I wasnt aware of this wifi blob. This feeds a tiny paranoia I have at the back of my head when dealing with esp32/espressif. I have dozens of esp32s around and I love them, but Espressif is 100% Chinese.
Im uncomfortable with what I read that every company of significant size in China automatically requires CCP party members to be involved in the company at a high level.
So Im very happy to hear people such as these guys are looking deep at this.
Ofcourse since Espressif controls the hardware, so they can do anything eventually. My itch will always be there and Im going to switch once I find something made in preferably the EU when I find something comparable to esp32. Maybe Nordic Semiconductors will make some nice risk-v chips and dev-boards soon.
It is because of FCC certification requirements.
Usually, if the end user can modify the lowlevel radio firmware on the device, the device looses it's FCC certification and cannot be sold in USA.
It also seems that Espressif has bought their wifi IP, so their contracts and licensing terms with the IP vendor likely prevent any sharing.
But FCC is the reason for closed binary blob firmware for all wifi radios out there these days.
Wifi is easy... there's no way to send anything undetected, since you control the routers, etc.
GSM->5G modems are a lot harder to debug... maybe now in recent years with cheaper SDRs, but a lot harder then wifi.
And not sure why you'd be afraid of CCP, we saw the wikileaks, USA does a lot of similiarly bad stuff too and even got caught doing it... and if you live in a "western" country, USA has much easier access to you than China.
Learn more about Espressif's founder. And I think the CCP party cannot impact Espressif.
-------
Singapore’s bilingual education gave the engineer an adequate command of Chinese; he played translator for his Chinese and non-Chinese speaking staff in meetings during Espressif’s early days.
And the time he spent in national service with the Singapore Armed Forces taught him the importance of being in the front line, of knowing the ground well.
The CEO believes that entrepreneurship cannot be taught. One needs to have a head for risk-taking, creativity, a big-picture perspective, and to be prepared to fail.
And passion, of course.
He has a nugget of wisdom for those who have yet to find theirs: “There are two things that drive people... One is passion, the other is fear... If you lose that fear, you might find your passion.”
Your paranoia about the Chinese is equally applicable to Americans, whose NSA has given itself carte-blanche to infiltrate any computing system it desires, for whatever reason, in total secrecy - without recourse for the public to address any wrongs.
So I'm not sure that framing your paranoia in terms of "the Chinese" is productive - you might just want to update that thought with "any state actor who operates covert torture sites and violates human rights at immense scale", in which case your set of actually hostile actors becomes a little more realistic.
The biggest threat to your freedom and human rights, as an American, is your own government.
Some old Realtek switch chips featured a protocol called RRCP[1] where you could write to the hardware registers using a specific type of Ethernet frame. So I guess a CCP-designed backdoor would probably detect a specially encrypted WiFi packet and allow then internal memory of the device to be written/read over the air. The key would be hardwired into the chip, part of the random logic - so there will be no visible block to identify on visual inspection of the die.
Or more subtly they could insert (or just not fix) a bug which allows packet descriptors to be overwritten on reception of a certain malformed WiFi packet, e.g. too short or long, which makes it possible to overwrite regions of the device's memory and thus compromise it. A SDR might be required to transmit the malformed packet(s).
By the way, I wonder if modern Realtek switch chips might still support RRCP, and an undocumented EEPROM bit or strapping resistor might re-enable it?
Tbf I think China is more interested in the money espressif makes than anything like spying. Because they'd be so easily caught out by anyone with a decent router. And if they ever happened then the whole company would be gibbed.
So... you are basing your fears on just that, hunches and yet presumably your own government is spying on others and maybe you but that doesnt bother you because USA /five eyes are the "good guys"
I use a Chinese phone with a Chinese ROM. I installed Google service as apps, with limited permissions. I'd rather have Uncle Xi listening than Uncle Sam.
The article claims that the ESP32 costs $5. The reality is around half of that for the MCU, and around $3 for pre certified modules including crystal, PCB antenna or UF-L connector. So it's really affordable.
Espressif has also launched a new ESP32C3 based on RISC-V, with modules priced at around $2.
The section on trying to attenuate outside wifi signals interested me.
There is a bunch of hand wavy information on building faraday cages online, some people suggesting to utilize a microwave oven, since they operate at the same frequency.
There are even wifi faraday cages for sale on amazon.
However I can't really find much actual benchmark data online about how well these various approaches actually attenuate signals.
If the product doesn't list some form of dB loss (at at least 1 frequency) I assume it's more or less just a standard box. Sometimes that'll be right, sometimes it won't. Some of it comes down to how you use the box as well. If you're feeding un-isolated power in via a big hole in the back then it doesn't really matter how perfect the front is at blocking signals.
I'm surprised their paint can only gave them a 10 dB difference. I've found simply wrapping things in aluminum foil is good for about 40 dB when it comes to Wi-Fi.
A microwave oven is an excellent (30-40dB) attenuator specifically around 2.4GHz. The legal requirements essentially mandate 30dB + manufacturing safety margin. Your mileage will vary for other frequencies, as they're not actually faraday cages, so it's usually easier to simply use aluminum foil or a copper mesh/PVC box depending on your needs.
Not sure on specific numbers but based on the picture he posted of it in a can he would have probably done better with metal netting from a window screen or metal chicken wire it destroys wifi signal pretty damn effectively
For someone unexperienced with ESP32 but wanting to dip your toes, I'd highly recommend M5Stack - https://m5stack.com/ . No affiliation whatsoever, but I started playing with some basic boards last year for the first time and the the tiny devices they build have so many different sensors, transmitters, etc that you can start with a lot of early experiments just using a single device and a USB-C cable.
I can attest to the challenges of the section on Dynamic analysis on real hardware and the struggles of attenuating signal interference on the ESP.
Anyone have a recommendation on conducting fabric for RF isolation as briefly mentioned in the article or resources on the subject of rf isolation/Faraday cages for microcontrollers?
We needed a large highly isolating cage for a project and the cost-effective (but still costly) way to do that was to build our own, having local welders make a custom steel box and lining it up with rf anechoic pyramid foam, otherwise the reflections make weird RF noise. A tricky part is the seams where your doors meet the box. It's easier to get good isolation from outside if you don't have to connect any wires, i.e. if any "control" you need is done by a battery-powered computer (laptop or smartphone) inside the isolation.
Based only on my own anecdotal experience... I think the hole the cables go through is the biggest problem in OPs setup. I'd solder the shields to the cage circumferentially around the hole. Shielded USB cables aren't too hard to find, it wouldn't be as good as something optical but it's a lot easier.
Not directly answering your question, but on preventing emission in the first place (and the best video I've ever seen on electrical engineering): https://www.youtube.com/watch?v=ySuUZEjARPY
I used the isolation „fabric“ wrapped around the extension cable off a super cheap PCIe riser card. I put an iPhone inside which blocked WiFi, BT and 4G.
…I wonder if this could be used to implement AWDL (Apple Wireless Direct Link) for use with AirDrop… if I recall correctly, the blocker on normal WiFi chipsets is being unable to send the ACK frames, which this should enable?
What kind of programmer does one need to work with ESP32? I bought jlink for stm32 thinking that's the ultimate programmer for all my needs, however it does not claim compatibility with esp32.
Depends a lot on the exact model of ESP32 you get. Even for non-devboards, a lot of the newer modules have a built in USB serial peripheral. If it's got a USB port, you're already ready to go. The ESP32-C3 QtPy modules from adafruit are awesome, they've got a USB-C port on them and you can just plug them in and they're ready to be flashed.
They do have a boot loader that speaks uart, but are also compatible with jtag and openocd. However, I haven’t needed to burn the pins on jtag because they’ve implemented a gdb stub over uart, including the ability to trap interrupts and dump into a paused gdb session. It’s not ideal, but it’s pretty impressive from a preexisting tools perspective.
This doesn’t really answer your question, but it feels like it’s worth mentioning.
They have a built in serial bootloader. Most dev boards don't need anything, they come with a USB-to-serial adapter. Some of the new ones even have the USB part integrated on chip.
If you use a bare module then you need a basic 3.3V serial adapter and maybe a jumper wire to ground pin 0 to enter programming mode.
You can also do stuff with JTAG, which will let you use a debugger, but that's not mandatory. Espressif sells a dirt cheap one. I think maybe you can use your jlink for that with some fiddling but I'm not certain.
You don't need anything. Plug it into your machine's usb, open arduino ide(or their web ide + agent) and upload any of the examples that arduino ide comes with and use its serial monitor to debug/read whatever output you write on the esp32's serial. This applies to windows/mac/linux.
I think Espressif have or at least used to have their own in-house developed MAC and PHY, which is not publicly documented.
For the Bouffalo Lab and Beken WiFi SoCs we already have SVD files[1] for the WiFi MAC (and likely the PHY too). Thus we have nearly complete documentation for all chip registers and their bitfields. Both SoCs are based on CEVA RivieraWaves WiFi IP.
Also you might be able to use it as a SDR for the 2.4GHz band, there appears to be registers to send ADC data to on-chip SRAM. And USB 2.0 High Speed device functionality on some of the Bouffalo chips.
I was thinking of hacking it to use as a cheap uplink to the QO-100 amateur radio satellite, which uplinks in the 2.4GHz band. I think 100mW of power might be just enough for CW or some very narrowband PSK mode.
By the way, on the Bouffalo devices, watch out for the eFuse registers, they're not fully lockable and write protectable, one wrong register write and the whole chip itself can be bricked and stuck permanently in secure boot mode. It happened to me, and I'm going to try and work around it by glitching the clock input on boot, just at the right time, to disrupt the eFuse reading, just for the fun of it.
> 50000 peripheral memory accesses are needed [to initialize the hardware]
Wow, that's a lot. If OP could upload somewhere the list of accesses together with a stack trace for each, I think we could crowd source a rewrite of each function - I'd be willing to bet the vast majority of those are repetitive patterns - ie. 'run this transmission test 1000 times while increasing the power levels each time until the received power = some set value'.
The barrier to entry has never been lower. Last night I prototyped some code in Python on my Mac to talk to a Bluetooth peripheral, and then had ChatGPT translate it to Arduino C++ code for a $5 ESP32, and it mostly worked on the first go.
You can even run Python on microcontrollers these days. See Adafruit's https://circuitpython.org for which they publish modules for many (almost all?) of the sensors they sell. The modern microcontroller frameworks hide much of the complexity of Wi-Fi, Bluetooth, filesystems, etc. so you can do complicated things with minimal effort. You can really cobble something together in an afternoon.
The "hello world" of microcontrollers is making an LED blink. Then figuring out how to print a message out over serial (print debugging is invaluable). Then maybe figure out how to make a Wi-Fi connection and an HTTP request. Then go on a shopping spree on Adafruit or SparkFun for $9 sensors that spark your imagination and figure out how to talk to them; Adafruit publishes zillions of tutorials you can copy from: https://learn.adafruit.com
Depending on the board and language support, a good first time project is syncing a real-time clock to NTP. At least that was my first one, followed by a wifi signal scanner. I was using MicroPython which is fast and easy, C is a little more work obviously.
It depends a lot on the sensors you have. That said, even without any (or few) sensor(s) you can still have fun with network related applications like a Telegram bot.
There are a lot of interesting sensors out there. A good start can be by picking a sensor you're interested in and use it for monitoring. It can be as basic as temperature monitoring, or gas/CO2.
I tried making a small servo tester as a first small project on the esp32. I obviously took the servo testing code from somewhere else but yeah, the control part was useful.
Have you tried just replaying those 50,000 accesses and seeing if things work? Obviously some things might not be correctly calibrated, but merely knowing that a simple replay works tells you that there are no complex hardware/software handshakes (ie. Take random token from here and write it to there). It also tells you that the process is probably fairly timing independent.
Wouldn't this invalidate the FCC certification on the prebuilt modules? You'd have to get certified with this firmware to ensure you aren't violating transmission power requirements.
Admittedly, this is a non-issue for hobby scale projects, but is potentially a blocker for commercial applications.
I wouldn't say it's necessarily a bad thing, but worth discussion.
> Wouldn't this invalidate the FCC certification on the prebuilt modules?
MAC is at OSI Layer 2. FCC concerns about radio power occur at the PHY layer, OSI Layer 1:
> On the ESP32, the PHY layer is implemented in hardware; most of the MAC layer is implemented in the proprietary blob. One notable exception to this separation is sending acknowlegement frame: if a device receives a frame, it should send a packet back to acknowledge that this packet was received correctly. This ACK packet needs to be sent within ~10 microseconds; it would be hard to get this timing correct in software.
He should just go with stm and its open source LwMesh library instead.
But the closed radio parts are indeed horrible. Qualcomm (US Intelligence) and Broadcom (Chinese intelligence) controlling the physical layer underneath is as disturbing as the various Intel, AMD, ARM backdoors in their pre-OS layers.
No, it doesn't. I know with 100% certainty ESP WiFi hardware is developed in-house and not shared. I think BL602 uses CEVA IP, not sure about that, but it certainly is not shared with ESP chips.
Just a few months ago I was thinking "surely someone must have tried to RE the ESP32 Wi-Fi stack" and tried to find some research on it, but couldn't find anything. Great work!
Nothing an electron microscope can't handle. It's not a hardened security chip. It'll cost a bit but it's probably possible for a company to do it for free to show off their services. This is how die shots usually happen.
I would guess most 32-bit microcontrollers and any SoCs capable of running Linux have some sort of boot ROM, at least for the flash programming mode (especially if it's over USB).
Nothing about a mask ROM makes the data unrecoverable. It's still Memory that can be Read.
I'd be very surprised if there's not an exploit that will get the CPU to barf up the full ROM contents. That's if there isn't a more direct way to read it.
Even in the extremely unlikely case that it can't be read programmatically, you can always physically decode it with a microscope and a working eyeball.
From there, it's "just" a matter of decompiling the machine code into something readable. It's not trivial, but it can be done by a single person in a reasonable timeframe.
This is very interesting. I'm keen to get involved but, while I'm very experienced with ESP32, I don't have experience with this type of reverse engineering.
How long did it take you to get the environment and tools set up, so you could start digging in?
Is time or money a more valuable investment at this stage? If it's not too forward, how much would be useful to your organisation? (I can email if preferred.)
finnjohnsen2|2 years ago
Im uncomfortable with what I read that every company of significant size in China automatically requires CCP party members to be involved in the company at a high level.
So Im very happy to hear people such as these guys are looking deep at this.
Ofcourse since Espressif controls the hardware, so they can do anything eventually. My itch will always be there and Im going to switch once I find something made in preferably the EU when I find something comparable to esp32. Maybe Nordic Semiconductors will make some nice risk-v chips and dev-boards soon.
RF_Savage|2 years ago
It also seems that Espressif has bought their wifi IP, so their contracts and licensing terms with the IP vendor likely prevent any sharing.
But FCC is the reason for closed binary blob firmware for all wifi radios out there these days.
ajsnigrutin|2 years ago
GSM->5G modems are a lot harder to debug... maybe now in recent years with cheaper SDRs, but a lot harder then wifi.
And not sure why you'd be afraid of CCP, we saw the wikileaks, USA does a lot of similiarly bad stuff too and even got caught doing it... and if you live in a "western" country, USA has much easier access to you than China.
deegone|2 years ago
Learn more about Espressif's founder. And I think the CCP party cannot impact Espressif.
------- Singapore’s bilingual education gave the engineer an adequate command of Chinese; he played translator for his Chinese and non-Chinese speaking staff in meetings during Espressif’s early days.
And the time he spent in national service with the Singapore Armed Forces taught him the importance of being in the front line, of knowing the ground well.
The CEO believes that entrepreneurship cannot be taught. One needs to have a head for risk-taking, creativity, a big-picture perspective, and to be prepared to fail.
And passion, of course.
He has a nugget of wisdom for those who have yet to find theirs: “There are two things that drive people... One is passion, the other is fear... If you lose that fear, you might find your passion.”
boffinAudio|2 years ago
So I'm not sure that framing your paranoia in terms of "the Chinese" is productive - you might just want to update that thought with "any state actor who operates covert torture sites and violates human rights at immense scale", in which case your set of actually hostile actors becomes a little more realistic.
The biggest threat to your freedom and human rights, as an American, is your own government.
127361|2 years ago
Or more subtly they could insert (or just not fix) a bug which allows packet descriptors to be overwritten on reception of a certain malformed WiFi packet, e.g. too short or long, which makes it possible to overwrite regions of the device's memory and thus compromise it. A SDR might be required to transmit the malformed packet(s).
By the way, I wonder if modern Realtek switch chips might still support RRCP, and an undocumented EEPROM bit or strapping resistor might re-enable it?
1. https://en.wikipedia.org/wiki/Realtek_Remote_Control_Protoco...
asylteltine|2 years ago
brunohaid|2 years ago
They are, not as CPU necessarily but for exactly those auxiliary functions: https://blog.nordicsemi.com/getconnected/why-nordic-is-getti...
fennecbutt|2 years ago
2Gkashmiri|2 years ago
Do you know about this
https://www.swisscommunity.org/en/news-media/swiss-review/ar... https://www.reuters.com/technology/cybersecurity/governments...
So... you are basing your fears on just that, hunches and yet presumably your own government is spying on others and maybe you but that doesnt bother you because USA /five eyes are the "good guys"
DeathArrow|2 years ago
DeathArrow|2 years ago
Max-q|2 years ago
Espressif has also launched a new ESP32C3 based on RISC-V, with modules priced at around $2.
KRAKRISMOTT|2 years ago
rwaksmunski|2 years ago
jareklupinski|2 years ago
cant wait until they can make a dual-core risc-v but p.happy on the -s3
baybal2|2 years ago
[deleted]
WatchDog|2 years ago
There is a bunch of hand wavy information on building faraday cages online, some people suggesting to utilize a microwave oven, since they operate at the same frequency.
There are even wifi faraday cages for sale on amazon.
However I can't really find much actual benchmark data online about how well these various approaches actually attenuate signals.
RF_Savage|2 years ago
Less about protocol development and more fear of 5G and wifi.
The prices of this things can be quite high. Which is why I bought my small one as used surplus.
One can find a great amount of models from various manufacturers here: https://www.everythingrf.com/search/shielded-test-enclosures
And none of them look cheap. But more "please call for quote"-type of things.
zamadatix|2 years ago
I'm surprised their paint can only gave them a 10 dB difference. I've found simply wrapping things in aluminum foil is good for about 40 dB when it comes to Wi-Fi.
AlotOfReading|2 years ago
jstrieb|2 years ago
https://www.mattblaze.org/blog/faraday
It's a few years old, but seems pretty thorough.
cchance|2 years ago
raajg|2 years ago
icpmacdo|2 years ago
Anyone have a recommendation on conducting fabric for RF isolation as briefly mentioned in the article or resources on the subject of rf isolation/Faraday cages for microcontrollers?
redfast00|2 years ago
PeterisP|2 years ago
jcalvinowens|2 years ago
genter|2 years ago
atVelocet|2 years ago
jjtech|2 years ago
vbezhenar|2 years ago
connicpu|2 years ago
ultrarunner|2 years ago
This doesn’t really answer your question, but it feels like it’s worth mentioning.
PeterisP|2 years ago
There are also 'premium' devkits with smaller and nicer packaging e.g. I like m5 devkits that are inch-by-inch-by-halfinch blocks at $7.5 for https://docs.m5stack.com/en/core/AtomS3%20Lite or with an integrated screen for $15.5 https://shop.m5stack.com/products/atoms3-dev-kit-w-0-85-inch... is useful for visual feedback.
gh02t|2 years ago
If you use a bare module then you need a basic 3.3V serial adapter and maybe a jumper wire to ground pin 0 to enter programming mode.
You can also do stuff with JTAG, which will let you use a debugger, but that's not mandatory. Espressif sells a dirt cheap one. I think maybe you can use your jlink for that with some fiddling but I'm not certain.
halayli|2 years ago
sifttio|2 years ago
bobsmooth|2 years ago
vGPU|2 years ago
127361|2 years ago
For the Bouffalo Lab and Beken WiFi SoCs we already have SVD files[1] for the WiFi MAC (and likely the PHY too). Thus we have nearly complete documentation for all chip registers and their bitfields. Both SoCs are based on CEVA RivieraWaves WiFi IP.
Also you might be able to use it as a SDR for the 2.4GHz band, there appears to be registers to send ADC data to on-chip SRAM. And USB 2.0 High Speed device functionality on some of the Bouffalo chips.
I was thinking of hacking it to use as a cheap uplink to the QO-100 amateur radio satellite, which uplinks in the 2.4GHz band. I think 100mW of power might be just enough for CW or some very narrowband PSK mode.
By the way, on the Bouffalo devices, watch out for the eFuse registers, they're not fully lockable and write protectable, one wrong register write and the whole chip itself can be bricked and stuck permanently in secure boot mode. It happened to me, and I'm going to try and work around it by glitching the clock input on boot, just at the right time, to disrupt the eFuse reading, just for the fun of it.
1. https://github.com/bouffalolab/bl_iot_sdk/blob/master/compon...
londons_explore|2 years ago
Wow, that's a lot. If OP could upload somewhere the list of accesses together with a stack trace for each, I think we could crowd source a rewrite of each function - I'd be willing to bet the vast majority of those are repetitive patterns - ie. 'run this transmission test 1000 times while increasing the power levels each time until the received power = some set value'.
dgreensp|2 years ago
redfast00|2 years ago
droptablemain|2 years ago
I have no idea what my first project should be. Any ideas?
rgovostes|2 years ago
You can even run Python on microcontrollers these days. See Adafruit's https://circuitpython.org for which they publish modules for many (almost all?) of the sensors they sell. The modern microcontroller frameworks hide much of the complexity of Wi-Fi, Bluetooth, filesystems, etc. so you can do complicated things with minimal effort. You can really cobble something together in an afternoon.
The "hello world" of microcontrollers is making an LED blink. Then figuring out how to print a message out over serial (print debugging is invaluable). Then maybe figure out how to make a Wi-Fi connection and an HTTP request. Then go on a shopping spree on Adafruit or SparkFun for $9 sensors that spark your imagination and figure out how to talk to them; Adafruit publishes zillions of tutorials you can copy from: https://learn.adafruit.com
jof|2 years ago
Then, connect an RGB LED and experiment with PWM signal generation.
Then, experiment with network programming, accepting a UDP packet to the ESP32 that sets the color of the RGB LED.
anigbrowl|2 years ago
floitsch|2 years ago
I wrote lots of easy to follow tutorials there.
It depends a lot on the sensors you have. That said, even without any (or few) sensor(s) you can still have fun with network related applications like a Telegram bot.
halayli|2 years ago
mardifoufs|2 years ago
londons_explore|2 years ago
Have you tried just replaying those 50,000 accesses and seeing if things work? Obviously some things might not be correctly calibrated, but merely knowing that a simple replay works tells you that there are no complex hardware/software handshakes (ie. Take random token from here and write it to there). It also tells you that the process is probably fairly timing independent.
calamari4065|2 years ago
Admittedly, this is a non-issue for hobby scale projects, but is potentially a blocker for commercial applications.
I wouldn't say it's necessarily a bad thing, but worth discussion.
throw0101b|2 years ago
MAC is at OSI Layer 2. FCC concerns about radio power occur at the PHY layer, OSI Layer 1:
> On the ESP32, the PHY layer is implemented in hardware; most of the MAC layer is implemented in the proprietary blob. One notable exception to this separation is sending acknowlegement frame: if a device receives a frame, it should send a packet back to acknowledge that this packet was received correctly. This ACK packet needs to be sent within ~10 microseconds; it would be hard to get this timing correct in software.
* https://pics.zeus.gent/vYXyQm2t9pJCzpDdWFvq9oWR2DACoUJoTsYf8...
rurban|2 years ago
But the closed radio parts are indeed horrible. Qualcomm (US Intelligence) and Broadcom (Chinese intelligence) controlling the physical layer underneath is as disturbing as the various Intel, AMD, ARM backdoors in their pre-OS layers.
madushan1000|2 years ago
Sprite_tm|2 years ago
seba_dos1|2 years ago
no_time|2 years ago
https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/ap...
wkat4242|2 years ago
dezgeg|2 years ago
calamari4065|2 years ago
I'd be very surprised if there's not an exploit that will get the CPU to barf up the full ROM contents. That's if there isn't a more direct way to read it.
Even in the extremely unlikely case that it can't be read programmatically, you can always physically decode it with a microscope and a working eyeball.
From there, it's "just" a matter of decompiling the machine code into something readable. It's not trivial, but it can be done by a single person in a reasonable timeframe.
rkfjrjrkfnrkd|2 years ago
How long did it take you to get the environment and tools set up, so you could start digging in?
Is time or money a more valuable investment at this stage? If it's not too forward, how much would be useful to your organisation? (I can email if preferred.)
redfast00|2 years ago
natalewalter|2 years ago
[deleted]
unknown|2 years ago
[deleted]
BGotti4|2 years ago
[deleted]