Bestand wählen
Merken

Public FPGA based DMA Attacking

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
thank you and I thank
you hello again and good evening for the last session on day 3 of the Caloris I'm really happy to see so many of you so late interested in such a particular topic download what you really really well on some foreign money and in assessing our that levels so home we will hear more about the direct memory attacks and how they're still possible nowadays again and this here to show you and to tell you more about what you should know about thank you thank you but tonight they're going to talk about public PDA-based Direct Memory Access DMA attacking my name is all and helping me with the most that I I have yet annoying I will start by briefly going through
some background and previous work has been done in the area that will demonstrate the interaction of the main attacking I will try to do a live demo in which we will transmit the received pcExpress sites in their pockets we would dump memory at speeds up to 75 megabytes per 2nd then we'll have a look at the actual FPGA design that decorated after that we will go into some more advanced DMA attacking we will attack a winnable but in the Linux system and a winter but you a fight if you manage to get into you a fight you might also be able to compromise secure boat and then you can also compromise did not get booted operating systems such as a witness stand system running localization basic curative and at the end we will have a look at some future hardware that I'm really excited about my name
so 1st come employed in the financial sector in Stockholm Sweden a previous supercenter my work at the sect conference in Stockholm and also at that come in Las Vegas and the author of the PCA leach direct-memory-access APEC tool kit and assess been I hold the project of mine since the start and it's still a
also make to point out that they're giving this talk as an individual my employer is not involved in any way whatsoever I'm here
to make trips and PCA each FPGA each FPGA is the combination between the site links as 605 développement board coupled with the a at T 6 0 1 is USB 3 and on board the pcExpress generation 1 1 lane cited goes into the target computer or if you wish to call it the victim's computer the USB 3 side goes into the control a computer or if you wish to call it the attacker computer once those sites are connected to the controller computers able to send peace expressed section layer packets over USB onto the FPGA which with them put them on pcExpress of target system we can also read these expressed your piece this way from the target system and they would be forwarded on to the controller computer the whole harvested that that such is between 5 and 600 dollars in total and with this you will be able to do do make to build of both 32 bit memory address space below 4 dates and a 64 bit memory address space about before objects you will be able to do DNA at around 7 5 megabytes per 2nd everything that I created is totally open-source but them using some vendor-proprietary blobs in their unfortunately so that's why the title of today's talk is public and not to open them if I compare
DSP 605 as FPGA solution with the earlier hardware used for DMA attached to use before 3 8 the use be 3rd 380 was sold out earlier this year and that year FPGA solution is a little bit more expensive it's about here it's also slower as east at the moment but it's much more stable and you will be able to do 64 bit DMA memory addressing as well and that means that you are able to access memory about 4 gigs as well as memory below 4 gigs and this is a huge difference compared to the old hardware that we were only able to access memory below for dicks with the
e-mail text has been around since pretty much forever I think you all heard of the inception also firewire diamanté taking tool if you haven't used at the heart of it please look at that as a response to redeem a attacks that's also as a response to the growing need for virtualization of devices cpu Wendish introduced the I O in the news were the 2 D around 2 dozen 8 and on watch and if the IO memory use are used properly and by the former and operating systems they should be able to protect fully against the main attacks as we'll see today that not always did it that's not always the case there's been lots of research into David it being the year of the DMA attacking space a call to mention everyone here today so I thought I should mention that uh the Communist work reduce arm hide it from the academic area and used for his PhD thesis and also snare and raising the they're really all some thunderbolt attacking idiomatic back in 2014 actually using DEC's that same Harvard atom using here today and DSP 605 and then there just a couple of months ago Dimitri elects released what I to be the 1st TMA attack focused FPGA bitstream into the public With this piece expressed do-it-yourself packing to kit the Dimitri also supported my work with their PCA Leech and it was shared both 1st binary sound some source code with me and there you really pushed me to actually get DSP 605 from the stock and get going here it's really huge thanks to Dimitri without you I wouldn't be here thank you BasisPlus is
based on their expected based the packets are called a transaction layer packets or TO piece they are d word-based 32 bit based they usually consists of a header that are between 3 and 4 debauched long and there the tailpiece can have different types for example read memory right memory I O conflagration messages conditions and so on that's focused on the D NATO piece here today their memory read them right tailpiece the 64 bit right yeah peak is down on the left it's stosh with their which type of packet at this in the 1st the word and then you also have the length of the data that you wish to write in number of the workshop the 2nd the board contains the requester IDE which is the best number and device number of the actual device sending to speak their TOP packet and then since we're doing a 64 bit have right that means delta bright into 64 bit memory address space the need to represent that address into the worksheet and then they have the date that down the when we do have right to be as post this message on to PC expressed and you were just it to we get rid of it won't get an act knowledge back that it was successful or not when we're doing our reading it looks pretty much the same the packets except it's a different type of course is they're doing a region here we are doing a 32 bit memory aid and that once you submit that 1 you need to wait a short while and you will receive 1 or more completion until peace back containing the actual data that the red so let's do a demo that's just be
dollars the piece expressed in section packets so that's in you more the memory that's dump the memory if we switch over the image to the hardware here the day the PTA board the and I have a victim system here so this our our express card to get peace expressed adaptive in the target computer and power on the FPGA it's connected to my presenter computer career at USB here if we switch back to my presentation of and and here we have it from from a slightly different and the hard here we are trying to read a read something we are going to read 1 the word from 64 bit memory address space they're going to read from the address for jigs exactly this address here see what happens here this and the reason PLP and we get a complete until P back and the completion to the 1st 3 the words are Andy Heller and then they have actual data that the right here so let's say a do right as well let's say do a 64 bit memory right to the same address let's say do essays to kill in a 2 D world long right to you do very same addressee with that this state and see if you can overwrite that previous
data we found that FIL people the and since we're doing a right to develop get an answer back no completion of science things like that that but they can never try to read that memory back to see what happens if the right for successful let's not try to read therapy the worst this time from the very same addressee it here we see that we
get the completions back into different completions and if the 2nd game in the beginning is set see that the previous array data is now were written with our new that that here we can also enumerate the memory of the target system since we don't know how much memory it's in this computer we need to check it out and we can do this by reading a tiny portion of every page that are able to read and there the see how much memory garrison this computer the and this good memory address space in a modern-day computer is not 1 big contiguous chunk of memory you have the physical memory in there and you also have like holes in memory in which there and I think you have never met pcExpress devices you can have a readable members such as system management von Roemer as well here we see that the red it that seems to be failing after slightly more than a change services problem in a chick assistant so let's try to dump the memory the the dumping memory takes a while so that go back to the presentations you can these are
all pcExpress form factors you have the standard PC expressed card as you all know to the lower left you have a minute piece ExpressTape desperate much behind the back cover of the laptops you have expressed card at the USA today the thunderbolt also carries pcExpress thunderbolt 3 is most often combined with the use PC connector nowadays and then you had a different and to keep form factors for example and 2 PM it's really common for and the and the drives here is the actual FPGA design
decorated it's a rather simplistic you have area block Dr. receives and transmits data or a 32 bit data connection from the USB 33 the USB yeah Don 56 1 as hard and then you have the year a Xilinx links pcExpress score on the other side that the handles statue pcExpress communications everything in yellow here are Xilinx their IP blocks or IP courses and they're not like they're open source so it's there then the proprietors steps and everything in green is the stuff that I pointed those so it's totally open source and its founder Mike it up where it we receive some data from already USB connector and a connection from the controller a computer and then they actually received some data on some metadata that because we know we need to know what kind of data we're receiving if the database a part of a transaction their package at we put it on the 1st out 1st you and if I took you for kill peace if it's some other kind of data for example internal loop back-to-back date that they put it on an internal look back 5 for example if you do some but the TOP a debate of detail piece on the T O P 5 we transmit that to be silenced pcExpress score and that 1 will take care of everything practical we received they have university kill piece from the deciding set pcExpress score as well and then since they have different fifers here that you wish to read data from us well we need some marginal decay so it stream that they can send back to the controller a computer and actually everything a like you like formatting of the TOP is actually done in sulfur on the control a computer so this is a rather simplistic the sign but it works so let's say jump into some more
advanced the man tracking let's do it the demo on them but above and is a Linux system that's locate and patch into the Linux kernel and since they're Linux kernel version for I believe in the year kernel is for randomized in physical memory address space which means that it's very likely that it will end up above the the year for jiggle limit and here date at the gay Harvard really shines compared to the older attack hardware that I used so let's try to find the Linux kernel pageantry that's mounted file system and unlock the computer so here we have the Linux computer and see that the memory dump a successful here it's a little slower here today since I'm going to read you is be had the and fortunately but remember don't seems to have worked and the switch to the M FPGA here which OK yeah and let's try to look onto this computer cut along with the password of single a hair any civil password we cannot get the into in its computer so if we switch back to the presentation we can insert a kernel modules into the running Linux kernel we try to locate the Linux kernel and press because the here today it's actually found below for dates to tap into the other in that position so um but it seems to be working on a wide uh let's mount the light file system using the kernel module addressed here yeah and once file system and but is mounted the it can just click into it actually have mounted alive memory lie RAM as well that became going to DTC folder and locate the shadow file which contains the password hashes of the user so the caste edited in our favorite favorite editor
here and here we have a lot of user accounts with them now as precious and they have the user account at the end this is a very long password hash yeah and of course if you know the password hash you can try to crack it store or something like that but that's no fun is much ECTS deleted and replace it with something else and then hit
saved but the the kind of want to switch back
to the year that began hi this single pass sort of thing in In the end thank you move and so let's go back to the presentation uh the if they go through other
computer here and you need to the now if we can switch to become the other computer that is for slot-filling over and we can also attacked gave you a 5 as you a 5 some you advice may protect themselves against the main attacks most you if I don't and if you are able to get the into a fight you might even compromise secure boot and let's say try to get into you a fire here today let's back toward the exit route services function that is called by the operating system loader and once you wish to take control of this target system let's a retrieved the memory map of Fed III five-member map and that's also patched the not get booted Windows kernel but this loaded at this stage and actually what I'm doing here today Dmitri has done some really awesome work in this
area as well so if you haven't checked out this stuff I really would like you to do that then so the switch to the dollar maybe can have this here uh so here we have another system and we need to switch on the PGA here I think OK this is the so what they're doing we're inserting the PDA here In the object booted computer and that the fear started we switch back to the presentations on the connected device of the that's right to do it again but yet it works better this time every bad connection computer stopping and that now the operating system loader called into DEC's boot services faction which we looked with our code we have attracted there they DUI 5 memory mapped 45 memory map here and that once during this stage the Windows kernel is already in the memory don't know endless kernel the hypervisor is already in the memory and a secure cholera is already in the memory but the Windows operating system is not yet that so it's cannot protect assaults against the main attacks yes so here we can actually patch in 2 D F Linux and it to Windows kernel and that if you look at Windows
versions session security it there has something that can be can enable that protects the kernel code integrative would dealt with the help of the hypervisor and secure kernel which regards to evil devices that are trying to do do you may access to the memory of the hypervisor and this juror kernel memory that we have no access to number at all normal executable pages in the normal Windows space as normal users based on our kernel space are marked as read-only with regards to the you may from even devices so we cannot patch in memory directly there and normal non-executable pages are pretty much as usual read write and there's a sub the year kernel-mode code integrity feature on object enabling the station now since the Windows operating system is not just to the that so let's say tried
to instruction code there and spot I system shop in here we locate that B communicated with our UA FI-modules located the Windows kernel and there we look at some code case in there to put our code in there and that now Windows is booting enabling registration-based security we cannot edit the kernel anymore match our evil code is already in there so we should be able to try to log on this computer if you switch to the F. B. gate here we have the year when the scope you can try to log on to that 1 using a password at all and as you can see we couldn't log on if a switch back to the presentations let's say change that that's the former system shall stereo system we thank you and there of course if your system we can have remove the password of user account and they can switch back to the beginning we can cut on generations this switch back to the presentation we can also dump the memory of the Windows system here we see that we get lots of pages from your dumping the memory it's pages that are marked as they're not readable the BIO and then you we have need to be that Windows protects its primarily the hypervisor insecure kernel pages in memory we can of 3 does but everything else pretty much we can the city's FPGA
instead open source pretty much at his departure by uh coded it's found on that date and that might make it as easy to use as possible you don't need any prior FPGA knowledgeable he should just be able to flesh it on this hardware and start the attacking unfortunately it's Windows-only only at the moment on the attacker PC I have so many Linux there uh driver problems with the harbor I'm using here I hope to resolve that quite soon and what's even more exciting is that there seems to becoming lots of devices quite soon to be able to do the math texts the for example there will be a the lots of gap there's some devices could be really inexpensive why some unusual and be and it a bit more pricey but still less pricey done DSP 605 solutions 1 such
example is a new hardware the pcExpress screamer it's a new hardware by key to renting a mean it's going to be easier to use it's going to be a lower price tag than DSP 605 solution it's going to be more capable PC expressed in relation to and there are plans to add support produce 1 sometime early 2008 team here so it's going to be really really early next year hopefully in the coming months to sum
everything up affordable FPGA demand tagging is the reality of the data physical access is still an issue I am menus are daring to hardware since forever like the might not always be used and I hope I showed you today that I believe there's more research to be done in this area and hopefully my tools will be useful to everyone that assist interested the thank you
and mn the thank you so much of so everybody just saw that you should keep your devices always on the person and we have questions went from 1 place so what this and I have this right so you're dumping only so long as the memory uh and patching because uh if you have the idea of uh they taking the writing and driver for saying what the machine which is methane and other machines memory into that but machine so that you can kind of say is of the process for the attack machine there is a lot of processes 2 operations on the memory of the machine uh very because of the program is doing in the later I haven't gotten to lecture in which that vertices the system of slow but it's an interesting idea and they to go into did I do have parallaxes at the moment so it should be possible and this is whole the predictive mining 1 time so that the limited here said would be this this out there so we also that someone connected to this I think it might be quite useful the way of a lot of questions he from the single angel it's actually not that many just to know what prevents you from implementing the PCI devices without any proprietary stuff and it is the control limited to Windows because of the proprietors stuff a to windows question it's so I believe I get it working on Linux quite soon and so just a driver issue I just haven't had the time to actual actually code it for Linux yet have had a little bit of a problem with the driver but it should be a problem right if they asked me to find the time to actually do it and then a daughter question by regards values the AC where you get the case actually so I just use the and the whole the tools that there the filings toolkit provides and it should be possible to replace some elements with them more open elements in this design as well but primarily beginning new peer so it's this was my 1st attempt at PDA so it should be possible to do this as well so you should talk to each other further and so on and some microphone to please and so I wonder if your can access so the memory used by needle in me is the only which is not accessible by me means of you know this is the limits from this it's going to be mapped the ways PHA civic platform control so it's a pleasure to be able to access this axis is then I cannot access this is the management member items money Lincoln and the last question for microphone 3 come you're using think that us of seeing to within the settings of those things that interview with u DMA attack for example that's disabling the express cults lot really help us the trust mob disabling just the power lines something as disabling they express card slot will help and then I come get into the card slot but usually on laptops if you unscrewed the back cover the are in something like a by phi card or something like that in there that's probably going to be peace expressed as well and that's the maybe it's harder to disable that 1 I if I made this the question before the last 1 I can answer that you can't replace some of the exciting scores white from the PCI Express 1 because that's so hard idea that's really on FPGA years non changeable stuff um so it's trusts yeah yeah hardware takes hardware and yet but you can also the 5 which is should be a part of thank you thank you a microphone to want to you wanted to say something so I k know so thanks again thank you all 1st and how some showed up for Microsoft from 1 yeah so the among so regarding the hard so what these hard at his novel implement is uh the physical interface to the peace express which is doing these trends action layer packets but the the actual DMA is usually done using an IP core which we load into the thing so usually is the united peak or which is proprietary earned running on the hard achieved for the PC I've uh physical so you would probably need an open our a IP core OK yeah thank you and care so now we're done with all the questions I guess you will have a lot of people surrounding you come up to the top to not speak into microphones and then I wish you a great evening and thanks again office uh
what it can't compare the peak at PEP http
Energiedichte
Field programmable gate array
Gerichtete Menge
Hardware
Speicherverwaltung
Übergang
Autorisierung
Demo <Programm>
Web Site
Gerichtete Menge
Hardware
Virtualisierung
Interaktives Fernsehen
Physikalisches System
Software Development Kit
Data Mining
PCI-Express
Physikalisches System
Field programmable gate array
Flächeninhalt
Computersicherheit
Speicherabzug
Projektive Ebene
Hardware
Bit
Web Site
Raum-Zeit
Schaltnetz
Computer
Physikalisches System
Computerunterstütztes Verfahren
Binder <Informatik>
Whiteboard
Raum-Zeit
Objekt <Kategorie>
Generator <Informatik>
Adressraum
Gamecontroller
Garbentheorie
Speicheradresse
Speicherverwaltung
Bit
Subtraktion
Hardware
Momentenproblem
Virtualisierung
Systemaufruf
Physikalisches System
Quellcode
Arithmetischer Ausdruck
Raum-Zeit
Ordnungsreduktion
Statistische Hypothese
Software Development Kit
PCI-Express
Quellcode
Field programmable gate array
Flächeninhalt
Prozessfähigkeit <Qualitätsmanagement>
Endogene Variable
Speicherverwaltung
Demo <Programm>
Bit
Subtraktion
Wort <Informatik>
Adressraum
Zahlenbereich
Computer
Information
E-Mail
Dicke
Kombinatorische Gruppentheorie
Raum-Zeit
Whiteboard
Typentheorie
Adressraum
Datentyp
Statistische Analyse
Speicheradresse
E-Mail
Transaktionsverwaltung
Bildgebendes Verfahren
Leistung <Physik>
Schreiben <Datenverarbeitung>
Dicke
Hardware
Vervollständigung <Mathematik>
Ausnahmebehandlung
Physikalisches System
Chipkarte
PCI-Express
CPLD
Transaktionsverwaltung
Rechter Winkel
Konditionszahl
Garbentheorie
Wort <Informatik>
Programmierumgebung
Message-Passing
Lesen <Datenverarbeitung>
Vervollständigung <Mathematik>
Sender
Mathematisierung
Güte der Anpassung
Sprachsynthese
Systemverwaltung
Field programmable gate array
Physikalisches System
Computer
Information
Kombinatorische Gruppentheorie
Pi <Zahl>
Raum-Zeit
Homepage
Gruppenoperation
Homepage
PCI-Express
CPLD
Dienst <Informatik>
Analog-Digital-Umsetzer
Rechter Winkel
Spieltheorie
Notepad-Computer
Speicheradresse
Offene Menge
Chipkarte
Telekommunikation
Bit
Mathematische Logik
Computer
Pi <Zahl>
Streaming <Kommunikationstechnik>
Metadaten
Loop
Wechselsprung
Formfaktor
Field programmable gate array
Vorzeichen <Mathematik>
Prozessfähigkeit <Qualitätsmanagement>
Notebook-Computer
Total <Mathematik>
Kommunalität
Speicherabzug
Grundraum
Einfach zusammenhängender Raum
Datenhaltung
Open Source
p-Block
Binder <Informatik>
Arithmetischer Ausdruck
Chipkarte
PCI-Express
Transaktionsverwaltung
Bildschirmmaske
Menge
Flächeninhalt
Loop
TVD-Verfahren
Mereologie
Gamecontroller
Kernel <Informatik>
Demo <Programm>
Ortsoperator
Physikalismus
Versionsverwaltung
Field programmable gate array
Ikosaeder
Computer
Kombinatorische Gruppentheorie
Raum-Zeit
Kernel <Informatik>
Physikalisches System
Mailing-Liste
Weg <Topologie>
Softwaretest
Code
Hash-Algorithmus
Statistische Analyse
Zählen
Speicherabzug
Dateiverwaltung
Inverser Limes
Abschattung
Passwort
Evolutionsstabile Strategie
Speicheradresse
Speicher <Informatik>
Schnitt <Graphentheorie>
Demo <Programm>
Metropolitan area network
Caching
Distributionstheorie
Fehlermeldung
Elektronische Publikation
Hardware
Konfigurationsraum
sinc-Funktion
Sprachsynthese
Physikalisches System
Elektronische Publikation
Abschattung
Modul
Auswahlverfahren
Gruppenoperation
Texteditor
Analog-Digital-Umsetzer
Lesen <Datenverarbeitung>
Lie-Gruppe
Caching
Distributionstheorie
Physikalisches System
Kernel <Informatik>
Mailing-Liste
Elektronische Publikation
Konfigurationsraum
Statistische Analyse
Einfache Genauigkeit
Kombinatorische Gruppentheorie
Abschattung
Message-Passing
Quick-Sort
Demo <Programm>
Computer
Information
Kombinatorische Gruppentheorie
Code
Kernel <Informatik>
Intel
Systemprogrammierung
Physikalisches System
Mailing-Liste
Verzeichnisdienst
Netzbetriebssystem
Bildschirmfenster
Virtuelle Realität
Statistische Analyse
Zählen
Virtuelle Adresse
Demo <Programm>
Caching
Einfach zusammenhängender Raum
Personal Area Network
Elektronische Publikation
Booten
Computersicherheit
Routing
Physikalisches System
Mapping <Computergraphik>
Objekt <Kategorie>
Dienst <Informatik>
System F
Flächeninhalt
Lesen <Datenverarbeitung>
Gamecontroller
Hintertür <Informatik>
Kernel <Informatik>
Virtualisierung
Mathematisierung
Stapelverarbeitung
Versionsverwaltung
Zahlenbereich
Schreiben <Datenverarbeitung>
Dienst <Informatik>
Computer
Information
Kombinatorische Gruppentheorie
Raum-Zeit
Code
Homepage
Homepage
Kernel <Informatik>
Unendlichkeit
Physikalisches System
Systemprogrammierung
Konsistenz <Informatik>
Softwarewerkzeug
Code
Arbeitsplatzcomputer
Bildschirmfenster
Statistische Analyse
Computersicherheit
Passwort
Numerische Strömungssimulation
Hilfesystem
Prozess <Informatik>
Befehlscode
Computersicherheit
Sprachsynthese
Physikalisches System
Ultraviolett-Photoelektronenspektroskopie
Gruppenoperation
Integral
Objekt <Kategorie>
Generator <Informatik>
Verknüpfungsglied
Thread
Funktion <Mathematik>
Einheit <Mathematik>
Parametersystem
Normalvektor
Speicherverwaltung
Binärdaten
Open Source
Bit
Hardware
Gewichtete Summe
Druckertreiber
Field programmable gate array
Momentenproblem
Open Source
Relativitätstheorie
Mathematisierung
Automatische Handlungsplanung
Hardware
Bit
Prozess <Physik>
Momentenproblem
Gruppenoperation
Physikalismus
Mathematisierung
Field programmable gate array
Schreiben <Datenverarbeitung>
Kartesische Koordinaten
Element <Mathematik>
Systemplattform
Homepage
Data Mining
Virtuelle Maschine
Arithmetischer Ausdruck
Field programmable gate array
Adressraum
Notebook-Computer
Bildschirmfenster
Speicherabzug
Notepad-Computer
Inverser Limes
Flächeninhalt
Strom <Mathematik>
Optimierung
Hardware
NP-hartes Problem
Nichtlinearer Operator
Benutzeroberfläche
Hardware
Einfache Genauigkeit
Elektronische Publikation
Gruppenoperation
Office-Paket
Chipkarte
Druckertreiber
Twitter <Softwareplattform>
Flächeninhalt
Menge
Rechter Winkel
ATM
Netz <Graphische Darstellung>
Gamecontroller
Prozessfähigkeit <Qualitätsmanagement>
Speicherverwaltung
Speicherverwaltung
Hypermedia
Medianwert
Systemprogrammierung
Pauli-Prinzip

Metadaten

Formale Metadaten

Titel Public FPGA based DMA Attacking
Serientitel 34th Chaos Communication Congress
Autor Frisk, Ulf
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34870
Herausgeber Chaos Computer Club e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Most thought Direct Memory Access (DMA) attacks were a thing of the past after CPU vendors introduced IOMMUs and OS vendors blocked Firewire DMA. At least until the PCILeech direct memory access attack toolkit was presented a year ago and quickly became popular amongst red teamers and governments alike.
Schlagwörter Hardware & Making

Zugehöriges Material

Folgende Ressource ist Begleitmaterial zum Video
Video wird in der folgenden Ressource zitiert

Ähnliche Filme

Loading...
Feedback