In this talk I will describe successful attacks on the TIRIS Digital Signature Transponder (DST) Tag, an RFID device used to secure millions of SpeedPass payment transponders and automobile ignition keys. The cipher used by these devices is proprietary, so I will begin by presenting the techniques used to reverse engineer the algorithm given black-box access to chosen input/output pairs. I will then present a number of different methods for brute-forcing the keys to this cipher and the engineering that was required to create a tag simulator. I will conclude with some discussion of future directions for secure RFIDs.