14 July 2017

short bit-analysis of a STANAG-4538 HDLn transfer (BW2 bursts)

 

Each HDLn transfer consists of n TX Frames (n = 24, 12, 6, or 3) each consisting of n data packets; each data packet consists of 233-byte data segment plus a 17-bit Sequence Number. Each TX Frame is sent using burst waveform BW2.
During the construction of BW2, a 32-bit Cyclic Redundancy Check (CRC) value is computed across the 1881 payload data bits of each data packet (233 bytes of user data, plus the 17-bit of Sequence Number) and is then appended to the data packet. Then, seven encoder flush bits with values of zero (Flush) are appended to produce an Extended Data packet of 1920 bit length,ie: 233 data bytes + 7 overhead bytes (17-bit sequence number + 32-bit CRC + 7-bit flush). See this post about the formation of a BW2 burst.

Fig. 1 - BW2 formation
That said, we can go back to the original datagram by inspecting the last 56 bits of the Extended Data packets in the two BW2 bursts (Fig. 2a).
The value of the Packet Number fields varies from 0 to 5, this means that it's a 2 x HDL6 transfer; looking carefully at CRC fields we note that the two HDL6 bursts carry exactly the same datagram: maybe the destination station requested a retransmission (the first BW1 ACK burst) or the datagram is sent twice so to improve the reliability of the transfer (Fig. 2a):

Fig. 2a
That said, we can focus on the Extended Data packets (below termed only "packets") of a single BW2 burst (Fig. 2b).
The values of the six Packet Number fields are: 0,1,2,3,0,1. If TxDatagram buffer is not completely emptied the remaining packet positions are filled with repetitions of packets already residing in other positions of TxFrame buffer. The HDL transmitter is at liberty to select packets from the current datagram to repeat as it pleases (the HDL receiver shall inspect the sequence number of each packet received without errors,and use this information to discard duplicate packets).
The original datagram, in this sample, is then composed of the packets #0 #1 #2 #3.

Fig. 2b
Looking at the Packet Byte Count fields in the first four packets (Fig. 2c) we see that the firts three packets carry 233 bytes of user data (as expected, since HDL) and the last packet carries 224 bytes of user data (the remaining 9 bytes are filled with "0" value bytes).
Thus, the length of the original datagram is (233 x 3 ) + 224 = 923 bytes. 

Fig. 2c
Back to the whole bitstream, once structured in a 1920-bit period (the Extended Data packet length), the original datagram can be extracted by isolating the firts 4 rows and removing the overhead bytes: the resulting is an HARRIS "Citadel" encrypted file of 923 bytes length (Fig. 3).

Fig. 3
The duplicated HDL6 burst (A,B), the retransmitted packets (C,D) and the "0" value bytes filling a single packet can be noted looking at the whole bitstream in Figure 4. 
Please note as the bitstream is misleading: at a superficial glance, one could think to four "Citadel" encrypted files!

Fig. 4

No comments:

Post a Comment