Henryk Plötz and Milosch Meriac gave a presentation at the recent 27C3 Chaos Communications Congress in Berlin, Germany, in which they demystified the HID iClass. One of the challenges of breaking iCLASS RFID readers was to extract the firmware and the security keys of RW400 readers without leaving visible traces like breaking the case open. This challenge can be solved by exploiting a vulnerability in PIC18FXX2/XX8 microcontrollers that allows dumping the firmware by only accessing the ICSP pins. Check out their docs exploring the HID iClass security system.