Życie po ujawnieniu 'zabezpieczeń DRM' od Newagu - opowieść od Dragon Sector (film, 47m)

Das Bahnerinnenherz hüpft. You all know the story from last year. Everybody raised his hands who was here last year. Wow, nearly 70% of this whole crowd already knows. So you have fans, I'm sure. We know the story. And this year they called it, we have not trained for this, live after the Newark disclosure. And what happened in the year after last year, they will tell you. And who are these three magical guys? It's Michael, Q3K, Jakub and the destroyer. Michael is a reverse engineer and cryptographic, very active and makes low-level hacking, known for reverse engineering. And then you have Q3Q, a soul stuck between hard and software and lives between permission system. It's very interesting. And then at the end, it's Michael Kowalewski, reverse engineering and cryptographic, low-level hacking and this is what I have doubled. I would say we make a big thanks and until the end I fix it. Microphone on? Yes. Hello again. Thank you for coming here today. There's at least two other fantastic talks at the same time. And if I didn't have to speak here, I would be in one of the other two rooms. So, thank you for choosing this train wreck of a presentation. My name is Serge Bazanski. I'm also known online as Q3K. With me, I have two other fantastic weird hackers which introduce themselves now. Michał Kowalczyk, also known as Redford, from Dragon Sector, as all of us, and also Invisible Things Lab. And I'm Jakub, depending on the region, known as Mr Thick or Panklesch or Herceke. I'm a real train enthusiast and low-level engineer. Currently, I work at Flarm when we try to help small aircrafts and gliders not collide with each other too much. So, I saw all these raised hands, and I'm responsible for the first part of the presentation, which is a recap of what we talked about last week. Last year. And there's not really sense in keeping that, but nevertheless, for the remaining 30% of you that were not here, let's try to just summarize what we did. So, as you probably suspected, the talk will be about trains. These trains. This is a line of electric trains. Funnel is called Impulse. It's manufactured by NEVAC. That's a Polish company located in Nowy Sącz. There will be a lot of Polish words in our presentation. Don't be afraid. And, yes, what happened with these trains? So, the story so far is, in general, like all other things, trains have to be serviced sometimes. There are different kinds of services that have to be done on different intervals. And, among the trains that have to be serviced, we have Koleje Dolne Śląskie, that's the KD, that owns 1145WE trains. That's a part of this Impulse family. And, yes, those 11 trains have to be serviced. Warranty period ended, so the manufacturer was no longer responsible for servicing those trains. So, KD opened a public tender for servicing the trains. So, here, like I mentioned before, we have different levels of servicing trains. They are in Polish nomenclature called from P1 to P5, where P1 is the daily maintenance that you do at the end of the work of a train, like refilling sand, oil, checking if nothing is broken. And then it gets more and more complicated. In particular, we have this P3.2 service level, which basically accompanies dismantling the whole train, checking if everything is working okay, then assembling everything back, painting, cleaning, and, yes, we have almost a new train ready to roll again. So, the tender was opened. A lot of players started with this tender, but the tender was won by Serwis Pojazdów Szynowych w Wrocławiu. We'll call them SPS from now. And what is important in the fact that they won is that one of the players in that tender was the manufacturer, and the manufacturer lost and got pretty upset about this. So, in general, SPS started servicing those trains, but something was not right, so they properly, according to documentation, did all the required service routines. But after the train was then assembled, cleaned, and prepared for the test drive, that's actually a screenshot for a very nice Polish train simulator that also has impulse trains in there. So, you can see these very small letters in the center of the screen, ready to roll. But it's actually a lie. So, the train reports that everything is okay. You can see no errors there. If there were any errors, they would display right at this display. But if you push the throttle, the train should release the brakes and then apply some power to the inverters and then to motors, and then start to cruise to the selected direction. But it didn't, so it would just release the brakes, and yep, that's it. So, the workshop had a bit of suspicions what's wrong. They narrowed down all the problems, because they basically checked every single cable, every single latch, every single piece of equipment in the train, and the only thing that left was the software that controls the train. So, at some point, they got pretty desperate, and they tried to find some software experts that would help them to analyze the trains. But how do you find a software expert to fix a train? So, one of the bosses from the SPS typed in Google, Polish hackers. Then the first result was some interview with Dragon Sector, and then, long story less longer, an email ended in the Dragon Sector inbox. Hey, guys, do you have a moment? Can you help us fix the trains? Okay. So, yes, we did help them. If you want to learn more details what happened there, we really encourage you to watch or even re-watch our presentation from last year. I don't want to brag, but it was a really nice presentation. Thank you. Aside from the obvious result that we got the trains working again, we also found a lot of strange stuff. For example, we found that in the train software update logs, there were some updates that happened right before the train left for servicing. And the only body that can do and know how to do the software update and can create the software update is actually the manufacturer. So, yep. And these updates were not communicated either to the owners or to the users of the trains. So, secretly, somebody changed the software in the trains to one that would not work. So, aside from these updates, in the software, we found an actual logic bombs that would disable the trains when a train detects servicing. And when a train detects servicing in particular in a third-party workshop. And they were really nicely integrated, and there are a lot of different kinds of these software logs. I will try to summarize them. So, those trains are kind of suburb trains. So, they are in use for, like, 19, 20 hours per day, seven days a week. And no train operator in Polish has enough of them to actually have, like, a full stock of trains waiting to be used. So, each single one of these trains is in constant use. And when it's not, then probably somebody is servicing it or whatever. Anyway, if a train doesn't exceed 60 kilometers per hour for three minutes for, like, once in a ten or other number of days, it will just break and it will refuse to start again. These may be defendable, but let's see what's next. So, we also found some serial number checks. And these serial numbers, so basically the main CPU of the train would compare serial numbers of other components that are installed in the train. But the problem is that those components often break and have to be replaced, and they are just black boxes like a switch box you can put, and there's no software, there's no logic there, you just replace it with a new one, and it should work. Unless it didn't because the CPU decided, no, I don't like the switch box. This is a fun part. So, there was an actual proper geolocation embedded in the software, so there are literally GPS coordinates of competitor workshops. If a train enters that GPS coordinates, it will break. Then there are, like, simple data checks. Failure day is after something, something, the train will refuse to work again. But they were not implemented correctly. You may remember that. So, there was this international secondary compressor failure day that incorrectly implemented data check. Unfortunately, I think beginning this year, the train went to manufacturer and the software was replaced. Maybe a better data check. So, along with the locks, more or less nasty ones, there were also mechanisms to actually unlock the trains. So, not only lock logic was embedded in the software, there was also an unlock logic present there. And in most cases, it was triggered by pressing a secret combination of keys on the train engineer panel. So, jump, jump, left, right. So, we assembled everything we found. We prepared some reverse engineer analysis. We gathered software from all trains that were not working. Some of these software collections were done in an audited way with lawyers, with Deloitte as guys that were looking behind shoulders and seeing if everything is done correctly. So, we assembled this whole pack of evidence, and we reported that to some authorities. And surprise, surprise, nothing happened. Until end of 2023, we decided to go public. And we did. December 2023, we had a first presentation on my hack conference in Warsaw. Yep, it was pretty fun. Then we had a small talk on this tiny conference you may know. A lot of stuff has changed since then. Some of us got new clothes. But, yep. That's when it starts to get fun. And more details Miha will share with you. So, the main part of the presentation is the update of what happened since the last presentation. And there was a lot of things happening. So, just to give you a quick list of examples, we got invited to the parliament. A lot of Polish offices started investigations into the case. There were some criminal proceedings. Then we got sued a few times. And there was also a TV documentary. So, yeah. Let's see. The first thing which actually happened, at least publicly, was the parliamentary war group. It looked like that. We were invited there. We were sitting on the left. In the middle, there were some politicians. And on the right, the representation from Nevac. And there were also, you can see them on the photo, but there were also a lot of directors and representatives from the train companies across Poland. So, the first meeting. It was live streamed on YouTube. And we started with basically the same presentation as last year here. So, nothing here. But then, Nevac got a chance to show their side of the story. So, did they use their time? They did. So, they started with saying that Deloitte didn't work with us. Which is technically true, because they had a contract with the train owners, not us. So, yeah. Technically true. Then they said that the workshop had no right to service the trains. The workshop had all the certifications and stuff. And a public tender. Yeah. They also said that we got paid millions. They did that by extrapolating one invoice, multiplying it by a number of trains, Yeah, that's a million, right? Yeah. We are still waiting for the transfer. They said that we created a compiler. That we manipulated Nevac's thoughts. Just for the record, we didn't buy or sell anything related to Nevac. But I think that's obvious. If you think that part was off topic, then that part was actually the on topic part. Then they started showing some slides. With some rusty train components. Dirty train toilets. More dirty train toilets. And this is in the Polish parliament. And we still don't know how this relates to the software logs. But what's important here is that they didn't want to disclose any context for the photos. They were just saying that they want to talk about the general problem of the quality of train services in Poland. So it sounded like they just want to show that the workshop we worked for is shitty. It kind of sounded like that. But the politicians weren't happy about that, and they pressured them to disclose what workshop was that. And it was actually a different workshop. And what's even more important is that up to this point, that different workshop, and actually there are also train owners. It's like regional trains in Poland. Up to this point, they didn't talk to press at all about this case. They always said that they are not commenting. But they were present at the meeting. And the last ten minutes of the slides were about their quality of workshops. So, afterwards, after Nevak finished the presentation, they actually started speaking about their cases. About their problems with Nevak trains. And they had a lot. So it turned out that they were actually paying Nevak for unlocking. And it was like quite a significant money. About 23,000 euros per train. For that, Nevak replied that this is not unlocking. It's like complex analysis and software. Integration of the security system. Yeah, integration of security system. And at the same time, they have no idea about any locks. They never heard. No idea what's that. And then Polradio replied that it took them just ten minutes to unlock a train. With a problem they said that they have no idea about. That's a good hour, right? And, of course, Nevak never explained what they actually fixed in the trains. They always were just saying that they fixed... How did you say that? Reintegrated security system? Integrated security system. So, the second meeting. There were three in total. But the other two weren't that interesting. Although they had their moments. For example, on the second meeting, they didn't have a presentation slot. I mean, Nevak. So they brought paper slides. And they were still very dedicated of topic. So they showed, for example, a picture. And it says, derailed train with Ukrainian refugees. We still don't know how it is related to software locks. But I guess they were just burning time to have less on-topic discussions. Delay, deflect, derail. By the way, this is... On the left, it's Nevak president. And on the right, Nevak vice president. So it was like the top of Nevak presenting this. And then, actually like just a month ago, there was a parliamentary committee. It's like a higher level meeting. And it was weird. So, I went there. One of the politicians, actually like ex-minister of infrastructure in Poland, was very upset that we got there. He said that representatives of the group of hackers, so-called ethical hackers, whatever stealing and robbing houses has to do with ethics. And actually, you might say that this is like bad grammar English. But it's actually translated one-to-one from Polish. In Polish, it's also weird. Or even worse. Yeah. And afterwards, and by the way, he's from the Nevak region, coincidentally. Afterwards, he called for a vote to close the meeting without giving us a voice. And there was a short break. A lot of politicians suddenly appeared, voted to close the meeting, and the meeting was closed. And we didn't have a chance to say anything. Okay. Now, other stuff. In that last year, we found new cases of the locks. And one very interesting case is from Koleje Mazowieckie. It's one of the train owners and operators in Poland, around Warsaw. And they had a very interesting case. It happened before our times, so before we had the whole case with Koleje Dolnośląskie. And the case was never public. They made it public only after we went public with our cases. And it turns out that their trains had similar problems, but with passengers inside, and only when approaching one specific train station, Minsk Mazowiecki, the trains were just turning off with passengers inside. And if you remember our slides from the last year, the GPS coordinates we dumped from the Koleje Dolnośląskie trains actually included that region on the GPS. Because right next to that station, there is a train workshop from NEVAC's competitors. And if you look closely at the rectangle, this is a slide from the last year presentation. The train workshop is like on the middle bottom, this hangar, and you can see that the red rectangle, the top right, is actually covering the tracks leading to the train station, which is on the right. So someone was quite sloppy drawing the rectangle in the GPS log. And why this case was never public? Because that workshop, who was servicing the trains, thought that it happens only here. What will happen if we unplug the GPS module? So they unplugged the GPS module, and it never happened again. Laughter and applause Another case, which we can call innovation in the log system. Although I think this is the newest version of the software we found from before we made the case public. So basically, the software was always counting how many days the train was standing in one place. And they added a new thing in one of the versions of the software. Because to reset the counter, you could just put the train out of the hangar and actually start using it, but it's inconvenient. Or wait for it to lock up and then unlock. But they added a new feature. So, if you open the door, close to the cabin, and press the SOS button in the toilet... Laughter The day counter will reset. Then the counter will reset. Laughter There's also another way to satisfy this. We are not sure how this works exactly. But yeah. This is groundbreaking research. This is something we just figured out before the talk. Laughter This is a very recent case. Because the trains are still being locked up in Poland. Yeah. This train locked up a month or two ago. Something like that. Okay. The media part. We also had our 15 minutes of fame. So, this is a bit redacted first page of the Wall Street Journal. This is an actual first page. So, we were mentioned on the first page on that day. Laughter and applause Like we mentioned before, we have like 30 minutes documentary in actual broadcast television done by TVN, one of the biggest Polish TV stations. It's available somewhere on the web. We took part in many podcasts, interviews. It was really fun. But what was really surprising there that the topic really quickly diverged from the actual train problem to a more general stuff. Like, for example, public money, public code. If stuff was founded from the taxpayer money, then let's open source that. Maybe the taxpayer wants to see what's there actually. Applause And they do, but the corporations like to keep their secrets. Also, yep, right to repair. Applause Even Lewis Rossman mentioned us at some point. The problem with right to repair here is that even though European Union is working on some legislation that enables end users to repair their devices, this legislation does not cover anyhow the business end users. So even though some legislation would be in place already, it will not protect Koleje Dolnośląskie and independent workshops from that situation. And in the end, yes, we are just three introverts that were taken into spotlight and had to talk with people, so it was really exhausting. On the other hand, it was really satisfying. Still is. But, yep, now, again, the fun part. Applause Hello again, again. You might usually know me from such hits as adding dash publicly accurate to exercise or making a gardener to high vacuum adapter. Today, I'm going to spend 15 minutes boring you to death about legal details. So, as we said earlier, one of the first things we did is we reported a whole bunch of our findings to a bunch of Polish agencies. Again, there's going to be Polish acronyms. We talked to ABVU, which is like the Internal Security Agency. They started doing some processing. We talked to UOKIC, which is the Polish Office of Consumer Affairs. They also started looking into it. We had a nice chat with UTECA that ended up with nothing, unfortunately, and there's also, as far as we know, some proceedings by the Polish Anti-Corruption Bureau. So, things started moving. Unfortunately, UTECA kind of said, sorry, if a train isn't moving, then it's very safe, so we don't have anything to do with it. Laughter But the other three agencies kind of did their thing, but what's important is that all of this work effectively caused an investigation to happen by a Polish prosecutor's office in Kraków, in southern Poland. And this is kind of like the main case that we think about that's going to solve and help bring to justice those responsible for the locks. Unfortunately, even with a clear case being mounted currently against no one, that doesn't stop the Polish press from issuing statements like saying that the software which introduced the locks was installed by hackers. The source of that was Trust Me Bureau. This was just added by the journalist that published this in the Polish press agency. And interestingly enough, even though the prosecutor's office then published a release saying, no, we didn't say any of that, this is still up. So, I hope whoever wrote this steps on a Lego. Laughter Because this ended up being, unfortunately, duplicated by a whole bunch of Polish portals because, you know, that's how news spreads. But, yeah, criminal proceedings in Kraków, what kind of one immediate thing that happened, well, not immediate, but like tangible thing happened is that the NEVAX offices did get raided by the cops. So, at least something is happening. I'm not saying... Applause I'm not immediately confident in saying that this is going, you know, there's going to be intangible results from this because this was kind of done late. And I do not wish to imply that any evidence was tampered with, because I don't know what happens with computer data. We were also interrogated as witnesses, not as suspect, but as witnesses. We delivered all the documents, all the information we had to the prosecutor's office. And as far as we know, the thing is still in progress. So, we just have to be patient. So, that's the good part. The bad part is this guy doesn't yet know what's about to come. This is me a year ago. And that's civil lawsuits. Two of them. One... So far. So far. There's two lawsuits. The first one was filed against us in Warsaw by NEVAC IP management. And it's about unfair competition and intellectual property infringement. And the second lawsuit was filed in Gdańsk, which are, like, opposite sides of Poland, by another part of NEVAC. And it's about unfair competition and violation of personal rights, which is a Polish legalese way of saying lies. Laughter And damages from that. And you might ask, you know, two lawsuits? Isn't that a bit weird? But, you know, apparently, they argue that because it's kind of two different companies, even though there's, like, 100% ownership, they're all subsidiaries of the same group, they get to file two lawsuits. They have a few more organizations left. So, maybe we'll get a few more. There's one here that's particularly interesting. Unfortunately, it's an old report, so I'd have to check again. But there's the kind of box on the top right. That's a shopping mall in Nowy Sącz. Laughter I think they sold it, so they're at least not going to sue us. Unless maybe for this slide. I don't know. Laughter But, yes, first lawsuit. NEVAC IP management spoke in Warsaw versus us. It's 164 pages of things. But I'll try to summarize it. It's very difficult to summarize because a lot of it is, like, repeat. A lot of it doesn't make internally sense. But I'll do my best. Basically, they want money. They want us to apologize. And they want us not to work on the process anymore. And their kind of main arguments, as far as we can extract them, is that we modified the software by analyzing it and decompiling it. And that infringed on their copyright because it's derivative work without their consent. They say also that we didn't modify the software because there was no bugs to fix, so we didn't have to modify anything to fix them. Laughter They also argue partially that we didn't have the rights to the software, so this is why none of the clauses that allow you to perform analysis work applied to us. Which, like, you know, we're in the custody chain where people are using trains on a pirate license. But I think they're trying to argue that maybe the train workshop or maybe even the train owners didn't have a license to software and they were just, you know, running piratebay.org software. I don't know. Laughter They also argue that SPS wasn't qualified and, like, broke the contract. They say we aren't qualified and we're incompetent. And they also kind of go into this whole argument that we are publishing illegal instructions on how to hack trains. Applause They also argue that we infringed their copyright additionally by talking about this in Hamburg last year, and they give us proof of this slide of code that I showed. Except if they listened to the talk, they would know that this is code I wrote. Laughter Then they continue in the same lawsuit. They don't refer to code from the presentation, but code which I then posted on Mastodon, which they say this is also their software, which it is their software because it's the lock code. And they also argue that this is their intellectual property. Laughter and applause So that's the Warsaw lawsuit. It's a lot of this sort of stuff. Again, any time you read it, you're just like, guys, really? Second lawsuit, the one in Gdańsk. This one is mostly they just want us to shut up. They say we have no proof. They say the locks are just like conjecture. They would never do that, and we're damaging their reputation by talking about this. And also that it's very, very bad that we talk about this publicly. Unfortunately for them, one of the primary ideas behind the modern justice system, a fair justice system, is that this has to be done publicly for it to be fair. So it kind of sucks for them that this will be public forever and everyone can access the court documents. But they're very angry that we publish court document fragments. More likely, there's one thing I learned, and that is if you post hard enough, your posts will end up on lawsuits. Laughter and applause In this case, apparently, this little facsimile of the logo I wrote that says, NAVAG, we sue researchers, was a hurtful insertion. Laughter Perhaps if they're hurt by this, they should stop suing researchers. Laughter and applause But wait, there's more. Just, I think, a few weeks ago? Yeah, I think two weeks ago. They also decided to sue one of the members of parliament that was running the initial work group. Yeah. And who invited us. And again, this is kind of a good reminder of the sort of bullshit you have to deal with when you get sued. It's like this sentence, we spent a big amount of time trying to make this legible in English, because it doesn't make much sense in Polish. But let's go ahead. Due to the actions of the MP, open support for one of the parties to the dispute, and above all, due to the statements of MP Paulina Matysiak and her attacks on our company in his good name, we are forced to take legal action. We have just filed a lawsuit against her for violating our personal rights. So they're suing, apparently, everyone now. To summarize, a bunch of institutions that we are in touch with, so Anti-Corruption Consumer Protection Office and Intelligence Office. That culminated in the primary prosecution in Krakow, which is still against no one. There's one little asterisk to this, is that NEVAC also reported supposedly a crime committed by us to the same prosecutor's office in Krakow. That's kind of something that the prosecutor's office also now have to deal with now. So they did interrogate some of us. But it's just, you know, it's the same case, just more of it. And yeah, a bunch of lawsuits from NEVAC. One lawsuit, second lawsuit, which we're still waiting for the court documents for. There's the lawsuit against Paulina Matysiak, and then, you know, whatever's going to come next. I'm sure it's going to be exciting. Other than the lawsuits, what's happening for us? I know I promised last year there's going to be a technical report. Sorry, it's not there, because, you know, there's a bit more things happening than we expected. So this will basically have to hold on until this whole thing dies down, and then we can publish the full report. But for now, we just aren't... We didn't even finish writing it, so... We have a court date on the 15th of January. If you would like to attend, especially as a Polish-speaking journalist, you are allowed to do so as a guest, as an observer. I would highly recommend you do that if you can. And yeah, we're still waiting on the criminal investigations. You know, that's probably still going to take a while. Because this is a Congress talk, I figured we have to have some lessons learned. I wouldn't be speaking here if I didn't have something. Thank you very much. You might not be in the exact same position as we are, working on hacking trains and being sued by... Sorry, two civil lawsuits. But in any case, you see something like this happening, we do implore you to go public. It's not that bad, and it's definitely worth the effects. You will find support, especially if you do this in a group. You know, there's a few thousand of you here, so we always feel strong support from everyone here, and we're very thankful for that. So yeah, any time you have this sort of stuff, just do it. We regret nothing. Thank you. And speaking of support, we would like in this place to thank the Security Research Legal Defense Fund, almost made it, who supported us initially with financing our legal defense. And also, we would just like to announce that the Chaos Computer Club has also announced a crowdfunding or a fundraising for us. So if you'd like to help us in our defense costs, there is a press release from the Chaos Computer Club, which will be linked in the next slide, and if you can donate and you want to support us, now would probably be the right time. If you have any questions, or direct deliveries of the time. Wow. Wow. Michael, QCK, and Mr. Tick. Woo! Yeah, questions here on the microphones or via the signal angels? I see there is something from the internet. Yeah, the internet wants to know, did you happen to ask the emulator authors, basically, if they may want to be back-to-back compatible if the date happens to be somewhere in November? It may be tricky regarding copyright, whether we can add the code there. It's worth a shot. But if you have a good emulator that we can integrate, you know, hit us up. But the simulator is open source, and actually to create a video at some point, yes, we implemented a behavior similar to the locks in the simulator. So you just push the release locks, and nothing will happen. Thank you. Microsoft One? Microsoft? Okay. Thank you for this talk. That's so incredibly much in the spirit of, you know, CCC talk. Has Netflix approached you? No, not yet. Season 3. Microphone 2? Yeah, also lots of thanks for the talk. Last year, we were very strict about not modifying any of the firmware because you said it needs recertification. So were the locks recertified, or is this not fully accurate? Or can you not say this? You mean after the locks were installed by NEVAC, where the trains were recertified? Yes, because you specifically said you would need to recertify the software if you modify it because it's a critical component. So did you recertify the software with the locks? So the trick is that NEVAC says that they have no idea about the updates in the software. But they did offer to all the train owners that if you just want to bring your train to us, we'll update it for free. Yeah, after we went public, they sent a message to all the train owners that there's a free update. Microsoft number 4? How is NEVAC doing business-wise? And how many trains have they sold since then? Or sold less since then? Actually, they are doing pretty good, because as far as I know, they sell the trains mostly in public tenders to government, and you cannot actually exclude them until the court decides that the fault is theirs. So I think there's no official way to exclude them. The next question from the internet. Yeah, the internet wants to know if there are any laws in Poland against frivolous lawsuits. We wish. We wish. As far as we understand, no. But that doesn't mean we do not see this as frivolous lawsuits. We keep saying that this is pretty much slap. We know that this is, you know... We really strongly feel that they just want us to hide away and leave them alone. So, yeah. Thank you for noticing. Unfortunately, no laws. So we just have to deal with it. Microphone number six. Last year, I asked, were you concerned? This year, I think the question is, do you have any regrets? Would you have done something different? And hi from Ben. Go public sooner? Yeah, go public sooner. Probably, yeah. Microphone number one, please. Hi, thank you for the talk. Did you get a look at the new firmware after you went public? You mean software updates after we went public? Yes, especially after they offered the free upgrades to customers. So I think no one accepted the updates. Surprisingly. So, then we don't have any questions. So this is the point where we make a big shout-out for Michael, Q3K and Mr. Tick. Thank you.

Menu

Życie po ujawnieniu 'zabezpieczeń DRM' od Newagu - opowieść od Dragon Sector (film, 47m)

Toggle timeline summary

Transcription