17 August 2016

Ital-Mil FSK, FSK 1200Bd/800


FSK-2 1200Bd/800Hz waveform, approximately 1500 Hz bandwidth, used by Italian Military; in this record it's used by Italian Navy HQ (IDR Rome) on 12200.6 KHz/USB as unusual intro before STANAG-4285 1200bps/L transmission, receive peer had the tactical callsign AZWL. Since the PtP nature of that tansmission it could be that the initial FSK part act as a squelch ...but it's only a mine speculation.

fig. 1 ~1500 Hz bandwidth
fig. 2 - baudrate line
fig. 3 - involution module and shift between carriers
The main features of this signal are what seems a polarity change that occurs each 8 bits (fig. 4), as reported by radioscanner.ru and confirmed in this analysis, and, at least in this sample, its quite pronounced 232-bit period shown in figure 5.

fig. 4 - polarity change
fig. 5 - 232-bit period (fisrt part looks like a sort of preamble)


https://yadi.sk/d/MAaPeQIRuHX7J

13 August 2016

CIS-14 FSK 96Bd/1000 with T-207 encryption


The characteristics of CIS-14 FSK-2 are the 96 symbols/sec speed and the 14-bit length frame, in this recording the shift is 1000Hz. This signal has been spotted on 8009.8 KHz (cf) on 0624 UTC.

fig. 1
fig. 2
The transmission is encrypted and in this case is used the T-207 on-line ciphering device, as shown in fig. 3

fig. 3
T-207 is quite old and it is used by CIS Mil as well as by Ukrainian Mil or other Ukrainian Governative users such as Diplomatic and/or Intelligence services: allegedly as a Soviet communication legacy.

11 August 2016

(yet another) email exchange via STANAG-5066 over MS188-110


I report this interesting catch since it's a link setup - forward - link down complete example and because it's formed of a bilateral email exchange between the peers.
The 188-141 2G-ALE setup phase is followed by the data forward phase through 188-110A ST that carries STANAG-5066 at the upper layer. Low data rates, 75-600 bps, are used  since the 66.67ms ACF of the 188-110 waveform (fig. 1). Once decoded, the raw output shows the transfer of two files compressed by STANAG-5066 (H)BFTP protocol (fig. 2).

fig. 1 - 188-110 ST using low data rates waveform
fig. 2 - raw decode window

The timing diagram of the transmission is shown in fig. 3

fig. 3 - timing diagram
STANAG-5066 bistream is obtained after removing the overhead bits added by 188-110 (fig. 4) and after processing the 5066 PDUs we get the two files involved in the transfer (fig. 5).

fig. 4 - part of the STANAG-5066 PDUs
fig. 5
 One can get other informations from the reading of the (unzipped) emails headers (fig. 6):

1) pc clocks seem to be not synced
2) ALE calls "KW7" and "DE1" corresponds to addresses "wmtkw7" and "wmtde1"
3) translation results in "location10" or "place10" and "check"
4) an HMSTP server is running in the IP sub-network 
5) they use the Microsoft email client Outlook Express


https://yadi.sk/d/-oH-XQtMu9umR 





Other info about HBFTP and 5066 are available in the blog, just search for STANAG-5066 tab.

9 August 2016

Chinese 4+4 π/4 DQPSK


Weak signal heard on 14021.3 KHz (cf) at 1450 UTC, just in the HAM 20mt band. The signal consists in two groups of four channels (4+4), the two groups are spaced by 450 Hz and channel separation is 300 Hz. The signal spreads ~2500 Hz bandwidth (fig. 1).

fig. 1 channels and groups separation
Despite the low signal quality, it is possible to measure the modulation rate in the channels in 75 symbols/sec. and fig. 2 shows the two methods used to confirm the result.

fig. 2 - measurement of the baud rate
The accomodation of the channels, pattern and manipulation speed, identify the signal as the Chinese 4+4 π/4 DQPSK: unfortunately the faint traces in the involution module does not allow to get a clear constellation. Talking about that signal, Karapuz sent me a clean record for study and comparison so it was possible to get the characteristic π/4 DQPSK of fig. 3

fig. 3

6 August 2016

unid BPSK 125.3Bd & 127.3Bd


These two PSK-2 signals has been heard on 12499.0 KHz (06 August, 2016) and 22499.0 KHz (10 May, 2016) on USB. Perhaps a coincidence but, unless a little variance of ~ 140 Hz, their central frequencies differ of 10KHz: for that reason I shifted up the 22499 KHz signal of just 140 Hz in order to find differences and similarities.

The two signals exhibit different manipulation speeds: 125.3 and 127.3 Baud, although the sub-carrier frequency have (reasonably) the same value of 830 Hz (it's to note the better recording quality of the 22499 KHz signal).

fig. 1 - manipulation speeds
fig. 2 - sub-carrier and harmonics

For what concerns the modulation, both the two signals use the PSK-2 technique (figs. 3,4)

fig. 3
fig. 4
 
The analysis of the demodulated bitstreams show a 141-bit period for the 22499 KHz signals and a 14-bit period for the 12499 KHz signal (fig. 5).

fig. 5- perdios of the two bitstreams
These signals are perhaps produced by the same modem/equipment running at different speeds, but it's only my supposition. As far as I know, user(s) is unidentified: comments and help in this direction are welcome.


bpsk-125.3 Bd https://yadi.sk/d/VCAq0bBktzER8 
bpsk-127.3 Bd https://yadi.sk/d/buRS-WngtzEKn 

1 August 2016

FM13 weather reports messages in CW


Oceanographic and Hydrographic observations are sent daily by the Hydrographic ships of the Russian Navy at fixed times 00, 06, 12 and 18 UTC on 12464 KHz.  Such messages are not sent directly to GSVMF ground stations but forwarded via Naval HQs:

RJP99 547 18 4 2214 547 = FOR RJH74 RJH45 = ... (via RIT, NSF HQ Severomorsk)
RMCW 6T2 18 23 16TT 6T2 = SML FOR RJE73 RJH45 =... (via RCV, BSF HQ Sevastopol))

In fact, looking for example at the FM-13 reports (at least here in Southern Europe) you may see that most of these messages almost always report two recipients, mostly RJE73 RJH45 or RJH74 RJH45, usually using the "sml" priority indicator: I do not know if the recipients are local GSVMF offices at each HQ naval bases (RIT, RCV,...) or just GSVMF central offices:

RJH45 = MOSCOW NAVAL METEO
RJE73 = BLACK SEA FLOT METEO
RJH74 = NORTHERN FLEET METEO
RJD38 = BALTIC FLOT METEO
RJE65 = BLACK SEA FLOT HQ, NOVOROSSIYSK
 

They use the standard observation method as described by NOAA in their observation handbook [1], and within this message format there is a Lat/Long position report for where the observation took place: so you are able to localize the positions of the ships by decoding the Code FM-13-X-SHIP (or shortly FM-13). This ships synoptic code is comprised of 23 groups of symbolic letters representing meteorological and oceanographic elements, report identification and ship location data (see resources later at the end of this post).

1) Ship current position is coded in the Ships Synoptic Code Section 0:
... 99LaLaLa QcLoLoLoLo ...
... 99662 10345 ...

99 Data on Position Follow

LaLaLa (662) Latitude in degrees and tenths of a degree. Always coded with three digits, the first two digits are actual degrees, the last digit for tenths of a degree (66.2)

Qc
(10) Quadrant of the globe (specify whether the latitude is north or south and the longitude east or west). 
If north of the equator (north latitude):
- 1 when east of the Greenwich Meridian (east longitude)
- 7 when west of the Greenwich meridian (west longitude)
If south of the equator (south latitude):
- 3 when east of the Greenwich meridian (east longitude)
- 5 when west of the Greenwich meridian (west longitude)



LoLoLoLo (345) Longitude in degrees and tenths of a degree. Always coded with four digits, with the leading (hundreds) figure coded as 0 or 1. The first three digits are actual degrees, the last digit for tenths of a degree (34.5)

2) the ship movement data is coded in Section 2:
... 222DsVs ...
... 22232 ...

222 indicator
Ds (3)
true ship’s course made good during the three hours preceeding the time of observation:
0
Ship hove to
1
NE
2 E
3 SE
4 S
5 SW
6 W
7 NW
8 N
9 Unknown
/ Not reported

Vs (2) Ship’s average speed, in knots, made good during the three hours preceeding the time of observation:
0
0 knot
1 1 to 5 knots
2 6 to 10 knots
3 11 to 15 knots
4 16 to 20 knots
5 21 to 25 knots
6 26 to 30 knots
7 31 to 35 knots
8 36 to 40 knots
9 Over 40 knots
/ Not reported

Examples:

VVV RJD99 DE RBC89 QSA? QTC RBC89 572 9 5 0955 572 = FOR RJD90 RJH74 =
050?? 99662 10345 41/96 9230? 00050 40000 52020 70222 89/// 22232 00030 20202 232// 40302 88000 05016 = + RBC89


in plain text:
"ship  RBC89 (calling RJD99) at (Moscow) time 0955 was at 66.2N 34.5E , heading SouthEast @ 6-10kts"
the position of RBC89 is decoded from 99|662 10|345, with the heading/speed obtained from 222|32.

CW "771 19 9 1551 771 ...99548 10198...22242...AR RMWT K"
in plain text:
"ship RMWT position at 1551 Moscow time: 54.8N 19.8E  heading South @ 6-10kts"


Since the time of reception differs from the one indicated in the preamble (does not matter if UTC or Moscow Time), it is presumed that the preamble time is the time when the message was prepared and not the time of the transmission: i.e. the data relate to the observation at 1603 Moscow Time (1203z) but sent (and then received) at 1220z.

[1] http://www.vos.noaa.gov/...compliant.pdf