16 September 2019

CIS Makhovik (T-230) in CIS-12 and PSK2/1200bps waveforms

Recently my friend KarapuZ gave me the chance to analyze a CIS-12 bitstream and I took the opportunity to wotk on the "format" of Makhovik and then compare the CIS-12 stream with other Makhovik  streams coming from PSK2/1200bps modulations. The results are rather interesting even if the lack of official documentation and the number of available samples do not allow any exact classification but only hypotheses.

Makhovik (the "flywheel") is a well known Soviet-Mil crypto system also used by The National People's Army of the former German Democratic Republic (NVA, Nationale Volksarmee). Although someone classifies Makhovik as vocoder, it can can be used for time-multiplexed encryption of both voice and data up to 9600 bps. It's official name is "T-230 bundle ciphering device for teleprinter and data connections" and was designed to operate in UHF but very often is found in LF and in HF.
T-230 main unit (Fig. 1) consists of four slots:
AT-3002M multi-channel modem for LF channels,
AT-3004D multi-channel modem for HF channels (CIS-12 waveform, also known as MS5 or "Fire"),
AT-3001M voice scrambler (five per unit system maximum),
AT-3025 signaling unit and pager (two per device system).
The T-230-1A is a single-channel version of the T-230. The device contains the cipher, modem and radio as well the vocoder. The system is constructed with 3 modules / blocks and provides  two 1200bps channels in its basic configuration. Several T-230-1A can be used in stationary operation with the modem of the multi-channel variant, AT-3002 and AT-3004D. 8 keys can be set for a maximum of 8 subscriber networks.

Fig.1 - a T-230 system
AT-3004D/AT-3104 (CIS-12)
CIS-12 is a pseudo OFDM 12-tone (+ 1 pilot) waveform using PSK2 or PSK4 modulation at speed of 120 Baud while the modem name is AT-3004D (or its newer counterpart AT-3104). Channels 1-10 are used for data, 11 and 12 are test/service channels, therefore the "aggregate" speed is 1200 Baud (just as the baudrate of the waveform of T-230-1A system).
The structure of the preamble (Fig. 2) in some way resembles the one described in MIL 188-220 Appendix D, "standards for COMSEC transmissions": I refer to that terminology just for the sake of clarity and to better illustrate my guess, as said there is no confirm about it. 

Fig.2 - CIS-12 Makhovik
The two "frame sync" blocks consist of the 15 bits repeating pattern "000010100110111" (or "111101011001000" according to the polarity).
The block bewteen the two frame sync blocks is the more interesting (Fig. 3). It consists of 511 bits long pseudo-random sequences generated by the primitive polynomial x^9+x^5+1 [1], thus meeting with ITU Recommendation O.153 [2]. This pattern is primarily intended for error measurements at bitrates up to 14.4 kbit/s. Anyway, 511-bit length sequences are also used for synchronization purposes as in 188-110B "39-tone parallel mode" (see Appendix B #5.4.3). Since the 511-bit block is not reinserted, I tend to think that it's used to sync the receive side (the modem or the crypto device). It's worth noting that although ITU O.153 reports that the longest sequence of ZEROs is 8 (non-inverted signal), I found some sequences with a greater length: maybe it can depend on the OFDM demodulator or the quality of the signal, or maybe the used sequences are not fully ITU O.153 compliant.

Fig.3 - CIS-12 511-bit sequences
Finally, what I call here as the "Message Indicator" is a 720-bit long block consisting of 8-time triplicate 30-bit sequences. This part is composed of eight strings of 30 bits and each string is repeated 3 times (Fig. 4). The x3 redundancy, as well as in other krypto device as KG-84, is used to improve the accuracy and realiability of the reception. Encrypted data follow this block.

Fig.4 - CIS-12 720-bit MI
T-230-1A (PSK2 1200bps)
The same blocks (sync,511,MI), with a different arrangement, can be observed in a full sample of a PSK2 1200bps (file "_b" in the downloadable zip archive). In this case the 15-bit sync pattern is reinserted several times as well as the MI blocks (Fig. 5).

Fig.5 - T-230-1A Makhovik
In my archive I found other samples that presumably are attributable to T-230-1A (files "_a" and "_c" in the downloadable zip archive): unfortunately I went late on these transmissions therefore it was not possible to examine their preamble.
In these samples (Fig. 6) the 15-bit sync frame block is missing but, as I specified, it could be inserted at the start of the transmission. A second interesting feature is the use of sequences of 511 bits of length BUT which are not originated by the polynomial x^9+x^5+1! 
 
Fig.6 - other PSK2 1200bps samples with Makhovik format

All the three PSK2 samples anyway have the same 30-bit MI structure as the one seen in CIS-12 (Fig. 7)


Fig.7 - 30-bit MI blocks

I would like to point out that this post does not claim to provide a description of the Makhovik encryption protocol but is just limited to the presentation of results obtained from the analysis of some samples: further (many) recordings are needed as well as tips and help from friends.

https://yadi.sk/d/j9HShkWFQo5z9g


[1] https://en.wikipedia.org/wiki/Linear-feedback_shift_register
[2] https://www.itu.int/rec/T-REC-O.153/en

10 September 2019

STANAG-4285, async Turkish "T-15"

05300.0 KHz/USB (intruding the 60mt amateur band), Turkish Mil prob. from Izmir area, TUR. STANAG-4285 600bps/L carryng async 5N1.5 (Turkish "T-15") stream: most likely encrypted pseudo-random naval broadcast since after removal of start/stop bits the resulting 5-bit stream does not autocorrelate (ACF = 0). A similar S4285 transmission but with 15/128 bits length period has already been reported here.
Notice that "T-15" is not an official name nor a well-known name: it's just a nickname I use in this blog to refer to this Turkish 15-bit format.

 



Signals and recordings gathered thanks to KiwiSDRs: kiwisdr.yo3iul.ro, sdr.ok2kyj.cz.

update

I gladly add a comment from my friend Valentin (cryptomaster): "The encrypted information was transmitted in "start-stop" mode with a 5-bit code with the addition of 1 bit - "start" and 1.5 bit stop. Since the transmitting equipment is designed to transmit an integer number of bits, the two halves of the code accumulated during the transmission are added up to one additional bit (0.5 + 0.5 = 1). Thus, a period of 15 bits is obtained.
The 5-bit code statistics are uniform, which confirms the use of encryption."