破解bbiagent 2.0?

ttsee · 发表于 2006-2-4 03:11:21

说一下你硬件配置啊

platinum · 发表于 2006-2-6 01:13:09

通过用 IDA 对 init 静态反编译发现，里面做了好多细微工作，包括释放一些文件（猜测），但调用的时候却是远程调用一些库
由于 BBIagent 用的是 uclibc，而非普通的 glibc，所以 IDA 没能跟踪出函数名称，只知道调用参数，所以换了另外的方法

通过对 rootfs 展开后，将里面 init 用到的 lib 库复制到 Linux 系统中后，用 ltrace 跟踪 init 发现了一些线索

[root@PT_LINUX sbin]# ltrace init
__libc_start_main(0x804cb40, 1, 0xbffffb24, 0x804d178, 0x804d1c0
strrchr("init", '/')                                                       = NULL
umask(022)                                                                = 022
geteuid()                                                                   = 0
getpid()                                                                   = 20509
getopt(1, 0xbffffb24, "t:")                                                 = -1
fprintf(0x40150e00, "Usage: %s 0123456SsQqAaBbCcUu\n", "init"Usage: init 0123456SsQqAaBbCcUu
)             = 32
exit(1
+++ exited (status 1) +++
[root@PT_LINUX sbin]# ltrace ./init
__uClibc_start_main(1, 0xbffffb24, 0xbffffb2c, 0x8049300, 0x8055128
malloc(1024)                                                                = 0x8058f48
malloc(1024)                                                                = 0x8059350
malloc(128)                                                                = 0x8059758
__xpg_basename(0xbffffc18, 0xbffffafc, 0x400008c6, 0x40005248, 2704)       = 0xbffffc1a
openlog("init", 1, 176)                                                    =
strcmp("init", "connect")                                                 = 1
strcmp("init", "sconf")                                                    = -1
strcmp("init", "init")                                                    = 0
signal(15, 0x804cd28)                                                       = NULL
umask(022)                                                                = 022
mkdir("/proc", 0555)                                                       = -1
mount(0x80564d2, 0x80564cc, 0x80564cd, 0, 0)                               = -1
mount(0x80564d2, 0x80564de, 0x80564d7, 0, 0)                               = -1
mkdir("/tmp", 01777)                                                       = -1
symlink("/proc/mounts", "/etc/mtab")                                        = -1
mkdir("/tmp/var", 0755)                                                    = -1
symlink("/tmp/var", "/var")                                                 = -1
mkdir("/var/run", 0755)                                                    = -1
mkdir("/var/log", 0755)                                                    = -1
mkdir("/var/conf/", 0600)                                                 = -1
mkdir("/bin", 0755)                                                       = -1
mkdir("/usr", 0755)                                                       = -1
symlink("/", "/usr/local")                                                 = -1
symlink("/bin", "/usr/bin")                                                 = -1
memcpy(0xbffff8c0, "_]\005\bg]\005\br]\005\b~]\005\b\211]\005\b\225]\005\b\236]\005\b\250]\005\b"..., 92) = 0xbffff8c0
symlink("/sbin/ifconfig", "/bin/sh")                                        = -1
symlink("/sbin/ifconfig", "/bin/route")                                     = -1
symlink("/sbin/ifconfig", "/bin/insmod")                                  = -1
symlink("/sbin/ifconfig", "/bin/rmmod")                                     = -1
symlink("/sbin/ifconfig", "/bin/gunzip")                                  = -1
symlink("/sbin/ifconfig", "/bin/tar")                                     = -1
symlink("/sbin/ifconfig", "/bin/true")                                     = -1
symlink("/sbin/ifconfig", "/bin/cat")                                     = -1
symlink("/sbin/ifconfig", "/bin/false")                                     = -1
symlink("/sbin/ifconfig", "/bin/gunzip")                                  = -1
symlink("/sbin/ifconfig", "/bin/gzip")                                     = -1
symlink("/sbin/ifconfig", "/bin/kill")                                     = -1
symlink("/sbin/ifconfig", "/bin/killall")                                  = -1
symlink("/sbin/ifconfig", "/bin/mkdir")                                     = -1
symlink("/sbin/ifconfig", "/bin/rm")                                        = -1
symlink("/sbin/ifconfig", "/bin/tar")                                     = -1
symlink("/sbin/ifconfig", "/bin/test")                                     = -1
symlink("/sbin/ifconfig", "/bin/unzip")                                     = -1
symlink("/sbin/ifconfig", "/bin/yes")                                     = -1
symlink("/sbin/ifconfig", "/sbin/klogd")                                  = -1
symlink("/sbin/ifconfig", "/sbin/logread")                                  = -1
symlink("/sbin/ifconfig", "/sbin/syslogd")                                  = -1
fopen("/proc/cmdline", "r")                                                 = 0x80597e0
memset(0xbffff880, '\000', 128)                                           = 0xbffff880
fgets("ro root=LABEL=/ acpi=force conso"..., 128, 0x80597e0)                = 0xbffff880
strstr("ro root=LABEL=/ acpi=force conso"..., "rootfs")                   = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "idefs")                      = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "usbfs")                      = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "ram")                      = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "NI=")                      = NULL
fclose(0x80597e0)                                                          = 0
open("/dev/fd0", 0, 01001313740)                                           = -1
fopen("/proc/cmdline", "r")                                                 = 0x80597e0
memset(0xbffff890, '\000', 128)                                           = 0xbffff890
fgets("ro root=LABEL=/ acpi=force conso"..., 128, 0x80597e0)                = 0xbffff890
strstr("ro root=LABEL=/ acpi=force conso"..., "rootfs")                   = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "idefs")                      = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "usbfs")                      = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "ram")                      = NULL
strstr("ro root=LABEL=/ acpi=force conso"..., "NI=")                      = NULL
fclose(0x80597e0)                                                          = 0
mkdir("/tmp/pkg", 0755)                                                    = -1
mkdir("/tmp/etc", 0755)                                                    = -1
mkdir("/etc/.config/", 0755)                                              = -1
printf("==>> Read error - %d\n", 1==>> Read error - 1
)                                        = 20
--- SIGINT (Interrupt) ---
+++ killed by SIGINT +++

通过上面太美对 BBIagent 目录结构的分析可以看出，它不仅像 busybox 那样将有一些功能压缩到一个文件 init 中（比如各种 .cgi 文件），还将用到的各种 bin 也放到了 ifconfig 中，这是之前没有发现的

学过 C 语言的人都知道，main 函数有 argc 和 argv 两个参数，其中存放参数那个二维数组的第一个一维字符串就是所执行的程序自身的名称，busybox 通过这种方法来是先执行一个程序达到不同效果的
之后的测试更加证实了我的想法，其实 ifconfig 就是将 busybox 改了名字而已

[root@PT_LINUX sbin]# ll
total 384
-rw-r--r-- 1 root    root       11161 Feb  5 23:17 a
-rwxr-xr-x 2 root    root    102584 Apr 11  2005 ifconfig
-rwxr-xr-x 1 root    root       68384 Aug 18 15:41 init
-rwxr-xr-x 1 root    root       40648 Apr  9  2005 iptables
-rwxr-xr-x 1 root    root       42020 Apr  9  2005 mini_httpd
[root@PT_LINUX sbin]# cp ifconfig busybox
[root@PT_LINUX sbin]# ll
total 276
-rw-r--r-- 1 root    root       11161 Feb  5 23:17 a
-rwxr-xr-x 1 root    root    102584 Apr 11  2005 busybox
-rwxr-xr-x 1 root    root    102584 Apr 11  2005 ifconfig
-rwxr-xr-x 1 root    root       68384 Aug 18 15:41 init
-rwxr-xr-x 1 root    root       40648 Apr  9  2005 iptables
-rwxr-xr-x 1 root    root       42020 Apr  9  2005 mini_httpd
[root@PT_LINUX sbin]# ./busybox

BusyBox v1.00 (2005.04.11-08:11+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

# exit
[root@PT_LINUX sbin]#

其实 init 也是同理，和 busybox 类似，我们之所以看不到 rootfs 展开后有什么东西，是由于大多数后期展开工作是由 init 来完成的
用同样的思想，又做了下面的测试

[root@PT_LINUX sbin]# ll
total 276
-rw-r--r-- 1 root    root       11161 Feb  5 23:17 a
lrwxrwxrwx 1 root    root          4 Feb  6 01:11 get.cgi -> init
-rwxr-xr-x 1 root    root    102584 Apr 11  2005 ifconfig
lrwxrwxrwx 1 root    root          4 Feb  6 01:10 index.cgi -> init
-rwxr-xr-x 1 root    root       68384 Aug 18 15:41 init
-rwxr-xr-x 1 root    root       40648 Apr  9  2005 iptables
-rwxr-xr-x 1 root    root       42020 Apr  9  2005 mini_httpd
lrwxrwxrwx 1 root    root          4 Feb  6 01:11 put.cgi -> init
lrwxrwxrwx 1 root    root          4 Feb  6 01:10 reg.cgi -> init
lrwxrwxrwx 1 root    root          4 Feb  6 01:11 run.cgi -> init
lrwxrwxrwx 1 root    root          8 Feb  6 01:07 sh -> ifconfig
[root@PT_LINUX sbin]# ./reg.cgi
[root@PT_LINUX sbin]# ltrace ./reg.cgi
__uClibc_start_main(1, 0xbffffb14, 0xbffffb1c, 0x8049300, 0x8055128
malloc(1024)                                                                = 0x8058f48
malloc(1024)                                                                = 0x8059350
malloc(128)                                                                = 0x8059758
__xpg_basename(0xbffffc0e, 0xbffffaec, 0x400008c6, 0x4000524c, 2704)       = 0xbffffc10
openlog("reg.cgi", 1, 176)                                                 =
strcmp("reg.cgi", "connect")                                              = 1
strcmp("reg.cgi", "sconf")                                                 = -1
strcmp("reg.cgi", "init")                                                 = 1
strcmp("reg.cgi", "index.cgi")                                              = 1
strcmp("reg.cgi", "put.cgi")                                              = 1
strcmp("reg.cgi", "get.cgi")                                              = 1
strcmp("reg.cgi", "run.cgi")                                              = -1
strcmp("reg.cgi", "reg.cgi")                                              = 0
getenv("HTTP_COOKIE")                                                       = NULL
closelog()                                                                =
exit(99
+++ exited (status 99) +++
[root@PT_LINUX sbin]#

暂时只有这些能耐了，希望这些信息对太美能够有所帮助 ^_^

[ 本帖最后由 platinum 于 2006-2-6 01:54 编辑 ]

platinum · 发表于 2006-2-6 01:42:28

这是 BBIagent 里面 iptables 支持的模块

[root@PT_LINUX iptables]# pwd
/BBIagent/lib/iptables
[root@PT_LINUX iptables]# ll
total 100
-rwxr-xr-x 1 root    root       9503 Apr  9  2005 libipt_conntrack.so
-rwxr-xr-x 1 root    root       5074 Apr  9  2005 libipt_DNAT.so
-rwxr-xr-x 1 root    root       4928 Apr  9  2005 libipt_iprange.so
-rwxr-xr-x 1 root    root       3932 Apr  9  2005 libipt_mac.so
-rwxr-xr-x 1 root    root       4030 Apr  9  2005 libipt_MASQUERADE.so
-rwxr-xr-x 1 root    root       6465 Apr  9  2005 libipt_mport.so
-rwxr-xr-x 1 root    root       5360 Apr  9  2005 libipt_REJECT.so
-rwxr-xr-x 1 root    root       5042 Apr  9  2005 libipt_SNAT.so
-rwxr-xr-x 1 root    root       2650 Apr  9  2005 libipt_standard.so
-rwxr-xr-x 1 root    root       4378 Apr  9  2005 libipt_state.so
-rwxr-xr-x 1 root    root       7850 Apr  9  2005 libipt_tcp.so
-rwxr-xr-x 1 root    root       9154 Apr  9  2005 libipt_time.so
-rwxr-xr-x 1 root    root       5606 Apr  9  2005 libipt_udp.so
[root@PT_LINUX iptables]#

相比之下我自己的防火墙功能模块

[root@PT_LINUX sbin]# ll /lib/iptables/
total 532
-rwxr-xr-x 1 root    root       5807 Jan  6 00:12 libipt_account.so
-rwxr-xr-x 1 root    root       5396 Jan  6 00:12 libipt_addrtype.so
-rwxr-xr-x 1 root    root       4909 Jan  6 00:12 libipt_ah.so
-rwxr-xr-x 1 root    root       3920 Jan  6 00:12 libipt_CLASSIFY.so
-rwxr-xr-x 1 root    root       3962 Jan  6 00:12 libipt_comment.so
-rwxr-xr-x 1 root    root       3826 Jan  6 00:12 libipt_condition.so
-rwxr-xr-x 1 root    root       4184 Jan  6 00:12 libipt_connlimit.so
-rwxr-xr-x 1 root    root       4110 Jan  6 00:12 libipt_connmark.so
-rwxr-xr-x 1 root    root       4978 Jan  6 00:12 libipt_CONNMARK.so
-rwxr-xr-x 1 root    root       9743 Jan  6 00:12 libipt_conntrack.so
-rwxr-xr-x 1 root    root       5554 Jan  6 00:12 libipt_DNAT.so
-rwxr-xr-x 1 root    root       5519 Jan  6 00:12 libipt_dscp.so
-rwxr-xr-x 1 root    root       5296 Jan  6 00:12 libipt_DSCP.so
-rwxr-xr-x 1 root    root       4645 Jan  6 00:12 libipt_ecn.so
-rwxr-xr-x 1 root    root       4525 Jan  6 00:12 libipt_ECN.so
-rwxr-xr-x 1 root    root       4913 Jan  6 00:12 libipt_esp.so
-rwxr-xr-x 1 root    root       3954 Jan  6 00:12 libipt_fuzzy.so
-rwxr-xr-x 1 root    root       7541 Jan  6 00:12 libipt_geoip.so
-rwxr-xr-x 1 root    root       9009 Jan  6 00:12 libipt_hashlimit.so
-rwxr-xr-x 1 root    root       3698 Jan  6 00:12 libipt_helper.so
-rwxr-xr-x 1 root    root       6638 Jan  6 00:12 libipt_icmp.so
-rwxr-xr-x 1 root    root       3568 Jan  6 00:12 libipt_IMQ.so
-rwxr-xr-x 1 root    root       4565 Jan  6 00:12 libipt_IPMARK.so
-rwxr-xr-x 1 root    root       5019 Jan  6 00:12 libipt_iprange.so
-rwxr-xr-x 1 root    root       6616 Jan  6 00:12 libipt_ipv4options.so
-rwxr-xr-x 1 root    root       2957 Jan  6 00:12 libipt_IPV4OPTSSTRIP.so
-rwxr-xr-x 1 root    root       8724 Jan  6 00:12 libipt_layer7.so
-rwxr-xr-x 1 root    root       4575 Jan  6 00:12 libipt_length.so
-rwxr-xr-x 1 root    root       5078 Jan  6 00:12 libipt_limit.so
-rwxr-xr-x 1 root    root       6546 Jan  6 00:12 libipt_LOG.so
-rwxr-xr-x 1 root    root       4129 Jan  6 00:12 libipt_mac.so
-rwxr-xr-x 1 root    root       4043 Jan  6 00:12 libipt_mark.so
-rwxr-xr-x 1 root    root       4730 Jan  6 00:12 libipt_MARK.so
-rwxr-xr-x 1 root    root       4267 Jan  6 00:12 libipt_MASQUERADE.so
-rwxr-xr-x 1 root    root       2857 Jan  6 00:12 libipt_MIRROR.so
-rwxr-xr-x 1 root    root       8095 Jan  6 00:12 libipt_multiport.so
-rwxr-xr-x 1 root    root       4216 Jan  6 00:12 libipt_NETLINK.so
-rwxr-xr-x 1 root    root       4528 Jan  6 00:12 libipt_NETMAP.so
-rwxr-xr-x 1 root    root       3720 Jan  6 00:12 libipt_NFQUEUE.so
-rwxr-xr-x 1 root    root       2859 Jan  6 00:12 libipt_NOTRACK.so
-rwxr-xr-x 1 root    root       5619 Jan  6 00:12 libipt_nth.so
-rwxr-xr-x 1 root    root       5959 Jan  6 00:12 libipt_owner.so
-rwxr-xr-x 1 root    root       5232 Jan  6 00:12 libipt_physdev.so
-rwxr-xr-x 1 root    root       4607 Jan  6 00:12 libipt_pkttype.so
-rwxr-xr-x 1 root    root       4712 Jan  6 00:12 libipt_psd.so
-rwxr-xr-x 1 root    root       3765 Jan  6 00:12 libipt_quota.so
-rwxr-xr-x 1 root    root       4014 Jan  6 00:12 libipt_random.so
-rwxr-xr-x 1 root    root       3954 Jan  6 00:12 libipt_realm.so
-rwxr-xr-x 1 root    root       7502 Jan  6 00:12 libipt_recent.so
-rwxr-xr-x 1 root    root       4266 Jan  6 00:12 libipt_REDIRECT.so
-rwxr-xr-x 1 root    root       5467 Jan  6 00:12 libipt_REJECT.so
-rwxr-xr-x 1 root    root       5805 Jan  6 00:12 libipt_ROUTE.so
-rwxr-xr-x 1 root    root       6750 Jan  6 00:12 libipt_rpc.so
-rwxr-xr-x 1 root    root       4770 Jan  6 00:12 libipt_SAME.so
-rwxr-xr-x 1 root    root       10420 Jan  6 00:12 libipt_sctp.so
-rwxr-xr-x 1 root    root       5522 Jan  6 00:12 libipt_SNAT.so
-rwxr-xr-x 1 root    root       2946 Jan  6 00:12 libipt_standard.so
-rwxr-xr-x 1 root    root       4539 Jan  6 00:12 libipt_state.so
-rwxr-xr-x 1 root    root       2938 Jan  6 00:12 libipt_TARPIT.so
-rwxr-xr-x 1 root    root       3752 Jan  6 00:12 libipt_TCPLAG.so
-rwxr-xr-x 1 root    root       4523 Jan  6 00:12 libipt_tcpmss.so
-rwxr-xr-x 1 root    root       3920 Jan  6 00:12 libipt_TCPMSS.so
-rwxr-xr-x 1 root    root       8354 Jan  6 00:12 libipt_tcp.so
-rwxr-xr-x 1 root    root       9539 Jan  6 00:12 libipt_time.so
-rwxr-xr-x 1 root    root       4847 Jan  6 00:12 libipt_tos.so
-rwxr-xr-x 1 root    root       4560 Jan  6 00:12 libipt_TOS.so
-rwxr-xr-x 1 root    root       2855 Jan  6 00:12 libipt_TRACE.so
-rwxr-xr-x 1 root    root       4272 Jan  6 00:12 libipt_ttl.so
-rwxr-xr-x 1 root    root       4303 Jan  6 00:12 libipt_TTL.so
-rwxr-xr-x 1 root    root       6167 Jan  6 00:12 libipt_u32.so
-rwxr-xr-x 1 root    root       5868 Jan  6 00:12 libipt_udp.so
-rwxr-xr-x 1 root    root       5230 Jan  6 00:12 libipt_ULOG.so
-rwxr-xr-x 1 root    root       2801 Jan  6 00:12 libipt_unclean.so
-rwxr-xr-x 1 root    root       3980 Jan  6 00:12 libipt_XOR.so
[root@PT_LINUX sbin]#

另外，通过 strings 对 init 进行分析，发现了里面一段

[root@PT_LINUX sbin]# strings /BBIagent/sbin/init|grep ifconfig
/sbin/ifconfig %s %s netmask %s
/sbin/ifconfig lo 127.0.0.1 netmask 255.0.0.0
/sbin/ifconfig eth1 0.0.0.0 up
/sbin/ifconfig
/sbin/ifconfig imq up
/sbin/ifconfig %s 0.0.0.0 up
[root@PT_LINUX sbin]#
[root@PT_LINUX sbin]# strings ./init|awk '/^\-A|iptables/'
/sbin/iptables -t nat -N tpred
/sbin/iptables -t nat -A PREROUTING -i %s -p tcp -d ! %s -j tpred
-A POSTROUTING -t nat -s %0/%1 -o %3 -j MASQUERADE
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i %2 -m state --state NEW -j ACCEPT
-A INPUT -i %3 -p tcp -j portscan
-A FORWARD -i %3 -p tcp -j portscan
-A PREROUTING -t mangle -j usertos
-A PREROUTING -t nat -i %2 -d %0 -j RETURN
-A PREROUTING -t nat -j service-d
-A POSTROUTING -t nat -o %2 -s %0/%1 -j service-s
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
/sbin/iptables -A portscan -p tcp --tcp-flags %s -j DROP
-A INPUT -j block
-A FORWARD -j block
-A FORWARD -i %2 -j access
/sbin/iptables %s
/sbin/iptables -t nat -R PREROUTING 2 -d %s -j service-d
[root@PT_LINUX sbin]#

发现 BBIagent 其实功能很单一，和软件路由比差远了，和我自己的比差得更远，只是好在对 iptables 不熟悉得人来说，操作起来方便些而已，不去破解也罢，用好 Linux、学好 iptables，了解他的工作原理才是关键。。。。

[ 本帖最后由 platinum 于 2006-2-6 01:58 编辑 ]

心想事成 · 发表于 2006-2-8 12:25:59

[root@PT_LINUX sbin]# ltrace ./reg.cgi
__uClibc_start_main(1, 0xbffffb14, 0xbffffb1c, 0x8049300, 0x8055128
malloc(1024)                                                                = 0x8058f48
malloc(1024)                                                                = 0x8059350
malloc(128)                                                                = 0x8059758
__xpg_basename(0xbffffc0e, 0xbffffaec, 0x400008c6, 0x4000524c, 2704)       = 0xbffffc10
openlog("reg.cgi", 1, 176)                                                 =
strcmp("reg.cgi", "connect")                                              = 1
strcmp("reg.cgi", "sconf")                                                 = -1
strcmp("reg.cgi", "init")                                                 = 1
strcmp("reg.cgi", "index.cgi")                                              = 1
strcmp("reg.cgi", "put.cgi")                                              = 1
strcmp("reg.cgi", "get.cgi")                                              = 1
strcmp("reg.cgi", "run.cgi")                                              = -1
strcmp("reg.cgi", "reg.cgi")                                              = 0
getenv("HTTP_COOKIE")                                                       = NULL
closelog()                                                                =
exit(99
+++ exited (status 99) +++
[root@PT_LINUX sbin]#

它要检查COOKIE，如果没有COOKIE值，就直接退出。
只需要把jz short loc_8054608改为jnz short loc_8054608就可以搞定了吧？然后看它下一步到底做什么去了？

zhenfu · 发表于 2006-2-12 17:19:57

请问破解成功了吗?

td198 · 发表于 2006-2-20 14:57:33

正需要这个版本,等待破解.
顺便问一下,1.8.1版的软件可以限制网内的某个IP上网吗?

rob99 · 发表于 2006-2-23 23:24:56

原帖由 td198 于 2006-2-20 14:57 发表
正需要这个版本,等待破解.
顺便问一下,1.8.1版的软件可以限制网内的某个IP上网吗?

可以啊，首先绑定网内的网卡的mac地址，跟着用MAC地址指定ip地址，跟着就可以限制ip能否访问internet?

asdasd · 发表于 2006-3-3 10:26:49

自从试用ROUTEOS失败后,还是想继续用BBIagent2.0,期盼破解点出来!简单实用才是硬道理!^_^

asdasd · 发表于 2006-3-6 15:22:16

每天都来顶一下!盼望出2.0破解

asdasd · 发表于 2006-3-8 16:40:25

今天来过了,发现没有人回,继续顶

asdasd · 发表于 2006-3-22 08:46:53

今天又来看看,顶上去,让更多的人看到!

add1132 · 发表于 2006-4-3 22:56:51

我还是觉得coyo好用些，BBiagent 要米米的，定制性也不好，效果也不怎么好，用了coyo后对它没什么兴趣了。

sky123888 · 发表于 2006-4-14 00:08:24

等待2.0的破解版。

asdasd · 发表于 2006-4-17 08:51:34

想得太美版主,有没有消息了?给大家吹点BBIagent的风呀！

xgamebmx · 发表于 2006-4-19 01:44:03

等待破解.....

账号		自动登录	找回密码
密码			注册