Comment by archgoon

Step 1 of reverse engineering anything: Figure out the make and model of the thing. ;)

"Employee badges" can be implemented in a number of ways, from simple broadcasted rfids down to having secret challenge responses that aren't breakable without going down the jlsca route since the secret is on the device and never leaves it.

So, step 1: figure out what exactly the model your 'employee badge' is using and what protocol it uses. There's probably some marking on it that should give you the manufactuerer at least.