Weird Return-Oriented Programming Tutorial - bin 0x2A
Рет қаралды 78,380
Күн бұрынThere are a lot of tutorials on ROP out there, so I try to explain the concept in a different way. Maybe that's a bad idea and a lot more confusing. But if you didn't understand it yet, or you already know ROP, then this could be interesting.
What Hacker Research Taught Me: • What Hacker Research T...
Science of Insecurity: • 28c3: The Science of I...
A Patch for Postel’s
Robustness Principle: langsec.org/pap...
Exploit Programming
From Buffer Overflows to “Weird Machines” and
Theory of Computation: langsec.org/pap...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🔴 Stuff I use ]=
→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-...
→ Camera#1 for streaming:* geni.us/sony-c...
→ Lens for streaming:* geni.us/sony-l...
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-k...
→ Old Microphone:* geni.us/mic-at...
US Store Front:* www.amazon.com...
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
@maltepoll 5 жыл бұрын
I have to say: the quality of your videos is just getting better and better. This is an awesome explanation and a great resource. Please keep making videos like this one.
@Jagnathbaba 5 жыл бұрын
I was thinking that i would not understand this but oh my god, what you basically did was to execute specific parts of the legitimate code to do whatever it is you wanted to do. Now i truly understand the meaning of malicious computation. Hats Off
@LiveOverflow 5 жыл бұрын
Amazing! :3
@obsidianskin9502 Жыл бұрын
:3 @@LiveOverflow
@jayh5992 5 жыл бұрын
Had ROP in university an hour ago, took 90 minutes to explain the same things you could in 15 minutes, but worse :P
@silver_soul98 4 жыл бұрын
@@rlc9399 I am studying it in software security
@112BALAGE112 5 жыл бұрын
JVM? nah we use IWM (invoice weird machine) here.
@skellybin 6 ай бұрын
Joke so bad bro had to tell us in parentheses
@celivalg 5 жыл бұрын
you are much better at explaining assembler than my computer architecture professor x)
@thedevminer 5 жыл бұрын
Same here!
@kr1tzy 3 жыл бұрын
You said it best: there are already so many "normal" ways to teach ROP. This "weird" way is nothing less than fantastic.
@StefanNoack 5 жыл бұрын
to confuse the hell out of someone reversing your code, just replace all jump instructions with push followed by ret >:-)
@otesunki 4 жыл бұрын
NO, pop, add, then push so you can still use ASLR 😈
@halorx9863 2 жыл бұрын
Just compile with only mov instructions 😂😂😂
@Fritzendugan 5 жыл бұрын
Love this viewpoint of ROP, I feel like the concept of "weird machine" has very many parallels into other aspects of computing and even our universe in general. I've always had a sort of intuitive notion of the concept, but having it laid out in this way and giving it a name really has expanded the way I think about it in a meaningful way, I think. I'm gonna be noodling on this concept for a long time Thanks for making these and other videos
@skellybin 6 ай бұрын
This tutorial, while being KIND of confusing, made me understand ROP so much. You are awesome and your teaching skills are fantastic
@Occcc12 5 жыл бұрын
This finally made me realize what the P in ROP actually refers to - we are PROGRAMMING the weird machine *mindblown*
@Dries007BE 5 жыл бұрын
Actually, with some previous understanding of CPUs and/or the JVM, this is a perfect tutorial/explaintation! Thanks as always for the wonderful video.
@artemking4460 3 жыл бұрын
yeah, thought the same thing after watching this video. It really becomes a simple explaination for anyone already aware of some of the internal workings of theese things.
@JackBond1234 5 жыл бұрын
So in one sentence, by overwriting the original return pointer and by organizing data and further pointers in a specific order in the stack, you are able to execute any custom program by reusing tiny chunks of code (gadgets) in your preferred order that existed in the original program and are, therefore, executable.
@BrendonWilliams 3 жыл бұрын
"The CPU does this by incrementing the instruction pointer, the Java Virtual Machine does this by simply incrementing the program counter, and our weird machine does this by incrementing the stack pointer." That's what cinched it for me. Thanks. Now to practice :)
@M1stersupersonic8 5 жыл бұрын
Alternate title: Abusing Return For Fun And Profit
@fotisalexandridis5831 5 жыл бұрын
I was hitting refresh for like two hours to wait for the video to be available. Keep up the good work
@Arek_Frac 5 жыл бұрын
don't refresh just wait, it will start after a while
@epicm999 2 жыл бұрын
I finally think I understand chaining the gadgets together. This is amazing.
@Shinika01 5 жыл бұрын
ROP based on memory... EPIC stuff!! Thanks again
@VaradMahashabde 5 жыл бұрын
is that an 'eip' pun?
@giacomo.delazzari 5 жыл бұрын
I'm not sure if this could interest you, but could you make a video about the Rust programming language and explore if and how it prevents security vulnerabilities as it advertises? I'm thinking about an assembly analysis of various executables produced by the compiler, along with comparisons to C/C++. That would be really interesting to me, I hope something like this could somehow fit in you content and your interests. Keep up the good work as always!
@VaradMahashabde 5 жыл бұрын
AMAZING! This was an amazing topic and thank for introducing me😊😊 Frankly I found it perfectly explained and the process of discovery was also kinda organic. I must say that i was itching for some particular similes such as 'cobbled Frankenstein code' to come up, but i guess that's my own perspective on it
@Archfile375 5 жыл бұрын
This might just be the single best video I've seen on ROP. I think this is one of the best explanations of ROP that I've seen. Thank you for the time and effort that went into your compiler and examples as well.
@berni8k 5 жыл бұрын
I think this is an excellent explanation! I heard of this trick before but i never knew how exactly it works, now it makes perfect sense to me.
@kly8105 5 жыл бұрын
I think you should be more confident on your capacity to explain a topic, i am not a programmer and i understood this video. Sometimes people are good enough at teaching, even without they themselves realizing, that they can teach something complicated and make it seem simple, i think you have such talent.
@whocares4598 3 жыл бұрын
Apologies if I sound rude but how do you understand any of this in a meaningful way if you don't know programming, more specifically reverse engineering? You likely have never heard of a "register", "instruction pointer" or "buffer overflows".
@Handlessuck1 2 жыл бұрын
@@whocares4598 I wasn't either at the time but it was layed out nicely enough that it wasn't so bad to understand.
@whocares4598 2 жыл бұрын
@@Handlessuck1 I used to be kind of a dick back then. Person may not have fully understood, but definitely had a glimpse
@user-lz2oh9zz4y 5 жыл бұрын
You just stack overflow my mind, I'll do some memory handling and knowledge recovery and come back later
@allmycircuits8850 5 жыл бұрын
You probably wanted to say: you'll RETURN later.
@PflanzenChirurg 5 жыл бұрын
@@allmycircuits8850 GOLD
@zcqian 5 жыл бұрын
Really great tutorial. I don’t have much background but now I understand what ROP is and how it’s exploited and why it can be exploited after watching this video. It is really clever.
@ashlord8190 5 жыл бұрын
Excellent tutorial. Very methodical way to introduce weird machines.
@arpitnandi124 3 жыл бұрын
idk man, u say its weird but u like literally explained the very essence of ROP, thnx for the great video
@DerMannInDerWand 5 жыл бұрын
Thank you so much for this video! It's been exactly this angle to thinking about it, explaining it, that I needed to understand so much that was unclear to me before.
@nikoshalk 5 жыл бұрын
Even though I knew about ROP before the video, damn, the weird machine concept got me! Never thought it that way. Keep up your creative work
@IdanLerman 2 жыл бұрын
Your videos are amazing! I've learnt so much from you, so thank you very much! I know this video was published 2 years ago, but I would personall love to see an overview of the compiler and its development. I do get the basic idea, but curious about the advanced part. Most ROP explanations and examples are focused on a single solution to gain one goal, yet here you took it to a whole new level (which is incredible). Please let me know if there are resources I could look at, or even the sources here, for deeper understanding of "dynamic ROP" like in this example.
@7Mango033 2 жыл бұрын
Beautiful video with a (at least for me) novel look at ROP
@estebanzd9434 5 жыл бұрын
I'm currently creating a programming language, and this helped a lot.
@TheDimaSomov 5 жыл бұрын
Strangely, at the end of the video I understood what you did here... Wow, ROP seems to require a lot of creativity since even the simpliest instructions should be constructed of multiple gadgets. Do you have any life-applicable examples when you can - and may - successfully use ROP to gain advantage as a security researcher/hacker (and when other ways of doing it will not help)?
@TheFerdi265 5 жыл бұрын
A good example of sophisticated ROP chains used in the wild is for example in the 3DS hacking scene: They implemented a huge chunk of code in ROP to use after they get code execution from a vulnerability that uses functions and gadgets from the home menu and uses ROP to further exploit the system and make it possible to remap something as executable. They have ROP chains that include equivalents of for loops and if conditions (they set the stack pointer somewhere else to simulate a goto, and conditionally setting the stack pointer can be an if) There is also the challenge flropyd of the currently running 0ctf 2019, where you have to implement an algorithm in ROP. I'm sure there will be good writeups for that challenge afterwards
@espionn 5 жыл бұрын
basically any binary that is vulnerable to buffer overflows that don't have executable stacks :)
@kirtirathore6959 5 жыл бұрын
This was awesome and mind blowing at the same time. Hope to see more on the channel ;)
@featherance 5 жыл бұрын
This video and previous one give me a better concept on ROP, really helpful.
@rawbytes7356 4 жыл бұрын
It was really mind blowing...continue making these weird videos ❤❤
@Wolkenviech 5 жыл бұрын
I really don't know what I should do with this information but it's interesting.
@LiveOverflow 5 жыл бұрын
Just enjoy knowing about it :)
@Erarnitox 5 жыл бұрын
this ist just awesome and mind opening, thank you for introducing me to that topic. I can tell and also relate why you are so amazed by this topic
@ukuluhamaa5908 5 жыл бұрын
You sir just blew my mind, absolutely amazing explanation!
@timm0e 5 жыл бұрын
Thanks a lot for this video, superb explanation, very easy to understand :)
@elianagriffith9510 5 жыл бұрын
Thanks to your videos I was inspired to do CTFs!
@davidjohansson1416 5 жыл бұрын
Eliana Griffith ctf?
@elianagriffith9510 5 жыл бұрын
@@davidjohansson1416 capture the flag. It's hacking but we need to get strings (flags)
@davidjohansson1416 5 жыл бұрын
Oh, i've heard of that. It's really popular in taiwan i think. @@elianagriffith9510
@demkademkovski9851 5 жыл бұрын
Great explanation of unexplainable things
@TimLF 5 жыл бұрын
Wonderful shenanigans incite immunity to malice in "Why to use rust,java,etc part 2; using a ROP framework to exploit C everywhere".
@c3realpt 4 жыл бұрын
Damn, so much effort put into this video! Thank you!
@L1Q 5 жыл бұрын
This was pretty well explained in failoverflow's PS4 hacking talk where IIRC they exploited webkit exploit to run ROP programs injected with JS
@PflanzenChirurg 5 жыл бұрын
YOU ARE A TOP SOURCE OF EDUCATION, grüße.
@josealvim1556 5 жыл бұрын
Very nice, easy to follow even though I'm not quite versed in this area.
@danusminimus9557 5 жыл бұрын
I just learned to appreciate ROP on a different level
@RohanKumar-wf9sc 4 жыл бұрын
This was really an awesome video for anyone who wants to learn about ROP. But tell me one thing, how much time did you take to understand this stuff ?
@ndm13 5 жыл бұрын
Having followed the Pokemon glitching/hacking scene, this resonates with me. I highly recommend checking out people in this field. They have been looking at the unmodified ROMs of Pokemon games (typically the earlier generations due to simplicity and more knowledge) and doing this exact thing to do everything from beat the game in less than a minute to adding custom sprites to building memory viewers and redditors to programming their own games on top of it! It really showcases the Gameboy as a little 8-bit computer and Pokemon Red and co as programs running on top of it. TheZZAZZGlitch and ChickasaurusGL would be my recommendations for the software side of things.
@MichaelKanonEducation 4 жыл бұрын
Loved it! It really was mind blowing!
@k.achillini 5 жыл бұрын
Hi! How to bypass ASLR and how to fight with CFG (control flow guard)? this things are much more complicated than r2lc, and it will be so cool, if you can explain some of this things! Thank you for your work, and good luck in everything! :) P.S.:soru for broken english :D
@yuxin7440 5 жыл бұрын
The explanation is excellent. I am wondering whether there are automated tools to generate the "compiler" code given a vulnerable binary. I also read that a common technique of exploit is to return to libc as there are many useful functions and virtually every binary linked to it. And a common way to defend it is the address space layout randomization(ASLR), which prevents the hacker from knowing the exact address of a given instruction. Can you also make a video about ASLR and how dynamically linked library loaded alone with program in memory?
@MecegguemMohamed 5 жыл бұрын
my mind just overflowed
@febinjose181 5 жыл бұрын
This was my introduction to ROP and i must say that this bleeeew my mind. I can't believe how beautiful this concept is. And the explanation was really good. but i just had a doubt, i haven't watched any other ROP videos so i might be wrong. So the question is won't the cpu detect stack smashing and terminate the program instead of returning or is it disabled in this video.
@LiveOverflow 5 жыл бұрын
If the CPU could detect this, we wouldn’t have those issues :P
@febinjose181 5 жыл бұрын
@@LiveOverflow okay either you didn't understand my question or i didn't understand your answer(most probably this one). So what i understood from the video is that you have to overflow the buffer or have some other way to overwrite the return pointer with a value we choose so that we can start chaining rop gadgets but won't there be a stack cookie between the first buffer and rip. so won't the first return fail (the ret in add_invoice) since the stack cookie has been changed. OR IS there no stack cookie in this example? was that feature disables when you compiled the invoice program.
@ErikDaGreat 5 жыл бұрын
OK now this is weirdly epic
@firefish111 5 жыл бұрын
Very interesting! Keep making videos like this one.
@Gameboygenius 5 жыл бұрын
I've been wondering for some time why we keep insisting on using the same stack for calls and data. If you were to build an architecture from scratch, you could essentially have two stack pointers, one for each purpose. This would eliminate the risk of ROP exploits. You could even implement it today on many CPU architectures, specifically RISC CPUs with lots of symmetrical registers where one could be reserved for the purpose.. Although it would require compilers to be re-made to fit this new style of passing parameters, and existing binaries would not run out of the box.
@gusfl2 4 жыл бұрын
0:37 the stack cookie (canary) seems enabled. isn't this supposed to crash the program when performing such overflows?
@fozangardezi6163 5 жыл бұрын
Just Great! although takes a bit time to understand but still great.
@flareriderdash2331 5 жыл бұрын
This is just beautiful
@LuluTheCorgi 5 жыл бұрын
I don't think it was hard to get at all, you explained it very well like always
@ELYESSS 5 жыл бұрын
So the vulnerability here is not those gadgets but just the buffer overflow?
@LiveOverflow 5 жыл бұрын
Yep
@burakgerz 3 жыл бұрын
Which disassembler is that you are using in the video?
@TheEmT33 5 жыл бұрын
I love u liveoverflow
@dodo-hws8317 5 жыл бұрын
Thank you! Really awesome explanation. Are there any exercises or old CTF challenges where I can try to do some of this on my own?
@racter9561 5 жыл бұрын
github.com/6l0ryteam/6l0ry-wargame/tree/master/pwn/chal/rop This is a simple ROP challenge for my CTF team wargame. I think it uses the same technique as the video’s.
@hochinteressanterbenutzern5910 5 жыл бұрын
❤️ your Videos! I learn so much. Thank you Ps: what Font are you using?
@profiluefter 5 жыл бұрын
As far as I know it's hand written with a graphic tablet.
@hochinteressanterbenutzern5910 5 жыл бұрын
@@profiluefter ok thx
@Calm_Energy 5 жыл бұрын
So did I understand this correctly, bytecode is very similar to opcode, just used in the context of a virtual machine (like JVM)?
@Calm_Energy 5 жыл бұрын
@@tripplefives1402 ok so that last sentence of yours was gold to me. B/c these cpus are different, bytecode takes a program, lets say Java, and branches to the correct opcode? Maybe we have a java program compiling on an AMD64 so those bytecodes trigger the correct opcodes for AMD64, as opposed to this same program running on an old machine, maybe a 32 bit intel chip. I wonder if the AMD/Intel design are so siimilar, and opcodes are called the same, so maybe a better exam would have been for me to refer to an ARM chip? I mean that's CISC vs RISC so I imagine even those opcodes are different, along with many many other things. I can see the adder doing it's thing in your description about taking 2 numbers from registers and putting those bits together one by one, what I didn't know is those are called "ROM data lines!" I now feel a little silly, I thought ROM was done with it's job after the initial boot sequence. Maybe you can help me with this next question. During my research I found a funky sentence from the wikipedia explanation of bytescode: "Bytecode may often be either directly executed on a virtual machine, or it may be further compiled into machine code for better performance." My problem is with the second half of that sentence, isn't everything executed turned into machine code? I'm struggling to understand how a vm would directly execute, wouldn't that be a silly vm b/c these things are usually created for portability? Thanks for your help, I love this stuff!
@freelancer917 5 жыл бұрын
Right now, we have to craft the programs to run on the weird machines by hand, because they all have a different set of gadgets, right? How hard would it be to write a compiler that can adapt to the different "instructions" provided by any weird machine?
@LiveOverflow 5 жыл бұрын
Yeah, there are many ROP chain generators basically doing that ;)
@freelancer917 5 жыл бұрын
@@LiveOverflow Great, thank you
@sanduhr3247 5 жыл бұрын
I would have given it a different approach. I wouldn't say "forget functions" at the start because it sounds critical and scary, they are just a stack of instructions in the memory and that ret doesn't return to a different ("top-level") stack.
@wcodelyoko 5 жыл бұрын
Well, at least now I understand how it works (more or less). But I didn't quite get how you set up the stack and move the SP so that the next return instruction jumps to chosen the address in the stack :/
@FrogtownMatt 5 жыл бұрын
Is there any way to implement conditional jumps? I think you would need a gadget that conditionally writes to the stack pointer, that would be very weird.
@LiveOverflow 5 жыл бұрын
Yeah, conditional jumps will get really really weird
@gyroninjamodder 5 жыл бұрын
It seems you skipped the explanation that for same architectures you can exploit the fact that instructions do not need to me aligned to create more gadgets. Additionally ROP seems to mainly be an issue with using call and ret. This is because the function can choose anywhere in the program to return to. Instead you could create a system where a function can only return to a predefined list of locations. This drastically limits the gadgets you are able to get and potentially the gadgets would be of lover quality since you don't get to choose to jump to an instruction or two before the next ret.
@tedbrownlow4617 4 жыл бұрын
How would you propose implementing this without having awful performance ramifications?
@gyroninjamodder 4 жыл бұрын
@@tedbrownlow4617 The performance impact would mostly be at the compile stage. Each function would need a table of addresses it can jump to and instead of pushing an address to the stack you push an index. Perhaps a better approach would be a custom CPU. The CPU already maintains an internal call stack that it uses for speculative execution. Perhaps if ret tried to use an address from the call stack which isn't from the internal call stack it would cause an interrupt and trigger some more expensive checks.
@RoulDukeGonzo 5 жыл бұрын
My brain core dumped!
@borstenpinsel 5 жыл бұрын
Return oriented programming could also be the title of a financial aid book. Topic: how to actually make money with programming instead of playing around :D
@Scoopta 5 жыл бұрын
This video was awesome lol, I want to try playing with something like this. I have a fair bit of my own C code that I'm sure has to have some stupid mistake in it. Maybe I'll give it a try. I should pip install that ropgadget tool and see what "instructions" my software has.
@Wertercat 5 жыл бұрын
Can you share invoice.c and compile.py for viewers to follow along and experiment with?
@CodeforgesInsaneDevelopment 5 жыл бұрын
Good job !
@chrissxMedia 5 жыл бұрын
at 3:24 the video says "instruction" which is both not valid english (or at least it doesnt sound like it was) and doesnt comply with what you said, should be "instructions"
@aidan3994 5 жыл бұрын
You get the meaning, quit being pedantic.
@FyodorLyubimov 5 ай бұрын
masterpiece
@dancysoft 5 жыл бұрын
Well done
@Adowrath 5 жыл бұрын
Now I wonder: Are there Weird Machines on the JVM? As in, on the Machine, not in the implementation of the JVM "Engine" so to speak which might be buggy (and thus create a weird machine of the JVM, not the Java program running on it).
@k1ngjulien_ 5 жыл бұрын
Mind Blown 🤯
@kennyken7604 4 жыл бұрын
After a full year, i finally understand what is going on here... damn
@AlbySilly 5 жыл бұрын
10:44 *d e m o n i t i z e d*
@0x90meansnop8 5 жыл бұрын
Wait. How is that different from a normal written asm-programm? And why the hell are pages on linux that are meant for stack executable? I thought the page management system should stop the cpu from doing that.
@Gaget01Stuff 5 жыл бұрын
They're not executable. All of the 'gadgets' are snippets that exist within the vulnerable executable. By hijacking the stack, we can control the flow of these gadgets because of the way an x86 ret works.
@PamHamme Жыл бұрын
THANK YOU
@hblaub 5 жыл бұрын
I only like RIP = Real Integer Programming. It satisfies my needs for integer mathematics.
@nazar5549 5 жыл бұрын
Doesn't the binary get relocated by the linker (and the addresses change)? What about ASLR?
@LiveOverflow 5 жыл бұрын
Sure. But you can defeat ASLR by finding a bug that leaks addresses. And then constructing your addresses dynamically as an offset from the leak. But defeating ASLR is a different topics. These are all different techniques and methods we try to reason about, but of course they are no silver bullet and may or may bot apply to a target
@keanu_ 5 жыл бұрын
Ich mag es echt, Deine Stimme zu hören! xD
@PflanzenChirurg 5 жыл бұрын
oh noch ein deutscher hier
@ali-azizimayer-peters6686 5 жыл бұрын
Nur deutsche hier....
@4.0.4 5 жыл бұрын
Thank you for acknowledging that we wouldn't understand it. I know I didn't.
@AshokKumar-bu2gk 3 жыл бұрын
Awesome man.....
@_iphoenix_6164 5 жыл бұрын
Yay, a new LiveOverflow video! Keep up the good work, man, love the content.
@MaxPicAxe 5 жыл бұрын
Amazing!
@ali-azizimayer-peters6686 5 жыл бұрын
So i will sum up in 1 sentence.... basically, if i understood this right LiveOverflow : ROP uses a vulnerability like an Bufferoverflow, to chain snippets of already implemented Assemblercode ( so called ROP-Gadgets )to create a whole new functionallity with this new re-puzzled code, which can be (ab)used to almost everything ? . . . . . So you jump with the help of ret through the ROP-Gadgets to chain that together to get shellcode or in your example an whole compiling-system ? You know that this is braintwisting and causes an O-My-Fucking-God-Face in anyone of those who watch your Videos ? There is something beautifull in this i can't explain. Like taking a car in Parts and reassemble the parts to build a rocket. :D
5 жыл бұрын
Is there a way to do ifs or loops?
@LiveOverflow 5 жыл бұрын
Sure. Be creative ;)
@elro444 5 жыл бұрын
Actually mind blown
@proxy1035 5 жыл бұрын
what happens when you have a program that doesn't use the stack...? or uses a Software stack
@LiveOverflow 5 жыл бұрын
How do you implement functions that can return?
@proxy1035 5 жыл бұрын
@@LiveOverflow you technically don't need to. Call and Return instructions are just fancy Jumps. they are not required for a (semi) turing complete machine
@proxy1035 5 жыл бұрын
2:38 i've never seen anyone represent Addresses going from bottom to top... next thing you're gonna tell me is that you read text like that too!
@pwnagotchi 4 жыл бұрын
That's because the stack grows from top to bottom, and the heap bottom to top.
@proxy1035 4 жыл бұрын
@@pwnagotchi I know the stack goes from higher to lower addresses as it fills up. but i meant that usually i've seen memory being represented with lower addresses at the top, and higher addresses at the bottom which sounds weird but that's how humans read stuff
@mikoajpisula6756 5 жыл бұрын
Now i will try *e v e r y* single linux command to check if I can implement a weird machine!
@redd_cat 5 жыл бұрын
D: he said the F word! I'm telling mum!
LiveOverflow
Рет қаралды 56 М.
Cool Items Official
Рет қаралды 7 МЛН
Technology Connections
Рет қаралды 671 М.
Cool Items Official
Рет қаралды 7 МЛН