20 December 2015

pseudo-random frequency hopping


Frequency Hopping Spread Spectrum (FHSS) is a method of transmitting radio signals by rapidly switching the carrier among many frequency channels using a pseudo-random sequence known to both transmitter and receiver(s). The heard packets in this sample have a duration of 2520 ms, frequency shift ~ 20 Hz and 20 data bits carried (other similar transmission have been noted with 2460 ms and 24 data bits, same shift) and span up a 2 MHz bandwidth, this recording has been on 13 MHz band.



12 December 2015

playing with MS-DMT (MIL-STD Data Modem Terminal)

The MS-DMT application is a software defined modem based communications terminal tool developed as a Microsoft Foundation Class (MFC) based Multi-threaded 32 bit application. It is currently designed to run under MSWindows XP SP3 and later versions of both 32 and 64 bit MS-Windows operating systems. The tool is written in C++ using the Microsoft Visual Studio 2008 compiler and requires the installation of the VS2008 C++ runtime redistribution libraries which are part of the full MS-DMT install distribution only.
The MS-DMT tool functions as both a MIL-STD modem and basic data communications terminal and provides MARS a MIL-STD-188-110A (MS110A) compliant Serial Tone (ST) waveform modem based Message Terminal capability providing message composition and automated message storage to simplify MARS MS110A Forward Error Correction (FEC) message handling.
The software’s terminal provides numerous features to aid in message handling and the software also supports the use of more fully featured external asynchronous terminal applications. Additional features such as Data Link Protocol, Data Compression, Data Encryption and others may be added to the MS-DMT tool as required and in accordance with the specific standards as requested or left to implementation in external terminal applications.
You may use MS-DMT to build, decode and learn the MIL-STD 188-110 ST wavefvorm, the modem, along with other interesting resources and docs, can be downloaded from here:
MIL-STD Data Modem Terminal (MS-DMT) software and resources 





3 December 2015

MFSK-4 (double FSK) 96/100Bd 500Hz, Ukraine Military


This waveform is known as Double FSK 96/100 Baud and 500 Hz shift, a dual channel F7B mode used by Ukraine Military, spreading about a 1730Hz bandwidth. 
The signal was heard just this morning (03 December) on 6970.9 KHz on USB, tones at -750, -250, +250 and + 750 Hz. Site radioscanner.ru reports this signal as Ukraine Mil 96-100, the two baudrates indication (96 and 100) is due to (literally) "some difficulties  in determining the speed of manipulation, due to the fact that the transmission channels are not synchronized (or poorly synchronized) with each other".
That issue is verified in the 21Aug15 log: the signal exhibits two baudrate lines at 96 and 100 Hz (pic. 3). That uncertainty is anyway not present in the measurement results of the  03Dec15 signal (96Bd) as in the pic. 2. The perfect 500Hz space among the tones (pic. 3) has ben found in the 96Bd signal, while in the other (96/100Bd) the shift is about 505Hz.

Pic. 1 - 03Dec15 signal, single baudrate line (96Hz)
Pic. 2 - 21Aug15 signal, the two baudrate lines
Pic. 3 03Dec15 signal, perfect 500Hz shift

F7B is a FSK modulation technique with four modulation frequencies, the two transmission channels, termed V1 and V2, are obtained through six possible combinations of the four frequencies and this leads to 6 different modes F7B1 to F7B6:
http://www.wavecom.ch/content/.../twinplex.htm



http://youtu.be/w44gtaCBQBM?hd=1

2 December 2015

MFSK-4 150Bd 4000Hz (CIS FTM-4): the effective data-rate

This signal (reported here) is logged as FSK 4-tone with baudrate 150Bd and shift 4000Hz, or else CIS FTM-4 (Pic. 1). Looking in depth, they use only 4 of 24 combinations of the four tones (Pic. 2), so the encoded characters which are transmitted are reduced to 4.  This mode is called Frequency-Time Matrix (FTM) or, in this case, FTM-4. The coding method is five-digit group of characters plus spaces. The four symbols are:
A) 1-2-3-4
B) 2-4-1-3
C) 4-3-2-1
D) 3-1-4-2
Looking at the segment in Pic. 2, we could find the occurences of each symbol, for example "A" occurs 4 times, "B" occurs 3 times, "C" occurs 3 times and "D" occurs 3 times.
Since the baudrate of the signal, i.e. 150Bd, the real data-rate is 150/4 = 37.5 Baud. 

Pic. 1
Pic. 2
The repetitions of 4 symbols is clearly visible analyzing the demodulated bistream, unless some few errors due to the demodulation:

Pic. 3
 as well as the structure of the message seen as 48 bits period: some parts are well distinct
although it is unclear what they mean (sinc?, address?, commands?, ...)

Pic. 4

26 November 2015

CIS-128 and its ACF discrepancy

Looking at a CIS-128 signal heard this morning, I came across the discrepancy about its ACF value and the the right way to calculate it.
The signal exhibits the well known values of this waveform (64+64 channels, 20.9Bd speed and 23.5Hz step) but the modulation seems a BPSK with the add of 4 service tones: unfortunatelly, it's quite difficult to separate a single tone in order to confirm this mode. As it is common for CIS-128, a special char is sent each 5 symbols (Pic. 1) so that the expected value for the ACF should be ~239ms ...but looking for that value we get strong ~477ms spikes in SA module (Pic. 2): it's just the double, or else 10 symbol periods!
In my opinion, the reason for this double ACF is in the way the special chars are sent. 
By looking at the whole 477ms length frame in Pic. 3, it's visible - straining a bit the eyes - the right ACF period that occurs each 5 symbols (~239ms) just as it was expected: but the spec chars sent each 5 symbols are in some way alternately reversed as illustrated by the white-circled bits (Pic. 3). This way, these special chars seem to appear to the ACF-tool eyes as a sort of sequence like 

:: :: :: :: XY :: :: :: :: YX :: :: :: :: XY :: :: :: :: YX :: :: :: ::
and then the repetition period, according to its point of view, is logically 10 rather 5 symbols. Something like an optical illusion. 

Pic. 1
Pic. 2
Pic. 3
The same situation can be found analyzing the 6000Hz 'broadband version' of this waveform (Pic. 4).
In this case the ACF is ~238 ms BUT here the speed is double, so the special chars, which are sent each 5 symbols, should make ~119ms spikes: using the CCF measurement these chars are visible inside the red-marked circles (Pic. 5) and white-marked in the structure of the frame (Pic. 6).

Pic. 4
Pic. 5
Pic. 6

25 November 2015

Unid MFSK-4 50Bd 100Hz


Unidentified signal heard on 6259.0 KHz  (cf +550 Hz) at 0748z on 25 November. It consists of 4 channels separated by 100 Hz and manipulated at 50 Baud; the signal occupies a bandwidth of about 375 Hz. Signal quality is poor and affected by deep fading so that the signal results not well structured at analysis. ACF is 0 ms.


18 November 2015

HFDVL modem tests: sync. preamble


Spanish Universities are still conducting intensive tests of the HFDVL modem (hfdvl-modem-ofdm-73-tone) on 14350.0 KHz on USB, I not tried  to listen on the other 14825.5 KHz test-frequency. While the previous tests consisted of transmission of about 30 and 10 seconds duration, in these samples (at least) a different "test format" is used: it seems to me that one side of the link just sends data (long signals) while the other peer seems just send a sort of ACK (shorter signals). The durations are fixed, ie 1'06'' and 0'11 secs. 

The tests involve two transmitting modems, more likely located at Las Palmas - Canary Islands (14350.0 KHz just belongs to the University of Las Palmas) and Madrid, since the HFDVL waveform is developed by the groups "CeTIC" from the Universidad de Las Palmas de Gran Canaria and "GAPS" from Universidad Politécnia de Madrid, other than Aeropuertos Españoles y Navegación Aérea. As far as I know, the modem manufacturer is MM CICOM Telecomunicaciones from Spain.

Prior to the transmission of data, a three part preamble is transmitted.
Part one consists of an initial unmodulated tone more likely used for Doppler correction. This tone is slighty shifted in the two signals (Pic.1) but just a few hz, so pretty meaningless though some distortion visible in ACK signals which could be due to a falut of modem (Pic. 1b). Looking at the Pic. 2, in 17-Nov recording the initial tone lasts for 
- 633.1/3 ms (19 signal element periods) in ACK signals 
433.1/3 ms (13 signal element periods) in DATA signals 
while in the 24-May recording the tone has a duration of 433.1/3 ms (13 signal element periods). Part two consists of  2 signal element periods of (KNOWN) data and part three consists of 1 signal element period of only even carriers followed by 3 signal element periods of only odd carriers: part two and three sum to 6 signals and make a 200ms duration (Pic. 3). 
My friend KarapuZ pointed my attention on the part two: according to his analysis, this is BPSK 2400Bd modulated and carrier is 60 Hz down-shifted in respect of the unmodulated tone frequency. The 60 Hz shift is probably added for the initial synchronization. Following his tips I replicated his results (Pic. 4).
 
Pic. 1

Pic. 1b
Pic. 2

Pic.3
Pic. 4

14 November 2015

Chinese 30-tone LSB/USB waveform


These signals has been heard on 13 November on 16497.0 KHz USB (16500.0 KHz LSB) at 1420z, transmission was noised and of poor quality but this does not prevent a good study.
The preamble is composed of four QPSK modulated tones, 600 Hz shifted, starting from 650 Hz (USB tuned, Pic. 1). The pilot (doppler) tone is located in the higher part of the spectrum at 2550 Hz. The waveform uses 30 orthogonal subcarrier tones, 75 Hz spaced, with BPSK modulation and symbol rate 60 symbols/sec (Pic. 2) and it is transmitted in burst mode. The recording has been resampled at 7200 Hz, getting a better value for the "magic k" factor (=1/4). The whole waveform, 30 carriers + pilot tone, spreads ~2450 Hz.
As shown in Pic. 3, the waveform has exactly the same characteristics and the same OFDM values of the Chinese 30-tone, except for:
- the preamble and the position of the pilot tone (due to LSB/USB switch);
- the lenght of the bursts.

More likely this is the Chinese OFDM 30-tone "burst" with an amended lenght of the bursts, as Alipio pointed in his comments. Just as a final note, looking at the table in http://www.radioscanner.ru/info/article538/, this waveform is very similar to the one called as "MARCONI" (Pic. 4). 
Recording is availabe by a simple request.

Pic. 1
Pic. 2
Pic. 3
Pic. 4

13 November 2015

an HF Ionosonde "VIPIR"


This sample sounds like the Wallops Island WI937 HF Ionosonde "VIPIR" (Vertical Incident Pulsed Ionospheric Radar),  seen around 1330 UTC on the 12MHz band... although the vertical incidence leads to think to a similar radar close to my QTH.


A possible source could be the Istanbul VIPIR in Turkey:
http://istanbul.ionosonde.net/


Dynasonde is an advanced technique of ionospheric radio sounding, the only existing one that fully implements the phase-based methods of radio measurements. The dynasonde setup at the Ionospheric Observatory of the Istanbul Technical University is a continuously operating complex of the newest Scion HF Radar ("VIPIR") and the data processing software Dynasonde Software Suite 2012 including its 3-D plasma density inversion procedure.




5 November 2015

MIL 188-110C App.D: BW24 KHz, SR19200 Bd, QAM-64


 

Cross Correlation Function returns 106.6 ms (Pic. 2) and highlighting a single frame it can be seen that the length of the mini-probe is worth 6.8 ms (Pic. 3): since the baudrate (19200 Bd), it makes ~130 symbols length. Now, looking at Table-D for 24KHz bandwidth waveforms (Pic. 4), this value (~130 symbols) can be assumed as 128 and consequently the data segment consists of 1920 symbols: this way we get (128 + 1920) 2048 symbols per frame that generate a 106.6ms ACF,  and 'salright (*). So, the waveform number may be 11 (64-QAM) or 12 (156-QA). The value of the carrier can be obtained in the fourth degree, wich is characteristic of QAM modulation (Pic. 5), and - althought it's not so clear - the typical 5 rings of QAM-64 are distinguished in the phase-plane constellation (Pic. 6).

Pic. 1 - 24 KHz bandwidth and 19200 Baud
Pic. 2 - CCF
Pic. 3 - Mini-Probe lenght
Pic. 4
Pic. 5 - detecting baudrate, carrier ad harmonics of the signal
Pic. 6 - the 5 rings (hardly distinguishable) correspond to QAM-64
(*) 'salright, it's all right, as Lennon sings here (Whatever Gets You Through The Night)

1 November 2015

Why I think this is Harris rather than Thales


I think this signal is the Harris "RF-5800 selective call" waveform, parameters as the speed, modulation and ACF fit fine, although they are the same than Thales Systeme-3000 ALE (pic. 1): unfortunately these two ALE signals have the same OTA parameters but not compatible at binary level due to proprietary adds.
This argument was already discussed here and this time I have an almost safe argument in favour of the 'Harris' identification: if you look at the signal you may see some voice segments and listening to them reveals a radio-check, in Spanish, between the operators callsigns "mercurio" and "830", briefly:
- 830 from mercurio k
- here mercurio, how copy me k
As you can see in the link below, "mercurio" is a Communications (HF and VHF) BMR in service in the Spanish Army (BMR 3560.56, aka "BMR Mercurio 2000"):
http://www.ejercito.mde.es/en/unidades/Las_Palmas/ciatrans16/Organizacion/materiales/index.html 
But more likely, from searches in the web, "mercurio 2000" could also be the name of a set of communications equipment that is installed in vehicles of the Spanish Army such as Vamtac, BMR or even Land Rover (!):
Now, download this pdf and take a look at page 10: the new VAMTAC will replace MERCURIO comm-vehicles starting from Jan 2013, and just below the picture you can read a mention just about the Harris RF-5800 that is used as HF equipment set (pic. 2): 

So:
- since these new VAMTAC vehicles are equipped with Harris RF-5800 
- since the communication vehicles seen above belong to the same (mil) network
there is no reason because "MERCURIO" should use (or be) a different proprietary equipement (as Thales, in this case) that would cause  interoperability issues inside the comm. network.

It remains to observe, in my opinion, that while logging these signals it's hard to say Harris rather than Thales, and vice-versa, without some other useful item such as an on line chat (as in this case) or a well-known working frequency.

Pic. 1
Pic. 2