With direct access to underlying hardware, embedded control chips within larger systems are attractive targets for exploitation. Like many modern devices, cell phones are full of these potentially exploitable embedded systems. This presentation follows the process of reverse engineering the PN544, the chip handling NFC on many cell phones. Ultimately, we present a firmware level attack against the PN544 which modifies wireless signal generation and converts a cell phone into a card cloner compatible with iCLASS Legacy security badges. At the intersection of embedded, wireless, and physical security, this talk demonstrates an example of the unique but powerful attacks which can be performed as a result of reverse engineering embedded systems.