Cracked my first game: Gemini Wing

BippyM · 09 February 2007, 22:10

wooohooooo just cracked my first non-novella, long-track game

expect a tutorial of sorts later once written (so codetapper or galahad or girv or whoever can give me advice on doing it better)

Shoonay · 09 February 2007, 22:17

Progressing well you are, young apprentice

In need of new WHDLoad installers, we are

Galahad/FLT · 09 February 2007, 22:28

Quote:

Originally Posted by bippym

wooohooooo just cracked my first non-novella, long-track game

expect a tutorial of sorts later once written (so codetapper or galahad or girv or whoever can give me advice on doing it better)

Which one Bippy, which one?

Hungry Horace · 09 February 2007, 22:29

isnt having a thread titled "crack" just inviting trouble???

congrats though bipmaster. i'd be intrigued to hear what you have planned to crack in the future

BippyM · 09 February 2007, 22:31

the title will be changed

Graham Humphrey · 09 February 2007, 22:31

Quote:

Originally Posted by Hungry Horace

isnt having a thread titled "crack" just inviting trouble???

Beat me to it! Was worried when I saw the thread title, thought he'd posted on the wrong site by mistake

BippyM · 10 February 2007, 00:02

Gemini Wing Crack - BippyM

This is my first non-novella crack so please don't be too critical.

Right first let's see what sort of protection we are dealing with and load the disk and either try and copy it or checkdisk (What I did).

As you can see there is an error on track 0 so it is either a copylock or a long track.

Boot a copy of the game and after a short while you'll get some rainbow flash and then the amiga will reset

Right let's see if it is copylock or long-track, boot again but before the crash hop into your replay and search for the usual copylock

opcode with

f 48 7a

There will be NO returned addresses so I guess we are dealing with long track . Again reboot but as soon as the rainbow effect starts hop into the replay and dis-assemble where we are. We should be in a dbra loop (addresses may differ as the game initially uses amigados to load the main.exe!)

go down and back up and you should see the following code

this is what is happening

JSR 00018bE2 Jump somewhere
TST.B D0 Test if d0 is 0
BEQ 00014e76 if d0 is 0 branch
LEA 00070000,a0 load 70000 into d0
MOVE.W D0,DFF180 Put contents of d0 into color0 (change screen color)
CLR.l -(a0)
DBF D0,14E68 if d0 is not -1 loop
BRA 00014e68 Loop anyway

so let's try something, put a G 14e76 and see what happens!

Yes the game loads, so we have three options here, we could change the BEQ to a BRA and bypass protection there, or we could change the tst.b d0 to a clr.b d0 and bypass the protection there, but the problem here is if the protection check is called again from another place in the game it might fail. We know d0 needs to be 0 to wire the protection so let's find where we can wire this in so it works properly.

Lets follow the JSR jump directly before the TST condition

The move.b 00018e52,d0 looks interesting, so I am guessing that address 18e52 holds the key before it is copied into d0, so if we find the instruction that puts the figure into 18e52 and force it to put a 0 in there we will bypass the protection. Let's search for all addresses that access 18e52

Let's search with fa 18e52

as you can see there are 3 results returned one of them is quite interesting as it copies #1 into d0 if we change that to move #0 into 18e52 then maybe the protection will pass, and seeing as it is only called the once, hopefully that is the only place in the game that modifies d0 for the protection check.

Okay reboot the game again and when the track counter reaches 0 enter your replay and check 18e52 (or your address) again you'll get three results

now we are interested in the third address returned, so let's assemble that address and change it to

and exit back to the game... what happens?

Right we need to make the change permanent, and seeing as the game uses amigados to load the initial gamefile we need to patch that.

Again reboot and drop back in when we reach track 0

As we will be loading the main game file off disk we will need to know what address it'll jump to so the best way is to go back to the address that checks d0 and see what address it is jumping to. To find this we will need to look for some opcode. Reboot the game and goto an address from earlier (18be2 for me) and you'll notice the unique 78000 at the next address so we check the opcodes with m 18be6 (or your address)

Now we load the game file into memory. LM gemini.prg,50000 (PIC8) now we simply search for the following

f 41 f9 00 07 80 00 23, 50000 6ad4c

You'll get one returned result so let us disassemble from there

Ooh this does look familiar. address 54036 is the one we want, we now do a search for 4232 from 50000 to 6ad4c with fa 4232 50000 6ad4c.

Three results returned as expected

and we want the third at address $5425C let's assemble that and change it

Now we save the file over itself and test the crack

sm gemini.prg,50000 6ad4c

reboot and voilla cracked

girv · 10 February 2007, 01:20

Nice one, BippyM

You've picked up asm pretty quickly, and that's a good write-up there.

Your story makes me recall my first proper crack - Gothik on the Amstrad CPC - the click of the tape drive relay followed by the title music starting, signifying the crack (and trainer!) had worked. Good times

A few comments on your crack. Not criticisms though as there's nothing wrong what you've done IMHO, just how I might do things differently.

To start I'd have done the same as you: determine something about the protection and what I'm up against. You can get to tell what sort of loader is in use by listening to the sounds the floppy drive makes

I'd then run a copy that won't work and see how it fails (in this case with the strobing loop) and take a note of the failure code if possible. I'd probably then have loaded the main exe into a debugger and disassembled it to find the failure code, then worked through the call sequence like you did to find the actual protection routine.

The biggest thing I'd have done differently is that I'd have totally disabled the protection, probably by modifying the 0x18be2 routine to set the flag and return immediately. What you've done is let the protection run but always pass - nothing wrong with that but I just think its more elegant to excise the protection completely. Call it professional pride if you like

I'd probably have investigated the JSRs at 0x18be2 just to see if there was anything tricky hiding in there. But you do start to develop a feel for protections and my spidey sense tells me this one is simple and you're not going to find any lurking horrors.

An interesting challenge to set yourself for the next one is to crack the game by modifying as few bytes (or bits) as possible

So well done that man

See you on whdload-dev soon then ?

musashi5150 · 10 February 2007, 11:09

Yep, excellent work bippy. If you're anything like me after your first crack you feel quite proud

If you want another ADOS longtrack to have a go at try Alien Storm - that's quite straight forward as well

Ultron · 10 February 2007, 12:53

There's one thing i don't understand:

Notice i know jackshit about ASM. What is the protection actually doing? After the crack it always fixes the code to pass, but before what was it doing? Does it check the track? Bootblock? What hardware part does it check? Is it because Xcopy couldn't remaster longtracks that it checks for it to see if it isn't Xcopy copied? I guess this was the cornerstone of anti-copying Amiga protection?

In particular, what's it doing there in ~05403c? A note on what each line is doing after ~540006 would be really cool, tia

musashi5150 · 10 February 2007, 13:45

Longtracks cannot be copied by standard Amiga disk drives. The Amiga can read them, but can't write them back. Using a hardware copier (Cyclone etc) you can sometimes copy these tracks ok.

The copy protection reads the longtrack and probably generates some kind of serial number based on the contents, or a checksum of the contents etc. It then verifies this number and the protection fails/passes on the result.

The code in your screenshot isn't that helpful, the first two lines just moves the value $78000 into A0 and address $4226. The would be some more interesting stuff in all the routines that get JSR'd to in the following lines. Line $54036 moves a value from memory back into register D0. And your line at $5403c restores all regs except D0/A0 from the stack.

There's nothing particularly interesting in that code except what it might be returning in D0

Ultron · 10 February 2007, 14:23

Hmmm, i see. Thanks. So this longtrack \ copylock stuff wasn't workable at all. Thank god it could be read (and disassembled) or else it wouldn't be crackable

. It's also interesting to note that without these modified tracks it'd be pretty much impossible to create any decent anti-copying defence (well, it still was anyway

).

I guess the disks that weren't AmigaDos had the extra challenge of studiying the disk format? There'd have to be a file table somewhere? Hopefuly it was gained through disassembling bootloader file loading routines? Or maybe even the game\loader exe itself that load the datafiles later one by itself?

Damn, that's a lotta work

Fascinating though.

Haakon · 10 February 2007, 14:28

I'm impressed Bippym. You can't be a novice on asm

And you should get "the best topic of the decade"-award with your well-documented topics!

BippyM · 10 February 2007, 19:21

Quote:

Originally Posted by girv

Nice one, BippyM

You've picked up asm pretty quickly, and that's a good write-up there.

Thank-you

Quote:

Your story makes me recall my first proper crack - Gothik on the Amstrad CPC - the click of the tape drive relay followed by the title music starting, signifying the crack (and trainer!) had worked. Good times

hehe well I was playing around with mfm etc and that lost me totally, I had already done pipemania novella last yr so wanted something in-between.

Quote:

A few comments on your crack. Not criticisms though as there's nothing wrong what you've done IMHO, just how I might do things differently.

To start I'd have done the same as you: determine something about the protection and what I'm up against. You can get to tell what sort of loader is in use by listening to the sounds the floppy drive makes

I'd then run a copy that won't work and see how it fails (in this case with the strobing loop) and take a note of the failure code if possible. I'd probably then have loaded the main exe into a debugger and disassembled it to find the failure code, then worked through the call sequence like you did to find the actual protection routine.

Well I thought about dissassembling it in resource but thought maybe that was a bit beyond my abilities right now, saying that now I know how to crack this one maybe I'll resource it to understand and use resource a bit better

Quote:

The biggest thing I'd have done differently is that I'd have totally disabled the protection, probably by modifying the 0x18be2 routine to set the flag and return immediately. What you've done is let the protection run but always pass - nothing wrong with that but I just think its more elegant to excise the protection completely. Call it professional pride if you like

Yeah Galahad went through it with me after I posted on here and he showed me how to wire the key in and bypass the protection check. Hopefully I'll remember how to do it and for the next game I try and crack I'll bypass the protection

Quote:

I'd probably have investigated the JSRs at 0x18be2 just to see if there was anything tricky hiding in there. But you do start to develop a feel for protections and my spidey sense tells me this one is simple and you're not going to find any lurking horrors.

I thought about it, but then I thought it's an older Amiga game so the protection shouldn't be too ott and simnply training the lives/collision detection I played thru the game

Quote:

An interesting challenge to set yourself for the next one is to crack the game by modifying as few bytes (or bits) as possible

Well besides what Galahad showed me I can't see how to go about modifying as little as poss unless I simply branched into the game hence only changing 1 line!

Quote:

So well done that man

See you on whdload-dev soon then ?

Here is hoping

Quote:

Originally Posted by musashi5150

Yep, excellent work bippy. If you're anything like me after your first crack you feel quite proud

If you want another ADOS longtrack to have a go at try Alien Storm - that's quite straight forward as well

hehe indeed it does make one feel good and proud, I've been struggling with asm on and off for a couple years now, but finally little things are starting to make sense

I'll look at alien storm or batman next I think

Quote:

Originally Posted by ultron

In particular, what's it doing there in ~05403c? A note on what each line is doing after ~540006 would be really cool

Well there is a line at the start of that routine (not shown in any pictures) that stores the registers on the stack as the game needs them. that line simply restores the registers to how they were before the protection routine was launched. I have started to cover this in my asm thread http://eab.abime.net/showthread.php?t=27577.

Quote:

Hmmm, i see. Thanks. So this longtrack \ copylock stuff wasn't workable at all. Thank god it could be read (and disassembled) or else it wouldn't be crackable . It's also interesting to note that without these modified tracks it'd be pretty much impossible to create any decent anti-copying defence (well, it still was anyway ).

Whenever something has to be read into a computer it can be cracked sooner or later. The single track could be read but not written so when xcopy copied it it'd fail and so the checksum of the track or it's contents would be different and the protection would fail.

Simply putting the correct key or whatever the protection needs into the program or bypassing the protection check completely can one crack a game.

Quote:

I guess the disks that weren't AmigaDos had the extra challenge of studiying the disk format? There'd have to be a file table somewhere? Hopefuly it was gained through disassembling bootloader file loading routines? Or maybe even the game\loader exe itself that load the datafiles later one by itself?

In some cases it is easier using non-dos disks as amigados could potentially load the main exe anywhere in ram. With non-dos disks the main exe is usually loaded to a fixed address everytime.

MFM disks are more complicated as all the disks except track 0/side 0 are usually protected so yes one would have to disassemble the bootblock and figure out the loader and filetables etc and rip the files off before writing a new trackloader etc.

This is why sometimes a crack comes on more disks than the original as mfm tracks can store more data than a standard amigados track !

Quote:

Originally Posted by haakon

I'm impressed Bippym. You can't be a novice on asm

And you should get "the best topic of the decade"-award with your well-documented topics!

Thank you for your praise, but I am a novice and it's only because of the experienced coders here and on flashtro.com along with my books and perseverence that I am making headway

Expect my next crack tutorial type thing soon (and for those interested check out flashtro.com)

lucadip · 10 February 2007, 20:04

Quote:

Originally Posted by bippym

Yeah Galahad went through it with me after I posted on here and he showed me how to wire the key in and bypass the protection check. Hopefully I'll remember how to do it and for the next game I try and crack I'll bypass the protection

Hi bippym,

great post! Are you going to write a tutorial on "how to wire the key in and bypass the protection check" as well?
Well, if Galahad doesn't mind...

Ciao,
Luca

BippyM · 10 February 2007, 20:05

I could include it as an alternative later I suppose.

dlfrsilver · 14 February 2007, 18:41

About long tracks, our pro crackers out there will confirm, that if a long track
has 34 sectors not possible to copy, because a standard amiga will only copy 11 sectors, just need to check sector 25 presence and of you go ^^ !
if sector 25 is absent then it's a copy, and game crash.

Silmarils are nice ones, as their protection is always the same ! i have patched all my silmarils copies made from my originals.

I'm personnaly only annoyed by nasty tricks used. But i like a lot making
patched disks.

musashi5150 · 14 February 2007, 18:47

I've never seen anything like that - 34 sectors is a lot (too much) to fit onto a single track. Unless they are less than 512B each of course...

But I have an open mind and wait for Galahad or Codetappers opinion...

Galahad/FLT · 14 February 2007, 20:01

Most longtracks are 12 sectors, don't know where you get 34 from!

Joe Maroni · 14 February 2007, 20:21

AFAIK a longtrack consists of 528kbit....is it right...???

10 February 2007, 13:45	#11
musashi5150 move.w #$4489,$dff07e Join Date: Sep 2005 Location: Norfolk, UK Age: 42 Posts: 2,351	Longtracks cannot be copied by standard Amiga disk drives. The Amiga can read them, but can't write them back. Using a hardware copier (Cyclone etc) you can sometimes copy these tracks ok. The copy protection reads the longtrack and probably generates some kind of serial number based on the contents, or a checksum of the contents etc. It then verifies this number and the protection fails/passes on the result. The code in your screenshot isn't that helpful, the first two lines just moves the value $78000 into A0 and address $4226. The would be some more interesting stuff in all the routines that get JSR'd to in the following lines. Line $54036 moves a value from memory back into register D0. And your line at $5403c restores all regs except D0/A0 from the stack. There's nothing particularly interesting in that code except what it might be returning in D0 Last edited by musashi5150; 10 February 2007 at 17:31.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Wing Commander as CD32 Emulation - Sound breaks up - game gets slow	magnusmagnorum	support.WinUAE	12	20 February 2008 08:43
Wing Commander CD32 save game help...	nikvest	support.Games	5	02 October 2007 04:48
Gemini Wing - Defeating the end-boss	andreas	support.Games	6	20 October 2005 13:59
Gemini Wing	Carlos Ace	request.Old Rare Games	2	25 May 2002 12:54
Gemini Wing	andreas	support.Games	5	14 March 2002 21:43

09 February 2007, 22:10	#1
BippyM Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 48 Posts: 9,355	Cracked my first game: Gemini Wing wooohooooo just cracked my first non-novella, long-track game expect a tutorial of sorts later once written (so codetapper or galahad or girv or whoever can give me advice on doing it better) Last edited by BippyM; 09 February 2007 at 23:26.

09 February 2007, 22:17	#2
Shoonay Global Caturator Join Date: Aug 2004 Location: Porando Age: 43 Posts: 6,107	Progressing well you are, young apprentice In need of new WHDLoad installers, we are

09 February 2007, 22:29	#4
Hungry Horace Wipe-Out Enthusiast Join Date: Nov 2005 Location: . Age: 43 Posts: 2,545	isnt having a thread titled "crack" just inviting trouble??? congrats though bipmaster. i'd be intrigued to hear what you have planned to crack in the future

09 February 2007, 22:31	#5
BippyM Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 48 Posts: 9,355	the title will be changed

10 February 2007, 00:02	#7
BippyM Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 48 Posts: 9,355	Gemini Wing Crack - BippyM This is my first non-novella crack so please don't be too critical. Right first let's see what sort of protection we are dealing with and load the disk and either try and copy it or checkdisk (What I did). As you can see there is an error on track 0 so it is either a copylock or a long track. Boot a copy of the game and after a short while you'll get some rainbow flash and then the amiga will reset Right let's see if it is copylock or long-track, boot again but before the crash hop into your replay and search for the usual copylock opcode with f 48 7a There will be NO returned addresses so I guess we are dealing with long track . Again reboot but as soon as the rainbow effect starts hop into the replay and dis-assemble where we are. We should be in a dbra loop (addresses may differ as the game initially uses amigados to load the main.exe!) go down and back up and you should see the following code this is what is happening JSR 00018bE2 Jump somewhere TST.B D0 Test if d0 is 0 BEQ 00014e76 if d0 is 0 branch LEA 00070000,a0 load 70000 into d0 MOVE.W D0,DFF180 Put contents of d0 into color0 (change screen color) CLR.l -(a0) DBF D0,14E68 if d0 is not -1 loop BRA 00014e68 Loop anyway so let's try something, put a G 14e76 and see what happens! Yes the game loads, so we have three options here, we could change the BEQ to a BRA and bypass protection there, or we could change the tst.b d0 to a clr.b d0 and bypass the protection there, but the problem here is if the protection check is called again from another place in the game it might fail. We know d0 needs to be 0 to wire the protection so let's find where we can wire this in so it works properly. Lets follow the JSR jump directly before the TST condition The move.b 00018e52,d0 looks interesting, so I am guessing that address 18e52 holds the key before it is copied into d0, so if we find the instruction that puts the figure into 18e52 and force it to put a 0 in there we will bypass the protection. Let's search for all addresses that access 18e52 Let's search with fa 18e52 as you can see there are 3 results returned one of them is quite interesting as it copies #1 into d0 if we change that to move #0 into 18e52 then maybe the protection will pass, and seeing as it is only called the once, hopefully that is the only place in the game that modifies d0 for the protection check. Okay reboot the game again and when the track counter reaches 0 enter your replay and check 18e52 (or your address) again you'll get three results now we are interested in the third address returned, so let's assemble that address and change it to and exit back to the game... what happens? Right we need to make the change permanent, and seeing as the game uses amigados to load the initial gamefile we need to patch that. Again reboot and drop back in when we reach track 0 As we will be loading the main game file off disk we will need to know what address it'll jump to so the best way is to go back to the address that checks d0 and see what address it is jumping to. To find this we will need to look for some opcode. Reboot the game and goto an address from earlier (18be2 for me) and you'll notice the unique 78000 at the next address so we check the opcodes with m 18be6 (or your address) Now we load the game file into memory. LM gemini.prg,50000 (PIC8) now we simply search for the following f 41 f9 00 07 80 00 23, 50000 6ad4c You'll get one returned result so let us disassemble from there Ooh this does look familiar. address 54036 is the one we want, we now do a search for 4232 from 50000 to 6ad4c with fa 4232 50000 6ad4c. Three results returned as expected and we want the third at address $5425C let's assemble that and change it Now we save the file over itself and test the crack sm gemini.prg,50000 6ad4c reboot and voilla cracked

10 February 2007, 01:20	#8
girv Mostly Harmless Join Date: Aug 2004 Location: Northern Ireland Posts: 1,133	Nice one, BippyM You've picked up asm pretty quickly, and that's a good write-up there. Your story makes me recall my first proper crack - Gothik on the Amstrad CPC - the click of the tape drive relay followed by the title music starting, signifying the crack (and trainer!) had worked. Good times A few comments on your crack. Not criticisms though as there's nothing wrong what you've done IMHO, just how I might do things differently. To start I'd have done the same as you: determine something about the protection and what I'm up against. You can get to tell what sort of loader is in use by listening to the sounds the floppy drive makes I'd then run a copy that won't work and see how it fails (in this case with the strobing loop) and take a note of the failure code if possible. I'd probably then have loaded the main exe into a debugger and disassembled it to find the failure code, then worked through the call sequence like you did to find the actual protection routine. The biggest thing I'd have done differently is that I'd have totally disabled the protection, probably by modifying the 0x18be2 routine to set the flag and return immediately. What you've done is let the protection run but always pass - nothing wrong with that but I just think its more elegant to excise the protection completely. Call it professional pride if you like I'd probably have investigated the JSRs at 0x18be2 just to see if there was anything tricky hiding in there. But you do start to develop a feel for protections and my spidey sense tells me this one is simple and you're not going to find any lurking horrors. An interesting challenge to set yourself for the next one is to crack the game by modifying as few bytes (or bits) as possible So well done that man See you on whdload-dev soon then ?

10 February 2007, 11:09	#9
musashi5150 move.w #$4489,$dff07e Join Date: Sep 2005 Location: Norfolk, UK Age: 42 Posts: 2,351	Yep, excellent work bippy. If you're anything like me after your first crack you feel quite proud If you want another ADOS longtrack to have a go at try Alien Storm - that's quite straight forward as well

10 February 2007, 12:53	#10
Ultron Something Join Date: Feb 2006 Location: Amigaland, Nostalgia Age: 48 Posts: 757	There's one thing i don't understand: Notice i know jackshit about ASM. What is the protection actually doing? After the crack it always fixes the code to pass, but before what was it doing? Does it check the track? Bootblock? What hardware part does it check? Is it because Xcopy couldn't remaster longtracks that it checks for it to see if it isn't Xcopy copied? I guess this was the cornerstone of anti-copying Amiga protection? In particular, what's it doing there in ~05403c? A note on what each line is doing after ~540006 would be really cool, tia

10 February 2007, 14:23	#12
Ultron Something Join Date: Feb 2006 Location: Amigaland, Nostalgia Age: 48 Posts: 757	Hmmm, i see. Thanks. So this longtrack \ copylock stuff wasn't workable at all. Thank god it could be read (and disassembled) or else it wouldn't be crackable . It's also interesting to note that without these modified tracks it'd be pretty much impossible to create any decent anti-copying defence (well, it still was anyway ). I guess the disks that weren't AmigaDos had the extra challenge of studiying the disk format? There'd have to be a file table somewhere? Hopefuly it was gained through disassembling bootloader file loading routines? Or maybe even the game\loader exe itself that load the datafiles later one by itself? Damn, that's a lotta work Fascinating though.

10 February 2007, 14:28	#13
Haakon Registered User Join Date: Sep 2004 Location: Norway Age: 49 Posts: 180	I'm impressed Bippym. You can't be a novice on asm And you should get "the best topic of the decade"-award with your well-documented topics!

10 February 2007, 20:05	#16
BippyM Global Moderator Join Date: Nov 2001 Location: Derby, UK Age: 48 Posts: 9,355	I could include it as an alternative later I suppose.

14 February 2007, 18:41	#17
dlfrsilver CaptainM68K-SPS France Join Date: Dec 2004 Location: Melun nearby Paris/France Age: 46 Posts: 10,484	About long tracks, our pro crackers out there will confirm, that if a long track has 34 sectors not possible to copy, because a standard amiga will only copy 11 sectors, just need to check sector 25 presence and of you go ^^ ! if sector 25 is absent then it's a copy, and game crash. Silmarils are nice ones, as their protection is always the same ! i have patched all my silmarils copies made from my originals. I'm personnaly only annoyed by nasty tricks used. But i like a lot making patched disks.

14 February 2007, 18:47	#18
musashi5150 move.w #$4489,$dff07e Join Date: Sep 2005 Location: Norfolk, UK Age: 42 Posts: 2,351	I've never seen anything like that - 34 sectors is a lot (too much) to fit onto a single track. Unless they are less than 512B each of course... But I have an open mind and wait for Galahad or Codetappers opinion...

14 February 2007, 20:01	#19
Galahad/FLT Going nowhere Join Date: Oct 2001 Location: United Kingdom Age: 50 Posts: 9,014	Most longtracks are 12 sectors, don't know where you get 34 from!

14 February 2007, 20:21	#20
Joe Maroni Moderator Join Date: Feb 2003 Location: Germany Age: 44 Posts: 1,303	AFAIK a longtrack consists of 528kbit....is it right...???

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)