Encrypted transmissions on 6931.0/usb which use a slightly modified 4285 waveform with 4 preamble tones and running 600bps/Short sub-mode. Transmissions
are between two stations in simplex, are quite frequent during the
daytime and are not preceded by ALE or voice calls: probably it's not a
network but rather a PtP link where peers are tuned on the same
frequency.
 |
| Fig. 1 |
The COMSEC preamble in some way resembles 188-220D and in my guess it consists of 3 parts:
A) 60-bit Frame Sync (110000100000111000101111001011011101101001001011111010101100)
B) 5 x 128-bit encoded Initialization Vector
C) 64-bit idling sequence (time to load the key?)
B) 5 x 128-bit encoded Initialization Vector
C) 64-bit idling sequence (time to load the key?)
preamble is then followed by the encrypted block (D) which ends with "01" sequences (E).
 |
| Fig. 2 |
 |
| Fig. 3 |
All the TDoA multilaterations I've done indicate the region of Split in Croatia, also this post suggests the same source. Unfortunately it was not possible to use TDoA more effectively: the signals have mostly short airtime and there are no close GPS'ed SDRs to both the west and east.
 |
| Fig. 4 |
It's worth noting that the same add of the 4 initial tones is also visible in the 110A waveform recorded on October,2 2017; in that recording the same 128-bit protocol was detected:
 |
| Fig. 5 |
No comments:
Post a Comment