PG - Mainframed - The Forgotten Fortress - Phil Young

can you hear put your hands yeah all right I'm going to go ahead and get started so so my talk today is going to be about main frames something that's sortly lacking in the high security talk conference space um just to get everyone because it's the first thing in the morning I want ask you two questions first question when you answer it I want you to keep your hand up okay so how many of you work for have worked for or done a security assessment on a main any of those okay now keep your hands up hands up now how many of you when you were doing any kind of work for that company had an account on the main

frame all right like half the room all right everyone put their hands next question what's

that how many of you in the last three days have you me so I'll put my hand up so done with some crap yesterday but but yeah I was kind of vag I was being vague on purpose but everyone's hands should be up because last night for sure credit cards got processed banking things got processed if you came here on a plane definitely your name went through some Mainframe on flight information the government's probably doing some stuff so they've got they're processing things all the time it's being used all over the place so the point was to show that but main for is re new all the time so a little bit about me I'm an IT security

analyst I do I do work it security space I guess I've been doing it maybe eight eight years or so I started out when I was really young I got into x25 networks in Canada like data pack uh I don't know anyone knows what an x25 network is anymore um it was free and that's why I was into it because it was didn't have to cost me anything um I'm not a Mainframe expert by any means I this is just a hobby it's a weird hobby I know but it's my hobby um that's not me by the way that's if you can't tell so this talk I'm going to be talking about zos I'm not going to be

talking about as400 I'm not going to be talking about the HP nonstop I'm not talking about the bs2000 yes that's the name of a main frame system I'm going to be talking about Basics because I feel like there's a a lack of basic Bic in the it security space just even Mainframe Concepts and then I'm going to talk about some of the security stuff that's going on in the Mainframe space I wanted to make a point here it kind of doesn't really fit anywhere but I wanted to put at the very beginning the main frames are not legacy platforms Windows NT is a legacy platform zos or zos I'll use it interchangeably they released a version

last year they release a version every year or so they release recent updates they're up to version 13 companies update them they have modern security controls if you talk to anybody that says we can't do this because it's Legacy oh we can't have an eight character password because it's a legacy system no that's not the case that's not applicable it's a it's a current operating system all right thing to think about mainframes is they really existed before it security was a concept SEC it Security on the main frame when it was invented was a guy with a gun in front of the door to the main frame room okay that was their it security now as you got remote logins

and as people were needed to share time on the main frame they started implementing security controls but they were invented and all the operating system underpinnings were invented before all that existed large companies grew up around main frame that's why people are still using them today so I like to call this like so what who cares right I just did a search on Monster Dice and Google looking for zos and Rath and I came up with all these and it's a whole slew of different companies food line I couldn't find Space to fit it in but food line was also there all kinds of companies government entities are using main frames Okay the reason they still use it

is because they spent millions of dollars implementing their main frames and then when windows and Linux sort of started picking up steam they just built it around the main frame sort of like a castle I like that metaphor in like a medieval castle and then all the little Villages around the castle walls that's sort of what's going on here so mainframes really are security through obscurity like how many of you guys know what rack f is or how many of you guys know well you do and how many of you guys know what like TSO is or omvs all these weird terms that they throw around do you guys even know if you an map scan against one

what would you do with that information do you know if that's if the open ports are appropriate do you know how to run you know there's just things they're just obscure people like to think I think I talked with a gentleman and he was telling me that oh it's that cool big black box in the data center but we don't touch it we let the Mainframe Security Guys manage that but we don't look at it they have their own security policies their own everything and I was working with the client and they told me that mainframes are more secure because it's not like Windows and Linux you can't just go out and buy a $150

computer and start messing around on the main frame you just you just can't do it that's not true I'll step down because I have to more fall over so you can emulate the zos main frame in Hercules and you can emulate it and IBM actually has a product that does the exact same thing this is me running I I just like to play around I mean um this is me emulating OS 360 in Hercules that's the Hercules in the background and the foreground is a 3270 emulator that connects you have no idea how hard it was to change that that that's from the normal one but so Hercules currently maintained by a gentleman named Jay Maynard you may know

him better as the Tron guy see this GNA work see if I can do this there we go okay if you see him I want I'm I kind of want him to be known for being the guy who works on Hercules not for being the strong guy right so if you see him say thank you for Hercules because it's it's difficult to work with it's made for Mainframe folks but it's a great tool IBM has the same thing they call a zpd now the IBM one is only for development you're not even allowed to run production stuff on it you're not allowed to host data it's only for development it it's a CD you throw it in

a laptop it comes with a USB stick with the license on it put your Li put your license in your computer you boot it it boot zos you're good to go you need to already have a Mainframe to get access to zpd they don't let I don't know why but they don't let you get access to their development environment unless you already own a main frame talks about some main frame Basics main framers speak a totally foreign language they speak in different terms it's not that what they're saying is different they're saying the same things we are they're just saying it differently yeah so system programmer administrator so when someone if you talk to a main frame person they say oh

he's a system programmer they're just administrators IPL initial program load that's booting the main frame that's you're loading the initial program it's not it's not rocket science but they'll use the acronyms for sure Dai hard drive it it literally stands for direct access storage device lpar logical partition think of it like a like a partition you have like Windows in Linux that's all it is data sets file PDS is a partitioned data set it's just one file that has multiple entries in it virtual machine USS OMS VAR on and off means enabled disabled but if you speak to someone who's been a main framer they will speak in these terms they won't say partition they will say

elar and if you don't know what lar is and you ask another question get egg on your face it's not great part of the main frame is the master console the master console needs to be secured at all costs okay is not hyperbole you can use it to start stop Services allow jobs to run execute jobs with system level privileges when you're on the master console you're not running as a user you're running as the main frame okay when you run a command there your the main frame is going out and just doing it at at the machine it's not referencing the security databases it's not doing any of that kind of work right you can turn off things like the

security you can just say you can vary off rack F you would never do that because that would basically Doss the main frame but that's something that could happen that's why you need to protect it and you need to protect it because there's no password when you connect to it now I'm sure there's going to be some some main framers who come talk to me and they're going to tell me well that's not necessarily true and they're right you need to know the port you need to have the tn3270 and you need to have the master console be waiting for a connection some companies have that running and it's waiting for a connection so all you need to do you

need to treat it like it needs to be in its own private network access to this it should not be on just your normal corporate Network to connect to Theos to communicate with zos it's not that hard like I just said you just need a 3270 emulator or you can use telet or SSH if you want to connect to un the problem with 3270 it was a protocol that IBM developed in the 80s 90s it's clear text wi shark has no problem following the stream wire shark has no problem showing me my password when I log in IVM identified this they added SSL certificates so that you could protect against someone sniffing the sessions some companies implemented some

companies working on it because maining of Legacy so they're working on them I don't know honestly that's a good question I don't know if they are but yeah now I mentioned earlier data sets a data set just a file on a main frame it's composed of a high Lev qualifier and then other qualifiers okay easiest way to think of it is the root is the first one that's the high level qualifier and everything after the dot is whatever so if you have like B id. password that's a data set and bsides is the high level qualifier and password is the file that you're going to look at if it was bs. password. hases hashes would

be the file you're looking at and then the rest would be the qualifiers to get to it Okay the reason it's important to understand that is because files and folders don't exist on a Mainframe they don't call them that they call them data sets you ask a Mainframe person show me this file they will not even know what you're talking about what you talking about you want to see the data set when I was getting started main frames and I had no idea what was going on I just said oh I just replaced the dot with a slash that's super easy to understand now I get it TSO is time sharing option that's generally how people interact with the

main frame dayto day you can add remove users you can do networking commands you can run custom scripts you can execute jobs jobs are it's like a scripting language and you write down what you want a program to do and then you submit it to the main frame and the main frame depending on your priority and depending on all those variables it'll then submit it and run it and process it and then return the results to you later right so that's why so you write a job and it just process it and gives you the response uh TSO is called a segment and later when I talk about Unix it's also a segment the worst part TSO logins have a

Max character length of seven characters you can't go larger than that it's a limit it's a limit within TSO but even worse is that on the TSO login panel you can enumerate users it tells you at the top there I don't know if you guys can see it says user ID bze not authorized to use TSR so I wrote a script that uses expect and C 3270 which is the console 3270 emulator to take a IP address and a us and a list of user IDs and to walk through connect to the main frame try it record the results and just iterate through that whole file it's aov of concept it's on my site bitly slmf

framed it may or may not work in your environment it was just to show that it could be done on a test environment so some interesting commands this is what TSO looks like so red you can change these colors but it says ready and then you just type the command this is the help command same as man you just type help whatever I think this is actually a little more elegant than man man stands for manual but help whatever help user ad help list gives the everything you need to know there's a bunch of network commands that are built in I'm not me look NS lookup Trace rout and net stat net stat will give you a

list of all the open ports that are running on that main frame um now this is not the easiest thing to work in it's uh so IBM they have the interactive system productivity facility it lets you browse they call it ispf no one calls it that they call it ispf it lets you browse and edit files quickly it allows you to run commands on the main frame it's composed of screens and I have a a slide you'll see um and options can be combined because on the main frames time is important so you don't want to waste time waiting for a screen to load if if you're going to do if you know you're going to go three

screens in you don't want to have to sit there and wait for each screen to load you go you can just daisy chain your what screens you want to see so you just type ispf at the P so here as an example I wanted to search for some files on the main frame so I just type 3.4 so three if you can see it but three on that list is utilities and four on the next screen is data set list or DS list okay that brings you to this screen on the left all I did was put in CIS one as my high level qualifier or the root folder I was interested in and then you H enter and

it gives you a list on the right of all your of all those dat data sets that begin with that high level qualifier you can go down and it takes wild cards and all that stuff and you can see that that listing is much better than this this is the same results if I did the same command at the TSO prompt instead of using ispf no one uses this I mean rarely anyone does unless it's a catastrophic failure and ipf doesn't work no one generally uses this interface they use ispf it also has a wonderful file editor uh TSO comes with a line editor it does come with an editor but you have to essentially list the contents of the

file count the line you want to go to say you want to edit that line make the change to that line then save it and then reprint the whole file again that's horrible this is much better this is what's so when you're adding a file in main frame you can just use this editor it's all right the thing with tn3270 though is is you can make all kinds of changes here but it's not it's not interactive so as I make changes to the screen until I submit until I nothing's going on on the main frame side so I can I can make I could edit this whole file and then close the window and lose all my changes because

they're not happening on the main frame they're happening in my screen until I submit Unix comes with Mainframe it uh comes as part of zos they don't call it Unix on the main frame if you talk to a Mainframe person they will never say Unix they will say omvs or they will say USS USS stands for unicem services is it is required if you want to run tcpip on your main frame if you want to have TCP iip on your main frame you got to run Unix so therefore everybody has Unix because I don't think there's many companies that don't want to have tcpip access to their main frame the worst part you don't need password to sudo

rout if you're part of a group there's a what's it called it's called a class if you're part of the bpx dosup user class you don't need to provide a password if you sue up to root in Unix there's another thing called surrogates where for example if if I'm going out of town and I need to run the payroll job I can let Rogue clown run the job on my behalf but she doesn't have permissions to the payroll files so I say you have surrogate authority over my account so you can run that job one of the side effects is that if she goes into Unix she can sue to my username without providing the password to

okay to get access to Unix you can either do it through SSH or tnet if it's running or if you have TSO command you can just type omvs omvs gives you a shell prompt here I just ran uname um or iell iell is essentially a file browser for the Unix file system that's running on the main so you can edit the files in there the same editor as the other one that was running in ispf this just called iSell you can run TSO commands inside of Unix so here's an example on TSO I just type time and it gave me the time I did the same command on Unix and it just submits time to TSO

and it Returns the results okay now and I want to mention this at the beginning but this is a better slide to talk about it the reason I wanted to give this talk initially because I feel that there's a gap between it security folks who are doing it security research and releasing tools and generating all that material and maintenance and this is a good example of how what I mean by that I tried to brute force my login on the main frame like I know what the username and password is so I tried to brute force it using THC Hydra and Medusa neither of them worked I mean both of them just aired out the

first one this is not a tet protocol I literally just tet it in 5 seconds ago and it's telling me it's not tet protocol and Medusa wasn't able to identify the login po nmap Beed a little bit better it was able to at least tell me that I was kind of running a Mainframe because I did a service scan um however there was no OS matches it couldn't tell me what the OS was and when I tried to use brute force using the the nmap scripting engine that also didn't work it was also unable to identify the login prompt I wanted to point out here because I didn't want to have a whole slide dedicated to it if

you see here BSD derive T net D is running that's the version of tet they're running on the main frame it is not vulnerable to the telnet exploit when I ran it I was like this would be amazing like I'll blow up the world this is great if that works of course it's not going to work it's a different architecture right like I don't know what I was thinking so no I didn't do anything just sat there I was like nope not going to work so racka stands for resource access control facility everything that's security related in zos is managed in that one database all access to all the files all login times password expiries everything

including the password hashes it's all stored in one file within rack F people can be assigned what's known special attrib it's not a it's not a group it's like a it's like an attribute you give somebody they don't have administrative access on the main frame per se so if they don't if you don't give them access to a file they don't have access to that file but they have access to change anything they want in the RF database so all they can all they need to do is go into the database change that permission add them to the list of people who have access to it and then go back and access that file okay that's why it needs to be

limited to only a handful of people not many people should have this level of access on the main frame rack f is one of three main security products that are on the main frame right now top secret is another one acf2 is another one I know when I talk to people about that that sounds weird because security is built into operating systems it comes as part of the package right that's why when I was talking about how main frames were invented before it security that's what I was talking about they had to add this on top of the operating system okay that's why it's replaceable that's why you can replace rack AET acf2 or top

secret they do the same thing they just do it differently some companies went with acf2 because that's what was available at the time or they they acquired a company that was using it some companies use top secret um top secret and acf2 are both owned by Computer Associates I don't know why they well it's obvious they have two competing products because no one wants to update their main frames and switch over to one product right so they have to maintain both it's really easy to find where that database is it can be anywhere on the main frame it's not like SLCC Shadow it can just be wherever they want to put it they call it whatever

they want so if you want to know where it is you just type the command R VAR and it shows you where it is now each rack up database has a backup when you make changes to the the backup is there for a like Hardware failure not user error okay if I make a change in rack f it is written to both databases at the same time but when someone needs access to something it only reads from the primary so the idea is to have them on two separate hard diss or two separate storage arrays and then that way you'll know if you lose one storage array you're not going to lose your rack up database and the whole thing's not

going to shut down access to these two files so if you guys got a main frame you're thinking oh my God what go take a look at that file you type in this command and then you can go to your main frame experts and say who has access to to these two files you want to make sure even read needs to be limited on a need to know no one should have read access to this unless they're an administrator or an operator and even then it should be really it's got to be really limited because it stores all of your security settings and the hatches and I'll talk about why that's important in a bit the max

characters are eight someone in here I was hoping that there'd be like a super Mainframe expert in the room who would challenge me on this the IBM imp mented past phrases the minimum for past phrases is 14 characters and it goes up I have never and I've been auditing main for a while I have never encountered a company that uses it now I've not gone into the government space but I'm pretty sure I've never encountered just never seen the character space is limited to Upper lowercase numbers and three special characters that's it you can have you can even you can set up crazy rules in racka you can say I want the third character to be a number

and the sixth character to be a capital consonant and that's what the user is going to have to use if you want to look at these settings you can just type set Ops list you can't only people have special can run that command and it'll show you all the password configurations it'll show you the expiry it'll show you aging it'll show you the history settings it'll show you the the limitations like the fourth character and so on

yeah good question that's a great segue so the hashes like I said are stored right in the database if you go on IBM's website they say they use a oneway Dez hash that's all they tell you they don't give any explanations do some other research someone published a a nice little gotic you can't really see it but it's on cbd.org they published a nice little article about it what they're really doing is they're taking your user ID that's the salt they're taking your password and encrypting your user ID with your password and then storing that encrypted data I don't want to say hash but data in the RF database okay if the password isn't eight

characters they pat it with spaces epidi that's everything in the main frame is epidi they pat it with hex spaces right and then not hex spaces they pat it with spaces then they exor it with hex 55 and then they shift it one bit to the left I can't take credit for figuring this out I definitely did not figure this out I was while I was trying to figure it out I was working I was emailing Nel penin who had already figured it out and and I was trying to figure out like I want to figure this out and you just emailed me and said here this is what happens like great so let's take an example four of eight A's

okay so eight A's a in epid is C1 or this in binary you exort it with 55 you shift it one bit to the left now your Dez key that you're going to use to encrypt the username is hex 28 that's all they're doing so once that was figured out I was working with and Nigel was working with him as well with ad by Dro Kia he wrote a plugin to John to take that encrypted value and crack it if you give it a list of usern names right just using John you guys know how to use John the difficult part was getting the data out of the racket database but he also wrote with Nigel's

help a file that just strips out the username and the hashes from the rack database that's why no one should have access to it that doesn't need access to it because if they have read access to it they can copy it and do this same thing same thing as the shadow file right Shadow file needs to be limited to people this needs to be limited to the minimum amount of people yeah go ahead yeah yep like no because because you're you you still need to brute force it because you don't know the password like you don't know the key right and that's what we're trying to figure out is the key that because we know what the

unencrypt values but so Nigel also released a tool it's it's it's not the same so John is used for just straight up cracking passwords rack F snow he released it in April it is used to obviously crack the hashes but it's it was more designed for areas that want to test that people are following the password policies and not creating weak passwords so he has options to say limit don't show me the full us the full password just show me the first four characters it's a Windows only tool it only works on Windows it takes it it's all in one though so you you take the rack database you set up the any file to to say where the racket

of database file is you click go and it goes and then it generates a report like this okay um I wanted to give a demo I'm going to give a demo on how to on how what what John looks like we're doing this my JCL I have JCL that I wrote up to copy a rack if database which you can get from my this actually points to a GitHub site I'm going to show you that you need to replace so when you run that R very command that I showed you before you just take that entry you throw it in the JCL you change one of the data sets to the two because all the JL is doing is

copying a file okay it's nothing crazy special just for whatever reason you can't just type CP space file name file name you have to type this to copy a file all right so this is JCL this is what I was talking about earlier um you need all you need to do is change the CIS one. rds.b backup to whatever your recf database would be and then open one. recf copy that's the word my two data set um I can't take credit for writing all the JCL I had some direction from Nigel but I rewrote it to to be a little bit more to explain a little bit more for people who don't work in main frame

all the time once you have a copy that you can just FTP off you're going to need to connect with FTP you're going to have to get a binary file transfer because when you're ftping something from the main frame it's going to translate it from epid to asky and you don't want that you want the binary file so just type binary and then you just get a copy of the file right all this is just to really just copy the hashes I mean that's that's it right it's no different than if you're on a Unix platform you're just copying the shadow F so let me give you guys a quick demo here difficult with the one hand so set

up a little slide here so I downloaded John the Ripper from uh G just that's Magnum jumbo that's the most current version that's available right now if you [Music]

do so this is the program that will extract the usernames and the hashes so it expects the binary file so I've already copied the file this folder you see it's and this is on a test system it's already 13 these files can get enormously huge in the 600 to gigs of just usernames data and settings so I have a copy of the rack of database here I'm going to just extract the

hashes

us used to have a demo about racket snow and if I have time seem to have half an hour left so or 20 minutes at least so I can give a demo of RF snow so you guys care just runs same thing one of the things I thought that would be interesting for me personally to challenge yeah go

ahead so yeah so so I I cut out some stuff there's a command on the Mainframe that you actually run um called the database unload it doesn't unload the database they call it that but it doesn't actually like unload it doesn't break the system what it does is is it takes all that data that's in that binary file and it spits it out into one huge text file and it has all these separators and IDs and keys that and then my IBM has designed access database scripts for Access and Excel to strip out all that information and put it into a readable format they've done this all for us because they've done it for an audit

function if people want to know like you were saying if people want to know what permission who has special or they want to know who has who can sue or who has uid zero you can give a user uid zero in Unix if you wanted that to be the if you want to look at that that's how you would go about getting that information so one of the challenges I when I got this this uh test environment up I wanted to see how hard it would be to get netcat working that's not that tough on the old netcat netcat 110 neat I think is up to like 17 or something like that impossible the old one all I had to do

is make a couple of changes and add some if defa statements and add it a make statements to make some changes it works everything is an idate so it sort of works but DD lets you convert that into aspet so you can pipe to DD not saying the command right but you can pipe to that command and you can convert it I added a make option this is an example of it compiling on the main frame itself I logged into the Unix environment I'm actually in OMS here so I'm not I didn't tell net in I didn't ssh in I just logged in through TSO typed omvs at the prompt and then went to my temp folder

and compiled netcat in Unix the one I made because I thought that'd be interesting was it has the dasht and the- E option enabled so it has it lets you execute files and lets you run stuff it's also available on my GitHub I made it available to all why I wanted to do it you can run it like I said you can run it from omvs there me just typing in the commands or you can run it from The Tell net prompt you can run it neither or problem is like I was saying when you connect it comes back with garbage it doesn't look the first time I tried this I was like well I guess it doesn't work

guess I can't use this I have nothing to talk about and then I was looking up I'm like I'll wait a minute there's probably something going on because when I'm so then I looked it up and it turns out last year at Defcon one of the capture the flag tests was an epid something you connected and it gave you epid data and a guy showed that you could just pipe it through DD and get the output because I was searching I'm like what am I going to do with this connection right cares oh great neat works you can't can't do anything unless you have a main frame to connect to it right so I found I've did

some search I was able to find out that you can run it no problem there's a ton of resources online about main frames a lot everything is available IBM makes it all available the red books our guides they start from zos Basics all the way up to installing db2 to getting HTTP working into the fine grain Det details of how to get all that stuff working and they provide it all for free uh the IBM info center is a great resource if you have like a one-off question it's like a just like a giant Microsoft help file it has all your topics inside and you can search through it but it's a great resource if you need to know hey how do

I change this panel from the default oh you you can't okay great the Hercules mailing lists are are also a really good resource it's full of people who have been living in breathing main frames their whole life they're super knowledgeable there's files in their Yahoo groups because they use Yahoo groups for the mailing list there's files in there that are great they're doing it for more of a historical they're they're getting really old operating systems to run for example uh there was a video online of someone running OS I can't remember maybe 360 or Os the VM or maybe IBM Doss on a Raspberry Pi because that guy thought well this used to take a whole room like bigger

than this to run and now I can run it on a tiny little $35 computer and actually people have actually gotten them running on Android phone they're just their just run on their Android phone this a Linux St they've gotten Hercules running on their phones the rackl mailing list is a great resource if you have a question about RF you don't know anything about rack F you can go there you can just I follow it I read it people ask questions all the time and it lots of people ask questions about SSL Sears on there questions about hey if I if I do this what's going to be the outcome or how come I can't do this

and then they'll they'll tell them oh you can't because of this reason or it's really knowledgeable IBM it's not run by IBM but IBM is on the list these two books are great resources if you're looking into Mainframe security um one is what on Earth is a Mainframe it's like super tiny it's not very thick but it's made for people who don't even know what a Mainframe is you guys don't need it because you just sat through this wonderful presentation but I would honestly honestly it's a good book and then IBM actually released a book called Mainframe basics for security Pros it it outlines everything you basically need to do to audit and look at security on a

Mainframe from a from a locking it down point of view there's things you need to look at on the main frame and they point out how to get to it how to look it up how to run the reports how to do all that work it's a great book it's not very big but it's it's a really good resource all of these and way more links are available on my Tumblr H Tumblr you just go to Mainframe 767 tumblr.com and I think I think that's it I think anybody have any questions yeah I got I got about uh 10 minutes to go here anybody have any questions about main frames yeah sorry the question was what was I

running it on I was running it on the system no no you can run it on it doesn't take much horsepower to run Hercules especially the really old like the OS 360s and whatnot it takes takes almost nothing to run those CPU load is almost zero anybody else any other

questions is that yeah probably yeah yeah I mean it's just de so they could probably do that I don't know I think I don't I've not taken the time to figure out how to do it but if they' added Dez to the CL or something in John yeah then then that's no problem there are Dez crackers that are purpose built Gates that you make and then it'll crack it in x amount of time but the point is you're just just going for both you're not going for one specific user any other questions yeah not that I can talk about um no I mean these things have been around for forever and they've had multiple security like I mean multiple SEC

security audits a year not just so so from a from a keeping it away from people and and that standpoint and like trying to trying to lock it down it's been locked down it's been severely locked down in certain areas in other areas where people never even knew to ask these questions say for example um I've never seen on an audit script where the rack of database is stored and to make sure who has access to that database whereas on a Unix audit script you will always see make make sure to check the permissions on the shadow file right so there are some things that have never been checked before I have not gone back and redone

work to see what I've discovered it's still applicable but um but yeah not it's not that bad it's and generally these things are the the crown jewels of the company they're the the bees knees so they don't want they they don't want people to get access to it they don't want people to even know about it that sort any other questions all right well thank you everyone I hope you enjoyed [Applause]

it

something