Hardware hacker Andrew “bunnie” Huang is living in Singapore, and he’s finding it difficult to board the public transit system because he habitually carries so many RFID-embedded cards that the automated turnstiles can’t get a read from his EZlink card. So he decided that he would remove the RFID from his transit card and delicately graft it onto the back of his cell phone (“transplanting RFID chips is a much cleaner solution from both the legal and technical perspective versus cracking the security and programming your own RFID to be compatible with the existing payment system. While many of the security systems used in RFID are already broken or have serious known vulnerabilities, I can’t think of any country where the authorities would take kindly to you doing it.”)
When cutting the chip out, be sure to leave the antenna contacts on either side, as these will be used to solder to the EZlink RFID chip’s leadframe tabs. Below is a photo of the chip itself, after it has been freed of its bond to the antenna.Next, lay some kapton tape down in the region of the RFID chip bonding area to protect the delicate antenna traces underneath. Slide the RFID chip in between the antenna contacts, and solder it down:
Soldering the chip takes a deft hand, since you’re soldering onto soft plastic that will melt if you apply too much heat. However, a bit of solder flux applied before the operation and a temperature-controlled iron set to the lowest temperature that will still melt solder makes things easier.
And that’s basically it! The final EZlink chip + grafted antenna assembly is very thin and flexible:
- How to hack RFID-enabled credit cards for $8 TV
- Report: "contactless" credit cards with RFID are easily hacked …
- RFID hackers' anthem to the tune of YMCA
- Paying for the London Underground with a dissolved, naked Oyster …
- Report: Oyster card crypto leak
- London Underground's OysterCard is cracked
- HOWTO turn a disposable camera into an RFID-killer