I'm a developer (with strong sysadmin background) from Prague who enjoys working on challenging projects combining low-level software, hardware, radio waves and other high-end technology. I work in a company that develops and sells weather radars.
Contents:
I publish articles on Root.cz and I have a blog, where I write about signal processing, software development and various other topics.
Some of the outgoing links are unfortunately only available in Czech. I hope automatic translators such as Google Translate or DeepL have improved recently, so it should be accessible even for English speakers...
I was working on repurposing marine radars for storm tracking. After hitting limits of this technology, I decided to build my own radar from scratch. My design turned out to disrupt the situation on the weather radar market thanks to several decisions that seemed obvious to me:
As a result, we have built a radar that has TCO many times lower than what was available on the market. The project required solving many engineering challenges and there are already several radars operating around the world. I have given a talk describing the project. Then, there is a blogpost about out radar in Australia: Year in life of Brisbane Solid State Radar.
Additionally, thanks to the above (no technical room, integrated design, in-house produced parts and low power consumption), we were able to produce the following artifact: an automatically-deploying radar, without a need for a crane, with a hydraulic mast, packaged in a form-factor of a shipping container. Just drop a container anywhere in the world and in 10 minutes you have the first radar picture.
I have implemented a time difference of arrival multilateration of radio transmitters using unmodified rtl-sdr sticks placed on rooftops around Prague. The sticks first tune to a common known transmitter - for example a DVB-T or DAB transmitter; cross-correlation of this signal is used to perfectly (hundreds of nanoseconds) match their clock. Then, a target transmitter is tuned and the time difference of arrival is evaluated. Finally, isochronic curves from all pairs of receivers are drawn onto a map, and the transmitter is located at their intersection.
We have reimplemented the attack presented at the famous Wideband GSM Sniffing talk. It is a rainbow table attack on the A5/1 cipher used in mobile phones - tl;dr you can go through the entire 264 keyspace and save some important points. When you sniff some communication off the air, you reconstruct the keyspace to the nearest point and recover the key. This required to implement several components:
Overall, we have achieved almost 100% success rate in decoding SMSs and all other metadata in then-unpatched GSM networks. Ocassionally it can even sniff a phone call, but this is more difficult to achieve reliably and would require additional engineering.
I give public talks on various topics. You can find the recordings and slides here. The talks are in Czech, slides are sometimes in English.
FCL is a reimplementation of GNU Radio channelizer block, which was very resources-intensive to use. A channelizer splits wideband spectrum of a frequency-division multiplex into narrowband channels. This is useful for networks that have lots of transmitters side-by-side, like for example FM broadcast, TETRA, Tetrapol and GSM.
I have described methods of channel selection in my bachelor thesis.
Kukuruku is a network-transparent SDR software -- a server runs on a computer which has a software-defined radio peripheral attached, and the client can request waterfall display and select several channels it wants to listen to, which are then filtered, decimated and sent over the network. The client then pipes the data to a demodulator.
Unfortunately, I wrote Kukuruku back when I did not know how to write software and furthermore it depends on Python 2.7, GTK2 and GnuRadio 3.7, so it's pretty much defunct now.
TETRA is a radio network (think of "enterprise GSM") run by various private users (municipal police, public transporatation company etc.). Unfortunately, encryption is difficult to set up and encryption licenses are very expensive. This leads to many communications running in plaintext.
We have patched OsmocomTETRA to dump audio traffic, written a dumper for SDS (short data messages, think of SMS in GSM), implemented uplink and direct mode decoding, chained it together with FCL so the entire network can be processed on one computer, implemented a custom demodulator and created several utilities to run the whole beast in a production setup. See tetra-listener for the project description.
TETRAPOL is a yet another radio network, and pretty much nothing was known about it on the internets. We have implemented a demodulator and decoder. Unfortunately, unlike Tetra, the network is encrypted (except for emergency calls) with a proprietary cipher from 1980s. We wanted to reverse engineer the crypto and try to crack it, but we somehow out-procrastinated in the middle of the project. Maybe some day...
I have intensively participated in brmlab, a hackerspace, for most of its heyday, gaining enormous experience by working on various projects with brilliant people.
I collect various files in /f/, /f2/ and /brm/. You may also be interested in my mental highlights file and personal wiki.
You can also read my articles, mostly about Linux and computer security, on AbcLinuxu and Root.cz.
You can talk to me in Czech, Slovak or English.
People sometimes ask of "non-computer" hobbies. I ride a bike everyday as the only mean of commuting and once a while I go on a longer trip. I have biked over 60Mm in my life, over 5000km/year lately. I usually ride about 120km per day in a rather slow pace, roads-only. Companions are welcome. I have a Strava account.
You can see where I have been so far below (click to open a Leaflet map; click here for a writeup on how to generate leaflet maps).
Since spring 2022, I attend Železná koule, a kettlebell gym, regularly. As of January 2024, I have been there for 180 times!
