2 December 2017

Baudot FSK 50Bd/100

.
This FSK transmission was copied on 6330.8 (cf) at 1128z: shift is clearly 100Hz while some problems arise when measuring the speed. Indeed, the measurement of the speed based on FFT may fail in case of non-integer number of bits as in Baudot/ITA2 code where the stop bit lasts 1.5 bit: in this case SA assumes an integer number of bits, so  it prints out a value of 53.47 Baud (Fig. 1)

Fig. 1
In such cases the speed shall be measured using the "raster" tool of SA (Fig. 2): the structure of the frame is 7.5 bit (1 bit start, 5 bit of data and 1.5 stop bit) and the time line is 299.4 msec for 15 bit that makes a speed of 50 Baud.

Fig. 2

Baudod decoders work fine and print out the content of the message after the RYRY sequence, in this case: "ZHGD ZHGD ZHGD DE N4O4 N4O4 N4O4 QRK ? +?". The user is not identified, probably Russian Military.

Fig. 4


update
my friend KarapuZ catch a similar transmission on 5565.0/USB,  callsigns are very similar to the once I had: "ZBNV ZBNV DE 7X6R 7X6R 7X6R QRK ? +?". 

So far, these are the heard callsigns:
ZBNV, ZHGD
N4O4, 7X6R


https://yadi.sk/d/K_eEO7cT3QFLLU

24 November 2017

logs


05547.0: ---: Unid 2231 USB 3G-HF 2-way FLSU handshake / HDL24 transfer (06Nov17) (AAI)
 

05838.0: ABC7: Croatian Military, HRV 0924 USB 188-141A handshake ABK4 / radio-check (14Nov17) (AAI)
 

06205.0: ELETTRA11: Italian Navy & GdF ships, I 0815 J3E/USB radio-checks w/ GAMMA130, GAMMA204,GAMMA12,GAMMA70,ROSTRO525,SIRIO81,IBIS10 (24Oct17) (AAI)
 

06371.8: ---: Unid 1019 USB THALES Système 3000 robust MFSK-8 (17Nov17) (AAI)
 

06529.0: KAN: Iraqi Border Police (Khanaqin ?), IRQ 1632 USB 188-141A call DUH1 (11Nov17) (AAI)
 

06670.0: CAMP: SUI Emergency Net, SUI 0834 USB calling any station / 188-110A Serial, unid 8-bit protocol (03Nov17) (AAI)
 

06865.0: XS69: Algerian Military, ALG 1746 USB 188-141A call NX40 (14Nov17) (AAI)
 

06910.0: ---: Unid 0747 USB 3G-HF FLSU Async call (21Oct17)(AAI)
 

06985.0: COMCNET: Unid 0747 USB 188-141A sounding (24Oct17) (AAI)
 

07504.0: ---: Unid 0628 USB 3G-HF FLSU Async call (27Oct17)(AAI)
 

07527.0: UHC: USCGC DECISIVE WMEC 629 Pascagoula, MS 0605 USB 188-141A sounding 
(27Oct17) (AAI)
 

07608.0: ---: Russian Navy, RUS 1238 (cf) CIS Navy "Akula", FSK 500Bd/1000 (27Oct17) (AAI)
 

07608.0: VQ4: Polish Military, POL 1016 USB USB 188-141A handshake VQ1 / voice-comms (25Oct17) (AAI)
 

07671.6: ---: Polish Intel, POL 1155 (cf) POL-FSK 100Bd/620, short message (25Oct17) (AAI)
 

07719.0: ---: Unid 0807 USB 3G-HF 2-way FLSU handshake / LDL128 transfer (21Nov17) (AAI)
 

07748.0: CMOC: MORJANE-17 Algerian-Tunisian exercise, Joint Maritime Operations Center 0937 USB STANAG-4539 & 188-110A Serial modem, bearing STANAG-5066 HBFTP gzipped emails
to CLM353 "El-Kirch" missile launchers Corvette (23Oct17) (AAI)  


07788.0: ---: Unid 0635 USB 3G-HF 2-way FLSU handshake / LDL128 transfer flwd by analogue tfc in the reverse direction (27Oct17)(AAI)
 

07830.0: MJ02: Algerian Military, ALG 0835 USB 188-141A call NX01 (10Nov17) (AAI)
 

07830.0: ZD02: Algerian Military, ALG 0942 USB 188-141A call ZD01 (01Nov17) (AAI)

08002.0: 4XZ: Israeli Navy, ISR 2023 CW "AR AR VVV DE 4XZ 4XZ" (23Oct17) (AAI)


08016.0: RIHQ001: NPRD Net, HRV 1036 USB 188-141A sounding (27Oct17) (AAI)
 

08054.0: PG01: Algerian Military, ALG 0831 USB 188-141A call NX01 (10Nov17) (AAI)

08066.0: CLM353NET: MORJANE-17 Algerian-Tunisian exercise, Algerian Navy "El-Kirch" missile launchers Corvette 0850 USB 188-141A handshake CMOCNET Joint Maritime Operations Center / STANAG-4539 & 188-110A Serial modem, bearing STANAG-5066 HBFTP gzipped emails (26Oct17) (AAI)

08066.0: FERB: Uzbekistan Net Fargona, UZB 1817 USB 188-141A sounding (26Oct17) (AAI)
 

08066.0: PR510NET: MORJANE-17 Algerian-Tunisian exercise 0817 USB 188-141A handshake CMOCNET Joint Maritime Operations Center / STANAG-4539 & 188-110A Serial modem, bearing STANAG-5066 HBFTP gzipped emails (26Oct17) (AAI)

08095.0: ---: Russian Intel, RUS 1320 USB MFSK-16 66.6Bd 175Hz (25Oct17) (AAI)
 

08162.0: 035: Hungarian Army, HNG 0700 USB 188-141A handshake 082 / HARRIS AVS scrambled voice-comms (27Oct17)(AAI)
 

08188.0: A98: Chines Military, CHN 2149 USB 188-141A call D78 (26Oct17) (AAI)
 

08190.0: CARRECA: GdF patrol boat "Carreca G107", I 2144 USB 188-141A sounding (26Oct17) (AAI)
 

08190.0: CORRIAS: GdF Patrol Boat "Finanziere Corrias G206" 1012 USB 188-141A sounding (27Oct17) (AAI)
 

08327.0: ---: Unid 0739 USB 3G-HF 2-way FLSU handshake / LDL32, sending (usual?) 139-byte Harris "Citadel" encrypted file (23Oct17) (AAI)
 

10425.0: BE8: Unid 0944 USB 188-141A call SRR (23Nov17) (AAI)
 

10425.0: SDR: Unid 0949 USB 188-141A call SRX (23Nov17) (AAI)
 

11020.0: ---: Unid 1400 USB RFSM-8000 HF modem with linking protection, data exchange with peer on 11025.0 (03Nov17) (AAI)
 

11135.0: HQ4: Unid (Egyptian/Lybian net?) 1351 USB 188-141A handshake GANOB3, CMD "IFBUIFSHSBIBN" / short CLOVER-2000 transmission (20Nov17) (AAI)
 



11196.0: MSX: Unid 1247 USB 188-141A handshake SEV / voice comm (too short to understand the language) (20Nov17) (AAI)
 

11196.0: SEV: Unid 1347 USB 188-141A sounding (20Nov17) (AAI)
 

12163.0: ---: Russian Intel, RUS 1020 USB MFSK-16 66.6Bd 175Hz (25Oct17) (AAI)
 

12424.8: ---: F03 (prob. Polish Intel) 0848 (cf) FSK 200Bd/400, 896-bit period (27Oct17)(AAI)
 

12499.8: ---: Unid 1130 (cf) unid BPSK 125 Bd modem (22Nov17) (AAI)
 

16520.0: YIC: Unid 1043 USB 188-141A handshake SRI / 188-110A Serial (25Oct17) (AAI)
 

16700.0: 7771: Iraqi Government, IRQ 1317 USB 188-141A call 7777 (31Oct17) (AAI)
 

17149.7: ---: Unid (maybe Algerian Navy?) 0915 USB Chinese 4+4 p/4 DQPSK 75Bd modem (21Oct17)(AAI) [2]
 

17156.0: 5601: Iranian Net, IRN 0935 USB 188-141A sounding (21Nov17) (AAI)
 

18198.0: ---: Russian Mil/Intel, RUS 0715 USB CIS-112 OFDM 112-tone 22.22Bd BPSK modem (23Oct17) (AAI)
 

18248.6: KEN22: Unid US DoS Station 0711 USB 188-141A call KEM99 (23Oct17) (AAI)
 

18582.0: ---: Unid 1120 USB 188-110A 4800bps modem (200msec ACF) (17Nov17) (AAI)

16 November 2017

Swedish Army 8-bit text ACP-127

16 November update

Some weeks ago my friend Guido pointed my attention on two fixed-frequency services, 4228.0 and 4396.0 KHz on USB, which in some way are in connection with the unid S-5066 RCOP/UDOP protocol used by the Swedish Armed Forces which is discussed here: 
http://i56578-swl.blogspot.it/2017/06/unid...client.html
Since  the 4228.0 KHz channel is fequently noised by STANAG-4285 transmissions, I preferred to monitor 4396.0 KHz so the post is related to the catches in this frequency.

1. 8-bit text transmissions

These transmissions use the 188-110A Serial waveform, are not preceded by 2G/3G ALE neither by voice calls and happen many times per day. Once decoded, the resulting streams consist of ASCII 8N1 text. Curiously the transmissions on 4396.0 have the headers shifted and separated from the data body  (Fig. 1).

Fig. 1
The use of a fixed-frequency service, the occurences of the transmissions and the 8-bit text lead to think that this traffic is most likely the encrypted "8-bit text ACP-127 (SV-7)" from Swedish Army, as indicated in one slide of their presentation of the HF2000 system at HFIA Metting 2010 [1] and reported in Fig. 2. At present I don't know what SV-7 stands for. It's important to note that both the 8-bit text and STANAG-5066 transmissions use the same HF waveform 188-110A at 1200bps.

Fig. 2

2. transmitter site

I monitored for several hours in the morning the 4396.0 KHz using some remote Kiwi-SDRs located in Sweden and the results seem to indicate a site in the northern Sweden (Fig. 3)

Fig. 3

3. the Z-strings in the 8-bit and S-5066 transmissions

The most important aspect is the presence of the Z-strings in the messages' headers: these are the same as the strings already seen in the data-blocks of the  S-5066 transmissions from the Swedish Armed Forces (see this post). Note also that in both the transmissions the Z-strings are contained within the same sequences  (I catched tens of transmissions, for simplicity I show only two of these but the matches are in all the recordings)

Fig. 3
The 8-bit transmissions use only the Z-strings ZAPD<L> and ZXPD<L> and both are used every day with a prominence of the latter. So far, these are the heard strings:

ZAPD flwd by B,C,D,E,F (ie: ZAPDB, ZAPDC,...)
ZXPD flwd by B,C,D,E,F (ie: ZXPDB, ZXPDC,...)


I saw that the fifth letter of the Z-string does not change during the week, then in the following week it takes the next value in the alphabetical order: for example ZAPDD is used from Mon to Sun then in the following monday it changes into ZAPDE; the same happens for ZXPDD which changes into ZXPDE.

This alphabetical progression  is verified by a five weeks monitoring and in my opinion it's not a rotation but rather a way to indicate the week of the year using the last two letters and the convention A=1, B=2, C=3,... so that DC = 43, DD = 44 and so on (Fig. 4).


Fig. 4
Indeed, the date of the transmissions match this schema:

Fig. 5

It is very important to note that the same mechanism has been observed in the variations of the Z-strings in S-5066 transmissions (sporadic catches, not from a monitoring):

ZRTBC and ZXPBC on 6,7 June (BC = 23th week)
ZRTBD and ZXPBD on 15,16,17 June (BD = 24th week)
ZXPBE on 23 June (BE = 25th week)
ZAPCA on 1,2 August (CA = 31th week)

as you see, the dates belong to the number of the week indicated by the last two letters of the Z-strings. Nothing (unless the timestamp header in S-5066 transmissions) seems indicate the time & date of the message, maybe it is contained within the encrypted text. 

Thus, according to my guess, the Z-strings shall be considered as ZAP and ZXP, followed by the week of the year. After grouping the Z-strings of S-5066 and 8-bit transmissions and isolating the initial "Z", we get:

Z AP
Z NT (only in S-5066 transmissions)
Z RT (only in S-5066 transmissions)
Z XP


It's difficult to say what they stand for, maybe they could indicate the precedence of the messages: ie, AP for higher priority (flash) and XP for routine, or maybe a kind of classification. Who knows? Further recordings will help.
The 8-bit and S-5066 transmissions are not scheduled and happen "on-demand", apparently they seem not correlated and sometimes are very close each other (Fig. 6). This aspect, and other ones, will be discussed in next updates.

Fig. 6


[1] http://www.hfindustry.com/.../HF2000_HFIA_2010.pdf



https://youtu.be/lWNljuCQw_0


14 November 2017

SIGFOX, UNB IoT
by Angazu & Rapidbit

SIGFOX [1] is a signal for Internet of Things (IoT) with some features that predict a great future. The use of the spectrum, adapted to its purposes, does not waste resources as other systems do. Its advantages in terms of cost and efficiency have made its develop quickly and its main usage being the internet of things.
Its data capacity is very low (100 bps), allowing up to 140 messages per day, but enough for its uses. It is cheap and has good coverage. The signal is robust and not easy to interfere with. To this we must add that the battery consumption is minimal, and may last several years. It also uses the free band of 868 MHz  and does not require any type of SIM. The standard is the ETSI GS LTN 003 V1.1.1 (2014-09) [1]

The signal was received at home, probably from a near home alarm  system carrying out installation tests.
 
Spectrogram (edited) in Fig. 1 shows three segments (three "telegrams") in different frequencies. Each segment lasts about 2.1 sec and is separated by a dead time of about 42 msec. Each emission uses a different frequency within its allowed range. In what has been observed so far, it always transmits the  message 3 times using  a different frequency in every Tx.

Fig.1 - spectrogram
The spectral occupation (Fig. 2)  is about 200 Hz. In this case, there are quite a few lateral lobes  due to the proximity of the transmitter-receiver. The measurement was made about 30 dB below the peak.

Fig. 2 - spectrum
Estimated modulation speed is Differential BPSK at a rate of about 100bps, the overview of 3 frames (Fig. 4) is aligned  to 210 bits. (ID has been removed once demodulated).

Fig. 3
Fig. 4
Frame as per  etsi standard:



 [1]
 
 

7 November 2017

SkyOFDM 28-tone, 65.6Bd BPSK, 2.6KHz bandwidth


These transmissions have been spotted during the last weekend on 4155.0 KHz/USB by ANgazu using a remote KiwiSDR located in Norway.
The waveform has a bandwidth of 2600 Hz and uses OFDM technology for 28 channels, each with BPSK modulation at rate of 65.6 symbols/sec. Speed and modulation are confirmed by analyzing the whole signal and also a single channel.
Almost certainly it is a Skysweep Technologies proprietary waveform, probably test transmissions. The user is unknown.

Fig. 1 - analysis of the whole signal
Fig. 2 - analysis of the upper channel



https://yadi.sk/d/pb0xIcWX3PUpUq

 

3 November 2017

CIS Selcall "Vishnya", FSK 150Bd/200

I spotted this short transmission on 7823.5 KHz/USB at 0827z, it's an FSK modulation with 200Hz shift and speed of 150bps. I asked my friend KarapauZ about the name of this system and he told me that this signal is correlated with the CIS Selcall and it's also known with the nickname "Vishnya" ("Cherry" in English language).
The signal is discussed here in radioscanner:



2 November 2017

radiosonde Vaisala RS92-SGP
(by: ANgazu,Rapidbit)

The RS92-SGP has been manufactured and marketed by the Finnish company Vaisala since 2003. It incorporates a Helix Antenna (QFHA=Quadrifilar Helix Antenna) for the reception of GPS satellites.

This type of radiotracer has a GPS receiver to determine its location and allow indirect measurement of wind speed and direction at altitude... The RS92-SGP has a silicon pressure sensor, a heated dual humidity sensor and a small, fast temperature sensor.
The synthesizer-based transmitter is stable and uses narrow bandwidth. The RS92-SGP radio sensor complies with the European ETSI standard for digital radiosondes operating in the 400 MHz band.
The SONDE MONITOR software allows the data transmitted by the RS-92 SGP to be decrypted, in particular the exact position measured with the aid of the GPS receiver on board, which makes it easier to locate it in the field.
Measurements carried out with the aid of a radio-sounder are relative to a specific place and time interval. In order for such data to be truly useful, polls conducted around the world must be synchronised. These polls are usually conducted at 00h and 12h GMT. Some stations carry out polls at 06h and 18h regularly.
More than 850 surveys are conducted, at least twice a day worldwide. The distribution of the radiosonde centres is not regulated on the planet's surface and developed countries in the northern hemisphere (82%) are better covered than deserts and oceans in the southern hemisphere (18%). 820 of these surveys are carried out by fixed stations and some 30 of them are carried out from ships, both merchant and regular lines.
Surveys are mainly carried out by meteorological services, but from time to time we may find ourselves with radio probes launched by:
- Weapons test centres (missile, ammunition and radiosounder testing).
- Scientific missions, atmospheric monitoring services (ozone measurements, radioactivity)
- Special campaigns for the study of regional climatology and meteorology.
- Artillery units, before firing practice.
- Radio sounding training centres (meteorological, military, manufacturers of radio sounders...)


Radiosondes are telemetry devices that measure various atmospheric parameters.
They are usually launched using a weather balloon and, while ascending and moving in the wind, transmit the data in real time. They can reach a considerable height, so reception is possible far away  from the launching point.
The signal for this entry , from a Vaisala RS92-SGP, was recorded near an airport somewhere in the south of Europe. Frequency was 403 Mhz.
This signal is a very interesting one since it shows a considerable Doppler effect due to both its ascent speed and its lateral displacement due to the wind (Fig.1).

Fig. 1
The  spectrum exhibits a phase modulated signal framed by two unmodulated tones (Fig. 2). Tones are separated 4800 Hz.

Fig. 2
Analyzing the signal as a whole, modulation speed is 4800 sps using a GFSK modulation, but filtering out  the outer tones to isolate the internal signal, result is a BPSK with a speed of 2400 sps.(Fig.3)

Fig. 3
Should the signal be demodulated as GFSK, result is a stream of manchester coded bits. Once manchester decoded, the bits are exactly the same as if the inner signal was demodulated as BPSK. Frame ACF is 1 s. There is a second ACF for character  of 4,16 ms (Fig. 4)

Fig. 4
Once decoded, frames are  2400 bits long (Fig. 5) using  8N1 characters.

Fig. 5
The combination of vertical and lateral velocity of the probe produces a doppler effect on the signal. In the image, the frequency variation in a tone for about 21 m (Fig. 6)

Fig. 6
The data transmitted can be demodulated using the ionosonde monitor by COAA (see links)

Fig. 7
Links:

29 October 2017

Maritime Interdiction Operations (MIOs) in Med'sea, a joint exercise?


The heard communications concern a Maritime Interdiction Operation (MIO) in Mediterranean sea and involve 2 vessels and one ashore station which acts as the net-control station by coordinating all the activities. It is not clear if  the heard activity is part of a routine patrol or rather a naval joint exercise. The ALE IDs used in communications (ie "CMOC", that could stands for Combined Maritime Operation Center), some terms in the messages (such as PUBEX, EVOLEX) and the "special" email domain name (here not reported for confidentiality) make me think to a MIO joint exercise. By the way, I did not find any related news in some specialized websites neither in press-agency sites.
The activity was heard on 7 and 8 MHz bands, expecially on 27 October. Communications  make use of 188-141 2G ALE for link setup while the messages are sent using a battle force email system based on STANAG-5066 HBFTP protocol. STANAG-4539/MS-110A are used as bearer HF waveforms, mostly QAM-64 9600bps and PSK-8 1200bps modulations (Figs 1,2). The STANAG-5066 addresses of the network nodes belong to the dummy block 10.000.000.zzz  which is not assigned to a country.
The language used for working out operational documents and for communications is English and French, this could be another hint in favour of a joint exercise.

Fig. 1 - STANAG-4539 transfer using QAM-64
Fig. 2 - STANAG-5066 stream
In addition to text or routine messages such as request to compress photos ("compresser la photo svp"), link informations ("liaison XXX to YYY par HF est nulle") or some ehortations ("veilles respecter le battle rythme et nous transmettre la situation RMP TN/DZ et vos position 12h00"), I saw some operational messages that are worth seeing. Although it could be a joint exercise, I avoid to go into details and some parts of these messages, as well as callsigns, are obscured or omitted for reasons of confidentiality of sensitive information. 

The firts two messages are related to the operation (tactical instructions?) and to the use of the MIO Board.

Fig. 3
Fig. 4
In Fig.5,  looks like they send informal ACP-like messages using email: note the from CMOC (Combined Maritime Operations Center?) to OTC (Operational Training Center?) header

Fig. 5
The operation was successull since the report on the interception of a boat of narcotrafficants (Fig. 6). Drug smugglers have thrown the material off at sea but it has been recovered by the navy sailors. Note how such reports are rigidly formatted in sections (termed "alfa", "bravo", "charlie") and sub-sections.

Fig. 6
Note also that in some messages, likely the more important ones, they make use of return receipts, as indicated by the MDN (Message Disposition Notification) tags in the email shown in Fig. 7 (turnaround time of 31 secs.). I saw MDNs in both English and French language.

Fig. 7
Many joint exercises (Phoenix Express, Morjane, Osis, MEDEX,...) take place every year in Souther Med'sea, so what I heard could be an ad-hoc scenario just established for this exercise.

update: 31 October 2017

...as expected:
http://en.aps.dz/algeria/20899-naval-force... 


23 October 2017

Japanese Navy "Slot Machine" w/ traffic forwards


Japanese Maritime Self-Defense Force ashore transmission from Ichihara, also known as "Japanese Slot Machine" (Enigma Designation XSL), with traffic segments  heard on 8590 KHz. Modulation used is QPSK 1500Bd (Fig. 1). The data frame structure consists of 140 symbols (28K+112U) with a 700-symbol super-frame (Figs. 2,3).
Streaming from remote SDR HL5NTR in South Korea, kindly sent me by ANgazu.
 
Fig. 1 - used modulation and ACF value

Fig. 2 - 140 symbols (28K+112U) frame structure


Fig. 3 - 700 symbols super-frame (5 frames length)



https://yadi.sk/d/67HAXeAK3NzqJn




22 October 2017

Logs


04488.0: ---: Unid 0543 USB TADIRAN HF modem MFSK-4 125Bd/300Hz autocall (19Oct17) (AAI)
05270.0: IDR: Italian Navy S.Rosa Rome, I 0715 J3E/USB radio check with Filone, Bussola, Orale, I0951 (07Oct17) (AAI)
05298.0: ---: Unid 1627 USB Thales Systeme-3000 ALE / Thales analog voice scrambler (10Oct17) (AAI)
05298.0: RIHQ001: Unid (HRV NPRD Net ?) 0703 USB 188-141A sounding (07Oct17) (AAI)
05365.0: PO00: Austrian Military, AUT 0532 USB 188-141A call OY00 (05Oct17) (AAI)
05371.5: 9A4OS: Global ALE HF Network, HRV 0709 USB 188-141A sounding (07Oct17) (AAI)
05371.5: 9A5EX1P: Global ALE HF Network, HRV 0719 USB 188-141A sounding (07Oct17) (AAI)
05400.0: ---: Unid 1905 (cf) unid 2380Bd GFSK/PSK2, QPSK/PSK-2, MFSK-4/PSK-2 burst waveform (prob. Chinese made) (10Oct17) (AAI)
05402.0: FC6FEM: FEMA Region 6 HQ Denton TX, US 0526 USB 188-141A sounding (11Oct17) (AAI)
05413.0: ---:Russian Mil/Intel, RUS 1928 voice comms / CIS-60 OFDM 60-tones unmodulated (no data sending) (13Oct17) (AAI)
05788.0: PO00: Austrian Military, AUT 0542 USB 188-141A call OG00 (05Oct17) (AAI)
05798.5: B22: Unid (Dutch Military?) 0728 USB 188-141A handshake B21 / 188-110A Serial (07Oct17) (AAI)
05885.0: ---: Unid 0755 USB TADIRAN HF modem MFSK-4 125Bd/300Hz + scrambled speech (17Oct17) (AAI)
06213.0: ---: Unid 0635 USB 3G-HF 2-way FLSU handshake / Circuit Mode service using 188-110A serial (19Oct17) (AAI) (AAI)
06228.7: ---: Unid (KNL trials?) 0630 ISB ARQ system: user-data adaptive PSK-2 and QPSK 2400Bd burst waveform on USB, link/traffic management 1500Bd PSK2/QPSK burst waveform (12Oct17) (AAI)
06231.0: VBE3: Croatian Mil, HRV 0705 J3E/USB asking radio-check to ASQ8, OIL6, UTI7 (11Oct17) (AAI)
06233.0: ---: Unid 0756 USB 3G-HF FLSU asynchronous call, no reply (12Oct17) (AAI)
06239.0: ---: Unid 0630 USB unid PSK-2 4800Bd 6KHz modem (09Oct17) (AAI)
06239.0: CG47: Unid 0657 J3E/USB French lang male asking radio-check to DA34 (11Oct17) (AAI)
06246.5: ---: Unid (prob. Turkish Military) 0750 USB Marconi-25 OFDM 12+12 tones 48Bd QPSK (12Oct17) (AAI)
06251.0: XGK: DHFCS (reported as "mobile station"), UK 0746 USB 188-141A call XSS (19Oct17) (AAI)
06259.8: HWK01: Swedish Armed Forces, S 0736 USB 3G-HF 1-way FLSU / MIL 188-110A Serial, Circuit Mode tfc to HWK01, S5066 unid UDOP client (09Oct17) (AAI)
06320.0: Z1V: Slovakian Air Force Zvolen, SVK 0658 USB USB 188-141A handshake S1S multicast address / 188-110A Serial + STANAG-5066, sending HBFTP gzipped file (09Oct17) (AAI)
06329.0: OSY: SailMail Brugge, BEL 0617 USB (cf +1500Hz) Pactor-III, wkg FGD2123 "Welcome to SailMail Europe, station R-12, FGD2123 de OSY, QTC 1 msg 13384 char, AirMail-3.4.055-B2FHIM$" (09Oct17) (AAI)
06330.0: AA5: Israeli AF, ISR 0533 USB 188-141A sounding (17Oct17) (AAI)
06380.0: HBLZDRD1: Roumenian Military, ROU  0709 USB 188-141A handshake HFJCDRD1 / op-caht + FED1052, sending Harris Citadel encrypted file (09Oct17) (AAI)
06450.0: FUSCO: Guardia di Finanza Patrol Boat Fusco G125, I 2002 USB 188-141A call PALERMO (19Oct17) (AAI)
06510.0: M1I: Slovakian Air Force Mierovo, SVK 0753 USB USB 188-141A handshake Z1V Zvolen / 188-110A Serial + STANAG-5066, sending HBFTP gzipped file (09Oct17) (AAI)
06510.0: N1R: Slovakian Air Force Nitra, SVK 0722 USB USB 188-141A handshake Z1V Zvolen / 188-110A Serial + STANAG-5066, sending HBFTP gzipped file (09Oct17) (AAI)
06510.0: V1E: Slovakian Air Force (unid stn), SVK 0733 USB USB 188-141A handshake Z1V Zvolen / 188-110A Serial + STANAG-5066, sending HBFTP gzipped file (09Oct17) (AAI)
06510.0: Z1V: Slovakian Air Force Zvolen, SVK 0715 USB USB 188-141A handshake K1U Kuchyna / 188-110A Serial + STANAG-5066, sending HBFTP gzipped file (09Oct17) (AAI)
06670.0: CAMP: Unid 0732 USB USB 188-141A handshake OUTPOST / proprietary HF modem using modified 188-110A Serial & STANAG-4539 waveforms, 128-bit secondary protocol, prob 88-bit key encoded (09Oct17) (AAI)
06673.0: 6005: Unid 0530 USB 188-141A sounding (12Oct17) (AAI)
06728.0: 810002: Unid USB 188-141A sounding (12Oct17) (AAI)
06733.0: IDR: Italian Navy S.Rosa Rome, I 0755 USB wkg vessel P72, voice comms, data sending using FSK 75Bd/850 with KG84 encryption (06Oct17) (AAI)
06753.0: ND01: Unid (Tunisian net?)0911 USB 188-141A call SZ01 (05Oct17) (AAI)
06773.0: LUU: Austrian Military, AUT 0625 USB 188-141A 2-way handshake with OY00, no follow-up (05Oct17) (AAI)
06812.0: UDM: Unid 1825 CW repeating "UDM" (13Oct17) (AAI)
06840.0: R24504: US Army Helo, Sikorsky UH-60A Black Hawk 0823 USB 188-141A sounding (06Oct17) (AAI)
06851.8: ---: Unid 0811 USB STANAG-4197 ANDVT (09Oct17) (AAI)
06852.0: 002: Unid 0646 USB 188-141A call 001 (19Oct17) (AAI)
06867.0: ABC7: Croatian Military, HRV 0818 USB 188-141A call ABK4 (19Oct17) (AAI)
06884.0: POL3: Polish MSWiA, POL 0751 USB 188-141A call POL1 (17Oct17) (AAI)
06884.0: WARSZAWA2: Polish MSWiA Net, POL 0636 USB 188-141A call BYDGOSZCZ (05Oct17) (AAI)
06906.0: 3044: Unid 0709 USB 188-141A sounding (05Oct17) (AAI)
08257.0: 120715: Unid 1550 USB 188-141A sounding (09Oct17) (AAI)
10333.0: RCN: Saudi Air Force, ARS 1445 LSB 188-141A call NAN (08Oct17) (AAI)
10390.0: 24091: Moroccan Civil Protection, MRC 1135 USB 188-141A sounding (07Oct17) (AAI)
10713.0: SPT24: Polish Military, POL 1145 USB 188-141A handshake SNB813 AMD "QRA5584" / voice comms (07Oct17) (AAI)
13370.0: A98: Chinese Diplo, CHN 1335 USB 188-141A call D78 (05Oct17) (AAI)
13379.0: A98: Chinese Diplo, CHN 1331 USB 188-141A call D78 (05Oct17) (AAI)
13503.6  KWT93: US Dept of State Stn 1329 USB 188-141A call KWT96 (05Oct17) (AAI)
14953.0: ---: Russian Mil/Intel, RUS 0953 USB MFSK-16 66.66Bd 175Hz (18Oct17) (AAI)
15807.0: CM6: Commandant de la 6e region militaire Tamanrasset, ALG 0835 USB 188-141A handshake COF / 188-110A Serial, sending Harris Citadel encrypted file (19Oct17) (AAI)
16246.0: ---: Russian Mil/Intel, RUS 0950 USB CIS-45, OFDM 45-tones HDR modem v.2, BPSK 40Bd (19Oct17) (AAI)
16520.0: SUV: Unid 0854 USB 188-141A call OD0, copyied also 3G-HF soundings (19Oct17) (AAI)
16625.0: ---: Unid 1427 USB wideband BPSK burst modem 4800Bd/6KHz 9600Bd/12KHz 19200Bd/24KHz (18Oct17) (AAI) [1]
16657.0: ---: Unid 1000 USB wideband BPSK burst modem 4800Bd/6KHz (19Oct17) (AAI) [1]
16759.0: A98: Chinese Net, CHN 0903 USB 188-141A call D66 + proprietary MFSK-8 125Bd waveform (19Oct17) (AAI)
18493.0: ---: Russian Mil/Intel, RUS 0744 USB MFSK-16 33.33Bd 175Hz (18Oct17) (AAI)
20890.0: ---: Russian Mil/Intel, RUS 0831 USB CIS-3000 PSK-8 3000Bd burst modem / MFSK 32+32, CIS-3000 most likely used for link management (18Oct17) (AAI) 

21 October 2017

strong 4+4 π/4 DQPSK 75Bd Chinese modem


Strong copy of the 4+4 DQPSK 75Bd Chinese modem on 17149.7 KHz/USB at 0915, 1128 and 1129 UTC.

Fig. 1
Fig. 2
Fig. 3
Note the different periods in preamble, 36-bit length, and data segments, 12-bit length: most likely a 6-bit structure signal with 1 stop bit (Fig. 6)

Fig. 4 - 36-bit period in the preamble segments
Fig. 5 - 12-bit period in the data segments
Fig. 6 - 6-bit signal

The same signal was also heard few hours later (around 1130z) at -91dB and no QSB: too good conditions for a signal coming from China:


By the way, the Algerian Navy recently acquired three C28A Corvettes built in China [1] by Hudong-Zhonghua Shipbuilding Group, a subsidiary of China State Shipbuilding Corporation, this could explain the strength of the signal.

[1]http://www.defenceweb.co.za/...Sea&Itemid=106