESw
z?jwcz^91i7h4_4dpJjG(i7OzFQw+Z{d(O(YapCSk`$HkVK<q4v=g!lG`n>z)P~4`<
z#79#(#46#w>JZc8$Nkg^<3H+FEk(McXT(q2a3A6JeZ3iQ2kgF2QT)8mcS?Nvc-~8X
z_&oulqzB;c5SLGTE>8kptY4-2`)lcEt{9)KLMcbDL9y64phhwO)_HsSy!u%Bnf@H{
z@FgIA`}|ozIKQ`03+YRMJBrMog|LAu@V2whhgG0o1^6BsXGMB}&pN>8!t=sY4-)VH
zS3?1D&b#urX$R;lQnT<DEP<z`|3Y1q9xQ>kNqqYH{ZR@1ObProz?JFEiVp#=%G(FZ
zNatb+{c0EoZ;|m_BFATX11jLf@>rcE^mn7ab3r!m#U8&&crQIK#vhe_VBOL8kwFzd
z1l*gKKV$u8NWYKtZ={N6CC*wo{%Q$)9*htAKWK~RUD@vR_|H(gyg$pc1~l`y#Eb0z
zp`@8I)7{;^5TwaAuItd-S~~-f!OP|ObTg)hFw=+0ws1o4i6**&Q9W!Xk|{ly?iZm%
ztS@SqM%ee|RgJ5PE9u>lctj5-lfePqh?~g)(VYy&3_YBV#RkA6PtrltEKu#xV#ad)
z>*-)L(j5r}%?M-~L%qRh)QI;OGVt{s{!J}<%jRaxJ<4uy84}BSi>6x&T62fcH?(bO
z^0(<**01ku3FrZTQ(Frf6|@>I1Y}xM=*_op_HSxkCm<);o=li<!ZlD)CKp4gwCp3u
zm&}A>;!;&P*NFMW{Jdta2D6aUa+kSkG?aPHLg+Kow5?kp4GIZTJ)OeXF{4{FB@0hF
zXa=p6sm#ezepXcrQ>W5dVf#fgxOOXDhvaegafMR}y*C&S%QSL!F!6an@4HedilQ%>
z2pOr=EszklCw+4PtfZW84w1uaU~hy>{R&@dAZ7-;fSXB+_i_nR%SN(K_#lU2`20<+
zwPvt~q@H-%*OiXI4;_)P@S)TjO!W$1cpwh`EN&*Pn%zb+1#`4O(4j7AM1yERrM{>s
ze6pK9DEfL5Aeu%$+;OphQbI=UGkR%x^oGF+OO~m%PAm&9-yH%qXeJnogdm25iS7Zx
zA@IR?3LmW47_7qF_VZtt@Vf)HsO<ZTzo+^4JU-8H1E`x%Uj(57F4&$V@pm`>UZxPv
zjNcn9*Fz!Sp1;pca#+KP#O?OYfS-pm7q@@FsY=ZQHv4jk=FX)gip@~KGbY<-oGM6o
z9+gbAQ-|@KibXyj!k37o+u)98P`2lDftLd1bF8Ip`QS40yWqkzB-<-=9#AM?9)FIX
z^_cGhdpwh}tdhM-20Ni13FAi{jvp~3{4T^$*?yGlN6DVg!Q4LEbN}~|eG_mbKDV48
zgN#J2b3fYH?H>UQ$CdK{e7+eWfb$FFM#joz<U?@f+w(c-Alb`YU!H-N%FG|L+4Ffx
z#YqXo@mkV!`3F#u-#)*$+sXbY4=g$0cG=&LZT5Wrnn#Hc&Ofj|O)D0~(`3)hD6>>q
zr;vSrR?{lj`}1>vF@Cn^->3O^>zi%%_V&kY_I&O;N$unJPd?e({|!{)Px9G34xj4~
z1hVVf<<~){5-zsqbAbDE+P?+17$V#AdDHtj?cW7koN8>(=TiQk!D;G0O~-71cpe<E
zwa>p3PGYBk?EPh#`G=sBAHU%5Oln}e^pd-=9rH<>J)eJelD(QUl_kX{Uj!L_asNlD
z{ZX>#ezKWe#@|OV{yJ75&h{&9I1Q(?!Kx~_xb1w^_h{po!v<7o6Qv)X`}y`KDNu#h
c@zqed3@#qGYEs7aS*-m@N;H0Kb8c_{Kd2d>mH+?%

literal 0
HcmV?d00001

diff --git a/Rhme-2016-master/challenges/binaries/animals/animals_readme.txt b/Rhme-2016-master/challenges/binaries/animals/animals_readme.txt
new file mode 100644
index 0000000..068cf0a
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/animals/animals_readme.txt
@@ -0,0 +1,2 @@
+After decades of research, we have finally managed to catalogue all
+the animals on the planet earth. Including very rare pictures!
diff --git a/Rhme-2016-master/challenges/binaries/avr_filesystem/Requête fonctionnelle.logicdata b/Rhme-2016-master/challenges/binaries/avr_filesystem/Requête fonctionnelle.logicdata
new file mode 100644
index 0000000000000000000000000000000000000000..37668f897c1417eecd660a3ae740db3534cea7ba
GIT binary patch
literal 71362
zcma&P1z=T2zrB4D+={!qySo<m0>wSJ7uVnvcX!v~?(RiOafcwqixlVEvu3R(%)j@3
zm%d@nUe9{wH+!EDD5ZS|_(k-KSgJ|aCdqzj(mf!DUu?e`p?v|T6Z=B@KKM@w9r*I2
zzt89A?-$$W7d!mz3;rWsomrF6=jZqDYd`N>Nah#TFRW+84pn<m*f0@WrcHFx=Y8|@
zcJck|c)r&#@i(7el&U3@WiFDec$engT6gH^wM^gpR?NeG!H${ZH_GovznFgCyjM}!
zH)_?AuI26SSHrJ{&;AeF`Na;s{cgB}q4WRYe<V!)Q(@|PNAPa--<w3=Obl^O?@s(;
zhw=FW>-mNJ9^0A+VjMdswtZ+ga)=GQ&CIdQcQL(UY@gl6OZ{yc$E1FKIGSbN#psXs
zPlfIpX4Y6w3uPY^Zo%vp+wYhU|63JsFz7(gs(>v)lLC4N%?O$iurBCm(7b>pK??(R
z1T7BO$&Xz@eY|W=z~-Q}LDK@32W<^n5Ku6ndQj<rhCyS3#s{np+8nUVTg}JPpa}sB
zgAN9*@%CO5@E~ZWxA$@{JLz352pSSF%lp_9v@Bp>(B7aG0quf@2CWO46|g>NL{OW6
zwgDZ21_q7u`r`r)2kj49;+<fAz?h&O0i%Pu2TTk&6m;0L_5>{t*vpR<LH&Zd<7A_Q
z1_ulc>JTt2sC~eZps@i%0=9coc6lGWgO&!Y44NFUHQ;p6mVgOC6M}jL><zdWv?t)t
zpwR(?gC+$H3|NZR<e-T`lY{yN^b45m&0G~UJg8^Dn1Dq=N4zJqF=&0jQSVuu2-@kL
zYlHVJW(Umip4{Akt=<#c?0wAhuI78+o7X0{>-+%wYID$LkIn~~>wQ1Zv$uMQd9@|T
ze7`x!yfs^W_+L}+Q$AaEzrbeRy8NUs@F#Dr<E>@A_3H^=;EoeM-{0PP#al~f^YfMP
z@=hM#I@Qlt!1LOA*QPti%L2TQ%--vD9`o|R8s2N~hg4u0Z~fWpmh{%@-gQB5?eDEQ
zy*1`%KVK>DbtUh0b8j8*&3NF=JL=6Vl+7>jzPB#-_M76d$lk{n?>b3#Kc6?t*T=hV
z!L_gVdXe|Kfyc6XYiaM=?3>Md?VT^MtGBN8_UYig&ftB-@viH8Yh7<O_fyYXfALl?
z^F{OaNaelW=FQsbeVCcvK7r=m&Bq<@T;IGbs<&SB&N|(Doy0r0cRpWkujlROE9Kp9
zPj7waF>~%^Ue|jLfqA{GjrY;Y`^e>8|Lm>%ymO`X`sOU=4B5T)y646A)*Rloc@|H-
z4|Aq0US^*2lTUuWh~E0v%f07`=bqnNyLjg?_vgKzc)q2*eaCyRdwE_HZ@uYpb3b{!
z*QvbwT<EQRy!n;AwZ6yBc;~F`b(4EuC~qC>WsAKmme)Bq#V>HOcYVOSZt1bR-fG^{
zirz;R&-dN~UoCHK?5*BC272#-FP68D_jwRF$MYL`Yk4n=;AIWH*XBI0z5TpC@}}Nu
zI_22WYW6pscV1VX`J9X7?Nh;9jThN_Z8~O-VMD#ue43lDXWsv^mU-fZzCaVL_u2pH
z>lD{-{1%$mRGgO2XMT1t-{!=4YPS6MoB3*NzJ;=jZ{pSG;Oe{Uw<RyY)pyrffBX%u
z^LRf~;hXlkKle3wIOg7$WPH;;El<1ymlu&-{++D<fJb7kp8T|p-+#Bidh+)jwmdR@
zokM<?`XAxz=g26|{GDk(f&aif0$2HQcYX!exuZG$&1B!eqcc}e{=u!jQwBvMkHJ;v
zZ<^Q-JSKDX<iFYI53c)*<@j&!hXOahHZb3GAM&G>2@4+8VqYAtnxADwc<{K)wZHti
zMI(N<e>}&Jb}<roeCFcvU(Na9JD$+-^R|u(o``t@uJXH0jR7t%spBX9Y<V)~>dD_f
zHqLkZr*QoEb>o7kWS*F-{MX46fG1&|+VN9uNeG^Xd2+{()HeyZ=B9J}3#*fYr)QqZ
z@uNpg0j{|j9KY?wRNxtzYt{L?wo3z^iCnAR|2XF@&+Ksdxk9CbFRoSoKdmg!LSJ0|
zrElrsi)Up|ewmXQz_T$Im!Ga_rtf%m$N%%F<vEyZANg+@W`Qp+r{iBeWO**;>dDXh
zE-QTPub$3-u3k3q-1OCxU;6Lt;F_DqnI9u%PVl_UwU7J~Rr7$$E8zI`2Id7X$UGlc
z`91ID2hY#EkmDzeRS>)|bL}HPdhsIQ@`^cr_sB)Ti!;|g@}m_f0bYc>l;fYBXZerJ
z)suhwY)SY<$<@>IFFU&wcxm!tT;-?AQTn^{l_8fuewyWFnd?5}muXrCehG5*<exff
zc{y_R<QGg|9)3yk3S8yqty=-SB6HoJ{5r`igX{h(JAQ?ymRDh}`;%WcQC0Xlw|bg?
zc%bD~>8mF{XWZ)Wb$`{I`3w45UY)sm^7pR(34VEU^)$a&j2hrSk*g<v;PRT_dTuqG
z`H_qM3|^DDo{#)|;p&3xzJGT7VWH}S*JiGB$R9DI0l4PYaeTiM4Z-U&uf<jV@{f(c
zHCH{|e}Tr0!RygePyV)dO~7@&`p*2m^_zk>V6LA02Wgvu>)h&T{;DySH>9tg{JAdz
z;OpFto%s!Fwg7L!T)lt&N3Fqif6W~KeED|Z&6zjmD!==k_TTLv;P^?)bO3L`T<4Jg
zDSAinrsV4B{(JVYyd}AM@`qjS3}5GN?acpNxC?k2=IY6x*QOh|?ytS$zslVmyaRLH
zpZse_dx7iRogDvcy1w9@nYZOCKi}Sd;O&@qas1IE`-A_&T<4SDq}o7mov)kYM~XiL
zygT!*T;(rVI}}`A568dNdl-06=GsSo>ea)+<*BFl?|SqR;JxUpCqHQUuix$8+nL|0
z>qziE%(ajFWt~QY%j@g-`7T=CkGXpCb1xY4-Tvz7{6*W11@BK^`^ztwYXZ2uKxcll
zlM}%QG8dPhDf5)?_#nqG_}=ot%*EwTOE(R^xK^Ei)oaU#(AO%zcd8lihdNyTjThhZ
zVeHAT^>h~e;mpP5kKa1`J3hkkCk>hd{ws6sBR};c%jK!3`5WWSgFlkKdh!q5vs~UN
zXMU?#3*e7tuAcl}w=CEGV;sL>q$TjjGS~j{120;x{l__etZ>WVk7ur){Fvu0*W3w?
z|EK>7_!F6{CqK;Zmg{_z9KYR+mGCDsS5N-Q=BvPU?kSG{vhf=5smygB@)sSkT<2C#
z?_abx>)=nLuXD)%GI9gB=FW8HH>kA{d=_){<nK<t>AUmIcKo!@ET6+%=aWBn+ve}i
zH`nnWZQ2SxkNI@2@`ohY20nwidb<D1L6*-aS5JOm-yQIE-;3Cj-}mM&@Wssa9OR!}
zu^U|Xy~OcTF5L^hl)0XR`~#8pf$P52)BI$YEMG=nJ^8W2AAqm>Ug69?e&!JPO6Ci=
z%0Ha_DELC=YaPGyv18!tnCtn-Z}H(cxSr1j$B(=J6!=Ewx<C1CMxO@P{cUpmT_etb
zZ)U!ntNds+&VuW{w>W<Nr02l5GFMOj`oApK^V#P30UIvB-_CqBSNV1B{RzH?`A)}=
zvg$JUF6Mf^@|$$O0<Pz~+wp&hat(YB^YvWiujyjBp1XSb{Mo+fI{dx#)RXT&|0cNJ
zpM%c)Z+>^c4>8yKBY$&C%k}=Kr}<xU+=YLbzIyV*HNOY0_wA@N-!G1z|M&l_>q)Na
zXF|t5nRzt+Sr_ZxZwR*zr;osZK|z551A_(y4e(wK^j_O*`)Z(<1ZRW1mg(9Ly|(7}
zxnbHdxNlP1`+f&A-R@?;51wdt5wkn$JjT&3|I@xU58lD-YwypPb|>u-GS?|JLFch~
z@cr1+neUYapUx)AwWH-GHGkRt)zMv;YqO)hZ=E6JQ`T;FwY!Dn_KuAiYzMy%3^4Ds
z`QAPSdlH-3zB#3R75u$9(SJ=c`<lOk4RaOzxny2x7wvAJdGHf3x%sg7qf^=E5PV8|
zDs?Rlc~^E<+qb)^W7hw+)zD;nCUgGaopm?%{&hEYPkZHd%{2SG?Edz>)HBgO#xm#B
zlhf>wcW63xl0Bhy?XCmxKH42Zx}x@;?b+-UGf#cnGP(V*&rP2dre*Ws&ntTuA@4P~
zp|(z`>)>f-vfcwT)429-v`g?Bd`^2_U7OkZJk=f{_c7C~5qwHLU7f@>bl1Ai|CfHB
z*t5yCXV3}E8oZC0A9DAQuk}>SYFpOS4%W3-!83wSV%p|?viGdrg8RWw*gge&Dx0dU
z-K=GM<{6oJ<}b}P+`bNeUrZMKB!Y9z3BD`a49+!8C)e)Ze?E(vQ<&MoG`Me{m}!PQ
ztvQ$O#h%+-Szq_0JGZCOKGysG$GgqG-~WHI|Lb$uWctgV!`_)WiP>Av*rb-|`DhKk
zmyqWSe)`t4Y#{ctpXYW*bLaMn=-QrM_h3AGZrfAKehsi^u(LuMdTrks>zMC@`yo$l
z?>}S`@=nZN=Gy$FCuQ~tc^=!aiD}u7|LWU)bUr;5yPDI=2}w+<_rb239()G#O1qjp
z%#|{G=jO_M*r#P*+lk7}od13;_kZu(d(#f~Jo*f`Q-hzMeJ^w#``Km;a{@CZxM_Da
ziFsx7kmt1X>`sOTpTfSfPt0&VMPq9R`#Sh)K!81&akaB`HCcJcRj)%%v9^f4L;IfC
z>A}QUcB*}4&uQ;fEphE&C)p=vzXI7kOdj&wwqd^4bFik_C*+f|j{V-w)C98zKNI6<
z2RZgx+1xPu{uyegY9~EYyNC7+-o;L`XBD-lH1}lo5B^KfMXUPeI%Lz#vezaLN$ff8
zbUho>F^N5~{a!oRrah18YcIR6y_O$xZ|mut#xgD4m)@6PQ%}L3$#6Tt-7|Pc`%2fr
zr`Idpk)84VdF++4?`LXm$c}lf6YBYx%uWyXbsDppXJcpUm9Fjks_7<G+h*TSFt+KK
z6WG;Gwm%ohv`<#g)pqT<f}i>KUG1hl&1yf)_d1=~NjvCV!G=y|PiObnRJFB}wT$6E
zIkb--{@x$2^7sB&mETG4?|Hq|y*9a+&wK6t@v%U&BJ*B{p6VB<*Cr3$#2-wVR>RER
zgS<cPg&E#!G2<9M*!$ye=EJ-;A7)m_v#CGO+v9)R&+L!=yg$koihIjdZaO-vd2RS$
zuWz`yr;wRBvtio9u#o)U-2Cx0&)0Jd72>&?J=8O+`7nFx!#H}D{}-nD^2~i2&&=07
zn$<i*JV$fCyf62D^o(3r_i23NnpLj$)-yEkiOyu+L-X2nbT8UlXEE1u|MfyV<3Z+g
z!MoPkbble|h-rpd&HjEN-UofIAP;e#|9bA`Ov=rwXKVJ=4DBPPd(izE&%FMxXJ^i0
zxY^6_|H;)eLWl2}T(h^~a?Shk@ALbQ=dQEsJm%WCI-|Mv_Q09VzW6cdUF&&kPRQpj
z-?+M;kgsu`5buGx*7Gqdo~@S|N6*u|)*dF)`Q(LU=C$rwp97|+j(KhN(1$*E^$g|f
z-ZVq^V)iz!S^uXWGkONvL)Yf>Li>cgPxW+f>X;es=epigb1pr1+*646O}Uw8_Au8&
z__?LM^<&j^yst&*nD^TBO@`+{-|TO$^$bl%&nYC6Z!*&f$;@1HfAY+#_s6_8A37V(
zV9w!v=o#z%(cbzT{J*%mSL5P+=hwr3pF5wOo}1~Jv*;ewGuQ4pL;jdBp4mh1<G=Gf
z53e~#xmL5Mo{i?}z0*9y&3tn&I+s~>CiCpgej%Tsy6PBaI_5g$9Gt^^9(cK)XUMrB
z&nIqt^|im*N1n;BuU0<ukiNL-nh*1NXx9IFuT3}P{$?L}a?N@4UW@C!b60)-7*}1h
zs%Q2x^FlsPz1QmK^Tl`}U+eSQ_&S@;s(tnBw7>4zyzl07{@-iw945nF{PAe!>BIQ?
z(4Hah$#}}O8Xhv&{g}*rn6DN3aToGEF`r|)H$6YOA<rXMtL{aPyJ`=uA<u92HTP%E
zjx&e&F@$HzXJVLo+TY#J<mmC&59Ya=eKpVcAz$mcn$Ib74$R~Gf$RUn`(fr8&s~kL
zdvdwXX&l|Zo~3y|jHhR+dvsUhxvuv3|8q4z<a5ONz56xK#O$ki<~5!RpQUD+OdaiK
z=IWl6>Bp4W-!OA+KF{>?UdZRBy-m-&cbLt&A+I&paN}zaeQnS^m^11;Cew2X)5QPZ
z_e=YF&mHH}wOP%+LqFN)fwS?o?(J&6cmwrpbk;Mo(%{DsuD$u@OzN1`oZ)}_x!Syk
zx(_qooLl!7@@#qrI*WO(=B#G@f1V$IT<D(6In18sjOM*Ct8vV#51kpa&9mXxcg;0t
z9OBJ0J>!`BGV|Tprf>EzpVy`*-(B_InElLqVY=qLcwXMVZeQ2Be_iWb?s>({8O?|8
zPjf<gI4|#4xmL4};s4(6|L|ONE}cX7_dm@KxvzQ8&9l`E%{H$2{4n$N8t3<(*}w0t
z_sraT)4i+vU#poZ&#b2NZ{}T_GblG}$RAhcJRv_%&AIV;5Mm$AG(GLDEacfuX6`X0
zGxN+0%`y8c3;A_K+<dNy>zrCmuJ^*c4msQSnv1=>A4}RN<o#>D>4wZTL-%j?Fy~Wl
zUYq@l7xKgO{<pK3uK988o<*KnbtYvY_t#8)Z7`jX`<d&IAEqDj$KZcmhkS14zRZ06
zyLsl{a`tu%^xqoRrw{Ks<Tv-<&7%^sg4f;;HhkL|Dzw@1-*3wGXG8Wj4-2kq?~6CS
zsaNcT<+@f+Yw;=J;D>fR^$#5m|K0v!*^_^yUPSP4PA>oWt4QDNAJOTZuKojfB<5kb
z%CEf5a?Mpw^Q#Pw3O_PE_2i%57!6$K`@xxip<E2`sLa)qUvsVH;mOt0{93(Z!jDF-
zp8QL<ERR60p8U%zW5JJ3uAcn*OXGm+xy5Ere#1iXz~eAiPyX!%mg~8xC;xW4`0(S>
zS5N-^(+R=#d=okIA2v%2o|t(QuJYSwNCvLwp3?C<?Mn`xin*Sz{8ukifa|%Xar}4H
zQiG>uuIDKK!^1S-F~~DG{-=KFz%w$B$yI(}uMFU^m}hnTAy+ejXJf9O{4m8bgX?`$
zPtQMWq%7ds>8mGycqhyCzNsgF%<Sy&bI^~^RsQ%KIl&V!&&^f-_%D{{VXmJ1iN|um
zPe`8E@h4Bp4W5s=dh(|<%mc2^oBWO+zivM80?hS!B!9+U%af3+r}NJmnIC>Za`oiT
zdr}ZQDS0uj@)r&)3|^dhGOqF$RV)IYoOubZ@|UeC240f6dh*l9EDoN6Ts`^eZ(3f8
zTs`@#e<%q*C3$JC^0P+#5xfj@_2h3TP#Ro6zREd%?mT6|%QII`{?5<k!Bdl0b^M)2
zD}YyHuAcnDnJa>)Ay-f5FZ|x}>g4LlFJ7k#eEs<T*_mH@M>X);%+qm|e>7=z@bt{p
z)BIz9Szd=+J^2+9)_||C8}-<eUuk_!@cPWvlmC01THyNnqMrQfH)?}7pr4tm{7aYX
zf@fjggsc2Zi|T<lWv-t5D;?^C>+4oC$G?`p0eExf>dC(zx*@o}ZUs1gV_#$N7R>ea
zN&f8s%k}k1J)Qq<wkGgf(pOLZg9**RbCS1n=08pw0N$Q?F0S(1)@}i=uX`OG|7DWa
z;GLN3>zn+)A6u@kZ=D_gZTWWayD(QzevfsQ>+7C+y8j-1+Qa{azIyUMuId1;uY28`
z`JcLX1n<sVJ^7!DcLLYf#~zOVHF9V0p3K#g@4IYyA@W|1KlqPd;P+-;n5+Cy`MZJ_
zVXmI;KTPOu;C;x|lOOhs<weQ+a+M!3TTl4?n5!p$)D+8$k*g<vbmLy|`;)6De@w>S
z;QIMt0DJOd{@oWmka<b2^5cx?53aB8gB?G?<3R8s%zt$J+3^Q~mu5c9@l)I$0zRC1
zS;tSgYACqA?vHT%CD(?5|H@oFoqy@l;o$oDVWi`yzcd1T6m#|DXU;bYyaM@n$Itfr
zXz&TlD{_^;@%UKqO3bG?{^rT!z^5`-Pk!!?mRBZMPw!ve!{gykBUev;zVQ>ltB_CU
zDnEa{iQqGst0%uenn~dLd2^=Y?@2xdd=_*4{3w6_)~Vpt$>%!$;dnE^=Q00@tNb$k
zEw8~`J)OTyxtZ|ildC8HWUpD^HOUupm47<w9PmZV)suf_$z1SS<Vzj@Lf8f1%b4ru
zclkBjSzeo5J<YF`cOm@c<m$=4(sB`a9rBf2<zM@<7<?6T_2k!YwgkK`xq9+%PFf1S
znp{2kjXqdjk6b<ZO~);VzlL1DK9Jw6?h0`I`rtSA<Tp>f5_~Ol_2dVQw7em?dh%Nj
zTMd65c_Xg!|Jt$!yfO0)T;;ca_#5~}=IY6RR&g!3e%+#;{7(JWfp4O(p8U>b*Mm1D
z-^^8hkFJ}*w=i$UResN+o5A(#o2`!DE8-ULZOqk^|FNUx`gM<bn%}?eHu&4=w{Yfv
zo3$NWzrNY&%pY`W2ly`L>S?}zj-BAG$ko&Qp-p#z?<QAI{_xDZ!CRB>;VOSjoqgbY
znYZC8e{8D#;BA@j<0^mL3(NO2S5JPlng`(P*KO*_pIr42_yPL*b)5XT6_0>-AjgIG
zT7LYvM-d$*S5JO|yOwt(KgLyl!ZpX>A7`$f{Mj*%gX`Ca>d9YN<P`V``ug>u{KXMY
zgX`CQC!P7r+MEGD#auo4>CRfNUmvQc`RQk!g@2m9dh%EK&VhF&S5N+`la~KZuAcnN
z+0Vo8My{Uxb(t=JpCRwgRsQBN7s2)G&I{!7x23!c{wMREj$a_@Rq$TSuQ-0;zbwDX
zTs_U-UF915-sI|O{@w)F!LO04C%;&Q8{mD&Z*Y}g>dsB@o6Oadf2i~=aQ(VfJ^4qX
z-v+-$Up@IpuUp=a{5Dtl<)Yk$e}}nx^2=Ygyg&I}$3GqZKKy&k)sug&^#kw$<c}Qx
z!ncRukC_K@m4ETXBk+OD|Kh6iU&;6c{0VdQ<ky>E`5<!j<kzeJ6#i3k_2l2!Z~0(y
z_2l0e{S5vya`ogl`rC5-`dmHvcb~n0|D66%uJRvN{u_K4^VeMEKfeDO{0;Nrj^FO~
zTksLg-#dPXRqwz*Fjr6WpGW%#{8w`IH2>8#%RiE<C%;SN5Aa8lf95K``@)alUzn>W
z|82NW;G@XZlmGs_<zLCwlmB7PXZWMZzj2k{=l3t*K0gc8lizp7SMV|Pynj@KZ}Pt#
z{|4^QTs`@rGy3DFma+81IexhPp}@m4AIF~j@S{V6>+gFaIDX`3VZkFZS5N+!>fylk
z_ebjK{9_Y`2aiNwJ^4`wTRxHJQcwQ)jS=8Srmvp-iTxvjPof{iIscSck->jpKH0hd
zIK3^O!dyMgpA{(@{HXNx_hFi!q)>G5>GY#J^B4NZ0*}FbrZYcPE6ZmwS5NcPevJ)3
zCjHrtzpPmt@Hx!YlfU9aT<}=*=Q@7IM)APsF;`E1)_n=UW7Ahp_rET6Lh$+Y)sw&e
zrR8zxt0#ZM&P4DR(2vWW{CtCwg2!XNh&}m*?j;9b%sjE<7wwf2JPGq9j$gb~D)6Pu
zlRAFsPHDlDF<<8RWecVQU(P(a<5!rS0XzkB^>qHzei^}6&{t3QfBKZ=De0>xze<iw
z@K@4TPk!}DS-?}#S5N*Q?=4?NUp@I34rYa)n!bASe}0n<d^P>F?8(2jBPVz|=D)Eg
zzd^EG;A@$yC%^H)JmBf+t0({N1IzXIhw90{yFM@c4D{8L-#l(U@b#Rpp8Q8K3V>&%
zzri{G;~SQ5WS)sV`F|}h2tPA(^)&x!k;34c=zIUP9^d4@oL3aw`ws}?oBsY%ewQ%C
z!1ec+>dEhN*76+m)sz3$R|3BNzB89I|DUNP!E-ZLPkyh@mh103)zkcsnSO+yhrW99
z`%bicyS+W1dh!RPD+50-{T=Md4}5L;PUiWX^AFrp7Jh!_>dE&{RStX?ef2bdSkemM
z1?cZ~=7+0V5quBxLeBh=ftA1uGgnXZBR;TvFMahie@vVz@Qct_PyV<&mhYoq)R{je
z%1`i%G2hRg{Hd2MKft`W<4;>u1AYnS>dB8Ep(gl2`s(TYvqS$3UXuPHXMU30wZRWF
z|IwMhAfOI-Y3Ax_e)5x++h1gP|21;QU;L>q{4&hdlfUFhJ#c*IouRDbull<oP&wwu
zob#{V-3a_R^YV_rW<+D~3e45h{4CEcKS5tTJ--c)o5HV1|D-cNS5R~CQ_QP6^Yg9?
z0I$YeJ<ZS8rv><F`qdpjf9aOsKQUKN{*G0a>+ieO)A{#ZY6HIpef@p7{QV2tf}iF5
zn$G;gp*n!qVy>S2(yc8&M_)b7FO#by{GaKoC;#{i%g@tSPyX@do#5A|ub%u0CoKPi
zzIyV1Kima=9s2tH1^IuZ=?1RfUuejl{6BYf2XDmuBIn4jy{#wsCFac>zwY2(;LVw<
zC;#dr%P-ScPxEhV><vGFzIyT--tPl`g?>wCe$(Flz*{j_PyU@-mS3f>p61_Q*&lvu
z`s&FK>NWuU8vQoT{1!_C!P_!dPkyV;1HrG;Z|C?=77PM!&s;tEFZ_ps-=N>c@&BGa
z4Ez`7H`$Z_y4i5>Tg<yU{y&F)1@FdOJ^4K|j0C?;Up+m)UT-b$PG3FwpX!c+e}}$$
z@;{{>4c>#kdh+{?vivT6_2m18kA>fp{yp~Ohj}y}{66!3?8y(`e<FB)=0T1>s@G)j
z2h0aK{+Lozzy~u|PxGU!wEQ7`^)x?fx2f=l&{t3X_$AZ8AJHG?%%5Cv2KaF1>dB9_
z!1BlR)zkbq?PkIsL0>)j@$$|B|BL>w&iolIXM>MquAcmvIp%;rp+Cy;6E~X+KAO3D
z@>3j|5B`+?1jkQZcOm#h=FixZpC<JpaQ*(&B*)J%Yzg>e=IY5`^~CZQ+*dt4ztvlo
z!k<E4J^7gvEdzf^Up@J2D=r70N?$$s>*B5ee?@<qbN-EMR)SAw{<m}gxnr&Zf6ZJy
z&EK*3H}Dzs-#UKbKi7i4V?N87e_+-I@Y&4YJAO&Ojo|uyH}y2X^t4UjbLf9`{3D+&
z|HNE9`Nt=2fj^i2XU8x9-g5oEn|ksq*Vzt#9)0!n{Lk*O{44iWPyX3ocfg-dUp@Kf
zYwQI7Mt=c&@_$aa2YexO{r;T%`hE9-`;#wo{6;YjfG=0hRes|emWO7(LOq_RMT8^p
zS27Rd_$@D39+vqk$8VGSIQ-Sj)zkc^Gc6BCuAc7yS-=VSYsl4;-{GX?;mOsL-zC#&
z_`i{>C;#;X%OjAhC;v_T-{G$%S5JPAF=xOdlCS3~|I<(B!8b6E%vFBh?UqMjuAcnB
z1b@QcNUolI|3J(2`-bYt_pfjf{wDhB$se-La{d0Idh)}sz6^ge{b*d}N9b_{JUa6&
zT;)eBaTR<kbM@qpT4s3+a`og#U34A(Hu9KU<wxsq13VV<?Of$Y&wmqq2Xpo0$2xNh
zJU01m$B&!sF8Chiak$E#F~#z@%+=HU8IAA3-%GBZ{6rJ(gU2J^&sBbsv=6`!Fjr50
z^4$-?<C7nD{FEaefgfS6p8V85JqAxee$??(C;1Ef7<2XHFB@!mLUQ$V{$-V)z&}o|
zp8WKiEKfwPp8VBopTR#to|vortgBvtCt?0OSNYkyzXU(STs`?Yi@yR-N`BVyb4C6e
z{2X)j<mXxV8eG3Wd%^MZw|@ivCv)}W7s&S(JURJA$1fP_9rz{Y>dD{L%JLNC>goP>
z=llo$Wpef87nxysN^<q&ADH|B{uT06T;-P<{|P)b^BY{{m#Oy|{3dht<d;qJ1w0M;
zEypkW%JSRH)stUg_&4}z$?rLSrRqNXmdSnQ>dCK?*!%x2^uDDd4|4n}k1T({Ts`^c
zD*3}tPp+Qs|6IIK;19{wlmAnH%QKLxC;w8fFz_FdXXGlsPPcI2nV3K2D!+cQ@Zisw
zt0%ufqzK@d$)7uZ!;6-`V6LA0Cha1@&qDsU<2TD28T>VK_2f7Aj{=^R{Eg!WoVNTe
zbM@pu%<%(!{l2w&y8pi>MFW3FUp@KlK3JZeTs`^i4n>Fm54n2spQn!jo`YOH`On{2
z{+?Vt`JL*<grAdKJ^62H#s>dDo{Ove_gmtE=VtzutNc$D<AZ-=p2zX~l}!kqR~|Q(
z9~d(ccxdM8Y5upKmgl3do_zmOiQ$K#pq~7}U6X+4ryq_${_u#&z{4|FPkz`=mh1P&
z)sr8gU~>2oD5xhtV%QYm1vx(=f&5W<Qi4ZfuAclceyPCq`|gn)KU$8|;8B>XCqLGt
zwBUs~KZfJSO`je-Ci5cf$&dHO@}kURIewy=nc&A}uAclkJ1j3oUp?Lb+@YD_$DyE}
z{A5ooFHT=Q`N_6qfghKGdh!=0%nDwDzIyUg$IT8Nk3vcI<Y(xa6TB4j#02s)|BxFz
z3G*Kve{F=k;H8<TaQqDyEKkW?Jzn~96vzj^41M)9KUbLi;HfC6Cx3J90^nuory-EP
z{bWJ#w9M6$pFevc@N)FklV9+&<>@G>C%@3q!tl$}Pfs9!&p$=LGcZ?A{@w#c!7I?u
z==ddG7X#14Ts`@vYm@}9NI$#dm;0*}cn;>3*ppv=^N-+_ndfx;%5lnq=VGp&{Ih*5
zuR>ov-T&Fr<>2S0pq~8dt1YieUp@J?qEv*Rhk|<YFLklJ8h!QTUoKn;eqIXd$*;4>
z^6K=}liwh8RrvWRs3-qcYs-J4ub%u{xvIg>PeDETO=enNgT8w5A7-oxzW{|=?8$%h
z&hnp`7bKA1Hto;w3o%zu{*%#`*QT$Y{O2j^z%NXpjx)dG2+Qj-S5N*gkL$rNLSH@2
ze^a?Wcs=^+$$uNa0eDdg>dAk1-}3tOixJ50yQ(q#;>;U5=MRkB47?HZ(vClPVRP^@
z%o{uY(Dnh~O_-N;{E;(SftO?6)bU3*Zw=mzd3nblcepKh1?KAU(ic5rJMiZ8)zke)
ze`k3`3hK$9oTdZ(0Q!{)<i~r~3A_sPmd^QSR__enin)676AtbIUX{LjnxDAxFW{}|
zS99hkz26nQI`cNp`~~H@fwyI@p5`xJ*#rD1`s!(ZnrJ=2+tF7~ewu5R*Px)D{B%ou
z!EaB$CV~7l?fQb(V&2g?|2qHv;GLM)ar{lq0>SGt@9g+nvJ3?8!n~g2=WR3yygqaF
zc<IZRVKDeF^cy(-uDV0O8!}f<{_fO6!MoCL<oLyt4+n3|yqk0W5>GAf&fNT0V9Yl?
zzmi)=z;DW2Jzn|_CHfV-2YvPAm##Dtycq@c<d=yz3cM%%<^=LjlpPHoz+64~r(%u)
z??u0b<DV-!9=s*<-t5W$BjN<`KFnJ=evN_?!CNy|Pkybilfe7ZZ{zrv^GpVB%UnJA
z^>R!F??=C*<2RZ#9lR6s{?7Stzqfn<bM^H6?i`!}zcYRHG{5<qnc#u+e{trw7&#lf
zD|7Yaw@x+}d?5WEj^Fl)<vp3JC%^rcdGH6(@8$UI2hIoY&0IbCFCJJvn7(?t|Cj3*
z!0$srJ^7vEE(9M!Up@J6V=M;mOJOK`@_YWU6nq%-Kmz%_uUI~ixq9;ZEM5kGIQ>D6
z-?!s(@WIU0lRqHLO7Ic%hdKVhvz8BMuAcnCvsS_XmHr6FAKYTK<;>NSALf+hBkBL@
z_+h85fj^SDdh&;VwtN(Q_4NEAzF!M}6ot|3$shB2J@^>r;|S!B+p__DJahHrPxy5s
z_*nWA9DhQMP2dxmt0#Z*Uz@?l(Vyb@Q#Wq`pUPZ4`O^cpf{&*^&GDyK*akkGxq9*w
zthamuef4zz3Hxq`KZAmL@@L<%d?J1I<R`na6aGvJlh~8L@bYf($;{^x$X~K(5BNOh
z>d9Z)VK4X;`tu!sS^j<C3z(}Xf909|;8W=@cKp>d4}dRWuAclg0SCdS(O>HLzhyfF
zzKpqg^0Q5~d^&ygbpJX3IRbw<1@+`_u74DK27UG9Z%%s*d<6yd<mVk@`Aqui$<J5&
zIQ*3q)RVt`x8<|wt0%wk_LJ~eQJBr1{Nf3I2cN@y9fAB(>&}3$XFk{QkFGigK9Bik
z$3NcvJopyo>haQ7?z-jk>8q#t6_))0e=7y`<e$290ek`d?F91Aw!a9zgSmS0tNvm6
zLi*~-uRiw@{GAlklV79tW$;DxcM-_{bH)|$-OSaKf3f*h@Wu4^IDVZe*TDBOS5JP!
zcQ?S7&_Cq(jYr=CKg@h7d-9w9d>ecj^CONQu<b7RQReE&f0+0l_;UK{>HZ%*viukY
z_2jp%d>{S_`s&GV6F&(2I0g0OKk0AzO8V-_@7Vhx{1X&bu_ynRYmdQKGe1KhzkBB=
z;Afeyar_VMo`L_y{DR|u%KIGrPv+|J(${B><!kAyr}_O_y?}p_f_n15PJao$j{ao=
z`Tkk|2EW2wJ^6zsTfUyYdh&-fdJX?71@+_)&F}_%1O00R^26183x1usdh)}kc?Z6c
z{td?;RqG${o6OadKW^&>@J;mZIsU{-pTO@k-^`x;N%1~|Z($zf_)~j*1%JR?J^Ar&
zS-zFNdb<DkE5E^iNI^aMGo$+ON20gUS5N-jPX6GJD5xht=|#)8(^pS^vIU{wKc=9b
z{DomdgYTfPp8O>(!-D@sK|T3tPg}l|zIyW0P7eqF2?h1!ulQp5F8b=p&yXbo{HGMu
zlb`8><-6%WBaokETqO9<neSmwezv-i!S^zM;rJUzMgf1xTs`?YUs}G8zIvLUdstNX
zuPE$y=5Kvs`2ptY$=_Kq2K>M2tEc&eHdua;zIyTt_lpVtH3jwL7bzPH{1E*&1o994
z5EuL{^CQmrk9CX>ew6t~$3Gb+A^0ce#~lCES<8<z|LpkZKPQ3zh4~4`zi>1u_(|qp
z9sg3g6yV>OtH(=Uow1gmqOYFrzfPT$@bw!i>dC+UYbx;5Iu}LxjjN^w55?e&diJ+z
ze0MinewMj<@`Ea*haZ~3Imd6l-tzOz)sx?{Oh))&82sV*k5^lMfw_9}pGL_7KP&_F
zbpIWGvHVZ^>dEg=BrE)I4AhhVa*^d1>8mII-I*Nl!!x+zod115F7T_&Be5s{L$=)D
zkr}9``5!-7evN(<$NzF95BwjPt0({KguLL_=|^?^L1XfRM`M1&IlupF%WpDQk9A+@
zJq6%LXP}<uhpSNt{1*LK&iqK5i-5;we%qNJIj|`B9p-Tye|(?f;BlGXb^K^|EWgKG
zJ=T3OSC@bvkAZqR|K#f>!SB;g;LK03s5E#&<`10tNkf+df5<$U<0qe49y~eoM~=Vf
zL<R82%u_mkx(SuRQ!#(y_!;U~0e{Lowd1e(xf*yH=Fc2|ZHnsP&zYxn{B_SPPsdz6
zJ-_waeuDpketO5xJD?VL2IjAv`P<h14E{IsOpafqdtLC%%-=YEvEuc>-!jkQ_$4mY
z2hYm<o#P)U)ByY+=IXKT`>}mP@N5j!)BPW7)foIe{anucQ^%Wv=Vt!FnO`|;Gw_eh
z)zkdSA1%+rKt0VrmmvWDC;IuE`4{%J0ME}{J^2@FwF3W4zmVf!N!}W~Fmv_fUwvx%
z7y3mU|Jv3z@QX56Pk#NxZNb0NSC4gHgGZJZW1yb=o0ZzZ|3+Uu`Ay4p057h9qWt@%
zI)VE!_>n!;A4csAUYdb=@*iEb+@C=i$A7$}3;eRo)sz3EU{~-^3@SMO^RV5(D=KGC
z{)=;#hh|VoJ^uXua&~w4m6@w2zq5Z2@GuP2W8K%~wB=P8s3-q*j-K$tGEh%`k1V~x
zt1<}3p8OB#`+|pOP=h`BpWj$slYx5jzwGS?KLUeVj{kLJfAF7~t0&(tc_4U126Y`j
z)KkmrF;`E1=&b|cM`BRl@xu%n1m1wTdh&-qv|N8~N<G$n!#50u-;jZN@*~6>0<J$_
zrJnpTF^7RSV(<e+`B9^e0FTO`8GG`hU$wkB1NG#`T=FaYXbb`zKW3+q;4PS|CqGWu
z(csY;w08XX=PYl-Ts`>-W{-g%gF#!zPtbBKcsu6m$)A17@|X<NW8F6|^91<q8K@^e
z`6SC@F;Gu_iiQ*6cVM8N{6z;XkIg_m`HRO+g5QyWdh%1hu{;g~_2jR3F$I1n265Sw
z|6A4R;PDuAV^9A22Q$FCGl=i_x$e#aPr$sl<L6m38@vy5^)!D=j5**58K|fE+iqCi
zmw|fn3;Zw-ej*0_o%w|q&j%mCTs`@_BP;+<%s@TO-+RIGKnCi`-#>35{3HwpI`d1M
zT?9Uexq9+T&RPtfl)+%fKXP&j_z>pm$v>HCIe0P#zdHWu11rEsGEdH){4--#f~R0G
z%JI)XUkyH*xq9+z)K~+al7V`x`)VZp4SWm(_2ge1VtFbC>dC)YWi9-%4Ahffd$Z-K
z8K@`!`nvV-$1zC5p8VU<H-V>RFqu91_m*u2pTZ!W<F{C}6+Auj8IIqo!#41l%+=HU
zM}JtJfq{CO|JU5@@MkelPky^IJHRtCnB&av7_bX`E_3zdzc^ueCI;$h{@+t}!=J}M
zJ^8O2?*Y%uV7@cI+l0N~3z(}XzkB_C;8_?fbo>va_k%BDuAcla&kllTWw6}weM1g|
zuV9{yJ^6lBj(}%pu+s6vtUCt2in)67hs8b)o`ZpUtow%FwtO`M_2h>yeFA<?2I|R=
zyzCVC8V2gg9~1dBcrFI&$sc>k^4}P!CqHW8-{I$Gpq~7gbI*dWWuTt?$)V1H=V73p
z{3*X%zK(%<^5f<@4?iyh_2eg*ashlj1NG$3{%CnV2I|S5bNEmA8yKi3fA08;;Q1MB
zWKaI$U01+2F(|~I{M0F~f){3>p8WKKuY+%9pq~7dk1Q|3Kt1`ZHr{~0g@JnVSNFdO
zUX;OB_T=aI@ecSl2F2NvpJ(Yk@DdDmJAVE`LEw9smvsCB;U0jOV!qe$i{*R_zK{8j
zj$iz%<)xYLcl;k4J%xXOxq7VojvTVQ3<LF8_Z=Pg4E{j|>d7y^?>Tr`28W&bzYlu_
zeuQ~>_T*Q6YIy|)>S_MDM6cl=WuTt?^A9br$l#bW|IdDJ;U8ySi9Pv0-?O|j1NAh&
zZmIY1PcTqV{`D1>S7D%@{Oesmz(2`AJ^2l<T3(fbdh#1C`3V0M1NG!LDfk(@8iO<J
z$!`|+3;0<E>d6nv^A)^0gY%C6=+rmxKbWg0zf}$&{?k7{F;GwQ+kCP70t5BrKh5k9
zzXpSg&iv=^Ex*KEJ^3BehlXF1!4=2v^2YM3%+-_My=FN0wHVxT{9aGOgWqQUGkfxT
zZ;1e2o53B&|GGXB_+9389RFM2$l!IE-*bFl*(l)mnX9My1J_tykAZru`}}YI06&O<
zdh$cBhzeex!2@Uh@GH^4A2L@@{)olV!5c7m<oILH#sYuLydit?$Iprl-iX0pjvxJ0
z9PlU1)sr7%T3m4b`P!$BKjmmV@Mp}`lOOM30`MjbUO9fEREfd=X5N%N`E!4@ycq-a
zSoh7Xkp%v02I|RAJ~SzKa|Umn`6&}72Y<(0J^5+YrvMLN@WJuZ^-T%>k-2*EGn7dM
z-h#m=$IloeHTY-d>d9Z-!}694)MMSZrbHU}Ul^z-Kg)8<TQN{i{)R>A;D2S%nmzeB
zFQf-=qad{XjXU{ULT3c`W3Ha+dD>XsmVtWmx6jN3-=DsE@(WJQ0^W{6SZ98bCRxG5
zF;`E1(M;LE+cOC7_{ILQJOXp|<d+<i1AYevksbfX+Bw0aFjr50>6E#^J2Lpe@yk57
zJSubb<d+|k2Yx38F&w{QmAv3FnX4zia)Nx|of*V({K`R=$7Zgc{Azs)!0*B!p5xaj
zT@XAzbM@rcj9v)*7X}F&zt(lj6Eas%e(f$r;CE$^#PRDDE()HMxq9;Jhc5=+jX^TU
zZ}5lZ$(gGszj5ml@Vhfe<@il=l>|@CTs`^CzggacK^n(zexelow9M6$-?DLO@SY4Z
zIDVUqWxz8sS5JQ1cb4~Jkje4e?Jo;IGjsLiKTA^%yf*{&^yBx{@Cx8r=&L8c%QMUS
zFi=naFWV}@&q`lC`EL_f0`JQ}J^61RS)Pr)dh&Zzt_;5)1NG#8DpwUeJN^Fb$?w~{
z8u$PPIoXpR80{zUT+G#z@9S=PAOrQ}`xmbPKR12#<PYgw6MP_pyw3dL;eH0s$6P)6
z;o4h1h=F>VA0c0D`1$FpCqGiCI^csD6maH`&RG|{AanKPkNs--5C(-DKU&uM@C!3n
zPkxM#mJel6#PMU-YXrY2bM@p;+h_SO2I}elr;Tb1zZiY><i~$y`EUm6$xl?h8T{h(
z)ssJGtK}mYs3(8!pyu#P&{t1>(nps6%0NB&Da*BlUy{Ch@)!SR`A7!p$zRf|75q~4
z)svs*mgS=us3$+|%GU6Iq_3X*<x$&!k7l5r{7jMBftRK~hCTUf3bqFy%b+ZK^4Fj1
z0A7x{dh)a9?Fc@OfqL?D`gZ~^PhUOxn{sppAJ3qoGk@E$F5s1zt0zBSmS4apFi=nP
z3w*G=GJW;r7dq4x{zL{<ocX)obOW!-Ts`@F_I3xK#Gsnv7k}9UygGCB<d@vp6MQm*
zpB%q*qCVg?n5!rM=s?S-Fi=nTf2?9(_%-RPC%^m#%cn9>PkyDC1K`)9ub%whds;q?
zfqL@KlnjLbGkx{sS6gBEbO!3luMu%D{Mz)@lYg<J<ue$lC;w7`A@J+aS5JQJ`IgUQ
zpq~8te#7C{rLUg+8!arK#XvpzH?xm`Uyr_e@*7RFd^Q91<Trai5`KO9>dC*~U=;Wq
z2I|QVN;ew30e$u4KX`5VTm}u<lm9g7c=(N&FJMppv%f4~$e^*~cS<-BeiP>E$$uGW
z`634DY5watli@d|znDGw-TGR-gn@eUd)}A|zZre?<bNzN4SXpB_2hqyG9A1*ef8w`
z{l)TS4Ahg~x5y0m0rb_AKj6Yl@Z}6zu_u4vyjkF_nX4y%NbWh{D;TtM{1H><fwyPA
zl0Eq&o6HAa#h`=ZM`^GSyd(3~jz8vr<!hL$r}K{=vj~1C`s!)^gxZV2e`C<unLl~^
zQt&R!)sr75=`!%O4Aj&7xPMvx3w`zEPp`5Z{yGNg$)CM$C3si*>d8+WXBGH*2I|RA
za>w#+^wpD}qQr0TH!$eUp8V98*Mj$9zL7oo%L=ap-^4&Y`77sc0Pjm*J^7hJZv@}W
zKt1`H&RE`$zIyV1%e4vq76$6c-_&?3cz^m^*^|HJ-8S%T3<k0%f9KCT!3Qzl?)Zg9
z>;m7xe2C*8sJs_^DDz#8Uvj`c@ZHRZJO1$>4}y<izSr@~cRvKakNHT)KfUxY_$cP;
zvF@uB`3U%a2I}el&lWlgKAOII^3R1k27Z9S7-#-Z`Hq8+Wv-t53v(<#$Ur^Kzm)SN
z{BiUTu_wQ7*3;mJ8BB8KHynQkd@}PRj(_{D<wu#Tr}=mGorOPzzIvM9{M9+|V+^J_
z^IHu61AIDj_2jos{3rNv2D2Q$?IX))GgnW3yNws&pI|V@@!R*m1U{F!dh(y&v-~6j
z^>qI)e!C2R9)0!XcZzid{1gNA<iCk}4SYWR)9lIbR_r?X?+g|?=YQYn2KXZ8>dEhU
z(eg74)YJS=VQ;}-OkX|u{rvBMpJlMznICxC@)gY0lRt3!UHIo1taSW=&F+D(Vy>S2
zAs_C8pJ(u!;}1I&1iqHJdh$n%djS3igLRHSqV7ZR^~}|iKkDTp@Cyt!IsTZPkHI%H
zS5N-9VSj=D$zY4)kE`|sd@FPH<WGF~6#OEC9gaVF!!z)m%+-@Wwcm5_OAK~7{<N|$
zz;`oOPyURXFTpP}*ys4OSG)q>&s;tEbGrTweucpS$DdR5HTXg1>dBw~=Ns^=430Sd
z!ufB(k1|(J{^GXpz^^el=J<>A`~!ZRxq9-Koq7*`oxv%`Uoq_i_-W?q$zRp<Blryl
zzdQb_%%8x|Fjr50=1G>{WT2jY{APRe1^!w3>dD_w=PURv2I|S*km?)wIr{3!&o$EW
z+YHo`pR1-1|CcN0>8mGy%MQ!$Fi=l^fi3><|Db=DJ^4EygaW_E;7|7C@9i4~{33Jp
z<QKhb`F#fJ$uGVpEc{FK)suhlMmX>w23MT<M}CO_ewDd;@=IT_`~d^?G{4;9i14q`
zS5JQVj*-A0GPv%{KRGWl_zmXj$v@pD3iu-iHyyv~tRKK{F;`E1wH8sqA2Yb^_%)A4
z2fxEyJ^2?i#Q^_{fqJ_COaEAYm%e)PYd44q{|N*2<k#O58~h%9_2l1383+6+1NG$J
zd~W%D`s&GVR3k3@XAIPn-)wVy@F4o?$-kc<0r+zU>d6lZvit#k_2jpxkP!Y02I|Rg
z87C3=L;C8;f7HkFmkiXC->ydz_>btnVo(0FWl6#RX7Cq#@?RBB4*rC>dh$Cjvivmz
z_2mE3AqD)W^wpF9W^PLGHw>OT^WW!64gP|;dh&bDwEQgt^)$bCKpOZj>8mHdZ??4H
z?-;yt=6`9N4*YNC>dF6>F+KP{3|>3_p!ylW-!NBC{@}D3!QV4@>-fV*WCnl7Ts`^W
zpIiQcfqJ_C2-~yR^U+sN{>UU*!9Ozi$C*ENKz4gR=IY6h8f5t=2Jam|+PWO@KQLEM
z{)E^$!9O!lPv@V~J-0m{ef8wWxo-Iv1|OaIahK(R|B1PJ@@GWO3;vaXdYV7GeSUjB
z`s&F~@`vT$7<_i-Cz)FS{uk!z$)6vpAh?eM)zkb%%?sP}(N|A?>JygxQTXc2Pcx+m
z{BO+FlfUev<^J^5)BIKSire#rv41W?J^7jUTOLXRd%Da#x&(Yb<plEAzOp<t^M8B%
z_os3XE)CzGeptuf^2qXV$~A}nj&kMThhqM3kG$Yo%fr)GkC(nez01Q7O<z5ofA=lR
zBT!IJ{+^W;;D@2Fp8WmADuG9&5Z*ce!AO<CBQRG_{*eV$z$4L*?D!}BtAj^j9+^G)
zr%sbI|H1LA9<KpED)S#4|7@0;mNQq6m%j5KERRM%s^kB0s22Qa%%eN=FQu*n9)r1h
zI)Cj^mh0b-R!{Tm)T#?VCVlnfU)yPU3<~PWznQ23{8;qWlizrd<uNI!C%<u}hVWz4
zS5N-EevRz@6ymZczh$YW;PIHpA&~!gh2{G9uGN$OG-3e!`1IA2-=UM``uDTdli#6W
z3-}4>t0({Ee9PlgP*485Q?21Aq@RF5{>RMiEN7mKJ^5b_wg*qnJdxvn9oqpsG4m9T
zA8Kc3@RZDxIDVL6UBHtvPv!U#H*^C}%{-aoM~&GNJUR0WjvswRFYt`aQ#gLiuD!ui
zGSB4rF^l#A&&*ssJ-;c7El)*XJzo0a&+i963;op2{8_UGfTv-e!<j$-^FZ*N%+or4
z@}`5p(=k_%m%bF42ZQILub$4oq`?sI^c3<q^OwCI3Z9p_dh%EPIvhL${Q{1^_OD;T
z3o_5hp8RZ8M}lW!t{yLa*%OWeFGOEG`I{<?2G2~Ph%<l7oiX4=nX4y1Z<(>+S?H^$
z`30Ac2QNlnJ^8z$OaRYHK|T4qFI!%mzIyVD6qyJ=8wK^`7mY9pyaavq<nQlbd3Flw
z$={!UGW?SC)stWD<TUUc6e_SMze1B4;1!wYB#>YEpPAsfm{)Q9pK8wmugW~P<6lZL
zA3P89T8>}0$^!78nX9My4c9FK&r83)<2Nb21iS%r{r3Un-|fB>JU{(Lj^C>A3h>6v
z3p(d-6MiLlA?8gS|4F`8;7ysUr}<Aqtp+blznSBA%(Vu*Idk>oziR#)coF(79RJ<;
z_24a;7j@46A<ahcV$9n({+HpK!P_z~?)U?qSzdy<dc5=nZrcLC9ewq5e*ec?!Anx;
z;LHy*U^{q6=IY507kejoDf(R;KXUio;J+~ckv;iiu3281xq7_xja|A2epmYH$&Y?%
zFL)UW-JSU{+wTYO!CXE0Q_fpnmcDwLpRoC1_&w>DCy+n;xaAd?t0zBsz2oqE(XZtA
z3-?)GnYnuMmn1(0zc+pLG(YWd%d1dOPrl!%ApBoG_n}{vK>nbe55TK2@5i3}VTm4t
z_h(++@xu+W{3qt>$q!%YFZcuKtEc%R`#k}#L1CaXzhSgE_`jSU#JrX>|8_Uae`c<p
z=HDq67ye-S>S_MnNb$gHQyAjRZ*@Ka_)z9`o%wBBB?7O<e1zk7Je~ynSLXE{zw_jz
z;0>6Mbo{>$B?BMDTs@ut^|<8V4e5_|{2u#KfRACWp8TGpQi3<4Ki2U-4@(U`j(KC}
z{9mf20dK;5yyJgOloosfbM-WTz#z+;(pQg{KEI9W;7_Elo_zoQ>A{;(nB>eK`dbF@
z$;{Q0Kde_q@aFWVIR5A*S-__<4`5IJm`+*2TQHyI_)!;R1E0=ZJ^9hvWe0Cbe}>~v
znw<lDCUf=VPidJGycPXfjz1+wF7VmR)ssK%i{-89&vE<&AM(JT%e)PH@)M8C2i}(X
z0>@AOvH<u(=ItDRVa<Zz?U}2`OW&eog}@ilS5NcPR4WYLfx;4Je!7Q6z?U*tPyWh^
zMZr7LS5NbQTT>i-8GZHSXN_3`yb}fW<Y&8S`EvT|$=^`2B>c`4)RVt?@sHpu=&L6`
zZ^Y8zT_~t0KkuKGucWV@{2gJ+!vBTBYWCz8_A3v*hPit3i%qKl-j%{S$3Hx=68L)N
z>d8O;x(awV`db{o;)`nFTbZjTziQPQ;N9u(a{QX>Yk}`(-h(~)7vua4-jlg{y!2hV
zWBDHX>dCJgqYnID6!tmu>o2bhzMr{z@^40|2i}{$dYXTyLj&*w^wpE!?1JTeD5xjD
z*}R7E57Jjpeo*K};C(5mC;#Eh#^8tOt0%wB$tK|aC>&u=ew(RH!H+UmPk#GM&B6Oq
zIN|sm|FQfebM@qRJ`ezZ0R2;r-+4?6@YBrIlmGf}%LD1Fr}KAz-U|Nj^am2i@43A-
z_#ozIocX<mv;jZMTs`@H60`#!O#ctZ?;m9O1?K9>AF!@H{2}!Jbo{_R9l$R#S5LnG
z>W<(;>0fsIP(3<<UtzAE{9(&FgAb#B&GCnK=>mS8xq9+PhVKeKoc=AxAKSV+_-*DR
z*pnaajOD*FSC5yzXfu1jze8U=`IAoc1RqJ^o-=<+<KE!+nX4y1?h(sJ(N|CN6Qu12
zKZw41@@J2>d^831<j?uJKl}&u)svrOx8-9fs3$)~l7a9a(pOLZqQRDrrJ$bt#gzxa
ze?(tB`KdQqK8}KV@-yBZ3jZ<v@dWaJyEYtr0`q6=$zQj01o(62>dD{G`B(6X6ka&~
z#zG^(Uouxuey)X<Pol4$<`?*V4E$I0Clkoub$lH76y|T8`TH|W1b@eTs^ga!Z}~Ll
z>haQ7vfd>4|Ik-Y^N)<03_hL02WS4V<Ws>vGFMN2x#5=2ps$|hS9&xZ{wMnC$v;zR
z2KY=0>d8M7ZzlL>`s&F)chB-!6uvm;ztC$o{IAT_lYg<)9Prunzd8P;sB^)6VeLQg
zQcr&EZkEr{f!Wh#{fqPA`!QEf{*8hQz~@p>PyWrY3&H*At0%uvJIm)$P)~ld(~IGU
zqW^D?|NQQLjwRspDX1qu=!@l{>8q#tEt)Nbzkq^z^4lC*4jzWSdh(y7Uje?5f_n0w
zzOg(kef8vbsJjyWA`0rs@3M0>csTlt3FN;UxE6c~^C;}e|8#df_z%pNI)2}>8^D(_
zS5JPwm>a>P(pOLOeWf;mFQ*XQneTsfGk6T<>d7BcbPM<j`s!)^uWh%3$E3fKK>nya
zJHS^lkLAoCH*FVqZ0738kM_m#)%4ZV{OHGa!;eE>J^2$e?*U&!K|T3X$L<4<OJ6<t
zao<?}8wK^`$J@Ifemwf>$)Azx0Qg!8>dBuo^bmM_`s&F~^2G9W6x5TSbjxA*3FxaQ
ze?h_{;Oi-<Cx3C@W8ewtt0zCrUCTF6P)~lEHOJv6qOYF(<uOixZ=|4}{MEml0#8g|
zJ^7ihSiXsZdh)X@J`Fz!ef8w8jqp48W(w-b-<<m#cvAXX2;^_|od@5_JQ;iPcQm;G
zo}9UQ@(Ufcd>aMz<QJa!C;Sxj)sw&HAIrB>P*47W+Lz&{q_3X*l6x%QK|wwFrGC8v
zKNWrT<R5-+`A!Pz$v<A@I{ei1)stU-v*o)es3*Td;0^d`=&L8cVuhRFyD6k)PyV^m
zx53jfS5N*=CGLXnp^(Y(FBiTKo|(CN^6Q6w2)>toPRDN?@EAN7^L^~ezjMO!{mj+l
zrSI;Pzu@Plub%vXBTv8&P{`}dZ(08tcs}Op$$zxp@`Lo%)BNYpUc%2${}6%vm)l-}
zA7);_ng2Te8}Ne6)sx?CfaOQ%tEc(h%D;tQh`xIA|5<DKQ3~qG{}}B({KE9rli#<y
z<;N(fC%<3u5Aci7S5N-erIsJ3pq~8De|&~tl>P|<`C;aM0YAyS7<=*~o$&o`eyLQP
z`6<VbJjD<EH1iUUAMITz@RH2c)BK6`LWBQKUp>vAm?jK(Df;Tkk2TuzGZfU5pI}>f
z_&?G=OCUet;0WO7n3s0WpX7cd@G{KRlRv*)WbpI!)zkb1v7&&NrLUg+6um9~gMxbU
z(_D)RzZ`w_<S#204g3NH_2e&)6dk-gef8w0?`-*>6x5TSbxth!73g0ike|I(Z179W
zE3zj)*YUXEm6)q1e@m8l;Fl?=Cx6Qa%PZ4YPkz2e@!?;gpq~7K`x1gzp|76&-Ki6S
zU!|a){5>x%uS#D%`9*6bhJTHMdh$zdO$uI({&fQRM>Zq}zrnmFd-5y%mJ+-cbM@q(
zUXdF7CWX3=Uwuhh@OsSElYg;o2Jl<-n>hZ}Q<=b<GQZ89{Q5aEgWqAU9xr_jzF6Lj
zzIyU+XU+=$E`<PR{@sJwz*{g^PkyuX*}?D8S5Na>j?4+(lD>NKAHT5tJ_YsUKi-iG
zek=Ow$#0u1H+T>Q_2hRPm>0Y?{Raf{|L&U~{2}x9?8)!mvmkf}=IY7s^+RFsM-)0c
z{(u6-z`HPi?92}gQyly+=D#@pu<WJ4yE1>`_~DxV2>z6LcgG*ypbU5q=IZJEKh!A)
z{)~Pf$B*%%Ja}K`>dB9_qXPJI`u!X~*3gRJ{h6yLKTg$3;4kP8aQs;ns(=SFS5JQ8
zGS$Fe(jVgZ$!}B#AIe-k`6-tF1pbQtFvm~%OAYYh%+-^hCPFRnzv+*3{0wbsgO6hV
znmzfe&shG3xq7_xt)5v2{%HE@$<KPSF8EstW1acgo74v%$6P)6x&CPY{*L}c$In;0
zG593r|F9>2`)<qMGgpt7z8xc)z@JQCJ^6*VHwFJdVX8B~XqD#R)0nF#f8Qp{KhjrE
z^AE*t34c0$_2mE9$MR1U)RSMjbSwBX=&L9H=qk%UQ&3O-=}T?l&!qp2K>peG?ZJKg
z^Zj$!lYcH>2k^Pf)sufdR7Y?>`tuzB!ta*PXRe<7i!(aG_ou(W@#{|M0=`f=d-AV-
zv^+HPe|!A>z3Yd6fxn2pdh&18>joZ%{!-1Me{WY0@MX-yI`i)j?+G4``Eti^HMlqU
z3g+P*|Is7MBQRG_&;PHDec-R8ub$4|_I_XRi1b%G^IxqT0KSHKWM}@{NQ1zmFyG+#
z?-vXP-^lz2$M1E12zXTHn;rk#^x@!Jm`8Vfzvd&rV=&+9_(K|v1mDIyrsEIGFbX^t
z^X-m5?5*WHn5(DfH)7vt__68lbo?KNj|1PuJgzf;+}82n@tE&%{Mh{`f$wFW!13dh
zn+%?i`98;we`^Z(e&&fBe@3aP;E9>5r_Y~6-KK#bps$|pKXI|?;7RBobmk|CGz0t)
zbM@pWy=Zw-`iC8V(Yaahk1$W>oPSBnIpE2eA9wr}$L4{bV4lM9GiI3&o|3tGy8nzH
zEI&zKJ)Qrz^b6sqqJP?%zi#g$@ZXuMCqL)Q#o(#wpLP6v)s}&uW1hx2f1wR4z|%6n
z==ep;t^&WrJe}j0xVaiUJ@c!MU%Kd8@N3L7IDXlP>%cQIzwY>D|FrxDbM<upCkm{G
zpNYPDdj6I2Yy`haKeIExir*&iEX;2?^Ur_Y41Sw=R>!|^bPISk=64+b!o;oMcbTiF
z^VfQBd3O5h>HPIl?Sy}iehz1TgBO<PWPab7-(bfs_(9Co)BIaWcZ27mub$>NO}H2Q
z0sY+0{QDL5f#+fV$eI7}&VKO6%+=HUmSqlr=cTWn=C_V<5d1It>d9|=!}5IepE&b7
zM>q=qDf5EP`Mb_L240By3&-!;<~aCE=IUvF_uMDI3)6q)_&t3m!T)Bip8Vb?EiXd<
zwc~&KbPE0(=IY7+a^y64QTlHkKk%R5!QU}gPrm=_v*5+(e{}q?HU0qq#Jo6r@<(j9
zyaaRg^!|+)asmEl`s&G#wE0i)lJvhi^P^O_1pbY=dh*Auv%D02^)!E6pUd!l;p{J{
z)RQ0mj^#hnS5JPd64&7S(J#ZE{He<<FUwp#`3dvig6~hiyyMSpeH*+2^U&<cPnqo=
zco^oD9Dnf?%PTWiPk!nn_u+@7ub$4Ic0v$%75d?v`5Dqa1P{-=sxyDpXv?cHS5Nb^
zj(Gh4)pEA6O;vFi?=8#RV2Ut1l`*`4%z!UzZ`Q8cl+q1{AcH|G5=W?)(yc9{N;hFc
z0zr8d$D0~WAjX6bzC=IFn21?oFwtl<WMYuW2VY`bg1RUK3<-+y-2ZtVLr#o-vfYw%
zpWpMl|I^bn>8FZc4u84f2NORDPaq#}%nwcbS@;Cx>~a6jkD4dpR~UZyoiXvRN6sGo
z=%QbQKLr0q!;c1j6+Q_$d-R9zKQDX*{7S=*Ra_K)6Y`bl(f?qB=KS4A_IQ46<1ULI
zfZu8OpJX*(g`7S5?N_ddUj=`);h*~L58)}~Q;hw8apJ1*YUJ#3|B2c^g+B_PJ<d;F
z(0nR<_UL~#<{R-onJ#?Wn1A+NOZar;?9uP6@e5xApFPg+Jg4~#`0UY7Z7mT$4S$v~
zKmBc~@LJ?+(W5^)|2p9r<m_?&=)^MNcfe<les*5D@GkhXjrsXA<Au*b&K~`-<_W^P
z;j_p2W2F_s?}X1D{X&oCS@`VHFP^+X{JY@i(W8ISnJ9c6a`x!=e>hqA-SF2N{_mG6
zg%^<5p+|q)aFy^N^2ZH-$JASeZ$KV4{9SKP5gtKaH2kt#s)hF=XOHvuRn`b^fZu2M
zgWqWW1oEgcfAIBb;x{5^kLP!w?>6BZ;Wrunp_nba8996OpZ{{Y@J;aN8vYBf%n%+!
z&K~`$(wV~h;j_orfAcBL=fP)>{!5YD#UFsr9{r;))(Vfqe-b_VHCHv?f}B12$M(+=
zzXkqQ!=H6Y^KHo4qyNUvd&F;rzuoZbwg-hjg?s^e^y?Ofgg=0sJ??*KNb{%Rvqyhu
zizEI*`0UY-^w$gD0l(dtA88E>UxJ)H`o~|>d?$SNIRAKWMEs@j*`q&P9u>X|{&Hjf
ziF}jr1oGYJ(T{(w`5xr#aem8@X7Q8o*`xo_XZH%<3x9<%|6_Nq@Q0DJNB`5yG2zd^
zf5h-dR<;Q5M8411f5-cpKZ~3_?tj_dR`FNCXOHtwzc*j_ApF(F{4-12gr|_RNB`{T
z0^$4NuQB|u+ZG8=BR^p5KlP^O2a&VK{iilPDE?ab>~a40uPzpT2!59_|A+gQ2=7MD
z9{sLknjePG9_OEXxkLOceD>()OO^?L4nBMI)mH;cJ$#nm3Y2|!+P~+*$XnGa`g`rs
zYcK!3=PU7LPS&V<`h8YKymz3GwiB6R&h0U-6wW)2-774&+3m|cR%mK+i|K4`W5x~z
zZ6|Ce+@6e^k(=my#0zfEz~)TRRybsb8XN2D8=}$rh|>^k3_FnqM*%N)f<Zf~R^C<6
zd;Tx8)TDo$B`5E_{u1@{F8<>zyz`%FC9Qxp?%H!!spkf~zcRH_kMl7rsaL{0akhx^
l-ddBBx%Ih1x83d**QrD5aC1e=9}lU2N8L!9>TOQS@-NIu{?Gsb

literal 0
HcmV?d00001

diff --git a/Rhme-2016-master/challenges/binaries/avr_filesystem/avr_filesystem_readme.txt b/Rhme-2016-master/challenges/binaries/avr_filesystem/avr_filesystem_readme.txt
new file mode 100644
index 0000000..d46b0f7
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/avr_filesystem/avr_filesystem_readme.txt
@@ -0,0 +1,26 @@
+We don't remember why, but we wanted a file system on an
+AVR328p. After the system was completed we discovered that it lacked
+basic security. A couple of beers later we came up with what we think
+is a revolutionary way to do file system permissions. It is now your
+task to fill in our shoes and test its security.
+
+The filesystem allows you to request the contents of one or more
+available files by using the following format:
+
+token#<filename>[:<filename>]
+
+So for example, a request would be:
+
+933d86ae930c9a5d6d3a334297d9e72852f05c57#cat.txt:finances.csv
+
+Some example files (token | call):
+
+96103df3b928d9edc5a103d690639c94628824f5 | cat.txt
+933d86ae930c9a5d6d3a334297d9e72852f05c57 | cat.txt:finances.csv
+83f86c0ba1d2d5d60d055064256cd95a5ae6bb7d | cat.txt:finances.csv:joke.txt
+ba2e8af09b57080549180a32ac1ff1dde4d30b14 | cat.txt:joke.txt
+0b939251f4c781f43efef804ee8faec0212f1144 | finances.csv
+4b0972ec7282ad9e991414d1845ceee546eac7a1 | finances.csv:joke.txt
+715b21027dca61235e2663e59a9bdfb387ca7997 | joke.txt
+
+Can you access any file you're not supposed to?
diff --git a/Rhme-2016-master/challenges/binaries/avr_filesystem/file_system.py b/Rhme-2016-master/challenges/binaries/avr_filesystem/file_system.py
new file mode 100644
index 0000000..4266467
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/avr_filesystem/file_system.py
@@ -0,0 +1,25 @@
+import serial
+
+ser = serial.Serial("COM7", 19200, timeout=0.1)
+
+#def read_until(until):
+#	out = ()
+#	while 'until' != 'out':
+#		out = (ser.read(1000))
+#	return out
+
+def read_until(something):
+	output = ()
+	while something not in output:
+		output = (ser.read(124000))
+		#print (output)
+	return output
+
+print ("__Attente de la réponse du board")
+print ((read_until(b'>>')).decode())
+
+ser.write(('933d86ae930c9a5d6d3a334297d9e72852f05c57#cat.txt:finances.csv\r\n').encode())
+print ("__Attaque")
+
+print ("__Attente de la réponse après l'attaque")
+print (((read_until(b'\r\n\r\n'))).decode())
diff --git a/Rhme-2016-master/challenges/binaries/avr_filesystem/untitled.csv b/Rhme-2016-master/challenges/binaries/avr_filesystem/untitled.csv
new file mode 100644
index 0000000..5128978
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/avr_filesystem/untitled.csv
@@ -0,0 +1,375 @@
+Time [s], Analyzer Name, Decoded Protocol Result
+3.352752850000000,Async Serial,\r (0x0D)
+3.353272540000000,Async Serial,\n (0x0A)
+3.353792220000000,Async Serial,\r (0x0D)
+3.354311910000000,Async Serial,\n (0x0A)
+3.354831600000000,Async Serial,R (0x52)
+3.355351280000000,Async Serial,H (0x48)
+3.355870970000000,Async Serial,M (0x4D)
+3.356390650000000,Async Serial,e (0x65)
+3.356910340000000,Async Serial,O (0x4F)
+3.357430030000000,Async Serial,S (0x53)
+3.357949710000000,Async Serial,' ' (0x20)
+3.358469400000000,Async Serial,f (0x66)
+3.358989080000000,Async Serial,i (0x69)
+3.359508770000000,Async Serial,l (0x6C)
+3.360028460000000,Async Serial,e (0x65)
+3.360548140000000,Async Serial,' ' (0x20)
+3.361067830000000,Async Serial,A (0x41)
+3.361587510000000,Async Serial,P (0x50)
+3.362107200000000,Async Serial,I (0x49)
+3.362626890000000,Async Serial,\r (0x0D)
+3.363146570000000,Async Serial,\n (0x0A)
+3.363666260000000,Async Serial,F (0x46)
+3.364185940000000,Async Serial,i (0x69)
+3.364705630000000,Async Serial,l (0x6C)
+3.365225320000000,Async Serial,e (0x65)
+3.365745000000000,Async Serial,s (0x73)
+3.366264690000000,Async Serial,' ' (0x20)
+3.366784370000000,Async Serial,i (0x69)
+3.367304060000000,Async Serial,n (0x6E)
+3.367823750000000,Async Serial,' ' (0x20)
+3.368343430000000,Async Serial,s (0x73)
+3.368863120000000,Async Serial,y (0x79)
+3.369382800000000,Async Serial,s (0x73)
+3.369902490000000,Async Serial,t (0x74)
+3.370422180000000,Async Serial,e (0x65)
+3.370941860000000,Async Serial,m (0x6D)
+3.371461550000000,Async Serial,: (0x3A)
+3.371981240000000,Async Serial,\r (0x0D)
+3.372500920000000,Async Serial,\n (0x0A)
+3.373020610000000,Async Serial,\r (0x0D)
+3.373540290000000,Async Serial,\n (0x0A)
+3.374059980000000,Async Serial,d (0x64)
+3.374579670000000,Async Serial,r (0x72)
+3.375099350000000,Async Serial,w (0x77)
+3.375619040000000,Async Serial,x (0x78)
+3.376138720000000,Async Serial,r (0x72)
+3.376658410000000,Async Serial,w (0x77)
+3.377178100000000,Async Serial,x (0x78)
+3.377697780000000,Async Serial,r (0x72)
+3.378217470000000,Async Serial,- (0x2D)
+3.378737160000000,Async Serial,x (0x78)
+3.379256840000000,Async Serial,' ' (0x20)
+3.379776530000000,Async Serial,r (0x72)
+3.380296210000000,Async Serial,e (0x65)
+3.380815900000000,Async Serial,m (0x6D)
+3.381335580000000,Async Serial,o (0x6F)
+3.381855270000000,Async Serial,t (0x74)
+3.382374960000000,Async Serial,e (0x65)
+3.382894640000000,Async Serial,' ' (0x20)
+3.383414330000000,Async Serial,r (0x72)
+3.383934020000000,Async Serial,e (0x65)
+3.384453700000000,Async Serial,m (0x6D)
+3.384973390000000,Async Serial,o (0x6F)
+3.385493070000000,Async Serial,t (0x74)
+3.386012760000000,Async Serial,e (0x65)
+3.386532450000000,Async Serial,' ' (0x20)
+3.387052130000000,Async Serial,4 (0x34)
+3.387571820000000,Async Serial,0 (0x30)
+3.388091510000000,Async Serial,9 (0x39)
+3.388611190000000,Async Serial,6 (0x36)
+3.389130880000000,Async Serial,' ' (0x20)
+3.389650560000000,Async Serial,s (0x73)
+3.390170250000000,Async Serial,e (0x65)
+3.390689940000000,Async Serial,p (0x70)
+3.391209620000000,Async Serial,' ' (0x20)
+3.391729310000000,Async Serial,' ' (0x20)
+3.392248990000000,Async Serial,1 (0x31)
+3.392768680000000,Async Serial,' ' (0x20)
+3.393288370000000,Async Serial,. (0x2E)
+3.393808050000000,Async Serial,\r (0x0D)
+3.394327740000000,Async Serial,\n (0x0A)
+3.394847420000000,Async Serial,d (0x64)
+3.395367110000000,Async Serial,r (0x72)
+3.395886800000000,Async Serial,w (0x77)
+3.396406480000000,Async Serial,x (0x78)
+3.396926170000000,Async Serial,r (0x72)
+3.397445850000000,Async Serial,w (0x77)
+3.397965540000000,Async Serial,x (0x78)
+3.398485230000000,Async Serial,r (0x72)
+3.399004910000000,Async Serial,- (0x2D)
+3.399524600000000,Async Serial,x (0x78)
+3.400044290000000,Async Serial,' ' (0x20)
+3.400563970000000,Async Serial,r (0x72)
+3.401083660000000,Async Serial,e (0x65)
+3.401603340000000,Async Serial,m (0x6D)
+3.402123030000000,Async Serial,o (0x6F)
+3.402642720000000,Async Serial,t (0x74)
+3.403162400000000,Async Serial,e (0x65)
+3.403682090000000,Async Serial,' ' (0x20)
+3.404201780000000,Async Serial,r (0x72)
+3.404721460000000,Async Serial,e (0x65)
+3.405241150000000,Async Serial,m (0x6D)
+3.405760830000000,Async Serial,o (0x6F)
+3.406280520000000,Async Serial,t (0x74)
+3.406800210000000,Async Serial,e (0x65)
+3.407319890000000,Async Serial,' ' (0x20)
+3.407839580000000,Async Serial,4 (0x34)
+3.408359260000000,Async Serial,0 (0x30)
+3.408878950000000,Async Serial,9 (0x39)
+3.409398640000000,Async Serial,6 (0x36)
+3.409918320000000,Async Serial,' ' (0x20)
+3.410438010000000,Async Serial,s (0x73)
+3.410957700000000,Async Serial,e (0x65)
+3.411477380000000,Async Serial,p (0x70)
+3.411997070000000,Async Serial,' ' (0x20)
+3.412516750000000,Async Serial,' ' (0x20)
+3.413036440000000,Async Serial,1 (0x31)
+3.413556130000000,Async Serial,' ' (0x20)
+3.414075810000000,Async Serial,. (0x2E)
+3.414595500000000,Async Serial,. (0x2E)
+3.415115180000000,Async Serial,\r (0x0D)
+3.415634870000000,Async Serial,\n (0x0A)
+3.416154560000000,Async Serial,- (0x2D)
+3.416674240000000,Async Serial,r (0x72)
+3.417193930000000,Async Serial,- (0x2D)
+3.417713610000000,Async Serial,- (0x2D)
+3.418233300000000,Async Serial,r (0x72)
+3.418752990000000,Async Serial,- (0x2D)
+3.419272670000000,Async Serial,- (0x2D)
+3.419792360000000,Async Serial,r (0x72)
+3.420312040000000,Async Serial,- (0x2D)
+3.420831730000000,Async Serial,- (0x2D)
+3.421351420000000,Async Serial,' ' (0x20)
+3.421871100000000,Async Serial,r (0x72)
+3.422390790000000,Async Serial,e (0x65)
+3.422910480000000,Async Serial,m (0x6D)
+3.423430160000000,Async Serial,o (0x6F)
+3.423949850000000,Async Serial,t (0x74)
+3.424469530000000,Async Serial,e (0x65)
+3.424989220000000,Async Serial,' ' (0x20)
+3.425508910000000,Async Serial,r (0x72)
+3.426028590000000,Async Serial,e (0x65)
+3.426548280000000,Async Serial,m (0x6D)
+3.427067970000000,Async Serial,o (0x6F)
+3.427587650000000,Async Serial,t (0x74)
+3.428107340000000,Async Serial,e (0x65)
+3.428627020000000,Async Serial,' ' (0x20)
+3.429146710000000,Async Serial,' ' (0x20)
+3.429666400000000,Async Serial,' ' (0x20)
+3.430186080000000,Async Serial,8 (0x38)
+3.430705770000000,Async Serial,7 (0x37)
+3.431225460000000,Async Serial,' ' (0x20)
+3.431745140000000,Async Serial,s (0x73)
+3.432264830000000,Async Serial,e (0x65)
+3.432784510000000,Async Serial,p (0x70)
+3.433304200000000,Async Serial,' ' (0x20)
+3.433823890000000,Async Serial,1 (0x31)
+3.434343570000000,Async Serial,4 (0x34)
+3.434863260000000,Async Serial,' ' (0x20)
+3.435382940000000,Async Serial,c (0x63)
+3.435902630000000,Async Serial,a (0x61)
+3.436422320000000,Async Serial,t (0x74)
+3.436942000000000,Async Serial,. (0x2E)
+3.437461690000000,Async Serial,t (0x74)
+3.437981370000000,Async Serial,x (0x78)
+3.438501060000000,Async Serial,t (0x74)
+3.439020750000000,Async Serial,\r (0x0D)
+3.439540430000000,Async Serial,\n (0x0A)
+3.440060120000000,Async Serial,- (0x2D)
+3.440579800000000,Async Serial,r (0x72)
+3.441099490000000,Async Serial,- (0x2D)
+3.441619180000000,Async Serial,- (0x2D)
+3.442138860000000,Async Serial,r (0x72)
+3.442658550000000,Async Serial,- (0x2D)
+3.443178240000000,Async Serial,- (0x2D)
+3.443697920000000,Async Serial,r (0x72)
+3.444217610000000,Async Serial,- (0x2D)
+3.444737290000000,Async Serial,- (0x2D)
+3.445256980000000,Async Serial,' ' (0x20)
+3.445776670000000,Async Serial,r (0x72)
+3.446296350000000,Async Serial,e (0x65)
+3.446816040000000,Async Serial,m (0x6D)
+3.447335720000000,Async Serial,o (0x6F)
+3.447855410000000,Async Serial,t (0x74)
+3.448375100000000,Async Serial,e (0x65)
+3.448894780000000,Async Serial,' ' (0x20)
+3.449414470000000,Async Serial,r (0x72)
+3.449934160000000,Async Serial,e (0x65)
+3.450453840000000,Async Serial,m (0x6D)
+3.450973530000000,Async Serial,o (0x6F)
+3.451493210000000,Async Serial,t (0x74)
+3.452012900000000,Async Serial,e (0x65)
+3.452532590000000,Async Serial,' ' (0x20)
+3.453052270000000,Async Serial,' ' (0x20)
+3.453571960000000,Async Serial,' ' (0x20)
+3.454091640000000,Async Serial,4 (0x34)
+3.454611330000000,Async Serial,7 (0x37)
+3.455131020000000,Async Serial,' ' (0x20)
+3.455650700000000,Async Serial,s (0x73)
+3.456170390000000,Async Serial,e (0x65)
+3.456690080000000,Async Serial,p (0x70)
+3.457209760000000,Async Serial,' ' (0x20)
+3.457729450000000,Async Serial,1 (0x31)
+3.458249130000000,Async Serial,6 (0x36)
+3.458768820000000,Async Serial,' ' (0x20)
+3.459288510000000,Async Serial,f (0x66)
+3.459808190000000,Async Serial,i (0x69)
+3.460327880000000,Async Serial,n (0x6E)
+3.460847560000000,Async Serial,a (0x61)
+3.461367250000000,Async Serial,n (0x6E)
+3.461886940000000,Async Serial,c (0x63)
+3.462406620000000,Async Serial,e (0x65)
+3.462926310000000,Async Serial,s (0x73)
+3.463446000000000,Async Serial,. (0x2E)
+3.463965680000000,Async Serial,c (0x63)
+3.464485370000000,Async Serial,s (0x73)
+3.465005050000000,Async Serial,v (0x76)
+3.465524740000000,Async Serial,\r (0x0D)
+3.466044430000000,Async Serial,\n (0x0A)
+3.466564110000000,Async Serial,- (0x2D)
+3.467083800000000,Async Serial,r (0x72)
+3.467603480000000,Async Serial,- (0x2D)
+3.468123170000000,Async Serial,- (0x2D)
+3.468642860000000,Async Serial,r (0x72)
+3.469162540000000,Async Serial,- (0x2D)
+3.469682230000000,Async Serial,- (0x2D)
+3.470201910000000,Async Serial,r (0x72)
+3.470721600000000,Async Serial,- (0x2D)
+3.471241290000000,Async Serial,- (0x2D)
+3.471760970000000,Async Serial,' ' (0x20)
+3.472280660000000,Async Serial,r (0x72)
+3.472800340000000,Async Serial,e (0x65)
+3.473320030000000,Async Serial,m (0x6D)
+3.473839720000000,Async Serial,o (0x6F)
+3.474359400000000,Async Serial,t (0x74)
+3.474879090000000,Async Serial,e (0x65)
+3.475398780000000,Async Serial,' ' (0x20)
+3.475918460000000,Async Serial,r (0x72)
+3.476438150000000,Async Serial,e (0x65)
+3.476957830000000,Async Serial,m (0x6D)
+3.477477520000000,Async Serial,o (0x6F)
+3.477997210000000,Async Serial,t (0x74)
+3.478516890000000,Async Serial,e (0x65)
+3.479036580000000,Async Serial,' ' (0x20)
+3.479556270000000,Async Serial,' ' (0x20)
+3.480075950000000,Async Serial,' ' (0x20)
+3.480595640000000,Async Serial,' ' (0x20)
+3.481115320000000,Async Serial,3 (0x33)
+3.481635010000000,Async Serial,' ' (0x20)
+3.482154700000000,Async Serial,s (0x73)
+3.482674380000000,Async Serial,e (0x65)
+3.483194070000000,Async Serial,p (0x70)
+3.483713760000000,Async Serial,' ' (0x20)
+3.484233440000000,Async Serial,1 (0x31)
+3.484753130000000,Async Serial,4 (0x34)
+3.485272810000000,Async Serial,' ' (0x20)
+3.485792500000000,Async Serial,j (0x6A)
+3.486312190000000,Async Serial,o (0x6F)
+3.486831870000000,Async Serial,k (0x6B)
+3.487351560000000,Async Serial,e (0x65)
+3.487871240000000,Async Serial,. (0x2E)
+3.488390930000000,Async Serial,t (0x74)
+3.488910620000000,Async Serial,x (0x78)
+3.489430300000000,Async Serial,t (0x74)
+3.489949990000000,Async Serial,\r (0x0D)
+3.490469670000000,Async Serial,\n (0x0A)
+3.490989360000000,Async Serial,- (0x2D)
+3.491509050000000,Async Serial,r (0x72)
+3.492028730000000,Async Serial,w (0x77)
+3.492548420000000,Async Serial,- (0x2D)
+3.493068100000000,Async Serial,- (0x2D)
+3.493587790000000,Async Serial,- (0x2D)
+3.494107480000000,Async Serial,- (0x2D)
+3.494627160000000,Async Serial,- (0x2D)
+3.495146850000000,Async Serial,- (0x2D)
+3.495666540000000,Async Serial,- (0x2D)
+3.496186220000000,Async Serial,' ' (0x20)
+3.496705910000000,Async Serial,r (0x72)
+3.497225590000000,Async Serial,o (0x6F)
+3.497745280000000,Async Serial,o (0x6F)
+3.498264970000000,Async Serial,t (0x74)
+3.498784650000000,Async Serial,' ' (0x20)
+3.499304340000000,Async Serial,' ' (0x20)
+3.499824030000000,Async Serial,' ' (0x20)
+3.500343710000000,Async Serial,r (0x72)
+3.500863400000000,Async Serial,o (0x6F)
+3.501383080000000,Async Serial,o (0x6F)
+3.501902770000000,Async Serial,t (0x74)
+3.502422460000000,Async Serial,' ' (0x20)
+3.502942140000000,Async Serial,' ' (0x20)
+3.503461830000000,Async Serial,' ' (0x20)
+3.503981520000000,Async Serial,' ' (0x20)
+3.504501200000000,Async Serial,' ' (0x20)
+3.505020890000000,Async Serial,3 (0x33)
+3.505540570000000,Async Serial,7 (0x37)
+3.506060260000000,Async Serial,' ' (0x20)
+3.506579950000000,Async Serial,j (0x6A)
+3.507099630000000,Async Serial,a (0x61)
+3.507619320000000,Async Serial,n (0x6E)
+3.508139000000000,Async Serial,' ' (0x20)
+3.508658690000000,Async Serial,' ' (0x20)
+3.509178380000000,Async Serial,5 (0x35)
+3.509698060000000,Async Serial,' ' (0x20)
+3.510217750000000,Async Serial,p (0x70)
+3.510737440000000,Async Serial,a (0x61)
+3.511257120000000,Async Serial,s (0x73)
+3.511776810000000,Async Serial,s (0x73)
+3.512296490000000,Async Serial,w (0x77)
+3.512816180000000,Async Serial,d (0x64)
+3.513335870000000,Async Serial,\r (0x0D)
+3.513855550000000,Async Serial,\n (0x0A)
+3.514375240000000,Async Serial,- (0x2D)
+3.514894920000000,Async Serial,r (0x72)
+3.515414610000000,Async Serial,w (0x77)
+3.515934300000000,Async Serial,- (0x2D)
+3.516453980000000,Async Serial,- (0x2D)
+3.516973670000000,Async Serial,- (0x2D)
+3.517493350000000,Async Serial,- (0x2D)
+3.518013040000000,Async Serial,- (0x2D)
+3.518532730000000,Async Serial,- (0x2D)
+3.519052410000000,Async Serial,- (0x2D)
+3.519572100000000,Async Serial,' ' (0x20)
+3.520091780000000,Async Serial,r (0x72)
+3.520611470000000,Async Serial,o (0x6F)
+3.521131160000000,Async Serial,o (0x6F)
+3.521650840000000,Async Serial,t (0x74)
+3.522170530000000,Async Serial,' ' (0x20)
+3.522690220000000,Async Serial,' ' (0x20)
+3.523209900000000,Async Serial,' ' (0x20)
+3.523729590000000,Async Serial,r (0x72)
+3.524249270000000,Async Serial,o (0x6F)
+3.524768960000000,Async Serial,o (0x6F)
+3.525288650000000,Async Serial,t (0x74)
+3.525808330000000,Async Serial,' ' (0x20)
+3.526328020000000,Async Serial,' ' (0x20)
+3.526847710000000,Async Serial,' ' (0x20)
+3.527367390000000,Async Serial,' ' (0x20)
+3.527887080000000,Async Serial,' ' (0x20)
+3.528406760000000,Async Serial,' ' (0x20)
+3.528926450000000,Async Serial,8 (0x38)
+3.529446140000000,Async Serial,' ' (0x20)
+3.529965820000000,Async Serial,j (0x6A)
+3.530485510000000,Async Serial,a (0x61)
+3.531005200000000,Async Serial,n (0x6E)
+3.531524880000000,Async Serial,' ' (0x20)
+3.532044570000000,Async Serial,' ' (0x20)
+3.532564250000000,Async Serial,1 (0x31)
+3.533083940000000,Async Serial,' ' (0x20)
+3.533603630000000,Async Serial,p (0x70)
+3.534123310000000,Async Serial,e (0x65)
+3.534643000000000,Async Serial,p (0x70)
+3.535162680000000,Async Serial,p (0x70)
+3.535682370000000,Async Serial,e (0x65)
+3.536202060000000,Async Serial,r (0x72)
+3.536721740000000,Async Serial,\r (0x0D)
+3.537241430000000,Async Serial,\n (0x0A)
+3.537761110000000,Async Serial,\r (0x0D)
+3.538280800000000,Async Serial,\n (0x0A)
+3.538800490000000,Async Serial,' ' (0x20)
+3.539320170000000,Async Serial,R (0x52)
+3.539839860000000,Async Serial,e (0x65)
+3.540359540000000,Async Serial,q (0x71)
+3.540879230000000,Async Serial,u (0x75)
+3.541398920000000,Async Serial,e (0x65)
+3.541918600000000,Async Serial,s (0x73)
+3.542438290000000,Async Serial,t (0x74)
+3.542957980000000,Async Serial,? (0x3F)
+3.543477660000000,Async Serial,\r (0x0D)
+3.543997350000000,Async Serial,\n (0x0A)
+3.544517030000000,Async Serial,\r (0x0D)
+3.545036720000000,Async Serial,\n (0x0A)
+3.545556410000000,Async Serial,> (0x3E)
+3.546076090000000,Async Serial,> (0x3E)
+3.546595780000000,Async Serial,' ' (0x20)
diff --git a/Rhme-2016-master/challenges/binaries/casino/casino_readme.txt b/Rhme-2016-master/challenges/binaries/casino/casino_readme.txt
new file mode 100644
index 0000000..030fba7
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/casino/casino_readme.txt
@@ -0,0 +1,11 @@
+Welcome to our casino, Riscure Royale! Please enjoy your stay by
+playing a game, or drink something at our bar. Reach 1000 credits and
+you will be rewarded with a special prize.
+
+We have seen loads of cheaters lately, so we have extra guards walking
+around. Do not feel threatened by them, they will only kick out the
+people that cheat. Of course, once you earn a lot of money they will
+start investigating the matter. Better spend some money at our bar if
+this happens.
+
+PS. We all know casinos are scams.
diff --git a/Rhme-2016-master/challenges/binaries/emergency_transmitter/emergency_transmitter_readme.txt b/Rhme-2016-master/challenges/binaries/emergency_transmitter/emergency_transmitter_readme.txt
new file mode 100644
index 0000000..5bcde41
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/emergency_transmitter/emergency_transmitter_readme.txt
@@ -0,0 +1,10 @@
+We captured a crazy guy aiming a LED at planes passing by. We believe
+he is a spy from the Republic of Wadiya. Your task is to reverse how
+the device works and extract the keys without analyzing power or
+electromagnetic traces.
+
+Good luck random internet player!
+
+Note: This challenge can be solved without fancy hardware. You can
+check if you got the right flag (key) by encrypting the input and
+comparing it against the output.
diff --git a/Rhme-2016-master/challenges/binaries/fiasco/fiasco_readme.txt b/Rhme-2016-master/challenges/binaries/fiasco/fiasco_readme.txt
new file mode 100644
index 0000000..ca88914
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/fiasco/fiasco_readme.txt
@@ -0,0 +1,64 @@
+
+Elias Öberson @DrAndroid1337 - Nov 8
+Sorry, I have been offline for 3 days. My provider cancelled my
+internet subscription by error.
+
+Elias Öberson @DrAndroid1337 - Nov 8
+I finally hacked the "V2" device. It is not that hard once you know
+when to inject the glitch. Unfortunately I still don't know how to use
+it
+
+Elias Öberson @DrAndroid1337 - Nov 8
+There is no interface, no menus, no options. Only the "Chip
+locked. Please write your password:" and then, nothing.
+
+Elias Öberson @DrAndroid1337 - Nov 8
+Please, retweet this photo to see if somebody knows what this device
+is.
+
+Elias Öberson @DrAndroid1337 - Nov 9
+NO! AGAIN!
+
+Elias Öberson @DrAndroid1337 - Nov 9
+V3!!! WTF!!!
+
+Elias Öberson @DrAndroid1337 - Nov 9
+THIS CANNOT BE A COINCIDENCE! I AM FREAKING OUT!
+
+Elias Öberson @DrAndroid1337 - Nov 9
+@Leneko2015, is this one of your jokes? Is this a revenge for the day
+I triggered your home alarm using the SDR?
+
+Elias Öberson @DrAndroid1337 - Nov 9
+@Leneko2015, I am not playing this game anymore.
+
+Elias Öberson @DrAndroid1337 - Nov 11
+This is weird. I think somebody is following me.
+
+Elias Öberson @DrAndroid1337 - Nov 11
+OK. He was not following me. Maybe I am paranoid lately.
+
+Elias Öberson @DrAndroid1337 - Nov 12
+Grand Cheef McAuto released for the Xstation! I need to play it right
+now
+
+Elias Öberson @DrAndroid1337 - Nov 15
+The same guy. Following me!? Or am I just paranoid again?
+
+Elias Öberson @DrAndroid1337 - Nov 15
+HE IS REALLY FOLLOWING ME!!!
+
+Elias Öberson @DrAndroid1337 - Nov 15
+I went to the police. They don't believe me. They said I am paranoid
+
+Elias Öberson @DrAndroid1337 - Nov 15
+Is this all related? The USB devices, the strange phone calls, the
+guy. Two days ago I thought there was somebody behind my door.
+
+Elias Öberson @DrAndroid1337 - Nov 16
+I am trying to hack the "V3" device. A password again, but I cannot
+bypass it like last time.
+
+Elias Öberson @DrAndroid1337 - Nov 18
+I am not feeling safe anymore. Too many things are happening. I am
+going out the city for few days. I take the USB device with me
diff --git a/Rhme-2016-master/challenges/binaries/fiesta/fiesta_readme.txt b/Rhme-2016-master/challenges/binaries/fiesta/fiesta_readme.txt
new file mode 100644
index 0000000..644b49d
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/fiesta/fiesta_readme.txt
@@ -0,0 +1,25 @@
+Elias Öberson @DrAndroid1337 - Nov 1
+
+Walking around the financial district, I stumbled upon this strange
+device. Does anybody know what it is?
+
+Elias Öberson @DrAndroid1337 - Nov 1
+
+It does not have any recognisable logos or marks, only the letters
+"V1" written on one side and a USB connector on the other. Here is a
+photo.
+
+Elias Öberson @DrAndroid1337 - Nov 1
+
+It probably is some kind of memory, but it has an unusual design. I
+will check it when I arrive home.
+
+Elias Öberson @DrAndroid1337 - Nov 1
+
+I finally arrived home. I connected the USB device to my computer, but
+it looks that it is permanently locked.
+
+Elias Öberson @DrAndroid1337 - Nov 1
+
+Now I am curious about the device and its content. Would I be able to
+unlock it using FI?
diff --git a/Rhme-2016-master/challenges/binaries/fine_tuning/fine_tuning_readme.txt b/Rhme-2016-master/challenges/binaries/fine_tuning/fine_tuning_readme.txt
new file mode 100644
index 0000000..e1817f0
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/fine_tuning/fine_tuning_readme.txt
@@ -0,0 +1,35 @@
+Elias Öberson @DrAndroid1337 - Nov 2
+I hacked this device! I unlocked it!
+
+Elias Öberson @DrAndroid1337 - Nov 2
+It was easy to break this strange device, but unfortunately I don't
+understand how it works. It doesn't seem to do anything. Any
+suggestion?
+
+Elias Öberson @DrAndroid1337 - Nov 3
+Again! I found a similar device in the street! Who is the fool that
+keeps losing these "pendrives"!?
+
+Elias Öberson @DrAndroid1337 - Nov 3
+It looks the same but now it has a "V2" mark. There is nothing good on
+TV tonight so I will take a look at this.
+
+Elias Öberson @DrAndroid1337 - Nov 3
+It's not locked! That's good! Maybe I can find what it
+does. Unfortunately it asks for a password but I think I can bypass it
+using FI again.
+
+Elias Öberson @DrAndroid1337 - Nov 4
+The "V1" was very easy to break but this one... A couple of hours
+already and still nothing.
+
+Elias Öberson @DrAndroid1337 - Nov 4
+OK! It's 3AM. I think I will continue tomorrow.
+
+Elias Öberson @DrAndroid1337 - Nov 4
+I cannot sleep. Somebody keeps calling my landline. They do not say
+anything but I can hear them breathing.
+
+Elias Öberson @DrAndroid1337 - Nov 4
+I disconnected the phone but the moron has my mobile! I am sure it is
+@Leneko2015, bored at home.
diff --git a/Rhme-2016-master/challenges/binaries/jumpy/jumpy.bin b/Rhme-2016-master/challenges/binaries/jumpy/jumpy.bin
new file mode 100644
index 0000000000000000000000000000000000000000..b39a72393ea7e4334c872e2a1e6b3ea496a5f87d
GIT binary patch
literal 3574
zcmcImT~HHO6y94+2nbneEmb?r27|7hSQ61HU`v8pZ5?Mor;K$v9ez~QwpvuI_D^@S
zKoTQnH|!OH46A+UOzn)7I#abevQDQDt#$CB4|VG3BB*Fl))FT&^{4k{14;a;`%)n6
z*?Z6Z?)RN@a_>nO-z3t->i_*iJo6_rmpauw_=j?_>ugu1vR~;``UmbS&&dWpBX}sk
zGv$25svNr9sQ@`U_|@$1Q+gt1abQfkc-fdP5=3|NrDiI4_UOf<K8_%m0baQW7}jg&
z6=rjY_Srgz8qwG*>^)%NNdA)0Etnu)gI6>}y~n%j(bL+CJy>K-@4=QES<?`fW=$Dz
zD8s<Q+CLxh%889w*5Q$4+{za6hr8m%F7njbu2z4*^Q9bUX!W%Ndxf*Kz;E|phGua!
z!6>}4zrU;3$F*_aawj>9;!u`cEALy+e#ZLQcI30jcmbRNO<V`}9e2!w=Ux33y&Kpa
zY=CWTFpILmYn>5h5l)-O=W)sw#W`4dZAD+)qr^BdYw4Zn%FD|hLp}-40<-wD0q=ql
zNSV1VDD57<$KTN209tNGu<dJTLpGkrme006GC_{-5MPaFJ3LLEriPB_T5MzG(TrGA
z)i1g$_r@cW9JA5PStlSpKxUNWd4e#D3xU_#6U`?^jL#G2v<jH)p5%T}HjD27Kj&w6
zIYO$RZE~=xk8NY!?{}2iqE&$3z}_~_$6<?XDHs}=zX!&<Ngn^ku{GpL2ziX`V*?d<
z6|OFfr|CKn@u6Log&Cn3@PZStm3*@kFwMnatUNyG1mlCnAQ2H)9wWR4rrR9~Bg_F&
zG_slE-Vh9N6yXUdkF$C@Cq^g&Z`sQfAB*>yFUeqm#Ahr=pUhlOVbB%diLchfcW#Vt
z!6@HAK_XxAKly5!^P`LyVOA6?nNuJ?SQ6*NJb_bOy@ob3#wdT3k-IRF5mWWJu17Hn
zVvGu(z=)gMIzP^+RfoRWF*Gf=$@+FX_9dV(>z>Wc9@FO-)#oWn)K{;Ak){jR!bp`d
zNf^A280E!OX?&7ZdFC}IWX-LEkt2qtWiJ`cUC@$%=GB2VCx)g~XEGY|I!r(d>Oj-#
zk`ZQ)MynwyTFmNaXH7c;0#0c`D9k8=Vipe)fkCs_XsEx+qc`5bp#O~qZ)|R??2lQ=
zwb^)CTbn%kuzTe0VgwgDZAt*x%Qu&x)5Znjp2Rug9R7}YZ}Lhz=jU9?a;2)TR&n=X
z%s-80aR*@*cN#`cCw$jvx6|vKjhk_EmXc3f>3rHthNwO7;d5>#XF(@wlGlJ9uiUFM
zbzn`ouE)#vmmaUYD|&cYdh~eFy?VT6T*=p=aq10SUj2G@wD#!1nlYfqEAN^fuUBvC
ziT%`GJy?0S^mx%X^hAPwO0BYkK?UFNO<f&bCW!ki?OuQM9*%!!MtaCcJ?Mm9PU7}(
zliXRT55T9XccoOikK4uVV)voGqF&g|?Pi;}Jl4rJvBMx0j&uu5e!&p^Sl?q7!v+)T
zbWG4JT8v&*TG6T=w}<GX%MPnOY7M!K@=_scvic+Z1$A4U4nZ}GMaE9#pN^hu?c42M
z`dCGwdffTjP$S$1*TN(4e55$cLk8BuD!8*WP%4$0V2C74<>bL}O8<kwtgM%e{VBsK
zvif}13&y^bJ1MPd^~+nv)sKVY3d3pBs#L2j*EZFb6E?xLX{q4@uCHNWkj-YZO>o71
z{@sOSIki%)aBfl;LoeC#Pl&2gCFiHA2bv&8oM0@c{_b7`Z(lOWc&~}Z5Ouq|5pFV6
z8BC%H_KPRz8hRUj2DA)g-8ce)L2Ru=z5K7}TsmniKstXiT2yGwRMW*HX#BV_GdEqF
zhh`@lYlon8dI*wbN;y?6sbI5of>tv+vsXz6qtAoXYN>`koN*w#hH^_&qE<DvMZzQ1
z6esP^sLGx~)k(8xY+0##sWKxc+im~E{((I+S6Wf#YEy5kUh5L|7Wt4mLDf(=4?<a)
z>zhc2bD4pOahhkWaP|$g7XKcL{ZSZ!*Pv8!I`Y8gC57z0&;zl?mSJfv(_gDpqP$6i
z%zz0JxoM&nn^dFrrbW(x-cs|%h(vm3*lS&`o*-S}E?Z`}^5Izd<BE}NUI0Me&|HG}
zC=nC9D?aSbNL#eDWN{IZk%s=}uc@nBv)S^|)>R)`Hm=!TXQ^AiVNDL2dV6E-*194K
F@h{Bh`9=T$

literal 0
HcmV?d00001

diff --git a/Rhme-2016-master/challenges/binaries/jumpy/jumpy_readme.txt b/Rhme-2016-master/challenges/binaries/jumpy/jumpy_readme.txt
new file mode 100644
index 0000000..455490a
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/jumpy/jumpy_readme.txt
@@ -0,0 +1,6 @@
+We really need access to this lab protected with an Arduino-based
+access control system. Our operatives obtained a flash dump from a
+non-personalized engineering sample, but we are having trouble reverse
+engineering it.
+
+Can you help us get the password to get through?
diff --git a/Rhme-2016-master/challenges/binaries/key_server/key_server_readme.txt b/Rhme-2016-master/challenges/binaries/key_server/key_server_readme.txt
new file mode 100644
index 0000000..0ea499b
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/key_server/key_server_readme.txt
@@ -0,0 +1,8 @@
+We have received a portable asymmetric key storage for evaluation
+purposes. This portable device was manufactured by Ebian Corp to
+facilitate secure communications with customers. It generates and
+stores adminstrators' public keys. Customers can use this repository
+to find the public key of the admin they want to contact, and
+administrators can use this repository to update their key
+information. If this fancy keychain passes the test we are going to
+give them away like candy, secure candy.
diff --git a/Rhme-2016-master/challenges/binaries/photo_manager/photo_manager_readme.txt b/Rhme-2016-master/challenges/binaries/photo_manager/photo_manager_readme.txt
new file mode 100644
index 0000000..9839bf5
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/photo_manager/photo_manager_readme.txt
@@ -0,0 +1,10 @@
+We have recently been informed that a group of hackers exploited a
+vulnerability in a PC within another very secure network. Our
+operative says the hacker in charge took a snapshot of the password,
+which they stored in their secret hidden-away database.
+
+Today we found a photo manager service running on the internet. This
+service can be linked to the hacker who retrieved the passwords. From
+the size of the photo manager we can see they stored lots of pictures,
+so we are hoping they stored the password on their photo manager
+too. Can you breach their photo manager and take a quick look?
diff --git a/Rhme-2016-master/challenges/binaries/piece_of_scake/piece_of_scake.txt b/Rhme-2016-master/challenges/binaries/piece_of_scake/piece_of_scake.txt
new file mode 100644
index 0000000..f36e116
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/piece_of_scake/piece_of_scake.txt
@@ -0,0 +1,6 @@
+This is an easy SCA challenge using a cipher implementation without
+any SCA or DFA countermeasures. Find the key used to encrypt and
+decrypt messages. Please, consider both SCA and DFA attacks.
+
+To encrypt a message, send the letter 'e' followed of 16 bytes. To
+decrypt a message, send the letter 'd' followed of 16 bytes.
diff --git a/Rhme-2016-master/challenges/binaries/scalate/scalate.txt b/Rhme-2016-master/challenges/binaries/scalate/scalate.txt
new file mode 100644
index 0000000..6790870
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/scalate/scalate.txt
@@ -0,0 +1,3 @@
+We added even more countermeasures.
+
+Good luck! 
diff --git a/Rhme-2016-master/challenges/binaries/secret_sauce/secret_sauce_readme.txt b/Rhme-2016-master/challenges/binaries/secret_sauce/secret_sauce_readme.txt
new file mode 100644
index 0000000..c974221
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/secret_sauce/secret_sauce_readme.txt
@@ -0,0 +1,12 @@
+We managed to capture a group of spies at our premises. Our
+specialists in enhanced interrogation techniques worked through the
+entire night but did not manage to retrieve any information.
+
+Luckily, we intercepted the spy as they were trying to chew and
+swallow the Arduino Nano device that they were carrying in their
+pocket. The device is protected with a password and the Pure Software
+Exploitation Team applied all the tricks they have but did not find
+any way to guess the secret password.
+
+Can you find the correct password and get the secret data stored on
+the device?
diff --git a/Rhme-2016-master/challenges/binaries/still_not_scary/still_not_scary.txt b/Rhme-2016-master/challenges/binaries/still_not_scary/still_not_scary.txt
new file mode 100644
index 0000000..d270a5e
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/still_not_scary/still_not_scary.txt
@@ -0,0 +1,3 @@
+We added a simple countermeasure to the previous challenge.
+
+Will you be able to break it?
diff --git a/Rhme-2016-master/challenges/binaries/whac_the_mole/whac_the_mole_readme.txt b/Rhme-2016-master/challenges/binaries/whac_the_mole/whac_the_mole_readme.txt
new file mode 100644
index 0000000..e8ebea4
--- /dev/null
+++ b/Rhme-2016-master/challenges/binaries/whac_the_mole/whac_the_mole_readme.txt
@@ -0,0 +1,6 @@
+Who doesn't like a classic game of whac-the-mole? This time the moles
+infiltrated deep into the backyard of a poor farmer's family. The
+moles are ruining the crops, which the farmer desperately needs to
+provide for his wife and 2 children. Any traveler able to help him by
+extinguishing the darn things will be greatly rewarded. Are you up for
+the task?
diff --git a/Rhme-2016-master/src/Makefile b/Rhme-2016-master/src/Makefile
new file mode 100644
index 0000000..5dcda7d
--- /dev/null
+++ b/Rhme-2016-master/src/Makefile
@@ -0,0 +1,24 @@
+ 
+# sca 1 - piece of scake
+# simple aes sca challenge without any delays
+# define DRANDOM_DELAY to enable random delays
+# define DTRIGGER=1 to enable a trigger right before entering aes_enc()
+simplesca: CHNAME=simplesca
+simplesca: OBJECTS=$(addprefix bin/,$(SERIAL) $(AESPROTECTED) $(SIMPLESCA)) aes/gf256mul.S 
+simplesca: ADDFLAGS=-Iserial -Iaesprotected -DDELAYSIZE=0x0 -DTRIGGER=1 -DENABLE_RANDOMDELAY=0 -DENABLE_DUMMYROUNDS=0 -DENABLE_ANTIDFA=0 -DAES_ENCRYPTION=0
+simplesca: serial aesprotected1 $(addprefix simplesca/,$(SIMPLESCA))
+simplesca: simplesca.enc.hex
+
+# sca 2 - still not scary
+mediumsca: CHNAME=mediumsca
+mediumsca: OBJECTS=$(addprefix bin/,$(SERIAL) $(AESPROTECTED) $(MEDIUMSCA)) aes/gf256mul.S 
+mediumsca: ADDFLAGS=-Iserial -Iaesprotected -DDELAYSIZE=0x0 -DTRIGGER=0 -DENABLE_RANDOMDELAY=1
+mediumsca: serial aesprotected2 $(addprefix mediumsca/,$(MEDIUMSCA))
+mediumsca: mediumsca.enc.hex
+
+# sca 3 - wow that escalated quickly
+hardsca: CHNAME=hardsca
+hardsca: OBJECTS=$(addprefix bin/,$(SERIAL) $(AESPROTECTED) $(HARDSCA)) aes/gf256mul.S 
+hardsca: ADDFLAGS=-Iserial -Iaesprotected -DDELAYSIZE=0x0 -DTRIGGER=0 -DENABLE_RANDOMDELAY=1 -DENABLE_DUMMYROUNDS=1 -DENABLE_ANTIDFA=1 -DAES_ENCRYPTION=1
+hardsca: serial aesprotected3 $(addprefix hardsca/,$(HARDSCA))
+hardsca: hardsca.enc.hex
diff --git a/Rhme-2016-master/src/README.md b/Rhme-2016-master/src/README.md
new file mode 100644
index 0000000..8340bde
--- /dev/null
+++ b/Rhme-2016-master/src/README.md
@@ -0,0 +1,13 @@
+# Rhme-2016
+
+The source code is not compilable at the moment, it will be possible to
+compile it eventually once all the dependencies are in place. It is 
+posted here to help you understand the vulnerabilities.
+
+## Compilation
+
+### Tools
+
+### Instructions
+
+
diff --git a/Rhme-2016-master/src/aesprotected/aesProtected.c b/Rhme-2016-master/src/aesprotected/aesProtected.c
new file mode 100644
index 0000000..3fae968
--- /dev/null
+++ b/Rhme-2016-master/src/aesprotected/aesProtected.c
@@ -0,0 +1,486 @@
+/* aes.c */
+/*
+ * This code is/was initially part of the AVR-Crypto-Lib. It is now
+ * stripped down such that only AES 128 encryption and decryption in
+ * CBC mode is supported.
+ *
+ * Copyright (C) 2016      alegen (alex@alegen.net)
+ * Copyright (C) 2006-2016 Daniel Otte (bg@nerilex.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "aesProtected.h"
+#include <avr/pgmspace.h>
+#include "gf256mul.h"
+
+/*
+ * Function prototypes which are not public.
+ */
+
+static void aes_rotword(uint32_t* a); 
+
+#if AES_ENCRYPTION
+
+static void aes_enc_round(aes_state_t data, aes_roundkey_t k);
+static void aes_enc_lastround(aes_state_t data, aes_roundkey_t k);
+static void aes_shiftrow(uint8_t* row_start, uint8_t shift);
+
+#endif
+
+static void aes_dec_firstround(aes_state_t data, aes_roundkey_t k);
+static void aes_dec_round(aes_state_t data, aes_roundkey_t k);
+static void aes_invshiftrow(uint8_t* row_start, uint8_t shift);
+
+/*
+ * Tables with precomputed values.
+ */
+
+const uint8_t PROGMEM aes_sbox[256] = { 
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 
+    0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 
+    0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 
+    0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 
+    0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 
+    0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 
+    0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 
+    0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 
+    0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 
+    0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 
+    0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 
+    0xb0, 0x54, 0xbb, 0x16}; 
+
+const uint8_t PROGMEM aes_invsbox[256] = {
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
+    0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32,
+    0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49,
+    0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50,
+    0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05,
+    0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41,
+    0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8,
+    0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b,
+    0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59,
+    0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d,
+    0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63,
+    0x55, 0x21, 0x0c, 0x7d};
+
+const uint8_t PROGMEM rc_tab[] = { 
+    0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c}; 
+
+/*
+ * AES key expansion code
+ */
+
+void aes_key_expansion(aes_key_t key) { 
+    uint8_t i; 
+    // number of columns (32 bit words) comprising the state 
+    // in generic AES, this is constant to 4 
+    uint8_t nb = 4; 
+    // number of 32 bit words comprising the cipher key 
+    // 4, 6 or 8, but 4 in our case 
+    uint8_t nk = 4; 
+    // number of rounds which is either 10, 12 or 14, but 10 in our case 
+    uint8_t nr = 10; 
+    // union which lets us select easily between 32 bit 
+    // words and individual bytes 
+    union { 
+        uint32_t v32; 
+        uint8_t v8[4]; 
+    } tmp; 
+    for (i = nk; i < nb * (nr + 1); i++) { 
+        SHORTRANDOMDELAY();
+        tmp.v32 = ((uint32_t*)key)[i - 1]; 
+        if ( i % nk == 0) { 
+            aes_rotword(&(tmp.v32)); 
+            tmp.v8[0] = pgm_read_byte(aes_sbox + tmp.v8[0]); 
+            tmp.v8[1] = pgm_read_byte(aes_sbox + tmp.v8[1]); 
+            tmp.v8[2] = pgm_read_byte(aes_sbox + tmp.v8[2]); 
+            tmp.v8[3] = pgm_read_byte(aes_sbox + tmp.v8[3]); 
+            tmp.v8[0] ^= pgm_read_byte(rc_tab + i / nk); 
+        } 
+        ((uint32_t*)key)[i] = ((uint32_t*)key)[i - nk] ^ tmp.v32; 
+    } 
+} 
+
+static void aes_rotword(uint32_t* a) {
+    uint8_t t;
+    t = ((uint8_t*)a)[0];
+    ((uint8_t*)a)[0] = ((uint8_t*)a)[1];
+    ((uint8_t*)a)[1] = ((uint8_t*)a)[2];
+    ((uint8_t*)a)[2] = ((uint8_t*)a)[3];
+    ((uint8_t*)a)[3] = t;
+}
+
+/*
+ * AES encryption code.
+ */
+
+#if AES_ENCRYPTION
+
+void aes_ecb_encrypt_inner(aes_state_t data, aes_key_t key) {
+    uint8_t i;
+    uint8_t rounds = 10;
+  
+    RANDOMDELAY();
+    for (i = 0; i < 16; ++i) {
+        data[i] ^= key[0 * AES_ROUNDKEY_SIZE + i];
+        SHORTRANDOMDELAY();
+    }
+
+    i = 1;
+    for (; rounds > 1; --rounds) {
+        RANDOMDELAY();
+       
+       executeWithDummies(&aes_enc_round, data, key + i * AES_ROUNDKEY_SIZE);
+
+        ++i;
+    }
+
+    RANDOMDELAY();
+
+    executeWithDummies(&aes_enc_lastround, data, key + i * AES_ROUNDKEY_SIZE);    
+
+    RANDOMDELAY();
+
+}
+
+
+void aes_ecb_encrypt(aes_state_t data, aes_key_t key) {
+    #if ENABLE_ANTIDFA
+    uint8_t bufBck[AES_STATE_SIZE];
+    aes_state_t dataBck = bufBck;
+    memcpy(dataBck, data, AES_STATE_SIZE);    
+    #endif
+
+    aes_ecb_encrypt_inner(data, key);        
+
+    #if ENABLE_ANTIDFA
+
+    LONGDELAY();
+    aes_ecb_encrypt_inner(dataBck, key);        
+
+    if (memcmp(data,dataBck,AES_STATE_SIZE) != 0) {
+        memset(data,0,AES_STATE_SIZE);  //Fault detected. Clearing the output
+    }
+
+    #endif
+}
+
+ void aes_cbc_encrypt(aes_state_t data, aes_iv_t iv, aes_key_t key) {
+    uint8_t i;
+    for (i = 0; i < AES_STATE_SIZE; i++)
+        data[i] = data[i] ^ iv[i];
+    aes_ecb_encrypt(data, key);
+}
+
+static void aes_enc_round(aes_state_t data, aes_roundkey_t k) {
+    uint8_t tmp[16], t;
+    uint8_t i;
+
+    // sub bytes
+    for (i = 0; i < 16; ++i) {
+        tmp[i] = pgm_read_byte(aes_sbox + data[i]);
+    }
+
+    // shift rows
+    SHORTRANDOMDELAY();
+    aes_shiftrow(tmp + 1, 1);
+    SHORTRANDOMDELAY();    
+    aes_shiftrow(tmp + 2, 2);
+    SHORTRANDOMDELAY();
+    aes_shiftrow(tmp + 3, 3);
+    SHORTRANDOMDELAY();
+
+    // mix colums
+    for (i = 0; i < 4; ++i) {
+        t = tmp[4 * i + 0] ^ tmp[4 * i + 1] ^ tmp[4 * i + 2] ^ tmp[4 * i + 3];        
+        SHORTRANDOMDELAY();
+        data[4 * i + 0] = gf256mul(2, tmp[4 * i + 0] ^ tmp[4 * i + 1], 0x1b) ^
+                          tmp[4 * i + 0] ^ t;
+        SHORTRANDOMDELAY();                          
+        data[4 * i + 1] = gf256mul(2, tmp[4 * i + 1] ^ tmp[4 * i + 2], 0x1b) ^
+                          tmp[4 * i + 1] ^ t;
+        SHORTRANDOMDELAY();                          
+        data[4 * i + 2] = gf256mul(2, tmp[4 * i + 2] ^ tmp[4 * i + 3], 0x1b) ^
+                          tmp[4 * i + 2] ^ t;
+        SHORTRANDOMDELAY();
+        data[4 * i + 3] = gf256mul(2, tmp[4 * i + 3] ^ tmp[4 * i + 0], 0x1b) ^
+                          tmp[4 * i + 3] ^ t;
+        SHORTRANDOMDELAY();                          
+    }
+
+    // add key
+    for (i = 0; i < 16; ++i) {
+        data[i] ^= k[i];
+        SHORTRANDOMDELAY();
+    }
+}
+
+static void aes_enc_lastround(aes_state_t data, aes_roundkey_t k) {
+    uint8_t i;
+
+    // sub bytes
+    for (i = 0; i < 16; ++i) {
+        data[i] = pgm_read_byte(aes_sbox + data[i]);
+    }
+
+    // shift rows
+    SHORTRANDOMDELAY();
+    aes_shiftrow(data + 1, 1);
+    SHORTRANDOMDELAY();
+    aes_shiftrow(data + 2, 2);
+    SHORTRANDOMDELAY();    
+    aes_shiftrow(data + 3, 3);
+    SHORTRANDOMDELAY();    
+
+    // add key
+    for (i = 0; i < 16; ++i) {
+        data[i] ^= k[i];
+        SHORTRANDOMDELAY();
+    }
+}
+
+static void aes_shiftrow(uint8_t* row_start, uint8_t shift) {
+    uint8_t row[4];
+    row[0] = row_start[ 0];
+    row[1] = row_start[ 4];
+    row[2] = row_start[ 8];
+    row[3] = row_start[12];
+    row_start[ 0] = row[ (shift + 0) & 3 ];
+    row_start[ 4] = row[ (shift + 1) & 3 ];
+    row_start[ 8] = row[ (shift + 2) & 3 ];
+    row_start[12] = row[ (shift + 3) & 3 ];
+}
+
+#endif // AES_ENCRYPTION
+
+/*
+ * AES decryption code.
+ */
+
+ void aes_ecb_decrypt_inner(aes_state_t data, aes_key_t key) {
+    uint8_t i;
+    uint8_t rounds = 10;
+    i = rounds;
+    RANDOMDELAY();
+    executeWithDummies(&aes_dec_firstround,data, key + i * AES_ROUNDKEY_SIZE);    
+    for (; rounds > 1; --rounds) {
+        --i;
+        RANDOMDELAY();
+        executeWithDummies(&aes_dec_round,data, key + i * AES_ROUNDKEY_SIZE);            
+    }
+    RANDOMDELAY();
+    for (i = 0; i < 16; ++i) {
+        SHORTRANDOMDELAY();        
+        data[i] ^= key[0 * AES_ROUNDKEY_SIZE + i];
+    }
+    RANDOMDELAY();
+}
+
+
+void aes_ecb_decrypt(aes_state_t data, aes_key_t key) {
+    #if ENABLE_ANTIDFA
+    uint8_t bufBck[AES_STATE_SIZE];
+    aes_state_t dataBck = bufBck;        
+    memcpy(dataBck, data, AES_STATE_SIZE);    
+    
+    #endif
+
+    aes_ecb_decrypt_inner(data, key);    
+
+    #if ENABLE_ANTIDFA
+
+    LONGDELAY();    
+    
+    aes_ecb_decrypt_inner(dataBck, key); 
+   
+    if (memcmp(data,dataBck,AES_STATE_SIZE) != 0) {
+        memset(data,0,AES_STATE_SIZE);  //Fault detected. Clearing the output
+    }
+
+    #endif
+}
+
+
+ void aes_cbc_decrypt(aes_state_t data, aes_iv_t iv, aes_key_t key) {
+    uint8_t i;
+    aes_ecb_decrypt(data, key);
+    for (i = 0; i < AES_STATE_SIZE; i++)
+        data[i] = data[i] ^ iv[i];
+}
+
+static void aes_dec_firstround(aes_state_t data, aes_roundkey_t k) {
+    uint8_t i;
+
+    // add key
+    for (i = 0; i < 16; ++i) {
+        SHORTRANDOMDELAY();        
+        data[i] ^= k[i];
+    }
+
+    // shift rows
+    SHORTRANDOMDELAY();
+    aes_invshiftrow(data + 1, 1);
+    SHORTRANDOMDELAY();
+    aes_invshiftrow(data + 2, 2);
+    SHORTRANDOMDELAY();
+    aes_invshiftrow(data + 3, 3);
+    SHORTRANDOMDELAY();
+
+    // sub bytes
+    for (i = 0; i < 16; ++i) {
+        data[i] = pgm_read_byte(aes_invsbox + data[i]);
+    }
+}
+
+static void aes_dec_round(aes_state_t data, aes_roundkey_t k) {
+    uint8_t tmp[16];
+    uint8_t i;
+    uint8_t t, u, v, w;
+
+    // add key
+    for (i = 0; i < 16; ++i) {
+        SHORTRANDOMDELAY();
+        tmp[i] = data[i] ^ k[i];
+    }
+
+    // mix colums
+    for (i = 0; i < 4; ++i) {
+        SHORTRANDOMDELAY();
+        t = tmp[4 * i + 3] ^ tmp[4 * i + 2];
+        SHORTRANDOMDELAY();
+        u = tmp[4 * i + 1] ^ tmp[4 * i + 0];
+        SHORTRANDOMDELAY();
+        v = t ^ u;
+        SHORTRANDOMDELAY();
+        v = gf256mul(0x09, v, 0x1b);
+        SHORTRANDOMDELAY();
+        w = v ^ gf256mul(0x04, tmp[4 * i + 2] ^ tmp[4 * i + 0], 0x1b);
+        SHORTRANDOMDELAY();   
+        v = v ^ gf256mul(0x04, tmp[4 * i + 3] ^ tmp[4 * i + 1], 0x1b);
+        SHORTRANDOMDELAY();
+        data[4 * i + 3] = tmp[4 * i + 3] ^ v ^
+                          gf256mul(0x02, tmp[4 * i + 0] ^ tmp[4 * i + 3], 0x1b);
+        SHORTRANDOMDELAY();
+        data[4 * i + 2] = tmp[4 * i + 2] ^ w ^ gf256mul(0x02, t, 0x1b);
+        SHORTRANDOMDELAY();
+        data[4 * i + 1] = tmp[4 * i + 1] ^ v ^
+                          gf256mul(0x02, tmp[4 * i + 2] ^ tmp[4 * i + 1], 0x1b);
+        SHORTRANDOMDELAY();                     
+        data[4 * i + 0] = tmp[4 * i + 0] ^ w ^ gf256mul(0x02, u, 0x1b);        
+    }
+
+    // shift rows
+    SHORTRANDOMDELAY();
+    aes_invshiftrow(data + 1, 1);
+    SHORTRANDOMDELAY();
+    aes_invshiftrow(data + 2, 2);
+    SHORTRANDOMDELAY();
+    aes_invshiftrow(data + 3, 3);
+    SHORTRANDOMDELAY();
+
+    // sub bytes
+    for (i = 0; i < 16; ++i) {
+        data[i] = pgm_read_byte(aes_invsbox + data[i]);
+    }
+}
+
+static void aes_invshiftrow(uint8_t* row_start, uint8_t shift) {
+    uint8_t row[4];
+    row[0] = row_start[ 0];
+    row[1] = row_start[ 4];
+    row[2] = row_start[ 8];
+    row[3] = row_start[12];
+    row_start[ 0] = row[ (4 - shift + 0) & 3 ];
+    row_start[ 4] = row[ (4 - shift + 1) & 3 ];
+    row_start[ 8] = row[ (4 - shift + 2) & 3 ];
+    row_start[12] = row[ (4 - shift + 3) & 3 ];
+}
+
+
+#if ENABLE_RANDOMDELAY
+
+
+void random_delay(uint16_t max_value) {
+
+    volatile uint16_t n = rand() % max_value;    
+    
+    for (; n > 0; n--) {                                               \
+        asm volatile("nop");                                                \
+    }
+}
+
+
+#endif
+
+void delay(uint16_t value) { 
+    volatile uint16_t n =value;    
+    
+    for (; n > 0; n--) {                                               \
+        asm volatile("nop");                                                \
+    }
+}
+
+void executeWithDummies(void (*function)(uint8_t *, uint8_t *), uint8_t *data, uint8_t *key) {
+
+    #if ENABLE_DUMMYROUNDS     
+
+    uint8_t randomData[16+16];    
+    uint8_t i, j;
+
+    uint8_t numDummies = 1 + rand()%3;
+    uint8_t posRealOp = rand()%numDummies;
+    
+    for (i=0; i<numDummies; i++) {
+        
+        // Fill the buffer randomly
+        for (j=0; j<32; j+=2)
+            *(randomData+j)=rand();
+
+        if (i==posRealOp)
+            function(data, key);
+        else
+            function(randomData, randomData+16);
+    }
+
+    #else
+    function(data, key);
+    #endif
+
+}
+
diff --git a/Rhme-2016-master/src/aesprotected/aesProtected.h b/Rhme-2016-master/src/aesprotected/aesProtected.h
new file mode 100644
index 0000000..d3e5e91
--- /dev/null
+++ b/Rhme-2016-master/src/aesprotected/aesProtected.h
@@ -0,0 +1,74 @@
+/* aes.h */
+/*
+ * This code is/was initially part of the AVR-Crypto-Lib. It is now
+ * stripped down such that only AES 128 encryption and decryption in
+ * CBC mode is supported.
+ *
+ * Copyright (C) 2016      alegen (alex@alegen.net)
+ * Copyright (C) 2006-2016 Daniel Otte (bg@nerilex.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef AES_H_
+#define AES_H_
+
+#include <stdint.h>
+
+/*
+ * The three types defined below are already array types
+ * and work as if they are pointers. No need to dereference
+ * variables of these types.
+ */
+
+typedef uint8_t* aes_state_t;
+typedef uint8_t* aes_iv_t;
+typedef uint8_t* aes_roundkey_t;
+typedef uint8_t* aes_key_t;
+
+#define AES_STATE_SIZE      16
+#define AES_IV_SIZE         16
+#define AES_ROUNDKEY_SIZE   16
+#define AES_KEY_SIZE        (16 * 11)
+
+
+inline void aes_key_expansion(aes_key_t key);
+
+#if AES_ENCRYPTION
+
+inline void aes_ecb_encrypt(aes_state_t data, aes_key_t key);
+inline void aes_cbc_encrypt(aes_state_t data, aes_iv_t, aes_key_t key);
+
+#endif
+
+inline void aes_ecb_decrypt(aes_state_t data, aes_key_t key);
+inline void aes_cbc_decrypt(aes_state_t data, aes_iv_t, aes_key_t key);
+
+
+void delay(uint16_t value);
+#define LONGDELAY() delay(0x4FF);
+
+#if ENABLE_RANDOMDELAY
+#define RANDOMDELAY() random_delay(0x007F);
+//#define SHORTRANDOMDELAY() random_delay(0x001F);
+#define SHORTRANDOMDELAY() ;
+void random_delay(uint16_t max_value);
+#else
+#define RANDOMDELAY() ;
+#define SHORTRANDOMDELAY() ;
+#endif
+
+void executeWithDummies(void (*function)(uint8_t *, uint8_t *), uint8_t *data, uint8_t *key);
+
+#endif
diff --git a/Rhme-2016-master/src/aesprotected/gf256mul.S b/Rhme-2016-master/src/aesprotected/gf256mul.S
new file mode 100644
index 0000000..a7a1ba4
--- /dev/null
+++ b/Rhme-2016-master/src/aesprotected/gf256mul.S
@@ -0,0 +1,119 @@
+/* gf256mul.S */
+/*
+ * This file is part of the AVR-Crypto-Lib.
+ * Copyright (C) 2006-2015 Daniel Otte (bg@nerilex.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+ /*
+  * For reference, the meaning of the 'f' character in behind labels in branch
+  * instruction refers to local labels. Read more about it here:
+  * http://www.atmel.com/webdoc/AVRLibcReferenceManual/FAQ_1faq_asmstabs.html
+  *
+  * The algorithm used in this implementation is the Russian Peasant
+  * Multiplication algorithm. Read more about it here:
+  * https://en.wikipedia.org/wiki/Ancient_Egyptian_multiplication
+  */
+
+#include <avr/io.h>
+#define OPTIMIZE_SMALL_A
+
+/*
+ * param a:         r24
+ * param b:         r22
+ * param reducer:   r20
+ * return value:    r24
+ */
+
+/*
+ * aliases for registers
+ */
+A = 23
+B = 22
+P = 24
+
+.global gf256mul
+
+#ifdef OPTIMIZE_SMALL_A
+
+gf256mul:
+    ; A = r24
+    mov A, r24
+    ; r24 = 0
+    clr r24
+1:
+    ; A >> 1
+    ; bit 0 is loaded into the C flag
+    ; if result is 0, the Z flag is set
+    lsr A
+    ; branch if Z flag is set
+    breq 4f
+    ; branch if C flag is cleared
+    brcc 2f
+    ; P = P xor B
+    eor P, B
+2:
+    ; B << 1
+    ; bit 7 is loaded into the C flag
+    ; if result is 0, the Z flag is set
+    lsl B
+    ; branch if C flag is cleared
+    brcc 3f
+    ; B = B xor r20
+    eor B, r20
+3:
+    rjmp 1b
+4:
+    ; branch if C flag is cleared
+    brcc 2f
+    ; P = P xor B
+    eor P, B
+2:
+    ret
+
+#else // OPTIMIZE_SMALL_A not defined
+
+gf256mul:
+    ; A = r24
+    mov A, r24
+    ; r24 = 0
+    clr r24
+    ; r25 = 0
+    ldi r25, 8
+1:
+    ; A >> 1
+    ; bit 0 is loaded into the C flag
+    ; if result is 0, the Z flag is set
+    lsr A
+    ; branch if C flag is cleared
+    brcc 2f
+    ; P = P xor B
+    eor P, B
+2:
+    ; B << 1
+    lsl B
+    ; branch if C flag is cleared
+    brcc 3f
+    ; B = B xor r20
+    eor B, r20
+3:
+    ; r25 -= 1
+    ; if result is 0, the Z flag is set
+    dec r25
+    ; branch if Z flag is not set
+    brne 1b
+    ret
+
+#endif // OPTIMIZE_SMALL_A
diff --git a/Rhme-2016-master/src/aesprotected/gf256mul.h b/Rhme-2016-master/src/aesprotected/gf256mul.h
new file mode 100644
index 0000000..987cb82
--- /dev/null
+++ b/Rhme-2016-master/src/aesprotected/gf256mul.h
@@ -0,0 +1,36 @@
+/* gf256mul.h */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2006-2015 Daniel Otte (bg@nerilex.org)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef GF256MUL_H_
+#define GF256MUL_H_
+
+/**
+ * \author  Daniel Otte
+ * \email   bg@nerilex.org
+ * \date    2008-12-19
+ * \license GPLv3
+ * \brief
+ *
+ *
+ */
+
+#include <stdint.h>
+
+uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
+
+#endif /* GF256MUL_H_ */
diff --git a/Rhme-2016-master/src/hardsca/hardsca.c b/Rhme-2016-master/src/hardsca/hardsca.c
new file mode 100644
index 0000000..82409bc
--- /dev/null
+++ b/Rhme-2016-master/src/hardsca/hardsca.c
@@ -0,0 +1,121 @@
+/* RHme2
+ * Side Channel Analysis - SCAlate
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <avr/pgmspace.h>
+#include <avr/eeprom.h>
+
+#include "serial_io.h"
+#include "aesProtected.h"
+
+
+//For most platforms we want to use the AVR ADC-pins, since they have a seperate power rail
+//This can be overridden elsewhere
+#if TRIGGER==1
+#define trigger_setup() DDRB = 0x20;
+#define trigger_high()  PORTB |= (1 << PORTB5);
+#define trigger_low()   PORTB &= ~(1 << PORTB5);
+#else
+#define trigger_setup()
+#define trigger_low()
+#define trigger_high()
+#endif
+
+uint8_t key[AES_KEY_SIZE];
+uint8_t buf[AES_STATE_SIZE];
+
+void fill_buf() 
+{
+    uint8_t i;
+
+    for(i = 0; i < 16; ++i) {
+        buf[i] = usart_recv_byte();
+    }
+}
+
+void send_buf() 
+{
+    uint8_t i;
+
+    for(i = 0; i < 16; ++i) {
+        usart_send_byte(buf[i]);
+    }
+}
+
+void encrypt() 
+{
+    trigger_high();
+    aes_ecb_encrypt(buf, key);
+    trigger_low();
+}
+
+void decrypt() 
+{
+    aes_ecb_decrypt(buf, key);
+}
+
+void aes_setup() 
+{
+    uint8_t aux[32] = {0x1c, 0x7b, 0x3f, 0x97, 0x83, 0xa4, 0x72, 0x55, 0xdb, 0x68, 0xb2, 0xd6, 0xe1, 0x9a, 0x9d, 0xd2};
+    int i;
+
+    for (i = 0; i < AES_KEY_SIZE; i++) {
+        key[i] = aux[i];
+    }
+
+    memset(aux, 0, sizeof(aux));
+    aes_key_expansion(key);
+}
+
+void random_setup() 
+{
+    static uint8_t initialized = 0;
+    // We XOR the stored seed with  the input buffer for adding more entropy
+    // (assuming somebody doing SCA and randomizing the input)
+
+    if (initialized == 0) {
+        srand(eeprom_read_word(0) ^ (buf[0]<<8 | buf[1]));
+        initialized = 1;
+    }
+}
+
+int main(void) 
+{
+
+    uint8_t command;
+
+    serial_init();
+    trigger_setup();
+    aes_setup();
+#ifdef DELAYS
+    random_setup();
+#endif
+
+    while(1) {
+        command = usart_recv_byte();
+
+        switch(command) {
+            case 'e':
+                fill_buf();
+                random_setup();
+                encrypt();
+                send_buf();
+                break;
+
+            case 'd':
+                fill_buf();
+                random_setup();
+                decrypt();
+                send_buf();
+                break;
+
+            default:
+                continue;
+        }
+    }
+    return 0;
+}
diff --git a/Rhme-2016-master/src/jumpy/jumpy.c b/Rhme-2016-master/src/jumpy/jumpy.c
new file mode 100644
index 0000000..0404d54
--- /dev/null
+++ b/Rhme-2016-master/src/jumpy/jumpy.c
@@ -0,0 +1,375 @@
+/* * main.c
+ *
+ *  Created on: Jun 3, 2016
+ *      Author: rhme
+ */
+
+
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <util/delay.h>
+
+
+#ifdef __AVR__
+#include <avr/pgmspace.h>
+
+#else
+
+#include <unistd.h>
+
+#define serial_read(x, y) read(0, x, y)
+#define serial_printf(...) printf(__VA_ARGS__);fflush(stdout)
+#define serial_init(...)
+
+#endif
+
+#define USART_BAUDRATE 19200
+#define BAUD_PRESCALER ( (F_CPU / (USART_BAUDRATE * 16UL)) - 1)
+
+
+/**
+ * @brief Send a single byte.
+ * @param[in] byte  Byte to send
+ */
+void usart_send_byte(uint8_t byte) {
+	/* Wait for empty transmit buffer */
+	while ( !(UCSR0A & (1 << UDRE0)) ) {
+	}
+
+	/* Send byte */
+	UDR0 = byte;
+}
+
+
+/**
+ * @brief Configure the USART0 port.
+ */
+void serial_init(void)
+{
+	UBRR0H = (uint8_t)0;
+	UBRR0L = (uint8_t)51;
+
+	/* Enable received and transmitter */
+	UCSR0B = (1 << RXEN0) | (1 << TXEN0);
+
+	/* Set frame format (8N1) */
+	UCSR0C = (1 << UCSZ00) | (1 << UCSZ01);
+	UCSR0C &= ~(1 << UMSEL00);
+	UCSR0B |= (1 << RXCIE0);
+	//sei();
+}
+
+/**
+ * @brief Transmit a string.
+ * @param[in] s  Null terminated string to send
+ */
+void usart_print(char *s)
+{
+	//PORTB ^= (1 << PORTB5);
+
+	while (*s != 0) {
+		usart_send_byte( *(s++) );
+
+		/* Let the VM breath */
+		_delay_ms(1);
+	}
+}
+
+/**
+ * @brief Check for incomming data.
+ * @return 1 If there is data avaliable, 0 otherwise
+ */
+uint8_t usart_data_available(void)
+{
+	if ( UCSR0A & (1 << RXC0) )
+		return 1;
+	return 0;
+}
+
+
+/**
+ * @brief Get incoming data.
+ * @return Received byte.
+ */
+uint8_t usart_recv_byte(void)
+{
+	/* Wait until data is available */
+	while ( !usart_data_available() ){
+	}
+
+	//usart_send_byte('A');
+
+	/* Read byte */
+	return UDR0;
+}
+
+
+
+unsigned char input[0x10] = {0};
+uint16_t checks = 0x0;
+
+uint16_t stuff[256]; // Our ROP chain
+
+void readinput(){
+	unsigned char c;
+	unsigned int idx;
+	for(idx=0; idx < sizeof(input)-1; idx++){
+		c = usart_recv_byte();
+		if (c == '\n' || c == '\r')
+			break;
+		//usart_print("Recevied\n");
+		input[idx] = c;
+	}
+	input[idx] = 0; // NULL terminate
+}
+
+void checklen(){
+	unsigned char i = 0;
+	for(i=0;input[i]; i++);
+	if (i == 13){
+		checks |= 1;
+	} else {
+		checks = 0;
+	}
+
+}
+void check7(){
+	if (input[7] + input[8] == '_'+'t'){
+		checks |= (1 << 8);
+	} else {
+		checks = 0;
+	}
+}
+void dummy1() {
+	if (input[7] * input[8] == input[9] + 'k') {
+		checks |= (1 << 13);
+	} else if (input[1] + input[2] + input[13] == 'e'+'y') {
+		checks |= (1 << 2);
+		checks |= (1 << 5);
+	} else {
+		checks |= (0  << 6);
+	}
+}
+void check12(){
+	volatile uint8_t i;
+	for(i=0;input[i];i++);
+	if (input[12] * i == '3'*13){
+		checks |= (1 << 13);
+	} else {
+		checks = 0;
+	}
+}
+void dummy2() {
+	if (input[3] + input[5] == input[9] * 'b') {
+		checks |= (1 << 12);
+	} else if (input[1] + input[2] + input[13] == 'n'*'i') {
+		checks |= (0 << 2);
+		checks |= (1 << 6);
+	} else {
+		checks |= (0  << 5);
+	}
+}
+void check9(){
+	if (input[9] + input[10] == '0'+'_'){
+		checks |= (1 << 10);
+	} else {
+		checks = 0;
+	}
+}
+void check4(){
+	if (input[4] * input[5] == '_'*'1'){
+		checks |= (1 << 5);
+	} else {
+		checks = 0;
+	}
+
+}
+void dummy3() {
+	if (input[11] - input[4] == input[7] * '3') {
+		checks |= (1 << 11);
+	} else if (input[1] + input[2] + input[13] == '2'*'5') {
+		checks |= (1 << 3);
+		checks |= (0 << 5);
+	} else {
+		checks |= (0  << 4);
+	}
+}
+void check3(){
+	if (input[3] + input[4] == '3' +'_'){
+		checks |= (1 << 4);
+	} else {
+		checks = 0;
+	}
+
+}
+void check10(){
+	if (input[10] * input[11] == 'm'*'_'){
+		checks |= (1 << 11);
+	} else {
+		checks = 0;
+	}
+}
+void dummy4() {
+	if (input[3] << input[2] == input[12] * 'v') {
+		checks |= (1 << 10);
+	} else if (input[1] + input[2] + input[13] == '6'*'q') {
+		checks |= (1 << 13);
+		checks |= (1 << 12);
+	} else {
+		checks |= (0  << 3);
+	}
+}
+void check6(){
+	if (input[6] * input[7] == 't'*'_'){
+		checks |= (1 << 7);
+	} else {
+		checks = 0;
+	}
+}
+void check1(){
+	if (input[1] + input[2] == 'v' +'1'){
+		checks |= (1 << 2);
+	} else {
+		checks = 0;
+	}
+
+}
+void check11(){
+	if (input[11] + input[12] == 'm'+'3'){
+		checks |= (1 << 12);
+	} else {
+		checks = 0;
+	}
+}
+void check0(){
+	if (input[0]*input[1] == 'g'*'1'){
+		checks |= (1 << 1);
+	} else {
+		checks = 0;
+	}
+
+}
+void check2(){
+	if (input[2] * input[3] == 'v'*'3'){
+		checks |= (1 << 3);
+	} else {
+		checks = 0;
+	}
+
+}
+void check8(){
+	if (input[8] * input[9] == 't'*'0'){
+		checks |= (1 << 9);
+	} else {
+		checks = 0;
+	}
+}
+void dummy5() {
+	if (input[6] >> input[10] == input[6] * 'm') {
+		checks |= (1 << 13);
+	} else if (input[1] + input[2] + input[13] == 'y'*'3') {
+		checks |= (1 << 12);
+		checks |= (0 << 13);
+	} else {
+		checks |= (0 << 2);
+	}
+}
+void check5(){
+	if (input[5] + input[6] == 't'+'1'){
+		checks |= (1 << 6);
+	} else {
+		checks = 0;
+	}
+}
+void dummy6() {
+	if (input[2] * input[1] == input[7] * 'u') {
+		checks |= (1 << 8);
+	} else if (input[4] + input[1] + input[7] == 's'*'r') {
+		checks |= (1 << 2);
+		checks |= (1 << 5);
+	} else {
+		checks |= (0  << 1);
+	}
+}
+
+void final(){
+	if ( checks == (1<<14)-1){
+		usart_print("\r\nFLAG:D0_you_3ven_ROP?");
+		usart_print("\r\n");
+	} else {
+		usart_print("\r\nBetter luck next time!\r\n");
+	}
+}
+
+void inline pivot(char *stuff) __attribute__((always_inline));
+
+void inline pivot(char *stuff) {
+
+asm volatile(
+//"mov sp, r24\n\t"
+"out 0x3D, R24\n\t" // SPL
+"out 0x3E, R25\n\t" // SPH
+"ret\n\t"
+::);
+}
+
+
+void print_text(){
+	usart_print("Input: ");
+}
+
+volatile uint16_t ctr = 0;
+void infloop(){
+	while(1);
+}
+
+void nop(){
+	ctr++;
+}
+
+
+#define SWAP(x) (( (x) >> 8) | (( (x) &  0xFF)<<8))
+
+int main(void) {
+	volatile uint16_t idx = 256-40;
+
+	memset(stuff, 0x41, sizeof(stuff));
+	serial_init();
+
+	checks = 0;
+
+	//Initialize serial ports
+	stuff[idx++] = SWAP((uint16_t)&nop);
+	stuff[idx++] = SWAP((uint16_t)&print_text);
+	stuff[idx++] = SWAP((uint16_t)&readinput);
+	stuff[idx++] = SWAP((uint16_t)&checklen);
+	stuff[idx++] = SWAP((uint16_t)&check7);
+	stuff[idx++] = SWAP((uint16_t)&check8);
+	stuff[idx++] = SWAP((uint16_t)&check0);
+	stuff[idx++] = SWAP((uint16_t)&check2);
+	stuff[idx++] = SWAP((uint16_t)&check3);
+	stuff[idx++] = SWAP((uint16_t)&check6);
+	stuff[idx++] = SWAP((uint16_t)&check5);
+	stuff[idx++] = SWAP((uint16_t)&check9);
+	stuff[idx++] = SWAP((uint16_t)&check1);
+	stuff[idx++] = SWAP((uint16_t)&check10);
+	stuff[idx++] = SWAP((uint16_t)&check12);
+	stuff[idx++] = SWAP((uint16_t)&check4);
+	stuff[idx++] = SWAP((uint16_t)&check11);
+	stuff[idx++] = SWAP((uint16_t)&final);
+	stuff[idx++] = SWAP((uint16_t)&infloop);
+	// stuff[idx++] = SWAP((uint16_t)&dummy1);
+	// stuff[idx++] = SWAP((uint16_t)&dummy2);
+	// stuff[idx++] = SWAP((uint16_t)&dummy3);
+	// stuff[idx++] = SWAP((uint16_t)&dummy4);
+	// stuff[idx++] = SWAP((uint16_t)&dummy5);
+	// stuff[idx++] = SWAP((uint16_t)&dummy6);
+
+	pivot((char *)(&stuff[256-40]) - 1);
+
+	return 0;
+}
diff --git a/Rhme-2016-master/src/jumpy/solution.txt b/Rhme-2016-master/src/jumpy/solution.txt
new file mode 100644
index 0000000..854aee8
--- /dev/null
+++ b/Rhme-2016-master/src/jumpy/solution.txt
@@ -0,0 +1 @@
+g1v3_1t_t0_m3
\ No newline at end of file
diff --git a/Rhme-2016-master/src/jungle/jungle.c b/Rhme-2016-master/src/jungle/jungle.c
new file mode 100644
index 0000000..66c8163
--- /dev/null
+++ b/Rhme-2016-master/src/jungle/jungle.c
@@ -0,0 +1,370 @@
+
+/**
+ * RHme2
+ * Other - Emergency Transmitter
+ *
+ */
+
+#define F_CPU 16000000UL
+#define USART_BAUDRATE 115200
+#define BAUD_PRESCALER ( (F_CPU / (USART_BAUDRATE * 16UL)) - 1)
+#define INBUFFER_LEN 16
+#define CHR_LF 10
+
+#include <avr/io.h>
+#include <avr/interrupt.h>
+#include <util/delay.h>
+#include <avr/power.h>
+#include <inttypes.h>
+#include <string.h>
+#include <stdlib.h>
+#include "aes.h"
+#include <stdio.h>
+
+
+/************************/
+/* Functions prototypes */
+/************************/
+
+void usart_send_byte(uint8_t byte);
+void serial_init(void);
+void usart_print(char *s);
+void help(void);
+void toggle_led(void);
+void execute(void);
+void login(void);
+void encrypt(void);
+void morse_print(uint8_t data);
+void morse_flash(uint8_t data);
+void aes_setup(void);
+
+uint8_t usart_recv_byte(void);
+uint8_t priv_chk(void);
+
+
+/********************/
+/* Global variables */
+/********************/
+
+aes_key_t key;
+
+/* A complete command was received */
+uint8_t parse_flag;
+
+/* RX buffer */
+uint8_t inbuffer[INBUFFER_LEN];
+
+/* Current position inside INBUFFER_LEN */
+uint8_t pos_inbuffer;
+
+/* User admin status */
+uint8_t admin;
+
+/* Morse code table */
+uint8_t mrs_table[16][10] = {"- - - - -",  // 0x30 0
+			     ". - - - -",  // 0x31 1
+			     ". . - - -",  // 0x32 2
+			     ". . . - -",  // 0x33 3
+			     ". . . . -",  // 0x34 4
+			     ". . . . .",  // 0x35 5
+			     "- . . . .",  // 0x36 6
+			     "- - . . .",  // 0x37 7
+			     "- - - . .",  // 0x38 8
+			     "- - - - .",  // 0x39 9
+			     ". -\x00*****",  // 0x41 A
+			     "- . . .\x00*",  // 0x42 B
+			     "- . - .\x00*",  // 0x43 C
+			     "- . .\x00***",  // 0x44 D
+			     ".\x00*******",  // 0x45 E
+			     ". . - .\x00*",  // 0x46 F
+			    };
+
+/************************/
+/* Function Definitions */
+/************************/
+
+int main(void)
+{
+	uint32_t i;
+
+	aes_setup();
+
+	/* Set the clock to 2MHz to give more chances to properly inject the fault */
+	clock_prescale_set(clock_div_8);
+
+	/* Set the LED as output in the Data Direction Register */
+	DDRB = 0x20;
+
+	/* Initialize global variables. */
+	parse_flag = 0;
+	pos_inbuffer = 0;
+	admin = 0;
+
+	serial_init();
+	help();
+	usart_print("\r\n>> ");
+
+	/* Clean inbuffer so all the encryptions are deterministic */
+	for (i = 0; i < INBUFFER_LEN; i++) {
+		inbuffer[i] = 0;
+	}
+	/* Wait for commands */
+	while (1) {
+		if (parse_flag == 1) {
+			execute();
+			usart_print("\r\n>> ");
+		}
+	}
+	free(key);
+	return (0);
+}
+/**
+ * @brief aes_setup Set the key from the flag value
+ */
+void aes_setup(void)
+{
+	uint8_t aux[32] = {0xa9, 0xea, 0x57, 0xa7, 0xec, 0xfd, 0x4d, 0x2f, 0x55, 0x6c, 0x81, 0x87, 0x99, 0x3d, 0x7b, 0x29};
+	int i;
+
+	key = (uint8_t*)malloc(AES_KEY_SIZE);
+
+	for (i = 0; i < AES_KEY_SIZE; i++) {
+		key[i] = aux[i];
+	}
+	memset(aux, 0, sizeof(aux));
+}
+
+/**
+ * @brief Send a single byte.
+ * @param[in] byte  Byte to send
+ */
+void usart_send_byte(uint8_t byte) {
+	/* Wait for empty transmit buffer */
+	while ( !(UCSR0A & (1 << UDRE0)) ) {
+	}
+
+	/* Send byte */
+	UDR0 = byte;
+}
+
+
+/**
+ * @brief Configure the USART0 port.
+ */
+void serial_init(void)
+{
+	/* Set baud rate */
+	UBRR0H = 0; //(uint8_t)(baud >> 8);
+	UBRR0L = 12;//(uint8_t) baud;
+
+	UCSR0A |= (1 << U2X0);
+	/* Enable received and transmitter */
+	UCSR0B = (1 << RXEN0) | (1 << TXEN0);
+
+	/* Set frame format (8N1) */
+	UCSR0C = (1 << UCSZ00) | (1 << UCSZ01);
+	UCSR0C &= ~(1 << UMSEL00);
+	UCSR0B |= (1 << RXCIE0);
+	sei();
+}
+
+/**
+ * @brief Transmit a string.
+ * @param[in] s  Null terminated string to send
+ */
+void usart_print(char *s)
+{
+	while (*s != 0) {
+		usart_send_byte( *(s++) );
+
+		/* Let the VM breathe */
+		_delay_ms(1);
+	}
+}
+
+/**
+ * @brief Check for incomming data.
+ * @return 1 If there is data avaliable, 0 otherwise
+ */
+uint8_t usart_data_available(void)
+{
+	if ( UCSR0A & (1 << RXC0) )
+		return 1;
+	return 0;
+}
+
+/**
+ * @brief Get incoming data.
+ * @return Received byte.
+ */
+uint8_t usart_recv_byte(void)
+{
+	/* Wait until data is available */
+	while ( !usart_data_available() ){
+	}
+
+	/* Read byte */
+	return UDR0;
+}
+
+/**
+ * @brief Display the help menu.
+ */
+void help(void)
+{
+	usart_print("                            \r\n");
+	usart_print("====== Jungle Assistance System V1.0 ======\r\n\r\n");
+	usart_print("This board will help you get out of the jungle in no time!\r\n");
+	usart_print("Write a message of maximum 16 bytes asking for help, the message\r\n");
+	usart_print("will be transmitted _encrypted_ using the LED and a secret key.\r\n");
+	usart_print("The key will remain secure even if the JAS falls into enemy\r\n\r");
+	usart_print("hands (We hope so).\r\n\r\n");
+	usart_print("As the LED is not powerful enough please aim carefuly.\r\n");
+
+}
+
+/**
+ * @brief UART receive interruption.
+ *
+ * Adds the received characters to te inBuffer and signals
+ * when a LF character is received so the command can be
+ * parsed.
+ */
+ISR(USART_RX_vect)
+{
+	uint8_t data;
+	data = UDR0;
+
+	/* CHR_LF signals end of command */
+	if (data == CHR_LF) {
+		pos_inbuffer = 0;
+		parse_flag = 1;
+
+	} else if (pos_inbuffer < INBUFFER_LEN) {
+		inbuffer[pos_inbuffer] = data;
+		pos_inbuffer++;
+	}
+}
+
+/**
+ * @brief Toggle the led.
+ */
+void toggle_led(void)
+{
+	PORTB ^= (1 << PORTB5);
+}
+
+/**
+ * @brief execute the received command
+ */
+void execute(void)
+{
+	encrypt();
+	parse_flag = 0;
+}
+
+/**
+ * @brief Encrypt the message.
+ */
+void encrypt(void)
+{
+	aes_state_t data = (aes_state_t) inbuffer;
+	uint32_t i;
+
+	aes_key_expansion(key);
+	aes_ecb_encrypt(data, key);
+
+	/* Print morse representation on the screen. */
+	//    for (i = 0; i < 16; i++) {
+	//        morse_print(data[i]);
+	//    }
+	cli();
+	for (i = 0; i < 16; i++) {
+		morse_flash(data[i]);
+	}
+	sei();
+	/* If this is enabled, the data can be corrupted everywhere
+	* and it becomes TOO dificult to check if the fault is too
+	* late.
+	*/
+	//    for (i = 0; i < 16; i++) {
+	//         data[i] = 0;
+	//    }
+}
+
+/**
+ * @brief morse_print Send the ascii dash-dot representation on the UART
+ * @param data  Data do send in binary
+ *
+ * If data is 0xFA, then the morse code for F is send, and then the
+ * morse code for A.
+ */
+void morse_print(uint8_t data)
+{
+	usart_print( (char *) mrs_table[ (data >> 4) & 0x0F ] );
+	usart_print("   ");
+	usart_print( (char *) mrs_table[ data & 0x0F ]);
+	usart_print("   ");
+}
+
+/**
+ * @brief morse_flash Flashes the led with a morse pattern.
+ * @param data  Data to send in binary
+ */
+void morse_flash(uint8_t data)
+{
+	uint8_t* morse_str;
+	uint8_t signal;
+	uint32_t e;
+	const uint32_t dot_time = 100;
+
+	/* Send the most significant nibble */
+	morse_str = mrs_table[ (data >> 4) & 0x0F ];
+	while (*morse_str) {
+		signal = *morse_str;
+		switch (signal) {
+		case '-':
+			PORTB ^= (1 << PORTB5);
+			for (e=dot_time * 3; e>0; e--);
+			PORTB ^= (1 << PORTB5);
+			break;
+
+		case '.':
+			PORTB ^= (1 << PORTB5);
+			for (e=dot_time; e>0; e--);
+			PORTB ^= (1 << PORTB5);
+			break;
+
+		}
+		for (e=dot_time; e>0; e--);
+		morse_str++;
+	}
+	/* At the end of the letter a silence of 3 dots is expected 3 */
+	for (e = dot_time *4; e > 0; e--);
+
+	/* Send the second nibble */
+	morse_str = mrs_table[ data & 0x0F ];
+
+	while (*morse_str) {
+		signal = *morse_str;
+		switch (signal) {
+		case '-':
+			PORTB ^= (1 << PORTB5);
+			for (e=dot_time * 3; e>0; e--);
+			PORTB ^= (1 << PORTB5);
+			break;
+
+		case '.':
+			PORTB ^= (1 << PORTB5);
+			for (e=dot_time; e>0; e--);
+			PORTB ^= (1 << PORTB5);
+			break;
+
+		}
+		for (e = dot_time; e > 0; e--);
+		morse_str++;
+	}
+	/* At the end of the letter a silence of 3 dots is expected 3 */
+	for (e = dot_time * 4; e > 0; e--);
+
+}
diff --git a/Rhme-2016-master/src/mediumsca/mediumsca.c b/Rhme-2016-master/src/mediumsca/mediumsca.c
new file mode 100644
index 0000000..32b5fd5
--- /dev/null
+++ b/Rhme-2016-master/src/mediumsca/mediumsca.c
@@ -0,0 +1,120 @@
+/* RHme2
+ * Side Channel Analysis - Still Not SCAry
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <avr/pgmspace.h>
+#include <avr/eeprom.h>
+
+#include "serial_io.h"
+#include "aesProtected.h"
+
+//For most platforms we want to use the AVR ADC-pins, since they have a seperate power rail
+//This can be overridden elsewhere
+#if TRIGGER==1
+#define trigger_setup() DDRB = 0x20;
+#define trigger_high()  PORTB |= (1 << PORTB5);
+#define trigger_low()   PORTB &= ~(1 << PORTB5);
+#else
+#define trigger_setup()
+#define trigger_low()
+#define trigger_high()
+#endif
+
+uint8_t key[AES_KEY_SIZE];
+uint8_t buf[AES_STATE_SIZE];
+
+void fill_buf() 
+{
+    uint8_t i;
+
+    for(i = 0; i < 16; ++i) {
+        buf[i] = usart_recv_byte();
+    }
+}
+
+void send_buf() 
+{
+    uint8_t i;
+
+    for(i = 0; i < 16; ++i) {
+        usart_send_byte(buf[i]);
+    }
+}
+
+void encrypt() 
+{
+    trigger_high();
+    aes_ecb_encrypt(buf, key);
+    trigger_low();
+}
+
+void decrypt() 
+{
+    aes_ecb_decrypt(buf, key);
+}
+
+void aes_setup() 
+{
+    uint8_t aux[32] = {0x89, 0x32, 0xd0, 0xb8, 0x10, 0x16, 0x85, 0x14, 0x53, 0x4b, 0x93, 0xbe, 0x48, 0x2c, 0xdf, 0x21};
+    int i;
+
+    for (i = 0; i < AES_KEY_SIZE; i++) {
+        key[i] = aux[i];
+    }
+
+    memset(aux, 0, sizeof(aux));
+    aes_key_expansion(key);
+}
+
+void random_setup() 
+{
+    static uint8_t initialized = 0;
+    // We XOR the stored seed with  the input buffer for adding more entropy
+    // (assuming somebody doing SCA and randomizing the input)
+
+    if (initialized == 0) {
+        srand(eeprom_read_word(0) ^ (buf[0]<<8 | buf[1]));
+        initialized = 1;
+    }
+
+}
+
+int main(void) 
+{
+    uint8_t command;
+
+    serial_init();
+    trigger_setup();
+    aes_setup();
+#ifdef DELAYS
+    random_setup();
+#endif
+    while(1) {
+        command = usart_recv_byte();
+
+        switch(command) {
+            case 'e':
+                fill_buf();
+                random_setup();
+                encrypt();
+                send_buf();
+                break;
+
+            case 'd':
+                fill_buf();
+                random_setup();
+                decrypt();
+                send_buf();
+                break;
+
+            default:
+                continue;
+        }
+    }
+
+    return 0;
+}
diff --git a/Rhme-2016-master/src/secretsauce/secretsauce.c b/Rhme-2016-master/src/secretsauce/secretsauce.c
new file mode 100644
index 0000000..98852cf
--- /dev/null
+++ b/Rhme-2016-master/src/secretsauce/secretsauce.c
@@ -0,0 +1,364 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#define __AVR_ATmega328P__ 1
+
+#include <avr/io.h>
+#include <util/delay.h>
+
+#define USART_BAUDRATE 19200
+#define BAUD_PRESCALER ( (F_CPU / (USART_BAUDRATE * 16UL)) - 1)
+
+#include "aes.h"
+
+
+/**
+ * @brief Send a single byte.
+ * @param[in] byte  Byte to send
+ */
+void usart_send_byte(uint8_t byte) {
+	/* Wait for empty transmit buffer */
+	while ( !(UCSR0A & (1 << UDRE0)) ) {
+	}
+
+	/* Send byte */
+	UDR0 = byte;
+}
+
+
+/**
+ * @brief Configure the USART0 port.
+ */
+void serial_init(void)
+{
+	/* Set baud rate */
+	UBRR0H = (uint8_t)0;
+	UBRR0L = (uint8_t)51;
+
+	/* Enable received and transmitter */
+	UCSR0B = (1 << RXEN0) | (1 << TXEN0);
+
+	/* Set frame format (8N1) */
+	UCSR0C = (1 << UCSZ00) | (1 << UCSZ01);
+	UCSR0C &= ~(1 << UMSEL00);
+	UCSR0B |= (1 << RXCIE0);
+	//sei();
+}
+
+/**
+ * @brief Transmit a string.
+ * @param[in] s  Null terminated string to send
+ */
+void usart_print(char *s)
+{
+	while (*s != 0) {
+		usart_send_byte( *(s++) );
+
+		/* Let the VM breathe */
+		_delay_ms(1);
+	}
+}
+
+/**
+ * @brief Check for incomming data.
+ * @return 1 If there is data avaliable, 0 otherwise
+ */
+uint8_t usart_data_available(void)
+{
+	if ( UCSR0A & (1 << RXC0) )
+		return 1;
+	return 0;
+}
+
+/**
+ * @brief Get incoming data.
+ * @return Received byte.
+ */
+uint8_t usart_recv_byte(void)
+{
+	/* Wait until data is available */
+	while ( !usart_data_available() ){
+	}
+
+	/* Read byte */
+	return UDR0;
+}
+
+char prbuff[120];
+void serial_printf(const char *format, ...) 
+{
+	va_list args;
+
+	va_start(args, format);
+	vsnprintf(prbuff, 120, format, args);
+	usart_print(prbuff);
+	va_end(args);
+}
+
+static uint8_t append_char(char *str, uint8_t ch, uint8_t k, uint8_t max) 
+{
+	usart_send_byte(ch);
+
+	if (k < max - 1)
+		str[k++] = ch;
+	return k;
+}
+
+uint8_t usart_read_str(char *str, uint8_t max) {
+	uint8_t k, eos, ch; // , ch2
+	k = 0;          // index of first free position in the string
+	eos = 0;        // end of string, used as boolean
+	while (!eos) {
+		ch = usart_recv_byte();
+		if (ch == '\r') {
+			eos = 1;
+		} else if (ch == '\n') {
+			// do nothing
+		} else {
+			k = append_char(str, ch, k, max);
+		}
+	}
+
+	// terminate string accordingly
+	str[k] = '\0';
+
+	/* return input length */
+	return k;
+}
+
+
+// Initializes ACD to read the PINS
+void InitADC()
+{
+	ADMUX=(1<<REFS0);                         // For Aref=AVcc;
+	ADCSRA=(1<<ADEN)|(1<<ADPS2)|(1<<ADPS1)|(1<<ADPS0); //Rrescalar div factor =128
+}
+
+// Takes a number of a PIN between 0x00 and 0x07
+// Rerurns the value of the input on the PIN
+uint16_t ReadADC(uint8_t ch)
+{
+	//Select ADC Channel ch must be 0-7
+	ch=ch&0b00000111;
+	ADMUX|=ch;
+	//Start Single conversion
+	ADCSRA|=(1<<ADSC);
+	//Wait for conversion to complete
+	while(!(ADCSRA & (1<<ADIF)));
+	ADCSRA|=(1<<ADIF);
+	return(ADC);
+}
+
+// Checks a password and leaks a timing information
+int compPasswords(char* pass, char* inp)
+{
+	int i;
+	if (inp[0] == '\r' || inp[0] == '\n') {
+		inp++;
+	}
+	if (strlen(pass) != strlen(inp)) {
+		//serial_printf("Wrong");
+		return 0;
+	}
+	for (i = 0; i < strlen(pass); i++) {
+		_delay_ms(1);
+		if (pass[i] != inp[i]) {
+			return 0;
+		}
+	}
+	return 1;
+
+}
+
+void delayVar(uint8_t d)
+{
+	int i;
+	for (i = 0; i < d; i++)	{
+		_delay_ms(1);
+	}
+}
+
+// Generates a super true random nonce by reading Analog Pin 3
+// After six readings the array is encrypted using AES
+// Returns 16 bytes random nonce
+void getNonce(uint8_t *output)
+{
+	aes_key_t key;
+	key = (uint8_t*)malloc(AES_KEY_SIZE);
+
+	key[0] = ReadADC(0x03);
+
+	_delay_ms(1);
+	key[1] = ReadADC(0x03);
+
+	_delay_ms(1);
+	key[2] = ReadADC(0x03);
+
+	_delay_ms(1);
+	key[3] = ReadADC(0x03);
+
+	_delay_ms(1);
+	key[4] = ReadADC(0x03);
+
+	_delay_ms(1);
+	key[5] = ReadADC(0x03);
+
+	_delay_ms(1);
+	key[6] = ReadADC(0x03);
+
+	key[ 7] = 0;
+	key[ 8] = 0;
+	key[ 9] = 0;
+	key[10] = 0;
+	key[11] = 0;
+	key[12] = 0;
+	key[13] = 0;
+	key[14] = 0;
+	key[15] = 0;
+
+	output[ 0] = key[0];
+	output[ 1] = key[1];
+	output[ 2] = key[2];
+	output[ 3] = key[3];
+	output[ 4] = key[4];
+	output[ 5] = key[5];
+	output[ 6] = key[6];
+	output[ 7] = 0;
+	output[ 8] = 0;
+	output[ 9] = 0;
+	output[10] = 0;
+	output[11] = 0;
+	output[12] = 0;
+	output[13] = 0;
+	output[14] = 0;
+	output[15] = 0;
+
+	aes_key_expansion(key);
+	aes_ecb_encrypt(output, key);
+
+	free(key);
+}
+
+
+int main(void)
+{
+	serial_init();
+	_delay_ms(10);
+
+	char secretPass[16] = {'T', 'I', 'm', 'I', 'n', 'G', '@', 't', 't', 'A', 'k', 'w', '0', 'r', 'k', 0x00}; // -- RANDOMIZE later
+	char inputBuff[32] = {0};
+	unsigned char authL0 = 0;
+	char flag[16] = {'T', 'o', '0', '_', 'm', 'u', 'c', 'h', '_', '3', 'n', 't', 'r', 'o', 'p', 'y'};
+
+	int inpLen = 0;
+	int i;
+	int j;
+
+	InitADC();
+
+	uint8_t in[50] = { 0x00 };
+	uint8_t iv[16] = {0};
+	uint8_t enc[16] = {0};
+	uint8_t res[50] = {0};
+
+	aes_key_t key;
+	key = (uint8_t*)malloc(AES_KEY_SIZE);
+	key[ 0] = 0x39;
+	key[ 1] = 0x27;
+	key[ 2] = 0xCD;
+	key[ 3] = 0x37;
+	key[ 4] = 0xC4;
+	key[ 5] = 0xAF;
+	key[ 6] = 0xE4;
+	key[ 7] = 0x6C;
+	key[ 8] = 0xFA;
+	key[ 9] = 0xC2;
+	key[10] = 0xAB;
+	key[11] = 0x3E;
+	key[12] = 0x21;
+	key[13] = 0xAA;
+	key[14] = 0x4E;
+	key[15] = 0x71;
+	aes_key_expansion(key);
+
+
+	if (authL0 == 0) {
+		serial_printf("Welcome to Secure Encryption System(SES)!\n");
+		serial_printf("Authentication step.\n");
+		serial_printf("Input provided secret password.\n");
+		serial_printf("If you lost your password call the customer service.\n");
+
+		while (1) {
+			serial_printf(">");
+			inpLen = usart_read_str(inputBuff, 20);
+			if (inpLen < 20) {
+				inputBuff[inpLen] = '\0';
+
+			} else {
+				inputBuff[19] = '\0';
+			}
+
+			serial_printf("\nChecking password...\n");
+			if (compPasswords(secretPass, inputBuff) == 0)	{
+				serial_printf("Password is incorrect!\n");
+
+			} else {
+				serial_printf("Password is correct!\n");
+				authL0 = 7;
+				_delay_ms(500);
+				break;
+			}
+		}
+	}
+
+	if (authL0 == 7) {
+		serial_printf("\n\n************************************************\n");
+		serial_printf("Authentication complete. Welcome to the system!\n");
+		serial_printf("Now you can encrypt messages up to 32 bytes.\n");
+
+		while (1) {
+			serial_printf("Input data to encrypt:\n");
+			serial_printf("> ");
+			inpLen = usart_read_str((char *) in, 33); // read up to 32 byte input
+
+			// Append secret flag after
+			for (i = 0; i < 16; i++) {
+				in[i+inpLen] = flag[i];
+			}
+
+			// Zero the rest just in case
+			for (i = (16 + inpLen); i < 50; i++) {
+				in[i] = 0x00;
+			}
+
+			getNonce(iv);
+
+			serial_printf("\nTrue Random Nonce:\t");
+			for (i = 0; i < 16; i++) {
+				serial_printf("%02x", iv[i]);
+			}
+			serial_printf("\n");
+
+			uint8_t block = 0;
+			for (i = 0; i < (16 + inpLen); i+=16) {
+				iv[15] ^= block; // IV XORed with a block counter which is at most 3.
+				memcpy(enc, iv, 16);
+				aes_ecb_encrypt(enc, key);
+				for (j = 0; j < 16; j++) {
+					res[block*16+j] = enc[j] ^ in[block*16+j];
+				}
+				block++;
+			}
+
+			serial_printf("Encryption:\t");
+			for (i = 0; i < block*16; i++) {
+				serial_printf("%02x", res[i]);
+			}
+			serial_printf("\n");
+		}
+	}
+	free(key);
+	return 0;
+}
diff --git a/Rhme-2016-master/src/simplesca/simplesca.c b/Rhme-2016-master/src/simplesca/simplesca.c
new file mode 100644
index 0000000..8741e5b
--- /dev/null
+++ b/Rhme-2016-master/src/simplesca/simplesca.c
@@ -0,0 +1,119 @@
+/* RHme2
+ * Side Channel Analysis - Piece of SCAke
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <avr/pgmspace.h>
+#include <avr/eeprom.h>
+
+#include "serial_io.h"
+#include "aesProtected.h"
+
+//For most platforms we want to use the AVR ADC-pins, since they have a seperate power rail
+//This can be overridden elsewhere
+#if TRIGGER==1
+#define trigger_setup() DDRB = 0x20;
+#define trigger_high()  PORTB |= (1 << PORTB5);
+#define trigger_low()   PORTB &= ~(1 << PORTB5);
+#else
+#define trigger_setup()
+#define trigger_low()
+#define trigger_high()
+#endif
+
+uint8_t key[AES_KEY_SIZE];
+uint8_t buf[AES_STATE_SIZE];
+
+void fill_buf() 
+{
+    uint8_t i;
+
+    for(i = 0; i < 16; ++i) {
+        buf[i] = usart_recv_byte();
+    }
+}
+
+void send_buf() 
+{
+    uint8_t i;
+
+    for(i = 0; i < 16; ++i) {
+        usart_send_byte(buf[i]);
+    }
+}
+
+void encrypt() 
+{
+    trigger_high();
+    aes_ecb_encrypt(buf, key);
+    trigger_low();
+}
+
+void decrypt() 
+{
+    trigger_high();
+    aes_ecb_decrypt(buf, key);
+    trigger_low();
+}
+
+void aes_setup() 
+{
+    uint8_t aux[32] = {0xaf, 0x23, 0xd5, 0x45, 0xa0, 0xea, 0xe6, 0xa0, 0x74, 0x65, 0x96, 0xca, 0xce, 0x51, 0xf0, 0xf7};
+    int i;
+
+    for (i = 0; i < AES_KEY_SIZE; i++) {
+        key[i] = aux[i];
+    }
+
+    memset(aux, 0, sizeof(aux));
+    aes_key_expansion(key);
+}
+
+void random_setup() 
+{
+    static uint8_t initialized = 0;
+    // We XOR the stored seed with  the input buffer for adding more entropy
+    // (assuming somebody doing SCA and randomizing the input)
+    if (initialized == 0) {
+        srand(eeprom_read_word(0) ^ (buf[0]<<8 | buf[1]));
+        initialized = 1;
+    }
+
+}
+
+int main(void) 
+{
+    uint8_t command;
+
+    serial_init();
+    trigger_setup();
+    aes_setup();
+
+    while(1) {
+        command = usart_recv_byte();
+
+        switch(command) {
+            case 'e':
+                fill_buf();
+                random_setup();
+                encrypt();
+                send_buf();
+                break;
+
+            case 'd':
+                fill_buf();
+                random_setup();
+                decrypt();
+                send_buf();
+                
+                break;
+            default:
+                continue;
+        }
+    }
+
+    return 0;
+}
diff --git a/Rhme-2016-master/src/whac_the_mole/whack_the_mole.c b/Rhme-2016-master/src/whac_the_mole/whack_the_mole.c
new file mode 100644
index 0000000..085422f
--- /dev/null
+++ b/Rhme-2016-master/src/whac_the_mole/whack_the_mole.c
@@ -0,0 +1,310 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+
+#include <avr/io.h>
+#include <avr/pgmspace.h>
+#include <avr/interrupt.h>
+#include <avr/eeprom.h>
+#include <util/delay.h>
+
+#define USART_BAUDRATE 19200
+#define BAUD_PRESCALER ( (F_CPU / (USART_BAUDRATE * 16UL)) - 1)
+#define KB_ENTER		0x0D
+
+char str[100];
+int numbers [6];
+
+
+/**
+ * @brief Send a single byte.
+ * @param[in] byte  Byte to send
+ */
+void usart_send_byte(uint8_t byte) {
+	/* Wait for empty transmit buffer */
+	while ( !(UCSR0A & (1 << UDRE0)) ) {
+	}
+
+	/* Send byte */
+	UDR0 = byte;
+}
+
+
+/**
+ * @brief Configure the USART0 port.
+ */
+void serial_init(void)
+{
+	/* Set baud rate */
+	//uint16_t baud = BAUD_PRESCALER;
+	UBRR0H = (uint8_t)0;
+	UBRR0L = (uint8_t)51;
+
+	/* Enable received and transmitter */
+	UCSR0B = (1 << RXEN0) | (1 << TXEN0);
+
+	/* Set frame format (8N1) */
+	UCSR0C = (1 << UCSZ00) | (1 << UCSZ01);
+	UCSR0C &= ~(1 << UMSEL00);
+	UCSR0B |= (1 << RXCIE0);
+	//sei();
+}
+
+/**
+ * @brief Transmit a string.
+ * @param[in] s  Null terminated string to send
+ */
+void usart_print(char *s)
+{
+	//PORTB ^= (1 << PORTB5);
+
+	while (*s != 0) {
+		usart_send_byte( *(s++) );
+
+		/* Let the VM breath */
+		_delay_ms(1);
+	}
+}
+
+/**
+ * @brief Check for incomming data.
+ * @return 1 If there is data avaliable, 0 otherwise
+ */
+uint8_t usart_data_available(void)
+{
+	if ( UCSR0A & (1 << RXC0) )
+		return 1;
+	return 0;
+}
+
+/**
+ * @brief Get incoming data.
+ * @return Received byte.
+ */
+uint8_t usart_recv_byte(void)
+{
+	/* Wait until data is available */
+	while ( !usart_data_available() ){
+	}
+
+	/* Read byte */
+	return UDR0;
+}
+
+char prbuff[120];
+void serial_printf(const char *format, ...) {
+    va_list args;
+
+    va_start(args, format);
+    vsnprintf(prbuff, 120, format, args);
+    usart_print(prbuff);
+    va_end(args);
+}
+
+static uint8_t append_char(char *str, uint8_t ch, uint8_t k, uint8_t max) {
+	usart_send_byte(ch);
+
+    if (k < max - 1)
+        str[k++] = ch;
+    return k;
+}
+
+uint8_t usart_read_str(char *str, uint8_t max) {
+    uint8_t k, eos, ch;
+
+    k = 0;          // index of first free position in the string
+    eos = 0;        // end of string, used as boolean
+
+    while (!eos) {
+        ch = usart_recv_byte();
+        if (ch == '\r') {
+                eos = 1;
+        }
+        else {
+            k = append_char(str, ch, k, max);
+        }
+    }
+
+    // terminate string accordingly
+    str[k] = '\0';
+
+    /* return input length */
+    return k;
+}
+
+void toggle_led(void)
+{
+	PORTB ^= (1 << PORTB5);
+}
+
+int monitorPins(int timeout) {
+	int i;
+	int res;
+	int pin = -1;
+	int pinTriggered = 0;
+	int diff = 0;
+	while (diff <= timeout && pinTriggered == 0){
+		res = (PINB<<8)+PIND;
+		if (res > 3) {
+			//serial_printf("Result: %d\r\n", res);
+			for (i=0;i<6;i++) {
+				int bit = (res >> (numbers[i])) & 1;
+				if (bit==1 && pinTriggered == 0) {
+					pin = numbers[i];
+					pinTriggered = 1;
+				}
+				else if (bit == 1 && pinTriggered == 1) {
+					pinTriggered = 2;
+					pin = -1;
+				}
+			}
+
+		}
+		diff += 20;
+		_delay_ms(20);
+	}
+	return pin;
+}
+
+int whack_it() {
+	int success;
+	int blink;
+	unsigned int rnd;
+	int timeout;
+	for (success=0; success<51; success++)  {
+
+
+		if (success == 0) {
+			serial_printf("\r\nReady?\r\n");
+			_delay_ms(1000);
+			serial_printf("\r\nGet set!\r\n");
+			_delay_ms(1000);
+			serial_printf("\r\nGO!\r\n");
+			timeout = 5000;
+		}
+		else {
+			timeout = timeout / 2;
+		}
+
+		blink = 1;
+		rnd = rand() % 6 + 1;
+
+		while (blink <= rnd) {
+			toggle_led();
+			_delay_ms(50);
+			toggle_led();
+			_delay_ms(50);
+			blink++;
+		}
+		_delay_ms(4);
+		int triggered = monitorPins(timeout);
+
+		if (triggered == numbers[rnd-1]) {
+			if (success == 50) {
+				return 0xCAFE;
+			}
+			sprintf(str, "Great job. You whacked it. Only %d more to go.\r\n", 50 - success);
+			usart_print(str);
+			_delay_ms(50);
+
+		}
+		else {
+			usart_print("You missed it. Try again by pressing <Enter>.\r\n");
+			while (usart_recv_byte() != KB_ENTER) {}
+			success = -1;
+		}
+
+	}
+	return 0;
+}
+
+int pins() {
+	int res = 0;
+	int i=0;
+	for (i=0;i<6;i++) {
+		numbers[i] = -1;
+	}
+	i = 0;
+	int tmp, j;
+	//usart_print("Pin layout:\r\n");
+	while (numbers[5] == -1) {
+		tmp = rand()%11+2;
+		for (j=0; j<6;j++) {
+			if (tmp == numbers[j]) {
+				break;
+			}
+			else if (j==5) {
+				numbers[i] = tmp;
+				i++;
+				res = 0xBABE;
+			}
+		}
+	}
+	return res;
+}
+
+int random_setup() {
+    static uint8_t initialized=0;
+    if (initialized == 0) {
+        srand(eeprom_read_word(0));
+        eeprom_write_word(0, rand() ^ 0xBEEFBEFF);
+        initialized=1;
+        return 0xDEAD;
+    }
+    return 0;
+}
+
+
+int main(void) {
+
+    serial_init();
+
+    //set LED as output
+    DDRB = 0x20;
+
+    //return value checking code.
+    int res;
+
+    serial_printf("\r\nWelcome adventurer.\r\n\r\n");
+    serial_printf("We are glad you are here. We are in dire need of assistence.\r\n");
+    serial_printf("A huge family of moles have found their way into our yard.\r\n");
+    serial_printf("We need you to get rid of all 20 of them.\r\n");
+    serial_printf("If you manage to extinguish them all we will greatly reward you.\r\n");
+    serial_printf("When you are ready, please step into the yard by pressing <Enter>\r\n");
+
+	while (usart_recv_byte() != KB_ENTER) {}
+
+    res = random_setup();
+    if (res != 0xDEAD) {
+    	return 0;
+    }
+    res = pins();
+    if (res != 0xBABE) {
+    	return 0;
+    }
+
+    //double check here, just in case we glitch this one.
+    //also, random delay in there, because why not.
+	res = whack_it();
+	if (res == 0xCAFE) {
+		int i = 0;
+		int rnd = rand()%500;
+		while (i < rnd ) {
+			i++;;
+			_delay_ms(1);
+		}
+		if (~res == 0x3501) {
+			serial_printf("\r\nWhat? You managed to get them all already?\r\n");
+			serial_printf("We are most gratefull for your service.\r\n");
+			serial_printf("Please take our most precious belonging.\r\n");
+
+            serial_printf("FLAG:S4v3d_the_f4rm!");
+            
+			return 0;
+		}
+	}
+
+	usart_print("Failed.\r\n");
+
+    return 0;
+}