Reverse engineering a real-world RFID payment system

Harald Welte presented at the 27C3 CCC in Berlin, Germany, demonstrating his efforts at reverse engineering the data format of a real-world RFID based debit card system. His efforts focused on the EasyCard system, which is a popular method of cashless payment in Asia. Slides of the presentation are also available.

Join the Conversation


  1. The image in the picture is a map of the Taipei MRT system. The EasyCard system is everywhere in Taiwan. I use it all of the time on the trains, buses, 7 eleven, etc. I am really disappointed that it is so easily hackable. Most people dont keep very much money on the card in case you loose it. I would hate to have to go back to cash for everything.

    There is a 10,000 NT$ (~$300 USD) limit on the card and a 3,000 NT$ (~$100 USD) limit per day.

    The central system does keep track of the card use. Repeated anomallies in the card or use will lock it out. You have to go to a special kiosk and have the attendant check the card. I believe it checks it against records randomly.

    One other note. Harald Welte probably should not return to SE Asia. Singapore uses the same system and they are very unforgiving.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.