18 January 2020

unid SkyOFDM 28-tone 86Hz 65.6Bd PSK2

Continuous ofdm bursts transmission picked up on 4158 KHz/USB thanks to the "ArcticSDR" in Kongsfjord Arctic Norway: a KiwiSDR managed by my friend Bjarne Mjelde

Timings of the transmission and its spectrum are shown in Fig. 1 

Fig. 1 - timing and spectrum
The analysis of the OFDM signal clearly shows 28 channels and a frequency spacing of ~86 Hz, each channel is modulated using PSK2 at the symbol rate of 65.57 Bd (Fig. 2). The same results are obtained/verified by analyzing a single channel as shown in Fig. 3 (higher channel).
Fig. 2 - OFDM analysis
Fig. 3 - anlysis of the higher channel (#28)
As you see in Fig. 2, I did a further analysis after resampling the signal at 10109 Hz. Indeed, I used the tool OCG [1] in order to calculate and sythesize an OFDM waveform having the same parameters (channels, Br, Shift, modulation, width,...) and got 10109 Hz as one of the possible "native" sampling rate. The analysis of the synthesized OFDM is visible in fig. 4: notice the similarity between the PSK2 constellation of the synthesized signal and the one of the real signal (although resampled).

Fig. 4 - analysis of the synthesized OFdM-28 signal
The seven initial tones last 30 symbol periods and are derived from the OFDM generator as shown in Fig. 5; more precisely the used tones are: 2, 5, 6, 9, 13, 16, and 19.

Fig. 5 - initial seven unmodulated tones
The autocorrelation has a value of 76.2 ms (Fig. 6) that makes a 140 symbols length frame if considering an aggregate speed of ~1836 Bd (65.57 x 28).

Fig. 6 - autocorrelation
A similar OFDM waveform but with shorter and different bursts (Fig. 7) was reported on 2016.02.05 by my friend Cryptomaster [2] just on the same frequency of 4158 KHz/USB. In that case the modulation used was a form of PSK4, anyway number of tones, shift, Br, and ACF are the same; thus, that signal is on-air since several years.

Fig. 7
As regards the signal source, several TDoA tries always indicated an area north to Helsinki as probable Tx site (Fig. 8) although qrg.globaltuners.com reports exactly the same waveform/spectrum (and frequency too) indicating it as a signal sourced by the Spanish Navy [3].  In my opinion that's quite odd since the signal is fairly well received in the northern European countries such as Sweden, Norway, and Finland, while it is rather weak or inaudible at all in south Europe... I don't think of such a long skip.

Fig. 8 - TDoA reults

In my opinion it's an evolution of the original Skysweep Technologies proprietary waveform named "SkyOFDM", probably used by Finnish MFA (thanks to Roland Proesch for the hint). Indeed, the mentioned recording by my friend Cryptomaster just matches the features of the "original" SkyOFDM waveform (Fig. 9).

Fig. 9 - Skysweep Technologies OFDM-28

It's worth noting that SkySweeper Pro 5.13 software does not recognize the "new" OFDM-28 PSK2 that is analyzed  in this post.
(to be continued)


[1] OCG is a program for calculating and synthesizing OFDM signals, it can be downloaded from here
[2] http://www.radioscanner.ru/files/unknown/file19060/
[3] http://qrg.globaltuners.com/details.php?id=17420

13 January 2020

COMSEC transmissions using a S4285 variant (2)

Secured burst transmission using a modified S4285 waveform [1] spotted around midnight on 4015 KHz/usb, the S4285 mode is 600bps and short interleaver. 

Fig. 1
After demodulation, the COMSEC preamble resembles 188-220D std and consists of 3 parts (my guess):
1) 60-bit Frame Sync (110000100000111000101111001011011101101001001011111010101100)
2) 5 x 128-bit strings, encoded Message Indicator (five times repeated)
3) 64-bit idling sequence (time to load the key?)

Preamble is followed by the encrypted data block which ends with "01" sequences.
Fig. 2 - demodulated stream of bursts

Fig. 3 - COMSEC preamble (my guess)

https://yadi.sk/d/nY-DTuTz-ZWG8g  (2020-01-10T005300Z, 4.015 MHz, USB.wav)
https://yadi.sk/d/oIHVEWbUO0_few   (2020-01-10T010336Z, 4.015 MHz, USB.bin)

[1] The same modified S4285 waveform was met here on 6931 KHz/usb:

Speed distortion in an FSK signal

Most likely modem instability is the cause of the distortion in the manipulation speed (~42 bps), as it's evident in SA raster.