Sunday, May 13, 2012

Automatic binary hardening with Autoconf

How do you protect a C program against memory corruption exploits? We should try to write code with no bugs, but we also need protection against any bugs which may lurk. Put another way, I try not to crash my bike but I still wear a helmet.

Operating systems now support a variety of tricks to make life difficult for would-be attackers. But most of these hardening features need to be enabled at compile time. When I started contributing to Mosh, I made it a goal to build with full hardening on every platform, not just proactive distributions like Ubuntu. This means detecting available hardening features at compile time.

Mosh uses Autotools, so this code is naturally part of the Autoconf script. I know that Autotools has a bad reputation in some circles, and I'm not going to defend it here. But a huge number of existing projects use Autotools. They can benefit today from a drop-in hardening recipe.

I've published an example project which uses Autotools to detect and enable some binary hardening features. To the extent possible under law, I waive all copyright and related or neighboring rights to the code I wrote for this project. (There are some third-party files in the m4/ subdirectory; those are governed by the respective licenses which appear in each file.) I want this code to be widely useful, and I welcome any refinements you have.

This article explains how my auto-detection code works, with some detail about the hardening measures themselves. If you just want to add hardening to your project, you don't necessarily need to read the whole thing. At the end I talk a bit about the performance implications.

How it works

The basic idea is simple. We use AX_CHECK_{COMPILE,LINK}_FLAG from the Autoconf Archive to detect support for each feature. The syntax is

AX_CHECK_COMPILE_FLAG(flag, action-if-supported, action-if-unsupported, extra-flags)

For extra-flags we generally pass -Werror so the compiler will fail on unrecognized flags. Since the project contains both C and C++ code, we check each flag once for the C compiler and once for the C++ compiler. Also, some flags depend on others, or have multiple alternative forms. This is reflected in the nesting structure of the action-if-supported and action-if-unsupported blocks. You can see the full story in configure.ac.

We accumulate all the supported flags into HARDEN_{C,LD}FLAGS and substitute these into each Makefile.am. The hardening flags take effect even if the user overrides CFLAGS on the command line. To explicitly disable hardening, pass

./configure --disable-hardening

A useful command when testing is

grep HARDEN config.log

Complications

Clang will not error out on unrecognized flags, even with -Werror. Instead it prints a message like

clang: warning: argument unused during compilation: '-foo'

and continues on blithely. I don't want these warnings to appear during the actual build, so I hacked around Clang's behavior. The script wrap-compiler-for-flag-check runs a command and errors out if the command prints a line containing "warning: argument unused". Then configure temporarily sets

CC="$srcdir/scripts/wrap-compiler-for-flag-check $CC"

while performing the flag checks.

When I integrated hardening into Mosh, I discovered that Ubuntu's default hardening flags conflict with ours. For example we set -Wstack-protector, meaning "warn about any unprotected functions", and they set --param=ssp-buffer-size=4, meaning "don't protect functions with fewer than 4 bytes of buffers". Our stack-protector flags are strictly more aggressive, so I disabled Ubuntu's by adding these lines to debian/rules:

export DEB_BUILD_MAINT_OPTIONS = hardening=-stackprotector
-include /usr/share/dpkg/buildflags.mk

We did something similar for Fedora.

Yet another problem is that Debian distributes skalibs (a Mosh dependency) as a static-only library, built without -fPIC, which in turn prevents Mosh from using -fPIC. Mosh can build the relevant parts of skalibs internally, but Debian and Ubuntu don't want us doing that. The unfortunate solution is simply to reimplement the small amount of skalibs we were using on Linux.

The flags

Here are the specific protections I enabled.

  • -D_FORTIFY_SOURCE=2 enables some compile-time and run-time checks on memory and string manipulation. This requires -O1 or higher. See also man 7 feature_test_macros.

  • -fno-strict-overflow prevents GCC from optimizing away arithmetic overflow tests.

  • -fstack-protector-all detects stack buffer overflows after they occur, using a stack canary. We also set -Wstack-protector (warn about unprotected functions) and --param ssp-buffer-size=1 (protect regardless of buffer size). (Actually, the "-all" part of -fstack-protector-all might imply ssp-buffer-size=1.)

  • Attackers can use fragments of legitimate code already in memory to stitch together exploits. This is much harder if they don't know where any of that code is located. Shared libraries get random addresses by default, but your program doesn't. Even an exploit against a shared library can take advantage of that. So we build a position independent executable (PIE), with the goal that every executable page has a randomized address.

  • Exploits can't overwrite read-only memory. Some areas could be marked as read-only except that the dynamic loader needs to perform relocations there. The GNU linker flag -z relro arranges to set them as read-only once the dynamic loader is done with them.

    In particular, this can protect the PLT and GOT, which are classic targets for memory corruption. But PLT entries normally get resolved on demand, which means they're writable as the program runs. We set -z now to resolve PLT entries at startup so they get RELRO protection.

In the example project I also enabled -Wall -Wextra -Werror. These aren't hardening flags and we don't need to detect support, but they're quite important for catching security problems. If you can't make your project -Wall-clean, you can at least add security-relevant checks such as -Wformat-security.

Demonstration

On x86 Linux, we can check the hardening features using Tobias Klein's checksec.sh. First, as a control, let's build with no hardening.

$ ./build.sh --disable-hardening
+ autoreconf -fi
+ ./configure --disable-hardening
...
+ make
...
$ ~/checksec.sh --file src/test
No RELRO       No canary found  NX enabled  No PIE

The no-execute bit (NX) is mainly a kernel and CPU feature. It does not require much compiler support, and is enabled by default these days. Now we'll try full hardening:

$ ./build.sh
+ autoreconf -fi
+ ./configure
...
checking whether C compiler accepts -fno-strict-overflow... yes
checking whether C++ compiler accepts -fno-strict-overflow... yes
checking whether C compiler accepts -D_FORTIFY_SOURCE=2... yes
checking whether C++ compiler accepts -D_FORTIFY_SOURCE=2... yes
checking whether C compiler accepts -fstack-protector-all... yes
checking whether C++ compiler accepts -fstack-protector-all... yes
checking whether the linker accepts -fstack-protector-all... yes
checking whether C compiler accepts -Wstack-protector... yes
checking whether C++ compiler accepts -Wstack-protector... yes
checking whether C compiler accepts --param ssp-buffer-size=1... yes
checking whether C++ compiler accepts --param ssp-buffer-size=1... yes
checking whether C compiler accepts -fPIE... yes
checking whether C++ compiler accepts -fPIE... yes
checking whether the linker accepts -fPIE -pie... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking whether the linker accepts -Wl,-z,now... yes
...
+ make
...
$ ~/checksec.sh --file src/test
Full RELRO     Canary found     NX enabled  PIE enabled

We can dig deeper on some of these. objdump -d shows that the unhardened executable puts main at a fixed address, say 0x4006e0, while the position-independent executable specifies a small offset like 0x9e0. We can also see the stack-canary checks:

b80:  sub   $0x18,%rsp
b84:  mov   %fs:0x28,%rax
b8d:  mov   %rax,0x8(%rsp)

      ... function body ...

b94:  mov   0x8(%rsp),%rax
b99:  xor   %fs:0x28,%rax
ba2:  jne   bb4 <c_fun+0x34>

      ... normal epilogue ...

bb4:  callq 9c0 <__stack_chk_fail@plt>

The function starts by copying a "canary" value from %fs:0x28 to the stack. On return, that value had better still be there; otherwise, an attacker has clobbered our stack frame.

The canary is chosen randomly by glibc at program start. The %fs segment has a random offset in linear memory, which makes it hard for an attacker to discover the canary through an information leak. This also puts it within thread-local storage, so glibc could use a different canary value for each thread (but I'm not sure if it does).

The hardening flags adapt to any other compiler options we specify. For example, let's try a static build:

$ ./build.sh LDFLAGS=-static
+ autoreconf -fi
+ ./configure LDFLAGS=-static
...
checking whether C compiler accepts -fPIE... yes
checking whether C++ compiler accepts -fPIE... yes
checking whether the linker accepts -fPIE -pie... no
...
+ make
...
$ file src/test
src/test: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux),
statically linked, for GNU/Linux 2.6.26, not stripped
$ ~/checksec.sh --file src/test
Partial RELRO  Canary found     NX enabled  No PIE

We can't have position independence with static linking. And checksec.sh thinks we aren't RELRO-protecting the PLT — but that's because we don't have one.

Performance

So what's the catch? These protections can slow down your program significantly. I ran a few benchmarks for Mosh, on three test machines:

  • A wimpy netbook: 1.6 GHz Atom N270, Ubuntu 12.04 i386

  • A reasonable laptop: 2.1 GHz Core 2 Duo T8100, Debian sid amd64

  • A beefy desktop: 3.0 GHz Phenom II X6 1075T, Debian sid amd64

In all three cases I built Mosh using GCC 4.6.3. Here's the relative slowdown, in percent.

Protections Netbook Laptop Desktop
Everything 16.0 4.4 2.1
All except PIE 4.7 3.3 2.2
All except stack protector 11.0 1.0 1.1

PIE really hurts on i386 because data references use an extra register, and registers are scarce to begin with. It's much cheaper on amd64 thanks to PC-relative addressing.

There are other variables, of course. One Debian stable system with GCC 4.4 saw a 30% slowdown, with most of it coming from the stack protector. So this deserves further scrutiny, if your project is performance-critical. Mosh doesn't use very much CPU anyway, so I decided security is the dominant priority.

90 comments:

  1. Does this work on the BSDs?

    ReplyDelete
    Replies
    1. Hello everyone..Welcome to my free masterclass strategy where i teach experience and inexperience traders the secret behind a successful trade.And how to be profitable in trading I will also teach you how to make a profit of $12,000 USD weekly and how to get back all your lost funds feel free to email me on(brucedavid004@gmail.com) or whataspp number is +22999290178







      Hello everyone..Welcome to my free masterclass strategy where i teach experience and inexperience traders the secret behind a successful trade.And how to be profitable in trading I will also teach you how to make a profit of $12,000 USD weekly and how to get back all your lost funds feel free to email me on(brucedavid004@gmail.com) or whataspp number is +22999290178

      Delete
  2. The Autoconf code runs without error on all of the supported Mosh platforms, including FreeBSD. I'm not sure what set of protections you get on FreeBSD.

    ReplyDelete
  3. I just tested it on FreeBSD 9.0 for amd64 and we do get the full set of hardening features. This is using GCC 4.2.1 and GNU ld 2.17.50.

    ReplyDelete
  4. I believe for Mac OS X you need to use -Wl,-pie even with gcc. If you use "gcc -v" when linking on Mac OS X you won't see -pie being passed to the linker. Here's the output of "otool -h" on an executable built with -pie in LDFLAGS on Mac OS X 10.6:

    Mach header
    magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
    0xfeedfacf 16777223 3 0x80 2 11 1776 0x00000085

    Compare that to one built with -Wl,-pie

    Mach header
    magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
    0xfeedfacf 16777223 3 0x80 2 11 1776 0x00200085

    In /usr/include/mach-o/loader.h we find this:

    #define MH_PIE 0x200000 /* When this bit is set, the OS will
    load the main executable at a
    random address. Only used in
    MH_EXECUTE filetypes. */

    ReplyDelete
  5. @Todd C. Miller: Thanks, we'll look into that!

    ReplyDelete
  6. I think you'll find that it is not just clang that gives a non-fatal warning for unrecognized options. The HP-UX C compiler does this too. What you really want is to toggle the value of ac_c_werror_flag / ac_cxx_werror_flag like autoconf's -g checks do. Rather that twiddle ac_c_werror_flag directly I use AC_LANG_WERROR but since there is no (exported) way to restore ac_c_werror_flag the checks need to be at the end of the configure script. This is not a huge deal if you are careful, but it sure would be nice to be able to just toggle werror.

    ReplyDelete
  7. Put another way, I try not to crash my bike but I still wear a helmet.You can learn more: China Travel Agency | China tour operator | China tour packages

    ReplyDelete
  8. Yes, You are saying right the trading option with binary functions is called a binary option trading. To trade with efficient manner you need a platform.
    Source:Www.Trading-Binary-Options.Eu

    ReplyDelete
  9. The best place to learn Chinese language is in China. However, we understand that it isn't always possible to move here to study Chinese language. The next best thing is to study with our experienced teachers in a virtual classroom. Online students enjoy the same excellent way of Chinese language class and custom designed courseware that we provide for our face to face clients.

    ReplyDelete
  10. Nice article, thanks for the information. It's very complete information. I will bookmark for next reference
    jaring futsal | jaring golf | jaring pengaman proyek |
    jaring pengaman bangunan | jaring pengaman gedung
    http://www.jual-jaring.blogspot.com/
    http://www.agen-jaring.blogspot.com/
    http://www.pancasamudera-safetynet.blogspot.com/
    http://www.toko-jaring.blogspot.com/
    http://www.pusat-jaring.blogspot.com/
    http://jualjaringpengaman.blogspot.com/
    https://pancasamudera.wordpress.com/
    https://pasangjaringfutsal.wordpress.com/
    https://jualtambangmurah.wordpress.com/
    https://tokojaring.wordpress.com/
    https://jualjaringfutsal.wordpress.com/
    https://jaringfutsal.wordpress.com/


    ReplyDelete
  11. Nice Post, Thanks for your very useful information...

    ReplyDelete
  12. I love it. I hope that more and more Blogger will use this feature in the future, because it just makes the internet better I think!
    India Vs West Indies Live Tv Telecast
    Fifa Futsal World Cup 2016 Broadcasting

    ReplyDelete
  13. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. BinaryToday.com

    ReplyDelete
  14. Hello everyone..Welcome to my free masterclass strategy where i teach experience and inexperience traders the secret behind a successful trade.And how to be profitable in trading I will also teach you how to make a profit of $12,000 USD weekly and how to get back all your lost funds feel free to email me on(brucedavid004@gmail.com) or whataspp number is +22999290178

    ReplyDelete
  15. Hello everyone..Welcome to my free masterclass strategy where i teach experience and inexperience traders the secret behind a successful trade.And how to be profitable in trading I will also teach you how to make a profit of $12,000 USD weekly and how to get back all your lost funds feel free to email me on(brucedavid004@gmail.com) or whataspp number is +22999290178

    ReplyDelete
  16. Hello everyone..Welcome to my free masterclass strategy where i teach experience and inexperience traders the secret behind a successful trade.And how to be profitable in trading I will also teach you how to make a profit of $12,000 USD weekly and how to get back all your lost funds feel free to email me on(brucedavid004@gmail.com) or whataspp number is +22999290178

    ReplyDelete
  17. I loved reading this! I try to just do my own thing on my blog http://www.gumawawebsite.blogspot.com but it’s nice to have people who inspire.

    ReplyDelete
  18. گروه ترجمه آنلاین پیشرو در خدمات ترجمه تخصصی و فوری متن ، کتاب و مقاله با ضمانت کیفیت. برای محاسبه سریع قیمت ترجمه اینجا را کلیک کنید. مرکز ترجمه آنلاین با هدف ارایه خدمات به تمام مشتریان خدمات خود را به سه دسته طلایی ، نقره ای و برنز تقسیم بندی می کند.

    ReplyDelete
  19. Connect Your HP Printer Using wps pin hp printer: · Once you go into all program section. · Thereafter, you need to go into printer setup and software option. Also visit - Wps Pin Hp Envy Printer

    ReplyDelete
  20. Packers and Movers Gurgaon Provide Reliable, Safe and Certified Service Provider list, Get Free ***Best Price Quotaition and Compare Charges. ???Hassle free Household Shifting Services, High Quality packing Material, Office Relocation, Car Transportaion, ###Local and Domestic Shifting Service @ Packers And Movers Gurgaon

    ReplyDelete
  21. Thanks for sharing this informative blog. Keep sharing informative content blog.

    Thanks for sharing this informative blog. Keep sharing informative content blog.


    CRM software in Chennai
    helps in every business, no matter what the size of the business. This CRM software helps to organize and automate and improve their business. Salezshark having 15 yrs of experience Sale and marketing CRM solutions

    ReplyDelete
  22. https://crackknow.com/adobe-photoshop-cc-crack-keygen/
    Adobe Photoshop CC Product Key is improved, but we know that practice makes a man perfect, and like this, you can also become an ideal use of this excellent software; it will result in amazing photos. However, you have the choice to fine-tune the color level, alpha channels, artistic filters, textures, and masks. The options are nonstop proportional to your vision and imagination. It covers simple video editing tools and has a great blend of essential video editing tools by which you can manage your video clips.

    ReplyDelete
  23. https://crackpropc.com/zoom-meeting-crack-key/
    Zoom Meetings Crack Serial Key (also known as Zoom Meeting and Chat) is a real-time video conferencing and messaging application that meets the needs of new teams working on small and large projects using all the tools available in the world. It is designed for Today, with its ease of use, compatibility with all modern communication devices connected to the Internet, and full functionality to work with video; it allows teams of any size to configure their communication networks and in real-time.

    ReplyDelete
  24. https://muzamilpc.com/malwarebytes-premium-crack/
    Malwarebytes Crack Keygen has responded to critics’ doubts about its real-time scanning capacity and puts some powerful antivirus abilities at the core of its product. It now appears in three scan types—including the “hyper scan,” which examines the system memory and startup objects for threats at an accelerated pace. However, the most extensive scanning mode is truly the “threat scan,” which looks for the nature of risks, including illegal registry edits, worms, and trojans.

    ReplyDelete
  25. https://newcrack.org/hma-pro-vpn-crack-license-key-latest-download/
    Cracked Here is a useful place where you can easily find Activators, Patch, Full version software Free Download, License key, serial key, keygen, Activation Key and Torrents.
    Get all of these by easily just on a single click.

    ReplyDelete
  26. https://oceancrack.com/portrait-pro-studio-body-crack/
    Cracked Here is a useful place where you can easily find Activators, Patch, Full version software Free Download, License key, serial key, keygen, Activation Key and Torrents.

    ReplyDelete
  27. https://primarychalkboard.blogspot.com/2015/11/read-like-techie-using-your-board-for.html?showComment=1624484384343#c807357169728536942
    https://fullcomicfrenzy.blogspot.com/2016/07/patent-litigation-as-branding-tool.html?showComment=1624484949244#c7103277414278957678
    https://howsweeteritis.blogspot.com/2011/11/how-to-generate-your-own-qr-codes.html?showComment=1624484917260#c7352650518745650061
    https://characterdesignnotes.blogspot.com/2010/11/nico-marlet.html?showComment=1624484721824#c7384407583429207550
    https://syafiqzulkarnain2.blogspot.com/2016/10/iphone-7-just-launched-but-attentions.html?showComment=1624484751179#c8694022359694255508
    https://notreadymaketonice.blogspot.com/2017/03/modern-mahogany-dining-room-interior.html?showComment=1624484799636#c2140063941327763495
    http://www.geekwithcurves.com/2010/02/meeting-felicia-day-dr-horrible.html?showComment=1624484810962#c634997335672489560
    https://veggieandtofu.blogspot.com/2011/05/an-elegant-architectural-masterpiece.html?showComment=1624484850246#c2371712671122579194
    https://thebestgifsforme.blogspot.com/2012/06/barney-from-how-i-met-your-mother-gifs.html?showComment=1624485384723#c679506645390791919
    https://ilovetocreateblog.blogspot.com/2015/09/puffy-paint-backpack-for-back-to-school.html?showComment=1624485394647#c1720272640561728281
    https://littlebitjohnny.blogspot.com/2014/07/download-free-total-video-converter-for.html?showComment=1624485456456#c3514330564562809484
    https://sihanandi.blogspot.com/2016/10/z3x-box-samsung-tool-pro-v-269-setup.html?showComment=1624485195400#c8170089753367527843
    https://sihanandi.blogspot.com/2016/09/z3x-box-samsung-tool-pro-v-267-setup.html?showComment=1624485221189#c7747729015119837040
    http://thepinetree.net/index.php/www.hervelegerdresssales.net/www.foxnews.com/weather/2014/01/26/freezing-temps-return-to-midwest-for-extended-stay/%E2%80%9Cwww.greetingsncards.blogspot.in/2016/03/index.php?module=announce&ANN_user_op=view&ANN_id=51016
    https://parisvsnyc.blogspot.com/2010/11/le-snack.html?showComment=1624485852309#c1089779776767810386
    https://indiafunworld.blogspot.com/2011/12/watch-star-wars-movie-in-cmd.html?showComment=1624485889641#c5663229786498290584
    https://ferraricars77.blogspot.com/2015/01/download-best-free-antivirus-for.html?showComment=1624486068498#c8658300091221398601
    https://mainisusuallyafunction.blogspot.com/2012/05/automatic-binary-hardening-with.html?showComment=1624486100227#c8167830562077840551

    ReplyDelete
  28. Good blog here! Your site will load soon! Host hostat stands, Are you moving?
    Can you use affiliate links that your t represents?
    media player classic home cinema with crack
    videoproc crack
    photostage slideshow producer pro crack
    <a href="https://cracksoftwares.co/media-player-classic-home-cinema-crack

    ReplyDelete
  29. I use this software myself, and no flaws or faults have been discovered, thus I believe it is the greatest option.
    Multiple language skills and support have been really beneficial to me.
    ashampoo burning studio crack

    ReplyDelete
  30. Hey! This is my first visit to your blog.
    We are a collection of volunteers starting with one
    a new project in the community in the same niche.
    Your blog has provided us with useful information to work with. YOU
    did a fantastic job!
    nahimic crack
    nero platinum crack
    hide my ip license key crack

    ReplyDelete
  31. Hello colleagues, how are you and what do you want to say?
    The linked post was weirdly designed for me in my opinion.

    Hello colleagues, how are you and what do you want to say?Hello colleagues, how are you and what do you want to say?
    The linked post was weirdly designed for me in my opinion.

    Hello colleagues, how are you and what do you want to say?

    ReplyDelete

  32. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    gihosoft crack
    messenger for sms apk mod
    razer surround pro crack
    norton internet security free crack

    ReplyDelete

  33. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    metro exodus gold edition crack
    shazam encore apk
    smoothvideo project svp crack
    tuxera ntfs crack

    ReplyDelete

  34. Wow, marvelous blog structure! How long have you ever been running a
    blog for? you make running a blog look easy.
    The entire glance of your web site is excellent, as smartly
    as the content!
    ccleaner pro crack
    panoramastudio pro
    zemana antimalware premium plus crack
    magix vegas movie studio crack

    ReplyDelete
  35. Hey there! I’ve been reading your web site for a while now and finally got the courage to go ahead and give you a shout out from Kingwood Texas! Just wanted to mention keep up the great job!
    beyond compare crack
    avast antivirus crack
    bitdefender total security key crack
    asc timetables crack

    ReplyDelete
  36. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    soni typing tutor crack
    instasquare photo editor apkmod
    openvpn crack
    kmsauto lite crack

    ReplyDelete

  37. Hey there! I’ve been reading your web site for a while now and finally got the courage to go ahead and give you a shout out from Kingwood Texas! Just wanted to mention keep up the great job!
    removewat activator crack
    advanced systemcare pro crack
    wondershare pdfelement pro crack
    coreldraw crack

    ReplyDelete
  38. Beautifully written and done.
    I recently started creating blogs and noticed a lot of people are just repeating old content but adding
    very little in price. It's good to add a useful article of real value to your subscribers and me.
    vso downloader crack
    teamviewer crack
    auto tune vocal studio crack
    usb network gate crack

    ReplyDelete


  39. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    avast antivirus crack

    ReplyDelete
  40. What’s up, after reading this awesome piece of writing i am also happy to share my experience here with mates.
    total xml converter crack
    pinegrow web editorcrack
    mcafee total protection
    destiny2 beyond light crack

    ReplyDelete
  41. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    metro exodus cpy torrent crack
    picsart apk mod
    comodo antivirus crack
    expressvpn for chrome crack

    ReplyDelete
  42. What’s up, after reading this awesome piece of writing i am also happy to share my experience here with mates.
    the elder scrolls oblivion of the year edition deluxe gog crack
    bandicam crack
    toad for oracle crack

    ReplyDelete
  43. Never before have I seen an employee so dedicated, hard-working, and yet still tenacious at the same time. You’re an inspiration to all of us!

    tenorshare icarefone crack

    smadav pro crack

    ReplyDelete
  44. What’s up, after reading this awesome piece of writing i am also happy to share my experience here with mates.
    red giant trapcode suite crack
    dvd cloner platinum crack
    the golf club crack
    final fantasy shadowbringers crack

    ReplyDelete
  45. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    ispring free cam crack
    mood messenger apk mod
    avg ultimate crack
    teracopy pro crack

    ReplyDelete
  46. Oh my goodness! Impressive article dude! Thanks, However I am having troubles with your RSS. I don’t understand the reason why I am unable to join it. Is there anybody having the same RSS issues? Anyone that knows the answer will you kindly respond? Thanx!!
    x plane global scenery crack
    gta vice city apk mod
    progdvb crack
    iclone 3dxchange crack

    ReplyDelete
  47. Ꭲhat is a very good tip particularlʏ tߋ those new to tһe blogosрhere. Simplе but verү accurate information… Thank you for sharіng this one. A muѕt read post!
    plex media server crack
    roguekiller crack

    ReplyDelete
  48. Thank you very much for sharing a great and important blog post. This is really the most necessary for us. I always visit this site and get valuable information.

    packers and movers in navi mumbai

    ReplyDelete
  49. It is one of useful information for me. Thanks for sharing with us.
    CenturyLink is a multinational telecommunication company. It offers a wide range of features of communication over the internet. Sometimes, due to slow internet speed, broken cable, and bandwidth connection, you may face CenturyLink WiFi Not Working Problems. To fix these issues you have to reset or restart your device or modem, and you can also contact to our Qwik Aid tech experts.

    ReplyDelete
  50. Nice Post! Thanks for giving me this information.
    Are you looking reliable and flexible Twin Channel for the Rolling Mill & TMT Bar? Akshi Engineers offer you one of the best options of Twin Channel for you at a cheap price. To know the best deal of Twin Channel for Rolling Mill, just dial our toll-free number +91-98106-62353, and you may also visit the website.

    ReplyDelete
  51. Thanks for the great message! I really enjoyed reading
    you could be a good writer. Evil Alvzis notes blog and testament
    will finally come back later. I want to support
    keep writing well, have a nice weekend!
    avast driver updater crack
    parallels desktop crack
    adobe premiere pro cc crack

    ReplyDelete
  52. I do agree with all the ideas you have presented in your post.
    They’re really convincing and will definitely work.
    Still, the posts are too short for beginners.
    Could you please extend them a little from next time?
    Thanks for the post.
    ableton live crack
    visual studio crack
    trustsoft historykill crack
    half life alyx crack

    ReplyDelete
  53. I do agree with all the ideas you have presented in your post.
    They’re really convincing and will definitely work.
    Still, the posts are too short for beginners.
    Could you please extend them a little from next time?
    Thanks for the post.
    sid meiers civilization gathering storm update crack
    luxion keyshot pro crack
    corelcad crack

    ReplyDelete
  54. Thanks for sharing this informative blog. Keep sharing informative content blog.

    Contact US on Gigolo job in Amritsar

    ReplyDelete
  55. I read your post. It is an amazing post. Keep sharing again this type of post.
    Todd Peters Electric, an Electrician Riverside Ca service provider, has arrived to your door with extraordinary electrical solutions thanks to its professional and qualified electricians. We deliver high-quality electrical services by carefully analyzing and observing the needs and budgets of our clients. If you need an electrician, simply call our toll-free number or go to our website.

    ReplyDelete
  56. Nice Blog. Thanks for sharing with us. Such amazing information.
    Are you looking for Jio Tower Installation in your area? Do not be concerned. Jio Digital Tower has provided an online option for individuals to establish JIO Towers in their region on its website. For queries about tower installation on land or roof, please contact us or call us right now. In Major Cities, Tower Installation & Mobile Tower Services are also available.

    ReplyDelete
  57. Digital paintings are a blend of technology and art. In this blog post, I'll be sharing a curated list of perfect gift ideas that any artist would love to receive!

    Please Visit Our Website : https://digitalpainting.in/


    Digital Painting

    ReplyDelete
  58. This site have particular software articles which emits an impression of being a significant and significant for you individual, able software installation.This is the spot you can get helps for any software installation, usage and cracked.
    4k-video-downloader-crack
    3dyd-youtube-source-crack

    ReplyDelete
  59. So nice I am enjoying for that post as for u latest version of this Security tool Available
    3dmark-crack-2
    4k-video-downloader-crack
    3dyd-youtube-source-crack

    ReplyDelete