The homepage of Jan Hrach

Miracles in radio waves and computer networks

I'm a developer (with strong sysadmin background) from Prague who enjoys working on challenging projects combining low-level software, hardware, radio waves and other high-end technology. I work in a startup that makes weather radars.

Contents:

Also, I have a blog (Google Translate), where I write about signal processing, software development and various other topics.

Some of the outgoing links are unfortunately only available in Czech. I'm providing Google Translate links to at least partially compensate for it.

Project showcase

Weather radar (2019 - ongoing)

I was working on repurposing marine radars for storm tracking. After hitting limits of this technology, I decided to build my own radar from scratch. Several decisions were made leading to a drastic simplification of the design:

As a result, we have built a radar that has TCO an order of magnitude lower than what is available. The project required solving many engineering challenges and first pieces are being produced as you are reading this. I have given a talk describing the project (Czech; my talk starts at 5 hours and 23 minutes timestamp).

You can also read my writeups on marine radar repurposing and on radars in general:

Here are some videos of our radars being installed [1, 2, 3, 4, 5]:

Multilateration with rtl-sdr (2018)

I have implemented a time difference of arrival multilateration of radio transmitters using unmodified rtl-sdr sticks placed on rooftops around Prague. The sticks first tune to a common known transmitter - for example a DVB-T or DAB transmitter; cross-correlation of this signal is used to perfectly (hundreds of nanoseconds) match their clock. Then, a target transmitter is tuned and the time difference of arrival is evaluated. Finally, isochronic curves from all pairs of receivers are drawn onto a map, and the transmitter is located at their intersection.


GSM cracking (2012-2015)

We have reimplemented the attack presented at the famous Wideband GSM Sniffing talk. It is a rainbow table attack on the A5/1 cipher used in mobile phones - tl;dr you can go through the entire 264 keyspace and save some important points. When you sniff some communication off the air, you reconstruct the keyspace to the nearest point and recover the key. This required to implement several components:

Overall, we have achieved almost 100% success rate in decoding SMSs and all other metadata in then-unpatched GSM networks. Ocassionally it can even sniff a phone call, but this is more difficult to achieve reliably and would require additional engineering.

Lectures

I give public talks on various topics. You can find the recordings and slides here. The talks are in Czech, slides are sometimes in English.

Other projects

Fastest channelizer in Litoměřice (2016)

FCL is a reimplementation of GNU Radio channelizer block, which was very resources-intensive to use. A channelizer splits wideband spectrum of a frequency-division multiplex into narrowband channels. This is useful for networks that have lots of transmitters side-by-side, like for example FM broadcast, TETRA, Tetrapol and GSM.

I have described methods of channel selection in my bachelor thesis.


Kukuruku (2015-2016)

Kukuruku is a network-transparent SDR software -- a server runs on a computer which has a software-defined radio peripheral attached, and the client can request waterfall display and select several channels it wants to listen to, which are then filtered, decimated and sent over the network. The client then pipes the data to a demodulator.

Unfortunately, I wrote Kukuruku back when I did not know how to write software and furthermore it depends on Python 2.7, GTK2 and GnuRadio 3.7, so it's pretty much defunct now.


tetra-listener (2016)

TETRA is a radio network (think of "enterprise GSM") run by various private users (municipal police, public transporatation company etc.). Unfortunately, encryption is difficult to set up and encryption licenses are very expensive. This leads to many communications running in plaintext.

We have patched OsmocomTETRA to dump audio traffic, written a dumper for SDS (short data messages, think of SMS in GSM), implemented uplink and direct mode decoding, chained it together with FCL so the entire network can be processed on one computer, implemented a custom demodulator and created several utilities to run the whole beast in a production setup. See tetra-listener for the project description.


tetrapol-kit (2015-2016)

TETRAPOL is a yet another radio network, and pretty much nothing was known about it on the internets. We have implemented a demodulator and decoder. Unfortunately, unlike Tetra, the network is encrypted (except for emergency calls) with a proprietary cipher from 1980s. We wanted to reverse engineer the crypto and try to crack it, but we somehow out-procrastinated in the middle of the project. Maybe some day...


Misc.

I have intensively participated in brmlab, a hackerspace, for most of its heyday, gaining enormous experience by working on various projects with brilliant people.

I collect various files in /f/, /f2/ and /brm/. You may also be interested in my mental highlights file and personal wiki.

You can also read my articles, mostly about Linux and computer security, on AbcLinuxu and Root.cz.

Contact me

You can talk to me in Czech, Slovak or English.

Resume

I have it on LinkedIn and don't want to keep two places up to date.

Bike riding

People sometimes ask of "non-computer" hobbies. I ride a bike everyday as the only mean of commuting and once a while I go on a longer trip. I have biked about 50Mm in my life, over 5000km/year lately. You can join me if you wish, for both one-day and multi-day trips. I usually ride about 120km per day in a rather slow pace, roads-only.

You can see where I have been so far below (click to open a Leaflet map; click here for a writeup on how to generate leaflet maps).