7 February 2016

CIS Makhovik (the "flywheel") vocoder

Makhovik is classified as "vocoder" but can be used also for sending encryption of data, it is designed to operate in the UHF  but very often is found on the HF as a waveform of the AT-3004D/AT-3104D modem. The manipulation speed is 1200 Baud and the modulation used is BPSK (pictures 1 and 2) and are easy obtained by SA in case of a good recording of the signal.

pic. 1 

pic. 2
For what concerns its structure, this is signal is quite difficult to study. A fairly complete analysis can be found here, as for me I will illustrate what I have been able to find  and verify in regard to the aforementioned analysis.
Looking at the sonogram we can see an initial long BPSK preamble that is re-inserted several times: reinsertions do not happen at regular time intervals and have different durations. The preamble has a period of 12.5ms and since the speed of the system (1200 Baud) and the used modulation (BPSK), 12.5ms makes a 15-bits string matrix: this idle sequence 111101011001000 the characteristic "sign" of Makhovik but can be transmitted with different polarity (pic. 4). 

pic. 3 - period of the preamble, 12.5 milliseconds

 pic. 4 - the characteristic 15 bit string can be sent in both the negative and positive polarity

The header following the preamble, and preceeding the data block, is composed of a 511 bits synchronization block followed by the insertion of the encryption key. The key is composed of eight strings of 30 bits (i.e. 240 bits lenght) and each string is repeated 3 times so that the key weight is 720 bits (pic. 5). The x3 redundancy, as well as in KG-84 encryption, is probably used to improve the accuracy and realiability of the transmission.
pic. 5
Preambles and headers (sync blocks + keys) are easy recognizable inside the bit flow (pic. 6) as well in the sonogram of the signal (pic. 7).

pic. 6

pic. 7
As a concuding note I want to point out that the bitstream comes directly from SA demodulator and then we have to do with "on-the-air" symbols.
As said, an interisting and detailed analysis can be read in radioscanner  forum although it's in Russian language, anyway both the positive/negative idling sequence and the 720 bits key block are valid clues for its identification.
Thanks to KarapuZ for the precious help and tips.

No comments:

Post a Comment