Will this work for you?
No no it was preformatted. As soon as whateverās in the code is in the post, it triggers the error.
You can try it yourself, itās the script in the ZIP I posted in Amalās LUA script thread.
Roger Dodger, I just tried it and Yeah,
I am now apart of the club
Yeah and look, as soon as you plug the code in the post, at the bottom of the editor, it says āDraft offlineā. Really oddā¦ Maybe itās trying to protect against code injection or something.
So if you remove this line and all after, It will allow you to post ( I all the lines I have just pasted below, it had no issues with as you can seeā¦
So you could post in 2 posts
Weird
Process the lines from the client
for l in rlines:
if args.verbose:
print(" PM3>PC: {}".format(l))
# We got a prompt
if pm3_prompts_regex.match(l):
if state in (WAIT_PROMPT1, WAIT_FINAL_EM_CHECK):
if state == WAIT_FINAL_EM_CHECK:
# No reply from the final EM check
print("No reply from {} programmed as EM chip. Press ENTER".format(
chip_type))
input()
print("Probing for T55xx...")
# Send the command to detect a T55xx in the field
os.write(pty_master, b"lf t55xx detect\r")
if args.verbose:
print(" PC>PM3: lf t55xx detect")
state = WAIT_T55XX_PROBE
elif state == WAIT_PROMPT2:
# Send the command to program the T55xx as an EM with the current UID
print("lf em 410x_write {} {}\r".format(
hex(uid)[2:].upper(),
1 if chip_type == "T55x7" else 0)
)
write_cmd = "rem Pretend writing {} tag with UID {}: Done" \
if args.dryrun else "lf em 410x_write {} {}"
os.write(pty_master, write_cmd.format(hex(uid)[2:].upper(),
1 if chip_type == "T55x7" else 0).
encode("ascii") + b"\r")
if args.verbose:
print(" PC>PM3: {}".format(write_cmd))
state = WAIT_WRITTEN
elif state == WAIT_PROMPT3:
# Send the command to read back the EM
os.write(pty_master, b"lf em 410x_read\r")
if args.verbose:
print(" PC>PM3: lf em 410x read")
state = WAIT_FINAL_EM_CHECK
else:
# We shouldn't have gotten a prompt in another state
print("Unexpected reply from Proxmark3 client: {} - stop".format(l))
return -1
# We got a regular line (i.e. not a prompt)
else:
if state == WAIT_T55XX_PROBE:
# Did we detect a T55xx, and if so, which type?
m = re.findall("(Could not detect|Chip Type\s*:\s*([a-zA-Z0-9]+))", l)
if m:
chip_type = m[0][1]
if not chip_type:
state = WAIT_PROMPT1
else:
print("{} detected. Program with UID {}? [ENTER=Y / N]".format(
chip_type, hex(uid)))
state = WAIT_PROMPT1 if input() else WAIT_PROMPT2
elif state == WAIT_FINAL_EM_CHECK:
# Did we detect an EM in the field, and does the UID match what we
# programmed in?
m = re.findall("EM TAG ID\s*:\s*([a-fA-f0-9]+)", l)
if m:
if int(m[0], 16) == uid:
uid += 1
print("{} programmed correctly. Press ENTER".format(chip_type))
else:
print("EM UID mismatch. Press ENTER")
input()
state = WAIT_PROMPT1
elif state == WAIT_WRITTEN and re.search("Done", l):
state = WAIT_PROMPT3
Jump to the main routine
if name == āmainā:
sys.exit(main())
eyyy
Do you have a spare Titan laying around to compare to the Xg3s?
I woke up from a dream about magnets and then i wondered about the Titan compared to the Xg2 V2 in terms of lifting strenght 
1 Like
Hmm yeah, but it works better with all the lines in it 
Haha, Yeah, I just updated my post as you replied
So if you remove this line and all after, It will allow you to post ( I all the lines I have just pasted below, it had no issues with as you can seeā¦
So you could post in 2 posts
Weird
Yeah, or I could post a ZIP
Good idea, you should just do thatā¦Much easier 
you are welcome!
He has soooo many more!
Hits like āThe Ding Dong Songā, āTouch meā and āNo Pantalonesāā¦
Truly a modern day āgeniusā, right? 
Looking great!!! 
Can picture it though!
I have the same issues when trying to get a good healing pic.
Keep us posted! 
That one is developing very well!!
2 Likes
I am not surprised at all that Discourse would prevent you from uploading thisā¦
seen far too many systems falling for both that and droptablesā¦ Canāt blame the devs from preventing against that even if we believe it should be captured elsewhere.
Posting ANY content should never be a problem, be it the complete works Shakespeare, movies, /dev/random or binaries of any kind. Bad coders who canāt handle their inputs properly try to secure their shit by preventing you from entering ābadā input - despite the fact that it is only bad because they canāt code properly.
If this is whatās happening here, itās disappointing, but hardly surprising.
Sometimes shielding against future coders is also within scope.
The limitation you unveilled is not preventing you from from posting that content. itās only preventing you from posting it in a specifically formatted way which can be used to exploit stuff.
And when I say I can see why they would prevent it, itās because even if the current devs handle that case, they might be aware that once their dev is complete theyāll probably be moved into a newer development and Junior devs will be set in charge of maintaining their work.
So just ātrusting that the next wave of untrained devs will not fuck up and turn this into a security issueā has been proven time and time again as a terrible Idea.
You misunderstand what Iām saying.
Data should be data. Data parsing for the purpose of pretty-printing should never lead to remote execution, heap overflow or anything like that. If the codebase is sane, this just doesnāt happen, and making it happen requires a special kind of effort. If the codebase isnāt sane, or dubious, or untrustworthy, then developers pile on layers of code to guard against possible harmful data.
This has nothing to do with junior or senior programmers. There are plenty of shitty old coders and talented young ones. This only has to do with competence. You donāt code for future incompetence anymore than hotel maids lay plastic sheets on the floor of the guestsā rooms in case the maids in the next shift might have trodden in a dog turd.
You are relying too much on āshouldā.
Just because you parsed the data on your code doesnāt mean a junior dev put in charge of maintaining your code wonāt fuck up your parsing.
Iām not saying that what is happening here is the best practice.
Just that I can understand why someone would go to extra lengths to make it even harder for someone to accidentally enable remote code execution.
Agree. Although you have higher odds of getting someone randomly allocated to maintain your project to accidentally fuck up your input sanitization.
Actually, ācoding with future incompetenceā is at the heart of every best practice guide.
See all the formatting standards, all the āreadability mattersā, all the guidelines all the modern languages haveā¦
All of those globally accepted best practices stem from ācoding in a way to mitigate future incompetenceā.
2 Likes
Dunno if itās interesting for anyone here (though I hope so ), but there is currently a petition against biometric mass surveillance going on in the EU. If youāre interested, you can sign it hereā¦
1 Like
Signing a petition to fight for the right to be anonymousā¦ The irony is strong with this one.
Itās an official european citizen initiative, so itās obvious you have to have the signature verified somehow. And I have no problem with providing some of my data to the EU when I can actually have at least a bit of influence on politics. I mean, if I write a letter to some ministery itās not anonymous as wellā¦ but that wonāt keep me from doing it, if I have a reason to.
Yeah I realize that.
The problem with this one is, all youāre going to do is leave your name somewhere. Nothing will change because the powers that be love mass surveillance, big data loves mass surveillance, and the two are in cahoots.
You can dance on your head and sign whichever petition you want, all youāre going to do is identify yourself as someone who should receive ads for VPN services, and possibly end up on a list of people who question authority.