{"@attributes":{"version":"2.0"},"channel":{"title":"Roald Nefs","link":"https:\/\/roaldnefs.com\/","description":"Recent content on Roald Nefs","generator":"Hugo -- gohugo.io","language":"en-us","managingEditor":"info@roaldnefs.com (Roald Nefs)","webMaster":"info@roaldnefs.com (Roald Nefs)","lastBuildDate":"Sun, 04 Jan 2026 00:00:00 +0200","item":[{"title":"Building a Car Hacking Test Bench","link":"https:\/\/roaldnefs.com\/posts\/2026\/01\/building-a-car-hacking-test-bench\/","pubDate":"Sun, 04 Jan 2026 00:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2026\/01\/building-a-car-hacking-test-bench\/","description":"Modern cars are computers on wheel, dozens of ECUs, multiple busses, wireless interfaces, and a threat model that keeps expanding. For the past few years I dipped my toes in the automotive security scene. It&rsquo;s now time to take a deep dive. So I bought a car.","featured":"yes"},{"title":"How to extract an AppImage and add it to the Ubuntu Sidebar","link":"https:\/\/roaldnefs.com\/posts\/2024\/12\/how-to-extract-an-appimage-and-add-it-to-the-ubuntu-sidebar\/","pubDate":"Wed, 25 Dec 2024 00:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2024\/12\/how-to-extract-an-appimage-and-add-it-to-the-ubuntu-sidebar\/","description":"<p>In this post, we&rsquo;ll guide you through extracting an AppImage and integrating it into the Ubuntu sidebar for easy access. As an example, we&rsquo;ll use <strong>SavvyCAN<\/strong>, a CANBus reverse engineering tool.<\/p>","featured":"yes"},{"title":"Committing Changes to a Pull Request Branch Created from a Fork","link":"https:\/\/roaldnefs.com\/posts\/2024\/01\/committing-changes-to-a-pull-request-branch-created-from-a-fork\/","pubDate":"Wed, 03 Jan 2024 20:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2024\/01\/committing-changes-to-a-pull-request-branch-created-from-a-fork\/","description":"<p>Sometimes a pull request on GitHub.com needs some work before it can be merged into the project but you don&rsquo;t want to force the required work on the pull requests original author. You&rsquo;re allowed to make changes to the pull request if they are opened to a repository you have push access to, the fork is user-owned, the user has granted the <a href=\"https:\/\/docs.github.com\/en\/pull-requests\/collaborating-with-pull-requests\/working-with-forks\/allowing-changes-to-a-pull-request-branch-created-from-a-fork\" rel=\"noopener noreferrer\" target=\"_blank\">required permissions<\/a> and there aren&rsquo;t any branch restrictions that will prevent committing.<\/p>","featured":"yes"},{"title":"Spoofing Microchips used for Animal Identification","link":"https:\/\/roaldnefs.com\/posts\/2022\/11\/spoofing-microchips-used-for-animal-identification\/","pubDate":"Wed, 30 Nov 2022 15:19:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2022\/11\/spoofing-microchips-used-for-animal-identification\/","description":"<p>A microchip implanted under the skin of an animal can be used for identification purposes. The microchips are using Radio Frequency Identification (RFID) technology to transmit an unique tag number using an electromagnetic field when in close contact with an nearby RFID reader device. The microchips are often used to help return lost pets quickly. The unique chip numbers are registered in a designated portal to let animal shelters, animal control officers and veterinarians to look up contact information of the animal&rsquo;s owner. During animal trials and events the microchips are often used to verify the animals identity.<\/p>","featured":"yes"},{"title":"How to Automatically Generate Clients for your REST API","link":"https:\/\/roaldnefs.com\/posts\/2020\/12\/how-to-automatically-generate-clients-for-your-rest-api\/","pubDate":"Sat, 19 Dec 2020 15:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2020\/12\/how-to-automatically-generate-clients-for-your-rest-api\/","description":"<p>While helping a colleague with adding some code to the <a href=\"https:\/\/github.com\/bunq\/sdk_python\" rel=\"noopener noreferrer\" target=\"_blank\">bunq Python SDK<\/a> to allow him to retrieve some additional information from the API (<a href=\"https:\/\/github.com\/bunq\/sdk_python\/issues\/148\" rel=\"noopener noreferrer\" target=\"_blank\">bunq\/sdk_python#148<\/a>), we noticed that the <a href=\"https:\/\/github.com\/bunq\/sdk_python\" rel=\"noopener noreferrer\" target=\"_blank\">SDK<\/a> was automatically generated. We&rsquo;ve eventually ended up monkey patching the <a href=\"https:\/\/github.com\/bunq\/sdk_python\" rel=\"noopener noreferrer\" target=\"_blank\">SDK<\/a>, as we couldn&rsquo;t make a pull request to the <a href=\"https:\/\/github.com\/bunq\/sdk_python\" rel=\"noopener noreferrer\" target=\"_blank\">SDK<\/a> and the API specification or SDK generator wasn&rsquo;t publicly available. However, this aroused some interest about the automatic generation of API clients.<\/p>","featured":"yes"},{"title":"Git Branching","link":"https:\/\/roaldnefs.com\/posts\/2020\/05\/git-branching\/","pubDate":"Sun, 10 May 2020 23:20:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2020\/05\/git-branching\/","description":"<h2 id=\"introduction\">Introduction<\/h2>\n<p>Like other version control systems Git also support a way to diverge from the main line of development and continue to do work without messing with that main line, it&rsquo;s called branching. Unlike may other version control systems, the Git branching model is lightweight. Each Git branch is simply just a file containing the 40 character SHA-1 checksum of the commit it points to. You can nearly instantaneous create or switch branches. It&rsquo;s therefore not surprising that Git users are encouraged to use workflows that branch and merge often.<\/p>","featured":"no"},{"title":"Getting Started with Git","link":"https:\/\/roaldnefs.com\/posts\/2020\/04\/getting-started-with-git\/","pubDate":"Mon, 20 Apr 2020 13:46:59 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2020\/04\/getting-started-with-git\/","description":"<h2 id=\"introduction\">Introduction<\/h2>\n<p>Git is a <a href=\"https:\/\/book.git-scm.com\/about\/free-and-open-source\" rel=\"noopener noreferrer\" target=\"_blank\">free and opensource<\/a> distributed version control system designed to handle everything from small to very large projects with speed and efficiency. While working with Git I often get asked questions about best practices or the more advanced usage of Git e.g.: a <em>rebase<\/em>, <em>merge conflict<\/em> or how to <em>cherry pick<\/em>. This post will serve as my personal Git reference as well as a getting started guide for my colleagues and friends.<\/p>","featured":"no"},{"title":"How To Create a Visual Studio Code Extension Pack","link":"https:\/\/roaldnefs.com\/posts\/2020\/04\/how-to-create-a-visual-studio-code-extension-pack\/","pubDate":"Fri, 17 Apr 2020 08:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2020\/04\/how-to-create-a-visual-studio-code-extension-pack\/","description":"<p>Within Visual Studio Code you will often find yourself installing multiple extensions for a certain language or framework. You might want to share those collections of extensions with your friends or colleagues, be able to easily disable or enable the full collection of extensions or provide a curated list of extensions for a blog post. Then you will find the Visual Studio Code Extension Packs to be very useful. In this blogpost, we&rsquo;ll create a Extension Pack for SaltStack requested in <a href=\"https:\/\/github.com\/korekontrol\/vscode-saltstack\/issues\/5\" rel=\"noopener noreferrer\" target=\"_blank\">korekontrol\/vscode-saltstack#5<\/a>.<\/p>","featured":"no"},{"title":"Ding Dong Ditch using SDR and Arduino","link":"https:\/\/roaldnefs.com\/posts\/2020\/01\/ding-dong-ditch-using-sdr-and-arduino\/","pubDate":"Fri, 03 Jan 2020 00:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2020\/01\/ding-dong-ditch-using-sdr-and-arduino\/","description":"<p>In this post we will be building a device to play Ding Dong Ditch  digitally. The device will ring the doorbell every several seconds  without pressing the button. This project is all about reverse  engineering radio frequencies using a RLT-SDR and creating hardware  using an Arduino.<\/p>\n<p>This project is heavily based upon the <a href=\"https:\/\/samy.pl\/dingdong\/\" rel=\"noopener noreferrer\" target=\"_blank\">Digital Ding Dong Ditch<\/a> by <a href=\"https:\/\/samy.pl\/\" rel=\"noopener noreferrer\" target=\"_blank\">Samy Kamkar<\/a>.<\/p>\n<p>The video is a short demonstration of the Ding Dong Ditch device.  Once it\u2019s powered by USB (or a battery) it will send out a RF signal  every few seconds which will ring the doorbell.<\/p>","featured":"yes"},{"title":"Hardware Reversing the Sitecom Wireless Router 150N X1","link":"https:\/\/roaldnefs.com\/posts\/2019\/12\/hardware-reverse-a-wireless-router\/","pubDate":"Sun, 15 Dec 2019 00:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2019\/12\/hardware-reverse-a-wireless-router\/","description":"<p>Last week I&rsquo;ve bought a Rigol DS1102E digital oscilloscope and was very eager to test it out. When going to my bin of old hardware I&rsquo;ve found a Sitecom Wireless Router 150N X1. After opening up the router I immediately spotted the UART debugging interface (<em>top left in the picture<\/em>). In this post we will go through the process of connecting to an unknown serial interface.<\/p>\n<p><img src=\"https:\/\/roaldnefs.com\/images\/posts\/2019\/12\/15\/sitecom_01.jpg\" alt=\"Inside of the Sitecom Wireless Router 150N X1\"><\/p>","featured":"yes"},{"title":"Update YARD Stick One Firmware","link":"https:\/\/roaldnefs.com\/posts\/2019\/01\/update-yard-stick-one-firmware\/","pubDate":"Thu, 17 Jan 2019 00:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2019\/01\/update-yard-stick-one-firmware\/","description":"<p>Today I received my <a href=\"https:\/\/greatscottgadgets.com\/yardstickone\/\" rel=\"noopener noreferrer\" target=\"_blank\">YARD Stick One<\/a> (Yet Another Radio Dongle) created by Great Scott Gadgets. The dongle  can transmit and receive digital wireless signals at frequencies below  1GHz. The YARD Stick One is not a SDR, because the I\/Q  samples are directly demodulated by the chipset instead of send to the  host over USB. The YARD Stick One therefore isn\u2019t compatible with any  SDR software, but you can use something called <a href=\"https:\/\/github.com\/atlas0fd00m\/rfcat.git\" rel=\"noopener noreferrer\" target=\"_blank\">rfcat<\/a>.<\/p>","featured":"no"},{"title":"Software Defined Radio on Linux","link":"https:\/\/roaldnefs.com\/posts\/2019\/01\/software-defined-radio-on-linux\/","pubDate":"Sun, 06 Jan 2019 00:00:00 +0200","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/posts\/2019\/01\/software-defined-radio-on-linux\/","description":"<p>In the quick start guide for Software Defined Radio (SDR) on Linux we will listen to some very common frequencies using a RTL-SDR. SDR is a radio communication system where traditional hardware components are  instead implemented in software. Some common low-cost DVB-T USB dongles with the Realtek RTL2832U controller and tuner can be used as a wide-band SDR receiver.<\/p>\n<h2 id=\"prerequisites\">Prerequisites<\/h2>\n<p>Start by installing the required packages for downloading and compiling the rtl-sdr package. The <code>libusb-1.0-0-dev<\/code> package provides a C library used for accessing USB devices (e.g. the RTL-SDR).<\/p>","featured":"no"},{"title":"About Roald Nefs","link":"https:\/\/roaldnefs.com\/about\/","pubDate":"Mon, 01 Jan 0001 00:00:00 +0000","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/about\/","description":"<p>I&rsquo;m a security and platform engineer based in the Netherlands, currently <strong>CTO at <a href=\"https:\/\/warpnet.nl\" rel=\"noopener noreferrer\" target=\"_blank\">Warpnet<\/a><\/strong>. Over the past decade I&rsquo;ve worked on security and platform engineering at organizations like <a href=\"https:\/\/duo.nl\/\" rel=\"noopener noreferrer\" target=\"_blank\">DUO<\/a>, <a href=\"https:\/\/www.kpn.com\/\" rel=\"noopener noreferrer\" target=\"_blank\">KPN<\/a>, and <a href=\"https:\/\/www.cjib.nl\/\" rel=\"noopener noreferrer\" target=\"_blank\">CJIB<\/a>.<\/p>\n<h2 id=\"community\">Community<\/h2>\n<p>I co-organize <a href=\"https:\/\/bsidesgrunn.org\/\" rel=\"noopener noreferrer\" target=\"_blank\">BSides Groningen<\/a>, <a href=\"https:\/\/www.bsidesams.org\/\" rel=\"noopener noreferrer\" target=\"_blank\">BSides Amsterdam<\/a>, and <a href=\"https:\/\/cloudnativegroningen.nl\/\" rel=\"noopener noreferrer\" target=\"_blank\">Cloud Native Groningen<\/a>: grassroots events for the curious, the technical, and the occasionally reckless. I also run <a href=\"https:\/\/roaldnefs.com\/training\/\">hands-on workshops<\/a> on automotive security and hardware hacking, and operate a Car Hacking Village at conferences across Europe.<\/p>","featured":"no"},{"title":"Tools","link":"https:\/\/roaldnefs.com\/tools\/","pubDate":"Mon, 01 Jan 0001 00:00:00 +0000","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/tools\/","description":"<p>I often get questions about the specific software or hardware I use. Since my setup changes frequently, this page serves as a living document where I keep everything up to date. It\u2019s a handy resource to share when people ask. If you notice something missing or have a suggestion, feel free to reach out, and I\u2019ll make sure to add it.<\/p>","featured":"no"},{"title":"Training & Workshops","link":"https:\/\/roaldnefs.com\/training\/","pubDate":"Mon, 01 Jan 0001 00:00:00 +0000","author":"info@roaldnefs.com (Roald Nefs)","guid":"https:\/\/roaldnefs.com\/training\/","description":"<p>I run hands-on workshops on <strong>automotive security<\/strong> and <strong>hardware hacking<\/strong>. They&rsquo;re the kind of sessions I&rsquo;d want to attend myself: short on slideware, long on probes, packets, and breaking things you actually own. Sessions are tailored to the audience, from a one-hour primer to a full day in the lab.<\/p>\n<figure class=\"home-feature\">\n  <div class=\"home-feature-images\">\n    <img src=\"https:\/\/roaldnefs.com\/images\/training\/car-hacking-village-bsides-luxembourg-2026.jpeg\"\n         alt=\"Attendees at the Car Hacking Village booth at BSides Luxembourg 2026, with instrument clusters and laptops on a workshop table.\"\n         loading=\"lazy\">\n    <img src=\"https:\/\/roaldnefs.com\/images\/training\/car-hacking-village-cluster.jpeg\"\n         alt=\"A powered \u0160koda Fabia instrument cluster on a workshop bench beside a laptop running the WebUSB CAN console.\"\n         loading=\"lazy\">\n  <\/div>\n  <figcaption><em>Photos: DLH, BSides Luxembourg 2026.<\/em><\/figcaption>\n<\/figure>\n<nav class=\"toc\">\n  <nav id=\"TableOfContents\">\n  <ul>\n    <li><a href=\"#hands-on-hacking-automotive-systems\">Hands-on Hacking Automotive Systems<\/a>\n      <ul>\n        <li><a href=\"#what-youll-learn\">What you&rsquo;ll learn<\/a><\/li>\n        <li><a href=\"#who-its-for\">Who it&rsquo;s for<\/a><\/li>\n        <li><a href=\"#format-options\">Format options<\/a><\/li>\n      <\/ul>\n    <\/li>\n    <li><a href=\"#hands-on-hardware-hacking\">Hands-on Hardware Hacking<\/a>\n      <ul>\n        <li><a href=\"#what-youll-learn-1\">What you&rsquo;ll learn<\/a><\/li>\n        <li><a href=\"#who-its-for-1\">Who it&rsquo;s for<\/a><\/li>\n        <li><a href=\"#format-options-1\">Format options<\/a><\/li>\n      <\/ul>\n    <\/li>\n    <li><a href=\"#past-sessions\">Past sessions<\/a><\/li>\n    <li><a href=\"#book-a-session\">Book a session<\/a><\/li>\n  <\/ul>\n<\/nav>\n<\/nav>\n\n<h2 id=\"hands-on-hacking-automotive-systems\">Hands-on Hacking Automotive Systems<\/h2>\n<p>Modern vehicles are computers on wheels. Dozens of ECUs talk over CAN, LIN, and increasingly automotive Ethernet. Yet most engineers, and most security teams, have never put a probe on one. This workshop closes that gap.<\/p>","featured":"no"}]}}